Bug 1155618 - Report allocation failure to context for baseline ICStubs r=jandem
authorJon Coppeard <jcoppeard@mozilla.com>
Thu, 07 May 2015 10:14:40 +0100
changeset 274117 29f691ba32226459b66ac3b924bbcebefa34b299
parent 274116 ceadd609623b36aed16dd02e54bd876d600515cf
child 274118 ff666faf8a5d1282c0d289862ac356c7b71d6b2f
push id863
push userraliiev@mozilla.com
push dateMon, 03 Aug 2015 13:22:43 +0000
treeherdermozilla-release@f6321b14228d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjandem
bugs1155618
milestone40.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1155618 - Report allocation failure to context for baseline ICStubs r=jandem
js/src/jit/BaselineDebugModeOSR.cpp
js/src/jit/BaselineIC.cpp
js/src/jit/BaselineIC.h
--- a/js/src/jit/BaselineDebugModeOSR.cpp
+++ b/js/src/jit/BaselineDebugModeOSR.cpp
@@ -761,17 +761,17 @@ CloneOldBaselineStub(JSContext* cx, Debu
 
     // Clone the existing stub into the recompiled IC.
     //
     // Note that since JitCode is a GC thing, cloning an ICStub with the same
     // JitCode ensures it won't be collected.
     switch (oldStub->kind()) {
 #define CASE_KIND(kindName)                                                  \
       case ICStub::kindName:                                                 \
-        entry.newStub = IC##kindName::Clone(stubSpace, firstMonitorStub,     \
+        entry.newStub = IC##kindName::Clone(cx, stubSpace, firstMonitorStub, \
                                             *oldStub->to##kindName());       \
         break;
         PATCHABLE_ICSTUB_KIND_LIST(CASE_KIND)
 #if JS_HAS_NO_SUCH_METHOD
         PATCHABLE_NSM_ICSTUB_KIND_LIST(CASE_KIND)
 #endif
 #undef CASE_KIND
 
--- a/js/src/jit/BaselineIC.cpp
+++ b/js/src/jit/BaselineIC.cpp
@@ -1770,17 +1770,17 @@ DoNewObject(JSContext* cx, BaselineFrame
                 !templateObject->as<PlainObject>().hasDynamicSlots())
             {
                 JitCode* code = GenerateNewObjectWithTemplateCode(cx, templateObject);
                 if (!code)
                     return false;
 
                 ICStubSpace* space =
                     ICStubCompiler::StubSpaceForKind(ICStub::NewObject_WithTemplate, script);
-                ICStub* templateStub = ICStub::New<ICNewObject_WithTemplate>(space, code);
+                ICStub* templateStub = ICStub::New<ICNewObject_WithTemplate>(cx, space, code);
                 if (!templateStub)
                     return false;
 
                 stub->addNewStub(templateStub);
             }
 
             stub->setTemplateObject(templateObject);
         }
@@ -7890,24 +7890,24 @@ ICGetProp_Primitive::Compiler::generateS
 ICGetPropNativeStub*
 ICGetPropNativeCompiler::getStub(ICStubSpace* space)
 {
     ReceiverGuard guard(obj_);
 
     switch (kind) {
       case ICStub::GetProp_Native: {
         MOZ_ASSERT(obj_ == holder_);
-        return ICStub::New<ICGetProp_Native>(space, getStubCode(), firstMonitorStub_, guard, offset_);
+        return newStub<ICGetProp_Native>(space, getStubCode(), firstMonitorStub_, guard, offset_);
       }
 
       case ICStub::GetProp_NativePrototype: {
         MOZ_ASSERT(obj_ != holder_);
         Shape* holderShape = holder_->as<NativeObject>().lastProperty();
-        return ICStub::New<ICGetProp_NativePrototype>(space, getStubCode(), firstMonitorStub_, guard,
-                                                      offset_, holder_, holderShape);
+        return newStub<ICGetProp_NativePrototype>(space, getStubCode(), firstMonitorStub_, guard,
+                                                  offset_, holder_, holderShape);
       }
 
       default:
         MOZ_CRASH("Bad stub kind");
     }
 }
 
 static void
@@ -8410,32 +8410,32 @@ ICGetPropCallDOMProxyNativeCompiler::get
         expandoVal = expandoAndGeneration->expando;
         generation = expandoAndGeneration->generation;
     }
 
     if (expandoVal.isObject())
         expandoShape = expandoVal.toObject().as<NativeObject>().lastProperty();
 
     if (kind == ICStub::GetProp_CallDOMProxyNative) {
-        return ICStub::New<ICGetProp_CallDOMProxyNative>(
+        return newStub<ICGetProp_CallDOMProxyNative>(
             space, getStubCode(), firstMonitorStub_, shape,
             expandoShape, holder_, holderShape, getter_, pcOffset_);
     }
 
-    return ICStub::New<ICGetProp_CallDOMProxyWithGenerationNative>(
+    return newStub<ICGetProp_CallDOMProxyWithGenerationNative>(
         space, getStubCode(), firstMonitorStub_, shape,
         expandoAndGeneration, generation, expandoShape, holder_, holderShape, getter_,
         pcOffset_);
 }
 
 ICStub*
 ICGetProp_DOMProxyShadowed::Compiler::getStub(ICStubSpace* space)
 {
     RootedShape shape(cx, proxy_->maybeShape());
-    return New<ICGetProp_DOMProxyShadowed>(space, getStubCode(), firstMonitorStub_, shape,
+    return New<ICGetProp_DOMProxyShadowed>(cx, space, getStubCode(), firstMonitorStub_, shape,
                                            proxy_->handler(), name_, pcOffset_);
 }
 
 static bool
 ProxyGet(JSContext* cx, HandleObject proxy, HandlePropertyName name, MutableHandleValue vp)
 {
     RootedId id(cx, NameToId(name));
     return Proxy::get(cx, proxy, proxy, id, vp);
@@ -8576,20 +8576,20 @@ ICGetProp_ArgumentsCallee::Compiler::gen
     EmitEnterTypeMonitorIC(masm);
 
     masm.bind(&failure);
     EmitStubGuardFailure(masm);
     return true;
 }
 
 /* static */ ICGetProp_Generic*
-ICGetProp_Generic::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetProp_Generic::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                          ICGetProp_Generic& other)
 {
-    return New<ICGetProp_Generic>(space, other.jitCode(), firstMonitorStub);
+    return New<ICGetProp_Generic>(cx, space, other.jitCode(), firstMonitorStub);
 }
 
 static bool
 DoGetPropGeneric(JSContext* cx, BaselineFrame* frame, ICGetProp_Generic* stub, MutableHandleValue val, MutableHandleValue res)
 {
     jsbytecode* pc = stub->getChainFallback()->icEntry()->pc(frame->script());
     JSOp op = JSOp(*pc);
     RootedPropertyName name(cx, frame->script()->getName(pc));
@@ -11883,17 +11883,17 @@ ICTableSwitch::Compiler::getStub(ICStubS
         int32_t off = GET_JUMP_OFFSET(pc);
         if (off)
             table[i] = pc_ + off;
         else
             table[i] = defaultpc;
         pc += JUMP_OFFSET_LEN;
     }
 
-    return ICStub::New<ICTableSwitch>(space, code, table, low, length, defaultpc);
+    return newStub<ICTableSwitch>(space, code, table, low, length, defaultpc);
 }
 
 void
 ICTableSwitch::fixupJumpTable(JSScript* script, BaselineScript* baseline)
 {
     defaultTarget_ = baseline->nativeCodeForPC(script, (jsbytecode*) defaultTarget_);
 
     for (int32_t i = 0; i < length_; i++)
@@ -12494,75 +12494,77 @@ ICGetElemNativePrototypeCallStub::ICGetE
                                 uint32_t pcOffset, JSObject* holder, Shape* holderShape)
   : ICGetElemNativeGetterStub(kind, stubCode, firstMonitorStub, shape, name, acctype, needsAtomize,
                               getter, pcOffset),
     holder_(holder),
     holderShape_(holderShape)
 {}
 
 /* static */ ICGetElem_NativePrototypeCallNative*
-ICGetElem_NativePrototypeCallNative::Clone(ICStubSpace* space,
+ICGetElem_NativePrototypeCallNative::Clone(JSContext* cx,
+                                           ICStubSpace* space,
                                            ICStub* firstMonitorStub,
                                            ICGetElem_NativePrototypeCallNative& other)
 {
-    return New<ICGetElem_NativePrototypeCallNative>(space, other.jitCode(), firstMonitorStub,
+    return New<ICGetElem_NativePrototypeCallNative>(cx, space, other.jitCode(), firstMonitorStub,
                                                     other.shape(), other.name(), other.accessType(),
                                                     other.needsAtomize(), other.getter(), other.pcOffset_,
                                                     other.holder(), other.holderShape());
 }
 
 /* static */ ICGetElem_NativePrototypeCallScripted*
-ICGetElem_NativePrototypeCallScripted::Clone(ICStubSpace* space,
+ICGetElem_NativePrototypeCallScripted::Clone(JSContext* cx,
+                                             ICStubSpace* space,
                                              ICStub* firstMonitorStub,
                                              ICGetElem_NativePrototypeCallScripted& other)
 {
-    return New<ICGetElem_NativePrototypeCallScripted>(space, other.jitCode(), firstMonitorStub,
+    return New<ICGetElem_NativePrototypeCallScripted>(cx, space, other.jitCode(), firstMonitorStub,
                                                       other.shape(), other.name(),
                                                       other.accessType(), other.needsAtomize(), other.getter(),
                                                       other.pcOffset_, other.holder(), other.holderShape());
 }
 
 ICGetElem_Dense::ICGetElem_Dense(JitCode* stubCode, ICStub* firstMonitorStub, Shape* shape)
     : ICMonitoredStub(GetElem_Dense, stubCode, firstMonitorStub),
       shape_(shape)
 { }
 
 /* static */ ICGetElem_Dense*
-ICGetElem_Dense::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetElem_Dense::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                        ICGetElem_Dense& other)
 {
-    return New<ICGetElem_Dense>(space, other.jitCode(), firstMonitorStub, other.shape_);
+    return New<ICGetElem_Dense>(cx, space, other.jitCode(), firstMonitorStub, other.shape_);
 }
 
 ICGetElem_UnboxedArray::ICGetElem_UnboxedArray(JitCode* stubCode, ICStub* firstMonitorStub,
                                                ObjectGroup *group)
   : ICMonitoredStub(GetElem_UnboxedArray, stubCode, firstMonitorStub),
     group_(group)
 { }
 
 /* static */ ICGetElem_UnboxedArray*
-ICGetElem_UnboxedArray::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetElem_UnboxedArray::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                               ICGetElem_UnboxedArray& other)
 {
-    return New<ICGetElem_UnboxedArray>(space, other.jitCode(), firstMonitorStub, other.group_);
+    return New<ICGetElem_UnboxedArray>(cx, space, other.jitCode(), firstMonitorStub, other.group_);
 }
 
 ICGetElem_TypedArray::ICGetElem_TypedArray(JitCode* stubCode, Shape* shape, Scalar::Type type)
   : ICStub(GetElem_TypedArray, stubCode),
     shape_(shape)
 {
     extra_ = uint16_t(type);
     MOZ_ASSERT(extra_ == type);
 }
 
 /* static */ ICGetElem_Arguments*
-ICGetElem_Arguments::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetElem_Arguments::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                            ICGetElem_Arguments& other)
 {
-    return New<ICGetElem_Arguments>(space, other.jitCode(), firstMonitorStub, other.which());
+    return New<ICGetElem_Arguments>(cx, space, other.jitCode(), firstMonitorStub, other.which());
 }
 
 ICSetElem_DenseOrUnboxedArray::ICSetElem_DenseOrUnboxedArray(JitCode* stubCode, Shape* shape, ObjectGroup* group)
   : ICUpdatedStub(SetElem_DenseOrUnboxedArray, stubCode),
     shape_(shape),
     group_(group)
 { }
 
@@ -12578,17 +12580,17 @@ ICSetElem_DenseOrUnboxedArrayAdd::ICSetE
 template <size_t ProtoChainDepth>
 ICUpdatedStub*
 ICSetElemDenseOrUnboxedArrayAddCompiler::getStubSpecific(ICStubSpace* space, const AutoShapeVector* shapes)
 {
     RootedObjectGroup group(cx, obj_->getGroup(cx));
     if (!group)
         return nullptr;
     Rooted<JitCode*> stubCode(cx, getStubCode());
-    return ICStub::New<ICSetElem_DenseOrUnboxedArrayAddImpl<ProtoChainDepth>>(space, stubCode, group, shapes);
+    return newStub<ICSetElem_DenseOrUnboxedArrayAddImpl<ProtoChainDepth>>(space, stubCode, group, shapes);
 }
 
