/ Check-in [706b41b7]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Registerification of the VDBE is complete. The operand stack has been removed from the code. All instructions operate out of registers only. (CVS 4718)
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 706b41b70bd1e2030e6fa44358c38a26c5cf0985
User & Date: drh 2008-01-17 16:22:14
Context
2008-01-17
17:15
Reuse registers better in the inner loop of a SELECT statement. (CVS 4719) check-in: 5ba4e5ad user: drh tags: trunk
16:22
Registerification of the VDBE is complete. The operand stack has been removed from the code. All instructions operate out of registers only. (CVS 4718) check-in: 706b41b7 user: drh tags: trunk
02:36
Registerification of the WHERE clause logic. (CVS 4717) check-in: 5581160f user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to mkopcodeh.awk.

    47     47   # Scan for "case OP_aaaa:" lines in the vdbe.c file
    48     48   /^case OP_/ {
    49     49     name = $2
    50     50     sub(/:/,"",name)
    51     51     sub("\r","",name)
    52     52     op[name] = -1
    53     53     jump[name] = 0
    54         -  nopush[name] = 0
    55     54     out2_prerelease[name] = 0
    56     55     in1[name] = 0
    57     56     in2[name] = 0
    58     57     in3[name] = 0
    59     58     out2[name] = 0
    60     59     out3[name] = 0
    61     60     for(i=3; i<NF; i++){
................................................................................
    64     63         sub(/,/,"",sym)
    65     64         op[name] = tk[sym]
    66     65         used[op[name]] = 1
    67     66         sameas[op[name]] = sym
    68     67       }
    69     68       x = $i
    70     69       sub(",","",x)
    71         -    if(x=="no-push"){
    72         -      nopush[name] = 1
    73         -    }else if(x=="jump"){
           70  +    if(x=="jump"){
    74     71         jump[name] = 1
    75     72       }else if(x=="out2-prerelease"){
    76     73         out2_prerelease[name] = 1
    77     74       }else if(x=="in1"){
    78     75         in1[name] = 1
    79     76       }else if(x=="in2"){
    80     77         in2[name] = 1
................................................................................
   126    123     #  bit 1:     pushes a result onto stack
   127    124     #  bit 2:     output to p1.  release p1 before opcode runs
   128    125     #
   129    126     for(i=0; i<=max; i++) bv[i] = 0;
   130    127     for(name in op){
   131    128       x = op[name]
   132    129       a0 = a1 = a2 = a3 = a4 = a5 = a6 = a7 = 0
   133         -    a8 = a9 = a10 = a11 = a12 = a13 = a14 = a15 = 0
          130  +    # a8 = a9 = a10 = a11 = a12 = a13 = a14 = a15 = 0
   134    131       if( jump[name] ) a0 = 1;
   135         -    if( nopush[name]==0 ) a1 = 2;
   136         -    if( out2_prerelease[name] ) a2 = 4;
   137         -    if( in1[name] ) a3 = 8;
   138         -    if( in2[name] ) a4 = 16;
   139         -    if( in3[name] ) a5 = 32;
   140         -    if( out2[name] ) a6 = 64;
   141         -    if( out3[name] ) a7 = 128;
   142         -    bv[x] = a0+a1+a2+a3+a4+a5+a6+a7+a8+a9+a10+a11+a12+a13+a14+a15;
          132  +    if( out2_prerelease[name] ) a1 = 2;
          133  +    if( in1[name] ) a2 = 4;
          134  +    if( in2[name] ) a3 = 8;
          135  +    if( in3[name] ) a4 = 16;
          136  +    if( out2[name] ) a5 = 32;
          137  +    if( out3[name] ) a6 = 64;
          138  +    # bv[x] = a0+a1+a2+a3+a4+a5+a6+a7+a8+a9+a10+a11+a12+a13+a14+a15;
          139  +    bv[x] = a0+a1+a2+a3+a4+a5+a6;
   143    140     }
   144    141     print "\n"
   145    142     print "/* Properties such as \"out2\" or \"jump\" that are specified in"
   146    143     print "** comments following the \"case\" for each opcode in the vdbe.c"
   147    144     print "** are encoded into bitvectors as follows:"
   148    145     print "*/"
   149    146     print "#define OPFLG_JUMP            0x0001  /* jump:  P2 holds jmp target */"
   150         -  print "#define OPFLG_PUSH            0x0002  /* ~no-push:  Does not push */"
   151         -  print "#define OPFLG_OUT2_PRERELEASE 0x0004  /* out2-prerelease: */"
   152         -  print "#define OPFLG_IN1             0x0008  /* in1:   P1 is an input */"
   153         -  print "#define OPFLG_IN2             0x0010  /* in2:   P2 is an input */"
   154         -  print "#define OPFLG_IN3             0x0020  /* in3:   P3 is an input */"
   155         -  print "#define OPFLG_OUT2            0x0040  /* out2:  P2 is an output */"
   156         -  print "#define OPFLG_OUT3            0x0080  /* out3:  P3 is an output */"
          147  +  print "#define OPFLG_OUT2_PRERELEASE 0x0002  /* out2-prerelease: */"
          148  +  print "#define OPFLG_IN1             0x0004  /* in1:   P1 is an input */"
          149  +  print "#define OPFLG_IN2             0x0008  /* in2:   P2 is an input */"
          150  +  print "#define OPFLG_IN3             0x0010  /* in3:   P3 is an input */"
          151  +  print "#define OPFLG_OUT2            0x0020  /* out2:  P2 is an output */"
          152  +  print "#define OPFLG_OUT3            0x0040  /* out3:  P3 is an output */"
   157    153     print "#define OPFLG_INITIALIZER {\\"
   158    154     for(i=0; i<=max; i++){
   159    155       if( i%8==0 ) printf("/* %3d */",i)
   160         -    printf " 0x%04x,", bv[i]
          156  +    printf " 0x%02x,", bv[i]
   161    157       if( i%8==7 ) printf("\\\n");
   162    158     }
   163    159     print "}"
   164    160   }

Changes to src/alter.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that used to generate VDBE code
    13     13   ** that implements the ALTER TABLE command.
    14     14   **
    15         -** $Id: alter.c,v 1.39 2008/01/04 22:01:03 drh Exp $
           15  +** $Id: alter.c,v 1.40 2008/01/17 16:22:15 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <ctype.h>
    19     19   
    20     20   /*
    21     21   ** The code in this file only exists if we are not omitting the
    22     22   ** ALTER TABLE logic from the build.
................................................................................
   349    349     ** table.
   350    350     */
   351    351     v = sqlite3GetVdbe(pParse);
   352    352     if( v==0 ){
   353    353       goto exit_rename_table;
   354    354     }
   355    355     sqlite3BeginWriteOperation(pParse, isVirtualRename, iDb);
   356         -  sqlite3ChangeCookie(db, v, iDb);
          356  +  sqlite3ChangeCookie(pParse, iDb);
   357    357   
   358    358     /* If this is a virtual table, invoke the xRename() function if
   359    359     ** one is defined. The xRename() callback will modify the names
   360    360     ** of any resources used by the v-table implementation (including other
   361    361     ** SQLite tables) that are identified by the name of the virtual table.
   362    362     */
   363    363   #ifndef SQLITE_OMIT_VIRTUALTABLE
................................................................................
   617    617     pNew->addColOffset = pTab->addColOffset;
   618    618     pNew->nRef = 1;
   619    619   
   620    620     /* Begin a transaction and increment the schema cookie.  */
   621    621     sqlite3BeginWriteOperation(pParse, 0, iDb);
   622    622     v = sqlite3GetVdbe(pParse);
   623    623     if( !v ) goto exit_begin_add_column;
   624         -  sqlite3ChangeCookie(db, v, iDb);
          624  +  sqlite3ChangeCookie(pParse, iDb);
   625    625   
   626    626   exit_begin_add_column:
   627    627     sqlite3SrcListDelete(pSrc);
   628    628     return;
   629    629   }
   630    630   #endif  /* SQLITE_ALTER_TABLE */

Changes to src/attach.c.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains code used to implement the ATTACH and DETACH commands.
    13     13   **
    14         -** $Id: attach.c,v 1.68 2008/01/12 19:03:49 drh Exp $
           14  +** $Id: attach.c,v 1.69 2008/01/17 16:22:15 drh Exp $
    15     15   */
    16     16   #include "sqliteInt.h"
    17     17   
    18     18   #ifndef SQLITE_OMIT_ATTACH
    19     19   /*
    20     20   ** Resolve an expression that was part of an ATTACH or DETACH statement. This
    21     21   ** is slightly different from resolving a normal SQL expression, because simple
................................................................................
   323    323         SQLITE_OK!=(rc = resolveAttachExpr(&sName, pKey))
   324    324     ){
   325    325       pParse->nErr++;
   326    326       goto attach_end;
   327    327     }
   328    328   
   329    329     v = sqlite3GetVdbe(pParse);
   330         -  regArgs = sqlite3GetTempRange(pParse, nFunc);
          330  +  regArgs = sqlite3GetTempRange(pParse, 3);
   331    331     sqlite3ExprCode(pParse, pFilename, regArgs);
   332    332     sqlite3ExprCode(pParse, pDbname, regArgs+1);
   333    333     sqlite3ExprCode(pParse, pKey, regArgs+2);
   334    334   
   335    335     assert( v || db->mallocFailed );
   336    336     if( v ){
   337    337       sqlite3VdbeAddOp3(v, OP_Function, 0, regArgs+3-nFunc, regArgs);

Changes to src/build.c.

    18     18   **     CREATE INDEX
    19     19   **     DROP INDEX
    20     20   **     creating ID lists
    21     21   **     BEGIN TRANSACTION
    22     22   **     COMMIT
    23     23   **     ROLLBACK
    24     24   **
    25         -** $Id: build.c,v 1.466 2008/01/17 02:36:28 drh Exp $
           25  +** $Id: build.c,v 1.467 2008/01/17 16:22:15 drh Exp $
    26     26   */
    27     27   #include "sqliteInt.h"
    28     28   #include <ctype.h>
    29     29   
    30     30   /*
    31     31   ** This routine is called when a new SQL statement is beginning to
    32     32   ** be parsed.  Initialize the pParse structure as needed.
................................................................................
  1273   1273   **
  1274   1274   ** This plan is not completely bullet-proof.  It is possible for
  1275   1275   ** the schema to change multiple times and for the cookie to be
  1276   1276   ** set back to prior value.  But schema changes are infrequent
  1277   1277   ** and the probability of hitting the same cookie value is only
  1278   1278   ** 1 chance in 2^32.  So we're safe enough.
  1279   1279   */
  1280         -void sqlite3ChangeCookie(sqlite3 *db, Vdbe *v, int iDb){
  1281         -  sqlite3VdbeAddOp2(v, OP_Integer, db->aDb[iDb].pSchema->schema_cookie+1, 0);
  1282         -  sqlite3VdbeAddOp2(v, OP_SetCookie, iDb, 0);
         1280  +void sqlite3ChangeCookie(Parse *pParse, int iDb){
         1281  +  int r1 = sqlite3GetTempReg(pParse);
         1282  +  sqlite3 *db = pParse->db;
         1283  +  Vdbe *v = pParse->pVdbe;
         1284  +  sqlite3VdbeAddOp2(v, OP_Integer, db->aDb[iDb].pSchema->schema_cookie+1, r1);
         1285  +  sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, 0, r1);
         1286  +  sqlite3ReleaseTempReg(pParse, r1);
  1283   1287   }
  1284   1288   
  1285   1289   /*
  1286   1290   ** Measure the number of characters needed to output the given
  1287   1291   ** identifier.  The number returned includes any quotes used
  1288   1292   ** but does not include the null terminator.
  1289   1293   **
................................................................................
  1540   1544         p->zName,
  1541   1545         p->zName,
  1542   1546         pParse->regRoot,
  1543   1547         zStmt,
  1544   1548         pParse->regRowid
  1545   1549       );
  1546   1550       sqlite3_free(zStmt);
  1547         -    sqlite3ChangeCookie(db, v, iDb);
         1551  +    sqlite3ChangeCookie(pParse, iDb);
  1548   1552   
  1549   1553   #ifndef SQLITE_OMIT_AUTOINCREMENT
  1550   1554       /* Check to see if we need to create an sqlite_sequence table for
  1551   1555       ** keeping track of autoincrement keys.
  1552   1556       */
  1553   1557       if( p->autoInc ){
  1554   1558         Db *pDb = &db->aDb[iDb];
................................................................................
  2062   2066       /* Remove the table entry from SQLite's internal schema and modify
  2063   2067       ** the schema cookie.
  2064   2068       */
  2065   2069       if( IsVirtual(pTab) ){
  2066   2070         sqlite3VdbeAddOp4(v, OP_VDestroy, iDb, 0, 0, pTab->zName, 0);
  2067   2071       }
  2068   2072       sqlite3VdbeAddOp4(v, OP_DropTable, iDb, 0, 0, pTab->zName, 0);
  2069         -    sqlite3ChangeCookie(db, v, iDb);
         2073  +    sqlite3ChangeCookie(pParse, iDb);
  2070   2074     }
  2071   2075     sqliteViewResetAll(db, iDb);
  2072   2076   
  2073   2077   exit_drop_table:
  2074   2078     sqlite3SrcListDelete(pName);
  2075   2079   }
  2076   2080   
................................................................................
  2684   2688       sqlite3_free(zStmt);
  2685   2689   
  2686   2690       /* Fill the index with data and reparse the schema. Code an OP_Expire
  2687   2691       ** to invalidate all pre-compiled statements.
  2688   2692       */
  2689   2693       if( pTblName ){
  2690   2694         sqlite3RefillIndex(pParse, pIndex, iMem);
  2691         -      sqlite3ChangeCookie(db, v, iDb);
         2695  +      sqlite3ChangeCookie(pParse, iDb);
  2692   2696         sqlite3VdbeAddOp4(v, OP_ParseSchema, iDb, 0, 0,
  2693   2697            sqlite3MPrintf(db, "name='%q'", pIndex->zName), P4_DYNAMIC);
  2694   2698         sqlite3VdbeAddOp1(v, OP_Expire, 0);
  2695   2699       }
  2696   2700     }
  2697   2701   
  2698   2702     /* When adding an index to the list of indices for a table, make
................................................................................
  2836   2840     if( v ){
  2837   2841       sqlite3BeginWriteOperation(pParse, 1, iDb);
  2838   2842       sqlite3NestedParse(pParse,
  2839   2843          "DELETE FROM %Q.%s WHERE name=%Q",
  2840   2844          db->aDb[iDb].zName, SCHEMA_TABLE(iDb),
  2841   2845          pIndex->zName
  2842   2846       );
  2843         -    sqlite3ChangeCookie(db, v, iDb);
         2847  +    sqlite3ChangeCookie(pParse, iDb);
  2844   2848       destroyRootPage(pParse, pIndex->tnum, iDb);
  2845   2849       sqlite3VdbeAddOp4(v, OP_DropIndex, iDb, 0, 0, pIndex->zName, 0);
  2846   2850     }
  2847   2851   
  2848   2852   exit_drop_index:
  2849   2853     sqlite3SrcListDelete(pName);
  2850   2854   }

Changes to src/delete.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** in order to generate code for DELETE FROM statements.
    14     14   **
    15         -** $Id: delete.c,v 1.158 2008/01/17 02:36:28 drh Exp $
           15  +** $Id: delete.c,v 1.159 2008/01/17 16:22:15 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   /*
    20     20   ** Look up every table that is named in pSrc.  If any table is not found,
    21     21   ** add an error message to pParse->zErrMsg and return NULL.  If all tables
    22     22   ** are found, return a pointer to the last table.
................................................................................
   313    313       /* This is the beginning of the delete loop. If a trigger encounters
   314    314       ** an IGNORE constraint, it jumps back to here.
   315    315       */
   316    316       if( triggers_exist ){
   317    317         sqlite3VdbeResolveLabel(v, addr);
   318    318       }
   319    319       addr = sqlite3VdbeAddOp2(v, OP_FifoRead, iRowid, end);
   320         -    sqlite3VdbeAddOp1(v, OP_StackDepth, -1);
   321    320   
   322    321       if( triggers_exist ){
   323    322         int iData = ++pParse->nMem;   /* For storing row data of OLD table */
   324    323   
   325    324         /* If the record is no longer present in the table, jump to the
   326    325         ** next iteration of the loop through the contents of the fifo.
   327    326         */
................................................................................
   454    453     Parse *pParse,     /* Parsing and code generating context */
   455    454     Table *pTab,       /* Table containing the row to be deleted */
   456    455     int iCur,          /* Cursor number for the table */
   457    456     int *aRegIdx       /* Only delete if aRegIdx!=0 && aRegIdx[i]>0 */
   458    457   ){
   459    458     int i;
   460    459     Index *pIdx;
          460  +  int r1;
   461    461   
          462  +  r1 = sqlite3GetTempReg(pParse);
   462    463     for(i=1, pIdx=pTab->pIndex; pIdx; i++, pIdx=pIdx->pNext){
   463    464       if( aRegIdx!=0 && aRegIdx[i-1]==0 ) continue;
   464         -    sqlite3GenerateIndexKey(pParse, pIdx, iCur, 0);
   465         -    sqlite3VdbeAddOp2(pParse->pVdbe, OP_IdxDelete, iCur+i, 0);
          465  +    sqlite3GenerateIndexKey(pParse, pIdx, iCur, r1);
          466  +    sqlite3VdbeAddOp2(pParse->pVdbe, OP_IdxDelete, iCur+i, r1);
   466    467     }
          468  +  sqlite3ReleaseTempReg(pParse, r1);
   467    469   }
   468    470   
   469    471   /*
   470    472   ** Generate code that will assemble an index key and put it on the top
   471    473   ** of the tack.  The key with be for index pIdx which is an index on pTab.
   472    474   ** iCur is the index of a cursor open on the pTab table and pointing to
   473    475   ** the entry that needs indexing.

Changes to src/expr.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains routines used for analyzing expressions and
    13     13   ** for generating VDBE code that evaluates expressions in SQLite.
    14     14   **
    15         -** $Id: expr.c,v 1.346 2008/01/17 02:36:28 drh Exp $
           15  +** $Id: expr.c,v 1.347 2008/01/17 16:22:15 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   #include <ctype.h>
    19     19   
    20     20   /*
    21     21   ** Return the 'affinity' of the expression pExpr if any.
    22     22   **
................................................................................
  1844   1844       memcpy(out, in, 8);
  1845   1845     }
  1846   1846     return out;
  1847   1847   }
  1848   1848   
  1849   1849   /*
  1850   1850   ** Generate an instruction that will put the floating point
  1851         -** value described by z[0..n-1] on the stack.
         1851  +** value described by z[0..n-1] into register iMem.
  1852   1852   **
  1853   1853   ** The z[] string will probably not be zero-terminated.  But the 
  1854   1854   ** z[n] character is guaranteed to be something that does not look
  1855   1855   ** like the continuation of the number.
  1856   1856   */
  1857   1857   static void codeReal(Vdbe *v, const char *z, int n, int negateFlag, int iMem){
  1858   1858     assert( z || v==0 || sqlite3VdbeDb(v)->mallocFailed );
................................................................................
  1866   1866       sqlite3VdbeAddOp4(v, OP_Real, 0, iMem, 0, zV, P4_REAL);
  1867   1867     }
  1868   1868   }
  1869   1869   
  1870   1870   
  1871   1871   /*
  1872   1872   ** Generate an instruction that will put the integer describe by
  1873         -** text z[0..n-1] on the stack.
         1873  +** text z[0..n-1] into register iMem.
  1874   1874   **
  1875   1875   ** The z[] string will probably not be zero-terminated.  But the 
  1876   1876   ** z[n] character is guaranteed to be something that does not look
  1877   1877   ** like the continuation of the number.
  1878   1878   */
  1879   1879   static void codeInteger(Vdbe *v, const char *z, int n, int negFlag, int iMem){
  1880   1880     assert( z || v==0 || sqlite3VdbeDb(v)->mallocFailed );
................................................................................
  1896   1896       }
  1897   1897     }
  1898   1898   }
  1899   1899   
  1900   1900   
  1901   1901   /*
  1902   1902   ** Generate code that will extract the iColumn-th column from
  1903         -** table pTab and store the column value in register iMem, or on
  1904         -** the stack if iMem==0.  There is an open cursor to pTab in 
         1903  +** table pTab and store the column value in register iReg.
         1904  +** There is an open cursor to pTab in 
  1905   1905   ** iTable.  If iColumn<0 then code is generated that extracts the rowid.
  1906   1906   */
  1907   1907   void sqlite3ExprCodeGetColumn(
  1908   1908     Vdbe *v,         /* The VM being created */
  1909   1909     Table *pTab,     /* Description of the table we are reading from */
  1910   1910     int iColumn,     /* Index of the table column */
  1911   1911     int iTable,      /* The cursor pointing to the table */
................................................................................
  1944   1944     int op;                   /* The opcode being coded */
  1945   1945     int inReg = target;       /* Results stored in register inReg */
  1946   1946     int regFree1 = 0;         /* If non-zero free this temporary register */
  1947   1947     int regFree2 = 0;         /* If non-zero free this temporary register */
  1948   1948     int r1, r2, r3;           /* Various register numbers */
  1949   1949   
  1950   1950     assert( v!=0 || pParse->db->mallocFailed );
  1951         -  assert( target>=0 );
         1951  +  assert( target>0 && target<=pParse->nMem );
  1952   1952     if( v==0 ) return 0;
  1953   1953   
  1954   1954     if( pExpr==0 ){
  1955   1955       op = TK_NULL;
  1956   1956     }else{
  1957   1957       op = pExpr->op;
  1958   1958     }
................................................................................
  2413   2413   
  2414   2414   /*
  2415   2415   ** Generate code that will evaluate expression pExpr and store the
  2416   2416   ** results in register target.  The results are guaranteed to appear
  2417   2417   ** in register target.
  2418   2418   */
  2419   2419   int sqlite3ExprCode(Parse *pParse, Expr *pExpr, int target){
  2420         -  int inReg = sqlite3ExprCodeTarget(pParse, pExpr, target);
         2420  +  int inReg;
         2421  +
         2422  +  assert( target>0 && target<=pParse->nMem );
         2423  +  inReg = sqlite3ExprCodeTarget(pParse, pExpr, target);
  2421   2424     assert( pParse->pVdbe || pParse->db->mallocFailed );
  2422   2425     if( inReg!=target && pParse->pVdbe ){
  2423         -    sqlite3VdbeAddOp2(pParse->pVdbe, (inReg>0 ? OP_SCopy : OP_Move), 
  2424         -                      inReg, target);
         2426  +    sqlite3VdbeAddOp2(pParse->pVdbe, OP_SCopy, inReg, target);
  2425   2427     }
  2426   2428     return target;
  2427   2429   }
  2428   2430   
  2429   2431   /*
  2430   2432   ** Generate code that evalutes the given expression and puts the result
  2431   2433   ** in register target.  If target==-1, then allocate a temporary register
................................................................................
  2457   2459     }
  2458   2460     return inReg;
  2459   2461   }
  2460   2462   
  2461   2463   
  2462   2464   /*
  2463   2465   ** Generate code that pushes the value of every element of the given
  2464         -** expression list onto the stack if target==0 or into a sequence of
  2465         -** registers beginning at target.
         2466  +** expression list into a sequence of registers beginning at target.
  2466   2467   **
  2467   2468   ** Return the number of elements evaluated.
  2468   2469   */
  2469   2470   int sqlite3ExprCodeExprList(
  2470   2471     Parse *pParse,     /* Parsing context */
  2471   2472     ExprList *pList,   /* The expression list to be coded */
  2472   2473     int target         /* Where to write results */
  2473   2474   ){
  2474   2475     struct ExprList_item *pItem;
  2475         -  int i, n, incr = 1;
         2476  +  int i, n;
  2476   2477     assert( pList!=0 || pParse->db->mallocFailed );
  2477   2478     if( pList==0 ){
  2478   2479       return 0;
  2479   2480     }
  2480         -  assert( target>=0 );
         2481  +  assert( target>0 );
  2481   2482     n = pList->nExpr;
  2482         -  if( target==0 ){
  2483         -    incr = 0;
  2484         -  }
  2485   2483     for(pItem=pList->a, i=n; i>0; i--, pItem++){
  2486   2484       sqlite3ExprCode(pParse, pItem->pExpr, target);
  2487         -    target += incr; 
         2485  +    target++;
  2488   2486     }
  2489   2487     return n;
  2490   2488   }
  2491   2489   
  2492   2490   /*
  2493   2491   ** Generate code for a boolean expression such that a jump is made
  2494   2492   ** to the label "dest" if the expression is true but execution

Changes to src/insert.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** to handle INSERT statements in SQLite.
    14     14   **
    15         -** $Id: insert.c,v 1.224 2008/01/17 02:36:28 drh Exp $
           15  +** $Id: insert.c,v 1.225 2008/01/17 16:22:15 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   /*
    20     20   ** Set P4 of the most recently inserted opcode to a column affinity
    21     21   ** string for index pIdx. A column affinity string has one character
    22     22   ** for each column in the table, according to the affinity of the column:
................................................................................
   663    663     if( useTempTable ){
   664    664       iBreak = sqlite3VdbeMakeLabel(v);
   665    665       sqlite3VdbeAddOp2(v, OP_Rewind, srcTab, iBreak);
   666    666       iCont = sqlite3VdbeCurrentAddr(v);
   667    667     }else if( pSelect ){
   668    668       sqlite3VdbeAddOp2(v, OP_Goto, 0, iSelectLoop);
   669    669       sqlite3VdbeResolveLabel(v, iInsertBlock);
   670         -    sqlite3VdbeAddOp2(v, OP_StackDepth, -1, 0);
   671    670     }
   672    671   
   673    672     /* Allocate registers for holding the rowid of the new row,
   674    673     ** the content of the new row, and the assemblied row record.
   675    674     */
   676    675     regRecord = ++pParse->nMem;
   677    676     regRowid = regIns = pParse->nMem+1;

