[turbofan] Mark JSStoreGlobal as NeedsExactContext

JSStoreGlobal can become a call into runtime code (SetProperty)
that inspects the context in order to get the language mode. Thus
always passing the native context is not good enough.

Bug: chromium:1065737
Change-Id: Iba9537cd3de743a0967325acf7900190aa835b5f
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2130280
Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
Commit-Queue: Nico Hartmann <nicohartmann@chromium.org>
Auto-Submit: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66946}

src/compiler/operator-properties.cc

@@ -53,7 +53,6 @@ bool OperatorProperties::NeedsExactContext(const Operator* op) {
     case IrOpcode::kJSLoadGlobal:
     case IrOpcode::kJSLoadMessage:
     case IrOpcode::kJSStackCheck:
-    case IrOpcode::kJSStoreGlobal:
     case IrOpcode::kJSStoreMessage:
     case IrOpcode::kJSGetIterator:
       return false;
@@ -83,6 +82,7 @@ bool OperatorProperties::NeedsExactContext(const Operator* op) {
     case IrOpcode::kJSLoadProperty:
     case IrOpcode::kJSStoreContext:
     case IrOpcode::kJSStoreDataPropertyInLiteral:
+    case IrOpcode::kJSStoreGlobal:
     case IrOpcode::kJSStoreInArrayLiteral:
     case IrOpcode::kJSStoreModule:
     case IrOpcode::kJSStoreNamed:

test/mjsunit/compiler/regress-1065737.js

@@ -0,0 +1,17 @@
+// Copyright 2020 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function foo() {
+  class c {
+    static get [v = 0]() {}
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+assertThrows(foo, ReferenceError);
+assertThrows(foo, ReferenceError);
+%OptimizeFunctionOnNextCall(foo);
+assertThrows(foo, ReferenceError);