Fix memento initialization when constructing from new call

src/arm/builtins-arm.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/v8.h"
 
 #if V8_TARGET_ARCH_ARM
 
 #include "src/codegen.h"
 #include "src/debug.h"
@@ skipping 314 matching lines @@
 
   // Should never create mementos for api functions.
   DCHECK(!is_api_function || !create_memento);
 
   Isolate* isolate = masm->isolate();
 
   // Enter a construct frame.
   {
     FrameAndConstantPoolScope scope(masm, StackFrame::CONSTRUCT);
 
-    if (create_memento) {
-      __ AssertUndefinedOrAllocationSite(r2, r4);
-      __ push(r2);
-    }
-
     // Preserve the incoming parameters on the stack.
+    __ AssertUndefinedOrAllocationSite(r2, r4);
+    __ push(r2);
     __ SmiTag(r0);
     __ push(r0);
     __ push(r1);
     __ push(r3);
 
     // Try to allocate the object without transitioning into C code. If any of
     // the preconditions is not met, the code bails out to the runtime call.
     Label rt_call, allocated;
     if (FLAG_inline_new) {
       ExternalReference debug_step_in_fp =
@@ skipping 118 matching lines @@
         __ sub(ip, r3, Operand(AllocationMemento::kSize / kPointerSize));
         __ add(r0, r4, Operand(ip, LSL, kPointerSizeLog2));  // End of object.
         __ InitializeFieldsWithFiller(r5, r0, r6);
 
         // Fill in memento fields.
         // r5: points to the allocated but uninitialized memento.
         __ LoadRoot(r6, Heap::kAllocationMementoMapRootIndex);
         DCHECK_EQ(0 * kPointerSize, AllocationMemento::kMapOffset);
         __ str(r6, MemOperand(r5, kPointerSize, PostIndex));
         // Load the AllocationSite
-        __ ldr(r6, MemOperand(sp, 2 * kPointerSize));
+        __ ldr(r6, MemOperand(sp, 3 * kPointerSize));
+        __ AssertUndefinedOrAllocationSite(r6, r0);
         DCHECK_EQ(1 * kPointerSize, AllocationMemento::kAllocationSiteOffset);
         __ str(r6, MemOperand(r5, kPointerSize, PostIndex));
       } else {
         __ add(r0, r4, Operand(r3, LSL, kPointerSizeLog2));  // End of object.
         __ InitializeFieldsWithFiller(r5, r0, r6);
       }
 
       // Add the object tag to make the JSObject real, so that we can continue
       // and jump into the continuation code at any time from now on.
       __ add(r4, r4, Operand(kHeapObjectTag));
@@ skipping 167 matching lines @@
 void Builtins::Generate_JSConstructStubForDerived(MacroAssembler* masm) {
   // ----------- S t a t e -------------
   //  -- r0     : number of arguments
   //  -- r1     : constructor function
   //  -- r2     : allocation site or undefined
   //  -- r3     : original constructor
   //  -- lr     : return address
   //  -- sp[...]: constructor arguments
   // -----------------------------------
 
-  // TODO(dslomov): support pretenuring
-  CHECK(!FLAG_pretenuring_call_new);
-
   {
     FrameScope frame_scope(masm, StackFrame::CONSTRUCT);
 
+    __ AssertUndefinedOrAllocationSite(r2, r4);
+    __ push(r2);
+
     __ mov(r4, r0);
     __ SmiTag(r4);
     __ push(r4);  // Smi-tagged arguments count.
 
     // Push new.target.
     __ push(r3);
 
     // receiver is the hole.
     __ LoadRoot(ip, Heap::kTheHoleValueRootIndex);
     __ push(ip);
@@ skipping 1047 matching lines @@
   }
 }
 
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_ARM