jmp $
in intel x86 instruction set, "jmp $" means jump to this instruction location, thus falling into an infinite loop.
https://defuse.ca/online-x86-assembler.htm#disassembly
the instruction is "0xfeeb".
Based on this instruction, we can create possibly the shortest C program that can compile and run successfully on x86 platform.
main=0xfeeb;
1, the variable main has no type here, and will be defaulted to integer (int). this reminds us of the good old K&R days. This is still allowed by latest C standards (i.e. C99). therefore it's actually
int main=0xfeeb;
2, the variable main is a global variable, therefore the symbol "main" will be exported in this compilation unit. for example, if the file is named "shortest_c_program.c" and we execute the following commands:
$ gcc -std=c99 shortest_c_program.c -c shortest_c_program.c:1:1: warning: data definition has no type or storage class [enabled by default] shortest_c_program.c:1:1: warning: type defaults to ‘int’ in declaration of ‘main’ [enabled by default] $ objdump --syms shortest_c_program.o shortest_c_program.o: file format pe-i386 SYMBOL TABLE: [ 0](sec -2)(fl 0x00)(ty 0)(scl 103) (nx 1) 0x00000000 shortest_c_program.c File [ 2](sec 1)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .text AUX scnlen 0x0 nreloc 0 nlnno 0 [ 4](sec 2)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .data AUX scnlen 0x4 nreloc 0 nlnno 0 [ 6](sec 3)(fl 0x00)(ty 0)(scl 3) (nx 1) 0x00000000 .bss AUX scnlen 0x0 nreloc 0 nlnno 0 [ 8](sec 2)(fl 0x00)(ty 0)(scl 2) (nx 0) 0x00000000 _main
it's confirmed that the symbol "_main" is exported.
3, when this object file is linked against the compiler attached crt stub (part of the library e.g. glibc), by default the entry point is the symbol "_start". the symbol "_start" points to some code that will call a symbol "_main". typically the symbol _main points to the main function which is the compiled version of C main function. In this case, main actually points to a location where the value of the main variable is stored.
http://ftp.gnu.org/pub/old-gnu/Manuals/ld-2.9.1/html_node/ld_24.html
4, when _start calls _main, the cpu actually takes 0xfeeb as an instruction which is "jmp $" on x86, therefore it executes the instruction again and again.
another point, what's the shortest legitimate C program? i.e. which can compile successfully (but might not run successfully)
Answer:
main;
because main is a global variable, it's initialised to 0, therefore the program will crash on segfault (null pointer dereference).