000001  /*
000002  ** 2003 September 6
000003  **
000004  ** The author disclaims copyright to this source code.  In place of
000005  ** a legal notice, here is a blessing:
000006  **
000007  **    May you do good and not evil.
000008  **    May you find forgiveness for yourself and forgive others.
000009  **    May you share freely, never taking more than you give.
000010  **
000011  *************************************************************************
000012  ** This file contains code used for creating, destroying, and populating
000013  ** a VDBE (or an "sqlite3_stmt" as it is known to the outside world.) 
000014  */
000015  #include "sqliteInt.h"
000016  #include "vdbeInt.h"
000017  
000018  /*
000019  ** Create a new virtual database engine.
000020  */
000021  Vdbe *sqlite3VdbeCreate(Parse *pParse){
000022    sqlite3 *db = pParse->db;
000023    Vdbe *p;
000024    p = sqlite3DbMallocRawNN(db, sizeof(Vdbe) );
000025    if( p==0 ) return 0;
000026    memset(&p->aOp, 0, sizeof(Vdbe)-offsetof(Vdbe,aOp));
000027    p->db = db;
000028    if( db->pVdbe ){
000029      db->pVdbe->pPrev = p;
000030    }
000031    p->pNext = db->pVdbe;
000032    p->pPrev = 0;
000033    db->pVdbe = p;
000034    p->magic = VDBE_MAGIC_INIT;
000035    p->pParse = pParse;
000036    pParse->pVdbe = p;
000037    assert( pParse->aLabel==0 );
000038    assert( pParse->nLabel==0 );
000039    assert( pParse->nOpAlloc==0 );
000040    assert( pParse->szOpAlloc==0 );
000041    sqlite3VdbeAddOp2(p, OP_Init, 0, 1);
000042    return p;
000043  }
000044  
000045  /*
000046  ** Change the error string stored in Vdbe.zErrMsg
000047  */
000048  void sqlite3VdbeError(Vdbe *p, const char *zFormat, ...){
000049    va_list ap;
000050    sqlite3DbFree(p->db, p->zErrMsg);
000051    va_start(ap, zFormat);
000052    p->zErrMsg = sqlite3VMPrintf(p->db, zFormat, ap);
000053    va_end(ap);
000054  }
000055  
000056  /*
000057  ** Remember the SQL string for a prepared statement.
000058  */
000059  void sqlite3VdbeSetSql(Vdbe *p, const char *z, int n, u8 prepFlags){
000060    if( p==0 ) return;
000061    p->prepFlags = prepFlags;
000062    if( (prepFlags & SQLITE_PREPARE_SAVESQL)==0 ){
000063      p->expmask = 0;
000064    }
000065    assert( p->zSql==0 );
000066    p->zSql = sqlite3DbStrNDup(p->db, z, n);
000067  }
000068  
000069  /*
000070  ** Swap all content between two VDBE structures.
000071  */
000072  void sqlite3VdbeSwap(Vdbe *pA, Vdbe *pB){
000073    Vdbe tmp, *pTmp;
000074    char *zTmp;
000075    assert( pA->db==pB->db );
000076    tmp = *pA;
000077    *pA = *pB;
000078    *pB = tmp;
000079    pTmp = pA->pNext;
000080    pA->pNext = pB->pNext;
000081    pB->pNext = pTmp;
000082    pTmp = pA->pPrev;
000083    pA->pPrev = pB->pPrev;
000084    pB->pPrev = pTmp;
000085    zTmp = pA->zSql;
000086    pA->zSql = pB->zSql;
000087    pB->zSql = zTmp;
000088    pB->expmask = pA->expmask;
000089    pB->prepFlags = pA->prepFlags;
000090    memcpy(pB->aCounter, pA->aCounter, sizeof(pB->aCounter));
000091    pB->aCounter[SQLITE_STMTSTATUS_REPREPARE]++;
000092  }
000093  
000094  /*
000095  ** Resize the Vdbe.aOp array so that it is at least nOp elements larger 
000096  ** than its current size. nOp is guaranteed to be less than or equal
000097  ** to 1024/sizeof(Op).
000098  **
000099  ** If an out-of-memory error occurs while resizing the array, return
000100  ** SQLITE_NOMEM. In this case Vdbe.aOp and Parse.nOpAlloc remain 
000101  ** unchanged (this is so that any opcodes already allocated can be 
000102  ** correctly deallocated along with the rest of the Vdbe).
000103  */
000104  static int growOpArray(Vdbe *v, int nOp){
000105    VdbeOp *pNew;
000106    Parse *p = v->pParse;
000107  
000108    /* The SQLITE_TEST_REALLOC_STRESS compile-time option is designed to force
000109    ** more frequent reallocs and hence provide more opportunities for 
000110    ** simulated OOM faults.  SQLITE_TEST_REALLOC_STRESS is generally used
000111    ** during testing only.  With SQLITE_TEST_REALLOC_STRESS grow the op array
000112    ** by the minimum* amount required until the size reaches 512.  Normal
000113    ** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
000114    ** size of the op array or add 1KB of space, whichever is smaller. */
000115  #ifdef SQLITE_TEST_REALLOC_STRESS
000116    int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
000117  #else
000118    int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
000119    UNUSED_PARAMETER(nOp);
000120  #endif
000121  
000122    /* Ensure that the size of a VDBE does not grow too large */
000123    if( nNew > p->db->aLimit[SQLITE_LIMIT_VDBE_OP] ){
000124      sqlite3OomFault(p->db);
000125      return SQLITE_NOMEM;
000126    }
000127  
000128    assert( nOp<=(1024/sizeof(Op)) );
000129    assert( nNew>=(p->nOpAlloc+nOp) );
000130    pNew = sqlite3DbRealloc(p->db, v->aOp, nNew*sizeof(Op));
000131    if( pNew ){
000132      p->szOpAlloc = sqlite3DbMallocSize(p->db, pNew);
000133      p->nOpAlloc = p->szOpAlloc/sizeof(Op);
000134      v->aOp = pNew;
000135    }
000136    return (pNew ? SQLITE_OK : SQLITE_NOMEM_BKPT);
000137  }
000138  
000139  #ifdef SQLITE_DEBUG
000140  /* This routine is just a convenient place to set a breakpoint that will
000141  ** fire after each opcode is inserted and displayed using
000142  ** "PRAGMA vdbe_addoptrace=on".
000143  */
000144  static void test_addop_breakpoint(void){
000145    static int n = 0;
000146    n++;
000147  }
000148  #endif
000149  
000150  /*
000151  ** Add a new instruction to the list of instructions current in the
000152  ** VDBE.  Return the address of the new instruction.
000153  **
000154  ** Parameters:
000155  **
000156  **    p               Pointer to the VDBE
000157  **
000158  **    op              The opcode for this instruction
000159  **
000160  **    p1, p2, p3      Operands
000161  **
000162  ** Use the sqlite3VdbeResolveLabel() function to fix an address and
000163  ** the sqlite3VdbeChangeP4() function to change the value of the P4
000164  ** operand.
000165  */
000166  static SQLITE_NOINLINE int growOp3(Vdbe *p, int op, int p1, int p2, int p3){
000167    assert( p->pParse->nOpAlloc<=p->nOp );
000168    if( growOpArray(p, 1) ) return 1;
000169    assert( p->pParse->nOpAlloc>p->nOp );
000170    return sqlite3VdbeAddOp3(p, op, p1, p2, p3);
000171  }
000172  int sqlite3VdbeAddOp3(Vdbe *p, int op, int p1, int p2, int p3){
000173    int i;
000174    VdbeOp *pOp;
000175  
000176    i = p->nOp;
000177    assert( p->magic==VDBE_MAGIC_INIT );
000178    assert( op>=0 && op<0xff );
000179    if( p->pParse->nOpAlloc<=i ){
000180      return growOp3(p, op, p1, p2, p3);
000181    }
000182    p->nOp++;
000183    pOp = &p->aOp[i];
000184    pOp->opcode = (u8)op;
000185    pOp->p5 = 0;
000186    pOp->p1 = p1;
000187    pOp->p2 = p2;
000188    pOp->p3 = p3;
000189    pOp->p4.p = 0;
000190    pOp->p4type = P4_NOTUSED;
000191  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
000192    pOp->zComment = 0;
000193  #endif
000194  #ifdef SQLITE_DEBUG
000195    if( p->db->flags & SQLITE_VdbeAddopTrace ){
000196      int jj, kk;
000197      Parse *pParse = p->pParse;
000198      for(jj=kk=0; jj<pParse->nColCache; jj++){
000199        struct yColCache *x = pParse->aColCache + jj;
000200        printf(" r[%d]={%d:%d}", x->iReg, x->iTable, x->iColumn);
000201        kk++;
000202      }
000203      if( kk ) printf("\n");
000204      sqlite3VdbePrintOp(0, i, &p->aOp[i]);
000205      test_addop_breakpoint();
000206    }
000207  #endif
000208  #ifdef VDBE_PROFILE
000209    pOp->cycles = 0;
000210    pOp->cnt = 0;
000211  #endif
000212  #ifdef SQLITE_VDBE_COVERAGE
000213    pOp->iSrcLine = 0;
000214  #endif
000215    return i;
000216  }
000217  int sqlite3VdbeAddOp0(Vdbe *p, int op){
000218    return sqlite3VdbeAddOp3(p, op, 0, 0, 0);
000219  }
000220  int sqlite3VdbeAddOp1(Vdbe *p, int op, int p1){
000221    return sqlite3VdbeAddOp3(p, op, p1, 0, 0);
000222  }
000223  int sqlite3VdbeAddOp2(Vdbe *p, int op, int p1, int p2){
000224    return sqlite3VdbeAddOp3(p, op, p1, p2, 0);
000225  }
000226  
000227  /* Generate code for an unconditional jump to instruction iDest
000228  */
000229  int sqlite3VdbeGoto(Vdbe *p, int iDest){
000230    return sqlite3VdbeAddOp3(p, OP_Goto, 0, iDest, 0);
000231  }
000232  
000233  /* Generate code to cause the string zStr to be loaded into
000234  ** register iDest
000235  */
000236  int sqlite3VdbeLoadString(Vdbe *p, int iDest, const char *zStr){
000237    return sqlite3VdbeAddOp4(p, OP_String8, 0, iDest, 0, zStr, 0);
000238  }
000239  
000240  /*
000241  ** Generate code that initializes multiple registers to string or integer
000242  ** constants.  The registers begin with iDest and increase consecutively.
000243  ** One register is initialized for each characgter in zTypes[].  For each
000244  ** "s" character in zTypes[], the register is a string if the argument is
000245  ** not NULL, or OP_Null if the value is a null pointer.  For each "i" character
000246  ** in zTypes[], the register is initialized to an integer.
000247  **
000248  ** If the input string does not end with "X" then an OP_ResultRow instruction
000249  ** is generated for the values inserted.
000250  */
000251  void sqlite3VdbeMultiLoad(Vdbe *p, int iDest, const char *zTypes, ...){
000252    va_list ap;
000253    int i;
000254    char c;
000255    va_start(ap, zTypes);
000256    for(i=0; (c = zTypes[i])!=0; i++){
000257      if( c=='s' ){
000258        const char *z = va_arg(ap, const char*);
000259        sqlite3VdbeAddOp4(p, z==0 ? OP_Null : OP_String8, 0, iDest+i, 0, z, 0);
000260      }else if( c=='i' ){
000261        sqlite3VdbeAddOp2(p, OP_Integer, va_arg(ap, int), iDest+i);
000262      }else{
000263        goto skip_op_resultrow;
000264      }
000265    }
000266    sqlite3VdbeAddOp2(p, OP_ResultRow, iDest, i);
000267  skip_op_resultrow:
000268    va_end(ap);
000269  }
000270  
000271  /*
000272  ** Add an opcode that includes the p4 value as a pointer.
000273  */
000274  int sqlite3VdbeAddOp4(
000275    Vdbe *p,            /* Add the opcode to this VM */
000276    int op,             /* The new opcode */
000277    int p1,             /* The P1 operand */
000278    int p2,             /* The P2 operand */
000279    int p3,             /* The P3 operand */
000280    const char *zP4,    /* The P4 operand */
000281    int p4type          /* P4 operand type */
000282  ){
000283    int addr = sqlite3VdbeAddOp3(p, op, p1, p2, p3);
000284    sqlite3VdbeChangeP4(p, addr, zP4, p4type);
000285    return addr;
000286  }
000287  
000288  /*
000289  ** Add an opcode that includes the p4 value with a P4_INT64 or
000290  ** P4_REAL type.
000291  */
000292  int sqlite3VdbeAddOp4Dup8(
000293    Vdbe *p,            /* Add the opcode to this VM */
000294    int op,             /* The new opcode */
000295    int p1,             /* The P1 operand */
000296    int p2,             /* The P2 operand */
000297    int p3,             /* The P3 operand */
000298    const u8 *zP4,      /* The P4 operand */
000299    int p4type          /* P4 operand type */
000300  ){
000301    char *p4copy = sqlite3DbMallocRawNN(sqlite3VdbeDb(p), 8);
000302    if( p4copy ) memcpy(p4copy, zP4, 8);
000303    return sqlite3VdbeAddOp4(p, op, p1, p2, p3, p4copy, p4type);
000304  }
000305  
000306  #ifndef SQLITE_OMIT_EXPLAIN
000307  /*
000308  ** Return the address of the current EXPLAIN QUERY PLAN baseline.
000309  ** 0 means "none".
000310  */
000311  int sqlite3VdbeExplainParent(Parse *pParse){
000312    VdbeOp *pOp;
000313    if( pParse->addrExplain==0 ) return 0;
000314    pOp = sqlite3VdbeGetOp(pParse->pVdbe, pParse->addrExplain);
000315    return pOp->p2;
000316  }
000317  
000318  /*
000319  ** Add a new OP_Explain opcode.
000320  **
000321  ** If the bPush flag is true, then make this opcode the parent for
000322  ** subsequent Explains until sqlite3VdbeExplainPop() is called.
000323  */
000324  void sqlite3VdbeExplain(Parse *pParse, u8 bPush, const char *zFmt, ...){
000325    if( pParse->explain==2 ){
000326      char *zMsg;
000327      Vdbe *v = pParse->pVdbe;
000328      va_list ap;
000329      int iThis;
000330      va_start(ap, zFmt);
000331      zMsg = sqlite3VMPrintf(pParse->db, zFmt, ap);
000332      va_end(ap);
000333      v = pParse->pVdbe;
000334      iThis = v->nOp;
000335      sqlite3VdbeAddOp4(v, OP_Explain, iThis, pParse->addrExplain, 0,
000336                        zMsg, P4_DYNAMIC);
000337      if( bPush) pParse->addrExplain = iThis;
000338    }
000339  }
000340  
000341  /*
000342  ** Pop the EXPLAIN QUERY PLAN stack one level.
000343  */
000344  void sqlite3VdbeExplainPop(Parse *pParse){
000345    pParse->addrExplain = sqlite3VdbeExplainParent(pParse);
000346  }
000347  #endif /* SQLITE_OMIT_EXPLAIN */
000348  
000349  /*
000350  ** Add an OP_ParseSchema opcode.  This routine is broken out from
000351  ** sqlite3VdbeAddOp4() since it needs to also needs to mark all btrees
000352  ** as having been used.
000353  **
000354  ** The zWhere string must have been obtained from sqlite3_malloc().
000355  ** This routine will take ownership of the allocated memory.
000356  */
000357  void sqlite3VdbeAddParseSchemaOp(Vdbe *p, int iDb, char *zWhere){
000358    int j;
000359    sqlite3VdbeAddOp4(p, OP_ParseSchema, iDb, 0, 0, zWhere, P4_DYNAMIC);
000360    for(j=0; j<p->db->nDb; j++) sqlite3VdbeUsesBtree(p, j);
000361  }
000362  
000363  /*
000364  ** Add an opcode that includes the p4 value as an integer.
000365  */
000366  int sqlite3VdbeAddOp4Int(
000367    Vdbe *p,            /* Add the opcode to this VM */
000368    int op,             /* The new opcode */
000369    int p1,             /* The P1 operand */
000370    int p2,             /* The P2 operand */
000371    int p3,             /* The P3 operand */
000372    int p4              /* The P4 operand as an integer */
000373  ){
000374    int addr = sqlite3VdbeAddOp3(p, op, p1, p2, p3);
000375    if( p->db->mallocFailed==0 ){
000376      VdbeOp *pOp = &p->aOp[addr];
000377      pOp->p4type = P4_INT32;
000378      pOp->p4.i = p4;
000379    }
000380    return addr;
000381  }
000382  
000383  /* Insert the end of a co-routine
000384  */
000385  void sqlite3VdbeEndCoroutine(Vdbe *v, int regYield){
000386    sqlite3VdbeAddOp1(v, OP_EndCoroutine, regYield);
000387  
000388    /* Clear the temporary register cache, thereby ensuring that each
000389    ** co-routine has its own independent set of registers, because co-routines
000390    ** might expect their registers to be preserved across an OP_Yield, and
000391    ** that could cause problems if two or more co-routines are using the same
000392    ** temporary register.
000393    */
000394    v->pParse->nTempReg = 0;
000395    v->pParse->nRangeReg = 0;
000396  }
000397  
000398  /*
000399  ** Create a new symbolic label for an instruction that has yet to be
000400  ** coded.  The symbolic label is really just a negative number.  The
000401  ** label can be used as the P2 value of an operation.  Later, when
000402  ** the label is resolved to a specific address, the VDBE will scan
000403  ** through its operation list and change all values of P2 which match
000404  ** the label into the resolved address.
000405  **
000406  ** The VDBE knows that a P2 value is a label because labels are
000407  ** always negative and P2 values are suppose to be non-negative.
000408  ** Hence, a negative P2 value is a label that has yet to be resolved.
000409  **
000410  ** Zero is returned if a malloc() fails.
000411  */
000412  int sqlite3VdbeMakeLabel(Vdbe *v){
000413    Parse *p = v->pParse;
000414    int i = p->nLabel++;
000415    assert( v->magic==VDBE_MAGIC_INIT );
000416    if( (i & (i-1))==0 ){
000417      p->aLabel = sqlite3DbReallocOrFree(p->db, p->aLabel, 
000418                                         (i*2+1)*sizeof(p->aLabel[0]));
000419    }
000420    if( p->aLabel ){
000421      p->aLabel[i] = -1;
000422    }
000423    return ADDR(i);
000424  }
000425  
000426  /*
000427  ** Resolve label "x" to be the address of the next instruction to
000428  ** be inserted.  The parameter "x" must have been obtained from
000429  ** a prior call to sqlite3VdbeMakeLabel().
000430  */
000431  void sqlite3VdbeResolveLabel(Vdbe *v, int x){
000432    Parse *p = v->pParse;
000433    int j = ADDR(x);
000434    assert( v->magic==VDBE_MAGIC_INIT );
000435    assert( j<p->nLabel );
000436    assert( j>=0 );
000437    if( p->aLabel ){
000438  #ifdef SQLITE_DEBUG
000439      if( p->db->flags & SQLITE_VdbeAddopTrace ){
000440        printf("RESOLVE LABEL %d to %d\n", x, v->nOp);
000441      }
000442  #endif
000443      assert( p->aLabel[j]==(-1) ); /* Labels may only be resolved once */
000444      p->aLabel[j] = v->nOp;
000445    }
000446  }
000447  
000448  #ifdef SQLITE_COVERAGE_TEST
000449  /*
000450  ** Return TRUE if and only if the label x has already been resolved.
000451  ** Return FALSE (zero) if label x is still unresolved.
000452  **
000453  ** This routine is only used inside of testcase() macros, and so it
000454  ** only exists when measuring test coverage.
000455  */
000456  int sqlite3VdbeLabelHasBeenResolved(Vdbe *v, int x){
000457    return v->pParse->aLabel && v->pParse->aLabel[ADDR(x)]>=0;
000458  }
000459  #endif /* SQLITE_COVERAGE_TEST */
000460  
000461  /*
000462  ** Mark the VDBE as one that can only be run one time.
000463  */
000464  void sqlite3VdbeRunOnlyOnce(Vdbe *p){
000465    p->runOnlyOnce = 1;
000466  }
000467  
000468  /*
000469  ** Mark the VDBE as one that can only be run multiple times.
000470  */
000471  void sqlite3VdbeReusable(Vdbe *p){
000472    p->runOnlyOnce = 0;
000473  }
000474  
000475  #ifdef SQLITE_DEBUG /* sqlite3AssertMayAbort() logic */
000476  
000477  /*
000478  ** The following type and function are used to iterate through all opcodes
000479  ** in a Vdbe main program and each of the sub-programs (triggers) it may 
000480  ** invoke directly or indirectly. It should be used as follows:
000481  **
000482  **   Op *pOp;
000483  **   VdbeOpIter sIter;
000484  **
000485  **   memset(&sIter, 0, sizeof(sIter));
000486  **   sIter.v = v;                            // v is of type Vdbe* 
000487  **   while( (pOp = opIterNext(&sIter)) ){
000488  **     // Do something with pOp
000489  **   }
000490  **   sqlite3DbFree(v->db, sIter.apSub);
000491  ** 
000492  */
000493  typedef struct VdbeOpIter VdbeOpIter;
000494  struct VdbeOpIter {
000495    Vdbe *v;                   /* Vdbe to iterate through the opcodes of */
000496    SubProgram **apSub;        /* Array of subprograms */
000497    int nSub;                  /* Number of entries in apSub */
000498    int iAddr;                 /* Address of next instruction to return */
000499    int iSub;                  /* 0 = main program, 1 = first sub-program etc. */
000500  };
000501  static Op *opIterNext(VdbeOpIter *p){
000502    Vdbe *v = p->v;
000503    Op *pRet = 0;
000504    Op *aOp;
000505    int nOp;
000506  
000507    if( p->iSub<=p->nSub ){
000508  
000509      if( p->iSub==0 ){
000510        aOp = v->aOp;
000511        nOp = v->nOp;
000512      }else{
000513        aOp = p->apSub[p->iSub-1]->aOp;
000514        nOp = p->apSub[p->iSub-1]->nOp;
000515      }
000516      assert( p->iAddr<nOp );
000517  
000518      pRet = &aOp[p->iAddr];
000519      p->iAddr++;
000520      if( p->iAddr==nOp ){
000521        p->iSub++;
000522        p->iAddr = 0;
000523      }
000524    
000525      if( pRet->p4type==P4_SUBPROGRAM ){
000526        int nByte = (p->nSub+1)*sizeof(SubProgram*);
000527        int j;
000528        for(j=0; j<p->nSub; j++){
000529          if( p->apSub[j]==pRet->p4.pProgram ) break;
000530        }
000531        if( j==p->nSub ){
000532          p->apSub = sqlite3DbReallocOrFree(v->db, p->apSub, nByte);
000533          if( !p->apSub ){
000534            pRet = 0;
000535          }else{
000536            p->apSub[p->nSub++] = pRet->p4.pProgram;
000537          }
000538        }
000539      }
000540    }
000541  
000542    return pRet;
000543  }
000544  
000545  /*
000546  ** Check if the program stored in the VM associated with pParse may
000547  ** throw an ABORT exception (causing the statement, but not entire transaction
000548  ** to be rolled back). This condition is true if the main program or any
000549  ** sub-programs contains any of the following:
000550  **
000551  **   *  OP_Halt with P1=SQLITE_CONSTRAINT and P2=OE_Abort.
000552  **   *  OP_HaltIfNull with P1=SQLITE_CONSTRAINT and P2=OE_Abort.
000553  **   *  OP_Destroy
000554  **   *  OP_VUpdate
000555  **   *  OP_VRename
000556  **   *  OP_FkCounter with P2==0 (immediate foreign key constraint)
000557  **   *  OP_CreateBtree/BTREE_INTKEY and OP_InitCoroutine 
000558  **      (for CREATE TABLE AS SELECT ...)
000559  **
000560  ** Then check that the value of Parse.mayAbort is true if an
000561  ** ABORT may be thrown, or false otherwise. Return true if it does
000562  ** match, or false otherwise. This function is intended to be used as
000563  ** part of an assert statement in the compiler. Similar to:
000564  **
000565  **   assert( sqlite3VdbeAssertMayAbort(pParse->pVdbe, pParse->mayAbort) );
000566  */
000567  int sqlite3VdbeAssertMayAbort(Vdbe *v, int mayAbort){
000568    int hasAbort = 0;
000569    int hasFkCounter = 0;
000570    int hasCreateTable = 0;
000571    int hasInitCoroutine = 0;
000572    Op *pOp;
000573    VdbeOpIter sIter;
000574    memset(&sIter, 0, sizeof(sIter));
000575    sIter.v = v;
000576  
000577    while( (pOp = opIterNext(&sIter))!=0 ){
000578      int opcode = pOp->opcode;
000579      if( opcode==OP_Destroy || opcode==OP_VUpdate || opcode==OP_VRename 
000580       || ((opcode==OP_Halt || opcode==OP_HaltIfNull) 
000581        && ((pOp->p1&0xff)==SQLITE_CONSTRAINT && pOp->p2==OE_Abort))
000582      ){
000583        hasAbort = 1;
000584        break;
000585      }
000586      if( opcode==OP_CreateBtree && pOp->p3==BTREE_INTKEY ) hasCreateTable = 1;
000587      if( opcode==OP_InitCoroutine ) hasInitCoroutine = 1;
000588  #ifndef SQLITE_OMIT_FOREIGN_KEY
000589      if( opcode==OP_FkCounter && pOp->p1==0 && pOp->p2==1 ){
000590        hasFkCounter = 1;
000591      }
000592  #endif
000593    }
000594    sqlite3DbFree(v->db, sIter.apSub);
000595  
000596    /* Return true if hasAbort==mayAbort. Or if a malloc failure occurred.
000597    ** If malloc failed, then the while() loop above may not have iterated
000598    ** through all opcodes and hasAbort may be set incorrectly. Return
000599    ** true for this case to prevent the assert() in the callers frame
000600    ** from failing.  */
000601    return ( v->db->mallocFailed || hasAbort==mayAbort || hasFkCounter
000602                || (hasCreateTable && hasInitCoroutine) );
000603  }
000604  #endif /* SQLITE_DEBUG - the sqlite3AssertMayAbort() function */
000605  
000606  #ifdef SQLITE_DEBUG
000607  /*
000608  ** Increment the nWrite counter in the VDBE if the cursor is not an
000609  ** ephemeral cursor, or if the cursor argument is NULL.
