sqllogictest
Check-in [40b4bc94f8]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Update the built-in SQLite to the latest 3.27.0 beta.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 40b4bc94f850b17c0708245d8ce86f42382c7d4f
User & Date: drh 2019-02-06 16:28:46
Context
2019-04-15
14:24
Update the built-in SQLite to the 3.28.0 beta. Leaf check-in: 865a75877d user: drh tags: trunk
2019-02-06
16:28
Update the built-in SQLite to the latest 3.27.0 beta. check-in: 40b4bc94f8 user: drh tags: trunk
2018-11-27
22:13
Update the built-in SQLite to the latest 3.26.0 beta. check-in: 7ecd9f43d7 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/sqlite3.c.

     1      1   /******************************************************************************
     2      2   ** This file is an amalgamation of many separate C source files from SQLite
     3         -** version 3.26.0.  By combining all the individual C code files into this
            3  +** version 3.27.0.  By combining all the individual C code files into this
     4      4   ** single large file, the entire code can be compiled as a single translation
     5      5   ** unit.  This allows many compilers to do optimizations that would not be
     6      6   ** possible if the files were compiled separately.  Performance improvements
     7      7   ** of 5% or more are commonly seen when SQLite is compiled as a single
     8      8   ** translation unit.
     9      9   **
    10     10   ** This file is all you need to compile SQLite.  To use SQLite in other
................................................................................
  1158   1158   ** been edited in any way since it was last checked in, then the last
  1159   1159   ** four hexadecimal digits of the hash may be modified.
  1160   1160   **
  1161   1161   ** See also: [sqlite3_libversion()],
  1162   1162   ** [sqlite3_libversion_number()], [sqlite3_sourceid()],
  1163   1163   ** [sqlite_version()] and [sqlite_source_id()].
  1164   1164   */
  1165         -#define SQLITE_VERSION        "3.26.0"
  1166         -#define SQLITE_VERSION_NUMBER 3026000
  1167         -#define SQLITE_SOURCE_ID      "2018-11-27 19:47:55 0ea049f342d11c676e148239e45d252164081362e921a4beb735d6899eb77344"
         1165  +#define SQLITE_VERSION        "3.27.0"
         1166  +#define SQLITE_VERSION_NUMBER 3027000
         1167  +#define SQLITE_SOURCE_ID      "2019-02-06 15:23:43 433d6ef637a10ee017b5d8cadd125a162cfedc9895ae862b8dde6dddb7eda59b"
  1168   1168   
  1169   1169   /*
  1170   1170   ** CAPI3REF: Run-Time Library Version Numbers
  1171   1171   ** KEYWORDS: sqlite3_version sqlite3_sourceid
  1172   1172   **
  1173   1173   ** These interfaces provide the same information as the [SQLITE_VERSION],
  1174   1174   ** [SQLITE_VERSION_NUMBER], and [SQLITE_SOURCE_ID] C preprocessor macros
................................................................................
  1858   1858   ** The [SQLITE_FCNTL_SIZE_HINT] opcode is used by SQLite to give the VFS
  1859   1859   ** layer a hint of how large the database file will grow to be during the
  1860   1860   ** current transaction.  This hint is not guaranteed to be accurate but it
  1861   1861   ** is often close.  The underlying VFS might choose to preallocate database
  1862   1862   ** file space based on this hint in order to help writes to the database
  1863   1863   ** file run faster.
  1864   1864   **
         1865  +** <li>[[SQLITE_FCNTL_SIZE_LIMIT]]
         1866  +** The [SQLITE_FCNTL_SIZE_LIMIT] opcode is used by in-memory VFS that
         1867  +** implements [sqlite3_deserialize()] to set an upper bound on the size
         1868  +** of the in-memory database.  The argument is a pointer to a [sqlite3_int64].
         1869  +** If the integer pointed to is negative, then it is filled in with the
         1870  +** current limit.  Otherwise the limit is set to the larger of the value
         1871  +** of the integer pointed to and the current database size.  The integer
         1872  +** pointed to is set to the new limit.
         1873  +**
  1865   1874   ** <li>[[SQLITE_FCNTL_CHUNK_SIZE]]
  1866   1875   ** The [SQLITE_FCNTL_CHUNK_SIZE] opcode is used to request that the VFS
  1867   1876   ** extends and truncates the database file in chunks of a size specified
  1868   1877   ** by the user. The fourth argument to [sqlite3_file_control()] should 
  1869   1878   ** point to an integer (type int) containing the new chunk-size to use
  1870   1879   ** for the nominated database. Allocating database file space in large
  1871   1880   ** chunks (say 1MB at a time), may reduce file-system fragmentation and
................................................................................
  2166   2175   #define SQLITE_FCNTL_WIN32_GET_HANDLE       29
  2167   2176   #define SQLITE_FCNTL_PDB                    30
  2168   2177   #define SQLITE_FCNTL_BEGIN_ATOMIC_WRITE     31
  2169   2178   #define SQLITE_FCNTL_COMMIT_ATOMIC_WRITE    32
  2170   2179   #define SQLITE_FCNTL_ROLLBACK_ATOMIC_WRITE  33
  2171   2180   #define SQLITE_FCNTL_LOCK_TIMEOUT           34
  2172   2181   #define SQLITE_FCNTL_DATA_VERSION           35
         2182  +#define SQLITE_FCNTL_SIZE_LIMIT             36
  2173   2183   
  2174   2184   /* deprecated names */
  2175   2185   #define SQLITE_GET_LOCKPROXYFILE      SQLITE_FCNTL_GET_LOCKPROXYFILE
  2176   2186   #define SQLITE_SET_LOCKPROXYFILE      SQLITE_FCNTL_SET_LOCKPROXYFILE
  2177   2187   #define SQLITE_LAST_ERRNO             SQLITE_FCNTL_LAST_ERRNO
  2178   2188   
  2179   2189   
................................................................................
  3007   3017   ** than the configured sorter-reference size threshold - then a reference
  3008   3018   ** is stored in each sorted record and the required column values loaded
  3009   3019   ** from the database as records are returned in sorted order. The default
  3010   3020   ** value for this option is to never use this optimization. Specifying a 
  3011   3021   ** negative value for this option restores the default behaviour.
  3012   3022   ** This option is only available if SQLite is compiled with the
  3013   3023   ** [SQLITE_ENABLE_SORTER_REFERENCES] compile-time option.
         3024  +**
         3025  +** [[SQLITE_CONFIG_MEMDB_MAXSIZE]]
         3026  +** <dt>SQLITE_CONFIG_MEMDB_MAXSIZE
         3027  +** <dd>The SQLITE_CONFIG_MEMDB_MAXSIZE option accepts a single parameter
         3028  +** [sqlite3_int64] parameter which is the default maximum size for an in-memory
         3029  +** database created using [sqlite3_deserialize()].  This default maximum
         3030  +** size can be adjusted up or down for individual databases using the
         3031  +** [SQLITE_FCNTL_SIZE_LIMIT] [sqlite3_file_control|file-control].  If this
         3032  +** configuration setting is never used, then the default maximum is determined
         3033  +** by the [SQLITE_MEMDB_DEFAULT_MAXSIZE] compile-time option.  If that
         3034  +** compile-time option is not set, then the default maximum is 1073741824.
  3014   3035   ** </dl>
  3015   3036   */
  3016   3037   #define SQLITE_CONFIG_SINGLETHREAD  1  /* nil */
  3017   3038   #define SQLITE_CONFIG_MULTITHREAD   2  /* nil */
  3018   3039   #define SQLITE_CONFIG_SERIALIZED    3  /* nil */
  3019   3040   #define SQLITE_CONFIG_MALLOC        4  /* sqlite3_mem_methods* */
  3020   3041   #define SQLITE_CONFIG_GETMALLOC     5  /* sqlite3_mem_methods* */
................................................................................
  3037   3058   #define SQLITE_CONFIG_MMAP_SIZE    22  /* sqlite3_int64, sqlite3_int64 */
  3038   3059   #define SQLITE_CONFIG_WIN32_HEAPSIZE      23  /* int nByte */
  3039   3060   #define SQLITE_CONFIG_PCACHE_HDRSZ        24  /* int *psz */
  3040   3061   #define SQLITE_CONFIG_PMASZ               25  /* unsigned int szPma */
  3041   3062   #define SQLITE_CONFIG_STMTJRNL_SPILL      26  /* int nByte */
  3042   3063   #define SQLITE_CONFIG_SMALL_MALLOC        27  /* boolean */
  3043   3064   #define SQLITE_CONFIG_SORTERREF_SIZE      28  /* int nByte */
         3065  +#define SQLITE_CONFIG_MEMDB_MAXSIZE       29  /* sqlite3_int64 */
  3044   3066   
  3045   3067   /*
  3046   3068   ** CAPI3REF: Database Connection Configuration Options
  3047   3069   **
  3048   3070   ** These constants are the available integer configuration options that
  3049   3071   ** can be passed as the second argument to the [sqlite3_db_config()] interface.
  3050   3072   **
................................................................................
  4026   4048   ** ^The callback function registered by sqlite3_profile() is invoked
  4027   4049   ** as each SQL statement finishes.  ^The profile callback contains
  4028   4050   ** the original statement text and an estimate of wall-clock time
  4029   4051   ** of how long that statement took to run.  ^The profile callback
  4030   4052   ** time is in units of nanoseconds, however the current implementation
  4031   4053   ** is only capable of millisecond resolution so the six least significant
  4032   4054   ** digits in the time are meaningless.  Future versions of SQLite
  4033         -** might provide greater resolution on the profiler callback.  The
  4034         -** sqlite3_profile() function is considered experimental and is
  4035         -** subject to change in future versions of SQLite.
         4055  +** might provide greater resolution on the profiler callback.  Invoking
         4056  +** either [sqlite3_trace()] or [sqlite3_trace_v2()] will cancel the
         4057  +** profile callback.
  4036   4058   */
  4037   4059   SQLITE_API SQLITE_DEPRECATED void *sqlite3_trace(sqlite3*,
  4038   4060      void(*xTrace)(void*,const char*), void*);
  4039   4061   SQLITE_API SQLITE_DEPRECATED void *sqlite3_profile(sqlite3*,
  4040   4062      void(*xProfile)(void*,const char*,sqlite3_uint64), void*);
  4041   4063   
  4042   4064   /*
................................................................................
  4442   4464   ** zero is returned.
  4443   4465   ** 
  4444   4466   ** If F is a NULL pointer, then sqlite3_uri_parameter(F,P) returns NULL and
  4445   4467   ** sqlite3_uri_boolean(F,P,B) returns B.  If F is not a NULL pointer and
  4446   4468   ** is not a database file pathname pointer that SQLite passed into the xOpen
  4447   4469   ** VFS method, then the behavior of this routine is undefined and probably
  4448   4470   ** undesirable.
         4471  +**
         4472  +** See the [URI filename] documentation for additional information.
  4449   4473   */
  4450   4474   SQLITE_API const char *sqlite3_uri_parameter(const char *zFilename, const char *zParam);
  4451   4475   SQLITE_API int sqlite3_uri_boolean(const char *zFile, const char *zParam, int bDefault);
  4452   4476   SQLITE_API sqlite3_int64 sqlite3_uri_int64(const char*, const char*, sqlite3_int64);
  4453   4477   
  4454   4478   
  4455   4479   /*
................................................................................
  4664   4688   ** and [sqlite3_prepare16_v3()] assume that the prepared statement will 
  4665   4689   ** be used just once or at most a few times and then destroyed using
  4666   4690   ** [sqlite3_finalize()] relatively soon. The current implementation acts
  4667   4691   ** on this hint by avoiding the use of [lookaside memory] so as not to
  4668   4692   ** deplete the limited store of lookaside memory. Future versions of
  4669   4693   ** SQLite may act on this hint differently.
  4670   4694   **
  4671         -** [[SQLITE_PREPARE_NORMALIZE]] ^(<dt>SQLITE_PREPARE_NORMALIZE</dt>
  4672         -** <dd>The SQLITE_PREPARE_NORMALIZE flag indicates that a normalized
  4673         -** representation of the SQL statement should be calculated and then
  4674         -** associated with the prepared statement, which can be obtained via
  4675         -** the [sqlite3_normalized_sql()] interface.  The semantics used to
  4676         -** normalize a SQL statement are unspecified and subject to change.
  4677         -** At a minimum, literal values will be replaced with suitable
  4678         -** placeholders.
         4695  +** [[SQLITE_PREPARE_NORMALIZE]] <dt>SQLITE_PREPARE_NORMALIZE</dt>
         4696  +** <dd>The SQLITE_PREPARE_NORMALIZE flag is a no-op. This flag used
         4697  +** to be required for any prepared statement that wanted to use the
         4698  +** [sqlite3_normalized_sql()] interface.  However, the
         4699  +** [sqlite3_normalized_sql()] interface is now available to all
         4700  +** prepared statements, regardless of whether or not they use this
         4701  +** flag.
         4702  +**
         4703  +** [[SQLITE_PREPARE_NO_VTAB]] <dt>SQLITE_PREPARE_NO_VTAB</dt>
         4704  +** <dd>The SQLITE_PREPARE_NO_VTAB flag causes the SQL compiler
         4705  +** to return an error (error code SQLITE_ERROR) if the statement uses
         4706  +** any virtual tables.
  4679   4707   ** </dl>
  4680   4708   */
  4681   4709   #define SQLITE_PREPARE_PERSISTENT              0x01
  4682   4710   #define SQLITE_PREPARE_NORMALIZE               0x02
         4711  +#define SQLITE_PREPARE_NO_VTAB                 0x04
  4683   4712   
  4684   4713   /*
  4685   4714   ** CAPI3REF: Compiling An SQL Statement
  4686   4715   ** KEYWORDS: {SQL statement compiler}
  4687   4716   ** METHOD: sqlite3
  4688   4717   ** CONSTRUCTOR: sqlite3_stmt
  4689   4718   **
................................................................................
 10460  10489     unsigned int *anQueue;            /* Number of pending entries in the queue */
 10461  10490     int nCoord;                       /* Number of coordinates */
 10462  10491     int iLevel;                       /* Level of current node or entry */
 10463  10492     int mxLevel;                      /* The largest iLevel value in the tree */
 10464  10493     sqlite3_int64 iRowid;             /* Rowid for current entry */
 10465  10494     sqlite3_rtree_dbl rParentScore;   /* Score of parent node */
 10466  10495     int eParentWithin;                /* Visibility of parent node */
 10467         -  int eWithin;                      /* OUT: Visiblity */
        10496  +  int eWithin;                      /* OUT: Visibility */
 10468  10497     sqlite3_rtree_dbl rScore;         /* OUT: Write the score here */
 10469  10498     /* The following fields are only available in 3.8.11 and later */
 10470  10499     sqlite3_value **apSqlParam;       /* Original SQL values of parameters */
 10471  10500   };
 10472  10501   
 10473  10502   /*
 10474  10503   ** Allowed values for sqlite3_rtree_query.eWithin and .eParentWithin.
................................................................................
 11031  11060   **
 11032  11061   ** If argument pzTab is not NULL, then *pzTab is set to point to a
 11033  11062   ** nul-terminated utf-8 encoded string containing the name of the table
 11034  11063   ** affected by the current change. The buffer remains valid until either
 11035  11064   ** sqlite3changeset_next() is called on the iterator or until the 
 11036  11065   ** conflict-handler function returns. If pnCol is not NULL, then *pnCol is 
 11037  11066   ** set to the number of columns in the table affected by the change. If
 11038         -** pbIncorrect is not NULL, then *pbIndirect is set to true (1) if the change
        11067  +** pbIndirect is not NULL, then *pbIndirect is set to true (1) if the change
 11039  11068   ** is an indirect change, or false (0) otherwise. See the documentation for
 11040  11069   ** [sqlite3session_indirect()] for a description of direct and indirect
 11041  11070   ** changes. Finally, if pOp is not NULL, then *pOp is set to one of 
 11042  11071   ** [SQLITE_INSERT], [SQLITE_DELETE] or [SQLITE_UPDATE], depending on the 
 11043  11072   ** type of change that the iterator currently points to.
 11044  11073   **
 11045  11074   ** If no error occurs, SQLITE_OK is returned. If an error does occur, an
................................................................................
 12265  12294   **   Query for the details of phrase match iIdx within the current row.
 12266  12295   **   Phrase matches are numbered starting from zero, so the iIdx argument
 12267  12296   **   should be greater than or equal to zero and smaller than the value
 12268  12297   **   output by xInstCount().
 12269  12298   **
 12270  12299   **   Usually, output parameter *piPhrase is set to the phrase number, *piCol
 12271  12300   **   to the column in which it occurs and *piOff the token offset of the
 12272         -**   first token of the phrase. The exception is if the table was created
 12273         -**   with the offsets=0 option specified. In this case *piOff is always
 12274         -**   set to -1.
 12275         -**
 12276         -**   Returns SQLITE_OK if successful, or an error code (i.e. SQLITE_NOMEM) 
 12277         -**   if an error occurs.
        12301  +**   first token of the phrase. Returns SQLITE_OK if successful, or an error
        12302  +**   code (i.e. SQLITE_NOMEM) if an error occurs.
 12278  12303   **
 12279  12304   **   This API can be quite slow if used with an FTS5 table created with the
 12280  12305   **   "detail=none" or "detail=column" option. 
 12281  12306   **
 12282  12307   ** xRowid:
 12283  12308   **   Returns the rowid of the current row.
 12284  12309   **
................................................................................
 12559  12584   **            same token for inputs "first" and "1st". Say that token is in
 12560  12585   **            fact "first", so that when the user inserts the document "I won
 12561  12586   **            1st place" entries are added to the index for tokens "i", "won",
 12562  12587   **            "first" and "place". If the user then queries for '1st + place',
 12563  12588   **            the tokenizer substitutes "first" for "1st" and the query works
 12564  12589   **            as expected.
 12565  12590   **
 12566         -**       <li> By adding multiple synonyms for a single term to the FTS index.
 12567         -**            In this case, when tokenizing query text, the tokenizer may 
 12568         -**            provide multiple synonyms for a single term within the document.
 12569         -**            FTS5 then queries the index for each synonym individually. For
 12570         -**            example, faced with the query:
        12591  +**       <li> By querying the index for all synonyms of each query term
        12592  +**            separately. In this case, when tokenizing query text, the
        12593  +**            tokenizer may provide multiple synonyms for a single term 
        12594  +**            within the document. FTS5 then queries the index for each 
        12595  +**            synonym individually. For example, faced with the query:
 12571  12596   **
 12572  12597   **   <codeblock>
 12573  12598   **     ... MATCH 'first place'</codeblock>
 12574  12599   **
 12575  12600   **            the tokenizer offers both "1st" and "first" as synonyms for the
 12576  12601   **            first token in the MATCH query and FTS5 effectively runs a query 
 12577  12602   **            similar to:
................................................................................
 12587  12612   **            Using this method, when tokenizing document text, the tokenizer
 12588  12613   **            provides multiple synonyms for each token. So that when a 
 12589  12614   **            document such as "I won first place" is tokenized, entries are
 12590  12615   **            added to the FTS index for "i", "won", "first", "1st" and
 12591  12616   **            "place".
 12592  12617   **
 12593  12618   **            This way, even if the tokenizer does not provide synonyms
 12594         -**            when tokenizing query text (it should not - to do would be
        12619  +**            when tokenizing query text (it should not - to do so would be
 12595  12620   **            inefficient), it doesn't matter if the user queries for 
 12596  12621   **            'first + place' or '1st + place', as there are entries in the
 12597  12622   **            FTS index corresponding to both forms of the first token.
 12598  12623   **   </ol>
 12599  12624   **
 12600  12625   **   Whether it is parsing document or query text, any call to xToken that
 12601  12626   **   specifies a <i>tflags</i> argument with the FTS5_TOKEN_COLOCATED bit
................................................................................
 14531  14556   SQLITE_PRIVATE i64 sqlite3BtreeIntegerKey(BtCursor*);
 14532  14557   #ifdef SQLITE_ENABLE_OFFSET_SQL_FUNC
 14533  14558   SQLITE_PRIVATE i64 sqlite3BtreeOffset(BtCursor*);
 14534  14559   #endif
 14535  14560   SQLITE_PRIVATE int sqlite3BtreePayload(BtCursor*, u32 offset, u32 amt, void*);
 14536  14561   SQLITE_PRIVATE const void *sqlite3BtreePayloadFetch(BtCursor*, u32 *pAmt);
 14537  14562   SQLITE_PRIVATE u32 sqlite3BtreePayloadSize(BtCursor*);
        14563  +SQLITE_PRIVATE sqlite3_int64 sqlite3BtreeMaxRecordSize(BtCursor*);
 14538  14564   
 14539  14565   SQLITE_PRIVATE char *sqlite3BtreeIntegrityCheck(Btree*, int *aRoot, int nRoot, int, int*);
 14540  14566   SQLITE_PRIVATE struct Pager *sqlite3BtreePager(Btree*);
 14541  14567   SQLITE_PRIVATE i64 sqlite3BtreeRowCountEst(BtCursor*);
 14542  14568   
 14543  14569   #ifndef SQLITE_OMIT_INCRBLOB
 14544  14570   SQLITE_PRIVATE int sqlite3BtreePayloadChecked(BtCursor*, u32 offset, u32 amt, void*);
................................................................................
 14770  14796   #   define COLNAME_N      1      /* Store only the name */
 14771  14797   # else
 14772  14798   #   define COLNAME_N      2      /* Store the name and decltype */
 14773  14799   # endif
 14774  14800   #endif
 14775  14801   
 14776  14802   /*
 14777         -** The following macro converts a relative address in the p2 field
 14778         -** of a VdbeOp structure into a negative number so that 
 14779         -** sqlite3VdbeAddOpList() knows that the address is relative.  Calling
 14780         -** the macro again restores the address.
        14803  +** The following macro converts a label returned by sqlite3VdbeMakeLabel()
        14804  +** into an index into the Parse.aLabel[] array that contains the resolved
        14805  +** address of that label.
 14781  14806   */
 14782         -#define ADDR(X)  (-1-(X))
        14807  +#define ADDR(X)  (~(X))
 14783  14808   
 14784  14809   /*
 14785  14810   ** The makefile scans the vdbe.c source file and creates the "opcodes.h"
 14786  14811   ** header file that defines a number for each opcode used by the VDBE.
 14787  14812   */
 14788  14813   /************** Include opcodes.h in the middle of vdbe.h ********************/
 14789  14814   /************** Begin file opcodes.h *****************************************/
................................................................................
 15051  15076   # define ExplainQueryPlan(P)        sqlite3VdbeExplain P
 15052  15077   # define ExplainQueryPlanPop(P)     sqlite3VdbeExplainPop(P)
 15053  15078   # define ExplainQueryPlanParent(P)  sqlite3VdbeExplainParent(P)
 15054  15079   #else
 15055  15080   # define ExplainQueryPlan(P)
 15056  15081   # define ExplainQueryPlanPop(P)
 15057  15082   # define ExplainQueryPlanParent(P) 0
        15083  +# define sqlite3ExplainBreakpoint(A,B) /*no-op*/
        15084  +#endif
        15085  +#if defined(SQLITE_DEBUG) && !defined(SQLITE_OMIT_EXPLAIN)
        15086  +SQLITE_PRIVATE   void sqlite3ExplainBreakpoint(const char*,const char*);
        15087  +#else
        15088  +# define sqlite3ExplainBreakpoint(A,B) /*no-op*/
 15058  15089   #endif
 15059  15090   SQLITE_PRIVATE void sqlite3VdbeAddParseSchemaOp(Vdbe*,int,char*);
 15060  15091   SQLITE_PRIVATE void sqlite3VdbeChangeOpcode(Vdbe*, u32 addr, u8);
 15061  15092   SQLITE_PRIVATE void sqlite3VdbeChangeP1(Vdbe*, u32 addr, int P1);
 15062  15093   SQLITE_PRIVATE void sqlite3VdbeChangeP2(Vdbe*, u32 addr, int P2);
 15063  15094   SQLITE_PRIVATE void sqlite3VdbeChangeP3(Vdbe*, u32 addr, int P3);
 15064  15095   SQLITE_PRIVATE void sqlite3VdbeChangeP5(Vdbe*, u16 P5);
................................................................................
 15066  15097   SQLITE_PRIVATE int sqlite3VdbeChangeToNoop(Vdbe*, int addr);
 15067  15098   SQLITE_PRIVATE int sqlite3VdbeDeletePriorOpcode(Vdbe*, u8 op);
 15068  15099   SQLITE_PRIVATE void sqlite3VdbeChangeP4(Vdbe*, int addr, const char *zP4, int N);
 15069  15100   SQLITE_PRIVATE void sqlite3VdbeAppendP4(Vdbe*, void *pP4, int p4type);
 15070  15101   SQLITE_PRIVATE void sqlite3VdbeSetP4KeyInfo(Parse*, Index*);
 15071  15102   SQLITE_PRIVATE void sqlite3VdbeUsesBtree(Vdbe*, int);
 15072  15103   SQLITE_PRIVATE VdbeOp *sqlite3VdbeGetOp(Vdbe*, int);
 15073         -SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Vdbe*);
        15104  +SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Parse*);
 15074  15105   SQLITE_PRIVATE void sqlite3VdbeRunOnlyOnce(Vdbe*);
 15075  15106   SQLITE_PRIVATE void sqlite3VdbeReusable(Vdbe*);
 15076  15107   SQLITE_PRIVATE void sqlite3VdbeDelete(Vdbe*);
 15077  15108   SQLITE_PRIVATE void sqlite3VdbeClearObject(sqlite3*,Vdbe*);
 15078  15109   SQLITE_PRIVATE void sqlite3VdbeMakeReady(Vdbe*,Parse*);
 15079  15110   SQLITE_PRIVATE int sqlite3VdbeFinalize(Vdbe*);
 15080  15111   SQLITE_PRIVATE void sqlite3VdbeResolveLabel(Vdbe*, int);
................................................................................
 15087  15118   SQLITE_PRIVATE int sqlite3VdbeReset(Vdbe*);
 15088  15119   SQLITE_PRIVATE void sqlite3VdbeSetNumCols(Vdbe*,int);
 15089  15120   SQLITE_PRIVATE int sqlite3VdbeSetColName(Vdbe*, int, int, const char *, void(*)(void*));
 15090  15121   SQLITE_PRIVATE void sqlite3VdbeCountChanges(Vdbe*);
 15091  15122   SQLITE_PRIVATE sqlite3 *sqlite3VdbeDb(Vdbe*);
 15092  15123   SQLITE_PRIVATE u8 sqlite3VdbePrepareFlags(Vdbe*);
 15093  15124   SQLITE_PRIVATE void sqlite3VdbeSetSql(Vdbe*, const char *z, int n, u8);
        15125  +#ifdef SQLITE_ENABLE_NORMALIZE
        15126  +SQLITE_PRIVATE void sqlite3VdbeAddDblquoteStr(sqlite3*,Vdbe*,const char*);
        15127  +SQLITE_PRIVATE int sqlite3VdbeUsesDoubleQuotedString(Vdbe*,const char*);
        15128  +#endif
 15094  15129   SQLITE_PRIVATE void sqlite3VdbeSwap(Vdbe*,Vdbe*);
 15095  15130   SQLITE_PRIVATE VdbeOp *sqlite3VdbeTakeOpArray(Vdbe*, int*, int*);
 15096  15131   SQLITE_PRIVATE sqlite3_value *sqlite3VdbeGetBoundValue(Vdbe*, int, u8);
 15097  15132   SQLITE_PRIVATE void sqlite3VdbeSetVarmask(Vdbe*, int);
 15098  15133   #ifndef SQLITE_OMIT_TRACE
 15099  15134   SQLITE_PRIVATE   char *sqlite3VdbeExpandSql(Vdbe*, const char*);
 15100  15135   #endif
................................................................................
 16212  16247                                  const char*);
 16213  16248   #endif
 16214  16249   
 16215  16250   #ifndef SQLITE_OMIT_DEPRECATED
 16216  16251   /* This is an extra SQLITE_TRACE macro that indicates "legacy" tracing
 16217  16252   ** in the style of sqlite3_trace()
 16218  16253   */
 16219         -#define SQLITE_TRACE_LEGACY  0x80
        16254  +#define SQLITE_TRACE_LEGACY          0x40     /* Use the legacy xTrace */
        16255  +#define SQLITE_TRACE_XPROFILE        0x80     /* Use the legacy xProfile */
 16220  16256   #else
 16221         -#define SQLITE_TRACE_LEGACY  0
        16257  +#define SQLITE_TRACE_LEGACY          0
        16258  +#define SQLITE_TRACE_XPROFILE        0
 16222  16259   #endif /* SQLITE_OMIT_DEPRECATED */
        16260  +#define SQLITE_TRACE_NONLEGACY_MASK  0x0f     /* Normal flags */
 16223  16261   
 16224  16262   
 16225  16263   /*
 16226  16264   ** Each database connection is an instance of the following structure.
 16227  16265   */
 16228  16266   struct sqlite3 {
 16229  16267     sqlite3_vfs *pVfs;            /* OS Interface */
................................................................................
 16274  16312     int nVdbeWrite;               /* Number of active VDBEs that read and write */
 16275  16313     int nVdbeExec;                /* Number of nested calls to VdbeExec() */
 16276  16314     int nVDestroy;                /* Number of active OP_VDestroy operations */
 16277  16315     int nExtension;               /* Number of loaded extensions */
 16278  16316     void **aExtension;            /* Array of shared library handles */
 16279  16317     int (*xTrace)(u32,void*,void*,void*);     /* Trace function */
 16280  16318     void *pTraceArg;                          /* Argument to the trace function */
        16319  +#ifndef SQLITE_OMIT_DEPRECATED
 16281  16320     void (*xProfile)(void*,const char*,u64);  /* Profiling function */
 16282  16321     void *pProfileArg;                        /* Argument to profile function */
        16322  +#endif
 16283  16323     void *pCommitArg;                 /* Argument to xCommitCallback() */
 16284  16324     int (*xCommitCallback)(void*);    /* Invoked at every commit. */
 16285  16325     void *pRollbackArg;               /* Argument to xRollbackCallback() */
 16286  16326     void (*xRollbackCallback)(void*); /* Invoked at every commit. */
 16287  16327     void *pUpdateArg;
 16288  16328     void (*xUpdateCallback)(void*,int, const char*,const char*,sqlite_int64);
 16289  16329   #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
................................................................................
 16406  16446   #define HI(X)  ((u64)(X)<<32)
 16407  16447   #ifdef SQLITE_DEBUG
 16408  16448   #define SQLITE_SqlTrace       HI(0x0001)  /* Debug print SQL as it executes */
 16409  16449   #define SQLITE_VdbeListing    HI(0x0002)  /* Debug listings of VDBE progs */
 16410  16450   #define SQLITE_VdbeTrace      HI(0x0004)  /* True to trace VDBE execution */
 16411  16451   #define SQLITE_VdbeAddopTrace HI(0x0008)  /* Trace sqlite3VdbeAddOp() calls */
 16412  16452   #define SQLITE_VdbeEQP        HI(0x0010)  /* Debug EXPLAIN QUERY PLAN */
        16453  +#define SQLITE_ParserTrace    HI(0x0020)  /* PRAGMA parser_trace=ON */
 16413  16454   #endif
 16414  16455   
 16415  16456   /*
 16416  16457   ** Allowed values for sqlite3.mDbFlags
 16417  16458   */
 16418  16459   #define DBFLAG_SchemaChange   0x0001  /* Uncommitted Hash table changes */
 16419  16460   #define DBFLAG_PreferBuiltin  0x0002  /* Preference to built-in funcs */
................................................................................
 16808  16849   /*
 16809  16850   ** The schema for each SQL table and view is represented in memory
 16810  16851   ** by an instance of the following structure.
 16811  16852   */
 16812  16853   struct Table {
 16813  16854     char *zName;         /* Name of the table or view */
 16814  16855     Column *aCol;        /* Information about each column */
 16815         -#ifdef SQLITE_ENABLE_NORMALIZE
 16816         -  Hash *pColHash;      /* All columns indexed by name */
 16817         -#endif
 16818  16856     Index *pIndex;       /* List of SQL indexes on this table. */
 16819  16857     Select *pSelect;     /* NULL for tables.  Points to definition if a view. */
 16820  16858     FKey *pFKey;         /* Linked list of all foreign keys in this table */
 16821  16859     char *zColAff;       /* String defining the affinity of each column */
 16822  16860     ExprList *pCheck;    /* All CHECK constraints */
 16823  16861                          /*   ... also used as column name list in a VIEW */
 16824  16862     int tnum;            /* Root BTree page for this table */
................................................................................
 17097  17135     Expr *pPartIdxWhere;     /* WHERE clause for partial indices */
 17098  17136     ExprList *aColExpr;      /* Column expressions */
 17099  17137     int tnum;                /* DB Page containing root of this index */
 17100  17138     LogEst szIdxRow;         /* Estimated average row size in bytes */
 17101  17139     u16 nKeyCol;             /* Number of columns forming the key */
 17102  17140     u16 nColumn;             /* Number of columns stored in the index */
 17103  17141     u8 onError;              /* OE_Abort, OE_Ignore, OE_Replace, or OE_None */
 17104         -  unsigned idxType:2;      /* 1==UNIQUE, 2==PRIMARY KEY, 0==CREATE INDEX */
        17142  +  unsigned idxType:2;      /* 0:Normal 1:UNIQUE, 2:PRIMARY KEY, 3:IPK */
 17105  17143     unsigned bUnordered:1;   /* Use this index for == or IN queries only */
 17106  17144     unsigned uniqNotNull:1;  /* True if UNIQUE and NOT NULL for all columns */
 17107  17145     unsigned isResized:1;    /* True if resizeIndexObject() has been called */
 17108  17146     unsigned isCovering:1;   /* True if this is a covering index */
 17109  17147     unsigned noSkipScan:1;   /* Do not try to use skip-scan if true */
 17110  17148     unsigned hasStat1:1;     /* aiRowLogEst values come from sqlite_stat1 */
 17111  17149     unsigned bNoQuery:1;     /* Do not use this index to optimize queries */
................................................................................
 17122  17160   
 17123  17161   /*
 17124  17162   ** Allowed values for Index.idxType
 17125  17163   */
 17126  17164   #define SQLITE_IDXTYPE_APPDEF      0   /* Created using CREATE INDEX */
 17127  17165   #define SQLITE_IDXTYPE_UNIQUE      1   /* Implements a UNIQUE constraint */
 17128  17166   #define SQLITE_IDXTYPE_PRIMARYKEY  2   /* Is the PRIMARY KEY for the table */
        17167  +#define SQLITE_IDXTYPE_IPK         3   /* INTEGER PRIMARY KEY index */
 17129  17168   
 17130  17169   /* Return true if index X is a PRIMARY KEY index */
 17131  17170   #define IsPrimaryKeyIndex(X)  ((X)->idxType==SQLITE_IDXTYPE_PRIMARYKEY)
 17132  17171   
 17133  17172   /* Return true if index X is a UNIQUE index */
 17134  17173   #define IsUniqueIndex(X)      ((X)->onError!=OE_None)
 17135  17174   
................................................................................
 17339  17378                            ** TK_COLUMN: the value of p5 for OP_Column
 17340  17379                            ** TK_AGG_FUNCTION: nesting depth */
 17341  17380     AggInfo *pAggInfo;     /* Used by TK_AGG_COLUMN and TK_AGG_FUNCTION */
 17342  17381     union {
 17343  17382       Table *pTab;           /* TK_COLUMN: Table containing column. Can be NULL
 17344  17383                              ** for a column of an index on an expression */
 17345  17384       Window *pWin;          /* TK_FUNCTION: Window definition for the func */
        17385  +    struct {               /* TK_IN, TK_SELECT, and TK_EXISTS */
        17386  +      int iAddr;             /* Subroutine entry address */
        17387  +      int regReturn;         /* Register used to hold return address */
        17388  +    } sub;
 17346  17389     } y;
 17347  17390   };
 17348  17391   
 17349  17392   /*
 17350  17393   ** The following are the meanings of bits in the Expr.flags field.
 17351  17394   */
 17352  17395   #define EP_FromJoin  0x000001 /* Originates in ON/USING clause of outer join */
................................................................................
 17370  17413   #define EP_Unlikely  0x040000 /* unlikely() or likelihood() function */
 17371  17414   #define EP_ConstFunc 0x080000 /* A SQLITE_FUNC_CONSTANT or _SLOCHNG function */
 17372  17415   #define EP_CanBeNull 0x100000 /* Can be null despite NOT NULL constraint */
 17373  17416   #define EP_Subquery  0x200000 /* Tree contains a TK_SELECT operator */
 17374  17417   #define EP_Alias     0x400000 /* Is an alias for a result set column */
 17375  17418   #define EP_Leaf      0x800000 /* Expr.pLeft, .pRight, .u.pSelect all NULL */
 17376  17419   #define EP_WinFunc  0x1000000 /* TK_FUNCTION with Expr.y.pWin set */
        17420  +#define EP_Subrtn   0x2000000 /* Uses Expr.y.sub. TK_IN, _SELECT, or _EXISTS */
        17421  +#define EP_Quoted   0x4000000 /* TK_ID was originally quoted */
 17377  17422   
 17378  17423   /*
 17379  17424   ** The EP_Propagate mask is a set of properties that automatically propagate
 17380  17425   ** upwards into parent nodes.
 17381  17426   */
 17382  17427   #define EP_Propagate (EP_Collate|EP_Subquery|EP_HasFunc)
 17383  17428   
................................................................................
 17913  17958     u8 nested;           /* Number of nested calls to the parser/code generator */
 17914  17959     u8 nTempReg;         /* Number of temporary registers in aTempReg[] */
 17915  17960     u8 isMultiWrite;     /* True if statement may modify/insert multiple rows */
 17916  17961     u8 mayAbort;         /* True if statement may throw an ABORT exception */
 17917  17962     u8 hasCompound;      /* Need to invoke convertCompoundSelectToSubquery() */
 17918  17963     u8 okConstFactor;    /* OK to factor out constants */
 17919  17964     u8 disableLookaside; /* Number of times lookaside has been disabled */
        17965  +  u8 disableVtab;      /* Disable all virtual tables for this parse */
 17920  17966     int nRangeReg;       /* Size of the temporary register block */
 17921  17967     int iRangeReg;       /* First register in temporary register block */
 17922  17968     int nErr;            /* Number of errors seen */
 17923  17969     int nTab;            /* Number of previously allocated VDBE cursors */
 17924  17970     int nMem;            /* Number of memory cells used so far */
 17925         -  int nOpAlloc;        /* Number of slots allocated for Vdbe.aOp[] */
 17926  17971     int szOpAlloc;       /* Bytes of memory space allocated for Vdbe.aOp[] */
 17927  17972     int iSelfTab;        /* Table associated with an index on expr, or negative
 17928  17973                          ** of the base register during check-constraint eval */
 17929         -  int nLabel;          /* Number of labels used */
        17974  +  int nLabel;          /* The *negative* of the number of labels used */
        17975  +  int nLabelAlloc;     /* Number of slots in aLabel */
 17930  17976     int *aLabel;         /* Space to hold the labels */
 17931  17977     ExprList *pConstExpr;/* Constant expressions */
 17932  17978     Token constraintName;/* Name of the constraint currently being parsed */
 17933  17979     yDbMask writeMask;   /* Start a write transaction on these databases */
 17934  17980     yDbMask cookieMask;  /* Bitmask of schema verified databases */
 17935  17981     int regRowid;        /* Register holding rowid of CREATE TABLE entry */
 17936  17982     int regRoot;         /* Register holding root page number for new objects */
................................................................................
 17982  18028   #ifndef SQLITE_OMIT_EXPLAIN
 17983  18029     int addrExplain;          /* Address of current OP_Explain opcode */
 17984  18030   #endif
 17985  18031     VList *pVList;            /* Mapping between variable names and numbers */
 17986  18032     Vdbe *pReprepare;         /* VM being reprepared (sqlite3Reprepare()) */
 17987  18033     const char *zTail;        /* All SQL text past the last semicolon parsed */
 17988  18034     Table *pNewTable;         /* A table being constructed by CREATE TABLE */
 17989         -  Index *pNewIndex;         /* An index being constructed by CREATE INDEX */
        18035  +  Index *pNewIndex;         /* An index being constructed by CREATE INDEX.
        18036  +                            ** Also used to hold redundant UNIQUE constraints
        18037  +                            ** during a RENAME COLUMN */
 17990  18038     Trigger *pNewTrigger;     /* Trigger under construct by a CREATE TRIGGER */
 17991  18039     const char *zAuthContext; /* The 6th parameter to db->xAuth callbacks */
 17992  18040   #ifndef SQLITE_OMIT_VIRTUALTABLE
 17993  18041     Token sArg;               /* Complete text of a module argument */
 17994  18042     Table **apVtabLock;       /* Pointer to virtual tables needing locking */
 17995  18043   #endif
 17996  18044     Table *pZombieTab;        /* List of Table objects to delete after code gen */
................................................................................
 18210  18258   */
 18211  18259   typedef struct {
 18212  18260     sqlite3 *db;        /* The database being initialized */
 18213  18261     char **pzErrMsg;    /* Error message stored here */
 18214  18262     int iDb;            /* 0 for main database.  1 for TEMP, 2.. for ATTACHed */
 18215  18263     int rc;             /* Result code stored here */
 18216  18264     u32 mInitFlags;     /* Flags controlling error messages */
        18265  +  u32 nInitRow;       /* Number of rows processed */
 18217  18266   } InitData;
 18218  18267   
 18219  18268   /*
 18220  18269   ** Allowed values for mInitFlags
 18221  18270   */
 18222  18271   #define INITFLAG_AlterTable   0x0001  /* This is a reparse after ALTER TABLE */
 18223  18272   
................................................................................
 18270  18319   #ifdef SQLITE_VDBE_COVERAGE
 18271  18320     /* The following callback (if not NULL) is invoked on every VDBE branch
 18272  18321     ** operation.  Set the callback using SQLITE_TESTCTRL_VDBE_COVERAGE.
 18273  18322     */
 18274  18323     void (*xVdbeBranch)(void*,unsigned iSrcLine,u8 eThis,u8 eMx);  /* Callback */
 18275  18324     void *pVdbeBranchArg;                                     /* 1st argument */
 18276  18325   #endif
        18326  +#ifdef SQLITE_ENABLE_DESERIALIZE
        18327  +  sqlite3_int64 mxMemdbSize;        /* Default max memdb size */
        18328  +#endif
 18277  18329   #ifndef SQLITE_UNTESTABLE
 18278  18330     int (*xTestCallback)(int);        /* Invoked by sqlite3FaultSim() */
 18279  18331   #endif
 18280  18332     int bLocaltimeFault;              /* True to fail localtime() calls */
 18281  18333     int bInternalFunctions;           /* Internal SQL functions are visible */
 18282  18334     int iOnceResetThreshold;          /* When to reset OP_Once counters */
 18283  18335     u32 szSorterRef;                  /* Min size in bytes to use sorter-refs */
................................................................................
 18658  18710   #endif
 18659  18711   #endif
 18660  18712   
 18661  18713   
 18662  18714   SQLITE_PRIVATE void sqlite3SetString(char **, sqlite3*, const char*);
 18663  18715   SQLITE_PRIVATE void sqlite3ErrorMsg(Parse*, const char*, ...);
 18664  18716   SQLITE_PRIVATE void sqlite3Dequote(char*);
        18717  +SQLITE_PRIVATE void sqlite3DequoteExpr(Expr*);
 18665  18718   SQLITE_PRIVATE void sqlite3TokenInit(Token*,char*);
 18666  18719   SQLITE_PRIVATE int sqlite3KeywordCode(const unsigned char*, int);
 18667  18720   SQLITE_PRIVATE int sqlite3RunParser(Parse*, const char*, char **);
 18668  18721   SQLITE_PRIVATE void sqlite3FinishCoding(Parse*);
 18669  18722   SQLITE_PRIVATE int sqlite3GetTempReg(Parse*);
 18670  18723   SQLITE_PRIVATE void sqlite3ReleaseTempReg(Parse*,int);
 18671  18724   SQLITE_PRIVATE int sqlite3GetTempRange(Parse*,int);
................................................................................
 18686  18739   SQLITE_PRIVATE ExprList *sqlite3ExprListAppend(Parse*,ExprList*,Expr*);
 18687  18740   SQLITE_PRIVATE ExprList *sqlite3ExprListAppendVector(Parse*,ExprList*,IdList*,Expr*);
 18688  18741   SQLITE_PRIVATE void sqlite3ExprListSetSortOrder(ExprList*,int);
 18689  18742   SQLITE_PRIVATE void sqlite3ExprListSetName(Parse*,ExprList*,Token*,int);
 18690  18743   SQLITE_PRIVATE void sqlite3ExprListSetSpan(Parse*,ExprList*,const char*,const char*);
 18691  18744   SQLITE_PRIVATE void sqlite3ExprListDelete(sqlite3*, ExprList*);
 18692  18745   SQLITE_PRIVATE u32 sqlite3ExprListFlags(const ExprList*);
        18746  +SQLITE_PRIVATE int sqlite3IndexHasDuplicateRootPage(Index*);
 18693  18747   SQLITE_PRIVATE int sqlite3Init(sqlite3*, char**);
 18694  18748   SQLITE_PRIVATE int sqlite3InitCallback(void*, int, char**, char**);
 18695  18749   SQLITE_PRIVATE int sqlite3InitOne(sqlite3*, int, char**, u32);
 18696  18750   SQLITE_PRIVATE void sqlite3Pragma(Parse*,Token*,Token*,Token*,int);
 18697  18751   #ifndef SQLITE_OMIT_VIRTUALTABLE
 18698  18752   SQLITE_PRIVATE Module *sqlite3PragmaVtabRegister(sqlite3*,const char *zName);
 18699  18753   #endif
................................................................................
 18719  18773   SQLITE_PRIVATE void sqlite3AddPrimaryKey(Parse*, ExprList*, int, int, int);
 18720  18774   SQLITE_PRIVATE void sqlite3AddCheckConstraint(Parse*, Expr*);
 18721  18775   SQLITE_PRIVATE void sqlite3AddDefaultValue(Parse*,Expr*,const char*,const char*);
 18722  18776   SQLITE_PRIVATE void sqlite3AddCollateType(Parse*, Token*);
 18723  18777   SQLITE_PRIVATE void sqlite3EndTable(Parse*,Token*,Token*,u8,Select*);
 18724  18778   SQLITE_PRIVATE int sqlite3ParseUri(const char*,const char*,unsigned int*,
 18725  18779                       sqlite3_vfs**,char**,char **);
        18780  +#ifdef SQLITE_HAS_CODEC
        18781  +SQLITE_PRIVATE   int sqlite3CodecQueryParameters(sqlite3*,const char*,const char*);
        18782  +#else
        18783  +# define sqlite3CodecQueryParameters(A,B,C) 0
        18784  +#endif
 18726  18785   SQLITE_PRIVATE Btree *sqlite3DbNameToBtree(sqlite3*,const char*);
 18727  18786   
 18728  18787   #ifdef SQLITE_UNTESTABLE
 18729  18788   # define sqlite3FaultSim(X) SQLITE_OK
 18730  18789   #else
 18731  18790   SQLITE_PRIVATE   int sqlite3FaultSim(int);
 18732  18791   #endif
................................................................................
 18771  18830   # define sqlite3AutoincrementBegin(X)
 18772  18831   # define sqlite3AutoincrementEnd(X)
 18773  18832   #endif
 18774  18833   SQLITE_PRIVATE void sqlite3Insert(Parse*, SrcList*, Select*, IdList*, int, Upsert*);
 18775  18834   SQLITE_PRIVATE void *sqlite3ArrayAllocate(sqlite3*,void*,int,int*,int*);
 18776  18835   SQLITE_PRIVATE IdList *sqlite3IdListAppend(Parse*, IdList*, Token*);
 18777  18836   SQLITE_PRIVATE int sqlite3IdListIndex(IdList*,const char*);
 18778         -SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(sqlite3*, SrcList*, int, int);
 18779         -SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(sqlite3*, SrcList*, Token*, Token*);
        18837  +SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(Parse*, SrcList*, int, int);
        18838  +SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(Parse*, SrcList*, Token*, Token*);
 18780  18839   SQLITE_PRIVATE SrcList *sqlite3SrcListAppendFromTerm(Parse*, SrcList*, Token*, Token*,
 18781  18840                                         Token*, Select*, Expr*, IdList*);
 18782  18841   SQLITE_PRIVATE void sqlite3SrcListIndexedBy(Parse *, SrcList *, Token *);
 18783  18842   SQLITE_PRIVATE void sqlite3SrcListFuncArgs(Parse*, SrcList*, ExprList*);
 18784  18843   SQLITE_PRIVATE int sqlite3IndexedByLookup(Parse *, struct SrcList_item *);
 18785  18844   SQLITE_PRIVATE void sqlite3SrcListShiftJoinType(SrcList*);
 18786  18845   SQLITE_PRIVATE void sqlite3SrcListAssignCursors(Parse*, SrcList*);
................................................................................
 18839  18898   #define LOCATE_VIEW    0x01
 18840  18899   #define LOCATE_NOERR   0x02
 18841  18900   SQLITE_PRIVATE Table *sqlite3LocateTable(Parse*,u32 flags,const char*, const char*);
 18842  18901   SQLITE_PRIVATE Table *sqlite3LocateTableItem(Parse*,u32 flags,struct SrcList_item *);
 18843  18902   SQLITE_PRIVATE Index *sqlite3FindIndex(sqlite3*,const char*, const char*);
 18844  18903   SQLITE_PRIVATE void sqlite3UnlinkAndDeleteTable(sqlite3*,int,const char*);
 18845  18904   SQLITE_PRIVATE void sqlite3UnlinkAndDeleteIndex(sqlite3*,int,const char*);
 18846         -SQLITE_PRIVATE void sqlite3Vacuum(Parse*,Token*);
 18847         -SQLITE_PRIVATE int sqlite3RunVacuum(char**, sqlite3*, int);
        18905  +SQLITE_PRIVATE void sqlite3Vacuum(Parse*,Token*,Expr*);
        18906  +SQLITE_PRIVATE int sqlite3RunVacuum(char**, sqlite3*, int, sqlite3_value*);
 18848  18907   SQLITE_PRIVATE char *sqlite3NameFromToken(sqlite3*, Token*);
 18849  18908   SQLITE_PRIVATE int sqlite3ExprCompare(Parse*,Expr*, Expr*, int);
 18850  18909   SQLITE_PRIVATE int sqlite3ExprCompareSkip(Expr*, Expr*, int);
 18851  18910   SQLITE_PRIVATE int sqlite3ExprListCompare(ExprList*, ExprList*, int);
 18852  18911   SQLITE_PRIVATE int sqlite3ExprImpliesExpr(Parse*,Expr*, Expr*, int);
 18853  18912   SQLITE_PRIVATE int sqlite3ExprImpliesNonNullRow(Expr*,int);
 18854  18913   SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext*, Expr*);
................................................................................
 18878  18937   #ifdef SQLITE_ENABLE_CURSOR_HINTS
 18879  18938   SQLITE_PRIVATE int sqlite3ExprContainsSubquery(Expr*);
 18880  18939   #endif
 18881  18940   SQLITE_PRIVATE int sqlite3ExprIsInteger(Expr*, int*);
 18882  18941   SQLITE_PRIVATE int sqlite3ExprCanBeNull(const Expr*);
 18883  18942   SQLITE_PRIVATE int sqlite3ExprNeedsNoAffinityChange(const Expr*, char);
 18884  18943   SQLITE_PRIVATE int sqlite3IsRowid(const char*);
 18885         -#ifdef SQLITE_ENABLE_NORMALIZE
 18886         -SQLITE_PRIVATE int sqlite3IsRowidN(const char*, int);
 18887         -#endif
 18888  18944   SQLITE_PRIVATE void sqlite3GenerateRowDelete(
 18889  18945       Parse*,Table*,Trigger*,int,int,int,i16,u8,u8,u8,int);
 18890  18946   SQLITE_PRIVATE void sqlite3GenerateRowIndexDelete(Parse*, Table*, int, int, int*, int);
 18891  18947   SQLITE_PRIVATE int sqlite3GenerateIndexKey(Parse*, Index*, int, int, int, int*,Index*,int);
 18892  18948   SQLITE_PRIVATE void sqlite3ResolvePartIdxLabel(Parse*,int);
 18893  18949   SQLITE_PRIVATE int sqlite3ExprReferencesUpdatedColumn(Expr*,int*,int);
 18894  18950   SQLITE_PRIVATE void sqlite3GenerateConstraintChecks(Parse*,Table*,int*,int,int,int,int,
................................................................................
 18907  18963   SQLITE_PRIVATE void sqlite3UniqueConstraint(Parse*, int, Index*);
 18908  18964   SQLITE_PRIVATE void sqlite3RowidConstraint(Parse*, int, Table*);
 18909  18965   SQLITE_PRIVATE Expr *sqlite3ExprDup(sqlite3*,Expr*,int);
 18910  18966   SQLITE_PRIVATE ExprList *sqlite3ExprListDup(sqlite3*,ExprList*,int);
 18911  18967   SQLITE_PRIVATE SrcList *sqlite3SrcListDup(sqlite3*,SrcList*,int);
 18912  18968   SQLITE_PRIVATE IdList *sqlite3IdListDup(sqlite3*,IdList*);
 18913  18969   SQLITE_PRIVATE Select *sqlite3SelectDup(sqlite3*,Select*,int);
 18914         -#ifdef SQLITE_ENABLE_NORMALIZE
 18915         -SQLITE_PRIVATE FuncDef *sqlite3FunctionSearchN(int,const char*,int);
 18916         -#endif
        18970  +SQLITE_PRIVATE FuncDef *sqlite3FunctionSearch(int,const char*);
 18917  18971   SQLITE_PRIVATE void sqlite3InsertBuiltinFuncs(FuncDef*,int);
 18918  18972   SQLITE_PRIVATE FuncDef *sqlite3FindFunction(sqlite3*,const char*,int,u8,u8);
 18919  18973   SQLITE_PRIVATE void sqlite3RegisterBuiltinFunctions(void);
 18920  18974   SQLITE_PRIVATE void sqlite3RegisterDateTimeFunctions(void);
 18921  18975   SQLITE_PRIVATE void sqlite3RegisterPerConnectionBuiltinFunctions(sqlite3*);
 18922  18976   SQLITE_PRIVATE int sqlite3SafetyCheckOk(sqlite3*);
 18923  18977   SQLITE_PRIVATE int sqlite3SafetyCheckSickOrOk(sqlite3*);
................................................................................
 19114  19168   #endif
 19115  19169   SQLITE_PRIVATE void sqlite3RootPageMoved(sqlite3*, int, int, int);
 19116  19170   SQLITE_PRIVATE void sqlite3Reindex(Parse*, Token*, Token*);
 19117  19171   SQLITE_PRIVATE void sqlite3AlterFunctions(void);
 19118  19172   SQLITE_PRIVATE void sqlite3AlterRenameTable(Parse*, SrcList*, Token*);
 19119  19173   SQLITE_PRIVATE void sqlite3AlterRenameColumn(Parse*, SrcList*, Token*, Token*);
 19120  19174   SQLITE_PRIVATE int sqlite3GetToken(const unsigned char *, int *);
 19121         -#ifdef SQLITE_ENABLE_NORMALIZE
 19122         -SQLITE_PRIVATE int sqlite3GetTokenNormalized(const unsigned char *, int *, int *);
 19123         -#endif
 19124  19175   SQLITE_PRIVATE void sqlite3NestedParse(Parse*, const char*, ...);
 19125  19176   SQLITE_PRIVATE void sqlite3ExpirePreparedStatements(sqlite3*, int);
 19126         -SQLITE_PRIVATE int sqlite3CodeSubselect(Parse*, Expr *, int, int);
        19177  +SQLITE_PRIVATE void sqlite3CodeRhsOfIN(Parse*, Expr*, int, int);
        19178  +SQLITE_PRIVATE int sqlite3CodeSubselect(Parse*, Expr*);
 19127  19179   SQLITE_PRIVATE void sqlite3SelectPrep(Parse*, Select*, NameContext*);
 19128  19180   SQLITE_PRIVATE void sqlite3SelectWrongNumTermsError(Parse *pParse, Select *p);
 19129  19181   SQLITE_PRIVATE int sqlite3MatchSpanName(const char*, const char*, const char*, const char*);
 19130  19182   SQLITE_PRIVATE int sqlite3ResolveExprNames(NameContext*, Expr*);
 19131  19183   SQLITE_PRIVATE int sqlite3ResolveExprListNames(NameContext*, ExprList*);
 19132  19184   SQLITE_PRIVATE void sqlite3ResolveSelectNames(Parse*, Select*, NameContext*);
 19133         -SQLITE_PRIVATE void sqlite3ResolveSelfReference(Parse*,Table*,int,Expr*,ExprList*);
        19185  +SQLITE_PRIVATE int sqlite3ResolveSelfReference(Parse*,Table*,int,Expr*,ExprList*);
 19134  19186   SQLITE_PRIVATE int sqlite3ResolveOrderGroupBy(Parse*, Select*, ExprList*, const char*);
 19135  19187   SQLITE_PRIVATE void sqlite3ColumnDefault(Vdbe *, Table *, int, int);
 19136  19188   SQLITE_PRIVATE void sqlite3AlterFinishAddColumn(Parse *, Token *);
 19137  19189   SQLITE_PRIVATE void sqlite3AlterBeginAddColumn(Parse *, SrcList *);
 19138  19190   SQLITE_PRIVATE void *sqlite3RenameTokenMap(Parse*, void*, Token*);
 19139  19191   SQLITE_PRIVATE void sqlite3RenameTokenRemap(Parse*, void *pTo, void *pFrom);
 19140  19192   SQLITE_PRIVATE void sqlite3RenameExprUnmap(Parse*, Expr*);
................................................................................
 19275  19327   SQLITE_PRIVATE int sqlite3VtabBegin(sqlite3 *, VTable *);
 19276  19328   SQLITE_PRIVATE FuncDef *sqlite3VtabOverloadFunction(sqlite3 *,FuncDef*, int nArg, Expr*);
 19277  19329   SQLITE_PRIVATE sqlite3_int64 sqlite3StmtCurrentTime(sqlite3_context*);
 19278  19330   SQLITE_PRIVATE int sqlite3VdbeParameterIndex(Vdbe*, const char*, int);
 19279  19331   SQLITE_PRIVATE int sqlite3TransferBindings(sqlite3_stmt *, sqlite3_stmt *);
 19280  19332   SQLITE_PRIVATE void sqlite3ParserReset(Parse*);
 19281  19333   #ifdef SQLITE_ENABLE_NORMALIZE
 19282         -SQLITE_PRIVATE void sqlite3Normalize(Vdbe*, const char*, int, u8);
        19334  +SQLITE_PRIVATE char *sqlite3Normalize(Vdbe*, const char*);
 19283  19335   #endif
 19284  19336   SQLITE_PRIVATE int sqlite3Reprepare(Vdbe*);
 19285  19337   SQLITE_PRIVATE void sqlite3ExprListCheckLength(Parse*, ExprList*, const char*);
 19286  19338   SQLITE_PRIVATE CollSeq *sqlite3BinaryCompareCollSeq(Parse *, Expr *, Expr *);
 19287  19339   SQLITE_PRIVATE int sqlite3TempInMemory(const sqlite3*);
 19288  19340   SQLITE_PRIVATE const char *sqlite3JournalModename(int);
 19289  19341   #ifndef SQLITE_OMIT_WAL
................................................................................
 19371  19423   #define IN_INDEX_NOOP         5   /* No table available. Use comparisons */
 19372  19424   /*
 19373  19425   ** Allowed flags for the 3rd parameter to sqlite3FindInIndex().
 19374  19426   */
 19375  19427   #define IN_INDEX_NOOP_OK     0x0001  /* OK to return IN_INDEX_NOOP */
 19376  19428   #define IN_INDEX_MEMBERSHIP  0x0002  /* IN operator used for membership test */
 19377  19429   #define IN_INDEX_LOOP        0x0004  /* IN operator used as a loop */
 19378         -SQLITE_PRIVATE int sqlite3FindInIndex(Parse *, Expr *, u32, int*, int*);
        19430  +SQLITE_PRIVATE int sqlite3FindInIndex(Parse *, Expr *, u32, int*, int*, int*);
 19379  19431   
 19380  19432   SQLITE_PRIVATE int sqlite3JournalOpen(sqlite3_vfs *, const char *, sqlite3_file *, int, int);
 19381  19433   SQLITE_PRIVATE int sqlite3JournalSize(sqlite3_vfs *);
 19382  19434   #if defined(SQLITE_ENABLE_ATOMIC_WRITE) \
 19383  19435    || defined(SQLITE_ENABLE_BATCH_ATOMIC_WRITE)
 19384  19436   SQLITE_PRIVATE   int sqlite3JournalCreate(sqlite3_file *);
 19385  19437   #endif
................................................................................
 19687  19739   ** sqlite3_db_config(db, SQLITE_DBCONFIG_LOOKASIDE);
 19688  19740   */
 19689  19741   #ifndef SQLITE_DEFAULT_LOOKASIDE
 19690  19742   # define SQLITE_DEFAULT_LOOKASIDE 1200,100
 19691  19743   #endif
 19692  19744   
 19693  19745   
        19746  +/* The default maximum size of an in-memory database created using
        19747  +** sqlite3_deserialize()
        19748  +*/
        19749  +#ifndef SQLITE_MEMDB_DEFAULT_MAXSIZE
        19750  +# define SQLITE_MEMDB_DEFAULT_MAXSIZE 1073741824
        19751  +#endif
        19752  +
 19694  19753   /*
 19695  19754   ** The following singleton contains the global configuration for
 19696  19755   ** the SQLite library.
 19697  19756   */
 19698  19757   SQLITE_PRIVATE SQLITE_WSD struct Sqlite3Config sqlite3Config = {
 19699  19758      SQLITE_DEFAULT_MEMSTATUS,  /* bMemstat */
 19700  19759      1,                         /* bCoreMutex */
................................................................................
 19734  19793      0,                         /* xSqllog */
 19735  19794      0,                         /* pSqllogArg */
 19736  19795   #endif
 19737  19796   #ifdef SQLITE_VDBE_COVERAGE
 19738  19797      0,                         /* xVdbeBranch */
 19739  19798      0,                         /* pVbeBranchArg */
 19740  19799   #endif
        19800  +#ifdef SQLITE_ENABLE_DESERIALIZE
        19801  +   SQLITE_MEMDB_DEFAULT_MAXSIZE,   /* mxMemdbSize */
        19802  +#endif
 19741  19803   #ifndef SQLITE_UNTESTABLE
 19742  19804      0,                         /* xTestCallback */
 19743  19805   #endif
 19744  19806      0,                         /* bLocaltimeFault */
 19745  19807      0,                         /* bInternalFunctions */
 19746  19808      0x7ffffffe,                /* iOnceResetThreshold */
 19747         -   SQLITE_DEFAULT_SORTERREF_SIZE   /* szSorterRef */
        19809  +   SQLITE_DEFAULT_SORTERREF_SIZE,   /* szSorterRef */
 19748  19810   };
 19749  19811   
 19750  19812   /*
 19751  19813   ** Hash table for global functions - functions common to all
 19752  19814   ** database connections.  After initialization, this table is
 19753  19815   ** read-only.
 19754  19816   */
................................................................................
 20159  20221   };
 20160  20222   
 20161  20223   /* A bitfield type for use inside of structures.  Always follow with :N where
 20162  20224   ** N is the number of bits.
 20163  20225   */
 20164  20226   typedef unsigned bft;  /* Bit Field Type */
 20165  20227   
        20228  +/* The ScanStatus object holds a single value for the
        20229  +** sqlite3_stmt_scanstatus() interface.
        20230  +*/
 20166  20231   typedef struct ScanStatus ScanStatus;
 20167  20232   struct ScanStatus {
 20168  20233     int addrExplain;                /* OP_Explain for loop */
 20169  20234     int addrLoop;                   /* Address of "loops" counter */
 20170  20235     int addrVisit;                  /* Address of "rows visited" counter */
 20171  20236     int iSelectID;                  /* The "Select-ID" for this loop */
 20172  20237     LogEst nEst;                    /* Estimated output rows per loop */
 20173  20238     char *zName;                    /* Name of table or index */
 20174  20239   };
        20240  +
        20241  +/* The DblquoteStr object holds the text of a double-quoted
        20242  +** string for a prepared statement.  A linked list of these objects
        20243  +** is constructed during statement parsing and is held on Vdbe.pDblStr.
        20244  +** When computing a normalized SQL statement for an SQL statement, that
        20245  +** list is consulted for each double-quoted identifier to see if the
        20246  +** identifier should really be a string literal.
        20247  +*/
        20248  +typedef struct DblquoteStr DblquoteStr;
        20249  +struct DblquoteStr {
        20250  +  DblquoteStr *pNextStr;   /* Next string literal in the list */
        20251  +  char z[8];               /* Dequoted value for the string */
        20252  +};
 20175  20253   
 20176  20254   /*
 20177  20255   ** An instance of the virtual machine.  This structure contains the complete
 20178  20256   ** state of the virtual machine.
 20179  20257   **
 20180  20258   ** The "sqlite3_stmt" structure pointer that is returned by sqlite3_prepare()
 20181  20259   ** is really a pointer to an instance of this structure.
................................................................................
 20188  20266     u32 magic;              /* Magic number for sanity checking */
 20189  20267     int nMem;               /* Number of memory locations currently allocated */
 20190  20268     int nCursor;            /* Number of slots in apCsr[] */
 20191  20269     u32 cacheCtr;           /* VdbeCursor row cache generation counter */
 20192  20270     int pc;                 /* The program counter */
 20193  20271     int rc;                 /* Value to return */
 20194  20272     int nChange;            /* Number of db changes made since last reset */
 20195         -  int iStatement;         /* Statement number (or 0 if has not opened stmt) */
        20273  +  int iStatement;         /* Statement number (or 0 if has no opened stmt) */
 20196  20274     i64 iCurrentTime;       /* Value of julianday('now') for this statement */
 20197  20275     i64 nFkConstraint;      /* Number of imm. FK constraints this VM */
 20198  20276     i64 nStmtDefCons;       /* Number of def. constraints when stmt started */
 20199  20277     i64 nStmtDefImmCons;    /* Number of def. imm constraints when stmt started */
        20278  +  Mem *aMem;              /* The memory locations */
        20279  +  Mem **apArg;            /* Arguments to currently executing user function */
        20280  +  VdbeCursor **apCsr;     /* One element of this array for each open cursor */
        20281  +  Mem *aVar;              /* Values for the OP_Variable opcode. */
 20200  20282   
 20201  20283     /* When allocating a new Vdbe object, all of the fields below should be
 20202  20284     ** initialized to zero or NULL */
 20203  20285   
 20204  20286     Op *aOp;                /* Space to hold the virtual machine's program */
 20205         -  Mem *aMem;              /* The memory locations */
 20206         -  Mem **apArg;            /* Arguments to currently executing user function */
        20287  +  int nOp;                /* Number of instructions in the program */
        20288  +  int nOpAlloc;           /* Slots allocated for aOp[] */
 20207  20289     Mem *aColName;          /* Column names to return */
 20208  20290     Mem *pResultSet;        /* Pointer to an array of results */
 20209  20291     char *zErrMsg;          /* Error message written here */
 20210         -  VdbeCursor **apCsr;     /* One element of this array for each open cursor */
 20211         -  Mem *aVar;              /* Values for the OP_Variable opcode. */
 20212  20292     VList *pVList;          /* Name of variables */
 20213  20293   #ifndef SQLITE_OMIT_TRACE
 20214  20294     i64 startTime;          /* Time when query started - used for profiling */
 20215  20295   #endif
 20216         -  int nOp;                /* Number of instructions in the program */
 20217  20296   #ifdef SQLITE_DEBUG
 20218  20297     int rcApp;              /* errcode set by sqlite3_result_error_code() */
 20219  20298     u32 nWrite;             /* Number of write operations that have occurred */
 20220  20299   #endif
 20221  20300     u16 nResColumn;         /* Number of columns in one row of the result set */
 20222  20301     u8 errorAction;         /* Recovery action to do in case of an error */
 20223  20302     u8 minWriteFileFormat;  /* Minimum file format for writable database files */
................................................................................
 20232  20311     bft bIsReader:1;        /* True for statements that read */
 20233  20312     yDbMask btreeMask;      /* Bitmask of db->aDb[] entries referenced */
 20234  20313     yDbMask lockMask;       /* Subset of btreeMask that requires a lock */
 20235  20314     u32 aCounter[7];        /* Counters used by sqlite3_stmt_status() */
 20236  20315     char *zSql;             /* Text of the SQL statement that generated this */
 20237  20316   #ifdef SQLITE_ENABLE_NORMALIZE
 20238  20317     char *zNormSql;         /* Normalization of the associated SQL statement */
        20318  +  DblquoteStr *pDblStr;   /* List of double-quoted string literals */
 20239  20319   #endif
 20240  20320     void *pFree;            /* Free this when deleting the vdbe */
 20241  20321     VdbeFrame *pFrame;      /* Parent frame */
 20242  20322     VdbeFrame *pDelFrame;   /* List of frame objects to free on VM reset */
 20243  20323     int nFrame;             /* Number of frames in pFrame list */
 20244  20324     u32 expmask;            /* Binding to these vars invalidates VM */
 20245  20325     SubProgram *pProgram;   /* Linked list of all sub-programs used by VM */
................................................................................
 27249  27329     return sqlite3_value_double(p->apArg[p->nUsed++]);
 27250  27330   }
 27251  27331   static char *getTextArg(PrintfArguments *p){
 27252  27332     if( p->nArg<=p->nUsed ) return 0;
 27253  27333     return (char*)sqlite3_value_text(p->apArg[p->nUsed++]);
 27254  27334   }
 27255  27335   
        27336  +/*
        27337  +** Allocate memory for a temporary buffer needed for printf rendering.
        27338  +**
        27339  +** If the requested size of the temp buffer is larger than the size
        27340  +** of the output buffer in pAccum, then cause an SQLITE_TOOBIG error.
        27341  +** Do the size check before the memory allocation to prevent rogue
        27342  +** SQL from requesting large allocations using the precision or width
        27343  +** field of the printf() function.
        27344  +*/
        27345  +static char *printfTempBuf(sqlite3_str *pAccum, sqlite3_int64 n){
        27346  +  char *z;
        27347  +  if( n>pAccum->nAlloc && n>pAccum->mxAlloc ){
        27348  +    setStrAccumError(pAccum, SQLITE_TOOBIG);
        27349  +    return 0;
        27350  +  }
        27351  +  z = sqlite3DbMallocRaw(pAccum->db, n);
        27352  +  if( z==0 ){
        27353  +    setStrAccumError(pAccum, SQLITE_NOMEM);
        27354  +  }
        27355  +  return z;
        27356  +}
 27256  27357   
 27257  27358   /*
 27258  27359   ** On machines with a small stack size, you can redefine the
 27259  27360   ** SQLITE_PRINT_BUF_SIZE to be something smaller, if desired.
 27260  27361   */
 27261  27362   #ifndef SQLITE_PRINT_BUF_SIZE
 27262  27363   # define SQLITE_PRINT_BUF_SIZE 70
................................................................................
 27331  27432         sqlite3_str_append(pAccum, "%", 1);
 27332  27433         break;
 27333  27434       }
 27334  27435       /* Find out what flags are present */
 27335  27436       flag_leftjustify = flag_prefix = cThousand =
 27336  27437        flag_alternateform = flag_altform2 = flag_zeropad = 0;
 27337  27438       done = 0;
        27439  +    width = 0;
        27440  +    flag_long = 0;
        27441  +    precision = -1;
 27338  27442       do{
 27339  27443         switch( c ){
 27340  27444           case '-':   flag_leftjustify = 1;     break;
 27341  27445           case '+':   flag_prefix = '+';        break;
 27342  27446           case ' ':   flag_prefix = ' ';        break;
 27343  27447           case '#':   flag_alternateform = 1;   break;
 27344  27448           case '!':   flag_altform2 = 1;        break;
 27345  27449           case '0':   flag_zeropad = 1;         break;
 27346  27450           case ',':   cThousand = ',';          break;
 27347  27451           default:    done = 1;                 break;
        27452  +        case 'l': {
        27453  +          flag_long = 1;
        27454  +          c = *++fmt;
        27455  +          if( c=='l' ){
        27456  +            c = *++fmt;
        27457  +            flag_long = 2;
        27458  +          }
        27459  +          done = 1;
        27460  +          break;
        27461  +        }
        27462  +        case '1': case '2': case '3': case '4': case '5':
        27463  +        case '6': case '7': case '8': case '9': {
        27464  +          unsigned wx = c - '0';
        27465  +          while( (c = *++fmt)>='0' && c<='9' ){
        27466  +            wx = wx*10 + c - '0';
        27467  +          }
        27468  +          testcase( wx>0x7fffffff );
        27469  +          width = wx & 0x7fffffff;
        27470  +#ifdef SQLITE_PRINTF_PRECISION_LIMIT
        27471  +          if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
        27472  +            width = SQLITE_PRINTF_PRECISION_LIMIT;
        27473  +          }
        27474  +#endif
        27475  +          if( c!='.' && c!='l' ){
        27476  +            done = 1;
        27477  +          }else{
        27478  +            fmt--;
        27479  +          }
        27480  +          break;
        27481  +        }
        27482  +        case '*': {
        27483  +          if( bArgList ){
        27484  +            width = (int)getIntArg(pArgList);
        27485  +          }else{
        27486  +            width = va_arg(ap,int);
        27487  +          }
        27488  +          if( width<0 ){
        27489  +            flag_leftjustify = 1;
        27490  +            width = width >= -2147483647 ? -width : 0;
        27491  +          }
        27492  +#ifdef SQLITE_PRINTF_PRECISION_LIMIT
        27493  +          if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
        27494  +            width = SQLITE_PRINTF_PRECISION_LIMIT;
        27495  +          }
        27496  +#endif
        27497  +          if( (c = fmt[1])!='.' && c!='l' ){
        27498  +            c = *++fmt;
        27499  +            done = 1;
        27500  +          }
        27501  +          break;
        27502  +        }
        27503  +        case '.': {
        27504  +          c = *++fmt;
        27505  +          if( c=='*' ){
        27506  +            if( bArgList ){
        27507  +              precision = (int)getIntArg(pArgList);
        27508  +            }else{
        27509  +              precision = va_arg(ap,int);
        27510  +            }
        27511  +            if( precision<0 ){
        27512  +              precision = precision >= -2147483647 ? -precision : -1;
        27513  +            }
        27514  +            c = *++fmt;
        27515  +          }else{
        27516  +            unsigned px = 0;
        27517  +            while( c>='0' && c<='9' ){
        27518  +              px = px*10 + c - '0';
        27519  +              c = *++fmt;
        27520  +            }
        27521  +            testcase( px>0x7fffffff );
        27522  +            precision = px & 0x7fffffff;
        27523  +          }
        27524  +#ifdef SQLITE_PRINTF_PRECISION_LIMIT
        27525  +          if( precision>SQLITE_PRINTF_PRECISION_LIMIT ){
        27526  +            precision = SQLITE_PRINTF_PRECISION_LIMIT;
        27527  +          }
        27528  +#endif
        27529  +          if( c=='l' ){
        27530  +            --fmt;
        27531  +          }else{
        27532  +            done = 1;
        27533  +          }
        27534  +          break;
        27535  +        }
 27348  27536         }
 27349  27537       }while( !done && (c=(*++fmt))!=0 );
 27350         -    /* Get the field width */
 27351         -    if( c=='*' ){
 27352         -      if( bArgList ){
 27353         -        width = (int)getIntArg(pArgList);
 27354         -      }else{
 27355         -        width = va_arg(ap,int);
 27356         -      }
 27357         -      if( width<0 ){
 27358         -        flag_leftjustify = 1;
 27359         -        width = width >= -2147483647 ? -width : 0;
 27360         -      }
 27361         -      c = *++fmt;
 27362         -    }else{
 27363         -      unsigned wx = 0;
 27364         -      while( c>='0' && c<='9' ){
 27365         -        wx = wx*10 + c - '0';
 27366         -        c = *++fmt;
 27367         -      }
 27368         -      testcase( wx>0x7fffffff );
 27369         -      width = wx & 0x7fffffff;
 27370         -    }
 27371         -    assert( width>=0 );
 27372         -#ifdef SQLITE_PRINTF_PRECISION_LIMIT
 27373         -    if( width>SQLITE_PRINTF_PRECISION_LIMIT ){
 27374         -      width = SQLITE_PRINTF_PRECISION_LIMIT;
 27375         -    }
 27376         -#endif
 27377  27538   
 27378         -    /* Get the precision */
 27379         -    if( c=='.' ){
 27380         -      c = *++fmt;
 27381         -      if( c=='*' ){
 27382         -        if( bArgList ){
 27383         -          precision = (int)getIntArg(pArgList);
 27384         -        }else{
 27385         -          precision = va_arg(ap,int);
 27386         -        }
 27387         -        c = *++fmt;
 27388         -        if( precision<0 ){
 27389         -          precision = precision >= -2147483647 ? -precision : -1;
 27390         -        }
 27391         -      }else{
 27392         -        unsigned px = 0;
 27393         -        while( c>='0' && c<='9' ){
 27394         -          px = px*10 + c - '0';
 27395         -          c = *++fmt;
 27396         -        }
 27397         -        testcase( px>0x7fffffff );
 27398         -        precision = px & 0x7fffffff;
 27399         -      }
 27400         -    }else{
 27401         -      precision = -1;
 27402         -    }
 27403         -    assert( precision>=(-1) );
 27404         -#ifdef SQLITE_PRINTF_PRECISION_LIMIT
 27405         -    if( precision>SQLITE_PRINTF_PRECISION_LIMIT ){
 27406         -      precision = SQLITE_PRINTF_PRECISION_LIMIT;
 27407         -    }
 27408         -#endif
 27409         -
 27410         -
 27411         -    /* Get the conversion type modifier */
 27412         -    if( c=='l' ){
 27413         -      flag_long = 1;
 27414         -      c = *++fmt;
 27415         -      if( c=='l' ){
 27416         -        flag_long = 2;
 27417         -        c = *++fmt;
 27418         -      }
 27419         -    }else{
 27420         -      flag_long = 0;
 27421         -    }
 27422  27539       /* Fetch the info entry for the field */
 27423  27540       infop = &fmtinfo[0];
 27424  27541       xtype = etINVALID;
 27425  27542       for(idx=0; idx<ArraySize(fmtinfo); idx++){
 27426  27543         if( c==fmtinfo[idx].fmttype ){
 27427  27544           infop = &fmtinfo[idx];
 27428  27545           xtype = infop->type;
................................................................................
