SQLite
Artifact Content
Not logged in

Artifact 80ea65224512884bb72976c93810d2dcaecc1353:


     1  /*
     2  ** 2004 April 6
     3  **
     4  ** The author disclaims copyright to this source code.  In place of
     5  ** a legal notice, here is a blessing:
     6  **
     7  **    May you do good and not evil.
     8  **    May you find forgiveness for yourself and forgive others.
     9  **    May you share freely, never taking more than you give.
    10  **
    11  *************************************************************************
    12  ** This file implements a external (disk-based) database using BTrees.
    13  ** See the header comment on "btreeInt.h" for additional information.
    14  ** Including a description of file format and an overview of operation.
    15  */
    16  #include "btreeInt.h"
    17  
    18  /*
    19  ** The header string that appears at the beginning of every
    20  ** SQLite database.
    21  */
    22  static const char zMagicHeader[] = SQLITE_FILE_HEADER;
    23  
    24  /*
    25  ** Set this global variable to 1 to enable tracing using the TRACE
    26  ** macro.
    27  */
    28  #if 0
    29  int sqlite3BtreeTrace=1;  /* True to enable tracing */
    30  # define TRACE(X)  if(sqlite3BtreeTrace){printf X;fflush(stdout);}
    31  #else
    32  # define TRACE(X)
    33  #endif
    34  
    35  /*
    36  ** Extract a 2-byte big-endian integer from an array of unsigned bytes.
    37  ** But if the value is zero, make it 65536.
    38  **
    39  ** This routine is used to extract the "offset to cell content area" value
    40  ** from the header of a btree page.  If the page size is 65536 and the page
    41  ** is empty, the offset should be 65536, but the 2-byte value stores zero.
    42  ** This routine makes the necessary adjustment to 65536.
    43  */
    44  #define get2byteNotZero(X)  (((((int)get2byte(X))-1)&0xffff)+1)
    45  
    46  #ifndef SQLITE_OMIT_SHARED_CACHE
    47  /*
    48  ** A list of BtShared objects that are eligible for participation
    49  ** in shared cache.  This variable has file scope during normal builds,
    50  ** but the test harness needs to access it so we make it global for 
    51  ** test builds.
    52  **
    53  ** Access to this variable is protected by SQLITE_MUTEX_STATIC_MASTER.
    54  */
    55  #ifdef SQLITE_TEST
    56  BtShared *SQLITE_WSD sqlite3SharedCacheList = 0;
    57  #else
    58  static BtShared *SQLITE_WSD sqlite3SharedCacheList = 0;
    59  #endif
    60  #endif /* SQLITE_OMIT_SHARED_CACHE */
    61  
    62  #ifndef SQLITE_OMIT_SHARED_CACHE
    63  /*
    64  ** Enable or disable the shared pager and schema features.
    65  **
    66  ** This routine has no effect on existing database connections.
    67  ** The shared cache setting effects only future calls to
    68  ** sqlite3_open(), sqlite3_open16(), or sqlite3_open_v2().
    69  */
    70  int sqlite3_enable_shared_cache(int enable){
    71    sqlite3GlobalConfig.sharedCacheEnabled = enable;
    72    return SQLITE_OK;
    73  }
    74  #endif
    75  
    76  
    77  
    78  #ifdef SQLITE_OMIT_SHARED_CACHE
    79    /*
    80    ** The functions querySharedCacheTableLock(), setSharedCacheTableLock(),
    81    ** and clearAllSharedCacheTableLocks()
    82    ** manipulate entries in the BtShared.pLock linked list used to store
    83    ** shared-cache table level locks. If the library is compiled with the
    84    ** shared-cache feature disabled, then there is only ever one user
    85    ** of each BtShared structure and so this locking is not necessary. 
    86    ** So define the lock related functions as no-ops.
    87    */
    88    #define querySharedCacheTableLock(a,b,c) SQLITE_OK
    89    #define setSharedCacheTableLock(a,b,c) SQLITE_OK
    90    #define clearAllSharedCacheTableLocks(a)
    91    #define downgradeAllSharedCacheTableLocks(a)
    92    #define hasSharedCacheTableLock(a,b,c,d) 1
    93    #define hasReadConflicts(a, b) 0
    94  #endif
    95  
    96  #ifndef SQLITE_OMIT_SHARED_CACHE
    97  
    98  #ifdef SQLITE_DEBUG
    99  /*
   100  **** This function is only used as part of an assert() statement. ***
   101  **
   102  ** Check to see if pBtree holds the required locks to read or write to the 
   103  ** table with root page iRoot.   Return 1 if it does and 0 if not.
   104  **
   105  ** For example, when writing to a table with root-page iRoot via 
   106  ** Btree connection pBtree:
   107  **
   108  **    assert( hasSharedCacheTableLock(pBtree, iRoot, 0, WRITE_LOCK) );
   109  **
   110  ** When writing to an index that resides in a sharable database, the 
   111  ** caller should have first obtained a lock specifying the root page of
   112  ** the corresponding table. This makes things a bit more complicated,
   113  ** as this module treats each table as a separate structure. To determine
   114  ** the table corresponding to the index being written, this
   115  ** function has to search through the database schema.
   116  **
   117  ** Instead of a lock on the table/index rooted at page iRoot, the caller may
   118  ** hold a write-lock on the schema table (root page 1). This is also
   119  ** acceptable.
   120  */
   121  static int hasSharedCacheTableLock(
   122    Btree *pBtree,         /* Handle that must hold lock */
   123    Pgno iRoot,            /* Root page of b-tree */
   124    int isIndex,           /* True if iRoot is the root of an index b-tree */
   125    int eLockType          /* Required lock type (READ_LOCK or WRITE_LOCK) */
   126  ){
   127    Schema *pSchema = (Schema *)pBtree->pBt->pSchema;
   128    Pgno iTab = 0;
   129    BtLock *pLock;
   130  
   131    /* If this database is not shareable, or if the client is reading
   132    ** and has the read-uncommitted flag set, then no lock is required. 
   133    ** Return true immediately.
   134    */
   135    if( (pBtree->sharable==0)
   136     || (eLockType==READ_LOCK && (pBtree->db->flags & SQLITE_ReadUncommitted))
   137    ){
   138      return 1;
   139    }
   140  
   141    /* If the client is reading  or writing an index and the schema is
   142    ** not loaded, then it is too difficult to actually check to see if
   143    ** the correct locks are held.  So do not bother - just return true.
   144    ** This case does not come up very often anyhow.
   145    */
   146    if( isIndex && (!pSchema || (pSchema->flags&DB_SchemaLoaded)==0) ){
   147      return 1;
   148    }
   149  
   150    /* Figure out the root-page that the lock should be held on. For table
   151    ** b-trees, this is just the root page of the b-tree being read or
   152    ** written. For index b-trees, it is the root page of the associated
   153    ** table.  */
   154    if( isIndex ){
   155      HashElem *p;
   156      for(p=sqliteHashFirst(&pSchema->idxHash); p; p=sqliteHashNext(p)){
   157        Index *pIdx = (Index *)sqliteHashData(p);
   158        if( pIdx->tnum==(int)iRoot ){
   159          iTab = pIdx->pTable->tnum;
   160        }
   161      }
   162    }else{
   163      iTab = iRoot;
   164    }
   165  
   166    /* Search for the required lock. Either a write-lock on root-page iTab, a 
   167    ** write-lock on the schema table, or (if the client is reading) a
   168    ** read-lock on iTab will suffice. Return 1 if any of these are found.  */
   169    for(pLock=pBtree->pBt->pLock; pLock; pLock=pLock->pNext){
   170      if( pLock->pBtree==pBtree 
   171       && (pLock->iTable==iTab || (pLock->eLock==WRITE_LOCK && pLock->iTable==1))
   172       && pLock->eLock>=eLockType 
   173      ){
   174        return 1;
   175      }
   176    }
   177  
   178    /* Failed to find the required lock. */
   179    return 0;
   180  }
   181  #endif /* SQLITE_DEBUG */
   182  
   183  #ifdef SQLITE_DEBUG
   184  /*
   185  **** This function may be used as part of assert() statements only. ****
   186  **
   187  ** Return true if it would be illegal for pBtree to write into the
   188  ** table or index rooted at iRoot because other shared connections are
   189  ** simultaneously reading that same table or index.
   190  **
   191  ** It is illegal for pBtree to write if some other Btree object that
   192  ** shares the same BtShared object is currently reading or writing
   193  ** the iRoot table.  Except, if the other Btree object has the
   194  ** read-uncommitted flag set, then it is OK for the other object to
   195  ** have a read cursor.
   196  **
   197  ** For example, before writing to any part of the table or index
   198  ** rooted at page iRoot, one should call:
   199  **
   200  **    assert( !hasReadConflicts(pBtree, iRoot) );
   201  */
   202  static int hasReadConflicts(Btree *pBtree, Pgno iRoot){
   203    BtCursor *p;
   204    for(p=pBtree->pBt->pCursor; p; p=p->pNext){
   205      if( p->pgnoRoot==iRoot 
   206       && p->pBtree!=pBtree
   207       && 0==(p->pBtree->db->flags & SQLITE_ReadUncommitted)
   208      ){
   209        return 1;
   210      }
   211    }
   212    return 0;
   213  }
   214  #endif    /* #ifdef SQLITE_DEBUG */
   215  
   216  /*
   217  ** Query to see if Btree handle p may obtain a lock of type eLock 
   218  ** (READ_LOCK or WRITE_LOCK) on the table with root-page iTab. Return
   219  ** SQLITE_OK if the lock may be obtained (by calling
   220  ** setSharedCacheTableLock()), or SQLITE_LOCKED if not.
   221  */
   222  static int querySharedCacheTableLock(Btree *p, Pgno iTab, u8 eLock){
   223    BtShared *pBt = p->pBt;
   224    BtLock *pIter;
   225  
   226    assert( sqlite3BtreeHoldsMutex(p) );
   227    assert( eLock==READ_LOCK || eLock==WRITE_LOCK );
   228    assert( p->db!=0 );
   229    assert( !(p->db->flags&SQLITE_ReadUncommitted)||eLock==WRITE_LOCK||iTab==1 );
   230    
   231    /* If requesting a write-lock, then the Btree must have an open write
   232    ** transaction on this file. And, obviously, for this to be so there 
   233    ** must be an open write transaction on the file itself.
   234    */
   235    assert( eLock==READ_LOCK || (p==pBt->pWriter && p->inTrans==TRANS_WRITE) );
   236    assert( eLock==READ_LOCK || pBt->inTransaction==TRANS_WRITE );
   237    
   238    /* This routine is a no-op if the shared-cache is not enabled */
   239    if( !p->sharable ){
   240      return SQLITE_OK;
   241    }
   242  
   243    /* If some other connection is holding an exclusive lock, the
   244    ** requested lock may not be obtained.
   245    */
   246    if( pBt->pWriter!=p && pBt->isExclusive ){
   247      sqlite3ConnectionBlocked(p->db, pBt->pWriter->db);
   248      return SQLITE_LOCKED_SHAREDCACHE;
   249    }
   250  
   251    for(pIter=pBt->pLock; pIter; pIter=pIter->pNext){
   252      /* The condition (pIter->eLock!=eLock) in the following if(...) 
   253      ** statement is a simplification of:
   254      **
   255      **   (eLock==WRITE_LOCK || pIter->eLock==WRITE_LOCK)
   256      **
   257      ** since we know that if eLock==WRITE_LOCK, then no other connection
   258      ** may hold a WRITE_LOCK on any table in this file (since there can
   259      ** only be a single writer).
   260      */
   261      assert( pIter->eLock==READ_LOCK || pIter->eLock==WRITE_LOCK );
   262      assert( eLock==READ_LOCK || pIter->pBtree==p || pIter->eLock==READ_LOCK);
   263      if( pIter->pBtree!=p && pIter->iTable==iTab && pIter->eLock!=eLock ){
   264        sqlite3ConnectionBlocked(p->db, pIter->pBtree->db);
   265        if( eLock==WRITE_LOCK ){
   266          assert( p==pBt->pWriter );
   267          pBt->isPending = 1;
   268        }
   269        return SQLITE_LOCKED_SHAREDCACHE;
   270      }
   271    }
   272    return SQLITE_OK;
   273  }
   274  #endif /* !SQLITE_OMIT_SHARED_CACHE */
   275  
   276  #ifndef SQLITE_OMIT_SHARED_CACHE
   277  /*
   278  ** Add a lock on the table with root-page iTable to the shared-btree used
   279  ** by Btree handle p. Parameter eLock must be either READ_LOCK or 
   280  ** WRITE_LOCK.
   281  **
   282  ** This function assumes the following:
   283  **
   284  **   (a) The specified Btree object p is connected to a sharable
   285  **       database (one with the BtShared.sharable flag set), and
   286  **
   287  **   (b) No other Btree objects hold a lock that conflicts
   288  **       with the requested lock (i.e. querySharedCacheTableLock() has
   289  **       already been called and returned SQLITE_OK).
   290  **
   291  ** SQLITE_OK is returned if the lock is added successfully. SQLITE_NOMEM 
   292  ** is returned if a malloc attempt fails.
   293  */
   294  static int setSharedCacheTableLock(Btree *p, Pgno iTable, u8 eLock){
   295    BtShared *pBt = p->pBt;
   296    BtLock *pLock = 0;
   297    BtLock *pIter;
   298  
   299    assert( sqlite3BtreeHoldsMutex(p) );
   300    assert( eLock==READ_LOCK || eLock==WRITE_LOCK );
   301    assert( p->db!=0 );
   302  
   303    /* A connection with the read-uncommitted flag set will never try to
   304    ** obtain a read-lock using this function. The only read-lock obtained
   305    ** by a connection in read-uncommitted mode is on the sqlite_master 
   306    ** table, and that lock is obtained in BtreeBeginTrans().  */
   307    assert( 0==(p->db->flags&SQLITE_ReadUncommitted) || eLock==WRITE_LOCK );
   308  
   309    /* This function should only be called on a sharable b-tree after it 
   310    ** has been determined that no other b-tree holds a conflicting lock.  */
   311    assert( p->sharable );
   312    assert( SQLITE_OK==querySharedCacheTableLock(p, iTable, eLock) );
   313  
   314    /* First search the list for an existing lock on this table. */
   315    for(pIter=pBt->pLock; pIter; pIter=pIter->pNext){
   316      if( pIter->iTable==iTable && pIter->pBtree==p ){
   317        pLock = pIter;
   318        break;
   319      }
   320    }
   321  
   322    /* If the above search did not find a BtLock struct associating Btree p
   323    ** with table iTable, allocate one and link it into the list.
   324    */
   325    if( !pLock ){
   326      pLock = (BtLock *)sqlite3MallocZero(sizeof(BtLock));
   327      if( !pLock ){
   328        return SQLITE_NOMEM;
   329      }
   330      pLock->iTable = iTable;
   331      pLock->pBtree = p;
   332      pLock->pNext = pBt->pLock;
   333      pBt->pLock = pLock;
   334    }
   335  
   336    /* Set the BtLock.eLock variable to the maximum of the current lock
   337    ** and the requested lock. This means if a write-lock was already held
   338    ** and a read-lock requested, we don't incorrectly downgrade the lock.
   339    */
   340    assert( WRITE_LOCK>READ_LOCK );
   341    if( eLock>pLock->eLock ){
   342      pLock->eLock = eLock;
   343    }
   344  
   345    return SQLITE_OK;
   346  }
   347  #endif /* !SQLITE_OMIT_SHARED_CACHE */
   348  
   349  #ifndef SQLITE_OMIT_SHARED_CACHE
   350  /*
   351  ** Release all the table locks (locks obtained via calls to
   352  ** the setSharedCacheTableLock() procedure) held by Btree object p.
   353  **
   354  ** This function assumes that Btree p has an open read or write 
   355  ** transaction. If it does not, then the BtShared.isPending variable
   356  ** may be incorrectly cleared.
   357  */
   358  static void clearAllSharedCacheTableLocks(Btree *p){
   359    BtShared *pBt = p->pBt;
   360    BtLock **ppIter = &pBt->pLock;
   361  
   362    assert( sqlite3BtreeHoldsMutex(p) );
   363    assert( p->sharable || 0==*ppIter );
   364    assert( p->inTrans>0 );
   365  
   366    while( *ppIter ){
   367      BtLock *pLock = *ppIter;
   368      assert( pBt->isExclusive==0 || pBt->pWriter==pLock->pBtree );
   369      assert( pLock->pBtree->inTrans>=pLock->eLock );
   370      if( pLock->pBtree==p ){
   371        *ppIter = pLock->pNext;
   372        assert( pLock->iTable!=1 || pLock==&p->lock );
   373        if( pLock->iTable!=1 ){
   374          sqlite3_free(pLock);
   375        }
   376      }else{
   377        ppIter = &pLock->pNext;
   378      }
   379    }
   380  
   381    assert( pBt->isPending==0 || pBt->pWriter );
   382    if( pBt->pWriter==p ){
   383      pBt->pWriter = 0;
   384      pBt->isExclusive = 0;
   385      pBt->isPending = 0;
   386    }else if( pBt->nTransaction==2 ){
   387      /* This function is called when Btree p is concluding its 
   388      ** transaction. If there currently exists a writer, and p is not
   389      ** that writer, then the number of locks held by connections other
   390      ** than the writer must be about to drop to zero. In this case
   391      ** set the isPending flag to 0.
   392      **
   393      ** If there is not currently a writer, then BtShared.isPending must
   394      ** be zero already. So this next line is harmless in that case.
   395      */
   396      pBt->isPending = 0;
   397    }
   398  }
   399  
   400  /*
   401  ** This function changes all write-locks held by Btree p into read-locks.
   402  */
   403  static void downgradeAllSharedCacheTableLocks(Btree *p){
   404    BtShared *pBt = p->pBt;
   405    if( pBt->pWriter==p ){
   406      BtLock *pLock;
   407      pBt->pWriter = 0;
   408      pBt->isExclusive = 0;
   409      pBt->isPending = 0;
   410      for(pLock=pBt->pLock; pLock; pLock=pLock->pNext){
   411        assert( pLock->eLock==READ_LOCK || pLock->pBtree==p );
   412        pLock->eLock = READ_LOCK;
   413      }
   414    }
   415  }
   416  
   417  #endif /* SQLITE_OMIT_SHARED_CACHE */
   418  
   419  static void releasePage(MemPage *pPage);  /* Forward reference */
   420  
   421  /*
   422  ***** This routine is used inside of assert() only ****
   423  **
   424  ** Verify that the cursor holds the mutex on its BtShared
   425  */
   426  #ifdef SQLITE_DEBUG
   427  static int cursorHoldsMutex(BtCursor *p){
   428    return sqlite3_mutex_held(p->pBt->mutex);
   429  }
   430  #endif
   431  
   432  
   433  #ifndef SQLITE_OMIT_INCRBLOB
   434  /*
   435  ** Invalidate the overflow page-list cache for cursor pCur, if any.
   436  */
   437  static void invalidateOverflowCache(BtCursor *pCur){
   438    assert( cursorHoldsMutex(pCur) );
   439    sqlite3_free(pCur->aOverflow);
   440    pCur->aOverflow = 0;
   441  }
   442  
   443  /*
   444  ** Invalidate the overflow page-list cache for all cursors opened
   445  ** on the shared btree structure pBt.
   446  */
   447  static void invalidateAllOverflowCache(BtShared *pBt){
   448    BtCursor *p;
   449    assert( sqlite3_mutex_held(pBt->mutex) );
   450    for(p=pBt->pCursor; p; p=p->pNext){
   451      invalidateOverflowCache(p);
   452    }
   453  }
   454  
   455  /*
   456  ** This function is called before modifying the contents of a table
   457  ** to invalidate any incrblob cursors that are open on the
   458  ** row or one of the rows being modified.
   459  **
   460  ** If argument isClearTable is true, then the entire contents of the
   461  ** table is about to be deleted. In this case invalidate all incrblob
   462  ** cursors open on any row within the table with root-page pgnoRoot.
   463  **
   464  ** Otherwise, if argument isClearTable is false, then the row with
   465  ** rowid iRow is being replaced or deleted. In this case invalidate
   466  ** only those incrblob cursors open on that specific row.
   467  */
   468  static void invalidateIncrblobCursors(
   469    Btree *pBtree,          /* The database file to check */
   470    i64 iRow,               /* The rowid that might be changing */
   471    int isClearTable        /* True if all rows are being deleted */
   472  ){
   473    BtCursor *p;
   474    BtShared *pBt = pBtree->pBt;
   475    assert( sqlite3BtreeHoldsMutex(pBtree) );
   476    for(p=pBt->pCursor; p; p=p->pNext){
   477      if( p->isIncrblobHandle && (isClearTable || p->info.nKey==iRow) ){
   478        p->eState = CURSOR_INVALID;
   479      }
   480    }
   481  }
   482  
   483  #else
   484    /* Stub functions when INCRBLOB is omitted */
   485    #define invalidateOverflowCache(x)
   486    #define invalidateAllOverflowCache(x)
   487    #define invalidateIncrblobCursors(x,y,z)
   488  #endif /* SQLITE_OMIT_INCRBLOB */
   489  
   490  /*
   491  ** Set bit pgno of the BtShared.pHasContent bitvec. This is called 
   492  ** when a page that previously contained data becomes a free-list leaf 
   493  ** page.
   494  **
   495  ** The BtShared.pHasContent bitvec exists to work around an obscure
   496  ** bug caused by the interaction of two useful IO optimizations surrounding
   497  ** free-list leaf pages:
   498  **
   499  **   1) When all data is deleted from a page and the page becomes
   500  **      a free-list leaf page, the page is not written to the database
   501  **      (as free-list leaf pages contain no meaningful data). Sometimes
   502  **      such a page is not even journalled (as it will not be modified,
   503  **      why bother journalling it?).
   504  **
   505  **   2) When a free-list leaf page is reused, its content is not read
   506  **      from the database or written to the journal file (why should it
   507  **      be, if it is not at all meaningful?).
   508  **
   509  ** By themselves, these optimizations work fine and provide a handy
   510  ** performance boost to bulk delete or insert operations. However, if
   511  ** a page is moved to the free-list and then reused within the same
   512  ** transaction, a problem comes up. If the page is not journalled when
   513  ** it is moved to the free-list and it is also not journalled when it
   514  ** is extracted from the free-list and reused, then the original data
   515  ** may be lost. In the event of a rollback, it may not be possible
   516  ** to restore the database to its original configuration.
   517  **
   518  ** The solution is the BtShared.pHasContent bitvec. Whenever a page is 
   519  ** moved to become a free-list leaf page, the corresponding bit is
   520  ** set in the bitvec. Whenever a leaf page is extracted from the free-list,
   521  ** optimization 2 above is omitted if the corresponding bit is already
   522  ** set in BtShared.pHasContent. The contents of the bitvec are cleared
   523  ** at the end of every transaction.
   524  */
   525  static int btreeSetHasContent(BtShared *pBt, Pgno pgno){
   526    int rc = SQLITE_OK;
   527    if( !pBt->pHasContent ){
   528      assert( pgno<=pBt->nPage );
   529      pBt->pHasContent = sqlite3BitvecCreate(pBt->nPage);
   530      if( !pBt->pHasContent ){
   531        rc = SQLITE_NOMEM;
   532      }
   533    }
   534    if( rc==SQLITE_OK && pgno<=sqlite3BitvecSize(pBt->pHasContent) ){
   535      rc = sqlite3BitvecSet(pBt->pHasContent, pgno);
   536    }
   537    return rc;
   538  }
   539  
   540  /*
   541  ** Query the BtShared.pHasContent vector.
   542  **
   543  ** This function is called when a free-list leaf page is removed from the
   544  ** free-list for reuse. It returns false if it is safe to retrieve the
   545  ** page from the pager layer with the 'no-content' flag set. True otherwise.
   546  */
   547  static int btreeGetHasContent(BtShared *pBt, Pgno pgno){
   548    Bitvec *p = pBt->pHasContent;
   549    return (p && (pgno>sqlite3BitvecSize(p) || sqlite3BitvecTest(p, pgno)));
   550  }
   551  
   552  /*
   553  ** Clear (destroy) the BtShared.pHasContent bitvec. This should be
   554  ** invoked at the conclusion of each write-transaction.
   555  */
   556  static void btreeClearHasContent(BtShared *pBt){
   557    sqlite3BitvecDestroy(pBt->pHasContent);
   558    pBt->pHasContent = 0;
   559  }
   560  
   561  /*
   562  ** Save the current cursor position in the variables BtCursor.nKey 
   563  ** and BtCursor.pKey. The cursor's state is set to CURSOR_REQUIRESEEK.
   564  **
   565  ** The caller must ensure that the cursor is valid (has eState==CURSOR_VALID)
   566  ** prior to calling this routine.  
   567  */
   568  static int saveCursorPosition(BtCursor *pCur){
   569    int rc;
   570  
   571    assert( CURSOR_VALID==pCur->eState );
   572    assert( 0==pCur->pKey );
   573    assert( cursorHoldsMutex(pCur) );
   574  
   575    rc = sqlite3BtreeKeySize(pCur, &pCur->nKey);
   576    assert( rc==SQLITE_OK );  /* KeySize() cannot fail */
   577  
   578    /* If this is an intKey table, then the above call to BtreeKeySize()
   579    ** stores the integer key in pCur->nKey. In this case this value is
   580    ** all that is required. Otherwise, if pCur is not open on an intKey
   581    ** table, then malloc space for and store the pCur->nKey bytes of key 
   582    ** data.
   583    */
   584    if( 0==pCur->apPage[0]->intKey ){
   585      void *pKey = sqlite3Malloc( (int)pCur->nKey );
   586      if( pKey ){
   587        rc = sqlite3BtreeKey(pCur, 0, (int)pCur->nKey, pKey);
   588        if( rc==SQLITE_OK ){
   589          pCur->pKey = pKey;
   590        }else{
   591          sqlite3_free(pKey);
   592        }
   593      }else{
   594        rc = SQLITE_NOMEM;
   595      }
   596    }
   597    assert( !pCur->apPage[0]->intKey || !pCur->pKey );
   598  
   599    if( rc==SQLITE_OK ){
   600      int i;
   601      for(i=0; i<=pCur->iPage; i++){
   602        releasePage(pCur->apPage[i]);
   603        pCur->apPage[i] = 0;
   604      }
   605      pCur->iPage = -1;
   606      pCur->eState = CURSOR_REQUIRESEEK;
   607    }
   608  
   609    invalidateOverflowCache(pCur);
   610    return rc;
   611  }
   612  
   613  /*
   614  ** Save the positions of all cursors (except pExcept) that are open on
   615  ** the table  with root-page iRoot. Usually, this is called just before cursor
   616  ** pExcept is used to modify the table (BtreeDelete() or BtreeInsert()).
   617  */
   618  static int saveAllCursors(BtShared *pBt, Pgno iRoot, BtCursor *pExcept){
   619    BtCursor *p;
   620    assert( sqlite3_mutex_held(pBt->mutex) );
   621    assert( pExcept==0 || pExcept->pBt==pBt );
   622    for(p=pBt->pCursor; p; p=p->pNext){
   623      if( p!=pExcept && (0==iRoot || p->pgnoRoot==iRoot) && 
   624          p->eState==CURSOR_VALID ){
   625        int rc = saveCursorPosition(p);
   626        if( SQLITE_OK!=rc ){
   627          return rc;
   628        }
   629      }
   630    }
   631    return SQLITE_OK;
   632  }
   633  
   634  /*
   635  ** Clear the current cursor position.
   636  */
   637  void sqlite3BtreeClearCursor(BtCursor *pCur){
   638    assert( cursorHoldsMutex(pCur) );
   639    sqlite3_free(pCur->pKey);
   640    pCur->pKey = 0;
   641    pCur->eState = CURSOR_INVALID;
   642  }
   643  
   644  /*
   645  ** In this version of BtreeMoveto, pKey is a packed index record
   646  ** such as is generated by the OP_MakeRecord opcode.  Unpack the
   647  ** record and then call BtreeMovetoUnpacked() to do the work.
   648  */
   649  static int btreeMoveto(
   650    BtCursor *pCur,     /* Cursor open on the btree to be searched */
   651    const void *pKey,   /* Packed key if the btree is an index */
   652    i64 nKey,           /* Integer key for tables.  Size of pKey for indices */
   653    int bias,           /* Bias search to the high end */
   654    int *pRes           /* Write search results here */
   655  ){
   656    int rc;                    /* Status code */
   657    UnpackedRecord *pIdxKey;   /* Unpacked index key */
   658    char aSpace[150];          /* Temp space for pIdxKey - to avoid a malloc */
   659    char *pFree = 0;
   660  
   661    if( pKey ){
   662      assert( nKey==(i64)(int)nKey );
   663      pIdxKey = sqlite3VdbeAllocUnpackedRecord(
   664          pCur->pKeyInfo, aSpace, sizeof(aSpace), &pFree
   665      );
   666      if( pIdxKey==0 ) return SQLITE_NOMEM;
   667      sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
   668    }else{
   669      pIdxKey = 0;
   670    }
   671    rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);
   672    if( pFree ){
   673      sqlite3DbFree(pCur->pKeyInfo->db, pFree);
   674    }
   675    return rc;
   676  }
   677  
   678  /*
   679  ** Restore the cursor to the position it was in (or as close to as possible)
   680  ** when saveCursorPosition() was called. Note that this call deletes the 
   681  ** saved position info stored by saveCursorPosition(), so there can be
   682  ** at most one effective restoreCursorPosition() call after each 
   683  ** saveCursorPosition().
   684  */
   685  static int btreeRestoreCursorPosition(BtCursor *pCur){
   686    int rc;
   687    assert( cursorHoldsMutex(pCur) );
   688    assert( pCur->eState>=CURSOR_REQUIRESEEK );
   689    if( pCur->eState==CURSOR_FAULT ){
   690      return pCur->skipNext;
   691    }
   692    pCur->eState = CURSOR_INVALID;
   693    rc = btreeMoveto(pCur, pCur->pKey, pCur->nKey, 0, &pCur->skipNext);
   694    if( rc==SQLITE_OK ){
   695      sqlite3_free(pCur->pKey);
   696      pCur->pKey = 0;
   697      assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_INVALID );
   698    }
   699    return rc;
   700  }
   701  
   702  #define restoreCursorPosition(p) \
   703    (p->eState>=CURSOR_REQUIRESEEK ? \
   704           btreeRestoreCursorPosition(p) : \
   705           SQLITE_OK)
   706  
   707  /*
   708  ** Determine whether or not a cursor has moved from the position it
   709  ** was last placed at.  Cursors can move when the row they are pointing
   710  ** at is deleted out from under them.
   711  **
   712  ** This routine returns an error code if something goes wrong.  The
   713  ** integer *pHasMoved is set to one if the cursor has moved and 0 if not.
   714  */
   715  int sqlite3BtreeCursorHasMoved(BtCursor *pCur, int *pHasMoved){
   716    int rc;
   717  
   718    rc = restoreCursorPosition(pCur);
   719    if( rc ){
   720      *pHasMoved = 1;
   721      return rc;
   722    }
   723    if( pCur->eState!=CURSOR_VALID || pCur->skipNext!=0 ){
   724      *pHasMoved = 1;
   725    }else{
   726      *pHasMoved = 0;
   727    }
   728    return SQLITE_OK;
   729  }
   730  
   731  #ifndef SQLITE_OMIT_AUTOVACUUM
   732  /*
   733  ** Given a page number of a regular database page, return the page
   734  ** number for the pointer-map page that contains the entry for the
   735  ** input page number.
   736  **
   737  ** Return 0 (not a valid page) for pgno==1 since there is
   738  ** no pointer map associated with page 1.  The integrity_check logic
   739  ** requires that ptrmapPageno(*,1)!=1.
   740  */
   741  static Pgno ptrmapPageno(BtShared *pBt, Pgno pgno){
   742    int nPagesPerMapPage;
   743    Pgno iPtrMap, ret;
   744    assert( sqlite3_mutex_held(pBt->mutex) );
   745    if( pgno<2 ) return 0;
   746    nPagesPerMapPage = (pBt->usableSize/5)+1;
   747    iPtrMap = (pgno-2)/nPagesPerMapPage;
   748    ret = (iPtrMap*nPagesPerMapPage) + 2; 
   749    if( ret==PENDING_BYTE_PAGE(pBt) ){
   750      ret++;
   751    }
   752    return ret;
   753  }
   754  
   755  /*
   756  ** Write an entry into the pointer map.
   757  **
   758  ** This routine updates the pointer map entry for page number 'key'
   759  ** so that it maps to type 'eType' and parent page number 'pgno'.
   760  **
   761  ** If *pRC is initially non-zero (non-SQLITE_OK) then this routine is
   762  ** a no-op.  If an error occurs, the appropriate error code is written
   763  ** into *pRC.
   764  */
   765  static void ptrmapPut(BtShared *pBt, Pgno key, u8 eType, Pgno parent, int *pRC){
   766    DbPage *pDbPage;  /* The pointer map page */
   767    u8 *pPtrmap;      /* The pointer map data */
   768    Pgno iPtrmap;     /* The pointer map page number */
   769    int offset;       /* Offset in pointer map page */
   770    int rc;           /* Return code from subfunctions */
   771  
   772    if( *pRC ) return;
   773  
   774    assert( sqlite3_mutex_held(pBt->mutex) );
   775    /* The master-journal page number must never be used as a pointer map page */
   776    assert( 0==PTRMAP_ISPAGE(pBt, PENDING_BYTE_PAGE(pBt)) );
   777  
   778    assert( pBt->autoVacuum );
   779    if( key==0 ){
   780      *pRC = SQLITE_CORRUPT_BKPT;
   781      return;
   782    }
   783    iPtrmap = PTRMAP_PAGENO(pBt, key);
   784    rc = sqlite3PagerGet(pBt->pPager, iPtrmap, &pDbPage);
   785    if( rc!=SQLITE_OK ){
   786      *pRC = rc;
   787      return;
   788    }
   789    offset = PTRMAP_PTROFFSET(iPtrmap, key);
   790    if( offset<0 ){
   791      *pRC = SQLITE_CORRUPT_BKPT;
   792      goto ptrmap_exit;
   793    }
   794    assert( offset <= (int)pBt->usableSize-5 );
   795    pPtrmap = (u8 *)sqlite3PagerGetData(pDbPage);
   796  
   797    if( eType!=pPtrmap[offset] || get4byte(&pPtrmap[offset+1])!=parent ){
   798      TRACE(("PTRMAP_UPDATE: %d->(%d,%d)\n", key, eType, parent));
   799      *pRC= rc = sqlite3PagerWrite(pDbPage);
   800      if( rc==SQLITE_OK ){
   801        pPtrmap[offset] = eType;
   802        put4byte(&pPtrmap[offset+1], parent);
   803      }
   804    }
   805  
   806  ptrmap_exit:
   807    sqlite3PagerUnref(pDbPage);
   808  }
   809  
   810  /*
   811  ** Read an entry from the pointer map.
   812  **
   813  ** This routine retrieves the pointer map entry for page 'key', writing
   814  ** the type and parent page number to *pEType and *pPgno respectively.
   815  ** An error code is returned if something goes wrong, otherwise SQLITE_OK.
   816  */
   817  static int ptrmapGet(BtShared *pBt, Pgno key, u8 *pEType, Pgno *pPgno){
   818    DbPage *pDbPage;   /* The pointer map page */
   819    int iPtrmap;       /* Pointer map page index */
   820    u8 *pPtrmap;       /* Pointer map page data */
   821    int offset;        /* Offset of entry in pointer map */
   822    int rc;
   823  
   824    assert( sqlite3_mutex_held(pBt->mutex) );
   825  
   826    iPtrmap = PTRMAP_PAGENO(pBt, key);
   827    rc = sqlite3PagerGet(pBt->pPager, iPtrmap, &pDbPage);
   828    if( rc!=0 ){
   829      return rc;
   830    }
   831    pPtrmap = (u8 *)sqlite3PagerGetData(pDbPage);
   832  
   833    offset = PTRMAP_PTROFFSET(iPtrmap, key);
   834    if( offset<0 ){
   835      sqlite3PagerUnref(pDbPage);
   836      return SQLITE_CORRUPT_BKPT;
   837    }
   838    assert( offset <= (int)pBt->usableSize-5 );
   839    assert( pEType!=0 );
   840    *pEType = pPtrmap[offset];
   841    if( pPgno ) *pPgno = get4byte(&pPtrmap[offset+1]);
   842  
   843    sqlite3PagerUnref(pDbPage);
   844    if( *pEType<1 || *pEType>5 ) return SQLITE_CORRUPT_BKPT;
   845    return SQLITE_OK;
   846  }
   847  
   848  #else /* if defined SQLITE_OMIT_AUTOVACUUM */
   849    #define ptrmapPut(w,x,y,z,rc)
   850    #define ptrmapGet(w,x,y,z) SQLITE_OK
   851    #define ptrmapPutOvflPtr(x, y, rc)
   852  #endif
   853  
   854  /*
   855  ** Given a btree page and a cell index (0 means the first cell on
   856  ** the page, 1 means the second cell, and so forth) return a pointer
   857  ** to the cell content.
   858  **
   859  ** This routine works only for pages that do not contain overflow cells.
   860  */
   861  #define findCell(P,I) \
   862    ((P)->aData + ((P)->maskPage & get2byte(&(P)->aCellIdx[2*(I)])))
   863  #define findCellv2(D,M,O,I) (D+(M&get2byte(D+(O+2*(I)))))
   864  
   865  
   866  /*
   867  ** This a more complex version of findCell() that works for
   868  ** pages that do contain overflow cells.
   869  */
   870  static u8 *findOverflowCell(MemPage *pPage, int iCell){
   871    int i;
   872    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
   873    for(i=pPage->nOverflow-1; i>=0; i--){
   874      int k;
   875      struct _OvflCell *pOvfl;
   876      pOvfl = &pPage->aOvfl[i];
   877      k = pOvfl->idx;
   878      if( k<=iCell ){
   879        if( k==iCell ){
   880          return pOvfl->pCell;
   881        }
   882        iCell--;
   883      }
   884    }
   885    return findCell(pPage, iCell);
   886  }
   887  
   888  /*
   889  ** Parse a cell content block and fill in the CellInfo structure.  There
   890  ** are two versions of this function.  btreeParseCell() takes a 
   891  ** cell index as the second argument and btreeParseCellPtr() 
   892  ** takes a pointer to the body of the cell as its second argument.
   893  **
   894  ** Within this file, the parseCell() macro can be called instead of
   895  ** btreeParseCellPtr(). Using some compilers, this will be faster.
   896  */
   897  static void btreeParseCellPtr(
   898    MemPage *pPage,         /* Page containing the cell */
   899    u8 *pCell,              /* Pointer to the cell text. */
   900    CellInfo *pInfo         /* Fill in this structure */
   901  ){
   902    u16 n;                  /* Number bytes in cell content header */
   903    u32 nPayload;           /* Number of bytes of cell payload */
   904  
   905    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
   906  
   907    pInfo->pCell = pCell;
   908    assert( pPage->leaf==0 || pPage->leaf==1 );
   909    n = pPage->childPtrSize;
   910    assert( n==4-4*pPage->leaf );
   911    if( pPage->intKey ){
   912      if( pPage->hasData ){
   913        n += getVarint32(&pCell[n], nPayload);
   914      }else{
   915        nPayload = 0;
   916      }
   917      n += getVarint(&pCell[n], (u64*)&pInfo->nKey);
   918      pInfo->nData = nPayload;
   919    }else{
   920      pInfo->nData = 0;
   921      n += getVarint32(&pCell[n], nPayload);
   922      pInfo->nKey = nPayload;
   923    }
   924    pInfo->nPayload = nPayload;
   925    pInfo->nHeader = n;
   926    testcase( nPayload==pPage->maxLocal );
   927    testcase( nPayload==pPage->maxLocal+1 );
   928    if( likely(nPayload<=pPage->maxLocal) ){
   929      /* This is the (easy) common case where the entire payload fits
   930      ** on the local page.  No overflow is required.
   931      */
   932      if( (pInfo->nSize = (u16)(n+nPayload))<4 ) pInfo->nSize = 4;
   933      pInfo->nLocal = (u16)nPayload;
   934      pInfo->iOverflow = 0;
   935    }else{
   936      /* If the payload will not fit completely on the local page, we have
   937      ** to decide how much to store locally and how much to spill onto
   938      ** overflow pages.  The strategy is to minimize the amount of unused
   939      ** space on overflow pages while keeping the amount of local storage
   940      ** in between minLocal and maxLocal.
   941      **
   942      ** Warning:  changing the way overflow payload is distributed in any
   943      ** way will result in an incompatible file format.
   944      */
   945      int minLocal;  /* Minimum amount of payload held locally */
   946      int maxLocal;  /* Maximum amount of payload held locally */
   947      int surplus;   /* Overflow payload available for local storage */
   948  
   949      minLocal = pPage->minLocal;
   950      maxLocal = pPage->maxLocal;
   951      surplus = minLocal + (nPayload - minLocal)%(pPage->pBt->usableSize - 4);
   952      testcase( surplus==maxLocal );
   953      testcase( surplus==maxLocal+1 );
   954      if( surplus <= maxLocal ){
   955        pInfo->nLocal = (u16)surplus;
   956      }else{
   957        pInfo->nLocal = (u16)minLocal;
   958      }
   959      pInfo->iOverflow = (u16)(pInfo->nLocal + n);
   960      pInfo->nSize = pInfo->iOverflow + 4;
   961    }
   962  }
   963  #define parseCell(pPage, iCell, pInfo) \
   964    btreeParseCellPtr((pPage), findCell((pPage), (iCell)), (pInfo))
   965  static void btreeParseCell(
   966    MemPage *pPage,         /* Page containing the cell */
   967    int iCell,              /* The cell index.  First cell is 0 */
   968    CellInfo *pInfo         /* Fill in this structure */
   969  ){
   970    parseCell(pPage, iCell, pInfo);
   971  }
   972  
   973  /*
   974  ** Compute the total number of bytes that a Cell needs in the cell
   975  ** data area of the btree-page.  The return number includes the cell
   976  ** data header and the local payload, but not any overflow page or
   977  ** the space used by the cell pointer.
   978  */
   979  static u16 cellSizePtr(MemPage *pPage, u8 *pCell){
   980    u8 *pIter = &pCell[pPage->childPtrSize];
   981    u32 nSize;
   982  
   983  #ifdef SQLITE_DEBUG
   984    /* The value returned by this function should always be the same as
   985    ** the (CellInfo.nSize) value found by doing a full parse of the
   986    ** cell. If SQLITE_DEBUG is defined, an assert() at the bottom of
   987    ** this function verifies that this invariant is not violated. */
   988    CellInfo debuginfo;
   989    btreeParseCellPtr(pPage, pCell, &debuginfo);
   990  #endif
   991  
   992    if( pPage->intKey ){
   993      u8 *pEnd;
   994      if( pPage->hasData ){
   995        pIter += getVarint32(pIter, nSize);
   996      }else{
   997        nSize = 0;
   998      }
   999  
  1000      /* pIter now points at the 64-bit integer key value, a variable length 
  1001      ** integer. The following block moves pIter to point at the first byte
  1002      ** past the end of the key value. */
  1003      pEnd = &pIter[9];
  1004      while( (*pIter++)&0x80 && pIter<pEnd );
  1005    }else{
  1006      pIter += getVarint32(pIter, nSize);
  1007    }
  1008  
  1009    testcase( nSize==pPage->maxLocal );
  1010    testcase( nSize==pPage->maxLocal+1 );
  1011    if( nSize>pPage->maxLocal ){
  1012      int minLocal = pPage->minLocal;
  1013      nSize = minLocal + (nSize - minLocal) % (pPage->pBt->usableSize - 4);
  1014      testcase( nSize==pPage->maxLocal );
  1015      testcase( nSize==pPage->maxLocal+1 );
  1016      if( nSize>pPage->maxLocal ){
  1017        nSize = minLocal;
  1018      }
  1019      nSize += 4;
  1020    }
  1021    nSize += (u32)(pIter - pCell);
  1022  
  1023    /* The minimum size of any cell is 4 bytes. */
  1024    if( nSize<4 ){
  1025      nSize = 4;
  1026    }
  1027  
  1028    assert( nSize==debuginfo.nSize );
  1029    return (u16)nSize;
  1030  }
  1031  
  1032  #ifdef SQLITE_DEBUG
  1033  /* This variation on cellSizePtr() is used inside of assert() statements
  1034  ** only. */
  1035  static u16 cellSize(MemPage *pPage, int iCell){
  1036    return cellSizePtr(pPage, findCell(pPage, iCell));
  1037  }
  1038  #endif
  1039  
  1040  #ifndef SQLITE_OMIT_AUTOVACUUM
  1041  /*
  1042  ** If the cell pCell, part of page pPage contains a pointer
  1043  ** to an overflow page, insert an entry into the pointer-map
  1044  ** for the overflow page.
  1045  */
  1046  static void ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell, int *pRC){
  1047    CellInfo info;
  1048    if( *pRC ) return;
  1049    assert( pCell!=0 );
  1050    btreeParseCellPtr(pPage, pCell, &info);
  1051    assert( (info.nData+(pPage->intKey?0:info.nKey))==info.nPayload );
  1052    if( info.iOverflow ){
  1053      Pgno ovfl = get4byte(&pCell[info.iOverflow]);
  1054      ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC);
  1055    }
  1056  }
  1057  #endif
  1058  
  1059  
  1060  /*
  1061  ** Defragment the page given.  All Cells are moved to the
  1062  ** end of the page and all free space is collected into one
  1063  ** big FreeBlk that occurs in between the header and cell
  1064  ** pointer array and the cell content area.
