/ Check-in [fcd8f7ce]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Merge latest trunk changes into this branch.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | fts5
Files: files | file ages | folders
SHA1:fcd8f7ce601729dc51d880d16b97040c1be16aa2
User & Date: dan 2015-06-25 20:16:23
Context
2015-06-25
20:36
Fix Makefile.in to account for recent changes. Update fts5 test scripts so that they do not run if SQLITE_ENABLE_FTS5 is not defined. check-in: 31752207 user: dan tags: fts5
20:16
Merge latest trunk changes into this branch. check-in: fcd8f7ce user: dan tags: fts5
20:10
Add a script to combine all fts5 code into a single file - fts5.c - that can be used to build an SQLite loadable extension. check-in: 46e86b06 user: dan tags: fts5
19:53
Simplifications and performance improvements in insertCell(). check-in: 7d02e6c9 user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to ext/misc/spellfix.c.

  2650   2650     if( pCur->pFullScan ){
  2651   2651       *pRowid = sqlite3_column_int64(pCur->pFullScan, 4);
  2652   2652     }else{
  2653   2653       *pRowid = pCur->a[pCur->iRow].iRowid;
  2654   2654     }
  2655   2655     return SQLITE_OK;
  2656   2656   }
         2657  +
         2658  +/*
         2659  +** This function is called by the xUpdate() method. It returns a string
         2660  +** containing the conflict mode that xUpdate() should use for the current
         2661  +** operation. One of: "ROLLBACK", "IGNORE", "ABORT" or "REPLACE".
         2662  +*/
         2663  +static const char *spellfix1GetConflict(sqlite3 *db){
         2664  +  static const char *azConflict[] = {
         2665  +    /* Note: Instead of "FAIL" - "ABORT". */
         2666  +    "ROLLBACK", "IGNORE", "ABORT", "ABORT", "REPLACE"
         2667  +  };
         2668  +  int eConflict = sqlite3_vtab_on_conflict(db);
         2669  +
         2670  +  assert( eConflict==SQLITE_ROLLBACK || eConflict==SQLITE_IGNORE
         2671  +       || eConflict==SQLITE_FAIL || eConflict==SQLITE_ABORT
         2672  +       || eConflict==SQLITE_REPLACE
         2673  +  );
         2674  +  assert( SQLITE_ROLLBACK==1 );
         2675  +  assert( SQLITE_IGNORE==2 );
         2676  +  assert( SQLITE_FAIL==3 );
         2677  +  assert( SQLITE_ABORT==4 );
         2678  +  assert( SQLITE_REPLACE==5 );
         2679  +
         2680  +  return azConflict[eConflict-1];
         2681  +}
  2657   2682   
  2658   2683   /*
  2659   2684   ** The xUpdate() method.
  2660   2685   */
  2661   2686   static int spellfix1Update(
  2662   2687     sqlite3_vtab *pVTab,
  2663   2688     int argc,
................................................................................
  2682   2707       int iRank = sqlite3_value_int(argv[SPELLFIX_COL_RANK+2]);
  2683   2708       const unsigned char *zSoundslike =
  2684   2709              sqlite3_value_text(argv[SPELLFIX_COL_SOUNDSLIKE+2]);
  2685   2710       int nSoundslike = sqlite3_value_bytes(argv[SPELLFIX_COL_SOUNDSLIKE+2]);
  2686   2711       char *zK1, *zK2;
  2687   2712       int i;
  2688   2713       char c;
         2714  +    const char *zConflict = spellfix1GetConflict(db);
  2689   2715   
  2690   2716       if( zWord==0 ){
  2691   2717         /* Inserts of the form:  INSERT INTO table(command) VALUES('xyzzy');
  2692   2718         ** cause zWord to be NULL, so we look at the "command" column to see
  2693   2719         ** what special actions to take */
  2694   2720         const char *zCmd = 
  2695   2721            (const char*)sqlite3_value_text(argv[SPELLFIX_COL_COMMAND+2]);
................................................................................
  2742   2768                  "VALUES(%d,%d,%Q,%Q,%Q)",
  2743   2769                  p->zDbName, p->zTableName,
  2744   2770                  iRank, iLang, zWord, zK1, zK2
  2745   2771           );
  2746   2772         }else{
  2747   2773           newRowid = sqlite3_value_int64(argv[1]);
  2748   2774           spellfix1DbExec(&rc, db,
  2749         -               "INSERT INTO \"%w\".\"%w_vocab\"(id,rank,langid,word,k1,k2) "
  2750         -               "VALUES(%lld,%d,%d,%Q,%Q,%Q)",
  2751         -               p->zDbName, p->zTableName,
  2752         -               newRowid, iRank, iLang, zWord, zK1, zK2
         2775  +            "INSERT OR %s INTO \"%w\".\"%w_vocab\"(id,rank,langid,word,k1,k2) "
         2776  +            "VALUES(%lld,%d,%d,%Q,%Q,%Q)",
         2777  +            zConflict, p->zDbName, p->zTableName,
         2778  +            newRowid, iRank, iLang, zWord, zK1, zK2
  2753   2779           );
  2754   2780         }
  2755   2781         *pRowid = sqlite3_last_insert_rowid(db);
  2756   2782       }else{
  2757   2783         rowid = sqlite3_value_int64(argv[0]);
  2758   2784         newRowid = *pRowid = sqlite3_value_int64(argv[1]);
  2759   2785         spellfix1DbExec(&rc, db,
  2760         -             "UPDATE \"%w\".\"%w_vocab\" SET id=%lld, rank=%d, langid=%d,"
         2786  +             "UPDATE OR %s \"%w\".\"%w_vocab\" SET id=%lld, rank=%d, langid=%d,"
  2761   2787                " word=%Q, k1=%Q, k2=%Q WHERE id=%lld",
  2762         -             p->zDbName, p->zTableName, newRowid, iRank, iLang,
         2788  +             zConflict, p->zDbName, p->zTableName, newRowid, iRank, iLang,
  2763   2789                zWord, zK1, zK2, rowid
  2764   2790         );
  2765   2791       }
  2766   2792       sqlite3_free(zK1);
  2767   2793       sqlite3_free(zK2);
  2768   2794     }
  2769   2795     return rc;

Changes to src/btree.c.

