000001  /*
000002  ** 2001 September 15
000003  **
000004  ** The author disclaims copyright to this source code.  In place of
000005  ** a legal notice, here is a blessing:
000006  **
000007  **    May you do good and not evil.
000008  **    May you find forgiveness for yourself and forgive others.
000009  **    May you share freely, never taking more than you give.
000010  **
000011  *************************************************************************
000012  ** The code in this file implements the function that runs the
000013  ** bytecode of a prepared statement.
000014  **
000015  ** Various scripts scan this source file in order to generate HTML
000016  ** documentation, headers files, or other derived files.  The formatting
000017  ** of the code in this file is, therefore, important.  See other comments
000018  ** in this file for details.  If in doubt, do not deviate from existing
000019  ** commenting and indentation practices when changing or adding code.
000020  */
000021  #include "sqliteInt.h"
000022  #include "vdbeInt.h"
000023  
000024  /*
000025  ** Invoke this macro on memory cells just prior to changing the
000026  ** value of the cell.  This macro verifies that shallow copies are
000027  ** not misused.  A shallow copy of a string or blob just copies a
000028  ** pointer to the string or blob, not the content.  If the original
000029  ** is changed while the copy is still in use, the string or blob might
000030  ** be changed out from under the copy.  This macro verifies that nothing
000031  ** like that ever happens.
000032  */
000033  #ifdef SQLITE_DEBUG
000034  # define memAboutToChange(P,M) sqlite3VdbeMemAboutToChange(P,M)
000035  #else
000036  # define memAboutToChange(P,M)
000037  #endif
000038  
000039  /*
000040  ** The following global variable is incremented every time a cursor
000041  ** moves, either by the OP_SeekXX, OP_Next, or OP_Prev opcodes.  The test
000042  ** procedures use this information to make sure that indices are
000043  ** working correctly.  This variable has no function other than to
000044  ** help verify the correct operation of the library.
000045  */
000046  #ifdef SQLITE_TEST
000047  int sqlite3_search_count = 0;
000048  #endif
000049  
000050  /*
000051  ** When this global variable is positive, it gets decremented once before
000052  ** each instruction in the VDBE.  When it reaches zero, the u1.isInterrupted
000053  ** field of the sqlite3 structure is set in order to simulate an interrupt.
000054  **
000055  ** This facility is used for testing purposes only.  It does not function
000056  ** in an ordinary build.
000057  */
000058  #ifdef SQLITE_TEST
000059  int sqlite3_interrupt_count = 0;
000060  #endif
000061  
000062  /*
000063  ** The next global variable is incremented each type the OP_Sort opcode
000064  ** is executed.  The test procedures use this information to make sure that
000065  ** sorting is occurring or not occurring at appropriate times.   This variable
000066  ** has no function other than to help verify the correct operation of the
000067  ** library.
000068  */
000069  #ifdef SQLITE_TEST
000070  int sqlite3_sort_count = 0;
000071  #endif
000072  
000073  /*
000074  ** The next global variable records the size of the largest MEM_Blob
000075  ** or MEM_Str that has been used by a VDBE opcode.  The test procedures
000076  ** use this information to make sure that the zero-blob functionality
000077  ** is working correctly.   This variable has no function other than to
000078  ** help verify the correct operation of the library.
000079  */
000080  #ifdef SQLITE_TEST
000081  int sqlite3_max_blobsize = 0;
000082  static void updateMaxBlobsize(Mem *p){
000083    if( (p->flags & (MEM_Str|MEM_Blob))!=0 && p->n>sqlite3_max_blobsize ){
000084      sqlite3_max_blobsize = p->n;
000085    }
000086  }
000087  #endif
000088  
000089  /*
000090  ** This macro evaluates to true if either the update hook or the preupdate
000091  ** hook are enabled for database connect DB.
000092  */
000093  #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
000094  # define HAS_UPDATE_HOOK(DB) ((DB)->xPreUpdateCallback||(DB)->xUpdateCallback)
000095  #else
000096  # define HAS_UPDATE_HOOK(DB) ((DB)->xUpdateCallback)
000097  #endif
000098  
000099  /*
000100  ** The next global variable is incremented each time the OP_Found opcode
000101  ** is executed. This is used to test whether or not the foreign key
000102  ** operation implemented using OP_FkIsZero is working. This variable
000103  ** has no function other than to help verify the correct operation of the
000104  ** library.
000105  */
000106  #ifdef SQLITE_TEST
000107  int sqlite3_found_count = 0;
000108  #endif
000109  
000110  /*
000111  ** Test a register to see if it exceeds the current maximum blob size.
000112  ** If it does, record the new maximum blob size.
000113  */
000114  #if defined(SQLITE_TEST) && !defined(SQLITE_UNTESTABLE)
000115  # define UPDATE_MAX_BLOBSIZE(P)  updateMaxBlobsize(P)
000116  #else
000117  # define UPDATE_MAX_BLOBSIZE(P)
000118  #endif
000119  
000120  /*
000121  ** Invoke the VDBE coverage callback, if that callback is defined.  This
000122  ** feature is used for test suite validation only and does not appear an
000123  ** production builds.
000124  **
000125  ** M is the type of branch.  I is the direction taken for this instance of
000126  ** the branch.
000127  **
000128  **   M: 2 - two-way branch (I=0: fall-thru   1: jump                )
000129  **      3 - two-way + NULL (I=0: fall-thru   1: jump      2: NULL   )
000130  **      4 - OP_Jump        (I=0: jump p1     1: jump p2   2: jump p3)
000131  **
000132  ** In other words, if M is 2, then I is either 0 (for fall-through) or
000133  ** 1 (for when the branch is taken).  If M is 3, the I is 0 for an
000134  ** ordinary fall-through, I is 1 if the branch was taken, and I is 2 
000135  ** if the result of comparison is NULL.  For M=3, I=2 the jump may or
000136  ** may not be taken, depending on the SQLITE_JUMPIFNULL flags in p5.
000137  ** When M is 4, that means that an OP_Jump is being run.  I is 0, 1, or 2
000138  ** depending on if the operands are less than, equal, or greater than.
000139  **
000140  ** iSrcLine is the source code line (from the __LINE__ macro) that
000141  ** generated the VDBE instruction combined with flag bits.  The source
000142  ** code line number is in the lower 24 bits of iSrcLine and the upper
000143  ** 8 bytes are flags.  The lower three bits of the flags indicate
000144  ** values for I that should never occur.  For example, if the branch is
000145  ** always taken, the flags should be 0x05 since the fall-through and
000146  ** alternate branch are never taken.  If a branch is never taken then
000147  ** flags should be 0x06 since only the fall-through approach is allowed.
000148  **
000149  ** Bit 0x08 of the flags indicates an OP_Jump opcode that is only
000150  ** interested in equal or not-equal.  In other words, I==0 and I==2
000151  ** should be treated as equivalent
000152  **
000153  ** Since only a line number is retained, not the filename, this macro
000154  ** only works for amalgamation builds.  But that is ok, since these macros
000155  ** should be no-ops except for special builds used to measure test coverage.
000156  */
000157  #if !defined(SQLITE_VDBE_COVERAGE)
000158  # define VdbeBranchTaken(I,M)
000159  #else
000160  # define VdbeBranchTaken(I,M) vdbeTakeBranch(pOp->iSrcLine,I,M)
000161    static void vdbeTakeBranch(u32 iSrcLine, u8 I, u8 M){
000162      u8 mNever;
000163      assert( I<=2 );  /* 0: fall through,  1: taken,  2: alternate taken */
000164      assert( M<=4 );  /* 2: two-way branch, 3: three-way branch, 4: OP_Jump */
000165      assert( I<M );   /* I can only be 2 if M is 3 or 4 */
000166      /* Transform I from a integer [0,1,2] into a bitmask of [1,2,4] */
000167      I = 1<<I;
000168      /* The upper 8 bits of iSrcLine are flags.  The lower three bits of
000169      ** the flags indicate directions that the branch can never go.  If
000170      ** a branch really does go in one of those directions, assert right
000171      ** away. */
000172      mNever = iSrcLine >> 24;
000173      assert( (I & mNever)==0 );
000174      if( sqlite3GlobalConfig.xVdbeBranch==0 ) return;  /*NO_TEST*/
000175      /* Invoke the branch coverage callback with three arguments:
000176      **    iSrcLine - the line number of the VdbeCoverage() macro, with
000177      **               flags removed.
000178      **    I        - Mask of bits 0x07 indicating which cases are are
000179      **               fulfilled by this instance of the jump.  0x01 means
000180      **               fall-thru, 0x02 means taken, 0x04 means NULL.  Any
000181      **               impossible cases (ex: if the comparison is never NULL)
000182      **               are filled in automatically so that the coverage
000183      **               measurement logic does not flag those impossible cases
000184      **               as missed coverage.
000185      **    M        - Type of jump.  Same as M argument above
000186      */
000187      I |= mNever;
000188      if( M==2 ) I |= 0x04;
000189      if( M==4 ){
000190        I |= 0x08;
000191        if( (mNever&0x08)!=0 && (I&0x05)!=0) I |= 0x05; /*NO_TEST*/
000192      }
000193      sqlite3GlobalConfig.xVdbeBranch(sqlite3GlobalConfig.pVdbeBranchArg,
000194                                      iSrcLine&0xffffff, I, M);
000195    }
000196  #endif
000197  
000198  /*
000199  ** An ephemeral string value (signified by the MEM_Ephem flag) contains
000200  ** a pointer to a dynamically allocated string where some other entity
000201  ** is responsible for deallocating that string.  Because the register
000202  ** does not control the string, it might be deleted without the register
000203  ** knowing it.
000204  **
000205  ** This routine converts an ephemeral string into a dynamically allocated
000206  ** string that the register itself controls.  In other words, it
000207  ** converts an MEM_Ephem string into a string with P.z==P.zMalloc.
000208  */
000209  #define Deephemeralize(P) \
000210     if( ((P)->flags&MEM_Ephem)!=0 \
000211         && sqlite3VdbeMemMakeWriteable(P) ){ goto no_mem;}
000212  
000213  /* Return true if the cursor was opened using the OP_OpenSorter opcode. */
000214  #define isSorter(x) ((x)->eCurType==CURTYPE_SORTER)
000215  
000216  /*
000217  ** Allocate VdbeCursor number iCur.  Return a pointer to it.  Return NULL
000218  ** if we run out of memory.
000219  */
000220  static VdbeCursor *allocateCursor(
000221    Vdbe *p,              /* The virtual machine */
000222    int iCur,             /* Index of the new VdbeCursor */
000223    int nField,           /* Number of fields in the table or index */
000224    int iDb,              /* Database the cursor belongs to, or -1 */
000225    u8 eCurType           /* Type of the new cursor */
000226  ){
000227    /* Find the memory cell that will be used to store the blob of memory
000228    ** required for this VdbeCursor structure. It is convenient to use a 
000229    ** vdbe memory cell to manage the memory allocation required for a
000230    ** VdbeCursor structure for the following reasons:
000231    **
000232    **   * Sometimes cursor numbers are used for a couple of different
000233    **     purposes in a vdbe program. The different uses might require
000234    **     different sized allocations. Memory cells provide growable
000235    **     allocations.
000236    **
000237    **   * When using ENABLE_MEMORY_MANAGEMENT, memory cell buffers can
000238    **     be freed lazily via the sqlite3_release_memory() API. This
000239    **     minimizes the number of malloc calls made by the system.
000240    **
000241    ** The memory cell for cursor 0 is aMem[0]. The rest are allocated from
000242    ** the top of the register space.  Cursor 1 is at Mem[p->nMem-1].
000243    ** Cursor 2 is at Mem[p->nMem-2]. And so forth.
000244    */
000245    Mem *pMem = iCur>0 ? &p->aMem[p->nMem-iCur] : p->aMem;
000246  
000247    int nByte;
000248    VdbeCursor *pCx = 0;
000249    nByte = 
000250        ROUND8(sizeof(VdbeCursor)) + 2*sizeof(u32)*nField + 
000251        (eCurType==CURTYPE_BTREE?sqlite3BtreeCursorSize():0);
000252  
000253    assert( iCur>=0 && iCur<p->nCursor );
000254    if( p->apCsr[iCur] ){ /*OPTIMIZATION-IF-FALSE*/
000255      /* Before calling sqlite3VdbeFreeCursor(), ensure the isEphemeral flag
000256      ** is clear. Otherwise, if this is an ephemeral cursor created by 
000257      ** OP_OpenDup, the cursor will not be closed and will still be part
000258      ** of a BtShared.pCursor list.  */
000259      if( p->apCsr[iCur]->pBtx==0 ) p->apCsr[iCur]->isEphemeral = 0;
000260      sqlite3VdbeFreeCursor(p, p->apCsr[iCur]);
000261      p->apCsr[iCur] = 0;
000262    }
000263    if( SQLITE_OK==sqlite3VdbeMemClearAndResize(pMem, nByte) ){
000264      p->apCsr[iCur] = pCx = (VdbeCursor*)pMem->z;
000265      memset(pCx, 0, offsetof(VdbeCursor,pAltCursor));
000266      pCx->eCurType = eCurType;
000267      pCx->iDb = iDb;
000268      pCx->nField = nField;
000269      pCx->aOffset = &pCx->aType[nField];
000270      if( eCurType==CURTYPE_BTREE ){
000271        pCx->uc.pCursor = (BtCursor*)
000272            &pMem->z[ROUND8(sizeof(VdbeCursor))+2*sizeof(u32)*nField];
000273        sqlite3BtreeCursorZero(pCx->uc.pCursor);
000274      }
000275    }
000276    return pCx;
000277  }
000278  
000279  /*
000280  ** The string in pRec is known to look like an integer and to have a
000281  ** floating point value of rValue.  Return true and set *piValue to the
000282  ** integer value if the string is in range to be an integer.  Otherwise,
000283  ** return false.
000284  */
000285  static int alsoAnInt(Mem *pRec, double rValue, i64 *piValue){
000286    i64 iValue = (double)rValue;
000287    if( sqlite3RealSameAsInt(rValue,iValue) ){
000288      *piValue = iValue;
000289      return 1;
000290    }
000291    return 0==sqlite3Atoi64(pRec->z, piValue, pRec->n, pRec->enc);
000292  }
000293  
000294  /*
000295  ** Try to convert a value into a numeric representation if we can
000296  ** do so without loss of information.  In other words, if the string
000297  ** looks like a number, convert it into a number.  If it does not
000298  ** look like a number, leave it alone.
000299  **
000300  ** If the bTryForInt flag is true, then extra effort is made to give
000301  ** an integer representation.  Strings that look like floating point
000302  ** values but which have no fractional component (example: '48.00')
000303  ** will have a MEM_Int representation when bTryForInt is true.
000304  **
000305  ** If bTryForInt is false, then if the input string contains a decimal
000306  ** point or exponential notation, the result is only MEM_Real, even
000307  ** if there is an exact integer representation of the quantity.
000308  */
000309  static void applyNumericAffinity(Mem *pRec, int bTryForInt){
000310    double rValue;
000311    u8 enc = pRec->enc;
000312    int rc;
000313    assert( (pRec->flags & (MEM_Str|MEM_Int|MEM_Real|MEM_IntReal))==MEM_Str );
000314    rc = sqlite3AtoF(pRec->z, &rValue, pRec->n, enc);
000315    if( rc<=0 ) return;
000316    if( rc==1 && alsoAnInt(pRec, rValue, &pRec->u.i) ){
000317      pRec->flags |= MEM_Int;
000318    }else{
000319      pRec->u.r = rValue;
000320      pRec->flags |= MEM_Real;
000321      if( bTryForInt ) sqlite3VdbeIntegerAffinity(pRec);
000322    }
000323    /* TEXT->NUMERIC is many->one.  Hence, it is important to invalidate the
000324    ** string representation after computing a numeric equivalent, because the
000325    ** string representation might not be the canonical representation for the
000326    ** numeric value.  Ticket [343634942dd54ab57b7024] 2018-01-31. */
000327    pRec->flags &= ~MEM_Str;
000328  }
000329  
000330  /*
000331  ** Processing is determine by the affinity parameter:
000332  **
000333  ** SQLITE_AFF_INTEGER:
000334  ** SQLITE_AFF_REAL:
000335  ** SQLITE_AFF_NUMERIC:
000336  **    Try to convert pRec to an integer representation or a 
000337  **    floating-point representation if an integer representation
000338  **    is not possible.  Note that the integer representation is
000339  **    always preferred, even if the affinity is REAL, because
000340  **    an integer representation is more space efficient on disk.
000341  **
000342  ** SQLITE_AFF_TEXT:
000343  **    Convert pRec to a text representation.
000344  **
000345  ** SQLITE_AFF_BLOB:
000346  ** SQLITE_AFF_NONE:
000347  **    No-op.  pRec is unchanged.
000348  */
000349  static void applyAffinity(
000350    Mem *pRec,          /* The value to apply affinity to */
000351    char affinity,      /* The affinity to be applied */
000352    u8 enc              /* Use this text encoding */
000353  ){
000354    if( affinity>=SQLITE_AFF_NUMERIC ){
000355      assert( affinity==SQLITE_AFF_INTEGER || affinity==SQLITE_AFF_REAL
000356               || affinity==SQLITE_AFF_NUMERIC );
000357      if( (pRec->flags & MEM_Int)==0 ){ /*OPTIMIZATION-IF-FALSE*/
000358        if( (pRec->flags & MEM_Real)==0 ){
000359          if( pRec->flags & MEM_Str ) applyNumericAffinity(pRec,1);
000360        }else{
000361          sqlite3VdbeIntegerAffinity(pRec);
000362        }
000363      }
000364    }else if( affinity==SQLITE_AFF_TEXT ){
000365      /* Only attempt the conversion to TEXT if there is an integer or real
000366      ** representation (blob and NULL do not get converted) but no string
000367      ** representation.  It would be harmless to repeat the conversion if 
000368      ** there is already a string rep, but it is pointless to waste those
000369      ** CPU cycles. */
000370      if( 0==(pRec->flags&MEM_Str) ){ /*OPTIMIZATION-IF-FALSE*/
000371        if( (pRec->flags&(MEM_Real|MEM_Int|MEM_IntReal)) ){
000372          testcase( pRec->flags & MEM_Int );
000373          testcase( pRec->flags & MEM_Real );
000374          testcase( pRec->flags & MEM_IntReal );
000375          sqlite3VdbeMemStringify(pRec, enc, 1);
000376        }
000377      }
000378      pRec->flags &= ~(MEM_Real|MEM_Int|MEM_IntReal);
000379    }
000380  }
000381  
000382  /*
000383  ** Try to convert the type of a function argument or a result column
000384  ** into a numeric representation.  Use either INTEGER or REAL whichever
000385  ** is appropriate.  But only do the conversion if it is possible without
000386  ** loss of information and return the revised type of the argument.
000387  */
000388  int sqlite3_value_numeric_type(sqlite3_value *pVal){
000389    int eType = sqlite3_value_type(pVal);
000390    if( eType==SQLITE_TEXT ){
000391      Mem *pMem = (Mem*)pVal;
000392      applyNumericAffinity(pMem, 0);
000393      eType = sqlite3_value_type(pVal);
000394    }
000395    return eType;
000396  }
000397  
000398  /*
000399  ** Exported version of applyAffinity(). This one works on sqlite3_value*, 
000400  ** not the internal Mem* type.
000401  */
000402  void sqlite3ValueApplyAffinity(
000403    sqlite3_value *pVal, 
000404    u8 affinity, 
000405    u8 enc
000406  ){
000407    applyAffinity((Mem *)pVal, affinity, enc);
000408  }
000409  
000410  /*
000411  ** pMem currently only holds a string type (or maybe a BLOB that we can
000412  ** interpret as a string if we want to).  Compute its corresponding
000413  ** numeric type, if has one.  Set the pMem->u.r and pMem->u.i fields
000414  ** accordingly.
000415  */
000416  static u16 SQLITE_NOINLINE computeNumericType(Mem *pMem){
000417    int rc;
000418    sqlite3_int64 ix;
000419    assert( (pMem->flags & (MEM_Int|MEM_Real|MEM_IntReal))==0 );
000420    assert( (pMem->flags & (MEM_Str|MEM_Blob))!=0 );
000421    ExpandBlob(pMem);
000422    rc = sqlite3AtoF(pMem->z, &pMem->u.r, pMem->n, pMem->enc);
000423    if( rc<=0 ){
000424      if( rc==0 && sqlite3Atoi64(pMem->z, &ix, pMem->n, pMem->enc)<=1 ){
000425        pMem->u.i = ix;
000426        return MEM_Int;
000427      }else{
000428        return MEM_Real;
000429      }
000430    }else if( rc==1 && sqlite3Atoi64(pMem->z, &ix, pMem->n, pMem->enc)==0 ){
000431      pMem->u.i = ix;
000432      return MEM_Int;
000433    }
000434    return MEM_Real;
000435  }
000436  
000437  /*
000438  ** Return the numeric type for pMem, either MEM_Int or MEM_Real or both or
000439  ** none.  
000440  **
000441  ** Unlike applyNumericAffinity(), this routine does not modify pMem->flags.
000442  ** But it does set pMem->u.r and pMem->u.i appropriately.
000443  */
000444  static u16 numericType(Mem *pMem){
000445    if( pMem->flags & (MEM_Int|MEM_Real|MEM_IntReal) ){
000446      testcase( pMem->flags & MEM_Int );
000447      testcase( pMem->flags & MEM_Real );
000448      testcase( pMem->flags & MEM_IntReal );
000449      return pMem->flags & (MEM_Int|MEM_Real|MEM_IntReal);
000450    }
000451    if( pMem->flags & (MEM_Str|MEM_Blob) ){
000452      testcase( pMem->flags & MEM_Str );
000453      testcase( pMem->flags & MEM_Blob );
000454      return computeNumericType(pMem);
000455    }
000456    return 0;
000457  }
000458  
000459  #ifdef SQLITE_DEBUG
000460  /*
000461  ** Write a nice string representation of the contents of cell pMem
000462  ** into buffer zBuf, length nBuf.
000463  */
000464  void sqlite3VdbeMemPrettyPrint(Mem *pMem, char *zBuf){
000465    char *zCsr = zBuf;
000466    int f = pMem->flags;
000467  
000468    static const char *const encnames[] = {"(X)", "(8)", "(16LE)", "(16BE)"};
000469  
000470    if( f&MEM_Blob ){
000471      int i;
000472      char c;
000473      if( f & MEM_Dyn ){
000474        c = 'z';
000475        assert( (f & (MEM_Static|MEM_Ephem))==0 );
000476      }else if( f & MEM_Static ){
000477        c = 't';
000478        assert( (f & (MEM_Dyn|MEM_Ephem))==0 );
000479      }else if( f & MEM_Ephem ){
000480        c = 'e';
000481        assert( (f & (MEM_Static|MEM_Dyn))==0 );
000482      }else{
000483        c = 's';
000484      }
000485      *(zCsr++) = c;
000486      *(zCsr++) = 'x';
000487      sqlite3_snprintf(100, zCsr, "%d[", pMem->n);
000488      zCsr += sqlite3Strlen30(zCsr);
000489      for(i=0; i<25 && i<pMem->n; i++){
000490        sqlite3_snprintf(100, zCsr, "%02X", ((int)pMem->z[i] & 0xFF));
000491        zCsr += sqlite3Strlen30(zCsr);
000492      }
000493      *zCsr++ = '|';
000494      for(i=0; i<25 && i<pMem->n; i++){
000495        char z = pMem->z[i];
000496        if( z<32 || z>126 ) *zCsr++ = '.';
000497        else *zCsr++ = z;
000498      }
000499      *(zCsr++) = ']';
000500      if( f & MEM_Zero ){
000501        sqlite3_snprintf(100, zCsr,"+%dz",pMem->u.nZero);
000502        zCsr += sqlite3Strlen30(zCsr);
000503      }
000504      *zCsr = '\0';
000505    }else if( f & MEM_Str ){
000506      int j, k;
000507      zBuf[0] = ' ';
000508      if( f & MEM_Dyn ){
000509        zBuf[1] = 'z';
000510        assert( (f & (MEM_Static|MEM_Ephem))==0 );
000511      }else if( f & MEM_Static ){
000512        zBuf[1] = 't';
000513        assert( (f & (MEM_Dyn|MEM_Ephem))==0 );
000514      }else if( f & MEM_Ephem ){
000515        zBuf[1] = 'e';
000516        assert( (f & (MEM_Static|MEM_Dyn))==0 );
000517      }else{
000518        zBuf[1] = 's';
000519      }
000520      k = 2;
000521      sqlite3_snprintf(100, &zBuf[k], "%d", pMem->n);
000522      k += sqlite3Strlen30(&zBuf[k]);
000523      zBuf[k++] = '[';
000524      for(j=0; j<25 && j<pMem->n; j++){
000525        u8 c = pMem->z[j];
000526        if( c>=0x20 && c<0x7f ){
000527          zBuf[k++] = c;
000528        }else{
000529          zBuf[k++] = '.';
000530        }
000531      }
000532      zBuf[k++] = ']';
000533      sqlite3_snprintf(100,&zBuf[k], encnames[pMem->enc]);
000534      k += sqlite3Strlen30(&zBuf[k]);
000535      zBuf[k++] = 0;
000536    }
000537  }
000538  #endif
000539  
000540  #ifdef SQLITE_DEBUG
000541  /*
000542  ** Print the value of a register for tracing purposes:
000543  */
000544  static void memTracePrint(Mem *p){
000545    if( p->flags & MEM_Undefined ){
000546      printf(" undefined");
000547    }else if( p->flags & MEM_Null ){
000548      printf(p->flags & MEM_Zero ? " NULL-nochng" : " NULL");
000549    }else if( (p->flags & (MEM_Int|MEM_Str))==(MEM_Int|MEM_Str) ){
000550      printf(" si:%lld", p->u.i);
000551    }else if( (p->flags & (MEM_IntReal))!=0 ){
000552      printf(" ir:%lld", p->u.i);
000553    }else if( p->flags & MEM_Int ){
000554      printf(" i:%lld", p->u.i);
000555  #ifndef SQLITE_OMIT_FLOATING_POINT
000556    }else if( p->flags & MEM_Real ){
000557      printf(" r:%.17g", p->u.r);
000558  #endif
000559    }else if( sqlite3VdbeMemIsRowSet(p) ){
000560      printf(" (rowset)");
000561    }else{
000562      char zBuf[200];
000563      sqlite3VdbeMemPrettyPrint(p, zBuf);
000564      printf(" %s", zBuf);
000565    }
000566    if( p->flags & MEM_Subtype ) printf(" subtype=0x%02x", p->eSubtype);
000567  }
000568  static void registerTrace(int iReg, Mem *p){
000569    printf("REG[%d] = ", iReg);
000570    memTracePrint(p);
000571    printf("\n");
000572    sqlite3VdbeCheckMemInvariants(p);
000573  }
000574  #endif
000575  
000576  #ifdef SQLITE_DEBUG
000577  #  define REGISTER_TRACE(R,M) if(db->flags&SQLITE_VdbeTrace)registerTrace(R,M)
000578  #else
000579  #  define REGISTER_TRACE(R,M)
000580  #endif
000581  
000582  
000583  #ifdef VDBE_PROFILE
000584  
000585  /* 
000586  ** hwtime.h contains inline assembler code for implementing 
000587  ** high-performance timing routines.
000588  */
000589  #include "hwtime.h"
000590  
000591  #endif
000592  
000593  #ifndef NDEBUG
000594  /*
000595  ** This function is only called from within an assert() expression. It
000596  ** checks that the sqlite3.nTransaction variable is correctly set to
000597  ** the number of non-transaction savepoints currently in the 
000598  ** linked list starting at sqlite3.pSavepoint.
000599  ** 
000600  ** Usage:
000601  **
000602  **     assert( checkSavepointCount(db) );
000603  */
000604  static int checkSavepointCount(sqlite3 *db){
000605    int n = 0;
000606    Savepoint *p;
000607    for(p=db->pSavepoint; p; p=p->pNext) n++;
000608    assert( n==(db->nSavepoint + db->isTransactionSavepoint) );
000609    return 1;
000610  }
000611  #endif
000612  
000613  /*
000614  ** Return the register of pOp->p2 after first preparing it to be
000615  ** overwritten with an integer value.
000616  */
000617  static SQLITE_NOINLINE Mem *out2PrereleaseWithClear(Mem *pOut){
000618    sqlite3VdbeMemSetNull(pOut);
000619    pOut->flags = MEM_Int;
000620    return pOut;
000621  }
000622  static Mem *out2Prerelease(Vdbe *p, VdbeOp *pOp){
000623    Mem *pOut;
000624    assert( pOp->p2>0 );
000625    assert( pOp->p2<=(p->nMem+1 - p->nCursor) );
000626    pOut = &p->aMem[pOp->p2];
000627    memAboutToChange(p, pOut);
000628    if( VdbeMemDynamic(pOut) ){ /*OPTIMIZATION-IF-FALSE*/
000629      return out2PrereleaseWithClear(pOut);
000630    }else{
000631      pOut->flags = MEM_Int;
000632      return pOut;
000633    }
000634  }
000635  
000636  
000637  /*
000638  ** Execute as much of a VDBE program as we can.
000639  ** This is the core of sqlite3_step().  
000640  */
000641  int sqlite3VdbeExec(
000642    Vdbe *p                    /* The VDBE */
000643  ){
000644    Op *aOp = p->aOp;          /* Copy of p->aOp */
000645    Op *pOp = aOp;             /* Current operation */
000646  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
000647    Op *pOrigOp;               /* Value of pOp at the top of the loop */
000648  #endif
000649  #ifdef SQLITE_DEBUG
000650    int nExtraDelete = 0;      /* Verifies FORDELETE and AUXDELETE flags */
000651  #endif
000652    int rc = SQLITE_OK;        /* Value to return */
000653    sqlite3 *db = p->db;       /* The database */
000654    u8 resetSchemaOnFault = 0; /* Reset schema after an error if positive */
000655    u8 encoding = ENC(db);     /* The database encoding */
000656    int iCompare = 0;          /* Result of last comparison */
000657    unsigned nVmStep = 0;      /* Number of virtual machine steps */
000658  #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
000659    unsigned nProgressLimit;   /* Invoke xProgress() when nVmStep reaches this */
000660  #endif
000661    Mem *aMem = p->aMem;       /* Copy of p->aMem */
000662    Mem *pIn1 = 0;             /* 1st input operand */
000663    Mem *pIn2 = 0;             /* 2nd input operand */
000664    Mem *pIn3 = 0;             /* 3rd input operand */
000665    Mem *pOut = 0;             /* Output operand */
000666  #ifdef VDBE_PROFILE
000667    u64 start;                 /* CPU clock count at start of opcode */
000668  #endif
000669    /*** INSERT STACK UNION HERE ***/
000670  
000671    assert( p->magic==VDBE_MAGIC_RUN );  /* sqlite3_step() verifies this */
000672    sqlite3VdbeEnter(p);
000673  #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
000674    if( db->xProgress ){
000675      u32 iPrior = p->aCounter[SQLITE_STMTSTATUS_VM_STEP];
000676      assert( 0 < db->nProgressOps );
000677      nProgressLimit = db->nProgressOps - (iPrior % db->nProgressOps);
000678    }else{
000679      nProgressLimit = 0xffffffff;
000680    }
000681  #endif
000682    if( p->rc==SQLITE_NOMEM ){
000683      /* This happens if a malloc() inside a call to sqlite3_column_text() or
000684      ** sqlite3_column_text16() failed.  */
000685      goto no_mem;
000686    }
000687    assert( p->rc==SQLITE_OK || (p->rc&0xff)==SQLITE_BUSY );
000688    assert( p->bIsReader || p->readOnly!=0 );
000689    p->iCurrentTime = 0;
000690    assert( p->explain==0 );
000691    p->pResultSet = 0;
000692    db->busyHandler.nBusy = 0;
000693    if( db->u1.isInterrupted ) goto abort_due_to_interrupt;
000694    sqlite3VdbeIOTraceSql(p);
000695  #ifdef SQLITE_DEBUG
000696    sqlite3BeginBenignMalloc();
000697    if( p->pc==0
000698     && (p->db->flags & (SQLITE_VdbeListing|SQLITE_VdbeEQP|SQLITE_VdbeTrace))!=0
000699    ){
000700      int i;
000701      int once = 1;
000702      sqlite3VdbePrintSql(p);
000703      if( p->db->flags & SQLITE_VdbeListing ){
000704        printf("VDBE Program Listing:\n");
000705        for(i=0; i<p->nOp; i++){
000706          sqlite3VdbePrintOp(stdout, i, &aOp[i]);
000707        }
000708      }
000709      if( p->db->flags & SQLITE_VdbeEQP ){
000710        for(i=0; i<p->nOp; i++){
000711          if( aOp[i].opcode==OP_Explain ){
000712            if( once ) printf("VDBE Query Plan:\n");
000713            printf("%s\n", aOp[i].p4.z);
000714            once = 0;
000715          }
000716        }
000717      }
000718      if( p->db->flags & SQLITE_VdbeTrace )  printf("VDBE Trace:\n");
000719    }
000720    sqlite3EndBenignMalloc();
000721  #endif
000722    for(pOp=&aOp[p->pc]; 1; pOp++){
000723      /* Errors are detected by individual opcodes, with an immediate
000724      ** jumps to abort_due_to_error. */
000725      assert( rc==SQLITE_OK );
000726  
000727      assert( pOp>=aOp && pOp<&aOp[p->nOp]);
000728  #ifdef VDBE_PROFILE
000729      start = sqlite3NProfileCnt ? sqlite3NProfileCnt : sqlite3Hwtime();
000730  #endif
000731      nVmStep++;
000732  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
000733      if( p->anExec ) p->anExec[(int)(pOp-aOp)]++;
000734  #endif
000735  
000736      /* Only allow tracing if SQLITE_DEBUG is defined.
000737      */
000738  #ifdef SQLITE_DEBUG
000739      if( db->flags & SQLITE_VdbeTrace ){
000740        sqlite3VdbePrintOp(stdout, (int)(pOp - aOp), pOp);
000741      }
000742  #endif
000743        
000744  
000745      /* Check to see if we need to simulate an interrupt.  This only happens
000746      ** if we have a special test build.
000747      */
000748  #ifdef SQLITE_TEST
000749      if( sqlite3_interrupt_count>0 ){
000750        sqlite3_interrupt_count--;
000751        if( sqlite3_interrupt_count==0 ){
000752          sqlite3_interrupt(db);
000753        }
000754      }
000755  #endif
000756  
000757      /* Sanity checking on other operands */
000758  #ifdef SQLITE_DEBUG
000759      {
000760        u8 opProperty = sqlite3OpcodeProperty[pOp->opcode];
000761        if( (opProperty & OPFLG_IN1)!=0 ){
000762          assert( pOp->p1>0 );
000763          assert( pOp->p1<=(p->nMem+1 - p->nCursor) );
000764          assert( memIsValid(&aMem[pOp->p1]) );
000765          assert( sqlite3VdbeCheckMemInvariants(&aMem[pOp->p1]) );
000766          REGISTER_TRACE(pOp->p1, &aMem[pOp->p1]);
000767        }
000768        if( (opProperty & OPFLG_IN2)!=0 ){
000769          assert( pOp->p2>0 );
000770          assert( pOp->p2<=(p->nMem+1 - p->nCursor) );
000771          assert( memIsValid(&aMem[pOp->p2]) );
000772          assert( sqlite3VdbeCheckMemInvariants(&aMem[pOp->p2]) );
000773          REGISTER_TRACE(pOp->p2, &aMem[pOp->p2]);
000774        }
000775        if( (opProperty & OPFLG_IN3)!=0 ){
000776          assert( pOp->p3>0 );
000777          assert( pOp->p3<=(p->nMem+1 - p->nCursor) );
000778          assert( memIsValid(&aMem[pOp->p3]) );
000779          assert( sqlite3VdbeCheckMemInvariants(&aMem[pOp->p3]) );
000780          REGISTER_TRACE(pOp->p3, &aMem[pOp->p3]);
000781        }
000782        if( (opProperty & OPFLG_OUT2)!=0 ){
000783          assert( pOp->p2>0 );
000784          assert( pOp->p2<=(p->nMem+1 - p->nCursor) );
000785          memAboutToChange(p, &aMem[pOp->p2]);
000786        }
000787        if( (opProperty & OPFLG_OUT3)!=0 ){
000788          assert( pOp->p3>0 );
000789          assert( pOp->p3<=(p->nMem+1 - p->nCursor) );
000790          memAboutToChange(p, &aMem[pOp->p3]);
000791        }
000792      }
000793  #endif
000794  #if defined(SQLITE_DEBUG) || defined(VDBE_PROFILE)
000795      pOrigOp = pOp;
000796  #endif
000797    
000798      switch( pOp->opcode ){
000799  
000800  /*****************************************************************************
000801  ** What follows is a massive switch statement where each case implements a
000802  ** separate instruction in the virtual machine.  If we follow the usual
000803  ** indentation conventions, each case should be indented by 6 spaces.  But
000804  ** that is a lot of wasted space on the left margin.  So the code within
000805  ** the switch statement will break with convention and be flush-left. Another
000806  ** big comment (similar to this one) will mark the point in the code where
000807  ** we transition back to normal indentation.
000808  **
000809  ** The formatting of each case is important.  The makefile for SQLite
000810  ** generates two C files "opcodes.h" and "opcodes.c" by scanning this
000811  ** file looking for lines that begin with "case OP_".  The opcodes.h files
000812  ** will be filled with #defines that give unique integer values to each
000813  ** opcode and the opcodes.c file is filled with an array of strings where
000814  ** each string is the symbolic name for the corresponding opcode.  If the
000815  ** case statement is followed by a comment of the form "/# same as ... #/"
000816  ** that comment is used to determine the particular value of the opcode.
000817  **
000818  ** Other keywords in the comment that follows each case are used to
000819  ** construct the OPFLG_INITIALIZER value that initializes opcodeProperty[].
000820  ** Keywords include: in1, in2, in3, out2, out3.  See
000821  ** the mkopcodeh.awk script for additional information.
000822  **
000823  ** Documentation about VDBE opcodes is generated by scanning this file
000824  ** for lines of that contain "Opcode:".  That line and all subsequent
000825  ** comment lines are used in the generation of the opcode.html documentation
000826  ** file.
000827  **
000828  ** SUMMARY:
000829  **
000830  **     Formatting is important to scripts that scan this file.
000831  **     Do not deviate from the formatting style currently in use.
000832  **
000833  *****************************************************************************/
000834  
000835  /* Opcode:  Goto * P2 * * *
000836  **
000837  ** An unconditional jump to address P2.
000838  ** The next instruction executed will be 
000839  ** the one at index P2 from the beginning of
000840  ** the program.
000841  **
000842  ** The P1 parameter is not actually used by this opcode.  However, it
000843  ** is sometimes set to 1 instead of 0 as a hint to the command-line shell
000844  ** that this Goto is the bottom of a loop and that the lines from P2 down
000845  ** to the current line should be indented for EXPLAIN output.
000846  */
000847  case OP_Goto: {             /* jump */
000848  
000849  #ifdef SQLITE_DEBUG
000850    /* In debuggging mode, when the p5 flags is set on an OP_Goto, that
000851    ** means we should really jump back to the preceeding OP_ReleaseReg
000852    ** instruction. */
000853    if( pOp->p5 ){
000854      assert( pOp->p2 < (int)(pOp - aOp) );
000855      assert( pOp->p2 > 1 );
000856      pOp = &aOp[pOp->p2 - 2];
000857      assert( pOp[1].opcode==OP_ReleaseReg );
000858      goto check_for_interrupt;
000859    }
000860  #endif
000861  
000862  jump_to_p2_and_check_for_interrupt:
000863    pOp = &aOp[pOp->p2 - 1];
000864  
000865    /* Opcodes that are used as the bottom of a loop (OP_Next, OP_Prev,
000866    ** OP_VNext, or OP_SorterNext) all jump here upon
000867    ** completion.  Check to see if sqlite3_interrupt() has been called
000868    ** or if the progress callback needs to be invoked. 
000869    **
000870    ** This code uses unstructured "goto" statements and does not look clean.
000871    ** But that is not due to sloppy coding habits. The code is written this
000872    ** way for performance, to avoid having to run the interrupt and progress
000873    ** checks on every opcode.  This helps sqlite3_step() to run about 1.5%
000874    ** faster according to "valgrind --tool=cachegrind" */
000875  check_for_interrupt:
000876    if( db->u1.isInterrupted ) goto abort_due_to_interrupt;
000877  #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
000878    /* Call the progress callback if it is configured and the required number
000879    ** of VDBE ops have been executed (either since this invocation of
000880    ** sqlite3VdbeExec() or since last time the progress callback was called).
000881    ** If the progress callback returns non-zero, exit the virtual machine with
000882    ** a return code SQLITE_ABORT.
000883    */
000884    while( nVmStep>=nProgressLimit && db->xProgress!=0 ){
000885      assert( db->nProgressOps!=0 );
000886      nProgressLimit += db->nProgressOps;
000887      if( db->xProgress(db->pProgressArg) ){
000888        nProgressLimit = 0xffffffff;
000889        rc = SQLITE_INTERRUPT;
000890        goto abort_due_to_error;
000891      }
000892    }
000893  #endif
000894    
000895    break;
000896  }
000897  
000898  /* Opcode:  Gosub P1 P2 * * *
000899  **
000900  ** Write the current address onto register P1
000901  ** and then jump to address P2.
000902  */
000903  case OP_Gosub: {            /* jump */
000904    assert( pOp->p1>0 && pOp->p1<=(p->nMem+1 - p->nCursor) );
000905    pIn1 = &aMem[pOp->p1];
000906    assert( VdbeMemDynamic(pIn1)==0 );
000907    memAboutToChange(p, pIn1);
000908    pIn1->flags = MEM_Int;
000909    pIn1->u.i = (int)(pOp-aOp);
000910    REGISTER_TRACE(pOp->p1, pIn1);
000911  
000912    /* Most jump operations do a goto to this spot in order to update
000913    ** the pOp pointer. */
000914  jump_to_p2:
000915    pOp = &aOp[pOp->p2 - 1];
000916    break;
000917  }
000918  
000919  /* Opcode:  Return P1 * * * *
000920  **
000921  ** Jump to the next instruction after the address in register P1.  After
000922  ** the jump, register P1 becomes undefined.
000923  */
000924  case OP_Return: {           /* in1 */
000925    pIn1 = &aMem[pOp->p1];
000926    assert( pIn1->flags==MEM_Int );
000927    pOp = &aOp[pIn1->u.i];
000928    pIn1->flags = MEM_Undefined;
000929    break;
000930  }
000931  
000932  /* Opcode: InitCoroutine P1 P2 P3 * *
000933  **
000934  ** Set up register P1 so that it will Yield to the coroutine
000935  ** located at address P3.
000936  **
000937  ** If P2!=0 then the coroutine implementation immediately follows
000938  ** this opcode.  So jump over the coroutine implementation to
000939  ** address P2.
000940  **
000941  ** See also: EndCoroutine
000942  */
000943  case OP_InitCoroutine: {     /* jump */
000944    assert( pOp->p1>0 &&  pOp->p1<=(p->nMem+1 - p->nCursor) );
000945    assert( pOp->p2>=0 && pOp->p2<p->nOp );
000946    assert( pOp->p3>=0 && pOp->p3<p->nOp );
000947    pOut = &aMem[pOp->p1];
000948    assert( !VdbeMemDynamic(pOut) );
000949    pOut->u.i = pOp->p3 - 1;
000950    pOut->flags = MEM_Int;
000951    if( pOp->p2 ) goto jump_to_p2;
000952    break;
000953  }
000954  
000955  /* Opcode:  EndCoroutine P1 * * * *
000956  **
000957  ** The instruction at the address in register P1 is a Yield.
000958  ** Jump to the P2 parameter of that Yield.
000959  ** After the jump, register P1 becomes undefined.
000960  **
000961  ** See also: InitCoroutine
000962  */
000963  case OP_EndCoroutine: {           /* in1 */
000964    VdbeOp *pCaller;
000965    pIn1 = &aMem[pOp->p1];
000966    assert( pIn1->flags==MEM_Int );
000967    assert( pIn1->u.i>=0 && pIn1->u.i<p->nOp );
000968    pCaller = &aOp[pIn1->u.i];
000969    assert( pCaller->opcode==OP_Yield );
000970    assert( pCaller->p2>=0 && pCaller->p2<p->nOp );
000971    pOp = &aOp[pCaller->p2 - 1];
000972    pIn1->flags = MEM_Undefined;
000973    break;
000974  }
000975  
000976  /* Opcode:  Yield P1 P2 * * *
000977  **
000978  ** Swap the program counter with the value in register P1.  This
000979  ** has the effect of yielding to a coroutine.
000980  **
000981  ** If the coroutine that is launched by this instruction ends with
000982  ** Yield or Return then continue to the next instruction.  But if
000983  ** the coroutine launched by this instruction ends with
000984  ** EndCoroutine, then jump to P2 rather than continuing with the
000985  ** next instruction.
000986  **
000987  ** See also: InitCoroutine
000988  */
000989  case OP_Yield: {            /* in1, jump */
000990    int pcDest;
000991    pIn1 = &aMem[pOp->p1];
000992    assert( VdbeMemDynamic(pIn1)==0 );
000993    pIn1->flags = MEM_Int;
000994    pcDest = (int)pIn1->u.i;
000995    pIn1->u.i = (int)(pOp - aOp);
000996    REGISTER_TRACE(pOp->p1, pIn1);
000997    pOp = &aOp[pcDest];
000998    break;
000999  }
001000  
001001  /* Opcode:  HaltIfNull  P1 P2 P3 P4 P5
001002  ** Synopsis: if r[P3]=null halt
001003  **
001004  ** Check the value in register P3.  If it is NULL then Halt using
001005  ** parameter P1, P2, and P4 as if this were a Halt instruction.  If the
001006  ** value in register P3 is not NULL, then this routine is a no-op.
001007  ** The P5 parameter should be 1.