 ICSetElem_TypedArray::ICSetElem_TypedArray(JitCode* stubCode, Shape* shape, Scalar::Type type,
                                            bool expectOutOfBounds)
   : ICStub(SetElem_TypedArray, stubCode),
     shape_(shape)
 {
     extra_ = uint8_t(type);
@@ -12692,36 +12694,36 @@ ICGetPropNativeStub::ICGetPropNativeStub
                                          ICStub* firstMonitorStub,
                                          ReceiverGuard guard, uint32_t offset)
   : ICMonitoredStub(kind, stubCode, firstMonitorStub),
     receiverGuard_(guard),
     offset_(offset)
 { }
 
 /* static */ ICGetProp_Native*
-ICGetProp_Native::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetProp_Native::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                         ICGetProp_Native& other)
 {
-    return New<ICGetProp_Native>(space, other.jitCode(), firstMonitorStub, other.receiverGuard(),
-                                 other.offset());
+    return New<ICGetProp_Native>(cx, space, other.jitCode(), firstMonitorStub,
+                                 other.receiverGuard(), other.offset());
 }
 
 ICGetProp_NativePrototype::ICGetProp_NativePrototype(JitCode* stubCode, ICStub* firstMonitorStub,
                                                      ReceiverGuard guard, uint32_t offset,
                                                      JSObject* holder, Shape* holderShape)
   : ICGetPropNativeStub(GetProp_NativePrototype, stubCode, firstMonitorStub, guard, offset),
     holder_(holder),
     holderShape_(holderShape)
 { }
 
 /* static */ ICGetProp_NativePrototype*
-ICGetProp_NativePrototype::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetProp_NativePrototype::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                  ICGetProp_NativePrototype& other)
 {
-    return New<ICGetProp_NativePrototype>(space, other.jitCode(), firstMonitorStub,
+    return New<ICGetProp_NativePrototype>(cx, space, other.jitCode(), firstMonitorStub,
                                           other.receiverGuard(), other.offset(),
                                           other.holder_, other.holderShape_);
 }
 
 ICGetProp_NativeDoesNotExist::ICGetProp_NativeDoesNotExist(
     JitCode* stubCode, ICStub* firstMonitorStub, ReceiverGuard guard,
     size_t protoChainDepth)
   : ICMonitoredStub(GetProp_NativeDoesNotExist, stubCode, firstMonitorStub),
@@ -12784,30 +12786,30 @@ ICInstanceOf_Function::ICInstanceOf_Func
                                              JSObject* prototypeObj, uint32_t slot)
   : ICStub(InstanceOf_Function, stubCode),
     shape_(shape),
     prototypeObj_(prototypeObj),
     slot_(slot)
 { }
 
 /* static */ ICGetProp_CallScripted*
-ICGetProp_CallScripted::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetProp_CallScripted::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                               ICGetProp_CallScripted& other)
 {
-    return New<ICGetProp_CallScripted>(space, other.jitCode(), firstMonitorStub,
+    return New<ICGetProp_CallScripted>(cx, space, other.jitCode(), firstMonitorStub,
                                        other.receiverGuard(),
                                        other.holder_, other.holderShape_,
                                        other.getter_, other.pcOffset_);
 }
 
 /* static */ ICGetProp_CallNative*
-ICGetProp_CallNative::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetProp_CallNative::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                             ICGetProp_CallNative& other)
 {
-    return New<ICGetProp_CallNative>(space, other.jitCode(), firstMonitorStub,
+    return New<ICGetProp_CallNative>(cx, space, other.jitCode(), firstMonitorStub,
                                      other.receiverGuard(), other.holder_,
                                      other.holderShape_, other.getter_, other.pcOffset_);
 }
 
 ICSetProp_Native::ICSetProp_Native(JitCode* stubCode, ObjectGroup* group, Shape* shape,
                                    uint32_t offset)
   : ICUpdatedStub(SetProp_Native, stubCode),
     group_(group),
@@ -12818,17 +12820,17 @@ ICSetProp_Native::ICSetProp_Native(JitCo
 ICSetProp_Native*
 ICSetProp_Native::Compiler::getStub(ICStubSpace* space)
 {
     RootedObjectGroup group(cx, obj_->getGroup(cx));
     if (!group)
         return nullptr;
 
     RootedShape shape(cx, LastPropertyForSetProp(obj_));
-    ICSetProp_Native* stub = ICStub::New<ICSetProp_Native>(space, getStubCode(), group, shape, offset_);
+    ICSetProp_Native* stub = newStub<ICSetProp_Native>(space, getStubCode(), group, shape, offset_);
     if (!stub || !stub->initUpdatingChain(cx, space))
         return nullptr;
     return stub;
 }
 
 ICSetProp_NativeAdd::ICSetProp_NativeAdd(JitCode* stubCode, ObjectGroup* group,
                                          size_t protoChainDepth,
                                          Shape* newShape,
@@ -12884,49 +12886,52 @@ ICSetPropCallSetter::ICSetPropCallSetter
     holderShape_(holderShape),
     setter_(setter),
     pcOffset_(pcOffset)
 {
     MOZ_ASSERT(kind == ICStub::SetProp_CallScripted || kind == ICStub::SetProp_CallNative);
 }
 
 /* static */ ICSetProp_CallScripted*
-ICSetProp_CallScripted::Clone(ICStubSpace* space, ICStub*, ICSetProp_CallScripted& other)
-{
-    return New<ICSetProp_CallScripted>(space, other.jitCode(), other.guard(), other.holder_,
+ICSetProp_CallScripted::Clone(JSContext* cx, ICStubSpace* space, ICStub*,
+                              ICSetProp_CallScripted& other)
+{
+    return New<ICSetProp_CallScripted>(cx, space, other.jitCode(), other.guard(), other.holder_,
                                        other.holderShape_, other.setter_, other.pcOffset_);
 }
 
 /* static */ ICSetProp_CallNative*
-ICSetProp_CallNative::Clone(ICStubSpace* space, ICStub*, ICSetProp_CallNative& other)
-{
-    return New<ICSetProp_CallNative>(space, other.jitCode(), other.guard(), other.holder_,
+ICSetProp_CallNative::Clone(JSContext* cx, ICStubSpace* space, ICStub*, ICSetProp_CallNative& other)
+{
+    return New<ICSetProp_CallNative>(cx, space, other.jitCode(), other.guard(), other.holder_,
                                      other.holderShape_, other.setter_, other.pcOffset_);
 }
 
 ICCall_Scripted::ICCall_Scripted(JitCode* stubCode, ICStub* firstMonitorStub,
                                  JSFunction* callee, JSObject* templateObject,
                                  uint32_t pcOffset)
   : ICMonitoredStub(ICStub::Call_Scripted, stubCode, firstMonitorStub),
     callee_(callee),
     templateObject_(templateObject),
     pcOffset_(pcOffset)
 { }
 
 /* static */ ICCall_Scripted*
-ICCall_Scripted::Clone(ICStubSpace* space, ICStub* firstMonitorStub, ICCall_Scripted& other)
-{
-    return New<ICCall_Scripted>(space, other.jitCode(), firstMonitorStub, other.callee_,
+ICCall_Scripted::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
+                       ICCall_Scripted& other)
+{
+    return New<ICCall_Scripted>(cx, space, other.jitCode(), firstMonitorStub, other.callee_,
                                 other.templateObject_, other.pcOffset_);
 }
 
 /* static */ ICCall_AnyScripted*
-ICCall_AnyScripted::Clone(ICStubSpace* space, ICStub* firstMonitorStub, ICCall_AnyScripted& other)
-{
-    return New<ICCall_AnyScripted>(space, other.jitCode(), firstMonitorStub, other.pcOffset_);
+ICCall_AnyScripted::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
+                          ICCall_AnyScripted& other)
+{
+    return New<ICCall_AnyScripted>(cx, space, other.jitCode(), firstMonitorStub, other.pcOffset_);
 }
 
 ICCall_Native::ICCall_Native(JitCode* stubCode, ICStub* firstMonitorStub,
                              JSFunction* callee, JSObject* templateObject,
                              uint32_t pcOffset)
   : ICMonitoredStub(ICStub::Call_Native, stubCode, firstMonitorStub),
     callee_(callee),
     templateObject_(templateObject),
@@ -12937,19 +12942,20 @@ ICCall_Native::ICCall_Native(JitCode* st
     // instruction to handle them. To make this work, we store the redirected
     // pointer in the stub.
     native_ = Simulator::RedirectNativeFunction(JS_FUNC_TO_DATA_PTR(void*, callee->native()),
                                                 Args_General3);
 #endif
 }
 
 /* static */ ICCall_Native*
-ICCall_Native::Clone(ICStubSpace* space, ICStub* firstMonitorStub, ICCall_Native& other)
-{
-    return New<ICCall_Native>(space, other.jitCode(), firstMonitorStub, other.callee_,
+ICCall_Native::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
+                     ICCall_Native& other)
+{
+    return New<ICCall_Native>(cx, space, other.jitCode(), firstMonitorStub, other.callee_,
                               other.templateObject_, other.pcOffset_);
 }
 
 ICCall_ClassHook::ICCall_ClassHook(JitCode* stubCode, ICStub* firstMonitorStub,
                                    const Class* clasp, Native native,
                                    JSObject* templateObject, uint32_t pcOffset)
   : ICMonitoredStub(ICStub::Call_ClassHook, stubCode, firstMonitorStub),
     clasp_(clasp),
@@ -12961,48 +12967,51 @@ ICCall_ClassHook::ICCall_ClassHook(JitCo
     // The simulator requires VM calls to be redirected to a special swi
     // instruction to handle them. To make this work, we store the redirected
     // pointer in the stub.
     native_ = Simulator::RedirectNativeFunction(native_, Args_General3);
 #endif
 }
 
 /* static */ ICCall_ClassHook*
-ICCall_ClassHook::Clone(ICStubSpace* space, ICStub* firstMonitorStub, ICCall_ClassHook& other)
-{
-    ICCall_ClassHook* res = New<ICCall_ClassHook>(space, other.jitCode(), firstMonitorStub,
+ICCall_ClassHook::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
+                        ICCall_ClassHook& other)
+{
+    ICCall_ClassHook* res = New<ICCall_ClassHook>(cx, space, other.jitCode(), firstMonitorStub,
                                                   other.clasp(), nullptr, other.templateObject_,
                                                   other.pcOffset_);
     if (res)
         res->native_ = other.native();
     return res;
 }
 
 /* static */ ICCall_ScriptedApplyArray*
-ICCall_ScriptedApplyArray::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICCall_ScriptedApplyArray::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                  ICCall_ScriptedApplyArray& other)
 {
-    return New<ICCall_ScriptedApplyArray>(space, other.jitCode(), firstMonitorStub,
+    return New<ICCall_ScriptedApplyArray>(cx, space, other.jitCode(), firstMonitorStub,
                                           other.pcOffset_);
 }
 
 /* static */ ICCall_ScriptedApplyArguments*
-ICCall_ScriptedApplyArguments::Clone(ICStubSpace* space,
+ICCall_ScriptedApplyArguments::Clone(JSContext* cx,
+                                     ICStubSpace* space,
                                      ICStub* firstMonitorStub,
                                      ICCall_ScriptedApplyArguments& other)
 {
-    return New<ICCall_ScriptedApplyArguments>(space, other.jitCode(), firstMonitorStub,
+    return New<ICCall_ScriptedApplyArguments>(cx, space, other.jitCode(), firstMonitorStub,
                                               other.pcOffset_);
 }
 
 /* static */ ICCall_ScriptedFunCall*
-ICCall_ScriptedFunCall::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICCall_ScriptedFunCall::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                               ICCall_ScriptedFunCall& other)
 {
-    return New<ICCall_ScriptedFunCall>(space, other.jitCode(), firstMonitorStub, other.pcOffset_);
+    return New<ICCall_ScriptedFunCall>(cx, space, other.jitCode(), firstMonitorStub,
+                                       other.pcOffset_);
 }
 
 ICGetPropCallDOMProxyNativeStub::ICGetPropCallDOMProxyNativeStub(Kind kind, JitCode* stubCode,
                                                                  ICStub* firstMonitorStub,
                                                                  Shape* shape,
                                                                  Shape* expandoShape,
                                                                  JSObject* holder,
                                                                  Shape* holderShape,
@@ -13028,31 +13037,33 @@ ICGetPropCallDOMProxyNativeCompiler::ICG
     pcOffset_(pcOffset)
 {
     MOZ_ASSERT(kind == ICStub::GetProp_CallDOMProxyNative ||
                kind == ICStub::GetProp_CallDOMProxyWithGenerationNative);
     MOZ_ASSERT(proxy_->handler()->family() == GetDOMProxyHandlerFamily());
 }
 
