Initialize pre-allocated fields of JSObject with undefined.

src/x64/builtins-x64.cc

Index: src/x64/builtins-x64.cc
diff --git a/src/x64/builtins-x64.cc b/src/x64/builtins-x64.cc
index 8826906e09748bb4637961b7b164a97708bce7b4..7154098f47d98bf7c12d796c4e78a5978ed42b5a 100644
--- a/src/x64/builtins-x64.cc
+++ b/src/x64/builtins-x64.cc
@@ -207,19 +207,29 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
       // rax: initial map
       // rbx: JSObject
       // rdi: start of next object
-      { Label loop, entry;
+      { Label loop, entry, load_one_pointer_filler, continue_loop;
         // To allow for truncation.
+        __ lea(rcx, Operand(rbx, JSObject::kHeaderSize));
+        __ LoadRoot(rdx, Heap::kUndefinedValueRootIndex);
         if (count_constructions) {
+          __ movzxbq(rsi,
+                     FieldOperand(rax, Map::kPreAllocatedPropertyFieldsOffset));
+          __ incq(rsi);
+          __ jmp(&entry);
+          __ bind(&load_one_pointer_filler);
           __ LoadRoot(rdx, Heap::kOnePointerFillerMapRootIndex);
-        } else {
-          __ LoadRoot(rdx, Heap::kUndefinedValueRootIndex);
+          __ jmp(&continue_loop);
         }
-        __ lea(rcx, Operand(rbx, JSObject::kHeaderSize));
         __ jmp(&entry);
         __ bind(&loop);
         __ movq(Operand(rcx, 0), rdx);
         __ addq(rcx, Immediate(kPointerSize));
         __ bind(&entry);
+        if (count_constructions) {
+          __ decq(rsi);
+          __ j(zero, &load_one_pointer_filler);
+          __ bind(&continue_loop);
+        }
         __ cmpq(rcx, rdi);
         __ j(less, &loop);
       }