signals: Implement fake_stack_pop for Linux on x86_64 and i686 (JuliaLang#60013)

Add fake_stack_pop implementation for Linux platforms to improve stack
unwinding in debuggers when analyzing core dumps from signals like
SIGQUIT. This provides proper DWARF Call Frame Information (CFI)
directives that help unwinders locate saved register values on the
manipulated stack.

The implementation follows the same pattern as the existing macOS
version, with fake_stack_pop now unified in signals-unix.c to support
both platforms:
- x86_64: Uses .cfi_def_cfa %rsp with offsets for %rip and %rsp
- i686: Uses .cfi_def_cfa %esp with offsets for %eip and %esp
- aarch64: Uses .cfi_def_cfa sp with offsets for lr and sp

The jl_call_in_ctx function on Linux now sets up the stack similarly to
jl_call_in_state on macOS, pushing saved register state and a return
address pointing to fake_stack_pop to enable proper unwinding.

🤖 Generated with Claude Code

Author: vtjnash

src/julia_threads.h

@@ -186,6 +186,13 @@ typedef struct _jl_tls_states_t {
 #else
     void *signal_stack;
     size_t signal_stack_size;
+#endif
+#if defined(_OS_LINUX_) || defined(_OS_FREEBSD_) || defined(_OS_OPENBSD_)
+    // Saved context from jl_call_in_ctx for stack unwinding
+    uintptr_t signal_ctx_pc;
+    uintptr_t signal_ctx_sp;
+    void (*signal_ctx_fptr)(void);
+    uintptr_t signal_ctx_arg;
 #endif
     jl_thread_t system_id;
     _Atomic(int16_t) suspend_count;

src/signals-mach.c

@@ -220,36 +220,36 @@ typedef arm_exception_state64_t host_exception_state_t;
 #define HOST_EXCEPTION_STATE_COUNT ARM_EXCEPTION_STATE64_COUNT
 #endif
 
-// create a fake function that describes the variable manipulations in jl_call_in_state
-__attribute__((naked)) static void fake_stack_pop(void)
+// Create a fake function that describes the register manipulations in jl_call_in_state
+// The callee-saved registers still may get smashed (by the cdecl fptr), since we didn't explicitly copy all of the
+// state to the stack (to build a real sigreturn frame).
+__attribute__((naked)) static void jl_fake_signal_return(void)
 {
-#ifdef _CPU_X86_64_
-    __asm__ volatile (
-        "  .cfi_signal_frame\n"
-        "  .cfi_def_cfa %rsp, 0\n" // CFA here uses %rsp directly
-        "  .cfi_offset %rip, 0\n" // previous value of %rip at CFA
-        "  .cfi_offset %rsp, 8\n" // previous value of %rsp at CFA
-        "  nop\n"
-    );
+#if defined(_CPU_X86_64_)
+__asm__(
+    "  .cfi_signal_frame\n"
+    "  .cfi_def_cfa %rsp, 0\n" // CFA here uses %rsp directly
+    "  .cfi_offset %rip, 0\n" // previous value of %rip at CFA
+    "  .cfi_offset %rsp, 8\n" // previous value of %rsp at CFA
+    "  ud2\n"
+    "  ud2\n"
+);
 #elif defined(_CPU_AARCH64_)
-    __asm__ volatile (
-        "  .cfi_signal_frame\n"
-        "  .cfi_def_cfa sp, 0\n" // use sp as fp here
-        "  .cfi_offset lr, 0\n"
-        "  .cfi_offset sp, 8\n"
-        // Anything else got smashed, since we didn't explicitly copy all of the
-        // state object to the stack (to build a real sigreturn frame).
-        // This is also not quite valid, since the AArch64 DWARF spec lacks the ability to define how to restore the LR register correctly,
-        // so normally libunwind implementations on linux detect this function specially and hack around the invalid info:
-        // https://github.com/llvm/llvm-project/commit/c82deed6764cbc63966374baf9721331901ca958
-        " nop\n"
-    );
-#else
-CFI_NORETURN
+__asm__(
+    "  .cfi_signal_frame\n"
+    "  .cfi_def_cfa sp, 0\n" // use sp as fp here
+    // This is not quite valid, since the AArch64 DWARF spec lacks the ability to define how to restore the LR register correctly,
+    // so normally libunwind implementations on linux detect this function specially and hack around the invalid info:
+    // https://github.com/llvm/llvm-project/commit/c82deed6764cbc63966374baf9721331901ca958
+    "  .cfi_offset lr, 0\n"
+    "  .cfi_offset sp, 8\n"
+    "  brk #1\n"
+    "  brk #1\n"
+);
 #endif
 }
 