001008  */
001009  case OP_HaltIfNull: {      /* in3 */
001010    pIn3 = &aMem[pOp->p3];
001011  #ifdef SQLITE_DEBUG
001012    if( pOp->p2==OE_Abort ){ sqlite3VdbeAssertAbortable(p); }
001013  #endif
001014    if( (pIn3->flags & MEM_Null)==0 ) break;
001015    /* Fall through into OP_Halt */
001016  }
001017  
001018  /* Opcode:  Halt P1 P2 * P4 P5
001019  **
001020  ** Exit immediately.  All open cursors, etc are closed
001021  ** automatically.
001022  **
001023  ** P1 is the result code returned by sqlite3_exec(), sqlite3_reset(),
001024  ** or sqlite3_finalize().  For a normal halt, this should be SQLITE_OK (0).
001025  ** For errors, it can be some other value.  If P1!=0 then P2 will determine
001026  ** whether or not to rollback the current transaction.  Do not rollback
001027  ** if P2==OE_Fail. Do the rollback if P2==OE_Rollback.  If P2==OE_Abort,
001028  ** then back out all changes that have occurred during this execution of the
001029  ** VDBE, but do not rollback the transaction. 
001030  **
001031  ** If P4 is not null then it is an error message string.
001032  **
001033  ** P5 is a value between 0 and 4, inclusive, that modifies the P4 string.
001034  **
001035  **    0:  (no change)
001036  **    1:  NOT NULL contraint failed: P4
001037  **    2:  UNIQUE constraint failed: P4
001038  **    3:  CHECK constraint failed: P4
001039  **    4:  FOREIGN KEY constraint failed: P4
001040  **
001041  ** If P5 is not zero and P4 is NULL, then everything after the ":" is
001042  ** omitted.
001043  **
001044  ** There is an implied "Halt 0 0 0" instruction inserted at the very end of
001045  ** every program.  So a jump past the last instruction of the program
001046  ** is the same as executing Halt.
001047  */
001048  case OP_Halt: {
001049    VdbeFrame *pFrame;
001050    int pcx;
001051  
001052    pcx = (int)(pOp - aOp);
001053  #ifdef SQLITE_DEBUG
001054    if( pOp->p2==OE_Abort ){ sqlite3VdbeAssertAbortable(p); }
001055  #endif
001056    if( pOp->p1==SQLITE_OK && p->pFrame ){
001057      /* Halt the sub-program. Return control to the parent frame. */
001058      pFrame = p->pFrame;
001059      p->pFrame = pFrame->pParent;
001060      p->nFrame--;
001061      sqlite3VdbeSetChanges(db, p->nChange);
001062      pcx = sqlite3VdbeFrameRestore(pFrame);
001063      if( pOp->p2==OE_Ignore ){
001064        /* Instruction pcx is the OP_Program that invoked the sub-program 
001065        ** currently being halted. If the p2 instruction of this OP_Halt
001066        ** instruction is set to OE_Ignore, then the sub-program is throwing
001067        ** an IGNORE exception. In this case jump to the address specified
001068        ** as the p2 of the calling OP_Program.  */
001069        pcx = p->aOp[pcx].p2-1;
001070      }
001071      aOp = p->aOp;
001072      aMem = p->aMem;
001073      pOp = &aOp[pcx];
001074      break;
001075    }
001076    p->rc = pOp->p1;
001077    p->errorAction = (u8)pOp->p2;
001078    p->pc = pcx;
001079    assert( pOp->p5<=4 );
001080    if( p->rc ){
001081      if( pOp->p5 ){
001082        static const char * const azType[] = { "NOT NULL", "UNIQUE", "CHECK",
001083                                               "FOREIGN KEY" };
001084        testcase( pOp->p5==1 );
001085        testcase( pOp->p5==2 );
001086        testcase( pOp->p5==3 );
001087        testcase( pOp->p5==4 );
001088        sqlite3VdbeError(p, "%s constraint failed", azType[pOp->p5-1]);
001089        if( pOp->p4.z ){
001090          p->zErrMsg = sqlite3MPrintf(db, "%z: %s", p->zErrMsg, pOp->p4.z);
001091        }
001092      }else{
001093        sqlite3VdbeError(p, "%s", pOp->p4.z);
001094      }
001095      sqlite3_log(pOp->p1, "abort at %d in [%s]: %s", pcx, p->zSql, p->zErrMsg);
001096    }
001097    rc = sqlite3VdbeHalt(p);
001098    assert( rc==SQLITE_BUSY || rc==SQLITE_OK || rc==SQLITE_ERROR );
001099    if( rc==SQLITE_BUSY ){
001100      p->rc = SQLITE_BUSY;
001101    }else{
001102      assert( rc==SQLITE_OK || (p->rc&0xff)==SQLITE_CONSTRAINT );
001103      assert( rc==SQLITE_OK || db->nDeferredCons>0 || db->nDeferredImmCons>0 );
001104      rc = p->rc ? SQLITE_ERROR : SQLITE_DONE;
001105    }
001106    goto vdbe_return;
001107  }
001108  
001109  /* Opcode: Integer P1 P2 * * *
001110  ** Synopsis: r[P2]=P1
001111  **
001112  ** The 32-bit integer value P1 is written into register P2.
001113  */
001114  case OP_Integer: {         /* out2 */
001115    pOut = out2Prerelease(p, pOp);
001116    pOut->u.i = pOp->p1;
001117    break;
001118  }
001119  
001120  /* Opcode: Int64 * P2 * P4 *
001121  ** Synopsis: r[P2]=P4
001122  **
001123  ** P4 is a pointer to a 64-bit integer value.
001124  ** Write that value into register P2.
001125  */
001126  case OP_Int64: {           /* out2 */
001127    pOut = out2Prerelease(p, pOp);
001128    assert( pOp->p4.pI64!=0 );
001129    pOut->u.i = *pOp->p4.pI64;
001130    break;
001131  }
001132  
001133  #ifndef SQLITE_OMIT_FLOATING_POINT
001134  /* Opcode: Real * P2 * P4 *
001135  ** Synopsis: r[P2]=P4
001136  **
001137  ** P4 is a pointer to a 64-bit floating point value.
001138  ** Write that value into register P2.
001139  */
001140  case OP_Real: {            /* same as TK_FLOAT, out2 */
001141    pOut = out2Prerelease(p, pOp);
001142    pOut->flags = MEM_Real;
001143    assert( !sqlite3IsNaN(*pOp->p4.pReal) );
001144    pOut->u.r = *pOp->p4.pReal;
001145    break;
001146  }
001147  #endif
001148  
001149  /* Opcode: String8 * P2 * P4 *
001150  ** Synopsis: r[P2]='P4'
001151  **
001152  ** P4 points to a nul terminated UTF-8 string. This opcode is transformed 
001153  ** into a String opcode before it is executed for the first time.  During
001154  ** this transformation, the length of string P4 is computed and stored
001155  ** as the P1 parameter.
001156  */
001157  case OP_String8: {         /* same as TK_STRING, out2 */
001158    assert( pOp->p4.z!=0 );
001159    pOut = out2Prerelease(p, pOp);
001160    pOp->p1 = sqlite3Strlen30(pOp->p4.z);
001161  
001162  #ifndef SQLITE_OMIT_UTF16
001163    if( encoding!=SQLITE_UTF8 ){
001164      rc = sqlite3VdbeMemSetStr(pOut, pOp->p4.z, -1, SQLITE_UTF8, SQLITE_STATIC);
001165      assert( rc==SQLITE_OK || rc==SQLITE_TOOBIG );
001166      if( rc ) goto too_big;
001167      if( SQLITE_OK!=sqlite3VdbeChangeEncoding(pOut, encoding) ) goto no_mem;
001168      assert( pOut->szMalloc>0 && pOut->zMalloc==pOut->z );
001169      assert( VdbeMemDynamic(pOut)==0 );
001170      pOut->szMalloc = 0;
001171      pOut->flags |= MEM_Static;
001172      if( pOp->p4type==P4_DYNAMIC ){
001173        sqlite3DbFree(db, pOp->p4.z);
001174      }
001175      pOp->p4type = P4_DYNAMIC;
001176      pOp->p4.z = pOut->z;
001177      pOp->p1 = pOut->n;
001178    }
001179  #endif
001180    if( pOp->p1>db->aLimit[SQLITE_LIMIT_LENGTH] ){
001181      goto too_big;
001182    }
001183    pOp->opcode = OP_String;
001184    assert( rc==SQLITE_OK );
001185    /* Fall through to the next case, OP_String */
001186  }
001187    
001188  /* Opcode: String P1 P2 P3 P4 P5
001189  ** Synopsis: r[P2]='P4' (len=P1)
001190  **
001191  ** The string value P4 of length P1 (bytes) is stored in register P2.
001192  **
001193  ** If P3 is not zero and the content of register P3 is equal to P5, then
001194  ** the datatype of the register P2 is converted to BLOB.  The content is
001195  ** the same sequence of bytes, it is merely interpreted as a BLOB instead
001196  ** of a string, as if it had been CAST.  In other words:
001197  **
001198  ** if( P3!=0 and reg[P3]==P5 ) reg[P2] := CAST(reg[P2] as BLOB)
001199  */
001200  case OP_String: {          /* out2 */
001201    assert( pOp->p4.z!=0 );
001202    pOut = out2Prerelease(p, pOp);
001203    pOut->flags = MEM_Str|MEM_Static|MEM_Term;
001204    pOut->z = pOp->p4.z;
001205    pOut->n = pOp->p1;
001206    pOut->enc = encoding;
001207    UPDATE_MAX_BLOBSIZE(pOut);
001208  #ifndef SQLITE_LIKE_DOESNT_MATCH_BLOBS
001209    if( pOp->p3>0 ){
001210      assert( pOp->p3<=(p->nMem+1 - p->nCursor) );
001211      pIn3 = &aMem[pOp->p3];
001212      assert( pIn3->flags & MEM_Int );
001213      if( pIn3->u.i==pOp->p5 ) pOut->flags = MEM_Blob|MEM_Static|MEM_Term;
001214    }
001215  #endif
001216    break;
001217  }
001218  
001219  /* Opcode: Null P1 P2 P3 * *
001220  ** Synopsis: r[P2..P3]=NULL
001221  **
001222  ** Write a NULL into registers P2.  If P3 greater than P2, then also write
001223  ** NULL into register P3 and every register in between P2 and P3.  If P3
001224  ** is less than P2 (typically P3 is zero) then only register P2 is
001225  ** set to NULL.
001226  **
001227  ** If the P1 value is non-zero, then also set the MEM_Cleared flag so that
001228  ** NULL values will not compare equal even if SQLITE_NULLEQ is set on
001229  ** OP_Ne or OP_Eq.
001230  */
001231  case OP_Null: {           /* out2 */
001232    int cnt;
001233    u16 nullFlag;
001234    pOut = out2Prerelease(p, pOp);
001235    cnt = pOp->p3-pOp->p2;
001236    assert( pOp->p3<=(p->nMem+1 - p->nCursor) );
001237    pOut->flags = nullFlag = pOp->p1 ? (MEM_Null|MEM_Cleared) : MEM_Null;
001238    pOut->n = 0;
001239  #ifdef SQLITE_DEBUG
001240    pOut->uTemp = 0;
001241  #endif
001242    while( cnt>0 ){
001243      pOut++;
001244      memAboutToChange(p, pOut);
001245      sqlite3VdbeMemSetNull(pOut);
001246      pOut->flags = nullFlag;
001247      pOut->n = 0;
001248      cnt--;
001249    }
001250    break;
001251  }
001252  
001253  /* Opcode: SoftNull P1 * * * *
001254  ** Synopsis: r[P1]=NULL
001255  **
001256  ** Set register P1 to have the value NULL as seen by the OP_MakeRecord
001257  ** instruction, but do not free any string or blob memory associated with
001258  ** the register, so that if the value was a string or blob that was
001259  ** previously copied using OP_SCopy, the copies will continue to be valid.
001260  */
001261  case OP_SoftNull: {
001262    assert( pOp->p1>0 && pOp->p1<=(p->nMem+1 - p->nCursor) );
001263    pOut = &aMem[pOp->p1];
001264    pOut->flags = (pOut->flags&~(MEM_Undefined|MEM_AffMask))|MEM_Null;
001265    break;
001266  }
001267  
001268  /* Opcode: Blob P1 P2 * P4 *
001269  ** Synopsis: r[P2]=P4 (len=P1)
001270  **
001271  ** P4 points to a blob of data P1 bytes long.  Store this
001272  ** blob in register P2.
001273  */
001274  case OP_Blob: {                /* out2 */
001275    assert( pOp->p1 <= SQLITE_MAX_LENGTH );
001276    pOut = out2Prerelease(p, pOp);
001277    sqlite3VdbeMemSetStr(pOut, pOp->p4.z, pOp->p1, 0, 0);
001278    pOut->enc = encoding;
001279    UPDATE_MAX_BLOBSIZE(pOut);
001280    break;
001281  }
001282  
001283  /* Opcode: Variable P1 P2 * P4 *
001284  ** Synopsis: r[P2]=parameter(P1,P4)
001285  **
001286  ** Transfer the values of bound parameter P1 into register P2
001287  **
001288  ** If the parameter is named, then its name appears in P4.
001289  ** The P4 value is used by sqlite3_bind_parameter_name().
001290  */
001291  case OP_Variable: {            /* out2 */
001292    Mem *pVar;       /* Value being transferred */
001293  
001294    assert( pOp->p1>0 && pOp->p1<=p->nVar );
001295    assert( pOp->p4.z==0 || pOp->p4.z==sqlite3VListNumToName(p->pVList,pOp->p1) );
001296    pVar = &p->aVar[pOp->p1 - 1];
001297    if( sqlite3VdbeMemTooBig(pVar) ){
001298      goto too_big;
001299    }
001300    pOut = &aMem[pOp->p2];
001301    if( VdbeMemDynamic(pOut) ) sqlite3VdbeMemSetNull(pOut);
001302    memcpy(pOut, pVar, MEMCELLSIZE);
001303    pOut->flags &= ~(MEM_Dyn|MEM_Ephem);
001304    pOut->flags |= MEM_Static|MEM_FromBind;
001305    UPDATE_MAX_BLOBSIZE(pOut);
001306    break;
001307  }
001308  
001309  /* Opcode: Move P1 P2 P3 * *
001310  ** Synopsis: r[P2@P3]=r[P1@P3]
001311  **
001312  ** Move the P3 values in register P1..P1+P3-1 over into
001313  ** registers P2..P2+P3-1.  Registers P1..P1+P3-1 are
001314  ** left holding a NULL.  It is an error for register ranges
001315  ** P1..P1+P3-1 and P2..P2+P3-1 to overlap.  It is an error
001316  ** for P3 to be less than 1.
001317  */
001318  case OP_Move: {
001319    int n;           /* Number of registers left to copy */
001320    int p1;          /* Register to copy from */
001321    int p2;          /* Register to copy to */
001322  
001323    n = pOp->p3;
001324    p1 = pOp->p1;
001325    p2 = pOp->p2;
001326    assert( n>0 && p1>0 && p2>0 );
001327    assert( p1+n<=p2 || p2+n<=p1 );
001328  
001329    pIn1 = &aMem[p1];
001330    pOut = &aMem[p2];
001331    do{
001332      assert( pOut<=&aMem[(p->nMem+1 - p->nCursor)] );
001333      assert( pIn1<=&aMem[(p->nMem+1 - p->nCursor)] );
001334      assert( memIsValid(pIn1) );
001335      memAboutToChange(p, pOut);
001336      sqlite3VdbeMemMove(pOut, pIn1);
001337  #ifdef SQLITE_DEBUG
001338      if( pOut->pScopyFrom>=&aMem[p1] && pOut->pScopyFrom<pOut ){
001339        pOut->pScopyFrom += pOp->p2 - p1;
001340      }
001341  #endif
001342      Deephemeralize(pOut);
001343      REGISTER_TRACE(p2++, pOut);
001344      pIn1++;
001345      pOut++;
001346    }while( --n );
001347    break;
001348  }
001349  
001350  /* Opcode: Copy P1 P2 P3 * *
001351  ** Synopsis: r[P2@P3+1]=r[P1@P3+1]
001352  **
001353  ** Make a copy of registers P1..P1+P3 into registers P2..P2+P3.
001354  **
001355  ** This instruction makes a deep copy of the value.  A duplicate
001356  ** is made of any string or blob constant.  See also OP_SCopy.
001357  */
001358  case OP_Copy: {
001359    int n;
001360  
001361    n = pOp->p3;
001362    pIn1 = &aMem[pOp->p1];
001363    pOut = &aMem[pOp->p2];
001364    assert( pOut!=pIn1 );
001365    while( 1 ){
001366      memAboutToChange(p, pOut);
001367      sqlite3VdbeMemShallowCopy(pOut, pIn1, MEM_Ephem);
001368      Deephemeralize(pOut);
001369  #ifdef SQLITE_DEBUG
001370      pOut->pScopyFrom = 0;
001371  #endif
001372      REGISTER_TRACE(pOp->p2+pOp->p3-n, pOut);
001373      if( (n--)==0 ) break;
001374      pOut++;
001375      pIn1++;
001376    }
001377    break;
001378  }
001379  
001380  /* Opcode: SCopy P1 P2 * * *
001381  ** Synopsis: r[P2]=r[P1]
001382  **
001383  ** Make a shallow copy of register P1 into register P2.
001384  **
001385  ** This instruction makes a shallow copy of the value.  If the value
001386  ** is a string or blob, then the copy is only a pointer to the
001387  ** original and hence if the original changes so will the copy.
001388  ** Worse, if the original is deallocated, the copy becomes invalid.
001389  ** Thus the program must guarantee that the original will not change
001390  ** during the lifetime of the copy.  Use OP_Copy to make a complete
001391  ** copy.
001392  */
001393  case OP_SCopy: {            /* out2 */
001394    pIn1 = &aMem[pOp->p1];
001395    pOut = &aMem[pOp->p2];
001396    assert( pOut!=pIn1 );
001397    sqlite3VdbeMemShallowCopy(pOut, pIn1, MEM_Ephem);
001398  #ifdef SQLITE_DEBUG
001399    pOut->pScopyFrom = pIn1;
001400    pOut->mScopyFlags = pIn1->flags;
001401  #endif
001402    break;
001403  }
001404  
001405  /* Opcode: IntCopy P1 P2 * * *
001406  ** Synopsis: r[P2]=r[P1]
001407  **
001408  ** Transfer the integer value held in register P1 into register P2.
001409  **
001410  ** This is an optimized version of SCopy that works only for integer
001411  ** values.
001412  */
001413  case OP_IntCopy: {            /* out2 */
001414    pIn1 = &aMem[pOp->p1];
001415    assert( (pIn1->flags & MEM_Int)!=0 );
001416    pOut = &aMem[pOp->p2];
001417    sqlite3VdbeMemSetInt64(pOut, pIn1->u.i);
001418    break;
001419  }
001420  
001421  /* Opcode: ResultRow P1 P2 * * *
001422  ** Synopsis: output=r[P1@P2]
001423  **
001424  ** The registers P1 through P1+P2-1 contain a single row of
001425  ** results. This opcode causes the sqlite3_step() call to terminate
001426  ** with an SQLITE_ROW return code and it sets up the sqlite3_stmt
001427  ** structure to provide access to the r(P1)..r(P1+P2-1) values as
001428  ** the result row.
001429  */
001430  case OP_ResultRow: {
001431    Mem *pMem;
001432    int i;
001433    assert( p->nResColumn==pOp->p2 );
001434    assert( pOp->p1>0 );
001435    assert( pOp->p1+pOp->p2<=(p->nMem+1 - p->nCursor)+1 );
001436  
001437    /* If this statement has violated immediate foreign key constraints, do
001438    ** not return the number of rows modified. And do not RELEASE the statement
001439    ** transaction. It needs to be rolled back.  */
001440    if( SQLITE_OK!=(rc = sqlite3VdbeCheckFk(p, 0)) ){
001441      assert( db->flags&SQLITE_CountRows );
001442      assert( p->usesStmtJournal );
001443      goto abort_due_to_error;
001444    }
001445  
001446    /* If the SQLITE_CountRows flag is set in sqlite3.flags mask, then 
001447    ** DML statements invoke this opcode to return the number of rows 
001448    ** modified to the user. This is the only way that a VM that
001449    ** opens a statement transaction may invoke this opcode.
001450    **
001451    ** In case this is such a statement, close any statement transaction
001452    ** opened by this VM before returning control to the user. This is to
001453    ** ensure that statement-transactions are always nested, not overlapping.
001454    ** If the open statement-transaction is not closed here, then the user
001455    ** may step another VM that opens its own statement transaction. This
001456    ** may lead to overlapping statement transactions.
001457    **
001458    ** The statement transaction is never a top-level transaction.  Hence
001459    ** the RELEASE call below can never fail.
001460    */
001461    assert( p->iStatement==0 || db->flags&SQLITE_CountRows );
001462    rc = sqlite3VdbeCloseStatement(p, SAVEPOINT_RELEASE);
001463    assert( rc==SQLITE_OK );
001464  
001465    /* Invalidate all ephemeral cursor row caches */
001466    p->cacheCtr = (p->cacheCtr + 2)|1;
001467  
001468    /* Make sure the results of the current row are \000 terminated
001469    ** and have an assigned type.  The results are de-ephemeralized as
001470    ** a side effect.
001471    */
001472    pMem = p->pResultSet = &aMem[pOp->p1];
001473    for(i=0; i<pOp->p2; i++){
001474      assert( memIsValid(&pMem[i]) );
001475      Deephemeralize(&pMem[i]);
001476      assert( (pMem[i].flags & MEM_Ephem)==0
001477              || (pMem[i].flags & (MEM_Str|MEM_Blob))==0 );
001478      sqlite3VdbeMemNulTerminate(&pMem[i]);
001479      REGISTER_TRACE(pOp->p1+i, &pMem[i]);
001480    }
001481    if( db->mallocFailed ) goto no_mem;
001482  
001483    if( db->mTrace & SQLITE_TRACE_ROW ){
001484      db->xTrace(SQLITE_TRACE_ROW, db->pTraceArg, p, 0);
001485    }
001486  
001487    /* Return SQLITE_ROW
001488    */
001489    p->pc = (int)(pOp - aOp) + 1;
001490    rc = SQLITE_ROW;
001491    goto vdbe_return;
001492  }
001493  
001494  /* Opcode: Concat P1 P2 P3 * *
001495  ** Synopsis: r[P3]=r[P2]+r[P1]
001496  **
001497  ** Add the text in register P1 onto the end of the text in
001498  ** register P2 and store the result in register P3.
001499  ** If either the P1 or P2 text are NULL then store NULL in P3.
001500  **
001501  **   P3 = P2 || P1
001502  **
001503  ** It is illegal for P1 and P3 to be the same register. Sometimes,
001504  ** if P3 is the same register as P2, the implementation is able
001505  ** to avoid a memcpy().
001506  */
001507  case OP_Concat: {           /* same as TK_CONCAT, in1, in2, out3 */
001508    i64 nByte;          /* Total size of the output string or blob */
001509    u16 flags1;         /* Initial flags for P1 */
001510    u16 flags2;         /* Initial flags for P2 */
001511  
001512    pIn1 = &aMem[pOp->p1];
001513    pIn2 = &aMem[pOp->p2];
001514    pOut = &aMem[pOp->p3];
001515    testcase( pIn1==pIn2 );
001516    testcase( pOut==pIn2 );
001517    assert( pIn1!=pOut );
001518    flags1 = pIn1->flags;
001519    testcase( flags1 & MEM_Null );
001520    testcase( pIn2->flags & MEM_Null );
001521    if( (flags1 | pIn2->flags) & MEM_Null ){
001522      sqlite3VdbeMemSetNull(pOut);
001523      break;
001524    }
001525    if( (flags1 & (MEM_Str|MEM_Blob))==0 ){
001526      if( sqlite3VdbeMemStringify(pIn1,encoding,0) ) goto no_mem;
001527      flags1 = pIn1->flags & ~MEM_Str;
001528    }else if( (flags1 & MEM_Zero)!=0 ){
001529      if( sqlite3VdbeMemExpandBlob(pIn1) ) goto no_mem;
001530      flags1 = pIn1->flags & ~MEM_Str;
001531    }
001532    flags2 = pIn2->flags;
001533    if( (flags2 & (MEM_Str|MEM_Blob))==0 ){
001534      if( sqlite3VdbeMemStringify(pIn2,encoding,0) ) goto no_mem;
001535      flags2 = pIn2->flags & ~MEM_Str;
001536    }else if( (flags2 & MEM_Zero)!=0 ){
001537      if( sqlite3VdbeMemExpandBlob(pIn2) ) goto no_mem;
001538      flags2 = pIn2->flags & ~MEM_Str;
001539    }
001540    nByte = pIn1->n + pIn2->n;
001541    if( nByte>db->aLimit[SQLITE_LIMIT_LENGTH] ){
001542      goto too_big;
001543    }
001544    if( sqlite3VdbeMemGrow(pOut, (int)nByte+3, pOut==pIn2) ){
001545      goto no_mem;
001546    }
001547    MemSetTypeFlag(pOut, MEM_Str);
001548    if( pOut!=pIn2 ){
001549      memcpy(pOut->z, pIn2->z, pIn2->n);
001550      assert( (pIn2->flags & MEM_Dyn) == (flags2 & MEM_Dyn) );
001551      pIn2->flags = flags2;
001552    }
001553    memcpy(&pOut->z[pIn2->n], pIn1->z, pIn1->n);
001554    assert( (pIn1->flags & MEM_Dyn) == (flags1 & MEM_Dyn) );
001555    pIn1->flags = flags1;
001556    pOut->z[nByte]=0;
001557    pOut->z[nByte+1] = 0;
001558    pOut->z[nByte+2] = 0;
001559    pOut->flags |= MEM_Term;
001560    pOut->n = (int)nByte;
001561    pOut->enc = encoding;
001562    UPDATE_MAX_BLOBSIZE(pOut);
001563    break;
001564  }
001565  
001566  /* Opcode: Add P1 P2 P3 * *
001567  ** Synopsis: r[P3]=r[P1]+r[P2]
001568  **
001569  ** Add the value in register P1 to the value in register P2
001570  ** and store the result in register P3.
001571  ** If either input is NULL, the result is NULL.
001572  */
001573  /* Opcode: Multiply P1 P2 P3 * *
001574  ** Synopsis: r[P3]=r[P1]*r[P2]
001575  **
001576  **
001577  ** Multiply the value in register P1 by the value in register P2
001578  ** and store the result in register P3.
001579  ** If either input is NULL, the result is NULL.
001580  */
001581  /* Opcode: Subtract P1 P2 P3 * *
001582  ** Synopsis: r[P3]=r[P2]-r[P1]
001583  **
001584  ** Subtract the value in register P1 from the value in register P2
001585  ** and store the result in register P3.
001586  ** If either input is NULL, the result is NULL.
001587  */
001588  /* Opcode: Divide P1 P2 P3 * *
001589  ** Synopsis: r[P3]=r[P2]/r[P1]
001590  **
001591  ** Divide the value in register P1 by the value in register P2
001592  ** and store the result in register P3 (P3=P2/P1). If the value in 
001593  ** register P1 is zero, then the result is NULL. If either input is 
001594  ** NULL, the result is NULL.
001595  */
001596  /* Opcode: Remainder P1 P2 P3 * *
001597  ** Synopsis: r[P3]=r[P2]%r[P1]
001598  **
001599  ** Compute the remainder after integer register P2 is divided by 
001600  ** register P1 and store the result in register P3. 
001601  ** If the value in register P1 is zero the result is NULL.
001602  ** If either operand is NULL, the result is NULL.
001603  */
001604  case OP_Add:                   /* same as TK_PLUS, in1, in2, out3 */
001605  case OP_Subtract:              /* same as TK_MINUS, in1, in2, out3 */
001606  case OP_Multiply:              /* same as TK_STAR, in1, in2, out3 */
001607  case OP_Divide:                /* same as TK_SLASH, in1, in2, out3 */
001608  case OP_Remainder: {           /* same as TK_REM, in1, in2, out3 */
001609    u16 flags;      /* Combined MEM_* flags from both inputs */
001610    u16 type1;      /* Numeric type of left operand */
001611    u16 type2;      /* Numeric type of right operand */
001612    i64 iA;         /* Integer value of left operand */
001613    i64 iB;         /* Integer value of right operand */
001614    double rA;      /* Real value of left operand */
001615    double rB;      /* Real value of right operand */
001616  
001617    pIn1 = &aMem[pOp->p1];
001618    type1 = numericType(pIn1);
001619    pIn2 = &aMem[pOp->p2];
001620    type2 = numericType(pIn2);
001621    pOut = &aMem[pOp->p3];
001622    flags = pIn1->flags | pIn2->flags;
001623    if( (type1 & type2 & MEM_Int)!=0 ){
001624      iA = pIn1->u.i;
001625      iB = pIn2->u.i;
001626      switch( pOp->opcode ){
001627        case OP_Add:       if( sqlite3AddInt64(&iB,iA) ) goto fp_math;  break;
001628        case OP_Subtract:  if( sqlite3SubInt64(&iB,iA) ) goto fp_math;  break;
001629        case OP_Multiply:  if( sqlite3MulInt64(&iB,iA) ) goto fp_math;  break;
001630        case OP_Divide: {
001631          if( iA==0 ) goto arithmetic_result_is_null;
001632          if( iA==-1 && iB==SMALLEST_INT64 ) goto fp_math;
001633          iB /= iA;
001634          break;
001635        }
001636        default: {
001637          if( iA==0 ) goto arithmetic_result_is_null;
001638          if( iA==-1 ) iA = 1;
001639          iB %= iA;
001640          break;
001641        }
001642      }
001643      pOut->u.i = iB;
001644      MemSetTypeFlag(pOut, MEM_Int);
001645    }else if( (flags & MEM_Null)!=0 ){
001646      goto arithmetic_result_is_null;
001647    }else{
001648  fp_math:
001649      rA = sqlite3VdbeRealValue(pIn1);
001650      rB = sqlite3VdbeRealValue(pIn2);
001651      switch( pOp->opcode ){
001652        case OP_Add:         rB += rA;       break;
001653        case OP_Subtract:    rB -= rA;       break;
001654        case OP_Multiply:    rB *= rA;       break;
001655        case OP_Divide: {
001656          /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
001657          if( rA==(double)0 ) goto arithmetic_result_is_null;
001658          rB /= rA;
001659          break;
001660        }
001661        default: {
001662          iA = sqlite3VdbeIntValue(pIn1);
001663          iB = sqlite3VdbeIntValue(pIn2);
001664          if( iA==0 ) goto arithmetic_result_is_null;
001665          if( iA==-1 ) iA = 1;
001666          rB = (double)(iB % iA);
001667          break;
001668        }
001669      }
001670  #ifdef SQLITE_OMIT_FLOATING_POINT
001671      pOut->u.i = rB;
001672      MemSetTypeFlag(pOut, MEM_Int);
001673  #else
001674      if( sqlite3IsNaN(rB) ){
001675        goto arithmetic_result_is_null;
001676      }
001677      pOut->u.r = rB;
001678      MemSetTypeFlag(pOut, MEM_Real);
001679  #endif
001680    }
001681    break;
001682  
001683  arithmetic_result_is_null:
001684    sqlite3VdbeMemSetNull(pOut);
001685    break;
001686  }
001687  
001688  /* Opcode: CollSeq P1 * * P4
001689  **
001690  ** P4 is a pointer to a CollSeq object. If the next call to a user function
001691  ** or aggregate calls sqlite3GetFuncCollSeq(), this collation sequence will
001692  ** be returned. This is used by the built-in min(), max() and nullif()
001693  ** functions.
001694  **
001695  ** If P1 is not zero, then it is a register that a subsequent min() or
001696  ** max() aggregate will set to 1 if the current row is not the minimum or
001697  ** maximum.  The P1 register is initialized to 0 by this instruction.
001698  **
001699  ** The interface used by the implementation of the aforementioned functions
001700  ** to retrieve the collation sequence set by this opcode is not available
001701  ** publicly.  Only built-in functions have access to this feature.
001702  */
001703  case OP_CollSeq: {
001704    assert( pOp->p4type==P4_COLLSEQ );
001705    if( pOp->p1 ){
001706      sqlite3VdbeMemSetInt64(&aMem[pOp->p1], 0);
001707    }
001708    break;
001709  }
001710  
001711  /* Opcode: BitAnd P1 P2 P3 * *
001712  ** Synopsis: r[P3]=r[P1]&r[P2]
001713  **
001714  ** Take the bit-wise AND of the values in register P1 and P2 and
001715  ** store the result in register P3.
001716  ** If either input is NULL, the result is NULL.
001717  */
001718  /* Opcode: BitOr P1 P2 P3 * *
001719  ** Synopsis: r[P3]=r[P1]|r[P2]
001720  **
001721  ** Take the bit-wise OR of the values in register P1 and P2 and
001722  ** store the result in register P3.
001723  ** If either input is NULL, the result is NULL.
001724  */
001725  /* Opcode: ShiftLeft P1 P2 P3 * *
001726  ** Synopsis: r[P3]=r[P2]<<r[P1]
001727  **
001728  ** Shift the integer value in register P2 to the left by the
001729  ** number of bits specified by the integer in register P1.
001730  ** Store the result in register P3.
001731  ** If either input is NULL, the result is NULL.
001732  */
001733  /* Opcode: ShiftRight P1 P2 P3 * *
001734  ** Synopsis: r[P3]=r[P2]>>r[P1]
001735  **
001736  ** Shift the integer value in register P2 to the right by the
001737  ** number of bits specified by the integer in register P1.
001738  ** Store the result in register P3.
001739  ** If either input is NULL, the result is NULL.
001740  */
001741  case OP_BitAnd:                 /* same as TK_BITAND, in1, in2, out3 */
001742  case OP_BitOr:                  /* same as TK_BITOR, in1, in2, out3 */
001743  case OP_ShiftLeft:              /* same as TK_LSHIFT, in1, in2, out3 */
001744  case OP_ShiftRight: {           /* same as TK_RSHIFT, in1, in2, out3 */
001745    i64 iA;
001746    u64 uA;
001747    i64 iB;
001748    u8 op;
001749  
001750    pIn1 = &aMem[pOp->p1];
001751    pIn2 = &aMem[pOp->p2];
001752    pOut = &aMem[pOp->p3];
001753    if( (pIn1->flags | pIn2->flags) & MEM_Null ){
001754      sqlite3VdbeMemSetNull(pOut);
001755      break;
001756    }
001757    iA = sqlite3VdbeIntValue(pIn2);
001758    iB = sqlite3VdbeIntValue(pIn1);
001759    op = pOp->opcode;
001760    if( op==OP_BitAnd ){
001761      iA &= iB;
001762    }else if( op==OP_BitOr ){
001763      iA |= iB;
001764    }else if( iB!=0 ){
001765      assert( op==OP_ShiftRight || op==OP_ShiftLeft );
001766  
001767      /* If shifting by a negative amount, shift in the other direction */
001768      if( iB<0 ){
001769        assert( OP_ShiftRight==OP_ShiftLeft+1 );
001770        op = 2*OP_ShiftLeft + 1 - op;
001771        iB = iB>(-64) ? -iB : 64;
001772      }
001773  
001774      if( iB>=64 ){
001775        iA = (iA>=0 || op==OP_ShiftLeft) ? 0 : -1;
001776      }else{
001777        memcpy(&uA, &iA, sizeof(uA));
001778        if( op==OP_ShiftLeft ){
001779          uA <<= iB;
001780        }else{
001781          uA >>= iB;
001782          /* Sign-extend on a right shift of a negative number */
001783          if( iA<0 ) uA |= ((((u64)0xffffffff)<<32)|0xffffffff) << (64-iB);
001784        }
001785        memcpy(&iA, &uA, sizeof(iA));
001786      }
001787    }
001788    pOut->u.i = iA;
001789    MemSetTypeFlag(pOut, MEM_Int);
001790    break;
001791  }
001792  
001793  /* Opcode: AddImm  P1 P2 * * *
001794  ** Synopsis: r[P1]=r[P1]+P2
001795  ** 
001796  ** Add the constant P2 to the value in register P1.
001797  ** The result is always an integer.
001798  **
001799  ** To force any register to be an integer, just add 0.
001800  */
001801  case OP_AddImm: {            /* in1 */
001802    pIn1 = &aMem[pOp->p1];
001803    memAboutToChange(p, pIn1);
001804    sqlite3VdbeMemIntegerify(pIn1);
001805    pIn1->u.i += pOp->p2;
001806    break;
001807  }
001808  
001809  /* Opcode: MustBeInt P1 P2 * * *
001810  ** 
001811  ** Force the value in register P1 to be an integer.  If the value
001812  ** in P1 is not an integer and cannot be converted into an integer
001813  ** without data loss, then jump immediately to P2, or if P2==0
001814  ** raise an SQLITE_MISMATCH exception.
001815  */
001816  case OP_MustBeInt: {            /* jump, in1 */
001817    pIn1 = &aMem[pOp->p1];
001818    if( (pIn1->flags & MEM_Int)==0 ){
001819      applyAffinity(pIn1, SQLITE_AFF_NUMERIC, encoding);
001820      if( (pIn1->flags & MEM_Int)==0 ){
001821        VdbeBranchTaken(1, 2);
001822        if( pOp->p2==0 ){
001823          rc = SQLITE_MISMATCH;
001824          goto abort_due_to_error;
001825        }else{
001826          goto jump_to_p2;
001827        }
001828      }
001829    }
001830    VdbeBranchTaken(0, 2);
001831    MemSetTypeFlag(pIn1, MEM_Int);
001832    break;
001833  }
001834  
001835  #ifndef SQLITE_OMIT_FLOATING_POINT
001836  /* Opcode: RealAffinity P1 * * * *
001837  **
001838  ** If register P1 holds an integer convert it to a real value.
001839  **
001840  ** This opcode is used when extracting information from a column that
001841  ** has REAL affinity.  Such column values may still be stored as
001842  ** integers, for space efficiency, but after extraction we want them
001843  ** to have only a real value.
001844  */
001845  case OP_RealAffinity: {                  /* in1 */
001846    pIn1 = &aMem[pOp->p1];
001847    if( pIn1->flags & (MEM_Int|MEM_IntReal) ){
001848      testcase( pIn1->flags & MEM_Int );
001849      testcase( pIn1->flags & MEM_IntReal );
001850      sqlite3VdbeMemRealify(pIn1);
001851      REGISTER_TRACE(pOp->p1, pIn1);
001852    }
001853    break;
001854  }
001855  #endif
001856  
001857  #ifndef SQLITE_OMIT_CAST
001858  /* Opcode: Cast P1 P2 * * *
001859  ** Synopsis: affinity(r[P1])
001860  **
001861  ** Force the value in register P1 to be the type defined by P2.
001862  ** 
001863  ** <ul>
001864  ** <li> P2=='A' &rarr; BLOB
001865  ** <li> P2=='B' &rarr; TEXT
001866  ** <li> P2=='C' &rarr; NUMERIC
001867  ** <li> P2=='D' &rarr; INTEGER
001868  ** <li> P2=='E' &rarr; REAL
001869  ** </ul>
001870  **
001871  ** A NULL value is not changed by this routine.  It remains NULL.
001872  */
001873  case OP_Cast: {                  /* in1 */
001874    assert( pOp->p2>=SQLITE_AFF_BLOB && pOp->p2<=SQLITE_AFF_REAL );
001875    testcase( pOp->p2==SQLITE_AFF_TEXT );
001876    testcase( pOp->p2==SQLITE_AFF_BLOB );
001877    testcase( pOp->p2==SQLITE_AFF_NUMERIC );
001878    testcase( pOp->p2==SQLITE_AFF_INTEGER );
001879    testcase( pOp->p2==SQLITE_AFF_REAL );
001880    pIn1 = &aMem[pOp->p1];
001881    memAboutToChange(p, pIn1);
001882    rc = ExpandBlob(pIn1);
001883    if( rc ) goto abort_due_to_error;
001884    rc = sqlite3VdbeMemCast(pIn1, pOp->p2, encoding);
001885    if( rc ) goto abort_due_to_error;
001886    UPDATE_MAX_BLOBSIZE(pIn1);
001887    REGISTER_TRACE(pOp->p1, pIn1);
001888    break;
001889  }
001890  #endif /* SQLITE_OMIT_CAST */
001891  
001892  /* Opcode: Eq P1 P2 P3 P4 P5
001893  ** Synopsis: IF r[P3]==r[P1]
001894  **
001895  ** Compare the values in register P1 and P3.  If reg(P3)==reg(P1) then
001896  ** jump to address P2.  Or if the SQLITE_STOREP2 flag is set in P5, then
001897  ** store the result of comparison in register P2.
001898  **
001899  ** The SQLITE_AFF_MASK portion of P5 must be an affinity character -
001900  ** SQLITE_AFF_TEXT, SQLITE_AFF_INTEGER, and so forth. An attempt is made 
001901  ** to coerce both inputs according to this affinity before the
001902  ** comparison is made. If the SQLITE_AFF_MASK is 0x00, then numeric
001903  ** affinity is used. Note that the affinity conversions are stored
001904  ** back into the input registers P1 and P3.  So this opcode can cause
001905  ** persistent changes to registers P1 and P3.
001906  **
001907  ** Once any conversions have taken place, and neither value is NULL, 
001908  ** the values are compared. If both values are blobs then memcmp() is
001909  ** used to determine the results of the comparison.  If both values
001910  ** are text, then the appropriate collating function specified in
001911  ** P4 is used to do the comparison.  If P4 is not specified then
001912  ** memcmp() is used to compare text string.  If both values are
001913  ** numeric, then a numeric comparison is used. If the two values
001914  ** are of different types, then numbers are considered less than
001915  ** strings and strings are considered less than blobs.
001916  **
001917  ** If SQLITE_NULLEQ is set in P5 then the result of comparison is always either
001918  ** true or false and is never NULL.  If both operands are NULL then the result
001919  ** of comparison is true.  If either operand is NULL then the result is false.
001920  ** If neither operand is NULL the result is the same as it would be if
001921  ** the SQLITE_NULLEQ flag were omitted from P5.
001922  **
001923  ** If both SQLITE_STOREP2 and SQLITE_KEEPNULL flags are set then the
001924  ** content of r[P2] is only changed if the new value is NULL or 0 (false).
001925  ** In other words, a prior r[P2] value will not be overwritten by 1 (true).
001926  */
001927  /* Opcode: Ne P1 P2 P3 P4 P5
001928  ** Synopsis: IF r[P3]!=r[P1]
001929  **
001930  ** This works just like the Eq opcode except that the jump is taken if
001931  ** the operands in registers P1 and P3 are not equal.  See the Eq opcode for
001932  ** additional information.
001933  **
001934  ** If both SQLITE_STOREP2 and SQLITE_KEEPNULL flags are set then the
001935  ** content of r[P2] is only changed if the new value is NULL or 1 (true).
001936  ** In other words, a prior r[P2] value will not be overwritten by 0 (false).
001937  */
001938  /* Opcode: Lt P1 P2 P3 P4 P5
001939  ** Synopsis: IF r[P3]<r[P1]
001940  **
001941  ** Compare the values in register P1 and P3.  If reg(P3)<reg(P1) then
001942  ** jump to address P2.  Or if the SQLITE_STOREP2 flag is set in P5 store
001943  ** the result of comparison (0 or 1 or NULL) into register P2.
001944  **
001945  ** If the SQLITE_JUMPIFNULL bit of P5 is set and either reg(P1) or
001946  ** reg(P3) is NULL then the take the jump.  If the SQLITE_JUMPIFNULL 
001947  ** bit is clear then fall through if either operand is NULL.
001948  **
001949  ** The SQLITE_AFF_MASK portion of P5 must be an affinity character -
001950  ** SQLITE_AFF_TEXT, SQLITE_AFF_INTEGER, and so forth. An attempt is made 
001951  ** to coerce both inputs according to this affinity before the
001952  ** comparison is made. If the SQLITE_AFF_MASK is 0x00, then numeric
001953  ** affinity is used. Note that the affinity conversions are stored
001954  ** back into the input registers P1 and P3.  So this opcode can cause
001955  ** persistent changes to registers P1 and P3.
001956  **
001957  ** Once any conversions have taken place, and neither value is NULL, 
001958  ** the values are compared. If both values are blobs then memcmp() is
001959  ** used to determine the results of the comparison.  If both values
001960  ** are text, then the appropriate collating function specified in
001961  ** P4 is  used to do the comparison.  If P4 is not specified then
001962  ** memcmp() is used to compare text string.  If both values are
001963  ** numeric, then a numeric comparison is used. If the two values
001964  ** are of different types, then numbers are considered less than
001965  ** strings and strings are considered less than blobs.
001966  */
001967  /* Opcode: Le P1 P2 P3 P4 P5
001968  ** Synopsis: IF r[P3]<=r[P1]
001969  **
001970  ** This works just like the Lt opcode except that the jump is taken if
001971  ** the content of register P3 is less than or equal to the content of
001972  ** register P1.  See the Lt opcode for additional information.
001973  */
001974  /* Opcode: Gt P1 P2 P3 P4 P5
001975  ** Synopsis: IF r[P3]>r[P1]
001976  **
001977  ** This works just like the Lt opcode except that the jump is taken if
001978  ** the content of register P3 is greater than the content of
001979  ** register P1.  See the Lt opcode for additional information.
001980  */
001981  /* Opcode: Ge P1 P2 P3 P4 P5
001982  ** Synopsis: IF r[P3]>=r[P1]
001983  **
001984  ** This works just like the Lt opcode except that the jump is taken if
001985  ** the content of register P3 is greater than or equal to the content of
001986  ** register P1.  See the Lt opcode for additional information.