Changes to src/pragma.c.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains code used to implement the PRAGMA command.
    13     13   **
    14         -** $Id: pragma.c,v 1.167 2008/01/17 02:36:28 drh Exp $
           14  +** $Id: pragma.c,v 1.168 2008/01/17 16:22:15 drh Exp $
    15     15   */
    16     16   #include "sqliteInt.h"
    17     17   #include <ctype.h>
    18     18   
    19     19   /* Ignore this whole file if pragmas are disabled
    20     20   */
    21     21   #if !defined(SQLITE_OMIT_PRAGMA) && !defined(SQLITE_OMIT_PARSER)
................................................................................
   248    248     const char *zDb = 0;   /* The database name */
   249    249     Token *pId;            /* Pointer to <id> token */
   250    250     int iDb;               /* Database index for <database> */
   251    251     sqlite3 *db = pParse->db;
   252    252     Db *pDb;
   253    253     Vdbe *v = pParse->pVdbe = sqlite3VdbeCreate(db);
   254    254     if( v==0 ) return;
   255         -  pParse->nMem = 1;
          255  +  pParse->nMem = 2;
   256    256   
   257    257     /* Interpret the [database.] part of the pragma statement. iDb is the
   258    258     ** index of the database this pragma is being applied to in db.aDb[]. */
   259    259     iDb = sqlite3TwoPartName(pParse, pId1, pId2, &pId);
   260    260     if( iDb<0 ) return;
   261    261     pDb = &db->aDb[iDb];
   262    262   
................................................................................
   317    317         addr = sqlite3VdbeAddOpList(v, ArraySize(getCacheSize), getCacheSize);
   318    318         sqlite3VdbeChangeP1(v, addr, iDb);
   319    319         sqlite3VdbeChangeP1(v, addr+5, SQLITE_DEFAULT_CACHE_SIZE);
   320    320       }else{
   321    321         int size = atoi(zRight);
   322    322         if( size<0 ) size = -size;
   323    323         sqlite3BeginWriteOperation(pParse, 0, iDb);
   324         -      sqlite3VdbeAddOp1(v, OP_Integer, size);
   325         -      sqlite3VdbeAddOp3(v, OP_ReadCookie, iDb, 0, 2);
   326         -      addr = sqlite3VdbeAddOp2(v, OP_IfPos, 0, 0);
   327         -      sqlite3VdbeAddOp1(v, OP_Integer, -size);
          324  +      sqlite3VdbeAddOp2(v, OP_Integer, size, 1);
          325  +      sqlite3VdbeAddOp3(v, OP_ReadCookie, iDb, 2, 2);
          326  +      addr = sqlite3VdbeAddOp2(v, OP_IfPos, 2, 0);
          327  +      sqlite3VdbeAddOp2(v, OP_Integer, -size, 1);
   328    328         sqlite3VdbeJumpHere(v, addr);
   329         -      sqlite3VdbeAddOp2(v, OP_SetCookie, iDb, 2);
          329  +      sqlite3VdbeAddOp3(v, OP_SetCookie, iDb, 2, 1);
   330    330         pDb->pSchema->cache_size = size;
   331    331         sqlite3BtreeSetCacheSize(pDb->pBt, pDb->pSchema->cache_size);
   332    332       }
   333    333     }else
   334    334   
   335    335     /*
   336    336     **  PRAGMA [database.]page_size
................................................................................
  1105   1105           break;
  1106   1106       }
  1107   1107   
  1108   1108       if( zRight && iDb>=0 ){
  1109   1109         /* Write the specified cookie value */
  1110   1110         static const VdbeOpList setCookie[] = {
  1111   1111           { OP_Transaction,    0,  1,  0},    /* 0 */
  1112         -        { OP_Integer,        0,  0,  0},    /* 1 */
  1113         -        { OP_SetCookie,      0,  0,  0},    /* 2 */
         1112  +        { OP_Integer,        0,  1,  0},    /* 1 */
         1113  +        { OP_SetCookie,      0,  0,  1},    /* 2 */
  1114   1114         };
  1115   1115         int addr = sqlite3VdbeAddOpList(v, ArraySize(setCookie), setCookie);
  1116   1116         sqlite3VdbeChangeP1(v, addr, iDb);
  1117   1117         sqlite3VdbeChangeP1(v, addr+1, atoi(zRight));
  1118   1118         sqlite3VdbeChangeP1(v, addr+2, iDb);
  1119   1119         sqlite3VdbeChangeP2(v, addr+2, iCookie);
  1120   1120       }else{

Changes to src/select.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** to handle SELECT statements in SQLite.
    14     14   **
    15         -** $Id: select.c,v 1.403 2008/01/17 02:36:28 drh Exp $
           15  +** $Id: select.c,v 1.404 2008/01/17 16:22:15 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   
    20     20   /*
    21     21   ** Delete all the content of a Select structure but do not deallocate
    22     22   ** the select structure itself.
................................................................................
   579    579   
   580    580     switch( eDest ){
   581    581       /* In this mode, write each query result to the key of the temporary
   582    582       ** table iParm.
   583    583       */
   584    584   #ifndef SQLITE_OMIT_COMPOUND_SELECT
   585    585       case SRT_Union: {
   586         -      sqlite3VdbeAddOp2(v, OP_MakeRecord, iMem, nColumn);
          586  +      int r1;
          587  +      r1 = sqlite3GetTempReg(pParse);
          588  +      sqlite3VdbeAddOp3(v, OP_MakeRecord, iMem, nColumn, r1);
   587    589         if( aff ){
   588    590           sqlite3VdbeChangeP4(v, -1, aff, P4_STATIC);
   589    591         }
   590         -      sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, 0);
          592  +      sqlite3VdbeAddOp2(v, OP_IdxInsert, iParm, r1);
          593  +      sqlite3ReleaseTempReg(pParse, r1);
   591    594         break;
   592    595       }
   593    596   
   594    597       /* Construct a record from the query result, but instead of
   595    598       ** saving that record, use it as a key to delete elements from
   596    599       ** the temporary table iParm.
   597    600       */
   598    601       case SRT_Except: {
   599         -      int addr;
   600         -      addr = sqlite3VdbeAddOp2(v, OP_MakeRecord, iMem, nColumn);
          602  +      int addr, r1;
          603  +      r1 = sqlite3GetTempReg(pParse);
          604  +      addr = sqlite3VdbeAddOp3(v, OP_MakeRecord, iMem, nColumn, r1);
   601    605         sqlite3VdbeChangeP4(v, -1, aff, P4_STATIC);
   602         -      sqlite3VdbeAddOp2(v, OP_NotFound, iParm, addr+3);
   603         -      sqlite3VdbeAddOp2(v, OP_Delete, iParm, 0);
          606  +      sqlite3VdbeAddOp3(v, OP_NotFound, iParm, addr+3, r1);
          607  +      sqlite3VdbeAddOp1(v, OP_Delete, iParm);
          608  +      sqlite3ReleaseTempReg(pParse, r1);
   604    609         break;
   605    610       }
   606    611   #endif
   607    612   
   608    613       /* Store the result as data using a unique key.
   609    614       */
   610    615       case SRT_Table:
................................................................................
  2063   2068       }
  2064   2069       case TK_INTERSECT: {
  2065   2070         int tab1, tab2;
  2066   2071         int iCont, iBreak, iStart;
  2067   2072         Expr *pLimit, *pOffset;
  2068   2073         int addr;
  2069   2074         SelectDest intersectdest;
         2075  +      int r1;
  2070   2076   
  2071   2077         /* INTERSECT is different from the others since it requires
  2072   2078         ** two temporary tables.  Hence it has its own case.  Begin
  2073   2079         ** by allocating the tables we will need.
  2074   2080         */
  2075   2081         tab1 = pParse->nTab++;
  2076   2082         tab2 = pParse->nTab++;
................................................................................
  2123   2129           while( pFirst->pPrior ) pFirst = pFirst->pPrior;
  2124   2130           generateColumnNames(pParse, 0, pFirst->pEList);
  2125   2131         }
  2126   2132         iBreak = sqlite3VdbeMakeLabel(v);
  2127   2133         iCont = sqlite3VdbeMakeLabel(v);
  2128   2134         computeLimitRegisters(pParse, p, iBreak);
  2129   2135         sqlite3VdbeAddOp2(v, OP_Rewind, tab1, iBreak);
  2130         -      iStart = sqlite3VdbeAddOp1(v, OP_RowKey, tab1);
  2131         -      sqlite3VdbeAddOp2(v, OP_NotFound, tab2, iCont);
         2136  +      r1 = sqlite3GetTempReg(pParse);
         2137  +      iStart = sqlite3VdbeAddOp2(v, OP_RowKey, tab1, r1);
         2138  +      sqlite3VdbeAddOp3(v, OP_NotFound, tab2, iCont, r1);
         2139  +      sqlite3ReleaseTempReg(pParse, r1);
  2132   2140         rc = selectInnerLoop(pParse, p, p->pEList, tab1, p->pEList->nExpr,
  2133   2141                                pOrderBy, -1, &dest, iCont, iBreak, 0);
  2134   2142         if( rc ){
  2135   2143           rc = 1;
  2136   2144           goto multi_select_end;
  2137   2145         }
  2138   2146         sqlite3VdbeResolveLabel(v, iCont);

Changes to src/sqliteInt.h.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** Internal interface definitions for SQLite.
    13     13   **
    14         -** @(#) $Id: sqliteInt.h,v 1.650 2008/01/17 02:36:28 drh Exp $
           14  +** @(#) $Id: sqliteInt.h,v 1.651 2008/01/17 16:22:15 drh Exp $
    15     15   */
    16     16   #ifndef _SQLITEINT_H_
    17     17   #define _SQLITEINT_H_
    18     18   
    19     19   /*
    20     20   ** The macro unlikely() is a hint that surrounds a boolean
    21     21   ** expression that is usually false.  Macro likely() surrounds
................................................................................
  1815   1815   Select *sqlite3SelectDup(sqlite3*,Select*);
  1816   1816   FuncDef *sqlite3FindFunction(sqlite3*,const char*,int,int,u8,int);
  1817   1817   void sqlite3RegisterBuiltinFunctions(sqlite3*);
  1818   1818   void sqlite3RegisterDateTimeFunctions(sqlite3*);
  1819   1819   int sqlite3SafetyOn(sqlite3*);
  1820   1820   int sqlite3SafetyOff(sqlite3*);
  1821   1821   int sqlite3SafetyCheck(sqlite3*);
  1822         -void sqlite3ChangeCookie(sqlite3*, Vdbe*, int);
         1822  +void sqlite3ChangeCookie(Parse*, int);
  1823   1823   
  1824   1824   #ifndef SQLITE_OMIT_TRIGGER
  1825   1825     void sqlite3BeginTrigger(Parse*, Token*,Token*,int,int,IdList*,SrcList*,
  1826   1826                              Expr*,int, int);
  1827   1827     void sqlite3FinishTrigger(Parse*, TriggerStep*, Token*);
  1828   1828     void sqlite3DropTrigger(Parse*, SrcList*, int);
  1829   1829     void sqlite3DropTriggerPtr(Parse*, Trigger*);

Changes to src/trigger.c.

   236    236       sqlite3BeginWriteOperation(pParse, 0, iDb);
   237    237       z = sqlite3DbStrNDup(db, (char*)pAll->z, pAll->n);
   238    238       sqlite3NestedParse(pParse,
   239    239          "INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')",
   240    240          db->aDb[iDb].zName, SCHEMA_TABLE(iDb), pTrig->name,
   241    241          pTrig->table, z);
   242    242       sqlite3_free(z);
   243         -    sqlite3ChangeCookie(db, v, iDb);
          243  +    sqlite3ChangeCookie(pParse, iDb);
   244    244       sqlite3VdbeAddOp4(v, OP_ParseSchema, iDb, 0, 0, sqlite3MPrintf(
   245    245           db, "type='trigger' AND name='%q'", pTrig->name), P4_DYNAMIC
   246    246       );
   247    247     }
   248    248   
   249    249     if( db->init.busy ){
   250    250       int n;
................................................................................
   534    534       };
   535    535   
   536    536       sqlite3BeginWriteOperation(pParse, 0, iDb);
   537    537       sqlite3OpenMasterTable(pParse, iDb);
   538    538       base = sqlite3VdbeAddOpList(v,  ArraySize(dropTrigger), dropTrigger);
   539    539       sqlite3VdbeChangeP4(v, base+1, pTrigger->name, 0);
   540    540       sqlite3VdbeChangeP4(v, base+4, "trigger", P4_STATIC);
   541         -    sqlite3ChangeCookie(db, v, iDb);
          541  +    sqlite3ChangeCookie(pParse, iDb);
   542    542       sqlite3VdbeAddOp2(v, OP_Close, 0, 0);
   543    543       sqlite3VdbeAddOp4(v, OP_DropTrigger, iDb, 0, 0, pTrigger->name, 0);
   544    544     }
   545    545   }
   546    546   
   547    547   /*
   548    548   ** Remove a trigger from the hash tables of the sqlite* pointer.

Changes to src/update.c.

     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains C code routines that are called by the parser
    13     13   ** to handle UPDATE statements.
    14     14   **
    15         -** $Id: update.c,v 1.168 2008/01/17 02:36:28 drh Exp $
           15  +** $Id: update.c,v 1.169 2008/01/17 16:22:15 drh Exp $
    16     16   */
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   #ifndef SQLITE_OMIT_VIRTUALTABLE
    20     20   /* Forward declaration */
    21     21   static void updateVirtualTable(
    22     22     Parse *pParse,       /* The parsing context */
................................................................................
   397    397     /* Jump back to this point if a trigger encounters an IGNORE constraint. */
   398    398     if( triggers_exist ){
   399    399       sqlite3VdbeResolveLabel(v, addr);
   400    400     }
   401    401   
   402    402     /* Top of the update loop */
   403    403     addr = sqlite3VdbeAddOp2(v, OP_FifoRead, regOldRowid, 0);
   404         -  sqlite3VdbeAddOp2(v, OP_StackDepth, -1, 0);
   405    404   
   406    405     if( triggers_exist ){
   407    406       int regRowid;
   408    407       int regRow;
   409    408       int regCols;
   410    409   
   411    410       /* Make cursor iCur point to the record that is being updated.

Changes to src/vdbe.c.

