From 5bd93f34afe0367def3fedc65ca31802fafdabc7 Mon Sep 17 00:00:00 2001
From: Andreas Kling <kling@serenityos.org>
Date: Thu, 26 Oct 2023 14:49:58 +0200
Subject: [PATCH] LibJS/JIT: Sign-extend integers before comparing in LessThan
 fast path

---
 Userland/Libraries/LibJS/JIT/Assembler.h  | 8 ++++++++
 Userland/Libraries/LibJS/JIT/Compiler.cpp | 4 ++++
 2 files changed, 12 insertions(+)

diff --git a/Userland/Libraries/LibJS/JIT/Assembler.h b/Userland/Libraries/LibJS/JIT/Assembler.h
index 915ce3c01a2..f463d8d61ee 100644
--- a/Userland/Libraries/LibJS/JIT/Assembler.h
+++ b/Userland/Libraries/LibJS/JIT/Assembler.h
@@ -320,6 +320,14 @@ struct Assembler {
         label.add_jump(m_output.size());
     }
 
+    void sign_extend_32_to_64_bits(Reg reg)
+    {
+        // movsxd (reg as 64-bit), (reg as 32-bit)
+        emit8(0x48 | ((to_underlying(reg) >= 8) ? 1 << 0 : 0));
+        emit8(0x63);
+        emit8(0xc0 | (encode_reg(reg) << 3) | encode_reg(reg));
+    }
+
     void bitwise_and(Operand dst, Operand src)
     {
         // and dst,src
diff --git a/Userland/Libraries/LibJS/JIT/Compiler.cpp b/Userland/Libraries/LibJS/JIT/Compiler.cpp
index 70bb9f38160..3fedb185762 100644
--- a/Userland/Libraries/LibJS/JIT/Compiler.cpp
+++ b/Userland/Libraries/LibJS/JIT/Compiler.cpp
@@ -468,6 +468,10 @@ void Compiler::compile_less_than(Bytecode::Op::LessThan const& op)
         // else return false;
 
         auto true_case = m_assembler.make_label();
+
+        m_assembler.sign_extend_32_to_64_bits(ARG1);
+        m_assembler.sign_extend_32_to_64_bits(ARG2);
+
         m_assembler.jump_if_less_than(
             Assembler::Operand::Register(ARG1),
             Assembler::Operand::Register(ARG2),