000001  /*
000002  ** 2003 September 6
000003  **
000004  ** The author disclaims copyright to this source code.  In place of
000005  ** a legal notice, here is a blessing:
000006  **
000007  **    May you do good and not evil.
000008  **    May you find forgiveness for yourself and forgive others.
000009  **    May you share freely, never taking more than you give.
000010  **
000011  *************************************************************************
000012  ** This file contains code used for creating, destroying, and populating
000013  ** a VDBE (or an "sqlite3_stmt" as it is known to the outside world.) 
000014  */
000015  #include "sqliteInt.h"
000016  #include "vdbeInt.h"
000017  
000018  /*
000019  ** Create a new virtual database engine.
000020  */
000021  Vdbe *sqlite3VdbeCreate(Parse *pParse){
000022    sqlite3 *db = pParse->db;
000023    Vdbe *p;
000024    p = sqlite3DbMallocRawNN(db, sizeof(Vdbe) );
000025    if( p==0 ) return 0;
000026    memset(&p->aOp, 0, sizeof(Vdbe)-offsetof(Vdbe,aOp));
000027    p->db = db;
000028    if( db->pVdbe ){
000029      db->pVdbe->pPrev = p;
000030    }
000031    p->pNext = db->pVdbe;
000032    p->pPrev = 0;
000033    db->pVdbe = p;
000034    p->magic = VDBE_MAGIC_INIT;
000035    p->pParse = pParse;
000036    pParse->pVdbe = p;
000037    assert( pParse->aLabel==0 );
000038    assert( pParse->nLabel==0 );
000039    assert( pParse->nOpAlloc==0 );
000040    assert( pParse->szOpAlloc==0 );
000041    sqlite3VdbeAddOp2(p, OP_Init, 0, 1);
000042    return p;
000043  }
000044  
000045  /*
000046  ** Change the error string stored in Vdbe.zErrMsg
000047  */
000048  void sqlite3VdbeError(Vdbe *p, const char *zFormat, ...){
000049    va_list ap;
000050    sqlite3DbFree(p->db, p->zErrMsg);
000051    va_start(ap, zFormat);
000052    p->zErrMsg = sqlite3VMPrintf(p->db, zFormat, ap);
000053    va_end(ap);
000054  }
000055  
000056  /*
000057  ** Remember the SQL string for a prepared statement.
000058  */
000059  void sqlite3VdbeSetSql(Vdbe *p, const char *z, int n, u8 prepFlags){
000060    if( p==0 ) return;
000061    p->prepFlags = prepFlags;
000062    if( (prepFlags & SQLITE_PREPARE_SAVESQL)==0 ){
000063      p->expmask = 0;
000064    }
000065    assert( p->zSql==0 );
000066    p->zSql = sqlite3DbStrNDup(p->db, z, n);
000067  }
000068  
000069  /*
000070  ** Swap all content between two VDBE structures.
000071  */
000072  void sqlite3VdbeSwap(Vdbe *pA, Vdbe *pB){
000073    Vdbe tmp, *pTmp;
000074    char *zTmp;
000075    assert( pA->db==pB->db );
000076    tmp = *pA;
000077    *pA = *pB;
000078    *pB = tmp;
000079    pTmp = pA->pNext;
000080    pA->pNext = pB->pNext;
000081    pB->pNext = pTmp;
000082    pTmp = pA->pPrev;
000083    pA->pPrev = pB->pPrev;
000084    pB->pPrev = pTmp;
000085    zTmp = pA->zSql;
000086    pA->zSql = pB->zSql;
000087    pB->zSql = zTmp;
000088    pB->expmask = pA->expmask;
000089    pB->prepFlags = pA->prepFlags;
000090    memcpy(pB->aCounter, pA->aCounter, sizeof(pB->aCounter));
000091    pB->aCounter[SQLITE_STMTSTATUS_REPREPARE]++;
000092  }
000093  
000094  /*
000095  ** Resize the Vdbe.aOp array so that it is at least nOp elements larger 
000096  ** than its current size. nOp is guaranteed to be less than or equal
000097  ** to 1024/sizeof(Op).
000098  **
000099  ** If an out-of-memory error occurs while resizing the array, return
000100  ** SQLITE_NOMEM. In this case Vdbe.aOp and Parse.nOpAlloc remain 
000101  ** unchanged (this is so that any opcodes already allocated can be 
000102  ** correctly deallocated along with the rest of the Vdbe).
000103  */
000104  static int growOpArray(Vdbe *v, int nOp){
000105    VdbeOp *pNew;
000106    Parse *p = v->pParse;
000107  
000108    /* The SQLITE_TEST_REALLOC_STRESS compile-time option is designed to force
000109    ** more frequent reallocs and hence provide more opportunities for 
000110    ** simulated OOM faults.  SQLITE_TEST_REALLOC_STRESS is generally used
000111    ** during testing only.  With SQLITE_TEST_REALLOC_STRESS grow the op array
000112    ** by the minimum* amount required until the size reaches 512.  Normal
000113    ** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
000114    ** size of the op array or add 1KB of space, whichever is smaller. */
000115  #ifdef SQLITE_TEST_REALLOC_STRESS
000116    int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
000117  #else
000118    int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
000119    UNUSED_PARAMETER(nOp);
000120  #endif
000121  
000122    /* Ensure that the size of a VDBE does not grow too large */
000123    if( nNew > p->db->aLimit[SQLITE_LIMIT_VDBE_OP] ){
000124      sqlite3OomFault(p->db);
000125      return SQLITE_NOMEM;
000126    }
000127  
000128    assert( nOp<=(1024/sizeof(Op)) );
000129    assert( nNew>=(p->nOpAlloc+nOp) );
000130    pNew = sqlite3DbRealloc(p->db, v->aOp, nNew*sizeof(Op));
000131    if( pNew ){
000132      p->szOpAlloc = sqlite3DbMallocSize(p->db, pNew);
000133      p->nOpAlloc = p->szOpAlloc/sizeof(Op);
000134      v->aOp = pNew;
000135    }
000136    return (pNew ? SQLITE_OK : SQLITE_NOMEM_BKPT);
000137  }
000138  
000139  #ifdef SQLITE_DEBUG
000140  /* This routine is just a convenient place to set a breakpoint that will
000141  ** fire after each opcode is inserted and displayed using
000142  ** "PRAGMA vdbe_addoptrace=on".
000143  */
000144  static void test_addop_breakpoint(void){
000145    static int n = 0;
000146    n++;
000147  }
000148  #endif
000149  
000150  /*
000151  ** Add a new instruction to the list of instructions current in the
000152  ** VDBE.  Return the address of the new instruction.
000153  **
000154  ** Parameters:
000155  **
000156  **    p               Pointer to the VDBE
000157  **
000158  **    op              The opcode for this instruction
000159  **
000160  **    p1, p2, p3      Operands
000161  **
000162  ** Use the sqlite3VdbeResolveLabel() function to fix an address and
000163  ** the sqlite3VdbeChangeP4() function to change the value of the P4
000164  ** operand.
000165  */
000166  static SQLITE_NOINLINE int growOp3(Vdbe *p, int op, int p1, int p2, int p3){
000167    assert( p->pParse->nOpAlloc<=p->nOp );
000168    if( growOpArray(p, 1) ) return 1;
000169    assert( p->pParse->nOpAlloc>p->nOp );
000170    return sqlite3VdbeAddOp3(p, op, p1, p2, p3);
000171  }
000172  int sqlite3VdbeAddOp3(Vdbe *p, int op, int p1, int p2, int p3){
000173    int i;
000174    VdbeOp *pOp;
000175  
000176    i = p->nOp;
000177    assert( p->magic==VDBE_MAGIC_INIT );
000178    assert( op>=0 && op<0xff );
000179    if( p->pParse->nOpAlloc<=i ){
000180      return growOp3(p, op, p1, p2, p3);
000181    }
000182    p->nOp++;
000183    pOp = &p->aOp[i];
000184    pOp->opcode = (u8)op;
000185    pOp->p5 = 0;
000186    pOp->p1 = p1;
000187    pOp->p2 = p2;
000188    pOp->p3 = p3;
000189    pOp->p4.p = 0;
000190    pOp->p4type = P4_NOTUSED;
000191  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
000192    pOp->zComment = 0;
000193  #endif
000194  #ifdef SQLITE_DEBUG
000195    if( p->db->flags & SQLITE_VdbeAddopTrace ){
000196      int jj, kk;
000197      Parse *pParse = p->pParse;
000198      for(jj=kk=0; jj<pParse->nColCache; jj++){
000199        struct yColCache *x = pParse->aColCache + jj;
000200        printf(" r[%d]={%d:%d}", x->iReg, x->iTable, x->iColumn);
000201        kk++;
000202      }
000203      if( kk ) printf("\n");
000204      sqlite3VdbePrintOp(0, i, &p->aOp[i]);
000205      test_addop_breakpoint();
000206    }
000207  #endif
000208  #ifdef VDBE_PROFILE
000209    pOp->cycles = 0;
000210    pOp->cnt = 0;
000211  #endif
000212  #ifdef SQLITE_VDBE_COVERAGE
000213    pOp->iSrcLine = 0;
000214  #endif
000215    return i;
000216  }
000217  int sqlite3VdbeAddOp0(Vdbe *p, int op){
000218    return sqlite3VdbeAddOp3(p, op, 0, 0, 0);
000219  }
000220  int sqlite3VdbeAddOp1(Vdbe *p, int op, int p1){
000221    return sqlite3VdbeAddOp3(p, op, p1, 0, 0);
000222  }
000223  int sqlite3VdbeAddOp2(Vdbe *p, int op, int p1, int p2){
000224    return sqlite3VdbeAddOp3(p, op, p1, p2, 0);
000225  }
000226  
000227  /* Generate code for an unconditional jump to instruction iDest
000228  */
000229  int sqlite3VdbeGoto(Vdbe *p, int iDest){
000230    return sqlite3VdbeAddOp3(p, OP_Goto, 0, iDest, 0);
000231  }
000232  
000233  /* Generate code to cause the string zStr to be loaded into
000234  ** register iDest
000235  */
000236  int sqlite3VdbeLoadString(Vdbe *p, int iDest, const char *zStr){
000237    return sqlite3VdbeAddOp4(p, OP_String8, 0, iDest, 0, zStr, 0);
000238  }
000239  
000240  /*
000241  ** Generate code that initializes multiple registers to string or integer
000242  ** constants.  The registers begin with iDest and increase consecutively.
000243  ** One register is initialized for each characgter in zTypes[].  For each
000244  ** "s" character in zTypes[], the register is a string if the argument is
000245  ** not NULL, or OP_Null if the value is a null pointer.  For each "i" character
000246  ** in zTypes[], the register is initialized to an integer.
000247  **
000248  ** If the input string does not end with "X" then an OP_ResultRow instruction
000249  ** is generated for the values inserted.
000250  */
000251  void sqlite3VdbeMultiLoad(Vdbe *p, int iDest, const char *zTypes, ...){
000252    va_list ap;
000253    int i;
000254    char c;
000255    va_start(ap, zTypes);
000256    for(i=0; (c = zTypes[i])!=0; i++){
000257      if( c=='s' ){
000258        const char *z = va_arg(ap, const char*);
000259        sqlite3VdbeAddOp4(p, z==0 ? OP_Null : OP_String8, 0, iDest+i, 0, z, 0);
000260      }else if( c=='i' ){
000261        sqlite3VdbeAddOp2(p, OP_Integer, va_arg(ap, int), iDest+i);
000262      }else{
000263        goto skip_op_resultrow;
000264      }
000265    }
000266    sqlite3VdbeAddOp2(p, OP_ResultRow, iDest, i);
000267  skip_op_resultrow:
000268    va_end(ap);
000269  }
000270  
000271  /*
000272  ** Add an opcode that includes the p4 value as a pointer.
000273  */
000274  int sqlite3VdbeAddOp4(
000275    Vdbe *p,            /* Add the opcode to this VM */
000276    int op,             /* The new opcode */
000277    int p1,             /* The P1 operand */
000278    int p2,             /* The P2 operand */
000279    int p3,             /* The P3 operand */
000280    const char *zP4,    /* The P4 operand */
000281    int p4type          /* P4 operand type */
000282  ){
000283    int addr = sqlite3VdbeAddOp3(p, op, p1, p2, p3);
000284    sqlite3VdbeChangeP4(p, addr, zP4, p4type);
000285    return addr;
000286  }
000287  
000288  /*
000289  ** Add an opcode that includes the p4 value with a P4_INT64 or
000290  ** P4_REAL type.
000291  */
000292  int sqlite3VdbeAddOp4Dup8(
000293    Vdbe *p,            /* Add the opcode to this VM */
000294    int op,             /* The new opcode */
000295    int p1,             /* The P1 operand */
000296    int p2,             /* The P2 operand */
000297    int p3,             /* The P3 operand */
000298    const u8 *zP4,      /* The P4 operand */
000299    int p4type          /* P4 operand type */
000300  ){
000301    char *p4copy = sqlite3DbMallocRawNN(sqlite3VdbeDb(p), 8);
000302    if( p4copy ) memcpy(p4copy, zP4, 8);
000303    return sqlite3VdbeAddOp4(p, op, p1, p2, p3, p4copy, p4type);
000304  }
000305  
000306  /*
000307  ** Add an OP_ParseSchema opcode.  This routine is broken out from
000308  ** sqlite3VdbeAddOp4() since it needs to also needs to mark all btrees
000309  ** as having been used.
000310  **
000311  ** The zWhere string must have been obtained from sqlite3_malloc().
000312  ** This routine will take ownership of the allocated memory.
000313  */
000314  void sqlite3VdbeAddParseSchemaOp(Vdbe *p, int iDb, char *zWhere){
000315    int j;
000316    sqlite3VdbeAddOp4(p, OP_ParseSchema, iDb, 0, 0, zWhere, P4_DYNAMIC);
000317    for(j=0; j<p->db->nDb; j++) sqlite3VdbeUsesBtree(p, j);
000318  }
000319  
000320  /*
000321  ** Add an opcode that includes the p4 value as an integer.
000322  */
000323  int sqlite3VdbeAddOp4Int(
000324    Vdbe *p,            /* Add the opcode to this VM */
000325    int op,             /* The new opcode */
000326    int p1,             /* The P1 operand */
000327    int p2,             /* The P2 operand */
000328    int p3,             /* The P3 operand */
000329    int p4              /* The P4 operand as an integer */
000330  ){
000331    int addr = sqlite3VdbeAddOp3(p, op, p1, p2, p3);
000332    if( p->db->mallocFailed==0 ){
000333      VdbeOp *pOp = &p->aOp[addr];
000334      pOp->p4type = P4_INT32;
000335      pOp->p4.i = p4;
000336    }
000337    return addr;
000338  }
000339  
000340  /* Insert the end of a co-routine
000341  */
000342  void sqlite3VdbeEndCoroutine(Vdbe *v, int regYield){
000343    sqlite3VdbeAddOp1(v, OP_EndCoroutine, regYield);
000344  
000345    /* Clear the temporary register cache, thereby ensuring that each
000346    ** co-routine has its own independent set of registers, because co-routines
000347    ** might expect their registers to be preserved across an OP_Yield, and
000348    ** that could cause problems if two or more co-routines are using the same
000349    ** temporary register.
000350    */
000351    v->pParse->nTempReg = 0;
000352    v->pParse->nRangeReg = 0;
000353  }
000354  
000355  /*
000356  ** Create a new symbolic label for an instruction that has yet to be
000357  ** coded.  The symbolic label is really just a negative number.  The
000358  ** label can be used as the P2 value of an operation.  Later, when
000359  ** the label is resolved to a specific address, the VDBE will scan
000360  ** through its operation list and change all values of P2 which match
000361  ** the label into the resolved address.
000362  **
000363  ** The VDBE knows that a P2 value is a label because labels are
000364  ** always negative and P2 values are suppose to be non-negative.
000365  ** Hence, a negative P2 value is a label that has yet to be resolved.
000366  **
000367  ** Zero is returned if a malloc() fails.
000368  */
000369  int sqlite3VdbeMakeLabel(Vdbe *v){
000370    Parse *p = v->pParse;
000371    int i = p->nLabel++;
000372    assert( v->magic==VDBE_MAGIC_INIT );
000373    if( (i & (i-1))==0 ){
000374      p->aLabel = sqlite3DbReallocOrFree(p->db, p->aLabel, 
000375                                         (i*2+1)*sizeof(p->aLabel[0]));
000376    }
000377    if( p->aLabel ){
000378      p->aLabel[i] = -1;
000379    }
000380    return ADDR(i);
000381  }
000382  
000383  /*
000384  ** Resolve label "x" to be the address of the next instruction to
000385  ** be inserted.  The parameter "x" must have been obtained from
000386  ** a prior call to sqlite3VdbeMakeLabel().
000387  */
000388  void sqlite3VdbeResolveLabel(Vdbe *v, int x){
000389    Parse *p = v->pParse;
000390    int j = ADDR(x);
000391    assert( v->magic==VDBE_MAGIC_INIT );
000392    assert( j<p->nLabel );
000393    assert( j>=0 );
000394    if( p->aLabel ){
000395      p->aLabel[j] = v->nOp;
000396    }
000397  }
000398  
000399  /*
000400  ** Mark the VDBE as one that can only be run one time.
000401  */
000402  void sqlite3VdbeRunOnlyOnce(Vdbe *p){
000403    p->runOnlyOnce = 1;
000404  }
000405  
000406  /*
000407  ** Mark the VDBE as one that can only be run multiple times.
000408  */
000409  void sqlite3VdbeReusable(Vdbe *p){
000410    p->runOnlyOnce = 0;
000411  }
000412  
000413  #ifdef SQLITE_DEBUG /* sqlite3AssertMayAbort() logic */
000414  
000415  /*
000416  ** The following type and function are used to iterate through all opcodes
000417  ** in a Vdbe main program and each of the sub-programs (triggers) it may 
000418  ** invoke directly or indirectly. It should be used as follows:
000419  **
000420  **   Op *pOp;
000421  **   VdbeOpIter sIter;
000422  **
000423  **   memset(&sIter, 0, sizeof(sIter));
000424  **   sIter.v = v;                            // v is of type Vdbe* 
000425  **   while( (pOp = opIterNext(&sIter)) ){
000426  **     // Do something with pOp
000427  **   }
000428  **   sqlite3DbFree(v->db, sIter.apSub);
000429  ** 
000430  */
000431  typedef struct VdbeOpIter VdbeOpIter;
000432  struct VdbeOpIter {
000433    Vdbe *v;                   /* Vdbe to iterate through the opcodes of */
000434    SubProgram **apSub;        /* Array of subprograms */
000435    int nSub;                  /* Number of entries in apSub */
000436    int iAddr;                 /* Address of next instruction to return */
000437    int iSub;                  /* 0 = main program, 1 = first sub-program etc. */
000438  };
000439  static Op *opIterNext(VdbeOpIter *p){
000440    Vdbe *v = p->v;
000441    Op *pRet = 0;
000442    Op *aOp;
000443    int nOp;
000444  
000445    if( p->iSub<=p->nSub ){
000446  
000447      if( p->iSub==0 ){
000448        aOp = v->aOp;
000449        nOp = v->nOp;
000450      }else{
000451        aOp = p->apSub[p->iSub-1]->aOp;
000452        nOp = p->apSub[p->iSub-1]->nOp;
000453      }
000454      assert( p->iAddr<nOp );
000455  
000456      pRet = &aOp[p->iAddr];
000457      p->iAddr++;
000458      if( p->iAddr==nOp ){
000459        p->iSub++;
000460        p->iAddr = 0;
000461      }
000462    
000463      if( pRet->p4type==P4_SUBPROGRAM ){
000464        int nByte = (p->nSub+1)*sizeof(SubProgram*);
000465        int j;
000466        for(j=0; j<p->nSub; j++){
000467          if( p->apSub[j]==pRet->p4.pProgram ) break;
000468        }
000469        if( j==p->nSub ){
000470          p->apSub = sqlite3DbReallocOrFree(v->db, p->apSub, nByte);
000471          if( !p->apSub ){
000472            pRet = 0;
000473          }else{
000474            p->apSub[p->nSub++] = pRet->p4.pProgram;
000475          }
000476        }
000477      }
000478    }
000479  
000480    return pRet;
000481  }
000482  
000483  /*
000484  ** Check if the program stored in the VM associated with pParse may
000485  ** throw an ABORT exception (causing the statement, but not entire transaction
000486  ** to be rolled back). This condition is true if the main program or any
000487  ** sub-programs contains any of the following:
000488  **
000489  **   *  OP_Halt with P1=SQLITE_CONSTRAINT and P2=OE_Abort.
000490  **   *  OP_HaltIfNull with P1=SQLITE_CONSTRAINT and P2=OE_Abort.
000491  **   *  OP_Destroy
000492  **   *  OP_VUpdate
000493  **   *  OP_VRename
000494  **   *  OP_FkCounter with P2==0 (immediate foreign key constraint)
000495  **   *  OP_CreateBtree/BTREE_INTKEY and OP_InitCoroutine 
000496  **      (for CREATE TABLE AS SELECT ...)
000497  **
000498  ** Then check that the value of Parse.mayAbort is true if an
000499  ** ABORT may be thrown, or false otherwise. Return true if it does
000500  ** match, or false otherwise. This function is intended to be used as
000501  ** part of an assert statement in the compiler. Similar to:
000502  **
000503  **   assert( sqlite3VdbeAssertMayAbort(pParse->pVdbe, pParse->mayAbort) );
000504  */
000505  int sqlite3VdbeAssertMayAbort(Vdbe *v, int mayAbort){
000506    int hasAbort = 0;
000507    int hasFkCounter = 0;
000508    int hasCreateTable = 0;
000509    int hasInitCoroutine = 0;
000510    Op *pOp;
000511    VdbeOpIter sIter;
000512    memset(&sIter, 0, sizeof(sIter));
000513    sIter.v = v;
000514  
000515    while( (pOp = opIterNext(&sIter))!=0 ){
000516      int opcode = pOp->opcode;
000517      if( opcode==OP_Destroy || opcode==OP_VUpdate || opcode==OP_VRename 
000518       || ((opcode==OP_Halt || opcode==OP_HaltIfNull) 
000519        && ((pOp->p1&0xff)==SQLITE_CONSTRAINT && pOp->p2==OE_Abort))
000520      ){
000521        hasAbort = 1;
000522        break;
000523      }
000524      if( opcode==OP_CreateBtree && pOp->p3==BTREE_INTKEY ) hasCreateTable = 1;
000525      if( opcode==OP_InitCoroutine ) hasInitCoroutine = 1;
000526  #ifndef SQLITE_OMIT_FOREIGN_KEY
000527      if( opcode==OP_FkCounter && pOp->p1==0 && pOp->p2==1 ){
000528        hasFkCounter = 1;
000529      }
000530  #endif
000531    }
000532    sqlite3DbFree(v->db, sIter.apSub);
000533  
000534    /* Return true if hasAbort==mayAbort. Or if a malloc failure occurred.
000535    ** If malloc failed, then the while() loop above may not have iterated
000536    ** through all opcodes and hasAbort may be set incorrectly. Return
000537    ** true for this case to prevent the assert() in the callers frame
000538    ** from failing.  */
000539    return ( v->db->mallocFailed || hasAbort==mayAbort || hasFkCounter
000540                || (hasCreateTable && hasInitCoroutine) );
000541  }
000542  #endif /* SQLITE_DEBUG - the sqlite3AssertMayAbort() function */
000543  
000544  /*
000545  ** This routine is called after all opcodes have been inserted.  It loops
000546  ** through all the opcodes and fixes up some details.
000547  **
000548  ** (1) For each jump instruction with a negative P2 value (a label)
000549  **     resolve the P2 value to an actual address.
000550  **
000551  ** (2) Compute the maximum number of arguments used by any SQL function
000552  **     and store that value in *pMaxFuncArgs.
000553  **
000554  ** (3) Update the Vdbe.readOnly and Vdbe.bIsReader flags to accurately
000555  **     indicate what the prepared statement actually does.
000556  **
000557  ** (4) Initialize the p4.xAdvance pointer on opcodes that use it.
000558  **
000559  ** (5) Reclaim the memory allocated for storing labels.
000560  **
000561  ** This routine will only function correctly if the mkopcodeh.tcl generator
000562  ** script numbers the opcodes correctly.  Changes to this routine must be
000563  ** coordinated with changes to mkopcodeh.tcl.
000564  */
000565  static void resolveP2Values(Vdbe *p, int *pMaxFuncArgs){
000566    int nMaxArgs = *pMaxFuncArgs;
000567    Op *pOp;
000568    Parse *pParse = p->pParse;
000569    int *aLabel = pParse->aLabel;
000570    p->readOnly = 1;
000571    p->bIsReader = 0;
000572    pOp = &p->aOp[p->nOp-1];
000573    while(1){
000574  
000575      /* Only JUMP opcodes and the short list of special opcodes in the switch
000576      ** below need to be considered.  The mkopcodeh.tcl generator script groups
000577      ** all these opcodes together near the front of the opcode list.  Skip
000578      ** any opcode that does not need processing by virtual of the fact that
000579      ** it is larger than SQLITE_MX_JUMP_OPCODE, as a performance optimization.