    18     18   ** In the external interface, an "sqlite3_stmt*" is an opaque pointer
    19     19   ** to a VDBE.
    20     20   **
    21     21   ** The SQL parser generates a program which is then executed by
    22     22   ** the VDBE to do the work of the SQL statement.  VDBE programs are 
    23     23   ** similar in form to assembly language.  The program consists of
    24     24   ** a linear sequence of operations.  Each operation has an opcode 
    25         -** and 3 operands.  Operands P1 and P2 are integers.  Operand P4 
    26         -** is a null-terminated string.   The P2 operand must be non-negative.
    27         -** Opcodes will typically ignore one or more operands.  Many opcodes
    28         -** ignore all three operands.
           25  +** and 5 operands.  Operands P1, P2, and P3 are integers.  Operand P4 
           26  +** is a null-terminated string.  Operand P5 is an unsigned character.
           27  +** Few opcodes use all 5 operands.
    29     28   **
    30         -** Computation results are stored on a stack.  Each entry on the
    31         -** stack is either an integer, a null-terminated string, a floating point
           29  +** Computation results are stored on a set of registers numbered beginning
           30  +** with 1 and going up to Vdbe.nMem.  Each register can store
           31  +** either an integer, a null-terminated string, a floating point
    32     32   ** number, or the SQL "NULL" value.  An inplicit conversion from one
    33     33   ** type to the other occurs as necessary.
    34     34   ** 
    35     35   ** Most of the code in this file is taken up by the sqlite3VdbeExec()
    36     36   ** function which does the work of interpreting a VDBE program.
    37     37   ** But other routines are also provided to help in building up
    38     38   ** a program instruction by instruction.
................................................................................
    39     39   **
    40     40   ** Various scripts scan this source file in order to generate HTML
    41     41   ** documentation, headers files, or other derived files.  The formatting
    42     42   ** of the code in this file is, therefore, important.  See other comments
    43     43   ** in this file for details.  If in doubt, do not deviate from existing
    44     44   ** commenting and indentation practices when changing or adding code.
    45     45   **
    46         -** $Id: vdbe.c,v 1.697 2008/01/17 02:36:28 drh Exp $
           46  +** $Id: vdbe.c,v 1.698 2008/01/17 16:22:15 drh Exp $
    47     47   */
    48     48   #include "sqliteInt.h"
    49     49   #include <ctype.h>
    50     50   #include "vdbeInt.h"
    51     51   
    52     52   /*
    53     53   ** The following global variable is incremented every time a cursor
................................................................................
    81     81   */
    82     82   #ifdef SQLITE_TEST
    83     83   int sqlite3_sort_count = 0;
    84     84   #endif
    85     85   
    86     86   /*
    87     87   ** The next global variable records the size of the largest MEM_Blob
    88         -** or MEM_Str that has appeared on the VDBE stack.  The test procedures
           88  +** or MEM_Str that has been used by a VDBE opcode.  The test procedures
    89     89   ** use this information to make sure that the zero-blob functionality
    90     90   ** is working correctly.   This variable has no function other than to
    91     91   ** help verify the correct operation of the library.
    92     92   */
    93     93   #ifdef SQLITE_TEST
    94     94   int sqlite3_max_blobsize = 0;
    95     95   #endif
................................................................................
   103    103                                         && (P)->n>sqlite3_max_blobsize ) \
   104    104                                             {sqlite3_max_blobsize = (P)->n;}
   105    105   #else
   106    106   # define UPDATE_MAX_BLOBSIZE(P)
   107    107   #endif
   108    108   
   109    109   /*
   110         -** Release the memory associated with the given stack level.  This
          110  +** Release the memory associated with a register.  This
   111    111   ** leaves the Mem.flags field in an inconsistent state.
   112    112   */
   113    113   #define Release(P) if((P)->flags&MEM_Dyn){ sqlite3VdbeMemRelease(P); }
   114    114   
   115    115   /*
   116         -** Convert the given stack entity into a string if it isn't one
          116  +** Convert the given register into a string if it isn't one
   117    117   ** already. Return non-zero if a malloc() fails.
   118    118   */
   119    119   #define Stringify(P, enc) \
   120    120      if(((P)->flags&(MEM_Str|MEM_Blob))==0 && sqlite3VdbeMemStringify(P,enc)) \
   121    121        { goto no_mem; }
   122    122   
   123    123   /*
................................................................................
   136    136   **
   137    137   */
   138    138   #define GetVarint(A,B)  ((B = *(A))<=0x7f ? 1 : sqlite3GetVarint32(A, &B))
   139    139   
   140    140   /*
   141    141   ** An ephemeral string value (signified by the MEM_Ephem flag) contains
   142    142   ** a pointer to a dynamically allocated string where some other entity
   143         -** is responsible for deallocating that string.  Because the stack entry
   144         -** does not control the string, it might be deleted without the stack
   145         -** entry knowing it.
          143  +** is responsible for deallocating that string.  Because the register
          144  +** does not control the string, it might be deleted without the register
          145  +** knowing it.
   146    146   **
   147    147   ** This routine converts an ephemeral string into a dynamically allocated
   148         -** string that the stack entry itself controls.  In other words, it
          148  +** string that the register itself controls.  In other words, it
   149    149   ** converts an MEM_Ephem string into an MEM_Dyn string.
   150    150   */
   151    151   #define Deephemeralize(P) \
   152    152      if( ((P)->flags&MEM_Ephem)!=0 \
   153    153          && sqlite3VdbeMemMakeWriteable(P) ){ goto no_mem;}
   154    154   
   155    155   /*
   156    156   ** Call sqlite3VdbeMemExpandBlob() on the supplied value (type Mem*)
   157    157   ** P if required.
   158    158   */
   159    159   #define ExpandBlob(P) (((P)->flags&MEM_Zero)?sqlite3VdbeMemExpandBlob(P):0)
   160    160   
   161    161   /*
   162         -** Argument pMem points at a memory cell that will be passed to a
          162  +** Argument pMem points at a regiser that will be passed to a
   163    163   ** user-defined function or returned to the user as the result of a query.
   164    164   ** The second argument, 'db_enc' is the text encoding used by the vdbe for
   165         -** stack variables.  This routine sets the pMem->enc and pMem->type
          165  +** register variables.  This routine sets the pMem->enc and pMem->type
   166    166   ** variables used by the sqlite3_value_*() routines.
   167    167   */
   168    168   #define storeTypeInfo(A,B) _storeTypeInfo(A)
   169    169   static void _storeTypeInfo(Mem *pMem){
   170    170     int flags = pMem->flags;
   171    171     if( flags & MEM_Null ){
   172    172       pMem->type = SQLITE_NULL;
................................................................................
   186    186   
   187    187   /*
   188    188   ** Properties of opcodes.  The OPFLG_INITIALIZER macro is
   189    189   ** created by mkopcodeh.awk during compilation.  Data is obtained
   190    190   ** from the comments following the "case OP_xxxx:" statements in
   191    191   ** this file.  
   192    192   */
   193         -static unsigned short opcodeProperty[] = OPFLG_INITIALIZER;
          193  +static unsigned char opcodeProperty[] = OPFLG_INITIALIZER;
   194    194   
   195    195   /*
   196    196   ** Return true if an opcode has any of the OPFLG_xxx properties
   197    197   ** specified by mask.
   198    198   */
   199    199   int sqlite3VdbeOpcodeHasProperty(int opcode, int mask){
   200    200     assert( opcode>0 && opcode<sizeof(opcodeProperty) );
   201    201     return (opcodeProperty[opcode]&mask)!=0;
   202    202   }
   203    203   
   204         -/*
   205         -** Pop the stack N times.
   206         -*/
   207         -static void popStack(Mem **ppTos, int N){
   208         -  Mem *pTos = *ppTos;
   209         -  while( N>0 ){
   210         -    N--;
   211         -    Release(pTos);
   212         -    pTos--;
   213         -  }
   214         -  *ppTos = pTos;
   215         -}
   216         -
   217    204   /*
   218    205   ** Allocate cursor number iCur.  Return a pointer to it.  Return NULL
   219    206   ** if we run out of memory.
   220    207   */
   221    208   static Cursor *allocateCursor(Vdbe *p, int iCur, int iDb){
   222    209     Cursor *pCx;
   223    210     assert( iCur<p->nCursor );
................................................................................
   507    494     Vdbe *p                    /* The VDBE */
   508    495   ){
   509    496     int pc;                    /* The program counter */
   510    497     Op *pOp;                   /* Current operation */
   511    498     int rc = SQLITE_OK;        /* Value to return */
   512    499     sqlite3 *db = p->db;       /* The database */
   513    500     u8 encoding = ENC(db);     /* The database encoding */
   514         -  Mem *pTos;                 /* Top entry in the operand stack */
   515    501     Mem *pIn1, *pIn2, *pIn3;   /* Input operands */
   516    502     Mem *pOut;                 /* Output operand */
   517         -  int nPop = 0;              /* Number of times to pop the stack */
   518    503     u8 opProperty;
   519    504   #ifdef VDBE_PROFILE
   520    505     unsigned long long start;  /* CPU clock count at start of opcode */
   521    506     int origPc;                /* Program counter at start of opcode */
   522    507   #endif
   523    508   #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   524    509     int nProgressOps = 0;      /* Opcodes executed since progress callback. */
   525    510   #endif
   526         -#ifndef NDEBUG
   527         -  Mem *pStackLimit;
   528         -#endif
   529    511   
   530    512     if( p->magic!=VDBE_MAGIC_RUN ) return SQLITE_MISUSE;
   531    513     assert( db->magic==SQLITE_MAGIC_BUSY );
   532         -  pTos = p->pTos;
   533    514     sqlite3BtreeMutexArrayEnter(&p->aMutex);
   534    515     if( p->rc==SQLITE_NOMEM ){
   535    516       /* This happens if a malloc() inside a call to sqlite3_column_text() or
   536    517       ** sqlite3_column_text16() failed.  */
   537    518       goto no_mem;
   538    519     }
   539    520     assert( p->rc==SQLITE_OK || p->rc==SQLITE_BUSY );
   540    521     p->rc = SQLITE_OK;
   541    522     assert( p->explain==0 );
   542         -  if( p->popStack ){
   543         -    popStack(&pTos, p->popStack);
   544         -    p->popStack = 0;
   545         -  }
   546    523     p->pResultSet = 0;
   547    524     db->busyHandler.nBusy = 0;
   548    525     CHECK_FOR_INTERRUPT;
   549    526     sqlite3VdbeIOTraceSql(p);
   550    527   #ifdef SQLITE_DEBUG
   551    528     if( p->pc==0 && ((p->db->flags & SQLITE_VdbeListing)!=0
   552    529       || sqlite3OsAccess(db->pVfs, "vdbe_explain", SQLITE_ACCESS_EXISTS))
................................................................................
   560    537     }
   561    538     if( sqlite3OsAccess(db->pVfs, "vdbe_trace", SQLITE_ACCESS_EXISTS) ){
   562    539       p->trace = stdout;
   563    540     }
   564    541   #endif
   565    542     for(pc=p->pc; rc==SQLITE_OK; pc++){
   566    543       assert( pc>=0 && pc<p->nOp );
   567         -    assert( pTos<=&p->aStack[pc] );
   568    544       if( db->mallocFailed ) goto no_mem;
   569    545   #ifdef VDBE_PROFILE
   570    546       origPc = pc;
   571    547       start = hwtime();
   572    548   #endif
   573    549       pOp = &p->aOp[pc];
   574    550   
................................................................................
   620    596           }
   621    597           nProgressOps = 0;
   622    598         }
   623    599         nProgressOps++;
   624    600       }
   625    601   #endif
   626    602   
   627         -#ifndef NDEBUG
   628         -    /* This is to check to make sure that the OPFLG_PUSH property
   629         -    ** is set correctly on all opcodes.
   630         -    */ 
   631         -    pStackLimit = pTos;
   632         -    if( sqlite3VdbeOpcodeHasProperty(pOp->opcode, OPFLG_PUSH) ){
   633         -      pStackLimit++;
   634         -    }
   635         -    assert( pTos>=&p->aStack[-1] && pTos<=pStackLimit );
   636         -#endif
   637         -
   638    603       /* Do common setup processing for any opcode that is marked
   639    604       ** with the "out2-prerelease" tag.  Such opcodes have a single
   640         -    ** output which is specified by the P2 parameter.  The output
   641         -    ** is normally written into the P2-th register.  But if P2==0
   642         -    ** then the output is pushed onto the stack.  The P2 operand
          605  +    ** output which is specified by the P2 parameter.  The P2 register
   643    606       ** is initialized to a NULL.
   644    607       */
   645    608       opProperty = opcodeProperty[pOp->opcode];
   646    609       if( (opProperty & OPFLG_OUT2_PRERELEASE)!=0 ){
   647         -      assert( pOp->p2>=0 );
   648         -      if( pOp->p2==0 ){
   649         -        pOut = ++pTos;
   650         -      }else{
   651         -        assert( pOp->p2<=p->nMem );
   652         -        pOut = &p->aMem[pOp->p2];
   653         -        sqlite3VdbeMemRelease(pOut);
   654         -      }
          610  +      assert( pOp->p2>0 );
          611  +      assert( pOp->p2<=p->nMem );
          612  +      pOut = &p->aMem[pOp->p2];
          613  +      sqlite3VdbeMemRelease(pOut);
   655    614         pOut->flags = MEM_Null;
   656    615       }else
   657    616    
   658    617       /* Do common setup for opcodes marked with one of the following
   659    618       ** combinations of properties.
   660    619       **
   661    620       **           in1
   662    621       **           in1 in2
   663    622       **           in1 in2 out3
   664    623       **           in1 in3
   665    624       **           in1 out2
   666    625       **
   667         -    ** Variables pIn1 and pIn2 are made to point to the first two
   668         -    ** inputs and pOut points to the output.  Variable nPop holds the
   669         -    ** number of times that the stack should be popped after the
   670         -    ** the instruction.
          626  +    ** Variables pIn1, pIn2, and pIn3 are made to point to appropriate
          627  +    ** registers for inputs.  Variable pOut points to the output register.
   671    628       */
   672    629       if( (opProperty & OPFLG_IN1)!=0 ){
   673         -      assert( pOp->p1>=0 );
   674         -      if( pOp->p1==0 ){
   675         -        pIn1 = pTos;
   676         -        nPop = 1;
   677         -      }else{
   678         -        assert( pOp->p1<=p->nMem );
   679         -        pIn1 = &p->aMem[pOp->p1];
   680         -        REGISTER_TRACE(pOp->p1, pIn1);
   681         -      }
          630  +      assert( pOp->p1>0 );
          631  +      assert( pOp->p1<=p->nMem );
          632  +      pIn1 = &p->aMem[pOp->p1];
          633  +      REGISTER_TRACE(pOp->p1, pIn1);
   682    634         if( (opProperty & OPFLG_IN2)!=0 ){
   683         -        assert( pOp->p2>=0 );
   684         -        if( pOp->p2==0 ){
   685         -          pIn2 = &pTos[-nPop];
   686         -          nPop++;
   687         -        }else{
   688         -          assert( pOp->p2<=p->nMem );
   689         -          pIn2 = &p->aMem[pOp->p2];
   690         -          REGISTER_TRACE(pOp->p2, pIn2);
   691         -        }
   692         -        if( (opProperty & OPFLG_OUT3)!=0 ){
   693         -          assert( pOp->p3>=0 );
   694         -          if( pOp->p3==0 ){
   695         -            nPop--;
   696         -            if( nPop<0 ){
   697         -              assert( nPop==(-1) );
   698         -              pTos++;
   699         -              nPop = 0;
   700         -            }
   701         -            pOut = &pTos[-nPop];
   702         -          }else{
   703         -            assert( pOp->p3<=p->nMem );
   704         -            pOut = &p->aMem[pOp->p3];
   705         -          }
   706         -        }
   707         -      }else if( (opProperty & OPFLG_IN3)!=0 ){
   708         -        assert( pOp->p3>=0 );
   709         -        if( pOp->p3==0 ){
   710         -          pIn3 = &pTos[-nPop];
   711         -          nPop++;
   712         -        }else{
   713         -          assert( pOp->p3<=p->nMem );
   714         -          pIn3 = &p->aMem[pOp->p3];
   715         -          REGISTER_TRACE(pOp->p3, pIn3);
   716         -        }
   717         -      }else if( (opProperty & OPFLG_OUT2)!=0 ){
   718         -        assert( pOp->p2>=0 );
   719         -        if( pOp->p2==0 ){
   720         -          nPop--;
   721         -          if( nPop<0 ){
   722         -            assert( nPop==(-1) );
   723         -            pTos++;
   724         -            nPop = 0;
   725         -          }
   726         -          pOut = &pTos[-nPop];
   727         -        }else{
   728         -          assert( pOp->p2<=p->nMem );
   729         -          pOut = &p->aMem[pOp->p2];
   730         -        }
   731         -      }
   732         -    }else if( (opProperty & OPFLG_IN2)!=0 ){
   733         -      assert( pOp->p2>=0 );
   734         -      if( pOp->p2==0 ){
   735         -        pIn2 = pTos;
   736         -        nPop = 1;
   737         -      }else{
          635  +        assert( pOp->p2>0 );
   738    636           assert( pOp->p2<=p->nMem );
   739    637           pIn2 = &p->aMem[pOp->p2];
   740    638           REGISTER_TRACE(pOp->p2, pIn2);
   741         -      }
   742         -    }else if( (opProperty & OPFLG_IN3)!=0 ){
   743         -      assert( pOp->p3>=0 );
   744         -      if( pOp->p3==0 ){
   745         -        pIn3 = pTos;
   746         -        nPop = 1;
   747         -      }else{
          639  +        if( (opProperty & OPFLG_OUT3)!=0 ){
          640  +          assert( pOp->p3>0 );
          641  +          assert( pOp->p3<=p->nMem );
          642  +          pOut = &p->aMem[pOp->p3];
          643  +        }
          644  +      }else if( (opProperty & OPFLG_IN3)!=0 ){
          645  +        assert( pOp->p3>0 );
   748    646           assert( pOp->p3<=p->nMem );
   749    647           pIn3 = &p->aMem[pOp->p3];
   750    648           REGISTER_TRACE(pOp->p3, pIn3);
          649  +      }else if( (opProperty & OPFLG_OUT2)!=0 ){
          650  +        assert( pOp->p2>0 );
          651  +        assert( pOp->p2<=p->nMem );
          652  +        pOut = &p->aMem[pOp->p2];
   751    653         }
          654  +    }else if( (opProperty & OPFLG_IN2)!=0 ){
          655  +      assert( pOp->p2>0 );
          656  +      assert( pOp->p2<=p->nMem );
          657  +      pIn2 = &p->aMem[pOp->p2];
          658  +      REGISTER_TRACE(pOp->p2, pIn2);
          659  +    }else if( (opProperty & OPFLG_IN3)!=0 ){
          660  +      assert( pOp->p3>0 );
          661  +      assert( pOp->p3<=p->nMem );
          662  +      pIn3 = &p->aMem[pOp->p3];
          663  +      REGISTER_TRACE(pOp->p3, pIn3);
   752    664       }
   753    665   
   754    666       switch( pOp->opcode ){
   755    667   
   756    668   /*****************************************************************************
   757    669   ** What follows is a massive switch statement where each case implements a
   758    670   ** separate instruction in the virtual machine.  If we follow the usual
................................................................................
   767    679   ** file looking for lines that begin with "case OP_".  The opcodes.h files
   768    680   ** will be filled with #defines that give unique integer values to each
   769    681   ** opcode and the opcodes.c file is filled with an array of strings where
   770    682   ** each string is the symbolic name for the corresponding opcode.  If the
   771    683   ** case statement is followed by a comment of the form "/# same as ... #/"
   772    684   ** that comment is used to determine the particular value of the opcode.
   773    685   **
   774         -** If a comment on the same line as the "case OP_" construction contains
   775         -** the word "no-push", then the opcode is guarenteed not to grow the 
   776         -** vdbe stack when it is executed. See function opcode() in
   777         -** vdbeaux.c for details.
          686  +** Other keywords in the comment that follows each case are used to
          687  +** construct the OPFLG_INITIALIZER value that initializes opcodeProperty[].
          688  +** Keywords include: in1, in2, in3, out2_prerelease, out2, out3.  See
          689  +** the mkopcodeh.awk script for additional information.
   778    690   **
   779    691   ** Documentation about VDBE opcodes is generated by scanning this file
   780    692   ** for lines of that contain "Opcode:".  That line and all subsequent
   781    693   ** comment lines are used in the generation of the opcode.html documentation
   782    694   ** file.
   783    695   **
   784    696   ** SUMMARY:
   785    697   **
   786    698   **     Formatting is important to scripts that scan this file.
   787    699   **     Do not deviate from the formatting style currently in use.
   788    700   **
   789    701   *****************************************************************************/
   790    702   
   791         -/* Opcode:  Goto * P2 *
          703  +/* Opcode:  Goto * P2 * * *
   792    704   **
   793    705   ** An unconditional jump to address P2.
   794    706   ** The next instruction executed will be 
   795    707   ** the one at index P2 from the beginning of
   796    708   ** the program.
   797    709   */
   798         -case OP_Goto: {             /* no-push, jump */
          710  +case OP_Goto: {             /* jump */
   799    711     CHECK_FOR_INTERRUPT;
   800    712     pc = pOp->p2 - 1;
   801    713     break;
   802    714   }
   803    715   
   804         -/* Opcode:  Gosub * P2 *
          716  +/* Opcode:  Gosub * P2 * * *
   805    717   **
   806    718   ** Push the current address plus 1 onto the return address stack
   807    719   ** and then jump to address P2.
   808    720   **
   809    721   ** The return address stack is of limited depth.  If too many
   810    722   ** OP_Gosub operations occur without intervening OP_Returns, then
   811    723   ** the return address stack will fill up and processing will abort
   812    724   ** with a fatal error.
   813    725   */
   814         -case OP_Gosub: {            /* no-push, jump */
          726  +case OP_Gosub: {            /* jump */
   815    727     assert( p->returnDepth<sizeof(p->returnStack)/sizeof(p->returnStack[0]) );
   816    728     p->returnStack[p->returnDepth++] = pc+1;
   817    729     pc = pOp->p2 - 1;
   818    730     break;
   819    731   }
   820    732   
   821         -/* Opcode:  Return * * *
          733  +/* Opcode:  Return * * * * *
   822    734   **
   823    735   ** Jump immediately to the next instruction after the last unreturned
   824    736   ** OP_Gosub.  If an OP_Return has occurred for all OP_Gosubs, then
   825    737   ** processing aborts with a fatal error.
   826    738   */
   827         -case OP_Return: {           /* no-push */
          739  +case OP_Return: {
   828    740     assert( p->returnDepth>0 );
   829    741     p->returnDepth--;
   830    742     pc = p->returnStack[p->returnDepth] - 1;
   831    743     break;
   832    744   }
   833    745   
   834         -/* Opcode:  Halt P1 P2 P4
          746  +/* Opcode:  Halt P1 P2 * P4 *
   835    747   **
   836    748   ** Exit immediately.  All open cursors, Fifos, etc are closed
   837    749   ** automatically.
   838    750   **
   839    751   ** P1 is the result code returned by sqlite3_exec(), sqlite3_reset(),
   840    752   ** or sqlite3_finalize().  For a normal halt, this should be SQLITE_OK (0).
   841    753   ** For errors, it can be some other value.  If P1!=0 then P2 will determine
................................................................................
   846    758   **
   847    759   ** If P4 is not null then it is an error message string.
   848    760   **
   849    761   ** There is an implied "Halt 0 0 0" instruction inserted at the very end of
   850    762   ** every program.  So a jump past the last instruction of the program
   851    763   ** is the same as executing Halt.
   852    764   */
   853         -case OP_Halt: {            /* no-push */
   854         -  p->pTos = pTos;
          765  +case OP_Halt: {
   855    766     p->rc = pOp->p1;
   856    767     p->pc = pc;
   857    768     p->errorAction = pOp->p2;
   858    769     if( pOp->p4.z ){
   859    770       sqlite3SetString(&p->zErrMsg, pOp->p4.z, (char*)0);
   860    771     }
   861    772     rc = sqlite3VdbeHalt(p);
................................................................................
   864    775       p->rc = rc = SQLITE_BUSY;
   865    776     }else{
   866    777       rc = p->rc ? SQLITE_ERROR : SQLITE_DONE;
   867    778     }
   868    779     goto vdbe_return;
   869    780   }
   870    781   
   871         -/* Opcode:  StackDepth P1 * *
   872         -**
   873         -** If P1 is less than zero, then store the current stack depth
   874         -** in P1.  If P1 is zero or greater, verify that the current stack
   875         -** depth is equal to P1 and throw an exception if it is not.
   876         -**
   877         -** This opcode is used for internal consistency checking.
   878         -*/
   879         -case OP_StackDepth: {       /* no-push */
   880         -  int n = pTos - p->aStack + 1;
   881         -  if( pOp->p1<0 ){
   882         -    pOp->p1 = n;
   883         -  }else if( pOp->p1!=n ){
   884         -    p->pTos = pTos;
   885         -    p->rc = rc = SQLITE_INTERNAL;
   886         -    p->pc = pc;
   887         -    p->errorAction = OE_Rollback;
   888         -    sqlite3SetString(&p->zErrMsg, "internal error: VDBE stack leak", (char*)0);
   889         -    goto vdbe_return;
   890         -  }
   891         -  break;
   892         -}
   893         -
   894    782   /* Opcode: Integer P1 P2 * * *
   895    783   **
   896         -** The 32-bit integer value P1 is written into register P2, or 
   897         -** pushed onto the stack if P2==0.
          784  +** The 32-bit integer value P1 is written into register P2.
   898    785   */
   899    786   case OP_Integer: {         /* out2-prerelease */
   900    787     pOut->flags = MEM_Int;
   901    788     pOut->u.i = pOp->p1;
   902    789     break;
   903    790   }
   904    791   
   905    792   /* Opcode: Int64 * P2 * P4 *
   906    793   **
   907    794   ** P4 is a pointer to a 64-bit integer value.
   908         -** Write that value into register P2 or push onto the stack if P2 is 0.
          795  +** Write that value into register P2.
   909    796   */
   910    797   case OP_Int64: {           /* out2-prerelease */
   911    798     assert( pOp->p4.pI64!=0 );
   912    799     pOut->flags = MEM_Int;
   913    800     pOut->u.i = *pOp->p4.pI64;
   914    801     break;
   915    802   }
   916    803   
   917    804   /* Opcode: Real * P2 * P4 *
   918    805   **
   919    806   ** P4 is a pointer to a 64-bit floating point value.
   920         -** Write that value into register P2 or push onto the stack if P2 is 0.
          807  +** Write that value into register P2.
   921    808   */
   922    809   case OP_Real: {            /* same as TK_FLOAT, out2-prerelease */
   923    810     pOut->flags = MEM_Real;
   924    811     pOut->r = *pOp->p4.pReal;
   925    812     break;
   926    813   }
   927    814   
................................................................................
   959    846       goto too_big;
   960    847     }
   961    848     /* Fall through to the next case, OP_String */
   962    849   }
   963    850     
   964    851   /* Opcode: String P1 P2 * P4 *
   965    852   **
   966         -** The string value P4 of length P1 (bytes) is stored in register P2
   967         -** or is pushed onto the stack if P2==0.
          853  +** The string value P4 of length P1 (bytes) is stored in register P2.
   968    854   */
   969    855   case OP_String: {          /* out2-prerelease */
   970    856     assert( pOp->p4.z!=0 );
   971    857     pOut->flags = MEM_Str|MEM_Static|MEM_Term;
   972    858     pOut->z = pOp->p4.z;
   973    859     pOut->n = pOp->p1;
   974    860     pOut->enc = encoding;
   975    861     UPDATE_MAX_BLOBSIZE(pOut);
   976    862     break;
   977    863   }
   978    864   
   979    865   /* Opcode: Null * P2 * * *
   980    866   **
   981         -** Write a NULL into register P2 or push a NULL onto the stack 
   982         -** if P2==0.
          867  +** Write a NULL into register P2.
   983    868   */
   984    869   case OP_Null: {           /* out2-prerelease */
   985    870     break;
   986    871   }
   987    872   
   988    873   
   989    874   #ifndef SQLITE_OMIT_BLOB_LITERAL
   990    875   /* Opcode: HexBlob * P2 * P4 *
   991    876   **
   992    877   ** P4 is an UTF-8 SQL hex encoding of a blob. The blob is stored in
   993         -** register P2 or pushed onto the stack if P2 is zero.
          878  +** register P2.
   994    879   **
   995    880   ** The first time this instruction executes, in transforms itself into a
   996    881   ** 'Blob' opcode with a binary blob as P4.
   997    882   */
   998    883   case OP_HexBlob: {            /* same as TK_BLOB, out2-prerelease */
   999    884     pOp->opcode = OP_Blob;
  1000    885     pOp->p1 = strlen(pOp->p4.z)/2;
................................................................................
  1036    921     UPDATE_MAX_BLOBSIZE(pOut);
  1037    922     break;
  1038    923   }
  1039    924   #endif /* SQLITE_OMIT_BLOB_LITERAL */
  1040    925   
  1041    926   /* Opcode: Variable P1 P2 * * *
  1042    927   **
  1043         -** The value of variable P1 is written into register P2 or pushed
  1044         -** onto the stack if P2 is zero.  A variable is
          928  +** The value of variable P1 is written into register P2. A variable is
  1045    929   ** an unknown in the original SQL string as handed to sqlite3_compile().
  1046    930   ** Any occurance of the '?' character in the original SQL is considered
  1047    931   ** a variable.  Variables in the SQL string are number from left to
  1048    932   ** right beginning with 1.  The values of variables are set using the
  1049    933   ** sqlite3_bind() API.
  1050    934   */
  1051    935   case OP_Variable: {           /* out2-prerelease */
................................................................................
  1060    944     sqlite3VdbeMemShallowCopy(pOut, &p->aVar[j], MEM_Static);
  1061    945     UPDATE_MAX_BLOBSIZE(pOut);
  1062    946     break;
  1063    947   }
  1064    948   
  1065    949   /* Opcode: Move P1 P2 * * *
  1066    950   **
  1067         -** Move the value in P1 into P2.  If P1 is positive then read from the
  1068         -** P1-th register.  If P1 is zero or negative read from the stack.
  1069         -** When P1 is 0 read from the top the stack.  When P1 is -1 read from
  1070         -** the next entry down on the stack.  And so forth.
  1071         -**
  1072         -** If P2 is zero, push the new value onto the top of the stack.  
  1073         -** If P2 is positive, write into the P2-th register.
  1074         -**
  1075         -** If P1 is zero then the stack is popped once.  The stack is
  1076         -** unchanged for all other values of P1.  The P1 value contains
  1077         -** a NULL after this operation.
          951  +** Move the value in register P1 over into register P2.  Register P1
          952  +** is left holding a NULL.  It is an error for P1 and P2 to be the
          953  +** same register.
  1078    954   */
  1079    955   /* Opcode: Copy P1 P2 * * *
  1080    956   **
  1081         -** Make a copy of P1 into P2.  If P1 is positive then read from the
  1082         -** P1-th register.  If P1 is zero or negative read from the stack.
  1083         -** When P1 is 0 read from the top the stack.  When P1 is -1 read from
  1084         -** the next entry down on the stack.  And so forth.
  1085         -**
  1086         -** If P2 is zero, push the new value onto the top of the stack.  
  1087         -** If P2 is positive, write into the P2-th register.
          957  +** Make a copy of register P1 into register P2.
  1088    958   **
  1089    959   ** This instruction makes a deep copy of the value.  A duplicate
  1090    960   ** is made of any string or blob constant.  See also OP_SCopy.
  1091    961   */
  1092    962   /* Opcode: SCopy P1 P2 * * *
  1093    963   **
  1094         -** Make a shallow copy of P1 into P2.  If P1 is positive then read from the
  1095         -** P1-th register.  If P1 is zero or negative read from the stack.
  1096         -** When P1 is 0 read from the top the stack.  When P1 is -1 read from
  1097         -** the next entry down on the stack.  And so forth.
  1098         -**
  1099         -** If P2 is zero, push the new value onto the top of the stack.  
  1100         -** If P2 is positive, write into the P2-th register.
          964  +** Make a shallow copy of register P1 into register P2.
  1101    965   **
  1102    966   ** This instruction makes a shallow copy of the value.  If the value
  1103    967   ** is a string or blob, then the copy is only a pointer to the
  1104    968   ** original and hence if the original changes so will the copy.
  1105    969   ** Worse, if the original is deallocated, the copy becomes invalid.
  1106    970   ** Thus the program must guarantee that the original will not change
  1107    971   ** during the lifetime of the copy.  Use OP_Copy to make a complete
  1108    972   ** copy.
  1109    973   */
  1110    974   case OP_Move:
  1111    975   case OP_Copy:
  1112    976   case OP_SCopy: {
  1113         -  if( pOp->p1<=0 ){
  1114         -    pIn1 = &pTos[pOp->p1];
  1115         -    assert( pIn1>=p->aStack );
  1116         -  }else{
  1117         -    assert( pOp->p1<=p->nMem );
  1118         -    pIn1 = &p->aMem[pOp->p1];
  1119         -    REGISTER_TRACE(pOp->p1, pIn1);
  1120         -  }
  1121         -  assert( pOp->p2>=0 );
  1122         -  if( pOp->p2==0 ){
  1123         -    pOut = ++pTos;
  1124         -    pOut->flags = MEM_Null;
  1125         -  }else{
  1126         -    assert( pOp->p2<=p->nMem );
  1127         -    pOut = &p->aMem[pOp->p2];
  1128         -  }
          977  +  assert( pOp->p1>0 );
          978  +  assert( pOp->p1<=p->nMem );
          979  +  pIn1 = &p->aMem[pOp->p1];
          980  +  REGISTER_TRACE(pOp->p1, pIn1);
          981  +  assert( pOp->p2>0 );
          982  +  assert( pOp->p2<=p->nMem );
          983  +  pOut = &p->aMem[pOp->p2];
  1129    984     assert( pOut!=pIn1 );
  1130    985     if( pOp->opcode==OP_Move ){
  1131    986       rc = sqlite3VdbeMemMove(pOut, pIn1);
  1132         -    if( pOp->p1==0 ) pTos--;
  1133    987     }else{
  1134    988       Release(pOut);
  1135    989       sqlite3VdbeMemShallowCopy(pOut, pIn1, MEM_Ephem);
  1136    990       if( pOp->opcode==OP_Copy ){
  1137    991         Deephemeralize(pOut);
  1138    992       }
  1139    993     }
  1140    994     REGISTER_TRACE(pOp->p2, pOut);
  1141    995     break;
  1142    996   }
  1143    997   
  1144         -/* Opcode: ResultRow P1 P2 *
          998  +/* Opcode: ResultRow P1 P2 * * *
  1145    999   **
  1146   1000   ** The registers P1 throught P1+P2-1 contain a single row of
  1147   1001   ** results. This opcode causes the sqlite3_step() call to terminate
  1148   1002   ** with an SQLITE_ROW return code and it sets up the sqlite3_stmt
  1149   1003   ** structure to provide access to the top P1 values as the result
  1150         -** row.  When the sqlite3_step() function is run again, the top P1
  1151         -** values will be automatically popped from the stack before the next
  1152         -** instruction executes.
         1004  +** row.
  1153   1005   */
  1154         -case OP_ResultRow: {            /* no-push */
         1006  +case OP_ResultRow: {
  1155   1007     Mem *pMem;
  1156   1008     int i;
  1157   1009     assert( p->nResColumn==pOp->p2 );
  1158   1010     assert( pOp->p1>0 );
  1159   1011     assert( pOp->p1+pOp->p2<=p->nMem );
  1160   1012   
  1161         -  /* Data in the pager might be moved or changed out from under us
  1162         -  ** in between the return from this sqlite3_step() call and the
  1163         -  ** next call to sqlite3_step().  So deephermeralize everything on 
  1164         -  ** the stack.  Note that ephemeral data is never stored in memory 
  1165         -  ** cells so we do not have to worry about them.
  1166         -  */
  1167         -  for(pMem = p->aStack; pMem<=pTos; pMem++){
  1168         -    Deephemeralize(pMem);
  1169         -  }
  1170         -
  1171   1013     /* Invalidate all ephemeral cursor row caches */
  1172   1014     p->cacheCtr = (p->cacheCtr + 2)|1;
  1173   1015   
  1174   1016     /* Make sure the results of the current row are \000 terminated
  1175   1017     ** and have an assigned type.  The results are deephemeralized as
  1176   1018     ** as side effect.
  1177   1019     */
................................................................................
  1180   1022       sqlite3VdbeMemNulTerminate(&pMem[i]);
  1181   1023       storeTypeInfo(&pMem[i], encoding);
  1182   1024     }
  1183   1025   
  1184   1026     /* Return SQLITE_ROW
  1185   1027     */
  1186   1028     p->nCallback++;
  1187         -  p->popStack = 0;
  1188   1029     p->pc = pc + 1;
  1189         -  p->pTos = pTos;
  1190   1030     rc = SQLITE_ROW;
  1191   1031     goto vdbe_return;
  1192   1032   }
  1193   1033   
  1194   1034   /* Opcode: Concat P1 P2 P3 * *
  1195   1035   **
  1196   1036   ** Add the text in register P1 onto the end of the text in
................................................................................
  1245   1085   */
  1246   1086   /* Opcode: Subtract P1 P2 P3 * *
  1247   1087   **
  1248   1088   ** Subtract the value in P1 from the value in P2 and store the result
  1249   1089   ** in P3.
  1250   1090   ** If either operand is NULL, the result is NULL.
  1251   1091   */
  1252         -/* Opcode: Divide * * *
         1092  +/* Opcode: Divide P1 P2 P3 * *
  1253   1093   **
  1254   1094   ** Divide the value in P1 by the value in P2 and store the result
  1255   1095   ** in P3.  If the value in P2 is zero, then the result is NULL.
  1256   1096   ** If either operand is NULL, the result is NULL.
  1257   1097   */
  1258         -/* Opcode: Remainder * * *
         1098  +/* Opcode: Remainder P1 P2 P3 * *
  1259   1099   **
  1260   1100   ** Compute the remainder after integer division of the value in
  1261   1101   ** register P1 by the value in register P2 and store the result in P3. 
  1262   1102   ** If the value in register P2 is zero the result is NULL.
  1263   1103   ** If either operand is NULL, the result is NULL.
  1264   1104   */
  1265   1105   case OP_Add:                   /* same as TK_PLUS, in1, in2, out3 */
................................................................................
  1350   1190   ** be returned. This is used by the built-in min(), max() and nullif()
  1351   1191   ** functions.
  1352   1192   **
  1353   1193   ** The interface used by the implementation of the aforementioned functions
  1354   1194   ** to retrieve the collation sequence set by this opcode is not available
  1355   1195   ** publicly, only to user functions defined in func.c.
  1356   1196   */
  1357         -case OP_CollSeq: {             /* no-push */
         1197  +case OP_CollSeq: {
  1358   1198     assert( pOp->p4type==P4_COLLSEQ );
  1359   1199     break;
  1360   1200   }
  1361   1201   
  1362   1202   /* Opcode: Function P1 P2 P3 P4 P5
  1363   1203   **
  1364   1204   ** Invoke a user function (P4 is a pointer to a Function structure that
  1365   1205   ** defines the function) with P5 arguments taken from register P2 and
  1366         -** successors, or if P2==0 from the stack.  The result of the function
  1367         -** is stored in register P3 or on the stack if P3==0.
         1206  +** successors.  The result of the function is stored in register P3.
  1368   1207   **
  1369   1208   ** P1 is a 32-bit bitmask indicating whether or not each argument to the 
  1370   1209   ** function was determined to be constant at compile time. If the first
  1371   1210   ** argument was constant then bit 0 of P1 is set. This is used to determine
  1372   1211   ** whether meta data associated with a user function argument using the
  1373   1212   ** sqlite3_set_auxdata() API may be safely retained until the next
  1374   1213   ** invocation of this opcode.
................................................................................
  1381   1220     sqlite3_context ctx;
  1382   1221     sqlite3_value **apVal;
  1383   1222     int n = pOp->p5;
  1384   1223   
  1385   1224     apVal = p->apArg;
  1386   1225     assert( apVal || n==0 );
  1387   1226   
  1388         -  if( pOp->p2==0 ){
  1389         -    pArg = &pTos[1-n];
  1390         -  }else{
  1391         -    pArg = &p->aMem[pOp->p2];
  1392         -  }
         1227  +  assert( n==0 || (pOp->p2>0 && pOp->p2+n<=p->nMem) );
         1228  +  pArg = &p->aMem[pOp->p2];
  1393   1229     for(i=0; i<n; i++, pArg++){
  1394   1230       apVal[i] = pArg;
  1395   1231       storeTypeInfo(pArg, encoding);
  1396   1232       REGISTER_TRACE(pOp->p2, pArg);
  1397   1233     }
  1398   1234   
  1399   1235     assert( pOp->p4type==P4_FUNCDEF || pOp->p4type==P4_VDBEFUNC );
................................................................................
  1428   1264       ** Note: Maybe MemRelease() should be called if sqlite3SafetyOn()
  1429   1265       ** fails also (the if(...) statement above). But if people are
  1430   1266       ** misusing sqlite, they have bigger problems than a leaked value.
  1431   1267       */
  1432   1268       sqlite3VdbeMemRelease(&ctx.s);
  1433   1269       goto no_mem;
  1434   1270     }
  1435         -  if( pOp->p2==0 ){
  1436         -    popStack(&pTos, n);
  1437         -  }
  1438   1271   
  1439   1272     /* If any auxilary data functions have been called by this user function,
  1440   1273     ** immediately call the destructor for any non-static values.
  1441   1274     */
  1442   1275     if( ctx.pVdbeFunc ){
  1443   1276       sqlite3VdbeDeleteAuxData(ctx.pVdbeFunc, pOp->p1);
  1444   1277       pOp->p4.pVdbeFunc = ctx.pVdbeFunc;
................................................................................
  1447   1280   
  1448   1281     /* If the function returned an error, throw an exception */
  1449   1282     if( ctx.isError ){
  1450   1283       sqlite3SetString(&p->zErrMsg, sqlite3_value_text(&ctx.s), (char*)0);
  1451   1284       rc = SQLITE_ERROR;
  1452   1285     }
  1453   1286   
  1454         -  /* Copy the result of the function to the top of the stack */
         1287  +  /* Copy the result of the function into register P3 */
  1455   1288     sqlite3VdbeChangeEncoding(&ctx.s, encoding);
  1456         -  if( pOp->p3==0 ){
  1457         -    pOut = ++pTos;
  1458         -  }else{
  1459         -    pOut = &p->aMem[pOp->p3];
  1460         -  }
         1289  +  assert( pOp->p3>0 && pOp->p3<=p->nMem );
         1290  +  pOut = &p->aMem[pOp->p3];
  1461   1291     sqlite3VdbeMemMove(pOut, &ctx.s);
  1462   1292     if( sqlite3VdbeMemTooBig(pOut) ){
  1463   1293       goto too_big;
  1464   1294     }
  1465   1295     REGISTER_TRACE(pOp->p3, pOut);
  1466   1296     UPDATE_MAX_BLOBSIZE(pOut);
  1467   1297     break;
................................................................................
  1522   1352   /* Opcode: AddImm  P1 P2 * * *
  1523   1353   ** 
  1524   1354   ** Add P2 the value in register P1.
  1525   1355   ** The result is always an integer.
  1526   1356   **
  1527   1357   ** To force any register to be an integer, just add 0.
  1528   1358   */
  1529         -case OP_AddImm: {            /* no-push, in1 */
  1530         -  nPop = 0;
         1359  +case OP_AddImm: {            /* in1 */
  1531   1360     sqlite3VdbeMemIntegerify(pIn1);
  1532   1361     pIn1->u.i += pOp->p2;
  1533   1362     break;
  1534   1363   }
  1535   1364   
  1536   1365   /* Opcode: ForceInt P1 P2 P3 * *
  1537   1366   **
................................................................................
  1539   1368   ** in P1 is not numeric (meaning that is is a NULL or a string that
  1540   1369   ** does not look like an integer or floating point number) then
  1541   1370   ** jump to P2.  If the value in P1 is numeric then
  1542   1371   ** convert it into the least integer that is greater than or equal to its
  1543   1372   ** current value if P3==0, or to the least integer that is strictly
  1544   1373   ** greater than its current value if P3==1.
  1545   1374   */
  1546         -case OP_ForceInt: {            /* no-push, jump, in1 */
         1375  +case OP_ForceInt: {            /* jump, in1 */
  1547   1376     i64 v;
  1548   1377     applyAffinity(pIn1, SQLITE_AFF_NUMERIC, encoding);
  1549   1378     if( (pIn1->flags & (MEM_Int|MEM_Real))==0 ){
  1550   1379       pc = pOp->p2 - 1;
  1551   1380       break;
  1552   1381     }
  1553         -  nPop = 0;
  1554   1382     if( pIn1->flags & MEM_Int ){
  1555   1383       v = pIn1->u.i + (pOp->p3!=0);
  1556   1384     }else{
  1557   1385       assert( pIn1->flags & MEM_Real );
  1558   1386       v = (sqlite3_int64)pIn1->r;
  1559   1387       if( pIn1->r>(double)v ) v++;
  1560   1388       if( pOp->p3 && pIn1->r==(double)v ) v++;
................................................................................
  1561   1389     }
  1562   1390     Release(pIn1);
  1563   1391     pIn1->u.i = v;
  1564   1392     pIn1->flags = MEM_Int;
  1565   1393     break;
  1566   1394   }
  1567   1395   
  1568         -/* Opcode: MustBeInt P1 P2 P3
         1396  +/* Opcode: MustBeInt P1 P2 * * *
  1569   1397   ** 
  1570         -** Force the value in register P1 to be an integer.  If P1==0 then
  1571         -** use the top of the stack.  If the value in P1 
  1572         -** is not an integer and cannot be converted into an integer
         1398  +** Force the value in register P1 to be an integer.  If the value
         1399  +** in P1 is not an integer and cannot be converted into an integer
  1573   1400   ** without data loss, then jump immediately to P2, or if P2==0
  1574   1401   ** raise an SQLITE_MISMATCH exception.
  1575         -**
  1576         -** If the P1==0 and the top of the stack is not an integer
  1577         -** and P2 is not zero and P3 is 1, then the stack is popped.
  1578         -** In all other cases, the depth of the stack is unchanged.
  1579   1402   */
  1580         -case OP_MustBeInt: {            /* no-push, jump, in1 */
  1581         -  nPop = 0;
         1403  +case OP_MustBeInt: {            /* jump, in1 */
  1582   1404     applyAffinity(pIn1, SQLITE_AFF_NUMERIC, encoding);
  1583   1405     if( (pIn1->flags & MEM_Int)==0 ){
  1584   1406       if( pOp->p2==0 ){
  1585   1407         rc = SQLITE_MISMATCH;
  1586   1408         goto abort_due_to_error;
  1587   1409       }else{
  1588         -      if( pOp->p3 && pOp->p1==0 ){
  1589         -        popStack(&pTos, 1);
  1590         -      }
  1591   1410         pc = pOp->p2 - 1;
  1592   1411       }
  1593   1412     }else{
  1594   1413       Release(pIn1);
  1595   1414       pIn1->flags = MEM_Int;
  1596   1415     }
  1597   1416     break;
................................................................................
  1602   1421   ** If register P1 holds an integer convert it to a real value.
  1603   1422   **
  1604   1423   ** This opcode is used when extracting information from a column that
  1605   1424   ** has REAL affinity.  Such column values may still be stored as
  1606   1425   ** integers, for space efficiency, but after extraction we want them
  1607   1426   ** to have only a real value.
  1608   1427   */
  1609         -case OP_RealAffinity: {                  /* no-push, in1 */
  1610         -  nPop = 0;
         1428  +case OP_RealAffinity: {                  /* in1 */
  1611   1429     if( pIn1->flags & MEM_Int ){
  1612   1430       sqlite3VdbeMemRealify(pIn1);
  1613   1431     }
  1614   1432     break;
  1615   1433   }
  1616   1434   
  1617   1435   #ifndef SQLITE_OMIT_CAST
................................................................................
  1620   1438   ** Force the value in register P1 to be text.
  1621   1439   ** If the value is numeric, convert it to a string using the
  1622   1440   ** equivalent of printf().  Blob values are unchanged and
  1623   1441   ** are afterwards simply interpreted as text.
  1624   1442   **
  1625   1443   ** A NULL value is not changed by this routine.  It remains NULL.
  1626   1444   */
  1627         -case OP_ToText: {                  /* same as TK_TO_TEXT, no-push, in1 */
  1628         -  nPop = 0;
         1445  +case OP_ToText: {                  /* same as TK_TO_TEXT, in1 */
  1629   1446     if( pIn1->flags & MEM_Null ) break;
  1630   1447     assert( MEM_Str==(MEM_Blob>>3) );
  1631   1448     pIn1->flags |= (pIn1->flags&MEM_Blob)>>3;
  1632   1449     applyAffinity(pIn1, SQLITE_AFF_TEXT, encoding);
  1633   1450     rc = ExpandBlob(pIn1);
  1634   1451     assert( pIn1->flags & MEM_Str );
  1635   1452     pIn1->flags &= ~(MEM_Int|MEM_Real|MEM_Blob);
................................................................................
  1642   1459   ** Force the value in register P1 to be a BLOB.
  1643   1460   ** If the value is numeric, convert it to a string first.
  1644   1461   ** Strings are simply reinterpreted as blobs with no change
  1645   1462   ** to the underlying data.
  1646   1463   **
  1647   1464   ** A NULL value is not changed by this routine.  It remains NULL.
  1648   1465   */
  1649         -case OP_ToBlob: {                  /* same as TK_TO_BLOB, no-push, in1 */
  1650         -  nPop = 0;
         1466  +case OP_ToBlob: {                  /* same as TK_TO_BLOB, in1 */
  1651   1467     if( pIn1->flags & MEM_Null ) break;
  1652   1468     if( (pIn1->flags & MEM_Blob)==0 ){
  1653   1469       applyAffinity(pIn1, SQLITE_AFF_TEXT, encoding);
  1654   1470       assert( pIn1->flags & MEM_Str );
  1655   1471       pIn1->flags |= MEM_Blob;
  1656   1472     }
  1657   1473     pIn1->flags &= ~(MEM_Int|MEM_Real|MEM_Str);
................................................................................
  1665   1481   ** integer or a floating-point number.)
  1666   1482   ** If the value is text or blob, try to convert it to an using the
  1667   1483   ** equivalent of atoi() or atof() and store 0 if no such conversion 
  1668   1484   ** is possible.
  1669   1485   **
  1670   1486   ** A NULL value is not changed by this routine.  It remains NULL.
  1671   1487   */
  1672         -case OP_ToNumeric: {                  /* same as TK_TO_NUMERIC, no-push, in1 */
  1673         -  nPop = 0;
         1488  +case OP_ToNumeric: {                  /* same as TK_TO_NUMERIC, in1 */
  1674   1489     if( (pIn1->flags & (MEM_Null|MEM_Int|MEM_Real))==0 ){
  1675   1490       sqlite3VdbeMemNumerify(pIn1);
  1676   1491     }
  1677   1492     break;
  1678   1493   }
  1679   1494   #endif /* SQLITE_OMIT_CAST */
  1680   1495   
................................................................................
  1683   1498   ** Force the value in register P1 be an integer.  If
  1684   1499   ** The value is currently a real number, drop its fractional part.
  1685   1500   ** If the value is text or blob, try to convert it to an integer using the
  1686   1501   ** equivalent of atoi() and store 0 if no such conversion is possible.
  1687   1502   **
  1688   1503   ** A NULL value is not changed by this routine.  It remains NULL.
  1689   1504   */
  1690         -case OP_ToInt: {                  /* same as TK_TO_INT, no-push, in1 */
  1691         -  nPop = 0;
         1505  +case OP_ToInt: {                  /* same as TK_TO_INT, in1 */
  1692   1506     if( (pIn1->flags & MEM_Null)==0 ){
  1693   1507       sqlite3VdbeMemIntegerify(pIn1);
  1694   1508     }
  1695   1509     break;
  1696   1510   }
  1697   1511   
  1698   1512   #ifndef SQLITE_OMIT_CAST
................................................................................
  1701   1515   ** Force the value in register P1 to be a floating point number.
  1702   1516   ** If The value is currently an integer, convert it.
  1703   1517   ** If the value is text or blob, try to convert it to an integer using the
  1704   1518   ** equivalent of atoi() and store 0 if no such conversion is possible.
  1705   1519   **
  1706   1520   ** A NULL value is not changed by this routine.  It remains NULL.
  1707   1521   */
  1708         -case OP_ToReal: {                  /* same as TK_TO_REAL, no-push, in1 */
  1709         -  nPop = 0;
         1522  +case OP_ToReal: {                  /* same as TK_TO_REAL, in1 */
  1710   1523     if( (pIn1->flags & MEM_Null)==0 ){
  1711   1524       sqlite3VdbeMemRealify(pIn1);
  1712   1525     }
  1713   1526     break;
  1714   1527   }
  1715   1528   #endif /* SQLITE_OMIT_CAST */
  1716   1529   
................................................................................
  1742   1555   ** numeric, then a numeric comparison is used. If the two values
  1743   1556   ** are of different types, then numbers are considered less than
  1744   1557   ** strings and strings are considered less than blobs.
  1745   1558   **
  1746   1559   ** If the SQLITE_STOREP2 bit of P5 is set, then do not jump.  Instead,
  1747   1560   ** store a boolean result (either 0, or 1, or NULL) in register P2.
  1748   1561   */
  1749         -/* Opcode: Ne P1 P2 P4
         1562  +/* Opcode: Ne P1 P2 P3 P4 P5
  1750   1563   **
  1751   1564   ** This works just like the Lt opcode except that the jump is taken if
  1752   1565   ** the operands in registers P1 and P3 are not equal.  See the Lt opcode for
  1753   1566   ** additional information.
  1754   1567   */
  1755         -/* Opcode: Eq P1 P2 P4
         1568  +/* Opcode: Eq P1 P2 P3 P4 P5
  1756   1569   **
  1757   1570   ** This works just like the Lt opcode except that the jump is taken if
  1758   1571   ** the operands in registers P1 and P3 are equal.
  1759   1572   ** See the Lt opcode for additional information.
  1760   1573   */
  1761         -/* Opcode: Le P1 P2 P4
         1574  +/* Opcode: Le P1 P2 P3 P4 P5
  1762   1575   **
  1763   1576   ** This works just like the Lt opcode except that the jump is taken if
  1764   1577   ** the content of register P3 is less than or equal to the content of
  1765   1578   ** register P1.  See the Lt opcode for additional information.
  1766   1579   */
  1767         -/* Opcode: Gt P1 P2 P4
         1580  +/* Opcode: Gt P1 P2 P3 P4 P5
  1768   1581   **
  1769   1582   ** This works just like the Lt opcode except that the jump is taken if
  1770   1583   ** the content of register P3 is greater than the content of
  1771   1584   ** register P1.  See the Lt opcode for additional information.
  1772   1585   */
  1773         -/* Opcode: Ge P1 P2 P4
         1586  +/* Opcode: Ge P1 P2 P3 P4 P5
  1774   1587   **
  1775   1588   ** This works just like the Lt opcode except that the jump is taken if
  1776   1589   ** the content of register P3 is greater than or equal to the content of
  1777   1590   ** register P1.  See the Lt opcode for additional information.
  1778   1591   */
  1779         -case OP_Eq:               /* same as TK_EQ, no-push, jump, in1, in3 */
  1780         -case OP_Ne:               /* same as TK_NE, no-push, jump, in1, in3 */
  1781         -case OP_Lt:               /* same as TK_LT, no-push, jump, in1, in3 */
  1782         -case OP_Le:               /* same as TK_LE, no-push, jump, in1, in3 */
  1783         -case OP_Gt:               /* same as TK_GT, no-push, jump, in1, in3 */
  1784         -case OP_Ge: {             /* same as TK_GE, no-push, jump, in1, in3 */
         1592  +case OP_Eq:               /* same as TK_EQ, jump, in1, in3 */
         1593  +case OP_Ne:               /* same as TK_NE, jump, in1, in3 */
         1594  +case OP_Lt:               /* same as TK_LT, jump, in1, in3 */
         1595  +case OP_Le:               /* same as TK_LE, jump, in1, in3 */
         1596  +case OP_Gt:               /* same as TK_GT, jump, in1, in3 */
         1597  +case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
  1785   1598     int flags;
  1786   1599     int res;
  1787   1600     char affinity;
  1788   1601     Mem x1, x3;
  1789   1602   
  1790   1603     flags = pIn1->flags|pIn3->flags;
  1791   1604   
  1792         -  /* If either value is a NULL P2 is not zero, take the jump if the least
  1793         -  ** significant byte of P1 is true. If P2 is zero, then push a NULL onto
  1794         -  ** the stack.
  1795         -  */
  1796   1605     if( flags&MEM_Null ){
  1797   1606       if( (pOp->p5 & SQLITE_NULLEQUAL)!=0 ){
  1798   1607         /*
  1799   1608         ** When SQLITE_NULLEQUAL set and either operand is NULL
  1800   1609         ** then both operands are converted to integers prior to being 
  1801   1610         ** passed down into the normal comparison logic below.  
  1802   1611         ** NULL operands are converted to zero and non-NULL operands
................................................................................
  1909   1718   
  1910   1719   /* Opcode: Not P1 * * * *
  1911   1720   **
  1912   1721   ** Interpret the value in register P1 as a boolean value.  Replace it
  1913   1722   ** with its complement.  If the value in register P1 is NULL its value
  1914   1723   ** is unchanged.
  1915   1724   */
  1916         -case OP_Not: {                /* same as TK_NOT, no-push, in1 */
  1917         -  nPop = 0;
         1725  +case OP_Not: {                /* same as TK_NOT, in1 */
  1918   1726     if( pIn1->flags & MEM_Null ) break;  /* Do nothing to NULLs */
  1919   1727     sqlite3VdbeMemIntegerify(pIn1);
  1920   1728     pIn1->u.i = !pIn1->u.i;
  1921   1729     assert( pIn1->flags==MEM_Int );
  1922   1730     break;
  1923   1731   }
  1924   1732   
  1925   1733   /* Opcode: BitNot P1 * * * *
  1926   1734   **
  1927   1735   ** Interpret the content of register P1 as an integer.  Replace it
  1928   1736   ** with its ones-complement.  If the value is originally NULL, leave
  1929   1737   ** it unchanged.
  1930   1738   */
  1931         -case OP_BitNot: {             /* same as TK_BITNOT, no-push, in1 */
  1932         -  nPop = 0;
         1739  +case OP_BitNot: {             /* same as TK_BITNOT, in1 */
  1933   1740     if( pIn1->flags & MEM_Null ) break;  /* Do nothing to NULLs */
  1934   1741     sqlite3VdbeMemIntegerify(pIn1);
  1935   1742     pIn1->u.i = ~pIn1->u.i;
  1936   1743     assert( pIn1->flags==MEM_Int );
  1937   1744     break;
  1938   1745   }
  1939   1746   
................................................................................
  1945   1752   /*
  1946   1753   ** The magic Explain opcode are only inserted when explain==2 (which
  1947   1754   ** is to say when the EXPLAIN QUERY PLAN syntax is used.)
  1948   1755   ** This opcode records information from the optimizer.  It is the
  1949   1756   ** the same as a no-op.  This opcodesnever appears in a real VM program.
  1950   1757   */
  1951   1758   case OP_Explain:
  1952         -case OP_Noop: {            /* no-push */
         1759  +case OP_Noop: {
  1953   1760     break;
  1954   1761   }
  1955   1762   
  1956   1763   /* Opcode: If P1 P2 P3 * *
  1957   1764   **
  1958   1765   ** Jump to P2 if the value in register P1 is true.  The value is
  1959   1766   ** is considered true if it is numeric and non-zero.  If the value
................................................................................
  1961   1768   */
  1962   1769   /* Opcode: IfNot P1 P2 P3 * *
  1963   1770   **
  1964   1771   ** Jump to P2 if the value in register P1 is False.  The value is
  1965   1772   ** is considered true if it has a numeric value of zero.  If the value
  1966   1773   ** in P1 is NULL then take the jump if P3 is true.
  1967   1774   */
  1968         -case OP_If:                 /* no-push, jump, in1 */
  1969         -case OP_IfNot: {            /* no-push, jump, in1 */
         1775  +case OP_If:                 /* jump, in1 */
         1776  +case OP_IfNot: {            /* jump, in1 */
  1970   1777     int c;
  1971   1778     if( pIn1->flags & MEM_Null ){
  1972   1779       c = pOp->p3;
  1973   1780     }else{
  1974   1781   #ifdef SQLITE_OMIT_FLOATING_POINT
  1975   1782       c = sqlite3VdbeIntValue(pIn1);
  1976   1783   #else
................................................................................
  1985   1792   }
  1986   1793   
  1987   1794   /* Opcode: IsNull P1 P2 P3 * *
  1988   1795   **
  1989   1796   ** Jump to P2 if the value in register P1 is NULL.  If P3 is greater
  1990   1797   ** than zero, then check all values reg(P1), reg(P1+1), 
  1991   1798   ** reg(P1+2), ..., reg(P1+P3-1).
  1992         -**
  1993         -** If P1 is 0 then use the top of the stack instead of a register
  1994         -** and pop the stack regardless of whether or not the jump is taken.
  1995   1799   */
  1996         -case OP_IsNull: {            /* same as TK_ISNULL, no-push, jump, in1 */
         1800  +case OP_IsNull: {            /* same as TK_ISNULL, jump, in1 */
  1997   1801     int n = pOp->p3;
  1998   1802     assert( pOp->p3==0 || pOp->p1>0 );
  1999   1803     do{
  2000   1804       if( (pIn1->flags & MEM_Null)!=0 ){
  2001   1805         pc = pOp->p2 - 1;
  2002   1806         break;
  2003   1807       }
................................................................................
  2005   1809     }while( --n > 0 );
  2006   1810     break;
  2007   1811   }
  2008   1812   
  2009   1813   /* Opcode: NotNull P1 P2 * * *
  2010   1814   **
  2011   1815   ** Jump to P2 if the value in register P1 is not NULL.  
  2012         -**
  2013         -** If P1 is 0 then use the top of the stack instead of a register
  2014         -** and pop the stack regardless of whether or not the jump is taken.
  2015   1816   */
  2016         -case OP_NotNull: {            /* same as TK_NOTNULL, no-push, jump, in1 */
         1817  +case OP_NotNull: {            /* same as TK_NOTNULL, jump, in1 */
  2017   1818     if( (pIn1->flags & MEM_Null)==0 ){
  2018   1819       pc = pOp->p2 - 1;
  2019   1820     }
  2020   1821     break;
  2021   1822   }
  2022   1823   
  2023   1824   /* Opcode: SetNumColumns P1 P2 * * *
................................................................................
  2026   1827   ** opcode must be called to set the number of fields in the table.
  2027   1828   **
  2028   1829   ** This opcode sets the number of columns for cursor P1 to P2.
  2029   1830   **
  2030   1831   ** If OP_KeyAsData is to be applied to cursor P1, it must be executed
  2031   1832   ** before this op-code.
  2032   1833   */
  2033         -case OP_SetNumColumns: {       /* no-push */
         1834  +case OP_SetNumColumns: {
  2034   1835     Cursor *pC;
  2035   1836     assert( (pOp->p1)<p->nCursor );
  2036   1837     assert( p->apCsr[pOp->p1]!=0 );
  2037   1838     pC = p->apCsr[pOp->p1];
  2038   1839     pC->nField = pOp->p2;
  2039   1840     break;
  2040   1841   }
................................................................................
  2043   1844   **
  2044   1845   ** Interpret the data that cursor P1 points to as a structure built using
  2045   1846   ** the MakeRecord instruction.  (See the MakeRecord opcode for additional
  2046   1847   ** information about the format of the data.)  Extract the P2-th column
  2047   1848   ** from this record.  If there are less that (P2+1) 
  2048   1849   ** values in the record, extract a NULL.
  2049   1850   **
  2050         -** The value extracted is pushed onto the stack.  Or if P3 is a positive
  2051         -** non-zero integer register number, then the value is written into that
  2052         -** register.
         1851  +** The value extracted is stored in register P3.
  2053   1852   **
  2054   1853   ** If the KeyAsData opcode has previously executed on this cursor, then the
  2055   1854   ** field might be extracted from the key rather than the data.
  2056   1855   **
  2057   1856   ** If the column contains fewer than P2 fields, then extract a NULL.  Or,
  2058   1857   ** if the P4 argument is a P4_MEM use the value of the P4 argument as
  2059   1858   ** the result.
................................................................................
  2072   1871     int i;             /* Loop counter */
  2073   1872     char *zData;       /* Part of the record being decoded */
  2074   1873     Mem *pDest;        /* Where to write the extracted value */
  2075   1874     Mem sMem;          /* For storing the record being decoded */
  2076   1875   
  2077   1876     sMem.flags = 0;
  2078   1877     assert( p1<p->nCursor );
  2079         -  if( pOp->p3>0 ){
  2080         -    pDest = &p->aMem[pOp->p3];
  2081         -  }else{
  2082         -    pDest = ++pTos;
  2083         -  }
         1878  +  assert( pOp->p3>0 && pOp->p3<=p->nMem );
         1879  +  pDest = &p->aMem[pOp->p3];
  2084   1880     sqlite3VdbeMemSetNull(pDest);
  2085   1881   
  2086   1882     /* This block sets the variable payloadSize to be the total number of
  2087   1883     ** bytes in the record.
  2088   1884     **
  2089   1885     ** zRec is set to be the complete text of the record if it is available.
  2090   1886     ** The complete record text is always available for pseudo-tables
  2091   1887     ** If the record is stored in a cursor, the complete record text
  2092   1888     ** might be available in the  pC->aRow cache.  Or it might not be.
  2093   1889     ** If the data is unavailable,  zRec is set to NULL.
  2094   1890     **
  2095   1891     ** We also compute the number of columns in the record.  For cursors,
  2096         -  ** the number of columns is stored in the Cursor.nField element.  For
  2097         -  ** records on the stack, the next entry down on the stack is an integer
  2098         -  ** which is the number of records.
         1892  +  ** the number of columns is stored in the Cursor.nField element.
  2099   1893     */
  2100   1894     pC = p->apCsr[p1];
  2101   1895     assert( pC!=0 );
  2102   1896   #ifndef SQLITE_OMIT_VIRTUALTABLE
  2103   1897     assert( pC->pVtabCursor==0 );
  2104   1898   #endif
  2105   1899     if( pC->pCursor!=0 ){
................................................................................
  2132   1926     }else{
  2133   1927       zRec = 0;
  2134   1928       payloadSize = 0;
  2135   1929       pCrsr = 0;
  2136   1930       nField = 0;
  2137   1931     }
  2138   1932   
  2139         -  /* If payloadSize is 0, then just push a NULL onto the stack. */
         1933  +  /* If payloadSize is 0, then just store a NULL */
  2140   1934     if( payloadSize==0 ){
  2141   1935       assert( pDest->flags==MEM_Null );
  2142   1936       goto op_column_out;
  2143   1937     }
  2144   1938     if( payloadSize>SQLITE_MAX_LENGTH ){
  2145   1939       goto too_big;
  2146   1940     }
................................................................................
  2223   2017           aOffset[i] = offset;
  2224   2018           zIdx += GetVarint(zIdx, aType[i]);
  2225   2019           offset += sqlite3VdbeSerialTypeLen(aType[i]);
  2226   2020         }else{
  2227   2021           /* If i is less that nField, then there are less fields in this
  2228   2022           ** record than SetNumColumns indicated there are columns in the
  2229   2023           ** table. Set the offset for any extra columns not present in
  2230         -        ** the record to 0. This tells code below to push a NULL onto the
  2231         -        ** stack instead of deserializing a value from the record.
         2024  +        ** the record to 0. This tells code below to store a NULL
         2025  +        ** instead of deserializing a value from the record.
  2232   2026           */
  2233   2027           aOffset[i] = 0;
  2234   2028         }
  2235   2029       }
  2236   2030       Release(&sMem);
  2237   2031       sMem.flags = MEM_Null;
  2238   2032   
................................................................................
  2306   2100   ** the OP_Column opcode can decode the record later and as long as the
  2307   2101   ** sqlite3VdbeRecordCompare function will correctly compare two encoded
  2308   2102   ** records.  Refer to source code comments for the details of the record
  2309   2103   ** format.
  2310   2104   **
  2311   2105   ** P4 may be a string that is P1 characters long.  The nth character of the
  2312   2106   ** string indicates the column affinity that should be used for the nth
  2313         -** field of the index key (i.e. the first character of P4 corresponds to the
  2314         -** lowest element on the stack).
         2107  +** field of the index key.
  2315   2108   **
  2316   2109   ** The mapping from character to affinity is given by the SQLITE_AFF_
  2317   2110   ** macros defined in sqliteInt.h.
  2318   2111   **
  2319   2112   ** If P4 is NULL then all index fields have the affinity NONE.
  2320   2113   */
  2321   2114   case OP_MakeRecord: {
................................................................................
  2322   2115     /* Assuming the record contains N fields, the record format looks
  2323   2116     ** like this:
  2324   2117     **
  2325   2118     ** ------------------------------------------------------------------------
  2326   2119     ** | hdr-size | type 0 | type 1 | ... | type N-1 | data0 | ... | data N-1 | 
  2327   2120     ** ------------------------------------------------------------------------
  2328   2121     **
  2329         -  ** Data(0) is taken from the lowest element of the stack and data(N-1) is
  2330         -  ** the top of the stack.
         2122  +  ** Data(0) is taken from register P1.  Data(1) comes from register P1+1
         2123  +  ** and so froth.
  2331   2124     **
  2332   2125     ** Each type field is a varint representing the serial type of the 
  2333   2126     ** corresponding data element (see sqlite3VdbeSerialType()). The
  2334   2127     ** hdr-size field is also a varint which is the offset from the beginning
  2335   2128     ** of the record to data0.
  2336   2129     */
  2337   2130     u8 *zNewRecord;        /* A buffer to hold the data for the new record */
................................................................................
  2409   2202       i += sqlite3PutVarint(&zNewRecord[i], serial_type);      /* serial type */
  2410   2203     }
  2411   2204     for(pRec=pData0; pRec<=pLast; pRec++){  /* serial data */
  2412   2205       i += sqlite3VdbeSerialPut(&zNewRecord[i], nByte-i, pRec, file_format);
  2413   2206     }
  2414   2207     assert( i==nByte );
  2415   2208   
  2416         -  if( pOp->p3==0 ){
  2417         -    pOut = ++pTos;
  2418         -  }else{
  2419         -    pOut = &p->aMem[pOp->p3];
  2420         -    Release(pOut);
  2421         -  }
         2209  +  assert( pOp->p3>0 && pOp->p3<=p->nMem );
         2210  +  pOut = &p->aMem[pOp->p3];
         2211  +  Release(pOut);
  2422   2212     pOut->n = nByte;
  2423   2213     if( nByte<=sizeof(zTemp) ){
  2424   2214       assert( zNewRecord==(unsigned char *)zTemp );
  2425   2215       pOut->z = pOut->zShort;
  2426   2216       memcpy(pOut->zShort, zTemp, nByte);
  2427   2217       pOut->flags = MEM_Blob | MEM_Short;
  2428   2218     }else{
................................................................................
  2449   2239   ** entire transaction.  The statement transaction will automatically
  2450   2240   ** commit when the VDBE halts.
  2451   2241   **
  2452   2242   ** The statement is begun on the database file with index P1.  The main
  2453   2243   ** database file has an index of 0 and the file used for temporary tables
  2454   2244   ** has an index of 1.
  2455   2245   */
  2456         -case OP_Statement: {       /* no-push */
         2246  +case OP_Statement: {
  2457   2247     int i = pOp->p1;
  2458   2248     Btree *pBt;
  2459   2249     if( i>=0 && i<db->nDb && (pBt = db->aDb[i].pBt)!=0
  2460   2250           && (db->autoCommit==0 || db->activeVdbeCnt>1) ){
  2461   2251       assert( sqlite3BtreeIsInTrans(pBt) );
  2462   2252       assert( (p->btreeMask & (1<<i))!=0 );
  2463   2253       if( !sqlite3BtreeIsInStmt(pBt) ){
................................................................................
  2472   2262   **
  2473   2263   ** Set the database auto-commit flag to P1 (1 or 0). If P2 is true, roll
  2474   2264   ** back any currently active btree transactions. If there are any active
  2475   2265   ** VMs (apart from this one), then the COMMIT or ROLLBACK statement fails.
  2476   2266   **
  2477   2267   ** This instruction causes the VM to halt.
  2478   2268   */
  2479         -case OP_AutoCommit: {       /* no-push */
         2269  +case OP_AutoCommit: {
  2480   2270     u8 i = pOp->p1;
  2481   2271     u8 rollback = pOp->p2;
  2482   2272   
  2483   2273     assert( i==1 || i==0 );
  2484   2274     assert( i==1 || rollback==0 );
  2485   2275   
  2486   2276     assert( db->activeVdbeCnt>0 );  /* At least this one VM is active */
................................................................................
  2497   2287       if( pOp->p2 ){
  2498   2288         assert( i==1 );
  2499   2289         sqlite3RollbackAll(db);
  2500   2290         db->autoCommit = 1;
  2501   2291       }else{
  2502   2292         db->autoCommit = i;
  2503   2293         if( sqlite3VdbeHalt(p)==SQLITE_BUSY ){
  2504         -        p->pTos = pTos;
  2505   2294           p->pc = pc;
  2506   2295           db->autoCommit = 1-i;
  2507   2296           p->rc = rc = SQLITE_BUSY;
  2508   2297           goto vdbe_return;
  2509   2298         }
  2510   2299       }
  2511   2300       if( p->rc==SQLITE_OK ){
................................................................................
  2541   2330   ** underway.  Starting a write transaction also creates a rollback journal. A
  2542   2331   ** write transaction must be started before any changes can be made to the
  2543   2332   ** database.  If P2 is 2 or greater then an EXCLUSIVE lock is also obtained
  2544   2333   ** on the file.
  2545   2334   **
  2546   2335   ** If P2 is zero, then a read-lock is obtained on the database file.
  2547   2336   */
  2548         -case OP_Transaction: {       /* no-push */
         2337  +case OP_Transaction: {
  2549   2338     int i = pOp->p1;
  2550   2339     Btree *pBt;
  2551   2340   
  2552   2341     assert( i>=0 && i<db->nDb );
  2553   2342     assert( (p->btreeMask & (1<<i))!=0 );
  2554   2343     pBt = db->aDb[i].pBt;
  2555   2344   
  2556   2345     if( pBt ){
  2557   2346       rc = sqlite3BtreeBeginTrans(pBt, pOp->p2);
  2558   2347       if( rc==SQLITE_BUSY ){
  2559   2348         p->pc = pc;
  2560   2349         p->rc = rc = SQLITE_BUSY;
  2561         -      p->pTos = pTos;
  2562   2350         goto vdbe_return;
  2563   2351       }
  2564   2352       if( rc!=SQLITE_OK && rc!=SQLITE_READONLY /* && rc!=SQLITE_BUSY */ ){
  2565   2353         goto abort_due_to_error;
  2566   2354       }
  2567   2355     }
  2568   2356     break;
  2569   2357   }
  2570   2358   
  2571   2359   /* Opcode: ReadCookie P1 P2 P3 * *
  2572   2360   **
  2573         -** Read cookie number P3 from database P1 and write it into register
  2574         -** P2 or push it onto the stack if P2==0.
         2361  +** Read cookie number P3 from database P1 and write it into register P2.
  2575   2362   ** P3==0 is the schema version.  P3==1 is the database format.
  2576   2363   ** P3==2 is the recommended pager cache size, and so forth.  P1==0 is
  2577   2364   ** the main database file and P1==1 is the database file used to store
  2578   2365   ** temporary tables.
  2579   2366   **
  2580   2367   ** If P1 is negative, then this is a request to read the size of a
  2581   2368   ** databases free-list. P3 must be set to 1 in this case. The actual
................................................................................
  2619   2406   ** P2==0 is the schema version.  P2==1 is the database format.
  2620   2407   ** P2==2 is the recommended pager cache size, and so forth.  P1==0 is
  2621   2408   ** the main database file and P1==1 is the database file used to store
  2622   2409   ** temporary tables.
  2623   2410   **
  2624   2411   ** A transaction must be started before executing this opcode.
  2625   2412   */
  2626         -case OP_SetCookie: {       /* no-push, in3 */
         2413  +case OP_SetCookie: {       /* in3 */
  2627   2414     Db *pDb;
  2628   2415     assert( pOp->p2<SQLITE_N_BTREE_META );
  2629   2416     assert( pOp->p1>=0 && pOp->p1<db->nDb );
  2630   2417     assert( (p->btreeMask & (1<<pOp->p1))!=0 );
  2631   2418     pDb = &db->aDb[pOp->p1];
  2632   2419     assert( pDb->pBt!=0 );
  2633   2420     sqlite3VdbeMemIntegerify(pIn3);
................................................................................
  2661   2448   ** This operation is used to detect when that the cookie has changed
  2662   2449   ** and that the current process needs to reread the schema.
  2663   2450   **
  2664   2451   ** Either a transaction needs to have been started or an OP_Open needs
  2665   2452   ** to be executed (to establish a read lock) before this opcode is
  2666   2453   ** invoked.
  2667   2454   */
  2668         -case OP_VerifyCookie: {       /* no-push */
         2455  +case OP_VerifyCookie: {
  2669   2456     int iMeta;
  2670   2457     Btree *pBt;
  2671   2458     assert( pOp->p1>=0 && pOp->p1<db->nDb );
  2672   2459     assert( (p->btreeMask & (1<<pOp->p1))!=0 );
  2673   2460     pBt = db->aDb[pOp->p1].pBt;
  2674   2461     if( pBt ){
  2675   2462       rc = sqlite3BtreeGetMeta(pBt, 1, (u32 *)&iMeta);
................................................................................
  2742   2529   **
  2743   2530   ** This instruction works just like OpenRead except that it opens the cursor
  2744   2531   ** in read/write mode.  For a given table, there can be one or more read-only
  2745   2532   ** cursors or a single read/write cursor but not both.
  2746   2533   **
  2747   2534   ** See also OpenRead.
  2748   2535   */
  2749         -case OP_OpenRead:          /* no-push */
  2750         -case OP_OpenWrite: {       /* no-push */
         2536  +case OP_OpenRead:
         2537  +case OP_OpenWrite: {
  2751   2538     int i = pOp->p1;
  2752   2539     int p2 = pOp->p2;
  2753   2540     int iDb = pOp->p3;
  2754   2541     int wrFlag;
  2755   2542     Btree *pX;
  2756   2543     Cursor *pCur;
  2757   2544     Db *pDb;
................................................................................
  2766   2553       if( pDb->pSchema->file_format < p->minWriteFileFormat ){
  2767   2554         p->minWriteFileFormat = pDb->pSchema->file_format;
  2768   2555       }
  2769   2556     }else{
  2770   2557       wrFlag = 0;
  2771   2558     }
  2772   2559     if( pOp->p5 ){
  2773         -    if( p2==0 ){
  2774         -      assert( pTos>=p->aStack );
  2775         -      sqlite3VdbeMemIntegerify(pTos);
  2776         -      p2 = pTos->u.i;
  2777         -      assert( (pTos->flags & MEM_Dyn)==0 );
  2778         -      pTos--;
  2779         -    }else{
  2780         -      assert( p2<=p->nMem );
  2781         -      pIn2 = &p->aMem[p2];
  2782         -      sqlite3VdbeMemIntegerify(pIn2);
  2783         -      p2 = pIn2->u.i;
  2784         -    }
         2560  +    assert( p2>0 );
         2561  +    assert( p2<=p->nMem );
         2562  +    pIn2 = &p->aMem[p2];
         2563  +    sqlite3VdbeMemIntegerify(pIn2);
         2564  +    p2 = pIn2->u.i;
  2785   2565       assert( p2>=2 );
  2786   2566     }
  2787   2567     assert( i>=0 );
  2788   2568     pCur = allocateCursor(p, i, iDb);
  2789   2569     if( pCur==0 ) goto no_mem;
  2790   2570     pCur->nullRow = 1;
  2791   2571     if( pX==0 ) break;
................................................................................
  2802   2582       pCur->pKeyInfo = 0;
  2803   2583       pCur->pIncrKey = &pCur->bogusIncrKey;
  2804   2584     }
  2805   2585     switch( rc ){
  2806   2586       case SQLITE_BUSY: {
  2807   2587         p->pc = pc;
  2808   2588         p->rc = rc = SQLITE_BUSY;
  2809         -      p->pTos = &pTos[(pOp->p2<=0)]; /* Operands must remain on stack */
  2810   2589         goto vdbe_return;
  2811   2590       }
  2812   2591       case SQLITE_OK: {
  2813   2592         int flags = sqlite3BtreeFlags(pCur->pCursor);
  2814   2593         /* Sanity checking.  Only the lower four bits of the flags byte should
  2815   2594         ** be used.  Bit 3 (mask 0x08) is unpreditable.  The lower 3 bits
  2816   2595         ** (mask 0x07) should be either 5 (intkey+leafdata for tables) or
................................................................................
  2861   2640   **
  2862   2641   ** This opcode was once called OpenTemp.  But that created
  2863   2642   ** confusion because the term "temp table", might refer either
  2864   2643   ** to a TEMP table at the SQL level, or to a table opened by
  2865   2644   ** this opcode.  Then this opcode was call OpenVirtual.  But
  2866   2645   ** that created confusion with the whole virtual-table idea.
  2867   2646   */
  2868         -case OP_OpenEphemeral: {       /* no-push */
         2647  +case OP_OpenEphemeral: {
  2869   2648     int i = pOp->p1;
  2870   2649     Cursor *pCx;
  2871   2650     static const int openFlags = 
  2872   2651         SQLITE_OPEN_READWRITE |
  2873   2652         SQLITE_OPEN_CREATE |
  2874   2653         SQLITE_OPEN_EXCLUSIVE |
  2875   2654         SQLITE_OPEN_DELETEONCLOSE |
................................................................................
  2922   2701   ** closed.
  2923   2702   **
  2924   2703   ** A pseudo-table created by this opcode is useful for holding the
  2925   2704   ** NEW or OLD tables in a trigger.  Also used to hold the a single
  2926   2705   ** row output from the sorter so that the row can be decomposed into
  2927   2706   ** individual columns using the OP_Column opcode.
  2928   2707   */
  2929         -case OP_OpenPseudo: {       /* no-push */
         2708  +case OP_OpenPseudo: {
  2930   2709     int i = pOp->p1;
  2931   2710     Cursor *pCx;
  2932   2711     assert( i>=0 );
  2933   2712     pCx = allocateCursor(p, i, -1);
  2934   2713     if( pCx==0 ) goto no_mem;
  2935   2714     pCx->nullRow = 1;
  2936   2715     pCx->pseudoTable = 1;
................................................................................
  2941   2720   }
  2942   2721   
  2943   2722   /* Opcode: Close P1 * * * *
  2944   2723   **
  2945   2724   ** Close a cursor previously opened as P1.  If P1 is not
  2946   2725   ** currently open, this instruction is a no-op.
  2947   2726   */
  2948         -case OP_Close: {       /* no-push */
         2727  +case OP_Close: {
  2949   2728     int i = pOp->p1;
  2950   2729     if( i>=0 && i<p->nCursor ){
  2951   2730       sqlite3VdbeFreeCursor(p, p->apCsr[i]);
  2952   2731       p->apCsr[i] = 0;
  2953   2732     }
  2954   2733     break;
  2955   2734   }
................................................................................
  2960   2739   ** cursor P1 so that it points to the smallest entry that is greater
  2961   2740   ** than or equal to the key in register P3.
  2962   2741   ** If there are no records greater than or equal to the key and P2 
  2963   2742   ** is not zero, then jump to P2.
  2964   2743   **
  2965   2744   ** See also: Found, NotFound, Distinct, MoveLt, MoveGt, MoveLe
  2966   2745   */
  2967         -/* Opcode: MoveGt P1 P2 *
         2746  +/* Opcode: MoveGt P1 P2 P3 * *
  2968   2747   **
  2969   2748   ** Use the value in register P3 as a key.  Reposition
  2970   2749   ** cursor P1 so that it points to the smallest entry that is greater
  2971   2750   ** than the key in register P3.
  2972   2751   ** If there are no records greater than the key and P2 is not zero,
  2973   2752   ** then jump to P2.
  2974   2753   **
  2975   2754   ** See also: Found, NotFound, Distinct, MoveLt, MoveGe, MoveLe
  2976   2755   */
  2977         -/* Opcode: MoveLt P1 P2 *
         2756  +/* Opcode: MoveLt P1 P2 P3 * * 
  2978   2757   **
  2979   2758   ** Use the value in register P3 as a key.  Reposition
  2980   2759   ** cursor P1 so that it points to the largest entry that is less
  2981   2760   ** than the key in register P3.
  2982   2761   ** If there are no records less than the key and P2 is not zero,
  2983   2762   ** then jump to P2.
  2984   2763   **
  2985   2764   ** See also: Found, NotFound, Distinct, MoveGt, MoveGe, MoveLe
  2986   2765   */
  2987         -/* Opcode: MoveLe P1 P2 *
         2766  +/* Opcode: MoveLe P1 P2 P3 * *
  2988   2767   **
  2989   2768   ** Use the value in register P3 as a key.  Reposition
  2990   2769   ** cursor P1 so that it points to the largest entry that is less than
  2991   2770   ** or equal to the key.
  2992   2771   ** If there are no records less than or eqal to the key and P2 is not zero,
  2993   2772   ** then jump to P2.
  2994   2773   **
  2995   2774   ** See also: Found, NotFound, Distinct, MoveGt, MoveGe, MoveLt
  2996   2775   */
  2997         -case OP_MoveLt:         /* no-push, jump, in3 */
  2998         -case OP_MoveLe:         /* no-push, jump, in3 */
  2999         -case OP_MoveGe:         /* no-push, jump, in3 */
  3000         -case OP_MoveGt: {       /* no-push, jump, in3 */
         2776  +case OP_MoveLt:         /* jump, in3 */
         2777  +case OP_MoveLe:         /* jump, in3 */
         2778  +case OP_MoveGe:         /* jump, in3 */
         2779  +case OP_MoveGt: {       /* jump, in3 */
  3001   2780     int i = pOp->p1;
  3002   2781     Cursor *pC;
  3003   2782   
  3004   2783     assert( i>=0 && i<p->nCursor );
  3005   2784     pC = p->apCsr[i];
  3006   2785     assert( pC!=0 );
  3007   2786     if( pC->pCursor!=0 ){
................................................................................
  3068   2847     }
  3069   2848     break;
  3070   2849   }
  3071   2850   
  3072   2851   /* Opcode: Found P1 P2 P3 * *
  3073   2852   **
  3074   2853   ** Register P3 holds a blob constructed by MakeRecord.  P1 is an index.
  3075         -** If an entry that matches the top of the stack exists in P1 then
  3076         -** jump to P2.  If the top of the stack does not match any entry in P1
         2854  +** If an entry that matches the value in register p3 exists in P1 then
         2855  +** jump to P2.  If the P3 value does not match any entry in P1
  3077   2856   ** then fall thru.  The P1 cursor is left pointing at the matching entry
  3078   2857   ** if it exists.
  3079   2858   **
  3080   2859   ** This instruction is used to implement the IN operator where the
  3081   2860   ** left-hand side is a SELECT statement.  P1 may be a true index, or it
  3082   2861   ** may be a temporary index that holds the results of the SELECT
  3083   2862   ** statement.   This instruction is also used to implement the
  3084   2863   ** DISTINCT keyword in SELECT statements.
  3085   2864   **
  3086   2865   ** This instruction checks if index P1 contains a record for which 
  3087   2866   ** the first N serialised values exactly match the N serialised values
  3088         -** in the record on the stack, where N is the total number of values in
  3089         -** the stack record (stack record is a prefix of the P1 record). 
         2867  +** in the record in register P3, where N is the total number of values in
         2868  +** the P3 record (the P3 record is a prefix of the P1 record). 
  3090   2869   **
  3091   2870   ** See also: NotFound, MoveTo, IsUnique, NotExists
  3092   2871   */
  3093   2872   /* Opcode: NotFound P1 P2 P3 * *
  3094   2873   **
  3095   2874   ** Register P3 holds a blob constructed by MakeRecord.  P1 is
  3096   2875   ** an index.  If no entry exists in P1 that matches the blob then jump
  3097   2876   ** to P2.  If an entry does existing, fall through.  The cursor is left
  3098         -** pointing to the entry that matches.  The blob is popped from the stack.
         2877  +** pointing to the entry that matches.
  3099   2878   **
  3100         -** The difference between this operation and Distinct is that
  3101         -** Distinct does not pop the key from the stack.
  3102         -**
  3103         -** See also: Distinct, Found, MoveTo, NotExists, IsUnique
         2879  +** See also: Found, MoveTo, NotExists, IsUnique
  3104   2880   */
  3105         -case OP_NotFound:       /* no-push, jump, in3 */
  3106         -case OP_Found: {        /* no-push, jump, in3 */
         2881  +case OP_NotFound:       /* jump, in3 */
         2882  +case OP_Found: {        /* jump, in3 */
  3107   2883     int i = pOp->p1;
  3108   2884     int alreadyExists = 0;
  3109   2885     Cursor *pC;
  3110   2886     assert( i>=0 && i<p->nCursor );
  3111   2887     assert( p->apCsr[i]!=0 );
  3112   2888     if( (pC = p->apCsr[i])->pCursor!=0 ){
  3113   2889       int res;
................................................................................
  3147   2923   ** fields matches K but the rowid is different from R.
  3148   2924   ** If there is no such entry, then there is an immediate
  3149   2925   ** jump to P2.  If any entry does exist where the index string
  3150   2926   ** matches K but the record number is not R, then the record
  3151   2927   ** number for that entry is written into P3 and control
  3152   2928   ** falls through to the next instruction.
  3153   2929   **
  3154         -** See also: Distinct, NotFound, NotExists, Found
         2930  +** See also: NotFound, NotExists, Found
  3155   2931   */
  3156         -case OP_IsUnique: {        /* no-push, jump, in3 */
         2932  +case OP_IsUnique: {        /* jump, in3 */
  3157   2933     int i = pOp->p1;
  3158   2934     Cursor *pCx;
  3159   2935     BtCursor *pCrsr;
  3160   2936     Mem *pK;
  3161   2937     i64 R;
  3162   2938   
  3163   2939     /* Pop the value R off the top of the stack
  3164   2940     */
  3165   2941     assert( pOp->p4type==P4_INT32 );
  3166         -  if( pOp->p4.i==0 ){
  3167         -    assert( pOp->p3==0 );
  3168         -    pK = &pIn3[-1];
  3169         -  }else{
  3170         -    pK = &p->aMem[pOp->p4.i];
  3171         -  }
         2942  +  assert( pOp->p4.i>0 && pOp->p4.i<=p->nMem );
         2943  +  pK = &p->aMem[pOp->p4.i];
  3172   2944     sqlite3VdbeMemIntegerify(pIn3);
  3173   2945     R = pIn3->u.i;
  3174   2946     assert( (pIn3->flags & MEM_Dyn)==0 );
  3175   2947     assert( i>=0 && i<p->nCursor );
  3176   2948     pCx = p->apCsr[i];
  3177   2949     assert( pCx!=0 );
  3178   2950     pCrsr = pCx->pCursor;
................................................................................
  3226   2998         goto abort_due_to_error;
  3227   2999       }
  3228   3000       if( v==R ){
  3229   3001         pc = pOp->p2 - 1;
  3230   3002         break;
  3231   3003       }
  3232   3004   
  3233         -    /* The final varint of the key is different from R.  Push it onto
  3234         -    ** the stack.  (The record number of an entry that violates a UNIQUE
  3235         -    ** constraint.)
         3005  +    /* The final varint of the key is different from R.  Store it back
         3006  +    ** into register R3.  (The record number of an entry that violates
         3007  +    ** a UNIQUE constraint.)
  3236   3008       */
  3237         -    nPop = 0;
  3238   3009       pIn3->u.i = v;
  3239   3010       assert( pIn3->flags==MEM_Int );
  3240   3011     }
  3241   3012     break;
  3242   3013   }
  3243   3014   
  3244         -/* Opcode: NotExists P1 P2 P3
         3015  +/* Opcode: NotExists P1 P2 P3 * *
  3245   3016   **
  3246         -** Use the top of the stack as a integer key. Or, if P3 is non-zero,
  3247         -** use the contents of register P3 as an integer key. If a record 
         3017  +** Use the content of register P3 as a integer key.  If a record 
  3248   3018   ** with that key does not exist in table of P1, then jump to P2. 
  3249   3019   ** If the record does exist, then fall thru.  The cursor is left 
  3250         -** pointing to the record if it exists. The integer key is popped 
  3251         -** from the stack if P3==0.
         3020  +** pointing to the record if it exists.
  3252   3021   **
  3253   3022   ** The difference between this operation and NotFound is that this
