Unify all four JSConstructStub generators into one.

src/ia32/builtins-ia32.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_IA32
 
 #include "src/code-factory.h"
 #include "src/codegen.h"
@@ skipping 121 matching lines @@
     __ jmp(count_incremented);
   } else {
     __ jmp(allocated);
   }
 }
 
 
 static void Generate_JSConstructStubHelper(MacroAssembler* masm,
                                            bool is_api_function,
                                            bool use_new_target,
+                                           bool is_derived_class,
                                            bool create_memento) {
   // ----------- S t a t e -------------
   //  -- eax: number of arguments
   //  -- edi: constructor function
   //  -- ebx: allocation site or undefined
   //  -- edx: original constructor
   // -----------------------------------
 
   // Should never create mementos for api functions.
   DCHECK(!is_api_function || !create_memento);
 
+  // Should never create mementos for subclass constructors.
+  DCHECK(!is_derived_class || !create_memento);
+
   // Enter a construct frame.
   {
     FrameScope scope(masm, StackFrame::CONSTRUCT);
 
     if (create_memento) {
       __ AssertUndefinedOrAllocationSite(ebx);
       __ push(ebx);
     }
 
     // Preserve the incoming parameters on the stack.
     __ SmiTag(eax);
     __ push(eax);
-    __ push(edi);
-    if (use_new_target) {
-      __ push(edx);
+    if (!is_derived_class) {
+      __ push(edi);
+      if (use_new_target) {
+        __ push(edx);
+      }
+
+      __ cmp(edx, edi);
+      Label normal_new;
+      Label count_incremented;
+      Label allocated;
+      __ j(equal, &normal_new);
+
+      // Original constructor and function are different.
+      Generate_Runtime_NewObject(masm, create_memento, edx, &count_incremented,
+                                 &allocated);
+      __ bind(&normal_new);
+
+      // Try to allocate the object without transitioning into C code. If any of
+      // the preconditions is not met, the code bails out to the runtime call.
+      Label rt_call;
+      if (FLAG_inline_new) {
+        Label undo_allocation;
+        ExternalReference debug_step_in_fp =
+            ExternalReference::debug_step_in_fp_address(masm->isolate());
+        __ cmp(Operand::StaticVariable(debug_step_in_fp), Immediate(0));
+        __ j(not_equal, &rt_call);
+
+        // Verified that the constructor is a JSFunction.
+        // Load the initial map and verify that it is in fact a map.
+        // edi: constructor
+        __ mov(eax,
+               FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
+        // Will both indicate a NULL and a Smi
+        __ JumpIfSmi(eax, &rt_call);
+        // edi: constructor
+        // eax: initial map (if proven valid below)
+        __ CmpObjectType(eax, MAP_TYPE, ebx);
+        __ j(not_equal, &rt_call);
+
+        // Check that the constructor is not constructing a JSFunction (see
+        // comments in Runtime_NewObject in runtime.cc). In which case the
+        // initial map's instance type would be JS_FUNCTION_TYPE.
+        // edi: constructor
+        // eax: initial map
+        __ CmpInstanceType(eax, JS_FUNCTION_TYPE);
+        __ j(equal, &rt_call);
+
+        if (!is_api_function) {
+          Label allocate;
+          // The code below relies on these assumptions.
+          STATIC_ASSERT(Map::Counter::kShift + Map::Counter::kSize == 32);
+          // Check if slack tracking is enabled.
+          __ mov(esi, FieldOperand(eax, Map::kBitField3Offset));