   486    486   */
   487    487   static void invalidateIncrblobCursors(
   488    488     Btree *pBtree,          /* The database file to check */
   489    489     i64 iRow,               /* The rowid that might be changing */
   490    490     int isClearTable        /* True if all rows are being deleted */
   491    491   ){
   492    492     BtCursor *p;
   493         -  BtShared *pBt = pBtree->pBt;
          493  +  if( pBtree->hasIncrblobCur==0 ) return;
   494    494     assert( sqlite3BtreeHoldsMutex(pBtree) );
   495         -  for(p=pBt->pCursor; p; p=p->pNext){
   496         -    if( (p->curFlags & BTCF_Incrblob)!=0
   497         -     && (isClearTable || p->info.nKey==iRow)
   498         -    ){
   499         -      p->eState = CURSOR_INVALID;
          495  +  pBtree->hasIncrblobCur = 0;
          496  +  for(p=pBtree->pBt->pCursor; p; p=p->pNext){
          497  +    if( (p->curFlags & BTCF_Incrblob)!=0 ){
          498  +      pBtree->hasIncrblobCur = 1;
          499  +      if( isClearTable || p->info.nKey==iRow ){
          500  +        p->eState = CURSOR_INVALID;
          501  +      }
   500    502       }
   501    503     }
   502    504   }
   503    505   
   504    506   #else
   505    507     /* Stub function when INCRBLOB is omitted */
   506    508     #define invalidateIncrblobCursors(x,y,z)
................................................................................
   952    954   ** the page, 1 means the second cell, and so forth) return a pointer
   953    955   ** to the cell content.
   954    956   **
   955    957   ** This routine works only for pages that do not contain overflow cells.
   956    958   */
   957    959   #define findCell(P,I) \
   958    960     ((P)->aData + ((P)->maskPage & get2byte(&(P)->aCellIdx[2*(I)])))
   959         -#define findCellv2(D,M,O,I) (D+(M&get2byte(D+(O+2*(I)))))
   960         -
   961         -
   962         -/*
   963         -** This a more complex version of findCell() that works for
   964         -** pages that do contain overflow cells.
   965         -*/
   966         -static u8 *findOverflowCell(MemPage *pPage, int iCell){
   967         -  int i;
   968         -  assert( sqlite3_mutex_held(pPage->pBt->mutex) );
   969         -  for(i=pPage->nOverflow-1; i>=0; i--){
   970         -    int k;
   971         -    k = pPage->aiOvfl[i];
   972         -    if( k<=iCell ){
   973         -      if( k==iCell ){
   974         -        return pPage->apOvfl[i];
   975         -      }
   976         -      iCell--;
   977         -    }
   978         -  }
   979         -  return findCell(pPage, iCell);
   980         -}
   981    961   
   982    962   /*
   983    963   ** This is common tail processing for btreeParseCellPtr() and
   984    964   ** btreeParseCellPtrIndex() for the case when the cell does not fit entirely
   985    965   ** on a single B-tree page.  Make necessary adjustments to the CellInfo
   986    966   ** structure.
   987    967   */
................................................................................
  1367   1347   ** from the free-list.
  1368   1348   **
  1369   1349   ** If no suitable space can be found on the free-list, return NULL.
  1370   1350   **
  1371   1351   ** This function may detect corruption within pPg.  If corruption is
  1372   1352   ** detected then *pRc is set to SQLITE_CORRUPT and NULL is returned.
  1373   1353   **
  1374         -** If a slot of at least nByte bytes is found but cannot be used because 
  1375         -** there are already at least 60 fragmented bytes on the page, return NULL.
  1376         -** In this case, if pbDefrag parameter is not NULL, set *pbDefrag to true.
         1354  +** Slots on the free list that are between 1 and 3 bytes larger than nByte
         1355  +** will be ignored if adding the extra space to the fragmentation count
         1356  +** causes the fragmentation count to exceed 60.
  1377   1357   */
  1378         -static u8 *pageFindSlot(MemPage *pPg, int nByte, int *pRc, int *pbDefrag){
         1358  +static u8 *pageFindSlot(MemPage *pPg, int nByte, int *pRc){
  1379   1359     const int hdr = pPg->hdrOffset;
  1380   1360     u8 * const aData = pPg->aData;
  1381         -  int iAddr;
  1382         -  int pc;
         1361  +  int iAddr = hdr + 1;
         1362  +  int pc = get2byte(&aData[iAddr]);
         1363  +  int x;
  1383   1364     int usableSize = pPg->pBt->usableSize;
  1384   1365   
  1385         -  for(iAddr=hdr+1; (pc = get2byte(&aData[iAddr]))>0; iAddr=pc){
         1366  +  assert( pc>0 );
         1367  +  do{
  1386   1368       int size;            /* Size of the free slot */
  1387   1369       /* EVIDENCE-OF: R-06866-39125 Freeblocks are always connected in order of
  1388   1370       ** increasing offset. */
  1389   1371       if( pc>usableSize-4 || pc<iAddr+4 ){
  1390   1372         *pRc = SQLITE_CORRUPT_BKPT;
  1391   1373         return 0;
  1392   1374       }
  1393   1375       /* EVIDENCE-OF: R-22710-53328 The third and fourth bytes of each
  1394   1376       ** freeblock form a big-endian integer which is the size of the freeblock
  1395   1377       ** in bytes, including the 4-byte header. */
  1396   1378       size = get2byte(&aData[pc+2]);
  1397         -    if( size>=nByte ){
  1398         -      int x = size - nByte;
         1379  +    if( (x = size - nByte)>=0 ){
  1399   1380         testcase( x==4 );
  1400   1381         testcase( x==3 );
  1401   1382         if( pc < pPg->cellOffset+2*pPg->nCell || size+pc > usableSize ){
  1402   1383           *pRc = SQLITE_CORRUPT_BKPT;
  1403   1384           return 0;
  1404   1385         }else if( x<4 ){
  1405   1386           /* EVIDENCE-OF: R-11498-58022 In a well-formed b-tree page, the total
  1406   1387           ** number of bytes in fragments may not exceed 60. */
  1407         -        if( aData[hdr+7]>=60 ){
  1408         -          if( pbDefrag ) *pbDefrag = 1;
  1409         -          return 0;
  1410         -        }
         1388  +        if( aData[hdr+7]>57 ) return 0;
         1389  +
  1411   1390           /* Remove the slot from the free-list. Update the number of
  1412   1391           ** fragmented bytes within the page. */
  1413   1392           memcpy(&aData[iAddr], &aData[pc], 2);
  1414   1393           aData[hdr+7] += (u8)x;
  1415   1394         }else{
  1416   1395           /* The slot remains on the free-list. Reduce its size to account
  1417   1396            ** for the portion used by the new allocation. */
  1418   1397           put2byte(&aData[pc+2], x);
  1419   1398         }
  1420   1399         return &aData[pc + x];
  1421   1400       }
  1422         -  }
         1401  +    iAddr = pc;
         1402  +    pc = get2byte(&aData[pc]);
         1403  +  }while( pc );
  1423   1404   
  1424   1405     return 0;
  1425   1406   }
  1426   1407   
  1427   1408   /*
  1428   1409   ** Allocate nByte bytes of space from within the B-Tree page passed
  1429   1410   ** as the first argument. Write into *pIdx the index into pPage->aData[]
................................................................................
  1456   1437     gap = pPage->cellOffset + 2*pPage->nCell;
  1457   1438     assert( gap<=65536 );
  1458   1439     /* EVIDENCE-OF: R-29356-02391 If the database uses a 65536-byte page size
  1459   1440     ** and the reserved space is zero (the usual value for reserved space)
  1460   1441     ** then the cell content offset of an empty page wants to be 65536.
  1461   1442     ** However, that integer is too large to be stored in a 2-byte unsigned
  1462   1443     ** integer, so a value of 0 is used in its place. */
  1463         -  top = get2byteNotZero(&data[hdr+5]);
  1464         -  if( gap>top || NEVER((u32)top>pPage->pBt->usableSize) ){
  1465         -    /* The NEVER() is because a oversize "top" value will be blocked from
  1466         -    ** reaching this point by btreeInitPage() or btreeGetUnusedPage() */
  1467         -    return SQLITE_CORRUPT_BKPT;
         1444  +  top = get2byte(&data[hdr+5]);
         1445  +  assert( top<=pPage->pBt->usableSize ); /* Prevent by getAndInitPage() */
         1446  +  if( gap>top ){
         1447  +    if( top==0 && pPage->pBt->usableSize==65536 ){
         1448  +      top = 65536;
         1449  +    }else{
         1450  +      return SQLITE_CORRUPT_BKPT;
         1451  +    }
  1468   1452     }
  1469   1453   
  1470   1454     /* If there is enough space between gap and top for one more cell pointer
  1471   1455     ** array entry offset, and if the freelist is not empty, then search the
  1472   1456     ** freelist looking for a free slot big enough to satisfy the request.
  1473   1457     */
  1474   1458     testcase( gap+2==top );
  1475   1459     testcase( gap+1==top );
  1476   1460     testcase( gap==top );
  1477         -  if( gap+2<=top && (data[hdr+1] || data[hdr+2]) ){
  1478         -    int bDefrag = 0;
  1479         -    u8 *pSpace = pageFindSlot(pPage, nByte, &rc, &bDefrag);
  1480         -    if( rc ) return rc;
  1481         -    if( bDefrag ) goto defragment_page;
         1461  +  if( (data[hdr+2] || data[hdr+1]) && gap+2<=top ){
         1462  +    u8 *pSpace = pageFindSlot(pPage, nByte, &rc);
  1482   1463       if( pSpace ){
  1483   1464         assert( pSpace>=data && (pSpace - data)<65536 );
  1484   1465         *pIdx = (int)(pSpace - data);
  1485   1466         return SQLITE_OK;
         1467  +    }else if( rc ){
         1468  +      return rc;
  1486   1469       }
  1487   1470     }
  1488   1471   
  1489   1472     /* The request could not be fulfilled using a freelist slot.  Check
  1490   1473     ** to see if defragmentation is necessary.
  1491   1474     */
  1492   1475     testcase( gap+2+nByte==top );
  1493   1476     if( gap+2+nByte>top ){
  1494         - defragment_page:
  1495   1477       assert( pPage->nCell>0 || CORRUPT_DB );
  1496   1478       rc = defragmentPage(pPage);
  1497   1479       if( rc ) return rc;
  1498   1480       top = get2byteNotZero(&data[hdr+5]);
  1499   1481       assert( gap+nByte<=top );
  1500   1482     }
  1501   1483   
................................................................................
  5443   5425     if( n>=mxPage ){
  5444   5426       return SQLITE_CORRUPT_BKPT;
  5445   5427     }
  5446   5428     if( n>0 ){
  5447   5429       /* There are pages on the freelist.  Reuse one of those pages. */
  5448   5430       Pgno iTrunk;
  5449   5431       u8 searchList = 0; /* If the free-list must be searched for 'nearby' */
         5432  +    u32 nSearch = 0;   /* Count of the number of search attempts */
  5450   5433       
  5451   5434       /* If eMode==BTALLOC_EXACT and a query of the pointer-map
  5452   5435       ** shows that the page 'nearby' is somewhere on the free-list, then
  5453   5436       ** the entire-list will be searched for that page.
  5454   5437       */
  5455   5438   #ifndef SQLITE_OMIT_AUTOVACUUM
  5456   5439       if( eMode==BTALLOC_EXACT ){
................................................................................
  5491   5474         }else{
  5492   5475           /* EVIDENCE-OF: R-59841-13798 The 4-byte big-endian integer at offset 32
  5493   5476           ** stores the page number of the first page of the freelist, or zero if
  5494   5477           ** the freelist is empty. */
  5495   5478           iTrunk = get4byte(&pPage1->aData[32]);
  5496   5479         }
  5497   5480         testcase( iTrunk==mxPage );
  5498         -      if( iTrunk>mxPage ){
         5481  +      if( iTrunk>mxPage || nSearch++ > n ){
  5499   5482           rc = SQLITE_CORRUPT_BKPT;
  5500   5483         }else{
  5501   5484           rc = btreeGetUnusedPage(pBt, iTrunk, &pTrunk, 0);
  5502   5485         }
  5503   5486         if( rc ){
  5504   5487           pTrunk = 0;
  5505   5488           goto end_allocate_page;
................................................................................
  6210   6193     int sz,           /* Bytes of content in pCell */
  6211   6194     u8 *pTemp,        /* Temp storage space for pCell, if needed */
  6212   6195     Pgno iChild,      /* If non-zero, replace first 4 bytes with this value */
  6213   6196     int *pRC          /* Read and write return code from here */
  6214   6197   ){
  6215   6198     int idx = 0;      /* Where to write new cell content in data[] */
  6216   6199     int j;            /* Loop counter */
  6217         -  int end;          /* First byte past the last cell pointer in data[] */
  6218         -  int ins;          /* Index in data[] where new cell pointer is inserted */
  6219         -  int cellOffset;   /* Address of first cell pointer in data[] */
  6220   6200     u8 *data;         /* The content of the whole page */
         6201  +  u8 *pIns;         /* The point in pPage->aCellIdx[] where no cell inserted */
  6221   6202   
  6222   6203     if( *pRC ) return;
  6223   6204   
  6224   6205     assert( i>=0 && i<=pPage->nCell+pPage->nOverflow );
  6225   6206     assert( MX_CELL(pPage->pBt)<=10921 );
  6226   6207     assert( pPage->nCell<=MX_CELL(pPage->pBt) || CORRUPT_DB );
  6227   6208     assert( pPage->nOverflow<=ArraySize(pPage->apOvfl) );
................................................................................
  6241   6222       if( iChild ){
  6242   6223         put4byte(pCell, iChild);
  6243   6224       }
  6244   6225       j = pPage->nOverflow++;
  6245   6226       assert( j<(int)(sizeof(pPage->apOvfl)/sizeof(pPage->apOvfl[0])) );
  6246   6227       pPage->apOvfl[j] = pCell;
  6247   6228       pPage->aiOvfl[j] = (u16)i;
         6229  +
         6230  +    /* When multiple overflows occur, they are always sequential and in
         6231  +    ** sorted order.  This invariants arise because multiple overflows can
         6232  +    ** only occur when inserting divider cells into the parent page during
         6233  +    ** balancing, and the dividers are adjacent and sorted.
         6234  +    */
         6235  +    assert( j==0 || pPage->aiOvfl[j-1]<(u16)i ); /* Overflows in sorted order */
         6236  +    assert( j==0 || i==pPage->aiOvfl[j-1]+1 );   /* Overflows are sequential */
  6248   6237     }else{
  6249   6238       int rc = sqlite3PagerWrite(pPage->pDbPage);
  6250   6239       if( rc!=SQLITE_OK ){
  6251   6240         *pRC = rc;
  6252   6241         return;
  6253   6242       }
  6254   6243       assert( sqlite3PagerIswriteable(pPage->pDbPage) );
  6255   6244       data = pPage->aData;
  6256         -    cellOffset = pPage->cellOffset;
  6257         -    end = cellOffset + 2*pPage->nCell;
  6258         -    ins = cellOffset + 2*i;
         6245  +    assert( &data[pPage->cellOffset]==pPage->aCellIdx );
  6259   6246       rc = allocateSpace(pPage, sz, &idx);
  6260   6247       if( rc ){ *pRC = rc; return; }
  6261   6248       /* The allocateSpace() routine guarantees the following properties
  6262   6249       ** if it returns successfully */
  6263         -    assert( idx >= 0 && (idx >= end+2 || CORRUPT_DB) );
         6250  +    assert( idx >= 0 );
         6251  +    assert( idx >= pPage->cellOffset+2*pPage->nCell+2 || CORRUPT_DB );
  6264   6252       assert( idx+sz <= (int)pPage->pBt->usableSize );
  6265         -    pPage->nCell++;
  6266   6253       pPage->nFree -= (u16)(2 + sz);
  6267   6254       memcpy(&data[idx], pCell, sz);