001987  */
001988  case OP_Eq:               /* same as TK_EQ, jump, in1, in3 */
001989  case OP_Ne:               /* same as TK_NE, jump, in1, in3 */
001990  case OP_Lt:               /* same as TK_LT, jump, in1, in3 */
001991  case OP_Le:               /* same as TK_LE, jump, in1, in3 */
001992  case OP_Gt:               /* same as TK_GT, jump, in1, in3 */
001993  case OP_Ge: {             /* same as TK_GE, jump, in1, in3 */
001994    int res, res2;      /* Result of the comparison of pIn1 against pIn3 */
001995    char affinity;      /* Affinity to use for comparison */
001996    u16 flags1;         /* Copy of initial value of pIn1->flags */
001997    u16 flags3;         /* Copy of initial value of pIn3->flags */
001998  
001999    pIn1 = &aMem[pOp->p1];
002000    pIn3 = &aMem[pOp->p3];
002001    flags1 = pIn1->flags;
002002    flags3 = pIn3->flags;
002003    if( (flags1 | flags3)&MEM_Null ){
002004      /* One or both operands are NULL */
002005      if( pOp->p5 & SQLITE_NULLEQ ){
002006        /* If SQLITE_NULLEQ is set (which will only happen if the operator is
002007        ** OP_Eq or OP_Ne) then take the jump or not depending on whether
002008        ** or not both operands are null.
002009        */
002010        assert( (flags1 & MEM_Cleared)==0 );
002011        assert( (pOp->p5 & SQLITE_JUMPIFNULL)==0 || CORRUPT_DB );
002012        testcase( (pOp->p5 & SQLITE_JUMPIFNULL)!=0 );
002013        if( (flags1&flags3&MEM_Null)!=0
002014         && (flags3&MEM_Cleared)==0
002015        ){
002016          res = 0;  /* Operands are equal */
002017        }else{
002018          res = ((flags3 & MEM_Null) ? -1 : +1);  /* Operands are not equal */
002019        }
002020      }else{
002021        /* SQLITE_NULLEQ is clear and at least one operand is NULL,
002022        ** then the result is always NULL.
002023        ** The jump is taken if the SQLITE_JUMPIFNULL bit is set.
002024        */
002025        if( pOp->p5 & SQLITE_STOREP2 ){
002026          pOut = &aMem[pOp->p2];
002027          iCompare = 1;    /* Operands are not equal */
002028          memAboutToChange(p, pOut);
002029          MemSetTypeFlag(pOut, MEM_Null);
002030          REGISTER_TRACE(pOp->p2, pOut);
002031        }else{
002032          VdbeBranchTaken(2,3);
002033          if( pOp->p5 & SQLITE_JUMPIFNULL ){
002034            goto jump_to_p2;
002035          }
002036        }
002037        break;
002038      }
002039    }else{
002040      /* Neither operand is NULL.  Do a comparison. */
002041      affinity = pOp->p5 & SQLITE_AFF_MASK;
002042      if( affinity>=SQLITE_AFF_NUMERIC ){
002043        if( (flags1 | flags3)&MEM_Str ){
002044          if( (flags1 & (MEM_Int|MEM_IntReal|MEM_Real|MEM_Str))==MEM_Str ){
002045            applyNumericAffinity(pIn1,0);
002046            testcase( flags3!=pIn3->flags );
002047            flags3 = pIn3->flags;
002048          }
002049          if( (flags3 & (MEM_Int|MEM_IntReal|MEM_Real|MEM_Str))==MEM_Str ){
002050            applyNumericAffinity(pIn3,0);
002051          }
002052        }
002053        /* Handle the common case of integer comparison here, as an
002054        ** optimization, to avoid a call to sqlite3MemCompare() */
002055        if( (pIn1->flags & pIn3->flags & MEM_Int)!=0 ){
002056          if( pIn3->u.i > pIn1->u.i ){ res = +1; goto compare_op; }
002057          if( pIn3->u.i < pIn1->u.i ){ res = -1; goto compare_op; }
002058          res = 0;
002059          goto compare_op;
002060        }
002061      }else if( affinity==SQLITE_AFF_TEXT ){
002062        if( (flags1 & MEM_Str)==0 && (flags1&(MEM_Int|MEM_Real|MEM_IntReal))!=0 ){
002063          testcase( pIn1->flags & MEM_Int );
002064          testcase( pIn1->flags & MEM_Real );
002065          testcase( pIn1->flags & MEM_IntReal );
002066          sqlite3VdbeMemStringify(pIn1, encoding, 1);
002067          testcase( (flags1&MEM_Dyn) != (pIn1->flags&MEM_Dyn) );
002068          flags1 = (pIn1->flags & ~MEM_TypeMask) | (flags1 & MEM_TypeMask);
002069          if( pIn1==pIn3 ) flags3 = flags1 | MEM_Str;
002070        }
002071        if( (flags3 & MEM_Str)==0 && (flags3&(MEM_Int|MEM_Real|MEM_IntReal))!=0 ){
002072          testcase( pIn3->flags & MEM_Int );
002073          testcase( pIn3->flags & MEM_Real );
002074          testcase( pIn3->flags & MEM_IntReal );
002075          sqlite3VdbeMemStringify(pIn3, encoding, 1);
002076          testcase( (flags3&MEM_Dyn) != (pIn3->flags&MEM_Dyn) );
002077          flags3 = (pIn3->flags & ~MEM_TypeMask) | (flags3 & MEM_TypeMask);
002078        }
002079      }
002080      assert( pOp->p4type==P4_COLLSEQ || pOp->p4.pColl==0 );
002081      res = sqlite3MemCompare(pIn3, pIn1, pOp->p4.pColl);
002082    }
002083  compare_op:
002084    /* At this point, res is negative, zero, or positive if reg[P1] is
002085    ** less than, equal to, or greater than reg[P3], respectively.  Compute
002086    ** the answer to this operator in res2, depending on what the comparison
002087    ** operator actually is.  The next block of code depends on the fact
002088    ** that the 6 comparison operators are consecutive integers in this
002089    ** order:  NE, EQ, GT, LE, LT, GE */
002090    assert( OP_Eq==OP_Ne+1 ); assert( OP_Gt==OP_Ne+2 ); assert( OP_Le==OP_Ne+3 );
002091    assert( OP_Lt==OP_Ne+4 ); assert( OP_Ge==OP_Ne+5 );
002092    if( res<0 ){                        /* ne, eq, gt, le, lt, ge */
002093      static const unsigned char aLTb[] = { 1,  0,  0,  1,  1,  0 };
002094      res2 = aLTb[pOp->opcode - OP_Ne];
002095    }else if( res==0 ){
002096      static const unsigned char aEQb[] = { 0,  1,  0,  1,  0,  1 };
002097      res2 = aEQb[pOp->opcode - OP_Ne];
002098    }else{
002099      static const unsigned char aGTb[] = { 1,  0,  1,  0,  0,  1 };
002100      res2 = aGTb[pOp->opcode - OP_Ne];
002101    }
002102  
002103    /* Undo any changes made by applyAffinity() to the input registers. */
002104    assert( (pIn3->flags & MEM_Dyn) == (flags3 & MEM_Dyn) );
002105    pIn3->flags = flags3;
002106    assert( (pIn1->flags & MEM_Dyn) == (flags1 & MEM_Dyn) );
002107    pIn1->flags = flags1;
002108  
002109    if( pOp->p5 & SQLITE_STOREP2 ){
002110      pOut = &aMem[pOp->p2];
002111      iCompare = res;
002112      if( (pOp->p5 & SQLITE_KEEPNULL)!=0 ){
002113        /* The KEEPNULL flag prevents OP_Eq from overwriting a NULL with 1
002114        ** and prevents OP_Ne from overwriting NULL with 0.  This flag
002115        ** is only used in contexts where either:
002116        **   (1) op==OP_Eq && (r[P2]==NULL || r[P2]==0)
002117        **   (2) op==OP_Ne && (r[P2]==NULL || r[P2]==1)
002118        ** Therefore it is not necessary to check the content of r[P2] for
002119        ** NULL. */
002120        assert( pOp->opcode==OP_Ne || pOp->opcode==OP_Eq );
002121        assert( res2==0 || res2==1 );
002122        testcase( res2==0 && pOp->opcode==OP_Eq );
002123        testcase( res2==1 && pOp->opcode==OP_Eq );
002124        testcase( res2==0 && pOp->opcode==OP_Ne );
002125        testcase( res2==1 && pOp->opcode==OP_Ne );
002126        if( (pOp->opcode==OP_Eq)==res2 ) break;
002127      }
002128      memAboutToChange(p, pOut);
002129      MemSetTypeFlag(pOut, MEM_Int);
002130      pOut->u.i = res2;
002131      REGISTER_TRACE(pOp->p2, pOut);
002132    }else{
002133      VdbeBranchTaken(res2!=0, (pOp->p5 & SQLITE_NULLEQ)?2:3);
002134      if( res2 ){
002135        goto jump_to_p2;
002136      }
002137    }
002138    break;
002139  }
002140  
002141  /* Opcode: ElseNotEq * P2 * * *
002142  **
002143  ** This opcode must follow an OP_Lt or OP_Gt comparison operator.  There
002144  ** can be zero or more OP_ReleaseReg opcodes intervening, but no other
002145  ** opcodes are allowed to occur between this instruction and the previous
002146  ** OP_Lt or OP_Gt.  Furthermore, the prior OP_Lt or OP_Gt must have the
002147  ** SQLITE_STOREP2 bit set in the P5 field.
002148  **
002149  ** If result of an OP_Eq comparison on the same two operands as the
002150  ** prior OP_Lt or OP_Gt would have been NULL or false (0), then then
002151  ** jump to P2.  If the result of an OP_Eq comparison on the two previous
002152  ** operands would have been true (1), then fall through.
002153  */
002154  case OP_ElseNotEq: {       /* same as TK_ESCAPE, jump */
002155  
002156  #ifdef SQLITE_DEBUG
002157    /* Verify the preconditions of this opcode - that it follows an OP_Lt or
002158    ** OP_Gt with the SQLITE_STOREP2 flag set, with zero or more intervening
002159    ** OP_ReleaseReg opcodes */
002160    int iAddr;
002161    for(iAddr = (int)(pOp - aOp) - 1; ALWAYS(iAddr>=0); iAddr--){
002162      if( aOp[iAddr].opcode==OP_ReleaseReg ) continue;
002163      assert( aOp[iAddr].opcode==OP_Lt || aOp[iAddr].opcode==OP_Gt );
002164      assert( aOp[iAddr].p5 & SQLITE_STOREP2 );
002165      break;
002166    }
002167  #endif /* SQLITE_DEBUG */
002168    VdbeBranchTaken(iCompare!=0, 2);
002169    if( iCompare!=0 ) goto jump_to_p2;
002170    break;
002171  }
002172  
002173  
002174  /* Opcode: Permutation * * * P4 *
002175  **
002176  ** Set the permutation used by the OP_Compare operator in the next
002177  ** instruction.  The permutation is stored in the P4 operand.
002178  **
002179  ** The permutation is only valid until the next OP_Compare that has
002180  ** the OPFLAG_PERMUTE bit set in P5. Typically the OP_Permutation should 
002181  ** occur immediately prior to the OP_Compare.
002182  **
002183  ** The first integer in the P4 integer array is the length of the array
002184  ** and does not become part of the permutation.
002185  */
002186  case OP_Permutation: {
002187    assert( pOp->p4type==P4_INTARRAY );
002188    assert( pOp->p4.ai );
002189    assert( pOp[1].opcode==OP_Compare );
002190    assert( pOp[1].p5 & OPFLAG_PERMUTE );
002191    break;
002192  }
002193  
002194  /* Opcode: Compare P1 P2 P3 P4 P5
002195  ** Synopsis: r[P1@P3] <-> r[P2@P3]
002196  **
002197  ** Compare two vectors of registers in reg(P1)..reg(P1+P3-1) (call this
002198  ** vector "A") and in reg(P2)..reg(P2+P3-1) ("B").  Save the result of
002199  ** the comparison for use by the next OP_Jump instruct.
002200  **
002201  ** If P5 has the OPFLAG_PERMUTE bit set, then the order of comparison is
002202  ** determined by the most recent OP_Permutation operator.  If the
002203  ** OPFLAG_PERMUTE bit is clear, then register are compared in sequential
002204  ** order.
002205  **
002206  ** P4 is a KeyInfo structure that defines collating sequences and sort
002207  ** orders for the comparison.  The permutation applies to registers
002208  ** only.  The KeyInfo elements are used sequentially.
002209  **
002210  ** The comparison is a sort comparison, so NULLs compare equal,
002211  ** NULLs are less than numbers, numbers are less than strings,
002212  ** and strings are less than blobs.
002213  */
002214  case OP_Compare: {
002215    int n;
002216    int i;
002217    int p1;
002218    int p2;
002219    const KeyInfo *pKeyInfo;
002220    int idx;
002221    CollSeq *pColl;    /* Collating sequence to use on this term */
002222    int bRev;          /* True for DESCENDING sort order */
002223    int *aPermute;     /* The permutation */
002224  
002225    if( (pOp->p5 & OPFLAG_PERMUTE)==0 ){
002226      aPermute = 0;
002227    }else{
002228      assert( pOp>aOp );
002229      assert( pOp[-1].opcode==OP_Permutation );
002230      assert( pOp[-1].p4type==P4_INTARRAY );
002231      aPermute = pOp[-1].p4.ai + 1;
002232      assert( aPermute!=0 );
002233    }
002234    n = pOp->p3;
002235    pKeyInfo = pOp->p4.pKeyInfo;
002236    assert( n>0 );
002237    assert( pKeyInfo!=0 );
002238    p1 = pOp->p1;
002239    p2 = pOp->p2;
002240  #ifdef SQLITE_DEBUG
002241    if( aPermute ){
002242      int k, mx = 0;
002243      for(k=0; k<n; k++) if( aPermute[k]>mx ) mx = aPermute[k];
002244      assert( p1>0 && p1+mx<=(p->nMem+1 - p->nCursor)+1 );
002245      assert( p2>0 && p2+mx<=(p->nMem+1 - p->nCursor)+1 );
002246    }else{
002247      assert( p1>0 && p1+n<=(p->nMem+1 - p->nCursor)+1 );
002248      assert( p2>0 && p2+n<=(p->nMem+1 - p->nCursor)+1 );
002249    }
002250  #endif /* SQLITE_DEBUG */
002251    for(i=0; i<n; i++){
002252      idx = aPermute ? aPermute[i] : i;
002253      assert( memIsValid(&aMem[p1+idx]) );
002254      assert( memIsValid(&aMem[p2+idx]) );
002255      REGISTER_TRACE(p1+idx, &aMem[p1+idx]);
002256      REGISTER_TRACE(p2+idx, &aMem[p2+idx]);
002257      assert( i<pKeyInfo->nKeyField );
002258      pColl = pKeyInfo->aColl[i];
002259      bRev = (pKeyInfo->aSortFlags[i] & KEYINFO_ORDER_DESC);
002260      iCompare = sqlite3MemCompare(&aMem[p1+idx], &aMem[p2+idx], pColl);
002261      if( iCompare ){
002262        if( (pKeyInfo->aSortFlags[i] & KEYINFO_ORDER_BIGNULL) 
002263         && ((aMem[p1+idx].flags & MEM_Null) || (aMem[p2+idx].flags & MEM_Null))
002264        ){
002265          iCompare = -iCompare;
002266        }
002267        if( bRev ) iCompare = -iCompare;
002268        break;
002269      }
002270    }
002271    break;
002272  }
002273  
002274  /* Opcode: Jump P1 P2 P3 * *
002275  **
002276  ** Jump to the instruction at address P1, P2, or P3 depending on whether
002277  ** in the most recent OP_Compare instruction the P1 vector was less than
002278  ** equal to, or greater than the P2 vector, respectively.
002279  */
002280  case OP_Jump: {             /* jump */
002281    if( iCompare<0 ){
002282      VdbeBranchTaken(0,4); pOp = &aOp[pOp->p1 - 1];
002283    }else if( iCompare==0 ){
002284      VdbeBranchTaken(1,4); pOp = &aOp[pOp->p2 - 1];
002285    }else{
002286      VdbeBranchTaken(2,4); pOp = &aOp[pOp->p3 - 1];
002287    }
002288    break;
002289  }
002290  
002291  /* Opcode: And P1 P2 P3 * *
002292  ** Synopsis: r[P3]=(r[P1] && r[P2])
002293  **
002294  ** Take the logical AND of the values in registers P1 and P2 and
002295  ** write the result into register P3.
002296  **
002297  ** If either P1 or P2 is 0 (false) then the result is 0 even if
002298  ** the other input is NULL.  A NULL and true or two NULLs give
002299  ** a NULL output.
002300  */
002301  /* Opcode: Or P1 P2 P3 * *
002302  ** Synopsis: r[P3]=(r[P1] || r[P2])
002303  **
002304  ** Take the logical OR of the values in register P1 and P2 and
002305  ** store the answer in register P3.
002306  **
002307  ** If either P1 or P2 is nonzero (true) then the result is 1 (true)
002308  ** even if the other input is NULL.  A NULL and false or two NULLs
002309  ** give a NULL output.
002310  */
002311  case OP_And:              /* same as TK_AND, in1, in2, out3 */
002312  case OP_Or: {             /* same as TK_OR, in1, in2, out3 */
002313    int v1;    /* Left operand:  0==FALSE, 1==TRUE, 2==UNKNOWN or NULL */
002314    int v2;    /* Right operand: 0==FALSE, 1==TRUE, 2==UNKNOWN or NULL */
002315  
002316    v1 = sqlite3VdbeBooleanValue(&aMem[pOp->p1], 2);
002317    v2 = sqlite3VdbeBooleanValue(&aMem[pOp->p2], 2);
002318    if( pOp->opcode==OP_And ){
002319      static const unsigned char and_logic[] = { 0, 0, 0, 0, 1, 2, 0, 2, 2 };
002320      v1 = and_logic[v1*3+v2];
002321    }else{
002322      static const unsigned char or_logic[] = { 0, 1, 2, 1, 1, 1, 2, 1, 2 };
002323      v1 = or_logic[v1*3+v2];
002324    }
002325    pOut = &aMem[pOp->p3];
002326    if( v1==2 ){
002327      MemSetTypeFlag(pOut, MEM_Null);
002328    }else{
002329      pOut->u.i = v1;
002330      MemSetTypeFlag(pOut, MEM_Int);
002331    }
002332    break;
002333  }
002334  
002335  /* Opcode: IsTrue P1 P2 P3 P4 *
002336  ** Synopsis: r[P2] = coalesce(r[P1]==TRUE,P3) ^ P4
002337  **
002338  ** This opcode implements the IS TRUE, IS FALSE, IS NOT TRUE, and
002339  ** IS NOT FALSE operators.
002340  **
002341  ** Interpret the value in register P1 as a boolean value.  Store that
002342  ** boolean (a 0 or 1) in register P2.  Or if the value in register P1 is 
002343  ** NULL, then the P3 is stored in register P2.  Invert the answer if P4
002344  ** is 1.
002345  **
002346  ** The logic is summarized like this:
002347  **
002348  ** <ul> 
002349  ** <li> If P3==0 and P4==0  then  r[P2] := r[P1] IS TRUE
002350  ** <li> If P3==1 and P4==1  then  r[P2] := r[P1] IS FALSE
002351  ** <li> If P3==0 and P4==1  then  r[P2] := r[P1] IS NOT TRUE
002352  ** <li> If P3==1 and P4==0  then  r[P2] := r[P1] IS NOT FALSE
002353  ** </ul>
002354  */
002355  case OP_IsTrue: {               /* in1, out2 */
002356    assert( pOp->p4type==P4_INT32 );
002357    assert( pOp->p4.i==0 || pOp->p4.i==1 );
002358    assert( pOp->p3==0 || pOp->p3==1 );
002359    sqlite3VdbeMemSetInt64(&aMem[pOp->p2],
002360        sqlite3VdbeBooleanValue(&aMem[pOp->p1], pOp->p3) ^ pOp->p4.i);
002361    break;
002362  }
002363  
002364  /* Opcode: Not P1 P2 * * *
002365  ** Synopsis: r[P2]= !r[P1]
002366  **
002367  ** Interpret the value in register P1 as a boolean value.  Store the
002368  ** boolean complement in register P2.  If the value in register P1 is 
002369  ** NULL, then a NULL is stored in P2.
002370  */
002371  case OP_Not: {                /* same as TK_NOT, in1, out2 */
002372    pIn1 = &aMem[pOp->p1];
002373    pOut = &aMem[pOp->p2];
002374    if( (pIn1->flags & MEM_Null)==0 ){
002375      sqlite3VdbeMemSetInt64(pOut, !sqlite3VdbeBooleanValue(pIn1,0));
002376    }else{
002377      sqlite3VdbeMemSetNull(pOut);
002378    }
002379    break;
002380  }
002381  
002382  /* Opcode: BitNot P1 P2 * * *
002383  ** Synopsis: r[P2]= ~r[P1]
002384  **
002385  ** Interpret the content of register P1 as an integer.  Store the
002386  ** ones-complement of the P1 value into register P2.  If P1 holds
002387  ** a NULL then store a NULL in P2.
002388  */
002389  case OP_BitNot: {             /* same as TK_BITNOT, in1, out2 */
002390    pIn1 = &aMem[pOp->p1];
002391    pOut = &aMem[pOp->p2];
002392    sqlite3VdbeMemSetNull(pOut);
002393    if( (pIn1->flags & MEM_Null)==0 ){
002394      pOut->flags = MEM_Int;
002395      pOut->u.i = ~sqlite3VdbeIntValue(pIn1);
002396    }
002397    break;
002398  }
002399  
002400  /* Opcode: Once P1 P2 * * *
002401  **
002402  ** Fall through to the next instruction the first time this opcode is
002403  ** encountered on each invocation of the byte-code program.  Jump to P2
002404  ** on the second and all subsequent encounters during the same invocation.
002405  **
002406  ** Top-level programs determine first invocation by comparing the P1
002407  ** operand against the P1 operand on the OP_Init opcode at the beginning
002408  ** of the program.  If the P1 values differ, then fall through and make
002409  ** the P1 of this opcode equal to the P1 of OP_Init.  If P1 values are
002410  ** the same then take the jump.
002411  **
002412  ** For subprograms, there is a bitmask in the VdbeFrame that determines
002413  ** whether or not the jump should be taken.  The bitmask is necessary
002414  ** because the self-altering code trick does not work for recursive
002415  ** triggers.
002416  */
002417  case OP_Once: {             /* jump */
002418    u32 iAddr;                /* Address of this instruction */
002419    assert( p->aOp[0].opcode==OP_Init );
002420    if( p->pFrame ){
002421      iAddr = (int)(pOp - p->aOp);
002422      if( (p->pFrame->aOnce[iAddr/8] & (1<<(iAddr & 7)))!=0 ){
002423        VdbeBranchTaken(1, 2);
002424        goto jump_to_p2;
002425      }
002426      p->pFrame->aOnce[iAddr/8] |= 1<<(iAddr & 7);
002427    }else{
002428      if( p->aOp[0].p1==pOp->p1 ){
002429        VdbeBranchTaken(1, 2);
002430        goto jump_to_p2;
002431      }
002432    }
002433    VdbeBranchTaken(0, 2);
002434    pOp->p1 = p->aOp[0].p1;
002435    break;
002436  }
002437  
002438  /* Opcode: If P1 P2 P3 * *
002439  **
002440  ** Jump to P2 if the value in register P1 is true.  The value
002441  ** is considered true if it is numeric and non-zero.  If the value
002442  ** in P1 is NULL then take the jump if and only if P3 is non-zero.
002443  */
002444  case OP_If:  {               /* jump, in1 */
002445    int c;
002446    c = sqlite3VdbeBooleanValue(&aMem[pOp->p1], pOp->p3);
002447    VdbeBranchTaken(c!=0, 2);
002448    if( c ) goto jump_to_p2;
002449    break;
002450  }
002451  
002452  /* Opcode: IfNot P1 P2 P3 * *
002453  **
002454  ** Jump to P2 if the value in register P1 is False.  The value
002455  ** is considered false if it has a numeric value of zero.  If the value
002456  ** in P1 is NULL then take the jump if and only if P3 is non-zero.
002457  */
002458  case OP_IfNot: {            /* jump, in1 */
002459    int c;
002460    c = !sqlite3VdbeBooleanValue(&aMem[pOp->p1], !pOp->p3);
002461    VdbeBranchTaken(c!=0, 2);
002462    if( c ) goto jump_to_p2;
002463    break;
002464  }
002465  
002466  /* Opcode: IsNull P1 P2 * * *
002467  ** Synopsis: if r[P1]==NULL goto P2
002468  **
002469  ** Jump to P2 if the value in register P1 is NULL.
002470  */
002471  case OP_IsNull: {            /* same as TK_ISNULL, jump, in1 */
002472    pIn1 = &aMem[pOp->p1];
002473    VdbeBranchTaken( (pIn1->flags & MEM_Null)!=0, 2);
002474    if( (pIn1->flags & MEM_Null)!=0 ){
002475      goto jump_to_p2;
002476    }
002477    break;
002478  }
002479  
002480  /* Opcode: NotNull P1 P2 * * *
002481  ** Synopsis: if r[P1]!=NULL goto P2
002482  **
002483  ** Jump to P2 if the value in register P1 is not NULL.  
002484  */
002485  case OP_NotNull: {            /* same as TK_NOTNULL, jump, in1 */
002486    pIn1 = &aMem[pOp->p1];
002487    VdbeBranchTaken( (pIn1->flags & MEM_Null)==0, 2);
002488    if( (pIn1->flags & MEM_Null)==0 ){
002489      goto jump_to_p2;
002490    }
002491    break;
002492  }
002493  
002494  /* Opcode: IfNullRow P1 P2 P3 * *
002495  ** Synopsis: if P1.nullRow then r[P3]=NULL, goto P2
002496  **
002497  ** Check the cursor P1 to see if it is currently pointing at a NULL row.
002498  ** If it is, then set register P3 to NULL and jump immediately to P2.
002499  ** If P1 is not on a NULL row, then fall through without making any
002500  ** changes.
002501  */
002502  case OP_IfNullRow: {         /* jump */
002503    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
002504    assert( p->apCsr[pOp->p1]!=0 );
002505    if( p->apCsr[pOp->p1]->nullRow ){
002506      sqlite3VdbeMemSetNull(aMem + pOp->p3);
002507      goto jump_to_p2;
002508    }
002509    break;
002510  }
002511  
002512  #ifdef SQLITE_ENABLE_OFFSET_SQL_FUNC
002513  /* Opcode: Offset P1 P2 P3 * *
002514  ** Synopsis: r[P3] = sqlite_offset(P1)
002515  **
002516  ** Store in register r[P3] the byte offset into the database file that is the
002517  ** start of the payload for the record at which that cursor P1 is currently
002518  ** pointing.
002519  **
002520  ** P2 is the column number for the argument to the sqlite_offset() function.
002521  ** This opcode does not use P2 itself, but the P2 value is used by the
002522  ** code generator.  The P1, P2, and P3 operands to this opcode are the
002523  ** same as for OP_Column.
002524  **
002525  ** This opcode is only available if SQLite is compiled with the
002526  ** -DSQLITE_ENABLE_OFFSET_SQL_FUNC option.
002527  */
002528  case OP_Offset: {          /* out3 */
002529    VdbeCursor *pC;    /* The VDBE cursor */
002530    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
002531    pC = p->apCsr[pOp->p1];
002532    pOut = &p->aMem[pOp->p3];
002533    if( NEVER(pC==0) || pC->eCurType!=CURTYPE_BTREE ){
002534      sqlite3VdbeMemSetNull(pOut);
002535    }else{
002536      sqlite3VdbeMemSetInt64(pOut, sqlite3BtreeOffset(pC->uc.pCursor));
002537    }
002538    break;
002539  }
002540  #endif /* SQLITE_ENABLE_OFFSET_SQL_FUNC */
002541  
002542  /* Opcode: Column P1 P2 P3 P4 P5
002543  ** Synopsis: r[P3]=PX
002544  **
002545  ** Interpret the data that cursor P1 points to as a structure built using
002546  ** the MakeRecord instruction.  (See the MakeRecord opcode for additional
002547  ** information about the format of the data.)  Extract the P2-th column
002548  ** from this record.  If there are less that (P2+1) 
002549  ** values in the record, extract a NULL.
002550  **
002551  ** The value extracted is stored in register P3.
002552  **
002553  ** If the record contains fewer than P2 fields, then extract a NULL.  Or,
002554  ** if the P4 argument is a P4_MEM use the value of the P4 argument as
002555  ** the result.
002556  **
002557  ** If the OPFLAG_LENGTHARG and OPFLAG_TYPEOFARG bits are set on P5 then
002558  ** the result is guaranteed to only be used as the argument of a length()
002559  ** or typeof() function, respectively.  The loading of large blobs can be
002560  ** skipped for length() and all content loading can be skipped for typeof().
002561  */
002562  case OP_Column: {
002563    int p2;            /* column number to retrieve */
002564    VdbeCursor *pC;    /* The VDBE cursor */
002565    BtCursor *pCrsr;   /* The BTree cursor */
002566    u32 *aOffset;      /* aOffset[i] is offset to start of data for i-th column */
002567    int len;           /* The length of the serialized data for the column */
002568    int i;             /* Loop counter */
002569    Mem *pDest;        /* Where to write the extracted value */
002570    Mem sMem;          /* For storing the record being decoded */
002571    const u8 *zData;   /* Part of the record being decoded */
002572    const u8 *zHdr;    /* Next unparsed byte of the header */
002573    const u8 *zEndHdr; /* Pointer to first byte after the header */
002574    u64 offset64;      /* 64-bit offset */
002575    u32 t;             /* A type code from the record header */
002576    Mem *pReg;         /* PseudoTable input register */
002577  
002578    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
002579    pC = p->apCsr[pOp->p1];
002580    assert( pC!=0 );
002581    p2 = pOp->p2;
002582  
002583    /* If the cursor cache is stale (meaning it is not currently point at
002584    ** the correct row) then bring it up-to-date by doing the necessary 
002585    ** B-Tree seek. */
002586    rc = sqlite3VdbeCursorMoveto(&pC, &p2);
002587    if( rc ) goto abort_due_to_error;
002588  
002589    assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
002590    pDest = &aMem[pOp->p3];
002591    memAboutToChange(p, pDest);
002592    assert( pC!=0 );
002593    assert( p2<pC->nField );
002594    aOffset = pC->aOffset;
002595    assert( pC->eCurType!=CURTYPE_VTAB );
002596    assert( pC->eCurType!=CURTYPE_PSEUDO || pC->nullRow );
002597    assert( pC->eCurType!=CURTYPE_SORTER );
002598  
002599    if( pC->cacheStatus!=p->cacheCtr ){                /*OPTIMIZATION-IF-FALSE*/
002600      if( pC->nullRow ){
002601        if( pC->eCurType==CURTYPE_PSEUDO ){
002602          /* For the special case of as pseudo-cursor, the seekResult field
002603          ** identifies the register that holds the record */
002604          assert( pC->seekResult>0 );
002605          pReg = &aMem[pC->seekResult];
002606          assert( pReg->flags & MEM_Blob );
002607          assert( memIsValid(pReg) );
002608          pC->payloadSize = pC->szRow = pReg->n;
002609          pC->aRow = (u8*)pReg->z;
002610        }else{
002611          sqlite3VdbeMemSetNull(pDest);
002612          goto op_column_out;
002613        }
002614      }else{
002615        pCrsr = pC->uc.pCursor;
002616        assert( pC->eCurType==CURTYPE_BTREE );
002617        assert( pCrsr );
002618        assert( sqlite3BtreeCursorIsValid(pCrsr) );
002619        pC->payloadSize = sqlite3BtreePayloadSize(pCrsr);
002620        pC->aRow = sqlite3BtreePayloadFetch(pCrsr, &pC->szRow);
002621        assert( pC->szRow<=pC->payloadSize );
002622        assert( pC->szRow<=65536 );  /* Maximum page size is 64KiB */
002623        if( pC->payloadSize > (u32)db->aLimit[SQLITE_LIMIT_LENGTH] ){
002624          goto too_big;
002625        }
002626      }
002627      pC->cacheStatus = p->cacheCtr;
002628      pC->iHdrOffset = getVarint32(pC->aRow, aOffset[0]);
002629      pC->nHdrParsed = 0;
002630  
002631  
002632      if( pC->szRow<aOffset[0] ){      /*OPTIMIZATION-IF-FALSE*/
002633        /* pC->aRow does not have to hold the entire row, but it does at least
002634        ** need to cover the header of the record.  If pC->aRow does not contain
002635        ** the complete header, then set it to zero, forcing the header to be
002636        ** dynamically allocated. */
002637        pC->aRow = 0;
002638        pC->szRow = 0;
002639  
002640        /* Make sure a corrupt database has not given us an oversize header.
002641        ** Do this now to avoid an oversize memory allocation.
002642        **
002643        ** Type entries can be between 1 and 5 bytes each.  But 4 and 5 byte
002644        ** types use so much data space that there can only be 4096 and 32 of
002645        ** them, respectively.  So the maximum header length results from a
002646        ** 3-byte type for each of the maximum of 32768 columns plus three
002647        ** extra bytes for the header length itself.  32768*3 + 3 = 98307.
002648        */
002649        if( aOffset[0] > 98307 || aOffset[0] > pC->payloadSize ){
002650          goto op_column_corrupt;
002651        }
002652      }else{
002653        /* This is an optimization.  By skipping over the first few tests
002654        ** (ex: pC->nHdrParsed<=p2) in the next section, we achieve a
002655        ** measurable performance gain.
002656        **
002657        ** This branch is taken even if aOffset[0]==0.  Such a record is never
002658        ** generated by SQLite, and could be considered corruption, but we
002659        ** accept it for historical reasons.  When aOffset[0]==0, the code this
002660        ** branch jumps to reads past the end of the record, but never more
002661        ** than a few bytes.  Even if the record occurs at the end of the page
002662        ** content area, the "page header" comes after the page content and so
002663        ** this overread is harmless.  Similar overreads can occur for a corrupt
002664        ** database file.
002665        */
002666        zData = pC->aRow;
002667        assert( pC->nHdrParsed<=p2 );         /* Conditional skipped */
002668        testcase( aOffset[0]==0 );
002669        goto op_column_read_header;
002670      }
002671    }
002672  
002673    /* Make sure at least the first p2+1 entries of the header have been
002674    ** parsed and valid information is in aOffset[] and pC->aType[].
002675    */
002676    if( pC->nHdrParsed<=p2 ){
002677      /* If there is more header available for parsing in the record, try
002678      ** to extract additional fields up through the p2+1-th field 
002679      */
002680      if( pC->iHdrOffset<aOffset[0] ){
002681        /* Make sure zData points to enough of the record to cover the header. */
002682        if( pC->aRow==0 ){
002683          memset(&sMem, 0, sizeof(sMem));
002684          rc = sqlite3VdbeMemFromBtree(pC->uc.pCursor, 0, aOffset[0], &sMem);
002685          if( rc!=SQLITE_OK ) goto abort_due_to_error;
002686          zData = (u8*)sMem.z;
002687        }else{
002688          zData = pC->aRow;
002689        }
002690    
002691        /* Fill in pC->aType[i] and aOffset[i] values through the p2-th field. */
002692      op_column_read_header:
002693        i = pC->nHdrParsed;
002694        offset64 = aOffset[i];
002695        zHdr = zData + pC->iHdrOffset;
002696        zEndHdr = zData + aOffset[0];
002697        testcase( zHdr>=zEndHdr );
002698        do{
002699          if( (pC->aType[i] = t = zHdr[0])<0x80 ){
002700            zHdr++;
002701            offset64 += sqlite3VdbeOneByteSerialTypeLen(t);
002702          }else{
002703            zHdr += sqlite3GetVarint32(zHdr, &t);
002704            pC->aType[i] = t;
002705            offset64 += sqlite3VdbeSerialTypeLen(t);
002706          }
002707          aOffset[++i] = (u32)(offset64 & 0xffffffff);
002708        }while( i<=p2 && zHdr<zEndHdr );
002709  
002710        /* The record is corrupt if any of the following are true:
002711        ** (1) the bytes of the header extend past the declared header size
002712        ** (2) the entire header was used but not all data was used
002713        ** (3) the end of the data extends beyond the end of the record.
002714        */
002715        if( (zHdr>=zEndHdr && (zHdr>zEndHdr || offset64!=pC->payloadSize))
002716         || (offset64 > pC->payloadSize)
002717        ){
002718          if( aOffset[0]==0 ){
002719            i = 0;
002720            zHdr = zEndHdr;
002721          }else{
002722            if( pC->aRow==0 ) sqlite3VdbeMemRelease(&sMem);
002723            goto op_column_corrupt;
002724          }
002725        }
002726  
002727        pC->nHdrParsed = i;
002728        pC->iHdrOffset = (u32)(zHdr - zData);
002729        if( pC->aRow==0 ) sqlite3VdbeMemRelease(&sMem);
002730      }else{
002731        t = 0;
002732      }
002733  
002734      /* If after trying to extract new entries from the header, nHdrParsed is
002735      ** still not up to p2, that means that the record has fewer than p2
002736      ** columns.  So the result will be either the default value or a NULL.
002737      */
002738      if( pC->nHdrParsed<=p2 ){
002739        if( pOp->p4type==P4_MEM ){
002740          sqlite3VdbeMemShallowCopy(pDest, pOp->p4.pMem, MEM_Static);
002741        }else{
002742          sqlite3VdbeMemSetNull(pDest);
002743        }
002744        goto op_column_out;
002745      }
002746    }else{
002747      t = pC->aType[p2];
002748    }
002749  
002750    /* Extract the content for the p2+1-th column.  Control can only
002751    ** reach this point if aOffset[p2], aOffset[p2+1], and pC->aType[p2] are
002752    ** all valid.
002753    */
002754    assert( p2<pC->nHdrParsed );
002755    assert( rc==SQLITE_OK );
002756    assert( sqlite3VdbeCheckMemInvariants(pDest) );
002757    if( VdbeMemDynamic(pDest) ){
002758      sqlite3VdbeMemSetNull(pDest);
002759    }
002760    assert( t==pC->aType[p2] );
002761    if( pC->szRow>=aOffset[p2+1] ){
002762      /* This is the common case where the desired content fits on the original
002763      ** page - where the content is not on an overflow page */
002764      zData = pC->aRow + aOffset[p2];
002765      if( t<12 ){
002766        sqlite3VdbeSerialGet(zData, t, pDest);
002767      }else{
002768        /* If the column value is a string, we need a persistent value, not
002769        ** a MEM_Ephem value.  This branch is a fast short-cut that is equivalent
002770        ** to calling sqlite3VdbeSerialGet() and sqlite3VdbeDeephemeralize().
002771        */
002772        static const u16 aFlag[] = { MEM_Blob, MEM_Str|MEM_Term };
002773        pDest->n = len = (t-12)/2;
002774        pDest->enc = encoding;
002775        if( pDest->szMalloc < len+2 ){
002776          pDest->flags = MEM_Null;
002777          if( sqlite3VdbeMemGrow(pDest, len+2, 0) ) goto no_mem;
002778        }else{
002779          pDest->z = pDest->zMalloc;
002780        }
002781        memcpy(pDest->z, zData, len);
002782        pDest->z[len] = 0;
002783        pDest->z[len+1] = 0;
002784        pDest->flags = aFlag[t&1];
002785      }
002786    }else{
002787      pDest->enc = encoding;
002788      /* This branch happens only when content is on overflow pages */
002789      if( ((pOp->p5 & (OPFLAG_LENGTHARG|OPFLAG_TYPEOFARG))!=0
002790            && ((t>=12 && (t&1)==0) || (pOp->p5 & OPFLAG_TYPEOFARG)!=0))
002791       || (len = sqlite3VdbeSerialTypeLen(t))==0
002792      ){
002793        /* Content is irrelevant for
002794        **    1. the typeof() function,
002795        **    2. the length(X) function if X is a blob, and
002796        **    3. if the content length is zero.
002797        ** So we might as well use bogus content rather than reading
002798        ** content from disk. 
002799        **
002800        ** Although sqlite3VdbeSerialGet() may read at most 8 bytes from the
002801        ** buffer passed to it, debugging function VdbeMemPrettyPrint() may
002802        ** read up to 16. So 16 bytes of bogus content is supplied.
002803        */
002804        static u8 aZero[16];  /* This is the bogus content */
002805        sqlite3VdbeSerialGet(aZero, t, pDest);
002806      }else{
002807        rc = sqlite3VdbeMemFromBtree(pC->uc.pCursor, aOffset[p2], len, pDest);
002808        if( rc!=SQLITE_OK ) goto abort_due_to_error;
002809        sqlite3VdbeSerialGet((const u8*)pDest->z, t, pDest);
002810        pDest->flags &= ~MEM_Ephem;
002811      }
002812    }
002813  
002814  op_column_out:
002815    UPDATE_MAX_BLOBSIZE(pDest);
002816    REGISTER_TRACE(pOp->p3, pDest);
002817    break;
002818  
002819  op_column_corrupt:
002820    if( aOp[0].p3>0 ){
002821      pOp = &aOp[aOp[0].p3-1];
002822      break;
002823    }else{
002824      rc = SQLITE_CORRUPT_BKPT;
002825      goto abort_due_to_error;
002826    }
002827  }
002828  
002829  /* Opcode: Affinity P1 P2 * P4 *
002830  ** Synopsis: affinity(r[P1@P2])
002831  **
002832  ** Apply affinities to a range of P2 registers starting with P1.
002833  **
002834  ** P4 is a string that is P2 characters long. The N-th character of the
002835  ** string indicates the column affinity that should be used for the N-th
002836  ** memory cell in the range.
002837  */
002838  case OP_Affinity: {
002839    const char *zAffinity;   /* The affinity to be applied */
002840  
002841    zAffinity = pOp->p4.z;
002842    assert( zAffinity!=0 );
002843    assert( pOp->p2>0 );
002844    assert( zAffinity[pOp->p2]==0 );
002845    pIn1 = &aMem[pOp->p1];
002846    while( 1 /*exit-by-break*/ ){
002847      assert( pIn1 <= &p->aMem[(p->nMem+1 - p->nCursor)] );
002848      assert( zAffinity[0]==SQLITE_AFF_NONE || memIsValid(pIn1) );
002849      applyAffinity(pIn1, zAffinity[0], encoding);
002850      if( zAffinity[0]==SQLITE_AFF_REAL && (pIn1->flags & MEM_Int)!=0 ){
002851        /* When applying REAL affinity, if the result is still an MEM_Int
002852        ** that will fit in 6 bytes, then change the type to MEM_IntReal
002853        ** so that we keep the high-resolution integer value but know that
002854        ** the type really wants to be REAL. */
002855        testcase( pIn1->u.i==140737488355328LL );
002856        testcase( pIn1->u.i==140737488355327LL );
002857        testcase( pIn1->u.i==-140737488355328LL );
002858        testcase( pIn1->u.i==-140737488355329LL );
002859        if( pIn1->u.i<=140737488355327LL && pIn1->u.i>=-140737488355328LL ){
002860          pIn1->flags |= MEM_IntReal;
002861          pIn1->flags &= ~MEM_Int;
002862        }else{
002863          pIn1->u.r = (double)pIn1->u.i;
002864          pIn1->flags |= MEM_Real;
002865          pIn1->flags &= ~MEM_Int;
002866        }
002867      }
002868      REGISTER_TRACE((int)(pIn1-aMem), pIn1);
002869      zAffinity++;
002870      if( zAffinity[0]==0 ) break;
002871      pIn1++;
002872    }
002873    break;
002874  }
002875  
002876  /* Opcode: MakeRecord P1 P2 P3 P4 *
002877  ** Synopsis: r[P3]=mkrec(r[P1@P2])
002878  **
002879  ** Convert P2 registers beginning with P1 into the [record format]
002880  ** use as a data record in a database table or as a key
002881  ** in an index.  The OP_Column opcode can decode the record later.
002882  **
002883  ** P4 may be a string that is P2 characters long.  The N-th character of the
002884  ** string indicates the column affinity that should be used for the N-th
002885  ** field of the index key.
002886  **
002887  ** The mapping from character to affinity is given by the SQLITE_AFF_
002888  ** macros defined in sqliteInt.h.
002889  **
002890  ** If P4 is NULL then all index fields have the affinity BLOB.
002891  */
002892  case OP_MakeRecord: {
002893    Mem *pRec;             /* The new record */
002894    u64 nData;             /* Number of bytes of data space */
002895    int nHdr;              /* Number of bytes of header space */
002896    i64 nByte;             /* Data space required for this record */
002897    i64 nZero;             /* Number of zero bytes at the end of the record */
002898    int nVarint;           /* Number of bytes in a varint */
002899    u32 serial_type;       /* Type field */
002900    Mem *pData0;           /* First field to be combined into the record */
002901    Mem *pLast;            /* Last field of the record */
002902    int nField;            /* Number of fields in the record */
002903    char *zAffinity;       /* The affinity string for the record */
002904    int file_format;       /* File format to use for encoding */
002905    u32 len;               /* Length of a field */
002906    u8 *zHdr;              /* Where to write next byte of the header */
002907    u8 *zPayload;          /* Where to write next byte of the payload */
002908  
002909    /* Assuming the record contains N fields, the record format looks
002910    ** like this:
002911    **
002912    ** ------------------------------------------------------------------------
002913    ** | hdr-size | type 0 | type 1 | ... | type N-1 | data0 | ... | data N-1 | 
002914    ** ------------------------------------------------------------------------
002915    **
002916    ** Data(0) is taken from register P1.  Data(1) comes from register P1+1
002917    ** and so forth.
002918    **
002919    ** Each type field is a varint representing the serial type of the 
002920    ** corresponding data element (see sqlite3VdbeSerialType()). The
002921    ** hdr-size field is also a varint which is the offset from the beginning
002922    ** of the record to data0.