+          __ shr(esi, Map::Counter::kShift);
+          __ cmp(esi, Map::kSlackTrackingCounterEnd);
+          __ j(less, &allocate);
+          // Decrease generous allocation count.
+          __ sub(FieldOperand(eax, Map::kBitField3Offset),
+                 Immediate(1 << Map::Counter::kShift));
+
+          __ cmp(esi, Map::kSlackTrackingCounterEnd);
+          __ j(not_equal, &allocate);
+
+          __ push(eax);
+          __ push(edi);
+
+          __ push(edi);  // constructor
+          __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
+
+          __ pop(edi);
+          __ pop(eax);
+          __ mov(esi, Map::kSlackTrackingCounterEnd - 1);
+
+          __ bind(&allocate);
+        }
+
+        // Now allocate the JSObject on the heap.
+        // edi: constructor
+        // eax: initial map
+        __ movzx_b(edi, FieldOperand(eax, Map::kInstanceSizeOffset));
+        __ shl(edi, kPointerSizeLog2);
+        if (create_memento) {
+          __ add(edi, Immediate(AllocationMemento::kSize));
+        }
+
+        __ Allocate(edi, ebx, edi, no_reg, &rt_call, NO_ALLOCATION_FLAGS);
+
+        Factory* factory = masm->isolate()->factory();
+
+        // Allocated the JSObject, now initialize the fields.
+        // eax: initial map
+        // ebx: JSObject
+        // edi: start of next object (including memento if create_memento)
+        __ mov(Operand(ebx, JSObject::kMapOffset), eax);
+        __ mov(ecx, factory->empty_fixed_array());
+        __ mov(Operand(ebx, JSObject::kPropertiesOffset), ecx);
+        __ mov(Operand(ebx, JSObject::kElementsOffset), ecx);
+        // Set extra fields in the newly allocated object.
+        // eax: initial map
+        // ebx: JSObject
+        // edi: start of next object (including memento if create_memento)
+        // esi: slack tracking counter (non-API function case)
+        __ mov(edx, factory->undefined_value());
+        __ lea(ecx, Operand(ebx, JSObject::kHeaderSize));
+        if (!is_api_function) {
+          Label no_inobject_slack_tracking;
+
+          // Check if slack tracking is enabled.
+          __ cmp(esi, Map::kSlackTrackingCounterEnd);
+          __ j(less, &no_inobject_slack_tracking);
+
+          // Allocate object with a slack.
+          __ movzx_b(esi,
+                     FieldOperand(eax, Map::kPreAllocatedPropertyFieldsOffset));
+          __ lea(esi,
+                 Operand(ebx, esi, times_pointer_size, JSObject::kHeaderSize));
+          // esi: offset of first field after pre-allocated fields
+          if (FLAG_debug_code) {
+            __ cmp(esi, edi);
+            __ Assert(less_equal,
+                      kUnexpectedNumberOfPreAllocatedPropertyFields);
+          }
+          __ InitializeFieldsWithFiller(ecx, esi, edx);
+          __ mov(edx, factory->one_pointer_filler_map());
+          // Fill the remaining fields with one pointer filler map.
+
+          __ bind(&no_inobject_slack_tracking);
+        }
+
+        if (create_memento) {
+          __ lea(esi, Operand(edi, -AllocationMemento::kSize));
+          __ InitializeFieldsWithFiller(ecx, esi, edx);
+
+          // Fill in memento fields if necessary.
+          // esi: points to the allocated but uninitialized memento.
+          __ mov(Operand(esi, AllocationMemento::kMapOffset),
+                 factory->allocation_memento_map());
+          // Get the cell or undefined.
+          __ mov(edx, Operand(esp, kPointerSize * 2));
+          __ mov(Operand(esi, AllocationMemento::kAllocationSiteOffset), edx);
