/ Check-in [380a7b7a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Update this branch with the latest changes from trunk.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | server-process-edition
Files: files | file ages | folders
SHA3-256: 380a7b7a458b212b0463c8e128c289cc70f2fdb9b9a63b91fc7542c120eb9c10
User & Date: dan 2017-08-16 17:06:42
Context
2017-08-17
19:32
Add support for crash recovery in multi-process mode. And add test cases for the same. check-in: a8115f95 user: dan tags: server-process-edition
2017-08-16
17:06
Update this branch with the latest changes from trunk. check-in: 380a7b7a user: dan tags: server-process-edition
16:52
Enhance this branch to support page-level-locking (without MVCC) for multi-process deployments. check-in: 04e0cb57 user: dan tags: server-process-edition
14:16
Remove an unnecessary local variable from OP_Column, for a small size reduction and performance increase. check-in: 39543903 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/btree.c.

   444    444         pLock->eLock = READ_LOCK;
   445    445       }
   446    446     }
   447    447   }
   448    448   
   449    449   #endif /* SQLITE_OMIT_SHARED_CACHE */
   450    450   
   451         -static void releasePage(MemPage *pPage);  /* Forward reference */
          451  +static void releasePage(MemPage *pPage);
          452  +static void releasePageNotNull(MemPage *pPage);  /* Forward reference */
   452    453   
   453    454   /*
   454    455   ***** This routine is used inside of assert() only ****
   455    456   **
   456    457   ** Verify that the cursor holds the mutex on its BtShared
   457    458   */
   458    459   #ifdef SQLITE_DEBUG
................................................................................
   603    604   }
   604    605   
   605    606   /*
   606    607   ** Release all of the apPage[] pages for a cursor.
   607    608   */
   608    609   static void btreeReleaseAllCursorPages(BtCursor *pCur){
   609    610     int i;
   610         -  for(i=0; i<=pCur->iPage; i++){
   611         -    releasePage(pCur->apPage[i]);
   612         -    pCur->apPage[i] = 0;
          611  +  if( pCur->iPage>=0 ){
          612  +    for(i=0; i<pCur->iPage; i++){
          613  +      releasePageNotNull(pCur->apPage[i]);
          614  +    }
          615  +    releasePageNotNull(pCur->pPage);
          616  +    pCur->iPage = -1;
   613    617     }
   614         -  pCur->iPage = -1;
   615    618   }
   616    619   
   617    620   /*
   618    621   ** The cursor passed as the only argument must point to a valid entry
   619    622   ** when this function is called (i.e. have eState==CURSOR_VALID). This
   620    623   ** function saves the current cursor key in variables pCur->nKey and
   621    624   ** pCur->pKey. SQLITE_OK is returned if successful or an SQLite error 
................................................................................
   776    779   
   777    780     if( pKey ){
   778    781       assert( nKey==(i64)(int)nKey );
   779    782       pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
   780    783       if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
   781    784       sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
   782    785       if( pIdxKey->nField==0 ){
   783         -      rc = SQLITE_CORRUPT_PGNO(pCur->apPage[pCur->iPage]->pgno);
          786  +      rc = SQLITE_CORRUPT;
   784    787         goto moveto_done;
   785    788       }
   786    789     }else{
   787    790       pIdxKey = 0;
   788    791     }
   789    792     rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);
   790    793   moveto_done:
................................................................................
  2054   2057     MemPage **ppPage,               /* Write the page pointer here */
  2055   2058     BtCursor *pCur,                 /* Cursor to receive the page, or NULL */
  2056   2059     int bReadOnly                   /* True for a read-only page */
  2057   2060   ){
  2058   2061     int rc;
  2059   2062     DbPage *pDbPage;
  2060   2063     assert( sqlite3_mutex_held(pBt->mutex) );
  2061         -  assert( pCur==0 || ppPage==&pCur->apPage[pCur->iPage] );
         2064  +  assert( pCur==0 || ppPage==&pCur->pPage );
  2062   2065     assert( pCur==0 || bReadOnly==pCur->curPagerFlags );
  2063   2066     assert( pCur==0 || pCur->iPage>0 );
  2064   2067   
  2065   2068     if( pgno>btreePagecount(pBt) ){
  2066   2069       rc = SQLITE_CORRUPT_BKPT;
  2067   2070       goto getAndInitPage_error;
  2068   2071     }
................................................................................
  2088   2091       rc = SQLITE_CORRUPT_PGNO(pgno);
  2089   2092       releasePage(*ppPage);
  2090   2093       goto getAndInitPage_error;
  2091   2094     }
  2092   2095     return SQLITE_OK;
  2093   2096   
  2094   2097   getAndInitPage_error:
  2095         -  if( pCur ) pCur->iPage--;
         2098  +  if( pCur ){
         2099  +    pCur->iPage--;
         2100  +    pCur->pPage = pCur->apPage[pCur->iPage];
         2101  +  }
  2096   2102     testcase( pgno==0 );
  2097   2103     assert( pgno!=0 || rc==SQLITE_CORRUPT );
  2098   2104     return rc;
  2099   2105   }
  2100   2106   
  2101   2107   /*
  2102   2108   ** Release a MemPage.  This should be called once for each prior
................................................................................
  4307   4313   /*
  4308   4314   ** Close a cursor.  The read lock on the database file is released
  4309   4315   ** when the last cursor is closed.
  4310   4316   */
  4311   4317   int sqlite3BtreeCloseCursor(BtCursor *pCur){
  4312   4318     Btree *pBtree = pCur->pBtree;
  4313   4319     if( pBtree ){
  4314         -    int i;
  4315   4320       BtShared *pBt = pCur->pBt;
  4316   4321       sqlite3BtreeEnter(pBtree);
  4317         -    sqlite3BtreeClearCursor(pCur);
  4318   4322       assert( pBt->pCursor!=0 );
  4319   4323       if( pBt->pCursor==pCur ){
  4320   4324         pBt->pCursor = pCur->pNext;
  4321   4325       }else{
  4322   4326         BtCursor *pPrev = pBt->pCursor;
  4323   4327         do{
  4324   4328           if( pPrev->pNext==pCur ){
  4325   4329             pPrev->pNext = pCur->pNext;
  4326   4330             break;
  4327   4331           }
  4328   4332           pPrev = pPrev->pNext;
  4329   4333         }while( ALWAYS(pPrev) );
  4330   4334       }
  4331         -    for(i=0; i<=pCur->iPage; i++){
  4332         -      releasePageNotNull(pCur->apPage[i]);
  4333         -    }
         4335  +    btreeReleaseAllCursorPages(pCur);
  4334   4336       unlockBtreeIfUnused(pBt);
  4335   4337       sqlite3_free(pCur->aOverflow);
  4336         -    /* sqlite3_free(pCur); */
         4338  +    sqlite3_free(pCur->pKey);
  4337   4339       sqlite3BtreeLeave(pBtree);
  4338   4340     }
  4339   4341     return SQLITE_OK;
  4340   4342   }
  4341   4343   
  4342   4344   /*
  4343   4345   ** Make sure the BtCursor* given in the argument has a valid
................................................................................
  4346   4348   **
  4347   4349   ** BtCursor.info is a cache of the information in the current cell.
  4348   4350   ** Using this cache reduces the number of calls to btreeParseCell().
  4349   4351   */
  4350   4352   #ifndef NDEBUG
  4351   4353     static void assertCellInfo(BtCursor *pCur){
  4352   4354       CellInfo info;
  4353         -    int iPage = pCur->iPage;
  4354   4355       memset(&info, 0, sizeof(info));
  4355         -    btreeParseCell(pCur->apPage[iPage], pCur->ix, &info);
         4356  +    btreeParseCell(pCur->pPage, pCur->ix, &info);
  4356   4357       assert( CORRUPT_DB || memcmp(&info, &pCur->info, sizeof(info))==0 );
  4357   4358     }
  4358   4359   #else
  4359   4360     #define assertCellInfo(x)
  4360   4361   #endif
  4361   4362   static SQLITE_NOINLINE void getCellInfo(BtCursor *pCur){
  4362   4363     if( pCur->info.nSize==0 ){
  4363         -    int iPage = pCur->iPage;
  4364   4364       pCur->curFlags |= BTCF_ValidNKey;
  4365         -    btreeParseCell(pCur->apPage[iPage],pCur->ix,&pCur->info);
         4365  +    btreeParseCell(pCur->pPage,pCur->ix,&pCur->info);
  4366   4366     }else{
  4367   4367       assertCellInfo(pCur);
  4368   4368     }
  4369   4369   }
  4370   4370   
  4371   4371   #ifndef NDEBUG  /* The next routine used only within assert() statements */
  4372   4372   /*
................................................................................
  4556   4556     u32 amt,             /* Read this many bytes */
  4557   4557     unsigned char *pBuf, /* Write the bytes into this buffer */ 
  4558   4558     int eOp              /* zero to read. non-zero to write. */
  4559   4559   ){
  4560   4560     unsigned char *aPayload;
  4561   4561     int rc = SQLITE_OK;
  4562   4562     int iIdx = 0;
  4563         -  MemPage *pPage = pCur->apPage[pCur->iPage]; /* Btree page of current entry */
         4563  +  MemPage *pPage = pCur->pPage;               /* Btree page of current entry */
  4564   4564     BtShared *pBt = pCur->pBt;                  /* Btree this cursor belongs to */
  4565   4565   #ifdef SQLITE_DIRECT_OVERFLOW_READ
  4566   4566     unsigned char * const pBufStart = pBuf;     /* Start of original out buffer */
  4567   4567   #endif
  4568   4568   
  4569   4569     assert( pPage );
  4570   4570     assert( eOp==0 || eOp==1 );
................................................................................
  4752   4752   ** Return SQLITE_OK on success or an error code if anything goes
  4753   4753   ** wrong.  An error is returned if "offset+amt" is larger than
  4754   4754   ** the available payload.
  4755   4755   */