  3254   3023   ** operation assumes the key is an integer and that P1 is a table whereas
  3255   3024   ** NotFound assumes key is a blob constructed from MakeRecord and
  3256   3025   ** P1 is an index.
  3257   3026   **
  3258         -** See also: Distinct, Found, MoveTo, NotFound, IsUnique
         3027  +** See also: Found, MoveTo, NotFound, IsUnique
  3259   3028   */
  3260         -case OP_NotExists: {        /* no-push, jump, in3 */
         3029  +case OP_NotExists: {        /* jump, in3 */
  3261   3030     int i = pOp->p1;
  3262   3031     Cursor *pC;
  3263   3032     BtCursor *pCrsr;
  3264   3033     assert( i>=0 && i<p->nCursor );
  3265   3034     assert( p->apCsr[i]!=0 );
  3266   3035     if( (pCrsr = (pC = p->apCsr[i])->pCursor)!=0 ){
  3267   3036       int res;
................................................................................
  3286   3055     }
  3287   3056     break;
  3288   3057   }
  3289   3058   
  3290   3059   /* Opcode: Sequence P1 P2 * * *
  3291   3060   **
  3292   3061   ** Find the next available sequence number for cursor P1.
  3293         -** Write the sequence number into register P2, or push it onto
  3294         -** the stack if P2==0.
         3062  +** Write the sequence number into register P2.
  3295   3063   ** The sequence number on the cursor is incremented after this
  3296   3064   ** instruction.  
  3297   3065   */
  3298   3066   case OP_Sequence: {           /* out2-prerelease */
  3299   3067     int i = pOp->p1;
  3300   3068     assert( i>=0 && i<p->nCursor );
  3301   3069     assert( p->apCsr[i]!=0 );
................................................................................
  3305   3073   }
  3306   3074   
  3307   3075   
  3308   3076   /* Opcode: NewRowid P1 P2 P3 * *
  3309   3077   **
  3310   3078   ** Get a new integer record number (a.k.a "rowid") used as the key to a table.
  3311   3079   ** The record number is not previously used as a key in the database
  3312         -** table that cursor P1 points to.  The new record number is pushed 
  3313         -** onto the stack if P2 is 0 or written to register P2 otherwise.
         3080  +** table that cursor P1 points to.  The new record number is written
         3081  +** written to register P2.
  3314   3082   **
  3315   3083   ** If P3>0 then P3 is a register that holds the largest previously
  3316   3084   ** generated record number.  No new record numbers are allowed to be less
  3317   3085   ** than this value.  When this value reaches its maximum, a SQLITE_FULL
  3318   3086   ** error is generated.  The P3 register is updated with the generated
  3319   3087   ** record number.  This P3 mechanism is used to help implement the
  3320   3088   ** AUTOINCREMENT feature.
................................................................................
  3482   3250   ** and register P2 becomes ephemeral.  If the cursor is changed, the
  3483   3251   ** value of register P2 will then change.  Make sure this does not
  3484   3252   ** cause any problems.)
  3485   3253   **
  3486   3254   ** This instruction only works on tables.  The equivalent instruction
  3487   3255   ** for indices is OP_IdxInsert.
  3488   3256   */
  3489         -case OP_Insert: {         /* no-push */
         3257  +case OP_Insert: {
  3490   3258     Mem *pData = &p->aMem[pOp->p2];
  3491   3259     Mem *pKey = &p->aMem[pOp->p3];
  3492   3260   
  3493   3261     int i = pOp->p1;
  3494   3262     Cursor *pC;
  3495   3263     assert( i>=0 && i<p->nCursor );
  3496   3264     assert( p->apCsr[i]!=0 );
................................................................................
  3570   3338   ** a record from within an Next loop.
  3571   3339   **
  3572   3340   ** If the OPFLAG_NCHANGE flag of P2 is set, then the row change count is
  3573   3341   ** incremented (otherwise not).
  3574   3342   **
  3575   3343   ** If P1 is a pseudo-table, then this instruction is a no-op.
  3576   3344   */
  3577         -case OP_Delete: {        /* no-push */
         3345  +case OP_Delete: {
  3578   3346     int i = pOp->p1;
  3579   3347     Cursor *pC;
  3580   3348     assert( i>=0 && i<p->nCursor );
  3581   3349     pC = p->apCsr[i];
  3582   3350     assert( pC!=0 );
  3583   3351     if( pC->pCursor!=0 ){
  3584   3352       i64 iKey;
................................................................................
  3620   3388   /* Opcode: ResetCount P1 * *
  3621   3389   **
  3622   3390   ** This opcode resets the VMs internal change counter to 0. If P1 is true,
  3623   3391   ** then the value of the change counter is copied to the database handle
  3624   3392   ** change counter (returned by subsequent calls to sqlite3_changes())
  3625   3393   ** before it is reset. This is used by trigger programs.
  3626   3394   */
  3627         -case OP_ResetCount: {        /* no-push */
         3395  +case OP_ResetCount: {
  3628   3396     if( pOp->p1 ){
  3629   3397       sqlite3VdbeSetChanges(db, p->nChange);
  3630   3398     }
  3631   3399     p->nChange = 0;
  3632   3400     break;
  3633   3401   }
  3634   3402   
................................................................................
  3642   3410   ** If the cursor is not pointing to a valid row, a NULL value is
  3643   3411   ** written into P2.
  3644   3412   */
  3645   3413   /* Opcode: RowKey P1 P2 * * *
  3646   3414   **
  3647   3415   ** Write into register P2 the complete row key for cursor P1.
  3648   3416   ** There is no interpretation of the data.  
  3649         -** It is just copied onto the stack or into the memory cell exactly as 
         3417  +** The key is copied onto the P3 register exactly as 
  3650   3418   ** it is found in the database file.
  3651   3419   **
  3652   3420   ** If the cursor is not pointing to a valid row, a NULL is
  3653   3421   ** written into P2.
  3654   3422   */
  3655   3423   case OP_RowKey:             /* out2-prerelease */
  3656   3424   case OP_RowData: {          /* out2-prerelease */
................................................................................
  3744   3512       v = keyToInt(v);
  3745   3513     }
  3746   3514     pOut->u.i = v;
  3747   3515     pOut->flags = MEM_Int;
  3748   3516     break;
  3749   3517   }
  3750   3518   
  3751         -/* Opcode: NullRow P1 * *
         3519  +/* Opcode: NullRow P1 * * * *
  3752   3520   **
  3753   3521   ** Move the cursor P1 to a null row.  Any OP_Column operations
  3754         -** that occur while the cursor is on the null row will always push 
  3755         -** a NULL onto the stack.
         3522  +** that occur while the cursor is on the null row will always
         3523  +** write a NULL.
  3756   3524   */
  3757         -case OP_NullRow: {        /* no-push */
         3525  +case OP_NullRow: {
  3758   3526     int i = pOp->p1;
  3759   3527     Cursor *pC;
  3760   3528   
  3761   3529     assert( i>=0 && i<p->nCursor );
  3762   3530     pC = p->apCsr[i];
  3763   3531     assert( pC!=0 );
  3764   3532     pC->nullRow = 1;
  3765   3533     pC->rowidIsValid = 0;
  3766   3534     break;
  3767   3535   }
  3768   3536   
  3769         -/* Opcode: Last P1 P2 *
         3537  +/* Opcode: Last P1 P2 * * *
  3770   3538   **
  3771   3539   ** The next use of the Rowid or Column or Next instruction for P1 
  3772   3540   ** will refer to the last entry in the database table or index.
  3773   3541   ** If the table or index is empty and P2>0, then jump immediately to P2.
  3774   3542   ** If P2 is 0 or if the table or index is not empty, fall through
  3775   3543   ** to the following instruction.
  3776   3544   */
  3777         -case OP_Last: {        /* no-push, jump */
         3545  +case OP_Last: {        /* jump */
  3778   3546     int i = pOp->p1;
  3779   3547     Cursor *pC;
  3780   3548     BtCursor *pCrsr;
  3781   3549   
  3782   3550     assert( i>=0 && i<p->nCursor );
  3783   3551     pC = p->apCsr[i];
  3784   3552     assert( pC!=0 );
................................................................................
  3794   3562     }else{
  3795   3563       pC->nullRow = 0;
  3796   3564     }
  3797   3565     break;
  3798   3566   }
  3799   3567   
  3800   3568   
  3801         -/* Opcode: Sort P1 P2 *
         3569  +/* Opcode: Sort P1 P2 * * *
  3802   3570   **
  3803   3571   ** This opcode does exactly the same thing as OP_Rewind except that
  3804   3572   ** it increments an undocumented global variable used for testing.
  3805   3573   **
  3806   3574   ** Sorting is accomplished by writing records into a sorting index,
  3807   3575   ** then rewinding that index and playing it back from beginning to
  3808   3576   ** end.  We use the OP_Sort opcode instead of OP_Rewind to do the
  3809   3577   ** rewinding so that the global variable will be incremented and
  3810   3578   ** regression tests can determine whether or not the optimizer is
  3811   3579   ** correctly optimizing out sorts.
  3812   3580   */
  3813         -case OP_Sort: {        /* no-push, jump */
         3581  +case OP_Sort: {        /* jump */
  3814   3582   #ifdef SQLITE_TEST
  3815   3583     sqlite3_sort_count++;
  3816   3584     sqlite3_search_count--;
  3817   3585   #endif
  3818   3586     /* Fall through into OP_Rewind */
  3819   3587   }
  3820         -/* Opcode: Rewind P1 P2 *
         3588  +/* Opcode: Rewind P1 P2 * * *
  3821   3589   **
  3822   3590   ** The next use of the Rowid or Column or Next instruction for P1 
  3823   3591   ** will refer to the first entry in the database table or index.
  3824   3592   ** If the table or index is empty and P2>0, then jump immediately to P2.
  3825   3593   ** If P2 is 0 or if the table or index is not empty, fall through
  3826   3594   ** to the following instruction.
  3827   3595   */
  3828         -case OP_Rewind: {        /* no-push, jump */
         3596  +case OP_Rewind: {        /* jump */
  3829   3597     int i = pOp->p1;
  3830   3598     Cursor *pC;
  3831   3599     BtCursor *pCrsr;
  3832   3600     int res;
  3833   3601   
  3834   3602     assert( i>=0 && i<p->nCursor );
  3835   3603     pC = p->apCsr[i];
................................................................................
  3845   3613     pC->nullRow = res;
  3846   3614     if( res && pOp->p2>0 ){
  3847   3615       pc = pOp->p2 - 1;
  3848   3616     }
  3849   3617     break;
  3850   3618   }
  3851   3619   
  3852         -/* Opcode: Next P1 P2 *
         3620  +/* Opcode: Next P1 P2 * * *
  3853   3621   **
  3854   3622   ** Advance cursor P1 so that it points to the next key/data pair in its
  3855   3623   ** table or index.  If there are no more key/value pairs then fall through
  3856   3624   ** to the following instruction.  But if the cursor advance was successful,
  3857   3625   ** jump immediately to P2.
  3858   3626   **
  3859   3627   ** See also: Prev
  3860   3628   */
  3861         -/* Opcode: Prev P1 P2 *
         3629  +/* Opcode: Prev P1 P2 * * *
  3862   3630   **
  3863   3631   ** Back up cursor P1 so that it points to the previous key/data pair in its
  3864   3632   ** table or index.  If there is no previous key/value pairs then fall through
  3865   3633   ** to the following instruction.  But if the cursor backup was successful,
  3866   3634   ** jump immediately to P2.
  3867   3635   */
  3868         -case OP_Prev:          /* no-push, jump */
  3869         -case OP_Next: {        /* no-push, jump */
         3636  +case OP_Prev:          /* jump */
         3637  +case OP_Next: {        /* jump */
  3870   3638     Cursor *pC;
  3871   3639     BtCursor *pCrsr;
  3872   3640   
  3873   3641     CHECK_FOR_INTERRUPT;
  3874   3642     assert( pOp->p1>=0 && pOp->p1<p->nCursor );
  3875   3643     pC = p->apCsr[pOp->p1];
  3876   3644     if( pC==0 ){
................................................................................
  3896   3664     }else{
  3897   3665       pC->nullRow = 1;
  3898   3666     }
  3899   3667     pC->rowidIsValid = 0;
  3900   3668     break;
  3901   3669   }
  3902   3670   
  3903         -/* Opcode: IdxInsert P1 P2 P3
         3671  +/* Opcode: IdxInsert P1 P2 P3 * *
  3904   3672   **
  3905   3673   ** Register P2 holds a SQL index key made using the
  3906   3674   ** MakeIdxRec instructions.  This opcode writes that key
  3907   3675   ** into the index P1.  Data for the entry is nil.
  3908   3676   **
  3909   3677   ** P3 is a flag that provides a hint to the b-tree layer that this
  3910   3678   ** insert is likely to be an append.
  3911   3679   **
  3912   3680   ** This instruction only works for indices.  The equivalent instruction
  3913   3681   ** for tables is OP_Insert.
  3914   3682   */
  3915         -case OP_IdxInsert: {        /* no-push, in2 */
         3683  +case OP_IdxInsert: {        /* in2 */
  3916   3684     int i = pOp->p1;
  3917   3685     Cursor *pC;
  3918   3686     BtCursor *pCrsr;
  3919   3687     assert( i>=0 && i<p->nCursor );
  3920   3688     assert( p->apCsr[i]!=0 );
  3921   3689     assert( pIn2->flags & MEM_Blob );
  3922   3690     if( (pCrsr = (pC = p->apCsr[i])->pCursor)!=0 ){
................................................................................
  3929   3697         assert( pC->deferredMoveto==0 );
  3930   3698         pC->cacheStatus = CACHE_STALE;
  3931   3699       }
  3932   3700     }
  3933   3701     break;
  3934   3702   }
  3935   3703   
  3936         -/* Opcode: IdxDelete P1 P2 *
         3704  +/* Opcode: IdxDelete P1 P2 * * *
  3937   3705   **
  3938   3706   ** The content of register P2 is an index key built using the either the
  3939   3707   ** MakeIdxRec opcode.  Removes that entry from the index.
  3940   3708   */
  3941         -case OP_IdxDelete: {        /* no-push, in2 */
         3709  +case OP_IdxDelete: {        /* in2 */
  3942   3710     int i = pOp->p1;
  3943   3711     Cursor *pC;
  3944   3712     BtCursor *pCrsr;
  3945   3713     assert( pIn2->flags & MEM_Blob );
  3946   3714     assert( i>=0 && i<p->nCursor );
  3947   3715     assert( p->apCsr[i]!=0 );
  3948   3716     if( (pCrsr = (pC = p->apCsr[i])->pCursor)!=0 ){
................................................................................
  4026   3794   ** then jump to P2.  Otherwise fall through to the next instruction.
  4027   3795   **
  4028   3796   ** If P5 is non-zero then the
  4029   3797   ** index taken from register P3 is temporarily increased by
  4030   3798   ** an epsilon prior to the comparison.  This makes the opcode work
  4031   3799   ** like IdxLE.
  4032   3800   */
  4033         -case OP_IdxLT:          /* no-push, jump, in3 */
  4034         -case OP_IdxGT:          /* no-push, jump, in3 */
  4035         -case OP_IdxGE: {        /* no-push, jump, in3 */
         3801  +case OP_IdxLT:          /* jump, in3 */
         3802  +case OP_IdxGT:          /* jump, in3 */
         3803  +case OP_IdxGE: {        /* jump, in3 */
  4036   3804     int i= pOp->p1;
  4037   3805     Cursor *pC;
  4038   3806   
  4039   3807     assert( i>=0 && i<p->nCursor );
  4040   3808     assert( p->apCsr[i]!=0 );
  4041   3809     if( (pC = p->apCsr[i])->pCursor!=0 ){
  4042   3810       int res;
................................................................................
  4072   3840   ** P3==1 then the table to be clear is in the auxiliary database file
  4073   3841   ** that is used to store tables create using CREATE TEMPORARY TABLE.
  4074   3842   **
  4075   3843   ** If AUTOVACUUM is enabled then it is possible that another root page
  4076   3844   ** might be moved into the newly deleted root page in order to keep all
  4077   3845   ** root pages contiguous at the beginning of the database.  The former
  4078   3846   ** value of the root page that moved - its value before the move occurred -
  4079         -** is stored in register P2 or pushed onto the stack if P2==0.  If no page 
         3847  +** is stored in register P2.  If no page 
  4080   3848   ** movement was required (because the table being dropped was already 
  4081   3849   ** the last one in the database) then a zero is stored in register P2.
  4082   3850   ** If AUTOVACUUM is disabled then a zero is stored in register P2.
  4083   3851   **
  4084   3852   ** See also: Clear
  4085   3853   */
  4086   3854   case OP_Destroy: {     /* out2-prerelease */
................................................................................
  4124   3892   **
  4125   3893   ** The table being clear is in the main database file if P2==0.  If
  4126   3894   ** P2==1 then the table to be clear is in the auxiliary database file
  4127   3895   ** that is used to store tables create using CREATE TEMPORARY TABLE.
  4128   3896   **
  4129   3897   ** See also: Destroy
  4130   3898   */
  4131         -case OP_Clear: {        /* no-push */
         3899  +case OP_Clear: {
  4132   3900     assert( (p->btreeMask & (1<<pOp->p2))!=0 );
  4133   3901     rc = sqlite3BtreeClearTable(db->aDb[pOp->p2].pBt, pOp->p1);
  4134   3902     break;
  4135   3903   }
  4136   3904   
  4137   3905   /* Opcode: CreateTable P1 P2 * * *
  4138   3906   **
  4139   3907   ** Allocate a new table in the main database file if P1==0 or in the
  4140   3908   ** auxiliary database file if P1==1 or in an attached database if
  4141   3909   ** P1>1.  Write the root page number of the new table into
  4142         -** register P2 or push it onto the stack if P2==0.
         3910  +** register P2
  4143   3911   **
  4144   3912   ** The difference between a table and an index is this:  A table must
  4145   3913   ** have a 4-byte integer key and can have arbitrary data.  An index
  4146   3914   ** has an arbitrary key but no data.
  4147   3915   **
  4148   3916   ** See also: CreateIndex
  4149   3917   */
  4150   3918   /* Opcode: CreateIndex P1 P2 * * *
  4151   3919   **
  4152   3920   ** Allocate a new index in the main database file if P1==0 or in the
  4153   3921   ** auxiliary database file if P1==1 or in an attached database if
  4154   3922   ** P1>1.  Write the root page number of the new table into
  4155         -** register P2 or push it onto the stack if P2==0.
         3923  +** register P2.
  4156   3924   **
  4157   3925   ** See documentation on OP_CreateTable for additional information.
  4158   3926   */
  4159   3927   case OP_CreateIndex:            /* out2-prerelease */
  4160   3928   case OP_CreateTable: {          /* out2-prerelease */
  4161   3929     int pgno;
  4162   3930     int flags;
................................................................................
  4187   3955   ** no-op if the schema is not currently loaded.  In other words, if P2
  4188   3956   ** is false, the SQLITE_MASTER table is only parsed if the rest of the
  4189   3957   ** schema is already loaded into the symbol table.
  4190   3958   **
  4191   3959   ** This opcode invokes the parser to create a new virtual machine,
  4192   3960   ** then runs the new virtual machine.  It is thus a reentrant opcode.
  4193   3961   */
  4194         -case OP_ParseSchema: {        /* no-push */
         3962  +case OP_ParseSchema: {
  4195   3963     char *zSql;
  4196   3964     int iDb = pOp->p1;
  4197   3965     const char *zMaster;
  4198   3966     InitData initData;
  4199   3967   
  4200   3968     assert( iDb>=0 && iDb<db->nDb );
  4201   3969     if( !pOp->p2 && !DbHasProperty(db, iDb, DB_SchemaLoaded) ){
................................................................................
  4227   3995   #if !defined(SQLITE_OMIT_ANALYZE) && !defined(SQLITE_OMIT_PARSER)
  4228   3996   /* Opcode: LoadAnalysis P1 * * * *
  4229   3997   **
  4230   3998   ** Read the sqlite_stat1 table for database P1 and load the content
  4231   3999   ** of that table into the internal index hash table.  This will cause
  4232   4000   ** the analysis to be used when preparing all subsequent queries.
  4233   4001   */
  4234         -case OP_LoadAnalysis: {        /* no-push */
         4002  +case OP_LoadAnalysis: {
  4235   4003     int iDb = pOp->p1;
  4236   4004     assert( iDb>=0 && iDb<db->nDb );
  4237   4005     rc = sqlite3AnalysisLoad(db, iDb);
  4238   4006     break;  
  4239   4007   }
  4240   4008   #endif /* !defined(SQLITE_OMIT_ANALYZE) && !defined(SQLITE_OMIT_PARSER)  */
  4241   4009   
................................................................................
  4242   4010   /* Opcode: DropTable P1 * * P4 *
  4243   4011   **
  4244   4012   ** Remove the internal (in-memory) data structures that describe
  4245   4013   ** the table named P4 in database P1.  This is called after a table
  4246   4014   ** is dropped in order to keep the internal representation of the
  4247   4015   ** schema consistent with what is on disk.
  4248   4016   */
  4249         -case OP_DropTable: {        /* no-push */
         4017  +case OP_DropTable: {
  4250   4018     sqlite3UnlinkAndDeleteTable(db, pOp->p1, pOp->p4.z);
  4251   4019     break;
  4252   4020   }
  4253   4021   
  4254   4022   /* Opcode: DropIndex P1 * * P4 *
  4255   4023   **
  4256   4024   ** Remove the internal (in-memory) data structures that describe
  4257   4025   ** the index named P4 in database P1.  This is called after an index
  4258   4026   ** is dropped in order to keep the internal representation of the
  4259   4027   ** schema consistent with what is on disk.
  4260   4028   */
  4261         -case OP_DropIndex: {        /* no-push */
         4029  +case OP_DropIndex: {
  4262   4030     sqlite3UnlinkAndDeleteIndex(db, pOp->p1, pOp->p4.z);
  4263   4031     break;
  4264   4032   }
  4265   4033   
  4266   4034   /* Opcode: DropTrigger P1 * * P4 *
  4267   4035   **
  4268   4036   ** Remove the internal (in-memory) data structures that describe
  4269   4037   ** the trigger named P4 in database P1.  This is called after a trigger
  4270   4038   ** is dropped in order to keep the internal representation of the
  4271   4039   ** schema consistent with what is on disk.
  4272   4040   */
  4273         -case OP_DropTrigger: {        /* no-push */
         4041  +case OP_DropTrigger: {
  4274   4042     sqlite3UnlinkAndDeleteTrigger(db, pOp->p1, pOp->p4.z);
  4275   4043     break;
  4276   4044   }
  4277   4045   
  4278   4046   
  4279   4047   #ifndef SQLITE_OMIT_INTEGRITY_CHECK
  4280   4048   /* Opcode: IntegrityCk P1 P2 P3 * P5
................................................................................
  4341   4109   }
  4342   4110   #endif /* SQLITE_OMIT_INTEGRITY_CHECK */
  4343   4111   
  4344   4112   /* Opcode: FifoWrite P1 * * * *
  4345   4113   **
  4346   4114   ** Write the integer from register P1 into the Fifo.
  4347   4115   */
  4348         -case OP_FifoWrite: {        /* no-push, in1 */
         4116  +case OP_FifoWrite: {        /* in1 */
  4349   4117     if( sqlite3VdbeFifoPush(&p->sFifo, sqlite3VdbeIntValue(pIn1))==SQLITE_NOMEM ){
  4350   4118       goto no_mem;
  4351   4119     }
  4352   4120     break;
  4353   4121   }
  4354   4122   
  4355   4123   /* Opcode: FifoRead P1 P2 * * *
................................................................................
  4374   4142   #ifndef SQLITE_OMIT_TRIGGER
  4375   4143   /* Opcode: ContextPush * * * 
  4376   4144   **
  4377   4145   ** Save the current Vdbe context such that it can be restored by a ContextPop
  4378   4146   ** opcode. The context stores the last insert row id, the last statement change
  4379   4147   ** count, and the current statement change count.
  4380   4148   */
  4381         -case OP_ContextPush: {        /* no-push */
         4149  +case OP_ContextPush: {
  4382   4150     int i = p->contextStackTop++;
  4383   4151     Context *pContext;
  4384   4152   
  4385   4153     assert( i>=0 );
  4386   4154     /* FIX ME: This should be allocated as part of the vdbe at compile-time */
  4387   4155     if( i>=p->contextStackDepth ){
  4388   4156       p->contextStackDepth = i+1;
................................................................................
  4400   4168   
  4401   4169   /* Opcode: ContextPop * * * 
  4402   4170   **
  4403   4171   ** Restore the Vdbe context to the state it was in when contextPush was last
  4404   4172   ** executed. The context stores the last insert row id, the last statement
  4405   4173   ** change count, and the current statement change count.
  4406   4174   */
  4407         -case OP_ContextPop: {        /* no-push */
         4175  +case OP_ContextPop: {
  4408   4176     Context *pContext = &p->contextStack[--p->contextStackTop];
  4409   4177     assert( p->contextStackTop>=0 );
  4410   4178     db->lastRowid = pContext->lastRowid;
  4411   4179     p->nChange = pContext->nChange;
  4412   4180     sqlite3VdbeFifoClear(&p->sFifo);
  4413   4181     p->sFifo = pContext->sFifo;
  4414   4182     break;
................................................................................
  4420   4188   **
  4421   4189   ** Set the value of register P1 to the maximum of its current value
  4422   4190   ** and the value in register P2.
  4423   4191   **
  4424   4192   ** This instruction throws an error if the memory cell is not initially
  4425   4193   ** an integer.
  4426   4194   */
  4427         -case OP_MemMax: {        /* no-push, in1, in2 */
         4195  +case OP_MemMax: {        /* in1, in2 */
  4428   4196     sqlite3VdbeMemIntegerify(pIn1);
  4429   4197     sqlite3VdbeMemIntegerify(pIn2);
  4430   4198     if( pIn1->u.i<pIn2->u.i){
  4431   4199       pIn1->u.i = pIn2->u.i;
  4432   4200     }
  4433         -  nPop = 0;
  4434   4201     break;
  4435   4202   }
  4436   4203   #endif /* SQLITE_OMIT_AUTOINCREMENT */
  4437   4204   
  4438   4205   /* Opcode: IfPos P1 P2 * * *
  4439   4206   **
  4440   4207   ** If the value of register P1 is 1 or greater, jump to P2.
  4441   4208   **
  4442   4209   ** It is illegal to use this instruction on a register that does
  4443   4210   ** not contain an integer.  An assertion fault will result if you try.
  4444   4211   */
  4445         -case OP_IfPos: {        /* no-push, jump, in1 */
         4212  +case OP_IfPos: {        /* jump, in1 */
  4446   4213     assert( pIn1->flags==MEM_Int );
  4447   4214     if( pIn1->u.i>0 ){
  4448   4215        pc = pOp->p2 - 1;
  4449   4216     }
  4450   4217     break;
  4451   4218   }
  4452   4219   
................................................................................
  4453   4220   /* Opcode: IfNeg P1 P2 * * *
  4454   4221   **
  4455   4222   ** If the value of register P1 is less than zero, jump to P2. 
  4456   4223   **
  4457   4224   ** It is illegal to use this instruction on a register that does
  4458   4225   ** not contain an integer.  An assertion fault will result if you try.
  4459   4226   */
  4460         -case OP_IfNeg: {        /* no-push, jump, in1 */
         4227  +case OP_IfNeg: {        /* jump, in1 */
  4461   4228     assert( pIn1->flags==MEM_Int );
  4462   4229     if( pIn1->u.i<0 ){
  4463   4230        pc = pOp->p2 - 1;
  4464   4231     }
  4465   4232     break;
  4466   4233   }
  4467   4234   
................................................................................
  4468   4235   /* Opcode: IfZero P1 P2 * * *
  4469   4236   **
  4470   4237   ** If the value of register P1 is exactly 0, jump to P2. 
  4471   4238   **
  4472   4239   ** It is illegal to use this instruction on a register that does
  4473   4240   ** not contain an integer.  An assertion fault will result if you try.
  4474   4241   */
  4475         -case OP_IfZero: {        /* no-push, jump, in1 */
         4242  +case OP_IfZero: {        /* jump, in1 */
  4476   4243     assert( pIn1->flags==MEM_Int );
  4477   4244     if( pIn1->u.i==0 ){
  4478   4245        pc = pOp->p2 - 1;
  4479   4246     }
  4480   4247     break;
  4481   4248   }
  4482   4249   
................................................................................
  4486   4253   ** function has P5 arguments.   P4 is a pointer to the FuncDef
  4487   4254   ** structure that specifies the function.  Use register
  4488   4255   ** P3 as the accumulator.
  4489   4256   **
  4490   4257   ** The P5 arguments are taken from register P2 and its
  4491   4258   ** successors.
  4492   4259   */
  4493         -case OP_AggStep: {        /* no-push */
         4260  +case OP_AggStep: {
  4494   4261     int n = pOp->p5;
  4495   4262     int i;
  4496   4263     Mem *pMem, *pRec;
  4497   4264     sqlite3_context ctx;
  4498   4265     sqlite3_value **apVal;
  4499   4266   
  4500   4267     assert( n>=0 );
................................................................................
  4538   4305   ** P2 is the number of arguments that the step function takes and
  4539   4306   ** P4 is a pointer to the FuncDef for this function.  The P2
  4540   4307   ** argument is not used by this opcode.  It is only there to disambiguate
  4541   4308   ** functions that can take varying numbers of arguments.  The
  4542   4309   ** P4 argument is only needed for the degenerate case where
  4543   4310   ** the step function was not previously called.
  4544   4311   */
  4545         -case OP_AggFinal: {        /* no-push */
         4312  +case OP_AggFinal: {
  4546   4313     Mem *pMem;
  4547   4314     assert( pOp->p1>0 && pOp->p1<=p->nMem );
  4548   4315     pMem = &p->aMem[pOp->p1];
  4549   4316     assert( (pMem->flags & ~(MEM_Null|MEM_Agg))==0 );
  4550   4317     rc = sqlite3VdbeMemFinalize(pMem, pOp->p4.pFunc);
  4551   4318     if( rc==SQLITE_ERROR ){
  4552   4319       sqlite3SetString(&p->zErrMsg, sqlite3_value_text(pMem), (char*)0);
................................................................................
  4562   4329   #if !defined(SQLITE_OMIT_VACUUM) && !defined(SQLITE_OMIT_ATTACH)
  4563   4330   /* Opcode: Vacuum * * * * *
  4564   4331   **
  4565   4332   ** Vacuum the entire database.  This opcode will cause other virtual
  4566   4333   ** machines to be created and run.  It may not be called from within
  4567   4334   ** a transaction.
  4568   4335   */
  4569         -case OP_Vacuum: {        /* no-push */
         4336  +case OP_Vacuum: {
  4570   4337     if( sqlite3SafetyOff(db) ) goto abort_due_to_misuse; 
  4571   4338     rc = sqlite3RunVacuum(&p->zErrMsg, db);
  4572   4339     if( sqlite3SafetyOn(db) ) goto abort_due_to_misuse;
  4573   4340     break;
  4574   4341   }
  4575   4342   #endif
  4576   4343   
................................................................................
  4577   4344   #if !defined(SQLITE_OMIT_AUTOVACUUM)
  4578   4345   /* Opcode: IncrVacuum P1 P2 * * *
  4579   4346   **
  4580   4347   ** Perform a single step of the incremental vacuum procedure on
  4581   4348   ** the P1 database. If the vacuum has finished, jump to instruction
  4582   4349   ** P2. Otherwise, fall through to the next instruction.
  4583   4350   */
  4584         -case OP_IncrVacuum: {        /* no-push, jump */
         4351  +case OP_IncrVacuum: {        /* jump */
  4585   4352     Btree *pBt;
  4586   4353   
  4587   4354     assert( pOp->p1>=0 && pOp->p1<db->nDb );
  4588   4355     assert( (p->btreeMask & (1<<pOp->p1))!=0 );
  4589   4356     pBt = db->aDb[pOp->p1].pBt;
  4590   4357     rc = sqlite3BtreeIncrVacuum(pBt);
  4591   4358     if( rc==SQLITE_DONE ){
................................................................................
  4601   4368   ** Cause precompiled statements to become expired. An expired statement
  4602   4369   ** fails with an error code of SQLITE_SCHEMA if it is ever executed 
  4603   4370   ** (via sqlite3_step()).
  4604   4371   ** 
  4605   4372   ** If P1 is 0, then all SQL statements become expired. If P1 is non-zero,
  4606   4373   ** then only the currently executing statement is affected. 
  4607   4374   */
  4608         -case OP_Expire: {        /* no-push */
         4375  +case OP_Expire: {
  4609   4376     if( !pOp->p1 ){
  4610   4377       sqlite3ExpirePreparedStatements(db);
  4611   4378     }else{
  4612   4379       p->expired = 1;
  4613   4380     }
  4614   4381     break;
  4615   4382   }
................................................................................
  4627   4394   ** required. 
  4628   4395   **
  4629   4396   ** P2 contains the root-page of the table to lock.
  4630   4397   **
  4631   4398   ** P4 contains a pointer to the name of the table being locked. This is only
  4632   4399   ** used to generate an error message if the lock cannot be obtained.
  4633   4400   */
  4634         -case OP_TableLock: {        /* no-push */
         4401  +case OP_TableLock: {
  4635   4402     int p1 = pOp->p1; 
  4636   4403     u8 isWriteLock = (p1<0);
  4637   4404     if( isWriteLock ){
  4638   4405       p1 = (-1*p1)-1;
  4639   4406     }
  4640   4407     assert( p1>=0 && p1<db->nDb );
  4641   4408     assert( (p->btreeMask & (1<<p1))!=0 );
................................................................................
  4650   4417   
  4651   4418   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4652   4419   /* Opcode: VBegin * * * P4 *
  4653   4420   **
  4654   4421   ** P4 a pointer to an sqlite3_vtab structure. Call the xBegin method 
  4655   4422   ** for that table.
  4656   4423   */
  4657         -case OP_VBegin: {   /* no-push */
         4424  +case OP_VBegin: {
  4658   4425     rc = sqlite3VtabBegin(db, pOp->p4.pVtab);
  4659   4426     break;
  4660   4427   }
  4661   4428   #endif /* SQLITE_OMIT_VIRTUALTABLE */
  4662   4429   
  4663   4430   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4664   4431   /* Opcode: VCreate P1 * * P4 *
  4665   4432   **
  4666   4433   ** P4 is the name of a virtual table in database P1. Call the xCreate method
  4667   4434   ** for that table.
  4668   4435   */
  4669         -case OP_VCreate: {   /* no-push */
         4436  +case OP_VCreate: {
  4670   4437     rc = sqlite3VtabCallCreate(db, pOp->p1, pOp->p4.z, &p->zErrMsg);
  4671   4438     break;
  4672   4439   }
  4673   4440   #endif /* SQLITE_OMIT_VIRTUALTABLE */
  4674   4441   
  4675   4442   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4676   4443   /* Opcode: VDestroy P1 * * P4 *
  4677   4444   **
  4678   4445   ** P4 is the name of a virtual table in database P1.  Call the xDestroy method
  4679   4446   ** of that table.
  4680   4447   */
  4681         -case OP_VDestroy: {   /* no-push */
         4448  +case OP_VDestroy: {
  4682   4449     p->inVtabMethod = 2;
  4683   4450     rc = sqlite3VtabCallDestroy(db, pOp->p1, pOp->p4.z);
  4684   4451     p->inVtabMethod = 0;
  4685   4452     break;
  4686   4453   }
  4687   4454   #endif /* SQLITE_OMIT_VIRTUALTABLE */
  4688   4455   
................................................................................
  4689   4456   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4690   4457   /* Opcode: VOpen P1 * * P4 *
  4691   4458   **
  4692   4459   ** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
  4693   4460   ** P1 is a cursor number.  This opcode opens a cursor to the virtual
  4694   4461   ** table and stores that cursor in P1.
  4695   4462   */
  4696         -case OP_VOpen: {   /* no-push */
         4463  +case OP_VOpen: {
  4697   4464     Cursor *pCur = 0;
  4698   4465     sqlite3_vtab_cursor *pVtabCursor = 0;
  4699   4466   
  4700   4467     sqlite3_vtab *pVtab = pOp->p4.pVtab;
  4701   4468     sqlite3_module *pModule = (sqlite3_module *)pVtab->pModule;
  4702   4469   
  4703   4470     assert(pVtab && pModule);
................................................................................
  4737   4504   ** P3. Register P3+1 stores the argc parameter to be passed to the
  4738   4505   ** xFilter method. Registers P3+2..P3+1+argc are the argc additional
  4739   4506   ** parametersneath additional parameters which are passed to
  4740   4507   ** xFilter as argv. Register P3+2 becomes argv[0] when passed to xFilter.
  4741   4508   **
  4742   4509   ** A jump is made to P2 if the result set after filtering would be empty.
  4743   4510   */
  4744         -case OP_VFilter: {   /* no-push, jump */
         4511  +case OP_VFilter: {   /* jump */
  4745   4512     int nArg;
  4746   4513     int iQuery;
  4747   4514     const sqlite3_module *pModule;
  4748   4515     Mem *pQuery = &p->aMem[pOp->p3];
  4749   4516     Mem *pArgc = &pQuery[1];
  4750   4517   
  4751   4518     Cursor *pCur = p->apCsr[pOp->p1];
  4752   4519   
  4753   4520     REGISTER_TRACE(pOp->p3, pQuery);
  4754   4521     assert( pCur->pVtabCursor );
  4755   4522     pModule = pCur->pVtabCursor->pVtab->pModule;
  4756   4523   
  4757         -  /* Grab the index number and argc parameters off the top of the stack. */
         4524  +  /* Grab the index number and argc parameters */
  4758   4525     assert( (pQuery->flags&MEM_Int)!=0 && pArgc->flags==MEM_Int );
  4759   4526     nArg = pArgc->u.i;
  4760   4527     iQuery = pQuery->u.i;
  4761   4528   
  4762   4529     /* Invoke the xFilter method */
  4763   4530     {
  4764   4531       int res = 0;
................................................................................
  4788   4555   #endif /* SQLITE_OMIT_VIRTUALTABLE */
  4789   4556   
  4790   4557   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4791   4558   /* Opcode: VRowid P1 P2 * * *
  4792   4559   **
  4793   4560   ** Store into register P2  the rowid of
  4794   4561   ** the virtual-table that the P1 cursor is pointing to.
  4795         -** If P2==0, push the value onto the stack.
  4796   4562   */
  4797   4563   case OP_VRowid: {             /* out2-prerelease */
  4798   4564     const sqlite3_module *pModule;
  4799   4565   
  4800   4566     Cursor *pCur = p->apCsr[pOp->p1];
  4801   4567     assert( pCur->pVtabCursor );
  4802   4568     pModule = pCur->pVtabCursor->pVtab->pModule;
................................................................................
  4819   4585   
  4820   4586   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4821   4587   /* Opcode: VColumn P1 P2 P3 * *
  4822   4588   **
  4823   4589   ** Store the value of the P2-th column of
  4824   4590   ** the row of the virtual-table that the 
  4825   4591   ** P1 cursor is pointing to into register P3.
  4826         -** Or if P3==0 push the value onto the stack.
  4827   4592   */
  4828   4593   case OP_VColumn: {
  4829   4594     const sqlite3_module *pModule;
  4830   4595   
  4831   4596     Cursor *pCur = p->apCsr[pOp->p1];
  4832   4597     assert( pCur->pVtabCursor );
  4833   4598     pModule = pCur->pVtabCursor->pVtab->pModule;
................................................................................
  4839   4604       sqlite3_context sContext;
  4840   4605       memset(&sContext, 0, sizeof(sContext));
  4841   4606       sContext.s.flags = MEM_Null;
  4842   4607       sContext.s.db = db;
  4843   4608       if( sqlite3SafetyOff(db) ) goto abort_due_to_misuse;
  4844   4609       rc = pModule->xColumn(pCur->pVtabCursor, &sContext, pOp->p2);
  4845   4610   
  4846         -    /* Copy the result of the function to the top of the stack. We
         4611  +    /* Copy the result of the function to the P3 register. We
  4847   4612       ** do this regardless of whether or not an error occured to ensure any
  4848   4613       ** dynamic allocation in sContext.s (a Mem struct) is  released.
  4849   4614       */
  4850   4615       sqlite3VdbeChangeEncoding(&sContext.s, encoding);
  4851         -    if( pOp->p3>0 ){
  4852         -      assert( pOp->p3<=p->nMem );
  4853         -      pDest = &p->aMem[pOp->p3];
  4854         -      REGISTER_TRACE(pOp->p3, pDest);
  4855         -    }else{
  4856         -      pDest = ++pTos;
  4857         -      pDest->flags = 0;
  4858         -    }
         4616  +    assert( pOp->p3>0 && pOp->p3<=p->nMem );
         4617  +    pDest = &p->aMem[pOp->p3];
         4618  +    REGISTER_TRACE(pOp->p3, pDest);
  4859   4619       sqlite3VdbeMemMove(pDest, &sContext.s);
  4860   4620       UPDATE_MAX_BLOBSIZE(pDest);
  4861   4621   
  4862   4622       if( sqlite3SafetyOn(db) ){
  4863   4623         goto abort_due_to_misuse;
  4864   4624       }
  4865   4625       if( sqlite3VdbeMemTooBig(pDest) ){
................................................................................
  4874   4634   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4875   4635   /* Opcode: VNext P1 P2 * * *
  4876   4636   **
  4877   4637   ** Advance virtual table P1 to the next row in its result set and
  4878   4638   ** jump to instruction P2.  Or, if the virtual table has reached
  4879   4639   ** the end of its result set, then fall through to the next instruction.
  4880   4640   */
  4881         -case OP_VNext: {   /* no-push, jump */
         4641  +case OP_VNext: {   /* jump */
  4882   4642     const sqlite3_module *pModule;
  4883   4643     int res = 0;
  4884   4644   
  4885   4645     Cursor *pCur = p->apCsr[pOp->p1];
  4886   4646     assert( pCur->pVtabCursor );
  4887   4647     pModule = pCur->pVtabCursor->pVtab->pModule;
  4888   4648     if( pModule->xNext==0 ){
................................................................................
  4917   4677   #ifndef SQLITE_OMIT_VIRTUALTABLE
  4918   4678   /* Opcode: VRename P1 * * P4 *
  4919   4679   **
  4920   4680   ** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
  4921   4681   ** This opcode invokes the corresponding xRename method. The value
  4922   4682   ** in register P1 is passed as the zName argument to the xRename method.
  4923   4683   */
  4924         -case OP_VRename: {   /* no-push */
         4684  +case OP_VRename: {
  4925   4685     sqlite3_vtab *pVtab = pOp->p4.pVtab;
  4926   4686     Mem *pName = &p->aMem[pOp->p1];
  4927   4687     assert( pVtab->pModule->xRename );
  4928   4688     REGISTER_TRACE(pOp->p1, pName);
  4929   4689   
  4930   4690     Stringify(pName, encoding);
  4931   4691   
................................................................................
  4959   4719   ** If P2==1 then no insert is performed.  argv[0] is the rowid of
  4960   4720   ** a row to delete.
  4961   4721   **
  4962   4722   ** P1 is a boolean flag. If it is set to true and the xUpdate call
  4963   4723   ** is successful, then the value returned by sqlite3_last_insert_rowid() 
  4964   4724   ** is set to the value of the rowid for the row just inserted.
  4965   4725   */
  4966         -case OP_VUpdate: {   /* no-push */
         4726  +case OP_VUpdate: {
  4967   4727     sqlite3_vtab *pVtab = pOp->p4.pVtab;
  4968   4728     sqlite3_module *pModule = (sqlite3_module *)pVtab->pModule;
  4969   4729     int nArg = pOp->p2;
  4970   4730     assert( pOp->p4type==P4_VTAB );
  4971   4731     if( pModule->xUpdate==0 ){
  4972   4732       sqlite3SetString(&p->zErrMsg, "read-only table", 0);
  4973   4733       rc = SQLITE_ERROR;
................................................................................
  5027   4787   ** The cases of the switch statement above this line should all be indented
  5028   4788   ** by 6 spaces.  But the left-most 6 spaces have been removed to improve the
  5029   4789   ** readability.  From this point on down, the normal indentation rules are
  5030   4790   ** restored.
  5031   4791   *****************************************************************************/
  5032   4792       }
  5033   4793   
  5034         -    /* Pop the stack if necessary */
  5035         -    if( nPop ){
  5036         -      popStack(&pTos, nPop);
  5037         -      nPop = 0;
  5038         -    }
  5039         -
  5040         -    /* Make sure the stack limit was not exceeded */
  5041         -    assert( pTos>=&p->aStack[-1] && pTos<=pStackLimit );
  5042         -
  5043   4794   #ifdef VDBE_PROFILE
  5044   4795       {
  5045   4796         long long elapse = hwtime() - start;
  5046   4797         pOp->cycles += elapse;
  5047   4798         pOp->cnt++;
  5048   4799   #if 0
  5049   4800           fprintf(stdout, "%10lld ", elapse);
................................................................................
  5054   4805   
  5055   4806       /* The following code adds nothing to the actual functionality
  5056   4807       ** of the program.  It is only here for testing and debugging.
  5057   4808       ** On the other hand, it does burn CPU cycles every time through
  5058   4809       ** the evaluator loop.  So we can leave it out when NDEBUG is defined.
  5059   4810       */
  5060   4811   #ifndef NDEBUG
  5061         -    /* Sanity checking on the top element of the stack. If the previous
  5062         -    ** instruction was VNoChange, then the flags field of the top
  5063         -    ** of the stack is set to 0. This is technically invalid for a memory
  5064         -    ** cell, so avoid calling MemSanity() in this case.
  5065         -    */
  5066         -    if( pTos>=p->aStack && pTos->flags ){
  5067         -      assert( pTos->db==db );
  5068         -      sqlite3VdbeMemSanity(pTos);
  5069         -      assert( !sqlite3VdbeMemTooBig(pTos) );
  5070         -    }
  5071   4812       assert( pc>=-1 && pc<p->nOp );
  5072   4813   
  5073   4814   #ifdef SQLITE_DEBUG
  5074         -    /* Code for tracing the vdbe stack. */
  5075   4815       if( p->trace ){
  5076   4816         if( rc!=0 ) fprintf(p->trace,"rc=%d\n",rc);
  5077   4817         if( (opProperty&(OPFLG_OUT2_PRERELEASE|OPFLG_OUT2))!=0 && pOp->p2>0 ){
  5078   4818           registerTrace(p->trace, pOp->p2, pOut);
  5079   4819         }
  5080   4820         if( (opProperty&OPFLG_OUT3)!=0 && pOp->p3>0 ){
  5081   4821           registerTrace(p->trace, pOp->p3, pOut);
  5082   4822         }
  5083         -      if( pTos>=p->aStack ){
  5084         -        int i;
  5085         -        fprintf(p->trace, "Stack:");
  5086         -        for(i=0; i>-5 && &pTos[i]>=p->aStack; i--){
  5087         -          memTracePrint(p->trace, &pTos[i]);
  5088         -        }
  5089         -        fprintf(p->trace,"\n");
  5090         -      }
  5091   4823       }
  5092   4824   #endif  /* SQLITE_DEBUG */
  5093   4825   #endif  /* NDEBUG */
  5094   4826     }  /* The end of the for(;;) loop the loops through opcodes */
  5095   4827   
  5096   4828     /* If we reach this point, it means that execution is finished.
  5097   4829     */
................................................................................
  5099   4831     if( rc ){
  5100   4832       p->rc = rc;
  5101   4833       rc = SQLITE_ERROR;
  5102   4834     }else{
  5103   4835       rc = SQLITE_DONE;
  5104   4836     }
  5105   4837     sqlite3VdbeHalt(p);
  5106         -  p->pTos = pTos;
  5107   4838   
  5108   4839     /* This is the only way out of this procedure.  We have to
  5109   4840     ** release the mutexes on btrees that were acquired at the
  5110   4841     ** top. */
  5111   4842   vdbe_return:
  5112   4843     sqlite3BtreeMutexArrayLeave(&p->aMutex);
  5113   4844     return rc;