  6268   6255       if( iChild ){
  6269   6256         put4byte(&data[idx], iChild);
  6270   6257       }
  6271         -    memmove(&data[ins+2], &data[ins], end-ins);
  6272         -    put2byte(&data[ins], idx);
  6273         -    put2byte(&data[pPage->hdrOffset+3], pPage->nCell);
         6258  +    pIns = pPage->aCellIdx + i*2;
         6259  +    memmove(pIns+2, pIns, 2*(pPage->nCell - i));
         6260  +    put2byte(pIns, idx);
         6261  +    pPage->nCell++;
         6262  +    /* increment the cell count */
         6263  +    if( (++data[pPage->hdrOffset+4])==0 ) data[pPage->hdrOffset+3]++;
         6264  +    assert( get2byte(&data[pPage->hdrOffset+3])==pPage->nCell );
  6274   6265   #ifndef SQLITE_OMIT_AUTOVACUUM
  6275   6266       if( pPage->pBt->autoVacuum ){
  6276   6267         /* The cell may contain a pointer to an overflow page. If so, write
  6277   6268         ** the entry for the overflow page into the pointer map.
  6278   6269         */
  6279   6270         ptrmapPutOvflPtr(pPage, pCell, pRC);
  6280   6271       }
  6281   6272   #endif
  6282   6273     }
  6283   6274   }
         6275  +
         6276  +/*
         6277  +** A CellArray object contains a cache of pointers and sizes for a
         6278  +** consecutive sequence of cells that might be held multiple pages.
         6279  +*/
         6280  +typedef struct CellArray CellArray;
         6281  +struct CellArray {
         6282  +  int nCell;              /* Number of cells in apCell[] */
         6283  +  MemPage *pRef;          /* Reference page */
         6284  +  u8 **apCell;            /* All cells begin balanced */
         6285  +  u16 *szCell;            /* Local size of all cells in apCell[] */
         6286  +};
         6287  +
         6288  +/*
         6289  +** Make sure the cell sizes at idx, idx+1, ..., idx+N-1 have been
         6290  +** computed.
         6291  +*/
         6292  +static void populateCellCache(CellArray *p, int idx, int N){
         6293  +  assert( idx>=0 && idx+N<=p->nCell );
         6294  +  while( N>0 ){
         6295  +    assert( p->apCell[idx]!=0 );
         6296  +    if( p->szCell[idx]==0 ){
         6297  +      p->szCell[idx] = p->pRef->xCellSize(p->pRef, p->apCell[idx]);
         6298  +    }else{
         6299  +      assert( CORRUPT_DB ||
         6300  +              p->szCell[idx]==p->pRef->xCellSize(p->pRef, p->apCell[idx]) );
         6301  +    }
         6302  +    idx++;
         6303  +    N--;
         6304  +  }
         6305  +}
         6306  +
         6307  +/*
         6308  +** Return the size of the Nth element of the cell array
         6309  +*/
         6310  +static SQLITE_NOINLINE u16 computeCellSize(CellArray *p, int N){
         6311  +  assert( N>=0 && N<p->nCell );
         6312  +  assert( p->szCell[N]==0 );
         6313  +  p->szCell[N] = p->pRef->xCellSize(p->pRef, p->apCell[N]);
         6314  +  return p->szCell[N];
         6315  +}
         6316  +static u16 cachedCellSize(CellArray *p, int N){
         6317  +  assert( N>=0 && N<p->nCell );
         6318  +  if( p->szCell[N] ) return p->szCell[N];
         6319  +  return computeCellSize(p, N);
         6320  +}
  6284   6321   
  6285   6322   /*
  6286   6323   ** Array apCell[] contains pointers to nCell b-tree page cells. The 
  6287   6324   ** szCell[] array contains the size in bytes of each cell. This function
  6288   6325   ** replaces the current contents of page pPg with the contents of the cell
  6289   6326   ** array.
  6290   6327   **
................................................................................
  6291   6328   ** Some of the cells in apCell[] may currently be stored in pPg. This
  6292   6329   ** function works around problems caused by this by making a copy of any 
  6293   6330   ** such cells before overwriting the page data.
  6294   6331   **
  6295   6332   ** The MemPage.nFree field is invalidated by this function. It is the 
  6296   6333   ** responsibility of the caller to set it correctly.
  6297   6334   */
  6298         -static void rebuildPage(
         6335  +static int rebuildPage(
  6299   6336     MemPage *pPg,                   /* Edit this page */
  6300   6337     int nCell,                      /* Final number of cells on page */
  6301   6338     u8 **apCell,                    /* Array of cells */
  6302   6339     u16 *szCell                     /* Array of cell sizes */
  6303   6340   ){
  6304   6341     const int hdr = pPg->hdrOffset;          /* Offset of header on pPg */
  6305   6342     u8 * const aData = pPg->aData;           /* Pointer to data for pPg */
................................................................................
  6316   6353     pData = pEnd;
  6317   6354     for(i=0; i<nCell; i++){
  6318   6355       u8 *pCell = apCell[i];
  6319   6356       if( pCell>aData && pCell<pEnd ){
  6320   6357         pCell = &pTmp[pCell - aData];
  6321   6358       }
  6322   6359       pData -= szCell[i];
  6323         -    memcpy(pData, pCell, szCell[i]);
  6324   6360       put2byte(pCellptr, (pData - aData));
  6325   6361       pCellptr += 2;
         6362  +    if( pData < pCellptr ) return SQLITE_CORRUPT_BKPT;
         6363  +    memcpy(pData, pCell, szCell[i]);
  6326   6364       assert( szCell[i]==pPg->xCellSize(pPg, pCell) || CORRUPT_DB );
  6327         -    testcase( szCell[i]==pPg->xCellSize(pPg,pCell) );
         6365  +    testcase( szCell[i]!=pPg->xCellSize(pPg,pCell) );
  6328   6366     }
  6329   6367   
  6330   6368     /* The pPg->nFree field is now set incorrectly. The caller will fix it. */
  6331   6369     pPg->nCell = nCell;
  6332   6370     pPg->nOverflow = 0;
  6333   6371   
  6334   6372     put2byte(&aData[hdr+1], 0);
  6335   6373     put2byte(&aData[hdr+3], pPg->nCell);
  6336   6374     put2byte(&aData[hdr+5], pData - aData);
  6337   6375     aData[hdr+7] = 0x00;
         6376  +  return SQLITE_OK;
  6338   6377   }
  6339   6378   
  6340   6379   /*
  6341   6380   ** Array apCell[] contains nCell pointers to b-tree cells. Array szCell
  6342   6381   ** contains the size in bytes of each such cell. This function attempts to 
  6343   6382   ** add the cells stored in the array to page pPg. If it cannot (because 
  6344   6383   ** the page needs to be defragmented before the cells will fit), non-zero
................................................................................
  6363   6402   ** cells in apCell[], then the cells do not fit and non-zero is returned.
  6364   6403   */
  6365   6404   static int pageInsertArray(
  6366   6405     MemPage *pPg,                   /* Page to add cells to */
  6367   6406     u8 *pBegin,                     /* End of cell-pointer array */
  6368   6407     u8 **ppData,                    /* IN/OUT: Page content -area pointer */
  6369   6408     u8 *pCellptr,                   /* Pointer to cell-pointer area */
         6409  +  int iFirst,                     /* Index of first cell to add */
  6370   6410     int nCell,                      /* Number of cells to add to pPg */
  6371         -  u8 **apCell,                    /* Array of cells */
  6372         -  u16 *szCell                     /* Array of cell sizes */
         6411  +  CellArray *pCArray              /* Array of cells */
  6373   6412   ){
  6374   6413     int i;
  6375   6414     u8 *aData = pPg->aData;
  6376   6415     u8 *pData = *ppData;
  6377         -  const int bFreelist = aData[1] || aData[2];
         6416  +  int iEnd = iFirst + nCell;
  6378   6417     assert( CORRUPT_DB || pPg->hdrOffset==0 );    /* Never called on page 1 */
  6379         -  for(i=0; i<nCell; i++){
  6380         -    int sz = szCell[i];
  6381         -    int rc;
         6418  +  for(i=iFirst; i<iEnd; i++){
         6419  +    int sz, rc;
  6382   6420       u8 *pSlot;
  6383         -    if( bFreelist==0 || (pSlot = pageFindSlot(pPg, sz, &rc, 0))==0 ){
         6421  +    sz = cachedCellSize(pCArray, i);
         6422  +    if( (aData[1]==0 && aData[2]==0) || (pSlot = pageFindSlot(pPg,sz,&rc))==0 ){
  6384   6423         pData -= sz;
  6385   6424         if( pData<pBegin ) return 1;
  6386   6425         pSlot = pData;
  6387   6426       }
  6388         -    memcpy(pSlot, apCell[i], sz);
         6427  +    memcpy(pSlot, pCArray->apCell[i], sz);
  6389   6428       put2byte(pCellptr, (pSlot - aData));
  6390   6429       pCellptr += 2;
  6391   6430     }
  6392   6431     *ppData = pData;
  6393   6432     return 0;
  6394   6433   }
  6395   6434   
................................................................................
  6400   6439   ** within the body of pPg to the pPg free-list. The cell-pointers and other
  6401   6440   ** fields of the page are not updated.
  6402   6441   **
  6403   6442   ** This function returns the total number of cells added to the free-list.
  6404   6443   */
  6405   6444   static int pageFreeArray(
  6406   6445     MemPage *pPg,                   /* Page to edit */
         6446  +  int iFirst,                     /* First cell to delete */
  6407   6447     int nCell,                      /* Cells to delete */
  6408         -  u8 **apCell,                    /* Array of cells */
  6409         -  u16 *szCell                     /* Array of cell sizes */
         6448  +  CellArray *pCArray              /* Array of cells */
  6410   6449   ){
  6411   6450     u8 * const aData = pPg->aData;
  6412   6451     u8 * const pEnd = &aData[pPg->pBt->usableSize];
  6413   6452     u8 * const pStart = &aData[pPg->hdrOffset + 8 + pPg->childPtrSize];
  6414   6453     int nRet = 0;
  6415   6454     int i;
         6455  +  int iEnd = iFirst + nCell;
  6416   6456     u8 *pFree = 0;
  6417   6457     int szFree = 0;
  6418   6458   
  6419         -  for(i=0; i<nCell; i++){
  6420         -    u8 *pCell = apCell[i];
         6459  +  for(i=iFirst; i<iEnd; i++){
         6460  +    u8 *pCell = pCArray->apCell[i];
  6421   6461       if( pCell>=pStart && pCell<pEnd ){
  6422         -      int sz = szCell[i];
         6462  +      int sz;
         6463  +      /* No need to use cachedCellSize() here.  The sizes of all cells that
         6464  +      ** are to be freed have already been computing while deciding which
         6465  +      ** cells need freeing */
         6466  +      sz = pCArray->szCell[i];  assert( sz>0 );
  6423   6467         if( pFree!=(pCell + sz) ){
  6424   6468           if( pFree ){
  6425   6469             assert( pFree>aData && (pFree - aData)<65536 );
  6426   6470             freeSpace(pPg, (u16)(pFree - aData), szFree);
  6427   6471           }
  6428   6472           pFree = pCell;
  6429   6473           szFree = sz;
................................................................................
  6450   6494   **
  6451   6495   ** This routine makes the necessary adjustments to pPg so that it contains
  6452   6496   ** the correct cells after being balanced.
  6453   6497   **
  6454   6498   ** The pPg->nFree field is invalid when this function returns. It is the
  6455   6499   ** responsibility of the caller to set it correctly.
  6456   6500   */
  6457         -static void editPage(
         6501  +static int editPage(
  6458   6502     MemPage *pPg,                   /* Edit this page */
  6459   6503     int iOld,                       /* Index of first cell currently on page */
  6460   6504     int iNew,                       /* Index of new first cell on page */
  6461   6505     int nNew,                       /* Final number of cells on page */
  6462         -  u8 **apCell,                    /* Array of cells */
  6463         -  u16 *szCell                     /* Array of cell sizes */
         6506  +  CellArray *pCArray              /* Array of cells and sizes */
  6464   6507   ){
  6465   6508     u8 * const aData = pPg->aData;
  6466   6509     const int hdr = pPg->hdrOffset;
  6467   6510     u8 *pBegin = &pPg->aCellIdx[nNew * 2];
  6468   6511     int nCell = pPg->nCell;       /* Cells stored on pPg */
  6469   6512     u8 *pData;
  6470   6513     u8 *pCellptr;
................................................................................
  6475   6518   #ifdef SQLITE_DEBUG
  6476   6519     u8 *pTmp = sqlite3PagerTempSpace(pPg->pBt->pPager);
  6477   6520     memcpy(pTmp, aData, pPg->pBt->usableSize);
  6478   6521   #endif
  6479   6522   
  6480   6523     /* Remove cells from the start and end of the page */
  6481   6524     if( iOld<iNew ){
  6482         -    int nShift = pageFreeArray(
  6483         -        pPg, iNew-iOld, &apCell[iOld], &szCell[iOld]
  6484         -    );
         6525  +    int nShift = pageFreeArray(pPg, iOld, iNew-iOld, pCArray);
  6485   6526       memmove(pPg->aCellIdx, &pPg->aCellIdx[nShift*2], nCell*2);
  6486   6527       nCell -= nShift;
  6487   6528     }
  6488   6529     if( iNewEnd < iOldEnd ){
  6489         -    nCell -= pageFreeArray(
  6490         -        pPg, iOldEnd-iNewEnd, &apCell[iNewEnd], &szCell[iNewEnd]
  6491         -    );
         6530  +    nCell -= pageFreeArray(pPg, iNewEnd, iOldEnd - iNewEnd, pCArray);
  6492   6531     }
  6493   6532   
  6494   6533     pData = &aData[get2byteNotZero(&aData[hdr+5])];
  6495   6534     if( pData<pBegin ) goto editpage_fail;
  6496   6535   
  6497   6536     /* Add cells to the start of the page */
  6498   6537     if( iNew<iOld ){
  6499   6538       int nAdd = MIN(nNew,iOld-iNew);
  6500   6539       assert( (iOld-iNew)<nNew || nCell==0 || CORRUPT_DB );
  6501   6540       pCellptr = pPg->aCellIdx;
  6502   6541       memmove(&pCellptr[nAdd*2], pCellptr, nCell*2);
  6503   6542       if( pageInsertArray(
  6504   6543             pPg, pBegin, &pData, pCellptr,
  6505         -          nAdd, &apCell[iNew], &szCell[iNew]
         6544  +          iNew, nAdd, pCArray
  6506   6545       ) ) goto editpage_fail;
  6507   6546       nCell += nAdd;
  6508   6547     }
  6509   6548   
  6510   6549     /* Add any overflow cells */
  6511   6550     for(i=0; i<pPg->nOverflow; i++){
  6512   6551       int iCell = (iOld + pPg->aiOvfl[i]) - iNew;
  6513   6552       if( iCell>=0 && iCell<nNew ){
  6514   6553         pCellptr = &pPg->aCellIdx[iCell * 2];
  6515   6554         memmove(&pCellptr[2], pCellptr, (nCell - iCell) * 2);
  6516   6555         nCell++;
  6517   6556         if( pageInsertArray(
  6518   6557               pPg, pBegin, &pData, pCellptr,
  6519         -            1, &apCell[iCell + iNew], &szCell[iCell + iNew]
         6558  +            iCell+iNew, 1, pCArray
  6520   6559         ) ) goto editpage_fail;
  6521   6560       }
  6522   6561     }
  6523   6562   
  6524   6563     /* Append cells to the end of the page */
  6525   6564     pCellptr = &pPg->aCellIdx[nCell*2];
  6526   6565     if( pageInsertArray(
  6527   6566           pPg, pBegin, &pData, pCellptr,
  6528         -        nNew-nCell, &apCell[iNew+nCell], &szCell[iNew+nCell]
         6567  +        iNew+nCell, nNew-nCell, pCArray
  6529   6568     ) ) goto editpage_fail;
  6530   6569   
  6531   6570     pPg->nCell = nNew;
  6532   6571     pPg->nOverflow = 0;
  6533   6572   
  6534   6573     put2byte(&aData[hdr+3], pPg->nCell);
  6535   6574     put2byte(&aData[hdr+5], pData - aData);
  6536   6575   
  6537   6576   #ifdef SQLITE_DEBUG
  6538   6577     for(i=0; i<nNew && !CORRUPT_DB; i++){
  6539         -    u8 *pCell = apCell[i+iNew];
         6578  +    u8 *pCell = pCArray->apCell[i+iNew];