 /* static */ ICGetProp_CallDOMProxyNative*
-ICGetProp_CallDOMProxyNative::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetProp_CallDOMProxyNative::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                     ICGetProp_CallDOMProxyNative& other)
 {
-    return New<ICGetProp_CallDOMProxyNative>(space, other.jitCode(), firstMonitorStub,
+    return New<ICGetProp_CallDOMProxyNative>(cx, space, other.jitCode(), firstMonitorStub,
                                              other.receiverGuard_.shape(), other.expandoShape_,
                                              other.holder_, other.holderShape_, other.getter_,
                                              other.pcOffset_);
 }
 
 /* static */ ICGetProp_CallDOMProxyWithGenerationNative*
-ICGetProp_CallDOMProxyWithGenerationNative::Clone(ICStubSpace* space,
+ICGetProp_CallDOMProxyWithGenerationNative::Clone(JSContext* cx,
+                                                  ICStubSpace* space,
                                                   ICStub* firstMonitorStub,
                                                   ICGetProp_CallDOMProxyWithGenerationNative& other)
 {
-    return New<ICGetProp_CallDOMProxyWithGenerationNative>(space, other.jitCode(), firstMonitorStub,
+    return New<ICGetProp_CallDOMProxyWithGenerationNative>(cx, space, other.jitCode(),
+                                                           firstMonitorStub,
                                                            other.receiverGuard_.shape(),
                                                            other.expandoAndGeneration_,
                                                            other.generation_,
                                                            other.expandoShape_, other.holder_,
                                                            other.holderShape_, other.getter_,
                                                            other.pcOffset_);
 }
 
@@ -13065,21 +13076,22 @@ ICGetProp_DOMProxyShadowed::ICGetProp_DO
   : ICMonitoredStub(ICStub::GetProp_DOMProxyShadowed, stubCode, firstMonitorStub),
     shape_(shape),
     proxyHandler_(proxyHandler),
     name_(name),
     pcOffset_(pcOffset)
 { }
 
 /* static */ ICGetProp_DOMProxyShadowed*
-ICGetProp_DOMProxyShadowed::Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+ICGetProp_DOMProxyShadowed::Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                   ICGetProp_DOMProxyShadowed& other)
 {
-    return New<ICGetProp_DOMProxyShadowed>(space, other.jitCode(), firstMonitorStub, other.shape_,
-                                           other.proxyHandler_, other.name_, other.pcOffset_);
+    return New<ICGetProp_DOMProxyShadowed>(cx, space, other.jitCode(), firstMonitorStub,
+                                           other.shape_, other.proxyHandler_, other.name_,
+                                           other.pcOffset_);
 }
 
 //
 // Rest_Fallback
 //
 
 static bool DoRestFallback(JSContext* cx, ICRest_Fallback* stub,
                            BaselineFrame* frame, MutableHandleValue res)
--- a/js/src/jit/BaselineIC.h
+++ b/js/src/jit/BaselineIC.h
@@ -632,20 +632,23 @@ class ICStub
         Updated             = 0x4
     };
 
     void markCode(JSTracer* trc, const char* name);
     void updateCode(JitCode* stubCode);
     void trace(JSTracer* trc);
 
     template <typename T, typename... Args>
-    static T* New(ICStubSpace* space, JitCode* code, Args&&... args) {
+    static T* New(JSContext* cx, ICStubSpace* space, JitCode* code, Args&&... args) {
         if (!code)
             return nullptr;
-        return space->allocate<T>(code, mozilla::Forward<Args>(args)...);
+        T* result = space->allocate<T>(code, mozilla::Forward<Args>(args)...);
+        if (!result)
+            ReportOutOfMemory(cx);
+        return result;
     }
 
   protected:
     // The raw jitcode to call for this stub.
     uint8_t* stubCode_;
 
     // Pointer to next IC stub.  This is null for the last IC stub, which should
     // either be a fallback or inert IC stub.
@@ -1079,17 +1082,16 @@ class ICUpdatedStub : public ICStub
 };
 
 // Base class for stubcode compilers.
 class ICStubCompiler
 {
     // Prevent GC in the middle of stub compilation.
     js::gc::AutoSuppressGC suppressGC;
 
-
   protected:
     JSContext* cx;
     ICStub::Kind kind;
 #ifdef DEBUG
     bool entersStubFrame_;
 #endif
 
     // By default the stubcode key is just the kind.
@@ -1163,16 +1165,21 @@ class ICStubCompiler
         }
 
         return regs;
     }
 
     inline bool emitPostWriteBarrierSlot(MacroAssembler& masm, Register obj, ValueOperand val,
                                          Register scratch, LiveGeneralRegisterSet saveRegs);
 
+    template <typename T, typename... Args>
+    T* newStub(Args&&... args) {
+        return ICStub::New<T>(cx, mozilla::Forward<Args>(args)...);
+    }
+
   public:
     virtual ICStub* getStub(ICStubSpace* space) = 0;
 
     static ICStubSpace* StubSpaceForKind(ICStub::Kind kind, JSScript* script) {
         if (ICStub::CanMakeCalls(kind))
             return script->baselineScript()->fallbackStubSpace();
         return script->zone()->jitZone()->optimizedStubSpace();
     }
@@ -1217,17 +1224,17 @@ class ICWarmUpCounter_Fallback : public 
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::WarmUpCounter_Fallback)
         { }
 
         ICWarmUpCounter_Fallback* getStub(ICStubSpace* space) {
-            return ICStub::New<ICWarmUpCounter_Fallback>(space, getStubCode());
+            return newStub<ICWarmUpCounter_Fallback>(space, getStubCode());
         }
     };
 };
 
 
 // TypeCheckPrimitiveSetStub
 //   Base class for IC stubs (TypeUpdate or TypeMonitor) that check that a given
 //   value's type falls within a set of primitive types.
@@ -1464,17 +1471,17 @@ class ICTypeMonitor_Fallback : public IC
 
         Compiler(JSContext* cx, uint32_t argumentIndex)
           : ICStubCompiler(cx, ICStub::TypeMonitor_Fallback),
             mainFallbackStub_(nullptr),
             argumentIndex_(argumentIndex)
         { }
 
         ICTypeMonitor_Fallback* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeMonitor_Fallback>(space, getStubCode(), mainFallbackStub_,
+            return newStub<ICTypeMonitor_Fallback>(space, getStubCode(), mainFallbackStub_,
                                                        argumentIndex_);
         }
     };
 };
 
 class ICTypeMonitor_PrimitiveSet : public TypeCheckPrimitiveSetStub
 {
     friend class ICStubSpace;
@@ -1498,17 +1505,17 @@ class ICTypeMonitor_PrimitiveSet : publi
                 this->TypeCheckPrimitiveSetStub::Compiler::updateStub();
             if (!stub)
                 return nullptr;
             return stub->toMonitorStub();
         }
 
         ICTypeMonitor_PrimitiveSet* getStub(ICStubSpace* space) {
             MOZ_ASSERT(!existingStub_);
-            return ICStub::New<ICTypeMonitor_PrimitiveSet>(space, getStubCode(), flags_);
+            return newStub<ICTypeMonitor_PrimitiveSet>(space, getStubCode(), flags_);
         }
     };
 };
 
 class ICTypeMonitor_SingleObject : public ICStub
 {
     friend class ICStubSpace;
 
@@ -1532,17 +1539,17 @@ class ICTypeMonitor_SingleObject : publi
 
       public:
         Compiler(JSContext* cx, HandleObject obj)
           : ICStubCompiler(cx, TypeMonitor_SingleObject),
             obj_(obj)
         { }
 
         ICTypeMonitor_SingleObject* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeMonitor_SingleObject>(space, getStubCode(), obj_);
+            return newStub<ICTypeMonitor_SingleObject>(space, getStubCode(), obj_);
         }
     };
 };
 
 class ICTypeMonitor_ObjectGroup : public ICStub
 {
     friend class ICStubSpace;
 
@@ -1566,17 +1573,17 @@ class ICTypeMonitor_ObjectGroup : public
 
       public:
         Compiler(JSContext* cx, HandleObjectGroup group)
           : ICStubCompiler(cx, TypeMonitor_ObjectGroup),
             group_(group)
         { }
 
         ICTypeMonitor_ObjectGroup* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeMonitor_ObjectGroup>(space, getStubCode(), group_);
+            return newStub<ICTypeMonitor_ObjectGroup>(space, getStubCode(), group_);
         }
     };
 };
 
 // TypeUpdate
 
 extern const VMFunction DoTypeUpdateFallbackInfo;
 
@@ -1597,17 +1604,17 @@ class ICTypeUpdate_Fallback : public ICS
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::TypeUpdate_Fallback)
         { }
 
         ICTypeUpdate_Fallback* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeUpdate_Fallback>(space, getStubCode());
+            return newStub<ICTypeUpdate_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICTypeUpdate_PrimitiveSet : public TypeCheckPrimitiveSetStub
 {
     friend class ICStubSpace;
 
@@ -1630,17 +1637,17 @@ class ICTypeUpdate_PrimitiveSet : public
                 this->TypeCheckPrimitiveSetStub::Compiler::updateStub();
             if (!stub)
                 return nullptr;
             return stub->toUpdateStub();
         }
 
         ICTypeUpdate_PrimitiveSet* getStub(ICStubSpace* space) {
             MOZ_ASSERT(!existingStub_);
-            return ICStub::New<ICTypeUpdate_PrimitiveSet>(space, getStubCode(), flags_);
+            return newStub<ICTypeUpdate_PrimitiveSet>(space, getStubCode(), flags_);
         }
     };
 };
 
 // Type update stub to handle a singleton object.
 class ICTypeUpdate_SingleObject : public ICStub
 {
     friend class ICStubSpace;
@@ -1665,17 +1672,17 @@ class ICTypeUpdate_SingleObject : public
 
       public:
         Compiler(JSContext* cx, HandleObject obj)
           : ICStubCompiler(cx, TypeUpdate_SingleObject),
             obj_(obj)
         { }
 
         ICTypeUpdate_SingleObject* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeUpdate_SingleObject>(space, getStubCode(), obj_);
+            return newStub<ICTypeUpdate_SingleObject>(space, getStubCode(), obj_);
         }
     };
 };
 
 // Type update stub to handle a single ObjectGroup.
 class ICTypeUpdate_ObjectGroup : public ICStub
 {
     friend class ICStubSpace;
@@ -1700,17 +1707,17 @@ class ICTypeUpdate_ObjectGroup : public 
 
       public:
         Compiler(JSContext* cx, HandleObjectGroup group)
           : ICStubCompiler(cx, TypeUpdate_ObjectGroup),
             group_(group)
         { }
 
         ICTypeUpdate_ObjectGroup* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeUpdate_ObjectGroup>(space, getStubCode(), group_);
+            return newStub<ICTypeUpdate_ObjectGroup>(space, getStubCode(), group_);
         }
     };
 };
 
 // This
 //      JSOP_THIS
 
 class ICThis_Fallback : public ICFallbackStub
@@ -1726,17 +1733,17 @@ class ICThis_Fallback : public ICFallbac
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::This_Fallback) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICThis_Fallback>(space, getStubCode());
+            return newStub<ICThis_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICNewArray_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
 
@@ -1758,17 +1765,17 @@ class ICNewArray_Fallback : public ICFal
 
       public:
         Compiler(JSContext* cx, ObjectGroup* templateGroup)
           : ICStubCompiler(cx, ICStub::NewArray_Fallback),
             templateGroup(cx, templateGroup)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICNewArray_Fallback>(space, getStubCode(), templateGroup);
+            return newStub<ICNewArray_Fallback>(space, getStubCode(), templateGroup);
         }
     };
 
     HeapPtrObject& templateObject() {
         return templateObject_;
     }
 
     void setTemplateObject(JSObject* obj) {
@@ -1796,17 +1803,17 @@ class ICNewObject_Fallback : public ICFa
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::NewObject_Fallback)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICNewObject_Fallback>(space, getStubCode());
+            return newStub<ICNewObject_Fallback>(space, getStubCode());
         }
     };
 
     HeapPtrObject& templateObject() {
         return templateObject_;
     }
 
     void setTemplateObject(JSObject* obj) {
@@ -1850,17 +1857,17 @@ class ICCompare_Fallback : public ICFall
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::Compare_Fallback) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_Fallback>(space, getStubCode());
+            return newStub<ICCompare_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICCompare_Int32 : public ICStub
 {
     friend class ICStubSpace;
 
@@ -1873,17 +1880,17 @@ class ICCompare_Int32 : public ICStub
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Int32, op) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_Int32>(space, getStubCode());
+            return newStub<ICCompare_Int32>(space, getStubCode());
         }
     };
 };
 
 class ICCompare_Double : public ICStub
 {
     friend class ICStubSpace;
 
@@ -1897,17 +1904,17 @@ class ICCompare_Double : public ICStub
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Double, op)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_Double>(space, getStubCode());
+            return newStub<ICCompare_Double>(space, getStubCode());
         }
     };
 };
 
 class ICCompare_NumberWithUndefined : public ICStub
 {
     friend class ICStubSpace;
 