000610  */
000611  void sqlite3VdbeIncrWriteCounter(Vdbe *p, VdbeCursor *pC){
000612    if( pC==0
000613     || (pC->eCurType!=CURTYPE_SORTER
000614         && pC->eCurType!=CURTYPE_PSEUDO
000615         && !pC->isEphemeral)
000616    ){
000617      p->nWrite++;
000618    }
000619  }
000620  #endif
000621  
000622  #ifdef SQLITE_DEBUG
000623  /*
000624  ** Assert if an Abort at this point in time might result in a corrupt
000625  ** database.
000626  */
000627  void sqlite3VdbeAssertAbortable(Vdbe *p){
000628    assert( p->nWrite==0 || p->usesStmtJournal );
000629  }
000630  #endif
000631  
000632  /*
000633  ** This routine is called after all opcodes have been inserted.  It loops
000634  ** through all the opcodes and fixes up some details.
000635  **
000636  ** (1) For each jump instruction with a negative P2 value (a label)
000637  **     resolve the P2 value to an actual address.
000638  **
000639  ** (2) Compute the maximum number of arguments used by any SQL function
000640  **     and store that value in *pMaxFuncArgs.
000641  **
000642  ** (3) Update the Vdbe.readOnly and Vdbe.bIsReader flags to accurately
000643  **     indicate what the prepared statement actually does.
000644  **
000645  ** (4) Initialize the p4.xAdvance pointer on opcodes that use it.
000646  **
000647  ** (5) Reclaim the memory allocated for storing labels.
000648  **
000649  ** This routine will only function correctly if the mkopcodeh.tcl generator
000650  ** script numbers the opcodes correctly.  Changes to this routine must be
000651  ** coordinated with changes to mkopcodeh.tcl.
000652  */
000653  static void resolveP2Values(Vdbe *p, int *pMaxFuncArgs){
000654    int nMaxArgs = *pMaxFuncArgs;
000655    Op *pOp;
000656    Parse *pParse = p->pParse;
000657    int *aLabel = pParse->aLabel;
000658    p->readOnly = 1;
000659    p->bIsReader = 0;
000660    pOp = &p->aOp[p->nOp-1];
000661    while(1){
000662  
000663      /* Only JUMP opcodes and the short list of special opcodes in the switch
000664      ** below need to be considered.  The mkopcodeh.tcl generator script groups
000665      ** all these opcodes together near the front of the opcode list.  Skip
000666      ** any opcode that does not need processing by virtual of the fact that
000667      ** it is larger than SQLITE_MX_JUMP_OPCODE, as a performance optimization.
000668      */
000669      if( pOp->opcode<=SQLITE_MX_JUMP_OPCODE ){
000670        /* NOTE: Be sure to update mkopcodeh.tcl when adding or removing
000671        ** cases from this switch! */
000672        switch( pOp->opcode ){
000673          case OP_Transaction: {
000674            if( pOp->p2!=0 ) p->readOnly = 0;
000675            /* fall thru */
000676          }
000677          case OP_AutoCommit:
000678          case OP_Savepoint: {
000679            p->bIsReader = 1;
000680            break;
000681          }
000682  #ifndef SQLITE_OMIT_WAL
000683          case OP_Checkpoint:
000684  #endif
000685          case OP_Vacuum:
000686          case OP_JournalMode: {
000687            p->readOnly = 0;
000688            p->bIsReader = 1;
000689            break;
000690          }
000691          case OP_Next:
000692          case OP_NextIfOpen:
000693          case OP_SorterNext: {
000694            pOp->p4.xAdvance = sqlite3BtreeNext;
000695            pOp->p4type = P4_ADVANCE;
000696            /* The code generator never codes any of these opcodes as a jump
000697            ** to a label.  They are always coded as a jump backwards to a 
000698            ** known address */
000699            assert( pOp->p2>=0 );
000700            break;
000701          }
000702          case OP_Prev:
000703          case OP_PrevIfOpen: {
000704            pOp->p4.xAdvance = sqlite3BtreePrevious;
000705            pOp->p4type = P4_ADVANCE;
000706            /* The code generator never codes any of these opcodes as a jump
000707            ** to a label.  They are always coded as a jump backwards to a 
000708            ** known address */
000709            assert( pOp->p2>=0 );
000710            break;
000711          }
000712  #ifndef SQLITE_OMIT_VIRTUALTABLE
000713          case OP_VUpdate: {
000714            if( pOp->p2>nMaxArgs ) nMaxArgs = pOp->p2;
000715            break;
000716          }
000717          case OP_VFilter: {
000718            int n;
000719            assert( (pOp - p->aOp) >= 3 );
000720            assert( pOp[-1].opcode==OP_Integer );
000721            n = pOp[-1].p1;
000722            if( n>nMaxArgs ) nMaxArgs = n;
000723            /* Fall through into the default case */
000724          }
000725  #endif
000726          default: {
000727            if( pOp->p2<0 ){
000728              /* The mkopcodeh.tcl script has so arranged things that the only
000729              ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
000730              ** have non-negative values for P2. */
000731              assert( (sqlite3OpcodeProperty[pOp->opcode] & OPFLG_JUMP)!=0 );
000732              assert( ADDR(pOp->p2)<pParse->nLabel );
000733              pOp->p2 = aLabel[ADDR(pOp->p2)];
000734            }
000735            break;
000736          }
000737        }
000738        /* The mkopcodeh.tcl script has so arranged things that the only
000739        ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
000740        ** have non-negative values for P2. */
000741        assert( (sqlite3OpcodeProperty[pOp->opcode]&OPFLG_JUMP)==0 || pOp->p2>=0);
000742      }
000743      if( pOp==p->aOp ) break;
000744      pOp--;
000745    }
000746    sqlite3DbFree(p->db, pParse->aLabel);
000747    pParse->aLabel = 0;
000748    pParse->nLabel = 0;
000749    *pMaxFuncArgs = nMaxArgs;
000750    assert( p->bIsReader!=0 || DbMaskAllZero(p->btreeMask) );
000751  }
000752  
000753  /*
000754  ** Return the address of the next instruction to be inserted.
000755  */
000756  int sqlite3VdbeCurrentAddr(Vdbe *p){
000757    assert( p->magic==VDBE_MAGIC_INIT );
000758    return p->nOp;
000759  }
000760  
000761  /*
000762  ** Verify that at least N opcode slots are available in p without
000763  ** having to malloc for more space (except when compiled using
000764  ** SQLITE_TEST_REALLOC_STRESS).  This interface is used during testing
000765  ** to verify that certain calls to sqlite3VdbeAddOpList() can never
000766  ** fail due to a OOM fault and hence that the return value from
000767  ** sqlite3VdbeAddOpList() will always be non-NULL.
000768  */
000769  #if defined(SQLITE_DEBUG) && !defined(SQLITE_TEST_REALLOC_STRESS)
000770  void sqlite3VdbeVerifyNoMallocRequired(Vdbe *p, int N){
000771    assert( p->nOp + N <= p->pParse->nOpAlloc );
000772  }
000773  #endif
000774  
000775  /*
000776  ** Verify that the VM passed as the only argument does not contain
000777  ** an OP_ResultRow opcode. Fail an assert() if it does. This is used
000778  ** by code in pragma.c to ensure that the implementation of certain
000779  ** pragmas comports with the flags specified in the mkpragmatab.tcl
000780  ** script.
000781  */
000782  #if defined(SQLITE_DEBUG) && !defined(SQLITE_TEST_REALLOC_STRESS)
000783  void sqlite3VdbeVerifyNoResultRow(Vdbe *p){
000784    int i;
000785    for(i=0; i<p->nOp; i++){
000786      assert( p->aOp[i].opcode!=OP_ResultRow );
000787    }
000788  }
000789  #endif
000790  
000791  /*
000792  ** Generate code (a single OP_Abortable opcode) that will
000793  ** verify that the VDBE program can safely call Abort in the current
000794  ** context.
000795  */
000796  #if defined(SQLITE_DEBUG)
000797  void sqlite3VdbeVerifyAbortable(Vdbe *p, int onError){
000798    if( onError==OE_Abort ) sqlite3VdbeAddOp0(p, OP_Abortable);
000799  }
000800  #endif
000801  
000802  /*
000803  ** This function returns a pointer to the array of opcodes associated with
000804  ** the Vdbe passed as the first argument. It is the callers responsibility
000805  ** to arrange for the returned array to be eventually freed using the 
000806  ** vdbeFreeOpArray() function.
000807  **
000808  ** Before returning, *pnOp is set to the number of entries in the returned
000809  ** array. Also, *pnMaxArg is set to the larger of its current value and 
000810  ** the number of entries in the Vdbe.apArg[] array required to execute the 
000811  ** returned program.
000812  */
000813  VdbeOp *sqlite3VdbeTakeOpArray(Vdbe *p, int *pnOp, int *pnMaxArg){
000814    VdbeOp *aOp = p->aOp;
000815    assert( aOp && !p->db->mallocFailed );
000816  
000817    /* Check that sqlite3VdbeUsesBtree() was not called on this VM */
000818    assert( DbMaskAllZero(p->btreeMask) );
000819  
000820    resolveP2Values(p, pnMaxArg);
000821    *pnOp = p->nOp;
000822    p->aOp = 0;
000823    return aOp;
000824  }
000825  
000826  /*
000827  ** Add a whole list of operations to the operation stack.  Return a
000828  ** pointer to the first operation inserted.
000829  **
000830  ** Non-zero P2 arguments to jump instructions are automatically adjusted
000831  ** so that the jump target is relative to the first operation inserted.
000832  */
000833  VdbeOp *sqlite3VdbeAddOpList(
000834    Vdbe *p,                     /* Add opcodes to the prepared statement */
000835    int nOp,                     /* Number of opcodes to add */
000836    VdbeOpList const *aOp,       /* The opcodes to be added */
000837    int iLineno                  /* Source-file line number of first opcode */
000838  ){
000839    int i;
000840    VdbeOp *pOut, *pFirst;
000841    assert( nOp>0 );
000842    assert( p->magic==VDBE_MAGIC_INIT );
000843    if( p->nOp + nOp > p->pParse->nOpAlloc && growOpArray(p, nOp) ){
000844      return 0;
000845    }
000846    pFirst = pOut = &p->aOp[p->nOp];
000847    for(i=0; i<nOp; i++, aOp++, pOut++){
000848      pOut->opcode = aOp->opcode;
000849      pOut->p1 = aOp->p1;
000850      pOut->p2 = aOp->p2;
000851      assert( aOp->p2>=0 );
000852      if( (sqlite3OpcodeProperty[aOp->opcode] & OPFLG_JUMP)!=0 && aOp->p2>0 ){
000853        pOut->p2 += p->nOp;
000854      }
000855      pOut->p3 = aOp->p3;
000856      pOut->p4type = P4_NOTUSED;
000857      pOut->p4.p = 0;
000858      pOut->p5 = 0;
000859  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
000860      pOut->zComment = 0;
000861  #endif
000862  #ifdef SQLITE_VDBE_COVERAGE
000863      pOut->iSrcLine = iLineno+i;
000864  #else
000865      (void)iLineno;
000866  #endif
000867  #ifdef SQLITE_DEBUG
000868      if( p->db->flags & SQLITE_VdbeAddopTrace ){
000869        sqlite3VdbePrintOp(0, i+p->nOp, &p->aOp[i+p->nOp]);
000870      }
000871  #endif
000872    }
000873    p->nOp += nOp;
000874    return pFirst;
000875  }
000876  
000877  #if defined(SQLITE_ENABLE_STMT_SCANSTATUS)
000878  /*
000879  ** Add an entry to the array of counters managed by sqlite3_stmt_scanstatus().
000880  */
000881  void sqlite3VdbeScanStatus(
000882    Vdbe *p,                        /* VM to add scanstatus() to */
000883    int addrExplain,                /* Address of OP_Explain (or 0) */
000884    int addrLoop,                   /* Address of loop counter */ 
000885    int addrVisit,                  /* Address of rows visited counter */
000886    LogEst nEst,                    /* Estimated number of output rows */
000887    const char *zName               /* Name of table or index being scanned */
000888  ){
000889    int nByte = (p->nScan+1) * sizeof(ScanStatus);
000890    ScanStatus *aNew;
000891    aNew = (ScanStatus*)sqlite3DbRealloc(p->db, p->aScan, nByte);
000892    if( aNew ){
000893      ScanStatus *pNew = &aNew[p->nScan++];
000894      pNew->addrExplain = addrExplain;
000895      pNew->addrLoop = addrLoop;
000896      pNew->addrVisit = addrVisit;
000897      pNew->nEst = nEst;
000898      pNew->zName = sqlite3DbStrDup(p->db, zName);
000899      p->aScan = aNew;
000900    }
000901  }
000902  #endif
000903  
000904  
000905  /*
000906  ** Change the value of the opcode, or P1, P2, P3, or P5 operands
000907  ** for a specific instruction.
000908  */
000909  void sqlite3VdbeChangeOpcode(Vdbe *p, u32 addr, u8 iNewOpcode){
000910    sqlite3VdbeGetOp(p,addr)->opcode = iNewOpcode;
000911  }
000912  void sqlite3VdbeChangeP1(Vdbe *p, u32 addr, int val){
000913    sqlite3VdbeGetOp(p,addr)->p1 = val;
000914  }
000915  void sqlite3VdbeChangeP2(Vdbe *p, u32 addr, int val){
000916    sqlite3VdbeGetOp(p,addr)->p2 = val;
000917  }
000918  void sqlite3VdbeChangeP3(Vdbe *p, u32 addr, int val){
000919    sqlite3VdbeGetOp(p,addr)->p3 = val;
000920  }
000921  void sqlite3VdbeChangeP5(Vdbe *p, u16 p5){
000922    assert( p->nOp>0 || p->db->mallocFailed );
000923    if( p->nOp>0 ) p->aOp[p->nOp-1].p5 = p5;
000924  }
000925  
000926  /*
000927  ** Change the P2 operand of instruction addr so that it points to
000928  ** the address of the next instruction to be coded.
000929  */
000930  void sqlite3VdbeJumpHere(Vdbe *p, int addr){
000931    sqlite3VdbeChangeP2(p, addr, p->nOp);
000932  }
000933  
000934  
000935  /*
000936  ** If the input FuncDef structure is ephemeral, then free it.  If
000937  ** the FuncDef is not ephermal, then do nothing.
000938  */
000939  static void freeEphemeralFunction(sqlite3 *db, FuncDef *pDef){
000940    if( (pDef->funcFlags & SQLITE_FUNC_EPHEM)!=0 ){
000941      sqlite3DbFreeNN(db, pDef);
000942    }
000943  }
000944  
000945  static void vdbeFreeOpArray(sqlite3 *, Op *, int);
000946  
000947  /*
000948  ** Delete a P4 value if necessary.
000949  */
000950  static SQLITE_NOINLINE void freeP4Mem(sqlite3 *db, Mem *p){
000951    if( p->szMalloc ) sqlite3DbFree(db, p->zMalloc);
000952    sqlite3DbFreeNN(db, p);
000953  }
000954  static SQLITE_NOINLINE void freeP4FuncCtx(sqlite3 *db, sqlite3_context *p){
000955    freeEphemeralFunction(db, p->pFunc);
000956   sqlite3DbFreeNN(db, p);
000957  }
000958  static void freeP4(sqlite3 *db, int p4type, void *p4){
000959    assert( db );
000960    switch( p4type ){
000961      case P4_FUNCCTX: {
000962        freeP4FuncCtx(db, (sqlite3_context*)p4);
000963        break;
000964      }
000965      case P4_REAL:
000966      case P4_INT64:
000967      case P4_DYNAMIC:
000968      case P4_DYNBLOB:
000969      case P4_INTARRAY: {
000970        sqlite3DbFree(db, p4);
000971        break;
000972      }
000973      case P4_KEYINFO: {
000974        if( db->pnBytesFreed==0 ) sqlite3KeyInfoUnref((KeyInfo*)p4);
000975        break;
000976      }
000977  #ifdef SQLITE_ENABLE_CURSOR_HINTS
000978      case P4_EXPR: {
000979        sqlite3ExprDelete(db, (Expr*)p4);
000980        break;
000981      }
000982  #endif
000983      case P4_FUNCDEF: {
000984        freeEphemeralFunction(db, (FuncDef*)p4);
000985        break;
000986      }
000987      case P4_MEM: {
000988        if( db->pnBytesFreed==0 ){
000989          sqlite3ValueFree((sqlite3_value*)p4);
000990        }else{
000991          freeP4Mem(db, (Mem*)p4);
000992        }
000993        break;
000994      }
000995      case P4_VTAB : {
000996        if( db->pnBytesFreed==0 ) sqlite3VtabUnlock((VTable *)p4);
000997        break;
000998      }
000999    }
001000  }
001001  
001002  /*
001003  ** Free the space allocated for aOp and any p4 values allocated for the
001004  ** opcodes contained within. If aOp is not NULL it is assumed to contain 
001005  ** nOp entries. 
001006  */
001007  static void vdbeFreeOpArray(sqlite3 *db, Op *aOp, int nOp){
001008    if( aOp ){
001009      Op *pOp;
001010      for(pOp=&aOp[nOp-1]; pOp>=aOp; pOp--){
001011        if( pOp->p4type <= P4_FREE_IF_LE ) freeP4(db, pOp->p4type, pOp->p4.p);
001012  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
001013        sqlite3DbFree(db, pOp->zComment);
001014  #endif     
001015      }
001016      sqlite3DbFreeNN(db, aOp);
001017    }
001018  }
001019  
001020  /*
001021  ** Link the SubProgram object passed as the second argument into the linked
001022  ** list at Vdbe.pSubProgram. This list is used to delete all sub-program
001023  ** objects when the VM is no longer required.
001024  */
001025  void sqlite3VdbeLinkSubProgram(Vdbe *pVdbe, SubProgram *p){
001026    p->pNext = pVdbe->pProgram;
001027    pVdbe->pProgram = p;
001028  }
001029  
001030  /*
001031  ** Change the opcode at addr into OP_Noop
001032  */
001033  int sqlite3VdbeChangeToNoop(Vdbe *p, int addr){
001034    VdbeOp *pOp;
001035    if( p->db->mallocFailed ) return 0;
001036    assert( addr>=0 && addr<p->nOp );
001037    pOp = &p->aOp[addr];
001038    freeP4(p->db, pOp->p4type, pOp->p4.p);
001039    pOp->p4type = P4_NOTUSED;
001040    pOp->p4.z = 0;
001041    pOp->opcode = OP_Noop;
001042    return 1;
001043  }
001044  
001045  /*
001046  ** If the last opcode is "op" and it is not a jump destination,
001047  ** then remove it.  Return true if and only if an opcode was removed.
001048  */
001049  int sqlite3VdbeDeletePriorOpcode(Vdbe *p, u8 op){
001050    if( p->nOp>0 && p->aOp[p->nOp-1].opcode==op ){
001051      return sqlite3VdbeChangeToNoop(p, p->nOp-1);
001052    }else{
001053      return 0;
001054    }
001055  }
001056  
001057  /*
001058  ** Change the value of the P4 operand for a specific instruction.
001059  ** This routine is useful when a large program is loaded from a
001060  ** static array using sqlite3VdbeAddOpList but we want to make a
001061  ** few minor changes to the program.
001062  **
001063  ** If n>=0 then the P4 operand is dynamic, meaning that a copy of
001064  ** the string is made into memory obtained from sqlite3_malloc().
001065  ** A value of n==0 means copy bytes of zP4 up to and including the
001066  ** first null byte.  If n>0 then copy n+1 bytes of zP4.
001067  ** 
001068  ** Other values of n (P4_STATIC, P4_COLLSEQ etc.) indicate that zP4 points
001069  ** to a string or structure that is guaranteed to exist for the lifetime of
001070  ** the Vdbe. In these cases we can just copy the pointer.
001071  **
001072  ** If addr<0 then change P4 on the most recently inserted instruction.
001073  */
001074  static void SQLITE_NOINLINE vdbeChangeP4Full(
001075    Vdbe *p,
001076    Op *pOp,
001077    const char *zP4,
001078    int n
001079  ){
001080    if( pOp->p4type ){
001081      freeP4(p->db, pOp->p4type, pOp->p4.p);
001082      pOp->p4type = 0;
001083      pOp->p4.p = 0;
001084    }
001085    if( n<0 ){
001086      sqlite3VdbeChangeP4(p, (int)(pOp - p->aOp), zP4, n);
001087    }else{
001088      if( n==0 ) n = sqlite3Strlen30(zP4);
001089      pOp->p4.z = sqlite3DbStrNDup(p->db, zP4, n);
001090      pOp->p4type = P4_DYNAMIC;
001091    }
001092  }
001093  void sqlite3VdbeChangeP4(Vdbe *p, int addr, const char *zP4, int n){
001094    Op *pOp;
001095    sqlite3 *db;
001096    assert( p!=0 );
001097    db = p->db;
001098    assert( p->magic==VDBE_MAGIC_INIT );
001099    assert( p->aOp!=0 || db->mallocFailed );
001100    if( db->mallocFailed ){
001101      if( n!=P4_VTAB ) freeP4(db, n, (void*)*(char**)&zP4);
001102      return;
001103    }
001104    assert( p->nOp>0 );
001105    assert( addr<p->nOp );
001106    if( addr<0 ){
001107      addr = p->nOp - 1;
001108    }
001109    pOp = &p->aOp[addr];
001110    if( n>=0 || pOp->p4type ){
001111      vdbeChangeP4Full(p, pOp, zP4, n);
001112      return;
001113    }
001114    if( n==P4_INT32 ){
001115      /* Note: this cast is safe, because the origin data point was an int
001116      ** that was cast to a (const char *). */
001117      pOp->p4.i = SQLITE_PTR_TO_INT(zP4);
001118      pOp->p4type = P4_INT32;
001119    }else if( zP4!=0 ){
001120      assert( n<0 );
001121      pOp->p4.p = (void*)zP4;
001122      pOp->p4type = (signed char)n;
001123      if( n==P4_VTAB ) sqlite3VtabLock((VTable*)zP4);
001124    }
001125  }
001126  
001127  /*
001128  ** Change the P4 operand of the most recently coded instruction 
001129  ** to the value defined by the arguments.  This is a high-speed
001130  ** version of sqlite3VdbeChangeP4().
001131  **
001132  ** The P4 operand must not have been previously defined.  And the new
001133  ** P4 must not be P4_INT32.  Use sqlite3VdbeChangeP4() in either of
001134  ** those cases.
001135  */
001136  void sqlite3VdbeAppendP4(Vdbe *p, void *pP4, int n){
001137    VdbeOp *pOp;
001138    assert( n!=P4_INT32 && n!=P4_VTAB );
001139    assert( n<=0 );
001140    if( p->db->mallocFailed ){
001141      freeP4(p->db, n, pP4);
001142    }else{
001143      assert( pP4!=0 );
001144      assert( p->nOp>0 );
001145      pOp = &p->aOp[p->nOp-1];
001146      assert( pOp->p4type==P4_NOTUSED );
001147      pOp->p4type = n;
001148      pOp->p4.p = pP4;
001149    }
001150  }
001151  
001152  /*
001153  ** Set the P4 on the most recently added opcode to the KeyInfo for the
001154  ** index given.
001155  */
001156  void sqlite3VdbeSetP4KeyInfo(Parse *pParse, Index *pIdx){
001157    Vdbe *v = pParse->pVdbe;
001158    KeyInfo *pKeyInfo;
001159    assert( v!=0 );
001160    assert( pIdx!=0 );
001161    pKeyInfo = sqlite3KeyInfoOfIndex(pParse, pIdx);
001162    if( pKeyInfo ) sqlite3VdbeAppendP4(v, pKeyInfo, P4_KEYINFO);
001163  }
001164  
001165  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
001166  /*
001167  ** Change the comment on the most recently coded instruction.  Or
001168  ** insert a No-op and add the comment to that new instruction.  This
001169  ** makes the code easier to read during debugging.  None of this happens
001170  ** in a production build.
001171  */
001172  static void vdbeVComment(Vdbe *p, const char *zFormat, va_list ap){
001173    assert( p->nOp>0 || p->aOp==0 );
001174    assert( p->aOp==0 || p->aOp[p->nOp-1].zComment==0 || p->db->mallocFailed );
001175    if( p->nOp ){
001176      assert( p->aOp );
001177      sqlite3DbFree(p->db, p->aOp[p->nOp-1].zComment);
001178      p->aOp[p->nOp-1].zComment = sqlite3VMPrintf(p->db, zFormat, ap);
001179    }
001180  }
001181  void sqlite3VdbeComment(Vdbe *p, const char *zFormat, ...){
001182    va_list ap;
001183    if( p ){
001184      va_start(ap, zFormat);
001185      vdbeVComment(p, zFormat, ap);
001186      va_end(ap);
001187    }
001188  }
001189  void sqlite3VdbeNoopComment(Vdbe *p, const char *zFormat, ...){
001190    va_list ap;
001191    if( p ){
001192      sqlite3VdbeAddOp0(p, OP_Noop);
001193      va_start(ap, zFormat);
001194      vdbeVComment(p, zFormat, ap);
001195      va_end(ap);
001196    }
001197  }
001198  #endif  /* NDEBUG */
001199  
001200  #ifdef SQLITE_VDBE_COVERAGE
001201  /*
001202  ** Set the value if the iSrcLine field for the previously coded instruction.
001203  */
001204  void sqlite3VdbeSetLineNumber(Vdbe *v, int iLine){
001205    sqlite3VdbeGetOp(v,-1)->iSrcLine = iLine;
001206  }
001207  #endif /* SQLITE_VDBE_COVERAGE */
001208  
001209  /*
001210  ** Return the opcode for a given address.  If the address is -1, then
001211  ** return the most recently inserted opcode.
001212  **
001213  ** If a memory allocation error has occurred prior to the calling of this
001214  ** routine, then a pointer to a dummy VdbeOp will be returned.  That opcode
001215  ** is readable but not writable, though it is cast to a writable value.
001216  ** The return of a dummy opcode allows the call to continue functioning
001217  ** after an OOM fault without having to check to see if the return from 
001218  ** this routine is a valid pointer.  But because the dummy.opcode is 0,
001219  ** dummy will never be written to.  This is verified by code inspection and
001220  ** by running with Valgrind.
