Posts

Showing posts from September, 2015

bool b = -1; if(b) printk("Yes, -1 maps to true!");

/* Assign -1 to bool variable */ bool b = -1; if(b) printk("Yes, -1 maps to true!"); /* Return -1 in bool function */ bool f(void) { return -1; } if (f()) printk("Yes, -1 maps to true!");
Yesterday I was reading this interesting discussion about the boolean type in C. The most interesting sentence was:

"0 is false, 1 is true, any other value is *undefined behavior*."

Then I started to look for abuses of the bool type in the Linux kernel. I wrote simple semantic patches for getting cases in which a negative values are being returned by bool functions:

@@ identifier f, ret; constant C; typedef bool; @@ bool f (...){ <+... ret = -C; ... * return ret; ...+> }
and

@@ identifier f; constant C; typedef bool; @@ bool f (...){ <+... * return -C; ...+> }
The first search for boolean functions that assign negative value to a variable, and r…