@@ -1936,17 +1943,18 @@ class ICCompare_NumberWithUndefined : pu
 
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind)
                  | (static_cast<int32_t>(op) << 16)
                  | (static_cast<int32_t>(lhsIsUndefined) << 24);
         }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_NumberWithUndefined>(space, getStubCode(), lhsIsUndefined);
+            return newStub<ICCompare_NumberWithUndefined>(space, getStubCode(),
+                                                              lhsIsUndefined);
         }
     };
 };
 
 class ICCompare_String : public ICStub
 {
     friend class ICStubSpace;
 
@@ -1960,17 +1968,17 @@ class ICCompare_String : public ICStub
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_String, op)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_String>(space, getStubCode());
+            return newStub<ICCompare_String>(space, getStubCode());
         }
     };
 };
 
 class ICCompare_Boolean : public ICStub
 {
     friend class ICStubSpace;
 
@@ -1984,17 +1992,17 @@ class ICCompare_Boolean : public ICStub
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Boolean, op)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_Boolean>(space, getStubCode());
+            return newStub<ICCompare_Boolean>(space, getStubCode());
         }
     };
 };
 
 class ICCompare_Object : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2008,17 +2016,17 @@ class ICCompare_Object : public ICStub
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::Compare_Object, op)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_Object>(space, getStubCode());
+            return newStub<ICCompare_Object>(space, getStubCode());
         }
     };
 };
 
 class ICCompare_ObjectWithUndefined : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2044,17 +2052,17 @@ class ICCompare_ObjectWithUndefined : pu
         virtual int32_t getKey() const {
             return static_cast<int32_t>(kind)
                  | (static_cast<int32_t>(op) << 16)
                  | (static_cast<int32_t>(lhsIsUndefined) << 24)
                  | (static_cast<int32_t>(compareWithNull) << 25);
         }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_ObjectWithUndefined>(space, getStubCode());
+            return newStub<ICCompare_ObjectWithUndefined>(space, getStubCode());
         }
     };
 };
 
 class ICCompare_Int32WithBoolean : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2084,17 +2092,17 @@ class ICCompare_Int32WithBoolean : publi
       public:
         Compiler(JSContext* cx, JSOp op, bool lhsIsInt32)
           : ICStubCompiler(cx, ICStub::Compare_Int32WithBoolean),
             op_(op),
             lhsIsInt32_(lhsIsInt32)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCompare_Int32WithBoolean>(space, getStubCode(), lhsIsInt32_);
+            return newStub<ICCompare_Int32WithBoolean>(space, getStubCode(), lhsIsInt32_);
         }
     };
 };
 
 // ToBool
 //      JSOP_IFNE
 
 class ICToBool_Fallback : public ICFallbackStub
@@ -2112,17 +2120,17 @@ class ICToBool_Fallback : public ICFallb
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::ToBool_Fallback) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICToBool_Fallback>(space, getStubCode());
+            return newStub<ICToBool_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICToBool_Int32 : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2135,17 +2143,17 @@ class ICToBool_Int32 : public ICStub
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::ToBool_Int32) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICToBool_Int32>(space, getStubCode());
+            return newStub<ICToBool_Int32>(space, getStubCode());
         }
     };
 };
 
 class ICToBool_String : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2158,17 +2166,17 @@ class ICToBool_String : public ICStub
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::ToBool_String) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICToBool_String>(space, getStubCode());
+            return newStub<ICToBool_String>(space, getStubCode());
         }
     };
 };
 
 class ICToBool_NullUndefined : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2181,17 +2189,17 @@ class ICToBool_NullUndefined : public IC
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::ToBool_NullUndefined) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICToBool_NullUndefined>(space, getStubCode());
+            return newStub<ICToBool_NullUndefined>(space, getStubCode());
         }
     };
 };
 
 class ICToBool_Double : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2204,17 +2212,17 @@ class ICToBool_Double : public ICStub
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::ToBool_Double) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICToBool_Double>(space, getStubCode());
+            return newStub<ICToBool_Double>(space, getStubCode());
         }
     };
 };
 
 class ICToBool_Object : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2227,17 +2235,17 @@ class ICToBool_Object : public ICStub
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::ToBool_Object) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICToBool_Object>(space, getStubCode());
+            return newStub<ICToBool_Object>(space, getStubCode());
         }
     };
 };
 
 // ToNumber
 //     JSOP_POS
 
 class ICToNumber_Fallback : public ICFallbackStub
@@ -2253,17 +2261,17 @@ class ICToNumber_Fallback : public ICFal
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::ToNumber_Fallback) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICToNumber_Fallback>(space, getStubCode());
+            return newStub<ICToNumber_Fallback>(space, getStubCode());
         }
     };
 };
 
 // BinaryArith
 //      JSOP_ADD
 //      JSOP_BITAND, JSOP_BITXOR, JSOP_BITOR
 //      JSOP_LSH, JSOP_RSH, JSOP_URSH
@@ -2302,17 +2310,17 @@ class ICBinaryArith_Fallback : public IC
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::BinaryArith_Fallback) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBinaryArith_Fallback>(space, getStubCode());
+            return newStub<ICBinaryArith_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICBinaryArith_Int32 : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2342,17 +2350,17 @@ class ICBinaryArith_Int32 : public ICStu
         }
 
       public:
         Compiler(JSContext* cx, JSOp op, bool allowDouble)
           : ICStubCompiler(cx, ICStub::BinaryArith_Int32),
             op_(op), allowDouble_(allowDouble) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBinaryArith_Int32>(space, getStubCode(), allowDouble_);
+            return newStub<ICBinaryArith_Int32>(space, getStubCode(), allowDouble_);
         }
     };
 };
 
 class ICBinaryArith_StringConcat : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2366,17 +2374,17 @@ class ICBinaryArith_StringConcat : publi
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::BinaryArith_StringConcat)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBinaryArith_StringConcat>(space, getStubCode());
+            return newStub<ICBinaryArith_StringConcat>(space, getStubCode());
         }
     };
 };
 
 class ICBinaryArith_StringObjectConcat : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2402,17 +2410,18 @@ class ICBinaryArith_StringObjectConcat :
 
       public:
         Compiler(JSContext* cx, bool lhsIsString)
           : ICStubCompiler(cx, ICStub::BinaryArith_StringObjectConcat),
             lhsIsString_(lhsIsString)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBinaryArith_StringObjectConcat>(space, getStubCode(), lhsIsString_);
+            return newStub<ICBinaryArith_StringObjectConcat>(space, getStubCode(),
+                                                                 lhsIsString_);
         }
     };
 };
 
 class ICBinaryArith_Double : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2426,17 +2435,17 @@ class ICBinaryArith_Double : public ICSt
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::BinaryArith_Double, op)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBinaryArith_Double>(space, getStubCode());
+            return newStub<ICBinaryArith_Double>(space, getStubCode());
         }
     };
 };
 
 class ICBinaryArith_BooleanWithInt32 : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2479,17 +2488,17 @@ class ICBinaryArith_BooleanWithInt32 : p
             op_(op), lhsIsBool_(lhsIsBool), rhsIsBool_(rhsIsBool)
         {
             MOZ_ASSERT(op_ == JSOP_ADD || op_ == JSOP_SUB || op_ == JSOP_BITOR ||
                        op_ == JSOP_BITAND || op_ == JSOP_BITXOR);
             MOZ_ASSERT(lhsIsBool_ || rhsIsBool_);
         }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBinaryArith_BooleanWithInt32>(space, getStubCode(),
+            return newStub<ICBinaryArith_BooleanWithInt32>(space, getStubCode(),
                                                                lhsIsBool_, rhsIsBool_);
         }
     };
 };
 
 class ICBinaryArith_DoubleWithInt32 : public ICStub
 {
     friend class ICStubSpace;
@@ -2517,17 +2526,18 @@ class ICBinaryArith_DoubleWithInt32 : pu
 
       public:
         Compiler(JSContext* cx, JSOp op, bool lhsIsDouble)
           : ICMultiStubCompiler(cx, ICStub::BinaryArith_DoubleWithInt32, op),
             lhsIsDouble_(lhsIsDouble)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBinaryArith_DoubleWithInt32>(space, getStubCode(), lhsIsDouble_);
+            return newStub<ICBinaryArith_DoubleWithInt32>(space, getStubCode(),
+                                                              lhsIsDouble_);
         }
     };
 };
 
 // UnaryArith
 //     JSOP_BITNOT
 //     JSOP_NEG
 
@@ -2557,17 +2567,17 @@ class ICUnaryArith_Fallback : public ICF
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::UnaryArith_Fallback)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICUnaryArith_Fallback>(space, getStubCode());
+            return newStub<ICUnaryArith_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICUnaryArith_Int32 : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2581,17 +2591,17 @@ class ICUnaryArith_Int32 : public ICStub
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::UnaryArith_Int32, op)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICUnaryArith_Int32>(space, getStubCode());
+            return newStub<ICUnaryArith_Int32>(space, getStubCode());
         }
     };
 };
 
 class ICUnaryArith_Double : public ICStub
 {
     friend class ICStubSpace;
 
@@ -2605,17 +2615,17 @@ class ICUnaryArith_Double : public ICStu
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, JSOp op)
           : ICMultiStubCompiler(cx, ICStub::UnaryArith_Double, op)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICUnaryArith_Double>(space, getStubCode());
+            return newStub<ICUnaryArith_Double>(space, getStubCode());
         }
     };
 };
 
 // GetElem
 //      JSOP_GETELEM
 
 class ICGetElem_Fallback : public ICMonitoredFallbackStub
@@ -2652,17 +2662,17 @@ class ICGetElem_Fallback : public ICMoni
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetElem_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            ICGetElem_Fallback* stub = ICStub::New<ICGetElem_Fallback>(space, getStubCode());
+            ICGetElem_Fallback* stub = newStub<ICGetElem_Fallback>(space, getStubCode());
             if (!stub)
                 return nullptr;
             if (!stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
@@ -2838,17 +2848,17 @@ class ICGetElem_NativePrototypeCallNativ
                                         JSObject* holder, Shape* holderShape)
       : ICGetElemNativePrototypeCallStub(GetElem_NativePrototypeCallNative,
                                          stubCode, firstMonitorStub, shape, name,
                                          acctype, needsAtomize, getter, pcOffset, holder,
                                          holderShape)
     {}
 
   public:
-    static ICGetElem_NativePrototypeCallNative* Clone(ICStubSpace* space,
+    static ICGetElem_NativePrototypeCallNative* Clone(JSContext* cx, ICStubSpace* space,
                                                       ICStub* firstMonitorStub,
                                                       ICGetElem_NativePrototypeCallNative& other);
 };
 
 class ICGetElem_NativePrototypeCallScripted : public ICGetElemNativePrototypeCallStub
 {
     friend class ICStubSpace;
 
@@ -2860,17 +2870,17 @@ class ICGetElem_NativePrototypeCallScrip
       : ICGetElemNativePrototypeCallStub(GetElem_NativePrototypeCallScripted,
                                          stubCode, firstMonitorStub, shape, name,
                                          acctype, needsAtomize, getter, pcOffset, holder,
                                          holderShape)
     {}
 
   public:
     static ICGetElem_NativePrototypeCallScripted*
-    Clone(ICStubSpace* space,
+    Clone(JSContext* cx, ICStubSpace* space,
           ICStub* firstMonitorStub,
           ICGetElem_NativePrototypeCallScripted& other);
 };
 
 // Compiler for GetElem_NativeSlot and GetElem_NativePrototypeSlot stubs.
 class ICGetElemNativeCompiler : public ICStubCompiler
 {
     bool isCallElem_;
@@ -2935,38 +2945,38 @@ class ICGetElemNativeCompiler : public I
         getter_(getter),
         pcOffset_(pcOffset)
     {}
 
     ICStub* getStub(ICStubSpace* space) {
         RootedShape shape(cx, obj_->as<NativeObject>().lastProperty());
         if (kind == ICStub::GetElem_NativeSlot) {
             MOZ_ASSERT(obj_ == holder_);
-            return ICStub::New<ICGetElem_NativeSlot>(
+            return newStub<ICGetElem_NativeSlot>(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     offset_);
         }
 
         MOZ_ASSERT(obj_ != holder_);
         RootedShape holderShape(cx, holder_->as<NativeObject>().lastProperty());
         if (kind == ICStub::GetElem_NativePrototypeSlot) {
-            return ICStub::New<ICGetElem_NativePrototypeSlot>(
+            return newStub<ICGetElem_NativePrototypeSlot>(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     offset_, holder_, holderShape);
         }
 
         if (kind == ICStub::GetElem_NativePrototypeCallNative) {
-            return ICStub::New<ICGetElem_NativePrototypeCallNative>(
+            return newStub<ICGetElem_NativePrototypeCallNative>(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     getter_, pcOffset_, holder_, holderShape);
         }
 
