Prevalence of Antipattern for GenProg AE in the GenProg benchmarks

As GenProg generates patches in the CIL format, the following generated patches (in 3rd column) may appear to be significantly different from the original source code (in 2nd column) due to the C to CIL conversion.
Due to the difficulties in analyzing the patches (in CIL format) generated for the original AE experiments, we obtain the following data by re-running original GenProg in our experiments with option "--label-repair" to mark the repaired location to understand the changes between the original C source code and the repaired CIL file. We recommend using this option (i.e., "--label-repair") for users who are interested in running GenProg and understanding the generated patches.
*Note that the text highlighted in green means addition of statement while the text highlighted in red means removal of statement
*As GenProg doesn't generate patch that modifies conditional statement, the "Anti-append Trivial Conditions" is not applicable for GenProg, thus it is not show in the table below.

Buggy Versions	Human Patch	Original GP-AE Patch	Anti-delete Control Statement		Anti-delete Set-Before-If	Anti-delete CFG exit node				Anti-append Early Exit			Anti-delete Single-statement CFG
Buggy Versions	Human Patch	Original GP-AE Patch	Delete if-branch	Delete while-loop	Delete temp-condition	Delete-exit	Delete return	Delete goto	Delete error code	Insert early return	Insert early exit	Insert goto	Delete only statement within if
php-bug-307931-307934	Add a line: SEPARATE_ZVAL(elem);	Delete if-statement below, human fix is in different function: call_result = call_user_function_ex(NULL, &us->object, &func_name, &retval, 0, NULL, 0, NULL TSRMLS_CC); if (call_result == SUCCESS && retval != NULL && Z_TYPE_P(retval) == IS_ARRAY) { if (SUCCESS == statbuf_from_array(retval, ssb TSRMLS_CC)) ret = 0; } else { if (call_result == FAILURE) { php_error_docref(NULL TSRMLS_CC, E_WARNING, "%s::" USERSTREAM_STAT " is not implemented!", us->wrapper->classname); } }	1
php-bug-309986-310009	Add if and else condition: < zval_ptr_dtor(&object); --- > if (EXPECTED(*retval != object)) { > zval_ptr_dtor(&object); > } else { > Z_DELREF_P(object); > }	Delete a branch: if (PZVAL_IS_REF(object)) { SEPARATE_ZVAL(&object); }	1
php-bug-309111-309159	Add check: if (pp - s) { > ret->path = estrndup(s, (pp-s)); >php_replace_controlchars_ex(ret->path, (pp - s));> }"	Add check: if (pp - s) { > ret->path = estrndup(s, (pp-s)); >php_replace_controlchars_ex(ret->path, (pp - s));> }"
php-bug-310011-310050	Add one method call: zval_copy_ctor(tmp);	Delete: zend_hash_copy(tmp_ht, original_ht, (copy_ctor_func_t) zval_add_ref, (void ) &tmp, sizeof(zval ));
php-bug-307562-307561	Replace one method call with different method call: < htmlNodeDumpFormatOutput(buf, docp, node, 0, format); > xmlNodeDump(buf, docp, node, 0, format);	Search ends, no repair
php-bug-308525-308529	Move statement from inside method to before method call: > JSON_G(error_code) = PHP_JSON_ERROR_NONE; < JSON_G(error_code) = PHP_JSON_ERROR_NONE;	Delete JSON_G(error_code) = PHP_JSON_ERROR_NONE;							1