001221  */
001222  VdbeOp *sqlite3VdbeGetOp(Vdbe *p, int addr){
001223    /* C89 specifies that the constant "dummy" will be initialized to all
001224    ** zeros, which is correct.  MSVC generates a warning, nevertheless. */
001225    static VdbeOp dummy;  /* Ignore the MSVC warning about no initializer */
001226    assert( p->magic==VDBE_MAGIC_INIT );
001227    if( addr<0 ){
001228      addr = p->nOp - 1;
001229    }
001230    assert( (addr>=0 && addr<p->nOp) || p->db->mallocFailed );
001231    if( p->db->mallocFailed ){
001232      return (VdbeOp*)&dummy;
001233    }else{
001234      return &p->aOp[addr];
001235    }
001236  }
001237  
001238  #if defined(SQLITE_ENABLE_EXPLAIN_COMMENTS)
001239  /*
001240  ** Return an integer value for one of the parameters to the opcode pOp
001241  ** determined by character c.
001242  */
001243  static int translateP(char c, const Op *pOp){
001244    if( c=='1' ) return pOp->p1;
001245    if( c=='2' ) return pOp->p2;
001246    if( c=='3' ) return pOp->p3;
001247    if( c=='4' ) return pOp->p4.i;
001248    return pOp->p5;
001249  }
001250  
001251  /*
001252  ** Compute a string for the "comment" field of a VDBE opcode listing.
001253  **
001254  ** The Synopsis: field in comments in the vdbe.c source file gets converted
001255  ** to an extra string that is appended to the sqlite3OpcodeName().  In the
001256  ** absence of other comments, this synopsis becomes the comment on the opcode.
001257  ** Some translation occurs:
001258  **
001259  **       "PX"      ->  "r[X]"
001260  **       "PX@PY"   ->  "r[X..X+Y-1]"  or "r[x]" if y is 0 or 1
001261  **       "PX@PY+1" ->  "r[X..X+Y]"    or "r[x]" if y is 0
001262  **       "PY..PY"  ->  "r[X..Y]"      or "r[x]" if y<=x
001263  */
001264  static int displayComment(
001265    const Op *pOp,     /* The opcode to be commented */
001266    const char *zP4,   /* Previously obtained value for P4 */
001267    char *zTemp,       /* Write result here */
001268    int nTemp          /* Space available in zTemp[] */
001269  ){
001270    const char *zOpName;
001271    const char *zSynopsis;
001272    int nOpName;
001273    int ii, jj;
001274    char zAlt[50];
001275    zOpName = sqlite3OpcodeName(pOp->opcode);
001276    nOpName = sqlite3Strlen30(zOpName);
001277    if( zOpName[nOpName+1] ){
001278      int seenCom = 0;
001279      char c;
001280      zSynopsis = zOpName += nOpName + 1;
001281      if( strncmp(zSynopsis,"IF ",3)==0 ){
001282        if( pOp->p5 & SQLITE_STOREP2 ){
001283          sqlite3_snprintf(sizeof(zAlt), zAlt, "r[P2] = (%s)", zSynopsis+3);
001284        }else{
001285          sqlite3_snprintf(sizeof(zAlt), zAlt, "if %s goto P2", zSynopsis+3);
001286        }
001287        zSynopsis = zAlt;
001288      }
001289      for(ii=jj=0; jj<nTemp-1 && (c = zSynopsis[ii])!=0; ii++){
001290        if( c=='P' ){
001291          c = zSynopsis[++ii];
001292          if( c=='4' ){
001293            sqlite3_snprintf(nTemp-jj, zTemp+jj, "%s", zP4);
001294          }else if( c=='X' ){
001295            sqlite3_snprintf(nTemp-jj, zTemp+jj, "%s", pOp->zComment);
001296            seenCom = 1;
001297          }else{
001298            int v1 = translateP(c, pOp);
001299            int v2;
001300            sqlite3_snprintf(nTemp-jj, zTemp+jj, "%d", v1);
001301            if( strncmp(zSynopsis+ii+1, "@P", 2)==0 ){
001302              ii += 3;
001303              jj += sqlite3Strlen30(zTemp+jj);
001304              v2 = translateP(zSynopsis[ii], pOp);
001305              if( strncmp(zSynopsis+ii+1,"+1",2)==0 ){
001306                ii += 2;
001307                v2++;
001308              }
001309              if( v2>1 ){
001310                sqlite3_snprintf(nTemp-jj, zTemp+jj, "..%d", v1+v2-1);
001311              }
001312            }else if( strncmp(zSynopsis+ii+1, "..P3", 4)==0 && pOp->p3==0 ){
001313              ii += 4;
001314            }
001315          }
001316          jj += sqlite3Strlen30(zTemp+jj);
001317        }else{
001318          zTemp[jj++] = c;
001319        }
001320      }
001321      if( !seenCom && jj<nTemp-5 && pOp->zComment ){
001322        sqlite3_snprintf(nTemp-jj, zTemp+jj, "; %s", pOp->zComment);
001323        jj += sqlite3Strlen30(zTemp+jj);
001324      }
001325      if( jj<nTemp ) zTemp[jj] = 0;
001326    }else if( pOp->zComment ){
001327      sqlite3_snprintf(nTemp, zTemp, "%s", pOp->zComment);
001328      jj = sqlite3Strlen30(zTemp);
001329    }else{
001330      zTemp[0] = 0;
001331      jj = 0;
001332    }
001333    return jj;
001334  }
001335  #endif /* SQLITE_DEBUG */
001336  
001337  #if VDBE_DISPLAY_P4 && defined(SQLITE_ENABLE_CURSOR_HINTS)
001338  /*
001339  ** Translate the P4.pExpr value for an OP_CursorHint opcode into text
001340  ** that can be displayed in the P4 column of EXPLAIN output.
001341  */
001342  static void displayP4Expr(StrAccum *p, Expr *pExpr){
001343    const char *zOp = 0;
001344    switch( pExpr->op ){
001345      case TK_STRING:
001346        sqlite3_str_appendf(p, "%Q", pExpr->u.zToken);
001347        break;
001348      case TK_INTEGER:
001349        sqlite3_str_appendf(p, "%d", pExpr->u.iValue);
001350        break;
001351      case TK_NULL:
001352        sqlite3_str_appendf(p, "NULL");
001353        break;
001354      case TK_REGISTER: {
001355        sqlite3_str_appendf(p, "r[%d]", pExpr->iTable);
001356        break;
001357      }
001358      case TK_COLUMN: {
001359        if( pExpr->iColumn<0 ){
001360          sqlite3_str_appendf(p, "rowid");
001361        }else{
001362          sqlite3_str_appendf(p, "c%d", (int)pExpr->iColumn);
001363        }
001364        break;
001365      }
001366      case TK_LT:      zOp = "LT";      break;
001367      case TK_LE:      zOp = "LE";      break;
001368      case TK_GT:      zOp = "GT";      break;
001369      case TK_GE:      zOp = "GE";      break;
001370      case TK_NE:      zOp = "NE";      break;
001371      case TK_EQ:      zOp = "EQ";      break;
001372      case TK_IS:      zOp = "IS";      break;
001373      case TK_ISNOT:   zOp = "ISNOT";   break;
001374      case TK_AND:     zOp = "AND";     break;
001375      case TK_OR:      zOp = "OR";      break;
001376      case TK_PLUS:    zOp = "ADD";     break;
001377      case TK_STAR:    zOp = "MUL";     break;
001378      case TK_MINUS:   zOp = "SUB";     break;
001379      case TK_REM:     zOp = "REM";     break;
001380      case TK_BITAND:  zOp = "BITAND";  break;
001381      case TK_BITOR:   zOp = "BITOR";   break;
001382      case TK_SLASH:   zOp = "DIV";     break;
001383      case TK_LSHIFT:  zOp = "LSHIFT";  break;
001384      case TK_RSHIFT:  zOp = "RSHIFT";  break;
001385      case TK_CONCAT:  zOp = "CONCAT";  break;
001386      case TK_UMINUS:  zOp = "MINUS";   break;
001387      case TK_UPLUS:   zOp = "PLUS";    break;
001388      case TK_BITNOT:  zOp = "BITNOT";  break;
001389      case TK_NOT:     zOp = "NOT";     break;
001390      case TK_ISNULL:  zOp = "ISNULL";  break;
001391      case TK_NOTNULL: zOp = "NOTNULL"; break;
001392  
001393      default:
001394        sqlite3_str_appendf(p, "%s", "expr");
001395        break;
001396    }
001397  
001398    if( zOp ){
001399      sqlite3_str_appendf(p, "%s(", zOp);
001400      displayP4Expr(p, pExpr->pLeft);
001401      if( pExpr->pRight ){
001402        sqlite3_str_append(p, ",", 1);
001403        displayP4Expr(p, pExpr->pRight);
001404      }
001405      sqlite3_str_append(p, ")", 1);
001406    }
001407  }
001408  #endif /* VDBE_DISPLAY_P4 && defined(SQLITE_ENABLE_CURSOR_HINTS) */
001409  
001410  
001411  #if VDBE_DISPLAY_P4
001412  /*
001413  ** Compute a string that describes the P4 parameter for an opcode.
001414  ** Use zTemp for any required temporary buffer space.
001415  */
001416  static char *displayP4(Op *pOp, char *zTemp, int nTemp){
001417    char *zP4 = zTemp;
001418    StrAccum x;
001419    assert( nTemp>=20 );
001420    sqlite3StrAccumInit(&x, 0, zTemp, nTemp, 0);
001421    switch( pOp->p4type ){
001422      case P4_KEYINFO: {
001423        int j;
001424        KeyInfo *pKeyInfo = pOp->p4.pKeyInfo;
001425        assert( pKeyInfo->aSortOrder!=0 );
001426        sqlite3_str_appendf(&x, "k(%d", pKeyInfo->nKeyField);
001427        for(j=0; j<pKeyInfo->nKeyField; j++){
001428          CollSeq *pColl = pKeyInfo->aColl[j];
001429          const char *zColl = pColl ? pColl->zName : "";
001430          if( strcmp(zColl, "BINARY")==0 ) zColl = "B";
001431          sqlite3_str_appendf(&x, ",%s%s", 
001432                 pKeyInfo->aSortOrder[j] ? "-" : "", zColl);
001433        }
001434        sqlite3_str_append(&x, ")", 1);
001435        break;
001436      }
001437  #ifdef SQLITE_ENABLE_CURSOR_HINTS
001438      case P4_EXPR: {
001439        displayP4Expr(&x, pOp->p4.pExpr);
001440        break;
001441      }
001442  #endif
001443      case P4_COLLSEQ: {
001444        CollSeq *pColl = pOp->p4.pColl;
001445        sqlite3_str_appendf(&x, "(%.20s)", pColl->zName);
001446        break;
001447      }
001448      case P4_FUNCDEF: {
001449        FuncDef *pDef = pOp->p4.pFunc;
001450        sqlite3_str_appendf(&x, "%s(%d)", pDef->zName, pDef->nArg);
001451        break;
001452      }
001453  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
001454      case P4_FUNCCTX: {
001455        FuncDef *pDef = pOp->p4.pCtx->pFunc;
001456        sqlite3_str_appendf(&x, "%s(%d)", pDef->zName, pDef->nArg);
001457        break;
001458      }
001459  #endif
001460      case P4_INT64: {
001461        sqlite3_str_appendf(&x, "%lld", *pOp->p4.pI64);
001462        break;
001463      }
001464      case P4_INT32: {
001465        sqlite3_str_appendf(&x, "%d", pOp->p4.i);
001466        break;
001467      }
001468      case P4_REAL: {
001469        sqlite3_str_appendf(&x, "%.16g", *pOp->p4.pReal);
001470        break;
001471      }
001472      case P4_MEM: {
001473        Mem *pMem = pOp->p4.pMem;
001474        if( pMem->flags & MEM_Str ){
001475          zP4 = pMem->z;
001476        }else if( pMem->flags & MEM_Int ){
001477          sqlite3_str_appendf(&x, "%lld", pMem->u.i);
001478        }else if( pMem->flags & MEM_Real ){
001479          sqlite3_str_appendf(&x, "%.16g", pMem->u.r);
001480        }else if( pMem->flags & MEM_Null ){
001481          zP4 = "NULL";
001482        }else{
001483          assert( pMem->flags & MEM_Blob );
001484          zP4 = "(blob)";
001485        }
001486        break;
001487      }
001488  #ifndef SQLITE_OMIT_VIRTUALTABLE
001489      case P4_VTAB: {
001490        sqlite3_vtab *pVtab = pOp->p4.pVtab->pVtab;
001491        sqlite3_str_appendf(&x, "vtab:%p", pVtab);
001492        break;
001493      }
001494  #endif
001495      case P4_INTARRAY: {
001496        int i;
001497        int *ai = pOp->p4.ai;
001498        int n = ai[0];   /* The first element of an INTARRAY is always the
001499                         ** count of the number of elements to follow */
001500        for(i=1; i<=n; i++){
001501          sqlite3_str_appendf(&x, ",%d", ai[i]);
001502        }
001503        zTemp[0] = '[';
001504        sqlite3_str_append(&x, "]", 1);
001505        break;
001506      }
001507      case P4_SUBPROGRAM: {
001508        sqlite3_str_appendf(&x, "program");
001509        break;
001510      }
001511      case P4_DYNBLOB:
001512      case P4_ADVANCE: {
001513        zTemp[0] = 0;
001514        break;
001515      }
001516      case P4_TABLE: {
001517        sqlite3_str_appendf(&x, "%s", pOp->p4.pTab->zName);
001518        break;
001519      }
001520      default: {
001521        zP4 = pOp->p4.z;
001522        if( zP4==0 ){
001523          zP4 = zTemp;
001524          zTemp[0] = 0;
001525        }
001526      }
001527    }
001528    sqlite3StrAccumFinish(&x);
001529    assert( zP4!=0 );
001530    return zP4;
001531  }
001532  #endif /* VDBE_DISPLAY_P4 */
001533  
001534  /*
001535  ** Declare to the Vdbe that the BTree object at db->aDb[i] is used.
001536  **
001537  ** The prepared statements need to know in advance the complete set of
001538  ** attached databases that will be use.  A mask of these databases
001539  ** is maintained in p->btreeMask.  The p->lockMask value is the subset of
001540  ** p->btreeMask of databases that will require a lock.
001541  */
001542  void sqlite3VdbeUsesBtree(Vdbe *p, int i){
001543    assert( i>=0 && i<p->db->nDb && i<(int)sizeof(yDbMask)*8 );
001544    assert( i<(int)sizeof(p->btreeMask)*8 );
001545    DbMaskSet(p->btreeMask, i);
001546    if( i!=1 && sqlite3BtreeSharable(p->db->aDb[i].pBt) ){
001547      DbMaskSet(p->lockMask, i);
001548    }
001549  }
001550  
001551  #if !defined(SQLITE_OMIT_SHARED_CACHE)
001552  /*
001553  ** If SQLite is compiled to support shared-cache mode and to be threadsafe,
001554  ** this routine obtains the mutex associated with each BtShared structure
001555  ** that may be accessed by the VM passed as an argument. In doing so it also
001556  ** sets the BtShared.db member of each of the BtShared structures, ensuring
001557  ** that the correct busy-handler callback is invoked if required.
001558  **
001559  ** If SQLite is not threadsafe but does support shared-cache mode, then
001560  ** sqlite3BtreeEnter() is invoked to set the BtShared.db variables
001561  ** of all of BtShared structures accessible via the database handle 
001562  ** associated with the VM.
001563  **
001564  ** If SQLite is not threadsafe and does not support shared-cache mode, this
001565  ** function is a no-op.
001566  **
001567  ** The p->btreeMask field is a bitmask of all btrees that the prepared 
001568  ** statement p will ever use.  Let N be the number of bits in p->btreeMask
001569  ** corresponding to btrees that use shared cache.  Then the runtime of
001570  ** this routine is N*N.  But as N is rarely more than 1, this should not
001571  ** be a problem.
001572  */
001573  void sqlite3VdbeEnter(Vdbe *p){
001574    int i;
001575    sqlite3 *db;
001576    Db *aDb;
001577    int nDb;
001578    if( DbMaskAllZero(p->lockMask) ) return;  /* The common case */
001579    db = p->db;
001580    aDb = db->aDb;
001581    nDb = db->nDb;
001582    for(i=0; i<nDb; i++){
001583      if( i!=1 && DbMaskTest(p->lockMask,i) && ALWAYS(aDb[i].pBt!=0) ){
001584        sqlite3BtreeEnter(aDb[i].pBt);
001585      }
001586    }
001587  }
001588  #endif
001589  
001590  #if !defined(SQLITE_OMIT_SHARED_CACHE) && SQLITE_THREADSAFE>0
001591  /*
001592  ** Unlock all of the btrees previously locked by a call to sqlite3VdbeEnter().
001593  */
001594  static SQLITE_NOINLINE void vdbeLeave(Vdbe *p){
001595    int i;
001596    sqlite3 *db;
001597    Db *aDb;
001598    int nDb;
001599    db = p->db;
001600    aDb = db->aDb;
001601    nDb = db->nDb;
001602    for(i=0; i<nDb; i++){
001603      if( i!=1 && DbMaskTest(p->lockMask,i) && ALWAYS(aDb[i].pBt!=0) ){
001604        sqlite3BtreeLeave(aDb[i].pBt);
001605      }
001606    }
001607  }
001608  void sqlite3VdbeLeave(Vdbe *p){
001609    if( DbMaskAllZero(p->lockMask) ) return;  /* The common case */
001610    vdbeLeave(p);
001611  }
001612  #endif
001613  
001614  #if defined(VDBE_PROFILE) || defined(SQLITE_DEBUG)
001615  /*
001616  ** Print a single opcode.  This routine is used for debugging only.
001617  */
001618  void sqlite3VdbePrintOp(FILE *pOut, int pc, Op *pOp){
001619    char *zP4;
001620    char zPtr[50];
001621    char zCom[100];
001622    static const char *zFormat1 = "%4d %-13s %4d %4d %4d %-13s %.2X %s\n";
001623    if( pOut==0 ) pOut = stdout;
001624    zP4 = displayP4(pOp, zPtr, sizeof(zPtr));
001625  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
001626    displayComment(pOp, zP4, zCom, sizeof(zCom));
001627  #else
001628    zCom[0] = 0;
001629  #endif
001630    /* NB:  The sqlite3OpcodeName() function is implemented by code created
001631    ** by the mkopcodeh.awk and mkopcodec.awk scripts which extract the
001632    ** information from the vdbe.c source text */
001633    fprintf(pOut, zFormat1, pc, 
001634        sqlite3OpcodeName(pOp->opcode), pOp->p1, pOp->p2, pOp->p3, zP4, pOp->p5,
001635        zCom
001636    );
001637    fflush(pOut);
001638  }
001639  #endif
001640  
001641  /*
001642  ** Initialize an array of N Mem element.
001643  */
001644  static void initMemArray(Mem *p, int N, sqlite3 *db, u16 flags){
001645    while( (N--)>0 ){
001646      p->db = db;
001647      p->flags = flags;
001648      p->szMalloc = 0;
001649  #ifdef SQLITE_DEBUG
001650      p->pScopyFrom = 0;
001651  #endif
001652      p++;
001653    }
001654  }
001655  
001656  /*
001657  ** Release an array of N Mem elements
001658  */
001659  static void releaseMemArray(Mem *p, int N){
001660    if( p && N ){
001661      Mem *pEnd = &p[N];
001662      sqlite3 *db = p->db;
001663      if( db->pnBytesFreed ){
001664        do{
001665          if( p->szMalloc ) sqlite3DbFree(db, p->zMalloc);
001666        }while( (++p)<pEnd );
001667        return;
001668      }
001669      do{
001670        assert( (&p[1])==pEnd || p[0].db==p[1].db );
001671        assert( sqlite3VdbeCheckMemInvariants(p) );
001672  
001673        /* This block is really an inlined version of sqlite3VdbeMemRelease()
001674        ** that takes advantage of the fact that the memory cell value is 
001675        ** being set to NULL after releasing any dynamic resources.
001676        **
001677        ** The justification for duplicating code is that according to 
001678        ** callgrind, this causes a certain test case to hit the CPU 4.7 
001679        ** percent less (x86 linux, gcc version 4.1.2, -O6) than if 
001680        ** sqlite3MemRelease() were called from here. With -O2, this jumps
001681        ** to 6.6 percent. The test case is inserting 1000 rows into a table 
001682        ** with no indexes using a single prepared INSERT statement, bind() 
001683        ** and reset(). Inserts are grouped into a transaction.
001684        */
001685        testcase( p->flags & MEM_Agg );
001686        testcase( p->flags & MEM_Dyn );
001687        testcase( p->flags & MEM_Frame );
001688        testcase( p->flags & MEM_RowSet );
001689        if( p->flags&(MEM_Agg|MEM_Dyn|MEM_Frame|MEM_RowSet) ){
001690          sqlite3VdbeMemRelease(p);
001691        }else if( p->szMalloc ){
001692          sqlite3DbFreeNN(db, p->zMalloc);
001693          p->szMalloc = 0;
001694        }
001695  
001696        p->flags = MEM_Undefined;
001697      }while( (++p)<pEnd );
001698    }
001699  }
001700  
001701  /*
001702  ** Delete a VdbeFrame object and its contents. VdbeFrame objects are
001703  ** allocated by the OP_Program opcode in sqlite3VdbeExec().
001704  */
001705  void sqlite3VdbeFrameDelete(VdbeFrame *p){
001706    int i;
001707    Mem *aMem = VdbeFrameMem(p);
001708    VdbeCursor **apCsr = (VdbeCursor **)&aMem[p->nChildMem];
001709    for(i=0; i<p->nChildCsr; i++){
001710      sqlite3VdbeFreeCursor(p->v, apCsr[i]);
001711    }
001712    releaseMemArray(aMem, p->nChildMem);
001713    sqlite3VdbeDeleteAuxData(p->v->db, &p->pAuxData, -1, 0);
001714    sqlite3DbFree(p->v->db, p);
001715  }
001716  
001717  #ifndef SQLITE_OMIT_EXPLAIN
001718  /*
001719  ** Give a listing of the program in the virtual machine.
001720  **
001721  ** The interface is the same as sqlite3VdbeExec().  But instead of
001722  ** running the code, it invokes the callback once for each instruction.
001723  ** This feature is used to implement "EXPLAIN".
001724  **
001725  ** When p->explain==1, each instruction is listed.  When
001726  ** p->explain==2, only OP_Explain instructions are listed and these
001727  ** are shown in a different format.  p->explain==2 is used to implement
001728  ** EXPLAIN QUERY PLAN.
001729  ** 2018-04-24:  In p->explain==2 mode, the OP_Init opcodes of triggers
001730  ** are also shown, so that the boundaries between the main program and
001731  ** each trigger are clear.
001732  **
001733  ** When p->explain==1, first the main program is listed, then each of
001734  ** the trigger subprograms are listed one by one.
001735  */
001736  int sqlite3VdbeList(
001737    Vdbe *p                   /* The VDBE */
001738  ){
001739    int nRow;                            /* Stop when row count reaches this */
001740    int nSub = 0;                        /* Number of sub-vdbes seen so far */
001741    SubProgram **apSub = 0;              /* Array of sub-vdbes */
001742    Mem *pSub = 0;                       /* Memory cell hold array of subprogs */
001743    sqlite3 *db = p->db;                 /* The database connection */
001744    int i;                               /* Loop counter */
001745    int rc = SQLITE_OK;                  /* Return code */
001746    Mem *pMem = &p->aMem[1];             /* First Mem of result set */
001747    int bListSubprogs = (p->explain==1 || (db->flags & SQLITE_TriggerEQP)!=0);
001748    Op *pOp = 0;
001749  
001750    assert( p->explain );
001751    assert( p->magic==VDBE_MAGIC_RUN );
001752    assert( p->rc==SQLITE_OK || p->rc==SQLITE_BUSY || p->rc==SQLITE_NOMEM );
001753  
001754    /* Even though this opcode does not use dynamic strings for
001755    ** the result, result columns may become dynamic if the user calls
001756    ** sqlite3_column_text16(), causing a translation to UTF-16 encoding.
001757    */
001758    releaseMemArray(pMem, 8);
001759    p->pResultSet = 0;
001760  
001761    if( p->rc==SQLITE_NOMEM ){
001762      /* This happens if a malloc() inside a call to sqlite3_column_text() or
001763      ** sqlite3_column_text16() failed.  */
001764      sqlite3OomFault(db);
001765      return SQLITE_ERROR;
001766    }
001767  
001768    /* When the number of output rows reaches nRow, that means the
001769    ** listing has finished and sqlite3_step() should return SQLITE_DONE.
001770    ** nRow is the sum of the number of rows in the main program, plus
001771    ** the sum of the number of rows in all trigger subprograms encountered
001772    ** so far.  The nRow value will increase as new trigger subprograms are
001773    ** encountered, but p->pc will eventually catch up to nRow.
001774    */
001775    nRow = p->nOp;
001776    if( bListSubprogs ){
001777      /* The first 8 memory cells are used for the result set.  So we will
001778      ** commandeer the 9th cell to use as storage for an array of pointers
001779      ** to trigger subprograms.  The VDBE is guaranteed to have at least 9
001780      ** cells.  */
001781      assert( p->nMem>9 );
001782      pSub = &p->aMem[9];
001783      if( pSub->flags&MEM_Blob ){
001784        /* On the first call to sqlite3_step(), pSub will hold a NULL.  It is
001785        ** initialized to a BLOB by the P4_SUBPROGRAM processing logic below */
001786        nSub = pSub->n/sizeof(Vdbe*);
001787        apSub = (SubProgram **)pSub->z;
001788      }
001789      for(i=0; i<nSub; i++){
001790        nRow += apSub[i]->nOp;
001791      }
001792    }
001793  
001794    while(1){  /* Loop exits via break */
001795      i = p->pc++;
001796      if( i>=nRow ){
001797        p->rc = SQLITE_OK;
001798        rc = SQLITE_DONE;
001799        break;
001800      }
001801      if( i<p->nOp ){
001802        /* The output line number is small enough that we are still in the
001803        ** main program. */
001804        pOp = &p->aOp[i];
001805      }else{
001806        /* We are currently listing subprograms.  Figure out which one and
001807        ** pick up the appropriate opcode. */
001808        int j;
001809        i -= p->nOp;
001810        for(j=0; i>=apSub[j]->nOp; j++){
001811          i -= apSub[j]->nOp;
001812        }
001813        pOp = &apSub[j]->aOp[i];
001814      }
001815  
001816      /* When an OP_Program opcode is encounter (the only opcode that has
001817      ** a P4_SUBPROGRAM argument), expand the size of the array of subprograms
001818      ** kept in p->aMem[9].z to hold the new program - assuming this subprogram
001819      ** has not already been seen.