         MOZ_ASSERT(kind == ICStub::GetElem_NativePrototypeCallScripted);
         if (kind == ICStub::GetElem_NativePrototypeCallScripted) {
-            return ICStub::New<ICGetElem_NativePrototypeCallScripted>(
+            return newStub<ICGetElem_NativePrototypeCallScripted>(
                     space, getStubCode(), firstMonitorStub_, shape, name_, acctype_, needsAtomize_,
                     getter_, pcOffset_, holder_, holderShape);
         }
 
         MOZ_CRASH("Invalid kind.");
     }
 };
 
@@ -2983,31 +2993,31 @@ class ICGetElem_String : public ICStub
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetElem_String) {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetElem_String>(space, getStubCode());
+            return newStub<ICGetElem_String>(space, getStubCode());
         }
     };
 };
 
 class ICGetElem_Dense : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
     HeapPtrShape shape_;
 
     ICGetElem_Dense(JitCode* stubCode, ICStub* firstMonitorStub, Shape* shape);
 
   public:
-    static ICGetElem_Dense* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICGetElem_Dense* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                   ICGetElem_Dense& other);
 
     static size_t offsetOfShape() {
         return offsetof(ICGetElem_Dense, shape_);
     }
 
     HeapPtrShape& shape() {
         return shape_;
@@ -3033,32 +3043,32 @@ class ICGetElem_Dense : public ICMonitor
         Compiler(JSContext* cx, ICStub* firstMonitorStub, Shape* shape, bool isCallElem)
           : ICStubCompiler(cx, ICStub::GetElem_Dense),
             firstMonitorStub_(firstMonitorStub),
             shape_(cx, shape),
             isCallElem_(isCallElem)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetElem_Dense>(space, getStubCode(), firstMonitorStub_, shape_);
+            return newStub<ICGetElem_Dense>(space, getStubCode(), firstMonitorStub_, shape_);
         }
     };
 };
 
 class ICGetElem_UnboxedArray : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
     HeapPtrObjectGroup group_;
 
     ICGetElem_UnboxedArray(JitCode* stubCode, ICStub* firstMonitorStub, ObjectGroup* group);
 
   public:
-    static ICGetElem_UnboxedArray* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
-                                         ICGetElem_UnboxedArray& other);
+    static ICGetElem_UnboxedArray* Clone(JSContext* cx, ICStubSpace* space,
+                                         ICStub* firstMonitorStub, ICGetElem_UnboxedArray& other);
 
     static size_t offsetOfGroup() {
         return offsetof(ICGetElem_UnboxedArray, group_);
     }
 
     HeapPtrObjectGroup& group() {
         return group_;
     }
@@ -3080,18 +3090,17 @@ class ICGetElem_UnboxedArray : public IC
         Compiler(JSContext* cx, ICStub* firstMonitorStub, ObjectGroup* group)
           : ICStubCompiler(cx, ICStub::GetElem_UnboxedArray),
             firstMonitorStub_(firstMonitorStub),
             group_(cx, group),
             elementType_(group->unboxedLayout().elementType())
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetElem_UnboxedArray>(space, getStubCode(), firstMonitorStub_,
-                                                       group_);
+            return newStub<ICGetElem_UnboxedArray>(space, getStubCode(), firstMonitorStub_, group_);
         }
     };
 };
 
 // Enum for stubs handling a combination of typed arrays and typed objects.
 enum TypedThingLayout {
     Layout_TypedArray,
     Layout_OutlineTypedObject,
@@ -3147,17 +3156,17 @@ class ICGetElem_TypedArray : public ICSt
         Compiler(JSContext* cx, Shape* shape, Scalar::Type type)
           : ICStubCompiler(cx, ICStub::GetElem_TypedArray),
             shape_(cx, shape),
             type_(type),
             layout_(GetTypedThingLayout(shape->getObjectClass()))
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetElem_TypedArray>(space, getStubCode(), shape_, type_);
+            return newStub<ICGetElem_TypedArray>(space, getStubCode(), shape_, type_);
         }
     };
 };
 
 class ICGetElem_Arguments : public ICMonitoredStub
 {
     friend class ICStubSpace;
   public:
@@ -3166,17 +3175,17 @@ class ICGetElem_Arguments : public ICMon
   private:
     ICGetElem_Arguments(JitCode* stubCode, ICStub* firstMonitorStub, Which which)
       : ICMonitoredStub(ICStub::GetElem_Arguments, stubCode, firstMonitorStub)
     {
         extra_ = static_cast<uint16_t>(which);
     }
 
   public:
-    static ICGetElem_Arguments* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICGetElem_Arguments* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                       ICGetElem_Arguments& other);
 
     Which which() const {
         return static_cast<Which>(extra_);
     }
 
     class Compiler : public ICStubCompiler {
       ICStub* firstMonitorStub_;
@@ -3200,17 +3209,17 @@ class ICGetElem_Arguments : public ICMon
         Compiler(JSContext* cx, ICStub* firstMonitorStub, Which which, bool isCallElem)
           : ICStubCompiler(cx, ICStub::GetElem_Arguments),
             firstMonitorStub_(firstMonitorStub),
             which_(which),
             isCallElem_(isCallElem)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetElem_Arguments>(space, getStubCode(), firstMonitorStub_, which_);
+            return newStub<ICGetElem_Arguments>(space, getStubCode(), firstMonitorStub_, which_);
         }
     };
 };
 
 // SetElem
 //      JSOP_SETELEM
 //      JSOP_INITELEM
 
@@ -3238,17 +3247,17 @@ class ICSetElem_Fallback : public ICFall
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::SetElem_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICSetElem_Fallback>(space, getStubCode());
+            return newStub<ICSetElem_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICSetElem_DenseOrUnboxedArray : public ICUpdatedStub
 {
     friend class ICStubSpace;
 
@@ -3289,17 +3298,17 @@ class ICSetElem_DenseOrUnboxedArray : pu
           : ICStubCompiler(cx, ICStub::SetElem_DenseOrUnboxedArray),
             shape_(cx, shape),
             group_(cx, group),
             unboxedType_(shape ? JSVAL_TYPE_MAGIC : group->unboxedLayout().elementType())
         {}
 
         ICUpdatedStub* getStub(ICStubSpace* space) {
             ICSetElem_DenseOrUnboxedArray* stub =
-                ICStub::New<ICSetElem_DenseOrUnboxedArray>(space, getStubCode(), shape_, group_);
+                newStub<ICSetElem_DenseOrUnboxedArray>(space, getStubCode(), shape_, group_);
             if (!stub || !stub->initUpdatingChain(cx, space))
                 return nullptr;
             return stub;
         }
 
         bool needsUpdateStubs() {
             return unboxedType_ == JSVAL_TYPE_MAGIC || unboxedType_ == JSVAL_TYPE_OBJECT;
         }
@@ -3462,18 +3471,18 @@ class ICSetElem_TypedArray : public ICSt
           : ICStubCompiler(cx, ICStub::SetElem_TypedArray),
             shape_(cx, shape),
             type_(type),
             layout_(GetTypedThingLayout(shape->getObjectClass())),
             expectOutOfBounds_(expectOutOfBounds)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICSetElem_TypedArray>(space, getStubCode(), shape_, type_,
-                                                     expectOutOfBounds_);
+            return newStub<ICSetElem_TypedArray>(space, getStubCode(), shape_, type_,
+                                                 expectOutOfBounds_);
         }
     };
 };
 
 // In
 //      JSOP_IN
 class ICIn_Fallback : public ICFallbackStub
 {
@@ -3491,17 +3500,17 @@ class ICIn_Fallback : public ICFallbackS
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::In_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICIn_Fallback>(space, getStubCode());
+            return newStub<ICIn_Fallback>(space, getStubCode());
         }
     };
 };
 
 // Base class for In_Native and In_NativePrototype stubs.
 class ICInNativeStub : public ICStub
 {
     HeapPtrShape shape_;
@@ -3582,24 +3591,24 @@ class ICInNativeCompiler : public ICStub
         holder_(cx, holder),
         name_(cx, name)
     {}
 
     ICStub* getStub(ICStubSpace* space) {
         RootedShape shape(cx, obj_->as<NativeObject>().lastProperty());
         if (kind == ICStub::In_Native) {
             MOZ_ASSERT(obj_ == holder_);
-            return ICStub::New<ICIn_Native>(space, getStubCode(), shape, name_);
+            return newStub<ICIn_Native>(space, getStubCode(), shape, name_);
         }
 
         MOZ_ASSERT(obj_ != holder_);
         MOZ_ASSERT(kind == ICStub::In_NativePrototype);
         RootedShape holderShape(cx, holder_->as<NativeObject>().lastProperty());
-        return ICStub::New<ICIn_NativePrototype>(space, getStubCode(), shape, name_, holder_,
-                                                 holderShape);
+        return newStub<ICIn_NativePrototype>(space, getStubCode(), shape, name_, holder_,
+                                             holderShape);
     }
 };
 
 template <size_t ProtoChainDepth> class ICIn_NativeDoesNotExistImpl;
 
 class ICIn_NativeDoesNotExist : public ICStub
 {
     friend class ICStubSpace;
@@ -3674,19 +3683,18 @@ class ICInNativeDoesNotExistCompiler : p
     bool generateStubCode(MacroAssembler& masm);
 
   public:
     ICInNativeDoesNotExistCompiler(JSContext* cx, HandleObject obj, HandlePropertyName name,
                                    size_t protoChainDepth);
 
     template <size_t ProtoChainDepth>
     ICStub* getStubSpecific(ICStubSpace* space, const AutoShapeVector* shapes) {
-        return ICStub::New<ICIn_NativeDoesNotExistImpl<ProtoChainDepth>>(space, getStubCode(),
-                                                                         shapes, name_);
-    }
+        return newStub<ICIn_NativeDoesNotExistImpl<ProtoChainDepth>>(space, getStubCode(), shapes,
+                                                                     name_);}
 
     ICStub* getStub(ICStubSpace* space);
 };
 
 class ICIn_Dense : public ICStub
 {
     friend class ICStubSpace;
 
@@ -3710,17 +3718,17 @@ class ICIn_Dense : public ICStub
 
       public:
         Compiler(JSContext* cx, Shape* shape)
           : ICStubCompiler(cx, ICStub::In_Dense),
             shape_(cx, shape)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICIn_Dense>(space, getStubCode(), shape_);
+            return newStub<ICIn_Dense>(space, getStubCode(), shape_);
         }
     };
 };
 
 // GetName
 //      JSOP_GETNAME
 //      JSOP_GETGNAME
 class ICGetName_Fallback : public ICMonitoredFallbackStub
@@ -3747,17 +3755,17 @@ class ICGetName_Fallback : public ICMoni
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetName_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            ICGetName_Fallback* stub = ICStub::New<ICGetName_Fallback>(space, getStubCode());
+            ICGetName_Fallback* stub = newStub<ICGetName_Fallback>(space, getStubCode());
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 
 // Optimized GETGNAME/CALLGNAME stub.
@@ -3794,18 +3802,18 @@ class ICGetName_Global : public ICMonito
         Compiler(JSContext* cx, ICStub* firstMonitorStub, Shape* shape, uint32_t slot)
           : ICStubCompiler(cx, ICStub::GetName_Global),
             firstMonitorStub_(firstMonitorStub),
             shape_(cx, shape),
             slot_(slot)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetName_Global>(space, getStubCode(), firstMonitorStub_, shape_,
-                                                 slot_);
+            return newStub<ICGetName_Global>(space, getStubCode(), firstMonitorStub_, shape_,
+                                             slot_);
         }
     };
 };
 
 // Optimized GETNAME/CALLNAME stub, making a variable number of hops to get an
 // 'own' property off some scope object. Unlike GETPROP on an object's
 // prototype, there is no teleporting optimization to take advantage of and
 // shape checks are required all along the scope chain.
@@ -3861,17 +3869,18 @@ class ICGetName_Scope : public ICMonitor
             firstMonitorStub_(firstMonitorStub),
             shapes_(shapes),
             isFixedSlot_(isFixedSlot),
             offset_(offset)
         {
         }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetName_Scope>(space, getStubCode(), firstMonitorStub_, shapes_, offset_);
+            return newStub<ICGetName_Scope>(space, getStubCode(), firstMonitorStub_, shapes_,
+                                            offset_);
         }
     };
 };
 
 // BindName
 //      JSOP_BINDNAME
 class ICBindName_Fallback : public ICFallbackStub
 {
@@ -3887,17 +3896,17 @@ class ICBindName_Fallback : public ICFal
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::BindName_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICBindName_Fallback>(space, getStubCode());
+            return newStub<ICBindName_Fallback>(space, getStubCode());
         }
     };
 };
 
