[snapshot] reset JSConstructStub to conform runtime flag

R=yangguo@chromium.org

Bug: v8:7305, v8:5536
Change-Id: I4750cf392dd60880e75e187a9091f62f9292ffe2
Reviewed-on: https://chromium-review.googlesource.com/866631
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Yang Guo <yangguo@chromium.org>
Cr-Commit-Position: refs/heads/master@{#50619}

src/snapshot/deserializer.cc

@@ -655,6 +655,24 @@ bool Deserializer<AllocatorT>::ReadData(Object** current, Object** limit,
   return true;
 }
 
+namespace {
+
+int FixupJSConstructStub(Isolate* isolate, int builtin_id) {
+  if (isolate->serializer_enabled()) return builtin_id;
+
+  if (FLAG_harmony_restrict_constructor_return &&
+      builtin_id == Builtins::kJSConstructStubGenericUnrestrictedReturn) {
+    return Builtins::kJSConstructStubGenericRestrictedReturn;
+  } else if (!FLAG_harmony_restrict_constructor_return &&
+             builtin_id == Builtins::kJSConstructStubGenericRestrictedReturn) {
+    return Builtins::kJSConstructStubGenericUnrestrictedReturn;
+  } else {
+    return builtin_id;
+  }
+}
+
+}  // namespace
+
 template <class AllocatorT>
 template <int where, int how, int within, int space_number_if_any>
 Object** Deserializer<AllocatorT>::ReadDataCase(Isolate* isolate,
@@ -705,7 +723,8 @@ Object** Deserializer<AllocatorT>::ReadDataCase(Isolate* isolate,
       emit_write_barrier = isolate->heap()->InNewSpace(new_object);
     } else {
       DCHECK_EQ(where, kBuiltin);
-      int builtin_id = MaybeReplaceWithDeserializeLazy(source_.GetInt());
+      int raw_id = MaybeReplaceWithDeserializeLazy(source_.GetInt());
+      int builtin_id = FixupJSConstructStub(isolate, raw_id);
       new_object = isolate->builtins()->builtin(builtin_id);
       emit_write_barrier = false;
     }