 27499  27616           if( flag_zeropad && precision<width-(prefix!=0) ){
 27500  27617             precision = width-(prefix!=0);
 27501  27618           }
 27502  27619           if( precision<etBUFSIZE-10-etBUFSIZE/3 ){
 27503  27620             nOut = etBUFSIZE;
 27504  27621             zOut = buf;
 27505  27622           }else{
 27506         -          u64 n = (u64)precision + 10 + precision/3;
 27507         -          zOut = zExtra = sqlite3Malloc( n );
 27508         -          if( zOut==0 ){
 27509         -            setStrAccumError(pAccum, SQLITE_NOMEM);
 27510         -            return;
 27511         -          }
        27623  +          u64 n;
        27624  +          n = (u64)precision + 10;
        27625  +          if( cThousand ) n += precision/3;
        27626  +          zOut = zExtra = printfTempBuf(pAccum, n);
        27627  +          if( zOut==0 ) return;
 27512  27628             nOut = (int)n;
 27513  27629           }
 27514  27630           bufpt = &zOut[nOut-1];
 27515  27631           if( xtype==etORDINAL ){
 27516  27632             static const char zOrd[] = "thstndrd";
 27517  27633             int x = (int)(longvalue % 10);
 27518  27634             if( x>=4 || (longvalue/10)%10==1 ){
................................................................................
 27623  27739             flag_rtz = flag_altform2;
 27624  27740           }
 27625  27741           if( xtype==etEXP ){
 27626  27742             e2 = 0;
 27627  27743           }else{
 27628  27744             e2 = exp;
 27629  27745           }
 27630         -        if( MAX(e2,0)+(i64)precision+(i64)width > etBUFSIZE - 15 ){
 27631         -          bufpt = zExtra 
 27632         -              = sqlite3Malloc( MAX(e2,0)+(i64)precision+(i64)width+15 );
 27633         -          if( bufpt==0 ){
 27634         -            setStrAccumError(pAccum, SQLITE_NOMEM);
 27635         -            return;
        27746  +        {
        27747  +          i64 szBufNeeded;           /* Size of a temporary buffer needed */
        27748  +          szBufNeeded = MAX(e2,0)+(i64)precision+(i64)width+15;
        27749  +          if( szBufNeeded > etBUFSIZE ){
        27750  +            bufpt = zExtra = printfTempBuf(pAccum, szBufNeeded);
        27751  +            if( bufpt==0 ) return;
 27636  27752             }
 27637  27753           }
 27638  27754           zOut = bufpt;
 27639  27755           nsd = 16 + flag_altform2*10;
 27640  27756           flag_dp = (precision>0 ?1:0) | flag_alternateform | flag_altform2;
 27641  27757           /* The sign in front of the number */
 27642  27758           if( prefix ){
................................................................................
 27852  27968             if( flag_altform2 && (ch&0xc0)==0xc0 ){
 27853  27969               while( (escarg[i+1]&0xc0)==0x80 ){ i++; }
 27854  27970             }
 27855  27971           }
 27856  27972           needQuote = !isnull && xtype==etSQLESCAPE2;
 27857  27973           n += i + 3;
 27858  27974           if( n>etBUFSIZE ){
 27859         -          bufpt = zExtra = sqlite3Malloc( n );
 27860         -          if( bufpt==0 ){
 27861         -            setStrAccumError(pAccum, SQLITE_NOMEM);
 27862         -            return;
 27863         -          }
        27975  +          bufpt = zExtra = printfTempBuf(pAccum, n);
        27976  +          if( bufpt==0 ) return;
 27864  27977           }else{
 27865  27978             bufpt = buf;
 27866  27979           }
 27867  27980           j = 0;
 27868  27981           if( needQuote ) bufpt[j++] = q;
 27869  27982           k = i;
 27870  27983           for(i=0; i<k; i++){
................................................................................
 28482  28595       sqlite3_str_appendf(&x, "{%d,*}", pItem->iCursor);
 28483  28596       if( pItem->zDatabase ){
 28484  28597         sqlite3_str_appendf(&x, " %s.%s", pItem->zDatabase, pItem->zName);
 28485  28598       }else if( pItem->zName ){
 28486  28599         sqlite3_str_appendf(&x, " %s", pItem->zName);
 28487  28600       }
 28488  28601       if( pItem->pTab ){
 28489         -      sqlite3_str_appendf(&x, " tabname=%Q", pItem->pTab->zName);
        28602  +      sqlite3_str_appendf(&x, " tab=%Q nCol=%d ptr=%p",
        28603  +           pItem->pTab->zName, pItem->pTab->nCol, pItem->pTab);
 28490  28604       }
 28491  28605       if( pItem->zAlias ){
 28492  28606         sqlite3_str_appendf(&x, " (AS %s)", pItem->zAlias);
 28493  28607       }
 28494  28608       if( pItem->fg.jointype & JT_LEFT ){
 28495  28609         sqlite3_str_appendf(&x, " LEFT-JOIN");
 28496  28610       }
................................................................................
 30222  30336   ** The input string must be zero-terminated.  A new zero-terminator
 30223  30337   ** is added to the dequoted string.
 30224  30338   **
 30225  30339   ** The return value is -1 if no dequoting occurs or the length of the
 30226  30340   ** dequoted string, exclusive of the zero terminator, if dequoting does
 30227  30341   ** occur.
 30228  30342   **
 30229         -** 2002-Feb-14: This routine is extended to remove MS-Access style
        30343  +** 2002-02-14: This routine is extended to remove MS-Access style
 30230  30344   ** brackets from around identifiers.  For example:  "[a-b-c]" becomes
 30231  30345   ** "a-b-c".
 30232  30346   */
 30233  30347   SQLITE_PRIVATE void sqlite3Dequote(char *z){
 30234  30348     char quote;
 30235  30349     int i, j;
 30236  30350     if( z==0 ) return;
................................................................................
 30247  30361           break;
 30248  30362         }
 30249  30363       }else{
 30250  30364         z[j++] = z[i];
 30251  30365       }
 30252  30366     }
 30253  30367     z[j] = 0;
        30368  +}
        30369  +SQLITE_PRIVATE void sqlite3DequoteExpr(Expr *p){
        30370  +  assert( sqlite3Isquote(p->u.zToken[0]) );
        30371  +  p->flags |= p->u.zToken[0]=='"' ? EP_Quoted|EP_DblQuoted : EP_Quoted;
        30372  +  sqlite3Dequote(p->u.zToken);
 30254  30373   }
 30255  30374   
 30256  30375   /*
 30257  30376   ** Generate a Token object from a string
 30258  30377   */
 30259  30378   SQLITE_PRIVATE void sqlite3TokenInit(Token *p, char *z){
 30260  30379     p->z = z;
................................................................................
 31675  31794       ** 0x9e3779b1 is 2654435761 which is the closest prime number to
 31676  31795       ** (2**32)*golden_ratio, where golden_ratio = (sqrt(5) - 1)/2. */
 31677  31796       h += sqlite3UpperToLower[c];
 31678  31797       h *= 0x9e3779b1;
 31679  31798     }
 31680  31799     return h;
 31681  31800   }
 31682         -#ifdef SQLITE_ENABLE_NORMALIZE
 31683         -static unsigned int strHashN(const char *z, int n){
 31684         -  unsigned int h = 0;
 31685         -  int i;
 31686         -  for(i=0; i<n; i++){
 31687         -    /* Knuth multiplicative hashing.  (Sorting & Searching, p. 510).
 31688         -    ** 0x9e3779b1 is 2654435761 which is the closest prime number to
 31689         -    ** (2**32)*golden_ratio, where golden_ratio = (sqrt(5) - 1)/2. */
 31690         -    h += sqlite3UpperToLower[z[i]];
 31691         -    h *= 0x9e3779b1;
 31692         -  }
 31693         -  return h;
 31694         -}
 31695         -#endif /* SQLITE_ENABLE_NORMALIZE */
 31696  31801   
 31697  31802   
 31698  31803   /* Link pNew element into the hash table pH.  If pEntry!=0 then also
 31699  31804   ** insert pNew into the pEntry hash bucket.
 31700  31805   */
 31701  31806   static void insertElement(
 31702  31807     Hash *pH,              /* The complete hash table */
................................................................................
 31800  31905       if( sqlite3StrICmp(elem->pKey,pKey)==0 ){ 
 31801  31906         return elem;
 31802  31907       }
 31803  31908       elem = elem->next;
 31804  31909     }
 31805  31910     return &nullElement;
 31806  31911   }
 31807         -#ifdef SQLITE_ENABLE_NORMALIZE
 31808         -static HashElem *findElementWithHashN(
 31809         -  const Hash *pH,     /* The pH to be searched */
 31810         -  const char *pKey,   /* The key we are searching for */
 31811         -  int nKey,           /* Number of key bytes to use */
 31812         -  unsigned int *pHash /* Write the hash value here */
 31813         -){
 31814         -  HashElem *elem;                /* Used to loop thru the element list */
 31815         -  int count;                     /* Number of elements left to test */
 31816         -  unsigned int h;                /* The computed hash */
 31817         -  static HashElem nullElement = { 0, 0, 0, 0 };
 31818         -
 31819         -  if( pH->ht ){   /*OPTIMIZATION-IF-TRUE*/
 31820         -    struct _ht *pEntry;
 31821         -    h = strHashN(pKey, nKey) % pH->htsize;
 31822         -    pEntry = &pH->ht[h];
 31823         -    elem = pEntry->chain;
 31824         -    count = pEntry->count;
 31825         -  }else{
 31826         -    h = 0;
 31827         -    elem = pH->first;
 31828         -    count = pH->count;
 31829         -  }
 31830         -  if( pHash ) *pHash = h;
 31831         -  while( count-- ){
 31832         -    assert( elem!=0 );
 31833         -    if( sqlite3StrNICmp(elem->pKey,pKey,nKey)==0 ){ 
 31834         -      return elem;
 31835         -    }
 31836         -    elem = elem->next;
 31837         -  }
 31838         -  return &nullElement;
 31839         -}
 31840         -#endif /* SQLITE_ENABLE_NORMALIZE */
 31841  31912   
 31842  31913   /* Remove a single entry from the hash table given a pointer to that
 31843  31914   ** element and a hash on the element's key.
 31844  31915   */
 31845  31916   static void removeElementGivenHash(
 31846  31917     Hash *pH,         /* The pH containing "elem" */
 31847  31918     HashElem* elem,   /* The element to be removed from the pH */
................................................................................
 31878  31949   ** found, or NULL if there is no match.
 31879  31950   */
 31880  31951   SQLITE_PRIVATE void *sqlite3HashFind(const Hash *pH, const char *pKey){
 31881  31952     assert( pH!=0 );
 31882  31953     assert( pKey!=0 );
 31883  31954     return findElementWithHash(pH, pKey, 0)->data;
 31884  31955   }
 31885         -#ifdef SQLITE_ENABLE_NORMALIZE
 31886         -SQLITE_PRIVATE void *sqlite3HashFindN(const Hash *pH, const char *pKey, int nKey){
 31887         -  assert( pH!=0 );
 31888         -  assert( pKey!=0 );
 31889         -  assert( nKey>=0 );
 31890         -  return findElementWithHashN(pH, pKey, nKey, 0)->data;
 31891         -}
 31892         -#endif /* SQLITE_ENABLE_NORMALIZE */
 31893  31956   
 31894  31957   /* Insert an element into the hash table pH.  The key is pKey
 31895  31958   ** and the data is "data".
 31896  31959   **
 31897  31960   ** If no element exists with a matching key, then a new
 31898  31961   ** element is created and NULL is returned.
 31899  31962   **
................................................................................
 46573  46636   */
 46574  46637   #define ORIGVFS(p) ((sqlite3_vfs*)((p)->pAppData))
 46575  46638   
 46576  46639   /* An open file */
 46577  46640   struct MemFile {
 46578  46641     sqlite3_file base;              /* IO methods */
 46579  46642     sqlite3_int64 sz;               /* Size of the file */
 46580         -  sqlite3_int64 szMax;            /* Space allocated to aData */
        46643  +  sqlite3_int64 szAlloc;          /* Space allocated to aData */
        46644  +  sqlite3_int64 szMax;            /* Maximum allowed size of the file */
 46581  46645     unsigned char *aData;           /* content of the file */
 46582  46646     int nMmap;                      /* Number of memory mapped pages */
 46583  46647     unsigned mFlags;                /* Flags */
 46584  46648     int eLock;                      /* Most recent lock against this file */
 46585  46649   };
 46586  46650   
 46587  46651   /*
................................................................................
 46699  46763   ** Try to enlarge the memory allocation to hold at least sz bytes
 46700  46764   */
 46701  46765   static int memdbEnlarge(MemFile *p, sqlite3_int64 newSz){
 46702  46766     unsigned char *pNew;
 46703  46767     if( (p->mFlags & SQLITE_DESERIALIZE_RESIZEABLE)==0 || p->nMmap>0 ){
 46704  46768       return SQLITE_FULL;
 46705  46769     }
        46770  +  if( newSz>p->szMax ){
        46771  +    return SQLITE_FULL;
        46772  +  }
        46773  +  newSz *= 2;
        46774  +  if( newSz>p->szMax ) newSz = p->szMax;
 46706  46775     pNew = sqlite3_realloc64(p->aData, newSz);
 46707  46776     if( pNew==0 ) return SQLITE_NOMEM;
 46708  46777     p->aData = pNew;
 46709         -  p->szMax = newSz;
        46778  +  p->szAlloc = newSz;
 46710  46779     return SQLITE_OK;
 46711  46780   }
 46712  46781   
 46713  46782   /*
 46714  46783   ** Write data to an memdb-file.
 46715  46784   */
 46716  46785   static int memdbWrite(
 46717  46786     sqlite3_file *pFile,
 46718  46787     const void *z,
 46719  46788     int iAmt,
 46720  46789     sqlite_int64 iOfst
 46721  46790   ){
 46722  46791     MemFile *p = (MemFile *)pFile;
        46792  +  if( NEVER(p->mFlags & SQLITE_DESERIALIZE_READONLY) ) return SQLITE_READONLY;
 46723  46793     if( iOfst+iAmt>p->sz ){
 46724  46794       int rc;
 46725         -    if( iOfst+iAmt>p->szMax
 46726         -     && (rc = memdbEnlarge(p, (iOfst+iAmt)*2))!=SQLITE_OK
        46795  +    if( iOfst+iAmt>p->szAlloc
        46796  +     && (rc = memdbEnlarge(p, iOfst+iAmt))!=SQLITE_OK
 46727  46797       ){
 46728  46798         return rc;
 46729  46799       }
 46730  46800       if( iOfst>p->sz ) memset(p->aData+p->sz, 0, iOfst-p->sz);
 46731  46801       p->sz = iOfst+iAmt;
 46732  46802     }
 46733  46803     memcpy(p->aData+iOfst, z, iAmt);
................................................................................
 46765  46835   }
 46766  46836   
 46767  46837   /*
 46768  46838   ** Lock an memdb-file.
 46769  46839   */
 46770  46840   static int memdbLock(sqlite3_file *pFile, int eLock){
 46771  46841     MemFile *p = (MemFile *)pFile;
        46842  +  if( eLock>SQLITE_LOCK_SHARED 
        46843  +   && (p->mFlags & SQLITE_DESERIALIZE_READONLY)!=0
        46844  +  ){
        46845  +    return SQLITE_READONLY;
        46846  +  }
 46772  46847     p->eLock = eLock;
 46773  46848     return SQLITE_OK;
 46774  46849   }
 46775  46850   
 46776  46851   #if 0 /* Never used because memdbAccess() always returns false */
 46777  46852   /*
 46778  46853   ** Check if another file-handle holds a RESERVED lock on an memdb-file.
................................................................................
 46788  46863   */
 46789  46864   static int memdbFileControl(sqlite3_file *pFile, int op, void *pArg){
 46790  46865     MemFile *p = (MemFile *)pFile;
 46791  46866     int rc = SQLITE_NOTFOUND;
 46792  46867     if( op==SQLITE_FCNTL_VFSNAME ){
 46793  46868       *(char**)pArg = sqlite3_mprintf("memdb(%p,%lld)", p->aData, p->sz);
 46794  46869       rc = SQLITE_OK;
        46870  +  }
        46871  +  if( op==SQLITE_FCNTL_SIZE_LIMIT ){
        46872  +    sqlite3_int64 iLimit = *(sqlite3_int64*)pArg;
        46873  +    if( iLimit<p->sz ){
        46874  +      if( iLimit<0 ){
        46875  +        iLimit = p->szMax;
        46876  +      }else{
        46877  +        iLimit = p->sz;
        46878  +      }
        46879  +    }
        46880  +    p->szMax = iLimit;
        46881  +    *(sqlite3_int64*)pArg = iLimit;
        46882  +    rc = SQLITE_OK;
 46795  46883     }
 46796  46884     return rc;
 46797  46885   }
 46798  46886   
 46799  46887   #if 0  /* Not used because of SQLITE_IOCAP_POWERSAFE_OVERWRITE */
 46800  46888   /*
 46801  46889   ** Return the sector-size in bytes for an memdb-file.
................................................................................
 46819  46907   static int memdbFetch(
 46820  46908     sqlite3_file *pFile,
 46821  46909     sqlite3_int64 iOfst,
 46822  46910     int iAmt,
 46823  46911     void **pp
 46824  46912   ){
 46825  46913     MemFile *p = (MemFile *)pFile;
 46826         -  p->nMmap++;
 46827         -  *pp = (void*)(p->aData + iOfst);
        46914  +  if( iOfst+iAmt>p->sz ){
        46915  +    *pp = 0;
        46916  +  }else{
        46917  +    p->nMmap++;
        46918  +    *pp = (void*)(p->aData + iOfst);
        46919  +  }
 46828  46920     return SQLITE_OK;
 46829  46921   }
 46830  46922   
 46831  46923   /* Release a memory-mapped page */
 46832  46924   static int memdbUnfetch(sqlite3_file *pFile, sqlite3_int64 iOfst, void *pPage){
 46833  46925     MemFile *p = (MemFile *)pFile;
 46834  46926     p->nMmap--;
................................................................................
 46850  46942       return ORIGVFS(pVfs)->xOpen(ORIGVFS(pVfs), zName, pFile, flags, pOutFlags);
 46851  46943     }
 46852  46944     memset(p, 0, sizeof(*p));
 46853  46945     p->mFlags = SQLITE_DESERIALIZE_RESIZEABLE | SQLITE_DESERIALIZE_FREEONCLOSE;
 46854  46946     assert( pOutFlags!=0 );  /* True because flags==SQLITE_OPEN_MAIN_DB */
 46855  46947     *pOutFlags = flags | SQLITE_OPEN_MEMORY;
 46856  46948     p->base.pMethods = &memdb_io_methods;
        46949  +  p->szMax = sqlite3GlobalConfig.mxMemdbSize;
 46857  46950     return SQLITE_OK;
 46858  46951   }
 46859  46952   
 46860  46953   #if 0 /* Only used to delete rollback journals, master journals, and WAL
 46861  46954         ** files, none of which exist in memdb.  So this routine is never used */
 46862  46955   /*
 46863  46956   ** Delete the file located at zPath. If the dirSync argument is true,
................................................................................
 47099  47192     }
 47100  47193     p = memdbFromDbSchema(db, zSchema);
 47101  47194     if( p==0 ){
 47102  47195       rc = SQLITE_ERROR;
 47103  47196     }else{
 47104  47197       p->aData = pData;
 47105  47198       p->sz = szDb;
        47199  +    p->szAlloc = szBuf;
 47106  47200       p->szMax = szBuf;
        47201  +    if( p->szMax<sqlite3GlobalConfig.mxMemdbSize ){
        47202  +      p->szMax = sqlite3GlobalConfig.mxMemdbSize;
        47203  +    }
 47107  47204       p->mFlags = mFlags;
 47108  47205       rc = SQLITE_OK;
 47109  47206     }
 47110  47207   
 47111  47208   end_deserialize:
 47112  47209     sqlite3_finalize(pStmt);
 47113  47210     sqlite3_mutex_leave(db->mutex);
................................................................................
 48530  48627     unsigned int iKey;             /* Key value (page number) */
 48531  48628     u8 isBulkLocal;                /* This page from bulk local storage */
 48532  48629     u8 isAnchor;                   /* This is the PGroup.lru element */
 48533  48630     PgHdr1 *pNext;                 /* Next in hash table chain */
 48534  48631     PCache1 *pCache;               /* Cache that currently owns this page */
 48535  48632     PgHdr1 *pLruNext;              /* Next in LRU list of unpinned pages */
 48536  48633     PgHdr1 *pLruPrev;              /* Previous in LRU list of unpinned pages */
        48634  +                                 /* NB: pLruPrev is only valid if pLruNext!=0 */
 48537  48635   };
 48538  48636   
 48539  48637   /*
 48540         -** A page is pinned if it is no on the LRU list
        48638  +** A page is pinned if it is not on the LRU list.  To be "pinned" means
        48639  +** that the page is in active use and must not be deallocated.
 48541  48640   */
 48542  48641   #define PAGE_IS_PINNED(p)    ((p)->pLruNext==0)
 48543  48642   #define PAGE_IS_UNPINNED(p)  ((p)->pLruNext!=0)
 48544  48643   
 48545  48644   /* Each page cache (or PCache) belongs to a PGroup.  A PGroup is a set 
 48546  48645   ** of one or more PCaches that are able to recycle each other's unpinned
 48547  48646   ** pages when they are under memory pressure.  A PGroup is an instance of
................................................................................
 48594  48693     int szExtra;                        /* sizeof(MemPage)+sizeof(PgHdr) */
 48595  48694     int szAlloc;                        /* Total size of one pcache line */
 48596  48695     int bPurgeable;                     /* True if cache is purgeable */
 48597  48696     unsigned int nMin;                  /* Minimum number of pages reserved */
 48598  48697     unsigned int nMax;                  /* Configured "cache_size" value */
 48599  48698     unsigned int n90pct;                /* nMax*9/10 */
 48600  48699     unsigned int iMaxKey;               /* Largest key seen since xTruncate() */
        48700  +  unsigned int nPurgeableDummy;       /* pnPurgeable points here when not used*/
 48601  48701   
 48602  48702     /* Hash table of all pages. The following variables may only be accessed
 48603  48703     ** when the accessor is holding the PGroup mutex.
 48604  48704     */
 48605  48705     unsigned int nRecyclable;           /* Number of pages in the LRU list */
 48606  48706     unsigned int nPage;                 /* Total number of pages in apHash */
 48607  48707     unsigned int nHash;                 /* Number of slots in apHash[] */
................................................................................
 48903  49003   
 48904  49004   /*
 48905  49005   ** Malloc function used by SQLite to obtain space from the buffer configured
 48906  49006   ** using sqlite3_config(SQLITE_CONFIG_PAGECACHE) option. If no such buffer
 48907  49007   ** exists, this function falls back to sqlite3Malloc().
 48908  49008   */
 48909  49009   SQLITE_PRIVATE void *sqlite3PageMalloc(int sz){
        49010  +  /* During rebalance operations on a corrupt database file, it is sometimes
        49011  +  ** (rarely) possible to overread the temporary page buffer by a few bytes.
        49012  +  ** Enlarge the allocation slightly so that this does not cause problems. */
 48910  49013     return pcache1Alloc(sz);
 48911  49014   }
 48912  49015   
 48913  49016   /*
 48914  49017   ** Free an allocated buffer obtained from sqlite3PageMalloc().
 48915  49018   */
 48916  49019   SQLITE_PRIVATE void sqlite3PageFree(void *p){
................................................................................
 48997  49100     assert( PAGE_IS_UNPINNED(pPage) );
 48998  49101     assert( pPage->pLruNext );
 48999  49102     assert( pPage->pLruPrev );
 49000  49103     assert( sqlite3_mutex_held(pPage->pCache->pGroup->mutex) );
 49001  49104     pPage->pLruPrev->pLruNext = pPage->pLruNext;
 49002  49105     pPage->pLruNext->pLruPrev = pPage->pLruPrev;
 49003  49106     pPage->pLruNext = 0;
 49004         -  pPage->pLruPrev = 0;
        49107  +  /* pPage->pLruPrev = 0;
        49108  +  ** No need to clear pLruPrev as it is never accessed if pLruNext is 0 */
 49005  49109     assert( pPage->isAnchor==0 );
 49006  49110     assert( pPage->pCache->pGroup->lru.isAnchor==1 );
 49007  49111     pPage->pCache->nRecyclable--;
 49008  49112     return pPage;
 49009  49113   }
 49010  49114   
 49011  49115   
................................................................................
 49207  49311       pcache1ResizeHash(pCache);
 49208  49312       if( bPurgeable ){
 49209  49313         pCache->nMin = 10;
 49210  49314         pGroup->nMinPage += pCache->nMin;
 49211  49315         pGroup->mxPinned = pGroup->nMaxPage + 10 - pGroup->nMinPage;
 49212  49316         pCache->pnPurgeable = &pGroup->nPurgeable;
 49213  49317       }else{
 49214         -      static unsigned int dummyCurrentPage;
 49215         -      pCache->pnPurgeable = &dummyCurrentPage;
        49318  +      pCache->pnPurgeable = &pCache->nPurgeableDummy;
 49216  49319       }
 49217  49320       pcache1LeaveMutex(pGroup);
 49218  49321       if( pCache->nHash==0 ){
 49219  49322         pcache1Destroy((sqlite3_pcache*)pCache);
 49220  49323         pCache = 0;
 49221  49324       }
 49222  49325     }
................................................................................
 49335  49438   
 49336  49439     if( pPage ){
 49337  49440       unsigned int h = iKey % pCache->nHash;
 49338  49441       pCache->nPage++;
 49339  49442       pPage->iKey = iKey;
 49340  49443       pPage->pNext = pCache->apHash[h];
 49341  49444       pPage->pCache = pCache;
 49342         -    pPage->pLruPrev = 0;
 49343  49445       pPage->pLruNext = 0;
        49446  +    /* pPage->pLruPrev = 0;
        49447  +    ** No need to clear pLruPrev since it is not accessed when pLruNext==0 */
 49344  49448       *(void **)pPage->page.pExtra = 0;
 49345  49449       pCache->apHash[h] = pPage;
 49346  49450       if( iKey>pCache->iMaxKey ){
 49347  49451         pCache->iMaxKey = iKey;
 49348  49452       }
 49349  49453     }
 49350  49454     return pPage;
................................................................................
 49496  49600    
 49497  49601     assert( pPage->pCache==pCache );
 49498  49602     pcache1EnterMutex(pGroup);
 49499  49603   
 49500  49604     /* It is an error to call this function if the page is already 
 49501  49605     ** part of the PGroup LRU list.
 49502  49606     */
 49503         -  assert( pPage->pLruPrev==0 && pPage->pLruNext==0 );
        49607  +  assert( pPage->pLruNext==0 );
 49504  49608     assert( PAGE_IS_PINNED(pPage) );
 49505  49609   
 49506  49610     if( reuseUnlikely || pGroup->nPurgeable>pGroup->nMaxPage ){
 49507  49611       pcache1RemoveFromHash(pPage, 1);
 49508  49612     }else{
 49509  49613       /* Add the page to the PGroup LRU list. */
 49510  49614       PgHdr1 **ppFirst = &pGroup->lru.pLruNext;
................................................................................
 54187  54291   ** Regardless of mxPage, return the current maximum page count.
 54188  54292   */
 54189  54293   SQLITE_PRIVATE int sqlite3PagerMaxPageCount(Pager *pPager, int mxPage){
 54190  54294     if( mxPage>0 ){
 54191  54295       pPager->mxPgno = mxPage;
 54192  54296     }
 54193  54297     assert( pPager->eState!=PAGER_OPEN );      /* Called only by OP_MaxPgcnt */
 54194         -  assert( pPager->mxPgno>=pPager->dbSize );  /* OP_MaxPgcnt enforces this */
        54298  +  /* assert( pPager->mxPgno>=pPager->dbSize ); */
        54299  +  /* OP_MaxPgcnt ensures that the parameter passed to this function is not
        54300  +  ** less than the total number of valid pages in the database. But this
        54301  +  ** may be less than Pager.dbSize, and so the assert() above is not valid */
 54195  54302     return pPager->mxPgno;
 54196  54303   }
 54197  54304   
 54198  54305   /*
 54199  54306   ** The following set of routines are used to disable the simulated
 54200  54307   ** I/O error mechanism.  These routines are used to avoid simulated
 54201  54308   ** errors in places where we do not care about errors.
................................................................................
 57380  57487   SQLITE_PRIVATE void sqlite3PagerSetCodec(
 57381  57488     Pager *pPager,
 57382  57489     void *(*xCodec)(void*,void*,Pgno,int),
 57383  57490     void (*xCodecSizeChng)(void*,int,int),
 57384  57491     void (*xCodecFree)(void*),
 57385  57492     void *pCodec
 57386  57493   ){
 57387         -  pager_reset(pPager);
 57388         -  if( pPager->xCodecFree ) pPager->xCodecFree(pPager->pCodec);
        57494  +  if( pPager->xCodecFree ){
        57495  +    pPager->xCodecFree(pPager->pCodec);
        57496  +  }else{
        57497  +    pager_reset(pPager);
        57498  +  }
 57389  57499     pPager->xCodec = pPager->memDb ? 0 : xCodec;
 57390  57500     pPager->xCodecSizeChng = xCodecSizeChng;
 57391  57501     pPager->xCodecFree = xCodecFree;
 57392  57502     pPager->pCodec = pCodec;
 57393  57503     setGetterMethod(pPager);
 57394  57504     pagerReportSize(pPager);
 57395  57505   }
................................................................................
 62423  62533   ** but cursors cannot be shared.  Each cursor is associated with a
 62424  62534   ** particular database connection identified BtCursor.pBtree.db.
 62425  62535   **
 62426  62536   ** Fields in this structure are accessed under the BtShared.mutex
 62427  62537   ** found at self->pBt->mutex. 
 62428  62538   **
 62429  62539   ** skipNext meaning:
 62430         -**    eState==SKIPNEXT && skipNext>0:  Next sqlite3BtreeNext() is no-op.
 62431         -**    eState==SKIPNEXT && skipNext<0:  Next sqlite3BtreePrevious() is no-op.
 62432         -**    eState==FAULT:                   Cursor fault with skipNext as error code.
        62540  +** The meaning of skipNext depends on the value of eState:
        62541  +**
        62542  +**   eState            Meaning of skipNext
        62543  +**   VALID             skipNext is meaningless and is ignored
        62544  +**   INVALID           skipNext is meaningless and is ignored
        62545  +**   SKIPNEXT          sqlite3BtreeNext() is a no-op if skipNext>0 and
        62546  +**                     sqlite3BtreePrevious() is no-op if skipNext<0.
        62547  +**   REQUIRESEEK       restoreCursorPosition() restores the cursor to
        62548  +**                     eState=SKIPNEXT if skipNext!=0
        62549  +**   FAULT             skipNext holds the cursor fault error code.
 62433  62550   */
 62434  62551   struct BtCursor {
 62435  62552     u8 eState;                /* One of the CURSOR_XXX constants (see below) */
 62436  62553     u8 curFlags;              /* zero or more BTCF_* flags defined below */
 62437  62554     u8 curPagerFlags;         /* Flags to send to sqlite3PagerGet() */
 62438  62555     u8 hints;                 /* As configured by CursorSetHints() */
 62439  62556     int skipNext;    /* Prev() is noop if negative. Next() is noop if positive.
................................................................................
 63589  63706     assert( 0==pCur->pKey );
 63590  63707     assert( cursorHoldsMutex(pCur) );
 63591  63708   
 63592  63709     if( pCur->curIntKey ){
 63593  63710       /* Only the rowid is required for a table btree */
 63594  63711       pCur->nKey = sqlite3BtreeIntegerKey(pCur);
 63595  63712     }else{
 63596         -    /* For an index btree, save the complete key content */
        63713  +    /* For an index btree, save the complete key content. It is possible
        63714  +    ** that the current key is corrupt. In that case, it is possible that
        63715  +    ** the sqlite3VdbeRecordUnpack() function may overread the buffer by
        63716  +    ** up to the size of 1 varint plus 1 8-byte value when the cursor 
        63717  +    ** position is restored. Hence the 17 bytes of padding allocated 
        63718  +    ** below. */
 63597  63719       void *pKey;
 63598  63720       pCur->nKey = sqlite3BtreePayloadSize(pCur);
 63599         -    pKey = sqlite3Malloc( pCur->nKey );
        63721  +    pKey = sqlite3Malloc( pCur->nKey + 9 + 8 );
 63600  63722       if( pKey ){
 63601  63723         rc = sqlite3BtreePayload(pCur, 0, (int)pCur->nKey, pKey);
 63602  63724         if( rc==SQLITE_OK ){
        63725  +        memset(((u8*)pKey)+pCur->nKey, 0, 9+8);
 63603  63726           pCur->pKey = pKey;
 63604  63727         }else{
 63605  63728           sqlite3_free(pKey);
 63606  63729         }
 63607  63730       }else{
 63608  63731         rc = SQLITE_NOMEM_BKPT;
 63609  63732       }
................................................................................
 63727  63850     int bias,           /* Bias search to the high end */
 63728  63851     int *pRes           /* Write search results here */
 63729  63852   ){
 63730  63853     int rc;                    /* Status code */
 63731  63854     UnpackedRecord *pIdxKey;   /* Unpacked index key */
 63732  63855   
 63733  63856     if( pKey ){
        63857  +    KeyInfo *pKeyInfo = pCur->pKeyInfo;
 63734  63858       assert( nKey==(i64)(int)nKey );
 63735         -    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pCur->pKeyInfo);
        63859  +    pIdxKey = sqlite3VdbeAllocUnpackedRecord(pKeyInfo);
 63736  63860       if( pIdxKey==0 ) return SQLITE_NOMEM_BKPT;
 63737         -    sqlite3VdbeRecordUnpack(pCur->pKeyInfo, (int)nKey, pKey, pIdxKey);
 63738         -    if( pIdxKey->nField==0 ){
        63861  +    sqlite3VdbeRecordUnpack(pKeyInfo, (int)nKey, pKey, pIdxKey);
        63862  +    if( pIdxKey->nField==0 || pIdxKey->nField>pKeyInfo->nAllField ){
 63739  63863         rc = SQLITE_CORRUPT_BKPT;
 63740  63864         goto moveto_done;
 63741  63865       }
 63742  63866     }else{
 63743  63867       pIdxKey = 0;
 63744  63868     }
 63745  63869     rc = sqlite3BtreeMovetoUnpacked(pCur, pIdxKey, nKey, bias, pRes);
................................................................................
 63767  63891     }
 63768  63892     pCur->eState = CURSOR_INVALID;
 63769  63893     rc = btreeMoveto(pCur, pCur->pKey, pCur->nKey, 0, &skipNext);
 63770  63894     if( rc==SQLITE_OK ){
 63771  63895       sqlite3_free(pCur->pKey);
 63772  63896       pCur->pKey = 0;
 63773  63897       assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_INVALID );
 63774         -    pCur->skipNext |= skipNext;
        63898  +    if( skipNext ) pCur->skipNext = skipNext;
 63775  63899       if( pCur->skipNext && pCur->eState==CURSOR_VALID ){
 63776  63900         pCur->eState = CURSOR_SKIPNEXT;
 63777  63901       }
 63778  63902     }
 63779  63903     return rc;
 63780  63904   }
 63781  63905   
................................................................................
 63837  63961     if( rc ){
 63838  63962       *pDifferentRow = 1;
 63839  63963       return rc;
 63840  63964     }
 63841  63965     if( pCur->eState!=CURSOR_VALID ){
 63842  63966       *pDifferentRow = 1;
 63843  63967     }else{
 63844         -    assert( pCur->skipNext==0 );
 63845  63968       *pDifferentRow = 0;
 63846  63969     }
 63847  63970     return SQLITE_OK;
 63848  63971   }
 63849  63972   
 63850  63973   #ifdef SQLITE_ENABLE_CURSOR_HINTS
 63851  63974   /*
................................................................................
 63920  64043       return;
 63921  64044     }
 63922  64045     iPtrmap = PTRMAP_PAGENO(pBt, key);
 63923  64046     rc = sqlite3PagerGet(pBt->pPager, iPtrmap, &pDbPage, 0);
 63924  64047     if( rc!=SQLITE_OK ){
 63925  64048       *pRC = rc;
 63926  64049       return;
        64050  +  }
        64051  +  if( ((char*)sqlite3PagerGetExtra(pDbPage))[0]!=0 ){
        64052  +    /* The first byte of the extra data is the MemPage.isInit byte.
        64053  +    ** If that byte is set, it means this page is also being used
        64054  +    ** as a btree page. */
        64055  +    *pRC = SQLITE_CORRUPT_BKPT;
        64056  +    goto ptrmap_exit;
 63927  64057     }
 63928  64058     offset = PTRMAP_PTROFFSET(iPtrmap, key);
 63929  64059     if( offset<0 ){
 63930  64060       *pRC = SQLITE_CORRUPT_BKPT;
 63931  64061       goto ptrmap_exit;
 63932  64062     }
 63933  64063     assert( offset <= (int)pBt->usableSize-5 );
................................................................................
 63983  64113     if( *pEType<1 || *pEType>5 ) return SQLITE_CORRUPT_PGNO(iPtrmap);
 63984  64114     return SQLITE_OK;
 63985  64115   }
 63986  64116   
 63987  64117   #else /* if defined SQLITE_OMIT_AUTOVACUUM */
 63988  64118     #define ptrmapPut(w,x,y,z,rc)
 63989  64119     #define ptrmapGet(w,x,y,z) SQLITE_OK
 63990         -  #define ptrmapPutOvflPtr(x, y, rc)
        64120  +  #define ptrmapPutOvflPtr(x, y, z, rc)
 63991  64121   #endif
 63992  64122   
 63993  64123   /*
 63994  64124   ** Given a btree page and a cell index (0 means the first cell on
 63995  64125   ** the page, 1 means the second cell, and so forth) return a pointer
 63996  64126   ** to the cell content.
 63997  64127   **
................................................................................
 64276  64406   static u16 cellSize(MemPage *pPage, int iCell){
 64277  64407     return pPage->xCellSize(pPage, findCell(pPage, iCell));
 64278  64408   }
 64279  64409   #endif
 64280  64410   
 64281  64411   #ifndef SQLITE_OMIT_AUTOVACUUM
 64282  64412   /*
 64283         -** If the cell pCell, part of page pPage contains a pointer
 64284         -** to an overflow page, insert an entry into the pointer-map
 64285         -** for the overflow page.
        64413  +** The cell pCell is currently part of page pSrc but will ultimately be part
        64414  +** of pPage.  (pSrc and pPager are often the same.)  If pCell contains a
        64415  +** pointer to an overflow page, insert an entry into the pointer-map for
        64416  +** the overflow page that will be valid after pCell has been moved to pPage.
 64286  64417   */
 64287         -static void ptrmapPutOvflPtr(MemPage *pPage, u8 *pCell, int *pRC){
        64418  +static void ptrmapPutOvflPtr(MemPage *pPage, MemPage *pSrc, u8 *pCell,int *pRC){
 64288  64419     CellInfo info;
 64289  64420     if( *pRC ) return;
 64290  64421     assert( pCell!=0 );
 64291  64422     pPage->xParseCell(pPage, pCell, &info);
 64292  64423     if( info.nLocal<info.nPayload ){
 64293         -    Pgno ovfl = get4byte(&pCell[info.nSize-4]);
        64424  +    Pgno ovfl;
        64425  +    if( SQLITE_WITHIN(pSrc->aDataEnd, pCell, pCell+info.nLocal) ){
        64426  +      testcase( pSrc!=pPage );
        64427  +      *pRC = SQLITE_CORRUPT_BKPT;
        64428  +      return;
        64429  +    }
        64430  +    ovfl = get4byte(&pCell[info.nSize-4]);
 64294  64431       ptrmapPut(pPage->pBt, ovfl, PTRMAP_OVERFLOW1, pPage->pgno, pRC);
 64295  64432     }
 64296  64433   }
 64297  64434   #endif
 64298  64435   
 64299  64436   
 64300  64437   /*
................................................................................
 64341  64478     /* This block handles pages with two or fewer free blocks and nMaxFrag
 64342  64479     ** or fewer fragmented bytes. In this case it is faster to move the
 64343  64480     ** two (or one) blocks of cells using memmove() and add the required
 64344  64481     ** offsets to each pointer in the cell-pointer array than it is to 
 64345  64482     ** reconstruct the entire page.  */
 64346  64483     if( (int)data[hdr+7]<=nMaxFrag ){
 64347  64484       int iFree = get2byte(&data[hdr+1]);
        64485  +
        64486  +    /* If the initial freeblock offset were out of bounds, that would
        64487  +    ** have been detected by btreeInitPage() when it was computing the
        64488  +    ** number of free bytes on the page. */
        64489  +    assert( iFree<=usableSize-4 );
 64348  64490       if( iFree ){
 64349  64491         int iFree2 = get2byte(&data[iFree]);
 64350         -
 64351         -      /* pageFindSlot() has already verified that free blocks are sorted
 64352         -      ** in order of offset within the page, and that no block extends
 64353         -      ** past the end of the page. Provided the two free slots do not 
 64354         -      ** overlap, this guarantees that the memmove() calls below will not
 64355         -      ** overwrite the usableSize byte buffer, even if the database page
 64356         -      ** is corrupt.  */
 64357         -      assert( iFree2==0 || iFree2>iFree );
 64358         -      assert( iFree+get2byte(&data[iFree+2]) <= usableSize );
 64359         -      assert( iFree2==0 || iFree2+get2byte(&data[iFree2+2]) <= usableSize );
 64360         -
        64492  +      if( iFree2>usableSize-4 ) return SQLITE_CORRUPT_PAGE(pPage);
 64361  64493         if( 0==iFree2 || (data[iFree2]==0 && data[iFree2+1]==0) ){
 64362  64494           u8 *pEnd = &data[cellOffset + nCell*2];
 64363  64495           u8 *pAddr;
 64364  64496           int sz2 = 0;
 64365  64497           int sz = get2byte(&data[iFree+2]);
 64366  64498           int top = get2byte(&data[hdr+5]);
 64367  64499           if( top>=iFree ){
 64368  64500             return SQLITE_CORRUPT_PAGE(pPage);
 64369  64501           }
 64370  64502           if( iFree2 ){
 64371         -          assert( iFree+sz<=iFree2 ); /* Verified by pageFindSlot() */
        64503  +          if( iFree+sz>iFree2 ) return SQLITE_CORRUPT_PAGE(pPage);
 64372  64504             sz2 = get2byte(&data[iFree2+2]);
 64373         -          assert( iFree+sz+sz2+iFree2-(iFree+sz) <= usableSize );
        64505  +          if( iFree2+sz2 > usableSize ) return SQLITE_CORRUPT_PAGE(pPage);
 64374  64506             memmove(&data[iFree+sz+sz2], &data[iFree+sz], iFree2-(iFree+sz));
 64375  64507             sz += sz2;
 64376  64508           }
 64377  64509           cbrk = top+sz;
 64378  64510           assert( cbrk+(iFree-top) <= usableSize );
 64379  64511           memmove(&data[cbrk], &data[top], iFree-top);
 64380  64512           for(pAddr=&data[cellOffset]; pAddr<pEnd; pAddr+=2){
................................................................................
 65921  66053   ** well-formed database file, then SQLITE_CORRUPT is returned.
 65922  66054   ** SQLITE_BUSY is returned if the database is locked.  SQLITE_NOMEM
 65923  66055   ** is returned if we run out of memory. 
 65924  66056   */
 65925  66057   static int lockBtree(BtShared *pBt){
 65926  66058     int rc;              /* Result code from subfunctions */
 65927  66059     MemPage *pPage1;     /* Page 1 of the database file */
 65928         -  int nPage;           /* Number of pages in the database */
 65929         -  int nPageFile = 0;   /* Number of pages in the database file */
 65930         -  int nPageHeader;     /* Number of pages in the database according to hdr */
        66060  +  u32 nPage;           /* Number of pages in the database */
        66061  +  u32 nPageFile = 0;   /* Number of pages in the database file */
        66062  +  u32 nPageHeader;     /* Number of pages in the database according to hdr */
 65931  66063   
 65932  66064     assert( sqlite3_mutex_held(pBt->mutex) );
 65933  66065     assert( pBt->pPage1==0 );
 65934  66066     rc = sqlite3PagerSharedLock(pBt->pPager);
 65935  66067     if( rc!=SQLITE_OK ) return rc;
 65936  66068     rc = btreeGetPage(pBt, 1, &pPage1, 0);
 65937  66069     if( rc!=SQLITE_OK ) return rc;
 65938  66070   
 65939  66071     /* Do some checking to help insure the file we opened really is
 65940  66072     ** a valid database file. 
 65941  66073     */
 65942  66074     nPage = nPageHeader = get4byte(28+(u8*)pPage1->aData);
 65943         -  sqlite3PagerPagecount(pBt->pPager, &nPageFile);
        66075  +  sqlite3PagerPagecount(pBt->pPager, (int*)&nPageFile);
 65944  66076     if( nPage==0 || memcmp(24+(u8*)pPage1->aData, 92+(u8*)pPage1->aData,4)!=0 ){
 65945  66077       nPage = nPageFile;
 65946  66078     }
 65947  66079     if( (pBt->db->flags & SQLITE_ResetDatabase)!=0 ){
 65948  66080       nPage = 0;
 65949  66081     }
 65950  66082     if( nPage>0 ){
................................................................................
 66017  66149       ** between 512 and 65536 inclusive. */
 66018  66150       if( ((pageSize-1)&pageSize)!=0
 66019  66151        || pageSize>SQLITE_MAX_PAGE_SIZE 
 66020  66152        || pageSize<=256 
 66021  66153       ){
 66022  66154         goto page1_init_failed;
 66023  66155       }
        66156  +    pBt->btsFlags |= BTS_PAGESIZE_FIXED;
 66024  66157       assert( (pageSize & 7)==0 );
 66025  66158       /* EVIDENCE-OF: R-59310-51205 The "reserved space" size in the 1-byte
 66026  66159       ** integer at offset 20 is the number of bytes of space at the end of
 66027  66160       ** each page to reserve for extensions. 
 66028  66161       **
 66029  66162       ** EVIDENCE-OF: R-37497-42412 The size of the reserved region is
 66030  66163       ** determined by the one-byte unsigned integer found at an offset of 20
................................................................................
 66407  66540     rc = pPage->isInit ? SQLITE_OK : btreeInitPage(pPage);
 66408  66541     if( rc!=SQLITE_OK ) return rc;
 66409  66542     nCell = pPage->nCell;
 66410  66543   
 66411  66544     for(i=0; i<nCell; i++){
 66412  66545       u8 *pCell = findCell(pPage, i);
 66413  66546   
 66414         -    ptrmapPutOvflPtr(pPage, pCell, &rc);
        66547  +    ptrmapPutOvflPtr(pPage, pPage, pCell, &rc);
 66415  66548   
 66416  66549       if( !pPage->leaf ){
 66417  66550         Pgno childPgno = get4byte(pCell);
 66418  66551         ptrmapPut(pBt, childPgno, PTRMAP_BTREE, pgno, &rc);
 66419  66552       }
 66420  66553     }
 66421  66554   
................................................................................
 67333  67466         }while( ALWAYS(pPrev) );
 67334  67467       }
 67335  67468       btreeReleaseAllCursorPages(pCur);
 67336  67469       unlockBtreeIfUnused(pBt);
 67337  67470       sqlite3_free(pCur->aOverflow);
 67338  67471       sqlite3_free(pCur->pKey);
 67339  67472       sqlite3BtreeLeave(pBtree);
        67473  +    pCur->pBtree = 0;
 67340  67474     }
 67341  67475     return SQLITE_OK;
 67342  67476   }
 67343  67477   
 67344  67478   /*
 67345  67479   ** Make sure the BtCursor* given in the argument has a valid
 67346  67480   ** BtCursor.info structure.  If it is not already valid, call
................................................................................
 67430  67564   */
 67431  67565   SQLITE_PRIVATE u32 sqlite3BtreePayloadSize(BtCursor *pCur){
 67432  67566     assert( cursorHoldsMutex(pCur) );
 67433  67567     assert( pCur->eState==CURSOR_VALID );
 67434  67568     getCellInfo(pCur);
 67435  67569     return pCur->info.nPayload;
 67436  67570   }
        67571  +
        67572  +/*
        67573  +** Return an upper bound on the size of any record for the table
        67574  +** that the cursor is pointing into.
        67575  +**
        67576  +** This is an optimization.  Everything will still work if this
        67577  +** routine always returns 2147483647 (which is the largest record
        67578  +** that SQLite can handle) or more.  But returning a smaller value might
        67579  +** prevent large memory allocations when trying to interpret a
        67580  +** corrupt datrabase.
        67581  +**
        67582  +** The current implementation merely returns the size of the underlying
        67583  +** database file.
        67584  +*/
        67585  +SQLITE_PRIVATE sqlite3_int64 sqlite3BtreeMaxRecordSize(BtCursor *pCur){
        67586  +  assert( cursorHoldsMutex(pCur) );
        67587  +  assert( pCur->eState==CURSOR_VALID );
        67588  +  return pCur->pBt->pageSize * (sqlite3_int64)pCur->pBt->nPage;
        67589  +}
 67437  67590   
 67438  67591   /*
 67439  67592   ** Given the page number of an overflow page in the database (parameter
 67440  67593   ** ovfl), this function finds the page number of the next page in the 
 67441  67594   ** linked list of overflow pages. If possible, it uses the auto-vacuum
 67442  67595   ** pointer-map data instead of reading the content of page ovfl to do so. 
 67443  67596   **
................................................................................
 68245  68398           *pRes = -1;
 68246  68399           return SQLITE_OK;
 68247  68400         }
 68248  68401         /* If the requested key is one more than the previous key, then
 68249  68402         ** try to get there using sqlite3BtreeNext() rather than a full
 68250  68403         ** binary search.  This is an optimization only.  The correct answer
 68251  68404         ** is still obtained without this case, only a little more slowely */
 68252         -      if( pCur->info.nKey+1==intKey && !pCur->skipNext ){
        68405  +      if( pCur->info.nKey+1==intKey ){
 68253  68406           *pRes = 0;
 68254  68407           rc = sqlite3BtreeNext(pCur, 0);
 68255  68408           if( rc==SQLITE_OK ){
 68256  68409             getCellInfo(pCur);
 68257  68410             if( pCur->info.nKey==intKey ){
 68258  68411               return SQLITE_OK;
 68259  68412             }
................................................................................
 68387  68540             u8 * const pCellBody = pCell - pPage->childPtrSize;
 68388  68541             pPage->xParseCell(pPage, pCellBody, &pCur->info);
 68389  68542             nCell = (int)pCur->info.nKey;
 68390  68543             testcase( nCell<0 );   /* True if key size is 2^32 or more */
 68391  68544             testcase( nCell==0 );  /* Invalid key size:  0x80 0x80 0x00 */
 68392  68545             testcase( nCell==1 );  /* Invalid key size:  0x80 0x80 0x01 */
 68393  68546             testcase( nCell==2 );  /* Minimum legal index key size */
 68394         -          if( nCell<2 ){
        68547  +          if( nCell<2 || nCell/pCur->pBt->usableSize>pCur->pBt->nPage ){
 68395  68548               rc = SQLITE_CORRUPT_PAGE(pPage);
 68396  68549               goto moveto_finish;
 68397  68550             }
 68398  68551             pCellKey = sqlite3Malloc( nCell+18 );
 68399  68552             if( pCellKey==0 ){
 68400  68553               rc = SQLITE_NOMEM_BKPT;
 68401  68554               goto moveto_finish;
................................................................................
 68519  68672   */
 68520  68673   static SQLITE_NOINLINE int btreeNext(BtCursor *pCur){
 68521  68674     int rc;
 68522  68675     int idx;
 68523  68676     MemPage *pPage;
 68524  68677   
 68525  68678     assert( cursorOwnsBtShared(pCur) );
 68526         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68527  68679     if( pCur->eState!=CURSOR_VALID ){
 68528  68680       assert( (pCur->curFlags & BTCF_ValidOvfl)==0 );
 68529  68681       rc = restoreCursorPosition(pCur);
 68530  68682       if( rc!=SQLITE_OK ){
 68531  68683         return rc;
 68532  68684       }
 68533  68685       if( CURSOR_INVALID==pCur->eState ){
 68534  68686         return SQLITE_DONE;
 68535  68687       }
 68536         -    if( pCur->skipNext ){
 68537         -      assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_SKIPNEXT );
        68688  +    if( pCur->eState==CURSOR_SKIPNEXT ){
 68538  68689         pCur->eState = CURSOR_VALID;
 68539         -      if( pCur->skipNext>0 ){
 68540         -        pCur->skipNext = 0;
 68541         -        return SQLITE_OK;
 68542         -      }
 68543         -      pCur->skipNext = 0;
        68690  +      if( pCur->skipNext>0 ) return SQLITE_OK;
 68544  68691       }
 68545  68692     }
 68546  68693   
 68547  68694     pPage = pCur->pPage;
 68548  68695     idx = ++pCur->ix;
 68549  68696     if( !pPage->isInit ){
 68550  68697       /* The only known way for this to happen is for there to be a
................................................................................
 68591  68738     }
 68592  68739   }
 68593  68740   SQLITE_PRIVATE int sqlite3BtreeNext(BtCursor *pCur, int flags){
 68594  68741     MemPage *pPage;
 68595  68742     UNUSED_PARAMETER( flags );  /* Used in COMDB2 but not native SQLite */
 68596  68743     assert( cursorOwnsBtShared(pCur) );
 68597  68744     assert( flags==0 || flags==1 );
 68598         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68599  68745     pCur->info.nSize = 0;
 68600  68746     pCur->curFlags &= ~(BTCF_ValidNKey|BTCF_ValidOvfl);
 68601  68747     if( pCur->eState!=CURSOR_VALID ) return btreeNext(pCur);
 68602  68748     pPage = pCur->pPage;
 68603  68749     if( (++pCur->ix)>=pPage->nCell ){
 68604  68750       pCur->ix--;
 68605  68751       return btreeNext(pCur);
................................................................................
 68632  68778   ** use this hint, but COMDB2 does.
 68633  68779   */
 68634  68780   static SQLITE_NOINLINE int btreePrevious(BtCursor *pCur){
 68635  68781     int rc;
 68636  68782     MemPage *pPage;
 68637  68783   
 68638  68784     assert( cursorOwnsBtShared(pCur) );
 68639         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68640  68785     assert( (pCur->curFlags & (BTCF_AtLast|BTCF_ValidOvfl|BTCF_ValidNKey))==0 );
 68641  68786     assert( pCur->info.nSize==0 );
 68642  68787     if( pCur->eState!=CURSOR_VALID ){
 68643  68788       rc = restoreCursorPosition(pCur);
 68644  68789       if( rc!=SQLITE_OK ){
 68645  68790         return rc;
 68646  68791       }
 68647  68792       if( CURSOR_INVALID==pCur->eState ){
 68648  68793         return SQLITE_DONE;
 68649  68794       }
 68650         -    if( pCur->skipNext ){
 68651         -      assert( pCur->eState==CURSOR_VALID || pCur->eState==CURSOR_SKIPNEXT );
        68795  +    if( CURSOR_SKIPNEXT==pCur->eState ){
 68652  68796         pCur->eState = CURSOR_VALID;
 68653         -      if( pCur->skipNext<0 ){
 68654         -        pCur->skipNext = 0;
 68655         -        return SQLITE_OK;
 68656         -      }
 68657         -      pCur->skipNext = 0;
        68797  +      if( pCur->skipNext<0 ) return SQLITE_OK;
 68658  68798       }
 68659  68799     }
 68660  68800   
 68661  68801     pPage = pCur->pPage;
 68662  68802     assert( pPage->isInit );
 68663  68803     if( !pPage->leaf ){
 68664  68804       int idx = pCur->ix;
................................................................................
 68685  68825       }
 68686  68826     }
 68687  68827     return rc;
 68688  68828   }
 68689  68829   SQLITE_PRIVATE int sqlite3BtreePrevious(BtCursor *pCur, int flags){
 68690  68830     assert( cursorOwnsBtShared(pCur) );
 68691  68831     assert( flags==0 || flags==1 );
 68692         -  assert( pCur->skipNext==0 || pCur->eState!=CURSOR_VALID );
 68693  68832     UNUSED_PARAMETER( flags );  /* Used in COMDB2 but not native SQLite */
 68694  68833     pCur->curFlags &= ~(BTCF_AtLast|BTCF_ValidOvfl|BTCF_ValidNKey);
 68695  68834     pCur->info.nSize = 0;
 68696  68835     if( pCur->eState!=CURSOR_VALID
 68697  68836      || pCur->ix==0
 68698  68837      || pCur->pPage->leaf==0
 68699  68838     ){
................................................................................
 69021  69160       if( rc!=SQLITE_OK ){
 69022  69161         releasePage(*ppPage);
 69023  69162         *ppPage = 0;
 69024  69163       }
 69025  69164       TRACE(("ALLOCATE: %d from end of file\n", *pPgno));
 69026  69165     }
 69027  69166   
 69028         -  assert( *pPgno!=PENDING_BYTE_PAGE(pBt) );
        69167  +  assert( CORRUPT_DB || *pPgno!=PENDING_BYTE_PAGE(pBt) );
 69029  69168   
 69030  69169   end_allocate_page:
 69031  69170     releasePage(pTrunk);
 69032  69171     releasePage(pPrevTrunk);
 69033  69172     assert( rc!=SQLITE_OK || sqlite3PagerPageRefcount((*ppPage)->pDbPage)<=1 );
 69034  69173     assert( rc!=SQLITE_OK || (*ppPage)->isInit==0 );
 69035  69174     return rc;
................................................................................
 69576  69715       if( rc ){ *pRC = rc; return; }
 69577  69716       /* The allocateSpace() routine guarantees the following properties
 69578  69717       ** if it returns successfully */
 69579  69718       assert( idx >= 0 );
 69580  69719       assert( idx >= pPage->cellOffset+2*pPage->nCell+2 || CORRUPT_DB );
 69581  69720       assert( idx+sz <= (int)pPage->pBt->usableSize );
 69582  69721       pPage->nFree -= (u16)(2 + sz);
 69583         -    memcpy(&data[idx], pCell, sz);
 69584  69722       if( iChild ){
        69723  +      /* In a corrupt database where an entry in the cell index section of
        69724  +      ** a btree page has a value of 3 or less, the pCell value might point
        69725  +      ** as many as 4 bytes in front of the start of the aData buffer for
        69726  +      ** the source page.  Make sure this does not cause problems by not
        69727  +      ** reading the first 4 bytes */
        69728  +      memcpy(&data[idx+4], pCell+4, sz-4);
 69585  69729         put4byte(&data[idx], iChild);
        69730  +    }else{
        69731  +      memcpy(&data[idx], pCell, sz);
 69586  69732       }
 69587  69733       pIns = pPage->aCellIdx + i*2;
 69588  69734       memmove(pIns+2, pIns, 2*(pPage->nCell - i));
 69589  69735       put2byte(pIns, idx);
 69590  69736       pPage->nCell++;
 69591  69737       /* increment the cell count */
 69592  69738       if( (++data[pPage->hdrOffset+4])==0 ) data[pPage->hdrOffset+3]++;
 69593  69739       assert( get2byte(&data[pPage->hdrOffset+3])==pPage->nCell );
 69594  69740   #ifndef SQLITE_OMIT_AUTOVACUUM
 69595  69741       if( pPage->pBt->autoVacuum ){
 69596  69742         /* The cell may contain a pointer to an overflow page. If so, write
 69597  69743         ** the entry for the overflow page into the pointer map.
 69598  69744         */
 69599         -      ptrmapPutOvflPtr(pPage, pCell, pRC);
        69745  +      ptrmapPutOvflPtr(pPage, pPage, pCell, pRC);
 69600  69746       }
 69601  69747   #endif
 69602  69748     }
 69603  69749   }
 69604  69750   
        69751  +/*
        69752  +** The following parameters determine how many adjacent pages get involved
        69753  +** in a balancing operation.  NN is the number of neighbors on either side
        69754  +** of the page that participate in the balancing operation.  NB is the
        69755  +** total number of pages that participate, including the target page and
        69756  +** NN neighbors on either side.
        69757  +**
        69758  +** The minimum value of NN is 1 (of course).  Increasing NN above 1
        69759  +** (to 2 or 3) gives a modest improvement in SELECT and DELETE performance
        69760  +** in exchange for a larger degradation in INSERT and UPDATE performance.
        69761  +** The value of NN appears to give the best results overall.
        69762  +**
        69763  +** (Later:) The description above makes it seem as if these values are
        69764  +** tunable - as if you could change them and recompile and it would all work.
        69765  +** But that is unlikely.  NB has been 3 since the inception of SQLite and
        69766  +** we have never tested any other value.
        69767  +*/
        69768  +#define NN 1             /* Number of neighbors on either side of pPage */
        69769  +#define NB 3             /* (NN*2+1): Total pages involved in the balance */
        69770  +
 69605  69771   /*
 69606  69772   ** A CellArray object contains a cache of pointers and sizes for a
 69607  69773   ** consecutive sequence of cells that might be held on multiple pages.
        69774  +**
        69775  +** The cells in this array are the divider cell or cells from the pParent
        69776  +** page plus up to three child pages.  There are a total of nCell cells.
        69777  +**
        69778  +** pRef is a pointer to one of the pages that contributes cells.  This is
        69779  +** used to access information such as MemPage.intKey and MemPage.pBt->pageSize
        69780  +** which should be common to all pages that contribute cells to this array.
        69781  +**
        69782  +** apCell[] and szCell[] hold, respectively, pointers to the start of each
        69783  +** cell and the size of each cell.  Some of the apCell[] pointers might refer
        69784  +** to overflow cells.  In other words, some apCel[] pointers might not point
        69785  +** to content area of the pages.
        69786  +**
        69787  +** A szCell[] of zero means the size of that cell has not yet been computed.
        69788  +**
        69789  +** The cells come from as many as four different pages:
        69790  +**
        69791  +**             -----------
        69792  +**             | Parent  |
        69793  +**             -----------
        69794  +**            /     |     \
        69795  +**           /      |      \
        69796  +**  ---------   ---------   ---------
        69797  +**  |Child-1|   |Child-2|   |Child-3|
        69798  +**  ---------   ---------   ---------
        69799  +**
        69800  +** The order of cells is in the array is for an index btree is:
        69801  +**
        69802  +**       1.  All cells from Child-1 in order
        69803  +**       2.  The first divider cell from Parent
        69804  +**       3.  All cells from Child-2 in order
        69805  +**       4.  The second divider cell from Parent
        69806  +**       5.  All cells from Child-3 in order
        69807  +**
        69808  +** For a table-btree (with rowids) the items 2 and 4 are empty because
        69809  +** content exists only in leaves and there are no divider cells.
        69810  +**
        69811  +** For an index btree, the apEnd[] array holds pointer to the end of page
        69812  +** for Child-1, the Parent, Child-2, the Parent (again), and Child-3,
        69813  +** respectively. The ixNx[] array holds the number of cells contained in
        69814  +** each of these 5 stages, and all stages to the left.  Hence:
        69815  +**
        69816  +**    ixNx[0] = Number of cells in Child-1.
        69817  +**    ixNx[1] = Number of cells in Child-1 plus 1 for first divider.
        69818  +**    ixNx[2] = Number of cells in Child-1 and Child-2 + 1 for 1st divider.
        69819  +**    ixNx[3] = Number of cells in Child-1 and Child-2 + both divider cells
        69820  +**    ixNx[4] = Total number of cells.
        69821  +**
        69822  +** For a table-btree, the concept is similar, except only apEnd[0]..apEnd[2]
        69823  +** are used and they point to the leaf pages only, and the ixNx value are:
        69824  +**
        69825  +**    ixNx[0] = Number of cells in Child-1.
        69826  +**    ixNx[1] = Number of cells in Child-1 and Child-2 + 1 for 1st divider.
        69827  +**    ixNx[2] = Number of cells in Child-1 and Child-2 + both divider cells
 69608  69828   */
 69609  69829   typedef struct CellArray CellArray;
 69610  69830   struct CellArray {
 69611  69831     int nCell;              /* Number of cells in apCell[] */
 69612  69832     MemPage *pRef;          /* Reference page */
 69613  69833     u8 **apCell;            /* All cells begin balanced */
 69614  69834     u16 *szCell;            /* Local size of all cells in apCell[] */
        69835  +  u8 *apEnd[NB*2];        /* MemPage.aDataEnd values */
        69836  +  int ixNx[NB*2];         /* Index of at which we move to the next apEnd[] */
 69615  69837   };
 69616  69838   
 69617  69839   /*
 69618  69840   ** Make sure the cell sizes at idx, idx+1, ..., idx+N-1 have been
 69619  69841   ** computed.
 69620  69842   */
 69621  69843   static void populateCellCache(CellArray *p, int idx, int N){
................................................................................
 69658  69880   ** function works around problems caused by this by making a copy of any 
 69659  69881   ** such cells before overwriting the page data.
 69660  69882   **
 69661  69883   ** The MemPage.nFree field is invalidated by this function. It is the 
 69662  69884   ** responsibility of the caller to set it correctly.
 69663  69885   */
 69664  69886   static int rebuildPage(
 69665         -  MemPage *pPg,                   /* Edit this page */
        69887  +  CellArray *pCArray,             /* Content to be added to page pPg */
        69888  +  int iFirst,                     /* First cell in pCArray to use */
 69666  69889     int nCell,                      /* Final number of cells on page */
 69667         -  u8 **apCell,                    /* Array of cells */
 69668         -  u16 *szCell                     /* Array of cell sizes */
        69890  +  MemPage *pPg                    /* The page to be reconstructed */
 69669  69891   ){
 69670  69892     const int hdr = pPg->hdrOffset;          /* Offset of header on pPg */
 69671  69893     u8 * const aData = pPg->aData;           /* Pointer to data for pPg */
 69672  69894     const int usableSize = pPg->pBt->usableSize;
 69673  69895     u8 * const pEnd = &aData[usableSize];
 69674         -  int i;
        69896  +  int i = iFirst;                 /* Which cell to copy from pCArray*/
        69897  +  u32 j;                          /* Start of cell content area */
        69898  +  int iEnd = i+nCell;             /* Loop terminator */
 69675  69899     u8 *pCellptr = pPg->aCellIdx;
 69676  69900     u8 *pTmp = sqlite3PagerTempSpace(pPg->pBt->pPager);
 69677  69901     u8 *pData;
        69902  +  int k;                          /* Current slot in pCArray->apEnd[] */
        69903  +  u8 *pSrcEnd;                    /* Current pCArray->apEnd[k] value */
 69678  69904   
 69679         -  i = get2byte(&aData[hdr+5]);
 69680         -  memcpy(&pTmp[i], &aData[i], usableSize - i);
        69905  +  assert( i<iEnd );
        69906  +  j = get2byte(&aData[hdr+5]);
        69907  +  if( NEVER(j>(u32)usableSize) ){ j = 0; }
        69908  +  memcpy(&pTmp[j], &aData[j], usableSize - j);
        69909  +
        69910  +  for(k=0; pCArray->ixNx[k]<=i && ALWAYS(k<NB*2); k++){}
        69911  +  pSrcEnd = pCArray->apEnd[k];
 69681  69912   
 69682  69913     pData = pEnd;
 69683         -  for(i=0; i<nCell; i++){
 69684         -    u8 *pCell = apCell[i];
        69914  +  while( 1/*exit by break*/ ){
        69915  +    u8 *pCell = pCArray->apCell[i];
        69916  +    u16 sz = pCArray->szCell[i];
        69917  +    assert( sz>0 );
 69685  69918       if( SQLITE_WITHIN(pCell,aData,pEnd) ){
        69919  +      if( ((uptr)(pCell+sz))>(uptr)pEnd ) return SQLITE_CORRUPT_BKPT;
 69686  69920         pCell = &pTmp[pCell - aData];
        69921  +    }else if( (uptr)(pCell+sz)>(uptr)pSrcEnd
        69922  +           && (uptr)(pCell)<(uptr)pSrcEnd
        69923  +    ){
        69924  +      return SQLITE_CORRUPT_BKPT;
 69687  69925       }
 69688         -    pData -= szCell[i];
        69926  +
        69927  +    pData -= sz;
 69689  69928       put2byte(pCellptr, (pData - aData));
 69690  69929       pCellptr += 2;
 69691  69930       if( pData < pCellptr ) return SQLITE_CORRUPT_BKPT;
 69692         -    memcpy(pData, pCell, szCell[i]);
 69693         -    assert( szCell[i]==pPg->xCellSize(pPg, pCell) || CORRUPT_DB );
 69694         -    testcase( szCell[i]!=pPg->xCellSize(pPg,pCell) );
        69931  +    memcpy(pData, pCell, sz);
        69932  +    assert( sz==pPg->xCellSize(pPg, pCell) || CORRUPT_DB );
        69933  +    testcase( sz!=pPg->xCellSize(pPg,pCell) );
        69934  +    i++;
        69935  +    if( i>=iEnd ) break;
        69936  +    if( pCArray->ixNx[k]<=i ){
        69937  +      k++;
        69938  +      pSrcEnd = pCArray->apEnd[k];
        69939  +    }
 69695  69940     }
 69696  69941   
 69697  69942     /* The pPg->nFree field is now set incorrectly. The caller will fix it. */
 69698  69943     pPg->nCell = nCell;
 69699  69944     pPg->nOverflow = 0;
 69700  69945   
 69701  69946     put2byte(&aData[hdr+1], 0);
................................................................................
 69702  69947     put2byte(&aData[hdr+3], pPg->nCell);
 69703  69948     put2byte(&aData[hdr+5], pData - aData);
 69704  69949     aData[hdr+7] = 0x00;
 69705  69950     return SQLITE_OK;
 69706  69951   }
 69707  69952   
 69708  69953   /*
 69709         -** Array apCell[] contains nCell pointers to b-tree cells. Array szCell
 69710         -** contains the size in bytes of each such cell. This function attempts to 
 69711         -** add the cells stored in the array to page pPg. If it cannot (because 
 69712         -** the page needs to be defragmented before the cells will fit), non-zero
 69713         -** is returned. Otherwise, if the cells are added successfully, zero is
 69714         -** returned.
        69954  +** The pCArray objects contains pointers to b-tree cells and the cell sizes.
        69955  +** This function attempts to add the cells stored in the array to page pPg.
        69956  +** If it cannot (because the page needs to be defragmented before the cells
        69957  +** will fit), non-zero is returned. Otherwise, if the cells are added
        69958  +** successfully, zero is returned.
 69715  69959   **
 69716  69960   ** Argument pCellptr points to the first entry in the cell-pointer array
 69717  69961   ** (part of page pPg) to populate. After cell apCell[0] is written to the
 69718  69962   ** page body, a 16-bit offset is written to pCellptr. And so on, for each
 69719  69963   ** cell in the array. It is the responsibility of the caller to ensure
 69720  69964   ** that it is safe to overwrite this part of the cell-pointer array.
 69721  69965   **
................................................................................
 69729  69973   ** all cells - not just those inserted by the current call). If the content
 69730  69974   ** area must be extended to before this point in order to accomodate all
 69731  69975   ** cells in apCell[], then the cells do not fit and non-zero is returned.
 69732  69976   */
 69733  69977   static int pageInsertArray(
 69734  69978     MemPage *pPg,                   /* Page to add cells to */
 69735  69979     u8 *pBegin,                     /* End of cell-pointer array */
 69736         -  u8 **ppData,                    /* IN/OUT: Page content -area pointer */
        69980  +  u8 **ppData,                    /* IN/OUT: Page content-area pointer */
 69737  69981     u8 *pCellptr,                   /* Pointer to cell-pointer area */
 69738  69982     int iFirst,                     /* Index of first cell to add */
 69739  69983     int nCell,                      /* Number of cells to add to pPg */
 69740  69984     CellArray *pCArray              /* Array of cells */
 69741  69985   ){
 69742         -  int i;
 69743         -  u8 *aData = pPg->aData;
 69744         -  u8 *pData = *ppData;
 69745         -  int iEnd = iFirst + nCell;
        69986  +  int i = iFirst;                 /* Loop counter - cell index to insert */
        69987  +  u8 *aData = pPg->aData;         /* Complete page */
        69988  +  u8 *pData = *ppData;            /* Content area.  A subset of aData[] */
        69989  +  int iEnd = iFirst + nCell;      /* End of loop. One past last cell to ins */
        69990  +  int k;                          /* Current slot in pCArray->apEnd[] */
        69991  +  u8 *pEnd;                       /* Maximum extent of cell data */
 69746  69992     assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
 69747         -  for(i=iFirst; i<iEnd; i++){
        69993  +  if( iEnd<=iFirst ) return 0;
        69994  +  for(k=0; pCArray->ixNx[k]<=i && ALWAYS(k<NB*2); k++){}
        69995  +  pEnd = pCArray->apEnd[k];
        69996  +  while( 1 /*Exit by break*/ ){
 69748  69997       int sz, rc;
 69749  69998       u8 *pSlot;
 69750  69999       sz = cachedCellSize(pCArray, i);
 69751  70000       if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
 69752  70001         if( (pData - pBegin)<sz ) return 1;
 69753  70002         pData -= sz;
 69754  70003         pSlot = pData;
................................................................................
 69755  70004       }
 69756  70005       /* pSlot and pCArray->apCell[i] will never overlap on a well-formed
 69757  70006       ** database.  But they might for a corrupt database.  Hence use memmove()
 69758  70007       ** since memcpy() sends SIGABORT with overlapping buffers on OpenBSD */
 69759  70008       assert( (pSlot+sz)<=pCArray->apCell[i]
 69760  70009            || pSlot>=(pCArray->apCell[i]+sz)
 69761  70010            || CORRUPT_DB );
        70011  +    if( (uptr)(pCArray->apCell[i]+sz)>(uptr)pEnd
        70012  +     && (uptr)(pCArray->apCell[i])<(uptr)pEnd
        70013  +    ){
        70014  +      assert( CORRUPT_DB );
        70015  +      (void)SQLITE_CORRUPT_BKPT;
        70016  +      return 1;
        70017  +    }
 69762  70018       memmove(pSlot, pCArray->apCell[i], sz);
 69763  70019       put2byte(pCellptr, (pSlot - aData));
 69764  70020       pCellptr += 2;
        70021  +    i++;
        70022  +    if( i>=iEnd ) break;
        70023  +    if( pCArray->ixNx[k]<=i ){
        70024  +      k++;
        70025  +      pEnd = pCArray->apEnd[k];
        70026  +    }
 69765  70027     }
 69766  70028     *ppData = pData;
 69767  70029     return 0;
 69768  70030   }
 69769  70031   
 69770  70032   /*
 69771         -** Array apCell[] contains nCell pointers to b-tree cells. Array szCell 
 69772         -** contains the size in bytes of each such cell. This function adds the
 69773         -** space associated with each cell in the array that is currently stored 
 69774         -** within the body of pPg to the pPg free-list. The cell-pointers and other
 69775         -** fields of the page are not updated.
        70033  +** The pCArray object contains pointers to b-tree cells and their sizes.
        70034  +**
        70035  +** This function adds the space associated with each cell in the array
        70036  +** that is currently stored within the body of pPg to the pPg free-list.
        70037  +** The cell-pointers and other fields of the page are not updated.
 69776  70038   **
 69777  70039   ** This function returns the total number of cells added to the free-list.
 69778  70040   */
 69779  70041   static int pageFreeArray(
 69780  70042     MemPage *pPg,                   /* Page to edit */
 69781  70043     int iFirst,                     /* First cell to delete */
 69782  70044     int nCell,                      /* Cells to delete */
................................................................................
 69818  70080       assert( pFree>aData && (pFree - aData)<65536 );
 69819  70081       freeSpace(pPg, (u16)(pFree - aData), szFree);
 69820  70082     }
 69821  70083     return nRet;
 69822  70084   }
 69823  70085   
 69824  70086   /*
 69825         -** apCell[] and szCell[] contains pointers to and sizes of all cells in the
 69826         -** pages being balanced.  The current page, pPg, has pPg->nCell cells starting
 69827         -** with apCell[iOld].  After balancing, this page should hold nNew cells
        70087  +** pCArray contains pointers to and sizes of all cells in the page being
        70088  +** balanced.  The current page, pPg, has pPg->nCell cells starting with
        70089  +** pCArray->apCell[iOld].  After balancing, this page should hold nNew cells
 69828  70090   ** starting at apCell[iNew].
 69829  70091   **
 69830  70092   ** This routine makes the necessary adjustments to pPg so that it contains
 69831  70093   ** the correct cells after being balanced.
 69832  70094   **
 69833  70095   ** The pPg->nFree field is invalid when this function returns. It is the
 69834  70096   ** responsibility of the caller to set it correctly.
................................................................................
 69852  70114   
 69853  70115   #ifdef SQLITE_DEBUG
 69854  70116     u8 *pTmp = sqlite3PagerTempSpace(pPg->pBt->pPager);
 69855  70117     memcpy(pTmp, aData, pPg->pBt->usableSize);
 69856  70118   #endif
 69857  70119   
 69858  70120     /* Remove cells from the start and end of the page */
        70121  +  assert( nCell>=0 );
 69859  70122     if( iOld<iNew ){
 69860  70123       int nShift = pageFreeArray(pPg, iOld, iNew-iOld, pCArray);
        70124  +    if( nShift>nCell ) return SQLITE_CORRUPT_BKPT;
 69861  70125       memmove(pPg->aCellIdx, &pPg->aCellIdx[nShift*2], nCell*2);
 69862  70126       nCell -= nShift;
 69863  70127     }
 69864  70128     if( iNewEnd < iOldEnd ){
 69865         -    nCell -= pageFreeArray(pPg, iNewEnd, iOldEnd - iNewEnd, pCArray);
        70129  +    int nTail = pageFreeArray(pPg, iNewEnd, iOldEnd - iNewEnd, pCArray);
        70130  +    assert( nCell>=nTail );
        70131  +    nCell -= nTail;
 69866  70132     }
 69867  70133   
 69868  70134     pData = &aData[get2byteNotZero(&aData[hdr+5])];
 69869  70135     if( pData<pBegin ) goto editpage_fail;
 69870  70136   
 69871  70137     /* Add cells to the start of the page */
 69872  70138     if( iNew<iOld ){
 69873  70139       int nAdd = MIN(nNew,iOld-iNew);
 69874  70140       assert( (iOld-iNew)<nNew || nCell==0 || CORRUPT_DB );
        70141  +    assert( nAdd>=0 );
 69875  70142       pCellptr = pPg->aCellIdx;
 69876  70143       memmove(&pCellptr[nAdd*2], pCellptr, nCell*2);
 69877  70144       if( pageInsertArray(
 69878  70145             pPg, pBegin, &pData, pCellptr,
 69879  70146             iNew, nAdd, pCArray
 69880  70147       ) ) goto editpage_fail;
 69881  70148       nCell += nAdd;
................................................................................
 69882  70149     }
 69883  70150   
 69884  70151     /* Add any overflow cells */
 69885  70152     for(i=0; i<pPg->nOverflow; i++){
 69886  70153       int iCell = (iOld + pPg->aiOvfl[i]) - iNew;
 69887  70154       if( iCell>=0 && iCell<nNew ){
 69888  70155         pCellptr = &pPg->aCellIdx[iCell * 2];
        70156  +      assert( nCell>=iCell );
 69889  70157         memmove(&pCellptr[2], pCellptr, (nCell - iCell) * 2);
 69890  70158         nCell++;
 69891  70159         if( pageInsertArray(
 69892  70160               pPg, pBegin, &pData, pCellptr,
 69893  70161               iCell+iNew, 1, pCArray
 69894  70162         ) ) goto editpage_fail;
 69895  70163       }
 69896  70164     }
 69897  70165   
 69898  70166     /* Append cells to the end of the page */
        70167  +  assert( nCell>=0 );
 69899  70168     pCellptr = &pPg->aCellIdx[nCell*2];
 69900  70169     if( pageInsertArray(
 69901  70170           pPg, pBegin, &pData, pCellptr,
 69902  70171           iNew+nCell, nNew-nCell, pCArray
 69903  70172     ) ) goto editpage_fail;
 69904  70173   
 69905  70174     pPg->nCell = nNew;
................................................................................