000580      */
000581      if( pOp->opcode<=SQLITE_MX_JUMP_OPCODE ){
000582        /* NOTE: Be sure to update mkopcodeh.tcl when adding or removing
000583        ** cases from this switch! */
000584        switch( pOp->opcode ){
000585          case OP_Transaction: {
000586            if( pOp->p2!=0 ) p->readOnly = 0;
000587            /* fall thru */
000588          }
000589          case OP_AutoCommit:
000590          case OP_Savepoint: {
000591            p->bIsReader = 1;
000592            break;
000593          }
000594  #ifndef SQLITE_OMIT_WAL
000595          case OP_Checkpoint:
000596  #endif
000597          case OP_Vacuum:
000598          case OP_JournalMode: {
000599            p->readOnly = 0;
000600            p->bIsReader = 1;
000601            break;
000602          }
000603          case OP_Next:
000604          case OP_NextIfOpen:
000605          case OP_SorterNext: {
000606            pOp->p4.xAdvance = sqlite3BtreeNext;
000607            pOp->p4type = P4_ADVANCE;
000608            /* The code generator never codes any of these opcodes as a jump
000609            ** to a label.  They are always coded as a jump backwards to a 
000610            ** known address */
000611            assert( pOp->p2>=0 );
000612            break;
000613          }
000614          case OP_Prev:
000615          case OP_PrevIfOpen: {
000616            pOp->p4.xAdvance = sqlite3BtreePrevious;
000617            pOp->p4type = P4_ADVANCE;
000618            /* The code generator never codes any of these opcodes as a jump
000619            ** to a label.  They are always coded as a jump backwards to a 
000620            ** known address */
000621            assert( pOp->p2>=0 );
000622            break;
000623          }
000624  #ifndef SQLITE_OMIT_VIRTUALTABLE
000625          case OP_VUpdate: {
000626            if( pOp->p2>nMaxArgs ) nMaxArgs = pOp->p2;
000627            break;
000628          }
000629          case OP_VFilter: {
000630            int n;
000631            assert( (pOp - p->aOp) >= 3 );
000632            assert( pOp[-1].opcode==OP_Integer );
000633            n = pOp[-1].p1;
000634            if( n>nMaxArgs ) nMaxArgs = n;
000635            /* Fall through into the default case */
000636          }
000637  #endif
000638          default: {
000639            if( pOp->p2<0 ){
000640              /* The mkopcodeh.tcl script has so arranged things that the only
000641              ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
000642              ** have non-negative values for P2. */
000643              assert( (sqlite3OpcodeProperty[pOp->opcode] & OPFLG_JUMP)!=0 );
000644              assert( ADDR(pOp->p2)<pParse->nLabel );
000645              pOp->p2 = aLabel[ADDR(pOp->p2)];
000646            }
000647            break;
000648          }
000649        }
000650        /* The mkopcodeh.tcl script has so arranged things that the only
000651        ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
000652        ** have non-negative values for P2. */
000653        assert( (sqlite3OpcodeProperty[pOp->opcode]&OPFLG_JUMP)==0 || pOp->p2>=0);
000654      }
000655      if( pOp==p->aOp ) break;
000656      pOp--;
000657    }
000658    sqlite3DbFree(p->db, pParse->aLabel);
000659    pParse->aLabel = 0;
000660    pParse->nLabel = 0;
000661    *pMaxFuncArgs = nMaxArgs;
000662    assert( p->bIsReader!=0 || DbMaskAllZero(p->btreeMask) );
000663  }
000664  
000665  /*
000666  ** Return the address of the next instruction to be inserted.
000667  */
000668  int sqlite3VdbeCurrentAddr(Vdbe *p){
000669    assert( p->magic==VDBE_MAGIC_INIT );
000670    return p->nOp;
000671  }
000672  
000673  /*
000674  ** Verify that at least N opcode slots are available in p without
000675  ** having to malloc for more space (except when compiled using
000676  ** SQLITE_TEST_REALLOC_STRESS).  This interface is used during testing
000677  ** to verify that certain calls to sqlite3VdbeAddOpList() can never
000678  ** fail due to a OOM fault and hence that the return value from
000679  ** sqlite3VdbeAddOpList() will always be non-NULL.
000680  */
000681  #if defined(SQLITE_DEBUG) && !defined(SQLITE_TEST_REALLOC_STRESS)
000682  void sqlite3VdbeVerifyNoMallocRequired(Vdbe *p, int N){
000683    assert( p->nOp + N <= p->pParse->nOpAlloc );
000684  }
000685  #endif
000686  
000687  /*
000688  ** Verify that the VM passed as the only argument does not contain
000689  ** an OP_ResultRow opcode. Fail an assert() if it does. This is used
000690  ** by code in pragma.c to ensure that the implementation of certain
000691  ** pragmas comports with the flags specified in the mkpragmatab.tcl
000692  ** script.
000693  */
000694  #if defined(SQLITE_DEBUG) && !defined(SQLITE_TEST_REALLOC_STRESS)
000695  void sqlite3VdbeVerifyNoResultRow(Vdbe *p){
000696    int i;
000697    for(i=0; i<p->nOp; i++){
000698      assert( p->aOp[i].opcode!=OP_ResultRow );
000699    }
000700  }
000701  #endif
000702  
000703  /*
000704  ** This function returns a pointer to the array of opcodes associated with
000705  ** the Vdbe passed as the first argument. It is the callers responsibility
000706  ** to arrange for the returned array to be eventually freed using the 
000707  ** vdbeFreeOpArray() function.
000708  **
000709  ** Before returning, *pnOp is set to the number of entries in the returned
000710  ** array. Also, *pnMaxArg is set to the larger of its current value and 
000711  ** the number of entries in the Vdbe.apArg[] array required to execute the 
000712  ** returned program.
000713  */
000714  VdbeOp *sqlite3VdbeTakeOpArray(Vdbe *p, int *pnOp, int *pnMaxArg){
000715    VdbeOp *aOp = p->aOp;
000716    assert( aOp && !p->db->mallocFailed );
000717  
000718    /* Check that sqlite3VdbeUsesBtree() was not called on this VM */
000719    assert( DbMaskAllZero(p->btreeMask) );
000720  
000721    resolveP2Values(p, pnMaxArg);
000722    *pnOp = p->nOp;
000723    p->aOp = 0;
000724    return aOp;
000725  }
000726  
000727  /*
000728  ** Add a whole list of operations to the operation stack.  Return a
000729  ** pointer to the first operation inserted.
000730  **
000731  ** Non-zero P2 arguments to jump instructions are automatically adjusted
000732  ** so that the jump target is relative to the first operation inserted.
000733  */
000734  VdbeOp *sqlite3VdbeAddOpList(
000735    Vdbe *p,                     /* Add opcodes to the prepared statement */
000736    int nOp,                     /* Number of opcodes to add */
000737    VdbeOpList const *aOp,       /* The opcodes to be added */
000738    int iLineno                  /* Source-file line number of first opcode */
000739  ){
000740    int i;
000741    VdbeOp *pOut, *pFirst;
000742    assert( nOp>0 );
000743    assert( p->magic==VDBE_MAGIC_INIT );
000744    if( p->nOp + nOp > p->pParse->nOpAlloc && growOpArray(p, nOp) ){
000745      return 0;
000746    }
000747    pFirst = pOut = &p->aOp[p->nOp];
000748    for(i=0; i<nOp; i++, aOp++, pOut++){
000749      pOut->opcode = aOp->opcode;
000750      pOut->p1 = aOp->p1;
000751      pOut->p2 = aOp->p2;
000752      assert( aOp->p2>=0 );
000753      if( (sqlite3OpcodeProperty[aOp->opcode] & OPFLG_JUMP)!=0 && aOp->p2>0 ){
000754        pOut->p2 += p->nOp;
000755      }
000756      pOut->p3 = aOp->p3;
000757      pOut->p4type = P4_NOTUSED;
000758      pOut->p4.p = 0;
000759      pOut->p5 = 0;
000760  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
000761      pOut->zComment = 0;
000762  #endif
000763  #ifdef SQLITE_VDBE_COVERAGE
000764      pOut->iSrcLine = iLineno+i;
000765  #else
000766      (void)iLineno;
000767  #endif
000768  #ifdef SQLITE_DEBUG
000769      if( p->db->flags & SQLITE_VdbeAddopTrace ){
000770        sqlite3VdbePrintOp(0, i+p->nOp, &p->aOp[i+p->nOp]);
000771      }
000772  #endif
000773    }
000774    p->nOp += nOp;
000775    return pFirst;
000776  }
000777  
000778  #if defined(SQLITE_ENABLE_STMT_SCANSTATUS)
000779  /*
000780  ** Add an entry to the array of counters managed by sqlite3_stmt_scanstatus().
000781  */
000782  void sqlite3VdbeScanStatus(
000783    Vdbe *p,                        /* VM to add scanstatus() to */
000784    int addrExplain,                /* Address of OP_Explain (or 0) */
000785    int addrLoop,                   /* Address of loop counter */ 
000786    int addrVisit,                  /* Address of rows visited counter */
000787    LogEst nEst,                    /* Estimated number of output rows */
000788    const char *zName               /* Name of table or index being scanned */
000789  ){
000790    int nByte = (p->nScan+1) * sizeof(ScanStatus);
000791    ScanStatus *aNew;
000792    aNew = (ScanStatus*)sqlite3DbRealloc(p->db, p->aScan, nByte);
000793    if( aNew ){
000794      ScanStatus *pNew = &aNew[p->nScan++];
000795      pNew->addrExplain = addrExplain;
000796      pNew->addrLoop = addrLoop;
000797      pNew->addrVisit = addrVisit;
000798      pNew->nEst = nEst;
000799      pNew->zName = sqlite3DbStrDup(p->db, zName);
000800      p->aScan = aNew;
000801    }
000802  }
000803  #endif
000804  
000805  
000806  /*
000807  ** Change the value of the opcode, or P1, P2, P3, or P5 operands
000808  ** for a specific instruction.
000809  */
000810  void sqlite3VdbeChangeOpcode(Vdbe *p, u32 addr, u8 iNewOpcode){
000811    sqlite3VdbeGetOp(p,addr)->opcode = iNewOpcode;
000812  }
000813  void sqlite3VdbeChangeP1(Vdbe *p, u32 addr, int val){
000814    sqlite3VdbeGetOp(p,addr)->p1 = val;
000815  }
000816  void sqlite3VdbeChangeP2(Vdbe *p, u32 addr, int val){
000817    sqlite3VdbeGetOp(p,addr)->p2 = val;
000818  }
000819  void sqlite3VdbeChangeP3(Vdbe *p, u32 addr, int val){
000820    sqlite3VdbeGetOp(p,addr)->p3 = val;
000821  }
000822  void sqlite3VdbeChangeP5(Vdbe *p, u16 p5){
000823    assert( p->nOp>0 || p->db->mallocFailed );
000824    if( p->nOp>0 ) p->aOp[p->nOp-1].p5 = p5;
000825  }
000826  
000827  /*
000828  ** Change the P2 operand of instruction addr so that it points to
000829  ** the address of the next instruction to be coded.
000830  */
000831  void sqlite3VdbeJumpHere(Vdbe *p, int addr){
000832    sqlite3VdbeChangeP2(p, addr, p->nOp);
000833  }
000834  
000835  
000836  /*
000837  ** If the input FuncDef structure is ephemeral, then free it.  If
000838  ** the FuncDef is not ephermal, then do nothing.
000839  */
000840  static void freeEphemeralFunction(sqlite3 *db, FuncDef *pDef){
000841    if( (pDef->funcFlags & SQLITE_FUNC_EPHEM)!=0 ){
000842      sqlite3DbFreeNN(db, pDef);
000843    }
000844  }
000845  
000846  static void vdbeFreeOpArray(sqlite3 *, Op *, int);
000847  
000848  /*
000849  ** Delete a P4 value if necessary.
000850  */
000851  static SQLITE_NOINLINE void freeP4Mem(sqlite3 *db, Mem *p){
000852    if( p->szMalloc ) sqlite3DbFree(db, p->zMalloc);
000853    sqlite3DbFreeNN(db, p);
000854  }
000855  static SQLITE_NOINLINE void freeP4FuncCtx(sqlite3 *db, sqlite3_context *p){
000856    freeEphemeralFunction(db, p->pFunc);
000857   sqlite3DbFreeNN(db, p);
000858  }
000859  static void freeP4(sqlite3 *db, int p4type, void *p4){
000860    assert( db );
000861    switch( p4type ){
000862      case P4_FUNCCTX: {
000863        freeP4FuncCtx(db, (sqlite3_context*)p4);
000864        break;
000865      }
000866      case P4_REAL:
000867      case P4_INT64:
000868      case P4_DYNAMIC:
000869      case P4_INTARRAY: {
000870        sqlite3DbFree(db, p4);
000871        break;
000872      }
000873      case P4_KEYINFO: {
000874        if( db->pnBytesFreed==0 ) sqlite3KeyInfoUnref((KeyInfo*)p4);
000875        break;
000876      }
000877  #ifdef SQLITE_ENABLE_CURSOR_HINTS
000878      case P4_EXPR: {
000879        sqlite3ExprDelete(db, (Expr*)p4);
000880        break;
000881      }
000882  #endif
000883      case P4_FUNCDEF: {
000884        freeEphemeralFunction(db, (FuncDef*)p4);
000885        break;
000886      }
000887      case P4_MEM: {
000888        if( db->pnBytesFreed==0 ){
000889          sqlite3ValueFree((sqlite3_value*)p4);
000890        }else{
000891          freeP4Mem(db, (Mem*)p4);
000892        }
000893        break;
000894      }
000895      case P4_VTAB : {
000896        if( db->pnBytesFreed==0 ) sqlite3VtabUnlock((VTable *)p4);
000897        break;
000898      }
000899    }
000900  }
000901  
000902  /*
000903  ** Free the space allocated for aOp and any p4 values allocated for the
000904  ** opcodes contained within. If aOp is not NULL it is assumed to contain 
000905  ** nOp entries. 
000906  */
000907  static void vdbeFreeOpArray(sqlite3 *db, Op *aOp, int nOp){
000908    if( aOp ){
000909      Op *pOp;
000910      for(pOp=&aOp[nOp-1]; pOp>=aOp; pOp--){
000911        if( pOp->p4type <= P4_FREE_IF_LE ) freeP4(db, pOp->p4type, pOp->p4.p);
000912  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
000913        sqlite3DbFree(db, pOp->zComment);
000914  #endif     
000915      }
000916      sqlite3DbFreeNN(db, aOp);
000917    }
000918  }
000919  
000920  /*
000921  ** Link the SubProgram object passed as the second argument into the linked
000922  ** list at Vdbe.pSubProgram. This list is used to delete all sub-program
000923  ** objects when the VM is no longer required.
000924  */
000925  void sqlite3VdbeLinkSubProgram(Vdbe *pVdbe, SubProgram *p){
000926    p->pNext = pVdbe->pProgram;
000927    pVdbe->pProgram = p;
000928  }
000929  
000930  /*
000931  ** Change the opcode at addr into OP_Noop
000932  */
000933  int sqlite3VdbeChangeToNoop(Vdbe *p, int addr){
000934    VdbeOp *pOp;
000935    if( p->db->mallocFailed ) return 0;
000936    assert( addr>=0 && addr<p->nOp );
000937    pOp = &p->aOp[addr];
000938    freeP4(p->db, pOp->p4type, pOp->p4.p);
000939    pOp->p4type = P4_NOTUSED;
000940    pOp->p4.z = 0;
000941    pOp->opcode = OP_Noop;
000942    return 1;
000943  }
000944  
000945  /*
000946  ** If the last opcode is "op" and it is not a jump destination,
000947  ** then remove it.  Return true if and only if an opcode was removed.
000948  */
000949  int sqlite3VdbeDeletePriorOpcode(Vdbe *p, u8 op){
000950    if( p->nOp>0 && p->aOp[p->nOp-1].opcode==op ){
000951      return sqlite3VdbeChangeToNoop(p, p->nOp-1);
000952    }else{
000953      return 0;
000954    }
000955  }
000956  
000957  /*
000958  ** Change the value of the P4 operand for a specific instruction.
000959  ** This routine is useful when a large program is loaded from a
000960  ** static array using sqlite3VdbeAddOpList but we want to make a
000961  ** few minor changes to the program.
000962  **
000963  ** If n>=0 then the P4 operand is dynamic, meaning that a copy of
000964  ** the string is made into memory obtained from sqlite3_malloc().
000965  ** A value of n==0 means copy bytes of zP4 up to and including the
000966  ** first null byte.  If n>0 then copy n+1 bytes of zP4.
000967  ** 
000968  ** Other values of n (P4_STATIC, P4_COLLSEQ etc.) indicate that zP4 points
000969  ** to a string or structure that is guaranteed to exist for the lifetime of
000970  ** the Vdbe. In these cases we can just copy the pointer.
000971  **
000972  ** If addr<0 then change P4 on the most recently inserted instruction.
000973  */
000974  static void SQLITE_NOINLINE vdbeChangeP4Full(
000975    Vdbe *p,
000976    Op *pOp,
000977    const char *zP4,
000978    int n
000979  ){
000980    if( pOp->p4type ){
000981      freeP4(p->db, pOp->p4type, pOp->p4.p);
000982      pOp->p4type = 0;
000983      pOp->p4.p = 0;
000984    }
000985    if( n<0 ){
000986      sqlite3VdbeChangeP4(p, (int)(pOp - p->aOp), zP4, n);
000987    }else{
000988      if( n==0 ) n = sqlite3Strlen30(zP4);
000989      pOp->p4.z = sqlite3DbStrNDup(p->db, zP4, n);
000990      pOp->p4type = P4_DYNAMIC;
000991    }
000992  }
000993  void sqlite3VdbeChangeP4(Vdbe *p, int addr, const char *zP4, int n){
000994    Op *pOp;
000995    sqlite3 *db;
000996    assert( p!=0 );
000997    db = p->db;
000998    assert( p->magic==VDBE_MAGIC_INIT );
000999    assert( p->aOp!=0 || db->mallocFailed );
001000    if( db->mallocFailed ){
001001      if( n!=P4_VTAB ) freeP4(db, n, (void*)*(char**)&zP4);
001002      return;
001003    }
001004    assert( p->nOp>0 );
001005    assert( addr<p->nOp );
001006    if( addr<0 ){
001007      addr = p->nOp - 1;
001008    }
001009    pOp = &p->aOp[addr];
001010    if( n>=0 || pOp->p4type ){
001011      vdbeChangeP4Full(p, pOp, zP4, n);
001012      return;
001013    }
001014    if( n==P4_INT32 ){
001015      /* Note: this cast is safe, because the origin data point was an int
001016      ** that was cast to a (const char *). */
001017      pOp->p4.i = SQLITE_PTR_TO_INT(zP4);
001018      pOp->p4type = P4_INT32;
001019    }else if( zP4!=0 ){
001020      assert( n<0 );
001021      pOp->p4.p = (void*)zP4;
001022      pOp->p4type = (signed char)n;
001023      if( n==P4_VTAB ) sqlite3VtabLock((VTable*)zP4);
001024    }
001025  }
001026  
001027  /*
001028  ** Change the P4 operand of the most recently coded instruction 
001029  ** to the value defined by the arguments.  This is a high-speed
001030  ** version of sqlite3VdbeChangeP4().
001031  **
001032  ** The P4 operand must not have been previously defined.  And the new
001033  ** P4 must not be P4_INT32.  Use sqlite3VdbeChangeP4() in either of
001034  ** those cases.
001035  */
001036  void sqlite3VdbeAppendP4(Vdbe *p, void *pP4, int n){
001037    VdbeOp *pOp;
001038    assert( n!=P4_INT32 && n!=P4_VTAB );
001039    assert( n<=0 );
001040    if( p->db->mallocFailed ){
001041      freeP4(p->db, n, pP4);
001042    }else{
001043      assert( pP4!=0 );
001044      assert( p->nOp>0 );
001045      pOp = &p->aOp[p->nOp-1];
001046      assert( pOp->p4type==P4_NOTUSED );
001047      pOp->p4type = n;
001048      pOp->p4.p = pP4;
001049    }
001050  }
001051  
001052  /*
001053  ** Set the P4 on the most recently added opcode to the KeyInfo for the
001054  ** index given.
001055  */
001056  void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
001057    Vdbe *v = pParse->pVdbe;
001058    KeyInfo *pKeyInfo;
001059    assert( v!=0 );
001060    assert( pIdx!=0 );
001061    pKeyInfo = sqlite3KeyInfoOfIndex(pParse, pIdx);
001062    if( pKeyInfo ) sqlite3VdbeAppendP4(v, pKeyInfo, P4_KEYINFO);
001063  }
001064  
001065  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
001066  /*
001067  ** Change the comment on the most recently coded instruction.  Or
001068  ** insert a No-op and add the comment to that new instruction.  This
001069  ** makes the code easier to read during debugging.  None of this happens
001070  ** in a production build.
001071  */
001072  static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
001073    assert( p->nOp>0 || p->aOp==0 );
001074    assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
001075    if( p->nOp ){
001076      assert( p->aOp );
001077      sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);
001078      p->aOp[p->nOp-1].zComment = sqlite3VMPrintf(p->db, zFormat, ap);
001079    }
001080  }
001081  void sqlite3VdbeComment(Vdbe *p, const char *zFormat, ...){
001082    va_list ap;
001083    if( p ){
001084      va_start(ap, zFormat);
001085      vdbeVComment(p, zFormat, ap);
001086      va_end(ap);
001087    }
001088  }
001089  void sqlite3VdbeNoopComment(Vdbe *p, const char *zFormat, ...){
001090    va_list ap;
001091    if( p ){
001092      sqlite3VdbeAddOp0(p, OP_Noop);
001093      va_start(ap, zFormat);
001094      vdbeVComment(p, zFormat, ap);
001095      va_end(ap);
001096    }
001097  }
001098  #endif  /* NDEBUG */
001099  
001100  #ifdef SQLITE_VDBE_COVERAGE
001101  /*
001102  ** Set the value if the iSrcLine field for the previously coded instruction.
001103  */
001104  void sqlite3VdbeSetLineNumber(Vdbe *v, int iLine){
001105    sqlite3VdbeGetOp(v,-1)->iSrcLine = iLine;
001106  }
001107  #endif /* SQLITE_VDBE_COVERAGE */
001108  
001109  /*
001110  ** Return the opcode for a given address.  If the address is -1, then
001111  ** return the most recently inserted opcode.
001112  **
001113  ** If a memory allocation error has occurred prior to the calling of this
001114  ** routine, then a pointer to a dummy VdbeOp will be returned.  That opcode
001115  ** is readable but not writable, though it is cast to a writable value.
001116  ** The return of a dummy opcode allows the call to continue functioning
001117  ** after an OOM fault without having to check to see if the return from 
001118  ** this routine is a valid pointer.  But because the dummy.opcode is 0,
001119  ** dummy will never be written to.  This is verified by code inspection and
001120  ** by running with Valgrind.
001121  */
001122  VdbeOp *sqlite3VdbeGetOp(Vdbe *p, int addr){
001123    /* C89 specifies that the constant "dummy" will be initialized to all
001124    ** zeros, which is correct.  MSVC generates a warning, nevertheless. */
001125    static VdbeOp dummy;  /* Ignore the MSVC warning about no initializer */
001126    assert( p->magic==VDBE_MAGIC_INIT );
001127    if( addr<0 ){
001128      addr = p->nOp - 1;
001129    }
001130    assert( (addr>=0 && addr<p->nOp) || p->db->mallocFailed );
001131    if( p->db->mallocFailed ){
001132      return (VdbeOp*)&dummy;
001133    }else{
001134      return &p->aOp[addr];
001135    }
001136  }
001137  
001138  #if defined(SQLITE_ENABLE_EXPLAIN_COMMENTS)
001139  /*
001140  ** Return an integer value for one of the parameters to the opcode pOp
001141  ** determined by character c.
001142  */
001143  static int translateP(char c, const Op *pOp){
001144    if( c=='1' ) return pOp->p1;
001145    if( c=='2' ) return pOp->p2;
001146    if( c=='3' ) return pOp->p3;
001147    if( c=='4' ) return pOp->p4.i;
001148    return pOp->p5;
001149  }
001150  
001151  /*
001152  ** Compute a string for the "comment" field of a VDBE opcode listing.
001153  **
001154  ** The Synopsis: field in comments in the vdbe.c source file gets converted
001155  ** to an extra string that is appended to the sqlite3OpcodeName().  In the
001156  ** absence of other comments, this synopsis becomes the comment on the opcode.
