
The Shortest Crashing C Program - cfj
http://llbit.se/?p=1744
======
AlexanderDhoore
This reminds me of "A Whirlwind Tutorial on Creating Really Teensy ELF
Executables for Linux" [1]. The author tries to create the smallest possible
elf executable possible. You would think it'd be easy... :) go read it. Very
cool!

[1]
[http://www.muppetlabs.com/~breadbox/software/tiny/teensy.htm...](http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html)

~~~
sublimit
The way he just keeps pushing further and further pleases the hacker inside
me. A recommended read for sure.

------
femto
It depends on the definition. You can do better than this if you define a
valid C program as anything that passes though the C compiler and generates an
executable. Behold the zero length program:

$ touch a.c

$ gcc -c a.c

$ ld a.o

ld: warning: cannot find entry symbol _start; defaulting to 0000000000400078

$ ./a.out

Segmentation fault

~~~
yuvadam
Does not compute. At least on OS X:

    
    
       $ ld a.o
       ld: warning: -macosx_version_min not specified, assuming 10.7
       Undefined symbols for architecture x86_64:
        "start", referenced from:
           implicit entry/start for main executable
       ld: symbol(s) not found for inferred architecture x86_64

~~~
lgeek
Does it work if you specify an entry address? Something like this:

gcc -nostdlib ./empty.c -e0 -o ./empty

------
to3m
The explanation is not quite correct - execution starts at &main rather than
the address given by the value of main. On VC++, at least - well, on my PC
anyway - the process halts because the data segment doesn't have the execute
bit set. It isn't trying to run code at address 0.

(If execution of bytes in the data segment were possible, which I'm sure it
used to be, then you'd still likely get a crash, but it's not guaranteed.
(uint32_t)0 is a valid sequence of instructions - it's ADD BYTE PTR [EAX],AL -
and so if EAX contained a valid value then it would execute without a problem.
Then, if the following byte were 0xC3 (RET) then the program would execute.
OK, so that's all rather unlikely, but you have to bear these things in mind.
So I think 0xCC (INT 3) would be a better choice.)

~~~
anarion
No, a ret instruction would probably segfault, depending on the content of the
stack. To terminate a program you have to use the corresponding system call.
On linux :

mov $1, %eax

int $0x80

~~~
to3m
That (or something like it) is true for the process as a whole, but not
necessarily for main. It's usual to call main from a library-provided
function, so it returns just like any other function. This removes the need to
special-case main in any way, and provides a space for any system-specific
startup and shutdown code.

If you've got VS2012, you can see this code in the file at something like
"c:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\crt\src\crt0.c" (it
should be easy to find for other versions - it's been in pretty much in that
place, with that name, probably with those contents, since VC5 I think).

For glibc, see [http://sourceware.org/git/?p=glibc.git;a=blob;f=csu/libc-
sta...](http://sourceware.org/git/?p=glibc.git;a=blob;f=csu/libc-
start.c;h=e5da3efd0699b37438841f3f048e5a84445de1ca;hb=HEAD#l300).

My post was a bit x86/VC++-specific but the principles have been common to all
the C environments I've used. I don't think I've ever used one that by default
called your startup function directly, bypassing C runtime initialisation.
(Though it's very easy to set this up with Visual Studio.)

------
dysoco
Seems to work really well: It even crashed the website.

~~~
kd0amg
But now we can't marvel at how short it is.

------
Jabbles
Who says it will crash? Could run very nicely, printing a list of prime
numbers, or write poetry, or anything else that undefined behaviour
encompasses.

~~~
ghayes
"global variables in C are initialized to zero implicitly"

NULL pointers will lead to a crash. It would be more interesting to have it as
a random pointer, which could do quite anything.

~~~
subleq
> NULL pointers will lead to a crash.