  1065  */
  1066  static int defragmentPage(MemPage *pPage){
  1067    int i;                     /* Loop counter */
  1068    int pc;                    /* Address of a i-th cell */
  1069    int hdr;                   /* Offset to the page header */
  1070    int size;                  /* Size of a cell */
  1071    int usableSize;            /* Number of usable bytes on a page */
  1072    int cellOffset;            /* Offset to the cell pointer array */
  1073    int cbrk;                  /* Offset to the cell content area */
  1074    int nCell;                 /* Number of cells on the page */
  1075    unsigned char *data;       /* The page data */
  1076    unsigned char *temp;       /* Temp area for cell content */
  1077    int iCellFirst;            /* First allowable cell index */
  1078    int iCellLast;             /* Last possible cell index */
  1079  
  1080  
  1081    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  1082    assert( pPage->pBt!=0 );
  1083    assert( pPage->pBt->usableSize <= SQLITE_MAX_PAGE_SIZE );
  1084    assert( pPage->nOverflow==0 );
  1085    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  1086    temp = sqlite3PagerTempSpace(pPage->pBt->pPager);
  1087    data = pPage->aData;
  1088    hdr = pPage->hdrOffset;
  1089    cellOffset = pPage->cellOffset;
  1090    nCell = pPage->nCell;
  1091    assert( nCell==get2byte(&data[hdr+3]) );
  1092    usableSize = pPage->pBt->usableSize;
  1093    cbrk = get2byte(&data[hdr+5]);
  1094    memcpy(&temp[cbrk], &data[cbrk], usableSize - cbrk);
  1095    cbrk = usableSize;
  1096    iCellFirst = cellOffset + 2*nCell;
  1097    iCellLast = usableSize - 4;
  1098    for(i=0; i<nCell; i++){
  1099      u8 *pAddr;     /* The i-th cell pointer */
  1100      pAddr = &data[cellOffset + i*2];
  1101      pc = get2byte(pAddr);
  1102      testcase( pc==iCellFirst );
  1103      testcase( pc==iCellLast );
  1104  #if !defined(SQLITE_ENABLE_OVERSIZE_CELL_CHECK)
  1105      /* These conditions have already been verified in btreeInitPage()
  1106      ** if SQLITE_ENABLE_OVERSIZE_CELL_CHECK is defined 
  1107      */
  1108      if( pc<iCellFirst || pc>iCellLast ){
  1109        return SQLITE_CORRUPT_BKPT;
  1110      }
  1111  #endif
  1112      assert( pc>=iCellFirst && pc<=iCellLast );
  1113      size = cellSizePtr(pPage, &temp[pc]);
  1114      cbrk -= size;
  1115  #if defined(SQLITE_ENABLE_OVERSIZE_CELL_CHECK)
  1116      if( cbrk<iCellFirst ){
  1117        return SQLITE_CORRUPT_BKPT;
  1118      }
  1119  #else
  1120      if( cbrk<iCellFirst || pc+size>usableSize ){
  1121        return SQLITE_CORRUPT_BKPT;
  1122      }
  1123  #endif
  1124      assert( cbrk+size<=usableSize && cbrk>=iCellFirst );
  1125      testcase( cbrk+size==usableSize );
  1126      testcase( pc+size==usableSize );
  1127      memcpy(&data[cbrk], &temp[pc], size);
  1128      put2byte(pAddr, cbrk);
  1129    }
  1130    assert( cbrk>=iCellFirst );
  1131    put2byte(&data[hdr+5], cbrk);
  1132    data[hdr+1] = 0;
  1133    data[hdr+2] = 0;
  1134    data[hdr+7] = 0;
  1135    memset(&data[iCellFirst], 0, cbrk-iCellFirst);
  1136    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  1137    if( cbrk-iCellFirst!=pPage->nFree ){
  1138      return SQLITE_CORRUPT_BKPT;
  1139    }
  1140    return SQLITE_OK;
  1141  }
  1142  
  1143  /*
  1144  ** Allocate nByte bytes of space from within the B-Tree page passed
  1145  ** as the first argument. Write into *pIdx the index into pPage->aData[]
  1146  ** of the first byte of allocated space. Return either SQLITE_OK or
  1147  ** an error code (usually SQLITE_CORRUPT).
  1148  **
  1149  ** The caller guarantees that there is sufficient space to make the
  1150  ** allocation.  This routine might need to defragment in order to bring
  1151  ** all the space together, however.  This routine will avoid using
  1152  ** the first two bytes past the cell pointer area since presumably this
  1153  ** allocation is being made in order to insert a new cell, so we will
  1154  ** also end up needing a new cell pointer.
  1155  */
  1156  static int allocateSpace(MemPage *pPage, int nByte, int *pIdx){
  1157    const int hdr = pPage->hdrOffset;    /* Local cache of pPage->hdrOffset */
  1158    u8 * const data = pPage->aData;      /* Local cache of pPage->aData */
  1159    int nFrag;                           /* Number of fragmented bytes on pPage */
  1160    int top;                             /* First byte of cell content area */
  1161    int gap;        /* First byte of gap between cell pointers and cell content */
  1162    int rc;         /* Integer return code */
  1163    int usableSize; /* Usable size of the page */
  1164    
  1165    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  1166    assert( pPage->pBt );
  1167    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  1168    assert( nByte>=0 );  /* Minimum cell size is 4 */
  1169    assert( pPage->nFree>=nByte );
  1170    assert( pPage->nOverflow==0 );
  1171    usableSize = pPage->pBt->usableSize;
  1172    assert( nByte < usableSize-8 );
  1173  
  1174    nFrag = data[hdr+7];
  1175    assert( pPage->cellOffset == hdr + 12 - 4*pPage->leaf );
  1176    gap = pPage->cellOffset + 2*pPage->nCell;
  1177    top = get2byteNotZero(&data[hdr+5]);
  1178    if( gap>top ) return SQLITE_CORRUPT_BKPT;
  1179    testcase( gap+2==top );
  1180    testcase( gap+1==top );
  1181    testcase( gap==top );
  1182  
  1183    if( nFrag>=60 ){
  1184      /* Always defragment highly fragmented pages */
  1185      rc = defragmentPage(pPage);
  1186      if( rc ) return rc;
  1187      top = get2byteNotZero(&data[hdr+5]);
  1188    }else if( gap+2<=top ){
  1189      /* Search the freelist looking for a free slot big enough to satisfy 
  1190      ** the request. The allocation is made from the first free slot in 
  1191      ** the list that is large enough to accomadate it.
  1192      */
  1193      int pc, addr;
  1194      for(addr=hdr+1; (pc = get2byte(&data[addr]))>0; addr=pc){
  1195        int size;            /* Size of the free slot */
  1196        if( pc>usableSize-4 || pc<addr+4 ){
  1197          return SQLITE_CORRUPT_BKPT;
  1198        }
  1199        size = get2byte(&data[pc+2]);
  1200        if( size>=nByte ){
  1201          int x = size - nByte;
  1202          testcase( x==4 );
  1203          testcase( x==3 );
  1204          if( x<4 ){
  1205            /* Remove the slot from the free-list. Update the number of
  1206            ** fragmented bytes within the page. */
  1207            memcpy(&data[addr], &data[pc], 2);
  1208            data[hdr+7] = (u8)(nFrag + x);
  1209          }else if( size+pc > usableSize ){
  1210            return SQLITE_CORRUPT_BKPT;
  1211          }else{
  1212            /* The slot remains on the free-list. Reduce its size to account
  1213            ** for the portion used by the new allocation. */
  1214            put2byte(&data[pc+2], x);
  1215          }
  1216          *pIdx = pc + x;
  1217          return SQLITE_OK;
  1218        }
  1219      }
  1220    }
  1221  
  1222    /* Check to make sure there is enough space in the gap to satisfy
  1223    ** the allocation.  If not, defragment.
  1224    */
  1225    testcase( gap+2+nByte==top );
  1226    if( gap+2+nByte>top ){
  1227      rc = defragmentPage(pPage);
  1228      if( rc ) return rc;
  1229      top = get2byteNotZero(&data[hdr+5]);
  1230      assert( gap+nByte<=top );
  1231    }
  1232  
  1233  
  1234    /* Allocate memory from the gap in between the cell pointer array
  1235    ** and the cell content area.  The btreeInitPage() call has already
  1236    ** validated the freelist.  Given that the freelist is valid, there
  1237    ** is no way that the allocation can extend off the end of the page.
  1238    ** The assert() below verifies the previous sentence.
  1239    */
  1240    top -= nByte;
  1241    put2byte(&data[hdr+5], top);
  1242    assert( top+nByte <= (int)pPage->pBt->usableSize );
  1243    *pIdx = top;
  1244    return SQLITE_OK;
  1245  }
  1246  
  1247  /*
  1248  ** Return a section of the pPage->aData to the freelist.
  1249  ** The first byte of the new free block is pPage->aDisk[start]
  1250  ** and the size of the block is "size" bytes.
  1251  **
  1252  ** Most of the effort here is involved in coalesing adjacent
  1253  ** free blocks into a single big free block.
  1254  */
  1255  static int freeSpace(MemPage *pPage, int start, int size){
  1256    int addr, pbegin, hdr;
  1257    int iLast;                        /* Largest possible freeblock offset */
  1258    unsigned char *data = pPage->aData;
  1259  
  1260    assert( pPage->pBt!=0 );
  1261    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  1262    assert( start>=pPage->hdrOffset+6+pPage->childPtrSize );
  1263    assert( (start + size) <= (int)pPage->pBt->usableSize );
  1264    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  1265    assert( size>=0 );   /* Minimum cell size is 4 */
  1266  
  1267    if( pPage->pBt->secureDelete ){
  1268      /* Overwrite deleted information with zeros when the secure_delete
  1269      ** option is enabled */
  1270      memset(&data[start], 0, size);
  1271    }
  1272  
  1273    /* Add the space back into the linked list of freeblocks.  Note that
  1274    ** even though the freeblock list was checked by btreeInitPage(),
  1275    ** btreeInitPage() did not detect overlapping cells or
  1276    ** freeblocks that overlapped cells.   Nor does it detect when the
  1277    ** cell content area exceeds the value in the page header.  If these
  1278    ** situations arise, then subsequent insert operations might corrupt
  1279    ** the freelist.  So we do need to check for corruption while scanning
  1280    ** the freelist.
  1281    */
  1282    hdr = pPage->hdrOffset;
  1283    addr = hdr + 1;
  1284    iLast = pPage->pBt->usableSize - 4;
  1285    assert( start<=iLast );
  1286    while( (pbegin = get2byte(&data[addr]))<start && pbegin>0 ){
  1287      if( pbegin<addr+4 ){
  1288        return SQLITE_CORRUPT_BKPT;
  1289      }
  1290      addr = pbegin;
  1291    }
  1292    if( pbegin>iLast ){
  1293      return SQLITE_CORRUPT_BKPT;
  1294    }
  1295    assert( pbegin>addr || pbegin==0 );
  1296    put2byte(&data[addr], start);
  1297    put2byte(&data[start], pbegin);
  1298    put2byte(&data[start+2], size);
  1299    pPage->nFree = pPage->nFree + (u16)size;
  1300  
  1301    /* Coalesce adjacent free blocks */
  1302    addr = hdr + 1;
  1303    while( (pbegin = get2byte(&data[addr]))>0 ){
  1304      int pnext, psize, x;
  1305      assert( pbegin>addr );
  1306      assert( pbegin <= (int)pPage->pBt->usableSize-4 );
  1307      pnext = get2byte(&data[pbegin]);
  1308      psize = get2byte(&data[pbegin+2]);
  1309      if( pbegin + psize + 3 >= pnext && pnext>0 ){
  1310        int frag = pnext - (pbegin+psize);
  1311        if( (frag<0) || (frag>(int)data[hdr+7]) ){
  1312          return SQLITE_CORRUPT_BKPT;
  1313        }
  1314        data[hdr+7] -= (u8)frag;
  1315        x = get2byte(&data[pnext]);
  1316        put2byte(&data[pbegin], x);
  1317        x = pnext + get2byte(&data[pnext+2]) - pbegin;
  1318        put2byte(&data[pbegin+2], x);
  1319      }else{
  1320        addr = pbegin;
  1321      }
  1322    }
  1323  
  1324    /* If the cell content area begins with a freeblock, remove it. */
  1325    if( data[hdr+1]==data[hdr+5] && data[hdr+2]==data[hdr+6] ){
  1326      int top;
  1327      pbegin = get2byte(&data[hdr+1]);
  1328      memcpy(&data[hdr+1], &data[pbegin], 2);
  1329      top = get2byte(&data[hdr+5]) + get2byte(&data[pbegin+2]);
  1330      put2byte(&data[hdr+5], top);
  1331    }
  1332    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  1333    return SQLITE_OK;
  1334  }
  1335  
  1336  /*
  1337  ** Decode the flags byte (the first byte of the header) for a page
  1338  ** and initialize fields of the MemPage structure accordingly.
  1339  **
  1340  ** Only the following combinations are supported.  Anything different
  1341  ** indicates a corrupt database files:
  1342  **
  1343  **         PTF_ZERODATA
  1344  **         PTF_ZERODATA | PTF_LEAF
  1345  **         PTF_LEAFDATA | PTF_INTKEY
  1346  **         PTF_LEAFDATA | PTF_INTKEY | PTF_LEAF
  1347  */
  1348  static int decodeFlags(MemPage *pPage, int flagByte){
  1349    BtShared *pBt;     /* A copy of pPage->pBt */
  1350  
  1351    assert( pPage->hdrOffset==(pPage->pgno==1 ? 100 : 0) );
  1352    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  1353    pPage->leaf = (u8)(flagByte>>3);  assert( PTF_LEAF == 1<<3 );
  1354    flagByte &= ~PTF_LEAF;
  1355    pPage->childPtrSize = 4-4*pPage->leaf;
  1356    pBt = pPage->pBt;
  1357    if( flagByte==(PTF_LEAFDATA | PTF_INTKEY) ){
  1358      pPage->intKey = 1;
  1359      pPage->hasData = pPage->leaf;
  1360      pPage->maxLocal = pBt->maxLeaf;
  1361      pPage->minLocal = pBt->minLeaf;
  1362    }else if( flagByte==PTF_ZERODATA ){
  1363      pPage->intKey = 0;
  1364      pPage->hasData = 0;
  1365      pPage->maxLocal = pBt->maxLocal;
  1366      pPage->minLocal = pBt->minLocal;
  1367    }else{
  1368      return SQLITE_CORRUPT_BKPT;
  1369    }
  1370    return SQLITE_OK;
  1371  }
  1372  
  1373  /*
  1374  ** Initialize the auxiliary information for a disk block.
  1375  **
  1376  ** Return SQLITE_OK on success.  If we see that the page does
  1377  ** not contain a well-formed database page, then return 
  1378  ** SQLITE_CORRUPT.  Note that a return of SQLITE_OK does not
  1379  ** guarantee that the page is well-formed.  It only shows that
  1380  ** we failed to detect any corruption.
  1381  */
  1382  static int btreeInitPage(MemPage *pPage){
  1383  
  1384    assert( pPage->pBt!=0 );
  1385    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  1386    assert( pPage->pgno==sqlite3PagerPagenumber(pPage->pDbPage) );
  1387    assert( pPage == sqlite3PagerGetExtra(pPage->pDbPage) );
  1388    assert( pPage->aData == sqlite3PagerGetData(pPage->pDbPage) );
  1389  
  1390    if( !pPage->isInit ){
  1391      u16 pc;            /* Address of a freeblock within pPage->aData[] */
  1392      u8 hdr;            /* Offset to beginning of page header */
  1393      u8 *data;          /* Equal to pPage->aData */
  1394      BtShared *pBt;        /* The main btree structure */
  1395      int usableSize;    /* Amount of usable space on each page */
  1396      u16 cellOffset;    /* Offset from start of page to first cell pointer */
  1397      int nFree;         /* Number of unused bytes on the page */
  1398      int top;           /* First byte of the cell content area */
  1399      int iCellFirst;    /* First allowable cell or freeblock offset */
  1400      int iCellLast;     /* Last possible cell or freeblock offset */
  1401  
  1402      pBt = pPage->pBt;
  1403  
  1404      hdr = pPage->hdrOffset;
  1405      data = pPage->aData;
  1406      if( decodeFlags(pPage, data[hdr]) ) return SQLITE_CORRUPT_BKPT;
  1407      assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
  1408      pPage->maskPage = (u16)(pBt->pageSize - 1);
  1409      pPage->nOverflow = 0;
  1410      usableSize = pBt->usableSize;
  1411      pPage->cellOffset = cellOffset = hdr + 12 - 4*pPage->leaf;
  1412      pPage->aDataEnd = &data[usableSize];
  1413      pPage->aCellIdx = &data[cellOffset];
  1414      top = get2byteNotZero(&data[hdr+5]);
  1415      pPage->nCell = get2byte(&data[hdr+3]);
  1416      if( pPage->nCell>MX_CELL(pBt) ){
  1417        /* To many cells for a single page.  The page must be corrupt */
  1418        return SQLITE_CORRUPT_BKPT;
  1419      }
  1420      testcase( pPage->nCell==MX_CELL(pBt) );
  1421  
  1422      /* A malformed database page might cause us to read past the end
  1423      ** of page when parsing a cell.  
  1424      **
  1425      ** The following block of code checks early to see if a cell extends
  1426      ** past the end of a page boundary and causes SQLITE_CORRUPT to be 
  1427      ** returned if it does.
  1428      */
  1429      iCellFirst = cellOffset + 2*pPage->nCell;
  1430      iCellLast = usableSize - 4;
  1431  #if defined(SQLITE_ENABLE_OVERSIZE_CELL_CHECK)
  1432      {
  1433        int i;            /* Index into the cell pointer array */
  1434        int sz;           /* Size of a cell */
  1435  
  1436        if( !pPage->leaf ) iCellLast--;
  1437        for(i=0; i<pPage->nCell; i++){
  1438          pc = get2byte(&data[cellOffset+i*2]);
  1439          testcase( pc==iCellFirst );
  1440          testcase( pc==iCellLast );
  1441          if( pc<iCellFirst || pc>iCellLast ){
  1442            return SQLITE_CORRUPT_BKPT;
  1443          }
  1444          sz = cellSizePtr(pPage, &data[pc]);
  1445          testcase( pc+sz==usableSize );
  1446          if( pc+sz>usableSize ){
  1447            return SQLITE_CORRUPT_BKPT;
  1448          }
  1449        }
  1450        if( !pPage->leaf ) iCellLast++;
  1451      }  
  1452  #endif
  1453  
  1454      /* Compute the total free space on the page */
  1455      pc = get2byte(&data[hdr+1]);
  1456      nFree = data[hdr+7] + top;
  1457      while( pc>0 ){
  1458        u16 next, size;
  1459        if( pc<iCellFirst || pc>iCellLast ){
  1460          /* Start of free block is off the page */
  1461          return SQLITE_CORRUPT_BKPT; 
  1462        }
  1463        next = get2byte(&data[pc]);
  1464        size = get2byte(&data[pc+2]);
  1465        if( (next>0 && next<=pc+size+3) || pc+size>usableSize ){
  1466          /* Free blocks must be in ascending order. And the last byte of
  1467  	** the free-block must lie on the database page.  */
  1468          return SQLITE_CORRUPT_BKPT; 
  1469        }
  1470        nFree = nFree + size;
  1471        pc = next;
  1472      }
  1473  
  1474      /* At this point, nFree contains the sum of the offset to the start
  1475      ** of the cell-content area plus the number of free bytes within
  1476      ** the cell-content area. If this is greater than the usable-size
  1477      ** of the page, then the page must be corrupted. This check also
  1478      ** serves to verify that the offset to the start of the cell-content
  1479      ** area, according to the page header, lies within the page.
  1480      */
  1481      if( nFree>usableSize ){
  1482        return SQLITE_CORRUPT_BKPT; 
  1483      }
  1484      pPage->nFree = (u16)(nFree - iCellFirst);
  1485      pPage->isInit = 1;
  1486    }
  1487    return SQLITE_OK;
  1488  }
  1489  
  1490  /*
  1491  ** Set up a raw page so that it looks like a database page holding
  1492  ** no entries.
  1493  */
  1494  static void zeroPage(MemPage *pPage, int flags){
  1495    unsigned char *data = pPage->aData;
  1496    BtShared *pBt = pPage->pBt;
  1497    u8 hdr = pPage->hdrOffset;
  1498    u16 first;
  1499  
  1500    assert( sqlite3PagerPagenumber(pPage->pDbPage)==pPage->pgno );
  1501    assert( sqlite3PagerGetExtra(pPage->pDbPage) == (void*)pPage );
  1502    assert( sqlite3PagerGetData(pPage->pDbPage) == data );
  1503    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  1504    assert( sqlite3_mutex_held(pBt->mutex) );
  1505    if( pBt->secureDelete ){
  1506      memset(&data[hdr], 0, pBt->usableSize - hdr);
  1507    }
  1508    data[hdr] = (char)flags;
  1509    first = hdr + 8 + 4*((flags&PTF_LEAF)==0 ?1:0);
  1510    memset(&data[hdr+1], 0, 4);
  1511    data[hdr+7] = 0;
  1512    put2byte(&data[hdr+5], pBt->usableSize);
  1513    pPage->nFree = (u16)(pBt->usableSize - first);
  1514    decodeFlags(pPage, flags);
  1515    pPage->hdrOffset = hdr;
  1516    pPage->cellOffset = first;
  1517    pPage->aDataEnd = &data[pBt->usableSize];
  1518    pPage->aCellIdx = &data[first];
  1519    pPage->nOverflow = 0;
  1520    assert( pBt->pageSize>=512 && pBt->pageSize<=65536 );
  1521    pPage->maskPage = (u16)(pBt->pageSize - 1);
  1522    pPage->nCell = 0;
  1523    pPage->isInit = 1;
  1524  }
  1525  
  1526  
  1527  /*
  1528  ** Convert a DbPage obtained from the pager into a MemPage used by
  1529  ** the btree layer.
  1530  */
  1531  static MemPage *btreePageFromDbPage(DbPage *pDbPage, Pgno pgno, BtShared *pBt){
  1532    MemPage *pPage = (MemPage*)sqlite3PagerGetExtra(pDbPage);
  1533    pPage->aData = sqlite3PagerGetData(pDbPage);
  1534    pPage->pDbPage = pDbPage;
  1535    pPage->pBt = pBt;
  1536    pPage->pgno = pgno;
  1537    pPage->hdrOffset = pPage->pgno==1 ? 100 : 0;
  1538    return pPage; 
  1539  }
  1540  
  1541  /*
  1542  ** Get a page from the pager.  Initialize the MemPage.pBt and
  1543  ** MemPage.aData elements if needed.
  1544  **
  1545  ** If the noContent flag is set, it means that we do not care about
  1546  ** the content of the page at this time.  So do not go to the disk
  1547  ** to fetch the content.  Just fill in the content with zeros for now.
  1548  ** If in the future we call sqlite3PagerWrite() on this page, that
  1549  ** means we have started to be concerned about content and the disk
  1550  ** read should occur at that point.
  1551  */
  1552  static int btreeGetPage(
  1553    BtShared *pBt,       /* The btree */
  1554    Pgno pgno,           /* Number of the page to fetch */
  1555    MemPage **ppPage,    /* Return the page in this parameter */
  1556    int noContent        /* Do not load page content if true */
  1557  ){
  1558    int rc;
  1559    DbPage *pDbPage;
  1560  
  1561    assert( sqlite3_mutex_held(pBt->mutex) );
  1562    rc = sqlite3PagerAcquire(pBt->pPager, pgno, (DbPage**)&pDbPage, noContent);
  1563    if( rc ) return rc;
  1564    *ppPage = btreePageFromDbPage(pDbPage, pgno, pBt);
  1565    return SQLITE_OK;
  1566  }
  1567  
  1568  /*
  1569  ** Retrieve a page from the pager cache. If the requested page is not
  1570  ** already in the pager cache return NULL. Initialize the MemPage.pBt and
  1571  ** MemPage.aData elements if needed.
  1572  */
  1573  static MemPage *btreePageLookup(BtShared *pBt, Pgno pgno){
  1574    DbPage *pDbPage;
  1575    assert( sqlite3_mutex_held(pBt->mutex) );
  1576    pDbPage = sqlite3PagerLookup(pBt->pPager, pgno);
  1577    if( pDbPage ){
  1578      return btreePageFromDbPage(pDbPage, pgno, pBt);
  1579    }
  1580    return 0;
  1581  }
  1582  
  1583  /*
  1584  ** Return the size of the database file in pages. If there is any kind of
  1585  ** error, return ((unsigned int)-1).
  1586  */
  1587  static Pgno btreePagecount(BtShared *pBt){
  1588    return pBt->nPage;
  1589  }
  1590  u32 sqlite3BtreeLastPage(Btree *p){
  1591    assert( sqlite3BtreeHoldsMutex(p) );
  1592    assert( ((p->pBt->nPage)&0x8000000)==0 );
  1593    return (int)btreePagecount(p->pBt);
  1594  }
  1595  
  1596  /*
  1597  ** Get a page from the pager and initialize it.  This routine is just a
  1598  ** convenience wrapper around separate calls to btreeGetPage() and 
  1599  ** btreeInitPage().
  1600  **
  1601  ** If an error occurs, then the value *ppPage is set to is undefined. It
  1602  ** may remain unchanged, or it may be set to an invalid value.
  1603  */
  1604  static int getAndInitPage(
  1605    BtShared *pBt,          /* The database file */
  1606    Pgno pgno,           /* Number of the page to get */
  1607    MemPage **ppPage     /* Write the page pointer here */
  1608  ){
  1609    int rc;
  1610    assert( sqlite3_mutex_held(pBt->mutex) );
  1611  
  1612    if( pgno>btreePagecount(pBt) ){
  1613      rc = SQLITE_CORRUPT_BKPT;
  1614    }else{
  1615      rc = btreeGetPage(pBt, pgno, ppPage, 0);
  1616      if( rc==SQLITE_OK ){
  1617        rc = btreeInitPage(*ppPage);
  1618        if( rc!=SQLITE_OK ){
  1619          releasePage(*ppPage);
  1620        }
  1621      }
  1622    }
  1623  
  1624    testcase( pgno==0 );
  1625    assert( pgno!=0 || rc==SQLITE_CORRUPT );
  1626    return rc;
  1627  }
  1628  
  1629  /*
  1630  ** Release a MemPage.  This should be called once for each prior
  1631  ** call to btreeGetPage.
  1632  */
  1633  static void releasePage(MemPage *pPage){
  1634    if( pPage ){
  1635      assert( pPage->aData );
  1636      assert( pPage->pBt );
  1637      assert( sqlite3PagerGetExtra(pPage->pDbPage) == (void*)pPage );
  1638      assert( sqlite3PagerGetData(pPage->pDbPage)==pPage->aData );
  1639      assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  1640      sqlite3PagerUnref(pPage->pDbPage);
  1641    }
  1642  }
  1643  
  1644  /*
  1645  ** During a rollback, when the pager reloads information into the cache
  1646  ** so that the cache is restored to its original state at the start of
  1647  ** the transaction, for each page restored this routine is called.
  1648  **
  1649  ** This routine needs to reset the extra data section at the end of the
  1650  ** page to agree with the restored data.
  1651  */
  1652  static void pageReinit(DbPage *pData){
  1653    MemPage *pPage;
  1654    pPage = (MemPage *)sqlite3PagerGetExtra(pData);
  1655    assert( sqlite3PagerPageRefcount(pData)>0 );
  1656    if( pPage->isInit ){
  1657      assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  1658      pPage->isInit = 0;
  1659      if( sqlite3PagerPageRefcount(pData)>1 ){
  1660        /* pPage might not be a btree page;  it might be an overflow page
  1661        ** or ptrmap page or a free page.  In those cases, the following
  1662        ** call to btreeInitPage() will likely return SQLITE_CORRUPT.
  1663        ** But no harm is done by this.  And it is very important that
  1664        ** btreeInitPage() be called on every btree page so we make
  1665        ** the call for every page that comes in for re-initing. */
  1666        btreeInitPage(pPage);
  1667      }
  1668    }
  1669  }
  1670  
  1671  /*
  1672  ** Invoke the busy handler for a btree.
  1673  */
  1674  static int btreeInvokeBusyHandler(void *pArg){
  1675    BtShared *pBt = (BtShared*)pArg;
  1676    assert( pBt->db );
  1677    assert( sqlite3_mutex_held(pBt->db->mutex) );
  1678    return sqlite3InvokeBusyHandler(&pBt->db->busyHandler);
  1679  }
  1680  
  1681  /*
  1682  ** Open a database file.
  1683  ** 
  1684  ** zFilename is the name of the database file.  If zFilename is NULL
  1685  ** then an ephemeral database is created.  The ephemeral database might
  1686  ** be exclusively in memory, or it might use a disk-based memory cache.
  1687  ** Either way, the ephemeral database will be automatically deleted 
  1688  ** when sqlite3BtreeClose() is called.
  1689  **
  1690  ** If zFilename is ":memory:" then an in-memory database is created
  1691  ** that is automatically destroyed when it is closed.
  1692  **
  1693  ** The "flags" parameter is a bitmask that might contain bits
  1694  ** BTREE_OMIT_JOURNAL and/or BTREE_NO_READLOCK.  The BTREE_NO_READLOCK
  1695  ** bit is also set if the SQLITE_NoReadlock flags is set in db->flags.
  1696  ** These flags are passed through into sqlite3PagerOpen() and must
  1697  ** be the same values as PAGER_OMIT_JOURNAL and PAGER_NO_READLOCK.
  1698  **
  1699  ** If the database is already opened in the same database connection
  1700  ** and we are in shared cache mode, then the open will fail with an
  1701  ** SQLITE_CONSTRAINT error.  We cannot allow two or more BtShared
  1702  ** objects in the same database connection since doing so will lead
  1703  ** to problems with locking.
  1704  */
  1705  int sqlite3BtreeOpen(
  1706    sqlite3_vfs *pVfs,      /* VFS to use for this b-tree */
  1707    const char *zFilename,  /* Name of the file containing the BTree database */
  1708    sqlite3 *db,            /* Associated database handle */
  1709    Btree **ppBtree,        /* Pointer to new Btree object written here */
  1710    int flags,              /* Options */
  1711    int vfsFlags            /* Flags passed through to sqlite3_vfs.xOpen() */
  1712  ){
  1713    BtShared *pBt = 0;             /* Shared part of btree structure */
  1714    Btree *p;                      /* Handle to return */
  1715    sqlite3_mutex *mutexOpen = 0;  /* Prevents a race condition. Ticket #3537 */
  1716    int rc = SQLITE_OK;            /* Result code from this function */
  1717    u8 nReserve;                   /* Byte of unused space on each page */
  1718    unsigned char zDbHeader[100];  /* Database header content */
  1719  
  1720    /* True if opening an ephemeral, temporary database */
  1721    const int isTempDb = zFilename==0 || zFilename[0]==0;
  1722  
  1723    /* Set the variable isMemdb to true for an in-memory database, or 
  1724    ** false for a file-based database.
  1725    */
  1726  #ifdef SQLITE_OMIT_MEMORYDB
  1727    const int isMemdb = 0;
  1728  #else
  1729    const int isMemdb = (zFilename && strcmp(zFilename, ":memory:")==0)
  1730                         || (isTempDb && sqlite3TempInMemory(db));
  1731  #endif
  1732  
  1733    assert( db!=0 );
  1734    assert( pVfs!=0 );
  1735    assert( sqlite3_mutex_held(db->mutex) );
  1736    assert( (flags&0xff)==flags );   /* flags fit in 8 bits */
  1737  
  1738    /* Only a BTREE_SINGLE database can be BTREE_UNORDERED */
  1739    assert( (flags & BTREE_UNORDERED)==0 || (flags & BTREE_SINGLE)!=0 );
  1740  
  1741    /* A BTREE_SINGLE database is always a temporary and/or ephemeral */
  1742    assert( (flags & BTREE_SINGLE)==0 || isTempDb );
  1743  
  1744    if( db->flags & SQLITE_NoReadlock ){
  1745      flags |= BTREE_NO_READLOCK;
  1746    }
  1747    if( isMemdb ){
  1748      flags |= BTREE_MEMORY;
  1749    }
  1750    if( (vfsFlags & SQLITE_OPEN_MAIN_DB)!=0 && (isMemdb || isTempDb) ){
  1751      vfsFlags = (vfsFlags & ~SQLITE_OPEN_MAIN_DB) | SQLITE_OPEN_TEMP_DB;
  1752    }
  1753    p = sqlite3MallocZero(sizeof(Btree));
  1754    if( !p ){
  1755      return SQLITE_NOMEM;
  1756    }
  1757    p->inTrans = TRANS_NONE;
  1758    p->db = db;
  1759  #ifndef SQLITE_OMIT_SHARED_CACHE
  1760    p->lock.pBtree = p;
  1761    p->lock.iTable = 1;
  1762  #endif
  1763  
  1764  #if !defined(SQLITE_OMIT_SHARED_CACHE) && !defined(SQLITE_OMIT_DISKIO)
  1765    /*
  1766    ** If this Btree is a candidate for shared cache, try to find an
  1767    ** existing BtShared object that we can share with
  1768    */
  1769    if( isMemdb==0 && isTempDb==0 ){
  1770      if( vfsFlags & SQLITE_OPEN_SHAREDCACHE ){
  1771        int nFullPathname = pVfs->mxPathname+1;
  1772        char *zFullPathname = sqlite3Malloc(nFullPathname);
  1773        MUTEX_LOGIC( sqlite3_mutex *mutexShared; )
  1774        p->sharable = 1;
  1775        if( !zFullPathname ){
  1776          sqlite3_free(p);
  1777          return SQLITE_NOMEM;
  1778        }
  1779        rc = sqlite3OsFullPathname(pVfs, zFilename, nFullPathname, zFullPathname);
  1780        if( rc ){
  1781          sqlite3_free(zFullPathname);
  1782          sqlite3_free(p);
  1783          return rc;
  1784        }
  1785  #if SQLITE_THREADSAFE
  1786        mutexOpen = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_OPEN);
  1787        sqlite3_mutex_enter(mutexOpen);
  1788        mutexShared = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);
  1789        sqlite3_mutex_enter(mutexShared);
  1790  #endif
  1791        for(pBt=GLOBAL(BtShared*,sqlite3SharedCacheList); pBt; pBt=pBt->pNext){
  1792          assert( pBt->nRef>0 );
  1793          if( 0==strcmp(zFullPathname, sqlite3PagerFilename(pBt->pPager))
  1794                   && sqlite3PagerVfs(pBt->pPager)==pVfs ){
  1795            int iDb;
  1796            for(iDb=db->nDb-1; iDb>=0; iDb--){
  1797              Btree *pExisting = db->aDb[iDb].pBt;
  1798              if( pExisting && pExisting->pBt==pBt ){
  1799                sqlite3_mutex_leave(mutexShared);
  1800                sqlite3_mutex_leave(mutexOpen);
  1801                sqlite3_free(zFullPathname);
  1802                sqlite3_free(p);
  1803                return SQLITE_CONSTRAINT;
  1804              }
  1805            }
  1806            p->pBt = pBt;
  1807            pBt->nRef++;
  1808            break;
  1809          }
  1810        }
  1811        sqlite3_mutex_leave(mutexShared);
  1812        sqlite3_free(zFullPathname);
  1813      }
  1814  #ifdef SQLITE_DEBUG
  1815      else{
  1816        /* In debug mode, we mark all persistent databases as sharable
  1817        ** even when they are not.  This exercises the locking code and
  1818        ** gives more opportunity for asserts(sqlite3_mutex_held())
  1819        ** statements to find locking problems.
  1820        */
  1821        p->sharable = 1;
  1822      }
  1823  #endif
  1824    }
  1825  #endif
  1826    if( pBt==0 ){
  1827      /*
  1828      ** The following asserts make sure that structures used by the btree are
  1829      ** the right size.  This is to guard against size changes that result
  1830      ** when compiling on a different architecture.
  1831      */
  1832      assert( sizeof(i64)==8 || sizeof(i64)==4 );
  1833      assert( sizeof(u64)==8 || sizeof(u64)==4 );
  1834      assert( sizeof(u32)==4 );
  1835      assert( sizeof(u16)==2 );
  1836      assert( sizeof(Pgno)==4 );
  1837    
  1838      pBt = sqlite3MallocZero( sizeof(*pBt) );
  1839      if( pBt==0 ){
  1840        rc = SQLITE_NOMEM;
  1841        goto btree_open_out;
  1842      }
  1843      rc = sqlite3PagerOpen(pVfs, &pBt->pPager, zFilename,
  1844                            EXTRA_SIZE, flags, vfsFlags, pageReinit);
  1845      if( rc==SQLITE_OK ){
  1846        rc = sqlite3PagerReadFileheader(pBt->pPager,sizeof(zDbHeader),zDbHeader);
  1847      }
  1848      if( rc!=SQLITE_OK ){
  1849        goto btree_open_out;
  1850      }
  1851      pBt->openFlags = (u8)flags;
  1852      pBt->db = db;
  1853      sqlite3PagerSetBusyhandler(pBt->pPager, btreeInvokeBusyHandler, pBt);
  1854      p->pBt = pBt;
  1855    
  1856      pBt->pCursor = 0;
  1857      pBt->pPage1 = 0;
  1858      pBt->readOnly = sqlite3PagerIsreadonly(pBt->pPager);
  1859  #ifdef SQLITE_SECURE_DELETE
  1860      pBt->secureDelete = 1;
  1861  #endif
  1862      pBt->pageSize = (zDbHeader[16]<<8) | (zDbHeader[17]<<16);
  1863      if( pBt->pageSize<512 || pBt->pageSize>SQLITE_MAX_PAGE_SIZE
  1864           || ((pBt->pageSize-1)&pBt->pageSize)!=0 ){
  1865        pBt->pageSize = 0;
  1866  #ifndef SQLITE_OMIT_AUTOVACUUM
  1867        /* If the magic name ":memory:" will create an in-memory database, then
  1868        ** leave the autoVacuum mode at 0 (do not auto-vacuum), even if
  1869        ** SQLITE_DEFAULT_AUTOVACUUM is true. On the other hand, if
  1870        ** SQLITE_OMIT_MEMORYDB has been defined, then ":memory:" is just a
  1871        ** regular file-name. In this case the auto-vacuum applies as per normal.
  1872        */
  1873        if( zFilename && !isMemdb ){
  1874          pBt->autoVacuum = (SQLITE_DEFAULT_AUTOVACUUM ? 1 : 0);
  1875          pBt->incrVacuum = (SQLITE_DEFAULT_AUTOVACUUM==2 ? 1 : 0);
  1876        }
  1877  #endif
  1878        nReserve = 0;
  1879      }else{
  1880        nReserve = zDbHeader[20];
  1881        pBt->pageSizeFixed = 1;
  1882  #ifndef SQLITE_OMIT_AUTOVACUUM
  1883        pBt->autoVacuum = (get4byte(&zDbHeader[36 + 4*4])?1:0);
  1884        pBt->incrVacuum = (get4byte(&zDbHeader[36 + 7*4])?1:0);
  1885  #endif
  1886      }
  1887      rc = sqlite3PagerSetPagesize(pBt->pPager, &pBt->pageSize, nReserve);
  1888      if( rc ) goto btree_open_out;
  1889      pBt->usableSize = pBt->pageSize - nReserve;
  1890      assert( (pBt->pageSize & 7)==0 );  /* 8-byte alignment of pageSize */
  1891     
  1892  #if !defined(SQLITE_OMIT_SHARED_CACHE) && !defined(SQLITE_OMIT_DISKIO)
  1893      /* Add the new BtShared object to the linked list sharable BtShareds.
  1894      */
  1895      if( p->sharable ){
  1896        MUTEX_LOGIC( sqlite3_mutex *mutexShared; )
  1897        pBt->nRef = 1;
  1898        MUTEX_LOGIC( mutexShared = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER);)
  1899        if( SQLITE_THREADSAFE && sqlite3GlobalConfig.bCoreMutex ){
  1900          pBt->mutex = sqlite3MutexAlloc(SQLITE_MUTEX_FAST);
  1901          if( pBt->mutex==0 ){
  1902            rc = SQLITE_NOMEM;
  1903            db->mallocFailed = 0;
  1904            goto btree_open_out;
  1905          }
  1906        }
  1907        sqlite3_mutex_enter(mutexShared);
  1908        pBt->pNext = GLOBAL(BtShared*,sqlite3SharedCacheList);
  1909        GLOBAL(BtShared*,sqlite3SharedCacheList) = pBt;
  1910        sqlite3_mutex_leave(mutexShared);
  1911      }
  1912  #endif
  1913    }
  1914  
  1915  #if !defined(SQLITE_OMIT_SHARED_CACHE) && !defined(SQLITE_OMIT_DISKIO)
  1916    /* If the new Btree uses a sharable pBtShared, then link the new
  1917    ** Btree into the list of all sharable Btrees for the same connection.
  1918    ** The list is kept in ascending order by pBt address.
  1919    */
  1920    if( p->sharable ){
  1921      int i;
  1922      Btree *pSib;
  1923      for(i=0; i<db->nDb; i++){
  1924        if( (pSib = db->aDb[i].pBt)!=0 && pSib->sharable ){
  1925          while( pSib->pPrev ){ pSib = pSib->pPrev; }
  1926          if( p->pBt<pSib->pBt ){
  1927            p->pNext = pSib;
  1928            p->pPrev = 0;
  1929            pSib->pPrev = p;
  1930          }else{
  1931            while( pSib->pNext && pSib->pNext->pBt<p->pBt ){
  1932              pSib = pSib->pNext;
  1933            }
  1934            p->pNext = pSib->pNext;
  1935            p->pPrev = pSib;
  1936            if( p->pNext ){
  1937              p->pNext->pPrev = p;
  1938            }
  1939            pSib->pNext = p;
  1940          }
  1941          break;
  1942        }
  1943      }
  1944    }
  1945  #endif
  1946    *ppBtree = p;
  1947  
  1948  btree_open_out:
  1949    if( rc!=SQLITE_OK ){
  1950      if( pBt && pBt->pPager ){
  1951        sqlite3PagerClose(pBt->pPager);
  1952      }
  1953      sqlite3_free(pBt);
  1954      sqlite3_free(p);
  1955      *ppBtree = 0;
  1956    }else{
  1957      /* If the B-Tree was successfully opened, set the pager-cache size to the
  1958      ** default value. Except, when opening on an existing shared pager-cache,
  1959      ** do not change the pager-cache size.
  1960      */
  1961      if( sqlite3BtreeSchema(p, 0, 0)==0 ){
  1962        sqlite3PagerSetCachesize(p->pBt->pPager, SQLITE_DEFAULT_CACHE_SIZE);
  1963      }
  1964    }
  1965    if( mutexOpen ){
  1966      assert( sqlite3_mutex_held(mutexOpen) );
  1967      sqlite3_mutex_leave(mutexOpen);
  1968    }
  1969    return rc;
  1970  }
  1971  
  1972  /*
  1973  ** Decrement the BtShared.nRef counter.  When it reaches zero,
  1974  ** remove the BtShared structure from the sharing list.  Return
  1975  ** true if the BtShared.nRef counter reaches zero and return
  1976  ** false if it is still positive.
  1977  */
  1978  static int removeFromSharingList(BtShared *pBt){
  1979  #ifndef SQLITE_OMIT_SHARED_CACHE
  1980    MUTEX_LOGIC( sqlite3_mutex *pMaster; )
  1981    BtShared *pList;
  1982    int removed = 0;
  1983  
  1984    assert( sqlite3_mutex_notheld(pBt->mutex) );
  1985    MUTEX_LOGIC( pMaster = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_MASTER); )
  1986    sqlite3_mutex_enter(pMaster);
  1987    pBt->nRef--;
  1988    if( pBt->nRef<=0 ){
  1989      if( GLOBAL(BtShared*,sqlite3SharedCacheList)==pBt ){
  1990        GLOBAL(BtShared*,sqlite3SharedCacheList) = pBt->pNext;
  1991      }else{
  1992        pList = GLOBAL(BtShared*,sqlite3SharedCacheList);
  1993        while( ALWAYS(pList) && pList->pNext!=pBt ){
  1994          pList=pList->pNext;
  1995        }
  1996        if( ALWAYS(pList) ){
  1997          pList->pNext = pBt->pNext;
  1998        }
  1999      }
  2000      if( SQLITE_THREADSAFE ){
  2001        sqlite3_mutex_free(pBt->mutex);
  2002      }
  2003      removed = 1;
  2004    }
  2005    sqlite3_mutex_leave(pMaster);
  2006    return removed;
  2007  #else
  2008    return 1;
  2009  #endif
  2010  }
  2011  
  2012  /*
  2013  ** Make sure pBt->pTmpSpace points to an allocation of 
  2014  ** MX_CELL_SIZE(pBt) bytes.
  2015  */
  2016  static void allocateTempSpace(BtShared *pBt){
  2017    if( !pBt->pTmpSpace ){
  2018      pBt->pTmpSpace = sqlite3PageMalloc( pBt->pageSize );
  2019    }
  2020  }
  2021  
  2022  /*
  2023  ** Free the pBt->pTmpSpace allocation
  2024  */
  2025  static void freeTempSpace(BtShared *pBt){
  2026    sqlite3PageFree( pBt->pTmpSpace);
  2027    pBt->pTmpSpace = 0;
  2028  }
  2029  
  2030  /*
  2031  ** Close an open database and invalidate all cursors.
  2032  */
  2033  int sqlite3BtreeClose(Btree *p){
  2034    BtShared *pBt = p->pBt;
  2035    BtCursor *pCur;
  2036  
  2037    /* Close all cursors opened via this handle.  */
  2038    assert( sqlite3_mutex_held(p->db->mutex) );
  2039    sqlite3BtreeEnter(p);
  2040    pCur = pBt->pCursor;
  2041    while( pCur ){
  2042      BtCursor *pTmp = pCur;
  2043      pCur = pCur->pNext;
  2044      if( pTmp->pBtree==p ){
  2045        sqlite3BtreeCloseCursor(pTmp);
  2046      }
  2047    }
  2048  
  2049    /* Rollback any active transaction and free the handle structure.
  2050    ** The call to sqlite3BtreeRollback() drops any table-locks held by
  2051    ** this handle.
  2052    */
  2053    sqlite3BtreeRollback(p);
  2054    sqlite3BtreeLeave(p);
  2055  
  2056    /* If there are still other outstanding references to the shared-btree
  2057    ** structure, return now. The remainder of this procedure cleans 
  2058    ** up the shared-btree.
  2059    */
  2060    assert( p->wantToLock==0 && p->locked==0 );
  2061    if( !p->sharable || removeFromSharingList(pBt) ){
  2062      /* The pBt is no longer on the sharing list, so we can access
  2063      ** it without having to hold the mutex.
  2064      **
  2065      ** Clean out and delete the BtShared object.
