[Cannotate] Segfault introduced in mutating conditions
In the current approach, we wrap the mutated code with pre-conditions checking if the labels are memory-safe.
However, there are still code semantic that cannot easily be checked with simply pointer existence.
e.g.
if (
(cur != content)
&& (cur->parent != NULL)
&& ((cur->type != cur->parent->type)
|| (cur->ocur != XML_ELEMENT_CONTENT_ONCE)
)
)
{
xmlBufferWriteChar(buf, "(");
}
Preconditions: cur
, content
, cur->parent
not null
(gdb) p* cur
$2 = {type = XML_ELEMENT_CONTENT_OR, ocur = XML_ELEMENT_CONTENT_MULT, name = 0x0, c1 = 0x4d178e0, c2 = 0x4d17960, parent = 0x1, prefix = 0x0}
Here cur->parent
is not null, however, it is not valid either.
In the original code, existence of cur->parent
is semantically guarded by cur != content
.
We currently manually identify all these bugs and skip them, as they are easily debug and identify with GDB.