002923    */
002924    nData = 0;         /* Number of bytes of data space */
002925    nHdr = 0;          /* Number of bytes of header space */
002926    nZero = 0;         /* Number of zero bytes at the end of the record */
002927    nField = pOp->p1;
002928    zAffinity = pOp->p4.z;
002929    assert( nField>0 && pOp->p2>0 && pOp->p2+nField<=(p->nMem+1 - p->nCursor)+1 );
002930    pData0 = &aMem[nField];
002931    nField = pOp->p2;
002932    pLast = &pData0[nField-1];
002933    file_format = p->minWriteFileFormat;
002934  
002935    /* Identify the output register */
002936    assert( pOp->p3<pOp->p1 || pOp->p3>=pOp->p1+pOp->p2 );
002937    pOut = &aMem[pOp->p3];
002938    memAboutToChange(p, pOut);
002939  
002940    /* Apply the requested affinity to all inputs
002941    */
002942    assert( pData0<=pLast );
002943    if( zAffinity ){
002944      pRec = pData0;
002945      do{
002946        applyAffinity(pRec, zAffinity[0], encoding);
002947        if( zAffinity[0]==SQLITE_AFF_REAL && (pRec->flags & MEM_Int) ){
002948          pRec->flags |= MEM_IntReal;
002949          pRec->flags &= ~(MEM_Int);
002950        }
002951        REGISTER_TRACE((int)(pRec-aMem), pRec);
002952        zAffinity++;
002953        pRec++;
002954        assert( zAffinity[0]==0 || pRec<=pLast );
002955      }while( zAffinity[0] );
002956    }
002957  
002958  #ifdef SQLITE_ENABLE_NULL_TRIM
002959    /* NULLs can be safely trimmed from the end of the record, as long as
002960    ** as the schema format is 2 or more and none of the omitted columns
002961    ** have a non-NULL default value.  Also, the record must be left with
002962    ** at least one field.  If P5>0 then it will be one more than the
002963    ** index of the right-most column with a non-NULL default value */
002964    if( pOp->p5 ){
002965      while( (pLast->flags & MEM_Null)!=0 && nField>pOp->p5 ){
002966        pLast--;
002967        nField--;
002968      }
002969    }
002970  #endif
002971  
002972    /* Loop through the elements that will make up the record to figure
002973    ** out how much space is required for the new record.  After this loop,
002974    ** the Mem.uTemp field of each term should hold the serial-type that will
002975    ** be used for that term in the generated record:
002976    **
002977    **   Mem.uTemp value    type
002978    **   ---------------    ---------------
002979    **      0               NULL
002980    **      1               1-byte signed integer
002981    **      2               2-byte signed integer
002982    **      3               3-byte signed integer
002983    **      4               4-byte signed integer
002984    **      5               6-byte signed integer
002985    **      6               8-byte signed integer
002986    **      7               IEEE float
002987    **      8               Integer constant 0
002988    **      9               Integer constant 1
002989    **     10,11            reserved for expansion
002990    **    N>=12 and even    BLOB
002991    **    N>=13 and odd     text
002992    **
002993    ** The following additional values are computed:
002994    **     nHdr        Number of bytes needed for the record header
002995    **     nData       Number of bytes of data space needed for the record
002996    **     nZero       Zero bytes at the end of the record
002997    */
002998    pRec = pLast;
002999    do{
003000      assert( memIsValid(pRec) );
003001      if( pRec->flags & MEM_Null ){
003002        if( pRec->flags & MEM_Zero ){
003003          /* Values with MEM_Null and MEM_Zero are created by xColumn virtual
003004          ** table methods that never invoke sqlite3_result_xxxxx() while
003005          ** computing an unchanging column value in an UPDATE statement.
003006          ** Give such values a special internal-use-only serial-type of 10
003007          ** so that they can be passed through to xUpdate and have
003008          ** a true sqlite3_value_nochange(). */
003009          assert( pOp->p5==OPFLAG_NOCHNG_MAGIC || CORRUPT_DB );
003010          pRec->uTemp = 10;
003011        }else{
003012          pRec->uTemp = 0;
003013        }
003014        nHdr++;
003015      }else if( pRec->flags & (MEM_Int|MEM_IntReal) ){
003016        /* Figure out whether to use 1, 2, 4, 6 or 8 bytes. */
003017        i64 i = pRec->u.i;
003018        u64 uu;
003019        testcase( pRec->flags & MEM_Int );
003020        testcase( pRec->flags & MEM_IntReal );
003021        if( i<0 ){
003022          uu = ~i;
003023        }else{
003024          uu = i;
003025        }
003026        nHdr++;
003027        testcase( uu==127 );               testcase( uu==128 );
003028        testcase( uu==32767 );             testcase( uu==32768 );
003029        testcase( uu==8388607 );           testcase( uu==8388608 );
003030        testcase( uu==2147483647 );        testcase( uu==2147483648 );
003031        testcase( uu==140737488355327LL ); testcase( uu==140737488355328LL );
003032        if( uu<=127 ){
003033          if( (i&1)==i && file_format>=4 ){
003034            pRec->uTemp = 8+(u32)uu;
003035          }else{
003036            nData++;
003037            pRec->uTemp = 1;
003038          }
003039        }else if( uu<=32767 ){
003040          nData += 2;
003041          pRec->uTemp = 2;
003042        }else if( uu<=8388607 ){
003043          nData += 3;
003044          pRec->uTemp = 3;
003045        }else if( uu<=2147483647 ){
003046          nData += 4;
003047          pRec->uTemp = 4;
003048        }else if( uu<=140737488355327LL ){
003049          nData += 6;
003050          pRec->uTemp = 5;
003051        }else{
003052          nData += 8;
003053          if( pRec->flags & MEM_IntReal ){
003054            /* If the value is IntReal and is going to take up 8 bytes to store
003055            ** as an integer, then we might as well make it an 8-byte floating
003056            ** point value */
003057            pRec->u.r = (double)pRec->u.i;
003058            pRec->flags &= ~MEM_IntReal;
003059            pRec->flags |= MEM_Real;
003060            pRec->uTemp = 7;
003061          }else{
003062            pRec->uTemp = 6;
003063          }
003064        }
003065      }else if( pRec->flags & MEM_Real ){
003066        nHdr++;
003067        nData += 8;
003068        pRec->uTemp = 7;
003069      }else{
003070        assert( db->mallocFailed || pRec->flags&(MEM_Str|MEM_Blob) );
003071        assert( pRec->n>=0 );
003072        len = (u32)pRec->n;
003073        serial_type = (len*2) + 12 + ((pRec->flags & MEM_Str)!=0);
003074        if( pRec->flags & MEM_Zero ){
003075          serial_type += pRec->u.nZero*2;
003076          if( nData ){
003077            if( sqlite3VdbeMemExpandBlob(pRec) ) goto no_mem;
003078            len += pRec->u.nZero;
003079          }else{
003080            nZero += pRec->u.nZero;
003081          }
003082        }
003083        nData += len;
003084        nHdr += sqlite3VarintLen(serial_type);
003085        pRec->uTemp = serial_type;
003086      }
003087      if( pRec==pData0 ) break;
003088      pRec--;
003089    }while(1);
003090  
003091    /* EVIDENCE-OF: R-22564-11647 The header begins with a single varint
003092    ** which determines the total number of bytes in the header. The varint
003093    ** value is the size of the header in bytes including the size varint
003094    ** itself. */
003095    testcase( nHdr==126 );
003096    testcase( nHdr==127 );
003097    if( nHdr<=126 ){
003098      /* The common case */
003099      nHdr += 1;
003100    }else{
003101      /* Rare case of a really large header */
003102      nVarint = sqlite3VarintLen(nHdr);
003103      nHdr += nVarint;
003104      if( nVarint<sqlite3VarintLen(nHdr) ) nHdr++;
003105    }
003106    nByte = nHdr+nData;
003107  
003108    /* Make sure the output register has a buffer large enough to store 
003109    ** the new record. The output register (pOp->p3) is not allowed to
003110    ** be one of the input registers (because the following call to
003111    ** sqlite3VdbeMemClearAndResize() could clobber the value before it is used).
003112    */
003113    if( nByte+nZero<=pOut->szMalloc ){
003114      /* The output register is already large enough to hold the record.
003115      ** No error checks or buffer enlargement is required */
003116      pOut->z = pOut->zMalloc;
003117    }else{
003118      /* Need to make sure that the output is not too big and then enlarge
003119      ** the output register to hold the full result */
003120      if( nByte+nZero>db->aLimit[SQLITE_LIMIT_LENGTH] ){
003121        goto too_big;
003122      }
003123      if( sqlite3VdbeMemClearAndResize(pOut, (int)nByte) ){
003124        goto no_mem;
003125      }
003126    }
003127    pOut->n = (int)nByte;
003128    pOut->flags = MEM_Blob;
003129    if( nZero ){
003130      pOut->u.nZero = nZero;
003131      pOut->flags |= MEM_Zero;
003132    }
003133    UPDATE_MAX_BLOBSIZE(pOut);
003134    zHdr = (u8 *)pOut->z;
003135    zPayload = zHdr + nHdr;
003136  
003137    /* Write the record */
003138    zHdr += putVarint32(zHdr, nHdr);
003139    assert( pData0<=pLast );
003140    pRec = pData0;
003141    do{
003142      serial_type = pRec->uTemp;
003143      /* EVIDENCE-OF: R-06529-47362 Following the size varint are one or more
003144      ** additional varints, one per column. */
003145      zHdr += putVarint32(zHdr, serial_type);            /* serial type */
003146      /* EVIDENCE-OF: R-64536-51728 The values for each column in the record
003147      ** immediately follow the header. */
003148      zPayload += sqlite3VdbeSerialPut(zPayload, pRec, serial_type); /* content */
003149    }while( (++pRec)<=pLast );
003150    assert( nHdr==(int)(zHdr - (u8*)pOut->z) );
003151    assert( nByte==(int)(zPayload - (u8*)pOut->z) );
003152  
003153    assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
003154    REGISTER_TRACE(pOp->p3, pOut);
003155    break;
003156  }
003157  
003158  /* Opcode: Count P1 P2 * * *
003159  ** Synopsis: r[P2]=count()
003160  **
003161  ** Store the number of entries (an integer value) in the table or index 
003162  ** opened by cursor P1 in register P2
003163  */
003164  #ifndef SQLITE_OMIT_BTREECOUNT
003165  case OP_Count: {         /* out2 */
003166    i64 nEntry;
003167    BtCursor *pCrsr;
003168  
003169    assert( p->apCsr[pOp->p1]->eCurType==CURTYPE_BTREE );
003170    pCrsr = p->apCsr[pOp->p1]->uc.pCursor;
003171    assert( pCrsr );
003172    nEntry = 0;  /* Not needed.  Only used to silence a warning. */
003173    rc = sqlite3BtreeCount(db, pCrsr, &nEntry);
003174    if( rc ) goto abort_due_to_error;
003175    pOut = out2Prerelease(p, pOp);
003176    pOut->u.i = nEntry;
003177    goto check_for_interrupt;
003178  }
003179  #endif
003180  
003181  /* Opcode: Savepoint P1 * * P4 *
003182  **
003183  ** Open, release or rollback the savepoint named by parameter P4, depending
003184  ** on the value of P1. To open a new savepoint set P1==0 (SAVEPOINT_BEGIN).
003185  ** To release (commit) an existing savepoint set P1==1 (SAVEPOINT_RELEASE).
003186  ** To rollback an existing savepoint set P1==2 (SAVEPOINT_ROLLBACK).
003187  */
003188  case OP_Savepoint: {
003189    int p1;                         /* Value of P1 operand */
003190    char *zName;                    /* Name of savepoint */
003191    int nName;
003192    Savepoint *pNew;
003193    Savepoint *pSavepoint;
003194    Savepoint *pTmp;
003195    int iSavepoint;
003196    int ii;
003197  
003198    p1 = pOp->p1;
003199    zName = pOp->p4.z;
003200  
003201    /* Assert that the p1 parameter is valid. Also that if there is no open
003202    ** transaction, then there cannot be any savepoints. 
003203    */
003204    assert( db->pSavepoint==0 || db->autoCommit==0 );
003205    assert( p1==SAVEPOINT_BEGIN||p1==SAVEPOINT_RELEASE||p1==SAVEPOINT_ROLLBACK );
003206    assert( db->pSavepoint || db->isTransactionSavepoint==0 );
003207    assert( checkSavepointCount(db) );
003208    assert( p->bIsReader );
003209  
003210    if( p1==SAVEPOINT_BEGIN ){
003211      if( db->nVdbeWrite>0 ){
003212        /* A new savepoint cannot be created if there are active write 
003213        ** statements (i.e. open read/write incremental blob handles).
003214        */
003215        sqlite3VdbeError(p, "cannot open savepoint - SQL statements in progress");
003216        rc = SQLITE_BUSY;
003217      }else{
003218        nName = sqlite3Strlen30(zName);
003219  
003220  #ifndef SQLITE_OMIT_VIRTUALTABLE
003221        /* This call is Ok even if this savepoint is actually a transaction
003222        ** savepoint (and therefore should not prompt xSavepoint()) callbacks.
003223        ** If this is a transaction savepoint being opened, it is guaranteed
003224        ** that the db->aVTrans[] array is empty.  */
003225        assert( db->autoCommit==0 || db->nVTrans==0 );
003226        rc = sqlite3VtabSavepoint(db, SAVEPOINT_BEGIN,
003227                                  db->nStatement+db->nSavepoint);
003228        if( rc!=SQLITE_OK ) goto abort_due_to_error;
003229  #endif
003230  
003231        /* Create a new savepoint structure. */
003232        pNew = sqlite3DbMallocRawNN(db, sizeof(Savepoint)+nName+1);
003233        if( pNew ){
003234          pNew->zName = (char *)&pNew[1];
003235          memcpy(pNew->zName, zName, nName+1);
003236      
003237          /* If there is no open transaction, then mark this as a special
003238          ** "transaction savepoint". */
003239          if( db->autoCommit ){
003240            db->autoCommit = 0;
003241            db->isTransactionSavepoint = 1;
003242          }else{
003243            db->nSavepoint++;
003244          }
003245  
003246          /* Link the new savepoint into the database handle's list. */
003247          pNew->pNext = db->pSavepoint;
003248          db->pSavepoint = pNew;
003249          pNew->nDeferredCons = db->nDeferredCons;
003250          pNew->nDeferredImmCons = db->nDeferredImmCons;
003251        }
003252      }
003253    }else{
003254      assert( p1==SAVEPOINT_RELEASE || p1==SAVEPOINT_ROLLBACK );
003255      iSavepoint = 0;
003256  
003257      /* Find the named savepoint. If there is no such savepoint, then an
003258      ** an error is returned to the user.  */
003259      for(
003260        pSavepoint = db->pSavepoint; 
003261        pSavepoint && sqlite3StrICmp(pSavepoint->zName, zName);
003262        pSavepoint = pSavepoint->pNext
003263      ){
003264        iSavepoint++;
003265      }
003266      if( !pSavepoint ){
003267        sqlite3VdbeError(p, "no such savepoint: %s", zName);
003268        rc = SQLITE_ERROR;
003269      }else if( db->nVdbeWrite>0 && p1==SAVEPOINT_RELEASE ){
003270        /* It is not possible to release (commit) a savepoint if there are 
003271        ** active write statements.
003272        */
003273        sqlite3VdbeError(p, "cannot release savepoint - "
003274                            "SQL statements in progress");
003275        rc = SQLITE_BUSY;
003276      }else{
003277  
003278        /* Determine whether or not this is a transaction savepoint. If so,
003279        ** and this is a RELEASE command, then the current transaction 
003280        ** is committed. 
003281        */
003282        int isTransaction = pSavepoint->pNext==0 && db->isTransactionSavepoint;
003283        if( isTransaction && p1==SAVEPOINT_RELEASE ){
003284          if( (rc = sqlite3VdbeCheckFk(p, 1))!=SQLITE_OK ){
003285            goto vdbe_return;
003286          }
003287          db->autoCommit = 1;
003288          if( sqlite3VdbeHalt(p)==SQLITE_BUSY ){
003289            p->pc = (int)(pOp - aOp);
003290            db->autoCommit = 0;
003291            p->rc = rc = SQLITE_BUSY;
003292            goto vdbe_return;
003293          }
003294          rc = p->rc;
003295          if( rc ){
003296            db->autoCommit = 0;
003297          }else{
003298            db->isTransactionSavepoint = 0;
003299          }
003300        }else{
003301          int isSchemaChange;
003302          iSavepoint = db->nSavepoint - iSavepoint - 1;
003303          if( p1==SAVEPOINT_ROLLBACK ){
003304            isSchemaChange = (db->mDbFlags & DBFLAG_SchemaChange)!=0;
003305            for(ii=0; ii<db->nDb; ii++){
003306              rc = sqlite3BtreeTripAllCursors(db->aDb[ii].pBt,
003307                                         SQLITE_ABORT_ROLLBACK,
003308                                         isSchemaChange==0);
003309              if( rc!=SQLITE_OK ) goto abort_due_to_error;
003310            }
003311          }else{
003312            assert( p1==SAVEPOINT_RELEASE );
003313            isSchemaChange = 0;
003314          }
003315          for(ii=0; ii<db->nDb; ii++){
003316            rc = sqlite3BtreeSavepoint(db->aDb[ii].pBt, p1, iSavepoint);
003317            if( rc!=SQLITE_OK ){
003318              goto abort_due_to_error;
003319            }
003320          }
003321          if( isSchemaChange ){
003322            sqlite3ExpirePreparedStatements(db, 0);
003323            sqlite3ResetAllSchemasOfConnection(db);
003324            db->mDbFlags |= DBFLAG_SchemaChange;
003325          }
003326        }
003327        if( rc ) goto abort_due_to_error;
003328    
003329        /* Regardless of whether this is a RELEASE or ROLLBACK, destroy all 
003330        ** savepoints nested inside of the savepoint being operated on. */
003331        while( db->pSavepoint!=pSavepoint ){
003332          pTmp = db->pSavepoint;
003333          db->pSavepoint = pTmp->pNext;
003334          sqlite3DbFree(db, pTmp);
003335          db->nSavepoint--;
003336        }
003337  
003338        /* If it is a RELEASE, then destroy the savepoint being operated on 
003339        ** too. If it is a ROLLBACK TO, then set the number of deferred 
003340        ** constraint violations present in the database to the value stored
003341        ** when the savepoint was created.  */
003342        if( p1==SAVEPOINT_RELEASE ){
003343          assert( pSavepoint==db->pSavepoint );
003344          db->pSavepoint = pSavepoint->pNext;
003345          sqlite3DbFree(db, pSavepoint);
003346          if( !isTransaction ){
003347            db->nSavepoint--;
003348          }
003349        }else{
003350          assert( p1==SAVEPOINT_ROLLBACK );
003351          db->nDeferredCons = pSavepoint->nDeferredCons;
003352          db->nDeferredImmCons = pSavepoint->nDeferredImmCons;
003353        }
003354  
003355        if( !isTransaction || p1==SAVEPOINT_ROLLBACK ){
003356          rc = sqlite3VtabSavepoint(db, p1, iSavepoint);
003357          if( rc!=SQLITE_OK ) goto abort_due_to_error;
003358        }
003359      }
003360    }
003361    if( rc ) goto abort_due_to_error;
003362  
003363    break;
003364  }
003365  
003366  /* Opcode: AutoCommit P1 P2 * * *
003367  **
003368  ** Set the database auto-commit flag to P1 (1 or 0). If P2 is true, roll
003369  ** back any currently active btree transactions. If there are any active
003370  ** VMs (apart from this one), then a ROLLBACK fails.  A COMMIT fails if
003371  ** there are active writing VMs or active VMs that use shared cache.
003372  **
003373  ** This instruction causes the VM to halt.
003374  */
003375  case OP_AutoCommit: {
003376    int desiredAutoCommit;
003377    int iRollback;
003378  
003379    desiredAutoCommit = pOp->p1;
003380    iRollback = pOp->p2;
003381    assert( desiredAutoCommit==1 || desiredAutoCommit==0 );
003382    assert( desiredAutoCommit==1 || iRollback==0 );
003383    assert( db->nVdbeActive>0 );  /* At least this one VM is active */
003384    assert( p->bIsReader );
003385  
003386    if( desiredAutoCommit!=db->autoCommit ){
003387      if( iRollback ){
003388        assert( desiredAutoCommit==1 );
003389        sqlite3RollbackAll(db, SQLITE_ABORT_ROLLBACK);
003390        db->autoCommit = 1;
003391      }else if( desiredAutoCommit && db->nVdbeWrite>0 ){
003392        /* If this instruction implements a COMMIT and other VMs are writing
003393        ** return an error indicating that the other VMs must complete first. 
003394        */
003395        sqlite3VdbeError(p, "cannot commit transaction - "
003396                            "SQL statements in progress");
003397        rc = SQLITE_BUSY;
003398        goto abort_due_to_error;
003399      }else if( (rc = sqlite3VdbeCheckFk(p, 1))!=SQLITE_OK ){
003400        goto vdbe_return;
003401      }else{
003402        db->autoCommit = (u8)desiredAutoCommit;
003403      }
003404      if( sqlite3VdbeHalt(p)==SQLITE_BUSY ){
003405        p->pc = (int)(pOp - aOp);
003406        db->autoCommit = (u8)(1-desiredAutoCommit);
003407        p->rc = rc = SQLITE_BUSY;
003408        goto vdbe_return;
003409      }
003410      sqlite3CloseSavepoints(db);
003411      if( p->rc==SQLITE_OK ){
003412        rc = SQLITE_DONE;
003413      }else{
003414        rc = SQLITE_ERROR;
003415      }
003416      goto vdbe_return;
003417    }else{
003418      sqlite3VdbeError(p,
003419          (!desiredAutoCommit)?"cannot start a transaction within a transaction":(
003420          (iRollback)?"cannot rollback - no transaction is active":
003421                     "cannot commit - no transaction is active"));
003422           
003423      rc = SQLITE_ERROR;
003424      goto abort_due_to_error;
003425    }
003426    /*NOTREACHED*/ assert(0);
003427  }
003428  
003429  /* Opcode: Transaction P1 P2 P3 P4 P5
003430  **
003431  ** Begin a transaction on database P1 if a transaction is not already
003432  ** active.
003433  ** If P2 is non-zero, then a write-transaction is started, or if a 
003434  ** read-transaction is already active, it is upgraded to a write-transaction.
003435  ** If P2 is zero, then a read-transaction is started.
003436  **
003437  ** P1 is the index of the database file on which the transaction is
003438  ** started.  Index 0 is the main database file and index 1 is the
003439  ** file used for temporary tables.  Indices of 2 or more are used for
003440  ** attached databases.
003441  **
003442  ** If a write-transaction is started and the Vdbe.usesStmtJournal flag is
003443  ** true (this flag is set if the Vdbe may modify more than one row and may
003444  ** throw an ABORT exception), a statement transaction may also be opened.
003445  ** More specifically, a statement transaction is opened iff the database
003446  ** connection is currently not in autocommit mode, or if there are other
003447  ** active statements. A statement transaction allows the changes made by this
003448  ** VDBE to be rolled back after an error without having to roll back the
003449  ** entire transaction. If no error is encountered, the statement transaction
003450  ** will automatically commit when the VDBE halts.
003451  **
003452  ** If P5!=0 then this opcode also checks the schema cookie against P3
003453  ** and the schema generation counter against P4.
003454  ** The cookie changes its value whenever the database schema changes.
003455  ** This operation is used to detect when that the cookie has changed
003456  ** and that the current process needs to reread the schema.  If the schema
003457  ** cookie in P3 differs from the schema cookie in the database header or
003458  ** if the schema generation counter in P4 differs from the current
003459  ** generation counter, then an SQLITE_SCHEMA error is raised and execution
003460  ** halts.  The sqlite3_step() wrapper function might then reprepare the
003461  ** statement and rerun it from the beginning.
003462  */
003463  case OP_Transaction: {
003464    Btree *pBt;
003465    int iMeta = 0;
003466  
003467    assert( p->bIsReader );
003468    assert( p->readOnly==0 || pOp->p2==0 );
003469    assert( pOp->p1>=0 && pOp->p1<db->nDb );
003470    assert( DbMaskTest(p->btreeMask, pOp->p1) );
003471    if( pOp->p2 && (db->flags & SQLITE_QueryOnly)!=0 ){
003472      rc = SQLITE_READONLY;
003473      goto abort_due_to_error;
003474    }
003475    pBt = db->aDb[pOp->p1].pBt;
003476  
003477    if( pBt ){
003478      rc = sqlite3BtreeBeginTrans(pBt, pOp->p2, &iMeta);
003479      testcase( rc==SQLITE_BUSY_SNAPSHOT );
003480      testcase( rc==SQLITE_BUSY_RECOVERY );
003481      if( rc!=SQLITE_OK ){
003482        if( (rc&0xff)==SQLITE_BUSY ){
003483          p->pc = (int)(pOp - aOp);
003484          p->rc = rc;
003485          goto vdbe_return;
003486        }
003487        goto abort_due_to_error;
003488      }
003489  
003490      if( p->usesStmtJournal
003491       && pOp->p2
003492       && (db->autoCommit==0 || db->nVdbeRead>1) 
003493      ){
003494        assert( sqlite3BtreeIsInTrans(pBt) );
003495        if( p->iStatement==0 ){
003496          assert( db->nStatement>=0 && db->nSavepoint>=0 );
003497          db->nStatement++; 
003498          p->iStatement = db->nSavepoint + db->nStatement;
003499        }
003500  
003501        rc = sqlite3VtabSavepoint(db, SAVEPOINT_BEGIN, p->iStatement-1);
003502        if( rc==SQLITE_OK ){
003503          rc = sqlite3BtreeBeginStmt(pBt, p->iStatement);
003504        }
003505  
003506        /* Store the current value of the database handles deferred constraint
003507        ** counter. If the statement transaction needs to be rolled back,
003508        ** the value of this counter needs to be restored too.  */
003509        p->nStmtDefCons = db->nDeferredCons;
003510        p->nStmtDefImmCons = db->nDeferredImmCons;
003511      }
003512    }
003513    assert( pOp->p5==0 || pOp->p4type==P4_INT32 );
003514    if( pOp->p5
003515     && (iMeta!=pOp->p3
003516        || db->aDb[pOp->p1].pSchema->iGeneration!=pOp->p4.i)
003517    ){
003518      /*
003519      ** IMPLEMENTATION-OF: R-03189-51135 As each SQL statement runs, the schema
003520      ** version is checked to ensure that the schema has not changed since the
003521      ** SQL statement was prepared.
003522      */
003523      sqlite3DbFree(db, p->zErrMsg);
003524      p->zErrMsg = sqlite3DbStrDup(db, "database schema has changed");
003525      /* If the schema-cookie from the database file matches the cookie 
003526      ** stored with the in-memory representation of the schema, do
003527      ** not reload the schema from the database file.
003528      **
003529      ** If virtual-tables are in use, this is not just an optimization.
003530      ** Often, v-tables store their data in other SQLite tables, which
003531      ** are queried from within xNext() and other v-table methods using
003532      ** prepared queries. If such a query is out-of-date, we do not want to
003533      ** discard the database schema, as the user code implementing the
003534      ** v-table would have to be ready for the sqlite3_vtab structure itself
003535      ** to be invalidated whenever sqlite3_step() is called from within 
003536      ** a v-table method.
003537      */
003538      if( db->aDb[pOp->p1].pSchema->schema_cookie!=iMeta ){
003539        sqlite3ResetOneSchema(db, pOp->p1);
003540      }
003541      p->expired = 1;
003542      rc = SQLITE_SCHEMA;
003543    }
003544    if( rc ) goto abort_due_to_error;
003545    break;
003546  }
003547  
003548  /* Opcode: ReadCookie P1 P2 P3 * *
003549  **
003550  ** Read cookie number P3 from database P1 and write it into register P2.
003551  ** P3==1 is the schema version.  P3==2 is the database format.
003552  ** P3==3 is the recommended pager cache size, and so forth.  P1==0 is
003553  ** the main database file and P1==1 is the database file used to store
003554  ** temporary tables.
003555  **
003556  ** There must be a read-lock on the database (either a transaction
003557  ** must be started or there must be an open cursor) before
003558  ** executing this instruction.
003559  */
003560  case OP_ReadCookie: {               /* out2 */
003561    int iMeta;
003562    int iDb;
003563    int iCookie;
003564  
003565    assert( p->bIsReader );
003566    iDb = pOp->p1;
003567    iCookie = pOp->p3;
003568    assert( pOp->p3<SQLITE_N_BTREE_META );
003569    assert( iDb>=0 && iDb<db->nDb );
003570    assert( db->aDb[iDb].pBt!=0 );
003571    assert( DbMaskTest(p->btreeMask, iDb) );
003572  
003573    sqlite3BtreeGetMeta(db->aDb[iDb].pBt, iCookie, (u32 *)&iMeta);
003574    pOut = out2Prerelease(p, pOp);
003575    pOut->u.i = iMeta;
003576    break;
003577  }
003578  
003579  /* Opcode: SetCookie P1 P2 P3 * *
003580  **
003581  ** Write the integer value P3 into cookie number P2 of database P1.
003582  ** P2==1 is the schema version.  P2==2 is the database format.
003583  ** P2==3 is the recommended pager cache 
003584  ** size, and so forth.  P1==0 is the main database file and P1==1 is the 
003585  ** database file used to store temporary tables.
003586  **
003587  ** A transaction must be started before executing this opcode.
003588  */
003589  case OP_SetCookie: {
003590    Db *pDb;
003591  
003592    sqlite3VdbeIncrWriteCounter(p, 0);
003593    assert( pOp->p2<SQLITE_N_BTREE_META );
003594    assert( pOp->p1>=0 && pOp->p1<db->nDb );
003595    assert( DbMaskTest(p->btreeMask, pOp->p1) );
003596    assert( p->readOnly==0 );
003597    pDb = &db->aDb[pOp->p1];
003598    assert( pDb->pBt!=0 );
003599    assert( sqlite3SchemaMutexHeld(db, pOp->p1, 0) );
003600    /* See note about index shifting on OP_ReadCookie */
003601    rc = sqlite3BtreeUpdateMeta(pDb->pBt, pOp->p2, pOp->p3);
003602    if( pOp->p2==BTREE_SCHEMA_VERSION ){
003603      /* When the schema cookie changes, record the new cookie internally */
003604      pDb->pSchema->schema_cookie = pOp->p3;
003605      db->mDbFlags |= DBFLAG_SchemaChange;
003606    }else if( pOp->p2==BTREE_FILE_FORMAT ){
003607      /* Record changes in the file format */
003608      pDb->pSchema->file_format = pOp->p3;
003609    }
003610    if( pOp->p1==1 ){
003611      /* Invalidate all prepared statements whenever the TEMP database
003612      ** schema is changed.  Ticket #1644 */
003613      sqlite3ExpirePreparedStatements(db, 0);
003614      p->expired = 0;
003615    }
003616    if( rc ) goto abort_due_to_error;
003617    break;
003618  }
003619  
003620  /* Opcode: OpenRead P1 P2 P3 P4 P5
003621  ** Synopsis: root=P2 iDb=P3
003622  **
003623  ** Open a read-only cursor for the database table whose root page is
003624  ** P2 in a database file.  The database file is determined by P3. 
003625  ** P3==0 means the main database, P3==1 means the database used for 
003626  ** temporary tables, and P3>1 means used the corresponding attached
003627  ** database.  Give the new cursor an identifier of P1.  The P1
003628  ** values need not be contiguous but all P1 values should be small integers.
003629  ** It is an error for P1 to be negative.
003630  **
003631  ** Allowed P5 bits:
003632  ** <ul>
003633  ** <li>  <b>0x02 OPFLAG_SEEKEQ</b>: This cursor will only be used for
003634  **       equality lookups (implemented as a pair of opcodes OP_SeekGE/OP_IdxGT
003635  **       of OP_SeekLE/OP_IdxGT)
003636  ** </ul>
003637  **
003638  ** The P4 value may be either an integer (P4_INT32) or a pointer to
003639  ** a KeyInfo structure (P4_KEYINFO). If it is a pointer to a KeyInfo 
003640  ** object, then table being opened must be an [index b-tree] where the
003641  ** KeyInfo object defines the content and collating 
003642  ** sequence of that index b-tree. Otherwise, if P4 is an integer 
003643  ** value, then the table being opened must be a [table b-tree] with a
003644  ** number of columns no less than the value of P4.
003645  **
003646  ** See also: OpenWrite, ReopenIdx
003647  */
003648  /* Opcode: ReopenIdx P1 P2 P3 P4 P5
003649  ** Synopsis: root=P2 iDb=P3
003650  **
003651  ** The ReopenIdx opcode works like OP_OpenRead except that it first
003652  ** checks to see if the cursor on P1 is already open on the same
003653  ** b-tree and if it is this opcode becomes a no-op.  In other words,
003654  ** if the cursor is already open, do not reopen it.
003655  **
003656  ** The ReopenIdx opcode may only be used with P5==0 or P5==OPFLAG_SEEKEQ
003657  ** and with P4 being a P4_KEYINFO object.  Furthermore, the P3 value must
003658  ** be the same as every other ReopenIdx or OpenRead for the same cursor
003659  ** number.
003660  **
003661  ** Allowed P5 bits:
003662  ** <ul>
003663  ** <li>  <b>0x02 OPFLAG_SEEKEQ</b>: This cursor will only be used for
003664  **       equality lookups (implemented as a pair of opcodes OP_SeekGE/OP_IdxGT
003665  **       of OP_SeekLE/OP_IdxGT)
003666  ** </ul>
003667  **
003668  ** See also: OP_OpenRead, OP_OpenWrite
003669  */
003670  /* Opcode: OpenWrite P1 P2 P3 P4 P5
003671  ** Synopsis: root=P2 iDb=P3
003672  **
003673  ** Open a read/write cursor named P1 on the table or index whose root
003674  ** page is P2 (or whose root page is held in register P2 if the
003675  ** OPFLAG_P2ISREG bit is set in P5 - see below).
003676  **
003677  ** The P4 value may be either an integer (P4_INT32) or a pointer to
003678  ** a KeyInfo structure (P4_KEYINFO). If it is a pointer to a KeyInfo 
003679  ** object, then table being opened must be an [index b-tree] where the
003680  ** KeyInfo object defines the content and collating 
003681  ** sequence of that index b-tree. Otherwise, if P4 is an integer 
003682  ** value, then the table being opened must be a [table b-tree] with a
003683  ** number of columns no less than the value of P4.
003684  **
003685  ** Allowed P5 bits:
003686  ** <ul>
003687  ** <li>  <b>0x02 OPFLAG_SEEKEQ</b>: This cursor will only be used for
003688  **       equality lookups (implemented as a pair of opcodes OP_SeekGE/OP_IdxGT
003689  **       of OP_SeekLE/OP_IdxGT)
003690  ** <li>  <b>0x08 OPFLAG_FORDELETE</b>: This cursor is used only to seek
003691  **       and subsequently delete entries in an index btree.  This is a
003692  **       hint to the storage engine that the storage engine is allowed to
003693  **       ignore.  The hint is not used by the official SQLite b*tree storage
003694  **       engine, but is used by COMDB2.
003695  ** <li>  <b>0x10 OPFLAG_P2ISREG</b>: Use the content of register P2
003696  **       as the root page, not the value of P2 itself.
003697  ** </ul>
003698  **
003699  ** This instruction works like OpenRead except that it opens the cursor
003700  ** in read/write mode.
003701  **
003702  ** See also: OP_OpenRead, OP_ReopenIdx
003703  */
003704  case OP_ReopenIdx: {
003705    int nField;
003706    KeyInfo *pKeyInfo;
003707    int p2;
003708    int iDb;
003709    int wrFlag;
003710    Btree *pX;
003711    VdbeCursor *pCur;
003712    Db *pDb;
003713  
003714    assert( pOp->p5==0 || pOp->p5==OPFLAG_SEEKEQ );
003715    assert( pOp->p4type==P4_KEYINFO );
003716    pCur = p->apCsr[pOp->p1];
003717    if( pCur && pCur->pgnoRoot==(u32)pOp->p2 ){
003718      assert( pCur->iDb==pOp->p3 );      /* Guaranteed by the code generator */
003719      goto open_cursor_set_hints;
003720    }
003721    /* If the cursor is not currently open or is open on a different
003722    ** index, then fall through into OP_OpenRead to force a reopen */
003723  case OP_OpenRead:
003724  case OP_OpenWrite:
003725  
003726    assert( pOp->opcode==OP_OpenWrite || pOp->p5==0 || pOp->p5==OPFLAG_SEEKEQ );
003727    assert( p->bIsReader );
003728    assert( pOp->opcode==OP_OpenRead || pOp->opcode==OP_ReopenIdx
003729            || p->readOnly==0 );
003730  
003731    if( p->expired==1 ){
003732      rc = SQLITE_ABORT_ROLLBACK;
003733      goto abort_due_to_error;
003734    }
003735  
003736    nField = 0;
003737    pKeyInfo = 0;
003738    p2 = pOp->p2;
003739    iDb = pOp->p3;
003740    assert( iDb>=0 && iDb<db->nDb );
003741    assert( DbMaskTest(p->btreeMask, iDb) );
003742    pDb = &db->aDb[iDb];
003743    pX = pDb->pBt;
003744    assert( pX!=0 );
003745    if( pOp->opcode==OP_OpenWrite ){
003746      assert( OPFLAG_FORDELETE==BTREE_FORDELETE );
003747      wrFlag = BTREE_WRCSR | (pOp->p5 & OPFLAG_FORDELETE);
003748      assert( sqlite3SchemaMutexHeld(db, iDb, 0) );
003749      if( pDb->pSchema->file_format < p->minWriteFileFormat ){
003750        p->minWriteFileFormat = pDb->pSchema->file_format;
003751      }
003752    }else{
003753      wrFlag = 0;
003754    }
003755    if( pOp->p5 & OPFLAG_P2ISREG ){
003756      assert( p2>0 );
003757      assert( p2<=(p->nMem+1 - p->nCursor) );
003758      assert( pOp->opcode==OP_OpenWrite );
003759      pIn2 = &aMem[p2];
003760      assert( memIsValid(pIn2) );
003761      assert( (pIn2->flags & MEM_Int)!=0 );
003762      sqlite3VdbeMemIntegerify(pIn2);
003763      p2 = (int)pIn2->u.i;
003764      /* The p2 value always comes from a prior OP_CreateBtree opcode and
003765      ** that opcode will always set the p2 value to 2 or more or else fail.
003766      ** If there were a failure, the prepared statement would have halted
003767      ** before reaching this instruction. */
003768      assert( p2>=2 );
003769    }
003770    if( pOp->p4type==P4_KEYINFO ){
003771      pKeyInfo = pOp->p4.pKeyInfo;
003772      assert( pKeyInfo->enc==ENC(db) );
003773      assert( pKeyInfo->db==db );
003774      nField = pKeyInfo->nAllField;
003775    }else if( pOp->p4type==P4_INT32 ){
003776      nField = pOp->p4.i;
003777    }
003778    assert( pOp->p1>=0 );
003779    assert( nField>=0 );
003780    testcase( nField==0 );  /* Table with INTEGER PRIMARY KEY and nothing else */
003781    pCur = allocateCursor(p, pOp->p1, nField, iDb, CURTYPE_BTREE);
003782    if( pCur==0 ) goto no_mem;
003783    pCur->nullRow = 1;
003784    pCur->isOrdered = 1;
003785    pCur->pgnoRoot = p2;
003786  #ifdef SQLITE_DEBUG
003787    pCur->wrFlag = wrFlag;
003788  #endif
003789    rc = sqlite3BtreeCursor(pX, p2, wrFlag, pKeyInfo, pCur->uc.pCursor);
003790    pCur->pKeyInfo = pKeyInfo;
003791    /* Set the VdbeCursor.isTable variable. Previous versions of
003792    ** SQLite used to check if the root-page flags were sane at this point
003793    ** and report database corruption if they were not, but this check has
003794    ** since moved into the btree layer.  */  
003795    pCur->isTable = pOp->p4type!=P4_KEYINFO;
003796  
003797  open_cursor_set_hints:
003798    assert( OPFLAG_BULKCSR==BTREE_BULKLOAD );
003799    assert( OPFLAG_SEEKEQ==BTREE_SEEK_EQ );
003800    testcase( pOp->p5 & OPFLAG_BULKCSR );
003801  #ifdef SQLITE_ENABLE_CURSOR_HINTS
003802    testcase( pOp->p2 & OPFLAG_SEEKEQ );
003803  #endif
003804    sqlite3BtreeCursorHintFlags(pCur->uc.pCursor,
003805                                 (pOp->p5 & (OPFLAG_BULKCSR|OPFLAG_SEEKEQ)));
003806    if( rc ) goto abort_due_to_error;
003807    break;
003808  }
003809  
003810  /* Opcode: OpenDup P1 P2 * * *
003811  **
003812  ** Open a new cursor P1 that points to the same ephemeral table as
003813  ** cursor P2.  The P2 cursor must have been opened by a prior OP_OpenEphemeral
003814  ** opcode.  Only ephemeral cursors may be duplicated.
003815  **
003816  ** Duplicate ephemeral cursors are used for self-joins of materialized views.
003817  */
003818  case OP_OpenDup: {
003819    VdbeCursor *pOrig;    /* The original cursor to be duplicated */
003820    VdbeCursor *pCx;      /* The new cursor */
003821  
003822    pOrig = p->apCsr[pOp->p2];
003823    assert( pOrig );
003824    assert( pOrig->pBtx!=0 );  /* Only ephemeral cursors can be duplicated */
003825  
003826    pCx = allocateCursor(p, pOp->p1, pOrig->nField, -1, CURTYPE_BTREE);
003827    if( pCx==0 ) goto no_mem;
003828    pCx->nullRow = 1;
003829    pCx->isEphemeral = 1;
003830    pCx->pKeyInfo = pOrig->pKeyInfo;
003831    pCx->isTable = pOrig->isTable;
003832    pCx->pgnoRoot = pOrig->pgnoRoot;
003833    pCx->isOrdered = pOrig->isOrdered;
003834    rc = sqlite3BtreeCursor(pOrig->pBtx, pCx->pgnoRoot, BTREE_WRCSR,
003835                            pCx->pKeyInfo, pCx->uc.pCursor);
003836    /* The sqlite3BtreeCursor() routine can only fail for the first cursor
003837    ** opened for a database.  Since there is already an open cursor when this
003838    ** opcode is run, the sqlite3BtreeCursor() cannot fail */
003839    assert( rc==SQLITE_OK );
003840    break;
003841  }
003842  
003843  
003844  /* Opcode: OpenEphemeral P1 P2 * P4 P5
003845  ** Synopsis: nColumn=P2
003846  **
003847  ** Open a new cursor P1 to a transient table.
003848  ** The cursor is always opened read/write even if 
003849  ** the main database is read-only.  The ephemeral
003850  ** table is deleted automatically when the cursor is closed.
003851  **
003852  ** If the cursor P1 is already opened on an ephemeral table, the table
003853  ** is cleared (all content is erased).
003854  **
003855  ** P2 is the number of columns in the ephemeral table.
003856  ** The cursor points to a BTree table if P4==0 and to a BTree index
003857  ** if P4 is not 0.  If P4 is not NULL, it points to a KeyInfo structure
003858  ** that defines the format of keys in the index.
003859  **
003860  ** The P5 parameter can be a mask of the BTREE_* flags defined
003861  ** in btree.h.  These flags control aspects of the operation of
003862  ** the btree.  The BTREE_OMIT_JOURNAL and BTREE_SINGLE flags are
003863  ** added automatically.
003864  */
003865  /* Opcode: OpenAutoindex P1 P2 * P4 *
003866  ** Synopsis: nColumn=P2
003867  **
003868  ** This opcode works the same as OP_OpenEphemeral.  It has a
003869  ** different name to distinguish its use.  Tables created using
003870  ** by this opcode will be used for automatically created transient
003871  ** indices in joins.
003872  */
003873  case OP_OpenAutoindex: 
003874  case OP_OpenEphemeral: {
003875    VdbeCursor *pCx;
003876    KeyInfo *pKeyInfo;
003877  
003878    static const int vfsFlags = 
003879        SQLITE_OPEN_READWRITE |
003880        SQLITE_OPEN_CREATE |
003881        SQLITE_OPEN_EXCLUSIVE |
003882        SQLITE_OPEN_DELETEONCLOSE |
003883        SQLITE_OPEN_TRANSIENT_DB;
003884    assert( pOp->p1>=0 );
003885    assert( pOp->p2>=0 );
003886    pCx = p->apCsr[pOp->p1];
003887    if( pCx ){
003888      /* If the ephermeral table is already open, erase all existing content
003889      ** so that the table is empty again, rather than creating a new table. */
003890      assert( pCx->isEphemeral );
003891      pCx->seqCount = 0;
003892      pCx->cacheStatus = CACHE_STALE;
003893      if( pCx->pBtx ){
003894        rc = sqlite3BtreeClearTable(pCx->pBtx, pCx->pgnoRoot, 0);
003895      }
003896    }else{
003897      pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_BTREE);
003898      if( pCx==0 ) goto no_mem;
003899      pCx->isEphemeral = 1;
003900      rc = sqlite3BtreeOpen(db->pVfs, 0, db, &pCx->pBtx, 
003901                            BTREE_OMIT_JOURNAL | BTREE_SINGLE | pOp->p5,
003902                            vfsFlags);
003903      if( rc==SQLITE_OK ){
003904        rc = sqlite3BtreeBeginTrans(pCx->pBtx, 1, 0);
003905      }
003906      if( rc==SQLITE_OK ){
003907        /* If a transient index is required, create it by calling
003908        ** sqlite3BtreeCreateTable() with the BTREE_BLOBKEY flag before
003909        ** opening it. If a transient table is required, just use the
003910        ** automatically created table with root-page 1 (an BLOB_INTKEY table).