001820      */
001821      if( bListSubprogs && pOp->p4type==P4_SUBPROGRAM ){
001822        int nByte = (nSub+1)*sizeof(SubProgram*);
001823        int j;
001824        for(j=0; j<nSub; j++){
001825          if( apSub[j]==pOp->p4.pProgram ) break;
001826        }
001827        if( j==nSub ){
001828          p->rc = sqlite3VdbeMemGrow(pSub, nByte, nSub!=0);
001829          if( p->rc!=SQLITE_OK ){
001830            rc = SQLITE_ERROR;
001831            break;
001832          }
001833          apSub = (SubProgram **)pSub->z;
001834          apSub[nSub++] = pOp->p4.pProgram;
001835          pSub->flags |= MEM_Blob;
001836          pSub->n = nSub*sizeof(SubProgram*);
001837          nRow += pOp->p4.pProgram->nOp;
001838        }
001839      }
001840      if( p->explain<2 ) break;
001841      if( pOp->opcode==OP_Explain ) break;
001842      if( pOp->opcode==OP_Init && p->pc>1 ) break;
001843    }
001844  
001845    if( rc==SQLITE_OK ){
001846      if( db->u1.isInterrupted ){
001847        p->rc = SQLITE_INTERRUPT;
001848        rc = SQLITE_ERROR;
001849        sqlite3VdbeError(p, sqlite3ErrStr(p->rc));
001850      }else{
001851        char *zP4;
001852        if( p->explain==1 ){
001853          pMem->flags = MEM_Int;
001854          pMem->u.i = i;                                /* Program counter */
001855          pMem++;
001856      
001857          pMem->flags = MEM_Static|MEM_Str|MEM_Term;
001858          pMem->z = (char*)sqlite3OpcodeName(pOp->opcode); /* Opcode */
001859          assert( pMem->z!=0 );
001860          pMem->n = sqlite3Strlen30(pMem->z);
001861          pMem->enc = SQLITE_UTF8;
001862          pMem++;
001863        }
001864  
001865        pMem->flags = MEM_Int;
001866        pMem->u.i = pOp->p1;                          /* P1 */
001867        pMem++;
001868  
001869        pMem->flags = MEM_Int;
001870        pMem->u.i = pOp->p2;                          /* P2 */
001871        pMem++;
001872  
001873        pMem->flags = MEM_Int;
001874        pMem->u.i = pOp->p3;                          /* P3 */
001875        pMem++;
001876  
001877        if( sqlite3VdbeMemClearAndResize(pMem, 100) ){ /* P4 */
001878          assert( p->db->mallocFailed );
001879          return SQLITE_ERROR;
001880        }
001881        pMem->flags = MEM_Str|MEM_Term;
001882        zP4 = displayP4(pOp, pMem->z, pMem->szMalloc);
001883        if( zP4!=pMem->z ){
001884          pMem->n = 0;
001885          sqlite3VdbeMemSetStr(pMem, zP4, -1, SQLITE_UTF8, 0);
001886        }else{
001887          assert( pMem->z!=0 );
001888          pMem->n = sqlite3Strlen30(pMem->z);
001889          pMem->enc = SQLITE_UTF8;
001890        }
001891        pMem++;
001892  
001893        if( p->explain==1 ){
001894          if( sqlite3VdbeMemClearAndResize(pMem, 4) ){
001895            assert( p->db->mallocFailed );
001896            return SQLITE_ERROR;
001897          }
001898          pMem->flags = MEM_Str|MEM_Term;
001899          pMem->n = 2;
001900          sqlite3_snprintf(3, pMem->z, "%.2x", pOp->p5);   /* P5 */
001901          pMem->enc = SQLITE_UTF8;
001902          pMem++;
001903      
001904  #ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
001905          if( sqlite3VdbeMemClearAndResize(pMem, 500) ){
001906            assert( p->db->mallocFailed );
001907            return SQLITE_ERROR;
001908          }
001909          pMem->flags = MEM_Str|MEM_Term;
001910          pMem->n = displayComment(pOp, zP4, pMem->z, 500);
001911          pMem->enc = SQLITE_UTF8;
001912  #else
001913          pMem->flags = MEM_Null;                       /* Comment */
001914  #endif
001915        }
001916  
001917        p->nResColumn = 8 - 4*(p->explain-1);
001918        p->pResultSet = &p->aMem[1];
001919        p->rc = SQLITE_OK;
001920        rc = SQLITE_ROW;
001921      }
001922    }
001923    return rc;
001924  }
001925  #endif /* SQLITE_OMIT_EXPLAIN */
001926  
001927  #ifdef SQLITE_DEBUG
001928  /*
001929  ** Print the SQL that was used to generate a VDBE program.
001930  */
001931  void sqlite3VdbePrintSql(Vdbe *p){
001932    const char *z = 0;
001933    if( p->zSql ){
001934      z = p->zSql;
001935    }else if( p->nOp>=1 ){
001936      const VdbeOp *pOp = &p->aOp[0];
001937      if( pOp->opcode==OP_Init && pOp->p4.z!=0 ){
001938        z = pOp->p4.z;
001939        while( sqlite3Isspace(*z) ) z++;
001940      }
001941    }
001942    if( z ) printf("SQL: [%s]\n", z);
001943  }
001944  #endif
001945  
001946  #if !defined(SQLITE_OMIT_TRACE) && defined(SQLITE_ENABLE_IOTRACE)
001947  /*
001948  ** Print an IOTRACE message showing SQL content.
001949  */
001950  void sqlite3VdbeIOTraceSql(Vdbe *p){
001951    int nOp = p->nOp;
001952    VdbeOp *pOp;
001953    if( sqlite3IoTrace==0 ) return;
001954    if( nOp<1 ) return;
001955    pOp = &p->aOp[0];
001956    if( pOp->opcode==OP_Init && pOp->p4.z!=0 ){
001957      int i, j;
001958      char z[1000];
001959      sqlite3_snprintf(sizeof(z), z, "%s", pOp->p4.z);
001960      for(i=0; sqlite3Isspace(z[i]); i++){}
001961      for(j=0; z[i]; i++){
001962        if( sqlite3Isspace(z[i]) ){
001963          if( z[i-1]!=' ' ){
001964            z[j++] = ' ';
001965          }
001966        }else{
001967          z[j++] = z[i];
001968        }
001969      }
001970      z[j] = 0;
001971      sqlite3IoTrace("SQL %s\n", z);
001972    }
001973  }
001974  #endif /* !SQLITE_OMIT_TRACE && SQLITE_ENABLE_IOTRACE */
001975  
001976  /* An instance of this object describes bulk memory available for use
001977  ** by subcomponents of a prepared statement.  Space is allocated out
001978  ** of a ReusableSpace object by the allocSpace() routine below.
001979  */
001980  struct ReusableSpace {
001981    u8 *pSpace;          /* Available memory */
001982    int nFree;           /* Bytes of available memory */
001983    int nNeeded;         /* Total bytes that could not be allocated */
001984  };
001985  
001986  /* Try to allocate nByte bytes of 8-byte aligned bulk memory for pBuf
001987  ** from the ReusableSpace object.  Return a pointer to the allocated
001988  ** memory on success.  If insufficient memory is available in the
001989  ** ReusableSpace object, increase the ReusableSpace.nNeeded
001990  ** value by the amount needed and return NULL.
001991  **
001992  ** If pBuf is not initially NULL, that means that the memory has already
001993  ** been allocated by a prior call to this routine, so just return a copy
001994  ** of pBuf and leave ReusableSpace unchanged.
001995  **
001996  ** This allocator is employed to repurpose unused slots at the end of the
001997  ** opcode array of prepared state for other memory needs of the prepared
001998  ** statement.
001999  */
002000  static void *allocSpace(
002001    struct ReusableSpace *p,  /* Bulk memory available for allocation */
002002    void *pBuf,               /* Pointer to a prior allocation */
002003    int nByte                 /* Bytes of memory needed */
002004  ){
002005    assert( EIGHT_BYTE_ALIGNMENT(p->pSpace) );
002006    if( pBuf==0 ){
002007      nByte = ROUND8(nByte);
002008      if( nByte <= p->nFree ){
002009        p->nFree -= nByte;
002010        pBuf = &p->pSpace[p->nFree];
002011      }else{
002012        p->nNeeded += nByte;
002013      }
002014    }
002015    assert( EIGHT_BYTE_ALIGNMENT(pBuf) );
002016    return pBuf;
002017  }
002018  
002019  /*
002020  ** Rewind the VDBE back to the beginning in preparation for
002021  ** running it.
002022  */
002023  void sqlite3VdbeRewind(Vdbe *p){
002024  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
002025    int i;
002026  #endif
002027    assert( p!=0 );
002028    assert( p->magic==VDBE_MAGIC_INIT || p->magic==VDBE_MAGIC_RESET );
002029  
002030    /* There should be at least one opcode.
002031    */
002032    assert( p->nOp>0 );
002033  
002034    /* Set the magic to VDBE_MAGIC_RUN sooner rather than later. */
002035    p->magic = VDBE_MAGIC_RUN;
002036  
002037  #ifdef SQLITE_DEBUG
002038    for(i=0; i<p->nMem; i++){
002039      assert( p->aMem[i].db==p->db );
002040    }
002041  #endif
002042    p->pc = -1;
002043    p->rc = SQLITE_OK;
002044    p->errorAction = OE_Abort;
002045    p->nChange = 0;
002046    p->cacheCtr = 1;
002047    p->minWriteFileFormat = 255;
002048    p->iStatement = 0;
002049    p->nFkConstraint = 0;
002050  #ifdef VDBE_PROFILE
002051    for(i=0; i<p->nOp; i++){
002052      p->aOp[i].cnt = 0;
002053      p->aOp[i].cycles = 0;
002054    }
002055  #endif
002056  }
002057  
002058  /*
002059  ** Prepare a virtual machine for execution for the first time after
002060  ** creating the virtual machine.  This involves things such
002061  ** as allocating registers and initializing the program counter.
002062  ** After the VDBE has be prepped, it can be executed by one or more
002063  ** calls to sqlite3VdbeExec().  
002064  **
002065  ** This function may be called exactly once on each virtual machine.
002066  ** After this routine is called the VM has been "packaged" and is ready
002067  ** to run.  After this routine is called, further calls to 
002068  ** sqlite3VdbeAddOp() functions are prohibited.  This routine disconnects
002069  ** the Vdbe from the Parse object that helped generate it so that the
002070  ** the Vdbe becomes an independent entity and the Parse object can be
002071  ** destroyed.
002072  **
002073  ** Use the sqlite3VdbeRewind() procedure to restore a virtual machine back
002074  ** to its initial state after it has been run.
002075  */
002076  void sqlite3VdbeMakeReady(
002077    Vdbe *p,                       /* The VDBE */
002078    Parse *pParse                  /* Parsing context */
002079  ){
002080    sqlite3 *db;                   /* The database connection */
002081    int nVar;                      /* Number of parameters */
002082    int nMem;                      /* Number of VM memory registers */
002083    int nCursor;                   /* Number of cursors required */
002084    int nArg;                      /* Number of arguments in subprograms */
002085    int n;                         /* Loop counter */
002086    struct ReusableSpace x;        /* Reusable bulk memory */
002087  
002088    assert( p!=0 );
002089    assert( p->nOp>0 );
002090    assert( pParse!=0 );
002091    assert( p->magic==VDBE_MAGIC_INIT );
002092    assert( pParse==p->pParse );
002093    db = p->db;
002094    assert( db->mallocFailed==0 );
002095    nVar = pParse->nVar;
002096    nMem = pParse->nMem;
002097    nCursor = pParse->nTab;
002098    nArg = pParse->nMaxArg;
002099    
002100    /* Each cursor uses a memory cell.  The first cursor (cursor 0) can
002101    ** use aMem[0] which is not otherwise used by the VDBE program.  Allocate
002102    ** space at the end of aMem[] for cursors 1 and greater.
002103    ** See also: allocateCursor().
002104    */
002105    nMem += nCursor;
002106    if( nCursor==0 && nMem>0 ) nMem++;  /* Space for aMem[0] even if not used */
002107  
002108    /* Figure out how much reusable memory is available at the end of the
002109    ** opcode array.  This extra memory will be reallocated for other elements
002110    ** of the prepared statement.
002111    */
002112    n = ROUND8(sizeof(Op)*p->nOp);              /* Bytes of opcode memory used */
002113    x.pSpace = &((u8*)p->aOp)[n];               /* Unused opcode memory */
002114    assert( EIGHT_BYTE_ALIGNMENT(x.pSpace) );
002115    x.nFree = ROUNDDOWN8(pParse->szOpAlloc - n);  /* Bytes of unused memory */
002116    assert( x.nFree>=0 );
002117    assert( EIGHT_BYTE_ALIGNMENT(&x.pSpace[x.nFree]) );
002118  
002119    resolveP2Values(p, &nArg);
002120    p->usesStmtJournal = (u8)(pParse->isMultiWrite && pParse->mayAbort);
002121    if( pParse->explain && nMem<10 ){
002122      nMem = 10;
002123    }
002124    p->expired = 0;
002125  
002126    /* Memory for registers, parameters, cursor, etc, is allocated in one or two
002127    ** passes.  On the first pass, we try to reuse unused memory at the 
002128    ** end of the opcode array.  If we are unable to satisfy all memory
002129    ** requirements by reusing the opcode array tail, then the second
002130    ** pass will fill in the remainder using a fresh memory allocation.  
002131    **
002132    ** This two-pass approach that reuses as much memory as possible from
002133    ** the leftover memory at the end of the opcode array.  This can significantly
002134    ** reduce the amount of memory held by a prepared statement.
002135    */
002136    do {
002137      x.nNeeded = 0;
002138      p->aMem = allocSpace(&x, p->aMem, nMem*sizeof(Mem));
002139      p->aVar = allocSpace(&x, p->aVar, nVar*sizeof(Mem));
002140      p->apArg = allocSpace(&x, p->apArg, nArg*sizeof(Mem*));
002141      p->apCsr = allocSpace(&x, p->apCsr, nCursor*sizeof(VdbeCursor*));
002142  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
002143      p->anExec = allocSpace(&x, p->anExec, p->nOp*sizeof(i64));
002144  #endif
002145      if( x.nNeeded==0 ) break;
002146      x.pSpace = p->pFree = sqlite3DbMallocRawNN(db, x.nNeeded);
002147      x.nFree = x.nNeeded;
002148    }while( !db->mallocFailed );
002149  
002150    p->pVList = pParse->pVList;
002151    pParse->pVList =  0;
002152    p->explain = pParse->explain;
002153    if( db->mallocFailed ){
002154      p->nVar = 0;
002155      p->nCursor = 0;
002156      p->nMem = 0;
002157    }else{
002158      p->nCursor = nCursor;
002159      p->nVar = (ynVar)nVar;
002160      initMemArray(p->aVar, nVar, db, MEM_Null);
002161      p->nMem = nMem;
002162      initMemArray(p->aMem, nMem, db, MEM_Undefined);
002163      memset(p->apCsr, 0, nCursor*sizeof(VdbeCursor*));
002164  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
002165      memset(p->anExec, 0, p->nOp*sizeof(i64));
002166  #endif
002167    }
002168    sqlite3VdbeRewind(p);
002169  }
002170  
002171  /*
002172  ** Close a VDBE cursor and release all the resources that cursor 
002173  ** happens to hold.
002174  */
002175  void sqlite3VdbeFreeCursor(Vdbe *p, VdbeCursor *pCx){
002176    if( pCx==0 ){
002177      return;
002178    }
002179    assert( pCx->pBtx==0 || pCx->eCurType==CURTYPE_BTREE );
002180    switch( pCx->eCurType ){
002181      case CURTYPE_SORTER: {
002182        sqlite3VdbeSorterClose(p->db, pCx);
002183        break;
002184      }
002185      case CURTYPE_BTREE: {
002186        if( pCx->isEphemeral ){
002187          if( pCx->pBtx ) sqlite3BtreeClose(pCx->pBtx);
002188          /* The pCx->pCursor will be close automatically, if it exists, by
002189          ** the call above. */
002190        }else{
002191          assert( pCx->uc.pCursor!=0 );
002192          sqlite3BtreeCloseCursor(pCx->uc.pCursor);
002193        }
002194        break;
002195      }
002196  #ifndef SQLITE_OMIT_VIRTUALTABLE
002197      case CURTYPE_VTAB: {
002198        sqlite3_vtab_cursor *pVCur = pCx->uc.pVCur;
002199        const sqlite3_module *pModule = pVCur->pVtab->pModule;
002200        assert( pVCur->pVtab->nRef>0 );
002201        pVCur->pVtab->nRef--;
002202        pModule->xClose(pVCur);
002203        break;
002204      }
002205  #endif
002206    }
002207  }
002208  
002209  /*
002210  ** Close all cursors in the current frame.
002211  */
002212  static void closeCursorsInFrame(Vdbe *p){
002213    if( p->apCsr ){
002214      int i;
002215      for(i=0; i<p->nCursor; i++){
002216        VdbeCursor *pC = p->apCsr[i];
002217        if( pC ){
002218          sqlite3VdbeFreeCursor(p, pC);
002219          p->apCsr[i] = 0;
002220        }
002221      }
002222    }
002223  }
002224  
002225  /*
002226  ** Copy the values stored in the VdbeFrame structure to its Vdbe. This
002227  ** is used, for example, when a trigger sub-program is halted to restore
002228  ** control to the main program.
002229  */
002230  int sqlite3VdbeFrameRestore(VdbeFrame *pFrame){
002231    Vdbe *v = pFrame->v;
002232    closeCursorsInFrame(v);
002233  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
002234    v->anExec = pFrame->anExec;
002235  #endif
002236    v->aOp = pFrame->aOp;
002237    v->nOp = pFrame->nOp;
002238    v->aMem = pFrame->aMem;
002239    v->nMem = pFrame->nMem;
002240    v->apCsr = pFrame->apCsr;
002241    v->nCursor = pFrame->nCursor;
002242    v->db->lastRowid = pFrame->lastRowid;
002243    v->nChange = pFrame->nChange;
002244    v->db->nChange = pFrame->nDbChange;
002245    sqlite3VdbeDeleteAuxData(v->db, &v->pAuxData, -1, 0);
002246    v->pAuxData = pFrame->pAuxData;
002247    pFrame->pAuxData = 0;
002248    return pFrame->pc;
002249  }
002250  
002251  /*
002252  ** Close all cursors.
002253  **
002254  ** Also release any dynamic memory held by the VM in the Vdbe.aMem memory 
002255  ** cell array. This is necessary as the memory cell array may contain
002256  ** pointers to VdbeFrame objects, which may in turn contain pointers to
002257  ** open cursors.
002258  */
002259  static void closeAllCursors(Vdbe *p){
002260    if( p->pFrame ){
002261      VdbeFrame *pFrame;
002262      for(pFrame=p->pFrame; pFrame->pParent; pFrame=pFrame->pParent);
002263      sqlite3VdbeFrameRestore(pFrame);
002264      p->pFrame = 0;
002265      p->nFrame = 0;
002266    }
002267    assert( p->nFrame==0 );
002268    closeCursorsInFrame(p);
002269    if( p->aMem ){
002270      releaseMemArray(p->aMem, p->nMem);
002271    }
002272    while( p->pDelFrame ){
002273      VdbeFrame *pDel = p->pDelFrame;
002274      p->pDelFrame = pDel->pParent;
002275      sqlite3VdbeFrameDelete(pDel);
002276    }
002277  
002278    /* Delete any auxdata allocations made by the VM */
002279    if( p->pAuxData ) sqlite3VdbeDeleteAuxData(p->db, &p->pAuxData, -1, 0);
002280    assert( p->pAuxData==0 );
002281  }
002282  
002283  /*
002284  ** Set the number of result columns that will be returned by this SQL
002285  ** statement. This is now set at compile time, rather than during
002286  ** execution of the vdbe program so that sqlite3_column_count() can
002287  ** be called on an SQL statement before sqlite3_step().
002288  */
002289  void sqlite3VdbeSetNumCols(Vdbe *p, int nResColumn){
002290    int n;
002291    sqlite3 *db = p->db;
002292  
002293    if( p->nResColumn ){
002294      releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
002295      sqlite3DbFree(db, p->aColName);
002296    }
002297    n = nResColumn*COLNAME_N;
002298    p->nResColumn = (u16)nResColumn;
002299    p->aColName = (Mem*)sqlite3DbMallocRawNN(db, sizeof(Mem)*n );
002300    if( p->aColName==0 ) return;
002301    initMemArray(p->aColName, n, db, MEM_Null);
002302  }
002303  
002304  /*
002305  ** Set the name of the idx'th column to be returned by the SQL statement.
002306  ** zName must be a pointer to a nul terminated string.
002307  **
002308  ** This call must be made after a call to sqlite3VdbeSetNumCols().
002309  **
002310  ** The final parameter, xDel, must be one of SQLITE_DYNAMIC, SQLITE_STATIC
002311  ** or SQLITE_TRANSIENT. If it is SQLITE_DYNAMIC, then the buffer pointed
002312  ** to by zName will be freed by sqlite3DbFree() when the vdbe is destroyed.
002313  */
002314  int sqlite3VdbeSetColName(
002315    Vdbe *p,                         /* Vdbe being configured */
002316    int idx,                         /* Index of column zName applies to */
002317    int var,                         /* One of the COLNAME_* constants */
002318    const char *zName,               /* Pointer to buffer containing name */
002319    void (*xDel)(void*)              /* Memory management strategy for zName */
002320  ){
002321    int rc;
002322    Mem *pColName;
002323    assert( idx<p->nResColumn );
002324    assert( var<COLNAME_N );
002325    if( p->db->mallocFailed ){
002326      assert( !zName || xDel!=SQLITE_DYNAMIC );
002327      return SQLITE_NOMEM_BKPT;
002328    }
002329    assert( p->aColName!=0 );
002330    pColName = &(p->aColName[idx+var*p->nResColumn]);
002331    rc = sqlite3VdbeMemSetStr(pColName, zName, -1, SQLITE_UTF8, xDel);
002332    assert( rc!=0 || !zName || (pColName->flags&MEM_Term)!=0 );
002333    return rc;
002334  }
002335  
002336  /*
002337  ** A read or write transaction may or may not be active on database handle
002338  ** db. If a transaction is active, commit it. If there is a
002339  ** write-transaction spanning more than one database file, this routine
002340  ** takes care of the master journal trickery.
002341  */
002342  static int vdbeCommit(sqlite3 *db, Vdbe *p){
002343    int i;
002344    int nTrans = 0;  /* Number of databases with an active write-transaction
002345                     ** that are candidates for a two-phase commit using a
002346                     ** master-journal */
002347    int rc = SQLITE_OK;
002348    int needXcommit = 0;
002349  
002350  #ifdef SQLITE_OMIT_VIRTUALTABLE
002351    /* With this option, sqlite3VtabSync() is defined to be simply 
002352    ** SQLITE_OK so p is not used. 
002353    */
002354    UNUSED_PARAMETER(p);
002355  #endif
002356  
002357    /* Before doing anything else, call the xSync() callback for any
002358    ** virtual module tables written in this transaction. This has to
002359    ** be done before determining whether a master journal file is 
002360    ** required, as an xSync() callback may add an attached database
002361    ** to the transaction.
002362    */
002363    rc = sqlite3VtabSync(db, p);
002364  
002365    /* This loop determines (a) if the commit hook should be invoked and
002366    ** (b) how many database files have open write transactions, not 
002367    ** including the temp database. (b) is important because if more than 
002368    ** one database file has an open write transaction, a master journal
002369    ** file is required for an atomic commit.
002370    */ 
002371    for(i=0; rc==SQLITE_OK && i<db->nDb; i++){ 
002372      Btree *pBt = db->aDb[i].pBt;
002373      if( sqlite3BtreeIsInTrans(pBt) ){
002374        /* Whether or not a database might need a master journal depends upon
002375        ** its journal mode (among other things).  This matrix determines which
002376        ** journal modes use a master journal and which do not */
002377        static const u8 aMJNeeded[] = {
002378          /* DELETE   */  1,
002379          /* PERSIST   */ 1,
002380          /* OFF       */ 0,
002381          /* TRUNCATE  */ 1,
002382          /* MEMORY    */ 0,
002383          /* WAL       */ 0
002384        };
002385        Pager *pPager;   /* Pager associated with pBt */
002386        needXcommit = 1;
002387        sqlite3BtreeEnter(pBt);
002388        pPager = sqlite3BtreePager(pBt);
002389        if( db->aDb[i].safety_level!=PAGER_SYNCHRONOUS_OFF
002390         && aMJNeeded[sqlite3PagerGetJournalMode(pPager)]
002391         && sqlite3PagerIsMemdb(pPager)==0
002392        ){ 
002393          assert( i!=1 );
002394          nTrans++;
002395        }
002396        rc = sqlite3PagerExclusiveLock(pPager);
002397        sqlite3BtreeLeave(pBt);
002398      }
002399    }
002400    if( rc!=SQLITE_OK ){
002401      return rc;
002402    }
002403  
002404    /* If there are any write-transactions at all, invoke the commit hook */
002405    if( needXcommit && db->xCommitCallback ){
002406      rc = db->xCommitCallback(db->pCommitArg);
002407      if( rc ){
002408        return SQLITE_CONSTRAINT_COMMITHOOK;
002409      }
002410    }
002411  
002412    /* The simple case - no more than one database file (not counting the
002413    ** TEMP database) has a transaction active.   There is no need for the
002414    ** master-journal.
002415    **
002416    ** If the return value of sqlite3BtreeGetFilename() is a zero length
002417    ** string, it means the main database is :memory: or a temp file.  In 
002418    ** that case we do not support atomic multi-file commits, so use the 
002419    ** simple case then too.
002420    */
002421    if( 0==sqlite3Strlen30(sqlite3BtreeGetFilename(db->aDb[0].pBt))
002422     || nTrans<=1
002423    ){
002424      for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
002425        Btree *pBt = db->aDb[i].pBt;
002426        if( pBt ){
002427          rc = sqlite3BtreeCommitPhaseOne(pBt, 0);
002428        }
002429      }
002430  
002431      /* Do the commit only if all databases successfully complete phase 1. 
