[runtime] Use JSBuiltinsConstructStub for all builtins where possible

In order to remove the construct_stub field of the SFI we need all
construct stubs to be the same, and do any branching at runtime
instead. For builtins we don't need to set the construct stub because
the builtins construct stub will call into it for us.

There should only be two builtins left without the builtins construct
stub: Array and InternalArray, which are special cases that need to
be dealt with in another CL.

Bug: v8:7503
Change-Id: If0d419399a9ee22c09cf2a5a3d3dbea7a04dee77
Reviewed-on: https://chromium-review.googlesource.com/968862Reviewed-by: Benedikt Meurer <bmeurer@chromium.org>
Commit-Queue: Peter Marshall <petermarshall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#52046}

src/bootstrapper.cc

@@ -1344,7 +1344,7 @@ static void InstallError(Isolate* isolate, Handle<JSObject> global,
       factory->the_hole_value(), Builtins::kErrorConstructor, DONT_ENUM);
   error_fun->shared()->DontAdaptArguments();
   error_fun->shared()->SetConstructStub(
-      *BUILTIN_CODE(isolate, ErrorConstructor));
+      *BUILTIN_CODE(isolate, JSBuiltinsConstructStub));
   error_fun->shared()->set_length(1);
 
   if (context_index == Context::ERROR_FUNCTION_INDEX) {
@@ -1554,7 +1554,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     function_fun->set_prototype_or_initial_map(*isolate->sloppy_function_map());
     function_fun->shared()->DontAdaptArguments();
     function_fun->shared()->SetConstructStub(
-        *BUILTIN_CODE(isolate, FunctionConstructor));
+        *BUILTIN_CODE(isolate, JSBuiltinsConstructStub));
     function_fun->shared()->set_length(1);
     InstallWithIntrinsicDefaultProto(isolate, function_fun,
                                      Context::FUNCTION_FUNCTION_INDEX);
@@ -3796,7 +3796,7 @@ void Bootstrapper::ExportFromRuntime(Isolate* isolate,
         native_context->generator_function_map());
     generator_function_function->shared()->DontAdaptArguments();
     generator_function_function->shared()->SetConstructStub(
-        *BUILTIN_CODE(isolate, GeneratorFunctionConstructor));
+        *BUILTIN_CODE(isolate, JSBuiltinsConstructStub));
     generator_function_function->shared()->set_length(1);
     InstallWithIntrinsicDefaultProto(
         isolate, generator_function_function,
@@ -3826,7 +3826,7 @@ void Bootstrapper::ExportFromRuntime(Isolate* isolate,
         native_context->async_generator_function_map());
     async_generator_function_function->shared()->DontAdaptArguments();
     async_generator_function_function->shared()->SetConstructStub(
-        *BUILTIN_CODE(isolate, AsyncGeneratorFunctionConstructor));
+        *BUILTIN_CODE(isolate, JSBuiltinsConstructStub));
     async_generator_function_function->shared()->set_length(1);
     InstallWithIntrinsicDefaultProto(
         isolate, async_generator_function_function,
@@ -4039,7 +4039,7 @@ void Bootstrapper::ExportFromRuntime(Isolate* isolate,
         native_context->async_function_map());
     async_function_constructor->shared()->DontAdaptArguments();
     async_function_constructor->shared()->SetConstructStub(
-        *BUILTIN_CODE(isolate, AsyncFunctionConstructor));
+        *BUILTIN_CODE(isolate, JSBuiltinsConstructStub));
     async_function_constructor->shared()->set_length(1);
     native_context->set_async_function_constructor(*async_function_constructor);
     JSObject::ForceSetPrototype(async_function_constructor,
@@ -4419,8 +4419,8 @@ Handle<JSFunction> Genesis::CreateArrayBuffer(
       CreateFunction(isolate(), name, JS_ARRAY_BUFFER_TYPE,
                      JSArrayBuffer::kSizeWithEmbedderFields, 0, prototype,
                      Builtins::kArrayBufferConstructor);
-  Handle<Code> code = BUILTIN_CODE(isolate(), JSBuiltinsConstructStub);
-  array_buffer_fun->shared()->SetConstructStub(*code);
+  array_buffer_fun->shared()->SetConstructStub(
+      *BUILTIN_CODE(isolate(), JSBuiltinsConstructStub));
   array_buffer_fun->shared()->DontAdaptArguments();
   array_buffer_fun->shared()->set_length(1);
 

src/builtins/builtins.cc

@@ -268,7 +268,6 @@ bool Builtins::IsLazy(int index) {
     case kInterpreterEnterBytecodeDispatch:
     case kInterpreterEntryTrampoline:
     case kPromiseConstructorLazyDeoptContinuation:  // https://crbug/v8/6786.
-    case kProxyConstructor:                   // https://crbug.com/v8/6787.
     case kRecordWrite:  // https://crbug.com/chromium/765301.
     case kThrowWasmTrapDivByZero:             // Required by wasm.
     case kThrowWasmTrapDivUnrepresentable:    // Required by wasm.

src/debug/debug-evaluate.cc

@@ -445,8 +445,7 @@ bool BuiltinToIntrinsicHasNoSideEffect(Builtins::Name builtin_id,
   V(Builtins::kArrayPrototypeSlice, W(CreateDataProperty) W(SetProperty)) \
   /* TypedArrays */                                                       \
   V(Builtins::kTypedArrayConstructor,                                     \
-    W(TypedArrayCopyElements) W(InternalSetPrototype)                     \
-        W(ThrowInvalidTypedArrayAlignment))                               \
+    W(TypedArrayCopyElements) W(ThrowInvalidTypedArrayAlignment))         \
   V(Builtins::kTypedArrayPrototypeFilter, W(TypedArrayCopyElements))      \
   V(Builtins::kTypedArrayPrototypeMap, W(SetProperty))
 
@@ -832,6 +831,7 @@ bool BuiltinHasNoSideEffect(Builtins::Name id) {
     case Builtins::kGlobalIsFinite:
     case Builtins::kGlobalIsNaN:
     // Error builtins.
+    case Builtins::kErrorConstructor:
     case Builtins::kMakeError:
     case Builtins::kMakeTypeError:
     case Builtins::kMakeSyntaxError:

src/objects.cc

@@ -13869,7 +13869,9 @@ void SharedFunctionInfo::SetConstructStub(Code* code) {
     int builtin_id = code->builtin_index();
     DCHECK_NE(Builtins::kDeserializeLazy, builtin_id);
     DCHECK(builtin_id == Builtins::kJSBuiltinsConstructStub ||
-           this->code() == code || !Builtins::IsLazy(builtin_id));
+           !Builtins::IsLazy(builtin_id));
+    // Builtins should use JSBuiltinsConstructStub.
+    DCHECK_NE(this->code(), code);
   }
 #endif
   set_construct_stub(code);