  6540   6579       int iOff = get2byte(&pPg->aCellIdx[i*2]);
  6541   6580       if( pCell>=aData && pCell<&aData[pPg->pBt->usableSize] ){
  6542   6581         pCell = &pTmp[pCell - aData];
  6543   6582       }
  6544         -    assert( 0==memcmp(pCell, &aData[iOff], szCell[i+iNew]) );
         6583  +    assert( 0==memcmp(pCell, &aData[iOff],
         6584  +            pCArray->pRef->xCellSize(pCArray->pRef, pCArray->apCell[i+iNew])) );
  6545   6585     }
  6546   6586   #endif
  6547   6587   
  6548         -  return;
         6588  +  return SQLITE_OK;
  6549   6589    editpage_fail:
  6550   6590     /* Unable to edit this page. Rebuild it from scratch instead. */
  6551         -  rebuildPage(pPg, nNew, &apCell[iNew], &szCell[iNew]);
         6591  +  populateCellCache(pCArray, iNew, nNew);
         6592  +  return rebuildPage(pPg, nNew, &pCArray->apCell[iNew], &pCArray->szCell[iNew]);
  6552   6593   }
  6553   6594   
  6554   6595   /*
  6555   6596   ** The following parameters determine how many adjacent pages get involved
  6556   6597   ** in a balancing operation.  NN is the number of neighbors on either side
  6557   6598   ** of the page that participate in the balancing operation.  NB is the
  6558   6599   ** total number of pages that participate, including the target page and
................................................................................
  6616   6657       u8 *pCell = pPage->apOvfl[0];
  6617   6658       u16 szCell = pPage->xCellSize(pPage, pCell);
  6618   6659       u8 *pStop;
  6619   6660   
  6620   6661       assert( sqlite3PagerIswriteable(pNew->pDbPage) );
  6621   6662       assert( pPage->aData[0]==(PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF) );
  6622   6663       zeroPage(pNew, PTF_INTKEY|PTF_LEAFDATA|PTF_LEAF);
  6623         -    rebuildPage(pNew, 1, &pCell, &szCell);
         6664  +    rc = rebuildPage(pNew, 1, &pCell, &szCell);
         6665  +    if( NEVER(rc) ) return rc;
  6624   6666       pNew->nFree = pBt->usableSize - pNew->cellOffset - 2 - szCell;
  6625   6667   
  6626   6668       /* If this is an auto-vacuum database, update the pointer map
  6627   6669       ** with entries for the new page, and any pointer from the 
  6628   6670       ** cell on the page to an overflow page. If either of these
  6629   6671       ** operations fails, the return code is set, but the contents
  6630   6672       ** of the parent page are still manipulated by thh code below.
................................................................................
  6820   6862     MemPage *pParent,               /* Parent page of siblings being balanced */
  6821   6863     int iParentIdx,                 /* Index of "the page" in pParent */
  6822   6864     u8 *aOvflSpace,                 /* page-size bytes of space for parent ovfl */
  6823   6865     int isRoot,                     /* True if pParent is a root-page */
  6824   6866     int bBulk                       /* True if this call is part of a bulk load */
  6825   6867   ){
  6826   6868     BtShared *pBt;               /* The whole database */
  6827         -  int nCell = 0;               /* Number of cells in apCell[] */
  6828   6869     int nMaxCells = 0;           /* Allocated size of apCell, szCell, aFrom. */
  6829   6870     int nNew = 0;                /* Number of pages in apNew[] */
  6830   6871     int nOld;                    /* Number of pages in apOld[] */
  6831   6872     int i, j, k;                 /* Loop counters */
  6832   6873     int nxDiv;                   /* Next divider slot in pParent->aCell[] */
  6833   6874     int rc = SQLITE_OK;          /* The return code */
  6834   6875     u16 leafCorrection;          /* 4 if pPage is a leaf.  0 if not */
  6835   6876     int leafData;                /* True if pPage is a leaf of a LEAFDATA tree */
  6836   6877     int usableSpace;             /* Bytes in pPage beyond the header */
  6837   6878     int pageFlags;               /* Value of pPage->aData[0] */
  6838         -  int subtotal;                /* Subtotal of bytes in cells on one page */
  6839   6879     int iSpace1 = 0;             /* First unused byte of aSpace1[] */
  6840   6880     int iOvflSpace = 0;          /* First unused byte of aOvflSpace[] */
  6841   6881     int szScratch;               /* Size of scratch memory requested */
  6842   6882     MemPage *apOld[NB];          /* pPage and up to two siblings */
  6843   6883     MemPage *apNew[NB+2];        /* pPage and up to NB siblings after balancing */
  6844   6884     u8 *pRight;                  /* Location in parent of right-sibling pointer */
  6845   6885     u8 *apDiv[NB-1];             /* Divider cells in pParent */
  6846         -  int cntNew[NB+2];            /* Index in aCell[] of cell after i-th page */
  6847         -  int cntOld[NB+2];            /* Old index in aCell[] after i-th page */
         6886  +  int cntNew[NB+2];            /* Index in b.paCell[] of cell after i-th page */
         6887  +  int cntOld[NB+2];            /* Old index in b.apCell[] */
  6848   6888     int szNew[NB+2];             /* Combined size of cells placed on i-th page */
  6849         -  u8 **apCell = 0;             /* All cells begin balanced */
  6850         -  u16 *szCell;                 /* Local size of all cells in apCell[] */
  6851   6889     u8 *aSpace1;                 /* Space for copies of dividers cells */
  6852   6890     Pgno pgno;                   /* Temp var to store a page number in */
  6853   6891     u8 abDone[NB+2];             /* True after i'th new page is populated */
  6854   6892     Pgno aPgno[NB+2];            /* Page numbers of new pages before shuffling */
  6855   6893     Pgno aPgOrder[NB+2];         /* Copy of aPgno[] used for sorting pages */
  6856   6894     u16 aPgFlags[NB+2];          /* flags field of new pages before shuffling */
         6895  +  CellArray b;                  /* Parsed information on cells being balanced */
  6857   6896   
  6858   6897     memset(abDone, 0, sizeof(abDone));
         6898  +  b.nCell = 0;
         6899  +  b.apCell = 0;
  6859   6900     pBt = pParent->pBt;
  6860   6901     assert( sqlite3_mutex_held(pBt->mutex) );
  6861   6902     assert( sqlite3PagerIswriteable(pParent->pDbPage) );
  6862   6903   
  6863   6904   #if 0
  6864   6905     TRACE(("BALANCE: begin page %d child of %d\n", pPage->pgno, pParent->pgno));
  6865   6906   #endif
................................................................................
  6960   7001     ** alignment */
  6961   7002     nMaxCells = (nMaxCells + 3)&~3;
  6962   7003   
  6963   7004     /*
  6964   7005     ** Allocate space for memory structures
  6965   7006     */
  6966   7007     szScratch =
  6967         -       nMaxCells*sizeof(u8*)                       /* apCell */
  6968         -     + nMaxCells*sizeof(u16)                       /* szCell */
         7008  +       nMaxCells*sizeof(u8*)                       /* b.apCell */
         7009  +     + nMaxCells*sizeof(u16)                       /* b.szCell */
  6969   7010        + pBt->pageSize;                              /* aSpace1 */
  6970   7011   
  6971   7012     /* EVIDENCE-OF: R-28375-38319 SQLite will never request a scratch buffer
  6972   7013     ** that is more than 6 times the database page size. */
  6973   7014     assert( szScratch<=6*(int)pBt->pageSize );
  6974         -  apCell = sqlite3ScratchMalloc( szScratch ); 
  6975         -  if( apCell==0 ){
         7015  +  b.apCell = sqlite3ScratchMalloc( szScratch ); 
         7016  +  if( b.apCell==0 ){
  6976   7017       rc = SQLITE_NOMEM;
  6977   7018       goto balance_cleanup;
  6978   7019     }
  6979         -  szCell = (u16*)&apCell[nMaxCells];
  6980         -  aSpace1 = (u8*)&szCell[nMaxCells];
         7020  +  b.szCell = (u16*)&b.apCell[nMaxCells];
         7021  +  aSpace1 = (u8*)&b.szCell[nMaxCells];
  6981   7022     assert( EIGHT_BYTE_ALIGNMENT(aSpace1) );
  6982   7023   
  6983   7024     /*
  6984   7025     ** Load pointers to all cells on sibling pages and the divider cells
  6985         -  ** into the local apCell[] array.  Make copies of the divider cells
         7026  +  ** into the local b.apCell[] array.  Make copies of the divider cells
  6986   7027     ** into space obtained from aSpace1[]. The divider cells have already
  6987   7028     ** been removed from pParent.
  6988   7029     **
  6989   7030     ** If the siblings are on leaf pages, then the child pointers of the
  6990   7031     ** divider cells are stripped from the cells before they are copied
  6991         -  ** into aSpace1[].  In this way, all cells in apCell[] are without
         7032  +  ** into aSpace1[].  In this way, all cells in b.apCell[] are without
  6992   7033     ** child pointers.  If siblings are not leaves, then all cell in
  6993         -  ** apCell[] include child pointers.  Either way, all cells in apCell[]
         7034  +  ** b.apCell[] include child pointers.  Either way, all cells in b.apCell[]
  6994   7035     ** are alike.
  6995   7036     **
  6996   7037     ** leafCorrection:  4 if pPage is a leaf.  0 if pPage is not a leaf.
  6997   7038     **       leafData:  1 if pPage holds key+data and pParent holds only keys.
  6998   7039     */
  6999         -  leafCorrection = apOld[0]->leaf*4;
  7000         -  leafData = apOld[0]->intKeyLeaf;
         7040  +  b.pRef = apOld[0];
         7041  +  leafCorrection = b.pRef->leaf*4;
         7042  +  leafData = b.pRef->intKeyLeaf;
  7001   7043     for(i=0; i<nOld; i++){
  7002         -    int limit;
  7003   7044       MemPage *pOld = apOld[i];
         7045  +    int limit = pOld->nCell;
         7046  +    u8 *aData = pOld->aData;
         7047  +    u16 maskPage = pOld->maskPage;
         7048  +    u8 *piCell = aData + pOld->cellOffset;
         7049  +    u8 *piEnd;
  7004   7050   
  7005   7051       /* Verify that all sibling pages are of the same "type" (table-leaf,
  7006   7052       ** table-interior, index-leaf, or index-interior).
  7007   7053       */
  7008   7054       if( pOld->aData[0]!=apOld[0]->aData[0] ){
  7009   7055         rc = SQLITE_CORRUPT_BKPT;
  7010   7056         goto balance_cleanup;
  7011   7057       }
  7012   7058   
  7013         -    limit = pOld->nCell+pOld->nOverflow;
         7059  +    /* Load b.apCell[] with pointers to all cells in pOld.  If pOld
         7060  +    ** constains overflow cells, include them in the b.apCell[] array
         7061  +    ** in the correct spot.
         7062  +    **
         7063  +    ** Note that when there are multiple overflow cells, it is always the
         7064  +    ** case that they are sequential and adjacent.  This invariant arises
         7065  +    ** because multiple overflows can only occurs when inserting divider
         7066  +    ** cells into a parent on a prior balance, and divider cells are always
         7067  +    ** adjacent and are inserted in order.  There is an assert() tagged
         7068  +    ** with "NOTE 1" in the overflow cell insertion loop to prove this
         7069  +    ** invariant.
         7070  +    **
         7071  +    ** This must be done in advance.  Once the balance starts, the cell
         7072  +    ** offset section of the btree page will be overwritten and we will no
         7073  +    ** long be able to find the cells if a pointer to each cell is not saved
         7074  +    ** first.
         7075  +    */
         7076  +    memset(&b.szCell[b.nCell], 0, sizeof(b.szCell[0])*limit);
  7014   7077       if( pOld->nOverflow>0 ){
  7015         -      for(j=0; j<limit; j++){
  7016         -        assert( nCell<nMaxCells );
  7017         -        apCell[nCell] = findOverflowCell(pOld, j);
  7018         -        szCell[nCell] = pOld->xCellSize(pOld, apCell[nCell]);
  7019         -        nCell++;
  7020         -      }
  7021         -    }else{
  7022         -      u8 *aData = pOld->aData;
  7023         -      u16 maskPage = pOld->maskPage;
  7024         -      u16 cellOffset = pOld->cellOffset;
         7078  +      memset(&b.szCell[b.nCell+limit], 0, sizeof(b.szCell[0])*pOld->nOverflow);
         7079  +      limit = pOld->aiOvfl[0];
  7025   7080         for(j=0; j<limit; j++){
  7026         -        assert( nCell<nMaxCells );
  7027         -        apCell[nCell] = findCellv2(aData, maskPage, cellOffset, j);
  7028         -        szCell[nCell] = pOld->xCellSize(pOld, apCell[nCell]);
  7029         -        nCell++;
         7081  +        b.apCell[b.nCell] = aData + (maskPage & get2byte(piCell));
         7082  +        piCell += 2;
         7083  +        b.nCell++;
  7030   7084         }
  7031         -    }       
  7032         -    cntOld[i] = nCell;
         7085  +      for(k=0; k<pOld->nOverflow; k++){
         7086  +        assert( k==0 || pOld->aiOvfl[k-1]+1==pOld->aiOvfl[k] );/* NOTE 1 */
         7087  +        b.apCell[b.nCell] = pOld->apOvfl[k];
         7088  +        b.nCell++;
         7089  +      }
         7090  +    }
         7091  +    piEnd = aData + pOld->cellOffset + 2*pOld->nCell;
         7092  +    while( piCell<piEnd ){
         7093  +      assert( b.nCell<nMaxCells );
         7094  +      b.apCell[b.nCell] = aData + (maskPage & get2byte(piCell));
         7095  +      piCell += 2;
         7096  +      b.nCell++;
         7097  +    }
         7098  +
         7099  +    cntOld[i] = b.nCell;
  7033   7100       if( i<nOld-1 && !leafData){
  7034   7101         u16 sz = (u16)szNew[i];
  7035   7102         u8 *pTemp;
  7036         -      assert( nCell<nMaxCells );
  7037         -      szCell[nCell] = sz;
         7103  +      assert( b.nCell<nMaxCells );
         7104  +      b.szCell[b.nCell] = sz;
  7038   7105         pTemp = &aSpace1[iSpace1];
  7039   7106         iSpace1 += sz;
  7040   7107         assert( sz<=pBt->maxLocal+23 );
  7041   7108         assert( iSpace1 <= (int)pBt->pageSize );
  7042   7109         memcpy(pTemp, apDiv[i], sz);
  7043         -      apCell[nCell] = pTemp+leafCorrection;
         7110  +      b.apCell[b.nCell] = pTemp+leafCorrection;
  7044   7111         assert( leafCorrection==0 || leafCorrection==4 );
  7045         -      szCell[nCell] = szCell[nCell] - leafCorrection;
         7112  +      b.szCell[b.nCell] = b.szCell[b.nCell] - leafCorrection;
  7046   7113         if( !pOld->leaf ){
  7047   7114           assert( leafCorrection==0 );
  7048   7115           assert( pOld->hdrOffset==0 );
  7049   7116           /* The right pointer of the child page pOld becomes the left
  7050   7117           ** pointer of the divider cell */
  7051         -        memcpy(apCell[nCell], &pOld->aData[8], 4);
         7118  +        memcpy(b.apCell[b.nCell], &pOld->aData[8], 4);
  7052   7119         }else{
  7053   7120           assert( leafCorrection==4 );
  7054         -        while( szCell[nCell]<4 ){
         7121  +        while( b.szCell[b.nCell]<4 ){
  7055   7122             /* Do not allow any cells smaller than 4 bytes. If a smaller cell
  7056   7123             ** does exist, pad it with 0x00 bytes. */
  7057         -          assert( szCell[nCell]==3 || CORRUPT_DB );
  7058         -          assert( apCell[nCell]==&aSpace1[iSpace1-3] || CORRUPT_DB );
         7124  +          assert( b.szCell[b.nCell]==3 || CORRUPT_DB );
         7125  +          assert( b.apCell[b.nCell]==&aSpace1[iSpace1-3] || CORRUPT_DB );
  7059   7126             aSpace1[iSpace1++] = 0x00;
