[runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.

src/arm/code-stubs-arm.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #if V8_TARGET_ARCH_ARM
 
 #include "src/base/bits.h"
 #include "src/bootstrapper.h"
 #include "src/code-stubs.h"
 #include "src/codegen.h"
@@ skipping 2362 matching lines @@
   __ b(&done);
 
   __ bind(&not_array_function);
   CreateWeakCellStub weak_cell_stub(masm->isolate());
   CallStubInRecordCallTarget(masm, &weak_cell_stub, is_super);
   __ bind(&done);
 }
 
 
 static void EmitContinueIfStrictOrNative(MacroAssembler* masm, Label* cont) {
+  // ----------- S t a t e -------------
+  // -- r1 : the function to call
+  // -- r3 : the function's shared function info
+  // -----------------------------------
   // Do not transform the receiver for strict mode functions.
-  __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
   __ ldr(r4, FieldMemOperand(r3, SharedFunctionInfo::kCompilerHintsOffset));
   __ tst(r4, Operand(1 << (SharedFunctionInfo::kStrictModeFunction +
                            kSmiTagSize)));
   __ b(ne, cont);
 
   // Do not transform the receiver for native (Compilerhints already in r3).
   __ tst(r4, Operand(1 << (SharedFunctionInfo::kNative + kSmiTagSize)));
   __ b(ne, cont);
 }
 
@@ skipping 11 matching lines @@
     __ mov(r0, r3);
     ToObjectStub stub(masm->isolate());
     __ CallStub(&stub);
     __ pop(r1);
   }
   __ str(r0, MemOperand(sp, argc * kPointerSize));
   __ jmp(cont);
 }
 
 
+static void EmitClassConstructorCallCheck(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  // -- r1 : the function to call
+  // -- r3 : the function's shared function info
+  // -----------------------------------
+  // ClassConstructor Check: ES6 section 9.2.1 [[Call]]
+  Label non_class_constructor;
+  // Check whether the current function is a classConstructor This only works
+  // since kClassConstructor is more than 1 bit away from the byte boundary in
+  // CompilerHints (note that compiler_hints is stored as smi on 32bit
+  // architectures)
+  STATIC_ASSERT((FunctionKind::kClassConstructor << kSmiTagSize) <
+                (1 << kBitsPerByte));
+  __ ldrb(r4, FieldMemOperand(r3, SharedFunctionInfo::kFunctionKindByteOffset));
+  // Left-shift to account for smi storage in 32bits.
+  __ tst(r4, Operand(FunctionKind::kClassConstructor << kSmiTagSize));
+  __ b(eq, &non_class_constructor);
+  // If we call a classConstructor Function throw a TypeError
+  // indirectly via the CallFunction builtin.
+  __ Jump(masm->isolate()->builtins()->CallFunction(), RelocInfo::CODE_TARGET);
+  __ bind(&non_class_constructor);
+}
+
+
 static void CallFunctionNoFeedback(MacroAssembler* masm,
                                    int argc, bool needs_checks,
                                    bool call_as_method) {
   // r1 : the function to call
   Label slow, wrap, cont;
 
   if (needs_checks) {
     // Check that the function is really a JavaScript function.
     // r1: pushed function (to be verified)
     __ JumpIfSmi(r1, &slow);
 
     // Goto slow case if we do not have a function.
     __ CompareObjectType(r1, r4, r4, JS_FUNCTION_TYPE);
     __ b(ne, &slow);
   }
 
+  __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
+  EmitClassConstructorCallCheck(masm);
+
   // Fast-case: Invoke the function now.
   // r1: pushed function
   ParameterCount actual(argc);
 
   if (call_as_method) {
     if (needs_checks) {
       EmitContinueIfStrictOrNative(masm, &cont);
     }
 
     // Compute the receiver in sloppy mode.
@@ skipping 145 matching lines @@
   __ JumpIfSmi(r1, &extra_checks_or_miss);
 
   // Increment the call count for monomorphic function calls.
   __ add(r2, r2, Operand::PointerOffsetFromSmiKey(r3));
   __ add(r2, r2, Operand(FixedArray::kHeaderSize + kPointerSize));
   __ ldr(r3, FieldMemOperand(r2, 0));
   __ add(r3, r3, Operand(Smi::FromInt(CallICNexus::kCallCountIncrement)));
   __ str(r3, FieldMemOperand(r2, 0));
 
   __ bind(&have_js_function);
+
+  __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
+  EmitClassConstructorCallCheck(masm);
+
   if (CallAsMethod()) {
     EmitContinueIfStrictOrNative(masm, &cont);
     // Compute the receiver in sloppy mode.
     __ ldr(r3, MemOperand(sp, argc * kPointerSize));
 
     __ JumpIfSmi(r3, &wrap);
     __ CompareObjectType(r3, r4, r4, FIRST_SPEC_OBJECT_TYPE);
     __ b(lt, &wrap);
 
     __ bind(&cont);
@@ skipping 2955 matching lines @@
                            MemOperand(fp, 6 * kPointerSize), NULL);
 }
 
 
 #undef __
 
 }  // namespace internal
 }  // namespace v8
 
 #endif  // V8_TARGET_ARCH_ARM