001157  ** Some translation occurs:
001158  **
001159  **       "PX"      ->  "r[X]"
001160  **       "PX@PY"   ->  "r[X..X+Y-1]"  or "r[x]" if y is 0 or 1
001161  **       "PX@PY+1" ->  "r[X..X+Y]"    or "r[x]" if y is 0
001162  **       "PY..PY"  ->  "r[X..Y]"      or "r[x]" if y<=x
001163  */
001164  static int displayComment(
001165    const Op *pOp,     /* The opcode to be commented */
001166    const char *zP4,   /* Previously obtained value for P4 */
001167    char *zTemp,       /* Write result here */
001168    int nTemp          /* Space available in zTemp[] */
001169  ){
001170    const char *zOpName;
001171    const char *zSynopsis;
001172    int nOpName;
001173    int ii, jj;
001174    char zAlt[50];
001175    zOpName = sqlite3OpcodeName(pOp->opcode);
001176    nOpName = sqlite3Strlen30(zOpName);
001177    if( zOpName[nOpName+1] ){
001178      int seenCom = 0;
001179      char c;
001180      zSynopsis = zOpName += nOpName + 1;
001181      if( strncmp(zSynopsis,"IF ",3)==0 ){
001182        if( pOp->p5 & SQLITE_STOREP2 ){
001183          sqlite3_snprintf(sizeof(zAlt), zAlt, "r[P2] = (%s)", zSynopsis+3);
001184        }else{
001185          sqlite3_snprintf(sizeof(zAlt), zAlt, "if %s goto P2", zSynopsis+3);
001186        }
001187        zSynopsis = zAlt;
001188      }
001189      for(ii=jj=0; jj<nTemp-1 && (c = zSynopsis[ii])!=0; ii++){
001190        if( c=='P' ){
001191          c = zSynopsis[++ii];
001192          if( c=='4' ){
001193            sqlite3_snprintf(nTemp-jj, zTemp+jj, "%s", zP4);
001194          }else if( c=='X' ){
001195            sqlite3_snprintf(nTemp-jj, zTemp+jj, "%s", pOp->zComment);
001196            seenCom = 1;
001197          }else{
001198            int v1 = translateP(c, pOp);
001199            int v2;
001200            sqlite3_snprintf(nTemp-jj, zTemp+jj, "%d", v1);
001201            if( strncmp(zSynopsis+ii+1, "@P", 2)==0 ){
001202              ii += 3;
001203              jj += sqlite3Strlen30(zTemp+jj);
001204              v2 = translateP(zSynopsis[ii], pOp);
001205              if( strncmp(zSynopsis+ii+1,"+1",2)==0 ){
001206                ii += 2;
001207                v2++;
001208              }
001209              if( v2>1 ){
001210                sqlite3_snprintf(nTemp-jj, zTemp+jj, "..%d", v1+v2-1);
001211              }
001212            }else if( strncmp(zSynopsis+ii+1, "..P3", 4)==0 && pOp->p3==0 ){
001213              ii += 4;
001214            }
001215          }
001216          jj += sqlite3Strlen30(zTemp+jj);
001217        }else{
001218          zTemp[jj++] = c;
001219        }
001220      }
001221      if( !seenCom && jj<nTemp-5 && pOp->zComment ){
001222        sqlite3_snprintf(nTemp-jj, zTemp+jj, "; %s", pOp->zComment);
001223        jj += sqlite3Strlen30(zTemp+jj);
001224      }
001225      if( jj<nTemp ) zTemp[jj] = 0;
001226    }else if( pOp->zComment ){
001227      sqlite3_snprintf(nTemp, zTemp, "%s", pOp->zComment);
001228      jj = sqlite3Strlen30(zTemp);
001229    }else{
001230      zTemp[0] = 0;
001231      jj = 0;
001232    }
001233    return jj;
001234  }
001235  #endif /* SQLITE_DEBUG */
001236  
001237  #if VDBE_DISPLAY_P4 && defined(SQLITE_ENABLE_CURSOR_HINTS)
001238  /*
001239  ** Translate the P4.pExpr value for an OP_CursorHint opcode into text
001240  ** that can be displayed in the P4 column of EXPLAIN output.
001241  */
001242  static void displayP4Expr(StrAccum *p, Expr *pExpr){
001243    const char *zOp = 0;
001244    switch( pExpr->op ){
001245      case TK_STRING:
001246        sqlite3XPrintf(p, "%Q", pExpr->u.zToken);
001247        break;
001248      case TK_INTEGER:
001249        sqlite3XPrintf(p, "%d", pExpr->u.iValue);
001250        break;
001251      case TK_NULL:
001252        sqlite3XPrintf(p, "NULL");
001253        break;
001254      case TK_REGISTER: {
001255        sqlite3XPrintf(p, "r[%d]", pExpr->iTable);
001256        break;
001257      }
001258      case TK_COLUMN: {
001259        if( pExpr->iColumn<0 ){
001260          sqlite3XPrintf(p, "rowid");
001261        }else{
001262          sqlite3XPrintf(p, "c%d", (int)pExpr->iColumn);
001263        }
001264        break;
001265      }
001266      case TK_LT:      zOp = "LT";      break;
001267      case TK_LE:      zOp = "LE";      break;
001268      case TK_GT:      zOp = "GT";      break;
001269      case TK_GE:      zOp = "GE";      break;
001270      case TK_NE:      zOp = "NE";      break;
001271      case TK_EQ:      zOp = "EQ";      break;
001272      case TK_IS:      zOp = "IS";      break;
001273      case TK_ISNOT:   zOp = "ISNOT";   break;
001274      case TK_AND:     zOp = "AND";     break;
001275      case TK_OR:      zOp = "OR";      break;
001276      case TK_PLUS:    zOp = "ADD";     break;
001277      case TK_STAR:    zOp = "MUL";     break;
001278      case TK_MINUS:   zOp = "SUB";     break;
001279      case TK_REM:     zOp = "REM";     break;
001280      case TK_BITAND:  zOp = "BITAND";  break;
001281      case TK_BITOR:   zOp = "BITOR";   break;
001282      case TK_SLASH:   zOp = "DIV";     break;
001283      case TK_LSHIFT:  zOp = "LSHIFT";  break;
001284      case TK_RSHIFT:  zOp = "RSHIFT";  break;
001285      case TK_CONCAT:  zOp = "CONCAT";  break;
001286      case TK_UMINUS:  zOp = "MINUS";   break;
001287      case TK_UPLUS:   zOp = "PLUS";    break;
001288      case TK_BITNOT:  zOp = "BITNOT";  break;
001289      case TK_NOT:     zOp = "NOT";     break;
001290      case TK_ISNULL:  zOp = "ISNULL";  break;
001291      case TK_NOTNULL: zOp = "NOTNULL"; break;
001292  
001293      default:
001294        sqlite3XPrintf(p, "%s", "expr");
001295        break;
001296    }
001297  
001298    if( zOp ){
001299      sqlite3XPrintf(p, "%s(", zOp);
001300      displayP4Expr(p, pExpr->pLeft);
001301      if( pExpr->pRight ){
001302        sqlite3StrAccumAppend(p, ",", 1);
001303        displayP4Expr(p, pExpr->pRight);
001304      }
001305      sqlite3StrAccumAppend(p, ")", 1);
001306    }
001307  }
001308  #endif /* VDBE_DISPLAY_P4 && defined(SQLITE_ENABLE_CURSOR_HINTS) */
001309  
001310  
001311  #if VDBE_DISPLAY_P4
001312  /*
001313  ** Compute a string that describes the P4 parameter for an opcode.
001314  ** Use zTemp for any required temporary buffer space.
001315  */
001316  static char *displayP4(Op *pOp, char *zTemp, int nTemp){
001317    char *zP4 = zTemp;
001318    StrAccum x;
001319    assert( nTemp>=20 );
001320    sqlite3StrAccumInit(&x, 0, zTemp, nTemp, 0);
001321    switch( pOp->p4type ){
001322      case P4_KEYINFO: {
001323        int j;
001324        KeyInfo *pKeyInfo = pOp->p4.pKeyInfo;
001325        assert( pKeyInfo->aSortOrder!=0 );
001326        sqlite3XPrintf(&x, "k(%d", pKeyInfo->nKeyField);
001327        for(j=0; j<pKeyInfo->nKeyField; j++){
001328          CollSeq *pColl = pKeyInfo->aColl[j];
001329          const char *zColl = pColl ? pColl->zName : "";
001330          if( strcmp(zColl, "BINARY")==0 ) zColl = "B";
001331          sqlite3XPrintf(&x, ",%s%s", pKeyInfo->aSortOrder[j] ? "-" : "", zColl);
001332        }
001333        sqlite3StrAccumAppend(&x, ")", 1);
001334        break;
001335      }
001336  #ifdef SQLITE_ENABLE_CURSOR_HINTS
001337      case P4_EXPR: {
001338        displayP4Expr(&x, pOp->p4.pExpr);
001339        break;
001340      }
001341  #endif
001342      case P4_COLLSEQ: {
001343        CollSeq *pColl = pOp->p4.pColl;
001344        sqlite3XPrintf(&x, "(%.20s)", pColl->zName);
001345        break;
001346      }
001347      case P4_FUNCDEF: {
001348        FuncDef *pDef = pOp->p4.pFunc;
001349        sqlite3XPrintf(&x, "%s(%d)", pDef->zName, pDef->nArg);
001350        break;
001351      }
001352  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
001353      case P4_FUNCCTX: {
001354        FuncDef *pDef = pOp->p4.pCtx->pFunc;
001355        sqlite3XPrintf(&x, "%s(%d)", pDef->zName, pDef->nArg);
001356        break;
001357      }
001358  #endif
001359      case P4_INT64: {
001360        sqlite3XPrintf(&x, "%lld", *pOp->p4.pI64);
001361        break;
001362      }
001363      case P4_INT32: {
001364        sqlite3XPrintf(&x, "%d", pOp->p4.i);
001365        break;
001366      }
001367      case P4_REAL: {
001368        sqlite3XPrintf(&x, "%.16g", *pOp->p4.pReal);
001369        break;
001370      }
001371      case P4_MEM: {
001372        Mem *pMem = pOp->p4.pMem;
001373        if( pMem->flags & MEM_Str ){
001374          zP4 = pMem->z;
001375        }else if( pMem->flags & MEM_Int ){
001376          sqlite3XPrintf(&x, "%lld", pMem->u.i);
001377        }else if( pMem->flags & MEM_Real ){
001378          sqlite3XPrintf(&x, "%.16g", pMem->u.r);
001379        }else if( pMem->flags & MEM_Null ){
001380          zP4 = "NULL";
001381        }else{
001382          assert( pMem->flags & MEM_Blob );
001383          zP4 = "(blob)";
001384        }
001385        break;
001386      }
001387  #ifndef SQLITE_OMIT_VIRTUALTABLE
001388      case P4_VTAB: {
001389        sqlite3_vtab *pVtab = pOp->p4.pVtab->pVtab;
001390        sqlite3XPrintf(&x, "vtab:%p", pVtab);
001391        break;
001392      }
001393  #endif
001394      case P4_INTARRAY: {
001395        int i;
001396        int *ai = pOp->p4.ai;
001397        int n = ai[0];   /* The first element of an INTARRAY is always the
001398                         ** count of the number of elements to follow */
001399        for(i=1; i<=n; i++){
001400          sqlite3XPrintf(&x, ",%d", ai[i]);
001401        }
001402        zTemp[0] = '[';
001403        sqlite3StrAccumAppend(&x, "]", 1);
001404        break;
001405      }
001406      case P4_SUBPROGRAM: {
001407        sqlite3XPrintf(&x, "program");
001408        break;
001409      }
001410      case P4_ADVANCE: {
001411        zTemp[0] = 0;
001412        break;
001413      }
001414      case P4_TABLE: {
001415        sqlite3XPrintf(&x, "%s", pOp->p4.pTab->zName);
001416        break;
001417      }
001418      default: {
001419        zP4 = pOp->p4.z;
001420        if( zP4==0 ){
001421          zP4 = zTemp;
001422          zTemp[0] = 0;
001423        }
001424      }
001425    }
001426    sqlite3StrAccumFinish(&x);
001427    assert( zP4!=0 );
001428    return zP4;
001429  }
001430  #endif /* VDBE_DISPLAY_P4 */
001431  
001432  /*
001433  ** Declare to the Vdbe that the BTree object at db->aDb[i] is used.
001434  **
001435  ** The prepared statements need to know in advance the complete set of
001436  ** attached databases that will be use.  A mask of these databases
001437  ** is maintained in p->btreeMask.  The p->lockMask value is the subset of
001438  ** p->btreeMask of databases that will require a lock.
001439  */
001440  void sqlite3VdbeUsesBtree(Vdbe *p, int i){
001441    assert( i>=0 && i<p->db->nDb && i<(int)sizeof(yDbMask)*8 );
001442    assert( i<(int)sizeof(p->btreeMask)*8 );
001443    DbMaskSet(p->btreeMask, i);
001444    if( i!=1 && sqlite3BtreeSharable(p->db->aDb[i].pBt) ){
001445      DbMaskSet(p->lockMask, i);
001446    }
001447  }
001448  
001449  #if !defined(SQLITE_OMIT_SHARED_CACHE)
001450  /*
001451  ** If SQLite is compiled to support shared-cache mode and to be threadsafe,
001452  ** this routine obtains the mutex associated with each BtShared structure
001453  ** that may be accessed by the VM passed as an argument. In doing so it also
001454  ** sets the BtShared.db member of each of the BtShared structures, ensuring
001455  ** that the correct busy-handler callback is invoked if required.
001456  **
001457  ** If SQLite is not threadsafe but does support shared-cache mode, then
001458  ** sqlite3BtreeEnter() is invoked to set the BtShared.db variables
001459  ** of all of BtShared structures accessible via the database handle 
001460  ** associated with the VM.
001461  **
001462  ** If SQLite is not threadsafe and does not support shared-cache mode, this
001463  ** function is a no-op.
001464  **
001465  ** The p->btreeMask field is a bitmask of all btrees that the prepared 
001466  ** statement p will ever use.  Let N be the number of bits in p->btreeMask
001467  ** corresponding to btrees that use shared cache.  Then the runtime of
001468  ** this routine is N*N.  But as N is rarely more than 1, this should not
001469  ** be a problem.
001470  */
001471  void sqlite3VdbeEnter(Vdbe *p){
001472    int i;
001473    sqlite3 *db;
001474    Db *aDb;
001475    int nDb;
001476    if( DbMaskAllZero(p->lockMask) ) return;  /* The common case */
001477    db = p->db;
001478    aDb = db->aDb;
001479    nDb = db->nDb;
001480    for(i=0; i<nDb; i++){
001481      if( i!=1 && DbMaskTest(p->lockMask,i) && ALWAYS(aDb[i].pBt!=0) ){
001482        sqlite3BtreeEnter(aDb[i].pBt);
001483      }
001484    }
001485  }
001486  #endif
001487  
001488  #if !defined(SQLITE_OMIT_SHARED_CACHE) && SQLITE_THREADSAFE>0
001489  /*
001490  ** Unlock all of the btrees previously locked by a call to sqlite3VdbeEnter().
001491  */
001492  static SQLITE_NOINLINE void vdbeLeave(Vdbe *p){
001493    int i;
001494    sqlite3 *db;
001495    Db *aDb;
001496    int nDb;
001497    db = p->db;
001498    aDb = db->aDb;
001499    nDb = db->nDb;
001500    for(i=0; i<nDb; i++){
001501      if( i!=1 && DbMaskTest(p->lockMask,i) && ALWAYS(aDb[i].pBt!=0) ){
001502        sqlite3BtreeLeave(aDb[i].pBt);
001503      }
001504    }
001505  }
001506  void sqlite3VdbeLeave(Vdbe *p){
001507    if( DbMaskAllZero(p->lockMask) ) return;  /* The common case */
001508    vdbeLeave(p);
001509  }
001510  #endif
001511  
001512  #if defined(VDBE_PROFILE) || defined(SQLITE_DEBUG)
001513  /*
001514  ** Print a single opcode.  This routine is used for debugging only.
001515  */
001516  void sqlite3VdbePrintOp(FILE *pOut, int pc, Op *pOp){
001517    char *zP4;
001518    char zPtr[50];
001519    char zCom[100];
001520    static const char *zFormat1 = "%4d %-13s %4d %4d %4d %-13s %.2X %s\n";
001521    if( pOut==0 ) pOut = stdout;
001522    zP4 = displayP4(pOp, zPtr, sizeof(zPtr));
001523  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
001524    displayComment(pOp, zP4, zCom, sizeof(zCom));
001525  #else
001526    zCom[0] = 0;
001527  #endif
001528    /* NB:  The sqlite3OpcodeName() function is implemented by code created
001529    ** by the mkopcodeh.awk and mkopcodec.awk scripts which extract the
001530    ** information from the vdbe.c source text */
001531    fprintf(pOut, zFormat1, pc, 
001532        sqlite3OpcodeName(pOp->opcode), pOp->p1, pOp->p2, pOp->p3, zP4, pOp->p5,
001533        zCom
001534    );
001535    fflush(pOut);
001536  }
001537  #endif
001538  
001539  /*
001540  ** Initialize an array of N Mem element.
001541  */
001542  static void initMemArray(Mem *p, int N, sqlite3 *db, u16 flags){
001543    while( (N--)>0 ){
001544      p->db = db;
001545      p->flags = flags;
001546      p->szMalloc = 0;
001547  #ifdef SQLITE_DEBUG
001548      p->pScopyFrom = 0;
001549  #endif
001550      p++;
001551    }
001552  }
001553  
001554  /*
001555  ** Release an array of N Mem elements
001556  */
001557  static void releaseMemArray(Mem *p, int N){
001558    if( p && N ){
001559      Mem *pEnd = &p[N];
001560      sqlite3 *db = p->db;
001561      if( db->pnBytesFreed ){
001562        do{
001563          if( p->szMalloc ) sqlite3DbFree(db, p->zMalloc);
001564        }while( (++p)<pEnd );
001565        return;
001566      }
001567      do{
001568        assert( (&p[1])==pEnd || p[0].db==p[1].db );
001569        assert( sqlite3VdbeCheckMemInvariants(p) );
001570  
001571        /* This block is really an inlined version of sqlite3VdbeMemRelease()
001572        ** that takes advantage of the fact that the memory cell value is 
001573        ** being set to NULL after releasing any dynamic resources.
001574        **
001575        ** The justification for duplicating code is that according to 
001576        ** callgrind, this causes a certain test case to hit the CPU 4.7 
001577        ** percent less (x86 linux, gcc version 4.1.2, -O6) than if 
001578        ** sqlite3MemRelease() were called from here. With -O2, this jumps
001579        ** to 6.6 percent. The test case is inserting 1000 rows into a table 
001580        ** with no indexes using a single prepared INSERT statement, bind() 
001581        ** and reset(). Inserts are grouped into a transaction.
001582        */
001583        testcase( p->flags & MEM_Agg );
001584        testcase( p->flags & MEM_Dyn );
001585        testcase( p->flags & MEM_Frame );
001586        testcase( p->flags & MEM_RowSet );
001587        if( p->flags&(MEM_Agg|MEM_Dyn|MEM_Frame|MEM_RowSet) ){
001588          sqlite3VdbeMemRelease(p);
001589        }else if( p->szMalloc ){
001590          sqlite3DbFreeNN(db, p->zMalloc);
001591          p->szMalloc = 0;
001592        }
001593  
001594        p->flags = MEM_Undefined;
001595      }while( (++p)<pEnd );
001596    }
001597  }
001598  
001599  /*
001600  ** Delete a VdbeFrame object and its contents. VdbeFrame objects are
001601  ** allocated by the OP_Program opcode in sqlite3VdbeExec().
001602  */
001603  void sqlite3VdbeFrameDelete(VdbeFrame *p){
001604    int i;
001605    Mem *aMem = VdbeFrameMem(p);
001606    VdbeCursor **apCsr = (VdbeCursor **)&aMem[p->nChildMem];
001607    for(i=0; i<p->nChildCsr; i++){
001608      sqlite3VdbeFreeCursor(p->v, apCsr[i]);
001609    }
001610    releaseMemArray(aMem, p->nChildMem);
001611    sqlite3VdbeDeleteAuxData(p->v->db, &p->pAuxData, -1, 0);
001612    sqlite3DbFree(p->v->db, p);
001613  }
001614  
001615  #ifndef SQLITE_OMIT_EXPLAIN
001616  /*
001617  ** Give a listing of the program in the virtual machine.
001618  **
001619  ** The interface is the same as sqlite3VdbeExec().  But instead of
001620  ** running the code, it invokes the callback once for each instruction.
001621  ** This feature is used to implement "EXPLAIN".
001622  **
001623  ** When p->explain==1, each instruction is listed.  When
001624  ** p->explain==2, only OP_Explain instructions are listed and these
001625  ** are shown in a different format.  p->explain==2 is used to implement
001626  ** EXPLAIN QUERY PLAN.
001627  **
001628  ** When p->explain==1, first the main program is listed, then each of
001629  ** the trigger subprograms are listed one by one.
001630  */
001631  int sqlite3VdbeList(
001632    Vdbe *p                   /* The VDBE */
001633  ){
001634    int nRow;                            /* Stop when row count reaches this */
001635    int nSub = 0;                        /* Number of sub-vdbes seen so far */
001636    SubProgram **apSub = 0;              /* Array of sub-vdbes */
001637    Mem *pSub = 0;                       /* Memory cell hold array of subprogs */
001638    sqlite3 *db = p->db;                 /* The database connection */
001639    int i;                               /* Loop counter */
001640    int rc = SQLITE_OK;                  /* Return code */
001641    Mem *pMem = &p->aMem[1];             /* First Mem of result set */
001642  
001643    assert( p->explain );
001644    assert( p->magic==VDBE_MAGIC_RUN );
001645    assert( p->rc==SQLITE_OK || p->rc==SQLITE_BUSY || p->rc==SQLITE_NOMEM );
001646  
001647    /* Even though this opcode does not use dynamic strings for
001648    ** the result, result columns may become dynamic if the user calls
001649    ** sqlite3_column_text16(), causing a translation to UTF-16 encoding.
001650    */
001651    releaseMemArray(pMem, 8);
001652    p->pResultSet = 0;
001653  
001654    if( p->rc==SQLITE_NOMEM_BKPT ){
001655      /* This happens if a malloc() inside a call to sqlite3_column_text() or
001656      ** sqlite3_column_text16() failed.  */
001657      sqlite3OomFault(db);
001658      return SQLITE_ERROR;
001659    }
001660  
001661    /* When the number of output rows reaches nRow, that means the
001662    ** listing has finished and sqlite3_step() should return SQLITE_DONE.
001663    ** nRow is the sum of the number of rows in the main program, plus
001664    ** the sum of the number of rows in all trigger subprograms encountered
001665    ** so far.  The nRow value will increase as new trigger subprograms are
001666    ** encountered, but p->pc will eventually catch up to nRow.
001667    */
001668    nRow = p->nOp;
001669    if( p->explain==1 ){
001670      /* The first 8 memory cells are used for the result set.  So we will
001671      ** commandeer the 9th cell to use as storage for an array of pointers
001672      ** to trigger subprograms.  The VDBE is guaranteed to have at least 9
001673      ** cells.  */
001674      assert( p->nMem>9 );
001675      pSub = &p->aMem[9];
001676      if( pSub->flags&MEM_Blob ){
001677        /* On the first call to sqlite3_step(), pSub will hold a NULL.  It is
001678        ** initialized to a BLOB by the P4_SUBPROGRAM processing logic below */
001679        nSub = pSub->n/sizeof(Vdbe*);
001680        apSub = (SubProgram **)pSub->z;
001681      }
001682      for(i=0; i<nSub; i++){
001683        nRow += apSub[i]->nOp;
001684      }
001685    }
001686  
001687    do{
001688      i = p->pc++;
001689    }while( i<nRow && p->explain==2 && p->aOp[i].opcode!=OP_Explain );
001690    if( i>=nRow ){
001691      p->rc = SQLITE_OK;
001692      rc = SQLITE_DONE;
001693    }else if( db->u1.isInterrupted ){
001694      p->rc = SQLITE_INTERRUPT;
001695      rc = SQLITE_ERROR;
001696      sqlite3VdbeError(p, sqlite3ErrStr(p->rc));
001697    }else{
001698      char *zP4;
001699      Op *pOp;
001700      if( i<p->nOp ){
001701        /* The output line number is small enough that we are still in the
001702        ** main program. */
001703        pOp = &p->aOp[i];
001704      }else{
001705        /* We are currently listing subprograms.  Figure out which one and
001706        ** pick up the appropriate opcode. */
001707        int j;
001708        i -= p->nOp;
001709        for(j=0; i>=apSub[j]->nOp; j++){
001710          i -= apSub[j]->nOp;
001711        }
001712        pOp = &apSub[j]->aOp[i];
001713      }
001714      if( p->explain==1 ){
001715        pMem->flags = MEM_Int;
001716        pMem->u.i = i;                                /* Program counter */
001717        pMem++;
001718    
001719        pMem->flags = MEM_Static|MEM_Str|MEM_Term;
001720        pMem->z = (char*)sqlite3OpcodeName(pOp->opcode); /* Opcode */
001721        assert( pMem->z!=0 );
001722        pMem->n = sqlite3Strlen30(pMem->z);
001723        pMem->enc = SQLITE_UTF8;
001724        pMem++;
001725  
001726        /* When an OP_Program opcode is encounter (the only opcode that has
001727        ** a P4_SUBPROGRAM argument), expand the size of the array of subprograms
001728        ** kept in p->aMem[9].z to hold the new program - assuming this subprogram
001729        ** has not already been seen.