 69920  70189     }
 69921  70190   #endif
 69922  70191   
 69923  70192     return SQLITE_OK;
 69924  70193    editpage_fail:
 69925  70194     /* Unable to edit this page. Rebuild it from scratch instead. */
 69926  70195     populateCellCache(pCArray, iNew, nNew);
 69927         -  return rebuildPage(pPg, nNew, &pCArray->apCell[iNew], &pCArray->szCell[iNew]);
        70196  +  return rebuildPage(pCArray, iNew, nNew, pPg);
 69928  70197   }
 69929  70198   
 69930         -/*
 69931         -** The following parameters determine how many adjacent pages get involved
 69932         -** in a balancing operation.  NN is the number of neighbors on either side
 69933         -** of the page that participate in the balancing operation.  NB is the
 69934         -** total number of pages that participate, including the target page and
 69935         -** NN neighbors on either side.
 69936         -**
 69937         -** The minimum value of NN is 1 (of course).  Increasing NN above 1
 69938         -** (to 2 or 3) gives a modest improvement in SELECT and DELETE performance
 69939         -** in exchange for a larger degradation in INSERT and UPDATE performance.
 69940         -** The value of NN appears to give the best results overall.
 69941         -*/
 69942         -#define NN 1             /* Number of neighbors on either side of pPage */
 69943         -#define NB (NN*2+1)      /* Total pages involved in the balance */
 69944         -
 69945  70199   
 69946  70200   #ifndef SQLITE_OMIT_QUICKBALANCE
 69947  70201   /*
 69948  70202   ** This version of balance() handles the common special case where
 69949  70203   ** a new entry is being inserted on the extreme right-end of the
 69950  70204   ** tree, in other words, when the new entry will become the largest
 69951  70205   ** entry in the tree.
................................................................................
 69973  70227     int rc;                              /* Return Code */
 69974  70228     Pgno pgnoNew;                        /* Page number of pNew */
 69975  70229   
 69976  70230     assert( sqlite3_mutex_held(pPage->pBt->mutex) );
 69977  70231     assert( sqlite3PagerIswriteable(pParent->pDbPage) );
 69978  70232     assert( pPage->nOverflow==1 );
 69979  70233   
 69980         -  /* This error condition is now caught prior to reaching this function */
 69981         -  if( NEVER(pPage->nCell==0) ) return SQLITE_CORRUPT_BKPT;
        70234  +  if( pPage->nCell==0 ) return SQLITE_CORRUPT_BKPT;  /* dbfuzz001.test */
 69982  70235   
 69983  70236     /* Allocate a new page. This page will become the right-sibling of 
 69984  70237     ** pPage. Make the parent page writable, so that the new divider cell
 69985  70238     ** may be inserted. If both these operations are successful, proceed.
 69986  70239     */
 69987  70240     rc = allocateBtreePage(pBt, &pNew, &pgnoNew, 0, 0);
 69988  70241   
 69989  70242     if( rc==SQLITE_OK ){
 69990  70243   
 69991  70244       u8 *pOut = &pSpace[4];
 69992  70245       u8 *pCell = pPage->apOvfl[0];
 69993  70246       u16 szCell = pPage->xCellSize(pPage, pCell);
 69994  70247       u8 *pStop;
        70248  +    CellArray b;
 69995  70249   
 69996  70250       assert( sqlite3PagerIswriteable(pNew->pDbPage) );
 69997         -    assert( pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
        70251  +    assert( CORRUPT_DB || pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
 69998  70252       zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
 69999         -    rc = rebuildPage(pNew, 1, &pCell, &szCell);
 70000         -    if( NEVER(rc) ) return rc;
        70253  +    b.nCell = 1;
        70254  +    b.pRef = pPage;
        70255  +    b.apCell = &pCell;
        70256  +    b.szCell = &szCell;
        70257  +    b.apEnd[0] = pPage->aDataEnd;
        70258  +    b.ixNx[0] = 2;
        70259  +    rc = rebuildPage(&b, 0, 1, pNew);
        70260  +    if( NEVER(rc) ){
        70261  +      releasePage(pNew);
        70262  +      return rc;
        70263  +    }
 70001  70264       pNew->nFree = pBt->usableSize - pNew->cellOffset - 2 - szCell;
 70002  70265   
 70003  70266       /* If this is an auto-vacuum database, update the pointer map
 70004  70267       ** with entries for the new page, and any pointer from the 
 70005  70268       ** cell on the page to an overflow page. If either of these
 70006  70269       ** operations fails, the return code is set, but the contents
 70007  70270       ** of the parent page are still manipulated by thh code below.
................................................................................
 70008  70271       ** That is Ok, at this point the parent page is guaranteed to
 70009  70272       ** be marked as dirty. Returning an error code will cause a
 70010  70273       ** rollback, undoing any changes made to the parent page.
 70011  70274       */
 70012  70275       if( ISAUTOVACUUM ){
 70013  70276         ptrmapPut(pBt, pgnoNew, PTRMAP_BTREE, pParent->pgno, &rc);
 70014  70277         if( szCell>pNew->minLocal ){
 70015         -        ptrmapPutOvflPtr(pNew, pCell, &rc);
        70278  +        ptrmapPutOvflPtr(pNew, pNew, pCell, &rc);
 70016  70279         }
 70017  70280       }
 70018  70281     
 70019  70282       /* Create a divider cell to insert into pParent. The divider cell
 70020  70283       ** consists of a 4-byte page number (the page number of pPage) and
 70021  70284       ** a variable length key value (which must be the same value as the
 70022  70285       ** largest key on pPage).
................................................................................
 70231  70494     memset(abDone, 0, sizeof(abDone));
 70232  70495     b.nCell = 0;
 70233  70496     b.apCell = 0;
 70234  70497     pBt = pParent->pBt;
 70235  70498     assert( sqlite3_mutex_held(pBt->mutex) );
 70236  70499     assert( sqlite3PagerIswriteable(pParent->pDbPage) );
 70237  70500   
 70238         -#if 0
 70239         -  TRACE(("BALANCE: begin page %d child of %d\n", pPage->pgno, pParent->pgno));
 70240         -#endif
 70241         -
 70242  70501     /* At this point pParent may have at most one overflow cell. And if
 70243  70502     ** this overflow cell is present, it must be the cell with 
 70244  70503     ** index iParentIdx. This scenario comes about when this function
 70245  70504     ** is called (indirectly) from sqlite3BtreeDelete().
 70246  70505     */
 70247  70506     assert( pParent->nOverflow==0 || pParent->nOverflow==1 );
 70248  70507     assert( pParent->nOverflow==0 || pParent->aiOvfl[0]==iParentIdx );
................................................................................
 70475  70734     **    szNew[i]: Spaced used on the i-th sibling page.
 70476  70735     **   cntNew[i]: Index in b.apCell[] and b.szCell[] for the first cell to
 70477  70736     **              the right of the i-th sibling page.
 70478  70737     ** usableSpace: Number of bytes of space available on each sibling.
 70479  70738     ** 
 70480  70739     */
 70481  70740     usableSpace = pBt->usableSize - 12 + leafCorrection;
 70482         -  for(i=0; i<nOld; i++){
        70741  +  for(i=k=0; i<nOld; i++, k++){
 70483  70742       MemPage *p = apOld[i];
        70743  +    b.apEnd[k] = p->aDataEnd;
        70744  +    b.ixNx[k] = cntOld[i];
        70745  +    if( !leafData ){
        70746  +      k++;
        70747  +      b.apEnd[k] = pParent->aDataEnd;
        70748  +      b.ixNx[k] = cntOld[i]+1;
        70749  +    }
 70484  70750       szNew[i] = usableSpace - p->nFree;
 70485  70751       for(j=0; j<p->nOverflow; j++){
 70486  70752         szNew[i] += 2 + p->xCellSize(p, p->apOvfl[j]);
 70487  70753       }
 70488  70754       cntNew[i] = cntOld[i];
 70489  70755     }
 70490  70756     k = nOld;
................................................................................
 70700  70966     **
 70701  70967     ** If the sibling pages are not leaves, then the pointer map entry 
 70702  70968     ** associated with the right-child of each sibling may also need to be 
 70703  70969     ** updated. This happens below, after the sibling pages have been 
 70704  70970     ** populated, not here.
 70705  70971     */
 70706  70972     if( ISAUTOVACUUM ){
 70707         -    MemPage *pNew = apNew[0];
        70973  +    MemPage *pOld;
        70974  +    MemPage *pNew = pOld = apNew[0];
 70708  70975       u8 *aOld = pNew->aData;
 70709  70976       int cntOldNext = pNew->nCell + pNew->nOverflow;
 70710  70977       int usableSize = pBt->usableSize;
 70711  70978       int iNew = 0;
 70712  70979       int iOld = 0;
 70713  70980   
 70714  70981       for(i=0; i<b.nCell; i++){
 70715  70982         u8 *pCell = b.apCell[i];
 70716  70983         if( i==cntOldNext ){
 70717         -        MemPage *pOld = (++iOld)<nNew ? apNew[iOld] : apOld[iOld];
        70984  +        pOld = (++iOld)<nNew ? apNew[iOld] : apOld[iOld];
 70718  70985           cntOldNext += pOld->nCell + pOld->nOverflow + !leafData;
 70719  70986           aOld = pOld->aData;
 70720  70987         }
 70721  70988         if( i==cntNew[iNew] ){
 70722  70989           pNew = apNew[++iNew];
 70723  70990           if( !leafData ) continue;
 70724  70991         }
................................................................................
 70733  71000          || pNew->pgno!=aPgno[iOld]
 70734  71001          || !SQLITE_WITHIN(pCell,aOld,&aOld[usableSize])
 70735  71002         ){
 70736  71003           if( !leafCorrection ){
 70737  71004             ptrmapPut(pBt, get4byte(pCell), PTRMAP_BTREE, pNew->pgno, &rc);
 70738  71005           }
 70739  71006           if( cachedCellSize(&b,i)>pNew->minLocal ){
 70740         -          ptrmapPutOvflPtr(pNew, pCell, &rc);
        71007  +          ptrmapPutOvflPtr(pNew, pOld, pCell, &rc);
 70741  71008           }
 70742  71009           if( rc ) goto balance_cleanup;
 70743  71010         }
 70744  71011       }
 70745  71012     }
 70746  71013   
 70747  71014     /* Insert new divider cells into pParent. */
................................................................................
 71157  71424                                    iAmt-nData);
 71158  71425         if( rc ) return rc;
 71159  71426         iAmt = nData;
 71160  71427       }
 71161  71428       if( memcmp(pDest, ((u8*)pX->pData) + iOffset, iAmt)!=0 ){
 71162  71429         int rc = sqlite3PagerWrite(pPage->pDbPage);
 71163  71430         if( rc ) return rc;
 71164         -      memcpy(pDest, ((u8*)pX->pData) + iOffset, iAmt);
        71431  +      /* In a corrupt database, it is possible for the source and destination
        71432  +      ** buffers to overlap.  This is harmless since the database is already
        71433  +      ** corrupt but it does cause valgrind and ASAN warnings.  So use
        71434  +      ** memmove(). */
        71435  +      memmove(pDest, ((u8*)pX->pData) + iOffset, iAmt);
 71165  71436       }
 71166  71437     }
 71167  71438     return SQLITE_OK;
 71168  71439   }
 71169  71440   
 71170  71441   /*
 71171  71442   ** Overwrite the cell that cursor pCur is pointing to with fresh content
................................................................................
 71552  71823     **
 71553  71824     ** Or, if the current delete will not cause a rebalance, then the cursor
 71554  71825     ** will be left in CURSOR_SKIPNEXT state pointing to the entry immediately
 71555  71826     ** before or after the deleted entry. In this case set bSkipnext to true.  */
 71556  71827     if( bPreserve ){
 71557  71828       if( !pPage->leaf 
 71558  71829        || (pPage->nFree+cellSizePtr(pPage,pCell)+2)>(int)(pBt->usableSize*2/3)
        71830  +     || pPage->nCell==1  /* See dbfuzz001.test for a test case */
 71559  71831       ){
 71560  71832         /* A b-tree rebalance will be required after deleting this entry.
 71561  71833         ** Save the cursor key.  */
 71562  71834         rc = saveCursorKey(pCur);
 71563  71835         if( rc ) return rc;
 71564  71836       }else{
 71565  71837         bSkipnext = 1;
................................................................................
 72330  72602       N--;
 72331  72603       if( sqlite3PagerGet(pCheck->pPager, (Pgno)iPage, &pOvflPage, 0) ){
 72332  72604         checkAppendMsg(pCheck, "failed to get page %d", iPage);
 72333  72605         break;
 72334  72606       }
 72335  72607       pOvflData = (unsigned char *)sqlite3PagerGetData(pOvflPage);
 72336  72608       if( isFreeList ){
 72337         -      int n = get4byte(&pOvflData[4]);
        72609  +      u32 n = (u32)get4byte(&pOvflData[4]);
 72338  72610   #ifndef SQLITE_OMIT_AUTOVACUUM
 72339  72611         if( pCheck->pBt->autoVacuum ){
 72340  72612           checkPtrmap(pCheck, iPage, PTRMAP_FREEPAGE, 0);
 72341  72613         }
 72342  72614   #endif
 72343         -      if( n>(int)pCheck->pBt->usableSize/4-2 ){
        72615  +      if( n>pCheck->pBt->usableSize/4-2 ){
 72344  72616           checkAppendMsg(pCheck,
 72345  72617              "freelist leaf count too big on page %d", iPage);
 72346  72618           N--;
 72347  72619         }else{
 72348         -        for(i=0; i<n; i++){
        72620  +        for(i=0; i<(int)n; i++){
 72349  72621             Pgno iFreePage = get4byte(&pOvflData[8+i*4]);
 72350  72622   #ifndef SQLITE_OMIT_AUTOVACUUM
 72351  72623             if( pCheck->pBt->autoVacuum ){
 72352  72624               checkPtrmap(pCheck, iFreePage, PTRMAP_FREEPAGE, 0);
 72353  72625             }
 72354  72626   #endif
 72355  72627             checkRef(pCheck, iFreePage);
................................................................................
 72718  72990     int nRoot,    /* Number of entries in aRoot[] */
 72719  72991     int mxErr,    /* Stop reporting errors after this many */
 72720  72992     int *pnErr    /* Write number of errors seen to this variable */
 72721  72993   ){
 72722  72994     Pgno i;
 72723  72995     IntegrityCk sCheck;
 72724  72996     BtShared *pBt = p->pBt;
 72725         -  int savedDbFlags = pBt->db->flags;
        72997  +  u64 savedDbFlags = pBt->db->flags;
 72726  72998     char zErr[100];
 72727  72999     VVA_ONLY( int nRef );
 72728  73000   
 72729  73001     sqlite3BtreeEnter(p);
 72730  73002     assert( p->inTrans>TRANS_NONE && pBt->inTransaction>TRANS_NONE );
 72731  73003     VVA_ONLY( nRef = sqlite3PagerRefcount(pBt->pPager) );
 72732  73004     assert( nRef>=0 );
................................................................................
 72785  73057     }else if( get4byte(&pBt->pPage1->aData[64])!=0 ){
 72786  73058       checkAppendMsg(&sCheck,
 72787  73059         "incremental_vacuum enabled with a max rootpage of zero"
 72788  73060       );
 72789  73061     }
 72790  73062   #endif
 72791  73063     testcase( pBt->db->flags & SQLITE_CellSizeCk );
 72792         -  pBt->db->flags &= ~SQLITE_CellSizeCk;
        73064  +  pBt->db->flags &= ~(u64)SQLITE_CellSizeCk;
 72793  73065     for(i=0; (int)i<nRoot && sCheck.mxErr; i++){
 72794  73066       i64 notUsed;
 72795  73067       if( aRoot[i]==0 ) continue;
 72796  73068   #ifndef SQLITE_OMIT_AUTOVACUUM
 72797  73069       if( pBt->autoVacuum && aRoot[i]>1 ){
 72798  73070         checkPtrmap(&sCheck, aRoot[i], PTRMAP_ROOTPAGE, 0);
 72799  73071       }
................................................................................
 74173  74445   ** and MEM_Blob values may be discarded, MEM_Int, MEM_Real, and MEM_Null
 74174  74446   ** values are preserved.
 74175  74447   **
 74176  74448   ** Return SQLITE_OK on success or an error code (probably SQLITE_NOMEM)
 74177  74449   ** if unable to complete the resizing.
 74178  74450   */
 74179  74451   SQLITE_PRIVATE int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
 74180         -  assert( szNew>0 );
        74452  +  assert( CORRUPT_DB || szNew>0 );
 74181  74453     assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
 74182  74454     if( pMem->szMalloc<szNew ){
 74183  74455       return sqlite3VdbeMemGrow(pMem, szNew, 0);
 74184  74456     }
 74185  74457     assert( (pMem->flags & MEM_Dyn)==0 );
 74186  74458     pMem->z = pMem->zMalloc;
 74187  74459     pMem->flags &= (MEM_Null|MEM_Int|MEM_Real);
................................................................................
 75054  75326     BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
 75055  75327     u32 offset,       /* Offset from the start of data to return bytes from. */
 75056  75328     u32 amt,          /* Number of bytes to return. */
 75057  75329     Mem *pMem         /* OUT: Return data in this Mem structure. */
 75058  75330   ){
 75059  75331     int rc;
 75060  75332     pMem->flags = MEM_Null;
        75333  +  if( sqlite3BtreeMaxRecordSize(pCur)<offset+amt ){
        75334  +    return SQLITE_CORRUPT_BKPT;
        75335  +  }
 75061  75336     if( SQLITE_OK==(rc = sqlite3VdbeMemClearAndResize(pMem, amt+1)) ){
 75062  75337       rc = sqlite3BtreePayload(pCur, offset, amt, pMem->z);
 75063  75338       if( rc==SQLITE_OK ){
 75064  75339         pMem->z[amt] = 0;   /* Overrun area used when reading malformed records */
 75065  75340         pMem->flags = MEM_Blob;
 75066  75341         pMem->n = (int)amt;
 75067  75342       }else{
................................................................................
 75460  75735   #endif
 75461  75736   #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
 75462  75737     else if( op==TK_FUNCTION && pCtx!=0 ){
 75463  75738       rc = valueFromFunction(db, pExpr, enc, affinity, &pVal, pCtx);
 75464  75739     }
 75465  75740   #endif
 75466  75741     else if( op==TK_TRUEFALSE ){
 75467         -     pVal = valueNew(db, pCtx);
 75468         -     pVal->flags = MEM_Int;
 75469         -     pVal->u.i = pExpr->u.zToken[4]==0;
        75742  +    pVal = valueNew(db, pCtx);
        75743  +    if( pVal ){
        75744  +      pVal->flags = MEM_Int;
        75745  +      pVal->u.i = pExpr->u.zToken[4]==0;
        75746  +    }
 75470  75747     }
 75471  75748   
 75472  75749     *ppVal = pVal;
 75473  75750     return rc;
 75474  75751   
 75475  75752   no_mem:
 75476  75753   #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
................................................................................
 75855  76132     p->pPrev = 0;
 75856  76133     db->pVdbe = p;
 75857  76134     p->magic = VDBE_MAGIC_INIT;
 75858  76135     p->pParse = pParse;
 75859  76136     pParse->pVdbe = p;
 75860  76137     assert( pParse->aLabel==0 );
 75861  76138     assert( pParse->nLabel==0 );
 75862         -  assert( pParse->nOpAlloc==0 );
        76139  +  assert( p->nOpAlloc==0 );
 75863  76140     assert( pParse->szOpAlloc==0 );
 75864  76141     sqlite3VdbeAddOp2(p, OP_Init, 0, 1);
 75865  76142     return p;
 75866  76143   }
 75867  76144   
 75868  76145   /*
 75869  76146   ** Change the error string stored in Vdbe.zErrMsg
................................................................................
 75883  76160     if( p==0 ) return;
 75884  76161     p->prepFlags = prepFlags;
 75885  76162     if( (prepFlags & SQLITE_PREPARE_SAVESQL)==0 ){
 75886  76163       p->expmask = 0;
 75887  76164     }
 75888  76165     assert( p->zSql==0 );
 75889  76166     p->zSql = sqlite3DbStrNDup(p->db, z, n);
        76167  +}
        76168  +
        76169  +#ifdef SQLITE_ENABLE_NORMALIZE
        76170  +/*
        76171  +** Add a new element to the Vdbe->pDblStr list.
        76172  +*/
        76173  +SQLITE_PRIVATE void sqlite3VdbeAddDblquoteStr(sqlite3 *db, Vdbe *p, const char *z){
        76174  +  if( p ){
        76175  +    int n = sqlite3Strlen30(z);
        76176  +    DblquoteStr *pStr = sqlite3DbMallocRawNN(db,
        76177  +                            sizeof(*pStr)+n+1-sizeof(pStr->z));
        76178  +    if( pStr ){
        76179  +      pStr->pNextStr = p->pDblStr;
        76180  +      p->pDblStr = pStr;
        76181  +      memcpy(pStr->z, z, n+1);
        76182  +    }
        76183  +  }
        76184  +}
        76185  +#endif
        76186  +
 75890  76187   #ifdef SQLITE_ENABLE_NORMALIZE
 75891         -  assert( p->zNormSql==0 );
 75892         -  if( p->zSql && (prepFlags & SQLITE_PREPARE_NORMALIZE)!=0 ){
 75893         -    sqlite3Normalize(p, p->zSql, n, prepFlags);
 75894         -    assert( p->zNormSql!=0 || p->db->mallocFailed );
        76188  +/*
        76189  +** zId of length nId is a double-quoted identifier.  Check to see if
        76190  +** that identifier is really used as a string literal.
        76191  +*/
        76192  +SQLITE_PRIVATE int sqlite3VdbeUsesDoubleQuotedString(
        76193  +  Vdbe *pVdbe,            /* The prepared statement */
        76194  +  const char *zId         /* The double-quoted identifier, already dequoted */
        76195  +){
        76196  +  DblquoteStr *pStr;
        76197  +  assert( zId!=0 );
        76198  +  if( pVdbe->pDblStr==0 ) return 0;
        76199  +  for(pStr=pVdbe->pDblStr; pStr; pStr=pStr->pNextStr){
        76200  +    if( strcmp(zId, pStr->z)==0 ) return 1;
 75895  76201     }
        76202  +  return 0;
        76203  +}
 75896  76204   #endif
 75897         -}
 75898  76205   
 75899  76206   /*
 75900  76207   ** Swap all content between two VDBE structures.
 75901  76208   */
 75902  76209   SQLITE_PRIVATE void sqlite3VdbeSwap(Vdbe *pA, Vdbe *pB){
 75903  76210     Vdbe tmp, *pTmp;
 75904  76211     char *zTmp;
................................................................................
 75911  76218     pB->pNext = pTmp;
 75912  76219     pTmp = pA->pPrev;
 75913  76220     pA->pPrev = pB->pPrev;
 75914  76221     pB->pPrev = pTmp;
 75915  76222     zTmp = pA->zSql;
 75916  76223     pA->zSql = pB->zSql;
 75917  76224     pB->zSql = zTmp;
 75918         -#ifdef SQLITE_ENABLE_NORMALIZE
        76225  +#if 0
 75919  76226     zTmp = pA->zNormSql;
 75920  76227     pA->zNormSql = pB->zNormSql;
 75921  76228     pB->zNormSql = zTmp;
 75922  76229   #endif
 75923  76230     pB->expmask = pA->expmask;
 75924  76231     pB->prepFlags = pA->prepFlags;
 75925  76232     memcpy(pB->aCounter, pA->aCounter, sizeof(pB->aCounter));
................................................................................
 75928  76235   
 75929  76236   /*
 75930  76237   ** Resize the Vdbe.aOp array so that it is at least nOp elements larger 
 75931  76238   ** than its current size. nOp is guaranteed to be less than or equal
 75932  76239   ** to 1024/sizeof(Op).
 75933  76240   **
 75934  76241   ** If an out-of-memory error occurs while resizing the array, return
 75935         -** SQLITE_NOMEM. In this case Vdbe.aOp and Parse.nOpAlloc remain 
        76242  +** SQLITE_NOMEM. In this case Vdbe.aOp and Vdbe.nOpAlloc remain 
 75936  76243   ** unchanged (this is so that any opcodes already allocated can be 
 75937  76244   ** correctly deallocated along with the rest of the Vdbe).
 75938  76245   */
 75939  76246   static int growOpArray(Vdbe *v, int nOp){
 75940  76247     VdbeOp *pNew;
 75941  76248     Parse *p = v->pParse;
 75942  76249   
................................................................................
 75944  76251     ** more frequent reallocs and hence provide more opportunities for 
 75945  76252     ** simulated OOM faults.  SQLITE_TEST_REALLOC_STRESS is generally used
 75946  76253     ** during testing only.  With SQLITE_TEST_REALLOC_STRESS grow the op array
 75947  76254     ** by the minimum* amount required until the size reaches 512.  Normal
 75948  76255     ** operation (without SQLITE_TEST_REALLOC_STRESS) is to double the current
 75949  76256     ** size of the op array or add 1KB of space, whichever is smaller. */
 75950  76257   #ifdef SQLITE_TEST_REALLOC_STRESS
 75951         -  int nNew = (p->nOpAlloc>=512 ? p->nOpAlloc*2 : p->nOpAlloc+nOp);
        76258  +  int nNew = (v->nOpAlloc>=512 ? v->nOpAlloc*2 : v->nOpAlloc+nOp);
 75952  76259   #else
 75953         -  int nNew = (p->nOpAlloc ? p->nOpAlloc*2 : (int)(1024/sizeof(Op)));
        76260  +  int nNew = (v->nOpAlloc ? v->nOpAlloc*2 : (int)(1024/sizeof(Op)));
 75954  76261     UNUSED_PARAMETER(nOp);
 75955  76262   #endif
 75956  76263   
 75957  76264     /* Ensure that the size of a VDBE does not grow too large */
 75958  76265     if( nNew > p->db->aLimit[SQLITE_LIMIT_VDBE_OP] ){
 75959  76266       sqlite3OomFault(p->db);
 75960  76267       return SQLITE_NOMEM;
 75961  76268     }
 75962  76269   
 75963  76270     assert( nOp<=(1024/sizeof(Op)) );
 75964         -  assert( nNew>=(p->nOpAlloc+nOp) );
        76271  +  assert( nNew>=(v->nOpAlloc+nOp) );
 75965  76272     pNew = sqlite3DbRealloc(p->db, v->aOp, nNew*sizeof(Op));
 75966  76273     if( pNew ){
 75967  76274       p->szOpAlloc = sqlite3DbMallocSize(p->db, pNew);
 75968         -    p->nOpAlloc = p->szOpAlloc/sizeof(Op);
        76275  +    v->nOpAlloc = p->szOpAlloc/sizeof(Op);
 75969  76276       v->aOp = pNew;
 75970  76277     }
 75971  76278     return (pNew ? SQLITE_OK : SQLITE_NOMEM_BKPT);
 75972  76279   }
 75973  76280   
 75974  76281   #ifdef SQLITE_DEBUG
 75975  76282   /* This routine is just a convenient place to set a breakpoint that will
................................................................................
 75995  76302   **    p1, p2, p3      Operands
 75996  76303   **
 75997  76304   ** Use the sqlite3VdbeResolveLabel() function to fix an address and
 75998  76305   ** the sqlite3VdbeChangeP4() function to change the value of the P4
 75999  76306   ** operand.
 76000  76307   */
 76001  76308   static SQLITE_NOINLINE int growOp3(Vdbe *p, int op, int p1, int p2, int p3){
 76002         -  assert( p->pParse->nOpAlloc<=p->nOp );
        76309  +  assert( p->nOpAlloc<=p->nOp );
 76003  76310     if( growOpArray(p, 1) ) return 1;
 76004         -  assert( p->pParse->nOpAlloc>p->nOp );
        76311  +  assert( p->nOpAlloc>p->nOp );
 76005  76312     return sqlite3VdbeAddOp3(p, op, p1, p2, p3);
 76006  76313   }
 76007  76314   SQLITE_PRIVATE int sqlite3VdbeAddOp3(Vdbe *p, int op, int p1, int p2, int p3){
 76008  76315     int i;
 76009  76316     VdbeOp *pOp;
 76010  76317   
 76011  76318     i = p->nOp;
 76012  76319     assert( p->magic==VDBE_MAGIC_INIT );
 76013  76320     assert( op>=0 && op<0xff );
 76014         -  if( p->pParse->nOpAlloc<=i ){
        76321  +  if( p->nOpAlloc<=i ){
 76015  76322       return growOp3(p, op, p1, p2, p3);
 76016  76323     }
 76017  76324     p->nOp++;
 76018  76325     pOp = &p->aOp[i];
 76019  76326     pOp->opcode = (u8)op;
 76020  76327     pOp->p5 = 0;
 76021  76328     pOp->p1 = p1;
................................................................................
 76139  76446     VdbeOp *pOp;
 76140  76447     if( pParse->addrExplain==0 ) return 0;
 76141  76448     pOp = sqlite3VdbeGetOp(pParse->pVdbe, pParse->addrExplain);
 76142  76449     return pOp->p2;
 76143  76450   }
 76144  76451   
 76145  76452   /*
 76146         -** Add a new OP_Explain opcode.
        76453  +** Set a debugger breakpoint on the following routine in order to
        76454  +** monitor the EXPLAIN QUERY PLAN code generation.
        76455  +*/
        76456  +#if defined(SQLITE_DEBUG)
        76457  +SQLITE_PRIVATE void sqlite3ExplainBreakpoint(const char *z1, const char *z2){
        76458  +  (void)z1;
        76459  +  (void)z2;
        76460  +}
        76461  +#endif
        76462  +
        76463  +/*
        76464  +** Add a new OP_ opcode.
 76147  76465   **
 76148  76466   ** If the bPush flag is true, then make this opcode the parent for
 76149  76467   ** subsequent Explains until sqlite3VdbeExplainPop() is called.
 76150  76468   */
 76151  76469   SQLITE_PRIVATE void sqlite3VdbeExplain(Parse *pParse, u8 bPush, const char *zFmt, ...){
 76152         -  if( pParse->explain==2 ){
        76470  +#ifndef SQLITE_DEBUG
        76471  +  /* Always include the OP_Explain opcodes if SQLITE_DEBUG is defined.
        76472  +  ** But omit them (for performance) during production builds */
        76473  +  if( pParse->explain==2 )
        76474  +#endif
        76475  +  {
 76153  76476       char *zMsg;
 76154  76477       Vdbe *v;
 76155  76478       va_list ap;
 76156  76479       int iThis;
 76157  76480       va_start(ap, zFmt);
 76158  76481       zMsg = sqlite3VMPrintf(pParse->db, zFmt, ap);
 76159  76482       va_end(ap);
 76160  76483       v = pParse->pVdbe;
 76161  76484       iThis = v->nOp;
 76162  76485       sqlite3VdbeAddOp4(v, OP_Explain, iThis, pParse->addrExplain, 0,
 76163  76486                         zMsg, P4_DYNAMIC);
 76164         -    if( bPush) pParse->addrExplain = iThis;
        76487  +    sqlite3ExplainBreakpoint(bPush?"PUSH":"", sqlite3VdbeGetOp(v,-1)->p4.z);
        76488  +    if( bPush){
        76489  +      pParse->addrExplain = iThis;
        76490  +    }
 76165  76491     }
 76166  76492   }
 76167  76493   
 76168  76494   /*
 76169  76495   ** Pop the EXPLAIN QUERY PLAN stack one level.
 76170  76496   */
 76171  76497   SQLITE_PRIVATE void sqlite3VdbeExplainPop(Parse *pParse){
        76498  +  sqlite3ExplainBreakpoint("POP", 0);
 76172  76499     pParse->addrExplain = sqlite3VdbeExplainParent(pParse);
 76173  76500   }
 76174  76501   #endif /* SQLITE_OMIT_EXPLAIN */
 76175  76502   
 76176  76503   /*
 76177  76504   ** Add an OP_ParseSchema opcode.  This routine is broken out from
 76178  76505   ** sqlite3VdbeAddOp4() since it needs to also needs to mark all btrees
................................................................................
 76229  76556   ** the label is resolved to a specific address, the VDBE will scan
 76230  76557   ** through its operation list and change all values of P2 which match
 76231  76558   ** the label into the resolved address.
 76232  76559   **
 76233  76560   ** The VDBE knows that a P2 value is a label because labels are
 76234  76561   ** always negative and P2 values are suppose to be non-negative.
 76235  76562   ** Hence, a negative P2 value is a label that has yet to be resolved.
        76563  +** (Later:) This is only true for opcodes that have the OPFLG_JUMP
        76564  +** property.
 76236  76565   **
 76237         -** Zero is returned if a malloc() fails.
        76566  +** Variable usage notes:
        76567  +**
        76568  +**     Parse.aLabel[x]     Stores the address that the x-th label resolves
        76569  +**                         into.  For testing (SQLITE_DEBUG), unresolved
        76570  +**                         labels stores -1, but that is not required.
        76571  +**     Parse.nLabelAlloc   Number of slots allocated to Parse.aLabel[]
        76572  +**     Parse.nLabel        The *negative* of the number of labels that have
        76573  +**                         been issued.  The negative is stored because
        76574  +**                         that gives a performance improvement over storing
        76575  +**                         the equivalent positive value.
 76238  76576   */
 76239         -SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Vdbe *v){
 76240         -  Parse *p = v->pParse;
 76241         -  int i = p->nLabel++;
 76242         -  assert( v->magic==VDBE_MAGIC_INIT );
 76243         -  if( (i & (i-1))==0 ){
 76244         -    p->aLabel = sqlite3DbReallocOrFree(p->db, p->aLabel, 
 76245         -                                       (i*2+1)*sizeof(p->aLabel[0]));
 76246         -  }
 76247         -  if( p->aLabel ){
 76248         -    p->aLabel[i] = -1;
 76249         -  }
 76250         -  return ADDR(i);
        76577  +SQLITE_PRIVATE int sqlite3VdbeMakeLabel(Parse *pParse){
        76578  +  return --pParse->nLabel;
 76251  76579   }
 76252  76580   
 76253  76581   /*
 76254  76582   ** Resolve label "x" to be the address of the next instruction to
 76255  76583   ** be inserted.  The parameter "x" must have been obtained from
 76256  76584   ** a prior call to sqlite3VdbeMakeLabel().
 76257  76585   */
        76586  +static SQLITE_NOINLINE void resizeResolveLabel(Parse *p, Vdbe *v, int j){
        76587  +  int nNewSize = 10 - p->nLabel;
        76588  +  p->aLabel = sqlite3DbReallocOrFree(p->db, p->aLabel,
        76589  +                     nNewSize*sizeof(p->aLabel[0]));
        76590  +  if( p->aLabel==0 ){
        76591  +    p->nLabelAlloc = 0;
        76592  +  }else{
        76593  +#ifdef SQLITE_DEBUG
        76594  +    int i;
        76595  +    for(i=p->nLabelAlloc; i<nNewSize; i++) p->aLabel[i] = -1;
        76596  +#endif
        76597  +    p->nLabelAlloc = nNewSize;
        76598  +    p->aLabel[j] = v->nOp;
        76599  +  }
        76600  +}
 76258  76601   SQLITE_PRIVATE void sqlite3VdbeResolveLabel(Vdbe *v, int x){
 76259  76602     Parse *p = v->pParse;
 76260  76603     int j = ADDR(x);
 76261  76604     assert( v->magic==VDBE_MAGIC_INIT );
 76262         -  assert( j<p->nLabel );
        76605  +  assert( j<-p->nLabel );
 76263  76606     assert( j>=0 );
 76264         -  if( p->aLabel ){
 76265  76607   #ifdef SQLITE_DEBUG
 76266         -    if( p->db->flags & SQLITE_VdbeAddopTrace ){
 76267         -      printf("RESOLVE LABEL %d to %d\n", x, v->nOp);
 76268         -    }
        76608  +  if( p->db->flags & SQLITE_VdbeAddopTrace ){
        76609  +    printf("RESOLVE LABEL %d to %d\n", x, v->nOp);
        76610  +  }
 76269  76611   #endif
        76612  +  if( p->nLabelAlloc + p->nLabel < 0 ){
        76613  +    resizeResolveLabel(p,v,j);
        76614  +  }else{
 76270  76615       assert( p->aLabel[j]==(-1) ); /* Labels may only be resolved once */
 76271  76616       p->aLabel[j] = v->nOp;
 76272  76617     }
 76273  76618   }
 76274  76619   
 76275  76620   /*
 76276  76621   ** Mark the VDBE as one that can only be run one time.
................................................................................
 76387  76732     VdbeOpIter sIter;
 76388  76733     memset(&sIter, 0, sizeof(sIter));
 76389  76734     sIter.v = v;
 76390  76735   
 76391  76736     while( (pOp = opIterNext(&sIter))!=0 ){
 76392  76737       int opcode = pOp->opcode;
 76393  76738       if( opcode==OP_Destroy || opcode==OP_VUpdate || opcode==OP_VRename 
        76739  +     || opcode==OP_VDestroy
 76394  76740        || ((opcode==OP_Halt || opcode==OP_HaltIfNull) 
 76395         -      && ((pOp->p1&0xff)==SQLITE_CONSTRAINT && pOp->p2==OE_Abort))
        76741  +      && ((pOp->p1)!=SQLITE_OK && pOp->p2==OE_Abort))
 76396  76742       ){
 76397  76743         hasAbort = 1;
 76398  76744         break;
 76399  76745       }
 76400  76746       if( opcode==OP_CreateBtree && pOp->p3==BTREE_INTKEY ) hasCreateTable = 1;
 76401  76747       if( opcode==OP_InitCoroutine ) hasInitCoroutine = 1;
 76402  76748   #ifndef SQLITE_OMIT_FOREIGN_KEY
................................................................................
 76537  76883   #endif
 76538  76884           default: {
 76539  76885             if( pOp->p2<0 ){
 76540  76886               /* The mkopcodeh.tcl script has so arranged things that the only
 76541  76887               ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
 76542  76888               ** have non-negative values for P2. */
 76543  76889               assert( (sqlite3OpcodeProperty[pOp->opcode] & OPFLG_JUMP)!=0 );
 76544         -            assert( ADDR(pOp->p2)<pParse->nLabel );
        76890  +            assert( ADDR(pOp->p2)<-pParse->nLabel );
 76545  76891               pOp->p2 = aLabel[ADDR(pOp->p2)];
 76546  76892             }
 76547  76893             break;
 76548  76894           }
 76549  76895         }
 76550  76896         /* The mkopcodeh.tcl script has so arranged things that the only
 76551  76897         ** non-jump opcodes less than SQLITE_MX_JUMP_CODE are guaranteed to
................................................................................
 76576  76922   ** SQLITE_TEST_REALLOC_STRESS).  This interface is used during testing
 76577  76923   ** to verify that certain calls to sqlite3VdbeAddOpList() can never
 76578  76924   ** fail due to a OOM fault and hence that the return value from
 76579  76925   ** sqlite3VdbeAddOpList() will always be non-NULL.
 76580  76926   */
 76581  76927   #if defined(SQLITE_DEBUG) && !defined(SQLITE_TEST_REALLOC_STRESS)
 76582  76928   SQLITE_PRIVATE void sqlite3VdbeVerifyNoMallocRequired(Vdbe *p, int N){
 76583         -  assert( p->nOp + N <= p->pParse->nOpAlloc );
        76929  +  assert( p->nOp + N <= p->nOpAlloc );
 76584  76930   }
 76585  76931   #endif
 76586  76932   
 76587  76933   /*
 76588  76934   ** Verify that the VM passed as the only argument does not contain
 76589  76935   ** an OP_ResultRow opcode. Fail an assert() if it does. This is used
 76590  76936   ** by code in pragma.c to ensure that the implementation of certain
................................................................................
 76648  76994     VdbeOpList const *aOp,       /* The opcodes to be added */
 76649  76995     int iLineno                  /* Source-file line number of first opcode */
 76650  76996   ){
 76651  76997     int i;
 76652  76998     VdbeOp *pOut, *pFirst;
 76653  76999     assert( nOp>0 );
 76654  77000     assert( p->magic==VDBE_MAGIC_INIT );
 76655         -  if( p->nOp + nOp > p->pParse->nOpAlloc && growOpArray(p, nOp) ){
        77001  +  if( p->nOp + nOp > p->nOpAlloc && growOpArray(p, nOp) ){
 76656  77002       return 0;
 76657  77003     }
 76658  77004     pFirst = pOut = &p->aOp[p->nOp];
 76659  77005     for(i=0; i<nOp; i++, aOp++, pOut++){
 76660  77006       pOut->opcode = aOp->opcode;
 76661  77007       pOut->p1 = aOp->p1;
 76662  77008       pOut->p2 = aOp->p2;
................................................................................
 77970  78316     ** requirements by reusing the opcode array tail, then the second
 77971  78317     ** pass will fill in the remainder using a fresh memory allocation.  
 77972  78318     **
 77973  78319     ** This two-pass approach that reuses as much memory as possible from
 77974  78320     ** the leftover memory at the end of the opcode array.  This can significantly
 77975  78321     ** reduce the amount of memory held by a prepared statement.
 77976  78322     */
 77977         -  do {
 77978         -    x.nNeeded = 0;
 77979         -    p->aMem = allocSpace(&x, p->aMem, nMem*sizeof(Mem));
 77980         -    p->aVar = allocSpace(&x, p->aVar, nVar*sizeof(Mem));
 77981         -    p->apArg = allocSpace(&x, p->apArg, nArg*sizeof(Mem*));
 77982         -    p->apCsr = allocSpace(&x, p->apCsr, nCursor*sizeof(VdbeCursor*));
        78323  +  x.nNeeded = 0;
        78324  +  p->aMem = allocSpace(&x, 0, nMem*sizeof(Mem));
        78325  +  p->aVar = allocSpace(&x, 0, nVar*sizeof(Mem));
        78326  +  p->apArg = allocSpace(&x, 0, nArg*sizeof(Mem*));
        78327  +  p->apCsr = allocSpace(&x, 0, nCursor*sizeof(VdbeCursor*));
 77983  78328   #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
 77984         -    p->anExec = allocSpace(&x, p->anExec, p->nOp*sizeof(i64));
        78329  +  p->anExec = allocSpace(&x, 0, p->nOp*sizeof(i64));
 77985  78330   #endif
 77986         -    if( x.nNeeded==0 ) break;
        78331  +  if( x.nNeeded ){
 77987  78332       x.pSpace = p->pFree = sqlite3DbMallocRawNN(db, x.nNeeded);
 77988  78333       x.nFree = x.nNeeded;
 77989         -  }while( !db->mallocFailed );
        78334  +    if( !db->mallocFailed ){
        78335  +      p->aMem = allocSpace(&x, p->aMem, nMem*sizeof(Mem));
        78336  +      p->aVar = allocSpace(&x, p->aVar, nVar*sizeof(Mem));
        78337  +      p->apArg = allocSpace(&x, p->apArg, nArg*sizeof(Mem*));
        78338  +      p->apCsr = allocSpace(&x, p->apCsr, nCursor*sizeof(VdbeCursor*));
        78339  +#ifdef SQLITE_ENABLE_STMT_SCANSTATUS
        78340  +      p->anExec = allocSpace(&x, p->anExec, p->nOp*sizeof(i64));
        78341  +#endif
        78342  +    }
        78343  +  }
 77990  78344   
 77991  78345     p->pVList = pParse->pVList;
 77992  78346     pParse->pVList =  0;
 77993  78347     p->explain = pParse->explain;
 77994  78348     if( db->mallocFailed ){
 77995  78349       p->nVar = 0;
 77996  78350       p->nCursor = 0;
................................................................................
 78674  79028           }else if( rc!=SQLITE_OK ){
 78675  79029             p->rc = rc;
 78676  79030             sqlite3RollbackAll(db, SQLITE_OK);
 78677  79031             p->nChange = 0;
 78678  79032           }else{
 78679  79033             db->nDeferredCons = 0;
 78680  79034             db->nDeferredImmCons = 0;
 78681         -          db->flags &= ~SQLITE_DeferFKs;
        79035  +          db->flags &= ~(u64)SQLITE_DeferFKs;
 78682  79036             sqlite3CommitInternalChanges(db);
 78683  79037           }
 78684  79038         }else{
 78685  79039           sqlite3RollbackAll(db, SQLITE_OK);
 78686  79040           p->nChange = 0;
 78687  79041         }
 78688  79042         db->nStatement = 0;
................................................................................
 78989  79343       sqlite3DbFree(db, p->pFree);
 78990  79344     }
 78991  79345     vdbeFreeOpArray(db, p->aOp, p->nOp);
 78992  79346     sqlite3DbFree(db, p->aColName);
 78993  79347     sqlite3DbFree(db, p->zSql);
 78994  79348   #ifdef SQLITE_ENABLE_NORMALIZE
 78995  79349     sqlite3DbFree(db, p->zNormSql);
        79350  +  {
        79351  +    DblquoteStr *pThis, *pNext;
        79352  +    for(pThis=p->pDblStr; pThis; pThis=pNext){
        79353  +      pNext = pThis->pNextStr;
        79354  +      sqlite3DbFree(db, pThis);
        79355  +    }
        79356  +  }
 78996  79357   #endif
 78997  79358   #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
 78998  79359     {
 78999  79360       int i;
 79000  79361       for(i=0; i<p->nScan; i++){
 79001  79362         sqlite3DbFree(db, p->aScan[i].zName);
 79002  79363       }
................................................................................
 79529  79890   SQLITE_PRIVATE void sqlite3VdbeRecordUnpack(
 79530  79891     KeyInfo *pKeyInfo,     /* Information about the record format */
 79531  79892     int nKey,              /* Size of the binary record */
 79532  79893     const void *pKey,      /* The binary record */
 79533  79894     UnpackedRecord *p      /* Populate this structure before returning. */
 79534  79895   ){
 79535  79896     const unsigned char *aKey = (const unsigned char *)pKey;
 79536         -  int d; 
        79897  +  u32 d; 
 79537  79898     u32 idx;                        /* Offset in aKey[] to read from */
 79538  79899     u16 u;                          /* Unsigned loop counter */
 79539  79900     u32 szHdr;
 79540  79901     Mem *pMem = p->aMem;
 79541  79902   
 79542  79903     p->default_rc = 0;
 79543  79904     assert( EIGHT_BYTE_ALIGNMENT(pMem) );
 79544  79905     idx = getVarint32(aKey, szHdr);
 79545  79906     d = szHdr;
 79546  79907     u = 0;
 79547         -  while( idx<szHdr && d<=nKey ){
        79908  +  while( idx<szHdr && d<=(u32)nKey ){
 79548  79909       u32 serial_type;
 79549  79910   
 79550  79911       idx += getVarint32(&aKey[idx], serial_type);
 79551  79912       pMem->enc = pKeyInfo->enc;
 79552  79913       pMem->db = pKeyInfo->db;
 79553  79914       /* pMem->flags = 0; // sqlite3VdbeSerialGet() will set this for us */
 79554  79915       pMem->szMalloc = 0;
 79555  79916       pMem->z = 0;
 79556  79917       d += sqlite3VdbeSerialGet(&aKey[d], serial_type, pMem);
 79557  79918       pMem++;
 79558  79919       if( (++u)>=p->nField ) break;
 79559  79920     }
        79921  +  if( d>(u32)nKey && u ){
        79922  +    assert( CORRUPT_DB );
        79923  +    /* In a corrupt record entry, the last pMem might have been set up using 
        79924  +    ** uninitialized memory. Overwrite its value with NULL, to prevent
        79925  +    ** warnings from MSAN. */
        79926  +    sqlite3VdbeMemSetNull(pMem-1);
        79927  +  }
 79560  79928     assert( u<=pKeyInfo->nKeyField + 1 );
 79561  79929     p->nField = u;
 79562  79930   }
 79563  79931   
 79564  79932   #ifdef SQLITE_DEBUG
 79565  79933   /*
 79566  79934   ** This function compares two index or table record keys in the same way
................................................................................
 79618  79986   
 79619  79987       /* Verify that there is enough key space remaining to avoid
 79620  79988       ** a buffer overread.  The "d1+serial_type1+2" subexpression will
 79621  79989       ** always be greater than or equal to the amount of required key space.
 79622  79990       ** Use that approximation to avoid the more expensive call to
 79623  79991       ** sqlite3VdbeSerialTypeLen() in the common case.
 79624  79992       */
 79625         -    if( d1+serial_type1+2>(u32)nKey1
 79626         -     && d1+sqlite3VdbeSerialTypeLen(serial_type1)>(u32)nKey1 
        79993  +    if( d1+(u64)serial_type1+2>(u64)nKey1
        79994  +     && d1+(u64)sqlite3VdbeSerialTypeLen(serial_type1)>(u64)nKey1 
 79627  79995       ){
 79628  79996         break;
 79629  79997       }
 79630  79998   
 79631  79999       /* Extract the values to be compared.
 79632  80000       */
 79633  80001       d1 += sqlite3VdbeSerialGet(&aKey1[d1], serial_type1, &mem1);
 79634  80002   
 79635  80003       /* Do the comparison
 79636  80004       */
 79637         -    rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i], pKeyInfo->aColl[i]);
        80005  +    rc = sqlite3MemCompare(&mem1, &pPKey2->aMem[i],
        80006  +                           pKeyInfo->nAllField>i ? pKeyInfo->aColl[i] : 0);
 79638  80007       if( rc!=0 ){
 79639  80008         assert( mem1.szMalloc==0 );  /* See comment below */
 79640  80009         if( pKeyInfo->aSortOrder[i] ){
 79641  80010           rc = -rc;  /* Invert the result for DESC sort order. */
 79642  80011         }
 79643  80012         goto debugCompareEnd;
 79644  80013       }
................................................................................
 79986  80355       szHdr1 = aKey1[0];
 79987  80356       d1 = szHdr1 + sqlite3VdbeSerialTypeLen(s1);
 79988  80357       i = 1;
 79989  80358       pRhs++;
 79990  80359     }else{
 79991  80360       idx1 = getVarint32(aKey1, szHdr1);
 79992  80361       d1 = szHdr1;
 79993         -    if( d1>(unsigned)nKey1 ){ 
 79994         -      pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
 79995         -      return 0;  /* Corruption */
 79996         -    }
 79997  80362       i = 0;
 79998  80363     }
        80364  +  if( d1>(unsigned)nKey1 ){ 
        80365  +    pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
        80366  +    return 0;  /* Corruption */
        80367  +  }
 79999  80368   
 80000  80369     VVA_ONLY( mem1.szMalloc = 0; ) /* Only needed by assert() statements */
 80001  80370     assert( pPKey2->pKeyInfo->nAllField>=pPKey2->nField 
 80002  80371          || CORRUPT_DB );
 80003  80372     assert( pPKey2->pKeyInfo->aSortOrder!=0 );
 80004  80373     assert( pPKey2->pKeyInfo->nKeyField>0 );
 80005  80374     assert( idx1<=szHdr1 || CORRUPT_DB );
................................................................................
 80061  80430           rc = -1;
 80062  80431         }else if( !(serial_type & 0x01) ){
 80063  80432           rc = +1;
 80064  80433         }else{
 80065  80434           mem1.n = (serial_type - 12) / 2;
 80066  80435           testcase( (d1+mem1.n)==(unsigned)nKey1 );
 80067  80436           testcase( (d1+mem1.n+1)==(unsigned)nKey1 );
 80068         -        if( (d1+mem1.n) > (unsigned)nKey1 ){
        80437  +        if( (d1+mem1.n) > (unsigned)nKey1
        80438  +         || (pKeyInfo = pPKey2->pKeyInfo)->nAllField<=i
        80439  +        ){
 80069  80440             pPKey2->errCode = (u8)SQLITE_CORRUPT_BKPT;
 80070  80441             return 0;                /* Corruption */
 80071         -        }else if( (pKeyInfo = pPKey2->pKeyInfo)->aColl[i] ){
        80442  +        }else if( pKeyInfo->aColl[i] ){
 80072  80443             mem1.enc = pKeyInfo->enc;
 80073  80444             mem1.db = pKeyInfo->db;
 80074  80445             mem1.flags = MEM_Str;
 80075  80446             mem1.z = (char*)&aKey1[d1];
 80076  80447             rc = vdbeCompareMemString(
 80077  80448                 &mem1, pRhs, pKeyInfo->aColl[i], &pPKey2->errCode
 80078  80449             );
................................................................................
 80764  81135   ** Invoke the profile callback.  This routine is only called if we already
 80765  81136   ** know that the profile callback is defined and needs to be invoked.
 80766  81137   */
 80767  81138   static SQLITE_NOINLINE void invokeProfileCallback(sqlite3 *db, Vdbe *p){
 80768  81139     sqlite3_int64 iNow;
 80769  81140     sqlite3_int64 iElapse;
 80770  81141     assert( p->startTime>0 );
 80771         -  assert( db->xProfile!=0 || (db->mTrace & SQLITE_TRACE_PROFILE)!=0 );
        81142  +  assert( (db->mTrace & (SQLITE_TRACE_PROFILE|SQLITE_TRACE_XPROFILE))!=0 );
 80772  81143     assert( db->init.busy==0 );
 80773  81144     assert( p->zSql!=0 );
 80774  81145     sqlite3OsCurrentTimeInt64(db->pVfs, &iNow);
 80775  81146     iElapse = (iNow - p->startTime)*1000000;
        81147  +#ifndef SQLITE_OMIT_DEPRECATED  	
 80776  81148     if( db->xProfile ){
 80777  81149       db->xProfile(db->pProfileArg, p->zSql, iElapse);
 80778  81150     }
        81151  +#endif
 80779  81152     if( db->mTrace & SQLITE_TRACE_PROFILE ){
 80780  81153       db->xTrace(SQLITE_TRACE_PROFILE, db->pTraceArg, p, (void*)&iElapse);
 80781  81154     }
 80782  81155     p->startTime = 0;
 80783  81156   }
 80784  81157   /*
 80785  81158   ** The checkProfileCallback(DB,P) macro checks to see if a profile callback
................................................................................
 81285  81658     /* Check that malloc() has not failed. If it has, return early. */
 81286  81659     db = p->db;
 81287  81660     if( db->mallocFailed ){
 81288  81661       p->rc = SQLITE_NOMEM;
 81289  81662       return SQLITE_NOMEM_BKPT;
 81290  81663     }
 81291  81664   
 81292         -  if( p->pc<=0 && p->expired ){
        81665  +  if( p->pc<0 && p->expired ){
 81293  81666       p->rc = SQLITE_SCHEMA;
 81294  81667       rc = SQLITE_ERROR;
 81295  81668       goto end_of_step;
 81296  81669     }
 81297  81670     if( p->pc<0 ){
 81298  81671       /* If there are no other statements currently running, then
 81299  81672       ** reset the interrupt flag.  This prevents a call to sqlite3_interrupt
................................................................................
 81304  81677       }
 81305  81678   
 81306  81679       assert( db->nVdbeWrite>0 || db->autoCommit==0 
 81307  81680           || (db->nDeferredCons==0 && db->nDeferredImmCons==0)
 81308  81681       );
 81309  81682   
 81310  81683   #ifndef SQLITE_OMIT_TRACE
 81311         -    if( (db->xProfile || (db->mTrace & SQLITE_TRACE_PROFILE)!=0)
        81684  +    if( (db->mTrace & (SQLITE_TRACE_PROFILE|SQLITE_TRACE_XPROFILE))!=0
 81312  81685           && !db->init.busy && p->zSql ){
 81313  81686         sqlite3OsCurrentTimeInt64(db->pVfs, &p->startTime);
 81314  81687       }else{
 81315  81688         assert( p->startTime==0 );
 81316  81689       }
 81317  81690   #endif
 81318  81691   
................................................................................
 81331  81704   #endif /* SQLITE_OMIT_EXPLAIN */
 81332  81705     {
 81333  81706       db->nVdbeExec++;
 81334  81707       rc = sqlite3VdbeExec(p);
 81335  81708       db->nVdbeExec--;
 81336  81709     }
 81337  81710   
        81711  +  if( rc!=SQLITE_ROW ){
 81338  81712   #ifndef SQLITE_OMIT_TRACE
 81339         -  /* If the statement completed successfully, invoke the profile callback */
 81340         -  if( rc!=SQLITE_ROW ) checkProfileCallback(db, p);
        81713  +    /* If the statement completed successfully, invoke the profile callback */
        81714  +    checkProfileCallback(db, p);
 81341  81715   #endif
 81342  81716   
 81343         -  if( rc==SQLITE_DONE && db->autoCommit ){
 81344         -    assert( p->rc==SQLITE_OK );
 81345         -    p->rc = doWalCallbacks(db);
 81346         -    if( p->rc!=SQLITE_OK ){
 81347         -      rc = SQLITE_ERROR;
        81717  +    if( rc==SQLITE_DONE && db->autoCommit ){
        81718  +      assert( p->rc==SQLITE_OK );
        81719  +      p->rc = doWalCallbacks(db);
        81720  +      if( p->rc!=SQLITE_OK ){
        81721  +        rc = SQLITE_ERROR;
        81722  +      }
 81348  81723       }
 81349  81724     }
 81350  81725   
 81351  81726     db->errCode = rc;
 81352  81727     if( SQLITE_NOMEM==sqlite3ApiExit(p->db, p->rc) ){
 81353  81728       p->rc = SQLITE_NOMEM_BKPT;
 81354  81729     }
................................................................................
 81360  81735     ** contains the value that would be returned if sqlite3_finalize() 
 81361  81736     ** were called on statement p.
 81362  81737     */
 81363  81738     assert( rc==SQLITE_ROW  || rc==SQLITE_DONE   || rc==SQLITE_ERROR 
 81364  81739          || (rc&0xff)==SQLITE_BUSY || rc==SQLITE_MISUSE
 81365  81740     );
 81366  81741     assert( (p->rc!=SQLITE_ROW && p->rc!=SQLITE_DONE) || p->rc==p->rcApp );
 81367         -  if( (p->prepFlags & SQLITE_PREPARE_SAVESQL)!=0 
 81368         -   && rc!=SQLITE_ROW 
 81369         -   && rc!=SQLITE_DONE 
        81742  +  if( rc!=SQLITE_ROW 
        81743  +   && rc!=SQLITE_DONE
        81744  +   && (p->prepFlags & SQLITE_PREPARE_SAVESQL)!=0
 81370  81745     ){
 81371  81746       /* If this statement was prepared using saved SQL and an 
 81372  81747       ** error has occurred, then return the error code in p->rc to the
 81373  81748       ** caller. Set the error code in the database handle to the same value.
 81374  81749       */ 
 81375  81750       rc = sqlite3VdbeTransferError(p);
 81376  81751     }
................................................................................
 81984  82359       sqlite3_mutex_leave(p->db->mutex);
 81985  82360       return SQLITE_RANGE;
 81986  82361     }
 81987  82362     i--;
 81988  82363     pVar = &p->aVar[i];
 81989  82364     sqlite3VdbeMemRelease(pVar);
 81990  82365     pVar->flags = MEM_Null;
 81991         -  sqlite3Error(p->db, SQLITE_OK);
        82366  +  p->db->errCode = SQLITE_OK;
 81992  82367   
 81993  82368     /* If the bit corresponding to this variable in Vdbe.expmask is set, then 
 81994  82369     ** binding a new value to this variable invalidates the current query plan.
 81995  82370     **
 81996  82371     ** IMPLEMENTATION-OF: R-48440-37595 If the specific value bound to host
 81997  82372     ** parameter in the WHERE clause might influence the choice of query plan
 81998  82373     ** for a statement, then the statement will be automatically recompiled,
................................................................................
 82410  82785   
 82411  82786   #ifdef SQLITE_ENABLE_NORMALIZE
 82412  82787   /*
 82413  82788   ** Return the normalized SQL associated with a prepared statement.
 82414  82789   */
 82415  82790   SQLITE_API const char *sqlite3_normalized_sql(sqlite3_stmt *pStmt){
 82416  82791     Vdbe *p = (Vdbe *)pStmt;
 82417         -  return p ? p->zNormSql : 0;
        82792  +  if( p==0 ) return 0;
        82793  +  if( p->zNormSql==0 && ALWAYS(p->zSql!=0) ){
        82794  +    sqlite3_mutex_enter(p->db->mutex);
        82795  +    p->zNormSql = sqlite3Normalize(p, p->zSql);
        82796  +    sqlite3_mutex_leave(p->db->mutex);
        82797  +  }
        82798  +  return p->zNormSql;
 82418  82799   }
 82419  82800   #endif /* SQLITE_ENABLE_NORMALIZE */
 82420  82801   
 82421  82802   #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
 82422  82803   /*
 82423  82804   ** Allocate and populate an UnpackedRecord structure based on the serialized
 82424  82805   ** record in nKey/pKey. Return a pointer to the new UnpackedRecord structure
................................................................................
 83110  83491     VdbeCursor *pCx = 0;
 83111  83492     nByte = 
 83112  83493         ROUND8(sizeof(VdbeCursor)) + 2*sizeof(u32)*nField + 
 83113  83494         (eCurType==CURTYPE_BTREE?sqlite3BtreeCursorSize():0);
 83114  83495   
 83115  83496     assert( iCur>=0 && iCur<p->nCursor );
 83116  83497     if( p->apCsr[iCur] ){ /*OPTIMIZATION-IF-FALSE*/
        83498  +    /* Before calling sqlite3VdbeFreeCursor(), ensure the isEphemeral flag
        83499  +    ** is clear. Otherwise, if this is an ephemeral cursor created by 
        83500  +    ** OP_OpenDup, the cursor will not be closed and will still be part
        83501  +    ** of a BtShared.pCursor list.  */
        83502  +    p->apCsr[iCur]->isEphemeral = 0;
 83117  83503       sqlite3VdbeFreeCursor(p, p->apCsr[iCur]);
 83118  83504       p->apCsr[iCur] = 0;
 83119  83505     }
 83120  83506     if( SQLITE_OK==sqlite3VdbeMemClearAndResize(pMem, nByte) ){
 83121  83507       p->apCsr[iCur] = pCx = (VdbeCursor*)pMem->z;
 83122  83508       memset(pCx, 0, offsetof(VdbeCursor,pAltCursor));
 83123  83509       pCx->eCurType = eCurType;
................................................................................
 83250  83636   ** interpret as a string if we want to).  Compute its corresponding
 83251  83637   ** numeric type, if has one.  Set the pMem->u.r and pMem->u.i fields
 83252  83638   ** accordingly.
 83253  83639   */
 83254  83640   static u16 SQLITE_NOINLINE computeNumericType(Mem *pMem){
 83255  83641     assert( (pMem->flags & (MEM_Int|MEM_Real))==0 );
 83256  83642     assert( (pMem->flags & (MEM_Str|MEM_Blob))!=0 );
        83643  +  ExpandBlob(pMem);
 83257  83644     if( sqlite3AtoF(pMem->z, &pMem->u.r, pMem->n, pMem->enc)==0 ){
 83258  83645       return 0;
 83259  83646     }
 83260  83647     if( sqlite3Atoi64(pMem->z, &pMem->u.i, pMem->n, pMem->enc)==0 ){
 83261  83648       return MEM_Int;
 83262  83649     }
 83263  83650     return MEM_Real;
................................................................................
 84537  84924         case OP_Divide: {
 84538  84925           /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
 84539  84926           if( rA==(double)0 ) goto arithmetic_result_is_null;
 84540  84927           rB /= rA;
 84541  84928           break;
 84542  84929         }
 84543  84930         default: {
 84544         -        iA = (i64)rA;
 84545         -        iB = (i64)rB;
        84931  +        iA = sqlite3VdbeIntValue(pIn1);
        84932  +        iB = sqlite3VdbeIntValue(pIn2);
 84546  84933           if( iA==0 ) goto arithmetic_result_is_null;
 84547  84934           if( iA==-1 ) iA = 1;
 84548  84935           rB = (double)(iB % iA);
 84549  84936           break;
 84550  84937         }
 84551  84938       }
 84552  84939   #ifdef SQLITE_OMIT_FLOATING_POINT
................................................................................
 84884  85271       if( pOp->p5 & SQLITE_NULLEQ ){
 84885  85272         /* If SQLITE_NULLEQ is set (which will only happen if the operator is
 84886  85273         ** OP_Eq or OP_Ne) then take the jump or not depending on whether
 84887  85274         ** or not both operands are null.
 84888  85275         */
 84889  85276         assert( pOp->opcode==OP_Eq || pOp->opcode==OP_Ne );
 84890  85277         assert( (flags1 & MEM_Cleared)==0 );
 84891         -      assert( (pOp->p5 & SQLITE_JUMPIFNULL)==0 );
        85278  +      assert( (pOp->p5 & SQLITE_JUMPIFNULL)==0 || CORRUPT_DB );
        85279  +      testcase( (pOp->p5 & SQLITE_JUMPIFNULL)!=0 );
 84892  85280         if( (flags1&flags3&MEM_Null)!=0
 84893  85281          && (flags3&MEM_Cleared)==0
 84894  85282         ){
 84895  85283           res = 0;  /* Operands are equal */
 84896  85284         }else{
 84897  85285           res = 1;  /* Operands are not equal */
 84898  85286         }
................................................................................
 86568  86956   
 86569  86957     pCx = allocateCursor(p, pOp->p1, pOrig->nField, -1, CURTYPE_BTREE);
 86570  86958     if( pCx==0 ) goto no_mem;
 86571  86959     pCx->nullRow = 1;
 86572  86960     pCx->isEphemeral = 1;
 86573  86961     pCx->pKeyInfo = pOrig->pKeyInfo;
 86574  86962     pCx->isTable = pOrig->isTable;
 86575         -  rc = sqlite3BtreeCursor(pOrig->pBtx, MASTER_ROOT, BTREE_WRCSR,
        86963  +  pCx->pgnoRoot = pOrig->pgnoRoot;
        86964  +  rc = sqlite3BtreeCursor(pOrig->pBtx, pCx->pgnoRoot, BTREE_WRCSR,
 86576  86965                             pCx->pKeyInfo, pCx->uc.pCursor);
 86577  86966     /* The sqlite3BtreeCursor() routine can only fail for the first cursor
 86578  86967     ** opened for a database.  Since there is already an open cursor when this
 86579  86968     ** opcode is run, the sqlite3BtreeCursor() cannot fail */
 86580  86969     assert( rc==SQLITE_OK );
 86581  86970     break;
 86582  86971   }
................................................................................
 86585  86974   /* Opcode: OpenEphemeral P1 P2 * P4 P5
 86586  86975   ** Synopsis: nColumn=P2
 86587  86976   **
 86588  86977   ** Open a new cursor P1 to a transient table.
 86589  86978   ** The cursor is always opened read/write even if 
 86590  86979   ** the main database is read-only.  The ephemeral
 86591  86980   ** table is deleted automatically when the cursor is closed.
        86981  +**
        86982  +** If the cursor P1 is already opened on an ephemeral table, the table
        86983  +** is cleared (all content is erased).
 86592  86984   **
 86593  86985   ** P2 is the number of columns in the ephemeral table.
 86594  86986   ** The cursor points to a BTree table if P4==0 and to a BTree index
 86595  86987   ** if P4 is not 0.  If P4 is not NULL, it points to a KeyInfo structure
 86596  86988   ** that defines the format of keys in the index.
 86597  86989   **
 86598  86990   ** The P5 parameter can be a mask of the BTREE_* flags defined
................................................................................
 86617  87009         SQLITE_OPEN_READWRITE |
 86618  87010         SQLITE_OPEN_CREATE |
 86619  87011         SQLITE_OPEN_EXCLUSIVE |
 86620  87012         SQLITE_OPEN_DELETEONCLOSE |
 86621  87013         SQLITE_OPEN_TRANSIENT_DB;
 86622  87014     assert( pOp->p1>=0 );
 86623  87015     assert( pOp->p2>=0 );
 86624         -  pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_BTREE);
 86625         -  if( pCx==0 ) goto no_mem;
 86626         -  pCx->nullRow = 1;
 86627         -  pCx->isEphemeral = 1;
 86628         -  rc = sqlite3BtreeOpen(db->pVfs, 0, db, &pCx->pBtx, 
 86629         -                        BTREE_OMIT_JOURNAL | BTREE_SINGLE | pOp->p5, vfsFlags);
 86630         -  if( rc==SQLITE_OK ){
 86631         -    rc = sqlite3BtreeBeginTrans(pCx->pBtx, 1, 0);
 86632         -  }
 86633         -  if( rc==SQLITE_OK ){
 86634         -    /* If a transient index is required, create it by calling
 86635         -    ** sqlite3BtreeCreateTable() with the BTREE_BLOBKEY flag before
 86636         -    ** opening it. If a transient table is required, just use the
 86637         -    ** automatically created table with root-page 1 (an BLOB_INTKEY table).
 86638         -    */
 86639         -    if( (pCx->pKeyInfo = pKeyInfo = pOp->p4.pKeyInfo)!=0 ){
 86640         -      int pgno;
 86641         -      assert( pOp->p4type==P4_KEYINFO );
 86642         -      rc = sqlite3BtreeCreateTable(pCx->pBtx, &pgno, BTREE_BLOBKEY | pOp->p5); 
 86643         -      if( rc==SQLITE_OK ){
 86644         -        assert( pgno==MASTER_ROOT+1 );
 86645         -        assert( pKeyInfo->db==db );
 86646         -        assert( pKeyInfo->enc==ENC(db) );
 86647         -        rc = sqlite3BtreeCursor(pCx->pBtx, pgno, BTREE_WRCSR,
 86648         -                                pKeyInfo, pCx->uc.pCursor);
 86649         -      }
 86650         -      pCx->isTable = 0;
 86651         -    }else{
 86652         -      rc = sqlite3BtreeCursor(pCx->pBtx, MASTER_ROOT, BTREE_WRCSR,
 86653         -                              0, pCx->uc.pCursor);
 86654         -      pCx->isTable = 1;
 86655         -    }
 86656         -  }
 86657         -  if( rc ) goto abort_due_to_error;
 86658         -  pCx->isOrdered = (pOp->p5!=BTREE_UNORDERED);
        87016  +  pCx = p->apCsr[pOp->p1];
        87017  +  if( pCx ){
        87018  +    /* If the ephermeral table is already open, erase all existing content
        87019  +    ** so that the table is empty again, rather than creating a new table. */
        87020  +    rc = sqlite3BtreeClearTable(pCx->pBtx, pCx->pgnoRoot, 0);
        87021  +  }else{
        87022  +    pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_BTREE);
        87023  +    if( pCx==0 ) goto no_mem;
        87024  +    pCx->nullRow = 1;
        87025  +    pCx->isEphemeral = 1;
        87026  +    rc = sqlite3BtreeOpen(db->pVfs, 0, db, &pCx->pBtx, 
        87027  +                          BTREE_OMIT_JOURNAL | BTREE_SINGLE | pOp->p5,
        87028  +                          vfsFlags);
        87029  +    if( rc==SQLITE_OK ){
        87030  +      rc = sqlite3BtreeBeginTrans(pCx->pBtx, 1, 0);
        87031  +    }
        87032  +    if( rc==SQLITE_OK ){
        87033  +      /* If a transient index is required, create it by calling
        87034  +      ** sqlite3BtreeCreateTable() with the BTREE_BLOBKEY flag before
        87035  +      ** opening it. If a transient table is required, just use the
        87036  +      ** automatically created table with root-page 1 (an BLOB_INTKEY table).
        87037  +      */
        87038  +      if( (pCx->pKeyInfo = pKeyInfo = pOp->p4.pKeyInfo)!=0 ){
        87039  +        assert( pOp->p4type==P4_KEYINFO );
        87040  +        rc = sqlite3BtreeCreateTable(pCx->pBtx, (int*)&pCx->pgnoRoot,
        87041  +                                     BTREE_BLOBKEY | pOp->p5); 
        87042  +        if( rc==SQLITE_OK ){
        87043  +          assert( pCx->pgnoRoot==MASTER_ROOT+1 );
        87044  +          assert( pKeyInfo->db==db );
        87045  +          assert( pKeyInfo->enc==ENC(db) );
        87046  +          rc = sqlite3BtreeCursor(pCx->pBtx, pCx->pgnoRoot, BTREE_WRCSR,
        87047  +                                  pKeyInfo, pCx->uc.pCursor);
        87048  +        }
        87049  +        pCx->isTable = 0;
        87050  +      }else{
        87051  +        pCx->pgnoRoot = MASTER_ROOT;
        87052  +        rc = sqlite3BtreeCursor(pCx->pBtx, MASTER_ROOT, BTREE_WRCSR,
        87053  +                                0, pCx->uc.pCursor);
        87054  +        pCx->isTable = 1;
        87055  +      }
        87056  +    }
        87057  +    pCx->isOrdered = (pOp->p5!=BTREE_UNORDERED);
        87058  +  }
        87059  +  if( rc ) goto abort_due_to_error;
 86659  87060     break;
 86660  87061   }
 86661  87062   
 86662  87063   /* Opcode: SorterOpen P1 P2 P3 P4 *
 86663  87064   **
 86664  87065   ** This opcode works like OP_OpenEphemeral except that it opens
 86665  87066   ** a transient index that is specifically designed to sort large
................................................................................
 87301  87702   case OP_NotExists:          /* jump, in3 */
 87302  87703     pIn3 = &aMem[pOp->p3];
 87303  87704     assert( (pIn3->flags & MEM_Int)!=0 || pOp->opcode==OP_SeekRowid );
 87304  87705     assert( pOp->p1>=0 && pOp->p1<p->nCursor );
 87305  87706     pC = p->apCsr[pOp->p1];
 87306  87707     assert( pC!=0 );
 87307  87708   #ifdef SQLITE_DEBUG
 87308         -  pC->seekOp = OP_SeekRowid;
        87709  +  if( pOp->opcode==OP_SeekRowid ) pC->seekOp = OP_SeekRowid;
 87309  87710   #endif
 87310  87711     assert( pC->isTable );
 87311  87712     assert( pC->eCurType==CURTYPE_BTREE );
 87312  87713     pCrsr = pC->uc.pCursor;
 87313  87714     assert( pCrsr!=0 );
 87314  87715     res = 0;
 87315  87716     iKey = pIn3->u.i;
................................................................................
 88209  88610     assert( pOp->opcode!=OP_Prev || pOp->p4.xAdvance==sqlite3BtreePrevious );
 88210  88611   
 88211  88612     /* The Next opcode is only used after SeekGT, SeekGE, Rewind, and Found.
 88212  88613     ** The Prev opcode is only used after SeekLT, SeekLE, and Last. */
 88213  88614     assert( pOp->opcode!=OP_Next
 88214  88615          || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE
 88215  88616          || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found 
 88216         -       || pC->seekOp==OP_NullRow);
        88617  +       || pC->seekOp==OP_NullRow|| pC->seekOp==OP_SeekRowid);
 88217  88618     assert( pOp->opcode!=OP_Prev
 88218  88619          || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE
 88219  88620          || pC->seekOp==OP_Last 
 88220  88621          || pC->seekOp==OP_NullRow);
 88221  88622   
 88222  88623     rc = pOp->p4.xAdvance(pC->uc.pCursor, pOp->p3);
 88223  88624   next_tail:
................................................................................
 88739  89140          db->aDb[iDb].zDbSName, zMaster, pOp->p4.z);
 88740  89141       if( zSql==0 ){
 88741  89142         rc = SQLITE_NOMEM_BKPT;
 88742  89143       }else{
 88743  89144         assert( db->init.busy==0 );
 88744  89145         db->init.busy = 1;
 88745  89146         initData.rc = SQLITE_OK;
        89147  +      initData.nInitRow = 0;
 88746  89148         assert( !db->mallocFailed );
 88747  89149         rc = sqlite3_exec(db, zSql, sqlite3InitCallback, &initData, 0);
 88748  89150         if( rc==SQLITE_OK ) rc = initData.rc;
        89151  +      if( rc==SQLITE_OK && initData.nInitRow==0 ){
        89152  +        /* The OP_ParseSchema opcode with a non-NULL P4 argument should parse
        89153  +        ** at least one SQL statement. Any less than that indicates that
        89154  +        ** the sqlite_master table is corrupt. */
        89155  +        rc = SQLITE_CORRUPT_BKPT;
        89156  +      }
 88749  89157         sqlite3DbFreeNN(db, zSql);
 88750  89158         db->init.busy = 0;
 88751  89159       }
 88752  89160     }
 88753  89161     if( rc ){
 88754  89162       sqlite3ResetAllSchemasOfConnection(db);
 88755  89163       if( rc==SQLITE_NOMEM ){
................................................................................
 89104  89512     p->apCsr = (VdbeCursor **)&aMem[p->nMem];
 89105  89513     pFrame->aOnce = (u8*)&p->apCsr[pProgram->nCsr];
 89106  89514     memset(pFrame->aOnce, 0, (pProgram->nOp + 7)/8);
 89107  89515     p->aOp = aOp = pProgram->aOp;
 89108  89516     p->nOp = pProgram->nOp;
 89109  89517   #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
 89110  89518     p->anExec = 0;
        89519  +#endif
        89520  +#ifdef SQLITE_DEBUG
        89521  +  /* Verify that second and subsequent executions of the same trigger do not
        89522  +  ** try to reuse register values from the first use. */
        89523  +  {
        89524  +    int i;
        89525  +    for(i=0; i<p->nMem; i++){
        89526  +      aMem[i].pScopyFrom = 0;  /* Prevent false-positive AboutToChange() errs */
        89527  +      aMem[i].flags |= MEM_Undefined; /* Cause a fault if this reg is reused */
        89528  +    }
        89529  +  }
 89111  89530   #endif
 89112  89531     pOp = &aOp[-1];
 89113  89532   
 89114  89533     break;
 89115  89534   }
 89116  89535   
 89117  89536   /* Opcode: Param P1 P2 * * *
................................................................................
 89643  90062     sqlite3VdbeChangeEncoding(pOut, encoding);
 89644  90063     if( rc ) goto abort_due_to_error;
 89645  90064     break;
 89646  90065   };
 89647  90066   #endif /* SQLITE_OMIT_PRAGMA */
 89648  90067   
 89649  90068   #if !defined(SQLITE_OMIT_VACUUM) && !defined(SQLITE_OMIT_ATTACH)
 89650         -/* Opcode: Vacuum P1 * * * *
        90069  +/* Opcode: Vacuum P1 P2 * * *
 89651  90070   **
 89652  90071   ** Vacuum the entire database P1.  P1 is 0 for "main", and 2 or more
 89653  90072   ** for an attached database.  The "temp" database may not be vacuumed.
        90073  +**
        90074  +** If P2 is not zero, then it is a register holding a string which is
        90075  +** the file into which the result of vacuum should be written.  When
        90076  +** P2 is zero, the vacuum overwrites the original database.