Changes to src/vdbeInt.h.

   287    287     Vdbe *pPrev,*pNext; /* Linked list of VDBEs with the same Vdbe.db */
   288    288     int nOp;            /* Number of instructions in the program */
   289    289     int nOpAlloc;       /* Number of slots allocated for aOp[] */
   290    290     Op *aOp;            /* Space to hold the virtual machine's program */
   291    291     int nLabel;         /* Number of labels used */
   292    292     int nLabelAlloc;    /* Number of slots allocated in aLabel[] */
   293    293     int *aLabel;        /* Space to hold the labels */
   294         -  Mem *aStack;        /* The operand stack, except string values */
   295         -  Mem *pTos;          /* Top entry in the operand stack */
   296    294     Mem **apArg;        /* Arguments to currently executing user function */
   297    295     Mem *aColName;      /* Column names to return */
   298    296     int nCursor;        /* Number of slots in apCsr[] */
   299    297     Cursor **apCsr;     /* One element of this array for each open cursor */
   300    298     int nVar;           /* Number of entries in aVar[] */
   301    299     Mem *aVar;          /* Values for the OP_Variable opcode. */
   302    300     char **azVar;       /* Name of variables */
................................................................................
   315    313     unsigned uniqueCnt;     /* Used by OP_MakeRecord when P2!=0 */
   316    314     int errorAction;        /* Recovery action to do in case of an error */
   317    315     int inTempTrans;        /* True if temp database is transactioned */
   318    316     int returnStack[25];    /* Return address stack for OP_Gosub & OP_Return */
   319    317     int returnDepth;        /* Next unused element in returnStack[] */
   320    318     int nResColumn;         /* Number of columns in one row of the result set */
   321    319     char **azResColumn;     /* Values for one row of result */ 
   322         -  int popStack;           /* Pop the stack this much on entry to VdbeExec() */
   323    320     char *zErrMsg;          /* Error message written here */
   324    321     Mem *pResultSet;        /* Pointer to an array of results */
   325    322     u8 explain;             /* True if EXPLAIN present on SQL command */
   326    323     u8 changeCntOn;         /* True to update the change-counter */
   327    324     u8 aborted;             /* True if ROLLBACK in another VM causes an abort */
   328    325     u8 expired;             /* True if the VM needs to be recompiled */
   329    326     u8 minWriteFileFormat;  /* Minimum file format for writable database files */