002432      ** If one of the BtreeCommitPhaseOne() calls fails, this indicates an
002433      ** IO error while deleting or truncating a journal file. It is unlikely,
002434      ** but could happen. In this case abandon processing and return the error.
002435      */
002436      for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
002437        Btree *pBt = db->aDb[i].pBt;
002438        if( pBt ){
002439          rc = sqlite3BtreeCommitPhaseTwo(pBt, 0);
002440        }
002441      }
002442      if( rc==SQLITE_OK ){
002443        sqlite3VtabCommit(db);
002444      }
002445    }
002446  
002447    /* The complex case - There is a multi-file write-transaction active.
002448    ** This requires a master journal file to ensure the transaction is
002449    ** committed atomically.
002450    */
002451  #ifndef SQLITE_OMIT_DISKIO
002452    else{
002453      sqlite3_vfs *pVfs = db->pVfs;
002454      char *zMaster = 0;   /* File-name for the master journal */
002455      char const *zMainFile = sqlite3BtreeGetFilename(db->aDb[0].pBt);
002456      sqlite3_file *pMaster = 0;
002457      i64 offset = 0;
002458      int res;
002459      int retryCount = 0;
002460      int nMainFile;
002461  
002462      /* Select a master journal file name */
002463      nMainFile = sqlite3Strlen30(zMainFile);
002464      zMaster = sqlite3MPrintf(db, "%s-mjXXXXXX9XXz", zMainFile);
002465      if( zMaster==0 ) return SQLITE_NOMEM_BKPT;
002466      do {
002467        u32 iRandom;
002468        if( retryCount ){
002469          if( retryCount>100 ){
002470            sqlite3_log(SQLITE_FULL, "MJ delete: %s", zMaster);
002471            sqlite3OsDelete(pVfs, zMaster, 0);
002472            break;
002473          }else if( retryCount==1 ){
002474            sqlite3_log(SQLITE_FULL, "MJ collide: %s", zMaster);
002475          }
002476        }
002477        retryCount++;
002478        sqlite3_randomness(sizeof(iRandom), &iRandom);
002479        sqlite3_snprintf(13, &zMaster[nMainFile], "-mj%06X9%02X",
002480                                 (iRandom>>8)&0xffffff, iRandom&0xff);
002481        /* The antipenultimate character of the master journal name must
002482        ** be "9" to avoid name collisions when using 8+3 filenames. */
002483        assert( zMaster[sqlite3Strlen30(zMaster)-3]=='9' );
002484        sqlite3FileSuffix3(zMainFile, zMaster);
002485        rc = sqlite3OsAccess(pVfs, zMaster, SQLITE_ACCESS_EXISTS, &res);
002486      }while( rc==SQLITE_OK && res );
002487      if( rc==SQLITE_OK ){
002488        /* Open the master journal. */
002489        rc = sqlite3OsOpenMalloc(pVfs, zMaster, &pMaster, 
002490            SQLITE_OPEN_READWRITE|SQLITE_OPEN_CREATE|
002491            SQLITE_OPEN_EXCLUSIVE|SQLITE_OPEN_MASTER_JOURNAL, 0
002492        );
002493      }
002494      if( rc!=SQLITE_OK ){
002495        sqlite3DbFree(db, zMaster);
002496        return rc;
002497      }
002498   
002499      /* Write the name of each database file in the transaction into the new
002500      ** master journal file. If an error occurs at this point close
002501      ** and delete the master journal file. All the individual journal files
002502      ** still have 'null' as the master journal pointer, so they will roll
002503      ** back independently if a failure occurs.
002504      */
002505      for(i=0; i<db->nDb; i++){
002506        Btree *pBt = db->aDb[i].pBt;
002507        if( sqlite3BtreeIsInTrans(pBt) ){
002508          char const *zFile = sqlite3BtreeGetJournalname(pBt);
002509          if( zFile==0 ){
002510            continue;  /* Ignore TEMP and :memory: databases */
002511          }
002512          assert( zFile[0]!=0 );
002513          rc = sqlite3OsWrite(pMaster, zFile, sqlite3Strlen30(zFile)+1, offset);
002514          offset += sqlite3Strlen30(zFile)+1;
002515          if( rc!=SQLITE_OK ){
002516            sqlite3OsCloseFree(pMaster);
002517            sqlite3OsDelete(pVfs, zMaster, 0);
002518            sqlite3DbFree(db, zMaster);
002519            return rc;
002520          }
002521        }
002522      }
002523  
002524      /* Sync the master journal file. If the IOCAP_SEQUENTIAL device
002525      ** flag is set this is not required.
002526      */
002527      if( 0==(sqlite3OsDeviceCharacteristics(pMaster)&SQLITE_IOCAP_SEQUENTIAL)
002528       && SQLITE_OK!=(rc = sqlite3OsSync(pMaster, SQLITE_SYNC_NORMAL))
002529      ){
002530        sqlite3OsCloseFree(pMaster);
002531        sqlite3OsDelete(pVfs, zMaster, 0);
002532        sqlite3DbFree(db, zMaster);
002533        return rc;
002534      }
002535  
002536      /* Sync all the db files involved in the transaction. The same call
002537      ** sets the master journal pointer in each individual journal. If
002538      ** an error occurs here, do not delete the master journal file.
002539      **
002540      ** If the error occurs during the first call to
002541      ** sqlite3BtreeCommitPhaseOne(), then there is a chance that the
002542      ** master journal file will be orphaned. But we cannot delete it,
002543      ** in case the master journal file name was written into the journal
002544      ** file before the failure occurred.
002545      */
002546      for(i=0; rc==SQLITE_OK && i<db->nDb; i++){ 
002547        Btree *pBt = db->aDb[i].pBt;
002548        if( pBt ){
002549          rc = sqlite3BtreeCommitPhaseOne(pBt, zMaster);
002550        }
002551      }
002552      sqlite3OsCloseFree(pMaster);
002553      assert( rc!=SQLITE_BUSY );
002554      if( rc!=SQLITE_OK ){
002555        sqlite3DbFree(db, zMaster);
002556        return rc;
002557      }
002558  
002559      /* Delete the master journal file. This commits the transaction. After
002560      ** doing this the directory is synced again before any individual
002561      ** transaction files are deleted.
002562      */
002563      rc = sqlite3OsDelete(pVfs, zMaster, 1);
002564      sqlite3DbFree(db, zMaster);
002565      zMaster = 0;
002566      if( rc ){
002567        return rc;
002568      }
002569  
002570      /* All files and directories have already been synced, so the following
002571      ** calls to sqlite3BtreeCommitPhaseTwo() are only closing files and
002572      ** deleting or truncating journals. If something goes wrong while
002573      ** this is happening we don't really care. The integrity of the
002574      ** transaction is already guaranteed, but some stray 'cold' journals
002575      ** may be lying around. Returning an error code won't help matters.
002576      */
002577      disable_simulated_io_errors();
002578      sqlite3BeginBenignMalloc();
002579      for(i=0; i<db->nDb; i++){ 
002580        Btree *pBt = db->aDb[i].pBt;
002581        if( pBt ){
002582          sqlite3BtreeCommitPhaseTwo(pBt, 1);
002583        }
002584      }
002585      sqlite3EndBenignMalloc();
002586      enable_simulated_io_errors();
002587  
002588      sqlite3VtabCommit(db);
002589    }
002590  #endif
002591  
002592    return rc;
002593  }
002594  
002595  /* 
002596  ** This routine checks that the sqlite3.nVdbeActive count variable
002597  ** matches the number of vdbe's in the list sqlite3.pVdbe that are
002598  ** currently active. An assertion fails if the two counts do not match.
002599  ** This is an internal self-check only - it is not an essential processing
002600  ** step.
002601  **
002602  ** This is a no-op if NDEBUG is defined.
002603  */
002604  #ifndef NDEBUG
002605  static void checkActiveVdbeCnt(sqlite3 *db){
002606    Vdbe *p;
002607    int cnt = 0;
002608    int nWrite = 0;
002609    int nRead = 0;
002610    p = db->pVdbe;
002611    while( p ){
002612      if( sqlite3_stmt_busy((sqlite3_stmt*)p) ){
002613        cnt++;
002614        if( p->readOnly==0 ) nWrite++;
002615        if( p->bIsReader ) nRead++;
002616      }
002617      p = p->pNext;
002618    }
002619    assert( cnt==db->nVdbeActive );
002620    assert( nWrite==db->nVdbeWrite );
002621    assert( nRead==db->nVdbeRead );
002622  }
002623  #else
002624  #define checkActiveVdbeCnt(x)
002625  #endif
002626  
002627  /*
002628  ** If the Vdbe passed as the first argument opened a statement-transaction,
002629  ** close it now. Argument eOp must be either SAVEPOINT_ROLLBACK or
002630  ** SAVEPOINT_RELEASE. If it is SAVEPOINT_ROLLBACK, then the statement
002631  ** transaction is rolled back. If eOp is SAVEPOINT_RELEASE, then the 
002632  ** statement transaction is committed.
002633  **
002634  ** If an IO error occurs, an SQLITE_IOERR_XXX error code is returned. 
002635  ** Otherwise SQLITE_OK.
002636  */
002637  static SQLITE_NOINLINE int vdbeCloseStatement(Vdbe *p, int eOp){
002638    sqlite3 *const db = p->db;
002639    int rc = SQLITE_OK;
002640    int i;
002641    const int iSavepoint = p->iStatement-1;
002642  
002643    assert( eOp==SAVEPOINT_ROLLBACK || eOp==SAVEPOINT_RELEASE);
002644    assert( db->nStatement>0 );
002645    assert( p->iStatement==(db->nStatement+db->nSavepoint) );
002646  
002647    for(i=0; i<db->nDb; i++){ 
002648      int rc2 = SQLITE_OK;
002649      Btree *pBt = db->aDb[i].pBt;
002650      if( pBt ){
002651        if( eOp==SAVEPOINT_ROLLBACK ){
002652          rc2 = sqlite3BtreeSavepoint(pBt, SAVEPOINT_ROLLBACK, iSavepoint);
002653        }
002654        if( rc2==SQLITE_OK ){
002655          rc2 = sqlite3BtreeSavepoint(pBt, SAVEPOINT_RELEASE, iSavepoint);
002656        }
002657        if( rc==SQLITE_OK ){
002658          rc = rc2;
002659        }
002660      }
002661    }
002662    db->nStatement--;
002663    p->iStatement = 0;
002664  
002665    if( rc==SQLITE_OK ){
002666      if( eOp==SAVEPOINT_ROLLBACK ){
002667        rc = sqlite3VtabSavepoint(db, SAVEPOINT_ROLLBACK, iSavepoint);
002668      }
002669      if( rc==SQLITE_OK ){
002670        rc = sqlite3VtabSavepoint(db, SAVEPOINT_RELEASE, iSavepoint);
002671      }
002672    }
002673  
002674    /* If the statement transaction is being rolled back, also restore the 
002675    ** database handles deferred constraint counter to the value it had when 
002676    ** the statement transaction was opened.  */
002677    if( eOp==SAVEPOINT_ROLLBACK ){
002678      db->nDeferredCons = p->nStmtDefCons;
002679      db->nDeferredImmCons = p->nStmtDefImmCons;
002680    }
002681    return rc;
002682  }
002683  int sqlite3VdbeCloseStatement(Vdbe *p, int eOp){
002684    if( p->db->nStatement && p->iStatement ){
002685      return vdbeCloseStatement(p, eOp);
002686    }
002687    return SQLITE_OK;
002688  }
002689  
002690  
002691  /*
002692  ** This function is called when a transaction opened by the database 
002693  ** handle associated with the VM passed as an argument is about to be 
002694  ** committed. If there are outstanding deferred foreign key constraint
002695  ** violations, return SQLITE_ERROR. Otherwise, SQLITE_OK.
002696  **
002697  ** If there are outstanding FK violations and this function returns 
002698  ** SQLITE_ERROR, set the result of the VM to SQLITE_CONSTRAINT_FOREIGNKEY
002699  ** and write an error message to it. Then return SQLITE_ERROR.
002700  */
002701  #ifndef SQLITE_OMIT_FOREIGN_KEY
002702  int sqlite3VdbeCheckFk(Vdbe *p, int deferred){
002703    sqlite3 *db = p->db;
002704    if( (deferred && (db->nDeferredCons+db->nDeferredImmCons)>0) 
002705     || (!deferred && p->nFkConstraint>0) 
002706    ){
002707      p->rc = SQLITE_CONSTRAINT_FOREIGNKEY;
002708      p->errorAction = OE_Abort;
002709      sqlite3VdbeError(p, "FOREIGN KEY constraint failed");
002710      return SQLITE_ERROR;
002711    }
002712    return SQLITE_OK;
002713  }
002714  #endif
002715  
002716  /*
002717  ** This routine is called the when a VDBE tries to halt.  If the VDBE
002718  ** has made changes and is in autocommit mode, then commit those
002719  ** changes.  If a rollback is needed, then do the rollback.
002720  **
002721  ** This routine is the only way to move the state of a VM from
002722  ** SQLITE_MAGIC_RUN to SQLITE_MAGIC_HALT.  It is harmless to
002723  ** call this on a VM that is in the SQLITE_MAGIC_HALT state.
002724  **
002725  ** Return an error code.  If the commit could not complete because of
002726  ** lock contention, return SQLITE_BUSY.  If SQLITE_BUSY is returned, it
002727  ** means the close did not happen and needs to be repeated.
002728  */
002729  int sqlite3VdbeHalt(Vdbe *p){
002730    int rc;                         /* Used to store transient return codes */
002731    sqlite3 *db = p->db;
002732  
002733    /* This function contains the logic that determines if a statement or
002734    ** transaction will be committed or rolled back as a result of the
002735    ** execution of this virtual machine. 
002736    **
002737    ** If any of the following errors occur:
002738    **
002739    **     SQLITE_NOMEM
002740    **     SQLITE_IOERR
002741    **     SQLITE_FULL
002742    **     SQLITE_INTERRUPT
002743    **
002744    ** Then the internal cache might have been left in an inconsistent
002745    ** state.  We need to rollback the statement transaction, if there is
002746    ** one, or the complete transaction if there is no statement transaction.
002747    */
002748  
002749    if( p->magic!=VDBE_MAGIC_RUN ){
002750      return SQLITE_OK;
002751    }
002752    if( db->mallocFailed ){
002753      p->rc = SQLITE_NOMEM_BKPT;
002754    }
002755    closeAllCursors(p);
002756    checkActiveVdbeCnt(db);
002757  
002758    /* No commit or rollback needed if the program never started or if the
002759    ** SQL statement does not read or write a database file.  */
002760    if( p->pc>=0 && p->bIsReader ){
002761      int mrc;   /* Primary error code from p->rc */
002762      int eStatementOp = 0;
002763      int isSpecialError;            /* Set to true if a 'special' error */
002764  
002765      /* Lock all btrees used by the statement */
002766      sqlite3VdbeEnter(p);
002767  
002768      /* Check for one of the special errors */
002769      mrc = p->rc & 0xff;
002770      isSpecialError = mrc==SQLITE_NOMEM || mrc==SQLITE_IOERR
002771                       || mrc==SQLITE_INTERRUPT || mrc==SQLITE_FULL;
002772      if( isSpecialError ){
002773        /* If the query was read-only and the error code is SQLITE_INTERRUPT, 
002774        ** no rollback is necessary. Otherwise, at least a savepoint 
002775        ** transaction must be rolled back to restore the database to a 
002776        ** consistent state.
002777        **
002778        ** Even if the statement is read-only, it is important to perform
002779        ** a statement or transaction rollback operation. If the error 
002780        ** occurred while writing to the journal, sub-journal or database
002781        ** file as part of an effort to free up cache space (see function
002782        ** pagerStress() in pager.c), the rollback is required to restore 
002783        ** the pager to a consistent state.
002784        */
002785        if( !p->readOnly || mrc!=SQLITE_INTERRUPT ){
002786          if( (mrc==SQLITE_NOMEM || mrc==SQLITE_FULL) && p->usesStmtJournal ){
002787            eStatementOp = SAVEPOINT_ROLLBACK;
002788          }else{
002789            /* We are forced to roll back the active transaction. Before doing
002790            ** so, abort any other statements this handle currently has active.
002791            */
002792            sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
002793            sqlite3CloseSavepoints(db);
002794            db->autoCommit = 1;
002795            p->nChange = 0;
002796          }
002797        }
002798      }
002799  
002800      /* Check for immediate foreign key violations. */
002801      if( p->rc==SQLITE_OK ){
002802        sqlite3VdbeCheckFk(p, 0);
002803      }
002804    
002805      /* If the auto-commit flag is set and this is the only active writer 
002806      ** VM, then we do either a commit or rollback of the current transaction. 
002807      **
002808      ** Note: This block also runs if one of the special errors handled 
002809      ** above has occurred. 
002810      */
002811      if( !sqlite3VtabInSync(db) 
002812       && db->autoCommit 
002813       && db->nVdbeWrite==(p->readOnly==0) 
002814      ){
002815        if( p->rc==SQLITE_OK || (p->errorAction==OE_Fail && !isSpecialError) ){
002816          rc = sqlite3VdbeCheckFk(p, 1);
002817          if( rc!=SQLITE_OK ){
002818            if( NEVER(p->readOnly) ){
002819              sqlite3VdbeLeave(p);
002820              return SQLITE_ERROR;
002821            }
002822            rc = SQLITE_CONSTRAINT_FOREIGNKEY;
002823          }else{ 
002824            /* The auto-commit flag is true, the vdbe program was successful 
002825            ** or hit an 'OR FAIL' constraint and there are no deferred foreign
002826            ** key constraints to hold up the transaction. This means a commit 
002827            ** is required. */
002828            rc = vdbeCommit(db, p);
002829          }
002830          if( rc==SQLITE_BUSY && p->readOnly ){
002831            sqlite3VdbeLeave(p);
002832            return SQLITE_BUSY;
002833          }else if( rc!=SQLITE_OK ){
002834            p->rc = rc;
002835            sqlite3RollbackAll(db, SQLITE_OK);
002836            p->nChange = 0;
002837          }else{
002838            db->nDeferredCons = 0;
002839            db->nDeferredImmCons = 0;
002840            db->flags &= ~SQLITE_DeferFKs;
002841            sqlite3CommitInternalChanges(db);
002842          }
002843        }else{
002844          sqlite3RollbackAll(db, SQLITE_OK);
002845          p->nChange = 0;
002846        }
002847        db->nStatement = 0;
002848      }else if( eStatementOp==0 ){
002849        if( p->rc==SQLITE_OK || p->errorAction==OE_Fail ){
002850          eStatementOp = SAVEPOINT_RELEASE;
002851        }else if( p->errorAction==OE_Abort ){
002852          eStatementOp = SAVEPOINT_ROLLBACK;
002853        }else{
002854          sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
002855          sqlite3CloseSavepoints(db);
002856          db->autoCommit = 1;
002857          p->nChange = 0;
002858        }
002859      }
002860    
002861      /* If eStatementOp is non-zero, then a statement transaction needs to
002862      ** be committed or rolled back. Call sqlite3VdbeCloseStatement() to
002863      ** do so. If this operation returns an error, and the current statement
002864      ** error code is SQLITE_OK or SQLITE_CONSTRAINT, then promote the
002865      ** current statement error code.
002866      */
002867      if( eStatementOp ){
002868        rc = sqlite3VdbeCloseStatement(p, eStatementOp);
002869        if( rc ){
002870          if( p->rc==SQLITE_OK || (p->rc&0xff)==SQLITE_CONSTRAINT ){
002871            p->rc = rc;
002872            sqlite3DbFree(db, p->zErrMsg);
002873            p->zErrMsg = 0;
002874          }
002875          sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
002876          sqlite3CloseSavepoints(db);
002877          db->autoCommit = 1;
002878          p->nChange = 0;
002879        }
002880      }
002881    
002882      /* If this was an INSERT, UPDATE or DELETE and no statement transaction
002883      ** has been rolled back, update the database connection change-counter. 
002884      */
002885      if( p->changeCntOn ){
002886        if( eStatementOp!=SAVEPOINT_ROLLBACK ){
002887          sqlite3VdbeSetChanges(db, p->nChange);
002888        }else{
002889          sqlite3VdbeSetChanges(db, 0);
002890        }
002891        p->nChange = 0;
002892      }
002893  
002894      /* Release the locks */
002895      sqlite3VdbeLeave(p);
002896    }
002897  
002898    /* We have successfully halted and closed the VM.  Record this fact. */
002899    if( p->pc>=0 ){
002900      db->nVdbeActive--;
002901      if( !p->readOnly ) db->nVdbeWrite--;
002902      if( p->bIsReader ) db->nVdbeRead--;
002903      assert( db->nVdbeActive>=db->nVdbeRead );
002904      assert( db->nVdbeRead>=db->nVdbeWrite );
002905      assert( db->nVdbeWrite>=0 );
002906    }
002907    p->magic = VDBE_MAGIC_HALT;
002908    checkActiveVdbeCnt(db);
002909    if( db->mallocFailed ){
002910      p->rc = SQLITE_NOMEM_BKPT;
002911    }
002912  
002913    /* If the auto-commit flag is set to true, then any locks that were held
002914    ** by connection db have now been released. Call sqlite3ConnectionUnlocked() 
002915    ** to invoke any required unlock-notify callbacks.
002916    */
002917    if( db->autoCommit ){
002918      sqlite3ConnectionUnlocked(db);
002919    }
002920  
002921    assert( db->nVdbeActive>0 || db->autoCommit==0 || db->nStatement==0 );
002922    return (p->rc==SQLITE_BUSY ? SQLITE_BUSY : SQLITE_OK);
002923  }
002924  
002925  
002926  /*
002927  ** Each VDBE holds the result of the most recent sqlite3_step() call
002928  ** in p->rc.  This routine sets that result back to SQLITE_OK.
002929  */
002930  void sqlite3VdbeResetStepResult(Vdbe *p){
002931    p->rc = SQLITE_OK;
002932  }
002933  
002934  /*
002935  ** Copy the error code and error message belonging to the VDBE passed
002936  ** as the first argument to its database handle (so that they will be 
002937  ** returned by calls to sqlite3_errcode() and sqlite3_errmsg()).
002938  **
002939  ** This function does not clear the VDBE error code or message, just
002940  ** copies them to the database handle.
002941  */
002942  int sqlite3VdbeTransferError(Vdbe *p){
002943    sqlite3 *db = p->db;
002944    int rc = p->rc;
002945    if( p->zErrMsg ){
002946      db->bBenignMalloc++;
002947      sqlite3BeginBenignMalloc();
002948      if( db->pErr==0 ) db->pErr = sqlite3ValueNew(db);
002949      sqlite3ValueSetStr(db->pErr, -1, p->zErrMsg, SQLITE_UTF8, SQLITE_TRANSIENT);
002950      sqlite3EndBenignMalloc();
002951      db->bBenignMalloc--;
002952    }else if( db->pErr ){
002953      sqlite3ValueSetNull(db->pErr);
002954    }
002955    db->errCode = rc;
002956    return rc;
002957  }
002958  
002959  #ifdef SQLITE_ENABLE_SQLLOG
002960  /*
002961  ** If an SQLITE_CONFIG_SQLLOG hook is registered and the VM has been run, 
002962  ** invoke it.
002963  */
002964  static void vdbeInvokeSqllog(Vdbe *v){
002965    if( sqlite3GlobalConfig.xSqllog && v->rc==SQLITE_OK && v->zSql && v->pc>=0 ){
002966      char *zExpanded = sqlite3VdbeExpandSql(v, v->zSql);
002967      assert( v->db->init.busy==0 );
002968      if( zExpanded ){
002969        sqlite3GlobalConfig.xSqllog(
002970            sqlite3GlobalConfig.pSqllogArg, v->db, zExpanded, 1
002971        );
002972        sqlite3DbFree(v->db, zExpanded);
002973      }
002974    }
002975  }
002976  #else
002977  # define vdbeInvokeSqllog(x)
002978  #endif
002979  
002980  /*
002981  ** Clean up a VDBE after execution but do not delete the VDBE just yet.
002982  ** Write any error messages into *pzErrMsg.  Return the result code.
002983  **
002984  ** After this routine is run, the VDBE should be ready to be executed
002985  ** again.
002986  **
002987  ** To look at it another way, this routine resets the state of the
002988  ** virtual machine from VDBE_MAGIC_RUN or VDBE_MAGIC_HALT back to
002989  ** VDBE_MAGIC_INIT.
002990  */
002991  int sqlite3VdbeReset(Vdbe *p){
002992  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
002993    int i;
002994  #endif
002995  
002996    sqlite3 *db;
002997    db = p->db;
002998  
002999    /* If the VM did not run to completion or if it encountered an
003000    ** error, then it might not have been halted properly.  So halt
003001    ** it now.
003002    */
003003    sqlite3VdbeHalt(p);
003004  
003005    /* If the VDBE has be run even partially, then transfer the error code
003006    ** and error message from the VDBE into the main database structure.  But
003007    ** if the VDBE has just been set to run but has not actually executed any
003008    ** instructions yet, leave the main database error information unchanged.
003009    */
003010    if( p->pc>=0 ){
003011      vdbeInvokeSqllog(p);
003012      sqlite3VdbeTransferError(p);
003013      if( p->runOnlyOnce ) p->expired = 1;
003014    }else if( p->rc && p->expired ){
003015      /* The expired flag was set on the VDBE before the first call
003016      ** to sqlite3_step(). For consistency (since sqlite3_step() was
003017      ** called), set the database error in this case as well.
003018      */
003019      sqlite3ErrorWithMsg(db, p->rc, p->zErrMsg ? "%s" : 0, p->zErrMsg);
003020    }
003021  
003022    /* Reset register contents and reclaim error message memory.
003023    */
003024  #ifdef SQLITE_DEBUG
003025    /* Execute assert() statements to ensure that the Vdbe.apCsr[] and 
003026    ** Vdbe.aMem[] arrays have already been cleaned up.  */
003027    if( p->apCsr ) for(i=0; i<p->nCursor; i++) assert( p->apCsr[i]==0 );
003028    if( p->aMem ){
003029      for(i=0; i<p->nMem; i++) assert( p->aMem[i].flags==MEM_Undefined );
003030    }
003031  #endif
003032    sqlite3DbFree(db, p->zErrMsg);
003033    p->zErrMsg = 0;
003034    p->pResultSet = 0;
003035  #ifdef SQLITE_DEBUG
003036    p->nWrite = 0;
003037  #endif
003038  
003039    /* Save profiling information from this VDBE run.