 89654  90077   */
 89655  90078   case OP_Vacuum: {
 89656  90079     assert( p->readOnly==0 );
 89657         -  rc = sqlite3RunVacuum(&p->zErrMsg, db, pOp->p1);
        90080  +  rc = sqlite3RunVacuum(&p->zErrMsg, db, pOp->p1,
        90081  +                        pOp->p2 ? &aMem[pOp->p2] : 0);
 89658  90082     if( rc ) goto abort_due_to_error;
 89659  90083     break;
 89660  90084   }
 89661  90085   #endif
 89662  90086   
 89663  90087   #if !defined(SQLITE_OMIT_AUTOVACUUM)
 89664  90088   /* Opcode: IncrVacuum P1 P2 * * *
................................................................................
 89802  90226   ** P4 is the name of a virtual table in database P1.  Call the xDestroy method
 89803  90227   ** of that table.
 89804  90228   */
 89805  90229   case OP_VDestroy: {
 89806  90230     db->nVDestroy++;
 89807  90231     rc = sqlite3VtabCallDestroy(db, pOp->p1, pOp->p4.z);
 89808  90232     db->nVDestroy--;
        90233  +  assert( p->errorAction==OE_Abort && p->usesStmtJournal );
 89809  90234     if( rc ) goto abort_due_to_error;
 89810  90235     break;
 89811  90236   }
 89812  90237   #endif /* SQLITE_OMIT_VIRTUALTABLE */
 89813  90238   
 89814  90239   #ifndef SQLITE_OMIT_VIRTUALTABLE
 89815  90240   /* Opcode: VOpen P1 * * P4 *
................................................................................
 90045  90470     assert( pName->flags & MEM_Str );
 90046  90471     testcase( pName->enc==SQLITE_UTF8 );
 90047  90472     testcase( pName->enc==SQLITE_UTF16BE );
 90048  90473     testcase( pName->enc==SQLITE_UTF16LE );
 90049  90474     rc = sqlite3VdbeChangeEncoding(pName, SQLITE_UTF8);
 90050  90475     if( rc ) goto abort_due_to_error;
 90051  90476     rc = pVtab->pModule->xRename(pVtab, pName->z);
 90052         -  if( isLegacy==0 ) db->flags &= ~SQLITE_LegacyAlter;
        90477  +  if( isLegacy==0 ) db->flags &= ~(u64)SQLITE_LegacyAlter;
 90053  90478     sqlite3VtabImportErrmsg(p, pVtab);
 90054  90479     p->expired = 0;
 90055  90480     if( rc ) goto abort_due_to_error;
 90056  90481     break;
 90057  90482   }
 90058  90483   #endif
 90059  90484   
................................................................................
 94272  94697   ** an SQL statement.
 94273  94698   */
 94274  94699   /* #include "sqliteInt.h" */
 94275  94700   /* #include <stdlib.h> */
 94276  94701   /* #include <string.h> */
 94277  94702   
 94278  94703   
        94704  +#if !defined(SQLITE_OMIT_WINDOWFUNC)
        94705  +/*
        94706  +** Walk all expressions linked into the list of Window objects passed
        94707  +** as the second argument.
        94708  +*/
        94709  +static int walkWindowList(Walker *pWalker, Window *pList){
        94710  +  Window *pWin;
        94711  +  for(pWin=pList; pWin; pWin=pWin->pNextWin){
        94712  +    if( sqlite3WalkExprList(pWalker, pWin->pOrderBy) ) return WRC_Abort;
        94713  +    if( sqlite3WalkExprList(pWalker, pWin->pPartition) ) return WRC_Abort;
        94714  +    if( sqlite3WalkExpr(pWalker, pWin->pFilter) ) return WRC_Abort;
        94715  +  }
        94716  +  return WRC_Continue;
        94717  +}
        94718  +#endif
        94719  +
 94279  94720   /*
 94280  94721   ** Walk an expression tree.  Invoke the callback once for each node
 94281  94722   ** of the expression, while descending.  (In other words, the callback
 94282  94723   ** is invoked before visiting children.)
 94283  94724   **
 94284  94725   ** The return value from the callback should be one of the WRC_*
 94285  94726   ** constants to specify how to proceed with the walk.
................................................................................
 94311  94752         }else if( ExprHasProperty(pExpr, EP_xIsSelect) ){
 94312  94753           if( sqlite3WalkSelect(pWalker, pExpr->x.pSelect) ) return WRC_Abort;
 94313  94754         }else if( pExpr->x.pList ){
 94314  94755           if( sqlite3WalkExprList(pWalker, pExpr->x.pList) ) return WRC_Abort;
 94315  94756         }
 94316  94757   #ifndef SQLITE_OMIT_WINDOWFUNC
 94317  94758         if( ExprHasProperty(pExpr, EP_WinFunc) ){
 94318         -        Window *pWin = pExpr->y.pWin;
 94319         -        if( sqlite3WalkExprList(pWalker, pWin->pPartition) ) return WRC_Abort;
 94320         -        if( sqlite3WalkExprList(pWalker, pWin->pOrderBy) ) return WRC_Abort;
 94321         -        if( sqlite3WalkExpr(pWalker, pWin->pFilter) ) return WRC_Abort;
        94759  +        if( walkWindowList(pWalker, pExpr->y.pWin) ) return WRC_Abort;
 94322  94760         }
 94323  94761   #endif
 94324  94762       }
 94325  94763       break;
 94326  94764     }
 94327  94765     return WRC_Continue;
 94328  94766   }
................................................................................
 94354  94792   SQLITE_PRIVATE int sqlite3WalkSelectExpr(Walker *pWalker, Select *p){
 94355  94793     if( sqlite3WalkExprList(pWalker, p->pEList) ) return WRC_Abort;
 94356  94794     if( sqlite3WalkExpr(pWalker, p->pWhere) ) return WRC_Abort;
 94357  94795     if( sqlite3WalkExprList(pWalker, p->pGroupBy) ) return WRC_Abort;
 94358  94796     if( sqlite3WalkExpr(pWalker, p->pHaving) ) return WRC_Abort;
 94359  94797     if( sqlite3WalkExprList(pWalker, p->pOrderBy) ) return WRC_Abort;
 94360  94798     if( sqlite3WalkExpr(pWalker, p->pLimit) ) return WRC_Abort;
        94799  +#if !defined(SQLITE_OMIT_WINDOWFUNC) && !defined(SQLITE_OMIT_ALTERTABLE)
        94800  +  {
        94801  +    Parse *pParse = pWalker->pParse;
        94802  +    if( pParse && IN_RENAME_OBJECT ){
        94803  +      int rc = walkWindowList(pWalker, p->pWinDefn);
        94804  +      assert( rc==WRC_Continue );
        94805  +      return rc;
        94806  +    }
        94807  +  }
        94808  +#endif
 94361  94809     return WRC_Continue;
 94362  94810   }
 94363  94811   
 94364  94812   /*
 94365  94813   ** Walk the parse trees associated with all subqueries in the
 94366  94814   ** FROM clause of SELECT statement p.  Do not invoke the select
 94367  94815   ** callback on p, but do invoke it on each FROM clause subquery
................................................................................
 94505  94953     db = pParse->db;
 94506  94954     pDup = sqlite3ExprDup(db, pOrig, 0);
 94507  94955     if( pDup!=0 ){
 94508  94956       if( zType[0]!='G' ) incrAggFunctionDepth(pDup, nSubquery);
 94509  94957       if( pExpr->op==TK_COLLATE ){
 94510  94958         pDup = sqlite3ExprAddCollateString(pParse, pDup, pExpr->u.zToken);
 94511  94959       }
 94512         -    ExprSetProperty(pDup, EP_Alias);
 94513  94960   
 94514  94961       /* Before calling sqlite3ExprDelete(), set the EP_Static flag. This 
 94515  94962       ** prevents ExprDelete() from deleting the Expr structure itself,
 94516  94963       ** allowing it to be repopulated by the memcpy() on the following line.
 94517  94964       ** The pExpr->u.zToken might point into memory that will be freed by the
 94518  94965       ** sqlite3DbFree(db, pDup) on the last line of this block, so be sure to
 94519  94966       ** make a copy of the token before doing the sqlite3DbFree().
................................................................................
 94899  95346     **
 94900  95347     ** Because no reference was made to outer contexts, the pNC->nRef
 94901  95348     ** fields are not changed in any context.
 94902  95349     */
 94903  95350     if( cnt==0 && zTab==0 ){
 94904  95351       assert( pExpr->op==TK_ID );
 94905  95352       if( ExprHasProperty(pExpr,EP_DblQuoted) ){
        95353  +      /* If a double-quoted identifier does not match any known column name,
        95354  +      ** then treat it as a string.
        95355  +      **
        95356  +      ** This hack was added in the early days of SQLite in a misguided attempt
        95357  +      ** to be compatible with MySQL 3.x, which used double-quotes for strings.
        95358  +      ** I now sorely regret putting in this hack. The effect of this hack is
        95359  +      ** that misspelled identifier names are silently converted into strings
        95360  +      ** rather than causing an error, to the frustration of countless
        95361  +      ** programmers. To all those frustrated programmers, my apologies.
        95362  +      **
        95363  +      ** Someday, I hope to get rid of this hack. Unfortunately there is
        95364  +      ** a huge amount of legacy SQL that uses it. So for now, we just
        95365  +      ** issue a warning.
        95366  +      */
        95367  +      sqlite3_log(SQLITE_WARNING,
        95368  +        "double-quoted string literal: \"%w\"", zCol);
        95369  +#ifdef SQLITE_ENABLE_NORMALIZE
        95370  +      sqlite3VdbeAddDblquoteStr(db, pParse->pVdbe, zCol);
        95371  +#endif
 94906  95372         pExpr->op = TK_STRING;
 94907  95373         pExpr->y.pTab = 0;
 94908  95374         return WRC_Prune;
 94909  95375       }
 94910  95376       if( sqlite3ExprIdToTrueFalse(pExpr) ){
 94911  95377         return WRC_Prune;
 94912  95378       }
................................................................................
 95265  95731           }
 95266  95732         }
 95267  95733         sqlite3WalkExprList(pWalker, pList);
 95268  95734         if( is_agg ){
 95269  95735   #ifndef SQLITE_OMIT_WINDOWFUNC
 95270  95736           if( pExpr->y.pWin ){
 95271  95737             Select *pSel = pNC->pWinSelect;
        95738  +          sqlite3WindowUpdate(pParse, pSel->pWinDefn, pExpr->y.pWin, pDef);
 95272  95739             sqlite3WalkExprList(pWalker, pExpr->y.pWin->pPartition);
 95273  95740             sqlite3WalkExprList(pWalker, pExpr->y.pWin->pOrderBy);
 95274  95741             sqlite3WalkExpr(pWalker, pExpr->y.pWin->pFilter);
 95275         -          sqlite3WindowUpdate(pParse, pSel->pWinDefn, pExpr->y.pWin, pDef);
 95276  95742             if( 0==pSel->pWin 
 95277  95743              || 0==sqlite3WindowCompare(pParse, pSel->pWin, pExpr->y.pWin) 
 95278  95744             ){
 95279  95745               pExpr->y.pWin->pNextWin = pSel->pWin;
 95280  95746               pSel->pWin = pExpr->y.pWin;
 95281  95747             }
 95282  95748             pNC->ncFlags |= NC_AllowWin;
................................................................................
 95545  96011           if( iCol<=0 || iCol>pEList->nExpr ){
 95546  96012             resolveOutOfRangeError(pParse, "ORDER", i+1, pEList->nExpr);
 95547  96013             return 1;
 95548  96014           }
 95549  96015         }else{
 95550  96016           iCol = resolveAsName(pParse, pEList, pE);
 95551  96017           if( iCol==0 ){
 95552         -          pDup = sqlite3ExprDup(db, pE, 0);
        96018  +          /* Now test if expression pE matches one of the values returned
        96019  +          ** by pSelect. In the usual case this is done by duplicating the 
        96020  +          ** expression, resolving any symbols in it, and then comparing
        96021  +          ** it against each expression returned by the SELECT statement.
        96022  +          ** Once the comparisons are finished, the duplicate expression
        96023  +          ** is deleted.
        96024  +          **
        96025  +          ** Or, if this is running as part of an ALTER TABLE operation,
        96026  +          ** resolve the symbols in the actual expression, not a duplicate.
        96027  +          ** And, if one of the comparisons is successful, leave the expression
        96028  +          ** as is instead of transforming it to an integer as in the usual
        96029  +          ** case. This allows the code in alter.c to modify column
        96030  +          ** refererences within the ORDER BY expression as required.  */
        96031  +          if( IN_RENAME_OBJECT ){
        96032  +            pDup = pE;
        96033  +          }else{
        96034  +            pDup = sqlite3ExprDup(db, pE, 0);
        96035  +          }
 95553  96036             if( !db->mallocFailed ){
 95554  96037               assert(pDup);
 95555  96038               iCol = resolveOrderByTermToExprList(pParse, pSelect, pDup);
 95556  96039             }
 95557         -          sqlite3ExprDelete(db, pDup);
        96040  +          if( !IN_RENAME_OBJECT ){
        96041  +            sqlite3ExprDelete(db, pDup);
        96042  +          }
 95558  96043           }
 95559  96044         }
 95560  96045         if( iCol>0 ){
 95561  96046           /* Convert the ORDER BY term into an integer column number iCol,
 95562  96047           ** taking care to preserve the COLLATE clause if it exists */
 95563         -        Expr *pNew = sqlite3Expr(db, TK_INTEGER, 0);
 95564         -        if( pNew==0 ) return 1;
 95565         -        pNew->flags |= EP_IntValue;
 95566         -        pNew->u.iValue = iCol;
 95567         -        if( pItem->pExpr==pE ){
 95568         -          pItem->pExpr = pNew;
 95569         -        }else{
 95570         -          Expr *pParent = pItem->pExpr;
 95571         -          assert( pParent->op==TK_COLLATE );
 95572         -          while( pParent->pLeft->op==TK_COLLATE ) pParent = pParent->pLeft;
 95573         -          assert( pParent->pLeft==pE );
 95574         -          pParent->pLeft = pNew;
        96048  +        if( !IN_RENAME_OBJECT ){
        96049  +          Expr *pNew = sqlite3Expr(db, TK_INTEGER, 0);
        96050  +          if( pNew==0 ) return 1;
        96051  +          pNew->flags |= EP_IntValue;
        96052  +          pNew->u.iValue = iCol;
        96053  +          if( pItem->pExpr==pE ){
        96054  +            pItem->pExpr = pNew;
        96055  +          }else{
        96056  +            Expr *pParent = pItem->pExpr;
        96057  +            assert( pParent->op==TK_COLLATE );
        96058  +            while( pParent->pLeft->op==TK_COLLATE ) pParent = pParent->pLeft;
        96059  +            assert( pParent->pLeft==pE );
        96060  +            pParent->pLeft = pNew;
        96061  +          }
        96062  +          sqlite3ExprDelete(db, pE);
        96063  +          pItem->u.x.iOrderByCol = (u16)iCol;
 95575  96064           }
 95576         -        sqlite3ExprDelete(db, pE);
 95577         -        pItem->u.x.iOrderByCol = (u16)iCol;
 95578  96065           pItem->done = 1;
 95579  96066         }else{
 95580  96067           moreToDo = 1;
 95581  96068         }
 95582  96069       }
 95583  96070       pSelect = pSelect->pNext;
 95584  96071     }
................................................................................
 95918  96405           if( ExprHasProperty(pItem->pExpr, EP_Agg) ){
 95919  96406             sqlite3ErrorMsg(pParse, "aggregate functions are not allowed in "
 95920  96407                 "the GROUP BY clause");
 95921  96408             return WRC_Abort;
 95922  96409           }
 95923  96410         }
 95924  96411       }
        96412  +
        96413  +    if( IN_RENAME_OBJECT ){
        96414  +      Window *pWin;
        96415  +      for(pWin=p->pWinDefn; pWin; pWin=pWin->pNextWin){
        96416  +        if( sqlite3ResolveExprListNames(&sNC, pWin->pOrderBy)
        96417  +         || sqlite3ResolveExprListNames(&sNC, pWin->pPartition)
        96418  +        ){
        96419  +          return WRC_Abort;
        96420  +        }
        96421  +      }
        96422  +    }
 95925  96423   
 95926  96424       /* If this is part of a compound SELECT, check that it has the right
 95927  96425       ** number of expressions in the select list. */
 95928  96426       if( p->pNext && p->pEList->nExpr!=p->pNext->pEList->nExpr ){
 95929  96427         sqlite3SelectWrongNumTermsError(pParse, p->pNext);
 95930  96428         return WRC_Abort;
 95931  96429       }
................................................................................
 96069  96567     w.xSelectCallback2 = 0;
 96070  96568     w.pParse = pParse;
 96071  96569     w.u.pNC = pOuterNC;
 96072  96570     sqlite3WalkSelect(&w, p);
 96073  96571   }
 96074  96572   
 96075  96573   /*
 96076         -** Resolve names in expressions that can only reference a single table:
        96574  +** Resolve names in expressions that can only reference a single table
        96575  +** or which cannot reference any tables at all.  Examples:
 96077  96576   **
 96078         -**    *   CHECK constraints
 96079         -**    *   WHERE clauses on partial indices
        96577  +**    (1)   CHECK constraints
        96578  +**    (2)   WHERE clauses on partial indices
        96579  +**    (3)   Expressions in indexes on expressions
        96580  +**    (4)   Expression arguments to VACUUM INTO.
 96080  96581   **
 96081         -** The Expr.iTable value for Expr.op==TK_COLUMN nodes of the expression
 96082         -** is set to -1 and the Expr.iColumn value is set to the column number.
        96582  +** In all cases except (4), the Expr.iTable value for Expr.op==TK_COLUMN
        96583  +** nodes of the expression is set to -1 and the Expr.iColumn value is
        96584  +** set to the column number.  In case (4), TK_COLUMN nodes cause an error.
 96083  96585   **
 96084  96586   ** Any errors cause an error message to be set in pParse.
 96085  96587   */
 96086         -SQLITE_PRIVATE void sqlite3ResolveSelfReference(
        96588  +SQLITE_PRIVATE int sqlite3ResolveSelfReference(
 96087  96589     Parse *pParse,      /* Parsing context */
 96088         -  Table *pTab,        /* The table being referenced */
 96089         -  int type,           /* NC_IsCheck or NC_PartIdx or NC_IdxExpr */
        96590  +  Table *pTab,        /* The table being referenced, or NULL */
        96591  +  int type,           /* NC_IsCheck or NC_PartIdx or NC_IdxExpr, or 0 */
 96090  96592     Expr *pExpr,        /* Expression to resolve.  May be NULL. */
 96091  96593     ExprList *pList     /* Expression list to resolve.  May be NULL. */
 96092  96594   ){
 96093  96595     SrcList sSrc;                   /* Fake SrcList for pParse->pNewTable */
 96094  96596     NameContext sNC;                /* Name context for pParse->pNewTable */
        96597  +  int rc;
 96095  96598   
 96096         -  assert( type==NC_IsCheck || type==NC_PartIdx || type==NC_IdxExpr );
        96599  +  assert( type==0 || pTab!=0 );
        96600  +  assert( type==NC_IsCheck || type==NC_PartIdx || type==NC_IdxExpr || pTab==0 );
 96097  96601     memset(&sNC, 0, sizeof(sNC));
 96098  96602     memset(&sSrc, 0, sizeof(sSrc));
 96099         -  sSrc.nSrc = 1;
 96100         -  sSrc.a[0].zName = pTab->zName;
 96101         -  sSrc.a[0].pTab = pTab;
 96102         -  sSrc.a[0].iCursor = -1;
        96603  +  if( pTab ){
        96604  +    sSrc.nSrc = 1;
        96605  +    sSrc.a[0].zName = pTab->zName;
        96606  +    sSrc.a[0].pTab = pTab;
        96607  +    sSrc.a[0].iCursor = -1;
        96608  +  }
 96103  96609     sNC.pParse = pParse;
 96104  96610     sNC.pSrcList = &sSrc;
 96105  96611     sNC.ncFlags = type;
 96106         -  if( sqlite3ResolveExprNames(&sNC, pExpr) ) return;
 96107         -  if( pList ) sqlite3ResolveExprListNames(&sNC, pList);
        96612  +  if( (rc = sqlite3ResolveExprNames(&sNC, pExpr))!=SQLITE_OK ) return rc;
        96613  +  if( pList ) rc = sqlite3ResolveExprListNames(&sNC, pList);
        96614  +  return rc;
 96108  96615   }
 96109  96616   
 96110  96617   /************** End of resolve.c *********************************************/
 96111  96618   /************** Begin file expr.c ********************************************/
 96112  96619   /*
 96113  96620   ** 2001 September 15
 96114  96621   **
................................................................................
 96248  96755   SQLITE_PRIVATE CollSeq *sqlite3ExprCollSeq(Parse *pParse, Expr *pExpr){
 96249  96756     sqlite3 *db = pParse->db;
 96250  96757     CollSeq *pColl = 0;
 96251  96758     Expr *p = pExpr;
 96252  96759     while( p ){
 96253  96760       int op = p->op;
 96254  96761       if( p->flags & EP_Generic ) break;
 96255         -    if( (op==TK_AGG_COLUMN || op==TK_COLUMN
 96256         -          || op==TK_REGISTER || op==TK_TRIGGER)
        96762  +    if( op==TK_REGISTER ) op = p->op2;
        96763  +    if( (op==TK_AGG_COLUMN || op==TK_COLUMN || op==TK_TRIGGER)
 96257  96764        && p->y.pTab!=0
 96258  96765       ){
 96259  96766         /* op==TK_REGISTER && p->y.pTab!=0 happens when pExpr was originally
 96260  96767         ** a TK_COLUMN but was previously evaluated and cached in a register */
 96261  96768         int j = p->iColumn;
 96262  96769         if( j>=0 ){
 96263  96770           const char *zColl = p->y.pTab->aCol[j].zColl;
................................................................................
 96265  96772         }
 96266  96773         break;
 96267  96774       }
 96268  96775       if( op==TK_CAST || op==TK_UPLUS ){
 96269  96776         p = p->pLeft;
 96270  96777         continue;
 96271  96778       }
 96272         -    if( op==TK_COLLATE || (op==TK_REGISTER && p->op2==TK_COLLATE) ){
        96779  +    if( op==TK_COLLATE ){
 96273  96780         pColl = sqlite3GetCollSeq(pParse, ENC(db), 0, p->u.zToken);
 96274  96781         break;
 96275  96782       }
 96276  96783       if( p->flags & EP_Collate ){
 96277  96784         if( p->pLeft && (p->pLeft->flags & EP_Collate)!=0 ){
 96278  96785           p = p->pLeft;
 96279  96786         }else{
................................................................................
 96572  97079         pRet->iColumn = iField;
 96573  97080         pRet->pLeft = pVector;
 96574  97081       }
 96575  97082       assert( pRet==0 || pRet->iTable==0 );
 96576  97083     }else{
 96577  97084       if( pVector->op==TK_VECTOR ) pVector = pVector->x.pList->a[iField].pExpr;
 96578  97085       pRet = sqlite3ExprDup(pParse->db, pVector, 0);
        97086  +    sqlite3RenameTokenRemap(pParse, pRet, pVector);
 96579  97087     }
 96580  97088     return pRet;
 96581  97089   }
 96582  97090   
 96583  97091   /*
 96584  97092   ** If expression pExpr is of type TK_SELECT, generate code to evaluate
 96585  97093   ** it. Return the register in which the result is stored (or, if the 
................................................................................
 96588  97096   **
 96589  97097   ** If pExpr is not a TK_SELECT expression, return 0.
 96590  97098   */
 96591  97099   static int exprCodeSubselect(Parse *pParse, Expr *pExpr){
 96592  97100     int reg = 0;
 96593  97101   #ifndef SQLITE_OMIT_SUBQUERY
 96594  97102     if( pExpr->op==TK_SELECT ){
 96595         -    reg = sqlite3CodeSubselect(pParse, pExpr, 0, 0);
        97103  +    reg = sqlite3CodeSubselect(pParse, pExpr);
 96596  97104     }
 96597  97105   #endif
 96598  97106     return reg;
 96599  97107   }
 96600  97108   
 96601  97109   /*
 96602  97110   ** Argument pVector points to a vector expression - either a TK_VECTOR
................................................................................
 96660  97168     Expr *pLeft = pExpr->pLeft;
 96661  97169     Expr *pRight = pExpr->pRight;
 96662  97170     int nLeft = sqlite3ExprVectorSize(pLeft);
 96663  97171     int i;
 96664  97172     int regLeft = 0;
 96665  97173     int regRight = 0;
 96666  97174     u8 opx = op;
 96667         -  int addrDone = sqlite3VdbeMakeLabel(v);
        97175  +  int addrDone = sqlite3VdbeMakeLabel(pParse);
 96668  97176   
 96669  97177     if( nLeft!=sqlite3ExprVectorSize(pRight) ){
 96670  97178       sqlite3ErrorMsg(pParse, "row value misused");
 96671  97179       return;
 96672  97180     }
 96673  97181     assert( pExpr->op==TK_EQ || pExpr->op==TK_NE 
 96674  97182          || pExpr->op==TK_IS || pExpr->op==TK_ISNOT 
................................................................................
 96887  97395           pNew->u.iValue = iValue;
 96888  97396         }else{
 96889  97397           pNew->u.zToken = (char*)&pNew[1];
 96890  97398           assert( pToken->z!=0 || pToken->n==0 );
 96891  97399           if( pToken->n ) memcpy(pNew->u.zToken, pToken->z, pToken->n);
 96892  97400           pNew->u.zToken[pToken->n] = 0;
 96893  97401           if( dequote && sqlite3Isquote(pNew->u.zToken[0]) ){
 96894         -          if( pNew->u.zToken[0]=='"' ) pNew->flags |= EP_DblQuoted;
 96895         -          sqlite3Dequote(pNew->u.zToken);
        97402  +          sqlite3DequoteExpr(pNew);
 96896  97403           }
 96897  97404         }
 96898  97405       }
 96899  97406   #if SQLITE_MAX_EXPR_DEPTH>0
 96900  97407       pNew->nHeight = 1;
 96901  97408   #endif  
 96902  97409     }
................................................................................
 96957  97464   SQLITE_PRIVATE Expr *sqlite3PExpr(
 96958  97465     Parse *pParse,          /* Parsing context */
 96959  97466     int op,                 /* Expression opcode */
 96960  97467     Expr *pLeft,            /* Left operand */
 96961  97468     Expr *pRight            /* Right operand */
 96962  97469   ){
 96963  97470     Expr *p;
 96964         -  if( op==TK_AND && pParse->nErr==0 ){
        97471  +  if( op==TK_AND && pParse->nErr==0 && !IN_RENAME_OBJECT ){
 96965  97472       /* Take advantage of short-circuit false optimization for AND */
 96966  97473       p = sqlite3ExprAnd(pParse->db, pLeft, pRight);
 96967  97474     }else{
 96968  97475       p = sqlite3DbMallocRawNN(pParse->db, sizeof(Expr));
 96969  97476       if( p ){
 96970  97477         memset(p, 0, sizeof(Expr));
 96971  97478         p->op = op & TKFLG_MASK;
................................................................................
 97205  97712   ** EXPR_REDUCEDSIZE or EXPR_TOKENONLYSIZE.
 97206  97713   */
 97207  97714   static int exprStructSize(Expr *p){
 97208  97715     if( ExprHasProperty(p, EP_TokenOnly) ) return EXPR_TOKENONLYSIZE;
 97209  97716     if( ExprHasProperty(p, EP_Reduced) ) return EXPR_REDUCEDSIZE;
 97210  97717     return EXPR_FULLSIZE;
 97211  97718   }
        97719  +
        97720  +/*
        97721  +** Copy the complete content of an Expr node, taking care not to read
        97722  +** past the end of the structure for a reduced-size version of the source
        97723  +** Expr.
        97724  +*/
        97725  +static void exprNodeCopy(Expr *pDest, Expr *pSrc){
        97726  +  memset(pDest, 0, sizeof(Expr));
        97727  +  memcpy(pDest, pSrc, exprStructSize(pSrc));
        97728  +}
 97212  97729   
 97213  97730   /*
 97214  97731   ** The dupedExpr*Size() routines each return the number of bytes required
 97215  97732   ** to store a copy of an expression or expression tree.  They differ in
 97216  97733   ** how much of the tree is measured.
 97217  97734   **
 97218  97735   **     dupedExprStructSize()     Size of only the Expr structure 
................................................................................
 97436  97953       }
 97437  97954     }
 97438  97955     return pRet;
 97439  97956   }
 97440  97957   #else
 97441  97958   # define withDup(x,y) 0
 97442  97959   #endif
        97960  +
        97961  +#ifndef SQLITE_OMIT_WINDOWFUNC
        97962  +/*
        97963  +** The gatherSelectWindows() procedure and its helper routine
        97964  +** gatherSelectWindowsCallback() are used to scan all the expressions
        97965  +** an a newly duplicated SELECT statement and gather all of the Window
        97966  +** objects found there, assembling them onto the linked list at Select->pWin.
        97967  +*/
        97968  +static int gatherSelectWindowsCallback(Walker *pWalker, Expr *pExpr){
        97969  +  if( pExpr->op==TK_FUNCTION && pExpr->y.pWin!=0 ){
        97970  +    assert( ExprHasProperty(pExpr, EP_WinFunc) );
        97971  +    pExpr->y.pWin->pNextWin = pWalker->u.pSelect->pWin;
        97972  +    pWalker->u.pSelect->pWin = pExpr->y.pWin;
        97973  +  }
        97974  +  return WRC_Continue;
        97975  +}
        97976  +static int gatherSelectWindowsSelectCallback(Walker *pWalker, Select *p){
        97977  +  return p==pWalker->u.pSelect ? WRC_Continue : WRC_Prune;
        97978  +}
        97979  +static void gatherSelectWindows(Select *p){
        97980  +  Walker w;
        97981  +  w.xExprCallback = gatherSelectWindowsCallback;
        97982  +  w.xSelectCallback = gatherSelectWindowsSelectCallback;
        97983  +  w.xSelectCallback2 = 0;
        97984  +  w.pParse = 0;
        97985  +  w.u.pSelect = p;
        97986  +  sqlite3WalkSelect(&w, p);
        97987  +}
        97988  +#endif
        97989  +
 97443  97990   
 97444  97991   /*
 97445  97992   ** The following group of routines make deep copies of expressions,
 97446  97993   ** expression lists, ID lists, and select statements.  The copies can
 97447  97994   ** be deleted (by being passed to their respective ...Delete() routines)
 97448  97995   ** without effecting the originals.
 97449  97996   **
................................................................................
 97604  98151       pNew->addrOpenEphm[0] = -1;
 97605  98152       pNew->addrOpenEphm[1] = -1;
 97606  98153       pNew->nSelectRow = p->nSelectRow;
 97607  98154       pNew->pWith = withDup(db, p->pWith);
 97608  98155   #ifndef SQLITE_OMIT_WINDOWFUNC
 97609  98156       pNew->pWin = 0;
 97610  98157       pNew->pWinDefn = sqlite3WindowListDup(db, p->pWinDefn);
        98158  +    if( p->pWin ) gatherSelectWindows(pNew);
 97611  98159   #endif
 97612  98160       pNew->selId = p->selId;
 97613  98161       *pp = pNew;
 97614  98162       pp = &pNew->pPrior;
 97615  98163       pNext = pNew;
 97616  98164     }
 97617  98165   
................................................................................
 97736  98284   
 97737  98285       /* Remember the size of the LHS in iTable so that we can check that
 97738  98286       ** the RHS and LHS sizes match during code generation. */
 97739  98287       pFirst->iTable = pColumns->nId;
 97740  98288     }
 97741  98289   
 97742  98290   vector_append_error:
        98291  +  if( IN_RENAME_OBJECT ){
        98292  +    sqlite3RenameExprUnmap(pParse, pExpr);
        98293  +  }
 97743  98294     sqlite3ExprDelete(db, pExpr);
 97744  98295     sqlite3IdListDelete(db, pColumns);
 97745  98296     return pList;
 97746  98297   }
 97747  98298   
 97748  98299   /*
 97749  98300   ** Set the sort order for the last element on the given ExprList.
................................................................................
 97879  98430   /*
 97880  98431   ** If the input expression is an ID with the name "true" or "false"
 97881  98432   ** then convert it into an TK_TRUEFALSE term.  Return non-zero if
 97882  98433   ** the conversion happened, and zero if the expression is unaltered.
 97883  98434   */
 97884  98435   SQLITE_PRIVATE int sqlite3ExprIdToTrueFalse(Expr *pExpr){
 97885  98436     assert( pExpr->op==TK_ID || pExpr->op==TK_STRING );
 97886         -  if( sqlite3StrICmp(pExpr->u.zToken, "true")==0
 97887         -   || sqlite3StrICmp(pExpr->u.zToken, "false")==0
        98437  +  if( !ExprHasProperty(pExpr, EP_Quoted)
        98438  +   && (sqlite3StrICmp(pExpr->u.zToken, "true")==0
        98439  +       || sqlite3StrICmp(pExpr->u.zToken, "false")==0)
 97888  98440     ){
 97889  98441       pExpr->op = TK_TRUEFALSE;
 97890  98442       return 1;
 97891  98443     }
 97892  98444     return 0;
 97893  98445   }
 97894  98446   
................................................................................
 98189  98741   ** be a small performance hit but is otherwise harmless.  On the other
 98190  98742   ** hand, a false negative (returning FALSE when the result could be NULL)
 98191  98743   ** will likely result in an incorrect answer.  So when in doubt, return
 98192  98744   ** TRUE.
 98193  98745   */
 98194  98746   SQLITE_PRIVATE int sqlite3ExprCanBeNull(const Expr *p){
 98195  98747     u8 op;
 98196         -  while( p->op==TK_UPLUS || p->op==TK_UMINUS ){ p = p->pLeft; }
        98748  +  while( p->op==TK_UPLUS || p->op==TK_UMINUS ){
        98749  +    p = p->pLeft;
        98750  +  }
 98197  98751     op = p->op;
 98198  98752     if( op==TK_REGISTER ) op = p->op2;
 98199  98753     switch( op ){
 98200  98754       case TK_INTEGER:
 98201  98755       case TK_STRING:
 98202  98756       case TK_FLOAT:
 98203  98757       case TK_BLOB:
................................................................................
 98256  98810   */
 98257  98811   SQLITE_PRIVATE int sqlite3IsRowid(const char *z){
 98258  98812     if( sqlite3StrICmp(z, "_ROWID_")==0 ) return 1;
 98259  98813     if( sqlite3StrICmp(z, "ROWID")==0 ) return 1;
 98260  98814     if( sqlite3StrICmp(z, "OID")==0 ) return 1;
 98261  98815     return 0;
 98262  98816   }
 98263         -#ifdef SQLITE_ENABLE_NORMALIZE
 98264         -SQLITE_PRIVATE int sqlite3IsRowidN(const char *z, int n){
 98265         -  if( sqlite3StrNICmp(z, "_ROWID_", n)==0 ) return 1;
 98266         -  if( sqlite3StrNICmp(z, "ROWID", n)==0 ) return 1;
 98267         -  if( sqlite3StrNICmp(z, "OID", n)==0 ) return 1;
 98268         -  return 0;
 98269         -}
 98270         -#endif
 98271  98817   
 98272  98818   /*
 98273  98819   ** pX is the RHS of an IN operator.  If pX is a SELECT statement 
 98274  98820   ** that can be simplified to a direct table access, then return
 98275  98821   ** a pointer to the SELECT statement.  If pX is not a SELECT statement,
 98276  98822   ** or if the SELECT statement needs to be manifested into a transient
 98277  98823   ** table, then return NULL.
................................................................................
 98433  98979   */
 98434  98980   #ifndef SQLITE_OMIT_SUBQUERY
 98435  98981   SQLITE_PRIVATE int sqlite3FindInIndex(
 98436  98982     Parse *pParse,             /* Parsing context */
 98437  98983     Expr *pX,                  /* The right-hand side (RHS) of the IN operator */
 98438  98984     u32 inFlags,               /* IN_INDEX_LOOP, _MEMBERSHIP, and/or _NOOP_OK */
 98439  98985     int *prRhsHasNull,         /* Register holding NULL status.  See notes */
 98440         -  int *aiMap                 /* Mapping from Index fields to RHS fields */
        98986  +  int *aiMap,                /* Mapping from Index fields to RHS fields */
        98987  +  int *piTab                 /* OUT: index to use */
 98441  98988   ){
 98442  98989     Select *p;                            /* SELECT to the right of IN operator */
 98443  98990     int eType = 0;                        /* Type of RHS table. IN_INDEX_* */
 98444  98991     int iTab = pParse->nTab++;            /* Cursor of the RHS table */
 98445  98992     int mustBeUnique;                     /* True if RHS must be unique */
 98446  98993     Vdbe *v = sqlite3GetVdbe(pParse);     /* Virtual machine being coded */
 98447  98994   
................................................................................
 98528  99075   
 98529  99076         if( affinity_ok ){
 98530  99077           /* Search for an existing index that will work for this IN operator */
 98531  99078           for(pIdx=pTab->pIndex; pIdx && eType==0; pIdx=pIdx->pNext){
 98532  99079             Bitmask colUsed;      /* Columns of the index used */
 98533  99080             Bitmask mCol;         /* Mask for the current column */
 98534  99081             if( pIdx->nColumn<nExpr ) continue;
        99082  +          if( pIdx->pPartIdxWhere!=0 ) continue;
 98535  99083             /* Maximum nColumn is BMS-2, not BMS-1, so that we can compute
 98536  99084             ** BITMASK(nExpr) without overflowing */
 98537  99085             testcase( pIdx->nColumn==BMS-2 );
 98538  99086             testcase( pIdx->nColumn==BMS-1 );
 98539  99087             if( pIdx->nColumn>=BMS-1 ) continue;
 98540  99088             if( mustBeUnique ){
 98541  99089               if( pIdx->nKeyCol>nExpr
................................................................................
 98624  99172         pParse->nQueryLoop = 0;
 98625  99173         if( pX->pLeft->iColumn<0 && !ExprHasProperty(pX, EP_xIsSelect) ){
 98626  99174           eType = IN_INDEX_ROWID;
 98627  99175         }
 98628  99176       }else if( prRhsHasNull ){
 98629  99177         *prRhsHasNull = rMayHaveNull = ++pParse->nMem;
 98630  99178       }
 98631         -    sqlite3CodeSubselect(pParse, pX, rMayHaveNull, eType==IN_INDEX_ROWID);
        99179  +    assert( pX->op==TK_IN );
        99180  +    sqlite3CodeRhsOfIN(pParse, pX, iTab, eType==IN_INDEX_ROWID);
        99181  +    if( rMayHaveNull ){
        99182  +      sqlite3SetHasNullFlag(v, iTab, rMayHaveNull);
        99183  +    }
 98632  99184       pParse->nQueryLoop = savedNQueryLoop;
 98633         -  }else{
 98634         -    pX->iTable = iTab;
 98635  99185     }
 98636  99186   
 98637  99187     if( aiMap && eType!=IN_INDEX_INDEX_ASC && eType!=IN_INDEX_INDEX_DESC ){
 98638  99188       int i, n;
 98639  99189       n = sqlite3ExprVectorSize(pX->pLeft);
 98640  99190       for(i=0; i<n; i++) aiMap[i] = i;
 98641  99191     }
        99192  +  *piTab = iTab;
 98642  99193     return eType;
 98643  99194   }
 98644  99195   #endif
 98645  99196   
 98646  99197   #ifndef SQLITE_OMIT_SUBQUERY
 98647  99198   /*
 98648  99199   ** Argument pExpr is an (?, ?...) IN(...) expression. This 
................................................................................
 98708  99259     }else
 98709  99260   #endif
 98710  99261     {
 98711  99262       sqlite3ErrorMsg(pParse, "row value misused");
 98712  99263     }
 98713  99264   }
 98714  99265   
        99266  +#ifndef SQLITE_OMIT_SUBQUERY
 98715  99267   /*
 98716         -** Generate code for scalar subqueries used as a subquery expression, EXISTS,
 98717         -** or IN operators.  Examples:
        99268  +** Generate code that will construct an ephemeral table containing all terms
        99269  +** in the RHS of an IN operator.  The IN operator can be in either of two
        99270  +** forms:
 98718  99271   **
 98719         -**     (SELECT a FROM b)          -- subquery
 98720         -**     EXISTS (SELECT a FROM b)   -- EXISTS subquery
 98721  99272   **     x IN (4,5,11)              -- IN operator with list on right-hand side
 98722  99273   **     x IN (SELECT a FROM b)     -- IN operator with subquery on the right
 98723  99274   **
 98724         -** The pExpr parameter describes the expression that contains the IN
 98725         -** operator or subquery.
 98726         -**
 98727         -** If parameter isRowid is non-zero, then expression pExpr is guaranteed
 98728         -** to be of the form "<rowid> IN (?, ?, ?)", where <rowid> is a reference
 98729         -** to some integer key column of a table B-Tree. In this case, use an
 98730         -** intkey B-Tree to store the set of IN(...) values instead of the usual
 98731         -** (slower) variable length keys B-Tree.
 98732         -**
 98733         -** If rMayHaveNull is non-zero, that means that the operation is an IN
 98734         -** (not a SELECT or EXISTS) and that the RHS might contains NULLs.
 98735         -** All this routine does is initialize the register given by rMayHaveNull
 98736         -** to NULL.  Calling routines will take care of changing this register
 98737         -** value to non-NULL if the RHS is NULL-free.
 98738         -**
 98739         -** For a SELECT or EXISTS operator, return the register that holds the
 98740         -** result.  For a multi-column SELECT, the result is stored in a contiguous
 98741         -** array of registers and the return value is the register of the left-most
 98742         -** result column.  Return 0 for IN operators or if an error occurs.
 98743         -*/
 98744         -#ifndef SQLITE_OMIT_SUBQUERY
 98745         -SQLITE_PRIVATE int sqlite3CodeSubselect(
        99275  +** The pExpr parameter is the IN operator.  The cursor number for the
        99276  +** constructed ephermeral table is returned.  The first time the ephemeral
        99277  +** table is computed, the cursor number is also stored in pExpr->iTable,
        99278  +** however the cursor number returned might not be the same, as it might
        99279  +** have been duplicated using OP_OpenDup.
        99280  +**
        99281  +** If parameter isRowid is non-zero, then LHS of the IN operator is guaranteed
        99282  +** to be a non-null integer. In this case, the ephemeral table can be an
        99283  +** table B-Tree that keyed by only integers.  The more general cases uses
        99284  +** an index B-Tree which can have arbitrary keys, but is slower to both
        99285  +** read and write.
        99286  +**
        99287  +** If the LHS expression ("x" in the examples) is a column value, or
        99288  +** the SELECT statement returns a column value, then the affinity of that
        99289  +** column is used to build the index keys. If both 'x' and the
        99290  +** SELECT... statement are columns, then numeric affinity is used
        99291  +** if either column has NUMERIC or INTEGER affinity. If neither
        99292  +** 'x' nor the SELECT... statement are columns, then numeric affinity
        99293  +** is used.
        99294  +*/
        99295  +SQLITE_PRIVATE void sqlite3CodeRhsOfIN(
 98746  99296     Parse *pParse,          /* Parsing context */
 98747         -  Expr *pExpr,            /* The IN, SELECT, or EXISTS operator */
 98748         -  int rHasNullFlag,       /* Register that records whether NULLs exist in RHS */
 98749         -  int isRowid             /* If true, LHS of IN operator is a rowid */
 98750         -){
 98751         -  int jmpIfDynamic = -1;                      /* One-time test address */
 98752         -  int rReg = 0;                           /* Register storing resulting */
 98753         -  Vdbe *v = sqlite3GetVdbe(pParse);
 98754         -  if( NEVER(v==0) ) return 0;
 98755         -
 98756         -  /* The evaluation of the IN/EXISTS/SELECT must be repeated every time it
        99297  +  Expr *pExpr,            /* The IN operator */
        99298  +  int iTab,               /* Use this cursor number */
        99299  +  int isRowid             /* If true, LHS is a rowid */
        99300  +){
        99301  +  int addrOnce = 0;           /* Address of the OP_Once instruction at top */
        99302  +  int addr;                   /* Address of OP_OpenEphemeral instruction */
        99303  +  Expr *pLeft;                /* the LHS of the IN operator */
        99304  +  KeyInfo *pKeyInfo = 0;      /* Key information */
        99305  +  int nVal;                   /* Size of vector pLeft */
        99306  +  Vdbe *v;                    /* The prepared statement under construction */
        99307  +
        99308  +  v = pParse->pVdbe;
        99309  +  assert( v!=0 );
        99310  +
        99311  +  /* The evaluation of the IN must be repeated every time it
        99312  +  ** is encountered if any of the following is true:
        99313  +  **
        99314  +  **    *  The right-hand side is a correlated subquery
        99315  +  **    *  The right-hand side is an expression list containing variables
        99316  +  **    *  We are inside a trigger
        99317  +  **
        99318  +  ** If all of the above are false, then we can compute the RHS just once
        99319  +  ** and reuse it many names.
        99320  +  */
        99321  +  if( !ExprHasProperty(pExpr, EP_VarSelect) && pParse->iSelfTab==0 ){
        99322  +    /* Reuse of the RHS is allowed */
        99323  +    /* If this routine has already been coded, but the previous code
        99324  +    ** might not have been invoked yet, so invoke it now as a subroutine. 
        99325  +    */
        99326  +    if( ExprHasProperty(pExpr, EP_Subrtn) ){
        99327  +      addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
        99328  +      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
        99329  +        ExplainQueryPlan((pParse, 0, "REUSE LIST SUBQUERY %d",
        99330  +              pExpr->x.pSelect->selId));
        99331  +      }
        99332  +      sqlite3VdbeAddOp2(v, OP_Gosub, pExpr->y.sub.regReturn,
        99333  +                        pExpr->y.sub.iAddr);
        99334  +      sqlite3VdbeAddOp2(v, OP_OpenDup, iTab, pExpr->iTable);
        99335  +      sqlite3VdbeJumpHere(v, addrOnce);
        99336  +      return;
        99337  +    }
        99338  +
        99339  +    /* Begin coding the subroutine */
        99340  +    ExprSetProperty(pExpr, EP_Subrtn);
        99341  +    pExpr->y.sub.regReturn = ++pParse->nMem;
        99342  +    pExpr->y.sub.iAddr =
        99343  +      sqlite3VdbeAddOp2(v, OP_Integer, 0, pExpr->y.sub.regReturn) + 1;
        99344  +    VdbeComment((v, "return address"));
        99345  +
        99346  +    addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
        99347  +  }
        99348  +
        99349  +  /* Check to see if this is a vector IN operator */
        99350  +  pLeft = pExpr->pLeft;
        99351  +  nVal = sqlite3ExprVectorSize(pLeft);
        99352  +  assert( !isRowid || nVal==1 );
        99353  +
        99354  +  /* Construct the ephemeral table that will contain the content of
        99355  +  ** RHS of the IN operator.
        99356  +  */
        99357  +  pExpr->iTable = iTab;
        99358  +  addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, 
        99359  +      pExpr->iTable, (isRowid?0:nVal));
        99360  +#ifdef SQLITE_ENABLE_EXPLAIN_COMMENTS
        99361  +  if( ExprHasProperty(pExpr, EP_xIsSelect) ){
        99362  +    VdbeComment((v, "Result of SELECT %u", pExpr->x.pSelect->selId));
        99363  +  }else{
        99364  +    VdbeComment((v, "RHS of IN operator"));
        99365  +  }
        99366  +#endif
        99367  +  pKeyInfo = isRowid ? 0 : sqlite3KeyInfoAlloc(pParse->db, nVal, 1);
        99368  +
        99369  +  if( ExprHasProperty(pExpr, EP_xIsSelect) ){
        99370  +    /* Case 1:     expr IN (SELECT ...)
        99371  +    **
        99372  +    ** Generate code to write the results of the select into the temporary
        99373  +    ** table allocated and opened above.
        99374  +    */
        99375  +    Select *pSelect = pExpr->x.pSelect;
        99376  +    ExprList *pEList = pSelect->pEList;
        99377  +
        99378  +    ExplainQueryPlan((pParse, 1, "%sLIST SUBQUERY %d",
        99379  +        addrOnce?"":"CORRELATED ", pSelect->selId
        99380  +    ));
        99381  +    assert( !isRowid );
        99382  +    /* If the LHS and RHS of the IN operator do not match, that
        99383  +    ** error will have been caught long before we reach this point. */
        99384  +    if( ALWAYS(pEList->nExpr==nVal) ){
        99385  +      SelectDest dest;
        99386  +      int i;
        99387  +      sqlite3SelectDestInit(&dest, SRT_Set, iTab);
        99388  +      dest.zAffSdst = exprINAffinity(pParse, pExpr);
        99389  +      pSelect->iLimit = 0;
        99390  +      testcase( pSelect->selFlags & SF_Distinct );
        99391  +      testcase( pKeyInfo==0 ); /* Caused by OOM in sqlite3KeyInfoAlloc() */
        99392  +      if( sqlite3Select(pParse, pSelect, &dest) ){
        99393  +        sqlite3DbFree(pParse->db, dest.zAffSdst);
        99394  +        sqlite3KeyInfoUnref(pKeyInfo);
        99395  +        return;
        99396  +      }
        99397  +      sqlite3DbFree(pParse->db, dest.zAffSdst);
        99398  +      assert( pKeyInfo!=0 ); /* OOM will cause exit after sqlite3Select() */
        99399  +      assert( pEList!=0 );
        99400  +      assert( pEList->nExpr>0 );
        99401  +      assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
        99402  +      for(i=0; i<nVal; i++){
        99403  +        Expr *p = sqlite3VectorFieldSubexpr(pLeft, i);
        99404  +        pKeyInfo->aColl[i] = sqlite3BinaryCompareCollSeq(
        99405  +            pParse, p, pEList->a[i].pExpr
        99406  +        );
        99407  +      }
        99408  +    }
        99409  +  }else if( ALWAYS(pExpr->x.pList!=0) ){
        99410  +    /* Case 2:     expr IN (exprlist)
        99411  +    **
        99412  +    ** For each expression, build an index key from the evaluation and
        99413  +    ** store it in the temporary table. If <expr> is a column, then use
        99414  +    ** that columns affinity when building index keys. If <expr> is not
        99415  +    ** a column, use numeric affinity.
        99416  +    */
        99417  +    char affinity;            /* Affinity of the LHS of the IN */
        99418  +    int i;
        99419  +    ExprList *pList = pExpr->x.pList;
        99420  +    struct ExprList_item *pItem;
        99421  +    int r1, r2, r3;
        99422  +    affinity = sqlite3ExprAffinity(pLeft);
        99423  +    if( !affinity ){
        99424  +      affinity = SQLITE_AFF_BLOB;
        99425  +    }
        99426  +    if( pKeyInfo ){
        99427  +      assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
        99428  +      pKeyInfo->aColl[0] = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
        99429  +    }
        99430  +
        99431  +    /* Loop through each expression in <exprlist>. */
        99432  +    r1 = sqlite3GetTempReg(pParse);
        99433  +    r2 = sqlite3GetTempReg(pParse);
        99434  +    if( isRowid ) sqlite3VdbeAddOp4(v, OP_Blob, 0, r2, 0, "", P4_STATIC);
        99435  +    for(i=pList->nExpr, pItem=pList->a; i>0; i--, pItem++){
        99436  +      Expr *pE2 = pItem->pExpr;
        99437  +      int iValToIns;
        99438  +
        99439  +      /* If the expression is not constant then we will need to
        99440  +      ** disable the test that was generated above that makes sure
        99441  +      ** this code only executes once.  Because for a non-constant
        99442  +      ** expression we need to rerun this code each time.
        99443  +      */
        99444  +      if( addrOnce && !sqlite3ExprIsConstant(pE2) ){
        99445  +        sqlite3VdbeChangeToNoop(v, addrOnce);
        99446  +        addrOnce = 0;
        99447  +      }
        99448  +
        99449  +      /* Evaluate the expression and insert it into the temp table */
        99450  +      if( isRowid && sqlite3ExprIsInteger(pE2, &iValToIns) ){
        99451  +        sqlite3VdbeAddOp3(v, OP_InsertInt, iTab, r2, iValToIns);
        99452  +      }else{
        99453  +        r3 = sqlite3ExprCodeTarget(pParse, pE2, r1);
        99454  +        if( isRowid ){
        99455  +          sqlite3VdbeAddOp2(v, OP_MustBeInt, r3,
        99456  +                            sqlite3VdbeCurrentAddr(v)+2);
        99457  +          VdbeCoverage(v);
        99458  +          sqlite3VdbeAddOp3(v, OP_Insert, iTab, r2, r3);
        99459  +        }else{
        99460  +          sqlite3VdbeAddOp4(v, OP_MakeRecord, r3, 1, r2, &affinity, 1);
        99461  +          sqlite3VdbeAddOp4Int(v, OP_IdxInsert, iTab, r2, r3, 1);
        99462  +        }
        99463  +      }
        99464  +    }
        99465  +    sqlite3ReleaseTempReg(pParse, r1);
        99466  +    sqlite3ReleaseTempReg(pParse, r2);
        99467  +  }
        99468  +  if( pKeyInfo ){
        99469  +    sqlite3VdbeChangeP4(v, addr, (void *)pKeyInfo, P4_KEYINFO);
        99470  +  }
        99471  +  if( addrOnce ){
        99472  +    sqlite3VdbeJumpHere(v, addrOnce);
        99473  +    /* Subroutine return */
        99474  +    sqlite3VdbeAddOp1(v, OP_Return, pExpr->y.sub.regReturn);
        99475  +    sqlite3VdbeChangeP1(v, pExpr->y.sub.iAddr-1, sqlite3VdbeCurrentAddr(v)-1);
        99476  +  }
        99477  +}
        99478  +#endif /* SQLITE_OMIT_SUBQUERY */
        99479  +
        99480  +/*
        99481  +** Generate code for scalar subqueries used as a subquery expression
        99482  +** or EXISTS operator:
        99483  +**
        99484  +**     (SELECT a FROM b)          -- subquery
        99485  +**     EXISTS (SELECT a FROM b)   -- EXISTS subquery
        99486  +**
        99487  +** The pExpr parameter is the SELECT or EXISTS operator to be coded.
        99488  +**
        99489  +** The register that holds the result.  For a multi-column SELECT, 
        99490  +** the result is stored in a contiguous array of registers and the
        99491  +** return value is the register of the left-most result column.
        99492  +** Return 0 if an error occurs.
        99493  +*/
        99494  +#ifndef SQLITE_OMIT_SUBQUERY
        99495  +SQLITE_PRIVATE int sqlite3CodeSubselect(Parse *pParse, Expr *pExpr){
        99496  +  int addrOnce = 0;           /* Address of OP_Once at top of subroutine */
        99497  +  int rReg = 0;               /* Register storing resulting */
        99498  +  Select *pSel;               /* SELECT statement to encode */
        99499  +  SelectDest dest;            /* How to deal with SELECT result */
        99500  +  int nReg;                   /* Registers to allocate */
        99501  +  Expr *pLimit;               /* New limit expression */
        99502  +
        99503  +  Vdbe *v = pParse->pVdbe;
        99504  +  assert( v!=0 );
        99505  +  testcase( pExpr->op==TK_EXISTS );
        99506  +  testcase( pExpr->op==TK_SELECT );
        99507  +  assert( pExpr->op==TK_EXISTS || pExpr->op==TK_SELECT );
        99508  +  assert( ExprHasProperty(pExpr, EP_xIsSelect) );
        99509  +  pSel = pExpr->x.pSelect;
        99510  +
        99511  +  /* The evaluation of the EXISTS/SELECT must be repeated every time it
 98757  99512     ** is encountered if any of the following is true:
 98758  99513     **
 98759  99514     **    *  The right-hand side is a correlated subquery
 98760  99515     **    *  The right-hand side is an expression list containing variables
 98761  99516     **    *  We are inside a trigger
 98762  99517     **
 98763  99518     ** If all of the above are false, then we can run this code just once
 98764  99519     ** save the results, and reuse the same result on subsequent invocations.
 98765  99520     */
 98766  99521     if( !ExprHasProperty(pExpr, EP_VarSelect) ){
 98767         -    jmpIfDynamic = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
 98768         -  }
 98769         -
 98770         -  switch( pExpr->op ){
 98771         -    case TK_IN: {
 98772         -      int addr;                   /* Address of OP_OpenEphemeral instruction */
 98773         -      Expr *pLeft = pExpr->pLeft; /* the LHS of the IN operator */
 98774         -      KeyInfo *pKeyInfo = 0;      /* Key information */
 98775         -      int nVal;                   /* Size of vector pLeft */
 98776         -      
 98777         -      nVal = sqlite3ExprVectorSize(pLeft);
 98778         -      assert( !isRowid || nVal==1 );
 98779         -
 98780         -      /* Whether this is an 'x IN(SELECT...)' or an 'x IN(<exprlist>)'
 98781         -      ** expression it is handled the same way.  An ephemeral table is 
 98782         -      ** filled with index keys representing the results from the 
 98783         -      ** SELECT or the <exprlist>.
 98784         -      **
 98785         -      ** If the 'x' expression is a column value, or the SELECT...
 98786         -      ** statement returns a column value, then the affinity of that
 98787         -      ** column is used to build the index keys. If both 'x' and the
 98788         -      ** SELECT... statement are columns, then numeric affinity is used
 98789         -      ** if either column has NUMERIC or INTEGER affinity. If neither
 98790         -      ** 'x' nor the SELECT... statement are columns, then numeric affinity
 98791         -      ** is used.
 98792         -      */
 98793         -      pExpr->iTable = pParse->nTab++;
 98794         -      addr = sqlite3VdbeAddOp2(v, OP_OpenEphemeral, 
 98795         -          pExpr->iTable, (isRowid?0:nVal));
 98796         -      pKeyInfo = isRowid ? 0 : sqlite3KeyInfoAlloc(pParse->db, nVal, 1);
 98797         -
 98798         -      if( ExprHasProperty(pExpr, EP_xIsSelect) ){
 98799         -        /* Case 1:     expr IN (SELECT ...)
 98800         -        **
 98801         -        ** Generate code to write the results of the select into the temporary
 98802         -        ** table allocated and opened above.
 98803         -        */
 98804         -        Select *pSelect = pExpr->x.pSelect;
 98805         -        ExprList *pEList = pSelect->pEList;
 98806         -
 98807         -        ExplainQueryPlan((pParse, 1, "%sLIST SUBQUERY",
 98808         -            jmpIfDynamic>=0?"":"CORRELATED "
 98809         -        ));
 98810         -        assert( !isRowid );
 98811         -        /* If the LHS and RHS of the IN operator do not match, that
 98812         -        ** error will have been caught long before we reach this point. */
 98813         -        if( ALWAYS(pEList->nExpr==nVal) ){
 98814         -          SelectDest dest;
 98815         -          int i;
 98816         -          sqlite3SelectDestInit(&dest, SRT_Set, pExpr->iTable);
 98817         -          dest.zAffSdst = exprINAffinity(pParse, pExpr);
 98818         -          pSelect->iLimit = 0;
 98819         -          testcase( pSelect->selFlags & SF_Distinct );
 98820         -          testcase( pKeyInfo==0 ); /* Caused by OOM in sqlite3KeyInfoAlloc() */
 98821         -          if( sqlite3Select(pParse, pSelect, &dest) ){
 98822         -            sqlite3DbFree(pParse->db, dest.zAffSdst);
 98823         -            sqlite3KeyInfoUnref(pKeyInfo);
 98824         -            return 0;
 98825         -          }
 98826         -          sqlite3DbFree(pParse->db, dest.zAffSdst);
 98827         -          assert( pKeyInfo!=0 ); /* OOM will cause exit after sqlite3Select() */
 98828         -          assert( pEList!=0 );
 98829         -          assert( pEList->nExpr>0 );
 98830         -          assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
 98831         -          for(i=0; i<nVal; i++){
 98832         -            Expr *p = sqlite3VectorFieldSubexpr(pLeft, i);
 98833         -            pKeyInfo->aColl[i] = sqlite3BinaryCompareCollSeq(
 98834         -                pParse, p, pEList->a[i].pExpr
 98835         -            );
 98836         -          }
 98837         -        }
 98838         -      }else if( ALWAYS(pExpr->x.pList!=0) ){
 98839         -        /* Case 2:     expr IN (exprlist)
 98840         -        **
 98841         -        ** For each expression, build an index key from the evaluation and
 98842         -        ** store it in the temporary table. If <expr> is a column, then use
 98843         -        ** that columns affinity when building index keys. If <expr> is not
 98844         -        ** a column, use numeric affinity.
 98845         -        */
 98846         -        char affinity;            /* Affinity of the LHS of the IN */
 98847         -        int i;
 98848         -        ExprList *pList = pExpr->x.pList;
 98849         -        struct ExprList_item *pItem;
 98850         -        int r1, r2, r3;
 98851         -        affinity = sqlite3ExprAffinity(pLeft);
 98852         -        if( !affinity ){
 98853         -          affinity = SQLITE_AFF_BLOB;
 98854         -        }
 98855         -        if( pKeyInfo ){
 98856         -          assert( sqlite3KeyInfoIsWriteable(pKeyInfo) );
 98857         -          pKeyInfo->aColl[0] = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
 98858         -        }
 98859         -
 98860         -        /* Loop through each expression in <exprlist>. */
 98861         -        r1 = sqlite3GetTempReg(pParse);
 98862         -        r2 = sqlite3GetTempReg(pParse);
 98863         -        if( isRowid ) sqlite3VdbeAddOp4(v, OP_Blob, 0, r2, 0, "", P4_STATIC);
 98864         -        for(i=pList->nExpr, pItem=pList->a; i>0; i--, pItem++){
 98865         -          Expr *pE2 = pItem->pExpr;
 98866         -          int iValToIns;
 98867         -
 98868         -          /* If the expression is not constant then we will need to
 98869         -          ** disable the test that was generated above that makes sure
 98870         -          ** this code only executes once.  Because for a non-constant
 98871         -          ** expression we need to rerun this code each time.
 98872         -          */
 98873         -          if( jmpIfDynamic>=0 && !sqlite3ExprIsConstant(pE2) ){
 98874         -            sqlite3VdbeChangeToNoop(v, jmpIfDynamic);
 98875         -            jmpIfDynamic = -1;
 98876         -          }
 98877         -
 98878         -          /* Evaluate the expression and insert it into the temp table */
 98879         -          if( isRowid && sqlite3ExprIsInteger(pE2, &iValToIns) ){
 98880         -            sqlite3VdbeAddOp3(v, OP_InsertInt, pExpr->iTable, r2, iValToIns);
 98881         -          }else{
 98882         -            r3 = sqlite3ExprCodeTarget(pParse, pE2, r1);
 98883         -            if( isRowid ){
 98884         -              sqlite3VdbeAddOp2(v, OP_MustBeInt, r3,
 98885         -                                sqlite3VdbeCurrentAddr(v)+2);
 98886         -              VdbeCoverage(v);
 98887         -              sqlite3VdbeAddOp3(v, OP_Insert, pExpr->iTable, r2, r3);
 98888         -            }else{
 98889         -              sqlite3VdbeAddOp4(v, OP_MakeRecord, r3, 1, r2, &affinity, 1);
 98890         -              sqlite3VdbeAddOp4Int(v, OP_IdxInsert, pExpr->iTable, r2, r3, 1);
 98891         -            }
 98892         -          }
 98893         -        }
 98894         -        sqlite3ReleaseTempReg(pParse, r1);
 98895         -        sqlite3ReleaseTempReg(pParse, r2);
 98896         -      }
 98897         -      if( pKeyInfo ){
 98898         -        sqlite3VdbeChangeP4(v, addr, (void *)pKeyInfo, P4_KEYINFO);
 98899         -      }
 98900         -      break;
 98901         -    }
 98902         -
 98903         -    case TK_EXISTS:
 98904         -    case TK_SELECT:
 98905         -    default: {
 98906         -      /* Case 3:    (SELECT ... FROM ...)
 98907         -      **     or:    EXISTS(SELECT ... FROM ...)
 98908         -      **
 98909         -      ** For a SELECT, generate code to put the values for all columns of
 98910         -      ** the first row into an array of registers and return the index of
 98911         -      ** the first register.
 98912         -      **
 98913         -      ** If this is an EXISTS, write an integer 0 (not exists) or 1 (exists)
 98914         -      ** into a register and return that register number.
 98915         -      **
 98916         -      ** In both cases, the query is augmented with "LIMIT 1".  Any 
 98917         -      ** preexisting limit is discarded in place of the new LIMIT 1.
 98918         -      */
 98919         -      Select *pSel;                         /* SELECT statement to encode */
 98920         -      SelectDest dest;                      /* How to deal with SELECT result */
 98921         -      int nReg;                             /* Registers to allocate */
 98922         -      Expr *pLimit;                         /* New limit expression */
 98923         -
 98924         -      testcase( pExpr->op==TK_EXISTS );
 98925         -      testcase( pExpr->op==TK_SELECT );
 98926         -      assert( pExpr->op==TK_EXISTS || pExpr->op==TK_SELECT );
 98927         -      assert( ExprHasProperty(pExpr, EP_xIsSelect) );
 98928         -
 98929         -      pSel = pExpr->x.pSelect;
 98930         -      ExplainQueryPlan((pParse, 1, "%sSCALAR SUBQUERY",
 98931         -            jmpIfDynamic>=0?"":"CORRELATED "));
 98932         -      nReg = pExpr->op==TK_SELECT ? pSel->pEList->nExpr : 1;
 98933         -      sqlite3SelectDestInit(&dest, 0, pParse->nMem+1);
 98934         -      pParse->nMem += nReg;
 98935         -      if( pExpr->op==TK_SELECT ){
 98936         -        dest.eDest = SRT_Mem;
 98937         -        dest.iSdst = dest.iSDParm;
 98938         -        dest.nSdst = nReg;
 98939         -        sqlite3VdbeAddOp3(v, OP_Null, 0, dest.iSDParm, dest.iSDParm+nReg-1);
 98940         -        VdbeComment((v, "Init subquery result"));
 98941         -      }else{
 98942         -        dest.eDest = SRT_Exists;
 98943         -        sqlite3VdbeAddOp2(v, OP_Integer, 0, dest.iSDParm);
 98944         -        VdbeComment((v, "Init EXISTS result"));
 98945         -      }
 98946         -      pLimit = sqlite3ExprAlloc(pParse->db, TK_INTEGER,&sqlite3IntTokens[1], 0);
 98947         -      if( pSel->pLimit ){
 98948         -        sqlite3ExprDelete(pParse->db, pSel->pLimit->pLeft);
 98949         -        pSel->pLimit->pLeft = pLimit;
 98950         -      }else{
 98951         -        pSel->pLimit = sqlite3PExpr(pParse, TK_LIMIT, pLimit, 0);
 98952         -      }
 98953         -      pSel->iLimit = 0;
 98954         -      if( sqlite3Select(pParse, pSel, &dest) ){
 98955         -        return 0;
 98956         -      }
 98957         -      rReg = dest.iSDParm;
 98958         -      ExprSetVVAProperty(pExpr, EP_NoReduce);
 98959         -      break;
 98960         -    }
 98961         -  }
 98962         -
 98963         -  if( rHasNullFlag ){
 98964         -    sqlite3SetHasNullFlag(v, pExpr->iTable, rHasNullFlag);
 98965         -  }
 98966         -
 98967         -  if( jmpIfDynamic>=0 ){
 98968         -    sqlite3VdbeJumpHere(v, jmpIfDynamic);
        99522  +    /* If this routine has already been coded, then invoke it as a
        99523  +    ** subroutine. */
        99524  +    if( ExprHasProperty(pExpr, EP_Subrtn) ){
        99525  +      ExplainQueryPlan((pParse, 0, "REUSE SUBQUERY %d", pSel->selId));
        99526  +      sqlite3VdbeAddOp2(v, OP_Gosub, pExpr->y.sub.regReturn,
        99527  +                        pExpr->y.sub.iAddr);
        99528  +      return pExpr->iTable;
        99529  +    }
        99530  +
        99531  +    /* Begin coding the subroutine */
        99532  +    ExprSetProperty(pExpr, EP_Subrtn);
        99533  +    pExpr->y.sub.regReturn = ++pParse->nMem;
        99534  +    pExpr->y.sub.iAddr =
        99535  +      sqlite3VdbeAddOp2(v, OP_Integer, 0, pExpr->y.sub.regReturn) + 1;
        99536  +    VdbeComment((v, "return address"));
        99537  +
        99538  +    addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
        99539  +  }
        99540  +  
        99541  +  /* For a SELECT, generate code to put the values for all columns of
        99542  +  ** the first row into an array of registers and return the index of
        99543  +  ** the first register.
        99544  +  **
        99545  +  ** If this is an EXISTS, write an integer 0 (not exists) or 1 (exists)
        99546  +  ** into a register and return that register number.
        99547  +  **
        99548  +  ** In both cases, the query is augmented with "LIMIT 1".  Any 
        99549  +  ** preexisting limit is discarded in place of the new LIMIT 1.
        99550  +  */
        99551  +  ExplainQueryPlan((pParse, 1, "%sSCALAR SUBQUERY %d",
        99552  +        addrOnce?"":"CORRELATED ", pSel->selId));
        99553  +  nReg = pExpr->op==TK_SELECT ? pSel->pEList->nExpr : 1;
        99554  +  sqlite3SelectDestInit(&dest, 0, pParse->nMem+1);
        99555  +  pParse->nMem += nReg;
        99556  +  if( pExpr->op==TK_SELECT ){
        99557  +    dest.eDest = SRT_Mem;
        99558  +    dest.iSdst = dest.iSDParm;
        99559  +    dest.nSdst = nReg;
        99560  +    sqlite3VdbeAddOp3(v, OP_Null, 0, dest.iSDParm, dest.iSDParm+nReg-1);
        99561  +    VdbeComment((v, "Init subquery result"));
        99562  +  }else{
        99563  +    dest.eDest = SRT_Exists;
        99564  +    sqlite3VdbeAddOp2(v, OP_Integer, 0, dest.iSDParm);
        99565  +    VdbeComment((v, "Init EXISTS result"));
        99566  +  }
        99567  +  pLimit = sqlite3ExprAlloc(pParse->db, TK_INTEGER,&sqlite3IntTokens[1], 0);
        99568  +  if( pSel->pLimit ){
        99569  +    sqlite3ExprDelete(pParse->db, pSel->pLimit->pLeft);
        99570  +    pSel->pLimit->pLeft = pLimit;
        99571  +  }else{
        99572  +    pSel->pLimit = sqlite3PExpr(pParse, TK_LIMIT, pLimit, 0);
        99573  +  }
        99574  +  pSel->iLimit = 0;
        99575  +  if( sqlite3Select(pParse, pSel, &dest) ){
        99576  +    return 0;
        99577  +  }
        99578  +  pExpr->iTable = rReg = dest.iSDParm;
        99579  +  ExprSetVVAProperty(pExpr, EP_NoReduce);
        99580  +  if( addrOnce ){
        99581  +    sqlite3VdbeJumpHere(v, addrOnce);
        99582  +
        99583  +    /* Subroutine return */
        99584  +    sqlite3VdbeAddOp1(v, OP_Return, pExpr->y.sub.regReturn);
        99585  +    sqlite3VdbeChangeP1(v, pExpr->y.sub.iAddr-1, sqlite3VdbeCurrentAddr(v)-1);
 98969  99586     }
 98970  99587   
 98971  99588     return rReg;
 98972  99589   }
 98973  99590   #endif /* SQLITE_OMIT_SUBQUERY */
 98974  99591   
 98975  99592   #ifndef SQLITE_OMIT_SUBQUERY
................................................................................
 99038  99655     Expr *pLeft;          /* The LHS of the IN operator */
 99039  99656     int i;                /* loop counter */
 99040  99657     int destStep2;        /* Where to jump when NULLs seen in step 2 */
 99041  99658     int destStep6 = 0;    /* Start of code for Step 6 */
 99042  99659     int addrTruthOp;      /* Address of opcode that determines the IN is true */
 99043  99660     int destNotNull;      /* Jump here if a comparison is not true in step 6 */
 99044  99661     int addrTop;          /* Top of the step-6 loop */ 
        99662  +  int iTab = 0;         /* Index to use */
 99045  99663   
 99046  99664     pLeft = pExpr->pLeft;
 99047  99665     if( sqlite3ExprCheckIN(pParse, pExpr) ) return;
 99048  99666     zAff = exprINAffinity(pParse, pExpr);
 99049  99667     nVector = sqlite3ExprVectorSize(pExpr->pLeft);
 99050  99668     aiMap = (int*)sqlite3DbMallocZero(
 99051  99669         pParse->db, nVector*(sizeof(int) + sizeof(char)) + 1
 99052  99670     );
 99053  99671     if( pParse->db->mallocFailed ) goto sqlite3ExprCodeIN_oom_error;
 99054  99672   
 99055  99673     /* Attempt to compute the RHS. After this step, if anything other than
 99056         -  ** IN_INDEX_NOOP is returned, the table opened ith cursor pExpr->iTable 
        99674  +  ** IN_INDEX_NOOP is returned, the table opened with cursor iTab
 99057  99675     ** contains the values that make up the RHS. If IN_INDEX_NOOP is returned,
 99058  99676     ** the RHS has not yet been coded.  */
 99059  99677     v = pParse->pVdbe;
 99060  99678     assert( v!=0 );       /* OOM detected prior to this routine */
 99061  99679     VdbeNoopComment((v, "begin IN expr"));
 99062  99680     eType = sqlite3FindInIndex(pParse, pExpr,
 99063  99681                                IN_INDEX_MEMBERSHIP | IN_INDEX_NOOP_OK,
 99064         -                             destIfFalse==destIfNull ? 0 : &rRhsHasNull, aiMap);
        99682  +                             destIfFalse==destIfNull ? 0 : &rRhsHasNull,
        99683  +                             aiMap, &iTab);
 99065  99684   
 99066  99685     assert( pParse->nErr || nVector==1 || eType==IN_INDEX_EPH
 99067  99686          || eType==IN_INDEX_INDEX_ASC || eType==IN_INDEX_INDEX_DESC 
 99068  99687     );
 99069  99688   #ifdef SQLITE_DEBUG
 99070  99689     /* Confirm that aiMap[] contains nVector integer values between 0 and
 99071  99690     ** nVector-1. */
................................................................................
 99103  99722     ** sequence of comparisons.
 99104  99723     **
 99105  99724     ** This is step (1) in the in-operator.md optimized algorithm.
 99106  99725     */
 99107  99726     if( eType==IN_INDEX_NOOP ){
 99108  99727       ExprList *pList = pExpr->x.pList;
 99109  99728       CollSeq *pColl = sqlite3ExprCollSeq(pParse, pExpr->pLeft);
 99110         -    int labelOk = sqlite3VdbeMakeLabel(v);
        99729  +    int labelOk = sqlite3VdbeMakeLabel(pParse);
 99111  99730       int r2, regToFree;
 99112  99731       int regCkNull = 0;
 99113  99732       int ii;
 99114  99733       assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
 99115  99734       if( destIfNull!=destIfFalse ){
 99116  99735         regCkNull = sqlite3GetTempReg(pParse);
 99117  99736         sqlite3VdbeAddOp3(v, OP_BitAnd, rLhs, rLhs, regCkNull);
................................................................................
 99147  99766     /* Step 2: Check to see if the LHS contains any NULL columns.  If the
 99148  99767     ** LHS does contain NULLs then the result must be either FALSE or NULL.
 99149  99768     ** We will then skip the binary search of the RHS.
 99150  99769     */
 99151  99770     if( destIfNull==destIfFalse ){
 99152  99771       destStep2 = destIfFalse;
 99153  99772     }else{
 99154         -    destStep2 = destStep6 = sqlite3VdbeMakeLabel(v);
        99773  +    destStep2 = destStep6 = sqlite3VdbeMakeLabel(pParse);
 99155  99774     }
 99156  99775     for(i=0; i<nVector; i++){
 99157  99776       Expr *p = sqlite3VectorFieldSubexpr(pExpr->pLeft, i);
 99158  99777       if( sqlite3ExprCanBeNull(p) ){
 99159  99778         sqlite3VdbeAddOp2(v, OP_IsNull, rLhs+i, destStep2);
 99160  99779         VdbeCoverage(v);
 99161  99780       }
................................................................................
 99165  99784     ** of the RHS using the LHS as a probe.  If found, the result is
 99166  99785     ** true.
 99167  99786     */
 99168  99787     if( eType==IN_INDEX_ROWID ){
 99169  99788       /* In this case, the RHS is the ROWID of table b-tree and so we also
 99170  99789       ** know that the RHS is non-NULL.  Hence, we combine steps 3 and 4
 99171  99790       ** into a single opcode. */
 99172         -    sqlite3VdbeAddOp3(v, OP_SeekRowid, pExpr->iTable, destIfFalse, rLhs);
        99791  +    sqlite3VdbeAddOp3(v, OP_SeekRowid, iTab, destIfFalse, rLhs);
 99173  99792       VdbeCoverage(v);
 99174  99793       addrTruthOp = sqlite3VdbeAddOp0(v, OP_Goto);  /* Return True */
 99175  99794     }else{
 99176  99795       sqlite3VdbeAddOp4(v, OP_Affinity, rLhs, nVector, 0, zAff, nVector);
 99177  99796       if( destIfFalse==destIfNull ){
 99178  99797         /* Combine Step 3 and Step 5 into a single opcode */
 99179         -      sqlite3VdbeAddOp4Int(v, OP_NotFound, pExpr->iTable, destIfFalse,
        99798  +      sqlite3VdbeAddOp4Int(v, OP_NotFound, iTab, destIfFalse,
 99180  99799                              rLhs, nVector); VdbeCoverage(v);
 99181  99800         goto sqlite3ExprCodeIN_finished;
 99182  99801       }
 99183  99802       /* Ordinary Step 3, for the case where FALSE and NULL are distinct */
 99184         -    addrTruthOp = sqlite3VdbeAddOp4Int(v, OP_Found, pExpr->iTable, 0,
        99803  +    addrTruthOp = sqlite3VdbeAddOp4Int(v, OP_Found, iTab, 0,
 99185  99804                                         rLhs, nVector); VdbeCoverage(v);
 99186  99805     }
 99187  99806   
 99188  99807     /* Step 4.  If the RHS is known to be non-NULL and we did not find
 99189  99808     ** an match on the search above, then the result must be FALSE.
 99190  99809     */
 99191  99810     if( rRhsHasNull && nVector==1 ){
................................................................................
 99202  99821     ** If any comparison is NULL, then the result is NULL.  If all
 99203  99822     ** comparisons are FALSE then the final result is FALSE.
 99204  99823     **
 99205  99824     ** For a scalar LHS, it is sufficient to check just the first row
 99206  99825     ** of the RHS.
