Chrome 32.0.1700.77 function with empty name causes something very weird

Question

On OS X 10.8.5, Chrome 32.0.1700.77 the following JS code demonstrates very weird behavior:

function A() {
    var f = function() {
        this[''].call(this);
    };

    f.prototype[''] = function() {};
    return f;
}

var B = A(), error = 0, success = 0;        

for(var i = 0; i < 1000; i++) {
    var l = new B();
    if (l.abscdef != null) {
        error++;
    }
    else {
        success++;
    }
}

There is function A, that returns another function. The returned function has a prototype function with an empty name ("") that is called when an object is instantiated with the returned function (works like a constructor).

The problem is: "if (l.abscdef != null) ..." condition doesn't work properly.
You can try access any imaginable field name ("l.dhsjdjs", "l.yuew7", whatever) and the field will not be null, it is set to the function with an empty name! As far as I understand, the cause of the problem is usage of "" as a function name. Changing it to any other name fixes the problem.

The code works in all other browsers (Safari, IE9, IE8, IE10, IE11, Firefox, previous version of Chrome).

Does anybody have an idea why it happens ?

UPD: The latest version of Chrome 37.0.2062.124 at last fixes the issue !

Answer 1

Tried this on Chrome @ windows which displayed the same behavior. Also NodeJS gives the expected result (all undefined). Other browsers on Windows all show the expected results.

Boiled the code down to:

var f = function() { this[''].call(this); };
f.prototype[''] = function() {};

for(var i=0; i<10; ++i) {
  var l = new f();
  console.log(l.abscdef);
}

I know this is not any answer, alas. My only idea is that Chrome may have optimized object lookup too much. Seems like a true bug.