003911        */
003912        if( (pCx->pKeyInfo = pKeyInfo = pOp->p4.pKeyInfo)!=0 ){
003913          assert( pOp->p4type==P4_KEYINFO );
003914          rc = sqlite3BtreeCreateTable(pCx->pBtx, (int*)&pCx->pgnoRoot,
003915                                       BTREE_BLOBKEY | pOp->p5); 
003916          if( rc==SQLITE_OK ){
003917            assert( pCx->pgnoRoot==MASTER_ROOT+1 );
003918            assert( pKeyInfo->db==db );
003919            assert( pKeyInfo->enc==ENC(db) );
003920            rc = sqlite3BtreeCursor(pCx->pBtx, pCx->pgnoRoot, BTREE_WRCSR,
003921                                    pKeyInfo, pCx->uc.pCursor);
003922          }
003923          pCx->isTable = 0;
003924        }else{
003925          pCx->pgnoRoot = MASTER_ROOT;
003926          rc = sqlite3BtreeCursor(pCx->pBtx, MASTER_ROOT, BTREE_WRCSR,
003927                                  0, pCx->uc.pCursor);
003928          pCx->isTable = 1;
003929        }
003930      }
003931      pCx->isOrdered = (pOp->p5!=BTREE_UNORDERED);
003932    }
003933    if( rc ) goto abort_due_to_error;
003934    pCx->nullRow = 1;
003935    break;
003936  }
003937  
003938  /* Opcode: SorterOpen P1 P2 P3 P4 *
003939  **
003940  ** This opcode works like OP_OpenEphemeral except that it opens
003941  ** a transient index that is specifically designed to sort large
003942  ** tables using an external merge-sort algorithm.
003943  **
003944  ** If argument P3 is non-zero, then it indicates that the sorter may
003945  ** assume that a stable sort considering the first P3 fields of each
003946  ** key is sufficient to produce the required results.
003947  */
003948  case OP_SorterOpen: {
003949    VdbeCursor *pCx;
003950  
003951    assert( pOp->p1>=0 );
003952    assert( pOp->p2>=0 );
003953    pCx = allocateCursor(p, pOp->p1, pOp->p2, -1, CURTYPE_SORTER);
003954    if( pCx==0 ) goto no_mem;
003955    pCx->pKeyInfo = pOp->p4.pKeyInfo;
003956    assert( pCx->pKeyInfo->db==db );
003957    assert( pCx->pKeyInfo->enc==ENC(db) );
003958    rc = sqlite3VdbeSorterInit(db, pOp->p3, pCx);
003959    if( rc ) goto abort_due_to_error;
003960    break;
003961  }
003962  
003963  /* Opcode: SequenceTest P1 P2 * * *
003964  ** Synopsis: if( cursor[P1].ctr++ ) pc = P2
003965  **
003966  ** P1 is a sorter cursor. If the sequence counter is currently zero, jump
003967  ** to P2. Regardless of whether or not the jump is taken, increment the
003968  ** the sequence value.
003969  */
003970  case OP_SequenceTest: {
003971    VdbeCursor *pC;
003972    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
003973    pC = p->apCsr[pOp->p1];
003974    assert( isSorter(pC) );
003975    if( (pC->seqCount++)==0 ){
003976      goto jump_to_p2;
003977    }
003978    break;
003979  }
003980  
003981  /* Opcode: OpenPseudo P1 P2 P3 * *
003982  ** Synopsis: P3 columns in r[P2]
003983  **
003984  ** Open a new cursor that points to a fake table that contains a single
003985  ** row of data.  The content of that one row is the content of memory
003986  ** register P2.  In other words, cursor P1 becomes an alias for the 
003987  ** MEM_Blob content contained in register P2.
003988  **
003989  ** A pseudo-table created by this opcode is used to hold a single
003990  ** row output from the sorter so that the row can be decomposed into
003991  ** individual columns using the OP_Column opcode.  The OP_Column opcode
003992  ** is the only cursor opcode that works with a pseudo-table.
003993  **
003994  ** P3 is the number of fields in the records that will be stored by
003995  ** the pseudo-table.
003996  */
003997  case OP_OpenPseudo: {
003998    VdbeCursor *pCx;
003999  
004000    assert( pOp->p1>=0 );
004001    assert( pOp->p3>=0 );
004002    pCx = allocateCursor(p, pOp->p1, pOp->p3, -1, CURTYPE_PSEUDO);
004003    if( pCx==0 ) goto no_mem;
004004    pCx->nullRow = 1;
004005    pCx->seekResult = pOp->p2;
004006    pCx->isTable = 1;
004007    /* Give this pseudo-cursor a fake BtCursor pointer so that pCx
004008    ** can be safely passed to sqlite3VdbeCursorMoveto().  This avoids a test
004009    ** for pCx->eCurType==CURTYPE_BTREE inside of sqlite3VdbeCursorMoveto()
004010    ** which is a performance optimization */
004011    pCx->uc.pCursor = sqlite3BtreeFakeValidCursor();
004012    assert( pOp->p5==0 );
004013    break;
004014  }
004015  
004016  /* Opcode: Close P1 * * * *
004017  **
004018  ** Close a cursor previously opened as P1.  If P1 is not
004019  ** currently open, this instruction is a no-op.
004020  */
004021  case OP_Close: {
004022    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004023    sqlite3VdbeFreeCursor(p, p->apCsr[pOp->p1]);
004024    p->apCsr[pOp->p1] = 0;
004025    break;
004026  }
004027  
004028  #ifdef SQLITE_ENABLE_COLUMN_USED_MASK
004029  /* Opcode: ColumnsUsed P1 * * P4 *
004030  **
004031  ** This opcode (which only exists if SQLite was compiled with
004032  ** SQLITE_ENABLE_COLUMN_USED_MASK) identifies which columns of the
004033  ** table or index for cursor P1 are used.  P4 is a 64-bit integer
004034  ** (P4_INT64) in which the first 63 bits are one for each of the
004035  ** first 63 columns of the table or index that are actually used
004036  ** by the cursor.  The high-order bit is set if any column after
004037  ** the 64th is used.
004038  */
004039  case OP_ColumnsUsed: {
004040    VdbeCursor *pC;
004041    pC = p->apCsr[pOp->p1];
004042    assert( pC->eCurType==CURTYPE_BTREE );
004043    pC->maskUsed = *(u64*)pOp->p4.pI64;
004044    break;
004045  }
004046  #endif
004047  
004048  /* Opcode: SeekGE P1 P2 P3 P4 *
004049  ** Synopsis: key=r[P3@P4]
004050  **
004051  ** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
004052  ** use the value in register P3 as the key.  If cursor P1 refers 
004053  ** to an SQL index, then P3 is the first in an array of P4 registers 
004054  ** that are used as an unpacked index key. 
004055  **
004056  ** Reposition cursor P1 so that  it points to the smallest entry that 
004057  ** is greater than or equal to the key value. If there are no records 
004058  ** greater than or equal to the key and P2 is not zero, then jump to P2.
004059  **
004060  ** If the cursor P1 was opened using the OPFLAG_SEEKEQ flag, then this
004061  ** opcode will always land on a record that equally equals the key, or
004062  ** else jump immediately to P2.  When the cursor is OPFLAG_SEEKEQ, this
004063  ** opcode must be followed by an IdxLE opcode with the same arguments.
004064  ** The IdxLE opcode will be skipped if this opcode succeeds, but the
004065  ** IdxLE opcode will be used on subsequent loop iterations.
004066  **
004067  ** This opcode leaves the cursor configured to move in forward order,
004068  ** from the beginning toward the end.  In other words, the cursor is
004069  ** configured to use Next, not Prev.
004070  **
004071  ** See also: Found, NotFound, SeekLt, SeekGt, SeekLe
004072  */
004073  /* Opcode: SeekGT P1 P2 P3 P4 *
004074  ** Synopsis: key=r[P3@P4]
004075  **
004076  ** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
004077  ** use the value in register P3 as a key. If cursor P1 refers 
004078  ** to an SQL index, then P3 is the first in an array of P4 registers 
004079  ** that are used as an unpacked index key. 
004080  **
004081  ** Reposition cursor P1 so that  it points to the smallest entry that 
004082  ** is greater than the key value. If there are no records greater than 
004083  ** the key and P2 is not zero, then jump to P2.
004084  **
004085  ** This opcode leaves the cursor configured to move in forward order,
004086  ** from the beginning toward the end.  In other words, the cursor is
004087  ** configured to use Next, not Prev.
004088  **
004089  ** See also: Found, NotFound, SeekLt, SeekGe, SeekLe
004090  */
004091  /* Opcode: SeekLT P1 P2 P3 P4 * 
004092  ** Synopsis: key=r[P3@P4]
004093  **
004094  ** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
004095  ** use the value in register P3 as a key. If cursor P1 refers 
004096  ** to an SQL index, then P3 is the first in an array of P4 registers 
004097  ** that are used as an unpacked index key. 
004098  **
004099  ** Reposition cursor P1 so that  it points to the largest entry that 
004100  ** is less than the key value. If there are no records less than 
004101  ** the key and P2 is not zero, then jump to P2.
004102  **
004103  ** This opcode leaves the cursor configured to move in reverse order,
004104  ** from the end toward the beginning.  In other words, the cursor is
004105  ** configured to use Prev, not Next.
004106  **
004107  ** See also: Found, NotFound, SeekGt, SeekGe, SeekLe
004108  */
004109  /* Opcode: SeekLE P1 P2 P3 P4 *
004110  ** Synopsis: key=r[P3@P4]
004111  **
004112  ** If cursor P1 refers to an SQL table (B-Tree that uses integer keys), 
004113  ** use the value in register P3 as a key. If cursor P1 refers 
004114  ** to an SQL index, then P3 is the first in an array of P4 registers 
004115  ** that are used as an unpacked index key. 
004116  **
004117  ** Reposition cursor P1 so that it points to the largest entry that 
004118  ** is less than or equal to the key value. If there are no records 
004119  ** less than or equal to the key and P2 is not zero, then jump to P2.
004120  **
004121  ** This opcode leaves the cursor configured to move in reverse order,
004122  ** from the end toward the beginning.  In other words, the cursor is
004123  ** configured to use Prev, not Next.
004124  **
004125  ** If the cursor P1 was opened using the OPFLAG_SEEKEQ flag, then this
004126  ** opcode will always land on a record that equally equals the key, or
004127  ** else jump immediately to P2.  When the cursor is OPFLAG_SEEKEQ, this
004128  ** opcode must be followed by an IdxGE opcode with the same arguments.
004129  ** The IdxGE opcode will be skipped if this opcode succeeds, but the
004130  ** IdxGE opcode will be used on subsequent loop iterations.
004131  **
004132  ** See also: Found, NotFound, SeekGt, SeekGe, SeekLt
004133  */
004134  case OP_SeekLT:         /* jump, in3, group */
004135  case OP_SeekLE:         /* jump, in3, group */
004136  case OP_SeekGE:         /* jump, in3, group */
004137  case OP_SeekGT: {       /* jump, in3, group */
004138    int res;           /* Comparison result */
004139    int oc;            /* Opcode */
004140    VdbeCursor *pC;    /* The cursor to seek */
004141    UnpackedRecord r;  /* The key to seek for */
004142    int nField;        /* Number of columns or fields in the key */
004143    i64 iKey;          /* The rowid we are to seek to */
004144    int eqOnly;        /* Only interested in == results */
004145  
004146    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004147    assert( pOp->p2!=0 );
004148    pC = p->apCsr[pOp->p1];
004149    assert( pC!=0 );
004150    assert( pC->eCurType==CURTYPE_BTREE );
004151    assert( OP_SeekLE == OP_SeekLT+1 );
004152    assert( OP_SeekGE == OP_SeekLT+2 );
004153    assert( OP_SeekGT == OP_SeekLT+3 );
004154    assert( pC->isOrdered );
004155    assert( pC->uc.pCursor!=0 );
004156    oc = pOp->opcode;
004157    eqOnly = 0;
004158    pC->nullRow = 0;
004159  #ifdef SQLITE_DEBUG
004160    pC->seekOp = pOp->opcode;
004161  #endif
004162  
004163    pC->deferredMoveto = 0;
004164    pC->cacheStatus = CACHE_STALE;
004165    if( pC->isTable ){
004166      u16 flags3, newType;
004167      /* The BTREE_SEEK_EQ flag is only set on index cursors */
004168      assert( sqlite3BtreeCursorHasHint(pC->uc.pCursor, BTREE_SEEK_EQ)==0
004169                || CORRUPT_DB );
004170  
004171      /* The input value in P3 might be of any type: integer, real, string,
004172      ** blob, or NULL.  But it needs to be an integer before we can do
004173      ** the seek, so convert it. */
004174      pIn3 = &aMem[pOp->p3];
004175      flags3 = pIn3->flags;
004176      if( (flags3 & (MEM_Int|MEM_Real|MEM_IntReal|MEM_Str))==MEM_Str ){
004177        applyNumericAffinity(pIn3, 0);
004178      }
004179      iKey = sqlite3VdbeIntValue(pIn3); /* Get the integer key value */
004180      newType = pIn3->flags; /* Record the type after applying numeric affinity */
004181      pIn3->flags = flags3;  /* But convert the type back to its original */
004182  
004183      /* If the P3 value could not be converted into an integer without
004184      ** loss of information, then special processing is required... */
004185      if( (newType & (MEM_Int|MEM_IntReal))==0 ){
004186        if( (newType & MEM_Real)==0 ){
004187          if( (newType & MEM_Null) || oc>=OP_SeekGE ){
004188            VdbeBranchTaken(1,2);
004189            goto jump_to_p2;
004190          }else{
004191            rc = sqlite3BtreeLast(pC->uc.pCursor, &res);
004192            if( rc!=SQLITE_OK ) goto abort_due_to_error;
004193            goto seek_not_found;
004194          }
004195        }else
004196  
004197        /* If the approximation iKey is larger than the actual real search
004198        ** term, substitute >= for > and < for <=. e.g. if the search term
004199        ** is 4.9 and the integer approximation 5:
004200        **
004201        **        (x >  4.9)    ->     (x >= 5)
004202        **        (x <= 4.9)    ->     (x <  5)
004203        */
004204        if( pIn3->u.r<(double)iKey ){
004205          assert( OP_SeekGE==(OP_SeekGT-1) );
004206          assert( OP_SeekLT==(OP_SeekLE-1) );
004207          assert( (OP_SeekLE & 0x0001)==(OP_SeekGT & 0x0001) );
004208          if( (oc & 0x0001)==(OP_SeekGT & 0x0001) ) oc--;
004209        }
004210  
004211        /* If the approximation iKey is smaller than the actual real search
004212        ** term, substitute <= for < and > for >=.  */
004213        else if( pIn3->u.r>(double)iKey ){
004214          assert( OP_SeekLE==(OP_SeekLT+1) );
004215          assert( OP_SeekGT==(OP_SeekGE+1) );
004216          assert( (OP_SeekLT & 0x0001)==(OP_SeekGE & 0x0001) );
004217          if( (oc & 0x0001)==(OP_SeekLT & 0x0001) ) oc++;
004218        }
004219      }
004220      rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, 0, (u64)iKey, 0, &res);
004221      pC->movetoTarget = iKey;  /* Used by OP_Delete */
004222      if( rc!=SQLITE_OK ){
004223        goto abort_due_to_error;
004224      }
004225    }else{
004226      /* For a cursor with the BTREE_SEEK_EQ hint, only the OP_SeekGE and
004227      ** OP_SeekLE opcodes are allowed, and these must be immediately followed
004228      ** by an OP_IdxGT or OP_IdxLT opcode, respectively, with the same key.
004229      */
004230      if( sqlite3BtreeCursorHasHint(pC->uc.pCursor, BTREE_SEEK_EQ) ){
004231        eqOnly = 1;
004232        assert( pOp->opcode==OP_SeekGE || pOp->opcode==OP_SeekLE );
004233        assert( pOp[1].opcode==OP_IdxLT || pOp[1].opcode==OP_IdxGT );
004234        assert( pOp[1].p1==pOp[0].p1 );
004235        assert( pOp[1].p2==pOp[0].p2 );
004236        assert( pOp[1].p3==pOp[0].p3 );
004237        assert( pOp[1].p4.i==pOp[0].p4.i );
004238      }
004239  
004240      nField = pOp->p4.i;
004241      assert( pOp->p4type==P4_INT32 );
004242      assert( nField>0 );
004243      r.pKeyInfo = pC->pKeyInfo;
004244      r.nField = (u16)nField;
004245  
004246      /* The next line of code computes as follows, only faster:
004247      **   if( oc==OP_SeekGT || oc==OP_SeekLE ){
004248      **     r.default_rc = -1;
004249      **   }else{
004250      **     r.default_rc = +1;
004251      **   }
004252      */
004253      r.default_rc = ((1 & (oc - OP_SeekLT)) ? -1 : +1);
004254      assert( oc!=OP_SeekGT || r.default_rc==-1 );
004255      assert( oc!=OP_SeekLE || r.default_rc==-1 );
004256      assert( oc!=OP_SeekGE || r.default_rc==+1 );
004257      assert( oc!=OP_SeekLT || r.default_rc==+1 );
004258  
004259      r.aMem = &aMem[pOp->p3];
004260  #ifdef SQLITE_DEBUG
004261      { int i; for(i=0; i<r.nField; i++) assert( memIsValid(&r.aMem[i]) ); }
004262  #endif
004263      r.eqSeen = 0;
004264      rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, &r, 0, 0, &res);
004265      if( rc!=SQLITE_OK ){
004266        goto abort_due_to_error;
004267      }
004268      if( eqOnly && r.eqSeen==0 ){
004269        assert( res!=0 );
004270        goto seek_not_found;
004271      }
004272    }
004273  #ifdef SQLITE_TEST
004274    sqlite3_search_count++;
004275  #endif
004276    if( oc>=OP_SeekGE ){  assert( oc==OP_SeekGE || oc==OP_SeekGT );
004277      if( res<0 || (res==0 && oc==OP_SeekGT) ){
004278        res = 0;
004279        rc = sqlite3BtreeNext(pC->uc.pCursor, 0);
004280        if( rc!=SQLITE_OK ){
004281          if( rc==SQLITE_DONE ){
004282            rc = SQLITE_OK;
004283            res = 1;
004284          }else{
004285            goto abort_due_to_error;
004286          }
004287        }
004288      }else{
004289        res = 0;
004290      }
004291    }else{
004292      assert( oc==OP_SeekLT || oc==OP_SeekLE );
004293      if( res>0 || (res==0 && oc==OP_SeekLT) ){
004294        res = 0;
004295        rc = sqlite3BtreePrevious(pC->uc.pCursor, 0);
004296        if( rc!=SQLITE_OK ){
004297          if( rc==SQLITE_DONE ){
004298            rc = SQLITE_OK;
004299            res = 1;
004300          }else{
004301            goto abort_due_to_error;
004302          }
004303        }
004304      }else{
004305        /* res might be negative because the table is empty.  Check to
004306        ** see if this is the case.
004307        */
004308        res = sqlite3BtreeEof(pC->uc.pCursor);
004309      }
004310    }
004311  seek_not_found:
004312    assert( pOp->p2>0 );
004313    VdbeBranchTaken(res!=0,2);
004314    if( res ){
004315      goto jump_to_p2;
004316    }else if( eqOnly ){
004317      assert( pOp[1].opcode==OP_IdxLT || pOp[1].opcode==OP_IdxGT );
004318      pOp++; /* Skip the OP_IdxLt or OP_IdxGT that follows */
004319    }
004320    break;
004321  }
004322  
004323  /* Opcode: SeekHit P1 P2 * * *
004324  ** Synopsis: seekHit=P2
004325  **
004326  ** Set the seekHit flag on cursor P1 to the value in P2.
004327  ** The seekHit flag is used by the IfNoHope opcode.
004328  **
004329  ** P1 must be a valid b-tree cursor.  P2 must be a boolean value,
004330  ** either 0 or 1.
004331  */
004332  case OP_SeekHit: {
004333    VdbeCursor *pC;
004334    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004335    pC = p->apCsr[pOp->p1];
004336    assert( pC!=0 );
004337    assert( pOp->p2==0 || pOp->p2==1 );
004338    pC->seekHit = pOp->p2 & 1;
004339    break;
004340  }
004341  
004342  /* Opcode: Found P1 P2 P3 P4 *
004343  ** Synopsis: key=r[P3@P4]
004344  **
004345  ** If P4==0 then register P3 holds a blob constructed by MakeRecord.  If
004346  ** P4>0 then register P3 is the first of P4 registers that form an unpacked
004347  ** record.
004348  **
004349  ** Cursor P1 is on an index btree.  If the record identified by P3 and P4
004350  ** is a prefix of any entry in P1 then a jump is made to P2 and
004351  ** P1 is left pointing at the matching entry.
004352  **
004353  ** This operation leaves the cursor in a state where it can be
004354  ** advanced in the forward direction.  The Next instruction will work,
004355  ** but not the Prev instruction.
004356  **
004357  ** See also: NotFound, NoConflict, NotExists. SeekGe
004358  */
004359  /* Opcode: NotFound P1 P2 P3 P4 *
004360  ** Synopsis: key=r[P3@P4]
004361  **
004362  ** If P4==0 then register P3 holds a blob constructed by MakeRecord.  If
004363  ** P4>0 then register P3 is the first of P4 registers that form an unpacked
004364  ** record.
004365  ** 
004366  ** Cursor P1 is on an index btree.  If the record identified by P3 and P4
004367  ** is not the prefix of any entry in P1 then a jump is made to P2.  If P1 
004368  ** does contain an entry whose prefix matches the P3/P4 record then control
004369  ** falls through to the next instruction and P1 is left pointing at the
004370  ** matching entry.
004371  **
004372  ** This operation leaves the cursor in a state where it cannot be
004373  ** advanced in either direction.  In other words, the Next and Prev
004374  ** opcodes do not work after this operation.
004375  **
004376  ** See also: Found, NotExists, NoConflict, IfNoHope
004377  */
004378  /* Opcode: IfNoHope P1 P2 P3 P4 *
004379  ** Synopsis: key=r[P3@P4]
004380  **
004381  ** Register P3 is the first of P4 registers that form an unpacked
004382  ** record.
004383  **
004384  ** Cursor P1 is on an index btree.  If the seekHit flag is set on P1, then
004385  ** this opcode is a no-op.  But if the seekHit flag of P1 is clear, then
004386  ** check to see if there is any entry in P1 that matches the
004387  ** prefix identified by P3 and P4.  If no entry matches the prefix,
004388  ** jump to P2.  Otherwise fall through.
004389  **
004390  ** This opcode behaves like OP_NotFound if the seekHit
004391  ** flag is clear and it behaves like OP_Noop if the seekHit flag is set.
004392  **
004393  ** This opcode is used in IN clause processing for a multi-column key.
004394  ** If an IN clause is attached to an element of the key other than the
004395  ** left-most element, and if there are no matches on the most recent
004396  ** seek over the whole key, then it might be that one of the key element
004397  ** to the left is prohibiting a match, and hence there is "no hope" of
004398  ** any match regardless of how many IN clause elements are checked.
004399  ** In such a case, we abandon the IN clause search early, using this
004400  ** opcode.  The opcode name comes from the fact that the
004401  ** jump is taken if there is "no hope" of achieving a match.
004402  **
004403  ** See also: NotFound, SeekHit
004404  */
004405  /* Opcode: NoConflict P1 P2 P3 P4 *
004406  ** Synopsis: key=r[P3@P4]
004407  **
004408  ** If P4==0 then register P3 holds a blob constructed by MakeRecord.  If
004409  ** P4>0 then register P3 is the first of P4 registers that form an unpacked
004410  ** record.
004411  ** 
004412  ** Cursor P1 is on an index btree.  If the record identified by P3 and P4
004413  ** contains any NULL value, jump immediately to P2.  If all terms of the
004414  ** record are not-NULL then a check is done to determine if any row in the
004415  ** P1 index btree has a matching key prefix.  If there are no matches, jump
004416  ** immediately to P2.  If there is a match, fall through and leave the P1
004417  ** cursor pointing to the matching row.
004418  **
004419  ** This opcode is similar to OP_NotFound with the exceptions that the
004420  ** branch is always taken if any part of the search key input is NULL.
004421  **
004422  ** This operation leaves the cursor in a state where it cannot be
004423  ** advanced in either direction.  In other words, the Next and Prev
004424  ** opcodes do not work after this operation.
004425  **
004426  ** See also: NotFound, Found, NotExists
004427  */
004428  case OP_IfNoHope: {     /* jump, in3 */
004429    VdbeCursor *pC;
004430    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004431    pC = p->apCsr[pOp->p1];
004432    assert( pC!=0 );
004433    if( pC->seekHit ) break;
004434    /* Fall through into OP_NotFound */
004435  }
004436  case OP_NoConflict:     /* jump, in3 */
004437  case OP_NotFound:       /* jump, in3 */
004438  case OP_Found: {        /* jump, in3 */
004439    int alreadyExists;
004440    int takeJump;
004441    int ii;
004442    VdbeCursor *pC;
004443    int res;
004444    UnpackedRecord *pFree;
004445    UnpackedRecord *pIdxKey;
004446    UnpackedRecord r;
004447  
004448  #ifdef SQLITE_TEST
004449    if( pOp->opcode!=OP_NoConflict ) sqlite3_found_count++;
004450  #endif
004451  
004452    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004453    assert( pOp->p4type==P4_INT32 );
004454    pC = p->apCsr[pOp->p1];
004455    assert( pC!=0 );
004456  #ifdef SQLITE_DEBUG
004457    pC->seekOp = pOp->opcode;
004458  #endif
004459    pIn3 = &aMem[pOp->p3];
004460    assert( pC->eCurType==CURTYPE_BTREE );
004461    assert( pC->uc.pCursor!=0 );
004462    assert( pC->isTable==0 );
004463    if( pOp->p4.i>0 ){
004464      r.pKeyInfo = pC->pKeyInfo;
004465      r.nField = (u16)pOp->p4.i;
004466      r.aMem = pIn3;
004467  #ifdef SQLITE_DEBUG
004468      for(ii=0; ii<r.nField; ii++){
004469        assert( memIsValid(&r.aMem[ii]) );
004470        assert( (r.aMem[ii].flags & MEM_Zero)==0 || r.aMem[ii].n==0 );
004471        if( ii ) REGISTER_TRACE(pOp->p3+ii, &r.aMem[ii]);
004472      }
004473  #endif
004474      pIdxKey = &r;
004475      pFree = 0;
004476    }else{
004477      assert( pIn3->flags & MEM_Blob );
004478      rc = ExpandBlob(pIn3);
004479      assert( rc==SQLITE_OK || rc==SQLITE_NOMEM );
004480      if( rc ) goto no_mem;
004481      pFree = pIdxKey = sqlite3VdbeAllocUnpackedRecord(pC->pKeyInfo);
004482      if( pIdxKey==0 ) goto no_mem;
004483      sqlite3VdbeRecordUnpack(pC->pKeyInfo, pIn3->n, pIn3->z, pIdxKey);
004484    }
004485    pIdxKey->default_rc = 0;
004486    takeJump = 0;
004487    if( pOp->opcode==OP_NoConflict ){
004488      /* For the OP_NoConflict opcode, take the jump if any of the
004489      ** input fields are NULL, since any key with a NULL will not
004490      ** conflict */
004491      for(ii=0; ii<pIdxKey->nField; ii++){
004492        if( pIdxKey->aMem[ii].flags & MEM_Null ){
004493          takeJump = 1;
004494          break;
004495        }
004496      }
004497    }
004498    rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, pIdxKey, 0, 0, &res);
004499    if( pFree ) sqlite3DbFreeNN(db, pFree);
004500    if( rc!=SQLITE_OK ){
004501      goto abort_due_to_error;
004502    }
004503    pC->seekResult = res;
004504    alreadyExists = (res==0);
004505    pC->nullRow = 1-alreadyExists;
004506    pC->deferredMoveto = 0;
004507    pC->cacheStatus = CACHE_STALE;
004508    if( pOp->opcode==OP_Found ){
004509      VdbeBranchTaken(alreadyExists!=0,2);
004510      if( alreadyExists ) goto jump_to_p2;
004511    }else{
004512      VdbeBranchTaken(takeJump||alreadyExists==0,2);
004513      if( takeJump || !alreadyExists ) goto jump_to_p2;
004514    }
004515    break;
004516  }
004517  
004518  /* Opcode: SeekRowid P1 P2 P3 * *
004519  ** Synopsis: intkey=r[P3]
004520  **
004521  ** P1 is the index of a cursor open on an SQL table btree (with integer
004522  ** keys).  If register P3 does not contain an integer or if P1 does not
004523  ** contain a record with rowid P3 then jump immediately to P2.  
004524  ** Or, if P2 is 0, raise an SQLITE_CORRUPT error. If P1 does contain
004525  ** a record with rowid P3 then 
004526  ** leave the cursor pointing at that record and fall through to the next
004527  ** instruction.
004528  **
004529  ** The OP_NotExists opcode performs the same operation, but with OP_NotExists
004530  ** the P3 register must be guaranteed to contain an integer value.  With this
004531  ** opcode, register P3 might not contain an integer.
004532  **
004533  ** The OP_NotFound opcode performs the same operation on index btrees
004534  ** (with arbitrary multi-value keys).
004535  **
004536  ** This opcode leaves the cursor in a state where it cannot be advanced
004537  ** in either direction.  In other words, the Next and Prev opcodes will
004538  ** not work following this opcode.
004539  **
004540  ** See also: Found, NotFound, NoConflict, SeekRowid
004541  */
004542  /* Opcode: NotExists P1 P2 P3 * *
004543  ** Synopsis: intkey=r[P3]
004544  **
004545  ** P1 is the index of a cursor open on an SQL table btree (with integer
004546  ** keys).  P3 is an integer rowid.  If P1 does not contain a record with
004547  ** rowid P3 then jump immediately to P2.  Or, if P2 is 0, raise an
004548  ** SQLITE_CORRUPT error. If P1 does contain a record with rowid P3 then 
004549  ** leave the cursor pointing at that record and fall through to the next
004550  ** instruction.
004551  **
004552  ** The OP_SeekRowid opcode performs the same operation but also allows the
004553  ** P3 register to contain a non-integer value, in which case the jump is
004554  ** always taken.  This opcode requires that P3 always contain an integer.
004555  **
004556  ** The OP_NotFound opcode performs the same operation on index btrees
004557  ** (with arbitrary multi-value keys).
004558  **
004559  ** This opcode leaves the cursor in a state where it cannot be advanced
004560  ** in either direction.  In other words, the Next and Prev opcodes will
004561  ** not work following this opcode.
004562  **
004563  ** See also: Found, NotFound, NoConflict, SeekRowid
004564  */
004565  case OP_SeekRowid: {        /* jump, in3 */
004566    VdbeCursor *pC;
004567    BtCursor *pCrsr;
004568    int res;
004569    u64 iKey;
004570  
004571    pIn3 = &aMem[pOp->p3];
004572    testcase( pIn3->flags & MEM_Int );
004573    testcase( pIn3->flags & MEM_IntReal );
004574    testcase( pIn3->flags & MEM_Real );
004575    testcase( (pIn3->flags & (MEM_Str|MEM_Int))==MEM_Str );
004576    if( (pIn3->flags & (MEM_Int|MEM_IntReal))==0 ){
004577      /* If pIn3->u.i does not contain an integer, compute iKey as the
004578      ** integer value of pIn3.  Jump to P2 if pIn3 cannot be converted
004579      ** into an integer without loss of information.  Take care to avoid
004580      ** changing the datatype of pIn3, however, as it is used by other
004581      ** parts of the prepared statement. */
004582      Mem x = pIn3[0];
004583      applyAffinity(&x, SQLITE_AFF_NUMERIC, encoding);
004584      if( (x.flags & MEM_Int)==0 ) goto jump_to_p2;
004585      iKey = x.u.i;
004586      goto notExistsWithKey;
004587    }
004588    /* Fall through into OP_NotExists */
004589  case OP_NotExists:          /* jump, in3 */
004590    pIn3 = &aMem[pOp->p3];
004591    assert( (pIn3->flags & MEM_Int)!=0 || pOp->opcode==OP_SeekRowid );
004592    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004593    iKey = pIn3->u.i;
004594  notExistsWithKey:
004595    pC = p->apCsr[pOp->p1];
004596    assert( pC!=0 );
004597  #ifdef SQLITE_DEBUG
004598    if( pOp->opcode==OP_SeekRowid ) pC->seekOp = OP_SeekRowid;
004599  #endif
004600    assert( pC->isTable );
004601    assert( pC->eCurType==CURTYPE_BTREE );
004602    pCrsr = pC->uc.pCursor;
004603    assert( pCrsr!=0 );
004604    res = 0;
004605    rc = sqlite3BtreeMovetoUnpacked(pCrsr, 0, iKey, 0, &res);
004606    assert( rc==SQLITE_OK || res==0 );
004607    pC->movetoTarget = iKey;  /* Used by OP_Delete */
004608    pC->nullRow = 0;
004609    pC->cacheStatus = CACHE_STALE;
004610    pC->deferredMoveto = 0;
004611    VdbeBranchTaken(res!=0,2);
004612    pC->seekResult = res;
004613    if( res!=0 ){
004614      assert( rc==SQLITE_OK );
004615      if( pOp->p2==0 ){
004616        rc = SQLITE_CORRUPT_BKPT;
004617      }else{
004618        goto jump_to_p2;
004619      }
004620    }
004621    if( rc ) goto abort_due_to_error;
004622    break;
004623  }
004624  
004625  /* Opcode: Sequence P1 P2 * * *
004626  ** Synopsis: r[P2]=cursor[P1].ctr++
004627  **
004628  ** Find the next available sequence number for cursor P1.
004629  ** Write the sequence number into register P2.
004630  ** The sequence number on the cursor is incremented after this
004631  ** instruction.  
004632  */
004633  case OP_Sequence: {           /* out2 */
004634    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004635    assert( p->apCsr[pOp->p1]!=0 );
004636    assert( p->apCsr[pOp->p1]->eCurType!=CURTYPE_VTAB );
004637    pOut = out2Prerelease(p, pOp);
004638    pOut->u.i = p->apCsr[pOp->p1]->seqCount++;
004639    break;
004640  }
004641  
004642  
004643  /* Opcode: NewRowid P1 P2 P3 * *
004644  ** Synopsis: r[P2]=rowid
004645  **
004646  ** Get a new integer record number (a.k.a "rowid") used as the key to a table.
004647  ** The record number is not previously used as a key in the database
004648  ** table that cursor P1 points to.  The new record number is written
004649  ** written to register P2.
004650  **
004651  ** If P3>0 then P3 is a register in the root frame of this VDBE that holds 
004652  ** the largest previously generated record number. No new record numbers are
004653  ** allowed to be less than this value. When this value reaches its maximum, 
004654  ** an SQLITE_FULL error is generated. The P3 register is updated with the '
004655  ** generated record number. This P3 mechanism is used to help implement the
004656  ** AUTOINCREMENT feature.
004657  */
004658  case OP_NewRowid: {           /* out2 */
004659    i64 v;                 /* The new rowid */
004660    VdbeCursor *pC;        /* Cursor of table to get the new rowid */
004661    int res;               /* Result of an sqlite3BtreeLast() */
004662    int cnt;               /* Counter to limit the number of searches */
004663    Mem *pMem;             /* Register holding largest rowid for AUTOINCREMENT */
004664    VdbeFrame *pFrame;     /* Root frame of VDBE */
004665  
004666    v = 0;
004667    res = 0;
004668    pOut = out2Prerelease(p, pOp);
004669    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004670    pC = p->apCsr[pOp->p1];
004671    assert( pC!=0 );
004672    assert( pC->isTable );
004673    assert( pC->eCurType==CURTYPE_BTREE );
004674    assert( pC->uc.pCursor!=0 );
004675    {
004676      /* The next rowid or record number (different terms for the same
004677      ** thing) is obtained in a two-step algorithm.
004678      **
004679      ** First we attempt to find the largest existing rowid and add one
004680      ** to that.  But if the largest existing rowid is already the maximum
004681      ** positive integer, we have to fall through to the second
004682      ** probabilistic algorithm
004683      **
004684      ** The second algorithm is to select a rowid at random and see if
004685      ** it already exists in the table.  If it does not exist, we have
004686      ** succeeded.  If the random rowid does exist, we select a new one
004687      ** and try again, up to 100 times.
004688      */
004689      assert( pC->isTable );
004690  
004691  #ifdef SQLITE_32BIT_ROWID
004692  #   define MAX_ROWID 0x7fffffff
004693  #else
004694      /* Some compilers complain about constants of the form 0x7fffffffffffffff.
004695      ** Others complain about 0x7ffffffffffffffffLL.  The following macro seems
004696      ** to provide the constant while making all compilers happy.
004697      */
004698  #   define MAX_ROWID  (i64)( (((u64)0x7fffffff)<<32) | (u64)0xffffffff )
004699  #endif
004700  
004701      if( !pC->useRandomRowid ){
004702        rc = sqlite3BtreeLast(pC->uc.pCursor, &res);
004703        if( rc!=SQLITE_OK ){
004704          goto abort_due_to_error;
004705        }
004706        if( res ){
004707          v = 1;   /* IMP: R-61914-48074 */
004708        }else{
004709          assert( sqlite3BtreeCursorIsValid(pC->uc.pCursor) );
004710          v = sqlite3BtreeIntegerKey(pC->uc.pCursor);
004711          if( v>=MAX_ROWID ){
004712            pC->useRandomRowid = 1;
004713          }else{
004714            v++;   /* IMP: R-29538-34987 */
004715          }
004716        }
004717      }
004718  
004719  #ifndef SQLITE_OMIT_AUTOINCREMENT
004720      if( pOp->p3 ){
004721        /* Assert that P3 is a valid memory cell. */
004722        assert( pOp->p3>0 );
004723        if( p->pFrame ){
004724          for(pFrame=p->pFrame; pFrame->pParent; pFrame=pFrame->pParent);
004725          /* Assert that P3 is a valid memory cell. */
004726          assert( pOp->p3<=pFrame->nMem );
004727          pMem = &pFrame->aMem[pOp->p3];
004728        }else{
004729          /* Assert that P3 is a valid memory cell. */
004730          assert( pOp->p3<=(p->nMem+1 - p->nCursor) );
004731          pMem = &aMem[pOp->p3];
004732          memAboutToChange(p, pMem);
004733        }
004734        assert( memIsValid(pMem) );
004735  
004736        REGISTER_TRACE(pOp->p3, pMem);
004737        sqlite3VdbeMemIntegerify(pMem);
004738        assert( (pMem->flags & MEM_Int)!=0 );  /* mem(P3) holds an integer */
004739        if( pMem->u.i==MAX_ROWID || pC->useRandomRowid ){
004740          rc = SQLITE_FULL;   /* IMP: R-17817-00630 */
004741          goto abort_due_to_error;
004742        }
004743        if( v<pMem->u.i+1 ){
004744          v = pMem->u.i + 1;
004745        }
004746        pMem->u.i = v;
004747      }
004748  #endif
004749      if( pC->useRandomRowid ){
004750        /* IMPLEMENTATION-OF: R-07677-41881 If the largest ROWID is equal to the
004751        ** largest possible integer (9223372036854775807) then the database
004752        ** engine starts picking positive candidate ROWIDs at random until
004753        ** it finds one that is not previously used. */
004754        assert( pOp->p3==0 );  /* We cannot be in random rowid mode if this is
004755                               ** an AUTOINCREMENT table. */
004756        cnt = 0;
004757        do{
004758          sqlite3_randomness(sizeof(v), &v);
004759          v &= (MAX_ROWID>>1); v++;  /* Ensure that v is greater than zero */
004760        }while(  ((rc = sqlite3BtreeMovetoUnpacked(pC->uc.pCursor, 0, (u64)v,
004761                                                   0, &res))==SQLITE_OK)
004762              && (res==0)
004763              && (++cnt<100));
004764        if( rc ) goto abort_due_to_error;
004765        if( res==0 ){
004766          rc = SQLITE_FULL;   /* IMP: R-38219-53002 */
004767          goto abort_due_to_error;
004768        }
004769        assert( v>0 );  /* EV: R-40812-03570 */
004770      }
004771      pC->deferredMoveto = 0;
004772      pC->cacheStatus = CACHE_STALE;
004773    }
004774    pOut->u.i = v;
004775    break;
004776  }
004777  
004778  /* Opcode: Insert P1 P2 P3 P4 P5
004779  ** Synopsis: intkey=r[P3] data=r[P2]
004780  **
004781  ** Write an entry into the table of cursor P1.  A new entry is
004782  ** created if it doesn't already exist or the data for an existing
004783  ** entry is overwritten.  The data is the value MEM_Blob stored in register
004784  ** number P2. The key is stored in register P3. The key must
004785  ** be a MEM_Int.
004786  **
004787  ** If the OPFLAG_NCHANGE flag of P5 is set, then the row change count is
004788  ** incremented (otherwise not).  If the OPFLAG_LASTROWID flag of P5 is set,
004789  ** then rowid is stored for subsequent return by the
004790  ** sqlite3_last_insert_rowid() function (otherwise it is unmodified).
004791  **
004792  ** If the OPFLAG_USESEEKRESULT flag of P5 is set, the implementation might
004793  ** run faster by avoiding an unnecessary seek on cursor P1.  However,
004794  ** the OPFLAG_USESEEKRESULT flag must only be set if there have been no prior
004795  ** seeks on the cursor or if the most recent seek used a key equal to P3.
004796  **
004797  ** If the OPFLAG_ISUPDATE flag is set, then this opcode is part of an
004798  ** UPDATE operation.  Otherwise (if the flag is clear) then this opcode
004799  ** is part of an INSERT operation.  The difference is only important to
004800  ** the update hook.
004801  **
004802  ** Parameter P4 may point to a Table structure, or may be NULL. If it is 
004803  ** not NULL, then the update-hook (sqlite3.xUpdateCallback) is invoked 
004804  ** following a successful insert.
004805  **
004806  ** (WARNING/TODO: If P1 is a pseudo-cursor and P2 is dynamically
004807  ** allocated, then ownership of P2 is transferred to the pseudo-cursor
004808  ** and register P2 becomes ephemeral.  If the cursor is changed, the
004809  ** value of register P2 will then change.  Make sure this does not
004810  ** cause any problems.)
004811  **
004812  ** This instruction only works on tables.  The equivalent instruction
004813  ** for indices is OP_IdxInsert.
004814  */
004815  case OP_Insert: {
004816    Mem *pData;       /* MEM cell holding data for the record to be inserted */
004817    Mem *pKey;        /* MEM cell holding key  for the record */
004818    VdbeCursor *pC;   /* Cursor to table into which insert is written */
004819    int seekResult;   /* Result of prior seek or 0 if no USESEEKRESULT flag */
004820    const char *zDb;  /* database name - used by the update hook */
004821    Table *pTab;      /* Table structure - used by update and pre-update hooks */
004822    BtreePayload x;   /* Payload to be inserted */
004823  
004824    pData = &aMem[pOp->p2];
004825    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004826    assert( memIsValid(pData) );
004827    pC = p->apCsr[pOp->p1];
004828    assert( pC!=0 );
004829    assert( pC->eCurType==CURTYPE_BTREE );
004830    assert( pC->deferredMoveto==0 );
004831    assert( pC->uc.pCursor!=0 );
004832    assert( (pOp->p5 & OPFLAG_ISNOOP) || pC->isTable );
004833    assert( pOp->p4type==P4_TABLE || pOp->p4type>=P4_STATIC );
004834    REGISTER_TRACE(pOp->p2, pData);
004835    sqlite3VdbeIncrWriteCounter(p, pC);
004836  
004837    pKey = &aMem[pOp->p3];
004838    assert( pKey->flags & MEM_Int );
004839    assert( memIsValid(pKey) );
004840    REGISTER_TRACE(pOp->p3, pKey);
004841    x.nKey = pKey->u.i;
004842  
004843    if( pOp->p4type==P4_TABLE && HAS_UPDATE_HOOK(db) ){
004844      assert( pC->iDb>=0 );
004845      zDb = db->aDb[pC->iDb].zDbSName;
004846      pTab = pOp->p4.pTab;
004847      assert( (pOp->p5 & OPFLAG_ISNOOP) || HasRowid(pTab) );
004848    }else{
004849      pTab = 0;
004850      zDb = 0;  /* Not needed.  Silence a compiler warning. */
004851    }
004852  
004853  #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
004854    /* Invoke the pre-update hook, if any */
004855    if( pTab ){
004856      if( db->xPreUpdateCallback && !(pOp->p5 & OPFLAG_ISUPDATE) ){
004857        sqlite3VdbePreUpdateHook(p, pC, SQLITE_INSERT, zDb, pTab, x.nKey,pOp->p2);
004858      }
004859      if( db->xUpdateCallback==0 || pTab->aCol==0 ){
004860        /* Prevent post-update hook from running in cases when it should not */
004861        pTab = 0;
004862      }
004863    }
004864    if( pOp->p5 & OPFLAG_ISNOOP ) break;
004865  #endif
004866  
004867    if( pOp->p5 & OPFLAG_NCHANGE ) p->nChange++;
004868    if( pOp->p5 & OPFLAG_LASTROWID ) db->lastRowid = x.nKey;
004869    assert( pData->flags & (MEM_Blob|MEM_Str) );
004870    x.pData = pData->z;
004871    x.nData = pData->n;
004872    seekResult = ((pOp->p5 & OPFLAG_USESEEKRESULT) ? pC->seekResult : 0);
004873    if( pData->flags & MEM_Zero ){
004874      x.nZero = pData->u.nZero;
004875    }else{
004876      x.nZero = 0;
004877    }
004878    x.pKey = 0;
004879    rc = sqlite3BtreeInsert(pC->uc.pCursor, &x,
004880        (pOp->p5 & (OPFLAG_APPEND|OPFLAG_SAVEPOSITION)), seekResult
004881    );
004882    pC->deferredMoveto = 0;
004883    pC->cacheStatus = CACHE_STALE;
004884  
004885    /* Invoke the update-hook if required. */
004886    if( rc ) goto abort_due_to_error;
004887    if( pTab ){
004888      assert( db->xUpdateCallback!=0 );
004889      assert( pTab->aCol!=0 );
004890      db->xUpdateCallback(db->pUpdateArg,
004891             (pOp->p5 & OPFLAG_ISUPDATE) ? SQLITE_UPDATE : SQLITE_INSERT,
004892             zDb, pTab->zName, x.nKey);
004893    }
004894    break;
004895  }
004896  
004897  /* Opcode: Delete P1 P2 P3 P4 P5
004898  **
004899  ** Delete the record at which the P1 cursor is currently pointing.