Not in C. Dereferencing a NULL pointer is undefined behavior, so any of the
actions described by the parent would be correct.

~~~
gizmo686
Is 0 really the same thing the sane thing as 'NULL' in the context of C? If
you actually wanted a pointer to the begging of the memory, you would
dereference 0, which has the well defined meaning of getting whatever is at
memory address 0. When the programming attempts to get that, it is shut down
by the system.

~~~
asveikau
> Is 0 really the same thing the sane thing as 'NULL' in the context of C?

Yes. I don't have chapter and verse handy but it is in the standard. The bit
pattern of NULL is not required to be zero (so memset(&p, 0, sizeof(p)) is not
guaranteed to yield null) but it must compare equally to 0 and assigning 0
must produce NULL.

[Edit: OK, in C99 this is covered in 6.3.2.3: Pointers. "An integer constant
expression with the value 0, or such an expression cast to type void * , is
called a _null pointer constant_." Then 7.17.3 says that NULL expands to a
null pointer constant.]

> If you actually wanted a pointer to the begging of the memory, you would
> dereference 0,

Yeah, it's really easy to set up an environment where that happens. At one
point I was experimenting with writing a small/toy kernel for x86 and I mapped
the virtual address 0 to a valid page, and boom, dereferencing NULL did stuff.
Not a great idea to set up the page tables that way for obvious reasons, but
I'm going to guess that lots of hardware out there will let you do it...

In the old days of 16-bit x86, linear address 0 had the interrupt vector, so
as I recall lots of DOS (maybe even Win9x) environments had dereferencing NULL
do meaningful (surely confusing) things.

------
alcuadrado
It seems to be down, google cache:
[http://webcache.googleusercontent.com/search?q=cache:4FhUcns...](http://webcache.googleusercontent.com/search?q=cache:4FhUcns72Z4J:llbit.se/%3Fp%3D1744+&cd=1&hl=es-419&ct=clnk&gl=ar)

~~~
lucb1e
Wordpress strikes again; "error establishing database connection"

~~~
rabino
A bad hosting strikes again.

~~~
lucb1e
I have bad hosting with good software. Ran flawlessly with 8-15ms generation
times on #3 of the HN homepage for a couple hours, only the network latency
went up to at peak ~1.2 seconds (got less than 1mbps upload here). The page
also executes multiple database queries for each pageload, just like
Wordpress. No caching needed for me, it's all about optimization.

~~~
sablezab
What software do you use?

~~~
lucb1e
Self written, no framework used. It's a simple blog with quite custom
requirements so I figured whynot just build a custom one. It runs on an Intel
Atom, 1GB RAM (and there's more to run than a wamp stack). and 832kbps uplink.

As for software, I wrote it for PHP 5.3 (nowadays upgraded to 5.4 though) with
MySQL and persistent database connections. The server is Windows 7 with apache
2.4.

------
bbanyc
The first IOCCC winner declared main as a short[] of VAX machine code:
<http://www.ioccc.org/1984/mullender.c>

You could probably do the same thing in x86 and it'd work on a modern
compiler.

~~~
ssp
It won't work on modern Linux with modern CPUs because the array will not be
in an executable mapping.

------
deweerdt
> Also, global variables in C are initialized to zero implicitly, so this is
> equivalent:

EDIT: _this_ is wrong, see below.

That's wrong. 'static' variables are initialized to zero. Non-static variables
are un-initialized, so they have a "random" value.

See:

$ valgrind ./a.out

==5118== Memcheck, a memory error detector

==5118== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al.

==5118== Using Valgrind-3.8.1 and LibVEX; rerun with -h for copyright info

==5118== Command: ./a.out

==5118==

==5118==

==5118== Process terminating with default action of signal 11 (SIGSEGV)

==5118== Bad permissions for mapped region at address 0x600864

==5118== at 0x600864: ??? (in /home/def/a.out)

==5118== by 0x4E54A14: (below main) (in /usr/lib/libc-2.17.so)

~~~
to3m
See my post: <https://news.ycombinator.com/item?id=5762363>

main will have a value of zero, and 0x600864 will presumably be &main (it's
not the initial arbitrary value of main).

Auto variables are left uninitialized so that they don't have to be given a
value when they're allocated. It's for efficiency, and it makes the compiler
simpler to have this blanket rule rather than have it try to figure out the
minimal initializations necessary (which probably isn't even possible). But
this ocnsideration doesn't apply to globals or statics, because the
initialization can be done at compile time, or (sometimes, in C++) on program
startup.