-static void jl_call_in_state(host_thread_state_t *state, void (*fptr)(void))
+static void jl_call_in_state1(host_thread_state_t *state, void (*fptr)(void), uintptr_t arg0)
 {
 #ifdef _CPU_X86_64_
     uintptr_t sp = state->__rsp;
@@ -258,51 +258,59 @@ static void jl_call_in_state(host_thread_state_t *state, void (*fptr)(void))
 #endif
     sp = (sp - 256) & ~(uintptr_t)15; // redzone and re-alignment
     assert(sp % 16 == 0);
-    sp -= 16;
 #ifdef _CPU_X86_64_
-    // set return address to NULL
-    *(uintptr_t*)sp = 0;
-    // pushq %sp
+    // push {%rsp, %rip}
     sp -= sizeof(void*);
     *(uintptr_t*)sp = state->__rsp;
-    // pushq %rip
     sp -= sizeof(void*);
     *(uintptr_t*)sp = state->__rip;
-    // pushq .fake_stack_pop + 1; aka call from fake_stack_pop
+    // pushq .jl_fake_signal_return + 1; aka call from jl_fake_signal_return
     sp -= sizeof(void*);
-    *(uintptr_t*)sp = (uintptr_t)&fake_stack_pop + 1;
+    *(uintptr_t*)sp = (uintptr_t)&jl_fake_signal_return + 1;
     state->__rsp = sp; // set stack pointer
     state->__rip = (uint64_t)fptr; // "call" the function
+    state->__rdi = arg0;
 #elif defined(_CPU_AARCH64_)
-    // push {%sp, %pc + 4}
+    // push {%sp, %pc}
     sp -= sizeof(void*);
     *(uintptr_t*)sp = state->__sp;
     sp -= sizeof(void*);
     *(uintptr_t*)sp = (uintptr_t)state->__pc;
     state->__sp = sp; // x31
     state->__pc = (uint64_t)fptr; // pc
-    state->__lr = (uintptr_t)&fake_stack_pop + 4; // x30
+    state->__lr = (uintptr_t)&jl_fake_signal_return + 4; // x30
+    state->__x[0] = arg0;
 #else
 #error "julia: throw-in-context not supported on this platform"
 #endif
 }
 
 static void jl_longjmp_in_state(host_thread_state_t *state, jl_jmp_buf jmpbuf)
 {
-
     if (!jl_simulate_longjmp(jmpbuf, (bt_context_t*)state)) {
         // for sanitizer builds, fallback to calling longjmp on the original stack
         // (this will fail for stack overflow, but that is hardly sanitizer-legal anyways)
 #ifdef _CPU_X86_64_
-    state->__rdi = (uintptr_t)jmpbuf;
-    state->__rsi = 1;
+        uintptr_t sp = state->__rsp;
+#elif defined(_CPU_AARCH64_)
+        uintptr_t sp = state->__sp;
+#endif
+        sp = (sp - 256) & ~(uintptr_t)15; // redzone and re-alignment
+        assert(sp % 16 == 0);
+#ifdef _CPU_X86_64_
+        state->__rdi = (uintptr_t)jmpbuf;
+        state->__rsi = 1;
+        state->__rsp = sp; // set stack pointer
+        state->__rip = (uint64_t)longjmp; // "call" the function
 #elif defined(_CPU_AARCH64_)
-    state->__x[0] = (uintptr_t)jmpbuf;
-    state->__x[1] = 1;
+        state->__x[0] = (uintptr_t)jmpbuf;
+        state->__x[1] = 1;
+        state->__sp = sp; // x31
+        state->__pc = (uint64_t)longjmp; // pc
+        state->__lr = (uintptr_t)0; // x30
 #else
-#error "julia: jl_longjmp_in_state not supported on this platform"
+#error "julia: throw-in-context not supported on this platform"
 #endif
-        jl_call_in_state(state, (void (*)(void))longjmp);
     }
 }
 
@@ -577,7 +585,7 @@ static void jl_try_deliver_sigint(void)
     HANDLE_MACH_ERROR("thread_resume", ret);
 }
 
-static void JL_NORETURN jl_exit_thread0_cb(int signo)
+static void jl_exit_thread0_cb(int signo)
 {
     jl_fprint_critical_error(ios_safe_stderr, signo, 0, NULL, jl_current_task);
     jl_atexit_hook(128);
@@ -602,15 +610,7 @@ static void jl_exit_thread0(int signo, jl_bt_element_t *bt_data, size_t bt_size)
     ptls2->bt_size = bt_size; // <= JL_MAX_BT_SIZE
     memcpy(ptls2->bt_data, bt_data, ptls2->bt_size * sizeof(bt_data[0]));
 
-#ifdef _CPU_X86_64_
-    // First integer argument. Not portable but good enough =)
-    state.__rdi = signo;
-#elif defined(_CPU_AARCH64_)
-    state.__x[0] = signo;
-#else
-#error Fill in first integer argument here
-#endif
-    jl_call_in_state(&state, (void (*)(void))&jl_exit_thread0_cb);
+    jl_call_in_state1(&state, (void (*)(void))&jl_exit_thread0_cb, signo);
     unsigned int count = MACH_THREAD_STATE_COUNT;
     ret = thread_set_state(thread, MACH_THREAD_STATE, (thread_state_t)&state, count);
     HANDLE_MACH_ERROR("thread_set_state", ret);

src/signals-unix.c

@@ -70,6 +70,95 @@ int jl_simulate_longjmp(jl_jmp_buf mctx, bt_context_t *c) JL_NOTSAFEPOINT;
 static void jl_longjmp_in_ctx(int sig, void *_ctx, jl_jmp_buf jmpbuf);
 
 #if !defined(_OS_DARWIN_)
+extern void jl_fake_signal_return(void);
+// Create a trampoline function that does the stack manipulations for jl_call_in_ctx/jl_call_in_state
+// The callee-saved registers still may get smashed (by the cdecl fptr), since we didn't explicitly copy all of the
+// state to the stack (to build a real sigreturn frame).
+#if (defined(_OS_LINUX_) || defined(_OS_FREEBSD_) || defined(_OS_OPENBSD_)) && defined(_CPU_X86_64_)
+__asm__(
+    "  .type jl_fake_signal_return, @function\n"
+    "jl_fake_signal_return:\n"
+    "  .cfi_startproc\n"
+    "  .cfi_signal_frame\n"
+    // Mark as end of stack until frame is set up
+    "  .cfi_undefined %rip\n"
+    "  .cfi_undefined %rsp\n"
+    // rdi points to signal_ctx_pc in ptls (followed by signal_ctx_sp, signal_ctx_fptr, signal_ctx_arg)
+    "  pushq (%rdi)\n"        // push pc (signal_ctx_pc)
+    "  pushq 8(%rdi)\n"       // push sp (signal_ctx_sp)
+    // stack layout: [sp, pc] (pc at higher address, like return address after call)
+    "  .cfi_def_cfa %rsp, 8\n"
+    "  .cfi_offset %rip, 0\n"  // previous %rip at CFA+0 (pc slot at rsp+8)
+    "  .cfi_offset %rsp, -8\n" // previous %rsp at CFA-8 (sp slot at rsp+0)
+    "  pushq 16(%rdi)\n"      // push fptr (signal_ctx_fptr)
+    "  .cfi_def_cfa %rsp, 16\n"
+    "  movq 24(%rdi), %rdi\n" // restore original rdi from signal_ctx_arg
+    "  subq $8, %rsp\n"       // align stack to 16 bytes
+    "  .cfi_def_cfa %rsp, 24\n"
+    "  callq *8(%rsp)\n"      // call fptr
+    "  ud2\n"                 // unreachable
+    "  .cfi_endproc\n"
+    "  .size jl_fake_signal_return, .-jl_fake_signal_return\n"
+);
+
+#elif (defined(_OS_LINUX_) || defined(_OS_FREEBSD_)) && defined(_CPU_X86_)
+__asm__(
+    "  .type jl_fake_signal_return, @function\n"
+    "jl_fake_signal_return:\n"
+    "  .cfi_startproc\n"
+    "  .cfi_signal_frame\n"
+    // Mark as end of stack until frame is set up
+    "  .cfi_undefined 1\n"
+    // eax points to signal_ctx_pc in ptls (followed by signal_ctx_sp, signal_ctx_fptr, signal_ctx_arg)
+    "  pushl (%eax)\n"        // push pc (signal_ctx_pc)
+    "  pushl 4(%eax)\n"       // push sp (signal_ctx_sp)
+    // stack layout: [sp, pc] (pc at higher address, like return address after call)
+    "  .cfi_def_cfa %esp, 4\n"
+    "  .cfi_offset %eip, 0\n"  // previous %eip at CFA+0 (pc slot at esp+4)
+    "  .cfi_offset %esp, -4\n" // previous %esp at CFA-4 (sp slot at esp+0)
+    "  pushl 8(%eax)\n"       // push fptr (signal_ctx_fptr)
+    "  .cfi_def_cfa %esp, 8\n"
+    "  movl 12(%eax), %eax\n" // restore original eax from signal_ctx_arg
+    "  subl $4, %esp\n"       // align stack to 16 bytes
+    "  .cfi_def_cfa %esp, 12\n"
+    "  calll *4(%esp)\n"      // call fptr
+    "  ud2\n"                 // unreachable
+    "  .cfi_endproc\n"
+    "  .size jl_fake_signal_return, .-jl_fake_signal_return\n"
+);
+#elif (defined(_OS_LINUX_) || defined(_OS_FREEBSD_)) && defined(_CPU_AARCH64_)
+__asm__(
+    "  .type jl_fake_signal_return, @function\n"
+    "jl_fake_signal_return:\n"
+    "  .cfi_startproc\n"
+    "  .cfi_signal_frame\n"
+    // Mark as end of stack until frame is set up
+    "  .cfi_undefined 1\n"
+    // x0 points to signal_ctx_pc in ptls (followed by signal_ctx_sp, signal_ctx_fptr, signal_ctx_arg)
+    "  ldp x1, x2, [x0]\n"      // load pc (x1) and sp (x2)
+    "  stp x2, x1, [sp, #-16]!\n" // push sp and pc (sp at lower addr, pc at higher addr)
+    // stack layout: [sp, pc] (pc at higher address, like return address after call)
+    "  .cfi_def_cfa sp, 16\n"
+    "  .cfi_offset lr, -8\n"   // previous lr (pc) at CFA-8 (pc slot at sp+8)
+    "  .cfi_offset sp, -16\n"  // previous sp at CFA-16 (sp slot at sp+0)
+    // This is not quite valid, since the AArch64 DWARF spec lacks the ability to define how to restore the LR register correctly,
+    // so normally libunwind implementations on linux detect this function specially and hack around the invalid info:
+    // https://github.com/llvm/llvm-project/commit/c82deed6764cbc63966374baf9721331901ca958
+    "  ldp x1, x2, [x0, #16]\n" // load fptr (x1) and saved x0 (x2)
+    "  mov x0, x2\n"           // restore original x0
+    "  blr x1\n"               // call fptr
+    "  brk #1\n"               // unreachable
+    "  .cfi_endproc\n"
+    "  .size jl_fake_signal_return, .-jl_fake_signal_return\n"
+);
+#else
+extern void JL_NORETURN jl_fake_signal_return(void)
+{
+    CFI_NORETURN
+    abort();
+}
+#endif
+
 static inline uintptr_t jl_get_rsp_from_ctx(const void *_ctx)
 {
 #if defined(_OS_LINUX_) && defined(_CPU_X86_64_)
@@ -123,46 +212,79 @@ JL_NO_ASAN static void jl_call_in_ctx(jl_ptls_t ptls, void (*fptr)(void), int si
     // will not be part of the validation...
     uintptr_t rsp = jl_get_rsp_from_ctx(_ctx);
     rsp = (rsp - 256) & ~(uintptr_t)15; // redzone and re-alignment
+    assert(rsp % 16 == 0);
 #if defined(_OS_LINUX_) && defined(_CPU_X86_64_)
     ucontext_t *ctx = (ucontext_t*)_ctx;
-    rsp -= sizeof(void*);
-    *(uintptr_t*)rsp = 0;
-    ctx->uc_mcontext.gregs[REG_RSP] = rsp;
-    ctx->uc_mcontext.gregs[REG_RIP] = (uintptr_t)fptr;
+    // Save context in ptls for stack unwinding
+    ptls->signal_ctx_pc = ctx->uc_mcontext.gregs[REG_RIP];
+    ptls->signal_ctx_sp = ctx->uc_mcontext.gregs[REG_RSP];
+    ptls->signal_ctx_fptr = fptr;
+    ptls->signal_ctx_arg = ctx->uc_mcontext.gregs[REG_RDI];
+    ctx->uc_mcontext.gregs[REG_RSP] = rsp; // set stack pointer
+    ctx->uc_mcontext.gregs[REG_RDI] = (uintptr_t)&ptls->signal_ctx_pc; // first arg points to signal_ctx
+    ctx->uc_mcontext.gregs[REG_RIP] = (uintptr_t)&jl_fake_signal_return; // "call" jl_fake_signal_return
 #elif defined(_OS_FREEBSD_) && defined(_CPU_X86_64_)
     ucontext_t *ctx = (ucontext_t*)_ctx;
-    rsp -= sizeof(void*);
-    *(uintptr_t*)rsp = 0;
-    ctx->uc_mcontext.mc_rsp = rsp;
-    ctx->uc_mcontext.mc_rip = (uintptr_t)fptr;
+    // Save context in ptls for stack unwinding
+    ptls->signal_ctx_pc = ctx->uc_mcontext.mc_rip;
+    ptls->signal_ctx_sp = ctx->uc_mcontext.mc_rsp;
+    ptls->signal_ctx_fptr = fptr;
+    ptls->signal_ctx_arg = ctx->uc_mcontext.mc_rdi;
+    ctx->uc_mcontext.mc_rsp = rsp; // set stack pointer
+    ctx->uc_mcontext.mc_rdi = (uintptr_t)&ptls->signal_ctx_pc; // first arg points to signal_ctx
+    ctx->uc_mcontext.mc_rip = (uintptr_t)&jl_fake_signal_return; // "call" jl_fake_signal_return
 #elif defined(_OS_LINUX_) && defined(_CPU_X86_)
     ucontext_t *ctx = (ucontext_t*)_ctx;
-    rsp -= sizeof(void*);
-    *(uintptr_t*)rsp = 0;
-    ctx->uc_mcontext.gregs[REG_ESP] = rsp;
-    ctx->uc_mcontext.gregs[REG_EIP] = (uintptr_t)fptr;
+    // Save context in ptls for stack unwinding
+    ptls->signal_ctx_pc = ctx->uc_mcontext.gregs[REG_EIP];
+    ptls->signal_ctx_sp = ctx->uc_mcontext.gregs[REG_ESP];
+    ptls->signal_ctx_fptr = fptr;
+    ptls->signal_ctx_arg = ctx->uc_mcontext.gregs[REG_EAX];
+    ctx->uc_mcontext.gregs[REG_ESP] = rsp; // set stack pointer
+    ctx->uc_mcontext.gregs[REG_EAX] = (uintptr_t)&ptls->signal_ctx_pc; // set eax to point to signal_ctx
+    ctx->uc_mcontext.gregs[REG_EIP] = (uintptr_t)&jl_fake_signal_return; // "call" jl_fake_signal_return
