bool b = -1; if(b) printk("Yes, -1 maps to true!");
/* Assign -1 to bool variable */ bool b = -1; if(b) printk("Yes, -1 maps to true!"); /* Return -1 in bool function */ bool f(void) { return -1; } if (f()) printk("Yes, -1 maps to true!"); Yesterday I was reading this interesting discussion about the boolean type in C. The most interesting sentence was: "0 is false, 1 is true, any other value is *undefined behavior*." Then I started to look for abuses of the bool type in the Linux kernel. I wrote simple semantic patches for getting cases in which a negative values are being returned by bool functions: @@ identifier f, ret; constant C; typedef bool; @@ bool f (...){ <+... ret = -C; ... * return ret; ...+> } and @@ identifier f; constant C; typedef bool; @@ bool f (...){ <+... * return -C; ...+> } The first search for boolean functions that assign negative value to a