003040    */
003041  #ifdef VDBE_PROFILE
003042    {
003043      FILE *out = fopen("vdbe_profile.out", "a");
003044      if( out ){
003045        fprintf(out, "---- ");
003046        for(i=0; i<p->nOp; i++){
003047          fprintf(out, "%02x", p->aOp[i].opcode);
003048        }
003049        fprintf(out, "\n");
003050        if( p->zSql ){
003051          char c, pc = 0;
003052          fprintf(out, "-- ");
003053          for(i=0; (c = p->zSql[i])!=0; i++){
003054            if( pc=='\n' ) fprintf(out, "-- ");
003055            putc(c, out);
003056            pc = c;
003057          }
003058          if( pc!='\n' ) fprintf(out, "\n");
003059        }
003060        for(i=0; i<p->nOp; i++){
003061          char zHdr[100];
003062          sqlite3_snprintf(sizeof(zHdr), zHdr, "%6u %12llu %8llu ",
003063             p->aOp[i].cnt,
003064             p->aOp[i].cycles,
003065             p->aOp[i].cnt>0 ? p->aOp[i].cycles/p->aOp[i].cnt : 0
003066          );
003067          fprintf(out, "%s", zHdr);
003068          sqlite3VdbePrintOp(out, i, &p->aOp[i]);
003069        }
003070        fclose(out);
003071      }
003072    }
003073  #endif
003074    p->magic = VDBE_MAGIC_RESET;
003075    return p->rc & db->errMask;
003076  }
003077   
003078  /*
003079  ** Clean up and delete a VDBE after execution.  Return an integer which is
003080  ** the result code.  Write any error message text into *pzErrMsg.
003081  */
003082  int sqlite3VdbeFinalize(Vdbe *p){
003083    int rc = SQLITE_OK;
003084    if( p->magic==VDBE_MAGIC_RUN || p->magic==VDBE_MAGIC_HALT ){
003085      rc = sqlite3VdbeReset(p);
003086      assert( (rc & p->db->errMask)==rc );
003087    }
003088    sqlite3VdbeDelete(p);
003089    return rc;
003090  }
003091  
003092  /*
003093  ** If parameter iOp is less than zero, then invoke the destructor for
003094  ** all auxiliary data pointers currently cached by the VM passed as
003095  ** the first argument.
003096  **
003097  ** Or, if iOp is greater than or equal to zero, then the destructor is
003098  ** only invoked for those auxiliary data pointers created by the user 
003099  ** function invoked by the OP_Function opcode at instruction iOp of 
003100  ** VM pVdbe, and only then if:
003101  **
003102  **    * the associated function parameter is the 32nd or later (counting
003103  **      from left to right), or
003104  **
003105  **    * the corresponding bit in argument mask is clear (where the first
003106  **      function parameter corresponds to bit 0 etc.).
003107  */
003108  void sqlite3VdbeDeleteAuxData(sqlite3 *db, AuxData **pp, int iOp, int mask){
003109    while( *pp ){
003110      AuxData *pAux = *pp;
003111      if( (iOp<0)
003112       || (pAux->iAuxOp==iOp
003113            && pAux->iAuxArg>=0
003114            && (pAux->iAuxArg>31 || !(mask & MASKBIT32(pAux->iAuxArg))))
003115      ){
003116        testcase( pAux->iAuxArg==31 );
003117        if( pAux->xDeleteAux ){
003118          pAux->xDeleteAux(pAux->pAux);
003119        }
003120        *pp = pAux->pNextAux;
003121        sqlite3DbFree(db, pAux);
003122      }else{
003123        pp= &pAux->pNextAux;
003124      }
003125    }
003126  }
003127  
003128  /*
003129  ** Free all memory associated with the Vdbe passed as the second argument,
003130  ** except for object itself, which is preserved.
003131  **
003132  ** The difference between this function and sqlite3VdbeDelete() is that
003133  ** VdbeDelete() also unlinks the Vdbe from the list of VMs associated with
003134  ** the database connection and frees the object itself.
003135  */
003136  void sqlite3VdbeClearObject(sqlite3 *db, Vdbe *p){
003137    SubProgram *pSub, *pNext;
003138    assert( p->db==0 || p->db==db );
003139    releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
003140    for(pSub=p->pProgram; pSub; pSub=pNext){
003141      pNext = pSub->pNext;
003142      vdbeFreeOpArray(db, pSub->aOp, pSub->nOp);
003143      sqlite3DbFree(db, pSub);
003144    }
003145    if( p->magic!=VDBE_MAGIC_INIT ){
003146      releaseMemArray(p->aVar, p->nVar);
003147      sqlite3DbFree(db, p->pVList);
003148      sqlite3DbFree(db, p->pFree);
003149    }
003150    vdbeFreeOpArray(db, p->aOp, p->nOp);
003151    sqlite3DbFree(db, p->aColName);
003152    sqlite3DbFree(db, p->zSql);
003153  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
003154    {
003155      int i;
003156      for(i=0; i<p->nScan; i++){
003157        sqlite3DbFree(db, p->aScan[i].zName);
003158      }
003159      sqlite3DbFree(db, p->aScan);
003160    }
003161  #endif
003162  }
003163  
003164  /*
003165  ** Delete an entire VDBE.
003166  */
003167  void sqlite3VdbeDelete(Vdbe *p){
003168    sqlite3 *db;
003169  
003170    assert( p!=0 );
003171    db = p->db;
003172    assert( sqlite3_mutex_held(db->mutex) );
003173    sqlite3VdbeClearObject(db, p);
003174    if( p->pPrev ){
003175      p->pPrev->pNext = p->pNext;
003176    }else{
003177      assert( db->pVdbe==p );
003178      db->pVdbe = p->pNext;
003179    }
003180    if( p->pNext ){
003181      p->pNext->pPrev = p->pPrev;
003182    }
003183    p->magic = VDBE_MAGIC_DEAD;
003184    p->db = 0;
003185    sqlite3DbFreeNN(db, p);
003186  }
003187  
003188  /*
003189  ** The cursor "p" has a pending seek operation that has not yet been
003190  ** carried out.  Seek the cursor now.  If an error occurs, return
003191  ** the appropriate error code.
003192  */
003193  static int SQLITE_NOINLINE handleDeferredMoveto(VdbeCursor *p){
003194    int res, rc;
003195  #ifdef SQLITE_TEST
003196    extern int sqlite3_search_count;
003197  #endif
003198    assert( p->deferredMoveto );
003199    assert( p->isTable );
003200    assert( p->eCurType==CURTYPE_BTREE );
003201    rc = sqlite3BtreeMovetoUnpacked(p->uc.pCursor, 0, p->movetoTarget, 0, &res);
003202    if( rc ) return rc;
003203    if( res!=0 ) return SQLITE_CORRUPT_BKPT;
003204  #ifdef SQLITE_TEST
003205    sqlite3_search_count++;
003206  #endif
003207    p->deferredMoveto = 0;
003208    p->cacheStatus = CACHE_STALE;
003209    return SQLITE_OK;
003210  }
003211  
003212  /*
003213  ** Something has moved cursor "p" out of place.  Maybe the row it was
003214  ** pointed to was deleted out from under it.  Or maybe the btree was
003215  ** rebalanced.  Whatever the cause, try to restore "p" to the place it
003216  ** is supposed to be pointing.  If the row was deleted out from under the
003217  ** cursor, set the cursor to point to a NULL row.
003218  */
003219  static int SQLITE_NOINLINE handleMovedCursor(VdbeCursor *p){
003220    int isDifferentRow, rc;
003221    assert( p->eCurType==CURTYPE_BTREE );
003222    assert( p->uc.pCursor!=0 );
003223    assert( sqlite3BtreeCursorHasMoved(p->uc.pCursor) );
003224    rc = sqlite3BtreeCursorRestore(p->uc.pCursor, &isDifferentRow);
003225    p->cacheStatus = CACHE_STALE;
003226    if( isDifferentRow ) p->nullRow = 1;
003227    return rc;
003228  }
003229  
003230  /*
003231  ** Check to ensure that the cursor is valid.  Restore the cursor
003232  ** if need be.  Return any I/O error from the restore operation.
003233  */
003234  int sqlite3VdbeCursorRestore(VdbeCursor *p){
003235    assert( p->eCurType==CURTYPE_BTREE );
003236    if( sqlite3BtreeCursorHasMoved(p->uc.pCursor) ){
003237      return handleMovedCursor(p);
003238    }
003239    return SQLITE_OK;
003240  }
003241  
003242  /*
003243  ** Make sure the cursor p is ready to read or write the row to which it
003244  ** was last positioned.  Return an error code if an OOM fault or I/O error
003245  ** prevents us from positioning the cursor to its correct position.
003246  **
003247  ** If a MoveTo operation is pending on the given cursor, then do that
003248  ** MoveTo now.  If no move is pending, check to see if the row has been
003249  ** deleted out from under the cursor and if it has, mark the row as
003250  ** a NULL row.
003251  **
003252  ** If the cursor is already pointing to the correct row and that row has
003253  ** not been deleted out from under the cursor, then this routine is a no-op.
003254  */
003255  int sqlite3VdbeCursorMoveto(VdbeCursor **pp, int *piCol){
003256    VdbeCursor *p = *pp;
003257    assert( p->eCurType==CURTYPE_BTREE || p->eCurType==CURTYPE_PSEUDO );
003258    if( p->deferredMoveto ){
003259      int iMap;
003260      if( p->aAltMap && (iMap = p->aAltMap[1+*piCol])>0 ){
003261        *pp = p->pAltCursor;
003262        *piCol = iMap - 1;
003263        return SQLITE_OK;
003264      }
003265      return handleDeferredMoveto(p);
003266    }
003267    if( sqlite3BtreeCursorHasMoved(p->uc.pCursor) ){
003268      return handleMovedCursor(p);
003269    }
003270    return SQLITE_OK;
003271  }
003272  
003273  /*
003274  ** The following functions:
003275  **
003276  ** sqlite3VdbeSerialType()
003277  ** sqlite3VdbeSerialTypeLen()
003278  ** sqlite3VdbeSerialLen()
003279  ** sqlite3VdbeSerialPut()
003280  ** sqlite3VdbeSerialGet()
003281  **
003282  ** encapsulate the code that serializes values for storage in SQLite
003283  ** data and index records. Each serialized value consists of a
003284  ** 'serial-type' and a blob of data. The serial type is an 8-byte unsigned
003285  ** integer, stored as a varint.
003286  **
003287  ** In an SQLite index record, the serial type is stored directly before
003288  ** the blob of data that it corresponds to. In a table record, all serial
003289  ** types are stored at the start of the record, and the blobs of data at
003290  ** the end. Hence these functions allow the caller to handle the
003291  ** serial-type and data blob separately.
003292  **
003293  ** The following table describes the various storage classes for data:
003294  **
003295  **   serial type        bytes of data      type
003296  **   --------------     ---------------    ---------------
003297  **      0                     0            NULL
003298  **      1                     1            signed integer
003299  **      2                     2            signed integer
003300  **      3                     3            signed integer
003301  **      4                     4            signed integer
003302  **      5                     6            signed integer
003303  **      6                     8            signed integer
003304  **      7                     8            IEEE float
003305  **      8                     0            Integer constant 0
003306  **      9                     0            Integer constant 1
003307  **     10,11                               reserved for expansion
003308  **    N>=12 and even       (N-12)/2        BLOB
003309  **    N>=13 and odd        (N-13)/2        text
003310  **
003311  ** The 8 and 9 types were added in 3.3.0, file format 4.  Prior versions
003312  ** of SQLite will not understand those serial types.
003313  */
003314  
003315  /*
003316  ** Return the serial-type for the value stored in pMem.
003317  */
003318  u32 sqlite3VdbeSerialType(Mem *pMem, int file_format, u32 *pLen){
003319    int flags = pMem->flags;
003320    u32 n;
003321  
003322    assert( pLen!=0 );
003323    if( flags&MEM_Null ){
003324      *pLen = 0;
003325      return 0;
003326    }
003327    if( flags&MEM_Int ){
003328      /* Figure out whether to use 1, 2, 4, 6 or 8 bytes. */
003329  #   define MAX_6BYTE ((((i64)0x00008000)<<32)-1)
003330      i64 i = pMem->u.i;
003331      u64 u;
003332      if( i<0 ){
003333        u = ~i;
003334      }else{
003335        u = i;
003336      }
003337      if( u<=127 ){
003338        if( (i&1)==i && file_format>=4 ){
003339          *pLen = 0;
003340          return 8+(u32)u;
003341        }else{
003342          *pLen = 1;
003343          return 1;
003344        }
003345      }
003346      if( u<=32767 ){ *pLen = 2; return 2; }
003347      if( u<=8388607 ){ *pLen = 3; return 3; }
003348      if( u<=2147483647 ){ *pLen = 4; return 4; }
003349      if( u<=MAX_6BYTE ){ *pLen = 6; return 5; }
003350      *pLen = 8;
003351      return 6;
003352    }
003353    if( flags&MEM_Real ){
003354      *pLen = 8;
003355      return 7;
003356    }
003357    assert( pMem->db->mallocFailed || flags&(MEM_Str|MEM_Blob) );
003358    assert( pMem->n>=0 );
003359    n = (u32)pMem->n;
003360    if( flags & MEM_Zero ){
003361      n += pMem->u.nZero;
003362    }
003363    *pLen = n;
003364    return ((n*2) + 12 + ((flags&MEM_Str)!=0));
003365  }
003366  
003367  /*
003368  ** The sizes for serial types less than 128
003369  */
003370  static const u8 sqlite3SmallTypeSizes[] = {
003371          /*  0   1   2   3   4   5   6   7   8   9 */   
003372  /*   0 */   0,  1,  2,  3,  4,  6,  8,  8,  0,  0,
003373  /*  10 */   0,  0,  0,  0,  1,  1,  2,  2,  3,  3,
003374  /*  20 */   4,  4,  5,  5,  6,  6,  7,  7,  8,  8,
003375  /*  30 */   9,  9, 10, 10, 11, 11, 12, 12, 13, 13,
003376  /*  40 */  14, 14, 15, 15, 16, 16, 17, 17, 18, 18,
003377  /*  50 */  19, 19, 20, 20, 21, 21, 22, 22, 23, 23,
003378  /*  60 */  24, 24, 25, 25, 26, 26, 27, 27, 28, 28,
003379  /*  70 */  29, 29, 30, 30, 31, 31, 32, 32, 33, 33,
003380  /*  80 */  34, 34, 35, 35, 36, 36, 37, 37, 38, 38,
003381  /*  90 */  39, 39, 40, 40, 41, 41, 42, 42, 43, 43,
003382  /* 100 */  44, 44, 45, 45, 46, 46, 47, 47, 48, 48,
003383  /* 110 */  49, 49, 50, 50, 51, 51, 52, 52, 53, 53,
003384  /* 120 */  54, 54, 55, 55, 56, 56, 57, 57
003385  };
003386  
003387  /*
003388  ** Return the length of the data corresponding to the supplied serial-type.
003389  */
003390  u32 sqlite3VdbeSerialTypeLen(u32 serial_type){
003391    if( serial_type>=128 ){
003392      return (serial_type-12)/2;
003393    }else{
003394      assert( serial_type<12 
003395              || sqlite3SmallTypeSizes[serial_type]==(serial_type - 12)/2 );
003396      return sqlite3SmallTypeSizes[serial_type];
003397    }
003398  }
003399  u8 sqlite3VdbeOneByteSerialTypeLen(u8 serial_type){
003400    assert( serial_type<128 );
003401    return sqlite3SmallTypeSizes[serial_type];  
003402  }
003403  
003404  /*
003405  ** If we are on an architecture with mixed-endian floating 
003406  ** points (ex: ARM7) then swap the lower 4 bytes with the 
003407  ** upper 4 bytes.  Return the result.
003408  **
003409  ** For most architectures, this is a no-op.
003410  **
003411  ** (later):  It is reported to me that the mixed-endian problem
003412  ** on ARM7 is an issue with GCC, not with the ARM7 chip.  It seems
003413  ** that early versions of GCC stored the two words of a 64-bit
003414  ** float in the wrong order.  And that error has been propagated
003415  ** ever since.  The blame is not necessarily with GCC, though.
003416  ** GCC might have just copying the problem from a prior compiler.
003417  ** I am also told that newer versions of GCC that follow a different
003418  ** ABI get the byte order right.
003419  **
003420  ** Developers using SQLite on an ARM7 should compile and run their
003421  ** application using -DSQLITE_DEBUG=1 at least once.  With DEBUG
003422  ** enabled, some asserts below will ensure that the byte order of
003423  ** floating point values is correct.
003424  **
003425  ** (2007-08-30)  Frank van Vugt has studied this problem closely
003426  ** and has send his findings to the SQLite developers.  Frank
003427  ** writes that some Linux kernels offer floating point hardware
003428  ** emulation that uses only 32-bit mantissas instead of a full 
003429  ** 48-bits as required by the IEEE standard.  (This is the
003430  ** CONFIG_FPE_FASTFPE option.)  On such systems, floating point
003431  ** byte swapping becomes very complicated.  To avoid problems,
003432  ** the necessary byte swapping is carried out using a 64-bit integer
003433  ** rather than a 64-bit float.  Frank assures us that the code here
003434  ** works for him.  We, the developers, have no way to independently
003435  ** verify this, but Frank seems to know what he is talking about
003436  ** so we trust him.
003437  */
003438  #ifdef SQLITE_MIXED_ENDIAN_64BIT_FLOAT
003439  static u64 floatSwap(u64 in){
003440    union {
003441      u64 r;
003442      u32 i[2];
003443    } u;
003444    u32 t;
003445  
003446    u.r = in;
003447    t = u.i[0];
003448    u.i[0] = u.i[1];
003449    u.i[1] = t;
003450    return u.r;
003451  }
003452  # define swapMixedEndianFloat(X)  X = floatSwap(X)
003453  #else
003454  # define swapMixedEndianFloat(X)
003455  #endif
003456  
003457  /*
003458  ** Write the serialized data blob for the value stored in pMem into 
003459  ** buf. It is assumed that the caller has allocated sufficient space.
003460  ** Return the number of bytes written.
003461  **
003462  ** nBuf is the amount of space left in buf[].  The caller is responsible
003463  ** for allocating enough space to buf[] to hold the entire field, exclusive
003464  ** of the pMem->u.nZero bytes for a MEM_Zero value.
003465  **
003466  ** Return the number of bytes actually written into buf[].  The number
003467  ** of bytes in the zero-filled tail is included in the return value only
003468  ** if those bytes were zeroed in buf[].
003469  */ 
003470  u32 sqlite3VdbeSerialPut(u8 *buf, Mem *pMem, u32 serial_type){
003471    u32 len;
003472  
003473    /* Integer and Real */
003474    if( serial_type<=7 && serial_type>0 ){
003475      u64 v;
003476      u32 i;
003477      if( serial_type==7 ){
003478        assert( sizeof(v)==sizeof(pMem->u.r) );
003479        memcpy(&v, &pMem->u.r, sizeof(v));
003480        swapMixedEndianFloat(v);
003481      }else{
003482        v = pMem->u.i;
003483      }
003484      len = i = sqlite3SmallTypeSizes[serial_type];
003485      assert( i>0 );
003486      do{
003487        buf[--i] = (u8)(v&0xFF);
003488        v >>= 8;
003489      }while( i );
003490      return len;
003491    }
003492  
003493    /* String or blob */
003494    if( serial_type>=12 ){
003495      assert( pMem->n + ((pMem->flags & MEM_Zero)?pMem->u.nZero:0)
003496               == (int)sqlite3VdbeSerialTypeLen(serial_type) );
003497      len = pMem->n;
003498      if( len>0 ) memcpy(buf, pMem->z, len);
003499      return len;
003500    }
003501  
003502    /* NULL or constants 0 or 1 */
003503    return 0;
003504  }
003505  
003506  /* Input "x" is a sequence of unsigned characters that represent a
003507  ** big-endian integer.  Return the equivalent native integer
003508  */
003509  #define ONE_BYTE_INT(x)    ((i8)(x)[0])
003510  #define TWO_BYTE_INT(x)    (256*(i8)((x)[0])|(x)[1])
003511  #define THREE_BYTE_INT(x)  (65536*(i8)((x)[0])|((x)[1]<<8)|(x)[2])
003512  #define FOUR_BYTE_UINT(x)  (((u32)(x)[0]<<24)|((x)[1]<<16)|((x)[2]<<8)|(x)[3])
003513  #define FOUR_BYTE_INT(x) (16777216*(i8)((x)[0])|((x)[1]<<16)|((x)[2]<<8)|(x)[3])
003514  
003515  /*
003516  ** Deserialize the data blob pointed to by buf as serial type serial_type
003517  ** and store the result in pMem.  Return the number of bytes read.
003518  **
003519  ** This function is implemented as two separate routines for performance.
003520  ** The few cases that require local variables are broken out into a separate
003521  ** routine so that in most cases the overhead of moving the stack pointer
003522  ** is avoided.
003523  */ 
003524  static u32 SQLITE_NOINLINE serialGet(
003525    const unsigned char *buf,     /* Buffer to deserialize from */
003526    u32 serial_type,              /* Serial type to deserialize */
003527    Mem *pMem                     /* Memory cell to write value into */
003528  ){
003529    u64 x = FOUR_BYTE_UINT(buf);
003530    u32 y = FOUR_BYTE_UINT(buf+4);
003531    x = (x<<32) + y;
003532    if( serial_type==6 ){
003533      /* EVIDENCE-OF: R-29851-52272 Value is a big-endian 64-bit
003534      ** twos-complement integer. */
003535      pMem->u.i = *(i64*)&x;
003536      pMem->flags = MEM_Int;
003537      testcase( pMem->u.i<0 );
003538    }else{
003539      /* EVIDENCE-OF: R-57343-49114 Value is a big-endian IEEE 754-2008 64-bit
003540      ** floating point number. */
003541  #if !defined(NDEBUG) && !defined(SQLITE_OMIT_FLOATING_POINT)
003542      /* Verify that integers and floating point values use the same
003543      ** byte order.  Or, that if SQLITE_MIXED_ENDIAN_64BIT_FLOAT is
003544      ** defined that 64-bit floating point values really are mixed
003545      ** endian.
003546      */
003547      static const u64 t1 = ((u64)0x3ff00000)<<32;
003548      static const double r1 = 1.0;
003549      u64 t2 = t1;
003550      swapMixedEndianFloat(t2);
003551      assert( sizeof(r1)==sizeof(t2) && memcmp(&r1, &t2, sizeof(r1))==0 );
003552  #endif
003553      assert( sizeof(x)==8 && sizeof(pMem->u.r)==8 );
003554      swapMixedEndianFloat(x);
003555      memcpy(&pMem->u.r, &x, sizeof(x));
003556      pMem->flags = sqlite3IsNaN(pMem->u.r) ? MEM_Null : MEM_Real;
003557    }
003558    return 8;
003559  }
003560  u32 sqlite3VdbeSerialGet(
003561    const unsigned char *buf,     /* Buffer to deserialize from */
003562    u32 serial_type,              /* Serial type to deserialize */
003563    Mem *pMem                     /* Memory cell to write value into */
003564  ){
003565    switch( serial_type ){
003566      case 10: { /* Internal use only: NULL with virtual table
003567                 ** UPDATE no-change flag set */
003568        pMem->flags = MEM_Null|MEM_Zero;
003569        pMem->n = 0;
003570        pMem->u.nZero = 0;
003571        break;
003572      }
003573      case 11:   /* Reserved for future use */
003574      case 0: {  /* Null */
003575        /* EVIDENCE-OF: R-24078-09375 Value is a NULL. */
003576        pMem->flags = MEM_Null;
003577        break;
003578      }
003579      case 1: {
003580        /* EVIDENCE-OF: R-44885-25196 Value is an 8-bit twos-complement
003581        ** integer. */
003582        pMem->u.i = ONE_BYTE_INT(buf);
003583        pMem->flags = MEM_Int;
003584        testcase( pMem->u.i<0 );
003585        return 1;
003586      }
003587      case 2: { /* 2-byte signed integer */
003588        /* EVIDENCE-OF: R-49794-35026 Value is a big-endian 16-bit
003589        ** twos-complement integer. */
003590        pMem->u.i = TWO_BYTE_INT(buf);
003591        pMem->flags = MEM_Int;
003592        testcase( pMem->u.i<0 );
003593        return 2;
003594      }
003595      case 3: { /* 3-byte signed integer */
003596        /* EVIDENCE-OF: R-37839-54301 Value is a big-endian 24-bit
003597        ** twos-complement integer. */
003598        pMem->u.i = THREE_BYTE_INT(buf);
003599        pMem->flags = MEM_Int;
003600        testcase( pMem->u.i<0 );
003601        return 3;
003602      }
003603      case 4: { /* 4-byte signed integer */
003604        /* EVIDENCE-OF: R-01849-26079 Value is a big-endian 32-bit
003605        ** twos-complement integer. */
003606        pMem->u.i = FOUR_BYTE_INT(buf);
003607  #ifdef __HP_cc 
003608        /* Work around a sign-extension bug in the HP compiler for HP/UX */
003609        if( buf[0]&0x80 ) pMem->u.i |= 0xffffffff80000000LL;
003610  #endif
003611        pMem->flags = MEM_Int;
003612        testcase( pMem->u.i<0 );
003613        return 4;
003614      }
003615      case 5: { /* 6-byte signed integer */
003616        /* EVIDENCE-OF: R-50385-09674 Value is a big-endian 48-bit
003617        ** twos-complement integer. */
003618        pMem->u.i = FOUR_BYTE_UINT(buf+2) + (((i64)1)<<32)*TWO_BYTE_INT(buf);
003619        pMem->flags = MEM_Int;
003620        testcase( pMem->u.i<0 );
003621        return 6;
003622      }
003623      case 6:   /* 8-byte signed integer */
003624      case 7: { /* IEEE floating point */
003625        /* These use local variables, so do them in a separate routine
003626        ** to avoid having to move the frame pointer in the common case */
003627        return serialGet(buf,serial_type,pMem);
003628      }
003629      case 8:    /* Integer 0 */
003630      case 9: {  /* Integer 1 */
003631        /* EVIDENCE-OF: R-12976-22893 Value is the integer 0. */
003632        /* EVIDENCE-OF: R-18143-12121 Value is the integer 1. */
003633        pMem->u.i = serial_type-8;
003634        pMem->flags = MEM_Int;
003635        return 0;
003636      }
003637      default: {
003638        /* EVIDENCE-OF: R-14606-31564 Value is a BLOB that is (N-12)/2 bytes in
003639        ** length.