+        } else {
+          __ InitializeFieldsWithFiller(ecx, edi, edx);
+        }
+
+        // Add the object tag to make the JSObject real, so that we can continue
+        // and jump into the continuation code at any time from now on. Any
+        // failures need to undo the allocation, so that the heap is in a
+        // consistent state and verifiable.
+        // eax: initial map
+        // ebx: JSObject
+        // edi: start of next object
+        __ or_(ebx, Immediate(kHeapObjectTag));
+
+        // Check if a non-empty properties array is needed.
+        // Allocate and initialize a FixedArray if it is.
+        // eax: initial map
+        // ebx: JSObject
+        // edi: start of next object
+        // Calculate the total number of properties described by the map.
+        __ movzx_b(edx, FieldOperand(eax, Map::kUnusedPropertyFieldsOffset));
+        __ movzx_b(ecx,
+                   FieldOperand(eax, Map::kPreAllocatedPropertyFieldsOffset));
+        __ add(edx, ecx);
+        // Calculate unused properties past the end of the in-object properties.
+        __ movzx_b(ecx, FieldOperand(eax, Map::kInObjectPropertiesOffset));
+        __ sub(edx, ecx);
+        // Done if no extra properties are to be allocated.
+        __ j(zero, &allocated);
+        __ Assert(positive, kPropertyAllocationCountFailed);
+
+        // Scale the number of elements by pointer size and add the header for
+        // FixedArrays to the start of the next object calculation from above.
+        // ebx: JSObject
+        // edi: start of next object (will be start of FixedArray)
+        // edx: number of elements in properties array
+        __ Allocate(FixedArray::kHeaderSize, times_pointer_size, edx,
+                    REGISTER_VALUE_IS_INT32, edi, ecx, no_reg, &undo_allocation,
+                    RESULT_CONTAINS_TOP);
+
+        // Initialize the FixedArray.
+        // ebx: JSObject
+        // edi: FixedArray
+        // edx: number of elements
+        // ecx: start of next object
+        __ mov(eax, factory->fixed_array_map());
+        __ mov(Operand(edi, FixedArray::kMapOffset), eax);  // setup the map
+        __ SmiTag(edx);
+        __ mov(Operand(edi, FixedArray::kLengthOffset), edx);  // and length
+
+        // Initialize the fields to undefined.
+        // ebx: JSObject
+        // edi: FixedArray
+        // ecx: start of next object
+        __ mov(edx, factory->undefined_value());
+        __ lea(eax, Operand(edi, FixedArray::kHeaderSize));
+        __ InitializeFieldsWithFiller(eax, ecx, edx);
+
+        // Store the initialized FixedArray into the properties field of
+        // the JSObject
+        // ebx: JSObject
+        // edi: FixedArray
+        __ or_(edi, Immediate(kHeapObjectTag));  // add the heap tag
+        __ mov(FieldOperand(ebx, JSObject::kPropertiesOffset), edi);
+
+
+        // Continue with JSObject being successfully allocated
+        // ebx: JSObject
+        __ jmp(&allocated);
+
+        // Undo the setting of the new top so that the heap is verifiable. For
+        // example, the map's unused properties potentially do not match the
+        // allocated objects unused properties.
+        // ebx: JSObject (previous new top)
+        __ bind(&undo_allocation);
+        __ UndoAllocationInNewSpace(ebx);
+      }
+
+      // Allocate the new receiver object using the runtime call.
+      __ bind(&rt_call);
+      Generate_Runtime_NewObject(masm, create_memento, edi, &count_incremented,
+                                 &allocated);