php-bug-307302-307307	Multiple files change. Refer to http://svn.php.net/viewvc?view=revision&revision=307307	Delete loop: while (1) { __z = return_value; __z->value.lval = (long )((int )retval != 0); __z->type = (unsigned char)3; break; }		1
php-bug-307688-307689	Patch turn existing statements into loops. Refer to http://svn.php.net/viewvc?view=revision&revision=307689	Delete the if check that check whether timezone is valid: if (php_date_global_timezone_db) { tmp___1 = (timelib_tzdb const )php_date_global_timezone_db; } else { tmp___0 = timelib_builtin_db(); tmp___1 = tmp___0; } tmp___2 = timelib_timezone_id_is_valid(zone, tmp___1); if (tmp___2) { } else { php_error_docref0((char const )((void *)0), 1 < < 3L, "Timezone ID \'%s\' is invalid", zone);	1
php-bug-307914-307915	Change error message: spprintf(error, 0, "Cannot create phar '%s', file extension (or combination) not recognised or the directory does not exist", fname);	Delete phar_globals.request_done = 1;
php-bug-308262-308315	Add a condition: 1261c1261,1263 < zend_error(E_NOTICE, "Uninitialized string offset: %ld", Z_LVAL_P(dim)); --- > if (type != BP_VAR_IS) { < zend_error(E_NOTICE, "Uninitialized string offset: %ld", Z_LVAL_P(dim)); < }	Delete expr_ptr = new_expr;
php-bug-308475-308477	Many file changes. Refer to http://svn.php.net/viewvc?view=revision&revision=308477	Delete persistent_id = NULL;
php-bug-308523-308525	adding condition check for overflow in two files: if(precision>FORMAT_CONV_MAX_PRECISION) { > precision = FORMAT_CONV_MAX_PRECISION; > }	Delete s = ap_php_conv_10(i_num, (*fmt) == 'u', & is_negative, & num_buf[NUM_BUF_SIZE], & s_len);
php-bug-309487-309491	Multiple files change. Refer to http://svn.php.net/viewvc?view=revision&revision=309491	Add goto _L;										1
php-bug-309516-309535	Replace set with method call in multiple places: > memset(&dateobj->time->relative, 0, sizeof(struct timelib_rel_time)); 2864,2865d2864 < dateobj->time->relative.weekday = 0; < dateobj->time->relative.have_weekday_relative = 0; 2904a2904 > memset(&dateobj->time->relative, 0, sizeof(struct timelib_rel_time)); 2912,2913d2911 < dateobj->time->relative.weekday = 0; < dateobj->time->relative.have_weekday_relative = 0;	Delete whole branch by deleting the statement: tmp=zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", & zone, & zone_len) == FAILURE:if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "s", & zone, & zone_len) == FAILURE) { RETURN_FALSE; }			1
php-bug-309892-309910	Delete if-block: if (len > s1_len - offset) { len = s1_len - offset; }	Delete if (len >(long )s1_len - offset) { len = (long )s1_len - offset; }	1
php-bug-309984-309986	Missing initialization and increment condition in loop. Refer to http://svn.php.net/viewvc?view=revision&revision=309986	Delete if (zend_parse_parameters(ZEND_NUM_ARGS() TSRMLS_CC, "zH", & key, & array) == FAILURE) { return; }	1
php-bug-310673-310681	Missing while loop. Refer to http://svn.php.net/viewvc?view=revision&revision=310681	Delete: MAKE_STD_ZVAL(context-> options); array_init(context-> options); after context = ecalloc(1, sizeof(php_stream_context));