004900  **
004901  ** If the OPFLAG_SAVEPOSITION bit of the P5 parameter is set, then
004902  ** the cursor will be left pointing at  either the next or the previous
004903  ** record in the table. If it is left pointing at the next record, then
004904  ** the next Next instruction will be a no-op. As a result, in this case
004905  ** it is ok to delete a record from within a Next loop. If 
004906  ** OPFLAG_SAVEPOSITION bit of P5 is clear, then the cursor will be
004907  ** left in an undefined state.
004908  **
004909  ** If the OPFLAG_AUXDELETE bit is set on P5, that indicates that this
004910  ** delete one of several associated with deleting a table row and all its
004911  ** associated index entries.  Exactly one of those deletes is the "primary"
004912  ** delete.  The others are all on OPFLAG_FORDELETE cursors or else are
004913  ** marked with the AUXDELETE flag.
004914  **
004915  ** If the OPFLAG_NCHANGE flag of P2 (NB: P2 not P5) is set, then the row
004916  ** change count is incremented (otherwise not).
004917  **
004918  ** P1 must not be pseudo-table.  It has to be a real table with
004919  ** multiple rows.
004920  **
004921  ** If P4 is not NULL then it points to a Table object. In this case either 
004922  ** the update or pre-update hook, or both, may be invoked. The P1 cursor must
004923  ** have been positioned using OP_NotFound prior to invoking this opcode in 
004924  ** this case. Specifically, if one is configured, the pre-update hook is 
004925  ** invoked if P4 is not NULL. The update-hook is invoked if one is configured, 
004926  ** P4 is not NULL, and the OPFLAG_NCHANGE flag is set in P2.
004927  **
004928  ** If the OPFLAG_ISUPDATE flag is set in P2, then P3 contains the address
004929  ** of the memory cell that contains the value that the rowid of the row will
004930  ** be set to by the update.
004931  */
004932  case OP_Delete: {
004933    VdbeCursor *pC;
004934    const char *zDb;
004935    Table *pTab;
004936    int opflags;
004937  
004938    opflags = pOp->p2;
004939    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
004940    pC = p->apCsr[pOp->p1];
004941    assert( pC!=0 );
004942    assert( pC->eCurType==CURTYPE_BTREE );
004943    assert( pC->uc.pCursor!=0 );
004944    assert( pC->deferredMoveto==0 );
004945    sqlite3VdbeIncrWriteCounter(p, pC);
004946  
004947  #ifdef SQLITE_DEBUG
004948    if( pOp->p4type==P4_TABLE && HasRowid(pOp->p4.pTab) && pOp->p5==0 ){
004949      /* If p5 is zero, the seek operation that positioned the cursor prior to
004950      ** OP_Delete will have also set the pC->movetoTarget field to the rowid of
004951      ** the row that is being deleted */
004952      i64 iKey = sqlite3BtreeIntegerKey(pC->uc.pCursor);
004953      assert( CORRUPT_DB || pC->movetoTarget==iKey );
004954    }
004955  #endif
004956  
004957    /* If the update-hook or pre-update-hook will be invoked, set zDb to
004958    ** the name of the db to pass as to it. Also set local pTab to a copy
004959    ** of p4.pTab. Finally, if p5 is true, indicating that this cursor was
004960    ** last moved with OP_Next or OP_Prev, not Seek or NotFound, set 
004961    ** VdbeCursor.movetoTarget to the current rowid.  */
004962    if( pOp->p4type==P4_TABLE && HAS_UPDATE_HOOK(db) ){
004963      assert( pC->iDb>=0 );
004964      assert( pOp->p4.pTab!=0 );
004965      zDb = db->aDb[pC->iDb].zDbSName;
004966      pTab = pOp->p4.pTab;
004967      if( (pOp->p5 & OPFLAG_SAVEPOSITION)!=0 && pC->isTable ){
004968        pC->movetoTarget = sqlite3BtreeIntegerKey(pC->uc.pCursor);
004969      }
004970    }else{
004971      zDb = 0;   /* Not needed.  Silence a compiler warning. */
004972      pTab = 0;  /* Not needed.  Silence a compiler warning. */
004973    }
004974  
004975  #ifdef SQLITE_ENABLE_PREUPDATE_HOOK
004976    /* Invoke the pre-update-hook if required. */
004977    if( db->xPreUpdateCallback && pOp->p4.pTab ){
004978      assert( !(opflags & OPFLAG_ISUPDATE) 
004979           || HasRowid(pTab)==0 
004980           || (aMem[pOp->p3].flags & MEM_Int) 
004981      );
004982      sqlite3VdbePreUpdateHook(p, pC,
004983          (opflags & OPFLAG_ISUPDATE) ? SQLITE_UPDATE : SQLITE_DELETE, 
004984          zDb, pTab, pC->movetoTarget,
004985          pOp->p3
004986      );
004987    }
004988    if( opflags & OPFLAG_ISNOOP ) break;
004989  #endif
004990   
004991    /* Only flags that can be set are SAVEPOISTION and AUXDELETE */ 
004992    assert( (pOp->p5 & ~(OPFLAG_SAVEPOSITION|OPFLAG_AUXDELETE))==0 );
004993    assert( OPFLAG_SAVEPOSITION==BTREE_SAVEPOSITION );
004994    assert( OPFLAG_AUXDELETE==BTREE_AUXDELETE );
004995  
004996  #ifdef SQLITE_DEBUG
004997    if( p->pFrame==0 ){
004998      if( pC->isEphemeral==0
004999          && (pOp->p5 & OPFLAG_AUXDELETE)==0
005000          && (pC->wrFlag & OPFLAG_FORDELETE)==0
005001        ){
005002        nExtraDelete++;
005003      }
005004      if( pOp->p2 & OPFLAG_NCHANGE ){
005005        nExtraDelete--;
005006      }
005007    }
005008  #endif
005009  
005010    rc = sqlite3BtreeDelete(pC->uc.pCursor, pOp->p5);
005011    pC->cacheStatus = CACHE_STALE;
005012    pC->seekResult = 0;
005013    if( rc ) goto abort_due_to_error;
005014  
005015    /* Invoke the update-hook if required. */
005016    if( opflags & OPFLAG_NCHANGE ){
005017      p->nChange++;
005018      if( db->xUpdateCallback && HasRowid(pTab) ){
005019        db->xUpdateCallback(db->pUpdateArg, SQLITE_DELETE, zDb, pTab->zName,
005020            pC->movetoTarget);
005021        assert( pC->iDb>=0 );
005022      }
005023    }
005024  
005025    break;
005026  }
005027  /* Opcode: ResetCount * * * * *
005028  **
005029  ** The value of the change counter is copied to the database handle
005030  ** change counter (returned by subsequent calls to sqlite3_changes()).
005031  ** Then the VMs internal change counter resets to 0.
005032  ** This is used by trigger programs.
005033  */
005034  case OP_ResetCount: {
005035    sqlite3VdbeSetChanges(db, p->nChange);
005036    p->nChange = 0;
005037    break;
005038  }
005039  
005040  /* Opcode: SorterCompare P1 P2 P3 P4
005041  ** Synopsis: if key(P1)!=trim(r[P3],P4) goto P2
005042  **
005043  ** P1 is a sorter cursor. This instruction compares a prefix of the
005044  ** record blob in register P3 against a prefix of the entry that 
005045  ** the sorter cursor currently points to.  Only the first P4 fields
005046  ** of r[P3] and the sorter record are compared.
005047  **
005048  ** If either P3 or the sorter contains a NULL in one of their significant
005049  ** fields (not counting the P4 fields at the end which are ignored) then
005050  ** the comparison is assumed to be equal.
005051  **
005052  ** Fall through to next instruction if the two records compare equal to
005053  ** each other.  Jump to P2 if they are different.
005054  */
005055  case OP_SorterCompare: {
005056    VdbeCursor *pC;
005057    int res;
005058    int nKeyCol;
005059  
005060    pC = p->apCsr[pOp->p1];
005061    assert( isSorter(pC) );
005062    assert( pOp->p4type==P4_INT32 );
005063    pIn3 = &aMem[pOp->p3];
005064    nKeyCol = pOp->p4.i;
005065    res = 0;
005066    rc = sqlite3VdbeSorterCompare(pC, pIn3, nKeyCol, &res);
005067    VdbeBranchTaken(res!=0,2);
005068    if( rc ) goto abort_due_to_error;
005069    if( res ) goto jump_to_p2;
005070    break;
005071  };
005072  
005073  /* Opcode: SorterData P1 P2 P3 * *
005074  ** Synopsis: r[P2]=data
005075  **
005076  ** Write into register P2 the current sorter data for sorter cursor P1.
005077  ** Then clear the column header cache on cursor P3.
005078  **
005079  ** This opcode is normally use to move a record out of the sorter and into
005080  ** a register that is the source for a pseudo-table cursor created using
005081  ** OpenPseudo.  That pseudo-table cursor is the one that is identified by
005082  ** parameter P3.  Clearing the P3 column cache as part of this opcode saves
005083  ** us from having to issue a separate NullRow instruction to clear that cache.
005084  */
005085  case OP_SorterData: {
005086    VdbeCursor *pC;
005087  
005088    pOut = &aMem[pOp->p2];
005089    pC = p->apCsr[pOp->p1];
005090    assert( isSorter(pC) );
005091    rc = sqlite3VdbeSorterRowkey(pC, pOut);
005092    assert( rc!=SQLITE_OK || (pOut->flags & MEM_Blob) );
005093    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005094    if( rc ) goto abort_due_to_error;
005095    p->apCsr[pOp->p3]->cacheStatus = CACHE_STALE;
005096    break;
005097  }
005098  
005099  /* Opcode: RowData P1 P2 P3 * *
005100  ** Synopsis: r[P2]=data
005101  **
005102  ** Write into register P2 the complete row content for the row at 
005103  ** which cursor P1 is currently pointing.
005104  ** There is no interpretation of the data.  
005105  ** It is just copied onto the P2 register exactly as 
005106  ** it is found in the database file.
005107  **
005108  ** If cursor P1 is an index, then the content is the key of the row.
005109  ** If cursor P2 is a table, then the content extracted is the data.
005110  **
005111  ** If the P1 cursor must be pointing to a valid row (not a NULL row)
005112  ** of a real table, not a pseudo-table.
005113  **
005114  ** If P3!=0 then this opcode is allowed to make an ephemeral pointer
005115  ** into the database page.  That means that the content of the output
005116  ** register will be invalidated as soon as the cursor moves - including
005117  ** moves caused by other cursors that "save" the current cursors
005118  ** position in order that they can write to the same table.  If P3==0
005119  ** then a copy of the data is made into memory.  P3!=0 is faster, but
005120  ** P3==0 is safer.
005121  **
005122  ** If P3!=0 then the content of the P2 register is unsuitable for use
005123  ** in OP_Result and any OP_Result will invalidate the P2 register content.
005124  ** The P2 register content is invalidated by opcodes like OP_Function or
005125  ** by any use of another cursor pointing to the same table.
005126  */
005127  case OP_RowData: {
005128    VdbeCursor *pC;
005129    BtCursor *pCrsr;
005130    u32 n;
005131  
005132    pOut = out2Prerelease(p, pOp);
005133  
005134    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005135    pC = p->apCsr[pOp->p1];
005136    assert( pC!=0 );
005137    assert( pC->eCurType==CURTYPE_BTREE );
005138    assert( isSorter(pC)==0 );
005139    assert( pC->nullRow==0 );
005140    assert( pC->uc.pCursor!=0 );
005141    pCrsr = pC->uc.pCursor;
005142  
005143    /* The OP_RowData opcodes always follow OP_NotExists or
005144    ** OP_SeekRowid or OP_Rewind/Op_Next with no intervening instructions
005145    ** that might invalidate the cursor.
005146    ** If this where not the case, on of the following assert()s
005147    ** would fail.  Should this ever change (because of changes in the code
005148    ** generator) then the fix would be to insert a call to
005149    ** sqlite3VdbeCursorMoveto().
005150    */
005151    assert( pC->deferredMoveto==0 );
005152    assert( sqlite3BtreeCursorIsValid(pCrsr) );
005153  #if 0  /* Not required due to the previous to assert() statements */
005154    rc = sqlite3VdbeCursorMoveto(pC);
005155    if( rc!=SQLITE_OK ) goto abort_due_to_error;
005156  #endif
005157  
005158    n = sqlite3BtreePayloadSize(pCrsr);
005159    if( n>(u32)db->aLimit[SQLITE_LIMIT_LENGTH] ){
005160      goto too_big;
005161    }
005162    testcase( n==0 );
005163    rc = sqlite3VdbeMemFromBtree(pCrsr, 0, n, pOut);
005164    if( rc ) goto abort_due_to_error;
005165    if( !pOp->p3 ) Deephemeralize(pOut);
005166    UPDATE_MAX_BLOBSIZE(pOut);
005167    REGISTER_TRACE(pOp->p2, pOut);
005168    break;
005169  }
005170  
005171  /* Opcode: Rowid P1 P2 * * *
005172  ** Synopsis: r[P2]=rowid
005173  **
005174  ** Store in register P2 an integer which is the key of the table entry that
005175  ** P1 is currently point to.
005176  **
005177  ** P1 can be either an ordinary table or a virtual table.  There used to
005178  ** be a separate OP_VRowid opcode for use with virtual tables, but this
005179  ** one opcode now works for both table types.
005180  */
005181  case OP_Rowid: {                 /* out2 */
005182    VdbeCursor *pC;
005183    i64 v;
005184    sqlite3_vtab *pVtab;
005185    const sqlite3_module *pModule;
005186  
005187    pOut = out2Prerelease(p, pOp);
005188    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005189    pC = p->apCsr[pOp->p1];
005190    assert( pC!=0 );
005191    assert( pC->eCurType!=CURTYPE_PSEUDO || pC->nullRow );
005192    if( pC->nullRow ){
005193      pOut->flags = MEM_Null;
005194      break;
005195    }else if( pC->deferredMoveto ){
005196      v = pC->movetoTarget;
005197  #ifndef SQLITE_OMIT_VIRTUALTABLE
005198    }else if( pC->eCurType==CURTYPE_VTAB ){
005199      assert( pC->uc.pVCur!=0 );
005200      pVtab = pC->uc.pVCur->pVtab;
005201      pModule = pVtab->pModule;
005202      assert( pModule->xRowid );
005203      rc = pModule->xRowid(pC->uc.pVCur, &v);
005204      sqlite3VtabImportErrmsg(p, pVtab);
005205      if( rc ) goto abort_due_to_error;
005206  #endif /* SQLITE_OMIT_VIRTUALTABLE */
005207    }else{
005208      assert( pC->eCurType==CURTYPE_BTREE );
005209      assert( pC->uc.pCursor!=0 );
005210      rc = sqlite3VdbeCursorRestore(pC);
005211      if( rc ) goto abort_due_to_error;
005212      if( pC->nullRow ){
005213        pOut->flags = MEM_Null;
005214        break;
005215      }
005216      v = sqlite3BtreeIntegerKey(pC->uc.pCursor);
005217    }
005218    pOut->u.i = v;
005219    break;
005220  }
005221  
005222  /* Opcode: NullRow P1 * * * *
005223  **
005224  ** Move the cursor P1 to a null row.  Any OP_Column operations
005225  ** that occur while the cursor is on the null row will always
005226  ** write a NULL.
005227  */
005228  case OP_NullRow: {
005229    VdbeCursor *pC;
005230  
005231    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005232    pC = p->apCsr[pOp->p1];
005233    assert( pC!=0 );
005234    pC->nullRow = 1;
005235    pC->cacheStatus = CACHE_STALE;
005236    if( pC->eCurType==CURTYPE_BTREE ){
005237      assert( pC->uc.pCursor!=0 );
005238      sqlite3BtreeClearCursor(pC->uc.pCursor);
005239    }
005240  #ifdef SQLITE_DEBUG
005241    if( pC->seekOp==0 ) pC->seekOp = OP_NullRow;
005242  #endif
005243    break;
005244  }
005245  
005246  /* Opcode: SeekEnd P1 * * * *
005247  **
005248  ** Position cursor P1 at the end of the btree for the purpose of
005249  ** appending a new entry onto the btree.
005250  **
005251  ** It is assumed that the cursor is used only for appending and so
005252  ** if the cursor is valid, then the cursor must already be pointing
005253  ** at the end of the btree and so no changes are made to
005254  ** the cursor.
005255  */
005256  /* Opcode: Last P1 P2 * * *
005257  **
005258  ** The next use of the Rowid or Column or Prev instruction for P1 
005259  ** will refer to the last entry in the database table or index.
005260  ** If the table or index is empty and P2>0, then jump immediately to P2.
005261  ** If P2 is 0 or if the table or index is not empty, fall through
005262  ** to the following instruction.
005263  **
005264  ** This opcode leaves the cursor configured to move in reverse order,
005265  ** from the end toward the beginning.  In other words, the cursor is
005266  ** configured to use Prev, not Next.
005267  */
005268  case OP_SeekEnd:
005269  case OP_Last: {        /* jump */
005270    VdbeCursor *pC;
005271    BtCursor *pCrsr;
005272    int res;
005273  
005274    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005275    pC = p->apCsr[pOp->p1];
005276    assert( pC!=0 );
005277    assert( pC->eCurType==CURTYPE_BTREE );
005278    pCrsr = pC->uc.pCursor;
005279    res = 0;
005280    assert( pCrsr!=0 );
005281  #ifdef SQLITE_DEBUG
005282    pC->seekOp = pOp->opcode;
005283  #endif
005284    if( pOp->opcode==OP_SeekEnd ){
005285      assert( pOp->p2==0 );
005286      pC->seekResult = -1;
005287      if( sqlite3BtreeCursorIsValidNN(pCrsr) ){
005288        break;
005289      }
005290    }
005291    rc = sqlite3BtreeLast(pCrsr, &res);
005292    pC->nullRow = (u8)res;
005293    pC->deferredMoveto = 0;
005294    pC->cacheStatus = CACHE_STALE;
005295    if( rc ) goto abort_due_to_error;
005296    if( pOp->p2>0 ){
005297      VdbeBranchTaken(res!=0,2);
005298      if( res ) goto jump_to_p2;
005299    }
005300    break;
005301  }
005302  
005303  /* Opcode: IfSmaller P1 P2 P3 * *
005304  **
005305  ** Estimate the number of rows in the table P1.  Jump to P2 if that
005306  ** estimate is less than approximately 2**(0.1*P3).
005307  */
005308  case OP_IfSmaller: {        /* jump */
005309    VdbeCursor *pC;
005310    BtCursor *pCrsr;
005311    int res;
005312    i64 sz;
005313  
005314    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005315    pC = p->apCsr[pOp->p1];
005316    assert( pC!=0 );
005317    pCrsr = pC->uc.pCursor;
005318    assert( pCrsr );
005319    rc = sqlite3BtreeFirst(pCrsr, &res);
005320    if( rc ) goto abort_due_to_error;
005321    if( res==0 ){
005322      sz = sqlite3BtreeRowCountEst(pCrsr);
005323      if( ALWAYS(sz>=0) && sqlite3LogEst((u64)sz)<pOp->p3 ) res = 1;
005324    }
005325    VdbeBranchTaken(res!=0,2);
005326    if( res ) goto jump_to_p2;
005327    break;
005328  }
005329  
005330  
005331  /* Opcode: SorterSort P1 P2 * * *
005332  **
005333  ** After all records have been inserted into the Sorter object
005334  ** identified by P1, invoke this opcode to actually do the sorting.
005335  ** Jump to P2 if there are no records to be sorted.
005336  **
005337  ** This opcode is an alias for OP_Sort and OP_Rewind that is used
005338  ** for Sorter objects.
005339  */
005340  /* Opcode: Sort P1 P2 * * *
005341  **
005342  ** This opcode does exactly the same thing as OP_Rewind except that
005343  ** it increments an undocumented global variable used for testing.
005344  **
005345  ** Sorting is accomplished by writing records into a sorting index,
005346  ** then rewinding that index and playing it back from beginning to
005347  ** end.  We use the OP_Sort opcode instead of OP_Rewind to do the
005348  ** rewinding so that the global variable will be incremented and
005349  ** regression tests can determine whether or not the optimizer is
005350  ** correctly optimizing out sorts.
005351  */
005352  case OP_SorterSort:    /* jump */
005353  case OP_Sort: {        /* jump */
005354  #ifdef SQLITE_TEST
005355    sqlite3_sort_count++;
005356    sqlite3_search_count--;
005357  #endif
005358    p->aCounter[SQLITE_STMTSTATUS_SORT]++;
005359    /* Fall through into OP_Rewind */
005360  }
005361  /* Opcode: Rewind P1 P2 * * *
005362  **
005363  ** The next use of the Rowid or Column or Next instruction for P1 
005364  ** will refer to the first entry in the database table or index.
005365  ** If the table or index is empty, jump immediately to P2.
005366  ** If the table or index is not empty, fall through to the following 
005367  ** instruction.
005368  **
005369  ** This opcode leaves the cursor configured to move in forward order,
005370  ** from the beginning toward the end.  In other words, the cursor is
005371  ** configured to use Next, not Prev.
005372  */
005373  case OP_Rewind: {        /* jump */
005374    VdbeCursor *pC;
005375    BtCursor *pCrsr;
005376    int res;
005377  
005378    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005379    assert( pOp->p5==0 );
005380    pC = p->apCsr[pOp->p1];
005381    assert( pC!=0 );
005382    assert( isSorter(pC)==(pOp->opcode==OP_SorterSort) );
005383    res = 1;
005384  #ifdef SQLITE_DEBUG
005385    pC->seekOp = OP_Rewind;
005386  #endif
005387    if( isSorter(pC) ){
005388      rc = sqlite3VdbeSorterRewind(pC, &res);
005389    }else{
005390      assert( pC->eCurType==CURTYPE_BTREE );
005391      pCrsr = pC->uc.pCursor;
005392      assert( pCrsr );
005393      rc = sqlite3BtreeFirst(pCrsr, &res);
005394      pC->deferredMoveto = 0;
005395      pC->cacheStatus = CACHE_STALE;
005396    }
005397    if( rc ) goto abort_due_to_error;
005398    pC->nullRow = (u8)res;
005399    assert( pOp->p2>0 && pOp->p2<p->nOp );
005400    VdbeBranchTaken(res!=0,2);
005401    if( res ) goto jump_to_p2;
005402    break;
005403  }
005404  
005405  /* Opcode: Next P1 P2 P3 P4 P5
005406  **
005407  ** Advance cursor P1 so that it points to the next key/data pair in its
005408  ** table or index.  If there are no more key/value pairs then fall through
005409  ** to the following instruction.  But if the cursor advance was successful,
005410  ** jump immediately to P2.
005411  **
005412  ** The Next opcode is only valid following an SeekGT, SeekGE, or
005413  ** OP_Rewind opcode used to position the cursor.  Next is not allowed
005414  ** to follow SeekLT, SeekLE, or OP_Last.
005415  **
005416  ** The P1 cursor must be for a real table, not a pseudo-table.  P1 must have
005417  ** been opened prior to this opcode or the program will segfault.
005418  **
005419  ** The P3 value is a hint to the btree implementation. If P3==1, that
005420  ** means P1 is an SQL index and that this instruction could have been
005421  ** omitted if that index had been unique.  P3 is usually 0.  P3 is
005422  ** always either 0 or 1.
005423  **
005424  ** P4 is always of type P4_ADVANCE. The function pointer points to
005425  ** sqlite3BtreeNext().
005426  **
005427  ** If P5 is positive and the jump is taken, then event counter
005428  ** number P5-1 in the prepared statement is incremented.
005429  **
005430  ** See also: Prev
005431  */
005432  /* Opcode: Prev P1 P2 P3 P4 P5
005433  **
005434  ** Back up cursor P1 so that it points to the previous key/data pair in its
005435  ** table or index.  If there is no previous key/value pairs then fall through
005436  ** to the following instruction.  But if the cursor backup was successful,
005437  ** jump immediately to P2.
005438  **
005439  **
005440  ** The Prev opcode is only valid following an SeekLT, SeekLE, or
005441  ** OP_Last opcode used to position the cursor.  Prev is not allowed
005442  ** to follow SeekGT, SeekGE, or OP_Rewind.
005443  **
005444  ** The P1 cursor must be for a real table, not a pseudo-table.  If P1 is
005445  ** not open then the behavior is undefined.
005446  **
005447  ** The P3 value is a hint to the btree implementation. If P3==1, that
005448  ** means P1 is an SQL index and that this instruction could have been
005449  ** omitted if that index had been unique.  P3 is usually 0.  P3 is
005450  ** always either 0 or 1.
005451  **
005452  ** P4 is always of type P4_ADVANCE. The function pointer points to
005453  ** sqlite3BtreePrevious().
005454  **
005455  ** If P5 is positive and the jump is taken, then event counter
005456  ** number P5-1 in the prepared statement is incremented.
005457  */
005458  /* Opcode: SorterNext P1 P2 * * P5
005459  **
005460  ** This opcode works just like OP_Next except that P1 must be a
005461  ** sorter object for which the OP_SorterSort opcode has been
005462  ** invoked.  This opcode advances the cursor to the next sorted
005463  ** record, or jumps to P2 if there are no more sorted records.
005464  */
005465  case OP_SorterNext: {  /* jump */
005466    VdbeCursor *pC;
005467  
005468    pC = p->apCsr[pOp->p1];
005469    assert( isSorter(pC) );
005470    rc = sqlite3VdbeSorterNext(db, pC);
005471    goto next_tail;
005472  case OP_Prev:          /* jump */
005473  case OP_Next:          /* jump */
005474    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005475    assert( pOp->p5<ArraySize(p->aCounter) );
005476    pC = p->apCsr[pOp->p1];
005477    assert( pC!=0 );
005478    assert( pC->deferredMoveto==0 );
005479    assert( pC->eCurType==CURTYPE_BTREE );
005480    assert( pOp->opcode!=OP_Next || pOp->p4.xAdvance==sqlite3BtreeNext );
005481    assert( pOp->opcode!=OP_Prev || pOp->p4.xAdvance==sqlite3BtreePrevious );
005482  
005483    /* The Next opcode is only used after SeekGT, SeekGE, Rewind, and Found.
005484    ** The Prev opcode is only used after SeekLT, SeekLE, and Last. */
005485    assert( pOp->opcode!=OP_Next
005486         || pC->seekOp==OP_SeekGT || pC->seekOp==OP_SeekGE
005487         || pC->seekOp==OP_Rewind || pC->seekOp==OP_Found
005488         || pC->seekOp==OP_NullRow|| pC->seekOp==OP_SeekRowid
005489         || pC->seekOp==OP_IfNoHope);
005490    assert( pOp->opcode!=OP_Prev
005491         || pC->seekOp==OP_SeekLT || pC->seekOp==OP_SeekLE
005492         || pC->seekOp==OP_Last   || pC->seekOp==OP_IfNoHope
005493         || pC->seekOp==OP_NullRow);
005494  
005495    rc = pOp->p4.xAdvance(pC->uc.pCursor, pOp->p3);
005496  next_tail:
005497    pC->cacheStatus = CACHE_STALE;
005498    VdbeBranchTaken(rc==SQLITE_OK,2);
005499    if( rc==SQLITE_OK ){
005500      pC->nullRow = 0;
005501      p->aCounter[pOp->p5]++;
005502  #ifdef SQLITE_TEST
005503      sqlite3_search_count++;
005504  #endif
005505      goto jump_to_p2_and_check_for_interrupt;
005506    }
005507    if( rc!=SQLITE_DONE ) goto abort_due_to_error;
005508    rc = SQLITE_OK;
005509    pC->nullRow = 1;
005510    goto check_for_interrupt;
005511  }
005512  
005513  /* Opcode: IdxInsert P1 P2 P3 P4 P5
005514  ** Synopsis: key=r[P2]
005515  **
005516  ** Register P2 holds an SQL index key made using the
005517  ** MakeRecord instructions.  This opcode writes that key
005518  ** into the index P1.  Data for the entry is nil.
005519  **
005520  ** If P4 is not zero, then it is the number of values in the unpacked
005521  ** key of reg(P2).  In that case, P3 is the index of the first register
005522  ** for the unpacked key.  The availability of the unpacked key can sometimes
005523  ** be an optimization.
005524  **
005525  ** If P5 has the OPFLAG_APPEND bit set, that is a hint to the b-tree layer
005526  ** that this insert is likely to be an append.
005527  **
005528  ** If P5 has the OPFLAG_NCHANGE bit set, then the change counter is
005529  ** incremented by this instruction.  If the OPFLAG_NCHANGE bit is clear,
005530  ** then the change counter is unchanged.
005531  **
005532  ** If the OPFLAG_USESEEKRESULT flag of P5 is set, the implementation might
005533  ** run faster by avoiding an unnecessary seek on cursor P1.  However,
005534  ** the OPFLAG_USESEEKRESULT flag must only be set if there have been no prior
005535  ** seeks on the cursor or if the most recent seek used a key equivalent
005536  ** to P2. 
005537  **
005538  ** This instruction only works for indices.  The equivalent instruction
005539  ** for tables is OP_Insert.
005540  */
005541  /* Opcode: SorterInsert P1 P2 * * *
005542  ** Synopsis: key=r[P2]
005543  **
005544  ** Register P2 holds an SQL index key made using the
005545  ** MakeRecord instructions.  This opcode writes that key
005546  ** into the sorter P1.  Data for the entry is nil.
005547  */
005548  case OP_SorterInsert:       /* in2 */
005549  case OP_IdxInsert: {        /* in2 */
005550    VdbeCursor *pC;
005551    BtreePayload x;
005552  
005553    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005554    pC = p->apCsr[pOp->p1];
005555    sqlite3VdbeIncrWriteCounter(p, pC);
005556    assert( pC!=0 );
005557    assert( isSorter(pC)==(pOp->opcode==OP_SorterInsert) );
005558    pIn2 = &aMem[pOp->p2];
005559    assert( pIn2->flags & MEM_Blob );
005560    if( pOp->p5 & OPFLAG_NCHANGE ) p->nChange++;
005561    assert( pC->eCurType==CURTYPE_BTREE || pOp->opcode==OP_SorterInsert );
005562    assert( pC->isTable==0 );
005563    rc = ExpandBlob(pIn2);
005564    if( rc ) goto abort_due_to_error;
005565    if( pOp->opcode==OP_SorterInsert ){
005566      rc = sqlite3VdbeSorterWrite(pC, pIn2);
005567    }else{
005568      x.nKey = pIn2->n;
005569      x.pKey = pIn2->z;
005570      x.aMem = aMem + pOp->p3;
005571      x.nMem = (u16)pOp->p4.i;
005572      rc = sqlite3BtreeInsert(pC->uc.pCursor, &x,
005573           (pOp->p5 & (OPFLAG_APPEND|OPFLAG_SAVEPOSITION)), 
005574          ((pOp->p5 & OPFLAG_USESEEKRESULT) ? pC->seekResult : 0)
005575          );
005576      assert( pC->deferredMoveto==0 );
005577      pC->cacheStatus = CACHE_STALE;
005578    }
005579    if( rc) goto abort_due_to_error;
005580    break;
005581  }
005582  
005583  /* Opcode: IdxDelete P1 P2 P3 * *
005584  ** Synopsis: key=r[P2@P3]
005585  **
005586  ** The content of P3 registers starting at register P2 form
005587  ** an unpacked index key. This opcode removes that entry from the 
005588  ** index opened by cursor P1.
005589  */
005590  case OP_IdxDelete: {
005591    VdbeCursor *pC;
005592    BtCursor *pCrsr;
005593    int res;
005594    UnpackedRecord r;
005595  
005596    assert( pOp->p3>0 );
005597    assert( pOp->p2>0 && pOp->p2+pOp->p3<=(p->nMem+1 - p->nCursor)+1 );
005598    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005599    pC = p->apCsr[pOp->p1];
005600    assert( pC!=0 );
005601    assert( pC->eCurType==CURTYPE_BTREE );
005602    sqlite3VdbeIncrWriteCounter(p, pC);
005603    pCrsr = pC->uc.pCursor;
005604    assert( pCrsr!=0 );
005605    assert( pOp->p5==0 );
005606    r.pKeyInfo = pC->pKeyInfo;
005607    r.nField = (u16)pOp->p3;
005608    r.default_rc = 0;
005609    r.aMem = &aMem[pOp->p2];
005610    rc = sqlite3BtreeMovetoUnpacked(pCrsr, &r, 0, 0, &res);
005611    if( rc ) goto abort_due_to_error;
005612    if( res==0 ){
005613      rc = sqlite3BtreeDelete(pCrsr, BTREE_AUXDELETE);
005614      if( rc ) goto abort_due_to_error;
005615    }
005616    assert( pC->deferredMoveto==0 );
005617    pC->cacheStatus = CACHE_STALE;
005618    pC->seekResult = 0;
005619    break;
005620  }
005621  
005622  /* Opcode: DeferredSeek P1 * P3 P4 *
005623  ** Synopsis: Move P3 to P1.rowid if needed
005624  **
005625  ** P1 is an open index cursor and P3 is a cursor on the corresponding
005626  ** table.  This opcode does a deferred seek of the P3 table cursor
005627  ** to the row that corresponds to the current row of P1.
005628  **
005629  ** This is a deferred seek.  Nothing actually happens until
005630  ** the cursor is used to read a record.  That way, if no reads
005631  ** occur, no unnecessary I/O happens.
005632  **
005633  ** P4 may be an array of integers (type P4_INTARRAY) containing
005634  ** one entry for each column in the P3 table.  If array entry a(i)
005635  ** is non-zero, then reading column a(i)-1 from cursor P3 is 
005636  ** equivalent to performing the deferred seek and then reading column i 
005637  ** from P1.  This information is stored in P3 and used to redirect
005638  ** reads against P3 over to P1, thus possibly avoiding the need to
005639  ** seek and read cursor P3.
005640  */
005641  /* Opcode: IdxRowid P1 P2 * * *
005642  ** Synopsis: r[P2]=rowid
005643  **
005644  ** Write into register P2 an integer which is the last entry in the record at
005645  ** the end of the index key pointed to by cursor P1.  This integer should be
005646  ** the rowid of the table entry to which this index entry points.
005647  **
005648  ** See also: Rowid, MakeRecord.
005649  */
005650  case OP_DeferredSeek:
005651  case OP_IdxRowid: {           /* out2 */
005652    VdbeCursor *pC;             /* The P1 index cursor */
005653    VdbeCursor *pTabCur;        /* The P2 table cursor (OP_DeferredSeek only) */
005654    i64 rowid;                  /* Rowid that P1 current points to */
005655  
005656    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005657    pC = p->apCsr[pOp->p1];
005658    assert( pC!=0 );
005659    assert( pC->eCurType==CURTYPE_BTREE );
005660    assert( pC->uc.pCursor!=0 );
005661    assert( pC->isTable==0 );
005662    assert( pC->deferredMoveto==0 );
005663    assert( !pC->nullRow || pOp->opcode==OP_IdxRowid );
005664  
005665    /* The IdxRowid and Seek opcodes are combined because of the commonality
005666    ** of sqlite3VdbeCursorRestore() and sqlite3VdbeIdxRowid(). */
005667    rc = sqlite3VdbeCursorRestore(pC);
005668  
005669    /* sqlite3VbeCursorRestore() can only fail if the record has been deleted
005670    ** out from under the cursor.  That will never happens for an IdxRowid
005671    ** or Seek opcode */
005672    if( NEVER(rc!=SQLITE_OK) ) goto abort_due_to_error;
005673  
005674    if( !pC->nullRow ){
005675      rowid = 0;  /* Not needed.  Only used to silence a warning. */
005676      rc = sqlite3VdbeIdxRowid(db, pC->uc.pCursor, &rowid);
005677      if( rc!=SQLITE_OK ){
005678        goto abort_due_to_error;
005679      }
005680      if( pOp->opcode==OP_DeferredSeek ){
005681        assert( pOp->p3>=0 && pOp->p3<p->nCursor );
005682        pTabCur = p->apCsr[pOp->p3];
005683        assert( pTabCur!=0 );
005684        assert( pTabCur->eCurType==CURTYPE_BTREE );
005685        assert( pTabCur->uc.pCursor!=0 );
005686        assert( pTabCur->isTable );
005687        pTabCur->nullRow = 0;
005688        pTabCur->movetoTarget = rowid;
005689        pTabCur->deferredMoveto = 1;
005690        assert( pOp->p4type==P4_INTARRAY || pOp->p4.ai==0 );
005691        pTabCur->aAltMap = pOp->p4.ai;
005692        pTabCur->pAltCursor = pC;
005693      }else{
005694        pOut = out2Prerelease(p, pOp);
005695        pOut->u.i = rowid;
005696      }
005697    }else{
005698      assert( pOp->opcode==OP_IdxRowid );
005699      sqlite3VdbeMemSetNull(&aMem[pOp->p2]);
005700    }
005701    break;
005702  }
005703  
005704  /* Opcode: FinishSeek P1 * * * *
005705  ** 
005706  ** If cursor P1 was previously moved via OP_DeferredSeek, complete that
005707  ** seek operation now, without further delay.  If the cursor seek has
005708  ** already occurred, this instruction is a no-op.
005709  */
005710  case OP_FinishSeek: {
005711    VdbeCursor *pC;             /* The P1 index cursor */
005712  
005713    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005714    pC = p->apCsr[pOp->p1];
005715    if( pC->deferredMoveto ){
005716      rc = sqlite3VdbeFinishMoveto(pC);
005717      if( rc ) goto abort_due_to_error;
005718    }
005719    break;
005720  }
005721  
005722  /* Opcode: IdxGE P1 P2 P3 P4 P5
005723  ** Synopsis: key=r[P3@P4]
005724  **
005725  ** The P4 register values beginning with P3 form an unpacked index 
005726  ** key that omits the PRIMARY KEY.  Compare this key value against the index 
005727  ** that P1 is currently pointing to, ignoring the PRIMARY KEY or ROWID 
005728  ** fields at the end.
005729  **
005730  ** If the P1 index entry is greater than or equal to the key value
005731  ** then jump to P2.  Otherwise fall through to the next instruction.
005732  */
005733  /* Opcode: IdxGT P1 P2 P3 P4 P5
005734  ** Synopsis: key=r[P3@P4]
005735  **
005736  ** The P4 register values beginning with P3 form an unpacked index 
005737  ** key that omits the PRIMARY KEY.  Compare this key value against the index 
005738  ** that P1 is currently pointing to, ignoring the PRIMARY KEY or ROWID 
005739  ** fields at the end.
005740  **
005741  ** If the P1 index entry is greater than the key value
005742  ** then jump to P2.  Otherwise fall through to the next instruction.
005743  */
005744  /* Opcode: IdxLT P1 P2 P3 P4 P5
005745  ** Synopsis: key=r[P3@P4]
005746  **
005747  ** The P4 register values beginning with P3 form an unpacked index 
005748  ** key that omits the PRIMARY KEY or ROWID.  Compare this key value against
005749  ** the index that P1 is currently pointing to, ignoring the PRIMARY KEY or
005750  ** ROWID on the P1 index.
005751  **
005752  ** If the P1 index entry is less than the key value then jump to P2.
005753  ** Otherwise fall through to the next instruction.
005754  */
005755  /* Opcode: IdxLE P1 P2 P3 P4 P5
005756  ** Synopsis: key=r[P3@P4]
005757  **
005758  ** The P4 register values beginning with P3 form an unpacked index 
005759  ** key that omits the PRIMARY KEY or ROWID.  Compare this key value against
005760  ** the index that P1 is currently pointing to, ignoring the PRIMARY KEY or
005761  ** ROWID on the P1 index.
005762  **
005763  ** If the P1 index entry is less than or equal to the key value then jump
005764  ** to P2. Otherwise fall through to the next instruction.
005765  */
005766  case OP_IdxLE:          /* jump */
005767  case OP_IdxGT:          /* jump */
005768  case OP_IdxLT:          /* jump */
005769  case OP_IdxGE:  {       /* jump */
005770    VdbeCursor *pC;
005771    int res;
005772    UnpackedRecord r;
005773  
005774    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005775    pC = p->apCsr[pOp->p1];
005776    assert( pC!=0 );
005777    assert( pC->isOrdered );
005778    assert( pC->eCurType==CURTYPE_BTREE );
005779    assert( pC->uc.pCursor!=0);
005780    assert( pC->deferredMoveto==0 );
005781    assert( pOp->p5==0 || pOp->p5==1 );
005782    assert( pOp->p4type==P4_INT32 );
005783    r.pKeyInfo = pC->pKeyInfo;
005784    r.nField = (u16)pOp->p4.i;
005785    if( pOp->opcode<OP_IdxLT ){
005786      assert( pOp->opcode==OP_IdxLE || pOp->opcode==OP_IdxGT );
005787      r.default_rc = -1;
005788    }else{
005789      assert( pOp->opcode==OP_IdxGE || pOp->opcode==OP_IdxLT );
005790      r.default_rc = 0;
005791    }
005792    r.aMem = &aMem[pOp->p3];
005793  #ifdef SQLITE_DEBUG
005794    {
005795      int i;
005796      for(i=0; i<r.nField; i++){
005797        assert( memIsValid(&r.aMem[i]) );
005798        REGISTER_TRACE(pOp->p3+i, &aMem[pOp->p3+i]);
005799      }
005800    }
005801  #endif
005802    res = 0;  /* Not needed.  Only used to silence a warning. */
005803    rc = sqlite3VdbeIdxKeyCompare(db, pC, &r, &res);
005804    assert( (OP_IdxLE&1)==(OP_IdxLT&1) && (OP_IdxGE&1)==(OP_IdxGT&1) );
005805    if( (pOp->opcode&1)==(OP_IdxLT&1) ){
005806      assert( pOp->opcode==OP_IdxLE || pOp->opcode==OP_IdxLT );
005807      res = -res;
005808    }else{
005809      assert( pOp->opcode==OP_IdxGE || pOp->opcode==OP_IdxGT );
005810      res++;
005811    }
005812    VdbeBranchTaken(res>0,2);
005813    if( rc ) goto abort_due_to_error;
005814    if( res>0 ) goto jump_to_p2;
005815    break;
005816  }
005817  
005818  /* Opcode: Destroy P1 P2 P3 * *
005819  **
005820  ** Delete an entire database table or index whose root page in the database
005821  ** file is given by P1.
005822  **
005823  ** The table being destroyed is in the main database file if P3==0.  If
005824  ** P3==1 then the table to be clear is in the auxiliary database file
005825  ** that is used to store tables create using CREATE TEMPORARY TABLE.
005826  **
005827  ** If AUTOVACUUM is enabled then it is possible that another root page
005828  ** might be moved into the newly deleted root page in order to keep all
005829  ** root pages contiguous at the beginning of the database.  The former
005830  ** value of the root page that moved - its value before the move occurred -
005831  ** is stored in register P2. If no page movement was required (because the
005832  ** table being dropped was already the last one in the database) then a 
005833  ** zero is stored in register P2.  If AUTOVACUUM is disabled then a zero 
005834  ** is stored in register P2.
005835  **
005836  ** This opcode throws an error if there are any active reader VMs when
005837  ** it is invoked. This is done to avoid the difficulty associated with 
005838  ** updating existing cursors when a root page is moved in an AUTOVACUUM 
005839  ** database. This error is thrown even if the database is not an AUTOVACUUM 
005840  ** db in order to avoid introducing an incompatibility between autovacuum 
005841  ** and non-autovacuum modes.
005842  **
005843  ** See also: Clear
005844  */
005845  case OP_Destroy: {     /* out2 */
005846    int iMoved;
005847    int iDb;
005848  
005849    sqlite3VdbeIncrWriteCounter(p, 0);
005850    assert( p->readOnly==0 );
005851    assert( pOp->p1>1 );
005852    pOut = out2Prerelease(p, pOp);
005853    pOut->flags = MEM_Null;
005854    if( db->nVdbeRead > db->nVDestroy+1 ){
005855      rc = SQLITE_LOCKED;
005856      p->errorAction = OE_Abort;
005857      goto abort_due_to_error;
005858    }else{
005859      iDb = pOp->p3;
005860      assert( DbMaskTest(p->btreeMask, iDb) );
005861      iMoved = 0;  /* Not needed.  Only to silence a warning. */
005862      rc = sqlite3BtreeDropTable(db->aDb[iDb].pBt, pOp->p1, &iMoved);
005863      pOut->flags = MEM_Int;
005864      pOut->u.i = iMoved;
005865      if( rc ) goto abort_due_to_error;
005866  #ifndef SQLITE_OMIT_AUTOVACUUM
005867      if( iMoved!=0 ){
005868        sqlite3RootPageMoved(db, iDb, iMoved, pOp->p1);
005869        /* All OP_Destroy operations occur on the same btree */
005870        assert( resetSchemaOnFault==0 || resetSchemaOnFault==iDb+1 );
005871        resetSchemaOnFault = iDb+1;
005872      }
005873  #endif
005874    }
005875    break;
005876  }
005877  
005878  /* Opcode: Clear P1 P2 P3
005879  **
005880  ** Delete all contents of the database table or index whose root page
005881  ** in the database file is given by P1.  But, unlike Destroy, do not
005882  ** remove the table or index from the database file.
005883  **
005884  ** The table being clear is in the main database file if P2==0.  If
005885  ** P2==1 then the table to be clear is in the auxiliary database file
005886  ** that is used to store tables create using CREATE TEMPORARY TABLE.
005887  **
005888  ** If the P3 value is non-zero, then the table referred to must be an
005889  ** intkey table (an SQL table, not an index). In this case the row change 
005890  ** count is incremented by the number of rows in the table being cleared. 
005891  ** If P3 is greater than zero, then the value stored in register P3 is
005892  ** also incremented by the number of rows in the table being cleared.