  2066      */
  2067      assert( !pBt->pCursor );
  2068      sqlite3PagerClose(pBt->pPager);
  2069      if( pBt->xFreeSchema && pBt->pSchema ){
  2070        pBt->xFreeSchema(pBt->pSchema);
  2071      }
  2072      sqlite3DbFree(0, pBt->pSchema);
  2073      freeTempSpace(pBt);
  2074      sqlite3_free(pBt);
  2075    }
  2076  
  2077  #ifndef SQLITE_OMIT_SHARED_CACHE
  2078    assert( p->wantToLock==0 );
  2079    assert( p->locked==0 );
  2080    if( p->pPrev ) p->pPrev->pNext = p->pNext;
  2081    if( p->pNext ) p->pNext->pPrev = p->pPrev;
  2082  #endif
  2083  
  2084    sqlite3_free(p);
  2085    return SQLITE_OK;
  2086  }
  2087  
  2088  /*
  2089  ** Change the limit on the number of pages allowed in the cache.
  2090  **
  2091  ** The maximum number of cache pages is set to the absolute
  2092  ** value of mxPage.  If mxPage is negative, the pager will
  2093  ** operate asynchronously - it will not stop to do fsync()s
  2094  ** to insure data is written to the disk surface before
  2095  ** continuing.  Transactions still work if synchronous is off,
  2096  ** and the database cannot be corrupted if this program
  2097  ** crashes.  But if the operating system crashes or there is
  2098  ** an abrupt power failure when synchronous is off, the database
  2099  ** could be left in an inconsistent and unrecoverable state.
  2100  ** Synchronous is on by default so database corruption is not
  2101  ** normally a worry.
  2102  */
  2103  int sqlite3BtreeSetCacheSize(Btree *p, int mxPage){
  2104    BtShared *pBt = p->pBt;
  2105    assert( sqlite3_mutex_held(p->db->mutex) );
  2106    sqlite3BtreeEnter(p);
  2107    sqlite3PagerSetCachesize(pBt->pPager, mxPage);
  2108    sqlite3BtreeLeave(p);
  2109    return SQLITE_OK;
  2110  }
  2111  
  2112  /*
  2113  ** Change the way data is synced to disk in order to increase or decrease
  2114  ** how well the database resists damage due to OS crashes and power
  2115  ** failures.  Level 1 is the same as asynchronous (no syncs() occur and
  2116  ** there is a high probability of damage)  Level 2 is the default.  There
  2117  ** is a very low but non-zero probability of damage.  Level 3 reduces the
  2118  ** probability of damage to near zero but with a write performance reduction.
  2119  */
  2120  #ifndef SQLITE_OMIT_PAGER_PRAGMAS
  2121  int sqlite3BtreeSetSafetyLevel(
  2122    Btree *p,              /* The btree to set the safety level on */
  2123    int level,             /* PRAGMA synchronous.  1=OFF, 2=NORMAL, 3=FULL */
  2124    int fullSync,          /* PRAGMA fullfsync. */
  2125    int ckptFullSync       /* PRAGMA checkpoint_fullfync */
  2126  ){
  2127    BtShared *pBt = p->pBt;
  2128    assert( sqlite3_mutex_held(p->db->mutex) );
  2129    assert( level>=1 && level<=3 );
  2130    sqlite3BtreeEnter(p);
  2131    sqlite3PagerSetSafetyLevel(pBt->pPager, level, fullSync, ckptFullSync);
  2132    sqlite3BtreeLeave(p);
  2133    return SQLITE_OK;
  2134  }
  2135  #endif
  2136  
  2137  /*
  2138  ** Return TRUE if the given btree is set to safety level 1.  In other
  2139  ** words, return TRUE if no sync() occurs on the disk files.
  2140  */
  2141  int sqlite3BtreeSyncDisabled(Btree *p){
  2142    BtShared *pBt = p->pBt;
  2143    int rc;
  2144    assert( sqlite3_mutex_held(p->db->mutex) );  
  2145    sqlite3BtreeEnter(p);
  2146    assert( pBt && pBt->pPager );
  2147    rc = sqlite3PagerNosync(pBt->pPager);
  2148    sqlite3BtreeLeave(p);
  2149    return rc;
  2150  }
  2151  
  2152  /*
  2153  ** Change the default pages size and the number of reserved bytes per page.
  2154  ** Or, if the page size has already been fixed, return SQLITE_READONLY 
  2155  ** without changing anything.
  2156  **
  2157  ** The page size must be a power of 2 between 512 and 65536.  If the page
  2158  ** size supplied does not meet this constraint then the page size is not
  2159  ** changed.
  2160  **
  2161  ** Page sizes are constrained to be a power of two so that the region
  2162  ** of the database file used for locking (beginning at PENDING_BYTE,
  2163  ** the first byte past the 1GB boundary, 0x40000000) needs to occur
  2164  ** at the beginning of a page.
  2165  **
  2166  ** If parameter nReserve is less than zero, then the number of reserved
  2167  ** bytes per page is left unchanged.
  2168  **
  2169  ** If the iFix!=0 then the pageSizeFixed flag is set so that the page size
  2170  ** and autovacuum mode can no longer be changed.
  2171  */
  2172  int sqlite3BtreeSetPageSize(Btree *p, int pageSize, int nReserve, int iFix){
  2173    int rc = SQLITE_OK;
  2174    BtShared *pBt = p->pBt;
  2175    assert( nReserve>=-1 && nReserve<=255 );
  2176    sqlite3BtreeEnter(p);
  2177    if( pBt->pageSizeFixed ){
  2178      sqlite3BtreeLeave(p);
  2179      return SQLITE_READONLY;
  2180    }
  2181    if( nReserve<0 ){
  2182      nReserve = pBt->pageSize - pBt->usableSize;
  2183    }
  2184    assert( nReserve>=0 && nReserve<=255 );
  2185    if( pageSize>=512 && pageSize<=SQLITE_MAX_PAGE_SIZE &&
  2186          ((pageSize-1)&pageSize)==0 ){
  2187      assert( (pageSize & 7)==0 );
  2188      assert( !pBt->pPage1 && !pBt->pCursor );
  2189      pBt->pageSize = (u32)pageSize;
  2190      freeTempSpace(pBt);
  2191    }
  2192    rc = sqlite3PagerSetPagesize(pBt->pPager, &pBt->pageSize, nReserve);
  2193    pBt->usableSize = pBt->pageSize - (u16)nReserve;
  2194    if( iFix ) pBt->pageSizeFixed = 1;
  2195    sqlite3BtreeLeave(p);
  2196    return rc;
  2197  }
  2198  
  2199  /*
  2200  ** Return the currently defined page size
  2201  */
  2202  int sqlite3BtreeGetPageSize(Btree *p){
  2203    return p->pBt->pageSize;
  2204  }
  2205  
  2206  #if !defined(SQLITE_OMIT_PAGER_PRAGMAS) || !defined(SQLITE_OMIT_VACUUM)
  2207  /*
  2208  ** Return the number of bytes of space at the end of every page that
  2209  ** are intentually left unused.  This is the "reserved" space that is
  2210  ** sometimes used by extensions.
  2211  */
  2212  int sqlite3BtreeGetReserve(Btree *p){
  2213    int n;
  2214    sqlite3BtreeEnter(p);
  2215    n = p->pBt->pageSize - p->pBt->usableSize;
  2216    sqlite3BtreeLeave(p);
  2217    return n;
  2218  }
  2219  
  2220  /*
  2221  ** Set the maximum page count for a database if mxPage is positive.
  2222  ** No changes are made if mxPage is 0 or negative.
  2223  ** Regardless of the value of mxPage, return the maximum page count.
  2224  */
  2225  int sqlite3BtreeMaxPageCount(Btree *p, int mxPage){
  2226    int n;
  2227    sqlite3BtreeEnter(p);
  2228    n = sqlite3PagerMaxPageCount(p->pBt->pPager, mxPage);
  2229    sqlite3BtreeLeave(p);
  2230    return n;
  2231  }
  2232  
  2233  /*
  2234  ** Set the secureDelete flag if newFlag is 0 or 1.  If newFlag is -1,
  2235  ** then make no changes.  Always return the value of the secureDelete
  2236  ** setting after the change.
  2237  */
  2238  int sqlite3BtreeSecureDelete(Btree *p, int newFlag){
  2239    int b;
  2240    if( p==0 ) return 0;
  2241    sqlite3BtreeEnter(p);
  2242    if( newFlag>=0 ){
  2243      p->pBt->secureDelete = (newFlag!=0) ? 1 : 0;
  2244    } 
  2245    b = p->pBt->secureDelete;
  2246    sqlite3BtreeLeave(p);
  2247    return b;
  2248  }
  2249  #endif /* !defined(SQLITE_OMIT_PAGER_PRAGMAS) || !defined(SQLITE_OMIT_VACUUM) */
  2250  
  2251  /*
  2252  ** Change the 'auto-vacuum' property of the database. If the 'autoVacuum'
  2253  ** parameter is non-zero, then auto-vacuum mode is enabled. If zero, it
  2254  ** is disabled. The default value for the auto-vacuum property is 
  2255  ** determined by the SQLITE_DEFAULT_AUTOVACUUM macro.
  2256  */
  2257  int sqlite3BtreeSetAutoVacuum(Btree *p, int autoVacuum){
  2258  #ifdef SQLITE_OMIT_AUTOVACUUM
  2259    return SQLITE_READONLY;
  2260  #else
  2261    BtShared *pBt = p->pBt;
  2262    int rc = SQLITE_OK;
  2263    u8 av = (u8)autoVacuum;
  2264  
  2265    sqlite3BtreeEnter(p);
  2266    if( pBt->pageSizeFixed && (av ?1:0)!=pBt->autoVacuum ){
  2267      rc = SQLITE_READONLY;
  2268    }else{
  2269      pBt->autoVacuum = av ?1:0;
  2270      pBt->incrVacuum = av==2 ?1:0;
  2271    }
  2272    sqlite3BtreeLeave(p);
  2273    return rc;
  2274  #endif
  2275  }
  2276  
  2277  /*
  2278  ** Return the value of the 'auto-vacuum' property. If auto-vacuum is 
  2279  ** enabled 1 is returned. Otherwise 0.
  2280  */
  2281  int sqlite3BtreeGetAutoVacuum(Btree *p){
  2282  #ifdef SQLITE_OMIT_AUTOVACUUM
  2283    return BTREE_AUTOVACUUM_NONE;
  2284  #else
  2285    int rc;
  2286    sqlite3BtreeEnter(p);
  2287    rc = (
  2288      (!p->pBt->autoVacuum)?BTREE_AUTOVACUUM_NONE:
  2289      (!p->pBt->incrVacuum)?BTREE_AUTOVACUUM_FULL:
  2290      BTREE_AUTOVACUUM_INCR
  2291    );
  2292    sqlite3BtreeLeave(p);
  2293    return rc;
  2294  #endif
  2295  }
  2296  
  2297  
  2298  /*
  2299  ** Get a reference to pPage1 of the database file.  This will
  2300  ** also acquire a readlock on that file.
  2301  **
  2302  ** SQLITE_OK is returned on success.  If the file is not a
  2303  ** well-formed database file, then SQLITE_CORRUPT is returned.
  2304  ** SQLITE_BUSY is returned if the database is locked.  SQLITE_NOMEM
  2305  ** is returned if we run out of memory. 
  2306  */
  2307  static int lockBtree(BtShared *pBt){
  2308    int rc;              /* Result code from subfunctions */
  2309    MemPage *pPage1;     /* Page 1 of the database file */
  2310    int nPage;           /* Number of pages in the database */
  2311    int nPageFile = 0;   /* Number of pages in the database file */
  2312    int nPageHeader;     /* Number of pages in the database according to hdr */
  2313  
  2314    assert( sqlite3_mutex_held(pBt->mutex) );
  2315    assert( pBt->pPage1==0 );
  2316    rc = sqlite3PagerSharedLock(pBt->pPager);
  2317    if( rc!=SQLITE_OK ) return rc;
  2318    rc = btreeGetPage(pBt, 1, &pPage1, 0);
  2319    if( rc!=SQLITE_OK ) return rc;
  2320  
  2321    /* Do some checking to help insure the file we opened really is
  2322    ** a valid database file. 
  2323    */
  2324    nPage = nPageHeader = get4byte(28+(u8*)pPage1->aData);
  2325    sqlite3PagerPagecount(pBt->pPager, &nPageFile);
  2326    if( nPage==0 || memcmp(24+(u8*)pPage1->aData, 92+(u8*)pPage1->aData,4)!=0 ){
  2327      nPage = nPageFile;
  2328    }
  2329    if( nPage>0 ){
  2330      u32 pageSize;
  2331      u32 usableSize;
  2332      u8 *page1 = pPage1->aData;
  2333      rc = SQLITE_NOTADB;
  2334      if( memcmp(page1, zMagicHeader, 16)!=0 ){
  2335        goto page1_init_failed;
  2336      }
  2337  
  2338  #ifdef SQLITE_OMIT_WAL
  2339      if( page1[18]>1 ){
  2340        pBt->readOnly = 1;
  2341      }
  2342      if( page1[19]>1 ){
  2343        goto page1_init_failed;
  2344      }
  2345  #else
  2346      if( page1[18]>2 ){
  2347        pBt->readOnly = 1;
  2348      }
  2349      if( page1[19]>2 ){
  2350        goto page1_init_failed;
  2351      }
  2352  
  2353      /* If the write version is set to 2, this database should be accessed
  2354      ** in WAL mode. If the log is not already open, open it now. Then 
  2355      ** return SQLITE_OK and return without populating BtShared.pPage1.
  2356      ** The caller detects this and calls this function again. This is
  2357      ** required as the version of page 1 currently in the page1 buffer
  2358      ** may not be the latest version - there may be a newer one in the log
  2359      ** file.
  2360      */
  2361      if( page1[19]==2 && pBt->doNotUseWAL==0 ){
  2362        int isOpen = 0;
  2363        rc = sqlite3PagerOpenWal(pBt->pPager, &isOpen);
  2364        if( rc!=SQLITE_OK ){
  2365          goto page1_init_failed;
  2366        }else if( isOpen==0 ){
  2367          releasePage(pPage1);
  2368          return SQLITE_OK;
  2369        }
  2370        rc = SQLITE_NOTADB;
  2371      }
  2372  #endif
  2373  
  2374      /* The maximum embedded fraction must be exactly 25%.  And the minimum
  2375      ** embedded fraction must be 12.5% for both leaf-data and non-leaf-data.
  2376      ** The original design allowed these amounts to vary, but as of
  2377      ** version 3.6.0, we require them to be fixed.
  2378      */
  2379      if( memcmp(&page1[21], "\100\040\040",3)!=0 ){
  2380        goto page1_init_failed;
  2381      }
  2382      pageSize = (page1[16]<<8) | (page1[17]<<16);
  2383      if( ((pageSize-1)&pageSize)!=0
  2384       || pageSize>SQLITE_MAX_PAGE_SIZE 
  2385       || pageSize<=256 
  2386      ){
  2387        goto page1_init_failed;
  2388      }
  2389      assert( (pageSize & 7)==0 );
  2390      usableSize = pageSize - page1[20];
  2391      if( (u32)pageSize!=pBt->pageSize ){
  2392        /* After reading the first page of the database assuming a page size
  2393        ** of BtShared.pageSize, we have discovered that the page-size is
  2394        ** actually pageSize. Unlock the database, leave pBt->pPage1 at
  2395        ** zero and return SQLITE_OK. The caller will call this function
  2396        ** again with the correct page-size.
  2397        */
  2398        releasePage(pPage1);
  2399        pBt->usableSize = usableSize;
  2400        pBt->pageSize = pageSize;
  2401        freeTempSpace(pBt);
  2402        rc = sqlite3PagerSetPagesize(pBt->pPager, &pBt->pageSize,
  2403                                     pageSize-usableSize);
  2404        return rc;
  2405      }
  2406      if( (pBt->db->flags & SQLITE_RecoveryMode)==0 && nPage>nPageFile ){
  2407        rc = SQLITE_CORRUPT_BKPT;
  2408        goto page1_init_failed;
  2409      }
  2410      if( usableSize<480 ){
  2411        goto page1_init_failed;
  2412      }
  2413      pBt->pageSize = pageSize;
  2414      pBt->usableSize = usableSize;
  2415  #ifndef SQLITE_OMIT_AUTOVACUUM
  2416      pBt->autoVacuum = (get4byte(&page1[36 + 4*4])?1:0);
  2417      pBt->incrVacuum = (get4byte(&page1[36 + 7*4])?1:0);
  2418  #endif
  2419    }
  2420  
  2421    /* maxLocal is the maximum amount of payload to store locally for
  2422    ** a cell.  Make sure it is small enough so that at least minFanout
  2423    ** cells can will fit on one page.  We assume a 10-byte page header.
  2424    ** Besides the payload, the cell must store:
  2425    **     2-byte pointer to the cell
  2426    **     4-byte child pointer
  2427    **     9-byte nKey value
  2428    **     4-byte nData value
  2429    **     4-byte overflow page pointer
  2430    ** So a cell consists of a 2-byte pointer, a header which is as much as
  2431    ** 17 bytes long, 0 to N bytes of payload, and an optional 4 byte overflow
  2432    ** page pointer.
  2433    */
  2434    pBt->maxLocal = (u16)((pBt->usableSize-12)*64/255 - 23);
  2435    pBt->minLocal = (u16)((pBt->usableSize-12)*32/255 - 23);
  2436    pBt->maxLeaf = (u16)(pBt->usableSize - 35);
  2437    pBt->minLeaf = (u16)((pBt->usableSize-12)*32/255 - 23);
  2438    assert( pBt->maxLeaf + 23 <= MX_CELL_SIZE(pBt) );
  2439    pBt->pPage1 = pPage1;
  2440    pBt->nPage = nPage;
  2441    return SQLITE_OK;
  2442  
  2443  page1_init_failed:
  2444    releasePage(pPage1);
  2445    pBt->pPage1 = 0;
  2446    return rc;
  2447  }
  2448  
  2449  /*
  2450  ** If there are no outstanding cursors and we are not in the middle
  2451  ** of a transaction but there is a read lock on the database, then
  2452  ** this routine unrefs the first page of the database file which 
  2453  ** has the effect of releasing the read lock.
  2454  **
  2455  ** If there is a transaction in progress, this routine is a no-op.
  2456  */
  2457  static void unlockBtreeIfUnused(BtShared *pBt){
  2458    assert( sqlite3_mutex_held(pBt->mutex) );
  2459    assert( pBt->pCursor==0 || pBt->inTransaction>TRANS_NONE );
  2460    if( pBt->inTransaction==TRANS_NONE && pBt->pPage1!=0 ){
  2461      assert( pBt->pPage1->aData );
  2462      assert( sqlite3PagerRefcount(pBt->pPager)==1 );
  2463      assert( pBt->pPage1->aData );
  2464      releasePage(pBt->pPage1);
  2465      pBt->pPage1 = 0;
  2466    }
  2467  }
  2468  
  2469  /*
  2470  ** If pBt points to an empty file then convert that empty file
  2471  ** into a new empty database by initializing the first page of
  2472  ** the database.
  2473  */
  2474  static int newDatabase(BtShared *pBt){
  2475    MemPage *pP1;
  2476    unsigned char *data;
  2477    int rc;
  2478  
  2479    assert( sqlite3_mutex_held(pBt->mutex) );
  2480    if( pBt->nPage>0 ){
  2481      return SQLITE_OK;
  2482    }
  2483    pP1 = pBt->pPage1;
  2484    assert( pP1!=0 );
  2485    data = pP1->aData;
  2486    rc = sqlite3PagerWrite(pP1->pDbPage);
  2487    if( rc ) return rc;
  2488    memcpy(data, zMagicHeader, sizeof(zMagicHeader));
  2489    assert( sizeof(zMagicHeader)==16 );
  2490    data[16] = (u8)((pBt->pageSize>>8)&0xff);
  2491    data[17] = (u8)((pBt->pageSize>>16)&0xff);
  2492    data[18] = 1;
  2493    data[19] = 1;
  2494    assert( pBt->usableSize<=pBt->pageSize && pBt->usableSize+255>=pBt->pageSize);
  2495    data[20] = (u8)(pBt->pageSize - pBt->usableSize);
  2496    data[21] = 64;
  2497    data[22] = 32;
  2498    data[23] = 32;
  2499    memset(&data[24], 0, 100-24);
  2500    zeroPage(pP1, PTF_INTKEY|PTF_LEAF|PTF_LEAFDATA );
  2501    pBt->pageSizeFixed = 1;
  2502  #ifndef SQLITE_OMIT_AUTOVACUUM
  2503    assert( pBt->autoVacuum==1 || pBt->autoVacuum==0 );
  2504    assert( pBt->incrVacuum==1 || pBt->incrVacuum==0 );
  2505    put4byte(&data[36 + 4*4], pBt->autoVacuum);
  2506    put4byte(&data[36 + 7*4], pBt->incrVacuum);
  2507  #endif
  2508    pBt->nPage = 1;
  2509    data[31] = 1;
  2510    return SQLITE_OK;
  2511  }
  2512  
  2513  /*
  2514  ** Attempt to start a new transaction. A write-transaction
  2515  ** is started if the second argument is nonzero, otherwise a read-
  2516  ** transaction.  If the second argument is 2 or more and exclusive
  2517  ** transaction is started, meaning that no other process is allowed
  2518  ** to access the database.  A preexisting transaction may not be
  2519  ** upgraded to exclusive by calling this routine a second time - the
  2520  ** exclusivity flag only works for a new transaction.
  2521  **
  2522  ** A write-transaction must be started before attempting any 
  2523  ** changes to the database.  None of the following routines 
  2524  ** will work unless a transaction is started first:
  2525  **
  2526  **      sqlite3BtreeCreateTable()
  2527  **      sqlite3BtreeCreateIndex()
  2528  **      sqlite3BtreeClearTable()
  2529  **      sqlite3BtreeDropTable()
  2530  **      sqlite3BtreeInsert()
  2531  **      sqlite3BtreeDelete()
  2532  **      sqlite3BtreeUpdateMeta()
  2533  **
  2534  ** If an initial attempt to acquire the lock fails because of lock contention
  2535  ** and the database was previously unlocked, then invoke the busy handler
  2536  ** if there is one.  But if there was previously a read-lock, do not
  2537  ** invoke the busy handler - just return SQLITE_BUSY.  SQLITE_BUSY is 
  2538  ** returned when there is already a read-lock in order to avoid a deadlock.
  2539  **
  2540  ** Suppose there are two processes A and B.  A has a read lock and B has
  2541  ** a reserved lock.  B tries to promote to exclusive but is blocked because
  2542  ** of A's read lock.  A tries to promote to reserved but is blocked by B.
  2543  ** One or the other of the two processes must give way or there can be
  2544  ** no progress.  By returning SQLITE_BUSY and not invoking the busy callback
  2545  ** when A already has a read lock, we encourage A to give up and let B
  2546  ** proceed.
  2547  */
  2548  int sqlite3BtreeBeginTrans(Btree *p, int wrflag){
  2549    sqlite3 *pBlock = 0;
  2550    BtShared *pBt = p->pBt;
  2551    int rc = SQLITE_OK;
  2552  
  2553    sqlite3BtreeEnter(p);
  2554    btreeIntegrity(p);
  2555  
  2556    /* If the btree is already in a write-transaction, or it
  2557    ** is already in a read-transaction and a read-transaction
  2558    ** is requested, this is a no-op.
  2559    */
  2560    if( p->inTrans==TRANS_WRITE || (p->inTrans==TRANS_READ && !wrflag) ){
  2561      goto trans_begun;
  2562    }
  2563  
  2564    /* Write transactions are not possible on a read-only database */
  2565    if( pBt->readOnly && wrflag ){
  2566      rc = SQLITE_READONLY;
  2567      goto trans_begun;
  2568    }
  2569  
  2570  #ifndef SQLITE_OMIT_SHARED_CACHE
  2571    /* If another database handle has already opened a write transaction 
  2572    ** on this shared-btree structure and a second write transaction is
  2573    ** requested, return SQLITE_LOCKED.
  2574    */
  2575    if( (wrflag && pBt->inTransaction==TRANS_WRITE) || pBt->isPending ){
  2576      pBlock = pBt->pWriter->db;
  2577    }else if( wrflag>1 ){
  2578      BtLock *pIter;
  2579      for(pIter=pBt->pLock; pIter; pIter=pIter->pNext){
  2580        if( pIter->pBtree!=p ){
  2581          pBlock = pIter->pBtree->db;
  2582          break;
  2583        }
  2584      }
  2585    }
  2586    if( pBlock ){
  2587      sqlite3ConnectionBlocked(p->db, pBlock);
  2588      rc = SQLITE_LOCKED_SHAREDCACHE;
  2589      goto trans_begun;
  2590    }
  2591  #endif
  2592  
  2593    /* Any read-only or read-write transaction implies a read-lock on 
  2594    ** page 1. So if some other shared-cache client already has a write-lock 
  2595    ** on page 1, the transaction cannot be opened. */
  2596    rc = querySharedCacheTableLock(p, MASTER_ROOT, READ_LOCK);
  2597    if( SQLITE_OK!=rc ) goto trans_begun;
  2598  
  2599    pBt->initiallyEmpty = (u8)(pBt->nPage==0);
  2600    do {
  2601      /* Call lockBtree() until either pBt->pPage1 is populated or
  2602      ** lockBtree() returns something other than SQLITE_OK. lockBtree()
  2603      ** may return SQLITE_OK but leave pBt->pPage1 set to 0 if after
  2604      ** reading page 1 it discovers that the page-size of the database 
  2605      ** file is not pBt->pageSize. In this case lockBtree() will update
  2606      ** pBt->pageSize to the page-size of the file on disk.
  2607      */
  2608      while( pBt->pPage1==0 && SQLITE_OK==(rc = lockBtree(pBt)) );
  2609  
  2610      if( rc==SQLITE_OK && wrflag ){
  2611        if( pBt->readOnly ){
  2612          rc = SQLITE_READONLY;
  2613        }else{
  2614          rc = sqlite3PagerBegin(pBt->pPager,wrflag>1,sqlite3TempInMemory(p->db));
  2615          if( rc==SQLITE_OK ){
  2616            rc = newDatabase(pBt);
  2617          }
  2618        }
  2619      }
  2620    
  2621      if( rc!=SQLITE_OK ){
  2622        unlockBtreeIfUnused(pBt);
  2623      }
  2624    }while( (rc&0xFF)==SQLITE_BUSY && pBt->inTransaction==TRANS_NONE &&
  2625            btreeInvokeBusyHandler(pBt) );
  2626  
  2627    if( rc==SQLITE_OK ){
  2628      if( p->inTrans==TRANS_NONE ){
  2629        pBt->nTransaction++;
  2630  #ifndef SQLITE_OMIT_SHARED_CACHE
  2631        if( p->sharable ){
  2632  	assert( p->lock.pBtree==p && p->lock.iTable==1 );
  2633          p->lock.eLock = READ_LOCK;
  2634          p->lock.pNext = pBt->pLock;
  2635          pBt->pLock = &p->lock;
  2636        }
  2637  #endif
  2638      }
  2639      p->inTrans = (wrflag?TRANS_WRITE:TRANS_READ);
  2640      if( p->inTrans>pBt->inTransaction ){
  2641        pBt->inTransaction = p->inTrans;
  2642      }
  2643      if( wrflag ){
  2644        MemPage *pPage1 = pBt->pPage1;
  2645  #ifndef SQLITE_OMIT_SHARED_CACHE
  2646        assert( !pBt->pWriter );
  2647        pBt->pWriter = p;
  2648        pBt->isExclusive = (u8)(wrflag>1);
  2649  #endif
  2650  
  2651        /* If the db-size header field is incorrect (as it may be if an old
  2652        ** client has been writing the database file), update it now. Doing
  2653        ** this sooner rather than later means the database size can safely 
  2654        ** re-read the database size from page 1 if a savepoint or transaction
  2655        ** rollback occurs within the transaction.
  2656        */
  2657        if( pBt->nPage!=get4byte(&pPage1->aData[28]) ){
  2658          rc = sqlite3PagerWrite(pPage1->pDbPage);
  2659          if( rc==SQLITE_OK ){
  2660            put4byte(&pPage1->aData[28], pBt->nPage);
  2661          }
  2662        }
  2663      }
  2664    }
  2665  
  2666  
  2667  trans_begun:
  2668    if( rc==SQLITE_OK && wrflag ){
  2669      /* This call makes sure that the pager has the correct number of
  2670      ** open savepoints. If the second parameter is greater than 0 and
  2671      ** the sub-journal is not already open, then it will be opened here.
  2672      */
  2673      rc = sqlite3PagerOpenSavepoint(pBt->pPager, p->db->nSavepoint);
  2674    }
  2675  
  2676    btreeIntegrity(p);
  2677    sqlite3BtreeLeave(p);
  2678    return rc;
  2679  }
  2680  
  2681  #ifndef SQLITE_OMIT_AUTOVACUUM
  2682  
  2683  /*
  2684  ** Set the pointer-map entries for all children of page pPage. Also, if
  2685  ** pPage contains cells that point to overflow pages, set the pointer
  2686  ** map entries for the overflow pages as well.
  2687  */
  2688  static int setChildPtrmaps(MemPage *pPage){
  2689    int i;                             /* Counter variable */
  2690    int nCell;                         /* Number of cells in page pPage */
  2691    int rc;                            /* Return code */
  2692    BtShared *pBt = pPage->pBt;
  2693    u8 isInitOrig = pPage->isInit;
  2694    Pgno pgno = pPage->pgno;
  2695  
  2696    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  2697    rc = btreeInitPage(pPage);
  2698    if( rc!=SQLITE_OK ){
  2699      goto set_child_ptrmaps_out;
  2700    }
  2701    nCell = pPage->nCell;
  2702  
  2703    for(i=0; i<nCell; i++){
  2704      u8 *pCell = findCell(pPage, i);
  2705  
  2706      ptrmapPutOvflPtr(pPage, pCell, &rc);
  2707  
  2708      if( !pPage->leaf ){
  2709        Pgno childPgno = get4byte(pCell);
  2710        ptrmapPut(pBt, childPgno, PTRMAP_BTREE, pgno, &rc);
  2711      }
  2712    }
  2713  
  2714    if( !pPage->leaf ){
  2715      Pgno childPgno = get4byte(&pPage->aData[pPage->hdrOffset+8]);
  2716      ptrmapPut(pBt, childPgno, PTRMAP_BTREE, pgno, &rc);
  2717    }
  2718  
  2719  set_child_ptrmaps_out:
  2720    pPage->isInit = isInitOrig;
  2721    return rc;
  2722  }
  2723  
  2724  /*
  2725  ** Somewhere on pPage is a pointer to page iFrom.  Modify this pointer so
  2726  ** that it points to iTo. Parameter eType describes the type of pointer to
  2727  ** be modified, as  follows:
  2728  **
  2729  ** PTRMAP_BTREE:     pPage is a btree-page. The pointer points at a child 
  2730  **                   page of pPage.
  2731  **
  2732  ** PTRMAP_OVERFLOW1: pPage is a btree-page. The pointer points at an overflow
  2733  **                   page pointed to by one of the cells on pPage.
  2734  **
  2735  ** PTRMAP_OVERFLOW2: pPage is an overflow-page. The pointer points at the next
  2736  **                   overflow page in the list.
  2737  */
  2738  static int modifyPagePointer(MemPage *pPage, Pgno iFrom, Pgno iTo, u8 eType){
  2739    assert( sqlite3_mutex_held(pPage->pBt->mutex) );
  2740    assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  2741    if( eType==PTRMAP_OVERFLOW2 ){
  2742      /* The pointer is always the first 4 bytes of the page in this case.  */
  2743      if( get4byte(pPage->aData)!=iFrom ){
  2744        return SQLITE_CORRUPT_BKPT;
  2745      }
  2746      put4byte(pPage->aData, iTo);
  2747    }else{
  2748      u8 isInitOrig = pPage->isInit;
  2749      int i;
  2750      int nCell;
  2751  
  2752      btreeInitPage(pPage);
  2753      nCell = pPage->nCell;
  2754  
  2755      for(i=0; i<nCell; i++){
  2756        u8 *pCell = findCell(pPage, i);
  2757        if( eType==PTRMAP_OVERFLOW1 ){
  2758          CellInfo info;
  2759          btreeParseCellPtr(pPage, pCell, &info);
  2760          if( info.iOverflow
  2761           && pCell+info.iOverflow+3<=pPage->aData+pPage->maskPage
  2762           && iFrom==get4byte(&pCell[info.iOverflow])
  2763          ){
  2764            put4byte(&pCell[info.iOverflow], iTo);
  2765            break;
  2766          }
  2767        }else{
  2768          if( get4byte(pCell)==iFrom ){
  2769            put4byte(pCell, iTo);
  2770            break;
  2771          }
  2772        }
  2773      }
  2774    
  2775      if( i==nCell ){
  2776        if( eType!=PTRMAP_BTREE || 
  2777            get4byte(&pPage->aData[pPage->hdrOffset+8])!=iFrom ){
  2778          return SQLITE_CORRUPT_BKPT;
  2779        }
  2780        put4byte(&pPage->aData[pPage->hdrOffset+8], iTo);
  2781      }
  2782  
  2783      pPage->isInit = isInitOrig;
  2784    }
  2785    return SQLITE_OK;
  2786  }
  2787  
  2788  
  2789  /*
  2790  ** Move the open database page pDbPage to location iFreePage in the 
  2791  ** database. The pDbPage reference remains valid.
  2792  **
  2793  ** The isCommit flag indicates that there is no need to remember that
  2794  ** the journal needs to be sync()ed before database page pDbPage->pgno 
  2795  ** can be written to. The caller has already promised not to write to that
  2796  ** page.
  2797  */
  2798  static int relocatePage(
  2799    BtShared *pBt,           /* Btree */
  2800    MemPage *pDbPage,        /* Open page to move */
  2801    u8 eType,                /* Pointer map 'type' entry for pDbPage */
  2802    Pgno iPtrPage,           /* Pointer map 'page-no' entry for pDbPage */
  2803    Pgno iFreePage,          /* The location to move pDbPage to */
  2804    int isCommit             /* isCommit flag passed to sqlite3PagerMovepage */
  2805  ){
  2806    MemPage *pPtrPage;   /* The page that contains a pointer to pDbPage */
  2807    Pgno iDbPage = pDbPage->pgno;
  2808    Pager *pPager = pBt->pPager;
  2809    int rc;
  2810  
  2811    assert( eType==PTRMAP_OVERFLOW2 || eType==PTRMAP_OVERFLOW1 || 
  2812        eType==PTRMAP_BTREE || eType==PTRMAP_ROOTPAGE );
  2813    assert( sqlite3_mutex_held(pBt->mutex) );
  2814    assert( pDbPage->pBt==pBt );
  2815  
  2816    /* Move page iDbPage from its current location to page number iFreePage */
  2817    TRACE(("AUTOVACUUM: Moving %d to free page %d (ptr page %d type %d)\n", 
  2818        iDbPage, iFreePage, iPtrPage, eType));
  2819    rc = sqlite3PagerMovepage(pPager, pDbPage->pDbPage, iFreePage, isCommit);
  2820    if( rc!=SQLITE_OK ){
  2821      return rc;
  2822    }
  2823    pDbPage->pgno = iFreePage;
  2824  
  2825    /* If pDbPage was a btree-page, then it may have child pages and/or cells
  2826    ** that point to overflow pages. The pointer map entries for all these
  2827    ** pages need to be changed.
  2828    **
  2829    ** If pDbPage is an overflow page, then the first 4 bytes may store a
  2830    ** pointer to a subsequent overflow page. If this is the case, then
  2831    ** the pointer map needs to be updated for the subsequent overflow page.
  2832    */
  2833    if( eType==PTRMAP_BTREE || eType==PTRMAP_ROOTPAGE ){
  2834      rc = setChildPtrmaps(pDbPage);
  2835      if( rc!=SQLITE_OK ){
  2836        return rc;
  2837      }
  2838    }else{
  2839      Pgno nextOvfl = get4byte(pDbPage->aData);
  2840      if( nextOvfl!=0 ){
  2841        ptrmapPut(pBt, nextOvfl, PTRMAP_OVERFLOW2, iFreePage, &rc);
  2842        if( rc!=SQLITE_OK ){
  2843          return rc;
  2844        }
  2845      }
  2846    }
  2847  
  2848    /* Fix the database pointer on page iPtrPage that pointed at iDbPage so
  2849    ** that it points at iFreePage. Also fix the pointer map entry for
  2850    ** iPtrPage.
  2851    */
  2852    if( eType!=PTRMAP_ROOTPAGE ){
  2853      rc = btreeGetPage(pBt, iPtrPage, &pPtrPage, 0);
  2854      if( rc!=SQLITE_OK ){
  2855        return rc;
  2856      }
  2857      rc = sqlite3PagerWrite(pPtrPage->pDbPage);
  2858      if( rc!=SQLITE_OK ){
  2859        releasePage(pPtrPage);
  2860        return rc;
  2861      }
  2862      rc = modifyPagePointer(pPtrPage, iDbPage, iFreePage, eType);
  2863      releasePage(pPtrPage);
  2864      if( rc==SQLITE_OK ){
  2865        ptrmapPut(pBt, iFreePage, eType, iPtrPage, &rc);
  2866      }
  2867    }
  2868    return rc;
  2869  }
  2870  
  2871  /* Forward declaration required by incrVacuumStep(). */
  2872  static int allocateBtreePage(BtShared *, MemPage **, Pgno *, Pgno, u8);
  2873  
  2874  /*
  2875  ** Perform a single step of an incremental-vacuum. If successful,
  2876  ** return SQLITE_OK. If there is no work to do (and therefore no
  2877  ** point in calling this function again), return SQLITE_DONE.
  2878  **
  2879  ** More specificly, this function attempts to re-organize the 
  2880  ** database so that the last page of the file currently in use
  2881  ** is no longer in use.
  2882  **
  2883  ** If the nFin parameter is non-zero, this function assumes
  2884  ** that the caller will keep calling incrVacuumStep() until
  2885  ** it returns SQLITE_DONE or an error, and that nFin is the
  2886  ** number of pages the database file will contain after this 
  2887  ** process is complete.  If nFin is zero, it is assumed that
  2888  ** incrVacuumStep() will be called a finite amount of times
  2889  ** which may or may not empty the freelist.  A full autovacuum
  2890  ** has nFin>0.  A "PRAGMA incremental_vacuum" has nFin==0.
  2891  */
  2892  static int incrVacuumStep(BtShared *pBt, Pgno nFin, Pgno iLastPg){
  2893    Pgno nFreeList;           /* Number of pages still on the free-list */
  2894    int rc;
  2895  
  2896    assert( sqlite3_mutex_held(pBt->mutex) );
  2897    assert( iLastPg>nFin );
  2898  
  2899    if( !PTRMAP_ISPAGE(pBt, iLastPg) && iLastPg!=PENDING_BYTE_PAGE(pBt) ){
  2900      u8 eType;
  2901      Pgno iPtrPage;
  2902  
  2903      nFreeList = get4byte(&pBt->pPage1->aData[36]);
  2904      if( nFreeList==0 ){
  2905        return SQLITE_DONE;
  2906      }
  2907  
  2908      rc = ptrmapGet(pBt, iLastPg, &eType, &iPtrPage);
  2909      if( rc!=SQLITE_OK ){
  2910        return rc;
  2911      }
  2912      if( eType==PTRMAP_ROOTPAGE ){
  2913        return SQLITE_CORRUPT_BKPT;
  2914      }
  2915  
  2916      if( eType==PTRMAP_FREEPAGE ){
  2917        if( nFin==0 ){
  2918          /* Remove the page from the files free-list. This is not required
  2919          ** if nFin is non-zero. In that case, the free-list will be
  2920          ** truncated to zero after this function returns, so it doesn't 
  2921          ** matter if it still contains some garbage entries.
  2922          */
  2923          Pgno iFreePg;
  2924          MemPage *pFreePg;
  2925          rc = allocateBtreePage(pBt, &pFreePg, &iFreePg, iLastPg, 1);
  2926          if( rc!=SQLITE_OK ){
  2927            return rc;
  2928          }
  2929          assert( iFreePg==iLastPg );
  2930          releasePage(pFreePg);
  2931        }
  2932      } else {
  2933        Pgno iFreePg;             /* Index of free page to move pLastPg to */
  2934        MemPage *pLastPg;
  2935  
  2936        rc = btreeGetPage(pBt, iLastPg, &pLastPg, 0);
  2937        if( rc!=SQLITE_OK ){
  2938          return rc;
  2939        }
  2940  
  2941        /* If nFin is zero, this loop runs exactly once and page pLastPg
  2942        ** is swapped with the first free page pulled off the free list.
  2943        **
  2944        ** On the other hand, if nFin is greater than zero, then keep
  2945        ** looping until a free-page located within the first nFin pages
  2946        ** of the file is found.
  2947        */
  2948        do {
  2949          MemPage *pFreePg;
  2950          rc = allocateBtreePage(pBt, &pFreePg, &iFreePg, 0, 0);
  2951          if( rc!=SQLITE_OK ){
  2952            releasePage(pLastPg);
  2953            return rc;
  2954          }
  2955          releasePage(pFreePg);
  2956        }while( nFin!=0 && iFreePg>nFin );
  2957        assert( iFreePg<iLastPg );
  2958        
  2959        rc = sqlite3PagerWrite(pLastPg->pDbPage);
  2960        if( rc==SQLITE_OK ){
  2961          rc = relocatePage(pBt, pLastPg, eType, iPtrPage, iFreePg, nFin!=0);
  2962        }
  2963        releasePage(pLastPg);
  2964        if( rc!=SQLITE_OK ){
  2965          return rc;
  2966        }
  2967      }
  2968    }
  2969  
  2970    if( nFin==0 ){
  2971      iLastPg--;
  2972      while( iLastPg==PENDING_BYTE_PAGE(pBt)||PTRMAP_ISPAGE(pBt, iLastPg) ){
  2973        if( PTRMAP_ISPAGE(pBt, iLastPg) ){
  2974          MemPage *pPg;
  2975          rc = btreeGetPage(pBt, iLastPg, &pPg, 0);
  2976          if( rc!=SQLITE_OK ){
  2977            return rc;
  2978          }
  2979          rc = sqlite3PagerWrite(pPg->pDbPage);
  2980          releasePage(pPg);
  2981          if( rc!=SQLITE_OK ){
  2982            return rc;
  2983          }
  2984        }
  2985        iLastPg--;
  2986      }
  2987      sqlite3PagerTruncateImage(pBt->pPager, iLastPg);
  2988      pBt->nPage = iLastPg;
  2989    }
  2990    return SQLITE_OK;
  2991  }
  2992  
  2993  /*
  2994  ** A write-transaction must be opened before calling this function.
  2995  ** It performs a single unit of work towards an incremental vacuum.
  2996  **
  2997  ** If the incremental vacuum is finished after this function has run,
  2998  ** SQLITE_DONE is returned. If it is not finished, but no error occurred,
  2999  ** SQLITE_OK is returned. Otherwise an SQLite error code. 
  3000  */
  3001  int sqlite3BtreeIncrVacuum(Btree *p){
  3002    int rc;
  3003    BtShared *pBt = p->pBt;
  3004  
  3005    sqlite3BtreeEnter(p);
  3006    assert( pBt->inTransaction==TRANS_WRITE && p->inTrans==TRANS_WRITE );
  3007    if( !pBt->autoVacuum ){
  3008      rc = SQLITE_DONE;
  3009    }else{
  3010      invalidateAllOverflowCache(pBt);
  3011      rc = incrVacuumStep(pBt, 0, btreePagecount(pBt));
  3012      if( rc==SQLITE_OK ){
  3013        rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
  3014        put4byte(&pBt->pPage1->aData[28], pBt->nPage);
  3015      }
  3016    }
  3017    sqlite3BtreeLeave(p);
  3018    return rc;
  3019  }
  3020  
  3021  /*
  3022  ** This routine is called prior to sqlite3PagerCommit when a transaction
  3023  ** is commited for an auto-vacuum database.
  3024  **
  3025  ** If SQLITE_OK is returned, then *pnTrunc is set to the number of pages
  3026  ** the database file should be truncated to during the commit process. 
  3027  ** i.e. the database has been reorganized so that only the first *pnTrunc
  3028  ** pages are in use.
  3029  */
  3030  static int autoVacuumCommit(BtShared *pBt){
  3031    int rc = SQLITE_OK;
  3032    Pager *pPager = pBt->pPager;
  3033    VVA_ONLY( int nRef = sqlite3PagerRefcount(pPager) );
  3034  
  3035    assert( sqlite3_mutex_held(pBt->mutex) );
  3036    invalidateAllOverflowCache(pBt);
  3037    assert(pBt->autoVacuum);
  3038    if( !pBt->incrVacuum ){
  3039      Pgno nFin;         /* Number of pages in database after autovacuuming */
  3040      Pgno nFree;        /* Number of pages on the freelist initially */
  3041      Pgno nPtrmap;      /* Number of PtrMap pages to be freed */
  3042      Pgno iFree;        /* The next page to be freed */
  3043      int nEntry;        /* Number of entries on one ptrmap page */
  3044      Pgno nOrig;        /* Database size before freeing */
  3045  
  3046      nOrig = btreePagecount(pBt);
  3047      if( PTRMAP_ISPAGE(pBt, nOrig) || nOrig==PENDING_BYTE_PAGE(pBt) ){
  3048        /* It is not possible to create a database for which the final page
  3049        ** is either a pointer-map page or the pending-byte page. If one
  3050        ** is encountered, this indicates corruption.