 // GetIntrinsic
 //      JSOP_GETINTRINSIC
 class ICGetIntrinsic_Fallback : public ICMonitoredFallbackStub
 {
@@ -3914,17 +3923,17 @@ class ICGetIntrinsic_Fallback : public I
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetIntrinsic_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
             ICGetIntrinsic_Fallback* stub =
-                ICStub::New<ICGetIntrinsic_Fallback>(space, getStubCode());
+                newStub<ICGetIntrinsic_Fallback>(space, getStubCode());
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 
 // Stub that loads the constant result of a GETINTRINSIC operation.
@@ -3952,17 +3961,17 @@ class ICGetIntrinsic_Constant : public I
 
       public:
         Compiler(JSContext* cx, HandleValue value)
           : ICStubCompiler(cx, ICStub::GetIntrinsic_Constant),
             value_(value)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetIntrinsic_Constant>(space, getStubCode(), value_);
+            return newStub<ICGetIntrinsic_Constant>(space, getStubCode(), value_);
         }
     };
 };
 
 class ICGetProp_Fallback : public ICMonitoredFallbackStub
 {
     friend class ICStubSpace;
 
@@ -3996,17 +4005,17 @@ class ICGetProp_Fallback : public ICMoni
         bool postGenerateStubCode(MacroAssembler& masm, Handle<JitCode*> code);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetProp_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            ICGetProp_Fallback* stub = ICStub::New<ICGetProp_Fallback>(space, getStubCode());
+            ICGetProp_Fallback* stub = newStub<ICGetProp_Fallback>(space, getStubCode());
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 
 // Stub for sites, which are too polymorphic (i.e. MAX_OPTIMIZED_STUBS was reached)
@@ -4014,31 +4023,31 @@ class ICGetProp_Generic : public ICMonit
 {
     friend class ICStubSpace;
 
   protected:
     explicit ICGetProp_Generic(JitCode* stubCode, ICStub* firstMonitorStub)
       : ICMonitoredStub(ICStub::GetProp_Generic, stubCode, firstMonitorStub) {}
 
   public:
-    static ICGetProp_Generic* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICGetProp_Generic* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                     ICGetProp_Generic& other);
 
     class Compiler : public ICStubCompiler {
       protected:
         bool generateStubCode(MacroAssembler& masm);
         ICStub* firstMonitorStub_;
       public:
         explicit Compiler(JSContext* cx, ICStub* firstMonitorStub)
           : ICStubCompiler(cx, ICStub::GetProp_Generic),
             firstMonitorStub_(firstMonitorStub)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_Generic>(space, getStubCode(), firstMonitorStub_);
+            return newStub<ICGetProp_Generic>(space, getStubCode(), firstMonitorStub_);
         }
     };
 };
 
 // Stub for accessing a dense array's length.
 class ICGetProp_ArrayLength : public ICStub
 {
     friend class ICStubSpace;
@@ -4052,17 +4061,17 @@ class ICGetProp_ArrayLength : public ICS
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetProp_ArrayLength)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_ArrayLength>(space, getStubCode());
+            return newStub<ICGetProp_ArrayLength>(space, getStubCode());
         }
     };
 };
 
 // Stub for accessing an unboxed array's length.
 class ICGetProp_UnboxedArrayLength : public ICStub
 {
     friend class ICStubSpace;
@@ -4076,17 +4085,17 @@ class ICGetProp_UnboxedArrayLength : pub
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetProp_UnboxedArrayLength)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_UnboxedArrayLength>(space, getStubCode());
+            return newStub<ICGetProp_UnboxedArrayLength>(space, getStubCode());
         }
     };
 };
 
 // Stub for accessing a property on a primitive's prototype.
 class ICGetProp_Primitive : public ICMonitoredStub
 {
     friend class ICStubSpace;
@@ -4138,18 +4147,18 @@ class ICGetProp_Primitive : public ICMon
             primitiveType_(primitiveType),
             prototype_(cx, prototype),
             isFixedSlot_(isFixedSlot),
             offset_(offset)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
             RootedShape protoShape(cx, prototype_->as<NativeObject>().lastProperty());
-            return ICStub::New<ICGetProp_Primitive>(space, getStubCode(), firstMonitorStub_,
-                                                    protoShape, offset_);
+            return newStub<ICGetProp_Primitive>(space, getStubCode(), firstMonitorStub_,
+                                                protoShape, offset_);
         }
     };
 };
 
 // Stub for accessing a string's length.
 class ICGetProp_StringLength : public ICStub
 {
     friend class ICStubSpace;
@@ -4163,17 +4172,17 @@ class ICGetProp_StringLength : public IC
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::GetProp_StringLength)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_StringLength>(space, getStubCode());
+            return newStub<ICGetProp_StringLength>(space, getStubCode());
         }
     };
 };
 
 // Base class for native GetProp stubs.
 class ICGetPropNativeStub : public ICMonitoredStub
 {
     // Object shape/group.
@@ -4215,17 +4224,17 @@ class ICGetProp_Native : public ICGetPro
     friend class ICStubSpace;
 
     ICGetProp_Native(JitCode* stubCode, ICStub* firstMonitorStub, ReceiverGuard guard,
                      uint32_t offset)
       : ICGetPropNativeStub(GetProp_Native, stubCode, firstMonitorStub, guard, offset)
     {}
 
   public:
-    static ICGetProp_Native* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICGetProp_Native* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                    ICGetProp_Native& other);
 };
 
 // Stub for accessing a property on the native prototype of a native or unboxed
 // object. Note that due to the shape teleporting optimization, we only have to
 // guard on the object's shape/group and the holder's shape.
 class ICGetProp_NativePrototype : public ICGetPropNativeStub
 {
@@ -4236,17 +4245,18 @@ class ICGetProp_NativePrototype : public
     HeapPtrObject holder_;
     HeapPtrShape holderShape_;
 
     ICGetProp_NativePrototype(JitCode* stubCode, ICStub* firstMonitorStub,
                               ReceiverGuard guard,
                               uint32_t offset, JSObject* holder, Shape* holderShape);
 
   public:
-    static ICGetProp_NativePrototype* Clone(ICStubSpace* space,
+    static ICGetProp_NativePrototype* Clone(JSContext* cx,
+                                            ICStubSpace* space,
                                             ICStub* firstMonitorStub,
                                             ICGetProp_NativePrototype& other);
 
   public:
     HeapPtrObject& holder() {
         return holder_;
     }
     HeapPtrShape& holderShape() {
@@ -4384,17 +4394,17 @@ class ICGetPropNativeDoesNotExistCompile
 
   public:
     ICGetPropNativeDoesNotExistCompiler(JSContext* cx, ICStub* firstMonitorStub,
                                         HandleObject obj, size_t protoChainDepth);
 
     template <size_t ProtoChainDepth>
     ICStub* getStubSpecific(ICStubSpace* space, const AutoShapeVector* shapes) {
         ReceiverGuard guard(obj_);
-        return ICStub::New<ICGetProp_NativeDoesNotExistImpl<ProtoChainDepth> >
+        return newStub<ICGetProp_NativeDoesNotExistImpl<ProtoChainDepth>>
             (space, getStubCode(), firstMonitorStub_, guard, shapes);
     }
 
     ICStub* getStub(ICStubSpace* space);
 };
 
 class ICGetProp_Unboxed : public ICMonitoredStub
 {
@@ -4442,18 +4452,18 @@ class ICGetProp_Unboxed : public ICMonit
           : ICStubCompiler(cx, ICStub::GetProp_Unboxed),
             firstMonitorStub_(firstMonitorStub),
             group_(cx, group),
             fieldOffset_(fieldOffset),
             fieldType_(fieldType)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_Unboxed>(space, getStubCode(), firstMonitorStub_,
-                                                  group_, fieldOffset_);
+            return newStub<ICGetProp_Unboxed>(space, getStubCode(), firstMonitorStub_, group_,
+                                              fieldOffset_);
         }
     };
 };
 
 static uint32_t
 SimpleTypeDescrKey(SimpleTypeDescr* descr)
 {
     if (descr->is<ScalarTypeDescr>())
@@ -4511,18 +4521,18 @@ class ICGetProp_TypedObject : public ICM
             firstMonitorStub_(firstMonitorStub),
             shape_(cx, shape),
             fieldOffset_(fieldOffset),
             layout_(GetTypedThingLayout(shape->getObjectClass())),
             fieldDescr_(cx, fieldDescr)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_TypedObject>(space, getStubCode(), firstMonitorStub_,
-                                                      shape_, fieldOffset_);
+            return newStub<ICGetProp_TypedObject>(space, getStubCode(), firstMonitorStub_, shape_,
+                                                  fieldOffset_);
         }
     };
 };
 
 class ICGetPropCallGetter : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
@@ -4633,17 +4643,17 @@ class ICGetProp_CallScripted : public IC
                            ReceiverGuard receiverGuard,
                            JSObject* holder, Shape* holderShape,
                            JSFunction* getter, uint32_t pcOffset)
       : ICGetPropCallGetter(GetProp_CallScripted, stubCode, firstMonitorStub,
                             receiverGuard, holder, holderShape, getter, pcOffset)
     {}
 
   public:
-    static ICGetProp_CallScripted* Clone(ICStubSpace* space,
+    static ICGetProp_CallScripted* Clone(JSContext* cx, ICStubSpace* space,
                                          ICStub* firstMonitorStub, ICGetProp_CallScripted& other);
 
     class Compiler : public ICGetPropCallGetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, ICStub* firstMonitorStub, HandleObject obj,
@@ -4651,17 +4661,17 @@ class ICGetProp_CallScripted : public IC
           : ICGetPropCallGetter::Compiler(cx, ICStub::GetProp_CallScripted,
                                           firstMonitorStub, obj, holder,
                                           getter, pcOffset, /* outerClass = */ nullptr)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
             ReceiverGuard guard(receiver_);
             Shape* holderShape = holder_->as<NativeObject>().lastProperty();
-            return ICStub::New<ICGetProp_CallScripted>(space, getStubCode(), firstMonitorStub_,
+            return newStub<ICGetProp_CallScripted>(space, getStubCode(), firstMonitorStub_,
                                                        guard, holder_, holderShape, getter_,
                                                        pcOffset_);
         }
     };
 };
 
 // Stub for calling a native getter on a native object.
 class ICGetProp_CallNative : public ICGetPropCallGetter
@@ -4674,17 +4684,17 @@ class ICGetProp_CallNative : public ICGe
                          ReceiverGuard receiverGuard,
                          JSObject* holder, Shape* holderShape,
                          JSFunction* getter, uint32_t pcOffset)
       : ICGetPropCallGetter(GetProp_CallNative, stubCode, firstMonitorStub,
                             receiverGuard, holder, holderShape, getter, pcOffset)
     {}
 
   public:
-    static ICGetProp_CallNative* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICGetProp_CallNative* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                        ICGetProp_CallNative& other);
 
     class Compiler : public ICGetPropCallGetter::Compiler
     {
         bool inputDefinitelyObject_;
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
@@ -4702,17 +4712,17 @@ class ICGetProp_CallNative : public ICGe
                                           firstMonitorStub, receiver, holder,
                                           getter, pcOffset, outerClass),
             inputDefinitelyObject_(inputDefinitelyObject)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
             ReceiverGuard guard(receiver_);
             Shape* holderShape = holder_->as<NativeObject>().lastProperty();
-            return ICStub::New<ICGetProp_CallNative>(space, getStubCode(), firstMonitorStub_,
+            return newStub<ICGetProp_CallNative>(space, getStubCode(), firstMonitorStub_,
                                                      guard, holder_, holderShape,
                                                      getter_, pcOffset_);
         }
     };
 };
 
 class ICGetPropCallDOMProxyNativeStub : public ICGetPropCallGetter
 {
@@ -4744,17 +4754,18 @@ class ICGetProp_CallDOMProxyNative : pub
                                  JSObject* holder, Shape* holderShape,
                                  JSFunction* getter, uint32_t pcOffset)
       : ICGetPropCallDOMProxyNativeStub(ICStub::GetProp_CallDOMProxyNative, stubCode,
                                         firstMonitorStub, shape, expandoShape,
                                         holder, holderShape, getter, pcOffset)
     {}
 
   public:
-    static ICGetProp_CallDOMProxyNative* Clone(ICStubSpace* space,
+    static ICGetProp_CallDOMProxyNative* Clone(JSContext* cx,
+                                               ICStubSpace* space,
                                                ICStub* firstMonitorStub,
                                                ICGetProp_CallDOMProxyNative& other);
 };
 
 class ICGetProp_CallDOMProxyWithGenerationNative : public ICGetPropCallDOMProxyNativeStub
 {
   protected:
     ExpandoAndGeneration* expandoAndGeneration_;
@@ -4771,17 +4782,17 @@ class ICGetProp_CallDOMProxyWithGenerati
                                         stubCode, firstMonitorStub, shape,
                                         expandoShape, holder, holderShape, getter, pcOffset),
         expandoAndGeneration_(expandoAndGeneration),
         generation_(generation)
     {
     }
 
     static ICGetProp_CallDOMProxyWithGenerationNative*
-    Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
           ICGetProp_CallDOMProxyWithGenerationNative& other);
 
     void* expandoAndGeneration() const {
         return expandoAndGeneration_;
     }
     uint32_t generation() const {
         return generation_;
     }
@@ -4827,17 +4838,17 @@ class ICGetProp_DOMProxyShadowed : publi
     HeapPtrPropertyName name_;
     uint32_t pcOffset_;
 
