Created attachment 115885 [details] Testcase The attached testcase should print "PASS" twice. Instead, it prints "FAIL" twice in JavaScriptCore. The relevant analysis per ECMA-262 follows: 1) Per section 15.2.3.9, Object.freeze reconfigures data properties not be writable. 2) Per section 11.13.1, setting "test_instance.x = 'hello'" calls PutValue() with "test_instance.x" as the first argument. 3) Per section 8.7.2 step 4 the [[Put]] internal method of test_instance is called. IsStrictReference is true if an only if the code is in strict mode. 4) Per section 8.12.5 step 1, the [[CanPut]] internal method of test_instance is called. 5) Per section 8.12.4 step 1, [[GetOwnProperty]] is called on test_instance; in this case it returns undefined, so step 2 is skipped. 6) Per section 8.12.4 step 5 [[GetProperty]] is called on the prototype and returns a data descriptor for a non-writable data property. 7) Per section 8.12.4 step 8b, [[CanPut]] returns false. 8) Per section 8.12.5 step 1, either a TypeError is thrown or the set is ignored, depending on whether the code is in strict mode. JavaScriptCore most certainly doesn't do the above. SpiderMonkey gets this right.