php-bug-311164-311141	Add another condition: < c.flags = CONST_PERSISTENT \| CONST_CS; --- > c.flags = CONST_PERSISTENT;	Delete: if (!(c->flags & CONST_CS)) { /* keep in mind that c->name_len already contains the '\0' / lowercase_name = estrndup(c-> name, c->name_len-1); zend_str_tolower(lowercase_name, c-> name_len-1); lowercase_name = zend_new_interned_string(lowercase_name, c->name_len, 1 TSRMLS_CC); name = lowercase_name; } else { char slash = strrchr(c->name, '\\'); if(slash) { lowercase_name = estrndup(c->name, c->name_len-1); zend_str_tolower(lowercase_name, slash-c->name); lowercase_name = zend_new_interned_string(lowercase_name, c->name_len, 1 TSRMLS_CC); name = lowercase_name; } else { name = c->name; } }	1
php-bug-311323-311300	Modify parameter value: < STD_PHP_INI_ENTRY("pcre.backtrack_limit", "1000000", PHP_INI_ALL, OnUpdateLong, backtrack_limit, zend_pcre_globals, pcre_globals) --- > STD_PHP_INI_ENTRY("pcre.backtrack_limit", "100000", PHP_INI_ALL, OnUpdateLong, backtrack_limit, zend_pcre_globals, pcre_globals)	Delete the branch: tmp = zend_parse_parameters(ht, "ZZZ\|lZ", & regex, & replace, & subject, & limit, & zcount); if (tmp == (int __attribute__((__visibility__("default"))) )-1) { return; } else { }	1
libtiff-bug-5b02179-3dfb33b	Modify method call: <TIFFGetFieldDefaulted(in, TIFFTAG_RESOLUTIONUNIT, &res_unit); > TIFFGetField(in, TIFFTAG_RESOLUTIONUNIT, &res_unit);	Delete the error branch: if (computeInputPixelOffsets(crop, image, &offsets)) { TIFFError ("getCropOffsets", "Unable to compute crop margins"); return (-1); }							1
libtiff-bug-d13be72c-ccadf48a	Wrong Constant: td->td_nstrips > 1 ~should be~ td->td_nstrips > 2	Delete the whole branch: if (isTiled(tif)) { tif->tif_tilesize = TIFFTileSize(tif); if (!tif->tif_tilesize) { TIFFErrorExt(tif->tif_clientdata, module, "%s: cannot handle zero tile size", tif->tif_name); return (0); } } else { if (!TIFFStripSize(tif)) { TIFFErrorExt(tif->tif_clientdata, module, "%s: cannot handle zero strip size", tif->tif_name); return (0); } }	1
libtiff-bug-d39db2b-4cd598c	Wrong return value: < return (status); > return (0);	Delete return (status);					1
libtiff-bug-01209c9-aaf9eb3	Missing support for SGILOG encoding. Refer to http://git.ghostscript.com/?p=user/chrisl/libtiff.git;a=commit;h=aaf9eb3	Delete exit(-1);				1
libtiff-bug-10a4985-5362170	Lots of changes: Added label done: in multiple places with return values. Refer to http://git.ghostscript.com/?p=user/chrisl/libtiff.git;a=commit;h=5362170	Delete a loop: for (; optind < argc-1 ; optind++) { char imageCursor = argv[optind]; in = openSrcImage (&imageCursor); if (in == NULL) return (-3); if (diroff != 0 && !TIFFSetSubDirectory(in, diroff)) { TIFFError(TIFFFileName(in), "Error, setting subdirectory at %#x", diroff); (void) TIFFClose(out); return (1); } for (;;) { config = defconfig; compression = defcompression; predictor = defpredictor; fillorder = deffillorder; rowsperstrip = defrowsperstrip; tilewidth = deftilewidth; tilelength = deftilelength; g3opts = defg3opts; if (!tiffcp(in, out) \|\| !TIFFWriteDirectory(out)) { TIFFClose(out); return (1); } if (imageCursor) { / seek next image directory */ if (!nextSrcImage(in, &imageCursor)) break; } else if (!TIFFReadDirectory(in)) break; } TIFFClose(in);		1