     ICGetProp_DOMProxyShadowed(JitCode* stubCode, ICStub* firstMonitorStub, Shape* shape,
                                const BaseProxyHandler* proxyHandler, PropertyName* name,
                                uint32_t pcOffset);
 
   public:
-    static ICGetProp_DOMProxyShadowed* Clone(ICStubSpace* space,
+    static ICGetProp_DOMProxyShadowed* Clone(JSContext* cx, ICStubSpace* space,
                                              ICStub* firstMonitorStub,
                                              ICGetProp_DOMProxyShadowed& other);
 
     HeapPtrShape& shape() {
         return shape_;
     }
     HeapPtrPropertyName& name() {
         return name_;
@@ -4902,17 +4913,17 @@ class ICGetProp_ArgumentsLength : public
 
       public:
         Compiler(JSContext* cx, Which which)
           : ICStubCompiler(cx, ICStub::GetProp_ArgumentsLength),
             which_(which)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_ArgumentsLength>(space, getStubCode());
+            return newStub<ICGetProp_ArgumentsLength>(space, getStubCode());
         }
     };
 };
 
 class ICGetProp_ArgumentsCallee : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
@@ -4927,17 +4938,17 @@ class ICGetProp_ArgumentsCallee : public
 
       public:
         Compiler(JSContext* cx, ICStub* firstMonitorStub)
           : ICStubCompiler(cx, ICStub::GetProp_ArgumentsCallee),
             firstMonitorStub_(firstMonitorStub)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICGetProp_ArgumentsCallee>(space, getStubCode(), firstMonitorStub_);
+            return newStub<ICGetProp_ArgumentsCallee>(space, getStubCode(), firstMonitorStub_);
         }
     };
 };
 
 // SetProp
 //     JSOP_SETPROP
 //     JSOP_SETNAME
 //     JSOP_SETGNAME
@@ -4969,17 +4980,17 @@ class ICSetProp_Fallback : public ICFall
         bool postGenerateStubCode(MacroAssembler& masm, Handle<JitCode*> code);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::SetProp_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICSetProp_Fallback>(space, getStubCode());
+            return newStub<ICSetProp_Fallback>(space, getStubCode());
         }
     };
 };
 
 // Optimized SETPROP/SETGNAME/SETNAME stub.
 class ICSetProp_Native : public ICUpdatedStub
 {
     friend class ICStubSpace;
@@ -5152,18 +5163,18 @@ class ICSetPropNativeAddCompiler : publi
             newGroup = nullptr;
 
         RootedShape newShape(cx);
         if (obj_->isNative())
             newShape = obj_->as<NativeObject>().lastProperty();
         else
             newShape = obj_->as<UnboxedPlainObject>().maybeExpando()->lastProperty();
 
-        return ICStub::New<ICSetProp_NativeAddImpl<ProtoChainDepth>>(
-                    space, getStubCode(), oldGroup_, shapes, newShape, newGroup, offset_);
+        return newStub<ICSetProp_NativeAddImpl<ProtoChainDepth>>(
+            space, getStubCode(), oldGroup_, shapes, newShape, newGroup, offset_);
     }
 
     ICUpdatedStub* getStub(ICStubSpace* space);
 };
 
 class ICSetProp_Unboxed : public ICUpdatedStub
 {
     friend class ICStubSpace;
@@ -5209,18 +5220,18 @@ class ICSetProp_Unboxed : public ICUpdat
                  JSValueType fieldType)
           : ICStubCompiler(cx, ICStub::SetProp_Unboxed),
             group_(cx, group),
             fieldOffset_(fieldOffset),
             fieldType_(fieldType)
         {}
 
         ICUpdatedStub* getStub(ICStubSpace* space) {
-            ICUpdatedStub* stub = ICStub::New<ICSetProp_Unboxed>(space, getStubCode(),
-                                                                 group_, fieldOffset_);
+            ICUpdatedStub* stub = newStub<ICSetProp_Unboxed>(space, getStubCode(), group_,
+                                                             fieldOffset_);
             if (!stub || !stub->initUpdatingChain(cx, space))
                 return nullptr;
             return stub;
         }
 
         bool needsUpdateStubs() {
             return fieldType_ == JSVAL_TYPE_OBJECT;
         }
@@ -5294,19 +5305,19 @@ class ICSetProp_TypedObject : public ICU
             layout_(GetTypedThingLayout(shape->getObjectClass())),
             fieldDescr_(cx, fieldDescr)
         {}
 
         ICUpdatedStub* getStub(ICStubSpace* space) {
             bool isObjectReference =
                 fieldDescr_->is<ReferenceTypeDescr>() &&
                 fieldDescr_->as<ReferenceTypeDescr>().type() == ReferenceTypeDescr::TYPE_OBJECT;
-            ICUpdatedStub* stub = ICStub::New<ICSetProp_TypedObject>(space, getStubCode(), shape_,
-                                                                     group_, fieldOffset_,
-                                                                     isObjectReference);
+            ICUpdatedStub* stub = newStub<ICSetProp_TypedObject>(space, getStubCode(), shape_,
+                                                                 group_, fieldOffset_,
+                                                                 isObjectReference);
             if (!stub || !stub->initUpdatingChain(cx, space))
                 return nullptr;
             return stub;
         }
 
         bool needsUpdateStubs() {
             return fieldDescr_->is<ReferenceTypeDescr>() &&
                    fieldDescr_->as<ReferenceTypeDescr>().type() != ReferenceTypeDescr::TYPE_STRING;
@@ -5401,34 +5412,34 @@ class ICSetProp_CallScripted : public IC
   protected:
     ICSetProp_CallScripted(JitCode* stubCode, ReceiverGuard guard, JSObject* holder,
                            Shape* holderShape, JSFunction* setter, uint32_t pcOffset)
       : ICSetPropCallSetter(SetProp_CallScripted, stubCode, guard, holder, holderShape,
                             setter, pcOffset)
     {}
 
   public:
-    static ICSetProp_CallScripted* Clone(ICStubSpace* space, ICStub*,
+    static ICSetProp_CallScripted* Clone(JSContext* cx, ICStubSpace* space, ICStub*,
                                          ICSetProp_CallScripted& other);
 
     class Compiler : public ICSetPropCallSetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, HandleObject obj, HandleObject holder, HandleFunction setter,
                  uint32_t pcOffset)
           : ICSetPropCallSetter::Compiler(cx, ICStub::SetProp_CallScripted,
                                           obj, holder, setter, pcOffset)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
             ReceiverGuard guard(obj_);
             Shape* holderShape = holder_->as<NativeObject>().lastProperty();
-            return ICStub::New<ICSetProp_CallScripted>(space, getStubCode(), guard, holder_,
+            return newStub<ICSetProp_CallScripted>(space, getStubCode(), guard, holder_,
                                                        holderShape, setter_, pcOffset_);
         }
     };
 };
 
 // Stub for calling a native setter on a native object.
 class ICSetProp_CallNative : public ICSetPropCallSetter
 {
@@ -5437,35 +5448,36 @@ class ICSetProp_CallNative : public ICSe
   protected:
     ICSetProp_CallNative(JitCode* stubCode, ReceiverGuard guard, JSObject* holder,
                          Shape* holderShape, JSFunction* setter, uint32_t pcOffset)
       : ICSetPropCallSetter(SetProp_CallNative, stubCode, guard, holder, holderShape,
                             setter, pcOffset)
     {}
 
   public:
-    static ICSetProp_CallNative* Clone(ICStubSpace* space, ICStub*,
+    static ICSetProp_CallNative* Clone(JSContext* cx,
+                                       ICStubSpace* space, ICStub*,
                                        ICSetProp_CallNative& other);
 
     class Compiler : public ICSetPropCallSetter::Compiler {
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         Compiler(JSContext* cx, HandleObject obj, HandleObject holder, HandleFunction setter,
                  uint32_t pcOffset)
           : ICSetPropCallSetter::Compiler(cx, ICStub::SetProp_CallNative,
                                           obj, holder, setter, pcOffset)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
             ReceiverGuard guard(obj_);
             Shape* holderShape = holder_->as<NativeObject>().lastProperty();
-            return ICStub::New<ICSetProp_CallNative>(space, getStubCode(), guard, holder_,
-                                                     holderShape, setter_, pcOffset_);
+            return newStub<ICSetProp_CallNative>(space, getStubCode(), guard, holder_, holderShape,
+                                                 setter_, pcOffset_);
         }
     };
 };
 
 // Call
 //      JSOP_CALL
 //      JSOP_FUNAPPLY
 //      JSOP_FUNCALL
@@ -5562,17 +5574,17 @@ class ICCall_Fallback : public ICMonitor
       public:
         Compiler(JSContext* cx, bool isConstructing, bool isSpread)
           : ICCallStubCompiler(cx, ICStub::Call_Fallback),
             isConstructing_(isConstructing),
             isSpread_(isSpread)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            ICCall_Fallback* stub = ICStub::New<ICCall_Fallback>(space, getStubCode(), isConstructing_);
+            ICCall_Fallback* stub = newStub<ICCall_Fallback>(space, getStubCode(), isConstructing_);
             if (!stub || !stub->initMonitoringChain(cx, space))
                 return nullptr;
             return stub;
         }
     };
 };
 
 class ICCall_Scripted : public ICMonitoredStub
@@ -5589,17 +5601,17 @@ class ICCall_Scripted : public ICMonitor
     HeapPtrObject templateObject_;
     uint32_t pcOffset_;
 
     ICCall_Scripted(JitCode* stubCode, ICStub* firstMonitorStub,
                     JSFunction* callee, JSObject* templateObject,
                     uint32_t pcOffset);
 
   public:
-    static ICCall_Scripted* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICCall_Scripted* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                   ICCall_Scripted& other);
 
     HeapPtrFunction& callee() {
         return callee_;
     }
     HeapPtrObject& templateObject() {
         return templateObject_;
     }
@@ -5620,17 +5632,17 @@ class ICCall_AnyScripted : public ICMoni
     uint32_t pcOffset_;
 
     ICCall_AnyScripted(JitCode* stubCode, ICStub* firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_AnyScripted, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     { }
 
   public:
-    static ICCall_AnyScripted* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICCall_AnyScripted* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                      ICCall_AnyScripted& other);
 
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_AnyScripted, pcOffset_);
     }
 };
 
 // Compiler for Call_Scripted and Call_AnyScripted stubs.
@@ -5670,21 +5682,20 @@ class ICCallScriptedCompiler : public IC
         isSpread_(isSpread),
         callee_(cx, nullptr),
         templateObject_(cx, nullptr),
         pcOffset_(pcOffset)
     { }
 
     ICStub* getStub(ICStubSpace* space) {
         if (callee_) {
-            return ICStub::New<ICCall_Scripted>(space, getStubCode(), firstMonitorStub_,
-                                                callee_, templateObject_,
-                                                pcOffset_);
+            return newStub<ICCall_Scripted>(space, getStubCode(), firstMonitorStub_, callee_,
+                                            templateObject_, pcOffset_);
         }
-        return ICStub::New<ICCall_AnyScripted>(space, getStubCode(), firstMonitorStub_, pcOffset_);
+        return newStub<ICCall_AnyScripted>(space, getStubCode(), firstMonitorStub_, pcOffset_);
     }
 };
 
 class ICCall_Native : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
   protected:
@@ -5696,17 +5707,17 @@ class ICCall_Native : public ICMonitored
     void* native_;
 #endif
 
     ICCall_Native(JitCode* stubCode, ICStub* firstMonitorStub,
                   JSFunction* callee, JSObject* templateObject,
                   uint32_t pcOffset);
 
   public:
-    static ICCall_Native* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICCall_Native* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                 ICCall_Native& other);
 
     HeapPtrFunction& callee() {
         return callee_;
     }
     HeapPtrObject& templateObject() {
         return templateObject_;
     }
@@ -5749,18 +5760,18 @@ class ICCall_Native : public ICMonitored
             isConstructing_(isConstructing),
             isSpread_(isSpread),
             callee_(cx, callee),
             templateObject_(cx, templateObject),
             pcOffset_(pcOffset)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCall_Native>(space, getStubCode(), firstMonitorStub_,
-                                              callee_, templateObject_, pcOffset_);
+            return newStub<ICCall_Native>(space, getStubCode(), firstMonitorStub_, callee_,
+                                          templateObject_, pcOffset_);
         }
     };
 };
 
 class ICCall_ClassHook : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
@@ -5770,17 +5781,17 @@ class ICCall_ClassHook : public ICMonito
     HeapPtrObject templateObject_;
     uint32_t pcOffset_;
 
