diff --git a/src/compiler/js-native-context-specialization.cc b/src/compiler/js-native-context-specialization.cc
index 4308903c9d1..dea47cc0966 100644
--- a/src/compiler/js-native-context-specialization.cc
+++ b/src/compiler/js-native-context-specialization.cc
@@ -2661,7 +2661,7 @@ JSNativeContextSpecialization::BuildElementAccess(
       // below are performed on unsigned values, which means that all the
       // Negative32 values are treated as out-of-bounds.
       index = graph()->NewNode(simplified()->NumberToUint32(), index);
-    } else if (access_mode != AccessMode::kHas) {
+    } else {
       // Check that the {index} is in the valid range for the {receiver}.
       index = effect =
           graph()->NewNode(simplified()->CheckBounds(VectorSlotPair()), index,
diff --git a/test/mjsunit/compiler/regress-952586.js b/test/mjsunit/compiler/regress-952586.js
new file mode 100644
index 00000000000..0a17ed76820
--- /dev/null
+++ b/test/mjsunit/compiler/regress-952586.js
@@ -0,0 +1,15 @@
+// Copyright 2019 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+a = new Int8Array(1);
+
+function f(i) {
+  return i in a;
+}
+
+assertTrue(f(0));
+%OptimizeFunctionOnNextCall(f);
+assertFalse(f(-1));