Created attachment 530035 [details] [diff] [review] v1 (landed in jsdbg2) The comment says: /* * This is shamelessly copied from emitReturn, but with several changes: * - There was always at least one inline call. * - We don't know if there is a call object, so we always check. * - We don't know where we came from, so we don't know frame depth or PC. * - There is no stub buffer. */ emitReturn emits a call to stubs::ScriptDebugEpilogue in debug mode. The trampoline generated by generateForceReturn can only be called in debug mode, so it should unconditionally emit a call to ScriptDebugEpilogue. This patch applies on top of http://hg.mozilla.org/users/jblandy_mozilla.com/jsdbg2 revision 37b0503c5603. Please take a look. I have no reason to believe this patch is safe. In particular I'm casting to void* without knowing anything about the types and calling conventions. (Also, ScriptDebugEpilogue can execute arbitrary JS code, due to debugging hooks; but if emitReturn does it I think it's probably safe to do it here too.)
Yeah, this is safe, the calling convention for fallible vm calls is fastcall (VMFrame &), the return value can be anything and there can be one additional parameter. The VMFrame is passed implicitly.