+      // New object allocated.
+      // ebx: newly allocated object
+      __ bind(&allocated);
+
+      if (create_memento) {
+        int offset = (use_new_target ? 3 : 2) * kPointerSize;
+        __ mov(ecx, Operand(esp, offset));
+        __ cmp(ecx, masm->isolate()->factory()->undefined_value());
+        __ j(equal, &count_incremented);
+        // ecx is an AllocationSite. We are creating a memento from it, so we
+        // need to increment the memento create count.
+        __ add(FieldOperand(ecx, AllocationSite::kPretenureCreateCountOffset),
+               Immediate(Smi::FromInt(1)));
+        __ bind(&count_incremented);
+      }
+
+      // Restore the parameters.
+      if (use_new_target) {
+        __ pop(edx);  // new.target
+      }
+      __ pop(edi);  // Constructor function.
+
+      // Retrieve smi-tagged arguments count from the stack.
+      __ mov(eax, Operand(esp, 0));
     }
-
-    __ cmp(edx, edi);
-    Label normal_new;
-    Label count_incremented;
-    Label allocated;
-    __ j(equal, &normal_new);
-
-    // Original constructor and function are different.
-    Generate_Runtime_NewObject(masm, create_memento, edx, &count_incremented,
-                               &allocated);
-    __ bind(&normal_new);
-
-    // Try to allocate the object without transitioning into C code. If any of
-    // the preconditions is not met, the code bails out to the runtime call.
-    Label rt_call;
-    if (FLAG_inline_new) {
-      Label undo_allocation;
-      ExternalReference debug_step_in_fp =
-          ExternalReference::debug_step_in_fp_address(masm->isolate());
-      __ cmp(Operand::StaticVariable(debug_step_in_fp), Immediate(0));
-      __ j(not_equal, &rt_call);
-
-      // Verified that the constructor is a JSFunction.
-      // Load the initial map and verify that it is in fact a map.
-      // edi: constructor
-      __ mov(eax, FieldOperand(edi, JSFunction::kPrototypeOrInitialMapOffset));
-      // Will both indicate a NULL and a Smi
-      __ JumpIfSmi(eax, &rt_call);
-      // edi: constructor
-      // eax: initial map (if proven valid below)
-      __ CmpObjectType(eax, MAP_TYPE, ebx);
-      __ j(not_equal, &rt_call);
-
-      // Check that the constructor is not constructing a JSFunction (see
-      // comments in Runtime_NewObject in runtime.cc). In which case the
-      // initial map's instance type would be JS_FUNCTION_TYPE.
-      // edi: constructor
-      // eax: initial map
-      __ CmpInstanceType(eax, JS_FUNCTION_TYPE);
-      __ j(equal, &rt_call);
-
-      if (!is_api_function) {
-        Label allocate;
-        // The code below relies on these assumptions.
-        STATIC_ASSERT(Map::Counter::kShift + Map::Counter::kSize == 32);
-        // Check if slack tracking is enabled.
-        __ mov(esi, FieldOperand(eax, Map::kBitField3Offset));
-        __ shr(esi, Map::Counter::kShift);
-        __ cmp(esi, Map::kSlackTrackingCounterEnd);
-        __ j(less, &allocate);
-        // Decrease generous allocation count.
-        __ sub(FieldOperand(eax, Map::kBitField3Offset),
-               Immediate(1 << Map::Counter::kShift));
-
-        __ cmp(esi, Map::kSlackTrackingCounterEnd);
-        __ j(not_equal, &allocate);
-
-        __ push(eax);
-        __ push(edi);
-
-        __ push(edi);  // constructor
-        __ CallRuntime(Runtime::kFinalizeInstanceSize, 1);
-
-        __ pop(edi);
-        __ pop(eax);
-        __ mov(esi, Map::kSlackTrackingCounterEnd - 1);
-
-        __ bind(&allocate);
-      }
-
-      // Now allocate the JSObject on the heap.