  3051        */
  3052        return SQLITE_CORRUPT_BKPT;
  3053      }
  3054  
  3055      nFree = get4byte(&pBt->pPage1->aData[36]);
  3056      nEntry = pBt->usableSize/5;
  3057      nPtrmap = (nFree-nOrig+PTRMAP_PAGENO(pBt, nOrig)+nEntry)/nEntry;
  3058      nFin = nOrig - nFree - nPtrmap;
  3059      if( nOrig>PENDING_BYTE_PAGE(pBt) && nFin<PENDING_BYTE_PAGE(pBt) ){
  3060        nFin--;
  3061      }
  3062      while( PTRMAP_ISPAGE(pBt, nFin) || nFin==PENDING_BYTE_PAGE(pBt) ){
  3063        nFin--;
  3064      }
  3065      if( nFin>nOrig ) return SQLITE_CORRUPT_BKPT;
  3066  
  3067      for(iFree=nOrig; iFree>nFin && rc==SQLITE_OK; iFree--){
  3068        rc = incrVacuumStep(pBt, nFin, iFree);
  3069      }
  3070      if( (rc==SQLITE_DONE || rc==SQLITE_OK) && nFree>0 ){
  3071        rc = sqlite3PagerWrite(pBt->pPage1->pDbPage);
  3072        put4byte(&pBt->pPage1->aData[32], 0);
  3073        put4byte(&pBt->pPage1->aData[36], 0);
  3074        put4byte(&pBt->pPage1->aData[28], nFin);
  3075        sqlite3PagerTruncateImage(pBt->pPager, nFin);
  3076        pBt->nPage = nFin;
  3077      }
  3078      if( rc!=SQLITE_OK ){
  3079        sqlite3PagerRollback(pPager);
  3080      }
  3081    }
  3082  
  3083    assert( nRef==sqlite3PagerRefcount(pPager) );
  3084    return rc;
  3085  }
  3086  
  3087  #else /* ifndef SQLITE_OMIT_AUTOVACUUM */
  3088  # define setChildPtrmaps(x) SQLITE_OK
  3089  #endif
  3090  
  3091  /*
  3092  ** This routine does the first phase of a two-phase commit.  This routine
  3093  ** causes a rollback journal to be created (if it does not already exist)
  3094  ** and populated with enough information so that if a power loss occurs
  3095  ** the database can be restored to its original state by playing back
  3096  ** the journal.  Then the contents of the journal are flushed out to
  3097  ** the disk.  After the journal is safely on oxide, the changes to the
  3098  ** database are written into the database file and flushed to oxide.
  3099  ** At the end of this call, the rollback journal still exists on the
  3100  ** disk and we are still holding all locks, so the transaction has not
  3101  ** committed.  See sqlite3BtreeCommitPhaseTwo() for the second phase of the
  3102  ** commit process.
  3103  **
  3104  ** This call is a no-op if no write-transaction is currently active on pBt.
  3105  **
  3106  ** Otherwise, sync the database file for the btree pBt. zMaster points to
  3107  ** the name of a master journal file that should be written into the
  3108  ** individual journal file, or is NULL, indicating no master journal file 
  3109  ** (single database transaction).
  3110  **
  3111  ** When this is called, the master journal should already have been
  3112  ** created, populated with this journal pointer and synced to disk.
  3113  **
  3114  ** Once this is routine has returned, the only thing required to commit
  3115  ** the write-transaction for this database file is to delete the journal.
  3116  */
  3117  int sqlite3BtreeCommitPhaseOne(Btree *p, const char *zMaster){
  3118    int rc = SQLITE_OK;
  3119    if( p->inTrans==TRANS_WRITE ){
  3120      BtShared *pBt = p->pBt;
  3121      sqlite3BtreeEnter(p);
  3122  #ifndef SQLITE_OMIT_AUTOVACUUM
  3123      if( pBt->autoVacuum ){
  3124        rc = autoVacuumCommit(pBt);
  3125        if( rc!=SQLITE_OK ){
  3126          sqlite3BtreeLeave(p);
  3127          return rc;
  3128        }
  3129      }
  3130  #endif
  3131      rc = sqlite3PagerCommitPhaseOne(pBt->pPager, zMaster, 0);
  3132      sqlite3BtreeLeave(p);
  3133    }
  3134    return rc;
  3135  }
  3136  
  3137  /*
  3138  ** This function is called from both BtreeCommitPhaseTwo() and BtreeRollback()
  3139  ** at the conclusion of a transaction.
  3140  */
  3141  static void btreeEndTransaction(Btree *p){
  3142    BtShared *pBt = p->pBt;
  3143    assert( sqlite3BtreeHoldsMutex(p) );
  3144  
  3145    btreeClearHasContent(pBt);
  3146    if( p->inTrans>TRANS_NONE && p->db->activeVdbeCnt>1 ){
  3147      /* If there are other active statements that belong to this database
  3148      ** handle, downgrade to a read-only transaction. The other statements
  3149      ** may still be reading from the database.  */
  3150      downgradeAllSharedCacheTableLocks(p);
  3151      p->inTrans = TRANS_READ;
  3152    }else{
  3153      /* If the handle had any kind of transaction open, decrement the 
  3154      ** transaction count of the shared btree. If the transaction count 
  3155      ** reaches 0, set the shared state to TRANS_NONE. The unlockBtreeIfUnused()
  3156      ** call below will unlock the pager.  */
  3157      if( p->inTrans!=TRANS_NONE ){
  3158        clearAllSharedCacheTableLocks(p);
  3159        pBt->nTransaction--;
  3160        if( 0==pBt->nTransaction ){
  3161          pBt->inTransaction = TRANS_NONE;
  3162        }
  3163      }
  3164  
  3165      /* Set the current transaction state to TRANS_NONE and unlock the 
  3166      ** pager if this call closed the only read or write transaction.  */
  3167      p->inTrans = TRANS_NONE;
  3168      unlockBtreeIfUnused(pBt);
  3169    }
  3170  
  3171    btreeIntegrity(p);
  3172  }
  3173  
  3174  /*
  3175  ** Commit the transaction currently in progress.
  3176  **
  3177  ** This routine implements the second phase of a 2-phase commit.  The
  3178  ** sqlite3BtreeCommitPhaseOne() routine does the first phase and should
  3179  ** be invoked prior to calling this routine.  The sqlite3BtreeCommitPhaseOne()
  3180  ** routine did all the work of writing information out to disk and flushing the
  3181  ** contents so that they are written onto the disk platter.  All this
  3182  ** routine has to do is delete or truncate or zero the header in the
  3183  ** the rollback journal (which causes the transaction to commit) and
  3184  ** drop locks.
  3185  **
  3186  ** Normally, if an error occurs while the pager layer is attempting to 
  3187  ** finalize the underlying journal file, this function returns an error and
  3188  ** the upper layer will attempt a rollback. However, if the second argument
  3189  ** is non-zero then this b-tree transaction is part of a multi-file 
  3190  ** transaction. In this case, the transaction has already been committed 
  3191  ** (by deleting a master journal file) and the caller will ignore this 
  3192  ** functions return code. So, even if an error occurs in the pager layer,
  3193  ** reset the b-tree objects internal state to indicate that the write
  3194  ** transaction has been closed. This is quite safe, as the pager will have
  3195  ** transitioned to the error state.
  3196  **
  3197  ** This will release the write lock on the database file.  If there
  3198  ** are no active cursors, it also releases the read lock.
  3199  */
  3200  int sqlite3BtreeCommitPhaseTwo(Btree *p, int bCleanup){
  3201  
  3202    if( p->inTrans==TRANS_NONE ) return SQLITE_OK;
  3203    sqlite3BtreeEnter(p);
  3204    btreeIntegrity(p);
  3205  
  3206    /* If the handle has a write-transaction open, commit the shared-btrees 
  3207    ** transaction and set the shared state to TRANS_READ.
  3208    */
  3209    if( p->inTrans==TRANS_WRITE ){
  3210      int rc;
  3211      BtShared *pBt = p->pBt;
  3212      assert( pBt->inTransaction==TRANS_WRITE );
  3213      assert( pBt->nTransaction>0 );
  3214      rc = sqlite3PagerCommitPhaseTwo(pBt->pPager);
  3215      if( rc!=SQLITE_OK && bCleanup==0 ){
  3216        sqlite3BtreeLeave(p);
  3217        return rc;
  3218      }
  3219      pBt->inTransaction = TRANS_READ;
  3220    }
  3221  
  3222    btreeEndTransaction(p);
  3223    sqlite3BtreeLeave(p);
  3224    return SQLITE_OK;
  3225  }
  3226  
  3227  /*
  3228  ** Do both phases of a commit.
  3229  */
  3230  int sqlite3BtreeCommit(Btree *p){
  3231    int rc;
  3232    sqlite3BtreeEnter(p);
  3233    rc = sqlite3BtreeCommitPhaseOne(p, 0);
  3234    if( rc==SQLITE_OK ){
  3235      rc = sqlite3BtreeCommitPhaseTwo(p, 0);
  3236    }
  3237    sqlite3BtreeLeave(p);
  3238    return rc;
  3239  }
  3240  
  3241  #ifndef NDEBUG
  3242  /*
  3243  ** Return the number of write-cursors open on this handle. This is for use
  3244  ** in assert() expressions, so it is only compiled if NDEBUG is not
  3245  ** defined.
  3246  **
  3247  ** For the purposes of this routine, a write-cursor is any cursor that
  3248  ** is capable of writing to the databse.  That means the cursor was
  3249  ** originally opened for writing and the cursor has not be disabled
  3250  ** by having its state changed to CURSOR_FAULT.
  3251  */
  3252  static int countWriteCursors(BtShared *pBt){
  3253    BtCursor *pCur;
  3254    int r = 0;
  3255    for(pCur=pBt->pCursor; pCur; pCur=pCur->pNext){
  3256      if( pCur->wrFlag && pCur->eState!=CURSOR_FAULT ) r++; 
  3257    }
  3258    return r;
  3259  }
  3260  #endif
  3261  
  3262  /*
  3263  ** This routine sets the state to CURSOR_FAULT and the error
  3264  ** code to errCode for every cursor on BtShared that pBtree
  3265  ** references.
  3266  **
  3267  ** Every cursor is tripped, including cursors that belong
  3268  ** to other database connections that happen to be sharing
  3269  ** the cache with pBtree.
  3270  **
  3271  ** This routine gets called when a rollback occurs.
  3272  ** All cursors using the same cache must be tripped
  3273  ** to prevent them from trying to use the btree after
  3274  ** the rollback.  The rollback may have deleted tables
  3275  ** or moved root pages, so it is not sufficient to
  3276  ** save the state of the cursor.  The cursor must be
  3277  ** invalidated.
  3278  */
  3279  void sqlite3BtreeTripAllCursors(Btree *pBtree, int errCode){
  3280    BtCursor *p;
  3281    sqlite3BtreeEnter(pBtree);
  3282    for(p=pBtree->pBt->pCursor; p; p=p->pNext){
  3283      int i;
  3284      sqlite3BtreeClearCursor(p);
  3285      p->eState = CURSOR_FAULT;
  3286      p->skipNext = errCode;
  3287      for(i=0; i<=p->iPage; i++){
  3288        releasePage(p->apPage[i]);
  3289        p->apPage[i] = 0;
  3290      }
  3291    }
  3292    sqlite3BtreeLeave(pBtree);
  3293  }
  3294  
  3295  /*
  3296  ** Rollback the transaction in progress.  All cursors will be
  3297  ** invalided by this operation.  Any attempt to use a cursor
  3298  ** that was open at the beginning of this operation will result
  3299  ** in an error.
  3300  **
  3301  ** This will release the write lock on the database file.  If there
  3302  ** are no active cursors, it also releases the read lock.
  3303  */
  3304  int sqlite3BtreeRollback(Btree *p){
  3305    int rc;
  3306    BtShared *pBt = p->pBt;
  3307    MemPage *pPage1;
  3308  
  3309    sqlite3BtreeEnter(p);
  3310    rc = saveAllCursors(pBt, 0, 0);
  3311  #ifndef SQLITE_OMIT_SHARED_CACHE
  3312    if( rc!=SQLITE_OK ){
  3313      /* This is a horrible situation. An IO or malloc() error occurred whilst
  3314      ** trying to save cursor positions. If this is an automatic rollback (as
  3315      ** the result of a constraint, malloc() failure or IO error) then 
  3316      ** the cache may be internally inconsistent (not contain valid trees) so
  3317      ** we cannot simply return the error to the caller. Instead, abort 
  3318      ** all queries that may be using any of the cursors that failed to save.
  3319      */
  3320      sqlite3BtreeTripAllCursors(p, rc);
  3321    }
  3322  #endif
  3323    btreeIntegrity(p);
  3324  
  3325    if( p->inTrans==TRANS_WRITE ){
  3326      int rc2;
  3327  
  3328      assert( TRANS_WRITE==pBt->inTransaction );
  3329      rc2 = sqlite3PagerRollback(pBt->pPager);
  3330      if( rc2!=SQLITE_OK ){
  3331        rc = rc2;
  3332      }
  3333  
  3334      /* The rollback may have destroyed the pPage1->aData value.  So
  3335      ** call btreeGetPage() on page 1 again to make
  3336      ** sure pPage1->aData is set correctly. */
  3337      if( btreeGetPage(pBt, 1, &pPage1, 0)==SQLITE_OK ){
  3338        int nPage = get4byte(28+(u8*)pPage1->aData);
  3339        testcase( nPage==0 );
  3340        if( nPage==0 ) sqlite3PagerPagecount(pBt->pPager, &nPage);
  3341        testcase( pBt->nPage!=nPage );
  3342        pBt->nPage = nPage;
  3343        releasePage(pPage1);
  3344      }
  3345      assert( countWriteCursors(pBt)==0 );
  3346      pBt->inTransaction = TRANS_READ;
  3347    }
  3348  
  3349    btreeEndTransaction(p);
  3350    sqlite3BtreeLeave(p);
  3351    return rc;
  3352  }
  3353  
  3354  /*
  3355  ** Start a statement subtransaction. The subtransaction can can be rolled
  3356  ** back independently of the main transaction. You must start a transaction 
  3357  ** before starting a subtransaction. The subtransaction is ended automatically 
  3358  ** if the main transaction commits or rolls back.
  3359  **
  3360  ** Statement subtransactions are used around individual SQL statements
  3361  ** that are contained within a BEGIN...COMMIT block.  If a constraint
  3362  ** error occurs within the statement, the effect of that one statement
  3363  ** can be rolled back without having to rollback the entire transaction.
  3364  **
  3365  ** A statement sub-transaction is implemented as an anonymous savepoint. The
  3366  ** value passed as the second parameter is the total number of savepoints,
  3367  ** including the new anonymous savepoint, open on the B-Tree. i.e. if there
  3368  ** are no active savepoints and no other statement-transactions open,
  3369  ** iStatement is 1. This anonymous savepoint can be released or rolled back
  3370  ** using the sqlite3BtreeSavepoint() function.
  3371  */
  3372  int sqlite3BtreeBeginStmt(Btree *p, int iStatement){
  3373    int rc;
  3374    BtShared *pBt = p->pBt;
  3375    sqlite3BtreeEnter(p);
  3376    assert( p->inTrans==TRANS_WRITE );
  3377    assert( pBt->readOnly==0 );
  3378    assert( iStatement>0 );
  3379    assert( iStatement>p->db->nSavepoint );
  3380    assert( pBt->inTransaction==TRANS_WRITE );
  3381    /* At the pager level, a statement transaction is a savepoint with
  3382    ** an index greater than all savepoints created explicitly using
  3383    ** SQL statements. It is illegal to open, release or rollback any
  3384    ** such savepoints while the statement transaction savepoint is active.
  3385    */
  3386    rc = sqlite3PagerOpenSavepoint(pBt->pPager, iStatement);
  3387    sqlite3BtreeLeave(p);
  3388    return rc;
  3389  }
  3390  
  3391  /*
  3392  ** The second argument to this function, op, is always SAVEPOINT_ROLLBACK
  3393  ** or SAVEPOINT_RELEASE. This function either releases or rolls back the
  3394  ** savepoint identified by parameter iSavepoint, depending on the value 
  3395  ** of op.
  3396  **
  3397  ** Normally, iSavepoint is greater than or equal to zero. However, if op is
  3398  ** SAVEPOINT_ROLLBACK, then iSavepoint may also be -1. In this case the 
  3399  ** contents of the entire transaction are rolled back. This is different
  3400  ** from a normal transaction rollback, as no locks are released and the
  3401  ** transaction remains open.
  3402  */
  3403  int sqlite3BtreeSavepoint(Btree *p, int op, int iSavepoint){
  3404    int rc = SQLITE_OK;
  3405    if( p && p->inTrans==TRANS_WRITE ){
  3406      BtShared *pBt = p->pBt;
  3407      assert( op==SAVEPOINT_RELEASE || op==SAVEPOINT_ROLLBACK );
  3408      assert( iSavepoint>=0 || (iSavepoint==-1 && op==SAVEPOINT_ROLLBACK) );
  3409      sqlite3BtreeEnter(p);
  3410      rc = sqlite3PagerSavepoint(pBt->pPager, op, iSavepoint);
  3411      if( rc==SQLITE_OK ){
  3412        if( iSavepoint<0 && pBt->initiallyEmpty ) pBt->nPage = 0;
  3413        rc = newDatabase(pBt);
  3414        pBt->nPage = get4byte(28 + pBt->pPage1->aData);
  3415  
  3416        /* The database size was written into the offset 28 of the header
  3417        ** when the transaction started, so we know that the value at offset
  3418        ** 28 is nonzero. */
  3419        assert( pBt->nPage>0 );
  3420      }
  3421      sqlite3BtreeLeave(p);
  3422    }
  3423    return rc;
  3424  }
  3425  
  3426  /*
  3427  ** Create a new cursor for the BTree whose root is on the page
  3428  ** iTable. If a read-only cursor is requested, it is assumed that
  3429  ** the caller already has at least a read-only transaction open
  3430  ** on the database already. If a write-cursor is requested, then
  3431  ** the caller is assumed to have an open write transaction.
  3432  **
  3433  ** If wrFlag==0, then the cursor can only be used for reading.
  3434  ** If wrFlag==1, then the cursor can be used for reading or for
  3435  ** writing if other conditions for writing are also met.  These
  3436  ** are the conditions that must be met in order for writing to
  3437  ** be allowed:
  3438  **
  3439  ** 1:  The cursor must have been opened with wrFlag==1
  3440  **
  3441  ** 2:  Other database connections that share the same pager cache
  3442  **     but which are not in the READ_UNCOMMITTED state may not have
  3443  **     cursors open with wrFlag==0 on the same table.  Otherwise
  3444  **     the changes made by this write cursor would be visible to
  3445  **     the read cursors in the other database connection.
  3446  **
  3447  ** 3:  The database must be writable (not on read-only media)
  3448  **
  3449  ** 4:  There must be an active transaction.
  3450  **
  3451  ** No checking is done to make sure that page iTable really is the
  3452  ** root page of a b-tree.  If it is not, then the cursor acquired
  3453  ** will not work correctly.
  3454  **
  3455  ** It is assumed that the sqlite3BtreeCursorZero() has been called
  3456  ** on pCur to initialize the memory space prior to invoking this routine.
  3457  */
  3458  static int btreeCursor(
  3459    Btree *p,                              /* The btree */
  3460    int iTable,                            /* Root page of table to open */
  3461    int wrFlag,                            /* 1 to write. 0 read-only */
  3462    struct KeyInfo *pKeyInfo,              /* First arg to comparison function */
  3463    BtCursor *pCur                         /* Space for new cursor */
  3464  ){
  3465    BtShared *pBt = p->pBt;                /* Shared b-tree handle */
  3466  
  3467    assert( sqlite3BtreeHoldsMutex(p) );
  3468    assert( wrFlag==0 || wrFlag==1 );
  3469  
  3470    /* The following assert statements verify that if this is a sharable 
  3471    ** b-tree database, the connection is holding the required table locks, 
  3472    ** and that no other connection has any open cursor that conflicts with 
  3473    ** this lock.  */
  3474    assert( hasSharedCacheTableLock(p, iTable, pKeyInfo!=0, wrFlag+1) );
  3475    assert( wrFlag==0 || !hasReadConflicts(p, iTable) );
  3476  
  3477    /* Assert that the caller has opened the required transaction. */
  3478    assert( p->inTrans>TRANS_NONE );
  3479    assert( wrFlag==0 || p->inTrans==TRANS_WRITE );
  3480    assert( pBt->pPage1 && pBt->pPage1->aData );
  3481  
  3482    if( NEVER(wrFlag && pBt->readOnly) ){
  3483      return SQLITE_READONLY;
  3484    }
  3485    if( iTable==1 && btreePagecount(pBt)==0 ){
  3486      assert( wrFlag==0 );
  3487      iTable = 0;
  3488    }
  3489  
  3490    /* Now that no other errors can occur, finish filling in the BtCursor
  3491    ** variables and link the cursor into the BtShared list.  */
  3492    pCur->pgnoRoot = (Pgno)iTable;
  3493    pCur->iPage = -1;
  3494    pCur->pKeyInfo = pKeyInfo;
  3495    pCur->pBtree = p;
  3496    pCur->pBt = pBt;
  3497    pCur->wrFlag = (u8)wrFlag;
  3498    pCur->pNext = pBt->pCursor;
  3499    if( pCur->pNext ){
  3500      pCur->pNext->pPrev = pCur;
  3501    }
  3502    pBt->pCursor = pCur;
  3503    pCur->eState = CURSOR_INVALID;
  3504    pCur->cachedRowid = 0;
  3505    return SQLITE_OK;
  3506  }
  3507  int sqlite3BtreeCursor(
  3508    Btree *p,                                   /* The btree */
  3509    int iTable,                                 /* Root page of table to open */
  3510    int wrFlag,                                 /* 1 to write. 0 read-only */
  3511    struct KeyInfo *pKeyInfo,                   /* First arg to xCompare() */
  3512    BtCursor *pCur                              /* Write new cursor here */
  3513  ){
  3514    int rc;
  3515    sqlite3BtreeEnter(p);
  3516    rc = btreeCursor(p, iTable, wrFlag, pKeyInfo, pCur);
  3517    sqlite3BtreeLeave(p);
  3518    return rc;
  3519  }
  3520  
  3521  /*
  3522  ** Return the size of a BtCursor object in bytes.
  3523  **
  3524  ** This interfaces is needed so that users of cursors can preallocate
  3525  ** sufficient storage to hold a cursor.  The BtCursor object is opaque
  3526  ** to users so they cannot do the sizeof() themselves - they must call
  3527  ** this routine.
  3528  */
  3529  int sqlite3BtreeCursorSize(void){
  3530    return ROUND8(sizeof(BtCursor));
  3531  }
  3532  
  3533  /*
  3534  ** Initialize memory that will be converted into a BtCursor object.
  3535  **
  3536  ** The simple approach here would be to memset() the entire object
  3537  ** to zero.  But it turns out that the apPage[] and aiIdx[] arrays
  3538  ** do not need to be zeroed and they are large, so we can save a lot
  3539  ** of run-time by skipping the initialization of those elements.
  3540  */
  3541  void sqlite3BtreeCursorZero(BtCursor *p){
  3542    memset(p, 0, offsetof(BtCursor, iPage));
  3543  }
  3544  
  3545  /*
  3546  ** Set the cached rowid value of every cursor in the same database file
  3547  ** as pCur and having the same root page number as pCur.  The value is
  3548  ** set to iRowid.
  3549  **
  3550  ** Only positive rowid values are considered valid for this cache.
  3551  ** The cache is initialized to zero, indicating an invalid cache.
  3552  ** A btree will work fine with zero or negative rowids.  We just cannot
  3553  ** cache zero or negative rowids, which means tables that use zero or
  3554  ** negative rowids might run a little slower.  But in practice, zero
  3555  ** or negative rowids are very uncommon so this should not be a problem.
  3556  */
  3557  void sqlite3BtreeSetCachedRowid(BtCursor *pCur, sqlite3_int64 iRowid){
  3558    BtCursor *p;
  3559    for(p=pCur->pBt->pCursor; p; p=p->pNext){
  3560      if( p->pgnoRoot==pCur->pgnoRoot ) p->cachedRowid = iRowid;
  3561    }
  3562    assert( pCur->cachedRowid==iRowid );
  3563  }
  3564  
  3565  /*
  3566  ** Return the cached rowid for the given cursor.  A negative or zero
  3567  ** return value indicates that the rowid cache is invalid and should be
  3568  ** ignored.  If the rowid cache has never before been set, then a
  3569  ** zero is returned.
  3570  */
  3571  sqlite3_int64 sqlite3BtreeGetCachedRowid(BtCursor *pCur){
  3572    return pCur->cachedRowid;
  3573  }
  3574  
  3575  /*
  3576  ** Close a cursor.  The read lock on the database file is released
  3577  ** when the last cursor is closed.
  3578  */
  3579  int sqlite3BtreeCloseCursor(BtCursor *pCur){
  3580    Btree *pBtree = pCur->pBtree;
  3581    if( pBtree ){
  3582      int i;
  3583      BtShared *pBt = pCur->pBt;
  3584      sqlite3BtreeEnter(pBtree);
  3585      sqlite3BtreeClearCursor(pCur);
  3586      if( pCur->pPrev ){
  3587        pCur->pPrev->pNext = pCur->pNext;
  3588      }else{
  3589        pBt->pCursor = pCur->pNext;
  3590      }
  3591      if( pCur->pNext ){
  3592        pCur->pNext->pPrev = pCur->pPrev;
  3593      }
  3594      for(i=0; i<=pCur->iPage; i++){
  3595        releasePage(pCur->apPage[i]);
  3596      }
  3597      unlockBtreeIfUnused(pBt);
  3598      invalidateOverflowCache(pCur);
  3599      /* sqlite3_free(pCur); */
  3600      sqlite3BtreeLeave(pBtree);
  3601    }
  3602    return SQLITE_OK;
  3603  }
  3604  
  3605  /*
  3606  ** Make sure the BtCursor* given in the argument has a valid
  3607  ** BtCursor.info structure.  If it is not already valid, call
  3608  ** btreeParseCell() to fill it in.
  3609  **
  3610  ** BtCursor.info is a cache of the information in the current cell.
  3611  ** Using this cache reduces the number of calls to btreeParseCell().
  3612  **
  3613  ** 2007-06-25:  There is a bug in some versions of MSVC that cause the
  3614  ** compiler to crash when getCellInfo() is implemented as a macro.
  3615  ** But there is a measureable speed advantage to using the macro on gcc
  3616  ** (when less compiler optimizations like -Os or -O0 are used and the
  3617  ** compiler is not doing agressive inlining.)  So we use a real function
  3618  ** for MSVC and a macro for everything else.  Ticket #2457.
  3619  */
  3620  #ifndef NDEBUG
  3621    static void assertCellInfo(BtCursor *pCur){
  3622      CellInfo info;
  3623      int iPage = pCur->iPage;
  3624      memset(&info, 0, sizeof(info));
  3625      btreeParseCell(pCur->apPage[iPage], pCur->aiIdx[iPage], &info);
  3626      assert( memcmp(&info, &pCur->info, sizeof(info))==0 );
  3627    }
  3628  #else
  3629    #define assertCellInfo(x)
  3630  #endif
  3631  #ifdef _MSC_VER
  3632    /* Use a real function in MSVC to work around bugs in that compiler. */
  3633    static void getCellInfo(BtCursor *pCur){
  3634      if( pCur->info.nSize==0 ){
  3635        int iPage = pCur->iPage;
  3636        btreeParseCell(pCur->apPage[iPage],pCur->aiIdx[iPage],&pCur->info);
  3637        pCur->validNKey = 1;
  3638      }else{
  3639        assertCellInfo(pCur);
  3640      }
  3641    }
  3642  #else /* if not _MSC_VER */
  3643    /* Use a macro in all other compilers so that the function is inlined */
  3644  #define getCellInfo(pCur)                                                      \
  3645    if( pCur->info.nSize==0 ){                                                   \
  3646      int iPage = pCur->iPage;                                                   \
  3647      btreeParseCell(pCur->apPage[iPage],pCur->aiIdx[iPage],&pCur->info); \
  3648      pCur->validNKey = 1;                                                       \
  3649    }else{                                                                       \
  3650      assertCellInfo(pCur);                                                      \
  3651    }
  3652  #endif /* _MSC_VER */
  3653  
  3654  #ifndef NDEBUG  /* The next routine used only within assert() statements */
  3655  /*
  3656  ** Return true if the given BtCursor is valid.  A valid cursor is one
  3657  ** that is currently pointing to a row in a (non-empty) table.
  3658  ** This is a verification routine is used only within assert() statements.
  3659  */
  3660  int sqlite3BtreeCursorIsValid(BtCursor *pCur){
  3661    return pCur && pCur->eState==CURSOR_VALID;
  3662  }
  3663  #endif /* NDEBUG */
  3664  
  3665  /*
  3666  ** Set *pSize to the size of the buffer needed to hold the value of
  3667  ** the key for the current entry.  If the cursor is not pointing
  3668  ** to a valid entry, *pSize is set to 0. 
  3669  **
  3670  ** For a table with the INTKEY flag set, this routine returns the key
  3671  ** itself, not the number of bytes in the key.
  3672  **
  3673  ** The caller must position the cursor prior to invoking this routine.
  3674  ** 
  3675  ** This routine cannot fail.  It always returns SQLITE_OK.  
  3676  */
  3677  int sqlite3BtreeKeySize(BtCursor *pCur, i64 *pSize){
  3678    assert( cursorHoldsMutex(pCur) );
  3679    assert( pCur->eState==CURSOR_INVALID || pCur->eState==CURSOR_VALID );
  3680    if( pCur->eState!=CURSOR_VALID ){
  3681      *pSize = 0;
  3682    }else{
  3683      getCellInfo(pCur);
  3684      *pSize = pCur->info.nKey;
  3685    }
  3686    return SQLITE_OK;
  3687  }
  3688  
  3689  /*
  3690  ** Set *pSize to the number of bytes of data in the entry the
  3691  ** cursor currently points to.
  3692  **
  3693  ** The caller must guarantee that the cursor is pointing to a non-NULL
  3694  ** valid entry.  In other words, the calling procedure must guarantee
  3695  ** that the cursor has Cursor.eState==CURSOR_VALID.
  3696  **
  3697  ** Failure is not possible.  This function always returns SQLITE_OK.
  3698  ** It might just as well be a procedure (returning void) but we continue
  3699  ** to return an integer result code for historical reasons.
  3700  */
  3701  int sqlite3BtreeDataSize(BtCursor *pCur, u32 *pSize){
  3702    assert( cursorHoldsMutex(pCur) );
  3703    assert( pCur->eState==CURSOR_VALID );
  3704    getCellInfo(pCur);
  3705    *pSize = pCur->info.nData;
  3706    return SQLITE_OK;
  3707  }
  3708  
  3709  /*
  3710  ** Given the page number of an overflow page in the database (parameter
  3711  ** ovfl), this function finds the page number of the next page in the 
  3712  ** linked list of overflow pages. If possible, it uses the auto-vacuum
  3713  ** pointer-map data instead of reading the content of page ovfl to do so. 
  3714  **
  3715  ** If an error occurs an SQLite error code is returned. Otherwise:
  3716  **
  3717  ** The page number of the next overflow page in the linked list is 
  3718  ** written to *pPgnoNext. If page ovfl is the last page in its linked 
  3719  ** list, *pPgnoNext is set to zero. 
  3720  **
  3721  ** If ppPage is not NULL, and a reference to the MemPage object corresponding
  3722  ** to page number pOvfl was obtained, then *ppPage is set to point to that
  3723  ** reference. It is the responsibility of the caller to call releasePage()
  3724  ** on *ppPage to free the reference. In no reference was obtained (because
  3725  ** the pointer-map was used to obtain the value for *pPgnoNext), then
  3726  ** *ppPage is set to zero.
  3727  */
  3728  static int getOverflowPage(
  3729    BtShared *pBt,               /* The database file */
  3730    Pgno ovfl,                   /* Current overflow page number */
  3731    MemPage **ppPage,            /* OUT: MemPage handle (may be NULL) */
  3732    Pgno *pPgnoNext              /* OUT: Next overflow page number */
  3733  ){
  3734    Pgno next = 0;
  3735    MemPage *pPage = 0;
  3736    int rc = SQLITE_OK;
  3737  
  3738    assert( sqlite3_mutex_held(pBt->mutex) );
  3739    assert(pPgnoNext);
  3740  
  3741  #ifndef SQLITE_OMIT_AUTOVACUUM
  3742    /* Try to find the next page in the overflow list using the
  3743    ** autovacuum pointer-map pages. Guess that the next page in 
  3744    ** the overflow list is page number (ovfl+1). If that guess turns 
  3745    ** out to be wrong, fall back to loading the data of page 
  3746    ** number ovfl to determine the next page number.
  3747    */
  3748    if( pBt->autoVacuum ){
  3749      Pgno pgno;
  3750      Pgno iGuess = ovfl+1;
  3751      u8 eType;
  3752  
  3753      while( PTRMAP_ISPAGE(pBt, iGuess) || iGuess==PENDING_BYTE_PAGE(pBt) ){
  3754        iGuess++;
  3755      }
  3756  
  3757      if( iGuess<=btreePagecount(pBt) ){
  3758        rc = ptrmapGet(pBt, iGuess, &eType, &pgno);
  3759        if( rc==SQLITE_OK && eType==PTRMAP_OVERFLOW2 && pgno==ovfl ){
  3760          next = iGuess;
  3761          rc = SQLITE_DONE;
  3762        }
  3763      }
  3764    }
  3765  #endif
  3766  
  3767    assert( next==0 || rc==SQLITE_DONE );
  3768    if( rc==SQLITE_OK ){
  3769      rc = btreeGetPage(pBt, ovfl, &pPage, 0);
  3770      assert( rc==SQLITE_OK || pPage==0 );
  3771      if( rc==SQLITE_OK ){
  3772        next = get4byte(pPage->aData);
  3773      }
  3774    }
  3775  
  3776    *pPgnoNext = next;
  3777    if( ppPage ){
  3778      *ppPage = pPage;
  3779    }else{
  3780      releasePage(pPage);
  3781    }
  3782    return (rc==SQLITE_DONE ? SQLITE_OK : rc);
  3783  }
  3784  
  3785  /*
  3786  ** Copy data from a buffer to a page, or from a page to a buffer.
  3787  **
  3788  ** pPayload is a pointer to data stored on database page pDbPage.
  3789  ** If argument eOp is false, then nByte bytes of data are copied
  3790  ** from pPayload to the buffer pointed at by pBuf. If eOp is true,
  3791  ** then sqlite3PagerWrite() is called on pDbPage and nByte bytes
  3792  ** of data are copied from the buffer pBuf to pPayload.
  3793  **
  3794  ** SQLITE_OK is returned on success, otherwise an error code.
  3795  */
  3796  static int copyPayload(
  3797    void *pPayload,           /* Pointer to page data */
  3798    void *pBuf,               /* Pointer to buffer */
  3799    int nByte,                /* Number of bytes to copy */
  3800    int eOp,                  /* 0 -> copy from page, 1 -> copy to page */
  3801    DbPage *pDbPage           /* Page containing pPayload */
  3802  ){
  3803    if( eOp ){
  3804      /* Copy data from buffer to page (a write operation) */
  3805      int rc = sqlite3PagerWrite(pDbPage);
  3806      if( rc!=SQLITE_OK ){
  3807        return rc;
  3808      }
  3809      memcpy(pPayload, pBuf, nByte);
  3810    }else{
  3811      /* Copy data from page to buffer (a read operation) */
  3812      memcpy(pBuf, pPayload, nByte);
  3813    }
  3814    return SQLITE_OK;
  3815  }
  3816  
  3817  /*
  3818  ** This function is used to read or overwrite payload information
  3819  ** for the entry that the pCur cursor is pointing to. If the eOp
  3820  ** parameter is 0, this is a read operation (data copied into
  3821  ** buffer pBuf). If it is non-zero, a write (data copied from
  3822  ** buffer pBuf).
  3823  **
  3824  ** A total of "amt" bytes are read or written beginning at "offset".
  3825  ** Data is read to or from the buffer pBuf.
  3826  **
  3827  ** The content being read or written might appear on the main page
  3828  ** or be scattered out on multiple overflow pages.
  3829  **
  3830  ** If the BtCursor.isIncrblobHandle flag is set, and the current
  3831  ** cursor entry uses one or more overflow pages, this function
  3832  ** allocates space for and lazily popluates the overflow page-list 
  3833  ** cache array (BtCursor.aOverflow). Subsequent calls use this
  3834  ** cache to make seeking to the supplied offset more efficient.
  3835  **
  3836  ** Once an overflow page-list cache has been allocated, it may be
  3837  ** invalidated if some other cursor writes to the same table, or if
  3838  ** the cursor is moved to a different row. Additionally, in auto-vacuum
  3839  ** mode, the following events may invalidate an overflow page-list cache.
  3840  **
  3841  **   * An incremental vacuum,
  3842  **   * A commit in auto_vacuum="full" mode,
  3843  **   * Creating a table (may require moving an overflow page).
  3844  */
  3845  static int accessPayload(
  3846    BtCursor *pCur,      /* Cursor pointing to entry to read from */
  3847    u32 offset,          /* Begin reading this far into payload */
  3848    u32 amt,             /* Read this many bytes */
  3849    unsigned char *pBuf, /* Write the bytes into this buffer */ 
  3850    int eOp              /* zero to read. non-zero to write. */
  3851  ){
  3852    unsigned char *aPayload;
  3853    int rc = SQLITE_OK;
  3854    u32 nKey;
  3855    int iIdx = 0;
  3856    MemPage *pPage = pCur->apPage[pCur->iPage]; /* Btree page of current entry */
  3857    BtShared *pBt = pCur->pBt;                  /* Btree this cursor belongs to */
  3858  
  3859    assert( pPage );
  3860    assert( pCur->eState==CURSOR_VALID );
  3861    assert( pCur->aiIdx[pCur->iPage]<pPage->nCell );
  3862    assert( cursorHoldsMutex(pCur) );
  3863  
  3864    getCellInfo(pCur);
  3865    aPayload = pCur->info.pCell + pCur->info.nHeader;
  3866    nKey = (pPage->intKey ? 0 : (int)pCur->info.nKey);
  3867  
  3868    if( NEVER(offset+amt > nKey+pCur->info.nData) 
  3869     || &aPayload[pCur->info.nLocal] > &pPage->aData[pBt->usableSize]
  3870    ){
  3871      /* Trying to read or write past the end of the data is an error */
  3872      return SQLITE_CORRUPT_BKPT;
  3873    }
  3874  
  3875    /* Check if data must be read/written to/from the btree page itself. */
  3876    if( offset<pCur->info.nLocal ){
  3877      int a = amt;
  3878      if( a+offset>pCur->info.nLocal ){
  3879        a = pCur->info.nLocal - offset;
  3880      }
  3881      rc = copyPayload(&aPayload[offset], pBuf, a, eOp, pPage->pDbPage);
  3882      offset = 0;
  3883      pBuf += a;
  3884      amt -= a;
  3885    }else{
  3886      offset -= pCur->info.nLocal;
  3887    }
  3888  
  3889    if( rc==SQLITE_OK && amt>0 ){
  3890      const u32 ovflSize = pBt->usableSize - 4;  /* Bytes content per ovfl page */
  3891      Pgno nextPage;
  3892  
  3893      nextPage = get4byte(&aPayload[pCur->info.nLocal]);
  3894  
  3895  #ifndef SQLITE_OMIT_INCRBLOB
  3896      /* If the isIncrblobHandle flag is set and the BtCursor.aOverflow[]
  3897      ** has not been allocated, allocate it now. The array is sized at
  3898      ** one entry for each overflow page in the overflow chain. The
  3899      ** page number of the first overflow page is stored in aOverflow[0],
  3900      ** etc. A value of 0 in the aOverflow[] array means "not yet known"
  3901      ** (the cache is lazily populated).
  3902      */
  3903      if( pCur->isIncrblobHandle && !pCur->aOverflow ){
  3904        int nOvfl = (pCur->info.nPayload-pCur->info.nLocal+ovflSize-1)/ovflSize;
  3905        pCur->aOverflow = (Pgno *)sqlite3MallocZero(sizeof(Pgno)*nOvfl);
  3906        /* nOvfl is always positive.  If it were zero, fetchPayload would have
  3907        ** been used instead of this routine. */
  3908        if( ALWAYS(nOvfl) && !pCur->aOverflow ){
  3909          rc = SQLITE_NOMEM;
  3910        }
  3911      }
  3912  
  3913      /* If the overflow page-list cache has been allocated and the
  3914      ** entry for the first required overflow page is valid, skip
  3915      ** directly to it.
  3916      */
  3917      if( pCur->aOverflow && pCur->aOverflow[offset/ovflSize] ){
  3918        iIdx = (offset/ovflSize);
  3919        nextPage = pCur->aOverflow[iIdx];
  3920        offset = (offset%ovflSize);
  3921      }
  3922  #endif
  3923  
  3924      for( ; rc==SQLITE_OK && amt>0 && nextPage; iIdx++){
  3925  
  3926  #ifndef SQLITE_OMIT_INCRBLOB
  3927        /* If required, populate the overflow page-list cache. */
  3928        if( pCur->aOverflow ){
  3929          assert(!pCur->aOverflow[iIdx] || pCur->aOverflow[iIdx]==nextPage);
  3930          pCur->aOverflow[iIdx] = nextPage;
  3931        }
  3932  #endif
  3933  
  3934        if( offset>=ovflSize ){
  3935          /* The only reason to read this page is to obtain the page
  3936          ** number for the next page in the overflow chain. The page
  3937          ** data is not required. So first try to lookup the overflow
  3938          ** page-list cache, if any, then fall back to the getOverflowPage()
  3939          ** function.
  3940          */
  3941  #ifndef SQLITE_OMIT_INCRBLOB
  3942          if( pCur->aOverflow && pCur->aOverflow[iIdx+1] ){
  3943            nextPage = pCur->aOverflow[iIdx+1];
  3944          } else 
  3945  #endif
  3946            rc = getOverflowPage(pBt, nextPage, 0, &nextPage);
  3947          offset -= ovflSize;
  3948        }else{
  3949          /* Need to read this page properly. It contains some of the
  3950          ** range of data that is being read (eOp==0) or written (eOp!=0).
  3951          */
  3952  #ifdef SQLITE_DIRECT_OVERFLOW_READ
  3953          sqlite3_file *fd;
  3954  #endif
  3955          int a = amt;
  3956          if( a + offset > ovflSize ){
  3957            a = ovflSize - offset;
  3958          }
  3959  
  3960  #ifdef SQLITE_DIRECT_OVERFLOW_READ
  3961          /* If all the following are true:
  3962          **
  3963          **   1) this is a read operation, and 
  3964          **   2) data is required from the start of this overflow page, and
  3965          **   3) the database is file-backed, and
  3966          **   4) there is no open write-transaction, and
  3967          **   5) the database is not a WAL database,
  3968          **
  3969          ** then data can be read directly from the database file into the
  3970          ** output buffer, bypassing the page-cache altogether. This speeds
  3971          ** up loading large records that span many overflow pages.