Changes to src/vdbeaux.c.

   229    229     assert( j>=0 && j<p->nLabel );
   230    230     if( p->aLabel ){
   231    231       p->aLabel[j] = p->nOp;
   232    232     }
   233    233   }
   234    234   
   235    235   /*
   236         -** Loop through the program looking for P2 values that are negative.
   237         -** Each such value is a label.  Resolve the label by setting the P2
   238         -** value to its correct non-zero value.
          236  +** Loop through the program looking for P2 values that are negative
          237  +** on jump instructions.  Each such value is a label.  Resolve the
          238  +** label by setting the P2 value to its correct non-zero value.
   239    239   **
   240    240   ** This routine is called once after all opcodes have been inserted.
   241    241   **
   242    242   ** Variable *pMaxFuncArgs is set to the maximum value of any P2 argument 
   243    243   ** to an OP_Function, OP_AggStep or OP_VFilter opcode. This is used by 
   244    244   ** sqlite3VdbeMakeReady() to size the Vdbe.apArg[] array.
   245    245   **
   246         -** The integer *pMaxStack is set to the maximum number of vdbe stack
   247         -** entries that static analysis reveals this program might need.
   248         -**
   249    246   ** This routine also does the following optimization:  It scans for
   250    247   ** instructions that might cause a statement rollback.  Such instructions
   251    248   ** are:
   252    249   **
   253    250   **   *  OP_Halt with P1=SQLITE_CONSTRAINT and P2=OE_Abort.
   254    251   **   *  OP_Destroy
   255    252   **   *  OP_VUpdate
   256    253   **   *  OP_VRename
   257    254   **
   258    255   ** If no such instruction is found, then every Statement instruction 
   259    256   ** is changed to a Noop.  In this way, we avoid creating the statement 
   260    257   ** journal file unnecessarily.
   261    258   */
   262         -static void resolveP2Values(Vdbe *p, int *pMaxFuncArgs, int *pMaxStack){
          259  +static void resolveP2Values(Vdbe *p, int *pMaxFuncArgs){
   263    260     int i;
   264    261     int nMaxArgs = 0;
   265         -  int nMaxStack = p->nOp;
   266    262     Op *pOp;
   267    263     int *aLabel = p->aLabel;
   268    264     int doesStatementRollback = 0;
   269    265     int hasStatementBegin = 0;
   270    266     for(pOp=p->aOp, i=p->nOp-1; i>=0; i--, pOp++){
   271    267       u8 opcode = pOp->opcode;
   272    268   
................................................................................
   294    290         int n;
   295    291         assert( p->nOp - i >= 3 );
   296    292         assert( pOp[-1].opcode==OP_Integer );
   297    293         n = pOp[-1].p1;
   298    294         if( n>nMaxArgs ) nMaxArgs = n;
   299    295   #endif
   300    296       }
   301         -    if( !sqlite3VdbeOpcodeHasProperty(opcode, OPFLG_PUSH) ){
   302         -      nMaxStack--;
   303         -    }
   304    297   
   305    298       if( sqlite3VdbeOpcodeHasProperty(opcode, OPFLG_JUMP) && pOp->p2<0 ){
   306    299         assert( -1-pOp->p2<p->nLabel );
   307    300         pOp->p2 = aLabel[-1-pOp->p2];
   308    301       }
   309    302     }
   310    303     sqlite3_free(p->aLabel);
   311    304     p->aLabel = 0;
   312    305   
   313    306     *pMaxFuncArgs = nMaxArgs;
   314         -  *pMaxStack = nMaxStack;
   315    307   
   316    308     /* If we never rollback a statement transaction, then statement
   317    309     ** transactions are not needed.  So change every OP_Statement
   318    310     ** opcode into an OP_Noop.  This avoid a call to sqlite3OsOpenExclusive()
   319    311     ** which can be expensive on some platforms.
   320    312     */
   321    313     if( hasStatementBegin && !doesStatementRollback ){
................................................................................
   735    727   /*
   736    728   ** Release an array of N Mem elements
   737    729   */
   738    730   static void releaseMemArray(Mem *p, int N){
   739    731     if( p ){
   740    732       while( N-->0 ){
   741    733         assert( N<2 || p[0].db==p[1].db );
   742         -      sqlite3VdbeMemRelease(p++);
          734  +      sqlite3VdbeMemSetNull(p++);
   743    735       }
   744    736     }
   745    737   }
   746    738   
   747    739   #ifndef SQLITE_OMIT_EXPLAIN
   748    740   /*
   749    741   ** Give a listing of the program in the virtual machine.
   750    742   **
   751    743   ** The interface is the same as sqlite3VdbeExec().  But instead of
   752    744   ** running the code, it invokes the callback once for each instruction.
   753    745   ** This feature is used to implement "EXPLAIN".
          746  +**
          747  +** When p->explain==1, each instruction is listed.  When
          748  +** p->explain==2, only OP_Explain instructions are listed and these
          749  +** are shown in a different format.  p->explain==2 is used to implement
          750  +** EXPLAIN QUERY PLAN.
   754    751   */
   755    752   int sqlite3VdbeList(
   756    753     Vdbe *p                   /* The VDBE */
   757    754   ){
   758    755     sqlite3 *db = p->db;
   759    756     int i;
   760    757     int rc = SQLITE_OK;
          758  +  Mem *pMem = p->pResultSet = &p->aMem[1];
   761    759   
   762    760     assert( p->explain );
   763    761     if( p->magic!=VDBE_MAGIC_RUN ) return SQLITE_MISUSE;
   764    762     assert( db->magic==SQLITE_MAGIC_BUSY );
   765    763     assert( p->rc==SQLITE_OK || p->rc==SQLITE_BUSY );
   766    764   
   767         -  /* Even though this opcode does not put dynamic strings onto the
   768         -  ** the stack, they may become dynamic if the user calls
          765  +  /* Even though this opcode does not use dynamic strings for
          766  +  ** the result, result columns may become dynamic if the user calls
   769    767     ** sqlite3_column_text16(), causing a translation to UTF-16 encoding.
   770    768     */
   771         -  if( p->pResultSet ){
   772         -    releaseMemArray(p->pResultSet, 5);
   773         -    p->pResultSet = 0;
   774         -  }
          769  +  releaseMemArray(pMem, p->nMem);
   775    770   
   776    771     do{
   777    772       i = p->pc++;
   778    773     }while( i<p->nOp && p->explain==2 && p->aOp[i].opcode!=OP_Explain );
   779    774     if( i>=p->nOp ){
   780    775       p->rc = SQLITE_OK;
   781    776       rc = SQLITE_DONE;
   782    777     }else if( db->u1.isInterrupted ){
   783    778       p->rc = SQLITE_INTERRUPT;
   784    779       rc = SQLITE_ERROR;
   785    780       sqlite3SetString(&p->zErrMsg, sqlite3ErrStr(p->rc), (char*)0);
   786    781     }else{
   787    782       Op *pOp = &p->aOp[i];
   788         -    Mem *pMem = p->pResultSet = p->aStack;
   789    783       if( p->explain==1 ){
   790    784         pMem->flags = MEM_Int;
   791    785         pMem->type = SQLITE_INTEGER;
   792    786         pMem->u.i = i;                                /* Program counter */
   793    787         pMem++;
   794    788     
   795    789         pMem->flags = MEM_Static|MEM_Str|MEM_Term;
................................................................................
   842    836           pMem->n = strlen(pMem->z);
   843    837           pMem->enc = SQLITE_UTF8;
   844    838         }
   845    839   #endif
   846    840       }
   847    841   
   848    842       p->nResColumn = 8 - 5*(p->explain-1);
   849         -    p->pTos = pMem;
   850    843       p->rc = SQLITE_OK;
   851    844       rc = SQLITE_ROW;
   852    845     }
   853    846     return rc;
   854    847   }
   855    848   #endif /* SQLITE_OMIT_EXPLAIN */
   856    849   
................................................................................
   931    924     /* Set the magic to VDBE_MAGIC_RUN sooner rather than later. This
   932    925      * is because the call to resizeOpArray() below may shrink the
   933    926      * p->aOp[] array to save memory if called when in VDBE_MAGIC_RUN 
   934    927      * state.
   935    928      */
   936    929     p->magic = VDBE_MAGIC_RUN;
   937    930   
   938         -  /* No instruction ever pushes more than a single element onto the
   939         -  ** stack.  And the stack never grows on successive executions of the
   940         -  ** same loop.  So the total number of instructions is an upper bound
   941         -  ** on the maximum stack depth required.  (Added later:)  The
   942         -  ** resolveP2Values() call computes a tighter upper bound on the
   943         -  ** stack size.
   944         -  **
   945         -  ** Allocation all the stack space we will ever need.
          931  +  /*
          932  +  ** Allocation space for registers.
   946    933     */
   947         -  if( p->aStack==0 ){
          934  +  if( p->aMem==0 ){
   948    935       int nArg;       /* Maximum number of args passed to a user function. */
   949         -    int nStack;     /* Maximum number of stack entries required */
   950         -    resolveP2Values(p, &nArg, &nStack);
          936  +    resolveP2Values(p, &nArg);
   951    937       resizeOpArray(p, p->nOp);
   952    938       assert( nVar>=0 );
   953         -    assert( nStack<p->nOp );
   954         -    if( isExplain ){
   955         -      nStack = 16;
          939  +    if( isExplain && nMem<10 ){
          940  +      p->nMem = nMem = 10;
   956    941       }
   957         -    p->aStack = sqlite3DbMallocZero(db,
   958         -        nStack*sizeof(p->aStack[0])    /* aStack */
          942  +    p->aMem = sqlite3DbMallocZero(db,
          943  +        nMem*sizeof(Mem)               /* aMem */
          944  +      + nVar*sizeof(Mem)               /* aVar */
   959    945         + nArg*sizeof(Mem*)              /* apArg */
   960         -      + nVar*sizeof(Mem)               /* aVar */
   961    946         + nVar*sizeof(char*)             /* azVar */
   962         -      + nMem*sizeof(Mem)               /* aMem */
   963    947         + nCursor*sizeof(Cursor*) + 1    /* apCsr */
   964    948       );
   965    949       if( !db->mallocFailed ){
   966         -      p->aMem = &p->aStack[nStack-1];  /* aMem[] goes from 1..nMem */
   967         -      p->nMem = nMem;                  /*       not from 0..nMem-1 */
          950  +      p->aMem--;             /* aMem[] goes from 1..nMem */
          951  +      p->nMem = nMem;        /*       not from 0..nMem-1 */
   968    952         p->aVar = &p->aMem[nMem+1];
   969    953         p->nVar = nVar;
   970    954         p->okVar = 0;
   971    955         p->apArg = (Mem**)&p->aVar[nVar];
   972    956         p->azVar = (char**)&p->apArg[nArg];
   973    957         p->apCsr = (Cursor**)&p->azVar[nVar];
   974    958         p->nCursor = nCursor;
   975    959         for(n=0; n<nVar; n++){
   976    960           p->aVar[n].flags = MEM_Null;
   977    961           p->aVar[n].db = db;
   978    962         }
   979         -      for(n=0; n<nStack; n++){
   980         -        p->aStack[n].db = db;
          963  +      for(n=1; n<=nMem; n++){
          964  +        p->aMem[n].flags = MEM_Null;
          965  +        p->aMem[n].db = db;
   981    966         }
   982    967       }
   983    968     }
   984         -  for(n=1; n<=p->nMem; n++){
   985         -    p->aMem[n].flags = MEM_Null;
   986         -    p->aMem[n].db = db;
          969  +#ifdef SQLITE_DEBUG
          970  +  for(n=1; n<p->nMem; n++){
          971  +    assert( p->aMem[n].db==db );
          972  +    assert( p->aMem[n].flags==MEM_Null );
   987    973     }
          974  +#endif
   988    975   
   989         -  p->pTos = &p->aStack[-1];
   990    976     p->pc = -1;
   991    977     p->rc = SQLITE_OK;
   992    978     p->uniqueCnt = 0;
   993    979     p->returnDepth = 0;
   994    980     p->errorAction = OE_Abort;
   995         -  p->popStack =  0;
   996    981     p->explain |= isExplain;
   997    982     p->magic = VDBE_MAGIC_RUN;
   998    983     p->nChange = 0;
   999    984     p->cacheCtr = 1;
  1000    985     p->minWriteFileFormat = 255;
  1001    986     p->openedStatement = 0;
  1002    987   #ifdef VDBE_PROFILE
................................................................................
  1061   1046   **
  1062   1047   ** This routine will automatically close any cursors, lists, and/or
  1063   1048   ** sorters that were left open.  It also deletes the values of
  1064   1049   ** variables in the aVar[] array.
  1065   1050   */
  1066   1051   static void Cleanup(Vdbe *p){
  1067   1052     int i;
  1068         -  if( p->aStack ){
  1069         -    releaseMemArray(p->aStack, 1 + (p->pTos - p->aStack));
  1070         -    p->pTos = &p->aStack[-1];
  1071         -  }
  1072   1053     closeAllCursorsExceptActiveVtabs(p);
  1073   1054     releaseMemArray(&p->aMem[1], p->nMem);
  1074   1055     sqlite3VdbeFifoClear(&p->sFifo);
  1075   1056     if( p->contextStack ){
  1076   1057       for(i=0; i<p->contextStackTop; i++){
  1077   1058         sqlite3VdbeFifoClear(&p->contextStack[i].sFifo);
  1078   1059       }
................................................................................
  1660   1641   
  1661   1642     /* Reclaim all memory used by the VDBE
  1662   1643     */
  1663   1644     Cleanup(p);
  1664   1645   
  1665   1646     /* Save profiling information from this VDBE run.
  1666   1647     */
  1667         -  assert( p->pTos<&p->aStack[p->pc<0?0:p->pc] || !p->aStack );
  1668   1648   #ifdef VDBE_PROFILE
  1669   1649     {
  1670   1650       FILE *out = fopen("vdbe_profile.out", "a");
  1671   1651       if( out ){
  1672   1652         int i;
  1673   1653         fprintf(out, "---- ");
  1674   1654         for(i=0; i<p->nOp; i++){
................................................................................
  1751   1731         sqlite3_free(pOp->zComment);
  1752   1732   #endif     
  1753   1733       }
  1754   1734       sqlite3_free(p->aOp);
  1755   1735     }
  1756   1736     releaseMemArray(p->aVar, p->nVar);
  1757   1737     sqlite3_free(p->aLabel);
  1758         -  sqlite3_free(p->aStack);
         1738  +  if( p->aMem ){
         1739  +    sqlite3_free(&p->aMem[1]);
         1740  +  }
  1759   1741     releaseMemArray(p->aColName, p->nResColumn*COLNAME_N);
  1760   1742     sqlite3_free(p->aColName);
  1761   1743     sqlite3_free(p->zSql);
  1762   1744     p->magic = VDBE_MAGIC_DEAD;
  1763   1745     sqlite3_free(p);
  1764   1746   }
  1765   1747   