~~~
lgeek
> the initialization can be done at compile time, or (sometimes, in C++) on
> program startup

With ELF binaries for C programs it's done at startup as well. The data
segment is created as having memory size SIZEM and file size SIZEF. If SIZEF <
SIZEM, memory from SIZEF to SIZEM is set to 0.

------
themattrix
You can go even shorter if you cheat:

    
    
         $ cat short.c
         M
         $ gcc -DM='main;' short.c -o short
         $ ./short
         Segmentation fault

------
danielsamuels
The Shortest Crashing Wordpress Site

------
_kushagra
The site seems down, "Error establishing a database connection"

~~~
tshile
Which has its own irony

~~~
BostX
:) works as intented

------
jstanley
I'm not convinced this is a C89 program. It is only an "accident" that the
linker doesn't know about types.

I find it hard to believe that the C89 spec states that an integer called
"main" is to be considered the main function, and suspect this is undefined
behaviour (though I've not checked).

~~~
poizan42
It can't be a valid C89 program. On many Harvard architecture based
microprocessors data pointers and code pointers have differing size.

~~~
dietrichepp
Different size maybe, but different busses^H^H^H^H^H^Haddress spaces
definitely, and using an address on the wrong bus is a sure way to cause
problems.

~~~
poizan42
Of course that is the definition of a Harvard architecture. It doesn't says
that it won't link, just that it won't work. If compiling to an architecture
with smaller sized code pointers than data pointers then the linker will most
likely refuse to link it at all - otherwise it will have to truncate the
adresses.

------
marshray
How about:

    
    
        main(){*(int*)0=0;}
    

or:

    
    
        main(){*""=0;}
    

or:

    
    
        main(){main();}

~~~
rwmj
Edit: deleted because I got to the Google cache and that's what the site was
suggesting.

~~~
marshray
That's essentially where he's going with it, noting that you can even leave
off the "=0". But as others here point out there's some question as to how
many linkers will actually produce an executable image from that source.

------
joeyh
Seems appropriate that the default C program, as it were, segfaults.

------
stinos
"address 0, which is not an address that we have access to"

if I'm not mistaken, there are platforms like TI C600 dsps for which 0 is the
start of the usable address space

------
sfvisser
Interesting. We tried to do the same for Haskell. The shortest we could come
up with:

import Unsafe.Coerce;main=unsafeCoerce()1

~~~
tmhedberg
Why not:

    
    
        main=undefined

~~~
hesselink
That throws an exception, I believe. We wanted something that actually
segfaults.

------
webreac
With visual studio V6.0 (AFAIR), I made a short program that crashed the
compiler:

int a;::a::b();

------
sbanach
It's also the shortest C program that you can link at all.

~~~
efermat
$ echo "m;" > short.c

$ gcc -O0 -c short.c

short.c:1: warning: data definition has no type or storage class

$ ld -e _m -o short short.o

ld: warning: -macosx_version_min not specified, assuming 10.7

$ ./short

[1] 2040 segmentation fault ./short

------
qznc
"The shortest crashing C89 program" to be more precise. :)

------
Trufa
And interesting question, what would be the shortest not crashing C program?

main(){}

??

~~~
lgeek
An empty file would do: <https://news.ycombinator.com/item?id=5762578>

------
hkmurakami
reminds me of the recent fad of TAS (tool assisted speed run) videos of
"fastest crash" of video games.

------
stefap2
Shortest crashing website: Error establishing a database connection

------
kghose
for those who see the server crashing: The program is in C89

main;

