Reverting 2768.

src/ia32/stub-cache-ia32.cc

 // Copyright 2006-2009 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 1768 matching lines @@
 
   // Now allocate the JSObject on the heap by moving the new space allocation
   // top forward.
   // edi: constructor
   // ebx: initial map
   __ movzx_b(ecx, FieldOperand(ebx, Map::kInstanceSizeOffset));
   __ shl(ecx, kPointerSizeLog2);
   // Make sure that the maximum heap object size will never cause us
   // problems here.
   ASSERT(Heap::MaxObjectSizeInPagedSpace() >= JSObject::kMaxInstanceSize);
-  __ AllocateObjectInNewSpace(ecx, edx, ecx, no_reg, &generic_stub_call, false);
+  ExternalReference new_space_allocation_top =
+      ExternalReference::new_space_allocation_top_address();
+  __ mov(edx, Operand::StaticVariable(new_space_allocation_top));
+  __ add(ecx, Operand(edx));  // Calculate new top.
+  ExternalReference new_space_allocation_limit =
+      ExternalReference::new_space_allocation_limit_address();
+  __ cmp(ecx, Operand::StaticVariable(new_space_allocation_limit));
+  __ j(above_equal, &generic_stub_call);
+
+  // Update new space top.
+  __ mov(Operand::StaticVariable(new_space_allocation_top), ecx);
 
   // Allocated the JSObject, now initialize the fields and add the heap tag.
   // ebx: initial map
   // edx: JSObject
   __ mov(Operand(edx, JSObject::kMapOffset), ebx);
   __ mov(ebx, Factory::empty_fixed_array());
   __ mov(Operand(edx, JSObject::kPropertiesOffset), ebx);
   __ mov(Operand(edx, JSObject::kElementsOffset), ebx);
   __ or_(Operand(edx), Immediate(kHeapObjectTag));
 
@@ skipping 43 matching lines @@
   for (int i = shared->this_property_assignments_count();
        i < shared->CalculateInObjectProperties();
        i++) {
     __ mov(Operand(edx, i * kPointerSize), edi);
   }
 
   // Move argc to ebx and retreive the JSObject to return.
   __ mov(ebx, eax);
   __ pop(eax);
 
-  // Remove caller arguments and receiver from the stack and return.
+  // Remove caller arguments from the stack and return.
   __ pop(ecx);
-  __ lea(esp, Operand(esp, ebx, times_pointer_size, 1 * kPointerSize));
+  __ lea(esp, Operand(esp, ebx, times_4, 1 * kPointerSize));  // 1 ~ receiver
   __ push(ecx);
   __ IncrementCounter(&Counters::constructed_objects, 1);
   __ IncrementCounter(&Counters::constructed_objects_stub, 1);
   __ ret(0);
 
   // Jump to the generic stub in case the specialized code cannot handle the
   // construction.
   __ bind(&generic_stub_call);
   Code* code = Builtins::builtin(Builtins::JSConstructStubGeneric);
   Handle<Code> generic_construct_stub(code);
   __ jmp(generic_construct_stub, RelocInfo::CODE_TARGET);
 
   // Return the generated code.
   return GetCode();
 }
 
 
 #undef __
 
 } }  // namespace v8::internal