Incorrect lifting for x86 ANDN instruction

[SlidyBat]

Version and Platform (required):

• Binary Ninja Version: 5.4.9690-dev Personal (29418338)
• Edition: Non-Commercial
• OS: macOS
• OS Version: Tahoe 26.4.1
• CPU Architecture: M1

Bug Description:
The ANDN instruction takes 3 operands (DEST, SRC1, SRC2) and should do DEST = ~SRC1 & SRC2.

The current lifting seems to instead be doing DEST = DEST & ~SRC1.

Steps To Reproduce:

1. Paste following raw hex and disassemble: 49c7c20100000049c7c00200000048c7c103000000c4c238f2ca
2. Observe incorrect LLIL code

00000000  mov     r10, 0x1
00000007  mov     r8, 0x2
0000000e  mov     rcx, 0x3
00000015  andn    ecx, r8d, r10d  {0x1}

   0 @ 00000000  r10 = 1
   1 @ 00000007  r8 = 2
   2 @ 0000000e  rcx = 3
   3 @ 00000015  ecx = ecx & not.d(r8d)

Expected Behavior:
The lifting for the repro example should instead be ecx = not.d(r8d) & r10d

[xusheng6]

Nice catch, thanks!

[SlidyBat]

PANDN/VPANDN also seem like they may be incorrect as well, although I haven't looked into these in as much depth, so worth verifying:

• PANDN should be doing DEST = ~DEST & SRC but is instead doing DEST = DEST & ~SRC
• VPANDN should be doing DEST = ~SRC1 & SRC2 but is instead doing DEST = SRC1 & ~SRC2 (and also does IL_FLAGWRITE_ALL even though instruction shouldn't be affecting flags)