StoreValueReplacement should check the store operand

[alexander-forster]

The StoreValueReplacement class is used by the cxx_init_const and cxx_assign_const mutators to replace the operand of stores with the fixed value 42. This works unless the original value was already 42 in which case mull reports a false positive surviving mutant. For integer values, this is not much of a problem because 42 is rarely used.

Booleans are typically stored as i8 values and therefore also matched by the integer value mutators. Since many boolean operations truncate their arguments to a single bit and the LSB of 42 is 0, the mutators effectively replace false with false and we get a surviving mutant.

suggested fix

When the operand of a store is a constant integer, mull can inspect its LSB and set the LSB of the replacement to the inverse. That way every mutation changes the observable value. Even when it is only used in boolean contexts.

This minimalistic, untested fix removes the false positives in the example below.

alexander-forster/libirm@49601cd

example code

bool is42(int nr) {
    int val = 42;           //< false positive for cxx_init_const mutator
    return nr == val;
}

bool isEven(int nr) {
    bool result = false;    //< false positive for cxx_init_const mutator

    if (nr % 2 == 0)
        result = true;

    return result;
}

bool isOdd(int nr) {
    bool result = true;

    if (nr % 2 == 0)
        result = false;     //< false positive for cxx_assign_const mutator

    return result;
}

// mull-off
#define check(cond) if (!(cond)) return 1;

int main() {
    check( is42(42));
    check(!is42(100));
    check( isEven(0));
    check(!isEven(1));
    check( isOdd(1));
    check(!isOdd(0));

    return 0;
}
// mull-on

[AlexDenisov]

I love the lsb-flipping trick, much better solution than the hardcoded value!