libtiff-bug-0661f81-ac6a583	Removal of check regarding rawcc data: 326,327d325 < tmsize_t orig_rawcc = tif->tif_rawcc; < 341,344c339 < * by the compression close+cleanup routines.But <* be careful not to write stuff if we didn't add data < * in the previous steps as the "rawcc" data may well be < * a previously read tile/strip in mixed read/write mode. > * by the compression close+cleanup routines. 346c341 > if (tif->tif_rawcc > 0 && tif->tif_rawcc != orig_rawcc > if (tif->tif_rawcc > 0	Delete if (!(tif->tif_flags&TIFF_BIGTIFF)) { uint32 m; uint32 nextdir; m = (uint32)(tif->tif_diroff); if (tif->tif_flags & TIFF_SWAB) TIFFSwabLong(&m); if (tif->tif_header.classic.tiff_diroff == 0) { /* * First directory, overwrite offset in header. / tif->tif_header.classic.tiff_diroff = (uint32) tif->tif_diroff; (void) TIFFSeekFile(tif,4, SEEK_SET); if (!WriteOK(tif, &m, 4)) { TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "Error writing TIFF header"); return (0); } return (1); } / * Not the first directory, search to the last and append. */ nextdir = tif->tif_header.classic.tiff_diroff; while(1) { uint16 dircount; uint32 nextnextdir; if (!SeekOK(tif, nextdir) \|\| !ReadOK(tif, &dircount, 2)) { TIFFErrorExt(tif->tif_clientdata, module, "Error fetching directory count"); return (0); } if (tif->tif_flags & TIFF_SWAB)	1
libtiff-bug-0860361d-1ba75257	Modify check condition: < /* Check for overflow. / < if (!dir->tdir_count \|\| !w \|\| (tsize_t)dir->tdir_count/w != cc) < goto bad; < 985,988c981 < tsize_t offset = dir->tdir_offset + cc; < / Check for overflow. */ < if ((tsize_t)dir->tdir_offset != offset - cc < \|\| offset > (tsize_t)tif->tif_size) > if (dir->tdir_offset + cc > tif->tif_size)	Delete all goto bad conditions: /* Check for overflow. / __repair_del_1009__181: { if (!dir->tdir_count \|\| !w \|\| (tsize_t)dir->tdir_count / w != cc) goto bad; if (!isMapped(tif)) { if (!SeekOK(tif, dir->tdir_offset)) goto bad; if (!ReadOK(tif, cp, cc)) goto bad; } else { tsize_t offset = dir->tdir_offset + cc; / Check for overflow. */ if ((tsize_t)dir->tdir_offset != offset - cc \|\| offset > (tsize_t)tif->tif_size) goto bad; _TIFFmemcpy(cp, tif->tif_base + dir->tdir_offset, cc); }						1					1
libtiff-bug-0fb6cf7-b4158fa	Implementation of new features.Refer to http://git.ghostscript.com/?p=user/chrisl/libtiff.git;a=commit;h=b4158fa	Delete: if (! tmp___9) { #line 9403 TIFFError("loadImage", "Unable to read separate strips into buffer"); #line 9404 return (-1); }in: tmp___9 = readSeparateStripsIntoBuffer(in, read_buff, length, width, spp, dump); image->bps = bps; __repair_del_4750__24: /* CIL Label */ { }							1
libtiff-bug-3af26048-72391804	Wrong operand order: if (!dir->tdir_count \|\| !w \|\| (tsize_t)dir->tdir_count / w != cc) ~should be~ if (!dir->tdir_count \|\| !w \|\| cc / w != (tsize_t)dir->tdir_count)	Delete whole if statement: cc = (tsize_t )(dir->tdir_count * (uint32 )w); if (! dir->tdir_count) { goto bad; } else { if (! w) { goto bad; } else { if ((int )dir->tdir_count / w != cc) { goto bad; } else { } } }	1