Changes to src/vtab.c.

     7      7   **    May you do good and not evil.
     8      8   **    May you find forgiveness for yourself and forgive others.
     9      9   **    May you share freely, never taking more than you give.
    10     10   **
    11     11   *************************************************************************
    12     12   ** This file contains code used to help implement virtual tables.
    13     13   **
    14         -** $Id: vtab.c,v 1.61 2008/01/12 12:48:08 drh Exp $
           14  +** $Id: vtab.c,v 1.62 2008/01/17 16:22:15 drh Exp $
    15     15   */
    16     16   #ifndef SQLITE_OMIT_VIRTUALTABLE
    17     17   #include "sqliteInt.h"
    18     18   
    19     19   static int createModule(
    20     20     sqlite3 *db,                    /* Database in which module is registered */
    21     21     const char *zName,              /* Name assigned to this module */
................................................................................
   272    272         pTab->zName,
   273    273         pTab->zName,
   274    274         zStmt,
   275    275         pParse->regRowid
   276    276       );
   277    277       sqlite3_free(zStmt);
   278    278       v = sqlite3GetVdbe(pParse);
   279         -    sqlite3ChangeCookie(db, v, iDb);
          279  +    sqlite3ChangeCookie(pParse, iDb);
   280    280   
   281    281       sqlite3VdbeAddOp2(v, OP_Expire, 0, 0);
   282    282       zWhere = sqlite3MPrintf(db, "name='%q'", pTab->zName);
   283    283       sqlite3VdbeAddOp4(v, OP_ParseSchema, iDb, 1, 0, zWhere, P4_DYNAMIC);
   284    284       sqlite3VdbeAddOp4(v, OP_VCreate, iDb, 0, 0, 
   285    285                            pTab->zName, strlen(pTab->zName) + 1);
   286    286     }

Changes to src/where.c.

    12     12   ** This module contains C code that generates VDBE code used to process
    13     13   ** the WHERE clause of SQL statements.  This module is reponsible for
    14     14   ** generating the code that loops through a table looking for applicable
    15     15   ** rows.  Indices are selected and used to speed the search when doing
    16     16   ** so is applicable.  Because this module is responsible for selecting
    17     17   ** indices, you might also think of this module as the "query optimizer".
    18     18   **
    19         -** $Id: where.c,v 1.282 2008/01/17 02:36:28 drh Exp $
           19  +** $Id: where.c,v 1.283 2008/01/17 16:22:15 drh Exp $
    20     20   */
    21     21   #include "sqliteInt.h"
    22     22   
    23     23   /*
    24     24   ** The number of bits in a Bitmask.  "BMS" means "BitMask Size".
    25     25   */
    26     26   #define BMS  (sizeof(Bitmask)*8)
................................................................................
  2643   2643         assert( omitTable==0 );
  2644   2644         assert( bRev==0 );
  2645   2645         pLevel->op = OP_Next;
  2646   2646         pLevel->p1 = iCur;
  2647   2647         pLevel->p2 = 1 + sqlite3VdbeAddOp2(v, OP_Rewind, iCur, brk);
  2648   2648       }
  2649   2649       notReady &= ~getMask(&maskSet, iCur);
  2650         -    sqlite3VdbeAddOp2(v, OP_StackDepth, -1, 0);
  2651   2650   
  2652   2651       /* Insert code to test every subexpression that can be completely
  2653   2652       ** computed using the current set of tables.
  2654   2653       */
  2655   2654       for(pTerm=wc.a, j=wc.nTerm; j>0; j--, pTerm++){
  2656   2655         Expr *pE;
  2657   2656         if( pTerm->flags & (TERM_VIRTUAL|TERM_CODED) ) continue;

Changes to test/in3.test.

     9      9   #
    10     10   #***********************************************************************
    11     11   # This file tests the optimisations made in November 2007 of expressions 
    12     12   # of the following form:
    13     13   #
    14     14   #     <value> IN (SELECT <column> FROM <table>)
    15     15   #
    16         -# $Id: in3.test,v 1.2 2007/12/10 05:03:48 danielk1977 Exp $
           16  +# $Id: in3.test,v 1.3 2008/01/17 16:22:16 drh Exp $
    17     17   
    18     18   set testdir [file dirname $argv0]
    19     19   source $testdir/tester.tcl
    20     20   
    21     21   ifcapable !subquery {
    22     22     finish_test
    23     23     return
................................................................................
   262    262     exec_neph { SELECT b FROM t3 WHERE b IN (SELECT b FROM t3) }
   263    263   } {0 none numeric real text}
   264    264   do_test in3-4.6 {
   265    265     execsql { DROP INDEX t3_i2 }
   266    266   } {}
   267    267   
   268    268   finish_test
   269         -