Bug 265272

Summary: Integer calculation error after JIT optimization.
Product: WebKit Reporter: anbu1024
Component: JavaScriptCoreAssignee: David Degazio <d_degazio>
Status: ASSIGNED ---    
Severity: Normal CC: bfulgham, darin, d_degazio, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: All   
OS: Linux   

Description anbu1024 2023-11-22 18:44:59 PST 
JSC version:
5a5dc5a5c26808fa98392aecc83d38935b72d255

Build options:
```
./Tools/Scripts/build-jsc --jsc-only --debug
```

test case:
```
function opt(){
	var x = -19278.05 >>> String;
	var y = x + -19278.05;
	var z = y >> String;
	return z;
}

let a = opt();

print("result before JIT opt")
print(a);

for(let i=0; i<0x200; i++){
	opt();
}

let b = opt();

print("result after JIT opt")
print(b);

```

Result:
```
result before JIT opt
-38557
result after JIT opt
-38556
```
Comment 1 Radar WebKit Bug Importer 2023-11-22 18:45:09 PST 
<rdar://problem/118731614>
Comment 2 David Degazio 2023-12-13 14:56:07 PST 
Pull request: https://github.com/WebKit/WebKit/pull/21767