005893  **
005894  ** See also: Destroy
005895  */
005896  case OP_Clear: {
005897    int nChange;
005898   
005899    sqlite3VdbeIncrWriteCounter(p, 0);
005900    nChange = 0;
005901    assert( p->readOnly==0 );
005902    assert( DbMaskTest(p->btreeMask, pOp->p2) );
005903    rc = sqlite3BtreeClearTable(
005904        db->aDb[pOp->p2].pBt, pOp->p1, (pOp->p3 ? &nChange : 0)
005905    );
005906    if( pOp->p3 ){
005907      p->nChange += nChange;
005908      if( pOp->p3>0 ){
005909        assert( memIsValid(&aMem[pOp->p3]) );
005910        memAboutToChange(p, &aMem[pOp->p3]);
005911        aMem[pOp->p3].u.i += nChange;
005912      }
005913    }
005914    if( rc ) goto abort_due_to_error;
005915    break;
005916  }
005917  
005918  /* Opcode: ResetSorter P1 * * * *
005919  **
005920  ** Delete all contents from the ephemeral table or sorter
005921  ** that is open on cursor P1.
005922  **
005923  ** This opcode only works for cursors used for sorting and
005924  ** opened with OP_OpenEphemeral or OP_SorterOpen.
005925  */
005926  case OP_ResetSorter: {
005927    VdbeCursor *pC;
005928   
005929    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
005930    pC = p->apCsr[pOp->p1];
005931    assert( pC!=0 );
005932    if( isSorter(pC) ){
005933      sqlite3VdbeSorterReset(db, pC->uc.pSorter);
005934    }else{
005935      assert( pC->eCurType==CURTYPE_BTREE );
005936      assert( pC->isEphemeral );
005937      rc = sqlite3BtreeClearTableOfCursor(pC->uc.pCursor);
005938      if( rc ) goto abort_due_to_error;
005939    }
005940    break;
005941  }
005942  
005943  /* Opcode: CreateBtree P1 P2 P3 * *
005944  ** Synopsis: r[P2]=root iDb=P1 flags=P3
005945  **
005946  ** Allocate a new b-tree in the main database file if P1==0 or in the
005947  ** TEMP database file if P1==1 or in an attached database if
005948  ** P1>1.  The P3 argument must be 1 (BTREE_INTKEY) for a rowid table
005949  ** it must be 2 (BTREE_BLOBKEY) for an index or WITHOUT ROWID table.
005950  ** The root page number of the new b-tree is stored in register P2.
005951  */
005952  case OP_CreateBtree: {          /* out2 */
005953    int pgno;
005954    Db *pDb;
005955  
005956    sqlite3VdbeIncrWriteCounter(p, 0);
005957    pOut = out2Prerelease(p, pOp);
005958    pgno = 0;
005959    assert( pOp->p3==BTREE_INTKEY || pOp->p3==BTREE_BLOBKEY );
005960    assert( pOp->p1>=0 && pOp->p1<db->nDb );
005961    assert( DbMaskTest(p->btreeMask, pOp->p1) );
005962    assert( p->readOnly==0 );
005963    pDb = &db->aDb[pOp->p1];
005964    assert( pDb->pBt!=0 );
005965    rc = sqlite3BtreeCreateTable(pDb->pBt, &pgno, pOp->p3);
005966    if( rc ) goto abort_due_to_error;
005967    pOut->u.i = pgno;
005968    break;
005969  }
005970  
005971  /* Opcode: SqlExec * * * P4 *
005972  **
005973  ** Run the SQL statement or statements specified in the P4 string.
005974  */
005975  case OP_SqlExec: {
005976    sqlite3VdbeIncrWriteCounter(p, 0);
005977    db->nSqlExec++;
005978    rc = sqlite3_exec(db, pOp->p4.z, 0, 0, 0);
005979    db->nSqlExec--;
005980    if( rc ) goto abort_due_to_error;
005981    break;
005982  }
005983  
005984  /* Opcode: ParseSchema P1 * * P4 *
005985  **
005986  ** Read and parse all entries from the SQLITE_MASTER table of database P1
005987  ** that match the WHERE clause P4.  If P4 is a NULL pointer, then the
005988  ** entire schema for P1 is reparsed.
005989  **
005990  ** This opcode invokes the parser to create a new virtual machine,
005991  ** then runs the new virtual machine.  It is thus a re-entrant opcode.
005992  */
005993  case OP_ParseSchema: {
005994    int iDb;
005995    const char *zMaster;
005996    char *zSql;
005997    InitData initData;
005998  
005999    /* Any prepared statement that invokes this opcode will hold mutexes
006000    ** on every btree.  This is a prerequisite for invoking 
006001    ** sqlite3InitCallback().
006002    */
006003  #ifdef SQLITE_DEBUG
006004    for(iDb=0; iDb<db->nDb; iDb++){
006005      assert( iDb==1 || sqlite3BtreeHoldsMutex(db->aDb[iDb].pBt) );
006006    }
006007  #endif
006008  
006009    iDb = pOp->p1;
006010    assert( iDb>=0 && iDb<db->nDb );
006011    assert( DbHasProperty(db, iDb, DB_SchemaLoaded) );
006012  
006013  #ifndef SQLITE_OMIT_ALTERTABLE
006014    if( pOp->p4.z==0 ){
006015      sqlite3SchemaClear(db->aDb[iDb].pSchema);
006016      db->mDbFlags &= ~DBFLAG_SchemaKnownOk;
006017      rc = sqlite3InitOne(db, iDb, &p->zErrMsg, INITFLAG_AlterTable);
006018      db->mDbFlags |= DBFLAG_SchemaChange;
006019      p->expired = 0;
006020    }else
006021  #endif
006022    {
006023      zMaster = MASTER_NAME;
006024      initData.db = db;
006025      initData.iDb = iDb;
006026      initData.pzErrMsg = &p->zErrMsg;
006027      initData.mInitFlags = 0;
006028      zSql = sqlite3MPrintf(db,
006029         "SELECT*FROM\"%w\".%s WHERE %s ORDER BY rowid",
006030         db->aDb[iDb].zDbSName, zMaster, pOp->p4.z);
006031      if( zSql==0 ){
006032        rc = SQLITE_NOMEM_BKPT;
006033      }else{
006034        assert( db->init.busy==0 );
006035        db->init.busy = 1;
006036        initData.rc = SQLITE_OK;
006037        initData.nInitRow = 0;
006038        assert( !db->mallocFailed );
006039        rc = sqlite3_exec(db, zSql, sqlite3InitCallback, &initData, 0);
006040        if( rc==SQLITE_OK ) rc = initData.rc;
006041        if( rc==SQLITE_OK && initData.nInitRow==0 ){
006042          /* The OP_ParseSchema opcode with a non-NULL P4 argument should parse
006043          ** at least one SQL statement. Any less than that indicates that
006044          ** the sqlite_master table is corrupt. */
006045          rc = SQLITE_CORRUPT_BKPT;
006046        }
006047        sqlite3DbFreeNN(db, zSql);
006048        db->init.busy = 0;
006049      }
006050    }
006051    if( rc ){
006052      sqlite3ResetAllSchemasOfConnection(db);
006053      if( rc==SQLITE_NOMEM ){
006054        goto no_mem;
006055      }
006056      goto abort_due_to_error;
006057    }
006058    break;  
006059  }
006060  
006061  #if !defined(SQLITE_OMIT_ANALYZE)
006062  /* Opcode: LoadAnalysis P1 * * * *
006063  **
006064  ** Read the sqlite_stat1 table for database P1 and load the content
006065  ** of that table into the internal index hash table.  This will cause
006066  ** the analysis to be used when preparing all subsequent queries.
006067  */
006068  case OP_LoadAnalysis: {
006069    assert( pOp->p1>=0 && pOp->p1<db->nDb );
006070    rc = sqlite3AnalysisLoad(db, pOp->p1);
006071    if( rc ) goto abort_due_to_error;
006072    break;  
006073  }
006074  #endif /* !defined(SQLITE_OMIT_ANALYZE) */
006075  
006076  /* Opcode: DropTable P1 * * P4 *
006077  **
006078  ** Remove the internal (in-memory) data structures that describe
006079  ** the table named P4 in database P1.  This is called after a table
006080  ** is dropped from disk (using the Destroy opcode) in order to keep 
006081  ** the internal representation of the
006082  ** schema consistent with what is on disk.
006083  */
006084  case OP_DropTable: {
006085    sqlite3VdbeIncrWriteCounter(p, 0);
006086    sqlite3UnlinkAndDeleteTable(db, pOp->p1, pOp->p4.z);
006087    break;
006088  }
006089  
006090  /* Opcode: DropIndex P1 * * P4 *
006091  **
006092  ** Remove the internal (in-memory) data structures that describe
006093  ** the index named P4 in database P1.  This is called after an index
006094  ** is dropped from disk (using the Destroy opcode)
006095  ** in order to keep the internal representation of the
006096  ** schema consistent with what is on disk.
006097  */
006098  case OP_DropIndex: {
006099    sqlite3VdbeIncrWriteCounter(p, 0);
006100    sqlite3UnlinkAndDeleteIndex(db, pOp->p1, pOp->p4.z);
006101    break;
006102  }
006103  
006104  /* Opcode: DropTrigger P1 * * P4 *
006105  **
006106  ** Remove the internal (in-memory) data structures that describe
006107  ** the trigger named P4 in database P1.  This is called after a trigger
006108  ** is dropped from disk (using the Destroy opcode) in order to keep 
006109  ** the internal representation of the
006110  ** schema consistent with what is on disk.
006111  */
006112  case OP_DropTrigger: {
006113    sqlite3VdbeIncrWriteCounter(p, 0);
006114    sqlite3UnlinkAndDeleteTrigger(db, pOp->p1, pOp->p4.z);
006115    break;
006116  }
006117  
006118  
006119  #ifndef SQLITE_OMIT_INTEGRITY_CHECK
006120  /* Opcode: IntegrityCk P1 P2 P3 P4 P5
006121  **
006122  ** Do an analysis of the currently open database.  Store in
006123  ** register P1 the text of an error message describing any problems.
006124  ** If no problems are found, store a NULL in register P1.
006125  **
006126  ** The register P3 contains one less than the maximum number of allowed errors.
006127  ** At most reg(P3) errors will be reported.
006128  ** In other words, the analysis stops as soon as reg(P1) errors are 
006129  ** seen.  Reg(P1) is updated with the number of errors remaining.
006130  **
006131  ** The root page numbers of all tables in the database are integers
006132  ** stored in P4_INTARRAY argument.
006133  **
006134  ** If P5 is not zero, the check is done on the auxiliary database
006135  ** file, not the main database file.
006136  **
006137  ** This opcode is used to implement the integrity_check pragma.
006138  */
006139  case OP_IntegrityCk: {
006140    int nRoot;      /* Number of tables to check.  (Number of root pages.) */
006141    int *aRoot;     /* Array of rootpage numbers for tables to be checked */
006142    int nErr;       /* Number of errors reported */
006143    char *z;        /* Text of the error report */
006144    Mem *pnErr;     /* Register keeping track of errors remaining */
006145  
006146    assert( p->bIsReader );
006147    nRoot = pOp->p2;
006148    aRoot = pOp->p4.ai;
006149    assert( nRoot>0 );
006150    assert( aRoot[0]==nRoot );
006151    assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
006152    pnErr = &aMem[pOp->p3];
006153    assert( (pnErr->flags & MEM_Int)!=0 );
006154    assert( (pnErr->flags & (MEM_Str|MEM_Blob))==0 );
006155    pIn1 = &aMem[pOp->p1];
006156    assert( pOp->p5<db->nDb );
006157    assert( DbMaskTest(p->btreeMask, pOp->p5) );
006158    z = sqlite3BtreeIntegrityCheck(db, db->aDb[pOp->p5].pBt, &aRoot[1], nRoot,
006159                                   (int)pnErr->u.i+1, &nErr);
006160    sqlite3VdbeMemSetNull(pIn1);
006161    if( nErr==0 ){
006162      assert( z==0 );
006163    }else if( z==0 ){
006164      goto no_mem;
006165    }else{
006166      pnErr->u.i -= nErr-1;
006167      sqlite3VdbeMemSetStr(pIn1, z, -1, SQLITE_UTF8, sqlite3_free);
006168    }
006169    UPDATE_MAX_BLOBSIZE(pIn1);
006170    sqlite3VdbeChangeEncoding(pIn1, encoding);
006171    goto check_for_interrupt;
006172  }
006173  #endif /* SQLITE_OMIT_INTEGRITY_CHECK */
006174  
006175  /* Opcode: RowSetAdd P1 P2 * * *
006176  ** Synopsis: rowset(P1)=r[P2]
006177  **
006178  ** Insert the integer value held by register P2 into a RowSet object
006179  ** held in register P1.
006180  **
006181  ** An assertion fails if P2 is not an integer.
006182  */
006183  case OP_RowSetAdd: {       /* in1, in2 */
006184    pIn1 = &aMem[pOp->p1];
006185    pIn2 = &aMem[pOp->p2];
006186    assert( (pIn2->flags & MEM_Int)!=0 );
006187    if( (pIn1->flags & MEM_Blob)==0 ){
006188      if( sqlite3VdbeMemSetRowSet(pIn1) ) goto no_mem;
006189    }
006190    assert( sqlite3VdbeMemIsRowSet(pIn1) );
006191    sqlite3RowSetInsert((RowSet*)pIn1->z, pIn2->u.i);
006192    break;
006193  }
006194  
006195  /* Opcode: RowSetRead P1 P2 P3 * *
006196  ** Synopsis: r[P3]=rowset(P1)
006197  **
006198  ** Extract the smallest value from the RowSet object in P1
006199  ** and put that value into register P3.
006200  ** Or, if RowSet object P1 is initially empty, leave P3
006201  ** unchanged and jump to instruction P2.
006202  */
006203  case OP_RowSetRead: {       /* jump, in1, out3 */
006204    i64 val;
006205  
006206    pIn1 = &aMem[pOp->p1];
006207    assert( (pIn1->flags & MEM_Blob)==0 || sqlite3VdbeMemIsRowSet(pIn1) );
006208    if( (pIn1->flags & MEM_Blob)==0 
006209     || sqlite3RowSetNext((RowSet*)pIn1->z, &val)==0
006210    ){
006211      /* The boolean index is empty */
006212      sqlite3VdbeMemSetNull(pIn1);
006213      VdbeBranchTaken(1,2);
006214      goto jump_to_p2_and_check_for_interrupt;
006215    }else{
006216      /* A value was pulled from the index */
006217      VdbeBranchTaken(0,2);
006218      sqlite3VdbeMemSetInt64(&aMem[pOp->p3], val);
006219    }
006220    goto check_for_interrupt;
006221  }
006222  
006223  /* Opcode: RowSetTest P1 P2 P3 P4
006224  ** Synopsis: if r[P3] in rowset(P1) goto P2
006225  **
006226  ** Register P3 is assumed to hold a 64-bit integer value. If register P1
006227  ** contains a RowSet object and that RowSet object contains
006228  ** the value held in P3, jump to register P2. Otherwise, insert the
006229  ** integer in P3 into the RowSet and continue on to the
006230  ** next opcode.
006231  **
006232  ** The RowSet object is optimized for the case where sets of integers
006233  ** are inserted in distinct phases, which each set contains no duplicates.
006234  ** Each set is identified by a unique P4 value. The first set
006235  ** must have P4==0, the final set must have P4==-1, and for all other sets
006236  ** must have P4>0.
006237  **
006238  ** This allows optimizations: (a) when P4==0 there is no need to test
006239  ** the RowSet object for P3, as it is guaranteed not to contain it,
006240  ** (b) when P4==-1 there is no need to insert the value, as it will
006241  ** never be tested for, and (c) when a value that is part of set X is
006242  ** inserted, there is no need to search to see if the same value was
006243  ** previously inserted as part of set X (only if it was previously
006244  ** inserted as part of some other set).
006245  */
006246  case OP_RowSetTest: {                     /* jump, in1, in3 */
006247    int iSet;
006248    int exists;
006249  
006250    pIn1 = &aMem[pOp->p1];
006251    pIn3 = &aMem[pOp->p3];
006252    iSet = pOp->p4.i;
006253    assert( pIn3->flags&MEM_Int );
006254  
006255    /* If there is anything other than a rowset object in memory cell P1,
006256    ** delete it now and initialize P1 with an empty rowset
006257    */
006258    if( (pIn1->flags & MEM_Blob)==0 ){
006259      if( sqlite3VdbeMemSetRowSet(pIn1) ) goto no_mem;
006260    }
006261    assert( sqlite3VdbeMemIsRowSet(pIn1) );
006262    assert( pOp->p4type==P4_INT32 );
006263    assert( iSet==-1 || iSet>=0 );
006264    if( iSet ){
006265      exists = sqlite3RowSetTest((RowSet*)pIn1->z, iSet, pIn3->u.i);
006266      VdbeBranchTaken(exists!=0,2);
006267      if( exists ) goto jump_to_p2;
006268    }
006269    if( iSet>=0 ){
006270      sqlite3RowSetInsert((RowSet*)pIn1->z, pIn3->u.i);
006271    }
006272    break;
006273  }
006274  
006275  
006276  #ifndef SQLITE_OMIT_TRIGGER
006277  
006278  /* Opcode: Program P1 P2 P3 P4 P5
006279  **
006280  ** Execute the trigger program passed as P4 (type P4_SUBPROGRAM). 
006281  **
006282  ** P1 contains the address of the memory cell that contains the first memory 
006283  ** cell in an array of values used as arguments to the sub-program. P2 
006284  ** contains the address to jump to if the sub-program throws an IGNORE 
006285  ** exception using the RAISE() function. Register P3 contains the address 
006286  ** of a memory cell in this (the parent) VM that is used to allocate the 
006287  ** memory required by the sub-vdbe at runtime.
006288  **
006289  ** P4 is a pointer to the VM containing the trigger program.
006290  **
006291  ** If P5 is non-zero, then recursive program invocation is enabled.
006292  */
006293  case OP_Program: {        /* jump */
006294    int nMem;               /* Number of memory registers for sub-program */
006295    int nByte;              /* Bytes of runtime space required for sub-program */
006296    Mem *pRt;               /* Register to allocate runtime space */
006297    Mem *pMem;              /* Used to iterate through memory cells */
006298    Mem *pEnd;              /* Last memory cell in new array */
006299    VdbeFrame *pFrame;      /* New vdbe frame to execute in */
006300    SubProgram *pProgram;   /* Sub-program to execute */
006301    void *t;                /* Token identifying trigger */
006302  
006303    pProgram = pOp->p4.pProgram;
006304    pRt = &aMem[pOp->p3];
006305    assert( pProgram->nOp>0 );
006306    
006307    /* If the p5 flag is clear, then recursive invocation of triggers is 
006308    ** disabled for backwards compatibility (p5 is set if this sub-program
006309    ** is really a trigger, not a foreign key action, and the flag set
006310    ** and cleared by the "PRAGMA recursive_triggers" command is clear).
006311    ** 
006312    ** It is recursive invocation of triggers, at the SQL level, that is 
006313    ** disabled. In some cases a single trigger may generate more than one 
006314    ** SubProgram (if the trigger may be executed with more than one different 
006315    ** ON CONFLICT algorithm). SubProgram structures associated with a
006316    ** single trigger all have the same value for the SubProgram.token 
006317    ** variable.  */
006318    if( pOp->p5 ){
006319      t = pProgram->token;
006320      for(pFrame=p->pFrame; pFrame && pFrame->token!=t; pFrame=pFrame->pParent);
006321      if( pFrame ) break;
006322    }
006323  
006324    if( p->nFrame>=db->aLimit[SQLITE_LIMIT_TRIGGER_DEPTH] ){
006325      rc = SQLITE_ERROR;
006326      sqlite3VdbeError(p, "too many levels of trigger recursion");
006327      goto abort_due_to_error;
006328    }
006329  
006330    /* Register pRt is used to store the memory required to save the state
006331    ** of the current program, and the memory required at runtime to execute
006332    ** the trigger program. If this trigger has been fired before, then pRt 
006333    ** is already allocated. Otherwise, it must be initialized.  */
006334    if( (pRt->flags&MEM_Blob)==0 ){
006335      /* SubProgram.nMem is set to the number of memory cells used by the 
006336      ** program stored in SubProgram.aOp. As well as these, one memory
006337      ** cell is required for each cursor used by the program. Set local
006338      ** variable nMem (and later, VdbeFrame.nChildMem) to this value.
006339      */
006340      nMem = pProgram->nMem + pProgram->nCsr;
006341      assert( nMem>0 );
006342      if( pProgram->nCsr==0 ) nMem++;
006343      nByte = ROUND8(sizeof(VdbeFrame))
006344                + nMem * sizeof(Mem)
006345                + pProgram->nCsr * sizeof(VdbeCursor*)
006346                + (pProgram->nOp + 7)/8;
006347      pFrame = sqlite3DbMallocZero(db, nByte);
006348      if( !pFrame ){
006349        goto no_mem;
006350      }
006351      sqlite3VdbeMemRelease(pRt);
006352      pRt->flags = MEM_Blob|MEM_Dyn;
006353      pRt->z = (char*)pFrame;
006354      pRt->n = nByte;
006355      pRt->xDel = sqlite3VdbeFrameMemDel;
006356  
006357      pFrame->v = p;
006358      pFrame->nChildMem = nMem;
006359      pFrame->nChildCsr = pProgram->nCsr;
006360      pFrame->pc = (int)(pOp - aOp);
006361      pFrame->aMem = p->aMem;
006362      pFrame->nMem = p->nMem;
006363      pFrame->apCsr = p->apCsr;
006364      pFrame->nCursor = p->nCursor;
006365      pFrame->aOp = p->aOp;
006366      pFrame->nOp = p->nOp;
006367      pFrame->token = pProgram->token;
006368  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
006369      pFrame->anExec = p->anExec;
006370  #endif
006371  #ifdef SQLITE_DEBUG
006372      pFrame->iFrameMagic = SQLITE_FRAME_MAGIC;
006373  #endif
006374  
006375      pEnd = &VdbeFrameMem(pFrame)[pFrame->nChildMem];
006376      for(pMem=VdbeFrameMem(pFrame); pMem!=pEnd; pMem++){
006377        pMem->flags = MEM_Undefined;
006378        pMem->db = db;
006379      }
006380    }else{
006381      pFrame = (VdbeFrame*)pRt->z;
006382      assert( pRt->xDel==sqlite3VdbeFrameMemDel );
006383      assert( pProgram->nMem+pProgram->nCsr==pFrame->nChildMem 
006384          || (pProgram->nCsr==0 && pProgram->nMem+1==pFrame->nChildMem) );
006385      assert( pProgram->nCsr==pFrame->nChildCsr );
006386      assert( (int)(pOp - aOp)==pFrame->pc );
006387    }
006388  
006389    p->nFrame++;
006390    pFrame->pParent = p->pFrame;
006391    pFrame->lastRowid = db->lastRowid;
006392    pFrame->nChange = p->nChange;
006393    pFrame->nDbChange = p->db->nChange;
006394    assert( pFrame->pAuxData==0 );
006395    pFrame->pAuxData = p->pAuxData;
006396    p->pAuxData = 0;
006397    p->nChange = 0;
006398    p->pFrame = pFrame;
006399    p->aMem = aMem = VdbeFrameMem(pFrame);
006400    p->nMem = pFrame->nChildMem;
006401    p->nCursor = (u16)pFrame->nChildCsr;
006402    p->apCsr = (VdbeCursor **)&aMem[p->nMem];
006403    pFrame->aOnce = (u8*)&p->apCsr[pProgram->nCsr];
006404    memset(pFrame->aOnce, 0, (pProgram->nOp + 7)/8);
006405    p->aOp = aOp = pProgram->aOp;
006406    p->nOp = pProgram->nOp;
006407  #ifdef SQLITE_ENABLE_STMT_SCANSTATUS
006408    p->anExec = 0;
006409  #endif
006410  #ifdef SQLITE_DEBUG
006411    /* Verify that second and subsequent executions of the same trigger do not
006412    ** try to reuse register values from the first use. */
006413    {
006414      int i;
006415      for(i=0; i<p->nMem; i++){
006416        aMem[i].pScopyFrom = 0;  /* Prevent false-positive AboutToChange() errs */
006417        aMem[i].flags |= MEM_Undefined; /* Cause a fault if this reg is reused */
006418      }
006419    }
006420  #endif
006421    pOp = &aOp[-1];
006422    goto check_for_interrupt;
006423  }
006424  
006425  /* Opcode: Param P1 P2 * * *
006426  **
006427  ** This opcode is only ever present in sub-programs called via the 
006428  ** OP_Program instruction. Copy a value currently stored in a memory 
006429  ** cell of the calling (parent) frame to cell P2 in the current frames 
006430  ** address space. This is used by trigger programs to access the new.* 
006431  ** and old.* values.
006432  **
006433  ** The address of the cell in the parent frame is determined by adding
006434  ** the value of the P1 argument to the value of the P1 argument to the
006435  ** calling OP_Program instruction.
006436  */
006437  case OP_Param: {           /* out2 */
006438    VdbeFrame *pFrame;
006439    Mem *pIn;
006440    pOut = out2Prerelease(p, pOp);
006441    pFrame = p->pFrame;
006442    pIn = &pFrame->aMem[pOp->p1 + pFrame->aOp[pFrame->pc].p1];   
006443    sqlite3VdbeMemShallowCopy(pOut, pIn, MEM_Ephem);
006444    break;
006445  }
006446  
006447  #endif /* #ifndef SQLITE_OMIT_TRIGGER */
006448  
006449  #ifndef SQLITE_OMIT_FOREIGN_KEY
006450  /* Opcode: FkCounter P1 P2 * * *
006451  ** Synopsis: fkctr[P1]+=P2
006452  **
006453  ** Increment a "constraint counter" by P2 (P2 may be negative or positive).
006454  ** If P1 is non-zero, the database constraint counter is incremented 
006455  ** (deferred foreign key constraints). Otherwise, if P1 is zero, the 
006456  ** statement counter is incremented (immediate foreign key constraints).
006457  */
006458  case OP_FkCounter: {
006459    if( db->flags & SQLITE_DeferFKs ){
006460      db->nDeferredImmCons += pOp->p2;
006461    }else if( pOp->p1 ){
006462      db->nDeferredCons += pOp->p2;
006463    }else{
006464      p->nFkConstraint += pOp->p2;
006465    }
006466    break;
006467  }
006468  
006469  /* Opcode: FkIfZero P1 P2 * * *
006470  ** Synopsis: if fkctr[P1]==0 goto P2
006471  **
006472  ** This opcode tests if a foreign key constraint-counter is currently zero.
006473  ** If so, jump to instruction P2. Otherwise, fall through to the next 
006474  ** instruction.
006475  **
006476  ** If P1 is non-zero, then the jump is taken if the database constraint-counter
006477  ** is zero (the one that counts deferred constraint violations). If P1 is
006478  ** zero, the jump is taken if the statement constraint-counter is zero
006479  ** (immediate foreign key constraint violations).
006480  */
006481  case OP_FkIfZero: {         /* jump */
006482    if( pOp->p1 ){
006483      VdbeBranchTaken(db->nDeferredCons==0 && db->nDeferredImmCons==0, 2);
006484      if( db->nDeferredCons==0 && db->nDeferredImmCons==0 ) goto jump_to_p2;
006485    }else{
006486      VdbeBranchTaken(p->nFkConstraint==0 && db->nDeferredImmCons==0, 2);
006487      if( p->nFkConstraint==0 && db->nDeferredImmCons==0 ) goto jump_to_p2;
006488    }
006489    break;
006490  }
006491  #endif /* #ifndef SQLITE_OMIT_FOREIGN_KEY */
006492  
006493  #ifndef SQLITE_OMIT_AUTOINCREMENT
006494  /* Opcode: MemMax P1 P2 * * *
006495  ** Synopsis: r[P1]=max(r[P1],r[P2])
006496  **
006497  ** P1 is a register in the root frame of this VM (the root frame is
006498  ** different from the current frame if this instruction is being executed
006499  ** within a sub-program). Set the value of register P1 to the maximum of 
006500  ** its current value and the value in register P2.
006501  **
006502  ** This instruction throws an error if the memory cell is not initially
006503  ** an integer.
006504  */
006505  case OP_MemMax: {        /* in2 */
006506    VdbeFrame *pFrame;
006507    if( p->pFrame ){
006508      for(pFrame=p->pFrame; pFrame->pParent; pFrame=pFrame->pParent);
006509      pIn1 = &pFrame->aMem[pOp->p1];
006510    }else{
006511      pIn1 = &aMem[pOp->p1];
006512    }
006513    assert( memIsValid(pIn1) );
006514    sqlite3VdbeMemIntegerify(pIn1);
006515    pIn2 = &aMem[pOp->p2];
006516    sqlite3VdbeMemIntegerify(pIn2);
006517    if( pIn1->u.i<pIn2->u.i){
006518      pIn1->u.i = pIn2->u.i;
006519    }
006520    break;
006521  }
006522  #endif /* SQLITE_OMIT_AUTOINCREMENT */
006523  
006524  /* Opcode: IfPos P1 P2 P3 * *
006525  ** Synopsis: if r[P1]>0 then r[P1]-=P3, goto P2
006526  **
006527  ** Register P1 must contain an integer.
006528  ** If the value of register P1 is 1 or greater, subtract P3 from the
006529  ** value in P1 and jump to P2.
006530  **
006531  ** If the initial value of register P1 is less than 1, then the
006532  ** value is unchanged and control passes through to the next instruction.
006533  */
006534  case OP_IfPos: {        /* jump, in1 */
006535    pIn1 = &aMem[pOp->p1];
006536    assert( pIn1->flags&MEM_Int );
006537    VdbeBranchTaken( pIn1->u.i>0, 2);
006538    if( pIn1->u.i>0 ){
006539      pIn1->u.i -= pOp->p3;
006540      goto jump_to_p2;
006541    }
006542    break;
006543  }
006544  
006545  /* Opcode: OffsetLimit P1 P2 P3 * *
006546  ** Synopsis: if r[P1]>0 then r[P2]=r[P1]+max(0,r[P3]) else r[P2]=(-1)
006547  **
006548  ** This opcode performs a commonly used computation associated with
006549  ** LIMIT and OFFSET process.  r[P1] holds the limit counter.  r[P3]
006550  ** holds the offset counter.  The opcode computes the combined value
006551  ** of the LIMIT and OFFSET and stores that value in r[P2].  The r[P2]
006552  ** value computed is the total number of rows that will need to be
006553  ** visited in order to complete the query.
006554  **
006555  ** If r[P3] is zero or negative, that means there is no OFFSET
006556  ** and r[P2] is set to be the value of the LIMIT, r[P1].
006557  **
006558  ** if r[P1] is zero or negative, that means there is no LIMIT
006559  ** and r[P2] is set to -1. 
006560  **
006561  ** Otherwise, r[P2] is set to the sum of r[P1] and r[P3].
006562  */
006563  case OP_OffsetLimit: {    /* in1, out2, in3 */
006564    i64 x;
006565    pIn1 = &aMem[pOp->p1];
006566    pIn3 = &aMem[pOp->p3];
006567    pOut = out2Prerelease(p, pOp);
006568    assert( pIn1->flags & MEM_Int );
006569    assert( pIn3->flags & MEM_Int );
006570    x = pIn1->u.i;
006571    if( x<=0 || sqlite3AddInt64(&x, pIn3->u.i>0?pIn3->u.i:0) ){
006572      /* If the LIMIT is less than or equal to zero, loop forever.  This
006573      ** is documented.  But also, if the LIMIT+OFFSET exceeds 2^63 then
006574      ** also loop forever.  This is undocumented.  In fact, one could argue
006575      ** that the loop should terminate.  But assuming 1 billion iterations
006576      ** per second (far exceeding the capabilities of any current hardware)
006577      ** it would take nearly 300 years to actually reach the limit.  So
006578      ** looping forever is a reasonable approximation. */
006579      pOut->u.i = -1;
006580    }else{
006581      pOut->u.i = x;
006582    }
006583    break;
006584  }
006585  
006586  /* Opcode: IfNotZero P1 P2 * * *
006587  ** Synopsis: if r[P1]!=0 then r[P1]--, goto P2
006588  **
006589  ** Register P1 must contain an integer.  If the content of register P1 is
006590  ** initially greater than zero, then decrement the value in register P1.
006591  ** If it is non-zero (negative or positive) and then also jump to P2.  
006592  ** If register P1 is initially zero, leave it unchanged and fall through.
006593  */
006594  case OP_IfNotZero: {        /* jump, in1 */
006595    pIn1 = &aMem[pOp->p1];
006596    assert( pIn1->flags&MEM_Int );
006597    VdbeBranchTaken(pIn1->u.i<0, 2);
006598    if( pIn1->u.i ){
006599       if( pIn1->u.i>0 ) pIn1->u.i--;
006600       goto jump_to_p2;
006601    }
006602    break;
006603  }
006604  
006605  /* Opcode: DecrJumpZero P1 P2 * * *
006606  ** Synopsis: if (--r[P1])==0 goto P2
006607  **
006608  ** Register P1 must hold an integer.  Decrement the value in P1
006609  ** and jump to P2 if the new value is exactly zero.
006610  */
006611  case OP_DecrJumpZero: {      /* jump, in1 */
006612    pIn1 = &aMem[pOp->p1];
006613    assert( pIn1->flags&MEM_Int );
006614    if( pIn1->u.i>SMALLEST_INT64 ) pIn1->u.i--;
006615    VdbeBranchTaken(pIn1->u.i==0, 2);
006616    if( pIn1->u.i==0 ) goto jump_to_p2;
006617    break;
006618  }
006619  
006620  
006621  /* Opcode: AggStep * P2 P3 P4 P5
006622  ** Synopsis: accum=r[P3] step(r[P2@P5])
006623  **
006624  ** Execute the xStep function for an aggregate.
006625  ** The function has P5 arguments.  P4 is a pointer to the 
006626  ** FuncDef structure that specifies the function.  Register P3 is the
006627  ** accumulator.
006628  **
006629  ** The P5 arguments are taken from register P2 and its
006630  ** successors.
006631  */
006632  /* Opcode: AggInverse * P2 P3 P4 P5
006633  ** Synopsis: accum=r[P3] inverse(r[P2@P5])
006634  **
006635  ** Execute the xInverse function for an aggregate.
006636  ** The function has P5 arguments.  P4 is a pointer to the 
006637  ** FuncDef structure that specifies the function.  Register P3 is the
006638  ** accumulator.
006639  **
006640  ** The P5 arguments are taken from register P2 and its
006641  ** successors.
006642  */
006643  /* Opcode: AggStep1 P1 P2 P3 P4 P5
006644  ** Synopsis: accum=r[P3] step(r[P2@P5])
006645  **
006646  ** Execute the xStep (if P1==0) or xInverse (if P1!=0) function for an
006647  ** aggregate.  The function has P5 arguments.  P4 is a pointer to the 
006648  ** FuncDef structure that specifies the function.  Register P3 is the
006649  ** accumulator.
006650  **
006651  ** The P5 arguments are taken from register P2 and its
006652  ** successors.
006653  **
006654  ** This opcode is initially coded as OP_AggStep0.  On first evaluation,
006655  ** the FuncDef stored in P4 is converted into an sqlite3_context and
006656  ** the opcode is changed.  In this way, the initialization of the
006657  ** sqlite3_context only happens once, instead of on each call to the
006658  ** step function.
006659  */
006660  case OP_AggInverse:
006661  case OP_AggStep: {
006662    int n;
006663    sqlite3_context *pCtx;
006664  
006665    assert( pOp->p4type==P4_FUNCDEF );
006666    n = pOp->p5;
006667    assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
006668    assert( n==0 || (pOp->p2>0 && pOp->p2+n<=(p->nMem+1 - p->nCursor)+1) );
006669    assert( pOp->p3<pOp->p2 || pOp->p3>=pOp->p2+n );
006670    pCtx = sqlite3DbMallocRawNN(db, n*sizeof(sqlite3_value*) +
006671                 (sizeof(pCtx[0]) + sizeof(Mem) - sizeof(sqlite3_value*)));
006672    if( pCtx==0 ) goto no_mem;
006673    pCtx->pMem = 0;
006674    pCtx->pOut = (Mem*)&(pCtx->argv[n]);
006675    sqlite3VdbeMemInit(pCtx->pOut, db, MEM_Null);
006676    pCtx->pFunc = pOp->p4.pFunc;
006677    pCtx->iOp = (int)(pOp - aOp);
006678    pCtx->pVdbe = p;
006679    pCtx->skipFlag = 0;
006680    pCtx->isError = 0;
006681    pCtx->argc = n;
006682    pOp->p4type = P4_FUNCCTX;
006683    pOp->p4.pCtx = pCtx;
006684  
006685    /* OP_AggInverse must have P1==1 and OP_AggStep must have P1==0 */
006686    assert( pOp->p1==(pOp->opcode==OP_AggInverse) );
006687  
006688    pOp->opcode = OP_AggStep1;
006689    /* Fall through into OP_AggStep */
006690  }
006691  case OP_AggStep1: {
006692    int i;
006693    sqlite3_context *pCtx;
006694    Mem *pMem;
006695  
006696    assert( pOp->p4type==P4_FUNCCTX );
006697    pCtx = pOp->p4.pCtx;
006698    pMem = &aMem[pOp->p3];
006699  
006700  #ifdef SQLITE_DEBUG
006701    if( pOp->p1 ){
006702      /* This is an OP_AggInverse call.  Verify that xStep has always
006703      ** been called at least once prior to any xInverse call. */
006704      assert( pMem->uTemp==0x1122e0e3 );
006705    }else{
006706      /* This is an OP_AggStep call.  Mark it as such. */
006707      pMem->uTemp = 0x1122e0e3;
006708    }
006709  #endif
006710  
006711    /* If this function is inside of a trigger, the register array in aMem[]
006712    ** might change from one evaluation to the next.  The next block of code
006713    ** checks to see if the register array has changed, and if so it
006714    ** reinitializes the relavant parts of the sqlite3_context object */
006715    if( pCtx->pMem != pMem ){
006716      pCtx->pMem = pMem;
006717      for(i=pCtx->argc-1; i>=0; i--) pCtx->argv[i] = &aMem[pOp->p2+i];
006718    }
006719  
006720  #ifdef SQLITE_DEBUG
006721    for(i=0; i<pCtx->argc; i++){
006722      assert( memIsValid(pCtx->argv[i]) );
006723      REGISTER_TRACE(pOp->p2+i, pCtx->argv[i]);
006724    }
006725  #endif
006726  
006727    pMem->n++;
006728    assert( pCtx->pOut->flags==MEM_Null );
006729    assert( pCtx->isError==0 );
006730    assert( pCtx->skipFlag==0 );
006731  #ifndef SQLITE_OMIT_WINDOWFUNC
006732    if( pOp->p1 ){
006733      (pCtx->pFunc->xInverse)(pCtx,pCtx->argc,pCtx->argv);
006734    }else
006735  #endif
006736    (pCtx->pFunc->xSFunc)(pCtx,pCtx->argc,pCtx->argv); /* IMP: R-24505-23230 */
006737  
006738    if( pCtx->isError ){
006739      if( pCtx->isError>0 ){
006740        sqlite3VdbeError(p, "%s", sqlite3_value_text(pCtx->pOut));
006741        rc = pCtx->isError;
006742      }
006743      if( pCtx->skipFlag ){
006744        assert( pOp[-1].opcode==OP_CollSeq );
006745        i = pOp[-1].p1;
006746        if( i ) sqlite3VdbeMemSetInt64(&aMem[i], 1);
006747        pCtx->skipFlag = 0;
006748      }
006749      sqlite3VdbeMemRelease(pCtx->pOut);
006750      pCtx->pOut->flags = MEM_Null;
006751      pCtx->isError = 0;
006752      if( rc ) goto abort_due_to_error;
006753    }
006754    assert( pCtx->pOut->flags==MEM_Null );
006755    assert( pCtx->skipFlag==0 );
006756    break;
006757  }
006758  
006759  /* Opcode: AggFinal P1 P2 * P4 *
006760  ** Synopsis: accum=r[P1] N=P2
006761  **
006762  ** P1 is the memory location that is the accumulator for an aggregate
006763  ** or window function.  Execute the finalizer function 
006764  ** for an aggregate and store the result in P1.
006765  **
006766  ** P2 is the number of arguments that the step function takes and
006767  ** P4 is a pointer to the FuncDef for this function.  The P2
006768  ** argument is not used by this opcode.  It is only there to disambiguate
006769  ** functions that can take varying numbers of arguments.  The
006770  ** P4 argument is only needed for the case where
006771  ** the step function was not previously called.
006772  */
006773  /* Opcode: AggValue * P2 P3 P4 *
006774  ** Synopsis: r[P3]=value N=P2
006775  **
006776  ** Invoke the xValue() function and store the result in register P3.
006777  **
006778  ** P2 is the number of arguments that the step function takes and
006779  ** P4 is a pointer to the FuncDef for this function.  The P2
006780  ** argument is not used by this opcode.  It is only there to disambiguate
006781  ** functions that can take varying numbers of arguments.  The
006782  ** P4 argument is only needed for the case where
006783  ** the step function was not previously called.
006784  */
006785  case OP_AggValue:
006786  case OP_AggFinal: {
006787    Mem *pMem;
006788    assert( pOp->p1>0 && pOp->p1<=(p->nMem+1 - p->nCursor) );
006789    assert( pOp->p3==0 || pOp->opcode==OP_AggValue );
006790    pMem = &aMem[pOp->p1];
006791    assert( (pMem->flags & ~(MEM_Null|MEM_Agg))==0 );
006792  #ifndef SQLITE_OMIT_WINDOWFUNC
006793    if( pOp->p3 ){
006794      memAboutToChange(p, &aMem[pOp->p3]);
006795      rc = sqlite3VdbeMemAggValue(pMem, &aMem[pOp->p3], pOp->p4.pFunc);
006796      pMem = &aMem[pOp->p3];
006797    }else
006798  #endif
006799    {
006800      rc = sqlite3VdbeMemFinalize(pMem, pOp->p4.pFunc);
006801    }
006802    
006803    if( rc ){
006804      sqlite3VdbeError(p, "%s", sqlite3_value_text(pMem));
006805      goto abort_due_to_error;
006806    }
006807    sqlite3VdbeChangeEncoding(pMem, encoding);
006808    UPDATE_MAX_BLOBSIZE(pMem);
006809    if( sqlite3VdbeMemTooBig(pMem) ){
006810      goto too_big;
006811    }
006812    break;
006813  }
006814  
006815  #ifndef SQLITE_OMIT_WAL
006816  /* Opcode: Checkpoint P1 P2 P3 * *
006817  **
006818  ** Checkpoint database P1. This is a no-op if P1 is not currently in
006819  ** WAL mode. Parameter P2 is one of SQLITE_CHECKPOINT_PASSIVE, FULL,
006820  ** RESTART, or TRUNCATE.  Write 1 or 0 into mem[P3] if the checkpoint returns
006821  ** SQLITE_BUSY or not, respectively.  Write the number of pages in the
006822  ** WAL after the checkpoint into mem[P3+1] and the number of pages
006823  ** in the WAL that have been checkpointed after the checkpoint
006824  ** completes into mem[P3+2].  However on an error, mem[P3+1] and
006825  ** mem[P3+2] are initialized to -1.
006826  */
006827  case OP_Checkpoint: {
006828    int i;                          /* Loop counter */
006829    int aRes[3];                    /* Results */
006830    Mem *pMem;                      /* Write results here */
006831  
006832    assert( p->readOnly==0 );
006833    aRes[0] = 0;
006834    aRes[1] = aRes[2] = -1;
006835    assert( pOp->p2==SQLITE_CHECKPOINT_PASSIVE
006836         || pOp->p2==SQLITE_CHECKPOINT_FULL
006837         || pOp->p2==SQLITE_CHECKPOINT_RESTART
006838         || pOp->p2==SQLITE_CHECKPOINT_TRUNCATE
006839    );
006840    rc = sqlite3Checkpoint(db, pOp->p1, pOp->p2, &aRes[1], &aRes[2]);
006841    if( rc ){
006842      if( rc!=SQLITE_BUSY ) goto abort_due_to_error;
006843      rc = SQLITE_OK;
006844      aRes[0] = 1;
006845    }
006846    for(i=0, pMem = &aMem[pOp->p3]; i<3; i++, pMem++){
006847      sqlite3VdbeMemSetInt64(pMem, (i64)aRes[i]);
006848    }    
006849    break;
006850  };  
006851  #endif
006852  
006853  #ifndef SQLITE_OMIT_PRAGMA
006854  /* Opcode: JournalMode P1 P2 P3 * *
006855  **
006856  ** Change the journal mode of database P1 to P3. P3 must be one of the
006857  ** PAGER_JOURNALMODE_XXX values. If changing between the various rollback
006858  ** modes (delete, truncate, persist, off and memory), this is a simple
006859  ** operation. No IO is required.
006860  **
006861  ** If changing into or out of WAL mode the procedure is more complicated.
006862  **
006863  ** Write a string containing the final journal-mode to register P2.