 99207  99826     */
 99208  99827     if( destStep6 ) sqlite3VdbeResolveLabel(v, destStep6);
 99209         -  addrTop = sqlite3VdbeAddOp2(v, OP_Rewind, pExpr->iTable, destIfFalse);
        99828  +  addrTop = sqlite3VdbeAddOp2(v, OP_Rewind, iTab, destIfFalse);
 99210  99829     VdbeCoverage(v);
 99211  99830     if( nVector>1 ){
 99212         -    destNotNull = sqlite3VdbeMakeLabel(v);
        99831  +    destNotNull = sqlite3VdbeMakeLabel(pParse);
 99213  99832     }else{
 99214  99833       /* For nVector==1, combine steps 6 and 7 by immediately returning
 99215  99834       ** FALSE if the first comparison is not NULL */
 99216  99835       destNotNull = destIfFalse;
 99217  99836     }
 99218  99837     for(i=0; i<nVector; i++){
 99219  99838       Expr *p;
 99220  99839       CollSeq *pColl;
 99221  99840       int r3 = sqlite3GetTempReg(pParse);
 99222  99841       p = sqlite3VectorFieldSubexpr(pLeft, i);
 99223  99842       pColl = sqlite3ExprCollSeq(pParse, p);
 99224         -    sqlite3VdbeAddOp3(v, OP_Column, pExpr->iTable, i, r3);
        99843  +    sqlite3VdbeAddOp3(v, OP_Column, iTab, i, r3);
 99225  99844       sqlite3VdbeAddOp4(v, OP_Ne, rLhs+i, destNotNull, r3,
 99226  99845                         (void*)pColl, P4_COLLSEQ);
 99227  99846       VdbeCoverage(v);
 99228  99847       sqlite3ReleaseTempReg(pParse, r3);
 99229  99848     }
 99230  99849     sqlite3VdbeAddOp2(v, OP_Goto, 0, destIfNull);
 99231  99850     if( nVector>1 ){
 99232  99851       sqlite3VdbeResolveLabel(v, destNotNull);
 99233         -    sqlite3VdbeAddOp2(v, OP_Next, pExpr->iTable, addrTop+1);
        99852  +    sqlite3VdbeAddOp2(v, OP_Next, iTab, addrTop+1);
 99234  99853       VdbeCoverage(v);
 99235  99854   
 99236  99855       /* Step 7:  If we reach this point, we know that the result must
 99237  99856       ** be false. */
 99238  99857       sqlite3VdbeAddOp2(v, OP_Goto, 0, destIfFalse);
 99239  99858     }
 99240  99859   
................................................................................
 99425 100044       iResult = sqlite3ExprCodeTemp(pParse, p, piFreeable);
 99426 100045     }else{
 99427 100046       *piFreeable = 0;
 99428 100047       if( p->op==TK_SELECT ){
 99429 100048   #if SQLITE_OMIT_SUBQUERY
 99430 100049         iResult = 0;
 99431 100050   #else
 99432         -      iResult = sqlite3CodeSubselect(pParse, p, 0, 0);
       100051  +      iResult = sqlite3CodeSubselect(pParse, p);
 99433 100052   #endif
 99434 100053       }else{
 99435 100054         int i;
 99436 100055         iResult = pParse->nMem+1;
 99437 100056         pParse->nMem += nResult;
 99438 100057         for(i=0; i<nResult; i++){
 99439 100058           sqlite3ExprCodeFactorable(pParse, p->x.pList->a[i].pExpr, i+iResult);
................................................................................
 99770 100389         }
 99771 100390   
 99772 100391         /* Attempt a direct implementation of the built-in COALESCE() and
 99773 100392         ** IFNULL() functions.  This avoids unnecessary evaluation of
 99774 100393         ** arguments past the first non-NULL argument.
 99775 100394         */
 99776 100395         if( pDef->funcFlags & SQLITE_FUNC_COALESCE ){
 99777         -        int endCoalesce = sqlite3VdbeMakeLabel(v);
       100396  +        int endCoalesce = sqlite3VdbeMakeLabel(pParse);
 99778 100397           assert( nFarg>=2 );
 99779 100398           sqlite3ExprCode(pParse, pFarg->a[0].pExpr, target);
 99780 100399           for(i=1; i<nFarg; i++){
 99781 100400             sqlite3VdbeAddOp2(v, OP_NotNull, target, endCoalesce);
 99782 100401             VdbeCoverage(v);
 99783 100402             sqlite3ExprCode(pParse, pFarg->a[i].pExpr, target);
 99784 100403           }
................................................................................
 99899 100518       case TK_SELECT: {
 99900 100519         int nCol;
 99901 100520         testcase( op==TK_EXISTS );
 99902 100521         testcase( op==TK_SELECT );
 99903 100522         if( op==TK_SELECT && (nCol = pExpr->x.pSelect->pEList->nExpr)!=1 ){
 99904 100523           sqlite3SubselectError(pParse, nCol, 1);
 99905 100524         }else{
 99906         -        return sqlite3CodeSubselect(pParse, pExpr, 0, 0);
       100525  +        return sqlite3CodeSubselect(pParse, pExpr);
 99907 100526         }
 99908 100527         break;
 99909 100528       }
 99910 100529       case TK_SELECT_COLUMN: {
 99911 100530         int n;
 99912 100531         if( pExpr->pLeft->iTable==0 ){
 99913         -        pExpr->pLeft->iTable = sqlite3CodeSubselect(pParse, pExpr->pLeft, 0, 0);
       100532  +        pExpr->pLeft->iTable = sqlite3CodeSubselect(pParse, pExpr->pLeft);
 99914 100533         }
 99915 100534         assert( pExpr->iTable==0 || pExpr->pLeft->op==TK_SELECT );
 99916 100535         if( pExpr->iTable
 99917 100536          && pExpr->iTable!=(n = sqlite3ExprVectorSize(pExpr->pLeft)) 
 99918 100537         ){
 99919 100538           sqlite3ErrorMsg(pParse, "%d columns assigned %d values",
 99920 100539                                   pExpr->iTable, n);
 99921 100540         }
 99922 100541         return pExpr->pLeft->iTable + pExpr->iColumn;
 99923 100542       }
 99924 100543       case TK_IN: {
 99925         -      int destIfFalse = sqlite3VdbeMakeLabel(v);
 99926         -      int destIfNull = sqlite3VdbeMakeLabel(v);
       100544  +      int destIfFalse = sqlite3VdbeMakeLabel(pParse);
       100545  +      int destIfNull = sqlite3VdbeMakeLabel(pParse);
 99927 100546         sqlite3VdbeAddOp2(v, OP_Null, 0, target);
 99928 100547         sqlite3ExprCodeIN(pParse, pExpr, destIfFalse, destIfNull);
 99929 100548         sqlite3VdbeAddOp2(v, OP_Integer, 1, target);
 99930 100549         sqlite3VdbeResolveLabel(v, destIfFalse);
 99931 100550         sqlite3VdbeAddOp2(v, OP_AddImm, target, 0);
 99932 100551         sqlite3VdbeResolveLabel(v, destIfNull);
 99933 100552         return target;
................................................................................
100059 100678         Expr *pTest = 0;                  /* X==Ei (form A) or just Ei (form B) */
100060 100679   
100061 100680         assert( !ExprHasProperty(pExpr, EP_xIsSelect) && pExpr->x.pList );
100062 100681         assert(pExpr->x.pList->nExpr > 0);
100063 100682         pEList = pExpr->x.pList;
100064 100683         aListelem = pEList->a;
100065 100684         nExpr = pEList->nExpr;
100066         -      endLabel = sqlite3VdbeMakeLabel(v);
       100685  +      endLabel = sqlite3VdbeMakeLabel(pParse);
100067 100686         if( (pX = pExpr->pLeft)!=0 ){
100068         -        tempX = *pX;
       100687  +        exprNodeCopy(&tempX, pX);
100069 100688           testcase( pX->op==TK_COLUMN );
100070 100689           exprToRegister(&tempX, exprCodeVector(pParse, &tempX, &regFree1));
100071 100690           testcase( regFree1==0 );
100072 100691           memset(&opCompare, 0, sizeof(opCompare));
100073 100692           opCompare.op = TK_EQ;
100074 100693           opCompare.pLeft = &tempX;
100075 100694           pTest = &opCompare;
................................................................................
100082 100701         for(i=0; i<nExpr-1; i=i+2){
100083 100702           if( pX ){
100084 100703             assert( pTest!=0 );
100085 100704             opCompare.pRight = aListelem[i].pExpr;
100086 100705           }else{
100087 100706             pTest = aListelem[i].pExpr;
100088 100707           }
100089         -        nextCase = sqlite3VdbeMakeLabel(v);
       100708  +        nextCase = sqlite3VdbeMakeLabel(pParse);
100090 100709           testcase( pTest->op==TK_COLUMN );
100091 100710           sqlite3ExprIfFalse(pParse, pTest, nextCase, SQLITE_JUMPIFNULL);
100092 100711           testcase( aListelem[i+1].pExpr->op==TK_COLUMN );
100093 100712           sqlite3ExprCode(pParse, aListelem[i+1].pExpr, target);
100094 100713           sqlite3VdbeGoto(v, endLabel);
100095 100714           sqlite3VdbeResolveLabel(v, nextCase);
100096 100715         }
................................................................................
100382 101001   ){
100383 101002    Expr exprAnd;     /* The AND operator in  x>=y AND x<=z  */
100384 101003     Expr compLeft;    /* The  x>=y  term */
100385 101004     Expr compRight;   /* The  x<=z  term */
100386 101005     Expr exprX;       /* The  x  subexpression */
100387 101006     int regFree1 = 0; /* Temporary use register */
100388 101007   
100389         -
100390 101008     memset(&compLeft, 0, sizeof(Expr));
100391 101009     memset(&compRight, 0, sizeof(Expr));
100392 101010     memset(&exprAnd, 0, sizeof(Expr));
100393 101011   
100394 101012     assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
100395         -  exprX = *pExpr->pLeft;
       101013  +  exprNodeCopy(&exprX, pExpr->pLeft);
100396 101014     exprAnd.op = TK_AND;
100397 101015     exprAnd.pLeft = &compLeft;
100398 101016     exprAnd.pRight = &compRight;
100399 101017     compLeft.op = TK_GE;
100400 101018     compLeft.pLeft = &exprX;
100401 101019     compLeft.pRight = pExpr->x.pList->a[0].pExpr;
100402 101020     compRight.op = TK_LE;
................................................................................
100451 101069   
100452 101070     assert( jumpIfNull==SQLITE_JUMPIFNULL || jumpIfNull==0 );
100453 101071     if( NEVER(v==0) )     return;  /* Existence of VDBE checked by caller */
100454 101072     if( NEVER(pExpr==0) ) return;  /* No way this can happen */
100455 101073     op = pExpr->op;
100456 101074     switch( op ){
100457 101075       case TK_AND: {
100458         -      int d2 = sqlite3VdbeMakeLabel(v);
       101076  +      int d2 = sqlite3VdbeMakeLabel(pParse);
100459 101077         testcase( jumpIfNull==0 );
100460 101078         sqlite3ExprIfFalse(pParse, pExpr->pLeft, d2,jumpIfNull^SQLITE_JUMPIFNULL);
100461 101079         sqlite3ExprIfTrue(pParse, pExpr->pRight, dest, jumpIfNull);
100462 101080         sqlite3VdbeResolveLabel(v, d2);
100463 101081         break;
100464 101082       }
100465 101083       case TK_OR: {
................................................................................
100537 101155       case TK_BETWEEN: {
100538 101156         testcase( jumpIfNull==0 );
100539 101157         exprCodeBetween(pParse, pExpr, dest, sqlite3ExprIfTrue, jumpIfNull);
100540 101158         break;
100541 101159       }
100542 101160   #ifndef SQLITE_OMIT_SUBQUERY
100543 101161       case TK_IN: {
100544         -      int destIfFalse = sqlite3VdbeMakeLabel(v);
       101162  +      int destIfFalse = sqlite3VdbeMakeLabel(pParse);
100545 101163         int destIfNull = jumpIfNull ? dest : destIfFalse;
100546 101164         sqlite3ExprCodeIN(pParse, pExpr, destIfFalse, destIfNull);
100547 101165         sqlite3VdbeGoto(v, dest);
100548 101166         sqlite3VdbeResolveLabel(v, destIfFalse);
100549 101167         break;
100550 101168       }
100551 101169   #endif
................................................................................
100624 101242       case TK_AND: {
100625 101243         testcase( jumpIfNull==0 );
100626 101244         sqlite3ExprIfFalse(pParse, pExpr->pLeft, dest, jumpIfNull);
100627 101245         sqlite3ExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
100628 101246         break;
100629 101247       }
100630 101248       case TK_OR: {
100631         -      int d2 = sqlite3VdbeMakeLabel(v);
       101249  +      int d2 = sqlite3VdbeMakeLabel(pParse);
100632 101250         testcase( jumpIfNull==0 );
100633 101251         sqlite3ExprIfTrue(pParse, pExpr->pLeft, d2, jumpIfNull^SQLITE_JUMPIFNULL);
100634 101252         sqlite3ExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
100635 101253         sqlite3VdbeResolveLabel(v, d2);
100636 101254         break;
100637 101255       }
100638 101256       case TK_NOT: {
................................................................................
100708 101326         break;
100709 101327       }
100710 101328   #ifndef SQLITE_OMIT_SUBQUERY
100711 101329       case TK_IN: {
100712 101330         if( jumpIfNull ){
100713 101331           sqlite3ExprCodeIN(pParse, pExpr, dest, dest);
100714 101332         }else{
100715         -        int destIfNull = sqlite3VdbeMakeLabel(v);
       101333  +        int destIfNull = sqlite3VdbeMakeLabel(pParse);
100716 101334           sqlite3ExprCodeIN(pParse, pExpr, dest, destIfNull);
100717 101335           sqlite3VdbeResolveLabel(v, destIfNull);
100718 101336         }
100719 101337         break;
100720 101338       }
100721 101339   #endif
100722 101340       default: {
................................................................................
100829 101447     combinedFlags = pA->flags | pB->flags;
100830 101448     if( combinedFlags & EP_IntValue ){
100831 101449       if( (pA->flags&pB->flags&EP_IntValue)!=0 && pA->u.iValue==pB->u.iValue ){
100832 101450         return 0;
100833 101451       }
100834 101452       return 2;
100835 101453     }
100836         -  if( pA->op!=pB->op ){
       101454  +  if( pA->op!=pB->op || pA->op==TK_RAISE ){
100837 101455       if( pA->op==TK_COLLATE && sqlite3ExprCompare(pParse, pA->pLeft,pB,iTab)<2 ){
100838 101456         return 1;
100839 101457       }
100840 101458       if( pB->op==TK_COLLATE && sqlite3ExprCompare(pParse, pA,pB->pLeft,iTab)<2 ){
100841 101459         return 1;
100842 101460       }
100843 101461       return 2;
................................................................................
100855 101473         ** if we reach this point, either A and B both window functions or
100856 101474         ** neither are a window functions. */
100857 101475         assert( ExprHasProperty(pA,EP_WinFunc)==ExprHasProperty(pB,EP_WinFunc) );
100858 101476         if( ExprHasProperty(pA,EP_WinFunc) ){
100859 101477           if( sqlite3WindowCompare(pParse,pA->y.pWin,pB->y.pWin)!=0 ) return 2;
100860 101478         }
100861 101479   #endif
       101480  +    }else if( pA->op==TK_NULL ){
       101481  +      return 0;
100862 101482       }else if( pA->op==TK_COLLATE ){
100863 101483         if( sqlite3_stricmp(pA->u.zToken,pB->u.zToken)!=0 ) return 2;
100864         -    }else if( strcmp(pA->u.zToken,pB->u.zToken)!=0 ){
       101484  +    }else if( ALWAYS(pB->u.zToken!=0) && strcmp(pA->u.zToken,pB->u.zToken)!=0 ){
100865 101485         return 2;
100866 101486       }
100867 101487     }
100868 101488     if( (pA->flags & EP_Distinct)!=(pB->flags & EP_Distinct) ) return 2;
100869         -  if( ALWAYS((combinedFlags & EP_TokenOnly)==0) ){
       101489  +  if( (combinedFlags & EP_TokenOnly)==0 ){
100870 101490       if( combinedFlags & EP_xIsSelect ) return 2;
100871 101491       if( (combinedFlags & EP_FixedCol)==0
100872 101492        && sqlite3ExprCompare(pParse, pA->pLeft, pB->pLeft, iTab) ) return 2;
100873 101493       if( sqlite3ExprCompare(pParse, pA->pRight, pB->pRight, iTab) ) return 2;
100874 101494       if( sqlite3ExprListCompare(pA->x.pList, pB->x.pList, iTab) ) return 2;
100875         -    assert( (combinedFlags & EP_Reduced)==0 );
100876         -    if( pA->op!=TK_STRING && pA->op!=TK_TRUEFALSE ){
       101495  +    if( pA->op!=TK_STRING
       101496  +     && pA->op!=TK_TRUEFALSE
       101497  +     && (combinedFlags & EP_Reduced)==0
       101498  +    ){
100877 101499         if( pA->iColumn!=pB->iColumn ) return 2;
100878 101500         if( pA->iTable!=pB->iTable 
100879 101501          && (pA->iTable!=iTab || NEVER(pB->iTable>=0)) ) return 2;
100880 101502       }
100881 101503     }
100882 101504     return 0;
100883 101505   }
................................................................................
100978 101600     testcase( pExpr->op==TK_AGG_COLUMN );
100979 101601     testcase( pExpr->op==TK_AGG_FUNCTION );
100980 101602     if( ExprHasProperty(pExpr, EP_FromJoin) ) return WRC_Prune;
100981 101603     switch( pExpr->op ){
100982 101604       case TK_ISNOT:
100983 101605       case TK_NOT:
100984 101606       case TK_ISNULL:
       101607  +    case TK_NOTNULL:
100985 101608       case TK_IS:
100986 101609       case TK_OR:
100987 101610       case TK_CASE:
100988 101611       case TK_IN:
100989 101612       case TK_FUNCTION:
100990 101613         testcase( pExpr->op==TK_ISNOT );
100991 101614         testcase( pExpr->op==TK_NOT );
100992 101615         testcase( pExpr->op==TK_ISNULL );
       101616  +      testcase( pExpr->op==TK_NOTNULL );
100993 101617         testcase( pExpr->op==TK_IS );
100994 101618         testcase( pExpr->op==TK_OR );
100995 101619         testcase( pExpr->op==TK_CASE );
100996 101620         testcase( pExpr->op==TK_IN );
100997 101621         testcase( pExpr->op==TK_FUNCTION );
100998 101622         return WRC_Prune;
100999 101623       case TK_COLUMN:
................................................................................
101359 101983   SQLITE_PRIVATE void sqlite3ExprAnalyzeAggregates(NameContext *pNC, Expr *pExpr){
101360 101984     Walker w;
101361 101985     w.xExprCallback = analyzeAggregate;
101362 101986     w.xSelectCallback = analyzeAggregatesInSelect;
101363 101987     w.xSelectCallback2 = analyzeAggregatesInSelectEnd;
101364 101988     w.walkerDepth = 0;
101365 101989     w.u.pNC = pNC;
       101990  +  w.pParse = 0;
101366 101991     assert( pNC->pSrcList!=0 );
101367 101992     sqlite3WalkExpr(&w, pExpr);
101368 101993   }
101369 101994   
101370 101995   /*
101371 101996   ** Call sqlite3ExprAnalyzeAggregates() for every expression in an
101372 101997   ** expression list.  Return the number of errors.
................................................................................
101490 102115   ** Parameter zName is the name of a table that is about to be altered
101491 102116   ** (either with ALTER TABLE ... RENAME TO or ALTER TABLE ... ADD COLUMN).
101492 102117   ** If the table is a system table, this function leaves an error message
101493 102118   ** in pParse->zErr (system tables may not be altered) and returns non-zero.
101494 102119   **
101495 102120   ** Or, if zName is not a system table, zero is returned.
101496 102121   */
101497         -static int isSystemTable(Parse *pParse, const char *zName){
101498         -  if( 0==sqlite3StrNICmp(zName, "sqlite_", 7) ){
101499         -    sqlite3ErrorMsg(pParse, "table %s may not be altered", zName);
       102122  +static int isAlterableTable(Parse *pParse, Table *pTab){
       102123  +  if( 0==sqlite3StrNICmp(pTab->zName, "sqlite_", 7) 
       102124  +#ifndef SQLITE_OMIT_VIRTUALTABLE
       102125  +   || ( (pTab->tabFlags & TF_Shadow) 
       102126  +     && (pParse->db->flags & SQLITE_Defensive)
       102127  +     && pParse->db->nVdbeExec==0
       102128  +   )
       102129  +#endif
       102130  +  ){
       102131  +    sqlite3ErrorMsg(pParse, "table %s may not be altered", pTab->zName);
101500 102132       return 1;
101501 102133     }
101502 102134     return 0;
101503 102135   }
101504 102136   
101505 102137   /*
101506 102138   ** Generate code to verify that the schemas of database zDb and, if
................................................................................
101588 102220           "there is already another table or index with this name: %s", zName);
101589 102221       goto exit_rename_table;
101590 102222     }
101591 102223   
101592 102224     /* Make sure it is not a system table being altered, or a reserved name
101593 102225     ** that the table is being renamed to.
101594 102226     */
101595         -  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
       102227  +  if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
101596 102228       goto exit_rename_table;
101597 102229     }
101598 102230     if( SQLITE_OK!=sqlite3CheckObjectName(pParse, zName) ){ goto
101599 102231       exit_rename_table;
101600 102232     }
101601 102233   
101602 102234   #ifndef SQLITE_OMIT_VIEW
................................................................................
101886 102518   #endif
101887 102519   
101888 102520     /* Make sure this is not an attempt to ALTER a view. */
101889 102521     if( pTab->pSelect ){
101890 102522       sqlite3ErrorMsg(pParse, "Cannot add a column to a view");
101891 102523       goto exit_begin_add_column;
101892 102524     }
101893         -  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ){
       102525  +  if( SQLITE_OK!=isAlterableTable(pParse, pTab) ){
101894 102526       goto exit_begin_add_column;
101895 102527     }
101896 102528   
101897 102529     assert( pTab->addColOffset>0 );
101898 102530     iDb = sqlite3SchemaToIndex(db, pTab->pSchema);
101899 102531   
101900 102532     /* Put a copy of the Table struct in Parse.pNewTable for the
................................................................................
101988 102620     int bQuote;                     /* True to quote the new name */
101989 102621   
101990 102622     /* Locate the table to be altered */
101991 102623     pTab = sqlite3LocateTableItem(pParse, 0, &pSrc->a[0]);
101992 102624     if( !pTab ) goto exit_rename_column;
101993 102625   
101994 102626     /* Cannot alter a system table */
101995         -  if( SQLITE_OK!=isSystemTable(pParse, pTab->zName) ) goto exit_rename_column;
       102627  +  if( SQLITE_OK!=isAlterableTable(pParse, pTab) ) goto exit_rename_column;
101996 102628     if( SQLITE_OK!=isRealTable(pParse, pTab) ) goto exit_rename_column;
101997 102629   
101998 102630     /* Which schema holds the table to be altered */  
101999 102631     iSchema = sqlite3SchemaToIndex(db, pTab->pSchema);
102000 102632     assert( iSchema>=0 );
102001 102633     zDb = db->aDb[iSchema].zDbSName;
102002 102634   
................................................................................
102241 102873         pToken->pNext = pCtx->pList;
102242 102874         pCtx->pList = pToken;
102243 102875         pCtx->nList++;
102244 102876         break;
102245 102877       }
102246 102878     }
102247 102879   }
       102880  +
       102881  +/*
       102882  +** Iterate through the Select objects that are part of WITH clauses attached
       102883  +** to select statement pSelect.
       102884  +*/
       102885  +static void renameWalkWith(Walker *pWalker, Select *pSelect){
       102886  +  if( pSelect->pWith ){
       102887  +    int i;
       102888  +    for(i=0; i<pSelect->pWith->nCte; i++){
       102889  +      Select *p = pSelect->pWith->a[i].pSelect;
       102890  +      NameContext sNC;
       102891  +      memset(&sNC, 0, sizeof(sNC));
       102892  +      sNC.pParse = pWalker->pParse;
       102893  +      sqlite3SelectPrep(sNC.pParse, p, &sNC);
       102894  +      sqlite3WalkSelect(pWalker, p);
       102895  +    }
       102896  +  }
       102897  +}
102248 102898   
102249 102899   /*
102250 102900   ** This is a Walker select callback. It does nothing. It is only required
102251 102901   ** because without a dummy callback, sqlite3WalkExpr() and similar do not
102252 102902   ** descend into sub-select statements.
102253 102903   */
102254 102904   static int renameColumnSelectCb(Walker *pWalker, Select *p){
102255         -  UNUSED_PARAMETER(pWalker);
102256         -  UNUSED_PARAMETER(p);
       102905  +  renameWalkWith(pWalker, p);
102257 102906     return WRC_Continue;
102258 102907   }
102259 102908   
102260 102909   /*
102261 102910   ** This is a Walker expression callback.
102262 102911   **
102263 102912   ** For every TK_COLUMN node in the expression tree, search to see
................................................................................
102399 103048     memset(p, 0, sizeof(Parse));
102400 103049     p->eParseMode = (bTable ? PARSE_MODE_RENAME_TABLE : PARSE_MODE_RENAME_COLUMN);
102401 103050     p->db = db;
102402 103051     p->nQueryLoop = 1;
102403 103052     rc = sqlite3RunParser(p, zSql, &zErr);
102404 103053     assert( p->zErrMsg==0 );
102405 103054     assert( rc!=SQLITE_OK || zErr==0 );
102406         -  assert( (0!=p->pNewTable) + (0!=p->pNewIndex) + (0!=p->pNewTrigger)<2 );
102407 103055     p->zErrMsg = zErr;
102408 103056     if( db->mallocFailed ) rc = SQLITE_NOMEM;
102409 103057     if( rc==SQLITE_OK 
102410 103058      && p->pNewTable==0 && p->pNewIndex==0 && p->pNewTrigger==0 
102411 103059     ){
102412 103060       rc = SQLITE_CORRUPT_BKPT;
102413 103061     }
................................................................................
102582 103230               rc = sqlite3ResolveExprNames(&sNC, pUpsert->pUpsertWhere);
102583 103231             }
102584 103232             if( rc==SQLITE_OK ){
102585 103233               rc = sqlite3ResolveExprNames(&sNC, pUpsert->pUpsertTargetWhere);
102586 103234             }
102587 103235             sNC.ncFlags = 0;
102588 103236           }
       103237  +        sNC.pSrcList = 0;
102589 103238         }
102590 103239       }
102591 103240     }
102592 103241     return rc;
102593 103242   }
102594 103243   
102595 103244   /*
................................................................................
102619 103268   
102620 103269   /*
102621 103270   ** Free the contents of Parse object (*pParse). Do not free the memory
102622 103271   ** occupied by the Parse object itself.
102623 103272   */
102624 103273   static void renameParseCleanup(Parse *pParse){
102625 103274     sqlite3 *db = pParse->db;
       103275  +  Index *pIdx;
102626 103276     if( pParse->pVdbe ){
102627 103277       sqlite3VdbeFinalize(pParse->pVdbe);
102628 103278     }
102629 103279     sqlite3DeleteTable(db, pParse->pNewTable);
102630         -  if( pParse->pNewIndex ) sqlite3FreeIndex(db, pParse->pNewIndex);
       103280  +  while( (pIdx = pParse->pNewIndex)!=0 ){
       103281  +    pParse->pNewIndex = pIdx->pNext;
       103282  +    sqlite3FreeIndex(db, pIdx);
       103283  +  }
102631 103284     sqlite3DeleteTrigger(db, pParse->pNewTrigger);
102632 103285     sqlite3DbFree(db, pParse->zErrMsg);
102633 103286     renameTokenFree(db, pParse->pRename);
102634 103287     sqlite3ParserReset(pParse);
102635 103288   }
102636 103289   
102637 103290   /*
................................................................................
102734 103387           if( sCtx.iCol<0 ){
102735 103388             renameTokenFind(&sParse, &sCtx, (void*)&sParse.pNewTable->iPKey);
102736 103389           }
102737 103390           sqlite3WalkExprList(&sWalker, sParse.pNewTable->pCheck);
102738 103391           for(pIdx=sParse.pNewTable->pIndex; pIdx; pIdx=pIdx->pNext){
102739 103392             sqlite3WalkExprList(&sWalker, pIdx->aColExpr);
102740 103393           }
       103394  +        for(pIdx=sParse.pNewIndex; pIdx; pIdx=pIdx->pNext){
       103395  +          sqlite3WalkExprList(&sWalker, pIdx->aColExpr);
       103396  +        }
102741 103397         }
102742 103398   
102743 103399         for(pFKey=sParse.pNewTable->pFKey; pFKey; pFKey=pFKey->pNextFrom){
102744 103400           for(i=0; i<pFKey->nCol; i++){
102745 103401             if( bFKOnly==0 && pFKey->aCol[i].iFrom==iCol ){
102746 103402               renameTokenFind(&sParse, &sCtx, (void*)&pFKey->aCol[i]);
102747 103403             }
................................................................................
102820 103476   /*
102821 103477   ** Walker select callback used by "RENAME TABLE". 
102822 103478   */
102823 103479   static int renameTableSelectCb(Walker *pWalker, Select *pSelect){
102824 103480     int i;
102825 103481     RenameCtx *p = pWalker->u.pRename;
102826 103482     SrcList *pSrc = pSelect->pSrc;
       103483  +  if( pSrc==0 ){
       103484  +    assert( pWalker->pParse->db->mallocFailed );
       103485  +    return WRC_Abort;
       103486  +  }
102827 103487     for(i=0; i<pSrc->nSrc; i++){
102828 103488       struct SrcList_item *pItem = &pSrc->a[i];
102829 103489       if( pItem->pTab==p->pTab ){
102830 103490         renameTokenFind(pWalker->pParse, p, pItem->zName);
102831 103491       }
102832 103492     }
       103493  +  renameWalkWith(pWalker, pSelect);
102833 103494   
102834 103495     return WRC_Continue;
102835 103496   }
102836 103497   
102837 103498   
102838 103499   /*
102839 103500   ** This C function implements an SQL user function that is used by SQL code
................................................................................
104227 104888       */
104228 104889       addrRewind = sqlite3VdbeAddOp1(v, OP_Rewind, iIdxCur);
104229 104890       VdbeCoverage(v);
104230 104891       sqlite3VdbeAddOp2(v, OP_Integer, 0, regChng);
104231 104892       addrNextRow = sqlite3VdbeCurrentAddr(v);
104232 104893   
104233 104894       if( nColTest>0 ){
104234         -      int endDistinctTest = sqlite3VdbeMakeLabel(v);
       104895  +      int endDistinctTest = sqlite3VdbeMakeLabel(pParse);
104235 104896         int *aGotoChng;               /* Array of jump instruction addresses */
104236 104897         aGotoChng = sqlite3DbMallocRawNN(db, sizeof(int)*nColTest);
104237 104898         if( aGotoChng==0 ) continue;
104238 104899   
104239 104900         /*
104240 104901         **  next_row:
104241 104902         **   regChng = 0
................................................................................
105165 105826         sqlite3_result_error(context, zErr, -1);
105166 105827         sqlite3_free(zErr);
105167 105828         return;
105168 105829       }
105169 105830       assert( pVfs );
105170 105831       flags |= SQLITE_OPEN_MAIN_DB;
105171 105832       rc = sqlite3BtreeOpen(pVfs, zPath, db, &pNew->pBt, 0, flags);
105172         -    sqlite3_free( zPath );
105173 105833       db->nDb++;
       105834  +    pNew->zDbSName = sqlite3DbStrDup(db, zName);
105174 105835     }
105175 105836     db->noSharedCache = 0;
105176 105837     if( rc==SQLITE_CONSTRAINT ){
105177 105838       rc = SQLITE_ERROR;
105178 105839       zErrDyn = sqlite3MPrintf(db, "database is already attached");
105179 105840     }else if( rc==SQLITE_OK ){
105180 105841       Pager *pPager;
................................................................................
105194 105855   #ifndef SQLITE_OMIT_PAGER_PRAGMAS
105195 105856       sqlite3BtreeSetPagerFlags(pNew->pBt,
105196 105857                         PAGER_SYNCHRONOUS_FULL | (db->flags & PAGER_FLAGS_MASK));
105197 105858   #endif
105198 105859       sqlite3BtreeLeave(pNew->pBt);
105199 105860     }
105200 105861     pNew->safety_level = SQLITE_DEFAULT_SYNCHRONOUS+1;
105201         -  if( !REOPEN_AS_MEMDB(db) ) pNew->zDbSName = sqlite3DbStrDup(db, zName);
105202 105862     if( rc==SQLITE_OK && pNew->zDbSName==0 ){
105203 105863       rc = SQLITE_NOMEM_BKPT;
105204 105864     }
105205 105865   
105206 105866   
105207 105867   #ifdef SQLITE_HAS_CODEC
105208 105868     if( rc==SQLITE_OK ){
................................................................................
105222 105882         case SQLITE_BLOB:
105223 105883           nKey = sqlite3_value_bytes(argv[2]);
105224 105884           zKey = (char *)sqlite3_value_blob(argv[2]);
105225 105885           rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
105226 105886           break;
105227 105887   
105228 105888         case SQLITE_NULL:
105229         -        /* No key specified.  Use the key from the main database */
105230         -        sqlite3CodecGetKey(db, 0, (void**)&zKey, &nKey);
105231         -        if( nKey || sqlite3BtreeGetOptimalReserve(db->aDb[0].pBt)>0 ){
105232         -          rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
       105889  +        /* No key specified.  Use the key from URI filename, or if none,
       105890  +        ** use the key from the main database. */
       105891  +        if( sqlite3CodecQueryParameters(db, zName, zPath)==0 ){
       105892  +          sqlite3CodecGetKey(db, 0, (void**)&zKey, &nKey);
       105893  +          if( nKey || sqlite3BtreeGetOptimalReserve(db->aDb[0].pBt)>0 ){
       105894  +            rc = sqlite3CodecAttach(db, db->nDb-1, zKey, nKey);
       105895  +          }
105233 105896           }
105234 105897           break;
105235 105898       }
105236 105899     }
105237 105900   #endif
       105901  +  sqlite3_free( zPath );
105238 105902   
105239 105903     /* If the file was opened successfully, read the schema for the new database.
105240 105904     ** If this fails, or if opening the file failed, then close the file and 
105241 105905     ** remove the entry from the db->aDb[] array. i.e. put everything back the
105242 105906     ** way we found it.
105243 105907     */
105244 105908     if( rc==SQLITE_OK ){
................................................................................
106142 106806   
106143 106807   
106144 106808     /* Get the VDBE program ready for execution
106145 106809     */
106146 106810     if( v && pParse->nErr==0 && !db->mallocFailed ){
106147 106811       /* A minimum of one cursor is required if autoincrement is used
106148 106812       *  See ticket [a696379c1f08866] */
106149         -    if( pParse->pAinc!=0 && pParse->nTab==0 ) pParse->nTab = 1;
       106813  +    assert( pParse->pAinc==0 || pParse->nTab>0 );
106150 106814       sqlite3VdbeMakeReady(v, pParse);
106151 106815       pParse->rc = SQLITE_DONE;
106152 106816     }else{
106153 106817       pParse->rc = SQLITE_ERROR;
106154 106818     }
106155 106819   }
106156 106820   
................................................................................
106269 106933      && SQLITE_OK!=sqlite3ReadSchema(pParse)
106270 106934     ){
106271 106935       return 0;
106272 106936     }
106273 106937   
106274 106938     p = sqlite3FindTable(db, zName, zDbase);
106275 106939     if( p==0 ){
106276         -    const char *zMsg = flags & LOCATE_VIEW ? "no such view" : "no such table";
106277 106940   #ifndef SQLITE_OMIT_VIRTUALTABLE
106278 106941       /* If zName is the not the name of a table in the schema created using
106279 106942       ** CREATE, then check to see if it is the name of an virtual table that
106280 106943       ** can be an eponymous virtual table. */
106281         -    Module *pMod = (Module*)sqlite3HashFind(&db->aModule, zName);
106282         -    if( pMod==0 && sqlite3_strnicmp(zName, "pragma_", 7)==0 ){
106283         -      pMod = sqlite3PragmaVtabRegister(db, zName);
106284         -    }
106285         -    if( pMod && sqlite3VtabEponymousTableInit(pParse, pMod) ){
106286         -      return pMod->pEpoTab;
       106944  +    if( pParse->disableVtab==0 ){
       106945  +      Module *pMod = (Module*)sqlite3HashFind(&db->aModule, zName);
       106946  +      if( pMod==0 && sqlite3_strnicmp(zName, "pragma_", 7)==0 ){
       106947  +        pMod = sqlite3PragmaVtabRegister(db, zName);
       106948  +      }
       106949  +      if( pMod && sqlite3VtabEponymousTableInit(pParse, pMod) ){
       106950  +        return pMod->pEpoTab;
       106951  +      }
106287 106952       }
106288 106953   #endif
106289         -    if( (flags & LOCATE_NOERR)==0 ){
106290         -      if( zDbase ){
106291         -        sqlite3ErrorMsg(pParse, "%s: %s.%s", zMsg, zDbase, zName);
106292         -      }else{
106293         -        sqlite3ErrorMsg(pParse, "%s: %s", zMsg, zName);
106294         -      }
106295         -      pParse->checkSchema = 1;
       106954  +    if( flags & LOCATE_NOERR ) return 0;
       106955  +    pParse->checkSchema = 1;
       106956  +  }else if( IsVirtual(p) && pParse->disableVtab ){
       106957  +    p = 0;
       106958  +  }
       106959  +
       106960  +  if( p==0 ){
       106961  +    const char *zMsg = flags & LOCATE_VIEW ? "no such view" : "no such table";
       106962  +    if( zDbase ){
       106963  +      sqlite3ErrorMsg(pParse, "%s: %s.%s", zMsg, zDbase, zName);
       106964  +    }else{
       106965  +      sqlite3ErrorMsg(pParse, "%s: %s", zMsg, zName);
106296 106966       }
106297 106967     }
106298 106968   
106299 106969     return p;
106300 106970   }
106301 106971   
106302 106972   /*
................................................................................
106551 107221     }
106552 107222   
106553 107223     /* Delete any foreign keys attached to this table. */
106554 107224     sqlite3FkDelete(db, pTable);
106555 107225   
106556 107226     /* Delete the Table structure itself.
106557 107227     */
106558         -#ifdef SQLITE_ENABLE_NORMALIZE
106559         -  if( pTable->pColHash ){
106560         -    sqlite3HashClear(pTable->pColHash);
106561         -    sqlite3_free(pTable->pColHash);
106562         -  }
106563         -#endif
106564 107228     sqlite3DeleteColumnNames(db, pTable);
106565 107229     sqlite3DbFree(db, pTable->zName);
106566 107230     sqlite3DbFree(db, pTable->zColAff);
106567 107231     sqlite3SelectDelete(db, pTable->pSelect);
106568 107232     sqlite3ExprListDelete(db, pTable->pCheck);
106569 107233   #ifndef SQLITE_OMIT_VIRTUALTABLE
106570 107234     sqlite3VtabClear(db, pTable);
................................................................................
107814 108478       assert( pTab->nCol==j );
107815 108479     }else{
107816 108480       pPk->nColumn = pTab->nCol;
107817 108481     }
107818 108482     recomputeColumnsNotIndexed(pPk);
107819 108483   }
107820 108484   
       108485  +#ifndef SQLITE_OMIT_VIRTUALTABLE
107821 108486   /*
107822 108487   ** Return true if zName is a shadow table name in the current database
107823 108488   ** connection.
107824 108489   **
107825 108490   ** zName is temporarily modified while this routine is running, but is
107826 108491   ** restored to its original value prior to this routine returning.
107827 108492   */
................................................................................
107839 108504     if( !IsVirtual(pTab) ) return 0;
107840 108505     pMod = (Module*)sqlite3HashFind(&db->aModule, pTab->azModuleArg[0]);
107841 108506     if( pMod==0 ) return 0;
107842 108507     if( pMod->pModule->iVersion<3 ) return 0;
107843 108508     if( pMod->pModule->xShadowName==0 ) return 0;
107844 108509     return pMod->pModule->xShadowName(zTail+1);
107845 108510   }
       108511  +#else
       108512  +# define isShadowTableName(x,y) 0
       108513  +#endif /* ifndef SQLITE_OMIT_VIRTUALTABLE */
107846 108514   
107847 108515   /*
107848 108516   ** This routine is called to report the final ")" that terminates
107849 108517   ** a CREATE TABLE statement.
107850 108518   **
107851 108519   ** The table structure that other action routines have been building
107852 108520   ** is added to the internal hash tables, assuming no errors have
................................................................................
108549 109217     }
108550 109218   
108551 109219     /* Remove the table entry from SQLite's internal schema and modify
108552 109220     ** the schema cookie.
108553 109221     */
108554 109222     if( IsVirtual(pTab) ){
108555 109223       sqlite3VdbeAddOp4(v, OP_VDestroy, iDb, 0, 0, pTab->zName, 0);
       109224  +    sqlite3MayAbort(pParse);
108556 109225     }
108557 109226     sqlite3VdbeAddOp4(v, OP_DropTable, iDb, 0, 0, pTab->zName, 0);
108558 109227     sqlite3ChangeCookie(pParse, iDb);
108559 109228     sqliteViewResetAll(db, iDb);
108560 109229   }
108561 109230   
108562 109231   /*
................................................................................
109377 110046                   "conflicting ON CONFLICT clauses specified", 0);
109378 110047             }
109379 110048             if( pIdx->onError==OE_Default ){
109380 110049               pIdx->onError = pIndex->onError;
109381 110050             }
109382 110051           }
109383 110052           if( idxType==SQLITE_IDXTYPE_PRIMARYKEY ) pIdx->idxType = idxType;
       110053  +        if( IN_RENAME_OBJECT ){
       110054  +          pIndex->pNext = pParse->pNewIndex;
       110055  +          pParse->pNewIndex = pIndex;
       110056  +          pIndex = 0;
       110057  +        }
109384 110058           goto exit_create_index;
109385 110059         }
109386 110060       }
109387 110061     }
109388 110062   
109389 110063     if( !IN_RENAME_OBJECT ){
109390 110064   
................................................................................
109392 110066       ** in-memory database structures. 
109393 110067       */
109394 110068       assert( pParse->nErr==0 );
109395 110069       if( db->init.busy ){
109396 110070         Index *p;
109397 110071         assert( !IN_SPECIAL_PARSE );
109398 110072         assert( sqlite3SchemaMutexHeld(db, 0, pIndex->pSchema) );
       110073  +      if( pTblName!=0 ){
       110074  +        pIndex->tnum = db->init.newTnum;
       110075  +        if( sqlite3IndexHasDuplicateRootPage(pIndex) ){
       110076  +          sqlite3ErrorMsg(pParse, "invalid rootpage");
       110077  +          pParse->rc = SQLITE_CORRUPT_BKPT;
       110078  +          goto exit_create_index;
       110079  +        }
       110080  +      }
109399 110081         p = sqlite3HashInsert(&pIndex->pSchema->idxHash, 
109400 110082             pIndex->zName, pIndex);
109401 110083         if( p ){
109402 110084           assert( p==pIndex );  /* Malloc must have failed */
109403 110085           sqlite3OomFault(db);
109404 110086           goto exit_create_index;
109405 110087         }
109406 110088         db->mDbFlags |= DBFLAG_SchemaChange;
109407         -      if( pTblName!=0 ){
109408         -        pIndex->tnum = db->init.newTnum;
109409         -      }
109410 110089       }
109411 110090   
109412 110091       /* If this is the initial CREATE INDEX statement (or CREATE TABLE if the
109413 110092       ** index is an implied index for a UNIQUE or PRIMARY KEY constraint) then
109414 110093       ** emit code to allocate the index rootpage on disk and make an entry for
109415 110094       ** the index in the sqlite_master table and populate the index with
109416 110095       ** content.  But, do not do this if we are simply reading the sqlite_master
................................................................................
109728 110407     if( pList==0 ) return -1;
109729 110408     for(i=0; i<pList->nId; i++){
109730 110409       if( sqlite3StrICmp(pList->a[i].zName, zName)==0 ) return i;
109731 110410     }
109732 110411     return -1;
109733 110412   }
109734 110413   
       110414  +/*
       110415  +** Maximum size of a SrcList object.
       110416  +** The SrcList object is used to represent the FROM clause of a
       110417  +** SELECT statement, and the query planner cannot deal with more
       110418  +** than 64 tables in a join.  So any value larger than 64 here
       110419  +** is sufficient for most uses.  Smaller values, like say 10, are
       110420  +** appropriate for small and memory-limited applications.
       110421  +*/
       110422  +#ifndef SQLITE_MAX_SRCLIST
       110423  +# define SQLITE_MAX_SRCLIST 200
       110424  +#endif
       110425  +
109735 110426   /*
109736 110427   ** Expand the space allocated for the given SrcList object by
109737 110428   ** creating nExtra new slots beginning at iStart.  iStart is zero based.
109738 110429   ** New slots are zeroed.
109739 110430   **
109740 110431   ** For example, suppose a SrcList initially contains two entries: A,B.
109741 110432   ** To append 3 new entries onto the end, do this:
................................................................................
109744 110435   **
109745 110436   ** After the call above it would contain:  A, B, nil, nil, nil.
109746 110437   ** If the iStart argument had been 1 instead of 2, then the result
109747 110438   ** would have been:  A, nil, nil, nil, B.  To prepend the new slots,
109748 110439   ** the iStart value would be 0.  The result then would
109749 110440   ** be: nil, nil, nil, A, B.
109750 110441   **
109751         -** If a memory allocation fails the SrcList is unchanged.  The
109752         -** db->mallocFailed flag will be set to true.
       110442  +** If a memory allocation fails or the SrcList becomes too large, leave
       110443  +** the original SrcList unchanged, return NULL, and leave an error message
       110444  +** in pParse.
109753 110445   */
109754 110446   SQLITE_PRIVATE SrcList *sqlite3SrcListEnlarge(
109755         -  sqlite3 *db,       /* Database connection to notify of OOM errors */
       110447  +  Parse *pParse,     /* Parsing context into which errors are reported */
109756 110448     SrcList *pSrc,     /* The SrcList to be enlarged */
109757 110449     int nExtra,        /* Number of new slots to add to pSrc->a[] */
109758 110450     int iStart         /* Index in pSrc->a[] of first new slot */
109759 110451   ){
109760 110452     int i;
109761 110453   
109762 110454     /* Sanity checking on calling parameters */
................................................................................
109765 110457     assert( pSrc!=0 );
109766 110458     assert( iStart<=pSrc->nSrc );
109767 110459   
109768 110460     /* Allocate additional space if needed */
109769 110461     if( (u32)pSrc->nSrc+nExtra>pSrc->nAlloc ){
109770 110462       SrcList *pNew;
109771 110463       int nAlloc = pSrc->nSrc*2+nExtra;
109772         -    int nGot;
       110464  +    sqlite3 *db = pParse->db;
       110465  +
       110466  +    if( pSrc->nSrc+nExtra>=SQLITE_MAX_SRCLIST ){
       110467  +      sqlite3ErrorMsg(pParse, "too many FROM clause terms, max: %d",
       110468  +                      SQLITE_MAX_SRCLIST);
       110469  +      return 0;
       110470  +    }
       110471  +    if( nAlloc>SQLITE_MAX_SRCLIST ) nAlloc = SQLITE_MAX_SRCLIST;
109773 110472       pNew = sqlite3DbRealloc(db, pSrc,
109774 110473                  sizeof(*pSrc) + (nAlloc-1)*sizeof(pSrc->a[0]) );
109775 110474       if( pNew==0 ){
109776 110475         assert( db->mallocFailed );
109777         -      return pSrc;
       110476  +      return 0;
109778 110477       }
109779 110478       pSrc = pNew;
109780         -    nGot = (sqlite3DbMallocSize(db, pNew) - sizeof(*pSrc))/sizeof(pSrc->a[0])+1;
109781         -    pSrc->nAlloc = nGot;
       110479  +    pSrc->nAlloc = nAlloc;
109782 110480     }
109783 110481   
109784 110482     /* Move existing slots that come after the newly inserted slots
109785 110483     ** out of the way */
109786 110484     for(i=pSrc->nSrc-1; i>=iStart; i--){
109787 110485       pSrc->a[i+nExtra] = pSrc->a[i];
109788 110486     }
................................................................................
109799 110497   }
109800 110498   
109801 110499   
109802 110500   /*
109803 110501   ** Append a new table name to the given SrcList.  Create a new SrcList if
109804 110502   ** need be.  A new entry is created in the SrcList even if pTable is NULL.
109805 110503   **
109806         -** A SrcList is returned, or NULL if there is an OOM error.  The returned
       110504  +** A SrcList is returned, or NULL if there is an OOM error or if the
       110505  +** SrcList grows to large.  The returned
109807 110506   ** SrcList might be the same as the SrcList that was input or it might be
109808 110507   ** a new one.  If an OOM error does occurs, then the prior value of pList
109809 110508   ** that is input to this routine is automatically freed.
109810 110509   **
109811 110510   ** If pDatabase is not null, it means that the table has an optional
109812 110511   ** database name prefix.  Like this:  "database.table".  The pDatabase
109813 110512   ** points to the table name and the pTable points to the database name.
................................................................................
109830 110529   **
109831 110530   **         sqlite3SrcListAppend(D,A,0,C);
109832 110531   **
109833 110532   ** Both pTable and pDatabase are assumed to be quoted.  They are dequoted
109834 110533   ** before being added to the SrcList.
109835 110534   */
109836 110535   SQLITE_PRIVATE SrcList *sqlite3SrcListAppend(
109837         -  sqlite3 *db,        /* Connection to notify of malloc failures */
       110536  +  Parse *pParse,      /* Parsing context, in which errors are reported */
109838 110537     SrcList *pList,     /* Append to this SrcList. NULL creates a new SrcList */
109839 110538     Token *pTable,      /* Table to append */
109840 110539     Token *pDatabase    /* Database of the table */
109841 110540   ){
109842 110541     struct SrcList_item *pItem;
       110542  +  sqlite3 *db;
109843 110543     assert( pDatabase==0 || pTable!=0 );  /* Cannot have C without B */
109844         -  assert( db!=0 );
       110544  +  assert( pParse!=0 );
       110545  +  assert( pParse->db!=0 );
       110546  +  db = pParse->db;
109845 110547     if( pList==0 ){
109846         -    pList = sqlite3DbMallocRawNN(db, sizeof(SrcList) );
       110548  +    pList = sqlite3DbMallocRawNN(pParse->db, sizeof(SrcList) );
109847 110549       if( pList==0 ) return 0;
109848 110550       pList->nAlloc = 1;
109849 110551       pList->nSrc = 1;
109850 110552       memset(&pList->a[0], 0, sizeof(pList->a[0]));
109851 110553       pList->a[0].iCursor = -1;
109852 110554     }else{
109853         -    pList = sqlite3SrcListEnlarge(db, pList, 1, pList->nSrc);
109854         -  }
109855         -  if( db->mallocFailed ){
109856         -    sqlite3SrcListDelete(db, pList);
109857         -    return 0;
       110555  +    SrcList *pNew = sqlite3SrcListEnlarge(pParse, pList, 1, pList->nSrc);
       110556  +    if( pNew==0 ){
       110557  +      sqlite3SrcListDelete(db, pList);
       110558  +      return 0;
       110559  +    }else{
       110560  +      pList = pNew;
       110561  +    }
109858 110562     }
109859 110563     pItem = &pList->a[pList->nSrc-1];
109860 110564     if( pDatabase && pDatabase->z==0 ){
109861 110565       pDatabase = 0;
109862 110566     }
109863 110567     if( pDatabase ){
109864 110568       pItem->zName = sqlite3NameFromToken(db, pDatabase);
................................................................................
109939 110643     sqlite3 *db = pParse->db;
109940 110644     if( !p && (pOn || pUsing) ){
109941 110645       sqlite3ErrorMsg(pParse, "a JOIN clause is required before %s", 
109942 110646         (pOn ? "ON" : "USING")
109943 110647       );
109944 110648       goto append_from_error;
109945 110649     }
109946         -  p = sqlite3SrcListAppend(db, p, pTable, pDatabase);
       110650  +  p = sqlite3SrcListAppend(pParse, p, pTable, pDatabase);
109947 110651     if( p==0 ){
109948 110652       goto append_from_error;
109949 110653     }
109950 110654     assert( p->nSrc>0 );
109951 110655     pItem = &p->a[p->nSrc-1];
109952 110656     assert( (pTable==0)==(pDatabase==0) );
109953 110657     assert( pItem->zName==0 || pDatabase!=0 );
................................................................................
110328 111032   
110329 111033   /*
110330 111034   ** Recompute all indices of pTab that use the collating sequence pColl.
110331 111035   ** If pColl==0 then recompute all indices of pTab.
110332 111036   */
110333 111037   #ifndef SQLITE_OMIT_REINDEX
110334 111038   static void reindexTable(Parse *pParse, Table *pTab, char const *zColl){
110335         -  Index *pIndex;              /* An index associated with pTab */
       111039  +  if( !IsVirtual(pTab) ){
       111040  +    Index *pIndex;              /* An index associated with pTab */
110336 111041   
110337         -  for(pIndex=pTab->pIndex; pIndex; pIndex=pIndex->pNext){
110338         -    if( zColl==0 || collationMatch(zColl, pIndex) ){
110339         -      int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
110340         -      sqlite3BeginWriteOperation(pParse, 0, iDb);
110341         -      sqlite3RefillIndex(pParse, pIndex, -1);
       111042  +    for(pIndex=pTab->pIndex; pIndex; pIndex=pIndex->pNext){
       111043  +      if( zColl==0 || collationMatch(zColl, pIndex) ){
       111044  +        int iDb = sqlite3SchemaToIndex(pParse->db, pTab->pSchema);
       111045  +        sqlite3BeginWriteOperation(pParse, 0, iDb);
       111046  +        sqlite3RefillIndex(pParse, pIndex, -1);
       111047  +      }
110342 111048       }
110343 111049     }
110344 111050   }
110345 111051   #endif
110346 111052   
110347 111053   /*
110348 111054   ** Recompute all indices of all tables in all databases where the
................................................................................
110833 111539     return match;
110834 111540   }
110835 111541   
110836 111542   /*
110837 111543   ** Search a FuncDefHash for a function with the given name.  Return
110838 111544   ** a pointer to the matching FuncDef if found, or 0 if there is no match.
110839 111545   */
110840         -static FuncDef *functionSearch(
       111546  +SQLITE_PRIVATE FuncDef *sqlite3FunctionSearch(
110841 111547     int h,               /* Hash of the name */
110842 111548     const char *zFunc    /* Name of function */
110843 111549   ){
110844 111550     FuncDef *p;
110845 111551     for(p=sqlite3BuiltinFunctions.a[h]; p; p=p->u.pHash){
110846 111552       if( sqlite3StrICmp(p->zName, zFunc)==0 ){
110847 111553         return p;
110848 111554       }
110849 111555     }
110850 111556     return 0;
110851 111557   }
110852         -#ifdef SQLITE_ENABLE_NORMALIZE
110853         -SQLITE_PRIVATE FuncDef *sqlite3FunctionSearchN(
110854         -  int h,               /* Hash of the name */
110855         -  const char *zFunc,   /* Name of function */
110856         -  int nFunc            /* Length of the name */
110857         -){
110858         -  FuncDef *p;
110859         -  for(p=sqlite3BuiltinFunctions.a[h]; p; p=p->u.pHash){
110860         -    if( sqlite3StrNICmp(p->zName, zFunc, nFunc)==0 ){
110861         -      return p;
110862         -    }
110863         -  }
110864         -  return 0;
110865         -}
110866         -#endif /* SQLITE_ENABLE_NORMALIZE */
110867 111558   
110868 111559   /*
110869 111560   ** Insert a new FuncDef into a FuncDefHash hash table.
110870 111561   */
110871 111562   SQLITE_PRIVATE void sqlite3InsertBuiltinFuncs(
110872 111563     FuncDef *aDef,      /* List of global functions to be inserted */
110873 111564     int nDef            /* Length of the apDef[] list */
................................................................................
110875 111566     int i;
110876 111567     for(i=0; i<nDef; i++){
110877 111568       FuncDef *pOther;
110878 111569       const char *zName = aDef[i].zName;
110879 111570       int nName = sqlite3Strlen30(zName);
110880 111571       int h = SQLITE_FUNC_HASH(zName[0], nName);
110881 111572       assert( zName[0]>='a' && zName[0]<='z' );
110882         -    pOther = functionSearch(h, zName);
       111573  +    pOther = sqlite3FunctionSearch(h, zName);
110883 111574       if( pOther ){
110884 111575         assert( pOther!=&aDef[i] && pOther->pNext!=&aDef[i] );
110885 111576         aDef[i].pNext = pOther->pNext;
110886 111577         pOther->pNext = &aDef[i];
110887 111578       }else{
110888 111579         aDef[i].pNext = 0;
110889 111580         aDef[i].u.pHash = sqlite3BuiltinFunctions.a[h];
................................................................................
110953 111644     ** have fields overwritten with new information appropriate for the
110954 111645     ** new function.  But the FuncDefs for built-in functions are read-only.
110955 111646     ** So we must not search for built-ins when creating a new function.
110956 111647     */ 
110957 111648     if( !createFlag && (pBest==0 || (db->mDbFlags & DBFLAG_PreferBuiltin)!=0) ){
110958 111649       bestScore = 0;
110959 111650       h = SQLITE_FUNC_HASH(sqlite3UpperToLower[(u8)zName[0]], nName);
110960         -    p = functionSearch(h, zName);
       111651  +    p = sqlite3FunctionSearch(h, zName);
110961 111652       while( p ){
110962 111653         int score = matchQuality(p, nArg, enc);
110963 111654         if( score>bestScore ){
110964 111655           pBest = p;
110965 111656           bestScore = score;
110966 111657         }
110967 111658         p = p->pNext;
................................................................................
111126 111817     }
111127 111818     if( (pTab->tabFlags & (TF_Readonly|TF_Shadow))==0 ) return 0;
111128 111819     db = pParse->db;
111129 111820     if( (pTab->tabFlags & TF_Readonly)!=0 ){
111130 111821       return sqlite3WritableSchema(db)==0 && pParse->nested==0;
111131 111822     }
111132 111823     assert( pTab->tabFlags & TF_Shadow );
111133         -  return (db->flags & SQLITE_Defensive)!=0
111134         -           && db->nVdbeExec==0
111135         -           && db->pVtabCtx==0;
       111824  +  return (db->flags & SQLITE_Defensive)!=0 
       111825  +#ifndef SQLITE_OMIT_VIRTUALTABLE
       111826  +          && db->pVtabCtx==0
       111827  +#endif
       111828  +          && db->nVdbeExec==0;
111136 111829   }
111137 111830   
111138 111831   /*
111139 111832   ** Check to make sure the given table is writable.  If it is not
111140 111833   ** writable, generate an error message and return 1.  If it is
111141 111834   ** writable return 0;
111142 111835   */
................................................................................
111171 111864   ){
111172 111865     SelectDest dest;
111173 111866     Select *pSel;
111174 111867     SrcList *pFrom;
111175 111868     sqlite3 *db = pParse->db;
111176 111869     int iDb = sqlite3SchemaToIndex(db, pView->pSchema);
111177 111870     pWhere = sqlite3ExprDup(db, pWhere, 0);
111178         -  pFrom = sqlite3SrcListAppend(db, 0, 0, 0);
       111871  +  pFrom = sqlite3SrcListAppend(pParse, 0, 0, 0);
111179 111872     if( pFrom ){
111180 111873       assert( pFrom->nSrc==1 );
111181 111874       pFrom->a[0].zName = sqlite3DbStrDup(db, pView->zName);
111182 111875       pFrom->a[0].zDatabase = sqlite3DbStrDup(db, db->aDb[iDb].zDbSName);
111183 111876       assert( pFrom->a[0].pOn==0 );
111184 111877       assert( pFrom->a[0].pUsing==0 );
111185 111878     }
................................................................................
111571 112264           sqlite3VdbeAddOp2(v, OP_RowSetAdd, iRowSet, iKey);
111572 112265         }
111573 112266       }
111574 112267     
111575 112268       /* If this DELETE cannot use the ONEPASS strategy, this is the 
111576 112269       ** end of the WHERE loop */
111577 112270       if( eOnePass!=ONEPASS_OFF ){
111578         -      addrBypass = sqlite3VdbeMakeLabel(v);
       112271  +      addrBypass = sqlite3VdbeMakeLabel(pParse);
111579 112272       }else{
111580 112273         sqlite3WhereEnd(pWInfo);
111581 112274       }
111582 112275     
111583 112276       /* Unless this is a view, open cursors for the table we are 
111584 112277       ** deleting from and all its indices. If this is a view, then the
111585 112278       ** only effect this statement has is to fire the INSTEAD OF 
................................................................................
111760 112453     assert( v );
111761 112454     VdbeModuleComment((v, "BEGIN: GenRowDel(%d,%d,%d,%d)",
111762 112455                            iDataCur, iIdxCur, iPk, (int)nPk));
111763 112456   
111764 112457     /* Seek cursor iCur to the row to delete. If this row no longer exists 
111765 112458     ** (this can happen if a trigger program has already deleted it), do
111766 112459     ** not attempt to delete it or fire any DELETE triggers.  */
111767         -  iLabel = sqlite3VdbeMakeLabel(v);
       112460  +  iLabel = sqlite3VdbeMakeLabel(pParse);
111768 112461     opSeek = HasRowid(pTab) ? OP_NotExists : OP_NotFound;
111769 112462     if( eMode==ONEPASS_OFF ){
111770 112463       sqlite3VdbeAddOp4Int(v, opSeek, iDataCur, iLabel, iPk, nPk);
111771 112464       VdbeCoverageIf(v, opSeek==OP_NotExists);
111772 112465       VdbeCoverageIf(v, opSeek==OP_NotFound);
111773 112466     }
111774 112467    
................................................................................
111966 112659     Vdbe *v = pParse->pVdbe;
111967 112660     int j;
111968 112661     int regBase;
111969 112662     int nCol;
111970 112663   
111971 112664     if( piPartIdxLabel ){
111972 112665       if( pIdx->pPartIdxWhere ){
111973         -      *piPartIdxLabel = sqlite3VdbeMakeLabel(v);
       112666  +      *piPartIdxLabel = sqlite3VdbeMakeLabel(pParse);
111974 112667         pParse->iSelfTab = iDataCur + 1;
111975 112668         sqlite3ExprIfFalseDup(pParse, pIdx->pPartIdxWhere, *piPartIdxLabel, 
111976 112669                               SQLITE_JUMPIFNULL);
111977 112670         pParse->iSelfTab = 0;
111978 112671       }else{
111979 112672         *piPartIdxLabel = 0;
111980 112673       }
................................................................................
112222 112915     const unsigned char *zHaystack;
112223 112916     const unsigned char *zNeedle;
112224 112917     int nHaystack;
112225 112918     int nNeedle;
112226 112919     int typeHaystack, typeNeedle;
112227 112920     int N = 1;
112228 112921     int isText;
       112922  +  unsigned char firstChar;
112229 112923   
112230 112924     UNUSED_PARAMETER(argc);
112231 112925     typeHaystack = sqlite3_value_type(argv[0]);
112232 112926     typeNeedle = sqlite3_value_type(argv[1]);
112233 112927     if( typeHaystack==SQLITE_NULL || typeNeedle==SQLITE_NULL ) return;
112234 112928     nHaystack = sqlite3_value_bytes(argv[0]);
112235 112929     nNeedle = sqlite3_value_bytes(argv[1]);
................................................................................
112240 112934         isText = 0;
112241 112935       }else{
112242 112936         zHaystack = sqlite3_value_text(argv[0]);
112243 112937         zNeedle = sqlite3_value_text(argv[1]);
112244 112938         isText = 1;
112245 112939       }
112246 112940       if( zNeedle==0 || (nHaystack && zHaystack==0) ) return;
112247         -    while( nNeedle<=nHaystack && memcmp(zHaystack, zNeedle, nNeedle)!=0 ){
       112941  +    firstChar = zNeedle[0];
       112942  +    while( nNeedle<=nHaystack
       112943  +       && (zHaystack[0]!=firstChar || memcmp(zHaystack, zNeedle, nNeedle)!=0)
       112944  +    ){
112248 112945         N++;
112249 112946         do{
112250 112947           nHaystack--;
112251 112948           zHaystack++;
112252 112949         }while( isText && (zHaystack[0]&0xc0)==0x80 );
112253 112950       }
112254 112951       if( nNeedle>nHaystack ) N = 0;
................................................................................
112531 113228   ** that is N bytes long.
112532 113229   */
112533 113230   static void randomBlob(
112534 113231     sqlite3_context *context,
112535 113232     int argc,
112536 113233     sqlite3_value **argv
112537 113234   ){
112538         -  int n;
       113235  +  sqlite3_int64 n;
112539 113236     unsigned char *p;
112540 113237     assert( argc==1 );
112541 113238     UNUSED_PARAMETER(argc);
112542         -  n = sqlite3_value_int(argv[0]);
       113239  +  n = sqlite3_value_int64(argv[0]);
112543 113240     if( n<1 ){
112544 113241       n = 1;
112545 113242     }
112546 113243     p = contextMalloc(context, n);
112547 113244     if( p ){
112548 113245       sqlite3_randomness(n, p);
112549 113246       sqlite3_result_blob(context, (char*)p, n, sqlite3_free);
................................................................................
114371 115068     int regData,          /* Address of array containing child table row */
114372 115069     int nIncr,            /* Increment constraint counter by this */
114373 115070     int isIgnore          /* If true, pretend pTab contains all NULL values */
114374 115071   ){
114375 115072     int i;                                    /* Iterator variable */
114376 115073     Vdbe *v = sqlite3GetVdbe(pParse);         /* Vdbe to add code to */
114377 115074     int iCur = pParse->nTab - 1;              /* Cursor number to use */
114378         -  int iOk = sqlite3VdbeMakeLabel(v);        /* jump here if parent key found */
       115075  +  int iOk = sqlite3VdbeMakeLabel(pParse);   /* jump here if parent key found */
114379 115076   
114380 115077     sqlite3VdbeVerifyAbortable(v,
114381 115078       (!pFKey->isDeferred
114382 115079         && !(pParse->db->flags & SQLITE_DeferFKs)
114383 115080         && !pParse->pToplevel 
114384 115081         && !pParse->isMultiWrite) ? OE_Abort : OE_Ignore);
114385 115082   
................................................................................
114644 115341     ** to the WHERE clause that prevent this entry from being scanned.
114645 115342     ** The added WHERE clause terms are like this:
114646 115343     **
114647 115344     **     $current_rowid!=rowid
114648 115345     **     NOT( $current_a==a AND $current_b==b AND ... )
114649 115346     **
114650 115347     ** The first form is used for rowid tables.  The second form is used
114651         -  ** for WITHOUT ROWID tables.  In the second form, the primary key is
114652         -  ** (a,b,...)
       115348  +  ** for WITHOUT ROWID tables. In the second form, the *parent* key is
       115349  +  ** (a,b,...). Either the parent or primary key could be used to 
       115350  +  ** uniquely identify the current row, but the parent key is more convenient
       115351  +  ** as the required values have already been loaded into registers
       115352  +  ** by the caller.
114653 115353     */
114654 115354     if( pTab==pFKey->pFrom && nIncr>0 ){
114655 115355       Expr *pNe;                    /* Expression (pLeft != pRight) */
114656 115356       Expr *pLeft;                  /* Value from parent table row */
114657 115357       Expr *pRight;                 /* Column ref to child table */
114658 115358       if( HasRowid(pTab) ){
114659 115359         pLeft = exprTableRegister(pParse, pTab, regData, -1);
114660 115360         pRight = exprTableColumn(db, pTab, pSrc->a[0].iCursor, -1);
114661 115361         pNe = sqlite3PExpr(pParse, TK_NE, pLeft, pRight);
114662 115362       }else{
114663 115363         Expr *pEq, *pAll = 0;
114664         -      Index *pPk = sqlite3PrimaryKeyIndex(pTab);
114665 115364         assert( pIdx!=0 );
114666         -      for(i=0; i<pPk->nKeyCol; i++){
       115365  +      for(i=0; i<pIdx->nKeyCol; i++){
114667 115366           i16 iCol = pIdx->aiColumn[i];
114668 115367           assert( iCol>=0 );
114669 115368           pLeft = exprTableRegister(pParse, pTab, regData, iCol);
114670         -        pRight = exprTableColumn(db, pTab, pSrc->a[0].iCursor, iCol);
114671         -        pEq = sqlite3PExpr(pParse, TK_EQ, pLeft, pRight);
       115369  +        pRight = sqlite3Expr(db, TK_ID, pTab->aCol[iCol].zName);
       115370  +        pEq = sqlite3PExpr(pParse, TK_IS, pLeft, pRight);
114672 115371           pAll = sqlite3ExprAnd(db, pAll, pEq);
114673 115372         }
114674 115373         pNe = sqlite3PExpr(pParse, TK_NOT, pAll, 0);
114675 115374       }
114676 115375       pWhere = sqlite3ExprAnd(db, pWhere, pNe);
114677 115376     }
114678 115377   
................................................................................
114769 115468         ** the entire DELETE if there are no outstanding deferred constraints
114770 115469         ** when this statement is run.  */
114771 115470         FKey *p;
114772 115471         for(p=pTab->pFKey; p; p=p->pNextFrom){
114773 115472           if( p->isDeferred || (db->flags & SQLITE_DeferFKs) ) break;
114774 115473         }
114775 115474         if( !p ) return;
114776         -      iSkip = sqlite3VdbeMakeLabel(v);
       115475  +      iSkip = sqlite3VdbeMakeLabel(pParse);
114777 115476         sqlite3VdbeAddOp2(v, OP_FkIfZero, 1, iSkip); VdbeCoverage(v);
114778 115477       }
114779 115478   
114780 115479       pParse->disableTriggers = 1;
114781 115480       sqlite3DeleteFrom(pParse, sqlite3SrcListDup(db, pName, 0), 0, 0, 0);
114782 115481       pParse->disableTriggers = 0;
114783 115482   
................................................................................
115054 115753         if( !isIgnoreErrors || db->mallocFailed ) return;
115055 115754         continue;
115056 115755       }
115057 115756       assert( aiCol || pFKey->nCol==1 );
115058 115757   
115059 115758       /* Create a SrcList structure containing the child table.  We need the
115060 115759       ** child table as a SrcList for sqlite3WhereBegin() */
115061         -    pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
       115760  +    pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
115062 115761       if( pSrc ){
115063 115762         struct SrcList_item *pItem = pSrc->a;
115064 115763         pItem->pTab = pFKey->pFrom;
115065 115764         pItem->zName = pFKey->pFrom->zName;
115066 115765         pItem->pTab->nTabRef++;
115067 115766         pItem->iCursor = pParse->nTab++;
115068 115767     
................................................................................
115331 116030         tFrom.n = nFrom;
115332 116031         pRaise = sqlite3Expr(db, TK_RAISE, "FOREIGN KEY constraint failed");
115333 116032         if( pRaise ){
115334 116033           pRaise->affinity = OE_Abort;
115335 116034         }
115336 116035         pSelect = sqlite3SelectNew(pParse, 
115337 116036             sqlite3ExprListAppend(pParse, 0, pRaise),
115338         -          sqlite3SrcListAppend(db, 0, &tFrom, 0),
       116037  +          sqlite3SrcListAppend(pParse, 0, &tFrom, 0),
115339 116038             pWhere,
115340 116039             0, 0, 0, 0, 0
115341 116040         );
115342 116041         pWhere = 0;
115343 116042       }
115344 116043   
115345 116044       /* Disable lookaside memory allocation */
................................................................................
115793 116492       aOp[3].p5 = SQLITE_JUMPIFNULL;
115794 116493       aOp[4].p2 = memId+1;
115795 116494       aOp[5].p3 = memId;
115796 116495       aOp[6].p1 = memId;
115797 116496       aOp[7].p2 = memId+2;
115798 116497       aOp[7].p1 = memId;
115799 116498       aOp[10].p2 = memId;
       116499  +    if( pParse->nTab==0 ) pParse->nTab = 1;
115800 116500     }
115801 116501   }
115802 116502   
115803 116503   /*
115804 116504   ** Update the maximum rowid for an autoincrement calculation.
115805 116505   **
115806 116506   ** This routine should be called when the regRowid register holds a
................................................................................
116299 116999         assert( pIdx );
116300 117000         aRegIdx[i] = ++pParse->nMem;
116301 117001         pParse->nMem += pIdx->nColumn;
116302 117002       }
116303 117003     }
116304 117004   #ifndef SQLITE_OMIT_UPSERT
116305 117005     if( pUpsert ){
       117006  +    if( IsVirtual(pTab) ){
       117007  +      sqlite3ErrorMsg(pParse, "UPSERT not implemented for virtual table \"%s\"",
       117008  +              pTab->zName);
       117009  +      goto insert_cleanup;
       117010  +    }
116306 117011       pTabList->a[0].iCursor = iDataCur;
116307 117012       pUpsert->pUpsertSrc = pTabList;
116308 117013       pUpsert->regData = regData;
116309 117014       pUpsert->iDataCur = iDataCur;
116310 117015       pUpsert->iIdxCur = iIdxCur;
116311 117016       if( pUpsert->pUpsertTarget ){
116312 117017         sqlite3UpsertAnalyzeTarget(pParse, pTabList, pUpsert);
................................................................................
116339 117044       */
116340 117045       addrInsTop = addrCont = sqlite3VdbeAddOp1(v, OP_Yield, dest.iSDParm);
116341 117046       VdbeCoverage(v);
116342 117047     }
116343 117048   
116344 117049     /* Run the BEFORE and INSTEAD OF triggers, if there are any
116345 117050     */
116346         -  endOfLoop = sqlite3VdbeMakeLabel(v);
       117051  +  endOfLoop = sqlite3VdbeMakeLabel(pParse);
116347 117052     if( tmask & TRIGGER_BEFORE ){
116348 117053       int regCols = sqlite3GetTempRange(pParse, pTab->nCol+1);
116349 117054   
116350 117055       /* build the NEW.* reference row.  Note that if there is an INTEGER
116351 117056       ** PRIMARY KEY into which a NULL is being inserted, that NULL will be
116352 117057       ** translated into a unique ID for the row.  But on a BEFORE trigger,
116353 117058       ** we do not know what the unique ID will be (because the insert has
................................................................................
116421 117126       }
116422 117127       if( ipkColumn>=0 ){
116423 117128         if( useTempTable ){
116424 117129           sqlite3VdbeAddOp3(v, OP_Column, srcTab, ipkColumn, regRowid);
116425 117130         }else if( pSelect ){
116426 117131           sqlite3VdbeAddOp2(v, OP_Copy, regFromSelect+ipkColumn, regRowid);
116427 117132         }else{
116428         -        VdbeOp *pOp;
116429         -        sqlite3ExprCode(pParse, pList->a[ipkColumn].pExpr, regRowid);
116430         -        pOp = sqlite3VdbeGetOp(v, -1);
116431         -        assert( pOp!=0 );
116432         -        if( pOp->opcode==OP_Null && !IsVirtual(pTab) ){
       117133  +        Expr *pIpk = pList->a[ipkColumn].pExpr;
       117134  +        if( pIpk->op==TK_NULL && !IsVirtual(pTab) ){
       117135  +          sqlite3VdbeAddOp3(v, OP_NewRowid, iDataCur, regRowid, regAutoinc);
116433 117136             appendFlag = 1;
116434         -          pOp->opcode = OP_NewRowid;
116435         -          pOp->p1 = iDataCur;
116436         -          pOp->p2 = regRowid;
116437         -          pOp->p3 = regAutoinc;
       117137  +        }else{
       117138  +          sqlite3ExprCode(pParse, pList->a[ipkColumn].pExpr, regRowid);
116438 117139           }
116439 117140         }
116440 117141         /* If the PRIMARY KEY expression is NULL, then use OP_NewRowid
116441 117142         ** to generate a unique primary key value.
116442 117143         */
116443 117144         if( !appendFlag ){
116444 117145           int addr1;
................................................................................
116825 117526         onError = OE_Abort;
116826 117527       }
116827 117528       if( onError==OE_Replace && pTab->aCol[i].pDflt==0 ){
116828 117529         onError = OE_Abort;
116829 117530       }
116830 117531       assert( onError==OE_Rollback || onError==OE_Abort || onError==OE_Fail
116831 117532           || onError==OE_Ignore || onError==OE_Replace );
       117533  +    addr1 = 0;
116832 117534       switch( onError ){
       117535  +      case OE_Replace: {
       117536  +        assert( onError==OE_Replace );
       117537  +        addr1 = sqlite3VdbeMakeLabel(pParse);
       117538  +        sqlite3VdbeAddOp2(v, OP_NotNull, regNewData+1+i, addr1);
       117539  +          VdbeCoverage(v);
       117540  +        sqlite3ExprCode(pParse, pTab->aCol[i].pDflt, regNewData+1+i);
       117541  +        sqlite3VdbeAddOp2(v, OP_NotNull, regNewData+1+i, addr1);
       117542  +          VdbeCoverage(v);
       117543  +        onError = OE_Abort;
       117544  +        /* Fall through into the OE_Abort case to generate code that runs
       117545  +        ** if both the input and the default value are NULL */
       117546  +      }
116833 117547         case OE_Abort:
116834 117548           sqlite3MayAbort(pParse);
116835 117549           /* Fall through */
116836 117550         case OE_Rollback:
116837 117551         case OE_Fail: {
116838 117552           char *zMsg = sqlite3MPrintf(db, "%s.%s", pTab->zName,
116839 117553                                       pTab->aCol[i].zName);
116840 117554           sqlite3VdbeAddOp3(v, OP_HaltIfNull, SQLITE_CONSTRAINT_NOTNULL, onError,
116841 117555                             regNewData+1+i);
116842 117556           sqlite3VdbeAppendP4(v, zMsg, P4_DYNAMIC);
116843 117557           sqlite3VdbeChangeP5(v, P5_ConstraintNotNull);
116844 117558           VdbeCoverage(v);
       117559  +        if( addr1 ) sqlite3VdbeResolveLabel(v, addr1);
116845 117560           break;
116846 117561         }
116847         -      case OE_Ignore: {
       117562  +      default: {
       117563  +        assert( onError==OE_Ignore );
116848 117564           sqlite3VdbeAddOp2(v, OP_IsNull, regNewData+1+i, ignoreDest);
116849 117565           VdbeCoverage(v);
116850 117566           break;
116851 117567         }
116852         -      default: {
116853         -        assert( onError==OE_Replace );
116854         -        addr1 = sqlite3VdbeAddOp1(v, OP_NotNull, regNewData+1+i);
116855         -           VdbeCoverage(v);
116856         -        sqlite3ExprCode(pParse, pTab->aCol[i].pDflt, regNewData+1+i);
116857         -        sqlite3VdbeJumpHere(v, addr1);
116858         -        break;
116859         -      }
116860 117568       }
116861 117569     }
116862 117570   
116863 117571     /* Test all CHECK constraints
116864 117572     */
116865 117573   #ifndef SQLITE_OMIT_CHECK
116866 117574     if( pTab->pCheck && (db->flags & SQLITE_IgnoreChecks)==0 ){
................................................................................