  4756   4756   int sqlite3BtreePayload(BtCursor *pCur, u32 offset, u32 amt, void *pBuf){
  4757   4757     assert( cursorHoldsMutex(pCur) );
  4758   4758     assert( pCur->eState==CURSOR_VALID );
  4759         -  assert( pCur->iPage>=0 && pCur->apPage[pCur->iPage] );
  4760         -  assert( pCur->ix<pCur->apPage[pCur->iPage]->nCell );
         4759  +  assert( pCur->iPage>=0 && pCur->pPage );
         4760  +  assert( pCur->ix<pCur->pPage->nCell );
  4761   4761     return accessPayload(pCur, offset, amt, (unsigned char*)pBuf, 0);
  4762   4762   }
  4763   4763   
  4764   4764   /*
  4765   4765   ** This variant of sqlite3BtreePayload() works even if the cursor has not
  4766   4766   ** in the CURSOR_VALID state.  It is only used by the sqlite3_blob_read()
  4767   4767   ** interface.
................................................................................
  4811   4811   ** any btree routine is called.
  4812   4812   */
  4813   4813   static const void *fetchPayload(
  4814   4814     BtCursor *pCur,      /* Cursor pointing to entry to read from */
  4815   4815     u32 *pAmt            /* Write the number of available bytes here */
  4816   4816   ){
  4817   4817     u32 amt;
  4818         -  assert( pCur!=0 && pCur->iPage>=0 && pCur->apPage[pCur->iPage]);
         4818  +  assert( pCur!=0 && pCur->iPage>=0 && pCur->pPage);
  4819   4819     assert( pCur->eState==CURSOR_VALID );
  4820   4820     assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) );
  4821   4821     assert( cursorOwnsBtShared(pCur) );
  4822         -  assert( pCur->ix<pCur->apPage[pCur->iPage]->nCell );
         4822  +  assert( pCur->ix<pCur->pPage->nCell );
  4823   4823     assert( pCur->info.nSize>0 );
  4824         -  assert( pCur->info.pPayload>pCur->apPage[pCur->iPage]->aData || CORRUPT_DB );
  4825         -  assert( pCur->info.pPayload<pCur->apPage[pCur->iPage]->aDataEnd ||CORRUPT_DB);
  4826         -  amt = (int)(pCur->apPage[pCur->iPage]->aDataEnd - pCur->info.pPayload);
         4824  +  assert( pCur->info.pPayload>pCur->pPage->aData || CORRUPT_DB );
         4825  +  assert( pCur->info.pPayload<pCur->pPage->aDataEnd ||CORRUPT_DB);
         4826  +  amt = (int)(pCur->pPage->aDataEnd - pCur->info.pPayload);
  4827   4827     if( pCur->info.nLocal<amt ) amt = pCur->info.nLocal;
  4828   4828     *pAmt = amt;
  4829   4829     return (void*)pCur->info.pPayload;
  4830   4830   }
  4831   4831   
  4832   4832   
  4833   4833   /*
................................................................................
  4866   4866     assert( pCur->iPage<BTCURSOR_MAX_DEPTH );
  4867   4867     assert( pCur->iPage>=0 );
  4868   4868     if( pCur->iPage>=(BTCURSOR_MAX_DEPTH-1) ){
  4869   4869       return SQLITE_CORRUPT_BKPT;
  4870   4870     }
  4871   4871     pCur->info.nSize = 0;
  4872   4872     pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
  4873         -  pCur->aiIdx[pCur->iPage++] = pCur->ix;
         4873  +  pCur->aiIdx[pCur->iPage] = pCur->ix;
         4874  +  pCur->apPage[pCur->iPage] = pCur->pPage;
  4874   4875     pCur->ix = 0;
  4875         -  return getAndInitPage(pBt, newPgno, &pCur->apPage[pCur->iPage],
  4876         -                        pCur, pCur->curPagerFlags);
         4876  +  pCur->iPage++;
         4877  +  return getAndInitPage(pBt, newPgno, &pCur->pPage, pCur, pCur->curPagerFlags);
  4877   4878   }
  4878   4879   
  4879   4880   #ifdef SQLITE_DEBUG
  4880   4881   /*
  4881   4882   ** Page pParent is an internal (non-leaf) tree page. This function 
  4882   4883   ** asserts that page number iChild is the left-child if the iIdx'th
  4883   4884   ** cell in page pParent. Or, if iIdx is equal to the total number of
................................................................................
  4903   4904   **
  4904   4905   ** pCur->idx is set to the cell index that contains the pointer
  4905   4906   ** to the page we are coming from.  If we are coming from the
  4906   4907   ** right-most child page then pCur->idx is set to one more than
  4907   4908   ** the largest cell index.
  4908   4909   */
  4909   4910   static void moveToParent(BtCursor *pCur){
         4911  +  MemPage *pLeaf;
  4910   4912     assert( cursorOwnsBtShared(pCur) );
  4911   4913     assert( pCur->eState==CURSOR_VALID );
  4912   4914     assert( pCur->iPage>0 );
  4913         -  assert( pCur->apPage[pCur->iPage] );
         4915  +  assert( pCur->pPage );
  4914   4916     assertParentIndex(
  4915   4917       pCur->apPage[pCur->iPage-1], 
  4916   4918       pCur->aiIdx[pCur->iPage-1], 
  4917         -    pCur->apPage[pCur->iPage]->pgno
         4919  +    pCur->pPage->pgno
  4918   4920     );
  4919   4921     testcase( pCur->aiIdx[pCur->iPage-1] > pCur->apPage[pCur->iPage-1]->nCell );
  4920   4922     pCur->info.nSize = 0;
  4921   4923     pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
  4922   4924     pCur->ix = pCur->aiIdx[pCur->iPage-1];
  4923         -  releasePageNotNull(pCur->apPage[pCur->iPage--]);
         4925  +  pLeaf = pCur->pPage;
         4926  +  pCur->pPage = pCur->apPage[--pCur->iPage];
         4927  +  releasePageNotNull(pLeaf);
  4924   4928   }
  4925   4929   
  4926   4930   /*
  4927   4931   ** Move the cursor to point to the root page of its b-tree structure.
  4928   4932   **
  4929   4933   ** If the table has a virtual root page, then the cursor is moved to point
  4930   4934   ** to the virtual root page instead of the actual root page. A table has a
  4931   4935   ** virtual root page when the actual root page contains no cells and a 
  4932   4936   ** single child page. This can only happen with the table rooted at page 1.
  4933   4937   **
  4934   4938   ** If the b-tree structure is empty, the cursor state is set to 
  4935         -** CURSOR_INVALID. Otherwise, the cursor is set to point to the first
  4936         -** cell located on the root (or virtual root) page and the cursor state
  4937         -** is set to CURSOR_VALID.
         4939  +** CURSOR_INVALID and this routine returns SQLITE_EMPTY. Otherwise,
         4940  +** the cursor is set to point to the first cell located on the root
         4941  +** (or virtual root) page and the cursor state is set to CURSOR_VALID.
  4938   4942   **
  4939   4943   ** If this function returns successfully, it may be assumed that the
  4940   4944   ** page-header flags indicate that the [virtual] root-page is the expected 
  4941   4945   ** kind of b-tree page (i.e. if when opening the cursor the caller did not
  4942   4946   ** specify a KeyInfo structure the flags byte is set to 0x05 or 0x0D,
  4943   4947   ** indicating a table b-tree, or if the caller did specify a KeyInfo 
  4944   4948   ** structure the flags byte is set to 0x02 or 0x0A, indicating an index
................................................................................
  4949   4953     int rc = SQLITE_OK;
  4950   4954   
  4951   4955     assert( cursorOwnsBtShared(pCur) );
  4952   4956     assert( CURSOR_INVALID < CURSOR_REQUIRESEEK );
  4953   4957     assert( CURSOR_VALID   < CURSOR_REQUIRESEEK );
  4954   4958     assert( CURSOR_FAULT   > CURSOR_REQUIRESEEK );
  4955   4959     assert( pCur->eState < CURSOR_REQUIRESEEK || pCur->iPage<0 );
         4960  +  assert( pCur->pgnoRoot>0 || pCur->iPage<0 );
  4956   4961   
  4957   4962     if( pCur->iPage>=0 ){
  4958   4963       if( pCur->iPage ){
  4959         -      do{
  4960         -        assert( pCur->apPage[pCur->iPage]!=0 );
  4961         -        releasePageNotNull(pCur->apPage[pCur->iPage--]);
  4962         -      }while( pCur->iPage);
         4964  +      releasePageNotNull(pCur->pPage);
         4965  +      while( --pCur->iPage ){
         4966  +        releasePageNotNull(pCur->apPage[pCur->iPage]);
         4967  +      }
         4968  +      pCur->pPage = pCur->apPage[0];
  4963   4969         goto skip_init;
  4964   4970       }
  4965   4971     }else if( pCur->pgnoRoot==0 ){
  4966   4972       pCur->eState = CURSOR_INVALID;
  4967         -    return SQLITE_OK;
         4973  +    return SQLITE_EMPTY;
  4968   4974     }else{
  4969   4975       assert( pCur->iPage==(-1) );
  4970   4976       if( pCur->eState>=CURSOR_REQUIRESEEK ){
  4971   4977         if( pCur->eState==CURSOR_FAULT ){
  4972   4978           assert( pCur->skipNext!=SQLITE_OK );
  4973   4979           return pCur->skipNext;
  4974   4980         }
  4975   4981         sqlite3BtreeClearCursor(pCur);
  4976   4982       }
  4977         -    rc = getAndInitPage(pCur->pBtree->pBt, pCur->pgnoRoot, &pCur->apPage[0],
         4983  +    rc = getAndInitPage(pCur->pBtree->pBt, pCur->pgnoRoot, &pCur->pPage,
  4978   4984                           0, pCur->curPagerFlags);
  4979   4985       if( rc!=SQLITE_OK ){
  4980   4986         pCur->eState = CURSOR_INVALID;
  4981         -       return rc;
         4987  +      return rc;
  4982   4988       }
  4983   4989       pCur->iPage = 0;
  4984         -    pCur->curIntKey = pCur->apPage[0]->intKey;
         4990  +    pCur->curIntKey = pCur->pPage->intKey;
  4985   4991     }
  4986         -  pRoot = pCur->apPage[0];
         4992  +  pRoot = pCur->pPage;
  4987   4993     assert( pRoot->pgno==pCur->pgnoRoot );
  4988   4994   
  4989   4995     /* If pCur->pKeyInfo is not NULL, then the caller that opened this cursor
  4990   4996     ** expected to open it on an index b-tree. Otherwise, if pKeyInfo is
  4991   4997     ** NULL, the caller expects a table b-tree. If this is not the case,
  4992   4998     ** return an SQLITE_CORRUPT error. 
  4993   4999     **
................................................................................
  4994   5000     ** Earlier versions of SQLite assumed that this test could not fail
  4995   5001     ** if the root page was already loaded when this function was called (i.e.
  4996   5002     ** if pCur->iPage>=0). But this is not so if the database is corrupted 
  4997   5003     ** in such a way that page pRoot is linked into a second b-tree table 
  4998   5004     ** (or the freelist).  */
  4999   5005     assert( pRoot->intKey==1 || pRoot->intKey==0 );
  5000   5006     if( pRoot->isInit==0 || (pCur->pKeyInfo==0)!=pRoot->intKey ){
  5001         -    return SQLITE_CORRUPT_PGNO(pCur->apPage[pCur->iPage]->pgno);
         5007  +    return SQLITE_CORRUPT_PGNO(pCur->pPage->pgno);
  5002   5008     }
  5003   5009   
  5004   5010   skip_init:  
  5005   5011     pCur->ix = 0;
  5006   5012     pCur->info.nSize = 0;
  5007   5013     pCur->curFlags &= ~(BTCF_AtLast|BTCF_ValidNKey|BTCF_ValidOvfl);
  5008   5014   
  5009         -  pRoot = pCur->apPage[0];
         5015  +  pRoot = pCur->pPage;
  5010   5016     if( pRoot->nCell>0 ){
  5011   5017       pCur->eState = CURSOR_VALID;
  5012   5018     }else if( !pRoot->leaf ){
  5013   5019       Pgno subpage;
  5014   5020       if( pRoot->pgno!=1 ) return SQLITE_CORRUPT_BKPT;
  5015   5021       subpage = get4byte(&pRoot->aData[pRoot->hdrOffset+8]);
  5016   5022       pCur->eState = CURSOR_VALID;
  5017   5023       rc = moveToChild(pCur, subpage);
  5018   5024     }else{
  5019   5025       pCur->eState = CURSOR_INVALID;
         5026  +    rc = SQLITE_EMPTY;
  5020   5027     }
  5021   5028     return rc;
  5022   5029   }
  5023   5030   
  5024   5031   /*
  5025   5032   ** Move the cursor down to the left-most leaf entry beneath the
  5026   5033   ** entry to which it is currently pointing.
................................................................................
  5031   5038   static int moveToLeftmost(BtCursor *pCur){
  5032   5039     Pgno pgno;
  5033   5040     int rc = SQLITE_OK;
  5034   5041     MemPage *pPage;
  5035   5042   
  5036   5043     assert( cursorOwnsBtShared(pCur) );
  5037   5044     assert( pCur->eState==CURSOR_VALID );
  5038         -  while( rc==SQLITE_OK && !(pPage = pCur->apPage[pCur->iPage])->leaf ){
         5045  +  while( rc==SQLITE_OK && !(pPage = pCur->pPage)->leaf ){
  5039   5046       assert( pCur->ix<pPage->nCell );
  5040   5047       pgno = get4byte(findCell(pPage, pCur->ix));
  5041   5048       rc = moveToChild(pCur, pgno);
  5042   5049     }
  5043   5050     return rc;
  5044   5051   }
  5045   5052   
................................................................................
  5056   5063   static int moveToRightmost(BtCursor *pCur){
  5057   5064     Pgno pgno;
  5058   5065     int rc = SQLITE_OK;
  5059   5066     MemPage *pPage = 0;
  5060   5067   
  5061   5068     assert( cursorOwnsBtShared(pCur) );
  5062   5069     assert( pCur->eState==CURSOR_VALID );
  5063         -  while( !(pPage = pCur->apPage[pCur->iPage])->leaf ){
         5070  +  while( !(pPage = pCur->pPage)->leaf ){
  5064   5071       pgno = get4byte(&pPage->aData[pPage->hdrOffset+8]);
  5065   5072       pCur->ix = pPage->nCell;
  5066   5073       rc = moveToChild(pCur, pgno);
  5067   5074       if( rc ) return rc;
  5068   5075     }
  5069   5076     pCur->ix = pPage->nCell-1;
  5070   5077     assert( pCur->info.nSize==0 );
................................................................................
  5079   5086   int sqlite3BtreeFirst(BtCursor *pCur, int *pRes){
  5080   5087     int rc;
  5081   5088   
  5082   5089     assert( cursorOwnsBtShared(pCur) );
  5083   5090     assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) );
  5084   5091     rc = moveToRoot(pCur);
  5085   5092     if( rc==SQLITE_OK ){
  5086         -    if( pCur->eState==CURSOR_INVALID ){
  5087         -      assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 );
  5088         -      *pRes = 1;
  5089         -    }else{
  5090         -      assert( pCur->apPage[pCur->iPage]->nCell>0 );
  5091         -      *pRes = 0;
  5092         -      rc = moveToLeftmost(pCur);
  5093         -    }
         5093  +    assert( pCur->pPage->nCell>0 );
         5094  +    *pRes = 0;
         5095  +    rc = moveToLeftmost(pCur);
         5096  +  }else if( rc==SQLITE_EMPTY ){
         5097  +    assert( pCur->pgnoRoot==0 || pCur->pPage->nCell==0 );
         5098  +    *pRes = 1;
         5099  +    rc = SQLITE_OK;
  5094   5100     }
  5095   5101     return rc;
  5096   5102   }
  5097   5103   
  5098   5104   /* Move the cursor to the last entry in the table.  Return SQLITE_OK
  5099   5105   ** on success.  Set *pRes to 0 if the cursor actually points to something
  5100   5106   ** or set *pRes to 1 if the table is empty.
................................................................................
  5110   5116   #ifdef SQLITE_DEBUG
  5111   5117       /* This block serves to assert() that the cursor really does point 
  5112   5118       ** to the last entry in the b-tree. */
  5113   5119       int ii;
  5114   5120       for(ii=0; ii<pCur->iPage; ii++){
  5115   5121         assert( pCur->aiIdx[ii]==pCur->apPage[ii]->nCell );
  5116   5122       }
  5117         -    assert( pCur->ix==pCur->apPage[pCur->iPage]->nCell-1 );
  5118         -    assert( pCur->apPage[pCur->iPage]->leaf );
         5123  +    assert( pCur->ix==pCur->pPage->nCell-1 );
         5124  +    assert( pCur->pPage->leaf );
  5119   5125   #endif
  5120   5126       return SQLITE_OK;
  5121   5127     }
  5122   5128   
  5123   5129     rc = moveToRoot(pCur);
  5124   5130     if( rc==SQLITE_OK ){
  5125         -    if( CURSOR_INVALID==pCur->eState ){
  5126         -      assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 );
  5127         -      *pRes = 1;
         5131  +    assert( pCur->eState==CURSOR_VALID );
         5132  +    *pRes = 0;
         5133  +    rc = moveToRightmost(pCur);
         5134  +    if( rc==SQLITE_OK ){
         5135  +      pCur->curFlags |= BTCF_AtLast;
  5128   5136       }else{
  5129         -      assert( pCur->eState==CURSOR_VALID );
  5130         -      *pRes = 0;
  5131         -      rc = moveToRightmost(pCur);
  5132         -      if( rc==SQLITE_OK ){
  5133         -        pCur->curFlags |= BTCF_AtLast;
  5134         -      }else{
  5135         -        pCur->curFlags &= ~BTCF_AtLast;
  5136         -      }
  5137         -   
         5137  +      pCur->curFlags &= ~BTCF_AtLast;
  5138   5138       }
         5139  +  }else if( rc==SQLITE_EMPTY ){
         5140  +    assert( pCur->pgnoRoot==0 || pCur->pPage->nCell==0 );
         5141  +    *pRes = 1;
         5142  +    rc = SQLITE_OK;
  5139   5143     }
  5140   5144     return rc;
  5141   5145   }
  5142   5146   
  5143   5147   /* Move the cursor so that it points to an entry near the key 
  5144   5148   ** specified by pIdxKey or intKey.   Return a success code.
  5145   5149   **
................................................................................
  5230   5234       );
  5231   5235     }else{
  5232   5236       xRecordCompare = 0; /* All keys are integers */
  5233   5237     }
  5234   5238   
  5235   5239     rc = moveToRoot(pCur);
  5236   5240     if( rc ){
         5241  +    if( rc==SQLITE_EMPTY ){
         5242  +      assert( pCur->pgnoRoot==0 || pCur->pPage->nCell==0 );
         5243  +      *pRes = -1;
         5244  +      return SQLITE_OK;
         5245  +    }
  5237   5246       return rc;
  5238   5247     }
  5239         -  assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage] );
  5240         -  assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->isInit );
  5241         -  assert( pCur->eState==CURSOR_INVALID || pCur->apPage[pCur->iPage]->nCell>0 );
  5242         -  if( pCur->eState==CURSOR_INVALID ){
  5243         -    *pRes = -1;
  5244         -    assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 );
  5245         -    return SQLITE_OK;
  5246         -  }
  5247         -  assert( pCur->apPage[0]->intKey==pCur->curIntKey );
         5248  +  assert( pCur->pPage );
         5249  +  assert( pCur->pPage->isInit );
         5250  +  assert( pCur->eState==CURSOR_VALID );
         5251  +  assert( pCur->pPage->nCell > 0 );
         5252  +  assert( pCur->iPage==0 || pCur->apPage[0]->intKey==pCur->curIntKey );
  5248   5253     assert( pCur->curIntKey || pIdxKey );
  5249   5254     for(;;){
  5250   5255       int lwr, upr, idx, c;
  5251   5256       Pgno chldPg;
  5252         -    MemPage *pPage = pCur->apPage[pCur->iPage];
         5257  +    MemPage *pPage = pCur->pPage;
  5253   5258       u8 *pCell;                          /* Pointer to current cell in pPage */
  5254   5259   
  5255   5260       /* pPage->nCell must be greater than zero. If this is the root-page
  5256   5261       ** the cursor would have been INVALID above and this for(;;) loop
  5257   5262       ** not run. If this is not the root-page, then the moveToChild() routine
  5258   5263       ** would have already detected db corruption. Similarly, pPage must
  5259   5264       ** be the right kind (index or table) of b-tree page. Otherwise
................................................................................
  5384   5389           assert( lwr+upr>=0 );
  5385   5390           idx = (lwr+upr)>>1;  /* idx = (lwr+upr)/2 */
  5386   5391         }
  5387   5392       }
  5388   5393       assert( lwr==upr+1 || (pPage->intKey && !pPage->leaf) );
  5389   5394       assert( pPage->isInit );
  5390   5395       if( pPage->leaf ){
  5391         -      assert( pCur->ix<pCur->apPage[pCur->iPage]->nCell );
         5396  +      assert( pCur->ix<pCur->pPage->nCell );
  5392   5397         pCur->ix = (u16)idx;
  5393   5398         *pRes = c;
  5394   5399         rc = SQLITE_OK;
  5395   5400         goto moveto_finish;
  5396   5401       }
  5397   5402   moveto_next_layer:
  5398   5403       if( lwr>=pPage->nCell ){
................................................................................
  5438   5443     assert( cursorOwnsBtShared(pCur) );
  5439   5444     assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) );
  5440   5445   
  5441   5446     /* Currently this interface is only called by the OP_IfSmaller
  5442   5447     ** opcode, and it that case the cursor will always be valid and
  5443   5448     ** will always point to a leaf node. */
  5444   5449     if( NEVER(pCur->eState!=CURSOR_VALID) ) return -1;
  5445         -  if( NEVER(pCur->apPage[pCur->iPage]->leaf==0) ) return -1;
         5450  +  if( NEVER(pCur->pPage->leaf==0) ) return -1;
  5446   5451   
  5447         -  for(n=1, i=0; i<=pCur->iPage; i++){
         5452  +  n = pCur->pPage->nCell;
         5453  +  for(i=0; i<pCur->iPage; i++){
  5448   5454       n *= pCur->apPage[i]->nCell;
  5449   5455     }
  5450   5456     return n;
  5451   5457   }
  5452   5458   
  5453   5459   /*
  5454   5460   ** Advance the cursor to the next entry in the database. 
................................................................................
  5493   5499           pCur->skipNext = 0;
  5494   5500           return SQLITE_OK;
  5495   5501         }
  5496   5502         pCur->skipNext = 0;
  5497   5503       }
  5498   5504     }
  5499   5505   
  5500         -  pPage = pCur->apPage[pCur->iPage];
         5506  +  pPage = pCur->pPage;
  5501   5507     idx = ++pCur->ix;
  5502   5508     assert( pPage->isInit );
  5503   5509   
  5504   5510     /* If the database file is corrupt, it is possible for the value of idx 
  5505   5511     ** to be invalid here. This can only occur if a second cursor modifies
  5506   5512     ** the page while cursor pCur is holding a reference to it. Which can
  5507   5513     ** only happen if the database is corrupt in such a way as to link the
................................................................................
  5516   5522       }
  5517   5523       do{
  5518   5524         if( pCur->iPage==0 ){
  5519   5525           pCur->eState = CURSOR_INVALID;
  5520   5526           return SQLITE_DONE;
  5521   5527         }
  5522   5528         moveToParent(pCur);
  5523         -      pPage = pCur->apPage[pCur->iPage];
         5529  +      pPage = pCur->pPage;
  5524   5530       }while( pCur->ix>=pPage->nCell );
  5525   5531       if( pPage->intKey ){
  5526   5532         return sqlite3BtreeNext(pCur, 0);
  5527   5533       }else{
  5528   5534         return SQLITE_OK;
  5529   5535       }
  5530   5536     }
................................................................................
  5539   5545     UNUSED_PARAMETER( flags );  /* Used in COMDB2 but not native SQLite */
  5540   5546     assert( cursorOwnsBtShared(pCur) );
  5541   5547     assert( flags==0 || flags==1 );
  5542   5548     assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
  5543   5549     pCur->info.nSize = 0;
  5544   5550     pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
  5545   5551     if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur);
  5546         -  pPage = pCur->apPage[pCur->iPage];
         5552  +  pPage = pCur->pPage;
  5547   5553     if( (++pCur->ix)>=pPage->nCell ){
  5548   5554       pCur->ix--;
  5549   5555       return btreeNext(pCur);
  5550   5556     }
  5551   5557     if( pPage->leaf ){
  5552   5558       return SQLITE_OK;
  5553   5559     }else{
................................................................................
  5598   5604           pCur->skipNext = 0;
  5599   5605           return SQLITE_OK;
  5600   5606         }
  5601   5607         pCur->skipNext = 0;
  5602   5608       }
  5603   5609     }
  5604   5610   
  5605         -  pPage = pCur->apPage[pCur->iPage];
         5611  +  pPage = pCur->pPage;
  5606   5612     assert( pPage->isInit );
  5607   5613     if( !pPage->leaf ){
  5608   5614       int idx = pCur->ix;
  5609   5615       rc = moveToChild(pCur, get4byte(findCell(pPage, idx)));
  5610   5616       if( rc ) return rc;
  5611   5617       rc = moveToRightmost(pCur);
  5612   5618     }else{
................................................................................
  5617   5623         }
  5618   5624         moveToParent(pCur);
  5619   5625       }
  5620   5626       assert( pCur->info.nSize==0 );
  5621   5627       assert( (pCur->curFlags & (BTCF_ValidOvfl))==0 );
  5622   5628   
  5623   5629       pCur->ix--;
  5624         -    pPage = pCur->apPage[pCur->iPage];
         5630  +    pPage = pCur->pPage;
  5625   5631       if( pPage->intKey && !pPage->leaf ){
  5626   5632         rc = sqlite3BtreePrevious(pCur, 0);
  5627   5633       }else{
  5628   5634         rc = SQLITE_OK;
  5629   5635       }
  5630   5636     }
  5631   5637     return rc;
................................................................................
  5635   5641     assert( flags==0 || flags==1 );
  5636   5642     assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
  5637   5643     UNUSED_PARAMETER( flags );  /* Used in COMDB2 but not native SQLite */
  5638   5644     pCur->curFlags &= ~(BTCF_AtLast|BTCF_ValidOvfl|BTCF_ValidNKey);
  5639   5645     pCur->info.nSize = 0;
  5640   5646     if( pCur->eState!=CURSOR_VALID
  5641   5647      || pCur->ix==0
  5642         -   || pCur->apPage[pCur->iPage]->leaf==0
         5648  +   || pCur->pPage->leaf==0
  5643   5649     ){
  5644   5650       return btreePrevious(pCur);
  5645   5651     }
  5646   5652     pCur->ix--;
  5647   5653     return SQLITE_OK;
  5648   5654   }
  5649   5655   
................................................................................
  8207   8213     u8 *pFree = 0;
  8208   8214   
  8209   8215     VVA_ONLY( int balance_quick_called = 0 );
  8210   8216     VVA_ONLY( int balance_deeper_called = 0 );
  8211   8217   
  8212   8218     do {
  8213   8219       int iPage = pCur->iPage;
  8214         -    MemPage *pPage = pCur->apPage[iPage];
         8220  +    MemPage *pPage = pCur->pPage;
  8215   8221   
  8216   8222       if( iPage==0 ){
  8217   8223         if( pPage->nOverflow ){
  8218   8224           /* The root page of the b-tree is overfull. In this case call the
  8219   8225           ** balance_deeper() function to create a new child for the root-page
  8220   8226           ** and copy the current contents of the root-page to it. The
  8221   8227           ** next iteration of the do-loop will balance the child page.
................................................................................
  8223   8229           assert( balance_deeper_called==0 );
  8224   8230           VVA_ONLY( balance_deeper_called++ );
  8225   8231           rc = balance_deeper(pPage, &pCur->apPage[1]);
  8226   8232           if( rc==SQLITE_OK ){
  8227   8233             pCur->iPage = 1;
  8228   8234             pCur->ix = 0;
  8229   8235             pCur->aiIdx[0] = 0;
  8230         -          assert( pCur->apPage[1]->nOverflow );
         8236  +          pCur->apPage[0] = pPage;
         8237  +          pCur->pPage = pCur->apPage[1];
         8238  +          assert( pCur->pPage->nOverflow );
  8231   8239           }
  8232   8240         }else{
  8233   8241           break;
  8234   8242         }
  8235   8243       }else if( pPage->nOverflow==0 && pPage->nFree<=nMin ){
  8236   8244         break;
  8237   8245       }else{
................................................................................
  8303   8311   
  8304   8312         pPage->nOverflow = 0;
  8305   8313   
  8306   8314         /* The next iteration of the do-loop balances the parent page. */
  8307   8315         releasePage(pPage);
  8308   8316         pCur->iPage--;
  8309   8317         assert( pCur->iPage>=0 );
         8318  +      pCur->pPage = pCur->apPage[pCur->iPage];
  8310   8319       }
  8311   8320     }while( rc==SQLITE_OK );
  8312   8321   
  8313   8322     if( pFree ){
  8314   8323       sqlite3PageFree(pFree);
  8315   8324     }
  8316   8325     return rc;
................................................................................
  8434   8443       }else{
  8435   8444         rc = btreeMoveto(pCur, pX->pKey, pX->nKey, flags!=0, &loc);
  8436   8445       }
  8437   8446       if( rc ) return rc;
  8438   8447     }
  8439   8448     assert( pCur->eState==CURSOR_VALID || (pCur->eState==CURSOR_INVALID && loc) );
  8440   8449   
  8441         -  pPage = pCur->apPage[pCur->iPage];
         8450  +  pPage = pCur->pPage;
  8442   8451     assert( pPage->intKey || pX->nKey>=0 );
  8443   8452     assert( pPage->leaf || !pPage->intKey );
  8444   8453   
  8445   8454     TRACE(("INSERT: table=%d nkey=%lld ndata=%d page=%d %s\n",
  8446   8455             pCur->pgnoRoot, pX->nKey, pX->nData, pPage->pgno,
  8447   8456             loc==0 ? "overwrite" : "new entry"));
  8448   8457     assert( pPage->isInit );
................................................................................
  8521   8530       pCur->curFlags &= ~(BTCF_ValidNKey);
  8522   8531       rc = balance(pCur);
  8523   8532   
  8524   8533       /* Must make sure nOverflow is reset to zero even if the balance()
  8525   8534       ** fails. Internal data structure corruption will result otherwise. 
  8526   8535       ** Also, set the cursor state to invalid. This stops saveCursorPosition()
  8527   8536       ** from trying to save the current position of the cursor.  */
  8528         -    pCur->apPage[pCur->iPage]->nOverflow = 0;
         8537  +    pCur->pPage->nOverflow = 0;
  8529   8538       pCur->eState = CURSOR_INVALID;
  8530   8539       if( (flags & BTREE_SAVEPOSITION) && rc==SQLITE_OK ){
  8531   8540         btreeReleaseAllCursorPages(pCur);
  8532   8541         if( pCur->pKeyInfo ){
  8533   8542           assert( pCur->pKey==0 );
  8534   8543           pCur->pKey = sqlite3Malloc( pX->nKey );
  8535   8544           if( pCur->pKey==0 ){
................................................................................
  8538   8547             memcpy(pCur->pKey, pX->pKey, pX->nKey);
  8539   8548           }
  8540   8549         }
  8541   8550         pCur->eState = CURSOR_REQUIRESEEK;
  8542   8551         pCur->nKey = pX->nKey;
  8543   8552       }
  8544   8553     }
  8545         -  assert( pCur->iPage<0 || pCur->apPage[pCur->iPage]->nOverflow==0 );
         8554  +  assert( pCur->iPage<0 || pCur->pPage->nOverflow==0 );
  8546   8555   
  8547   8556   end_insert:
  8548   8557     return rc;
  8549   8558   }
  8550   8559   
  8551   8560   /*
  8552   8561   ** Delete the entry that the cursor is pointing to. 
................................................................................
  8579   8588   
  8580   8589     assert( cursorOwnsBtShared(pCur) );
  8581   8590     assert( pBt->inTransaction==TRANS_WRITE );
  8582   8591     assert( (pBt->btsFlags & BTS_READ_ONLY)==0 );
  8583   8592     assert( pCur->curFlags & BTCF_WriteFlag );
  8584   8593     assert( hasSharedCacheTableLock(p, pCur->pgnoRoot, pCur->pKeyInfo!=0, 2) );
  8585   8594     assert( !hasReadConflicts(p, pCur->pgnoRoot) );
  8586         -  assert( pCur->ix<pCur->apPage[pCur->iPage]->nCell );
         8595  +  assert( pCur->ix<pCur->pPage->nCell );
  8587   8596     assert( pCur->eState==CURSOR_VALID );
  8588   8597     assert( (flags & ~(BTREE_SAVEPOSITION | BTREE_AUXDELETE))==0 );
  8589   8598   
  8590   8599     iCellDepth = pCur->iPage;
  8591   8600     iCellIdx = pCur->ix;
  8592         -  pPage = pCur->apPage[iCellDepth];
         8601  +  pPage = pCur->pPage;
  8593   8602     pCell = findCell(pPage, iCellIdx);
  8594   8603   
  8595   8604     /* If the bPreserve flag is set to true, then the cursor position must
  8596   8605     ** be preserved following this delete operation. If the current delete
  8597   8606     ** will cause a b-tree rebalance, then this is done by saving the cursor
  8598   8607     ** key and leaving the cursor in CURSOR_REQUIRESEEK state before 
  8599   8608     ** returning. 
................................................................................
  8651   8660   
  8652   8661     /* If the cell deleted was not located on a leaf page, then the cursor
  8653   8662     ** is currently pointing to the largest entry in the sub-tree headed
  8654   8663     ** by the child-page of the cell that was just deleted from an internal
  8655   8664     ** node. The cell from the leaf node needs to be moved to the internal
  8656   8665     ** node to replace the deleted cell.  */
  8657   8666     if( !pPage->leaf ){
  8658         -    MemPage *pLeaf = pCur->apPage[pCur->iPage];
         8667  +    MemPage *pLeaf = pCur->pPage;
  8659   8668       int nCell;
  8660         -    Pgno n = pCur->apPage[iCellDepth+1]->pgno;
         8669  +    Pgno n;
  8661   8670       unsigned char *pTmp;
  8662   8671   
         8672  +    if( iCellDepth<pCur->iPage-1 ){
         8673  +      n = pCur->apPage[iCellDepth+1]->pgno;
         8674  +    }else{
         8675  +      n = pCur->pPage->pgno;
         8676  +    }
  8663   8677       pCell = findCell(pLeaf, pLeaf->nCell-1);
  8664   8678       if( pCell<&pLeaf->aData[4] ) return SQLITE_CORRUPT_BKPT;
  8665   8679       nCell = pLeaf->xCellSize(pLeaf, pCell);
  8666   8680       assert( MX_CELL_SIZE(pBt) >= nCell );
  8667   8681       pTmp = pBt->pTmpSpace;
  8668   8682       assert( pTmp!=0 );
  8669   8683       rc = sqlite3PagerWrite(pLeaf->pDbPage);
................................................................................
  8687   8701     ** on the leaf node first. If the balance proceeds far enough up the
  8688   8702     ** tree that we can be sure that any problem in the internal node has
  8689   8703     ** been corrected, so be it. Otherwise, after balancing the leaf node,
  8690   8704     ** walk the cursor up the tree to the internal node and balance it as 
  8691   8705     ** well.  */
  8692   8706     rc = balance(pCur);
  8693   8707     if( rc==SQLITE_OK && pCur->iPage>iCellDepth ){
         8708  +    releasePageNotNull(pCur->pPage);
         8709  +    pCur->iPage--;
  8694   8710       while( pCur->iPage>iCellDepth ){
  8695   8711         releasePage(pCur->apPage[pCur->iPage--]);
  8696   8712       }
         8713  +    pCur->pPage = pCur->apPage[pCur->iPage];
  8697   8714       rc = balance(pCur);
  8698   8715     }
  8699   8716   
  8700   8717     if( rc==SQLITE_OK ){
  8701   8718       if( bSkipnext ){
  8702   8719         assert( bPreserve && (pCur->iPage==iCellDepth || CORRUPT_DB) );
  8703         -      assert( pPage==pCur->apPage[pCur->iPage] || CORRUPT_DB );
         8720  +      assert( pPage==pCur->pPage || CORRUPT_DB );
  8704   8721         assert( (pPage->nCell>0 || CORRUPT_DB) && iCellIdx<=pPage->nCell );
  8705   8722         pCur->eState = CURSOR_SKIPNEXT;
  8706   8723         if( iCellIdx>=pPage->nCell ){
  8707   8724           pCur->skipNext = -1;
  8708   8725           pCur->ix = pPage->nCell-1;
  8709   8726         }else{
  8710   8727           pCur->skipNext = 1;
................................................................................
  8711   8728         }
  8712   8729       }else{
  8713   8730         rc = moveToRoot(pCur);
  8714   8731         if( bPreserve ){
  8715   8732           btreeReleaseAllCursorPages(pCur);
  8716   8733           pCur->eState = CURSOR_REQUIRESEEK;
  8717   8734         }
         8735  +      if( rc==SQLITE_EMPTY ) rc = SQLITE_OK;
  8718   8736       }
  8719   8737     }
  8720   8738     return rc;
  8721   8739   }
  8722   8740   
  8723   8741   /*
  8724   8742   ** Create a new BTree table.  Write into *piTable the page
................................................................................
  9175   9193   ** Otherwise, if an error is encountered (i.e. an IO error or database
  9176   9194   ** corruption) an SQLite error code is returned.
  9177   9195   */
  9178   9196   int sqlite3BtreeCount(BtCursor *pCur, i64 *pnEntry){
  9179   9197     i64 nEntry = 0;                      /* Value to return in *pnEntry */
  9180   9198     int rc;                              /* Return code */
  9181   9199   
  9182         -  if( pCur->pgnoRoot==0 ){
         9200  +  rc = moveToRoot(pCur);
         9201  +  if( rc==SQLITE_EMPTY ){
  9183   9202       *pnEntry = 0;
  9184   9203       return SQLITE_OK;
  9185   9204     }
  9186         -  rc = moveToRoot(pCur);
  9187   9205   
  9188   9206     /* Unless an error occurs, the following loop runs one iteration for each
  9189   9207     ** page in the B-Tree structure (not including overflow pages). 
  9190   9208     */
  9191   9209     while( rc==SQLITE_OK ){
  9192   9210       int iIdx;                          /* Index of child node in parent */
  9193   9211       MemPage *pPage;                    /* Current page of the b-tree */
  9194   9212   
  9195   9213       /* If this is a leaf page or the tree is not an int-key tree, then 
  9196   9214       ** this page contains countable entries. Increment the entry counter
  9197   9215       ** accordingly.
  9198   9216       */
  9199         -    pPage = pCur->apPage[pCur->iPage];
         9217  +    pPage = pCur->pPage;
  9200   9218       if( pPage->leaf || !pPage->intKey ){
  9201   9219         nEntry += pPage->nCell;
  9202   9220       }
  9203   9221   
  9204   9222       /* pPage is a leaf node. This loop navigates the cursor so that it 
  9205   9223       ** points to the first interior cell that it points to the parent of
  9206   9224       ** the next page in the tree that has not yet been visited. The
................................................................................
  9215   9233         do {
  9216   9234           if( pCur->iPage==0 ){
  9217   9235             /* All pages of the b-tree have been visited. Return successfully. */
  9218   9236             *pnEntry = nEntry;
  9219   9237             return moveToRoot(pCur);
  9220   9238           }
  9221   9239           moveToParent(pCur);
  9222         -      }while ( pCur->ix>=pCur->apPage[pCur->iPage]->nCell );
         9240  +      }while ( pCur->ix>=pCur->pPage->nCell );
  9223   9241   
  9224   9242         pCur->ix++;
  9225         -      pPage = pCur->apPage[pCur->iPage];
         9243  +      pPage = pCur->pPage;
  9226   9244       }
  9227   9245   
  9228   9246       /* Descend to the child node of the cell that the cursor currently 
  9229   9247       ** points at. This is the right-child if (iIdx==pPage->nCell).
  9230   9248       */
  9231   9249       iIdx = pCur->ix;
  9232   9250       if( iIdx==pPage->nCell ){
................................................................................
 10109  10127     if( (pCsr->curFlags & BTCF_WriteFlag)==0 ){
 10110  10128       return SQLITE_READONLY;
 10111  10129     }
 10112  10130     assert( (pCsr->pBt->btsFlags & BTS_READ_ONLY)==0
 10113  10131                 && pCsr->pBt->inTransaction==TRANS_WRITE );
 10114  10132     assert( hasSharedCacheTableLock(pCsr->pBtree, pCsr->pgnoRoot, 0, 2) );
 10115  10133     assert( !hasReadConflicts(pCsr->pBtree, pCsr->pgnoRoot) );
 10116         -  assert( pCsr->apPage[pCsr->iPage]->intKey );
        10134  +  assert( pCsr->pPage->intKey );
 10117  10135   
 10118  10136     return accessPayload(pCsr, offset, amt, (unsigned char *)z, 1);
 10119  10137   }
 10120  10138   
 10121  10139   /* 
 10122  10140   ** Mark this cursor as an incremental blob cursor.
 10123  10141   */

Changes to src/btreeInt.h.

   518    518     ** sqlite3BtreeCursorZero().  Fields that follow must be manually
   519    519     ** initialized. */
   520    520     i8 iPage;                 /* Index of current page in apPage */
   521    521     u8 curIntKey;             /* Value of apPage[0]->intKey */
   522    522     u16 ix;                   /* Current index for apPage[iPage] */
   523    523     u16 aiIdx[BTCURSOR_MAX_DEPTH-1];     /* Current index in apPage[i] */
   524    524     struct KeyInfo *pKeyInfo;            /* Arg passed to comparison function */
   525         -  MemPage *apPage[BTCURSOR_MAX_DEPTH]; /* Pages from root to current page */
          525  +  MemPage *pPage;                        /* Current page */
          526  +  MemPage *apPage[BTCURSOR_MAX_DEPTH-1]; /* Stack of parents of current page */
   526    527   };
   527    528   
   528    529   /*
   529    530   ** Legal values for BtCursor.curFlags
   530    531   */
   531    532   #define BTCF_WriteFlag    0x01   /* True if a write cursor */
   532    533   #define BTCF_ValidNKey    0x02   /* True if info.nKey is valid */

Changes to src/expr.c.

  1969   1969     switch( op ){
  1970   1970       case TK_INTEGER:
  1971   1971       case TK_STRING:
  1972   1972       case TK_FLOAT:
  1973   1973       case TK_BLOB:
  1974   1974         return 0;
  1975   1975       case TK_COLUMN:
  1976         -      assert( p->pTab!=0 );
  1977   1976         return ExprHasProperty(p, EP_CanBeNull) ||
         1977  +             p->pTab==0 ||  /* Reference to column of index on expression */
  1978   1978                (p->iColumn>=0 && p->pTab->aCol[p->iColumn].notNull==0);
  1979   1979       default:
  1980   1980         return 1;
  1981   1981     }
  1982   1982   }
  1983   1983   
  1984   1984   /*

Changes to src/select.c.

  1613   1613     fullName = (db->flags & SQLITE_FullColNames)!=0;
  1614   1614     srcName = (db->flags & SQLITE_ShortColNames)!=0 || fullName;
  1615   1615     sqlite3VdbeSetNumCols(v, pEList->nExpr);
  1616   1616     for(i=0; i<pEList->nExpr; i++){
  1617   1617       Expr *p = pEList->a[i].pExpr;
  1618   1618   
  1619   1619       assert( p!=0 );
         1620  +    assert( p->op!=TK_AGG_COLUMN );  /* Agg processing has not run yet */
         1621  +    assert( p->op!=TK_COLUMN || p->pTab!=0 ); /* Covering indexes not yet coded */
  1620   1622       if( pEList->a[i].zName ){
  1621   1623         /* An AS clause always takes first priority */
  1622   1624         char *zName = pEList->a[i].zName;
  1623   1625         sqlite3VdbeSetColName(v, i, COLNAME_NAME, zName, SQLITE_TRANSIENT);
  1624   1626       }else if( srcName && p->op==TK_COLUMN ){
  1625   1627         char *zCol;
  1626   1628         int iCol = p->iColumn;

Changes to src/sqlite.h.in.

   428    428   #define SQLITE_INTERRUPT    9   /* Operation terminated by sqlite3_interrupt()*/
   429    429   #define SQLITE_IOERR       10   /* Some kind of disk I/O error occurred */
   430    430   #define SQLITE_CORRUPT     11   /* The database disk image is malformed */
   431    431   #define SQLITE_NOTFOUND    12   /* Unknown opcode in sqlite3_file_control() */
   432    432   #define SQLITE_FULL        13   /* Insertion failed because database is full */
   433    433   #define SQLITE_CANTOPEN    14   /* Unable to open the database file */
   434    434   #define SQLITE_PROTOCOL    15   /* Database lock protocol error */
   435         -#define SQLITE_EMPTY       16   /* Not used */
          435  +#define SQLITE_EMPTY       16   /* Internal use only */
   436    436   #define SQLITE_SCHEMA      17   /* The database schema changed */
   437    437   #define SQLITE_TOOBIG      18   /* String or BLOB exceeds size limit */
   438    438   #define SQLITE_CONSTRAINT  19   /* Abort due to constraint violation */
   439    439   #define SQLITE_MISMATCH    20   /* Data type mismatch */
   440    440   #define SQLITE_MISUSE      21   /* Library used incorrectly */
   441    441   #define SQLITE_NOLFS       22   /* Uses OS features not supported on host */
   442    442   #define SQLITE_AUTH        23   /* Authorization denied */

Changes to src/sqliteInt.h.

  2383   2383                            ** TK_SELECT_COLUMN: column of the result vector */
  2384   2384     i16 iAgg;              /* Which entry in pAggInfo->aCol[] or ->aFunc[] */
  2385   2385     i16 iRightJoinTable;   /* If EP_FromJoin, the right table of the join */
  2386   2386     u8 op2;                /* TK_REGISTER: original value of Expr.op
  2387   2387                            ** TK_COLUMN: the value of p5 for OP_Column
  2388   2388                            ** TK_AGG_FUNCTION: nesting depth */
  2389   2389     AggInfo *pAggInfo;     /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
  2390         -  Table *pTab;           /* Table for TK_COLUMN expressions. */
         2390  +  Table *pTab;           /* Table for TK_COLUMN expressions.  Can be NULL
         2391  +                         ** for a column of an index on an expression */
  2391   2392   };
  2392   2393   
  2393   2394   /*
  2394   2395   ** The following are the meanings of bits in the Expr.flags field.
  2395   2396   */
  2396   2397   #define EP_FromJoin  0x000001 /* Originates in ON/USING clause of outer join */
  2397   2398   #define EP_Agg       0x000002 /* Contains one or more aggregate functions */

Changes to src/vdbe.c.

  2382   2382     int len;           /* The length of the serialized data for the column */
  2383   2383     int i;             /* Loop counter */
  2384   2384     Mem *pDest;        /* Where to write the extracted value */
  2385   2385     Mem sMem;          /* For storing the record being decoded */
  2386   2386     const u8 *zData;   /* Part of the record being decoded */
  2387   2387     const u8 *zHdr;    /* Next unparsed byte of the header */
  2388   2388     const u8 *zEndHdr; /* Pointer to first byte after the header */
  2389         -  u32 offset;        /* Offset into the data */
  2390   2389     u64 offset64;      /* 64-bit offset */
  2391         -  u32 avail;         /* Number of bytes of available data */
  2392   2390     u32 t;             /* A type code from the record header */
  2393   2391     Mem *pReg;         /* PseudoTable input register */
  2394   2392   
  2395   2393     pC = p->apCsr[pOp->p1];
  2396   2394     p2 = pOp->p2;
  2397   2395   
  2398   2396     /* If the cursor cache is stale (meaning it is not currently point at
................................................................................
  2415   2413     if( pC->cacheStatus!=p->cacheCtr ){                /*OPTIMIZATION-IF-FALSE*/
  2416   2414       if( pC->nullRow ){
  2417   2415         if( pC->eCurType==CURTYPE_PSEUDO ){
  2418   2416           assert( pC->uc.pseudoTableReg>0 );
  2419   2417           pReg = &aMem[pC->uc.pseudoTableReg];
  2420   2418           assert( pReg->flags & MEM_Blob );
  2421   2419           assert( memIsValid(pReg) );
  2422         -        pC->payloadSize = pC->szRow = avail = pReg->n;
         2420  +        pC->payloadSize = pC->szRow = pReg->n;
  2423   2421           pC->aRow = (u8*)pReg->z;
  2424   2422         }else{
  2425   2423           sqlite3VdbeMemSetNull(pDest);
  2426   2424           goto op_column_out;
  2427   2425         }
  2428   2426       }else{
  2429   2427         pCrsr = pC->uc.pCursor;
  2430   2428         assert( pC->eCurType==CURTYPE_BTREE );
  2431   2429         assert( pCrsr );
  2432   2430         assert( sqlite3BtreeCursorIsValid(pCrsr) );
  2433   2431         pC->payloadSize = sqlite3BtreePayloadSize(pCrsr);
  2434         -      pC->aRow = sqlite3BtreePayloadFetch(pCrsr, &avail);
  2435         -      assert( avail<=65536 );  /* Maximum page size is 64KiB */
  2436         -      if( pC->payloadSize <= (u32)avail ){
  2437         -        pC->szRow = pC->payloadSize;
  2438         -      }else if( pC->payloadSize > (u32)db->aLimit[SQLITE_LIMIT_LENGTH] ){
         2432  +      pC->aRow = sqlite3BtreePayloadFetch(pCrsr, &pC->szRow);
         2433  +      assert( pC->szRow<=pC->payloadSize );
         2434  +      assert( pC->szRow<=65536 );  /* Maximum page size is 64KiB */
         2435  +      if( pC->payloadSize > (u32)db->aLimit[SQLITE_LIMIT_LENGTH] ){
  2439   2436           goto too_big;
  2440         -      }else{
  2441         -        pC->szRow = avail;
  2442   2437         }
  2443   2438       }
  2444   2439       pC->cacheStatus = p->cacheCtr;
  2445         -    pC->iHdrOffset = getVarint32(pC->aRow, offset);
         2440  +    pC->iHdrOffset = getVarint32(pC->aRow, aOffset[0]);
  2446   2441       pC->nHdrParsed = 0;
  2447         -    aOffset[0] = offset;
  2448   2442   
  2449   2443   
  2450         -    if( avail<offset ){      /*OPTIMIZATION-IF-FALSE*/
         2444  +    if( pC->szRow<aOffset[0] ){      /*OPTIMIZATION-IF-FALSE*/
  2451   2445         /* pC->aRow does not have to hold the entire row, but it does at least
  2452   2446         ** need to cover the header of the record.  If pC->aRow does not contain
  2453   2447         ** the complete header, then set it to zero, forcing the header to be
  2454   2448         ** dynamically allocated. */
  2455   2449         pC->aRow = 0;
  2456   2450         pC->szRow = 0;
  2457   2451   
................................................................................
  2460   2454         **
  2461   2455         ** Type entries can be between 1 and 5 bytes each.  But 4 and 5 byte
  2462   2456         ** types use so much data space that there can only be 4096 and 32 of
  2463   2457         ** them, respectively.  So the maximum header length results from a
  2464   2458         ** 3-byte type for each of the maximum of 32768 columns plus three
  2465   2459         ** extra bytes for the header length itself.  32768*3 + 3 = 98307.
  2466   2460         */
  2467         -      if( offset > 98307 || offset > pC->payloadSize ){
         2461  +      if( aOffset[0] > 98307 || aOffset[0] > pC->payloadSize ){
  2468   2462           rc = SQLITE_CORRUPT_BKPT;
  2469   2463           goto abort_due_to_error;
  2470   2464         }
  2471         -    }else if( offset>0 ){ /*OPTIMIZATION-IF-TRUE*/
  2472         -      /* The following goto is an optimization.  It can be omitted and
  2473         -      ** everything will still work.  But OP_Column is measurably faster
  2474         -      ** by skipping the subsequent conditional, which is always true.
         2465  +    }else{
         2466  +      /* This is an optimization.  By skipping over the first few tests
         2467  +      ** (ex: pC->nHdrParsed<=p2) in the next section, we achieve a
         2468  +      ** measurable performance gain.
         2469  +      **
         2470  +      ** This branch is taken even if aOffset[0]==0.  Such a record is never
         2471  +      ** generated by SQLite, and could be considered corruption, but we
         2472  +      ** accept it for historical reasons.  When aOffset[0]==0, the code this
         2473  +      ** branch jumps to reads past the end of the record, but never more
         2474  +      ** than a few bytes.  Even if the record occurs at the end of the page
         2475  +      ** content area, the "page header" comes after the page content and so
         2476  +      ** this overread is harmless.  Similar overreads can occur for a corrupt
         2477  +      ** database file.
  2475   2478         */
  2476   2479         zData = pC->aRow;
  2477   2480         assert( pC->nHdrParsed<=p2 );         /* Conditional skipped */
         2481  +      testcase( aOffset[0]==0 );
  2478   2482         goto op_column_read_header;
  2479   2483       }
  2480   2484     }
  2481   2485   
  2482   2486     /* Make sure at least the first p2+1 entries of the header have been
  2483   2487     ** parsed and valid information is in aOffset[] and pC->aType[].
  2484   2488     */
................................................................................
  2499   2503     
  2500   2504         /* Fill in pC->aType[i] and aOffset[i] values through the p2-th field. */
  2501   2505       op_column_read_header:
  2502   2506         i = pC->nHdrParsed;
  2503   2507         offset64 = aOffset[i];
  2504   2508         zHdr = zData + pC->iHdrOffset;
  2505   2509         zEndHdr = zData + aOffset[0];
         2510  +      testcase( zHdr>=zEndHdr );
  2506   2511         do{
  2507   2512           if( (t = zHdr[0])<0x80 ){
  2508   2513             zHdr++;
  2509   2514             offset64 += sqlite3VdbeOneByteSerialTypeLen(t);
  2510   2515           }else{
  2511   2516             zHdr += sqlite3GetVarint32(zHdr, &t);
  2512   2517             offset64 += sqlite3VdbeSerialTypeLen(t);
................................................................................
  2519   2524         ** (1) the bytes of the header extend past the declared header size
  2520   2525         ** (2) the entire header was used but not all data was used
  2521   2526         ** (3) the end of the data extends beyond the end of the record.
  2522   2527         */
  2523   2528         if( (zHdr>=zEndHdr && (zHdr>zEndHdr || offset64!=pC->payloadSize))
  2524   2529          || (offset64 > pC->payloadSize)
  2525   2530         ){
  2526         -        if( pC->aRow==0 ) sqlite3VdbeMemRelease(&sMem);
  2527         -        rc = SQLITE_CORRUPT_BKPT;
  2528         -        goto abort_due_to_error;
         2531  +        if( aOffset[0]==0 ){
         2532  +          i = 0;
         2533  +          zHdr = zEndHdr;
         2534  +        }else{
         2535  +          if( pC->aRow==0 ) sqlite3VdbeMemRelease(&sMem);
         2536  +          rc = SQLITE_CORRUPT_BKPT;
         2537  +          goto abort_due_to_error;
         2538  +        }
  2529   2539         }
  2530   2540   
  2531   2541         pC->nHdrParsed = i;
  2532   2542         pC->iHdrOffset = (u32)(zHdr - zData);
  2533   2543         if( pC->aRow==0 ) sqlite3VdbeMemRelease(&sMem);
  2534   2544       }else{
  2535   2545         t = 0;

Changes to test/indexexpr1.test.

   375    375   #
   376    376   do_execsql_test indexexpr1-1300.1 {
   377    377     CREATE TABLE t1300(a INTEGER PRIMARY KEY, b);
   378    378     INSERT INTO t1300 VALUES(1,'coffee'),(2,'COFFEE'),(3,'stress'),(4,'STRESS');
   379    379     CREATE INDEX t1300bexpr ON t1300( substr(b,4) );
   380    380     SELECT a FROM t1300 WHERE substr(b,4)='ess' COLLATE nocase ORDER BY +a;
   381    381   } {3 4}
          382  +
          383  +# Ticket https://sqlite.org/src/tktview/aa98619a
          384  +# Assertion fault using an index on a constant
          385  +#
          386  +do_execsql_test indexexpr1-1400 {
          387  +  CREATE TABLE t1400(x TEXT);
          388  +  CREATE INDEX t1400x ON t1400(1);  -- Index on a constant
          389  +  SELECT 1 IN (SELECT 2) FROM t1400;
          390  +} {}
          391  +do_execsql_test indexexpr1-1410 {
          392  +  INSERT INTO t1400 VALUES('a'),('b');
          393  +  SELECT 1 IN (SELECT 2) FROM t1400;
          394  +} {0 0}
          395  +do_execsql_test indexexpr1-1420 {
          396  +  SELECT 1 IN (SELECT 2 UNION ALL SELECT 1) FROM t1400;
          397  +} {1 1}
          398  +do_execsql_test indexexpr1-1430 {
          399  +  DROP INDEX t1400x;
          400  +  CREATE INDEX t1400x ON t1400(abs(15+3));
          401  +  SELECT abs(15+3) IN (SELECT 17 UNION ALL SELECT 18) FROM t1;
          402  +} {1 1}
          403  +
   382    404   
   383    405   finish_test