Push/pop the array object into/from special frame in slow path.

In the slow path, loadFlattenableArrayElement() could call into J9AllocateObject() which might trigger GC. Push/pop the array object into/from special frame so that we always have the correct array object. Closes #13848 Signed-off-by: Hang Shao <hangshao@ca.ibm.com>
eclipse-openj9 · Nov 17, 2021 · 09b38ce · 09b38ce
1 parent edad67e
commit 09b38ce
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/runtime/vm/BytecodeInterpreter.hpp b/runtime/vm/BytecodeInterpreter.hpp
@@ -6170,11 +6170,9 @@ class INTERPRETER_CLASS
 				if ((NULL == value) && J9_IS_J9CLASS_FLATTENED(arrayrefClass)) {
 					/* We only get here due to an allocation failure */
 					buildGenericSpecialStackFrame(REGISTER_ARGS, 0);
-					pushObjectInSpecialFrame(REGISTER_ARGS, arrayref);
 					updateVMStruct(REGISTER_ARGS);
 					value = VM_ValueTypeHelpers::loadFlattenableArrayElement(_currentThread, _objectAccessBarrier, _objectAllocate, arrayref, index, false);
 					VMStructHasBeenUpdated(REGISTER_ARGS);
-					arrayref = popObjectInSpecialFrame(REGISTER_ARGS);
 					restoreGenericSpecialStackFrame(REGISTER_ARGS);
 					if (J9_UNEXPECTED(NULL == value)) {
 						rc = THROW_HEAP_OOM;

diff --git a/runtime/vm/ValueTypeHelpers.hpp b/runtime/vm/ValueTypeHelpers.hpp
@@ -456,19 +456,20 @@ class VM_ValueTypeHelpers {
 
 	/**
 	 * Performs an aaload operation on an object. Handles flattened and non-flattened cases.
+	 * This function could call into J9AllocateObject() which might trigger GC in the slow path, so receiverObject might be moved by GC.
+	 * If the caller caches receiverObject and uses it after calling this function in the slow path, it needs to re-read receiverObject.
 	 *
 	 * Assumes recieverObject is not null.
 	 * All AIOB exceptions must be thrown before calling.
 	 *
 	 * Returns null if newObjectRef retrieval fails.
 	 *
-	 * If fast == false, special stack frame must be built and receiverObject must be pushed onto it.
-	 *
 	 * @param[in] currentThread thread token
 	 * @param[in] _objectAccessBarrier access barrier
 	 * @param[in] _objectAllocate allocator
 	 * @param[in] receiverObject arrayobject
 	 * @param[in] index array index
+	 * @param[in] fast Fast path if true. Slow path if false.
 	 *
 	 * @return array element
 	 */
@@ -486,7 +487,9 @@ class VM_ValueTypeHelpers {
 					goto done;
 				}
 			} else {
+				VM_VMHelpers::pushObjectInSpecialFrame(currentThread, receiverObject);
 				newObjectRef = currentThread->javaVM->memoryManagerFunctions->J9AllocateObject(currentThread, ((J9ArrayClass*)arrayrefClass)->leafComponentType, J9_GC_ALLOCATE_OBJECT_NON_INSTRUMENTABLE);
+				receiverObject = VM_VMHelpers::popObjectInSpecialFrame(currentThread);
 				if (J9_UNEXPECTED(NULL == newObjectRef)) {
 					goto done;
 				}