9.2.4 [[Call]] (thisArgument, argumentsList), step 9.b.iii:
> Else if Type(thisArgument) is not Object, set the thisValue to ToObject(thisArg ument).
At this point in the algorithm the `calleeContext` execution context is not yet activated, so it's not the top element of the execution context stack. That also means the ToObject() operation does not create a primitive wrapper from the callee's realm, but instead from the caller's realm. That seems to be wrong, the primitive wrapper should be an object of the callee's realm.
test case:
---
let foreign = new Realm();
foreign.eval("function returnThis() { return this }");
foreign.global.returnThis.call(1).constructor === foreign.global.Number;
---
And related: The realm for the ReferenceError thrown from NewFunctionEnvironment, step 5b, when [[Call]] calls NewFunctionEnvironment in step 9c.
fixed in rev23 editor's draft
wrapper objects now come from callee Realm.
I think its appropriate for the ReferenceError object to come from the caller Realm. The exception was triggered by a caller action (making the call) and is being immediately thrown back to the caller.
fixed in rev23 draft