Set the current context to the function's context when entering to LAP.

src/compiler/js-native-context-specialization.cc

 // Copyright 2015 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/compiler/js-native-context-specialization.h"
 
 #include "src/accessors.h"
 #include "src/code-factory.h"
 #include "src/compilation-dependencies.h"
 #include "src/compiler/access-builder.h"
@@ skipping 1417 matching lines @@
       target, frame_state);
 
   // Introduce the call to the getter function.
   Node* value;
   if (access_info.constant()->IsJSFunction()) {
     value = *effect = *control = graph()->NewNode(
         jsgraph()->javascript()->Call(2, CallFrequency(), VectorSlotPair(),
                                       ConvertReceiverMode::kNotNullOrUndefined),
         target, receiver, context, frame_state0, *effect, *control);
   } else {
+    Node* holder = jsgraph()->Constant(access_info.holder().ToHandleChecked());
     DCHECK(access_info.constant()->IsFunctionTemplateInfo());
     Handle<FunctionTemplateInfo> function_template_info(
         Handle<FunctionTemplateInfo>::cast(access_info.constant()));
     DCHECK(!function_template_info->call_code()->IsUndefined(isolate()));
-    value = InlineApiCall(receiver, context, target, frame_state0, nullptr,
-                          effect, control, shared_info, function_template_info);
+    value =
+        InlineApiCall(receiver, holder, context, target, frame_state0, nullptr,
+                      effect, control, shared_info, function_template_info);
   }
   // Remember to rewire the IfException edge if this is inside a try-block.
   if (if_exceptions != nullptr) {
     // Create the appropriate IfException/IfSuccess projections.
     Node* const if_exception =
         graph()->NewNode(common()->IfException(), *control, *effect);
     Node* const if_success = graph()->NewNode(common()->IfSuccess(), *control);
     if_exceptions->push_back(if_exception);
     *control = if_success;
   }
@@ skipping 21 matching lines @@
       jsgraph()->EmptyStateValues(), jsgraph()->EmptyStateValues(), context,
       target, frame_state);
 
   // Introduce the call to the setter function.
   if (access_info.constant()->IsJSFunction()) {
     *effect = *control = graph()->NewNode(
         jsgraph()->javascript()->Call(3, CallFrequency(), VectorSlotPair(),
                                       ConvertReceiverMode::kNotNullOrUndefined),
         target, receiver, value, context, frame_state0, *effect, *control);
   } else {
+    Node* holder = jsgraph()->Constant(access_info.holder().ToHandleChecked());
     DCHECK(access_info.constant()->IsFunctionTemplateInfo());
     Handle<FunctionTemplateInfo> function_template_info(
         Handle<FunctionTemplateInfo>::cast(access_info.constant()));
     DCHECK(!function_template_info->call_code()->IsUndefined(isolate()));
-    value = InlineApiCall(receiver, context, target, frame_state0, value,
-                          effect, control, shared_info, function_template_info);
+    value =
+        InlineApiCall(receiver, holder, context, target, frame_state0, value,
+                      effect, control, shared_info, function_template_info);
   }
   // Remember to rewire the IfException edge if this is inside a try-block.
   if (if_exceptions != nullptr) {
     // Create the appropriate IfException/IfSuccess projections.
     Node* const if_exception =
         graph()->NewNode(common()->IfException(), *control, *effect);
     Node* const if_success = graph()->NewNode(common()->IfSuccess(), *control);
     if_exceptions->push_back(if_exception);
     *control = if_success;
   }
   return value;
 }
 
 Node* JSNativeContextSpecialization::InlineApiCall(
-    Node* receiver, Node* context, Node* target, Node* frame_state, Node* value,
-    Node** effect, Node** control, Handle<SharedFunctionInfo> shared_info,
+    Node* receiver, Node* holder, Node* context, Node* target,
+    Node* frame_state, Node* value, Node** effect, Node** control,
+    Handle<SharedFunctionInfo> shared_info,
     Handle<FunctionTemplateInfo> function_template_info) {
   Handle<CallHandlerInfo> call_handler_info = handle(
       CallHandlerInfo::cast(function_template_info->call_code()), isolate());
   Handle<Object> call_data_object(call_handler_info->data(), isolate());
 
   // Only setters have a value.
   int const argc = value == nullptr ? 0 : 1;
   // The stub always expects the receiver as the first param on the stack.
   CallApiCallbackStub stub(
       isolate(), argc,
       true /* FunctionTemplateInfo doesn't have an associated context. */);
   CallInterfaceDescriptor call_interface_descriptor =
       stub.GetCallInterfaceDescriptor();
   CallDescriptor* call_descriptor = Linkage::GetStubCallDescriptor(
       isolate(), graph()->zone(), call_interface_descriptor,
       call_interface_descriptor.GetStackParameterCount() + argc +
-          1 /* implicit receiver */,
+          1 /* implicit receiver */ + 1 /* accessor holder */,
       CallDescriptor::kNeedsFrameState, Operator::kNoProperties,
       MachineType::AnyTagged(), 1);
 
   Node* data = jsgraph()->Constant(call_data_object);
   ApiFunction function(v8::ToCData<Address>(call_handler_info->callback()));
   Node* function_reference =
       graph()->NewNode(common()->ExternalConstant(ExternalReference(
           &function, ExternalReference::DIRECT_API_CALL, isolate())));
   Node* code = jsgraph()->HeapConstant(stub.GetCode());
 
   // Add CallApiCallbackStub's register argument as well.
-  Node* inputs[11] = {
-      code, target, data, receiver /* holder */, function_reference, receiver};
-  int index = 6 + argc;
+  Node* inputs[12] = {
+      code,   target,  data, receiver /* holder */, function_reference,
+      holder, receiver};
+  int index = 7 + argc;
   inputs[index++] = context;
   inputs[index++] = frame_state;
   inputs[index++] = *effect;
   inputs[index++] = *control;
   // This needs to stay here because of the edge case described in
   // http://crbug.com/675648.
   if (value != nullptr) {
-    inputs[6] = value;
+    inputs[7] = value;
   }
 
   return *effect = *control =
              graph()->NewNode(common()->Call(call_descriptor), index, inputs);
 }
 
 JSNativeContextSpecialization::ValueEffectControl
 JSNativeContextSpecialization::BuildPropertyLoad(
     Node* receiver, Node* context, Node* frame_state, Node* effect,
     Node* control, Handle<Name> name, ZoneVector<Node*>* if_exceptions,
@@ skipping 840 matching lines @@
   return jsgraph()->javascript();
 }
 
 SimplifiedOperatorBuilder* JSNativeContextSpecialization::simplified() const {
   return jsgraph()->simplified();
 }
 
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8