Fix memento initialization when constructing from new call

src/x64/builtins-x64.cc

Index: src/x64/builtins-x64.cc
diff --git a/src/x64/builtins-x64.cc b/src/x64/builtins-x64.cc
index c59d3ba78fbd557467904af73bba72810fb9521f..c32f84746fa61916cda6b1e9f681e392bedabb7c 100644
--- a/src/x64/builtins-x64.cc
+++ b/src/x64/builtins-x64.cc
@@ -116,10 +116,9 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
   {
     FrameScope scope(masm, StackFrame::CONSTRUCT);
 
-    if (create_memento) {
-      __ AssertUndefinedOrAllocationSite(rbx);
-      __ Push(rbx);
-    }
+    // Always push a potential allocation site to preserve a fixed frame size.
+    __ AssertUndefinedOrAllocationSite(rbx);
+    __ Push(rbx);
 
     // Preserve the incoming parameters on the stack.
     __ Integer32ToSmi(rax, rax);
@@ -254,7 +253,8 @@ static void Generate_JSConstructStubHelper(MacroAssembler* masm,
         __ Move(Operand(rsi, AllocationMemento::kMapOffset),
                 factory->allocation_memento_map());
         // Get the cell or undefined.
-        __ movp(rdx, Operand(rsp, kPointerSize*2));
+        __ movp(rdx, Operand(rsp, 3 * kPointerSize));
+        __ AssertUndefinedOrAllocationSite(rdx);
         __ movp(Operand(rsi, AllocationMemento::kAllocationSiteOffset), rdx);
       } else {
         __ InitializeFieldsWithFiller(rcx, rdi, rdx);
@@ -420,12 +420,14 @@ void Builtins::Generate_JSConstructStubForDerived(MacroAssembler* masm) {
   //  -- rbx: allocation site or undefined
   //  -- rdx: original constructor
   // -----------------------------------
-  // TODO(dslomov): support pretenuring
-  CHECK(!FLAG_pretenuring_call_new);
 
   {
     FrameScope frame_scope(masm, StackFrame::CONSTRUCT);
 
+    // Always push a potential allocation site to preserve a fixed frame size.
+    __ AssertUndefinedOrAllocationSite(rbx);
+    __ Push(rbx);
+
     // Store a smi-tagged arguments count on the stack.
     __ Integer32ToSmi(rax, rax);
     __ Push(rax);