Comment 1 for bug 1426651

Yes, that happens in logparser.py parse_event() which replaces c (create file) -> a and d (delete file) -> w.

We probably need to restrict that replacement to file-related operations, which also means to move it to add_event_to_tree() to avoid duplicating the list of operations.

Most important question: Is doing that replacement _only for file rules/events_ the correct behaviour, or are there other rule types that also need that replacement?