libtiff-bug-4a24508-cc79c2b	remove condition of multiple if: 276c276 < if (tif->tif_fields && tif->tif_nfields > 0) { --- > if (tif->tif_fields) { 289d288 < tif->tif_fields = NULL; 347c346 < if (tif->tif_fields && tif->tif_nfields > 0) { --- > if (tif->tif_nfields > 0) {	Delete setting of foundfield by changing: < return tif->tif_foundfield = (ret ? ret : NULL); > return (ret ? ret : NULL);
libtiff-bug-5e6542ee-e779b6cd	Missing a flag: < tif->tif_flags &= ~(TIFF_BEENWRITING\|TIFF_BUFFERSETUP\|TIFF_POSTENCODE); > tif->tif_flags &= ~(TIFF_BEENWRITING\|TIFF_BUFFERSETUP\|TIFF_POSTENCODE\|TIFF_BUF4WRITE);	Delete all content of a method except for return 1: intTIFFFlushData1(TIFF* tif){ repair_delete:{if (tif->tif_rawcc > 0) { if (!isFillOrder(tif, tif->tif_dir.td_fillorder) && (tif->tif_flags & TIFF_NOBITREV) == 0) TIFFReverseBits((uint8*)tif->tif_rawdata, tif->tif_rawcc); if (!TIFFAppendToStrip(tif, isTiled(tif) ? tif->tif_curtile : tif->tif_curstrip, tif->tif_rawdata, tif->tif_rawcc)) return (0); tif->tif_rawcc = 0; tif->tif_rawcp = tif->tif_rawdata; } return (1);}	1										1
libtiff-bug-6f9f4d7-73757f3	Need to modify multiple lines. Refer to http://git.ghostscript.com/?p=user/chrisl/libtiff.git;a=commit;h=73757f3	Delete setting of foundfield by changing: < return tif->tif_foundfield = (ret ? ret : NULL); > return (ret ? ret : NULL);
libtiff-bug-829d8c4-036d7bb	Missing the check and set when a variable is < 1: if (test > image->width - 1) < crop->regionlist[i].x2 = image->width - 1; if (test < 1 ) crop->regionlist[i].x2 = 0;	Delete the branch tmp___0 = writeCroppedImage(in, out, image, dump, crop->combined_width, crop->combined_length, crop_buff, (int )page, (int )total_pages); if (tmp___0) { TIFFError("writeRegions", "Unable to write new image"); return (-1); } else	1
libtiff-bug-8f6338a-4c5a9ec	Add new functionality for bpp: > case '4': /* it's a PBM file / > bpp = 1; > spp = 1; > photometric = PHOTOMETRIC_MINISWHITE; > break; 130a138 > bpp = 8;134a143 > bpp = 8;154c163 < / Check fo comment line /--- > / Check for comment line */164a174,181 > switch (bpp) {> case 1: > if (fscanf(in, " %u %u", &w, &h) != 2) > BadPPM(infile); > if (fgetc(in) != '\n') > BadPPM(infile); > break; > case 8:169c186,187< ---> break; > }	Delete exit(-2); in static void BadPPM(char file ){ { fprintf((FILE /* __restrict /)stderr, (char const /* __restrict /)"%s: Not a PPM file.\n", file); __repair_del_588__43: / CIL Label */ { exit(-2) }}				1
libtiff-bug-90d136e4-4c66680f	Changing implementation from sprintf to snprintf. Lots of changes. Refer to http://git.ghostscript.com/?p=user/chrisl/libtiff.git;a=commit;h=4c66680f	Delete return (ret);					1
libtiff-bug-ed4969a-8a184dc	Wrong type for diroff:uint32 diroff[1]; ~should be~ toff_t diroff[1];	Delete the if() return 2 block: in = TIFFOpen(argv[optind], "r"); if( in == NULL ) return 2;	1
libtiff-bug-ee2ce5b7-b5691a5a	Add goto success	Delete return (ret);					1