  7060         -          szCell[nCell]++;
         7127  +          b.szCell[b.nCell]++;
  7061   7128           }
  7062   7129         }
  7063         -      nCell++;
         7130  +      b.nCell++;
  7064   7131       }
  7065   7132     }
  7066   7133   
  7067   7134     /*
  7068         -  ** Figure out the number of pages needed to hold all nCell cells.
         7135  +  ** Figure out the number of pages needed to hold all b.nCell cells.
  7069   7136     ** Store this number in "k".  Also compute szNew[] which is the total
  7070   7137     ** size of all cells on the i-th page and cntNew[] which is the index
  7071         -  ** in apCell[] of the cell that divides page i from page i+1.  
  7072         -  ** cntNew[k] should equal nCell.
         7138  +  ** in b.apCell[] of the cell that divides page i from page i+1.  
         7139  +  ** cntNew[k] should equal b.nCell.
  7073   7140     **
  7074   7141     ** Values computed by this block:
  7075   7142     **
  7076   7143     **           k: The total number of sibling pages
  7077   7144     **    szNew[i]: Spaced used on the i-th sibling page.
  7078         -  **   cntNew[i]: Index in apCell[] and szCell[] for the first cell to
         7145  +  **   cntNew[i]: Index in b.apCell[] and b.szCell[] for the first cell to
  7079   7146     **              the right of the i-th sibling page.
  7080   7147     ** usableSpace: Number of bytes of space available on each sibling.
  7081   7148     ** 
  7082   7149     */
  7083   7150     usableSpace = pBt->usableSize - 12 + leafCorrection;
  7084         -  for(subtotal=k=i=0; i<nCell; i++){
  7085         -    assert( i<nMaxCells );
  7086         -    subtotal += szCell[i] + 2;
  7087         -    if( subtotal > usableSpace ){
  7088         -      szNew[k] = subtotal - szCell[i] - 2;
  7089         -      cntNew[k] = i;
  7090         -      if( leafData ){ i--; }
  7091         -      subtotal = 0;
  7092         -      k++;
  7093         -      if( k>NB+1 ){ rc = SQLITE_CORRUPT_BKPT; goto balance_cleanup; }
  7094         -    }
  7095         -  }
  7096         -  szNew[k] = subtotal;
  7097         -  cntNew[k] = nCell;
  7098         -  k++;
         7151  +  for(i=0; i<nOld; i++){
         7152  +    MemPage *p = apOld[i];
         7153  +    szNew[i] = usableSpace - p->nFree;
         7154  +    if( szNew[i]<0 ){ rc = SQLITE_CORRUPT_BKPT; goto balance_cleanup; }
         7155  +    for(j=0; j<p->nOverflow; j++){
         7156  +      szNew[i] += 2 + p->xCellSize(p, p->apOvfl[j]);
         7157  +    }
         7158  +    cntNew[i] = cntOld[i];
         7159  +  }
         7160  +  k = nOld;
         7161  +  for(i=0; i<k; i++){
         7162  +    int sz;
         7163  +    while( szNew[i]>usableSpace ){
         7164  +      if( i+1>=k ){
         7165  +        k = i+2;
         7166  +        if( k>NB+2 ){ rc = SQLITE_CORRUPT_BKPT; goto balance_cleanup; }
         7167  +        szNew[k-1] = 0;
         7168  +        cntNew[k-1] = b.nCell;
         7169  +      }
         7170  +      sz = 2 + cachedCellSize(&b, cntNew[i]-1);
         7171  +      szNew[i] -= sz;
         7172  +      if( !leafData ){
         7173  +        if( cntNew[i]<b.nCell ){
         7174  +          sz = 2 + cachedCellSize(&b, cntNew[i]);
         7175  +        }else{
         7176  +          sz = 0;
         7177  +        }
         7178  +      }
         7179  +      szNew[i+1] += sz;
         7180  +      cntNew[i]--;
         7181  +    }
         7182  +    while( cntNew[i]<b.nCell ){
         7183  +      sz = 2 + cachedCellSize(&b, cntNew[i]);
         7184  +      if( szNew[i]+sz>usableSpace ) break;
         7185  +      szNew[i] += sz;
         7186  +      cntNew[i]++;
         7187  +      if( !leafData ){
         7188  +        if( cntNew[i]<b.nCell ){
         7189  +          sz = 2 + cachedCellSize(&b, cntNew[i]);
         7190  +        }else{
         7191  +          sz = 0;
         7192  +        }
         7193  +      }
         7194  +      szNew[i+1] -= sz;
         7195  +    }
         7196  +    if( cntNew[i]>=b.nCell ){
         7197  +      k = i+1;
         7198  +    }else if( cntNew[i] <= (i>0 ? cntNew[i-1] : 0) ){
         7199  +      rc = SQLITE_CORRUPT_BKPT;
         7200  +      goto balance_cleanup;
         7201  +    }
         7202  +  }
  7099   7203   
  7100   7204     /*
  7101   7205     ** The packing computed by the previous block is biased toward the siblings
  7102   7206     ** on the left side (siblings with smaller keys). The left siblings are
  7103   7207     ** always nearly full, while the right-most sibling might be nearly empty.
  7104   7208     ** The next block of code attempts to adjust the packing of siblings to
  7105   7209     ** get a better balance.
................................................................................
  7112   7216       int szRight = szNew[i];  /* Size of sibling on the right */
  7113   7217       int szLeft = szNew[i-1]; /* Size of sibling on the left */
  7114   7218       int r;              /* Index of right-most cell in left sibling */
  7115   7219       int d;              /* Index of first cell to the left of right sibling */
  7116   7220   
  7117   7221       r = cntNew[i-1] - 1;
  7118   7222       d = r + 1 - leafData;
  7119         -    assert( d<nMaxCells );
  7120         -    assert( r<nMaxCells );
  7121         -    while( szRight==0 
  7122         -       || (!bBulk && szRight+szCell[d]+2<=szLeft-(szCell[r]+2)) 
  7123         -    ){
  7124         -      szRight += szCell[d] + 2;
  7125         -      szLeft -= szCell[r] + 2;
  7126         -      cntNew[i-1]--;
  7127         -      r = cntNew[i-1] - 1;
  7128         -      d = r + 1 - leafData;
  7129         -    }
         7223  +    (void)cachedCellSize(&b, d);
         7224  +    do{
         7225  +      assert( d<nMaxCells );
         7226  +      assert( r<nMaxCells );
         7227  +      (void)cachedCellSize(&b, r);
         7228  +      if( szRight!=0
         7229  +       && (bBulk || szRight+b.szCell[d]+2 > szLeft-(b.szCell[r]+2)) ){
         7230  +        break;
         7231  +      }
         7232  +      szRight += b.szCell[d] + 2;
         7233  +      szLeft -= b.szCell[r] + 2;
         7234  +      cntNew[i-1] = r;
         7235  +      r--;
         7236  +      d--;
         7237  +    }while( r>=0 );
  7130   7238       szNew[i] = szRight;
  7131   7239       szNew[i-1] = szLeft;
         7240  +    if( cntNew[i-1] <= (i>1 ? cntNew[i-2] : 0) ){
         7241  +      rc = SQLITE_CORRUPT_BKPT;
         7242  +      goto balance_cleanup;
         7243  +    }
  7132   7244     }
  7133   7245   
  7134   7246     /* Sanity check:  For a non-corrupt database file one of the follwing
  7135   7247     ** must be true:
  7136   7248     **    (1) We found one or more cells (cntNew[0])>0), or
  7137   7249     **    (2) pPage is a virtual root page.  A virtual root page is when
  7138   7250     **        the real root page is page 1 and we are the only child of
................................................................................
  7160   7272       }else{
  7161   7273         assert( i>0 );
  7162   7274         rc = allocateBtreePage(pBt, &pNew, &pgno, (bBulk ? 1 : pgno), 0);
  7163   7275         if( rc ) goto balance_cleanup;
  7164   7276         zeroPage(pNew, pageFlags);
  7165   7277         apNew[i] = pNew;
  7166   7278         nNew++;
  7167         -      cntOld[i] = nCell;
         7279  +      cntOld[i] = b.nCell;
  7168   7280   
  7169   7281         /* Set the pointer-map entry for the new sibling page. */
  7170   7282         if( ISAUTOVACUUM ){
  7171   7283           ptrmapPut(pBt, pNew->pgno, PTRMAP_BTREE, pParent->pgno, &rc);
  7172   7284           if( rc!=SQLITE_OK ){
  7173   7285             goto balance_cleanup;
  7174   7286           }
................................................................................
  7265   7377       MemPage *pNew = apNew[0];
  7266   7378       u8 *aOld = pNew->aData;
  7267   7379       int cntOldNext = pNew->nCell + pNew->nOverflow;
  7268   7380       int usableSize = pBt->usableSize;
  7269   7381       int iNew = 0;
  7270   7382       int iOld = 0;
  7271   7383   
  7272         -    for(i=0; i<nCell; i++){
  7273         -      u8 *pCell = apCell[i];
         7384  +    for(i=0; i<b.nCell; i++){
         7385  +      u8 *pCell = b.apCell[i];
  7274   7386         if( i==cntOldNext ){
  7275   7387           MemPage *pOld = (++iOld)<nNew ? apNew[iOld] : apOld[iOld];
  7276   7388           cntOldNext += pOld->nCell + pOld->nOverflow + !leafData;
  7277   7389           aOld = pOld->aData;
  7278   7390         }
  7279   7391         if( i==cntNew[iNew] ){
  7280   7392           pNew = apNew[++iNew];
................................................................................
  7291   7403          || pNew->pgno!=aPgno[iOld]
  7292   7404          || pCell<aOld
  7293   7405          || pCell>=&aOld[usableSize]
  7294   7406         ){
  7295   7407           if( !leafCorrection ){
  7296   7408             ptrmapPut(pBt, get4byte(pCell), PTRMAP_BTREE, pNew->pgno, &rc);
  7297   7409           }
  7298         -        if( szCell[i]>pNew->minLocal ){
         7410  +        if( cachedCellSize(&b,i)>pNew->minLocal ){
  7299   7411             ptrmapPutOvflPtr(pNew, pCell, &rc);
  7300   7412           }
         7413  +        if( rc ) goto balance_cleanup;
  7301   7414         }
  7302   7415       }
  7303   7416     }
  7304   7417   
  7305   7418     /* Insert new divider cells into pParent. */
  7306   7419     for(i=0; i<nNew-1; i++){
  7307   7420       u8 *pCell;
  7308   7421       u8 *pTemp;
  7309   7422       int sz;
  7310   7423       MemPage *pNew = apNew[i];
  7311   7424       j = cntNew[i];
  7312   7425   
  7313   7426       assert( j<nMaxCells );
  7314         -    pCell = apCell[j];
  7315         -    sz = szCell[j] + leafCorrection;
         7427  +    assert( b.apCell[j]!=0 );
         7428  +    pCell = b.apCell[j];
         7429  +    sz = b.szCell[j] + leafCorrection;
  7316   7430       pTemp = &aOvflSpace[iOvflSpace];
  7317   7431       if( !pNew->leaf ){
  7318   7432         memcpy(&pNew->aData[8], pCell, 4);
  7319   7433       }else if( leafData ){
  7320   7434         /* If the tree is a leaf-data tree, and the siblings are leaves, 
  7321         -      ** then there is no divider cell in apCell[]. Instead, the divider 
         7435  +      ** then there is no divider cell in b.apCell[]. Instead, the divider 
  7322   7436         ** cell consists of the integer key for the right-most cell of 
  7323   7437         ** the sibling-page assembled above only.
  7324   7438         */
  7325   7439         CellInfo info;
  7326   7440         j--;
  7327         -      pNew->xParseCell(pNew, apCell[j], &info);
         7441  +      pNew->xParseCell(pNew, b.apCell[j], &info);
  7328   7442         pCell = pTemp;
  7329   7443         sz = 4 + putVarint(&pCell[4], info.nKey);
  7330   7444         pTemp = 0;
  7331   7445       }else{
  7332   7446         pCell -= 4;
  7333   7447         /* Obscure case for non-leaf-data trees: If the cell at pCell was
  7334   7448         ** previously stored on a leaf node, and its reported size was 4
................................................................................
  7337   7451         ** any cell). But it is important to pass the correct size to 
  7338   7452         ** insertCell(), so reparse the cell now.
  7339   7453         **
  7340   7454         ** Note that this can never happen in an SQLite data file, as all
  7341   7455         ** cells are at least 4 bytes. It only happens in b-trees used
  7342   7456         ** to evaluate "IN (SELECT ...)" and similar clauses.
  7343   7457         */
  7344         -      if( szCell[j]==4 ){
         7458  +      if( b.szCell[j]==4 ){
  7345   7459           assert(leafCorrection==4);
  7346   7460           sz = pParent->xCellSize(pParent, pCell);
  7347   7461         }
  7348   7462       }
  7349   7463       iOvflSpace += sz;
  7350   7464       assert( sz<=pBt->maxLocal+23 );
  7351   7465       assert( iOvflSpace <= (int)pBt->pageSize );
................................................................................
  7395   7509         ** only after iPg+1 has already been updated. */
  7396   7510         assert( cntNew[iPg]>=cntOld[iPg] || abDone[iPg+1] );
  7397   7511   
  7398   7512         if( iPg==0 ){
  7399   7513           iNew = iOld = 0;
  7400   7514           nNewCell = cntNew[0];
  7401   7515         }else{
  7402         -        iOld = iPg<nOld ? (cntOld[iPg-1] + !leafData) : nCell;
         7516  +        iOld = iPg<nOld ? (cntOld[iPg-1] + !leafData) : b.nCell;
  7403   7517           iNew = cntNew[iPg-1] + !leafData;
  7404   7518           nNewCell = cntNew[iPg] - iNew;
  7405   7519         }
  7406   7520   
  7407         -      editPage(apNew[iPg], iOld, iNew, nNewCell, apCell, szCell);
         7521  +      rc = editPage(apNew[iPg], iOld, iNew, nNewCell, &b);
         7522  +      if( rc ) goto balance_cleanup;
  7408   7523         abDone[iPg]++;
  7409   7524         apNew[iPg]->nFree = usableSpace-szNew[iPg];
  7410   7525         assert( apNew[iPg]->nOverflow==0 );
  7411   7526         assert( apNew[iPg]->nCell==nNewCell );
  7412   7527       }
  7413   7528     }
  7414   7529   
................................................................................
  7451   7566         u32 key = get4byte(&apNew[i]->aData[8]);
  7452   7567         ptrmapPut(pBt, key, PTRMAP_BTREE, apNew[i]->pgno, &rc);
  7453   7568       }
  7454   7569     }
  7455   7570   
  7456   7571     assert( pParent->isInit );
  7457   7572     TRACE(("BALANCE: finished: old=%d new=%d cells=%d\n",
  7458         -          nOld, nNew, nCell));
         7573  +          nOld, nNew, b.nCell));
  7459   7574   
  7460   7575     /* Free any old pages that were not reused as new pages.
  7461   7576     */
  7462   7577     for(i=nNew; i<nOld; i++){
  7463   7578       freePage(apOld[i], &rc);
  7464   7579     }
  7465   7580   
................................................................................
  7474   7589     }
  7475   7590   #endif
  7476   7591   
  7477   7592     /*
  7478   7593     ** Cleanup before returning.
  7479   7594     */
  7480   7595   balance_cleanup:
  7481         -  sqlite3ScratchFree(apCell);
         7596  +  sqlite3ScratchFree(b.apCell);
  7482   7597     for(i=0; i<nOld; i++){
  7483   7598       releasePage(apOld[i]);
  7484   7599     }
  7485   7600     for(i=0; i<nNew; i++){
  7486   7601       releasePage(apNew[i]);
  7487   7602     }
  7488   7603   
................................................................................
  9336   9451   }
  9337   9452   
  9338   9453   /* 
  9339   9454   ** Mark this cursor as an incremental blob cursor.
  9340   9455   */
  9341   9456   void sqlite3BtreeIncrblobCursor(BtCursor *pCur){
  9342   9457     pCur->curFlags |= BTCF_Incrblob;
         9458  +  pCur->pBtree->hasIncrblobCur = 1;
  9343   9459   }
  9344   9460   #endif
  9345   9461   
  9346   9462   /*
  9347   9463   ** Set both the "read version" (single byte at byte offset 18) and 
  9348   9464   ** "write version" (single byte at byte offset 19) fields in the database
  9349   9465   ** header to iVersion.