-      // edi: constructor
-      // eax: initial map
-      __ movzx_b(edi, FieldOperand(eax, Map::kInstanceSizeOffset));
-      __ shl(edi, kPointerSizeLog2);
-      if (create_memento) {
-        __ add(edi, Immediate(AllocationMemento::kSize));
-      }
-
-      __ Allocate(edi, ebx, edi, no_reg, &rt_call, NO_ALLOCATION_FLAGS);
-
-      Factory* factory = masm->isolate()->factory();
-
-      // Allocated the JSObject, now initialize the fields.
-      // eax: initial map
-      // ebx: JSObject
-      // edi: start of next object (including memento if create_memento)
-      __ mov(Operand(ebx, JSObject::kMapOffset), eax);
-      __ mov(ecx, factory->empty_fixed_array());
-      __ mov(Operand(ebx, JSObject::kPropertiesOffset), ecx);
-      __ mov(Operand(ebx, JSObject::kElementsOffset), ecx);
-      // Set extra fields in the newly allocated object.
-      // eax: initial map
-      // ebx: JSObject
-      // edi: start of next object (including memento if create_memento)
-      // esi: slack tracking counter (non-API function case)
-      __ mov(edx, factory->undefined_value());
-      __ lea(ecx, Operand(ebx, JSObject::kHeaderSize));
-      if (!is_api_function) {
-        Label no_inobject_slack_tracking;
-
-        // Check if slack tracking is enabled.
-        __ cmp(esi, Map::kSlackTrackingCounterEnd);
-        __ j(less, &no_inobject_slack_tracking);
-
-        // Allocate object with a slack.
-        __ movzx_b(esi,
-                   FieldOperand(eax, Map::kPreAllocatedPropertyFieldsOffset));
-        __ lea(esi,
-               Operand(ebx, esi, times_pointer_size, JSObject::kHeaderSize));
-        // esi: offset of first field after pre-allocated fields
-        if (FLAG_debug_code) {
-          __ cmp(esi, edi);
-          __ Assert(less_equal,
-                    kUnexpectedNumberOfPreAllocatedPropertyFields);
-        }
-        __ InitializeFieldsWithFiller(ecx, esi, edx);
-        __ mov(edx, factory->one_pointer_filler_map());
-        // Fill the remaining fields with one pointer filler map.
-
-        __ bind(&no_inobject_slack_tracking);
-      }
-
-      if (create_memento) {
-        __ lea(esi, Operand(edi, -AllocationMemento::kSize));
-        __ InitializeFieldsWithFiller(ecx, esi, edx);
-
-        // Fill in memento fields if necessary.
-        // esi: points to the allocated but uninitialized memento.
-        __ mov(Operand(esi, AllocationMemento::kMapOffset),
-               factory->allocation_memento_map());
-        // Get the cell or undefined.
-        __ mov(edx, Operand(esp, kPointerSize*2));
-        __ mov(Operand(esi, AllocationMemento::kAllocationSiteOffset),
-               edx);
-      } else {
-        __ InitializeFieldsWithFiller(ecx, edi, edx);
-      }
-
-      // Add the object tag to make the JSObject real, so that we can continue
-      // and jump into the continuation code at any time from now on. Any
-      // failures need to undo the allocation, so that the heap is in a
-      // consistent state and verifiable.
-      // eax: initial map
-      // ebx: JSObject
-      // edi: start of next object
-      __ or_(ebx, Immediate(kHeapObjectTag));
-
-      // Check if a non-empty properties array is needed.
-      // Allocate and initialize a FixedArray if it is.
-      // eax: initial map
-      // ebx: JSObject
-      // edi: start of next object
-      // Calculate the total number of properties described by the map.
-      __ movzx_b(edx, FieldOperand(eax, Map::kUnusedPropertyFieldsOffset));
-      __ movzx_b(ecx,
