Created attachment 467615 [details] [diff] [review]
When there is both a watchpoint and setter on the same property, the result of the watchpoint is passed to the setter. As Blake explained: back in the day, before the age of wrapperization, there was a potential security hole whereby, e.g., content watchpoints could inject content values into chrome setters. That was the problem fixed by the dummy frame. With wrappers, though, there should be no such mingling and thus this dummy frame is no longer necessary. It's also a massive breaker of invariants I'd like to have for bug 539144.
Comment on attachment 467615 [details] [diff] [review]
I managed to dis-remember this dis-gusting history. Kill this code with fire, salt the earth, drive it before you and hear the lamentation da wimmin!
Indeed, that is best in life.