 #elif defined(_OS_FREEBSD_) && defined(_CPU_X86_)
     ucontext_t *ctx = (ucontext_t*)_ctx;
-    rsp -= sizeof(void*);
-    *(uintptr_t*)rsp = 0;
-    ctx->uc_mcontext.mc_esp = rsp;
-    ctx->uc_mcontext.mc_eip = (uintptr_t)fptr;
+    // Save context in ptls for stack unwinding
+    ptls->signal_ctx_pc = ctx->uc_mcontext.mc_eip;
+    ptls->signal_ctx_sp = ctx->uc_mcontext.mc_esp;
+    ptls->signal_ctx_fptr = fptr;
+    ptls->signal_ctx_arg = ctx->uc_mcontext.mc_eax;
+    ctx->uc_mcontext.mc_esp = rsp; // set stack pointer
+    ctx->uc_mcontext.mc_eax = (uintptr_t)&ptls->signal_ctx_pc; // set eax to point to signal_ctx
+    ctx->uc_mcontext.mc_eip = (uintptr_t)&jl_fake_signal_return; // "call" jl_fake_signal_return
 #elif defined(_OS_OPENBSD_) && defined(_CPU_X86_64_)
     struct sigcontext *ctx = (struct sigcontext *)_ctx;
-    rsp -= sizeof(void*);
-    *(uintptr_t*)rsp = 0;
-    ctx->sc_rsp = rsp;
-    ctx->sc_rip = fptr;
+    // Save context in ptls for stack unwinding
+    ptls->signal_ctx_pc = ctx->sc_rip;
+    ptls->signal_ctx_sp = ctx->sc_rsp;
+    ptls->signal_ctx_fptr = fptr;
+    ptls->signal_ctx_arg = ctx->sc_rdi;
+    ctx->sc_rsp = rsp; // set stack pointer
+    ctx->sc_rdi = (uintptr_t)&ptls->signal_ctx_pc; // first arg points to signal_ctx
+    ctx->sc_rip = (uintptr_t)&jl_fake_signal_return; // "call" jl_fake_signal_return
 #elif defined(_OS_LINUX_) && defined(_CPU_AARCH64_)
     ucontext_t *ctx = (ucontext_t*)_ctx;
-    ctx->uc_mcontext.sp = rsp;
-    ctx->uc_mcontext.regs[29] = 0; // Clear link register (x29)
-    ctx->uc_mcontext.pc = (uintptr_t)fptr;
+    // Save context in ptls for stack unwinding
+    ptls->signal_ctx_pc = (uintptr_t)ctx->uc_mcontext.pc;
+    ptls->signal_ctx_sp = ctx->uc_mcontext.sp;
+    ptls->signal_ctx_fptr = fptr;
+    ptls->signal_ctx_arg = ctx->uc_mcontext.regs[0];
+    ctx->uc_mcontext.sp = rsp; // sp
+    ctx->uc_mcontext.regs[0] = (uintptr_t)&ptls->signal_ctx_pc; // first arg points to signal_ctx
+    ctx->uc_mcontext.pc = (uint64_t)&jl_fake_signal_return; // pc
+    ctx->uc_mcontext.regs[30] = 0; // clear lr (x30)
 #elif defined(_OS_FREEBSD_) && defined(_CPU_AARCH64_)
     ucontext_t *ctx = (ucontext_t*)_ctx;
-    ctx->uc_mcontext.mc_gpregs.gp_sp = rsp;
-    ctx->uc_mcontext.mc_gpregs.gp_x[29] = 0; // Clear link register (x29)
-    ctx->uc_mcontext.mc_gpregs.gp_elr = (uintptr_t)fptr;
+    // Save context in ptls for stack unwinding
+    ptls->signal_ctx_pc = ctx->uc_mcontext.mc_gpregs.gp_elr;
+    ptls->signal_ctx_sp = ctx->uc_mcontext.mc_gpregs.gp_sp;
+    ptls->signal_ctx_fptr = fptr;
+    ptls->signal_ctx_arg = ctx->uc_mcontext.mc_gpregs.gp_x[0];
+    ctx->uc_mcontext.mc_gpregs.gp_sp = rsp; // set stack pointer
+    ctx->uc_mcontext.mc_gpregs.gp_x[0] = (uintptr_t)&ptls->signal_ctx_pc; // first arg points to signal_ctx
+    ctx->uc_mcontext.mc_gpregs.gp_elr = (uintptr_t)&jl_fake_signal_return; // pc
+    ctx->uc_mcontext.mc_gpregs.gp_lr = 0; // clear lr (x30)
 #elif defined(_OS_LINUX_) && defined(_CPU_ARM_)
     ucontext_t *ctx = (ucontext_t*)_ctx;
     uintptr_t target = (uintptr_t)fptr;
@@ -549,9 +671,8 @@ static void jl_try_deliver_sigint(void)
 // Write only by signal handling thread, read only by main thread
 // no sync necessary.
 static int thread0_exit_signo = 0;
-static void JL_NORETURN jl_exit_thread0_cb(void)
+static void jl_exit_thread0_cb(void)
 {
-CFI_NORETURN
     jl_atomic_fetch_add(&jl_gc_disable_counter, -1);
     jl_fprint_critical_error(ios_safe_stderr, thread0_exit_signo, 0, NULL, jl_current_task);
     jl_atexit_hook(128);