Changes to src/btreeInt.h.

   349    349   */
   350    350   struct Btree {
   351    351     sqlite3 *db;       /* The database connection holding this btree */
   352    352     BtShared *pBt;     /* Sharable content of this btree */
   353    353     u8 inTrans;        /* TRANS_NONE, TRANS_READ or TRANS_WRITE */
   354    354     u8 sharable;       /* True if we can share pBt with another db */
   355    355     u8 locked;         /* True if db currently has pBt locked */
          356  +  u8 hasIncrblobCur; /* True if there are one or more Incrblob cursors */
   356    357     int wantToLock;    /* Number of nested calls to sqlite3BtreeEnter() */
   357    358     int nBackup;       /* Number of backup operations reading this btree */
   358    359     u32 iDataVersion;  /* Combines with pBt->pPager->iDataVersion */
   359    360     Btree *pNext;      /* List of other sharable Btrees from the same db */
   360    361     Btree *pPrev;      /* Back pointer of the same list */
   361    362   #ifndef SQLITE_OMIT_SHARED_CACHE
   362    363     BtLock lock;       /* Object used to lock page 1 */

Changes to src/select.c.

  1388   1388   
  1389   1389         assert( pTab && pExpr->pTab==pTab );
  1390   1390         if( pS ){
  1391   1391           /* The "table" is actually a sub-select or a view in the FROM clause
  1392   1392           ** of the SELECT statement. Return the declaration type and origin
  1393   1393           ** data for the result-set column of the sub-select.
  1394   1394           */
  1395         -        if( iCol>=0 && iCol<pS->pEList->nExpr ){
         1395  +        if( iCol>=0 && ALWAYS(iCol<pS->pEList->nExpr) ){
  1396   1396             /* If iCol is less than zero, then the expression requests the
  1397   1397             ** rowid of the sub-select or view. This expression is legal (see 
  1398   1398             ** test case misc2.2.2) - it always evaluates to NULL.
         1399  +          **
         1400  +          ** The ALWAYS() is because iCol>=pS->pEList->nExpr will have been
         1401  +          ** caught already by name resolution.
  1399   1402             */
  1400   1403             NameContext sNC;
  1401   1404             Expr *p = pS->pEList->a[iCol].pExpr;
  1402   1405             sNC.pSrcList = pS->pSrc;
  1403   1406             sNC.pNext = pNC;
  1404   1407             sNC.pParse = pNC->pParse;
  1405   1408             zType = columnType(&sNC, p,&zOrigDb,&zOrigTab,&zOrigCol, &estWidth); 
................................................................................
  1870   1873     CollSeq *pRet;
  1871   1874     if( p->pPrior ){
  1872   1875       pRet = multiSelectCollSeq(pParse, p->pPrior, iCol);
  1873   1876     }else{
  1874   1877       pRet = 0;
  1875   1878     }
  1876   1879     assert( iCol>=0 );
  1877         -  if( pRet==0 && iCol<p->pEList->nExpr ){
         1880  +  /* iCol must be less than p->pEList->nExpr.  Otherwise an error would
         1881  +  ** have been thrown during name resolution and we would not have gotten
         1882  +  ** this far */
         1883  +  if( pRet==0 && ALWAYS(iCol<p->pEList->nExpr) ){
  1878   1884       pRet = sqlite3ExprCollSeq(pParse, p->pEList->a[iCol].pExpr);
  1879   1885     }
  1880   1886     return pRet;
  1881   1887   }
  1882   1888   
  1883   1889   /*
  1884   1890   ** The select statement passed as the second parameter is a compound SELECT
................................................................................
  2851   2857     ** collation.
  2852   2858     */
  2853   2859     aPermute = sqlite3DbMallocRaw(db, sizeof(int)*nOrderBy);
  2854   2860     if( aPermute ){
  2855   2861       struct ExprList_item *pItem;
  2856   2862       for(i=0, pItem=pOrderBy->a; i<nOrderBy; i++, pItem++){
  2857   2863         assert( pItem->u.x.iOrderByCol>0 );
  2858         -      /* assert( pItem->u.x.iOrderByCol<=p->pEList->nExpr ) is also true
  2859         -      ** but only for well-formed SELECT statements. */
  2860         -      testcase( pItem->u.x.iOrderByCol > p->pEList->nExpr );
         2864  +      assert( pItem->u.x.iOrderByCol<=p->pEList->nExpr );
  2861   2865         aPermute[i] = pItem->u.x.iOrderByCol - 1;
  2862   2866       }
  2863   2867       pKeyMerge = multiSelectOrderByKeyInfo(pParse, p, 1);
  2864   2868     }else{
  2865   2869       pKeyMerge = 0;
  2866   2870     }
  2867   2871   
................................................................................
  3423   3427       if( isAgg || (p->selFlags & SF_Distinct)!=0 || pSrc->nSrc!=1 ){
  3424   3428         return 0;
  3425   3429       }
  3426   3430       for(pSub1=pSub; pSub1; pSub1=pSub1->pPrior){
  3427   3431         testcase( (pSub1->selFlags & (SF_Distinct|SF_Aggregate))==SF_Distinct );
  3428   3432         testcase( (pSub1->selFlags & (SF_Distinct|SF_Aggregate))==SF_Aggregate );
  3429   3433         assert( pSub->pSrc!=0 );
         3434  +      assert( pSub->pEList->nExpr==pSub1->pEList->nExpr );
  3430   3435         if( (pSub1->selFlags & (SF_Distinct|SF_Aggregate))!=0
  3431   3436          || (pSub1->pPrior && pSub1->op!=TK_ALL) 
  3432   3437          || pSub1->pSrc->nSrc<1
  3433         -       || pSub->pEList->nExpr!=pSub1->pEList->nExpr
  3434   3438         ){
  3435   3439           return 0;
  3436   3440         }
  3437   3441         testcase( pSub1->pSrc->nSrc>1 );
  3438   3442       }
  3439   3443   
  3440   3444       /* Restriction 18. */

Changes to src/vdbe.c.