  3972          */
  3973          if( eOp==0                                             /* (1) */
  3974           && offset==0                                          /* (2) */
  3975           && pBt->inTransaction==TRANS_READ                     /* (4) */
  3976           && (fd = sqlite3PagerFile(pBt->pPager))->pMethods     /* (3) */
  3977           && pBt->pPage1->aData[19]==0x01                       /* (5) */
  3978          ){
  3979            u8 aSave[4];
  3980            u8 *aWrite = &pBuf[-4];
  3981            memcpy(aSave, aWrite, 4);
3982 rc = sqlite3OsRead(fd, aWrite, a+4, pBt->pageSize * (nextPage-1));
3983 nextPage = get4byte(aWrite); 3984 memcpy(aWrite, aSave, 4); 3985 }else 3986 #endif 3987 3988 { 3989 DbPage *pDbPage; 3990 rc = sqlite3PagerGet(pBt->pPager, nextPage, &pDbPage); 3991 if( rc==SQLITE_OK ){ 3992 aPayload = sqlite3PagerGetData(pDbPage); 3993 nextPage = get4byte(aPayload); 3994 rc = copyPayload(&aPayload[offset+4], pBuf, a, eOp, pDbPage); 3995 sqlite3PagerUnref(pDbPage); 3996 offset = 0; 3997 } 3998 } 3999 amt -= a; 4000 pBuf += a; 4001 } 4002 } 4003 } 4004 4005 if( rc==SQLITE_OK && amt>0 ){ 4006 return SQLITE_CORRUPT_BKPT; 4007 } 4008 return rc; 4009 } 4010 4011 /* 4012 ** Read part of the key associated with cursor pCur. Exactly 4013 ** "amt" bytes will be transfered into pBuf[]. The transfer 4014 ** begins at "offset". 4015 ** 4016 ** The caller must ensure that pCur is pointing to a valid row 4017 ** in the table. 4018 ** 4019 ** Return SQLITE_OK on success or an error code if anything goes 4020 ** wrong. An error is returned if "offset+amt" is larger than 4021 ** the available payload. 4022 */ 4023 int sqlite3BtreeKey(BtCursor *pCur, u32 offset, u32 amt, void *pBuf){ 4024 assert( cursorHoldsMutex(pCur) ); 4025 assert( pCur->eState==CURSOR_VALID ); 4026 assert( pCur->iPage>=0 && pCur->apPage[pCur->iPage] ); 4027 assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell ); 4028 return accessPayload(pCur, offset, amt, (unsigned char*)pBuf, 0); 4029 } 4030 4031 /* 4032 ** Read part of the data associated with cursor pCur. Exactly 4033 ** "amt" bytes will be transfered into pBuf[]. The transfer 4034 ** begins at "offset". 4035 ** 4036 ** Return SQLITE_OK on success or an error code if anything goes 4037 ** wrong. An error is returned if "offset+amt" is larger than 4038 ** the available payload. 4039 */ 4040 int sqlite3BtreeData(BtCursor *pCur, u32 offset, u32 amt, void *pBuf){ 4041 int rc; 4042 4043 #ifndef SQLITE_OMIT_INCRBLOB 4044 if ( pCur->eState==CURSOR_INVALID ){ 4045 return SQLITE_ABORT; 4046 } 4047 #endif 4048 4049 assert( cursorHoldsMutex(pCur) ); 4050 rc = restoreCursorPosition(pCur); 4051 if( rc==SQLITE_OK ){ 4052 assert( pCur->eState==CURSOR_VALID ); 4053 assert( pCur->iPage>=0 && pCur->apPage[pCur->iPage] ); 4054 assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell ); 4055 rc = accessPayload(pCur, offset, amt, pBuf, 0); 4056 } 4057 return rc; 4058 } 4059 4060 /* 4061 ** Return a pointer to payload information from the entry that the 4062 ** pCur cursor is pointing to. The pointer is to the beginning of 4063 ** the key if skipKey==0 and it points to the beginning of data if 4064 ** skipKey==1. The number of bytes of available key/data is written 4065 ** into *pAmt. If *pAmt==0, then the value returned will not be 4066 ** a valid pointer. 4067 ** 4068 ** This routine is an optimization. It is common for the entire key 4069 ** and data to fit on the local page and for there to be no overflow 4070 ** pages. When that is so, this routine can be used to access the 4071 ** key and data without making a copy. If the key and/or data spills 4072 ** onto overflow pages, then accessPayload() must be used to reassemble 4073 ** the key/data and copy it into a preallocated buffer. 4074 ** 4075 ** The pointer returned by this routine looks directly into the cached 4076 ** page of the database. The data might change or move the next time 4077 ** any btree routine is called. 4078 */ 4079 static const unsigned char *fetchPayload( 4080 BtCursor *pCur, /* Cursor pointing to entry to read from */ 4081 int *pAmt, /* Write the number of available bytes here */ 4082 int skipKey /* read beginning at data if this is true */ 4083 ){ 4084 unsigned char *aPayload; 4085 MemPage *pPage; 4086 u32 nKey; 4087 u32 nLocal; 4088 4089 assert( pCur!=0 && pCur->iPage>=0 && pCur->apPage[pCur->iPage]); 4090 assert( pCur->eState==CURSOR_VALID ); 4091 assert( cursorHoldsMutex(pCur) ); 4092 pPage = pCur->apPage[pCur->iPage]; 4093 assert( pCur->aiIdx[pCur->iPage]<pPage->nCell ); 4094 if( NEVER(pCur->info.nSize==0) ){ 4095 btreeParseCell(pCur->apPage[pCur->iPage], pCur->aiIdx[pCur->iPage], 4096 &pCur->info); 4097 } 4098 aPayload = pCur->info.pCell; 4099 aPayload += pCur->info.nHeader; 4100 if( pPage->intKey ){ 4101 nKey = 0; 4102 }else{ 4103 nKey = (int)pCur->info.nKey; 4104 } 4105 if( skipKey ){ 4106 aPayload += nKey; 4107 nLocal = pCur->info.nLocal - nKey; 4108 }else{ 4109 nLocal = pCur->info.nLocal; 4110 assert( nLocal<=nKey ); 4111 } 4112 *pAmt = nLocal; 4113 return aPayload; 4114 } 4115 4116 4117 /* 4118 ** For the entry that cursor pCur is point to, return as 4119 ** many bytes of the key or data as are available on the local 4120 ** b-tree page. Write the number of available bytes into *pAmt. 4121 ** 4122 ** The pointer returned is ephemeral. The key/data may move 4123 ** or be destroyed on the next call to any Btree routine, 4124 ** including calls from other threads against the same cache. 4125 ** Hence, a mutex on the BtShared should be held prior to calling 4126 ** this routine. 4127 ** 4128 ** These routines is used to get quick access to key and data 4129 ** in the common case where no overflow pages are used. 4130 */ 4131 const void *sqlite3BtreeKeyFetch(BtCursor *pCur, int *pAmt){ 4132 const void *p = 0; 4133 assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) ); 4134 assert( cursorHoldsMutex(pCur) ); 4135 if( ALWAYS(pCur->eState==CURSOR_VALID) ){ 4136 p = (const void*)fetchPayload(pCur, pAmt, 0); 4137 } 4138 return p; 4139 } 4140 const void *sqlite3BtreeDataFetch(BtCursor *pCur, int *pAmt){ 4141 const void *p = 0; 4142 assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) ); 4143 assert( cursorHoldsMutex(pCur) ); 4144 if( ALWAYS(pCur->eState==CURSOR_VALID) ){ 4145 p = (const void*)fetchPayload(pCur, pAmt, 1); 4146 } 4147 return p; 4148 } 4149 4150 4151 /* 4152 ** Move the cursor down to a new child page. The newPgno argument is the 4153 ** page number of the child page to move to. 4154 ** 4155 ** This function returns SQLITE_CORRUPT if the page-header flags field of 4156 ** the new child page does not match the flags field of the parent (i.e. 4157 ** if an intkey page appears to be the parent of a non-intkey page, or 4158 ** vice-versa). 4159 */ 4160 static int moveToChild(BtCursor *pCur, u32 newPgno){ 4161 int rc; 4162 int i = pCur->iPage; 4163 MemPage *pNewPage; 4164 BtShared *pBt = pCur->pBt; 4165 4166 assert( cursorHoldsMutex(pCur) ); 4167 assert( pCur->eState==CURSOR_VALID ); 4168 assert( pCur->iPage<BTCURSOR_MAX_DEPTH ); 4169 if( pCur->iPage>=(BTCURSOR_MAX_DEPTH-1) ){ 4170 return SQLITE_CORRUPT_BKPT; 4171 } 4172 rc = getAndInitPage(pBt, newPgno, &pNewPage); 4173 if( rc ) return rc; 4174 pCur->apPage[i+1] = pNewPage; 4175 pCur->aiIdx[i+1] = 0; 4176 pCur->iPage++; 4177 4178 pCur->info.nSize = 0; 4179 pCur->validNKey = 0; 4180 if( pNewPage->nCell<1 || pNewPage->intKey!=pCur->apPage[i]->intKey ){ 4181 return SQLITE_CORRUPT_BKPT; 4182 } 4183 return SQLITE_OK; 4184 } 4185 4186 #ifndef NDEBUG 4187 /* 4188 ** Page pParent is an internal (non-leaf) tree page. This function 4189 ** asserts that page number iChild is the left-child if the iIdx'th 4190 ** cell in page pParent. Or, if iIdx is equal to the total number of 4191 ** cells in pParent, that page number iChild is the right-child of 4192 ** the page. 4193 */ 4194 static void assertParentIndex(MemPage *pParent, int iIdx, Pgno iChild){ 4195 assert( iIdx<=pParent->nCell ); 4196 if( iIdx==pParent->nCell ){ 4197 assert( get4byte(&pParent->aData[pParent->hdrOffset+8])==iChild ); 4198 }else{ 4199 assert( get4byte(findCell(pParent, iIdx))==iChild ); 4200 } 4201 } 4202 #else 4203 # define assertParentIndex(x,y,z) 4204 #endif 4205 4206 /* 4207 ** Move the cursor up to the parent page. 4208 ** 4209 ** pCur->idx is set to the cell index that contains the pointer 4210 ** to the page we are coming from. If we are coming from the 4211 ** right-most child page then pCur->idx is set to one more than 4212 ** the largest cell index. 4213 */ 4214 static void moveToParent(BtCursor *pCur){ 4215 assert( cursorHoldsMutex(pCur) ); 4216 assert( pCur->eState==CURSOR_VALID ); 4217 assert( pCur->iPage>0 ); 4218 assert( pCur->apPage[pCur->iPage] ); 4219 assertParentIndex( 4220 pCur->apPage[pCur->iPage-1], 4221 pCur->aiIdx[pCur->iPage-1], 4222 pCur->apPage[pCur->iPage]->pgno 4223 ); 4224 releasePage(pCur->apPage[pCur->iPage]); 4225 pCur->iPage--; 4226 pCur->info.nSize = 0; 4227 pCur->validNKey = 0; 4228 } 4229 4230 /* 4231 ** Move the cursor to point to the root page of its b-tree structure. 4232 ** 4233 ** If the table has a virtual root page, then the cursor is moved to point 4234 ** to the virtual root page instead of the actual root page. A table has a 4235 ** virtual root page when the actual root page contains no cells and a 4236 ** single child page. This can only happen with the table rooted at page 1. 4237 ** 4238 ** If the b-tree structure is empty, the cursor state is set to 4239 ** CURSOR_INVALID. Otherwise, the cursor is set to point to the first 4240 ** cell located on the root (or virtual root) page and the cursor state 4241 ** is set to CURSOR_VALID. 4242 ** 4243 ** If this function returns successfully, it may be assumed that the 4244 ** page-header flags indicate that the [virtual] root-page is the expected 4245 ** kind of b-tree page (i.e. if when opening the cursor the caller did not 4246 ** specify a KeyInfo structure the flags byte is set to 0x05 or 0x0D, 4247 ** indicating a table b-tree, or if the caller did specify a KeyInfo 4248 ** structure the flags byte is set to 0x02 or 0x0A, indicating an index 4249 ** b-tree). 4250 */ 4251 static int moveToRoot(BtCursor *pCur){ 4252 MemPage *pRoot; 4253 int rc = SQLITE_OK; 4254 Btree *p = pCur->pBtree; 4255 BtShared *pBt = p->pBt; 4256 4257 assert( cursorHoldsMutex(pCur) ); 4258 assert( CURSOR_INVALID < CURSOR_REQUIRESEEK ); 4259 assert( CURSOR_VALID < CURSOR_REQUIRESEEK ); 4260 assert( CURSOR_FAULT > CURSOR_REQUIRESEEK ); 4261 if( pCur->eState>=CURSOR_REQUIRESEEK ){ 4262 if( pCur->eState==CURSOR_FAULT ){ 4263 assert( pCur->skipNext!=SQLITE_OK ); 4264 return pCur->skipNext; 4265 } 4266 sqlite3BtreeClearCursor(pCur); 4267 } 4268 4269 if( pCur->iPage>=0 ){ 4270 int i; 4271 for(i=1; i<=pCur->iPage; i++){ 4272 releasePage(pCur->apPage[i]); 4273 } 4274 pCur->iPage = 0; 4275 }else if( pCur->pgnoRoot==0 ){ 4276 pCur->eState = CURSOR_INVALID; 4277 return SQLITE_OK; 4278 }else{ 4279 rc = getAndInitPage(pBt, pCur->pgnoRoot, &pCur->apPage[0]); 4280 if( rc!=SQLITE_OK ){ 4281 pCur->eState = CURSOR_INVALID; 4282 return rc; 4283 } 4284 pCur->iPage = 0; 4285 4286 /* If pCur->pKeyInfo is not NULL, then the caller that opened this cursor 4287 ** expected to open it on an index b-tree. Otherwise, if pKeyInfo is 4288 ** NULL, the caller expects a table b-tree. If this is not the case, 4289 ** return an SQLITE_CORRUPT error. */ 4290 assert( pCur->apPage[0]->intKey==1 || pCur->apPage[0]->intKey==0 ); 4291 if( (pCur->pKeyInfo==0)!=pCur->apPage[0]->intKey ){ 4292 return SQLITE_CORRUPT_BKPT; 4293 } 4294 } 4295 4296 /* Assert that the root page is of the correct type. This must be the 4297 ** case as the call to this function that loaded the root-page (either 4298 ** this call or a previous invocation) would have detected corruption 4299 ** if the assumption were not true, and it is not possible for the flags 4300 ** byte to have been modified while this cursor is holding a reference 4301 ** to the page. */ 4302 pRoot = pCur->apPage[0]; 4303 assert( pRoot->pgno==pCur->pgnoRoot ); 4304 assert( pRoot->isInit && (pCur->pKeyInfo==0)==pRoot->intKey ); 4305 4306 pCur->aiIdx[0] = 0; 4307 pCur->info.nSize = 0; 4308 pCur->atLast = 0; 4309 pCur->validNKey = 0; 4310 4311 if( pRoot->nCell==0 && !pRoot->leaf ){ 4312 Pgno subpage; 4313 if( pRoot->pgno!=1 ) return SQLITE_CORRUPT_BKPT; 4314 subpage = get4byte(&pRoot->aData[pRoot->hdrOffset+8]); 4315 pCur->eState = CURSOR_VALID; 4316 rc = moveToChild(pCur, subpage); 4317 }else{ 4318 pCur->eState = ((pRoot->nCell>0)?CURSOR_VALID:CURSOR_INVALID); 4319 } 4320 return rc; 4321 } 4322 4323 /* 4324 ** Move the cursor down to the left-most leaf entry beneath the 4325 ** entry to which it is currently pointing. 4326 ** 4327 ** The left-most leaf is the one with the smallest key - the first 4328 ** in ascending order. 4329 */ 4330 static int moveToLeftmost(BtCursor *pCur){ 4331 Pgno pgno; 4332 int rc = SQLITE_OK; 4333 MemPage *pPage; 4334 4335 assert( cursorHoldsMutex(pCur) ); 4336 assert( pCur->eState==CURSOR_VALID ); 4337 while( rc==SQLITE_OK && !(pPage = pCur->apPage[pCur->iPage])->leaf ){ 4338 assert( pCur->aiIdx[pCur->iPage]<pPage->nCell ); 4339 pgno = get4byte(findCell(pPage, pCur->aiIdx[pCur->iPage])); 4340 rc = moveToChild(pCur, pgno); 4341 } 4342 return rc; 4343 } 4344 4345 /* 4346 ** Move the cursor down to the right-most leaf entry beneath the 4347 ** page to which it is currently pointing. Notice the difference 4348 ** between moveToLeftmost() and moveToRightmost(). moveToLeftmost() 4349 ** finds the left-most entry beneath the *entry* whereas moveToRightmost() 4350 ** finds the right-most entry beneath the *page*. 4351 ** 4352 ** The right-most entry is the one with the largest key - the last 4353 ** key in ascending order. 4354 */ 4355 static int moveToRightmost(BtCursor *pCur){ 4356 Pgno pgno; 4357 int rc = SQLITE_OK; 4358 MemPage *pPage = 0; 4359 4360 assert( cursorHoldsMutex(pCur) ); 4361 assert( pCur->eState==CURSOR_VALID ); 4362 while( rc==SQLITE_OK && !(pPage = pCur->apPage[pCur->iPage])->leaf ){ 4363 pgno = get4byte(&pPage->aData[pPage->hdrOffset+8]); 4364 pCur->aiIdx[pCur->iPage] = pPage->nCell; 4365 rc = moveToChild(pCur, pgno); 4366 } 4367 if( rc==SQLITE_OK ){ 4368 pCur->aiIdx[pCur->iPage] = pPage->nCell-1; 4369 pCur->info.nSize = 0; 4370 pCur->validNKey = 0; 4371 } 4372 return rc; 4373 } 4374 4375 /* Move the cursor to the first entry in the table. Return SQLITE_OK 4376 ** on success. Set *pRes to 0 if the cursor actually points to something 4377 ** or set *pRes to 1 if the table is empty. 4378 */ 4379 int sqlite3BtreeFirst(BtCursor *pCur, int *pRes){ 4380 int rc; 4381 4382 assert( cursorHoldsMutex(pCur) ); 4383 assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) ); 4384 rc = moveToRoot(pCur); 4385 if( rc==SQLITE_OK ){ 4386 if( pCur->eState==CURSOR_INVALID ){ 4387 assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 ); 4388 *pRes = 1; 4389 }else{ 4390 assert( pCur->apPage[pCur->iPage]->nCell>0 ); 4391 *pRes = 0; 4392 rc = moveToLeftmost(pCur); 4393 } 4394 } 4395 return rc; 4396 } 4397 4398 /* Move the cursor to the last entry in the table. Return SQLITE_OK 4399 ** on success. Set *pRes to 0 if the cursor actually points to something 4400 ** or set *pRes to 1 if the table is empty. 4401 */ 4402 int sqlite3BtreeLast(BtCursor *pCur, int *pRes){ 4403 int rc; 4404 4405 assert( cursorHoldsMutex(pCur) ); 4406 assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) ); 4407 4408 /* If the cursor already points to the last entry, this is a no-op. */ 4409 if( CURSOR_VALID==pCur->eState && pCur->atLast ){ 4410 #ifdef SQLITE_DEBUG 4411 /* This block serves to assert() that the cursor really does point 4412 ** to the last entry in the b-tree. */ 4413 int ii; 4414 for(ii=0; ii<pCur->iPage; ii++){ 4415 assert( pCur->aiIdx[ii]==pCur->apPage[ii]->nCell ); 4416 } 4417 assert( pCur->aiIdx[pCur->iPage]==pCur->apPage[pCur->iPage]->nCell-1 ); 4418 assert( pCur->apPage[pCur->iPage]->leaf ); 4419 #endif 4420 return SQLITE_OK; 4421 } 4422 4423 rc = moveToRoot(pCur); 4424 if( rc==SQLITE_OK ){ 4425 if( CURSOR_INVALID==pCur->eState ){ 4426 assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 ); 4427 *pRes = 1; 4428 }else{ 4429 assert( pCur->eState==CURSOR_VALID ); 4430 *pRes = 0; 4431 rc = moveToRightmost(pCur); 4432 pCur->atLast = rc==SQLITE_OK ?1:0; 4433 } 4434 } 4435 return rc; 4436 } 4437 4438 /* Move the cursor so that it points to an entry near the key 4439 ** specified by pIdxKey or intKey. Return a success code. 4440 ** 4441 ** For INTKEY tables, the intKey parameter is used. pIdxKey 4442 ** must be NULL. For index tables, pIdxKey is used and intKey 4443 ** is ignored. 4444 ** 4445 ** If an exact match is not found, then the cursor is always 4446 ** left pointing at a leaf page which would hold the entry if it 4447 ** were present. The cursor might point to an entry that comes 4448 ** before or after the key. 4449 ** 4450 ** An integer is written into *pRes which is the result of 4451 ** comparing the key with the entry to which the cursor is 4452 ** pointing. The meaning of the integer written into 4453 ** *pRes is as follows: 4454 ** 4455 ** *pRes<0 The cursor is left pointing at an entry that 4456 ** is smaller than intKey/pIdxKey or if the table is empty 4457 ** and the cursor is therefore left point to nothing. 4458 ** 4459 ** *pRes==0 The cursor is left pointing at an entry that 4460 ** exactly matches intKey/pIdxKey. 4461 ** 4462 ** *pRes>0 The cursor is left pointing at an entry that 4463 ** is larger than intKey/pIdxKey. 4464 ** 4465 */ 4466 int sqlite3BtreeMovetoUnpacked( 4467 BtCursor *pCur, /* The cursor to be moved */ 4468 UnpackedRecord *pIdxKey, /* Unpacked index key */ 4469 i64 intKey, /* The table key */ 4470 int biasRight, /* If true, bias the search to the high end */ 4471 int *pRes /* Write search results here */ 4472 ){ 4473 int rc; 4474 4475 assert( cursorHoldsMutex(pCur) ); 4476 assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) ); 4477 assert( pRes ); 4478 assert( (pIdxKey==0)==(pCur->pKeyInfo==0) ); 4479 4480 /* If the cursor is already positioned at the point we are trying 4481 ** to move to, then just return without doing any work */ 4482 if( pCur->eState==CURSOR_VALID && pCur->validNKey 4483 && pCur->apPage[0]->intKey 4484 ){ 4485 if( pCur->info.nKey==intKey ){ 4486 *pRes = 0; 4487 return SQLITE_OK; 4488 } 4489 if( pCur->atLast && pCur->info.nKey<intKey ){ 4490 *pRes = -1; 4491 return SQLITE_OK; 4492 } 4493 } 4494 4495 rc = moveToRoot(pCur); 4496 if( rc ){ 4497 return rc; 4498 } 4499 assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage] ); 4500 assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->isInit ); 4501 assert( pCur->eState==CURSOR_INVALID || pCur->apPage[pCur->iPage]->nCell>0 ); 4502 if( pCur->eState==CURSOR_INVALID ){ 4503 *pRes = -1; 4504 assert( pCur->pgnoRoot==0 || pCur->apPage[pCur->iPage]->nCell==0 ); 4505 return SQLITE_OK; 4506 } 4507 assert( pCur->apPage[0]->intKey || pIdxKey ); 4508 for(;;){ 4509 int lwr, upr, idx; 4510 Pgno chldPg; 4511 MemPage *pPage = pCur->apPage[pCur->iPage]; 4512 int c; 4513 4514 /* pPage->nCell must be greater than zero. If this is the root-page 4515 ** the cursor would have been INVALID above and this for(;;) loop 4516 ** not run. If this is not the root-page, then the moveToChild() routine 4517 ** would have already detected db corruption. Similarly, pPage must 4518 ** be the right kind (index or table) of b-tree page. Otherwise 4519 ** a moveToChild() or moveToRoot() call would have detected corruption. */ 4520 assert( pPage->nCell>0 ); 4521 assert( pPage->intKey==(pIdxKey==0) ); 4522 lwr = 0; 4523 upr = pPage->nCell-1; 4524 if( biasRight ){ 4525 pCur->aiIdx[pCur->iPage] = (u16)(idx = upr); 4526 }else{ 4527 pCur->aiIdx[pCur->iPage] = (u16)(idx = (upr+lwr)/2); 4528 } 4529 for(;;){ 4530 u8 *pCell; /* Pointer to current cell in pPage */ 4531 4532 assert( idx==pCur->aiIdx[pCur->iPage] ); 4533 pCur->info.nSize = 0; 4534 pCell = findCell(pPage, idx) + pPage->childPtrSize; 4535 if( pPage->intKey ){ 4536 i64 nCellKey; 4537 if( pPage->hasData ){ 4538 u32 dummy; 4539 pCell += getVarint32(pCell, dummy); 4540 } 4541 getVarint(pCell, (u64*)&nCellKey); 4542 if( nCellKey==intKey ){ 4543 c = 0; 4544 }else if( nCellKey<intKey ){ 4545 c = -1; 4546 }else{ 4547 assert( nCellKey>intKey ); 4548 c = +1; 4549 } 4550 pCur->validNKey = 1; 4551 pCur->info.nKey = nCellKey; 4552 }else{ 4553 /* The maximum supported page-size is 65536 bytes. This means that 4554 ** the maximum number of record bytes stored on an index B-Tree 4555 ** page is less than 16384 bytes and may be stored as a 2-byte 4556 ** varint. This information is used to attempt to avoid parsing 4557 ** the entire cell by checking for the cases where the record is 4558 ** stored entirely within the b-tree page by inspecting the first 4559 ** 2 bytes of the cell. 4560 */ 4561 int nCell = pCell[0]; 4562 if( !(nCell & 0x80) 4563 && nCell<=pPage->maxLocal 4564 && (pCell+nCell+1)<=pPage->aDataEnd 4565 ){ 4566 /* This branch runs if the record-size field of the cell is a 4567 ** single byte varint and the record fits entirely on the main 4568 ** b-tree page. */ 4569 testcase( pCell+nCell+1==pPage->aDataEnd ); 4570 c = sqlite3VdbeRecordCompare(nCell, (void*)&pCell[1], pIdxKey); 4571 }else if( !(pCell[1] & 0x80) 4572 && (nCell = ((nCell&0x7f)<<7) + pCell[1])<=pPage->maxLocal 4573 && (pCell+nCell+2)<=pPage->aDataEnd 4574 ){ 4575 /* The record-size field is a 2 byte varint and the record 4576 ** fits entirely on the main b-tree page. */ 4577 testcase( pCell+nCell+2==pPage->aDataEnd ); 4578 c = sqlite3VdbeRecordCompare(nCell, (void*)&pCell[2], pIdxKey); 4579 }else{ 4580 /* The record flows over onto one or more overflow pages. In 4581 ** this case the whole cell needs to be parsed, a buffer allocated 4582 ** and accessPayload() used to retrieve the record into the 4583 ** buffer before VdbeRecordCompare() can be called. */ 4584 void *pCellKey; 4585 u8 * const pCellBody = pCell - pPage->childPtrSize; 4586 btreeParseCellPtr(pPage, pCellBody, &pCur->info); 4587 nCell = (int)pCur->info.nKey; 4588 pCellKey = sqlite3Malloc( nCell ); 4589 if( pCellKey==0 ){ 4590 rc = SQLITE_NOMEM; 4591 goto moveto_finish; 4592 } 4593 rc = accessPayload(pCur, 0, nCell, (unsigned char*)pCellKey, 0); 4594 if( rc ){ 4595 sqlite3_free(pCellKey); 4596 goto moveto_finish; 4597 } 4598 c = sqlite3VdbeRecordCompare(nCell, pCellKey, pIdxKey); 4599 sqlite3_free(pCellKey); 4600 } 4601 } 4602 if( c==0 ){ 4603 if( pPage->intKey && !pPage->leaf ){ 4604 lwr = idx; 4605 break; 4606 }else{ 4607 *pRes = 0; 4608 rc = SQLITE_OK; 4609 goto moveto_finish; 4610 } 4611 } 4612 if( c<0 ){ 4613 lwr = idx+1; 4614 }else{ 4615 upr = idx-1; 4616 } 4617 if( lwr>upr ){ 4618 break; 4619 } 4620 pCur->aiIdx[pCur->iPage] = (u16)(idx = (lwr+upr)/2); 4621 } 4622 assert( lwr==upr+1 || (pPage->intKey && !pPage->leaf) ); 4623 assert( pPage->isInit ); 4624 if( pPage->leaf ){ 4625 chldPg = 0; 4626 }else if( lwr>=pPage->nCell ){ 4627 chldPg = get4byte(&pPage->aData[pPage->hdrOffset+8]); 4628 }else{ 4629 chldPg = get4byte(findCell(pPage, lwr)); 4630 } 4631 if( chldPg==0 ){ 4632 assert( pCur->aiIdx[pCur->iPage]<pCur->apPage[pCur->iPage]->nCell ); 4633 *pRes = c; 4634 rc = SQLITE_OK; 4635 goto moveto_finish; 4636 } 4637 pCur->aiIdx[pCur->iPage] = (u16)lwr; 4638 pCur->info.nSize = 0; 4639 pCur->validNKey = 0; 4640 rc = moveToChild(pCur, chldPg); 4641 if( rc ) goto moveto_finish; 4642 } 4643 moveto_finish: 4644 return rc; 4645 } 4646 4647 4648 /* 4649 ** Return TRUE if the cursor is not pointing at an entry of the table. 4650 ** 4651 ** TRUE will be returned after a call to sqlite3BtreeNext() moves 4652 ** past the last entry in the table or sqlite3BtreePrev() moves past 4653 ** the first entry. TRUE is also returned if the table is empty. 4654 */ 4655 int sqlite3BtreeEof(BtCursor *pCur){ 4656 /* TODO: What if the cursor is in CURSOR_REQUIRESEEK but all table entries 4657 ** have been deleted? This API will need to change to return an error code 4658 ** as well as the boolean result value. 4659 */ 4660 return (CURSOR_VALID!=pCur->eState); 4661 } 4662 4663 /* 4664 ** Advance the cursor to the next entry in the database. If 4665 ** successful then set *pRes=0. If the cursor 4666 ** was already pointing to the last entry in the database before 4667 ** this routine was called, then set *pRes=1. 4668 */ 4669 int sqlite3BtreeNext(BtCursor *pCur, int *pRes){ 4670 int rc; 4671 int idx; 4672 MemPage *pPage; 4673 4674 assert( cursorHoldsMutex(pCur) ); 4675 rc = restoreCursorPosition(pCur); 4676 if( rc!=SQLITE_OK ){ 4677 return rc; 4678 } 4679 assert( pRes!=0 ); 4680 if( CURSOR_INVALID==pCur->eState ){ 4681 *pRes = 1; 4682 return SQLITE_OK; 4683 } 4684 if( pCur->skipNext>0 ){ 4685 pCur->skipNext = 0; 4686 *pRes = 0; 4687 return SQLITE_OK; 4688 } 4689 pCur->skipNext = 0; 4690 4691 pPage = pCur->apPage[pCur->iPage]; 4692 idx = ++pCur->aiIdx[pCur->iPage]; 4693 assert( pPage->isInit ); 4694 assert( idx<=pPage->nCell ); 4695 4696 pCur->info.nSize = 0; 4697 pCur->validNKey = 0; 4698 if( idx>=pPage->nCell ){ 4699 if( !pPage->leaf ){ 4700 rc = moveToChild(pCur, get4byte(&pPage->aData[pPage->hdrOffset+8])); 4701 if( rc ) return rc; 4702 rc = moveToLeftmost(pCur); 4703 *pRes = 0; 4704 return rc; 4705 } 4706 do{ 4707 if( pCur->iPage==0 ){ 4708 *pRes = 1; 4709 pCur->eState = CURSOR_INVALID; 4710 return SQLITE_OK; 4711 } 4712 moveToParent(pCur); 4713 pPage = pCur->apPage[pCur->iPage]; 4714 }while( pCur->aiIdx[pCur->iPage]>=pPage->nCell ); 4715 *pRes = 0; 4716 if( pPage->intKey ){ 4717 rc = sqlite3BtreeNext(pCur, pRes); 4718 }else{ 4719 rc = SQLITE_OK; 4720 } 4721 return rc; 4722 } 4723 *pRes = 0; 4724 if( pPage->leaf ){ 4725 return SQLITE_OK; 4726 } 4727 rc = moveToLeftmost(pCur); 4728 return rc; 4729 } 4730 4731 4732 /* 4733 ** Step the cursor to the back to the previous entry in the database. If 4734 ** successful then set *pRes=0. If the cursor 4735 ** was already pointing to the first entry in the database before 4736 ** this routine was called, then set *pRes=1. 4737 */ 4738 int sqlite3BtreePrevious(BtCursor *pCur, int *pRes){ 4739 int rc; 4740 MemPage *pPage; 4741 4742 assert( cursorHoldsMutex(pCur) ); 4743 rc = restoreCursorPosition(pCur); 4744 if( rc!=SQLITE_OK ){ 4745 return rc; 4746 } 4747 pCur->atLast = 0; 4748 if( CURSOR_INVALID==pCur->eState ){ 4749 *pRes = 1; 4750 return SQLITE_OK; 4751 } 4752 if( pCur->skipNext<0 ){ 4753 pCur->skipNext = 0; 4754 *pRes = 0; 4755 return SQLITE_OK; 4756 } 4757 pCur->skipNext = 0; 4758 4759 pPage = pCur->apPage[pCur->iPage]; 4760 assert( pPage->isInit ); 4761 if( !pPage->leaf ){ 4762 int idx = pCur->aiIdx[pCur->iPage]; 4763 rc = moveToChild(pCur, get4byte(findCell(pPage, idx))); 4764 if( rc ){ 4765 return rc; 4766 } 4767 rc = moveToRightmost(pCur); 4768 }else{ 4769 while( pCur->aiIdx[pCur->iPage]==0 ){ 4770 if( pCur->iPage==0 ){ 4771 pCur->eState = CURSOR_INVALID; 4772 *pRes = 1; 4773 return SQLITE_OK; 4774 } 4775 moveToParent(pCur); 4776 } 4777 pCur->info.nSize = 0; 4778 pCur->validNKey = 0; 4779 4780 pCur->aiIdx[pCur->iPage]--; 4781 pPage = pCur->apPage[pCur->iPage]; 4782 if( pPage->intKey && !pPage->leaf ){ 4783 rc = sqlite3BtreePrevious(pCur, pRes); 4784 }else{ 4785 rc = SQLITE_OK; 4786 } 4787 } 4788 *pRes = 0; 4789 return rc; 4790 } 4791 4792 /* 4793 ** Allocate a new page from the database file. 4794 ** 4795 ** The new page is marked as dirty. (In other words, sqlite3PagerWrite() 4796 ** has already been called on the new page.) The new page has also 4797 ** been referenced and the calling routine is responsible for calling 4798 ** sqlite3PagerUnref() on the new page when it is done. 4799 ** 4800 ** SQLITE_OK is returned on success. Any other return value indicates 4801 ** an error. *ppPage and *pPgno are undefined in the event of an error. 4802 ** Do not invoke sqlite3PagerUnref() on *ppPage if an error is returned. 4803 ** 4804 ** If the "nearby" parameter is not 0, then a (feeble) effort is made to 4805 ** locate a page close to the page number "nearby". This can be used in an 4806 ** attempt to keep related pages close to each other in the database file, 4807 ** which in turn can make database access faster. 4808 ** 4809 ** If the "exact" parameter is not 0, and the page-number nearby exists 4810 ** anywhere on the free-list, then it is guarenteed to be returned. This 4811 ** is only used by auto-vacuum databases when allocating a new table. 4812 */ 4813 static int allocateBtreePage( 4814 BtShared *pBt, 4815 MemPage **ppPage, 4816 Pgno *pPgno, 4817 Pgno nearby, 4818 u8 exact 4819 ){ 4820 MemPage *pPage1; 4821 int rc; 4822 u32 n; /* Number of pages on the freelist */ 4823 u32 k; /* Number of leaves on the trunk of the freelist */ 4824 MemPage *pTrunk = 0; 4825 MemPage *pPrevTrunk = 0; 4826 Pgno mxPage; /* Total size of the database file */ 4827 4828 assert( sqlite3_mutex_held(pBt->mutex) ); 4829 pPage1 = pBt->pPage1; 4830 mxPage = btreePagecount(pBt); 4831 n = get4byte(&pPage1->aData[36]); 4832 testcase( n==mxPage-1 ); 4833 if( n>=mxPage ){ 4834 return SQLITE_CORRUPT_BKPT; 4835 } 4836 if( n>0 ){ 4837 /* There are pages on the freelist. Reuse one of those pages. */ 4838 Pgno iTrunk; 4839 u8 searchList = 0; /* If the free-list must be searched for 'nearby' */ 4840 4841 /* If the 'exact' parameter was true and a query of the pointer-map 4842 ** shows that the page 'nearby' is somewhere on the free-list, then 4843 ** the entire-list will be searched for that page. 4844 */ 4845 #ifndef SQLITE_OMIT_AUTOVACUUM 4846 if( exact && nearby<=mxPage ){ 4847 u8 eType; 4848 assert( nearby>0 ); 4849 assert( pBt->autoVacuum ); 4850 rc = ptrmapGet(pBt, nearby, &eType, 0); 4851 if( rc ) return rc; 4852 if( eType==PTRMAP_FREEPAGE ){ 4853 searchList = 1; 4854 } 4855 *pPgno = nearby; 4856 } 4857 #endif 4858 4859 /* Decrement the free-list count by 1. Set iTrunk to the index of the 4860 ** first free-list trunk page. iPrevTrunk is initially 1. 4861 */ 4862 rc = sqlite3PagerWrite(pPage1->pDbPage); 4863 if( rc ) return rc; 4864 put4byte(&pPage1->aData[36], n-1); 4865 4866 /* The code within this loop is run only once if the 'searchList' variable 4867 ** is not true. Otherwise, it runs once for each trunk-page on the 4868 ** free-list until the page 'nearby' is located. 4869 */ 4870 do { 4871 pPrevTrunk = pTrunk; 4872 if( pPrevTrunk ){ 4873 iTrunk = get4byte(&pPrevTrunk->aData[0]); 4874 }else{ 4875 iTrunk = get4byte(&pPage1->aData[32]); 4876 } 4877 testcase( iTrunk==mxPage ); 4878 if( iTrunk>mxPage ){ 4879 rc = SQLITE_CORRUPT_BKPT; 4880 }else{ 4881 rc = btreeGetPage(pBt, iTrunk, &pTrunk, 0); 4882 } 4883 if( rc ){ 4884 pTrunk = 0; 4885 goto end_allocate_page; 4886 } 4887 assert( pTrunk!=0 ); 4888 assert( pTrunk->aData!=0 ); 4889 4890 k = get4byte(&pTrunk->aData[4]); /* # of leaves on this trunk page */ 4891 if( k==0 && !searchList ){ 4892 /* The trunk has no leaves and the list is not being searched. 4893 ** So extract the trunk page itself and use it as the newly 4894 ** allocated page */ 4895 assert( pPrevTrunk==0 ); 4896 rc = sqlite3PagerWrite(pTrunk->pDbPage); 4897 if( rc ){ 4898 goto end_allocate_page; 4899 } 4900 *pPgno = iTrunk; 4901 memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4); 4902 *ppPage = pTrunk; 4903 pTrunk = 0; 4904 TRACE(("ALLOCATE: %d trunk - %d free pages left\n", *pPgno, n-1)); 4905 }else if( k>(u32)(pBt->usableSize/4 - 2) ){ 4906 /* Value of k is out of range. Database corruption */ 4907 rc = SQLITE_CORRUPT_BKPT; 4908 goto end_allocate_page; 4909 #ifndef SQLITE_OMIT_AUTOVACUUM 4910 }else if( searchList && nearby==iTrunk ){ 4911 /* The list is being searched and this trunk page is the page 4912 ** to allocate, regardless of whether it has leaves. 4913 */ 4914 assert( *pPgno==iTrunk ); 4915 *ppPage = pTrunk; 4916 searchList = 0; 4917 rc = sqlite3PagerWrite(pTrunk->pDbPage); 4918 if( rc ){ 4919 goto end_allocate_page; 4920 } 4921 if( k==0 ){ 4922 if( !pPrevTrunk ){ 4923 memcpy(&pPage1->aData[32], &pTrunk->aData[0], 4); 4924 }else{ 4925 rc = sqlite3PagerWrite(pPrevTrunk->pDbPage); 4926 if( rc!=SQLITE_OK ){ 4927 goto end_allocate_page; 4928 } 4929 memcpy(&pPrevTrunk->aData[0], &pTrunk->aData[0], 4); 4930 } 4931 }else{ 4932 /* The trunk page is required by the caller but it contains 4933 ** pointers to free-list leaves. The first leaf becomes a trunk 4934 ** page in this case. 4935 */ 4936 MemPage *pNewTrunk; 4937 Pgno iNewTrunk = get4byte(&pTrunk->aData[8]); 4938 if( iNewTrunk>mxPage ){ 4939 rc = SQLITE_CORRUPT_BKPT; 4940 goto end_allocate_page; 4941 } 4942 testcase( iNewTrunk==mxPage ); 4943 rc = btreeGetPage(pBt, iNewTrunk, &pNewTrunk, 0); 4944 if( rc!=SQLITE_OK ){ 4945 goto end_allocate_page; 4946 } 4947 rc = sqlite3PagerWrite(pNewTrunk->pDbPage); 4948 if( rc!=SQLITE_OK ){ 4949 releasePage(pNewTrunk); 4950 goto end_allocate_page; 4951 } 4952 memcpy(&pNewTrunk->aData[0], &pTrunk->aData[0], 4); 4953 put4byte(&pNewTrunk->aData[4], k-1); 4954 memcpy(&pNewTrunk->aData[8], &pTrunk->aData[12], (k-1)*4); 4955 releasePage(pNewTrunk); 4956 if( !pPrevTrunk ){ 4957 assert( sqlite3PagerIswriteable(pPage1->pDbPage) ); 4958 put4byte(&pPage1->aData[32], iNewTrunk); 4959 }else{ 4960 rc = sqlite3PagerWrite(pPrevTrunk->pDbPage); 4961 if( rc ){ 4962 goto end_allocate_page; 4963 } 4964 put4byte(&pPrevTrunk->aData[0], iNewTrunk); 4965 } 4966 } 4967 pTrunk = 0; 4968 TRACE(("ALLOCATE: %d trunk - %d free pages left\n", *pPgno, n-1)); 4969 #endif 4970 }else if( k>0 ){ 4971 /* Extract a leaf from the trunk */ 4972 u32 closest; 4973 Pgno iPage; 4974 unsigned char *aData = pTrunk->aData; 4975 if( nearby>0 ){ 4976 u32 i; 4977 int dist; 4978 closest = 0; 4979 dist = sqlite3AbsInt32(get4byte(&aData[8]) - nearby); 4980 for(i=1; i<k; i++){ 4981 int d2 = sqlite3AbsInt32(get4byte(&aData[8+i*4]) - nearby); 4982 if( d2<dist ){ 4983 closest = i; 4984 dist = d2; 4985 } 4986 } 4987 }else{ 4988 closest = 0; 4989 } 4990 4991 iPage = get4byte(&aData[8+closest*4]); 4992 testcase( iPage==mxPage ); 4993 if( iPage>mxPage ){ 4994 rc = SQLITE_CORRUPT_BKPT; 4995 goto end_allocate_page; 4996 } 4997 testcase( iPage==mxPage ); 4998 if( !searchList || iPage==nearby ){ 4999 int noContent; 5000 *pPgno = iPage; 5001 TRACE(("ALLOCATE: %d was leaf %d of %d on trunk %d" 5002 ": %d more free pages\n", 5003 *pPgno, closest+1, k, pTrunk->pgno, n-1)); 5004 rc = sqlite3PagerWrite(pTrunk->pDbPage); 5005 if( rc ) goto end_allocate_page; 5006 if( closest<k-1 ){ 5007 memcpy(&aData[8+closest*4], &aData[4+k*4], 4); 5008 } 5009 put4byte(&aData[4], k-1); 5010 noContent = !btreeGetHasContent(pBt, *pPgno); 5011 rc = btreeGetPage(pBt, *pPgno, ppPage, noContent); 5012 if( rc==SQLITE_OK ){ 5013 rc = sqlite3PagerWrite((*ppPage)->pDbPage); 5014 if( rc!=SQLITE_OK ){ 5015 releasePage(*ppPage); 5016 } 5017 } 5018 searchList = 0; 5019 } 5020 } 5021 releasePage(pPrevTrunk); 5022 pPrevTrunk = 0; 5023 }while( searchList ); 5024 }else{ 5025 /* There are no pages on the freelist, so create a new page at the 5026 ** end of the file */ 5027 rc = sqlite3PagerWrite(pBt->pPage1->pDbPage); 5028 if( rc ) return rc; 5029 pBt->nPage++; 5030 if( pBt->nPage==PENDING_BYTE_PAGE(pBt) ) pBt->nPage++; 5031 5032 #ifndef SQLITE_OMIT_AUTOVACUUM 5033 if( pBt->autoVacuum && PTRMAP_ISPAGE(pBt, pBt->nPage) ){ 5034 /* If *pPgno refers to a pointer-map page, allocate two new pages 5035 ** at the end of the file instead of one. The first allocated page 5036 ** becomes a new pointer-map page, the second is used by the caller. 5037 */ 5038 MemPage *pPg = 0; 5039 TRACE(("ALLOCATE: %d from end of file (pointer-map page)\n", pBt->nPage)); 5040 assert( pBt->nPage!=PENDING_BYTE_PAGE(pBt) ); 5041 rc = btreeGetPage(pBt, pBt->nPage, &pPg, 1); 5042 if( rc==SQLITE_OK ){ 5043 rc = sqlite3PagerWrite(pPg->pDbPage); 5044 releasePage(pPg); 5045 } 5046 if( rc ) return rc; 5047 pBt->nPage++; 5048 if( pBt->nPage==PENDING_BYTE_PAGE(pBt) ){ pBt->nPage++; } 5049 } 5050 #endif 5051 put4byte(28 + (u8*)pBt->pPage1->aData, pBt->nPage); 5052 *pPgno = pBt->nPage; 5053 5054 assert( *pPgno!=PENDING_BYTE_PAGE(pBt) ); 5055 rc = btreeGetPage(pBt, *pPgno, ppPage, 1); 5056 if( rc ) return rc; 5057 rc = sqlite3PagerWrite((*ppPage)->pDbPage); 5058 if( rc!=SQLITE_OK ){ 5059 releasePage(*ppPage); 5060 } 5061 TRACE(("ALLOCATE: %d from end of file\n", *pPgno)); 5062 } 5063 5064 assert( *pPgno!=PENDING_BYTE_PAGE(pBt) ); 5065 5066 end_allocate_page: 5067 releasePage(pTrunk); 5068 releasePage(pPrevTrunk); 5069 if( rc==SQLITE_OK ){ 5070 if( sqlite3PagerPageRefcount((*ppPage)->pDbPage)>1 ){ 5071 releasePage(*ppPage); 5072 return SQLITE_CORRUPT_BKPT; 5073 } 5074 (*ppPage)->isInit = 0; 5075 }else{ 5076 *ppPage = 0; 5077 } 5078 assert( rc!=SQLITE_OK || sqlite3PagerIswriteable((*ppPage)->pDbPage) ); 5079 return rc; 5080 } 5081 5082 /* 5083 ** This function is used to add page iPage to the database file free-list. 5084 ** It is assumed that the page is not already a part of the free-list. 5085 ** 5086 ** The value passed as the second argument to this function is optional. 5087 ** If the caller happens to have a pointer to the MemPage object 5088 ** corresponding to page iPage handy, it may pass it as the second value. 5089 ** Otherwise, it may pass NULL. 5090 ** 5091 ** If a pointer to a MemPage object is passed as the second argument, 5092 ** its reference count is not altered by this function. 5093 */ 5094 static int freePage2(BtShared *pBt, MemPage *pMemPage, Pgno iPage){ 5095 MemPage *pTrunk = 0; /* Free-list trunk page */ 5096 Pgno iTrunk = 0; /* Page number of free-list trunk page */ 5097 MemPage *pPage1 = pBt->pPage1; /* Local reference to page 1 */ 5098 MemPage *pPage; /* Page being freed. May be NULL. */ 5099 int rc; /* Return Code */ 5100 int nFree; /* Initial number of pages on free-list */ 5101 5102 assert( sqlite3_mutex_held(pBt->mutex) ); 5103 assert( iPage>1 ); 5104 assert( !pMemPage || pMemPage->pgno==iPage ); 5105 5106 if( pMemPage ){ 5107 pPage = pMemPage; 5108 sqlite3PagerRef(pPage->pDbPage); 5109 }else{ 5110 pPage = btreePageLookup(pBt, iPage); 5111 } 5112 5113 /* Increment the free page count on pPage1 */ 5114 rc = sqlite3PagerWrite(pPage1->pDbPage); 5115 if( rc ) goto freepage_out; 5116 nFree = get4byte(&pPage1->aData[36]); 5117 put4byte(&pPage1->aData[36], nFree+1); 5118 5119 if( pBt->secureDelete ){ 5120 /* If the secure_delete option is enabled, then 5121 ** always fully overwrite deleted information with zeros. 