[stubs] Simplify the non-function case of CallConstructStub.

src/arm/code-stubs-arm.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_ARM
 
 #include "src/base/bits.h"
 #include "src/bootstrapper.h"
 #include "src/code-stubs.h"
 #include "src/codegen.h"
@@ skipping 2510 matching lines @@
   // Jump to the function-specific construct stub.
   Register jmp_reg = r4;
   __ ldr(jmp_reg, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
   __ ldr(jmp_reg, FieldMemOperand(jmp_reg,
                                   SharedFunctionInfo::kConstructStubOffset));
   __ add(pc, jmp_reg, Operand(Code::kHeaderSize - kHeapObjectTag));
 
   // r0: number of arguments
   // r1: called object
   // r5: object type
-  Label do_call;
   __ bind(&slow);
-  __ cmp(r5, Operand(JS_FUNCTION_PROXY_TYPE));
-  __ b(ne, &non_function_call);
-  __ GetBuiltinFunction(
-      r1, Context::CALL_FUNCTION_PROXY_AS_CONSTRUCTOR_BUILTIN_INDEX);
-  __ jmp(&do_call);
+  {
+    // Overwrite the original receiver with the (original) target (not necessary
+    // in case of rdi being smi, when we jump directly to non_function_call
+    // below).
+    __ str(r1, MemOperand(sp, r0, LSL, kPointerSizeLog2));

[Michael Starzinger, 2015/09/11 09:17:37]

This is confusing. Why do we suddenly need to patch the receiver to point to the
target function? If this is really needed, can we clarify the comment so that
people understand why this patching happens?

[Benedikt Meurer, 2015/09/11 09:20:28]

You're right, receiver stays the same.

 
-  __ bind(&non_function_call);
-  __ GetBuiltinFunction(
-      r1, Context::CALL_NON_FUNCTION_AS_CONSTRUCTOR_BUILTIN_INDEX);
-  __ bind(&do_call);
-  // Set expected number of arguments to zero (not changing r0).
-  __ mov(r2, Operand::Zero());
-  __ Jump(masm->isolate()->builtins()->ArgumentsAdaptorTrampoline(),
-          RelocInfo::CODE_TARGET);
+    __ cmp(r5, Operand(JS_FUNCTION_PROXY_TYPE));
+    __ b(ne, &non_function_call);
+    // TODO(neis): This doesn't match the ES6 spec for [[Construct]] on proxies.
+    __ ldr(r1, FieldMemOperand(r1, JSFunctionProxy::kConstructTrapOffset));
+    __ Jump(isolate()->builtins()->Call(), RelocInfo::CODE_TARGET);
+
+    __ bind(&non_function_call);
+    {
+      // Determine the delegate for the target (if any).
+      FrameAndConstantPoolScope scope(masm, StackFrame::INTERNAL);
+      __ SmiTag(r0);
+      __ Push(r0, r1);
+      __ CallRuntime(Runtime::kGetConstructorDelegate, 1);
+      __ mov(r1, r0);
+      __ Pop(r0);
+      __ SmiUntag(r0);
+    }
+    // The delegate is always a regular function.
+    __ AssertFunction(r1);
+    __ Jump(masm->isolate()->builtins()->CallFunction(),
+            RelocInfo::CODE_TARGET);
+  }
 }
 
 
 static void EmitLoadTypeFeedbackVector(MacroAssembler* masm, Register vector) {
   __ ldr(vector, MemOperand(fp, JavaScriptFrameConstants::kFunctionOffset));
   __ ldr(vector, FieldMemOperand(vector,
                                  JSFunction::kSharedFunctionInfoOffset));
   __ ldr(vector, FieldMemOperand(vector,
                                  SharedFunctionInfo::kFeedbackVectorOffset));
 }
@@ skipping 2990 matching lines @@
                            MemOperand(fp, 6 * kPointerSize), NULL);
 }
 
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_ARM