003640        ** EVIDENCE-OF: R-28401-00140 Value is a string in the text encoding and
003641        ** (N-13)/2 bytes in length. */
003642        static const u16 aFlag[] = { MEM_Blob|MEM_Ephem, MEM_Str|MEM_Ephem };
003643        pMem->z = (char *)buf;
003644        pMem->n = (serial_type-12)/2;
003645        pMem->flags = aFlag[serial_type&1];
003646        return pMem->n;
003647      }
003648    }
003649    return 0;
003650  }
003651  /*
003652  ** This routine is used to allocate sufficient space for an UnpackedRecord
003653  ** structure large enough to be used with sqlite3VdbeRecordUnpack() if
003654  ** the first argument is a pointer to KeyInfo structure pKeyInfo.
003655  **
003656  ** The space is either allocated using sqlite3DbMallocRaw() or from within
003657  ** the unaligned buffer passed via the second and third arguments (presumably
003658  ** stack space). If the former, then *ppFree is set to a pointer that should
003659  ** be eventually freed by the caller using sqlite3DbFree(). Or, if the 
003660  ** allocation comes from the pSpace/szSpace buffer, *ppFree is set to NULL
003661  ** before returning.
003662  **
003663  ** If an OOM error occurs, NULL is returned.
003664  */
003665  UnpackedRecord *sqlite3VdbeAllocUnpackedRecord(
003666    KeyInfo *pKeyInfo               /* Description of the record */
003667  ){
003668    UnpackedRecord *p;              /* Unpacked record to return */
003669    int nByte;                      /* Number of bytes required for *p */
003670    nByte = ROUND8(sizeof(UnpackedRecord)) + sizeof(Mem)*(pKeyInfo->nKeyField+1);
003671    p = (UnpackedRecord *)sqlite3DbMallocRaw(pKeyInfo->db, nByte);
003672    if( !p ) return 0;
003673    p->aMem = (Mem*)&((char*)p)[ROUND8(sizeof(UnpackedRecord))];
003674    assert( pKeyInfo->aSortOrder!=0 );
003675    p->pKeyInfo = pKeyInfo;
003676    p->nField = pKeyInfo->nKeyField + 1;
003677    return p;
003678  }
003679  
003680  /*
003681  ** Given the nKey-byte encoding of a record in pKey[], populate the 
003682  ** UnpackedRecord structure indicated by the fourth argument with the
003683  ** contents of the decoded record.
003684  */ 
003685  void sqlite3VdbeRecordUnpack(
003686    KeyInfo *pKeyInfo,     /* Information about the record format */
003687    int nKey,              /* Size of the binary record */
003688    const void *pKey,      /* The binary record */
003689    UnpackedRecord *p      /* Populate this structure before returning. */
003690  ){
003691    const unsigned char *aKey = (const unsigned char *)pKey;
003692    int d; 
003693    u32 idx;                        /* Offset in aKey[] to read from */
003694    u16 u;                          /* Unsigned loop counter */
003695    u32 szHdr;
003696    Mem *pMem = p->aMem;
003697  
003698    p->default_rc = 0;
003699    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
003700    idx = getVarint32(aKey, szHdr);
003701    d = szHdr;
003702    u = 0;
003703    while( idx<szHdr && d<=nKey ){
003704      u32 serial_type;
003705  
003706      idx += getVarint32(&aKey[idx], serial_type);
003707      pMem->enc = pKeyInfo->enc;
003708      pMem->db = pKeyInfo->db;
003709      /* pMem->flags = 0; // sqlite3VdbeSerialGet() will set this for us */
003710      pMem->szMalloc = 0;
003711      pMem->z = 0;
003712      d += sqlite3VdbeSerialGet(&aKey[d], serial_type, pMem);
003713      pMem++;
003714      if( (++u)>=p->nField ) break;
003715    }
003716    assert( u<=pKeyInfo->nKeyField + 1 );
003717    p->nField = u;
003718  }
003719  
003720  #ifdef SQLITE_DEBUG
003721  /*
003722  ** This function compares two index or table record keys in the same way
003723  ** as the sqlite3VdbeRecordCompare() routine. Unlike VdbeRecordCompare(),
003724  ** this function deserializes and compares values using the
003725  ** sqlite3VdbeSerialGet() and sqlite3MemCompare() functions. It is used
003726  ** in assert() statements to ensure that the optimized code in
003727  ** sqlite3VdbeRecordCompare() returns results with these two primitives.
003728  **
003729  ** Return true if the result of comparison is equivalent to desiredResult.
003730  ** Return false if there is a disagreement.
003731  */
003732  static int vdbeRecordCompareDebug(
003733    int nKey1, const void *pKey1, /* Left key */
003734    const UnpackedRecord *pPKey2, /* Right key */
003735    int desiredResult             /* Correct answer */
003736  ){
003737    u32 d1;            /* Offset into aKey[] of next data element */
003738    u32 idx1;          /* Offset into aKey[] of next header element */
003739    u32 szHdr1;        /* Number of bytes in header */
003740    int i = 0;
003741    int rc = 0;
003742    const unsigned char *aKey1 = (const unsigned char *)pKey1;
003743    KeyInfo *pKeyInfo;
003744    Mem mem1;
003745  
003746    pKeyInfo = pPKey2->pKeyInfo;
003747    if( pKeyInfo->db==0 ) return 1;
003748    mem1.enc = pKeyInfo->enc;
003749    mem1.db = pKeyInfo->db;
003750    /* mem1.flags = 0;  // Will be initialized by sqlite3VdbeSerialGet() */
003751    VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
003752  
003753    /* Compilers may complain that mem1.u.i is potentially uninitialized.
003754    ** We could initialize it, as shown here, to silence those complaints.
003755    ** But in fact, mem1.u.i will never actually be used uninitialized, and doing 
003756    ** the unnecessary initialization has a measurable negative performance
003757    ** impact, since this routine is a very high runner.  And so, we choose
003758    ** to ignore the compiler warnings and leave this variable uninitialized.
003759    */
003760    /*  mem1.u.i = 0;  // not needed, here to silence compiler warning */
003761    
003762    idx1 = getVarint32(aKey1, szHdr1);
003763    if( szHdr1>98307 ) return SQLITE_CORRUPT;
003764    d1 = szHdr1;
003765    assert( pKeyInfo->nAllField>=pPKey2->nField || CORRUPT_DB );
003766    assert( pKeyInfo->aSortOrder!=0 );
003767    assert( pKeyInfo->nKeyField>0 );
003768    assert( idx1<=szHdr1 || CORRUPT_DB );
003769    do{
003770      u32 serial_type1;
003771  
003772      /* Read the serial types for the next element in each key. */
003773      idx1 += getVarint32( aKey1+idx1, serial_type1 );
003774  
003775      /* Verify that there is enough key space remaining to avoid
003776      ** a buffer overread.  The "d1+serial_type1+2" subexpression will
003777      ** always be greater than or equal to the amount of required key space.
003778      ** Use that approximation to avoid the more expensive call to
003779      ** sqlite3VdbeSerialTypeLen() in the common case.
003780      */
003781      if( d1+serial_type1+2>(u32)nKey1
003782       && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
003783      ){
003784        break;
003785      }
003786  
003787      /* Extract the values to be compared.
003788      */
003789      d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
003790  
003791      /* Do the comparison
003792      */
003793      rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], pKeyInfo->aColl[i]);
003794      if( rc!=0 ){
003795        assert( mem1.szMalloc==0 );  /* See comment below */
003796        if( pKeyInfo->aSortOrder[i] ){
003797          rc = -rc;  /* Invert the result for DESC sort order. */
003798        }
003799        goto debugCompareEnd;
003800      }
003801      i++;
003802    }while( idx1<szHdr1 && i<pPKey2->nField );
003803  
003804    /* No memory allocation is ever used on mem1.  Prove this using
003805    ** the following assert().  If the assert() fails, it indicates a
003806    ** memory leak and a need to call sqlite3VdbeMemRelease(&mem1).
003807    */
003808    assert( mem1.szMalloc==0 );
003809  
003810    /* rc==0 here means that one of the keys ran out of fields and
003811    ** all the fields up to that point were equal. Return the default_rc
003812    ** value.  */
003813    rc = pPKey2->default_rc;
003814  
003815  debugCompareEnd:
003816    if( desiredResult==0 && rc==0 ) return 1;
003817    if( desiredResult<0 && rc<0 ) return 1;
003818    if( desiredResult>0 && rc>0 ) return 1;
003819    if( CORRUPT_DB ) return 1;
003820    if( pKeyInfo->db->mallocFailed ) return 1;
003821    return 0;
003822  }
003823  #endif
003824  
003825  #ifdef SQLITE_DEBUG
003826  /*
003827  ** Count the number of fields (a.k.a. columns) in the record given by
003828  ** pKey,nKey.  The verify that this count is less than or equal to the
003829  ** limit given by pKeyInfo->nAllField.
003830  **
003831  ** If this constraint is not satisfied, it means that the high-speed
003832  ** vdbeRecordCompareInt() and vdbeRecordCompareString() routines will
003833  ** not work correctly.  If this assert() ever fires, it probably means
003834  ** that the KeyInfo.nKeyField or KeyInfo.nAllField values were computed
003835  ** incorrectly.
003836  */
003837  static void vdbeAssertFieldCountWithinLimits(
003838    int nKey, const void *pKey,   /* The record to verify */ 
003839    const KeyInfo *pKeyInfo       /* Compare size with this KeyInfo */
003840  ){
003841    int nField = 0;
003842    u32 szHdr;
003843    u32 idx;
003844    u32 notUsed;
003845    const unsigned char *aKey = (const unsigned char*)pKey;
003846  
003847    if( CORRUPT_DB ) return;
003848    idx = getVarint32(aKey, szHdr);
003849    assert( nKey>=0 );
003850    assert( szHdr<=(u32)nKey );
003851    while( idx<szHdr ){
003852      idx += getVarint32(aKey+idx, notUsed);
003853      nField++;
003854    }
003855    assert( nField <= pKeyInfo->nAllField );
003856  }
003857  #else
003858  # define vdbeAssertFieldCountWithinLimits(A,B,C)
003859  #endif
003860  
003861  /*
003862  ** Both *pMem1 and *pMem2 contain string values. Compare the two values
003863  ** using the collation sequence pColl. As usual, return a negative , zero
003864  ** or positive value if *pMem1 is less than, equal to or greater than 
003865  ** *pMem2, respectively. Similar in spirit to "rc = (*pMem1) - (*pMem2);".
003866  */
003867  static int vdbeCompareMemString(
003868    const Mem *pMem1,
003869    const Mem *pMem2,
003870    const CollSeq *pColl,
003871    u8 *prcErr                      /* If an OOM occurs, set to SQLITE_NOMEM */
003872  ){
003873    if( pMem1->enc==pColl->enc ){
003874      /* The strings are already in the correct encoding.  Call the
003875       ** comparison function directly */
003876      return pColl->xCmp(pColl->pUser,pMem1->n,pMem1->z,pMem2->n,pMem2->z);
003877    }else{
003878      int rc;
003879      const void *v1, *v2;
003880      Mem c1;
003881      Mem c2;
003882      sqlite3VdbeMemInit(&c1, pMem1->db, MEM_Null);
003883      sqlite3VdbeMemInit(&c2, pMem1->db, MEM_Null);
003884      sqlite3VdbeMemShallowCopy(&c1, pMem1, MEM_Ephem);
003885      sqlite3VdbeMemShallowCopy(&c2, pMem2, MEM_Ephem);
003886      v1 = sqlite3ValueText((sqlite3_value*)&c1, pColl->enc);
003887      v2 = sqlite3ValueText((sqlite3_value*)&c2, pColl->enc);
003888      if( (v1==0 || v2==0) ){
003889        if( prcErr ) *prcErr = SQLITE_NOMEM_BKPT;
003890        rc = 0;
003891      }else{
003892        rc = pColl->xCmp(pColl->pUser, c1.n, v1, c2.n, v2);
003893      }
003894      sqlite3VdbeMemRelease(&c1);
003895      sqlite3VdbeMemRelease(&c2);
003896      return rc;
003897    }
003898  }
003899  
003900  /*
003901  ** The input pBlob is guaranteed to be a Blob that is not marked
003902  ** with MEM_Zero.  Return true if it could be a zero-blob.
003903  */
003904  static int isAllZero(const char *z, int n){
003905    int i;
003906    for(i=0; i<n; i++){
003907      if( z[i] ) return 0;
003908    }
003909    return 1;
003910  }
003911  
003912  /*
003913  ** Compare two blobs.  Return negative, zero, or positive if the first
003914  ** is less than, equal to, or greater than the second, respectively.
003915  ** If one blob is a prefix of the other, then the shorter is the lessor.
003916  */
003917  static SQLITE_NOINLINE int sqlite3BlobCompare(const Mem *pB1, const Mem *pB2){
003918    int c;
003919    int n1 = pB1->n;
003920    int n2 = pB2->n;
003921  
003922    /* It is possible to have a Blob value that has some non-zero content
003923    ** followed by zero content.  But that only comes up for Blobs formed
003924    ** by the OP_MakeRecord opcode, and such Blobs never get passed into
003925    ** sqlite3MemCompare(). */
003926    assert( (pB1->flags & MEM_Zero)==0 || n1==0 );
003927    assert( (pB2->flags & MEM_Zero)==0 || n2==0 );
003928  
003929    if( (pB1->flags|pB2->flags) & MEM_Zero ){
003930      if( pB1->flags & pB2->flags & MEM_Zero ){
003931        return pB1->u.nZero - pB2->u.nZero;
003932      }else if( pB1->flags & MEM_Zero ){
003933        if( !isAllZero(pB2->z, pB2->n) ) return -1;
003934        return pB1->u.nZero - n2;
003935      }else{
003936        if( !isAllZero(pB1->z, pB1->n) ) return +1;
003937        return n1 - pB2->u.nZero;
003938      }
003939    }
003940    c = memcmp(pB1->z, pB2->z, n1>n2 ? n2 : n1);
003941    if( c ) return c;
003942    return n1 - n2;
003943  }
003944  
003945  /*
003946  ** Do a comparison between a 64-bit signed integer and a 64-bit floating-point
003947  ** number.  Return negative, zero, or positive if the first (i64) is less than,
003948  ** equal to, or greater than the second (double).
003949  */
003950  static int sqlite3IntFloatCompare(i64 i, double r){
003951    if( sizeof(LONGDOUBLE_TYPE)>8 ){
003952      LONGDOUBLE_TYPE x = (LONGDOUBLE_TYPE)i;
003953      if( x<r ) return -1;
003954      if( x>r ) return +1;
003955      return 0;
003956    }else{
003957      i64 y;
003958      double s;
003959      if( r<-9223372036854775808.0 ) return +1;
003960      if( r>=9223372036854775808.0 ) return -1;
003961      y = (i64)r;
003962      if( i<y ) return -1;
003963      if( i>y ) return +1;
003964      s = (double)i;
003965      if( s<r ) return -1;
003966      if( s>r ) return +1;
003967      return 0;
003968    }
003969  }
003970  
003971  /*
003972  ** Compare the values contained by the two memory cells, returning
003973  ** negative, zero or positive if pMem1 is less than, equal to, or greater
003974  ** than pMem2. Sorting order is NULL's first, followed by numbers (integers
003975  ** and reals) sorted numerically, followed by text ordered by the collating
003976  ** sequence pColl and finally blob's ordered by memcmp().
003977  **
003978  ** Two NULL values are considered equal by this function.
003979  */
003980  int sqlite3MemCompare(const Mem *pMem1, const Mem *pMem2, const CollSeq *pColl){
003981    int f1, f2;
003982    int combined_flags;
003983  
003984    f1 = pMem1->flags;
003985    f2 = pMem2->flags;
003986    combined_flags = f1|f2;
003987    assert( (combined_flags & MEM_RowSet)==0 );
003988   
003989    /* If one value is NULL, it is less than the other. If both values
003990    ** are NULL, return 0.
003991    */
003992    if( combined_flags&MEM_Null ){
003993      return (f2&MEM_Null) - (f1&MEM_Null);
003994    }
003995  
003996    /* At least one of the two values is a number
003997    */
003998    if( combined_flags&(MEM_Int|MEM_Real) ){
003999      if( (f1 & f2 & MEM_Int)!=0 ){
004000        if( pMem1->u.i < pMem2->u.i ) return -1;
004001        if( pMem1->u.i > pMem2->u.i ) return +1;
004002        return 0;
004003      }
004004      if( (f1 & f2 & MEM_Real)!=0 ){
004005        if( pMem1->u.r < pMem2->u.r ) return -1;
004006        if( pMem1->u.r > pMem2->u.r ) return +1;
004007        return 0;
004008      }
004009      if( (f1&MEM_Int)!=0 ){
004010        if( (f2&MEM_Real)!=0 ){
004011          return sqlite3IntFloatCompare(pMem1->u.i, pMem2->u.r);
004012        }else{
004013          return -1;
004014        }
004015      }
004016      if( (f1&MEM_Real)!=0 ){
004017        if( (f2&MEM_Int)!=0 ){
004018          return -sqlite3IntFloatCompare(pMem2->u.i, pMem1->u.r);
004019        }else{
004020          return -1;
004021        }
004022      }
004023      return +1;
004024    }
004025  
004026    /* If one value is a string and the other is a blob, the string is less.
004027    ** If both are strings, compare using the collating functions.
004028    */
004029    if( combined_flags&MEM_Str ){
004030      if( (f1 & MEM_Str)==0 ){
004031        return 1;
004032      }
004033      if( (f2 & MEM_Str)==0 ){
004034        return -1;
004035      }
004036  
004037      assert( pMem1->enc==pMem2->enc || pMem1->db->mallocFailed );
004038      assert( pMem1->enc==SQLITE_UTF8 || 
004039              pMem1->enc==SQLITE_UTF16LE || pMem1->enc==SQLITE_UTF16BE );
004040  
004041      /* The collation sequence must be defined at this point, even if
004042      ** the user deletes the collation sequence after the vdbe program is
004043      ** compiled (this was not always the case).
004044      */
004045      assert( !pColl || pColl->xCmp );
004046  
004047      if( pColl ){
004048        return vdbeCompareMemString(pMem1, pMem2, pColl, 0);
004049      }
004050      /* If a NULL pointer was passed as the collate function, fall through
004051      ** to the blob case and use memcmp().  */
004052    }
004053   
004054    /* Both values must be blobs.  Compare using memcmp().  */
004055    return sqlite3BlobCompare(pMem1, pMem2);
004056  }
004057  
004058  
004059  /*
004060  ** The first argument passed to this function is a serial-type that
004061  ** corresponds to an integer - all values between 1 and 9 inclusive 
004062  ** except 7. The second points to a buffer containing an integer value
004063  ** serialized according to serial_type. This function deserializes
004064  ** and returns the value.
004065  */
004066  static i64 vdbeRecordDecodeInt(u32 serial_type, const u8 *aKey){
004067    u32 y;
004068    assert( CORRUPT_DB || (serial_type>=1 && serial_type<=9 && serial_type!=7) );
004069    switch( serial_type ){
004070      case 0:
004071      case 1:
004072        testcase( aKey[0]&0x80 );
004073        return ONE_BYTE_INT(aKey);
004074      case 2:
004075        testcase( aKey[0]&0x80 );
004076        return TWO_BYTE_INT(aKey);
004077      case 3:
004078        testcase( aKey[0]&0x80 );
004079        return THREE_BYTE_INT(aKey);
004080      case 4: {
004081        testcase( aKey[0]&0x80 );
004082        y = FOUR_BYTE_UINT(aKey);
004083        return (i64)*(int*)&y;
004084      }
004085      case 5: {
004086        testcase( aKey[0]&0x80 );
004087        return FOUR_BYTE_UINT(aKey+2) + (((i64)1)<<32)*TWO_BYTE_INT(aKey);
004088      }
004089      case 6: {
004090        u64 x = FOUR_BYTE_UINT(aKey);
004091        testcase( aKey[0]&0x80 );
004092        x = (x<<32) | FOUR_BYTE_UINT(aKey+4);
004093        return (i64)*(i64*)&x;
004094      }
004095    }
004096  
004097    return (serial_type - 8);
004098  }
004099  
004100  /*
004101  ** This function compares the two table rows or index records
004102  ** specified by {nKey1, pKey1} and pPKey2.  It returns a negative, zero
004103  ** or positive integer if key1 is less than, equal to or 
004104  ** greater than key2.  The {nKey1, pKey1} key must be a blob
004105  ** created by the OP_MakeRecord opcode of the VDBE.  The pPKey2
004106  ** key must be a parsed key such as obtained from
004107  ** sqlite3VdbeParseRecord.
004108  **
004109  ** If argument bSkip is non-zero, it is assumed that the caller has already
004110  ** determined that the first fields of the keys are equal.
004111  **
004112  ** Key1 and Key2 do not have to contain the same number of fields. If all 
004113  ** fields that appear in both keys are equal, then pPKey2->default_rc is 
004114  ** returned.
004115  **
004116  ** If database corruption is discovered, set pPKey2->errCode to 
004117  ** SQLITE_CORRUPT and return 0. If an OOM error is encountered, 
004118  ** pPKey2->errCode is set to SQLITE_NOMEM and, if it is not NULL, the
004119  ** malloc-failed flag set on database handle (pPKey2->pKeyInfo->db).
004120  */
004121  int sqlite3VdbeRecordCompareWithSkip(
004122    int nKey1, const void *pKey1,   /* Left key */
004123    UnpackedRecord *pPKey2,         /* Right key */
004124    int bSkip                       /* If true, skip the first field */
004125  ){
004126    u32 d1;                         /* Offset into aKey[] of next data element */
004127    int i;                          /* Index of next field to compare */
004128    u32 szHdr1;                     /* Size of record header in bytes */
004129    u32 idx1;                       /* Offset of first type in header */
004130    int rc = 0;                     /* Return value */
004131    Mem *pRhs = pPKey2->aMem;       /* Next field of pPKey2 to compare */
004132    KeyInfo *pKeyInfo = pPKey2->pKeyInfo;
004133    const unsigned char *aKey1 = (const unsigned char *)pKey1;
004134    Mem mem1;
004135  
004136    /* If bSkip is true, then the caller has already determined that the first
004137    ** two elements in the keys are equal. Fix the various stack variables so
004138    ** that this routine begins comparing at the second field. */
004139    if( bSkip ){
004140      u32 s1;
004141      idx1 = 1 + getVarint32(&aKey1[1], s1);
004142      szHdr1 = aKey1[0];
004143      d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
004144      i = 1;
004145      pRhs++;
004146    }else{
004147      idx1 = getVarint32(aKey1, szHdr1);
004148      d1 = szHdr1;
004149      if( d1>(unsigned)nKey1 ){ 
004150        pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004151        return 0;  /* Corruption */
004152      }
004153      i = 0;
004154    }
004155  
004156    VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
004157    assert( pPKey2->pKeyInfo->nAllField>=pPKey2->nField 
004158         || CORRUPT_DB );
004159    assert( pPKey2->pKeyInfo->aSortOrder!=0 );
004160    assert( pPKey2->pKeyInfo->nKeyField>0 );
004161    assert( idx1<=szHdr1 || CORRUPT_DB );
004162    do{
004163      u32 serial_type;
004164  
004165      /* RHS is an integer */
004166      if( pRhs->flags & MEM_Int ){
004167        serial_type = aKey1[idx1];
004168        testcase( serial_type==12 );
004169        if( serial_type>=10 ){
004170          rc = +1;
004171        }else if( serial_type==0 ){
004172          rc = -1;
004173        }else if( serial_type==7 ){
004174          sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
004175          rc = -sqlite3IntFloatCompare(pRhs->u.i, mem1.u.r);
004176        }else{
004177          i64 lhs = vdbeRecordDecodeInt(serial_type, &aKey1[d1]);
004178          i64 rhs = pRhs->u.i;
004179          if( lhs<rhs ){
004180            rc = -1;
004181          }else if( lhs>rhs ){
004182            rc = +1;
004183          }
004184        }
004185      }
004186  
004187      /* RHS is real */
004188      else if( pRhs->flags & MEM_Real ){
004189        serial_type = aKey1[idx1];
004190        if( serial_type>=10 ){
004191          /* Serial types 12 or greater are strings and blobs (greater than
004192          ** numbers). Types 10 and 11 are currently "reserved for future 
004193          ** use", so it doesn't really matter what the results of comparing
004194          ** them to numberic values are.  */
004195          rc = +1;
004196        }else if( serial_type==0 ){
004197          rc = -1;
004198        }else{
004199          sqlite3VdbeSerialGet(&aKey1[d1], serial_type, &mem1);
004200          if( serial_type==7 ){
004201            if( mem1.u.r<pRhs->u.r ){
004202              rc = -1;
004203            }else if( mem1.u.r>pRhs->u.r ){
004204              rc = +1;
004205            }
004206          }else{
004207            rc = sqlite3IntFloatCompare(mem1.u.i, pRhs->u.r);
004208          }
004209        }
004210      }
004211  
004212      /* RHS is a string */
004213      else if( pRhs->flags & MEM_Str ){
004214        getVarint32(&aKey1[idx1], serial_type);
004215        testcase( serial_type==12 );
004216        if( serial_type<12 ){
004217          rc = -1;
004218        }else if( !(serial_type & 0x01) ){
004219          rc = +1;
004220        }else{
004221          mem1.n = (serial_type - 12) / 2;
004222          testcase( (d1+mem1.n)==(unsigned)nKey1 );
004223          testcase( (d1+mem1.n+1)==(unsigned)nKey1 );
004224          if( (d1+mem1.n) > (unsigned)nKey1 ){
004225            pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004226            return 0;                /* Corruption */
004227          }else if( pKeyInfo->aColl[i] ){
004228            mem1.enc = pKeyInfo->enc;
004229            mem1.db = pKeyInfo->db;
004230            mem1.flags = MEM_Str;
004231            mem1.z = (char*)&aKey1[d1];
004232            rc = vdbeCompareMemString(
004233                &mem1, pRhs, pKeyInfo->aColl[i], &pPKey2->errCode
004234            );
004235          }else{
004236            int nCmp = MIN(mem1.n, pRhs->n);
004237            rc = memcmp(&aKey1[d1], pRhs->z, nCmp);
004238            if( rc==0 ) rc = mem1.n - pRhs->n; 
004239          }
004240        }
004241      }
004242  
004243      /* RHS is a blob */
004244      else if( pRhs->flags & MEM_Blob ){
004245        assert( (pRhs->flags & MEM_Zero)==0 || pRhs->n==0 );
004246        getVarint32(&aKey1[idx1], serial_type);
004247        testcase( serial_type==12 );
004248        if( serial_type<12 || (serial_type & 0x01) ){
004249          rc = -1;
004250        }else{
004251          int nStr = (serial_type - 12) / 2;
004252          testcase( (d1+nStr)==(unsigned)nKey1 );
004253          testcase( (d1+nStr+1)==(unsigned)nKey1 );
004254          if( (d1+nStr) > (unsigned)nKey1 ){
004255            pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004256            return 0;                /* Corruption */
004257          }else if( pRhs->flags & MEM_Zero ){
004258            if( !isAllZero((const char*)&aKey1[d1],nStr) ){
004259              rc = 1;
004260            }else{
004261              rc = nStr - pRhs->u.nZero;
004262            }
004263          }else{
004264            int nCmp = MIN(nStr, pRhs->n);
004265            rc = memcmp(&aKey1[d1], pRhs->z, nCmp);
004266            if( rc==0 ) rc = nStr - pRhs->n;
004267          }
004268        }
004269      }
004270  
004271      /* RHS is null */
004272      else{
004273        serial_type = aKey1[idx1];
004274        rc = (serial_type!=0);
004275      }
004276  
004277      if( rc!=0 ){
004278        if( pKeyInfo->aSortOrder[i] ){
004279          rc = -rc;
004280        }
004281        assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, rc) );
004282        assert( mem1.szMalloc==0 );  /* See comment below */
004283        return rc;
004284      }
004285  
004286      i++;
004287      pRhs++;
004288      d1 += sqlite3VdbeSerialTypeLen(serial_type);
004289      idx1 += sqlite3VarintLen(serial_type);
004290    }while( idx1<(unsigned)szHdr1 && i<pPKey2->nField && d1<=(unsigned)nKey1 );
004291  
004292    /* No memory allocation is ever used on mem1.  Prove this using
004293    ** the following assert().  If the assert() fails, it indicates a
004294    ** memory leak and a need to call sqlite3VdbeMemRelease(&mem1).  */
004295    assert( mem1.szMalloc==0 );
004296  
004297    /* rc==0 here means that one or both of the keys ran out of fields and
004298    ** all the fields up to that point were equal. Return the default_rc
004299    ** value.  */
004300    assert( CORRUPT_DB 
004301         || vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, pPKey2->default_rc) 
004302         || pKeyInfo->db->mallocFailed
004303    );
004304    pPKey2->eqSeen = 1;
004305    return pPKey2->default_rc;
004306  }
004307  int sqlite3VdbeRecordCompare(
004308    int nKey1, const void *pKey1,   /* Left key */
004309    UnpackedRecord *pPKey2          /* Right key */
004310  ){
004311    return sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 0);
004312  }
004313  
004314  
004315  /*
004316  ** This function is an optimized version of sqlite3VdbeRecordCompare() 
004317  ** that (a) the first field of pPKey2 is an integer, and (b) the 
004318  ** size-of-header varint at the start of (pKey1/nKey1) fits in a single
004319  ** byte (i.e. is less than 128).
