rdar://120840889 When JIT'ing the bytecode for `i64.div_u`, BBQ emits an `asr` arm64 instruction for the ultimate division, which while correct in cases where the lhs operand is positive, produces an incorrect (i.e. signed) result when that operand is negative. E.g. `(i64.div_u (local.get 1) (i64.const 2))` produces: ``` [ 0xf] GetLocal <124> 0x10d05807c: ldur x1, [fp, #-16] [0x11] I64Cons [0x13] I64DivU <128> 0x10d058080: asr x1, x1, #1 ``` If the local is e.g. -2 (0xFFFFFFFFFFFFFFFE), this results in -1 (0xFFFFFFFFFFFFFFFF), but since we're doing an unsigned division it should properly return INT64_MAX (0x7FFFFFFFFFFFFFFF).
Pull request: https://github.com/WebKit/WebKit/pull/24760
Committed 275011@main (3ee7e4fc30fd): <https://commits.webkit.org/275011@main> Reviewed commits have been landed. Closing PR #24760 and removing active labels.
<rdar://problem/123277034>