From 200315cb26e3320661d80daa4788e321d9910de5 Mon Sep 17 00:00:00 2001
From: yangguo <yangguo@chromium.org>
Date: Wed, 28 Oct 2015 04:28:29 -0700
Subject: [PATCH] Make AstRawString deduplication encoding-agnostic.

R=jkummerow@chromium.org
BUG=v8:4450
LOG=N

Review URL: https://codereview.chromium.org/1411103006

Cr-Commit-Position: refs/heads/master@{#31624}
---
 src/ast-value-factory.cc             | 30 ++++++++++++++++++++++++----
 test/mjsunit/regress/regress-4450.js |  8 ++++++++
 2 files changed, 34 insertions(+), 4 deletions(-)
 create mode 100644 test/mjsunit/regress/regress-4450.js

diff --git a/src/ast-value-factory.cc b/src/ast-value-factory.cc
index e790ea24469c..8a4a4daf0ce2 100644
--- a/src/ast-value-factory.cc
+++ b/src/ast-value-factory.cc
@@ -29,6 +29,7 @@
 
 #include "src/api.h"
 #include "src/objects.h"
+#include "src/utils.h"
 
 namespace v8 {
 namespace internal {
@@ -379,11 +380,32 @@ AstRawString* AstValueFactory::GetString(uint32_t hash, bool is_one_byte,
 bool AstValueFactory::AstRawStringCompare(void* a, void* b) {
   const AstRawString* lhs = static_cast<AstRawString*>(a);
   const AstRawString* rhs = static_cast<AstRawString*>(b);
-  if (lhs->is_one_byte() != rhs->is_one_byte()) return false;
+  if (lhs->length() != rhs->length()) return false;
   if (lhs->hash() != rhs->hash()) return false;
-  int len = lhs->byte_length();
-  if (rhs->byte_length() != len) return false;
-  return memcmp(lhs->raw_data(), rhs->raw_data(), len) == 0;
+  const unsigned char* l = lhs->raw_data();
+  const unsigned char* r = rhs->raw_data();
+  size_t length = rhs->length();
+  if (lhs->is_one_byte()) {
+    if (rhs->is_one_byte()) {
+      return CompareCharsUnsigned(reinterpret_cast<const uint8_t*>(l),
+                                  reinterpret_cast<const uint8_t*>(r),
+                                  length) == 0;
+    } else {
+      return CompareCharsUnsigned(reinterpret_cast<const uint8_t*>(l),
+                                  reinterpret_cast<const uint16_t*>(r),
+                                  length) == 0;
+    }
+  } else {
+    if (rhs->is_one_byte()) {
+      return CompareCharsUnsigned(reinterpret_cast<const uint16_t*>(l),
+                                  reinterpret_cast<const uint8_t*>(r),
+                                  length) == 0;
+    } else {
+      return CompareCharsUnsigned(reinterpret_cast<const uint16_t*>(l),
+                                  reinterpret_cast<const uint16_t*>(r),
+                                  length) == 0;
+    }
+  }
 }
 }  // namespace internal
 }  // namespace v8
diff --git a/test/mjsunit/regress/regress-4450.js b/test/mjsunit/regress/regress-4450.js
new file mode 100644
index 000000000000..31ff4f19c26d
--- /dev/null
+++ b/test/mjsunit/regress/regress-4450.js
@@ -0,0 +1,8 @@
+// Copyright 2015 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+({})['foobar\u2653'.slice(0, 6)] = null;
+var x;
+eval('x = function foobar() { return foobar };');
+x();