RESOLVED FIXED 269729
BBQ JIT wrongly emits asr instruction for I{32,64}DivU 
https://bugs.webkit.org/show_bug.cgi?id=269729
Summary BBQ JIT wrongly emits asr instruction for I{32,64}DivU
Marcus Plutowski
Reported 2024-02-19 10:26:45 PST
rdar://120840889 When JIT'ing the bytecode for `i64.div_u`, BBQ emits an `asr` arm64 instruction for the ultimate division, which while correct in cases where the lhs operand is positive, produces an incorrect (i.e. signed) result when that operand is negative. E.g. `(i64.div_u (local.get 1) (i64.const 2))` produces: ``` [ 0xf] GetLocal <124> 0x10d05807c: ldur x1, [fp, #-16] [0x11] I64Cons [0x13] I64DivU <128> 0x10d058080: asr x1, x1, #1 ``` If the local is e.g. -2 (0xFFFFFFFFFFFFFFFE), this results in -1 (0xFFFFFFFFFFFFFFFF), but since we're doing an unsigned division it should properly return INT64_MAX (0x7FFFFFFFFFFFFFFF).
Attachments
Add attachment proposed patch, testcase, etc.
Marcus Plutowski
Comment 1 2024-02-19 11:55:05 PST
Pull request: https://github.com/WebKit/WebKit/pull/24760
EWS
Comment 2 2024-02-19 16:41:30 PST
Committed 275011@main (3ee7e4fc30fd): <https://commits.webkit.org/275011@main> Reviewed commits have been landed. Closing PR #24760 and removing active labels.
Radar WebKit Bug Importer
Comment 3 2024-02-19 16:42:14 PST
<rdar://problem/123277034>
Note You need to log in before you can comment on or make changes to this bug.