diff --git a/src/compiler/pipeline.cc b/src/compiler/pipeline.cc
index c0bdf7670d..bb185c3fd5 100644
--- a/src/compiler/pipeline.cc
+++ b/src/compiler/pipeline.cc
@@ -697,6 +697,13 @@ struct SimplifiedLoweringPhase {
     SimplifiedLowering lowering(data->jsgraph(), temp_zone,
                                 data->source_positions());
     lowering.LowerAllNodes();
+
+    // TODO(bmeurer): See comment on SimplifiedLowering::abort_compilation_.
+    if (lowering.abort_compilation_) {
+      data->set_compilation_failed();
+      return;
+    }
+
     JSGraphReducer graph_reducer(data->jsgraph(), temp_zone);
     DeadCodeElimination dead_code_elimination(&graph_reducer, data->graph(),
                                               data->common());
@@ -1217,6 +1224,9 @@ Handle<Code> Pipeline::GenerateCode() {
   // Kill the Typer and thereby uninstall the decorator (if any).
   typer.Reset(nullptr);
 
+  // TODO(bmeurer): See comment on SimplifiedLowering::abort_compilation_.
+  if (data.compilation_failed()) return Handle<Code>::null();
+
   return ScheduleAndGenerateCode(
       Linkage::ComputeIncoming(data.instruction_zone(), info()));
 }
diff --git a/src/compiler/simplified-lowering.cc b/src/compiler/simplified-lowering.cc
index cd8bc12fb6..ce249783ed 100644
--- a/src/compiler/simplified-lowering.cc
+++ b/src/compiler/simplified-lowering.cc
@@ -1199,10 +1199,18 @@ class RepresentationSelector {
                   NodeOutputInfo(access.machine_type().representation(),
                                  NodeProperties::GetType(node));
             } else {
+              if (access.machine_type().representation() !=
+                  MachineRepresentation::kFloat64) {
+                // TODO(bmeurer): See comment on abort_compilation_.
+                if (lower()) lowering->abort_compilation_ = true;
+              }
               output_info = NodeOutputInfo::Float64();
             }
           }
         } else {
+          // TODO(bmeurer): See comment on abort_compilation_.
+          if (lower()) lowering->abort_compilation_ = true;
+
           // If undefined is not truncated away, we need to have the tagged
           // representation.
           output_info = NodeOutputInfo::AnyTagged();
diff --git a/src/compiler/simplified-lowering.h b/src/compiler/simplified-lowering.h
index 6792045d7b..358bd97f9c 100644
--- a/src/compiler/simplified-lowering.h
+++ b/src/compiler/simplified-lowering.h
@@ -41,6 +41,11 @@ class SimplifiedLowering final {
   void DoStringLessThan(Node* node);
   void DoStringLessThanOrEqual(Node* node);
 
+  // TODO(bmeurer): This is a gigantic hack to support the gigantic LoadBuffer
+  // typing hack to support the gigantic "asm.js should be fast without proper
+  // verifier"-hack, ... Kill this! Soon! Really soon! I'm serious!
