C: main() returning an array always equals to 56

Question

I wonder what happens when I play with the return value of the main function.

I found that if I return an array variable from main (which is supposed to be the exit status) and print the exit status in shell, the output is always 56. I wonder why?

The C program:

int* main(void) {
    static int x[3];
    x[0]=89;
    x[1]=15;
    x[2]=10;
    return x;
} 

I test it as follows:

gcc array_return.c -o array_return
./array_return
echo $?

The output is always 56 even if I change the size of the array, or change the numbers in it. What does the number 56 mean?

Answer 1

Your program returns a pointer. It's not an "array" as you put it in the question. Because the name of an array evaluates to the address of its first item (which is the same as address of the array itself).

In C, the value returned from the main function is interpreted as the exit status, i.e. the $? variable used in your example.

I guess, you're running Bash shell, since in Bash the exit status is stored in the $? variable. A pointer is usually a big number, at least bigger than 255, which is a maximum exit code in Bash:

Out of range exit values can result in unexpected exit codes. An exit value greater than 255 returns an exit code modulo 256. For example, exit 3809 gives an exit code of 225 (3809 % 256 = 225).

Now let's modify your program by printing the address of the variable, and the address modulo 256:

#include <stdio.h>

int main(void) {
    static int x[3];
    printf("%ld ==> %d\n", (size_t)x, (size_t)x % 256);
    return (int)x;
}

Let's compile it and test if I'm right:

$ gcc -Wall -g test.c -o test && ./test; echo $?
test.c: In function ‘main’:
test.c:6:12: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
     return (int)x;
            ^
6295620 ==> 68
68

As we can see, the return status is equal to 6295620 % 256, as it is documented in the official documentation.

Answer 2

According to ISO C,int* main(void) is not one of the forms of the startup function main that an implementation is required to support. So the behavior is not defined by the language standard.

int *main(void) could work as a documented extension provided by your implementation of C. In this manner, C implementations can support additional ways of writing the startup function.

More probably, the construct is erroneous, and your implementation is simply ignoring the situation; it's just compiling the code and letting the machine instructions do what they may. To understand the actual behavior, you have to understand what is happening at that level.

Quite possibly, the bitwise representation of the returned pointer itself is interpreted as an integer termination status value, which translates to an operating system exit code of 56. (Perhaps some bitfield in the value, such as the lowest 8 bits, is 56). That's assuming that int * and int are returned from a function in the same way. They might not be. For instance, in C compilers for the Motorola 68000 series of processors there exists the convention that a pointer is returned via the A0 register, and an integer value in D0. So if an int * returning function is written to satisfy an external reference to something that is expected to return int, the caller receives whatever garbage happens to be in D0, while the pointer has gone into A0.

Because the behavior is not defined, there is no requirement for a diagnostic! In the C language, you can even write this:

int main[42] = { 3 };

in some environments that will compile, and link. When executed, the array data ends up used as a machine language function image. A program relying on this trick once (perhaps more than once) appeared in the IOCC: International Obfuscated C Contest.