Make CallSite constructor inaccessible from JS

src/bootstrapper.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/bootstrapper.h"
 
 #include "src/accessors.h"
 #include "src/api-natives.h"
 #include "src/base/ieee754.h"
 #include "src/code-stubs.h"
@@ skipping 2626 matching lines @@
           SimpleInstallFunction(container, "AsyncFunctionThrow",
                                 Builtins::kGeneratorPrototypeThrow, 1, true);
       async_function_next->shared()->set_native(false);
       async_function_throw->shared()->set_native(false);
     }
   }
 
   {  // -- C a l l S i t e
     // Builtin functions for CallSite.
 
+    // CallSites are a special case; the constructor is for our private use
+    // only, therefore we set it up as a builtin that throws. Internally, we use
+    // CallSiteUtils::Construct to create CallSite objects.
+
     Handle<JSFunction> callsite_fun = InstallFunction(
         container, "CallSite", JS_OBJECT_TYPE, JSObject::kHeaderSize,
-        isolate->initial_object_prototype(), Builtins::kCallSiteConstructor);
+        isolate->initial_object_prototype(), Builtins::kUnsupportedThrower);
     callsite_fun->shared()->DontAdaptArguments();
     callsite_fun->shared()->set_native(true);
 
     isolate->native_context()->set_callsite_function(*callsite_fun);
 
     {
       Handle<JSObject> proto =
           factory->NewJSObject(isolate->object_function(), TENURED);
       JSObject::AddProperty(proto, factory->constructor_string(), callsite_fun,
                             DONT_ENUM);
@@ skipping 1401 matching lines @@
 }
 
 
 // Called when the top-level V8 mutex is destroyed.
 void Bootstrapper::FreeThreadResources() {
   DCHECK(!IsActive());
 }
 
 }  // namespace internal
 }  // namespace v8