     ICCall_ClassHook(JitCode* stubCode, ICStub* firstMonitorStub,
                      const Class* clasp, Native native, JSObject* templateObject,
                      uint32_t pcOffset);
 
   public:
-    static ICCall_ClassHook* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
+    static ICCall_ClassHook* Clone(JSContext* cx, ICStubSpace* space, ICStub* firstMonitorStub,
                                    ICCall_ClassHook& other);
 
     const Class* clasp() {
         return clasp_;
     }
     void* native() {
         return native_;
     }
@@ -5823,18 +5834,18 @@ class ICCall_ClassHook : public ICMonito
             isConstructing_(isConstructing),
             clasp_(clasp),
             native_(native),
             templateObject_(cx, templateObject),
             pcOffset_(pcOffset)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCall_ClassHook>(space, getStubCode(), firstMonitorStub_,
-                                                 clasp_, native_, templateObject_, pcOffset_);
+            return newStub<ICCall_ClassHook>(space, getStubCode(), firstMonitorStub_, clasp_,
+                                             native_, templateObject_, pcOffset_);
         }
     };
 };
 
 class ICCall_ScriptedApplyArray : public ICMonitoredStub
 {
     friend class ICStubSpace;
   public:
@@ -5847,17 +5858,18 @@ class ICCall_ScriptedApplyArray : public
     uint32_t pcOffset_;
 
     ICCall_ScriptedApplyArray(JitCode* stubCode, ICStub* firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_ScriptedApplyArray, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     {}
 
   public:
-    static ICCall_ScriptedApplyArray* Clone(ICStubSpace* space,
+    static ICCall_ScriptedApplyArray* Clone(JSContext* cx,
+                                            ICStubSpace* space,
                                             ICStub* firstMonitorStub,
                                             ICCall_ScriptedApplyArray& other);
 
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_ScriptedApplyArray, pcOffset_);
     }
 
     // Compiler for this stub kind.
@@ -5874,18 +5886,18 @@ class ICCall_ScriptedApplyArray : public
       public:
         Compiler(JSContext* cx, ICStub* firstMonitorStub, uint32_t pcOffset)
           : ICCallStubCompiler(cx, ICStub::Call_ScriptedApplyArray),
             firstMonitorStub_(firstMonitorStub),
             pcOffset_(pcOffset)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCall_ScriptedApplyArray>(space, getStubCode(), firstMonitorStub_,
-                                                          pcOffset_);
+            return newStub<ICCall_ScriptedApplyArray>(space, getStubCode(), firstMonitorStub_,
+                                                      pcOffset_);
         }
     };
 };
 
 class ICCall_ScriptedApplyArguments : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
@@ -5893,17 +5905,18 @@ class ICCall_ScriptedApplyArguments : pu
     uint32_t pcOffset_;
 
     ICCall_ScriptedApplyArguments(JitCode* stubCode, ICStub* firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_ScriptedApplyArguments, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     {}
 
   public:
-    static ICCall_ScriptedApplyArguments* Clone(ICStubSpace* space,
+    static ICCall_ScriptedApplyArguments* Clone(JSContext* cx,
+                                                ICStubSpace* space,
                                                 ICStub* firstMonitorStub,
                                                 ICCall_ScriptedApplyArguments& other);
 
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_ScriptedApplyArguments, pcOffset_);
     }
 
     // Compiler for this stub kind.
@@ -5920,18 +5933,18 @@ class ICCall_ScriptedApplyArguments : pu
       public:
         Compiler(JSContext* cx, ICStub* firstMonitorStub, uint32_t pcOffset)
           : ICCallStubCompiler(cx, ICStub::Call_ScriptedApplyArguments),
             firstMonitorStub_(firstMonitorStub),
             pcOffset_(pcOffset)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCall_ScriptedApplyArguments>(space, getStubCode(), firstMonitorStub_,
-                                                              pcOffset_);
+            return newStub<ICCall_ScriptedApplyArguments>(space, getStubCode(), firstMonitorStub_,
+                                                          pcOffset_);
         }
     };
 };
 
 // Handles calls of the form |fun.call(...)| where fun is a scripted function.
 class ICCall_ScriptedFunCall : public ICMonitoredStub
 {
     friend class ICStubSpace;
@@ -5940,18 +5953,18 @@ class ICCall_ScriptedFunCall : public IC
     uint32_t pcOffset_;
 
     ICCall_ScriptedFunCall(JitCode* stubCode, ICStub* firstMonitorStub, uint32_t pcOffset)
       : ICMonitoredStub(ICStub::Call_ScriptedFunCall, stubCode, firstMonitorStub),
         pcOffset_(pcOffset)
     {}
 
   public:
-    static ICCall_ScriptedFunCall* Clone(ICStubSpace* space, ICStub* firstMonitorStub,
-                                         ICCall_ScriptedFunCall& other);
+    static ICCall_ScriptedFunCall* Clone(JSContext* cx, ICStubSpace* space,
+                                         ICStub* firstMonitorStub, ICCall_ScriptedFunCall& other);
 
     static size_t offsetOfPCOffset() {
         return offsetof(ICCall_ScriptedFunCall, pcOffset_);
     }
 
     // Compiler for this stub kind.
     class Compiler : public ICCallStubCompiler {
       protected:
@@ -5966,18 +5979,18 @@ class ICCall_ScriptedFunCall : public IC
       public:
         Compiler(JSContext* cx, ICStub* firstMonitorStub, uint32_t pcOffset)
           : ICCallStubCompiler(cx, ICStub::Call_ScriptedFunCall),
             firstMonitorStub_(firstMonitorStub),
             pcOffset_(pcOffset)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCall_ScriptedFunCall>(space, getStubCode(), firstMonitorStub_,
-                                                       pcOffset_);
+            return newStub<ICCall_ScriptedFunCall>(space, getStubCode(), firstMonitorStub_,
+                                                   pcOffset_);
         }
     };
 };
 
 class ICCall_StringSplit : public ICMonitoredStub
 {
     friend class ICStubSpace;
 
@@ -6040,19 +6053,18 @@ class ICCall_StringSplit : public ICMoni
             firstMonitorStub_(firstMonitorStub),
             pcOffset_(pcOffset),
             expectedThis_(cx, thisString),
             expectedArg_(cx, argString),
             templateObject_(cx, &templateObject.toObject().as<ArrayObject>())
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCall_StringSplit>(space, getStubCode(), firstMonitorStub_,
-                                                   pcOffset_, expectedThis_, expectedArg_,
-                                                   templateObject_);
+            return newStub<ICCall_StringSplit>(space, getStubCode(), firstMonitorStub_, pcOffset_,
+                                               expectedThis_, expectedArg_, templateObject_);
         }
    };
 };
 
 class ICCall_IsSuspendedStarGenerator : public ICStub
 {
     friend class ICStubSpace;
 
@@ -6066,17 +6078,17 @@ class ICCall_IsSuspendedStarGenerator : 
       protected:
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::Call_IsSuspendedStarGenerator)
         {}
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICCall_IsSuspendedStarGenerator>(space, getStubCode());
+            return newStub<ICCall_IsSuspendedStarGenerator>(space, getStubCode());
         }
    };
 };
 
 // Stub for performing a TableSwitch, updating the IC's return address to jump
 // to whatever point the switch is branching to.
 class ICTableSwitch : public ICStub
 {
@@ -6126,17 +6138,17 @@ class ICIteratorNew_Fallback : public IC
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::IteratorNew_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICIteratorNew_Fallback>(space, getStubCode());
+            return newStub<ICIteratorNew_Fallback>(space, getStubCode());
         }
     };
 };
 
 // IC for testing if there are more values in an iterator.
 class ICIteratorMore_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
@@ -6159,17 +6171,17 @@ class ICIteratorMore_Fallback : public I
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::IteratorMore_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICIteratorMore_Fallback>(space, getStubCode());
+            return newStub<ICIteratorMore_Fallback>(space, getStubCode());
         }
     };
 };
 
 // IC for testing if there are more values in a native iterator.
 class ICIteratorMore_Native : public ICStub
 {
     friend class ICStubSpace;
@@ -6184,17 +6196,17 @@ class ICIteratorMore_Native : public ICS
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::IteratorMore_Native)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICIteratorMore_Native>(space, getStubCode());
+            return newStub<ICIteratorMore_Native>(space, getStubCode());
         }
     };
 };
 
 // IC for closing an iterator.
 class ICIteratorClose_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
@@ -6209,17 +6221,17 @@ class ICIteratorClose_Fallback : public 
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::IteratorClose_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICIteratorClose_Fallback>(space, getStubCode());
+            return newStub<ICIteratorClose_Fallback>(space, getStubCode());
         }
     };
 };
 
 // InstanceOf
 //      JSOP_INSTANCEOF
 class ICInstanceOf_Fallback : public ICFallbackStub
 {
@@ -6246,17 +6258,17 @@ class ICInstanceOf_Fallback : public ICF
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::InstanceOf_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICInstanceOf_Fallback>(space, getStubCode());
+            return newStub<ICInstanceOf_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICInstanceOf_Function : public ICStub
 {
     friend class ICStubSpace;
 
@@ -6298,17 +6310,18 @@ class ICInstanceOf_Function : public ICS
         Compiler(JSContext* cx, Shape* shape, JSObject* prototypeObj, uint32_t slot)
           : ICStubCompiler(cx, ICStub::InstanceOf_Function),
             shape_(cx, shape),
             prototypeObj_(cx, prototypeObj),
             slot_(slot)
         {}
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICInstanceOf_Function>(space, getStubCode(), shape_, prototypeObj_, slot_);
+            return newStub<ICInstanceOf_Function>(space, getStubCode(), shape_, prototypeObj_,
+                                                  slot_);
         }
     };
 };
 
 // TypeOf
 //      JSOP_TYPEOF
 //      JSOP_TYPEOFEXPR
 class ICTypeOf_Fallback : public ICFallbackStub
@@ -6325,17 +6338,17 @@ class ICTypeOf_Fallback : public ICFallb
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::TypeOf_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeOf_Fallback>(space, getStubCode());
+            return newStub<ICTypeOf_Fallback>(space, getStubCode());
         }
     };
 };
 
 class ICTypeOf_Typed : public ICFallbackStub
 {
     friend class ICStubSpace;
 
@@ -6364,17 +6377,17 @@ class ICTypeOf_Typed : public ICFallback
       public:
         Compiler(JSContext* cx, JSType type, HandleString string)
           : ICStubCompiler(cx, ICStub::TypeOf_Typed),
             type_(type),
             typeString_(cx, string)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICTypeOf_Typed>(space, getStubCode(), type_);
+            return newStub<ICTypeOf_Typed>(space, getStubCode(), type_);
         }
     };
 };
 
 class ICRest_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
 
@@ -6398,17 +6411,17 @@ class ICRest_Fallback : public ICFallbac
 
       public:
         Compiler(JSContext* cx, ArrayObject* templateObject)
           : ICStubCompiler(cx, ICStub::Rest_Fallback),
             templateObject(cx, templateObject)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICRest_Fallback>(space, getStubCode(), templateObject);
+            return newStub<ICRest_Fallback>(space, getStubCode(), templateObject);
         }
     };
 };
 
 // Stub for JSOP_RETSUB ("returning" from a |finally| block).
 class ICRetSub_Fallback : public ICFallbackStub
 {
     friend class ICStubSpace;
@@ -6425,17 +6438,17 @@ class ICRetSub_Fallback : public ICFallb
         bool generateStubCode(MacroAssembler& masm);
 
       public:
         explicit Compiler(JSContext* cx)
           : ICStubCompiler(cx, ICStub::RetSub_Fallback)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICRetSub_Fallback>(space, getStubCode());
+            return newStub<ICRetSub_Fallback>(space, getStubCode());
         }
     };
 };
 
 // Optimized JSOP_RETSUB stub. Every stub maps a single pc offset to its
 // native code address.
 class ICRetSub_Resume : public ICStub
 {
@@ -6468,17 +6481,17 @@ class ICRetSub_Resume : public ICStub
       public:
         Compiler(JSContext* cx, uint32_t pcOffset, uint8_t* addr)
           : ICStubCompiler(cx, ICStub::RetSub_Resume),
             pcOffset_(pcOffset),
             addr_(addr)
         { }
 
         ICStub* getStub(ICStubSpace* space) {
-            return ICStub::New<ICRetSub_Resume>(space, getStubCode(), pcOffset_, addr_);
+            return newStub<ICRetSub_Resume>(space, getStubCode(), pcOffset_, addr_);
         }
     };
 };
 
 inline bool
 IsCacheableDOMProxy(JSObject* obj)
 {
     if (!obj->is<ProxyObject>())