SVN: rev200124 Build with: perl Tools/Scripts/build-jsc --gtk --debug The following test case triggers this assertion error: --- ASSERTION FAILED: value --- Test case: --- Object.getOwnPropertyDescriptor(new Proxy({a:0}, { getOwnPropertyDescriptor(t,pk){return {writable:true, enumerable:true, configurable:true}} }), "") --- Stack trace: --- #0 0x00007ffff6e289ac in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:322 #1 0x00007ffff6ceb180 in JSC::PropertyDescriptor::setDescriptor (this=0x7fffffffca50, value=..., attributes=0) at ../../Source/JavaScriptCore/runtime/PropertyDescriptor.cpp:116 #2 0x00007ffff6c62064 in JSC::JSObject::getOwnPropertyDescriptor (this=0x7fffaedbf4f0, exec=0x7fffffffcaf0, propertyName=..., descriptor=...) at ../../Source/JavaScriptCore/runtime/JSObject.cpp:2866 #3 0x00007ffff6cd385f in JSC::objectConstructorGetOwnPropertyDescriptor (exec=0x7fffffffcaf0, object=0x7fffaedbf4f0, propertyName=...) at ../../Source/JavaScriptCore/runtime/ObjectConstructor.cpp:229 #4 0x00007ffff6cd3c71 in JSC::objectConstructorGetOwnPropertyDescriptor (exec=0x7fffffffcaf0) at ../../Source/JavaScriptCore/runtime/ObjectConstructor.cpp:272 #5 0x00007fffb0bff028 in ?? () #6 0x00007fffffffcb60 in ?? () #7 0x00007ffff6a33818 in llint_entry () at ../../Source/JavaScriptCore/runtime/JSCJSValueInlines.h:1037 Backtrace stopped: frame did not save the PC ---