001730        */
001731        if( pOp->p4type==P4_SUBPROGRAM ){
001732          int nByte = (nSub+1)*sizeof(SubProgram*);
001733          int j;
001734          for(j=0; j<nSub; j++){
001735            if( apSub[j]==pOp->p4.pProgram ) break;
001736          }
001737          if( j==nSub && SQLITE_OK==sqlite3VdbeMemGrow(pSub, nByte, nSub!=0) ){
001738            apSub = (SubProgram **)pSub->z;
001739            apSub[nSub++] = pOp->p4.pProgram;
001740            pSub->flags |= MEM_Blob;
001741            pSub->n = nSub*sizeof(SubProgram*);
001742          }
001743        }
001744      }
001745  
001746      pMem->flags = MEM_Int;
001747      pMem->u.i = pOp->p1;                          /* P1 */
001748      pMem++;
001749  
001750      pMem->flags = MEM_Int;
001751      pMem->u.i = pOp->p2;                          /* P2 */
001752      pMem++;
001753  
001754      pMem->flags = MEM_Int;
001755      pMem->u.i = pOp->p3;                          /* P3 */
001756      pMem++;
001757  
001758      if( sqlite3VdbeMemClearAndResize(pMem, 100) ){ /* P4 */
001759        assert( p->db->mallocFailed );
001760        return SQLITE_ERROR;
001761      }
001762      pMem->flags = MEM_Str|MEM_Term;
001763      zP4 = displayP4(pOp, pMem->z, pMem->szMalloc);
001764      if( zP4!=pMem->z ){
001765        pMem->n = 0;
001766        sqlite3VdbeMemSetStr(pMem, zP4, -1, SQLITE_UTF8, 0);
001767      }else{
001768        assert( pMem->z!=0 );
001769        pMem->n = sqlite3Strlen30(pMem->z);
001770        pMem->enc = SQLITE_UTF8;
001771      }
001772      pMem++;
001773  
001774      if( p->explain==1 ){
001775        if( sqlite3VdbeMemClearAndResize(pMem, 4) ){
001776          assert( p->db->mallocFailed );
001777          return SQLITE_ERROR;
001778        }
001779        pMem->flags = MEM_Str|MEM_Term;
001780        pMem->n = 2;
001781        sqlite3_snprintf(3, pMem->z, "%.2x", pOp->p5);   /* P5 */
001782        pMem->enc = SQLITE_UTF8;
001783        pMem++;
001784    
001785  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
001786        if( sqlite3VdbeMemClearAndResize(pMem, 500) ){
001787          assert( p->db->mallocFailed );
001788          return SQLITE_ERROR;
001789        }
001790        pMem->flags = MEM_Str|MEM_Term;
001791        pMem->n = displayComment(pOp, zP4, pMem->z, 500);
001792        pMem->enc = SQLITE_UTF8;
001793  #else
001794        pMem->flags = MEM_Null;                       /* Comment */
001795  #endif
001796      }
001797  
001798      p->nResColumn = 8 - 4*(p->explain-1);
001799      p->pResultSet = &p->aMem[1];
001800      p->rc = SQLITE_OK;
001801      rc = SQLITE_ROW;
001802    }
001803    return rc;
001804  }
001805  #endif /* SQLITE_OMIT_EXPLAIN */
001806  
001807  #ifdef SQLITE_DEBUG
001808  /*
001809  ** Print the SQL that was used to generate a VDBE program.
001810  */
001811  void sqlite3VdbePrintSql(Vdbe *p){
001812    const char *z = 0;
001813    if( p->zSql ){
001814      z = p->zSql;
001815    }else if( p->nOp>=1 ){
001816      const VdbeOp *pOp = &p->aOp[0];
001817      if( pOp->opcode==OP_Init && pOp->p4.z!=0 ){
001818        z = pOp->p4.z;
001819        while( sqlite3Isspace(*z) ) z++;
001820      }
001821    }
001822    if( z ) printf("SQL: [%s]\n", z);
001823  }
001824  #endif
001825  
001826  #if !defined(SQLITE_OMIT_TRACE) && defined(SQLITE_ENABLE_IOTRACE)
001827  /*
001828  ** Print an IOTRACE message showing SQL content.
001829  */
001830  void sqlite3VdbeIOTraceSql(Vdbe *p){
001831    int nOp = p->nOp;
001832    VdbeOp *pOp;
001833    if( sqlite3IoTrace==0 ) return;
001834    if( nOp<1 ) return;
001835    pOp = &p->aOp[0];
001836    if( pOp->opcode==OP_Init && pOp->p4.z!=0 ){
001837      int i, j;
001838      char z[1000];
001839      sqlite3_snprintf(sizeof(z), z, "%s", pOp->p4.z);
001840      for(i=0; sqlite3Isspace(z[i]); i++){}
001841      for(j=0; z[i]; i++){
001842        if( sqlite3Isspace(z[i]) ){
001843          if( z[i-1]!=' ' ){
001844            z[j++] = ' ';
001845          }
001846        }else{
001847          z[j++] = z[i];
001848        }
001849      }
001850      z[j] = 0;
001851      sqlite3IoTrace("SQL %s\n", z);
001852    }
001853  }
001854  #endif /* !SQLITE_OMIT_TRACE && SQLITE_ENABLE_IOTRACE */
001855  
001856  /* An instance of this object describes bulk memory available for use
001857  ** by subcomponents of a prepared statement.  Space is allocated out
001858  ** of a ReusableSpace object by the allocSpace() routine below.
001859  */
001860  struct ReusableSpace {
001861    u8 *pSpace;          /* Available memory */
001862    int nFree;           /* Bytes of available memory */
001863    int nNeeded;         /* Total bytes that could not be allocated */
001864  };
001865  
001866  /* Try to allocate nByte bytes of 8-byte aligned bulk memory for pBuf
001867  ** from the ReusableSpace object.  Return a pointer to the allocated
001868  ** memory on success.  If insufficient memory is available in the
001869  ** ReusableSpace object, increase the ReusableSpace.nNeeded
001870  ** value by the amount needed and return NULL.
001871  **
001872  ** If pBuf is not initially NULL, that means that the memory has already
001873  ** been allocated by a prior call to this routine, so just return a copy
001874  ** of pBuf and leave ReusableSpace unchanged.
001875  **
001876  ** This allocator is employed to repurpose unused slots at the end of the
001877  ** opcode array of prepared state for other memory needs of the prepared
001878  ** statement.
001879  */
001880  static void *allocSpace(
001881    struct ReusableSpace *p,  /* Bulk memory available for allocation */
001882    void *pBuf,               /* Pointer to a prior allocation */
001883    int nByte                 /* Bytes of memory needed */
001884  ){
001885    assert( EIGHT_BYTE_ALIGNMENT(p->pSpace) );
001886    if( pBuf==0 ){
001887      nByte = ROUND8(nByte);
001888      if( nByte <= p->nFree ){
001889        p->nFree -= nByte;
001890        pBuf = &p->pSpace[p->nFree];
001891      }else{
001892        p->nNeeded += nByte;
001893      }
001894    }
001895    assert( EIGHT_BYTE_ALIGNMENT(pBuf) );
001896    return pBuf;
001897  }
001898  
001899  /*
001900  ** Rewind the VDBE back to the beginning in preparation for
001901  ** running it.
001902  */
001903  void sqlite3VdbeRewind(Vdbe *p){
001904  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
001905    int i;
001906  #endif
001907    assert( p!=0 );
001908    assert( p->magic==VDBE_MAGIC_INIT || p->magic==VDBE_MAGIC_RESET );
001909  
001910    /* There should be at least one opcode.
001911    */
001912    assert( p->nOp>0 );
001913  
001914    /* Set the magic to VDBE_MAGIC_RUN sooner rather than later. */
001915    p->magic = VDBE_MAGIC_RUN;
001916  
001917  #ifdef SQLITE_DEBUG
001918    for(i=0; i<p->nMem; i++){
001919      assert( p->aMem[i].db==p->db );
001920    }
001921  #endif
001922    p->pc = -1;
001923    p->rc = SQLITE_OK;
001924    p->errorAction = OE_Abort;
001925    p->nChange = 0;
001926    p->cacheCtr = 1;
001927    p->minWriteFileFormat = 255;
001928    p->iStatement = 0;
001929    p->nFkConstraint = 0;
001930  #ifdef VDBE_PROFILE
001931    for(i=0; i<p->nOp; i++){
001932      p->aOp[i].cnt = 0;
001933      p->aOp[i].cycles = 0;
001934    }
001935  #endif
001936  }
001937  
001938  /*
001939  ** Prepare a virtual machine for execution for the first time after
001940  ** creating the virtual machine.  This involves things such
001941  ** as allocating registers and initializing the program counter.
001942  ** After the VDBE has be prepped, it can be executed by one or more
001943  ** calls to sqlite3VdbeExec().  
001944  **
001945  ** This function may be called exactly once on each virtual machine.
001946  ** After this routine is called the VM has been "packaged" and is ready
001947  ** to run.  After this routine is called, further calls to 
001948  ** sqlite3VdbeAddOp() functions are prohibited.  This routine disconnects
001949  ** the Vdbe from the Parse object that helped generate it so that the
001950  ** the Vdbe becomes an independent entity and the Parse object can be
001951  ** destroyed.
001952  **
001953  ** Use the sqlite3VdbeRewind() procedure to restore a virtual machine back
001954  ** to its initial state after it has been run.
001955  */
001956  void sqlite3VdbeMakeReady(
001957    Vdbe *p,                       /* The VDBE */
001958    Parse *pParse                  /* Parsing context */
001959  ){
001960    sqlite3 *db;                   /* The database connection */
001961    int nVar;                      /* Number of parameters */
001962    int nMem;                      /* Number of VM memory registers */
001963    int nCursor;                   /* Number of cursors required */
001964    int nArg;                      /* Number of arguments in subprograms */
001965    int n;                         /* Loop counter */
001966    struct ReusableSpace x;        /* Reusable bulk memory */
001967  
001968    assert( p!=0 );
001969    assert( p->nOp>0 );
001970    assert( pParse!=0 );
001971    assert( p->magic==VDBE_MAGIC_INIT );
001972    assert( pParse==p->pParse );
001973    db = p->db;
001974    assert( db->mallocFailed==0 );
001975    nVar = pParse->nVar;
001976    nMem = pParse->nMem;
001977    nCursor = pParse->nTab;
001978    nArg = pParse->nMaxArg;
001979    
001980    /* Each cursor uses a memory cell.  The first cursor (cursor 0) can
001981    ** use aMem[0] which is not otherwise used by the VDBE program.  Allocate
001982    ** space at the end of aMem[] for cursors 1 and greater.
001983    ** See also: allocateCursor().
001984    */
001985    nMem += nCursor;
001986    if( nCursor==0 && nMem>0 ) nMem++;  /* Space for aMem[0] even if not used */
001987  
001988    /* Figure out how much reusable memory is available at the end of the
001989    ** opcode array.  This extra memory will be reallocated for other elements
001990    ** of the prepared statement.
001991    */
001992    n = ROUND8(sizeof(Op)*p->nOp);              /* Bytes of opcode memory used */
001993    x.pSpace = &((u8*)p->aOp)[n];               /* Unused opcode memory */
001994    assert( EIGHT_BYTE_ALIGNMENT(x.pSpace) );
001995    x.nFree = ROUNDDOWN8(pParse->szOpAlloc - n);  /* Bytes of unused memory */
001996    assert( x.nFree>=0 );
001997    assert( EIGHT_BYTE_ALIGNMENT(&x.pSpace[x.nFree]) );
001998  
001999    resolveP2Values(p, &nArg);
002000    p->usesStmtJournal = (u8)(pParse->isMultiWrite && pParse->mayAbort);
002001    if( pParse->explain && nMem<10 ){
002002      nMem = 10;
002003    }
002004    p->expired = 0;
002005  
002006    /* Memory for registers, parameters, cursor, etc, is allocated in one or two
002007    ** passes.  On the first pass, we try to reuse unused memory at the 
002008    ** end of the opcode array.  If we are unable to satisfy all memory
002009    ** requirements by reusing the opcode array tail, then the second
002010    ** pass will fill in the remainder using a fresh memory allocation.  
002011    **
002012    ** This two-pass approach that reuses as much memory as possible from
002013    ** the leftover memory at the end of the opcode array.  This can significantly
002014    ** reduce the amount of memory held by a prepared statement.
002015    */
002016    do {
002017      x.nNeeded = 0;
002018      p->aMem = allocSpace(&x, p->aMem, nMem*sizeof(Mem));
002019      p->aVar = allocSpace(&x, p->aVar, nVar*sizeof(Mem));
002020      p->apArg = allocSpace(&x, p->apArg, nArg*sizeof(Mem*));
002021      p->apCsr = allocSpace(&x, p->apCsr, nCursor*sizeof(VdbeCursor*));
002022  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
002023      p->anExec = allocSpace(&x, p->anExec, p->nOp*sizeof(i64));
002024  #endif
002025      if( x.nNeeded==0 ) break;
002026      x.pSpace = p->pFree = sqlite3DbMallocRawNN(db, x.nNeeded);
002027      x.nFree = x.nNeeded;
002028    }while( !db->mallocFailed );
002029  
002030    p->pVList = pParse->pVList;
002031    pParse->pVList =  0;
002032    p->explain = pParse->explain;
002033    if( db->mallocFailed ){
002034      p->nVar = 0;
002035      p->nCursor = 0;
002036      p->nMem = 0;
002037    }else{
002038      p->nCursor = nCursor;
002039      p->nVar = (ynVar)nVar;
002040      initMemArray(p->aVar, nVar, db, MEM_Null);
002041      p->nMem = nMem;
002042      initMemArray(p->aMem, nMem, db, MEM_Undefined);
002043      memset(p->apCsr, 0, nCursor*sizeof(VdbeCursor*));
002044  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
002045      memset(p->anExec, 0, p->nOp*sizeof(i64));
002046  #endif
002047    }
002048    sqlite3VdbeRewind(p);
002049  }
002050  
002051  /*
002052  ** Close a VDBE cursor and release all the resources that cursor 
002053  ** happens to hold.
002054  */
002055  void sqlite3VdbeFreeCursor(Vdbe *p, VdbeCursor *pCx){
002056    if( pCx==0 ){
002057      return;
002058    }
002059    assert( pCx->pBtx==0 || pCx->eCurType==CURTYPE_BTREE );
002060    switch( pCx->eCurType ){
002061      case CURTYPE_SORTER: {
002062        sqlite3VdbeSorterClose(p->db, pCx);
002063        break;
002064      }
002065      case CURTYPE_BTREE: {
002066        if( pCx->isEphemeral ){
002067          if( pCx->pBtx ) sqlite3BtreeClose(pCx->pBtx);
002068          /* The pCx->pCursor will be close automatically, if it exists, by
002069          ** the call above. */
002070        }else{
002071          assert( pCx->uc.pCursor!=0 );
002072          sqlite3BtreeCloseCursor(pCx->uc.pCursor);
002073        }
002074        break;
002075      }
002076  #ifndef SQLITE_OMIT_VIRTUALTABLE
002077      case CURTYPE_VTAB: {
002078        sqlite3_vtab_cursor *pVCur = pCx->uc.pVCur;
002079        const sqlite3_module *pModule = pVCur->pVtab->pModule;
002080        assert( pVCur->pVtab->nRef>0 );
002081        pVCur->pVtab->nRef--;
002082        pModule->xClose(pVCur);
002083        break;
002084      }
002085  #endif
002086    }
002087  }
002088  
002089  /*
002090  ** Close all cursors in the current frame.
002091  */
002092  static void closeCursorsInFrame(Vdbe *p){
002093    if( p->apCsr ){
002094      int i;
002095      for(i=0; i<p->nCursor; i++){
002096        VdbeCursor *pC = p->apCsr[i];
002097        if( pC ){
002098          sqlite3VdbeFreeCursor(p, pC);
002099          p->apCsr[i] = 0;
002100        }
002101      }
002102    }
002103  }
002104  
002105  /*
002106  ** Copy the values stored in the VdbeFrame structure to its Vdbe. This
002107  ** is used, for example, when a trigger sub-program is halted to restore
002108  ** control to the main program.
002109  */
002110  int sqlite3VdbeFrameRestore(VdbeFrame *pFrame){
002111    Vdbe *v = pFrame->v;
002112    closeCursorsInFrame(v);
002113  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
002114    v->anExec = pFrame->anExec;
002115  #endif
002116    v->aOp = pFrame->aOp;
002117    v->nOp = pFrame->nOp;
002118    v->aMem = pFrame->aMem;
002119    v->nMem = pFrame->nMem;
002120    v->apCsr = pFrame->apCsr;
002121    v->nCursor = pFrame->nCursor;
002122    v->db->lastRowid = pFrame->lastRowid;
002123    v->nChange = pFrame->nChange;
002124    v->db->nChange = pFrame->nDbChange;
002125    sqlite3VdbeDeleteAuxData(v->db, &v->pAuxData, -1, 0);
002126    v->pAuxData = pFrame->pAuxData;
002127    pFrame->pAuxData = 0;
002128    return pFrame->pc;
002129  }
002130  
002131  /*
002132  ** Close all cursors.
002133  **
002134  ** Also release any dynamic memory held by the VM in the Vdbe.aMem memory 
002135  ** cell array. This is necessary as the memory cell array may contain
002136  ** pointers to VdbeFrame objects, which may in turn contain pointers to
002137  ** open cursors.
002138  */
002139  static void closeAllCursors(Vdbe *p){
002140    if( p->pFrame ){
002141      VdbeFrame *pFrame;
002142      for(pFrame=p->pFrame; pFrame->pParent; pFrame=pFrame->pParent);
002143      sqlite3VdbeFrameRestore(pFrame);
002144      p->pFrame = 0;
002145      p->nFrame = 0;
002146    }
002147    assert( p->nFrame==0 );
002148    closeCursorsInFrame(p);
002149    if( p->aMem ){
002150      releaseMemArray(p->aMem, p->nMem);
002151    }
002152    while( p->pDelFrame ){
002153      VdbeFrame *pDel = p->pDelFrame;
002154      p->pDelFrame = pDel->pParent;
002155      sqlite3VdbeFrameDelete(pDel);
002156    }
002157  
002158    /* Delete any auxdata allocations made by the VM */
002159    if( p->pAuxData ) sqlite3VdbeDeleteAuxData(p->db, &p->pAuxData, -1, 0);
002160    assert( p->pAuxData==0 );
002161  }
002162  
002163  /*
002164  ** Set the number of result columns that will be returned by this SQL
002165  ** statement. This is now set at compile time, rather than during
002166  ** execution of the vdbe program so that sqlite3_column_count() can
002167  ** be called on an SQL statement before sqlite3_step().
002168  */
002169  void sqlite3VdbeSetNumCols(Vdbe *p, int nResColumn){
002170    int n;
002171    sqlite3 *db = p->db;
002172  
002173    if( p->nResColumn ){
002174      releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
002175      sqlite3DbFree(db, p->aColName);
002176    }
002177    n = nResColumn*COLNAME_N;
002178    p->nResColumn = (u16)nResColumn;
002179    p->aColName = (Mem*)sqlite3DbMallocRawNN(db, sizeof(Mem)*n );
002180    if( p->aColName==0 ) return;
002181    initMemArray(p->aColName, n, db, MEM_Null);
002182  }
002183  
002184  /*
002185  ** Set the name of the idx'th column to be returned by the SQL statement.
002186  ** zName must be a pointer to a nul terminated string.
002187  **
002188  ** This call must be made after a call to sqlite3VdbeSetNumCols().
002189  **
002190  ** The final parameter, xDel, must be one of SQLITE_DYNAMIC, SQLITE_STATIC
002191  ** or SQLITE_TRANSIENT. If it is SQLITE_DYNAMIC, then the buffer pointed
002192  ** to by zName will be freed by sqlite3DbFree() when the vdbe is destroyed.
002193  */
002194  int sqlite3VdbeSetColName(
002195    Vdbe *p,                         /* Vdbe being configured */
002196    int idx,                         /* Index of column zName applies to */
002197    int var,                         /* One of the COLNAME_* constants */
002198    const char *zName,               /* Pointer to buffer containing name */
002199    void (*xDel)(void*)              /* Memory management strategy for zName */
002200  ){
002201    int rc;
002202    Mem *pColName;
002203    assert( idx<p->nResColumn );
002204    assert( var<COLNAME_N );
002205    if( p->db->mallocFailed ){
002206      assert( !zName || xDel!=SQLITE_DYNAMIC );
002207      return SQLITE_NOMEM_BKPT;
002208    }
002209    assert( p->aColName!=0 );
002210    pColName = &(p->aColName[idx+var*p->nResColumn]);
002211    rc = sqlite3VdbeMemSetStr(pColName, zName, -1, SQLITE_UTF8, xDel);
002212    assert( rc!=0 || !zName || (pColName->flags&MEM_Term)!=0 );
002213    return rc;
002214  }
002215  
002216  /*
002217  ** A read or write transaction may or may not be active on database handle
002218  ** db. If a transaction is active, commit it. If there is a
002219  ** write-transaction spanning more than one database file, this routine
002220  ** takes care of the master journal trickery.
002221  */
002222  static int vdbeCommit(sqlite3 *db, Vdbe *p){
002223    int i;
002224    int nTrans = 0;  /* Number of databases with an active write-transaction
002225                     ** that are candidates for a two-phase commit using a
002226                     ** master-journal */
002227    int rc = SQLITE_OK;
002228    int needXcommit = 0;
002229  
002230  #ifdef SQLITE_OMIT_VIRTUALTABLE
002231    /* With this option, sqlite3VtabSync() is defined to be simply 
002232    ** SQLITE_OK so p is not used. 
002233    */
002234    UNUSED_PARAMETER(p);
002235  #endif
002236  
002237    /* Before doing anything else, call the xSync() callback for any
002238    ** virtual module tables written in this transaction. This has to
002239    ** be done before determining whether a master journal file is 
002240    ** required, as an xSync() callback may add an attached database
002241    ** to the transaction.
002242    */
002243    rc = sqlite3VtabSync(db, p);
002244  
002245    /* This loop determines (a) if the commit hook should be invoked and
002246    ** (b) how many database files have open write transactions, not 
002247    ** including the temp database. (b) is important because if more than 
002248    ** one database file has an open write transaction, a master journal
002249    ** file is required for an atomic commit.
002250    */ 
002251    for(i=0; rc==SQLITE_OK && i<db->nDb; i++){ 
002252      Btree *pBt = db->aDb[i].pBt;
002253      if( sqlite3BtreeIsInTrans(pBt) ){
002254        /* Whether or not a database might need a master journal depends upon
002255        ** its journal mode (among other things).  This matrix determines which
002256        ** journal modes use a master journal and which do not */
002257        static const u8 aMJNeeded[] = {
002258          /* DELETE   */  1,
002259          /* PERSIST   */ 1,
002260          /* OFF       */ 0,
002261          /* TRUNCATE  */ 1,
002262          /* MEMORY    */ 0,
002263          /* WAL       */ 0
002264        };
002265        Pager *pPager;   /* Pager associated with pBt */
002266        needXcommit = 1;
002267        sqlite3BtreeEnter(pBt);
002268        pPager = sqlite3BtreePager(pBt);
002269        if( db->aDb[i].safety_level!=PAGER_SYNCHRONOUS_OFF
002270         && aMJNeeded[sqlite3PagerGetJournalMode(pPager)]
002271        ){ 
002272          assert( i!=1 );
002273          nTrans++;
002274        }
002275        rc = sqlite3PagerExclusiveLock(pPager);
002276        sqlite3BtreeLeave(pBt);
002277      }
002278    }
002279    if( rc!=SQLITE_OK ){
002280      return rc;
002281    }
002282  
002283    /* If there are any write-transactions at all, invoke the commit hook */
002284    if( needXcommit && db->xCommitCallback ){
002285      rc = db->xCommitCallback(db->pCommitArg);
002286      if( rc ){
002287        return SQLITE_CONSTRAINT_COMMITHOOK;
002288      }
002289    }
002290  
002291    /* The simple case - no more than one database file (not counting the
002292    ** TEMP database) has a transaction active.   There is no need for the
002293    ** master-journal.
002294    **
002295    ** If the return value of sqlite3BtreeGetFilename() is a zero length
002296    ** string, it means the main database is :memory: or a temp file.  In 
002297    ** that case we do not support atomic multi-file commits, so use the 
002298    ** simple case then too.
002299    */
002300    if( 0==sqlite3Strlen30(sqlite3BtreeGetFilename(db->aDb[0].pBt))
002301     || nTrans<=1
002302    ){
002303      for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
002304        Btree *pBt = db->aDb[i].pBt;
002305        if( pBt ){
002306          rc = sqlite3BtreeCommitPhaseOne(pBt, 0);
002307        }
002308      }
002309  
002310      /* Do the commit only if all databases successfully complete phase 1. 
002311      ** If one of the BtreeCommitPhaseOne() calls fails, this indicates an
002312      ** IO error while deleting or truncating a journal file. It is unlikely,
002313      ** but could happen. In this case abandon processing and return the error.
002314      */
002315      for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
002316        Btree *pBt = db->aDb[i].pBt;
002317        if( pBt ){
002318          rc = sqlite3BtreeCommitPhaseTwo(pBt, 0);
002319        }
002320      }
002321      if( rc==SQLITE_OK ){
002322        sqlite3VtabCommit(db);
002323      }
002324    }
002325  
002326    /* The complex case - There is a multi-file write-transaction active.
002327    ** This requires a master journal file to ensure the transaction is
002328    ** committed atomically.
002329    */
002330  #ifndef SQLITE_OMIT_DISKIO
002331    else{
002332      sqlite3_vfs *pVfs = db->pVfs;
002333      char *zMaster = 0;   /* File-name for the master journal */
002334      char const *zMainFile = sqlite3BtreeGetFilename(db->aDb[0].pBt);
002335      sqlite3_file *pMaster = 0;
002336      i64 offset = 0;
002337      int res;
002338      int retryCount = 0;
002339      int nMainFile;
002340  
002341      /* Select a master journal file name */
002342      nMainFile = sqlite3Strlen30(zMainFile);
002343      zMaster = sqlite3MPrintf(db, "%s-mjXXXXXX9XXz", zMainFile);
002344      if( zMaster==0 ) return SQLITE_NOMEM_BKPT;
002345      do {
002346        u32 iRandom;
002347        if( retryCount ){
002348          if( retryCount>100 ){
002349            sqlite3_log(SQLITE_FULL, "MJ delete: %s", zMaster);
002350            sqlite3OsDelete(pVfs, zMaster, 0);
002351            break;
002352          }else if( retryCount==1 ){
002353            sqlite3_log(SQLITE_FULL, "MJ collide: %s", zMaster);
002354          }
002355        }
002356        retryCount++;
002357        sqlite3_randomness(sizeof(iRandom), &iRandom);
002358        sqlite3_snprintf(13, &zMaster[nMainFile], "-mj%06X9%02X",
002359                                 (iRandom>>8)&0xffffff, iRandom&0xff);
002360        /* The antipenultimate character of the master journal name must
002361        ** be "9" to avoid name collisions when using 8+3 filenames. */
002362        assert( zMaster[sqlite3Strlen30(zMaster)-3]=='9' );
002363        sqlite3FileSuffix3(zMainFile, zMaster);
002364        rc = sqlite3OsAccess(pVfs, zMaster, SQLITE_ACCESS_EXISTS, &res);
002365      }while( rc==SQLITE_OK && res );
002366      if( rc==SQLITE_OK ){
002367        /* Open the master journal. */
002368        rc = sqlite3OsOpenMalloc(pVfs, zMaster, &pMaster, 
002369            SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|
002370            SQLITE_OPEN_EXCLUSIVE|SQLITE_OPEN_MASTER_JOURNAL, 0
002371        );
002372      }
002373      if( rc!=SQLITE_OK ){
002374        sqlite3DbFree(db, zMaster);
002375        return rc;
002376      }
002377   
002378      /* Write the name of each database file in the transaction into the new
002379      ** master journal file. If an error occurs at this point close
002380      ** and delete the master journal file. All the individual journal files
002381      ** still have 'null' as the master journal pointer, so they will roll
002382      ** back independently if a failure occurs.
