[runtime] Fix ES6 9.2.1 [[Call]] when encountering a classConstructor.

src/arm/code-stubs-arm.cc

Index: src/arm/code-stubs-arm.cc
diff --git a/src/arm/code-stubs-arm.cc b/src/arm/code-stubs-arm.cc
index d85ebdb114c76ba4a3f9a9796d2154814e678ab8..069f458d4d74c03cff15c32625044d76f9485ef9 100644
--- a/src/arm/code-stubs-arm.cc
+++ b/src/arm/code-stubs-arm.cc
@@ -2380,8 +2380,11 @@ static void GenerateRecordCallTarget(MacroAssembler* masm, bool is_super) {
 
 
 static void EmitContinueIfStrictOrNative(MacroAssembler* masm, Label* cont) {
+  // ----------- S t a t e -------------
+  // -- r1 : the function to call
+  // -- r3 : the function's shared function info
+  // -----------------------------------
   // Do not transform the receiver for strict mode functions.
-  __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
   __ ldr(r4, FieldMemOperand(r3, SharedFunctionInfo::kCompilerHintsOffset));
   __ tst(r4, Operand(1 << (SharedFunctionInfo::kStrictModeFunction +
                            kSmiTagSize)));
@@ -2413,6 +2416,30 @@ static void EmitWrapCase(MacroAssembler* masm, int argc, Label* cont) {
 }
 
 
+static void EmitClassConstructorCallCheck(MacroAssembler* masm) {
+  // ----------- S t a t e -------------
+  // -- r1 : the function to call
+  // -- r3 : the function's shared function info
+  // -----------------------------------
+  // ClassConstructor Check: ES6 section 9.2.1 [[Call]]
+  Label non_class_constructor;
+  // Check whether the current function is a classConstructor This only works
+  // since kClassConstructor is more than 1 bit away from the byte boundary in
+  // CompilerHints (note that compiler_hints is stored as smi on 32bit
+  // architectures)
+  STATIC_ASSERT((FunctionKind::kClassConstructor << kSmiTagSize) <
+                (1 << kBitsPerByte));
+  __ ldrb(r4, FieldMemOperand(r3, SharedFunctionInfo::kFunctionKindByteOffset));
+  // Left-shift to account for smi storage in 32bits.
+  __ tst(r4, Operand(FunctionKind::kClassConstructor << kSmiTagSize));
+  __ b(eq, &non_class_constructor);
+  // If we call a classConstructor Function throw a TypeError
+  // indirectly via the CallFunction builtin.
+  __ Jump(masm->isolate()->builtins()->CallFunction(), RelocInfo::CODE_TARGET);
+  __ bind(&non_class_constructor);
+}
+
+
 static void CallFunctionNoFeedback(MacroAssembler* masm,
                                    int argc, bool needs_checks,
                                    bool call_as_method) {
@@ -2429,6 +2456,9 @@ static void CallFunctionNoFeedback(MacroAssembler* masm,
     __ b(ne, &slow);
   }
 
+  __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
+  EmitClassConstructorCallCheck(masm);
+
   // Fast-case: Invoke the function now.
   // r1: pushed function
   ParameterCount actual(argc);
@@ -2594,6 +2624,10 @@ void CallICStub::Generate(MacroAssembler* masm) {
   __ str(r3, FieldMemOperand(r2, 0));
 
   __ bind(&have_js_function);
+
+  __ ldr(r3, FieldMemOperand(r1, JSFunction::kSharedFunctionInfoOffset));
+  EmitClassConstructorCallCheck(masm);
+
   if (CallAsMethod()) {
     EmitContinueIfStrictOrNative(masm, &cont);
     // Compute the receiver in sloppy mode.