+  bool abort_compilation_ = false;
+
  private:
   JSGraph* const jsgraph_;
   Zone* const zone_;
diff --git a/test/cctest/cctest.gyp b/test/cctest/cctest.gyp
index 7c6437395d..545fb21e26 100644
--- a/test/cctest/cctest.gyp
+++ b/test/cctest/cctest.gyp
@@ -81,7 +81,6 @@
         'compiler/test-run-jsops.cc',
         'compiler/test-run-machops.cc',
         'compiler/test-run-native-calls.cc',
-        'compiler/test-run-properties.cc',
         'compiler/test-run-stackcheck.cc',
         'compiler/test-run-stubs.cc',
         'compiler/test-run-variables.cc',
diff --git a/test/cctest/compiler/test-run-properties.cc b/test/cctest/compiler/test-run-properties.cc
deleted file mode 100644
index 3c42102529..0000000000
--- a/test/cctest/compiler/test-run-properties.cc
+++ /dev/null
@@ -1,142 +0,0 @@
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "test/cctest/compiler/function-tester.h"
-
-namespace v8 {
-namespace internal {
-namespace compiler {
-
-template <typename U>
-static void TypedArrayLoadHelper(const char* array_type) {
-  static const uint32_t kValues[] = {
-      0x00000000, 0x00000001, 0x00000023, 0x00000042, 0x12345678, 0x87654321,
-      0x0000003f, 0x0000007f, 0x00003fff, 0x00007fff, 0x3fffffff, 0x7fffffff,
-      0x000000ff, 0x00000080, 0x0000ffff, 0x00008000, 0xffffffff, 0x80000000};
-  EmbeddedVector<char, 1024> values_buffer;
-  StringBuilder values_builder(values_buffer.start(), values_buffer.length());
-  for (size_t i = 0; i < arraysize(kValues); ++i) {
-    values_builder.AddFormatted("a[%d] = 0x%08x;", i, kValues[i]);
-  }
-
-  // Note that below source creates two different typed arrays with the same
-  // elements kind to get coverage for both (on heap / with external backing
-  // store) access patterns.
-  const char* source =
-      "(function(a) {"
-      "  var x = (a = new %sArray(%d)); %s;"
-      "  var y = (a = new %sArray(%d)); %s; %%TypedArrayGetBuffer(y);"
-      "  if (!%%HasFixed%sElements(x)) %%AbortJS('x');"
-      "  if (!%%HasFixed%sElements(y)) %%AbortJS('y');"
-      "  function f(a,b) {"
-      "    a = a | 0; b = b | 0;"
-      "    return x[a] + y[b];"
-      "  }"
-      "  return f;"
-      "})()";
-  EmbeddedVector<char, 1024> source_buffer;
-  SNPrintF(source_buffer, source, array_type, arraysize(kValues),
-           values_buffer.start(), array_type, arraysize(kValues),
-           values_buffer.start(), array_type, array_type);
-
-  FunctionTester T(source_buffer.start(),
-                   CompilationInfo::kFunctionContextSpecializing |
-                       CompilationInfo::kTypingEnabled);
-  for (size_t i = 0; i < arraysize(kValues); ++i) {
-    for (size_t j = 0; j < arraysize(kValues); ++j) {
-      volatile U value_a = static_cast<U>(kValues[i]);
-      volatile U value_b = static_cast<U>(kValues[j]);
-      double expected =
-          static_cast<double>(value_a) + static_cast<double>(value_b);
-      T.CheckCall(T.Val(expected), T.Val(static_cast<double>(i)),
-                  T.Val(static_cast<double>(j)));
-    }
-  }
-}
-
-
-TEST(TypedArrayLoad) {
-  FLAG_typed_array_max_size_in_heap = 256;
-  TypedArrayLoadHelper<int8_t>("Int8");
-  TypedArrayLoadHelper<uint8_t>("Uint8");
-  TypedArrayLoadHelper<int16_t>("Int16");
-  TypedArrayLoadHelper<uint16_t>("Uint16");
-  TypedArrayLoadHelper<int32_t>("Int32");
-  TypedArrayLoadHelper<uint32_t>("Uint32");
-  TypedArrayLoadHelper<float>("Float32");
-  TypedArrayLoadHelper<double>("Float64");
-  // TODO(mstarzinger): Add tests for ClampedUint8.
