See http://code.google.com/p/chromium/issues/detail?id=96354 . A possible fix is to call the script lazily on the first run of the 'set()' method of a typed array.
Created attachment 107631 [details] Call the binding script lazily
Comment on attachment 107631 [details] Call the binding script lazily View in context: https://bugs.webkit.org/attachment.cgi?id=107631&action=review This looks good overall, thanks. I have one comment about the robustness of the code, but because this is such a high priority issue in Chromium I'm going to mark this r+ / cq+ and we can deal with the robustness issue later. > Source/WebCore/bindings/v8/custom/V8ArrayBufferViewCustom.cpp:42 > + v8::Handle<v8::Object> arrayBufferView = prototype->GetPrototype().As<v8::Object>(); Is there a more robust way to either find the ArrayBufferView prototype or check that we've found it with this walk? In a future version of the typed array spec a subtype of Uint8Array may be added (see http://www.khronos.org/registry/typedarray/specs/latest/#7.1 ) and this code would break if so.
Comment on attachment 107631 [details] Call the binding script lazily Clearing flags on attachment: 107631 Committed r95354: <http://trac.webkit.org/changeset/95354>
All reviewed patches have been landed. Closing bug.