002383      */
002384      for(i=0; i<db->nDb; i++){
002385        Btree *pBt = db->aDb[i].pBt;
002386        if( sqlite3BtreeIsInTrans(pBt) ){
002387          char const *zFile = sqlite3BtreeGetJournalname(pBt);
002388          if( zFile==0 ){
002389            continue;  /* Ignore TEMP and :memory: databases */
002390          }
002391          assert( zFile[0]!=0 );
002392          rc = sqlite3OsWrite(pMaster, zFile, sqlite3Strlen30(zFile)+1, offset);
002393          offset += sqlite3Strlen30(zFile)+1;
002394          if( rc!=SQLITE_OK ){
002395            sqlite3OsCloseFree(pMaster);
002396            sqlite3OsDelete(pVfs, zMaster, 0);
002397            sqlite3DbFree(db, zMaster);
002398            return rc;
002399          }
002400        }
002401      }
002402  
002403      /* Sync the master journal file. If the IOCAP_SEQUENTIAL device
002404      ** flag is set this is not required.
002405      */
002406      if( 0==(sqlite3OsDeviceCharacteristics(pMaster)&SQLITE_IOCAP_SEQUENTIAL)
002407       && SQLITE_OK!=(rc = sqlite3OsSync(pMaster, SQLITE_SYNC_NORMAL))
002408      ){
002409        sqlite3OsCloseFree(pMaster);
002410        sqlite3OsDelete(pVfs, zMaster, 0);
002411        sqlite3DbFree(db, zMaster);
002412        return rc;
002413      }
002414  
002415      /* Sync all the db files involved in the transaction. The same call
002416      ** sets the master journal pointer in each individual journal. If
002417      ** an error occurs here, do not delete the master journal file.
002418      **
002419      ** If the error occurs during the first call to
002420      ** sqlite3BtreeCommitPhaseOne(), then there is a chance that the
002421      ** master journal file will be orphaned. But we cannot delete it,
002422      ** in case the master journal file name was written into the journal
002423      ** file before the failure occurred.
002424      */
002425      for(i=0; rc==SQLITE_OK && i<db->nDb; i++){ 
002426        Btree *pBt = db->aDb[i].pBt;
002427        if( pBt ){
002428          rc = sqlite3BtreeCommitPhaseOne(pBt, zMaster);
002429        }
002430      }
002431      sqlite3OsCloseFree(pMaster);
002432      assert( rc!=SQLITE_BUSY );
002433      if( rc!=SQLITE_OK ){
002434        sqlite3DbFree(db, zMaster);
002435        return rc;
002436      }
002437  
002438      /* Delete the master journal file. This commits the transaction. After
002439      ** doing this the directory is synced again before any individual
002440      ** transaction files are deleted.
002441      */
002442      rc = sqlite3OsDelete(pVfs, zMaster, 1);
002443      sqlite3DbFree(db, zMaster);
002444      zMaster = 0;
002445      if( rc ){
002446        return rc;
002447      }
002448  
002449      /* All files and directories have already been synced, so the following
002450      ** calls to sqlite3BtreeCommitPhaseTwo() are only closing files and
002451      ** deleting or truncating journals. If something goes wrong while
002452      ** this is happening we don't really care. The integrity of the
002453      ** transaction is already guaranteed, but some stray 'cold' journals
002454      ** may be lying around. Returning an error code won't help matters.
002455      */
002456      disable_simulated_io_errors();
002457      sqlite3BeginBenignMalloc();
002458      for(i=0; i<db->nDb; i++){ 
002459        Btree *pBt = db->aDb[i].pBt;
002460        if( pBt ){
002461          sqlite3BtreeCommitPhaseTwo(pBt, 1);
002462        }
002463      }
002464      sqlite3EndBenignMalloc();
002465      enable_simulated_io_errors();
002466  
002467      sqlite3VtabCommit(db);
002468    }
002469  #endif
002470  
002471    return rc;
002472  }
002473  
002474  /* 
002475  ** This routine checks that the sqlite3.nVdbeActive count variable
002476  ** matches the number of vdbe's in the list sqlite3.pVdbe that are
002477  ** currently active. An assertion fails if the two counts do not match.
002478  ** This is an internal self-check only - it is not an essential processing
002479  ** step.
002480  **
002481  ** This is a no-op if NDEBUG is defined.
002482  */
002483  #ifndef NDEBUG
002484  static void checkActiveVdbeCnt(sqlite3 *db){
002485    Vdbe *p;
002486    int cnt = 0;
002487    int nWrite = 0;
002488    int nRead = 0;
002489    p = db->pVdbe;
002490    while( p ){
002491      if( sqlite3_stmt_busy((sqlite3_stmt*)p) ){
002492        cnt++;
002493        if( p->readOnly==0 ) nWrite++;
002494        if( p->bIsReader ) nRead++;
002495      }
002496      p = p->pNext;
002497    }
002498    assert( cnt==db->nVdbeActive );
002499    assert( nWrite==db->nVdbeWrite );
002500    assert( nRead==db->nVdbeRead );
002501  }
002502  #else
002503  #define checkActiveVdbeCnt(x)
002504  #endif
002505  
002506  /*
002507  ** If the Vdbe passed as the first argument opened a statement-transaction,
002508  ** close it now. Argument eOp must be either SAVEPOINT_ROLLBACK or
002509  ** SAVEPOINT_RELEASE. If it is SAVEPOINT_ROLLBACK, then the statement
002510  ** transaction is rolled back. If eOp is SAVEPOINT_RELEASE, then the 
002511  ** statement transaction is committed.
002512  **
002513  ** If an IO error occurs, an SQLITE_IOERR_XXX error code is returned. 
002514  ** Otherwise SQLITE_OK.
002515  */
002516  static SQLITE_NOINLINE int vdbeCloseStatement(Vdbe *p, int eOp){
002517    sqlite3 *const db = p->db;
002518    int rc = SQLITE_OK;
002519    int i;
002520    const int iSavepoint = p->iStatement-1;
002521  
002522    assert( eOp==SAVEPOINT_ROLLBACK || eOp==SAVEPOINT_RELEASE);
002523    assert( db->nStatement>0 );
002524    assert( p->iStatement==(db->nStatement+db->nSavepoint) );
002525  
002526    for(i=0; i<db->nDb; i++){ 
002527      int rc2 = SQLITE_OK;
002528      Btree *pBt = db->aDb[i].pBt;
002529      if( pBt ){
002530        if( eOp==SAVEPOINT_ROLLBACK ){
002531          rc2 = sqlite3BtreeSavepoint(pBt, SAVEPOINT_ROLLBACK, iSavepoint);
002532        }
002533        if( rc2==SQLITE_OK ){
002534          rc2 = sqlite3BtreeSavepoint(pBt, SAVEPOINT_RELEASE, iSavepoint);
002535        }
002536        if( rc==SQLITE_OK ){
002537          rc = rc2;
002538        }
002539      }
002540    }
002541    db->nStatement--;
002542    p->iStatement = 0;
002543  
002544    if( rc==SQLITE_OK ){
002545      if( eOp==SAVEPOINT_ROLLBACK ){
002546        rc = sqlite3VtabSavepoint(db, SAVEPOINT_ROLLBACK, iSavepoint);
002547      }
002548      if( rc==SQLITE_OK ){
002549        rc = sqlite3VtabSavepoint(db, SAVEPOINT_RELEASE, iSavepoint);
002550      }
002551    }
002552  
002553    /* If the statement transaction is being rolled back, also restore the 
002554    ** database handles deferred constraint counter to the value it had when 
002555    ** the statement transaction was opened.  */
002556    if( eOp==SAVEPOINT_ROLLBACK ){
002557      db->nDeferredCons = p->nStmtDefCons;
002558      db->nDeferredImmCons = p->nStmtDefImmCons;
002559    }
002560    return rc;
002561  }
002562  int sqlite3VdbeCloseStatement(Vdbe *p, int eOp){
002563    if( p->db->nStatement && p->iStatement ){
002564      return vdbeCloseStatement(p, eOp);
002565    }
002566    return SQLITE_OK;
002567  }
002568  
002569  
002570  /*
002571  ** This function is called when a transaction opened by the database 
002572  ** handle associated with the VM passed as an argument is about to be 
002573  ** committed. If there are outstanding deferred foreign key constraint
002574  ** violations, return SQLITE_ERROR. Otherwise, SQLITE_OK.
002575  **
002576  ** If there are outstanding FK violations and this function returns 
002577  ** SQLITE_ERROR, set the result of the VM to SQLITE_CONSTRAINT_FOREIGNKEY
002578  ** and write an error message to it. Then return SQLITE_ERROR.
002579  */
002580  #ifndef SQLITE_OMIT_FOREIGN_KEY
002581  int sqlite3VdbeCheckFk(Vdbe *p, int deferred){
002582    sqlite3 *db = p->db;
002583    if( (deferred && (db->nDeferredCons+db->nDeferredImmCons)>0) 
002584     || (!deferred && p->nFkConstraint>0) 
002585    ){
002586      p->rc = SQLITE_CONSTRAINT_FOREIGNKEY;
002587      p->errorAction = OE_Abort;
002588      sqlite3VdbeError(p, "FOREIGN KEY constraint failed");
002589      return SQLITE_ERROR;
002590    }
002591    return SQLITE_OK;
002592  }
002593  #endif
002594  
002595  /*
002596  ** This routine is called the when a VDBE tries to halt.  If the VDBE
002597  ** has made changes and is in autocommit mode, then commit those
002598  ** changes.  If a rollback is needed, then do the rollback.
002599  **
002600  ** This routine is the only way to move the state of a VM from
002601  ** SQLITE_MAGIC_RUN to SQLITE_MAGIC_HALT.  It is harmless to
002602  ** call this on a VM that is in the SQLITE_MAGIC_HALT state.
002603  **
002604  ** Return an error code.  If the commit could not complete because of
002605  ** lock contention, return SQLITE_BUSY.  If SQLITE_BUSY is returned, it
002606  ** means the close did not happen and needs to be repeated.
002607  */
002608  int sqlite3VdbeHalt(Vdbe *p){
002609    int rc;                         /* Used to store transient return codes */
002610    sqlite3 *db = p->db;
002611  
002612    /* This function contains the logic that determines if a statement or
002613    ** transaction will be committed or rolled back as a result of the
002614    ** execution of this virtual machine. 
002615    **
002616    ** If any of the following errors occur:
002617    **
002618    **     SQLITE_NOMEM
002619    **     SQLITE_IOERR
002620    **     SQLITE_FULL
002621    **     SQLITE_INTERRUPT
002622    **
002623    ** Then the internal cache might have been left in an inconsistent
002624    ** state.  We need to rollback the statement transaction, if there is
002625    ** one, or the complete transaction if there is no statement transaction.
002626    */
002627  
002628    if( p->magic!=VDBE_MAGIC_RUN ){
002629      return SQLITE_OK;
002630    }
002631    if( db->mallocFailed ){
002632      p->rc = SQLITE_NOMEM_BKPT;
002633    }
002634    closeAllCursors(p);
002635    checkActiveVdbeCnt(db);
002636  
002637    /* No commit or rollback needed if the program never started or if the
002638    ** SQL statement does not read or write a database file.  */
002639    if( p->pc>=0 && p->bIsReader ){
002640      int mrc;   /* Primary error code from p->rc */
002641      int eStatementOp = 0;
002642      int isSpecialError;            /* Set to true if a 'special' error */
002643  
002644      /* Lock all btrees used by the statement */
002645      sqlite3VdbeEnter(p);
002646  
002647      /* Check for one of the special errors */
002648      mrc = p->rc & 0xff;
002649      isSpecialError = mrc==SQLITE_NOMEM || mrc==SQLITE_IOERR
002650                       || mrc==SQLITE_INTERRUPT || mrc==SQLITE_FULL;
002651      if( isSpecialError ){
002652        /* If the query was read-only and the error code is SQLITE_INTERRUPT, 
002653        ** no rollback is necessary. Otherwise, at least a savepoint 
002654        ** transaction must be rolled back to restore the database to a 
002655        ** consistent state.
002656        **
002657        ** Even if the statement is read-only, it is important to perform
002658        ** a statement or transaction rollback operation. If the error 
002659        ** occurred while writing to the journal, sub-journal or database
002660        ** file as part of an effort to free up cache space (see function
002661        ** pagerStress() in pager.c), the rollback is required to restore 
002662        ** the pager to a consistent state.
002663        */
002664        if( !p->readOnly || mrc!=SQLITE_INTERRUPT ){
002665          if( (mrc==SQLITE_NOMEM || mrc==SQLITE_FULL) && p->usesStmtJournal ){
002666            eStatementOp = SAVEPOINT_ROLLBACK;
002667          }else{
002668            /* We are forced to roll back the active transaction. Before doing
002669            ** so, abort any other statements this handle currently has active.
002670            */
002671            sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
002672            sqlite3CloseSavepoints(db);
002673            db->autoCommit = 1;
002674            p->nChange = 0;
002675          }
002676        }
002677      }
002678  
002679      /* Check for immediate foreign key violations. */
002680      if( p->rc==SQLITE_OK ){
002681        sqlite3VdbeCheckFk(p, 0);
002682      }
002683    
002684      /* If the auto-commit flag is set and this is the only active writer 
002685      ** VM, then we do either a commit or rollback of the current transaction. 
002686      **
002687      ** Note: This block also runs if one of the special errors handled 
002688      ** above has occurred. 
002689      */
002690      if( !sqlite3VtabInSync(db) 
002691       && db->autoCommit 
002692       && db->nVdbeWrite==(p->readOnly==0) 
002693      ){
002694        if( p->rc==SQLITE_OK || (p->errorAction==OE_Fail && !isSpecialError) ){
002695          rc = sqlite3VdbeCheckFk(p, 1);
002696          if( rc!=SQLITE_OK ){
002697            if( NEVER(p->readOnly) ){
002698              sqlite3VdbeLeave(p);
002699              return SQLITE_ERROR;
002700            }
002701            rc = SQLITE_CONSTRAINT_FOREIGNKEY;
002702          }else{ 
002703            /* The auto-commit flag is true, the vdbe program was successful 
002704            ** or hit an 'OR FAIL' constraint and there are no deferred foreign
002705            ** key constraints to hold up the transaction. This means a commit 
002706            ** is required. */
002707            rc = vdbeCommit(db, p);
002708          }
002709          if( rc==SQLITE_BUSY && p->readOnly ){
002710            sqlite3VdbeLeave(p);
002711            return SQLITE_BUSY;
002712          }else if( rc!=SQLITE_OK ){
002713            p->rc = rc;
002714            sqlite3RollbackAll(db, SQLITE_OK);
002715            p->nChange = 0;
002716          }else{
002717            db->nDeferredCons = 0;
002718            db->nDeferredImmCons = 0;
002719            db->flags &= ~SQLITE_DeferFKs;
002720            sqlite3CommitInternalChanges(db);
002721          }
002722        }else{
002723          sqlite3RollbackAll(db, SQLITE_OK);
002724          p->nChange = 0;
002725        }
002726        db->nStatement = 0;
002727      }else if( eStatementOp==0 ){
002728        if( p->rc==SQLITE_OK || p->errorAction==OE_Fail ){
002729          eStatementOp = SAVEPOINT_RELEASE;
002730        }else if( p->errorAction==OE_Abort ){
002731          eStatementOp = SAVEPOINT_ROLLBACK;
002732        }else{
002733          sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
002734          sqlite3CloseSavepoints(db);
002735          db->autoCommit = 1;
002736          p->nChange = 0;
002737        }
002738      }
002739    
002740      /* If eStatementOp is non-zero, then a statement transaction needs to
002741      ** be committed or rolled back. Call sqlite3VdbeCloseStatement() to
002742      ** do so. If this operation returns an error, and the current statement
002743      ** error code is SQLITE_OK or SQLITE_CONSTRAINT, then promote the
002744      ** current statement error code.
002745      */
002746      if( eStatementOp ){
002747        rc = sqlite3VdbeCloseStatement(p, eStatementOp);
002748        if( rc ){
002749          if( p->rc==SQLITE_OK || (p->rc&0xff)==SQLITE_CONSTRAINT ){
002750            p->rc = rc;
002751            sqlite3DbFree(db, p->zErrMsg);
002752            p->zErrMsg = 0;
002753          }
002754          sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
002755          sqlite3CloseSavepoints(db);
002756          db->autoCommit = 1;
002757          p->nChange = 0;
002758        }
002759      }
002760    
002761      /* If this was an INSERT, UPDATE or DELETE and no statement transaction
002762      ** has been rolled back, update the database connection change-counter. 
002763      */
002764      if( p->changeCntOn ){
002765        if( eStatementOp!=SAVEPOINT_ROLLBACK ){
002766          sqlite3VdbeSetChanges(db, p->nChange);
002767        }else{
002768          sqlite3VdbeSetChanges(db, 0);
002769        }
002770        p->nChange = 0;
002771      }
002772  
002773      /* Release the locks */
002774      sqlite3VdbeLeave(p);
002775    }
002776  
002777    /* We have successfully halted and closed the VM.  Record this fact. */
002778    if( p->pc>=0 ){
002779      db->nVdbeActive--;
002780      if( !p->readOnly ) db->nVdbeWrite--;
002781      if( p->bIsReader ) db->nVdbeRead--;
002782      assert( db->nVdbeActive>=db->nVdbeRead );
002783      assert( db->nVdbeRead>=db->nVdbeWrite );
002784      assert( db->nVdbeWrite>=0 );
002785    }
002786    p->magic = VDBE_MAGIC_HALT;
002787    checkActiveVdbeCnt(db);
002788    if( db->mallocFailed ){
002789      p->rc = SQLITE_NOMEM_BKPT;
002790    }
002791  
002792    /* If the auto-commit flag is set to true, then any locks that were held
002793    ** by connection db have now been released. Call sqlite3ConnectionUnlocked() 
002794    ** to invoke any required unlock-notify callbacks.
002795    */
002796    if( db->autoCommit ){
002797      sqlite3ConnectionUnlocked(db);
002798    }
002799  
002800    assert( db->nVdbeActive>0 || db->autoCommit==0 || db->nStatement==0 );
002801    return (p->rc==SQLITE_BUSY ? SQLITE_BUSY : SQLITE_OK);
002802  }
002803  
002804  
002805  /*
002806  ** Each VDBE holds the result of the most recent sqlite3_step() call
002807  ** in p->rc.  This routine sets that result back to SQLITE_OK.
002808  */
002809  void sqlite3VdbeResetStepResult(Vdbe *p){
002810    p->rc = SQLITE_OK;
002811  }
002812  
002813  /*
002814  ** Copy the error code and error message belonging to the VDBE passed
002815  ** as the first argument to its database handle (so that they will be 
002816  ** returned by calls to sqlite3_errcode() and sqlite3_errmsg()).
002817  **
002818  ** This function does not clear the VDBE error code or message, just
002819  ** copies them to the database handle.
002820  */
002821  int sqlite3VdbeTransferError(Vdbe *p){
002822    sqlite3 *db = p->db;
002823    int rc = p->rc;
002824    if( p->zErrMsg ){
002825      db->bBenignMalloc++;
002826      sqlite3BeginBenignMalloc();
002827      if( db->pErr==0 ) db->pErr = sqlite3ValueNew(db);
002828      sqlite3ValueSetStr(db->pErr, -1, p->zErrMsg, SQLITE_UTF8, SQLITE_TRANSIENT);
002829      sqlite3EndBenignMalloc();
002830      db->bBenignMalloc--;
002831    }else if( db->pErr ){
002832      sqlite3ValueSetNull(db->pErr);
002833    }
002834    db->errCode = rc;
002835    return rc;
002836  }
002837  
002838  #ifdef SQLITE_ENABLE_SQLLOG
002839  /*
002840  ** If an SQLITE_CONFIG_SQLLOG hook is registered and the VM has been run, 
002841  ** invoke it.
002842  */
002843  static void vdbeInvokeSqllog(Vdbe *v){
002844    if( sqlite3GlobalConfig.xSqllog && v->rc==SQLITE_OK && v->zSql && v->pc>=0 ){
002845      char *zExpanded = sqlite3VdbeExpandSql(v, v->zSql);
002846      assert( v->db->init.busy==0 );
002847      if( zExpanded ){
002848        sqlite3GlobalConfig.xSqllog(
002849            sqlite3GlobalConfig.pSqllogArg, v->db, zExpanded, 1
002850        );
002851        sqlite3DbFree(v->db, zExpanded);
002852      }
002853    }
002854  }
002855  #else
002856  # define vdbeInvokeSqllog(x)
002857  #endif
002858  
002859  /*
002860  ** Clean up a VDBE after execution but do not delete the VDBE just yet.
002861  ** Write any error messages into *pzErrMsg.  Return the result code.
002862  **
002863  ** After this routine is run, the VDBE should be ready to be executed
002864  ** again.
002865  **
002866  ** To look at it another way, this routine resets the state of the
002867  ** virtual machine from VDBE_MAGIC_RUN or VDBE_MAGIC_HALT back to
002868  ** VDBE_MAGIC_INIT.
002869  */
002870  int sqlite3VdbeReset(Vdbe *p){
002871  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
002872    int i;
002873  #endif
002874  
002875    sqlite3 *db;
002876    db = p->db;
002877  
002878    /* If the VM did not run to completion or if it encountered an
002879    ** error, then it might not have been halted properly.  So halt
002880    ** it now.
002881    */
002882    sqlite3VdbeHalt(p);
002883  
002884    /* If the VDBE has be run even partially, then transfer the error code
002885    ** and error message from the VDBE into the main database structure.  But
002886    ** if the VDBE has just been set to run but has not actually executed any
002887    ** instructions yet, leave the main database error information unchanged.
002888    */
002889    if( p->pc>=0 ){
002890      vdbeInvokeSqllog(p);
002891      sqlite3VdbeTransferError(p);
002892      if( p->runOnlyOnce ) p->expired = 1;
002893    }else if( p->rc && p->expired ){
002894      /* The expired flag was set on the VDBE before the first call
002895      ** to sqlite3_step(). For consistency (since sqlite3_step() was
002896      ** called), set the database error in this case as well.
002897      */
002898      sqlite3ErrorWithMsg(db, p->rc, p->zErrMsg ? "%s" : 0, p->zErrMsg);
002899    }
002900  
002901    /* Reset register contents and reclaim error message memory.
002902    */
002903  #ifdef SQLITE_DEBUG
002904    /* Execute assert() statements to ensure that the Vdbe.apCsr[] and 
002905    ** Vdbe.aMem[] arrays have already been cleaned up.  */
002906    if( p->apCsr ) for(i=0; i<p->nCursor; i++) assert( p->apCsr[i]==0 );
002907    if( p->aMem ){
002908      for(i=0; i<p->nMem; i++) assert( p->aMem[i].flags==MEM_Undefined );
002909    }
002910  #endif
002911    sqlite3DbFree(db, p->zErrMsg);
002912    p->zErrMsg = 0;
002913    p->pResultSet = 0;
002914  
002915    /* Save profiling information from this VDBE run.
002916    */
002917  #ifdef VDBE_PROFILE
002918    {
002919      FILE *out = fopen("vdbe_profile.out", "a");
002920      if( out ){
002921        fprintf(out, "---- ");
002922        for(i=0; i<p->nOp; i++){
002923          fprintf(out, "%02x", p->aOp[i].opcode);
002924        }
002925        fprintf(out, "\n");
002926        if( p->zSql ){
002927          char c, pc = 0;
002928          fprintf(out, "-- ");
002929          for(i=0; (c = p->zSql[i])!=0; i++){
002930            if( pc=='\n' ) fprintf(out, "-- ");
002931            putc(c, out);
002932            pc = c;
002933          }
002934          if( pc!='\n' ) fprintf(out, "\n");
002935        }
002936        for(i=0; i<p->nOp; i++){
002937          char zHdr[100];
002938          sqlite3_snprintf(sizeof(zHdr), zHdr, "%6u %12llu %8llu ",
002939             p->aOp[i].cnt,
002940             p->aOp[i].cycles,
002941             p->aOp[i].cnt>0 ? p->aOp[i].cycles/p->aOp[i].cnt : 0
002942          );
002943          fprintf(out, "%s", zHdr);
002944          sqlite3VdbePrintOp(out, i, &p->aOp[i]);
002945        }
002946        fclose(out);
002947      }
002948    }
002949  #endif
002950    p->magic = VDBE_MAGIC_RESET;
002951    return p->rc & db->errMask;
002952  }
002953   
002954  /*
002955  ** Clean up and delete a VDBE after execution.  Return an integer which is
002956  ** the result code.  Write any error message text into *pzErrMsg.
