JSCodeGenerator should use a js::Vector for its bytecode and srcnotes buffers, it would be much cleaner than managing the buffers explicitly. I tried to do this previously, bug 684111 comment 10 explains why it's difficult. That bug has a patch (attachment 558221 [details] [diff] [review]) for the bytecode buffer that works except for one annoying case. The srcnotes buffer is harder and more annoying.
BytecodeEmitter has these: > typedef Vector<jsbytecode, 0> BytecodeVector; > typedef Vector<jssrcnote, 0> SrcNotesVector; So I think this was done a long time ago.