The callOperation won't store a code origin on the call frame. Therefore, if this is the first callOperation in the current compilation, and we emit an exception check inside a try block, we will hit an assertion claiming that we must have some codeOrigins.size() be > 0 to ask for the last call site.
Created attachment 261750 [details] patch
Comment on attachment 261750 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=261750&action=review > Source/JavaScriptCore/dfg/DFGCommonData.cpp:62 > + RELEASE_ASSERT(codeOrigins.size()); I think moving this to a RELEASE_ASSERT should help us find any remaining callOperation call sites that also run into this problem.
Comment on attachment 261750 [details] patch r=me
Comment on attachment 261750 [details] patch Clearing flags on attachment: 261750 Committed r190128: <http://trac.webkit.org/changeset/190128>
All reviewed patches have been landed. Closing bug.