002957  */
002958  int sqlite3VdbeFinalize(Vdbe *p){
002959    int rc = SQLITE_OK;
002960    if( p->magic==VDBE_MAGIC_RUN || p->magic==VDBE_MAGIC_HALT ){
002961      rc = sqlite3VdbeReset(p);
002962      assert( (rc & p->db->errMask)==rc );
002963    }
002964    sqlite3VdbeDelete(p);
002965    return rc;
002966  }
002967  
002968  /*
002969  ** If parameter iOp is less than zero, then invoke the destructor for
002970  ** all auxiliary data pointers currently cached by the VM passed as
002971  ** the first argument.
002972  **
002973  ** Or, if iOp is greater than or equal to zero, then the destructor is
002974  ** only invoked for those auxiliary data pointers created by the user 
002975  ** function invoked by the OP_Function opcode at instruction iOp of 
002976  ** VM pVdbe, and only then if:
002977  **
002978  **    * the associated function parameter is the 32nd or later (counting
002979  **      from left to right), or
002980  **
002981  **    * the corresponding bit in argument mask is clear (where the first
002982  **      function parameter corresponds to bit 0 etc.).
002983  */
002984  void sqlite3VdbeDeleteAuxData(sqlite3 *db, AuxData **pp, int iOp, int mask){
002985    while( *pp ){
002986      AuxData *pAux = *pp;
002987      if( (iOp<0)
002988       || (pAux->iAuxOp==iOp
002989            && pAux->iAuxArg>=0
002990            && (pAux->iAuxArg>31 || !(mask & MASKBIT32(pAux->iAuxArg))))
002991      ){
002992        testcase( pAux->iAuxArg==31 );
002993        if( pAux->xDeleteAux ){
002994          pAux->xDeleteAux(pAux->pAux);
002995        }
002996        *pp = pAux->pNextAux;
002997        sqlite3DbFree(db, pAux);
002998      }else{
002999        pp= &pAux->pNextAux;
003000      }
003001    }
003002  }
003003  
003004  /*
003005  ** Free all memory associated with the Vdbe passed as the second argument,
003006  ** except for object itself, which is preserved.
003007  **
003008  ** The difference between this function and sqlite3VdbeDelete() is that
003009  ** VdbeDelete() also unlinks the Vdbe from the list of VMs associated with
003010  ** the database connection and frees the object itself.
003011  */
003012  void sqlite3VdbeClearObject(sqlite3 *db, Vdbe *p){
003013    SubProgram *pSub, *pNext;
003014    assert( p->db==0 || p->db==db );
003015    releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
003016    for(pSub=p->pProgram; pSub; pSub=pNext){
003017      pNext = pSub->pNext;
003018      vdbeFreeOpArray(db, pSub->aOp, pSub->nOp);
003019      sqlite3DbFree(db, pSub);
003020    }
003021    if( p->magic!=VDBE_MAGIC_INIT ){
003022      releaseMemArray(p->aVar, p->nVar);
003023      sqlite3DbFree(db, p->pVList);
003024      sqlite3DbFree(db, p->pFree);
003025    }
003026    vdbeFreeOpArray(db, p->aOp, p->nOp);
003027    sqlite3DbFree(db, p->aColName);
003028    sqlite3DbFree(db, p->zSql);
003029  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
003030    {
003031      int i;
003032      for(i=0; i<p->nScan; i++){
003033        sqlite3DbFree(db, p->aScan[i].zName);
003034      }
003035      sqlite3DbFree(db, p->aScan);
003036    }
003037  #endif
003038  }
003039  
003040  /*
003041  ** Delete an entire VDBE.
003042  */
003043  void sqlite3VdbeDelete(Vdbe *p){
003044    sqlite3 *db;
003045  
003046    if( NEVER(p==0) ) return;
003047    db = p->db;
003048    assert( sqlite3_mutex_held(db->mutex) );
003049    sqlite3VdbeClearObject(db, p);
003050    if( p->pPrev ){
003051      p->pPrev->pNext = p->pNext;
003052    }else{
003053      assert( db->pVdbe==p );
003054      db->pVdbe = p->pNext;
003055    }
003056    if( p->pNext ){
003057      p->pNext->pPrev = p->pPrev;
003058    }
003059    p->magic = VDBE_MAGIC_DEAD;
003060    p->db = 0;
003061    sqlite3DbFreeNN(db, p);
003062  }
003063  
003064  /*
003065  ** The cursor "p" has a pending seek operation that has not yet been
003066  ** carried out.  Seek the cursor now.  If an error occurs, return
003067  ** the appropriate error code.
003068  */
003069  static int SQLITE_NOINLINE handleDeferredMoveto(VdbeCursor *p){
003070    int res, rc;
003071  #ifdef SQLITE_TEST
003072    extern int sqlite3_search_count;
003073  #endif
003074    assert( p->deferredMoveto );
003075    assert( p->isTable );
003076    assert( p->eCurType==CURTYPE_BTREE );
003077    rc = sqlite3BtreeMovetoUnpacked(p->uc.pCursor, 0, p->movetoTarget, 0, &res);
003078    if( rc ) return rc;
003079    if( res!=0 ) return SQLITE_CORRUPT_BKPT;
003080  #ifdef SQLITE_TEST
003081    sqlite3_search_count++;
003082  #endif
003083    p->deferredMoveto = 0;
003084    p->cacheStatus = CACHE_STALE;
003085    return SQLITE_OK;
003086  }
003087  
003088  /*
003089  ** Something has moved cursor "p" out of place.  Maybe the row it was
003090  ** pointed to was deleted out from under it.  Or maybe the btree was
003091  ** rebalanced.  Whatever the cause, try to restore "p" to the place it
003092  ** is supposed to be pointing.  If the row was deleted out from under the
003093  ** cursor, set the cursor to point to a NULL row.
003094  */
003095  static int SQLITE_NOINLINE handleMovedCursor(VdbeCursor *p){
003096    int isDifferentRow, rc;
003097    assert( p->eCurType==CURTYPE_BTREE );
003098    assert( p->uc.pCursor!=0 );
003099    assert( sqlite3BtreeCursorHasMoved(p->uc.pCursor) );
003100    rc = sqlite3BtreeCursorRestore(p->uc.pCursor, &isDifferentRow);
003101    p->cacheStatus = CACHE_STALE;
003102    if( isDifferentRow ) p->nullRow = 1;
003103    return rc;
003104  }
003105  
003106  /*
003107  ** Check to ensure that the cursor is valid.  Restore the cursor
003108  ** if need be.  Return any I/O error from the restore operation.
003109  */
003110  int sqlite3VdbeCursorRestore(VdbeCursor *p){
003111    assert( p->eCurType==CURTYPE_BTREE );
003112    if( sqlite3BtreeCursorHasMoved(p->uc.pCursor) ){
003113      return handleMovedCursor(p);
003114    }
003115    return SQLITE_OK;
003116  }
003117  
003118  /*
003119  ** Make sure the cursor p is ready to read or write the row to which it
003120  ** was last positioned.  Return an error code if an OOM fault or I/O error
003121  ** prevents us from positioning the cursor to its correct position.
003122  **
003123  ** If a MoveTo operation is pending on the given cursor, then do that
003124  ** MoveTo now.  If no move is pending, check to see if the row has been
003125  ** deleted out from under the cursor and if it has, mark the row as
003126  ** a NULL row.
003127  **
003128  ** If the cursor is already pointing to the correct row and that row has
003129  ** not been deleted out from under the cursor, then this routine is a no-op.
003130  */
003131  int sqlite3VdbeCursorMoveto(VdbeCursor **pp, int *piCol){
003132    VdbeCursor *p = *pp;
003133    assert( p->eCurType==CURTYPE_BTREE || p->eCurType==CURTYPE_PSEUDO );
003134    if( p->deferredMoveto ){
003135      int iMap;
003136      if( p->aAltMap && (iMap = p->aAltMap[1+*piCol])>0 ){
003137        *pp = p->pAltCursor;
003138        *piCol = iMap - 1;
003139        return SQLITE_OK;
003140      }
003141      return handleDeferredMoveto(p);
003142    }
003143    if( sqlite3BtreeCursorHasMoved(p->uc.pCursor) ){
003144      return handleMovedCursor(p);
003145    }
003146    return SQLITE_OK;
003147  }
003148  
003149  /*
003150  ** The following functions:
003151  **
003152  ** sqlite3VdbeSerialType()
003153  ** sqlite3VdbeSerialTypeLen()
003154  ** sqlite3VdbeSerialLen()
003155  ** sqlite3VdbeSerialPut()
003156  ** sqlite3VdbeSerialGet()
003157  **
003158  ** encapsulate the code that serializes values for storage in SQLite
003159  ** data and index records. Each serialized value consists of a
003160  ** 'serial-type' and a blob of data. The serial type is an 8-byte unsigned
003161  ** integer, stored as a varint.
003162  **
003163  ** In an SQLite index record, the serial type is stored directly before
003164  ** the blob of data that it corresponds to. In a table record, all serial
003165  ** types are stored at the start of the record, and the blobs of data at
003166  ** the end. Hence these functions allow the caller to handle the
003167  ** serial-type and data blob separately.
003168  **
003169  ** The following table describes the various storage classes for data:
003170  **
003171  **   serial type        bytes of data      type
003172  **   --------------     ---------------    ---------------
003173  **      0                     0            NULL
003174  **      1                     1            signed integer
003175  **      2                     2            signed integer
003176  **      3                     3            signed integer
003177  **      4                     4            signed integer
003178  **      5                     6            signed integer
003179  **      6                     8            signed integer
003180  **      7                     8            IEEE float
003181  **      8                     0            Integer constant 0
003182  **      9                     0            Integer constant 1
003183  **     10,11                               reserved for expansion
003184  **    N>=12 and even       (N-12)/2        BLOB
003185  **    N>=13 and odd        (N-13)/2        text
003186  **
003187  ** The 8 and 9 types were added in 3.3.0, file format 4.  Prior versions
003188  ** of SQLite will not understand those serial types.
003189  */
003190  
003191  /*
003192  ** Return the serial-type for the value stored in pMem.
003193  */
003194  u32 sqlite3VdbeSerialType(Mem *pMem, int file_format, u32 *pLen){
003195    int flags = pMem->flags;
003196    u32 n;
003197  
003198    assert( pLen!=0 );
003199    if( flags&MEM_Null ){
003200      *pLen = 0;
003201      return 0;
003202    }
003203    if( flags&MEM_Int ){
003204      /* Figure out whether to use 1, 2, 4, 6 or 8 bytes. */
003205  #   define MAX_6BYTE ((((i64)0x00008000)<<32)-1)
003206      i64 i = pMem->u.i;
003207      u64 u;
003208      if( i<0 ){
003209        u = ~i;
003210      }else{
003211        u = i;
003212      }
003213      if( u<=127 ){
003214        if( (i&1)==i && file_format>=4 ){
003215          *pLen = 0;
003216          return 8+(u32)u;
003217        }else{
003218          *pLen = 1;
003219          return 1;
003220        }
003221      }
003222      if( u<=32767 ){ *pLen = 2; return 2; }
003223      if( u<=8388607 ){ *pLen = 3; return 3; }
003224      if( u<=2147483647 ){ *pLen = 4; return 4; }
003225      if( u<=MAX_6BYTE ){ *pLen = 6; return 5; }
003226      *pLen = 8;
003227      return 6;
003228    }
003229    if( flags&MEM_Real ){
003230      *pLen = 8;
003231      return 7;
003232    }
003233    assert( pMem->db->mallocFailed || flags&(MEM_Str|MEM_Blob) );
003234    assert( pMem->n>=0 );
003235    n = (u32)pMem->n;
003236    if( flags & MEM_Zero ){
003237      n += pMem->u.nZero;
003238    }
003239    *pLen = n;
003240    return ((n*2) + 12 + ((flags&MEM_Str)!=0));
003241  }
003242  
003243  /*
003244  ** The sizes for serial types less than 128
003245  */
003246  static const u8 sqlite3SmallTypeSizes[] = {
003247          /*  0   1   2   3   4   5   6   7   8   9 */   
003248  /*   0 */   0,  1,  2,  3,  4,  6,  8,  8,  0,  0,
003249  /*  10 */   0,  0,  0,  0,  1,  1,  2,  2,  3,  3,
003250  /*  20 */   4,  4,  5,  5,  6,  6,  7,  7,  8,  8,
003251  /*  30 */   9,  9, 10, 10, 11, 11, 12, 12, 13, 13,
003252  /*  40 */  14, 14, 15, 15, 16, 16, 17, 17, 18, 18,
003253  /*  50 */  19, 19, 20, 20, 21, 21, 22, 22, 23, 23,
003254  /*  60 */  24, 24, 25, 25, 26, 26, 27, 27, 28, 28,
003255  /*  70 */  29, 29, 30, 30, 31, 31, 32, 32, 33, 33,
003256  /*  80 */  34, 34, 35, 35, 36, 36, 37, 37, 38, 38,
003257  /*  90 */  39, 39, 40, 40, 41, 41, 42, 42, 43, 43,
003258  /* 100 */  44, 44, 45, 45, 46, 46, 47, 47, 48, 48,
003259  /* 110 */  49, 49, 50, 50, 51, 51, 52, 52, 53, 53,
003260  /* 120 */  54, 54, 55, 55, 56, 56, 57, 57
003261  };
003262  
003263  /*
003264  ** Return the length of the data corresponding to the supplied serial-type.
003265  */
003266  u32 sqlite3VdbeSerialTypeLen(u32 serial_type){
003267    if( serial_type>=128 ){
003268      return (serial_type-12)/2;
003269    }else{
003270      assert( serial_type<12 
003271              || sqlite3SmallTypeSizes[serial_type]==(serial_type - 12)/2 );
003272      return sqlite3SmallTypeSizes[serial_type];
003273    }
003274  }
003275  u8 sqlite3VdbeOneByteSerialTypeLen(u8 serial_type){
003276    assert( serial_type<128 );
003277    return sqlite3SmallTypeSizes[serial_type];  
003278  }
003279  
003280  /*
003281  ** If we are on an architecture with mixed-endian floating 
003282  ** points (ex: ARM7) then swap the lower 4 bytes with the 
003283  ** upper 4 bytes.  Return the result.
003284  **
003285  ** For most architectures, this is a no-op.
003286  **
003287  ** (later):  It is reported to me that the mixed-endian problem
003288  ** on ARM7 is an issue with GCC, not with the ARM7 chip.  It seems
003289  ** that early versions of GCC stored the two words of a 64-bit
003290  ** float in the wrong order.  And that error has been propagated
003291  ** ever since.  The blame is not necessarily with GCC, though.
003292  ** GCC might have just copying the problem from a prior compiler.
003293  ** I am also told that newer versions of GCC that follow a different
003294  ** ABI get the byte order right.
003295  **
003296  ** Developers using SQLite on an ARM7 should compile and run their
003297  ** application using -DSQLITE_DEBUG=1 at least once.  With DEBUG
003298  ** enabled, some asserts below will ensure that the byte order of
003299  ** floating point values is correct.
003300  **
003301  ** (2007-08-30)  Frank van Vugt has studied this problem closely
003302  ** and has send his findings to the SQLite developers.  Frank
003303  ** writes that some Linux kernels offer floating point hardware
003304  ** emulation that uses only 32-bit mantissas instead of a full 
003305  ** 48-bits as required by the IEEE standard.  (This is the
003306  ** CONFIG_FPE_FASTFPE option.)  On such systems, floating point
003307  ** byte swapping becomes very complicated.  To avoid problems,
003308  ** the necessary byte swapping is carried out using a 64-bit integer
003309  ** rather than a 64-bit float.  Frank assures us that the code here
003310  ** works for him.  We, the developers, have no way to independently
003311  ** verify this, but Frank seems to know what he is talking about
003312  ** so we trust him.
003313  */
003314  #ifdef SQLITE_MIXED_ENDIAN_64BIT_FLOAT
003315  static u64 floatSwap(u64 in){
003316    union {
003317      u64 r;
003318      u32 i[2];
003319    } u;
003320    u32 t;
003321  
003322    u.r = in;
003323    t = u.i[0];
003324    u.i[0] = u.i[1];
003325    u.i[1] = t;
003326    return u.r;
003327  }
003328  # define swapMixedEndianFloat(X)  X = floatSwap(X)
003329  #else
003330  # define swapMixedEndianFloat(X)
003331  #endif
003332  
003333  /*
003334  ** Write the serialized data blob for the value stored in pMem into 
003335  ** buf. It is assumed that the caller has allocated sufficient space.
003336  ** Return the number of bytes written.
003337  **
003338  ** nBuf is the amount of space left in buf[].  The caller is responsible
003339  ** for allocating enough space to buf[] to hold the entire field, exclusive
003340  ** of the pMem->u.nZero bytes for a MEM_Zero value.
003341  **
003342  ** Return the number of bytes actually written into buf[].  The number
003343  ** of bytes in the zero-filled tail is included in the return value only
003344  ** if those bytes were zeroed in buf[].
003345  */ 
003346  u32 sqlite3VdbeSerialPut(u8 *buf, Mem *pMem, u32 serial_type){
003347    u32 len;
003348  
003349    /* Integer and Real */
003350    if( serial_type<=7 && serial_type>0 ){
003351      u64 v;
003352      u32 i;
003353      if( serial_type==7 ){
003354        assert( sizeof(v)==sizeof(pMem->u.r) );
003355        memcpy(&v, &pMem->u.r, sizeof(v));
003356        swapMixedEndianFloat(v);
003357      }else{
003358        v = pMem->u.i;
003359      }
003360      len = i = sqlite3SmallTypeSizes[serial_type];
003361      assert( i>0 );
003362      do{
003363        buf[--i] = (u8)(v&0xFF);
003364        v >>= 8;
003365      }while( i );
003366      return len;
003367    }
003368  
003369    /* String or blob */
003370    if( serial_type>=12 ){
003371      assert( pMem->n + ((pMem->flags & MEM_Zero)?pMem->u.nZero:0)
003372               == (int)sqlite3VdbeSerialTypeLen(serial_type) );
003373      len = pMem->n;
003374      if( len>0 ) memcpy(buf, pMem->z, len);
003375      return len;
003376    }
003377  
003378    /* NULL or constants 0 or 1 */
003379    return 0;
003380  }
003381  
003382  /* Input "x" is a sequence of unsigned characters that represent a
003383  ** big-endian integer.  Return the equivalent native integer
003384  */
003385  #define ONE_BYTE_INT(x)    ((i8)(x)[0])
003386  #define TWO_BYTE_INT(x)    (256*(i8)((x)[0])|(x)[1])
003387  #define THREE_BYTE_INT(x)  (65536*(i8)((x)[0])|((x)[1]<<8)|(x)[2])
003388  #define FOUR_BYTE_UINT(x)  (((u32)(x)[0]<<24)|((x)[1]<<16)|((x)[2]<<8)|(x)[3])
003389  #define FOUR_BYTE_INT(x) (16777216*(i8)((x)[0])|((x)[1]<<16)|((x)[2]<<8)|(x)[3])
003390  
003391  /*
003392  ** Deserialize the data blob pointed to by buf as serial type serial_type
003393  ** and store the result in pMem.  Return the number of bytes read.
003394  **
003395  ** This function is implemented as two separate routines for performance.
003396  ** The few cases that require local variables are broken out into a separate
003397  ** routine so that in most cases the overhead of moving the stack pointer
003398  ** is avoided.
003399  */ 
003400  static u32 SQLITE_NOINLINE serialGet(
003401    const unsigned char *buf,     /* Buffer to deserialize from */
003402    u32 serial_type,              /* Serial type to deserialize */
003403    Mem *pMem                     /* Memory cell to write value into */
003404  ){
003405    u64 x = FOUR_BYTE_UINT(buf);
003406    u32 y = FOUR_BYTE_UINT(buf+4);
003407    x = (x<<32) + y;
003408    if( serial_type==6 ){
003409      /* EVIDENCE-OF: R-29851-52272 Value is a big-endian 64-bit
003410      ** twos-complement integer. */
003411      pMem->u.i = *(i64*)&x;
003412      pMem->flags = MEM_Int;
003413      testcase( pMem->u.i<0 );
003414    }else{
003415      /* EVIDENCE-OF: R-57343-49114 Value is a big-endian IEEE 754-2008 64-bit
003416      ** floating point number. */
003417  #if !defined(NDEBUG) && !defined(SQLITE_OMIT_FLOATING_POINT)
003418      /* Verify that integers and floating point values use the same
003419      ** byte order.  Or, that if SQLITE_MIXED_ENDIAN_64BIT_FLOAT is
003420      ** defined that 64-bit floating point values really are mixed
003421      ** endian.
003422      */
003423      static const u64 t1 = ((u64)0x3ff00000)<<32;
003424      static const double r1 = 1.0;
003425      u64 t2 = t1;
003426      swapMixedEndianFloat(t2);
003427      assert( sizeof(r1)==sizeof(t2) && memcmp(&r1, &t2, sizeof(r1))==0 );
003428  #endif
003429      assert( sizeof(x)==8 && sizeof(pMem->u.r)==8 );
003430      swapMixedEndianFloat(x);
003431      memcpy(&pMem->u.r, &x, sizeof(x));
003432      pMem->flags = sqlite3IsNaN(pMem->u.r) ? MEM_Null : MEM_Real;
003433    }
003434    return 8;
003435  }
003436  u32 sqlite3VdbeSerialGet(
003437    const unsigned char *buf,     /* Buffer to deserialize from */
003438    u32 serial_type,              /* Serial type to deserialize */
003439    Mem *pMem                     /* Memory cell to write value into */
003440  ){
003441    switch( serial_type ){
003442      case 10:   /* Reserved for future use */
003443      case 11:   /* Reserved for future use */
003444      case 0: {  /* Null */
003445        /* EVIDENCE-OF: R-24078-09375 Value is a NULL. */
003446        pMem->flags = MEM_Null;
003447        break;
003448      }
003449      case 1: {
003450        /* EVIDENCE-OF: R-44885-25196 Value is an 8-bit twos-complement
003451        ** integer. */
003452        pMem->u.i = ONE_BYTE_INT(buf);
003453        pMem->flags = MEM_Int;
003454        testcase( pMem->u.i<0 );
003455        return 1;
003456      }
003457      case 2: { /* 2-byte signed integer */
003458        /* EVIDENCE-OF: R-49794-35026 Value is a big-endian 16-bit
003459        ** twos-complement integer. */
003460        pMem->u.i = TWO_BYTE_INT(buf);
003461        pMem->flags = MEM_Int;
003462        testcase( pMem->u.i<0 );
003463        return 2;
003464      }
003465      case 3: { /* 3-byte signed integer */
003466        /* EVIDENCE-OF: R-37839-54301 Value is a big-endian 24-bit
003467        ** twos-complement integer. */
003468        pMem->u.i = THREE_BYTE_INT(buf);
003469        pMem->flags = MEM_Int;
003470        testcase( pMem->u.i<0 );
003471        return 3;
003472      }
003473      case 4: { /* 4-byte signed integer */
003474        /* EVIDENCE-OF: R-01849-26079 Value is a big-endian 32-bit
003475        ** twos-complement integer. */
003476        pMem->u.i = FOUR_BYTE_INT(buf);
003477  #ifdef __HP_cc 
003478        /* Work around a sign-extension bug in the HP compiler for HP/UX */
003479        if( buf[0]&0x80 ) pMem->u.i |= 0xffffffff80000000LL;
003480  #endif
003481        pMem->flags = MEM_Int;
003482        testcase( pMem->u.i<0 );
003483        return 4;
003484      }
003485      case 5: { /* 6-byte signed integer */
003486        /* EVIDENCE-OF: R-50385-09674 Value is a big-endian 48-bit
003487        ** twos-complement integer. */
003488        pMem->u.i = FOUR_BYTE_UINT(buf+2) + (((i64)1)<<32)*TWO_BYTE_INT(buf);
003489        pMem->flags = MEM_Int;
003490        testcase( pMem->u.i<0 );
003491        return 6;
003492      }
003493      case 6:   /* 8-byte signed integer */
003494      case 7: { /* IEEE floating point */
003495        /* These use local variables, so do them in a separate routine
003496        ** to avoid having to move the frame pointer in the common case */
003497        return serialGet(buf,serial_type,pMem);
003498      }
003499      case 8:    /* Integer 0 */
003500      case 9: {  /* Integer 1 */
003501        /* EVIDENCE-OF: R-12976-22893 Value is the integer 0. */
003502        /* EVIDENCE-OF: R-18143-12121 Value is the integer 1. */
003503        pMem->u.i = serial_type-8;
003504        pMem->flags = MEM_Int;
003505        return 0;
003506      }
003507      default: {
003508        /* EVIDENCE-OF: R-14606-31564 Value is a BLOB that is (N-12)/2 bytes in
003509        ** length.
003510        ** EVIDENCE-OF: R-28401-00140 Value is a string in the text encoding and
003511        ** (N-13)/2 bytes in length. */
003512        static const u16 aFlag[] = { MEM_Blob|MEM_Ephem, MEM_Str|MEM_Ephem };
003513        pMem->z = (char *)buf;
003514        pMem->n = (serial_type-12)/2;
003515        pMem->flags = aFlag[serial_type&1];
003516        return pMem->n;
003517      }
003518    }
003519    return 0;
003520  }
003521  /*
003522  ** This routine is used to allocate sufficient space for an UnpackedRecord
003523  ** structure large enough to be used with sqlite3VdbeRecordUnpack() if
003524  ** the first argument is a pointer to KeyInfo structure pKeyInfo.
003525  **
003526  ** The space is either allocated using sqlite3DbMallocRaw() or from within
003527  ** the unaligned buffer passed via the second and third arguments (presumably
003528  ** stack space). If the former, then *ppFree is set to a pointer that should
003529  ** be eventually freed by the caller using sqlite3DbFree(). Or, if the 
003530  ** allocation comes from the pSpace/szSpace buffer, *ppFree is set to NULL
003531  ** before returning.