-                 FieldOperand(eax, Map::kPreAllocatedPropertyFieldsOffset));
-      __ add(edx, ecx);
-      // Calculate unused properties past the end of the in-object properties.
-      __ movzx_b(ecx, FieldOperand(eax, Map::kInObjectPropertiesOffset));
-      __ sub(edx, ecx);
-      // Done if no extra properties are to be allocated.
-      __ j(zero, &allocated);
-      __ Assert(positive, kPropertyAllocationCountFailed);
-
-      // Scale the number of elements by pointer size and add the header for
-      // FixedArrays to the start of the next object calculation from above.
-      // ebx: JSObject
-      // edi: start of next object (will be start of FixedArray)
-      // edx: number of elements in properties array
-      __ Allocate(FixedArray::kHeaderSize,
-                  times_pointer_size,
-                  edx,
-                  REGISTER_VALUE_IS_INT32,
-                  edi,
-                  ecx,
-                  no_reg,
-                  &undo_allocation,
-                  RESULT_CONTAINS_TOP);
-
-      // Initialize the FixedArray.
-      // ebx: JSObject
-      // edi: FixedArray
-      // edx: number of elements
-      // ecx: start of next object
-      __ mov(eax, factory->fixed_array_map());
-      __ mov(Operand(edi, FixedArray::kMapOffset), eax);  // setup the map
-      __ SmiTag(edx);
-      __ mov(Operand(edi, FixedArray::kLengthOffset), edx);  // and length
-
-      // Initialize the fields to undefined.
-      // ebx: JSObject
-      // edi: FixedArray
-      // ecx: start of next object
-      __ mov(edx, factory->undefined_value());
-      __ lea(eax, Operand(edi, FixedArray::kHeaderSize));
-      __ InitializeFieldsWithFiller(eax, ecx, edx);
-
-      // Store the initialized FixedArray into the properties field of
-      // the JSObject
-      // ebx: JSObject
-      // edi: FixedArray
-      __ or_(edi, Immediate(kHeapObjectTag));  // add the heap tag
-      __ mov(FieldOperand(ebx, JSObject::kPropertiesOffset), edi);
-
-
-      // Continue with JSObject being successfully allocated
-      // ebx: JSObject
-      __ jmp(&allocated);
-
-      // Undo the setting of the new top so that the heap is verifiable. For
-      // example, the map's unused properties potentially do not match the
-      // allocated objects unused properties.
-      // ebx: JSObject (previous new top)
-      __ bind(&undo_allocation);
-      __ UndoAllocationInNewSpace(ebx);
-    }
-
-    // Allocate the new receiver object using the runtime call.
-    __ bind(&rt_call);
-    Generate_Runtime_NewObject(masm, create_memento, edi, &count_incremented,
-                               &allocated);
-    // New object allocated.
-    // ebx: newly allocated object
-    __ bind(&allocated);
-
-    if (create_memento) {
-      int offset = (use_new_target ? 3 : 2) * kPointerSize;
-      __ mov(ecx, Operand(esp, offset));
-      __ cmp(ecx, masm->isolate()->factory()->undefined_value());
-      __ j(equal, &count_incremented);
-      // ecx is an AllocationSite. We are creating a memento from it, so we
-      // need to increment the memento create count.
-      __ add(FieldOperand(ecx, AllocationSite::kPretenureCreateCountOffset),
-             Immediate(Smi::FromInt(1)));
-      __ bind(&count_incremented);
-    }
-
-    // Restore the parameters.
-    if (use_new_target) {
-      __ pop(edx);  // new.target
-    }
-    __ pop(edi);  // Constructor function.
-
-    // Retrieve smi-tagged arguments count from the stack.
-    __ mov(eax, Operand(esp, 0));
     __ SmiUntag(eax);
 
