minimized test case: 
(function encodeURI() {
    function Func() {
      'use strict';
      encodeURI += 'function';
    }
});

run as: out/x64.debug/d8 test.js --ignition.

This fails because encodeURI is a legacy constant in strict mode. In ignition, there is a DCHECK that asserts we don't see legacy constants in strict mode.

Just to clarify, encodeURI is a legacy constant and we use it in Func which is in strict mode and hence DCHECK fails. I think DCHECK should not be there in ignition. If I understand correctly, function name bindings are treated as Legacy constants.

More extensive test case ...

(function f() {
  function assignSloppy() {
    f = 0;
  }
  assertDoesNotThrow(assignSloppy);
  function assignStrict() {
    'use strict';
    f = 0;
  }
  assertThrows(assignStrict);
})();

Hey Adam! Do you have some insight into the future of the function literal name binding? Are the semantics likely to change in the near future and is there a time-frame for how long the CONST_LEGACY semantics will be around?

Sadly function name bindings in strict mode will continue to have the CONST_LEGACY behavior forever. As part of my cleanups for CONST_LEGACY I was aiming to at least rename it to make it clearer that it has a single use. Thus  this DCHECK is incorrect and ought to be removed.

The good news is that function name bindings are restricted enough that we can still get rid of much of the weirdness of CONST_LEGACY (e.g., it can never be accessed in an uninitialized state, and CONST_LEGACY vars can never be properties on the global). The only weirdness left is that it's an immutable binding which doesn't throw when assigned to.

Re #7: Thanks for the update/clarification. Yes, the DCHECK is incorrect and the fix that Mythri has in flight implements proper semantics in Ignition and also adds test coverage in form of a regression test:

https://codereview.chromium.org/1845223006/

The additional restrictions you mentioned are indeed nice. It might make sense to audit the backends for cases that can no longer appear at some point (outside the scope of this issue), for example the hole check for loads that you alluded to:

https://code.google.com/p/chromium/codesearch#search/&q=%22Uninitialized%20legacy%20const%20bindings%20are%20unholed%22&sq=package:chromium&type=cs

ClusterFuzz has detected this issue as fixed in range 35382:35383.

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=6717289872752640

Fuzzer: decoder_langfuzz
Job Type: linux_asan_d8_ignition_dbg
Platform Id: linux

Crash Type: CHECK failure
Crash Address: 
Crash State:
  !is_strict(language_mode()) in src/interpreter/bytecode-generator.cc
  
Regressed: V8: r35065:35066
Fixed: V8: r35382:35383

Minimized Testcase (9.44 Kb): https://cluster-fuzz.appspot.com/download/AMIfv95VaXDbMZ-B7sCXhx5K0IXfvVbGDAP77KHf7X8wE-nv8Rf-ILZ-jw5kgCZy1Y6AGBxvz8VGPQ6ju715yxq6gz0PPYW1A--neeTtKuGJMPllf246axM7f0xfGFwnnrw5eSv7lN3iua8mgCfvaHSDSsC-9AFAZA

See https://dev.chromium.org/Home/chromium-security/bugs/reproducing-clusterfuzz-bugs for more information.

If you suspect that the result above is incorrect, try re-doing that job on the test case report page.

Fixed with https://codereview.chromium.org/1845223006/

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8982cb5c70c8371256c6e9183d3ef3b33e46f056

commit 8982cb5c70c8371256c6e9183d3ef3b33e46f056
Author: mythria <mythria@chromium.org>
Date: Mon Apr 11 12:03:02 2016

[Interpreter] Handles legacy constants in strict mode.

Function bindings are the only variables in LEGACY_CONST mode.
(https://codereview.chromium.org/1819123002/). Since these variables
can also be accessed in strict mode functions we should support
handling such variables. Assigning to a legacy constant throws
a TypeError in strict mode. Also fixes hydrogen.cc to throw a
TypeError for legacy constants.

BUG= v8:4280 , chromium:599068 
LOG=N
TBR=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1845223006

Cr-Commit-Position: refs/heads/master@{#35383}

[modify] https://crrev.com/8982cb5c70c8371256c6e9183d3ef3b33e46f056/src/crankshaft/hydrogen.cc
[modify] https://crrev.com/8982cb5c70c8371256c6e9183d3ef3b33e46f056/src/interpreter/bytecode-generator.cc
[add] https://crrev.com/8982cb5c70c8371256c6e9183d3ef3b33e46f056/test/mjsunit/regress/regress-599068-func-bindings.js

The following revision refers to this bug:
  https://chromium.googlesource.com/v8/v8.git/+/8982cb5c70c8371256c6e9183d3ef3b33e46f056

commit 8982cb5c70c8371256c6e9183d3ef3b33e46f056
Author: mythria <mythria@chromium.org>
Date: Mon Apr 11 12:03:02 2016

[Interpreter] Handles legacy constants in strict mode.

Function bindings are the only variables in LEGACY_CONST mode.
(https://codereview.chromium.org/1819123002/). Since these variables
can also be accessed in strict mode functions we should support
handling such variables. Assigning to a legacy constant throws
a TypeError in strict mode. Also fixes hydrogen.cc to throw a
TypeError for legacy constants.

BUG= v8:4280 , chromium:599068 
LOG=N
TBR=rmcilroy@chromium.org

Review URL: https://codereview.chromium.org/1845223006

Cr-Commit-Position: refs/heads/master@{#35383}

[modify] https://crrev.com/8982cb5c70c8371256c6e9183d3ef3b33e46f056/src/crankshaft/hydrogen.cc
[modify] https://crrev.com/8982cb5c70c8371256c6e9183d3ef3b33e46f056/src/interpreter/bytecode-generator.cc
[add] https://crrev.com/8982cb5c70c8371256c6e9183d3ef3b33e46f056/test/mjsunit/regress/regress-599068-func-bindings.js

Removing EditIssue view restrictions from ClusterFuzz filed bugs. If you believe that this issue should still be restricted, please reapply the label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot