System.Data.SQLite
Check-in [07c06d7ebe]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Update SQLite core library to the 3.27.0 release. Update version history docs.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 07c06d7ebe53bb1c4c43fdcb46c246a0c1748dd7
User & Date: mistachkin 2019-02-08 02:07:57
Context
2019-02-08
02:11
Pickup the SQLite core library 3.27.0 docs from upstream. check-in: cf08e3867a user: mistachkin tags: trunk
02:07
Update SQLite core library to the 3.27.0 release. Update version history docs. check-in: 07c06d7ebe user: mistachkin tags: trunk
2019-02-01
00:26
Update the VsWhere tool in externals to the 2.6.7 release. check-in: 43aae424b9 user: mistachkin tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to Doc/Extra/Provider/version.html.

    39     39             </td>
    40     40           </tr>
    41     41         </table>
    42     42       </div>
    43     43       <div id="mainSection">
    44     44       <div id="mainBody">
    45     45       <h1 class="heading">Version History</h1>
    46         -    <p><b>1.0.110.0 - December XX, 2018 <font color="red">(release scheduled)</font></b></p>
           46  +    <p><b>1.0.110.0 - February XX, 2018 <font color="red">(release scheduled)</font></b></p>
    47     47       <ul>
    48         -      <li>Updated to <a href="https://www.sqlite.org/releaselog/3_26_0.html">SQLite 3.26.0</a>.</li>
           48  +      <li>Updated to <a href="https://www.sqlite.org/releaselog/3_27_0.html">SQLite 3.27.0</a>.</li>
    49     49         <li>Add HidePassword connection flag to remove the password from the connection string once the database is opened. Pursuant to <a href="https://system.data.sqlite.org/index.html/info/23d8d6171e">[23d8d6171e]</a>.</li>
    50     50         <li>Add experimental StrictConformance connection flag to force strict compliance to the ADO.NET standard. Pursuant to <a href="https://system.data.sqlite.org/index.html/info/e36e05e299">[e36e05e299]</a>.</li>
    51     51         <li>Add support for the <a href="https://www.sqlite.org/session/c_changesetstart_invert.html">sqlite3changeset_start_v2()</a> and <a href="https://www.sqlite.org/session/c_changesetstart_invert.html">sqlite3changeset_start_v2_strm()</a> interfaces.</li>
    52     52       </ul>
    53     53       <p><b>1.0.109.0 - August 15, 2018</b></p>
    54     54       <ul>
    55     55         <li>Updated to <a href="https://www.sqlite.org/releaselog/3_24_0.html">SQLite 3.24.0</a>.</li>

Changes to SQLite.Interop/props/sqlite3.props.

     5      5    *
     6      6    * Written by Joe Mistachkin.
     7      7    * Released to the public domain, use at your own risk!
     8      8    *
     9      9   -->
    10     10   <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003" ToolsVersion="4.0">
    11     11     <PropertyGroup Label="UserMacros">
    12         -    <SQLITE_MANIFEST_VERSION>3.26.0.0</SQLITE_MANIFEST_VERSION>
    13         -    <SQLITE_RC_VERSION>3,26,0,0</SQLITE_RC_VERSION>
           12  +    <SQLITE_MANIFEST_VERSION>3.27.0.0</SQLITE_MANIFEST_VERSION>
           13  +    <SQLITE_RC_VERSION>3,27,0,0</SQLITE_RC_VERSION>
    14     14       <SQLITE_COMMON_DEFINES>_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;SQLITE_THREADSAFE=1;SQLITE_USE_URI=1;SQLITE_ENABLE_COLUMN_METADATA=1;SQLITE_ENABLE_STAT4=1;SQLITE_ENABLE_FTS3=1;SQLITE_ENABLE_LOAD_EXTENSION=1;SQLITE_ENABLE_RTREE=1;SQLITE_SOUNDEX=1;SQLITE_ENABLE_MEMORY_MANAGEMENT=1;SQLITE_ENABLE_API_ARMOR=1;SQLITE_ENABLE_DBSTAT_VTAB=1;SQLITE_ENABLE_STMTVTAB=1</SQLITE_COMMON_DEFINES>
    15     15       <SQLITE_EXTRA_DEFINES>SQLITE_PLACEHOLDER=1;SQLITE_HAS_CODEC=1</SQLITE_EXTRA_DEFINES>
    16     16       <SQLITE_WINCE_200X_DEFINES>SQLITE_OMIT_WAL=1</SQLITE_WINCE_200X_DEFINES>
    17     17       <SQLITE_WINCE_2013_DEFINES>HAVE_ERRNO_H=1;SQLITE_MSVC_LOCALTIME_API=1</SQLITE_WINCE_2013_DEFINES>
    18     18       <SQLITE_DEBUG_DEFINES>SQLITE_DEBUG=1;SQLITE_MEMDEBUG=1;SQLITE_ENABLE_EXPENSIVE_ASSERT=1</SQLITE_DEBUG_DEFINES>
    19     19       <SQLITE_RELEASE_DEFINES>SQLITE_WIN32_MALLOC=1</SQLITE_RELEASE_DEFINES>
    20     20       <SQLITE_DISABLE_WARNINGS>4055;4100;4127;4146;4210;4232;4244;4245;4267;4306;4389;4701;4703;4706</SQLITE_DISABLE_WARNINGS>

Changes to SQLite.Interop/props/sqlite3.vsprops.

    10     10   <VisualStudioPropertySheet
    11     11   	ProjectType="Visual C++"
    12     12   	Version="8.00"
    13     13   	Name="sqlite3"
    14     14   	>
    15     15   	<UserMacro
    16     16   		Name="SQLITE_MANIFEST_VERSION"
    17         -		Value="3.26.0.0"
           17  +		Value="3.27.0.0"
    18     18   		PerformEnvironmentSet="true"
    19     19   	/>
    20     20   	<UserMacro
    21     21   		Name="SQLITE_RC_VERSION"
    22         -		Value="3,26,0,0"
           22  +		Value="3,27,0,0"
    23     23   		PerformEnvironmentSet="true"
    24     24   	/>
    25     25   	<UserMacro
    26     26   		Name="SQLITE_COMMON_DEFINES"
    27     27   		Value="_CRT_SECURE_NO_DEPRECATE;_CRT_SECURE_NO_WARNINGS;_CRT_NONSTDC_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;SQLITE_THREADSAFE=1;SQLITE_USE_URI=1;SQLITE_ENABLE_COLUMN_METADATA=1;SQLITE_ENABLE_STAT4=1;SQLITE_ENABLE_FTS3=1;SQLITE_ENABLE_LOAD_EXTENSION=1;SQLITE_ENABLE_RTREE=1;SQLITE_SOUNDEX=1;SQLITE_ENABLE_MEMORY_MANAGEMENT=1;SQLITE_ENABLE_API_ARMOR=1;SQLITE_ENABLE_DBSTAT_VTAB=1;SQLITE_ENABLE_STMTVTAB=1"
    28     28   		PerformEnvironmentSet="true"
    29     29   	/>

Changes to SQLite.Interop/src/core/sqlite3.c.

     1      1   /******************************************************************************
     2      2   ** This file is an amalgamation of many separate C source files from SQLite
     3         -** version 3.26.0.  By combining all the individual C code files into this
            3  +** version 3.27.0.  By combining all the individual C code files into this
     4      4   ** single large file, the entire code can be compiled as a single translation
     5      5   ** unit.  This allows many compilers to do optimizations that would not be
     6      6   ** possible if the files were compiled separately.  Performance improvements
     7      7   ** of 5% or more are commonly seen when SQLite is compiled as a single
     8      8   ** translation unit.
     9      9   **
    10     10   ** This file is all you need to compile SQLite.  To use SQLite in other
................................................................................
  1158   1158   ** been edited in any way since it was last checked in, then the last
  1159   1159   ** four hexadecimal digits of the hash may be modified.
  1160   1160   **
  1161   1161   ** See also: [sqlite3_libversion()],
  1162   1162   ** [sqlite3_libversion_number()], [sqlite3_sourceid()],
  1163   1163   ** [sqlite_version()] and [sqlite_source_id()].
  1164   1164   */
  1165         -#define SQLITE_VERSION        "3.26.0"
  1166         -#define SQLITE_VERSION_NUMBER 3026000
  1167         -#define SQLITE_SOURCE_ID      "2018-12-01 12:34:55 bf8c1b2b7a5960c282e543b9c293686dccff272512d08865f4600fb58238b4f9"
         1165  +#define SQLITE_VERSION        "3.27.0"
         1166  +#define SQLITE_VERSION_NUMBER 3027000
         1167  +#define SQLITE_SOURCE_ID      "2019-02-07 17:02:52 97744701c3bd414e6c9d7182639d8c2ce7cf124c4fce625071ae65658ac61713"
  1168   1168   
  1169   1169   /*
  1170   1170   ** CAPI3REF: Run-Time Library Version Numbers
  1171   1171   ** KEYWORDS: sqlite3_version sqlite3_sourceid
  1172   1172   **
  1173   1173   ** These interfaces provide the same information as the [SQLITE_VERSION],
  1174   1174   ** [SQLITE_VERSION_NUMBER], and [SQLITE_SOURCE_ID] C preprocessor macros
................................................................................
  1858   1858   ** The [SQLITE_FCNTL_SIZE_HINT] opcode is used by SQLite to give the VFS
  1859   1859   ** layer a hint of how large the database file will grow to be during the
  1860   1860   ** current transaction.  This hint is not guaranteed to be accurate but it
  1861   1861   ** is often close.  The underlying VFS might choose to preallocate database
  1862   1862   ** file space based on this hint in order to help writes to the database
  1863   1863   ** file run faster.
  1864   1864   **
         1865  +** <li>[[SQLITE_FCNTL_SIZE_LIMIT]]
         1866  +** The [SQLITE_FCNTL_SIZE_LIMIT] opcode is used by in-memory VFS that
         1867  +** implements [sqlite3_deserialize()] to set an upper bound on the size
         1868  +** of the in-memory database.  The argument is a pointer to a [sqlite3_int64].
         1869  +** If the integer pointed to is negative, then it is filled in with the
         1870  +** current limit.  Otherwise the limit is set to the larger of the value
         1871  +** of the integer pointed to and the current database size.  The integer
         1872  +** pointed to is set to the new limit.
         1873  +**
  1865   1874   ** <li>[[SQLITE_FCNTL_CHUNK_SIZE]]
  1866   1875   ** The [SQLITE_FCNTL_CHUNK_SIZE] opcode is used to request that the VFS
  1867   1876   ** extends and truncates the database file in chunks of a size specified
  1868   1877   ** by the user. The fourth argument to [sqlite3_file_control()] should 
  1869   1878   ** point to an integer (type int) containing the new chunk-size to use
  1870   1879   ** for the nominated database. Allocating database file space in large
  1871   1880   ** chunks (say 1MB at a time), may reduce file-system fragmentation and
................................................................................
  2166   2175   #define SQLITE_FCNTL_WIN32_GET_HANDLE       29
  2167   2176   #define SQLITE_FCNTL_PDB                    30
  2168   2177   #define SQLITE_FCNTL_BEGIN_ATOMIC_WRITE     31
  2169   2178   #define SQLITE_FCNTL_COMMIT_ATOMIC_WRITE    32
  2170   2179   #define SQLITE_FCNTL_ROLLBACK_ATOMIC_WRITE  33
  2171   2180   #define SQLITE_FCNTL_LOCK_TIMEOUT           34
  2172   2181   #define SQLITE_FCNTL_DATA_VERSION           35
         2182  +#define SQLITE_FCNTL_SIZE_LIMIT             36
  2173   2183   
  2174   2184   /* deprecated names */
  2175   2185   #define SQLITE_GET_LOCKPROXYFILE      SQLITE_FCNTL_GET_LOCKPROXYFILE
  2176   2186   #define SQLITE_SET_LOCKPROXYFILE      SQLITE_FCNTL_SET_LOCKPROXYFILE
  2177   2187   #define SQLITE_LAST_ERRNO             SQLITE_FCNTL_LAST_ERRNO
  2178   2188   
  2179   2189   
................................................................................
  3007   3017   ** than the configured sorter-reference size threshold - then a reference
  3008   3018   ** is stored in each sorted record and the required column values loaded
  3009   3019   ** from the database as records are returned in sorted order. The default
  3010   3020   ** value for this option is to never use this optimization. Specifying a 
  3011   3021   ** negative value for this option restores the default behaviour.
  3012   3022   ** This option is only available if SQLite is compiled with the
  3013   3023   ** [SQLITE_ENABLE_SORTER_REFERENCES] compile-time option.
         3024  +**
         3025  +** [[SQLITE_CONFIG_MEMDB_MAXSIZE]]
         3026  +** <dt>SQLITE_CONFIG_MEMDB_MAXSIZE
         3027  +** <dd>The SQLITE_CONFIG_MEMDB_MAXSIZE option accepts a single parameter
         3028  +** [sqlite3_int64] parameter which is the default maximum size for an in-memory
         3029  +** database created using [sqlite3_deserialize()].  This default maximum
         3030  +** size can be adjusted up or down for individual databases using the
         3031  +** [SQLITE_FCNTL_SIZE_LIMIT] [sqlite3_file_control|file-control].  If this
         3032  +** configuration setting is never used, then the default maximum is determined
         3033  +** by the [SQLITE_MEMDB_DEFAULT_MAXSIZE] compile-time option.  If that
         3034  +** compile-time option is not set, then the default maximum is 1073741824.
  3014   3035   ** </dl>
  3015   3036   */
  3016   3037   #define SQLITE_CONFIG_SINGLETHREAD  1  /* nil */
  3017   3038   #define SQLITE_CONFIG_MULTITHREAD   2  /* nil */
  3018   3039   #define SQLITE_CONFIG_SERIALIZED    3  /* nil */
  3019   3040   #define SQLITE_CONFIG_MALLOC        4  /* sqlite3_mem_methods* */
  3020   3041   #define SQLITE_CONFIG_GETMALLOC     5  /* sqlite3_mem_methods* */
................................................................................
  3037   3058   #define SQLITE_CONFIG_MMAP_SIZE    22  /* sqlite3_int64, sqlite3_int64 */
  3038   3059   #define SQLITE_CONFIG_WIN32_HEAPSIZE      23  /* int nByte */
  3039   3060   #define SQLITE_CONFIG_PCACHE_HDRSZ        24  /* int *psz */
  3040   3061   #define SQLITE_CONFIG_PMASZ               25  /* unsigned int szPma */
  3041   3062   #define SQLITE_CONFIG_STMTJRNL_SPILL      26  /* int nByte */
  3042   3063   #define SQLITE_CONFIG_SMALL_MALLOC        27  /* boolean */
  3043   3064   #define SQLITE_CONFIG_SORTERREF_SIZE      28  /* int nByte */
         3065  +#define SQLITE_CONFIG_MEMDB_MAXSIZE       29  /* sqlite3_int64 */
  3044   3066   
  3045   3067   /*
  3046   3068   ** CAPI3REF: Database Connection Configuration Options
  3047   3069   **
  3048   3070   ** These constants are the available integer configuration options that
  3049   3071   ** can be passed as the second argument to the [sqlite3_db_config()] interface.
  3050   3072   **
................................................................................
  4026   4048   ** ^The callback function registered by sqlite3_profile() is invoked
  4027   4049   ** as each SQL statement finishes.  ^The profile callback contains
  4028   4050   ** the original statement text and an estimate of wall-clock time
  4029   4051   ** of how long that statement took to run.  ^The profile callback
  4030   4052   ** time is in units of nanoseconds, however the current implementation
  4031   4053   ** is only capable of millisecond resolution so the six least significant
  4032   4054   ** digits in the time are meaningless.  Future versions of SQLite
  4033         -** might provide greater resolution on the profiler callback.  The
  4034         -** sqlite3_profile() function is considered experimental and is
  4035         -** subject to change in future versions of SQLite.
         4055  +** might provide greater resolution on the profiler callback.  Invoking
         4056  +** either [sqlite3_trace()] or [sqlite3_trace_v2()] will cancel the
         4057  +** profile callback.
  4036   4058   */
  4037   4059   SQLITE_API SQLITE_DEPRECATED void *sqlite3_trace(sqlite3*,
  4038   4060      void(*xTrace)(void*,const char*), void*);
  4039   4061   SQLITE_API SQLITE_DEPRECATED void *sqlite3_profile(sqlite3*,
  4040   4062      void(*xProfile)(void*,const char*,sqlite3_uint64), void*);
  4041   4063   
  4042   4064   /*
................................................................................
  4442   4464   ** zero is returned.
  4443   4465   ** 
  4444   4466   ** If F is a NULL pointer, then sqlite3_uri_parameter(F,P) returns NULL and
  4445   4467   ** sqlite3_uri_boolean(F,P,B) returns B.  If F is not a NULL pointer and
  4446   4468   ** is not a database file pathname pointer that SQLite passed into the xOpen
  4447   4469   ** VFS method, then the behavior of this routine is undefined and probably
  4448   4470   ** undesirable.
         4471  +**
         4472  +** See the [URI filename] documentation for additional information.
  4449   4473   */
  4450   4474   SQLITE_API const char *sqlite3_uri_parameter(const char *zFilename, const char *zParam);
  4451   4475   SQLITE_API int sqlite3_uri_boolean(const char *zFile, const char *zParam, int bDefault);
  4452   4476   SQLITE_API sqlite3_int64 sqlite3_uri_int64(const char*, const char*, sqlite3_int64);
  4453   4477   
  4454   4478   
  4455   4479   /*
................................................................................
  4664   4688   ** and [sqlite3_prepare16_v3()] assume that the prepared statement will 
  4665   4689   ** be used just once or at most a few times and then destroyed using
  4666   4690   ** [sqlite3_finalize()] relatively soon. The current implementation acts
  4667   4691   ** on this hint by avoiding the use of [lookaside memory] so as not to
  4668   4692   ** deplete the limited store of lookaside memory. Future versions of
  4669   4693   ** SQLite may act on this hint differently.
  4670   4694   **
  4671         -** [[SQLITE_PREPARE_NORMALIZE]] ^(<dt>SQLITE_PREPARE_NORMALIZE</dt>
  4672         -** <dd>The SQLITE_PREPARE_NORMALIZE flag indicates that a normalized
  4673         -** representation of the SQL statement should be calculated and then
  4674         -** associated with the prepared statement, which can be obtained via
  4675         -** the [sqlite3_normalized_sql()] interface.)^  The semantics used to
  4676         -** normalize a SQL statement are unspecified and subject to change.
  4677         -** At a minimum, literal values will be replaced with suitable
  4678         -** placeholders.
         4695  +** [[SQLITE_PREPARE_NORMALIZE]] <dt>SQLITE_PREPARE_NORMALIZE</dt>
         4696  +** <dd>The SQLITE_PREPARE_NORMALIZE flag is a no-op. This flag used
         4697  +** to be required for any prepared statement that wanted to use the
         4698  +** [sqlite3_normalized_sql()] interface.  However, the
         4699  +** [sqlite3_normalized_sql()] interface is now available to all
         4700  +** prepared statements, regardless of whether or not they use this
         4701  +** flag.
         4702  +**
         4703  +** [[SQLITE_PREPARE_NO_VTAB]] <dt>SQLITE_PREPARE_NO_VTAB</dt>
         4704  +** <dd>The SQLITE_PREPARE_NO_VTAB flag causes the SQL compiler
         4705  +** to return an error (error code SQLITE_ERROR) if the statement uses
         4706  +** any virtual tables.
  4679   4707   ** </dl>
  4680   4708   */
  4681   4709   #define SQLITE_PREPARE_PERSISTENT              0x01
  4682   4710   #define SQLITE_PREPARE_NORMALIZE               0x02
         4711  +#define SQLITE_PREPARE_NO_VTAB                 0x04
  4683   4712   
  4684   4713   /*
  4685   4714   ** CAPI3REF: Compiling An SQL Statement
  4686   4715   ** KEYWORDS: {SQL statement compiler}
  4687   4716   ** METHOD: sqlite3
  4688   4717   ** CONSTRUCTOR: sqlite3_stmt
  4689   4718   **
................................................................................
 11031  11060   **
 11032  11061   ** If argument pzTab is not NULL, then *pzTab is set to point to a
 11033  11062   ** nul-terminated utf-8 encoded string containing the name of the table
 11034  11063   ** affected by the current change. The buffer remains valid until either
 11035  11064   ** sqlite3changeset_next() is called on the iterator or until the 
 11036  11065   ** conflict-handler function returns. If pnCol is not NULL, then *pnCol is 
 11037  11066   ** set to the number of columns in the table affected by the change. If
 11038         -** pbIncorrect is not NULL, then *pbIndirect is set to true (1) if the change
        11067  +** pbIndirect is not NULL, then *pbIndirect is set to true (1) if the change
 11039  11068   ** is an indirect change, or false (0) otherwise. See the documentation for
 11040  11069   ** [sqlite3session_indirect()] for a description of direct and indirect
 11041  11070   ** changes. Finally, if pOp is not NULL, then *pOp is set to one of 
 11042  11071   ** [SQLITE_INSERT], [SQLITE_DELETE] or [SQLITE_UPDATE], depending on the 
 11043  11072   ** type of change that the iterator currently points to.
 11044  11073   **
 11045  11074   ** If no error occurs, SQLITE_OK is returned. If an error does occur, an
................................................................................
 12265  12294   **   Query for the details of phrase match iIdx within the current row.
 12266  12295   **   Phrase matches are numbered starting from zero, so the iIdx argument
 12267  12296   **   should be greater than or equal to zero and smaller than the value
 12268  12297   **   output by xInstCount().
 12269  12298   **
 12270  12299   **   Usually, output parameter *piPhrase is set to the phrase number, *piCol
 12271  12300   **   to the column in which it occurs and *piOff the token offset of the
 12272         -**   first token of the phrase. The exception is if the table was created
 12273         -**   with the offsets=0 option specified. In this case *piOff is always
 12274         -**   set to -1.
 12275         -**
 12276         -**   Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) 
 12277         -**   if an error occurs.
        12301  +**   first token of the phrase. Returns SQLITE_OK if successful, or an error
        12302  +**   code (i.e. SQLITE_NOMEM) if an error occurs.
 12278  12303   **
 12279  12304   **   This API can be quite slow if used with an FTS5 table created with the
 12280  12305   **   "detail=none" or "detail=column" option. 
 12281  12306   **
 12282  12307   ** xRowid:
 12283  12308   **   Returns the rowid of the current row.
 12284  12309   **
................................................................................
 12559  12584   **            same token for inputs "first" and "1st". Say that token is in
 12560  12585   **            fact "first", so that when the user inserts the document "I won
 12561  12586   **            1st place" entries are added to the index for tokens "i", "won",
 12562  12587   **            "first" and "place". If the user then queries for '1st + place',
 12563  12588   **            the tokenizer substitutes "first" for "1st" and the query works
 12564  12589   **            as expected.
 12565  12590   **
 12566         -**       <li> By adding multiple synonyms for a single term to the FTS index.
 12567         -**            In this case, when tokenizing query text, the tokenizer may 
 12568         -**            provide multiple synonyms for a single term within the document.
 12569         -**            FTS5 then queries the index for each synonym individually. For
 12570         -**            example, faced with the query:
        12591  +**       <li> By querying the index for all synonyms of each query term
        12592  +**            separately. In this case, when tokenizing query text, the
        12593  +**            tokenizer may provide multiple synonyms for a single term 
        12594  +**            within the document. FTS5 then queries the index for each 
        12595  +**            synonym individually. For example, faced with the query:
 12571  12596   **
 12572  12597   **   <codeblock>
 12573  12598   **     ... MATCH 'first place'</codeblock>
 12574  12599   **
 12575  12600   **            the tokenizer offers both "1st" and "first" as synonyms for the
 12576  12601   **            first token in the MATCH query and FTS5 effectively runs a query 
 12577  12602   **            similar to:
................................................................................
 12587  12612   **            Using this method, when tokenizing document text, the tokenizer
 12588  12613   **            provides multiple synonyms for each token. So that when a 
 12589  12614   **            document such as "I won first place" is tokenized, entries are
 12590  12615   **            added to the FTS index for "i", "won", "first", "1st" and
 12591  12616   **            "place".
 12592  12617   **
 12593  12618   **            This way, even if the tokenizer does not provide synonyms
 12594         -**            when tokenizing query text (it should not - to do would be
        12619  +**            when tokenizing query text (it should not - to do so would be
 12595  12620   **            inefficient), it doesn't matter if the user queries for 
 12596  12621   **            'first + place' or '1st + place', as there are entries in the
 12597  12622   **            FTS index corresponding to both forms of the first token.
 12598  12623   **   </ol>
 12599  12624   **
 12600  12625   **   Whether it is parsing document or query text, any call to xToken that
 12601  12626   **   specifies a <i>tflags</i> argument with the FTS5_TOKEN_COLOCATED bit
................................................................................
 14531  14556   SQLITE_PRIVATE i64 sqlite3BtreeIntegerKey(BtCursor*);
 14532  14557   #ifdef SQLITE_ENABLE_OFFSET_SQL_FUNC
 14533  14558   SQLITE_PRIVATE i64 sqlite3BtreeOffset(BtCursor*);
 14534  14559   #endif
 14535  14560   SQLITE_PRIVATE int sqlite3BtreePayload(BtCursor*, u32 offset, u32 amt, void*);
 14536  14561   SQLITE_PRIVATE const void *sqlite3BtreePayloadFetch(BtCursor*, u32 *pAmt);
 14537  14562   SQLITE_PRIVATE u32 sqlite3BtreePayloadSize(BtCursor*);
        14563  +SQLITE_PRIVATE sqlite3_int64 sqlite3BtreeMaxRecordSize(BtCursor*);
 14538  14564   
 14539  14565   SQLITE_PRIVATE char *sqlite3BtreeIntegrityCheck(Btree*, int *aRoot, int nRoot, int, int*);
 14540  14566   SQLITE_PRIVATE struct Pager *sqlite3BtreePager(Btree*);
 14541  14567   SQLITE_PRIVATE i64 sqlite3BtreeRowCountEst(BtCursor*);
 14542  14568   
 14543  14569   #ifndef SQLITE_OMIT_INCRBLOB
 14544  14570   SQLITE_PRIVATE int sqlite3BtreePayloadChecked(BtCursor*, u32 offset, u32 amt, void*);
................................................................................
 14770  14796   #   define COLNAME_N      1      /* Store only the name */
 14771  14797   # else
 14772  14798   #   define COLNAME_N      2      /* Store the name and decltype */
 14773  14799   # endif
 14774  14800   #endif
 14775  14801   
 14776  14802   /*
 14777         -** The following macro converts a relative address in the p2 field
 14778         -** of a VdbeOp structure into a negative number so that 
 14779         -** sqlite3VdbeAddOpList() knows that the address is relative.  Calling
 14780         -** the macro again restores the address.
        14803  +** The following macro converts a label returned by sqlite3VdbeMakeLabel()
        14804  +** into an index into the Parse.aLabel[] array that contains the resolved
        14805  +** address of that label.
 14781  14806   */
 14782         -#define ADDR(X)  (-1-(X))
        14807  +#define ADDR(X)  (~(X))
 14783  14808   
 14784  14809   /*
 14785  14810   ** The makefile scans the vdbe.c source file and creates the "opcodes.h"
 14786  14811   ** header file that defines a number for each opcode used by the VDBE.
 14787  14812   */
 14788  14813   /************** Include opcodes.h in the middle of vdbe.h ********************/
 14789  14814   /************** Begin file opcodes.h *****************************************/
................................................................................
 15051  15076   # define ExplainQueryPlan(P)        sqlite3VdbeExplain P
 15052  15077   # define ExplainQueryPlanPop(P)     sqlite3VdbeExplainPop(P)
 15053  15078   # define ExplainQueryPlanParent(P)  sqlite3VdbeExplainParent(P)
 15054  15079   #else
 15055  15080   # define ExplainQueryPlan(P)
 15056  15081   # define ExplainQueryPlanPop(P)
 15057  15082   # define ExplainQueryPlanParent(P) 0
        15083  +# define sqlite3ExplainBreakpoint(A,B) /*no-op*/
        15084  +#endif
        15085  +#if defined(SQLITE_DEBUG) && !defined(SQLITE_OMIT_EXPLAIN)
        15086  +SQLITE_PRIVATE   void sqlite3ExplainBreakpoint(const char*,const char*);
        15087  +#else
        15088  +# define sqlite3ExplainBreakpoint(A,B) /*no-op*/
 15058  15089   #endif
 15059  15090   SQLITE_PRIVATE void sqlite3VdbeAddParseSchemaOp(Vdbe*,int,char*);
 15060  15091   SQLITE_PRIVATE void sqlite3VdbeChangeOpcode(Vdbe*, u32 addr, u8);
 15061  15092   SQLITE_PRIVATE void sqlite3VdbeChangeP1(Vdbe*, u32 addr, int P1);
 15062  15093   SQLITE_PRIVATE void sqlite3VdbeChangeP2(Vdbe*, u32 addr, int P2);
 15063  15094   SQLITE_PRIVATE void sqlite3VdbeChangeP3(Vdbe*, u32 addr, int P3);
 15064  15095   SQLITE_PRIVATE void sqlite3VdbeChangeP5(Vdbe*, u16 P5);
................................................................................
 15066  15097   SQLITE_PRIVATE int sqlite3VdbeChangeToNoop(Vdbe*, int addr);
 15067  15098   SQLITE_PRIVATE int sqlite3VdbeDeletePriorOpcode(Vdbe*, u8 op);
 15068  15099   SQLITE_PRIVATE void sqlite3VdbeChangeP4(Vdbe*, int addr, const char *zP4, int N);
 15069  15100   SQLITE_PRIVATE void sqlite3VdbeAppendP4(Vdbe*, void *pP4, int p4type);
 15070  15101   SQLITE_PRIVATE void sqlite3VdbeSetP4KeyInfo(Parse*, Index*);
 15071  15102   SQLITE_PRIVATE void sqlite3VdbeUsesBtree(Vdbe*, int);
 15072  15103   SQLITE_PRIVATE VdbeOp *sqlite3VdbeGetOp(Vdbe*, int);
 15073         -SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Vdbe*);
        15104  +SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Parse*);
 15074  15105   SQLITE_PRIVATE void sqlite3VdbeRunOnlyOnce(Vdbe*);
 15075  15106   SQLITE_PRIVATE void sqlite3VdbeReusable(Vdbe*);
 15076  15107   SQLITE_PRIVATE void sqlite3VdbeDelete(Vdbe*);
 15077  15108   SQLITE_PRIVATE void sqlite3VdbeClearObject(sqlite3*,Vdbe*);
 15078  15109   SQLITE_PRIVATE void sqlite3VdbeMakeReady(Vdbe*,Parse*);
 15079  15110   SQLITE_PRIVATE int sqlite3VdbeFinalize(Vdbe*);
 15080  15111   SQLITE_PRIVATE void sqlite3VdbeResolveLabel(Vdbe*, int);
................................................................................
 15087  15118   SQLITE_PRIVATE int sqlite3VdbeReset(Vdbe*);
 15088  15119   SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe*,int);
 15089  15120   SQLITE_PRIVATE int sqlite3VdbeSetColName(Vdbe*, int, int, const char *, void(*)(void*));
 15090  15121   SQLITE_PRIVATE void sqlite3VdbeCountChanges(Vdbe*);
 15091  15122   SQLITE_PRIVATE sqlite3 *sqlite3VdbeDb(Vdbe*);
 15092  15123   SQLITE_PRIVATE u8 sqlite3VdbePrepareFlags(Vdbe*);
 15093  15124   SQLITE_PRIVATE void sqlite3VdbeSetSql(Vdbe*, const char *z, int n, u8);
        15125  +#ifdef SQLITE_ENABLE_NORMALIZE
        15126  +SQLITE_PRIVATE void sqlite3VdbeAddDblquoteStr(sqlite3*,Vdbe*,const char*);
        15127  +SQLITE_PRIVATE int sqlite3VdbeUsesDoubleQuotedString(Vdbe*,const char*);
        15128  +#endif
 15094  15129   SQLITE_PRIVATE void sqlite3VdbeSwap(Vdbe*,Vdbe*);
 15095  15130   SQLITE_PRIVATE VdbeOp *sqlite3VdbeTakeOpArray(Vdbe*, int*, int*);
 15096  15131   SQLITE_PRIVATE sqlite3_value *sqlite3VdbeGetBoundValue(Vdbe*, int, u8);
 15097  15132   SQLITE_PRIVATE void sqlite3VdbeSetVarmask(Vdbe*, int);
 15098  15133   #ifndef SQLITE_OMIT_TRACE
 15099  15134   SQLITE_PRIVATE   char *sqlite3VdbeExpandSql(Vdbe*, const char*);
 15100  15135   #endif
................................................................................
 16212  16247                                  const char*);
 16213  16248   #endif
 16214  16249   
 16215  16250   #ifndef SQLITE_OMIT_DEPRECATED
 16216  16251   /* This is an extra SQLITE_TRACE macro that indicates "legacy" tracing
 16217  16252   ** in the style of sqlite3_trace()
 16218  16253   */
 16219         -#define SQLITE_TRACE_LEGACY  0x80
        16254  +#define SQLITE_TRACE_LEGACY          0x40     /* Use the legacy xTrace */
        16255  +#define SQLITE_TRACE_XPROFILE        0x80     /* Use the legacy xProfile */
 16220  16256   #else
 16221         -#define SQLITE_TRACE_LEGACY  0
        16257  +#define SQLITE_TRACE_LEGACY          0
        16258  +#define SQLITE_TRACE_XPROFILE        0
 16222  16259   #endif /* SQLITE_OMIT_DEPRECATED */
        16260  +#define SQLITE_TRACE_NONLEGACY_MASK  0x0f     /* Normal flags */
 16223  16261   
 16224  16262   
 16225  16263   /*
 16226  16264   ** Each database connection is an instance of the following structure.
 16227  16265   */
 16228  16266   struct sqlite3 {
 16229  16267     sqlite3_vfs *pVfs;            /* OS Interface */
................................................................................
 16274  16312     int nVdbeWrite;               /* Number of active VDBEs that read and write */
 16275  16313     int nVdbeExec;                /* Number of nested calls to VdbeExec() */
 16276  16314     int nVDestroy;                /* Number of active OP_VDestroy operations */
 16277  16315     int nExtension;               /* Number of loaded extensions */
 16278  16316     void **aExtension;            /* Array of shared library handles */
 16279  16317     int (*xTrace)(u32,void*,void*,void*);     /* Trace function */
 16280  16318     void *pTraceArg;                          /* Argument to the trace function */
        16319  +#ifndef SQLITE_OMIT_DEPRECATED
 16281  16320     void (*xProfile)(void*,const char*,u64);  /* Profiling function */
 16282  16321     void *pProfileArg;                        /* Argument to profile function */
        16322  +#endif
 16283  16323     void *pCommitArg;                 /* Argument to xCommitCallback() */
 16284  16324     int (*xCommitCallback)(void*);    /* Invoked at every commit. */
 16285  16325     void *pRollbackArg;               /* Argument to xRollbackCallback() */
 16286  16326     void (*xRollbackCallback)(void*); /* Invoked at every commit. */
 16287  16327     void *pUpdateArg;
 16288  16328     void (*xUpdateCallback)(void*,int, const char*,const char*,sqlite_int64);
 16289  16329   #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
................................................................................
 16406  16446   #define HI(X)  ((u64)(X)<<32)
 16407  16447   #ifdef SQLITE_DEBUG
 16408  16448   #define SQLITE_SqlTrace       HI(0x0001)  /* Debug print SQL as it executes */
 16409  16449   #define SQLITE_VdbeListing    HI(0x0002)  /* Debug listings of VDBE progs */
 16410  16450   #define SQLITE_VdbeTrace      HI(0x0004)  /* True to trace VDBE execution */
 16411  16451   #define SQLITE_VdbeAddopTrace HI(0x0008)  /* Trace sqlite3VdbeAddOp() calls */
 16412  16452   #define SQLITE_VdbeEQP        HI(0x0010)  /* Debug EXPLAIN QUERY PLAN */
        16453  +#define SQLITE_ParserTrace    HI(0x0020)  /* PRAGMA parser_trace=ON */
 16413  16454   #endif
 16414  16455   
 16415  16456   /*
 16416  16457   ** Allowed values for sqlite3.mDbFlags
 16417  16458   */
 16418  16459   #define DBFLAG_SchemaChange   0x0001  /* Uncommitted Hash table changes */
 16419  16460   #define DBFLAG_PreferBuiltin  0x0002  /* Preference to built-in funcs */
................................................................................
 16808  16849   /*
 16809  16850   ** The schema for each SQL table and view is represented in memory
 16810  16851   ** by an instance of the following structure.
 16811  16852   */
 16812  16853   struct Table {
 16813  16854     char *zName;         /* Name of the table or view */
 16814  16855     Column *aCol;        /* Information about each column */
 16815         -#ifdef SQLITE_ENABLE_NORMALIZE
 16816         -  Hash *pColHash;      /* All columns indexed by name */
 16817         -#endif
 16818  16856     Index *pIndex;       /* List of SQL indexes on this table. */
 16819  16857     Select *pSelect;     /* NULL for tables.  Points to definition if a view. */
 16820  16858     FKey *pFKey;         /* Linked list of all foreign keys in this table */
 16821  16859     char *zColAff;       /* String defining the affinity of each column */
 16822  16860     ExprList *pCheck;    /* All CHECK constraints */
 16823  16861                          /*   ... also used as column name list in a VIEW */
 16824  16862     int tnum;            /* Root BTree page for this table */
................................................................................
 17097  17135     Expr *pPartIdxWhere;     /* WHERE clause for partial indices */
 17098  17136     ExprList *aColExpr;      /* Column expressions */
 17099  17137     int tnum;                /* DB Page containing root of this index */
 17100  17138     LogEst szIdxRow;         /* Estimated average row size in bytes */
 17101  17139     u16 nKeyCol;             /* Number of columns forming the key */
 17102  17140     u16 nColumn;             /* Number of columns stored in the index */
 17103  17141     u8 onError;              /* OE_Abort, OE_Ignore, OE_Replace, or OE_None */
 17104         -  unsigned idxType:2;      /* 1==UNIQUE, 2==PRIMARY KEY, 0==CREATE INDEX */
        17142  +  unsigned idxType:2;      /* 0:Normal 1:UNIQUE, 2:PRIMARY KEY, 3:IPK */
 17105  17143     unsigned bUnordered:1;   /* Use this index for == or IN queries only */
 17106  17144     unsigned uniqNotNull:1;  /* True if UNIQUE and NOT NULL for all columns */
 17107  17145     unsigned isResized:1;    /* True if resizeIndexObject() has been called */
 17108  17146     unsigned isCovering:1;   /* True if this is a covering index */
 17109  17147     unsigned noSkipScan:1;   /* Do not try to use skip-scan if true */
 17110  17148     unsigned hasStat1:1;     /* aiRowLogEst values come from sqlite_stat1 */
 17111  17149     unsigned bNoQuery:1;     /* Do not use this index to optimize queries */
................................................................................
 17122  17160   
 17123  17161   /*
 17124  17162   ** Allowed values for Index.idxType
 17125  17163   */
 17126  17164   #define SQLITE_IDXTYPE_APPDEF      0   /* Created using CREATE INDEX */
 17127  17165   #define SQLITE_IDXTYPE_UNIQUE      1   /* Implements a UNIQUE constraint */
 17128  17166   #define SQLITE_IDXTYPE_PRIMARYKEY  2   /* Is the PRIMARY KEY for the table */
        17167  +#define SQLITE_IDXTYPE_IPK         3   /* INTEGER PRIMARY KEY index */
 17129  17168   
 17130  17169   /* Return true if index X is a PRIMARY KEY index */
 17131  17170   #define IsPrimaryKeyIndex(X)  ((X)->idxType==SQLITE_IDXTYPE_PRIMARYKEY)
 17132  17171   
 17133  17172   /* Return true if index X is a UNIQUE index */
 17134  17173   #define IsUniqueIndex(X)      ((X)->onError!=OE_None)
 17135  17174   
................................................................................
 17339  17378                            ** TK_COLUMN: the value of p5 for OP_Column
 17340  17379                            ** TK_AGG_FUNCTION: nesting depth */
 17341  17380     AggInfo *pAggInfo;     /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
 17342  17381     union {
 17343  17382       Table *pTab;           /* TK_COLUMN: Table containing column. Can be NULL
 17344  17383                              ** for a column of an index on an expression */
 17345  17384       Window *pWin;          /* TK_FUNCTION: Window definition for the func */
        17385  +    struct {               /* TK_IN, TK_SELECT, and TK_EXISTS */
        17386  +      int iAddr;             /* Subroutine entry address */
        17387  +      int regReturn;         /* Register used to hold return address */
        17388  +    } sub;
 17346  17389     } y;
 17347  17390   };
 17348  17391   
 17349  17392   /*
 17350  17393   ** The following are the meanings of bits in the Expr.flags field.
 17351  17394   */
 17352  17395   #define EP_FromJoin  0x000001 /* Originates in ON/USING clause of outer join */
................................................................................
 17370  17413   #define EP_Unlikely  0x040000 /* unlikely() or likelihood() function */
 17371  17414   #define EP_ConstFunc 0x080000 /* A SQLITE_FUNC_CONSTANT or _SLOCHNG function */
 17372  17415   #define EP_CanBeNull 0x100000 /* Can be null despite NOT NULL constraint */
 17373  17416   #define EP_Subquery  0x200000 /* Tree contains a TK_SELECT operator */
 17374  17417   #define EP_Alias     0x400000 /* Is an alias for a result set column */
 17375  17418   #define EP_Leaf      0x800000 /* Expr.pLeft, .pRight, .u.pSelect all NULL */
 17376  17419   #define EP_WinFunc  0x1000000 /* TK_FUNCTION with Expr.y.pWin set */
        17420  +#define EP_Subrtn   0x2000000 /* Uses Expr.y.sub. TK_IN, _SELECT, or _EXISTS */
        17421  +#define EP_Quoted   0x4000000 /* TK_ID was originally quoted */
 17377  17422   
 17378  17423   /*
 17379  17424   ** The EP_Propagate mask is a set of properties that automatically propagate
 17380  17425   ** upwards into parent nodes.
 17381  17426   */
 17382  17427   #define EP_Propagate (EP_Collate|EP_Subquery|EP_HasFunc)
 17383  17428   
................................................................................
 17913  17958     u8 nested;           /* Number of nested calls to the parser/code generator */
 17914  17959     u8 nTempReg;         /* Number of temporary registers in aTempReg[] */
 17915  17960     u8 isMultiWrite;     /* True if statement may modify/insert multiple rows */
 17916  17961     u8 mayAbort;         /* True if statement may throw an ABORT exception */
 17917  17962     u8 hasCompound;      /* Need to invoke convertCompoundSelectToSubquery() */
 17918  17963     u8 okConstFactor;    /* OK to factor out constants */
 17919  17964     u8 disableLookaside; /* Number of times lookaside has been disabled */
        17965  +  u8 disableVtab;      /* Disable all virtual tables for this parse */
 17920  17966     int nRangeReg;       /* Size of the temporary register block */
 17921  17967     int iRangeReg;       /* First register in temporary register block */
 17922  17968     int nErr;            /* Number of errors seen */
 17923  17969     int nTab;            /* Number of previously allocated VDBE cursors */
 17924  17970     int nMem;            /* Number of memory cells used so far */
 17925         -  int nOpAlloc;        /* Number of slots allocated for Vdbe.aOp[] */
 17926  17971     int szOpAlloc;       /* Bytes of memory space allocated for Vdbe.aOp[] */
 17927  17972     int iSelfTab;        /* Table associated with an index on expr, or negative
 17928  17973                          ** of the base register during check-constraint eval */
 17929         -  int nLabel;          /* Number of labels used */
        17974  +  int nLabel;          /* The *negative* of the number of labels used */
        17975  +  int nLabelAlloc;     /* Number of slots in aLabel */
 17930  17976     int *aLabel;         /* Space to hold the labels */
 17931  17977     ExprList *pConstExpr;/* Constant expressions */
 17932  17978     Token constraintName;/* Name of the constraint currently being parsed */
 17933  17979     yDbMask writeMask;   /* Start a write transaction on these databases */
 17934  17980     yDbMask cookieMask;  /* Bitmask of schema verified databases */
 17935  17981     int regRowid;        /* Register holding rowid of CREATE TABLE entry */
 17936  17982     int regRoot;         /* Register holding root page number for new objects */
................................................................................
 17982  18028   #ifndef SQLITE_OMIT_EXPLAIN
 17983  18029     int addrExplain;          /* Address of current OP_Explain opcode */
 17984  18030   #endif
 17985  18031     VList *pVList;            /* Mapping between variable names and numbers */
 17986  18032     Vdbe *pReprepare;         /* VM being reprepared (sqlite3Reprepare()) */
 17987  18033     const char *zTail;        /* All SQL text past the last semicolon parsed */
 17988  18034     Table *pNewTable;         /* A table being constructed by CREATE TABLE */
 17989         -  Index *pNewIndex;         /* An index being constructed by CREATE INDEX */
        18035  +  Index *pNewIndex;         /* An index being constructed by CREATE INDEX.
        18036  +                            ** Also used to hold redundant UNIQUE constraints
        18037  +                            ** during a RENAME COLUMN */
 17990  18038     Trigger *pNewTrigger;     /* Trigger under construct by a CREATE TRIGGER */
 17991  18039     const char *zAuthContext; /* The 6th parameter to db->xAuth callbacks */
 17992  18040   #ifndef SQLITE_OMIT_VIRTUALTABLE
 17993  18041     Token sArg;               /* Complete text of a module argument */
 17994  18042     Table **apVtabLock;       /* Pointer to virtual tables needing locking */
 17995  18043   #endif
 17996  18044     Table *pZombieTab;        /* List of Table objects to delete after code gen */
................................................................................
 18210  18258   */
 18211  18259   typedef struct {
 18212  18260     sqlite3 *db;        /* The database being initialized */
 18213  18261     char **pzErrMsg;    /* Error message stored here */
 18214  18262     int iDb;            /* 0 for main database.  1 for TEMP, 2.. for ATTACHed */
 18215  18263     int rc;             /* Result code stored here */
 18216  18264     u32 mInitFlags;     /* Flags controlling error messages */
        18265  +  u32 nInitRow;       /* Number of rows processed */
 18217  18266   } InitData;
 18218  18267   
 18219  18268   /*
 18220  18269   ** Allowed values for mInitFlags
 18221  18270   */
 18222  18271   #define INITFLAG_AlterTable   0x0001  /* This is a reparse after ALTER TABLE */
 18223  18272   
................................................................................
 18270  18319   #ifdef SQLITE_VDBE_COVERAGE
 18271  18320     /* The following callback (if not NULL) is invoked on every VDBE branch
 18272  18321     ** operation.  Set the callback using SQLITE_TESTCTRL_VDBE_COVERAGE.
 18273  18322     */
 18274  18323     void (*xVdbeBranch)(void*,unsigned iSrcLine,u8 eThis,u8 eMx);  /* Callback */
 18275  18324     void *pVdbeBranchArg;                                     /* 1st argument */
 18276  18325   #endif
        18326  +#ifdef SQLITE_ENABLE_DESERIALIZE
        18327  +  sqlite3_int64 mxMemdbSize;        /* Default max memdb size */
        18328  +#endif
 18277  18329   #ifndef SQLITE_UNTESTABLE
 18278  18330     int (*xTestCallback)(int);        /* Invoked by sqlite3FaultSim() */
 18279  18331   #endif
 18280  18332     int bLocaltimeFault;              /* True to fail localtime() calls */
 18281  18333     int bInternalFunctions;           /* Internal SQL functions are visible */
 18282  18334     int iOnceResetThreshold;          /* When to reset OP_Once counters */
 18283  18335     u32 szSorterRef;                  /* Min size in bytes to use sorter-refs */
................................................................................
 18658  18710   #endif
 18659  18711   #endif
 18660  18712   
 18661  18713   
 18662  18714   SQLITE_PRIVATE void sqlite3SetString(char **, sqlite3*, const char*);
 18663  18715   SQLITE_PRIVATE void sqlite3ErrorMsg(Parse*, const char*, ...);
 18664  18716   SQLITE_PRIVATE void sqlite3Dequote(char*);
        18717  +SQLITE_PRIVATE void sqlite3DequoteExpr(Expr*);
 18665  18718   SQLITE_PRIVATE void sqlite3TokenInit(Token*,char*);
 18666  18719   SQLITE_PRIVATE int sqlite3KeywordCode(const unsigned char*, int);
 18667  18720   SQLITE_PRIVATE int sqlite3RunParser(Parse*, const char*, char **);
 18668  18721   SQLITE_PRIVATE void sqlite3FinishCoding(Parse*);
 18669  18722   SQLITE_PRIVATE int sqlite3GetTempReg(Parse*);
 18670  18723   SQLITE_PRIVATE void sqlite3ReleaseTempReg(Parse*,int);
 18671  18724   SQLITE_PRIVATE int sqlite3GetTempRange(Parse*,int);
................................................................................
 18686  18739   SQLITE_PRIVATE ExprList *sqlite3ExprListAppend(Parse*,ExprList*,Expr*);
 18687  18740   SQLITE_PRIVATE ExprList *sqlite3ExprListAppendVector(Parse*,ExprList*,IdList*,Expr*);
 18688  18741   SQLITE_PRIVATE void sqlite3ExprListSetSortOrder(ExprList*,int);
 18689  18742   SQLITE_PRIVATE void sqlite3ExprListSetName(Parse*,ExprList*,Token*,int);
 18690  18743   SQLITE_PRIVATE void sqlite3ExprListSetSpan(Parse*,ExprList*,const char*,const char*);
 18691  18744   SQLITE_PRIVATE void sqlite3ExprListDelete(sqlite3*, ExprList*);
 18692  18745   SQLITE_PRIVATE u32 sqlite3ExprListFlags(const ExprList*);
        18746  +SQLITE_PRIVATE int sqlite3IndexHasDuplicateRootPage(Index*);
 18693  18747   SQLITE_PRIVATE int sqlite3Init(sqlite3*, char**);
 18694  18748   SQLITE_PRIVATE int sqlite3InitCallback(void*, int, char**, char**);
 18695  18749   SQLITE_PRIVATE int sqlite3InitOne(sqlite3*, int, char**, u32);
 18696  18750   SQLITE_PRIVATE void sqlite3Pragma(Parse*,Token*,Token*,Token*,int);
 18697  18751   #ifndef SQLITE_OMIT_VIRTUALTABLE
 18698  18752   SQLITE_PRIVATE Module *sqlite3PragmaVtabRegister(sqlite3*,const char *zName);
 18699  18753   #endif
................................................................................
 18719  18773   SQLITE_PRIVATE void sqlite3AddPrimaryKey(Parse*, ExprList*, int, int, int);
 18720  18774   SQLITE_PRIVATE void sqlite3AddCheckConstraint(Parse*, Expr*);
 18721  18775   SQLITE_PRIVATE void sqlite3AddDefaultValue(Parse*,Expr*,const char*,const char*);
 18722  18776   SQLITE_PRIVATE void sqlite3AddCollateType(Parse*, Token*);
 18723  18777   SQLITE_PRIVATE void sqlite3EndTable(Parse*,Token*,Token*,u8,Select*);
 18724  18778   SQLITE_PRIVATE int sqlite3ParseUri(const char*,const char*,unsigned int*,
 18725  18779                       sqlite3_vfs**,char**,char **);
        18780  +#ifdef SQLITE_HAS_CODEC
        18781  +SQLITE_PRIVATE   int sqlite3CodecQueryParameters(sqlite3*,const char*,const char*);
        18782  +#else
        18783  +# define sqlite3CodecQueryParameters(A,B,C) 0
        18784  +#endif
 18726  18785   SQLITE_PRIVATE Btree *sqlite3DbNameToBtree(sqlite3*,const char*);
 18727  18786   
 18728  18787   #ifdef SQLITE_UNTESTABLE
 18729  18788   # define sqlite3FaultSim(X) SQLITE_OK
 18730  18789   #else
 18731  18790   SQLITE_PRIVATE   int sqlite3FaultSim(int);
 18732  18791   #endif
................................................................................
 18771  18830   # define sqlite3AutoincrementBegin(X)
 18772  18831   # define sqlite3AutoincrementEnd(X)
 18773  18832   #endif
 18774  18833   SQLITE_PRIVATE void sqlite3Insert(Parse*, SrcList*, Select*, IdList*, int, Upsert*);
 18775  18834   SQLITE_PRIVATE void *sqlite3ArrayAllocate(sqlite3*,void*,int,int*,int*);
 18776  18835   SQLITE_PRIVATE IdList *sqlite3IdListAppend(Parse*, IdList*, Token*);
 18777  18836   SQLITE_PRIVATE int sqlite3IdListIndex(IdList*,const char*);
 18778         -SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(sqlite3*, SrcList*, int, int);
 18779         -SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(sqlite3*, SrcList*, Token*, Token*);
        18837  +SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(Parse*, SrcList*, int, int);
        18838  +SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(Parse*, SrcList*, Token*, Token*);
 18780  18839   SQLITE_PRIVATE SrcList *sqlite3SrcListAppendFromTerm(Parse*, SrcList*, Token*, Token*,
 18781  18840                                         Token*, Select*, Expr*, IdList*);
 18782  18841   SQLITE_PRIVATE void sqlite3SrcListIndexedBy(Parse *, SrcList *, Token *);
 18783  18842   SQLITE_PRIVATE void sqlite3SrcListFuncArgs(Parse*, SrcList*, ExprList*);
 18784  18843   SQLITE_PRIVATE int sqlite3IndexedByLookup(Parse *, struct SrcList_item *);
 18785  18844   SQLITE_PRIVATE void sqlite3SrcListShiftJoinType(SrcList*);
 18786  18845   SQLITE_PRIVATE void sqlite3SrcListAssignCursors(Parse*, SrcList*);
................................................................................
 18839  18898   #define LOCATE_VIEW    0x01
 18840  18899   #define LOCATE_NOERR   0x02
 18841  18900   SQLITE_PRIVATE Table *sqlite3LocateTable(Parse*,u32 flags,const char*, const char*);
 18842  18901   SQLITE_PRIVATE Table *sqlite3LocateTableItem(Parse*,u32 flags,struct SrcList_item *);
 18843  18902   SQLITE_PRIVATE Index *sqlite3FindIndex(sqlite3*,const char*, const char*);
 18844  18903   SQLITE_PRIVATE void sqlite3UnlinkAndDeleteTable(sqlite3*,int,const char*);
 18845  18904   SQLITE_PRIVATE void sqlite3UnlinkAndDeleteIndex(sqlite3*,int,const char*);
 18846         -SQLITE_PRIVATE void sqlite3Vacuum(Parse*,Token*);
 18847         -SQLITE_PRIVATE int sqlite3RunVacuum(char**, sqlite3*, int);
        18905  +SQLITE_PRIVATE void sqlite3Vacuum(Parse*,Token*,Expr*);
        18906  +SQLITE_PRIVATE int sqlite3RunVacuum(char**, sqlite3*, int, sqlite3_value*);
 18848  18907   SQLITE_PRIVATE char *sqlite3NameFromToken(sqlite3*, Token*);
 18849  18908   SQLITE_PRIVATE int sqlite3ExprCompare(Parse*,Expr*, Expr*, int);
 18850  18909   SQLITE_PRIVATE int sqlite3ExprCompareSkip(Expr*, Expr*, int);
 18851  18910   SQLITE_PRIVATE int sqlite3ExprListCompare(ExprList*, ExprList*, int);
 18852  18911   SQLITE_PRIVATE int sqlite3ExprImpliesExpr(Parse*,Expr*, Expr*, int);
 18853  18912   SQLITE_PRIVATE int sqlite3ExprImpliesNonNullRow(Expr*,int);
 18854  18913   SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext*, Expr*);
................................................................................
 18878  18937   #ifdef SQLITE_ENABLE_CURSOR_HINTS
 18879  18938   SQLITE_PRIVATE int sqlite3ExprContainsSubquery(Expr*);
 18880  18939   #endif
 18881  18940   SQLITE_PRIVATE int sqlite3ExprIsInteger(Expr*, int*);
 18882  18941   SQLITE_PRIVATE int sqlite3ExprCanBeNull(const Expr*);
 18883  18942   SQLITE_PRIVATE int sqlite3ExprNeedsNoAffinityChange(const Expr*, char);
 18884  18943   SQLITE_PRIVATE int sqlite3IsRowid(const char*);
 18885         -#ifdef SQLITE_ENABLE_NORMALIZE
 18886         -SQLITE_PRIVATE int sqlite3IsRowidN(const char*, int);
 18887         -#endif
 18888  18944   SQLITE_PRIVATE void sqlite3GenerateRowDelete(
 18889  18945       Parse*,Table*,Trigger*,int,int,int,i16,u8,u8,u8,int);
 18890  18946   SQLITE_PRIVATE void sqlite3GenerateRowIndexDelete(Parse*, Table*, int, int, int*, int);
 18891  18947   SQLITE_PRIVATE int sqlite3GenerateIndexKey(Parse*, Index*, int, int, int, int*,Index*,int);
 18892  18948   SQLITE_PRIVATE void sqlite3ResolvePartIdxLabel(Parse*,int);
 18893  18949   SQLITE_PRIVATE int sqlite3ExprReferencesUpdatedColumn(Expr*,int*,int);
 18894  18950   SQLITE_PRIVATE void sqlite3GenerateConstraintChecks(Parse*,Table*,int*,int,int,int,int,
................................................................................
 18907  18963   SQLITE_PRIVATE void sqlite3UniqueConstraint(Parse*, int, Index*);
 18908  18964   SQLITE_PRIVATE void sqlite3RowidConstraint(Parse*, int, Table*);
 18909  18965   SQLITE_PRIVATE Expr *sqlite3ExprDup(sqlite3*,Expr*,int);
 18910  18966   SQLITE_PRIVATE ExprList *sqlite3ExprListDup(sqlite3*,ExprList*,int);
 18911  18967   SQLITE_PRIVATE SrcList *sqlite3SrcListDup(sqlite3*,SrcList*,int);
 18912  18968   SQLITE_PRIVATE IdList *sqlite3IdListDup(sqlite3*,IdList*);
 18913  18969   SQLITE_PRIVATE Select *sqlite3SelectDup(sqlite3*,Select*,int);
 18914         -#ifdef SQLITE_ENABLE_NORMALIZE
 18915         -SQLITE_PRIVATE FuncDef *sqlite3FunctionSearchN(int,const char*,int);
 18916         -#endif
        18970  +SQLITE_PRIVATE FuncDef *sqlite3FunctionSearch(int,const char*);
 18917  18971   SQLITE_PRIVATE void sqlite3InsertBuiltinFuncs(FuncDef*,int);
 18918  18972   SQLITE_PRIVATE FuncDef *sqlite3FindFunction(sqlite3*,const char*,int,u8,u8);
 18919  18973   SQLITE_PRIVATE void sqlite3RegisterBuiltinFunctions(void);
 18920  18974   SQLITE_PRIVATE void sqlite3RegisterDateTimeFunctions(void);
 18921  18975   SQLITE_PRIVATE void sqlite3RegisterPerConnectionBuiltinFunctions(sqlite3*);
 18922  18976   SQLITE_PRIVATE int sqlite3SafetyCheckOk(sqlite3*);
 18923  18977   SQLITE_PRIVATE int sqlite3SafetyCheckSickOrOk(sqlite3*);
................................................................................
 19114  19168   #endif
 19115  19169   SQLITE_PRIVATE void sqlite3RootPageMoved(sqlite3*, int, int, int);
 19116  19170   SQLITE_PRIVATE void sqlite3Reindex(Parse*, Token*, Token*);
 19117  19171   SQLITE_PRIVATE void sqlite3AlterFunctions(void);
 19118  19172   SQLITE_PRIVATE void sqlite3AlterRenameTable(Parse*, SrcList*, Token*);
 19119  19173   SQLITE_PRIVATE void sqlite3AlterRenameColumn(Parse*, SrcList*, Token*, Token*);
 19120  19174   SQLITE_PRIVATE int sqlite3GetToken(const unsigned char *, int *);
 19121         -#ifdef SQLITE_ENABLE_NORMALIZE
 19122         -SQLITE_PRIVATE int sqlite3GetTokenNormalized(const unsigned char *, int *, int *);
 19123         -#endif
 19124  19175   SQLITE_PRIVATE void sqlite3NestedParse(Parse*, const char*, ...);
 19125  19176   SQLITE_PRIVATE void sqlite3ExpirePreparedStatements(sqlite3*, int);
 19126         -SQLITE_PRIVATE int sqlite3CodeSubselect(Parse*, Expr *, int, int);
        19177  +SQLITE_PRIVATE void sqlite3CodeRhsOfIN(Parse*, Expr*, int, int);
        19178  +SQLITE_PRIVATE int sqlite3CodeSubselect(Parse*, Expr*);
 19127  19179   SQLITE_PRIVATE void sqlite3SelectPrep(Parse*, Select*, NameContext*);
 19128  19180   SQLITE_PRIVATE void sqlite3SelectWrongNumTermsError(Parse *pParse, Select *p);
 19129  19181   SQLITE_PRIVATE int sqlite3MatchSpanName(const char*, const char*, const char*, const char*);
 19130  19182   SQLITE_PRIVATE int sqlite3ResolveExprNames(NameContext*, Expr*);
 19131  19183   SQLITE_PRIVATE int sqlite3ResolveExprListNames(NameContext*, ExprList*);
 19132  19184   SQLITE_PRIVATE void sqlite3ResolveSelectNames(Parse*, Select*, NameContext*);
 19133         -SQLITE_PRIVATE void sqlite3ResolveSelfReference(Parse*,Table*,int,Expr*,ExprList*);
        19185  +SQLITE_PRIVATE int sqlite3ResolveSelfReference(Parse*,Table*,int,Expr*,ExprList*);
 19134  19186   SQLITE_PRIVATE int sqlite3ResolveOrderGroupBy(Parse*, Select*, ExprList*, const char*);
 19135  19187   SQLITE_PRIVATE void sqlite3ColumnDefault(Vdbe *, Table *, int, int);
 19136  19188   SQLITE_PRIVATE void sqlite3AlterFinishAddColumn(Parse *, Token *);
 19137  19189   SQLITE_PRIVATE void sqlite3AlterBeginAddColumn(Parse *, SrcList *);
 19138  19190   SQLITE_PRIVATE void *sqlite3RenameTokenMap(Parse*, void*, Token*);
 19139  19191   SQLITE_PRIVATE void sqlite3RenameTokenRemap(Parse*, void *pTo, void *pFrom);
 19140  19192   SQLITE_PRIVATE void sqlite3RenameExprUnmap(Parse*, Expr*);
................................................................................
 19275  19327   SQLITE_PRIVATE int sqlite3VtabBegin(sqlite3 *, VTable *);
 19276  19328   SQLITE_PRIVATE FuncDef *sqlite3VtabOverloadFunction(sqlite3 *,FuncDef*, int nArg, Expr*);
 19277  19329   SQLITE_PRIVATE sqlite3_int64 sqlite3StmtCurrentTime(sqlite3_context*);
 19278  19330   SQLITE_PRIVATE int sqlite3VdbeParameterIndex(Vdbe*, const char*, int);
 19279  19331   SQLITE_PRIVATE int sqlite3TransferBindings(sqlite3_stmt *, sqlite3_stmt *);
 19280  19332   SQLITE_PRIVATE void sqlite3ParserReset(Parse*);
 19281  19333   #ifdef SQLITE_ENABLE_NORMALIZE
 19282         -SQLITE_PRIVATE void sqlite3Normalize(Vdbe*, const char*, int, u8);
        19334  +SQLITE_PRIVATE char *sqlite3Normalize(Vdbe*, const char*);
 19283  19335   #endif
 19284  19336   SQLITE_PRIVATE int sqlite3Reprepare(Vdbe*);
 19285  19337   SQLITE_PRIVATE void sqlite3ExprListCheckLength(Parse*, ExprList*, const char*);
 19286  19338   SQLITE_PRIVATE CollSeq *sqlite3BinaryCompareCollSeq(Parse *, Expr *, Expr *);
 19287  19339   SQLITE_PRIVATE int sqlite3TempInMemory(const sqlite3*);
 19288  19340   SQLITE_PRIVATE const char *sqlite3JournalModename(int);
 19289  19341   #ifndef SQLITE_OMIT_WAL
................................................................................
 19371  19423   #define IN_INDEX_NOOP         5   /* No table available. Use comparisons */
 19372  19424   /*
 19373  19425   ** Allowed flags for the 3rd parameter to sqlite3FindInIndex().
 19374  19426   */
 19375  19427   #define IN_INDEX_NOOP_OK     0x0001  /* OK to return IN_INDEX_NOOP */
 19376  19428   #define IN_INDEX_MEMBERSHIP  0x0002  /* IN operator used for membership test */
 19377  19429   #define IN_INDEX_LOOP        0x0004  /* IN operator used as a loop */
 19378         -SQLITE_PRIVATE int sqlite3FindInIndex(Parse *, Expr *, u32, int*, int*);
        19430  +SQLITE_PRIVATE int sqlite3FindInIndex(Parse *, Expr *, u32, int*, int*, int*);
 19379  19431   
 19380  19432   SQLITE_PRIVATE int sqlite3JournalOpen(sqlite3_vfs *, const char *, sqlite3_file *, int, int);
 19381  19433   SQLITE_PRIVATE int sqlite3JournalSize(sqlite3_vfs *);
 19382  19434   #if defined(SQLITE_ENABLE_ATOMIC_WRITE) \
 19383  19435    || defined(SQLITE_ENABLE_BATCH_ATOMIC_WRITE)
 19384  19436   SQLITE_PRIVATE   int sqlite3JournalCreate(sqlite3_file *);
 19385  19437   #endif
................................................................................
 19687  19739   ** sqlite3_db_config(db, SQLITE_DBCONFIG_LOOKASIDE);
 19688  19740   */
 19689  19741   #ifndef SQLITE_DEFAULT_LOOKASIDE
 19690  19742   # define SQLITE_DEFAULT_LOOKASIDE 1200,100
 19691  19743   #endif
 19692  19744   
 19693  19745   
        19746  +/* The default maximum size of an in-memory database created using
        19747  +** sqlite3_deserialize()
        19748  +*/
        19749  +#ifndef SQLITE_MEMDB_DEFAULT_MAXSIZE
        19750  +# define SQLITE_MEMDB_DEFAULT_MAXSIZE 1073741824
        19751  +#endif
        19752  +
 19694  19753   /*
 19695  19754   ** The following singleton contains the global configuration for
 19696  19755   ** the SQLite library.
 19697  19756   */
 19698  19757   SQLITE_PRIVATE SQLITE_WSD struct Sqlite3Config sqlite3Config = {
 19699  19758      SQLITE_DEFAULT_MEMSTATUS,  /* bMemstat */
 19700  19759      1,                         /* bCoreMutex */
................................................................................
 19734  19793      0,                         /* xSqllog */
 19735  19794      0,                         /* pSqllogArg */
 19736  19795   #endif
 19737  19796   #ifdef SQLITE_VDBE_COVERAGE
 19738  19797      0,                         /* xVdbeBranch */
 19739  19798      0,                         /* pVbeBranchArg */
 19740  19799   #endif
        19800  +#ifdef SQLITE_ENABLE_DESERIALIZE
        19801  +   SQLITE_MEMDB_DEFAULT_MAXSIZE,   /* mxMemdbSize */
        19802  +#endif
 19741  19803   #ifndef SQLITE_UNTESTABLE
 19742  19804      0,                         /* xTestCallback */
 19743  19805   #endif
 19744  19806      0,                         /* bLocaltimeFault */
 19745  19807      0,                         /* bInternalFunctions */
 19746  19808      0x7ffffffe,                /* iOnceResetThreshold */
 19747         -   SQLITE_DEFAULT_SORTERREF_SIZE   /* szSorterRef */
        19809  +   SQLITE_DEFAULT_SORTERREF_SIZE,   /* szSorterRef */
 19748  19810   };
 19749  19811   
 19750  19812   /*
 19751  19813   ** Hash table for global functions - functions common to all
 19752  19814   ** database connections.  After initialization, this table is
 19753  19815   ** read-only.
 19754  19816   */
................................................................................
 20159  20221   };
 20160  20222   
 20161  20223   /* A bitfield type for use inside of structures.  Always follow with :N where
 20162  20224   ** N is the number of bits.
 20163  20225   */
 20164  20226   typedef unsigned bft;  /* Bit Field Type */
 20165  20227   
        20228  +/* The ScanStatus object holds a single value for the
        20229  +** sqlite3_stmt_scanstatus() interface.
        20230  +*/
 20166  20231   typedef struct ScanStatus ScanStatus;
 20167  20232   struct ScanStatus {
 20168  20233     int addrExplain;                /* OP_Explain for loop */
 20169  20234     int addrLoop;                   /* Address of "loops" counter */
 20170  20235     int addrVisit;                  /* Address of "rows visited" counter */
 20171  20236     int iSelectID;                  /* The "Select-ID" for this loop */
 20172  20237     LogEst nEst;                    /* Estimated output rows per loop */
 20173  20238     char *zName;                    /* Name of table or index */
 20174  20239   };
        20240  +
        20241  +/* The DblquoteStr object holds the text of a double-quoted
        20242  +** string for a prepared statement.  A linked list of these objects
        20243  +** is constructed during statement parsing and is held on Vdbe.pDblStr.
        20244  +** When computing a normalized SQL statement for an SQL statement, that
        20245  +** list is consulted for each double-quoted identifier to see if the
        20246  +** identifier should really be a string literal.
        20247  +*/
        20248  +typedef struct DblquoteStr DblquoteStr;
        20249  +struct DblquoteStr {
        20250  +  DblquoteStr *pNextStr;   /* Next string literal in the list */
        20251  +  char z[8];               /* Dequoted value for the string */
        20252  +};
 20175  20253   
 20176  20254   /*
 20177  20255   ** An instance of the virtual machine.  This structure contains the complete
 20178  20256   ** state of the virtual machine.
 20179  20257   **
 20180  20258   ** The "sqlite3_stmt" structure pointer that is returned by sqlite3_prepare()
 20181  20259   ** is really a pointer to an instance of this structure.
................................................................................
 20188  20266     u32 magic;              /* Magic number for sanity checking */
 20189  20267     int nMem;               /* Number of memory locations currently allocated */
 20190  20268     int nCursor;            /* Number of slots in apCsr[] */
 20191  20269     u32 cacheCtr;           /* VdbeCursor row cache generation counter */
 20192  20270     int pc;                 /* The program counter */
 20193  20271     int rc;                 /* Value to return */
 20194  20272     int nChange;            /* Number of db changes made since last reset */
 20195         -  int iStatement;         /* Statement number (or 0 if has not opened stmt) */
        20273  +  int iStatement;         /* Statement number (or 0 if has no opened stmt) */
 20196  20274     i64 iCurrentTime;       /* Value of julianday('now') for this statement */
 20197  20275     i64 nFkConstraint;      /* Number of imm. FK constraints this VM */
 20198  20276     i64 nStmtDefCons;       /* Number of def. constraints when stmt started */
 20199  20277     i64 nStmtDefImmCons;    /* Number of def. imm constraints when stmt started */
        20278  +  Mem *aMem;              /* The memory locations */
        20279  +  Mem **apArg;            /* Arguments to currently executing user function */
        20280  +  VdbeCursor **apCsr;     /* One element of this array for each open cursor */
        20281  +  Mem *aVar;              /* Values for the OP_Variable opcode. */
 20200  20282   
 20201  20283     /* When allocating a new Vdbe object, all of the fields below should be
 20202  20284     ** initialized to zero or NULL */
 20203  20285   
 20204  20286     Op *aOp;                /* Space to hold the virtual machine's program */
 20205         -  Mem *aMem;              /* The memory locations */
 20206         -  Mem **apArg;            /* Arguments to currently executing user function */
        20287  +  int nOp;                /* Number of instructions in the program */
        20288  +  int nOpAlloc;           /* Slots allocated for aOp[] */
 20207  20289     Mem *aColName;          /* Column names to return */
 20208  20290     Mem *pResultSet;        /* Pointer to an array of results */
 20209  20291     char *zErrMsg;          /* Error message written here */
 20210         -  VdbeCursor **apCsr;     /* One element of this array for each open cursor */
 20211         -  Mem *aVar;              /* Values for the OP_Variable opcode. */
 20212  20292     VList *pVList;          /* Name of variables */
 20213  20293   #ifndef SQLITE_OMIT_TRACE
 20214  20294     i64 startTime;          /* Time when query started - used for profiling */
 20215  20295   #endif
 20216         -  int nOp;                /* Number of instructions in the program */
 20217  20296   #ifdef SQLITE_DEBUG
 20218  20297     int rcApp;              /* errcode set by sqlite3_result_error_code() */
 20219  20298     u32 nWrite;             /* Number of write operations that have occurred */
 20220  20299   #endif
 20221  20300     u16 nResColumn;         /* Number of columns in one row of the result set */
 20222  20301     u8 errorAction;         /* Recovery action to do in case of an error */
 20223  20302     u8 minWriteFileFormat;  /* Minimum file format for writable database files */
................................................................................
 20232  20311     bft bIsReader:1;        /* True for statements that read */
 20233  20312     yDbMask btreeMask;      /* Bitmask of db->aDb[] entries referenced */
 20234  20313     yDbMask lockMask;       /* Subset of btreeMask that requires a lock */
 20235  20314     u32 aCounter[7];        /* Counters used by sqlite3_stmt_status() */
 20236  20315     char *zSql;             /* Text of the SQL statement that generated this */
 20237  20316   #ifdef SQLITE_ENABLE_NORMALIZE
 20238  20317     char *zNormSql;         /* Normalization of the associated SQL statement */
        20318  +  DblquoteStr *pDblStr;   /* List of double-quoted string literals */
 20239  20319   #endif
 20240  20320     void *pFree;            /* Free this when deleting the vdbe */
 20241  20321     VdbeFrame *pFrame;      /* Parent frame */
 20242  20322     VdbeFrame *pDelFrame;   /* List of frame objects to free on VM reset */
 20243  20323     int nFrame;             /* Number of frames in pFrame list */
 20244  20324     u32 expmask;            /* Binding to these vars invalidates VM */
 20245  20325     SubProgram *pProgram;   /* Linked list of all sub-programs used by VM */
................................................................................
 27249  27329     return sqlite3_value_double(p->apArg[p->nUsed++]);
 27250  27330   }
 27251  27331   static char *getTextArg(PrintfArguments *p){
 27252  27332     if( p->nArg<=p->nUsed ) return 0;
 27253  27333     return (char*)sqlite3_value_text(p->apArg[p->nUsed++]);
 27254  27334   }
 27255  27335   
        27336  +/*
        27337  +** Allocate memory for a temporary buffer needed for printf rendering.
        27338  +**
        27339  +** If the requested size of the temp buffer is larger than the size
        27340  +** of the output buffer in pAccum, then cause an SQLITE_TOOBIG error.
        27341  +** Do the size check before the memory allocation to prevent rogue
        27342  +** SQL from requesting large allocations using the precision or width
        27343  +** field of the printf() function.
        27344  +*/
        27345  +static char *printfTempBuf(sqlite3_str *pAccum, sqlite3_int64 n){
        27346  +  char *z;
        27347  +  if( n>pAccum->nAlloc && n>pAccum->mxAlloc ){
        27348  +    setStrAccumError(pAccum, SQLITE_TOOBIG);
        27349  +    return 0;
        27350  +  }
        27351  +  z = sqlite3DbMallocRaw(pAccum->db, n);
        27352  +  if( z==0 ){
        27353  +    setStrAccumError(pAccum, SQLITE_NOMEM);
        27354  +  }
        27355  +  return z;
        27356  +}
 27256  27357   
 27257  27358   /*
 27258  27359   ** On machines with a small stack size, you can redefine the
 27259  27360   ** SQLITE_PRINT_BUF_SIZE to be something smaller, if desired.
 27260  27361   */
 27261  27362   #ifndef SQLITE_PRINT_BUF_SIZE
 27262  27363   # define SQLITE_PRINT_BUF_SIZE 70
................................................................................
 27331  27432         sqlite3_str_append(pAccum, "%", 1);
 27332  27433         break;
 27333  27434       }
 27334  27435       /* Find out what flags are present */
 27335  27436       flag_leftjustify = flag_prefix = cThousand =
 27336  27437        flag_alternateform = flag_altform2 = flag_zeropad = 0;
 27337  27438       done = 0;
        27439  +    width = 0;
        27440  +    flag_long = 0;
        27441  +    precision = -1;
 27338  27442       do{
 27339  27443         switch( c ){
 27340  27444           case '-':   flag_leftjustify = 1;     break;
 27341  27445           case '+':   flag_prefix = '+';        break;
 27342  27446           case ' ':   flag_prefix = ' ';        break;
 27343  27447           case '#':   flag_alternateform = 1;   break;
 27344  27448           case '!':   flag_altform2 = 1;        break;
 27345  27449           case '0':   flag_zeropad = 1;         break;
 27346  27450           case ',':   cThousand = ',';          break;
 27347  27451           default:    done = 1;                 break;
        27452  +        case 'l': {
        27453  +          flag_long = 1;
        27454  +          c = *++fmt;
        27455  +          if( c=='l' ){
        27456  +            c = *++fmt;
        27457  +            flag_long = 2;
        27458  +          }
        27459  +          done = 1;
        27460  +          break;
        27461  +        }
        27462  +        case '1': case '2': case '3': case '4': case '5':
        27463  +        case '6': case '7': case '8': case '9': {
        27464  +          unsigned wx = c - '0';
        27465  +          while( (c = *++fmt)>='0' && c<='9' ){
        27466  +            wx = wx*10 + c - '0';
        27467  +          }
        27468  +          testcase( wx>0x7fffffff );
        27469  +          width = wx & 0x7fffffff;
        27470  +#ifdef SQLITE_PRINTF_PRECISION_LIMIT
        27471  +          if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
        27472  +            width = SQLITE_PRINTF_PRECISION_LIMIT;
        27473  +          }
        27474  +#endif
        27475  +          if( c!='.' && c!='l' ){
        27476  +            done = 1;
        27477  +          }else{
        27478  +            fmt--;
        27479  +          }
        27480  +          break;
        27481  +        }
        27482  +        case '*': {
        27483  +          if( bArgList ){
        27484  +            width = (int)getIntArg(pArgList);
        27485  +          }else{
        27486  +            width = va_arg(ap,int);
        27487  +          }
        27488  +          if( width<0 ){
        27489  +            flag_leftjustify = 1;
        27490  +            width = width >= -2147483647 ? -width : 0;
        27491  +          }
        27492  +#ifdef SQLITE_PRINTF_PRECISION_LIMIT
        27493  +          if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
        27494  +            width = SQLITE_PRINTF_PRECISION_LIMIT;
        27495  +          }
        27496  +#endif
        27497  +          if( (c = fmt[1])!='.' && c!='l' ){
        27498  +            c = *++fmt;
        27499  +            done = 1;
        27500  +          }
        27501  +          break;
        27502  +        }
        27503  +        case '.': {
        27504  +          c = *++fmt;
        27505  +          if( c=='*' ){
        27506  +            if( bArgList ){
        27507  +              precision = (int)getIntArg(pArgList);
        27508  +            }else{
        27509  +              precision = va_arg(ap,int);
        27510  +            }
        27511  +            if( precision<0 ){
        27512  +              precision = precision >= -2147483647 ? -precision : -1;
        27513  +            }
        27514  +            c = *++fmt;
        27515  +          }else{
        27516  +            unsigned px = 0;
        27517  +            while( c>='0' && c<='9' ){
        27518  +              px = px*10 + c - '0';
        27519  +              c = *++fmt;
        27520  +            }
        27521  +            testcase( px>0x7fffffff );
        27522  +            precision = px & 0x7fffffff;
        27523  +          }
        27524  +#ifdef SQLITE_PRINTF_PRECISION_LIMIT
        27525  +          if( precision>SQLITE_PRINTF_PRECISION_LIMIT ){
        27526  +            precision = SQLITE_PRINTF_PRECISION_LIMIT;
        27527  +          }
        27528  +#endif
        27529  +          if( c=='l' ){
        27530  +            --fmt;
        27531  +          }else{
        27532  +            done = 1;
        27533  +          }
        27534  +          break;
        27535  +        }
 27348  27536         }
 27349  27537       }while( !done && (c=(*++fmt))!=0 );
 27350         -    /* Get the field width */
 27351         -    if( c=='*' ){
 27352         -      if( bArgList ){
 27353         -        width = (int)getIntArg(pArgList);
 27354         -      }else{
 27355         -        width = va_arg(ap,int);
 27356         -      }
 27357         -      if( width<0 ){
 27358         -        flag_leftjustify = 1;
 27359         -        width = width >= -2147483647 ? -width : 0;
 27360         -      }
 27361         -      c = *++fmt;
 27362         -    }else{
 27363         -      unsigned wx = 0;
 27364         -      while( c>='0' && c<='9' ){
 27365         -        wx = wx*10 + c - '0';
 27366         -        c = *++fmt;
 27367         -      }
 27368         -      testcase( wx>0x7fffffff );
 27369         -      width = wx & 0x7fffffff;
 27370         -    }
 27371         -    assert( width>=0 );
 27372         -#ifdef SQLITE_PRINTF_PRECISION_LIMIT
 27373         -    if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
 27374         -      width = SQLITE_PRINTF_PRECISION_LIMIT;
 27375         -    }
 27376         -#endif
 27377  27538   
 27378         -    /* Get the precision */
 27379         -    if( c=='.' ){
 27380         -      c = *++fmt;
 27381         -      if( c=='*' ){
 27382         -        if( bArgList ){
 27383         -          precision = (int)getIntArg(pArgList);
 27384         -        }else{
 27385         -          precision = va_arg(ap,int);
 27386         -        }
 27387         -        c = *++fmt;
 27388         -        if( precision<0 ){
 27389         -          precision = precision >= -2147483647 ? -precision : -1;
 27390         -        }
 27391         -      }else{
 27392         -        unsigned px = 0;
 27393         -        while( c>='0' && c<='9' ){
 27394         -          px = px*10 + c - '0';
 27395         -          c = *++fmt;
 27396         -        }
 27397         -        testcase( px>0x7fffffff );
 27398         -        precision = px & 0x7fffffff;
 27399         -      }
 27400         -    }else{
 27401         -      precision = -1;
 27402         -    }
 27403         -    assert( precision>=(-1) );
 27404         -#ifdef SQLITE_PRINTF_PRECISION_LIMIT
 27405         -    if( precision>SQLITE_PRINTF_PRECISION_LIMIT ){
 27406         -      precision = SQLITE_PRINTF_PRECISION_LIMIT;
 27407         -    }
 27408         -#endif
 27409         -
 27410         -
 27411         -    /* Get the conversion type modifier */
 27412         -    if( c=='l' ){
 27413         -      flag_long = 1;
 27414         -      c = *++fmt;
 27415         -      if( c=='l' ){
 27416         -        flag_long = 2;
 27417         -        c = *++fmt;
 27418         -      }
 27419         -    }else{
 27420         -      flag_long = 0;
 27421         -    }
 27422  27539       /* Fetch the info entry for the field */
 27423  27540       infop = &fmtinfo[0];
 27424  27541       xtype = etINVALID;
 27425  27542       for(idx=0; idx<ArraySize(fmtinfo); idx++){
 27426  27543         if( c==fmtinfo[idx].fmttype ){
 27427  27544           infop = &fmtinfo[idx];
 27428  27545           xtype = infop->type;
................................................................................
 27499  27616           if( flag_zeropad && precision<width-(prefix!=0) ){
 27500  27617             precision = width-(prefix!=0);
 27501  27618           }
 27502  27619           if( precision<etBUFSIZE-10-etBUFSIZE/3 ){
 27503  27620             nOut = etBUFSIZE;
 27504  27621             zOut = buf;
 27505  27622           }else{
 27506         -          u64 n = (u64)precision + 10 + precision/3;
 27507         -          zOut = zExtra = sqlite3Malloc( n );
 27508         -          if( zOut==0 ){
 27509         -            setStrAccumError(pAccum, SQLITE_NOMEM);
 27510         -            return;
 27511         -          }
        27623  +          u64 n;
        27624  +          n = (u64)precision + 10;
        27625  +          if( cThousand ) n += precision/3;
        27626  +          zOut = zExtra = printfTempBuf(pAccum, n);
        27627  +          if( zOut==0 ) return;
 27512  27628             nOut = (int)n;
 27513  27629           }
 27514  27630           bufpt = &zOut[nOut-1];
 27515  27631           if( xtype==etORDINAL ){
 27516  27632             static const char zOrd[] = "thstndrd";
 27517  27633             int x = (int)(longvalue % 10);
 27518  27634             if( x>=4 || (longvalue/10)%10==1 ){
................................................................................
 27623  27739             flag_rtz = flag_altform2;
 27624  27740           }
 27625  27741           if( xtype==etEXP ){
 27626  27742             e2 = 0;
 27627  27743           }else{
 27628  27744             e2 = exp;
 27629  27745           }
 27630         -        if( MAX(e2,0)+(i64)precision+(i64)width > etBUFSIZE - 15 ){
 27631         -          bufpt = zExtra 
 27632         -              = sqlite3Malloc( MAX(e2,0)+(i64)precision+(i64)width+15 );
 27633         -          if( bufpt==0 ){
 27634         -            setStrAccumError(pAccum, SQLITE_NOMEM);
 27635         -            return;
        27746  +        {
        27747  +          i64 szBufNeeded;           /* Size of a temporary buffer needed */
        27748  +          szBufNeeded = MAX(e2,0)+(i64)precision+(i64)width+15;
        27749  +          if( szBufNeeded > etBUFSIZE ){
        27750  +            bufpt = zExtra = printfTempBuf(pAccum, szBufNeeded);
        27751  +            if( bufpt==0 ) return;
 27636  27752             }
 27637  27753           }
 27638  27754           zOut = bufpt;
 27639  27755           nsd = 16 + flag_altform2*10;
 27640  27756           flag_dp = (precision>0 ?1:0) | flag_alternateform | flag_altform2;
 27641  27757           /* The sign in front of the number */
 27642  27758           if( prefix ){
................................................................................
 27852  27968             if( flag_altform2 && (ch&0xc0)==0xc0 ){
 27853  27969               while( (escarg[i+1]&0xc0)==0x80 ){ i++; }
 27854  27970             }
 27855  27971           }
 27856  27972           needQuote = !isnull && xtype==etSQLESCAPE2;
 27857  27973           n += i + 3;
 27858  27974           if( n>etBUFSIZE ){
 27859         -          bufpt = zExtra = sqlite3Malloc( n );
 27860         -          if( bufpt==0 ){
 27861         -            setStrAccumError(pAccum, SQLITE_NOMEM);
 27862         -            return;
 27863         -          }
        27975  +          bufpt = zExtra = printfTempBuf(pAccum, n);
        27976  +          if( bufpt==0 ) return;
 27864  27977           }else{
 27865  27978             bufpt = buf;
 27866  27979           }
 27867  27980           j = 0;
 27868  27981           if( needQuote ) bufpt[j++] = q;
 27869  27982           k = i;
 27870  27983           for(i=0; i<k; i++){
................................................................................
 28482  28595       sqlite3_str_appendf(&x, "{%d,*}", pItem->iCursor);
 28483  28596       if( pItem->zDatabase ){
 28484  28597         sqlite3_str_appendf(&x, " %s.%s", pItem->zDatabase, pItem->zName);
 28485  28598       }else if( pItem->zName ){
 28486  28599         sqlite3_str_appendf(&x, " %s", pItem->zName);
 28487  28600       }
 28488  28601       if( pItem->pTab ){
 28489         -      sqlite3_str_appendf(&x, " tabname=%Q", pItem->pTab->zName);
        28602  +      sqlite3_str_appendf(&x, " tab=%Q nCol=%d ptr=%p",
        28603  +           pItem->pTab->zName, pItem->pTab->nCol, pItem->pTab);
 28490  28604       }
 28491  28605       if( pItem->zAlias ){
 28492  28606         sqlite3_str_appendf(&x, " (AS %s)", pItem->zAlias);
 28493  28607       }
 28494  28608       if( pItem->fg.jointype & JT_LEFT ){
 28495  28609         sqlite3_str_appendf(&x, " LEFT-JOIN");
 28496  28610       }
................................................................................
 30222  30336   ** The input string must be zero-terminated.  A new zero-terminator
 30223  30337   ** is added to the dequoted string.
 30224  30338   **
 30225  30339   ** The return value is -1 if no dequoting occurs or the length of the
 30226  30340   ** dequoted string, exclusive of the zero terminator, if dequoting does
 30227  30341   ** occur.
 30228  30342   **
 30229         -** 2002-Feb-14: This routine is extended to remove MS-Access style
        30343  +** 2002-02-14: This routine is extended to remove MS-Access style
 30230  30344   ** brackets from around identifiers.  For example:  "[a-b-c]" becomes
 30231  30345   ** "a-b-c".
 30232  30346   */
 30233  30347   SQLITE_PRIVATE void sqlite3Dequote(char *z){
 30234  30348     char quote;
 30235  30349     int i, j;
 30236  30350     if( z==0 ) return;
................................................................................
 30247  30361           break;
 30248  30362         }
 30249  30363       }else{
 30250  30364         z[j++] = z[i];
 30251  30365       }
 30252  30366     }
 30253  30367     z[j] = 0;
        30368  +}
        30369  +SQLITE_PRIVATE void sqlite3DequoteExpr(Expr *p){
        30370  +  assert( sqlite3Isquote(p->u.zToken[0]) );
        30371  +  p->flags |= p->u.zToken[0]=='"' ? EP_Quoted|EP_DblQuoted : EP_Quoted;
        30372  +  sqlite3Dequote(p->u.zToken);
 30254  30373   }
 30255  30374   
 30256  30375   /*
 30257  30376   ** Generate a Token object from a string
 30258  30377   */
 30259  30378   SQLITE_PRIVATE void sqlite3TokenInit(Token *p, char *z){
 30260  30379     p->z = z;
................................................................................
 31675  31794       ** 0x9e3779b1 is 2654435761 which is the closest prime number to
 31676  31795       ** (2**32)*golden_ratio, where golden_ratio = (sqrt(5) - 1)/2. */
 31677  31796       h += sqlite3UpperToLower[c];
 31678  31797       h *= 0x9e3779b1;
 31679  31798     }
 31680  31799     return h;
 31681  31800   }
 31682         -#ifdef SQLITE_ENABLE_NORMALIZE
 31683         -static unsigned int strHashN(const char *z, int n){
 31684         -  unsigned int h = 0;
 31685         -  int i;
 31686         -  for(i=0; i<n; i++){
 31687         -    /* Knuth multiplicative hashing.  (Sorting & Searching, p. 510).
 31688         -    ** 0x9e3779b1 is 2654435761 which is the closest prime number to
 31689         -    ** (2**32)*golden_ratio, where golden_ratio = (sqrt(5) - 1)/2. */
 31690         -    h += sqlite3UpperToLower[z[i]];
 31691         -    h *= 0x9e3779b1;
 31692         -  }
 31693         -  return h;
 31694         -}
 31695         -#endif /* SQLITE_ENABLE_NORMALIZE */
 31696  31801   
 31697  31802   
 31698  31803   /* Link pNew element into the hash table pH.  If pEntry!=0 then also
 31699  31804   ** insert pNew into the pEntry hash bucket.
 31700  31805   */
 31701  31806   static void insertElement(
 31702  31807     Hash *pH,              /* The complete hash table */
................................................................................
 31800  31905       if( sqlite3StrICmp(elem->pKey,pKey)==0 ){ 
 31801  31906         return elem;
 31802  31907       }
 31803  31908       elem = elem->next;
 31804  31909     }
 31805  31910     return &nullElement;
 31806  31911   }
 31807         -#ifdef SQLITE_ENABLE_NORMALIZE
 31808         -static HashElem *findElementWithHashN(
 31809         -  const Hash *pH,     /* The pH to be searched */
 31810         -  const char *pKey,   /* The key we are searching for */
 31811         -  int nKey,           /* Number of key bytes to use */
 31812         -  unsigned int *pHash /* Write the hash value here */
 31813         -){
 31814         -  HashElem *elem;                /* Used to loop thru the element list */
 31815         -  int count;                     /* Number of elements left to test */
 31816         -  unsigned int h;                /* The computed hash */
 31817         -  static HashElem nullElement = { 0, 0, 0, 0 };
 31818         -
 31819         -  if( pH->ht ){   /*OPTIMIZATION-IF-TRUE*/
 31820         -    struct _ht *pEntry;
 31821         -    h = strHashN(pKey, nKey) % pH->htsize;
 31822         -    pEntry = &pH->ht[h];
 31823         -    elem = pEntry->chain;
 31824         -    count = pEntry->count;
 31825         -  }else{
 31826         -    h = 0;
 31827         -    elem = pH->first;
 31828         -    count = pH->count;
 31829         -  }
 31830         -  if( pHash ) *pHash = h;
 31831         -  while( count-- ){
 31832         -    assert( elem!=0 );
 31833         -    if( sqlite3StrNICmp(elem->pKey,pKey,nKey)==0 ){ 
 31834         -      return elem;
 31835         -    }
 31836         -    elem = elem->next;
 31837         -  }
 31838         -  return &nullElement;
 31839         -}
 31840         -#endif /* SQLITE_ENABLE_NORMALIZE */
 31841  31912   
 31842  31913   /* Remove a single entry from the hash table given a pointer to that
 31843  31914   ** element and a hash on the element's key.
 31844  31915   */
 31845  31916   static void removeElementGivenHash(
 31846  31917     Hash *pH,         /* The pH containing "elem" */
 31847  31918     HashElem* elem,   /* The element to be removed from the pH */
................................................................................
 31878  31949   ** found, or NULL if there is no match.
 31879  31950   */
 31880  31951   SQLITE_PRIVATE void *sqlite3HashFind(const Hash *pH, const char *pKey){
 31881  31952     assert( pH!=0 );
 31882  31953     assert( pKey!=0 );
 31883  31954     return findElementWithHash(pH, pKey, 0)->data;
 31884  31955   }
 31885         -#ifdef SQLITE_ENABLE_NORMALIZE
 31886         -SQLITE_PRIVATE void *sqlite3HashFindN(const Hash *pH, const char *pKey, int nKey){
 31887         -  assert( pH!=0 );
 31888         -  assert( pKey!=0 );
 31889         -  assert( nKey>=0 );
 31890         -  return findElementWithHashN(pH, pKey, nKey, 0)->data;
 31891         -}
 31892         -#endif /* SQLITE_ENABLE_NORMALIZE */
 31893  31956   
 31894  31957   /* Insert an element into the hash table pH.  The key is pKey
 31895  31958   ** and the data is "data".
 31896  31959   **
 31897  31960   ** If no element exists with a matching key, then a new
 31898  31961   ** element is created and NULL is returned.
 31899  31962   **
................................................................................
 46573  46636   */
 46574  46637   #define ORIGVFS(p) ((sqlite3_vfs*)((p)->pAppData))
 46575  46638   
 46576  46639   /* An open file */
 46577  46640   struct MemFile {
 46578  46641     sqlite3_file base;              /* IO methods */
 46579  46642     sqlite3_int64 sz;               /* Size of the file */
 46580         -  sqlite3_int64 szMax;            /* Space allocated to aData */
        46643  +  sqlite3_int64 szAlloc;          /* Space allocated to aData */
        46644  +  sqlite3_int64 szMax;            /* Maximum allowed size of the file */
 46581  46645     unsigned char *aData;           /* content of the file */
 46582  46646     int nMmap;                      /* Number of memory mapped pages */
 46583  46647     unsigned mFlags;                /* Flags */
 46584  46648     int eLock;                      /* Most recent lock against this file */
 46585  46649   };
 46586  46650   
 46587  46651   /*
................................................................................
 46699  46763   ** Try to enlarge the memory allocation to hold at least sz bytes
 46700  46764   */
 46701  46765   static int memdbEnlarge(MemFile *p, sqlite3_int64 newSz){
 46702  46766     unsigned char *pNew;
 46703  46767     if( (p->mFlags & SQLITE_DESERIALIZE_RESIZEABLE)==0 || p->nMmap>0 ){
 46704  46768       return SQLITE_FULL;
 46705  46769     }
        46770  +  if( newSz>p->szMax ){
        46771  +    return SQLITE_FULL;
        46772  +  }
        46773  +  newSz *= 2;
        46774  +  if( newSz>p->szMax ) newSz = p->szMax;
 46706  46775     pNew = sqlite3_realloc64(p->aData, newSz);
 46707  46776     if( pNew==0 ) return SQLITE_NOMEM;
 46708  46777     p->aData = pNew;
 46709         -  p->szMax = newSz;
        46778  +  p->szAlloc = newSz;
 46710  46779     return SQLITE_OK;
 46711  46780   }
 46712  46781   
 46713  46782   /*
 46714  46783   ** Write data to an memdb-file.
 46715  46784   */
 46716  46785   static int memdbWrite(
 46717  46786     sqlite3_file *pFile,
 46718  46787     const void *z,
 46719  46788     int iAmt,
 46720  46789     sqlite_int64 iOfst
 46721  46790   ){
 46722  46791     MemFile *p = (MemFile *)pFile;
        46792  +  if( NEVER(p->mFlags & SQLITE_DESERIALIZE_READONLY) ) return SQLITE_READONLY;
 46723  46793     if( iOfst+iAmt>p->sz ){
 46724  46794       int rc;
 46725         -    if( iOfst+iAmt>p->szMax
 46726         -     && (rc = memdbEnlarge(p, (iOfst+iAmt)*2))!=SQLITE_OK
        46795  +    if( iOfst+iAmt>p->szAlloc
        46796  +     && (rc = memdbEnlarge(p, iOfst+iAmt))!=SQLITE_OK
 46727  46797       ){
 46728  46798         return rc;
 46729  46799       }
 46730  46800       if( iOfst>p->sz ) memset(p->aData+p->sz, 0, iOfst-p->sz);
 46731  46801       p->sz = iOfst+iAmt;
 46732  46802     }
 46733  46803     memcpy(p->aData+iOfst, z, iAmt);
................................................................................
 46765  46835   }
 46766  46836   
 46767  46837   /*
 46768  46838   ** Lock an memdb-file.
 46769  46839   */
 46770  46840   static int memdbLock(sqlite3_file *pFile, int eLock){
 46771  46841     MemFile *p = (MemFile *)pFile;
        46842  +  if( eLock>SQLITE_LOCK_SHARED 
        46843  +   && (p->mFlags & SQLITE_DESERIALIZE_READONLY)!=0
        46844  +  ){
        46845  +    return SQLITE_READONLY;
        46846  +  }
 46772  46847     p->eLock = eLock;
 46773  46848     return SQLITE_OK;
 46774  46849   }
 46775  46850   
 46776  46851   #if 0 /* Never used because memdbAccess() always returns false */
 46777  46852   /*
 46778  46853   ** Check if another file-handle holds a RESERVED lock on an memdb-file.
................................................................................
 46788  46863   */
 46789  46864   static int memdbFileControl(sqlite3_file *pFile, int op, void *pArg){
 46790  46865     MemFile *p = (MemFile *)pFile;
 46791  46866     int rc = SQLITE_NOTFOUND;
 46792  46867     if( op==SQLITE_FCNTL_VFSNAME ){
 46793  46868       *(char**)pArg = sqlite3_mprintf("memdb(%p,%lld)", p->aData, p->sz);
 46794  46869       rc = SQLITE_OK;
        46870  +  }
        46871  +  if( op==SQLITE_FCNTL_SIZE_LIMIT ){
        46872  +    sqlite3_int64 iLimit = *(sqlite3_int64*)pArg;
        46873  +    if( iLimit<p->sz ){
        46874  +      if( iLimit<0 ){
        46875  +        iLimit = p->szMax;
        46876  +      }else{
        46877  +        iLimit = p->sz;
        46878  +      }
        46879  +    }
        46880  +    p->szMax = iLimit;
        46881  +    *(sqlite3_int64*)pArg = iLimit;
        46882  +    rc = SQLITE_OK;
 46795  46883     }
 46796  46884     return rc;
 46797  46885   }
 46798  46886   
 46799  46887   #if 0  /* Not used because of SQLITE_IOCAP_POWERSAFE_OVERWRITE */
 46800  46888   /*
 46801  46889   ** Return the sector-size in bytes for an memdb-file.
................................................................................
 46819  46907   static int memdbFetch(
 46820  46908     sqlite3_file *pFile,
 46821  46909     sqlite3_int64 iOfst,
 46822  46910     int iAmt,
 46823  46911     void **pp
 46824  46912   ){
 46825  46913     MemFile *p = (MemFile *)pFile;
 46826         -  p->nMmap++;
 46827         -  *pp = (void*)(p->aData + iOfst);
        46914  +  if( iOfst+iAmt>p->sz ){
        46915  +    *pp = 0;
        46916  +  }else{
        46917  +    p->nMmap++;
        46918  +    *pp = (void*)(p->aData + iOfst);
        46919  +  }
 46828  46920     return SQLITE_OK;
 46829  46921   }
 46830  46922   
 46831  46923   /* Release a memory-mapped page */
 46832  46924   static int memdbUnfetch(sqlite3_file *pFile, sqlite3_int64 iOfst, void *pPage){
 46833  46925     MemFile *p = (MemFile *)pFile;
 46834  46926     p->nMmap--;
................................................................................
 46850  46942       return ORIGVFS(pVfs)->xOpen(ORIGVFS(pVfs), zName, pFile, flags, pOutFlags);
 46851  46943     }
 46852  46944     memset(p, 0, sizeof(*p));
 46853  46945     p->mFlags = SQLITE_DESERIALIZE_RESIZEABLE | SQLITE_DESERIALIZE_FREEONCLOSE;
 46854  46946     assert( pOutFlags!=0 );  /* True because flags==SQLITE_OPEN_MAIN_DB */
 46855  46947     *pOutFlags = flags | SQLITE_OPEN_MEMORY;
 46856  46948     p->base.pMethods = &memdb_io_methods;
        46949  +  p->szMax = sqlite3GlobalConfig.mxMemdbSize;
 46857  46950     return SQLITE_OK;
 46858  46951   }
 46859  46952   
 46860  46953   #if 0 /* Only used to delete rollback journals, master journals, and WAL
 46861  46954         ** files, none of which exist in memdb.  So this routine is never used */
 46862  46955   /*
 46863  46956   ** Delete the file located at zPath. If the dirSync argument is true,
................................................................................
 47099  47192     }
 47100  47193     p = memdbFromDbSchema(db, zSchema);
 47101  47194     if( p==0 ){
 47102  47195       rc = SQLITE_ERROR;
 47103  47196     }else{
 47104  47197       p->aData = pData;
 47105  47198       p->sz = szDb;
        47199  +    p->szAlloc = szBuf;
 47106  47200       p->szMax = szBuf;
        47201  +    if( p->szMax<sqlite3GlobalConfig.mxMemdbSize ){
        47202  +      p->szMax = sqlite3GlobalConfig.mxMemdbSize;
        47203  +    }
 47107  47204       p->mFlags = mFlags;
 47108  47205       rc = SQLITE_OK;
 47109  47206     }
 47110  47207   
 47111  47208   end_deserialize:
 47112  47209     sqlite3_finalize(pStmt);
 47113  47210     sqlite3_mutex_leave(db->mutex);
................................................................................
 48520  48617   typedef struct PGroup PGroup;
 48521  48618   
 48522  48619   /*
 48523  48620   ** Each cache entry is represented by an instance of the following 
 48524  48621   ** structure. Unless SQLITE_PCACHE_SEPARATE_HEADER is defined, a buffer of
 48525  48622   ** PgHdr1.pCache->szPage bytes is allocated directly before this structure 
 48526  48623   ** in memory.
        48624  +**
        48625  +** Note: Variables isBulkLocal and isAnchor were once type "u8". That works,
        48626  +** but causes a 2-byte gap in the structure for most architectures (since 
        48627  +** pointers must be either 4 or 8-byte aligned). As this structure is located
        48628  +** in memory directly after the associated page data, if the database is
        48629  +** corrupt, code at the b-tree layer may overread the page buffer and 
        48630  +** read part of this structure before the corruption is detected. This
        48631  +** can cause a valgrind error if the unitialized gap is accessed. Using u16
        48632  +** ensures there is no such gap, and therefore no bytes of unitialized memory
        48633  +** in the structure.
 48527  48634   */
 48528  48635   struct PgHdr1 {
 48529  48636     sqlite3_pcache_page page;      /* Base class. Must be first. pBuf & pExtra */
 48530  48637     unsigned int iKey;             /* Key value (page number) */
 48531         -  u8 isBulkLocal;                /* This page from bulk local storage */
 48532         -  u8 isAnchor;                   /* This is the PGroup.lru element */
        48638  +  u16 isBulkLocal;               /* This page from bulk local storage */
        48639  +  u16 isAnchor;                  /* This is the PGroup.lru element */
 48533  48640     PgHdr1 *pNext;                 /* Next in hash table chain */
 48534  48641     PCache1 *pCache;               /* Cache that currently owns this page */
 48535  48642     PgHdr1 *pLruNext;              /* Next in LRU list of unpinned pages */
 48536  48643     PgHdr1 *pLruPrev;              /* Previous in LRU list of unpinned pages */
        48644  +                                 /* NB: pLruPrev is only valid if pLruNext!=0 */
 48537  48645   };
 48538  48646   
 48539  48647   /*
 48540  48648   ** A page is pinned if it is not on the LRU list.  To be "pinned" means
 48541  48649   ** that the page is in active use and must not be deallocated.
 48542  48650   */
 48543  48651   #define PAGE_IS_PINNED(p)    ((p)->pLruNext==0)
................................................................................
 48595  48703     int szExtra;                        /* sizeof(MemPage)+sizeof(PgHdr) */
 48596  48704     int szAlloc;                        /* Total size of one pcache line */
 48597  48705     int bPurgeable;                     /* True if cache is purgeable */
 48598  48706     unsigned int nMin;                  /* Minimum number of pages reserved */
 48599  48707     unsigned int nMax;                  /* Configured "cache_size" value */
 48600  48708     unsigned int n90pct;                /* nMax*9/10 */
 48601  48709     unsigned int iMaxKey;               /* Largest key seen since xTruncate() */
        48710  +  unsigned int nPurgeableDummy;       /* pnPurgeable points here when not used*/
 48602  48711   
 48603  48712     /* Hash table of all pages. The following variables may only be accessed
 48604  48713     ** when the accessor is holding the PGroup mutex.
 48605  48714     */
 48606  48715     unsigned int nRecyclable;           /* Number of pages in the LRU list */
 48607  48716     unsigned int nPage;                 /* Total number of pages in apHash */
 48608  48717     unsigned int nHash;                 /* Number of slots in apHash[] */
................................................................................
 48729  48838       do{
 48730  48839         PgHdr1 *pX = (PgHdr1*)&zBulk[pCache->szPage];
 48731  48840         pX->page.pBuf = zBulk;
 48732  48841         pX->page.pExtra = &pX[1];
 48733  48842         pX->isBulkLocal = 1;
 48734  48843         pX->isAnchor = 0;
 48735  48844         pX->pNext = pCache->pFree;
        48845  +      pX->pLruPrev = 0;           /* Initializing this saves a valgrind error */
 48736  48846         pCache->pFree = pX;
 48737  48847         zBulk += pCache->szAlloc;
 48738  48848       }while( --nBulk );
 48739  48849     }
 48740  48850     return pCache->pFree!=0;
 48741  48851   }
 48742  48852   
................................................................................
 48904  49014   
 48905  49015   /*
 48906  49016   ** Malloc function used by SQLite to obtain space from the buffer configured
 48907  49017   ** using sqlite3_config(SQLITE_CONFIG_PAGECACHE) option. If no such buffer
 48908  49018   ** exists, this function falls back to sqlite3Malloc().
 48909  49019   */
 48910  49020   SQLITE_PRIVATE void *sqlite3PageMalloc(int sz){
        49021  +  /* During rebalance operations on a corrupt database file, it is sometimes
        49022  +  ** (rarely) possible to overread the temporary page buffer by a few bytes.
        49023  +  ** Enlarge the allocation slightly so that this does not cause problems. */
 48911  49024     return pcache1Alloc(sz);
 48912  49025   }
 48913  49026   
 48914  49027   /*
 48915  49028   ** Free an allocated buffer obtained from sqlite3PageMalloc().
 48916  49029   */
 48917  49030   SQLITE_PRIVATE void sqlite3PageFree(void *p){
................................................................................
 48998  49111     assert( PAGE_IS_UNPINNED(pPage) );
 48999  49112     assert( pPage->pLruNext );
 49000  49113     assert( pPage->pLruPrev );
 49001  49114     assert( sqlite3_mutex_held(pPage->pCache->pGroup->mutex) );
 49002  49115     pPage->pLruPrev->pLruNext = pPage->pLruNext;
 49003  49116     pPage->pLruNext->pLruPrev = pPage->pLruPrev;
 49004  49117     pPage->pLruNext = 0;
 49005         -  pPage->pLruPrev = 0;
        49118  +  /* pPage->pLruPrev = 0;
        49119  +  ** No need to clear pLruPrev as it is never accessed if pLruNext is 0 */
 49006  49120     assert( pPage->isAnchor==0 );
 49007  49121     assert( pPage->pCache->pGroup->lru.isAnchor==1 );
 49008  49122     pPage->pCache->nRecyclable--;
 49009  49123     return pPage;
 49010  49124   }
 49011  49125   
 49012  49126   
................................................................................
 49208  49322       pcache1ResizeHash(pCache);
 49209  49323       if( bPurgeable ){
 49210  49324         pCache->nMin = 10;
 49211  49325         pGroup->nMinPage += pCache->nMin;
 49212  49326         pGroup->mxPinned = pGroup->nMaxPage + 10 - pGroup->nMinPage;
 49213  49327         pCache->pnPurgeable = &pGroup->nPurgeable;
 49214  49328       }else{
 49215         -      static unsigned int dummyCurrentPage;
 49216         -      pCache->pnPurgeable = &dummyCurrentPage;
        49329  +      pCache->pnPurgeable = &pCache->nPurgeableDummy;
 49217  49330       }
 49218  49331       pcache1LeaveMutex(pGroup);
 49219  49332       if( pCache->nHash==0 ){
 49220  49333         pcache1Destroy((sqlite3_pcache*)pCache);
 49221  49334         pCache = 0;
 49222  49335       }
 49223  49336     }
................................................................................
 49336  49449   
 49337  49450     if( pPage ){
 49338  49451       unsigned int h = iKey % pCache->nHash;
 49339  49452       pCache->nPage++;
 49340  49453       pPage->iKey = iKey;
 49341  49454       pPage->pNext = pCache->apHash[h];
 49342  49455       pPage->pCache = pCache;
 49343         -    pPage->pLruPrev = 0;
 49344  49456       pPage->pLruNext = 0;
        49457  +    /* pPage->pLruPrev = 0;
        49458  +    ** No need to clear pLruPrev since it is not accessed when pLruNext==0 */
 49345  49459       *(void **)pPage->page.pExtra = 0;
 49346  49460       pCache->apHash[h] = pPage;
 49347  49461       if( iKey>pCache->iMaxKey ){
 49348  49462         pCache->iMaxKey = iKey;
 49349  49463       }
 49350  49464     }
 49351  49465     return pPage;
................................................................................
 49497  49611    
 49498  49612     assert( pPage->pCache==pCache );
 49499  49613     pcache1EnterMutex(pGroup);
 49500  49614   
 49501  49615     /* It is an error to call this function if the page is already 
 49502  49616     ** part of the PGroup LRU list.
 49503  49617     */
 49504         -  assert( pPage->pLruPrev==0 && pPage->pLruNext==0 );
        49618  +  assert( pPage->pLruNext==0 );
 49505  49619     assert( PAGE_IS_PINNED(pPage) );
 49506  49620   
 49507  49621     if( reuseUnlikely || pGroup->nPurgeable>pGroup->nMaxPage ){
 49508  49622       pcache1RemoveFromHash(pPage, 1);
 49509  49623     }else{
 49510  49624       /* Add the page to the PGroup LRU list. */
 49511  49625       PgHdr1 **ppFirst = &pGroup->lru.pLruNext;
................................................................................
 54188  54302   ** Regardless of mxPage, return the current maximum page count.
 54189  54303   */
 54190  54304   SQLITE_PRIVATE int sqlite3PagerMaxPageCount(Pager *pPager, int mxPage){
 54191  54305     if( mxPage>0 ){
 54192  54306       pPager->mxPgno = mxPage;
 54193  54307     }
 54194  54308     assert( pPager->eState!=PAGER_OPEN );      /* Called only by OP_MaxPgcnt */
 54195         -  assert( pPager->mxPgno>=pPager->dbSize );  /* OP_MaxPgcnt enforces this */
        54309  +  /* assert( pPager->mxPgno>=pPager->dbSize ); */
        54310  +  /* OP_MaxPgcnt ensures that the parameter passed to this function is not
        54311  +  ** less than the total number of valid pages in the database. But this
        54312  +  ** may be less than Pager.dbSize, and so the assert() above is not valid */
 54196  54313     return pPager->mxPgno;
 54197  54314   }
 54198  54315   
 54199  54316   /*
 54200  54317   ** The following set of routines are used to disable the simulated
 54201  54318   ** I/O error mechanism.  These routines are used to avoid simulated
 54202  54319   ** errors in places where we do not care about errors.
................................................................................
 62427  62544   ** but cursors cannot be shared.  Each cursor is associated with a
 62428  62545   ** particular database connection identified BtCursor.pBtree.db.
 62429  62546   **
 62430  62547   ** Fields in this structure are accessed under the BtShared.mutex
 62431  62548   ** found at self->pBt->mutex. 
 62432  62549   **
 62433  62550   ** skipNext meaning:
 62434         -**    eState==SKIPNEXT && skipNext>0:  Next sqlite3BtreeNext() is no-op.
 62435         -**    eState==SKIPNEXT && skipNext<0:  Next sqlite3BtreePrevious() is no-op.
 62436         -**    eState==FAULT:                   Cursor fault with skipNext as error code.
        62551  +** The meaning of skipNext depends on the value of eState:
        62552  +**
        62553  +**   eState            Meaning of skipNext
        62554  +**   VALID             skipNext is meaningless and is ignored
        62555  +**   INVALID           skipNext is meaningless and is ignored
        62556  +**   SKIPNEXT          sqlite3BtreeNext() is a no-op if skipNext>0 and
        62557  +**                     sqlite3BtreePrevious() is no-op if skipNext<0.
        62558  +**   REQUIRESEEK       restoreCursorPosition() restores the cursor to
        62559  +**                     eState=SKIPNEXT if skipNext!=0
        62560  +**   FAULT             skipNext holds the cursor fault error code.
 62437  62561   */
 62438  62562   struct BtCursor {
 62439  62563     u8 eState;                /* One of the CURSOR_XXX constants (see below) */
 62440  62564     u8 curFlags;              /* zero or more BTCF_* flags defined below */
 62441  62565     u8 curPagerFlags;         /* Flags to send to sqlite3PagerGet() */
 62442  62566     u8 hints;                 /* As configured by CursorSetHints() */
 62443  62567     int skipNext;    /* Prev() is noop if negative. Next() is noop if positive.
................................................................................
 63593  63717     assert( 0==pCur->pKey );
 63594  63718     assert( cursorHoldsMutex(pCur) );
 63595  63719   
 63596  63720     if( pCur->curIntKey ){
 63597  63721       /* Only the rowid is required for a table btree */
 63598  63722       pCur->nKey = sqlite3BtreeIntegerKey(pCur);
 63599  63723     }else{
 63600         -    /* For an index btree, save the complete key content */
        63724  +    /* For an index btree, save the complete key content. It is possible
        63725  +    ** that the current key is corrupt. In that case, it is possible that
        63726  +    ** the sqlite3VdbeRecordUnpack() function may overread the buffer by
        63727  +    ** up to the size of 1 varint plus 1 8-byte value when the cursor 
        63728  +    ** position is restored. Hence the 17 bytes of padding allocated 
        63729  +    ** below. */
 63601  63730       void *pKey;
 63602  63731       pCur->nKey = sqlite3BtreePayloadSize(pCur);
 63603         -    pKey = sqlite3Malloc( pCur->nKey );
        63732  +    pKey = sqlite3Malloc( pCur->nKey + 9 + 8 );
 63604  63733       if( pKey ){
 63605  63734         rc = sqlite3BtreePayload(pCur, 0, (int)pCur->nKey, pKey);
 63606  63735         if( rc==SQLITE_OK ){
        63736  +        memset(((u8*)pKey)+pCur->nKey, 0, 9+8);
 63607  63737           pCur->pKey = pKey;
 63608  63738         }else{
 63609  63739           sqlite3_free(pKey);
 63610  63740         }
 63611  63741       }else{
 63612  63742         rc = SQLITE_NOMEM_BKPT;
 63613  63743       }
................................................................................
 63731  63861     int bias,           /* Bias search to the high end */
 63732  63862     int *pRes           /* Write search results here */
 63733  63863   ){
 63734  63864     int rc;                    /* Status code */
 63735  63865     UnpackedRecord *pIdxKey;   /* Unpacked index key */
 63736  63866   
 63737  63867     if( pKey ){
        63868  +    KeyInfo *pKeyInfo = pCur->pKeyInfo;
 63738  63869       assert( nKey==(i64)(int)nKey );
 63739         -    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
        63870  +    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
 63740  63871       if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
 63741         -    sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
 63742         -    if( pIdxKey->nField==0 ){
        63872  +    sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
        63873  +    if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
 63743  63874         rc = SQLITE_CORRUPT_BKPT;
 63744  63875         goto moveto_done;
 63745  63876       }
 63746  63877     }else{
 63747  63878       pIdxKey = 0;
 63748  63879     }
 63749  63880     rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);
................................................................................
 63771  63902     }
 63772  63903     pCur->eState = CURSOR_INVALID;
 63773  63904     rc = btreeMoveto(pCur, pCur->pKey, pCur->nKey, 0, &skipNext);
 63774  63905     if( rc==SQLITE_OK ){
 63775  63906       sqlite3_free(pCur->pKey);
 63776  63907       pCur->pKey = 0;
 63777  63908       assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_INVALID );
 63778         -    pCur->skipNext |= skipNext;
        63909  +    if( skipNext ) pCur->skipNext = skipNext;
 63779  63910       if( pCur->skipNext && pCur->eState==CURSOR_VALID ){
 63780  63911         pCur->eState = CURSOR_SKIPNEXT;
 63781  63912       }
 63782  63913     }
 63783  63914     return rc;
 63784  63915   }
 63785  63916   
................................................................................
 63841  63972     if( rc ){
 63842  63973       *pDifferentRow = 1;
 63843  63974       return rc;
 63844  63975     }
 63845  63976     if( pCur->eState!=CURSOR_VALID ){
 63846  63977       *pDifferentRow = 1;
 63847  63978     }else{
 63848         -    assert( pCur->skipNext==0 );
 63849  63979       *pDifferentRow = 0;
 63850  63980     }
 63851  63981     return SQLITE_OK;
 63852  63982   }
 63853  63983   
 63854  63984   #ifdef SQLITE_ENABLE_CURSOR_HINTS
 63855  63985   /*
................................................................................
 63924  64054       return;
 63925  64055     }
 63926  64056     iPtrmap = PTRMAP_PAGENO(pBt, key);
 63927  64057     rc = sqlite3PagerGet(pBt->pPager, iPtrmap, &pDbPage, 0);
 63928  64058     if( rc!=SQLITE_OK ){
 63929  64059       *pRC = rc;
 63930  64060       return;
        64061  +  }
        64062  +  if( ((char*)sqlite3PagerGetExtra(pDbPage))[0]!=0 ){
        64063  +    /* The first byte of the extra data is the MemPage.isInit byte.
        64064  +    ** If that byte is set, it means this page is also being used
        64065  +    ** as a btree page. */
        64066  +    *pRC = SQLITE_CORRUPT_BKPT;
        64067  +    goto ptrmap_exit;
 63931  64068     }
 63932  64069     offset = PTRMAP_PTROFFSET(iPtrmap, key);
 63933  64070     if( offset<0 ){
 63934  64071       *pRC = SQLITE_CORRUPT_BKPT;
 63935  64072       goto ptrmap_exit;
 63936  64073     }
 63937  64074     assert( offset <= (int)pBt->usableSize-5 );
................................................................................
 63987  64124     if( *pEType<1 || *pEType>5 ) return SQLITE_CORRUPT_PGNO(iPtrmap);
 63988  64125     return SQLITE_OK;
 63989  64126   }
 63990  64127   
 63991  64128   #else /* if defined SQLITE_OMIT_AUTOVACUUM */
 63992  64129     #define ptrmapPut(w,x,y,z,rc)
 63993  64130     #define ptrmapGet(w,x,y,z) SQLITE_OK
 63994         -  #define ptrmapPutOvflPtr(x, y, rc)
        64131  +  #define ptrmapPutOvflPtr(x, y, z, rc)
 63995  64132   #endif
 63996  64133   
 63997  64134   /*
 63998  64135   ** Given a btree page and a cell index (0 means the first cell on
 63999  64136   ** the page, 1 means the second cell, and so forth) return a pointer
 64000  64137   ** to the cell content.
 64001  64138   **
................................................................................
 64280  64417   static u16 cellSize(MemPage *pPage, int iCell){
 64281  64418     return pPage->xCellSize(pPage, findCell(pPage, iCell));
 64282  64419   }
 64283  64420   #endif
 64284  64421   
 64285  64422   #ifndef SQLITE_OMIT_AUTOVACUUM
 64286  64423   /*
 64287         -** If the cell pCell, part of page pPage contains a pointer
 64288         -** to an overflow page, insert an entry into the pointer-map
 64289         -** for the overflow page.
        64424  +** The cell pCell is currently part of page pSrc but will ultimately be part
        64425  +** of pPage.  (pSrc and pPager are often the same.)  If pCell contains a
        64426  +** pointer to an overflow page, insert an entry into the pointer-map for
        64427  +** the overflow page that will be valid after pCell has been moved to pPage.
 64290  64428   */
 64291         -static void ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell, int *pRC){
        64429  +static void ptrmapPutOvflPtr(MemPage *pPage, MemPage *pSrc, u8 *pCell,int *pRC){
 64292  64430     CellInfo info;
 64293  64431     if( *pRC ) return;
 64294  64432     assert( pCell!=0 );
 64295  64433     pPage->xParseCell(pPage, pCell, &info);
 64296  64434     if( info.nLocal<info.nPayload ){
 64297         -    Pgno ovfl = get4byte(&pCell[info.nSize-4]);
        64435  +    Pgno ovfl;
        64436  +    if( SQLITE_WITHIN(pSrc->aDataEnd, pCell, pCell+info.nLocal) ){
        64437  +      testcase( pSrc!=pPage );
        64438  +      *pRC = SQLITE_CORRUPT_BKPT;
        64439  +      return;
        64440  +    }
        64441  +    ovfl = get4byte(&pCell[info.nSize-4]);
 64298  64442       ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC);
 64299  64443     }
 64300  64444   }
 64301  64445   #endif
 64302  64446   
 64303  64447   
 64304  64448   /*
................................................................................
 64345  64489     /* This block handles pages with two or fewer free blocks and nMaxFrag
 64346  64490     ** or fewer fragmented bytes. In this case it is faster to move the
 64347  64491     ** two (or one) blocks of cells using memmove() and add the required
 64348  64492     ** offsets to each pointer in the cell-pointer array than it is to 
 64349  64493     ** reconstruct the entire page.  */
 64350  64494     if( (int)data[hdr+7]<=nMaxFrag ){
 64351  64495       int iFree = get2byte(&data[hdr+1]);
        64496  +
        64497  +    /* If the initial freeblock offset were out of bounds, that would
        64498  +    ** have been detected by btreeInitPage() when it was computing the
        64499  +    ** number of free bytes on the page. */
        64500  +    assert( iFree<=usableSize-4 );
 64352  64501       if( iFree ){
 64353  64502         int iFree2 = get2byte(&data[iFree]);
 64354         -
 64355         -      /* pageFindSlot() has already verified that free blocks are sorted
 64356         -      ** in order of offset within the page, and that no block extends
 64357         -      ** past the end of the page. Provided the two free slots do not 
 64358         -      ** overlap, this guarantees that the memmove() calls below will not
 64359         -      ** overwrite the usableSize byte buffer, even if the database page
 64360         -      ** is corrupt.  */
 64361         -      assert( iFree2==0 || iFree2>iFree );
 64362         -      assert( iFree+get2byte(&data[iFree+2]) <= usableSize );
 64363         -      assert( iFree2==0 || iFree2+get2byte(&data[iFree2+2]) <= usableSize );
 64364         -
        64503  +      if( iFree2>usableSize-4 ) return SQLITE_CORRUPT_PAGE(pPage);
 64365  64504         if( 0==iFree2 || (data[iFree2]==0 && data[iFree2+1]==0) ){
 64366  64505           u8 *pEnd = &data[cellOffset + nCell*2];
 64367  64506           u8 *pAddr;
 64368  64507           int sz2 = 0;
 64369  64508           int sz = get2byte(&data[iFree+2]);
 64370  64509           int top = get2byte(&data[hdr+5]);
 64371  64510           if( top>=iFree ){
 64372  64511             return SQLITE_CORRUPT_PAGE(pPage);
 64373  64512           }
 64374  64513           if( iFree2 ){
 64375         -          assert( iFree+sz<=iFree2 ); /* Verified by pageFindSlot() */
        64514  +          if( iFree+sz>iFree2 ) return SQLITE_CORRUPT_PAGE(pPage);
 64376  64515             sz2 = get2byte(&data[iFree2+2]);
 64377         -          assert( iFree+sz+sz2+iFree2-(iFree+sz) <= usableSize );
        64516  +          if( iFree2+sz2 > usableSize ) return SQLITE_CORRUPT_PAGE(pPage);
 64378  64517             memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz));
 64379  64518             sz += sz2;
 64380  64519           }
 64381  64520           cbrk = top+sz;
 64382  64521           assert( cbrk+(iFree-top) <= usableSize );
 64383  64522           memmove(&data[cbrk], &data[top], iFree-top);
 64384  64523           for(pAddr=&data[cellOffset]; pAddr<pEnd; pAddr+=2){
................................................................................
 65925  66064   ** well-formed database file, then SQLITE_CORRUPT is returned.
 65926  66065   ** SQLITE_BUSY is returned if the database is locked.  SQLITE_NOMEM
 65927  66066   ** is returned if we run out of memory. 
 65928  66067   */
 65929  66068   static int lockBtree(BtShared *pBt){
 65930  66069     int rc;              /* Result code from subfunctions */
 65931  66070     MemPage *pPage1;     /* Page 1 of the database file */
 65932         -  int nPage;           /* Number of pages in the database */
 65933         -  int nPageFile = 0;   /* Number of pages in the database file */
 65934         -  int nPageHeader;     /* Number of pages in the database according to hdr */
        66071  +  u32 nPage;           /* Number of pages in the database */
        66072  +  u32 nPageFile = 0;   /* Number of pages in the database file */
        66073  +  u32 nPageHeader;     /* Number of pages in the database according to hdr */
 65935  66074   
 65936  66075     assert( sqlite3_mutex_held(pBt->mutex) );
 65937  66076     assert( pBt->pPage1==0 );
 65938  66077     rc = sqlite3PagerSharedLock(pBt->pPager);
 65939  66078     if( rc!=SQLITE_OK ) return rc;
 65940  66079     rc = btreeGetPage(pBt, 1, &pPage1, 0);
 65941  66080     if( rc!=SQLITE_OK ) return rc;
 65942  66081   
 65943  66082     /* Do some checking to help insure the file we opened really is
 65944  66083     ** a valid database file. 
 65945  66084     */
 65946  66085     nPage = nPageHeader = get4byte(28+(u8*)pPage1->aData);
 65947         -  sqlite3PagerPagecount(pBt->pPager, &nPageFile);
        66086  +  sqlite3PagerPagecount(pBt->pPager, (int*)&nPageFile);
 65948  66087     if( nPage==0 || memcmp(24+(u8*)pPage1->aData, 92+(u8*)pPage1->aData,4)!=0 ){
 65949  66088       nPage = nPageFile;
 65950  66089     }
 65951  66090     if( (pBt->db->flags & SQLITE_ResetDatabase)!=0 ){
 65952  66091       nPage = 0;
 65953  66092     }
 65954  66093     if( nPage>0 ){
................................................................................
 66021  66160       ** between 512 and 65536 inclusive. */
 66022  66161       if( ((pageSize-1)&pageSize)!=0
 66023  66162        || pageSize>SQLITE_MAX_PAGE_SIZE 
 66024  66163        || pageSize<=256 
 66025  66164       ){
 66026  66165         goto page1_init_failed;
 66027  66166       }
        66167  +    pBt->btsFlags |= BTS_PAGESIZE_FIXED;
 66028  66168       assert( (pageSize & 7)==0 );
 66029  66169       /* EVIDENCE-OF: R-59310-51205 The "reserved space" size in the 1-byte
 66030  66170       ** integer at offset 20 is the number of bytes of space at the end of
 66031  66171       ** each page to reserve for extensions. 
 66032  66172       **
 66033  66173       ** EVIDENCE-OF: R-37497-42412 The size of the reserved region is
 66034  66174       ** determined by the one-byte unsigned integer found at an offset of 20
................................................................................
 66411  66551     rc = pPage->isInit ? SQLITE_OK : btreeInitPage(pPage);
 66412  66552     if( rc!=SQLITE_OK ) return rc;
 66413  66553     nCell = pPage->nCell;
 66414  66554   
 66415  66555     for(i=0; i<nCell; i++){
 66416  66556       u8 *pCell = findCell(pPage, i);
 66417  66557   
 66418         -    ptrmapPutOvflPtr(pPage, pCell, &rc);
        66558  +    ptrmapPutOvflPtr(pPage, pPage, pCell, &rc);
 66419  66559   
 66420  66560       if( !pPage->leaf ){
 66421  66561         Pgno childPgno = get4byte(pCell);
 66422  66562         ptrmapPut(pBt, childPgno, PTRMAP_BTREE, pgno, &rc);
 66423  66563       }
 66424  66564     }
 66425  66565   
................................................................................
 67337  67477         }while( ALWAYS(pPrev) );
 67338  67478       }
 67339  67479       btreeReleaseAllCursorPages(pCur);
 67340  67480       unlockBtreeIfUnused(pBt);
 67341  67481       sqlite3_free(pCur->aOverflow);
 67342  67482       sqlite3_free(pCur->pKey);
 67343  67483       sqlite3BtreeLeave(pBtree);
        67484  +    pCur->pBtree = 0;
 67344  67485     }
 67345  67486     return SQLITE_OK;
 67346  67487   }
 67347  67488   
 67348  67489   /*
 67349  67490   ** Make sure the BtCursor* given in the argument has a valid
 67350  67491   ** BtCursor.info structure.  If it is not already valid, call
................................................................................
 67434  67575   */
 67435  67576   SQLITE_PRIVATE u32 sqlite3BtreePayloadSize(BtCursor *pCur){
 67436  67577     assert( cursorHoldsMutex(pCur) );
 67437  67578     assert( pCur->eState==CURSOR_VALID );
 67438  67579     getCellInfo(pCur);
 67439  67580     return pCur->info.nPayload;
 67440  67581   }
        67582  +
        67583  +/*
        67584  +** Return an upper bound on the size of any record for the table
        67585  +** that the cursor is pointing into.
        67586  +**
        67587  +** This is an optimization.  Everything will still work if this
        67588  +** routine always returns 2147483647 (which is the largest record
        67589  +** that SQLite can handle) or more.  But returning a smaller value might
        67590  +** prevent large memory allocations when trying to interpret a
        67591  +** corrupt datrabase.
        67592  +**
        67593  +** The current implementation merely returns the size of the underlying
        67594  +** database file.
        67595  +*/
        67596  +SQLITE_PRIVATE sqlite3_int64 sqlite3BtreeMaxRecordSize(BtCursor *pCur){
        67597  +  assert( cursorHoldsMutex(pCur) );
        67598  +  assert( pCur->eState==CURSOR_VALID );
        67599  +  return pCur->pBt->pageSize * (sqlite3_int64)pCur->pBt->nPage;
        67600  +}
 67441  67601   
 67442  67602   /*
 67443  67603   ** Given the page number of an overflow page in the database (parameter
 67444  67604   ** ovfl), this function finds the page number of the next page in the 
 67445  67605   ** linked list of overflow pages. If possible, it uses the auto-vacuum
 67446  67606   ** pointer-map data instead of reading the content of page ovfl to do so. 
 67447  67607   **
................................................................................
 68249  68409           *pRes = -1;
 68250  68410           return SQLITE_OK;
 68251  68411         }
 68252  68412         /* If the requested key is one more than the previous key, then
 68253  68413         ** try to get there using sqlite3BtreeNext() rather than a full
 68254  68414         ** binary search.  This is an optimization only.  The correct answer
 68255  68415         ** is still obtained without this case, only a little more slowely */
 68256         -      if( pCur->info.nKey+1==intKey && !pCur->skipNext ){
        68416  +      if( pCur->info.nKey+1==intKey ){
 68257  68417           *pRes = 0;
 68258  68418           rc = sqlite3BtreeNext(pCur, 0);
 68259  68419           if( rc==SQLITE_OK ){
 68260  68420             getCellInfo(pCur);
 68261  68421             if( pCur->info.nKey==intKey ){
 68262  68422               return SQLITE_OK;
 68263  68423             }
................................................................................
 68391  68551             u8 * const pCellBody = pCell - pPage->childPtrSize;
 68392  68552             pPage->xParseCell(pPage, pCellBody, &pCur->info);
 68393  68553             nCell = (int)pCur->info.nKey;
 68394  68554             testcase( nCell<0 );   /* True if key size is 2^32 or more */
 68395  68555             testcase( nCell==0 );  /* Invalid key size:  0x80 0x80 0x00 */
 68396  68556             testcase( nCell==1 );  /* Invalid key size:  0x80 0x80 0x01 */
 68397  68557             testcase( nCell==2 );  /* Minimum legal index key size */
 68398         -          if( nCell<2 ){
        68558  +          if( nCell<2 || nCell/pCur->pBt->usableSize>pCur->pBt->nPage ){
 68399  68559               rc = SQLITE_CORRUPT_PAGE(pPage);
 68400  68560               goto moveto_finish;
 68401  68561             }
 68402  68562             pCellKey = sqlite3Malloc( nCell+18 );
 68403  68563             if( pCellKey==0 ){
 68404  68564               rc = SQLITE_NOMEM_BKPT;
 68405  68565               goto moveto_finish;
................................................................................
 68523  68683   */
 68524  68684   static SQLITE_NOINLINE int btreeNext(BtCursor *pCur){
 68525  68685     int rc;
 68526  68686     int idx;
 68527  68687     MemPage *pPage;
 68528  68688   
 68529  68689     assert( cursorOwnsBtShared(pCur) );
 68530         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68531  68690     if( pCur->eState!=CURSOR_VALID ){
 68532  68691       assert( (pCur->curFlags & BTCF_ValidOvfl)==0 );
 68533  68692       rc = restoreCursorPosition(pCur);
 68534  68693       if( rc!=SQLITE_OK ){
 68535  68694         return rc;
 68536  68695       }
 68537  68696       if( CURSOR_INVALID==pCur->eState ){
 68538  68697         return SQLITE_DONE;
 68539  68698       }
 68540         -    if( pCur->skipNext ){
 68541         -      assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_SKIPNEXT );
        68699  +    if( pCur->eState==CURSOR_SKIPNEXT ){
 68542  68700         pCur->eState = CURSOR_VALID;
 68543         -      if( pCur->skipNext>0 ){
 68544         -        pCur->skipNext = 0;
 68545         -        return SQLITE_OK;
 68546         -      }
 68547         -      pCur->skipNext = 0;
        68701  +      if( pCur->skipNext>0 ) return SQLITE_OK;
 68548  68702       }
 68549  68703     }
 68550  68704   
 68551  68705     pPage = pCur->pPage;
 68552  68706     idx = ++pCur->ix;
 68553  68707     if( !pPage->isInit ){
 68554  68708       /* The only known way for this to happen is for there to be a
................................................................................
 68595  68749     }
 68596  68750   }
 68597  68751   SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor *pCur, int flags){
 68598  68752     MemPage *pPage;
 68599  68753     UNUSED_PARAMETER( flags );  /* Used in COMDB2 but not native SQLite */
 68600  68754     assert( cursorOwnsBtShared(pCur) );
 68601  68755     assert( flags==0 || flags==1 );
 68602         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68603  68756     pCur->info.nSize = 0;
 68604  68757     pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
 68605  68758     if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur);
 68606  68759     pPage = pCur->pPage;
 68607  68760     if( (++pCur->ix)>=pPage->nCell ){
 68608  68761       pCur->ix--;
 68609  68762       return btreeNext(pCur);
................................................................................
 68636  68789   ** use this hint, but COMDB2 does.
 68637  68790   */
 68638  68791   static SQLITE_NOINLINE int btreePrevious(BtCursor *pCur){
 68639  68792     int rc;
 68640  68793     MemPage *pPage;
 68641  68794   
 68642  68795     assert( cursorOwnsBtShared(pCur) );
 68643         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68644  68796     assert( (pCur->curFlags & (BTCF_AtLast|BTCF_ValidOvfl|BTCF_ValidNKey))==0 );
 68645  68797     assert( pCur->info.nSize==0 );
 68646  68798     if( pCur->eState!=CURSOR_VALID ){
 68647  68799       rc = restoreCursorPosition(pCur);
 68648  68800       if( rc!=SQLITE_OK ){
 68649  68801         return rc;
 68650  68802       }
 68651  68803       if( CURSOR_INVALID==pCur->eState ){
 68652  68804         return SQLITE_DONE;
 68653  68805       }
 68654         -    if( pCur->skipNext ){
 68655         -      assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_SKIPNEXT );
        68806  +    if( CURSOR_SKIPNEXT==pCur->eState ){
 68656  68807         pCur->eState = CURSOR_VALID;
 68657         -      if( pCur->skipNext<0 ){
 68658         -        pCur->skipNext = 0;
 68659         -        return SQLITE_OK;
 68660         -      }
 68661         -      pCur->skipNext = 0;
        68808  +      if( pCur->skipNext<0 ) return SQLITE_OK;
 68662  68809       }
 68663  68810     }
 68664  68811   
 68665  68812     pPage = pCur->pPage;
 68666  68813     assert( pPage->isInit );
 68667  68814     if( !pPage->leaf ){
 68668  68815       int idx = pCur->ix;
................................................................................
 68689  68836       }
 68690  68837     }
 68691  68838     return rc;
 68692  68839   }
 68693  68840   SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor *pCur, int flags){
 68694  68841     assert( cursorOwnsBtShared(pCur) );
 68695  68842     assert( flags==0 || flags==1 );
 68696         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68697  68843     UNUSED_PARAMETER( flags );  /* Used in COMDB2 but not native SQLite */
 68698  68844     pCur->curFlags &= ~(BTCF_AtLast|BTCF_ValidOvfl|BTCF_ValidNKey);
 68699  68845     pCur->info.nSize = 0;
 68700  68846     if( pCur->eState!=CURSOR_VALID
 68701  68847      || pCur->ix==0
 68702  68848      || pCur->pPage->leaf==0
 68703  68849     ){
................................................................................
 69025  69171       if( rc!=SQLITE_OK ){
 69026  69172         releasePage(*ppPage);
 69027  69173         *ppPage = 0;
 69028  69174       }
 69029  69175       TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
 69030  69176     }
 69031  69177   
 69032         -  assert( *pPgno!=PENDING_BYTE_PAGE(pBt) );
        69178  +  assert( CORRUPT_DB || *pPgno!=PENDING_BYTE_PAGE(pBt) );
 69033  69179   
 69034  69180   end_allocate_page:
 69035  69181     releasePage(pTrunk);
 69036  69182     releasePage(pPrevTrunk);
 69037  69183     assert( rc!=SQLITE_OK || sqlite3PagerPageRefcount((*ppPage)->pDbPage)<=1 );
 69038  69184     assert( rc!=SQLITE_OK || (*ppPage)->isInit==0 );
 69039  69185     return rc;
................................................................................
 69580  69726       if( rc ){ *pRC = rc; return; }
 69581  69727       /* The allocateSpace() routine guarantees the following properties
 69582  69728       ** if it returns successfully */
 69583  69729       assert( idx >= 0 );
 69584  69730       assert( idx >= pPage->cellOffset+2*pPage->nCell+2 || CORRUPT_DB );
 69585  69731       assert( idx+sz <= (int)pPage->pBt->usableSize );
 69586  69732       pPage->nFree -= (u16)(2 + sz);
 69587         -    memcpy(&data[idx], pCell, sz);
 69588  69733       if( iChild ){
        69734  +      /* In a corrupt database where an entry in the cell index section of
        69735  +      ** a btree page has a value of 3 or less, the pCell value might point
        69736  +      ** as many as 4 bytes in front of the start of the aData buffer for
        69737  +      ** the source page.  Make sure this does not cause problems by not
        69738  +      ** reading the first 4 bytes */
        69739  +      memcpy(&data[idx+4], pCell+4, sz-4);
 69589  69740         put4byte(&data[idx], iChild);
        69741  +    }else{
        69742  +      memcpy(&data[idx], pCell, sz);
 69590  69743       }
 69591  69744       pIns = pPage->aCellIdx + i*2;
 69592  69745       memmove(pIns+2, pIns, 2*(pPage->nCell - i));
 69593  69746       put2byte(pIns, idx);
 69594  69747       pPage->nCell++;
 69595  69748       /* increment the cell count */
 69596  69749       if( (++data[pPage->hdrOffset+4])==0 ) data[pPage->hdrOffset+3]++;
 69597  69750       assert( get2byte(&data[pPage->hdrOffset+3])==pPage->nCell );
 69598  69751   #ifndef SQLITE_OMIT_AUTOVACUUM
 69599  69752       if( pPage->pBt->autoVacuum ){
 69600  69753         /* The cell may contain a pointer to an overflow page. If so, write
 69601  69754         ** the entry for the overflow page into the pointer map.
 69602  69755         */
 69603         -      ptrmapPutOvflPtr(pPage, pCell, pRC);
        69756  +      ptrmapPutOvflPtr(pPage, pPage, pCell, pRC);
 69604  69757       }
 69605  69758   #endif
 69606  69759     }
 69607  69760   }
 69608  69761   
        69762  +/*
        69763  +** The following parameters determine how many adjacent pages get involved
        69764  +** in a balancing operation.  NN is the number of neighbors on either side
        69765  +** of the page that participate in the balancing operation.  NB is the
        69766  +** total number of pages that participate, including the target page and
        69767  +** NN neighbors on either side.
        69768  +**
        69769  +** The minimum value of NN is 1 (of course).  Increasing NN above 1
        69770  +** (to 2 or 3) gives a modest improvement in SELECT and DELETE performance
        69771  +** in exchange for a larger degradation in INSERT and UPDATE performance.
        69772  +** The value of NN appears to give the best results overall.
        69773  +**
        69774  +** (Later:) The description above makes it seem as if these values are
        69775  +** tunable - as if you could change them and recompile and it would all work.
        69776  +** But that is unlikely.  NB has been 3 since the inception of SQLite and
        69777  +** we have never tested any other value.
        69778  +*/
        69779  +#define NN 1             /* Number of neighbors on either side of pPage */
        69780  +#define NB 3             /* (NN*2+1): Total pages involved in the balance */
        69781  +
 69609  69782   /*
 69610  69783   ** A CellArray object contains a cache of pointers and sizes for a
 69611  69784   ** consecutive sequence of cells that might be held on multiple pages.
        69785  +**
        69786  +** The cells in this array are the divider cell or cells from the pParent
        69787  +** page plus up to three child pages.  There are a total of nCell cells.
        69788  +**
        69789  +** pRef is a pointer to one of the pages that contributes cells.  This is
        69790  +** used to access information such as MemPage.intKey and MemPage.pBt->pageSize
        69791  +** which should be common to all pages that contribute cells to this array.
        69792  +**
        69793  +** apCell[] and szCell[] hold, respectively, pointers to the start of each
        69794  +** cell and the size of each cell.  Some of the apCell[] pointers might refer
        69795  +** to overflow cells.  In other words, some apCel[] pointers might not point
        69796  +** to content area of the pages.
        69797  +**
        69798  +** A szCell[] of zero means the size of that cell has not yet been computed.
        69799  +**
        69800  +** The cells come from as many as four different pages:
        69801  +**
        69802  +**             -----------
        69803  +**             | Parent  |
        69804  +**             -----------
        69805  +**            /     |     \
        69806  +**           /      |      \
        69807  +**  ---------   ---------   ---------
        69808  +**  |Child-1|   |Child-2|   |Child-3|
        69809  +**  ---------   ---------   ---------
        69810  +**
        69811  +** The order of cells is in the array is for an index btree is:
        69812  +**
        69813  +**       1.  All cells from Child-1 in order
        69814  +**       2.  The first divider cell from Parent
        69815  +**       3.  All cells from Child-2 in order
        69816  +**       4.  The second divider cell from Parent
        69817  +**       5.  All cells from Child-3 in order
        69818  +**
        69819  +** For a table-btree (with rowids) the items 2 and 4 are empty because
        69820  +** content exists only in leaves and there are no divider cells.
        69821  +**
        69822  +** For an index btree, the apEnd[] array holds pointer to the end of page
        69823  +** for Child-1, the Parent, Child-2, the Parent (again), and Child-3,
        69824  +** respectively. The ixNx[] array holds the number of cells contained in
        69825  +** each of these 5 stages, and all stages to the left.  Hence:
        69826  +**
        69827  +**    ixNx[0] = Number of cells in Child-1.
        69828  +**    ixNx[1] = Number of cells in Child-1 plus 1 for first divider.
        69829  +**    ixNx[2] = Number of cells in Child-1 and Child-2 + 1 for 1st divider.
        69830  +**    ixNx[3] = Number of cells in Child-1 and Child-2 + both divider cells
        69831  +**    ixNx[4] = Total number of cells.
        69832  +**
        69833  +** For a table-btree, the concept is similar, except only apEnd[0]..apEnd[2]
        69834  +** are used and they point to the leaf pages only, and the ixNx value are:
        69835  +**
        69836  +**    ixNx[0] = Number of cells in Child-1.
        69837  +**    ixNx[1] = Number of cells in Child-1 and Child-2 + 1 for 1st divider.
        69838  +**    ixNx[2] = Number of cells in Child-1 and Child-2 + both divider cells
 69612  69839   */
 69613  69840   typedef struct CellArray CellArray;
 69614  69841   struct CellArray {
 69615  69842     int nCell;              /* Number of cells in apCell[] */
 69616  69843     MemPage *pRef;          /* Reference page */
 69617  69844     u8 **apCell;            /* All cells begin balanced */
 69618  69845     u16 *szCell;            /* Local size of all cells in apCell[] */
        69846  +  u8 *apEnd[NB*2];        /* MemPage.aDataEnd values */
        69847  +  int ixNx[NB*2];         /* Index of at which we move to the next apEnd[] */
 69619  69848   };
 69620  69849   
 69621  69850   /*
 69622  69851   ** Make sure the cell sizes at idx, idx+1, ..., idx+N-1 have been
 69623  69852   ** computed.
 69624  69853   */
 69625  69854   static void populateCellCache(CellArray *p, int idx, int N){
................................................................................
 69662  69891   ** function works around problems caused by this by making a copy of any 
 69663  69892   ** such cells before overwriting the page data.
 69664  69893   **
 69665  69894   ** The MemPage.nFree field is invalidated by this function. It is the 
 69666  69895   ** responsibility of the caller to set it correctly.
 69667  69896   */
 69668  69897   static int rebuildPage(
 69669         -  MemPage *pPg,                   /* Edit this page */
        69898  +  CellArray *pCArray,             /* Content to be added to page pPg */
        69899  +  int iFirst,                     /* First cell in pCArray to use */
 69670  69900     int nCell,                      /* Final number of cells on page */
 69671         -  u8 **apCell,                    /* Array of cells */
 69672         -  u16 *szCell                     /* Array of cell sizes */
        69901  +  MemPage *pPg                    /* The page to be reconstructed */
 69673  69902   ){
 69674  69903     const int hdr = pPg->hdrOffset;          /* Offset of header on pPg */
 69675  69904     u8 * const aData = pPg->aData;           /* Pointer to data for pPg */
 69676  69905     const int usableSize = pPg->pBt->usableSize;
 69677  69906     u8 * const pEnd = &aData[usableSize];
 69678         -  int i;
        69907  +  int i = iFirst;                 /* Which cell to copy from pCArray*/
        69908  +  u32 j;                          /* Start of cell content area */
        69909  +  int iEnd = i+nCell;             /* Loop terminator */
 69679  69910     u8 *pCellptr = pPg->aCellIdx;
 69680  69911     u8 *pTmp = sqlite3PagerTempSpace(pPg->pBt->pPager);
 69681  69912     u8 *pData;
        69913  +  int k;                          /* Current slot in pCArray->apEnd[] */
        69914  +  u8 *pSrcEnd;                    /* Current pCArray->apEnd[k] value */
 69682  69915   
 69683         -  i = get2byte(&aData[hdr+5]);
 69684         -  memcpy(&pTmp[i], &aData[i], usableSize - i);
        69916  +  assert( i<iEnd );
        69917  +  j = get2byte(&aData[hdr+5]);
        69918  +  if( NEVER(j>(u32)usableSize) ){ j = 0; }
        69919  +  memcpy(&pTmp[j], &aData[j], usableSize - j);
        69920  +
        69921  +  for(k=0; pCArray->ixNx[k]<=i && ALWAYS(k<NB*2); k++){}
        69922  +  pSrcEnd = pCArray->apEnd[k];
 69685  69923   
 69686  69924     pData = pEnd;
 69687         -  for(i=0; i<nCell; i++){
 69688         -    u8 *pCell = apCell[i];
        69925  +  while( 1/*exit by break*/ ){
        69926  +    u8 *pCell = pCArray->apCell[i];
        69927  +    u16 sz = pCArray->szCell[i];
        69928  +    assert( sz>0 );
 69689  69929       if( SQLITE_WITHIN(pCell,aData,pEnd) ){
        69930  +      if( ((uptr)(pCell+sz))>(uptr)pEnd ) return SQLITE_CORRUPT_BKPT;
 69690  69931         pCell = &pTmp[pCell - aData];
        69932  +    }else if( (uptr)(pCell+sz)>(uptr)pSrcEnd
        69933  +           && (uptr)(pCell)<(uptr)pSrcEnd
        69934  +    ){
        69935  +      return SQLITE_CORRUPT_BKPT;
 69691  69936       }
 69692         -    pData -= szCell[i];
        69937  +
        69938  +    pData -= sz;
 69693  69939       put2byte(pCellptr, (pData - aData));
 69694  69940       pCellptr += 2;
 69695  69941       if( pData < pCellptr ) return SQLITE_CORRUPT_BKPT;
 69696         -    memcpy(pData, pCell, szCell[i]);
 69697         -    assert( szCell[i]==pPg->xCellSize(pPg, pCell) || CORRUPT_DB );
 69698         -    testcase( szCell[i]!=pPg->xCellSize(pPg,pCell) );
        69942  +    memcpy(pData, pCell, sz);
        69943  +    assert( sz==pPg->xCellSize(pPg, pCell) || CORRUPT_DB );
        69944  +    testcase( sz!=pPg->xCellSize(pPg,pCell) );
        69945  +    i++;
        69946  +    if( i>=iEnd ) break;
        69947  +    if( pCArray->ixNx[k]<=i ){
        69948  +      k++;
        69949  +      pSrcEnd = pCArray->apEnd[k];
        69950  +    }
 69699  69951     }
 69700  69952   
 69701  69953     /* The pPg->nFree field is now set incorrectly. The caller will fix it. */
 69702  69954     pPg->nCell = nCell;
 69703  69955     pPg->nOverflow = 0;
 69704  69956   
 69705  69957     put2byte(&aData[hdr+1], 0);
................................................................................
 69706  69958     put2byte(&aData[hdr+3], pPg->nCell);
 69707  69959     put2byte(&aData[hdr+5], pData - aData);
 69708  69960     aData[hdr+7] = 0x00;
 69709  69961     return SQLITE_OK;
 69710  69962   }
 69711  69963   
 69712  69964   /*
 69713         -** Array apCell[] contains nCell pointers to b-tree cells. Array szCell
 69714         -** contains the size in bytes of each such cell. This function attempts to 
 69715         -** add the cells stored in the array to page pPg. If it cannot (because 
 69716         -** the page needs to be defragmented before the cells will fit), non-zero
 69717         -** is returned. Otherwise, if the cells are added successfully, zero is
 69718         -** returned.
        69965  +** The pCArray objects contains pointers to b-tree cells and the cell sizes.
        69966  +** This function attempts to add the cells stored in the array to page pPg.
        69967  +** If it cannot (because the page needs to be defragmented before the cells
        69968  +** will fit), non-zero is returned. Otherwise, if the cells are added
        69969  +** successfully, zero is returned.
 69719  69970   **
 69720  69971   ** Argument pCellptr points to the first entry in the cell-pointer array
 69721  69972   ** (part of page pPg) to populate. After cell apCell[0] is written to the
 69722  69973   ** page body, a 16-bit offset is written to pCellptr. And so on, for each
 69723  69974   ** cell in the array. It is the responsibility of the caller to ensure
 69724  69975   ** that it is safe to overwrite this part of the cell-pointer array.
 69725  69976   **
................................................................................
 69733  69984   ** all cells - not just those inserted by the current call). If the content
 69734  69985   ** area must be extended to before this point in order to accomodate all
 69735  69986   ** cells in apCell[], then the cells do not fit and non-zero is returned.
 69736  69987   */
 69737  69988   static int pageInsertArray(
 69738  69989     MemPage *pPg,                   /* Page to add cells to */
 69739  69990     u8 *pBegin,                     /* End of cell-pointer array */
 69740         -  u8 **ppData,                    /* IN/OUT: Page content -area pointer */
        69991  +  u8 **ppData,                    /* IN/OUT: Page content-area pointer */
 69741  69992     u8 *pCellptr,                   /* Pointer to cell-pointer area */
 69742  69993     int iFirst,                     /* Index of first cell to add */
 69743  69994     int nCell,                      /* Number of cells to add to pPg */
 69744  69995     CellArray *pCArray              /* Array of cells */
 69745  69996   ){
 69746         -  int i;
 69747         -  u8 *aData = pPg->aData;
 69748         -  u8 *pData = *ppData;
 69749         -  int iEnd = iFirst + nCell;
        69997  +  int i = iFirst;                 /* Loop counter - cell index to insert */
        69998  +  u8 *aData = pPg->aData;         /* Complete page */
        69999  +  u8 *pData = *ppData;            /* Content area.  A subset of aData[] */
        70000  +  int iEnd = iFirst + nCell;      /* End of loop. One past last cell to ins */
        70001  +  int k;                          /* Current slot in pCArray->apEnd[] */
        70002  +  u8 *pEnd;                       /* Maximum extent of cell data */
 69750  70003     assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
 69751         -  for(i=iFirst; i<iEnd; i++){
        70004  +  if( iEnd<=iFirst ) return 0;
        70005  +  for(k=0; pCArray->ixNx[k]<=i && ALWAYS(k<NB*2); k++){}
        70006  +  pEnd = pCArray->apEnd[k];
        70007  +  while( 1 /*Exit by break*/ ){
 69752  70008       int sz, rc;
 69753  70009       u8 *pSlot;
 69754  70010       sz = cachedCellSize(pCArray, i);
 69755  70011       if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
 69756  70012         if( (pData - pBegin)<sz ) return 1;
 69757  70013         pData -= sz;
 69758  70014         pSlot = pData;
................................................................................
 69759  70015       }
 69760  70016       /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
 69761  70017       ** database.  But they might for a corrupt database.  Hence use memmove()
 69762  70018       ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
 69763  70019       assert( (pSlot+sz)<=pCArray->apCell[i]
 69764  70020            || pSlot>=(pCArray->apCell[i]+sz)
 69765  70021            || CORRUPT_DB );
        70022  +    if( (uptr)(pCArray->apCell[i]+sz)>(uptr)pEnd
        70023  +     && (uptr)(pCArray->apCell[i])<(uptr)pEnd
        70024  +    ){
        70025  +      assert( CORRUPT_DB );
        70026  +      (void)SQLITE_CORRUPT_BKPT;
        70027  +      return 1;
        70028  +    }
 69766  70029       memmove(pSlot, pCArray->apCell[i], sz);
 69767  70030       put2byte(pCellptr, (pSlot - aData));
 69768  70031       pCellptr += 2;
        70032  +    i++;
        70033  +    if( i>=iEnd ) break;
        70034  +    if( pCArray->ixNx[k]<=i ){
        70035  +      k++;
        70036  +      pEnd = pCArray->apEnd[k];
        70037  +    }
 69769  70038     }
 69770  70039     *ppData = pData;
 69771  70040     return 0;
 69772  70041   }
 69773  70042   
 69774  70043   /*
 69775         -** Array apCell[] contains nCell pointers to b-tree cells. Array szCell 
 69776         -** contains the size in bytes of each such cell. This function adds the
 69777         -** space associated with each cell in the array that is currently stored 
 69778         -** within the body of pPg to the pPg free-list. The cell-pointers and other
 69779         -** fields of the page are not updated.
        70044  +** The pCArray object contains pointers to b-tree cells and their sizes.
        70045  +**
        70046  +** This function adds the space associated with each cell in the array
        70047  +** that is currently stored within the body of pPg to the pPg free-list.
        70048  +** The cell-pointers and other fields of the page are not updated.
 69780  70049   **
 69781  70050   ** This function returns the total number of cells added to the free-list.
 69782  70051   */
 69783  70052   static int pageFreeArray(
 69784  70053     MemPage *pPg,                   /* Page to edit */
 69785  70054     int iFirst,                     /* First cell to delete */
 69786  70055     int nCell,                      /* Cells to delete */
................................................................................
 69822  70091       assert( pFree>aData && (pFree - aData)<65536 );
 69823  70092       freeSpace(pPg, (u16)(pFree - aData), szFree);
 69824  70093     }
 69825  70094     return nRet;
 69826  70095   }
 69827  70096   
 69828  70097   /*
 69829         -** apCell[] and szCell[] contains pointers to and sizes of all cells in the
 69830         -** pages being balanced.  The current page, pPg, has pPg->nCell cells starting
 69831         -** with apCell[iOld].  After balancing, this page should hold nNew cells
        70098  +** pCArray contains pointers to and sizes of all cells in the page being
        70099  +** balanced.  The current page, pPg, has pPg->nCell cells starting with
        70100  +** pCArray->apCell[iOld].  After balancing, this page should hold nNew cells
 69832  70101   ** starting at apCell[iNew].
 69833  70102   **
 69834  70103   ** This routine makes the necessary adjustments to pPg so that it contains
 69835  70104   ** the correct cells after being balanced.
 69836  70105   **
 69837  70106   ** The pPg->nFree field is invalid when this function returns. It is the
 69838  70107   ** responsibility of the caller to set it correctly.
................................................................................
 69856  70125   
 69857  70126   #ifdef SQLITE_DEBUG
 69858  70127     u8 *pTmp = sqlite3PagerTempSpace(pPg->pBt->pPager);
 69859  70128     memcpy(pTmp, aData, pPg->pBt->usableSize);
 69860  70129   #endif
 69861  70130   
 69862  70131     /* Remove cells from the start and end of the page */
        70132  +  assert( nCell>=0 );
 69863  70133     if( iOld<iNew ){
 69864  70134       int nShift = pageFreeArray(pPg, iOld, iNew-iOld, pCArray);
        70135  +    if( nShift>nCell ) return SQLITE_CORRUPT_BKPT;
 69865  70136       memmove(pPg->aCellIdx, &pPg->aCellIdx[nShift*2], nCell*2);
 69866  70137       nCell -= nShift;
 69867  70138     }
 69868  70139     if( iNewEnd < iOldEnd ){
 69869         -    nCell -= pageFreeArray(pPg, iNewEnd, iOldEnd - iNewEnd, pCArray);
        70140  +    int nTail = pageFreeArray(pPg, iNewEnd, iOldEnd - iNewEnd, pCArray);
        70141  +    assert( nCell>=nTail );
        70142  +    nCell -= nTail;
 69870  70143     }
 69871  70144   
 69872  70145     pData = &aData[get2byteNotZero(&aData[hdr+5])];
 69873  70146     if( pData<pBegin ) goto editpage_fail;
 69874  70147   
 69875  70148     /* Add cells to the start of the page */
 69876  70149     if( iNew<iOld ){
 69877  70150       int nAdd = MIN(nNew,iOld-iNew);
 69878  70151       assert( (iOld-iNew)<nNew || nCell==0 || CORRUPT_DB );
        70152  +    assert( nAdd>=0 );
 69879  70153       pCellptr = pPg->aCellIdx;
 69880  70154       memmove(&pCellptr[nAdd*2], pCellptr, nCell*2);
 69881  70155       if( pageInsertArray(
 69882  70156             pPg, pBegin, &pData, pCellptr,
 69883  70157             iNew, nAdd, pCArray
 69884  70158       ) ) goto editpage_fail;
 69885  70159       nCell += nAdd;
................................................................................
 69886  70160     }
 69887  70161   
 69888  70162     /* Add any overflow cells */
 69889  70163     for(i=0; i<pPg->nOverflow; i++){
 69890  70164       int iCell = (iOld + pPg->aiOvfl[i]) - iNew;
 69891  70165       if( iCell>=0 && iCell<nNew ){
 69892  70166         pCellptr = &pPg->aCellIdx[iCell * 2];
        70167  +      assert( nCell>=iCell );
 69893  70168         memmove(&pCellptr[2], pCellptr, (nCell - iCell) * 2);
 69894  70169         nCell++;
 69895  70170         if( pageInsertArray(
 69896  70171               pPg, pBegin, &pData, pCellptr,
 69897  70172               iCell+iNew, 1, pCArray
 69898  70173         ) ) goto editpage_fail;
 69899  70174       }
 69900  70175     }
 69901  70176   
 69902  70177     /* Append cells to the end of the page */
        70178  +  assert( nCell>=0 );
 69903  70179     pCellptr = &pPg->aCellIdx[nCell*2];
 69904  70180     if( pageInsertArray(
 69905  70181           pPg, pBegin, &pData, pCellptr,
 69906  70182           iNew+nCell, nNew-nCell, pCArray
 69907  70183     ) ) goto editpage_fail;
 69908  70184   
 69909  70185     pPg->nCell = nNew;
................................................................................
 69924  70200     }
 69925  70201   #endif
 69926  70202   
 69927  70203     return SQLITE_OK;
 69928  70204    editpage_fail:
 69929  70205     /* Unable to edit this page. Rebuild it from scratch instead. */
 69930  70206     populateCellCache(pCArray, iNew, nNew);
 69931         -  return rebuildPage(pPg, nNew, &pCArray->apCell[iNew], &pCArray->szCell[iNew]);
        70207  +  return rebuildPage(pCArray, iNew, nNew, pPg);
 69932  70208   }
 69933  70209   
 69934         -/*
 69935         -** The following parameters determine how many adjacent pages get involved
 69936         -** in a balancing operation.  NN is the number of neighbors on either side
 69937         -** of the page that participate in the balancing operation.  NB is the
 69938         -** total number of pages that participate, including the target page and
 69939         -** NN neighbors on either side.
 69940         -**
 69941         -** The minimum value of NN is 1 (of course).  Increasing NN above 1
 69942         -** (to 2 or 3) gives a modest improvement in SELECT and DELETE performance
 69943         -** in exchange for a larger degradation in INSERT and UPDATE performance.
 69944         -** The value of NN appears to give the best results overall.
 69945         -*/
 69946         -#define NN 1             /* Number of neighbors on either side of pPage */
 69947         -#define NB (NN*2+1)      /* Total pages involved in the balance */
 69948         -
 69949  70210   
 69950  70211   #ifndef SQLITE_OMIT_QUICKBALANCE
 69951  70212   /*
 69952  70213   ** This version of balance() handles the common special case where
 69953  70214   ** a new entry is being inserted on the extreme right-end of the
 69954  70215   ** tree, in other words, when the new entry will become the largest
 69955  70216   ** entry in the tree.
................................................................................
 69977  70238     int rc;                              /* Return Code */
 69978  70239     Pgno pgnoNew;                        /* Page number of pNew */
 69979  70240   
 69980  70241     assert( sqlite3_mutex_held(pPage->pBt->mutex) );
 69981  70242     assert( sqlite3PagerIswriteable(pParent->pDbPage) );
 69982  70243     assert( pPage->nOverflow==1 );
 69983  70244   
 69984         -  /* This error condition is now caught prior to reaching this function */
 69985         -  if( NEVER(pPage->nCell==0) ) return SQLITE_CORRUPT_BKPT;
        70245  +  if( pPage->nCell==0 ) return SQLITE_CORRUPT_BKPT;  /* dbfuzz001.test */
 69986  70246   
 69987  70247     /* Allocate a new page. This page will become the right-sibling of 
 69988  70248     ** pPage. Make the parent page writable, so that the new divider cell
 69989  70249     ** may be inserted. If both these operations are successful, proceed.
 69990  70250     */
 69991  70251     rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0);
 69992  70252   
 69993  70253     if( rc==SQLITE_OK ){
 69994  70254   
 69995  70255       u8 *pOut = &pSpace[4];
 69996  70256       u8 *pCell = pPage->apOvfl[0];
 69997  70257       u16 szCell = pPage->xCellSize(pPage, pCell);
 69998  70258       u8 *pStop;
        70259  +    CellArray b;
 69999  70260   
 70000  70261       assert( sqlite3PagerIswriteable(pNew->pDbPage) );
 70001         -    assert( pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
        70262  +    assert( CORRUPT_DB || pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
 70002  70263       zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
 70003         -    rc = rebuildPage(pNew, 1, &pCell, &szCell);
 70004         -    if( NEVER(rc) ) return rc;
        70264  +    b.nCell = 1;
        70265  +    b.pRef = pPage;
        70266  +    b.apCell = &pCell;
        70267  +    b.szCell = &szCell;
        70268  +    b.apEnd[0] = pPage->aDataEnd;
        70269  +    b.ixNx[0] = 2;
        70270  +    rc = rebuildPage(&b, 0, 1, pNew);
        70271  +    if( NEVER(rc) ){
        70272  +      releasePage(pNew);
        70273  +      return rc;
        70274  +    }
 70005  70275       pNew->nFree = pBt->usableSize - pNew->cellOffset - 2 - szCell;
 70006  70276   
 70007  70277       /* If this is an auto-vacuum database, update the pointer map
 70008  70278       ** with entries for the new page, and any pointer from the 
 70009  70279       ** cell on the page to an overflow page. If either of these
 70010  70280       ** operations fails, the return code is set, but the contents
 70011  70281       ** of the parent page are still manipulated by thh code below.
................................................................................
 70012  70282       ** That is Ok, at this point the parent page is guaranteed to
 70013  70283       ** be marked as dirty. Returning an error code will cause a
 70014  70284       ** rollback, undoing any changes made to the parent page.
 70015  70285       */
 70016  70286       if( ISAUTOVACUUM ){
 70017  70287         ptrmapPut(pBt, pgnoNew, PTRMAP_BTREE, pParent->pgno, &rc);
 70018  70288         if( szCell>pNew->minLocal ){
 70019         -        ptrmapPutOvflPtr(pNew, pCell, &rc);
        70289  +        ptrmapPutOvflPtr(pNew, pNew, pCell, &rc);
 70020  70290         }
 70021  70291       }
 70022  70292     
 70023  70293       /* Create a divider cell to insert into pParent. The divider cell
 70024  70294       ** consists of a 4-byte page number (the page number of pPage) and
 70025  70295       ** a variable length key value (which must be the same value as the
 70026  70296       ** largest key on pPage).
................................................................................
 70235  70505     memset(abDone, 0, sizeof(abDone));
 70236  70506     b.nCell = 0;
 70237  70507     b.apCell = 0;
 70238  70508     pBt = pParent->pBt;
 70239  70509     assert( sqlite3_mutex_held(pBt->mutex) );
 70240  70510     assert( sqlite3PagerIswriteable(pParent->pDbPage) );
 70241  70511   
 70242         -#if 0
 70243         -  TRACE(("BALANCE: begin page %d child of %d\n", pPage->pgno, pParent->pgno));
 70244         -#endif
 70245         -
 70246  70512     /* At this point pParent may have at most one overflow cell. And if
 70247  70513     ** this overflow cell is present, it must be the cell with 
 70248  70514     ** index iParentIdx. This scenario comes about when this function
 70249  70515     ** is called (indirectly) from sqlite3BtreeDelete().
 70250  70516     */
 70251  70517     assert( pParent->nOverflow==0 || pParent->nOverflow==1 );
 70252  70518     assert( pParent->nOverflow==0 || pParent->aiOvfl[0]==iParentIdx );
................................................................................
 70479  70745     **    szNew[i]: Spaced used on the i-th sibling page.
 70480  70746     **   cntNew[i]: Index in b.apCell[] and b.szCell[] for the first cell to
 70481  70747     **              the right of the i-th sibling page.
 70482  70748     ** usableSpace: Number of bytes of space available on each sibling.
 70483  70749     ** 
 70484  70750     */
 70485  70751     usableSpace = pBt->usableSize - 12 + leafCorrection;
 70486         -  for(i=0; i<nOld; i++){
        70752  +  for(i=k=0; i<nOld; i++, k++){
 70487  70753       MemPage *p = apOld[i];
        70754  +    b.apEnd[k] = p->aDataEnd;
        70755  +    b.ixNx[k] = cntOld[i];
        70756  +    if( !leafData ){
        70757  +      k++;
        70758  +      b.apEnd[k] = pParent->aDataEnd;
        70759  +      b.ixNx[k] = cntOld[i]+1;
        70760  +    }
 70488  70761       szNew[i] = usableSpace - p->nFree;
 70489  70762       for(j=0; j<p->nOverflow; j++){
 70490  70763         szNew[i] += 2 + p->xCellSize(p, p->apOvfl[j]);
 70491  70764       }
 70492  70765       cntNew[i] = cntOld[i];
 70493  70766     }
 70494  70767     k = nOld;
................................................................................
 70704  70977     **
 70705  70978     ** If the sibling pages are not leaves, then the pointer map entry 
 70706  70979     ** associated with the right-child of each sibling may also need to be 
 70707  70980     ** updated. This happens below, after the sibling pages have been 
 70708  70981     ** populated, not here.
 70709  70982     */
 70710  70983     if( ISAUTOVACUUM ){
 70711         -    MemPage *pNew = apNew[0];
        70984  +    MemPage *pOld;
        70985  +    MemPage *pNew = pOld = apNew[0];
 70712  70986       u8 *aOld = pNew->aData;
 70713  70987       int cntOldNext = pNew->nCell + pNew->nOverflow;
 70714  70988       int usableSize = pBt->usableSize;
 70715  70989       int iNew = 0;
 70716  70990       int iOld = 0;
 70717  70991   
 70718  70992       for(i=0; i<b.nCell; i++){
 70719  70993         u8 *pCell = b.apCell[i];
 70720  70994         if( i==cntOldNext ){
 70721         -        MemPage *pOld = (++iOld)<nNew ? apNew[iOld] : apOld[iOld];
        70995  +        pOld = (++iOld)<nNew ? apNew[iOld] : apOld[iOld];
 70722  70996           cntOldNext += pOld->nCell + pOld->nOverflow + !leafData;
 70723  70997           aOld = pOld->aData;
 70724  70998         }
 70725  70999         if( i==cntNew[iNew] ){
 70726  71000           pNew = apNew[++iNew];
 70727  71001           if( !leafData ) continue;
 70728  71002         }
................................................................................
 70737  71011          || pNew->pgno!=aPgno[iOld]
 70738  71012          || !SQLITE_WITHIN(pCell,aOld,&aOld[usableSize])
 70739  71013         ){
 70740  71014           if( !leafCorrection ){
 70741  71015             ptrmapPut(pBt, get4byte(pCell), PTRMAP_BTREE, pNew->pgno, &rc);
 70742  71016           }
 70743  71017           if( cachedCellSize(&b,i)>pNew->minLocal ){
 70744         -          ptrmapPutOvflPtr(pNew, pCell, &rc);
        71018  +          ptrmapPutOvflPtr(pNew, pOld, pCell, &rc);
 70745  71019           }
 70746  71020           if( rc ) goto balance_cleanup;
 70747  71021         }
 70748  71022       }
 70749  71023     }
 70750  71024   
 70751  71025     /* Insert new divider cells into pParent. */
................................................................................
 71161  71435                                    iAmt-nData);
 71162  71436         if( rc ) return rc;
 71163  71437         iAmt = nData;
 71164  71438       }
 71165  71439       if( memcmp(pDest, ((u8*)pX->pData) + iOffset, iAmt)!=0 ){
 71166  71440         int rc = sqlite3PagerWrite(pPage->pDbPage);
 71167  71441         if( rc ) return rc;
 71168         -      memcpy(pDest, ((u8*)pX->pData) + iOffset, iAmt);
        71442  +      /* In a corrupt database, it is possible for the source and destination
        71443  +      ** buffers to overlap.  This is harmless since the database is already
        71444  +      ** corrupt but it does cause valgrind and ASAN warnings.  So use
        71445  +      ** memmove(). */
        71446  +      memmove(pDest, ((u8*)pX->pData) + iOffset, iAmt);
 71169  71447       }
 71170  71448     }
 71171  71449     return SQLITE_OK;
 71172  71450   }
 71173  71451   
 71174  71452   /*
 71175  71453   ** Overwrite the cell that cursor pCur is pointing to with fresh content
................................................................................
 71556  71834     **
 71557  71835     ** Or, if the current delete will not cause a rebalance, then the cursor
 71558  71836     ** will be left in CURSOR_SKIPNEXT state pointing to the entry immediately
 71559  71837     ** before or after the deleted entry. In this case set bSkipnext to true.  */
 71560  71838     if( bPreserve ){
 71561  71839       if( !pPage->leaf 
 71562  71840        || (pPage->nFree+cellSizePtr(pPage,pCell)+2)>(int)(pBt->usableSize*2/3)
        71841  +     || pPage->nCell==1  /* See dbfuzz001.test for a test case */
 71563  71842       ){
 71564  71843         /* A b-tree rebalance will be required after deleting this entry.
 71565  71844         ** Save the cursor key.  */
 71566  71845         rc = saveCursorKey(pCur);
 71567  71846         if( rc ) return rc;
 71568  71847       }else{
 71569  71848         bSkipnext = 1;
................................................................................
 72334  72613       N--;
 72335  72614       if( sqlite3PagerGet(pCheck->pPager, (Pgno)iPage, &pOvflPage, 0) ){
 72336  72615         checkAppendMsg(pCheck, "failed to get page %d", iPage);
 72337  72616         break;
 72338  72617       }
 72339  72618       pOvflData = (unsigned char *)sqlite3PagerGetData(pOvflPage);
 72340  72619       if( isFreeList ){
 72341         -      int n = get4byte(&pOvflData[4]);
        72620  +      u32 n = (u32)get4byte(&pOvflData[4]);
 72342  72621   #ifndef SQLITE_OMIT_AUTOVACUUM
 72343  72622         if( pCheck->pBt->autoVacuum ){
 72344  72623           checkPtrmap(pCheck, iPage, PTRMAP_FREEPAGE, 0);
 72345  72624         }
 72346  72625   #endif
 72347         -      if( n>(int)pCheck->pBt->usableSize/4-2 ){
        72626  +      if( n>pCheck->pBt->usableSize/4-2 ){
 72348  72627           checkAppendMsg(pCheck,
 72349  72628              "freelist leaf count too big on page %d", iPage);
 72350  72629           N--;
 72351  72630         }else{
 72352         -        for(i=0; i<n; i++){
        72631  +        for(i=0; i<(int)n; i++){
 72353  72632             Pgno iFreePage = get4byte(&pOvflData[8+i*4]);
 72354  72633   #ifndef SQLITE_OMIT_AUTOVACUUM
 72355  72634             if( pCheck->pBt->autoVacuum ){
 72356  72635               checkPtrmap(pCheck, iFreePage, PTRMAP_FREEPAGE, 0);
 72357  72636             }
 72358  72637   #endif
 72359  72638             checkRef(pCheck, iFreePage);
................................................................................
 72722  73001     int nRoot,    /* Number of entries in aRoot[] */
 72723  73002     int mxErr,    /* Stop reporting errors after this many */
 72724  73003     int *pnErr    /* Write number of errors seen to this variable */
 72725  73004   ){
 72726  73005     Pgno i;
 72727  73006     IntegrityCk sCheck;
 72728  73007     BtShared *pBt = p->pBt;
 72729         -  int savedDbFlags = pBt->db->flags;
        73008  +  u64 savedDbFlags = pBt->db->flags;
 72730  73009     char zErr[100];
 72731  73010     VVA_ONLY( int nRef );
 72732  73011   
 72733  73012     sqlite3BtreeEnter(p);
 72734  73013     assert( p->inTrans>TRANS_NONE && pBt->inTransaction>TRANS_NONE );
 72735  73014     VVA_ONLY( nRef = sqlite3PagerRefcount(pBt->pPager) );
 72736  73015     assert( nRef>=0 );
................................................................................
 72789  73068     }else if( get4byte(&pBt->pPage1->aData[64])!=0 ){
 72790  73069       checkAppendMsg(&sCheck,
 72791  73070         "incremental_vacuum enabled with a max rootpage of zero"
 72792  73071       );
 72793  73072     }
 72794  73073   #endif
 72795  73074     testcase( pBt->db->flags & SQLITE_CellSizeCk );
 72796         -  pBt->db->flags &= ~SQLITE_CellSizeCk;
        73075  +  pBt->db->flags &= ~(u64)SQLITE_CellSizeCk;
 72797  73076     for(i=0; (int)i<nRoot && sCheck.mxErr; i++){
 72798  73077       i64 notUsed;
 72799  73078       if( aRoot[i]==0 ) continue;
 72800  73079   #ifndef SQLITE_OMIT_AUTOVACUUM
 72801  73080       if( pBt->autoVacuum && aRoot[i]>1 ){
 72802  73081         checkPtrmap(&sCheck, aRoot[i], PTRMAP_ROOTPAGE, 0);
 72803  73082       }
................................................................................
 74177  74456   ** and MEM_Blob values may be discarded, MEM_Int, MEM_Real, and MEM_Null
 74178  74457   ** values are preserved.
 74179  74458   **
 74180  74459   ** Return SQLITE_OK on success or an error code (probably SQLITE_NOMEM)
 74181  74460   ** if unable to complete the resizing.
 74182  74461   */
 74183  74462   SQLITE_PRIVATE int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
 74184         -  assert( szNew>0 );
        74463  +  assert( CORRUPT_DB || szNew>0 );
 74185  74464     assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
 74186  74465     if( pMem->szMalloc<szNew ){
 74187  74466       return sqlite3VdbeMemGrow(pMem, szNew, 0);
 74188  74467     }
 74189  74468     assert( (pMem->flags & MEM_Dyn)==0 );
 74190  74469     pMem->z = pMem->zMalloc;
 74191  74470     pMem->flags &= (MEM_Null|MEM_Int|MEM_Real);
................................................................................
 75058  75337     BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
 75059  75338     u32 offset,       /* Offset from the start of data to return bytes from. */
 75060  75339     u32 amt,          /* Number of bytes to return. */
 75061  75340     Mem *pMem         /* OUT: Return data in this Mem structure. */
 75062  75341   ){
 75063  75342     int rc;
 75064  75343     pMem->flags = MEM_Null;
        75344  +  if( sqlite3BtreeMaxRecordSize(pCur)<offset+amt ){
        75345  +    return SQLITE_CORRUPT_BKPT;
        75346  +  }
 75065  75347     if( SQLITE_OK==(rc = sqlite3VdbeMemClearAndResize(pMem, amt+1)) ){
 75066  75348       rc = sqlite3BtreePayload(pCur, offset, amt, pMem->z);
 75067  75349       if( rc==SQLITE_OK ){
 75068  75350         pMem->z[amt] = 0;   /* Overrun area used when reading malformed records */
 75069  75351         pMem->flags = MEM_Blob;
 75070  75352         pMem->n = (int)amt;
 75071  75353       }else{
................................................................................
 75464  75746   #endif
 75465  75747   #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
 75466  75748     else if( op==TK_FUNCTION && pCtx!=0 ){
 75467  75749       rc = valueFromFunction(db, pExpr, enc, affinity, &pVal, pCtx);
 75468  75750     }
 75469  75751   #endif
 75470  75752     else if( op==TK_TRUEFALSE ){
 75471         -     pVal = valueNew(db, pCtx);
 75472         -     pVal->flags = MEM_Int;
 75473         -     pVal->u.i = pExpr->u.zToken[4]==0;
        75753  +    pVal = valueNew(db, pCtx);
        75754  +    if( pVal ){
        75755  +      pVal->flags = MEM_Int;
        75756  +      pVal->u.i = pExpr->u.zToken[4]==0;
        75757  +    }
 75474  75758     }
 75475  75759   
 75476  75760     *ppVal = pVal;
 75477  75761     return rc;
 75478  75762   
 75479  75763   no_mem:
 75480  75764   #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
................................................................................
 75859  76143     p->pPrev = 0;
 75860  76144     db->pVdbe = p;
 75861  76145     p->magic = VDBE_MAGIC_INIT;
 75862  76146     p->pParse = pParse;
 75863  76147     pParse->pVdbe = p;
 75864  76148     assert( pParse->aLabel==0 );
 75865  76149     assert( pParse->nLabel==0 );
 75866         -  assert( pParse->nOpAlloc==0 );
        76150  +  assert( p->nOpAlloc==0 );
 75867  76151     assert( pParse->szOpAlloc==0 );
 75868  76152     sqlite3VdbeAddOp2(p, OP_Init, 0, 1);
 75869  76153     return p;
 75870  76154   }
 75871  76155   
 75872  76156   /*
 75873  76157   ** Change the error string stored in Vdbe.zErrMsg
................................................................................
 75887  76171     if( p==0 ) return;
 75888  76172     p->prepFlags = prepFlags;
 75889  76173     if( (prepFlags & SQLITE_PREPARE_SAVESQL)==0 ){
 75890  76174       p->expmask = 0;
 75891  76175     }
 75892  76176     assert( p->zSql==0 );
 75893  76177     p->zSql = sqlite3DbStrNDup(p->db, z, n);
        76178  +}
        76179  +
        76180  +#ifdef SQLITE_ENABLE_NORMALIZE
        76181  +/*
        76182  +** Add a new element to the Vdbe->pDblStr list.
        76183  +*/
        76184  +SQLITE_PRIVATE void sqlite3VdbeAddDblquoteStr(sqlite3 *db, Vdbe *p, const char *z){
        76185  +  if( p ){
        76186  +    int n = sqlite3Strlen30(z);
        76187  +    DblquoteStr *pStr = sqlite3DbMallocRawNN(db,
        76188  +                            sizeof(*pStr)+n+1-sizeof(pStr->z));
        76189  +    if( pStr ){
        76190  +      pStr->pNextStr = p->pDblStr;
        76191  +      p->pDblStr = pStr;
        76192  +      memcpy(pStr->z, z, n+1);
        76193  +    }
        76194  +  }
        76195  +}
        76196  +#endif
        76197  +
 75894  76198   #ifdef SQLITE_ENABLE_NORMALIZE
 75895         -  assert( p->zNormSql==0 );
 75896         -  if( p->zSql && (prepFlags & SQLITE_PREPARE_NORMALIZE)!=0 ){
 75897         -    sqlite3Normalize(p, p->zSql, n, prepFlags);
 75898         -    assert( p->zNormSql!=0 || p->db->mallocFailed );
        76199  +/*
        76200  +** zId of length nId is a double-quoted identifier.  Check to see if
        76201  +** that identifier is really used as a string literal.
        76202  +*/
        76203  +SQLITE_PRIVATE int sqlite3VdbeUsesDoubleQuotedString(
        76204  +  Vdbe *pVdbe,            /* The prepared statement */
        76205  +  const char *zId         /* The double-quoted identifier, already dequoted */
        76206  +){
        76207  +  DblquoteStr *pStr;
        76208  +  assert( zId!=0 );
        76209  +  if( pVdbe->pDblStr==0 ) return 0;
        76210  +  for(pStr=pVdbe->pDblStr; pStr; pStr=pStr->pNextStr){
        76211  +    if( strcmp(zId, pStr->z)==0 ) return 1;
 75899  76212     }
        76213  +  return 0;
        76214  +}
 75900  76215   #endif
 75901         -}
 75902  76216   
 75903  76217   /*
 75904  76218   ** Swap all content between two VDBE structures.
 75905  76219   */
 75906  76220   SQLITE_PRIVATE void sqlite3VdbeSwap(Vdbe *pA, Vdbe *pB){
 75907  76221     Vdbe tmp, *pTmp;
 75908  76222     char *zTmp;
................................................................................
 75915  76229     pB->pNext = pTmp;
 75916  76230     pTmp = pA->pPrev;
 75917  76231     pA->pPrev = pB->pPrev;
 75918  76232     pB->pPrev = pTmp;
 75919  76233     zTmp = pA->zSql;
 75920  76234     pA->zSql = pB->zSql;
 75921  76235     pB->zSql = zTmp;
 75922         -#ifdef SQLITE_ENABLE_NORMALIZE
        76236  +#if 0
 75923  76237     zTmp = pA->zNormSql;
 75924  76238     pA->zNormSql = pB->zNormSql;
 75925  76239     pB->zNormSql = zTmp;
 75926  76240   #endif
 75927  76241     pB->expmask = pA->expmask;
 75928  76242     pB->prepFlags = pA->prepFlags;
 75929  76243     memcpy(pB->aCounter, pA->aCounter, sizeof(pB->aCounter));
................................................................................
 75932  76246   
 75933  76247   /*
 75934  76248   ** Resize the Vdbe.aOp array so that it is at least nOp elements larger 
 75935  76249   ** than its current size. nOp is guaranteed to be less than or equal
 75936  76250   ** to 1024/sizeof(Op).
 75937  76251   **
 75938  76252   ** If an out-of-memory error occurs while resizing the array, return
 75939         -** SQLITE_NOMEM. In this case Vdbe.aOp and Parse.nOpAlloc remain 
        76253  +** SQLITE_NOMEM. In this case Vdbe.aOp and Vdbe.nOpAlloc remain 
 75940  76254   ** unchanged (this is so that any opcodes already allocated can be 
 75941  76255   ** correctly deallocated along with the rest of the Vdbe).
 75942  76256   */
 75943  76257   static int growOpArray(Vdbe *v, int nOp){
 75944  76258     VdbeOp *pNew;
 75945  76259     Parse *p = v->pParse;
 75946  76260   
................................................................................
 75948  76262     ** more frequent reallocs and hence provide more opportunities for 
 75949  76263     ** simulated OOM faults.  SQLITE_TEST_REALLOC_STRESS is generally used
 75950  76264     ** during testing only.  With SQLITE_TEST_REALLOC_STRESS grow the op array
 75951  76265     ** by the minimum* amount required until the size reaches 512.  Normal
 75952  76266     ** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
 75953  76267     ** size of the op array or add 1KB of space, whichever is smaller. */
 75954  76268   #ifdef SQLITE_TEST_REALLOC_STRESS
 75955         -  int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
        76269  +  int nNew = (v->nOpAlloc>=512 ? v->nOpAlloc*2 : v->nOpAlloc+nOp);
 75956  76270   #else
 75957         -  int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
        76271  +  int nNew = (v->nOpAlloc ? v->nOpAlloc*2 : (int)(1024/sizeof(Op)));
 75958  76272     UNUSED_PARAMETER(nOp);
 75959  76273   #endif
 75960  76274   
 75961  76275     /* Ensure that the size of a VDBE does not grow too large */
 75962  76276     if( nNew > p->db->aLimit[SQLITE_LIMIT_VDBE_OP] ){
 75963  76277       sqlite3OomFault(p->db);
 75964  76278       return SQLITE_NOMEM;
 75965  76279     }
 75966  76280   
 75967  76281     assert( nOp<=(1024/sizeof(Op)) );
 75968         -  assert( nNew>=(p->nOpAlloc+nOp) );
        76282  +  assert( nNew>=(v->nOpAlloc+nOp) );
 75969  76283     pNew = sqlite3DbRealloc(p->db, v->aOp, nNew*sizeof(Op));
 75970  76284     if( pNew ){
 75971  76285       p->szOpAlloc = sqlite3DbMallocSize(p->db, pNew);
 75972         -    p->nOpAlloc = p->szOpAlloc/sizeof(Op);
        76286  +    v->nOpAlloc = p->szOpAlloc/sizeof(Op);
 75973  76287       v->aOp = pNew;
 75974  76288     }
 75975  76289     return (pNew ? SQLITE_OK : SQLITE_NOMEM_BKPT);
 75976  76290   }
 75977  76291   
 75978  76292   #ifdef SQLITE_DEBUG
 75979  76293   /* This routine is just a convenient place to set a breakpoint that will
................................................................................
 75999  76313   **    p1, p2, p3      Operands
 76000  76314   **
 76001  76315   ** Use the sqlite3VdbeResolveLabel() function to fix an address and
 76002  76316   ** the sqlite3VdbeChangeP4() function to change the value of the P4
 76003  76317   ** operand.
 76004  76318   */
 76005  76319   static SQLITE_NOINLINE int growOp3(Vdbe *p, int op, int p1, int p2, int p3){
 76006         -  assert( p->pParse->nOpAlloc<=p->nOp );
        76320  +  assert( p->nOpAlloc<=p->nOp );
 76007  76321     if( growOpArray(p, 1) ) return 1;
 76008         -  assert( p->pParse->nOpAlloc>p->nOp );
        76322  +  assert( p->nOpAlloc>p->nOp );
 76009  76323     return sqlite3VdbeAddOp3(p, op, p1, p2, p3);
 76010  76324   }
 76011  76325   SQLITE_PRIVATE int sqlite3VdbeAddOp3(Vdbe *p, int op, int p1, int p2, int p3){
 76012  76326     int i;
 76013  76327     VdbeOp *pOp;
 76014  76328   
 76015  76329     i = p->nOp;
 76016  76330     assert( p->magic==VDBE_MAGIC_INIT );
 76017  76331     assert( op>=0 && op<0xff );
 76018         -  if( p->pParse->nOpAlloc<=i ){
        76332  +  if( p->nOpAlloc<=i ){
 76019  76333       return growOp3(p, op, p1, p2, p3);
 76020  76334     }
 76021  76335     p->nOp++;
 76022  76336     pOp = &p->aOp[i];
 76023  76337     pOp->opcode = (u8)op;
 76024  76338     pOp->p5 = 0;
 76025  76339     pOp->p1 = p1;
................................................................................
 76143  76457     VdbeOp *pOp;
 76144  76458     if( pParse->addrExplain==0 ) return 0;
 76145  76459     pOp = sqlite3VdbeGetOp(pParse->pVdbe, pParse->addrExplain);
 76146  76460     return pOp->p2;
 76147  76461   }
 76148  76462   
 76149  76463   /*
 76150         -** Add a new OP_Explain opcode.
        76464  +** Set a debugger breakpoint on the following routine in order to
        76465  +** monitor the EXPLAIN QUERY PLAN code generation.
        76466  +*/
        76467  +#if defined(SQLITE_DEBUG)
        76468  +SQLITE_PRIVATE void sqlite3ExplainBreakpoint(const char *z1, const char *z2){
        76469  +  (void)z1;
        76470  +  (void)z2;
        76471  +}
        76472  +#endif
        76473  +
        76474  +/*
        76475  +** Add a new OP_ opcode.
 76151  76476   **
 76152  76477   ** If the bPush flag is true, then make this opcode the parent for
 76153  76478   ** subsequent Explains until sqlite3VdbeExplainPop() is called.
 76154  76479   */
 76155  76480   SQLITE_PRIVATE void sqlite3VdbeExplain(Parse *pParse, u8 bPush, const char *zFmt, ...){
 76156         -  if( pParse->explain==2 ){
        76481  +#ifndef SQLITE_DEBUG
        76482  +  /* Always include the OP_Explain opcodes if SQLITE_DEBUG is defined.
        76483  +  ** But omit them (for performance) during production builds */
        76484  +  if( pParse->explain==2 )
        76485  +#endif
        76486  +  {
 76157  76487       char *zMsg;
 76158  76488       Vdbe *v;
 76159  76489       va_list ap;
 76160  76490       int iThis;
 76161  76491       va_start(ap, zFmt);
 76162  76492       zMsg = sqlite3VMPrintf(pParse->db, zFmt, ap);
 76163  76493       va_end(ap);
 76164  76494       v = pParse->pVdbe;
 76165  76495       iThis = v->nOp;
 76166  76496       sqlite3VdbeAddOp4(v, OP_Explain, iThis, pParse->addrExplain, 0,
 76167  76497                         zMsg, P4_DYNAMIC);
 76168         -    if( bPush) pParse->addrExplain = iThis;
        76498  +    sqlite3ExplainBreakpoint(bPush?"PUSH":"", sqlite3VdbeGetOp(v,-1)->p4.z);
        76499  +    if( bPush){
        76500  +      pParse->addrExplain = iThis;
        76501  +    }
 76169  76502     }
 76170  76503   }
 76171  76504   
 76172  76505   /*
 76173  76506   ** Pop the EXPLAIN QUERY PLAN stack one level.
 76174  76507   */
 76175  76508   SQLITE_PRIVATE void sqlite3VdbeExplainPop(Parse *pParse){
        76509  +  sqlite3ExplainBreakpoint("POP", 0);
 76176  76510     pParse->addrExplain = sqlite3VdbeExplainParent(pParse);
 76177  76511   }
 76178  76512   #endif /* SQLITE_OMIT_EXPLAIN */
 76179  76513   
 76180  76514   /*
 76181  76515   ** Add an OP_ParseSchema opcode.  This routine is broken out from
 76182  76516   ** sqlite3VdbeAddOp4() since it needs to also needs to mark all btrees
................................................................................
 76233  76567   ** the label is resolved to a specific address, the VDBE will scan
 76234  76568   ** through its operation list and change all values of P2 which match
 76235  76569   ** the label into the resolved address.
 76236  76570   **
 76237  76571   ** The VDBE knows that a P2 value is a label because labels are
 76238  76572   ** always negative and P2 values are suppose to be non-negative.
 76239  76573   ** Hence, a negative P2 value is a label that has yet to be resolved.
        76574  +** (Later:) This is only true for opcodes that have the OPFLG_JUMP
        76575  +** property.
 76240  76576   **
 76241         -** Zero is returned if a malloc() fails.
        76577  +** Variable usage notes:
        76578  +**
        76579  +**     Parse.aLabel[x]     Stores the address that the x-th label resolves
        76580  +**                         into.  For testing (SQLITE_DEBUG), unresolved
        76581  +**                         labels stores -1, but that is not required.
        76582  +**     Parse.nLabelAlloc   Number of slots allocated to Parse.aLabel[]
        76583  +**     Parse.nLabel        The *negative* of the number of labels that have
        76584  +**                         been issued.  The negative is stored because
        76585  +**                         that gives a performance improvement over storing
        76586  +**                         the equivalent positive value.
 76242  76587   */
 76243         -SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Vdbe *v){
 76244         -  Parse *p = v->pParse;
 76245         -  int i = p->nLabel++;
 76246         -  assert( v->magic==VDBE_MAGIC_INIT );
 76247         -  if( (i & (i-1))==0 ){
 76248         -    p->aLabel = sqlite3DbReallocOrFree(p->db, p->aLabel, 
 76249         -                                       (i*2+1)*sizeof(p->aLabel[0]));
 76250         -  }
 76251         -  if( p->aLabel ){
 76252         -    p->aLabel[i] = -1;
 76253         -  }
 76254         -  return ADDR(i);
        76588  +SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Parse *pParse){
        76589  +  return --pParse->nLabel;
 76255  76590   }
 76256  76591   
 76257  76592   /*
 76258  76593   ** Resolve label "x" to be the address of the next instruction to
 76259  76594   ** be inserted.  The parameter "x" must have been obtained from
 76260  76595   ** a prior call to sqlite3VdbeMakeLabel().
 76261  76596   */
        76597  +static SQLITE_NOINLINE void resizeResolveLabel(Parse *p, Vdbe *v, int j){
        76598  +  int nNewSize = 10 - p->nLabel;
        76599  +  p->aLabel = sqlite3DbReallocOrFree(p->db, p->aLabel,
        76600  +                     nNewSize*sizeof(p->aLabel[0]));
        76601  +  if( p->aLabel==0 ){
        76602  +    p->nLabelAlloc = 0;
        76603  +  }else{
        76604  +#ifdef SQLITE_DEBUG
        76605  +    int i;
        76606  +    for(i=p->nLabelAlloc; i<nNewSize; i++) p->aLabel[i] = -1;
        76607  +#endif
        76608  +    p->nLabelAlloc = nNewSize;
        76609  +    p->aLabel[j] = v->nOp;
        76610  +  }
        76611  +}
 76262  76612   SQLITE_PRIVATE void sqlite3VdbeResolveLabel(Vdbe *v, int x){
 76263  76613     Parse *p = v->pParse;
 76264  76614     int j = ADDR(x);
 76265  76615     assert( v->magic==VDBE_MAGIC_INIT );
 76266         -  assert( j<p->nLabel );
        76616  +  assert( j<-p->nLabel );
 76267  76617     assert( j>=0 );
 76268         -  if( p->aLabel ){
 76269  76618   #ifdef SQLITE_DEBUG
 76270         -    if( p->db->flags & SQLITE_VdbeAddopTrace ){
 76271         -      printf("RESOLVE LABEL %d to %d\n", x, v->nOp);
 76272         -    }
        76619  +  if( p->db->flags & SQLITE_VdbeAddopTrace ){
        76620  +    printf("RESOLVE LABEL %d to %d\n", x, v->nOp);
        76621  +  }
 76273  76622   #endif
        76623  +  if( p->nLabelAlloc + p->nLabel < 0 ){
        76624  +    resizeResolveLabel(p,v,j);
        76625  +  }else{
 76274  76626       assert( p->aLabel[j]==(-1) ); /* Labels may only be resolved once */
 76275  76627       p->aLabel[j] = v->nOp;
 76276  76628     }
 76277  76629   }
 76278  76630   
 76279  76631   /*
 76280  76632   ** Mark the VDBE as one that can only be run one time.
................................................................................
 76391  76743     VdbeOpIter sIter;
 76392  76744     memset(&sIter, 0, sizeof(sIter));
 76393  76745     sIter.v = v;
 76394  76746   
 76395  76747     while( (pOp = opIterNext(&sIter))!=0 ){
 76396  76748       int opcode = pOp->opcode;
 76397  76749       if( opcode==OP_Destroy || opcode==OP_VUpdate || opcode==OP_VRename 
        76750  +     || opcode==OP_VDestroy
 76398  76751        || ((opcode==OP_Halt || opcode==OP_HaltIfNull) 
 76399         -      && ((pOp->p1&0xff)==SQLITE_CONSTRAINT && pOp->p2==OE_Abort))
        76752  +      && ((pOp->p1)!=SQLITE_OK && pOp->p2==OE_Abort))
 76400  76753       ){
 76401  76754         hasAbort = 1;
 76402  76755         break;
 76403  76756       }
 76404  76757       if( opcode==OP_CreateBtree && pOp->p3==BTREE_INTKEY ) hasCreateTable = 1;
 76405  76758       if( opcode==OP_InitCoroutine ) hasInitCoroutine = 1;
 76406  76759   #ifndef SQLITE_OMIT_FOREIGN_KEY
................................................................................
 76541  76894   #endif
 76542  76895           default: {
 76543  76896             if( pOp->p2<0 ){
 76544  76897               /* The mkopcodeh.tcl script has so arranged things that the only
 76545  76898               ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
 76546  76899               ** have non-negative values for P2. */
 76547  76900               assert( (sqlite3OpcodeProperty[pOp->opcode] & OPFLG_JUMP)!=0 );
 76548         -            assert( ADDR(pOp->p2)<pParse->nLabel );
        76901  +            assert( ADDR(pOp->p2)<-pParse->nLabel );
 76549  76902               pOp->p2 = aLabel[ADDR(pOp->p2)];
 76550  76903             }
 76551  76904             break;
 76552  76905           }
 76553  76906         }
 76554  76907         /* The mkopcodeh.tcl script has so arranged things that the only
 76555  76908         ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
................................................................................
 76580  76933   ** SQLITE_TEST_REALLOC_STRESS).  This interface is used during testing
 76581  76934   ** to verify that certain calls to sqlite3VdbeAddOpList() can never
 76582  76935   ** fail due to a OOM fault and hence that the return value from
 76583  76936   ** sqlite3VdbeAddOpList() will always be non-NULL.
 76584  76937   */
 76585  76938   #if defined(SQLITE_DEBUG) && !defined(SQLITE_TEST_REALLOC_STRESS)
 76586  76939   SQLITE_PRIVATE void sqlite3VdbeVerifyNoMallocRequired(Vdbe *p, int N){
 76587         -  assert( p->nOp + N <= p->pParse->nOpAlloc );
        76940  +  assert( p->nOp + N <= p->nOpAlloc );
 76588  76941   }
 76589  76942   #endif
 76590  76943   
 76591  76944   /*
 76592  76945   ** Verify that the VM passed as the only argument does not contain
 76593  76946   ** an OP_ResultRow opcode. Fail an assert() if it does. This is used
 76594  76947   ** by code in pragma.c to ensure that the implementation of certain
................................................................................
 76652  77005     VdbeOpList const *aOp,       /* The opcodes to be added */
 76653  77006     int iLineno                  /* Source-file line number of first opcode */
 76654  77007   ){
 76655  77008     int i;
 76656  77009     VdbeOp *pOut, *pFirst;
 76657  77010     assert( nOp>0 );
 76658  77011     assert( p->magic==VDBE_MAGIC_INIT );
 76659         -  if( p->nOp + nOp > p->pParse->nOpAlloc && growOpArray(p, nOp) ){
        77012  +  if( p->nOp + nOp > p->nOpAlloc && growOpArray(p, nOp) ){
 76660  77013       return 0;
 76661  77014     }
 76662  77015     pFirst = pOut = &p->aOp[p->nOp];
 76663  77016     for(i=0; i<nOp; i++, aOp++, pOut++){
 76664  77017       pOut->opcode = aOp->opcode;
 76665  77018       pOut->p1 = aOp->p1;
 76666  77019       pOut->p2 = aOp->p2;
................................................................................
 77974  78327     ** requirements by reusing the opcode array tail, then the second
 77975  78328     ** pass will fill in the remainder using a fresh memory allocation.  
 77976  78329     **
 77977  78330     ** This two-pass approach that reuses as much memory as possible from
 77978  78331     ** the leftover memory at the end of the opcode array.  This can significantly
 77979  78332     ** reduce the amount of memory held by a prepared statement.
 77980  78333     */
 77981         -  do {
 77982         -    x.nNeeded = 0;
 77983         -    p->aMem = allocSpace(&x, p->aMem, nMem*sizeof(Mem));
 77984         -    p->aVar = allocSpace(&x, p->aVar, nVar*sizeof(Mem));
 77985         -    p->apArg = allocSpace(&x, p->apArg, nArg*sizeof(Mem*));
 77986         -    p->apCsr = allocSpace(&x, p->apCsr, nCursor*sizeof(VdbeCursor*));
        78334  +  x.nNeeded = 0;
        78335  +  p->aMem = allocSpace(&x, 0, nMem*sizeof(Mem));
        78336  +  p->aVar = allocSpace(&x, 0, nVar*sizeof(Mem));
        78337  +  p->apArg = allocSpace(&x, 0, nArg*sizeof(Mem*));
        78338  +  p->apCsr = allocSpace(&x, 0, nCursor*sizeof(VdbeCursor*));
 77987  78339   #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
 77988         -    p->anExec = allocSpace(&x, p->anExec, p->nOp*sizeof(i64));
        78340  +  p->anExec = allocSpace(&x, 0, p->nOp*sizeof(i64));
 77989  78341   #endif
 77990         -    if( x.nNeeded==0 ) break;
        78342  +  if( x.nNeeded ){
 77991  78343       x.pSpace = p->pFree = sqlite3DbMallocRawNN(db, x.nNeeded);
 77992  78344       x.nFree = x.nNeeded;
 77993         -  }while( !db->mallocFailed );
        78345  +    if( !db->mallocFailed ){
        78346  +      p->aMem = allocSpace(&x, p->aMem, nMem*sizeof(Mem));
        78347  +      p->aVar = allocSpace(&x, p->aVar, nVar*sizeof(Mem));
        78348  +      p->apArg = allocSpace(&x, p->apArg, nArg*sizeof(Mem*));
        78349  +      p->apCsr = allocSpace(&x, p->apCsr, nCursor*sizeof(VdbeCursor*));
        78350  +#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
        78351  +      p->anExec = allocSpace(&x, p->anExec, p->nOp*sizeof(i64));
        78352  +#endif
        78353  +    }
        78354  +  }
 77994  78355   
 77995  78356     p->pVList = pParse->pVList;
 77996  78357     pParse->pVList =  0;
 77997  78358     p->explain = pParse->explain;
 77998  78359     if( db->mallocFailed ){
 77999  78360       p->nVar = 0;
 78000  78361       p->nCursor = 0;
................................................................................
 78678  79039           }else if( rc!=SQLITE_OK ){
 78679  79040             p->rc = rc;
 78680  79041             sqlite3RollbackAll(db, SQLITE_OK);
 78681  79042             p->nChange = 0;
 78682  79043           }else{
 78683  79044             db->nDeferredCons = 0;
 78684  79045             db->nDeferredImmCons = 0;
 78685         -          db->flags &= ~SQLITE_DeferFKs;
        79046  +          db->flags &= ~(u64)SQLITE_DeferFKs;
 78686  79047             sqlite3CommitInternalChanges(db);
 78687  79048           }
 78688  79049         }else{
 78689  79050           sqlite3RollbackAll(db, SQLITE_OK);
 78690  79051           p->nChange = 0;
 78691  79052         }
 78692  79053         db->nStatement = 0;
................................................................................
 78993  79354       sqlite3DbFree(db, p->pFree);
 78994  79355     }
 78995  79356     vdbeFreeOpArray(db, p->aOp, p->nOp);
 78996  79357     sqlite3DbFree(db, p->aColName);
 78997  79358     sqlite3DbFree(db, p->zSql);
 78998  79359   #ifdef SQLITE_ENABLE_NORMALIZE
 78999  79360     sqlite3DbFree(db, p->zNormSql);
        79361  +  {
        79362  +    DblquoteStr *pThis, *pNext;
        79363  +    for(pThis=p->pDblStr; pThis; pThis=pNext){
        79364  +      pNext = pThis->pNextStr;
        79365  +      sqlite3DbFree(db, pThis);
        79366  +    }
        79367  +  }
 79000  79368   #endif
 79001  79369   #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
 79002  79370     {
 79003  79371       int i;
 79004  79372       for(i=0; i<p->nScan; i++){
 79005  79373         sqlite3DbFree(db, p->aScan[i].zName);
 79006  79374       }
................................................................................
 79533  79901   SQLITE_PRIVATE void sqlite3VdbeRecordUnpack(
 79534  79902     KeyInfo *pKeyInfo,     /* Information about the record format */
 79535  79903     int nKey,              /* Size of the binary record */
 79536  79904     const void *pKey,      /* The binary record */
 79537  79905     UnpackedRecord *p      /* Populate this structure before returning. */
 79538  79906   ){
 79539  79907     const unsigned char *aKey = (const unsigned char *)pKey;
 79540         -  int d; 
        79908  +  u32 d; 
 79541  79909     u32 idx;                        /* Offset in aKey[] to read from */
 79542  79910     u16 u;                          /* Unsigned loop counter */
 79543  79911     u32 szHdr;
 79544  79912     Mem *pMem = p->aMem;
 79545  79913   
 79546  79914     p->default_rc = 0;
 79547  79915     assert( EIGHT_BYTE_ALIGNMENT(pMem) );
 79548  79916     idx = getVarint32(aKey, szHdr);
 79549  79917     d = szHdr;
 79550  79918     u = 0;
 79551         -  while( idx<szHdr && d<=nKey ){
        79919  +  while( idx<szHdr && d<=(u32)nKey ){
 79552  79920       u32 serial_type;
 79553  79921   
 79554  79922       idx += getVarint32(&aKey[idx], serial_type);
 79555  79923       pMem->enc = pKeyInfo->enc;
 79556  79924       pMem->db = pKeyInfo->db;
 79557  79925       /* pMem->flags = 0; // sqlite3VdbeSerialGet() will set this for us */
 79558  79926       pMem->szMalloc = 0;
 79559  79927       pMem->z = 0;
 79560  79928       d += sqlite3VdbeSerialGet(&aKey[d], serial_type, pMem);
 79561  79929       pMem++;
 79562  79930       if( (++u)>=p->nField ) break;
 79563  79931     }
        79932  +  if( d>(u32)nKey && u ){
        79933  +    assert( CORRUPT_DB );
        79934  +    /* In a corrupt record entry, the last pMem might have been set up using 
        79935  +    ** uninitialized memory. Overwrite its value with NULL, to prevent
        79936  +    ** warnings from MSAN. */
        79937  +    sqlite3VdbeMemSetNull(pMem-1);
        79938  +  }
 79564  79939     assert( u<=pKeyInfo->nKeyField + 1 );
 79565  79940     p->nField = u;
 79566  79941   }
 79567  79942   
 79568  79943   #ifdef SQLITE_DEBUG
 79569  79944   /*
 79570  79945   ** This function compares two index or table record keys in the same way
................................................................................
 79622  79997   
 79623  79998       /* Verify that there is enough key space remaining to avoid
 79624  79999       ** a buffer overread.  The "d1+serial_type1+2" subexpression will
 79625  80000       ** always be greater than or equal to the amount of required key space.
 79626  80001       ** Use that approximation to avoid the more expensive call to
 79627  80002       ** sqlite3VdbeSerialTypeLen() in the common case.
 79628  80003       */
 79629         -    if( d1+serial_type1+2>(u32)nKey1
 79630         -     && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
        80004  +    if( d1+(u64)serial_type1+2>(u64)nKey1
        80005  +     && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1 
 79631  80006       ){
 79632  80007         break;
 79633  80008       }
 79634  80009   
 79635  80010       /* Extract the values to be compared.
 79636  80011       */
 79637  80012       d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
 79638  80013   
 79639  80014       /* Do the comparison
 79640  80015       */
 79641         -    rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], pKeyInfo->aColl[i]);
        80016  +    rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i],
        80017  +                           pKeyInfo->nAllField>i ? pKeyInfo->aColl[i] : 0);
 79642  80018       if( rc!=0 ){
 79643  80019         assert( mem1.szMalloc==0 );  /* See comment below */
 79644  80020         if( pKeyInfo->aSortOrder[i] ){
 79645  80021           rc = -rc;  /* Invert the result for DESC sort order. */
 79646  80022         }
 79647  80023         goto debugCompareEnd;
 79648  80024       }
................................................................................
 79990  80366       szHdr1 = aKey1[0];
 79991  80367       d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
 79992  80368       i = 1;
 79993  80369       pRhs++;
 79994  80370     }else{
 79995  80371       idx1 = getVarint32(aKey1, szHdr1);
 79996  80372       d1 = szHdr1;
 79997         -    if( d1>(unsigned)nKey1 ){ 
 79998         -      pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
 79999         -      return 0;  /* Corruption */
 80000         -    }
 80001  80373       i = 0;
 80002  80374     }
        80375  +  if( d1>(unsigned)nKey1 ){ 
        80376  +    pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
        80377  +    return 0;  /* Corruption */
        80378  +  }
 80003  80379   
 80004  80380     VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
 80005  80381     assert( pPKey2->pKeyInfo->nAllField>=pPKey2->nField 
 80006  80382          || CORRUPT_DB );
 80007  80383     assert( pPKey2->pKeyInfo->aSortOrder!=0 );
 80008  80384     assert( pPKey2->pKeyInfo->nKeyField>0 );
 80009  80385     assert( idx1<=szHdr1 || CORRUPT_DB );
................................................................................
 80065  80441           rc = -1;
 80066  80442         }else if( !(serial_type & 0x01) ){
 80067  80443           rc = +1;
 80068  80444         }else{
 80069  80445           mem1.n = (serial_type - 12) / 2;
 80070  80446           testcase( (d1+mem1.n)==(unsigned)nKey1 );
 80071  80447           testcase( (d1+mem1.n+1)==(unsigned)nKey1 );
 80072         -        if( (d1+mem1.n) > (unsigned)nKey1 ){
        80448  +        if( (d1+mem1.n) > (unsigned)nKey1
        80449  +         || (pKeyInfo = pPKey2->pKeyInfo)->nAllField<=i
        80450  +        ){
 80073  80451             pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
 80074  80452             return 0;                /* Corruption */
 80075         -        }else if( (pKeyInfo = pPKey2->pKeyInfo)->aColl[i] ){
        80453  +        }else if( pKeyInfo->aColl[i] ){
 80076  80454             mem1.enc = pKeyInfo->enc;
 80077  80455             mem1.db = pKeyInfo->db;
 80078  80456             mem1.flags = MEM_Str;
 80079  80457             mem1.z = (char*)&aKey1[d1];
 80080  80458             rc = vdbeCompareMemString(
 80081  80459                 &mem1, pRhs, pKeyInfo->aColl[i], &pPKey2->errCode
 80082  80460             );
................................................................................
 80768  81146   ** Invoke the profile callback.  This routine is only called if we already
 80769  81147   ** know that the profile callback is defined and needs to be invoked.
 80770  81148   */
 80771  81149   static SQLITE_NOINLINE void invokeProfileCallback(sqlite3 *db, Vdbe *p){
 80772  81150     sqlite3_int64 iNow;
 80773  81151     sqlite3_int64 iElapse;
 80774  81152     assert( p->startTime>0 );
 80775         -  assert( db->xProfile!=0 || (db->mTrace & SQLITE_TRACE_PROFILE)!=0 );
        81153  +  assert( (db->mTrace & (SQLITE_TRACE_PROFILE|SQLITE_TRACE_XPROFILE))!=0 );
 80776  81154     assert( db->init.busy==0 );
 80777  81155     assert( p->zSql!=0 );
 80778  81156     sqlite3OsCurrentTimeInt64(db->pVfs, &iNow);
 80779  81157     iElapse = (iNow - p->startTime)*1000000;
        81158  +#ifndef SQLITE_OMIT_DEPRECATED  	
 80780  81159     if( db->xProfile ){
 80781  81160       db->xProfile(db->pProfileArg, p->zSql, iElapse);
 80782  81161     }
        81162  +#endif
 80783  81163     if( db->mTrace & SQLITE_TRACE_PROFILE ){
 80784  81164       db->xTrace(SQLITE_TRACE_PROFILE, db->pTraceArg, p, (void*)&iElapse);
 80785  81165     }
 80786  81166     p->startTime = 0;
 80787  81167   }
 80788  81168   /*
 80789  81169   ** The checkProfileCallback(DB,P) macro checks to see if a profile callback
................................................................................
 81289  81669     /* Check that malloc() has not failed. If it has, return early. */
 81290  81670     db = p->db;
 81291  81671     if( db->mallocFailed ){
 81292  81672       p->rc = SQLITE_NOMEM;
 81293  81673       return SQLITE_NOMEM_BKPT;
 81294  81674     }
 81295  81675   
 81296         -  if( p->pc<=0 && p->expired ){
        81676  +  if( p->pc<0 && p->expired ){
 81297  81677       p->rc = SQLITE_SCHEMA;
 81298  81678       rc = SQLITE_ERROR;
 81299  81679       goto end_of_step;
 81300  81680     }
 81301  81681     if( p->pc<0 ){
 81302  81682       /* If there are no other statements currently running, then
 81303  81683       ** reset the interrupt flag.  This prevents a call to sqlite3_interrupt
................................................................................
 81308  81688       }
 81309  81689   
 81310  81690       assert( db->nVdbeWrite>0 || db->autoCommit==0 
 81311  81691           || (db->nDeferredCons==0 && db->nDeferredImmCons==0)
 81312  81692       );
 81313  81693   
 81314  81694   #ifndef SQLITE_OMIT_TRACE
 81315         -    if( (db->xProfile || (db->mTrace & SQLITE_TRACE_PROFILE)!=0)
        81695  +    if( (db->mTrace & (SQLITE_TRACE_PROFILE|SQLITE_TRACE_XPROFILE))!=0
 81316  81696           && !db->init.busy && p->zSql ){
 81317  81697         sqlite3OsCurrentTimeInt64(db->pVfs, &p->startTime);
 81318  81698       }else{
 81319  81699         assert( p->startTime==0 );
 81320  81700       }
 81321  81701   #endif
 81322  81702   
................................................................................
 81335  81715   #endif /* SQLITE_OMIT_EXPLAIN */
 81336  81716     {
 81337  81717       db->nVdbeExec++;
 81338  81718       rc = sqlite3VdbeExec(p);
 81339  81719       db->nVdbeExec--;
 81340  81720     }
 81341  81721   
        81722  +  if( rc!=SQLITE_ROW ){
 81342  81723   #ifndef SQLITE_OMIT_TRACE
 81343         -  /* If the statement completed successfully, invoke the profile callback */
 81344         -  if( rc!=SQLITE_ROW ) checkProfileCallback(db, p);
        81724  +    /* If the statement completed successfully, invoke the profile callback */
        81725  +    checkProfileCallback(db, p);
 81345  81726   #endif
 81346  81727   
 81347         -  if( rc==SQLITE_DONE && db->autoCommit ){
 81348         -    assert( p->rc==SQLITE_OK );
 81349         -    p->rc = doWalCallbacks(db);
 81350         -    if( p->rc!=SQLITE_OK ){
 81351         -      rc = SQLITE_ERROR;
        81728  +    if( rc==SQLITE_DONE && db->autoCommit ){
        81729  +      assert( p->rc==SQLITE_OK );
        81730  +      p->rc = doWalCallbacks(db);
        81731  +      if( p->rc!=SQLITE_OK ){
        81732  +        rc = SQLITE_ERROR;
        81733  +      }
 81352  81734       }
 81353  81735     }
 81354  81736   
 81355  81737     db->errCode = rc;
 81356  81738     if( SQLITE_NOMEM==sqlite3ApiExit(p->db, p->rc) ){
 81357  81739       p->rc = SQLITE_NOMEM_BKPT;
 81358  81740     }
................................................................................
 81364  81746     ** contains the value that would be returned if sqlite3_finalize() 
 81365  81747     ** were called on statement p.
 81366  81748     */
 81367  81749     assert( rc==SQLITE_ROW  || rc==SQLITE_DONE   || rc==SQLITE_ERROR 
 81368  81750          || (rc&0xff)==SQLITE_BUSY || rc==SQLITE_MISUSE
 81369  81751     );
 81370  81752     assert( (p->rc!=SQLITE_ROW && p->rc!=SQLITE_DONE) || p->rc==p->rcApp );
 81371         -  if( (p->prepFlags & SQLITE_PREPARE_SAVESQL)!=0 
 81372         -   && rc!=SQLITE_ROW 
 81373         -   && rc!=SQLITE_DONE 
        81753  +  if( rc!=SQLITE_ROW 
        81754  +   && rc!=SQLITE_DONE
        81755  +   && (p->prepFlags & SQLITE_PREPARE_SAVESQL)!=0
 81374  81756     ){
 81375  81757       /* If this statement was prepared using saved SQL and an 
 81376  81758       ** error has occurred, then return the error code in p->rc to the
 81377  81759       ** caller. Set the error code in the database handle to the same value.
 81378  81760       */ 
 81379  81761       rc = sqlite3VdbeTransferError(p);
 81380  81762     }
................................................................................
 81988  82370       sqlite3_mutex_leave(p->db->mutex);
 81989  82371       return SQLITE_RANGE;
 81990  82372     }
 81991  82373     i--;
 81992  82374     pVar = &p->aVar[i];
 81993  82375     sqlite3VdbeMemRelease(pVar);
 81994  82376     pVar->flags = MEM_Null;
 81995         -  sqlite3Error(p->db, SQLITE_OK);
        82377  +  p->db->errCode = SQLITE_OK;
 81996  82378   
 81997  82379     /* If the bit corresponding to this variable in Vdbe.expmask is set, then 
 81998  82380     ** binding a new value to this variable invalidates the current query plan.
 81999  82381     **
 82000  82382     ** IMPLEMENTATION-OF: R-48440-37595 If the specific value bound to host
 82001  82383     ** parameter in the WHERE clause might influence the choice of query plan
 82002  82384     ** for a statement, then the statement will be automatically recompiled,
................................................................................
 82414  82796   
 82415  82797   #ifdef SQLITE_ENABLE_NORMALIZE
 82416  82798   /*
 82417  82799   ** Return the normalized SQL associated with a prepared statement.
 82418  82800   */
 82419  82801   SQLITE_API const char *sqlite3_normalized_sql(sqlite3_stmt *pStmt){
 82420  82802     Vdbe *p = (Vdbe *)pStmt;
 82421         -  return p ? p->zNormSql : 0;
        82803  +  if( p==0 ) return 0;
        82804  +  if( p->zNormSql==0 && ALWAYS(p->zSql!=0) ){
        82805  +    sqlite3_mutex_enter(p->db->mutex);
        82806  +    p->zNormSql = sqlite3Normalize(p, p->zSql);
        82807  +    sqlite3_mutex_leave(p->db->mutex);
        82808  +  }
        82809  +  return p->zNormSql;
 82422  82810   }
 82423  82811   #endif /* SQLITE_ENABLE_NORMALIZE */
 82424  82812   
 82425  82813   #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
 82426  82814   /*
 82427  82815   ** Allocate and populate an UnpackedRecord structure based on the serialized
 82428  82816   ** record in nKey/pKey. Return a pointer to the new UnpackedRecord structure
................................................................................
 83114  83502     VdbeCursor *pCx = 0;
 83115  83503     nByte = 
 83116  83504         ROUND8(sizeof(VdbeCursor)) + 2*sizeof(u32)*nField + 
 83117  83505         (eCurType==CURTYPE_BTREE?sqlite3BtreeCursorSize():0);
 83118  83506   
 83119  83507     assert( iCur>=0 && iCur<p->nCursor );
 83120  83508     if( p->apCsr[iCur] ){ /*OPTIMIZATION-IF-FALSE*/
        83509  +    /* Before calling sqlite3VdbeFreeCursor(), ensure the isEphemeral flag
        83510  +    ** is clear. Otherwise, if this is an ephemeral cursor created by 
        83511  +    ** OP_OpenDup, the cursor will not be closed and will still be part
        83512  +    ** of a BtShared.pCursor list.  */
        83513  +    p->apCsr[iCur]->isEphemeral = 0;
 83121  83514       sqlite3VdbeFreeCursor(p, p->apCsr[iCur]);
 83122  83515       p->apCsr[iCur] = 0;
 83123  83516     }
 83124  83517     if( SQLITE_OK==sqlite3VdbeMemClearAndResize(pMem, nByte) ){
 83125  83518       p->apCsr[iCur] = pCx = (VdbeCursor*)pMem->z;
 83126  83519       memset(pCx, 0, offsetof(VdbeCursor,pAltCursor));
 83127  83520       pCx->eCurType = eCurType;
................................................................................
 83254  83647   ** interpret as a string if we want to).  Compute its corresponding
 83255  83648   ** numeric type, if has one.  Set the pMem->u.r and pMem->u.i fields
 83256  83649   ** accordingly.
 83257  83650   */
 83258  83651   static u16 SQLITE_NOINLINE computeNumericType(Mem *pMem){
 83259  83652     assert( (pMem->flags & (MEM_Int|MEM_Real))==0 );
 83260  83653     assert( (pMem->flags & (MEM_Str|MEM_Blob))!=0 );
        83654  +  ExpandBlob(pMem);
 83261  83655     if( sqlite3AtoF(pMem->z, &pMem->u.r, pMem->n, pMem->enc)==0 ){
 83262  83656       return 0;
 83263  83657     }
 83264  83658     if( sqlite3Atoi64(pMem->z, &pMem->u.i, pMem->n, pMem->enc)==0 ){
 83265  83659       return MEM_Int;
 83266  83660     }
 83267  83661     return MEM_Real;
................................................................................
 84541  84935         case OP_Divide: {
 84542  84936           /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
 84543  84937           if( rA==(double)0 ) goto arithmetic_result_is_null;
 84544  84938           rB /= rA;
 84545  84939           break;
 84546  84940         }
 84547  84941         default: {
 84548         -        iA = (i64)rA;
 84549         -        iB = (i64)rB;
        84942  +        iA = sqlite3VdbeIntValue(pIn1);
        84943  +        iB = sqlite3VdbeIntValue(pIn2);
 84550  84944           if( iA==0 ) goto arithmetic_result_is_null;
 84551  84945           if( iA==-1 ) iA = 1;
 84552  84946           rB = (double)(iB % iA);
 84553  84947           break;
 84554  84948         }
 84555  84949       }
 84556  84950   #ifdef SQLITE_OMIT_FLOATING_POINT
................................................................................
 84888  85282       if( pOp->p5 & SQLITE_NULLEQ ){
 84889  85283         /* If SQLITE_NULLEQ is set (which will only happen if the operator is
 84890  85284         ** OP_Eq or OP_Ne) then take the jump or not depending on whether
 84891  85285         ** or not both operands are null.
 84892  85286         */
 84893  85287         assert( pOp->opcode==OP_Eq || pOp->opcode==OP_Ne );
 84894  85288         assert( (flags1 & MEM_Cleared)==0 );
 84895         -      assert( (pOp->p5 & SQLITE_JUMPIFNULL)==0 );
        85289  +      assert( (pOp->p5 & SQLITE_JUMPIFNULL)==0 || CORRUPT_DB );
        85290  +      testcase( (pOp->p5 & SQLITE_JUMPIFNULL)!=0 );
 84896  85291         if( (flags1&flags3&MEM_Null)!=0
 84897  85292          && (flags3&MEM_Cleared)==0
 84898  85293         ){
 84899  85294           res = 0;  /* Operands are equal */
 84900  85295         }else{
 84901  85296           res = 1;  /* Operands are not equal */
 84902  85297         }
................................................................................
 86572  86967   
 86573  86968     pCx = allocateCursor(p, pOp->p1, pOrig->nField, -1, CURTYPE_BTREE);
 86574  86969     if( pCx==0 ) goto no_mem;
 86575  86970     pCx->nullRow = 1;
 86576  86971     pCx->isEphemeral = 1;
 86577  86972     pCx->pKeyInfo = pOrig->pKeyInfo;
 86578  86973     pCx->isTable = pOrig->isTable;
 86579         -  rc = sqlite3BtreeCursor(pOrig->pBtx, MASTER_ROOT, BTREE_WRCSR,
        86974  +  pCx->pgnoRoot = pOrig->pgnoRoot;
        86975  +  rc = sqlite3BtreeCursor(pOrig->pBtx, pCx->pgnoRoot, BTREE_WRCSR,
 86580  86976                             pCx->pKeyInfo, pCx->uc.pCursor);
 86581  86977     /* The sqlite3BtreeCursor() routine can only fail for the first cursor
 86582  86978     ** opened for a database.  Since there is already an open cursor when this
 86583  86979     ** opcode is run, the sqlite3BtreeCursor() cannot fail */
 86584  86980     assert( rc==SQLITE_OK );
 86585  86981     break;
 86586  86982   }
................................................................................
 86589  86985   /* Opcode: OpenEphemeral P1 P2 * P4 P5
 86590  86986   ** Synopsis: nColumn=P2
 86591  86987   **
 86592  86988   ** Open a new cursor P1 to a transient table.
 86593  86989   ** The cursor is always opened read/write even if 
 86594  86990   ** the main database is read-only.  The ephemeral
 86595  86991   ** table is deleted automatically when the cursor is closed.
        86992  +**
        86993  +** If the cursor P1 is already opened on an ephemeral table, the table
        86994  +** is cleared (all content is erased).
 86596  86995   **
 86597  86996   ** P2 is the number of columns in the ephemeral table.
 86598  86997   ** The cursor points to a BTree table if P4==0 and to a BTree index
 86599  86998   ** if P4 is not 0.  If P4 is not NULL, it points to a KeyInfo structure
 86600  86999   ** that defines the format of keys in the index.
 86601  87000   **
 86602  87001   ** The P5 parameter can be a mask of the BTREE_* flags defined
................................................................................
 86621  87020         SQLITE_OPEN_READWRITE |
 86622  87021         SQLITE_OPEN_CREATE |
 86623  87022         SQLITE_OPEN_EXCLUSIVE |
 86624  87023         SQLITE_OPEN_DELETEONCLOSE |
 86625  87024         SQLITE_OPEN_TRANSIENT_DB;
 86626  87025     assert( pOp->p1>=0 );
 86627  87026     assert( pOp->p2>=0 );
 86628         -  pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_BTREE);
 86629         -  if( pCx==0 ) goto no_mem;
 86630         -  pCx->nullRow = 1;
 86631         -  pCx->isEphemeral = 1;
 86632         -  rc = sqlite3BtreeOpen(db->pVfs, 0, db, &pCx->pBtx, 
 86633         -                        BTREE_OMIT_JOURNAL | BTREE_SINGLE | pOp->p5, vfsFlags);
 86634         -  if( rc==SQLITE_OK ){
 86635         -    rc = sqlite3BtreeBeginTrans(pCx->pBtx, 1, 0);
 86636         -  }
 86637         -  if( rc==SQLITE_OK ){
 86638         -    /* If a transient index is required, create it by calling
 86639         -    ** sqlite3BtreeCreateTable() with the BTREE_BLOBKEY flag before
 86640         -    ** opening it. If a transient table is required, just use the
 86641         -    ** automatically created table with root-page 1 (an BLOB_INTKEY table).
 86642         -    */
 86643         -    if( (pCx->pKeyInfo = pKeyInfo = pOp->p4.pKeyInfo)!=0 ){
 86644         -      int pgno;
 86645         -      assert( pOp->p4type==P4_KEYINFO );
 86646         -      rc = sqlite3BtreeCreateTable(pCx->pBtx, &pgno, BTREE_BLOBKEY | pOp->p5); 
 86647         -      if( rc==SQLITE_OK ){
 86648         -        assert( pgno==MASTER_ROOT+1 );
 86649         -        assert( pKeyInfo->db==db );
 86650         -        assert( pKeyInfo->enc==ENC(db) );
 86651         -        rc = sqlite3BtreeCursor(pCx->pBtx, pgno, BTREE_WRCSR,
 86652         -                                pKeyInfo, pCx->uc.pCursor);
 86653         -      }
 86654         -      pCx->isTable = 0;
 86655         -    }else{
 86656         -      rc = sqlite3BtreeCursor(pCx->pBtx, MASTER_ROOT, BTREE_WRCSR,
 86657         -                              0, pCx->uc.pCursor);
 86658         -      pCx->isTable = 1;
 86659         -    }
 86660         -  }
 86661         -  if( rc ) goto abort_due_to_error;
 86662         -  pCx->isOrdered = (pOp->p5!=BTREE_UNORDERED);
        87027  +  pCx = p->apCsr[pOp->p1];
        87028  +  if( pCx ){
        87029  +    /* If the ephermeral table is already open, erase all existing content
        87030  +    ** so that the table is empty again, rather than creating a new table. */
        87031  +    rc = sqlite3BtreeClearTable(pCx->pBtx, pCx->pgnoRoot, 0);
        87032  +  }else{
        87033  +    pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_BTREE);
        87034  +    if( pCx==0 ) goto no_mem;
        87035  +    pCx->nullRow = 1;
        87036  +    pCx->isEphemeral = 1;
        87037  +    rc = sqlite3BtreeOpen(db->pVfs, 0, db, &pCx->pBtx, 
        87038  +                          BTREE_OMIT_JOURNAL | BTREE_SINGLE | pOp->p5,
        87039  +                          vfsFlags);
        87040  +    if( rc==SQLITE_OK ){
        87041  +      rc = sqlite3BtreeBeginTrans(pCx->pBtx, 1, 0);
        87042  +    }
        87043  +    if( rc==SQLITE_OK ){
        87044  +      /* If a transient index is required, create it by calling
        87045  +      ** sqlite3BtreeCreateTable() with the BTREE_BLOBKEY flag before
        87046  +      ** opening it. If a transient table is required, just use the
        87047  +      ** automatically created table with root-page 1 (an BLOB_INTKEY table).
        87048  +      */
        87049  +      if( (pCx->pKeyInfo = pKeyInfo = pOp->p4.pKeyInfo)!=0 ){
        87050  +        assert( pOp->p4type==P4_KEYINFO );
        87051  +        rc = sqlite3BtreeCreateTable(pCx->pBtx, (int*)&pCx->pgnoRoot,
        87052  +                                     BTREE_BLOBKEY | pOp->p5); 
        87053  +        if( rc==SQLITE_OK ){
        87054  +          assert( pCx->pgnoRoot==MASTER_ROOT+1 );
        87055  +          assert( pKeyInfo->db==db );
        87056  +          assert( pKeyInfo->enc==ENC(db) );
        87057  +          rc = sqlite3BtreeCursor(pCx->pBtx, pCx->pgnoRoot, BTREE_WRCSR,
        87058  +                                  pKeyInfo, pCx->uc.pCursor);
        87059  +        }
        87060  +        pCx->isTable = 0;
        87061  +      }else{
        87062  +        pCx->pgnoRoot = MASTER_ROOT;
        87063  +        rc = sqlite3BtreeCursor(pCx->pBtx, MASTER_ROOT, BTREE_WRCSR,
        87064  +                                0, pCx->uc.pCursor);
        87065  +        pCx->isTable = 1;
        87066  +      }
        87067  +    }
        87068  +    pCx->isOrdered = (pOp->p5!=BTREE_UNORDERED);
        87069  +  }
        87070  +  if( rc ) goto abort_due_to_error;
 86663  87071     break;
 86664  87072   }
 86665  87073   
 86666  87074   /* Opcode: SorterOpen P1 P2 P3 P4 *
 86667  87075   **
 86668  87076   ** This opcode works like OP_OpenEphemeral except that it opens
 86669  87077   ** a transient index that is specifically designed to sort large
................................................................................
 87305  87713   case OP_NotExists:          /* jump, in3 */
 87306  87714     pIn3 = &aMem[pOp->p3];
 87307  87715     assert( (pIn3->flags & MEM_Int)!=0 || pOp->opcode==OP_SeekRowid );
 87308  87716     assert( pOp->p1>=0 && pOp->p1<p->nCursor );
 87309  87717     pC = p->apCsr[pOp->p1];
 87310  87718     assert( pC!=0 );
 87311  87719   #ifdef SQLITE_DEBUG
 87312         -  pC->seekOp = OP_SeekRowid;
        87720  +  if( pOp->opcode==OP_SeekRowid ) pC->seekOp = OP_SeekRowid;
 87313  87721   #endif
 87314  87722     assert( pC->isTable );
 87315  87723     assert( pC->eCurType==CURTYPE_BTREE );
 87316  87724     pCrsr = pC->uc.pCursor;
 87317  87725     assert( pCrsr!=0 );
 87318  87726     res = 0;
 87319  87727     iKey = pIn3->u.i;
................................................................................
 88213  88621     assert( pOp->opcode!=OP_Prev || pOp->p4.xAdvance==sqlite3BtreePrevious );
 88214  88622   
 88215  88623     /* The Next opcode is only used after SeekGT, SeekGE, Rewind, and Found.
 88216  88624     ** The Prev opcode is only used after SeekLT, SeekLE, and Last. */
 88217  88625     assert( pOp->opcode!=OP_Next
 88218  88626          || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE
 88219  88627          || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found 
 88220         -       || pC->seekOp==OP_NullRow);
        88628  +       || pC->seekOp==OP_NullRow|| pC->seekOp==OP_SeekRowid);
 88221  88629     assert( pOp->opcode!=OP_Prev
 88222  88630          || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE
 88223  88631          || pC->seekOp==OP_Last 
 88224  88632          || pC->seekOp==OP_NullRow);
 88225  88633   
 88226  88634     rc = pOp->p4.xAdvance(pC->uc.pCursor, pOp->p3);
 88227  88635   next_tail:
................................................................................
 88743  89151          db->aDb[iDb].zDbSName, zMaster, pOp->p4.z);
 88744  89152       if( zSql==0 ){
 88745  89153         rc = SQLITE_NOMEM_BKPT;
 88746  89154       }else{
 88747  89155         assert( db->init.busy==0 );
 88748  89156         db->init.busy = 1;
 88749  89157         initData.rc = SQLITE_OK;
        89158  +      initData.nInitRow = 0;
 88750  89159         assert( !db->mallocFailed );
 88751  89160         rc = sqlite3_exec(db, zSql, sqlite3InitCallback, &initData, 0);
 88752  89161         if( rc==SQLITE_OK ) rc = initData.rc;
        89162  +      if( rc==SQLITE_OK && initData.nInitRow==0 ){
        89163  +        /* The OP_ParseSchema opcode with a non-NULL P4 argument should parse
        89164  +        ** at least one SQL statement. Any less than that indicates that
        89165  +        ** the sqlite_master table is corrupt. */
        89166  +        rc = SQLITE_CORRUPT_BKPT;
        89167  +      }
 88753  89168         sqlite3DbFreeNN(db, zSql);
 88754  89169         db->init.busy = 0;
 88755  89170       }
 88756  89171     }
 88757  89172     if( rc ){
 88758  89173       sqlite3ResetAllSchemasOfConnection(db);
 88759  89174       if( rc==SQLITE_NOMEM ){
................................................................................
 89108  89523     p->apCsr = (VdbeCursor **)&aMem[p->nMem];
 89109  89524     pFrame->aOnce = (u8*)&p->apCsr[pProgram->nCsr];
 89110  89525     memset(pFrame->aOnce, 0, (pProgram->nOp + 7)/8);
 89111  89526     p->aOp = aOp = pProgram->aOp;
 89112  89527     p->nOp = pProgram->nOp;
 89113  89528   #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
 89114  89529     p->anExec = 0;
        89530  +#endif
        89531  +#ifdef SQLITE_DEBUG
        89532  +  /* Verify that second and subsequent executions of the same trigger do not
        89533  +  ** try to reuse register values from the first use. */
        89534  +  {
        89535  +    int i;
        89536  +    for(i=0; i<p->nMem; i++){
        89537  +      aMem[i].pScopyFrom = 0;  /* Prevent false-positive AboutToChange() errs */
        89538  +      aMem[i].flags |= MEM_Undefined; /* Cause a fault if this reg is reused */
        89539  +    }
        89540  +  }
 89115  89541   #endif
 89116  89542     pOp = &aOp[-1];
 89117  89543   
 89118  89544     break;
 89119  89545   }
 89120  89546   
 89121  89547   /* Opcode: Param P1 P2 * * *
................................................................................
 89647  90073     sqlite3VdbeChangeEncoding(pOut, encoding);
 89648  90074     if( rc ) goto abort_due_to_error;
 89649  90075     break;
 89650  90076   };
 89651  90077   #endif /* SQLITE_OMIT_PRAGMA */
 89652  90078   
 89653  90079   #if !defined(SQLITE_OMIT_VACUUM) && !defined(SQLITE_OMIT_ATTACH)
 89654         -/* Opcode: Vacuum P1 * * * *
        90080  +/* Opcode: Vacuum P1 P2 * * *
 89655  90081   **
 89656  90082   ** Vacuum the entire database P1.  P1 is 0 for "main", and 2 or more
 89657  90083   ** for an attached database.  The "temp" database may not be vacuumed.
        90084  +**
        90085  +** If P2 is not zero, then it is a register holding a string which is
        90086  +** the file into which the result of vacuum should be written.  When
        90087  +** P2 is zero, the vacuum overwrites the original database.
 89658  90088   */
 89659  90089   case OP_Vacuum: {
 89660  90090     assert( p->readOnly==0 );
 89661         -  rc = sqlite3RunVacuum(&p->zErrMsg, db, pOp->p1);
        90091  +  rc = sqlite3RunVacuum(&p->zErrMsg, db, pOp->p1,
        90092  +                        pOp->p2 ? &aMem[pOp->p2] : 0);
 89662  90093     if( rc ) goto abort_due_to_error;
 89663  90094     break;
 89664  90095   }
 89665  90096   #endif
 89666  90097   
 89667  90098   #if !defined(SQLITE_OMIT_AUTOVACUUM)
 89668  90099   /* Opcode: IncrVacuum P1 P2 * * *
................................................................................
 89806  90237   ** P4 is the name of a virtual table in database P1.  Call the xDestroy method
 89807  90238   ** of that table.
 89808  90239   */
 89809  90240   case OP_VDestroy: {
 89810  90241     db->nVDestroy++;
 89811  90242     rc = sqlite3VtabCallDestroy(db, pOp->p1, pOp->p4.z);
 89812  90243     db->nVDestroy--;
        90244  +  assert( p->errorAction==OE_Abort && p->usesStmtJournal );
 89813  90245     if( rc ) goto abort_due_to_error;
 89814  90246     break;
 89815  90247   }
 89816  90248   #endif /* SQLITE_OMIT_VIRTUALTABLE */
 89817  90249   
 89818  90250   #ifndef SQLITE_OMIT_VIRTUALTABLE
 89819  90251   /* Opcode: VOpen P1 * * P4 *
................................................................................
 90049  90481     assert( pName->flags & MEM_Str );
 90050  90482     testcase( pName->enc==SQLITE_UTF8 );
 90051  90483     testcase( pName->enc==SQLITE_UTF16BE );
 90052  90484     testcase( pName->enc==SQLITE_UTF16LE );
 90053  90485     rc = sqlite3VdbeChangeEncoding(pName, SQLITE_UTF8);
 90054  90486     if( rc ) goto abort_due_to_error;
 90055  90487     rc = pVtab->pModule->xRename(pVtab, pName->z);
 90056         -  if( isLegacy==0 ) db->flags &= ~SQLITE_LegacyAlter;
        90488  +  if( isLegacy==0 ) db->flags &= ~(u64)SQLITE_LegacyAlter;
 90057  90489     sqlite3VtabImportErrmsg(p, pVtab);
 90058  90490     p->expired = 0;
 90059  90491     if( rc ) goto abort_due_to_error;
 90060  90492     break;
 90061  90493   }
 90062  90494   #endif
 90063  90495   
................................................................................
 94276  94708   ** an SQL statement.
 94277  94709   */
 94278  94710   /* #include "sqliteInt.h" */
 94279  94711   /* #include <stdlib.h> */
 94280  94712   /* #include <string.h> */
 94281  94713   
 94282  94714   
        94715  +#if !defined(SQLITE_OMIT_WINDOWFUNC)
        94716  +/*
        94717  +** Walk all expressions linked into the list of Window objects passed
        94718  +** as the second argument.
        94719  +*/
        94720  +static int walkWindowList(Walker *pWalker, Window *pList){
        94721  +  Window *pWin;
        94722  +  for(pWin=pList; pWin; pWin=pWin->pNextWin){
        94723  +    if( sqlite3WalkExprList(pWalker, pWin->pOrderBy) ) return WRC_Abort;
        94724  +    if( sqlite3WalkExprList(pWalker, pWin->pPartition) ) return WRC_Abort;
        94725  +    if( sqlite3WalkExpr(pWalker, pWin->pFilter) ) return WRC_Abort;
        94726  +  }
        94727  +  return WRC_Continue;
        94728  +}
        94729  +#endif
        94730  +
 94283  94731   /*
 94284  94732   ** Walk an expression tree.  Invoke the callback once for each node
 94285  94733   ** of the expression, while descending.  (In other words, the callback
 94286  94734   ** is invoked before visiting children.)
 94287  94735   **
 94288  94736   ** The return value from the callback should be one of the WRC_*
 94289  94737   ** constants to specify how to proceed with the walk.
................................................................................
 94315  94763         }else if( ExprHasProperty(pExpr, EP_xIsSelect) ){
 94316  94764           if( sqlite3WalkSelect(pWalker, pExpr->x.pSelect) ) return WRC_Abort;
 94317  94765         }else if( pExpr->x.pList ){
 94318  94766           if( sqlite3WalkExprList(pWalker, pExpr->x.pList) ) return WRC_Abort;
 94319  94767         }
 94320  94768   #ifndef SQLITE_OMIT_WINDOWFUNC
 94321  94769         if( ExprHasProperty(pExpr, EP_WinFunc) ){
 94322         -        Window *pWin = pExpr->y.pWin;
 94323         -        if( sqlite3WalkExprList(pWalker, pWin->pPartition) ) return WRC_Abort;
 94324         -        if( sqlite3WalkExprList(pWalker, pWin->pOrderBy) ) return WRC_Abort;
 94325         -        if( sqlite3WalkExpr(pWalker, pWin->pFilter) ) return WRC_Abort;
        94770  +        if( walkWindowList(pWalker, pExpr->y.pWin) ) return WRC_Abort;
 94326  94771         }
 94327  94772   #endif
 94328  94773       }
 94329  94774       break;
 94330  94775     }
 94331  94776     return WRC_Continue;
 94332  94777   }
................................................................................
 94358  94803   SQLITE_PRIVATE int sqlite3WalkSelectExpr(Walker *pWalker, Select *p){
 94359  94804     if( sqlite3WalkExprList(pWalker, p->pEList) ) return WRC_Abort;
 94360  94805     if( sqlite3WalkExpr(pWalker, p->pWhere) ) return WRC_Abort;
 94361  94806     if( sqlite3WalkExprList(pWalker, p->pGroupBy) ) return WRC_Abort;
 94362  94807     if( sqlite3WalkExpr(pWalker, p->pHaving) ) return WRC_Abort;
 94363  94808     if( sqlite3WalkExprList(pWalker, p->pOrderBy) ) return WRC_Abort;
 94364  94809     if( sqlite3WalkExpr(pWalker, p->pLimit) ) return WRC_Abort;
        94810  +#if !defined(SQLITE_OMIT_WINDOWFUNC) && !defined(SQLITE_OMIT_ALTERTABLE)
        94811  +  {
        94812  +    Parse *pParse = pWalker->pParse;
        94813  +    if( pParse && IN_RENAME_OBJECT ){
        94814  +      int rc = walkWindowList(pWalker, p->pWinDefn);
        94815  +      assert( rc==WRC_Continue );
        94816  +      return rc;
        94817  +    }
        94818  +  }
        94819  +#endif
 94365  94820     return WRC_Continue;
 94366  94821   }
 94367  94822   
 94368  94823   /*
 94369  94824   ** Walk the parse trees associated with all subqueries in the
 94370  94825   ** FROM clause of SELECT statement p.  Do not invoke the select
 94371  94826   ** callback on p, but do invoke it on each FROM clause subquery
................................................................................
 94509  94964     db = pParse->db;
 94510  94965     pDup = sqlite3ExprDup(db, pOrig, 0);
 94511  94966     if( pDup!=0 ){
 94512  94967       if( zType[0]!='G' ) incrAggFunctionDepth(pDup, nSubquery);
 94513  94968       if( pExpr->op==TK_COLLATE ){
 94514  94969         pDup = sqlite3ExprAddCollateString(pParse, pDup, pExpr->u.zToken);
 94515  94970       }
 94516         -    ExprSetProperty(pDup, EP_Alias);
 94517  94971   
 94518  94972       /* Before calling sqlite3ExprDelete(), set the EP_Static flag. This 
 94519  94973       ** prevents ExprDelete() from deleting the Expr structure itself,
 94520  94974       ** allowing it to be repopulated by the memcpy() on the following line.
 94521  94975       ** The pExpr->u.zToken might point into memory that will be freed by the
 94522  94976       ** sqlite3DbFree(db, pDup) on the last line of this block, so be sure to
 94523  94977       ** make a copy of the token before doing the sqlite3DbFree().
................................................................................
 94903  95357     **
 94904  95358     ** Because no reference was made to outer contexts, the pNC->nRef
 94905  95359     ** fields are not changed in any context.
 94906  95360     */
 94907  95361     if( cnt==0 && zTab==0 ){
 94908  95362       assert( pExpr->op==TK_ID );
 94909  95363       if( ExprHasProperty(pExpr,EP_DblQuoted) ){
        95364  +      /* If a double-quoted identifier does not match any known column name,
        95365  +      ** then treat it as a string.
        95366  +      **
        95367  +      ** This hack was added in the early days of SQLite in a misguided attempt
        95368  +      ** to be compatible with MySQL 3.x, which used double-quotes for strings.
        95369  +      ** I now sorely regret putting in this hack. The effect of this hack is
        95370  +      ** that misspelled identifier names are silently converted into strings
        95371  +      ** rather than causing an error, to the frustration of countless
        95372  +      ** programmers. To all those frustrated programmers, my apologies.
        95373  +      **
        95374  +      ** Someday, I hope to get rid of this hack. Unfortunately there is
        95375  +      ** a huge amount of legacy SQL that uses it. So for now, we just
        95376  +      ** issue a warning.
        95377  +      */
        95378  +      sqlite3_log(SQLITE_WARNING,
        95379  +        "double-quoted string literal: \"%w\"", zCol);
        95380  +#ifdef SQLITE_ENABLE_NORMALIZE
        95381  +      sqlite3VdbeAddDblquoteStr(db, pParse->pVdbe, zCol);
        95382  +#endif
 94910  95383         pExpr->op = TK_STRING;
 94911  95384         pExpr->y.pTab = 0;
 94912  95385         return WRC_Prune;
 94913  95386       }
 94914  95387       if( sqlite3ExprIdToTrueFalse(pExpr) ){
 94915  95388         return WRC_Prune;
 94916  95389       }
................................................................................
 95269  95742           }
 95270  95743         }
 95271  95744         sqlite3WalkExprList(pWalker, pList);
 95272  95745         if( is_agg ){
 95273  95746   #ifndef SQLITE_OMIT_WINDOWFUNC
 95274  95747           if( pExpr->y.pWin ){
 95275  95748             Select *pSel = pNC->pWinSelect;
        95749  +          sqlite3WindowUpdate(pParse, pSel->pWinDefn, pExpr->y.pWin, pDef);
 95276  95750             sqlite3WalkExprList(pWalker, pExpr->y.pWin->pPartition);
 95277  95751             sqlite3WalkExprList(pWalker, pExpr->y.pWin->pOrderBy);
 95278  95752             sqlite3WalkExpr(pWalker, pExpr->y.pWin->pFilter);
 95279         -          sqlite3WindowUpdate(pParse, pSel->pWinDefn, pExpr->y.pWin, pDef);
 95280  95753             if( 0==pSel->pWin 
 95281  95754              || 0==sqlite3WindowCompare(pParse, pSel->pWin, pExpr->y.pWin) 
 95282  95755             ){
 95283  95756               pExpr->y.pWin->pNextWin = pSel->pWin;
 95284  95757               pSel->pWin = pExpr->y.pWin;
 95285  95758             }
 95286  95759             pNC->ncFlags |= NC_AllowWin;
................................................................................
 95549  96022           if( iCol<=0 || iCol>pEList->nExpr ){
 95550  96023             resolveOutOfRangeError(pParse, "ORDER", i+1, pEList->nExpr);
 95551  96024             return 1;
 95552  96025           }
 95553  96026         }else{
 95554  96027           iCol = resolveAsName(pParse, pEList, pE);
 95555  96028           if( iCol==0 ){
 95556         -          pDup = sqlite3ExprDup(db, pE, 0);
        96029  +          /* Now test if expression pE matches one of the values returned
        96030  +          ** by pSelect. In the usual case this is done by duplicating the 
        96031  +          ** expression, resolving any symbols in it, and then comparing
        96032  +          ** it against each expression returned by the SELECT statement.
        96033  +          ** Once the comparisons are finished, the duplicate expression
        96034  +          ** is deleted.
        96035  +          **
        96036  +          ** Or, if this is running as part of an ALTER TABLE operation,
        96037  +          ** resolve the symbols in the actual expression, not a duplicate.
        96038  +          ** And, if one of the comparisons is successful, leave the expression
        96039  +          ** as is instead of transforming it to an integer as in the usual
        96040  +          ** case. This allows the code in alter.c to modify column
        96041  +          ** refererences within the ORDER BY expression as required.  */
        96042  +          if( IN_RENAME_OBJECT ){
        96043  +            pDup = pE;
        96044  +          }else{
        96045  +            pDup = sqlite3ExprDup(db, pE, 0);
        96046  +          }
 95557  96047             if( !db->mallocFailed ){
 95558  96048               assert(pDup);
 95559  96049               iCol = resolveOrderByTermToExprList(pParse, pSelect, pDup);
 95560  96050             }
 95561         -          sqlite3ExprDelete(db, pDup);
        96051  +          if( !IN_RENAME_OBJECT ){
        96052  +            sqlite3ExprDelete(db, pDup);
        96053  +          }
 95562  96054           }
 95563  96055         }
 95564  96056         if( iCol>0 ){
 95565  96057           /* Convert the ORDER BY term into an integer column number iCol,
 95566  96058           ** taking care to preserve the COLLATE clause if it exists */
 95567         -        Expr *pNew = sqlite3Expr(db, TK_INTEGER, 0);
 95568         -        if( pNew==0 ) return 1;
 95569         -        pNew->flags |= EP_IntValue;
 95570         -        pNew->u.iValue = iCol;
 95571         -        if( pItem->pExpr==pE ){
 95572         -          pItem->pExpr = pNew;
 95573         -        }else{
 95574         -          Expr *pParent = pItem->pExpr;
 95575         -          assert( pParent->op==TK_COLLATE );
 95576         -          while( pParent->pLeft->op==TK_COLLATE ) pParent = pParent->pLeft;
 95577         -          assert( pParent->pLeft==pE );
 95578         -          pParent->pLeft = pNew;
        96059  +        if( !IN_RENAME_OBJECT ){
        96060  +          Expr *pNew = sqlite3Expr(db, TK_INTEGER, 0);
        96061  +          if( pNew==0 ) return 1;
        96062  +          pNew->flags |= EP_IntValue;
        96063  +          pNew->u.iValue = iCol;
        96064  +          if( pItem->pExpr==pE ){
        96065  +            pItem->pExpr = pNew;
        96066  +          }else{
        96067  +            Expr *pParent = pItem->pExpr;
        96068  +            assert( pParent->op==TK_COLLATE );
        96069  +            while( pParent->pLeft->op==TK_COLLATE ) pParent = pParent->pLeft;
        96070  +            assert( pParent->pLeft==pE );
        96071  +            pParent->pLeft = pNew;
        96072  +          }
        96073  +          sqlite3ExprDelete(db, pE);
        96074  +          pItem->u.x.iOrderByCol = (u16)iCol;
 95579  96075           }
 95580         -        sqlite3ExprDelete(db, pE);
 95581         -        pItem->u.x.iOrderByCol = (u16)iCol;
 95582  96076           pItem->done = 1;
 95583  96077         }else{
 95584  96078           moreToDo = 1;
 95585  96079         }
 95586  96080       }
 95587  96081       pSelect = pSelect->pNext;
 95588  96082     }
................................................................................
 95922  96416           if( ExprHasProperty(pItem->pExpr, EP_Agg) ){
 95923  96417             sqlite3ErrorMsg(pParse, "aggregate functions are not allowed in "
 95924  96418                 "the GROUP BY clause");
 95925  96419             return WRC_Abort;
 95926  96420           }
 95927  96421         }
 95928  96422       }
        96423  +
        96424  +    if( IN_RENAME_OBJECT ){
        96425  +      Window *pWin;
        96426  +      for(pWin=p->pWinDefn; pWin; pWin=pWin->pNextWin){
        96427  +        if( sqlite3ResolveExprListNames(&sNC, pWin->pOrderBy)
        96428  +         || sqlite3ResolveExprListNames(&sNC, pWin->pPartition)
        96429  +        ){
        96430  +          return WRC_Abort;
        96431  +        }
        96432  +      }
        96433  +    }
 95929  96434   
 95930  96435       /* If this is part of a compound SELECT, check that it has the right
 95931  96436       ** number of expressions in the select list. */
 95932  96437       if( p->pNext && p->pEList->nExpr!=p->pNext->pEList->nExpr ){
 95933  96438         sqlite3SelectWrongNumTermsError(pParse, p->pNext);
 95934  96439         return WRC_Abort;
 95935  96440       }
................................................................................
 96073  96578     w.xSelectCallback2 = 0;
 96074  96579     w.pParse = pParse;
 96075  96580     w.u.pNC = pOuterNC;
 96076  96581     sqlite3WalkSelect(&w, p);
 96077  96582   }
 96078  96583   
 96079  96584   /*
 96080         -** Resolve names in expressions that can only reference a single table:
        96585  +** Resolve names in expressions that can only reference a single table
        96586  +** or which cannot reference any tables at all.  Examples:
 96081  96587   **
 96082         -**    *   CHECK constraints
 96083         -**    *   WHERE clauses on partial indices
        96588  +**    (1)   CHECK constraints
        96589  +**    (2)   WHERE clauses on partial indices
        96590  +**    (3)   Expressions in indexes on expressions
        96591  +**    (4)   Expression arguments to VACUUM INTO.
 96084  96592   **
 96085         -** The Expr.iTable value for Expr.op==TK_COLUMN nodes of the expression
 96086         -** is set to -1 and the Expr.iColumn value is set to the column number.
        96593  +** In all cases except (4), the Expr.iTable value for Expr.op==TK_COLUMN
        96594  +** nodes of the expression is set to -1 and the Expr.iColumn value is
        96595  +** set to the column number.  In case (4), TK_COLUMN nodes cause an error.
 96087  96596   **
 96088  96597   ** Any errors cause an error message to be set in pParse.
 96089  96598   */
 96090         -SQLITE_PRIVATE void sqlite3ResolveSelfReference(
        96599  +SQLITE_PRIVATE int sqlite3ResolveSelfReference(
 96091  96600     Parse *pParse,      /* Parsing context */
 96092         -  Table *pTab,        /* The table being referenced */
 96093         -  int type,           /* NC_IsCheck or NC_PartIdx or NC_IdxExpr */
        96601  +  Table *pTab,        /* The table being referenced, or NULL */
        96602  +  int type,           /* NC_IsCheck or NC_PartIdx or NC_IdxExpr, or 0 */
 96094  96603     Expr *pExpr,        /* Expression to resolve.  May be NULL. */
 96095  96604     ExprList *pList     /* Expression list to resolve.  May be NULL. */
 96096  96605   ){
 96097  96606     SrcList sSrc;                   /* Fake SrcList for pParse->pNewTable */
 96098  96607     NameContext sNC;                /* Name context for pParse->pNewTable */
        96608  +  int rc;
 96099  96609   
 96100         -  assert( type==NC_IsCheck || type==NC_PartIdx || type==NC_IdxExpr );
        96610  +  assert( type==0 || pTab!=0 );
        96611  +  assert( type==NC_IsCheck || type==NC_PartIdx || type==NC_IdxExpr || pTab==0 );
 96101  96612     memset(&sNC, 0, sizeof(sNC));
 96102  96613     memset(&sSrc, 0, sizeof(sSrc));
 96103         -  sSrc.nSrc = 1;
 96104         -  sSrc.a[0].zName = pTab->zName;
 96105         -  sSrc.a[0].pTab = pTab;
 96106         -  sSrc.a[0].iCursor = -1;
        96614  +  if( pTab ){
        96615  +    sSrc.nSrc = 1;
        96616  +    sSrc.a[0].zName = pTab->zName;
        96617  +    sSrc.a[0].pTab = pTab;
        96618  +    sSrc.a[0].iCursor = -1;
        96619  +  }
 96107  96620     sNC.pParse = pParse;
 96108  96621     sNC.pSrcList = &sSrc;
 96109  96622     sNC.ncFlags = type;
 96110         -  if( sqlite3ResolveExprNames(&sNC, pExpr) ) return;
 96111         -  if( pList ) sqlite3ResolveExprListNames(&sNC, pList);
        96623  +  if( (rc = sqlite3ResolveExprNames(&sNC, pExpr))!=SQLITE_OK ) return rc;
        96624  +  if( pList ) rc = sqlite3ResolveExprListNames(&sNC, pList);
        96625  +  return rc;
 96112  96626   }
 96113  96627   
 96114  96628   /************** End of resolve.c *********************************************/
 96115  96629   /************** Begin file expr.c ********************************************/
 96116  96630   /*
 96117  96631   ** 2001 September 15
 96118  96632   **
................................................................................
 96252  96766   SQLITE_PRIVATE CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
 96253  96767     sqlite3 *db = pParse->db;
 96254  96768     CollSeq *pColl = 0;
 96255  96769     Expr *p = pExpr;
 96256  96770     while( p ){
 96257  96771       int op = p->op;
 96258  96772       if( p->flags & EP_Generic ) break;
 96259         -    if( (op==TK_AGG_COLUMN || op==TK_COLUMN
 96260         -          || op==TK_REGISTER || op==TK_TRIGGER)
        96773  +    if( op==TK_REGISTER ) op = p->op2;
        96774  +    if( (op==TK_AGG_COLUMN || op==TK_COLUMN || op==TK_TRIGGER)
 96261  96775        && p->y.pTab!=0
 96262  96776       ){
 96263  96777         /* op==TK_REGISTER && p->y.pTab!=0 happens when pExpr was originally
 96264  96778         ** a TK_COLUMN but was previously evaluated and cached in a register */
 96265  96779         int j = p->iColumn;
 96266  96780         if( j>=0 ){
 96267  96781           const char *zColl = p->y.pTab->aCol[j].zColl;
................................................................................
 96269  96783         }
 96270  96784         break;
 96271  96785       }
 96272  96786       if( op==TK_CAST || op==TK_UPLUS ){
 96273  96787         p = p->pLeft;
 96274  96788         continue;
 96275  96789       }
 96276         -    if( op==TK_COLLATE || (op==TK_REGISTER && p->op2==TK_COLLATE) ){
        96790  +    if( op==TK_COLLATE ){
 96277  96791         pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
 96278  96792         break;
 96279  96793       }
 96280  96794       if( p->flags & EP_Collate ){
 96281  96795         if( p->pLeft && (p->pLeft->flags & EP_Collate)!=0 ){
 96282  96796           p = p->pLeft;
 96283  96797         }else{
................................................................................
 96576  97090         pRet->iColumn = iField;
 96577  97091         pRet->pLeft = pVector;
 96578  97092       }
 96579  97093       assert( pRet==0 || pRet->iTable==0 );
 96580  97094     }else{
 96581  97095       if( pVector->op==TK_VECTOR ) pVector = pVector->x.pList->a[iField].pExpr;
 96582  97096       pRet = sqlite3ExprDup(pParse->db, pVector, 0);
        97097  +    sqlite3RenameTokenRemap(pParse, pRet, pVector);
 96583  97098     }
 96584  97099     return pRet;
 96585  97100   }
 96586  97101   
 96587  97102   /*
 96588  97103   ** If expression pExpr is of type TK_SELECT, generate code to evaluate
 96589  97104   ** it. Return the register in which the result is stored (or, if the 
................................................................................
 96592  97107   **
 96593  97108   ** If pExpr is not a TK_SELECT expression, return 0.
 96594  97109   */
 96595  97110   static int exprCodeSubselect(Parse *pParse, Expr *pExpr){
 96596  97111     int reg = 0;
 96597  97112   #ifndef SQLITE_OMIT_SUBQUERY
 96598  97113     if( pExpr->op==TK_SELECT ){
 96599         -    reg = sqlite3CodeSubselect(pParse, pExpr, 0, 0);
        97114  +    reg = sqlite3CodeSubselect(pParse, pExpr);
 96600  97115     }
 96601  97116   #endif
 96602  97117     return reg;
 96603  97118   }
 96604  97119   
 96605  97120   /*
 96606  97121   ** Argument pVector points to a vector expression - either a TK_VECTOR
................................................................................
 96664  97179     Expr *pLeft = pExpr->pLeft;
 96665  97180     Expr *pRight = pExpr->pRight;
 96666  97181     int nLeft = sqlite3ExprVectorSize(pLeft);
 96667  97182     int i;
 96668  97183     int regLeft = 0;
 96669  97184     int regRight = 0;
 96670  97185     u8 opx = op;
 96671         -  int addrDone = sqlite3VdbeMakeLabel(v);
        97186  +  int addrDone = sqlite3VdbeMakeLabel(pParse);
 96672  97187   
 96673  97188     if( nLeft!=sqlite3ExprVectorSize(pRight) ){
 96674  97189       sqlite3ErrorMsg(pParse, "row value misused");
 96675  97190       return;
 96676  97191     }
 96677  97192     assert( pExpr->op==TK_EQ || pExpr->op==TK_NE 
 96678  97193          || pExpr->op==TK_IS || pExpr->op==TK_ISNOT 
................................................................................
 96891  97406           pNew->u.iValue = iValue;
 96892  97407         }else{
 96893  97408           pNew->u.zToken = (char*)&pNew[1];
 96894  97409           assert( pToken->z!=0 || pToken->n==0 );
 96895  97410           if( pToken->n ) memcpy(pNew->u.zToken, pToken->z, pToken->n);
 96896  97411           pNew->u.zToken[pToken->n] = 0;
 96897  97412           if( dequote && sqlite3Isquote(pNew->u.zToken[0]) ){
 96898         -          if( pNew->u.zToken[0]=='"' ) pNew->flags |= EP_DblQuoted;
 96899         -          sqlite3Dequote(pNew->u.zToken);
        97413  +          sqlite3DequoteExpr(pNew);
 96900  97414           }
 96901  97415         }
 96902  97416       }
 96903  97417   #if SQLITE_MAX_EXPR_DEPTH>0
 96904  97418       pNew->nHeight = 1;
 96905  97419   #endif  
 96906  97420     }
................................................................................
 96961  97475   SQLITE_PRIVATE Expr *sqlite3PExpr(
 96962  97476     Parse *pParse,          /* Parsing context */
 96963  97477     int op,                 /* Expression opcode */
 96964  97478     Expr *pLeft,            /* Left operand */
 96965  97479     Expr *pRight            /* Right operand */
 96966  97480   ){
 96967  97481     Expr *p;
 96968         -  if( op==TK_AND && pParse->nErr==0 ){
        97482  +  if( op==TK_AND && pParse->nErr==0 && !IN_RENAME_OBJECT ){
 96969  97483       /* Take advantage of short-circuit false optimization for AND */
 96970  97484       p = sqlite3ExprAnd(pParse->db, pLeft, pRight);
 96971  97485     }else{
 96972  97486       p = sqlite3DbMallocRawNN(pParse->db, sizeof(Expr));
 96973  97487       if( p ){
 96974  97488         memset(p, 0, sizeof(Expr));
 96975  97489         p->op = op & TKFLG_MASK;
................................................................................
 97209  97723   ** EXPR_REDUCEDSIZE or EXPR_TOKENONLYSIZE.
 97210  97724   */
 97211  97725   static int exprStructSize(Expr *p){
 97212  97726     if( ExprHasProperty(p, EP_TokenOnly) ) return EXPR_TOKENONLYSIZE;
 97213  97727     if( ExprHasProperty(p, EP_Reduced) ) return EXPR_REDUCEDSIZE;
 97214  97728     return EXPR_FULLSIZE;
 97215  97729   }
        97730  +
        97731  +/*
        97732  +** Copy the complete content of an Expr node, taking care not to read
        97733  +** past the end of the structure for a reduced-size version of the source
        97734  +** Expr.
        97735  +*/
        97736  +static void exprNodeCopy(Expr *pDest, Expr *pSrc){
        97737  +  memset(pDest, 0, sizeof(Expr));
        97738  +  memcpy(pDest, pSrc, exprStructSize(pSrc));
        97739  +}
 97216  97740   
 97217  97741   /*
 97218  97742   ** The dupedExpr*Size() routines each return the number of bytes required
 97219  97743   ** to store a copy of an expression or expression tree.  They differ in
 97220  97744   ** how much of the tree is measured.
 97221  97745   **
 97222  97746   **     dupedExprStructSize()     Size of only the Expr structure 
................................................................................
 97440  97964       }
 97441  97965     }
 97442  97966     return pRet;
 97443  97967   }
 97444  97968   #else
 97445  97969   # define withDup(x,y) 0
 97446  97970   #endif
        97971  +
        97972  +#ifndef SQLITE_OMIT_WINDOWFUNC
        97973  +/*
        97974  +** The gatherSelectWindows() procedure and its helper routine
        97975  +** gatherSelectWindowsCallback() are used to scan all the expressions
        97976  +** an a newly duplicated SELECT statement and gather all of the Window
        97977  +** objects found there, assembling them onto the linked list at Select->pWin.
        97978  +*/
        97979  +static int gatherSelectWindowsCallback(Walker *pWalker, Expr *pExpr){
        97980  +  if( pExpr->op==TK_FUNCTION && pExpr->y.pWin!=0 ){
        97981  +    assert( ExprHasProperty(pExpr, EP_WinFunc) );
        97982  +    pExpr->y.pWin->pNextWin = pWalker->u.pSelect->pWin;
        97983  +    pWalker->u.pSelect->pWin = pExpr->y.pWin;
        97984  +  }
        97985  +  return WRC_Continue;
        97986  +}
        97987  +static int gatherSelectWindowsSelectCallback(Walker *pWalker, Select *p){
        97988  +  return p==pWalker->u.pSelect ? WRC_Continue : WRC_Prune;
        97989  +}
        97990  +static void gatherSelectWindows(Select *p){
        97991  +  Walker w;
        97992  +  w.xExprCallback = gatherSelectWindowsCallback;
        97993  +  w.xSelectCallback = gatherSelectWindowsSelectCallback;
        97994  +  w.xSelectCallback2 = 0;
        97995  +  w.pParse = 0;
        97996  +  w.u.pSelect = p;
        97997  +  sqlite3WalkSelect(&w, p);
        97998  +}
        97999  +#endif
        98000  +
 97447  98001   
 97448  98002   /*
 97449  98003   ** The following group of routines make deep copies of expressions,
 97450  98004   ** expression lists, ID lists, and select statements.  The copies can
 97451  98005   ** be deleted (by being passed to their respective ...Delete() routines)
 97452  98006   ** without effecting the originals.
 97453  98007   **
................................................................................
 97608  98162       pNew->addrOpenEphm[0] = -1;
 97609  98163       pNew->addrOpenEphm[1] = -1;
 97610  98164       pNew->nSelectRow = p->nSelectRow;
 97611  98165       pNew->pWith = withDup(db, p->pWith);
 97612  98166   #ifndef SQLITE_OMIT_WINDOWFUNC
 97613  98167       pNew->pWin = 0;
 97614  98168       pNew->pWinDefn = sqlite3WindowListDup(db, p->pWinDefn);
        98169  +    if( p->pWin ) gatherSelectWindows(pNew);
 97615  98170   #endif
 97616  98171       pNew->selId = p->selId;
 97617  98172       *pp = pNew;
 97618  98173       pp = &pNew->pPrior;
 97619  98174       pNext = pNew;
 97620  98175     }
 97621  98176   
................................................................................
 97740  98295   
 97741  98296       /* Remember the size of the LHS in iTable so that we can check that
 97742  98297       ** the RHS and LHS sizes match during code generation. */
 97743  98298       pFirst->iTable = pColumns->nId;
 97744  98299     }
 97745  98300   
 97746  98301   vector_append_error:
        98302  +  if( IN_RENAME_OBJECT ){
        98303  +    sqlite3RenameExprUnmap(pParse, pExpr);
        98304  +  }
 97747  98305     sqlite3ExprDelete(db, pExpr);
 97748  98306     sqlite3IdListDelete(db, pColumns);
 97749  98307     return pList;
 97750  98308   }
 97751  98309   
 97752  98310   /*
 97753  98311   ** Set the sort order for the last element on the given ExprList.
................................................................................
 97883  98441   /*
 97884  98442   ** If the input expression is an ID with the name "true" or "false"
 97885  98443   ** then convert it into an TK_TRUEFALSE term.  Return non-zero if
 97886  98444   ** the conversion happened, and zero if the expression is unaltered.
 97887  98445   */
 97888  98446   SQLITE_PRIVATE int sqlite3ExprIdToTrueFalse(Expr *pExpr){
 97889  98447     assert( pExpr->op==TK_ID || pExpr->op==TK_STRING );
 97890         -  if( sqlite3StrICmp(pExpr->u.zToken, "true")==0
 97891         -   || sqlite3StrICmp(pExpr->u.zToken, "false")==0
        98448  +  if( !ExprHasProperty(pExpr, EP_Quoted)
        98449  +   && (sqlite3StrICmp(pExpr->u.zToken, "true")==0
        98450  +       || sqlite3StrICmp(pExpr->u.zToken, "false")==0)
 97892  98451     ){
 97893  98452       pExpr->op = TK_TRUEFALSE;
 97894  98453       return 1;
 97895  98454     }
 97896  98455     return 0;
 97897  98456   }
 97898  98457   
................................................................................
 98193  98752   ** be a small performance hit but is otherwise harmless.  On the other
 98194  98753   ** hand, a false negative (returning FALSE when the result could be NULL)
 98195  98754   ** will likely result in an incorrect answer.  So when in doubt, return
 98196  98755   ** TRUE.
 98197  98756   */
 98198  98757   SQLITE_PRIVATE int sqlite3ExprCanBeNull(const Expr *p){
 98199  98758     u8 op;
 98200         -  while( p->op==TK_UPLUS || p->op==TK_UMINUS ){ p = p->pLeft; }
        98759  +  while( p->op==TK_UPLUS || p->op==TK_UMINUS ){
        98760  +    p = p->pLeft;
        98761  +  }
 98201  98762     op = p->op;
 98202  98763     if( op==TK_REGISTER ) op = p->op2;
 98203  98764     switch( op ){
 98204  98765       case TK_INTEGER:
 98205  98766       case TK_STRING:
 98206  98767       case TK_FLOAT:
 98207  98768       case TK_BLOB:
................................................................................
 98260  98821   */
 98261  98822   SQLITE_PRIVATE int sqlite3IsRowid(const char *z){
 98262  98823     if( sqlite3StrICmp(z, "_ROWID_")==0 ) return 1;
 98263  98824     if( sqlite3StrICmp(z, "ROWID")==0 ) return 1;
 98264  98825     if( sqlite3StrICmp(z, "OID")==0 ) return 1;
 98265  98826     return 0;
 98266  98827   }
 98267         -#ifdef SQLITE_ENABLE_NORMALIZE
 98268         -SQLITE_PRIVATE int sqlite3IsRowidN(const char *z, int n){
 98269         -  if( sqlite3StrNICmp(z, "_ROWID_", n)==0 ) return 1;
 98270         -  if( sqlite3StrNICmp(z, "ROWID", n)==0 ) return 1;
 98271         -  if( sqlite3StrNICmp(z, "OID", n)==0 ) return 1;
 98272         -  return 0;
 98273         -}
 98274         -#endif
 98275  98828   
 98276  98829   /*
 98277  98830   ** pX is the RHS of an IN operator.  If pX is a SELECT statement 
 98278  98831   ** that can be simplified to a direct table access, then return
 98279  98832   ** a pointer to the SELECT statement.  If pX is not a SELECT statement,
 98280  98833   ** or if the SELECT statement needs to be manifested into a transient
 98281  98834   ** table, then return NULL.
................................................................................
 98437  98990   */
 98438  98991   #ifndef SQLITE_OMIT_SUBQUERY
 98439  98992   SQLITE_PRIVATE int sqlite3FindInIndex(
 98440  98993     Parse *pParse,             /* Parsing context */
 98441  98994     Expr *pX,                  /* The right-hand side (RHS) of the IN operator */
 98442  98995     u32 inFlags,               /* IN_INDEX_LOOP, _MEMBERSHIP, and/or _NOOP_OK */
 98443  98996     int *prRhsHasNull,         /* Register holding NULL status.  See notes */
 98444         -  int *aiMap                 /* Mapping from Index fields to RHS fields */
        98997  +  int *aiMap,                /* Mapping from Index fields to RHS fields */
        98998  +  int *piTab                 /* OUT: index to use */
 98445  98999   ){
 98446  99000     Select *p;                            /* SELECT to the right of IN operator */
 98447  99001     int eType = 0;                        /* Type of RHS table. IN_INDEX_* */
 98448  99002     int iTab = pParse->nTab++;            /* Cursor of the RHS table */
 98449  99003     int mustBeUnique;                     /* True if RHS must be unique */
 98450  99004     Vdbe *v = sqlite3GetVdbe(pParse);     /* Virtual machine being coded */
 98451  99005   
................................................................................
 98532  99086   
 98533  99087         if( affinity_ok ){
 98534  99088           /* Search for an existing index that will work for this IN operator */
 98535  99089           for(pIdx=pTab->pIndex; pIdx && eType==0; pIdx=pIdx->pNext){
 98536  99090             Bitmask colUsed;      /* Columns of the index used */
 98537  99091             Bitmask mCol;         /* Mask for the current column */
 98538  99092             if( pIdx->nColumn<nExpr ) continue;
        99093  +          if( pIdx->pPartIdxWhere!=0 ) continue;
 98539  99094             /* Maximum nColumn is BMS-2, not BMS-1, so that we can compute
 98540  99095             ** BITMASK(nExpr) without overflowing */
 98541  99096             testcase( pIdx->nColumn==BMS-2 );
 98542  99097             testcase( pIdx->nColumn==BMS-1 );
 98543  99098             if( pIdx->nColumn>=BMS-1 ) continue;
 98544  99099             if( mustBeUnique ){
 98545  99100               if( pIdx->nKeyCol>nExpr
................................................................................
 98628  99183         pParse->nQueryLoop = 0;
 98629  99184         if( pX->pLeft->iColumn<0 && !ExprHasProperty(pX, EP_xIsSelect) ){
 98630  99185           eType = IN_INDEX_ROWID;
 98631  99186         }
 98632  99187       }else if( prRhsHasNull ){
 98633  99188         *prRhsHasNull = rMayHaveNull = ++pParse->nMem;
 98634  99189       }
 98635         -    sqlite3CodeSubselect(pParse, pX, rMayHaveNull, eType==IN_INDEX_ROWID);
        99190  +    assert( pX->op==TK_IN );
        99191  +    sqlite3CodeRhsOfIN(pParse, pX, iTab, eType==IN_INDEX_ROWID);
        99192  +    if( rMayHaveNull ){
        99193  +      sqlite3SetHasNullFlag(v, iTab, rMayHaveNull);
        99194  +    }
 98636  99195       pParse->nQueryLoop = savedNQueryLoop;
 98637         -  }else{
 98638         -    pX->iTable = iTab;
 98639  99196     }
 98640  99197   
 98641  99198     if( aiMap && eType!=IN_INDEX_INDEX_ASC && eType!=IN_INDEX_INDEX_DESC ){
 98642  99199       int i, n;
 98643  99200       n = sqlite3ExprVectorSize(pX->pLeft);
 98644  99201       for(i=0; i<n; i++) aiMap[i] = i;
 98645  99202     }
        99203  +  *piTab = iTab;
 98646  99204     return eType;
 98647  99205   }
 98648  99206   #endif
 98649  99207   
 98650  99208   #ifndef SQLITE_OMIT_SUBQUERY
 98651  99209   /*
 98652  99210   ** Argument pExpr is an (?, ?...) IN(...) expression. This 
................................................................................
 98712  99270     }else
 98713  99271   #endif
 98714  99272     {
 98715  99273       sqlite3ErrorMsg(pParse, "row value misused");
 98716  99274     }
 98717  99275   }
 98718  99276   
        99277  +#ifndef SQLITE_OMIT_SUBQUERY
 98719  99278   /*
 98720         -** Generate code for scalar subqueries used as a subquery expression, EXISTS,
 98721         -** or IN operators.  Examples:
        99279  +** Generate code that will construct an ephemeral table containing all terms
        99280  +** in the RHS of an IN operator.  The IN operator can be in either of two
        99281  +** forms:
 98722  99282   **
 98723         -**     (SELECT a FROM b)          -- subquery
 98724         -**     EXISTS (SELECT a FROM b)   -- EXISTS subquery
 98725  99283   **     x IN (4,5,11)              -- IN operator with list on right-hand side
 98726  99284   **     x IN (SELECT a FROM b)     -- IN operator with subquery on the right
 98727  99285   **
 98728         -** The pExpr parameter describes the expression that contains the IN
 98729         -** operator or subquery.
 98730         -**
 98731         -** If parameter isRowid is non-zero, then expression pExpr is guaranteed
 98732         -** to be of the form "<rowid> IN (?, ?, ?)", where <rowid> is a reference
 98733         -** to some integer key column of a table B-Tree. In this case, use an
 98734         -** intkey B-Tree to store the set of IN(...) values instead of the usual
 98735         -** (slower) variable length keys B-Tree.
 98736         -**
 98737         -** If rMayHaveNull is non-zero, that means that the operation is an IN
 98738         -** (not a SELECT or EXISTS) and that the RHS might contains NULLs.
 98739         -** All this routine does is initialize the register given by rMayHaveNull
 98740         -** to NULL.  Calling routines will take care of changing this register
 98741         -** value to non-NULL if the RHS is NULL-free.
 98742         -**
 98743         -** For a SELECT or EXISTS operator, return the register that holds the
 98744         -** result.  For a multi-column SELECT, the result is stored in a contiguous
 98745         -** array of registers and the return value is the register of the left-most
 98746         -** result column.  Return 0 for IN operators or if an error occurs.
 98747         -*/
 98748         -#ifndef SQLITE_OMIT_SUBQUERY
 98749         -SQLITE_PRIVATE int sqlite3CodeSubselect(
        99286  +** The pExpr parameter is the IN operator.  The cursor number for the
        99287  +** constructed ephermeral table is returned.  The first time the ephemeral
        99288  +** table is computed, the cursor number is also stored in pExpr->iTable,
        99289  +** however the cursor number returned might not be the same, as it might
        99290  +** have been duplicated using OP_OpenDup.
        99291  +**
        99292  +** If parameter isRowid is non-zero, then LHS of the IN operator is guaranteed
        99293  +** to be a non-null integer. In this case, the ephemeral table can be an
        99294  +** table B-Tree that keyed by only integers.  The more general cases uses
        99295  +** an index B-Tree which can have arbitrary keys, but is slower to both
        99296  +** read and write.
        99297  +**
        99298  +** If the LHS expression ("x" in the examples) is a column value, or
        99299  +** the SELECT statement returns a column value, then the affinity of that
        99300  +** column is used to build the index keys. If both 'x' and the
        99301  +** SELECT... statement are columns, then numeric affinity is used
        99302  +** if either column has NUMERIC or INTEGER affinity. If neither
        99303  +** 'x' nor the SELECT... statement are columns, then numeric affinity
        99304  +** is used.
        99305  +*/
        99306  +SQLITE_PRIVATE void sqlite3CodeRhsOfIN(
 98750  99307     Parse *pParse,          /* Parsing context */
 98751         -  Expr *pExpr,            /* The IN, SELECT, or EXISTS operator */
 98752         -  int rHasNullFlag,       /* Register that records whether NULLs exist in RHS */
 98753         -  int isRowid             /* If true, LHS of IN operator is a rowid */
 98754         -){
 98755         -  int jmpIfDynamic = -1;                      /* One-time test address */
 98756         -  int rReg = 0;                           /* Register storing resulting */
 98757         -  Vdbe *v = sqlite3GetVdbe(pParse);
 98758         -  if( NEVER(v==0) ) return 0;
 98759         -
 98760         -  /* The evaluation of the IN/EXISTS/SELECT must be repeated every time it
        99308  +  Expr *pExpr,            /* The IN operator */
        99309  +  int iTab,               /* Use this cursor number */
        99310  +  int isRowid             /* If true, LHS is a rowid */
        99311  +){
        99312  +  int addrOnce = 0;           /* Address of the OP_Once instruction at top */
        99313  +  int addr;                   /* Address of OP_OpenEphemeral instruction */
        99314  +  Expr *pLeft;                /* the LHS of the IN operator */
        99315  +  KeyInfo *pKeyInfo = 0;      /* Key information */
        99316  +  int nVal;                   /* Size of vector pLeft */
        99317  +  Vdbe *v;                    /* The prepared statement under construction */
        99318  +
        99319  +  v = pParse->pVdbe;
        99320  +  assert( v!=0 );
        99321  +
        99322  +  /* The evaluation of the IN must be repeated every time it
        99323  +  ** is encountered if any of the following is true:
        99324  +  **
        99325  +  **    *  The right-hand side is a correlated subquery
        99326  +  **    *  The right-hand side is an expression list containing variables
        99327  +  **    *  We are inside a trigger
        99328  +  **
        99329  +  ** If all of the above are false, then we can compute the RHS just once
        99330  +  ** and reuse it many names.
        99331  +  */
        99332  +  if( !ExprHasProperty(pExpr, EP_VarSelect) && pParse->iSelfTab==0 ){
        99333  +    /* Reuse of the RHS is allowed */
        99334  +    /* If this routine has already been coded, but the previous code
        99335  +    ** might not have been invoked yet, so invoke it now as a subroutine. 
        99336  +    */
        99337  +    if( ExprHasProperty(pExpr, EP_Subrtn) ){
        99338  +      addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
        99339  +      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
        99340  +        ExplainQueryPlan((pParse, 0, "REUSE LIST SUBQUERY %d",
        99341  +              pExpr->x.pSelect->selId));
        99342  +      }
        99343  +      sqlite3VdbeAddOp2(v, OP_Gosub, pExpr->y.sub.regReturn,
        99344  +                        pExpr->y.sub.iAddr);
        99345  +      sqlite3VdbeAddOp2(v, OP_OpenDup, iTab, pExpr->iTable);
        99346  +      sqlite3VdbeJumpHere(v, addrOnce);
        99347  +      return;
        99348  +    }
        99349  +
        99350  +    /* Begin coding the subroutine */
        99351  +    ExprSetProperty(pExpr, EP_Subrtn);
        99352  +    pExpr->y.sub.regReturn = ++pParse->nMem;
        99353  +    pExpr->y.sub.iAddr =
        99354  +      sqlite3VdbeAddOp2(v, OP_Integer, 0, pExpr->y.sub.regReturn) + 1;
        99355  +    VdbeComment((v, "return address"));
        99356  +
        99357  +    addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
        99358  +  }
        99359  +
        99360  +  /* Check to see if this is a vector IN operator */
        99361  +  pLeft = pExpr->pLeft;
        99362  +  nVal = sqlite3ExprVectorSize(pLeft);
        99363  +  assert( !isRowid || nVal==1 );
        99364  +
        99365  +  /* Construct the ephemeral table that will contain the content of
        99366  +  ** RHS of the IN operator.
        99367  +  */
        99368  +  pExpr->iTable = iTab;
        99369  +  addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, 
        99370  +      pExpr->iTable, (isRowid?0:nVal));
        99371  +#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
        99372  +  if( ExprHasProperty(pExpr, EP_xIsSelect) ){
        99373  +    VdbeComment((v, "Result of SELECT %u", pExpr->x.pSelect->selId));
        99374  +  }else{
        99375  +    VdbeComment((v, "RHS of IN operator"));
        99376  +  }
        99377  +#endif
        99378  +  pKeyInfo = isRowid ? 0 : sqlite3KeyInfoAlloc(pParse->db, nVal, 1);
        99379  +
        99380  +  if( ExprHasProperty(pExpr, EP_xIsSelect) ){
        99381  +    /* Case 1:     expr IN (SELECT ...)
        99382  +    **
        99383  +    ** Generate code to write the results of the select into the temporary
        99384  +    ** table allocated and opened above.
        99385  +    */
        99386  +    Select *pSelect = pExpr->x.pSelect;
        99387  +    ExprList *pEList = pSelect->pEList;
        99388  +
        99389  +    ExplainQueryPlan((pParse, 1, "%sLIST SUBQUERY %d",
        99390  +        addrOnce?"":"CORRELATED ", pSelect->selId
        99391  +    ));
        99392  +    assert( !isRowid );
        99393  +    /* If the LHS and RHS of the IN operator do not match, that
        99394  +    ** error will have been caught long before we reach this point. */
        99395  +    if( ALWAYS(pEList->nExpr==nVal) ){
        99396  +      SelectDest dest;
        99397  +      int i;
        99398  +      sqlite3SelectDestInit(&dest, SRT_Set, iTab);
        99399  +      dest.zAffSdst = exprINAffinity(pParse, pExpr);
        99400  +      pSelect->iLimit = 0;
        99401  +      testcase( pSelect->selFlags & SF_Distinct );
        99402  +      testcase( pKeyInfo==0 ); /* Caused by OOM in sqlite3KeyInfoAlloc() */
        99403  +      if( sqlite3Select(pParse, pSelect, &dest) ){
        99404  +        sqlite3DbFree(pParse->db, dest.zAffSdst);
        99405  +        sqlite3KeyInfoUnref(pKeyInfo);
        99406  +        return;
        99407  +      }
        99408  +      sqlite3DbFree(pParse->db, dest.zAffSdst);
        99409  +      assert( pKeyInfo!=0 ); /* OOM will cause exit after sqlite3Select() */
        99410  +      assert( pEList!=0 );
        99411  +      assert( pEList->nExpr>0 );
        99412  +      assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
        99413  +      for(i=0; i<nVal; i++){
        99414  +        Expr *p = sqlite3VectorFieldSubexpr(pLeft, i);
        99415  +        pKeyInfo->aColl[i] = sqlite3BinaryCompareCollSeq(
        99416  +            pParse, p, pEList->a[i].pExpr
        99417  +        );
        99418  +      }
        99419  +    }
        99420  +  }else if( ALWAYS(pExpr->x.pList!=0) ){
        99421  +    /* Case 2:     expr IN (exprlist)
        99422  +    **
        99423  +    ** For each expression, build an index key from the evaluation and
        99424  +    ** store it in the temporary table. If <expr> is a column, then use
        99425  +    ** that columns affinity when building index keys. If <expr> is not
        99426  +    ** a column, use numeric affinity.
        99427  +    */
        99428  +    char affinity;            /* Affinity of the LHS of the IN */
        99429  +    int i;
        99430  +    ExprList *pList = pExpr->x.pList;
        99431  +    struct ExprList_item *pItem;
        99432  +    int r1, r2, r3;
        99433  +    affinity = sqlite3ExprAffinity(pLeft);
        99434  +    if( !affinity ){
        99435  +      affinity = SQLITE_AFF_BLOB;
        99436  +    }
        99437  +    if( pKeyInfo ){
        99438  +      assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
        99439  +      pKeyInfo->aColl[0] = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
        99440  +    }
        99441  +
        99442  +    /* Loop through each expression in <exprlist>. */
        99443  +    r1 = sqlite3GetTempReg(pParse);
        99444  +    r2 = sqlite3GetTempReg(pParse);
        99445  +    if( isRowid ) sqlite3VdbeAddOp4(v, OP_Blob, 0, r2, 0, "", P4_STATIC);
        99446  +    for(i=pList->nExpr, pItem=pList->a; i>0; i--, pItem++){
        99447  +      Expr *pE2 = pItem->pExpr;
        99448  +      int iValToIns;
        99449  +
        99450  +      /* If the expression is not constant then we will need to
        99451  +      ** disable the test that was generated above that makes sure
        99452  +      ** this code only executes once.  Because for a non-constant
        99453  +      ** expression we need to rerun this code each time.
        99454  +      */
        99455  +      if( addrOnce && !sqlite3ExprIsConstant(pE2) ){
        99456  +        sqlite3VdbeChangeToNoop(v, addrOnce);
        99457  +        addrOnce = 0;
        99458  +      }
        99459  +
        99460  +      /* Evaluate the expression and insert it into the temp table */
        99461  +      if( isRowid && sqlite3ExprIsInteger(pE2, &iValToIns) ){
        99462  +        sqlite3VdbeAddOp3(v, OP_InsertInt, iTab, r2, iValToIns);
        99463  +      }else{
        99464  +        r3 = sqlite3ExprCodeTarget(pParse, pE2, r1);
        99465  +        if( isRowid ){
        99466  +          sqlite3VdbeAddOp2(v, OP_MustBeInt, r3,
        99467  +                            sqlite3VdbeCurrentAddr(v)+2);
        99468  +          VdbeCoverage(v);
        99469  +          sqlite3VdbeAddOp3(v, OP_Insert, iTab, r2, r3);
        99470  +        }else{
        99471  +          sqlite3VdbeAddOp4(v, OP_MakeRecord, r3, 1, r2, &affinity, 1);
        99472  +          sqlite3VdbeAddOp4Int(v, OP_IdxInsert, iTab, r2, r3, 1);
        99473  +        }
        99474  +      }
        99475  +    }
        99476  +    sqlite3ReleaseTempReg(pParse, r1);
        99477  +    sqlite3ReleaseTempReg(pParse, r2);
        99478  +  }
        99479  +  if( pKeyInfo ){
        99480  +    sqlite3VdbeChangeP4(v, addr, (void *)pKeyInfo, P4_KEYINFO);
        99481  +  }
        99482  +  if( addrOnce ){
        99483  +    sqlite3VdbeJumpHere(v, addrOnce);
        99484  +    /* Subroutine return */
        99485  +    sqlite3VdbeAddOp1(v, OP_Return, pExpr->y.sub.regReturn);
        99486  +    sqlite3VdbeChangeP1(v, pExpr->y.sub.iAddr-1, sqlite3VdbeCurrentAddr(v)-1);
        99487  +  }
        99488  +}
        99489  +#endif /* SQLITE_OMIT_SUBQUERY */
        99490  +
        99491  +/*
        99492  +** Generate code for scalar subqueries used as a subquery expression
        99493  +** or EXISTS operator:
        99494  +**
        99495  +**     (SELECT a FROM b)          -- subquery
        99496  +**     EXISTS (SELECT a FROM b)   -- EXISTS subquery
        99497  +**
        99498  +** The pExpr parameter is the SELECT or EXISTS operator to be coded.
        99499  +**
        99500  +** The register that holds the result.  For a multi-column SELECT, 
        99501  +** the result is stored in a contiguous array of registers and the
        99502  +** return value is the register of the left-most result column.
        99503  +** Return 0 if an error occurs.
        99504  +*/
        99505  +#ifndef SQLITE_OMIT_SUBQUERY
        99506  +SQLITE_PRIVATE int sqlite3CodeSubselect(Parse *pParse, Expr *pExpr){
        99507  +  int addrOnce = 0;           /* Address of OP_Once at top of subroutine */
        99508  +  int rReg = 0;               /* Register storing resulting */
        99509  +  Select *pSel;               /* SELECT statement to encode */
        99510  +  SelectDest dest;            /* How to deal with SELECT result */
        99511  +  int nReg;                   /* Registers to allocate */
        99512  +  Expr *pLimit;               /* New limit expression */
        99513  +
        99514  +  Vdbe *v = pParse->pVdbe;
        99515  +  assert( v!=0 );
        99516  +  testcase( pExpr->op==TK_EXISTS );
        99517  +  testcase( pExpr->op==TK_SELECT );
        99518  +  assert( pExpr->op==TK_EXISTS || pExpr->op==TK_SELECT );
        99519  +  assert( ExprHasProperty(pExpr, EP_xIsSelect) );
        99520  +  pSel = pExpr->x.pSelect;
        99521  +
        99522  +  /* The evaluation of the EXISTS/SELECT must be repeated every time it
 98761  99523     ** is encountered if any of the following is true:
 98762  99524     **
 98763  99525     **    *  The right-hand side is a correlated subquery
 98764  99526     **    *  The right-hand side is an expression list containing variables
 98765  99527     **    *  We are inside a trigger
 98766  99528     **
 98767  99529     ** If all of the above are false, then we can run this code just once
 98768  99530     ** save the results, and reuse the same result on subsequent invocations.
 98769  99531     */
 98770  99532     if( !ExprHasProperty(pExpr, EP_VarSelect) ){
 98771         -    jmpIfDynamic = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
 98772         -  }
 98773         -
 98774         -  switch( pExpr->op ){
 98775         -    case TK_IN: {
 98776         -      int addr;                   /* Address of OP_OpenEphemeral instruction */
 98777         -      Expr *pLeft = pExpr->pLeft; /* the LHS of the IN operator */
 98778         -      KeyInfo *pKeyInfo = 0;      /* Key information */
 98779         -      int nVal;                   /* Size of vector pLeft */
 98780         -      
 98781         -      nVal = sqlite3ExprVectorSize(pLeft);
 98782         -      assert( !isRowid || nVal==1 );
 98783         -
 98784         -      /* Whether this is an 'x IN(SELECT...)' or an 'x IN(<exprlist>)'
 98785         -      ** expression it is handled the same way.  An ephemeral table is 
 98786         -      ** filled with index keys representing the results from the 
 98787         -      ** SELECT or the <exprlist>.
 98788         -      **
 98789         -      ** If the 'x' expression is a column value, or the SELECT...
 98790         -      ** statement returns a column value, then the affinity of that
 98791         -      ** column is used to build the index keys. If both 'x' and the
 98792         -      ** SELECT... statement are columns, then numeric affinity is used
 98793         -      ** if either column has NUMERIC or INTEGER affinity. If neither
 98794         -      ** 'x' nor the SELECT... statement are columns, then numeric affinity
 98795         -      ** is used.
 98796         -      */
 98797         -      pExpr->iTable = pParse->nTab++;
 98798         -      addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, 
 98799         -          pExpr->iTable, (isRowid?0:nVal));
 98800         -      pKeyInfo = isRowid ? 0 : sqlite3KeyInfoAlloc(pParse->db, nVal, 1);
 98801         -
 98802         -      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
 98803         -        /* Case 1:     expr IN (SELECT ...)
 98804         -        **
 98805         -        ** Generate code to write the results of the select into the temporary
 98806         -        ** table allocated and opened above.
 98807         -        */
 98808         -        Select *pSelect = pExpr->x.pSelect;
 98809         -        ExprList *pEList = pSelect->pEList;
 98810         -
 98811         -        ExplainQueryPlan((pParse, 1, "%sLIST SUBQUERY",
 98812         -            jmpIfDynamic>=0?"":"CORRELATED "
 98813         -        ));
 98814         -        assert( !isRowid );
 98815         -        /* If the LHS and RHS of the IN operator do not match, that
 98816         -        ** error will have been caught long before we reach this point. */
 98817         -        if( ALWAYS(pEList->nExpr==nVal) ){
 98818         -          SelectDest dest;
 98819         -          int i;
 98820         -          sqlite3SelectDestInit(&dest, SRT_Set, pExpr->iTable);
 98821         -          dest.zAffSdst = exprINAffinity(pParse, pExpr);
 98822         -          pSelect->iLimit = 0;
 98823         -          testcase( pSelect->selFlags & SF_Distinct );
 98824         -          testcase( pKeyInfo==0 ); /* Caused by OOM in sqlite3KeyInfoAlloc() */
 98825         -          if( sqlite3Select(pParse, pSelect, &dest) ){
 98826         -            sqlite3DbFree(pParse->db, dest.zAffSdst);
 98827         -            sqlite3KeyInfoUnref(pKeyInfo);
 98828         -            return 0;
 98829         -          }
 98830         -          sqlite3DbFree(pParse->db, dest.zAffSdst);
 98831         -          assert( pKeyInfo!=0 ); /* OOM will cause exit after sqlite3Select() */
 98832         -          assert( pEList!=0 );
 98833         -          assert( pEList->nExpr>0 );
 98834         -          assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
 98835         -          for(i=0; i<nVal; i++){
 98836         -            Expr *p = sqlite3VectorFieldSubexpr(pLeft, i);
 98837         -            pKeyInfo->aColl[i] = sqlite3BinaryCompareCollSeq(
 98838         -                pParse, p, pEList->a[i].pExpr
 98839         -            );
 98840         -          }
 98841         -        }
 98842         -      }else if( ALWAYS(pExpr->x.pList!=0) ){
 98843         -        /* Case 2:     expr IN (exprlist)
 98844         -        **
 98845         -        ** For each expression, build an index key from the evaluation and
 98846         -        ** store it in the temporary table. If <expr> is a column, then use
 98847         -        ** that columns affinity when building index keys. If <expr> is not
 98848         -        ** a column, use numeric affinity.
 98849         -        */
 98850         -        char affinity;            /* Affinity of the LHS of the IN */
 98851         -        int i;
 98852         -        ExprList *pList = pExpr->x.pList;
 98853         -        struct ExprList_item *pItem;
 98854         -        int r1, r2, r3;
 98855         -        affinity = sqlite3ExprAffinity(pLeft);
 98856         -        if( !affinity ){
 98857         -          affinity = SQLITE_AFF_BLOB;
 98858         -        }
 98859         -        if( pKeyInfo ){
 98860         -          assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
 98861         -          pKeyInfo->aColl[0] = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
 98862         -        }
 98863         -
 98864         -        /* Loop through each expression in <exprlist>. */
 98865         -        r1 = sqlite3GetTempReg(pParse);
 98866         -        r2 = sqlite3GetTempReg(pParse);
 98867         -        if( isRowid ) sqlite3VdbeAddOp4(v, OP_Blob, 0, r2, 0, "", P4_STATIC);
 98868         -        for(i=pList->nExpr, pItem=pList->a; i>0; i--, pItem++){
 98869         -          Expr *pE2 = pItem->pExpr;
 98870         -          int iValToIns;
 98871         -
 98872         -          /* If the expression is not constant then we will need to
 98873         -          ** disable the test that was generated above that makes sure
 98874         -          ** this code only executes once.  Because for a non-constant
 98875         -          ** expression we need to rerun this code each time.
 98876         -          */
 98877         -          if( jmpIfDynamic>=0 && !sqlite3ExprIsConstant(pE2) ){
 98878         -            sqlite3VdbeChangeToNoop(v, jmpIfDynamic);
 98879         -            jmpIfDynamic = -1;
 98880         -          }
 98881         -
 98882         -          /* Evaluate the expression and insert it into the temp table */
 98883         -          if( isRowid && sqlite3ExprIsInteger(pE2, &iValToIns) ){
 98884         -            sqlite3VdbeAddOp3(v, OP_InsertInt, pExpr->iTable, r2, iValToIns);
 98885         -          }else{
 98886         -            r3 = sqlite3ExprCodeTarget(pParse, pE2, r1);
 98887         -            if( isRowid ){
 98888         -              sqlite3VdbeAddOp2(v, OP_MustBeInt, r3,
 98889         -                                sqlite3VdbeCurrentAddr(v)+2);
 98890         -              VdbeCoverage(v);
 98891         -              sqlite3VdbeAddOp3(v, OP_Insert, pExpr->iTable, r2, r3);
 98892         -            }else{
 98893         -              sqlite3VdbeAddOp4(v, OP_MakeRecord, r3, 1, r2, &affinity, 1);
 98894         -              sqlite3VdbeAddOp4Int(v, OP_IdxInsert, pExpr->iTable, r2, r3, 1);
 98895         -            }
 98896         -          }
 98897         -        }
 98898         -        sqlite3ReleaseTempReg(pParse, r1);
 98899         -        sqlite3ReleaseTempReg(pParse, r2);
 98900         -      }
 98901         -      if( pKeyInfo ){
 98902         -        sqlite3VdbeChangeP4(v, addr, (void *)pKeyInfo, P4_KEYINFO);
 98903         -      }
 98904         -      break;
 98905         -    }
 98906         -
 98907         -    case TK_EXISTS:
 98908         -    case TK_SELECT:
 98909         -    default: {
 98910         -      /* Case 3:    (SELECT ... FROM ...)
 98911         -      **     or:    EXISTS(SELECT ... FROM ...)
 98912         -      **
 98913         -      ** For a SELECT, generate code to put the values for all columns of
 98914         -      ** the first row into an array of registers and return the index of
 98915         -      ** the first register.
 98916         -      **
 98917         -      ** If this is an EXISTS, write an integer 0 (not exists) or 1 (exists)
 98918         -      ** into a register and return that register number.
 98919         -      **
 98920         -      ** In both cases, the query is augmented with "LIMIT 1".  Any 
 98921         -      ** preexisting limit is discarded in place of the new LIMIT 1.
 98922         -      */
 98923         -      Select *pSel;                         /* SELECT statement to encode */
 98924         -      SelectDest dest;                      /* How to deal with SELECT result */
 98925         -      int nReg;                             /* Registers to allocate */
 98926         -      Expr *pLimit;                         /* New limit expression */
 98927         -
 98928         -      testcase( pExpr->op==TK_EXISTS );
 98929         -      testcase( pExpr->op==TK_SELECT );
 98930         -      assert( pExpr->op==TK_EXISTS || pExpr->op==TK_SELECT );
 98931         -      assert( ExprHasProperty(pExpr, EP_xIsSelect) );
 98932         -
 98933         -      pSel = pExpr->x.pSelect;
 98934         -      ExplainQueryPlan((pParse, 1, "%sSCALAR SUBQUERY",
 98935         -            jmpIfDynamic>=0?"":"CORRELATED "));
 98936         -      nReg = pExpr->op==TK_SELECT ? pSel->pEList->nExpr : 1;
 98937         -      sqlite3SelectDestInit(&dest, 0, pParse->nMem+1);
 98938         -      pParse->nMem += nReg;
 98939         -      if( pExpr->op==TK_SELECT ){
 98940         -        dest.eDest = SRT_Mem;
 98941         -        dest.iSdst = dest.iSDParm;
 98942         -        dest.nSdst = nReg;
 98943         -        sqlite3VdbeAddOp3(v, OP_Null, 0, dest.iSDParm, dest.iSDParm+nReg-1);
 98944         -        VdbeComment((v, "Init subquery result"));
 98945         -      }else{
 98946         -        dest.eDest = SRT_Exists;
 98947         -        sqlite3VdbeAddOp2(v, OP_Integer, 0, dest.iSDParm);
 98948         -        VdbeComment((v, "Init EXISTS result"));
 98949         -      }
 98950         -      pLimit = sqlite3ExprAlloc(pParse->db, TK_INTEGER,&sqlite3IntTokens[1], 0);
 98951         -      if( pSel->pLimit ){
 98952         -        sqlite3ExprDelete(pParse->db, pSel->pLimit->pLeft);
 98953         -        pSel->pLimit->pLeft = pLimit;
 98954         -      }else{
 98955         -        pSel->pLimit = sqlite3PExpr(pParse, TK_LIMIT, pLimit, 0);
 98956         -      }
 98957         -      pSel->iLimit = 0;
 98958         -      if( sqlite3Select(pParse, pSel, &dest) ){
 98959         -        return 0;
 98960         -      }
 98961         -      rReg = dest.iSDParm;
 98962         -      ExprSetVVAProperty(pExpr, EP_NoReduce);
 98963         -      break;
 98964         -    }
 98965         -  }
 98966         -
 98967         -  if( rHasNullFlag ){
 98968         -    sqlite3SetHasNullFlag(v, pExpr->iTable, rHasNullFlag);
 98969         -  }
 98970         -
 98971         -  if( jmpIfDynamic>=0 ){
 98972         -    sqlite3VdbeJumpHere(v, jmpIfDynamic);
        99533  +    /* If this routine has already been coded, then invoke it as a
        99534  +    ** subroutine. */
        99535  +    if( ExprHasProperty(pExpr, EP_Subrtn) ){
        99536  +      ExplainQueryPlan((pParse, 0, "REUSE SUBQUERY %d", pSel->selId));
        99537  +      sqlite3VdbeAddOp2(v, OP_Gosub, pExpr->y.sub.regReturn,
        99538  +                        pExpr->y.sub.iAddr);
        99539  +      return pExpr->iTable;
        99540  +    }
        99541  +
        99542  +    /* Begin coding the subroutine */
        99543  +    ExprSetProperty(pExpr, EP_Subrtn);
        99544  +    pExpr->y.sub.regReturn = ++pParse->nMem;
        99545  +    pExpr->y.sub.iAddr =
        99546  +      sqlite3VdbeAddOp2(v, OP_Integer, 0, pExpr->y.sub.regReturn) + 1;
        99547  +    VdbeComment((v, "return address"));
        99548  +
        99549  +    addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
        99550  +  }
        99551  +  
        99552  +  /* For a SELECT, generate code to put the values for all columns of
        99553  +  ** the first row into an array of registers and return the index of
        99554  +  ** the first register.
        99555  +  **
        99556  +  ** If this is an EXISTS, write an integer 0 (not exists) or 1 (exists)
        99557  +  ** into a register and return that register number.
        99558  +  **
        99559  +  ** In both cases, the query is augmented with "LIMIT 1".  Any 
        99560  +  ** preexisting limit is discarded in place of the new LIMIT 1.
        99561  +  */
        99562  +  ExplainQueryPlan((pParse, 1, "%sSCALAR SUBQUERY %d",
        99563  +        addrOnce?"":"CORRELATED ", pSel->selId));
        99564  +  nReg = pExpr->op==TK_SELECT ? pSel->pEList->nExpr : 1;
        99565  +  sqlite3SelectDestInit(&dest, 0, pParse->nMem+1);
        99566  +  pParse->nMem += nReg;
        99567  +  if( pExpr->op==TK_SELECT ){
        99568  +    dest.eDest = SRT_Mem;
        99569  +    dest.iSdst = dest.iSDParm;
        99570  +    dest.nSdst = nReg;
        99571  +    sqlite3VdbeAddOp3(v, OP_Null, 0, dest.iSDParm, dest.iSDParm+nReg-1);
        99572  +    VdbeComment((v, "Init subquery result"));
        99573  +  }else{
        99574  +    dest.eDest = SRT_Exists;
        99575  +    sqlite3VdbeAddOp2(v, OP_Integer, 0, dest.iSDParm);
        99576  +    VdbeComment((v, "Init EXISTS result"));
        99577  +  }
        99578  +  pLimit = sqlite3ExprAlloc(pParse->db, TK_INTEGER,&sqlite3IntTokens[1], 0);
        99579  +  if( pSel->pLimit ){
        99580  +    sqlite3ExprDelete(pParse->db, pSel->pLimit->pLeft);
        99581  +    pSel->pLimit->pLeft = pLimit;
        99582  +  }else{
        99583  +    pSel->pLimit = sqlite3PExpr(pParse, TK_LIMIT, pLimit, 0);
        99584  +  }
        99585  +  pSel->iLimit = 0;
        99586  +  if( sqlite3Select(pParse, pSel, &dest) ){
        99587  +    return 0;
        99588  +  }
        99589  +  pExpr->iTable = rReg = dest.iSDParm;
        99590  +  ExprSetVVAProperty(pExpr, EP_NoReduce);
        99591  +  if( addrOnce ){
        99592  +    sqlite3VdbeJumpHere(v, addrOnce);
        99593  +
        99594  +    /* Subroutine return */
        99595  +    sqlite3VdbeAddOp1(v, OP_Return, pExpr->y.sub.regReturn);
        99596  +    sqlite3VdbeChangeP1(v, pExpr->y.sub.iAddr-1, sqlite3VdbeCurrentAddr(v)-1);
 98973  99597     }
 98974  99598   
 98975  99599     return rReg;
 98976  99600   }
 98977  99601   #endif /* SQLITE_OMIT_SUBQUERY */
 98978  99602   
 98979  99603   #ifndef SQLITE_OMIT_SUBQUERY
................................................................................
 99042  99666     Expr *pLeft;          /* The LHS of the IN operator */
 99043  99667     int i;                /* loop counter */
 99044  99668     int destStep2;        /* Where to jump when NULLs seen in step 2 */
 99045  99669     int destStep6 = 0;    /* Start of code for Step 6 */
 99046  99670     int addrTruthOp;      /* Address of opcode that determines the IN is true */
 99047  99671     int destNotNull;      /* Jump here if a comparison is not true in step 6 */
 99048  99672     int addrTop;          /* Top of the step-6 loop */ 
        99673  +  int iTab = 0;         /* Index to use */
 99049  99674   
 99050  99675     pLeft = pExpr->pLeft;
 99051  99676     if( sqlite3ExprCheckIN(pParse, pExpr) ) return;
 99052  99677     zAff = exprINAffinity(pParse, pExpr);
 99053  99678     nVector = sqlite3ExprVectorSize(pExpr->pLeft);
 99054  99679     aiMap = (int*)sqlite3DbMallocZero(
 99055  99680         pParse->db, nVector*(sizeof(int) + sizeof(char)) + 1
 99056  99681     );
 99057  99682     if( pParse->db->mallocFailed ) goto sqlite3ExprCodeIN_oom_error;
 99058  99683   
 99059  99684     /* Attempt to compute the RHS. After this step, if anything other than
 99060         -  ** IN_INDEX_NOOP is returned, the table opened ith cursor pExpr->iTable 
        99685  +  ** IN_INDEX_NOOP is returned, the table opened with cursor iTab
 99061  99686     ** contains the values that make up the RHS. If IN_INDEX_NOOP is returned,
 99062  99687     ** the RHS has not yet been coded.  */
 99063  99688     v = pParse->pVdbe;
 99064  99689     assert( v!=0 );       /* OOM detected prior to this routine */
 99065  99690     VdbeNoopComment((v, "begin IN expr"));
 99066  99691     eType = sqlite3FindInIndex(pParse, pExpr,
 99067  99692                                IN_INDEX_MEMBERSHIP | IN_INDEX_NOOP_OK,
 99068         -                             destIfFalse==destIfNull ? 0 : &rRhsHasNull, aiMap);
        99693  +                             destIfFalse==destIfNull ? 0 : &rRhsHasNull,
        99694  +                             aiMap, &iTab);
 99069  99695   
 99070  99696     assert( pParse->nErr || nVector==1 || eType==IN_INDEX_EPH
 99071  99697          || eType==IN_INDEX_INDEX_ASC || eType==IN_INDEX_INDEX_DESC 
 99072  99698     );
 99073  99699   #ifdef SQLITE_DEBUG
 99074  99700     /* Confirm that aiMap[] contains nVector integer values between 0 and
 99075  99701     ** nVector-1. */
................................................................................
 99107  99733     ** sequence of comparisons.
 99108  99734     **
 99109  99735     ** This is step (1) in the in-operator.md optimized algorithm.
 99110  99736     */
 99111  99737     if( eType==IN_INDEX_NOOP ){
 99112  99738       ExprList *pList = pExpr->x.pList;
 99113  99739       CollSeq *pColl = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
 99114         -    int labelOk = sqlite3VdbeMakeLabel(v);
        99740  +    int labelOk = sqlite3VdbeMakeLabel(pParse);
 99115  99741       int r2, regToFree;
 99116  99742       int regCkNull = 0;
 99117  99743       int ii;
 99118  99744       assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
 99119  99745       if( destIfNull!=destIfFalse ){
 99120  99746         regCkNull = sqlite3GetTempReg(pParse);
 99121  99747         sqlite3VdbeAddOp3(v, OP_BitAnd, rLhs, rLhs, regCkNull);
................................................................................
 99151  99777     /* Step 2: Check to see if the LHS contains any NULL columns.  If the
 99152  99778     ** LHS does contain NULLs then the result must be either FALSE or NULL.
 99153  99779     ** We will then skip the binary search of the RHS.
 99154  99780     */
 99155  99781     if( destIfNull==destIfFalse ){
 99156  99782       destStep2 = destIfFalse;
 99157  99783     }else{
 99158         -    destStep2 = destStep6 = sqlite3VdbeMakeLabel(v);
        99784  +    destStep2 = destStep6 = sqlite3VdbeMakeLabel(pParse);
 99159  99785     }
 99160  99786     for(i=0; i<nVector; i++){
 99161  99787       Expr *p = sqlite3VectorFieldSubexpr(pExpr->pLeft, i);
 99162  99788       if( sqlite3ExprCanBeNull(p) ){
 99163  99789         sqlite3VdbeAddOp2(v, OP_IsNull, rLhs+i, destStep2);
 99164  99790         VdbeCoverage(v);
 99165  99791       }
................................................................................
 99169  99795     ** of the RHS using the LHS as a probe.  If found, the result is
 99170  99796     ** true.
 99171  99797     */
 99172  99798     if( eType==IN_INDEX_ROWID ){
 99173  99799       /* In this case, the RHS is the ROWID of table b-tree and so we also
 99174  99800       ** know that the RHS is non-NULL.  Hence, we combine steps 3 and 4
 99175  99801       ** into a single opcode. */
 99176         -    sqlite3VdbeAddOp3(v, OP_SeekRowid, pExpr->iTable, destIfFalse, rLhs);
        99802  +    sqlite3VdbeAddOp3(v, OP_SeekRowid, iTab, destIfFalse, rLhs);
 99177  99803       VdbeCoverage(v);
 99178  99804       addrTruthOp = sqlite3VdbeAddOp0(v, OP_Goto);  /* Return True */
 99179  99805     }else{
 99180  99806       sqlite3VdbeAddOp4(v, OP_Affinity, rLhs, nVector, 0, zAff, nVector);
 99181  99807       if( destIfFalse==destIfNull ){
 99182  99808         /* Combine Step 3 and Step 5 into a single opcode */
 99183         -      sqlite3VdbeAddOp4Int(v, OP_NotFound, pExpr->iTable, destIfFalse,
        99809  +      sqlite3VdbeAddOp4Int(v, OP_NotFound, iTab, destIfFalse,
 99184  99810                              rLhs, nVector); VdbeCoverage(v);
 99185  99811         goto sqlite3ExprCodeIN_finished;
 99186  99812       }
 99187  99813       /* Ordinary Step 3, for the case where FALSE and NULL are distinct */
 99188         -    addrTruthOp = sqlite3VdbeAddOp4Int(v, OP_Found, pExpr->iTable, 0,
        99814  +    addrTruthOp = sqlite3VdbeAddOp4Int(v, OP_Found, iTab, 0,
 99189  99815                                         rLhs, nVector); VdbeCoverage(v);
 99190  99816     }
 99191  99817   
 99192  99818     /* Step 4.  If the RHS is known to be non-NULL and we did not find
 99193  99819     ** an match on the search above, then the result must be FALSE.
 99194  99820     */
 99195  99821     if( rRhsHasNull && nVector==1 ){
................................................................................
 99206  99832     ** If any comparison is NULL, then the result is NULL.  If all
 99207  99833     ** comparisons are FALSE then the final result is FALSE.
 99208  99834     **
 99209  99835     ** For a scalar LHS, it is sufficient to check just the first row
 99210  99836     ** of the RHS.
 99211  99837     */
 99212  99838     if( destStep6 ) sqlite3VdbeResolveLabel(v, destStep6);
 99213         -  addrTop = sqlite3VdbeAddOp2(v, OP_Rewind, pExpr->iTable, destIfFalse);
        99839  +  addrTop = sqlite3VdbeAddOp2(v, OP_Rewind, iTab, destIfFalse);
 99214  99840     VdbeCoverage(v);
 99215  99841     if( nVector>1 ){
 99216         -    destNotNull = sqlite3VdbeMakeLabel(v);
        99842  +    destNotNull = sqlite3VdbeMakeLabel(pParse);
 99217  99843     }else{
 99218  99844       /* For nVector==1, combine steps 6 and 7 by immediately returning
 99219  99845       ** FALSE if the first comparison is not NULL */
 99220  99846       destNotNull = destIfFalse;
 99221  99847     }
 99222  99848     for(i=0; i<nVector; i++){
 99223  99849       Expr *p;
 99224  99850       CollSeq *pColl;
 99225  99851       int r3 = sqlite3GetTempReg(pParse);
 99226  99852       p = sqlite3VectorFieldSubexpr(pLeft, i);
 99227  99853       pColl = sqlite3ExprCollSeq(pParse, p);
 99228         -    sqlite3VdbeAddOp3(v, OP_Column, pExpr->iTable, i, r3);
        99854  +    sqlite3VdbeAddOp3(v, OP_Column, iTab, i, r3);
 99229  99855       sqlite3VdbeAddOp4(v, OP_Ne, rLhs+i, destNotNull, r3,
 99230  99856                         (void*)pColl, P4_COLLSEQ);
 99231  99857       VdbeCoverage(v);
 99232  99858       sqlite3ReleaseTempReg(pParse, r3);
 99233  99859     }
 99234  99860     sqlite3VdbeAddOp2(v, OP_Goto, 0, destIfNull);
 99235  99861     if( nVector>1 ){
 99236  99862       sqlite3VdbeResolveLabel(v, destNotNull);
 99237         -    sqlite3VdbeAddOp2(v, OP_Next, pExpr->iTable, addrTop+1);
        99863  +    sqlite3VdbeAddOp2(v, OP_Next, iTab, addrTop+1);
 99238  99864       VdbeCoverage(v);
 99239  99865   
 99240  99866       /* Step 7:  If we reach this point, we know that the result must
 99241  99867       ** be false. */
 99242  99868       sqlite3VdbeAddOp2(v, OP_Goto, 0, destIfFalse);
 99243  99869     }
 99244  99870   
................................................................................
 99429 100055       iResult = sqlite3ExprCodeTemp(pParse, p, piFreeable);
 99430 100056     }else{
 99431 100057       *piFreeable = 0;
 99432 100058       if( p->op==TK_SELECT ){
 99433 100059   #if SQLITE_OMIT_SUBQUERY
 99434 100060         iResult = 0;
 99435 100061   #else
 99436         -      iResult = sqlite3CodeSubselect(pParse, p, 0, 0);
       100062  +      iResult = sqlite3CodeSubselect(pParse, p);
 99437 100063   #endif
 99438 100064       }else{
 99439 100065         int i;
 99440 100066         iResult = pParse->nMem+1;
 99441 100067         pParse->nMem += nResult;
 99442 100068         for(i=0; i<nResult; i++){
 99443 100069           sqlite3ExprCodeFactorable(pParse, p->x.pList->a[i].pExpr, i+iResult);
................................................................................
 99774 100400         }
 99775 100401   
 99776 100402         /* Attempt a direct implementation of the built-in COALESCE() and
 99777 100403         ** IFNULL() functions.  This avoids unnecessary evaluation of
 99778 100404         ** arguments past the first non-NULL argument.
 99779 100405         */
 99780 100406         if( pDef->funcFlags & SQLITE_FUNC_COALESCE ){
 99781         -        int endCoalesce = sqlite3VdbeMakeLabel(v);
       100407  +        int endCoalesce = sqlite3VdbeMakeLabel(pParse);
 99782 100408           assert( nFarg>=2 );
 99783 100409           sqlite3ExprCode(pParse, pFarg->a[0].pExpr, target);
 99784 100410           for(i=1; i<nFarg; i++){
 99785 100411             sqlite3VdbeAddOp2(v, OP_NotNull, target, endCoalesce);
 99786 100412             VdbeCoverage(v);
 99787 100413             sqlite3ExprCode(pParse, pFarg->a[i].pExpr, target);
 99788 100414           }
................................................................................
 99903 100529       case TK_SELECT: {
 99904 100530         int nCol;
 99905 100531         testcase( op==TK_EXISTS );
 99906 100532         testcase( op==TK_SELECT );
 99907 100533         if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){
 99908 100534           sqlite3SubselectError(pParse, nCol, 1);
 99909 100535         }else{
 99910         -        return sqlite3CodeSubselect(pParse, pExpr, 0, 0);
       100536  +        return sqlite3CodeSubselect(pParse, pExpr);
 99911 100537         }
 99912 100538         break;
 99913 100539       }
 99914 100540       case TK_SELECT_COLUMN: {
 99915 100541         int n;
 99916 100542         if( pExpr->pLeft->iTable==0 ){
 99917         -        pExpr->pLeft->iTable = sqlite3CodeSubselect(pParse, pExpr->pLeft, 0, 0);
       100543  +        pExpr->pLeft->iTable = sqlite3CodeSubselect(pParse, pExpr->pLeft);
 99918 100544         }
 99919 100545         assert( pExpr->iTable==0 || pExpr->pLeft->op==TK_SELECT );
 99920 100546         if( pExpr->iTable
 99921 100547          && pExpr->iTable!=(n = sqlite3ExprVectorSize(pExpr->pLeft)) 
 99922 100548         ){
 99923 100549           sqlite3ErrorMsg(pParse, "%d columns assigned %d values",
 99924 100550                                   pExpr->iTable, n);
 99925 100551         }
 99926 100552         return pExpr->pLeft->iTable + pExpr->iColumn;
 99927 100553       }
 99928 100554       case TK_IN: {
 99929         -      int destIfFalse = sqlite3VdbeMakeLabel(v);
 99930         -      int destIfNull = sqlite3VdbeMakeLabel(v);
       100555  +      int destIfFalse = sqlite3VdbeMakeLabel(pParse);
       100556  +      int destIfNull = sqlite3VdbeMakeLabel(pParse);
 99931 100557         sqlite3VdbeAddOp2(v, OP_Null, 0, target);
 99932 100558         sqlite3ExprCodeIN(pParse, pExpr, destIfFalse, destIfNull);
 99933 100559         sqlite3VdbeAddOp2(v, OP_Integer, 1, target);
 99934 100560         sqlite3VdbeResolveLabel(v, destIfFalse);
 99935 100561         sqlite3VdbeAddOp2(v, OP_AddImm, target, 0);
 99936 100562         sqlite3VdbeResolveLabel(v, destIfNull);
 99937 100563         return target;
................................................................................
100063 100689         Expr *pTest = 0;                  /* X==Ei (form A) or just Ei (form B) */
100064 100690   
100065 100691         assert( !ExprHasProperty(pExpr, EP_xIsSelect) && pExpr->x.pList );
100066 100692         assert(pExpr->x.pList->nExpr > 0);
100067 100693         pEList = pExpr->x.pList;
100068 100694         aListelem = pEList->a;
100069 100695         nExpr = pEList->nExpr;
100070         -      endLabel = sqlite3VdbeMakeLabel(v);
       100696  +      endLabel = sqlite3VdbeMakeLabel(pParse);
100071 100697         if( (pX = pExpr->pLeft)!=0 ){
100072         -        tempX = *pX;
       100698  +        exprNodeCopy(&tempX, pX);
100073 100699           testcase( pX->op==TK_COLUMN );
100074 100700           exprToRegister(&tempX, exprCodeVector(pParse, &tempX, &regFree1));
100075 100701           testcase( regFree1==0 );
100076 100702           memset(&opCompare, 0, sizeof(opCompare));
100077 100703           opCompare.op = TK_EQ;
100078 100704           opCompare.pLeft = &tempX;
100079 100705           pTest = &opCompare;
................................................................................
100086 100712         for(i=0; i<nExpr-1; i=i+2){
100087 100713           if( pX ){
100088 100714             assert( pTest!=0 );
100089 100715             opCompare.pRight = aListelem[i].pExpr;
100090 100716           }else{
100091 100717             pTest = aListelem[i].pExpr;
100092 100718           }
100093         -        nextCase = sqlite3VdbeMakeLabel(v);
       100719  +        nextCase = sqlite3VdbeMakeLabel(pParse);
100094 100720           testcase( pTest->op==TK_COLUMN );
100095 100721           sqlite3ExprIfFalse(pParse, pTest, nextCase, SQLITE_JUMPIFNULL);
100096 100722           testcase( aListelem[i+1].pExpr->op==TK_COLUMN );
100097 100723           sqlite3ExprCode(pParse, aListelem[i+1].pExpr, target);
100098 100724           sqlite3VdbeGoto(v, endLabel);
100099 100725           sqlite3VdbeResolveLabel(v, nextCase);
100100 100726         }
................................................................................
100386 101012   ){
100387 101013    Expr exprAnd;     /* The AND operator in  x>=y AND x<=z  */
100388 101014     Expr compLeft;    /* The  x>=y  term */
100389 101015     Expr compRight;   /* The  x<=z  term */
100390 101016     Expr exprX;       /* The  x  subexpression */
100391 101017     int regFree1 = 0; /* Temporary use register */
100392 101018   
100393         -
100394 101019     memset(&compLeft, 0, sizeof(Expr));
100395 101020     memset(&compRight, 0, sizeof(Expr));
100396 101021     memset(&exprAnd, 0, sizeof(Expr));
100397 101022   
100398 101023     assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
100399         -  exprX = *pExpr->pLeft;
       101024  +  exprNodeCopy(&exprX, pExpr->pLeft);
100400 101025     exprAnd.op = TK_AND;
100401 101026     exprAnd.pLeft = &compLeft;
100402 101027     exprAnd.pRight = &compRight;
100403 101028     compLeft.op = TK_GE;
100404 101029     compLeft.pLeft = &exprX;
100405 101030     compLeft.pRight = pExpr->x.pList->a[0].pExpr;
100406 101031     compRight.op = TK_LE;
................................................................................
100455 101080   
100456 101081     assert( jumpIfNull==SQLITE_JUMPIFNULL || jumpIfNull==0 );
100457 101082     if( NEVER(v==0) )     return;  /* Existence of VDBE checked by caller */
100458 101083     if( NEVER(pExpr==0) ) return;  /* No way this can happen */
100459 101084     op = pExpr->op;
100460 101085     switch( op ){
100461 101086       case TK_AND: {
100462         -      int d2 = sqlite3VdbeMakeLabel(v);
       101087  +      int d2 = sqlite3VdbeMakeLabel(pParse);
100463 101088         testcase( jumpIfNull==0 );
100464 101089         sqlite3ExprIfFalse(pParse, pExpr->pLeft, d2,jumpIfNull^SQLITE_JUMPIFNULL);
100465 101090         sqlite3ExprIfTrue(pParse, pExpr->pRight, dest, jumpIfNull);
100466 101091         sqlite3VdbeResolveLabel(v, d2);
100467 101092         break;
100468 101093       }
100469 101094       case TK_OR: {
................................................................................
100541 101166       case TK_BETWEEN: {
100542 101167         testcase( jumpIfNull==0 );
100543 101168         exprCodeBetween(pParse, pExpr, dest, sqlite3ExprIfTrue, jumpIfNull);
100544 101169         break;
100545 101170       }
100546 101171   #ifndef SQLITE_OMIT_SUBQUERY
100547 101172       case TK_IN: {
100548         -      int destIfFalse = sqlite3VdbeMakeLabel(v);
       101173  +      int destIfFalse = sqlite3VdbeMakeLabel(pParse);
100549 101174         int destIfNull = jumpIfNull ? dest : destIfFalse;
100550 101175         sqlite3ExprCodeIN(pParse, pExpr, destIfFalse, destIfNull);
100551 101176         sqlite3VdbeGoto(v, dest);
100552 101177         sqlite3VdbeResolveLabel(v, destIfFalse);
100553 101178         break;
100554 101179       }
100555 101180   #endif
................................................................................
100628 101253       case TK_AND: {
100629 101254         testcase( jumpIfNull==0 );
100630 101255         sqlite3ExprIfFalse(pParse, pExpr->pLeft, dest, jumpIfNull);
100631 101256         sqlite3ExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
100632 101257         break;
100633 101258       }
100634 101259       case TK_OR: {
100635         -      int d2 = sqlite3VdbeMakeLabel(v);
       101260  +      int d2 = sqlite3VdbeMakeLabel(pParse);
100636 101261         testcase( jumpIfNull==0 );
100637 101262         sqlite3ExprIfTrue(pParse, pExpr->pLeft, d2, jumpIfNull^SQLITE_JUMPIFNULL);
100638 101263         sqlite3ExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
100639 101264         sqlite3VdbeResolveLabel(v, d2);
100640 101265         break;
100641 101266       }
100642 101267       case TK_NOT: {
................................................................................
100712 101337         break;
100713 101338       }
100714 101339   #ifndef SQLITE_OMIT_SUBQUERY
100715 101340       case TK_IN: {
100716 101341         if( jumpIfNull ){
100717 101342           sqlite3ExprCodeIN(pParse, pExpr, dest, dest);
100718 101343         }else{
100719         -        int destIfNull = sqlite3VdbeMakeLabel(v);
       101344  +        int destIfNull = sqlite3VdbeMakeLabel(pParse);
100720 101345           sqlite3ExprCodeIN(pParse, pExpr, dest, destIfNull);
100721 101346           sqlite3VdbeResolveLabel(v, destIfNull);
100722 101347         }
100723 101348         break;
100724 101349       }
100725 101350   #endif
100726 101351       default: {
................................................................................
100833 101458     combinedFlags = pA->flags | pB->flags;
100834 101459     if( combinedFlags & EP_IntValue ){
100835 101460       if( (pA->flags&pB->flags&EP_IntValue)!=0 && pA->u.iValue==pB->u.iValue ){
100836 101461         return 0;
100837 101462       }
100838 101463       return 2;
100839 101464     }
100840         -  if( pA->op!=pB->op ){
       101465  +  if( pA->op!=pB->op || pA->op==TK_RAISE ){
100841 101466       if( pA->op==TK_COLLATE && sqlite3ExprCompare(pParse, pA->pLeft,pB,iTab)<2 ){
100842 101467         return 1;
100843 101468       }
100844 101469       if( pB->op==TK_COLLATE && sqlite3ExprCompare(pParse, pA,pB->pLeft,iTab)<2 ){
100845 101470         return 1;
100846 101471       }
100847 101472       return 2;
................................................................................
100859 101484         ** if we reach this point, either A and B both window functions or
100860 101485         ** neither are a window functions. */
100861 101486         assert( ExprHasProperty(pA,EP_WinFunc)==ExprHasProperty(pB,EP_WinFunc) );
100862 101487         if( ExprHasProperty(pA,EP_WinFunc) ){
100863 101488           if( sqlite3WindowCompare(pParse,pA->y.pWin,pB->y.pWin)!=0 ) return 2;
100864 101489         }
100865 101490   #endif
       101491  +    }else if( pA->op==TK_NULL ){
       101492  +      return 0;
100866 101493       }else if( pA->op==TK_COLLATE ){
100867 101494         if( sqlite3_stricmp(pA->u.zToken,pB->u.zToken)!=0 ) return 2;
100868         -    }else if( strcmp(pA->u.zToken,pB->u.zToken)!=0 ){
       101495  +    }else if( ALWAYS(pB->u.zToken!=0) && strcmp(pA->u.zToken,pB->u.zToken)!=0 ){
100869 101496         return 2;
100870 101497       }
100871 101498     }
100872 101499     if( (pA->flags & EP_Distinct)!=(pB->flags & EP_Distinct) ) return 2;
100873         -  if( ALWAYS((combinedFlags & EP_TokenOnly)==0) ){
       101500  +  if( (combinedFlags & EP_TokenOnly)==0 ){
100874 101501       if( combinedFlags & EP_xIsSelect ) return 2;
100875 101502       if( (combinedFlags & EP_FixedCol)==0
100876 101503        && sqlite3ExprCompare(pParse, pA->pLeft, pB->pLeft, iTab) ) return 2;
100877 101504       if( sqlite3ExprCompare(pParse, pA->pRight, pB->pRight, iTab) ) return 2;
100878 101505       if( sqlite3ExprListCompare(pA->x.pList, pB->x.pList, iTab) ) return 2;
100879         -    assert( (combinedFlags & EP_Reduced)==0 );
100880         -    if( pA->op!=TK_STRING && pA->op!=TK_TRUEFALSE ){
       101506  +    if( pA->op!=TK_STRING
       101507  +     && pA->op!=TK_TRUEFALSE
       101508  +     && (combinedFlags & EP_Reduced)==0
       101509  +    ){
100881 101510         if( pA->iColumn!=pB->iColumn ) return 2;
100882 101511         if( pA->iTable!=pB->iTable 
100883 101512          && (pA->iTable!=iTab || NEVER(pB->iTable>=0)) ) return 2;
100884 101513       }
100885 101514     }
100886 101515     return 0;
100887 101516   }
................................................................................
100982 101611     testcase( pExpr->op==TK_AGG_COLUMN );
100983 101612     testcase( pExpr->op==TK_AGG_FUNCTION );
100984 101613     if( ExprHasProperty(pExpr, EP_FromJoin) ) return WRC_Prune;
100985 101614     switch( pExpr->op ){
100986 101615       case TK_ISNOT:
100987 101616       case TK_NOT:
100988 101617       case TK_ISNULL:
       101618  +    case TK_NOTNULL:
100989 101619       case TK_IS:
100990 101620       case TK_OR:
100991 101621       case TK_CASE:
100992 101622       case TK_IN:
100993 101623       case TK_FUNCTION:
100994 101624         testcase( pExpr->op==TK_ISNOT );
100995 101625         testcase( pExpr->op==TK_NOT );
100996 101626         testcase( pExpr->op==TK_ISNULL );
       101627  +      testcase( pExpr->op==TK_NOTNULL );
100997 101628         testcase( pExpr->op==TK_IS );
100998 101629         testcase( pExpr->op==TK_OR );
100999 101630         testcase( pExpr->op==TK_CASE );
101000 101631         testcase( pExpr->op==TK_IN );
101001 101632         testcase( pExpr->op==TK_FUNCTION );
101002 101633         return WRC_Prune;
101003 101634       case TK_COLUMN:
................................................................................
101363 101994   SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext *pNC, Expr *pExpr){
101364 101995     Walker w;
101365 101996     w.xExprCallback = analyzeAggregate;
101366 101997     w.xSelectCallback = analyzeAggregatesInSelect;
101367 101998     w.xSelectCallback2 = analyzeAggregatesInSelectEnd;
101368 101999     w.walkerDepth = 0;
101369 102000     w.u.pNC = pNC;
       102001  +  w.pParse = 0;
101370 102002     assert( pNC->pSrcList!=0 );
101371 102003     sqlite3WalkExpr(&w, pExpr);
101372 102004   }
101373 102005   
101374 102006   /*
101375 102007   ** Call sqlite3ExprAnalyzeAggregates() for every expression in an
101376 102008   ** expression list.  Return the number of errors.
................................................................................
101494 102126   ** Parameter zName is the name of a table that is about to be altered
101495 102127   ** (either with ALTER TABLE ... RENAME TO or ALTER TABLE ... ADD COLUMN).
101496 102128   ** If the table is a system table, this function leaves an error message
101497 102129   ** in pParse->zErr (system tables may not be altered) and returns non-zero.
101498 102130   **
101499 102131   ** Or, if zName is not a system table, zero is returned.
101500 102132   */
101501         -static int isSystemTable(Parse *pParse, const char *zName){
101502         -  if( 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
101503         -    sqlite3ErrorMsg(pParse, "table %s may not be altered", zName);
       102133  +static int isAlterableTable(Parse *pParse, Table *pTab){
       102134  +  if( 0==sqlite3StrNICmp(pTab->zName, "sqlite_", 7) 
       102135  +#ifndef SQLITE_OMIT_VIRTUALTABLE
       102136  +   || ( (pTab->tabFlags & TF_Shadow) 
       102137  +     && (pParse->db->flags & SQLITE_Defensive)
       102138  +     && pParse->db->nVdbeExec==0
       102139  +   )
       102140  +#endif
       102141  +  ){
       102142  +    sqlite3ErrorMsg(pParse, "table %s may not be altered", pTab->zName);
101504 102143       return 1;
101505 102144     }
101506 102145     return 0;
101507 102146   }
101508 102147   
101509 102148   /*
101510 102149   ** Generate code to verify that the schemas of database zDb and, if
................................................................................
101592 102231           "there is already another table or index with this name: %s", zName);
101593 102232       goto exit_rename_table;
101594 102233     }
101595 102234   
101596 102235     /* Make sure it is not a system table being altered, or a reserved name
101597 102236     ** that the table is being renamed to.
101598 102237     */
101599         -  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
       102238  +  if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
101600 102239       goto exit_rename_table;
101601 102240     }
101602 102241     if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){ goto
101603 102242       exit_rename_table;
101604 102243     }
101605 102244   
101606 102245   #ifndef SQLITE_OMIT_VIEW
................................................................................
101890 102529   #endif
101891 102530   
101892 102531     /* Make sure this is not an attempt to ALTER a view. */
101893 102532     if( pTab->pSelect ){
101894 102533       sqlite3ErrorMsg(pParse, "Cannot add a column to a view");
101895 102534       goto exit_begin_add_column;
101896 102535     }
101897         -  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
       102536  +  if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
101898 102537       goto exit_begin_add_column;
101899 102538     }
101900 102539   
101901 102540     assert( pTab->addColOffset>0 );
101902 102541     iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
101903 102542   
101904 102543     /* Put a copy of the Table struct in Parse.pNewTable for the
................................................................................
101992 102631     int bQuote;                     /* True to quote the new name */
101993 102632   
101994 102633     /* Locate the table to be altered */
101995 102634     pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]);
101996 102635     if( !pTab ) goto exit_rename_column;
101997 102636   
101998 102637     /* Cannot alter a system table */
101999         -  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ) goto exit_rename_column;
       102638  +  if( SQLITE_OK!=isAlterableTable(pParse, pTab) ) goto exit_rename_column;
102000 102639     if( SQLITE_OK!=isRealTable(pParse, pTab) ) goto exit_rename_column;
102001 102640   
102002 102641     /* Which schema holds the table to be altered */  
102003 102642     iSchema = sqlite3SchemaToIndex(db, pTab->pSchema);
102004 102643     assert( iSchema>=0 );
102005 102644     zDb = db->aDb[iSchema].zDbSName;
102006 102645   
................................................................................
102245 102884         pToken->pNext = pCtx->pList;
102246 102885         pCtx->pList = pToken;
102247 102886         pCtx->nList++;
102248 102887         break;
102249 102888       }
102250 102889     }
102251 102890   }
       102891  +
       102892  +/*
       102893  +** Iterate through the Select objects that are part of WITH clauses attached
       102894  +** to select statement pSelect.
       102895  +*/
       102896  +static void renameWalkWith(Walker *pWalker, Select *pSelect){
       102897  +  if( pSelect->pWith ){
       102898  +    int i;
       102899  +    for(i=0; i<pSelect->pWith->nCte; i++){
       102900  +      Select *p = pSelect->pWith->a[i].pSelect;
       102901  +      NameContext sNC;
       102902  +      memset(&sNC, 0, sizeof(sNC));
       102903  +      sNC.pParse = pWalker->pParse;
       102904  +      sqlite3SelectPrep(sNC.pParse, p, &sNC);
       102905  +      sqlite3WalkSelect(pWalker, p);
       102906  +    }
       102907  +  }
       102908  +}
102252 102909   
102253 102910   /*
102254 102911   ** This is a Walker select callback. It does nothing. It is only required
102255 102912   ** because without a dummy callback, sqlite3WalkExpr() and similar do not
102256 102913   ** descend into sub-select statements.
102257 102914   */
102258 102915   static int renameColumnSelectCb(Walker *pWalker, Select *p){
102259         -  UNUSED_PARAMETER(pWalker);
102260         -  UNUSED_PARAMETER(p);
       102916  +  renameWalkWith(pWalker, p);
102261 102917     return WRC_Continue;
102262 102918   }
102263 102919   
102264 102920   /*
102265 102921   ** This is a Walker expression callback.
102266 102922   **
102267 102923   ** For every TK_COLUMN node in the expression tree, search to see
................................................................................
102403 103059     memset(p, 0, sizeof(Parse));
102404 103060     p->eParseMode = (bTable ? PARSE_MODE_RENAME_TABLE : PARSE_MODE_RENAME_COLUMN);
102405 103061     p->db = db;
102406 103062     p->nQueryLoop = 1;
102407 103063     rc = sqlite3RunParser(p, zSql, &zErr);
102408 103064     assert( p->zErrMsg==0 );
102409 103065     assert( rc!=SQLITE_OK || zErr==0 );
102410         -  assert( (0!=p->pNewTable) + (0!=p->pNewIndex) + (0!=p->pNewTrigger)<2 );
102411 103066     p->zErrMsg = zErr;
102412 103067     if( db->mallocFailed ) rc = SQLITE_NOMEM;
102413 103068     if( rc==SQLITE_OK 
102414 103069      && p->pNewTable==0 && p->pNewIndex==0 && p->pNewTrigger==0 
102415 103070     ){
102416 103071       rc = SQLITE_CORRUPT_BKPT;
102417 103072     }
................................................................................
102586 103241               rc = sqlite3ResolveExprNames(&sNC, pUpsert->pUpsertWhere);
102587 103242             }
102588 103243             if( rc==SQLITE_OK ){
102589 103244               rc = sqlite3ResolveExprNames(&sNC, pUpsert->pUpsertTargetWhere);
102590 103245             }
102591 103246             sNC.ncFlags = 0;
102592 103247           }
       103248  +        sNC.pSrcList = 0;
102593 103249         }
102594 103250       }
102595 103251     }
102596 103252     return rc;
102597 103253   }
102598 103254   
102599 103255   /*
................................................................................
102623 103279   
102624 103280   /*
102625 103281   ** Free the contents of Parse object (*pParse). Do not free the memory
102626 103282   ** occupied by the Parse object itself.
102627 103283   */
102628 103284   static void renameParseCleanup(Parse *pParse){
102629 103285     sqlite3 *db = pParse->db;
       103286  +  Index *pIdx;
102630 103287     if( pParse->pVdbe ){
102631 103288       sqlite3VdbeFinalize(pParse->pVdbe);
102632 103289     }
102633 103290     sqlite3DeleteTable(db, pParse->pNewTable);
102634         -  if( pParse->pNewIndex ) sqlite3FreeIndex(db, pParse->pNewIndex);
       103291  +  while( (pIdx = pParse->pNewIndex)!=0 ){
       103292  +    pParse->pNewIndex = pIdx->pNext;
       103293  +    sqlite3FreeIndex(db, pIdx);
       103294  +  }
102635 103295     sqlite3DeleteTrigger(db, pParse->pNewTrigger);
102636 103296     sqlite3DbFree(db, pParse->zErrMsg);
102637 103297     renameTokenFree(db, pParse->pRename);
102638 103298     sqlite3ParserReset(pParse);
102639 103299   }
102640 103300   
102641 103301   /*
................................................................................
102738 103398           if( sCtx.iCol<0 ){
102739 103399             renameTokenFind(&sParse, &sCtx, (void*)&sParse.pNewTable->iPKey);
102740 103400           }
102741 103401           sqlite3WalkExprList(&sWalker, sParse.pNewTable->pCheck);
102742 103402           for(pIdx=sParse.pNewTable->pIndex; pIdx; pIdx=pIdx->pNext){
102743 103403             sqlite3WalkExprList(&sWalker, pIdx->aColExpr);
102744 103404           }
       103405  +        for(pIdx=sParse.pNewIndex; pIdx; pIdx=pIdx->pNext){
       103406  +          sqlite3WalkExprList(&sWalker, pIdx->aColExpr);
       103407  +        }
102745 103408         }
102746 103409   
102747 103410         for(pFKey=sParse.pNewTable->pFKey; pFKey; pFKey=pFKey->pNextFrom){
102748 103411           for(i=0; i<pFKey->nCol; i++){
102749 103412             if( bFKOnly==0 && pFKey->aCol[i].iFrom==iCol ){
102750 103413               renameTokenFind(&sParse, &sCtx, (void*)&pFKey->aCol[i]);
102751 103414             }
................................................................................
102824 103487   /*
102825 103488   ** Walker select callback used by "RENAME TABLE". 
102826 103489   */
102827 103490   static int renameTableSelectCb(Walker *pWalker, Select *pSelect){
102828 103491     int i;
102829 103492     RenameCtx *p = pWalker->u.pRename;
102830 103493     SrcList *pSrc = pSelect->pSrc;
       103494  +  if( pSrc==0 ){
       103495  +    assert( pWalker->pParse->db->mallocFailed );
       103496  +    return WRC_Abort;
       103497  +  }
102831 103498     for(i=0; i<pSrc->nSrc; i++){
102832 103499       struct SrcList_item *pItem = &pSrc->a[i];
102833 103500       if( pItem->pTab==p->pTab ){
102834 103501         renameTokenFind(pWalker->pParse, p, pItem->zName);
102835 103502       }
102836 103503     }
       103504  +  renameWalkWith(pWalker, pSelect);
102837 103505   
102838 103506     return WRC_Continue;
102839 103507   }
102840 103508   
102841 103509   
102842 103510   /*
102843 103511   ** This C function implements an SQL user function that is used by SQL code
................................................................................
104231 104899       */
104232 104900       addrRewind = sqlite3VdbeAddOp1(v, OP_Rewind, iIdxCur);
104233 104901       VdbeCoverage(v);
104234 104902       sqlite3VdbeAddOp2(v, OP_Integer, 0, regChng);
104235 104903       addrNextRow = sqlite3VdbeCurrentAddr(v);
104236 104904   
104237 104905       if( nColTest>0 ){
104238         -      int endDistinctTest = sqlite3VdbeMakeLabel(v);
       104906  +      int endDistinctTest = sqlite3VdbeMakeLabel(pParse);
104239 104907         int *aGotoChng;               /* Array of jump instruction addresses */
104240 104908         aGotoChng = sqlite3DbMallocRawNN(db, sizeof(int)*nColTest);
104241 104909         if( aGotoChng==0 ) continue;
104242 104910   
104243 104911         /*
104244 104912         **  next_row:
104245 104913         **   regChng = 0
................................................................................
105169 105837         sqlite3_result_error(context, zErr, -1);
105170 105838         sqlite3_free(zErr);
105171 105839         return;
105172 105840       }
105173 105841       assert( pVfs );
105174 105842       flags |= SQLITE_OPEN_MAIN_DB;
105175 105843       rc = sqlite3BtreeOpen(pVfs, zPath, db, &pNew->pBt, 0, flags);
105176         -    sqlite3_free( zPath );
105177 105844       db->nDb++;
       105845  +    pNew->zDbSName = sqlite3DbStrDup(db, zName);
105178 105846     }
105179 105847     db->noSharedCache = 0;
105180 105848     if( rc==SQLITE_CONSTRAINT ){
105181 105849       rc = SQLITE_ERROR;
105182 105850       zErrDyn = sqlite3MPrintf(db, "database is already attached");
105183 105851     }else if( rc==SQLITE_OK ){
105184 105852       Pager *pPager;
................................................................................
105198 105866   #ifndef SQLITE_OMIT_PAGER_PRAGMAS
105199 105867       sqlite3BtreeSetPagerFlags(pNew->pBt,
105200 105868                         PAGER_SYNCHRONOUS_FULL | (db->flags & PAGER_FLAGS_MASK));
105201 105869   #endif
105202 105870       sqlite3BtreeLeave(pNew->pBt);
105203 105871     }
105204 105872     pNew->safety_level = SQLITE_DEFAULT_SYNCHRONOUS+1;
105205         -  if( !REOPEN_AS_MEMDB(db) ) pNew->zDbSName = sqlite3DbStrDup(db, zName);
105206 105873     if( rc==SQLITE_OK && pNew->zDbSName==0 ){
105207 105874       rc = SQLITE_NOMEM_BKPT;
105208 105875     }
105209 105876   
105210 105877   
105211 105878   #ifdef SQLITE_HAS_CODEC
105212 105879     if( rc==SQLITE_OK ){
................................................................................
105226 105893         case SQLITE_BLOB:
105227 105894           nKey = sqlite3_value_bytes(argv[2]);
105228 105895           zKey = (char *)sqlite3_value_blob(argv[2]);
105229 105896           rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
105230 105897           break;
105231 105898   
105232 105899         case SQLITE_NULL:
105233         -        /* No key specified.  Use the key from the main database */
105234         -        sqlite3CodecGetKey(db, 0, (void**)&zKey, &nKey);
105235         -        if( nKey || sqlite3BtreeGetOptimalReserve(db->aDb[0].pBt)>0 ){
105236         -          rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
       105900  +        /* No key specified.  Use the key from URI filename, or if none,
       105901  +        ** use the key from the main database. */
       105902  +        if( sqlite3CodecQueryParameters(db, zName, zPath)==0 ){
       105903  +          sqlite3CodecGetKey(db, 0, (void**)&zKey, &nKey);
       105904  +          if( nKey || sqlite3BtreeGetOptimalReserve(db->aDb[0].pBt)>0 ){
       105905  +            rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
       105906  +          }
105237 105907           }
105238 105908           break;
105239 105909       }
105240 105910     }
105241 105911   #endif
       105912  +  sqlite3_free( zPath );
105242 105913   
105243 105914     /* If the file was opened successfully, read the schema for the new database.
105244 105915     ** If this fails, or if opening the file failed, then close the file and 
105245 105916     ** remove the entry from the db->aDb[] array. i.e. put everything back the
105246 105917     ** way we found it.
105247 105918     */
105248 105919     if( rc==SQLITE_OK ){
................................................................................
106146 106817   
106147 106818   
106148 106819     /* Get the VDBE program ready for execution
106149 106820     */
106150 106821     if( v && pParse->nErr==0 && !db->mallocFailed ){
106151 106822       /* A minimum of one cursor is required if autoincrement is used
106152 106823       *  See ticket [a696379c1f08866] */
106153         -    if( pParse->pAinc!=0 && pParse->nTab==0 ) pParse->nTab = 1;
       106824  +    assert( pParse->pAinc==0 || pParse->nTab>0 );
106154 106825       sqlite3VdbeMakeReady(v, pParse);
106155 106826       pParse->rc = SQLITE_DONE;
106156 106827     }else{
106157 106828       pParse->rc = SQLITE_ERROR;
106158 106829     }
106159 106830   }
106160 106831   
................................................................................
106273 106944      && SQLITE_OK!=sqlite3ReadSchema(pParse)
106274 106945     ){
106275 106946       return 0;
106276 106947     }
106277 106948   
106278 106949     p = sqlite3FindTable(db, zName, zDbase);
106279 106950     if( p==0 ){
106280         -    const char *zMsg = flags & LOCATE_VIEW ? "no such view" : "no such table";
106281 106951   #ifndef SQLITE_OMIT_VIRTUALTABLE
106282 106952       /* If zName is the not the name of a table in the schema created using
106283 106953       ** CREATE, then check to see if it is the name of an virtual table that
106284 106954       ** can be an eponymous virtual table. */
106285         -    Module *pMod = (Module*)sqlite3HashFind(&db->aModule, zName);
106286         -    if( pMod==0 && sqlite3_strnicmp(zName, "pragma_", 7)==0 ){
106287         -      pMod = sqlite3PragmaVtabRegister(db, zName);
106288         -    }
106289         -    if( pMod && sqlite3VtabEponymousTableInit(pParse, pMod) ){
106290         -      return pMod->pEpoTab;
       106955  +    if( pParse->disableVtab==0 ){
       106956  +      Module *pMod = (Module*)sqlite3HashFind(&db->aModule, zName);
       106957  +      if( pMod==0 && sqlite3_strnicmp(zName, "pragma_", 7)==0 ){
       106958  +        pMod = sqlite3PragmaVtabRegister(db, zName);
       106959  +      }
       106960  +      if( pMod && sqlite3VtabEponymousTableInit(pParse, pMod) ){
       106961  +        return pMod->pEpoTab;
       106962  +      }
106291 106963       }
106292 106964   #endif
106293         -    if( (flags & LOCATE_NOERR)==0 ){
106294         -      if( zDbase ){
106295         -        sqlite3ErrorMsg(pParse, "%s: %s.%s", zMsg, zDbase, zName);
106296         -      }else{
106297         -        sqlite3ErrorMsg(pParse, "%s: %s", zMsg, zName);
106298         -      }
106299         -      pParse->checkSchema = 1;
       106965  +    if( flags & LOCATE_NOERR ) return 0;
       106966  +    pParse->checkSchema = 1;
       106967  +  }else if( IsVirtual(p) && pParse->disableVtab ){
       106968  +    p = 0;
       106969  +  }
       106970  +
       106971  +  if( p==0 ){
       106972  +    const char *zMsg = flags & LOCATE_VIEW ? "no such view" : "no such table";
       106973  +    if( zDbase ){
       106974  +      sqlite3ErrorMsg(pParse, "%s: %s.%s", zMsg, zDbase, zName);
       106975  +    }else{
       106976  +      sqlite3ErrorMsg(pParse, "%s: %s", zMsg, zName);
106300 106977       }
106301 106978     }
106302 106979   
106303 106980     return p;
106304 106981   }
106305 106982   
106306 106983   /*
................................................................................
106555 107232     }
106556 107233   
106557 107234     /* Delete any foreign keys attached to this table. */
106558 107235     sqlite3FkDelete(db, pTable);
106559 107236   
106560 107237     /* Delete the Table structure itself.
106561 107238     */
106562         -#ifdef SQLITE_ENABLE_NORMALIZE
106563         -  if( pTable->pColHash ){
106564         -    sqlite3HashClear(pTable->pColHash);
106565         -    sqlite3_free(pTable->pColHash);
106566         -  }
106567         -#endif
106568 107239     sqlite3DeleteColumnNames(db, pTable);
106569 107240     sqlite3DbFree(db, pTable->zName);
106570 107241     sqlite3DbFree(db, pTable->zColAff);
106571 107242     sqlite3SelectDelete(db, pTable->pSelect);
106572 107243     sqlite3ExprListDelete(db, pTable->pCheck);
106573 107244   #ifndef SQLITE_OMIT_VIRTUALTABLE
106574 107245     sqlite3VtabClear(db, pTable);
................................................................................
108557 109228     }
108558 109229   
108559 109230     /* Remove the table entry from SQLite's internal schema and modify
108560 109231     ** the schema cookie.
108561 109232     */
108562 109233     if( IsVirtual(pTab) ){
108563 109234       sqlite3VdbeAddOp4(v, OP_VDestroy, iDb, 0, 0, pTab->zName, 0);
       109235  +    sqlite3MayAbort(pParse);
108564 109236     }
108565 109237     sqlite3VdbeAddOp4(v, OP_DropTable, iDb, 0, 0, pTab->zName, 0);
108566 109238     sqlite3ChangeCookie(pParse, iDb);
108567 109239     sqliteViewResetAll(db, iDb);
108568 109240   }
108569 109241   
108570 109242   /*
................................................................................
109385 110057                   "conflicting ON CONFLICT clauses specified", 0);
109386 110058             }
109387 110059             if( pIdx->onError==OE_Default ){
109388 110060               pIdx->onError = pIndex->onError;
109389 110061             }
109390 110062           }
109391 110063           if( idxType==SQLITE_IDXTYPE_PRIMARYKEY ) pIdx->idxType = idxType;
       110064  +        if( IN_RENAME_OBJECT ){
       110065  +          pIndex->pNext = pParse->pNewIndex;
       110066  +          pParse->pNewIndex = pIndex;
       110067  +          pIndex = 0;
       110068  +        }
109392 110069           goto exit_create_index;
109393 110070         }
109394 110071       }
109395 110072     }
109396 110073   
109397 110074     if( !IN_RENAME_OBJECT ){
109398 110075   
................................................................................
109400 110077       ** in-memory database structures. 
109401 110078       */
109402 110079       assert( pParse->nErr==0 );
109403 110080       if( db->init.busy ){
109404 110081         Index *p;
109405 110082         assert( !IN_SPECIAL_PARSE );
109406 110083         assert( sqlite3SchemaMutexHeld(db, 0, pIndex->pSchema) );
       110084  +      if( pTblName!=0 ){
       110085  +        pIndex->tnum = db->init.newTnum;
       110086  +        if( sqlite3IndexHasDuplicateRootPage(pIndex) ){
       110087  +          sqlite3ErrorMsg(pParse, "invalid rootpage");
       110088  +          pParse->rc = SQLITE_CORRUPT_BKPT;
       110089  +          goto exit_create_index;
       110090  +        }
       110091  +      }
109407 110092         p = sqlite3HashInsert(&pIndex->pSchema->idxHash, 
109408 110093             pIndex->zName, pIndex);
109409 110094         if( p ){
109410 110095           assert( p==pIndex );  /* Malloc must have failed */
109411 110096           sqlite3OomFault(db);
109412 110097           goto exit_create_index;
109413 110098         }
109414 110099         db->mDbFlags |= DBFLAG_SchemaChange;
109415         -      if( pTblName!=0 ){
109416         -        pIndex->tnum = db->init.newTnum;
109417         -      }
109418 110100       }
109419 110101   
109420 110102       /* If this is the initial CREATE INDEX statement (or CREATE TABLE if the
109421 110103       ** index is an implied index for a UNIQUE or PRIMARY KEY constraint) then
109422 110104       ** emit code to allocate the index rootpage on disk and make an entry for
109423 110105       ** the index in the sqlite_master table and populate the index with
109424 110106       ** content.  But, do not do this if we are simply reading the sqlite_master
................................................................................
109736 110418     if( pList==0 ) return -1;
109737 110419     for(i=0; i<pList->nId; i++){
109738 110420       if( sqlite3StrICmp(pList->a[i].zName, zName)==0 ) return i;
109739 110421     }
109740 110422     return -1;
109741 110423   }
109742 110424   
       110425  +/*
       110426  +** Maximum size of a SrcList object.
       110427  +** The SrcList object is used to represent the FROM clause of a
       110428  +** SELECT statement, and the query planner cannot deal with more
       110429  +** than 64 tables in a join.  So any value larger than 64 here
       110430  +** is sufficient for most uses.  Smaller values, like say 10, are
       110431  +** appropriate for small and memory-limited applications.
       110432  +*/
       110433  +#ifndef SQLITE_MAX_SRCLIST
       110434  +# define SQLITE_MAX_SRCLIST 200
       110435  +#endif
       110436  +
109743 110437   /*
109744 110438   ** Expand the space allocated for the given SrcList object by
109745 110439   ** creating nExtra new slots beginning at iStart.  iStart is zero based.
109746 110440   ** New slots are zeroed.
109747 110441   **
109748 110442   ** For example, suppose a SrcList initially contains two entries: A,B.
109749 110443   ** To append 3 new entries onto the end, do this:
................................................................................
109752 110446   **
109753 110447   ** After the call above it would contain:  A, B, nil, nil, nil.
109754 110448   ** If the iStart argument had been 1 instead of 2, then the result
109755 110449   ** would have been:  A, nil, nil, nil, B.  To prepend the new slots,
109756 110450   ** the iStart value would be 0.  The result then would
109757 110451   ** be: nil, nil, nil, A, B.
109758 110452   **
109759         -** If a memory allocation fails the SrcList is unchanged.  The
109760         -** db->mallocFailed flag will be set to true.
       110453  +** If a memory allocation fails or the SrcList becomes too large, leave
       110454  +** the original SrcList unchanged, return NULL, and leave an error message
       110455  +** in pParse.
109761 110456   */
109762 110457   SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(
109763         -  sqlite3 *db,       /* Database connection to notify of OOM errors */
       110458  +  Parse *pParse,     /* Parsing context into which errors are reported */
109764 110459     SrcList *pSrc,     /* The SrcList to be enlarged */
109765 110460     int nExtra,        /* Number of new slots to add to pSrc->a[] */
109766 110461     int iStart         /* Index in pSrc->a[] of first new slot */
109767 110462   ){
109768 110463     int i;
109769 110464   
109770 110465     /* Sanity checking on calling parameters */
................................................................................
109773 110468     assert( pSrc!=0 );
109774 110469     assert( iStart<=pSrc->nSrc );
109775 110470   
109776 110471     /* Allocate additional space if needed */
109777 110472     if( (u32)pSrc->nSrc+nExtra>pSrc->nAlloc ){
109778 110473       SrcList *pNew;
109779 110474       int nAlloc = pSrc->nSrc*2+nExtra;
109780         -    int nGot;
       110475  +    sqlite3 *db = pParse->db;
       110476  +
       110477  +    if( pSrc->nSrc+nExtra>=SQLITE_MAX_SRCLIST ){
       110478  +      sqlite3ErrorMsg(pParse, "too many FROM clause terms, max: %d",
       110479  +                      SQLITE_MAX_SRCLIST);
       110480  +      return 0;
       110481  +    }
       110482  +    if( nAlloc>SQLITE_MAX_SRCLIST ) nAlloc = SQLITE_MAX_SRCLIST;
109781 110483       pNew = sqlite3DbRealloc(db, pSrc,
109782 110484                  sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) );
109783 110485       if( pNew==0 ){
109784 110486         assert( db->mallocFailed );
109785         -      return pSrc;
       110487  +      return 0;
109786 110488       }
109787 110489       pSrc = pNew;
109788         -    nGot = (sqlite3DbMallocSize(db, pNew) - sizeof(*pSrc))/sizeof(pSrc->a[0])+1;
109789         -    pSrc->nAlloc = nGot;
       110490  +    pSrc->nAlloc = nAlloc;
109790 110491     }
109791 110492   
109792 110493     /* Move existing slots that come after the newly inserted slots
109793 110494     ** out of the way */
109794 110495     for(i=pSrc->nSrc-1; i>=iStart; i--){
109795 110496       pSrc->a[i+nExtra] = pSrc->a[i];
109796 110497     }
................................................................................
109807 110508   }
109808 110509   
109809 110510   
109810 110511   /*
109811 110512   ** Append a new table name to the given SrcList.  Create a new SrcList if
109812 110513   ** need be.  A new entry is created in the SrcList even if pTable is NULL.
109813 110514   **
109814         -** A SrcList is returned, or NULL if there is an OOM error.  The returned
       110515  +** A SrcList is returned, or NULL if there is an OOM error or if the
       110516  +** SrcList grows to large.  The returned
109815 110517   ** SrcList might be the same as the SrcList that was input or it might be
109816 110518   ** a new one.  If an OOM error does occurs, then the prior value of pList
109817 110519   ** that is input to this routine is automatically freed.
109818 110520   **
109819 110521   ** If pDatabase is not null, it means that the table has an optional
109820 110522   ** database name prefix.  Like this:  "database.table".  The pDatabase
109821 110523   ** points to the table name and the pTable points to the database name.
................................................................................
109838 110540   **
109839 110541   **         sqlite3SrcListAppend(D,A,0,C);
109840 110542   **
109841 110543   ** Both pTable and pDatabase are assumed to be quoted.  They are dequoted
109842 110544   ** before being added to the SrcList.
109843 110545   */
109844 110546   SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(
109845         -  sqlite3 *db,        /* Connection to notify of malloc failures */
       110547  +  Parse *pParse,      /* Parsing context, in which errors are reported */
109846 110548     SrcList *pList,     /* Append to this SrcList. NULL creates a new SrcList */
109847 110549     Token *pTable,      /* Table to append */
109848 110550     Token *pDatabase    /* Database of the table */
109849 110551   ){
109850 110552     struct SrcList_item *pItem;
       110553  +  sqlite3 *db;
109851 110554     assert( pDatabase==0 || pTable!=0 );  /* Cannot have C without B */
109852         -  assert( db!=0 );
       110555  +  assert( pParse!=0 );
       110556  +  assert( pParse->db!=0 );
       110557  +  db = pParse->db;
109853 110558     if( pList==0 ){
109854         -    pList = sqlite3DbMallocRawNN(db, sizeof(SrcList) );
       110559  +    pList = sqlite3DbMallocRawNN(pParse->db, sizeof(SrcList) );
109855 110560       if( pList==0 ) return 0;
109856 110561       pList->nAlloc = 1;
109857 110562       pList->nSrc = 1;
109858 110563       memset(&pList->a[0], 0, sizeof(pList->a[0]));
109859 110564       pList->a[0].iCursor = -1;
109860 110565     }else{
109861         -    pList = sqlite3SrcListEnlarge(db, pList, 1, pList->nSrc);
109862         -  }
109863         -  if( db->mallocFailed ){
109864         -    sqlite3SrcListDelete(db, pList);
109865         -    return 0;
       110566  +    SrcList *pNew = sqlite3SrcListEnlarge(pParse, pList, 1, pList->nSrc);
       110567  +    if( pNew==0 ){
       110568  +      sqlite3SrcListDelete(db, pList);
       110569  +      return 0;
       110570  +    }else{
       110571  +      pList = pNew;
       110572  +    }
109866 110573     }
109867 110574     pItem = &pList->a[pList->nSrc-1];
109868 110575     if( pDatabase && pDatabase->z==0 ){
109869 110576       pDatabase = 0;
109870 110577     }
109871 110578     if( pDatabase ){
109872 110579       pItem->zName = sqlite3NameFromToken(db, pDatabase);
................................................................................
109947 110654     sqlite3 *db = pParse->db;
109948 110655     if( !p && (pOn || pUsing) ){
109949 110656       sqlite3ErrorMsg(pParse, "a JOIN clause is required before %s", 
109950 110657         (pOn ? "ON" : "USING")
109951 110658       );
109952 110659       goto append_from_error;
109953 110660     }
109954         -  p = sqlite3SrcListAppend(db, p, pTable, pDatabase);
       110661  +  p = sqlite3SrcListAppend(pParse, p, pTable, pDatabase);
109955 110662     if( p==0 ){
109956 110663       goto append_from_error;
109957 110664     }
109958 110665     assert( p->nSrc>0 );
109959 110666     pItem = &p->a[p->nSrc-1];
109960 110667     assert( (pTable==0)==(pDatabase==0) );
109961 110668     assert( pItem->zName==0 || pDatabase!=0 );
................................................................................
110336 111043   
110337 111044   /*
110338 111045   ** Recompute all indices of pTab that use the collating sequence pColl.
110339 111046   ** If pColl==0 then recompute all indices of pTab.
110340 111047   */
110341 111048   #ifndef SQLITE_OMIT_REINDEX
110342 111049   static void reindexTable(Parse *pParse, Table *pTab, char const *zColl){
110343         -  Index *pIndex;              /* An index associated with pTab */
       111050  +  if( !IsVirtual(pTab) ){
       111051  +    Index *pIndex;              /* An index associated with pTab */
110344 111052   
110345         -  for(pIndex=pTab->pIndex; pIndex; pIndex=pIndex->pNext){
110346         -    if( zColl==0 || collationMatch(zColl, pIndex) ){
110347         -      int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
110348         -      sqlite3BeginWriteOperation(pParse, 0, iDb);
110349         -      sqlite3RefillIndex(pParse, pIndex, -1);
       111053  +    for(pIndex=pTab->pIndex; pIndex; pIndex=pIndex->pNext){
       111054  +      if( zColl==0 || collationMatch(zColl, pIndex) ){
       111055  +        int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
       111056  +        sqlite3BeginWriteOperation(pParse, 0, iDb);
       111057  +        sqlite3RefillIndex(pParse, pIndex, -1);
       111058  +      }
110350 111059       }
110351 111060     }
110352 111061   }
110353 111062   #endif
110354 111063   
110355 111064   /*
110356 111065   ** Recompute all indices of all tables in all databases where the
................................................................................
110841 111550     return match;
110842 111551   }
110843 111552   
110844 111553   /*
110845 111554   ** Search a FuncDefHash for a function with the given name.  Return
110846 111555   ** a pointer to the matching FuncDef if found, or 0 if there is no match.
110847 111556   */
110848         -static FuncDef *functionSearch(
       111557  +SQLITE_PRIVATE FuncDef *sqlite3FunctionSearch(
110849 111558     int h,               /* Hash of the name */
110850 111559     const char *zFunc    /* Name of function */
110851 111560   ){
110852 111561     FuncDef *p;
110853 111562     for(p=sqlite3BuiltinFunctions.a[h]; p; p=p->u.pHash){
110854 111563       if( sqlite3StrICmp(p->zName, zFunc)==0 ){
110855 111564         return p;
110856 111565       }
110857 111566     }
110858 111567     return 0;
110859 111568   }
110860         -#ifdef SQLITE_ENABLE_NORMALIZE
110861         -SQLITE_PRIVATE FuncDef *sqlite3FunctionSearchN(
110862         -  int h,               /* Hash of the name */
110863         -  const char *zFunc,   /* Name of function */
110864         -  int nFunc            /* Length of the name */
110865         -){
110866         -  FuncDef *p;
110867         -  for(p=sqlite3BuiltinFunctions.a[h]; p; p=p->u.pHash){
110868         -    if( sqlite3StrNICmp(p->zName, zFunc, nFunc)==0 ){
110869         -      return p;
110870         -    }
110871         -  }
110872         -  return 0;
110873         -}
110874         -#endif /* SQLITE_ENABLE_NORMALIZE */
110875 111569   
110876 111570   /*
110877 111571   ** Insert a new FuncDef into a FuncDefHash hash table.
110878 111572   */
110879 111573   SQLITE_PRIVATE void sqlite3InsertBuiltinFuncs(
110880 111574     FuncDef *aDef,      /* List of global functions to be inserted */
110881 111575     int nDef            /* Length of the apDef[] list */
................................................................................
110883 111577     int i;
110884 111578     for(i=0; i<nDef; i++){
110885 111579       FuncDef *pOther;
110886 111580       const char *zName = aDef[i].zName;
110887 111581       int nName = sqlite3Strlen30(zName);
110888 111582       int h = SQLITE_FUNC_HASH(zName[0], nName);
110889 111583       assert( zName[0]>='a' && zName[0]<='z' );
110890         -    pOther = functionSearch(h, zName);
       111584  +    pOther = sqlite3FunctionSearch(h, zName);
110891 111585       if( pOther ){
110892 111586         assert( pOther!=&aDef[i] && pOther->pNext!=&aDef[i] );
110893 111587         aDef[i].pNext = pOther->pNext;
110894 111588         pOther->pNext = &aDef[i];
110895 111589       }else{
110896 111590         aDef[i].pNext = 0;
110897 111591         aDef[i].u.pHash = sqlite3BuiltinFunctions.a[h];
................................................................................
110961 111655     ** have fields overwritten with new information appropriate for the
110962 111656     ** new function.  But the FuncDefs for built-in functions are read-only.
110963 111657     ** So we must not search for built-ins when creating a new function.
110964 111658     */ 
110965 111659     if( !createFlag && (pBest==0 || (db->mDbFlags & DBFLAG_PreferBuiltin)!=0) ){
110966 111660       bestScore = 0;
110967 111661       h = SQLITE_FUNC_HASH(sqlite3UpperToLower[(u8)zName[0]], nName);
110968         -    p = functionSearch(h, zName);
       111662  +    p = sqlite3FunctionSearch(h, zName);
110969 111663       while( p ){
110970 111664         int score = matchQuality(p, nArg, enc);
110971 111665         if( score>bestScore ){
110972 111666           pBest = p;
110973 111667           bestScore = score;
110974 111668         }
110975 111669         p = p->pNext;
................................................................................
111181 111875   ){
111182 111876     SelectDest dest;
111183 111877     Select *pSel;
111184 111878     SrcList *pFrom;
111185 111879     sqlite3 *db = pParse->db;
111186 111880     int iDb = sqlite3SchemaToIndex(db, pView->pSchema);
111187 111881     pWhere = sqlite3ExprDup(db, pWhere, 0);
111188         -  pFrom = sqlite3SrcListAppend(db, 0, 0, 0);
       111882  +  pFrom = sqlite3SrcListAppend(pParse, 0, 0, 0);
111189 111883     if( pFrom ){
111190 111884       assert( pFrom->nSrc==1 );
111191 111885       pFrom->a[0].zName = sqlite3DbStrDup(db, pView->zName);
111192 111886       pFrom->a[0].zDatabase = sqlite3DbStrDup(db, db->aDb[iDb].zDbSName);
111193 111887       assert( pFrom->a[0].pOn==0 );
111194 111888       assert( pFrom->a[0].pUsing==0 );
111195 111889     }
................................................................................
111581 112275           sqlite3VdbeAddOp2(v, OP_RowSetAdd, iRowSet, iKey);
111582 112276         }
111583 112277       }
111584 112278     
111585 112279       /* If this DELETE cannot use the ONEPASS strategy, this is the 
111586 112280       ** end of the WHERE loop */
111587 112281       if( eOnePass!=ONEPASS_OFF ){
111588         -      addrBypass = sqlite3VdbeMakeLabel(v);
       112282  +      addrBypass = sqlite3VdbeMakeLabel(pParse);
111589 112283       }else{
111590 112284         sqlite3WhereEnd(pWInfo);
111591 112285       }
111592 112286     
111593 112287       /* Unless this is a view, open cursors for the table we are 
111594 112288       ** deleting from and all its indices. If this is a view, then the
111595 112289       ** only effect this statement has is to fire the INSTEAD OF 
................................................................................
111770 112464     assert( v );
111771 112465     VdbeModuleComment((v, "BEGIN: GenRowDel(%d,%d,%d,%d)",
111772 112466                            iDataCur, iIdxCur, iPk, (int)nPk));
111773 112467   
111774 112468     /* Seek cursor iCur to the row to delete. If this row no longer exists 
111775 112469     ** (this can happen if a trigger program has already deleted it), do
111776 112470     ** not attempt to delete it or fire any DELETE triggers.  */
111777         -  iLabel = sqlite3VdbeMakeLabel(v);
       112471  +  iLabel = sqlite3VdbeMakeLabel(pParse);
111778 112472     opSeek = HasRowid(pTab) ? OP_NotExists : OP_NotFound;
111779 112473     if( eMode==ONEPASS_OFF ){
111780 112474       sqlite3VdbeAddOp4Int(v, opSeek, iDataCur, iLabel, iPk, nPk);
111781 112475       VdbeCoverageIf(v, opSeek==OP_NotExists);
111782 112476       VdbeCoverageIf(v, opSeek==OP_NotFound);
111783 112477     }
111784 112478    
................................................................................
111976 112670     Vdbe *v = pParse->pVdbe;
111977 112671     int j;
111978 112672     int regBase;
111979 112673     int nCol;
111980 112674   
111981 112675     if( piPartIdxLabel ){
111982 112676       if( pIdx->pPartIdxWhere ){
111983         -      *piPartIdxLabel = sqlite3VdbeMakeLabel(v);
       112677  +      *piPartIdxLabel = sqlite3VdbeMakeLabel(pParse);
111984 112678         pParse->iSelfTab = iDataCur + 1;
111985 112679         sqlite3ExprIfFalseDup(pParse, pIdx->pPartIdxWhere, *piPartIdxLabel, 
111986 112680                               SQLITE_JUMPIFNULL);
111987 112681         pParse->iSelfTab = 0;
111988 112682       }else{
111989 112683         *piPartIdxLabel = 0;
111990 112684       }
................................................................................
112232 112926     const unsigned char *zHaystack;
112233 112927     const unsigned char *zNeedle;
112234 112928     int nHaystack;
112235 112929     int nNeedle;
112236 112930     int typeHaystack, typeNeedle;
112237 112931     int N = 1;
112238 112932     int isText;
       112933  +  unsigned char firstChar;
112239 112934   
112240 112935     UNUSED_PARAMETER(argc);
112241 112936     typeHaystack = sqlite3_value_type(argv[0]);
112242 112937     typeNeedle = sqlite3_value_type(argv[1]);
112243 112938     if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
112244 112939     nHaystack = sqlite3_value_bytes(argv[0]);
112245 112940     nNeedle = sqlite3_value_bytes(argv[1]);
................................................................................
112250 112945         isText = 0;
112251 112946       }else{
112252 112947         zHaystack = sqlite3_value_text(argv[0]);
112253 112948         zNeedle = sqlite3_value_text(argv[1]);
112254 112949         isText = 1;
112255 112950       }
112256 112951       if( zNeedle==0 || (nHaystack && zHaystack==0) ) return;
112257         -    while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
       112952  +    firstChar = zNeedle[0];
       112953  +    while( nNeedle<=nHaystack
       112954  +       && (zHaystack[0]!=firstChar || memcmp(zHaystack, zNeedle, nNeedle)!=0)
       112955  +    ){
112258 112956         N++;
112259 112957         do{
112260 112958           nHaystack--;
112261 112959           zHaystack++;
112262 112960         }while( isText && (zHaystack[0]&0xc0)==0x80 );
112263 112961       }
112264 112962       if( nNeedle>nHaystack ) N = 0;
................................................................................
112541 113239   ** that is N bytes long.
112542 113240   */
112543 113241   static void randomBlob(
112544 113242     sqlite3_context *context,
112545 113243     int argc,
112546 113244     sqlite3_value **argv
112547 113245   ){
112548         -  int n;
       113246  +  sqlite3_int64 n;
112549 113247     unsigned char *p;
112550 113248     assert( argc==1 );
112551 113249     UNUSED_PARAMETER(argc);
112552         -  n = sqlite3_value_int(argv[0]);
       113250  +  n = sqlite3_value_int64(argv[0]);
112553 113251     if( n<1 ){
112554 113252       n = 1;
112555 113253     }
112556 113254     p = contextMalloc(context, n);
112557 113255     if( p ){
112558 113256       sqlite3_randomness(n, p);
112559 113257       sqlite3_result_blob(context, (char*)p, n, sqlite3_free);
................................................................................
114381 115079     int regData,          /* Address of array containing child table row */
114382 115080     int nIncr,            /* Increment constraint counter by this */
114383 115081     int isIgnore          /* If true, pretend pTab contains all NULL values */
114384 115082   ){
114385 115083     int i;                                    /* Iterator variable */
114386 115084     Vdbe *v = sqlite3GetVdbe(pParse);         /* Vdbe to add code to */
114387 115085     int iCur = pParse->nTab - 1;              /* Cursor number to use */
114388         -  int iOk = sqlite3VdbeMakeLabel(v);        /* jump here if parent key found */
       115086  +  int iOk = sqlite3VdbeMakeLabel(pParse);   /* jump here if parent key found */
114389 115087   
114390 115088     sqlite3VdbeVerifyAbortable(v,
114391 115089       (!pFKey->isDeferred
114392 115090         && !(pParse->db->flags & SQLITE_DeferFKs)
114393 115091         && !pParse->pToplevel 
114394 115092         && !pParse->isMultiWrite) ? OE_Abort : OE_Ignore);
114395 115093   
................................................................................
114654 115352     ** to the WHERE clause that prevent this entry from being scanned.
114655 115353     ** The added WHERE clause terms are like this:
114656 115354     **
114657 115355     **     $current_rowid!=rowid
114658 115356     **     NOT( $current_a==a AND $current_b==b AND ... )
114659 115357     **
114660 115358     ** The first form is used for rowid tables.  The second form is used
114661         -  ** for WITHOUT ROWID tables.  In the second form, the primary key is
114662         -  ** (a,b,...)
       115359  +  ** for WITHOUT ROWID tables. In the second form, the *parent* key is
       115360  +  ** (a,b,...). Either the parent or primary key could be used to 
       115361  +  ** uniquely identify the current row, but the parent key is more convenient
       115362  +  ** as the required values have already been loaded into registers
       115363  +  ** by the caller.
114663 115364     */
114664 115365     if( pTab==pFKey->pFrom && nIncr>0 ){
114665 115366       Expr *pNe;                    /* Expression (pLeft != pRight) */
114666 115367       Expr *pLeft;                  /* Value from parent table row */
114667 115368       Expr *pRight;                 /* Column ref to child table */
114668 115369       if( HasRowid(pTab) ){
114669 115370         pLeft = exprTableRegister(pParse, pTab, regData, -1);
114670 115371         pRight = exprTableColumn(db, pTab, pSrc->a[0].iCursor, -1);
114671 115372         pNe = sqlite3PExpr(pParse, TK_NE, pLeft, pRight);
114672 115373       }else{
114673 115374         Expr *pEq, *pAll = 0;
114674         -      Index *pPk = sqlite3PrimaryKeyIndex(pTab);
114675 115375         assert( pIdx!=0 );
114676         -      for(i=0; i<pPk->nKeyCol; i++){
       115376  +      for(i=0; i<pIdx->nKeyCol; i++){
114677 115377           i16 iCol = pIdx->aiColumn[i];
114678 115378           assert( iCol>=0 );
114679 115379           pLeft = exprTableRegister(pParse, pTab, regData, iCol);
114680         -        pRight = exprTableColumn(db, pTab, pSrc->a[0].iCursor, iCol);
114681         -        pEq = sqlite3PExpr(pParse, TK_EQ, pLeft, pRight);
       115380  +        pRight = sqlite3Expr(db, TK_ID, pTab->aCol[iCol].zName);
       115381  +        pEq = sqlite3PExpr(pParse, TK_IS, pLeft, pRight);
114682 115382           pAll = sqlite3ExprAnd(db, pAll, pEq);
114683 115383         }
114684 115384         pNe = sqlite3PExpr(pParse, TK_NOT, pAll, 0);
114685 115385       }
114686 115386       pWhere = sqlite3ExprAnd(db, pWhere, pNe);
114687 115387     }
114688 115388   
................................................................................
114779 115479         ** the entire DELETE if there are no outstanding deferred constraints
114780 115480         ** when this statement is run.  */
114781 115481         FKey *p;
114782 115482         for(p=pTab->pFKey; p; p=p->pNextFrom){
114783 115483           if( p->isDeferred || (db->flags & SQLITE_DeferFKs) ) break;
114784 115484         }
114785 115485         if( !p ) return;
114786         -      iSkip = sqlite3VdbeMakeLabel(v);
       115486  +      iSkip = sqlite3VdbeMakeLabel(pParse);
114787 115487         sqlite3VdbeAddOp2(v, OP_FkIfZero, 1, iSkip); VdbeCoverage(v);
114788 115488       }
114789 115489   
114790 115490       pParse->disableTriggers = 1;
114791 115491       sqlite3DeleteFrom(pParse, sqlite3SrcListDup(db, pName, 0), 0, 0, 0);
114792 115492       pParse->disableTriggers = 0;
114793 115493   
................................................................................
115064 115764         if( !isIgnoreErrors || db->mallocFailed ) return;
115065 115765         continue;
115066 115766       }
115067 115767       assert( aiCol || pFKey->nCol==1 );
115068 115768   
115069 115769       /* Create a SrcList structure containing the child table.  We need the
115070 115770       ** child table as a SrcList for sqlite3WhereBegin() */
115071         -    pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
       115771  +    pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
115072 115772       if( pSrc ){
115073 115773         struct SrcList_item *pItem = pSrc->a;
115074 115774         pItem->pTab = pFKey->pFrom;
115075 115775         pItem->zName = pFKey->pFrom->zName;
115076 115776         pItem->pTab->nTabRef++;
115077 115777         pItem->iCursor = pParse->nTab++;
115078 115778     
................................................................................
115341 116041         tFrom.n = nFrom;
115342 116042         pRaise = sqlite3Expr(db, TK_RAISE, "FOREIGN KEY constraint failed");
115343 116043         if( pRaise ){
115344 116044           pRaise->affinity = OE_Abort;
115345 116045         }
115346 116046         pSelect = sqlite3SelectNew(pParse, 
115347 116047             sqlite3ExprListAppend(pParse, 0, pRaise),
115348         -          sqlite3SrcListAppend(db, 0, &tFrom, 0),
       116048  +          sqlite3SrcListAppend(pParse, 0, &tFrom, 0),
115349 116049             pWhere,
115350 116050             0, 0, 0, 0, 0
115351 116051         );
115352 116052         pWhere = 0;
115353 116053       }
115354 116054   
115355 116055       /* Disable lookaside memory allocation */
................................................................................
115803 116503       aOp[3].p5 = SQLITE_JUMPIFNULL;
115804 116504       aOp[4].p2 = memId+1;
115805 116505       aOp[5].p3 = memId;
115806 116506       aOp[6].p1 = memId;
115807 116507       aOp[7].p2 = memId+2;
115808 116508       aOp[7].p1 = memId;
115809 116509       aOp[10].p2 = memId;
       116510  +    if( pParse->nTab==0 ) pParse->nTab = 1;
115810 116511     }
115811 116512   }
115812 116513   
115813 116514   /*
115814 116515   ** Update the maximum rowid for an autoincrement calculation.
115815 116516   **
115816 116517   ** This routine should be called when the regRowid register holds a
................................................................................
116309 117010         assert( pIdx );
116310 117011         aRegIdx[i] = ++pParse->nMem;
116311 117012         pParse->nMem += pIdx->nColumn;
116312 117013       }
116313 117014     }
116314 117015   #ifndef SQLITE_OMIT_UPSERT
116315 117016     if( pUpsert ){
       117017  +    if( IsVirtual(pTab) ){
       117018  +      sqlite3ErrorMsg(pParse, "UPSERT not implemented for virtual table \"%s\"",
       117019  +              pTab->zName);
       117020  +      goto insert_cleanup;
       117021  +    }
116316 117022       pTabList->a[0].iCursor = iDataCur;
116317 117023       pUpsert->pUpsertSrc = pTabList;
116318 117024       pUpsert->regData = regData;
116319 117025       pUpsert->iDataCur = iDataCur;
116320 117026       pUpsert->iIdxCur = iIdxCur;
116321 117027       if( pUpsert->pUpsertTarget ){
116322 117028         sqlite3UpsertAnalyzeTarget(pParse, pTabList, pUpsert);
................................................................................
116349 117055       */
116350 117056       addrInsTop = addrCont = sqlite3VdbeAddOp1(v, OP_Yield, dest.iSDParm);
116351 117057       VdbeCoverage(v);
116352 117058     }
116353 117059   
116354 117060     /* Run the BEFORE and INSTEAD OF triggers, if there are any
116355 117061     */
116356         -  endOfLoop = sqlite3VdbeMakeLabel(v);
       117062  +  endOfLoop = sqlite3VdbeMakeLabel(pParse);
116357 117063     if( tmask & TRIGGER_BEFORE ){
116358 117064       int regCols = sqlite3GetTempRange(pParse, pTab->nCol+1);
116359 117065   
116360 117066       /* build the NEW.* reference row.  Note that if there is an INTEGER
116361 117067       ** PRIMARY KEY into which a NULL is being inserted, that NULL will be
116362 117068       ** translated into a unique ID for the row.  But on a BEFORE trigger,
116363 117069       ** we do not know what the unique ID will be (because the insert has
................................................................................
116431 117137       }
116432 117138       if( ipkColumn>=0 ){
116433 117139         if( useTempTable ){
116434 117140           sqlite3VdbeAddOp3(v, OP_Column, srcTab, ipkColumn, regRowid);
116435 117141         }else if( pSelect ){
116436 117142           sqlite3VdbeAddOp2(v, OP_Copy, regFromSelect+ipkColumn, regRowid);
116437 117143         }else{
116438         -        VdbeOp *pOp;
116439         -        sqlite3ExprCode(pParse, pList->a[ipkColumn].pExpr, regRowid);
116440         -        pOp = sqlite3VdbeGetOp(v, -1);
116441         -        assert( pOp!=0 );
116442         -        if( pOp->opcode==OP_Null && !IsVirtual(pTab) ){
       117144  +        Expr *pIpk = pList->a[ipkColumn].pExpr;
       117145  +        if( pIpk->op==TK_NULL && !IsVirtual(pTab) ){
       117146  +          sqlite3VdbeAddOp3(v, OP_NewRowid, iDataCur, regRowid, regAutoinc);
116443 117147             appendFlag = 1;
116444         -          pOp->opcode = OP_NewRowid;
116445         -          pOp->p1 = iDataCur;
116446         -          pOp->p2 = regRowid;
116447         -          pOp->p3 = regAutoinc;
       117148  +        }else{
       117149  +          sqlite3ExprCode(pParse, pList->a[ipkColumn].pExpr, regRowid);
116448 117150           }
116449 117151         }
116450 117152         /* If the PRIMARY KEY expression is NULL, then use OP_NewRowid
116451 117153         ** to generate a unique primary key value.
116452 117154         */
116453 117155         if( !appendFlag ){
116454 117156           int addr1;
................................................................................
116835 117537         onError = OE_Abort;
116836 117538       }
116837 117539       if( onError==OE_Replace && pTab->aCol[i].pDflt==0 ){
116838 117540         onError = OE_Abort;
116839 117541       }
116840 117542       assert( onError==OE_Rollback || onError==OE_Abort || onError==OE_Fail
116841 117543           || onError==OE_Ignore || onError==OE_Replace );
       117544  +    addr1 = 0;
116842 117545       switch( onError ){
       117546  +      case OE_Replace: {
       117547  +        assert( onError==OE_Replace );
       117548  +        addr1 = sqlite3VdbeMakeLabel(pParse);
       117549  +        sqlite3VdbeAddOp2(v, OP_NotNull, regNewData+1+i, addr1);
       117550  +          VdbeCoverage(v);
       117551  +        sqlite3ExprCode(pParse, pTab->aCol[i].pDflt, regNewData+1+i);
       117552  +        sqlite3VdbeAddOp2(v, OP_NotNull, regNewData+1+i, addr1);
       117553  +          VdbeCoverage(v);
       117554  +        onError = OE_Abort;
       117555  +        /* Fall through into the OE_Abort case to generate code that runs
       117556  +        ** if both the input and the default value are NULL */
       117557  +      }
116843 117558         case OE_Abort:
116844 117559           sqlite3MayAbort(pParse);
116845 117560           /* Fall through */
116846 117561         case OE_Rollback:
116847 117562         case OE_Fail: {
116848 117563           char *zMsg = sqlite3MPrintf(db, "%s.%s", pTab->zName,
116849 117564                                       pTab->aCol[i].zName);
116850 117565           sqlite3VdbeAddOp3(v, OP_HaltIfNull, SQLITE_CONSTRAINT_NOTNULL, onError,
116851 117566                             regNewData+1+i);
116852 117567           sqlite3VdbeAppendP4(v, zMsg, P4_DYNAMIC);
116853 117568           sqlite3VdbeChangeP5(v, P5_ConstraintNotNull);
116854 117569           VdbeCoverage(v);
       117570  +        if( addr1 ) sqlite3VdbeResolveLabel(v, addr1);
116855 117571           break;
116856 117572         }
116857         -      case OE_Ignore: {
       117573  +      default: {
       117574  +        assert( onError==OE_Ignore );
116858 117575           sqlite3VdbeAddOp2(v, OP_IsNull, regNewData+1+i, ignoreDest);
116859 117576           VdbeCoverage(v);
116860 117577           break;
116861 117578         }
116862         -      default: {
116863         -        assert( onError==OE_Replace );
116864         -        addr1 = sqlite3VdbeAddOp1(v, OP_NotNull, regNewData+1+i);
116865         -           VdbeCoverage(v);
116866         -        sqlite3ExprCode(pParse, pTab->aCol[i].pDflt, regNewData+1+i);
116867         -        sqlite3VdbeJumpHere(v, addr1);
116868         -        break;
116869         -      }
116870 117579       }
116871 117580     }
116872 117581   
116873 117582     /* Test all CHECK constraints
116874 117583     */
116875 117584   #ifndef SQLITE_OMIT_CHECK
116876 117585     if( pTab->pCheck && (db->flags & SQLITE_IgnoreChecks)==0 ){
................................................................................
116883 117592         if( aiChng
116884 117593          && !sqlite3ExprReferencesUpdatedColumn(pExpr, aiChng, pkChng)
116885 117594         ){
116886 117595           /* The check constraints do not reference any of the columns being
116887 117596           ** updated so there is no point it verifying the check constraint */
116888 117597           continue;
116889 117598         }
116890         -      allOk = sqlite3VdbeMakeLabel(v);
       117599  +      allOk = sqlite3VdbeMakeLabel(pParse);
116891 117600         sqlite3VdbeVerifyAbortable(v, onError);
116892 117601         sqlite3ExprIfTrue(pParse, pExpr, allOk, SQLITE_JUMPIFNULL);
116893 117602         if( onError==OE_Ignore ){
116894 117603           sqlite3VdbeGoto(v, ignoreDest);
116895 117604         }else{
116896 117605           char *zName = pCheck->a[i].zName;
116897 117606           if( zName==0 ) zName = pTab->zName;
................................................................................
116950 117659       }
116951 117660     }
116952 117661   
116953 117662     /* If rowid is changing, make sure the new rowid does not previously
116954 117663     ** exist in the table.
116955 117664     */
116956 117665     if( pkChng && pPk==0 ){
116957         -    int addrRowidOk = sqlite3VdbeMakeLabel(v);
       117666  +    int addrRowidOk = sqlite3VdbeMakeLabel(pParse);
116958 117667   
116959 117668       /* Figure out what action to take in case of a rowid collision */
116960 117669       onError = pTab->keyConf;
116961 117670       if( overrideError!=OE_Default ){
116962 117671         onError = overrideError;
116963 117672       }else if( onError==OE_Default ){
116964 117673         onError = OE_Abort;
................................................................................
117100 117809       if( aRegIdx[ix]==0 ) continue;  /* Skip indices that do not change */
117101 117810       if( pUpIdx==pIdx ){
117102 117811         addrUniqueOk = upsertJump+1;
117103 117812         upsertBypass = sqlite3VdbeGoto(v, 0);
117104 117813         VdbeComment((v, "Skip upsert subroutine"));
117105 117814         sqlite3VdbeJumpHere(v, upsertJump);
117106 117815       }else{
117107         -      addrUniqueOk = sqlite3VdbeMakeLabel(v);
       117816  +      addrUniqueOk = sqlite3VdbeMakeLabel(pParse);
117108 117817       }
117109 117818       if( bAffinityDone==0 && (pUpIdx==0 || pUpIdx==pIdx) ){
117110 117819         sqlite3TableAffinity(v, pTab, regNewData+1);
117111 117820         bAffinityDone = 1;
117112 117821       }
117113 117822       VdbeNoopComment((v, "uniqueness check for %s", pIdx->zName));
117114 117823       iThisCur = iIdxCur+ix;
................................................................................
117183 117892   
117184 117893       /* Collision detection may be omitted if all of the following are true:
117185 117894       **   (1) The conflict resolution algorithm is REPLACE
117186 117895       **   (2) The table is a WITHOUT ROWID table
117187 117896       **   (3) There are no secondary indexes on the table
117188 117897       **   (4) No delete triggers need to be fired if there is a conflict
117189 117898       **   (5) No FK constraint counters need to be updated if a conflict occurs.
117190         -    */ 
       117899  +    **
       117900  +    ** This is not possible for ENABLE_PREUPDATE_HOOK builds, as the row
       117901  +    ** must be explicitly deleted in order to ensure any pre-update hook
       117902  +    ** is invoked.  */ 
       117903  +#ifndef SQLITE_ENABLE_PREUPDATE_HOOK
117191 117904       if( (ix==0 && pIdx->pNext==0)                   /* Condition 3 */
117192 117905        && pPk==pIdx                                   /* Condition 2 */
117193 117906        && onError==OE_Replace                         /* Condition 1 */
117194 117907        && ( 0==(db->flags&SQLITE_RecTriggers) ||      /* Condition 4 */
117195 117908             0==sqlite3TriggersExist(pParse, pTab, TK_DELETE, 0, 0))
117196 117909        && ( 0==(db->flags&SQLITE_ForeignKeys) ||      /* Condition 5 */
117197 117910            (0==pTab->pFKey && 0==sqlite3FkReferences(pTab)))
117198 117911       ){
117199 117912         sqlite3VdbeResolveLabel(v, addrUniqueOk);
117200 117913         continue;
117201 117914       }
       117915  +#endif /* ifndef SQLITE_ENABLE_PREUPDATE_HOOK */
117202 117916   
117203 117917       /* Check to see if the new index entry will be unique */
117204 117918       sqlite3VdbeVerifyAbortable(v, onError);
117205 117919       sqlite3VdbeAddOp4Int(v, OP_NoConflict, iThisCur, addrUniqueOk,
117206 117920                            regIdx, pIdx->nKeyCol); VdbeCoverage(v);
117207 117921   
117208 117922       /* Generate code to handle collisions */
................................................................................
117308 118022         sqlite3VdbeResolveLabel(v, addrUniqueOk);
117309 118023       }
117310 118024       if( regR!=regIdx ) sqlite3ReleaseTempRange(pParse, regR, nPkField);
117311 118025     }
117312 118026   
117313 118027     /* If the IPK constraint is a REPLACE, run it last */
117314 118028     if( ipkTop ){
117315         -    sqlite3VdbeGoto(v, ipkTop+1);
       118029  +    sqlite3VdbeGoto(v, ipkTop);
117316 118030       VdbeComment((v, "Do IPK REPLACE"));
117317 118031       sqlite3VdbeJumpHere(v, ipkBottom);
117318 118032     }
117319 118033   
117320 118034     *pbMayReplace = seenReplace;
117321 118035     VdbeModuleComment((v, "END: GenCnstCks(%d)", seenReplace));
117322 118036   }
................................................................................
117678 118392     ** we have to check the semantics.
117679 118393     */
117680 118394     pItem = pSelect->pSrc->a;
117681 118395     pSrc = sqlite3LocateTableItem(pParse, 0, pItem);
117682 118396     if( pSrc==0 ){
117683 118397       return 0;   /* FROM clause does not contain a real table */
117684 118398     }
117685         -  if( pSrc==pDest ){
       118399  +  if( pSrc->tnum==pDest->tnum && pSrc->pSchema==pDest->pSchema ){
       118400  +    testcase( pSrc!=pDest ); /* Possible due to bad sqlite_master.rootpage */
117686 118401       return 0;   /* tab1 and tab2 may not be the same table */
117687 118402     }
117688 118403     if( HasRowid(pDest)!=HasRowid(pSrc) ){
117689 118404       return 0;   /* source and destination must both be WITHOUT ROWID or not */
117690 118405     }
117691 118406   #ifndef SQLITE_OMIT_VIRTUALTABLE
117692 118407     if( IsVirtual(pSrc) ){
................................................................................
117954 118669   
117955 118670     if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
117956 118671     if( zSql==0 ) zSql = "";
117957 118672   
117958 118673     sqlite3_mutex_enter(db->mutex);
117959 118674     sqlite3Error(db, SQLITE_OK);
117960 118675     while( rc==SQLITE_OK && zSql[0] ){
117961         -    int nCol;
       118676  +    int nCol = 0;
117962 118677       char **azVals = 0;
117963 118678   
117964 118679       pStmt = 0;
117965 118680       rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
117966 118681       assert( rc==SQLITE_OK || pStmt==0 );
117967 118682       if( rc!=SQLITE_OK ){
117968 118683         continue;
117969 118684       }
117970 118685       if( !pStmt ){
117971 118686         /* this happens for a comment or white-space */
117972 118687         zSql = zLeftover;
117973 118688         continue;
117974 118689       }
117975         -
117976 118690       callbackIsInit = 0;
117977         -    nCol = sqlite3_column_count(pStmt);
117978 118691   
117979 118692       while( 1 ){
117980 118693         int i;
117981 118694         rc = sqlite3_step(pStmt);
117982 118695   
117983 118696         /* Invoke the callback function if required */
117984 118697         if( xCallback && (SQLITE_ROW==rc || 
117985 118698             (SQLITE_DONE==rc && !callbackIsInit
117986 118699                              && db->flags&SQLITE_NullCallback)) ){
117987 118700           if( !callbackIsInit ){
       118701  +          nCol = sqlite3_column_count(pStmt);
117988 118702             azCols = sqlite3DbMallocRaw(db, (2*nCol+1)*sizeof(const char*));
117989 118703             if( azCols==0 ){
117990 118704               goto exec_out;
117991 118705             }
117992 118706             for(i=0; i<nCol; i++){
117993 118707               azCols[i] = (char *)sqlite3_column_name(pStmt, i);
117994 118708               /* sqlite3VdbeSetColName() installs column names as UTF8
................................................................................
119335 120049   ** default so as not to open security holes in older applications.
119336 120050   */
119337 120051   SQLITE_API int sqlite3_enable_load_extension(sqlite3 *db, int onoff){
119338 120052     sqlite3_mutex_enter(db->mutex);
119339 120053     if( onoff ){
119340 120054       db->flags |= SQLITE_LoadExtension|SQLITE_LoadExtFunc;
119341 120055     }else{
119342         -    db->flags &= ~(SQLITE_LoadExtension|SQLITE_LoadExtFunc);
       120056  +    db->flags &= ~(u64)(SQLITE_LoadExtension|SQLITE_LoadExtFunc);
119343 120057     }
119344 120058     sqlite3_mutex_leave(db->mutex);
119345 120059     return SQLITE_OK;
119346 120060   }
119347 120061   
119348 120062   #endif /* !defined(SQLITE_OMIT_LOAD_EXTENSION) */
119349 120063   
................................................................................
119594 120308   #define PragTyp_THREADS                       37
119595 120309   #define PragTyp_WAL_AUTOCHECKPOINT            38
119596 120310   #define PragTyp_WAL_CHECKPOINT                39
119597 120311   #define PragTyp_ACTIVATE_EXTENSIONS           40
119598 120312   #define PragTyp_HEXKEY                        41
119599 120313   #define PragTyp_KEY                           42
119600 120314   #define PragTyp_LOCK_STATUS                   43
119601         -#define PragTyp_PARSER_TRACE                  44
119602         -#define PragTyp_STATS                         45
       120315  +#define PragTyp_STATS                         44
119603 120316   
119604 120317   /* Property flags associated with various pragma. */
119605 120318   #define PragFlg_NeedSchema 0x01 /* Force schema load before running */
119606 120319   #define PragFlg_NoColumns  0x02 /* OP_ResultRow called with zero columns */
119607 120320   #define PragFlg_NoColumns1 0x04 /* zero columns if RHS argument is present */
119608 120321   #define PragFlg_ReadOnly   0x08 /* Read-only HEADER_VALUE */
119609 120322   #define PragFlg_Result0    0x10 /* Acts as query when no argument */
................................................................................
120006 120719     /* iArg:      */ 0 },
120007 120720    {/* zName:     */ "page_size",
120008 120721     /* ePragTyp:  */ PragTyp_PAGE_SIZE,
120009 120722     /* ePragFlg:  */ PragFlg_Result0|PragFlg_SchemaReq|PragFlg_NoColumns1,
120010 120723     /* ColNames:  */ 0, 0,
120011 120724     /* iArg:      */ 0 },
120012 120725   #endif
120013         -#if defined(SQLITE_DEBUG) && !defined(SQLITE_OMIT_PARSER_TRACE)
       120726  +#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
       120727  +#if defined(SQLITE_DEBUG)
120014 120728    {/* zName:     */ "parser_trace",
120015         -  /* ePragTyp:  */ PragTyp_PARSER_TRACE,
120016         -  /* ePragFlg:  */ 0,
       120729  +  /* ePragTyp:  */ PragTyp_FLAG,
       120730  +  /* ePragFlg:  */ PragFlg_Result0|PragFlg_NoColumns1,
120017 120731     /* ColNames:  */ 0, 0,
120018         -  /* iArg:      */ 0 },
       120732  +  /* iArg:      */ SQLITE_ParserTrace },
       120733  +#endif
120019 120734   #endif
120020 120735   #if defined(SQLITE_INTROSPECTION_PRAGMAS)
120021 120736    {/* zName:     */ "pragma_list",
120022 120737     /* ePragTyp:  */ PragTyp_PRAGMA_LIST,
120023 120738     /* ePragFlg:  */ PragFlg_Result0,
120024 120739     /* ColNames:  */ 9, 1,
120025 120740     /* iArg:      */ 0 },
................................................................................
121002 121717         int size = 1;
121003 121718         if( sqlite3GetInt32(zRight, &size) ){
121004 121719           sqlite3BtreeSetSpillSize(pDb->pBt, size);
121005 121720         }
121006 121721         if( sqlite3GetBoolean(zRight, size!=0) ){
121007 121722           db->flags |= SQLITE_CacheSpill;
121008 121723         }else{
121009         -        db->flags &= ~SQLITE_CacheSpill;
       121724  +        db->flags &= ~(u64)SQLITE_CacheSpill;
121010 121725         }
121011 121726         setAllPagerFlags(db);
121012 121727       }
121013 121728       break;
121014 121729     }
121015 121730   
121016 121731     /*
................................................................................
121562 122277           pParent = sqlite3FindTable(db, pFK->zTo, zDb);
121563 122278           pIdx = 0;
121564 122279           aiCols = 0;
121565 122280           if( pParent ){
121566 122281             x = sqlite3FkLocateIndex(pParse, pParent, pFK, &pIdx, &aiCols);
121567 122282             assert( x==0 );
121568 122283           }
121569         -        addrOk = sqlite3VdbeMakeLabel(v);
       122284  +        addrOk = sqlite3VdbeMakeLabel(pParse);
121570 122285   
121571 122286           /* Generate code to read the child key values into registers
121572 122287           ** regRow..regRow+n. If any of the child key values are NULL, this 
121573 122288           ** row cannot cause an FK violation. Jump directly to addrOk in 
121574 122289           ** this case. */
121575 122290           for(j=0; j<pFK->nCol; j++){
121576 122291             int iCol = aiCols ? aiCols[j] : pFK->aCol[j].iFrom;
................................................................................
121607 122322         sqlite3VdbeJumpHere(v, addrTop);
121608 122323       }
121609 122324     }
121610 122325     break;
121611 122326   #endif /* !defined(SQLITE_OMIT_TRIGGER) */
121612 122327   #endif /* !defined(SQLITE_OMIT_FOREIGN_KEY) */
121613 122328   
121614         -#ifndef NDEBUG
121615         -  case PragTyp_PARSER_TRACE: {
121616         -    if( zRight ){
121617         -      if( sqlite3GetBoolean(zRight, 0) ){
121618         -        sqlite3ParserTrace(stdout, "parser: ");
121619         -      }else{
121620         -        sqlite3ParserTrace(0, 0);
121621         -      }
121622         -    }
121623         -  }
121624         -  break;
121625         -#endif
121626         -
121627 122329     /* Reinstall the LIKE and GLOB functions.  The variant of LIKE
121628 122330     ** used will be case sensitive or not depending on the RHS.
121629 122331     */
121630 122332     case PragTyp_CASE_SENSITIVE_LIKE: {
121631 122333       if( zRight ){
121632 122334         sqlite3RegisterLikeFunctions(db, sqlite3GetBoolean(zRight, 0));
121633 122335       }
................................................................................
121782 122484             integrityCheckResultRow(v);
121783 122485             sqlite3VdbeJumpHere(v, jmp2);
121784 122486           }
121785 122487           /* Verify CHECK constraints */
121786 122488           if( pTab->pCheck && (db->flags & SQLITE_IgnoreChecks)==0 ){
121787 122489             ExprList *pCheck = sqlite3ExprListDup(db, pTab->pCheck, 0);
121788 122490             if( db->mallocFailed==0 ){
121789         -            int addrCkFault = sqlite3VdbeMakeLabel(v);
121790         -            int addrCkOk = sqlite3VdbeMakeLabel(v);
       122491  +            int addrCkFault = sqlite3VdbeMakeLabel(pParse);
       122492  +            int addrCkOk = sqlite3VdbeMakeLabel(pParse);
121791 122493               char *zErr;
121792 122494               int k;
121793 122495               pParse->iSelfTab = iDataCur + 1;
121794 122496               for(k=pCheck->nExpr-1; k>0; k--){
121795 122497                 sqlite3ExprIfFalse(pParse, pCheck->a[k].pExpr, addrCkFault, 0);
121796 122498               }
121797 122499               sqlite3ExprIfTrue(pParse, pCheck->a[0].pExpr, addrCkOk, 
................................................................................
121806 122508             }
121807 122509             sqlite3ExprListDelete(db, pCheck);
121808 122510           }
121809 122511           if( !isQuick ){ /* Omit the remaining tests for quick_check */
121810 122512             /* Validate index entries for the current row */
121811 122513             for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
121812 122514               int jmp2, jmp3, jmp4, jmp5;
121813         -            int ckUniq = sqlite3VdbeMakeLabel(v);
       122515  +            int ckUniq = sqlite3VdbeMakeLabel(pParse);
121814 122516               if( pPk==pIdx ) continue;
121815 122517               r1 = sqlite3GenerateIndexKey(pParse, pIdx, iDataCur, 0, 0, &jmp3,
121816 122518                                            pPrior, r1);
121817 122519               pPrior = pIdx;
121818 122520               sqlite3VdbeAddOp2(v, OP_AddImm, 8+j, 1);/* increment entry count */
121819 122521               /* Verify that an index entry exists for the current table row */
121820 122522               jmp2 = sqlite3VdbeAddOp4Int(v, OP_Found, iIdxCur+j, ckUniq, r1,
................................................................................
121827 122529               sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 3);
121828 122530               jmp4 = integrityCheckResultRow(v);
121829 122531               sqlite3VdbeJumpHere(v, jmp2);
121830 122532               /* For UNIQUE indexes, verify that only one entry exists with the
121831 122533               ** current key.  The entry is unique if (1) any column is NULL
121832 122534               ** or (2) the next entry has a different key */
121833 122535               if( IsUniqueIndex(pIdx) ){
121834         -              int uniqOk = sqlite3VdbeMakeLabel(v);
       122536  +              int uniqOk = sqlite3VdbeMakeLabel(pParse);
121835 122537                 int jmp6;
121836 122538                 int kk;
121837 122539                 for(kk=0; kk<pIdx->nKeyCol; kk++){
121838 122540                   int iCol = pIdx->aiColumn[kk];
121839 122541                   assert( iCol!=XN_ROWID && iCol<pTab->nCol );
121840 122542                   if( iCol>=0 && pTab->aCol[iCol].notNull ) continue;
121841 122543                   sqlite3VdbeAddOp2(v, OP_IsNull, r1+kk, uniqOk);
................................................................................
122740 123442       if( zObj==0 ) zObj = "?";
122741 123443       z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
122742 123444       if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
122743 123445       *pData->pzErrMsg = z;
122744 123446       pData->rc = SQLITE_CORRUPT_BKPT;
122745 123447     }
122746 123448   }
       123449  +
       123450  +/*
       123451  +** Check to see if any sibling index (another index on the same table)
       123452  +** of pIndex has the same root page number, and if it does, return true.
       123453  +** This would indicate a corrupt schema.
       123454  +*/
       123455  +SQLITE_PRIVATE int sqlite3IndexHasDuplicateRootPage(Index *pIndex){
       123456  +  Index *p;
       123457  +  for(p=pIndex->pTable->pIndex; p; p=p->pNext){
       123458  +    if( p->tnum==pIndex->tnum && p!=pIndex ) return 1;
       123459  +  }
       123460  +  return 0;
       123461  +}
122747 123462   
122748 123463   /*
122749 123464   ** This is the callback routine for the code that initializes the
122750 123465   ** database.  See sqlite3Init() below for additional information.
122751 123466   ** This routine is also called from the OP_ParseSchema opcode of the VDBE.
122752 123467   **
122753 123468   ** Each callback contains the following information:
................................................................................
122762 123477     sqlite3 *db = pData->db;
122763 123478     int iDb = pData->iDb;
122764 123479   
122765 123480     assert( argc==3 );
122766 123481     UNUSED_PARAMETER2(NotUsed, argc);
122767 123482     assert( sqlite3_mutex_held(db->mutex) );
122768 123483     DbClearProperty(db, iDb, DB_Empty);
       123484  +  pData->nInitRow++;
122769 123485     if( db->mallocFailed ){
122770 123486       corruptSchema(pData, argv[0], 0);
122771 123487       return 1;
122772 123488     }
122773 123489   
122774 123490     assert( iDb>=0 && iDb<db->nDb );
122775 123491     if( argv==0 ) return 0;   /* Might happen if EMPTY_RESULT_CALLBACKS are on */
................................................................................
122815 123531       ** was created to be the PRIMARY KEY or to fulfill a UNIQUE
122816 123532       ** constraint for a CREATE TABLE.  The index should have already
122817 123533       ** been created when we processed the CREATE TABLE.  All we have
122818 123534       ** to do here is record the root page number for that index.
122819 123535       */
122820 123536       Index *pIndex;
122821 123537       pIndex = sqlite3FindIndex(db, argv[0], db->aDb[iDb].zDbSName);
122822         -    if( pIndex==0 ){
122823         -      /* This can occur if there exists an index on a TEMP table which
122824         -      ** has the same name as another index on a permanent index.  Since
122825         -      ** the permanent table is hidden by the TEMP table, we can also
122826         -      ** safely ignore the index on the permanent table.
122827         -      */
122828         -      /* Do Nothing */;
122829         -    }else if( sqlite3GetInt32(argv[1], &pIndex->tnum)==0 ){
122830         -      corruptSchema(pData, argv[0], "invalid rootpage");
       123538  +    if( pIndex==0
       123539  +     || sqlite3GetInt32(argv[1],&pIndex->tnum)==0
       123540  +     || pIndex->tnum<2
       123541  +     || sqlite3IndexHasDuplicateRootPage(pIndex)
       123542  +    ){
       123543  +      corruptSchema(pData, argv[0], pIndex?"invalid rootpage":"orphan index");
122831 123544       }
122832 123545     }
122833 123546     return 0;
122834 123547   }
122835 123548   
122836 123549   /*
122837 123550   ** Attempt to read the database schema and initialize internal
................................................................................
122873 123586                               "rootpage int,sql text)";
122874 123587     azArg[3] = 0;
122875 123588     initData.db = db;
122876 123589     initData.iDb = iDb;
122877 123590     initData.rc = SQLITE_OK;
122878 123591     initData.pzErrMsg = pzErrMsg;
122879 123592     initData.mInitFlags = mFlags;
       123593  +  initData.nInitRow = 0;
122880 123594     sqlite3InitCallback(&initData, 3, (char **)azArg, 0);
122881 123595     if( initData.rc ){
122882 123596       rc = initData.rc;
122883 123597       goto error_out;
122884 123598     }
122885 123599   
122886 123600     /* Create a cursor to hold the database open
................................................................................
122990 123704   
122991 123705     /* Ticket #2804:  When we open a database in the newer file format,
122992 123706     ** clear the legacy_file_format pragma flag so that a VACUUM will
122993 123707     ** not downgrade the database and thus invalidate any descending
122994 123708     ** indices that the user might have created.
122995 123709     */
122996 123710     if( iDb==0 && meta[BTREE_FILE_FORMAT-1]>=4 ){
122997         -    db->flags &= ~SQLITE_LegacyFileFmt;
       123711  +    db->flags &= ~(u64)SQLITE_LegacyFileFmt;
122998 123712     }
122999 123713   
123000 123714     /* Read the schema information out of the schema tables
123001 123715     */
123002 123716     assert( db->init.busy );
123003 123717     {
123004 123718       char *zSql;
................................................................................
123242 123956     /* For a long-term use prepared statement avoid the use of
123243 123957     ** lookaside memory.
123244 123958     */
123245 123959     if( prepFlags & SQLITE_PREPARE_PERSISTENT ){
123246 123960       sParse.disableLookaside++;
123247 123961       db->lookaside.bDisable++;
123248 123962     }
       123963  +  sParse.disableVtab = (prepFlags & SQLITE_PREPARE_NO_VTAB)!=0;
123249 123964   
123250 123965     /* Check to verify that it is possible to get a read lock on all
123251 123966     ** database schemas.  The inability to get a read lock indicates that
123252 123967     ** some other database connection is holding a write-lock, which in
123253 123968     ** turn means that the other connection has made uncommitted changes
123254 123969     ** to the schema.
123255 123970     **
................................................................................
123406 124121     sqlite3BtreeLeaveAll(db);
123407 124122     rc = sqlite3ApiExit(db, rc);
123408 124123     assert( (rc&db->errMask)==rc );
123409 124124     sqlite3_mutex_leave(db->mutex);
123410 124125     return rc;
123411 124126   }
123412 124127   
123413         -#ifdef SQLITE_ENABLE_NORMALIZE
123414         -/*
123415         -** Checks if the specified token is a table, column, or function name,
123416         -** based on the databases associated with the statement being prepared.
123417         -** If the function fails, zero is returned and pRc is filled with the
123418         -** error code.
123419         -*/
123420         -static int shouldTreatAsIdentifier(
123421         -  sqlite3 *db,        /* Database handle. */
123422         -  const char *zToken, /* Pointer to start of token to be checked */
123423         -  int nToken,         /* Length of token to be checked */
123424         -  int *pRc            /* Pointer to error code upon failure */
123425         -){
123426         -  int bFound = 0;     /* Non-zero if token is an identifier name. */
123427         -  int i, j;           /* Database and column loop indexes. */
123428         -  Schema *pSchema;    /* Schema for current database. */
123429         -  Hash *pHash;        /* Hash table of tables for current database. */
123430         -  HashElem *e;        /* Hash element for hash table iteration. */
123431         -  Table *pTab;        /* Database table for columns being checked. */
123432         -
123433         -  if( sqlite3IsRowidN(zToken, nToken) ){
123434         -    return 1;
123435         -  }
123436         -  if( nToken>0 ){
123437         -    int hash = SQLITE_FUNC_HASH(sqlite3UpperToLower[(u8)zToken[0]], nToken);
123438         -    if( sqlite3FunctionSearchN(hash, zToken, nToken) ) return 1;
123439         -  }
123440         -  assert( db!=0 );
123441         -  sqlite3_mutex_enter(db->mutex);
123442         -  sqlite3BtreeEnterAll(db);
123443         -  for(i=0; i<db->nDb; i++){
123444         -    pHash = &db->aFunc;
123445         -    if( sqlite3HashFindN(pHash, zToken, nToken) ){
123446         -      bFound = 1;
123447         -      break;
123448         -    }
123449         -    pSchema = db->aDb[i].pSchema;
123450         -    if( pSchema==0 ) continue;
123451         -    pHash = &pSchema->tblHash;
123452         -    if( sqlite3HashFindN(pHash, zToken, nToken) ){
123453         -      bFound = 1;
123454         -      break;
123455         -    }
123456         -    for(e=sqliteHashFirst(pHash); e; e=sqliteHashNext(e)){
123457         -      pTab = sqliteHashData(e);
123458         -      if( pTab==0 ) continue;
123459         -      pHash = pTab->pColHash;
123460         -      if( pHash==0 ){
123461         -        pTab->pColHash = pHash = sqlite3_malloc(sizeof(Hash));
123462         -        if( pHash ){
123463         -          sqlite3HashInit(pHash);
123464         -          for(j=0; j<pTab->nCol; j++){
123465         -            Column *pCol = &pTab->aCol[j];
123466         -            sqlite3HashInsert(pHash, pCol->zName, pCol);
123467         -          }
123468         -        }else{
123469         -          *pRc = SQLITE_NOMEM_BKPT;
123470         -          bFound = 0;
123471         -          goto done;
123472         -        }
123473         -      }
123474         -      if( pHash && sqlite3HashFindN(pHash, zToken, nToken) ){
123475         -        bFound = 1;
123476         -        goto done;
123477         -      }
123478         -    }
123479         -  }
123480         -done:
123481         -  sqlite3BtreeLeaveAll(db);
123482         -  sqlite3_mutex_leave(db->mutex);
123483         -  return bFound;
123484         -}
123485         -
123486         -/*
123487         -** Attempt to estimate the final output buffer size needed for the fully
123488         -** normalized version of the specified SQL string.  This should take into
123489         -** account any potential expansion that could occur (e.g. via IN clauses
123490         -** being expanded, etc).  This size returned is the total number of bytes
123491         -** including the NUL terminator.
123492         -*/
123493         -static int estimateNormalizedSize(
123494         -  const char *zSql, /* The original SQL string */
123495         -  int nSql,         /* Length of original SQL string */
123496         -  u8 prepFlags      /* The flags passed to sqlite3_prepare_v3() */
123497         -){
123498         -  int nOut = nSql + 4;
123499         -  const char *z = zSql;
123500         -  while( nOut<nSql*5 ){
123501         -    while( z[0]!=0 && z[0]!='I' && z[0]!='i' ){ z++; }
123502         -    if( z[0]==0 ) break;
123503         -    z++;
123504         -    if( z[0]!='N' && z[0]!='n' ) break;
123505         -    z++;
123506         -    while( sqlite3Isspace(z[0]) ){ z++; }
123507         -    if( z[0]!='(' ) break;
123508         -    z++;
123509         -    nOut += 5; /* ?,?,? */
123510         -  }
123511         -  return nOut;
123512         -}
123513         -
123514         -/*
123515         -** Copy the current token into the output buffer while dealing with quoted
123516         -** identifiers.  By default, all letters will be converted into lowercase.
123517         -** If the bUpper flag is set, uppercase will be used.  The piOut argument
123518         -** will be used to update the target index into the output string.
123519         -*/
123520         -static void copyNormalizedToken(
123521         -  const char *zSql, /* The original SQL string */
123522         -  int iIn,          /* Current index into the original SQL string */
123523         -  int nToken,       /* Number of bytes in the current token */
123524         -  int tokenFlags,   /* Flags returned by the tokenizer */
123525         -  char *zOut,       /* The output string */
123526         -  int *piOut        /* Pointer to target index into the output string */
123527         -){
123528         -  int bQuoted = tokenFlags & SQLITE_TOKEN_QUOTED;
123529         -  int bKeyword = tokenFlags & SQLITE_TOKEN_KEYWORD;
123530         -  int j = *piOut, k = 0;
123531         -  for(; k<nToken; k++){
123532         -    if( bQuoted ){
123533         -      if( k==0 && iIn>0 ){
123534         -        zOut[j++] = '"';
123535         -        continue;
123536         -      }else if( k==nToken-1 ){
123537         -        zOut[j++] = '"';
123538         -        continue;
123539         -      }
123540         -    }
123541         -    if( bKeyword ){
123542         -      zOut[j++] = sqlite3Toupper(zSql[iIn+k]);
123543         -    }else{
123544         -      zOut[j++] = sqlite3Tolower(zSql[iIn+k]);
123545         -    }
123546         -  }
123547         -  *piOut = j;
123548         -}
123549         -
123550         -/*
123551         -** Perform normalization of the SQL contained in the prepared statement and
123552         -** store the result in the zNormSql field.  The schema for the associated
123553         -** databases are consulted while performing the normalization in order to
123554         -** determine if a token appears to be an identifier.  All identifiers are
123555         -** left intact in the normalized SQL and all literals are replaced with a
123556         -** single '?'.
123557         -*/
123558         -SQLITE_PRIVATE void sqlite3Normalize(
123559         -  Vdbe *pVdbe,      /* VM being reprepared */
123560         -  const char *zSql, /* The original SQL string */
123561         -  int nSql,         /* Size of the input string in bytes */
123562         -  u8 prepFlags      /* The flags passed to sqlite3_prepare_v3() */
123563         -){
123564         -  sqlite3 *db;           /* Database handle. */
123565         -  char *z;               /* The output string */
123566         -  int nZ;                /* Size of the output string in bytes */
123567         -  int i;                 /* Next character to read from zSql[] */
123568         -  int j;                 /* Next character to fill in on z[] */
123569         -  int tokenType = 0;     /* Type of the next token */
123570         -  int prevTokenType = 0; /* Type of the previous token, except spaces */
123571         -  int n;                 /* Size of the next token */
123572         -  int nParen = 0;        /* Nesting level of parenthesis */
123573         -  Hash inHash;           /* Table of parenthesis levels to output index. */
123574         -
123575         -  db = sqlite3VdbeDb(pVdbe);
123576         -  assert( db!=0 );
123577         -  assert( pVdbe->zNormSql==0 );
123578         -  if( zSql==0 ) return;
123579         -  nZ = estimateNormalizedSize(zSql, nSql, prepFlags);
123580         -  z = sqlite3DbMallocRawNN(db, nZ);
123581         -  if( z==0 ) return;
123582         -  sqlite3HashInit(&inHash);
123583         -  for(i=j=0; i<nSql && zSql[i]; i+=n){
123584         -    int flags = 0;
123585         -    if( tokenType!=TK_SPACE ) prevTokenType = tokenType;
123586         -    n = sqlite3GetTokenNormalized((unsigned char*)zSql+i, &tokenType, &flags);
123587         -    switch( tokenType ){
123588         -      case TK_SPACE: {
123589         -        break;
123590         -      }
123591         -      case TK_ILLEGAL: {
123592         -        sqlite3DbFree(db, z);
123593         -        sqlite3HashClear(&inHash);
123594         -        return;
123595         -      }
123596         -      case TK_STRING:
123597         -      case TK_INTEGER:
123598         -      case TK_FLOAT:
123599         -      case TK_VARIABLE:
123600         -      case TK_BLOB: {
123601         -        z[j++] = '?';
123602         -        break;
123603         -      }
123604         -      case TK_LP:
123605         -      case TK_RP: {
123606         -        if( tokenType==TK_LP ){
123607         -          nParen++;
123608         -          if( prevTokenType==TK_IN ){
123609         -            assert( nParen<nSql );
123610         -            sqlite3HashInsert(&inHash, zSql+nParen, SQLITE_INT_TO_PTR(j));
123611         -          }
123612         -        }else{
123613         -          int jj;
123614         -          assert( nParen<nSql );
123615         -          jj = SQLITE_PTR_TO_INT(sqlite3HashFind(&inHash, zSql+nParen));
123616         -          if( jj>0 ){
123617         -            sqlite3HashInsert(&inHash, zSql+nParen, 0);
123618         -            assert( jj+6<nZ );
123619         -            memcpy(z+jj+1, "?,?,?", 5);
123620         -            j = jj+6;
123621         -            assert( nZ-1-j>=0 );
123622         -            assert( nZ-1-j<nZ );
123623         -            memset(z+j, 0, nZ-1-j);
123624         -          }
123625         -          nParen--;
123626         -        }
123627         -        assert( nParen>=0 );
123628         -        /* Fall through */
123629         -      }
123630         -      case TK_MINUS:
123631         -      case TK_SEMI:
123632         -      case TK_PLUS:
123633         -      case TK_STAR:
123634         -      case TK_SLASH:
123635         -      case TK_REM:
123636         -      case TK_EQ:
123637         -      case TK_LE:
123638         -      case TK_NE:
123639         -      case TK_LSHIFT:
123640         -      case TK_LT:
123641         -      case TK_RSHIFT:
123642         -      case TK_GT:
123643         -      case TK_GE:
123644         -      case TK_BITOR:
123645         -      case TK_CONCAT:
123646         -      case TK_COMMA:
123647         -      case TK_BITAND:
123648         -      case TK_BITNOT:
123649         -      case TK_DOT:
123650         -      case TK_IN:
123651         -      case TK_IS:
123652         -      case TK_NOT:
123653         -      case TK_NULL:
123654         -      case TK_ID: {
123655         -        if( tokenType==TK_NULL ){
123656         -          if( prevTokenType==TK_IS || prevTokenType==TK_NOT ){
123657         -            /* NULL is a keyword in this case, not a literal value */
123658         -          }else{
123659         -            /* Here the NULL is a literal value */
123660         -            z[j++] = '?';
123661         -            break;
123662         -          }
123663         -        }
123664         -        if( j>0 && sqlite3IsIdChar(z[j-1]) && sqlite3IsIdChar(zSql[i]) ){
123665         -          z[j++] = ' ';
123666         -        }
123667         -        if( tokenType==TK_ID ){
123668         -          int i2 = i, n2 = n, rc = SQLITE_OK;
123669         -          if( nParen>0 ){
123670         -            assert( nParen<nSql );
123671         -            sqlite3HashInsert(&inHash, zSql+nParen, 0);
123672         -          }
123673         -          if( flags&SQLITE_TOKEN_QUOTED ){ i2++; n2-=2; }
123674         -          if( shouldTreatAsIdentifier(db, zSql+i2, n2, &rc)==0 ){
123675         -            if( rc!=SQLITE_OK ){
123676         -              sqlite3DbFree(db, z);
123677         -              sqlite3HashClear(&inHash);
123678         -              return;
123679         -            }
123680         -            if( sqlite3_keyword_check(zSql+i2, n2)==0 ){
123681         -              z[j++] = '?';
123682         -              break;
123683         -            }
123684         -          }
123685         -        }
123686         -        copyNormalizedToken(zSql, i, n, flags, z, &j);
123687         -        break;
123688         -      }
123689         -    }
123690         -  }
123691         -  assert( j<nZ && "one" );
123692         -  while( j>0 && z[j-1]==' ' ){ j--; }
123693         -  if( j>0 && z[j-1]!=';' ){ z[j++] = ';'; }
123694         -  z[j] = 0;
123695         -  assert( j<nZ && "two" );
123696         -  pVdbe->zNormSql = z;
123697         -  sqlite3HashClear(&inHash);
123698         -}
123699         -#endif /* SQLITE_ENABLE_NORMALIZE */
123700 124128   
123701 124129   /*
123702 124130   ** Rerun the compilation of a statement after a schema change.
123703 124131   **
123704 124132   ** If the statement is successfully recompiled, return SQLITE_OK. Otherwise,
123705 124133   ** if the statement cannot be recompiled because another connection has
123706 124134   ** locked the sqlite3_master table, return SQLITE_LOCKED. If any other error
................................................................................
124534 124962       regBase = regData - nPrefixReg;
124535 124963     }else{
124536 124964       regBase = pParse->nMem + 1;
124537 124965       pParse->nMem += nBase;
124538 124966     }
124539 124967     assert( pSelect->iOffset==0 || pSelect->iLimit!=0 );
124540 124968     iLimit = pSelect->iOffset ? pSelect->iOffset+1 : pSelect->iLimit;
124541         -  pSort->labelDone = sqlite3VdbeMakeLabel(v);
       124969  +  pSort->labelDone = sqlite3VdbeMakeLabel(pParse);
124542 124970     sqlite3ExprCodeExprList(pParse, pSort->pOrderBy, regBase, regOrigData,
124543 124971                             SQLITE_ECEL_DUP | (regOrigData? SQLITE_ECEL_REF : 0));
124544 124972     if( bSeq ){
124545 124973       sqlite3VdbeAddOp2(v, OP_Sequence, pSort->iECursor, regBase+nExpr);
124546 124974     }
124547 124975     if( nPrefixReg==0 && nData>0 ){
124548 124976       sqlite3ExprCodeMove(pParse, regData, regBase+nExpr+bSeq, nData);
................................................................................
124573 125001       memset(pKI->aSortOrder, 0, pKI->nKeyField); /* Makes OP_Jump testable */
124574 125002       sqlite3VdbeChangeP4(v, -1, (char*)pKI, P4_KEYINFO);
124575 125003       testcase( pKI->nAllField > pKI->nKeyField+2 );
124576 125004       pOp->p4.pKeyInfo = sqlite3KeyInfoFromExprList(pParse,pSort->pOrderBy,nOBSat,
124577 125005                                              pKI->nAllField-pKI->nKeyField-1);
124578 125006       addrJmp = sqlite3VdbeCurrentAddr(v);
124579 125007       sqlite3VdbeAddOp3(v, OP_Jump, addrJmp+1, 0, addrJmp+1); VdbeCoverage(v);
124580         -    pSort->labelBkOut = sqlite3VdbeMakeLabel(v);
       125008  +    pSort->labelBkOut = sqlite3VdbeMakeLabel(pParse);
124581 125009       pSort->regReturn = ++pParse->nMem;
124582 125010       sqlite3VdbeAddOp2(v, OP_Gosub, pSort->regReturn, pSort->labelBkOut);
124583 125011       sqlite3VdbeAddOp1(v, OP_ResetSorter, pSort->iECursor);
124584 125012       if( iLimit ){
124585 125013         sqlite3VdbeAddOp2(v, OP_IfNot, iLimit, pSort->labelDone);
124586 125014         VdbeCoverage(v);
124587 125015       }
................................................................................
125320 125748     Select *p,        /* The SELECT statement */
125321 125749     SortCtx *pSort,   /* Information on the ORDER BY clause */
125322 125750     int nColumn,      /* Number of columns of data */
125323 125751     SelectDest *pDest /* Write the sorted results here */
125324 125752   ){
125325 125753     Vdbe *v = pParse->pVdbe;                     /* The prepared statement */
125326 125754     int addrBreak = pSort->labelDone;            /* Jump here to exit loop */
125327         -  int addrContinue = sqlite3VdbeMakeLabel(v);  /* Jump here for next cycle */
       125755  +  int addrContinue = sqlite3VdbeMakeLabel(pParse);/* Jump here for next cycle */
125328 125756     int addr;                       /* Top of output loop. Jump for Next. */
125329 125757     int addrOnce = 0;
125330 125758     int iTab;
125331 125759     ExprList *pOrderBy = pSort->pOrderBy;
125332 125760     int eDest = pDest->eDest;
125333 125761     int iParm = pDest->iSDParm;
125334 125762     int regRow;
................................................................................
125360 125788   
125361 125789     iTab = pSort->iECursor;
125362 125790     if( eDest==SRT_Output || eDest==SRT_Coroutine || eDest==SRT_Mem ){
125363 125791       regRowid = 0;
125364 125792       regRow = pDest->iSdst;
125365 125793     }else{
125366 125794       regRowid = sqlite3GetTempReg(pParse);
125367         -    regRow = sqlite3GetTempRange(pParse, nColumn);
       125795  +    if( eDest==SRT_EphemTab || eDest==SRT_Table ){
       125796  +      regRow = sqlite3GetTempReg(pParse);
       125797  +      nColumn = 0;
       125798  +    }else{
       125799  +      regRow = sqlite3GetTempRange(pParse, nColumn);
       125800  +    }
125368 125801     }
125369 125802     nKey = pOrderBy->nExpr - pSort->nOBSat;
125370 125803     if( pSort->sortFlags & SORTFLAG_UseSorter ){
125371 125804       int regSortOut = ++pParse->nMem;
125372 125805       iSortTab = pParse->nTab++;
125373 125806       if( pSort->labelBkOut ){
125374 125807         addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
................................................................................
125440 125873         sqlite3VdbeAddOp3(v, OP_Column, iSortTab, iRead, regRow+i);
125441 125874         VdbeComment((v, "%s", aOutEx[i].zName?aOutEx[i].zName : aOutEx[i].zSpan));
125442 125875       }
125443 125876     }
125444 125877     switch( eDest ){
125445 125878       case SRT_Table:
125446 125879       case SRT_EphemTab: {
       125880  +      sqlite3VdbeAddOp3(v, OP_Column, iSortTab, nKey+bSeq, regRow);
125447 125881         sqlite3VdbeAddOp2(v, OP_NewRowid, iParm, regRowid);
125448 125882         sqlite3VdbeAddOp3(v, OP_Insert, iParm, regRow, regRowid);
125449 125883         sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
125450 125884         break;
125451 125885       }
125452 125886   #ifndef SQLITE_OMIT_SUBQUERY
125453 125887       case SRT_Set: {
................................................................................
125980 126414   /*
125981 126415   ** Given a SELECT statement, generate a Table structure that describes
125982 126416   ** the result set of that SELECT.
125983 126417   */
125984 126418   SQLITE_PRIVATE Table *sqlite3ResultSetOfSelect(Parse *pParse, Select *pSelect){
125985 126419     Table *pTab;
125986 126420     sqlite3 *db = pParse->db;
125987         -  int savedFlags;
       126421  +  u64 savedFlags;
125988 126422   
125989 126423     savedFlags = db->flags;
125990         -  db->flags &= ~SQLITE_FullColNames;
       126424  +  db->flags &= ~(u64)SQLITE_FullColNames;
125991 126425     db->flags |= SQLITE_ShortColNames;
125992 126426     sqlite3SelectPrep(pParse, pSelect, 0);
       126427  +  db->flags = savedFlags;
125993 126428     if( pParse->nErr ) return 0;
125994 126429     while( pSelect->pPrior ) pSelect = pSelect->pPrior;
125995         -  db->flags = savedFlags;
125996 126430     pTab = sqlite3DbMallocZero(db, sizeof(Table) );
125997 126431     if( pTab==0 ){
125998 126432       return 0;
125999 126433     }
126000 126434     /* The sqlite3ResultSetOfSelect() is only used n contexts where lookaside
126001 126435     ** is disabled */
126002 126436     assert( db->lookaside.bDisable );
................................................................................
126232 126666     }
126233 126667   #endif
126234 126668   
126235 126669     /* Obtain authorization to do a recursive query */
126236 126670     if( sqlite3AuthCheck(pParse, SQLITE_RECURSIVE, 0, 0, 0) ) return;
126237 126671   
126238 126672     /* Process the LIMIT and OFFSET clauses, if they exist */
126239         -  addrBreak = sqlite3VdbeMakeLabel(v);
       126673  +  addrBreak = sqlite3VdbeMakeLabel(pParse);
126240 126674     p->nSelectRow = 320;  /* 4 billion rows */
126241 126675     computeLimitRegisters(pParse, p, addrBreak);
126242 126676     pLimit = p->pLimit;
126243 126677     regLimit = p->iLimit;
126244 126678     regOffset = p->iOffset;
126245 126679     p->pLimit = 0;
126246 126680     p->iLimit = p->iOffset = 0;
................................................................................
126302 126736       sqlite3VdbeAddOp3(v, OP_Column, iQueue, pOrderBy->nExpr+1, regCurrent);
126303 126737     }else{
126304 126738       sqlite3VdbeAddOp2(v, OP_RowData, iQueue, regCurrent);
126305 126739     }
126306 126740     sqlite3VdbeAddOp1(v, OP_Delete, iQueue);
126307 126741   
126308 126742     /* Output the single row in Current */
126309         -  addrCont = sqlite3VdbeMakeLabel(v);
       126743  +  addrCont = sqlite3VdbeMakeLabel(pParse);
126310 126744     codeOffset(v, regOffset, addrCont);
126311 126745     selectInnerLoop(pParse, p, iCurrent,
126312 126746         0, 0, pDest, addrCont, addrBreak);
126313 126747     if( regLimit ){
126314 126748       sqlite3VdbeAddOp2(v, OP_DecrJumpZero, regLimit, addrBreak);
126315 126749       VdbeCoverage(v);
126316 126750     }
................................................................................
126610 127044           /* Convert the data in the temporary table into whatever form
126611 127045           ** it is that we currently need.
126612 127046           */
126613 127047           assert( unionTab==dest.iSDParm || dest.eDest!=priorOp );
126614 127048           if( dest.eDest!=priorOp ){
126615 127049             int iCont, iBreak, iStart;
126616 127050             assert( p->pEList );
126617         -          iBreak = sqlite3VdbeMakeLabel(v);
126618         -          iCont = sqlite3VdbeMakeLabel(v);
       127051  +          iBreak = sqlite3VdbeMakeLabel(pParse);
       127052  +          iCont = sqlite3VdbeMakeLabel(pParse);
126619 127053             computeLimitRegisters(pParse, p, iBreak);
126620 127054             sqlite3VdbeAddOp2(v, OP_Rewind, unionTab, iBreak); VdbeCoverage(v);
126621 127055             iStart = sqlite3VdbeCurrentAddr(v);
126622 127056             selectInnerLoop(pParse, p, unionTab,
126623 127057                             0, 0, &dest, iCont, iBreak);
126624 127058             sqlite3VdbeResolveLabel(v, iCont);
126625 127059             sqlite3VdbeAddOp2(v, OP_Next, unionTab, iStart); VdbeCoverage(v);
................................................................................
126679 127113           sqlite3ExprDelete(db, p->pLimit);
126680 127114           p->pLimit = pLimit;
126681 127115     
126682 127116           /* Generate code to take the intersection of the two temporary
126683 127117           ** tables.
126684 127118           */
126685 127119           assert( p->pEList );
126686         -        iBreak = sqlite3VdbeMakeLabel(v);
126687         -        iCont = sqlite3VdbeMakeLabel(v);
       127120  +        iBreak = sqlite3VdbeMakeLabel(pParse);
       127121  +        iCont = sqlite3VdbeMakeLabel(pParse);
126688 127122           computeLimitRegisters(pParse, p, iBreak);
126689 127123           sqlite3VdbeAddOp2(v, OP_Rewind, tab1, iBreak); VdbeCoverage(v);
126690 127124           r1 = sqlite3GetTempReg(pParse);
126691 127125           iStart = sqlite3VdbeAddOp2(v, OP_RowData, tab1, r1);
126692 127126           sqlite3VdbeAddOp4Int(v, OP_NotFound, tab2, iCont, r1, 0);
126693 127127           VdbeCoverage(v);
126694 127128           sqlite3ReleaseTempReg(pParse, r1);
................................................................................
126810 127244     int iBreak              /* Jump here if we hit the LIMIT */
126811 127245   ){
126812 127246     Vdbe *v = pParse->pVdbe;
126813 127247     int iContinue;
126814 127248     int addr;
126815 127249   
126816 127250     addr = sqlite3VdbeCurrentAddr(v);
126817         -  iContinue = sqlite3VdbeMakeLabel(v);
       127251  +  iContinue = sqlite3VdbeMakeLabel(pParse);
126818 127252   
126819 127253     /* Suppress duplicates for UNION, EXCEPT, and INTERSECT 
126820 127254     */
126821 127255     if( regPrev ){
126822 127256       int addr1, addr2;
126823 127257       addr1 = sqlite3VdbeAddOp1(v, OP_IfNot, regPrev); VdbeCoverage(v);
126824 127258       addr2 = sqlite3VdbeAddOp4(v, OP_Compare, pIn->iSdst, regPrev+1, pIn->nSdst,
................................................................................
127047 127481     int *aPermute;        /* Mapping from ORDER BY terms to result set columns */
127048 127482   
127049 127483     assert( p->pOrderBy!=0 );
127050 127484     assert( pKeyDup==0 ); /* "Managed" code needs this.  Ticket #3382. */
127051 127485     db = pParse->db;
127052 127486     v = pParse->pVdbe;
127053 127487     assert( v!=0 );       /* Already thrown the error if VDBE alloc failed */
127054         -  labelEnd = sqlite3VdbeMakeLabel(v);
127055         -  labelCmpr = sqlite3VdbeMakeLabel(v);
       127488  +  labelEnd = sqlite3VdbeMakeLabel(pParse);
       127489  +  labelCmpr = sqlite3VdbeMakeLabel(pParse);
127056 127490   
127057 127491   
127058 127492     /* Patch up the ORDER BY clause
127059 127493     */
127060 127494     op = p->op;  
127061 127495     pPrior = p->pPrior;
127062 127496     assert( pPrior->pOrderBy==0 );
................................................................................
127364 127798           if( pSubst->isLeftJoin && pCopy->op!=TK_COLUMN ){
127365 127799             memset(&ifNullRow, 0, sizeof(ifNullRow));
127366 127800             ifNullRow.op = TK_IF_NULL_ROW;
127367 127801             ifNullRow.pLeft = pCopy;
127368 127802             ifNullRow.iTable = pSubst->iNewTable;
127369 127803             pCopy = &ifNullRow;
127370 127804           }
       127805  +        testcase( ExprHasProperty(pCopy, EP_Subquery) );
127371 127806           pNew = sqlite3ExprDup(db, pCopy, 0);
127372 127807           if( pNew && pSubst->isLeftJoin ){
127373 127808             ExprSetProperty(pNew, EP_CanBeNull);
127374 127809           }
127375 127810           if( pNew && ExprHasProperty(pExpr,EP_FromJoin) ){
127376 127811             pNew->iRightJoinTable = pExpr->iRightJoinTable;
127377 127812             ExprSetProperty(pNew, EP_FromJoin);
................................................................................
127856 128291       pSrc = pParent->pSrc;     /* FROM clause of the outer query */
127857 128292   
127858 128293       if( pSrc ){
127859 128294         assert( pParent==p );  /* First time through the loop */
127860 128295         jointype = pSubitem->fg.jointype;
127861 128296       }else{
127862 128297         assert( pParent!=p );  /* 2nd and subsequent times through the loop */
127863         -      pSrc = pParent->pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
127864         -      if( pSrc==0 ){
127865         -        assert( db->mallocFailed );
127866         -        break;
127867         -      }
       128298  +      pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
       128299  +      if( pSrc==0 ) break;
       128300  +      pParent->pSrc = pSrc;
127868 128301       }
127869 128302   
127870 128303       /* The subquery uses a single slot of the FROM clause of the outer
127871 128304       ** query.  If the subquery has more than one element in its FROM clause,
127872 128305       ** then expand the outer query to make space for it to hold all elements
127873 128306       ** of the subquery.
127874 128307       **
................................................................................
127879 128312       ** The outer query has 3 slots in its FROM clause.  One slot of the
127880 128313       ** outer query (the middle slot) is used by the subquery.  The next
127881 128314       ** block of code will expand the outer query FROM clause to 4 slots.
127882 128315       ** The middle slot is expanded to two slots in order to make space
127883 128316       ** for the two elements in the FROM clause of the subquery.
127884 128317       */
127885 128318       if( nSubSrc>1 ){
127886         -      pParent->pSrc = pSrc = sqlite3SrcListEnlarge(db, pSrc, nSubSrc-1,iFrom+1);
127887         -      if( db->mallocFailed ){
127888         -        break;
127889         -      }
       128319  +      pSrc = sqlite3SrcListEnlarge(pParse, pSrc, nSubSrc-1,iFrom+1);
       128320  +      if( pSrc==0 ) break;
       128321  +      pParent->pSrc = pSrc;
127890 128322       }
127891 128323   
127892 128324       /* Transfer the FROM clause terms from the subquery into the
127893 128325       ** outer query.
127894 128326       */
127895 128327       for(i=0; i<nSubSrc; i++){
127896 128328         sqlite3IdListDelete(db, pSrc->a[i+iFrom].pUsing);
................................................................................
127928 128360         for(i=0; i<pOrderBy->nExpr; i++){
127929 128361           pOrderBy->a[i].u.x.iOrderByCol = 0;
127930 128362         }
127931 128363         assert( pParent->pOrderBy==0 );
127932 128364         pParent->pOrderBy = pOrderBy;
127933 128365         pSub->pOrderBy = 0;
127934 128366       }
127935         -    pWhere = sqlite3ExprDup(db, pSub->pWhere, 0);
       128367  +    pWhere = pSub->pWhere;
       128368  +    pSub->pWhere = 0;
127936 128369       if( isLeftJoin>0 ){
127937 128370         setJoinExpr(pWhere, iNewParent);
127938 128371       }
127939 128372       pParent->pWhere = sqlite3ExprAnd(db, pWhere, pParent->pWhere);
127940 128373       if( db->mallocFailed==0 ){
127941 128374         SubstContext x;
127942 128375         x.pParse = pParse;
................................................................................
129231 129664         regAgg = sqlite3GetTempRange(pParse, nArg);
129232 129665         sqlite3ExprCodeExprList(pParse, pList, regAgg, 0, SQLITE_ECEL_DUP);
129233 129666       }else{
129234 129667         nArg = 0;
129235 129668         regAgg = 0;
129236 129669       }
129237 129670       if( pF->iDistinct>=0 ){
129238         -      addrNext = sqlite3VdbeMakeLabel(v);
       129671  +      addrNext = sqlite3VdbeMakeLabel(pParse);
129239 129672         testcase( nArg==0 );  /* Error condition */
129240 129673         testcase( nArg>1 );   /* Also an error */
129241 129674         codeDistinct(pParse, pF->iDistinct, addrNext, 1, regAgg);
129242 129675       }
129243 129676       if( pF->pFunc->funcFlags & SQLITE_FUNC_NEEDCOLL ){
129244 129677         CollSeq *pColl = 0;
129245 129678         struct ExprList_item *pItem;
................................................................................
129367 129800   */
129368 129801   static struct SrcList_item *isSelfJoinView(
129369 129802     SrcList *pTabList,           /* Search for self-joins in this FROM clause */
129370 129803     struct SrcList_item *pThis   /* Search for prior reference to this subquery */
129371 129804   ){
129372 129805     struct SrcList_item *pItem;
129373 129806     for(pItem = pTabList->a; pItem<pThis; pItem++){
       129807  +    Select *pS1;
129374 129808       if( pItem->pSelect==0 ) continue;
129375 129809       if( pItem->fg.viaCoroutine ) continue;
129376 129810       if( pItem->zName==0 ) continue;
129377 129811       if( sqlite3_stricmp(pItem->zDatabase, pThis->zDatabase)!=0 ) continue;
129378 129812       if( sqlite3_stricmp(pItem->zName, pThis->zName)!=0 ) continue;
129379         -    if( sqlite3ExprCompare(0, 
129380         -          pThis->pSelect->pWhere, pItem->pSelect->pWhere, -1) 
129381         -    ){
       129813  +    pS1 = pItem->pSelect;
       129814  +    if( pThis->pSelect->selId!=pS1->selId ){
       129815  +      /* The query flattener left two different CTE tables with identical
       129816  +      ** names in the same FROM clause. */
       129817  +      continue;
       129818  +    }
       129819  +    if( sqlite3ExprCompare(0, pThis->pSelect->pWhere, pS1->pWhere, -1) ){
129382 129820         /* The view was modified by some other optimization such as
129383 129821         ** pushDownWhereTerms() */
129384 129822         continue;
129385 129823       }
129386 129824       return pItem;
129387 129825     }
129388 129826     return 0;
................................................................................
129636 130074        && (pTabList->nSrc==1
129637 130075            || (pTabList->a[1].fg.jointype&(JT_LEFT|JT_CROSS))!=0)
129638 130076       ){
129639 130077         continue;
129640 130078       }
129641 130079   
129642 130080       if( flattenSubquery(pParse, p, i, isAgg) ){
       130081  +      if( pParse->nErr ) goto select_end;
129643 130082         /* This subquery can be absorbed into its parent. */
129644 130083         i = -1;
129645 130084       }
129646 130085       pTabList = p->pSrc;
129647 130086       if( db->mallocFailed ) goto select_end;
129648 130087       if( !IgnorableOrderby(pDest) ){
129649 130088         sSort.pOrderBy = p->pOrderBy;
................................................................................
129731 130170   
129732 130171   #if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
129733 130172       /* Generate code for all sub-queries in the FROM clause
129734 130173       */
129735 130174       pSub = pItem->pSelect;
129736 130175       if( pSub==0 ) continue;
129737 130176   
129738         -    /* Sometimes the code for a subquery will be generated more than
129739         -    ** once, if the subquery is part of the WHERE clause in a LEFT JOIN,
129740         -    ** for example.  In that case, do not regenerate the code to manifest
129741         -    ** a view or the co-routine to implement a view.  The first instance
129742         -    ** is sufficient, though the subroutine to manifest the view does need
129743         -    ** to be invoked again. */
129744         -    if( pItem->addrFillSub ){
129745         -      if( pItem->fg.viaCoroutine==0 ){
129746         -        /* The subroutine that manifests the view might be a one-time routine,
129747         -        ** or it might need to be rerun on each iteration because it
129748         -        ** encodes a correlated subquery. */
129749         -        testcase( sqlite3VdbeGetOp(v, pItem->addrFillSub)->opcode==OP_Once );
129750         -        sqlite3VdbeAddOp2(v, OP_Gosub, pItem->regReturn, pItem->addrFillSub);
129751         -      }
129752         -      continue;
129753         -    }
       130177  +    /* The code for a subquery should only be generated once, though it is
       130178  +    ** technically harmless for it to be generated multiple times. The
       130179  +    ** following assert() will detect if something changes to cause
       130180  +    ** the same subquery to be coded multiple times, as a signal to the
       130181  +    ** developers to try to optimize the situation. */
       130182  +    assert( pItem->addrFillSub==0 );
129754 130183   
129755 130184       /* Increment Parse.nHeight by the height of the largest expression
129756 130185       ** tree referred to by this, the parent select. The child select
129757 130186       ** may contain expression trees of at most
129758 130187       ** (SQLITE_MAX_EXPR_DEPTH-Parse.nHeight) height. This is a bit
129759 130188       ** more conservative than necessary, but much easier than enforcing
129760 130189       ** an exact limit.
................................................................................
129934 130363     */
129935 130364     if( pDest->eDest==SRT_EphemTab ){
129936 130365       sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pDest->iSDParm, pEList->nExpr);
129937 130366     }
129938 130367   
129939 130368     /* Set the limiter.
129940 130369     */
129941         -  iEnd = sqlite3VdbeMakeLabel(v);
       130370  +  iEnd = sqlite3VdbeMakeLabel(pParse);
129942 130371     if( (p->selFlags & SF_FixedLimit)==0 ){
129943 130372       p->nSelectRow = 320;  /* 4 billion rows */
129944 130373     }
129945 130374     computeLimitRegisters(pParse, p, iEnd);
129946 130375     if( p->iLimit==0 && sSort.addrSortIndex>=0 ){
129947 130376       sqlite3VdbeChangeOpcode(v, sSort.addrSortIndex, OP_SorterOpen);
129948 130377       sSort.sortFlags |= SORTFLAG_UseSorter;
................................................................................
130001 130430       if( sSort.addrSortIndex>=0 && sSort.pOrderBy==0 ){
130002 130431         sqlite3VdbeChangeToNoop(v, sSort.addrSortIndex);
130003 130432       }
130004 130433   
130005 130434       assert( p->pEList==pEList );
130006 130435   #ifndef SQLITE_OMIT_WINDOWFUNC
130007 130436       if( pWin ){
130008         -      int addrGosub = sqlite3VdbeMakeLabel(v);
130009         -      int iCont = sqlite3VdbeMakeLabel(v);
130010         -      int iBreak = sqlite3VdbeMakeLabel(v);
       130437  +      int addrGosub = sqlite3VdbeMakeLabel(pParse);
       130438  +      int iCont = sqlite3VdbeMakeLabel(pParse);
       130439  +      int iBreak = sqlite3VdbeMakeLabel(pParse);
130011 130440         int regGosub = ++pParse->nMem;
130012 130441   
130013 130442         sqlite3WindowCodeStep(pParse, p, pWInfo, regGosub, addrGosub);
130014 130443   
130015 130444         sqlite3VdbeAddOp2(v, OP_Goto, 0, iBreak);
130016 130445         sqlite3VdbeResolveLabel(v, addrGosub);
130017 130446         VdbeNoopComment((v, "inner-loop subroutine"));
................................................................................
130078 130507       ** ORDER BY and GROUP BY clauses are the same by setting the orderByGrp
130079 130508       ** variable.  */
130080 130509       if( sqlite3ExprListCompare(pGroupBy, sSort.pOrderBy, -1)==0 ){
130081 130510         orderByGrp = 1;
130082 130511       }
130083 130512    
130084 130513       /* Create a label to jump to when we want to abort the query */
130085         -    addrEnd = sqlite3VdbeMakeLabel(v);
       130514  +    addrEnd = sqlite3VdbeMakeLabel(pParse);
130086 130515   
130087 130516       /* Convert TK_COLUMN nodes into TK_AGG_COLUMN and make entries in
130088 130517       ** sAggInfo for all TK_AGG_FUNCTION nodes in expressions of the
130089 130518       ** SELECT statement.
130090 130519       */
130091 130520       memset(&sNC, 0, sizeof(sNC));
130092 130521       sNC.pParse = pParse;
................................................................................
130167 130596             0, (char*)pKeyInfo, P4_KEYINFO);
130168 130597   
130169 130598         /* Initialize memory locations used by GROUP BY aggregate processing
130170 130599         */
130171 130600         iUseFlag = ++pParse->nMem;
130172 130601         iAbortFlag = ++pParse->nMem;
130173 130602         regOutputRow = ++pParse->nMem;
130174         -      addrOutputRow = sqlite3VdbeMakeLabel(v);
       130603  +      addrOutputRow = sqlite3VdbeMakeLabel(pParse);
130175 130604         regReset = ++pParse->nMem;
130176         -      addrReset = sqlite3VdbeMakeLabel(v);
       130605  +      addrReset = sqlite3VdbeMakeLabel(pParse);
130177 130606         iAMem = pParse->nMem + 1;
130178 130607         pParse->nMem += pGroupBy->nExpr;
130179 130608         iBMem = pParse->nMem + 1;
130180 130609         pParse->nMem += pGroupBy->nExpr;
130181 130610         sqlite3VdbeAddOp2(v, OP_Integer, 0, iAbortFlag);
130182 130611         VdbeComment((v, "clear abort flag"));
130183 130612         sqlite3VdbeAddOp3(v, OP_Null, 0, iAMem, iAMem+pGroupBy->nExpr-1);
................................................................................
131456 131885     Parse *pParse,       /* The parsing context */
131457 131886     TriggerStep *pStep   /* The trigger containing the target token */
131458 131887   ){
131459 131888     sqlite3 *db = pParse->db;
131460 131889     int iDb;             /* Index of the database to use */
131461 131890     SrcList *pSrc;       /* SrcList to be returned */
131462 131891   
131463         -  pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
       131892  +  pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
131464 131893     if( pSrc ){
131465 131894       assert( pSrc->nSrc>0 );
131466 131895       pSrc->a[pSrc->nSrc-1].zName = sqlite3DbStrDup(db, pStep->zTarget);
131467 131896       iDb = sqlite3SchemaToIndex(db, pStep->pTrig->pSchema);
131468 131897       if( iDb==0 || iDb>=2 ){
131469 131898         const char *zDb;
131470 131899         assert( iDb<db->nDb );
................................................................................
131641 132070     sNC.pParse = pSubParse;
131642 132071     pSubParse->db = db;
131643 132072     pSubParse->pTriggerTab = pTab;
131644 132073     pSubParse->pToplevel = pTop;
131645 132074     pSubParse->zAuthContext = pTrigger->zName;
131646 132075     pSubParse->eTriggerOp = pTrigger->op;
131647 132076     pSubParse->nQueryLoop = pParse->nQueryLoop;
       132077  +  pSubParse->disableVtab = pParse->disableVtab;
131648 132078   
131649 132079     v = sqlite3GetVdbe(pSubParse);
131650 132080     if( v ){
131651 132081       VdbeComment((v, "Start: %s.%s (%s %s%s%s ON %s)", 
131652 132082         pTrigger->zName, onErrorText(orconf),
131653 132083         (pTrigger->tr_tm==TRIGGER_BEFORE ? "BEFORE" : "AFTER"),
131654 132084           (pTrigger->op==TK_UPDATE ? "UPDATE" : ""),
................................................................................
131668 132098       ** (or NULL) the sub-vdbe is immediately halted by jumping to the 
131669 132099       ** OP_Halt inserted at the end of the program.  */
131670 132100       if( pTrigger->pWhen ){
131671 132101         pWhen = sqlite3ExprDup(db, pTrigger->pWhen, 0);
131672 132102         if( SQLITE_OK==sqlite3ResolveExprNames(&sNC, pWhen) 
131673 132103          && db->mallocFailed==0 
131674 132104         ){
131675         -        iEndTrigger = sqlite3VdbeMakeLabel(v);
       132105  +        iEndTrigger = sqlite3VdbeMakeLabel(pSubParse);
131676 132106           sqlite3ExprIfFalse(pSubParse, pWhen, iEndTrigger, SQLITE_JUMPIFNULL);
131677 132107         }
131678 132108         sqlite3ExprDelete(db, pWhen);
131679 132109       }
131680 132110   
131681 132111       /* Code the trigger program into the sub-vdbe. */
131682 132112       codeTriggerProgram(pSubParse, pTrigger->step_list, orconf);
................................................................................
132267 132697   
132268 132698     hasFK = sqlite3FkRequired(pParse, pTab, aXRef, chngKey);
132269 132699   
132270 132700     /* There is one entry in the aRegIdx[] array for each index on the table
132271 132701     ** being updated.  Fill in aRegIdx[] with a register number that will hold
132272 132702     ** the key for accessing each index.
132273 132703     */
       132704  +  if( onError==OE_Replace ) bReplace = 1;
132274 132705     for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
132275 132706       int reg;
132276 132707       if( chngKey || hasFK>1 || pIdx==pPk
132277 132708        || indexWhereClauseMightChange(pIdx,aXRef,chngRowid)
132278 132709       ){
132279 132710         reg = ++pParse->nMem;
132280 132711         pParse->nMem += pIdx->nColumn;
132281 132712       }else{
132282 132713         reg = 0;
132283 132714         for(i=0; i<pIdx->nKeyCol; i++){
132284 132715           if( indexColumnIsBeingUpdated(pIdx, i, aXRef, chngRowid) ){
132285 132716             reg = ++pParse->nMem;
132286 132717             pParse->nMem += pIdx->nColumn;
132287         -          if( (onError==OE_Replace)
132288         -           || (onError==OE_Default && pIdx->onError==OE_Replace) 
132289         -          ){
       132718  +          if( onError==OE_Default && pIdx->onError==OE_Replace ){
132290 132719               bReplace = 1;
132291 132720             }
132292 132721             break;
132293 132722           }
132294 132723         }
132295 132724       }
132296 132725       if( reg==0 ) aToOpen[j+1] = 0;
................................................................................
132354 132783       updateVirtualTable(pParse, pTabList, pTab, pChanges, pRowidExpr, aXRef,
132355 132784                          pWhere, onError);
132356 132785       goto update_cleanup;
132357 132786     }
132358 132787   #endif
132359 132788   
132360 132789     /* Jump to labelBreak to abandon further processing of this UPDATE */
132361         -  labelContinue = labelBreak = sqlite3VdbeMakeLabel(v);
       132790  +  labelContinue = labelBreak = sqlite3VdbeMakeLabel(pParse);
132362 132791   
132363 132792     /* Not an UPSERT.  Normal processing.  Begin by
132364 132793     ** initialize the count of updated rows */
132365 132794     if( (db->flags&SQLITE_CountRows)!=0
132366 132795      && !pParse->pTriggerTab
132367 132796      && !pParse->nested
132368 132797      && pUpsert==0
................................................................................
132489 132918       if( eOnePass!=ONEPASS_OFF ){
132490 132919         if( !isView && aiCurOnePass[0]!=iDataCur && aiCurOnePass[1]!=iDataCur ){
132491 132920           assert( pPk );
132492 132921           sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelBreak, regKey,nKey);
132493 132922           VdbeCoverage(v);
132494 132923         }
132495 132924         if( eOnePass!=ONEPASS_SINGLE ){
132496         -        labelContinue = sqlite3VdbeMakeLabel(v);
       132925  +        labelContinue = sqlite3VdbeMakeLabel(pParse);
132497 132926         }
132498 132927         sqlite3VdbeAddOp2(v, OP_IsNull, pPk ? regKey : regOldRowid, labelBreak);
132499 132928         VdbeCoverageIf(v, pPk==0);
132500 132929         VdbeCoverageIf(v, pPk!=0);
132501 132930       }else if( pPk ){
132502         -      labelContinue = sqlite3VdbeMakeLabel(v);
       132931  +      labelContinue = sqlite3VdbeMakeLabel(pParse);
132503 132932         sqlite3VdbeAddOp2(v, OP_Rewind, iEph, labelBreak); VdbeCoverage(v);
132504 132933         addrTop = sqlite3VdbeAddOp2(v, OP_RowData, iEph, regKey);
132505 132934         sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelContinue, regKey, 0);
132506 132935         VdbeCoverage(v);
132507 132936       }else{
132508 132937         labelContinue = sqlite3VdbeAddOp3(v, OP_RowSetRead, regRowSet,labelBreak,
132509 132938                                  regOldRowid);
................................................................................
133263 133692   ** the copy of step (3) were replaced by deleting the original database
133264 133693   ** and renaming the transient database as the original.  But that will
133265 133694   ** not work if other processes are attached to the original database.
133266 133695   ** And a power loss in between deleting the original and renaming the
133267 133696   ** transient would cause the database file to appear to be deleted
133268 133697   ** following reboot.
133269 133698   */
133270         -SQLITE_PRIVATE void sqlite3Vacuum(Parse *pParse, Token *pNm){
       133699  +SQLITE_PRIVATE void sqlite3Vacuum(Parse *pParse, Token *pNm, Expr *pInto){
133271 133700     Vdbe *v = sqlite3GetVdbe(pParse);
133272 133701     int iDb = 0;
133273         -  if( v==0 ) return;
       133702  +  if( v==0 ) goto build_vacuum_end;
133274 133703     if( pNm ){
133275 133704   #ifndef SQLITE_BUG_COMPATIBLE_20160819
133276 133705       /* Default behavior:  Report an error if the argument to VACUUM is
133277 133706       ** not recognized */
133278 133707       iDb = sqlite3TwoPartName(pParse, pNm, pNm, &pNm);
133279         -    if( iDb<0 ) return;
       133708  +    if( iDb<0 ) goto build_vacuum_end;
133280 133709   #else
133281 133710       /* When SQLITE_BUG_COMPATIBLE_20160819 is defined, unrecognized arguments
133282 133711       ** to VACUUM are silently ignored.  This is a back-out of a bug fix that
133283 133712       ** occurred on 2016-08-19 (https://www.sqlite.org/src/info/083f9e6270).
133284 133713       ** The buggy behavior is required for binary compatibility with some
133285 133714       ** legacy applications. */
133286 133715       iDb = sqlite3FindDb(pParse->db, pNm);
133287 133716       if( iDb<0 ) iDb = 0;
133288 133717   #endif
133289 133718     }
133290 133719     if( iDb!=1 ){
133291         -    sqlite3VdbeAddOp1(v, OP_Vacuum, iDb);
       133720  +    int iIntoReg = 0;
       133721  +    if( pInto && sqlite3ResolveSelfReference(pParse,0,0,pInto,0)==0 ){
       133722  +      iIntoReg = ++pParse->nMem;
       133723  +      sqlite3ExprCode(pParse, pInto, iIntoReg);
       133724  +    }
       133725  +    sqlite3VdbeAddOp2(v, OP_Vacuum, iDb, iIntoReg);
133292 133726       sqlite3VdbeUsesBtree(v, iDb);
133293 133727     }
       133728  +build_vacuum_end:
       133729  +  sqlite3ExprDelete(pParse->db, pInto);
133294 133730     return;
133295 133731   }
133296 133732   
133297 133733   /*
133298 133734   ** This routine implements the OP_Vacuum opcode of the VDBE.
133299 133735   */
133300         -SQLITE_PRIVATE int sqlite3RunVacuum(char **pzErrMsg, sqlite3 *db, int iDb){
       133736  +SQLITE_PRIVATE int sqlite3RunVacuum(
       133737  +  char **pzErrMsg,        /* Write error message here */
       133738  +  sqlite3 *db,            /* Database connection */
       133739  +  int iDb,                /* Which attached DB to vacuum */
       133740  +  sqlite3_value *pOut     /* Write results here, if not NULL */
       133741  +){
133301 133742     int rc = SQLITE_OK;     /* Return code from service routines */
133302 133743     Btree *pMain;           /* The database being vacuumed */
133303 133744     Btree *pTemp;           /* The temporary database we vacuum into */
133304         -  u16 saved_mDbFlags;     /* Saved value of db->mDbFlags */
133305         -  u32 saved_flags;        /* Saved value of db->flags */
       133745  +  u32 saved_mDbFlags;     /* Saved value of db->mDbFlags */
       133746  +  u64 saved_flags;        /* Saved value of db->flags */
133306 133747     int saved_nChange;      /* Saved value of db->nChange */
133307 133748     int saved_nTotalChange; /* Saved value of db->nTotalChange */
133308 133749     u8 saved_mTrace;        /* Saved trace settings */
133309 133750     Db *pDb = 0;            /* Database to detach at end of vacuum */
133310 133751     int isMemDb;            /* True if vacuuming a :memory: database */
133311 133752     int nRes;               /* Bytes of reserved space at the end of each page */
133312 133753     int nDb;                /* Number of attached databases */
133313 133754     const char *zDbMain;    /* Schema name of database to vacuum */
       133755  +  const char *zOut;       /* Name of output file */
133314 133756   
133315 133757     if( !db->autoCommit ){
133316 133758       sqlite3SetString(pzErrMsg, db, "cannot VACUUM from within a transaction");
133317 133759       return SQLITE_ERROR;
133318 133760     }
133319 133761     if( db->nVdbeActive>1 ){
133320 133762       sqlite3SetString(pzErrMsg, db,"cannot VACUUM - SQL statements in progress");
133321 133763       return SQLITE_ERROR;
133322 133764     }
       133765  +  if( pOut ){
       133766  +    if( sqlite3_value_type(pOut)!=SQLITE_TEXT ){
       133767  +      sqlite3SetString(pzErrMsg, db, "non-text filename");
       133768  +      return SQLITE_ERROR;
       133769  +    }
       133770  +    zOut = (const char*)sqlite3_value_text(pOut);
       133771  +  }else{
       133772  +    zOut = "";
       133773  +  }
133323 133774   
133324 133775     /* Save the current value of the database flags so that it can be 
133325 133776     ** restored before returning. Then set the writable-schema flag, and
133326 133777     ** disable CHECK and foreign key constraints.  */
133327 133778     saved_flags = db->flags;
133328 133779     saved_mDbFlags = db->mDbFlags;
133329 133780     saved_nChange = db->nChange;
133330 133781     saved_nTotalChange = db->nTotalChange;
133331 133782     saved_mTrace = db->mTrace;
133332 133783     db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks;
133333 133784     db->mDbFlags |= DBFLAG_PreferBuiltin | DBFLAG_Vacuum;
133334         -  db->flags &= ~(SQLITE_ForeignKeys | SQLITE_ReverseOrder
       133785  +  db->flags &= ~(u64)(SQLITE_ForeignKeys | SQLITE_ReverseOrder
133335 133786                      | SQLITE_Defensive | SQLITE_CountRows);
133336 133787     db->mTrace = 0;
133337 133788   
133338 133789     zDbMain = db->aDb[iDb].zDbSName;
133339 133790     pMain = db->aDb[iDb].pBt;
133340 133791     isMemDb = sqlite3PagerIsMemdb(sqlite3BtreePager(pMain));
133341 133792   
................................................................................
133350 133801     ** that actually made the VACUUM run slower.  Very little journalling
133351 133802     ** actually occurs when doing a vacuum since the vacuum_db is initially
133352 133803     ** empty.  Only the journal header is written.  Apparently it takes more
133353 133804     ** time to parse and run the PRAGMA to turn journalling off than it does
133354 133805     ** to write the journal header file.
133355 133806     */
133356 133807     nDb = db->nDb;
133357         -  rc = execSql(db, pzErrMsg, "ATTACH''AS vacuum_db");
       133808  +  rc = execSqlF(db, pzErrMsg, "ATTACH %Q AS vacuum_db", zOut);
133358 133809     if( rc!=SQLITE_OK ) goto end_of_vacuum;
133359 133810     assert( (db->nDb-1)==nDb );
133360 133811     pDb = &db->aDb[nDb];
133361 133812     assert( strcmp(pDb->zDbSName,"vacuum_db")==0 );
133362 133813     pTemp = pDb->pBt;
133363         -
133364         -  /* The call to execSql() to attach the temp database has left the file
133365         -  ** locked (as there was more than one active statement when the transaction
133366         -  ** to read the schema was concluded. Unlock it here so that this doesn't
133367         -  ** cause problems for the call to BtreeSetPageSize() below.  */
133368         -  sqlite3BtreeCommit(pTemp);
133369         -
       133814  +  if( pOut ){
       133815  +    sqlite3_file *id = sqlite3PagerFile(sqlite3BtreePager(pTemp));
       133816  +    i64 sz = 0;
       133817  +    if( id->pMethods!=0 && (sqlite3OsFileSize(id, &sz)!=SQLITE_OK || sz>0) ){
       133818  +      rc = SQLITE_ERROR;
       133819  +      sqlite3SetString(pzErrMsg, db, "output file already exists");
       133820  +      goto end_of_vacuum;
       133821  +    }
       133822  +  }
133370 133823     nRes = sqlite3BtreeGetOptimalReserve(pMain);
133371 133824   
133372 133825     /* A VACUUM cannot change the pagesize of an encrypted database. */
133373 133826   #ifdef SQLITE_HAS_CODEC
133374 133827     if( db->nextPagesize ){
133375 133828       extern void sqlite3CodecGetKey(sqlite3*, int, void**, int*);
133376 133829       int nKey;
................................................................................
133386 133839   
133387 133840     /* Begin a transaction and take an exclusive lock on the main database
133388 133841     ** file. This is done before the sqlite3BtreeGetPageSize(pMain) call below,
133389 133842     ** to ensure that we do not try to change the page-size on a WAL database.
133390 133843     */
133391 133844     rc = execSql(db, pzErrMsg, "BEGIN");
133392 133845     if( rc!=SQLITE_OK ) goto end_of_vacuum;
133393         -  rc = sqlite3BtreeBeginTrans(pMain, 2, 0);
       133846  +  rc = sqlite3BtreeBeginTrans(pMain, pOut==0 ? 2 : 0, 0);
133394 133847     if( rc!=SQLITE_OK ) goto end_of_vacuum;
133395 133848   
133396 133849     /* Do not attempt to change the page size for a WAL database */
133397 133850     if( sqlite3PagerGetJournalMode(sqlite3BtreePager(pMain))
133398 133851                                                  ==PAGER_JOURNALMODE_WAL ){
133399 133852       db->nextPagesize = 0;
133400 133853     }
................................................................................
133481 133934          BTREE_DEFAULT_CACHE_SIZE, 0,  /* Preserve the default page cache size */
133482 133935          BTREE_TEXT_ENCODING,      0,  /* Preserve the text encoding */
133483 133936          BTREE_USER_VERSION,       0,  /* Preserve the user version */
133484 133937          BTREE_APPLICATION_ID,     0,  /* Preserve the application id */
133485 133938       };
133486 133939   
133487 133940       assert( 1==sqlite3BtreeIsInTrans(pTemp) );
133488         -    assert( 1==sqlite3BtreeIsInTrans(pMain) );
       133941  +    assert( pOut!=0 || 1==sqlite3BtreeIsInTrans(pMain) );
133489 133942   
133490 133943       /* Copy Btree meta values */
133491 133944       for(i=0; i<ArraySize(aCopy); i+=2){
133492 133945         /* GetMeta() and UpdateMeta() cannot fail in this context because
133493 133946         ** we already have page 1 loaded into cache and marked dirty. */
133494 133947         sqlite3BtreeGetMeta(pMain, aCopy[i], &meta);
133495 133948         rc = sqlite3BtreeUpdateMeta(pTemp, aCopy[i], meta+aCopy[i+1]);
133496 133949         if( NEVER(rc!=SQLITE_OK) ) goto end_of_vacuum;
133497 133950       }
133498 133951   
133499         -    rc = sqlite3BtreeCopyFile(pMain, pTemp);
       133952  +    if( pOut==0 ){
       133953  +      rc = sqlite3BtreeCopyFile(pMain, pTemp);
       133954  +    }
133500 133955       if( rc!=SQLITE_OK ) goto end_of_vacuum;
133501 133956       rc = sqlite3BtreeCommit(pTemp);
133502 133957       if( rc!=SQLITE_OK ) goto end_of_vacuum;
133503 133958   #ifndef SQLITE_OMIT_AUTOVACUUM
133504         -    sqlite3BtreeSetAutoVacuum(pMain, sqlite3BtreeGetAutoVacuum(pTemp));
       133959  +    if( pOut==0 ){
       133960  +      sqlite3BtreeSetAutoVacuum(pMain, sqlite3BtreeGetAutoVacuum(pTemp));
       133961  +    }
133505 133962   #endif
133506 133963     }
133507 133964   
133508 133965     assert( rc==SQLITE_OK );
133509         -  rc = sqlite3BtreeSetPageSize(pMain, sqlite3BtreeGetPageSize(pTemp), nRes,1);
       133966  +  if( pOut==0 ){
       133967  +    rc = sqlite3BtreeSetPageSize(pMain, sqlite3BtreeGetPageSize(pTemp), nRes,1);
       133968  +  }
133510 133969   
133511 133970   end_of_vacuum:
133512 133971     /* Restore the original value of db->flags */
133513 133972     db->init.iDb = 0;
133514 133973     db->mDbFlags = saved_mDbFlags;
133515 133974     db->flags = saved_flags;
133516 133975     db->nChange = saved_nChange;
................................................................................
134543 135002     if( db->aVTrans ){
134544 135003       int i;
134545 135004       for(i=0; rc==SQLITE_OK && i<db->nVTrans; i++){
134546 135005         VTable *pVTab = db->aVTrans[i];
134547 135006         const sqlite3_module *pMod = pVTab->pMod->pModule;
134548 135007         if( pVTab->pVtab && pMod->iVersion>=2 ){
134549 135008           int (*xMethod)(sqlite3_vtab *, int);
       135009  +        sqlite3VtabLock(pVTab);
134550 135010           switch( op ){
134551 135011             case SAVEPOINT_BEGIN:
134552 135012               xMethod = pMod->xSavepoint;
134553 135013               pVTab->iSavepoint = iSavepoint+1;
134554 135014               break;
134555 135015             case SAVEPOINT_ROLLBACK:
134556 135016               xMethod = pMod->xRollbackTo;
................................................................................
134558 135018             default:
134559 135019               xMethod = pMod->xRelease;
134560 135020               break;
134561 135021           }
134562 135022           if( xMethod && pVTab->iSavepoint>iSavepoint ){
134563 135023             rc = xMethod(pVTab->pVtab, iSavepoint);
134564 135024           }
       135025  +        sqlite3VtabUnlock(pVTab);
134565 135026         }
134566 135027       }
134567 135028     }
134568 135029     return rc;
134569 135030   }
134570 135031   
134571 135032   /*
................................................................................
135319 135780     WhereLevel *pLvl,               /* Level to add scanstatus() entry for */
135320 135781     int addrExplain                 /* Address of OP_Explain (or 0) */
135321 135782   );
135322 135783   #else
135323 135784   # define sqlite3WhereAddScanStatus(a, b, c, d) ((void)d)
135324 135785   #endif
135325 135786   SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
       135787  +  Parse *pParse,       /* Parsing context */
       135788  +  Vdbe *v,             /* Prepared statement under construction */
135326 135789     WhereInfo *pWInfo,   /* Complete information about the WHERE clause */
135327 135790     int iLevel,          /* Which level of pWInfo->a[] should be coded */
       135791  +  WhereLevel *pLevel,  /* The current level pointer */
135328 135792     Bitmask notReady     /* Which tables are currently available */
135329 135793   );
135330 135794   
135331 135795   /* whereexpr.c: */
135332 135796   SQLITE_PRIVATE void sqlite3WhereClauseInit(WhereClause*,WhereInfo*);
135333 135797   SQLITE_PRIVATE void sqlite3WhereClauseClear(WhereClause*);
135334 135798   SQLITE_PRIVATE void sqlite3WhereSplit(WhereClause*,Expr*,u8);
................................................................................
135590 136054         sqlite3_str_appendf(&str, " (~%llu rows)",
135591 136055                sqlite3LogEstToInt(pLoop->nOut));
135592 136056       }else{
135593 136057         sqlite3_str_append(&str, " (~1 row)", 9);
135594 136058       }
135595 136059   #endif
135596 136060       zMsg = sqlite3StrAccumFinish(&str);
       136061  +    sqlite3ExplainBreakpoint("",zMsg);
135597 136062       ret = sqlite3VdbeAddOp4(v, OP_Explain, sqlite3VdbeCurrentAddr(v),
135598 136063                               pParse->addrExplain, 0, zMsg,P4_DYNAMIC);
135599 136064     }
135600 136065     return ret;
135601 136066   }
135602 136067   #endif /* SQLITE_OMIT_EXPLAIN */
135603 136068   
................................................................................
135915 136380         }
135916 136381       }
135917 136382       for(i=iEq;i<pLoop->nLTerm; i++){
135918 136383         assert( pLoop->aLTerm[i]!=0 );
135919 136384         if( pLoop->aLTerm[i]->pExpr==pX ) nEq++;
135920 136385       }
135921 136386   
       136387  +    iTab = 0;
135922 136388       if( (pX->flags & EP_xIsSelect)==0 || pX->x.pSelect->pEList->nExpr==1 ){
135923         -      eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, 0);
       136389  +      eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, 0, &iTab);
135924 136390       }else{
135925 136391         sqlite3 *db = pParse->db;
135926 136392         pX = removeUnindexableInClauseTerms(pParse, iEq, pLoop, pX);
135927 136393   
135928 136394         if( !db->mallocFailed ){
135929 136395           aiMap = (int*)sqlite3DbMallocZero(pParse->db, sizeof(int)*nEq);
135930         -        eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, aiMap);
135931         -        pTerm->pExpr->iTable = pX->iTable;
       136396  +        eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, aiMap, &iTab);
       136397  +        pTerm->pExpr->iTable = iTab;
135932 136398         }
135933 136399         sqlite3ExprDelete(db, pX);
135934 136400         pX = pTerm->pExpr;
135935 136401       }
135936 136402   
135937 136403       if( eType==IN_INDEX_INDEX_DESC ){
135938 136404         testcase( bRev );
135939 136405         bRev = !bRev;
135940 136406       }
135941         -    iTab = pX->iTable;
135942 136407       sqlite3VdbeAddOp2(v, bRev ? OP_Last : OP_Rewind, iTab, 0);
135943 136408       VdbeCoverageIf(v, bRev);
135944 136409       VdbeCoverageIf(v, !bRev);
135945 136410       assert( (pLoop->wsFlags & WHERE_MULTI_OR)==0 );
135946 136411   
135947 136412       pLoop->wsFlags |= WHERE_IN_ABLE;
135948 136413       if( pLevel->u.in.nIn==0 ){
135949         -      pLevel->addrNxt = sqlite3VdbeMakeLabel(v);
       136414  +      pLevel->addrNxt = sqlite3VdbeMakeLabel(pParse);
135950 136415       }
135951 136416   
135952 136417       i = pLevel->u.in.nIn;
135953 136418       pLevel->u.in.nIn += nEq;
135954 136419       pLevel->u.in.aInLoop =
135955 136420          sqlite3DbReallocOrFree(pParse->db, pLevel->u.in.aInLoop,
135956 136421                                 sizeof(pLevel->u.in.aInLoop[0])*pLevel->u.in.nIn);
................................................................................
136453 136918   */
136454 136919   static void codeExprOrVector(Parse *pParse, Expr *p, int iReg, int nReg){
136455 136920     assert( nReg>0 );
136456 136921     if( p && sqlite3ExprIsVector(p) ){
136457 136922   #ifndef SQLITE_OMIT_SUBQUERY
136458 136923       if( (p->flags & EP_xIsSelect) ){
136459 136924         Vdbe *v = pParse->pVdbe;
136460         -      int iSelect = sqlite3CodeSubselect(pParse, p, 0, 0);
       136925  +      int iSelect;
       136926  +      assert( p->op==TK_SELECT );
       136927  +      iSelect = sqlite3CodeSubselect(pParse, p);
136461 136928         sqlite3VdbeAddOp3(v, OP_Copy, iSelect, iReg, nReg-1);
136462 136929       }else
136463 136930   #endif
136464 136931       {
136465 136932         int i;
136466 136933         ExprList *pList = p->x.pList;
136467 136934         assert( nReg<=pList->nExpr );
................................................................................
136539 137006   }
136540 137007   
136541 137008   /*
136542 137009   ** Generate code for the start of the iLevel-th loop in the WHERE clause
136543 137010   ** implementation described by pWInfo.
136544 137011   */
136545 137012   SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
       137013  +  Parse *pParse,       /* Parsing context */
       137014  +  Vdbe *v,             /* Prepared statement under construction */
136546 137015     WhereInfo *pWInfo,   /* Complete information about the WHERE clause */
136547 137016     int iLevel,          /* Which level of pWInfo->a[] should be coded */
       137017  +  WhereLevel *pLevel,  /* The current level pointer */
136548 137018     Bitmask notReady     /* Which tables are currently available */
136549 137019   ){
136550 137020     int j, k;            /* Loop counters */
136551 137021     int iCur;            /* The VDBE cursor for the table */
136552 137022     int addrNxt;         /* Where to jump to continue with the next IN case */
136553         -  int omitTable;       /* True if we use the index only */
136554 137023     int bRev;            /* True if we need to scan in reverse order */
136555         -  WhereLevel *pLevel;  /* The where level to be coded */
136556 137024     WhereLoop *pLoop;    /* The WhereLoop object being coded */
136557 137025     WhereClause *pWC;    /* Decomposition of the entire WHERE clause */
136558 137026     WhereTerm *pTerm;               /* A WHERE clause term */
136559         -  Parse *pParse;                  /* Parsing context */
136560 137027     sqlite3 *db;                    /* Database connection */
136561         -  Vdbe *v;                        /* The prepared stmt under constructions */
136562 137028     struct SrcList_item *pTabItem;  /* FROM clause term being coded */
136563 137029     int addrBrk;                    /* Jump here to break out of the loop */
136564 137030     int addrHalt;                   /* addrBrk for the outermost loop */
136565 137031     int addrCont;                   /* Jump here to continue with next cycle */
136566 137032     int iRowidReg = 0;        /* Rowid is stored in this register, if not zero */
136567 137033     int iReleaseReg = 0;      /* Temp register to free before returning */
136568 137034     Index *pIdx = 0;          /* Index used by loop (if any) */
136569 137035     int iLoop;                /* Iteration of constraint generator loop */
136570 137036   
136571         -  pParse = pWInfo->pParse;
136572         -  v = pParse->pVdbe;
136573 137037     pWC = &pWInfo->sWC;
136574 137038     db = pParse->db;
136575         -  pLevel = &pWInfo->a[iLevel];
136576 137039     pLoop = pLevel->pWLoop;
136577 137040     pTabItem = &pWInfo->pTabList->a[pLevel->iFrom];
136578 137041     iCur = pTabItem->iCursor;
136579 137042     pLevel->notReady = notReady & ~sqlite3WhereGetMask(&pWInfo->sMaskSet, iCur);
136580 137043     bRev = (pWInfo->revMask>>iLevel)&1;
136581         -  omitTable = (pLoop->wsFlags & WHERE_IDX_ONLY)!=0 
136582         -           && (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)==0;
136583 137044     VdbeModuleComment((v, "Begin WHERE-loop%d: %s",iLevel,pTabItem->pTab->zName));
136584 137045   
136585 137046     /* Create labels for the "break" and "continue" instructions
136586 137047     ** for the current loop.  Jump to addrBrk to break out of a loop.
136587 137048     ** Jump to cont to go immediately to the next iteration of the
136588 137049     ** loop.
136589 137050     **
136590 137051     ** When there is an IN operator, we also have a "addrNxt" label that
136591 137052     ** means to continue with the next IN value combination.  When
136592 137053     ** there are no IN operators in the constraints, the "addrNxt" label
136593 137054     ** is the same as "addrBrk".
136594 137055     */
136595         -  addrBrk = pLevel->addrBrk = pLevel->addrNxt = sqlite3VdbeMakeLabel(v);
136596         -  addrCont = pLevel->addrCont = sqlite3VdbeMakeLabel(v);
       137056  +  addrBrk = pLevel->addrBrk = pLevel->addrNxt = sqlite3VdbeMakeLabel(pParse);
       137057  +  addrCont = pLevel->addrCont = sqlite3VdbeMakeLabel(pParse);
136597 137058   
136598 137059     /* If this is the right table of a LEFT OUTER JOIN, allocate and
136599 137060     ** initialize a memory cell that records if this table matches any
136600 137061     ** row of the left table of the join.
136601 137062     */
136602 137063     assert( (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)
136603 137064          || pLevel->iFrom>0 || (pTabItem[0].fg.jointype & JT_LEFT)==0
................................................................................
136716 137177       **          we reference multiple rows using a "rowid IN (...)"
136717 137178       **          construct.
136718 137179       */
136719 137180       assert( pLoop->u.btree.nEq==1 );
136720 137181       pTerm = pLoop->aLTerm[0];
136721 137182       assert( pTerm!=0 );
136722 137183       assert( pTerm->pExpr!=0 );
136723         -    assert( omitTable==0 );
136724 137184       testcase( pTerm->wtFlags & TERM_VIRTUAL );
136725 137185       iReleaseReg = ++pParse->nMem;
136726 137186       iRowidReg = codeEqualityTerm(pParse, pTerm, pLevel, 0, bRev, iReleaseReg);
136727 137187       if( iRowidReg!=iReleaseReg ) sqlite3ReleaseTempReg(pParse, iReleaseReg);
136728 137188       addrNxt = pLevel->addrNxt;
136729 137189       sqlite3VdbeAddOp3(v, OP_SeekRowid, iCur, addrNxt, iRowidReg);
136730 137190       VdbeCoverage(v);
................................................................................
136735 137195       /* Case 3:  We have an inequality comparison against the ROWID field.
136736 137196       */
136737 137197       int testOp = OP_Noop;
136738 137198       int start;
136739 137199       int memEndValue = 0;
136740 137200       WhereTerm *pStart, *pEnd;
136741 137201   
136742         -    assert( omitTable==0 );
136743 137202       j = 0;
136744 137203       pStart = pEnd = 0;
136745 137204       if( pLoop->wsFlags & WHERE_BTM_LIMIT ) pStart = pLoop->aLTerm[j++];
136746 137205       if( pLoop->wsFlags & WHERE_TOP_LIMIT ) pEnd = pLoop->aLTerm[j++];
136747 137206       assert( pStart!=0 || pEnd!=0 );
136748 137207       if( bRev ){
136749 137208         pTerm = pStart;
................................................................................
136899 137358       int iIdxCur;                 /* The VDBE cursor for the index */
136900 137359       int nExtraReg = 0;           /* Number of extra registers needed */
136901 137360       int op;                      /* Instruction opcode */
136902 137361       char *zStartAff;             /* Affinity for start of range constraint */
136903 137362       char *zEndAff = 0;           /* Affinity for end of range constraint */
136904 137363       u8 bSeekPastNull = 0;        /* True to seek past initial nulls */
136905 137364       u8 bStopAtNull = 0;          /* Add condition to terminate at NULLs */
       137365  +    int omitTable;               /* True if we use the index only */
       137366  +
136906 137367   
136907 137368       pIdx = pLoop->u.btree.pIndex;
136908 137369       iIdxCur = pLevel->iIdxCur;
136909 137370       assert( nEq>=pLoop->nSkip );
136910 137371   
136911 137372       /* If this loop satisfies a sort order (pOrderBy) request that 
136912 137373       ** was passed to this function to implement a "SELECT min(x) ..." 
................................................................................
137100 137561       }
137101 137562   
137102 137563       if( pLoop->wsFlags & WHERE_IN_EARLYOUT ){
137103 137564         sqlite3VdbeAddOp2(v, OP_SeekHit, iIdxCur, 1);
137104 137565       }
137105 137566   
137106 137567       /* Seek the table cursor, if required */
       137568  +    omitTable = (pLoop->wsFlags & WHERE_IDX_ONLY)!=0 
       137569  +           && (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)==0;
137107 137570       if( omitTable ){
137108 137571         /* pIdx is a covering index.  No need to access the main table. */
137109 137572       }else if( HasRowid(pIdx->pTable) ){
137110 137573         if( (pWInfo->wctrlFlags & WHERE_SEEK_TABLE) || (
137111 137574             (pWInfo->wctrlFlags & WHERE_SEEK_UNIQ_TABLE) 
137112 137575          && (pWInfo->eOnePass==ONEPASS_SINGLE)
137113 137576         )){
................................................................................
137210 137673       SrcList *pOrTab;       /* Shortened table list or OR-clause generation */
137211 137674       Index *pCov = 0;             /* Potential covering index (or NULL) */
137212 137675       int iCovCur = pParse->nTab++;  /* Cursor used for index scans (if any) */
137213 137676   
137214 137677       int regReturn = ++pParse->nMem;           /* Register used with OP_Gosub */
137215 137678       int regRowset = 0;                        /* Register for RowSet object */
137216 137679       int regRowid = 0;                         /* Register holding rowid */
137217         -    int iLoopBody = sqlite3VdbeMakeLabel(v);  /* Start of loop body */
       137680  +    int iLoopBody = sqlite3VdbeMakeLabel(pParse);/* Start of loop body */
137218 137681       int iRetInit;                             /* Address of regReturn init */
137219 137682       int untestedTerms = 0;             /* Some terms not completely tested */
137220 137683       int ii;                            /* Loop counter */
137221 137684       u16 wctrlFlags;                    /* Flags for sub-WHERE clause */
137222 137685       Expr *pAndExpr = 0;                /* An ".. AND (...)" expression */
137223 137686       Table *pTab = pTabItem->pTab;
137224 137687   
................................................................................
137326 137789                || ExprHasProperty(pOrExpr, EP_FromJoin) 
137327 137790           );
137328 137791           if( pAndExpr ){
137329 137792             pAndExpr->pLeft = pOrExpr;
137330 137793             pOrExpr = pAndExpr;
137331 137794           }
137332 137795           /* Loop through table entries that match term pOrTerm. */
       137796  +        ExplainQueryPlan((pParse, 1, "INDEX %d", ii+1));
137333 137797           WHERETRACE(0xffff, ("Subplan for OR-clause:\n"));
137334 137798           pSubWInfo = sqlite3WhereBegin(pParse, pOrTab, pOrExpr, 0, 0,
137335 137799                                         wctrlFlags, iCovCur);
137336 137800           assert( pSubWInfo || pParse->nErr || db->mallocFailed );
137337 137801           if( pSubWInfo ){
137338 137802             WhereLoop *pSubLoop;
137339 137803             int addrExplain = sqlite3WhereExplainOneScan(
................................................................................
137429 137893               pCov = pSubLoop->u.btree.pIndex;
137430 137894             }else{
137431 137895               pCov = 0;
137432 137896             }
137433 137897   
137434 137898             /* Finish the loop through table entries that match term pOrTerm. */
137435 137899             sqlite3WhereEnd(pSubWInfo);
       137900  +          ExplainQueryPlanPop(pParse);
137436 137901           }
137437 137902         }
137438 137903       }
137439 137904       ExplainQueryPlanPop(pParse);
137440 137905       pLevel->u.pCovidx = pCov;
137441 137906       if( pCov ) pLevel->iIdxCur = iCovCur;
137442 137907       if( pAndExpr ){
................................................................................
138390 138855       /* Search for a table and column that appears on one side or the
138391 138856       ** other of the == operator in every subterm.  That table and column
138392 138857       ** will be recorded in iCursor and iColumn.  There might not be any
138393 138858       ** such table and column.  Set okToChngToIN if an appropriate table
138394 138859       ** and column is found but leave okToChngToIN false if not found.
138395 138860       */
138396 138861       for(j=0; j<2 && !okToChngToIN; j++){
       138862  +      Expr *pLeft = 0;
138397 138863         pOrTerm = pOrWc->a;
138398 138864         for(i=pOrWc->nTerm-1; i>=0; i--, pOrTerm++){
138399 138865           assert( pOrTerm->eOperator & WO_EQ );
138400 138866           pOrTerm->wtFlags &= ~TERM_OR_OK;
138401 138867           if( pOrTerm->leftCursor==iCursor ){
138402 138868             /* This is the 2-bit case and we are on the second iteration and
138403 138869             ** current term is from the first iteration.  So skip this term. */
................................................................................
138413 138879             testcase( pOrTerm->wtFlags & TERM_COPIED );
138414 138880             testcase( pOrTerm->wtFlags & TERM_VIRTUAL );
138415 138881             assert( pOrTerm->wtFlags & (TERM_COPIED|TERM_VIRTUAL) );
138416 138882             continue;
138417 138883           }
138418 138884           iColumn = pOrTerm->u.leftColumn;
138419 138885           iCursor = pOrTerm->leftCursor;
       138886  +        pLeft = pOrTerm->pExpr->pLeft;
138420 138887           break;
138421 138888         }
138422 138889         if( i<0 ){
138423 138890           /* No candidate table+column was found.  This can only occur
138424 138891           ** on the second iteration */
138425 138892           assert( j==1 );
138426 138893           assert( IsPowerOfTwo(chngToIN) );
................................................................................
138432 138899         /* We have found a candidate table and column.  Check to see if that
138433 138900         ** table and column is common to every term in the OR clause */
138434 138901         okToChngToIN = 1;
138435 138902         for(; i>=0 && okToChngToIN; i--, pOrTerm++){
138436 138903           assert( pOrTerm->eOperator & WO_EQ );
138437 138904           if( pOrTerm->leftCursor!=iCursor ){
138438 138905             pOrTerm->wtFlags &= ~TERM_OR_OK;
138439         -        }else if( pOrTerm->u.leftColumn!=iColumn ){
       138906  +        }else if( pOrTerm->u.leftColumn!=iColumn || (iColumn==XN_EXPR 
       138907  +               && sqlite3ExprCompare(pParse, pOrTerm->pExpr->pLeft, pLeft, -1)
       138908  +        )){
138440 138909             okToChngToIN = 0;
138441 138910           }else{
138442 138911             int affLeft, affRight;
138443 138912             /* If the right-hand side is also a column, then the affinities
138444 138913             ** of both right and left sides must be such that no type
138445 138914             ** conversions are required on the right.  (Ticket #2249)
138446 138915             */
................................................................................
139519 139988       if( pScan->iEquiv>=pScan->nEquiv ) break;
139520 139989       pWC = pScan->pOrigWC;
139521 139990       k = 0;
139522 139991       pScan->iEquiv++;
139523 139992     }
139524 139993     return 0;
139525 139994   }
       139995  +
       139996  +/*
       139997  +** This is whereScanInit() for the case of an index on an expression.
       139998  +** It is factored out into a separate tail-recursion subroutine so that
       139999  +** the normal whereScanInit() routine, which is a high-runner, does not
       140000  +** need to push registers onto the stack as part of its prologue.
       140001  +*/
       140002  +static SQLITE_NOINLINE WhereTerm *whereScanInitIndexExpr(WhereScan *pScan){
       140003  +  pScan->idxaff = sqlite3ExprAffinity(pScan->pIdxExpr);
       140004  +  return whereScanNext(pScan);
       140005  +}
139526 140006   
139527 140007   /*
139528 140008   ** Initialize a WHERE clause scanner object.  Return a pointer to the
139529 140009   ** first match.  Return NULL if there are no matches.
139530 140010   **
139531 140011   ** The scanner will be searching the WHERE clause pWC.  It will look
139532 140012   ** for terms of the form "X <op> <expr>" where X is column iColumn of table
................................................................................
139552 140032     Index *pIdx             /* Must be compatible with this index */
139553 140033   ){
139554 140034     pScan->pOrigWC = pWC;
139555 140035     pScan->pWC = pWC;
139556 140036     pScan->pIdxExpr = 0;
139557 140037     pScan->idxaff = 0;
139558 140038     pScan->zCollName = 0;
       140039  +  pScan->opMask = opMask;
       140040  +  pScan->k = 0;
       140041  +  pScan->aiCur[0] = iCur;
       140042  +  pScan->nEquiv = 1;
       140043  +  pScan->iEquiv = 1;
139559 140044     if( pIdx ){
139560 140045       int j = iColumn;
139561 140046       iColumn = pIdx->aiColumn[j];
139562 140047       if( iColumn==XN_EXPR ){
139563 140048         pScan->pIdxExpr = pIdx->aColExpr->a[j].pExpr;
139564 140049         pScan->zCollName = pIdx->azColl[j];
       140050  +      pScan->aiColumn[0] = XN_EXPR;
       140051  +      return whereScanInitIndexExpr(pScan);
139565 140052       }else if( iColumn==pIdx->pTable->iPKey ){
139566 140053         iColumn = XN_ROWID;
139567 140054       }else if( iColumn>=0 ){
139568 140055         pScan->idxaff = pIdx->pTable->aCol[iColumn].affinity;
139569 140056         pScan->zCollName = pIdx->azColl[j];
139570 140057       }
139571 140058     }else if( iColumn==XN_EXPR ){
139572 140059       return 0;
139573 140060     }
139574         -  pScan->opMask = opMask;
139575         -  pScan->k = 0;
139576         -  pScan->aiCur[0] = iCur;
139577 140061     pScan->aiColumn[0] = iColumn;
139578         -  pScan->nEquiv = 1;
139579         -  pScan->iEquiv = 1;
139580 140062     return whereScanNext(pScan);
139581 140063   }
139582 140064   
139583 140065   /*
139584 140066   ** Search for a term in the WHERE clause that is of the form "X <op> <expr>"
139585 140067   ** where X is a reference to the iColumn of table iCur or of index pIdx
139586 140068   ** if pIdx!=0 and <op> is one of the WO_xx operator codes specified by
................................................................................
140047 140529       addrTop =  sqlite3VdbeAddOp1(v, OP_Yield, regYield);
140048 140530       VdbeCoverage(v);
140049 140531       VdbeComment((v, "next row of %s", pTabItem->pTab->zName));
140050 140532     }else{
140051 140533       addrTop = sqlite3VdbeAddOp1(v, OP_Rewind, pLevel->iTabCur); VdbeCoverage(v);
140052 140534     }
140053 140535     if( pPartial ){
140054         -    iContinue = sqlite3VdbeMakeLabel(v);
       140536  +    iContinue = sqlite3VdbeMakeLabel(pParse);
140055 140537       sqlite3ExprIfFalse(pParse, pPartial, iContinue, SQLITE_JUMPIFNULL);
140056 140538       pLoop->wsFlags |= WHERE_PARTIALIDX;
140057 140539     }
140058 140540     regRecord = sqlite3GetTempReg(pParse);
140059 140541     regBase = sqlite3GenerateIndexKey(
140060 140542         pParse, pIdx, pLevel->iTabCur, regRecord, 0, 0, 0, 0
140061 140543     );
................................................................................
140064 140546     if( pPartial ) sqlite3VdbeResolveLabel(v, iContinue);
140065 140547     if( pTabItem->fg.viaCoroutine ){
140066 140548       sqlite3VdbeChangeP2(v, addrCounter, regBase+n);
140067 140549       testcase( pParse->db->mallocFailed );
140068 140550       translateColumnToCopy(pParse, addrTop, pLevel->iTabCur,
140069 140551                             pTabItem->regResult, 1);
140070 140552       sqlite3VdbeGoto(v, addrTop);
       140553  +    pTabItem->fg.viaCoroutine = 0;
140071 140554     }else{
140072 140555       sqlite3VdbeAddOp2(v, OP_Next, pLevel->iTabCur, addrTop+1); VdbeCoverage(v);
140073 140556     }
140074 140557     sqlite3VdbeChangeP5(v, SQLITE_STMTSTATUS_AUTOINDEX);
140075 140558     sqlite3VdbeJumpHere(v, addrTop);
140076 140559     sqlite3ReleaseTempReg(pParse, regRecord);
140077 140560     
................................................................................
141419 141902   #endif
141420 141903         whereLoopDelete(db, pToDel);
141421 141904       }
141422 141905     }
141423 141906     rc = whereLoopXfer(db, p, pTemplate);
141424 141907     if( (p->wsFlags & WHERE_VIRTUALTABLE)==0 ){
141425 141908       Index *pIndex = p->u.btree.pIndex;
141426         -    if( pIndex && pIndex->tnum==0 ){
       141909  +    if( pIndex && pIndex->idxType==SQLITE_IDXTYPE_IPK ){
141427 141910         p->u.btree.pIndex = 0;
141428 141911       }
141429 141912     }
141430 141913     return rc;
141431 141914   }
141432 141915   
141433 141916   /*
................................................................................
141586 142069   ** index pIndex. Try to match one more.
141587 142070   **
141588 142071   ** When this function is called, pBuilder->pNew->nOut contains the 
141589 142072   ** number of rows expected to be visited by filtering using the nEq 
141590 142073   ** terms only. If it is modified, this value is restored before this 
141591 142074   ** function returns.
141592 142075   **
141593         -** If pProbe->tnum==0, that means pIndex is a fake index used for the
141594         -** INTEGER PRIMARY KEY.
       142076  +** If pProbe->idxType==SQLITE_IDXTYPE_IPK, that means pIndex is 
       142077  +** a fake index used for the INTEGER PRIMARY KEY.
141595 142078   */
141596 142079   static int whereLoopAddBtreeIndex(
141597 142080     WhereLoopBuilder *pBuilder,     /* The WhereLoop factory */
141598 142081     struct SrcList_item *pSrc,      /* FROM clause term being analyzed */
141599 142082     Index *pProbe,                  /* An index on pSrc */
141600 142083     LogEst nInMul                   /* log(Number of iterations due to IN) */
141601 142084   ){
................................................................................
142087 142570       sPk.nKeyCol = 1;
142088 142571       sPk.nColumn = 1;
142089 142572       sPk.aiColumn = &aiColumnPk;
142090 142573       sPk.aiRowLogEst = aiRowEstPk;
142091 142574       sPk.onError = OE_Replace;
142092 142575       sPk.pTable = pTab;
142093 142576       sPk.szIdxRow = pTab->szTabRow;
       142577  +    sPk.idxType = SQLITE_IDXTYPE_IPK;
142094 142578       aiRowEstPk[0] = pTab->nRowLogEst;
142095 142579       aiRowEstPk[1] = 0;
142096 142580       pFirst = pSrc->pTab->pIndex;
142097 142581       if( pSrc->fg.notIndexed==0 ){
142098 142582         /* The real indices of the table are only considered if the
142099 142583         ** NOT INDEXED qualifier is omitted from the FROM clause */
142100 142584         sPk.pNext = pFirst;
................................................................................
142177 142661       pNew->rSetup = 0;
142178 142662       pNew->prereq = mPrereq;
142179 142663       pNew->nOut = rSize;
142180 142664       pNew->u.btree.pIndex = pProbe;
142181 142665       b = indexMightHelpWithOrderBy(pBuilder, pProbe, pSrc->iCursor);
142182 142666       /* The ONEPASS_DESIRED flags never occurs together with ORDER BY */
142183 142667       assert( (pWInfo->wctrlFlags & WHERE_ONEPASS_DESIRED)==0 || b==0 );
142184         -    if( pProbe->tnum<=0 ){
       142668  +    if( pProbe->idxType==SQLITE_IDXTYPE_IPK ){
142185 142669         /* Integer primary key index */
142186 142670         pNew->wsFlags = WHERE_IPK;
142187 142671   
142188 142672         /* Full table scan */
142189 142673         pNew->iSortIdx = b ? iSortIdx : 0;
142190 142674         /* TUNING: Cost of full table scan is (N*3.0). */
142191 142675         pNew->rRun = rSize + 16;
................................................................................
143853 144337     pWInfo->pParse = pParse;
143854 144338     pWInfo->pTabList = pTabList;
143855 144339     pWInfo->pOrderBy = pOrderBy;
143856 144340     pWInfo->pWhere = pWhere;
143857 144341     pWInfo->pResultSet = pResultSet;
143858 144342     pWInfo->aiCurOnePass[0] = pWInfo->aiCurOnePass[1] = -1;
143859 144343     pWInfo->nLevel = nTabList;
143860         -  pWInfo->iBreak = pWInfo->iContinue = sqlite3VdbeMakeLabel(v);
       144344  +  pWInfo->iBreak = pWInfo->iContinue = sqlite3VdbeMakeLabel(pParse);
143861 144345     pWInfo->wctrlFlags = wctrlFlags;
143862 144346     pWInfo->iLimit = iAuxArg;
143863 144347     pWInfo->savedNQueryLoop = pParse->nQueryLoop;
143864 144348     memset(&pWInfo->nOBSat, 0, 
143865 144349            offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
143866 144350     memset(&pWInfo->a[0], 0, sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
143867 144351     assert( pWInfo->eOnePass==ONEPASS_OFF );  /* ONEPASS defaults to OFF */
................................................................................
144127 144611     ** use a one-pass approach, and this is not set accurately for scans
144128 144612     ** that use the OR optimization.
144129 144613     */
144130 144614     assert( (wctrlFlags & WHERE_ONEPASS_DESIRED)==0 || pWInfo->nLevel==1 );
144131 144615     if( (wctrlFlags & WHERE_ONEPASS_DESIRED)!=0 ){
144132 144616       int wsFlags = pWInfo->a[0].pWLoop->wsFlags;
144133 144617       int bOnerow = (wsFlags & WHERE_ONEROW)!=0;
       144618  +    assert( !(wsFlags & WHERE_VIRTUALTABLE) || IsVirtual(pTabList->a[0].pTab) );
144134 144619       if( bOnerow || (
144135 144620           0!=(wctrlFlags & WHERE_ONEPASS_MULTIROW)
144136         -     && 0==(wsFlags & WHERE_VIRTUALTABLE)
       144621  +     && !IsVirtual(pTabList->a[0].pTab)
144137 144622        && (0==(wsFlags & WHERE_MULTI_OR) || (wctrlFlags & WHERE_DUPLICATES_OK))
144138 144623       )){
144139 144624         pWInfo->eOnePass = bOnerow ? ONEPASS_SINGLE : ONEPASS_MULTI;
144140 144625         if( HasRowid(pTabList->a[0].pTab) && (wsFlags & WHERE_IDX_ONLY) ){
144141 144626           if( wctrlFlags & WHERE_ONEPASS_MULTIROW ){
144142 144627             bFordelete = OPFLAG_FORDELETE;
144143 144628           }
................................................................................
144284 144769         if( db->mallocFailed ) goto whereBeginError;
144285 144770       }
144286 144771   #endif
144287 144772       addrExplain = sqlite3WhereExplainOneScan(
144288 144773           pParse, pTabList, pLevel, wctrlFlags
144289 144774       );
144290 144775       pLevel->addrBody = sqlite3VdbeCurrentAddr(v);
144291         -    notReady = sqlite3WhereCodeOneLoopStart(pWInfo, ii, notReady);
       144776  +    notReady = sqlite3WhereCodeOneLoopStart(pParse,v,pWInfo,ii,pLevel,notReady);
144292 144777       pWInfo->iContinue = pLevel->addrCont;
144293 144778       if( (wsFlags&WHERE_MULTI_OR)==0 && (wctrlFlags&WHERE_OR_SUBCLAUSE)==0 ){
144294 144779         sqlite3WhereAddScanStatus(v, pTabList, pLevel, addrExplain);
144295 144780       }
144296 144781     }
144297 144782   
144298 144783     /* Done. */
................................................................................
144468 144953       */
144469 144954       if( pTabItem->fg.viaCoroutine ){
144470 144955         testcase( pParse->db->mallocFailed );
144471 144956         translateColumnToCopy(pParse, pLevel->addrBody, pLevel->iTabCur,
144472 144957                               pTabItem->regResult, 0);
144473 144958         continue;
144474 144959       }
       144960  +
       144961  +#ifdef SQLITE_ENABLE_EARLY_CURSOR_CLOSE
       144962  +    /* Close all of the cursors that were opened by sqlite3WhereBegin.
       144963  +    ** Except, do not close cursors that will be reused by the OR optimization
       144964  +    ** (WHERE_OR_SUBCLAUSE).  And do not close the OP_OpenWrite cursors
       144965  +    ** created for the ONEPASS optimization.
       144966  +    */
       144967  +    if( (pTab->tabFlags & TF_Ephemeral)==0
       144968  +     && pTab->pSelect==0
       144969  +     && (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)==0
       144970  +    ){
       144971  +      int ws = pLoop->wsFlags;
       144972  +      if( pWInfo->eOnePass==ONEPASS_OFF && (ws & WHERE_IDX_ONLY)==0 ){
       144973  +        sqlite3VdbeAddOp1(v, OP_Close, pTabItem->iCursor);
       144974  +      }
       144975  +      if( (ws & WHERE_INDEXED)!=0
       144976  +       && (ws & (WHERE_IPK|WHERE_AUTO_INDEX))==0 
       144977  +       && pLevel->iIdxCur!=pWInfo->aiCurOnePass[1]
       144978  +      ){
       144979  +        sqlite3VdbeAddOp1(v, OP_Close, pLevel->iIdxCur);
       144980  +      }
       144981  +    }
       144982  +#endif
144475 144983   
144476 144984       /* If this scan uses an index, make VDBE code substitutions to read data
144477 144985       ** from the index instead of from the table where possible.  In some cases
144478 144986       ** this optimization prevents the table from ever being read, which can
144479 144987       ** yield a significant performance boost.
144480 144988       ** 
144481 144989       ** Calls to the code generator in between sqlite3WhereBegin and
................................................................................
145368 145876             sqlite3ExprAlloc(db, TK_INTEGER, &sqlite3IntTokens[0], 0)
145369 145877         );
145370 145878       }
145371 145879   
145372 145880       pSub = sqlite3SelectNew(
145373 145881           pParse, pSublist, pSrc, pWhere, pGroupBy, pHaving, pSort, 0, 0
145374 145882       );
145375         -    p->pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
145376         -    assert( p->pSrc || db->mallocFailed );
       145883  +    p->pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
145377 145884       if( p->pSrc ){
145378 145885         p->pSrc->a[0].pSelect = pSub;
145379 145886         sqlite3SrcListAssignCursors(pParse, p->pSrc);
145380 145887         if( sqlite3ExpandSubquery(pParse, &p->pSrc->a[0]) ){
145381 145888           rc = SQLITE_NOMEM;
145382 145889         }else{
145383 145890           pSub->selFlags |= SF_Expanded;
................................................................................
145426 145933   ** value should be a non-negative integer.  If the value is not a
145427 145934   ** constant, change it to NULL.  The fact that it is then a non-negative
145428 145935   ** integer will be caught later.  But it is important not to leave
145429 145936   ** variable values in the expression tree.
145430 145937   */
145431 145938   static Expr *sqlite3WindowOffsetExpr(Parse *pParse, Expr *pExpr){
145432 145939     if( 0==sqlite3ExprIsConstant(pExpr) ){
       145940  +    if( IN_RENAME_OBJECT ) sqlite3RenameExprUnmap(pParse, pExpr);
145433 145941       sqlite3ExprDelete(pParse->db, pExpr);
145434 145942       pExpr = sqlite3ExprAlloc(pParse->db, TK_NULL, 0, 0);
145435 145943     }
145436 145944     return pExpr;
145437 145945   }
145438 145946   
145439 145947   /*
................................................................................
145620 146128     VdbeCoverageIf(v, eCond==0);
145621 146129     VdbeCoverageIf(v, eCond==1);
145622 146130     VdbeCoverageIf(v, eCond==2);
145623 146131     sqlite3VdbeAddOp3(v, aOp[eCond], regZero, sqlite3VdbeCurrentAddr(v)+2, reg);
145624 146132     VdbeCoverageNeverNullIf(v, eCond==0);
145625 146133     VdbeCoverageNeverNullIf(v, eCond==1);
145626 146134     VdbeCoverageNeverNullIf(v, eCond==2);
       146135  +  sqlite3MayAbort(pParse);
145627 146136     sqlite3VdbeAddOp2(v, OP_Halt, SQLITE_ERROR, OE_Abort);
145628 146137     sqlite3VdbeAppendP4(v, (void*)azErr[eCond], P4_STATIC);
145629 146138     sqlite3ReleaseTempReg(pParse, regZero);
145630 146139   }
145631 146140   
145632 146141   /*
145633 146142   ** Return the number of arguments passed to the window-function associated
................................................................................
145875 146384     Window *pWin;
145876 146385     for(pWin=pMWin; pWin; pWin=pWin->pNextWin){
145877 146386       FuncDef *pFunc = pWin->pFunc;
145878 146387       if( pFunc->zName==nth_valueName
145879 146388        || pFunc->zName==first_valueName
145880 146389       ){
145881 146390         int csr = pWin->csrApp;
145882         -      int lbl = sqlite3VdbeMakeLabel(v);
       146391  +      int lbl = sqlite3VdbeMakeLabel(pParse);
145883 146392         int tmpReg = sqlite3GetTempReg(pParse);
145884 146393         sqlite3VdbeAddOp2(v, OP_Null, 0, pWin->regResult);
145885 146394   
145886 146395         if( pFunc->zName==nth_valueName ){
145887 146396           sqlite3VdbeAddOp3(v, OP_Column, pMWin->iEphCsr, pWin->iArgCol+1,tmpReg);
145888 146397           windowCheckIntValue(pParse, tmpReg, 2);
145889 146398         }else{
................................................................................
145898 146407         sqlite3VdbeResolveLabel(v, lbl);
145899 146408         sqlite3ReleaseTempReg(pParse, tmpReg);
145900 146409       }
145901 146410       else if( pFunc->zName==leadName || pFunc->zName==lagName ){
145902 146411         int nArg = pWin->pOwner->x.pList->nExpr;
145903 146412         int iEph = pMWin->iEphCsr;
145904 146413         int csr = pWin->csrApp;
145905         -      int lbl = sqlite3VdbeMakeLabel(v);
       146414  +      int lbl = sqlite3VdbeMakeLabel(pParse);
145906 146415         int tmpReg = sqlite3GetTempReg(pParse);
145907 146416   
145908 146417         if( nArg<3 ){
145909 146418           sqlite3VdbeAddOp2(v, OP_Null, 0, pWin->regResult);
145910 146419         }else{
145911 146420           sqlite3VdbeAddOp3(v, OP_Column, iEph, pWin->iArgCol+2, pWin->regResult);
145912 146421         }
................................................................................
146159 146668          || pMWin->eEnd==TK_CURRENT 
146160 146669          || pMWin->eEnd==TK_UNBOUNDED 
146161 146670          || pMWin->eEnd==TK_PRECEDING 
146162 146671     );
146163 146672   
146164 146673     /* Allocate register and label for the "flush_partition" sub-routine. */
146165 146674     regFlushPart = ++pParse->nMem;
146166         -  lblFlushPart = sqlite3VdbeMakeLabel(v);
146167         -  lblFlushDone = sqlite3VdbeMakeLabel(v);
       146675  +  lblFlushPart = sqlite3VdbeMakeLabel(pParse);
       146676  +  lblFlushDone = sqlite3VdbeMakeLabel(pParse);
146168 146677   
146169 146678     regStart = ++pParse->nMem;
146170 146679     regEnd = ++pParse->nMem;
146171 146680   
146172 146681     windowPartitionCache(pParse, p, pWInfo, regFlushPart, lblFlushPart, &regSize);
146173 146682   
146174 146683     addrGoto = sqlite3VdbeAddOp0(v, OP_Goto);
................................................................................
146270 146779       sqlite3VdbeJumpHere(v, addrIfPos2);
146271 146780     }
146272 146781   
146273 146782     if( pMWin->eStart==TK_CURRENT 
146274 146783      || pMWin->eStart==TK_PRECEDING 
146275 146784      || pMWin->eStart==TK_FOLLOWING 
146276 146785     ){
146277         -    int lblSkipInverse = sqlite3VdbeMakeLabel(v);;
       146786  +    int lblSkipInverse = sqlite3VdbeMakeLabel(pParse);;
146278 146787       if( pMWin->eStart==TK_PRECEDING ){
146279 146788         sqlite3VdbeAddOp3(v, OP_IfPos, regStart, lblSkipInverse, 1);
146280 146789         VdbeCoverage(v);
146281 146790       }
146282 146791       if( pMWin->eStart==TK_FOLLOWING ){
146283 146792         sqlite3VdbeAddOp2(v, OP_Next, csrStart, sqlite3VdbeCurrentAddr(v)+2);
146284 146793         VdbeCoverage(v);
................................................................................
146435 146944   
146436 146945     assert( (pMWin->eStart==TK_UNBOUNDED && pMWin->eEnd==TK_CURRENT) 
146437 146946          || (pMWin->eStart==TK_UNBOUNDED && pMWin->eEnd==TK_UNBOUNDED) 
146438 146947          || (pMWin->eStart==TK_CURRENT && pMWin->eEnd==TK_CURRENT) 
146439 146948          || (pMWin->eStart==TK_CURRENT && pMWin->eEnd==TK_UNBOUNDED) 
146440 146949     );
146441 146950   
146442         -  lblEmpty = sqlite3VdbeMakeLabel(v);
       146951  +  lblEmpty = sqlite3VdbeMakeLabel(pParse);
146443 146952     regNewPeer = pParse->nMem+1;
146444 146953     pParse->nMem += nPeer;
146445 146954   
146446 146955     /* Allocate register and label for the "flush_partition" sub-routine. */
146447 146956     regFlushPart = ++pParse->nMem;
146448         -  lblFlushPart = sqlite3VdbeMakeLabel(v);
       146957  +  lblFlushPart = sqlite3VdbeMakeLabel(pParse);
146449 146958   
146450 146959     csrLead = pParse->nTab++;
146451 146960     regCtr = ++pParse->nMem;
146452 146961   
146453 146962     windowPartitionCache(pParse, p, pWInfo, regFlushPart, lblFlushPart, &regSize);
146454 146963     addrGoto = sqlite3VdbeAddOp0(v, OP_Goto);
146455 146964   
................................................................................
146678 147187   SQLITE_PRIVATE Window *sqlite3WindowDup(sqlite3 *db, Expr *pOwner, Window *p){
146679 147188     Window *pNew = 0;
146680 147189     if( ALWAYS(p) ){
146681 147190       pNew = sqlite3DbMallocZero(db, sizeof(Window));
146682 147191       if( pNew ){
146683 147192         pNew->zName = sqlite3DbStrDup(db, p->zName);
146684 147193         pNew->pFilter = sqlite3ExprDup(db, p->pFilter, 0);
       147194  +      pNew->pFunc = p->pFunc;
146685 147195         pNew->pPartition = sqlite3ExprListDup(db, p->pPartition, 0);
146686 147196         pNew->pOrderBy = sqlite3ExprListDup(db, p->pOrderBy, 0);
146687 147197         pNew->eType = p->eType;
146688 147198         pNew->eEnd = p->eEnd;
146689 147199         pNew->eStart = p->eStart;
146690 147200         pNew->pStart = sqlite3ExprDup(db, p->pStart, 0);
146691 147201         pNew->pEnd = sqlite3ExprDup(db, p->pEnd, 0);
................................................................................
146935 147445         p->op2 = 0;
146936 147446         p->iTable = 0;
146937 147447         p->iColumn = 0;
146938 147448         p->u.zToken = (char*)&p[1];
146939 147449         memcpy(p->u.zToken, t.z, t.n);
146940 147450         p->u.zToken[t.n] = 0;
146941 147451         if( sqlite3Isquote(p->u.zToken[0]) ){
146942         -        if( p->u.zToken[0]=='"' ) p->flags |= EP_DblQuoted;
146943         -        sqlite3Dequote(p->u.zToken);
       147452  +        sqlite3DequoteExpr(p);
146944 147453         }
146945 147454   #if SQLITE_MAX_EXPR_DEPTH>0
146946 147455         p->nHeight = 1;
146947 147456   #endif  
146948 147457         if( IN_RENAME_OBJECT ){
146949 147458           return (Expr*)sqlite3RenameTokenMap(pParse, (void*)p, &t);
146950 147459         }
................................................................................
147045 147554   **    YY_MAX_REDUCE      Maximum value for reduce actions
147046 147555   */
147047 147556   #ifndef INTERFACE
147048 147557   # define INTERFACE 1
147049 147558   #endif
147050 147559   /************* Begin control #defines *****************************************/
147051 147560   #define YYCODETYPE unsigned short int
147052         -#define YYNOCODE 277
       147561  +#define YYNOCODE 278
147053 147562   #define YYACTIONTYPE unsigned short int
147054 147563   #define YYWILDCARD 91
147055 147564   #define sqlite3ParserTOKENTYPE Token
147056 147565   typedef union {
147057 147566     int yyinit;
147058 147567     sqlite3ParserTOKENTYPE yy0;
147059         -  Expr* yy18;
147060         -  struct TrigEvent yy34;
147061         -  IdList* yy48;
147062         -  int yy70;
147063         -  struct {int value; int mask;} yy111;
147064         -  struct FrameBound yy119;
147065         -  SrcList* yy135;
147066         -  TriggerStep* yy207;
147067         -  Window* yy327;
147068         -  Upsert* yy340;
147069         -  const char* yy392;
147070         -  ExprList* yy420;
147071         -  With* yy449;
147072         -  Select* yy489;
       147568  +  ExprList* yy42;
       147569  +  int yy96;
       147570  +  TriggerStep* yy119;
       147571  +  Window* yy147;
       147572  +  SrcList* yy167;
       147573  +  Upsert* yy266;
       147574  +  struct FrameBound yy317;
       147575  +  IdList* yy336;
       147576  +  struct TrigEvent yy350;
       147577  +  struct {int value; int mask;} yy367;
       147578  +  Select* yy423;
       147579  +  const char* yy464;
       147580  +  Expr* yy490;
       147581  +  With* yy499;
147073 147582   } YYMINORTYPE;
147074 147583   #ifndef YYSTACKDEPTH
147075 147584   #define YYSTACKDEPTH 100
147076 147585   #endif
147077 147586   #define sqlite3ParserARG_SDECL
147078 147587   #define sqlite3ParserARG_PDECL
147079 147588   #define sqlite3ParserARG_PARAM
................................................................................
147081 147590   #define sqlite3ParserARG_STORE
147082 147591   #define sqlite3ParserCTX_SDECL Parse *pParse;
147083 147592   #define sqlite3ParserCTX_PDECL ,Parse *pParse
147084 147593   #define sqlite3ParserCTX_PARAM ,pParse
147085 147594   #define sqlite3ParserCTX_FETCH Parse *pParse=yypParser->pParse;
147086 147595   #define sqlite3ParserCTX_STORE yypParser->pParse=pParse;
147087 147596   #define YYFALLBACK 1
147088         -#define YYNSTATE             521
147089         -#define YYNRULE              367
       147597  +#define YYNSTATE             524
       147598  +#define YYNRULE              369
147090 147599   #define YYNTOKEN             155
147091         -#define YY_MAX_SHIFT         520
147092         -#define YY_MIN_SHIFTREDUCE   756
147093         -#define YY_MAX_SHIFTREDUCE   1122
147094         -#define YY_ERROR_ACTION      1123
147095         -#define YY_ACCEPT_ACTION     1124
147096         -#define YY_NO_ACTION         1125
147097         -#define YY_MIN_REDUCE        1126
147098         -#define YY_MAX_REDUCE        1492
       147600  +#define YY_MAX_SHIFT         523
       147601  +#define YY_MIN_SHIFTREDUCE   760
       147602  +#define YY_MAX_SHIFTREDUCE   1128
       147603  +#define YY_ERROR_ACTION      1129
       147604  +#define YY_ACCEPT_ACTION     1130
       147605  +#define YY_NO_ACTION         1131
       147606  +#define YY_MIN_REDUCE        1132
       147607  +#define YY_MAX_REDUCE        1500
147099 147608   /************* End control #defines *******************************************/
147100 147609   #define YY_NLOOKAHEAD ((int)(sizeof(yy_lookahead)/sizeof(yy_lookahead[0])))
147101 147610   
147102 147611   /* Define the yytestcase() macro to be a no-op if is not already defined
147103 147612   ** otherwise.
147104 147613   **
147105 147614   ** Applications can choose to define yytestcase() in the %include section
................................................................................
147160 147669   **  yy_reduce_ofst[]   For each state, the offset into yy_action for
147161 147670   **                     shifting non-terminals after a reduce.
147162 147671   **  yy_default[]       Default action for each state.
147163 147672   **
147164 147673   *********** Begin parsing tables **********************************************/
147165 147674   #define YY_ACTTAB_COUNT (2009)
147166 147675   static const YYACTIONTYPE yy_action[] = {
147167         - /*     0 */   368,  105,  102,  197,  105,  102,  197,  515, 1124,    1,
147168         - /*    10 */     1,  520,    2, 1128,  515, 1192, 1171, 1456,  275,  370,
147169         - /*    20 */   127, 1389, 1197, 1197, 1192, 1166,  178, 1205,   64,   64,
147170         - /*    30 */   477,  887,  322,  428,  348,   37,   37,  808,  362,  888,
147171         - /*    40 */   509,  509,  509,  112,  113,  103, 1100, 1100,  953,  956,
147172         - /*    50 */   946,  946,  110,  110,  111,  111,  111,  111,  365,  252,
147173         - /*    60 */   252,  515,  252,  252,  497,  515,  309,  515,  459,  515,
147174         - /*    70 */  1079,  491,  512,  478,    6,  512,  809,  134,  498,  228,
147175         - /*    80 */   194,  428,   37,   37,  515,  208,   64,   64,   64,   64,
147176         - /*    90 */    13,   13,  109,  109,  109,  109,  108,  108,  107,  107,
147177         - /*   100 */   107,  106,  401,  258,  381,   13,   13,  398,  397,  428,
147178         - /*   110 */   252,  252,  370,  476,  405, 1104, 1079, 1080, 1081,  386,
147179         - /*   120 */  1106,  390,  497,  512,  497, 1423, 1419,  304, 1105,  307,
147180         - /*   130 */  1256,  496,  370,  499,   16,   16,  112,  113,  103, 1100,
147181         - /*   140 */  1100,  953,  956,  946,  946,  110,  110,  111,  111,  111,
147182         - /*   150 */   111,  262, 1107,  495, 1107,  401,  112,  113,  103, 1100,
147183         - /*   160 */  1100,  953,  956,  946,  946,  110,  110,  111,  111,  111,
147184         - /*   170 */   111,  129, 1425,  343, 1420,  339, 1059,  492, 1057,  263,
147185         - /*   180 */    73,  105,  102,  197,  994,  109,  109,  109,  109,  108,
147186         - /*   190 */   108,  107,  107,  107,  106,  401,  370,  111,  111,  111,
147187         - /*   200 */   111,  104,  492,   89, 1432,  109,  109,  109,  109,  108,
147188         - /*   210 */   108,  107,  107,  107,  106,  401,  111,  111,  111,  111,
147189         - /*   220 */   112,  113,  103, 1100, 1100,  953,  956,  946,  946,  110,
147190         - /*   230 */   110,  111,  111,  111,  111,  109,  109,  109,  109,  108,
147191         - /*   240 */   108,  107,  107,  107,  106,  401,  114,  108,  108,  107,
147192         - /*   250 */   107,  107,  106,  401,  109,  109,  109,  109,  108,  108,
147193         - /*   260 */   107,  107,  107,  106,  401,  152,  399,  399,  399,  109,
147194         - /*   270 */   109,  109,  109,  108,  108,  107,  107,  107,  106,  401,
147195         - /*   280 */   178,  493, 1412,  434, 1037, 1486, 1079,  515, 1486,  370,
147196         - /*   290 */   421,  297,  357,  412,   74, 1079,  109,  109,  109,  109,
147197         - /*   300 */   108,  108,  107,  107,  107,  106,  401, 1413,   37,   37,
147198         - /*   310 */  1431,  274,  506,  112,  113,  103, 1100, 1100,  953,  956,
147199         - /*   320 */   946,  946,  110,  110,  111,  111,  111,  111, 1436,  520,
147200         - /*   330 */     2, 1128, 1079, 1080, 1081,  430,  275, 1079,  127,  366,
147201         - /*   340 */   933, 1079, 1080, 1081,  220, 1205,  913,  458,  455,  454,
147202         - /*   350 */   392,  167,  515, 1035,  152,  445,  924,  453,  152,  874,
147203         - /*   360 */   923,  289,  109,  109,  109,  109,  108,  108,  107,  107,
147204         - /*   370 */   107,  106,  401,   13,   13,  261,  853,  252,  252,  227,
147205         - /*   380 */   106,  401,  370, 1079, 1080, 1081,  311,  388, 1079,  296,
147206         - /*   390 */   512,  923,  923,  925,  231,  323, 1255, 1388, 1423,  490,
147207         - /*   400 */   274,  506,   12,  208,  274,  506,  112,  113,  103, 1100,
147208         - /*   410 */  1100,  953,  956,  946,  946,  110,  110,  111,  111,  111,
147209         - /*   420 */   111, 1440,  286, 1128,  288, 1079, 1097,  247,  275, 1098,
147210         - /*   430 */   127,  387,  405,  389, 1079, 1080, 1081, 1205,  159,  238,
147211         - /*   440 */   255,  321,  461,  316,  460,  225,  790,  105,  102,  197,
147212         - /*   450 */   513,  314,  842,  842,  445,  109,  109,  109,  109,  108,
147213         - /*   460 */   108,  107,  107,  107,  106,  401,  515,  514,  515,  252,
147214         - /*   470 */   252, 1079, 1080, 1081,  435,  370, 1098,  933, 1460,  794,
147215         - /*   480 */   274,  506,  512,  105,  102,  197,  336,   63,   63,   64,
147216         - /*   490 */    64,   27,  790,  924,  287,  208, 1354,  923,  515,  112,
147217         - /*   500 */   113,  103, 1100, 1100,  953,  956,  946,  946,  110,  110,
147218         - /*   510 */   111,  111,  111,  111,  107,  107,  107,  106,  401,   49,
147219         - /*   520 */    49,  515,   28, 1079,  405,  497,  421,  297,  923,  923,
147220         - /*   530 */   925,  186,  468, 1079,  467,  999,  999,  442,  515, 1079,
147221         - /*   540 */   334,  515,   45,   45, 1083,  342,  173,  168,  109,  109,
147222         - /*   550 */   109,  109,  108,  108,  107,  107,  107,  106,  401,   13,
147223         - /*   560 */    13,  205,   13,   13,  252,  252, 1195, 1195,  370, 1079,
147224         - /*   570 */  1080, 1081,  787,  265,    5,  359,  494,  512,  469, 1079,
147225         - /*   580 */  1080, 1081,  398,  397, 1079, 1079, 1080, 1081,    3,  282,
147226         - /*   590 */  1079, 1083,  112,  113,  103, 1100, 1100,  953,  956,  946,
147227         - /*   600 */   946,  110,  110,  111,  111,  111,  111,  252,  252, 1015,
147228         - /*   610 */   220, 1079,  873,  458,  455,  454,  943,  943,  954,  957,
147229         - /*   620 */   512,  252,  252,  453, 1016, 1079,  445, 1107, 1209, 1107,
147230         - /*   630 */  1079, 1080, 1081,  515,  512,  426, 1079, 1080, 1081, 1017,
147231         - /*   640 */   512,  109,  109,  109,  109,  108,  108,  107,  107,  107,
147232         - /*   650 */   106,  401, 1052,  515,   50,   50,  515, 1079, 1080, 1081,
147233         - /*   660 */   828,  370, 1051,  379,  411, 1064, 1358,  207,  408,  773,
147234         - /*   670 */   829, 1079, 1080, 1081,   64,   64,  322,   64,   64, 1302,
147235         - /*   680 */   947,  411,  410, 1358, 1360,  112,  113,  103, 1100, 1100,
147236         - /*   690 */   953,  956,  946,  946,  110,  110,  111,  111,  111,  111,
147237         - /*   700 */   294,  482,  515, 1037, 1487,  515,  434, 1487,  354, 1120,
147238         - /*   710 */   483,  996,  913,  485,  466,  996,  132,  178,   33,  450,
147239         - /*   720 */  1203,  136,  406,   64,   64,  479,   64,   64,  419,  369,
147240         - /*   730 */   283, 1146,  252,  252,  109,  109,  109,  109,  108,  108,
147241         - /*   740 */   107,  107,  107,  106,  401,  512,  224,  440,  411,  266,
147242         - /*   750 */  1358,  266,  252,  252,  370,  296,  416,  284,  934,  396,
147243         - /*   760 */   976,  470,  400,  252,  252,  512,    9,  473,  231,  500,
147244         - /*   770 */   354, 1036, 1035, 1488,  355,  374,  512, 1121,  112,  113,
147245         - /*   780 */   103, 1100, 1100,  953,  956,  946,  946,  110,  110,  111,
147246         - /*   790 */   111,  111,  111,  252,  252, 1015,  515, 1347,  295,  252,
147247         - /*   800 */   252,  252,  252, 1098,  375,  249,  512,  445,  872,  322,
147248         - /*   810 */  1016,  480,  512,  195,  512,  434,  273,   15,   15,  515,
147249         - /*   820 */   314,  515,   95,  515,   93, 1017,  367,  109,  109,  109,
147250         - /*   830 */   109,  108,  108,  107,  107,  107,  106,  401,  515, 1121,
147251         - /*   840 */    39,   39,   51,   51,   52,   52,  503,  370,  515, 1204,
147252         - /*   850 */  1098,  918,  439,  341,  133,  436,  223,  222,  221,   53,
147253         - /*   860 */    53,  322, 1400,  761,  762,  763,  515,  370,   88,   54,
147254         - /*   870 */    54,  112,  113,  103, 1100, 1100,  953,  956,  946,  946,
147255         - /*   880 */   110,  110,  111,  111,  111,  111,  407,   55,   55,  196,
147256         - /*   890 */   515,  112,  113,  103, 1100, 1100,  953,  956,  946,  946,
147257         - /*   900 */   110,  110,  111,  111,  111,  111,  135,  264, 1149,  376,
147258         - /*   910 */   515,   40,   40,  515,  872,  515,  993,  515,  993,  116,
147259         - /*   920 */   109,  109,  109,  109,  108,  108,  107,  107,  107,  106,
147260         - /*   930 */   401,   41,   41,  515,   43,   43,   44,   44,   56,   56,
147261         - /*   940 */   109,  109,  109,  109,  108,  108,  107,  107,  107,  106,
147262         - /*   950 */   401,  515,  379,  515,   57,   57,  515,  799,  515,  379,
147263         - /*   960 */   515,  445,  200,  515,  323,  515, 1397,  515, 1459,  515,
147264         - /*   970 */  1287,  817,   58,   58,   14,   14,  515,   59,   59,  118,
147265         - /*   980 */   118,   60,   60,  515,   46,   46,   61,   61,   62,   62,
147266         - /*   990 */    47,   47,  515,  190,  189,   91,  515,  140,  140,  515,
147267         - /*  1000 */   394,  515,  277, 1200,  141,  141,  515, 1115,  515,  992,
147268         - /*  1010 */   515,  992,  515,   69,   69,  370,  278,   48,   48,  259,
147269         - /*  1020 */    65,   65,  119,  119,  246,  246,  260,   66,   66,  120,
147270         - /*  1030 */   120,  121,  121,  117,  117,  370,  515,  512,  383,  112,
147271         - /*  1040 */   113,  103, 1100, 1100,  953,  956,  946,  946,  110,  110,
147272         - /*  1050 */   111,  111,  111,  111,  515,  872,  515,  139,  139,  112,
147273         - /*  1060 */   113,  103, 1100, 1100,  953,  956,  946,  946,  110,  110,
147274         - /*  1070 */   111,  111,  111,  111, 1287,  138,  138,  125,  125,  515,
147275         - /*  1080 */    12,  515,  281, 1287,  515,  445,  131, 1287,  109,  109,
147276         - /*  1090 */   109,  109,  108,  108,  107,  107,  107,  106,  401,  515,
147277         - /*  1100 */   124,  124,  122,  122,  515,  123,  123,  515,  109,  109,
147278         - /*  1110 */   109,  109,  108,  108,  107,  107,  107,  106,  401,  515,
147279         - /*  1120 */    68,   68,  463,  783,  515,   70,   70,  302,   67,   67,
147280         - /*  1130 */  1032,  253,  253,  356, 1287,  191,  196, 1433,  465, 1301,
147281         - /*  1140 */    38,   38,  384,   94,  512,   42,   42,  177,  848,  274,
147282         - /*  1150 */   506,  385,  420,  847, 1356,  441,  508,  376,  377,  153,
147283         - /*  1160 */   423,  872,  432,  370,  224,  251,  194,  887,  182,  293,
147284         - /*  1170 */   783,  848,   88,  254,  466,  888,  847,  915,  807,  806,
147285         - /*  1180 */   230, 1241,  910,  370,   17,  413,  797,  112,  113,  103,
147286         - /*  1190 */  1100, 1100,  953,  956,  946,  946,  110,  110,  111,  111,
147287         - /*  1200 */   111,  111,  395,  814,  815, 1175,  983,  112,  101,  103,
147288         - /*  1210 */  1100, 1100,  953,  956,  946,  946,  110,  110,  111,  111,
147289         - /*  1220 */   111,  111,  375,  422,  427,  429,  298,  230,  230,   88,
147290         - /*  1230 */  1240,  451,  312,  797,  226,   88,  109,  109,  109,  109,
147291         - /*  1240 */   108,  108,  107,  107,  107,  106,  401,   86,  433,  979,
147292         - /*  1250 */   927,  881,  226,  983,  230,  415,  109,  109,  109,  109,
147293         - /*  1260 */   108,  108,  107,  107,  107,  106,  401,  320,  845,  781,
147294         - /*  1270 */   846,  100,  130,  100, 1403,  290,  370,  319, 1377, 1376,
147295         - /*  1280 */   437, 1449,  299, 1237,  303,  306,  308,  310, 1188, 1174,
147296         - /*  1290 */  1173, 1172,  315,  324,  325, 1228,  370,  927, 1249,  271,
147297         - /*  1300 */  1286,  113,  103, 1100, 1100,  953,  956,  946,  946,  110,
147298         - /*  1310 */   110,  111,  111,  111,  111, 1224, 1235,  502,  501, 1292,
147299         - /*  1320 */  1221, 1155,  103, 1100, 1100,  953,  956,  946,  946,  110,
147300         - /*  1330 */   110,  111,  111,  111,  111, 1148, 1137, 1136, 1138, 1443,
147301         - /*  1340 */   446,  244,  184,   98,  507,  188,    4,  353,  327,  109,
147302         - /*  1350 */   109,  109,  109,  108,  108,  107,  107,  107,  106,  401,
147303         - /*  1360 */   510,  329,  331,  199,  414,  456,  292,  285,  318,  109,
147304         - /*  1370 */   109,  109,  109,  108,  108,  107,  107,  107,  106,  401,
147305         - /*  1380 */    11, 1271, 1279,  402,  361,  192, 1171, 1351,  431,  505,
147306         - /*  1390 */   346, 1350,  333,   98,  507,  504,    4,  187, 1446, 1115,
147307         - /*  1400 */   233, 1396,  155, 1394, 1112,  152,   72,   75,  378,  425,
147308         - /*  1410 */   510,  165,  149,  157,  933, 1276,   86,   30, 1268,  417,
147309         - /*  1420 */    96,   96,    8,  160,  161,  162,  163,   97,  418,  402,
147310         - /*  1430 */   517,  516,  449,  402,  923,  210,  358,  424, 1282,  438,
147311         - /*  1440 */   169,  214,  360, 1345,   80,  504,   31,  444, 1365,  301,
147312         - /*  1450 */   245,  274,  506,  216,  174,  305,  488,  447,  217,  462,
147313         - /*  1460 */  1139,  487,  218,  363,  933,  923,  923,  925,  926,   24,
147314         - /*  1470 */    96,   96, 1191, 1190, 1189,  391, 1182,   97, 1163,  402,
147315         - /*  1480 */   517,  516,  799,  364,  923, 1162,  317, 1161,   98,  507,
147316         - /*  1490 */  1181,    4, 1458,  472,  393,  269,  270,  475,  481, 1232,
147317         - /*  1500 */    85, 1233,  326,  328,  232,  510,  495, 1231,  330,   98,
147318         - /*  1510 */   507, 1230,    4,  486,  335,  923,  923,  925,  926,   24,
147319         - /*  1520 */  1435, 1068,  404,  181,  336,  256,  510,  115,  402,  332,
147320         - /*  1530 */   352,  352,  351,  241,  349, 1214, 1414,  770,  338,   10,
147321         - /*  1540 */   504,  340,  272,   92, 1331, 1213,   87,  183,  484,  402,
147322         - /*  1550 */   201,  488,  280,  239,  344,  345,  489, 1145,   29,  933,
147323         - /*  1560 */   279,  504, 1074,  518,  240,   96,   96,  242,  243,  519,
147324         - /*  1570 */  1134, 1129,   97,  154,  402,  517,  516,  372,  373,  923,
147325         - /*  1580 */   933,  142,  143,  128, 1381,  267,   96,   96,  852,  757,
147326         - /*  1590 */   203,  144,  403,   97, 1382,  402,  517,  516,  204, 1380,
147327         - /*  1600 */   923,  146, 1379, 1159, 1158,   71, 1156,  276,  202,  185,
147328         - /*  1610 */   923,  923,  925,  926,   24,  198,  257,  126,  991,  989,
147329         - /*  1620 */   907,   98,  507,  156,    4,  145,  158,  206,  831,  209,
147330         - /*  1630 */   291,  923,  923,  925,  926,   24, 1005,  911,  510,  164,
147331         - /*  1640 */   147,  380,  371,  382,  166,   76,   77,  274,  506,  148,
147332         - /*  1650 */    78,   79, 1008,  211,  212, 1004,  137,  213,   18,  300,
147333         - /*  1660 */   230,  402,  997, 1109,  443,  215,   32,  170,  171,  772,
147334         - /*  1670 */   409,  448,  319,  504,  219,  172,  452,   81,   19,  457,
147335         - /*  1680 */   313,   20,   82,  268,  488,  150,  810,  179,   83,  487,
147336         - /*  1690 */   464,  151,  933,  180,  959,   84, 1040,   34,   96,   96,
147337         - /*  1700 */   471, 1041,   35,  474,  193,   97,  248,  402,  517,  516,
147338         - /*  1710 */  1068,  404,  923,  250,  256,  880,  229,  175,  875,  352,
147339         - /*  1720 */   352,  351,  241,  349,  100,   21,  770,   22, 1054, 1056,
147340         - /*  1730 */     7,   98,  507, 1045,    4,  337, 1058,   23,  974,  201,
147341         - /*  1740 */   176,  280,   88,  923,  923,  925,  926,   24,  510,  279,
147342         - /*  1750 */   960,  958,  962, 1014,  963, 1013,  235,  234,   25,   36,
147343         - /*  1760 */    99,   90,  507,  928,    4,  511,  350,  782,   26,  841,
147344         - /*  1770 */   236,  402,  347, 1069,  237, 1125, 1125, 1451,  510,  203,
147345         - /*  1780 */  1450, 1125, 1125,  504, 1125, 1125, 1125,  204, 1125, 1125,
147346         - /*  1790 */   146, 1125, 1125, 1125, 1125, 1125, 1125,  202, 1125, 1125,
147347         - /*  1800 */  1125,  402,  933, 1125, 1125, 1125, 1125, 1125,   96,   96,
147348         - /*  1810 */  1125, 1125, 1125,  504, 1125,   97, 1125,  402,  517,  516,
147349         - /*  1820 */  1125, 1125,  923, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147350         - /*  1830 */  1125,  371,  933, 1125, 1125, 1125,  274,  506,   96,   96,
147351         - /*  1840 */  1125, 1125, 1125, 1125, 1125,   97, 1125,  402,  517,  516,
147352         - /*  1850 */  1125, 1125,  923,  923,  923,  925,  926,   24, 1125,  409,
147353         - /*  1860 */  1125, 1125, 1125,  256, 1125, 1125, 1125, 1125,  352,  352,
147354         - /*  1870 */   351,  241,  349, 1125, 1125,  770, 1125, 1125, 1125, 1125,
147355         - /*  1880 */  1125, 1125, 1125,  923,  923,  925,  926,   24,  201, 1125,
147356         - /*  1890 */   280, 1125, 1125, 1125, 1125, 1125, 1125, 1125,  279, 1125,
147357         - /*  1900 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147358         - /*  1910 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147359         - /*  1920 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,  203, 1125,
147360         - /*  1930 */  1125, 1125, 1125, 1125, 1125, 1125,  204, 1125, 1125,  146,
147361         - /*  1940 */  1125, 1125, 1125, 1125, 1125, 1125,  202, 1125, 1125, 1125,
147362         - /*  1950 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147363         - /*  1960 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147364         - /*  1970 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147365         - /*  1980 */   371, 1125, 1125, 1125, 1125,  274,  506, 1125, 1125, 1125,
147366         - /*  1990 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147367         - /*  2000 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,  409,
       147676  + /*     0 */   377,  518,  371,  107,  104,  200, 1293,  518, 1130,    1,
       147677  + /*    10 */     1,  523,    2, 1134,  518, 1203, 1203, 1262,  277,  373,
       147678  + /*    20 */   129,  495,   37,   37, 1397, 1201, 1201, 1211,   65,   65,
       147679  + /*    30 */   480,  891,  107,  104,  200,   37,   37, 1043, 1494,  892,
       147680  + /*    40 */   346, 1494,  342,  114,  115,  105, 1106, 1106,  957,  960,
       147681  + /*    50 */   950,  950,  112,  112,  113,  113,  113,  113,  285,  254,
       147682  + /*    60 */   254,  518,  254,  254,  500,  518,  495,  518,  107,  104,
       147683  + /*    70 */   200, 1085,  515,  481,  386,  515, 1464,  442,  501,  230,
       147684  + /*    80 */   197,  439,   37,   37, 1172,  210,   65,   65,   65,   65,
       147685  + /*    90 */   254,  254,  111,  111,  111,  111,  110,  110,  109,  109,
       147686  + /*   100 */   109,  108,  404,  515,  404,  155, 1041,  431,  401,  400,
       147687  + /*   110 */   254,  254,  373, 1431, 1427,  408, 1110, 1085, 1086, 1087,
       147688  + /*   120 */   284, 1112,  500,  515,  500,  368, 1433, 1421, 1428, 1111,
       147689  + /*   130 */  1261,  499,  373,  502,  108,  404,  114,  115,  105, 1106,
       147690  + /*   140 */  1106,  957,  960,  950,  950,  112,  112,  113,  113,  113,
       147691  + /*   150 */   113,  276,  509, 1113,  369, 1113,  114,  115,  105, 1106,
       147692  + /*   160 */  1106,  957,  960,  950,  950,  112,  112,  113,  113,  113,
       147693  + /*   170 */   113,  496, 1420, 1431,  493, 1468, 1065,  260, 1063,  433,
       147694  + /*   180 */    74,  107,  104,  200,  498,  111,  111,  111,  111,  110,
       147695  + /*   190 */   110,  109,  109,  109,  108,  404,  373,  113,  113,  113,
       147696  + /*   200 */   113,  106,  131,   91, 1361,  111,  111,  111,  111,  110,
       147697  + /*   210 */   110,  109,  109,  109,  108,  404,  113,  113,  113,  113,
       147698  + /*   220 */   114,  115,  105, 1106, 1106,  957,  960,  950,  950,  112,
       147699  + /*   230 */   112,  113,  113,  113,  113,  111,  111,  111,  111,  110,
       147700  + /*   240 */   110,  109,  109,  109,  108,  404,  116,  110,  110,  109,
       147701  + /*   250 */   109,  109,  108,  404,  111,  111,  111,  111,  110,  110,
       147702  + /*   260 */   109,  109,  109,  108,  404,  917,  512,  512,  512,  111,
       147703  + /*   270 */   111,  111,  111,  110,  110,  109,  109,  109,  108,  404,
       147704  + /*   280 */   517, 1198, 1177,  181,  109,  109,  109,  108,  404,  373,
       147705  + /*   290 */  1198,  402,  402,  402,   75,  360,  111,  111,  111,  111,
       147706  + /*   300 */   110,  110,  109,  109,  109,  108,  404,  382,  299,  419,
       147707  + /*   310 */   287,  170,  518,  114,  115,  105, 1106, 1106,  957,  960,
       147708  + /*   320 */   950,  950,  112,  112,  113,  113,  113,  113, 1444,  523,
       147709  + /*   330 */     2, 1134,  518,   13,   13,  337,  277, 1085,  129,  226,
       147710  + /*   340 */   937, 1058, 1000,  471,  917, 1211,  453,  384, 1085,  395,
       147711  + /*   350 */   162, 1057,  155,   45,   45,  416,  928,  401,  400,  479,
       147712  + /*   360 */   927,   12,  111,  111,  111,  111,  110,  110,  109,  109,
       147713  + /*   370 */   109,  108,  404,  226,  286,  254,  254,  254,  254,  518,
       147714  + /*   380 */    16,   16,  373, 1085, 1086, 1087,  314,  299,  515,  472,
       147715  + /*   390 */   515,  927,  927,  929, 1085, 1086, 1087,  378,  276,  509,
       147716  + /*   400 */    65,   65, 1113,  210, 1113, 1085,  114,  115,  105, 1106,
       147717  + /*   410 */  1106,  957,  960,  950,  950,  112,  112,  113,  113,  113,
       147718  + /*   420 */   113, 1448,  222, 1134, 1089,  461,  458,  457,  277,  180,
       147719  + /*   430 */   129,  378,  392,  408,  423,  456,  500, 1211,  240,  257,
       147720  + /*   440 */   324,  464,  319,  463,  227,  470,   12,  317,  424,  300,
       147721  + /*   450 */   317, 1085, 1086, 1087,  485,  111,  111,  111,  111,  110,
       147722  + /*   460 */   110,  109,  109,  109,  108,  404,  181,  118, 1085,  254,
       147723  + /*   470 */   254, 1089,  518,   90,  351,  373,  518, 1181,  365,  798,
       147724  + /*   480 */  1440,  339,  515,  248,  248,   77,  325,  133, 1085,  249,
       147725  + /*   490 */   424,  300,  794,   49,   49,  210,  515,   65,   65,  114,
       147726  + /*   500 */   115,  105, 1106, 1106,  957,  960,  950,  950,  112,  112,
       147727  + /*   510 */   113,  113,  113,  113, 1085, 1086, 1087,  222, 1085,  438,
       147728  + /*   520 */   461,  458,  457,  937,  787,  408,  171,  857,  362, 1021,
       147729  + /*   530 */   456,  136,  198,  486, 1085, 1086, 1087,  448,  794,  928,
       147730  + /*   540 */     5,  193,  192,  927, 1022,  107,  104,  200,  111,  111,
       147731  + /*   550 */   111,  111,  110,  110,  109,  109,  109,  108,  404, 1023,
       147732  + /*   560 */   254,  254,  803, 1085, 1085, 1086, 1087,  437,  373, 1085,
       147733  + /*   570 */   344,  787,  791,  515,  927,  927,  929, 1085, 1408, 1396,
       147734  + /*   580 */   832, 1085,  176,    3,  852, 1085,  518, 1439,  429,  851,
       147735  + /*   590 */   833,  518,  114,  115,  105, 1106, 1106,  957,  960,  950,
       147736  + /*   600 */   950,  112,  112,  113,  113,  113,  113,   13,   13, 1085,
       147737  + /*   610 */  1086, 1087,   13,   13,  518, 1085, 1086, 1087, 1496,  358,
       147738  + /*   620 */  1085,  389, 1234, 1085, 1086, 1087,  391, 1085, 1086, 1087,
       147739  + /*   630 */   448, 1085, 1086, 1087,  518,   65,   65,  947,  947,  958,
       147740  + /*   640 */   961,  111,  111,  111,  111,  110,  110,  109,  109,  109,
       147741  + /*   650 */   108,  404,  518,  382,  878,   13,   13,  518,  877,  518,
       147742  + /*   660 */   263,  373,  518,  431,  448, 1070, 1085, 1086, 1087,  267,
       147743  + /*   670 */   448,  488, 1360,   64,   64,  431,  812,  155,   50,   50,
       147744  + /*   680 */    65,   65,  518,   65,   65,  114,  115,  105, 1106, 1106,
       147745  + /*   690 */   957,  960,  950,  950,  112,  112,  113,  113,  113,  113,
       147746  + /*   700 */   518,  951,  382,   13,   13,  415,  411,  462,  414, 1085,
       147747  + /*   710 */  1366,  777, 1210,  292,  297,  813,  399,  497,  181,  403,
       147748  + /*   720 */   261,   15,   15,  276,  509,  414,  413, 1366, 1368,  410,
       147749  + /*   730 */   372,  345, 1209,  264,  111,  111,  111,  111,  110,  110,
       147750  + /*   740 */   109,  109,  109,  108,  404,  265,  254,  254,  229, 1405,
       147751  + /*   750 */   268, 1215,  268, 1103,  373, 1085, 1086, 1087,  938,  515,
       147752  + /*   760 */   393,  409,  876,  515,  254,  254, 1152,  482,  473,  262,
       147753  + /*   770 */   422,  476,  325,  503,  289,  518,  291,  515,  114,  115,
       147754  + /*   780 */   105, 1106, 1106,  957,  960,  950,  950,  112,  112,  113,
       147755  + /*   790 */   113,  113,  113,  414, 1021, 1366,   39,   39,  254,  254,
       147756  + /*   800 */   254,  254,  980,  254,  254,  254,  254,  255,  255, 1022,
       147757  + /*   810 */   279,  515,  516,  515,  846,  846,  515,  138,  515,  518,
       147758  + /*   820 */   515, 1043, 1495,  251, 1023, 1495,  876,  111,  111,  111,
       147759  + /*   830 */   111,  110,  110,  109,  109,  109,  108,  404,  518, 1353,
       147760  + /*   840 */    51,   51,  518,  199,  518,  506,  290,  373,  518,  276,
       147761  + /*   850 */   509,  922,    9,  483,  233, 1005, 1005,  445,  189,   52,
       147762  + /*   860 */    52,  325,  280,   53,   53,   54,   54,  373,  876,   55,
       147763  + /*   870 */    55,  114,  115,  105, 1106, 1106,  957,  960,  950,  950,
       147764  + /*   880 */   112,  112,  113,  113,  113,  113,   97,  518,   95, 1104,
       147765  + /*   890 */  1041,  114,  115,  105, 1106, 1106,  957,  960,  950,  950,
       147766  + /*   900 */   112,  112,  113,  113,  113,  113,  135,  199,   56,   56,
       147767  + /*   910 */   765,  766,  767,  225,  224,  223,  518,  283,  437,  233,
       147768  + /*   920 */   111,  111,  111,  111,  110,  110,  109,  109,  109,  108,
       147769  + /*   930 */   404, 1002,  876,  326,  518, 1002, 1104,   40,   40,  518,
       147770  + /*   940 */   111,  111,  111,  111,  110,  110,  109,  109,  109,  108,
       147771  + /*   950 */   404,  518,  448,  518, 1104,   41,   41,  518,   17,  518,
       147772  + /*   960 */    43,   43, 1155,  379,  518,  448,  518,  443,  518,  390,
       147773  + /*   970 */   518,  194,   44,   44,   57,   57, 1247,  518,   58,   58,
       147774  + /*   980 */    59,   59,  518,  466,  326,   14,   14,   60,   60,  120,
       147775  + /*   990 */   120,   61,   61,  449, 1206,   93,  518,  425,   46,   46,
       147776  + /*  1000 */   518, 1104,  518,   62,   62,  518,  437,  305,  518,  852,
       147777  + /*  1010 */   518,  298,  518, 1246,  851,  373,  518,   63,   63, 1293,
       147778  + /*  1020 */   397,   47,   47,  142,  142, 1467,  143,  143,  821,   70,
       147779  + /*  1030 */    70,   48,   48,   66,   66,  373,  518,  121,  121,  114,
       147780  + /*  1040 */   115,  105, 1106, 1106,  957,  960,  950,  950,  112,  112,
       147781  + /*  1050 */   113,  113,  113,  113,  518,  418,  518,   67,   67,  114,
       147782  + /*  1060 */   115,  105, 1106, 1106,  957,  960,  950,  950,  112,  112,
       147783  + /*  1070 */   113,  113,  113,  113,  312,  122,  122,  123,  123, 1293,
       147784  + /*  1080 */   518,  357, 1126,   88,  518,  435,  325,  387,  111,  111,
       147785  + /*  1090 */   111,  111,  110,  110,  109,  109,  109,  108,  404,  266,
       147786  + /*  1100 */   518,  119,  119,  518, 1293,  141,  141,  518,  111,  111,
       147787  + /*  1110 */   111,  111,  110,  110,  109,  109,  109,  108,  404,  518,
       147788  + /*  1120 */   801,  140,  140,  518,  127,  127,  511,  379,  126,  126,
       147789  + /*  1130 */   518,  137,  518, 1308,  518,  307,  518,  310,  518,  203,
       147790  + /*  1140 */   124,  124, 1307,   96,  125,  125,  207,  388, 1441,  468,
       147791  + /*  1150 */  1127,   69,   69,   71,   71,   68,   68,   38,   38,   42,
       147792  + /*  1160 */    42,  357, 1042,  373, 1293,  276,  509,  801,  185,  469,
       147793  + /*  1170 */   494,  436,  444,    6,  380,  156,  253,  197,  469,  134,
       147794  + /*  1180 */   426,   33, 1038,  373, 1121,  359, 1411,  114,  115,  105,
       147795  + /*  1190 */  1106, 1106,  957,  960,  950,  950,  112,  112,  113,  113,
       147796  + /*  1200 */   113,  113,  914,  296,   27,  293,   90,  114,  103,  105,
       147797  + /*  1210 */  1106, 1106,  957,  960,  950,  950,  112,  112,  113,  113,
       147798  + /*  1220 */   113,  113,  919,  275,  430,  232,  891,  232,  432,  256,
       147799  + /*  1230 */  1127,  232,  398,  370,  892,   28,  111,  111,  111,  111,
       147800  + /*  1240 */   110,  110,  109,  109,  109,  108,  404,  301,  454, 1385,
       147801  + /*  1250 */    90,  228,  209,  987,  811,  810,  111,  111,  111,  111,
       147802  + /*  1260 */   110,  110,  109,  109,  109,  108,  404,  315,  818,  819,
       147803  + /*  1270 */    90,  323,  983,  931,  885,  228,  373,  232,  999,  849,
       147804  + /*  1280 */   999,  322,  102,  998, 1384,  998,  785,  850,  440,  132,
       147805  + /*  1290 */   102,  302, 1243,  306,  309,  311,  373,  313, 1194, 1180,
       147806  + /*  1300 */   987,  115,  105, 1106, 1106,  957,  960,  950,  950,  112,
       147807  + /*  1310 */   112,  113,  113,  113,  113, 1178, 1179,  318,  327,  328,
       147808  + /*  1320 */   931, 1255,  105, 1106, 1106,  957,  960,  950,  950,  112,
       147809  + /*  1330 */   112,  113,  113,  113,  113, 1292, 1230, 1457,  273, 1241,
       147810  + /*  1340 */   504,  505, 1298,  100,  510,  246,    4, 1161, 1154,  111,
       147811  + /*  1350 */   111,  111,  111,  110,  110,  109,  109,  109,  108,  404,
       147812  + /*  1360 */   513, 1143,  187, 1142,  202, 1144, 1451,  356, 1227,  111,
       147813  + /*  1370 */   111,  111,  111,  110,  110,  109,  109,  109,  108,  404,
       147814  + /*  1380 */    11, 1277,  330,  405,  332,  334,  191, 1285,  364,  195,
       147815  + /*  1390 */   295,  417,  288,  100,  510,  507,    4,  434,  459,  321,
       147816  + /*  1400 */  1177,  349, 1357, 1356,  336,  155,  190, 1454, 1121,  158,
       147817  + /*  1410 */   513,  508,  235, 1404,  937, 1402, 1118,  381,   77,  428,
       147818  + /*  1420 */    98,   98,    8, 1282,  168,   30,  152,   99,  160,  405,
       147819  + /*  1430 */   520,  519,   88,  405,  927, 1362, 1274,  420,  163,   73,
       147820  + /*  1440 */   164,   76,  165,  166,  421,  507,  452,  212,  361,  363,
       147821  + /*  1450 */   427,  276,  509,   31, 1288,  172,  491,  441,  216, 1351,
       147822  + /*  1460 */    82,  490,  447, 1373,  937,  927,  927,  929,  930,   24,
       147823  + /*  1470 */    98,   98,  304,  247,  218,  177,  308,   99,  219,  405,
       147824  + /*  1480 */   520,  519,  450, 1145,  927,  220,  366, 1197,  100,  510,
       147825  + /*  1490 */   465,    4, 1188, 1196, 1195,  394,  803, 1169, 1187,  367,
       147826  + /*  1500 */  1168,  396,  484,  320, 1167,  513, 1466,   87,  475,  100,
       147827  + /*  1510 */   510,  271,    4,  272,  478,  927,  927,  929,  930,   24,
       147828  + /*  1520 */  1443, 1074,  407, 1238, 1239,  258,  513,  329,  405,  331,
       147829  + /*  1530 */   355,  355,  354,  243,  352,  234,  489,  774,  498,  184,
       147830  + /*  1540 */   507,  338, 1422,  339,  117, 1220,   10,  341,  333,  405,
       147831  + /*  1550 */   204,  491,  282, 1219, 1237, 1236,  492,  335,  343,  937,
       147832  + /*  1560 */   281,  507,   94, 1337,  186,   98,   98,  347,   89,  487,
       147833  + /*  1570 */   348,  241,   99,   29,  405,  520,  519,  274, 1151,  927,
       147834  + /*  1580 */   937,  521, 1080,  245,  242,  244,   98,   98,  856,  522,
       147835  + /*  1590 */   206, 1140, 1135,   99,  144,  405,  520,  519,  147,  375,
       147836  + /*  1600 */   927,  149,  376,  157, 1389, 1390, 1388, 1387,  205,  145,
       147837  + /*  1610 */   927,  927,  929,  930,   24,  146,  130,  761, 1165, 1164,
       147838  + /*  1620 */    72,  100,  510, 1162,    4,  269,  406,  188,  278,  201,
       147839  + /*  1630 */   259,  927,  927,  929,  930,   24,  128,  911,  513,  997,
       147840  + /*  1640 */   995,  159,  374,  208,  148,  161,  835,  276,  509,  211,
       147841  + /*  1650 */   294, 1011,  915,  167,  150,  383,  169,   78,  385,   79,
       147842  + /*  1660 */    80,  405,   81,  151, 1014,  213,  214, 1010,  139,   18,
       147843  + /*  1670 */   412,  215,  303,  507,  232, 1115, 1003,  446,  173,  217,
       147844  + /*  1680 */   174,   32,  776,  451,  491,  322,  221,  175,  814,  490,
       147845  + /*  1690 */    83,  455,  937,   19,  460,  316,   20,   84,   98,   98,
       147846  + /*  1700 */   270,  182,   85,  467,  153,   99,  154,  405,  520,  519,
       147847  + /*  1710 */  1074,  407,  927,  183,  258,  963, 1046,   86,   34,  355,
       147848  + /*  1720 */   355,  354,  243,  352,  474, 1047,  774,   35,  477,  196,
       147849  + /*  1730 */   250,  100,  510,  252,    4,  884,  178,  231, 1060,  204,
       147850  + /*  1740 */    21,  282,  102,  927,  927,  929,  930,   24,  513,  281,
       147851  + /*  1750 */   879,   22, 1064, 1062, 1051,    7,  340,   23,  978,  179,
       147852  + /*  1760 */    90,   92,  510,  964,    4,  236,  962,  966, 1020, 1019,
       147853  + /*  1770 */   237,  405,  967,   25,   36,  514,  932,  786,  513,  206,
       147854  + /*  1780 */   101,   26,  845,  507,  238,  239, 1459,  147,  350, 1458,
       147855  + /*  1790 */   149,  353, 1075, 1131, 1131, 1131, 1131,  205, 1131, 1131,
       147856  + /*  1800 */  1131,  405,  937, 1131, 1131, 1131, 1131, 1131,   98,   98,
       147857  + /*  1810 */  1131, 1131, 1131,  507, 1131,   99, 1131,  405,  520,  519,
       147858  + /*  1820 */  1131, 1131,  927, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147859  + /*  1830 */  1131,  374,  937, 1131, 1131, 1131,  276,  509,   98,   98,
       147860  + /*  1840 */  1131, 1131, 1131, 1131, 1131,   99, 1131,  405,  520,  519,
       147861  + /*  1850 */  1131, 1131,  927,  927,  927,  929,  930,   24, 1131,  412,
       147862  + /*  1860 */  1131, 1131, 1131,  258, 1131, 1131, 1131, 1131,  355,  355,
       147863  + /*  1870 */   354,  243,  352, 1131, 1131,  774, 1131, 1131, 1131, 1131,
       147864  + /*  1880 */  1131, 1131, 1131,  927,  927,  929,  930,   24,  204, 1131,
       147865  + /*  1890 */   282, 1131, 1131, 1131, 1131, 1131, 1131, 1131,  281, 1131,
       147866  + /*  1900 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147867  + /*  1910 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147868  + /*  1920 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,  206, 1131,
       147869  + /*  1930 */  1131, 1131, 1131, 1131, 1131, 1131,  147, 1131, 1131,  149,
       147870  + /*  1940 */  1131, 1131, 1131, 1131, 1131, 1131,  205, 1131, 1131, 1131,
       147871  + /*  1950 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147872  + /*  1960 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147873  + /*  1970 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147874  + /*  1980 */   374, 1131, 1131, 1131, 1131,  276,  509, 1131, 1131, 1131,
       147875  + /*  1990 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147876  + /*  2000 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,  412,
147368 147877   };
147369 147878   static const YYCODETYPE yy_lookahead[] = {
147370         - /*     0 */   184,  238,  239,  240,  238,  239,  240,  163,  155,  156,
147371         - /*    10 */   157,  158,  159,  160,  163,  191,  192,  183,  165,   19,
147372         - /*    20 */   167,  258,  202,  203,  200,  191,  163,  174,  184,  185,
147373         - /*    30 */   174,   31,  163,  163,  171,  184,  185,   35,  175,   39,
147374         - /*    40 */   179,  180,  181,   43,   44,   45,   46,   47,   48,   49,
147375         - /*    50 */    50,   51,   52,   53,   54,   55,   56,   57,  184,  206,
147376         - /*    60 */   207,  163,  206,  207,  220,  163,   16,  163,   66,  163,
147377         - /*    70 */    59,  270,  219,  229,  273,  219,   74,  208,  174,  223,
147378         - /*    80 */   224,  163,  184,  185,  163,  232,  184,  185,  184,  185,
147379         - /*    90 */   184,  185,   92,   93,   94,   95,   96,   97,   98,   99,
147380         - /*   100 */   100,  101,  102,  233,  198,  184,  185,   96,   97,  163,
147381         - /*   110 */   206,  207,   19,  163,  261,  104,  105,  106,  107,  198,
147382         - /*   120 */   109,  119,  220,  219,  220,  274,  275,   77,  117,   79,
147383         - /*   130 */   187,  229,   19,  229,  184,  185,   43,   44,   45,   46,
       147879  + /*     0 */   168,  163,  184,  238,  239,  240,  163,  163,  155,  156,
       147880  + /*    10 */   157,  158,  159,  160,  163,  202,  203,  187,  165,   19,
       147881  + /*    20 */   167,  163,  184,  185,  259,  202,  203,  174,  184,  185,
       147882  + /*    30 */   174,   31,  238,  239,  240,  184,  185,   22,   23,   39,
       147883  + /*    40 */   216,   26,  218,   43,   44,   45,   46,   47,   48,   49,
       147884  + /*    50 */    50,   51,   52,   53,   54,   55,   56,   57,  174,  206,
       147885  + /*    60 */   207,  163,  206,  207,  220,  163,  163,  163,  238,  239,
       147886  + /*    70 */   240,   59,  219,  229,  231,  219,  183,  245,  174,  223,
       147887  + /*    80 */   224,  249,  184,  185,  191,  232,  184,  185,  184,  185,
       147888  + /*    90 */   206,  207,   92,   93,   94,   95,   96,   97,   98,   99,
       147889  + /*   100 */   100,  101,  102,  219,  102,   81,   91,  163,   96,   97,
       147890  + /*   110 */   206,  207,   19,  275,  276,  262,  104,  105,  106,  107,
       147891  + /*   120 */   163,  109,  220,  219,  220,  184,  275,  269,  277,  117,
       147892  + /*   130 */   187,  229,   19,  229,  101,  102,   43,   44,   45,   46,
147384 147893    /*   140 */    47,   48,   49,   50,   51,   52,   53,   54,   55,   56,
147385         - /*   150 */    57,  233,  141,  134,  143,  102,   43,   44,   45,   46,
       147894  + /*   150 */    57,  127,  128,  141,  184,  143,   43,   44,   45,   46,
147386 147895    /*   160 */    47,   48,   49,   50,   51,   52,   53,   54,   55,   56,
147387         - /*   170 */    57,  152,  274,  216,  276,  218,   83,  163,   85,  233,
147388         - /*   180 */    67,  238,  239,  240,   11,   92,   93,   94,   95,   96,
       147896  + /*   170 */    57,  268,  269,  275,  276,  197,   83,  233,   85,  163,
       147897  + /*   180 */    67,  238,  239,  240,  134,   92,   93,   94,   95,   96,
147389 147898    /*   190 */    97,   98,   99,  100,  101,  102,   19,   54,   55,   56,
147390         - /*   200 */    57,   58,  163,   26,  163,   92,   93,   94,   95,   96,
       147899  + /*   200 */    57,   58,  152,   26,  247,   92,   93,   94,   95,   96,
147391 147900    /*   210 */    97,   98,   99,  100,  101,  102,   54,   55,   56,   57,
147392 147901    /*   220 */    43,   44,   45,   46,   47,   48,   49,   50,   51,   52,
147393 147902    /*   230 */    53,   54,   55,   56,   57,   92,   93,   94,   95,   96,
147394 147903    /*   240 */    97,   98,   99,  100,  101,  102,   69,   96,   97,   98,
147395 147904    /*   250 */    99,  100,  101,  102,   92,   93,   94,   95,   96,   97,
147396         - /*   260 */    98,   99,  100,  101,  102,   81,  179,  180,  181,   92,
       147905  + /*   260 */    98,   99,  100,  101,  102,   73,  179,  180,  181,   92,
147397 147906    /*   270 */    93,   94,   95,   96,   97,   98,   99,  100,  101,  102,
147398         - /*   280 */   163,  267,  268,  163,   22,   23,   59,  163,   26,   19,
147399         - /*   290 */   117,  118,  175,  109,   24,   59,   92,   93,   94,   95,
147400         - /*   300 */    96,   97,   98,   99,  100,  101,  102,  268,  184,  185,
147401         - /*   310 */   269,  127,  128,   43,   44,   45,   46,   47,   48,   49,
       147907  + /*   280 */   163,  191,  192,  163,   98,   99,  100,  101,  102,   19,
       147908  + /*   290 */   200,  179,  180,  181,   24,  175,   92,   93,   94,   95,
       147909  + /*   300 */    96,   97,   98,   99,  100,  101,  102,  163,  116,  117,
       147910  + /*   310 */   118,   22,  163,   43,   44,   45,   46,   47,   48,   49,
147402 147911    /*   320 */    50,   51,   52,   53,   54,   55,   56,   57,  157,  158,
147403         - /*   330 */   159,  160,  105,  106,  107,  163,  165,   59,  167,  184,
147404         - /*   340 */    90,  105,  106,  107,  108,  174,   73,  111,  112,  113,
147405         - /*   350 */    19,   22,  163,   91,   81,  163,  106,  121,   81,  132,
147406         - /*   360 */   110,   16,   92,   93,   94,   95,   96,   97,   98,   99,
147407         - /*   370 */   100,  101,  102,  184,  185,  255,   98,  206,  207,   26,
147408         - /*   380 */   101,  102,   19,  105,  106,  107,   23,  198,   59,  116,
147409         - /*   390 */   219,  141,  142,  143,   24,  163,  187,  205,  274,  275,
147410         - /*   400 */   127,  128,  182,  232,  127,  128,   43,   44,   45,   46,
       147912  + /*   330 */   159,  160,  163,  184,  185,  163,  165,   59,  167,   46,
       147913  + /*   340 */    90,   76,   11,  174,   73,  174,   19,  198,   59,   19,
       147914  + /*   350 */    72,   86,   81,  184,  185,  234,  106,   96,   97,  163,
       147915  + /*   360 */   110,  182,   92,   93,   94,   95,   96,   97,   98,   99,
       147916  + /*   370 */   100,  101,  102,   46,  230,  206,  207,  206,  207,  163,
       147917  + /*   380 */   184,  185,   19,  105,  106,  107,   23,  116,  219,  220,
       147918  + /*   390 */   219,  141,  142,  143,  105,  106,  107,  104,  127,  128,
       147919  + /*   400 */   184,  185,  141,  232,  143,   59,   43,   44,   45,   46,
147411 147920    /*   410 */    47,   48,   49,   50,   51,   52,   53,   54,   55,   56,
147412         - /*   420 */    57,  158,   77,  160,   79,   59,   26,  182,  165,   59,
147413         - /*   430 */   167,  199,  261,  102,  105,  106,  107,  174,   72,  108,
147414         - /*   440 */   109,  110,  111,  112,  113,  114,   59,  238,  239,  240,
147415         - /*   450 */   123,  120,  125,  126,  163,   92,   93,   94,   95,   96,
147416         - /*   460 */    97,   98,   99,  100,  101,  102,  163,  163,  163,  206,
147417         - /*   470 */   207,  105,  106,  107,  254,   19,  106,   90,  197,   23,
147418         - /*   480 */   127,  128,  219,  238,  239,  240,   22,  184,  185,  184,
147419         - /*   490 */   185,   22,  105,  106,  149,  232,  205,  110,  163,   43,
       147921  + /*   420 */    57,  158,  108,  160,   59,  111,  112,  113,  165,  250,
       147922  + /*   430 */   167,  104,  102,  262,  255,  121,  220,  174,  108,  109,
       147923  + /*   440 */   110,  111,  112,  113,  114,  229,  182,  120,  117,  118,
       147924  + /*   450 */   120,  105,  106,  107,  163,   92,   93,   94,   95,   96,
       147925  + /*   460 */    97,   98,   99,  100,  101,  102,  163,   22,   59,  206,
       147926  + /*   470 */   207,  106,  163,   26,  171,   19,  163,  193,  175,   23,
       147927  + /*   480 */   163,   22,  219,  206,  207,  139,  163,   22,   59,  182,
       147928  + /*   490 */   117,  118,   59,  184,  185,  232,  219,  184,  185,   43,
147420 147929    /*   500 */    44,   45,   46,   47,   48,   49,   50,   51,   52,   53,
147421         - /*   510 */    54,   55,   56,   57,   98,   99,  100,  101,  102,  184,
147422         - /*   520 */   185,  163,   53,   59,  261,  220,  117,  118,  141,  142,
147423         - /*   530 */   143,  131,  174,   59,  229,  116,  117,  118,  163,   59,
147424         - /*   540 */   163,  163,  184,  185,   59,  242,   72,   22,   92,   93,
147425         - /*   550 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  184,
147426         - /*   560 */   185,   24,  184,  185,  206,  207,  202,  203,   19,  105,
147427         - /*   570 */   106,  107,   23,  198,   22,  174,  198,  219,  220,  105,
147428         - /*   580 */   106,  107,   96,   97,   59,  105,  106,  107,   22,  174,
147429         - /*   590 */    59,  106,   43,   44,   45,   46,   47,   48,   49,   50,
147430         - /*   600 */    51,   52,   53,   54,   55,   56,   57,  206,  207,   12,
147431         - /*   610 */   108,   59,  132,  111,  112,  113,   46,   47,   48,   49,
147432         - /*   620 */   219,  206,  207,  121,   27,   59,  163,  141,  207,  143,
147433         - /*   630 */   105,  106,  107,  163,  219,  234,  105,  106,  107,   42,
147434         - /*   640 */   219,   92,   93,   94,   95,   96,   97,   98,   99,  100,
147435         - /*   650 */   101,  102,   76,  163,  184,  185,  163,  105,  106,  107,
147436         - /*   660 */    63,   19,   86,  163,  163,   23,  163,  130,  205,   21,
147437         - /*   670 */    73,  105,  106,  107,  184,  185,  163,  184,  185,  237,
147438         - /*   680 */   110,  180,  181,  180,  181,   43,   44,   45,   46,   47,
       147930  + /*   510 */    54,   55,   56,   57,  105,  106,  107,  108,   59,  255,
       147931  + /*   520 */   111,  112,  113,   90,   59,  262,   22,   98,  174,   12,
       147932  + /*   530 */   121,  208,  163,  220,  105,  106,  107,  163,  105,  106,
       147933  + /*   540 */    22,   96,   97,  110,   27,  238,  239,  240,   92,   93,
       147934  + /*   550 */    94,   95,   96,   97,   98,   99,  100,  101,  102,   42,
       147935  + /*   560 */   206,  207,  115,   59,  105,  106,  107,  163,   19,   59,
       147936  + /*   570 */   163,  106,   23,  219,  141,  142,  143,   59,  163,  205,
       147937  + /*   580 */    63,   59,   72,   22,  124,   59,  163,  270,  234,  129,
       147938  + /*   590 */    73,  163,   43,   44,   45,   46,   47,   48,   49,   50,
       147939  + /*   600 */    51,   52,   53,   54,   55,   56,   57,  184,  185,  105,
       147940  + /*   610 */   106,  107,  184,  185,  163,  105,  106,  107,  265,  266,
       147941  + /*   620 */    59,  198,  225,  105,  106,  107,  198,  105,  106,  107,
       147942  + /*   630 */   163,  105,  106,  107,  163,  184,  185,   46,   47,   48,
       147943  + /*   640 */    49,   92,   93,   94,   95,   96,   97,   98,   99,  100,
       147944  + /*   650 */   101,  102,  163,  163,  132,  184,  185,  163,  132,  163,
       147945  + /*   660 */   256,   19,  163,  163,  163,   23,  105,  106,  107,  198,
       147946  + /*   670 */   163,  220,  205,  184,  185,  163,   35,   81,  184,  185,
       147947  + /*   680 */   184,  185,  163,  184,  185,   43,   44,   45,   46,   47,
147439 147948    /*   690 */    48,   49,   50,   51,   52,   53,   54,   55,   56,   57,
147440         - /*   700 */   174,  163,  163,   22,   23,  163,  163,   26,   22,   23,
147441         - /*   710 */   220,   29,   73,  220,  272,   33,   22,  163,   24,   19,
147442         - /*   720 */   174,  208,  259,  184,  185,   19,  184,  185,   80,  175,
147443         - /*   730 */   230,  174,  206,  207,   92,   93,   94,   95,   96,   97,
147444         - /*   740 */    98,   99,  100,  101,  102,  219,   46,   65,  247,  195,
147445         - /*   750 */   247,  197,  206,  207,   19,  116,  117,  118,   23,  220,
147446         - /*   760 */   112,  174,  220,  206,  207,  219,   22,  174,   24,  174,
147447         - /*   770 */    22,   23,   91,  264,  265,  168,  219,   91,   43,   44,
       147949  + /*   700 */   163,  110,  163,  184,  185,  109,  205,   66,  163,   59,
       147950  + /*   710 */   163,   21,  205,   16,  174,   74,  220,  198,  163,  220,
       147951  + /*   720 */   230,  184,  185,  127,  128,  180,  181,  180,  181,  163,
       147952  + /*   730 */   175,  242,  174,  233,   92,   93,   94,   95,   96,   97,
       147953  + /*   740 */    98,   99,  100,  101,  102,  233,  206,  207,   26,  163,
       147954  + /*   750 */   195,  207,  197,   26,   19,  105,  106,  107,   23,  219,
       147955  + /*   760 */   119,  260,   26,  219,  206,  207,  174,   19,  174,  230,
       147956  + /*   770 */    80,  174,  163,  174,   77,  163,   79,  219,   43,   44,
147448 147957    /*   780 */    45,   46,   47,   48,   49,   50,   51,   52,   53,   54,
147449         - /*   790 */    55,   56,   57,  206,  207,   12,  163,  149,  255,  206,
147450         - /*   800 */   207,  206,  207,   59,  104,   23,  219,  163,   26,  163,
147451         - /*   810 */    27,  105,  219,  163,  219,  163,  211,  184,  185,  163,
147452         - /*   820 */   120,  163,  146,  163,  148,   42,  221,   92,   93,   94,
147453         - /*   830 */    95,   96,   97,   98,   99,  100,  101,  102,  163,   91,
147454         - /*   840 */   184,  185,  184,  185,  184,  185,   63,   19,  163,  205,
147455         - /*   850 */   106,   23,  245,  163,  208,  248,  116,  117,  118,  184,
147456         - /*   860 */   185,  163,  163,    7,    8,    9,  163,   19,   26,  184,
       147958  + /*   790 */    55,   56,   57,  248,   12,  248,  184,  185,  206,  207,
       147959  + /*   800 */   206,  207,  112,  206,  207,  206,  207,  206,  207,   27,
       147960  + /*   810 */   163,  219,  123,  219,  125,  126,  219,  208,  219,  163,
       147961  + /*   820 */   219,   22,   23,   23,   42,   26,   26,   92,   93,   94,
       147962  + /*   830 */    95,   96,   97,   98,   99,  100,  101,  102,  163,  149,
       147963  + /*   840 */   184,  185,  163,  107,  163,   63,  149,   19,  163,  127,
       147964  + /*   850 */   128,   23,   22,  105,   24,  116,  117,  118,  131,  184,
       147965  + /*   860 */   185,  163,  163,  184,  185,  184,  185,   19,  132,  184,
147457 147966    /*   870 */   185,   43,   44,   45,   46,   47,   48,   49,   50,   51,
147458         - /*   880 */    52,   53,   54,   55,   56,   57,  163,  184,  185,  107,
147459         - /*   890 */   163,   43,   44,   45,   46,   47,   48,   49,   50,   51,
147460         - /*   900 */    52,   53,   54,   55,   56,   57,  208,  255,  177,  178,
147461         - /*   910 */   163,  184,  185,  163,  132,  163,  141,  163,  143,   22,
       147967  + /*   880 */    52,   53,   54,   55,   56,   57,  146,  163,  148,   59,
       147968  + /*   890 */    91,   43,   44,   45,   46,   47,   48,   49,   50,   51,
       147969  + /*   900 */    52,   53,   54,   55,   56,   57,  208,  107,  184,  185,
       147970  + /*   910 */     7,    8,    9,  116,  117,  118,  163,  163,  163,   24,
147462 147971    /*   920 */    92,   93,   94,   95,   96,   97,   98,   99,  100,  101,
147463         - /*   930 */   102,  184,  185,  163,  184,  185,  184,  185,  184,  185,
       147972  + /*   930 */   102,   29,  132,  163,  163,   33,  106,  184,  185,  163,
147464 147973    /*   940 */    92,   93,   94,   95,   96,   97,   98,   99,  100,  101,
147465         - /*   950 */   102,  163,  163,  163,  184,  185,  163,  115,  163,  163,
147466         - /*   960 */   163,  163,   15,  163,  163,  163,  163,  163,   23,  163,
147467         - /*   970 */   163,   26,  184,  185,  184,  185,  163,  184,  185,  184,
147468         - /*   980 */   185,  184,  185,  163,  184,  185,  184,  185,  184,  185,
147469         - /*   990 */   184,  185,  163,   96,   97,  147,  163,  184,  185,  163,
147470         - /*  1000 */   199,  163,  163,  205,  184,  185,  163,   60,  163,  141,
147471         - /*  1010 */   163,  143,  163,  184,  185,   19,  163,  184,  185,  230,
147472         - /*  1020 */   184,  185,  184,  185,  206,  207,  230,  184,  185,  184,
147473         - /*  1030 */   185,  184,  185,  184,  185,   19,  163,  219,  231,   43,
       147974  + /*   950 */   102,  163,  163,  163,   59,  184,  185,  163,   22,  163,
       147975  + /*   960 */   184,  185,  177,  178,  163,  163,  163,   65,  163,  199,
       147976  + /*   970 */   163,   26,  184,  185,  184,  185,  163,  163,  184,  185,
       147977  + /*   980 */   184,  185,  163,   98,  163,  184,  185,  184,  185,  184,
       147978  + /*   990 */   185,  184,  185,  252,  205,  147,  163,   61,  184,  185,
       147979  + /*  1000 */   163,  106,  163,  184,  185,  163,  163,  205,  163,  124,
       147980  + /*  1010 */   163,  256,  163,  163,  129,   19,  163,  184,  185,  163,
       147981  + /*  1020 */   199,  184,  185,  184,  185,   23,  184,  185,   26,  184,
       147982  + /*  1030 */   185,  184,  185,  184,  185,   19,  163,  184,  185,   43,
147474 147983    /*  1040 */    44,   45,   46,   47,   48,   49,   50,   51,   52,   53,
147475         - /*  1050 */    54,   55,   56,   57,  163,   26,  163,  184,  185,   43,
       147984  + /*  1050 */    54,   55,   56,   57,  163,  163,  163,  184,  185,   43,
147476 147985    /*  1060 */    44,   45,   46,   47,   48,   49,   50,   51,   52,   53,
147477         - /*  1070 */    54,   55,   56,   57,  163,  184,  185,  184,  185,  163,
147478         - /*  1080 */   182,  163,  163,  163,  163,  163,   22,  163,   92,   93,
147479         - /*  1090 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  163,
147480         - /*  1100 */   184,  185,  184,  185,  163,  184,  185,  163,   92,   93,
       147986  + /*  1070 */    54,   55,   56,   57,   16,  184,  185,  184,  185,  163,
       147987  + /*  1080 */   163,   22,   23,  138,  163,   19,  163,  231,   92,   93,
       147988  + /*  1090 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  256,
       147989  + /*  1100 */   163,  184,  185,  163,  163,  184,  185,  163,   92,   93,
147481 147990    /*  1110 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  163,
147482         - /*  1120 */   184,  185,   98,   59,  163,  184,  185,  205,  184,  185,
147483         - /*  1130 */    23,  206,  207,   26,  163,   26,  107,  153,  154,  237,
147484         - /*  1140 */   184,  185,  231,  147,  219,  184,  185,  249,  124,  127,
147485         - /*  1150 */   128,  231,  254,  129,  163,  231,  177,  178,  262,  263,
147486         - /*  1160 */   118,  132,   19,   19,   46,  223,  224,   31,   24,   23,
147487         - /*  1170 */   106,  124,   26,   22,  272,   39,  129,   23,  109,  110,
147488         - /*  1180 */    26,  163,  140,   19,   22,  234,   59,   43,   44,   45,
       147991  + /*  1120 */    59,  184,  185,  163,  184,  185,  177,  178,  184,  185,
       147992  + /*  1130 */   163,  208,  163,  237,  163,   77,  163,   79,  163,   15,
       147993  + /*  1140 */   184,  185,  237,  147,  184,  185,   24,  231,  153,  154,
       147994  + /*  1150 */    91,  184,  185,  184,  185,  184,  185,  184,  185,  184,
       147995  + /*  1160 */   185,   22,   23,   19,  163,  127,  128,  106,   24,  273,
       147996  + /*  1170 */   271,  105,  231,  274,  263,  264,  223,  224,  273,   22,
       147997  + /*  1180 */   118,   24,   23,   19,   60,   26,  163,   43,   44,   45,
147489 147998    /*  1190 */    46,   47,   48,   49,   50,   51,   52,   53,   54,   55,
147490         - /*  1200 */    56,   57,  231,    7,    8,  193,   59,   43,   44,   45,
       147999  + /*  1200 */    56,   57,  140,   23,   22,  163,   26,   43,   44,   45,
147491 148000    /*  1210 */    46,   47,   48,   49,   50,   51,   52,   53,   54,   55,
147492         - /*  1220 */    56,   57,  104,   61,   23,   23,   23,   26,   26,   26,
147493         - /*  1230 */   163,   23,   23,  106,   26,   26,   92,   93,   94,   95,
147494         - /*  1240 */    96,   97,   98,   99,  100,  101,  102,  138,  105,   23,
147495         - /*  1250 */    59,   23,   26,  106,   26,  163,   92,   93,   94,   95,
147496         - /*  1260 */    96,   97,   98,   99,  100,  101,  102,  110,   23,   23,
147497         - /*  1270 */    23,   26,   26,   26,  163,  163,   19,  120,  163,  163,
147498         - /*  1280 */   163,  130,  163,  163,  163,  163,  163,  163,  163,  193,
147499         - /*  1290 */   193,  163,  163,  163,  163,  225,   19,  106,  163,  222,
147500         - /*  1300 */   163,   44,   45,   46,   47,   48,   49,   50,   51,   52,
147501         - /*  1310 */    53,   54,   55,   56,   57,  163,  163,  203,  163,  163,
147502         - /*  1320 */   222,  163,   45,   46,   47,   48,   49,   50,   51,   52,
147503         - /*  1330 */    53,   54,   55,   56,   57,  163,  163,  163,  163,  163,
147504         - /*  1340 */   251,  250,  209,   19,   20,  182,   22,  161,  222,   92,
       148001  + /*  1220 */    56,   57,   23,  211,   23,   26,   31,   26,   23,   22,
       148002  + /*  1230 */    91,   26,  231,  221,   39,   53,   92,   93,   94,   95,
       148003  + /*  1240 */    96,   97,   98,   99,  100,  101,  102,   23,   23,  163,
       148004  + /*  1250 */    26,   26,  130,   59,  109,  110,   92,   93,   94,   95,
       148005  + /*  1260 */    96,   97,   98,   99,  100,  101,  102,   23,    7,    8,
       148006  + /*  1270 */    26,  110,   23,   59,   23,   26,   19,   26,  141,   23,
       148007  + /*  1280 */   143,  120,   26,  141,  163,  143,   23,   23,  163,   26,
       148008  + /*  1290 */    26,  163,  163,  163,  163,  163,   19,  163,  163,  193,
       148009  + /*  1300 */   106,   44,   45,   46,   47,   48,   49,   50,   51,   52,
       148010  + /*  1310 */    53,   54,   55,   56,   57,  163,  193,  163,  163,  163,
       148011  + /*  1320 */   106,  163,   45,   46,   47,   48,   49,   50,   51,   52,
       148012  + /*  1330 */    53,   54,   55,   56,   57,  163,  163,  130,  222,  163,
       148013  + /*  1340 */   163,  203,  163,   19,   20,  251,   22,  163,  163,   92,
147505 148014    /*  1350 */    93,   94,   95,   96,   97,   98,   99,  100,  101,  102,
147506         - /*  1360 */    36,  222,  222,  260,  226,  188,  256,  226,  187,   92,
       148015  + /*  1360 */    36,  163,  209,  163,  261,  163,  163,  161,  222,   92,
147507 148016    /*  1370 */    93,   94,   95,   96,   97,   98,   99,  100,  101,  102,
147508         - /*  1380 */   210,  213,  213,   59,  213,  196,  192,  187,  256,  244,
147509         - /*  1390 */   212,  187,  226,   19,   20,   71,   22,  210,  166,   60,
147510         - /*  1400 */   130,  170,  260,  170,   38,   81,  257,  257,  170,  104,
147511         - /*  1410 */    36,   22,   43,  201,   90,  236,  138,  235,  213,   18,
147512         - /*  1420 */    96,   97,   48,  204,  204,  204,  204,  103,  170,  105,
147513         - /*  1430 */   106,  107,   18,   59,  110,  169,  213,  213,  201,  170,
147514         - /*  1440 */   201,  169,  236,  213,  146,   71,  235,   62,  253,  252,
147515         - /*  1450 */   170,  127,  128,  169,   22,  170,   82,  189,  169,  104,
147516         - /*  1460 */   170,   87,  169,  189,   90,  141,  142,  143,  144,  145,
147517         - /*  1470 */    96,   97,  186,  186,  186,   64,  194,  103,  186,  105,
147518         - /*  1480 */   106,  107,  115,  189,  110,  188,  186,  186,   19,   20,
147519         - /*  1490 */   194,   22,  186,  189,  102,  246,  246,  189,  133,  228,
147520         - /*  1500 */   104,  228,  227,  227,  170,   36,  134,  228,  227,   19,
147521         - /*  1510 */    20,  228,   22,   84,  271,  141,  142,  143,  144,  145,
147522         - /*  1520 */     0,    1,    2,  216,   22,    5,   36,  137,   59,  227,
147523         - /*  1530 */    10,   11,   12,   13,   14,  217,  269,   17,  216,   22,
147524         - /*  1540 */    71,  170,  243,  146,  241,  217,  136,  215,  135,   59,
147525         - /*  1550 */    30,   82,   32,   25,  214,  213,   87,  173,   26,   90,
147526         - /*  1560 */    40,   71,   13,  172,  164,   96,   97,  164,    6,  162,
147527         - /*  1570 */   162,  162,  103,  263,  105,  106,  107,  266,  266,  110,
147528         - /*  1580 */    90,  176,  176,  190,  182,  190,   96,   97,   98,    4,
147529         - /*  1590 */    70,  176,    3,  103,  182,  105,  106,  107,   78,  182,
147530         - /*  1600 */   110,   81,  182,  182,  182,  182,  182,  151,   88,   22,
147531         - /*  1610 */   141,  142,  143,  144,  145,   15,   89,   16,   23,   23,
147532         - /*  1620 */   128,   19,   20,  139,   22,  119,  131,   24,   20,  133,
147533         - /*  1630 */    16,  141,  142,  143,  144,  145,    1,  140,   36,  131,
147534         - /*  1640 */   119,   61,  122,   37,  139,   53,   53,  127,  128,  119,
147535         - /*  1650 */    53,   53,  105,   34,  130,    1,    5,  104,   22,  149,
147536         - /*  1660 */    26,   59,   68,   75,   41,  130,   24,   68,  104,   20,
147537         - /*  1670 */   150,   19,  120,   71,  114,   22,   67,   22,   22,   67,
147538         - /*  1680 */    23,   22,   22,   67,   82,   37,   28,   23,  138,   87,
147539         - /*  1690 */    22,  153,   90,   23,   23,   26,   23,   22,   96,   97,
147540         - /*  1700 */    24,   23,   22,   24,  130,  103,   23,  105,  106,  107,
147541         - /*  1710 */     1,    2,  110,   23,    5,  105,   34,   22,  132,   10,
147542         - /*  1720 */    11,   12,   13,   14,   26,   34,   17,   34,   85,   83,
147543         - /*  1730 */    44,   19,   20,   23,   22,   24,   75,   34,   23,   30,
147544         - /*  1740 */    26,   32,   26,  141,  142,  143,  144,  145,   36,   40,
147545         - /*  1750 */    23,   23,   23,   23,   11,   23,   22,   26,   22,   22,
147546         - /*  1760 */    22,   19,   20,   23,   22,   26,   15,   23,   22,  124,
147547         - /*  1770 */   130,   59,   23,    1,  130,  277,  277,  130,   36,   70,
147548         - /*  1780 */   130,  277,  277,   71,  277,  277,  277,   78,  277,  277,
147549         - /*  1790 */    81,  277,  277,  277,  277,  277,  277,   88,  277,  277,
147550         - /*  1800 */   277,   59,   90,  277,  277,  277,  277,  277,   96,   97,
147551         - /*  1810 */   277,  277,  277,   71,  277,  103,  277,  105,  106,  107,
147552         - /*  1820 */   277,  277,  110,  277,  277,  277,  277,  277,  277,  277,
147553         - /*  1830 */   277,  122,   90,  277,  277,  277,  127,  128,   96,   97,
147554         - /*  1840 */   277,  277,  277,  277,  277,  103,  277,  105,  106,  107,
147555         - /*  1850 */   277,  277,  110,  141,  142,  143,  144,  145,  277,  150,
147556         - /*  1860 */   277,  277,  277,    5,  277,  277,  277,  277,   10,   11,
147557         - /*  1870 */    12,   13,   14,  277,  277,   17,  277,  277,  277,  277,
147558         - /*  1880 */   277,  277,  277,  141,  142,  143,  144,  145,   30,  277,
147559         - /*  1890 */    32,  277,  277,  277,  277,  277,  277,  277,   40,  277,
147560         - /*  1900 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147561         - /*  1910 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147562         - /*  1920 */   277,  277,  277,  277,  277,  277,  277,  277,   70,  277,
147563         - /*  1930 */   277,  277,  277,  277,  277,  277,   78,  277,  277,   81,
147564         - /*  1940 */   277,  277,  277,  277,  277,  277,   88,  277,  277,  277,
147565         - /*  1950 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147566         - /*  1960 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147567         - /*  1970 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147568         - /*  1980 */   122,  277,  277,  277,  277,  127,  128,  277,  277,  277,
147569         - /*  1990 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147570         - /*  2000 */   277,  277,  277,  277,  277,  277,  277,  277,  150,  277,
147571         - /*  2010 */   277,  277,  277,  277,  277,  277,  277,  277,  277,
147572         -};
147573         -#define YY_SHIFT_COUNT    (520)
       148017  + /*  1380 */   210,  213,  222,   59,  222,  222,  182,  213,  213,  196,
       148018  + /*  1390 */   257,  226,  226,   19,   20,   71,   22,  257,  188,  187,
       148019  + /*  1400 */   192,  212,  187,  187,  226,   81,  210,  166,   60,  261,
       148020  + /*  1410 */    36,  244,  130,  170,   90,  170,   38,  170,  139,  104,
       148021  + /*  1420 */    96,   97,   48,  236,   22,  235,   43,  103,  201,  105,
       148022  + /*  1430 */   106,  107,  138,   59,  110,  247,  213,   18,  204,  258,
       148023  + /*  1440 */   204,  258,  204,  204,  170,   71,   18,  169,  213,  236,
       148024  + /*  1450 */   213,  127,  128,  235,  201,  201,   82,  170,  169,  213,
       148025  + /*  1460 */   146,   87,   62,  254,   90,  141,  142,  143,  144,  145,
       148026  + /*  1470 */    96,   97,  253,  170,  169,   22,  170,  103,  169,  105,
       148027  + /*  1480 */   106,  107,  189,  170,  110,  169,  189,  186,   19,   20,
       148028  + /*  1490 */   104,   22,  194,  186,  186,   64,  115,  186,  194,  189,
       148029  + /*  1500 */   188,  102,  133,  186,  186,   36,  186,  104,  189,   19,
       148030  + /*  1510 */    20,  246,   22,  246,  189,  141,  142,  143,  144,  145,
       148031  + /*  1520 */     0,    1,    2,  228,  228,    5,   36,  227,   59,  227,
       148032  + /*  1530 */    10,   11,   12,   13,   14,  170,   84,   17,  134,  216,
       148033  + /*  1540 */    71,  272,  270,   22,  137,  217,   22,  216,  227,   59,
       148034  + /*  1550 */    30,   82,   32,  217,  228,  228,   87,  227,  170,   90,
       148035  + /*  1560 */    40,   71,  146,  241,  215,   96,   97,  214,  136,  135,
       148036  + /*  1570 */   213,   25,  103,   26,  105,  106,  107,  243,  173,  110,
       148037  + /*  1580 */    90,  172,   13,    6,  164,  164,   96,   97,   98,  162,
       148038  + /*  1590 */    70,  162,  162,  103,  176,  105,  106,  107,   78,  267,
       148039  + /*  1600 */   110,   81,  267,  264,  182,  182,  182,  182,   88,  176,
       148040  + /*  1610 */   141,  142,  143,  144,  145,  176,  190,    4,  182,  182,
       148041  + /*  1620 */   182,   19,   20,  182,   22,  190,    3,   22,  151,   15,
       148042  + /*  1630 */    89,  141,  142,  143,  144,  145,   16,  128,   36,   23,
       148043  + /*  1640 */    23,  139,  122,   24,  119,  131,   20,  127,  128,  133,
       148044  + /*  1650 */    16,    1,  140,  131,  119,   61,  139,   53,   37,   53,
       148045  + /*  1660 */    53,   59,   53,  119,  105,   34,  130,    1,    5,   22,
       148046  + /*  1670 */   150,  104,  149,   71,   26,   75,   68,   41,   68,  130,
       148047  + /*  1680 */   104,   24,   20,   19,   82,  120,  114,   22,   28,   87,
       148048  + /*  1690 */    22,   67,   90,   22,   67,   23,   22,   22,   96,   97,
       148049  + /*  1700 */    67,   23,  138,   22,   37,  103,  153,  105,  106,  107,
       148050  + /*  1710 */     1,    2,  110,   23,    5,   23,   23,   26,   22,   10,
       148051  + /*  1720 */    11,   12,   13,   14,   24,   23,   17,   22,   24,  130,
       148052  + /*  1730 */    23,   19,   20,   23,   22,  105,   22,   34,   85,   30,
       148053  + /*  1740 */    34,   32,   26,  141,  142,  143,  144,  145,   36,   40,
       148054  + /*  1750 */   132,   34,   75,   83,   23,   44,   24,   34,   23,   26,
       148055  + /*  1760 */    26,   19,   20,   23,   22,   26,   23,   23,   23,   23,
       148056  + /*  1770 */    22,   59,   11,   22,   22,   26,   23,   23,   36,   70,
       148057  + /*  1780 */    22,   22,  124,   71,  130,  130,  130,   78,   23,  130,
       148058  + /*  1790 */    81,   15,    1,  278,  278,  278,  278,   88,  278,  278,
       148059  + /*  1800 */   278,   59,   90,  278,  278,  278,  278,  278,   96,   97,
       148060  + /*  1810 */   278,  278,  278,   71,  278,  103,  278,  105,  106,  107,
       148061  + /*  1820 */   278,  278,  110,  278,  278,  278,  278,  278,  278,  278,
       148062  + /*  1830 */   278,  122,   90,  278,  278,  278,  127,  128,   96,   97,
       148063  + /*  1840 */   278,  278,  278,  278,  278,  103,  278,  105,  106,  107,
       148064  + /*  1850 */   278,  278,  110,  141,  142,  143,  144,  145,  278,  150,
       148065  + /*  1860 */   278,  278,  278,    5,  278,  278,  278,  278,   10,   11,
       148066  + /*  1870 */    12,   13,   14,  278,  278,   17,  278,  278,  278,  278,
       148067  + /*  1880 */   278,  278,  278,  141,  142,  143,  144,  145,   30,  278,
       148068  + /*  1890 */    32,  278,  278,  278,  278,  278,  278,  278,   40,  278,
       148069  + /*  1900 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148070  + /*  1910 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148071  + /*  1920 */   278,  278,  278,  278,  278,  278,  278,  278,   70,  278,
       148072  + /*  1930 */   278,  278,  278,  278,  278,  278,   78,  278,  278,   81,
       148073  + /*  1940 */   278,  278,  278,  278,  278,  278,   88,  278,  278,  278,
       148074  + /*  1950 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148075  + /*  1960 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148076  + /*  1970 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148077  + /*  1980 */   122,  278,  278,  278,  278,  127,  128,  278,  278,  278,
       148078  + /*  1990 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148079  + /*  2000 */   278,  278,  278,  278,  278,  278,  278,  278,  150,  278,
       148080  + /*  2010 */   278,  278,  278,  278,  278,  278,  278,  278,  278,
       148081  +};
       148082  +#define YY_SHIFT_COUNT    (523)
147574 148083   #define YY_SHIFT_MIN      (0)
147575 148084   #define YY_SHIFT_MAX      (1858)
147576 148085   static const unsigned short int yy_shift_ofst[] = {
147577         - /*     0 */  1709, 1520, 1858, 1324, 1324,  277, 1374, 1469, 1602, 1712,
147578         - /*    10 */  1712, 1712,  273,    0,    0,  113, 1016, 1712, 1712, 1712,
147579         - /*    20 */  1712, 1712, 1712, 1712, 1712, 1712, 1712,   11,   11,  236,
147580         - /*    30 */   184,  277,  277,  277,  277,  277,  277,   93,  177,  270,
       148086  + /*     0 */  1709, 1520, 1858, 1324, 1324,   24, 1374, 1469, 1602, 1712,
       148087  + /*    10 */  1712, 1712,  271,    0,    0,  113, 1016, 1712, 1712, 1712,
       148088  + /*    20 */  1712, 1712, 1712, 1712, 1712, 1712, 1712,   12,   12,  409,
       148089  + /*    30 */   596,   24,   24,   24,   24,   24,   24,   93,  177,  270,
147581 148090    /*    40 */   363,  456,  549,  642,  735,  828,  848,  996, 1144, 1016,
147582 148091    /*    50 */  1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016,
147583         - /*    60 */  1016, 1016, 1016, 1016, 1016, 1016, 1164, 1016, 1257, 1277,
147584         - /*    70 */  1277, 1490, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
       148092  + /*    60 */  1016, 1016, 1016, 1016, 1016, 1016, 1016, 1164, 1016, 1257,
       148093  + /*    70 */  1277, 1277, 1490, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
147585 148094    /*    80 */  1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
147586 148095    /*    90 */  1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
147587         - /*   100 */  1712, 1712, 1712, 1742, 1712, 1712, 1712, 1712, 1712, 1712,
147588         - /*   110 */  1712, 1712, 1712, 1712, 1712, 1712, 1712,  143,  162,  162,
147589         - /*   120 */   162,  162,  162,  204,  151,  416,  531,  648,  700,  531,
147590         - /*   130 */   486,  486,  531,  353,  353,  353,  353,  409,  279,   53,
147591         - /*   140 */  2009, 2009,  331,  331,  331,  329,  366,  329,  329,  597,
147592         - /*   150 */   597,  464,  474,  262,  681,  531,  531,  531,  531,  531,
147593         - /*   160 */   531,  531,  531,  531,  531,  531,  531,  531,  531,  531,
147594         - /*   170 */   531,  531,  531,  531,  531,  531,  531,  173,  485,  984,
147595         - /*   180 */   984,  576,  485,   19, 1022, 2009, 2009, 2009,  387,  250,
147596         - /*   190 */   250,  525,  502,  278,  552,  227,  480,  566,  531,  531,
147597         - /*   200 */   531,  531,  531,  531,  531,  531,  531,  531,  639,  531,
147598         - /*   210 */   531,  531,  531,  531,  531,  531,  531,  531,  531,  531,
147599         - /*   220 */   531,    2,    2,    2,  531,  531,  531,  531,  782,  531,
147600         - /*   230 */   531,  531,  744,  531,  531,  783,  531,  531,  531,  531,
147601         - /*   240 */   531,  531,  531,  531,  419,  682,  327,  370,  370,  370,
147602         - /*   250 */   370, 1029,  327,  327, 1024,  897,  856,  947, 1109,  706,
147603         - /*   260 */   706, 1143, 1109, 1109, 1143,  842,  945, 1118, 1136, 1136,
147604         - /*   270 */  1136,  706,  676,  400, 1047,  694, 1339, 1270, 1270, 1366,
147605         - /*   280 */  1366, 1270, 1305, 1389, 1369, 1278, 1401, 1401, 1401, 1401,
147606         - /*   290 */  1270, 1414, 1278, 1278, 1305, 1389, 1369, 1369, 1278, 1270,
147607         - /*   300 */  1414, 1298, 1385, 1270, 1414, 1432, 1270, 1414, 1270, 1414,
147608         - /*   310 */  1432, 1355, 1355, 1355, 1411, 1432, 1355, 1367, 1355, 1411,
147609         - /*   320 */  1355, 1355, 1432, 1392, 1392, 1432, 1365, 1396, 1365, 1396,
147610         - /*   330 */  1365, 1396, 1365, 1396, 1270, 1372, 1429, 1502, 1390, 1372,
147611         - /*   340 */  1517, 1270, 1397, 1390, 1410, 1413, 1278, 1528, 1532, 1549,
147612         - /*   350 */  1549, 1562, 1562, 1562, 2009, 2009, 2009, 2009, 2009, 2009,
       148096  + /*   100 */  1712, 1712, 1712, 1712, 1712, 1742, 1712, 1712, 1712, 1712,
       148097  + /*   110 */  1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,  143,
       148098  + /*   120 */   162,  162,  162,  162,  162,  204,  151,  186,  650,  690,
       148099  + /*   130 */   327,  650,  261,  261,  650,  722,  722,  722,  722,  373,
       148100  + /*   140 */    33,    2, 2009, 2009,  330,  330,  330,  346,  289,  278,
       148101  + /*   150 */   289,  289,  517,  517,  459,  510,   15,  799,  650,  650,
       148102  + /*   160 */   650,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148103  + /*   170 */   650,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148104  + /*   180 */   331,  365,  995,  995,  265,  365,   50, 1038, 2009, 2009,
       148105  + /*   190 */  2009,  433,  250,  250,  504,  314,  429,  518,  522,  526,
       148106  + /*   200 */   561,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148107  + /*   210 */   192,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148108  + /*   220 */   650,  650,  650,  641,  641,  641,  650,  650,  650,  650,
       148109  + /*   230 */   800,  650,  650,  650,  830,  650,  650,  782,  650,  650,
       148110  + /*   240 */   650,  650,  650,  650,  650,  650,  739,  902,  689,  895,
       148111  + /*   250 */   895,  895,  895,  736,  689,  689,  885,  445,  903, 1124,
       148112  + /*   260 */   945,  748,  748, 1066,  945,  945, 1066,  447, 1002,  293,
       148113  + /*   270 */  1195, 1195, 1195,  748,  740,  727,  460, 1157, 1348, 1282,
       148114  + /*   280 */  1282, 1378, 1378, 1282, 1279, 1315, 1402, 1383, 1294, 1419,
       148115  + /*   290 */  1419, 1419, 1419, 1282, 1428, 1294, 1294, 1315, 1402, 1383,
       148116  + /*   300 */  1383, 1294, 1282, 1428, 1314, 1400, 1282, 1428, 1453, 1282,
       148117  + /*   310 */  1428, 1282, 1428, 1453, 1386, 1386, 1386, 1431, 1453, 1386,
       148118  + /*   320 */  1381, 1386, 1431, 1386, 1386, 1453, 1399, 1399, 1453, 1369,
       148119  + /*   330 */  1403, 1369, 1403, 1369, 1403, 1369, 1403, 1282, 1404, 1452,
       148120  + /*   340 */  1521, 1407, 1404, 1524, 1282, 1416, 1407, 1432, 1434, 1294,
       148121  + /*   350 */  1546, 1547, 1569, 1569, 1577, 1577, 1577, 2009, 2009, 2009,
147613 148122    /*   360 */  2009, 2009, 2009, 2009, 2009, 2009, 2009, 2009, 2009, 2009,
147614         - /*   370 */   570,  345,  686,  748,   50,  740, 1064, 1107,  469,  537,
147615         - /*   380 */  1042, 1146, 1162, 1154, 1201, 1202, 1203, 1208, 1209, 1127,
147616         - /*   390 */  1069, 1196, 1157, 1147, 1226, 1228, 1245,  775,  868, 1246,
147617         - /*   400 */  1247, 1191, 1151, 1585, 1589, 1587, 1456, 1600, 1527, 1601,
147618         - /*   410 */  1595, 1596, 1492, 1484, 1506, 1603, 1495, 1608, 1496, 1614,
147619         - /*   420 */  1635, 1508, 1497, 1521, 1580, 1606, 1505, 1592, 1593, 1597,
147620         - /*   430 */  1598, 1530, 1547, 1619, 1524, 1654, 1651, 1636, 1553, 1510,
147621         - /*   440 */  1594, 1634, 1599, 1588, 1623, 1535, 1564, 1642, 1649, 1652,
147622         - /*   450 */  1552, 1560, 1653, 1609, 1655, 1656, 1657, 1659, 1612, 1658,
147623         - /*   460 */  1660, 1616, 1648, 1664, 1550, 1668, 1538, 1670, 1671, 1669,
147624         - /*   470 */  1673, 1675, 1676, 1678, 1680, 1679, 1574, 1683, 1690, 1610,
147625         - /*   480 */  1682, 1695, 1586, 1698, 1691, 1698, 1693, 1643, 1661, 1646,
147626         - /*   490 */  1686, 1710, 1711, 1714, 1716, 1703, 1715, 1698, 1727, 1728,
147627         - /*   500 */  1729, 1730, 1731, 1732, 1734, 1743, 1736, 1737, 1740, 1744,
147628         - /*   510 */  1738, 1746, 1739, 1645, 1640, 1644, 1647, 1650, 1749, 1751,
147629         - /*   520 */  1772,
147630         -};
147631         -#define YY_REDUCE_COUNT (369)
147632         -#define YY_REDUCE_MIN   (-237)
147633         -#define YY_REDUCE_MAX   (1424)
       148123  + /*   370 */  2009, 2009, 2009,  591,  697, 1059, 1139, 1058,  797,  465,
       148124  + /*   380 */  1159, 1182, 1122, 1062, 1180,  936, 1199, 1201, 1205, 1224,
       148125  + /*   390 */  1225, 1244, 1061, 1145, 1261, 1161, 1194, 1249, 1251, 1256,
       148126  + /*   400 */  1137, 1142, 1263, 1264, 1214, 1207, 1613, 1623, 1605, 1477,
       148127  + /*   410 */  1614, 1541, 1620, 1616, 1617, 1509, 1502, 1525, 1619, 1514,
       148128  + /*   420 */  1626, 1516, 1634, 1650, 1522, 1512, 1535, 1594, 1621, 1517,
       148129  + /*   430 */  1604, 1606, 1607, 1609, 1544, 1559, 1631, 1536, 1666, 1663,
       148130  + /*   440 */  1647, 1567, 1523, 1608, 1648, 1610, 1600, 1636, 1549, 1576,
       148131  + /*   450 */  1657, 1662, 1664, 1565, 1572, 1665, 1624, 1668, 1671, 1672,
       148132  + /*   460 */  1674, 1627, 1660, 1675, 1633, 1667, 1678, 1564, 1681, 1553,
       148133  + /*   470 */  1690, 1692, 1691, 1693, 1696, 1700, 1702, 1705, 1704, 1599,
       148134  + /*   480 */  1707, 1710, 1630, 1703, 1714, 1618, 1716, 1706, 1716, 1717,
       148135  + /*   490 */  1653, 1677, 1670, 1711, 1731, 1732, 1733, 1734, 1723, 1735,
       148136  + /*   500 */  1716, 1740, 1743, 1744, 1745, 1739, 1746, 1748, 1761, 1751,
       148137  + /*   510 */  1752, 1753, 1754, 1758, 1759, 1749, 1658, 1654, 1655, 1656,
       148138  + /*   520 */  1659, 1765, 1776, 1791,
       148139  +};
       148140  +#define YY_REDUCE_COUNT (372)
       148141  +#define YY_REDUCE_MIN   (-235)
       148142  +#define YY_REDUCE_MAX   (1441)
147634 148143   static const short yy_reduce_ofst[] = {
147635         - /*     0 */  -147,  171,  263,  -96,  358, -144, -149, -102,  124, -156,
147636         - /*    10 */   -98,  305,  401,  -57,  209, -237,  245,  -94,  -79,  189,
147637         - /*    20 */   375,  490,  493,  378,  303,  539,  542,  501,  503,  554,
147638         - /*    30 */   415,  526,  546,  557,  587,  593,  595, -234, -234, -234,
147639         - /*    40 */  -234, -234, -234, -234, -234, -234, -234, -234, -234, -234,
147640         - /*    50 */  -234, -234, -234, -234, -234, -234, -234, -234, -234, -234,
147641         - /*    60 */  -234, -234, -234, -234, -234, -234, -234, -234, -234, -234,
147642         - /*    70 */  -234,  -50,  335,  470,  633,  656,  658,  660,  675,  685,
147643         - /*    80 */   703,  727,  747,  750,  752,  754,  770,  788,  790,  793,
147644         - /*    90 */   795,  797,  800,  802,  804,  806,  813,  820,  829,  833,
147645         - /*   100 */   836,  838,  843,  845,  847,  849,  873,  891,  893,  916,
147646         - /*   110 */   918,  921,  936,  941,  944,  956,  961, -234, -234, -234,
147647         - /*   120 */  -234, -234, -234, -234, -234, -234,  463,  607, -176,   14,
147648         - /*   130 */  -139,   87, -137,  818,  925,  818,  925,  898, -234, -234,
147649         - /*   140 */  -234, -234, -166, -166, -166, -130, -131,  -82,  -54, -180,
147650         - /*   150 */   364,   41,  513,  509,  509,  117,  500,  789,  796,  646,
147651         - /*   160 */   192,  291,  644,  798,  120,  807,  543,  911,  920,  652,
147652         - /*   170 */   924,  922,  232,  698,  801,  971,   39,  220,  731,  442,
147653         - /*   180 */   902, -199,  979,  -43,  421,  896,  942,  605, -184, -126,
147654         - /*   190 */   155,  172,  281,  304,  377,  538,  650,  690,  699,  723,
147655         - /*   200 */   803,  839,  853,  919,  991, 1018, 1067, 1092,  951, 1111,
147656         - /*   210 */  1112, 1115, 1116, 1117, 1119, 1120, 1121, 1122, 1123, 1124,
147657         - /*   220 */  1125, 1012, 1096, 1097, 1128, 1129, 1130, 1131, 1070, 1135,
147658         - /*   230 */  1137, 1152, 1077, 1153, 1155, 1114, 1156,  304, 1158, 1172,
147659         - /*   240 */  1173, 1174, 1175, 1176, 1089, 1091, 1133, 1098, 1126, 1139,
147660         - /*   250 */  1140, 1070, 1133, 1133, 1170, 1163, 1186, 1103, 1168, 1138,
147661         - /*   260 */  1141, 1110, 1169, 1171, 1132, 1177, 1189, 1194, 1181, 1200,
147662         - /*   270 */  1204, 1166, 1145, 1178, 1187, 1232, 1142, 1231, 1233, 1149,
147663         - /*   280 */  1150, 1238, 1179, 1182, 1212, 1205, 1219, 1220, 1221, 1222,
147664         - /*   290 */  1258, 1266, 1223, 1224, 1206, 1211, 1237, 1239, 1230, 1269,
147665         - /*   300 */  1272, 1195, 1197, 1280, 1284, 1268, 1285, 1289, 1290, 1293,
147666         - /*   310 */  1274, 1286, 1287, 1288, 1282, 1294, 1292, 1297, 1300, 1296,
147667         - /*   320 */  1301, 1306, 1304, 1249, 1250, 1308, 1271, 1275, 1273, 1276,
147668         - /*   330 */  1279, 1281, 1283, 1302, 1334, 1307, 1243, 1267, 1318, 1322,
147669         - /*   340 */  1303, 1371, 1299, 1328, 1332, 1340, 1342, 1384, 1391, 1400,
147670         - /*   350 */  1403, 1407, 1408, 1409, 1311, 1312, 1310, 1405, 1402, 1412,
147671         - /*   360 */  1417, 1420, 1406, 1393, 1395, 1421, 1422, 1423, 1424, 1415,
       148144  + /*     0 */  -147,  171,  263,  -96,  169, -144, -162, -149, -102, -156,
       148145  + /*    10 */   -98,  216,  354, -170,  -57, -235,  307,  149,  423,  428,
       148146  + /*    20 */   471,  313,  451,  519,  489,  496,  499,  545,  547,  555,
       148147  + /*    30 */  -116,  540,  558,  592,  594,  597,  599, -206, -206, -206,
       148148  + /*    40 */  -206, -206, -206, -206, -206, -206, -206, -206, -206, -206,
       148149  + /*    50 */  -206, -206, -206, -206, -206, -206, -206, -206, -206, -206,
       148150  + /*    60 */  -206, -206, -206, -206, -206, -206, -206, -206, -206, -206,
       148151  + /*    70 */  -206, -206,  196,  309,  494,  537,  612,  656,  675,  679,
       148152  + /*    80 */   681,  685,  724,  753,  771,  776,  788,  790,  794,  796,
       148153  + /*    90 */   801,  803,  805,  807,  814,  819,  833,  837,  839,  842,
       148154  + /*   100 */   845,  847,  849,  853,  873,  891,  893,  917,  921,  937,
       148155  + /*   110 */   940,  944,  956,  960,  967,  969,  971,  973,  975, -206,
       148156  + /*   120 */  -206, -206, -206, -206, -206, -206, -206, -206,  501, -168,
       148157  + /*   130 */    90,  -97,   87,  112,  303,  277,  601,  277,  601,  179,
       148158  + /*   140 */  -206, -206, -206, -206, -107, -107, -107,  -43,  -56,  323,
       148159  + /*   150 */   500,  512, -187, -177,  317,  609,  353,  353,  120,  144,
       148160  + /*   160 */   490,  539,  698,  374,  467,  507,  789,  404, -157,  755,
       148161  + /*   170 */   856,  916,  843,  941,  802,  770,  923,  821, 1001, -142,
       148162  + /*   180 */   264,  785,  896,  905,  899,  949, -176,  544,  911,  953,
       148163  + /*   190 */  1012, -182,  -59,  -30,   16,  -22,  117,  172,  291,  369,
       148164  + /*   200 */   407,  415,  566,  586,  647,  699,  754,  813,  850,  892,
       148165  + /*   210 */   121, 1023, 1042, 1086, 1121, 1125, 1128, 1129, 1130, 1131,
       148166  + /*   220 */  1132, 1134, 1135,  284, 1106, 1123, 1152, 1154, 1155, 1156,
       148167  + /*   230 */   397, 1158, 1172, 1173, 1116, 1176, 1177, 1138, 1179,  117,
       148168  + /*   240 */  1184, 1185, 1198, 1200, 1202, 1203,  741, 1094, 1153, 1146,
       148169  + /*   250 */  1160, 1162, 1163,  397, 1153, 1153, 1170, 1204, 1206, 1103,
       148170  + /*   260 */  1168, 1165, 1166, 1133, 1174, 1175, 1140, 1210, 1193, 1208,
       148171  + /*   270 */  1212, 1215, 1216, 1178, 1167, 1189, 1196, 1241, 1148, 1243,
       148172  + /*   280 */  1245, 1181, 1183, 1247, 1188, 1187, 1190, 1227, 1223, 1234,
       148173  + /*   290 */  1236, 1238, 1239, 1274, 1278, 1235, 1237, 1213, 1218, 1253,
       148174  + /*   300 */  1254, 1246, 1287, 1289, 1209, 1219, 1303, 1305, 1293, 1306,
       148175  + /*   310 */  1309, 1313, 1316, 1297, 1301, 1307, 1308, 1298, 1310, 1311,
       148176  + /*   320 */  1312, 1317, 1304, 1318, 1320, 1319, 1265, 1267, 1325, 1295,
       148177  + /*   330 */  1300, 1296, 1302, 1326, 1321, 1327, 1330, 1365, 1323, 1269,
       148178  + /*   340 */  1272, 1328, 1331, 1322, 1388, 1334, 1336, 1349, 1353, 1357,
       148179  + /*   350