116873 117581         if( aiChng
116874 117582          && !sqlite3ExprReferencesUpdatedColumn(pExpr, aiChng, pkChng)
116875 117583         ){
116876 117584           /* The check constraints do not reference any of the columns being
116877 117585           ** updated so there is no point it verifying the check constraint */
116878 117586           continue;
116879 117587         }
116880         -      allOk = sqlite3VdbeMakeLabel(v);
       117588  +      allOk = sqlite3VdbeMakeLabel(pParse);
116881 117589         sqlite3VdbeVerifyAbortable(v, onError);
116882 117590         sqlite3ExprIfTrue(pParse, pExpr, allOk, SQLITE_JUMPIFNULL);
116883 117591         if( onError==OE_Ignore ){
116884 117592           sqlite3VdbeGoto(v, ignoreDest);
116885 117593         }else{
116886 117594           char *zName = pCheck->a[i].zName;
116887 117595           if( zName==0 ) zName = pTab->zName;
................................................................................
116940 117648       }
116941 117649     }
116942 117650   
116943 117651     /* If rowid is changing, make sure the new rowid does not previously
116944 117652     ** exist in the table.
116945 117653     */
116946 117654     if( pkChng && pPk==0 ){
116947         -    int addrRowidOk = sqlite3VdbeMakeLabel(v);
       117655  +    int addrRowidOk = sqlite3VdbeMakeLabel(pParse);
116948 117656   
116949 117657       /* Figure out what action to take in case of a rowid collision */
116950 117658       onError = pTab->keyConf;
116951 117659       if( overrideError!=OE_Default ){
116952 117660         onError = overrideError;
116953 117661       }else if( onError==OE_Default ){
116954 117662         onError = OE_Abort;
................................................................................
117090 117798       if( aRegIdx[ix]==0 ) continue;  /* Skip indices that do not change */
117091 117799       if( pUpIdx==pIdx ){
117092 117800         addrUniqueOk = upsertJump+1;
117093 117801         upsertBypass = sqlite3VdbeGoto(v, 0);
117094 117802         VdbeComment((v, "Skip upsert subroutine"));
117095 117803         sqlite3VdbeJumpHere(v, upsertJump);
117096 117804       }else{
117097         -      addrUniqueOk = sqlite3VdbeMakeLabel(v);
       117805  +      addrUniqueOk = sqlite3VdbeMakeLabel(pParse);
117098 117806       }
117099 117807       if( bAffinityDone==0 && (pUpIdx==0 || pUpIdx==pIdx) ){
117100 117808         sqlite3TableAffinity(v, pTab, regNewData+1);
117101 117809         bAffinityDone = 1;
117102 117810       }
117103 117811       VdbeNoopComment((v, "uniqueness check for %s", pIdx->zName));
117104 117812       iThisCur = iIdxCur+ix;
................................................................................
117173 117881   
117174 117882       /* Collision detection may be omitted if all of the following are true:
117175 117883       **   (1) The conflict resolution algorithm is REPLACE
117176 117884       **   (2) The table is a WITHOUT ROWID table
117177 117885       **   (3) There are no secondary indexes on the table
117178 117886       **   (4) No delete triggers need to be fired if there is a conflict
117179 117887       **   (5) No FK constraint counters need to be updated if a conflict occurs.
117180         -    */ 
       117888  +    **
       117889  +    ** This is not possible for ENABLE_PREUPDATE_HOOK builds, as the row
       117890  +    ** must be explicitly deleted in order to ensure any pre-update hook
       117891  +    ** is invoked.  */ 
       117892  +#ifndef SQLITE_ENABLE_PREUPDATE_HOOK
117181 117893       if( (ix==0 && pIdx->pNext==0)                   /* Condition 3 */
117182 117894        && pPk==pIdx                                   /* Condition 2 */
117183 117895        && onError==OE_Replace                         /* Condition 1 */
117184 117896        && ( 0==(db->flags&SQLITE_RecTriggers) ||      /* Condition 4 */
117185 117897             0==sqlite3TriggersExist(pParse, pTab, TK_DELETE, 0, 0))
117186 117898        && ( 0==(db->flags&SQLITE_ForeignKeys) ||      /* Condition 5 */
117187 117899            (0==pTab->pFKey && 0==sqlite3FkReferences(pTab)))
117188 117900       ){
117189 117901         sqlite3VdbeResolveLabel(v, addrUniqueOk);
117190 117902         continue;
117191 117903       }
       117904  +#endif /* ifndef SQLITE_ENABLE_PREUPDATE_HOOK */
117192 117905   
117193 117906       /* Check to see if the new index entry will be unique */
117194 117907       sqlite3VdbeVerifyAbortable(v, onError);
117195 117908       sqlite3VdbeAddOp4Int(v, OP_NoConflict, iThisCur, addrUniqueOk,
117196 117909                            regIdx, pIdx->nKeyCol); VdbeCoverage(v);
117197 117910   
117198 117911       /* Generate code to handle collisions */
................................................................................
117298 118011         sqlite3VdbeResolveLabel(v, addrUniqueOk);
117299 118012       }
117300 118013       if( regR!=regIdx ) sqlite3ReleaseTempRange(pParse, regR, nPkField);
117301 118014     }
117302 118015   
117303 118016     /* If the IPK constraint is a REPLACE, run it last */
117304 118017     if( ipkTop ){
117305         -    sqlite3VdbeGoto(v, ipkTop+1);
       118018  +    sqlite3VdbeGoto(v, ipkTop);
117306 118019       VdbeComment((v, "Do IPK REPLACE"));
117307 118020       sqlite3VdbeJumpHere(v, ipkBottom);
117308 118021     }
117309 118022   
117310 118023     *pbMayReplace = seenReplace;
117311 118024     VdbeModuleComment((v, "END: GenCnstCks(%d)", seenReplace));
117312 118025   }
................................................................................
117668 118381     ** we have to check the semantics.
117669 118382     */
117670 118383     pItem = pSelect->pSrc->a;
117671 118384     pSrc = sqlite3LocateTableItem(pParse, 0, pItem);
117672 118385     if( pSrc==0 ){
117673 118386       return 0;   /* FROM clause does not contain a real table */
117674 118387     }
117675         -  if( pSrc==pDest ){
       118388  +  if( pSrc->tnum==pDest->tnum && pSrc->pSchema==pDest->pSchema ){
       118389  +    testcase( pSrc!=pDest ); /* Possible due to bad sqlite_master.rootpage */
117676 118390       return 0;   /* tab1 and tab2 may not be the same table */
117677 118391     }
117678 118392     if( HasRowid(pDest)!=HasRowid(pSrc) ){
117679 118393       return 0;   /* source and destination must both be WITHOUT ROWID or not */
117680 118394     }
117681 118395   #ifndef SQLITE_OMIT_VIRTUALTABLE
117682 118396     if( IsVirtual(pSrc) ){
................................................................................
117944 118658   
117945 118659     if( !sqlite3SafetyCheckOk(db) ) return SQLITE_MISUSE_BKPT;
117946 118660     if( zSql==0 ) zSql = "";
117947 118661   
117948 118662     sqlite3_mutex_enter(db->mutex);
117949 118663     sqlite3Error(db, SQLITE_OK);
117950 118664     while( rc==SQLITE_OK && zSql[0] ){
117951         -    int nCol;
       118665  +    int nCol = 0;
117952 118666       char **azVals = 0;
117953 118667   
117954 118668       pStmt = 0;
117955 118669       rc = sqlite3_prepare_v2(db, zSql, -1, &pStmt, &zLeftover);
117956 118670       assert( rc==SQLITE_OK || pStmt==0 );
117957 118671       if( rc!=SQLITE_OK ){
117958 118672         continue;
117959 118673       }
117960 118674       if( !pStmt ){
117961 118675         /* this happens for a comment or white-space */
117962 118676         zSql = zLeftover;
117963 118677         continue;
117964 118678       }
117965         -
117966 118679       callbackIsInit = 0;
117967         -    nCol = sqlite3_column_count(pStmt);
117968 118680   
117969 118681       while( 1 ){
117970 118682         int i;
117971 118683         rc = sqlite3_step(pStmt);
117972 118684   
117973 118685         /* Invoke the callback function if required */
117974 118686         if( xCallback && (SQLITE_ROW==rc || 
117975 118687             (SQLITE_DONE==rc && !callbackIsInit
117976 118688                              && db->flags&SQLITE_NullCallback)) ){
117977 118689           if( !callbackIsInit ){
       118690  +          nCol = sqlite3_column_count(pStmt);
117978 118691             azCols = sqlite3DbMallocRaw(db, (2*nCol+1)*sizeof(const char*));
117979 118692             if( azCols==0 ){
117980 118693               goto exec_out;
117981 118694             }
117982 118695             for(i=0; i<nCol; i++){
117983 118696               azCols[i] = (char *)sqlite3_column_name(pStmt, i);
117984 118697               /* sqlite3VdbeSetColName() installs column names as UTF8
................................................................................
118759 119472   
118760 119473   #ifdef SQLITE_OMIT_VIRTUALTABLE
118761 119474   # define sqlite3_create_module 0
118762 119475   # define sqlite3_create_module_v2 0
118763 119476   # define sqlite3_declare_vtab 0
118764 119477   # define sqlite3_vtab_config 0
118765 119478   # define sqlite3_vtab_on_conflict 0
       119479  +# define sqlite3_vtab_collation 0
118766 119480   #endif
118767 119481   
118768 119482   #ifdef SQLITE_OMIT_SHARED_CACHE
118769 119483   # define sqlite3_enable_shared_cache 0
118770 119484   #endif
118771 119485   
118772 119486   #if defined(SQLITE_OMIT_TRACE) || defined(SQLITE_OMIT_DEPRECATED)
................................................................................
119324 120038   ** default so as not to open security holes in older applications.
119325 120039   */
119326 120040   SQLITE_API int sqlite3_enable_load_extension(sqlite3 *db, int onoff){
119327 120041     sqlite3_mutex_enter(db->mutex);
119328 120042     if( onoff ){
119329 120043       db->flags |= SQLITE_LoadExtension|SQLITE_LoadExtFunc;
119330 120044     }else{
119331         -    db->flags &= ~(SQLITE_LoadExtension|SQLITE_LoadExtFunc);
       120045  +    db->flags &= ~(u64)(SQLITE_LoadExtension|SQLITE_LoadExtFunc);
119332 120046     }
119333 120047     sqlite3_mutex_leave(db->mutex);
119334 120048     return SQLITE_OK;
119335 120049   }
119336 120050   
119337 120051   #endif /* !defined(SQLITE_OMIT_LOAD_EXTENSION) */
119338 120052   
................................................................................
119583 120297   #define PragTyp_THREADS                       37
119584 120298   #define PragTyp_WAL_AUTOCHECKPOINT            38
119585 120299   #define PragTyp_WAL_CHECKPOINT                39
119586 120300   #define PragTyp_ACTIVATE_EXTENSIONS           40
119587 120301   #define PragTyp_HEXKEY                        41
119588 120302   #define PragTyp_KEY                           42
119589 120303   #define PragTyp_LOCK_STATUS                   43
119590         -#define PragTyp_PARSER_TRACE                  44
119591         -#define PragTyp_STATS                         45
       120304  +#define PragTyp_STATS                         44
119592 120305   
119593 120306   /* Property flags associated with various pragma. */
119594 120307   #define PragFlg_NeedSchema 0x01 /* Force schema load before running */
119595 120308   #define PragFlg_NoColumns  0x02 /* OP_ResultRow called with zero columns */
119596 120309   #define PragFlg_NoColumns1 0x04 /* zero columns if RHS argument is present */
119597 120310   #define PragFlg_ReadOnly   0x08 /* Read-only HEADER_VALUE */
119598 120311   #define PragFlg_Result0    0x10 /* Acts as query when no argument */
................................................................................
119995 120708     /* iArg:      */ 0 },
119996 120709    {/* zName:     */ "page_size",
119997 120710     /* ePragTyp:  */ PragTyp_PAGE_SIZE,
119998 120711     /* ePragFlg:  */ PragFlg_Result0|PragFlg_SchemaReq|PragFlg_NoColumns1,
119999 120712     /* ColNames:  */ 0, 0,
120000 120713     /* iArg:      */ 0 },
120001 120714   #endif
120002         -#if defined(SQLITE_DEBUG) && !defined(SQLITE_OMIT_PARSER_TRACE)
       120715  +#if !defined(SQLITE_OMIT_FLAG_PRAGMAS)
       120716  +#if defined(SQLITE_DEBUG)
120003 120717    {/* zName:     */ "parser_trace",
120004         -  /* ePragTyp:  */ PragTyp_PARSER_TRACE,
120005         -  /* ePragFlg:  */ 0,
       120718  +  /* ePragTyp:  */ PragTyp_FLAG,
       120719  +  /* ePragFlg:  */ PragFlg_Result0|PragFlg_NoColumns1,
120006 120720     /* ColNames:  */ 0, 0,
120007         -  /* iArg:      */ 0 },
       120721  +  /* iArg:      */ SQLITE_ParserTrace },
       120722  +#endif
120008 120723   #endif
120009 120724   #if defined(SQLITE_INTROSPECTION_PRAGMAS)
120010 120725    {/* zName:     */ "pragma_list",
120011 120726     /* ePragTyp:  */ PragTyp_PRAGMA_LIST,
120012 120727     /* ePragFlg:  */ PragFlg_Result0,
120013 120728     /* ColNames:  */ 9, 1,
120014 120729     /* iArg:      */ 0 },
................................................................................
120991 121706         int size = 1;
120992 121707         if( sqlite3GetInt32(zRight, &size) ){
120993 121708           sqlite3BtreeSetSpillSize(pDb->pBt, size);
120994 121709         }
120995 121710         if( sqlite3GetBoolean(zRight, size!=0) ){
120996 121711           db->flags |= SQLITE_CacheSpill;
120997 121712         }else{
120998         -        db->flags &= ~SQLITE_CacheSpill;
       121713  +        db->flags &= ~(u64)SQLITE_CacheSpill;
120999 121714         }
121000 121715         setAllPagerFlags(db);
121001 121716       }
121002 121717       break;
121003 121718     }
121004 121719   
121005 121720     /*
................................................................................
121551 122266           pParent = sqlite3FindTable(db, pFK->zTo, zDb);
121552 122267           pIdx = 0;
121553 122268           aiCols = 0;
121554 122269           if( pParent ){
121555 122270             x = sqlite3FkLocateIndex(pParse, pParent, pFK, &pIdx, &aiCols);
121556 122271             assert( x==0 );
121557 122272           }
121558         -        addrOk = sqlite3VdbeMakeLabel(v);
       122273  +        addrOk = sqlite3VdbeMakeLabel(pParse);
121559 122274   
121560 122275           /* Generate code to read the child key values into registers
121561 122276           ** regRow..regRow+n. If any of the child key values are NULL, this 
121562 122277           ** row cannot cause an FK violation. Jump directly to addrOk in 
121563 122278           ** this case. */
121564 122279           for(j=0; j<pFK->nCol; j++){
121565 122280             int iCol = aiCols ? aiCols[j] : pFK->aCol[j].iFrom;
................................................................................
121596 122311         sqlite3VdbeJumpHere(v, addrTop);
121597 122312       }
121598 122313     }
121599 122314     break;
121600 122315   #endif /* !defined(SQLITE_OMIT_TRIGGER) */
121601 122316   #endif /* !defined(SQLITE_OMIT_FOREIGN_KEY) */
121602 122317   
121603         -#ifndef NDEBUG
121604         -  case PragTyp_PARSER_TRACE: {
121605         -    if( zRight ){
121606         -      if( sqlite3GetBoolean(zRight, 0) ){
121607         -        sqlite3ParserTrace(stdout, "parser: ");
121608         -      }else{
121609         -        sqlite3ParserTrace(0, 0);
121610         -      }
121611         -    }
121612         -  }
121613         -  break;
121614         -#endif
121615         -
121616 122318     /* Reinstall the LIKE and GLOB functions.  The variant of LIKE
121617 122319     ** used will be case sensitive or not depending on the RHS.
121618 122320     */
121619 122321     case PragTyp_CASE_SENSITIVE_LIKE: {
121620 122322       if( zRight ){
121621 122323         sqlite3RegisterLikeFunctions(db, sqlite3GetBoolean(zRight, 0));
121622 122324       }
................................................................................
121771 122473             integrityCheckResultRow(v);
121772 122474             sqlite3VdbeJumpHere(v, jmp2);
121773 122475           }
121774 122476           /* Verify CHECK constraints */
121775 122477           if( pTab->pCheck && (db->flags & SQLITE_IgnoreChecks)==0 ){
121776 122478             ExprList *pCheck = sqlite3ExprListDup(db, pTab->pCheck, 0);
121777 122479             if( db->mallocFailed==0 ){
121778         -            int addrCkFault = sqlite3VdbeMakeLabel(v);
121779         -            int addrCkOk = sqlite3VdbeMakeLabel(v);
       122480  +            int addrCkFault = sqlite3VdbeMakeLabel(pParse);
       122481  +            int addrCkOk = sqlite3VdbeMakeLabel(pParse);
121780 122482               char *zErr;
121781 122483               int k;
121782 122484               pParse->iSelfTab = iDataCur + 1;
121783 122485               for(k=pCheck->nExpr-1; k>0; k--){
121784 122486                 sqlite3ExprIfFalse(pParse, pCheck->a[k].pExpr, addrCkFault, 0);
121785 122487               }
121786 122488               sqlite3ExprIfTrue(pParse, pCheck->a[0].pExpr, addrCkOk, 
................................................................................
121795 122497             }
121796 122498             sqlite3ExprListDelete(db, pCheck);
121797 122499           }
121798 122500           if( !isQuick ){ /* Omit the remaining tests for quick_check */
121799 122501             /* Validate index entries for the current row */
121800 122502             for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
121801 122503               int jmp2, jmp3, jmp4, jmp5;
121802         -            int ckUniq = sqlite3VdbeMakeLabel(v);
       122504  +            int ckUniq = sqlite3VdbeMakeLabel(pParse);
121803 122505               if( pPk==pIdx ) continue;
121804 122506               r1 = sqlite3GenerateIndexKey(pParse, pIdx, iDataCur, 0, 0, &jmp3,
121805 122507                                            pPrior, r1);
121806 122508               pPrior = pIdx;
121807 122509               sqlite3VdbeAddOp2(v, OP_AddImm, 8+j, 1);/* increment entry count */
121808 122510               /* Verify that an index entry exists for the current table row */
121809 122511               jmp2 = sqlite3VdbeAddOp4Int(v, OP_Found, iIdxCur+j, ckUniq, r1,
................................................................................
121816 122518               sqlite3VdbeAddOp3(v, OP_Concat, 4, 3, 3);
121817 122519               jmp4 = integrityCheckResultRow(v);
121818 122520               sqlite3VdbeJumpHere(v, jmp2);
121819 122521               /* For UNIQUE indexes, verify that only one entry exists with the
121820 122522               ** current key.  The entry is unique if (1) any column is NULL
121821 122523               ** or (2) the next entry has a different key */
121822 122524               if( IsUniqueIndex(pIdx) ){
121823         -              int uniqOk = sqlite3VdbeMakeLabel(v);
       122525  +              int uniqOk = sqlite3VdbeMakeLabel(pParse);
121824 122526                 int jmp6;
121825 122527                 int kk;
121826 122528                 for(kk=0; kk<pIdx->nKeyCol; kk++){
121827 122529                   int iCol = pIdx->aiColumn[kk];
121828 122530                   assert( iCol!=XN_ROWID && iCol<pTab->nCol );
121829 122531                   if( iCol>=0 && pTab->aCol[iCol].notNull ) continue;
121830 122532                   sqlite3VdbeAddOp2(v, OP_IsNull, r1+kk, uniqOk);
................................................................................
122729 123431       if( zObj==0 ) zObj = "?";
122730 123432       z = sqlite3MPrintf(db, "malformed database schema (%s)", zObj);
122731 123433       if( zExtra && zExtra[0] ) z = sqlite3MPrintf(db, "%z - %s", z, zExtra);
122732 123434       *pData->pzErrMsg = z;
122733 123435       pData->rc = SQLITE_CORRUPT_BKPT;
122734 123436     }
122735 123437   }
       123438  +
       123439  +/*
       123440  +** Check to see if any sibling index (another index on the same table)
       123441  +** of pIndex has the same root page number, and if it does, return true.
       123442  +** This would indicate a corrupt schema.
       123443  +*/
       123444  +SQLITE_PRIVATE int sqlite3IndexHasDuplicateRootPage(Index *pIndex){
       123445  +  Index *p;
       123446  +  for(p=pIndex->pTable->pIndex; p; p=p->pNext){
       123447  +    if( p->tnum==pIndex->tnum && p!=pIndex ) return 1;
       123448  +  }
       123449  +  return 0;
       123450  +}
122736 123451   
122737 123452   /*
122738 123453   ** This is the callback routine for the code that initializes the
122739 123454   ** database.  See sqlite3Init() below for additional information.
122740 123455   ** This routine is also called from the OP_ParseSchema opcode of the VDBE.
122741 123456   **
122742 123457   ** Each callback contains the following information:
................................................................................
122751 123466     sqlite3 *db = pData->db;
122752 123467     int iDb = pData->iDb;
122753 123468   
122754 123469     assert( argc==3 );
122755 123470     UNUSED_PARAMETER2(NotUsed, argc);
122756 123471     assert( sqlite3_mutex_held(db->mutex) );
122757 123472     DbClearProperty(db, iDb, DB_Empty);
       123473  +  pData->nInitRow++;
122758 123474     if( db->mallocFailed ){
122759 123475       corruptSchema(pData, argv[0], 0);
122760 123476       return 1;
122761 123477     }
122762 123478   
122763 123479     assert( iDb>=0 && iDb<db->nDb );
122764 123480     if( argv==0 ) return 0;   /* Might happen if EMPTY_RESULT_CALLBACKS are on */
................................................................................
122804 123520       ** was created to be the PRIMARY KEY or to fulfill a UNIQUE
122805 123521       ** constraint for a CREATE TABLE.  The index should have already
122806 123522       ** been created when we processed the CREATE TABLE.  All we have
122807 123523       ** to do here is record the root page number for that index.
122808 123524       */
122809 123525       Index *pIndex;
122810 123526       pIndex = sqlite3FindIndex(db, argv[0], db->aDb[iDb].zDbSName);
122811         -    if( pIndex==0 ){
122812         -      /* This can occur if there exists an index on a TEMP table which
122813         -      ** has the same name as another index on a permanent index.  Since
122814         -      ** the permanent table is hidden by the TEMP table, we can also
122815         -      ** safely ignore the index on the permanent table.
122816         -      */
122817         -      /* Do Nothing */;
122818         -    }else if( sqlite3GetInt32(argv[1], &pIndex->tnum)==0 ){
122819         -      corruptSchema(pData, argv[0], "invalid rootpage");
       123527  +    if( pIndex==0
       123528  +     || sqlite3GetInt32(argv[1],&pIndex->tnum)==0
       123529  +     || pIndex->tnum<2
       123530  +     || sqlite3IndexHasDuplicateRootPage(pIndex)
       123531  +    ){
       123532  +      corruptSchema(pData, argv[0], pIndex?"invalid rootpage":"orphan index");
122820 123533       }
122821 123534     }
122822 123535     return 0;
122823 123536   }
122824 123537   
122825 123538   /*
122826 123539   ** Attempt to read the database schema and initialize internal
................................................................................
122862 123575                               "rootpage int,sql text)";
122863 123576     azArg[3] = 0;
122864 123577     initData.db = db;
122865 123578     initData.iDb = iDb;
122866 123579     initData.rc = SQLITE_OK;
122867 123580     initData.pzErrMsg = pzErrMsg;
122868 123581     initData.mInitFlags = mFlags;
       123582  +  initData.nInitRow = 0;
122869 123583     sqlite3InitCallback(&initData, 3, (char **)azArg, 0);
122870 123584     if( initData.rc ){
122871 123585       rc = initData.rc;
122872 123586       goto error_out;
122873 123587     }
122874 123588   
122875 123589     /* Create a cursor to hold the database open
................................................................................
122979 123693   
122980 123694     /* Ticket #2804:  When we open a database in the newer file format,
122981 123695     ** clear the legacy_file_format pragma flag so that a VACUUM will
122982 123696     ** not downgrade the database and thus invalidate any descending
122983 123697     ** indices that the user might have created.
122984 123698     */
122985 123699     if( iDb==0 && meta[BTREE_FILE_FORMAT-1]>=4 ){
122986         -    db->flags &= ~SQLITE_LegacyFileFmt;
       123700  +    db->flags &= ~(u64)SQLITE_LegacyFileFmt;
122987 123701     }
122988 123702   
122989 123703     /* Read the schema information out of the schema tables
122990 123704     */
122991 123705     assert( db->init.busy );
122992 123706     {
122993 123707       char *zSql;
................................................................................
123231 123945     /* For a long-term use prepared statement avoid the use of
123232 123946     ** lookaside memory.
123233 123947     */
123234 123948     if( prepFlags & SQLITE_PREPARE_PERSISTENT ){
123235 123949       sParse.disableLookaside++;
123236 123950       db->lookaside.bDisable++;
123237 123951     }
       123952  +  sParse.disableVtab = (prepFlags & SQLITE_PREPARE_NO_VTAB)!=0;
123238 123953   
123239 123954     /* Check to verify that it is possible to get a read lock on all
123240 123955     ** database schemas.  The inability to get a read lock indicates that
123241 123956     ** some other database connection is holding a write-lock, which in
123242 123957     ** turn means that the other connection has made uncommitted changes
123243 123958     ** to the schema.
123244 123959     **
................................................................................
123395 124110     sqlite3BtreeLeaveAll(db);
123396 124111     rc = sqlite3ApiExit(db, rc);
123397 124112     assert( (rc&db->errMask)==rc );
123398 124113     sqlite3_mutex_leave(db->mutex);
123399 124114     return rc;
123400 124115   }
123401 124116   
123402         -#ifdef SQLITE_ENABLE_NORMALIZE
123403         -/*
123404         -** Checks if the specified token is a table, column, or function name,
123405         -** based on the databases associated with the statement being prepared.
123406         -** If the function fails, zero is returned and pRc is filled with the
123407         -** error code.
123408         -*/
123409         -static int shouldTreatAsIdentifier(
123410         -  sqlite3 *db,        /* Database handle. */
123411         -  const char *zToken, /* Pointer to start of token to be checked */
123412         -  int nToken,         /* Length of token to be checked */
123413         -  int *pRc            /* Pointer to error code upon failure */
123414         -){
123415         -  int bFound = 0;     /* Non-zero if token is an identifier name. */
123416         -  int i, j;           /* Database and column loop indexes. */
123417         -  Schema *pSchema;    /* Schema for current database. */
123418         -  Hash *pHash;        /* Hash table of tables for current database. */
123419         -  HashElem *e;        /* Hash element for hash table iteration. */
123420         -  Table *pTab;        /* Database table for columns being checked. */
123421         -
123422         -  if( sqlite3IsRowidN(zToken, nToken) ){
123423         -    return 1;
123424         -  }
123425         -  if( nToken>0 ){
123426         -    int hash = SQLITE_FUNC_HASH(sqlite3UpperToLower[(u8)zToken[0]], nToken);
123427         -    if( sqlite3FunctionSearchN(hash, zToken, nToken) ) return 1;
123428         -  }
123429         -  assert( db!=0 );
123430         -  sqlite3_mutex_enter(db->mutex);
123431         -  sqlite3BtreeEnterAll(db);
123432         -  for(i=0; i<db->nDb; i++){
123433         -    pHash = &db->aFunc;
123434         -    if( sqlite3HashFindN(pHash, zToken, nToken) ){
123435         -      bFound = 1;
123436         -      break;
123437         -    }
123438         -    pSchema = db->aDb[i].pSchema;
123439         -    if( pSchema==0 ) continue;
123440         -    pHash = &pSchema->tblHash;
123441         -    if( sqlite3HashFindN(pHash, zToken, nToken) ){
123442         -      bFound = 1;
123443         -      break;
123444         -    }
123445         -    for(e=sqliteHashFirst(pHash); e; e=sqliteHashNext(e)){
123446         -      pTab = sqliteHashData(e);
123447         -      if( pTab==0 ) continue;
123448         -      pHash = pTab->pColHash;
123449         -      if( pHash==0 ){
123450         -        pTab->pColHash = pHash = sqlite3_malloc(sizeof(Hash));
123451         -        if( pHash ){
123452         -          sqlite3HashInit(pHash);
123453         -          for(j=0; j<pTab->nCol; j++){
123454         -            Column *pCol = &pTab->aCol[j];
123455         -            sqlite3HashInsert(pHash, pCol->zName, pCol);
123456         -          }
123457         -        }else{
123458         -          *pRc = SQLITE_NOMEM_BKPT;
123459         -          bFound = 0;
123460         -          goto done;
123461         -        }
123462         -      }
123463         -      if( pHash && sqlite3HashFindN(pHash, zToken, nToken) ){
123464         -        bFound = 1;
123465         -        goto done;
123466         -      }
123467         -    }
123468         -  }
123469         -done:
123470         -  sqlite3BtreeLeaveAll(db);
123471         -  sqlite3_mutex_leave(db->mutex);
123472         -  return bFound;
123473         -}
123474         -
123475         -/*
123476         -** Attempt to estimate the final output buffer size needed for the fully
123477         -** normalized version of the specified SQL string.  This should take into
123478         -** account any potential expansion that could occur (e.g. via IN clauses
123479         -** being expanded, etc).  This size returned is the total number of bytes
123480         -** including the NUL terminator.
123481         -*/
123482         -static int estimateNormalizedSize(
123483         -  const char *zSql, /* The original SQL string */
123484         -  int nSql,         /* Length of original SQL string */
123485         -  u8 prepFlags      /* The flags passed to sqlite3_prepare_v3() */
123486         -){
123487         -  int nOut = nSql + 4;
123488         -  const char *z = zSql;
123489         -  while( nOut<nSql*5 ){
123490         -    while( z[0]!=0 && z[0]!='I' && z[0]!='i' ){ z++; }
123491         -    if( z[0]==0 ) break;
123492         -    z++;
123493         -    if( z[0]!='N' && z[0]!='n' ) break;
123494         -    z++;
123495         -    while( sqlite3Isspace(z[0]) ){ z++; }
123496         -    if( z[0]!='(' ) break;
123497         -    z++;
123498         -    nOut += 5; /* ?,?,? */
123499         -  }
123500         -  return nOut;
123501         -}
123502         -
123503         -/*
123504         -** Copy the current token into the output buffer while dealing with quoted
123505         -** identifiers.  By default, all letters will be converted into lowercase.
123506         -** If the bUpper flag is set, uppercase will be used.  The piOut argument
123507         -** will be used to update the target index into the output string.
123508         -*/
123509         -static void copyNormalizedToken(
123510         -  const char *zSql, /* The original SQL string */
123511         -  int iIn,          /* Current index into the original SQL string */
123512         -  int nToken,       /* Number of bytes in the current token */
123513         -  int tokenFlags,   /* Flags returned by the tokenizer */
123514         -  char *zOut,       /* The output string */
123515         -  int *piOut        /* Pointer to target index into the output string */
123516         -){
123517         -  int bQuoted = tokenFlags & SQLITE_TOKEN_QUOTED;
123518         -  int bKeyword = tokenFlags & SQLITE_TOKEN_KEYWORD;
123519         -  int j = *piOut, k = 0;
123520         -  for(; k<nToken; k++){
123521         -    if( bQuoted ){
123522         -      if( k==0 && iIn>0 ){
123523         -        zOut[j++] = '"';
123524         -        continue;
123525         -      }else if( k==nToken-1 ){
123526         -        zOut[j++] = '"';
123527         -        continue;
123528         -      }
123529         -    }
123530         -    if( bKeyword ){
123531         -      zOut[j++] = sqlite3Toupper(zSql[iIn+k]);
123532         -    }else{
123533         -      zOut[j++] = sqlite3Tolower(zSql[iIn+k]);
123534         -    }
123535         -  }
123536         -  *piOut = j;
123537         -}
123538         -
123539         -/*
123540         -** Perform normalization of the SQL contained in the prepared statement and
123541         -** store the result in the zNormSql field.  The schema for the associated
123542         -** databases are consulted while performing the normalization in order to
123543         -** determine if a token appears to be an identifier.  All identifiers are
123544         -** left intact in the normalized SQL and all literals are replaced with a
123545         -** single '?'.
123546         -*/
123547         -SQLITE_PRIVATE void sqlite3Normalize(
123548         -  Vdbe *pVdbe,      /* VM being reprepared */
123549         -  const char *zSql, /* The original SQL string */
123550         -  int nSql,         /* Size of the input string in bytes */
123551         -  u8 prepFlags      /* The flags passed to sqlite3_prepare_v3() */
123552         -){
123553         -  sqlite3 *db;           /* Database handle. */
123554         -  char *z;               /* The output string */
123555         -  int nZ;                /* Size of the output string in bytes */
123556         -  int i;                 /* Next character to read from zSql[] */
123557         -  int j;                 /* Next character to fill in on z[] */
123558         -  int tokenType = 0;     /* Type of the next token */
123559         -  int prevTokenType = 0; /* Type of the previous token, except spaces */
123560         -  int n;                 /* Size of the next token */
123561         -  int nParen = 0;        /* Nesting level of parenthesis */
123562         -  Hash inHash;           /* Table of parenthesis levels to output index. */
123563         -
123564         -  db = sqlite3VdbeDb(pVdbe);
123565         -  assert( db!=0 );
123566         -  assert( pVdbe->zNormSql==0 );
123567         -  if( zSql==0 ) return;
123568         -  nZ = estimateNormalizedSize(zSql, nSql, prepFlags);
123569         -  z = sqlite3DbMallocRawNN(db, nZ);
123570         -  if( z==0 ) return;
123571         -  sqlite3HashInit(&inHash);
123572         -  for(i=j=0; i<nSql && zSql[i]; i+=n){
123573         -    int flags = 0;
123574         -    if( tokenType!=TK_SPACE ) prevTokenType = tokenType;
123575         -    n = sqlite3GetTokenNormalized((unsigned char*)zSql+i, &tokenType, &flags);
123576         -    switch( tokenType ){
123577         -      case TK_SPACE: {
123578         -        break;
123579         -      }
123580         -      case TK_ILLEGAL: {
123581         -        sqlite3DbFree(db, z);
123582         -        sqlite3HashClear(&inHash);
123583         -        return;
123584         -      }
123585         -      case TK_STRING:
123586         -      case TK_INTEGER:
123587         -      case TK_FLOAT:
123588         -      case TK_VARIABLE:
123589         -      case TK_BLOB: {
123590         -        z[j++] = '?';
123591         -        break;
123592         -      }
123593         -      case TK_LP:
123594         -      case TK_RP: {
123595         -        if( tokenType==TK_LP ){
123596         -          nParen++;
123597         -          if( prevTokenType==TK_IN ){
123598         -            assert( nParen<nSql );
123599         -            sqlite3HashInsert(&inHash, zSql+nParen, SQLITE_INT_TO_PTR(j));
123600         -          }
123601         -        }else{
123602         -          int jj;
123603         -          assert( nParen<nSql );
123604         -          jj = SQLITE_PTR_TO_INT(sqlite3HashFind(&inHash, zSql+nParen));
123605         -          if( jj>0 ){
123606         -            sqlite3HashInsert(&inHash, zSql+nParen, 0);
123607         -            assert( jj+6<nZ );
123608         -            memcpy(z+jj+1, "?,?,?", 5);
123609         -            j = jj+6;
123610         -            assert( nZ-1-j>=0 );
123611         -            assert( nZ-1-j<nZ );
123612         -            memset(z+j, 0, nZ-1-j);
123613         -          }
123614         -          nParen--;
123615         -        }
123616         -        assert( nParen>=0 );
123617         -        /* Fall through */
123618         -      }
123619         -      case TK_MINUS:
123620         -      case TK_SEMI:
123621         -      case TK_PLUS:
123622         -      case TK_STAR:
123623         -      case TK_SLASH:
123624         -      case TK_REM:
123625         -      case TK_EQ:
123626         -      case TK_LE:
123627         -      case TK_NE:
123628         -      case TK_LSHIFT:
123629         -      case TK_LT:
123630         -      case TK_RSHIFT:
123631         -      case TK_GT:
123632         -      case TK_GE:
123633         -      case TK_BITOR:
123634         -      case TK_CONCAT:
123635         -      case TK_COMMA:
123636         -      case TK_BITAND:
123637         -      case TK_BITNOT:
123638         -      case TK_DOT:
123639         -      case TK_IN:
123640         -      case TK_IS:
123641         -      case TK_NOT:
123642         -      case TK_NULL:
123643         -      case TK_ID: {
123644         -        if( tokenType==TK_NULL ){
123645         -          if( prevTokenType==TK_IS || prevTokenType==TK_NOT ){
123646         -            /* NULL is a keyword in this case, not a literal value */
123647         -          }else{
123648         -            /* Here the NULL is a literal value */
123649         -            z[j++] = '?';
123650         -            break;
123651         -          }
123652         -        }
123653         -        if( j>0 && sqlite3IsIdChar(z[j-1]) && sqlite3IsIdChar(zSql[i]) ){
123654         -          z[j++] = ' ';
123655         -        }
123656         -        if( tokenType==TK_ID ){
123657         -          int i2 = i, n2 = n, rc = SQLITE_OK;
123658         -          if( nParen>0 ){
123659         -            assert( nParen<nSql );
123660         -            sqlite3HashInsert(&inHash, zSql+nParen, 0);
123661         -          }
123662         -          if( flags&SQLITE_TOKEN_QUOTED ){ i2++; n2-=2; }
123663         -          if( shouldTreatAsIdentifier(db, zSql+i2, n2, &rc)==0 ){
123664         -            if( rc!=SQLITE_OK ){
123665         -              sqlite3DbFree(db, z);
123666         -              sqlite3HashClear(&inHash);
123667         -              return;
123668         -            }
123669         -            if( sqlite3_keyword_check(zSql+i2, n2)==0 ){
123670         -              z[j++] = '?';
123671         -              break;
123672         -            }
123673         -          }
123674         -        }
123675         -        copyNormalizedToken(zSql, i, n, flags, z, &j);
123676         -        break;
123677         -      }
123678         -    }
123679         -  }
123680         -  assert( j<nZ && "one" );
123681         -  while( j>0 && z[j-1]==' ' ){ j--; }
123682         -  if( j>0 && z[j-1]!=';' ){ z[j++] = ';'; }
123683         -  z[j] = 0;
123684         -  assert( j<nZ && "two" );
123685         -  pVdbe->zNormSql = z;
123686         -  sqlite3HashClear(&inHash);
123687         -}
123688         -#endif /* SQLITE_ENABLE_NORMALIZE */
123689 124117   
123690 124118   /*
123691 124119   ** Rerun the compilation of a statement after a schema change.
123692 124120   **
123693 124121   ** If the statement is successfully recompiled, return SQLITE_OK. Otherwise,
123694 124122   ** if the statement cannot be recompiled because another connection has
123695 124123   ** locked the sqlite3_master table, return SQLITE_LOCKED. If any other error
................................................................................
124523 124951       regBase = regData - nPrefixReg;
124524 124952     }else{
124525 124953       regBase = pParse->nMem + 1;
124526 124954       pParse->nMem += nBase;
124527 124955     }
124528 124956     assert( pSelect->iOffset==0 || pSelect->iLimit!=0 );
124529 124957     iLimit = pSelect->iOffset ? pSelect->iOffset+1 : pSelect->iLimit;
124530         -  pSort->labelDone = sqlite3VdbeMakeLabel(v);
       124958  +  pSort->labelDone = sqlite3VdbeMakeLabel(pParse);
124531 124959     sqlite3ExprCodeExprList(pParse, pSort->pOrderBy, regBase, regOrigData,
124532 124960                             SQLITE_ECEL_DUP | (regOrigData? SQLITE_ECEL_REF : 0));
124533 124961     if( bSeq ){
124534 124962       sqlite3VdbeAddOp2(v, OP_Sequence, pSort->iECursor, regBase+nExpr);
124535 124963     }
124536 124964     if( nPrefixReg==0 && nData>0 ){
124537 124965       sqlite3ExprCodeMove(pParse, regData, regBase+nExpr+bSeq, nData);
................................................................................
124562 124990       memset(pKI->aSortOrder, 0, pKI->nKeyField); /* Makes OP_Jump testable */
124563 124991       sqlite3VdbeChangeP4(v, -1, (char*)pKI, P4_KEYINFO);
124564 124992       testcase( pKI->nAllField > pKI->nKeyField+2 );
124565 124993       pOp->p4.pKeyInfo = sqlite3KeyInfoFromExprList(pParse,pSort->pOrderBy,nOBSat,
124566 124994                                              pKI->nAllField-pKI->nKeyField-1);
124567 124995       addrJmp = sqlite3VdbeCurrentAddr(v);
124568 124996       sqlite3VdbeAddOp3(v, OP_Jump, addrJmp+1, 0, addrJmp+1); VdbeCoverage(v);
124569         -    pSort->labelBkOut = sqlite3VdbeMakeLabel(v);
       124997  +    pSort->labelBkOut = sqlite3VdbeMakeLabel(pParse);
124570 124998       pSort->regReturn = ++pParse->nMem;
124571 124999       sqlite3VdbeAddOp2(v, OP_Gosub, pSort->regReturn, pSort->labelBkOut);
124572 125000       sqlite3VdbeAddOp1(v, OP_ResetSorter, pSort->iECursor);
124573 125001       if( iLimit ){
124574 125002         sqlite3VdbeAddOp2(v, OP_IfNot, iLimit, pSort->labelDone);
124575 125003         VdbeCoverage(v);
124576 125004       }
................................................................................
125309 125737     Select *p,        /* The SELECT statement */
125310 125738     SortCtx *pSort,   /* Information on the ORDER BY clause */
125311 125739     int nColumn,      /* Number of columns of data */
125312 125740     SelectDest *pDest /* Write the sorted results here */
125313 125741   ){
125314 125742     Vdbe *v = pParse->pVdbe;                     /* The prepared statement */
125315 125743     int addrBreak = pSort->labelDone;            /* Jump here to exit loop */
125316         -  int addrContinue = sqlite3VdbeMakeLabel(v);  /* Jump here for next cycle */
       125744  +  int addrContinue = sqlite3VdbeMakeLabel(pParse);/* Jump here for next cycle */
125317 125745     int addr;                       /* Top of output loop. Jump for Next. */
125318 125746     int addrOnce = 0;
125319 125747     int iTab;
125320 125748     ExprList *pOrderBy = pSort->pOrderBy;
125321 125749     int eDest = pDest->eDest;
125322 125750     int iParm = pDest->iSDParm;
125323 125751     int regRow;
................................................................................
125349 125777   
125350 125778     iTab = pSort->iECursor;
125351 125779     if( eDest==SRT_Output || eDest==SRT_Coroutine || eDest==SRT_Mem ){
125352 125780       regRowid = 0;
125353 125781       regRow = pDest->iSdst;
125354 125782     }else{
125355 125783       regRowid = sqlite3GetTempReg(pParse);
125356         -    regRow = sqlite3GetTempRange(pParse, nColumn);
       125784  +    if( eDest==SRT_EphemTab || eDest==SRT_Table ){
       125785  +      regRow = sqlite3GetTempReg(pParse);
       125786  +      nColumn = 0;
       125787  +    }else{
       125788  +      regRow = sqlite3GetTempRange(pParse, nColumn);
       125789  +    }
125357 125790     }
125358 125791     nKey = pOrderBy->nExpr - pSort->nOBSat;
125359 125792     if( pSort->sortFlags & SORTFLAG_UseSorter ){
125360 125793       int regSortOut = ++pParse->nMem;
125361 125794       iSortTab = pParse->nTab++;
125362 125795       if( pSort->labelBkOut ){
125363 125796         addrOnce = sqlite3VdbeAddOp0(v, OP_Once); VdbeCoverage(v);
................................................................................
125429 125862         sqlite3VdbeAddOp3(v, OP_Column, iSortTab, iRead, regRow+i);
125430 125863         VdbeComment((v, "%s", aOutEx[i].zName?aOutEx[i].zName : aOutEx[i].zSpan));
125431 125864       }
125432 125865     }
125433 125866     switch( eDest ){
125434 125867       case SRT_Table:
125435 125868       case SRT_EphemTab: {
       125869  +      sqlite3VdbeAddOp3(v, OP_Column, iSortTab, nKey+bSeq, regRow);
125436 125870         sqlite3VdbeAddOp2(v, OP_NewRowid, iParm, regRowid);
125437 125871         sqlite3VdbeAddOp3(v, OP_Insert, iParm, regRow, regRowid);
125438 125872         sqlite3VdbeChangeP5(v, OPFLAG_APPEND);
125439 125873         break;
125440 125874       }
125441 125875   #ifndef SQLITE_OMIT_SUBQUERY
125442 125876       case SRT_Set: {
................................................................................
125969 126403   /*
125970 126404   ** Given a SELECT statement, generate a Table structure that describes
125971 126405   ** the result set of that SELECT.
125972 126406   */
125973 126407   SQLITE_PRIVATE Table *sqlite3ResultSetOfSelect(Parse *pParse, Select *pSelect){
125974 126408     Table *pTab;
125975 126409     sqlite3 *db = pParse->db;
125976         -  int savedFlags;
       126410  +  u64 savedFlags;
125977 126411   
125978 126412     savedFlags = db->flags;
125979         -  db->flags &= ~SQLITE_FullColNames;
       126413  +  db->flags &= ~(u64)SQLITE_FullColNames;
125980 126414     db->flags |= SQLITE_ShortColNames;
125981 126415     sqlite3SelectPrep(pParse, pSelect, 0);
       126416  +  db->flags = savedFlags;
125982 126417     if( pParse->nErr ) return 0;
125983 126418     while( pSelect->pPrior ) pSelect = pSelect->pPrior;
125984         -  db->flags = savedFlags;
125985 126419     pTab = sqlite3DbMallocZero(db, sizeof(Table) );
125986 126420     if( pTab==0 ){
125987 126421       return 0;
125988 126422     }
125989 126423     /* The sqlite3ResultSetOfSelect() is only used n contexts where lookaside
125990 126424     ** is disabled */
125991 126425     assert( db->lookaside.bDisable );
................................................................................
126221 126655     }
126222 126656   #endif
126223 126657   
126224 126658     /* Obtain authorization to do a recursive query */
126225 126659     if( sqlite3AuthCheck(pParse, SQLITE_RECURSIVE, 0, 0, 0) ) return;
126226 126660   
126227 126661     /* Process the LIMIT and OFFSET clauses, if they exist */
126228         -  addrBreak = sqlite3VdbeMakeLabel(v);
       126662  +  addrBreak = sqlite3VdbeMakeLabel(pParse);
126229 126663     p->nSelectRow = 320;  /* 4 billion rows */
126230 126664     computeLimitRegisters(pParse, p, addrBreak);
126231 126665     pLimit = p->pLimit;
126232 126666     regLimit = p->iLimit;
126233 126667     regOffset = p->iOffset;
126234 126668     p->pLimit = 0;
126235 126669     p->iLimit = p->iOffset = 0;
................................................................................
126291 126725       sqlite3VdbeAddOp3(v, OP_Column, iQueue, pOrderBy->nExpr+1, regCurrent);
126292 126726     }else{
126293 126727       sqlite3VdbeAddOp2(v, OP_RowData, iQueue, regCurrent);
126294 126728     }
126295 126729     sqlite3VdbeAddOp1(v, OP_Delete, iQueue);
126296 126730   
126297 126731     /* Output the single row in Current */
126298         -  addrCont = sqlite3VdbeMakeLabel(v);
       126732  +  addrCont = sqlite3VdbeMakeLabel(pParse);
126299 126733     codeOffset(v, regOffset, addrCont);
126300 126734     selectInnerLoop(pParse, p, iCurrent,
126301 126735         0, 0, pDest, addrCont, addrBreak);
126302 126736     if( regLimit ){
126303 126737       sqlite3VdbeAddOp2(v, OP_DecrJumpZero, regLimit, addrBreak);
126304 126738       VdbeCoverage(v);
126305 126739     }
................................................................................
126599 127033           /* Convert the data in the temporary table into whatever form
126600 127034           ** it is that we currently need.
126601 127035           */
126602 127036           assert( unionTab==dest.iSDParm || dest.eDest!=priorOp );
126603 127037           if( dest.eDest!=priorOp ){
126604 127038             int iCont, iBreak, iStart;
126605 127039             assert( p->pEList );
126606         -          iBreak = sqlite3VdbeMakeLabel(v);
126607         -          iCont = sqlite3VdbeMakeLabel(v);
       127040  +          iBreak = sqlite3VdbeMakeLabel(pParse);
       127041  +          iCont = sqlite3VdbeMakeLabel(pParse);
126608 127042             computeLimitRegisters(pParse, p, iBreak);
126609 127043             sqlite3VdbeAddOp2(v, OP_Rewind, unionTab, iBreak); VdbeCoverage(v);
126610 127044             iStart = sqlite3VdbeCurrentAddr(v);
126611 127045             selectInnerLoop(pParse, p, unionTab,
126612 127046                             0, 0, &dest, iCont, iBreak);
126613 127047             sqlite3VdbeResolveLabel(v, iCont);
126614 127048             sqlite3VdbeAddOp2(v, OP_Next, unionTab, iStart); VdbeCoverage(v);
................................................................................
126668 127102           sqlite3ExprDelete(db, p->pLimit);
126669 127103           p->pLimit = pLimit;
126670 127104     
126671 127105           /* Generate code to take the intersection of the two temporary
126672 127106           ** tables.
126673 127107           */
126674 127108           assert( p->pEList );
126675         -        iBreak = sqlite3VdbeMakeLabel(v);
126676         -        iCont = sqlite3VdbeMakeLabel(v);
       127109  +        iBreak = sqlite3VdbeMakeLabel(pParse);
       127110  +        iCont = sqlite3VdbeMakeLabel(pParse);
126677 127111           computeLimitRegisters(pParse, p, iBreak);
126678 127112           sqlite3VdbeAddOp2(v, OP_Rewind, tab1, iBreak); VdbeCoverage(v);
126679 127113           r1 = sqlite3GetTempReg(pParse);
126680 127114           iStart = sqlite3VdbeAddOp2(v, OP_RowData, tab1, r1);
126681 127115           sqlite3VdbeAddOp4Int(v, OP_NotFound, tab2, iCont, r1, 0);
126682 127116           VdbeCoverage(v);
126683 127117           sqlite3ReleaseTempReg(pParse, r1);
................................................................................
126799 127233     int iBreak              /* Jump here if we hit the LIMIT */
126800 127234   ){
126801 127235     Vdbe *v = pParse->pVdbe;
126802 127236     int iContinue;
126803 127237     int addr;
126804 127238   
126805 127239     addr = sqlite3VdbeCurrentAddr(v);
126806         -  iContinue = sqlite3VdbeMakeLabel(v);
       127240  +  iContinue = sqlite3VdbeMakeLabel(pParse);
126807 127241   
126808 127242     /* Suppress duplicates for UNION, EXCEPT, and INTERSECT 
126809 127243     */
126810 127244     if( regPrev ){
126811 127245       int addr1, addr2;
126812 127246       addr1 = sqlite3VdbeAddOp1(v, OP_IfNot, regPrev); VdbeCoverage(v);
126813 127247       addr2 = sqlite3VdbeAddOp4(v, OP_Compare, pIn->iSdst, regPrev+1, pIn->nSdst,
................................................................................
127036 127470     int *aPermute;        /* Mapping from ORDER BY terms to result set columns */
127037 127471   
127038 127472     assert( p->pOrderBy!=0 );
127039 127473     assert( pKeyDup==0 ); /* "Managed" code needs this.  Ticket #3382. */
127040 127474     db = pParse->db;
127041 127475     v = pParse->pVdbe;
127042 127476     assert( v!=0 );       /* Already thrown the error if VDBE alloc failed */
127043         -  labelEnd = sqlite3VdbeMakeLabel(v);
127044         -  labelCmpr = sqlite3VdbeMakeLabel(v);
       127477  +  labelEnd = sqlite3VdbeMakeLabel(pParse);
       127478  +  labelCmpr = sqlite3VdbeMakeLabel(pParse);
127045 127479   
127046 127480   
127047 127481     /* Patch up the ORDER BY clause
127048 127482     */
127049 127483     op = p->op;  
127050 127484     pPrior = p->pPrior;
127051 127485     assert( pPrior->pOrderBy==0 );
................................................................................
127353 127787           if( pSubst->isLeftJoin && pCopy->op!=TK_COLUMN ){
127354 127788             memset(&ifNullRow, 0, sizeof(ifNullRow));
127355 127789             ifNullRow.op = TK_IF_NULL_ROW;
127356 127790             ifNullRow.pLeft = pCopy;
127357 127791             ifNullRow.iTable = pSubst->iNewTable;
127358 127792             pCopy = &ifNullRow;
127359 127793           }
       127794  +        testcase( ExprHasProperty(pCopy, EP_Subquery) );
127360 127795           pNew = sqlite3ExprDup(db, pCopy, 0);
127361 127796           if( pNew && pSubst->isLeftJoin ){
127362 127797             ExprSetProperty(pNew, EP_CanBeNull);
127363 127798           }
127364 127799           if( pNew && ExprHasProperty(pExpr,EP_FromJoin) ){
127365 127800             pNew->iRightJoinTable = pExpr->iRightJoinTable;
127366 127801             ExprSetProperty(pNew, EP_FromJoin);
................................................................................
127845 128280       pSrc = pParent->pSrc;     /* FROM clause of the outer query */
127846 128281   
127847 128282       if( pSrc ){
127848 128283         assert( pParent==p );  /* First time through the loop */
127849 128284         jointype = pSubitem->fg.jointype;
127850 128285       }else{
127851 128286         assert( pParent!=p );  /* 2nd and subsequent times through the loop */
127852         -      pSrc = pParent->pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
127853         -      if( pSrc==0 ){
127854         -        assert( db->mallocFailed );
127855         -        break;
127856         -      }
       128287  +      pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
       128288  +      if( pSrc==0 ) break;
       128289  +      pParent->pSrc = pSrc;
127857 128290       }
127858 128291   
127859 128292       /* The subquery uses a single slot of the FROM clause of the outer
127860 128293       ** query.  If the subquery has more than one element in its FROM clause,
127861 128294       ** then expand the outer query to make space for it to hold all elements
127862 128295       ** of the subquery.
127863 128296       **
................................................................................
127868 128301       ** The outer query has 3 slots in its FROM clause.  One slot of the
127869 128302       ** outer query (the middle slot) is used by the subquery.  The next
127870 128303       ** block of code will expand the outer query FROM clause to 4 slots.
127871 128304       ** The middle slot is expanded to two slots in order to make space
127872 128305       ** for the two elements in the FROM clause of the subquery.
127873 128306       */
127874 128307       if( nSubSrc>1 ){
127875         -      pParent->pSrc = pSrc = sqlite3SrcListEnlarge(db, pSrc, nSubSrc-1,iFrom+1);
127876         -      if( db->mallocFailed ){
127877         -        break;
127878         -      }
       128308  +      pSrc = sqlite3SrcListEnlarge(pParse, pSrc, nSubSrc-1,iFrom+1);
       128309  +      if( pSrc==0 ) break;
       128310  +      pParent->pSrc = pSrc;
127879 128311       }
127880 128312   
127881 128313       /* Transfer the FROM clause terms from the subquery into the
127882 128314       ** outer query.
127883 128315       */
127884 128316       for(i=0; i<nSubSrc; i++){
127885 128317         sqlite3IdListDelete(db, pSrc->a[i+iFrom].pUsing);
................................................................................
127917 128349         for(i=0; i<pOrderBy->nExpr; i++){
127918 128350           pOrderBy->a[i].u.x.iOrderByCol = 0;
127919 128351         }
127920 128352         assert( pParent->pOrderBy==0 );
127921 128353         pParent->pOrderBy = pOrderBy;
127922 128354         pSub->pOrderBy = 0;
127923 128355       }
127924         -    pWhere = sqlite3ExprDup(db, pSub->pWhere, 0);
       128356  +    pWhere = pSub->pWhere;
       128357  +    pSub->pWhere = 0;
127925 128358       if( isLeftJoin>0 ){
127926 128359         setJoinExpr(pWhere, iNewParent);
127927 128360       }
127928 128361       pParent->pWhere = sqlite3ExprAnd(db, pWhere, pParent->pWhere);
127929 128362       if( db->mallocFailed==0 ){
127930 128363         SubstContext x;
127931 128364         x.pParse = pParse;
................................................................................
129220 129653         regAgg = sqlite3GetTempRange(pParse, nArg);
129221 129654         sqlite3ExprCodeExprList(pParse, pList, regAgg, 0, SQLITE_ECEL_DUP);
129222 129655       }else{
129223 129656         nArg = 0;
129224 129657         regAgg = 0;
129225 129658       }
129226 129659       if( pF->iDistinct>=0 ){
129227         -      addrNext = sqlite3VdbeMakeLabel(v);
       129660  +      addrNext = sqlite3VdbeMakeLabel(pParse);
129228 129661         testcase( nArg==0 );  /* Error condition */
129229 129662         testcase( nArg>1 );   /* Also an error */
129230 129663         codeDistinct(pParse, pF->iDistinct, addrNext, 1, regAgg);
129231 129664       }
129232 129665       if( pF->pFunc->funcFlags & SQLITE_FUNC_NEEDCOLL ){
129233 129666         CollSeq *pColl = 0;
129234 129667         struct ExprList_item *pItem;
................................................................................
129356 129789   */
129357 129790   static struct SrcList_item *isSelfJoinView(
129358 129791     SrcList *pTabList,           /* Search for self-joins in this FROM clause */
129359 129792     struct SrcList_item *pThis   /* Search for prior reference to this subquery */
129360 129793   ){
129361 129794     struct SrcList_item *pItem;
129362 129795     for(pItem = pTabList->a; pItem<pThis; pItem++){
       129796  +    Select *pS1;
129363 129797       if( pItem->pSelect==0 ) continue;
129364 129798       if( pItem->fg.viaCoroutine ) continue;
129365 129799       if( pItem->zName==0 ) continue;
129366 129800       if( sqlite3_stricmp(pItem->zDatabase, pThis->zDatabase)!=0 ) continue;
129367 129801       if( sqlite3_stricmp(pItem->zName, pThis->zName)!=0 ) continue;
129368         -    if( sqlite3ExprCompare(0, 
129369         -          pThis->pSelect->pWhere, pItem->pSelect->pWhere, -1) 
129370         -    ){
       129802  +    pS1 = pItem->pSelect;
       129803  +    if( pThis->pSelect->selId!=pS1->selId ){
       129804  +      /* The query flattener left two different CTE tables with identical
       129805  +      ** names in the same FROM clause. */
       129806  +      continue;
       129807  +    }
       129808  +    if( sqlite3ExprCompare(0, pThis->pSelect->pWhere, pS1->pWhere, -1) ){
129371 129809         /* The view was modified by some other optimization such as
129372 129810         ** pushDownWhereTerms() */
129373 129811         continue;
129374 129812       }
129375 129813       return pItem;
129376 129814     }
129377 129815     return 0;
................................................................................
129625 130063        && (pTabList->nSrc==1
129626 130064            || (pTabList->a[1].fg.jointype&(JT_LEFT|JT_CROSS))!=0)
129627 130065       ){
129628 130066         continue;
129629 130067       }
129630 130068   
129631 130069       if( flattenSubquery(pParse, p, i, isAgg) ){
       130070  +      if( pParse->nErr ) goto select_end;
129632 130071         /* This subquery can be absorbed into its parent. */
129633 130072         i = -1;
129634 130073       }
129635 130074       pTabList = p->pSrc;
129636 130075       if( db->mallocFailed ) goto select_end;
129637 130076       if( !IgnorableOrderby(pDest) ){
129638 130077         sSort.pOrderBy = p->pOrderBy;
................................................................................
129720 130159   
129721 130160   #if !defined(SQLITE_OMIT_SUBQUERY) || !defined(SQLITE_OMIT_VIEW)
129722 130161       /* Generate code for all sub-queries in the FROM clause
129723 130162       */
129724 130163       pSub = pItem->pSelect;
129725 130164       if( pSub==0 ) continue;
129726 130165   
129727         -    /* Sometimes the code for a subquery will be generated more than
129728         -    ** once, if the subquery is part of the WHERE clause in a LEFT JOIN,
129729         -    ** for example.  In that case, do not regenerate the code to manifest
129730         -    ** a view or the co-routine to implement a view.  The first instance
129731         -    ** is sufficient, though the subroutine to manifest the view does need
129732         -    ** to be invoked again. */
129733         -    if( pItem->addrFillSub ){
129734         -      if( pItem->fg.viaCoroutine==0 ){
129735         -        /* The subroutine that manifests the view might be a one-time routine,
129736         -        ** or it might need to be rerun on each iteration because it
129737         -        ** encodes a correlated subquery. */
129738         -        testcase( sqlite3VdbeGetOp(v, pItem->addrFillSub)->opcode==OP_Once );
129739         -        sqlite3VdbeAddOp2(v, OP_Gosub, pItem->regReturn, pItem->addrFillSub);
129740         -      }
129741         -      continue;
129742         -    }
       130166  +    /* The code for a subquery should only be generated once, though it is
       130167  +    ** technically harmless for it to be generated multiple times. The
       130168  +    ** following assert() will detect if something changes to cause
       130169  +    ** the same subquery to be coded multiple times, as a signal to the
       130170  +    ** developers to try to optimize the situation. */
       130171  +    assert( pItem->addrFillSub==0 );
129743 130172   
129744 130173       /* Increment Parse.nHeight by the height of the largest expression
129745 130174       ** tree referred to by this, the parent select. The child select
129746 130175       ** may contain expression trees of at most
129747 130176       ** (SQLITE_MAX_EXPR_DEPTH-Parse.nHeight) height. This is a bit
129748 130177       ** more conservative than necessary, but much easier than enforcing
129749 130178       ** an exact limit.
................................................................................
129923 130352     */
129924 130353     if( pDest->eDest==SRT_EphemTab ){
129925 130354       sqlite3VdbeAddOp2(v, OP_OpenEphemeral, pDest->iSDParm, pEList->nExpr);
129926 130355     }
129927 130356   
129928 130357     /* Set the limiter.
129929 130358     */
129930         -  iEnd = sqlite3VdbeMakeLabel(v);
       130359  +  iEnd = sqlite3VdbeMakeLabel(pParse);
129931 130360     if( (p->selFlags & SF_FixedLimit)==0 ){
129932 130361       p->nSelectRow = 320;  /* 4 billion rows */
129933 130362     }
129934 130363     computeLimitRegisters(pParse, p, iEnd);
129935 130364     if( p->iLimit==0 && sSort.addrSortIndex>=0 ){
129936 130365       sqlite3VdbeChangeOpcode(v, sSort.addrSortIndex, OP_SorterOpen);
129937 130366       sSort.sortFlags |= SORTFLAG_UseSorter;
................................................................................
129990 130419       if( sSort.addrSortIndex>=0 && sSort.pOrderBy==0 ){
129991 130420         sqlite3VdbeChangeToNoop(v, sSort.addrSortIndex);
129992 130421       }
129993 130422   
129994 130423       assert( p->pEList==pEList );
129995 130424   #ifndef SQLITE_OMIT_WINDOWFUNC
129996 130425       if( pWin ){
129997         -      int addrGosub = sqlite3VdbeMakeLabel(v);
129998         -      int iCont = sqlite3VdbeMakeLabel(v);
129999         -      int iBreak = sqlite3VdbeMakeLabel(v);
       130426  +      int addrGosub = sqlite3VdbeMakeLabel(pParse);
       130427  +      int iCont = sqlite3VdbeMakeLabel(pParse);
       130428  +      int iBreak = sqlite3VdbeMakeLabel(pParse);
130000 130429         int regGosub = ++pParse->nMem;
130001 130430   
130002 130431         sqlite3WindowCodeStep(pParse, p, pWInfo, regGosub, addrGosub);
130003 130432   
130004 130433         sqlite3VdbeAddOp2(v, OP_Goto, 0, iBreak);
130005 130434         sqlite3VdbeResolveLabel(v, addrGosub);
130006 130435         VdbeNoopComment((v, "inner-loop subroutine"));
................................................................................
130067 130496       ** ORDER BY and GROUP BY clauses are the same by setting the orderByGrp
130068 130497       ** variable.  */
130069 130498       if( sqlite3ExprListCompare(pGroupBy, sSort.pOrderBy, -1)==0 ){
130070 130499         orderByGrp = 1;
130071 130500       }
130072 130501    
130073 130502       /* Create a label to jump to when we want to abort the query */
130074         -    addrEnd = sqlite3VdbeMakeLabel(v);
       130503  +    addrEnd = sqlite3VdbeMakeLabel(pParse);
130075 130504   
130076 130505       /* Convert TK_COLUMN nodes into TK_AGG_COLUMN and make entries in
130077 130506       ** sAggInfo for all TK_AGG_FUNCTION nodes in expressions of the
130078 130507       ** SELECT statement.
130079 130508       */
130080 130509       memset(&sNC, 0, sizeof(sNC));
130081 130510       sNC.pParse = pParse;
................................................................................
130156 130585             0, (char*)pKeyInfo, P4_KEYINFO);
130157 130586   
130158 130587         /* Initialize memory locations used by GROUP BY aggregate processing
130159 130588         */
130160 130589         iUseFlag = ++pParse->nMem;
130161 130590         iAbortFlag = ++pParse->nMem;
130162 130591         regOutputRow = ++pParse->nMem;
130163         -      addrOutputRow = sqlite3VdbeMakeLabel(v);
       130592  +      addrOutputRow = sqlite3VdbeMakeLabel(pParse);
130164 130593         regReset = ++pParse->nMem;
130165         -      addrReset = sqlite3VdbeMakeLabel(v);
       130594  +      addrReset = sqlite3VdbeMakeLabel(pParse);
130166 130595         iAMem = pParse->nMem + 1;
130167 130596         pParse->nMem += pGroupBy->nExpr;
130168 130597         iBMem = pParse->nMem + 1;
130169 130598         pParse->nMem += pGroupBy->nExpr;
130170 130599         sqlite3VdbeAddOp2(v, OP_Integer, 0, iAbortFlag);
130171 130600         VdbeComment((v, "clear abort flag"));
130172 130601         sqlite3VdbeAddOp3(v, OP_Null, 0, iAMem, iAMem+pGroupBy->nExpr-1);
................................................................................
131445 131874     Parse *pParse,       /* The parsing context */
131446 131875     TriggerStep *pStep   /* The trigger containing the target token */
131447 131876   ){
131448 131877     sqlite3 *db = pParse->db;
131449 131878     int iDb;             /* Index of the database to use */
131450 131879     SrcList *pSrc;       /* SrcList to be returned */
131451 131880   
131452         -  pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
       131881  +  pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
131453 131882     if( pSrc ){
131454 131883       assert( pSrc->nSrc>0 );
131455 131884       pSrc->a[pSrc->nSrc-1].zName = sqlite3DbStrDup(db, pStep->zTarget);
131456 131885       iDb = sqlite3SchemaToIndex(db, pStep->pTrig->pSchema);
131457 131886       if( iDb==0 || iDb>=2 ){
131458 131887         const char *zDb;
131459 131888         assert( iDb<db->nDb );
................................................................................
131630 132059     sNC.pParse = pSubParse;
131631 132060     pSubParse->db = db;
131632 132061     pSubParse->pTriggerTab = pTab;
131633 132062     pSubParse->pToplevel = pTop;
131634 132063     pSubParse->zAuthContext = pTrigger->zName;
131635 132064     pSubParse->eTriggerOp = pTrigger->op;
131636 132065     pSubParse->nQueryLoop = pParse->nQueryLoop;
       132066  +  pSubParse->disableVtab = pParse->disableVtab;
131637 132067   
131638 132068     v = sqlite3GetVdbe(pSubParse);
131639 132069     if( v ){
131640 132070       VdbeComment((v, "Start: %s.%s (%s %s%s%s ON %s)", 
131641 132071         pTrigger->zName, onErrorText(orconf),
131642 132072         (pTrigger->tr_tm==TRIGGER_BEFORE ? "BEFORE" : "AFTER"),
131643 132073           (pTrigger->op==TK_UPDATE ? "UPDATE" : ""),
................................................................................
131657 132087       ** (or NULL) the sub-vdbe is immediately halted by jumping to the 
131658 132088       ** OP_Halt inserted at the end of the program.  */
131659 132089       if( pTrigger->pWhen ){
131660 132090         pWhen = sqlite3ExprDup(db, pTrigger->pWhen, 0);
131661 132091         if( SQLITE_OK==sqlite3ResolveExprNames(&sNC, pWhen) 
131662 132092          && db->mallocFailed==0 
131663 132093         ){
131664         -        iEndTrigger = sqlite3VdbeMakeLabel(v);
       132094  +        iEndTrigger = sqlite3VdbeMakeLabel(pSubParse);
131665 132095           sqlite3ExprIfFalse(pSubParse, pWhen, iEndTrigger, SQLITE_JUMPIFNULL);
131666 132096         }
131667 132097         sqlite3ExprDelete(db, pWhen);
131668 132098       }
131669 132099   
131670 132100       /* Code the trigger program into the sub-vdbe. */
131671 132101       codeTriggerProgram(pSubParse, pTrigger->step_list, orconf);
................................................................................
132256 132686   
132257 132687     hasFK = sqlite3FkRequired(pParse, pTab, aXRef, chngKey);
132258 132688   
132259 132689     /* There is one entry in the aRegIdx[] array for each index on the table
132260 132690     ** being updated.  Fill in aRegIdx[] with a register number that will hold
132261 132691     ** the key for accessing each index.
132262 132692     */
       132693  +  if( onError==OE_Replace ) bReplace = 1;
132263 132694     for(j=0, pIdx=pTab->pIndex; pIdx; pIdx=pIdx->pNext, j++){
132264 132695       int reg;
132265 132696       if( chngKey || hasFK>1 || pIdx==pPk
132266 132697        || indexWhereClauseMightChange(pIdx,aXRef,chngRowid)
132267 132698       ){
132268 132699         reg = ++pParse->nMem;
132269 132700         pParse->nMem += pIdx->nColumn;
132270 132701       }else{
132271 132702         reg = 0;
132272 132703         for(i=0; i<pIdx->nKeyCol; i++){
132273 132704           if( indexColumnIsBeingUpdated(pIdx, i, aXRef, chngRowid) ){
132274 132705             reg = ++pParse->nMem;
132275 132706             pParse->nMem += pIdx->nColumn;
132276         -          if( (onError==OE_Replace)
132277         -           || (onError==OE_Default && pIdx->onError==OE_Replace) 
132278         -          ){
       132707  +          if( onError==OE_Default && pIdx->onError==OE_Replace ){
132279 132708               bReplace = 1;
132280 132709             }
132281 132710             break;
132282 132711           }
132283 132712         }
132284 132713       }
132285 132714       if( reg==0 ) aToOpen[j+1] = 0;
................................................................................
132343 132772       updateVirtualTable(pParse, pTabList, pTab, pChanges, pRowidExpr, aXRef,
132344 132773                          pWhere, onError);
132345 132774       goto update_cleanup;
132346 132775     }
132347 132776   #endif
132348 132777   
132349 132778     /* Jump to labelBreak to abandon further processing of this UPDATE */
132350         -  labelContinue = labelBreak = sqlite3VdbeMakeLabel(v);
       132779  +  labelContinue = labelBreak = sqlite3VdbeMakeLabel(pParse);
132351 132780   
132352 132781     /* Not an UPSERT.  Normal processing.  Begin by
132353 132782     ** initialize the count of updated rows */
132354 132783     if( (db->flags&SQLITE_CountRows)!=0
132355 132784      && !pParse->pTriggerTab
132356 132785      && !pParse->nested
132357 132786      && pUpsert==0
................................................................................
132478 132907       if( eOnePass!=ONEPASS_OFF ){
132479 132908         if( !isView && aiCurOnePass[0]!=iDataCur && aiCurOnePass[1]!=iDataCur ){
132480 132909           assert( pPk );
132481 132910           sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelBreak, regKey,nKey);
132482 132911           VdbeCoverage(v);
132483 132912         }
132484 132913         if( eOnePass!=ONEPASS_SINGLE ){
132485         -        labelContinue = sqlite3VdbeMakeLabel(v);
       132914  +        labelContinue = sqlite3VdbeMakeLabel(pParse);
132486 132915         }
132487 132916         sqlite3VdbeAddOp2(v, OP_IsNull, pPk ? regKey : regOldRowid, labelBreak);
132488 132917         VdbeCoverageIf(v, pPk==0);
132489 132918         VdbeCoverageIf(v, pPk!=0);
132490 132919       }else if( pPk ){
132491         -      labelContinue = sqlite3VdbeMakeLabel(v);
       132920  +      labelContinue = sqlite3VdbeMakeLabel(pParse);
132492 132921         sqlite3VdbeAddOp2(v, OP_Rewind, iEph, labelBreak); VdbeCoverage(v);
132493 132922         addrTop = sqlite3VdbeAddOp2(v, OP_RowData, iEph, regKey);
132494 132923         sqlite3VdbeAddOp4Int(v, OP_NotFound, iDataCur, labelContinue, regKey, 0);
132495 132924         VdbeCoverage(v);
132496 132925       }else{
132497 132926         labelContinue = sqlite3VdbeAddOp3(v, OP_RowSetRead, regRowSet,labelBreak,
132498 132927                                  regOldRowid);
................................................................................
133252 133681   ** the copy of step (3) were replaced by deleting the original database
133253 133682   ** and renaming the transient database as the original.  But that will
133254 133683   ** not work if other processes are attached to the original database.
133255 133684   ** And a power loss in between deleting the original and renaming the
133256 133685   ** transient would cause the database file to appear to be deleted
133257 133686   ** following reboot.
133258 133687   */
133259         -SQLITE_PRIVATE void sqlite3Vacuum(Parse *pParse, Token *pNm){
       133688  +SQLITE_PRIVATE void sqlite3Vacuum(Parse *pParse, Token *pNm, Expr *pInto){
133260 133689     Vdbe *v = sqlite3GetVdbe(pParse);
133261 133690     int iDb = 0;
133262         -  if( v==0 ) return;
       133691  +  if( v==0 ) goto build_vacuum_end;
133263 133692     if( pNm ){
133264 133693   #ifndef SQLITE_BUG_COMPATIBLE_20160819
133265 133694       /* Default behavior:  Report an error if the argument to VACUUM is
133266 133695       ** not recognized */
133267 133696       iDb = sqlite3TwoPartName(pParse, pNm, pNm, &pNm);
133268         -    if( iDb<0 ) return;
       133697  +    if( iDb<0 ) goto build_vacuum_end;
133269 133698   #else
133270 133699       /* When SQLITE_BUG_COMPATIBLE_20160819 is defined, unrecognized arguments
133271 133700       ** to VACUUM are silently ignored.  This is a back-out of a bug fix that
133272 133701       ** occurred on 2016-08-19 (https://www.sqlite.org/src/info/083f9e6270).
133273 133702       ** The buggy behavior is required for binary compatibility with some
133274 133703       ** legacy applications. */
133275 133704       iDb = sqlite3FindDb(pParse->db, pNm);
133276 133705       if( iDb<0 ) iDb = 0;
133277 133706   #endif
133278 133707     }
133279 133708     if( iDb!=1 ){
133280         -    sqlite3VdbeAddOp1(v, OP_Vacuum, iDb);
       133709  +    int iIntoReg = 0;
       133710  +    if( pInto && sqlite3ResolveSelfReference(pParse,0,0,pInto,0)==0 ){
       133711  +      iIntoReg = ++pParse->nMem;
       133712  +      sqlite3ExprCode(pParse, pInto, iIntoReg);
       133713  +    }
       133714  +    sqlite3VdbeAddOp2(v, OP_Vacuum, iDb, iIntoReg);
133281 133715       sqlite3VdbeUsesBtree(v, iDb);
133282 133716     }
       133717  +build_vacuum_end:
       133718  +  sqlite3ExprDelete(pParse->db, pInto);
133283 133719     return;
133284 133720   }
133285 133721   
133286 133722   /*
133287 133723   ** This routine implements the OP_Vacuum opcode of the VDBE.
133288 133724   */
133289         -SQLITE_PRIVATE int sqlite3RunVacuum(char **pzErrMsg, sqlite3 *db, int iDb){
       133725  +SQLITE_PRIVATE int sqlite3RunVacuum(
       133726  +  char **pzErrMsg,        /* Write error message here */
       133727  +  sqlite3 *db,            /* Database connection */
       133728  +  int iDb,                /* Which attached DB to vacuum */
       133729  +  sqlite3_value *pOut     /* Write results here, if not NULL */
       133730  +){
133290 133731     int rc = SQLITE_OK;     /* Return code from service routines */
133291 133732     Btree *pMain;           /* The database being vacuumed */
133292 133733     Btree *pTemp;           /* The temporary database we vacuum into */
133293         -  u16 saved_mDbFlags;     /* Saved value of db->mDbFlags */
133294         -  u32 saved_flags;        /* Saved value of db->flags */
       133734  +  u32 saved_mDbFlags;     /* Saved value of db->mDbFlags */
       133735  +  u64 saved_flags;        /* Saved value of db->flags */
133295 133736     int saved_nChange;      /* Saved value of db->nChange */
133296 133737     int saved_nTotalChange; /* Saved value of db->nTotalChange */
133297 133738     u8 saved_mTrace;        /* Saved trace settings */
133298 133739     Db *pDb = 0;            /* Database to detach at end of vacuum */
133299 133740     int isMemDb;            /* True if vacuuming a :memory: database */
133300 133741     int nRes;               /* Bytes of reserved space at the end of each page */
133301 133742     int nDb;                /* Number of attached databases */
133302 133743     const char *zDbMain;    /* Schema name of database to vacuum */
       133744  +  const char *zOut;       /* Name of output file */
133303 133745   
133304 133746     if( !db->autoCommit ){
133305 133747       sqlite3SetString(pzErrMsg, db, "cannot VACUUM from within a transaction");
133306 133748       return SQLITE_ERROR;
133307 133749     }
133308 133750     if( db->nVdbeActive>1 ){
133309 133751       sqlite3SetString(pzErrMsg, db,"cannot VACUUM - SQL statements in progress");
133310 133752       return SQLITE_ERROR;
133311 133753     }
       133754  +  if( pOut ){
       133755  +    if( sqlite3_value_type(pOut)!=SQLITE_TEXT ){
       133756  +      sqlite3SetString(pzErrMsg, db, "non-text filename");
       133757  +      return SQLITE_ERROR;
       133758  +    }
       133759  +    zOut = (const char*)sqlite3_value_text(pOut);
       133760  +  }else{
       133761  +    zOut = "";
       133762  +  }
133312 133763   
133313 133764     /* Save the current value of the database flags so that it can be 
133314 133765     ** restored before returning. Then set the writable-schema flag, and
133315 133766     ** disable CHECK and foreign key constraints.  */
133316 133767     saved_flags = db->flags;
133317 133768     saved_mDbFlags = db->mDbFlags;
133318 133769     saved_nChange = db->nChange;
133319 133770     saved_nTotalChange = db->nTotalChange;
133320 133771     saved_mTrace = db->mTrace;
133321 133772     db->flags |= SQLITE_WriteSchema | SQLITE_IgnoreChecks;
133322 133773     db->mDbFlags |= DBFLAG_PreferBuiltin | DBFLAG_Vacuum;
133323         -  db->flags &= ~(SQLITE_ForeignKeys | SQLITE_ReverseOrder
       133774  +  db->flags &= ~(u64)(SQLITE_ForeignKeys | SQLITE_ReverseOrder
133324 133775                      | SQLITE_Defensive | SQLITE_CountRows);
133325 133776     db->mTrace = 0;
133326 133777   
133327 133778     zDbMain = db->aDb[iDb].zDbSName;
133328 133779     pMain = db->aDb[iDb].pBt;
133329 133780     isMemDb = sqlite3PagerIsMemdb(sqlite3BtreePager(pMain));
133330 133781   
................................................................................