006864  */
006865  case OP_JournalMode: {    /* out2 */
006866    Btree *pBt;                     /* Btree to change journal mode of */
006867    Pager *pPager;                  /* Pager associated with pBt */
006868    int eNew;                       /* New journal mode */
006869    int eOld;                       /* The old journal mode */
006870  #ifndef SQLITE_OMIT_WAL
006871    const char *zFilename;          /* Name of database file for pPager */
006872  #endif
006873  
006874    pOut = out2Prerelease(p, pOp);
006875    eNew = pOp->p3;
006876    assert( eNew==PAGER_JOURNALMODE_DELETE 
006877         || eNew==PAGER_JOURNALMODE_TRUNCATE 
006878         || eNew==PAGER_JOURNALMODE_PERSIST 
006879         || eNew==PAGER_JOURNALMODE_OFF
006880         || eNew==PAGER_JOURNALMODE_MEMORY
006881         || eNew==PAGER_JOURNALMODE_WAL
006882         || eNew==PAGER_JOURNALMODE_QUERY
006883    );
006884    assert( pOp->p1>=0 && pOp->p1<db->nDb );
006885    assert( p->readOnly==0 );
006886  
006887    pBt = db->aDb[pOp->p1].pBt;
006888    pPager = sqlite3BtreePager(pBt);
006889    eOld = sqlite3PagerGetJournalMode(pPager);
006890    if( eNew==PAGER_JOURNALMODE_QUERY ) eNew = eOld;
006891    if( !sqlite3PagerOkToChangeJournalMode(pPager) ) eNew = eOld;
006892  
006893  #ifndef SQLITE_OMIT_WAL
006894    zFilename = sqlite3PagerFilename(pPager, 1);
006895  
006896    /* Do not allow a transition to journal_mode=WAL for a database
006897    ** in temporary storage or if the VFS does not support shared memory 
006898    */
006899    if( eNew==PAGER_JOURNALMODE_WAL
006900     && (sqlite3Strlen30(zFilename)==0           /* Temp file */
006901         || !sqlite3PagerWalSupported(pPager))   /* No shared-memory support */
006902    ){
006903      eNew = eOld;
006904    }
006905  
006906    if( (eNew!=eOld)
006907     && (eOld==PAGER_JOURNALMODE_WAL || eNew==PAGER_JOURNALMODE_WAL)
006908    ){
006909      if( !db->autoCommit || db->nVdbeRead>1 ){
006910        rc = SQLITE_ERROR;
006911        sqlite3VdbeError(p,
006912            "cannot change %s wal mode from within a transaction",
006913            (eNew==PAGER_JOURNALMODE_WAL ? "into" : "out of")
006914        );
006915        goto abort_due_to_error;
006916      }else{
006917   
006918        if( eOld==PAGER_JOURNALMODE_WAL ){
006919          /* If leaving WAL mode, close the log file. If successful, the call
006920          ** to PagerCloseWal() checkpoints and deletes the write-ahead-log 
006921          ** file. An EXCLUSIVE lock may still be held on the database file 
006922          ** after a successful return. 
006923          */
006924          rc = sqlite3PagerCloseWal(pPager, db);
006925          if( rc==SQLITE_OK ){
006926            sqlite3PagerSetJournalMode(pPager, eNew);
006927          }
006928        }else if( eOld==PAGER_JOURNALMODE_MEMORY ){
006929          /* Cannot transition directly from MEMORY to WAL.  Use mode OFF
006930          ** as an intermediate */
006931          sqlite3PagerSetJournalMode(pPager, PAGER_JOURNALMODE_OFF);
006932        }
006933    
006934        /* Open a transaction on the database file. Regardless of the journal
006935        ** mode, this transaction always uses a rollback journal.
006936        */
006937        assert( sqlite3BtreeIsInTrans(pBt)==0 );
006938        if( rc==SQLITE_OK ){
006939          rc = sqlite3BtreeSetVersion(pBt, (eNew==PAGER_JOURNALMODE_WAL ? 2 : 1));
006940        }
006941      }
006942    }
006943  #endif /* ifndef SQLITE_OMIT_WAL */
006944  
006945    if( rc ) eNew = eOld;
006946    eNew = sqlite3PagerSetJournalMode(pPager, eNew);
006947  
006948    pOut->flags = MEM_Str|MEM_Static|MEM_Term;
006949    pOut->z = (char *)sqlite3JournalModename(eNew);
006950    pOut->n = sqlite3Strlen30(pOut->z);
006951    pOut->enc = SQLITE_UTF8;
006952    sqlite3VdbeChangeEncoding(pOut, encoding);
006953    if( rc ) goto abort_due_to_error;
006954    break;
006955  };
006956  #endif /* SQLITE_OMIT_PRAGMA */
006957  
006958  #if !defined(SQLITE_OMIT_VACUUM) && !defined(SQLITE_OMIT_ATTACH)
006959  /* Opcode: Vacuum P1 P2 * * *
006960  **
006961  ** Vacuum the entire database P1.  P1 is 0 for "main", and 2 or more
006962  ** for an attached database.  The "temp" database may not be vacuumed.
006963  **
006964  ** If P2 is not zero, then it is a register holding a string which is
006965  ** the file into which the result of vacuum should be written.  When
006966  ** P2 is zero, the vacuum overwrites the original database.
006967  */
006968  case OP_Vacuum: {
006969    assert( p->readOnly==0 );
006970    rc = sqlite3RunVacuum(&p->zErrMsg, db, pOp->p1,
006971                          pOp->p2 ? &aMem[pOp->p2] : 0);
006972    if( rc ) goto abort_due_to_error;
006973    break;
006974  }
006975  #endif
006976  
006977  #if !defined(SQLITE_OMIT_AUTOVACUUM)
006978  /* Opcode: IncrVacuum P1 P2 * * *
006979  **
006980  ** Perform a single step of the incremental vacuum procedure on
006981  ** the P1 database. If the vacuum has finished, jump to instruction
006982  ** P2. Otherwise, fall through to the next instruction.
006983  */
006984  case OP_IncrVacuum: {        /* jump */
006985    Btree *pBt;
006986  
006987    assert( pOp->p1>=0 && pOp->p1<db->nDb );
006988    assert( DbMaskTest(p->btreeMask, pOp->p1) );
006989    assert( p->readOnly==0 );
006990    pBt = db->aDb[pOp->p1].pBt;
006991    rc = sqlite3BtreeIncrVacuum(pBt);
006992    VdbeBranchTaken(rc==SQLITE_DONE,2);
006993    if( rc ){
006994      if( rc!=SQLITE_DONE ) goto abort_due_to_error;
006995      rc = SQLITE_OK;
006996      goto jump_to_p2;
006997    }
006998    break;
006999  }
007000  #endif
007001  
007002  /* Opcode: Expire P1 P2 * * *
007003  **
007004  ** Cause precompiled statements to expire.  When an expired statement
007005  ** is executed using sqlite3_step() it will either automatically
007006  ** reprepare itself (if it was originally created using sqlite3_prepare_v2())
007007  ** or it will fail with SQLITE_SCHEMA.
007008  ** 
007009  ** If P1 is 0, then all SQL statements become expired. If P1 is non-zero,
007010  ** then only the currently executing statement is expired.
007011  **
007012  ** If P2 is 0, then SQL statements are expired immediately.  If P2 is 1,
007013  ** then running SQL statements are allowed to continue to run to completion.
007014  ** The P2==1 case occurs when a CREATE INDEX or similar schema change happens
007015  ** that might help the statement run faster but which does not affect the
007016  ** correctness of operation.
007017  */
007018  case OP_Expire: {
007019    assert( pOp->p2==0 || pOp->p2==1 );
007020    if( !pOp->p1 ){
007021      sqlite3ExpirePreparedStatements(db, pOp->p2);
007022    }else{
007023      p->expired = pOp->p2+1;
007024    }
007025    break;
007026  }
007027  
007028  #ifndef SQLITE_OMIT_SHARED_CACHE
007029  /* Opcode: TableLock P1 P2 P3 P4 *
007030  ** Synopsis: iDb=P1 root=P2 write=P3
007031  **
007032  ** Obtain a lock on a particular table. This instruction is only used when
007033  ** the shared-cache feature is enabled. 
007034  **
007035  ** P1 is the index of the database in sqlite3.aDb[] of the database
007036  ** on which the lock is acquired.  A readlock is obtained if P3==0 or
007037  ** a write lock if P3==1.
007038  **
007039  ** P2 contains the root-page of the table to lock.
007040  **
007041  ** P4 contains a pointer to the name of the table being locked. This is only
007042  ** used to generate an error message if the lock cannot be obtained.
007043  */
007044  case OP_TableLock: {
007045    u8 isWriteLock = (u8)pOp->p3;
007046    if( isWriteLock || 0==(db->flags&SQLITE_ReadUncommit) ){
007047      int p1 = pOp->p1; 
007048      assert( p1>=0 && p1<db->nDb );
007049      assert( DbMaskTest(p->btreeMask, p1) );
007050      assert( isWriteLock==0 || isWriteLock==1 );
007051      rc = sqlite3BtreeLockTable(db->aDb[p1].pBt, pOp->p2, isWriteLock);
007052      if( rc ){
007053        if( (rc&0xFF)==SQLITE_LOCKED ){
007054          const char *z = pOp->p4.z;
007055          sqlite3VdbeError(p, "database table is locked: %s", z);
007056        }
007057        goto abort_due_to_error;
007058      }
007059    }
007060    break;
007061  }
007062  #endif /* SQLITE_OMIT_SHARED_CACHE */
007063  
007064  #ifndef SQLITE_OMIT_VIRTUALTABLE
007065  /* Opcode: VBegin * * * P4 *
007066  **
007067  ** P4 may be a pointer to an sqlite3_vtab structure. If so, call the 
007068  ** xBegin method for that table.
007069  **
007070  ** Also, whether or not P4 is set, check that this is not being called from
007071  ** within a callback to a virtual table xSync() method. If it is, the error
007072  ** code will be set to SQLITE_LOCKED.
007073  */
007074  case OP_VBegin: {
007075    VTable *pVTab;
007076    pVTab = pOp->p4.pVtab;
007077    rc = sqlite3VtabBegin(db, pVTab);
007078    if( pVTab ) sqlite3VtabImportErrmsg(p, pVTab->pVtab);
007079    if( rc ) goto abort_due_to_error;
007080    break;
007081  }
007082  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007083  
007084  #ifndef SQLITE_OMIT_VIRTUALTABLE
007085  /* Opcode: VCreate P1 P2 * * *
007086  **
007087  ** P2 is a register that holds the name of a virtual table in database 
007088  ** P1. Call the xCreate method for that table.
007089  */
007090  case OP_VCreate: {
007091    Mem sMem;          /* For storing the record being decoded */
007092    const char *zTab;  /* Name of the virtual table */
007093  
007094    memset(&sMem, 0, sizeof(sMem));
007095    sMem.db = db;
007096    /* Because P2 is always a static string, it is impossible for the
007097    ** sqlite3VdbeMemCopy() to fail */
007098    assert( (aMem[pOp->p2].flags & MEM_Str)!=0 );
007099    assert( (aMem[pOp->p2].flags & MEM_Static)!=0 );
007100    rc = sqlite3VdbeMemCopy(&sMem, &aMem[pOp->p2]);
007101    assert( rc==SQLITE_OK );
007102    zTab = (const char*)sqlite3_value_text(&sMem);
007103    assert( zTab || db->mallocFailed );
007104    if( zTab ){
007105      rc = sqlite3VtabCallCreate(db, pOp->p1, zTab, &p->zErrMsg);
007106    }
007107    sqlite3VdbeMemRelease(&sMem);
007108    if( rc ) goto abort_due_to_error;
007109    break;
007110  }
007111  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007112  
007113  #ifndef SQLITE_OMIT_VIRTUALTABLE
007114  /* Opcode: VDestroy P1 * * P4 *
007115  **
007116  ** P4 is the name of a virtual table in database P1.  Call the xDestroy method
007117  ** of that table.
007118  */
007119  case OP_VDestroy: {
007120    db->nVDestroy++;
007121    rc = sqlite3VtabCallDestroy(db, pOp->p1, pOp->p4.z);
007122    db->nVDestroy--;
007123    assert( p->errorAction==OE_Abort && p->usesStmtJournal );
007124    if( rc ) goto abort_due_to_error;
007125    break;
007126  }
007127  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007128  
007129  #ifndef SQLITE_OMIT_VIRTUALTABLE
007130  /* Opcode: VOpen P1 * * P4 *
007131  **
007132  ** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
007133  ** P1 is a cursor number.  This opcode opens a cursor to the virtual
007134  ** table and stores that cursor in P1.
007135  */
007136  case OP_VOpen: {
007137    VdbeCursor *pCur;
007138    sqlite3_vtab_cursor *pVCur;
007139    sqlite3_vtab *pVtab;
007140    const sqlite3_module *pModule;
007141  
007142    assert( p->bIsReader );
007143    pCur = 0;
007144    pVCur = 0;
007145    pVtab = pOp->p4.pVtab->pVtab;
007146    if( pVtab==0 || NEVER(pVtab->pModule==0) ){
007147      rc = SQLITE_LOCKED;
007148      goto abort_due_to_error;
007149    }
007150    pModule = pVtab->pModule;
007151    rc = pModule->xOpen(pVtab, &pVCur);
007152    sqlite3VtabImportErrmsg(p, pVtab);
007153    if( rc ) goto abort_due_to_error;
007154  
007155    /* Initialize sqlite3_vtab_cursor base class */
007156    pVCur->pVtab = pVtab;
007157  
007158    /* Initialize vdbe cursor object */
007159    pCur = allocateCursor(p, pOp->p1, 0, -1, CURTYPE_VTAB);
007160    if( pCur ){
007161      pCur->uc.pVCur = pVCur;
007162      pVtab->nRef++;
007163    }else{
007164      assert( db->mallocFailed );
007165      pModule->xClose(pVCur);
007166      goto no_mem;
007167    }
007168    break;
007169  }
007170  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007171  
007172  #ifndef SQLITE_OMIT_VIRTUALTABLE
007173  /* Opcode: VFilter P1 P2 P3 P4 *
007174  ** Synopsis: iplan=r[P3] zplan='P4'
007175  **
007176  ** P1 is a cursor opened using VOpen.  P2 is an address to jump to if
007177  ** the filtered result set is empty.
007178  **
007179  ** P4 is either NULL or a string that was generated by the xBestIndex
007180  ** method of the module.  The interpretation of the P4 string is left
007181  ** to the module implementation.
007182  **
007183  ** This opcode invokes the xFilter method on the virtual table specified
007184  ** by P1.  The integer query plan parameter to xFilter is stored in register
007185  ** P3. Register P3+1 stores the argc parameter to be passed to the
007186  ** xFilter method. Registers P3+2..P3+1+argc are the argc
007187  ** additional parameters which are passed to
007188  ** xFilter as argv. Register P3+2 becomes argv[0] when passed to xFilter.
007189  **
007190  ** A jump is made to P2 if the result set after filtering would be empty.
007191  */
007192  case OP_VFilter: {   /* jump */
007193    int nArg;
007194    int iQuery;
007195    const sqlite3_module *pModule;
007196    Mem *pQuery;
007197    Mem *pArgc;
007198    sqlite3_vtab_cursor *pVCur;
007199    sqlite3_vtab *pVtab;
007200    VdbeCursor *pCur;
007201    int res;
007202    int i;
007203    Mem **apArg;
007204  
007205    pQuery = &aMem[pOp->p3];
007206    pArgc = &pQuery[1];
007207    pCur = p->apCsr[pOp->p1];
007208    assert( memIsValid(pQuery) );
007209    REGISTER_TRACE(pOp->p3, pQuery);
007210    assert( pCur->eCurType==CURTYPE_VTAB );
007211    pVCur = pCur->uc.pVCur;
007212    pVtab = pVCur->pVtab;
007213    pModule = pVtab->pModule;
007214  
007215    /* Grab the index number and argc parameters */
007216    assert( (pQuery->flags&MEM_Int)!=0 && pArgc->flags==MEM_Int );
007217    nArg = (int)pArgc->u.i;
007218    iQuery = (int)pQuery->u.i;
007219  
007220    /* Invoke the xFilter method */
007221    res = 0;
007222    apArg = p->apArg;
007223    for(i = 0; i<nArg; i++){
007224      apArg[i] = &pArgc[i+1];
007225    }
007226    rc = pModule->xFilter(pVCur, iQuery, pOp->p4.z, nArg, apArg);
007227    sqlite3VtabImportErrmsg(p, pVtab);
007228    if( rc ) goto abort_due_to_error;
007229    res = pModule->xEof(pVCur);
007230    pCur->nullRow = 0;
007231    VdbeBranchTaken(res!=0,2);
007232    if( res ) goto jump_to_p2;
007233    break;
007234  }
007235  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007236  
007237  #ifndef SQLITE_OMIT_VIRTUALTABLE
007238  /* Opcode: VColumn P1 P2 P3 * P5
007239  ** Synopsis: r[P3]=vcolumn(P2)
007240  **
007241  ** Store in register P3 the value of the P2-th column of
007242  ** the current row of the virtual-table of cursor P1.
007243  **
007244  ** If the VColumn opcode is being used to fetch the value of
007245  ** an unchanging column during an UPDATE operation, then the P5
007246  ** value is OPFLAG_NOCHNG.  This will cause the sqlite3_vtab_nochange()
007247  ** function to return true inside the xColumn method of the virtual
007248  ** table implementation.  The P5 column might also contain other
007249  ** bits (OPFLAG_LENGTHARG or OPFLAG_TYPEOFARG) but those bits are
007250  ** unused by OP_VColumn.
007251  */
007252  case OP_VColumn: {
007253    sqlite3_vtab *pVtab;
007254    const sqlite3_module *pModule;
007255    Mem *pDest;
007256    sqlite3_context sContext;
007257  
007258    VdbeCursor *pCur = p->apCsr[pOp->p1];
007259    assert( pCur->eCurType==CURTYPE_VTAB );
007260    assert( pOp->p3>0 && pOp->p3<=(p->nMem+1 - p->nCursor) );
007261    pDest = &aMem[pOp->p3];
007262    memAboutToChange(p, pDest);
007263    if( pCur->nullRow ){
007264      sqlite3VdbeMemSetNull(pDest);
007265      break;
007266    }
007267    pVtab = pCur->uc.pVCur->pVtab;
007268    pModule = pVtab->pModule;
007269    assert( pModule->xColumn );
007270    memset(&sContext, 0, sizeof(sContext));
007271    sContext.pOut = pDest;
007272    assert( pOp->p5==OPFLAG_NOCHNG || pOp->p5==0 );
007273    if( pOp->p5 & OPFLAG_NOCHNG ){
007274      sqlite3VdbeMemSetNull(pDest);
007275      pDest->flags = MEM_Null|MEM_Zero;
007276      pDest->u.nZero = 0;
007277    }else{
007278      MemSetTypeFlag(pDest, MEM_Null);
007279    }
007280    rc = pModule->xColumn(pCur->uc.pVCur, &sContext, pOp->p2);
007281    sqlite3VtabImportErrmsg(p, pVtab);
007282    if( sContext.isError>0 ){
007283      sqlite3VdbeError(p, "%s", sqlite3_value_text(pDest));
007284      rc = sContext.isError;
007285    }
007286    sqlite3VdbeChangeEncoding(pDest, encoding);
007287    REGISTER_TRACE(pOp->p3, pDest);
007288    UPDATE_MAX_BLOBSIZE(pDest);
007289  
007290    if( sqlite3VdbeMemTooBig(pDest) ){
007291      goto too_big;
007292    }
007293    if( rc ) goto abort_due_to_error;
007294    break;
007295  }
007296  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007297  
007298  #ifndef SQLITE_OMIT_VIRTUALTABLE
007299  /* Opcode: VNext P1 P2 * * *
007300  **
007301  ** Advance virtual table P1 to the next row in its result set and
007302  ** jump to instruction P2.  Or, if the virtual table has reached
007303  ** the end of its result set, then fall through to the next instruction.
007304  */
007305  case OP_VNext: {   /* jump */
007306    sqlite3_vtab *pVtab;
007307    const sqlite3_module *pModule;
007308    int res;
007309    VdbeCursor *pCur;
007310  
007311    res = 0;
007312    pCur = p->apCsr[pOp->p1];
007313    assert( pCur->eCurType==CURTYPE_VTAB );
007314    if( pCur->nullRow ){
007315      break;
007316    }
007317    pVtab = pCur->uc.pVCur->pVtab;
007318    pModule = pVtab->pModule;
007319    assert( pModule->xNext );
007320  
007321    /* Invoke the xNext() method of the module. There is no way for the
007322    ** underlying implementation to return an error if one occurs during
007323    ** xNext(). Instead, if an error occurs, true is returned (indicating that 
007324    ** data is available) and the error code returned when xColumn or
007325    ** some other method is next invoked on the save virtual table cursor.
007326    */
007327    rc = pModule->xNext(pCur->uc.pVCur);
007328    sqlite3VtabImportErrmsg(p, pVtab);
007329    if( rc ) goto abort_due_to_error;
007330    res = pModule->xEof(pCur->uc.pVCur);
007331    VdbeBranchTaken(!res,2);
007332    if( !res ){
007333      /* If there is data, jump to P2 */
007334      goto jump_to_p2_and_check_for_interrupt;
007335    }
007336    goto check_for_interrupt;
007337  }
007338  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007339  
007340  #ifndef SQLITE_OMIT_VIRTUALTABLE
007341  /* Opcode: VRename P1 * * P4 *
007342  **
007343  ** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
007344  ** This opcode invokes the corresponding xRename method. The value
007345  ** in register P1 is passed as the zName argument to the xRename method.
007346  */
007347  case OP_VRename: {
007348    sqlite3_vtab *pVtab;
007349    Mem *pName;
007350    int isLegacy;
007351    
007352    isLegacy = (db->flags & SQLITE_LegacyAlter);
007353    db->flags |= SQLITE_LegacyAlter;
007354    pVtab = pOp->p4.pVtab->pVtab;
007355    pName = &aMem[pOp->p1];
007356    assert( pVtab->pModule->xRename );
007357    assert( memIsValid(pName) );
007358    assert( p->readOnly==0 );
007359    REGISTER_TRACE(pOp->p1, pName);
007360    assert( pName->flags & MEM_Str );
007361    testcase( pName->enc==SQLITE_UTF8 );
007362    testcase( pName->enc==SQLITE_UTF16BE );
007363    testcase( pName->enc==SQLITE_UTF16LE );
007364    rc = sqlite3VdbeChangeEncoding(pName, SQLITE_UTF8);
007365    if( rc ) goto abort_due_to_error;
007366    rc = pVtab->pModule->xRename(pVtab, pName->z);
007367    if( isLegacy==0 ) db->flags &= ~(u64)SQLITE_LegacyAlter;
007368    sqlite3VtabImportErrmsg(p, pVtab);
007369    p->expired = 0;
007370    if( rc ) goto abort_due_to_error;
007371    break;
007372  }
007373  #endif
007374  
007375  #ifndef SQLITE_OMIT_VIRTUALTABLE
007376  /* Opcode: VUpdate P1 P2 P3 P4 P5
007377  ** Synopsis: data=r[P3@P2]
007378  **
007379  ** P4 is a pointer to a virtual table object, an sqlite3_vtab structure.
007380  ** This opcode invokes the corresponding xUpdate method. P2 values
007381  ** are contiguous memory cells starting at P3 to pass to the xUpdate 
007382  ** invocation. The value in register (P3+P2-1) corresponds to the 
007383  ** p2th element of the argv array passed to xUpdate.
007384  **
007385  ** The xUpdate method will do a DELETE or an INSERT or both.
007386  ** The argv[0] element (which corresponds to memory cell P3)
007387  ** is the rowid of a row to delete.  If argv[0] is NULL then no 
007388  ** deletion occurs.  The argv[1] element is the rowid of the new 
007389  ** row.  This can be NULL to have the virtual table select the new 
007390  ** rowid for itself.  The subsequent elements in the array are 
007391  ** the values of columns in the new row.
007392  **
007393  ** If P2==1 then no insert is performed.  argv[0] is the rowid of
007394  ** a row to delete.
007395  **
007396  ** P1 is a boolean flag. If it is set to true and the xUpdate call
007397  ** is successful, then the value returned by sqlite3_last_insert_rowid() 
007398  ** is set to the value of the rowid for the row just inserted.
007399  **
007400  ** P5 is the error actions (OE_Replace, OE_Fail, OE_Ignore, etc) to
007401  ** apply in the case of a constraint failure on an insert or update.
007402  */
007403  case OP_VUpdate: {
007404    sqlite3_vtab *pVtab;
007405    const sqlite3_module *pModule;
007406    int nArg;
007407    int i;
007408    sqlite_int64 rowid;
007409    Mem **apArg;
007410    Mem *pX;
007411  
007412    assert( pOp->p2==1        || pOp->p5==OE_Fail   || pOp->p5==OE_Rollback 
007413         || pOp->p5==OE_Abort || pOp->p5==OE_Ignore || pOp->p5==OE_Replace
007414    );
007415    assert( p->readOnly==0 );
007416    if( db->mallocFailed ) goto no_mem;
007417    sqlite3VdbeIncrWriteCounter(p, 0);
007418    pVtab = pOp->p4.pVtab->pVtab;
007419    if( pVtab==0 || NEVER(pVtab->pModule==0) ){
007420      rc = SQLITE_LOCKED;
007421      goto abort_due_to_error;
007422    }
007423    pModule = pVtab->pModule;
007424    nArg = pOp->p2;
007425    assert( pOp->p4type==P4_VTAB );
007426    if( ALWAYS(pModule->xUpdate) ){
007427      u8 vtabOnConflict = db->vtabOnConflict;
007428      apArg = p->apArg;
007429      pX = &aMem[pOp->p3];
007430      for(i=0; i<nArg; i++){
007431        assert( memIsValid(pX) );
007432        memAboutToChange(p, pX);
007433        apArg[i] = pX;
007434        pX++;
007435      }
007436      db->vtabOnConflict = pOp->p5;
007437      rc = pModule->xUpdate(pVtab, nArg, apArg, &rowid);
007438      db->vtabOnConflict = vtabOnConflict;
007439      sqlite3VtabImportErrmsg(p, pVtab);
007440      if( rc==SQLITE_OK && pOp->p1 ){
007441        assert( nArg>1 && apArg[0] && (apArg[0]->flags&MEM_Null) );
007442        db->lastRowid = rowid;
007443      }
007444      if( (rc&0xff)==SQLITE_CONSTRAINT && pOp->p4.pVtab->bConstraint ){
007445        if( pOp->p5==OE_Ignore ){
007446          rc = SQLITE_OK;
007447        }else{
007448          p->errorAction = ((pOp->p5==OE_Replace) ? OE_Abort : pOp->p5);
007449        }
007450      }else{
007451        p->nChange++;
007452      }
007453      if( rc ) goto abort_due_to_error;
007454    }
007455    break;
007456  }
007457  #endif /* SQLITE_OMIT_VIRTUALTABLE */
007458  
007459  #ifndef  SQLITE_OMIT_PAGER_PRAGMAS
007460  /* Opcode: Pagecount P1 P2 * * *
007461  **
007462  ** Write the current number of pages in database P1 to memory cell P2.
007463  */
007464  case OP_Pagecount: {            /* out2 */
007465    pOut = out2Prerelease(p, pOp);
007466    pOut->u.i = sqlite3BtreeLastPage(db->aDb[pOp->p1].pBt);
007467    break;
007468  }
007469  #endif
007470  
007471  
007472  #ifndef  SQLITE_OMIT_PAGER_PRAGMAS
007473  /* Opcode: MaxPgcnt P1 P2 P3 * *
007474  **
007475  ** Try to set the maximum page count for database P1 to the value in P3.
007476  ** Do not let the maximum page count fall below the current page count and
007477  ** do not change the maximum page count value if P3==0.
007478  **
007479  ** Store the maximum page count after the change in register P2.
007480  */
007481  case OP_MaxPgcnt: {            /* out2 */
007482    unsigned int newMax;
007483    Btree *pBt;
007484  
007485    pOut = out2Prerelease(p, pOp);
007486    pBt = db->aDb[pOp->p1].pBt;
007487    newMax = 0;
007488    if( pOp->p3 ){
007489      newMax = sqlite3BtreeLastPage(pBt);
007490      if( newMax < (unsigned)pOp->p3 ) newMax = (unsigned)pOp->p3;
007491    }
007492    pOut->u.i = sqlite3BtreeMaxPageCount(pBt, newMax);
007493    break;
007494  }
007495  #endif
007496  
007497  /* Opcode: Function P1 P2 P3 P4 *
007498  ** Synopsis: r[P3]=func(r[P2@P5])
007499  **
007500  ** Invoke a user function (P4 is a pointer to an sqlite3_context object that
007501  ** contains a pointer to the function to be run) with arguments taken
007502  ** from register P2 and successors.  The number of arguments is in
007503  ** the sqlite3_context object that P4 points to.
007504  ** The result of the function is stored
007505  ** in register P3.  Register P3 must not be one of the function inputs.
007506  **
007507  ** P1 is a 32-bit bitmask indicating whether or not each argument to the 
007508  ** function was determined to be constant at compile time. If the first
007509  ** argument was constant then bit 0 of P1 is set. This is used to determine
007510  ** whether meta data associated with a user function argument using the
007511  ** sqlite3_set_auxdata() API may be safely retained until the next
007512  ** invocation of this opcode.
007513  **
007514  ** See also: AggStep, AggFinal, PureFunc
007515  */
007516  /* Opcode: PureFunc P1 P2 P3 P4 *
007517  ** Synopsis: r[P3]=func(r[P2@P5])
007518  **
007519  ** Invoke a user function (P4 is a pointer to an sqlite3_context object that
007520  ** contains a pointer to the function to be run) with arguments taken
007521  ** from register P2 and successors.  The number of arguments is in
007522  ** the sqlite3_context object that P4 points to.
007523  ** The result of the function is stored
007524  ** in register P3.  Register P3 must not be one of the function inputs.
007525  **
007526  ** P1 is a 32-bit bitmask indicating whether or not each argument to the 
007527  ** function was determined to be constant at compile time. If the first
007528  ** argument was constant then bit 0 of P1 is set. This is used to determine
007529  ** whether meta data associated with a user function argument using the
007530  ** sqlite3_set_auxdata() API may be safely retained until the next
007531  ** invocation of this opcode.
007532  **
007533  ** This opcode works exactly like OP_Function.  The only difference is in
007534  ** its name.  This opcode is used in places where the function must be
007535  ** purely non-deterministic.  Some built-in date/time functions can be
007536  ** either determinitic of non-deterministic, depending on their arguments.
007537  ** When those function are used in a non-deterministic way, they will check
007538  ** to see if they were called using OP_PureFunc instead of OP_Function, and
007539  ** if they were, they throw an error.
007540  **
007541  ** See also: AggStep, AggFinal, Function
007542  */
007543  case OP_PureFunc:              /* group */
007544  case OP_Function: {            /* group */
007545    int i;
007546    sqlite3_context *pCtx;
007547  
007548    assert( pOp->p4type==P4_FUNCCTX );
007549    pCtx = pOp->p4.pCtx;
007550  
007551    /* If this function is inside of a trigger, the register array in aMem[]
007552    ** might change from one evaluation to the next.  The next block of code
007553    ** checks to see if the register array has changed, and if so it
007554    ** reinitializes the relavant parts of the sqlite3_context object */
007555    pOut = &aMem[pOp->p3];
007556    if( pCtx->pOut != pOut ){
007557      pCtx->pVdbe = p;
007558      pCtx->pOut = pOut;
007559      for(i=pCtx->argc-1; i>=0; i--) pCtx->argv[i] = &aMem[pOp->p2+i];
007560    }
007561    assert( pCtx->pVdbe==p );
007562  
007563    memAboutToChange(p, pOut);
007564  #ifdef SQLITE_DEBUG
007565    for(i=0; i<pCtx->argc; i++){
007566      assert( memIsValid(pCtx->argv[i]) );
007567      REGISTER_TRACE(pOp->p2+i, pCtx->argv[i]);
007568    }
007569  #endif
007570    MemSetTypeFlag(pOut, MEM_Null);
007571    assert( pCtx->isError==0 );
007572    (*pCtx->pFunc->xSFunc)(pCtx, pCtx->argc, pCtx->argv);/* IMP: R-24505-23230 */
007573  
007574    /* If the function returned an error, throw an exception */
007575    if( pCtx->isError ){
007576      if( pCtx->isError>0 ){
007577        sqlite3VdbeError(p, "%s", sqlite3_value_text(pOut));
007578        rc = pCtx->isError;
007579      }
007580      sqlite3VdbeDeleteAuxData(db, &p->pAuxData, pCtx->iOp, pOp->p1);
007581      pCtx->isError = 0;
007582      if( rc ) goto abort_due_to_error;
007583    }
007584  
007585    /* Copy the result of the function into register P3 */
007586    if( pOut->flags & (MEM_Str|MEM_Blob) ){
007587      sqlite3VdbeChangeEncoding(pOut, encoding);
007588      if( sqlite3VdbeMemTooBig(pOut) ) goto too_big;
007589    }
007590  
007591    REGISTER_TRACE(pOp->p3, pOut);
007592    UPDATE_MAX_BLOBSIZE(pOut);
007593    break;
007594  }
007595  
007596  /* Opcode: Trace P1 P2 * P4 *
007597  **
007598  ** Write P4 on the statement trace output if statement tracing is
007599  ** enabled.
007600  **
007601  ** Operand P1 must be 0x7fffffff and P2 must positive.
007602  */
007603  /* Opcode: Init P1 P2 P3 P4 *
007604  ** Synopsis: Start at P2
007605  **
007606  ** Programs contain a single instance of this opcode as the very first
007607  ** opcode.
007608  **
007609  ** If tracing is enabled (by the sqlite3_trace()) interface, then
007610  ** the UTF-8 string contained in P4 is emitted on the trace callback.
007611  ** Or if P4 is blank, use the string returned by sqlite3_sql().
007612  **
007613  ** If P2 is not zero, jump to instruction P2.
007614  **
007615  ** Increment the value of P1 so that OP_Once opcodes will jump the
007616  ** first time they are evaluated for this run.
007617  **
007618  ** If P3 is not zero, then it is an address to jump to if an SQLITE_CORRUPT
007619  ** error is encountered.
007620  */
007621  case OP_Trace:
007622  case OP_Init: {          /* jump */
007623    int i;
007624  #ifndef SQLITE_OMIT_TRACE
007625    char *zTrace;
007626  #endif
007627  
007628    /* If the P4 argument is not NULL, then it must be an SQL comment string.
007629    ** The "--" string is broken up to prevent false-positives with srcck1.c.
007630    **
007631    ** This assert() provides evidence for:
007632    ** EVIDENCE-OF: R-50676-09860 The callback can compute the same text that
007633    ** would have been returned by the legacy sqlite3_trace() interface by
007634    ** using the X argument when X begins with "--" and invoking
007635    ** sqlite3_expanded_sql(P) otherwise.
007636    */
007637    assert( pOp->p4.z==0 || strncmp(pOp->p4.z, "-" "- ", 3)==0 );
007638  
007639    /* OP_Init is always instruction 0 */
007640    assert( pOp==p->aOp || pOp->opcode==OP_Trace );
007641  
007642  #ifndef SQLITE_OMIT_TRACE
007643    if( (db->mTrace & (SQLITE_TRACE_STMT|SQLITE_TRACE_LEGACY))!=0
007644     && !p->doingRerun
007645     && (zTrace = (pOp->p4.z ? pOp->p4.z : p->zSql))!=0
007646    ){
007647  #ifndef SQLITE_OMIT_DEPRECATED
007648      if( db->mTrace & SQLITE_TRACE_LEGACY ){
007649        void (*x)(void*,const char*) = (void(*)(void*,const char*))db->xTrace;
007650        char *z = sqlite3VdbeExpandSql(p, zTrace);
007651        x(db->pTraceArg, z);
007652        sqlite3_free(z);
007653      }else
007654  #endif
007655      if( db->nVdbeExec>1 ){
007656        char *z = sqlite3MPrintf(db, "-- %s", zTrace);
007657        (void)db->xTrace(SQLITE_TRACE_STMT, db->pTraceArg, p, z);
007658        sqlite3DbFree(db, z);
007659      }else{
007660        (void)db->xTrace(SQLITE_TRACE_STMT, db->pTraceArg, p, zTrace);
007661      }
007662    }
007663  #ifdef SQLITE_USE_FCNTL_TRACE
007664    zTrace = (pOp->p4.z ? pOp->p4.z : p->zSql);
007665    if( zTrace ){
007666      int j;
007667      for(j=0; j<db->nDb; j++){
007668        if( DbMaskTest(p->btreeMask, j)==0 ) continue;
007669        sqlite3_file_control(db, db->aDb[j].zDbSName, SQLITE_FCNTL_TRACE, zTrace);
007670      }
007671    }
007672  #endif /* SQLITE_USE_FCNTL_TRACE */
007673  #ifdef SQLITE_DEBUG
007674    if( (db->flags & SQLITE_SqlTrace)!=0
007675     && (zTrace = (pOp->p4.z ? pOp->p4.z : p->zSql))!=0
007676    ){
007677      sqlite3DebugPrintf("SQL-trace: %s\n", zTrace);
007678    }
007679  #endif /* SQLITE_DEBUG */
007680  #endif /* SQLITE_OMIT_TRACE */
007681    assert( pOp->p2>0 );
007682    if( pOp->p1>=sqlite3GlobalConfig.iOnceResetThreshold ){
007683      if( pOp->opcode==OP_Trace ) break;
007684      for(i=1; i<p->nOp; i++){
007685        if( p->aOp[i].opcode==OP_Once ) p->aOp[i].p1 = 0;
007686      }
007687      pOp->p1 = 0;
007688    }
007689    pOp->p1++;
007690    p->aCounter[SQLITE_STMTSTATUS_RUN]++;
007691    goto jump_to_p2;
007692  }
007693  
007694  #ifdef SQLITE_ENABLE_CURSOR_HINTS
007695  /* Opcode: CursorHint P1 * * P4 *
007696  **
007697  ** Provide a hint to cursor P1 that it only needs to return rows that
007698  ** satisfy the Expr in P4.  TK_REGISTER terms in the P4 expression refer
007699  ** to values currently held in registers.  TK_COLUMN terms in the P4
007700  ** expression refer to columns in the b-tree to which cursor P1 is pointing.
007701  */
007702  case OP_CursorHint: {
007703    VdbeCursor *pC;
007704  
007705    assert( pOp->p1>=0 && pOp->p1<p->nCursor );
007706    assert( pOp->p4type==P4_EXPR );
007707    pC = p->apCsr[pOp->p1];
007708    if( pC ){
007709      assert( pC->eCurType==CURTYPE_BTREE );
007710      sqlite3BtreeCursorHint(pC->uc.pCursor, BTREE_HINT_RANGE,
007711                             pOp->p4.pExpr, aMem);
007712    }
007713    break;
007714  }
007715  #endif /* SQLITE_ENABLE_CURSOR_HINTS */
007716  
007717  #ifdef SQLITE_DEBUG
007718  /* Opcode:  Abortable   * * * * *
007719  **
007720  ** Verify that an Abort can happen.  Assert if an Abort at this point
007721  ** might cause database corruption.  This opcode only appears in debugging
007722  ** builds.
007723  **
007724  ** An Abort is safe if either there have been no writes, or if there is
007725  ** an active statement journal.
007726  */
007727  case OP_Abortable: {
007728    sqlite3VdbeAssertAbortable(p);
007729    break;
007730  }
007731  #endif
007732  
007733  #ifdef SQLITE_DEBUG
007734  /* Opcode:  ReleaseReg   P1 P2 P3 * *
007735  ** Synopsis: release r[P1@P2] mask P3
007736  **
007737  ** Release registers from service.  Any content that was in the
007738  ** the registers is unreliable after this opcode completes.
007739  **
007740  ** The registers released will be the P2 registers starting at P1,
007741  ** except if bit ii of P3 set, then do not release register P1+ii.
007742  ** In other words, P3 is a mask of registers to preserve.
007743  **
007744  ** Releasing a register clears the Mem.pScopyFrom pointer.  That means
007745  ** that if the content of the released register was set using OP_SCopy,
007746  ** a change to the value of the source register for the OP_SCopy will no longer
007747  ** generate an assertion fault in sqlite3VdbeMemAboutToChange().
007748  **
007749  ** TODO: Released registers ought to also have their datatype set to
007750  ** MEM_Undefined so that any subsequent attempt to read the released
007751  ** register (before it is reinitialized) will generate an assertion fault.
007752  ** However, there are places in the code generator which release registers
007753  ** before their are used, under the (valid) assumption that the registers
007754  ** will not be reallocated for some other purpose before they are used and
007755  ** hence are safe to release.
007756  **
007757  ** This opcode is only available in testing and debugging builds.  It is
007758  ** not generated for release builds.  The purpose of this opcode is to help
007759  ** validate the generated bytecode.  This opcode does not actually contribute
007760  ** to computing an answer.
007761  */
007762  case OP_ReleaseReg: {
007763    Mem *pMem;
007764    int i;
007765    u32 constMask;
007766    assert( pOp->p1>0 );
007767    assert( pOp->p1+pOp->p2<=(p->nMem+1 - p->nCursor)+1 );
007768    pMem = &aMem[pOp->p1];
007769    constMask = pOp->p3;
007770    for(i=0; i<pOp->p2; i++, pMem++){
007771      if( i>=32 || (constMask & MASKBIT32(i))==0 ){
007772        pMem->pScopyFrom = 0;
007773        /* MemSetTypeFlag(pMem, MEM_Undefined); // See the TODO */
007774      }
007775    }
007776    break;
007777  }
007778  #endif
007779  
007780  /* Opcode: Noop * * * * *
007781  **
007782  ** Do nothing.  This instruction is often useful as a jump
007783  ** destination.
007784  */
007785  /*
007786  ** The magic Explain opcode are only inserted when explain==2 (which
007787  ** is to say when the EXPLAIN QUERY PLAN syntax is used.)
007788  ** This opcode records information from the optimizer.  It is the
007789  ** the same as a no-op.  This opcodesnever appears in a real VM program.
007790  */
007791  default: {          /* This is really OP_Noop, OP_Explain */
007792    assert( pOp->opcode==OP_Noop || pOp->opcode==OP_Explain );
007793  
007794    break;
007795  }
007796  
007797  /*****************************************************************************
007798  ** The cases of the switch statement above this line should all be indented
007799  ** by 6 spaces.  But the left-most 6 spaces have been removed to improve the
007800  ** readability.  From this point on down, the normal indentation rules are
007801  ** restored.
007802  *****************************************************************************/
007803      }
007804  
007805  #ifdef VDBE_PROFILE
007806      {
007807        u64 endTime = sqlite3NProfileCnt ? sqlite3NProfileCnt : sqlite3Hwtime();
007808        if( endTime>start ) pOrigOp->cycles += endTime - start;
007809        pOrigOp->cnt++;
007810      }
007811  #endif
007812  
007813      /* The following code adds nothing to the actual functionality
007814      ** of the program.  It is only here for testing and debugging.
007815      ** On the other hand, it does burn CPU cycles every time through
007816      ** the evaluator loop.  So we can leave it out when NDEBUG is defined.
007817      */
007818  #ifndef NDEBUG
007819      assert( pOp>=&aOp[-1] && pOp<&aOp[p->nOp-1] );
007820  
007821  #ifdef SQLITE_DEBUG
007822      if( db->flags & SQLITE_VdbeTrace ){
007823        u8 opProperty = sqlite3OpcodeProperty[pOrigOp->opcode];
007824        if( rc!=0 ) printf("rc=%d\n",rc);
007825        if( opProperty & (OPFLG_OUT2) ){
007826          registerTrace(pOrigOp->p2, &aMem[pOrigOp->p2]);
007827        }
007828        if( opProperty & OPFLG_OUT3 ){
007829          registerTrace(pOrigOp->p3, &aMem[pOrigOp->p3]);
007830        }
007831      }
007832  #endif  /* SQLITE_DEBUG */
007833  #endif  /* NDEBUG */
007834    }  /* The end of the for(;;) loop the loops through opcodes */
007835  
007836    /* If we reach this point, it means that execution is finished with
007837    ** an error of some kind.
007838    */
007839  abort_due_to_error:
007840    if( db->mallocFailed ) rc = SQLITE_NOMEM_BKPT;
007841    assert( rc );
007842    if( p->zErrMsg==0 && rc!=SQLITE_IOERR_NOMEM ){
007843      sqlite3VdbeError(p, "%s", sqlite3ErrStr(rc));
007844    }
007845    p->rc = rc;
007846    sqlite3SystemError(db, rc);
007847    testcase( sqlite3GlobalConfig.xLog!=0 );
007848    sqlite3_log(rc, "statement aborts at %d: [%s] %s", 
007849                     (int)(pOp - aOp), p->zSql, p->zErrMsg);
007850    sqlite3VdbeHalt(p);
007851    if( rc==SQLITE_IOERR_NOMEM ) sqlite3OomFault(db);
007852    rc = SQLITE_ERROR;
007853    if( resetSchemaOnFault>0 ){
007854      sqlite3ResetOneSchema(db, resetSchemaOnFault-1);
007855    }
007856  
007857    /* This is the only way out of this procedure.  We have to
007858    ** release the mutexes on btrees that were acquired at the
007859    ** top. */
007860  vdbe_return:
007861  #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
007862    while( nVmStep>=nProgressLimit && db->xProgress!=0 ){
007863      nProgressLimit += db->nProgressOps;
007864      if( db->xProgress(db->pProgressArg) ){
007865        nProgressLimit = 0xffffffff;
007866        rc = SQLITE_INTERRUPT;
007867        goto abort_due_to_error;
007868      }
007869    }
007870  #endif
007871    p->aCounter[SQLITE_STMTSTATUS_VM_STEP] += (int)nVmStep;
007872    sqlite3VdbeLeave(p);
007873    assert( rc!=SQLITE_OK || nExtraDelete==0 
007874         || sqlite3_strlike("DELETE%",p->zSql,0)!=0 
007875    );
007876    return rc;
007877  
007878    /* Jump to here if a string or blob larger than SQLITE_MAX_LENGTH
007879    ** is encountered.
007880    */
007881  too_big:
007882    sqlite3VdbeError(p, "string or blob too big");
007883    rc = SQLITE_TOOBIG;
007884    goto abort_due_to_error;
007885  
007886    /* Jump to here if a malloc() fails.
007887    */
007888  no_mem:
007889    sqlite3OomFault(db);
007890    sqlite3VdbeError(p, "out of memory");
007891    rc = SQLITE_NOMEM_BKPT;
007892    goto abort_due_to_error;
007893  
007894    /* Jump to here if the sqlite3_interrupt() API sets the interrupt
007895    ** flag.
007896    */
007897  abort_due_to_interrupt:
007898    assert( db->u1.isInterrupted );
007899    rc = db->mallocFailed ? SQLITE_NOMEM_BKPT : SQLITE_INTERRUPT;
007900    p->rc = rc;
007901    sqlite3VdbeError(p, "%s", sqlite3ErrStr(rc));
007902    goto abort_due_to_error;
007903  }