Set the current context to the function's context when entering to LAP.

src/x64/code-stubs-x64.cc

Index: src/x64/code-stubs-x64.cc
diff --git a/src/x64/code-stubs-x64.cc b/src/x64/code-stubs-x64.cc
index 84630928d49ee3a256af73a9a2268d49e029d49c..e2b7b96689d467e1e85004288907283927381c49 100644
--- a/src/x64/code-stubs-x64.cc
+++ b/src/x64/code-stubs-x64.cc
@@ -2755,15 +2755,20 @@ void CallApiCallbackStub::Generate(MacroAssembler* masm) {
   // holder
   __ Push(holder);
 
-  __ movp(scratch, rsp);
-  // Push return address back on stack.
-  __ PushReturnAddressFrom(return_address);
-
-  if (!this->is_lazy()) {
+  if (this->is_lazy()) {

[jochen (gone - plz use gerrit), 2017/06/14 09:26:01]

maybe we can just enter the correct context before invoking this stub, i.e., in
https://cs.chromium.org/chromium/src/v8/src/ic/x64/handler-compiler-x64.cc?rc...
we still have the accessor_holder so we could just load the context from there
(in the lazy case) or from the callee (in the non-lazy case).

Do you want to give that a try?

[Yuki, 2017/06/14 13:34:52]

I gave it a shot in PS8, but I failed so far.  Could you take a look at PS8 and
help me understand what's wrong?

I understand your suggestion to get the context from |accessor_holder|, but I
first tried to simply move the code to
PropertyHandlerCompiler::GenerateApiAccessorCall(), and it didn't work :( 
Replacing |holder| with |accessor_holder| didn't work, neither.

+    // load context from holder
+    __ movp(scratch, FieldOperand(holder, HeapObject::kMapOffset));
+    __ GetMapConstructor(scratch, scratch, context);
+    __ movp(context, FieldOperand(scratch, JSFunction::kContextOffset));
+  } else {
     // load context from callee
     __ movp(context, FieldOperand(callee, JSFunction::kContextOffset));
   }
 
+  __ movp(scratch, rsp);
+  // Push return address back on stack.
+  __ PushReturnAddressFrom(return_address);
+
   // Allocate the v8::Arguments structure in the arguments' space since
   // it's not controlled by GC.
   const int kApiStackSpace = 3;