5122 */ 5123 if( (!pPage && ((rc = btreeGetPage(pBt, iPage, &pPage, 0))!=0) ) 5124 || ((rc = sqlite3PagerWrite(pPage->pDbPage))!=0) 5125 ){ 5126 goto freepage_out; 5127 } 5128 memset(pPage->aData, 0, pPage->pBt->pageSize); 5129 } 5130 5131 /* If the database supports auto-vacuum, write an entry in the pointer-map 5132 ** to indicate that the page is free. 5133 */ 5134 if( ISAUTOVACUUM ){ 5135 ptrmapPut(pBt, iPage, PTRMAP_FREEPAGE, 0, &rc); 5136 if( rc ) goto freepage_out; 5137 } 5138 5139 /* Now manipulate the actual database free-list structure. There are two 5140 ** possibilities. If the free-list is currently empty, or if the first 5141 ** trunk page in the free-list is full, then this page will become a 5142 ** new free-list trunk page. Otherwise, it will become a leaf of the 5143 ** first trunk page in the current free-list. This block tests if it 5144 ** is possible to add the page as a new free-list leaf. 5145 */ 5146 if( nFree!=0 ){ 5147 u32 nLeaf; /* Initial number of leaf cells on trunk page */ 5148 5149 iTrunk = get4byte(&pPage1->aData[32]); 5150 rc = btreeGetPage(pBt, iTrunk, &pTrunk, 0); 5151 if( rc!=SQLITE_OK ){ 5152 goto freepage_out; 5153 } 5154 5155 nLeaf = get4byte(&pTrunk->aData[4]); 5156 assert( pBt->usableSize>32 ); 5157 if( nLeaf > (u32)pBt->usableSize/4 - 2 ){ 5158 rc = SQLITE_CORRUPT_BKPT; 5159 goto freepage_out; 5160 } 5161 if( nLeaf < (u32)pBt->usableSize/4 - 8 ){ 5162 /* In this case there is room on the trunk page to insert the page 5163 ** being freed as a new leaf. 5164 ** 5165 ** Note that the trunk page is not really full until it contains 5166 ** usableSize/4 - 2 entries, not usableSize/4 - 8 entries as we have 5167 ** coded. But due to a coding error in versions of SQLite prior to 5168 ** 3.6.0, databases with freelist trunk pages holding more than 5169 ** usableSize/4 - 8 entries will be reported as corrupt. In order 5170 ** to maintain backwards compatibility with older versions of SQLite, 5171 ** we will continue to restrict the number of entries to usableSize/4 - 8 5172 ** for now. At some point in the future (once everyone has upgraded 5173 ** to 3.6.0 or later) we should consider fixing the conditional above 5174 ** to read "usableSize/4-2" instead of "usableSize/4-8". 5175 */ 5176 rc = sqlite3PagerWrite(pTrunk->pDbPage); 5177 if( rc==SQLITE_OK ){ 5178 put4byte(&pTrunk->aData[4], nLeaf+1); 5179 put4byte(&pTrunk->aData[8+nLeaf*4], iPage); 5180 if( pPage && !pBt->secureDelete ){ 5181 sqlite3PagerDontWrite(pPage->pDbPage); 5182 } 5183 rc = btreeSetHasContent(pBt, iPage); 5184 } 5185 TRACE(("FREE-PAGE: %d leaf on trunk page %d\n",pPage->pgno,pTrunk->pgno)); 5186 goto freepage_out; 5187 } 5188 } 5189 5190 /* If control flows to this point, then it was not possible to add the 5191 ** the page being freed as a leaf page of the first trunk in the free-list. 5192 ** Possibly because the free-list is empty, or possibly because the 5193 ** first trunk in the free-list is full. Either way, the page being freed 5194 ** will become the new first trunk page in the free-list. 5195 */ 5196 if( pPage==0 && SQLITE_OK!=(rc = btreeGetPage(pBt, iPage, &pPage, 0)) ){ 5197 goto freepage_out; 5198 } 5199 rc = sqlite3PagerWrite(pPage->pDbPage); 5200 if( rc!=SQLITE_OK ){ 5201 goto freepage_out; 5202 } 5203 put4byte(pPage->aData, iTrunk); 5204 put4byte(&pPage->aData[4], 0); 5205 put4byte(&pPage1->aData[32], iPage); 5206 TRACE(("FREE-PAGE: %d new trunk page replacing %d\n", pPage->pgno, iTrunk)); 5207 5208 freepage_out: 5209 if( pPage ){ 5210 pPage->isInit = 0; 5211 } 5212 releasePage(pPage); 5213 releasePage(pTrunk); 5214 return rc; 5215 } 5216 static void freePage(MemPage *pPage, int *pRC){ 5217 if( (*pRC)==SQLITE_OK ){ 5218 *pRC = freePage2(pPage->pBt, pPage, pPage->pgno); 5219 } 5220 } 5221 5222 /* 5223 ** Free any overflow pages associated with the given Cell. 5224 */ 5225 static int clearCell(MemPage *pPage, unsigned char *pCell){ 5226 BtShared *pBt = pPage->pBt; 5227 CellInfo info; 5228 Pgno ovflPgno; 5229 int rc; 5230 int nOvfl; 5231 u32 ovflPageSize; 5232 5233 assert( sqlite3_mutex_held(pPage->pBt->mutex) ); 5234 btreeParseCellPtr(pPage, pCell, &info); 5235 if( info.iOverflow==0 ){ 5236 return SQLITE_OK; /* No overflow pages. Return without doing anything */ 5237 } 5238 if( pCell+info.iOverflow+3 > pPage->aData+pPage->maskPage ){ 5239 return SQLITE_CORRUPT; /* Cell extends past end of page */ 5240 } 5241 ovflPgno = get4byte(&pCell[info.iOverflow]); 5242 assert( pBt->usableSize > 4 ); 5243 ovflPageSize = pBt->usableSize - 4; 5244 nOvfl = (info.nPayload - info.nLocal + ovflPageSize - 1)/ovflPageSize; 5245 assert( ovflPgno==0 || nOvfl>0 ); 5246 while( nOvfl-- ){ 5247 Pgno iNext = 0; 5248 MemPage *pOvfl = 0; 5249 if( ovflPgno<2 || ovflPgno>btreePagecount(pBt) ){ 5250 /* 0 is not a legal page number and page 1 cannot be an 5251 ** overflow page. Therefore if ovflPgno<2 or past the end of the 5252 ** file the database must be corrupt. */ 5253 return SQLITE_CORRUPT_BKPT; 5254 } 5255 if( nOvfl ){ 5256 rc = getOverflowPage(pBt, ovflPgno, &pOvfl, &iNext); 5257 if( rc ) return rc; 5258 } 5259 5260 if( ( pOvfl || ((pOvfl = btreePageLookup(pBt, ovflPgno))!=0) ) 5261 && sqlite3PagerPageRefcount(pOvfl->pDbPage)!=1 5262 ){ 5263 /* There is no reason any cursor should have an outstanding reference 5264 ** to an overflow page belonging to a cell that is being deleted/updated. 5265 ** So if there exists more than one reference to this page, then it 5266 ** must not really be an overflow page and the database must be corrupt. 5267 ** It is helpful to detect this before calling freePage2(), as 5268 ** freePage2() may zero the page contents if secure-delete mode is 5269 ** enabled. If this 'overflow' page happens to be a page that the 5270 ** caller is iterating through or using in some other way, this 5271 ** can be problematic. 5272 */ 5273 rc = SQLITE_CORRUPT_BKPT; 5274 }else{ 5275 rc = freePage2(pBt, pOvfl, ovflPgno); 5276 } 5277 5278 if( pOvfl ){ 5279 sqlite3PagerUnref(pOvfl->pDbPage); 5280 } 5281 if( rc ) return rc; 5282 ovflPgno = iNext; 5283 } 5284 return SQLITE_OK; 5285 } 5286 5287 /* 5288 ** Create the byte sequence used to represent a cell on page pPage 5289 ** and write that byte sequence into pCell[]. Overflow pages are 5290 ** allocated and filled in as necessary. The calling procedure 5291 ** is responsible for making sure sufficient space has been allocated 5292 ** for pCell[]. 5293 ** 5294 ** Note that pCell does not necessary need to point to the pPage->aData 5295 ** area. pCell might point to some temporary storage. The cell will 5296 ** be constructed in this temporary area then copied into pPage->aData 5297 ** later. 5298 */ 5299 static int fillInCell( 5300 MemPage *pPage, /* The page that contains the cell */ 5301 unsigned char *pCell, /* Complete text of the cell */ 5302 const void *pKey, i64 nKey, /* The key */ 5303 const void *pData,int nData, /* The data */ 5304 int nZero, /* Extra zero bytes to append to pData */ 5305 int *pnSize /* Write cell size here */ 5306 ){ 5307 int nPayload; 5308 const u8 *pSrc; 5309 int nSrc, n, rc; 5310 int spaceLeft; 5311 MemPage *pOvfl = 0; 5312 MemPage *pToRelease = 0; 5313 unsigned char *pPrior; 5314 unsigned char *pPayload; 5315 BtShared *pBt = pPage->pBt; 5316 Pgno pgnoOvfl = 0; 5317 int nHeader; 5318 CellInfo info; 5319 5320 assert( sqlite3_mutex_held(pPage->pBt->mutex) ); 5321 5322 /* pPage is not necessarily writeable since pCell might be auxiliary 5323 ** buffer space that is separate from the pPage buffer area */ 5324 assert( pCell<pPage->aData || pCell>=&pPage->aData[pBt->pageSize] 5325 || sqlite3PagerIswriteable(pPage->pDbPage) ); 5326 5327 /* Fill in the header. */ 5328 nHeader = 0; 5329 if( !pPage->leaf ){ 5330 nHeader += 4; 5331 } 5332 if( pPage->hasData ){ 5333 nHeader += putVarint(&pCell[nHeader], nData+nZero); 5334 }else{ 5335 nData = nZero = 0; 5336 } 5337 nHeader += putVarint(&pCell[nHeader], *(u64*)&nKey); 5338 btreeParseCellPtr(pPage, pCell, &info); 5339 assert( info.nHeader==nHeader ); 5340 assert( info.nKey==nKey ); 5341 assert( info.nData==(u32)(nData+nZero) ); 5342 5343 /* Fill in the payload */ 5344 nPayload = nData + nZero; 5345 if( pPage->intKey ){ 5346 pSrc = pData; 5347 nSrc = nData; 5348 nData = 0; 5349 }else{ 5350 if( NEVER(nKey>0x7fffffff || pKey==0) ){ 5351 return SQLITE_CORRUPT_BKPT; 5352 } 5353 nPayload += (int)nKey; 5354 pSrc = pKey; 5355 nSrc = (int)nKey; 5356 } 5357 *pnSize = info.nSize; 5358 spaceLeft = info.nLocal; 5359 pPayload = &pCell[nHeader]; 5360 pPrior = &pCell[info.iOverflow]; 5361 5362 while( nPayload>0 ){ 5363 if( spaceLeft==0 ){ 5364 #ifndef SQLITE_OMIT_AUTOVACUUM 5365 Pgno pgnoPtrmap = pgnoOvfl; /* Overflow page pointer-map entry page */ 5366 if( pBt->autoVacuum ){ 5367 do{ 5368 pgnoOvfl++; 5369 } while( 5370 PTRMAP_ISPAGE(pBt, pgnoOvfl) || pgnoOvfl==PENDING_BYTE_PAGE(pBt) 5371 ); 5372 } 5373 #endif 5374 rc = allocateBtreePage(pBt, &pOvfl, &pgnoOvfl, pgnoOvfl, 0); 5375 #ifndef SQLITE_OMIT_AUTOVACUUM 5376 /* If the database supports auto-vacuum, and the second or subsequent 5377 ** overflow page is being allocated, add an entry to the pointer-map 5378 ** for that page now. 5379 ** 5380 ** If this is the first overflow page, then write a partial entry 5381 ** to the pointer-map. If we write nothing to this pointer-map slot, 5382 ** then the optimistic overflow chain processing in clearCell() 5383 ** may misinterpret the uninitialised values and delete the 5384 ** wrong pages from the database. 5385 */ 5386 if( pBt->autoVacuum && rc==SQLITE_OK ){ 5387 u8 eType = (pgnoPtrmap?PTRMAP_OVERFLOW2:PTRMAP_OVERFLOW1); 5388 ptrmapPut(pBt, pgnoOvfl, eType, pgnoPtrmap, &rc); 5389 if( rc ){ 5390 releasePage(pOvfl); 5391 } 5392 } 5393 #endif 5394 if( rc ){ 5395 releasePage(pToRelease); 5396 return rc; 5397 } 5398 5399 /* If pToRelease is not zero than pPrior points into the data area 5400 ** of pToRelease. Make sure pToRelease is still writeable. */ 5401 assert( pToRelease==0 || sqlite3PagerIswriteable(pToRelease->pDbPage) ); 5402 5403 /* If pPrior is part of the data area of pPage, then make sure pPage 5404 ** is still writeable */ 5405 assert( pPrior<pPage->aData || pPrior>=&pPage->aData[pBt->pageSize] 5406 || sqlite3PagerIswriteable(pPage->pDbPage) ); 5407 5408 put4byte(pPrior, pgnoOvfl); 5409 releasePage(pToRelease); 5410 pToRelease = pOvfl; 5411 pPrior = pOvfl->aData; 5412 put4byte(pPrior, 0); 5413 pPayload = &pOvfl->aData[4]; 5414 spaceLeft = pBt->usableSize - 4; 5415 } 5416 n = nPayload; 5417 if( n>spaceLeft ) n = spaceLeft; 5418 5419 /* If pToRelease is not zero than pPayload points into the data area 5420 ** of pToRelease. Make sure pToRelease is still writeable. */ 5421 assert( pToRelease==0 || sqlite3PagerIswriteable(pToRelease->pDbPage) ); 5422 5423 /* If pPayload is part of the data area of pPage, then make sure pPage 5424 ** is still writeable */ 5425 assert( pPayload<pPage->aData || pPayload>=&pPage->aData[pBt->pageSize] 5426 || sqlite3PagerIswriteable(pPage->pDbPage) ); 5427 5428 if( nSrc>0 ){ 5429 if( n>nSrc ) n = nSrc; 5430 assert( pSrc ); 5431 memcpy(pPayload, pSrc, n); 5432 }else{ 5433 memset(pPayload, 0, n); 5434 } 5435 nPayload -= n; 5436 pPayload += n; 5437 pSrc += n; 5438 nSrc -= n; 5439 spaceLeft -= n; 5440 if( nSrc==0 ){ 5441 nSrc = nData; 5442 pSrc = pData; 5443 } 5444 } 5445 releasePage(pToRelease); 5446 return SQLITE_OK; 5447 } 5448 5449 /* 5450 ** Remove the i-th cell from pPage. This routine effects pPage only. 5451 ** The cell content is not freed or deallocated. It is assumed that 5452 ** the cell content has been copied someplace else. This routine just 5453 ** removes the reference to the cell from pPage. 5454 ** 5455 ** "sz" must be the number of bytes in the cell. 5456 */ 5457 static void dropCell(MemPage *pPage, int idx, int sz, int *pRC){ 5458 u32 pc; /* Offset to cell content of cell being deleted */ 5459 u8 *data; /* pPage->aData */ 5460 u8 *ptr; /* Used to move bytes around within data[] */ 5461 u8 *endPtr; /* End of loop */ 5462 int rc; /* The return code */ 5463 int hdr; /* Beginning of the header. 0 most pages. 100 page 1 */ 5464 5465 if( *pRC ) return; 5466 5467 assert( idx>=0 && idx<pPage->nCell ); 5468 assert( sz==cellSize(pPage, idx) ); 5469 assert( sqlite3PagerIswriteable(pPage->pDbPage) ); 5470 assert( sqlite3_mutex_held(pPage->pBt->mutex) ); 5471 data = pPage->aData; 5472 ptr = &pPage->aCellIdx[2*idx]; 5473 pc = get2byte(ptr); 5474 hdr = pPage->hdrOffset; 5475 testcase( pc==get2byte(&data[hdr+5]) ); 5476 testcase( pc+sz==pPage->pBt->usableSize ); 5477 if( pc < (u32)get2byte(&data[hdr+5]) || pc+sz > pPage->pBt->usableSize ){ 5478 *pRC = SQLITE_CORRUPT_BKPT; 5479 return; 5480 } 5481 rc = freeSpace(pPage, pc, sz); 5482 if( rc ){ 5483 *pRC = rc; 5484 return; 5485 } 5486 endPtr = &pPage->aCellIdx[2*pPage->nCell - 2]; 5487 assert( (SQLITE_PTR_TO_INT(ptr)&1)==0 ); /* ptr is always 2-byte aligned */ 5488 while( ptr<endPtr ){ 5489 *(u16*)ptr = *(u16*)&ptr[2]; 5490 ptr += 2; 5491 } 5492 pPage->nCell--; 5493 put2byte(&data[hdr+3], pPage->nCell); 5494 pPage->nFree += 2; 5495 } 5496 5497 /* 5498 ** Insert a new cell on pPage at cell index "i". pCell points to the 5499 ** content of the cell. 5500 ** 5501 ** If the cell content will fit on the page, then put it there. If it 5502 ** will not fit, then make a copy of the cell content into pTemp if 5503 ** pTemp is not null. Regardless of pTemp, allocate a new entry 5504 ** in pPage->aOvfl[] and make it point to the cell content (either 5505 ** in pTemp or the original pCell) and also record its index. 5506 ** Allocating a new entry in pPage->aCell[] implies that 5507 ** pPage->nOverflow is incremented. 5508 ** 5509 ** If nSkip is non-zero, then do not copy the first nSkip bytes of the 5510 ** cell. The caller will overwrite them after this function returns. If 5511 ** nSkip is non-zero, then pCell may not point to an invalid memory location 5512 ** (but pCell+nSkip is always valid). 5513 */ 5514 static void insertCell( 5515 MemPage *pPage, /* Page into which we are copying */ 5516 int i, /* New cell becomes the i-th cell of the page */ 5517 u8 *pCell, /* Content of the new cell */ 5518 int sz, /* Bytes of content in pCell */ 5519 u8 *pTemp, /* Temp storage space for pCell, if needed */ 5520 Pgno iChild, /* If non-zero, replace first 4 bytes with this value */ 5521 int *pRC /* Read and write return code from here */ 5522 ){ 5523 int idx = 0; /* Where to write new cell content in data[] */ 5524 int j; /* Loop counter */ 5525 int end; /* First byte past the last cell pointer in data[] */ 5526 int ins; /* Index in data[] where new cell pointer is inserted */ 5527 int cellOffset; /* Address of first cell pointer in data[] */ 5528 u8 *data; /* The content of the whole page */ 5529 u8 *ptr; /* Used for moving information around in data[] */ 5530 u8 *endPtr; /* End of the loop */ 5531 5532 int nSkip = (iChild ? 4 : 0); 5533 5534 if( *pRC ) return; 5535 5536 assert( i>=0 && i<=pPage->nCell+pPage->nOverflow ); 5537 assert( pPage->nCell<=MX_CELL(pPage->pBt) && MX_CELL(pPage->pBt)<=10921 ); 5538 assert( pPage->nOverflow<=ArraySize(pPage->aOvfl) ); 5539 assert( sqlite3_mutex_held(pPage->pBt->mutex) ); 5540 /* The cell should normally be sized correctly. However, when moving a 5541 ** malformed cell from a leaf page to an interior page, if the cell size 5542 ** wanted to be less than 4 but got rounded up to 4 on the leaf, then size 5543 ** might be less than 8 (leaf-size + pointer) on the interior node. Hence 5544 ** the term after the || in the following assert(). */ 5545 assert( sz==cellSizePtr(pPage, pCell) || (sz==8 && iChild>0) ); 5546 if( pPage->nOverflow || sz+2>pPage->nFree ){ 5547 if( pTemp ){ 5548 memcpy(pTemp+nSkip, pCell+nSkip, sz-nSkip); 5549 pCell = pTemp; 5550 } 5551 if( iChild ){ 5552 put4byte(pCell, iChild); 5553 } 5554 j = pPage->nOverflow++; 5555 assert( j<(int)(sizeof(pPage->aOvfl)/sizeof(pPage->aOvfl[0])) ); 5556 pPage->aOvfl[j].pCell = pCell; 5557 pPage->aOvfl[j].idx = (u16)i; 5558 }else{ 5559 int rc = sqlite3PagerWrite(pPage->pDbPage); 5560 if( rc!=SQLITE_OK ){ 5561 *pRC = rc; 5562 return; 5563 } 5564 assert( sqlite3PagerIswriteable(pPage->pDbPage) ); 5565 data = pPage->aData; 5566 cellOffset = pPage->cellOffset; 5567 end = cellOffset + 2*pPage->nCell; 5568 ins = cellOffset + 2*i; 5569 rc = allocateSpace(pPage, sz, &idx); 5570 if( rc ){ *pRC = rc; return; } 5571 /* The allocateSpace() routine guarantees the following two properties 5572 ** if it returns success */ 5573 assert( idx >= end+2 ); 5574 assert( idx+sz <= (int)pPage->pBt->usableSize ); 5575 pPage->nCell++; 5576 pPage->nFree -= (u16)(2 + sz); 5577 memcpy(&data[idx+nSkip], pCell+nSkip, sz-nSkip); 5578 if( iChild ){ 5579 put4byte(&data[idx], iChild); 5580 } 5581 ptr = &data[end]; 5582 endPtr = &data[ins]; 5583 assert( (SQLITE_PTR_TO_INT(ptr)&1)==0 ); /* ptr is always 2-byte aligned */ 5584 while( ptr>endPtr ){ 5585 *(u16*)ptr = *(u16*)&ptr[-2]; 5586 ptr -= 2; 5587 } 5588 put2byte(&data[ins], idx); 5589 put2byte(&data[pPage->hdrOffset+3], pPage->nCell); 5590 #ifndef SQLITE_OMIT_AUTOVACUUM 5591 if( pPage->pBt->autoVacuum ){ 5592 /* The cell may contain a pointer to an overflow page. If so, write 5593 ** the entry for the overflow page into the pointer map. 5594 */ 5595 ptrmapPutOvflPtr(pPage, pCell, pRC); 5596 } 5597 #endif 5598 } 5599 } 5600 5601 /* 5602 ** Add a list of cells to a page. The page should be initially empty. 5603 ** The cells are guaranteed to fit on the page. 5604 */ 5605 static void assemblePage( 5606 MemPage *pPage, /* The page to be assemblied */ 5607 int nCell, /* The number of cells to add to this page */ 5608 u8 **apCell, /* Pointers to cell bodies */ 5609 u16 *aSize /* Sizes of the cells */ 5610 ){ 5611 int i; /* Loop counter */ 5612 u8 *pCellptr; /* Address of next cell pointer */ 5613 int cellbody; /* Address of next cell body */ 5614 u8 * const data = pPage->aData; /* Pointer to data for pPage */ 5615 const int hdr = pPage->hdrOffset; /* Offset of header on pPage */ 5616 const int nUsable = pPage->pBt->usableSize; /* Usable size of page */ 5617 5618 assert( pPage->nOverflow==0 ); 5619 assert( sqlite3_mutex_held(pPage->pBt->mutex) ); 5620 assert( nCell>=0 && nCell<=(int)MX_CELL(pPage->pBt) 5621 && (int)MX_CELL(pPage->pBt)<=10921); 5622 assert( sqlite3PagerIswriteable(pPage->pDbPage) ); 5623 5624 /* Check that the page has just been zeroed by zeroPage() */ 5625 assert( pPage->nCell==0 ); 5626 assert( get2byteNotZero(&data[hdr+5])==nUsable ); 5627 5628 pCellptr = &pPage->aCellIdx[nCell*2]; 5629 cellbody = nUsable; 5630 for(i=nCell-1; i>=0; i--){ 5631 u16 sz = aSize[i]; 5632 pCellptr -= 2; 5633 cellbody -= sz; 5634 put2byte(pCellptr, cellbody); 5635 memcpy(&data[cellbody], apCell[i], sz); 5636 } 5637 put2byte(&data[hdr+3], nCell); 5638 put2byte(&data[hdr+5], cellbody); 5639 pPage->nFree -= (nCell*2 + nUsable - cellbody); 5640 pPage->nCell = (u16)nCell; 5641 } 5642 5643 /* 5644 ** The following parameters determine how many adjacent pages get involved 5645 ** in a balancing operation. NN is the number of neighbors on either side 5646 ** of the page that participate in the balancing operation. NB is the 5647 ** total number of pages that participate, including the target page and 5648 ** NN neighbors on either side. 5649 ** 5650 ** The minimum value of NN is 1 (of course). Increasing NN above 1 5651 ** (to 2 or 3) gives a modest improvement in SELECT and DELETE performance 5652 ** in exchange for a larger degradation in INSERT and UPDATE performance. 5653 ** The value of NN appears to give the best results overall. 5654 */ 5655 #define NN 1 /* Number of neighbors on either side of pPage */ 5656 #define NB (NN*2+1) /* Total pages involved in the balance */ 5657 5658 5659 #ifndef SQLITE_OMIT_QUICKBALANCE 5660 /* 5661 ** This version of balance() handles the common special case where 5662 ** a new entry is being inserted on the extreme right-end of the 5663 ** tree, in other words, when the new entry will become the largest 5664 ** entry in the tree. 5665 ** 5666 ** Instead of trying to balance the 3 right-most leaf pages, just add 5667 ** a new page to the right-hand side and put the one new entry in 5668 ** that page. This leaves the right side of the tree somewhat 5669 ** unbalanced. But odds are that we will be inserting new entries 5670 ** at the end soon afterwards so the nearly empty page will quickly 5671 ** fill up. On average. 5672 ** 5673 ** pPage is the leaf page which is the right-most page in the tree. 5674 ** pParent is its parent. pPage must have a single overflow entry 5675 ** which is also the right-most entry on the page. 5676 ** 5677 ** The pSpace buffer is used to store a temporary copy of the divider 5678 ** cell that will be inserted into pParent. Such a cell consists of a 4 5679 ** byte page number followed by a variable length integer. In other 5680 ** words, at most 13 bytes. Hence the pSpace buffer must be at 5681 ** least 13 bytes in size. 5682 */ 5683 static int balance_quick(MemPage *pParent, MemPage *pPage, u8 *pSpace){ 5684 BtShared *const pBt = pPage->pBt; /* B-Tree Database */ 5685 MemPage *pNew; /* Newly allocated page */ 5686 int rc; /* Return Code */ 5687 Pgno pgnoNew; /* Page number of pNew */ 5688 5689 assert( sqlite3_mutex_held(pPage->pBt->mutex) ); 5690 assert( sqlite3PagerIswriteable(pParent->pDbPage) ); 5691 assert( pPage->nOverflow==1 ); 5692 5693 /* This error condition is now caught prior to reaching this function */ 5694 if( pPage->nCell<=0 ) return SQLITE_CORRUPT_BKPT; 5695 5696 /* Allocate a new page. This page will become the right-sibling of 5697 ** pPage. Make the parent page writable, so that the new divider cell 5698 ** may be inserted. If both these operations are successful, proceed. 5699 */ 5700 rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0); 5701 5702 if( rc==SQLITE_OK ){ 5703 5704 u8 *pOut = &pSpace[4]; 5705 u8 *pCell = pPage->aOvfl[0].pCell; 5706 u16 szCell = cellSizePtr(pPage, pCell); 5707 u8 *pStop; 5708 5709 assert( sqlite3PagerIswriteable(pNew->pDbPage) ); 5710 assert( pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) ); 5711 zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF); 5712 assemblePage(pNew, 1, &pCell, &szCell); 5713 5714 /* If this is an auto-vacuum database, update the pointer map 5715 ** with entries for the new page, and any pointer from the 5716 ** cell on the page to an overflow page. If either of these 5717 ** operations fails, the return code is set, but the contents 5718 ** of the parent page are still manipulated by thh code below. 5719 ** That is Ok, at this point the parent page is guaranteed to 5720 ** be marked as dirty. Returning an error code will cause a 5721 ** rollback, undoing any changes made to the parent page. 5722 */ 5723 if( ISAUTOVACUUM ){ 5724 ptrmapPut(pBt, pgnoNew, PTRMAP_BTREE, pParent->pgno, &rc); 5725 if( szCell>pNew->minLocal ){ 5726 ptrmapPutOvflPtr(pNew, pCell, &rc); 5727 } 5728 } 5729 5730 /* Create a divider cell to insert into pParent. The divider cell 5731 ** consists of a 4-byte page number (the page number of pPage) and 5732 ** a variable length key value (which must be the same value as the 5733 ** largest key on pPage). 5734 ** 5735 ** To find the largest key value on pPage, first find the right-most 5736 ** cell on pPage. The first two fields of this cell are the 5737 ** record-length (a variable length integer at most 32-bits in size) 5738 ** and the key value (a variable length integer, may have any value). 5739 ** The first of the while(...) loops below skips over the record-length 5740 ** field. The second while(...) loop copies the key value from the 5741 ** cell on pPage into the pSpace buffer. 5742 */ 5743 pCell = findCell(pPage, pPage->nCell-1); 5744 pStop = &pCell[9]; 5745 while( (*(pCell++)&0x80) && pCell<pStop ); 5746 pStop = &pCell[9]; 5747 while( ((*(pOut++) = *(pCell++))&0x80) && pCell<pStop ); 5748 5749 /* Insert the new divider cell into pParent. */ 5750 insertCell(pParent, pParent->nCell, pSpace, (int)(pOut-pSpace), 5751 0, pPage->pgno, &rc); 5752 5753 /* Set the right-child pointer of pParent to point to the new page. */ 5754 put4byte(&pParent->aData[pParent->hdrOffset+8], pgnoNew); 5755 5756 /* Release the reference to the new page. */ 5757 releasePage(pNew); 5758 } 5759 5760 return rc; 5761 } 5762 #endif /* SQLITE_OMIT_QUICKBALANCE */ 5763 5764 #if 0 5765 /* 5766 ** This function does not contribute anything to the operation of SQLite. 5767 ** it is sometimes activated temporarily while debugging code responsible 5768 ** for setting pointer-map entries. 5769 */ 5770 static int ptrmapCheckPages(MemPage **apPage, int nPage){ 5771 int i, j; 5772 for(i=0; i<nPage; i++){ 5773 Pgno n; 5774 u8 e; 5775 MemPage *pPage = apPage[i]; 5776 BtShared *pBt = pPage->pBt; 5777 assert( pPage->isInit ); 5778 5779 for(j=0; j<pPage->nCell; j++){ 5780 CellInfo info; 5781 u8 *z; 5782 5783 z = findCell(pPage, j); 5784 btreeParseCellPtr(pPage, z, &info); 5785 if( info.iOverflow ){ 5786 Pgno ovfl = get4byte(&z[info.iOverflow]); 5787 ptrmapGet(pBt, ovfl, &e, &n); 5788 assert( n==pPage->pgno && e==PTRMAP_OVERFLOW1 ); 5789 } 5790 if( !pPage->leaf ){ 5791 Pgno child = get4byte(z); 5792 ptrmapGet(pBt, child, &e, &n); 5793 assert( n==pPage->pgno && e==PTRMAP_BTREE ); 5794 } 5795 } 5796 if( !pPage->leaf ){ 5797 Pgno child = get4byte(&pPage->aData[pPage->hdrOffset+8]); 5798 ptrmapGet(pBt, child, &e, &n); 5799 assert( n==pPage->pgno && e==PTRMAP_BTREE ); 5800 } 5801 } 5802 return 1; 5803 } 5804 #endif 5805 5806 /* 5807 ** This function is used to copy the contents of the b-tree node stored 5808 ** on page pFrom to page pTo. If page pFrom was not a leaf page, then 5809 ** the pointer-map entries for each child page are updated so that the 5810 ** parent page stored in the pointer map is page pTo. If pFrom contained 5811 ** any cells with overflow page pointers, then the corresponding pointer 5812 ** map entries are also updated so that the parent page is page pTo. 5813 ** 5814 ** If pFrom is currently carrying any overflow cells (entries in the 5815 ** MemPage.aOvfl[] array), they are not copied to pTo. 5816 ** 5817 ** Before returning, page pTo is reinitialized using btreeInitPage(). 5818 ** 5819 ** The performance of this function is not critical. It is only used by 5820 ** the balance_shallower() and balance_deeper() procedures, neither of 5821 ** which are called often under normal circumstances. 5822 */ 5823 static void copyNodeContent(MemPage *pFrom, MemPage *pTo, int *pRC){ 5824 if( (*pRC)==SQLITE_OK ){ 5825 BtShared * const pBt = pFrom->pBt; 5826 u8 * const aFrom = pFrom->aData; 5827 u8 * const aTo = pTo->aData; 5828 int const iFromHdr = pFrom->hdrOffset; 5829 int const iToHdr = ((pTo->pgno==1) ? 100 : 0); 5830 int rc; 5831 int iData; 5832 5833 5834 assert( pFrom->isInit ); 5835 assert( pFrom->nFree>=iToHdr ); 5836 assert( get2byte(&aFrom[iFromHdr+5]) <= (int)pBt->usableSize ); 5837 5838 /* Copy the b-tree node content from page pFrom to page pTo. */ 5839 iData = get2byte(&aFrom[iFromHdr+5]); 5840 memcpy(&aTo[iData], &aFrom[iData], pBt->usableSize-iData); 5841 memcpy(&aTo[iToHdr], &aFrom[iFromHdr], pFrom->cellOffset + 2*pFrom->nCell); 5842 5843 /* Reinitialize page pTo so that the contents of the MemPage structure 5844 ** match the new data. The initialization of pTo can actually fail under 5845 ** fairly obscure circumstances, even though it is a copy of initialized 5846 ** page pFrom. 5847 */ 5848 pTo->isInit = 0; 5849 rc = btreeInitPage(pTo); 5850 if( rc!=SQLITE_OK ){ 5851 *pRC = rc; 5852 return; 5853 } 5854 5855 /* If this is an auto-vacuum database, update the pointer-map entries 5856 ** for any b-tree or overflow pages that pTo now contains the pointers to. 5857 */ 5858 if( ISAUTOVACUUM ){ 5859 *pRC = setChildPtrmaps(pTo); 5860 } 5861 } 5862 } 5863 5864 /* 5865 ** This routine redistributes cells on the iParentIdx'th child of pParent 5866 ** (hereafter "the page") and up to 2 siblings so that all pages have about the 5867 ** same amount of free space. Usually a single sibling on either side of the 5868 ** page are used in the balancing, though both siblings might come from one 5869 ** side if the page is the first or last child of its parent. If the page 5870 ** has fewer than 2 siblings (something which can only happen if the page 5871 ** is a root page or a child of a root page) then all available siblings 5872 ** participate in the balancing. 5873 ** 5874 ** The number of siblings of the page might be increased or decreased by 5875 ** one or two in an effort to keep pages nearly full but not over full. 5876 ** 5877 ** Note that when this routine is called, some of the cells on the page 5878 ** might not actually be stored in MemPage.aData[]. This can happen 5879 ** if the page is overfull. This routine ensures that all cells allocated 5880 ** to the page and its siblings fit into MemPage.aData[] before returning. 5881 ** 5882 ** In the course of balancing the page and its siblings, cells may be 5883 ** inserted into or removed from the parent page (pParent). Doing so 5884 ** may cause the parent page to become overfull or underfull. If this 5885 ** happens, it is the responsibility of the caller to invoke the correct 5886 ** balancing routine to fix this problem (see the balance() routine). 5887 ** 5888 ** If this routine fails for any reason, it might leave the database 5889 ** in a corrupted state. So if this routine fails, the database should 5890 ** be rolled back. 5891 ** 5892 ** The third argument to this function, aOvflSpace, is a pointer to a 5893 ** buffer big enough to hold one page. If while inserting cells into the parent 5894 ** page (pParent) the parent page becomes overfull, this buffer is 5895 ** used to store the parent's overflow cells. Because this function inserts 5896 ** a maximum of four divider cells into the parent page, and the maximum 5897 ** size of a cell stored within an internal node is always less than 1/4 5898 ** of the page-size, the aOvflSpace[] buffer is guaranteed to be large 5899 ** enough for all overflow cells. 5900 ** 5901 ** If aOvflSpace is set to a null pointer, this function returns 5902 ** SQLITE_NOMEM. 5903 */ 5904 static int balance_nonroot( 5905 MemPage *pParent, /* Parent page of siblings being balanced */ 5906 int iParentIdx, /* Index of "the page" in pParent */ 5907 u8 *aOvflSpace, /* page-size bytes of space for parent ovfl */ 5908 int isRoot /* True if pParent is a root-page */ 5909 ){ 5910 BtShared *pBt; /* The whole database */ 5911 int nCell = 0; /* Number of cells in apCell[] */ 5912 int nMaxCells = 0; /* Allocated size of apCell, szCell, aFrom. */ 5913 int nNew = 0; /* Number of pages in apNew[] */ 5914 int nOld; /* Number of pages in apOld[] */ 5915 int i, j, k; /* Loop counters */ 5916 int nxDiv; /* Next divider slot in pParent->aCell[] */ 5917 int rc = SQLITE_OK; /* The return code */ 5918 u16 leafCorrection; /* 4 if pPage is a leaf. 0 if not */ 5919 int leafData; /* True if pPage is a leaf of a LEAFDATA tree */ 5920 int usableSpace; /* Bytes in pPage beyond the header */ 5921 int pageFlags; /* Value of pPage->aData[0] */ 5922 int subtotal; /* Subtotal of bytes in cells on one page */ 5923 int iSpace1 = 0; /* First unused byte of aSpace1[] */ 5924 int iOvflSpace = 0; /* First unused byte of aOvflSpace[] */ 5925 int szScratch; /* Size of scratch memory requested */ 5926 MemPage *apOld[NB]; /* pPage and up to two siblings */ 5927 MemPage *apCopy[NB]; /* Private copies of apOld[] pages */ 5928 MemPage *apNew[NB+2]; /* pPage and up to NB siblings after balancing */ 5929 u8 *pRight; /* Location in parent of right-sibling pointer */ 5930 u8 *apDiv[NB-1]; /* Divider cells in pParent */ 5931 int cntNew[NB+2]; /* Index in aCell[] of cell after i-th page */ 5932 int szNew[NB+2]; /* Combined size of cells place on i-th page */ 5933 u8 **apCell = 0; /* All cells begin balanced */ 5934 u16 *szCell; /* Local size of all cells in apCell[] */ 5935 u8 *aSpace1; /* Space for copies of dividers cells */ 5936 Pgno pgno; /* Temp var to store a page number in */ 5937 5938 pBt = pParent->pBt; 5939 assert( sqlite3_mutex_held(pBt->mutex) ); 5940 assert( sqlite3PagerIswriteable(pParent->pDbPage) ); 5941 5942 #if 0 5943 TRACE(("BALANCE: begin page %d child of %d\n", pPage->pgno, pParent->pgno)); 5944 #endif 5945 5946 /* At this point pParent may have at most one overflow cell. And if 5947 ** this overflow cell is present, it must be the cell with 5948 ** index iParentIdx. This scenario comes about when this function 5949 ** is called (indirectly) from sqlite3BtreeDelete(). 5950 */ 5951 assert( pParent->nOverflow==0 || pParent->nOverflow==1 ); 5952 assert( pParent->nOverflow==0 || pParent->aOvfl[0].idx==iParentIdx ); 5953 5954 if( !aOvflSpace ){ 5955 return SQLITE_NOMEM; 5956 } 5957 5958 /* Find the sibling pages to balance. Also locate the cells in pParent 5959 ** that divide the siblings. An attempt is made to find NN siblings on 5960 ** either side of pPage. More siblings are taken from one side, however, 5961 ** if there are fewer than NN siblings on the other side. If pParent 5962 ** has NB or fewer children then all children of pParent are taken. 5963 ** 5964 ** This loop also drops the divider cells from the parent page. This 5965 ** way, the remainder of the function does not have to deal with any 5966 ** overflow cells in the parent page, since if any existed they will 5967 ** have already been removed. 5968 */ 5969 i = pParent->nOverflow + pParent->nCell; 5970 if( i<2 ){ 5971 nxDiv = 0; 5972 nOld = i+1; 5973 }else{ 5974 nOld = 3; 5975 if( iParentIdx==0 ){ 5976 nxDiv = 0; 5977 }else if( iParentIdx==i ){ 5978 nxDiv = i-2; 5979 }else{ 5980 nxDiv = iParentIdx-1; 5981 } 5982 i = 2; 5983 } 5984 if( (i+nxDiv-pParent->nOverflow)==pParent->nCell ){ 5985 pRight = &pParent->aData[pParent->hdrOffset+8]; 5986 }else{ 5987 pRight = findCell(pParent, i+nxDiv-pParent->nOverflow); 5988 } 5989 pgno = get4byte(pRight); 5990 while( 1 ){ 5991 rc = getAndInitPage(pBt, pgno, &apOld[i]); 5992 if( rc ){ 5993 memset(apOld, 0, (i+1)*sizeof(MemPage*)); 5994 goto balance_cleanup; 5995 } 5996 nMaxCells += 1+apOld[i]->nCell+apOld[i]->nOverflow; 5997 if( (i--)==0 ) break; 5998 5999 if( i+nxDiv==pParent->aOvfl[0].idx && pParent->nOverflow ){ 6000 apDiv[i] = pParent->aOvfl[0].pCell; 6001 pgno = get4byte(apDiv[i]); 6002 szNew[i] = cellSizePtr(pParent, apDiv[i]); 6003 pParent->nOverflow = 0; 6004 }else{ 6005 apDiv[i] = findCell(pParent, i+nxDiv-pParent->nOverflow); 6006 pgno = get4byte(apDiv[i]); 6007 szNew[i] = cellSizePtr(pParent, apDiv[i]); 6008 6009 /* Drop the cell from the parent page. apDiv[i] still points to 6010 ** the cell within the parent, even though it has been dropped. 6011 ** This is safe because dropping a cell only overwrites the first 6012 ** four bytes of it, and this function does not need the first 6013 ** four bytes of the divider cell. So the pointer is safe to use 6014 ** later on. 6015 ** 6016 ** But not if we are in secure-delete mode. In secure-delete mode, 6017 ** the dropCell() routine will overwrite the entire cell with zeroes. 6018 ** In this case, temporarily copy the cell into the aOvflSpace[] 6019 ** buffer. It will be copied out again as soon as the aSpace[] buffer 6020 ** is allocated. */ 6021 if( pBt->secureDelete ){ 6022 int iOff; 6023 6024 iOff = SQLITE_PTR_TO_INT(apDiv[i]) - SQLITE_PTR_TO_INT(pParent->aData); 6025 if( (iOff+szNew[i])>(int)pBt->usableSize ){ 6026 rc = SQLITE_CORRUPT_BKPT; 6027 memset(apOld, 0, (i+1)*sizeof(MemPage*)); 6028 goto balance_cleanup; 6029 }else{ 6030 memcpy(&aOvflSpace[iOff], apDiv[i], szNew[i]); 6031 apDiv[i] = &aOvflSpace[apDiv[i]-pParent->aData]; 6032 } 6033 } 6034 dropCell(pParent, i+nxDiv-pParent->nOverflow, szNew[i], &rc); 6035 } 6036 } 6037 6038 /* Make nMaxCells a multiple of 4 in order to preserve 8-byte 6039 ** alignment */ 6040 nMaxCells = (nMaxCells + 3)&~3; 6041 6042 /* 6043 ** Allocate space for memory structures 6044 */ 6045 k = pBt->pageSize + ROUND8(sizeof(MemPage)); 6046 szScratch = 6047 nMaxCells*sizeof(u8*) /* apCell */ 6048 + nMaxCells*sizeof(u16) /* szCell */ 6049 + pBt->pageSize /* aSpace1 */ 6050 + k*nOld; /* Page copies (apCopy) */ 6051 apCell = sqlite3ScratchMalloc( szScratch ); 6052 if( apCell==0 ){ 6053 rc = SQLITE_NOMEM; 6054 goto balance_cleanup; 6055 } 6056 szCell = (u16*)&apCell[nMaxCells]; 6057 aSpace1 = (u8*)&szCell[nMaxCells]; 6058 assert( EIGHT_BYTE_ALIGNMENT(aSpace1) ); 6059 6060 /* 6061 ** Load pointers to all cells on sibling pages and the divider cells 6062 ** into the local apCell[] array. Make copies of the divider cells 6063 ** into space obtained from aSpace1[] and remove the the divider Cells 6064 ** from pParent. 6065 ** 6066 ** If the siblings are on leaf pages, then the child pointers of the 6067 ** divider cells are stripped from the cells before they are copied 6068 ** into aSpace1[]. In this way, all cells in apCell[] are without 6069 ** child pointers. If siblings are not leaves, then all cell in 6070 ** apCell[] include child pointers. Either way, all cells in apCell[] 6071 ** are alike. 