[es6] Better support for built-ins subclassing.

src/runtime/runtime-object.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/runtime/runtime-utils.h"
 
 #include "src/arguments.h"
 #include "src/bootstrapper.h"
 #include "src/debug/debug.h"
 #include "src/isolate-inl.h"
@@ skipping 974 matching lines @@
   // Check that function is a constructor.
   if (!function->IsConstructor()) {
     THROW_NEW_ERROR_RETURN_FAILURE(
         isolate, NewTypeError(MessageTemplate::kNotConstructor, constructor));
   }
 
   Debug* debug = isolate->debug();
   // Handle stepping into constructors if step into is active.
   if (debug->StepInActive()) debug->HandleStepIn(function, true);
 
-  if (function->has_initial_map()) {
+  if (function->has_initial_map() && original_function->has_initial_map()) {

[Toon Verwaest, 2015/10/29 12:54:46]

Do we still need this additional special case now it's already handled below?

[Igor Sheludko, 2015/10/29 15:26:22]

Done.

     if (function->initial_map()->instance_type() == JS_FUNCTION_TYPE) {
       // The 'Function' function ignores the receiver object when
       // called using 'new' and creates a new JSFunction object that
       // is returned.  The receiver object is only used for error
       // reporting if an error occurs when constructing the new
       // JSFunction. Factory::NewJSObject() should not be used to
       // allocate JSFunctions since it does not properly initialize
       // the shared part of the function. Since the receiver is
       // ignored anyway, we use the global object as the receiver
       // instead of a new JSFunction object. This way, errors are
       // reported the same way whether or not 'Function' is called
       // using 'new'.
       return isolate->global_proxy();
     }
   }
 
   // The function should be compiled for the optimization hints to be
   // available.
   Compiler::Compile(function, CLEAR_EXCEPTION);
 
-  Handle<JSObject> result;
-  if (site.is_null()) {
-    result = isolate->factory()->NewJSObject(function);
-  } else {
-    result = isolate->factory()->NewJSObjectWithMemento(function, site);
+  JSFunction::EnsureHasInitialMap(function);
+  Handle<Map> initial_map =
+      JSFunction::EnsureDerivedHasInitialMap(original_function, function);
+
+  if (initial_map->instance_type() == JS_FUNCTION_TYPE) {
+    return isolate->global_proxy();
   }
 
-  // Set up the prototoype using original function.
-  // TODO(dslomov): instead of setting the __proto__,
-  // use and cache the correct map.
-  if (*original_function != *function) {
-    if (original_function->has_instance_prototype()) {
-      Handle<Object> prototype =
-          handle(original_function->instance_prototype(), isolate);
-      MAYBE_RETURN(JSObject::SetPrototype(result, prototype, false,
-                                          Object::THROW_ON_ERROR),
-                   isolate->heap()->exception());
-    }
-  }
+  Handle<JSObject> result =
+      isolate->factory()->NewJSObjectFromMap(initial_map, NOT_TENURED, site);
 
   isolate->counters()->constructed_objects()->Increment();
   isolate->counters()->constructed_objects_runtime()->Increment();
 
   return *result;
 }
 
 
 RUNTIME_FUNCTION(Runtime_NewObject) {
   HandleScope scope(isolate);
@@ skipping 529 matching lines @@
 
 RUNTIME_FUNCTION(Runtime_ObjectDefineProperties) {
   HandleScope scope(isolate);
   DCHECK(args.length() == 2);
   CONVERT_ARG_HANDLE_CHECKED(Object, o, 0);
   CONVERT_ARG_HANDLE_CHECKED(Object, properties, 1);
   return JSReceiver::DefineProperties(isolate, o, properties);
 }
 }  // namespace internal
 }  // namespace v8