   578    578     assert( p->explain==0 );
   579    579     p->pResultSet = 0;
   580    580     db->busyHandler.nBusy = 0;
   581    581     if( db->u1.isInterrupted ) goto abort_due_to_interrupt;
   582    582     sqlite3VdbeIOTraceSql(p);
   583    583   #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
   584    584     if( db->xProgress ){
          585  +    u32 iPrior = p->aCounter[SQLITE_STMTSTATUS_VM_STEP];
   585    586       assert( 0 < db->nProgressOps );
   586         -    nProgressLimit = (unsigned)p->aCounter[SQLITE_STMTSTATUS_VM_STEP];
   587         -    if( nProgressLimit==0 ){
   588         -      nProgressLimit = db->nProgressOps;
   589         -    }else{
   590         -      nProgressLimit %= (unsigned)db->nProgressOps;
   591         -    }
          587  +    nProgressLimit = db->nProgressOps - (iPrior % db->nProgressOps);
   592    588     }
   593    589   #endif
   594    590   #ifdef SQLITE_DEBUG
   595    591     sqlite3BeginBenignMalloc();
   596    592     if( p->pc==0
   597    593      && (p->db->flags & (SQLITE_VdbeListing|SQLITE_VdbeEQP|SQLITE_VdbeTrace))!=0
   598    594     ){

Changes to test/fuzzcheck.c.

    67     67   #include <stdio.h>
    68     68   #include <stdlib.h>
    69     69   #include <string.h>
    70     70   #include <stdarg.h>
    71     71   #include <ctype.h>
    72     72   #include "sqlite3.h"
    73     73   
           74  +#ifdef __unix__
           75  +# include <signal.h>
           76  +# include <unistd.h>
           77  +#endif
           78  +
    74     79   /*
    75     80   ** Files in the virtual file system.
    76     81   */
    77     82   typedef struct VFile VFile;
    78     83   struct VFile {
    79     84     char *zFilename;        /* Filename.  NULL for delete-on-close. From malloc() */
    80     85     int sz;                 /* Size of the file in bytes */
................................................................................
   135    140     va_start(ap, zFormat);
   136    141     vfprintf(stderr, zFormat, ap);
   137    142     va_end(ap);
   138    143     fprintf(stderr, "\n");
   139    144     exit(1);
   140    145   }
   141    146   
          147  +/*
          148  +** Timeout handler
          149  +*/
          150  +#ifdef __unix__
          151  +static void timeoutHandler(int NotUsed){
          152  +  (void)NotUsed;
          153  +  fatalError("timeout\n");
          154  +}
          155  +#endif
          156  +
          157  +/*
          158  +** Set the an alarm to go off after N seconds.  Disable the alarm
          159  +** if N==0
          160  +*/
          161  +static void setAlarm(int N){
          162  +#ifdef __unix__
          163  +  alarm(N);
          164  +#else
          165  +  (void)N;
          166  +#endif
          167  +}
          168  +
          169  +#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
          170  +/*
          171  +** This an SQL progress handler.  After an SQL statement has run for
          172  +** many steps, we want to interrupt it.  This guards against infinite
          173  +** loops from recursive common table expressions.
          174  +**
          175  +** *pVdbeLimitFlag is true if the --limit-vdbe command-line option is used.
          176  +** In that case, hitting the progress handler is a fatal error.
          177  +*/
          178  +static int progressHandler(void *pVdbeLimitFlag){
          179  +  if( *(int*)pVdbeLimitFlag ) fatalError("too many VDBE cycles");
          180  +  return 1;
          181  +}
          182  +#endif
          183  +
   142    184   /*
   143    185   ** Reallocate memory.  Show and error and quit if unable.
   144    186   */
   145    187   static void *safe_realloc(void *pOld, int szNew){
   146    188     void *pNew = realloc(pOld, szNew);
   147    189     if( pNew==0 ) fatalError("unable to realloc for %d bytes", szNew);
   148    190     return pNew;
................................................................................
   610    652             }
   611    653           }
   612    654         }         
   613    655         sqlite3_finalize(pStmt);
   614    656       }
   615    657     }
   616    658   }
          659  +
          660  +/*
          661  +** Rebuild the database file.
          662  +**
          663  +**    (1)  Remove duplicate entries
          664  +**    (2)  Put all entries in order
          665  +**    (3)  Vacuum
          666  +*/
          667  +static void rebuild_database(sqlite3 *db){
          668  +  int rc;
          669  +  rc = sqlite3_exec(db, 
          670  +     "BEGIN;\n"
          671  +     "CREATE TEMP TABLE dbx AS SELECT DISTINCT dbcontent FROM db;\n"
          672  +     "DELETE FROM db;\n"
          673  +     "INSERT INTO db(dbid, dbcontent) SELECT NULL, dbcontent FROM dbx ORDER BY 2;\n"
          674  +     "DROP TABLE dbx;\n"
          675  +     "CREATE TEMP TABLE sx AS SELECT DISTINCT sqltext FROM xsql;\n"
          676  +     "DELETE FROM xsql;\n"
          677  +     "INSERT INTO xsql(sqlid,sqltext) SELECT NULL, sqltext FROM sx ORDER BY 2;\n"
          678  +     "DROP TABLE sx;\n"
          679  +     "COMMIT;\n"
          680  +     "PRAGMA page_size=1024;\n"
          681  +     "VACUUM;\n", 0, 0, 0);
          682  +  if( rc ) fatalError("cannot rebuild: %s", sqlite3_errmsg(db));
          683  +}
   617    684   
   618    685   /*
   619    686   ** Print sketchy documentation for this utility program
   620    687   */
   621    688   static void showHelp(void){
   622    689     printf("Usage: %s [options] SOURCE-DB ?ARGS...?\n", g.zArgv0);
   623    690     printf(
   624    691   "Read databases and SQL scripts from SOURCE-DB and execute each script against\n"
   625    692   "each database, checking for crashes and memory leaks.\n"
   626    693   "Options:\n"
   627    694   "  --cell-size-check     Set the PRAGMA cell_size_check=ON\n"
   628    695   "  --dbid N              Use only the database where dbid=N\n"
   629         -"  --help                Show this help text\n"    
          696  +"  --help                Show this help text\n"
   630    697   "  -q                    Reduced output\n"
   631    698   "  --quiet               Reduced output\n"
          699  +"  --limit-vdbe          Panic if an sync SQL runs for more than 100,000 cycles\n"
   632    700   "  --load-sql ARGS...    Load SQL scripts fro files into SOURCE-DB\n"
   633    701   "  --load-db ARGS...     Load template databases from files into SOURCE_DB\n"
   634    702   "  -m TEXT               Add a description to the database\n"
   635    703   "  --native-vfs          Use the native VFS for initially empty database files\n"
          704  +"  --rebuild             Rebuild and vacuum the database file\n"
   636    705   "  --result-trace        Show the results of each SQL command\n"
   637    706   "  --sqlid N             Use only SQL where sqlid=N\n"
          707  +"  --timeline N          Abort if any single test case needs more than N seconds\n"
   638    708   "  -v                    Increased output\n"
   639    709   "  --verbose             Increased output\n"
   640    710     );
   641    711   }
   642    712   
   643    713   int main(int argc, char **argv){
   644    714     sqlite3_int64 iBegin;        /* Start time of this program */
................................................................................
   651    721     int rc;                      /* Result code from SQLite interface calls */
   652    722     Blob *pSql;                  /* For looping over SQL scripts */
   653    723     Blob *pDb;                   /* For looping over template databases */
   654    724     int i;                       /* Loop index for the argv[] loop */
   655    725     int onlySqlid = -1;          /* --sqlid */
   656    726     int onlyDbid = -1;           /* --dbid */
   657    727     int nativeFlag = 0;          /* --native-vfs */
          728  +  int rebuildFlag = 0;         /* --rebuild */
          729  +  int vdbeLimitFlag = 0;       /* --limit-vdbe */
          730  +  int timeoutTest = 0;         /* undocumented --timeout-test flag */
   658    731     int runFlags = 0;            /* Flags sent to runSql() */
   659    732     char *zMsg = 0;              /* Add this message */
   660    733     int nSrcDb = 0;              /* Number of source databases */
   661    734     char **azSrcDb = 0;          /* Array of source database names */
   662    735     int iSrcDb;                  /* Loop over all source databases */
   663    736     int nTest = 0;               /* Total number of tests performed */
   664    737     char *zDbName = "";          /* Appreviated name of a source database */
   665    738     const char *zFailCode = 0;   /* Value of the TEST_FAILURE environment variable */
   666    739     int cellSzCkFlag = 0;        /* --cell-size-check */
          740  +  int sqlFuzz = 0;             /* True for SQL fuzz testing. False for DB fuzz */
          741  +  int iTimeout = 120;          /* Default 120-second timeout */
   667    742   
   668    743     iBegin = timeOfDay();
          744  +#ifdef __unix__
          745  +  signal(SIGALRM, timeoutHandler);
          746  +#endif
   669    747     g.zArgv0 = argv[0];
   670    748     zFailCode = getenv("TEST_FAILURE");
   671    749     for(i=1; i<argc; i++){
   672    750       const char *z = argv[i];
   673    751       if( z[0]=='-' ){
   674    752         z++;
   675    753         if( z[0]=='-' ) z++;
................................................................................
   679    757         if( strcmp(z,"dbid")==0 ){
   680    758           if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]);
   681    759           onlyDbid = atoi(argv[++i]);
   682    760         }else
   683    761         if( strcmp(z,"help")==0 ){
   684    762           showHelp();
   685    763           return 0;
          764  +      }else
          765  +      if( strcmp(z,"limit-vdbe")==0 ){
          766  +        vdbeLimitFlag = 1;
   686    767         }else
   687    768         if( strcmp(z,"load-sql")==0 ){
   688    769           zInsSql = "INSERT INTO xsql(sqltext) VALUES(CAST(readfile(?1) AS text))";
   689    770           iFirstInsArg = i+1;
   690    771           break;
   691    772         }else
   692    773         if( strcmp(z,"load-db")==0 ){
................................................................................
   700    781         }else
   701    782         if( strcmp(z,"native-vfs")==0 ){
   702    783           nativeFlag = 1;
   703    784         }else
   704    785         if( strcmp(z,"quiet")==0 || strcmp(z,"q")==0 ){
   705    786           quietFlag = 1;
   706    787           verboseFlag = 0;
          788  +      }else
          789  +      if( strcmp(z,"rebuild")==0 ){
          790  +        rebuildFlag = 1;
   707    791         }else
   708    792         if( strcmp(z,"result-trace")==0 ){
   709    793           runFlags |= SQL_OUTPUT;
   710    794         }else
   711    795         if( strcmp(z,"sqlid")==0 ){
   712    796           if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]);
   713    797           onlySqlid = atoi(argv[++i]);
          798  +      }else
          799  +      if( strcmp(z,"timeout")==0 ){
          800  +        if( i>=argc-1 ) fatalError("missing arguments on %s", argv[i]);
          801  +        iTimeout = atoi(argv[++i]);
          802  +      }else
          803  +      if( strcmp(z,"timeout-test")==0 ){
          804  +        timeoutTest = 1;
          805  +#ifndef __unix__
          806  +        fatalError("timeout is not available on non-unix systems");
          807  +#endif
   714    808         }else
   715    809         if( strcmp(z,"verbose")==0 || strcmp(z,"v")==0 ){
   716    810           quietFlag = 0;
   717    811           verboseFlag = 1;
   718    812           runFlags |= SQL_TRACE;
   719    813         }else
   720    814         {
................................................................................
   739    833     /* Process each source database separately */
   740    834     for(iSrcDb=0; iSrcDb<nSrcDb; iSrcDb++){
   741    835       rc = sqlite3_open(azSrcDb[iSrcDb], &db);
   742    836       if( rc ){
   743    837         fatalError("cannot open source database %s - %s",
   744    838         azSrcDb[iSrcDb], sqlite3_errmsg(db));
   745    839       }
   746         -    rc = sqlite3_exec(db, 
          840  +    rc = sqlite3_exec(db,
   747    841          "CREATE TABLE IF NOT EXISTS db(\n"
   748    842          "  dbid INTEGER PRIMARY KEY, -- database id\n"
   749    843          "  dbcontent BLOB            -- database disk file image\n"
   750    844          ");\n"
   751    845          "CREATE TABLE IF NOT EXISTS xsql(\n"
   752    846          "  sqlid INTEGER PRIMARY KEY,   -- SQL script id\n"
   753    847          "  sqltext TEXT                 -- Text of SQL statements to run\n"
................................................................................
   777    871           sqlite3_step(pStmt);
   778    872           rc = sqlite3_reset(pStmt);
   779    873           if( rc ) fatalError("insert failed for %s", argv[i]);
   780    874         }
   781    875         sqlite3_finalize(pStmt);
   782    876         rc = sqlite3_exec(db, "COMMIT", 0, 0, 0);
   783    877         if( rc ) fatalError("cannot commit the transaction: %s", sqlite3_errmsg(db));
          878  +      rebuild_database(db);
   784    879         sqlite3_close(db);
   785    880         return 0;
   786    881       }
   787    882     
   788    883       /* Load all SQL script content and all initial database images from the
   789    884       ** source db
   790    885       */
................................................................................
   795    890                          &g.nDb, &g.pFirstDb);
   796    891       if( g.nDb==0 ){
   797    892         g.pFirstDb = safe_realloc(0, sizeof(Blob));
   798    893         memset(g.pFirstDb, 0, sizeof(Blob));
   799    894         g.pFirstDb->id = 1;
   800    895         g.pFirstDb->seq = 0;
   801    896         g.nDb = 1;
          897  +      sqlFuzz = 1;
   802    898       }
   803    899     
   804    900       /* Print the description, if there is one */
   805    901       if( !quietFlag ){
   806    902         int i;
   807    903         zDbName = azSrcDb[iSrcDb];
   808    904         i = strlen(zDbName) - 1;
................................................................................
   810    906         zDbName += i;
   811    907         sqlite3_prepare_v2(db, "SELECT msg FROM readme", -1, &pStmt, 0);
   812    908         if( pStmt && sqlite3_step(pStmt)==SQLITE_ROW ){
   813    909           printf("%s: %s\n", zDbName, sqlite3_column_text(pStmt,0));
   814    910         }
   815    911         sqlite3_finalize(pStmt);
   816    912       }
          913  +
          914  +    /* Rebuild the database, if requested */
          915  +    if( rebuildFlag ){
          916  +      if( !quietFlag ){
          917  +        printf("%s: rebuilding... ", zDbName);
          918  +        fflush(stdout);
          919  +      }
          920  +      rebuild_database(db);
          921  +      if( !quietFlag ) printf("done\n");
          922  +    }
   817    923     
   818    924       /* Close the source database.  Verify that no SQLite memory allocations are
   819    925       ** outstanding.
   820    926       */
   821    927       sqlite3_close(db);
   822    928       if( sqlite3_memory_used()>0 ){
   823    929         fatalError("SQLite has memory in use before the start of testing");
................................................................................
   855    961           if( nativeFlag && pDb->sz==0 ){
   856    962             openFlags |= SQLITE_OPEN_MEMORY;
   857    963             zVfs = 0;
   858    964           }
   859    965           rc = sqlite3_open_v2("main.db", &db, openFlags, zVfs);
   860    966           if( rc ) fatalError("cannot open inmem database");
   861    967           if( cellSzCkFlag ) runSql(db, "PRAGMA cell_size_check=ON", runFlags);
   862         -        runSql(db, (char*)pSql->a, runFlags);
          968  +        setAlarm(iTimeout);
          969  +#ifndef SQLITE_OMIT_PROGRESS_CALLBACK
          970  +        if( sqlFuzz || vdbeLimitFlag ){
          971  +          sqlite3_progress_handler(db, 100000, progressHandler, &vdbeLimitFlag);
          972  +        }
          973  +#endif
          974  +        do{
          975  +          runSql(db, (char*)pSql->a, runFlags);
          976  +        }while( timeoutTest );
          977  +        setAlarm(0);
   863    978           sqlite3_close(db);
   864    979           if( sqlite3_memory_used()>0 ) fatalError("memory leak");
   865    980           reformatVfs();
   866    981           nTest++;
   867    982           g.zTestName[0] = 0;
   868    983   
   869    984           /* Simulate an error if the TEST_FAILURE environment variable is "5".