6072 ** 6073 ** leafCorrection: 4 if pPage is a leaf. 0 if pPage is not a leaf. 6074 ** leafData: 1 if pPage holds key+data and pParent holds only keys. 6075 */ 6076 leafCorrection = apOld[0]->leaf*4; 6077 leafData = apOld[0]->hasData; 6078 for(i=0; i<nOld; i++){ 6079 int limit; 6080 6081 /* Before doing anything else, take a copy of the i'th original sibling 6082 ** The rest of this function will use data from the copies rather 6083 ** that the original pages since the original pages will be in the 6084 ** process of being overwritten. */ 6085 MemPage *pOld = apCopy[i] = (MemPage*)&aSpace1[pBt->pageSize + k*i]; 6086 memcpy(pOld, apOld[i], sizeof(MemPage)); 6087 pOld->aData = (void*)&pOld[1]; 6088 memcpy(pOld->aData, apOld[i]->aData, pBt->pageSize); 6089 6090 limit = pOld->nCell+pOld->nOverflow; 6091 if( pOld->nOverflow>0 ){ 6092 for(j=0; j<limit; j++){ 6093 assert( nCell<nMaxCells ); 6094 apCell[nCell] = findOverflowCell(pOld, j); 6095 szCell[nCell] = cellSizePtr(pOld, apCell[nCell]); 6096 nCell++; 6097 } 6098 }else{ 6099 u8 *aData = pOld->aData; 6100 u16 maskPage = pOld->maskPage; 6101 u16 cellOffset = pOld->cellOffset; 6102 for(j=0; j<limit; j++){ 6103 assert( nCell<nMaxCells ); 6104 apCell[nCell] = findCellv2(aData, maskPage, cellOffset, j); 6105 szCell[nCell] = cellSizePtr(pOld, apCell[nCell]); 6106 nCell++; 6107 } 6108 } 6109 if( i<nOld-1 && !leafData){ 6110 u16 sz = (u16)szNew[i]; 6111 u8 *pTemp; 6112 assert( nCell<nMaxCells ); 6113 szCell[nCell] = sz; 6114 pTemp = &aSpace1[iSpace1]; 6115 iSpace1 += sz; 6116 assert( sz<=pBt->maxLocal+23 ); 6117 assert( iSpace1 <= (int)pBt->pageSize ); 6118 memcpy(pTemp, apDiv[i], sz); 6119 apCell[nCell] = pTemp+leafCorrection; 6120 assert( leafCorrection==0 || leafCorrection==4 ); 6121 szCell[nCell] = szCell[nCell] - leafCorrection; 6122 if( !pOld->leaf ){ 6123 assert( leafCorrection==0 ); 6124 assert( pOld->hdrOffset==0 ); 6125 /* The right pointer of the child page pOld becomes the left 6126 ** pointer of the divider cell */ 6127 memcpy(apCell[nCell], &pOld->aData[8], 4); 6128 }else{ 6129 assert( leafCorrection==4 ); 6130 if( szCell[nCell]<4 ){ 6131 /* Do not allow any cells smaller than 4 bytes. */ 6132 szCell[nCell] = 4; 6133 } 6134 } 6135 nCell++; 6136 } 6137 } 6138 6139 /* 6140 ** Figure out the number of pages needed to hold all nCell cells. 6141 ** Store this number in "k". Also compute szNew[] which is the total 6142 ** size of all cells on the i-th page and cntNew[] which is the index 6143 ** in apCell[] of the cell that divides page i from page i+1. 6144 ** cntNew[k] should equal nCell. 6145 ** 6146 ** Values computed by this block: 6147 ** 6148 ** k: The total number of sibling pages 6149 ** szNew[i]: Spaced used on the i-th sibling page. 6150 ** cntNew[i]: Index in apCell[] and szCell[] for the first cell to 6151 ** the right of the i-th sibling page. 6152 ** usableSpace: Number of bytes of space available on each sibling. 6153 ** 6154 */ 6155 usableSpace = pBt->usableSize - 12 + leafCorrection; 6156 for(subtotal=k=i=0; i<nCell; i++){ 6157 assert( i<nMaxCells ); 6158 subtotal += szCell[i] + 2; 6159 if( subtotal > usableSpace ){ 6160 szNew[k] = subtotal - szCell[i]; 6161 cntNew[k] = i; 6162 if( leafData ){ i--; } 6163 subtotal = 0; 6164 k++; 6165 if( k>NB+1 ){ rc = SQLITE_CORRUPT_BKPT; goto balance_cleanup; } 6166 } 6167 } 6168 szNew[k] = subtotal; 6169 cntNew[k] = nCell; 6170 k++; 6171 6172 /* 6173 ** The packing computed by the previous block is biased toward the siblings 6174 ** on the left side. The left siblings are always nearly full, while the 6175 ** right-most sibling might be nearly empty. This block of code attempts 6176 ** to adjust the packing of siblings to get a better balance. 6177 ** 6178 ** This adjustment is more than an optimization. The packing above might 6179 ** be so out of balance as to be illegal. For example, the right-most 6180 ** sibling might be completely empty. This adjustment is not optional. 6181 */ 6182 for(i=k-1; i>0; i--){ 6183 int szRight = szNew[i]; /* Size of sibling on the right */ 6184 int szLeft = szNew[i-1]; /* Size of sibling on the left */ 6185 int r; /* Index of right-most cell in left sibling */ 6186 int d; /* Index of first cell to the left of right sibling */ 6187 6188 r = cntNew[i-1] - 1; 6189 d = r + 1 - leafData; 6190 assert( d<nMaxCells ); 6191 assert( r<nMaxCells ); 6192 while( szRight==0 || szRight+szCell[d]+2<=szLeft-(szCell[r]+2) ){ 6193 szRight += szCell[d] + 2; 6194 szLeft -= szCell[r] + 2; 6195 cntNew[i-1]--; 6196 r = cntNew[i-1] - 1; 6197 d = r + 1 - leafData; 6198 } 6199 szNew[i] = szRight; 6200 szNew[i-1] = szLeft; 6201 } 6202 6203 /* Either we found one or more cells (cntnew[0])>0) or pPage is 6204 ** a virtual root page. A virtual root page is when the real root 6205 ** page is page 1 and we are the only child of that page. 6206 */ 6207 assert( cntNew[0]>0 || (pParent->pgno==1 && pParent->nCell==0) ); 6208 6209 TRACE(("BALANCE: old: %d %d %d ", 6210 apOld[0]->pgno, 6211 nOld>=2 ? apOld[1]->pgno : 0, 6212 nOld>=3 ? apOld[2]->pgno : 0 6213 )); 6214 6215 /* 6216 ** Allocate k new pages. Reuse old pages where possible. 6217 */ 6218 if( apOld[0]->pgno<=1 ){ 6219 rc = SQLITE_CORRUPT_BKPT; 6220 goto balance_cleanup; 6221 } 6222 pageFlags = apOld[0]->aData[0]; 6223 for(i=0; i<k; i++){ 6224 MemPage *pNew; 6225 if( i<nOld ){ 6226 pNew = apNew[i] = apOld[i]; 6227 apOld[i] = 0; 6228 rc = sqlite3PagerWrite(pNew->pDbPage); 6229 nNew++; 6230 if( rc ) goto balance_cleanup; 6231 }else{ 6232 assert( i>0 ); 6233 rc = allocateBtreePage(pBt, &pNew, &pgno, pgno, 0); 6234 if( rc ) goto balance_cleanup; 6235 apNew[i] = pNew; 6236 nNew++; 6237 6238 /* Set the pointer-map entry for the new sibling page. */ 6239 if( ISAUTOVACUUM ){ 6240 ptrmapPut(pBt, pNew->pgno, PTRMAP_BTREE, pParent->pgno, &rc); 6241 if( rc!=SQLITE_OK ){ 6242 goto balance_cleanup; 6243 } 6244 } 6245 } 6246 } 6247 6248 /* Free any old pages that were not reused as new pages. 6249 */ 6250 while( i<nOld ){ 6251 freePage(apOld[i], &rc); 6252 if( rc ) goto balance_cleanup; 6253 releasePage(apOld[i]); 6254 apOld[i] = 0; 6255 i++; 6256 } 6257 6258 /* 6259 ** Put the new pages in accending order. This helps to 6260 ** keep entries in the disk file in order so that a scan 6261 ** of the table is a linear scan through the file. That 6262 ** in turn helps the operating system to deliver pages 6263 ** from the disk more rapidly. 6264 ** 6265 ** An O(n^2) insertion sort algorithm is used, but since 6266 ** n is never more than NB (a small constant), that should 6267 ** not be a problem. 6268 ** 6269 ** When NB==3, this one optimization makes the database 6270 ** about 25% faster for large insertions and deletions. 6271 */ 6272 for(i=0; i<k-1; i++){ 6273 int minV = apNew[i]->pgno; 6274 int minI = i; 6275 for(j=i+1; j<k; j++){ 6276 if( apNew[j]->pgno<(unsigned)minV ){ 6277 minI = j; 6278 minV = apNew[j]->pgno; 6279 } 6280 } 6281 if( minI>i ){ 6282 MemPage *pT; 6283 pT = apNew[i]; 6284 apNew[i] = apNew[minI]; 6285 apNew[minI] = pT; 6286 } 6287 } 6288 TRACE(("new: %d(%d) %d(%d) %d(%d) %d(%d) %d(%d)\n", 6289 apNew[0]->pgno, szNew[0], 6290 nNew>=2 ? apNew[1]->pgno : 0, nNew>=2 ? szNew[1] : 0, 6291 nNew>=3 ? apNew[2]->pgno : 0, nNew>=3 ? szNew[2] : 0, 6292 nNew>=4 ? apNew[3]->pgno : 0, nNew>=4 ? szNew[3] : 0, 6293 nNew>=5 ? apNew[4]->pgno : 0, nNew>=5 ? szNew[4] : 0)); 6294 6295 assert( sqlite3PagerIswriteable(pParent->pDbPage) ); 6296 put4byte(pRight, apNew[nNew-1]->pgno); 6297 6298 /* 6299 ** Evenly distribute the data in apCell[] across the new pages. 6300 ** Insert divider cells into pParent as necessary. 6301 */ 6302 j = 0; 6303 for(i=0; i<nNew; i++){ 6304 /* Assemble the new sibling page. */ 6305 MemPage *pNew = apNew[i]; 6306 assert( j<nMaxCells ); 6307 zeroPage(pNew, pageFlags); 6308 assemblePage(pNew, cntNew[i]-j, &apCell[j], &szCell[j]); 6309 assert( pNew->nCell>0 || (nNew==1 && cntNew[0]==0) ); 6310 assert( pNew->nOverflow==0 ); 6311 6312 j = cntNew[i]; 6313 6314 /* If the sibling page assembled above was not the right-most sibling, 6315 ** insert a divider cell into the parent page. 6316 */ 6317 assert( i<nNew-1 || j==nCell ); 6318 if( j<nCell ){ 6319 u8 *pCell; 6320 u8 *pTemp; 6321 int sz; 6322 6323 assert( j<nMaxCells ); 6324 pCell = apCell[j]; 6325 sz = szCell[j] + leafCorrection; 6326 pTemp = &aOvflSpace[iOvflSpace]; 6327 if( !pNew->leaf ){ 6328 memcpy(&pNew->aData[8], pCell, 4); 6329 }else if( leafData ){ 6330 /* If the tree is a leaf-data tree, and the siblings are leaves, 6331 ** then there is no divider cell in apCell[]. Instead, the divider 6332 ** cell consists of the integer key for the right-most cell of 6333 ** the sibling-page assembled above only. 6334 */ 6335 CellInfo info; 6336 j--; 6337 btreeParseCellPtr(pNew, apCell[j], &info); 6338 pCell = pTemp; 6339 sz = 4 + putVarint(&pCell[4], info.nKey); 6340 pTemp = 0; 6341 }else{ 6342 pCell -= 4; 6343 /* Obscure case for non-leaf-data trees: If the cell at pCell was 6344 ** previously stored on a leaf node, and its reported size was 4 6345 ** bytes, then it may actually be smaller than this 6346 ** (see btreeParseCellPtr(), 4 bytes is the minimum size of 6347 ** any cell). But it is important to pass the correct size to 6348 ** insertCell(), so reparse the cell now. 6349 ** 6350 ** Note that this can never happen in an SQLite data file, as all 6351 ** cells are at least 4 bytes. It only happens in b-trees used 6352 ** to evaluate "IN (SELECT ...)" and similar clauses. 6353 */ 6354 if( szCell[j]==4 ){ 6355 assert(leafCorrection==4); 6356 sz = cellSizePtr(pParent, pCell); 6357 } 6358 } 6359 iOvflSpace += sz; 6360 assert( sz<=pBt->maxLocal+23 ); 6361 assert( iOvflSpace <= (int)pBt->pageSize ); 6362 insertCell(pParent, nxDiv, pCell, sz, pTemp, pNew->pgno, &rc); 6363 if( rc!=SQLITE_OK ) goto balance_cleanup; 6364 assert( sqlite3PagerIswriteable(pParent->pDbPage) ); 6365 6366 j++; 6367 nxDiv++; 6368 } 6369 } 6370 assert( j==nCell ); 6371 assert( nOld>0 ); 6372 assert( nNew>0 ); 6373 if( (pageFlags & PTF_LEAF)==0 ){ 6374 u8 *zChild = &apCopy[nOld-1]->aData[8]; 6375 memcpy(&apNew[nNew-1]->aData[8], zChild, 4); 6376 } 6377 6378 if( isRoot && pParent->nCell==0 && pParent->hdrOffset<=apNew[0]->nFree ){ 6379 /* The root page of the b-tree now contains no cells. The only sibling 6380 ** page is the right-child of the parent. Copy the contents of the 6381 ** child page into the parent, decreasing the overall height of the 6382 ** b-tree structure by one. This is described as the "balance-shallower" 6383 ** sub-algorithm in some documentation. 6384 ** 6385 ** If this is an auto-vacuum database, the call to copyNodeContent() 6386 ** sets all pointer-map entries corresponding to database image pages 6387 ** for which the pointer is stored within the content being copied. 6388 ** 6389 ** The second assert below verifies that the child page is defragmented 6390 ** (it must be, as it was just reconstructed using assemblePage()). This 6391 ** is important if the parent page happens to be page 1 of the database 6392 ** image. */ 6393 assert( nNew==1 ); 6394 assert( apNew[0]->nFree == 6395 (get2byte(&apNew[0]->aData[5])-apNew[0]->cellOffset-apNew[0]->nCell*2) 6396 ); 6397 copyNodeContent(apNew[0], pParent, &rc); 6398 freePage(apNew[0], &rc); 6399 }else if( ISAUTOVACUUM ){ 6400 /* Fix the pointer-map entries for all the cells that were shifted around. 6401 ** There are several different types of pointer-map entries that need to 6402 ** be dealt with by this routine. Some of these have been set already, but 6403 ** many have not. The following is a summary: 6404 ** 6405 ** 1) The entries associated with new sibling pages that were not 6406 ** siblings when this function was called. These have already 6407 ** been set. We don't need to worry about old siblings that were 6408 ** moved to the free-list - the freePage() code has taken care 6409 ** of those. 6410 ** 6411 ** 2) The pointer-map entries associated with the first overflow 6412 ** page in any overflow chains used by new divider cells. These 6413 ** have also already been taken care of by the insertCell() code. 6414 ** 6415 ** 3) If the sibling pages are not leaves, then the child pages of 6416 ** cells stored on the sibling pages may need to be updated. 6417 ** 6418 ** 4) If the sibling pages are not internal intkey nodes, then any 6419 ** overflow pages used by these cells may need to be updated 6420 ** (internal intkey nodes never contain pointers to overflow pages). 6421 ** 6422 ** 5) If the sibling pages are not leaves, then the pointer-map 6423 ** entries for the right-child pages of each sibling may need 6424 ** to be updated. 6425 ** 6426 ** Cases 1 and 2 are dealt with above by other code. The next 6427 ** block deals with cases 3 and 4 and the one after that, case 5. Since 6428 ** setting a pointer map entry is a relatively expensive operation, this 6429 ** code only sets pointer map entries for child or overflow pages that have 6430 ** actually moved between pages. */ 6431 MemPage *pNew = apNew[0]; 6432 MemPage *pOld = apCopy[0]; 6433 int nOverflow = pOld->nOverflow; 6434 int iNextOld = pOld->nCell + nOverflow; 6435 int iOverflow = (nOverflow ? pOld->aOvfl[0].idx : -1); 6436 j = 0; /* Current 'old' sibling page */ 6437 k = 0; /* Current 'new' sibling page */ 6438 for(i=0; i<nCell; i++){ 6439 int isDivider = 0; 6440 while( i==iNextOld ){ 6441 /* Cell i is the cell immediately following the last cell on old 6442 ** sibling page j. If the siblings are not leaf pages of an 6443 ** intkey b-tree, then cell i was a divider cell. */ 6444 assert( j+1 < ArraySize(apCopy) ); 6445 pOld = apCopy[++j]; 6446 iNextOld = i + !leafData + pOld->nCell + pOld->nOverflow; 6447 if( pOld->nOverflow ){ 6448 nOverflow = pOld->nOverflow; 6449 iOverflow = i + !leafData + pOld->aOvfl[0].idx; 6450 } 6451 isDivider = !leafData; 6452 } 6453 6454 assert(nOverflow>0 || iOverflow<i ); 6455 assert(nOverflow<2 || pOld->aOvfl[0].idx==pOld->aOvfl[1].idx-1); 6456 assert(nOverflow<3 || pOld->aOvfl[1].idx==pOld->aOvfl[2].idx-1); 6457 if( i==iOverflow ){ 6458 isDivider = 1; 6459 if( (--nOverflow)>0 ){ 6460 iOverflow++; 6461 } 6462 } 6463 6464 if( i==cntNew[k] ){ 6465 /* Cell i is the cell immediately following the last cell on new 6466 ** sibling page k. If the siblings are not leaf pages of an 6467 ** intkey b-tree, then cell i is a divider cell. */ 6468 pNew = apNew[++k]; 6469 if( !leafData ) continue; 6470 } 6471 assert( j<nOld ); 6472 assert( k<nNew ); 6473 6474 /* If the cell was originally divider cell (and is not now) or 6475 ** an overflow cell, or if the cell was located on a different sibling 6476 ** page before the balancing, then the pointer map entries associated 6477 ** with any child or overflow pages need to be updated. */ 6478 if( isDivider || pOld->pgno!=pNew->pgno ){ 6479 if( !leafCorrection ){ 6480 ptrmapPut(pBt, get4byte(apCell[i]), PTRMAP_BTREE, pNew->pgno, &rc); 6481 } 6482 if( szCell[i]>pNew->minLocal ){ 6483 ptrmapPutOvflPtr(pNew, apCell[i], &rc); 6484 } 6485 } 6486 } 6487 6488 if( !leafCorrection ){ 6489 for(i=0; i<nNew; i++){ 6490 u32 key = get4byte(&apNew[i]->aData[8]); 6491 ptrmapPut(pBt, key, PTRMAP_BTREE, apNew[i]->pgno, &rc); 6492 } 6493 } 6494 6495 #if 0 6496 /* The ptrmapCheckPages() contains assert() statements that verify that 6497 ** all pointer map pages are set correctly. This is helpful while 6498 ** debugging. This is usually disabled because a corrupt database may 6499 ** cause an assert() statement to fail. */ 6500 ptrmapCheckPages(apNew, nNew); 6501 ptrmapCheckPages(&pParent, 1); 6502 #endif 6503 } 6504 6505 assert( pParent->isInit ); 6506 TRACE(("BALANCE: finished: old=%d new=%d cells=%d\n", 6507 nOld, nNew, nCell)); 6508 6509 /* 6510 ** Cleanup before returning. 6511 */ 6512 balance_cleanup: 6513 sqlite3ScratchFree(apCell); 6514 for(i=0; i<nOld; i++){ 6515 releasePage(apOld[i]); 6516 } 6517 for(i=0; i<nNew; i++){ 6518 releasePage(apNew[i]); 6519 } 6520 6521 return rc; 6522 } 6523 6524 6525 /* 6526 ** This function is called when the root page of a b-tree structure is 6527 ** overfull (has one or more overflow pages). 6528 ** 6529 ** A new child page is allocated and the contents of the current root 6530 ** page, including overflow cells, are copied into the child. The root 6531 ** page is then overwritten to make it an empty page with the right-child 6532 ** pointer pointing to the new page. 6533 ** 6534 ** Before returning, all pointer-map entries corresponding to pages 6535 ** that the new child-page now contains pointers to are updated. The 6536 ** entry corresponding to the new right-child pointer of the root 6537 ** page is also updated. 6538 ** 6539 ** If successful, *ppChild is set to contain a reference to the child 6540 ** page and SQLITE_OK is returned. In this case the caller is required 6541 ** to call releasePage() on *ppChild exactly once. If an error occurs, 6542 ** an error code is returned and *ppChild is set to 0. 6543 */ 6544 static int balance_deeper(MemPage *pRoot, MemPage **ppChild){ 6545 int rc; /* Return value from subprocedures */ 6546 MemPage *pChild = 0; /* Pointer to a new child page */ 6547 Pgno pgnoChild = 0; /* Page number of the new child page */ 6548 BtShared *pBt = pRoot->pBt; /* The BTree */ 6549 6550 assert( pRoot->nOverflow>0 ); 6551 assert( sqlite3_mutex_held(pBt->mutex) ); 6552 6553 /* Make pRoot, the root page of the b-tree, writable. Allocate a new 6554 ** page that will become the new right-child of pPage. Copy the contents 6555 ** of the node stored on pRoot into the new child page. 6556 */ 6557 rc = sqlite3PagerWrite(pRoot->pDbPage); 6558 if( rc==SQLITE_OK ){ 6559 rc = allocateBtreePage(pBt,&pChild,&pgnoChild,pRoot->pgno,0); 6560 copyNodeContent(pRoot, pChild, &rc); 6561 if( ISAUTOVACUUM ){ 6562 ptrmapPut(pBt, pgnoChild, PTRMAP_BTREE, pRoot->pgno, &rc); 6563 } 6564 } 6565 if( rc ){ 6566 *ppChild = 0; 6567 releasePage(pChild); 6568 return rc; 6569 } 6570 assert( sqlite3PagerIswriteable(pChild->pDbPage) ); 6571 assert( sqlite3PagerIswriteable(pRoot->pDbPage) ); 6572 assert( pChild->nCell==pRoot->nCell ); 6573 6574 TRACE(("BALANCE: copy root %d into %d\n", pRoot->pgno, pChild->pgno)); 6575 6576 /* Copy the overflow cells from pRoot to pChild */ 6577 memcpy(pChild->aOvfl, pRoot->aOvfl, pRoot->nOverflow*sizeof(pRoot->aOvfl[0])); 6578 pChild->nOverflow = pRoot->nOverflow; 6579 6580 /* Zero the contents of pRoot. Then install pChild as the right-child. */ 6581 zeroPage(pRoot, pChild->aData[0] & ~PTF_LEAF); 6582 put4byte(&pRoot->aData[pRoot->hdrOffset+8], pgnoChild); 6583 6584 *ppChild = pChild; 6585 return SQLITE_OK; 6586 } 6587 6588 /* 6589 ** The page that pCur currently points to has just been modified in 6590 ** some way. This function figures out if this modification means the 6591 ** tree needs to be balanced, and if so calls the appropriate balancing 6592 ** routine. Balancing routines are: 6593 ** 6594 ** balance_quick() 6595 ** balance_deeper() 6596 ** balance_nonroot() 6597 */ 6598 static int balance(BtCursor *pCur){ 6599 int rc = SQLITE_OK; 6600 const int nMin = pCur->pBt->usableSize * 2 / 3; 6601 u8 aBalanceQuickSpace[13]; 6602 u8 *pFree = 0; 6603 6604 TESTONLY( int balance_quick_called = 0 ); 6605 TESTONLY( int balance_deeper_called = 0 ); 6606 6607 do { 6608 int iPage = pCur->iPage; 6609 MemPage *pPage = pCur->apPage[iPage]; 6610 6611 if( iPage==0 ){ 6612 if( pPage->nOverflow ){ 6613 /* The root page of the b-tree is overfull. In this case call the 6614 ** balance_deeper() function to create a new child for the root-page 6615 ** and copy the current contents of the root-page to it. The 6616 ** next iteration of the do-loop will balance the child page. 6617 */ 6618 assert( (balance_deeper_called++)==0 ); 6619 rc = balance_deeper(pPage, &pCur->apPage[1]); 6620 if( rc==SQLITE_OK ){ 6621 pCur->iPage = 1; 6622 pCur->aiIdx[0] = 0; 6623 pCur->aiIdx[1] = 0; 6624 assert( pCur->apPage[1]->nOverflow ); 6625 } 6626 }else{ 6627 break; 6628 } 6629 }else if( pPage->nOverflow==0 && pPage->nFree<=nMin ){ 6630 break; 6631 }else{ 6632 MemPage * const pParent = pCur->apPage[iPage-1]; 6633 int const iIdx = pCur->aiIdx[iPage-1]; 6634 6635 rc = sqlite3PagerWrite(pParent->pDbPage); 6636 if( rc==SQLITE_OK ){ 6637 #ifndef SQLITE_OMIT_QUICKBALANCE 6638 if( pPage->hasData 6639 && pPage->nOverflow==1 6640 && pPage->aOvfl[0].idx==pPage->nCell 6641 && pParent->pgno!=1 6642 && pParent->nCell==iIdx 6643 ){ 6644 /* Call balance_quick() to create a new sibling of pPage on which 6645 ** to store the overflow cell. balance_quick() inserts a new cell 6646 ** into pParent, which may cause pParent overflow. If this 6647 ** happens, the next interation of the do-loop will balance pParent 6648 ** use either balance_nonroot() or balance_deeper(). Until this 6649 ** happens, the overflow cell is stored in the aBalanceQuickSpace[] 6650 ** buffer. 6651 ** 6652 ** The purpose of the following assert() is to check that only a 6653 ** single call to balance_quick() is made for each call to this 6654 ** function. If this were not verified, a subtle bug involving reuse 6655 ** of the aBalanceQuickSpace[] might sneak in. 6656 */ 6657 assert( (balance_quick_called++)==0 ); 6658 rc = balance_quick(pParent, pPage, aBalanceQuickSpace); 6659 }else 6660 #endif 6661 { 6662 /* In this case, call balance_nonroot() to redistribute cells 6663 ** between pPage and up to 2 of its sibling pages. This involves 6664 ** modifying the contents of pParent, which may cause pParent to 6665 ** become overfull or underfull. The next iteration of the do-loop 6666 ** will balance the parent page to correct this. 6667 ** 6668 ** If the parent page becomes overfull, the overflow cell or cells 6669 ** are stored in the pSpace buffer allocated immediately below. 6670 ** A subsequent iteration of the do-loop will deal with this by 6671 ** calling balance_nonroot() (balance_deeper() may be called first, 6672 ** but it doesn't deal with overflow cells - just moves them to a 6673 ** different page). Once this subsequent call to balance_nonroot() 6674 ** has completed, it is safe to release the pSpace buffer used by 6675 ** the previous call, as the overflow cell data will have been 6676 ** copied either into the body of a database page or into the new 6677 ** pSpace buffer passed to the latter call to balance_nonroot(). 6678 */ 6679 u8 *pSpace = sqlite3PageMalloc(pCur->pBt->pageSize); 6680 rc = balance_nonroot(pParent, iIdx, pSpace, iPage==1); 6681 if( pFree ){ 6682 /* If pFree is not NULL, it points to the pSpace buffer used 6683 ** by a previous call to balance_nonroot(). Its contents are 6684 ** now stored either on real database pages or within the 6685 ** new pSpace buffer, so it may be safely freed here. */ 6686 sqlite3PageFree(pFree); 6687 } 6688 6689 /* The pSpace buffer will be freed after the next call to 6690 ** balance_nonroot(), or just before this function returns, whichever 6691 ** comes first. */ 6692 pFree = pSpace; 6693 } 6694 } 6695 6696 pPage->nOverflow = 0; 6697 6698 /* The next iteration of the do-loop balances the parent page. */ 6699 releasePage(pPage); 6700 pCur->iPage--; 6701 } 6702 }while( rc==SQLITE_OK ); 6703 6704 if( pFree ){ 6705 sqlite3PageFree(pFree); 6706 } 6707 return rc; 6708 } 6709 6710 6711 /* 6712 ** Insert a new record into the BTree. The key is given by (pKey,nKey) 6713 ** and the data is given by (pData,nData). The cursor is used only to 6714 ** define what table the record should be inserted into. The cursor 6715 ** is left pointing at a random location. 6716 ** 6717 ** For an INTKEY table, only the nKey value of the key is used. pKey is 6718 ** ignored. For a ZERODATA table, the pData and nData are both ignored. 6719 ** 6720 ** If the seekResult parameter is non-zero, then a successful call to 6721 ** MovetoUnpacked() to seek cursor pCur to (pKey, nKey) has already 6722 ** been performed. seekResult is the search result returned (a negative 6723 ** number if pCur points at an entry that is smaller than (pKey, nKey), or 6724 ** a positive value if pCur points at an etry that is larger than 6725 ** (pKey, nKey)). 6726 ** 6727 ** If the seekResult parameter is non-zero, then the caller guarantees that 6728 ** cursor pCur is pointing at the existing copy of a row that is to be 6729 ** overwritten. If the seekResult parameter is 0, then cursor pCur may 6730 ** point to any entry or to no entry at all and so this function has to seek 6731 ** the cursor before the new key can be inserted. 6732 */ 6733 int sqlite3BtreeInsert( 6734 BtCursor *pCur, /* Insert data into the table of this cursor */ 6735 const void *pKey, i64 nKey, /* The key of the new record */ 6736 const void *pData, int nData, /* The data of the new record */ 6737 int nZero, /* Number of extra 0 bytes to append to data */ 6738 int appendBias, /* True if this is likely an append */ 6739 int seekResult /* Result of prior MovetoUnpacked() call */ 6740 ){ 6741 int rc; 6742 int loc = seekResult; /* -1: before desired location +1: after */ 6743 int szNew = 0; 6744 int idx; 6745 MemPage *pPage; 6746 Btree *p = pCur->pBtree; 6747 BtShared *pBt = p->pBt; 6748 unsigned char *oldCell; 6749 unsigned char *newCell = 0; 6750 6751 if( pCur->eState==CURSOR_FAULT ){ 6752 assert( pCur->skipNext!=SQLITE_OK ); 6753 return pCur->skipNext; 6754 } 6755 6756 assert( cursorHoldsMutex(pCur) ); 6757 assert( pCur->wrFlag && pBt->inTransaction==TRANS_WRITE && !pBt->readOnly ); 6758 assert( hasSharedCacheTableLock(p, pCur->pgnoRoot, pCur->pKeyInfo!=0, 2) ); 6759 6760 /* Assert that the caller has been consistent. If this cursor was opened 6761 ** expecting an index b-tree, then the caller should be inserting blob 6762 ** keys with no associated data. If the cursor was opened expecting an 6763 ** intkey table, the caller should be inserting integer keys with a 6764 ** blob of associated data. */ 6765 assert( (pKey==0)==(pCur->pKeyInfo==0) ); 6766 6767 /* If this is an insert into a table b-tree, invalidate any incrblob 6768 ** cursors open on the row being replaced (assuming this is a replace 6769 ** operation - if it is not, the following is a no-op). */ 6770 if( pCur->pKeyInfo==0 ){ 6771 invalidateIncrblobCursors(p, nKey, 0); 6772 } 6773 6774 /* Save the positions of any other cursors open on this table. 6775 ** 6776 ** In some cases, the call to btreeMoveto() below is a no-op. For 6777 ** example, when inserting data into a table with auto-generated integer 6778 ** keys, the VDBE layer invokes sqlite3BtreeLast() to figure out the 6779 ** integer key to use. It then calls this function to actually insert the 6780 ** data into the intkey B-Tree. In this case btreeMoveto() recognizes 6781 ** that the cursor is already where it needs to be and returns without 6782 ** doing any work. To avoid thwarting these optimizations, it is important 6783 ** not to clear the cursor here. 6784 */ 6785 rc = saveAllCursors(pBt, pCur->pgnoRoot, pCur); 6786 if( rc ) return rc; 6787 if( !loc ){ 6788 rc = btreeMoveto(pCur, pKey, nKey, appendBias, &loc); 6789 if( rc ) return rc; 6790 } 6791 assert( pCur->eState==CURSOR_VALID || (pCur->eState==CURSOR_INVALID && loc) ); 6792 6793 pPage = pCur->apPage[pCur->iPage]; 6794 assert( pPage->intKey || nKey>=0 ); 6795 assert( pPage->leaf || !pPage->intKey ); 6796 6797 TRACE(("INSERT: table=%d nkey=%lld ndata=%d page=%d %s\n", 6798 pCur->pgnoRoot, nKey, nData, pPage->pgno, 6799 loc==0 ? "overwrite" : "new entry")); 6800 assert( pPage->isInit ); 6801 allocateTempSpace(pBt); 6802 newCell = pBt->pTmpSpace; 6803 if( newCell==0 ) return SQLITE_NOMEM; 6804 rc = fillInCell(pPage, newCell, pKey, nKey, pData, nData, nZero, &szNew); 6805 if( rc ) goto end_insert; 6806 assert( szNew==cellSizePtr(pPage, newCell) ); 6807 assert( szNew <= MX_CELL_SIZE(pBt) ); 6808 idx = pCur->aiIdx[pCur->iPage]; 6809 if( loc==0 ){ 6810 u16 szOld; 6811 assert( idx<pPage->nCell ); 6812 rc = sqlite3PagerWrite(pPage->pDbPage); 6813 if( rc ){ 6814 goto end_insert; 6815 } 6816 oldCell = findCell(pPage, idx); 6817 if( !pPage->leaf ){ 6818 memcpy(newCell, oldCell, 4); 6819 } 6820 szOld = cellSizePtr(pPage, oldCell); 6821 rc = clearCell(pPage, oldCell); 6822 dropCell(pPage, idx, szOld, &rc); 6823 if( rc ) goto end_insert; 6824 }else if( loc<0 && pPage->nCell>0 ){ 6825 assert( pPage->leaf ); 6826 idx = ++pCur->aiIdx[pCur->iPage]; 6827 }else{ 6828 assert( pPage->leaf ); 6829 } 6830 insertCell(pPage, idx, newCell, szNew, 0, 0, &rc); 6831 assert( rc!=SQLITE_OK || pPage->nCell>0 || pPage->nOverflow>0 ); 6832 6833 /* If no error has occured and pPage has an overflow cell, call balance() 6834 ** to redistribute the cells within the tree. Since balance() may move 6835 ** the cursor, zero the BtCursor.info.nSize and BtCursor.validNKey 6836 ** variables. 6837 ** 6838 ** Previous versions of SQLite called moveToRoot() to move the cursor 6839 ** back to the root page as balance() used to invalidate the contents 6840 ** of BtCursor.apPage[] and BtCursor.aiIdx[]. Instead of doing that, 6841 ** set the cursor state to "invalid". This makes common insert operations 6842 ** slightly faster. 6843 ** 6844 ** There is a subtle but important optimization here too. When inserting 6845 ** multiple records into an intkey b-tree using a single cursor (as can 6846 ** happen while processing an "INSERT INTO ... SELECT" statement), it 6847 ** is advantageous to leave the cursor pointing to the last entry in 6848 ** the b-tree if possible. If the cursor is left pointing to the last 6849 ** entry in the table, and the next row inserted has an integer key 6850 ** larger than the largest existing key, it is possible to insert the 6851 ** row without seeking the cursor. This can be a big performance boost. 6852 */ 6853 pCur->info.nSize = 0; 6854 pCur->validNKey = 0; 6855 if( rc==SQLITE_OK && pPage->nOverflow ){ 6856 rc = balance(pCur); 6857 6858 /* Must make sure nOverflow is reset to zero even if the balance() 6859 ** fails. Internal data structure corruption will result otherwise. 6860 ** Also, set the cursor state to invalid. This stops saveCursorPosition() 6861 ** from trying to save the current position of the cursor. */ 6862 pCur->apPage[pCur->iPage]->nOverflow = 0; 6863 pCur->eState = CURSOR_INVALID; 6864 } 6865 assert( pCur->apPage[pCur->iPage]->nOverflow==0 ); 6866 6867 end_insert: 6868 return rc; 6869 } 6870 6871 /* 6872 ** Delete the entry that the cursor is pointing to. The cursor 6873 ** is left pointing at a arbitrary location. 6874 */ 6875 int sqlite3BtreeDelete(BtCursor *pCur){ 6876 Btree *p = pCur->pBtree; 6877 BtShared *pBt = p->pBt; 6878 int rc; /* Return code */ 6879 MemPage *pPage; /* Page to delete cell from */ 6880 unsigned char *pCell; /* Pointer to cell to delete */ 6881 int iCellIdx; /* Index of cell to delete */ 6882 int iCellDepth; /* Depth of node containing pCell */ 6883 6884 assert( cursorHoldsMutex(pCur) ); 6885 assert( pBt->inTransaction==TRANS_WRITE ); 6886 assert( !pBt->readOnly ); 6887 assert( pCur->wrFlag ); 6888 assert( hasSharedCacheTableLock(p, pCur->pgnoRoot, pCur->pKeyInfo!=0, 2) ); 6889 assert( !hasReadConflicts(p, pCur->pgnoRoot) ); 6890 6891 if( NEVER(pCur->aiIdx[pCur->iPage]>=pCur->apPage[pCur->iPage]->nCell) 6892 || NEVER(pCur->eState!=CURSOR_VALID) 6893 ){ 6894 return SQLITE_ERROR; /* Something has gone awry. */ 6895 } 6896 6897 /* If this is a delete operation to remove a row from a table b-tree, 6898 ** invalidate any incrblob cursors open on the row being deleted. */ 6899 if( pCur->pKeyInfo==0 ){ 6900 invalidateIncrblobCursors(p, pCur->info.nKey, 0); 6901 } 6902 6903 iCellDepth = pCur->iPage; 6904 iCellIdx = pCur->aiIdx[iCellDepth]; 6905 pPage = pCur->apPage[iCellDepth]; 6906 pCell = findCell(pPage, iCellIdx); 6907 6908 /* If the page containing the entry to delete is not a leaf page, move 6909 ** the cursor to the largest entry in the tree that is smaller than 6910 ** the entry being deleted. This cell will replace the cell being deleted 6911 ** from the internal node. The 'previous' entry is used for this instead 6912 ** of the 'next' entry, as the previous entry is always a part of the 6913 ** sub-tree headed by the child page of the cell being deleted. This makes 6914 ** balancing the tree following the delete operation easier. */ 6915 if( !pPage->leaf ){ 6916 int notUsed; 6917 rc = sqlite3BtreePrevious(pCur, &notUsed); 6918 if( rc ) return rc; 6919 } 6920 6921 /* Save the positions of any other cursors open on this table before 6922 ** making any modifications. Make the page containing the entry to be 6923 ** deleted writable. Then free any overflow pages associated with the 6924 ** entry and finally remove the cell itself from within the page. 6925 */ 6926 rc = saveAllCursors(pBt, pCur->pgnoRoot, pCur); 6927 if( rc ) return rc; 6928 rc = sqlite3PagerWrite(pPage->pDbPage); 6929 if( rc ) return rc; 6930 rc = clearCell(pPage, pCell); 6931 dropCell(pPage, iCellIdx, cellSizePtr(pPage, pCell), &rc); 6932 if( rc ) return rc; 6933 6934 /* If the cell deleted was not located on a leaf page, then the cursor 6935 ** is currently pointing to the largest entry in the sub-tree headed 6936 ** by the child-page of the cell that was just deleted from an internal 6937 ** node. The cell from the leaf node needs to be moved to the internal 6938 ** node to replace the deleted cell. */ 6939 if( !pPage->leaf ){ 6940 MemPage *pLeaf = pCur->apPage[pCur->iPage]; 6941 int nCell; 6942 Pgno n = pCur->apPage[iCellDepth+1]->pgno; 6943 unsigned char *pTmp; 6944 6945 pCell = findCell(pLeaf, pLeaf->nCell-1); 6946 nCell = cellSizePtr(pLeaf, pCell); 6947 assert( MX_CELL_SIZE(pBt) >= nCell ); 6948 6949 allocateTempSpace(pBt); 6950 pTmp = pBt->pTmpSpace; 6951 6952 rc = sqlite3PagerWrite(pLeaf->pDbPage); 6953 insertCell(pPage, iCellIdx, pCell-4, nCell+4, pTmp, n, &rc); 6954 dropCell(pLeaf, pLeaf->nCell-1, nCell, &rc); 6955 if( rc ) return rc; 6956 } 6957 6958 /* Balance the tree. If the entry deleted was located on a leaf page, 6959 ** then the cursor still points to that page. In this case the first 6960 ** call to balance() repairs the tree, and the if(...) condition is 6961 ** never true. 6962 ** 6963 ** Otherwise, if the entry deleted was on an internal node page, then 6964 ** pCur is pointing to the leaf page from which a cell was removed to 6965 ** replace the cell deleted from the internal node. This is slightly 6966 ** tricky as the leaf node may be underfull, and the internal node may 6967 ** be either under or overfull. In this case run the balancing algorithm 6968 ** on the leaf node first. If the balance proceeds far enough up the 6969 ** tree that we can be sure that any problem in the internal node has 6970 ** been corrected, so be it. Otherwise, after balancing the leaf node, 6971 ** walk the cursor up the tree to the internal node and balance it as 6972 ** well. */ 6973 rc = balance(pCur); 6974 if( rc==SQLITE_OK && pCur->iPage>iCellDepth ){ 6975 while( pCur->iPage>iCellDepth ){ 6976 releasePage(pCur->apPage[pCur->iPage--]); 6977 } 6978 rc = balance(pCur); 6979 } 6980 6981 if( rc==SQLITE_OK ){ 6982 moveToRoot(pCur); 6983 } 6984 return rc; 6985 } 6986 6987 /* 6988 ** Create a new BTree table. Write into *piTable the page 6989 ** number for the root page of the new table. 6990 ** 6991 ** The type of type is determined by the flags parameter. Only the 6992 ** following values of flags are currently in use. Other values for 6993 ** flags might not work: 6994 ** 6995 ** BTREE_INTKEY|BTREE_LEAFDATA Used for SQL tables with rowid keys 6996 ** BTREE_ZERODATA Used for SQL indices 6997 */ 6998 static int btreeCreateTable(Btree *p, int *piTable, int createTabFlags){ 6999 BtShared *pBt = p->pBt; 7000 MemPage *pRoot; 7001 Pgno pgnoRoot; 7002 int rc; 7003 int ptfFlags; /* Page-type flage for the root page of new table */ 7004 7005 assert( sqlite3BtreeHoldsMutex(p) ); 7006 assert( pBt->inTransaction==TRANS_WRITE ); 7007 assert( !pBt->readOnly ); 7008 7009 #ifdef SQLITE_OMIT_AUTOVACUUM 7010 rc = allocateBtreePage(pBt, &pRoot, &pgnoRoot, 1, 0); 7011 if( rc ){ 7012 return rc; 7013 } 7014 #else 7015 if( pBt->autoVacuum ){ 7016 Pgno pgnoMove; /* Move a page here to make room for the root-page */ 7017 MemPage *pPageMove; /* The page to move to. */ 7018 7019 /* Creating a new table may probably require moving an existing database 7020 ** to make room for the new tables root page. In case this page turns 7021 ** out to be an overflow page, delete all overflow page-map caches 7022 ** held by open cursors. 7023 */ 7024 invalidateAllOverflowCache(pBt); 7025 7026 /* Read the value of meta[3] from the database to determine where the 7027 ** root page of the new table should go. meta[3] is the largest root-page 7028 ** created so far, so the new root-page is (meta[3]+1). 7029 */ 7030 sqlite3BtreeGetMeta(p, BTREE_LARGEST_ROOT_PAGE, &pgnoRoot); 7031 pgnoRoot++; 7032 7033 /* The new root-page may not be allocated on a pointer-map page, or the 7034 ** PENDING_BYTE page. 7035 */ 7036 while( pgnoRoot==PTRMAP_PAGENO(pBt, pgnoRoot) || 7037 pgnoRoot==PENDING_BYTE_PAGE(pBt) ){ 7038 pgnoRoot++; 7039 } 7040 assert( pgnoRoot>=3 ); 7041 7042 /* Allocate a page. The page that currently resides at pgnoRoot will 7043 ** be moved to the allocated page (unless the allocated page happens 7044 ** to reside at pgnoRoot). 7045 */ 7046 rc = allocateBtreePage(pBt, &pPageMove, &pgnoMove, pgnoRoot, 1); 7047 if( rc!=SQLITE_OK ){ 7048 return rc; 7049 } 7050 7051 if( pgnoMove!=pgnoRoot ){ 7052 /* pgnoRoot is the page that will be used for the root-page of 7053 ** the new table (assuming an error did not occur). But we were 7054 ** allocated pgnoMove. If required (i.e. if it was not allocated 7055 ** by extending the file), the current page at position pgnoMove 7056 ** is already journaled. 7057 */ 7058 u8 eType = 0; 7059 Pgno iPtrPage = 0; 7060 7061 releasePage(pPageMove); 7062 7063 /* Move the page currently at pgnoRoot to pgnoMove. */ 7064 rc = btreeGetPage(pBt, pgnoRoot, &pRoot, 0); 7065 if( rc!=SQLITE_OK ){ 7066 return rc; 7067 } 7068 rc = ptrmapGet(pBt, pgnoRoot, &eType, &iPtrPage); 7069 if( eType==PTRMAP_ROOTPAGE || eType==PTRMAP_FREEPAGE ){ 7070 rc = SQLITE_CORRUPT_BKPT; 7071 } 7072 if( rc!=SQLITE_OK ){ 7073 releasePage(pRoot); 7074 return rc; 7075 } 7076 assert( eType!=PTRMAP_ROOTPAGE ); 7077 assert( eType!=PTRMAP_FREEPAGE ); 7078 rc = relocatePage(pBt, pRoot, eType, iPtrPage, pgnoMove, 0); 7079 releasePage(pRoot); 7080 7081 /* Obtain the page at pgnoRoot */ 7082 if( rc!=SQLITE_OK ){ 7083 return rc; 7084 } 7085 rc = btreeGetPage(pBt, pgnoRoot, &pRoot, 0); 7086 if( rc!=SQLITE_OK ){ 7087 return rc; 7088 } 7089 rc = sqlite3PagerWrite(pRoot->pDbPage); 7090 if( rc!