-}
-
-
-template <typename U>
-static void TypedArrayStoreHelper(const char* array_type) {
-  static const uint32_t kValues[] = {
-      0x00000000, 0x00000001, 0x00000023, 0x00000042, 0x12345678, 0x87654321,
-      0x0000003f, 0x0000007f, 0x00003fff, 0x00007fff, 0x3fffffff, 0x7fffffff,
-      0x000000ff, 0x00000080, 0x0000ffff, 0x00008000, 0xffffffff, 0x80000000};
-  EmbeddedVector<char, 1024> values_buffer;
-  StringBuilder values_builder(values_buffer.start(), values_buffer.length());
-  for (size_t i = 0; i < arraysize(kValues); ++i) {
-    values_builder.AddFormatted("a[%d] = 0x%08x;", i, kValues[i]);
-  }
-
-  // Note that below source creates two different typed arrays with the same
-  // elements kind to get coverage for both (on heap/with external backing
-  // store) access patterns.
-  const char* source =
-      "(function(a) {"
-      "  var x = (a = new %sArray(%d)); %s;"
-      "  var y = (a = new %sArray(%d)); %s; %%TypedArrayGetBuffer(y);"
-      "  if (!%%HasFixed%sElements(x)) %%AbortJS('x');"
-      "  if (!%%HasFixed%sElements(y)) %%AbortJS('y');"
-      "  function f(a,b) {"
-      "    a = a | 0; b = b | 0;"
-      "    var t = x[a];"
-      "    x[a] = y[b];"
-      "    y[b] = t;"
-      "    t = y[b];"
-      "    y[b] = x[a];"
-      "    x[a] = t;"
-      "    return x[a] + y[b];"
-      "  }"
-      "  return f;"
-      "})()";
-  EmbeddedVector<char, 2048> source_buffer;
-  SNPrintF(source_buffer, source, array_type, arraysize(kValues),
-           values_buffer.start(), array_type, arraysize(kValues),
-           values_buffer.start(), array_type, array_type);
-
-  FunctionTester T(source_buffer.start(),
-                   CompilationInfo::kFunctionContextSpecializing |
-                       CompilationInfo::kTypingEnabled);
-  for (size_t i = 0; i < arraysize(kValues); ++i) {
-    for (size_t j = 0; j < arraysize(kValues); ++j) {
-      volatile U value_a = static_cast<U>(kValues[i]);
-      volatile U value_b = static_cast<U>(kValues[j]);
-      double expected =
-          static_cast<double>(value_a) + static_cast<double>(value_b);
-      T.CheckCall(T.Val(expected), T.Val(static_cast<double>(i)),
-                  T.Val(static_cast<double>(j)));
-    }
-  }
-}
-
-
-TEST(TypedArrayStore) {
-  FLAG_typed_array_max_size_in_heap = 256;
-  TypedArrayStoreHelper<int8_t>("Int8");
-  TypedArrayStoreHelper<uint8_t>("Uint8");
-  TypedArrayStoreHelper<int16_t>("Int16");
-  TypedArrayStoreHelper<uint16_t>("Uint16");
-  TypedArrayStoreHelper<int32_t>("Int32");
-  TypedArrayStoreHelper<uint32_t>("Uint32");
-  TypedArrayStoreHelper<float>("Float32");
-  TypedArrayStoreHelper<double>("Float64");
-  // TODO(mstarzinger): Add tests for ClampedUint8.
-}
-
-}  // namespace compiler
-}  // namespace internal
-}  // namespace v8
diff --git a/test/mjsunit/regress/regress-crbug-589792.js b/test/mjsunit/regress/regress-crbug-589792.js
new file mode 100644
index 0000000000..f735afceae
--- /dev/null
+++ b/test/mjsunit/regress/regress-crbug-589792.js
@@ -0,0 +1,20 @@
+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+var boom = (function(stdlib, foreign, heap) {
+  "use asm";
+  var MEM8 = new stdlib.Uint8Array(heap);
+  var MEM32 = new stdlib.Int32Array(heap);
+  function foo(i, j) {
+    j = MEM8[256];
+    // This following value '10' determines the value of 'rax'
+    MEM32[j >> 10] = 0xabcdefaa;
+    return MEM32[j >> 2] + j
+  }
+  return foo
+})(this, 0, new ArrayBuffer(256));
+%OptimizeFunctionOnNextCall(boom);
+boom(0, 0x1000);