Comment #4 on issue 2711 by [email protected]: Array.prototype.push
apparently no longer honoring frozen
http://code.google.com/p/v8/issues/detail?id=2711
I just reproduced this independently of Caja in the console. Not exactly
intermittently, but definitely with some statefulness that shouldn't be
there:
var a = Object.freeze([1]); a.push(2); a.length
1
var a = Object.freeze([1]); a.push(2); a.length
2
Same code, run twice, different result. Does the same thing as a <script>:
<script>
var a = Object.freeze([1]); a.push(2); console.log(a.length);
var a = Object.freeze([1]); a.push(2); console.log(a.length);
</script>
chrome://version says:
Google Chrome 30.0.1562.0 (Official Build 210982) canary
OS Mac OS X
Blink 537.36 (@153902)
JavaScript V8 3.20.4
The problem does not occur in Chrome stable 27.0.1453.116 with V8 3.17.6.15.
I reiterate that this is a severe problem for running Caja (we can replace
Array.prototype.push, but at extreme performance loss).
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
---
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