=SQLITE_OK ){ 7091 releasePage(pRoot); 7092 return rc; 7093 } 7094 }else{ 7095 pRoot = pPageMove; 7096 } 7097 7098 /* Update the pointer-map and meta-data with the new root-page number. */ 7099 ptrmapPut(pBt, pgnoRoot, PTRMAP_ROOTPAGE, 0, &rc); 7100 if( rc ){ 7101 releasePage(pRoot); 7102 return rc; 7103 } 7104 7105 /* When the new root page was allocated, page 1 was made writable in 7106 ** order either to increase the database filesize, or to decrement the 7107 ** freelist count. Hence, the sqlite3BtreeUpdateMeta() call cannot fail. 7108 */ 7109 assert( sqlite3PagerIswriteable(pBt->pPage1->pDbPage) ); 7110 rc = sqlite3BtreeUpdateMeta(p, 4, pgnoRoot); 7111 if( NEVER(rc) ){ 7112 releasePage(pRoot); 7113 return rc; 7114 } 7115 7116 }else{ 7117 rc = allocateBtreePage(pBt, &pRoot, &pgnoRoot, 1, 0); 7118 if( rc ) return rc; 7119 } 7120 #endif 7121 assert( sqlite3PagerIswriteable(pRoot->pDbPage) ); 7122 if( createTabFlags & BTREE_INTKEY ){ 7123 ptfFlags = PTF_INTKEY | PTF_LEAFDATA | PTF_LEAF; 7124 }else{ 7125 ptfFlags = PTF_ZERODATA | PTF_LEAF; 7126 } 7127 zeroPage(pRoot, ptfFlags); 7128 sqlite3PagerUnref(pRoot->pDbPage); 7129 assert( (pBt->openFlags & BTREE_SINGLE)==0 || pgnoRoot==2 ); 7130 *piTable = (int)pgnoRoot; 7131 return SQLITE_OK; 7132 } 7133 int sqlite3BtreeCreateTable(Btree *p, int *piTable, int flags){ 7134 int rc; 7135 sqlite3BtreeEnter(p); 7136 rc = btreeCreateTable(p, piTable, flags); 7137 sqlite3BtreeLeave(p); 7138 return rc; 7139 } 7140 7141 /* 7142 ** Erase the given database page and all its children. Return 7143 ** the page to the freelist. 7144 */ 7145 static int clearDatabasePage( 7146 BtShared *pBt, /* The BTree that contains the table */ 7147 Pgno pgno, /* Page number to clear */ 7148 int freePageFlag, /* Deallocate page if true */ 7149 int *pnChange /* Add number of Cells freed to this counter */ 7150 ){ 7151 MemPage *pPage; 7152 int rc; 7153 unsigned char *pCell; 7154 int i; 7155 7156 assert( sqlite3_mutex_held(pBt->mutex) ); 7157 if( pgno>btreePagecount(pBt) ){ 7158 return SQLITE_CORRUPT_BKPT; 7159 } 7160 7161 rc = getAndInitPage(pBt, pgno, &pPage); 7162 if( rc ) return rc; 7163 for(i=0; i<pPage->nCell; i++){ 7164 pCell = findCell(pPage, i); 7165 if( !pPage->leaf ){ 7166 rc = clearDatabasePage(pBt, get4byte(pCell), 1, pnChange); 7167 if( rc ) goto cleardatabasepage_out; 7168 } 7169 rc = clearCell(pPage, pCell); 7170 if( rc ) goto cleardatabasepage_out; 7171 } 7172 if( !pPage->leaf ){ 7173 rc = clearDatabasePage(pBt, get4byte(&pPage->aData[8]), 1, pnChange); 7174 if( rc ) goto cleardatabasepage_out; 7175 }else if( pnChange ){ 7176 assert( pPage->intKey ); 7177 *pnChange += pPage->nCell; 7178 } 7179 if( freePageFlag ){ 7180 freePage(pPage, &rc); 7181 }else if( (rc = sqlite3PagerWrite(pPage->pDbPage))==0 ){ 7182 zeroPage(pPage, pPage->aData[0] | PTF_LEAF); 7183 } 7184 7185 cleardatabasepage_out: 7186 releasePage(pPage); 7187 return rc; 7188 } 7189 7190 /* 7191 ** Delete all information from a single table in the database. iTable is 7192 ** the page number of the root of the table. After this routine returns, 7193 ** the root page is empty, but still exists. 7194 ** 7195 ** This routine will fail with SQLITE_LOCKED if there are any open 7196 ** read cursors on the table. Open write cursors are moved to the 7197 ** root of the table. 7198 ** 7199 ** If pnChange is not NULL, then table iTable must be an intkey table. The 7200 ** integer value pointed to by pnChange is incremented by the number of 7201 ** entries in the table. 7202 */ 7203 int sqlite3BtreeClearTable(Btree *p, int iTable, int *pnChange){ 7204 int rc; 7205 BtShared *pBt = p->pBt; 7206 sqlite3BtreeEnter(p); 7207 assert( p->inTrans==TRANS_WRITE ); 7208 7209 /* Invalidate all incrblob cursors open on table iTable (assuming iTable 7210 ** is the root of a table b-tree - if it is not, the following call is 7211 ** a no-op). */ 7212 invalidateIncrblobCursors(p, 0, 1); 7213 7214 rc = saveAllCursors(pBt, (Pgno)iTable, 0); 7215 if( SQLITE_OK==rc ){ 7216 rc = clearDatabasePage(pBt, (Pgno)iTable, 0, pnChange); 7217 } 7218 sqlite3BtreeLeave(p); 7219 return rc; 7220 } 7221 7222 /* 7223 ** Erase all information in a table and add the root of the table to 7224 ** the freelist. Except, the root of the principle table (the one on 7225 ** page 1) is never added to the freelist. 7226 ** 7227 ** This routine will fail with SQLITE_LOCKED if there are any open 7228 ** cursors on the table. 7229 ** 7230 ** If AUTOVACUUM is enabled and the page at iTable is not the last 7231 ** root page in the database file, then the last root page 7232 ** in the database file is moved into the slot formerly occupied by 7233 ** iTable and that last slot formerly occupied by the last root page 7234 ** is added to the freelist instead of iTable. In this say, all 7235 ** root pages are kept at the beginning of the database file, which 7236 ** is necessary for AUTOVACUUM to work right. *piMoved is set to the 7237 ** page number that used to be the last root page in the file before 7238 ** the move. If no page gets moved, *piMoved is set to 0. 7239 ** The last root page is recorded in meta[3] and the value of 7240 ** meta[3] is updated by this procedure. 7241 */ 7242 static int btreeDropTable(Btree *p, Pgno iTable, int *piMoved){ 7243 int rc; 7244 MemPage *pPage = 0; 7245 BtShared *pBt = p->pBt; 7246 7247 assert( sqlite3BtreeHoldsMutex(p) ); 7248 assert( p->inTrans==TRANS_WRITE ); 7249 7250 /* It is illegal to drop a table if any cursors are open on the 7251 ** database. This is because in auto-vacuum mode the backend may 7252 ** need to move another root-page to fill a gap left by the deleted 7253 ** root page. If an open cursor was using this page a problem would 7254 ** occur. 7255 ** 7256 ** This error is caught long before control reaches this point. 7257 */ 7258 if( NEVER(pBt->pCursor) ){ 7259 sqlite3ConnectionBlocked(p->db, pBt->pCursor->pBtree->db); 7260 return SQLITE_LOCKED_SHAREDCACHE; 7261 } 7262 7263 rc = btreeGetPage(pBt, (Pgno)iTable, &pPage, 0); 7264 if( rc ) return rc; 7265 rc = sqlite3BtreeClearTable(p, iTable, 0); 7266 if( rc ){ 7267 releasePage(pPage); 7268 return rc; 7269 } 7270 7271 *piMoved = 0; 7272 7273 if( iTable>1 ){ 7274 #ifdef SQLITE_OMIT_AUTOVACUUM 7275 freePage(pPage, &rc); 7276 releasePage(pPage); 7277 #else 7278 if( pBt->autoVacuum ){ 7279 Pgno maxRootPgno; 7280 sqlite3BtreeGetMeta(p, BTREE_LARGEST_ROOT_PAGE, &maxRootPgno); 7281 7282 if( iTable==maxRootPgno ){ 7283 /* If the table being dropped is the table with the largest root-page 7284 ** number in the database, put the root page on the free list. 7285 */ 7286 freePage(pPage, &rc); 7287 releasePage(pPage); 7288 if( rc!=SQLITE_OK ){ 7289 return rc; 7290 } 7291 }else{ 7292 /* The table being dropped does not have the largest root-page 7293 ** number in the database. So move the page that does into the 7294 ** gap left by the deleted root-page. 7295 */ 7296 MemPage *pMove; 7297 releasePage(pPage); 7298 rc = btreeGetPage(pBt, maxRootPgno, &pMove, 0); 7299 if( rc!=SQLITE_OK ){ 7300 return rc; 7301 } 7302 rc = relocatePage(pBt, pMove, PTRMAP_ROOTPAGE, 0, iTable, 0); 7303 releasePage(pMove); 7304 if( rc!=SQLITE_OK ){ 7305 return rc; 7306 } 7307 pMove = 0; 7308 rc = btreeGetPage(pBt, maxRootPgno, &pMove, 0); 7309 freePage(pMove, &rc); 7310 releasePage(pMove); 7311 if( rc!=SQLITE_OK ){ 7312 return rc; 7313 } 7314 *piMoved = maxRootPgno; 7315 } 7316 7317 /* Set the new 'max-root-page' value in the database header. This 7318 ** is the old value less one, less one more if that happens to 7319 ** be a root-page number, less one again if that is the 7320 ** PENDING_BYTE_PAGE. 7321 */ 7322 maxRootPgno--; 7323 while( maxRootPgno==PENDING_BYTE_PAGE(pBt) 7324 || PTRMAP_ISPAGE(pBt, maxRootPgno) ){ 7325 maxRootPgno--; 7326 } 7327 assert( maxRootPgno!=PENDING_BYTE_PAGE(pBt) ); 7328 7329 rc = sqlite3BtreeUpdateMeta(p, 4, maxRootPgno); 7330 }else{ 7331 freePage(pPage, &rc); 7332 releasePage(pPage); 7333 } 7334 #endif 7335 }else{ 7336 /* If sqlite3BtreeDropTable was called on page 1. 7337 ** This really never should happen except in a corrupt 7338 ** database. 7339 */ 7340 zeroPage(pPage, PTF_INTKEY|PTF_LEAF ); 7341 releasePage(pPage); 7342 } 7343 return rc; 7344 } 7345 int sqlite3BtreeDropTable(Btree *p, int iTable, int *piMoved){ 7346 int rc; 7347 sqlite3BtreeEnter(p); 7348 rc = btreeDropTable(p, iTable, piMoved); 7349 sqlite3BtreeLeave(p); 7350 return rc; 7351 } 7352 7353 7354 /* 7355 ** This function may only be called if the b-tree connection already 7356 ** has a read or write transaction open on the database. 7357 ** 7358 ** Read the meta-information out of a database file. Meta[0] 7359 ** is the number of free pages currently in the database. Meta[1] 7360 ** through meta[15] are available for use by higher layers. Meta[0] 7361 ** is read-only, the others are read/write. 7362 ** 7363 ** The schema layer numbers meta values differently. At the schema 7364 ** layer (and the SetCookie and ReadCookie opcodes) the number of 7365 ** free pages is not visible. So Cookie[0] is the same as Meta[1]. 7366 */ 7367 void sqlite3BtreeGetMeta(Btree *p, int idx, u32 *pMeta){ 7368 BtShared *pBt = p->pBt; 7369 7370 sqlite3BtreeEnter(p); 7371 assert( p->inTrans>TRANS_NONE ); 7372 assert( SQLITE_OK==querySharedCacheTableLock(p, MASTER_ROOT, READ_LOCK) ); 7373 assert( pBt->pPage1 ); 7374 assert( idx>=0 && idx<=15 ); 7375 7376 *pMeta = get4byte(&pBt->pPage1->aData[36 + idx*4]); 7377 7378 /* If auto-vacuum is disabled in this build and this is an auto-vacuum 7379 ** database, mark the database as read-only. */ 7380 #ifdef SQLITE_OMIT_AUTOVACUUM 7381 if( idx==BTREE_LARGEST_ROOT_PAGE && *pMeta>0 ) pBt->readOnly = 1; 7382 #endif 7383 7384 sqlite3BtreeLeave(p); 7385 } 7386 7387 /* 7388 ** Write meta-information back into the database. Meta[0] is 7389 ** read-only and may not be written. 7390 */ 7391 int sqlite3BtreeUpdateMeta(Btree *p, int idx, u32 iMeta){ 7392 BtShared *pBt = p->pBt; 7393 unsigned char *pP1; 7394 int rc; 7395 assert( idx>=1 && idx<=15 ); 7396 sqlite3BtreeEnter(p); 7397 assert( p->inTrans==TRANS_WRITE ); 7398 assert( pBt->pPage1!=0 ); 7399 pP1 = pBt->pPage1->aData; 7400 rc = sqlite3PagerWrite(pBt->pPage1->pDbPage); 7401 if( rc==SQLITE_OK ){ 7402 put4byte(&pP1[36 + idx*4], iMeta); 7403 #ifndef SQLITE_OMIT_AUTOVACUUM 7404 if( idx==BTREE_INCR_VACUUM ){ 7405 assert( pBt->autoVacuum || iMeta==0 ); 7406 assert( iMeta==0 || iMeta==1 ); 7407 pBt->incrVacuum = (u8)iMeta; 7408 } 7409 #endif 7410 } 7411 sqlite3BtreeLeave(p); 7412 return rc; 7413 } 7414 7415 #ifndef SQLITE_OMIT_BTREECOUNT 7416 /* 7417 ** The first argument, pCur, is a cursor opened on some b-tree. Count the 7418 ** number of entries in the b-tree and write the result to *pnEntry. 7419 ** 7420 ** SQLITE_OK is returned if the operation is successfully executed. 7421 ** Otherwise, if an error is encountered (i.e. an IO error or database 7422 ** corruption) an SQLite error code is returned. 7423 */ 7424 int sqlite3BtreeCount(BtCursor *pCur, i64 *pnEntry){ 7425 i64 nEntry = 0; /* Value to return in *pnEntry */ 7426 int rc; /* Return code */ 7427 7428 if( pCur->pgnoRoot==0 ){ 7429 *pnEntry = 0; 7430 return SQLITE_OK; 7431 } 7432 rc = moveToRoot(pCur); 7433 7434 /* Unless an error occurs, the following loop runs one iteration for each 7435 ** page in the B-Tree structure (not including overflow pages). 7436 */ 7437 while( rc==SQLITE_OK ){ 7438 int iIdx; /* Index of child node in parent */ 7439 MemPage *pPage; /* Current page of the b-tree */ 7440 7441 /* If this is a leaf page or the tree is not an int-key tree, then 7442 ** this page contains countable entries. Increment the entry counter 7443 ** accordingly. 7444 */ 7445 pPage = pCur->apPage[pCur->iPage]; 7446 if( pPage->leaf || !pPage->intKey ){ 7447 nEntry += pPage->nCell; 7448 } 7449 7450 /* pPage is a leaf node. This loop navigates the cursor so that it 7451 ** points to the first interior cell that it points to the parent of 7452 ** the next page in the tree that has not yet been visited. The 7453 ** pCur->aiIdx[pCur->iPage] value is set to the index of the parent cell 7454 ** of the page, or to the number of cells in the page if the next page 7455 ** to visit is the right-child of its parent. 7456 ** 7457 ** If all pages in the tree have been visited, return SQLITE_OK to the 7458 ** caller. 7459 */ 7460 if( pPage->leaf ){ 7461 do { 7462 if( pCur->iPage==0 ){ 7463 /* All pages of the b-tree have been visited. Return successfully. */ 7464 *pnEntry = nEntry; 7465 return SQLITE_OK; 7466 } 7467 moveToParent(pCur); 7468 }while ( pCur->aiIdx[pCur->iPage]>=pCur->apPage[pCur->iPage]->nCell ); 7469 7470 pCur->aiIdx[pCur->iPage]++; 7471 pPage = pCur->apPage[pCur->iPage]; 7472 } 7473 7474 /* Descend to the child node of the cell that the cursor currently 7475 ** points at. This is the right-child if (iIdx==pPage->nCell). 7476 */ 7477 iIdx = pCur->aiIdx[pCur->iPage]; 7478 if( iIdx==pPage->nCell ){ 7479 rc = moveToChild(pCur, get4byte(&pPage->aData[pPage->hdrOffset+8])); 7480 }else{ 7481 rc = moveToChild(pCur, get4byte(findCell(pPage, iIdx))); 7482 } 7483 } 7484 7485 /* An error has occurred. Return an error code. */ 7486 return rc; 7487 } 7488 #endif 7489 7490 /* 7491 ** Return the pager associated with a BTree. This routine is used for 7492 ** testing and debugging only. 7493 */ 7494 Pager *sqlite3BtreePager(Btree *p){ 7495 return p->pBt->pPager; 7496 } 7497 7498 #ifndef SQLITE_OMIT_INTEGRITY_CHECK 7499 /* 7500 ** Append a message to the error message string. 7501 */ 7502 static void checkAppendMsg( 7503 IntegrityCk *pCheck, 7504 char *zMsg1, 7505 const char *zFormat, 7506 ... 7507 ){ 7508 va_list ap; 7509 if( !pCheck->mxErr ) return; 7510 pCheck->mxErr--; 7511 pCheck->nErr++; 7512 va_start(ap, zFormat); 7513 if( pCheck->errMsg.nChar ){ 7514 sqlite3StrAccumAppend(&pCheck->errMsg, "\n", 1); 7515 } 7516 if( zMsg1 ){ 7517 sqlite3StrAccumAppend(&pCheck->errMsg, zMsg1, -1); 7518 } 7519 sqlite3VXPrintf(&pCheck->errMsg, 1, zFormat, ap); 7520 va_end(ap); 7521 if( pCheck->errMsg.mallocFailed ){ 7522 pCheck->mallocFailed = 1; 7523 } 7524 } 7525 #endif /* SQLITE_OMIT_INTEGRITY_CHECK */ 7526 7527 #ifndef SQLITE_OMIT_INTEGRITY_CHECK 7528 /* 7529 ** Add 1 to the reference count for page iPage. If this is the second 7530 ** reference to the page, add an error message to pCheck->zErrMsg. 7531 ** Return 1 if there are 2 ore more references to the page and 0 if 7532 ** if this is the first reference to the page. 7533 ** 7534 ** Also check that the page number is in bounds. 7535 */ 7536 static int checkRef(IntegrityCk *pCheck, Pgno iPage, char *zContext){ 7537 if( iPage==0 ) return 1; 7538 if( iPage>pCheck->nPage ){ 7539 checkAppendMsg(pCheck, zContext, "invalid page number %d", iPage); 7540 return 1; 7541 } 7542 if( pCheck->anRef[iPage]==1 ){ 7543 checkAppendMsg(pCheck, zContext, "2nd reference to page %d", iPage); 7544 return 1; 7545 } 7546 return (pCheck->anRef[iPage]++)>1; 7547 } 7548 7549 #ifndef SQLITE_OMIT_AUTOVACUUM 7550 /* 7551 ** Check that the entry in the pointer-map for page iChild maps to 7552 ** page iParent, pointer type ptrType. If not, append an error message 7553 ** to pCheck. 7554 */ 7555 static void checkPtrmap( 7556 IntegrityCk *pCheck, /* Integrity check context */ 7557 Pgno iChild, /* Child page number */ 7558 u8 eType, /* Expected pointer map type */ 7559 Pgno iParent, /* Expected pointer map parent page number */ 7560 char *zContext /* Context description (used for error msg) */ 7561 ){ 7562 int rc; 7563 u8 ePtrmapType; 7564 Pgno iPtrmapParent; 7565 7566 rc = ptrmapGet(pCheck->pBt, iChild, &ePtrmapType, &iPtrmapParent); 7567 if( rc!=SQLITE_OK ){ 7568 if( rc==SQLITE_NOMEM || rc==SQLITE_IOERR_NOMEM ) pCheck->mallocFailed = 1; 7569 checkAppendMsg(pCheck, zContext, "Failed to read ptrmap key=%d", iChild); 7570 return; 7571 } 7572 7573 if( ePtrmapType!=eType || iPtrmapParent!=iParent ){ 7574 checkAppendMsg(pCheck, zContext, 7575 "Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)", 7576 iChild, eType, iParent, ePtrmapType, iPtrmapParent); 7577 } 7578 } 7579 #endif 7580 7581 /* 7582 ** Check the integrity of the freelist or of an overflow page list. 7583 ** Verify that the number of pages on the list is N. 7584 */ 7585 static void checkList( 7586 IntegrityCk *pCheck, /* Integrity checking context */ 7587 int isFreeList, /* True for a freelist. False for overflow page list */ 7588 int iPage, /* Page number for first page in the list */ 7589 int N, /* Expected number of pages in the list */ 7590 char *zContext /* Context for error messages */ 7591 ){ 7592 int i; 7593 int expected = N; 7594 int iFirst = iPage; 7595 while( N-- > 0 && pCheck->mxErr ){ 7596 DbPage *pOvflPage; 7597 unsigned char *pOvflData; 7598 if( iPage<1 ){ 7599 checkAppendMsg(pCheck, zContext, 7600 "%d of %d pages missing from overflow list starting at %d", 7601 N+1, expected, iFirst); 7602 break; 7603 } 7604 if( checkRef(pCheck, iPage, zContext) ) break; 7605 if( sqlite3PagerGet(pCheck->pPager, (Pgno)iPage, &pOvflPage) ){ 7606 checkAppendMsg(pCheck, zContext, "failed to get page %d", iPage); 7607 break; 7608 } 7609 pOvflData = (unsigned char *)sqlite3PagerGetData(pOvflPage); 7610 if( isFreeList ){ 7611 int n = get4byte(&pOvflData[4]); 7612 #ifndef SQLITE_OMIT_AUTOVACUUM 7613 if( pCheck->pBt->autoVacuum ){ 7614 checkPtrmap(pCheck, iPage, PTRMAP_FREEPAGE, 0, zContext); 7615 } 7616 #endif 7617 if( n>(int)pCheck->pBt->usableSize/4-2 ){ 7618 checkAppendMsg(pCheck, zContext, 7619 "freelist leaf count too big on page %d", iPage); 7620 N--; 7621 }else{ 7622 for(i=0; i<n; i++){ 7623 Pgno iFreePage = get4byte(&pOvflData[8+i*4]); 7624 #ifndef SQLITE_OMIT_AUTOVACUUM 7625 if( pCheck->pBt->autoVacuum ){ 7626 checkPtrmap(pCheck, iFreePage, PTRMAP_FREEPAGE, 0, zContext); 7627 } 7628 #endif 7629 checkRef(pCheck, iFreePage, zContext); 7630 } 7631 N -= n; 7632 } 7633 } 7634 #ifndef SQLITE_OMIT_AUTOVACUUM 7635 else{ 7636 /* If this database supports auto-vacuum and iPage is not the last 7637 ** page in this overflow list, check that the pointer-map entry for 7638 ** the following page matches iPage. 7639 */ 7640 if( pCheck->pBt->autoVacuum && N>0 ){ 7641 i = get4byte(pOvflData); 7642 checkPtrmap(pCheck, i, PTRMAP_OVERFLOW2, iPage, zContext); 7643 } 7644 } 7645 #endif 7646 iPage = get4byte(pOvflData); 7647 sqlite3PagerUnref(pOvflPage); 7648 } 7649 } 7650 #endif /* SQLITE_OMIT_INTEGRITY_CHECK */ 7651 7652 #ifndef SQLITE_OMIT_INTEGRITY_CHECK 7653 /* 7654 ** Do various sanity checks on a single page of a tree. Return 7655 ** the tree depth. Root pages return 0. Parents of root pages 7656 ** return 1, and so forth. 7657 ** 7658 ** These checks are done: 7659 ** 7660 ** 1. Make sure that cells and freeblocks do not overlap 7661 ** but combine to completely cover the page. 7662 ** NO 2. Make sure cell keys are in order. 7663 ** NO 3. Make sure no key is less than or equal to zLowerBound. 7664 ** NO 4. Make sure no key is greater than or equal to zUpperBound. 7665 ** 5. Check the integrity of overflow pages. 7666 ** 6. Recursively call checkTreePage on all children. 7667 ** 7. Verify that the depth of all children is the same. 7668 ** 8. Make sure this page is at least 33% full or else it is 7669 ** the root of the tree. 7670 */ 7671 static int checkTreePage( 7672 IntegrityCk *pCheck, /* Context for the sanity check */ 7673 int iPage, /* Page number of the page to check */ 7674 char *zParentContext, /* Parent context */ 7675 i64 *pnParentMinKey, 7676 i64 *pnParentMaxKey 7677 ){ 7678 MemPage *pPage; 7679 int i, rc, depth, d2, pgno, cnt; 7680 int hdr, cellStart; 7681 int nCell; 7682 u8 *data; 7683 BtShared *pBt; 7684 int usableSize; 7685 char zContext[100]; 7686 char *hit = 0; 7687 i64 nMinKey = 0; 7688 i64 nMaxKey = 0; 7689 7690 sqlite3_snprintf(sizeof(zContext), zContext, "Page %d: ", iPage); 7691 7692 /* Check that the page exists 7693 */ 7694 pBt = pCheck->pBt; 7695 usableSize = pBt->usableSize; 7696 if( iPage==0 ) return 0; 7697 if( checkRef(pCheck, iPage, zParentContext) ) return 0; 7698 if( (rc = btreeGetPage(pBt, (Pgno)iPage, &pPage, 0))!=0 ){ 7699 checkAppendMsg(pCheck, zContext, 7700 "unable to get the page. error code=%d", rc); 7701 return 0; 7702 } 7703 7704 /* Clear MemPage.isInit to make sure the corruption detection code in 7705 ** btreeInitPage() is executed. */ 7706 pPage->isInit = 0; 7707 if( (rc = btreeInitPage(pPage))!=0 ){ 7708 assert( rc==SQLITE_CORRUPT ); /* The only possible error from InitPage */ 7709 checkAppendMsg(pCheck, zContext, 7710 "btreeInitPage() returns error code %d", rc); 7711 releasePage(pPage); 7712 return 0; 7713 } 7714 7715 /* Check out all the cells. 7716 */ 7717 depth = 0; 7718 for(i=0; i<pPage->nCell && pCheck->mxErr; i++){ 7719 u8 *pCell; 7720 u32 sz; 7721 CellInfo info; 7722 7723 /* Check payload overflow pages 7724 */ 7725 sqlite3_snprintf(sizeof(zContext), zContext, 7726 "On tree page %d cell %d: ", iPage, i); 7727 pCell = findCell(pPage,i); 7728 btreeParseCellPtr(pPage, pCell, &info); 7729 sz = info.nData; 7730 if( !pPage->intKey ) sz += (int)info.nKey; 7731 /* For intKey pages, check that the keys are in order. 7732 */ 7733 else if( i==0 ) nMinKey = nMaxKey = info.nKey; 7734 else{ 7735 if( info.nKey <= nMaxKey ){ 7736 checkAppendMsg(pCheck, zContext, 7737 "Rowid %lld out of order (previous was %lld)", info.nKey, nMaxKey); 7738 } 7739 nMaxKey = info.nKey; 7740 } 7741 assert( sz==info.nPayload ); 7742 if( (sz>info.nLocal) 7743 && (&pCell[info.iOverflow]<=&pPage->aData[pBt->usableSize]) 7744 ){ 7745 int nPage = (sz - info.nLocal + usableSize - 5)/(usableSize - 4); 7746 Pgno pgnoOvfl = get4byte(&pCell[info.iOverflow]); 7747 #ifndef SQLITE_OMIT_AUTOVACUUM 7748 if( pBt->autoVacuum ){ 7749 checkPtrmap(pCheck, pgnoOvfl, PTRMAP_OVERFLOW1, iPage, zContext); 7750 } 7751 #endif 7752 checkList(pCheck, 0, pgnoOvfl, nPage, zContext); 7753 } 7754 7755 /* Check sanity of left child page. 7756 */ 7757 if( !pPage->leaf ){ 7758 pgno = get4byte(pCell); 7759 #ifndef SQLITE_OMIT_AUTOVACUUM 7760 if( pBt->autoVacuum ){ 7761 checkPtrmap(pCheck, pgno, PTRMAP_BTREE, iPage, zContext); 7762 } 7763 #endif 7764 d2 = checkTreePage(pCheck, pgno, zContext, &nMinKey, i==0 ? NULL : &nMaxKey); 7765 if( i>0 && d2!=depth ){ 7766 checkAppendMsg(pCheck, zContext, "Child page depth differs"); 7767 } 7768 depth = d2; 7769 } 7770 } 7771 7772 if( !pPage->leaf ){ 7773 pgno = get4byte(&pPage->aData[pPage->hdrOffset+8]); 7774 sqlite3_snprintf(sizeof(zContext), zContext, 7775 "On page %d at right child: ", iPage); 7776 #ifndef SQLITE_OMIT_AUTOVACUUM 7777 if( pBt->autoVacuum ){ 7778 checkPtrmap(pCheck, pgno, PTRMAP_BTREE, iPage, zContext); 7779 } 7780 #endif 7781 checkTreePage(pCheck, pgno, zContext, NULL, !pPage->nCell ? NULL : &nMaxKey); 7782 } 7783 7784 /* For intKey leaf pages, check that the min/max keys are in order 7785 ** with any left/parent/right pages. 7786 */ 7787 if( pPage->leaf && pPage->intKey ){ 7788 /* if we are a left child page */ 7789 if( pnParentMinKey ){ 7790 /* if we are the left most child page */ 7791 if( !pnParentMaxKey ){ 7792 if( nMaxKey > *pnParentMinKey ){ 7793 checkAppendMsg(pCheck, zContext, 7794 "Rowid %lld out of order (max larger than parent min of %lld)", 7795 nMaxKey, *pnParentMinKey); 7796 } 7797 }else{ 7798 if( nMinKey <= *pnParentMinKey ){ 7799 checkAppendMsg(pCheck, zContext, 7800 "Rowid %lld out of order (min less than parent min of %lld)", 7801 nMinKey, *pnParentMinKey); 7802 } 7803 if( nMaxKey > *pnParentMaxKey ){ 7804 checkAppendMsg(pCheck, zContext, 7805 "Rowid %lld out of order (max larger than parent max of %lld)", 7806 nMaxKey, *pnParentMaxKey); 7807 } 7808 *pnParentMinKey = nMaxKey; 7809 } 7810 /* else if we're a right child page */ 7811 } else if( pnParentMaxKey ){ 7812 if( nMinKey <= *pnParentMaxKey ){ 7813 checkAppendMsg(pCheck, zContext, 7814 "Rowid %lld out of order (min less than parent max of %lld)", 7815 nMinKey, *pnParentMaxKey); 7816 } 7817 } 7818 } 7819 7820 /* Check for complete coverage of the page 7821 */ 7822 data = pPage->aData; 7823 hdr = pPage->hdrOffset; 7824 hit = sqlite3PageMalloc( pBt->pageSize ); 7825 if( hit==0 ){ 7826 pCheck->mallocFailed = 1; 7827 }else{ 7828 int contentOffset = get2byteNotZero(&data[hdr+5]); 7829 assert( contentOffset<=usableSize ); /* Enforced by btreeInitPage() */ 7830 memset(hit+contentOffset, 0, usableSize-contentOffset); 7831 memset(hit, 1, contentOffset); 7832 nCell = get2byte(&data[hdr+3]); 7833 cellStart = hdr + 12 - 4*pPage->leaf; 7834 for(i=0; i<nCell; i++){ 7835 int pc = get2byte(&data[cellStart+i*2]); 7836 u32 size = 65536; 7837 int j; 7838 if( pc<=usableSize-4 ){ 7839 size = cellSizePtr(pPage, &data[pc]); 7840 } 7841 if( (int)(pc+size-1)>=usableSize ){ 7842 checkAppendMsg(pCheck, 0, 7843 "Corruption detected in cell %d on page %d",i,iPage); 7844 }else{ 7845 for(j=pc+size-1; j>=pc; j--) hit[j]++; 7846 } 7847 } 7848 i = get2byte(&data[hdr+1]); 7849 while( i>0 ){ 7850 int size, j; 7851 assert( i<=usableSize-4 ); /* Enforced by btreeInitPage() */ 7852 size = get2byte(&data[i+2]); 7853 assert( i+size<=usableSize ); /* Enforced by btreeInitPage() */ 7854 for(j=i+size-1; j>=i; j--) hit[j]++; 7855 j = get2byte(&data[i]); 7856 assert( j==0 || j>i+size ); /* Enforced by btreeInitPage() */ 7857 assert( j<=usableSize-4 ); /* Enforced by btreeInitPage() */ 7858 i = j; 7859 } 7860 for(i=cnt=0; i<usableSize; i++){ 7861 if( hit[i]==0 ){ 7862 cnt++; 7863 }else if( hit[i]>1 ){ 7864 checkAppendMsg(pCheck, 0, 7865 "Multiple uses for byte %d of page %d", i, iPage); 7866 break; 7867 } 7868 } 7869 if( cnt!=data[hdr+7] ){ 7870 checkAppendMsg(pCheck, 0, 7871 "Fragmentation of %d bytes reported as %d on page %d", 7872 cnt, data[hdr+7], iPage); 7873 } 7874 } 7875 sqlite3PageFree(hit); 7876 releasePage(pPage); 7877 return depth+1; 7878 } 7879 #endif /* SQLITE_OMIT_INTEGRITY_CHECK */ 7880 7881 #ifndef SQLITE_OMIT_INTEGRITY_CHECK 7882 /* 7883 ** This routine does a complete check of the given BTree file. aRoot[] is 7884 ** an array of pages numbers were each page number is the root page of 7885 ** a table. nRoot is the number of entries in aRoot. 7886 ** 7887 ** A read-only or read-write transaction must be opened before calling 7888 ** this function. 7889 ** 7890 ** Write the number of error seen in *pnErr. Except for some memory 7891 ** allocation errors, an error message held in memory obtained from 7892 ** malloc is returned if *pnErr is non-zero. If *pnErr==0 then NULL is 7893 ** returned. If a memory allocation error occurs, NULL is returned. 7894 */ 7895 char *sqlite3BtreeIntegrityCheck( 7896 Btree *p, /* The btree to be checked */ 7897 int *aRoot, /* An array of root pages numbers for individual trees */ 7898 int nRoot, /* Number of entries in aRoot[] */ 7899 int mxErr, /* Stop reporting errors after this many */ 7900 int *pnErr /* Write number of errors seen to this variable */ 7901 ){ 7902 Pgno i; 7903 int nRef; 7904 IntegrityCk sCheck; 7905 BtShared *pBt = p->pBt; 7906 char zErr[100]; 7907 7908 sqlite3BtreeEnter(p); 7909 assert( p->inTrans>TRANS_NONE && pBt->inTransaction>TRANS_NONE ); 7910 nRef = sqlite3PagerRefcount(pBt->pPager); 7911 sCheck.pBt = pBt; 7912 sCheck.pPager = pBt->pPager; 7913 sCheck.nPage = btreePagecount(sCheck.pBt); 7914 sCheck.mxErr = mxErr; 7915 sCheck.nErr = 0; 7916 sCheck.mallocFailed = 0; 7917 *pnErr = 0; 7918 if( sCheck.nPage==0 ){ 7919 sqlite3BtreeLeave(p); 7920 return 0; 7921 } 7922 sCheck.anRef = sqlite3Malloc( (sCheck.nPage+1)*sizeof(sCheck.anRef[0]) ); 7923 if( !sCheck.anRef ){ 7924 *pnErr = 1; 7925 sqlite3BtreeLeave(p); 7926 return 0; 7927 } 7928 for(i=0; i<=sCheck.nPage; i++){ sCheck.anRef[i] = 0; } 7929 i = PENDING_BYTE_PAGE(pBt); 7930 if( i<=sCheck.nPage ){ 7931 sCheck.anRef[i] = 1; 7932 } 7933 sqlite3StrAccumInit(&sCheck.errMsg, zErr, sizeof(zErr), 20000); 7934 sCheck.errMsg.useMalloc = 2; 7935 7936 /* Check the integrity of the freelist 7937 */ 7938 checkList(&sCheck, 1, get4byte(&pBt->pPage1->aData[32]), 7939 get4byte(&pBt->pPage1->aData[36]), "Main freelist: "); 7940 7941 /* Check all the tables. 7942 */ 7943 for(i=0; (int)i<nRoot && sCheck.mxErr; i++){ 7944 if( aRoot[i]==0 ) continue; 7945 #ifndef SQLITE_OMIT_AUTOVACUUM 7946 if( pBt->autoVacuum && aRoot[i]>1 ){ 7947 checkPtrmap(&sCheck, aRoot[i], PTRMAP_ROOTPAGE, 0, 0); 7948 } 7949 #endif 7950 checkTreePage(&sCheck, aRoot[i], "List of tree roots: ", NULL, NULL); 7951 } 7952 7953 /* Make sure every page in the file is referenced 7954 */ 7955 for(i=1; i<=sCheck.nPage && sCheck.mxErr; i++){ 7956 #ifdef SQLITE_OMIT_AUTOVACUUM 7957 if( sCheck.anRef[i]==0 ){ 7958 checkAppendMsg(&sCheck, 0, "Page %d is never used", i); 7959 } 7960 #else 7961 /* If the database supports auto-vacuum, make sure no tables contain 7962 ** references to pointer-map pages. 7963 */ 7964 if( sCheck.anRef[i]==0 && 7965 (PTRMAP_PAGENO(pBt, i)!=i || !pBt->autoVacuum) ){ 7966 checkAppendMsg(&sCheck, 0, "Page %d is never used", i); 7967 } 7968 if( sCheck.anRef[i]!=0 && 7969 (PTRMAP_PAGENO(pBt, i)==i && pBt->autoVacuum) ){ 7970 checkAppendMsg(&sCheck, 0, "Pointer map page %d is referenced", i); 7971 } 7972 #endif 7973 } 7974 7975 /* Make sure this analysis did not leave any unref() pages. 7976 ** This is an internal consistency check; an integrity check 7977 ** of the integrity check. 7978 */ 7979 if( NEVER(nRef != sqlite3PagerRefcount(pBt->pPager)) ){ 7980 checkAppendMsg(&sCheck, 0, 7981 "Outstanding page count goes from %d to %d during this analysis", 7982 nRef, sqlite3PagerRefcount(pBt->pPager) 7983 ); 7984 } 7985 7986 /* Clean up and report errors. 7987 */ 7988 sqlite3BtreeLeave(p); 7989 sqlite3_free(sCheck.anRef); 7990 if( sCheck.mallocFailed ){ 7991 sqlite3StrAccumReset(&sCheck.errMsg); 7992 *pnErr = sCheck.nErr+1; 7993 return 0; 7994 } 7995 *pnErr = sCheck.nErr; 7996 if( sCheck.nErr==0 ) sqlite3StrAccumReset(&sCheck.errMsg); 7997 return sqlite3StrAccumFinish(&sCheck.errMsg); 7998 } 7999 #endif /* SQLITE_OMIT_INTEGRITY_CHECK */ 8000 8001 /* 8002 ** Return the full pathname of the underlying database file. 8003 ** 8004 ** The pager filename is invariant as long as the pager is 8005 ** open so it is safe to access without the BtShared mutex. 8006 */ 8007 const char *sqlite3BtreeGetFilename(Btree *p){ 8008 assert( p->pBt->pPager!=0 ); 8009 return sqlite3PagerFilename(p->pBt->pPager); 8010 } 8011 8012 /* 8013 ** Return the pathname of the journal file for this database. The return 8014 ** value of this routine is the same regardless of whether the journal file 8015 ** has been created or not. 8016 ** 8017 ** The pager journal filename is invariant as long as the pager is 8018 ** open so it is safe to access without the BtShared mutex. 8019 */ 8020 const char *sqlite3BtreeGetJournalname(Btree *p){ 8021 assert( p->pBt->pPager!=0 ); 8022 return sqlite3PagerJournalname(p->pBt->pPager); 8023 } 8024 8025 /* 8026 ** Return non-zero if a transaction is active. 8027 */ 8028 int sqlite3BtreeIsInTrans(Btree *p){ 8029 assert( p==0 || sqlite3_mutex_held(p->db->mutex) ); 8030 return (p && (p->inTrans==TRANS_WRITE)); 8031 } 8032 8033 #ifndef SQLITE_OMIT_WAL 8034 /* 8035 ** Run a checkpoint on the Btree passed as the first argument. 8036 ** 8037 ** Return SQLITE_LOCKED if this or any other connection has an open 8038 ** transaction on the shared-cache the argument Btree is connected to. 8039 ** 8040 ** Parameter eMode is one of SQLITE_CHECKPOINT_PASSIVE, FULL or RESTART. 8041 */ 8042 int sqlite3BtreeCheckpoint(Btree *p, int eMode, int *pnLog, int *pnCkpt){ 8043 int rc = SQLITE_OK; 8044 if( p ){ 8045 BtShared *pBt = p->pBt; 8046 sqlite3BtreeEnter(p); 8047 if( pBt->inTransaction!=TRANS_NONE ){ 8048 rc = SQLITE_LOCKED; 8049 }else{ 8050 rc = sqlite3PagerCheckpoint(pBt->pPager, eMode, pnLog, pnCkpt); 8051 } 8052 sqlite3BtreeLeave(p); 8053 } 8054 return rc; 8055 } 8056 #endif 8057 8058 /* 8059 ** Return non-zero if a read (or write) transaction is active. 8060 */ 8061 int sqlite3BtreeIsInReadTrans(Btree *p){ 8062 assert( p ); 8063 assert( sqlite3_mutex_held(p->db->mutex) ); 8064 return p->inTrans!=TRANS_NONE; 8065 } 8066 8067 int sqlite3BtreeIsInBackup(Btree *p){ 8068 assert( p ); 8069 assert( sqlite3_mutex_held(p->db->mutex) ); 8070 return p->nBackup!=0; 8071 } 8072 8073 /* 8074 ** This function returns a pointer to a blob of memory associated with 8075 ** a single shared-btree. The memory is used by client code for its own 8076 ** purposes (for example, to store a high-level schema associated with 8077 ** the shared-btree). The btree layer manages reference counting issues. 8078 ** 8079 ** The first time this is called on a shared-btree, nBytes bytes of memory 8080 ** are allocated, zeroed, and returned to the caller. For each subsequent 8081 ** call the nBytes parameter is ignored and a pointer to the same blob 8082 ** of memory returned. 8083 ** 8084 ** If the nBytes parameter is 0 and the blob of memory has not yet been 8085 ** allocated, a null pointer is returned. If the blob has already been 8086 ** allocated, it is returned as normal. 8087 ** 8088 ** Just before the shared-btree is closed, the function passed as the 8089 ** xFree argument when the memory allocation was made is invoked on the 8090 ** blob of allocated memory. The xFree function should not call sqlite3_free() 8091 ** on the memory, the btree layer does that. 8092 */ 8093 void *sqlite3BtreeSchema(Btree *p, int nBytes, void(*xFree)(void *)){ 8094 BtShared *pBt = p->pBt; 8095 sqlite3BtreeEnter(p); 8096 if( !pBt->pSchema && nBytes ){ 8097 pBt->pSchema = sqlite3DbMallocZero(0, nBytes); 8098 pBt->xFreeSchema = xFree; 8099 } 8100 sqlite3BtreeLeave(p); 8101 return pBt->pSchema; 8102 } 8103 8104 /* 8105 ** Return SQLITE_LOCKED_SHAREDCACHE if another user of the same shared 8106 ** btree as the argument handle holds an exclusive lock on the 8107 ** sqlite_master table. Otherwise SQLITE_OK. 8108 */ 8109 int sqlite3BtreeSchemaLocked(Btree *p){ 8110 int rc; 8111 assert( sqlite3_mutex_held(p->db->mutex) ); 8112 sqlite3BtreeEnter(p); 8113 rc = querySharedCacheTableLock(p, MASTER_ROOT, READ_LOCK); 8114 assert( rc==SQLITE_OK || rc==SQLITE_LOCKED_SHAREDCACHE ); 8115 sqlite3BtreeLeave(p); 8116 return rc; 8117 } 8118 8119 8120 #ifndef SQLITE_OMIT_SHARED_CACHE 8121 /* 8122 ** Obtain a lock on the table whose root page is iTab. The 8123 ** lock is a write lock if isWritelock is true or a read lock 8124 ** if it is false. 8125 */ 8126 int sqlite3BtreeLockTable(Btree *p, int iTab, u8 isWriteLock){ 8127 int rc = SQLITE_OK; 8128 assert( p->inTrans!=TRANS_NONE ); 8129 if( p->sharable ){ 8130 u8 lockType = READ_LOCK + isWriteLock; 8131 assert( READ_LOCK+1==WRITE_LOCK ); 8132 assert( isWriteLock==0 || isWriteLock==1 ); 8133 8134 sqlite3BtreeEnter(p); 8135 rc = querySharedCacheTableLock(p, iTab, lockType); 8136 if( rc==SQLITE_OK ){ 8137 rc = setSharedCacheTableLock(p, iTab, lockType); 8138 } 8139 sqlite3BtreeLeave(p); 8140 } 8141 return rc; 8142 } 8143 #endif 8144 8145 #ifndef SQLITE_OMIT_INCRBLOB 8146 /* 8147 ** Argument pCsr must be a cursor opened for writing on an 8148 ** INTKEY table currently pointing at a valid table entry. 8149 ** This function modifies the data stored as part of that entry. 8150 ** 8151 ** Only the data content may only be modified, it is not possible to 8152 ** change the length of the data stored. If this function is called with 8153 ** parameters that attempt to write past the end of the existing data, 8154 ** no modifications are made and SQLITE_CORRUPT is returned. 8155 */ 8156 int sqlite3BtreePutData(BtCursor *pCsr, u32 offset, u32 amt, void *z){ 8157 int rc; 8158 assert( cursorHoldsMutex(pCsr) ); 8159 assert( sqlite3_mutex_held(pCsr->pBtree->db->mutex) ); 8160 assert( pCsr->isIncrblobHandle ); 8161 8162 rc = restoreCursorPosition(pCsr); 8163 if( rc!=SQLITE_OK ){ 8164 return rc; 8165 } 8166 assert( pCsr->eState!=CURSOR_REQUIRESEEK ); 8167 if( pCsr->eState!=CURSOR_VALID ){ 8168 return SQLITE_ABORT; 8169 } 8170 8171 /* Check some assumptions: 8172 ** (a) the cursor is open for writing, 8173 ** (b) there is a read/write transaction open, 8174 ** (c) the connection holds a write-lock on the table (if required), 8175 ** (d) there are no conflicting read-locks, and 8176 ** (e) the cursor points at a valid row of an intKey table. 8177 */ 8178 if( !pCsr->wrFlag ){ 8179 return SQLITE_READONLY; 8180 } 8181 assert( !pCsr->pBt->readOnly && pCsr->pBt->inTransaction==TRANS_WRITE ); 8182 assert( hasSharedCacheTableLock(pCsr->pBtree, pCsr->pgnoRoot, 0, 2) ); 8183 assert( !hasReadConflicts(pCsr->pBtree, pCsr->pgnoRoot) ); 8184 assert( pCsr->apPage[pCsr->iPage]->intKey ); 8185 8186 return accessPayload(pCsr, offset, amt, (unsigned char *)z, 1); 8187 } 8188 8189 /* 8190 ** Set a flag on this cursor to cache the locations of pages from the 8191 ** overflow list for the current row. This is used by cursors opened 8192 ** for incremental blob IO only. 8193 ** 8194 ** This function sets a flag only. The actual page location cache 8195 ** (stored in BtCursor.aOverflow[]) is allocated and used by function 8196 ** accessPayload() (the worker function for sqlite3BtreeData() and 8197 ** sqlite3BtreePutData()). 8198 */ 8199 void sqlite3BtreeCacheOverflow(BtCursor *pCur){ 8200 assert( cursorHoldsMutex(pCur) ); 8201 assert( sqlite3_mutex_held(pCur->pBtree->db->mutex) ); 8202 invalidateOverflowCache(pCur); 8203 pCur->isIncrblobHandle = 1; 8204 } 8205 #endif 8206 8207 /* 8208 ** Set both the "read version" (single byte at byte offset 18) and 8209 ** "write version" (single byte at byte offset 19) fields in the database 8210 ** header to iVersion. 8211 */ 8212 int sqlite3BtreeSetVersion(Btree *pBtree, int iVersion){ 8213 BtShared *pBt = pBtree->pBt; 8214 int rc; /* Return code */ 8215 8216 assert( iVersion==1 || iVersion==2 ); 8217 8218 /* If setting the version fields to 1, do not automatically open the 8219 ** WAL connection, even if the version fields are currently set to 2. 8220 */ 8221 pBt->doNotUseWAL = (u8)(iVersion==1); 8222 8223 rc = sqlite3BtreeBeginTrans(pBtree, 0); 8224 if( rc==SQLITE_OK ){ 8225 u8 *aData = pBt->pPage1->aData; 8226 if( aData[18]!=(u8)iVersion || aData[19]!=(u8)iVersion ){ 8227 rc = sqlite3BtreeBeginTrans(pBtree, 2); 8228 if( rc==SQLITE_OK ){ 8229 rc = sqlite3PagerWrite(pBt->pPage1->pDbPage); 8230 if( rc==SQLITE_OK ){ 8231 aData[18] = (u8)iVersion; 8232 aData[19] = (u8)iVersion; 8233 } 8234 } 8235 } 8236 } 8237 8238 pBt->doNotUseWAL = 0; 8239 return rc; 8240 }