It looks like both G1BarrierSetAssembler::g1_write_barrier_pre and G1BarrierSetAssembler::g1_write_barrier_post slowpaths for refilling buffers do not spill caller saved registers when calling into the VM. These are used by the interpreter heap stores. This seems a bit dangerous. Can't point out an exact bug manifesting due to this (BCP, method and locals registers in the interpreter are callee saved), but it feels like an accident waiting to happen nevertheless.