1. Load http://crypto.stanford.edu/~abarth/research/webkit/null-frame/ 2. Click "boom" ASSERTION FAILED: impl()->frame() (/Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/JSDOMWindowBase.cpp:819 virtual JSC::ExecState* WebCore::JSDOMWindowBase::globalExec())
Okay, the assertion (and the subsequent crash if you skip the assertion) seems bogus to me -- why should we need to call frame()->keepAlive() when you request the globalExec?
This is one of the tests in bug 21054 - do we really need a separate bug for it?
It was attached to bug 21054 on the belief that the fix for 21054 caused it. However it's actually a pre-existing bug. The bug occurs when we go to compile a function after the frame containing that function has gone away. We still have the global object, but the frame has since been destroyed.