python-bug-69783-69784	if (y < 1000) { - PyObject accept = PyDict_GetItemString(moddict,- "accept2dyear"); - if (accept != NULL) { - int acceptval = PyObject_IsTrue(accept);- if (acceptval == -1)- return 0;- if (acceptval) {- if (0 <= y && y < 69)- y += 2000;- else if (69 <= y && y < 100) - y += 1900;- else { - PyErr_SetString(PyExc_ValueError, - "year out of range");- return 0; - } - if (PyErr_WarnEx(PyExc_DeprecationWarning, - "Century info guessed for a 2-digit year.", 1) != 0) - return 0; - } - } - else - return 0; - } - / Accept 2-digit dates unless PYTHONY2K is set and non-empty / - p = Py_GETENV("PYTHONY2K"); - PyModule_AddIntConstant(m, "accept2dyear", (long) (!p \|\| !p)); - /* Squirrel away the module's dictionary for the y2k check */ - moddict = PyModule_GetDict(m); - Py_INCREF(moddict);	Delete if (! p) { #line 925 tmp___0 = 1; } else { #line 925 if (! *p) { #line 925 tmp___0 = 1; } else { #line 925 tmp___0 = 0; } }
gzip-bug-3fe0caeada6aa3-39a362ae9d9b00	need to modify multiple lines: 338c338 < q = (struct huft ) malloc (2 sizeof q); --- > q = (struct huft ) malloc (3 * sizeof q); 341c341 < hufts += 2; --- > hufts += 3; 344a345,346 > q[2].e = 99; / invalid code marker */ > q[2].b = 1;	Delete c[i] += y;
wireshark-bug-37172-37171	< #define DEBUG_DUMPCAP < #define DEBUG_CHILD_DUMPCAP --- > /#define DEBUG_DUMPCAP/ > /#define DEBUG_CHILD_DUMPCAP	Delete fprintf((FILE / __restrict /)stderr, (char const /* __restrict */)"%s", msg);							1
wireshark-bug-37172-37173	< #define DEBUG_DUMPCAP < #define DEBUG_CHILD_DUMPCAP --- > /#define DEBUG_DUMPCAP/ > /#define DEBUG_CHILD_DUMPCAP	Delete fprintf((FILE / __restrict /)stderr, (char const /* __restrict */)"%s", msg);							1
wireshark-bug-37284-37285	< #define DEBUG_DUMPCAP < #define DEBUG_CHILD_DUMPCAP --- > /#define DEBUG_DUMPCAP/ > /#define DEBUG_CHILD_DUMPCAP	Delete fprintf((FILE / __restrict /)stderr, (char const /* __restrict */)"%s", msg);							1
lighttpd-bug-1806-1807	Add multiple cases. Refer to http://people.csail.mit.edu/zichaoqi/PatchAnalysis/lighttpd/lighttpd-bug-1806-1807/	Delete if (!con->conditional_is_valid[dc->comp]) { if (con->conf.log_condition_handling) { TRACE("cond[%d] is valid: %d", dc->comp, con->conditional_is_valid[dc->comp]); } return COND_RESULT_UNSET; }	1
lighttpd-bug-2330-2331	Add multiple lines. Refer to http://people.csail.mit.edu/zichaoqi/PatchAnalysis/lighttpd/lighttpd-bug-2330-2331/	Delete srv_encodings \|= 1 << 4;
lighttpd-bug-2661-2662	Add: if (str->used == 0) return;	Delete entire for-loop: for (unsigned int i = 0; i < str->used - 1; i++) { if (str->ptr[i] >= ' ' && str->ptr[i] <= '~') { /* printable chars / buffer_append_string_len(dest, &str->ptr[i], 1); } else switch (str->ptr[i]) { case '"': BUFFER_APPEND_STRING_CONST(dest, "\\\""); break; case '\\': BUFFER_APPEND_STRING_CONST(dest, "\\\\"); break; case '\b': BUFFER_APPEND_STRING_CONST(dest, "\\b"); break; case '\n': BUFFER_APPEND_STRING_CONST(dest, "\\n"); break; case '\r': BUFFER_APPEND_STRING_CONST(dest, "\\r"); break; case '\t': BUFFER_APPEND_STRING_CONST(dest, "\\t"); break; case '\v': BUFFER_APPEND_STRING_CONST(dest, "\\v"); break; default: { / non printable char => \xHH */ char hh[5] = {'\\','x',0,0,0}; char h = str->ptr[i] / 16; hh[2] = (h > 9) ? (h - 10 + 'A') : (h + '0'); h = str->ptr[i] % 16; hh[3] = (h > 9) ? (h - 10 + 'A') : (h + '0'); buffer_append_string_len(dest, &hh[0], 4); } break; } }		1
Total			14	3	2	2	4	1	7	0	0	1	2