133339 133790     ** that actually made the VACUUM run slower.  Very little journalling
133340 133791     ** actually occurs when doing a vacuum since the vacuum_db is initially
133341 133792     ** empty.  Only the journal header is written.  Apparently it takes more
133342 133793     ** time to parse and run the PRAGMA to turn journalling off than it does
133343 133794     ** to write the journal header file.
133344 133795     */
133345 133796     nDb = db->nDb;
133346         -  rc = execSql(db, pzErrMsg, "ATTACH''AS vacuum_db");
       133797  +  rc = execSqlF(db, pzErrMsg, "ATTACH %Q AS vacuum_db", zOut);
133347 133798     if( rc!=SQLITE_OK ) goto end_of_vacuum;
133348 133799     assert( (db->nDb-1)==nDb );
133349 133800     pDb = &db->aDb[nDb];
133350 133801     assert( strcmp(pDb->zDbSName,"vacuum_db")==0 );
133351 133802     pTemp = pDb->pBt;
133352         -
133353         -  /* The call to execSql() to attach the temp database has left the file
133354         -  ** locked (as there was more than one active statement when the transaction
133355         -  ** to read the schema was concluded. Unlock it here so that this doesn't
133356         -  ** cause problems for the call to BtreeSetPageSize() below.  */
133357         -  sqlite3BtreeCommit(pTemp);
133358         -
       133803  +  if( pOut ){
       133804  +    sqlite3_file *id = sqlite3PagerFile(sqlite3BtreePager(pTemp));
       133805  +    i64 sz = 0;
       133806  +    if( id->pMethods!=0 && (sqlite3OsFileSize(id, &sz)!=SQLITE_OK || sz>0) ){
       133807  +      rc = SQLITE_ERROR;
       133808  +      sqlite3SetString(pzErrMsg, db, "output file already exists");
       133809  +      goto end_of_vacuum;
       133810  +    }
       133811  +  }
133359 133812     nRes = sqlite3BtreeGetOptimalReserve(pMain);
133360 133813   
133361 133814     /* A VACUUM cannot change the pagesize of an encrypted database. */
133362 133815   #ifdef SQLITE_HAS_CODEC
133363 133816     if( db->nextPagesize ){
133364 133817       extern void sqlite3CodecGetKey(sqlite3*, int, void**, int*);
133365 133818       int nKey;
................................................................................
133375 133828   
133376 133829     /* Begin a transaction and take an exclusive lock on the main database
133377 133830     ** file. This is done before the sqlite3BtreeGetPageSize(pMain) call below,
133378 133831     ** to ensure that we do not try to change the page-size on a WAL database.
133379 133832     */
133380 133833     rc = execSql(db, pzErrMsg, "BEGIN");
133381 133834     if( rc!=SQLITE_OK ) goto end_of_vacuum;
133382         -  rc = sqlite3BtreeBeginTrans(pMain, 2, 0);
       133835  +  rc = sqlite3BtreeBeginTrans(pMain, pOut==0 ? 2 : 0, 0);
133383 133836     if( rc!=SQLITE_OK ) goto end_of_vacuum;
133384 133837   
133385 133838     /* Do not attempt to change the page size for a WAL database */
133386 133839     if( sqlite3PagerGetJournalMode(sqlite3BtreePager(pMain))
133387 133840                                                  ==PAGER_JOURNALMODE_WAL ){
133388 133841       db->nextPagesize = 0;
133389 133842     }
................................................................................
133470 133923          BTREE_DEFAULT_CACHE_SIZE, 0,  /* Preserve the default page cache size */
133471 133924          BTREE_TEXT_ENCODING,      0,  /* Preserve the text encoding */
133472 133925          BTREE_USER_VERSION,       0,  /* Preserve the user version */
133473 133926          BTREE_APPLICATION_ID,     0,  /* Preserve the application id */
133474 133927       };
133475 133928   
133476 133929       assert( 1==sqlite3BtreeIsInTrans(pTemp) );
133477         -    assert( 1==sqlite3BtreeIsInTrans(pMain) );
       133930  +    assert( pOut!=0 || 1==sqlite3BtreeIsInTrans(pMain) );
133478 133931   
133479 133932       /* Copy Btree meta values */
133480 133933       for(i=0; i<ArraySize(aCopy); i+=2){
133481 133934         /* GetMeta() and UpdateMeta() cannot fail in this context because
133482 133935         ** we already have page 1 loaded into cache and marked dirty. */
133483 133936         sqlite3BtreeGetMeta(pMain, aCopy[i], &meta);
133484 133937         rc = sqlite3BtreeUpdateMeta(pTemp, aCopy[i], meta+aCopy[i+1]);
133485 133938         if( NEVER(rc!=SQLITE_OK) ) goto end_of_vacuum;
133486 133939       }
133487 133940   
133488         -    rc = sqlite3BtreeCopyFile(pMain, pTemp);
       133941  +    if( pOut==0 ){
       133942  +      rc = sqlite3BtreeCopyFile(pMain, pTemp);
       133943  +    }
133489 133944       if( rc!=SQLITE_OK ) goto end_of_vacuum;
133490 133945       rc = sqlite3BtreeCommit(pTemp);
133491 133946       if( rc!=SQLITE_OK ) goto end_of_vacuum;
133492 133947   #ifndef SQLITE_OMIT_AUTOVACUUM
133493         -    sqlite3BtreeSetAutoVacuum(pMain, sqlite3BtreeGetAutoVacuum(pTemp));
       133948  +    if( pOut==0 ){
       133949  +      sqlite3BtreeSetAutoVacuum(pMain, sqlite3BtreeGetAutoVacuum(pTemp));
       133950  +    }
133494 133951   #endif
133495 133952     }
133496 133953   
133497 133954     assert( rc==SQLITE_OK );
133498         -  rc = sqlite3BtreeSetPageSize(pMain, sqlite3BtreeGetPageSize(pTemp), nRes,1);
       133955  +  if( pOut==0 ){
       133956  +    rc = sqlite3BtreeSetPageSize(pMain, sqlite3BtreeGetPageSize(pTemp), nRes,1);
       133957  +  }
133499 133958   
133500 133959   end_of_vacuum:
133501 133960     /* Restore the original value of db->flags */
133502 133961     db->init.iDb = 0;
133503 133962     db->mDbFlags = saved_mDbFlags;
133504 133963     db->flags = saved_flags;
133505 133964     db->nChange = saved_nChange;
................................................................................
134532 134991     if( db->aVTrans ){
134533 134992       int i;
134534 134993       for(i=0; rc==SQLITE_OK && i<db->nVTrans; i++){
134535 134994         VTable *pVTab = db->aVTrans[i];
134536 134995         const sqlite3_module *pMod = pVTab->pMod->pModule;
134537 134996         if( pVTab->pVtab && pMod->iVersion>=2 ){
134538 134997           int (*xMethod)(sqlite3_vtab *, int);
       134998  +        sqlite3VtabLock(pVTab);
134539 134999           switch( op ){
134540 135000             case SAVEPOINT_BEGIN:
134541 135001               xMethod = pMod->xSavepoint;
134542 135002               pVTab->iSavepoint = iSavepoint+1;
134543 135003               break;
134544 135004             case SAVEPOINT_ROLLBACK:
134545 135005               xMethod = pMod->xRollbackTo;
................................................................................
134547 135007             default:
134548 135008               xMethod = pMod->xRelease;
134549 135009               break;
134550 135010           }
134551 135011           if( xMethod && pVTab->iSavepoint>iSavepoint ){
134552 135012             rc = xMethod(pVTab->pVtab, iSavepoint);
134553 135013           }
       135014  +        sqlite3VtabUnlock(pVTab);
134554 135015         }
134555 135016       }
134556 135017     }
134557 135018     return rc;
134558 135019   }
134559 135020   
134560 135021   /*
................................................................................
135308 135769     WhereLevel *pLvl,               /* Level to add scanstatus() entry for */
135309 135770     int addrExplain                 /* Address of OP_Explain (or 0) */
135310 135771   );
135311 135772   #else
135312 135773   # define sqlite3WhereAddScanStatus(a, b, c, d) ((void)d)
135313 135774   #endif
135314 135775   SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
       135776  +  Parse *pParse,       /* Parsing context */
       135777  +  Vdbe *v,             /* Prepared statement under construction */
135315 135778     WhereInfo *pWInfo,   /* Complete information about the WHERE clause */
135316 135779     int iLevel,          /* Which level of pWInfo->a[] should be coded */
       135780  +  WhereLevel *pLevel,  /* The current level pointer */
135317 135781     Bitmask notReady     /* Which tables are currently available */
135318 135782   );
135319 135783   
135320 135784   /* whereexpr.c: */
135321 135785   SQLITE_PRIVATE void sqlite3WhereClauseInit(WhereClause*,WhereInfo*);
135322 135786   SQLITE_PRIVATE void sqlite3WhereClauseClear(WhereClause*);
135323 135787   SQLITE_PRIVATE void sqlite3WhereSplit(WhereClause*,Expr*,u8);
................................................................................
135579 136043         sqlite3_str_appendf(&str, " (~%llu rows)",
135580 136044                sqlite3LogEstToInt(pLoop->nOut));
135581 136045       }else{
135582 136046         sqlite3_str_append(&str, " (~1 row)", 9);
135583 136047       }
135584 136048   #endif
135585 136049       zMsg = sqlite3StrAccumFinish(&str);
       136050  +    sqlite3ExplainBreakpoint("",zMsg);
135586 136051       ret = sqlite3VdbeAddOp4(v, OP_Explain, sqlite3VdbeCurrentAddr(v),
135587 136052                               pParse->addrExplain, 0, zMsg,P4_DYNAMIC);
135588 136053     }
135589 136054     return ret;
135590 136055   }
135591 136056   #endif /* SQLITE_OMIT_EXPLAIN */
135592 136057   
................................................................................
135904 136369         }
135905 136370       }
135906 136371       for(i=iEq;i<pLoop->nLTerm; i++){
135907 136372         assert( pLoop->aLTerm[i]!=0 );
135908 136373         if( pLoop->aLTerm[i]->pExpr==pX ) nEq++;
135909 136374       }
135910 136375   
       136376  +    iTab = 0;
135911 136377       if( (pX->flags & EP_xIsSelect)==0 || pX->x.pSelect->pEList->nExpr==1 ){
135912         -      eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, 0);
       136378  +      eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, 0, &iTab);
135913 136379       }else{
135914 136380         sqlite3 *db = pParse->db;
135915 136381         pX = removeUnindexableInClauseTerms(pParse, iEq, pLoop, pX);
135916 136382   
135917 136383         if( !db->mallocFailed ){
135918 136384           aiMap = (int*)sqlite3DbMallocZero(pParse->db, sizeof(int)*nEq);
135919         -        eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, aiMap);
135920         -        pTerm->pExpr->iTable = pX->iTable;
       136385  +        eType = sqlite3FindInIndex(pParse, pX, IN_INDEX_LOOP, 0, aiMap, &iTab);
       136386  +        pTerm->pExpr->iTable = iTab;
135921 136387         }
135922 136388         sqlite3ExprDelete(db, pX);
135923 136389         pX = pTerm->pExpr;
135924 136390       }
135925 136391   
135926 136392       if( eType==IN_INDEX_INDEX_DESC ){
135927 136393         testcase( bRev );
135928 136394         bRev = !bRev;
135929 136395       }
135930         -    iTab = pX->iTable;
135931 136396       sqlite3VdbeAddOp2(v, bRev ? OP_Last : OP_Rewind, iTab, 0);
135932 136397       VdbeCoverageIf(v, bRev);
135933 136398       VdbeCoverageIf(v, !bRev);
135934 136399       assert( (pLoop->wsFlags & WHERE_MULTI_OR)==0 );
135935 136400   
135936 136401       pLoop->wsFlags |= WHERE_IN_ABLE;
135937 136402       if( pLevel->u.in.nIn==0 ){
135938         -      pLevel->addrNxt = sqlite3VdbeMakeLabel(v);
       136403  +      pLevel->addrNxt = sqlite3VdbeMakeLabel(pParse);
135939 136404       }
135940 136405   
135941 136406       i = pLevel->u.in.nIn;
135942 136407       pLevel->u.in.nIn += nEq;
135943 136408       pLevel->u.in.aInLoop =
135944 136409          sqlite3DbReallocOrFree(pParse->db, pLevel->u.in.aInLoop,
135945 136410                                 sizeof(pLevel->u.in.aInLoop[0])*pLevel->u.in.nIn);
................................................................................
136442 136907   */
136443 136908   static void codeExprOrVector(Parse *pParse, Expr *p, int iReg, int nReg){
136444 136909     assert( nReg>0 );
136445 136910     if( p && sqlite3ExprIsVector(p) ){
136446 136911   #ifndef SQLITE_OMIT_SUBQUERY
136447 136912       if( (p->flags & EP_xIsSelect) ){
136448 136913         Vdbe *v = pParse->pVdbe;
136449         -      int iSelect = sqlite3CodeSubselect(pParse, p, 0, 0);
       136914  +      int iSelect;
       136915  +      assert( p->op==TK_SELECT );
       136916  +      iSelect = sqlite3CodeSubselect(pParse, p);
136450 136917         sqlite3VdbeAddOp3(v, OP_Copy, iSelect, iReg, nReg-1);
136451 136918       }else
136452 136919   #endif
136453 136920       {
136454 136921         int i;
136455 136922         ExprList *pList = p->x.pList;
136456 136923         assert( nReg<=pList->nExpr );
................................................................................
136528 136995   }
136529 136996   
136530 136997   /*
136531 136998   ** Generate code for the start of the iLevel-th loop in the WHERE clause
136532 136999   ** implementation described by pWInfo.
136533 137000   */
136534 137001   SQLITE_PRIVATE Bitmask sqlite3WhereCodeOneLoopStart(
       137002  +  Parse *pParse,       /* Parsing context */
       137003  +  Vdbe *v,             /* Prepared statement under construction */
136535 137004     WhereInfo *pWInfo,   /* Complete information about the WHERE clause */
136536 137005     int iLevel,          /* Which level of pWInfo->a[] should be coded */
       137006  +  WhereLevel *pLevel,  /* The current level pointer */
136537 137007     Bitmask notReady     /* Which tables are currently available */
136538 137008   ){
136539 137009     int j, k;            /* Loop counters */
136540 137010     int iCur;            /* The VDBE cursor for the table */
136541 137011     int addrNxt;         /* Where to jump to continue with the next IN case */
136542         -  int omitTable;       /* True if we use the index only */
136543 137012     int bRev;            /* True if we need to scan in reverse order */
136544         -  WhereLevel *pLevel;  /* The where level to be coded */
136545 137013     WhereLoop *pLoop;    /* The WhereLoop object being coded */
136546 137014     WhereClause *pWC;    /* Decomposition of the entire WHERE clause */
136547 137015     WhereTerm *pTerm;               /* A WHERE clause term */
136548         -  Parse *pParse;                  /* Parsing context */
136549 137016     sqlite3 *db;                    /* Database connection */
136550         -  Vdbe *v;                        /* The prepared stmt under constructions */
136551 137017     struct SrcList_item *pTabItem;  /* FROM clause term being coded */
136552 137018     int addrBrk;                    /* Jump here to break out of the loop */
136553 137019     int addrHalt;                   /* addrBrk for the outermost loop */
136554 137020     int addrCont;                   /* Jump here to continue with next cycle */
136555 137021     int iRowidReg = 0;        /* Rowid is stored in this register, if not zero */
136556 137022     int iReleaseReg = 0;      /* Temp register to free before returning */
136557 137023     Index *pIdx = 0;          /* Index used by loop (if any) */
136558 137024     int iLoop;                /* Iteration of constraint generator loop */
136559 137025   
136560         -  pParse = pWInfo->pParse;
136561         -  v = pParse->pVdbe;
136562 137026     pWC = &pWInfo->sWC;
136563 137027     db = pParse->db;
136564         -  pLevel = &pWInfo->a[iLevel];
136565 137028     pLoop = pLevel->pWLoop;
136566 137029     pTabItem = &pWInfo->pTabList->a[pLevel->iFrom];
136567 137030     iCur = pTabItem->iCursor;
136568 137031     pLevel->notReady = notReady & ~sqlite3WhereGetMask(&pWInfo->sMaskSet, iCur);
136569 137032     bRev = (pWInfo->revMask>>iLevel)&1;
136570         -  omitTable = (pLoop->wsFlags & WHERE_IDX_ONLY)!=0 
136571         -           && (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)==0;
136572 137033     VdbeModuleComment((v, "Begin WHERE-loop%d: %s",iLevel,pTabItem->pTab->zName));
136573 137034   
136574 137035     /* Create labels for the "break" and "continue" instructions
136575 137036     ** for the current loop.  Jump to addrBrk to break out of a loop.
136576 137037     ** Jump to cont to go immediately to the next iteration of the
136577 137038     ** loop.
136578 137039     **
136579 137040     ** When there is an IN operator, we also have a "addrNxt" label that
136580 137041     ** means to continue with the next IN value combination.  When
136581 137042     ** there are no IN operators in the constraints, the "addrNxt" label
136582 137043     ** is the same as "addrBrk".
136583 137044     */
136584         -  addrBrk = pLevel->addrBrk = pLevel->addrNxt = sqlite3VdbeMakeLabel(v);
136585         -  addrCont = pLevel->addrCont = sqlite3VdbeMakeLabel(v);
       137045  +  addrBrk = pLevel->addrBrk = pLevel->addrNxt = sqlite3VdbeMakeLabel(pParse);
       137046  +  addrCont = pLevel->addrCont = sqlite3VdbeMakeLabel(pParse);
136586 137047   
136587 137048     /* If this is the right table of a LEFT OUTER JOIN, allocate and
136588 137049     ** initialize a memory cell that records if this table matches any
136589 137050     ** row of the left table of the join.
136590 137051     */
136591 137052     assert( (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)
136592 137053          || pLevel->iFrom>0 || (pTabItem[0].fg.jointype & JT_LEFT)==0
................................................................................
136705 137166       **          we reference multiple rows using a "rowid IN (...)"
136706 137167       **          construct.
136707 137168       */
136708 137169       assert( pLoop->u.btree.nEq==1 );
136709 137170       pTerm = pLoop->aLTerm[0];
136710 137171       assert( pTerm!=0 );
136711 137172       assert( pTerm->pExpr!=0 );
136712         -    assert( omitTable==0 );
136713 137173       testcase( pTerm->wtFlags & TERM_VIRTUAL );
136714 137174       iReleaseReg = ++pParse->nMem;
136715 137175       iRowidReg = codeEqualityTerm(pParse, pTerm, pLevel, 0, bRev, iReleaseReg);
136716 137176       if( iRowidReg!=iReleaseReg ) sqlite3ReleaseTempReg(pParse, iReleaseReg);
136717 137177       addrNxt = pLevel->addrNxt;
136718 137178       sqlite3VdbeAddOp3(v, OP_SeekRowid, iCur, addrNxt, iRowidReg);
136719 137179       VdbeCoverage(v);
................................................................................
136724 137184       /* Case 3:  We have an inequality comparison against the ROWID field.
136725 137185       */
136726 137186       int testOp = OP_Noop;
136727 137187       int start;
136728 137188       int memEndValue = 0;
136729 137189       WhereTerm *pStart, *pEnd;
136730 137190   
136731         -    assert( omitTable==0 );
136732 137191       j = 0;
136733 137192       pStart = pEnd = 0;
136734 137193       if( pLoop->wsFlags & WHERE_BTM_LIMIT ) pStart = pLoop->aLTerm[j++];
136735 137194       if( pLoop->wsFlags & WHERE_TOP_LIMIT ) pEnd = pLoop->aLTerm[j++];
136736 137195       assert( pStart!=0 || pEnd!=0 );
136737 137196       if( bRev ){
136738 137197         pTerm = pStart;
................................................................................
136888 137347       int iIdxCur;                 /* The VDBE cursor for the index */
136889 137348       int nExtraReg = 0;           /* Number of extra registers needed */
136890 137349       int op;                      /* Instruction opcode */
136891 137350       char *zStartAff;             /* Affinity for start of range constraint */
136892 137351       char *zEndAff = 0;           /* Affinity for end of range constraint */
136893 137352       u8 bSeekPastNull = 0;        /* True to seek past initial nulls */
136894 137353       u8 bStopAtNull = 0;          /* Add condition to terminate at NULLs */
       137354  +    int omitTable;               /* True if we use the index only */
       137355  +
136895 137356   
136896 137357       pIdx = pLoop->u.btree.pIndex;
136897 137358       iIdxCur = pLevel->iIdxCur;
136898 137359       assert( nEq>=pLoop->nSkip );
136899 137360   
136900 137361       /* If this loop satisfies a sort order (pOrderBy) request that 
136901 137362       ** was passed to this function to implement a "SELECT min(x) ..." 
................................................................................
137089 137550       }
137090 137551   
137091 137552       if( pLoop->wsFlags & WHERE_IN_EARLYOUT ){
137092 137553         sqlite3VdbeAddOp2(v, OP_SeekHit, iIdxCur, 1);
137093 137554       }
137094 137555   
137095 137556       /* Seek the table cursor, if required */
       137557  +    omitTable = (pLoop->wsFlags & WHERE_IDX_ONLY)!=0 
       137558  +           && (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)==0;
137096 137559       if( omitTable ){
137097 137560         /* pIdx is a covering index.  No need to access the main table. */
137098 137561       }else if( HasRowid(pIdx->pTable) ){
137099 137562         if( (pWInfo->wctrlFlags & WHERE_SEEK_TABLE) || (
137100 137563             (pWInfo->wctrlFlags & WHERE_SEEK_UNIQ_TABLE) 
137101 137564          && (pWInfo->eOnePass==ONEPASS_SINGLE)
137102 137565         )){
................................................................................
137199 137662       SrcList *pOrTab;       /* Shortened table list or OR-clause generation */
137200 137663       Index *pCov = 0;             /* Potential covering index (or NULL) */
137201 137664       int iCovCur = pParse->nTab++;  /* Cursor used for index scans (if any) */
137202 137665   
137203 137666       int regReturn = ++pParse->nMem;           /* Register used with OP_Gosub */
137204 137667       int regRowset = 0;                        /* Register for RowSet object */
137205 137668       int regRowid = 0;                         /* Register holding rowid */
137206         -    int iLoopBody = sqlite3VdbeMakeLabel(v);  /* Start of loop body */
       137669  +    int iLoopBody = sqlite3VdbeMakeLabel(pParse);/* Start of loop body */
137207 137670       int iRetInit;                             /* Address of regReturn init */
137208 137671       int untestedTerms = 0;             /* Some terms not completely tested */
137209 137672       int ii;                            /* Loop counter */
137210 137673       u16 wctrlFlags;                    /* Flags for sub-WHERE clause */
137211 137674       Expr *pAndExpr = 0;                /* An ".. AND (...)" expression */
137212 137675       Table *pTab = pTabItem->pTab;
137213 137676   
................................................................................
137315 137778                || ExprHasProperty(pOrExpr, EP_FromJoin) 
137316 137779           );
137317 137780           if( pAndExpr ){
137318 137781             pAndExpr->pLeft = pOrExpr;
137319 137782             pOrExpr = pAndExpr;
137320 137783           }
137321 137784           /* Loop through table entries that match term pOrTerm. */
       137785  +        ExplainQueryPlan((pParse, 1, "INDEX %d", ii+1));
137322 137786           WHERETRACE(0xffff, ("Subplan for OR-clause:\n"));
137323 137787           pSubWInfo = sqlite3WhereBegin(pParse, pOrTab, pOrExpr, 0, 0,
137324 137788                                         wctrlFlags, iCovCur);
137325 137789           assert( pSubWInfo || pParse->nErr || db->mallocFailed );
137326 137790           if( pSubWInfo ){
137327 137791             WhereLoop *pSubLoop;
137328 137792             int addrExplain = sqlite3WhereExplainOneScan(
................................................................................
137418 137882               pCov = pSubLoop->u.btree.pIndex;
137419 137883             }else{
137420 137884               pCov = 0;
137421 137885             }
137422 137886   
137423 137887             /* Finish the loop through table entries that match term pOrTerm. */
137424 137888             sqlite3WhereEnd(pSubWInfo);
       137889  +          ExplainQueryPlanPop(pParse);
137425 137890           }
137426 137891         }
137427 137892       }
137428 137893       ExplainQueryPlanPop(pParse);
137429 137894       pLevel->u.pCovidx = pCov;
137430 137895       if( pCov ) pLevel->iIdxCur = iCovCur;
137431 137896       if( pAndExpr ){
................................................................................
138379 138844       /* Search for a table and column that appears on one side or the
138380 138845       ** other of the == operator in every subterm.  That table and column
138381 138846       ** will be recorded in iCursor and iColumn.  There might not be any
138382 138847       ** such table and column.  Set okToChngToIN if an appropriate table
138383 138848       ** and column is found but leave okToChngToIN false if not found.
138384 138849       */
138385 138850       for(j=0; j<2 && !okToChngToIN; j++){
       138851  +      Expr *pLeft = 0;
138386 138852         pOrTerm = pOrWc->a;
138387 138853         for(i=pOrWc->nTerm-1; i>=0; i--, pOrTerm++){
138388 138854           assert( pOrTerm->eOperator & WO_EQ );
138389 138855           pOrTerm->wtFlags &= ~TERM_OR_OK;
138390 138856           if( pOrTerm->leftCursor==iCursor ){
138391 138857             /* This is the 2-bit case and we are on the second iteration and
138392 138858             ** current term is from the first iteration.  So skip this term. */
................................................................................
138402 138868             testcase( pOrTerm->wtFlags & TERM_COPIED );
138403 138869             testcase( pOrTerm->wtFlags & TERM_VIRTUAL );
138404 138870             assert( pOrTerm->wtFlags & (TERM_COPIED|TERM_VIRTUAL) );
138405 138871             continue;
138406 138872           }
138407 138873           iColumn = pOrTerm->u.leftColumn;
138408 138874           iCursor = pOrTerm->leftCursor;
       138875  +        pLeft = pOrTerm->pExpr->pLeft;
138409 138876           break;
138410 138877         }
138411 138878         if( i<0 ){
138412 138879           /* No candidate table+column was found.  This can only occur
138413 138880           ** on the second iteration */
138414 138881           assert( j==1 );
138415 138882           assert( IsPowerOfTwo(chngToIN) );
................................................................................
138421 138888         /* We have found a candidate table and column.  Check to see if that
138422 138889         ** table and column is common to every term in the OR clause */
138423 138890         okToChngToIN = 1;
138424 138891         for(; i>=0 && okToChngToIN; i--, pOrTerm++){
138425 138892           assert( pOrTerm->eOperator & WO_EQ );
138426 138893           if( pOrTerm->leftCursor!=iCursor ){
138427 138894             pOrTerm->wtFlags &= ~TERM_OR_OK;
138428         -        }else if( pOrTerm->u.leftColumn!=iColumn ){
       138895  +        }else if( pOrTerm->u.leftColumn!=iColumn || (iColumn==XN_EXPR 
       138896  +               && sqlite3ExprCompare(pParse, pOrTerm->pExpr->pLeft, pLeft, -1)
       138897  +        )){
138429 138898             okToChngToIN = 0;
138430 138899           }else{
138431 138900             int affLeft, affRight;
138432 138901             /* If the right-hand side is also a column, then the affinities
138433 138902             ** of both right and left sides must be such that no type
138434 138903             ** conversions are required on the right.  (Ticket #2249)
138435 138904             */
................................................................................
139508 139977       if( pScan->iEquiv>=pScan->nEquiv ) break;
139509 139978       pWC = pScan->pOrigWC;
139510 139979       k = 0;
139511 139980       pScan->iEquiv++;
139512 139981     }
139513 139982     return 0;
139514 139983   }
       139984  +
       139985  +/*
       139986  +** This is whereScanInit() for the case of an index on an expression.
       139987  +** It is factored out into a separate tail-recursion subroutine so that
       139988  +** the normal whereScanInit() routine, which is a high-runner, does not
       139989  +** need to push registers onto the stack as part of its prologue.
       139990  +*/
       139991  +static SQLITE_NOINLINE WhereTerm *whereScanInitIndexExpr(WhereScan *pScan){
       139992  +  pScan->idxaff = sqlite3ExprAffinity(pScan->pIdxExpr);
       139993  +  return whereScanNext(pScan);
       139994  +}
139515 139995   
139516 139996   /*
139517 139997   ** Initialize a WHERE clause scanner object.  Return a pointer to the
139518 139998   ** first match.  Return NULL if there are no matches.
139519 139999   **
139520 140000   ** The scanner will be searching the WHERE clause pWC.  It will look
139521 140001   ** for terms of the form "X <op> <expr>" where X is column iColumn of table
................................................................................
139541 140021     Index *pIdx             /* Must be compatible with this index */
139542 140022   ){
139543 140023     pScan->pOrigWC = pWC;
139544 140024     pScan->pWC = pWC;
139545 140025     pScan->pIdxExpr = 0;
139546 140026     pScan->idxaff = 0;
139547 140027     pScan->zCollName = 0;
       140028  +  pScan->opMask = opMask;
       140029  +  pScan->k = 0;
       140030  +  pScan->aiCur[0] = iCur;
       140031  +  pScan->nEquiv = 1;
       140032  +  pScan->iEquiv = 1;
139548 140033     if( pIdx ){
139549 140034       int j = iColumn;
139550 140035       iColumn = pIdx->aiColumn[j];
139551 140036       if( iColumn==XN_EXPR ){
139552 140037         pScan->pIdxExpr = pIdx->aColExpr->a[j].pExpr;
139553 140038         pScan->zCollName = pIdx->azColl[j];
       140039  +      pScan->aiColumn[0] = XN_EXPR;
       140040  +      return whereScanInitIndexExpr(pScan);
139554 140041       }else if( iColumn==pIdx->pTable->iPKey ){
139555 140042         iColumn = XN_ROWID;
139556 140043       }else if( iColumn>=0 ){
139557 140044         pScan->idxaff = pIdx->pTable->aCol[iColumn].affinity;
139558 140045         pScan->zCollName = pIdx->azColl[j];
139559 140046       }
139560 140047     }else if( iColumn==XN_EXPR ){
139561 140048       return 0;
139562 140049     }
139563         -  pScan->opMask = opMask;
139564         -  pScan->k = 0;
139565         -  pScan->aiCur[0] = iCur;
139566 140050     pScan->aiColumn[0] = iColumn;
139567         -  pScan->nEquiv = 1;
139568         -  pScan->iEquiv = 1;
139569 140051     return whereScanNext(pScan);
139570 140052   }
139571 140053   
139572 140054   /*
139573 140055   ** Search for a term in the WHERE clause that is of the form "X <op> <expr>"
139574 140056   ** where X is a reference to the iColumn of table iCur or of index pIdx
139575 140057   ** if pIdx!=0 and <op> is one of the WO_xx operator codes specified by
................................................................................
140036 140518       addrTop =  sqlite3VdbeAddOp1(v, OP_Yield, regYield);
140037 140519       VdbeCoverage(v);
140038 140520       VdbeComment((v, "next row of %s", pTabItem->pTab->zName));
140039 140521     }else{
140040 140522       addrTop = sqlite3VdbeAddOp1(v, OP_Rewind, pLevel->iTabCur); VdbeCoverage(v);
140041 140523     }
140042 140524     if( pPartial ){
140043         -    iContinue = sqlite3VdbeMakeLabel(v);
       140525  +    iContinue = sqlite3VdbeMakeLabel(pParse);
140044 140526       sqlite3ExprIfFalse(pParse, pPartial, iContinue, SQLITE_JUMPIFNULL);
140045 140527       pLoop->wsFlags |= WHERE_PARTIALIDX;
140046 140528     }
140047 140529     regRecord = sqlite3GetTempReg(pParse);
140048 140530     regBase = sqlite3GenerateIndexKey(
140049 140531         pParse, pIdx, pLevel->iTabCur, regRecord, 0, 0, 0, 0
140050 140532     );
................................................................................
140053 140535     if( pPartial ) sqlite3VdbeResolveLabel(v, iContinue);
140054 140536     if( pTabItem->fg.viaCoroutine ){
140055 140537       sqlite3VdbeChangeP2(v, addrCounter, regBase+n);
140056 140538       testcase( pParse->db->mallocFailed );
140057 140539       translateColumnToCopy(pParse, addrTop, pLevel->iTabCur,
140058 140540                             pTabItem->regResult, 1);
140059 140541       sqlite3VdbeGoto(v, addrTop);
       140542  +    pTabItem->fg.viaCoroutine = 0;
140060 140543     }else{
140061 140544       sqlite3VdbeAddOp2(v, OP_Next, pLevel->iTabCur, addrTop+1); VdbeCoverage(v);
140062 140545     }
140063 140546     sqlite3VdbeChangeP5(v, SQLITE_STMTSTATUS_AUTOINDEX);
140064 140547     sqlite3VdbeJumpHere(v, addrTop);
140065 140548     sqlite3ReleaseTempReg(pParse, regRecord);
140066 140549     
................................................................................
141408 141891   #endif
141409 141892         whereLoopDelete(db, pToDel);
141410 141893       }
141411 141894     }
141412 141895     rc = whereLoopXfer(db, p, pTemplate);
141413 141896     if( (p->wsFlags & WHERE_VIRTUALTABLE)==0 ){
141414 141897       Index *pIndex = p->u.btree.pIndex;
141415         -    if( pIndex && pIndex->tnum==0 ){
       141898  +    if( pIndex && pIndex->idxType==SQLITE_IDXTYPE_IPK ){
141416 141899         p->u.btree.pIndex = 0;
141417 141900       }
141418 141901     }
141419 141902     return rc;
141420 141903   }
141421 141904   
141422 141905   /*
................................................................................
141575 142058   ** index pIndex. Try to match one more.
141576 142059   **
141577 142060   ** When this function is called, pBuilder->pNew->nOut contains the 
141578 142061   ** number of rows expected to be visited by filtering using the nEq 
141579 142062   ** terms only. If it is modified, this value is restored before this 
141580 142063   ** function returns.
141581 142064   **
141582         -** If pProbe->tnum==0, that means pIndex is a fake index used for the
141583         -** INTEGER PRIMARY KEY.
       142065  +** If pProbe->idxType==SQLITE_IDXTYPE_IPK, that means pIndex is 
       142066  +** a fake index used for the INTEGER PRIMARY KEY.
141584 142067   */
141585 142068   static int whereLoopAddBtreeIndex(
141586 142069     WhereLoopBuilder *pBuilder,     /* The WhereLoop factory */
141587 142070     struct SrcList_item *pSrc,      /* FROM clause term being analyzed */
141588 142071     Index *pProbe,                  /* An index on pSrc */
141589 142072     LogEst nInMul                   /* log(Number of iterations due to IN) */
141590 142073   ){
................................................................................
142076 142559       sPk.nKeyCol = 1;
142077 142560       sPk.nColumn = 1;
142078 142561       sPk.aiColumn = &aiColumnPk;
142079 142562       sPk.aiRowLogEst = aiRowEstPk;
142080 142563       sPk.onError = OE_Replace;
142081 142564       sPk.pTable = pTab;
142082 142565       sPk.szIdxRow = pTab->szTabRow;
       142566  +    sPk.idxType = SQLITE_IDXTYPE_IPK;
142083 142567       aiRowEstPk[0] = pTab->nRowLogEst;
142084 142568       aiRowEstPk[1] = 0;
142085 142569       pFirst = pSrc->pTab->pIndex;
142086 142570       if( pSrc->fg.notIndexed==0 ){
142087 142571         /* The real indices of the table are only considered if the
142088 142572         ** NOT INDEXED qualifier is omitted from the FROM clause */
142089 142573         sPk.pNext = pFirst;
................................................................................
142166 142650       pNew->rSetup = 0;
142167 142651       pNew->prereq = mPrereq;
142168 142652       pNew->nOut = rSize;
142169 142653       pNew->u.btree.pIndex = pProbe;
142170 142654       b = indexMightHelpWithOrderBy(pBuilder, pProbe, pSrc->iCursor);
142171 142655       /* The ONEPASS_DESIRED flags never occurs together with ORDER BY */
142172 142656       assert( (pWInfo->wctrlFlags & WHERE_ONEPASS_DESIRED)==0 || b==0 );
142173         -    if( pProbe->tnum<=0 ){
       142657  +    if( pProbe->idxType==SQLITE_IDXTYPE_IPK ){
142174 142658         /* Integer primary key index */
142175 142659         pNew->wsFlags = WHERE_IPK;
142176 142660   
142177 142661         /* Full table scan */
142178 142662         pNew->iSortIdx = b ? iSortIdx : 0;
142179 142663         /* TUNING: Cost of full table scan is (N*3.0). */
142180 142664         pNew->rRun = rSize + 16;
................................................................................
143842 144326     pWInfo->pParse = pParse;
143843 144327     pWInfo->pTabList = pTabList;
143844 144328     pWInfo->pOrderBy = pOrderBy;
143845 144329     pWInfo->pWhere = pWhere;
143846 144330     pWInfo->pResultSet = pResultSet;
143847 144331     pWInfo->aiCurOnePass[0] = pWInfo->aiCurOnePass[1] = -1;
143848 144332     pWInfo->nLevel = nTabList;
143849         -  pWInfo->iBreak = pWInfo->iContinue = sqlite3VdbeMakeLabel(v);
       144333  +  pWInfo->iBreak = pWInfo->iContinue = sqlite3VdbeMakeLabel(pParse);
143850 144334     pWInfo->wctrlFlags = wctrlFlags;
143851 144335     pWInfo->iLimit = iAuxArg;
143852 144336     pWInfo->savedNQueryLoop = pParse->nQueryLoop;
143853 144337     memset(&pWInfo->nOBSat, 0, 
143854 144338            offsetof(WhereInfo,sWC) - offsetof(WhereInfo,nOBSat));
143855 144339     memset(&pWInfo->a[0], 0, sizeof(WhereLoop)+nTabList*sizeof(WhereLevel));
143856 144340     assert( pWInfo->eOnePass==ONEPASS_OFF );  /* ONEPASS defaults to OFF */
................................................................................
144116 144600     ** use a one-pass approach, and this is not set accurately for scans
144117 144601     ** that use the OR optimization.
144118 144602     */
144119 144603     assert( (wctrlFlags & WHERE_ONEPASS_DESIRED)==0 || pWInfo->nLevel==1 );
144120 144604     if( (wctrlFlags & WHERE_ONEPASS_DESIRED)!=0 ){
144121 144605       int wsFlags = pWInfo->a[0].pWLoop->wsFlags;
144122 144606       int bOnerow = (wsFlags & WHERE_ONEROW)!=0;
       144607  +    assert( !(wsFlags & WHERE_VIRTUALTABLE) || IsVirtual(pTabList->a[0].pTab) );
144123 144608       if( bOnerow || (
144124 144609           0!=(wctrlFlags & WHERE_ONEPASS_MULTIROW)
144125         -     && 0==(wsFlags & WHERE_VIRTUALTABLE)
       144610  +     && !IsVirtual(pTabList->a[0].pTab)
144126 144611        && (0==(wsFlags & WHERE_MULTI_OR) || (wctrlFlags & WHERE_DUPLICATES_OK))
144127 144612       )){
144128 144613         pWInfo->eOnePass = bOnerow ? ONEPASS_SINGLE : ONEPASS_MULTI;
144129 144614         if( HasRowid(pTabList->a[0].pTab) && (wsFlags & WHERE_IDX_ONLY) ){
144130 144615           if( wctrlFlags & WHERE_ONEPASS_MULTIROW ){
144131 144616             bFordelete = OPFLAG_FORDELETE;
144132 144617           }
................................................................................
144273 144758         if( db->mallocFailed ) goto whereBeginError;
144274 144759       }
144275 144760   #endif
144276 144761       addrExplain = sqlite3WhereExplainOneScan(
144277 144762           pParse, pTabList, pLevel, wctrlFlags
144278 144763       );
144279 144764       pLevel->addrBody = sqlite3VdbeCurrentAddr(v);
144280         -    notReady = sqlite3WhereCodeOneLoopStart(pWInfo, ii, notReady);
       144765  +    notReady = sqlite3WhereCodeOneLoopStart(pParse,v,pWInfo,ii,pLevel,notReady);
144281 144766       pWInfo->iContinue = pLevel->addrCont;
144282 144767       if( (wsFlags&WHERE_MULTI_OR)==0 && (wctrlFlags&WHERE_OR_SUBCLAUSE)==0 ){
144283 144768         sqlite3WhereAddScanStatus(v, pTabList, pLevel, addrExplain);
144284 144769       }
144285 144770     }
144286 144771   
144287 144772     /* Done. */
................................................................................
144457 144942       */
144458 144943       if( pTabItem->fg.viaCoroutine ){
144459 144944         testcase( pParse->db->mallocFailed );
144460 144945         translateColumnToCopy(pParse, pLevel->addrBody, pLevel->iTabCur,
144461 144946                               pTabItem->regResult, 0);
144462 144947         continue;
144463 144948       }
       144949  +
       144950  +#ifdef SQLITE_ENABLE_EARLY_CURSOR_CLOSE
       144951  +    /* Close all of the cursors that were opened by sqlite3WhereBegin.
       144952  +    ** Except, do not close cursors that will be reused by the OR optimization
       144953  +    ** (WHERE_OR_SUBCLAUSE).  And do not close the OP_OpenWrite cursors
       144954  +    ** created for the ONEPASS optimization.
       144955  +    */
       144956  +    if( (pTab->tabFlags & TF_Ephemeral)==0
       144957  +     && pTab->pSelect==0
       144958  +     && (pWInfo->wctrlFlags & WHERE_OR_SUBCLAUSE)==0
       144959  +    ){
       144960  +      int ws = pLoop->wsFlags;
       144961  +      if( pWInfo->eOnePass==ONEPASS_OFF && (ws & WHERE_IDX_ONLY)==0 ){
       144962  +        sqlite3VdbeAddOp1(v, OP_Close, pTabItem->iCursor);
       144963  +      }
       144964  +      if( (ws & WHERE_INDEXED)!=0
       144965  +       && (ws & (WHERE_IPK|WHERE_AUTO_INDEX))==0 
       144966  +       && pLevel->iIdxCur!=pWInfo->aiCurOnePass[1]
       144967  +      ){
       144968  +        sqlite3VdbeAddOp1(v, OP_Close, pLevel->iIdxCur);
       144969  +      }
       144970  +    }
       144971  +#endif
144464 144972   
144465 144973       /* If this scan uses an index, make VDBE code substitutions to read data
144466 144974       ** from the index instead of from the table where possible.  In some cases
144467 144975       ** this optimization prevents the table from ever being read, which can
144468 144976       ** yield a significant performance boost.
144469 144977       ** 
144470 144978       ** Calls to the code generator in between sqlite3WhereBegin and
................................................................................
145357 145865             sqlite3ExprAlloc(db, TK_INTEGER, &sqlite3IntTokens[0], 0)
145358 145866         );
145359 145867       }
145360 145868   
145361 145869       pSub = sqlite3SelectNew(
145362 145870           pParse, pSublist, pSrc, pWhere, pGroupBy, pHaving, pSort, 0, 0
145363 145871       );
145364         -    p->pSrc = sqlite3SrcListAppend(db, 0, 0, 0);
145365         -    assert( p->pSrc || db->mallocFailed );
       145872  +    p->pSrc = sqlite3SrcListAppend(pParse, 0, 0, 0);
145366 145873       if( p->pSrc ){
145367 145874         p->pSrc->a[0].pSelect = pSub;
145368 145875         sqlite3SrcListAssignCursors(pParse, p->pSrc);
145369 145876         if( sqlite3ExpandSubquery(pParse, &p->pSrc->a[0]) ){
145370 145877           rc = SQLITE_NOMEM;
145371 145878         }else{
145372 145879           pSub->selFlags |= SF_Expanded;
................................................................................
145415 145922   ** value should be a non-negative integer.  If the value is not a
145416 145923   ** constant, change it to NULL.  The fact that it is then a non-negative
145417 145924   ** integer will be caught later.  But it is important not to leave
145418 145925   ** variable values in the expression tree.
145419 145926   */
145420 145927   static Expr *sqlite3WindowOffsetExpr(Parse *pParse, Expr *pExpr){
145421 145928     if( 0==sqlite3ExprIsConstant(pExpr) ){
       145929  +    if( IN_RENAME_OBJECT ) sqlite3RenameExprUnmap(pParse, pExpr);
145422 145930       sqlite3ExprDelete(pParse->db, pExpr);
145423 145931       pExpr = sqlite3ExprAlloc(pParse->db, TK_NULL, 0, 0);
145424 145932     }
145425 145933     return pExpr;
145426 145934   }
145427 145935   
145428 145936   /*
................................................................................
145609 146117     VdbeCoverageIf(v, eCond==0);
145610 146118     VdbeCoverageIf(v, eCond==1);
145611 146119     VdbeCoverageIf(v, eCond==2);
145612 146120     sqlite3VdbeAddOp3(v, aOp[eCond], regZero, sqlite3VdbeCurrentAddr(v)+2, reg);
145613 146121     VdbeCoverageNeverNullIf(v, eCond==0);
145614 146122     VdbeCoverageNeverNullIf(v, eCond==1);
145615 146123     VdbeCoverageNeverNullIf(v, eCond==2);
       146124  +  sqlite3MayAbort(pParse);
145616 146125     sqlite3VdbeAddOp2(v, OP_Halt, SQLITE_ERROR, OE_Abort);
145617 146126     sqlite3VdbeAppendP4(v, (void*)azErr[eCond], P4_STATIC);
145618 146127     sqlite3ReleaseTempReg(pParse, regZero);
145619 146128   }
145620 146129   
145621 146130   /*
145622 146131   ** Return the number of arguments passed to the window-function associated
................................................................................
145864 146373     Window *pWin;
145865 146374     for(pWin=pMWin; pWin; pWin=pWin->pNextWin){
145866 146375       FuncDef *pFunc = pWin->pFunc;
145867 146376       if( pFunc->zName==nth_valueName
145868 146377        || pFunc->zName==first_valueName
145869 146378       ){
145870 146379         int csr = pWin->csrApp;
145871         -      int lbl = sqlite3VdbeMakeLabel(v);
       146380  +      int lbl = sqlite3VdbeMakeLabel(pParse);
145872 146381         int tmpReg = sqlite3GetTempReg(pParse);
145873 146382         sqlite3VdbeAddOp2(v, OP_Null, 0, pWin->regResult);
145874 146383   
145875 146384         if( pFunc->zName==nth_valueName ){
145876 146385           sqlite3VdbeAddOp3(v, OP_Column, pMWin->iEphCsr, pWin->iArgCol+1,tmpReg);
145877 146386           windowCheckIntValue(pParse, tmpReg, 2);
145878 146387         }else{
................................................................................
145887 146396         sqlite3VdbeResolveLabel(v, lbl);
145888 146397         sqlite3ReleaseTempReg(pParse, tmpReg);
145889 146398       }
145890 146399       else if( pFunc->zName==leadName || pFunc->zName==lagName ){
145891 146400         int nArg = pWin->pOwner->x.pList->nExpr;
145892 146401         int iEph = pMWin->iEphCsr;
145893 146402         int csr = pWin->csrApp;
145894         -      int lbl = sqlite3VdbeMakeLabel(v);
       146403  +      int lbl = sqlite3VdbeMakeLabel(pParse);
145895 146404         int tmpReg = sqlite3GetTempReg(pParse);
145896 146405   
145897 146406         if( nArg<3 ){
145898 146407           sqlite3VdbeAddOp2(v, OP_Null, 0, pWin->regResult);
145899 146408         }else{
145900 146409           sqlite3VdbeAddOp3(v, OP_Column, iEph, pWin->iArgCol+2, pWin->regResult);
145901 146410         }
................................................................................
146148 146657          || pMWin->eEnd==TK_CURRENT 
146149 146658          || pMWin->eEnd==TK_UNBOUNDED 
146150 146659          || pMWin->eEnd==TK_PRECEDING 
146151 146660     );
146152 146661   
146153 146662     /* Allocate register and label for the "flush_partition" sub-routine. */
146154 146663     regFlushPart = ++pParse->nMem;
146155         -  lblFlushPart = sqlite3VdbeMakeLabel(v);
146156         -  lblFlushDone = sqlite3VdbeMakeLabel(v);
       146664  +  lblFlushPart = sqlite3VdbeMakeLabel(pParse);
       146665  +  lblFlushDone = sqlite3VdbeMakeLabel(pParse);
146157 146666   
146158 146667     regStart = ++pParse->nMem;
146159 146668     regEnd = ++pParse->nMem;
146160 146669   
146161 146670     windowPartitionCache(pParse, p, pWInfo, regFlushPart, lblFlushPart, &regSize);
146162 146671   
146163 146672     addrGoto = sqlite3VdbeAddOp0(v, OP_Goto);
................................................................................
146259 146768       sqlite3VdbeJumpHere(v, addrIfPos2);
146260 146769     }
146261 146770   
146262 146771     if( pMWin->eStart==TK_CURRENT 
146263 146772      || pMWin->eStart==TK_PRECEDING 
146264 146773      || pMWin->eStart==TK_FOLLOWING 
146265 146774     ){
146266         -    int lblSkipInverse = sqlite3VdbeMakeLabel(v);;
       146775  +    int lblSkipInverse = sqlite3VdbeMakeLabel(pParse);;
146267 146776       if( pMWin->eStart==TK_PRECEDING ){
146268 146777         sqlite3VdbeAddOp3(v, OP_IfPos, regStart, lblSkipInverse, 1);
146269 146778         VdbeCoverage(v);
146270 146779       }
146271 146780       if( pMWin->eStart==TK_FOLLOWING ){
146272 146781         sqlite3VdbeAddOp2(v, OP_Next, csrStart, sqlite3VdbeCurrentAddr(v)+2);
146273 146782         VdbeCoverage(v);
................................................................................
146424 146933   
146425 146934     assert( (pMWin->eStart==TK_UNBOUNDED && pMWin->eEnd==TK_CURRENT) 
146426 146935          || (pMWin->eStart==TK_UNBOUNDED && pMWin->eEnd==TK_UNBOUNDED) 
146427 146936          || (pMWin->eStart==TK_CURRENT && pMWin->eEnd==TK_CURRENT) 
146428 146937          || (pMWin->eStart==TK_CURRENT && pMWin->eEnd==TK_UNBOUNDED) 
146429 146938     );
146430 146939   
146431         -  lblEmpty = sqlite3VdbeMakeLabel(v);
       146940  +  lblEmpty = sqlite3VdbeMakeLabel(pParse);
146432 146941     regNewPeer = pParse->nMem+1;
146433 146942     pParse->nMem += nPeer;
146434 146943   
146435 146944     /* Allocate register and label for the "flush_partition" sub-routine. */
146436 146945     regFlushPart = ++pParse->nMem;
146437         -  lblFlushPart = sqlite3VdbeMakeLabel(v);
       146946  +  lblFlushPart = sqlite3VdbeMakeLabel(pParse);
146438 146947   
146439 146948     csrLead = pParse->nTab++;
146440 146949     regCtr = ++pParse->nMem;
146441 146950   
146442 146951     windowPartitionCache(pParse, p, pWInfo, regFlushPart, lblFlushPart, &regSize);
146443 146952     addrGoto = sqlite3VdbeAddOp0(v, OP_Goto);
146444 146953   
................................................................................
146667 147176   SQLITE_PRIVATE Window *sqlite3WindowDup(sqlite3 *db, Expr *pOwner, Window *p){
146668 147177     Window *pNew = 0;
146669 147178     if( ALWAYS(p) ){
146670 147179       pNew = sqlite3DbMallocZero(db, sizeof(Window));
146671 147180       if( pNew ){
146672 147181         pNew->zName = sqlite3DbStrDup(db, p->zName);
146673 147182         pNew->pFilter = sqlite3ExprDup(db, p->pFilter, 0);
       147183  +      pNew->pFunc = p->pFunc;
146674 147184         pNew->pPartition = sqlite3ExprListDup(db, p->pPartition, 0);
146675 147185         pNew->pOrderBy = sqlite3ExprListDup(db, p->pOrderBy, 0);
146676 147186         pNew->eType = p->eType;
146677 147187         pNew->eEnd = p->eEnd;
146678 147188         pNew->eStart = p->eStart;
146679 147189         pNew->pStart = sqlite3ExprDup(db, p->pStart, 0);
146680 147190         pNew->pEnd = sqlite3ExprDup(db, p->pEnd, 0);
................................................................................
146924 147434         p->op2 = 0;
146925 147435         p->iTable = 0;
146926 147436         p->iColumn = 0;
146927 147437         p->u.zToken = (char*)&p[1];
146928 147438         memcpy(p->u.zToken, t.z, t.n);
146929 147439         p->u.zToken[t.n] = 0;
146930 147440         if( sqlite3Isquote(p->u.zToken[0]) ){
146931         -        if( p->u.zToken[0]=='"' ) p->flags |= EP_DblQuoted;
146932         -        sqlite3Dequote(p->u.zToken);
       147441  +        sqlite3DequoteExpr(p);
146933 147442         }
146934 147443   #if SQLITE_MAX_EXPR_DEPTH>0
146935 147444         p->nHeight = 1;
146936 147445   #endif  
146937 147446         if( IN_RENAME_OBJECT ){
146938 147447           return (Expr*)sqlite3RenameTokenMap(pParse, (void*)p, &t);
146939 147448         }
................................................................................
147034 147543   **    YY_MAX_REDUCE      Maximum value for reduce actions
147035 147544   */
147036 147545   #ifndef INTERFACE
147037 147546   # define INTERFACE 1
147038 147547   #endif
147039 147548   /************* Begin control #defines *****************************************/
147040 147549   #define YYCODETYPE unsigned short int
147041         -#define YYNOCODE 277
       147550  +#define YYNOCODE 278
147042 147551   #define YYACTIONTYPE unsigned short int
147043 147552   #define YYWILDCARD 91
147044 147553   #define sqlite3ParserTOKENTYPE Token
147045 147554   typedef union {
147046 147555     int yyinit;
147047 147556     sqlite3ParserTOKENTYPE yy0;
147048         -  Expr* yy18;
147049         -  struct TrigEvent yy34;
147050         -  IdList* yy48;
147051         -  int yy70;
147052         -  struct {int value; int mask;} yy111;
147053         -  struct FrameBound yy119;
147054         -  SrcList* yy135;
147055         -  TriggerStep* yy207;
147056         -  Window* yy327;
147057         -  Upsert* yy340;
147058         -  const char* yy392;
147059         -  ExprList* yy420;
147060         -  With* yy449;
147061         -  Select* yy489;
       147557  +  ExprList* yy42;
       147558  +  int yy96;
       147559  +  TriggerStep* yy119;
       147560  +  Window* yy147;
       147561  +  SrcList* yy167;
       147562  +  Upsert* yy266;
       147563  +  struct FrameBound yy317;
       147564  +  IdList* yy336;
       147565  +  struct TrigEvent yy350;
       147566  +  struct {int value; int mask;} yy367;
       147567  +  Select* yy423;
       147568  +  const char* yy464;
       147569  +  Expr* yy490;
       147570  +  With* yy499;
147062 147571   } YYMINORTYPE;
147063 147572   #ifndef YYSTACKDEPTH
147064 147573   #define YYSTACKDEPTH 100
147065 147574   #endif
147066 147575   #define sqlite3ParserARG_SDECL
147067 147576   #define sqlite3ParserARG_PDECL
147068 147577   #define sqlite3ParserARG_PARAM
................................................................................
147070 147579   #define sqlite3ParserARG_STORE
147071 147580   #define sqlite3ParserCTX_SDECL Parse *pParse;
147072 147581   #define sqlite3ParserCTX_PDECL ,Parse *pParse
147073 147582   #define sqlite3ParserCTX_PARAM ,pParse
147074 147583   #define sqlite3ParserCTX_FETCH Parse *pParse=yypParser->pParse;
147075 147584   #define sqlite3ParserCTX_STORE yypParser->pParse=pParse;
147076 147585   #define YYFALLBACK 1
147077         -#define YYNSTATE             521
147078         -#define YYNRULE              367
       147586  +#define YYNSTATE             524
       147587  +#define YYNRULE              369
147079 147588   #define YYNTOKEN             155
147080         -#define YY_MAX_SHIFT         520
147081         -#define YY_MIN_SHIFTREDUCE   756
147082         -#define YY_MAX_SHIFTREDUCE   1122
147083         -#define YY_ERROR_ACTION      1123
147084         -#define YY_ACCEPT_ACTION     1124
147085         -#define YY_NO_ACTION         1125
147086         -#define YY_MIN_REDUCE        1126
147087         -#define YY_MAX_REDUCE        1492
       147589  +#define YY_MAX_SHIFT         523
       147590  +#define YY_MIN_SHIFTREDUCE   760
       147591  +#define YY_MAX_SHIFTREDUCE   1128
       147592  +#define YY_ERROR_ACTION      1129
       147593  +#define YY_ACCEPT_ACTION     1130
       147594  +#define YY_NO_ACTION         1131
       147595  +#define YY_MIN_REDUCE        1132
       147596  +#define YY_MAX_REDUCE        1500
147088 147597   /************* End control #defines *******************************************/
147089 147598   #define YY_NLOOKAHEAD ((int)(sizeof(yy_lookahead)/sizeof(yy_lookahead[0])))
147090 147599   
147091 147600   /* Define the yytestcase() macro to be a no-op if is not already defined
147092 147601   ** otherwise.
147093 147602   **
147094 147603   ** Applications can choose to define yytestcase() in the %include section
................................................................................
147149 147658   **  yy_reduce_ofst[]   For each state, the offset into yy_action for
147150 147659   **                     shifting non-terminals after a reduce.
147151 147660   **  yy_default[]       Default action for each state.