003532  **
003533  ** If an OOM error occurs, NULL is returned.
003534  */
003535  UnpackedRecord *sqlite3VdbeAllocUnpackedRecord(
003536    KeyInfo *pKeyInfo               /* Description of the record */
003537  ){
003538    UnpackedRecord *p;              /* Unpacked record to return */
003539    int nByte;                      /* Number of bytes required for *p */
003540    nByte = ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*(pKeyInfo->nKeyField+1);
003541    p = (UnpackedRecord *)sqlite3DbMallocRaw(pKeyInfo->db, nByte);
003542    if( !p ) return 0;
003543    p->aMem = (Mem*)&((char*)p)[ROUND8(sizeof(UnpackedRecord))];
003544    assert( pKeyInfo->aSortOrder!=0 );
003545    p->pKeyInfo = pKeyInfo;
003546    p->nField = pKeyInfo->nKeyField + 1;
003547    return p;
003548  }
003549  
003550  /*
003551  ** Given the nKey-byte encoding of a record in pKey[], populate the 
003552  ** UnpackedRecord structure indicated by the fourth argument with the
003553  ** contents of the decoded record.
003554  */ 
003555  void sqlite3VdbeRecordUnpack(
003556    KeyInfo *pKeyInfo,     /* Information about the record format */
003557    int nKey,              /* Size of the binary record */
003558    const void *pKey,      /* The binary record */
003559    UnpackedRecord *p      /* Populate this structure before returning. */
003560  ){
003561    const unsigned char *aKey = (const unsigned char *)pKey;
003562    int d; 
003563    u32 idx;                        /* Offset in aKey[] to read from */
003564    u16 u;                          /* Unsigned loop counter */
003565    u32 szHdr;
003566    Mem *pMem = p->aMem;
003567  
003568    p->default_rc = 0;
003569    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
003570    idx = getVarint32(aKey, szHdr);
003571    d = szHdr;
003572    u = 0;
003573    while( idx<szHdr && d<=nKey ){
003574      u32 serial_type;
003575  
003576      idx += getVarint32(&aKey[idx], serial_type);
003577      pMem->enc = pKeyInfo->enc;
003578      pMem->db = pKeyInfo->db;
003579      /* pMem->flags = 0; // sqlite3VdbeSerialGet() will set this for us */
003580      pMem->szMalloc = 0;
003581      pMem->z = 0;
003582      d += sqlite3VdbeSerialGet(&aKey[d], serial_type, pMem);
003583      pMem++;
003584      if( (++u)>=p->nField ) break;
003585    }
003586    assert( u<=pKeyInfo->nKeyField + 1 );
003587    p->nField = u;
003588  }
003589  
003590  #ifdef SQLITE_DEBUG
003591  /*
003592  ** This function compares two index or table record keys in the same way
003593  ** as the sqlite3VdbeRecordCompare() routine. Unlike VdbeRecordCompare(),
003594  ** this function deserializes and compares values using the
003595  ** sqlite3VdbeSerialGet() and sqlite3MemCompare() functions. It is used
003596  ** in assert() statements to ensure that the optimized code in
003597  ** sqlite3VdbeRecordCompare() returns results with these two primitives.
003598  **
003599  ** Return true if the result of comparison is equivalent to desiredResult.
003600  ** Return false if there is a disagreement.
003601  */
003602  static int vdbeRecordCompareDebug(
003603    int nKey1, const void *pKey1, /* Left key */
003604    const UnpackedRecord *pPKey2, /* Right key */
003605    int desiredResult             /* Correct answer */
003606  ){
003607    u32 d1;            /* Offset into aKey[] of next data element */
003608    u32 idx1;          /* Offset into aKey[] of next header element */
003609    u32 szHdr1;        /* Number of bytes in header */
003610    int i = 0;
003611    int rc = 0;
003612    const unsigned char *aKey1 = (const unsigned char *)pKey1;
003613    KeyInfo *pKeyInfo;
003614    Mem mem1;
003615  
003616    pKeyInfo = pPKey2->pKeyInfo;
003617    if( pKeyInfo->db==0 ) return 1;
003618    mem1.enc = pKeyInfo->enc;
003619    mem1.db = pKeyInfo->db;
003620    /* mem1.flags = 0;  // Will be initialized by sqlite3VdbeSerialGet() */
003621    VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
003622  
003623    /* Compilers may complain that mem1.u.i is potentially uninitialized.
003624    ** We could initialize it, as shown here, to silence those complaints.
003625    ** But in fact, mem1.u.i will never actually be used uninitialized, and doing 
003626    ** the unnecessary initialization has a measurable negative performance
003627    ** impact, since this routine is a very high runner.  And so, we choose
003628    ** to ignore the compiler warnings and leave this variable uninitialized.
003629    */
003630    /*  mem1.u.i = 0;  // not needed, here to silence compiler warning */
003631    
003632    idx1 = getVarint32(aKey1, szHdr1);
003633    if( szHdr1>98307 ) return SQLITE_CORRUPT;
003634    d1 = szHdr1;
003635    assert( pKeyInfo->nAllField>=pPKey2->nField || CORRUPT_DB );
003636    assert( pKeyInfo->aSortOrder!=0 );
003637    assert( pKeyInfo->nKeyField>0 );
003638    assert( idx1<=szHdr1 || CORRUPT_DB );
003639    do{
003640      u32 serial_type1;
003641  
003642      /* Read the serial types for the next element in each key. */
003643      idx1 += getVarint32( aKey1+idx1, serial_type1 );
003644  
003645      /* Verify that there is enough key space remaining to avoid
003646      ** a buffer overread.  The "d1+serial_type1+2" subexpression will
003647      ** always be greater than or equal to the amount of required key space.
003648      ** Use that approximation to avoid the more expensive call to
003649      ** sqlite3VdbeSerialTypeLen() in the common case.
003650      */
003651      if( d1+serial_type1+2>(u32)nKey1
003652       && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
003653      ){
003654        break;
003655      }
003656  
003657      /* Extract the values to be compared.
003658      */
003659      d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
003660  
003661      /* Do the comparison
003662      */
003663      rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], pKeyInfo->aColl[i]);
003664      if( rc!=0 ){
003665        assert( mem1.szMalloc==0 );  /* See comment below */
003666        if( pKeyInfo->aSortOrder[i] ){
003667          rc = -rc;  /* Invert the result for DESC sort order. */
003668        }
003669        goto debugCompareEnd;
003670      }
003671      i++;
003672    }while( idx1<szHdr1 && i<pPKey2->nField );
003673  
003674    /* No memory allocation is ever used on mem1.  Prove this using
003675    ** the following assert().  If the assert() fails, it indicates a
003676    ** memory leak and a need to call sqlite3VdbeMemRelease(&mem1).
003677    */
003678    assert( mem1.szMalloc==0 );
003679  
003680    /* rc==0 here means that one of the keys ran out of fields and
003681    ** all the fields up to that point were equal. Return the default_rc
003682    ** value.  */
003683    rc = pPKey2->default_rc;
003684  
003685  debugCompareEnd:
003686    if( desiredResult==0 && rc==0 ) return 1;
003687    if( desiredResult<0 && rc<0 ) return 1;
003688    if( desiredResult>0 && rc>0 ) return 1;
003689    if( CORRUPT_DB ) return 1;
003690    if( pKeyInfo->db->mallocFailed ) return 1;
003691    return 0;
003692  }
003693  #endif
003694  
003695  #ifdef SQLITE_DEBUG
003696  /*
003697  ** Count the number of fields (a.k.a. columns) in the record given by
003698  ** pKey,nKey.  The verify that this count is less than or equal to the
003699  ** limit given by pKeyInfo->nAllField.
003700  **
003701  ** If this constraint is not satisfied, it means that the high-speed
003702  ** vdbeRecordCompareInt() and vdbeRecordCompareString() routines will
003703  ** not work correctly.  If this assert() ever fires, it probably means
003704  ** that the KeyInfo.nKeyField or KeyInfo.nAllField values were computed
003705  ** incorrectly.
003706  */
003707  static void vdbeAssertFieldCountWithinLimits(
003708    int nKey, const void *pKey,   /* The record to verify */ 
003709    const KeyInfo *pKeyInfo       /* Compare size with this KeyInfo */
003710  ){
003711    int nField = 0;
003712    u32 szHdr;
003713    u32 idx;
003714    u32 notUsed;
003715    const unsigned char *aKey = (const unsigned char*)pKey;
003716  
003717    if( CORRUPT_DB ) return;
003718    idx = getVarint32(aKey, szHdr);
003719    assert( nKey>=0 );
003720    assert( szHdr<=(u32)nKey );
003721    while( idx<szHdr ){
003722      idx += getVarint32(aKey+idx, notUsed);
003723      nField++;
003724    }
003725    assert( nField <= pKeyInfo->nAllField );
003726  }
003727  #else
003728  # define vdbeAssertFieldCountWithinLimits(A,B,C)
003729  #endif
003730  
003731  /*
003732  ** Both *pMem1 and *pMem2 contain string values. Compare the two values
003733  ** using the collation sequence pColl. As usual, return a negative , zero
003734  ** or positive value if *pMem1 is less than, equal to or greater than 
003735  ** *pMem2, respectively. Similar in spirit to "rc = (*pMem1) - (*pMem2);".
003736  */
003737  static int vdbeCompareMemString(
003738    const Mem *pMem1,
003739    const Mem *pMem2,
003740    const CollSeq *pColl,
003741    u8 *prcErr                      /* If an OOM occurs, set to SQLITE_NOMEM */
003742  ){
003743    if( pMem1->enc==pColl->enc ){
003744      /* The strings are already in the correct encoding.  Call the
003745       ** comparison function directly */
003746      return pColl->xCmp(pColl->pUser,pMem1->n,pMem1->z,pMem2->n,pMem2->z);
003747    }else{
003748      int rc;
003749      const void *v1, *v2;
003750      Mem c1;
003751      Mem c2;
003752      sqlite3VdbeMemInit(&c1, pMem1->db, MEM_Null);
003753      sqlite3VdbeMemInit(&c2, pMem1->db, MEM_Null);
003754      sqlite3VdbeMemShallowCopy(&c1, pMem1, MEM_Ephem);
003755      sqlite3VdbeMemShallowCopy(&c2, pMem2, MEM_Ephem);
003756      v1 = sqlite3ValueText((sqlite3_value*)&c1, pColl->enc);
003757      v2 = sqlite3ValueText((sqlite3_value*)&c2, pColl->enc);
003758      if( (v1==0 || v2==0) ){
003759        if( prcErr ) *prcErr = SQLITE_NOMEM_BKPT;
003760        rc = 0;
003761      }else{
003762        rc = pColl->xCmp(pColl->pUser, c1.n, v1, c2.n, v2);
003763      }
003764      sqlite3VdbeMemRelease(&c1);
003765      sqlite3VdbeMemRelease(&c2);
003766      return rc;
003767    }
003768  }
003769  
003770  /*
003771  ** The input pBlob is guaranteed to be a Blob that is not marked
003772  ** with MEM_Zero.  Return true if it could be a zero-blob.
003773  */
003774  static int isAllZero(const char *z, int n){
003775    int i;
003776    for(i=0; i<n; i++){
003777      if( z[i] ) return 0;
003778    }
003779    return 1;
003780  }
003781  
003782  /*
003783  ** Compare two blobs.  Return negative, zero, or positive if the first
003784  ** is less than, equal to, or greater than the second, respectively.
003785  ** If one blob is a prefix of the other, then the shorter is the lessor.
003786  */
003787  static SQLITE_NOINLINE int sqlite3BlobCompare(const Mem *pB1, const Mem *pB2){
003788    int c;
003789    int n1 = pB1->n;
003790    int n2 = pB2->n;
003791  
003792    /* It is possible to have a Blob value that has some non-zero content
003793    ** followed by zero content.  But that only comes up for Blobs formed
003794    ** by the OP_MakeRecord opcode, and such Blobs never get passed into
003795    ** sqlite3MemCompare(). */
003796    assert( (pB1->flags & MEM_Zero)==0 || n1==0 );
003797    assert( (pB2->flags & MEM_Zero)==0 || n2==0 );
003798  
003799    if( (pB1->flags|pB2->flags) & MEM_Zero ){
003800      if( pB1->flags & pB2->flags & MEM_Zero ){
003801        return pB1->u.nZero - pB2->u.nZero;
003802      }else if( pB1->flags & MEM_Zero ){
003803        if( !isAllZero(pB2->z, pB2->n) ) return -1;
003804        return pB1->u.nZero - n2;
003805      }else{
003806        if( !isAllZero(pB1->z, pB1->n) ) return +1;
003807        return n1 - pB2->u.nZero;
003808      }
003809    }
003810    c = memcmp(pB1->z, pB2->z, n1>n2 ? n2 : n1);
003811    if( c ) return c;
003812    return n1 - n2;
003813  }
003814  
003815  /*
003816  ** Do a comparison between a 64-bit signed integer and a 64-bit floating-point
003817  ** number.  Return negative, zero, or positive if the first (i64) is less than,
003818  ** equal to, or greater than the second (double).
003819  */
003820  static int sqlite3IntFloatCompare(i64 i, double r){
003821    if( sizeof(LONGDOUBLE_TYPE)>8 ){
003822      LONGDOUBLE_TYPE x = (LONGDOUBLE_TYPE)i;
003823      if( x<r ) return -1;
003824      if( x>r ) return +1;
003825      return 0;
003826    }else{
003827      i64 y;
003828      double s;
003829      if( r<-9223372036854775808.0 ) return +1;
003830      if( r>9223372036854775807.0 ) return -1;
003831      y = (i64)r;
003832      if( i<y ) return -1;
003833      if( i>y ){
003834        if( y==SMALLEST_INT64 && r>0.0 ) return -1;
003835        return +1;
003836      }
003837      s = (double)i;
003838      if( s<r ) return -1;
003839      if( s>r ) return +1;
003840      return 0;
003841    }
003842  }
003843  
003844  /*
003845  ** Compare the values contained by the two memory cells, returning
003846  ** negative, zero or positive if pMem1 is less than, equal to, or greater
003847  ** than pMem2. Sorting order is NULL's first, followed by numbers (integers
003848  ** and reals) sorted numerically, followed by text ordered by the collating
003849  ** sequence pColl and finally blob's ordered by memcmp().
003850  **
003851  ** Two NULL values are considered equal by this function.
003852  */
003853  int sqlite3MemCompare(const Mem *pMem1, const Mem *pMem2, const CollSeq *pColl){
003854    int f1, f2;
003855    int combined_flags;
003856  
003857    f1 = pMem1->flags;
003858    f2 = pMem2->flags;
003859    combined_flags = f1|f2;
003860    assert( (combined_flags & MEM_RowSet)==0 );
003861   
003862    /* If one value is NULL, it is less than the other. If both values
003863    ** are NULL, return 0.
003864    */
003865    if( combined_flags&MEM_Null ){
003866      return (f2&MEM_Null) - (f1&MEM_Null);
003867    }
003868  
003869    /* At least one of the two values is a number
003870    */
003871    if( combined_flags&(MEM_Int|MEM_Real) ){
003872      if( (f1 & f2 & MEM_Int)!=0 ){
003873        if( pMem1->u.i < pMem2->u.i ) return -1;
003874        if( pMem1->u.i > pMem2->u.i ) return +1;
003875        return 0;
003876      }
003877      if( (f1 & f2 & MEM_Real)!=0 ){
003878        if( pMem1->u.r < pMem2->u.r ) return -1;
003879        if( pMem1->u.r > pMem2->u.r ) return +1;
003880        return 0;
003881      }
003882      if( (f1&MEM_Int)!=0 ){
003883        if( (f2&MEM_Real)!=0 ){
003884          return sqlite3IntFloatCompare(pMem1->u.i, pMem2->u.r);
003885        }else{
003886          return -1;
003887        }
003888      }
003889      if( (f1&MEM_Real)!=0 ){
003890        if( (f2&MEM_Int)!=0 ){
003891          return -sqlite3IntFloatCompare(pMem2->u.i, pMem1->u.r);
003892        }else{
003893          return -1;
003894        }
003895      }
003896      return +1;
003897    }
003898  
003899    /* If one value is a string and the other is a blob, the string is less.
003900    ** If both are strings, compare using the collating functions.
003901    */
003902    if( combined_flags&MEM_Str ){
003903      if( (f1 & MEM_Str)==0 ){
003904        return 1;
003905      }
003906      if( (f2 & MEM_Str)==0 ){
003907        return -1;
003908      }
003909  
003910      assert( pMem1->enc==pMem2->enc || pMem1->db->mallocFailed );
003911      assert( pMem1->enc==SQLITE_UTF8 || 
003912              pMem1->enc==SQLITE_UTF16LE || pMem1->enc==SQLITE_UTF16BE );
003913  
003914      /* The collation sequence must be defined at this point, even if
003915      ** the user deletes the collation sequence after the vdbe program is
003916      ** compiled (this was not always the case).
003917      */
003918      assert( !pColl || pColl->xCmp );
003919  
003920      if( pColl ){
003921        return vdbeCompareMemString(pMem1, pMem2, pColl, 0);
003922      }
003923      /* If a NULL pointer was passed as the collate function, fall through
003924      ** to the blob case and use memcmp().  */
003925    }
003926   
003927    /* Both values must be blobs.  Compare using memcmp().  */
003928    return sqlite3BlobCompare(pMem1, pMem2);
003929  }
003930  
003931  
003932  /*
003933  ** The first argument passed to this function is a serial-type that
003934  ** corresponds to an integer - all values between 1 and 9 inclusive 
003935  ** except 7. The second points to a buffer containing an integer value
003936  ** serialized according to serial_type. This function deserializes
003937  ** and returns the value.
003938  */
003939  static i64 vdbeRecordDecodeInt(u32 serial_type, const u8 *aKey){
003940    u32 y;
003941    assert( CORRUPT_DB || (serial_type>=1 && serial_type<=9 && serial_type!=7) );
003942    switch( serial_type ){
003943      case 0:
003944      case 1:
003945        testcase( aKey[0]&0x80 );
003946        return ONE_BYTE_INT(aKey);
003947      case 2:
003948        testcase( aKey[0]&0x80 );
003949        return TWO_BYTE_INT(aKey);
003950      case 3:
003951        testcase( aKey[0]&0x80 );
003952        return THREE_BYTE_INT(aKey);
003953      case 4: {
003954        testcase( aKey[0]&0x80 );
003955        y = FOUR_BYTE_UINT(aKey);
003956        return (i64)*(int*)&y;
003957      }
003958      case 5: {
003959        testcase( aKey[0]&0x80 );
003960        return FOUR_BYTE_UINT(aKey+2) + (((i64)1)<<32)*TWO_BYTE_INT(aKey);
003961      }
003962      case 6: {
003963        u64 x = FOUR_BYTE_UINT(aKey);
003964        testcase( aKey[0]&0x80 );
003965        x = (x<<32) | FOUR_BYTE_UINT(aKey+4);
003966        return (i64)*(i64*)&x;
003967      }
003968    }
003969  
003970    return (serial_type - 8);
003971  }
003972  
003973  /*
003974  ** This function compares the two table rows or index records
003975  ** specified by {nKey1, pKey1} and pPKey2.  It returns a negative, zero
003976  ** or positive integer if key1 is less than, equal to or 
003977  ** greater than key2.  The {nKey1, pKey1} key must be a blob
003978  ** created by the OP_MakeRecord opcode of the VDBE.  The pPKey2
003979  ** key must be a parsed key such as obtained from
003980  ** sqlite3VdbeParseRecord.
003981  **
003982  ** If argument bSkip is non-zero, it is assumed that the caller has already
003983  ** determined that the first fields of the keys are equal.
003984  **
003985  ** Key1 and Key2 do not have to contain the same number of fields. If all 
003986  ** fields that appear in both keys are equal, then pPKey2->default_rc is 
003987  ** returned.
003988  **
003989  ** If database corruption is discovered, set pPKey2->errCode to 
003990  ** SQLITE_CORRUPT and return 0. If an OOM error is encountered, 
003991  ** pPKey2->errCode is set to SQLITE_NOMEM and, if it is not NULL, the
003992  ** malloc-failed flag set on database handle (pPKey2->pKeyInfo->db).
003993  */
003994  int sqlite3VdbeRecordCompareWithSkip(
003995    int nKey1, const void *pKey1,   /* Left key */
003996    UnpackedRecord *pPKey2,         /* Right key */
003997    int bSkip                       /* If true, skip the first field */
003998  ){
003999    u32 d1;                         /* Offset into aKey[] of next data element */
004000    int i;                          /* Index of next field to compare */
004001    u32 szHdr1;                     /* Size of record header in bytes */
004002    u32 idx1;                       /* Offset of first type in header */
004003    int rc = 0;                     /* Return value */
004004    Mem *pRhs = pPKey2->aMem;       /* Next field of pPKey2 to compare */
004005    KeyInfo *pKeyInfo = pPKey2->pKeyInfo;
004006    const unsigned char *aKey1 = (const unsigned char *)pKey1;
004007    Mem mem1;
004008  
004009    /* If bSkip is true, then the caller has already determined that the first
004010    ** two elements in the keys are equal. Fix the various stack variables so
004011    ** that this routine begins comparing at the second field. */
004012    if( bSkip ){
004013      u32 s1;
004014      idx1 = 1 + getVarint32(&aKey1[1], s1);
004015      szHdr1 = aKey1[0];
004016      d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
004017      i = 1;
004018      pRhs++;
004019    }else{
004020      idx1 = getVarint32(aKey1, szHdr1);
004021      d1 = szHdr1;
004022      if( d1>(unsigned)nKey1 ){ 
004023        pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004024        return 0;  /* Corruption */
004025      }
004026      i = 0;
004027    }
004028  
004029    VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
004030    assert( pPKey2->pKeyInfo->nAllField>=pPKey2->nField 
004031         || CORRUPT_DB );
004032    assert( pPKey2->pKeyInfo->aSortOrder!=0 );
004033    assert( pPKey2->pKeyInfo->nKeyField>0 );
004034    assert( idx1<=szHdr1 || CORRUPT_DB );
004035    do{
004036      u32 serial_type;
004037  
004038      /* RHS is an integer */
004039      if( pRhs->flags & MEM_Int ){
004040        serial_type = aKey1[idx1];
004041        testcase( serial_type==12 );
004042        if( serial_type>=10 ){
004043          rc = +1;
004044        }else if( serial_type==0 ){
004045          rc = -1;
004046        }else if( serial_type==7 ){
004047          sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
004048          rc = -sqlite3IntFloatCompare(pRhs->u.i, mem1.u.r);
004049        }else{
004050          i64 lhs = vdbeRecordDecodeInt(serial_type, &aKey1[d1]);
004051          i64 rhs = pRhs->u.i;
004052          if( lhs<rhs ){
004053            rc = -1;
004054          }else if( lhs>rhs ){
004055            rc = +1;
004056          }
004057        }
004058      }
004059  
004060      /* RHS is real */
004061      else if( pRhs->flags & MEM_Real ){
004062        serial_type = aKey1[idx1];
004063        if( serial_type>=10 ){
004064          /* Serial types 12 or greater are strings and blobs (greater than
004065          ** numbers). Types 10 and 11 are currently "reserved for future 
004066          ** use", so it doesn't really matter what the results of comparing
004067          ** them to numberic values are.  */
004068          rc = +1;
004069        }else if( serial_type==0 ){
004070          rc = -1;
004071        }else{
004072          sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
004073          if( serial_type==7 ){
004074            if( mem1.u.r<pRhs->u.r ){
004075              rc = -1;
004076            }else if( mem1.u.r>pRhs->u.r ){
004077              rc = +1;
004078            }
004079          }else{
004080            rc = sqlite3IntFloatCompare(mem1.u.i, pRhs->u.r);
004081          }
004082        }
004083      }
004084  
004085      /* RHS is a string */
004086      else if( pRhs->flags & MEM_Str ){
004087        getVarint32(&aKey1[idx1], serial_type);
004088        testcase( serial_type==12 );
004089        if( serial_type<12 ){
004090          rc = -1;
004091        }else if( !(serial_type & 0x01) ){
004092          rc = +1;
004093        }else{
004094          mem1.n = (serial_type - 12) / 2;
004095          testcase( (d1+mem1.n)==(unsigned)nKey1 );
004096          testcase( (d1+mem1.n+1)==(unsigned)nKey1 );
004097          if( (d1+mem1.n) > (unsigned)nKey1 ){
004098            pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004099            return 0;                /* Corruption */
004100          }else if( pKeyInfo->aColl[i] ){
004101            mem1.enc = pKeyInfo->enc;
004102            mem1.db = pKeyInfo->db;
004103            mem1.flags = MEM_Str;
004104            mem1.z = (char*)&aKey1[d1];
004105            rc = vdbeCompareMemString(
004106                &mem1, pRhs, pKeyInfo->aColl[i], &pPKey2->errCode
004107            );
004108          }else{
004109            int nCmp = MIN(mem1.n, pRhs->n);
004110            rc = memcmp(&aKey1[d1], pRhs->z, nCmp);
004111            if( rc==0 ) rc = mem1.n - pRhs->n; 
004112          }
004113        }
004114      }
004115  
004116      /* RHS is a blob */
004117      else if( pRhs->flags & MEM_Blob ){
004118        assert( (pRhs->flags & MEM_Zero)==0 || pRhs->n==0 );
004119        getVarint32(&aKey1[idx1], serial_type);
004120        testcase( serial_type==12 );
004121        if( serial_type<12 || (serial_type & 0x01) ){
004122          rc = -1;
004123        }else{
004124          int nStr = (serial_type - 12) / 2;
004125          testcase( (d1+nStr)==(unsigned)nKey1 );
004126          testcase( (d1+nStr+1)==(unsigned)nKey1 );
004127          if( (d1+nStr) > (unsigned)nKey1 ){
004128            pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004129            return 0;                /* Corruption */
004130          }else if( pRhs->flags & MEM_Zero ){
004131            if( !isAllZero((const char*)&aKey1[d1],nStr) ){
004132              rc = 1;
004133            }else{
004134              rc = nStr - pRhs->u.nZero;
004135            }
004136          }else{
004137            int nCmp = MIN(nStr, pRhs->n);
004138            rc = memcmp(&aKey1[d1], pRhs->z, nCmp);
004139            if( rc==0 ) rc = nStr - pRhs->n;
004140          }
004141        }
004142      }
004143  
004144      /* RHS is null */
004145      else{
004146        serial_type = aKey1[idx1];
004147        rc = (serial_type!=0);
004148      }
004149  
004150      if( rc!=0 ){
004151        if( pKeyInfo->aSortOrder[i] ){
004152          rc = -rc;
004153        }
004154        assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, rc) );
004155        assert( mem1.szMalloc==0 );  /* See comment below */
004156        return rc;
004157      }
004158  
004159      i++;
004160      pRhs++;
004161      d1 += sqlite3VdbeSerialTypeLen(serial_type);
004162      idx1 += sqlite3VarintLen(serial_type);
004163    }while( idx1<(unsigned)szHdr1 && i<pPKey2->nField && d1<=(unsigned)nKey1 );
004164  
004165    /* No memory allocation is ever used on mem1.  Prove this using
004166    ** the following assert().  If the assert() fails, it indicates a
004167    ** memory leak and a need to call sqlite3VdbeMemRelease(&mem1).  */
004168    assert( mem1.szMalloc==0 );
004169  
004170    /* rc==0 here means that one or both of the keys ran out of fields and
004171    ** all the fields up to that point were equal. Return the default_rc
004172    ** value.  */
004173    assert( CORRUPT_DB 
004174         || vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, pPKey2->default_rc) 
004175         || pKeyInfo->db->mallocFailed
004176    );
004177    pPKey2->eqSeen = 1;
004178    return pPKey2->default_rc;
004179  }
004180  int sqlite3VdbeRecordCompare(
004181    int nKey1, const void *pKey1,   /* Left key */
004182    UnpackedRecord *pPKey2          /* Right key */
004183  ){
004184    return sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 0);
004185  }
004186  
004187  
004188  /*
004189  ** This function is an optimized version of sqlite3VdbeRecordCompare() 
004190  ** that (a) the first field of pPKey2 is an integer, and (b) the 
004191  ** size-of-header varint at the start of (pKey1/nKey1) fits in a single
004192  ** byte (i.e. is less than 128).
