[PowerPC] Incorrect decompilation

[wgreenberg]

Version and Platform (required):

• Binary Ninja Version: 5.2.8722 (c75356aa)
• Edition: Non-Commercial
• OS: macOS
• OS Version: 26.1
• CPU Architecture: M4

Bug Description:
I was decompiling a fairly straightforward set of PowerPC instructions, but noticed that the result seemed somewhat nonsensical:

This is from a program dealing with 3D graphics, so presumably the arg is a floating-point vec3, and so the result of z * (x * y * y + x) + z doesn't make much sense. Trying the same function in Ghidra, we get a much more reasonable decompilation of dist_sq:

Looking up the definition of the fmadds instruction, Ghidra does appear to be correct.

Steps To Reproduce:
Please provide all steps required to reproduce the behavior:

1. Analyze this set of PowerPC instructions
2. Observe the decompilation

Expected Behavior:
Decompilation resembling x * x + y * y + z * z

[psifertex]

In the future, please copy out the raw bytes or share the file if you don't mind, saves us time having to re-create it ourselves from screenshots.

ppc-fp.bin.zip

Yeah, looks like we had some bugs in the lifting on some floating point instructions. I've pushed to a test branch for others to double check who know the architectures better, but in the meantime, if you want to try the fix yourself you can checkout and build the PPC plugin yourself and replace it by disabling the built-in one in settings.

https://github.com/Vector35/binaryninja-api/tree/test_fix_ppc_fp_args

[psifertex]

Sorry I didn't add more detail here before, but to clarify, here was our previous decompilation:

    return f13 * (f1 * f0_1 * f0_1 + f1) + f13

and with the PR:

return f13 * f13 + f1 * f1 + f0_1 * f0_1

[psifertex]

Fixed in builds >= 5.3.8934 (there's a few builds ahead in the CI so it might be a few hours)