147152 147661   **
147153 147662   *********** Begin parsing tables **********************************************/
147154 147663   #define YY_ACTTAB_COUNT (2009)
147155 147664   static const YYACTIONTYPE yy_action[] = {
147156         - /*     0 */   368,  105,  102,  197,  105,  102,  197,  515, 1124,    1,
147157         - /*    10 */     1,  520,    2, 1128,  515, 1192, 1171, 1456,  275,  370,
147158         - /*    20 */   127, 1389, 1197, 1197, 1192, 1166,  178, 1205,   64,   64,
147159         - /*    30 */   477,  887,  322,  428,  348,   37,   37,  808,  362,  888,
147160         - /*    40 */   509,  509,  509,  112,  113,  103, 1100, 1100,  953,  956,
147161         - /*    50 */   946,  946,  110,  110,  111,  111,  111,  111,  365,  252,
147162         - /*    60 */   252,  515,  252,  252,  497,  515,  309,  515,  459,  515,
147163         - /*    70 */  1079,  491,  512,  478,    6,  512,  809,  134,  498,  228,
147164         - /*    80 */   194,  428,   37,   37,  515,  208,   64,   64,   64,   64,
147165         - /*    90 */    13,   13,  109,  109,  109,  109,  108,  108,  107,  107,
147166         - /*   100 */   107,  106,  401,  258,  381,   13,   13,  398,  397,  428,
147167         - /*   110 */   252,  252,  370,  476,  405, 1104, 1079, 1080, 1081,  386,
147168         - /*   120 */  1106,  390,  497,  512,  497, 1423, 1419,  304, 1105,  307,
147169         - /*   130 */  1256,  496,  370,  499,   16,   16,  112,  113,  103, 1100,
147170         - /*   140 */  1100,  953,  956,  946,  946,  110,  110,  111,  111,  111,
147171         - /*   150 */   111,  262, 1107,  495, 1107,  401,  112,  113,  103, 1100,
147172         - /*   160 */  1100,  953,  956,  946,  946,  110,  110,  111,  111,  111,
147173         - /*   170 */   111,  129, 1425,  343, 1420,  339, 1059,  492, 1057,  263,
147174         - /*   180 */    73,  105,  102,  197,  994,  109,  109,  109,  109,  108,
147175         - /*   190 */   108,  107,  107,  107,  106,  401,  370,  111,  111,  111,
147176         - /*   200 */   111,  104,  492,   89, 1432,  109,  109,  109,  109,  108,
147177         - /*   210 */   108,  107,  107,  107,  106,  401,  111,  111,  111,  111,
147178         - /*   220 */   112,  113,  103, 1100, 1100,  953,  956,  946,  946,  110,
147179         - /*   230 */   110,  111,  111,  111,  111,  109,  109,  109,  109,  108,
147180         - /*   240 */   108,  107,  107,  107,  106,  401,  114,  108,  108,  107,
147181         - /*   250 */   107,  107,  106,  401,  109,  109,  109,  109,  108,  108,
147182         - /*   260 */   107,  107,  107,  106,  401,  152,  399,  399,  399,  109,
147183         - /*   270 */   109,  109,  109,  108,  108,  107,  107,  107,  106,  401,
147184         - /*   280 */   178,  493, 1412,  434, 1037, 1486, 1079,  515, 1486,  370,
147185         - /*   290 */   421,  297,  357,  412,   74, 1079,  109,  109,  109,  109,
147186         - /*   300 */   108,  108,  107,  107,  107,  106,  401, 1413,   37,   37,
147187         - /*   310 */  1431,  274,  506,  112,  113,  103, 1100, 1100,  953,  956,
147188         - /*   320 */   946,  946,  110,  110,  111,  111,  111,  111, 1436,  520,
147189         - /*   330 */     2, 1128, 1079, 1080, 1081,  430,  275, 1079,  127,  366,
147190         - /*   340 */   933, 1079, 1080, 1081,  220, 1205,  913,  458,  455,  454,
147191         - /*   350 */   392,  167,  515, 1035,  152,  445,  924,  453,  152,  874,
147192         - /*   360 */   923,  289,  109,  109,  109,  109,  108,  108,  107,  107,
147193         - /*   370 */   107,  106,  401,   13,   13,  261,  853,  252,  252,  227,
147194         - /*   380 */   106,  401,  370, 1079, 1080, 1081,  311,  388, 1079,  296,
147195         - /*   390 */   512,  923,  923,  925,  231,  323, 1255, 1388, 1423,  490,
147196         - /*   400 */   274,  506,   12,  208,  274,  506,  112,  113,  103, 1100,
147197         - /*   410 */  1100,  953,  956,  946,  946,  110,  110,  111,  111,  111,
147198         - /*   420 */   111, 1440,  286, 1128,  288, 1079, 1097,  247,  275, 1098,
147199         - /*   430 */   127,  387,  405,  389, 1079, 1080, 1081, 1205,  159,  238,
147200         - /*   440 */   255,  321,  461,  316,  460,  225,  790,  105,  102,  197,
147201         - /*   450 */   513,  314,  842,  842,  445,  109,  109,  109,  109,  108,
147202         - /*   460 */   108,  107,  107,  107,  106,  401,  515,  514,  515,  252,
147203         - /*   470 */   252, 1079, 1080, 1081,  435,  370, 1098,  933, 1460,  794,
147204         - /*   480 */   274,  506,  512,  105,  102,  197,  336,   63,   63,   64,
147205         - /*   490 */    64,   27,  790,  924,  287,  208, 1354,  923,  515,  112,
147206         - /*   500 */   113,  103, 1100, 1100,  953,  956,  946,  946,  110,  110,
147207         - /*   510 */   111,  111,  111,  111,  107,  107,  107,  106,  401,   49,
147208         - /*   520 */    49,  515,   28, 1079,  405,  497,  421,  297,  923,  923,
147209         - /*   530 */   925,  186,  468, 1079,  467,  999,  999,  442,  515, 1079,
147210         - /*   540 */   334,  515,   45,   45, 1083,  342,  173,  168,  109,  109,
147211         - /*   550 */   109,  109,  108,  108,  107,  107,  107,  106,  401,   13,
147212         - /*   560 */    13,  205,   13,   13,  252,  252, 1195, 1195,  370, 1079,
147213         - /*   570 */  1080, 1081,  787,  265,    5,  359,  494,  512,  469, 1079,
147214         - /*   580 */  1080, 1081,  398,  397, 1079, 1079, 1080, 1081,    3,  282,
147215         - /*   590 */  1079, 1083,  112,  113,  103, 1100, 1100,  953,  956,  946,
147216         - /*   600 */   946,  110,  110,  111,  111,  111,  111,  252,  252, 1015,
147217         - /*   610 */   220, 1079,  873,  458,  455,  454,  943,  943,  954,  957,
147218         - /*   620 */   512,  252,  252,  453, 1016, 1079,  445, 1107, 1209, 1107,
147219         - /*   630 */  1079, 1080, 1081,  515,  512,  426, 1079, 1080, 1081, 1017,
147220         - /*   640 */   512,  109,  109,  109,  109,  108,  108,  107,  107,  107,
147221         - /*   650 */   106,  401, 1052,  515,   50,   50,  515, 1079, 1080, 1081,
147222         - /*   660 */   828,  370, 1051,  379,  411, 1064, 1358,  207,  408,  773,
147223         - /*   670 */   829, 1079, 1080, 1081,   64,   64,  322,   64,   64, 1302,
147224         - /*   680 */   947,  411,  410, 1358, 1360,  112,  113,  103, 1100, 1100,
147225         - /*   690 */   953,  956,  946,  946,  110,  110,  111,  111,  111,  111,
147226         - /*   700 */   294,  482,  515, 1037, 1487,  515,  434, 1487,  354, 1120,
147227         - /*   710 */   483,  996,  913,  485,  466,  996,  132,  178,   33,  450,
147228         - /*   720 */  1203,  136,  406,   64,   64,  479,   64,   64,  419,  369,
147229         - /*   730 */   283, 1146,  252,  252,  109,  109,  109,  109,  108,  108,
147230         - /*   740 */   107,  107,  107,  106,  401,  512,  224,  440,  411,  266,
147231         - /*   750 */  1358,  266,  252,  252,  370,  296,  416,  284,  934,  396,
147232         - /*   760 */   976,  470,  400,  252,  252,  512,    9,  473,  231,  500,
147233         - /*   770 */   354, 1036, 1035, 1488,  355,  374,  512, 1121,  112,  113,
147234         - /*   780 */   103, 1100, 1100,  953,  956,  946,  946,  110,  110,  111,
147235         - /*   790 */   111,  111,  111,  252,  252, 1015,  515, 1347,  295,  252,
147236         - /*   800 */   252,  252,  252, 1098,  375,  249,  512,  445,  872,  322,
147237         - /*   810 */  1016,  480,  512,  195,  512,  434,  273,   15,   15,  515,
147238         - /*   820 */   314,  515,   95,  515,   93, 1017,  367,  109,  109,  109,
147239         - /*   830 */   109,  108,  108,  107,  107,  107,  106,  401,  515, 1121,
147240         - /*   840 */    39,   39,   51,   51,   52,   52,  503,  370,  515, 1204,
147241         - /*   850 */  1098,  918,  439,  341,  133,  436,  223,  222,  221,   53,
147242         - /*   860 */    53,  322, 1400,  761,  762,  763,  515,  370,   88,   54,
147243         - /*   870 */    54,  112,  113,  103, 1100, 1100,  953,  956,  946,  946,
147244         - /*   880 */   110,  110,  111,  111,  111,  111,  407,   55,   55,  196,
147245         - /*   890 */   515,  112,  113,  103, 1100, 1100,  953,  956,  946,  946,
147246         - /*   900 */   110,  110,  111,  111,  111,  111,  135,  264, 1149,  376,
147247         - /*   910 */   515,   40,   40,  515,  872,  515,  993,  515,  993,  116,
147248         - /*   920 */   109,  109,  109,  109,  108,  108,  107,  107,  107,  106,
147249         - /*   930 */   401,   41,   41,  515,   43,   43,   44,   44,   56,   56,
147250         - /*   940 */   109,  109,  109,  109,  108,  108,  107,  107,  107,  106,
147251         - /*   950 */   401,  515,  379,  515,   57,   57,  515,  799,  515,  379,
147252         - /*   960 */   515,  445,  200,  515,  323,  515, 1397,  515, 1459,  515,
147253         - /*   970 */  1287,  817,   58,   58,   14,   14,  515,   59,   59,  118,
147254         - /*   980 */   118,   60,   60,  515,   46,   46,   61,   61,   62,   62,
147255         - /*   990 */    47,   47,  515,  190,  189,   91,  515,  140,  140,  515,
147256         - /*  1000 */   394,  515,  277, 1200,  141,  141,  515, 1115,  515,  992,
147257         - /*  1010 */   515,  992,  515,   69,   69,  370,  278,   48,   48,  259,
147258         - /*  1020 */    65,   65,  119,  119,  246,  246,  260,   66,   66,  120,
147259         - /*  1030 */   120,  121,  121,  117,  117,  370,  515,  512,  383,  112,
147260         - /*  1040 */   113,  103, 1100, 1100,  953,  956,  946,  946,  110,  110,
147261         - /*  1050 */   111,  111,  111,  111,  515,  872,  515,  139,  139,  112,
147262         - /*  1060 */   113,  103, 1100, 1100,  953,  956,  946,  946,  110,  110,
147263         - /*  1070 */   111,  111,  111,  111, 1287,  138,  138,  125,  125,  515,
147264         - /*  1080 */    12,  515,  281, 1287,  515,  445,  131, 1287,  109,  109,
147265         - /*  1090 */   109,  109,  108,  108,  107,  107,  107,  106,  401,  515,
147266         - /*  1100 */   124,  124,  122,  122,  515,  123,  123,  515,  109,  109,
147267         - /*  1110 */   109,  109,  108,  108,  107,  107,  107,  106,  401,  515,
147268         - /*  1120 */    68,   68,  463,  783,  515,   70,   70,  302,   67,   67,
147269         - /*  1130 */  1032,  253,  253,  356, 1287,  191,  196, 1433,  465, 1301,
147270         - /*  1140 */    38,   38,  384,   94,  512,   42,   42,  177,  848,  274,
147271         - /*  1150 */   506,  385,  420,  847, 1356,  441,  508,  376,  377,  153,
147272         - /*  1160 */   423,  872,  432,  370,  224,  251,  194,  887,  182,  293,
147273         - /*  1170 */   783,  848,   88,  254,  466,  888,  847,  915,  807,  806,
147274         - /*  1180 */   230, 1241,  910,  370,   17,  413,  797,  112,  113,  103,
147275         - /*  1190 */  1100, 1100,  953,  956,  946,  946,  110,  110,  111,  111,
147276         - /*  1200 */   111,  111,  395,  814,  815, 1175,  983,  112,  101,  103,
147277         - /*  1210 */  1100, 1100,  953,  956,  946,  946,  110,  110,  111,  111,
147278         - /*  1220 */   111,  111,  375,  422,  427,  429,  298,  230,  230,   88,
147279         - /*  1230 */  1240,  451,  312,  797,  226,   88,  109,  109,  109,  109,
147280         - /*  1240 */   108,  108,  107,  107,  107,  106,  401,   86,  433,  979,
147281         - /*  1250 */   927,  881,  226,  983,  230,  415,  109,  109,  109,  109,
147282         - /*  1260 */   108,  108,  107,  107,  107,  106,  401,  320,  845,  781,
147283         - /*  1270 */   846,  100,  130,  100, 1403,  290,  370,  319, 1377, 1376,
147284         - /*  1280 */   437, 1449,  299, 1237,  303,  306,  308,  310, 1188, 1174,
147285         - /*  1290 */  1173, 1172,  315,  324,  325, 1228,  370,  927, 1249,  271,
147286         - /*  1300 */  1286,  113,  103, 1100, 1100,  953,  956,  946,  946,  110,
147287         - /*  1310 */   110,  111,  111,  111,  111, 1224, 1235,  502,  501, 1292,
147288         - /*  1320 */  1221, 1155,  103, 1100, 1100,  953,  956,  946,  946,  110,
147289         - /*  1330 */   110,  111,  111,  111,  111, 1148, 1137, 1136, 1138, 1443,
147290         - /*  1340 */   446,  244,  184,   98,  507,  188,    4,  353,  327,  109,
147291         - /*  1350 */   109,  109,  109,  108,  108,  107,  107,  107,  106,  401,
147292         - /*  1360 */   510,  329,  331,  199,  414,  456,  292,  285,  318,  109,
147293         - /*  1370 */   109,  109,  109,  108,  108,  107,  107,  107,  106,  401,
147294         - /*  1380 */    11, 1271, 1279,  402,  361,  192, 1171, 1351,  431,  505,
147295         - /*  1390 */   346, 1350,  333,   98,  507,  504,    4,  187, 1446, 1115,
147296         - /*  1400 */   233, 1396,  155, 1394, 1112,  152,   72,   75,  378,  425,
147297         - /*  1410 */   510,  165,  149,  157,  933, 1276,   86,   30, 1268,  417,
147298         - /*  1420 */    96,   96,    8,  160,  161,  162,  163,   97,  418,  402,
147299         - /*  1430 */   517,  516,  449,  402,  923,  210,  358,  424, 1282,  438,
147300         - /*  1440 */   169,  214,  360, 1345,   80,  504,   31,  444, 1365,  301,
147301         - /*  1450 */   245,  274,  506,  216,  174,  305,  488,  447,  217,  462,
147302         - /*  1460 */  1139,  487,  218,  363,  933,  923,  923,  925,  926,   24,
147303         - /*  1470 */    96,   96, 1191, 1190, 1189,  391, 1182,   97, 1163,  402,
147304         - /*  1480 */   517,  516,  799,  364,  923, 1162,  317, 1161,   98,  507,
147305         - /*  1490 */  1181,    4, 1458,  472,  393,  269,  270,  475,  481, 1232,
147306         - /*  1500 */    85, 1233,  326,  328,  232,  510,  495, 1231,  330,   98,
147307         - /*  1510 */   507, 1230,    4,  486,  335,  923,  923,  925,  926,   24,
147308         - /*  1520 */  1435, 1068,  404,  181,  336,  256,  510,  115,  402,  332,
147309         - /*  1530 */   352,  352,  351,  241,  349, 1214, 1414,  770,  338,   10,
147310         - /*  1540 */   504,  340,  272,   92, 1331, 1213,   87,  183,  484,  402,
147311         - /*  1550 */   201,  488,  280,  239,  344,  345,  489, 1145,   29,  933,
147312         - /*  1560 */   279,  504, 1074,  518,  240,   96,   96,  242,  243,  519,
147313         - /*  1570 */  1134, 1129,   97,  154,  402,  517,  516,  372,  373,  923,
147314         - /*  1580 */   933,  142,  143,  128, 1381,  267,   96,   96,  852,  757,
147315         - /*  1590 */   203,  144,  403,   97, 1382,  402,  517,  516,  204, 1380,
147316         - /*  1600 */   923,  146, 1379, 1159, 1158,   71, 1156,  276,  202,  185,
147317         - /*  1610 */   923,  923,  925,  926,   24,  198,  257,  126,  991,  989,
147318         - /*  1620 */   907,   98,  507,  156,    4,  145,  158,  206,  831,  209,
147319         - /*  1630 */   291,  923,  923,  925,  926,   24, 1005,  911,  510,  164,
147320         - /*  1640 */   147,  380,  371,  382,  166,   76,   77,  274,  506,  148,
147321         - /*  1650 */    78,   79, 1008,  211,  212, 1004,  137,  213,   18,  300,
147322         - /*  1660 */   230,  402,  997, 1109,  443,  215,   32,  170,  171,  772,
147323         - /*  1670 */   409,  448,  319,  504,  219,  172,  452,   81,   19,  457,
147324         - /*  1680 */   313,   20,   82,  268,  488,  150,  810,  179,   83,  487,
147325         - /*  1690 */   464,  151,  933,  180,  959,   84, 1040,   34,   96,   96,
147326         - /*  1700 */   471, 1041,   35,  474,  193,   97,  248,  402,  517,  516,
147327         - /*  1710 */  1068,  404,  923,  250,  256,  880,  229,  175,  875,  352,
147328         - /*  1720 */   352,  351,  241,  349,  100,   21,  770,   22, 1054, 1056,
147329         - /*  1730 */     7,   98,  507, 1045,    4,  337, 1058,   23,  974,  201,
147330         - /*  1740 */   176,  280,   88,  923,  923,  925,  926,   24,  510,  279,
147331         - /*  1750 */   960,  958,  962, 1014,  963, 1013,  235,  234,   25,   36,
147332         - /*  1760 */    99,   90,  507,  928,    4,  511,  350,  782,   26,  841,
147333         - /*  1770 */   236,  402,  347, 1069,  237, 1125, 1125, 1451,  510,  203,
147334         - /*  1780 */  1450, 1125, 1125,  504, 1125, 1125, 1125,  204, 1125, 1125,
147335         - /*  1790 */   146, 1125, 1125, 1125, 1125, 1125, 1125,  202, 1125, 1125,
147336         - /*  1800 */  1125,  402,  933, 1125, 1125, 1125, 1125, 1125,   96,   96,
147337         - /*  1810 */  1125, 1125, 1125,  504, 1125,   97, 1125,  402,  517,  516,
147338         - /*  1820 */  1125, 1125,  923, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147339         - /*  1830 */  1125,  371,  933, 1125, 1125, 1125,  274,  506,   96,   96,
147340         - /*  1840 */  1125, 1125, 1125, 1125, 1125,   97, 1125,  402,  517,  516,
147341         - /*  1850 */  1125, 1125,  923,  923,  923,  925,  926,   24, 1125,  409,
147342         - /*  1860 */  1125, 1125, 1125,  256, 1125, 1125, 1125, 1125,  352,  352,
147343         - /*  1870 */   351,  241,  349, 1125, 1125,  770, 1125, 1125, 1125, 1125,
147344         - /*  1880 */  1125, 1125, 1125,  923,  923,  925,  926,   24,  201, 1125,
147345         - /*  1890 */   280, 1125, 1125, 1125, 1125, 1125, 1125, 1125,  279, 1125,
147346         - /*  1900 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147347         - /*  1910 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147348         - /*  1920 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,  203, 1125,
147349         - /*  1930 */  1125, 1125, 1125, 1125, 1125, 1125,  204, 1125, 1125,  146,
147350         - /*  1940 */  1125, 1125, 1125, 1125, 1125, 1125,  202, 1125, 1125, 1125,
147351         - /*  1950 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147352         - /*  1960 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147353         - /*  1970 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147354         - /*  1980 */   371, 1125, 1125, 1125, 1125,  274,  506, 1125, 1125, 1125,
147355         - /*  1990 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,
147356         - /*  2000 */  1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125,  409,
       147665  + /*     0 */   377,  518,  371,  107,  104,  200, 1293,  518, 1130,    1,
       147666  + /*    10 */     1,  523,    2, 1134,  518, 1203, 1203, 1262,  277,  373,
       147667  + /*    20 */   129,  495,   37,   37, 1397, 1201, 1201, 1211,   65,   65,
       147668  + /*    30 */   480,  891,  107,  104,  200,   37,   37, 1043, 1494,  892,
       147669  + /*    40 */   346, 1494,  342,  114,  115,  105, 1106, 1106,  957,  960,
       147670  + /*    50 */   950,  950,  112,  112,  113,  113,  113,  113,  285,  254,
       147671  + /*    60 */   254,  518,  254,  254,  500,  518,  495,  518,  107,  104,
       147672  + /*    70 */   200, 1085,  515,  481,  386,  515, 1464,  442,  501,  230,
       147673  + /*    80 */   197,  439,   37,   37, 1172,  210,   65,   65,   65,   65,
       147674  + /*    90 */   254,  254,  111,  111,  111,  111,  110,  110,  109,  109,
       147675  + /*   100 */   109,  108,  404,  515,  404,  155, 1041,  431,  401,  400,
       147676  + /*   110 */   254,  254,  373, 1431, 1427,  408, 1110, 1085, 1086, 1087,
       147677  + /*   120 */   284, 1112,  500,  515,  500,  368, 1433, 1421, 1428, 1111,
       147678  + /*   130 */  1261,  499,  373,  502,  108,  404,  114,  115,  105, 1106,
       147679  + /*   140 */  1106,  957,  960,  950,  950,  112,  112,  113,  113,  113,
       147680  + /*   150 */   113,  276,  509, 1113,  369, 1113,  114,  115,  105, 1106,
       147681  + /*   160 */  1106,  957,  960,  950,  950,  112,  112,  113,  113,  113,
       147682  + /*   170 */   113,  496, 1420, 1431,  493, 1468, 1065,  260, 1063,  433,
       147683  + /*   180 */    74,  107,  104,  200,  498,  111,  111,  111,  111,  110,
       147684  + /*   190 */   110,  109,  109,  109,  108,  404,  373,  113,  113,  113,
       147685  + /*   200 */   113,  106,  131,   91, 1361,  111,  111,  111,  111,  110,
       147686  + /*   210 */   110,  109,  109,  109,  108,  404,  113,  113,  113,  113,
       147687  + /*   220 */   114,  115,  105, 1106, 1106,  957,  960,  950,  950,  112,
       147688  + /*   230 */   112,  113,  113,  113,  113,  111,  111,  111,  111,  110,
       147689  + /*   240 */   110,  109,  109,  109,  108,  404,  116,  110,  110,  109,
       147690  + /*   250 */   109,  109,  108,  404,  111,  111,  111,  111,  110,  110,
       147691  + /*   260 */   109,  109,  109,  108,  404,  917,  512,  512,  512,  111,
       147692  + /*   270 */   111,  111,  111,  110,  110,  109,  109,  109,  108,  404,
       147693  + /*   280 */   517, 1198, 1177,  181,  109,  109,  109,  108,  404,  373,
       147694  + /*   290 */  1198,  402,  402,  402,   75,  360,  111,  111,  111,  111,
       147695  + /*   300 */   110,  110,  109,  109,  109,  108,  404,  382,  299,  419,
       147696  + /*   310 */   287,  170,  518,  114,  115,  105, 1106, 1106,  957,  960,
       147697  + /*   320 */   950,  950,  112,  112,  113,  113,  113,  113, 1444,  523,
       147698  + /*   330 */     2, 1134,  518,   13,   13,  337,  277, 1085,  129,  226,
       147699  + /*   340 */   937, 1058, 1000,  471,  917, 1211,  453,  384, 1085,  395,
       147700  + /*   350 */   162, 1057,  155,   45,   45,  416,  928,  401,  400,  479,
       147701  + /*   360 */   927,   12,  111,  111,  111,  111,  110,  110,  109,  109,
       147702  + /*   370 */   109,  108,  404,  226,  286,  254,  254,  254,  254,  518,
       147703  + /*   380 */    16,   16,  373, 1085, 1086, 1087,  314,  299,  515,  472,
       147704  + /*   390 */   515,  927,  927,  929, 1085, 1086, 1087,  378,  276,  509,
       147705  + /*   400 */    65,   65, 1113,  210, 1113, 1085,  114,  115,  105, 1106,
       147706  + /*   410 */  1106,  957,  960,  950,  950,  112,  112,  113,  113,  113,
       147707  + /*   420 */   113, 1448,  222, 1134, 1089,  461,  458,  457,  277,  180,
       147708  + /*   430 */   129,  378,  392,  408,  423,  456,  500, 1211,  240,  257,
       147709  + /*   440 */   324,  464,  319,  463,  227,  470,   12,  317,  424,  300,
       147710  + /*   450 */   317, 1085, 1086, 1087,  485,  111,  111,  111,  111,  110,
       147711  + /*   460 */   110,  109,  109,  109,  108,  404,  181,  118, 1085,  254,
       147712  + /*   470 */   254, 1089,  518,   90,  351,  373,  518, 1181,  365,  798,
       147713  + /*   480 */  1440,  339,  515,  248,  248,   77,  325,  133, 1085,  249,
       147714  + /*   490 */   424,  300,  794,   49,   49,  210,  515,   65,   65,  114,
       147715  + /*   500 */   115,  105, 1106, 1106,  957,  960,  950,  950,  112,  112,
       147716  + /*   510 */   113,  113,  113,  113, 1085, 1086, 1087,  222, 1085,  438,
       147717  + /*   520 */   461,  458,  457,  937,  787,  408,  171,  857,  362, 1021,
       147718  + /*   530 */   456,  136,  198,  486, 1085, 1086, 1087,  448,  794,  928,
       147719  + /*   540 */     5,  193,  192,  927, 1022,  107,  104,  200,  111,  111,
       147720  + /*   550 */   111,  111,  110,  110,  109,  109,  109,  108,  404, 1023,
       147721  + /*   560 */   254,  254,  803, 1085, 1085, 1086, 1087,  437,  373, 1085,
       147722  + /*   570 */   344,  787,  791,  515,  927,  927,  929, 1085, 1408, 1396,
       147723  + /*   580 */   832, 1085,  176,    3,  852, 1085,  518, 1439,  429,  851,
       147724  + /*   590 */   833,  518,  114,  115,  105, 1106, 1106,  957,  960,  950,
       147725  + /*   600 */   950,  112,  112,  113,  113,  113,  113,   13,   13, 1085,
       147726  + /*   610 */  1086, 1087,   13,   13,  518, 1085, 1086, 1087, 1496,  358,
       147727  + /*   620 */  1085,  389, 1234, 1085, 1086, 1087,  391, 1085, 1086, 1087,
       147728  + /*   630 */   448, 1085, 1086, 1087,  518,   65,   65,  947,  947,  958,
       147729  + /*   640 */   961,  111,  111,  111,  111,  110,  110,  109,  109,  109,
       147730  + /*   650 */   108,  404,  518,  382,  878,   13,   13,  518,  877,  518,
       147731  + /*   660 */   263,  373,  518,  431,  448, 1070, 1085, 1086, 1087,  267,
       147732  + /*   670 */   448,  488, 1360,   64,   64,  431,  812,  155,   50,   50,
       147733  + /*   680 */    65,   65,  518,   65,   65,  114,  115,  105, 1106, 1106,
       147734  + /*   690 */   957,  960,  950,  950,  112,  112,  113,  113,  113,  113,
       147735  + /*   700 */   518,  951,  382,   13,   13,  415,  411,  462,  414, 1085,
       147736  + /*   710 */  1366,  777, 1210,  292,  297,  813,  399,  497,  181,  403,
       147737  + /*   720 */   261,   15,   15,  276,  509,  414,  413, 1366, 1368,  410,
       147738  + /*   730 */   372,  345, 1209,  264,  111,  111,  111,  111,  110,  110,
       147739  + /*   740 */   109,  109,  109,  108,  404,  265,  254,  254,  229, 1405,
       147740  + /*   750 */   268, 1215,  268, 1103,  373, 1085, 1086, 1087,  938,  515,
       147741  + /*   760 */   393,  409,  876,  515,  254,  254, 1152,  482,  473,  262,
       147742  + /*   770 */   422,  476,  325,  503,  289,  518,  291,  515,  114,  115,
       147743  + /*   780 */   105, 1106, 1106,  957,  960,  950,  950,  112,  112,  113,
       147744  + /*   790 */   113,  113,  113,  414, 1021, 1366,   39,   39,  254,  254,
       147745  + /*   800 */   254,  254,  980,  254,  254,  254,  254,  255,  255, 1022,
       147746  + /*   810 */   279,  515,  516,  515,  846,  846,  515,  138,  515,  518,
       147747  + /*   820 */   515, 1043, 1495,  251, 1023, 1495,  876,  111,  111,  111,
       147748  + /*   830 */   111,  110,  110,  109,  109,  109,  108,  404,  518, 1353,
       147749  + /*   840 */    51,   51,  518,  199,  518,  506,  290,  373,  518,  276,
       147750  + /*   850 */   509,  922,    9,  483,  233, 1005, 1005,  445,  189,   52,
       147751  + /*   860 */    52,  325,  280,   53,   53,   54,   54,  373,  876,   55,
       147752  + /*   870 */    55,  114,  115,  105, 1106, 1106,  957,  960,  950,  950,
       147753  + /*   880 */   112,  112,  113,  113,  113,  113,   97,  518,   95, 1104,
       147754  + /*   890 */  1041,  114,  115,  105, 1106, 1106,  957,  960,  950,  950,
       147755  + /*   900 */   112,  112,  113,  113,  113,  113,  135,  199,   56,   56,
       147756  + /*   910 */   765,  766,  767,  225,  224,  223,  518,  283,  437,  233,
       147757  + /*   920 */   111,  111,  111,  111,  110,  110,  109,  109,  109,  108,
       147758  + /*   930 */   404, 1002,  876,  326,  518, 1002, 1104,   40,   40,  518,
       147759  + /*   940 */   111,  111,  111,  111,  110,  110,  109,  109,  109,  108,
       147760  + /*   950 */   404,  518,  448,  518, 1104,   41,   41,  518,   17,  518,
       147761  + /*   960 */    43,   43, 1155,  379,  518,  448,  518,  443,  518,  390,
       147762  + /*   970 */   518,  194,   44,   44,   57,   57, 1247,  518,   58,   58,
       147763  + /*   980 */    59,   59,  518,  466,  326,   14,   14,   60,   60,  120,
       147764  + /*   990 */   120,   61,   61,  449, 1206,   93,  518,  425,   46,   46,
       147765  + /*  1000 */   518, 1104,  518,   62,   62,  518,  437,  305,  518,  852,
       147766  + /*  1010 */   518,  298,  518, 1246,  851,  373,  518,   63,   63, 1293,
       147767  + /*  1020 */   397,   47,   47,  142,  142, 1467,  143,  143,  821,   70,
       147768  + /*  1030 */    70,   48,   48,   66,   66,  373,  518,  121,  121,  114,
       147769  + /*  1040 */   115,  105, 1106, 1106,  957,  960,  950,  950,  112,  112,
       147770  + /*  1050 */   113,  113,  113,  113,  518,  418,  518,   67,   67,  114,
       147771  + /*  1060 */   115,  105, 1106, 1106,  957,  960,  950,  950,  112,  112,
       147772  + /*  1070 */   113,  113,  113,  113,  312,  122,  122,  123,  123, 1293,
       147773  + /*  1080 */   518,  357, 1126,   88,  518,  435,  325,  387,  111,  111,
       147774  + /*  1090 */   111,  111,  110,  110,  109,  109,  109,  108,  404,  266,
       147775  + /*  1100 */   518,  119,  119,  518, 1293,  141,  141,  518,  111,  111,
       147776  + /*  1110 */   111,  111,  110,  110,  109,  109,  109,  108,  404,  518,
       147777  + /*  1120 */   801,  140,  140,  518,  127,  127,  511,  379,  126,  126,
       147778  + /*  1130 */   518,  137,  518, 1308,  518,  307,  518,  310,  518,  203,
       147779  + /*  1140 */   124,  124, 1307,   96,  125,  125,  207,  388, 1441,  468,
       147780  + /*  1150 */  1127,   69,   69,   71,   71,   68,   68,   38,   38,   42,
       147781  + /*  1160 */    42,  357, 1042,  373, 1293,  276,  509,  801,  185,  469,
       147782  + /*  1170 */   494,  436,  444,    6,  380,  156,  253,  197,  469,  134,
       147783  + /*  1180 */   426,   33, 1038,  373, 1121,  359, 1411,  114,  115,  105,
       147784  + /*  1190 */  1106, 1106,  957,  960,  950,  950,  112,  112,  113,  113,
       147785  + /*  1200 */   113,  113,  914,  296,   27,  293,   90,  114,  103,  105,
       147786  + /*  1210 */  1106, 1106,  957,  960,  950,  950,  112,  112,  113,  113,
       147787  + /*  1220 */   113,  113,  919,  275,  430,  232,  891,  232,  432,  256,
       147788  + /*  1230 */  1127,  232,  398,  370,  892,   28,  111,  111,  111,  111,
       147789  + /*  1240 */   110,  110,  109,  109,  109,  108,  404,  301,  454, 1385,
       147790  + /*  1250 */    90,  228,  209,  987,  811,  810,  111,  111,  111,  111,
       147791  + /*  1260 */   110,  110,  109,  109,  109,  108,  404,  315,  818,  819,
       147792  + /*  1270 */    90,  323,  983,  931,  885,  228,  373,  232,  999,  849,
       147793  + /*  1280 */   999,  322,  102,  998, 1384,  998,  785,  850,  440,  132,
       147794  + /*  1290 */   102,  302, 1243,  306,  309,  311,  373,  313, 1194, 1180,
       147795  + /*  1300 */   987,  115,  105, 1106, 1106,  957,  960,  950,  950,  112,
       147796  + /*  1310 */   112,  113,  113,  113,  113, 1178, 1179,  318,  327,  328,
       147797  + /*  1320 */   931, 1255,  105, 1106, 1106,  957,  960,  950,  950,  112,
       147798  + /*  1330 */   112,  113,  113,  113,  113, 1292, 1230, 1457,  273, 1241,
       147799  + /*  1340 */   504,  505, 1298,  100,  510,  246,    4, 1161, 1154,  111,
       147800  + /*  1350 */   111,  111,  111,  110,  110,  109,  109,  109,  108,  404,
       147801  + /*  1360 */   513, 1143,  187, 1142,  202, 1144, 1451,  356, 1227,  111,
       147802  + /*  1370 */   111,  111,  111,  110,  110,  109,  109,  109,  108,  404,
       147803  + /*  1380 */    11, 1277,  330,  405,  332,  334,  191, 1285,  364,  195,
       147804  + /*  1390 */   295,  417,  288,  100,  510,  507,    4,  434,  459,  321,
       147805  + /*  1400 */  1177,  349, 1357, 1356,  336,  155,  190, 1454, 1121,  158,
       147806  + /*  1410 */   513,  508,  235, 1404,  937, 1402, 1118,  381,   77,  428,
       147807  + /*  1420 */    98,   98,    8, 1282,  168,   30,  152,   99,  160,  405,
       147808  + /*  1430 */   520,  519,   88,  405,  927, 1362, 1274,  420,  163,   73,
       147809  + /*  1440 */   164,   76,  165,  166,  421,  507,  452,  212,  361,  363,
       147810  + /*  1450 */   427,  276,  509,   31, 1288,  172,  491,  441,  216, 1351,
       147811  + /*  1460 */    82,  490,  447, 1373,  937,  927,  927,  929,  930,   24,
       147812  + /*  1470 */    98,   98,  304,  247,  218,  177,  308,   99,  219,  405,
       147813  + /*  1480 */   520,  519,  450, 1145,  927,  220,  366, 1197,  100,  510,
       147814  + /*  1490 */   465,    4, 1188, 1196, 1195,  394,  803, 1169, 1187,  367,
       147815  + /*  1500 */  1168,  396,  484,  320, 1167,  513, 1466,   87,  475,  100,
       147816  + /*  1510 */   510,  271,    4,  272,  478,  927,  927,  929,  930,   24,
       147817  + /*  1520 */  1443, 1074,  407, 1238, 1239,  258,  513,  329,  405,  331,
       147818  + /*  1530 */   355,  355,  354,  243,  352,  234,  489,  774,  498,  184,
       147819  + /*  1540 */   507,  338, 1422,  339,  117, 1220,   10,  341,  333,  405,
       147820  + /*  1550 */   204,  491,  282, 1219, 1237, 1236,  492,  335,  343,  937,
       147821  + /*  1560 */   281,  507,   94, 1337,  186,   98,   98,  347,   89,  487,
       147822  + /*  1570 */   348,  241,   99,   29,  405,  520,  519,  274, 1151,  927,
       147823  + /*  1580 */   937,  521, 1080,  245,  242,  244,   98,   98,  856,  522,
       147824  + /*  1590 */   206, 1140, 1135,   99,  144,  405,  520,  519,  147,  375,
       147825  + /*  1600 */   927,  149,  376,  157, 1389, 1390, 1388, 1387,  205,  145,
       147826  + /*  1610 */   927,  927,  929,  930,   24,  146,  130,  761, 1165, 1164,
       147827  + /*  1620 */    72,  100,  510, 1162,    4,  269,  406,  188,  278,  201,
       147828  + /*  1630 */   259,  927,  927,  929,  930,   24,  128,  911,  513,  997,
       147829  + /*  1640 */   995,  159,  374,  208,  148,  161,  835,  276,  509,  211,
       147830  + /*  1650 */   294, 1011,  915,  167,  150,  383,  169,   78,  385,   79,
       147831  + /*  1660 */    80,  405,   81,  151, 1014,  213,  214, 1010,  139,   18,
       147832  + /*  1670 */   412,  215,  303,  507,  232, 1115, 1003,  446,  173,  217,
       147833  + /*  1680 */   174,   32,  776,  451,  491,  322,  221,  175,  814,  490,
       147834  + /*  1690 */    83,  455,  937,   19,  460,  316,   20,   84,   98,   98,
       147835  + /*  1700 */   270,  182,   85,  467,  153,   99,  154,  405,  520,  519,
       147836  + /*  1710 */  1074,  407,  927,  183,  258,  963, 1046,   86,   34,  355,
       147837  + /*  1720 */   355,  354,  243,  352,  474, 1047,  774,   35,  477,  196,
       147838  + /*  1730 */   250,  100,  510,  252,    4,  884,  178,  231, 1060,  204,
       147839  + /*  1740 */    21,  282,  102,  927,  927,  929,  930,   24,  513,  281,
       147840  + /*  1750 */   879,   22, 1064, 1062, 1051,    7,  340,   23,  978,  179,
       147841  + /*  1760 */    90,   92,  510,  964,    4,  236,  962,  966, 1020, 1019,
       147842  + /*  1770 */   237,  405,  967,   25,   36,  514,  932,  786,  513,  206,
       147843  + /*  1780 */   101,   26,  845,  507,  238,  239, 1459,  147,  350, 1458,
       147844  + /*  1790 */   149,  353, 1075, 1131, 1131, 1131, 1131,  205, 1131, 1131,
       147845  + /*  1800 */  1131,  405,  937, 1131, 1131, 1131, 1131, 1131,   98,   98,
       147846  + /*  1810 */  1131, 1131, 1131,  507, 1131,   99, 1131,  405,  520,  519,
       147847  + /*  1820 */  1131, 1131,  927, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147848  + /*  1830 */  1131,  374,  937, 1131, 1131, 1131,  276,  509,   98,   98,
       147849  + /*  1840 */  1131, 1131, 1131, 1131, 1131,   99, 1131,  405,  520,  519,
       147850  + /*  1850 */  1131, 1131,  927,  927,  927,  929,  930,   24, 1131,  412,
       147851  + /*  1860 */  1131, 1131, 1131,  258, 1131, 1131, 1131, 1131,  355,  355,
       147852  + /*  1870 */   354,  243,  352, 1131, 1131,  774, 1131, 1131, 1131, 1131,
       147853  + /*  1880 */  1131, 1131, 1131,  927,  927,  929,  930,   24,  204, 1131,
       147854  + /*  1890 */   282, 1131, 1131, 1131, 1131, 1131, 1131, 1131,  281, 1131,
       147855  + /*  1900 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147856  + /*  1910 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147857  + /*  1920 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,  206, 1131,
       147858  + /*  1930 */  1131, 1131, 1131, 1131, 1131, 1131,  147, 1131, 1131,  149,
       147859  + /*  1940 */  1131, 1131, 1131, 1131, 1131, 1131,  205, 1131, 1131, 1131,
       147860  + /*  1950 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147861  + /*  1960 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147862  + /*  1970 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147863  + /*  1980 */   374, 1131, 1131, 1131, 1131,  276,  509, 1131, 1131, 1131,
       147864  + /*  1990 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,
       147865  + /*  2000 */  1131, 1131, 1131, 1131, 1131, 1131, 1131, 1131,  412,
147357 147866   };
147358 147867   static const YYCODETYPE yy_lookahead[] = {
147359         - /*     0 */   184,  238,  239,  240,  238,  239,  240,  163,  155,  156,
147360         - /*    10 */   157,  158,  159,  160,  163,  191,  192,  183,  165,   19,
147361         - /*    20 */   167,  258,  202,  203,  200,  191,  163,  174,  184,  185,
147362         - /*    30 */   174,   31,  163,  163,  171,  184,  185,   35,  175,   39,
147363         - /*    40 */   179,  180,  181,   43,   44,   45,   46,   47,   48,   49,
147364         - /*    50 */    50,   51,   52,   53,   54,   55,   56,   57,  184,  206,
147365         - /*    60 */   207,  163,  206,  207,  220,  163,   16,  163,   66,  163,
147366         - /*    70 */    59,  270,  219,  229,  273,  219,   74,  208,  174,  223,
147367         - /*    80 */   224,  163,  184,  185,  163,  232,  184,  185,  184,  185,
147368         - /*    90 */   184,  185,   92,   93,   94,   95,   96,   97,   98,   99,
147369         - /*   100 */   100,  101,  102,  233,  198,  184,  185,   96,   97,  163,
147370         - /*   110 */   206,  207,   19,  163,  261,  104,  105,  106,  107,  198,
147371         - /*   120 */   109,  119,  220,  219,  220,  274,  275,   77,  117,   79,
147372         - /*   130 */   187,  229,   19,  229,  184,  185,   43,   44,   45,   46,
       147868  + /*     0 */   168,  163,  184,  238,  239,  240,  163,  163,  155,  156,
       147869  + /*    10 */   157,  158,  159,  160,  163,  202,  203,  187,  165,   19,
       147870  + /*    20 */   167,  163,  184,  185,  259,  202,  203,  174,  184,  185,
       147871  + /*    30 */   174,   31,  238,  239,  240,  184,  185,   22,   23,   39,
       147872  + /*    40 */   216,   26,  218,   43,   44,   45,   46,   47,   48,   49,
       147873  + /*    50 */    50,   51,   52,   53,   54,   55,   56,   57,  174,  206,
       147874  + /*    60 */   207,  163,  206,  207,  220,  163,  163,  163,  238,  239,
       147875  + /*    70 */   240,   59,  219,  229,  231,  219,  183,  245,  174,  223,
       147876  + /*    80 */   224,  249,  184,  185,  191,  232,  184,  185,  184,  185,
       147877  + /*    90 */   206,  207,   92,   93,   94,   95,   96,   97,   98,   99,
       147878  + /*   100 */   100,  101,  102,  219,  102,   81,   91,  163,   96,   97,
       147879  + /*   110 */   206,  207,   19,  275,  276,  262,  104,  105,  106,  107,
       147880  + /*   120 */   163,  109,  220,  219,  220,  184,  275,  269,  277,  117,
       147881  + /*   130 */   187,  229,   19,  229,  101,  102,   43,   44,   45,   46,
147373 147882    /*   140 */    47,   48,   49,   50,   51,   52,   53,   54,   55,   56,
147374         - /*   150 */    57,  233,  141,  134,  143,  102,   43,   44,   45,   46,
       147883  + /*   150 */    57,  127,  128,  141,  184,  143,   43,   44,   45,   46,
147375 147884    /*   160 */    47,   48,   49,   50,   51,   52,   53,   54,   55,   56,
147376         - /*   170 */    57,  152,  274,  216,  276,  218,   83,  163,   85,  233,
147377         - /*   180 */    67,  238,  239,  240,   11,   92,   93,   94,   95,   96,
       147885  + /*   170 */    57,  268,  269,  275,  276,  197,   83,  233,   85,  163,
       147886  + /*   180 */    67,  238,  239,  240,  134,   92,   93,   94,   95,   96,
147378 147887    /*   190 */    97,   98,   99,  100,  101,  102,   19,   54,   55,   56,
147379         - /*   200 */    57,   58,  163,   26,  163,   92,   93,   94,   95,   96,
       147888  + /*   200 */    57,   58,  152,   26,  247,   92,   93,   94,   95,   96,
147380 147889    /*   210 */    97,   98,   99,  100,  101,  102,   54,   55,   56,   57,
147381 147890    /*   220 */    43,   44,   45,   46,   47,   48,   49,   50,   51,   52,
147382 147891    /*   230 */    53,   54,   55,   56,   57,   92,   93,   94,   95,   96,
147383 147892    /*   240 */    97,   98,   99,  100,  101,  102,   69,   96,   97,   98,
147384 147893    /*   250 */    99,  100,  101,  102,   92,   93,   94,   95,   96,   97,
147385         - /*   260 */    98,   99,  100,  101,  102,   81,  179,  180,  181,   92,
       147894  + /*   260 */    98,   99,  100,  101,  102,   73,  179,  180,  181,   92,
147386 147895    /*   270 */    93,   94,   95,   96,   97,   98,   99,  100,  101,  102,
147387         - /*   280 */   163,  267,  268,  163,   22,   23,   59,  163,   26,   19,
147388         - /*   290 */   117,  118,  175,  109,   24,   59,   92,   93,   94,   95,
147389         - /*   300 */    96,   97,   98,   99,  100,  101,  102,  268,  184,  185,
147390         - /*   310 */   269,  127,  128,   43,   44,   45,   46,   47,   48,   49,
       147896  + /*   280 */   163,  191,  192,  163,   98,   99,  100,  101,  102,   19,
       147897  + /*   290 */   200,  179,  180,  181,   24,  175,   92,   93,   94,   95,
       147898  + /*   300 */    96,   97,   98,   99,  100,  101,  102,  163,  116,  117,
       147899  + /*   310 */   118,   22,  163,   43,   44,   45,   46,   47,   48,   49,
147391 147900    /*   320 */    50,   51,   52,   53,   54,   55,   56,   57,  157,  158,
147392         - /*   330 */   159,  160,  105,  106,  107,  163,  165,   59,  167,  184,
147393         - /*   340 */    90,  105,  106,  107,  108,  174,   73,  111,  112,  113,
147394         - /*   350 */    19,   22,  163,   91,   81,  163,  106,  121,   81,  132,
147395         - /*   360 */   110,   16,   92,   93,   94,   95,   96,   97,   98,   99,
147396         - /*   370 */   100,  101,  102,  184,  185,  255,   98,  206,  207,   26,
147397         - /*   380 */   101,  102,   19,  105,  106,  107,   23,  198,   59,  116,
147398         - /*   390 */   219,  141,  142,  143,   24,  163,  187,  205,  274,  275,
147399         - /*   400 */   127,  128,  182,  232,  127,  128,   43,   44,   45,   46,
       147901  + /*   330 */   159,  160,  163,  184,  185,  163,  165,   59,  167,   46,
       147902  + /*   340 */    90,   76,   11,  174,   73,  174,   19,  198,   59,   19,
       147903  + /*   350 */    72,   86,   81,  184,  185,  234,  106,   96,   97,  163,
       147904  + /*   360 */   110,  182,   92,   93,   94,   95,   96,   97,   98,   99,
       147905  + /*   370 */   100,  101,  102,   46,  230,  206,  207,  206,  207,  163,
       147906  + /*   380 */   184,  185,   19,  105,  106,  107,   23,  116,  219,  220,
       147907  + /*   390 */   219,  141,  142,  143,  105,  106,  107,  104,  127,  128,
       147908  + /*   400 */   184,  185,  141,  232,  143,   59,   43,   44,   45,   46,
147400 147909    /*   410 */    47,   48,   49,   50,   51,   52,   53,   54,   55,   56,
147401         - /*   420 */    57,  158,   77,  160,   79,   59,   26,  182,  165,   59,
147402         - /*   430 */   167,  199,  261,  102,  105,  106,  107,  174,   72,  108,
147403         - /*   440 */   109,  110,  111,  112,  113,  114,   59,  238,  239,  240,
147404         - /*   450 */   123,  120,  125,  126,  163,   92,   93,   94,   95,   96,
147405         - /*   460 */    97,   98,   99,  100,  101,  102,  163,  163,  163,  206,
147406         - /*   470 */   207,  105,  106,  107,  254,   19,  106,   90,  197,   23,
147407         - /*   480 */   127,  128,  219,  238,  239,  240,   22,  184,  185,  184,
147408         - /*   490 */   185,   22,  105,  106,  149,  232,  205,  110,  163,   43,
       147910  + /*   420 */    57,  158,  108,  160,   59,  111,  112,  113,  165,  250,
       147911  + /*   430 */   167,  104,  102,  262,  255,  121,  220,  174,  108,  109,
       147912  + /*   440 */   110,  111,  112,  113,  114,  229,  182,  120,  117,  118,
       147913  + /*   450 */   120,  105,  106,  107,  163,   92,   93,   94,   95,   96,
       147914  + /*   460 */    97,   98,   99,  100,  101,  102,  163,   22,   59,  206,
       147915  + /*   470 */   207,  106,  163,   26,  171,   19,  163,  193,  175,   23,
       147916  + /*   480 */   163,   22,  219,  206,  207,  139,  163,   22,   59,  182,
       147917  + /*   490 */   117,  118,   59,  184,  185,  232,  219,  184,  185,   43,
147409 147918    /*   500 */    44,   45,   46,   47,   48,   49,   50,   51,   52,   53,
147410         - /*   510 */    54,   55,   56,   57,   98,   99,  100,  101,  102,  184,
147411         - /*   520 */   185,  163,   53,   59,  261,  220,  117,  118,  141,  142,
147412         - /*   530 */   143,  131,  174,   59,  229,  116,  117,  118,  163,   59,
147413         - /*   540 */   163,  163,  184,  185,   59,  242,   72,   22,   92,   93,
147414         - /*   550 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  184,
147415         - /*   560 */   185,   24,  184,  185,  206,  207,  202,  203,   19,  105,
147416         - /*   570 */   106,  107,   23,  198,   22,  174,  198,  219,  220,  105,
147417         - /*   580 */   106,  107,   96,   97,   59,  105,  106,  107,   22,  174,
147418         - /*   590 */    59,  106,   43,   44,   45,   46,   47,   48,   49,   50,
147419         - /*   600 */    51,   52,   53,   54,   55,   56,   57,  206,  207,   12,
147420         - /*   610 */   108,   59,  132,  111,  112,  113,   46,   47,   48,   49,
147421         - /*   620 */   219,  206,  207,  121,   27,   59,  163,  141,  207,  143,
147422         - /*   630 */   105,  106,  107,  163,  219,  234,  105,  106,  107,   42,
147423         - /*   640 */   219,   92,   93,   94,   95,   96,   97,   98,   99,  100,
147424         - /*   650 */   101,  102,   76,  163,  184,  185,  163,  105,  106,  107,
147425         - /*   660 */    63,   19,   86,  163,  163,   23,  163,  130,  205,   21,
147426         - /*   670 */    73,  105,  106,  107,  184,  185,  163,  184,  185,  237,
147427         - /*   680 */   110,  180,  181,  180,  181,   43,   44,   45,   46,   47,
       147919  + /*   510 */    54,   55,   56,   57,  105,  106,  107,  108,   59,  255,
       147920  + /*   520 */   111,  112,  113,   90,   59,  262,   22,   98,  174,   12,
       147921  + /*   530 */   121,  208,  163,  220,  105,  106,  107,  163,  105,  106,
       147922  + /*   540 */    22,   96,   97,  110,   27,  238,  239,  240,   92,   93,
       147923  + /*   550 */    94,   95,   96,   97,   98,   99,  100,  101,  102,   42,
       147924  + /*   560 */   206,  207,  115,   59,  105,  106,  107,  163,   19,   59,
       147925  + /*   570 */   163,  106,   23,  219,  141,  142,  143,   59,  163,  205,
       147926  + /*   580 */    63,   59,   72,   22,  124,   59,  163,  270,  234,  129,
       147927  + /*   590 */    73,  163,   43,   44,   45,   46,   47,   48,   49,   50,
       147928  + /*   600 */    51,   52,   53,   54,   55,   56,   57,  184,  185,  105,
       147929  + /*   610 */   106,  107,  184,  185,  163,  105,  106,  107,  265,  266,
       147930  + /*   620 */    59,  198,  225,  105,  106,  107,  198,  105,  106,  107,
       147931  + /*   630 */   163,  105,  106,  107,  163,  184,  185,   46,   47,   48,
       147932  + /*   640 */    49,   92,   93,   94,   95,   96,   97,   98,   99,  100,
       147933  + /*   650 */   101,  102,  163,  163,  132,  184,  185,  163,  132,  163,
       147934  + /*   660 */   256,   19,  163,  163,  163,   23,  105,  106,  107,  198,
       147935  + /*   670 */   163,  220,  205,  184,  185,  163,   35,   81,  184,  185,
       147936  + /*   680 */   184,  185,  163,  184,  185,   43,   44,   45,   46,   47,
147428 147937    /*   690 */    48,   49,   50,   51,   52,   53,   54,   55,   56,   57,
147429         - /*   700 */   174,  163,  163,   22,   23,  163,  163,   26,   22,   23,
147430         - /*   710 */   220,   29,   73,  220,  272,   33,   22,  163,   24,   19,
147431         - /*   720 */   174,  208,  259,  184,  185,   19,  184,  185,   80,  175,
147432         - /*   730 */   230,  174,  206,  207,   92,   93,   94,   95,   96,   97,
147433         - /*   740 */    98,   99,  100,  101,  102,  219,   46,   65,  247,  195,
147434         - /*   750 */   247,  197,  206,  207,   19,  116,  117,  118,   23,  220,
147435         - /*   760 */   112,  174,  220,  206,  207,  219,   22,  174,   24,  174,
147436         - /*   770 */    22,   23,   91,  264,  265,  168,  219,   91,   43,   44,
       147938  + /*   700 */   163,  110,  163,  184,  185,  109,  205,   66,  163,   59,
       147939  + /*   710 */   163,   21,  205,   16,  174,   74,  220,  198,  163,  220,
       147940  + /*   720 */   230,  184,  185,  127,  128,  180,  181,  180,  181,  163,
       147941  + /*   730 */   175,  242,  174,  233,   92,   93,   94,   95,   96,   97,
       147942  + /*   740 */    98,   99,  100,  101,  102,  233,  206,  207,   26,  163,
       147943  + /*   750 */   195,  207,  197,   26,   19,  105,  106,  107,   23,  219,
       147944  + /*   760 */   119,  260,   26,  219,  206,  207,  174,   19,  174,  230,
       147945  + /*   770 */    80,  174,  163,  174,   77,  163,   79,  219,   43,   44,
147437 147946    /*   780 */    45,   46,   47,   48,   49,   50,   51,   52,   53,   54,
147438         - /*   790 */    55,   56,   57,  206,  207,   12,  163,  149,  255,  206,
147439         - /*   800 */   207,  206,  207,   59,  104,   23,  219,  163,   26,  163,
147440         - /*   810 */    27,  105,  219,  163,  219,  163,  211,  184,  185,  163,
147441         - /*   820 */   120,  163,  146,  163,  148,   42,  221,   92,   93,   94,
147442         - /*   830 */    95,   96,   97,   98,   99,  100,  101,  102,  163,   91,
147443         - /*   840 */   184,  185,  184,  185,  184,  185,   63,   19,  163,  205,
147444         - /*   850 */   106,   23,  245,  163,  208,  248,  116,  117,  118,  184,
147445         - /*   860 */   185,  163,  163,    7,    8,    9,  163,   19,   26,  184,
       147947  + /*   790 */    55,   56,   57,  248,   12,  248,  184,  185,  206,  207,
       147948  + /*   800 */   206,  207,  112,  206,  207,  206,  207,  206,  207,   27,
       147949  + /*   810 */   163,  219,  123,  219,  125,  126,  219,  208,  219,  163,
       147950  + /*   820 */   219,   22,   23,   23,   42,   26,   26,   92,   93,   94,
       147951  + /*   830 */    95,   96,   97,   98,   99,  100,  101,  102,  163,  149,
       147952  + /*   840 */   184,  185,  163,  107,  163,   63,  149,   19,  163,  127,
       147953  + /*   850 */   128,   23,   22,  105,   24,  116,  117,  118,  131,  184,
       147954  + /*   860 */   185,  163,  163,  184,  185,  184,  185,   19,  132,  184,
147446 147955    /*   870 */   185,   43,   44,   45,   46,   47,   48,   49,   50,   51,
147447         - /*   880 */    52,   53,   54,   55,   56,   57,  163,  184,  185,  107,
147448         - /*   890 */   163,   43,   44,   45,   46,   47,   48,   49,   50,   51,
147449         - /*   900 */    52,   53,   54,   55,   56,   57,  208,  255,  177,  178,
147450         - /*   910 */   163,  184,  185,  163,  132,  163,  141,  163,  143,   22,
       147956  + /*   880 */    52,   53,   54,   55,   56,   57,  146,  163,  148,   59,
       147957  + /*   890 */    91,   43,   44,   45,   46,   47,   48,   49,   50,   51,
       147958  + /*   900 */    52,   53,   54,   55,   56,   57,  208,  107,  184,  185,
       147959  + /*   910 */     7,    8,    9,  116,  117,  118,  163,  163,  163,   24,
147451 147960    /*   920 */    92,   93,   94,   95,   96,   97,   98,   99,  100,  101,
147452         - /*   930 */   102,  184,  185,  163,  184,  185,  184,  185,  184,  185,
       147961  + /*   930 */   102,   29,  132,  163,  163,   33,  106,  184,  185,  163,
147453 147962    /*   940 */    92,   93,   94,   95,   96,   97,   98,   99,  100,  101,
147454         - /*   950 */   102,  163,  163,  163,  184,  185,  163,  115,  163,  163,
147455         - /*   960 */   163,  163,   15,  163,  163,  163,  163,  163,   23,  163,
147456         - /*   970 */   163,   26,  184,  185,  184,  185,  163,  184,  185,  184,
147457         - /*   980 */   185,  184,  185,  163,  184,  185,  184,  185,  184,  185,
147458         - /*   990 */   184,  185,  163,   96,   97,  147,  163,  184,  185,  163,
147459         - /*  1000 */   199,  163,  163,  205,  184,  185,  163,   60,  163,  141,
147460         - /*  1010 */   163,  143,  163,  184,  185,   19,  163,  184,  185,  230,
147461         - /*  1020 */   184,  185,  184,  185,  206,  207,  230,  184,  185,  184,
147462         - /*  1030 */   185,  184,  185,  184,  185,   19,  163,  219,  231,   43,
       147963  + /*   950 */   102,  163,  163,  163,   59,  184,  185,  163,   22,  163,
       147964  + /*   960 */   184,  185,  177,  178,  163,  163,  163,   65,  163,  199,
       147965  + /*   970 */   163,   26,  184,  185,  184,  185,  163,  163,  184,  185,
       147966  + /*   980 */   184,  185,  163,   98,  163,  184,  185,  184,  185,  184,
       147967  + /*   990 */   185,  184,  185,  252,  205,  147,  163,   61,  184,  185,
       147968  + /*  1000 */   163,  106,  163,  184,  185,  163,  163,  205,  163,  124,
       147969  + /*  1010 */   163,  256,  163,  163,  129,   19,  163,  184,  185,  163,
       147970  + /*  1020 */   199,  184,  185,  184,  185,   23,  184,  185,   26,  184,
       147971  + /*  1030 */   185,  184,  185,  184,  185,   19,  163,  184,  185,   43,
147463 147972    /*  1040 */    44,   45,   46,   47,   48,   49,   50,   51,   52,   53,
147464         - /*  1050 */    54,   55,   56,   57,  163,   26,  163,  184,  185,   43,
       147973  + /*  1050 */    54,   55,   56,   57,  163,  163,  163,  184,  185,   43,
147465 147974    /*  1060 */    44,   45,   46,   47,   48,   49,   50,   51,   52,   53,
147466         - /*  1070 */    54,   55,   56,   57,  163,  184,  185,  184,  185,  163,
147467         - /*  1080 */   182,  163,  163,  163,  163,  163,   22,  163,   92,   93,
147468         - /*  1090 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  163,
147469         - /*  1100 */   184,  185,  184,  185,  163,  184,  185,  163,   92,   93,
       147975  + /*  1070 */    54,   55,   56,   57,   16,  184,  185,  184,  185,  163,
       147976  + /*  1080 */   163,   22,   23,  138,  163,   19,  163,  231,   92,   93,
       147977  + /*  1090 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  256,
       147978  + /*  1100 */   163,  184,  185,  163,  163,  184,  185,  163,   92,   93,
147470 147979    /*  1110 */    94,   95,   96,   97,   98,   99,  100,  101,  102,  163,
147471         - /*  1120 */   184,  185,   98,   59,  163,  184,  185,  205,  184,  185,
147472         - /*  1130 */    23,  206,  207,   26,  163,   26,  107,  153,  154,  237,
147473         - /*  1140 */   184,  185,  231,  147,  219,  184,  185,  249,  124,  127,
147474         - /*  1150 */   128,  231,  254,  129,  163,  231,  177,  178,  262,  263,
147475         - /*  1160 */   118,  132,   19,   19,   46,  223,  224,   31,   24,   23,
147476         - /*  1170 */   106,  124,   26,   22,  272,   39,  129,   23,  109,  110,
147477         - /*  1180 */    26,  163,  140,   19,   22,  234,   59,   43,   44,   45,
       147980  + /*  1120 */    59,  184,  185,  163,  184,  185,  177,  178,  184,  185,
       147981  + /*  1130 */   163,  208,  163,  237,  163,   77,  163,   79,  163,   15,
       147982  + /*  1140 */   184,  185,  237,  147,  184,  185,   24,  231,  153,  154,
       147983  + /*  1150 */    91,  184,  185,  184,  185,  184,  185,  184,  185,  184,
       147984  + /*  1160 */   185,   22,   23,   19,  163,  127,  128,  106,   24,  273,
       147985  + /*  1170 */   271,  105,  231,  274,  263,  264,  223,  224,  273,   22,
       147986  + /*  1180 */   118,   24,   23,   19,   60,   26,  163,   43,   44,   45,
147478 147987    /*  1190 */    46,   47,   48,   49,   50,   51,   52,   53,   54,   55,
147479         - /*  1200 */    56,   57,  231,    7,    8,  193,   59,   43,   44,   45,
       147988  + /*  1200 */    56,   57,  140,   23,   22,  163,   26,   43,   44,   45,
147480 147989    /*  1210 */    46,   47,   48,   49,   50,   51,   52,   53,   54,   55,
147481         - /*  1220 */    56,   57,  104,   61,   23,   23,   23,   26,   26,   26,
147482         - /*  1230 */   163,   23,   23,  106,   26,   26,   92,   93,   94,   95,
147483         - /*  1240 */    96,   97,   98,   99,  100,  101,  102,  138,  105,   23,
147484         - /*  1250 */    59,   23,   26,  106,   26,  163,   92,   93,   94,   95,
147485         - /*  1260 */    96,   97,   98,   99,  100,  101,  102,  110,   23,   23,
147486         - /*  1270 */    23,   26,   26,   26,  163,  163,   19,  120,  163,  163,
147487         - /*  1280 */   163,  130,  163,  163,  163,  163,  163,  163,  163,  193,
147488         - /*  1290 */   193,  163,  163,  163,  163,  225,   19,  106,  163,  222,
147489         - /*  1300 */   163,   44,   45,   46,   47,   48,   49,   50,   51,   52,
147490         - /*  1310 */    53,   54,   55,   56,   57,  163,  163,  203,  163,  163,
147491         - /*  1320 */   222,  163,   45,   46,   47,   48,   49,   50,   51,   52,
147492         - /*  1330 */    53,   54,   55,   56,   57,  163,  163,  163,  163,  163,
147493         - /*  1340 */   251,  250,  209,   19,   20,  182,   22,  161,  222,   92,
       147990  + /*  1220 */    56,   57,   23,  211,   23,   26,   31,   26,   23,   22,
       147991  + /*  1230 */    91,   26,  231,  221,   39,   53,   92,   93,   94,   95,
       147992  + /*  1240 */    96,   97,   98,   99,  100,  101,  102,   23,   23,  163,
       147993  + /*  1250 */    26,   26,  130,   59,  109,  110,   92,   93,   94,   95,
       147994  + /*  1260 */    96,   97,   98,   99,  100,  101,  102,   23,    7,    8,
       147995  + /*  1270 */    26,  110,   23,   59,   23,   26,   19,   26,  141,   23,
       147996  + /*  1280 */   143,  120,   26,  141,  163,  143,   23,   23,  163,   26,
       147997  + /*  1290 */    26,  163,  163,  163,  163,  163,   19,  163,  163,  193,
       147998  + /*  1300 */   106,   44,   45,   46,   47,   48,   49,   50,   51,   52,
       147999  + /*  1310 */    53,   54,   55,   56,   57,  163,  193,  163,  163,  163,
       148000  + /*  1320 */   106,  163,   45,   46,   47,   48,   49,   50,   51,   52,
       148001  + /*  1330 */    53,   54,   55,   56,   57,  163,  163,  130,  222,  163,
       148002  + /*  1340 */   163,  203,  163,   19,   20,  251,   22,  163,  163,   92,
147494 148003    /*  1350 */    93,   94,   95,   96,   97,   98,   99,  100,  101,  102,
147495         - /*  1360 */    36,  222,  222,  260,  226,  188,  256,  226,  187,   92,
       148004  + /*  1360 */    36,  163,  209,  163,  261,  163,  163,  161,  222,   92,
147496 148005    /*  1370 */    93,   94,   95,   96,   97,   98,   99,  100,  101,  102,
147497         - /*  1380 */   210,  213,  213,   59,  213,  196,  192,  187,  256,  244,
147498         - /*  1390 */   212,  187,  226,   19,   20,   71,   22,  210,  166,   60,
147499         - /*  1400 */   130,  170,  260,  170,   38,   81,  257,  257,  170,  104,
147500         - /*  1410 */    36,   22,   43,  201,   90,  236,  138,  235,  213,   18,
147501         - /*  1420 */    96,   97,   48,  204,  204,  204,  204,  103,  170,  105,
147502         - /*  1430 */   106,  107,   18,   59,  110,  169,  213,  213,  201,  170,
147503         - /*  1440 */   201,  169,  236,  213,  146,   71,  235,   62,  253,  252,
147504         - /*  1450 */   170,  127,  128,  169,   22,  170,   82,  189,  169,  104,
147505         - /*  1460 */   170,   87,  169,  189,   90,  141,  142,  143,  144,  145,
147506         - /*  1470 */    96,   97,  186,  186,  186,   64,  194,  103,  186,  105,
147507         - /*  1480 */   106,  107,  115,  189,  110,  188,  186,  186,   19,   20,
147508         - /*  1490 */   194,   22,  186,  189,  102,  246,  246,  189,  133,  228,
147509         - /*  1500 */   104,  228,  227,  227,  170,   36,  134,  228,  227,   19,
147510         - /*  1510 */    20,  228,   22,   84,  271,  141,  142,  143,  144,  145,
147511         - /*  1520 */     0,    1,    2,  216,   22,    5,   36,  137,   59,  227,
147512         - /*  1530 */    10,   11,   12,   13,   14,  217,  269,   17,  216,   22,
147513         - /*  1540 */    71,  170,  243,  146,  241,  217,  136,  215,  135,   59,
147514         - /*  1550 */    30,   82,   32,   25,  214,  213,   87,  173,   26,   90,
147515         - /*  1560 */    40,   71,   13,  172,  164,   96,   97,  164,    6,  162,
147516         - /*  1570 */   162,  162,  103,  263,  105,  106,  107,  266,  266,  110,
147517         - /*  1580 */    90,  176,  176,  190,  182,  190,   96,   97,   98,    4,
147518         - /*  1590 */    70,  176,    3,  103,  182,  105,  106,  107,   78,  182,
147519         - /*  1600 */   110,   81,  182,  182,  182,  182,  182,  151,   88,   22,
147520         - /*  1610 */   141,  142,  143,  144,  145,   15,   89,   16,   23,   23,
147521         - /*  1620 */   128,   19,   20,  139,   22,  119,  131,   24,   20,  133,
147522         - /*  1630 */    16,  141,  142,  143,  144,  145,    1,  140,   36,  131,
147523         - /*  1640 */   119,   61,  122,   37,  139,   53,   53,  127,  128,  119,
147524         - /*  1650 */    53,   53,  105,   34,  130,    1,    5,  104,   22,  149,
147525         - /*  1660 */    26,   59,   68,   75,   41,  130,   24,   68,  104,   20,
147526         - /*  1670 */   150,   19,  120,   71,  114,   22,   67,   22,   22,   67,
147527         - /*  1680 */    23,   22,   22,   67,   82,   37,   28,   23,  138,   87,
147528         - /*  1690 */    22,  153,   90,   23,   23,   26,   23,   22,   96,   97,
147529         - /*  1700 */    24,   23,   22,   24,  130,  103,   23,  105,  106,  107,
147530         - /*  1710 */     1,    2,  110,   23,    5,  105,   34,   22,  132,   10,
147531         - /*  1720 */    11,   12,   13,   14,   26,   34,   17,   34,   85,   83,
147532         - /*  1730 */    44,   19,   20,   23,   22,   24,   75,   34,   23,   30,
147533         - /*  1740 */    26,   32,   26,  141,  142,  143,  144,  145,   36,   40,
147534         - /*  1750 */    23,   23,   23,   23,   11,   23,   22,   26,   22,   22,
147535         - /*  1760 */    22,   19,   20,   23,   22,   26,   15,   23,   22,  124,
147536         - /*  1770 */   130,   59,   23,    1,  130,  277,  277,  130,   36,   70,
147537         - /*  1780 */   130,  277,  277,   71,  277,  277,  277,   78,  277,  277,
147538         - /*  1790 */    81,  277,  277,  277,  277,  277,  277,   88,  277,  277,
147539         - /*  1800 */   277,   59,   90,  277,  277,  277,  277,  277,   96,   97,
147540         - /*  1810 */   277,  277,  277,   71,  277,  103,  277,  105,  106,  107,
147541         - /*  1820 */   277,  277,  110,  277,  277,  277,  277,  277,  277,  277,
147542         - /*  1830 */   277,  122,   90,  277,  277,  277,  127,  128,   96,   97,
147543         - /*  1840 */   277,  277,  277,  277,  277,  103,  277,  105,  106,  107,
147544         - /*  1850 */   277,  277,  110,  141,  142,  143,  144,  145,  277,  150,
147545         - /*  1860 */   277,  277,  277,    5,  277,  277,  277,  277,   10,   11,
147546         - /*  1870 */    12,   13,   14,  277,  277,   17,  277,  277,  277,  277,
147547         - /*  1880 */   277,  277,  277,  141,  142,  143,  144,  145,   30,  277,
147548         - /*  1890 */    32,  277,  277,  277,  277,  277,  277,  277,   40,  277,
147549         - /*  1900 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147550         - /*  1910 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147551         - /*  1920 */   277,  277,  277,  277,  277,  277,  277,  277,   70,  277,
147552         - /*  1930 */   277,  277,  277,  277,  277,  277,   78,  277,  277,   81,
147553         - /*  1940 */   277,  277,  277,  277,  277,  277,   88,  277,  277,  277,
147554         - /*  1950 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147555         - /*  1960 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147556         - /*  1970 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147557         - /*  1980 */   122,  277,  277,  277,  277,  127,  128,  277,  277,  277,
147558         - /*  1990 */   277,  277,  277,  277,  277,  277,  277,  277,  277,  277,
147559         - /*  2000 */   277,  277,  277,  277,  277,  277,  277,  277,  150,  277,
147560         - /*  2010 */   277,  277,  277,  277,  277,  277,  277,  277,  277,
147561         -};
147562         -#define YY_SHIFT_COUNT    (520)
       148006  + /*  1380 */   210,  213,  222,   59,  222,  222,  182,  213,  213,  196,
       148007  + /*  1390 */   257,  226,  226,   19,   20,   71,   22,  257,  188,  187,
       148008  + /*  1400 */   192,  212,  187,  187,  226,   81,  210,  166,   60,  261,
       148009  + /*  1410 */    36,  244,  130,  170,   90,  170,   38,  170,  139,  104,
       148010  + /*  1420 */    96,   97,   48,  236,   22,  235,   43,  103,  201,  105,
       148011  + /*  1430 */   106,  107,  138,   59,  110,  247,  213,   18,  204,  258,
       148012  + /*  1440 */   204,  258,  204,  204,  170,   71,   18,  169,  213,  236,
       148013  + /*  1450 */   213,  127,  128,  235,  201,  201,   82,  170,  169,  213,
       148014  + /*  1460 */   146,   87,   62,  254,   90,  141,  142,  143,  144,  145,
       148015  + /*  1470 */    96,   97,  253,  170,  169,   22,  170,  103,  169,  105,
       148016  + /*  1480 */   106,  107,  189,  170,  110,  169,  189,  186,   19,   20,
       148017  + /*  1490 */   104,   22,  194,  186,  186,   64,  115,  186,  194,  189,
       148018  + /*  1500 */   188,  102,  133,  186,  186,   36,  186,  104,  189,   19,
       148019  + /*  1510 */    20,  246,   22,  246,  189,  141,  142,  143,  144,  145,
       148020  + /*  1520 */     0,    1,    2,  228,  228,    5,   36,  227,   59,  227,
       148021  + /*  1530 */    10,   11,   12,   13,   14,  170,   84,   17,  134,  216,
       148022  + /*  1540 */    71,  272,  270,   22,  137,  217,   22,  216,  227,   59,
       148023  + /*  1550 */    30,   82,   32,  217,  228,  228,   87,  227,  170,   90,
       148024  + /*  1560 */    40,   71,  146,  241,  215,   96,   97,  214,  136,  135,
       148025  + /*  1570 */   213,   25,  103,   26,  105,  106,  107,  243,  173,  110,
       148026  + /*  1580 */    90,  172,   13,    6,  164,  164,   96,   97,   98,  162,
       148027  + /*  1590 */    70,  162,  162,  103,  176,  105,  106,  107,   78,  267,
       148028  + /*  1600 */   110,   81,  267,  264,  182,  182,  182,  182,   88,  176,
       148029  + /*  1610 */   141,  142,  143,  144,  145,  176,  190,    4,  182,  182,
       148030  + /*  1620 */   182,   19,   20,  182,   22,  190,    3,   22,  151,   15,
       148031  + /*  1630 */    89,  141,  142,  143,  144,  145,   16,  128,   36,   23,
       148032  + /*  1640 */    23,  139,  122,   24,  119,  131,   20,  127,  128,  133,
       148033  + /*  1650 */    16,    1,  140,  131,  119,   61,  139,   53,   37,   53,
       148034  + /*  1660 */    53,   59,   53,  119,  105,   34,  130,    1,    5,   22,
       148035  + /*  1670 */   150,  104,  149,   71,   26,   75,   68,   41,   68,  130,
       148036  + /*  1680 */   104,   24,   20,   19,   82,  120,  114,   22,   28,   87,
       148037  + /*  1690 */    22,   67,   90,   22,   67,   23,   22,   22,   96,   97,
       148038  + /*  1700 */    67,   23,  138,   22,   37,  103,  153,  105,  106,  107,
       148039  + /*  1710 */     1,    2,  110,   23,    5,   23,   23,   26,   22,   10,
       148040  + /*  1720 */    11,   12,   13,   14,   24,   23,   17,   22,   24,  130,
       148041  + /*  1730 */    23,   19,   20,   23,   22,  105,   22,   34,   85,   30,
       148042  + /*  1740 */    34,   32,   26,  141,  142,  143,  144,  145,   36,   40,
       148043  + /*  1750 */   132,   34,   75,   83,   23,   44,   24,   34,   23,   26,
       148044  + /*  1760 */    26,   19,   20,   23,   22,   26,   23,   23,   23,   23,
       148045  + /*  1770 */    22,   59,   11,   22,   22,   26,   23,   23,   36,   70,
       148046  + /*  1780 */    22,   22,  124,   71,  130,  130,  130,   78,   23,  130,
       148047  + /*  1790 */    81,   15,    1,  278,  278,  278,  278,   88,  278,  278,
       148048  + /*  1800 */   278,   59,   90,  278,  278,  278,  278,  278,   96,   97,
       148049  + /*  1810 */   278,  278,  278,   71,  278,  103,  278,  105,  106,  107,
       148050  + /*  1820 */   278,  278,  110,  278,  278,  278,  278,  278,  278,  278,
       148051  + /*  1830 */   278,  122,   90,  278,  278,  278,  127,  128,   96,   97,
       148052  + /*  1840 */   278,  278,  278,  278,  278,  103,  278,  105,  106,  107,
       148053  + /*  1850 */   278,  278,  110,  141,  142,  143,  144,  145,  278,  150,
       148054  + /*  1860 */   278,  278,  278,    5,  278,  278,  278,  278,   10,   11,
       148055  + /*  1870 */    12,   13,   14,  278,  278,   17,  278,  278,  278,  278,
       148056  + /*  1880 */   278,  278,  278,  141,  142,  143,  144,  145,   30,  278,
       148057  + /*  1890 */    32,  278,  278,  278,  278,  278,  278,  278,   40,  278,
       148058  + /*  1900 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148059  + /*  1910 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148060  + /*  1920 */   278,  278,  278,  278,  278,  278,  278,  278,   70,  278,
       148061  + /*  1930 */   278,  278,  278,  278,  278,  278,   78,  278,  278,   81,
       148062  + /*  1940 */   278,  278,  278,  278,  278,  278,   88,  278,  278,  278,
       148063  + /*  1950 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148064  + /*  1960 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148065  + /*  1970 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148066  + /*  1980 */   122,  278,  278,  278,  278,  127,  128,  278,  278,  278,
       148067  + /*  1990 */   278,  278,  278,  278,  278,  278,  278,  278,  278,  278,
       148068  + /*  2000 */   278,  278,  278,  278,  278,  278,  278,  278,  150,  278,
       148069  + /*  2010 */   278,  278,  278,  278,  278,  278,  278,  278,  278,
       148070  +};
       148071  +#define YY_SHIFT_COUNT    (523)
147563 148072   #define YY_SHIFT_MIN      (0)
147564 148073   #define YY_SHIFT_MAX      (1858)
147565 148074   static const unsigned short int yy_shift_ofst[] = {
147566         - /*     0 */  1709, 1520, 1858, 1324, 1324,  277, 1374, 1469, 1602, 1712,
147567         - /*    10 */  1712, 1712,  273,    0,    0,  113, 1016, 1712, 1712, 1712,
147568         - /*    20 */  1712, 1712, 1712, 1712, 1712, 1712, 1712,   11,   11,  236,
147569         - /*    30 */   184,  277,  277,  277,  277,  277,  277,   93,  177,  270,
       148075  + /*     0 */  1709, 1520, 1858, 1324, 1324,   24, 1374, 1469, 1602, 1712,
       148076  + /*    10 */  1712, 1712,  271,    0,    0,  113, 1016, 1712, 1712, 1712,
       148077  + /*    20 */  1712, 1712, 1712, 1712, 1712, 1712, 1712,   12,   12,  409,
       148078  + /*    30 */   596,   24,   24,   24,   24,   24,   24,   93,  177,  270,
147570 148079    /*    40 */   363,  456,  549,  642,  735,  828,  848,  996, 1144, 1016,
147571 148080    /*    50 */  1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016, 1016,
147572         - /*    60 */  1016, 1016, 1016, 1016, 1016, 1016, 1164, 1016, 1257, 1277,
147573         - /*    70 */  1277, 1490, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
       148081  + /*    60 */  1016, 1016, 1016, 1016, 1016, 1016, 1016, 1164, 1016, 1257,
       148082  + /*    70 */  1277, 1277, 1490, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
147574 148083    /*    80 */  1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
147575 148084    /*    90 */  1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,
147576         - /*   100 */  1712, 1712, 1712, 1742, 1712, 1712, 1712, 1712, 1712, 1712,
147577         - /*   110 */  1712, 1712, 1712, 1712, 1712, 1712, 1712,  143,  162,  162,
147578         - /*   120 */   162,  162,  162,  204,  151,  416,  531,  648,  700,  531,
147579         - /*   130 */   486,  486,  531,  353,  353,  353,  353,  409,  279,   53,
147580         - /*   140 */  2009, 2009,  331,  331,  331,  329,  366,  329,  329,  597,
147581         - /*   150 */   597,  464,  474,  262,  681,  531,  531,  531,  531,  531,
147582         - /*   160 */   531,  531,  531,  531,  531,  531,  531,  531,  531,  531,
147583         - /*   170 */   531,  531,  531,  531,  531,  531,  531,  173,  485,  984,
147584         - /*   180 */   984,  576,  485,   19, 1022, 2009, 2009, 2009,  387,  250,
147585         - /*   190 */   250,  525,  502,  278,  552,  227,  480,  566,  531,  531,
147586         - /*   200 */   531,  531,  531,  531,  531,  531,  531,  531,  639,  531,
147587         - /*   210 */   531,  531,  531,  531,  531,  531,  531,  531,  531,  531,
147588         - /*   220 */   531,    2,    2,    2,  531,  531,  531,  531,  782,  531,
147589         - /*   230 */   531,  531,  744,  531,  531,  783,  531,  531,  531,  531,
147590         - /*   240 */   531,  531,  531,  531,  419,  682,  327,  370,  370,  370,
147591         - /*   250 */   370, 1029,  327,  327, 1024,  897,  856,  947, 1109,  706,
147592         - /*   260 */   706, 1143, 1109, 1109, 1143,  842,  945, 1118, 1136, 1136,
147593         - /*   270 */  1136,  706,  676,  400, 1047,  694, 1339, 1270, 1270, 1366,
147594         - /*   280 */  1366, 1270, 1305, 1389, 1369, 1278, 1401, 1401, 1401, 1401,
147595         - /*   290 */  1270, 1414, 1278, 1278, 1305, 1389, 1369, 1369, 1278, 1270,
147596         - /*   300 */  1414, 1298, 1385, 1270, 1414, 1432, 1270, 1414, 1270, 1414,
147597         - /*   310 */  1432, 1355, 1355, 1355, 1411, 1432, 1355, 1367, 1355, 1411,
147598         - /*   320 */  1355, 1355, 1432, 1392, 1392, 1432, 1365, 1396, 1365, 1396,
147599         - /*   330 */  1365, 1396, 1365, 1396, 1270, 1372, 1429, 1502, 1390, 1372,
147600         - /*   340 */  1517, 1270, 1397, 1390, 1410, 1413, 1278, 1528, 1532, 1549,
147601         - /*   350 */  1549, 1562, 1562, 1562, 2009, 2009, 2009, 2009, 2009, 2009,
       148085  + /*   100 */  1712, 1712, 1712, 1712, 1712, 1742, 1712, 1712, 1712, 1712,
       148086  + /*   110 */  1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712, 1712,  143,
       148087  + /*   120 */   162,  162,  162,  162,  162,  204,  151,  186,  650,  690,
       148088  + /*   130 */   327,  650,  261,  261,  650,  722,  722,  722,  722,  373,
       148089  + /*   140 */    33,    2, 2009, 2009,  330,  330,  330,  346,  289,  278,
       148090  + /*   150 */   289,  289,  517,  517,  459,  510,   15,  799,  650,  650,
       148091  + /*   160 */   650,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148092  + /*   170 */   650,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148093  + /*   180 */   331,  365,  995,  995,  265,  365,   50, 1038, 2009, 2009,
       148094  + /*   190 */  2009,  433,  250,  250,  504,  314,  429,  518,  522,  526,
       148095  + /*   200 */   561,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148096  + /*   210 */   192,  650,  650,  650,  650,  650,  650,  650,  650,  650,
       148097  + /*   220 */   650,  650,  650,  641,  641,  641,  650,  650,  650,  650,
       148098  + /*   230 */   800,  650,  650,  650,  830,  650,  650,  782,  650,  650,
       148099  + /*   240 */   650,  650,  650,  650,  650,  650,  739,  902,  689,  895,
       148100  + /*   250 */   895,  895,  895,  736,  689,  689,  885,  445,  903, 1124,
       148101  + /*   260 */   945,  748,  748, 1066,  945,  945, 1066,  447, 1002,  293,
       148102  + /*   270 */  1195, 1195, 1195,  748,  740,  727,  460, 1157, 1348, 1282,
       148103  + /*   280 */  1282, 1378, 1378, 1282, 1279, 1315, 1402, 1383, 1294, 1419,
       148104  + /*   290 */  1419, 1419, 1419, 1282, 1428, 1294, 1294, 1315, 1402, 1383,
       148105  + /*   300 */  1383, 1294, 1282, 1428, 1314, 1400, 1282, 1428, 1453, 1282,
       148106  + /*   310 */  1428, 1282, 1428, 1453, 1386, 1386, 1386, 1431, 1453, 1386,
       148107  + /*   320 */  1381, 1386, 1431, 1386, 1386, 1453, 1399, 1399, 1453, 1369,
       148108  + /*   330 */  1403, 1369, 1403, 1369, 1403, 1369, 1403, 1282, 1404, 1452,
       148109  + /*   340 */  1521, 1407, 1404, 1524, 1282, 1416, 1407, 1432, 1434, 1294,
       148110  + /*   350 */  1546, 1547, 1569, 1569, 1577, 1577, 1577, 2009, 2009, 2009,
147602 148111    /*   360 */  2009, 2009, 2009, 2009, 2009, 2009, 2009, 2009, 2009, 2009,
147603         - /*   370 */   570,  345,  686,  748,   50,  740, 1064, 1107,  469,  537,
147604         - /*   380 */  1042, 1146, 1162, 1154, 1201, 1202, 1203, 1208, 1209, 1127,
147605         - /*   390 */  1069, 1196, 1157, 1147, 1226, 1228, 1245,  775,  868, 1246,
147606         - /*   400 */  1247, 1191, 1151, 1585, 1589, 1587, 1456, 1600, 1527, 1601,
147607         - /*   410 */  1595, 1596, 1492, 1484, 1506, 1603, 1495, 1608, 1496, 1614,
147608         - /*   420 */  1635, 1508, 1497, 1521, 1580, 1606, 1505, 1592, 1593, 1597,
147609         - /*   430 */  1598, 1530, 1547, 1619, 1524, 1654, 1651, 1636, 1553, 1510,
147610         - /*   440 */  1594, 1634, 1599, 1588, 1623, 1535, 1564, 1642, 1649, 1652,
147611         - /*   450 */  1552, 1560, 1653, 1609, 1655, 1656, 1657, 1659, 1612, 1658,
147612         - /*   460 */  1660, 1616, 1648, 1664, 1550, 1668, 1538, 1670, 1671, 1669,
147613         - /*   470 */  1673, 1675, 1676, 1678, 1680, 1679, 1574, 1683, 1690, 1610,
147614         - /*   480 */  1682, 1695, 1586, 1698, 1691, 1698, 1693, 1643, 1661, 1646,
147615         - /*   490 */  1686, 1710, 1711, 1714, 1716, 1703, 1715, 1698, 1727, 1728,
147616         - /*   500 */  1729, 1730, 1731, 1732, 1734, 1743, 1736, 1737, 1740, 1744,
147617         - /*   510 */  1738, 1746, 1739, 1645, 1640, 1644, 1647, 1650, 1749, 1751,
147618         - /*   520 */  1772,
147619         -};
147620         -#define YY_REDUCE_COUNT (369)
147621         -#define YY_REDUCE_MIN   (-237)
147622         -#define YY_REDUCE_MAX   (1424)
       148112  + /*   370 */  2009, 2009, 2009,  591,  697, 1059, 1139, 1058,  797,  465,
       148113  + /*   380 */  1159, 1182, 1122, 1062, 1180,  936, 1199, 1201, 1205, 1224,
       148114  + /*   390 */  1225, 1244, 1061, 1145, 1261, 1161, 1194, 1249, 1251, 1256,
       148115  + /*   400 */  1137, 1142, 1263, 1264, 1214, 1207, 1613, 1623, 1605, 1477,
       148116  + /*   410 */  1614, 1541, 1620, 1616, 1617, 1509, 1502, 1525, 1619, 1514,
       148117  + /*   420 */  1626, 1516, 1634, 1650, 1522, 1512, 1535, 1594, 1621, 1517,
       148118  + /*   430 */  1604, 1606, 1607, 1609, 1544, 1559, 1631, 1536, 1666, 1663,
       148119  + /*   440 */  1647, 1567, 1523, 1608, 1648, 1610, 1600, 1636, 1549, 1576,
       148120  + /*   450 */  1657, 1662, 1664, 1565, 1572, 1665, 1624, 1668, 1671, 1672,
       148121  + /*   460 */  1674, 1627, 1660, 1675, 1633, 1667, 1678, 1564, 1681, 1553,
       148122  + /*   470 */  1690, 1692, 1691, 1693, 1696, 1700, 1702, 1705, 1704, 1599,
       148123  + /*   480 */  1707, 1710, 1630, 1703, 1714, 1618, 1716, 1706, 1716, 1717,
       148124  + /*   490 */  1653, 1677, 1670, 1711, 1731, 1732, 1733, 1734, 1723, 1735,
       148125  + /*   500 */  1716, 1740, 1743, 1744, 1745, 1739, 1746, 1748, 1761, 1751,
       148126  + /*   510 */  1752, 1753, 1754, 1758, 1759, 1749, 1658, 1654, 1655, 1656,
       148127  + /*   520 */  1659, 1765, 1776, 1791,
       148128  +};
       148129  +#define YY_REDUCE_COUNT (372)
       148130  +#define YY_REDUCE_MIN   (-235)
       148131  +#define YY_REDUCE_MAX   (1441)
147623 148132   static const short yy_reduce_ofst[] = {
147624         - /*     0 */  -147,  171,  263,  -96,  358, -144, -149, -102,  124, -156,
147625         - /*    10 */   -98,  305,  401,  -57,  209, -237,  245,  -94,  -79,  189,
147626         - /*    20 */   375,  490,  493,  378,  303,  539,  542,  501,  503,  554,
147627         - /*    30 */   415,  526,  546,  557,  587,  593,  595, -234, -234, -234,
147628         - /*    40 */  -234, -234, -234, -234, -234, -234, -234, -234, -234, -234,
147629         - /*    50 */  -234, -234, -234, -234, -234, -234, -234, -234, -234, -234,
147630         - /*    60 */  -234, -234, -234, -234, -234, -234, -234, -234, -234, -234,
147631         - /*    70 */  -234,  -50,  335,  470,  633,  656,  658,  660,  675,  685,
147632         - /*    80 */   703,  727,  747,  750,  752,  754,  770,  788,  790,  793,
147633         - /*    90 */   795,  797,  800,  802,  804,  806,  813,  820,  829,  833,
147634         - /*   100 */   836,  838,  843,  845,  847,  849,  873,  891,  893,  916,
147635         - /*   110 */   918,  921,  936,  941,  944,  956,  961, -234, -234, -234,
147636         - /*   120 */  -234, -234, -234, -234, -234, -234,  463,  607, -176,   14,
147637         - /*   130 */  -139,   87, -137,  818,  925,  818,  925,  898, -234, -234,
147638         - /*   140 */  -234, -234, -166, -166, -166, -130, -131,  -82,  -54, -180,
147639         - /*   150 */   364,   41,  513,  509,  509,  117,  500,  789,  796,  646,
147640         - /*   160 */   192,  291,  644,  798,  120,  807,  543,  911,  920,  652,
147641         - /*   170 */   924,  922,  232,  698,  801,  971,   39,  220,  731,  442,
147642         - /*   180 */   902, -199,  979,  -43,  421,  896,  942,  605, -184, -126,
147643         - /*   190 */   155,  172,  281,  304,  377,  538,  650,  690,  699,  723,
147644         - /*   200 */   803,  839,  853,  919,  991, 1018, 1067, 1092,  951, 1111,
147645         - /*   210 */  1112, 1115, 1116, 1117, 1119, 1120, 1121, 1122, 1123, 1124,
147646         - /*   220 */  1125, 1012, 1096, 1097, 1128, 1129, 1130, 1131, 1070, 1135,
147647         - /*   230 */  1137, 1152, 1077, 1153, 1155, 1114, 1156,  304, 1158, 1172,
147648         - /*   240 */  1173, 1174, 1175, 1176, 1089, 1091, 1133, 1098, 1126, 1139,
147649         - /*   250 */  1140, 1070, 1133, 1133, 1170, 1163, 1186, 1103, 1168, 1138,
147650         - /*   260 */  1141, 1110, 1169, 1171, 1132, 1177, 1189, 1194, 1181, 1200,
147651         - /*   270 */  1204, 1166, 1145, 1178, 1187, 1232, 1142, 1231, 1233, 1149,
147652         - /*   280 */  1150, 1238, 1179, 1182, 1212, 1205, 1219, 1220, 1221, 1222,
147653         - /*   290 */  1258, 1266, 1223, 1224, 1206, 1211, 1237, 1239, 1230, 1269,
147654         - /*   300 */  1272, 1195, 1197, 1280, 1284, 1268, 1285, 1289, 1290, 1293,
147655         - /*   310 */  1274, 1286, 1287, 1288, 1282, 1294, 1292, 1297, 1300, 1296,
147656         - /*   320 */  1301, 1306, 1304, 1249, 1250, 1308, 1271, 1275, 1273, 1276,
147657         - /*   330 */  1279, 1281, 1283, 1302, 1334, 1307, 1243, 1267, 1318, 1322,
147658         - /*   340 */  1303, 1371, 1299, 1328, 1332, 1340, 1342, 1384, 1391, 1400,
147659         - /*   350 */  1403, 1407, 1408, 1409, 1311, 1312, 1310, 1405, 1402, 1412,
147660         - /*   360 */  1417, 1420, 1406, 1393, 1395, 1421, 1422, 1423, 1424, 1415,
       148133  + /*     0 */  -147,  171,  263,  -96,  169, -144, -162, -149, -102, -156,
       148134  + /*    10 */   -98,  216,  354, -170,  -57, -235,  307,  149,  423,  428,
       148135  + /*    20 */   471,  313,  451,  519,  489,  496,  499,  545,  547,  555,
       148136  + /*    30 */  -116,  540,  558,  592,  594,  597,  599, -206, -206, -206,
       148137  + /*    40 */  -206, -206, -206, -206, -206, -206, -206, -206, -206, -206,
       148138  + /*    50 */  -206, -206, -206, -206, -206, -206, -206, -206, -206, -206,
       148139  + /*    60 */  -206, -206, -206, -206, -206, -206, -206, -206, -206, -206,
       148140  + /*    70 */  -206, -206,  196,  309,  494,  537,  612,  656,  675,  679,
       148141  + /*    80 */   681,  685,  724,  753,  771,  776,  788,  790,  794,  796,
       148142  + /*    90 */   801,  803,  805,  807,  814,  819,  833,  837,  839,  842,
       148143  + /*   100 */   845,  847,  849,  853,  873,  891,  893,  917,  921,  937,
       148144  + /*   110 */   940,  944,  956,  960,  967,  969,  971,  973,  975, -206,
       148145  + /*   120 */  -206, -206, -206, -206, -206, -206, -206, -206,  501, -168,
       148146  + /*   130 */    90,  -97,   87,  112,  303,  277,  601,  277,  601,  179,
       148147  + /*   140 */  -206, -206, -206, -206, -107, -107, -107,  -43,  -56,  323,
       148148  + /*   150 */   500,  512, -187, -177,  317,  609,  353,  353,  120,  144,
       148149  + /*   160 */   490,  539,  698,  374,  467,  507,  789,  404, -157,  755,
       148150  + /*   170 */   856,  916,  843,  941,  802,  770,  923,  821, 1001, -142,
       148151  + /*   180 */   264,  785,  896,  905,  899,  949, -176,  544,  911,  953,
       148152  + /*   190 */  1012, -182,  -59,  -30,   16,  -22,  117,  172,  291,  369,
       148153  + /*   200 */   407,  415,  566,  586,  647,  699,  754,  813,  850,  892,
       148154  + /*   210 */   121, 1023, 1042, 1086, 1121, 1125, 1128, 1129, 1130, 1131,
       148155  + /*   220 */  1132, 1134, 1135,  284, 1106, 1123, 1152, 1154, 1155, 1156,
       148156  + /*   230 */   397, 1158, 1172, 1173, 1116, 1176, 1177, 1138, 1179,  117,
       148157  + /*   240 */  1184, 1185, 1198, 1200, 1202, 1203,  741, 1094, 1153, 1146,
       148158  + /*   250 */  1160, 1162, 1163,  397, 1153, 1153, 1170, 1204, 1206, 1103,
       148159  + /*   260 */  1168, 1165, 1166, 1133, 1174, 1175, 1140, 1210, 1193, 1208,
       148160  + /*   270 */  1212, 1215, 1216, 1178, 1167, 1189, 1196, 1241, 1148, 1243,
       148161  + /*   280 */  1245, 1181, 1183, 1247, 1188, 1187, 1190, 1227, 1223, 1234,
       148162  + /*   290 */  1236, 1238, 1239, 1274, 1278, 1235, 1237, 1213, 1218, 1253,
       148163  + /*   300 */  1254, 1246, 1287, 1289, 1209, 1219, 1303, 1305, 1293, 1306,
       148164  + /*   310 */  1309, 1313, 1316, 1297, 1301, 1307, 1308, 1298, 1310, 1311,
       148165  + /*   320 */  1312, 1317, 1304, 1318, 1320, 1319, 1265, 1267, 1325, 1295,
       148166  + /*   330 */  1300, 1296, 1302, 1326, 1321, 1327, 1330, 1365, 1323, 1269,
       148167  + /*   340 */  1272, 1328, 1331, 1322, 1388, 1334, 1336, 1349, 1353, 1357,
       148168  + /*   350 */  1405, 1409, 1420, 1421, 1427, 1429, 1430, 1332, 1335, 1339,
       148169  + /*   360 */  1418, 1422, 1423, 1424, 1425, 1433, 1426, 1435, 1436, 1437,
       148170  + /*   370 */  1438, 1441, 1439,
147661 148171   };
147662 148172   static const YYACTIONTYPE yy_default[] = {
147663         - /*     0 */  1492, 1492, 1492, 1340, 1123, 1229, 1123, 1123, 1123, 1340,
147664         - /*    10 */  1340, 1340, 1123, 1259, 1259, 1391, 1154, 1123, 1123, 1123,
147665         - /*    20 */  1123, 1123, 1123, 1123, 1339, 1123, 1123, 1123, 1123, 1123,
147666         - /*    30 */  1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1265, 1123,
147667         - /*    40 */  1123, 1123, 1123, 1123, 1341, 1342, 1123, 1123, 1123, 1390,
147668         - /*    50 */  1392, 1275, 1274, 1273, 1272, 1373, 1246, 1270, 1263, 1267,
147669         - /*    60 */  1335, 1336, 1334, 1338, 1342, 1341, 1123, 1266, 1306, 1320,
147670         - /*    70 */  1305, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123,
147671         - /*    80 */  1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123,
147672         - /*    90 */  1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123,
147673         - /*   100 */  1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123, 1123,
147674         - /*   110 */  1123, 1123, 1123, 1123, 1123, 1123, 1123, 1314, 1319, 1325,
147675