Currently, CallFrameClosure::resetCallFrame() looks like this: void resetCallFrame() { newCallFrame->setScope(scope); for (int i = argumentCountIncludingThis; i < parameterCountIncludingThis; ++i) newCallFrame->setArgument(i, jsUndefined()); } However, CallFrame::setArgument() takes an arg index that starts from 0 and does not include the 'this' value. Since both argumentCountIncludingThis and parameterCountIncludingThis, we need to subtract 1 from both values in order to make the iterator i be a valid arg index for setArgument(). If this is not corrected, then the last setArgument() would be writing to the stack slot before the beginning of the current frame (i.e. corruption the last stack of the previous frame). In addition, it is also not properly initializing the 1st un-passed argument to 'undefined'.