Change AccessorPair::GetComponent to require an explicit native_context

This CL changes the signature of AccessorPair::GetComponent to take an additional parameter {native_context}. The current native_context does not always match the native context of the holder, resulting in JSFunctions that have the wrong native context for lazy instantiated AccessorPairs. Bug: chromium:989909, v8:6495 Change-Id: I45bfcb27ac367858dd6788736eba1a2e1302e802 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735311Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#63078}

Change AccessorPair::GetComponent to require an explicit native_context
This CL changes the signature of AccessorPair::GetComponent to take an additional parameter {native_context}. The current native_context does not always match the native context of the holder, resulting in JSFunctions that have the wrong native context for lazy instantiated AccessorPairs. Bug: chromium:989909, v8:6495 Change-Id: I45bfcb27ac367858dd6788736eba1a2e1302e802 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1735311Reviewed-by: Toon Verwaest <verwaest@chromium.org> Commit-Queue: Simon Zünd <szuend@chromium.org> Cr-Commit-Position: refs/heads/master@{#63078}
900f3a5d · Simon Zünd · Commit Bot · 9d4a2ae1 · 900f3a5d · 900f3a5d
Commit 900f3a5d authored Aug 05, 2019 by Simon Zünd Committed by Commit Bot Aug 05, 2019
5 changed files
--- a/src/builtins/builtins-object.cc
+++ b/src/builtins/builtins-object.cc
@@ -156,8 +156,11 @@ Object ObjectLookupAccessor(Isolate* isolate, Handle<Object> object,
      case LookupIterator::ACCESSOR: {
        Handle<Object> maybe_pair = it.GetAccessors();
        if (maybe_pair->IsAccessorPair()) {
+          Handle<NativeContext> native_context =
+              it.GetHolder<JSReceiver>()->GetCreationContext();
          return *AccessorPair::GetComponent(
-              isolate, Handle<AccessorPair>::cast(maybe_pair), component);
+              isolate, native_context, Handle<AccessorPair>::cast(maybe_pair),
+              component);
        }
      }
    }

--- a/src/objects/js-objects.cc
+++ b/src/objects/js-objects.cc
@@ -1614,12 +1614,14 @@ Maybe<bool> JSReceiver::GetOwnPropertyDescriptor(LookupIterator* it,
    // 6. Else X is an accessor property, so
    Handle<AccessorPair> accessors =
        Handle<AccessorPair>::cast(it->GetAccessors());
+    Handle<NativeContext> native_context =
+        it->GetHolder<JSReceiver>()->GetCreationContext();
    // 6a. Set D.[[Get]] to the value of X's [[Get]] attribute.
-    desc->set_get(
-        AccessorPair::GetComponent(isolate, accessors, ACCESSOR_GETTER));
+    desc->set_get(AccessorPair::GetComponent(isolate, native_context, accessors,
+                                             ACCESSOR_GETTER));
    // 6b. Set D.[[Set]] to the value of X's [[Set]] attribute.
-    desc->set_set(
-        AccessorPair::GetComponent(isolate, accessors, ACCESSOR_SETTER));
+    desc->set_set(AccessorPair::GetComponent(isolate, native_context, accessors,
+                                             ACCESSOR_SETTER));
  }

  // 7. Set D.[[Enumerable]] to the value of X's [[Enumerable]] attribute.

--- a/src/objects/objects.cc
+++ b/src/objects/objects.cc
@@ -4289,11 +4289,13 @@ Handle<AccessorPair> AccessorPair::Copy(Isolate* isolate,
 }

 Handle<Object> AccessorPair::GetComponent(Isolate* isolate,
+                                          Handle<NativeContext> native_context,
                                          Handle<AccessorPair> accessor_pair,
                                          AccessorComponent component) {
  Object accessor = accessor_pair->get(component);
  if (accessor.IsFunctionTemplateInfo()) {
    return ApiNatives::InstantiateFunction(
+               isolate, native_context,
               handle(FunctionTemplateInfo::cast(accessor), isolate))
        .ToHandleChecked();
  }

--- a/src/objects/struct.h
+++ b/src/objects/struct.h
@@ -60,6 +60,7 @@ class AccessorPair : public Struct {

  // Note: Returns undefined if the component is not set.
  static Handle<Object> GetComponent(Isolate* isolate,
+                                     Handle<NativeContext> native_context,
                                     Handle<AccessorPair> accessor_pair,
                                     AccessorComponent component);


--- a/test/unittests/unittests.status
+++ b/test/unittests/unittests.status
@@ -3,12 +3,6 @@
 # found in the LICENSE file.

 [
-[ALWAYS, {
-  # https://crbug.com/986063.
-  # TODO(szuend): Re-enable test once the fix has landed.
-  'AccessRegressionTest.InstantiatedLazyAccessorPairsHaveCorrectNativeContext': [FAIL],
-}],  # ALWAYS
-
 ['system == macos and asan', {
  # BUG(820416).
  'BitsDeathTest*': [SKIP],