     // Push new.target onto the construct frame. This is stored just below the
     // receiver on the stack.
     if (use_new_target) {
       __ push(edx);
     }
 
     // Push the allocated receiver to the stack. We need two copies
     // because we may have to return the original one and the calling
     // conventions dictate that the called function pops the receiver.
-    __ push(ebx);
-    __ push(ebx);
+    if (!is_derived_class) {
+      __ push(ebx);
+      __ push(ebx);
+    } else {
+      // receiver is the hole.
+      __ push(Immediate(masm->isolate()->factory()->the_hole_value()));
+    }
 
     // Set up pointer to last argument.
     __ lea(ebx, Operand(ebp, StandardFrameConstants::kCallerSPOffset));
 
     // Copy arguments and receiver to the expression stack.
     Label loop, entry;
     __ mov(ecx, eax);
     __ jmp(&entry);
     __ bind(&loop);
     __ push(Operand(ebx, ecx, times_4, 0));
     __ bind(&entry);
     __ dec(ecx);
     __ j(greater_equal, &loop);
 
+    // Handle step in.
+    if (is_derived_class) {
+      Label skip_step_in;
+      ExternalReference debug_step_in_fp =
+          ExternalReference::debug_step_in_fp_address(masm->isolate());
+      __ cmp(Operand::StaticVariable(debug_step_in_fp), Immediate(0));
+      __ j(equal, &skip_step_in);
+
+      __ push(eax);
+      __ push(edi);
+      __ push(edi);
+      __ CallRuntime(Runtime::kHandleStepInForDerivedConstructors, 1);
+      __ pop(edi);
+      __ pop(eax);
+
+      __ bind(&skip_step_in);
+    }
+
     // Call the function.
     if (is_api_function) {
       __ mov(esi, FieldOperand(edi, JSFunction::kContextOffset));
       Handle<Code> code =
           masm->isolate()->builtins()->HandleApiCallConstruct();
       __ call(code, RelocInfo::CODE_TARGET);
     } else {
       ParameterCount actual(eax);
       __ InvokeFunction(edi, actual, CALL_FUNCTION,
                         NullCallWrapper());
     }
 
     // Store offset of return address for deoptimizer.
     // TODO(arv): Remove the "!use_new_target" before supporting optimization
     // of functions that reference new.target
-    if (!is_api_function && !use_new_target) {
+    if (!is_api_function && !use_new_target && !is_derived_class) {
       masm->isolate()->heap()->SetConstructStubDeoptPCOffset(masm->pc_offset());
     }
 
     // Restore context from the frame.
     __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
 
     // If the result is an object (in the ECMA sense), we should get rid
     // of the receiver and use the result; see ECMA-262 section 13.2.2-7
     // on page 74.
-    Label use_receiver, exit;
+    if (!is_derived_class) {
+      Label use_receiver, exit;
 
-    // If the result is a smi, it is *not* an object in the ECMA sense.
-    __ JumpIfSmi(eax, &use_receiver);
+      // If the result is a smi, it is *not* an object in the ECMA sense.
+      __ JumpIfSmi(eax, &use_receiver);
 
-    // If the type of the result (stored in its map) is less than
-    // FIRST_SPEC_OBJECT_TYPE, it is not an object in the ECMA sense.
-    __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
-    __ j(above_equal, &exit);
+      // If the type of the result (stored in its map) is less than
+      // FIRST_SPEC_OBJECT_TYPE, it is not an object in the ECMA sense.
+      __ CmpObjectType(eax, FIRST_SPEC_OBJECT_TYPE, ecx);
+      __ j(above_equal, &exit);
 
-    // Throw away the result of the constructor invocation and use the
-    // on-stack receiver as the result.
-    __ bind(&use_receiver);
-    __ mov(eax, Operand(esp, 0));
+      // Throw away the result of the constructor invocation and use the
+      // on-stack receiver as the result.
+      __ bind(&use_receiver);
+      __ mov(eax, Operand(esp, 0));
+
+      __ bind(&exit);
+    }
 
     // Restore the arguments count and leave the construct frame. The arguments
     // count is stored below the reciever and the new.target.
-    __ bind(&exit);
-    int offset = (use_new_target ? 2 : 1) * kPointerSize;
+    int offset = ((use_new_target && !is_derived_class) ? 2 : 1) * kPointerSize;
     __ mov(ebx, Operand(esp, offset));
 
     // Leave construct frame.
   }
 
   // Remove caller arguments from the stack and return.
   STATIC_ASSERT(kSmiTagSize == 1 && kSmiTag == 0);
   __ pop(ecx);
   __ lea(esp, Operand(esp, ebx, times_2, 1 * kPointerSize));  // 1 ~ receiver
   __ push(ecx);
   __ IncrementCounter(masm->isolate()->counters()->constructed_objects(), 1);
   __ ret(0);
 }
 
 
 void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
-  Generate_JSConstructStubHelper(masm, false, false, FLAG_pretenuring_call_new);
+  bool create_memento = FLAG_pretenuring_call_new;
+  Generate_JSConstructStubHelper(masm, false, false, false, create_memento);
 }
 
 
 void Builtins::Generate_JSConstructStubApi(MacroAssembler* masm) {
-  Generate_JSConstructStubHelper(masm, true, false, false);
+  Generate_JSConstructStubHelper(masm, true, false, false, false);
 }
 
 
 void Builtins::Generate_JSConstructStubNewTarget(MacroAssembler* masm) {

[arv (Not doing code reviews), 2015/07/07 16:32:26]

I think we should get rid of this stub and have JSConstructStubGeneric always
use new.target

[Michael Starzinger, 2015/07/07 16:46:59]

Yes, oh god please yes, from the bottom of my heart, let's do that!