004320  **
004321  ** To avoid concerns about buffer overreads, this routine is only used
004322  ** on schemas where the maximum valid header size is 63 bytes or less.
004323  */
004324  static int vdbeRecordCompareInt(
004325    int nKey1, const void *pKey1, /* Left key */
004326    UnpackedRecord *pPKey2        /* Right key */
004327  ){
004328    const u8 *aKey = &((const u8*)pKey1)[*(const u8*)pKey1 & 0x3F];
004329    int serial_type = ((const u8*)pKey1)[1];
004330    int res;
004331    u32 y;
004332    u64 x;
004333    i64 v;
004334    i64 lhs;
004335  
004336    vdbeAssertFieldCountWithinLimits(nKey1, pKey1, pPKey2->pKeyInfo);
004337    assert( (*(u8*)pKey1)<=0x3F || CORRUPT_DB );
004338    switch( serial_type ){
004339      case 1: { /* 1-byte signed integer */
004340        lhs = ONE_BYTE_INT(aKey);
004341        testcase( lhs<0 );
004342        break;
004343      }
004344      case 2: { /* 2-byte signed integer */
004345        lhs = TWO_BYTE_INT(aKey);
004346        testcase( lhs<0 );
004347        break;
004348      }
004349      case 3: { /* 3-byte signed integer */
004350        lhs = THREE_BYTE_INT(aKey);
004351        testcase( lhs<0 );
004352        break;
004353      }
004354      case 4: { /* 4-byte signed integer */
004355        y = FOUR_BYTE_UINT(aKey);
004356        lhs = (i64)*(int*)&y;
004357        testcase( lhs<0 );
004358        break;
004359      }
004360      case 5: { /* 6-byte signed integer */
004361        lhs = FOUR_BYTE_UINT(aKey+2) + (((i64)1)<<32)*TWO_BYTE_INT(aKey);
004362        testcase( lhs<0 );
004363        break;
004364      }
004365      case 6: { /* 8-byte signed integer */
004366        x = FOUR_BYTE_UINT(aKey);
004367        x = (x<<32) | FOUR_BYTE_UINT(aKey+4);
004368        lhs = *(i64*)&x;
004369        testcase( lhs<0 );
004370        break;
004371      }
004372      case 8: 
004373        lhs = 0;
004374        break;
004375      case 9:
004376        lhs = 1;
004377        break;
004378  
004379      /* This case could be removed without changing the results of running
004380      ** this code. Including it causes gcc to generate a faster switch 
004381      ** statement (since the range of switch targets now starts at zero and
004382      ** is contiguous) but does not cause any duplicate code to be generated
004383      ** (as gcc is clever enough to combine the two like cases). Other 
004384      ** compilers might be similar.  */ 
004385      case 0: case 7:
004386        return sqlite3VdbeRecordCompare(nKey1, pKey1, pPKey2);
004387  
004388      default:
004389        return sqlite3VdbeRecordCompare(nKey1, pKey1, pPKey2);
004390    }
004391  
004392    v = pPKey2->aMem[0].u.i;
004393    if( v>lhs ){
004394      res = pPKey2->r1;
004395    }else if( v<lhs ){
004396      res = pPKey2->r2;
004397    }else if( pPKey2->nField>1 ){
004398      /* The first fields of the two keys are equal. Compare the trailing 
004399      ** fields.  */
004400      res = sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 1);
004401    }else{
004402      /* The first fields of the two keys are equal and there are no trailing
004403      ** fields. Return pPKey2->default_rc in this case. */
004404      res = pPKey2->default_rc;
004405      pPKey2->eqSeen = 1;
004406    }
004407  
004408    assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, res) );
004409    return res;
004410  }
004411  
004412  /*
004413  ** This function is an optimized version of sqlite3VdbeRecordCompare() 
004414  ** that (a) the first field of pPKey2 is a string, that (b) the first field
004415  ** uses the collation sequence BINARY and (c) that the size-of-header varint 
004416  ** at the start of (pKey1/nKey1) fits in a single byte.
004417  */
004418  static int vdbeRecordCompareString(
004419    int nKey1, const void *pKey1, /* Left key */
004420    UnpackedRecord *pPKey2        /* Right key */
004421  ){
004422    const u8 *aKey1 = (const u8*)pKey1;
004423    int serial_type;
004424    int res;
004425  
004426    assert( pPKey2->aMem[0].flags & MEM_Str );
004427    vdbeAssertFieldCountWithinLimits(nKey1, pKey1, pPKey2->pKeyInfo);
004428    getVarint32(&aKey1[1], serial_type);
004429    if( serial_type<12 ){
004430      res = pPKey2->r1;      /* (pKey1/nKey1) is a number or a null */
004431    }else if( !(serial_type & 0x01) ){ 
004432      res = pPKey2->r2;      /* (pKey1/nKey1) is a blob */
004433    }else{
004434      int nCmp;
004435      int nStr;
004436      int szHdr = aKey1[0];
004437  
004438      nStr = (serial_type-12) / 2;
004439      if( (szHdr + nStr) > nKey1 ){
004440        pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
004441        return 0;    /* Corruption */
004442      }
004443      nCmp = MIN( pPKey2->aMem[0].n, nStr );
004444      res = memcmp(&aKey1[szHdr], pPKey2->aMem[0].z, nCmp);
004445  
004446      if( res==0 ){
004447        res = nStr - pPKey2->aMem[0].n;
004448        if( res==0 ){
004449          if( pPKey2->nField>1 ){
004450            res = sqlite3VdbeRecordCompareWithSkip(nKey1, pKey1, pPKey2, 1);
004451          }else{
004452            res = pPKey2->default_rc;
004453            pPKey2->eqSeen = 1;
004454          }
004455        }else if( res>0 ){
004456          res = pPKey2->r2;
004457        }else{
004458          res = pPKey2->r1;
004459        }
004460      }else if( res>0 ){
004461        res = pPKey2->r2;
004462      }else{
004463        res = pPKey2->r1;
004464      }
004465    }
004466  
004467    assert( vdbeRecordCompareDebug(nKey1, pKey1, pPKey2, res)
004468         || CORRUPT_DB
004469         || pPKey2->pKeyInfo->db->mallocFailed
004470    );
004471    return res;
004472  }
004473  
004474  /*
004475  ** Return a pointer to an sqlite3VdbeRecordCompare() compatible function
004476  ** suitable for comparing serialized records to the unpacked record passed
004477  ** as the only argument.
004478  */
004479  RecordCompare sqlite3VdbeFindCompare(UnpackedRecord *p){
004480    /* varintRecordCompareInt() and varintRecordCompareString() both assume
004481    ** that the size-of-header varint that occurs at the start of each record
004482    ** fits in a single byte (i.e. is 127 or less). varintRecordCompareInt()
004483    ** also assumes that it is safe to overread a buffer by at least the 
004484    ** maximum possible legal header size plus 8 bytes. Because there is
004485    ** guaranteed to be at least 74 (but not 136) bytes of padding following each
004486    ** buffer passed to varintRecordCompareInt() this makes it convenient to
004487    ** limit the size of the header to 64 bytes in cases where the first field
004488    ** is an integer.
004489    **
004490    ** The easiest way to enforce this limit is to consider only records with
004491    ** 13 fields or less. If the first field is an integer, the maximum legal
004492    ** header size is (12*5 + 1 + 1) bytes.  */
004493    if( p->pKeyInfo->nAllField<=13 ){
004494      int flags = p->aMem[0].flags;
004495      if( p->pKeyInfo->aSortOrder[0] ){
004496        p->r1 = 1;
004497        p->r2 = -1;
004498      }else{
004499        p->r1 = -1;
004500        p->r2 = 1;
004501      }
004502      if( (flags & MEM_Int) ){
004503        return vdbeRecordCompareInt;
004504      }
004505      testcase( flags & MEM_Real );
004506      testcase( flags & MEM_Null );
004507      testcase( flags & MEM_Blob );
004508      if( (flags & (MEM_Real|MEM_Null|MEM_Blob))==0 && p->pKeyInfo->aColl[0]==0 ){
004509        assert( flags & MEM_Str );
004510        return vdbeRecordCompareString;
004511      }
004512    }
004513  
004514    return sqlite3VdbeRecordCompare;
004515  }
004516  
004517  /*
004518  ** pCur points at an index entry created using the OP_MakeRecord opcode.
004519  ** Read the rowid (the last field in the record) and store it in *rowid.
004520  ** Return SQLITE_OK if everything works, or an error code otherwise.
004521  **
004522  ** pCur might be pointing to text obtained from a corrupt database file.
004523  ** So the content cannot be trusted.  Do appropriate checks on the content.
004524  */
004525  int sqlite3VdbeIdxRowid(sqlite3 *db, BtCursor *pCur, i64 *rowid){
004526    i64 nCellKey = 0;
004527    int rc;
004528    u32 szHdr;        /* Size of the header */
004529    u32 typeRowid;    /* Serial type of the rowid */
004530    u32 lenRowid;     /* Size of the rowid */
004531    Mem m, v;
004532  
004533    /* Get the size of the index entry.  Only indices entries of less
004534    ** than 2GiB are support - anything large must be database corruption.
004535    ** Any corruption is detected in sqlite3BtreeParseCellPtr(), though, so
004536    ** this code can safely assume that nCellKey is 32-bits  
004537    */
004538    assert( sqlite3BtreeCursorIsValid(pCur) );
004539    nCellKey = sqlite3BtreePayloadSize(pCur);
004540    assert( (nCellKey & SQLITE_MAX_U32)==(u64)nCellKey );
004541  
004542    /* Read in the complete content of the index entry */
004543    sqlite3VdbeMemInit(&m, db, 0);
004544    rc = sqlite3VdbeMemFromBtree(pCur, 0, (u32)nCellKey, &m);
004545    if( rc ){
004546      return rc;
004547    }
004548  
004549    /* The index entry must begin with a header size */
004550    (void)getVarint32((u8*)m.z, szHdr);
004551    testcase( szHdr==3 );
004552    testcase( szHdr==m.n );
004553    if( unlikely(szHdr<3 || (int)szHdr>m.n) ){
004554      goto idx_rowid_corruption;
004555    }
004556  
004557    /* The last field of the index should be an integer - the ROWID.
004558    ** Verify that the last entry really is an integer. */
004559    (void)getVarint32((u8*)&m.z[szHdr-1], typeRowid);
004560    testcase( typeRowid==1 );
004561    testcase( typeRowid==2 );
004562    testcase( typeRowid==3 );
004563    testcase( typeRowid==4 );
004564    testcase( typeRowid==5 );
004565    testcase( typeRowid==6 );
004566    testcase( typeRowid==8 );
004567    testcase( typeRowid==9 );
004568    if( unlikely(typeRowid<1 || typeRowid>9 || typeRowid==7) ){
004569      goto idx_rowid_corruption;
004570    }
004571    lenRowid = sqlite3SmallTypeSizes[typeRowid];
004572    testcase( (u32)m.n==szHdr+lenRowid );
004573    if( unlikely((u32)m.n<szHdr+lenRowid) ){
004574      goto idx_rowid_corruption;
004575    }
004576  
004577    /* Fetch the integer off the end of the index record */
004578    sqlite3VdbeSerialGet((u8*)&m.z[m.n-lenRowid], typeRowid, &v);
004579    *rowid = v.u.i;
004580    sqlite3VdbeMemRelease(&m);
004581    return SQLITE_OK;
004582  
004583    /* Jump here if database corruption is detected after m has been
004584    ** allocated.  Free the m object and return SQLITE_CORRUPT. */
004585  idx_rowid_corruption:
004586    testcase( m.szMalloc!=0 );
004587    sqlite3VdbeMemRelease(&m);
004588    return SQLITE_CORRUPT_BKPT;
004589  }
004590  
004591  /*
004592  ** Compare the key of the index entry that cursor pC is pointing to against
004593  ** the key string in pUnpacked.  Write into *pRes a number
004594  ** that is negative, zero, or positive if pC is less than, equal to,
004595  ** or greater than pUnpacked.  Return SQLITE_OK on success.
004596  **
004597  ** pUnpacked is either created without a rowid or is truncated so that it
004598  ** omits the rowid at the end.  The rowid at the end of the index entry
004599  ** is ignored as well.  Hence, this routine only compares the prefixes 
004600  ** of the keys prior to the final rowid, not the entire key.
004601  */
004602  int sqlite3VdbeIdxKeyCompare(
004603    sqlite3 *db,                     /* Database connection */
004604    VdbeCursor *pC,                  /* The cursor to compare against */
004605    UnpackedRecord *pUnpacked,       /* Unpacked version of key */
004606    int *res                         /* Write the comparison result here */
004607  ){
004608    i64 nCellKey = 0;
004609    int rc;
004610    BtCursor *pCur;
004611    Mem m;
004612  
004613    assert( pC->eCurType==CURTYPE_BTREE );
004614    pCur = pC->uc.pCursor;
004615    assert( sqlite3BtreeCursorIsValid(pCur) );
004616    nCellKey = sqlite3BtreePayloadSize(pCur);
004617    /* nCellKey will always be between 0 and 0xffffffff because of the way
004618    ** that btreeParseCellPtr() and sqlite3GetVarint32() are implemented */
004619    if( nCellKey<=0 || nCellKey>0x7fffffff ){
004620      *res = 0;
004621      return SQLITE_CORRUPT_BKPT;
004622    }
004623    sqlite3VdbeMemInit(&m, db, 0);
004624    rc = sqlite3VdbeMemFromBtree(pCur, 0, (u32)nCellKey, &m);
004625    if( rc ){
004626      return rc;
004627    }
004628    *res = sqlite3VdbeRecordCompare(m.n, m.z, pUnpacked);
004629    sqlite3VdbeMemRelease(&m);
004630    return SQLITE_OK;
004631  }
004632  
004633  /*
004634  ** This routine sets the value to be returned by subsequent calls to
004635  ** sqlite3_changes() on the database handle 'db'. 
004636  */
004637  void sqlite3VdbeSetChanges(sqlite3 *db, int nChange){
004638    assert( sqlite3_mutex_held(db->mutex) );
004639    db->nChange = nChange;
004640    db->nTotalChange += nChange;
004641  }
004642  
004643  /*
004644  ** Set a flag in the vdbe to update the change counter when it is finalised
004645  ** or reset.
004646  */
004647  void sqlite3VdbeCountChanges(Vdbe *v){
004648    v->changeCntOn = 1;
004649  }
004650  
004651  /*
004652  ** Mark every prepared statement associated with a database connection
004653  ** as expired.
004654  **
004655  ** An expired statement means that recompilation of the statement is
004656  ** recommend.  Statements expire when things happen that make their
004657  ** programs obsolete.  Removing user-defined functions or collating
004658  ** sequences, or changing an authorization function are the types of
004659  ** things that make prepared statements obsolete.
004660  */
004661  void sqlite3ExpirePreparedStatements(sqlite3 *db){
004662    Vdbe *p;
004663    for(p = db->pVdbe; p; p=p->pNext){
004664      p->expired = 1;
004665    }
004666  }
004667  
004668  /*
004669  ** Return the database associated with the Vdbe.
004670  */
004671  sqlite3 *sqlite3VdbeDb(Vdbe *v){
004672    return v->db;
004673  }
004674  
004675  /*
004676  ** Return the SQLITE_PREPARE flags for a Vdbe.
004677  */
004678  u8 sqlite3VdbePrepareFlags(Vdbe *v){
004679    return v->prepFlags;
004680  }
004681  
004682  /*
004683  ** Return a pointer to an sqlite3_value structure containing the value bound
004684  ** parameter iVar of VM v. Except, if the value is an SQL NULL, return 
004685  ** 0 instead. Unless it is NULL, apply affinity aff (one of the SQLITE_AFF_*
004686  ** constants) to the value before returning it.
004687  **
004688  ** The returned value must be freed by the caller using sqlite3ValueFree().
004689  */
004690  sqlite3_value *sqlite3VdbeGetBoundValue(Vdbe *v, int iVar, u8 aff){
004691    assert( iVar>0 );
004692    if( v ){
004693      Mem *pMem = &v->aVar[iVar-1];
004694      assert( (v->db->flags & SQLITE_EnableQPSG)==0 );
004695      if( 0==(pMem->flags & MEM_Null) ){
004696        sqlite3_value *pRet = sqlite3ValueNew(v->db);
004697        if( pRet ){
004698          sqlite3VdbeMemCopy((Mem *)pRet, pMem);
004699          sqlite3ValueApplyAffinity(pRet, aff, SQLITE_UTF8);
004700        }
004701        return pRet;
004702      }
004703    }
004704    return 0;
004705  }
004706  
004707  /*
004708  ** Configure SQL variable iVar so that binding a new value to it signals
004709  ** to sqlite3_reoptimize() that re-preparing the statement may result
004710  ** in a better query plan.
004711  */
004712  void sqlite3VdbeSetVarmask(Vdbe *v, int iVar){
004713    assert( iVar>0 );
004714    assert( (v->db->flags & SQLITE_EnableQPSG)==0 );
004715    if( iVar>=32 ){
004716      v->expmask |= 0x80000000;
004717    }else{
004718      v->expmask |= ((u32)1 << (iVar-1));
004719    }
004720  }
004721  
004722  /*
004723  ** Cause a function to throw an error if it was call from OP_PureFunc
004724  ** rather than OP_Function.
004725  **
004726  ** OP_PureFunc means that the function must be deterministic, and should
004727  ** throw an error if it is given inputs that would make it non-deterministic.
004728  ** This routine is invoked by date/time functions that use non-deterministic
004729  ** features such as 'now'.
004730  */
004731  int sqlite3NotPureFunc(sqlite3_context *pCtx){
004732  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
004733    if( pCtx->pVdbe==0 ) return 1;
004734  #endif
004735    if( pCtx->pVdbe->aOp[pCtx->iOp].opcode==OP_PureFunc ){
004736      sqlite3_result_error(pCtx, 
004737         "non-deterministic function in index expression or CHECK constraint",
004738         -1);
004739      return 0;
004740    }
004741    return 1;
004742  }
004743  
004744  #ifndef SQLITE_OMIT_VIRTUALTABLE
004745  /*
004746  ** Transfer error message text from an sqlite3_vtab.zErrMsg (text stored
004747  ** in memory obtained from sqlite3_malloc) into a Vdbe.zErrMsg (text stored
004748  ** in memory obtained from sqlite3DbMalloc).
004749  */
004750  void sqlite3VtabImportErrmsg(Vdbe *p, sqlite3_vtab *pVtab){
004751    if( pVtab->zErrMsg ){
004752      sqlite3 *db = p->db;
004753      sqlite3DbFree(db, p->zErrMsg);
004754      p->zErrMsg = sqlite3DbStrDup(db, pVtab->zErrMsg);
004755      sqlite3_free(pVtab->zErrMsg);
004756      pVtab->zErrMsg = 0;
004757    }
004758  }
004759  #endif /* SQLITE_OMIT_VIRTUALTABLE */
004760  
004761  #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
004762  
004763  /*
004764  ** If the second argument is not NULL, release any allocations associated 
004765  ** with the memory cells in the p->aMem[] array. Also free the UnpackedRecord
004766  ** structure itself, using sqlite3DbFree().
004767  **
004768  ** This function is used to free UnpackedRecord structures allocated by
004769  ** the vdbeUnpackRecord() function found in vdbeapi.c.
004770  */
004771  static void vdbeFreeUnpacked(sqlite3 *db, int nField, UnpackedRecord *p){
004772    if( p ){
004773      int i;
004774      for(i=0; i<nField; i++){
004775        Mem *pMem = &p->aMem[i];
004776        if( pMem->zMalloc ) sqlite3VdbeMemRelease(pMem);
004777      }
004778      sqlite3DbFreeNN(db, p);
004779    }
004780  }
004781  #endif /* SQLITE_ENABLE_PREUPDATE_HOOK */
004782  
004783  #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
004784  /*
004785  ** Invoke the pre-update hook. If this is an UPDATE or DELETE pre-update call,
004786  ** then cursor passed as the second argument should point to the row about
004787  ** to be update or deleted. If the application calls sqlite3_preupdate_old(),
004788  ** the required value will be read from the row the cursor points to.
004789  */
004790  void sqlite3VdbePreUpdateHook(
004791    Vdbe *v,                        /* Vdbe pre-update hook is invoked by */
004792    VdbeCursor *pCsr,               /* Cursor to grab old.* values from */
004793    int op,                         /* SQLITE_INSERT, UPDATE or DELETE */
004794    const char *zDb,                /* Database name */
004795    Table *pTab,                    /* Modified table */
004796    i64 iKey1,                      /* Initial key value */
004797    int iReg                        /* Register for new.* record */
004798  ){
004799    sqlite3 *db = v->db;
004800    i64 iKey2;
004801    PreUpdate preupdate;
004802    const char *zTbl = pTab->zName;
004803    static const u8 fakeSortOrder = 0;
004804  
004805    assert( db->pPreUpdate==0 );
004806    memset(&preupdate, 0, sizeof(PreUpdate));
004807    if( HasRowid(pTab)==0 ){
004808      iKey1 = iKey2 = 0;
004809      preupdate.pPk = sqlite3PrimaryKeyIndex(pTab);
004810    }else{
004811      if( op==SQLITE_UPDATE ){
004812        iKey2 = v->aMem[iReg].u.i;
004813      }else{
004814        iKey2 = iKey1;
004815      }
004816    }
004817  
004818    assert( pCsr->nField==pTab->nCol 
004819         || (pCsr->nField==pTab->nCol+1 && op==SQLITE_DELETE && iReg==-1)
004820    );
004821  
004822    preupdate.v = v;
004823    preupdate.pCsr = pCsr;
004824    preupdate.op = op;
004825    preupdate.iNewReg = iReg;
004826    preupdate.keyinfo.db = db;
004827    preupdate.keyinfo.enc = ENC(db);
004828    preupdate.keyinfo.nKeyField = pTab->nCol;
004829    preupdate.keyinfo.aSortOrder = (u8*)&fakeSortOrder;
004830    preupdate.iKey1 = iKey1;
004831    preupdate.iKey2 = iKey2;
004832    preupdate.pTab = pTab;
004833  
004834    db->pPreUpdate = &preupdate;
004835    db->xPreUpdateCallback(db->pPreUpdateArg, db, op, zDb, zTbl, iKey1, iKey2);
004836    db->pPreUpdate = 0;
004837    sqlite3DbFree(db, preupdate.aRecord);
004838    vdbeFreeUnpacked(db, preupdate.keyinfo.nKeyField+1, preupdate.pUnpacked);
004839    vdbeFreeUnpacked(db, preupdate.keyinfo.nKeyField+1, preupdate.pNewUnpacked);
004840    if( preupdate.aNew ){
004841      int i;
004842      for(i=0; i<pCsr->nField; i++){
004843        sqlite3VdbeMemRelease(&preupdate.aNew[i]);
004844      }
004845      sqlite3DbFreeNN(db, preupdate.aNew);
004846    }
004847  }
004848  #endif /* SQLITE_ENABLE_PREUPDATE_HOOK */