diff --git a/js/src/jit/MIR.cpp b/js/src/jit/MIR.cpp
index e0d105306..69cb789b3 100644
--- a/js/src/jit/MIR.cpp
+++ b/js/src/jit/MIR.cpp
@@ -6583,8 +6583,10 @@ jit::PropertyWriteNeedsTypeBarrier(TempAllocator& alloc, CompilerConstraintList*
     bool success = true;
     for (size_t i = 0; i < types->getObjectCount(); i++) {
         TypeSet::ObjectKey* key = types->getObject(i);
-        if (!key || key->unknownProperties())
+        if (!key)
             continue;
+        if (!key->hasStableClassAndProto(constraints))
+            return true;
 
         // TI doesn't track TypedArray indexes and should never insert a type
         // barrier for them.
@@ -6636,8 +6638,11 @@ jit::PropertyWriteNeedsTypeBarrier(TempAllocator& alloc, CompilerConstraintList*
     TypeSet::ObjectKey* excluded = nullptr;
     for (size_t i = 0; i < types->getObjectCount(); i++) {
         TypeSet::ObjectKey* key = types->getObject(i);
-        if (!key || key->unknownProperties())
+        if (!key)
             continue;
+        if (!key->hasStableClassAndProto(constraints))
+            return true;
+
         if (!name && IsTypedArrayClass(key->clasp()))
             continue;
 
diff --git a/js/src/jit/MIR.h b/js/src/jit/MIR.h
index 5a60dada4..4cc356460 100644
--- a/js/src/jit/MIR.h
+++ b/js/src/jit/MIR.h
@@ -9890,10 +9890,6 @@ class MArraySlice
         return unboxedType_;
     }
 
-    AliasSet getAliasSet() const override {
-        return AliasSet::Store(AliasSet::BoxedOrUnboxedElements(unboxedType()) |
-                               AliasSet::ObjectFields);
-    }
     bool possiblyCalls() const override {
         return true;
     }