[Michael Starzinger, 2015/07/07 16:50:59]

To rephrase this in a more professional way: Agreed, I will do so in a follow-up
CL after this one.

-  Generate_JSConstructStubHelper(masm, false, true, FLAG_pretenuring_call_new);
+  bool create_memento = FLAG_pretenuring_call_new;
+  Generate_JSConstructStubHelper(masm, false, true, false, create_memento);
 }
 
 
 void Builtins::Generate_JSConstructStubForDerived(MacroAssembler* masm) {
-  // ----------- S t a t e -------------
-  //  -- eax: number of arguments
-  //  -- edi: constructor function
-  //  -- ebx: allocation site or undefined
-  //  -- edx: original constructor
-  // -----------------------------------
-
-  // TODO(dslomov): support pretenuring
-  CHECK(!FLAG_pretenuring_call_new);
-
-  {
-    FrameScope frame_scope(masm, StackFrame::CONSTRUCT);
-
-    // Preserve actual arguments count.
-    __ SmiTag(eax);
-    __ push(eax);
-    __ SmiUntag(eax);
-
-    // Push new.target.
-    __ push(edx);
-
-    // receiver is the hole.
-    __ push(Immediate(masm->isolate()->factory()->the_hole_value()));
-
-    // Set up pointer to last argument.
-    __ lea(ebx, Operand(ebp, StandardFrameConstants::kCallerSPOffset));
-
-    // Copy arguments and receiver to the expression stack.
-    Label loop, entry;
-    __ mov(ecx, eax);
-    __ jmp(&entry);
-    __ bind(&loop);
-    __ push(Operand(ebx, ecx, times_4, 0));
-    __ bind(&entry);
-    __ dec(ecx);
-    __ j(greater_equal, &loop);
-
-    // Handle step in.
-    Label skip_step_in;
-    ExternalReference debug_step_in_fp =
-        ExternalReference::debug_step_in_fp_address(masm->isolate());
-    __ cmp(Operand::StaticVariable(debug_step_in_fp), Immediate(0));
-    __ j(equal, &skip_step_in);
-
-    __ push(eax);
-    __ push(edi);
-    __ push(edi);
-    __ CallRuntime(Runtime::kHandleStepInForDerivedConstructors, 1);
-    __ pop(edi);
-    __ pop(eax);
-
-    __ bind(&skip_step_in);
-
-    // Invoke function.
-    ParameterCount actual(eax);
-    __ InvokeFunction(edi, actual, CALL_FUNCTION, NullCallWrapper());
-
-    // Restore context from the frame.
-    __ mov(esi, Operand(ebp, StandardFrameConstants::kContextOffset));
-
-    // Get arguments count, skipping over new.target.
-    __ mov(ebx, Operand(esp, kPointerSize));
-  }
-
-  __ pop(ecx);  // Return address.
-  __ lea(esp, Operand(esp, ebx, times_2, 1 * kPointerSize));
-  __ push(ecx);
-  __ ret(0);
+  Generate_JSConstructStubHelper(masm, false, true, true, false);
 }
 
 
 enum IsTagged { kEaxIsSmiTagged, kEaxIsUntaggedInt };
 
 
 // Clobbers ecx, edx, edi; preserves all other registers.
 static void Generate_CheckStackOverflow(MacroAssembler* masm,
                                         const int calleeOffset,
                                         IsTagged eax_is_tagged) {
@@ skipping 1133 matching lines @@
 
   __ bind(&ok);
   __ ret(0);
 }
 
 #undef __
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_IA32