From 5945f9ebb96c72404a12cb5e005ff64892ac37df Mon Sep 17 00:00:00 2001
From: "bmeurer@chromium.org"
 <bmeurer@chromium.org@ce2b1a6d-e550-0410-aec6-3dcde31c8c00>
Date: Fri, 28 Feb 2014 09:40:12 +0000
Subject: [PATCH] Fix handling of constant global variable assignments.

BUG=347904
LOG=y
R=hpayer@chromium.org

Review URL: https://codereview.chromium.org/184303003

git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@19594 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
---
 src/hydrogen.cc                        | 29 +++++++++++++++++++----------
 test/mjsunit/regress/regress-347904.js | 12 ++++++++++++
 2 files changed, 31 insertions(+), 10 deletions(-)
 create mode 100644 test/mjsunit/regress/regress-347904.js

diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index 6bc7f69..bb0cead 100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -5909,18 +5909,27 @@ void HOptimizedGraphBuilder::HandleGlobalVariableAssignment(
     Handle<GlobalObject> global(current_info()->global_object());
     Handle<PropertyCell> cell(global->GetPropertyCell(&lookup));
     if (cell->type()->IsConstant()) {
-      IfBuilder builder(this);
-      HValue* constant = Add<HConstant>(cell->type()->AsConstant());
-      if (cell->type()->AsConstant()->IsNumber()) {
-        builder.If<HCompareNumericAndBranch>(value, constant, Token::EQ);
+      Handle<Object> constant = cell->type()->AsConstant();
+      if (value->IsConstant()) {
+        HConstant* c_value = HConstant::cast(value);
+        if (!constant.is_identical_to(c_value->handle(isolate()))) {
+          Add<HDeoptimize>("Constant global variable assignment",
+                           Deoptimizer::EAGER);
+        }
       } else {
-        builder.If<HCompareObjectEqAndBranch>(value, constant);
+        HValue* c_constant = Add<HConstant>(constant);
+        IfBuilder builder(this);
+        if (constant->IsNumber()) {
+          builder.If<HCompareNumericAndBranch>(value, c_constant, Token::EQ);
+        } else {
+          builder.If<HCompareObjectEqAndBranch>(value, c_constant);
+        }
+        builder.Then();
+        builder.Else();
+        Add<HDeoptimize>("Constant global variable assignment",
+                         Deoptimizer::EAGER);
+        builder.End();
       }
-      builder.Then();
-      builder.Else();
-      Add<HDeoptimize>("Constant global variable assignment",
-                       Deoptimizer::EAGER);
-      builder.End();
     }
     HInstruction* instr =
         Add<HStoreGlobalCell>(value, cell, lookup.GetPropertyDetails());
diff --git a/test/mjsunit/regress/regress-347904.js b/test/mjsunit/regress/regress-347904.js
new file mode 100644
index 0000000..1a27b05
--- /dev/null
+++ b/test/mjsunit/regress/regress-347904.js
@@ -0,0 +1,12 @@
+// Copyright 2014 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --stress-runs=2
+
+var v = /abc/;
+function f() {
+  v = 1578221999;
+};
+%OptimizeFunctionOnNextCall(f);
+f();
-- 
2.7.4