004193  **
004194  ** To avoid concerns about buffer overreads, this routine is only used
004195  ** on schemas where the maximum valid header size is 63 bytes or less.
004196  */
004197  static int vdbeRecordCompareInt(
004198    int nKey1, const void *pKey1, /* Left key */
004199    UnpackedRecord *pPKey2        /* Right key */
004200  ){
004201    const u8 *aKey = &((const u8*)pKey1)[*(const u8*)pKey1 & 0x3F];
004202    int serial_type = ((const u8*)pKey1)[1];
004203    int res;
004204    u32 y;
004205    u64 x;
004206    i64 v;
004207    i64 lhs;
004208  
004209    vdbeAssertFieldCountWithinLimits(nKey1, pKey1, pPKey2->pKeyInfo);
004210    assert( (*(u8*)pKey1)<=0x3F || CORRUPT_DB );
004211    switch( serial_type ){
004212      case 1: { /* 1-byte signed integer */
004213        lhs = ONE_BYTE_INT(aKey);
004214        testcase( lhs<0 );
004215        break;
004216      }
004217      case 2: { /* 2-byte signed integer */
004218        lhs = TWO_BYTE_INT(aKey);
004219        testcase( lhs<0 );
004220        break;
004221      }
004222      case 3: { /* 3-byte signed integer */
004223        lhs = THREE_BYTE_INT(aKey);
004224        testcase( lhs<0 );
004225        break;
004226      }
004227      case 4: { /* 4-byte signed integer */
004228        y = FOUR_BYTE_UINT(aKey);
004229        lhs = (i64)*(int*)&y;
004230        testcase( lhs<0 );
004231        break;
004232      }
004233      case 5: { /* 6-byte signed integer */
004234        lhs = FOUR_BYTE_UINT(aKey+2) + (((i64)1)<<32)*TWO_BYTE_INT(aKey);
004235        testcase( lhs<0 );
004236        break;
004237      }
004238      case 6: { /* 8-byte signed integer */
004239        x = FOUR_BYTE_UINT(aKey);
004240        x = (x<<32) | FOUR_BYTE_UINT(aKey+4);
004241        lhs = *(i64*)&x;
004242        testcase( lhs<0 );
004243        break;
004244      }
004245      case 8: 
004246        lhs = 0;
004247        break;
004248      case 9:
004249        lhs = 1;
004250        break;
004251  
004252      /* This case could be removed without changing the results of running
004253      ** this code. Including it causes gcc to generate a faster switch 
004254      ** statement (since the range of switch targets now starts at zero and
004255      ** is contiguous) but does not cause any duplicate code to be generated
004256      ** (as gcc is clever enough to combine the two like cases). Other 
004257      ** compilers might be similar.  */ 
004258      case 0: case 7:
004259        return sqlite3VdbeRecordCompare(nKey1, pKey1, pPKey2);
004260  
004261      default:
004262        return sqlite3VdbeRecordCompare(nKey1, pKey1, pPKey2);
004263    }
004264  
004265    v = pPKey2->aMem[0].u.i;
004266    if( v>lhs ){
004267      res = pPKey2->r1;
004268    }else if( v<lhs ){
004269      res = pPKey2->r2;
004270    }else if( pPKey2->nField>1 ){
004271      /* The first fields of the two keys are equal. Compare the trailing 
004272      ** fields.  */
004273      res = sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 1);
004274    }else{
004275      /* The first fields of the two keys are equal and there are no trailing
004276      ** fields. Return pPKey2->default_rc in this case. */
004277      res = pPKey2->default_rc;
004278      pPKey2->eqSeen = 1;
004279    }
004280  
004281    assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, res) );
004282    return res;
004283  }
004284  
004285  /*
004286  ** This function is an optimized version of sqlite3VdbeRecordCompare() 
004287  ** that (a) the first field of pPKey2 is a string, that (b) the first field
004288  ** uses the collation sequence BINARY and (c) that the size-of-header varint 
004289  ** at the start of (pKey1/nKey1) fits in a single byte.
004290  */
004291  static int vdbeRecordCompareString(
004292    int nKey1, const void *pKey1, /* Left key */
004293    UnpackedRecord *pPKey2        /* Right key */
004294  ){
004295    const u8 *aKey1 = (const u8*)pKey1;
004296    int serial_type;
004297    int res;
004298  
004299    assert( pPKey2->aMem[0].flags & MEM_Str );
004300    vdbeAssertFieldCountWithinLimits(nKey1, pKey1, pPKey2->pKeyInfo);
004301    getVarint32(&aKey1[1], serial_type);
004302    if( serial_type<12 ){
004303      res = pPKey2->r1;      /* (pKey1/nKey1) is a number or a null */
004304    }else if( !(serial_type & 0x01) ){ 
004305      res = pPKey2->r2;      /* (pKey1/nKey1) is a blob */
004306    }else{
004307      int nCmp;
004308      int nStr;
004309      int szHdr = aKey1[0];
004310  
004311      nStr = (serial_type-12) / 2;
004312      if( (szHdr + nStr) > nKey1 ){
004313        pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004314        return 0;    /* Corruption */
004315      }
004316      nCmp = MIN( pPKey2->aMem[0].n, nStr );
004317      res = memcmp(&aKey1[szHdr], pPKey2->aMem[0].z, nCmp);
004318  
004319      if( res==0 ){
004320        res = nStr - pPKey2->aMem[0].n;
004321        if( res==0 ){
004322          if( pPKey2->nField>1 ){
004323            res = sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 1);
004324          }else{
004325            res = pPKey2->default_rc;
004326            pPKey2->eqSeen = 1;
004327          }
004328        }else if( res>0 ){
004329          res = pPKey2->r2;
004330        }else{
004331          res = pPKey2->r1;
004332        }
004333      }else if( res>0 ){
004334        res = pPKey2->r2;
004335      }else{
004336        res = pPKey2->r1;
004337      }
004338    }
004339  
004340    assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, res)
004341         || CORRUPT_DB
004342         || pPKey2->pKeyInfo->db->mallocFailed
004343    );
004344    return res;
004345  }
004346  
004347  /*
004348  ** Return a pointer to an sqlite3VdbeRecordCompare() compatible function
004349  ** suitable for comparing serialized records to the unpacked record passed
004350  ** as the only argument.
004351  */
004352  RecordCompare sqlite3VdbeFindCompare(UnpackedRecord *p){
004353    /* varintRecordCompareInt() and varintRecordCompareString() both assume
004354    ** that the size-of-header varint that occurs at the start of each record
004355    ** fits in a single byte (i.e. is 127 or less). varintRecordCompareInt()
004356    ** also assumes that it is safe to overread a buffer by at least the 
004357    ** maximum possible legal header size plus 8 bytes. Because there is
004358    ** guaranteed to be at least 74 (but not 136) bytes of padding following each
004359    ** buffer passed to varintRecordCompareInt() this makes it convenient to
004360    ** limit the size of the header to 64 bytes in cases where the first field
004361    ** is an integer.
004362    **
004363    ** The easiest way to enforce this limit is to consider only records with
004364    ** 13 fields or less. If the first field is an integer, the maximum legal
004365    ** header size is (12*5 + 1 + 1) bytes.  */
004366    if( p->pKeyInfo->nAllField<=13 ){
004367      int flags = p->aMem[0].flags;
004368      if( p->pKeyInfo->aSortOrder[0] ){
004369        p->r1 = 1;
004370        p->r2 = -1;
004371      }else{
004372        p->r1 = -1;
004373        p->r2 = 1;
004374      }
004375      if( (flags & MEM_Int) ){
004376        return vdbeRecordCompareInt;
004377      }
004378      testcase( flags & MEM_Real );
004379      testcase( flags & MEM_Null );
004380      testcase( flags & MEM_Blob );
004381      if( (flags & (MEM_Real|MEM_Null|MEM_Blob))==0 && p->pKeyInfo->aColl[0]==0 ){
004382        assert( flags & MEM_Str );
004383        return vdbeRecordCompareString;
004384      }
004385    }
004386  
004387    return sqlite3VdbeRecordCompare;
004388  }
004389  
004390  /*
004391  ** pCur points at an index entry created using the OP_MakeRecord opcode.
004392  ** Read the rowid (the last field in the record) and store it in *rowid.
004393  ** Return SQLITE_OK if everything works, or an error code otherwise.
004394  **
004395  ** pCur might be pointing to text obtained from a corrupt database file.
004396  ** So the content cannot be trusted.  Do appropriate checks on the content.
004397  */
004398  int sqlite3VdbeIdxRowid(sqlite3 *db, BtCursor *pCur, i64 *rowid){
004399    i64 nCellKey = 0;
004400    int rc;
004401    u32 szHdr;        /* Size of the header */
004402    u32 typeRowid;    /* Serial type of the rowid */
004403    u32 lenRowid;     /* Size of the rowid */
004404    Mem m, v;
004405  
004406    /* Get the size of the index entry.  Only indices entries of less
004407    ** than 2GiB are support - anything large must be database corruption.
004408    ** Any corruption is detected in sqlite3BtreeParseCellPtr(), though, so
004409    ** this code can safely assume that nCellKey is 32-bits  
004410    */
004411    assert( sqlite3BtreeCursorIsValid(pCur) );
004412    nCellKey = sqlite3BtreePayloadSize(pCur);
004413    assert( (nCellKey & SQLITE_MAX_U32)==(u64)nCellKey );
004414  
004415    /* Read in the complete content of the index entry */
004416    sqlite3VdbeMemInit(&m, db, 0);
004417    rc = sqlite3VdbeMemFromBtree(pCur, 0, (u32)nCellKey, &m);
004418    if( rc ){
004419      return rc;
004420    }
004421  
004422    /* The index entry must begin with a header size */
004423    (void)getVarint32((u8*)m.z, szHdr);
004424    testcase( szHdr==3 );
004425    testcase( szHdr==m.n );
004426    if( unlikely(szHdr<3 || (int)szHdr>m.n) ){
004427      goto idx_rowid_corruption;
004428    }
004429  
004430    /* The last field of the index should be an integer - the ROWID.
004431    ** Verify that the last entry really is an integer. */
004432    (void)getVarint32((u8*)&m.z[szHdr-1], typeRowid);
004433    testcase( typeRowid==1 );
004434    testcase( typeRowid==2 );
004435    testcase( typeRowid==3 );
004436    testcase( typeRowid==4 );
004437    testcase( typeRowid==5 );
004438    testcase( typeRowid==6 );
004439    testcase( typeRowid==8 );
004440    testcase( typeRowid==9 );
004441    if( unlikely(typeRowid<1 || typeRowid>9 || typeRowid==7) ){
004442      goto idx_rowid_corruption;
004443    }
004444    lenRowid = sqlite3SmallTypeSizes[typeRowid];
004445    testcase( (u32)m.n==szHdr+lenRowid );
004446    if( unlikely((u32)m.n<szHdr+lenRowid) ){
004447      goto idx_rowid_corruption;
004448    }
004449  
004450    /* Fetch the integer off the end of the index record */
004451    sqlite3VdbeSerialGet((u8*)&m.z[m.n-lenRowid], typeRowid, &v);
004452    *rowid = v.u.i;
004453    sqlite3VdbeMemRelease(&m);
004454    return SQLITE_OK;
004455  
004456    /* Jump here if database corruption is detected after m has been
004457    ** allocated.  Free the m object and return SQLITE_CORRUPT. */
004458  idx_rowid_corruption:
004459    testcase( m.szMalloc!=0 );
004460    sqlite3VdbeMemRelease(&m);
004461    return SQLITE_CORRUPT_BKPT;
004462  }
004463  
004464  /*
004465  ** Compare the key of the index entry that cursor pC is pointing to against
004466  ** the key string in pUnpacked.  Write into *pRes a number
004467  ** that is negative, zero, or positive if pC is less than, equal to,
004468  ** or greater than pUnpacked.  Return SQLITE_OK on success.
004469  **
004470  ** pUnpacked is either created without a rowid or is truncated so that it
004471  ** omits the rowid at the end.  The rowid at the end of the index entry
004472  ** is ignored as well.  Hence, this routine only compares the prefixes 
004473  ** of the keys prior to the final rowid, not the entire key.
004474  */
004475  int sqlite3VdbeIdxKeyCompare(
004476    sqlite3 *db,                     /* Database connection */
004477    VdbeCursor *pC,                  /* The cursor to compare against */
004478    UnpackedRecord *pUnpacked,       /* Unpacked version of key */
004479    int *res                         /* Write the comparison result here */
004480  ){
004481    i64 nCellKey = 0;
004482    int rc;
004483    BtCursor *pCur;
004484    Mem m;
004485  
004486    assert( pC->eCurType==CURTYPE_BTREE );
004487    pCur = pC->uc.pCursor;
004488    assert( sqlite3BtreeCursorIsValid(pCur) );
004489    nCellKey = sqlite3BtreePayloadSize(pCur);
004490    /* nCellKey will always be between 0 and 0xffffffff because of the way
004491    ** that btreeParseCellPtr() and sqlite3GetVarint32() are implemented */
004492    if( nCellKey<=0 || nCellKey>0x7fffffff ){
004493      *res = 0;
004494      return SQLITE_CORRUPT_BKPT;
004495    }
004496    sqlite3VdbeMemInit(&m, db, 0);
004497    rc = sqlite3VdbeMemFromBtree(pCur, 0, (u32)nCellKey, &m);
004498    if( rc ){
004499      return rc;
004500    }
004501    *res = sqlite3VdbeRecordCompare(m.n, m.z, pUnpacked);
004502    sqlite3VdbeMemRelease(&m);
004503    return SQLITE_OK;
004504  }
004505  
004506  /*
004507  ** This routine sets the value to be returned by subsequent calls to
004508  ** sqlite3_changes() on the database handle 'db'. 
004509  */
004510  void sqlite3VdbeSetChanges(sqlite3 *db, int nChange){
004511    assert( sqlite3_mutex_held(db->mutex) );
004512    db->nChange = nChange;
004513    db->nTotalChange += nChange;
004514  }
004515  
004516  /*
004517  ** Set a flag in the vdbe to update the change counter when it is finalised
004518  ** or reset.
004519  */
004520  void sqlite3VdbeCountChanges(Vdbe *v){
004521    v->changeCntOn = 1;
004522  }
004523  
004524  /*
004525  ** Mark every prepared statement associated with a database connection
004526  ** as expired.
004527  **
004528  ** An expired statement means that recompilation of the statement is
004529  ** recommend.  Statements expire when things happen that make their
004530  ** programs obsolete.  Removing user-defined functions or collating
004531  ** sequences, or changing an authorization function are the types of
004532  ** things that make prepared statements obsolete.
004533  */
004534  void sqlite3ExpirePreparedStatements(sqlite3 *db){
004535    Vdbe *p;
004536    for(p = db->pVdbe; p; p=p->pNext){
004537      p->expired = 1;
004538    }
004539  }
004540  
004541  /*
004542  ** Return the database associated with the Vdbe.
004543  */
004544  sqlite3 *sqlite3VdbeDb(Vdbe *v){
004545    return v->db;
004546  }
004547  
004548  /*
004549  ** Return the SQLITE_PREPARE flags for a Vdbe.
004550  */
004551  u8 sqlite3VdbePrepareFlags(Vdbe *v){
004552    return v->prepFlags;
004553  }
004554  
004555  /*
004556  ** Return a pointer to an sqlite3_value structure containing the value bound
004557  ** parameter iVar of VM v. Except, if the value is an SQL NULL, return 
004558  ** 0 instead. Unless it is NULL, apply affinity aff (one of the SQLITE_AFF_*
004559  ** constants) to the value before returning it.
004560  **
004561  ** The returned value must be freed by the caller using sqlite3ValueFree().
004562  */
004563  sqlite3_value *sqlite3VdbeGetBoundValue(Vdbe *v, int iVar, u8 aff){
004564    assert( iVar>0 );
004565    if( v ){
004566      Mem *pMem = &v->aVar[iVar-1];
004567      assert( (v->db->flags & SQLITE_EnableQPSG)==0 );
004568      if( 0==(pMem->flags & MEM_Null) ){
004569        sqlite3_value *pRet = sqlite3ValueNew(v->db);
004570        if( pRet ){
004571          sqlite3VdbeMemCopy((Mem *)pRet, pMem);
004572          sqlite3ValueApplyAffinity(pRet, aff, SQLITE_UTF8);
004573        }
004574        return pRet;
004575      }
004576    }
004577    return 0;
004578  }
004579  
004580  /*
004581  ** Configure SQL variable iVar so that binding a new value to it signals
004582  ** to sqlite3_reoptimize() that re-preparing the statement may result
004583  ** in a better query plan.
004584  */
004585  void sqlite3VdbeSetVarmask(Vdbe *v, int iVar){
004586    assert( iVar>0 );
004587    assert( (v->db->flags & SQLITE_EnableQPSG)==0 );
004588    if( iVar>=32 ){
004589      v->expmask |= 0x80000000;
004590    }else{
004591      v->expmask |= ((u32)1 << (iVar-1));
004592    }
004593  }
004594  
004595  /*
004596  ** Cause a function to throw an error if it was call from OP_PureFunc
004597  ** rather than OP_Function.
004598  **
004599  ** OP_PureFunc means that the function must be deterministic, and should
004600  ** throw an error if it is given inputs that would make it non-deterministic.
004601  ** This routine is invoked by date/time functions that use non-deterministic
004602  ** features such as 'now'.
004603  */
004604  int sqlite3NotPureFunc(sqlite3_context *pCtx){
004605  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
004606    if( pCtx->pVdbe==0 ) return 1;
004607  #endif
004608    if( pCtx->pVdbe->aOp[pCtx->iOp].opcode==OP_PureFunc ){
004609      sqlite3_result_error(pCtx, 
004610         "non-deterministic function in index expression or CHECK constraint",
004611         -1);
004612      return 0;
004613    }
004614    return 1;
004615  }
004616  
004617  #ifndef SQLITE_OMIT_VIRTUALTABLE
004618  /*
004619  ** Transfer error message text from an sqlite3_vtab.zErrMsg (text stored
004620  ** in memory obtained from sqlite3_malloc) into a Vdbe.zErrMsg (text stored
004621  ** in memory obtained from sqlite3DbMalloc).
004622  */
004623  void sqlite3VtabImportErrmsg(Vdbe *p, sqlite3_vtab *pVtab){
004624    if( pVtab->zErrMsg ){
004625      sqlite3 *db = p->db;
004626      sqlite3DbFree(db, p->zErrMsg);
004627      p->zErrMsg = sqlite3DbStrDup(db, pVtab->zErrMsg);
004628      sqlite3_free(pVtab->zErrMsg);
004629      pVtab->zErrMsg = 0;
004630    }
004631  }
004632  #endif /* SQLITE_OMIT_VIRTUALTABLE */
004633  
004634  #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
004635  
004636  /*
004637  ** If the second argument is not NULL, release any allocations associated 
004638  ** with the memory cells in the p->aMem[] array. Also free the UnpackedRecord
004639  ** structure itself, using sqlite3DbFree().
004640  **
004641  ** This function is used to free UnpackedRecord structures allocated by
004642  ** the vdbeUnpackRecord() function found in vdbeapi.c.
004643  */
004644  static void vdbeFreeUnpacked(sqlite3 *db, int nField, UnpackedRecord *p){
004645    if( p ){
004646      int i;
004647      for(i=0; i<nField; i++){
004648        Mem *pMem = &p->aMem[i];
004649        if( pMem->zMalloc ) sqlite3VdbeMemRelease(pMem);
004650      }
004651      sqlite3DbFreeNN(db, p);
004652    }
004653  }
004654  #endif /* SQLITE_ENABLE_PREUPDATE_HOOK */
004655  
004656  #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
004657  /*
004658  ** Invoke the pre-update hook. If this is an UPDATE or DELETE pre-update call,
004659  ** then cursor passed as the second argument should point to the row about
004660  ** to be update or deleted. If the application calls sqlite3_preupdate_old(),
004661  ** the required value will be read from the row the cursor points to.
004662  */
004663  void sqlite3VdbePreUpdateHook(
004664    Vdbe *v,                        /* Vdbe pre-update hook is invoked by */
004665    VdbeCursor *pCsr,               /* Cursor to grab old.* values from */
004666    int op,                         /* SQLITE_INSERT, UPDATE or DELETE */
004667    const char *zDb,                /* Database name */
004668    Table *pTab,                    /* Modified table */
004669    i64 iKey1,                      /* Initial key value */
004670    int iReg                        /* Register for new.* record */
004671  ){
004672    sqlite3 *db = v->db;
004673    i64 iKey2;
004674    PreUpdate preupdate;
004675    const char *zTbl = pTab->zName;
004676    static const u8 fakeSortOrder = 0;
004677  
004678    assert( db->pPreUpdate==0 );
004679    memset(&preupdate, 0, sizeof(PreUpdate));
004680    if( HasRowid(pTab)==0 ){
004681      iKey1 = iKey2 = 0;
004682      preupdate.pPk = sqlite3PrimaryKeyIndex(pTab);
004683    }else{
004684      if( op==SQLITE_UPDATE ){
004685        iKey2 = v->aMem[iReg].u.i;
004686      }else{
004687        iKey2 = iKey1;
004688      }
004689    }
004690  
004691    assert( pCsr->nField==pTab->nCol 
004692         || (pCsr->nField==pTab->nCol+1 && op==SQLITE_DELETE && iReg==-1)
004693    );
004694  
004695    preupdate.v = v;
004696    preupdate.pCsr = pCsr;
004697    preupdate.op = op;
004698    preupdate.iNewReg = iReg;
004699    preupdate.keyinfo.db = db;
004700    preupdate.keyinfo.enc = ENC(db);
004701    preupdate.keyinfo.nKeyField = pTab->nCol;
004702    preupdate.keyinfo.aSortOrder = (u8*)&fakeSortOrder;
004703    preupdate.iKey1 = iKey1;
004704    preupdate.iKey2 = iKey2;
004705    preupdate.pTab = pTab;
004706  
004707    db->pPreUpdate = &preupdate;
004708    db->xPreUpdateCallback(db->pPreUpdateArg, db, op, zDb, zTbl, iKey1, iKey2);
004709    db->pPreUpdate = 0;
004710    sqlite3DbFree(db, preupdate.aRecord);
004711    vdbeFreeUnpacked(db, preupdate.keyinfo.nKeyField+1, preupdate.pUnpacked);
004712    vdbeFreeUnpacked(db, preupdate.keyinfo.nKeyField+1, preupdate.pNewUnpacked);
004713    if( preupdate.aNew ){
004714      int i;
004715      for(i=0; i<pCsr->nField; i++){
004716        sqlite3VdbeMemRelease(&preupdate.aNew[i]);
004717      }
004718      sqlite3DbFreeNN(db, preupdate.aNew);
004719    }
004720  }
004721  #endif /* SQLITE_ENABLE_PREUPDATE_HOOK */