Changes to test/fuzzdata3.db.

cannot compute difference between binary files

Changes to test/malloc5.test.

   185    185       SELECT * FROM abc;
   186    186     }
   187    187     execsql {
   188    188       SELECT * FROM sqlite_master;
   189    189       BEGIN;
   190    190       SELECT * FROM def;
   191    191     } db2
   192         -  sqlite3_release_memory
   193         -} [expr $::pgalloc * 2]
          192  +  value_in_range [expr $::pgalloc*2] 0.99 [sqlite3_release_memory]
          193  +} [value_in_range [expr $::pgalloc * 2] 0.99]
   194    194   do_test malloc5-3.2 {
   195    195     concat \
   196    196       [execsql {SELECT * FROM abc; COMMIT}] \
   197    197       [execsql {SELECT * FROM def; COMMIT} db2]
   198    198   } {1 2 3 4 5 6 7 8 9 10 11 12}
   199    199   
   200    200   db2 close

Changes to test/spellfix.test.

   279    279     do_tracesql_test 6.2.3 {
   280    280       SELECT word, distance FROM t3 WHERE rowid = 10 AND word MATCH 'kiiner';
   281    281     } {keener 300
   282    282       {SELECT id, word, rank, k1  FROM "main"."t3_vocab" WHERE langid=0 AND k2>=?1 AND k2<?2}
   283    283     }
   284    284   }
   285    285   
          286  +#------------------------------------------------------------------------- 
          287  +# Test that the spellfix1 table supports conflict handling (OR REPLACE 
          288  +# and so on).
          289  +#
          290  +do_execsql_test 7.1 {
          291  +  CREATE VIRTUAL TABLE t4 USING spellfix1;
          292  +  PRAGMA table_info = t4;
          293  +} {
          294  +  0 word {} 0 {} 0 
          295  +  1 rank {} 0 {} 0 
          296  +  2 distance {} 0 {} 0 
          297  +  3 langid {} 0 {} 0 
          298  +  4 score {} 0 {} 0 
          299  +  5 matchlen {} 0 {} 0
          300  +}
          301  +
          302  +do_execsql_test 7.2.1 {
          303  +  INSERT INTO t4(rowid, word) VALUES(1, 'Archilles');
          304  +  INSERT INTO t4(rowid, word) VALUES(2, 'Pluto');
          305  +  INSERT INTO t4(rowid, word) VALUES(3, 'Atrides');
          306  +  INSERT OR REPLACE INTO t4(rowid, word) VALUES(2, 'Apollo');
          307  +  SELECT rowid, word FROM t4;
          308  +} {
          309  +  1 Archilles   2 Apollo   3 Atrides
          310  +}
          311  +do_catchsql_test 7.2.2 {
          312  +  INSERT OR ABORT INTO t4(rowid, word) VALUES(1, 'Leto');
          313  +} {1 {constraint failed}}
          314  +do_catchsql_test 7.2.3 {
          315  +  INSERT OR ROLLBACK INTO t4(rowid, word) VALUES(3, 'Zeus');
          316  +} {1 {constraint failed}}
          317  +do_catchsql_test 7.2.4 {
          318  +  INSERT OR FAIL INTO t4(rowid, word) VALUES(3, 'Zeus');
          319  +} {1 {constraint failed}}
          320  +do_execsql_test 7.2.5 {
          321  +  INSERT OR IGNORE INTO t4(rowid, word) VALUES(3, 'Zeus');
          322  +  SELECT rowid, word FROM t4;
          323  +} {
          324  +  1 Archilles   2 Apollo   3 Atrides
          325  +}
          326  +
          327  +do_execsql_test 7.3.1 {
          328  +  UPDATE OR REPLACE t4 SET rowid=3 WHERE rowid=1;
          329  +  SELECT rowid, word FROM t4;
          330  +} {2 Apollo 3 Archilles}
          331  +do_catchsql_test 7.3.2 {
          332  +  UPDATE OR ABORT t4 SET rowid=3 WHERE rowid=2;
          333  +} {1 {constraint failed}}
          334  +do_catchsql_test 7.3.3 {
          335  +  UPDATE OR ROLLBACK t4 SET rowid=3 WHERE rowid=2;
          336  +} {1 {constraint failed}}
          337  +do_catchsql_test 7.3.4 {
          338  +  UPDATE OR FAIL t4 SET rowid=3 WHERE rowid=2;
          339  +} {1 {constraint failed}}
          340  +do_execsql_test 7.3.5 {
          341  +  UPDATE OR IGNORE t4 SET rowid=3 WHERE rowid=2;
          342  +  SELECT rowid, word FROM t4;
          343  +} {2 Apollo  3 Archilles}
          344  +
          345  +do_execsql_test 7.4.1 {
          346  +  DELETE FROM t4;
          347  +  INSERT INTO t4(rowid, word) VALUES(10, 'Agamemnon');
          348  +  INSERT INTO t4(rowid, word) VALUES(20, 'Patroclus');
          349  +  INSERT INTO t4(rowid, word) VALUES(30, 'Chryses');
          350  +
          351  +  CREATE TABLE t5(i, w);
          352  +  INSERT INTO t5 VALUES(5,  'Poseidon');
          353  +  INSERT INTO t5 VALUES(20, 'Chronos');
          354  +  INSERT INTO t5 VALUES(30, 'Hera');
          355  +}
          356  +
          357  +db_save_and_close
          358  +foreach {tn conflict err bRollback res} {
          359  +  0 ""            {1 {constraint failed}} 0
          360  +                  {10 Agamemnon 20 Patroclus 30 Chryses}
          361  +  1 "OR REPLACE"  {0 {}} 0
          362  +                  {5 Poseidon 10 Agamemnon 20 Chronos 30 Hera}
          363  +  2 "OR ABORT"    {1 {constraint failed}} 0
          364  +                  {10 Agamemnon 20 Patroclus 30 Chryses}
          365  +  3 "OR ROLLBACK" {1 {constraint failed}} 1
          366  +                  {10 Agamemnon 20 Patroclus 30 Chryses}
          367  +  5 "OR IGNORE"   {0 {}} 0
          368  +                  {5 Poseidon 10 Agamemnon 20 Patroclus 30 Chryses}
          369  +} {
          370  +  db_restore_and_reopen
          371  +  load_static_extension db spellfix nextchar
          372  +
          373  +  execsql BEGIN
          374  +  set sql "INSERT $conflict INTO t4(rowid, word) SELECT i, w FROM t5"
          375  +  do_catchsql_test 7.4.2.$tn.1 $sql $err
          376  +  do_execsql_test 7.4.2.$tn.2 { SELECT rowid, word FROM t4 } $res
          377  +
          378  +  do_test 7.4.2.$tn.3 { sqlite3_get_autocommit db } $bRollback
          379  +  catchsql ROLLBACK
          380  +}
   286    381   
          382  +foreach {tn conflict err bRollback res} {
          383  +  0 ""            {1 {constraint failed}} 0
          384  +                  {10 Agamemnon 20 Patroclus 30 Chryses}
          385  +  1 "OR REPLACE"  {0 {}} 0
          386  +                  {15 Agamemnon 45 Chryses}
          387  +  2 "OR ABORT"    {1 {constraint failed}} 0
          388  +                  {10 Agamemnon 20 Patroclus 30 Chryses}
          389  +  3 "OR ROLLBACK" {1 {constraint failed}} 1
          390  +                  {10 Agamemnon 20 Patroclus 30 Chryses}
          391  +  5 "OR IGNORE"   {0 {}} 0
          392  +                  {15 Agamemnon 20 Patroclus 45 Chryses}
          393  +} {
          394  +  db_restore_and_reopen
          395  +  load_static_extension db spellfix nextchar
   287    396   
          397  +  execsql BEGIN
          398  +  set sql "UPDATE $conflict t4 SET rowid=rowid + (rowid/2)"
          399  +  do_catchsql_test 7.5.2.$tn.1 $sql $err
          400  +  do_execsql_test 7.5.2.$tn.2 { SELECT rowid, word FROM t4 } $res
          401  +  do_test 7.5.2.$tn.3 { sqlite3_get_autocommit db } $bRollback
          402  +  catchsql ROLLBACK
          403  +}
   288    404   
   289    405   finish_test
          406  +