xref: /titanic_41/usr/src/lib/libsqlite/src/vdbe.c (revision c5c4113dfcabb1eed3d4bdf7609de5170027a794)
1 /*
2  * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
3  * Use is subject to license terms.
4  */
5 
6 #pragma ident	"%Z%%M%	%I%	%E% SMI"
7 
8 /*
9 ** 2001 September 15
10 **
11 ** The author disclaims copyright to this source code.  In place of
12 ** a legal notice, here is a blessing:
13 **
14 **    May you do good and not evil.
15 **    May you find forgiveness for yourself and forgive others.
16 **    May you share freely, never taking more than you give.
17 **
18 *************************************************************************
19 ** The code in this file implements execution method of the
20 ** Virtual Database Engine (VDBE).  A separate file ("vdbeaux.c")
21 ** handles housekeeping details such as creating and deleting
22 ** VDBE instances.  This file is solely interested in executing
23 ** the VDBE program.
24 **
25 ** In the external interface, an "sqlite_vm*" is an opaque pointer
26 ** to a VDBE.
27 **
28 ** The SQL parser generates a program which is then executed by
29 ** the VDBE to do the work of the SQL statement.  VDBE programs are
30 ** similar in form to assembly language.  The program consists of
31 ** a linear sequence of operations.  Each operation has an opcode
32 ** and 3 operands.  Operands P1 and P2 are integers.  Operand P3
33 ** is a null-terminated string.   The P2 operand must be non-negative.
34 ** Opcodes will typically ignore one or more operands.  Many opcodes
35 ** ignore all three operands.
36 **
37 ** Computation results are stored on a stack.  Each entry on the
38 ** stack is either an integer, a null-terminated string, a floating point
39 ** number, or the SQL "NULL" value.  An inplicit conversion from one
40 ** type to the other occurs as necessary.
41 **
42 ** Most of the code in this file is taken up by the sqliteVdbeExec()
43 ** function which does the work of interpreting a VDBE program.
44 ** But other routines are also provided to help in building up
45 ** a program instruction by instruction.
46 **
47 ** Various scripts scan this source file in order to generate HTML
48 ** documentation, headers files, or other derived files.  The formatting
49 ** of the code in this file is, therefore, important.  See other comments
50 ** in this file for details.  If in doubt, do not deviate from existing
51 ** commenting and indentation practices when changing or adding code.
52 **
53 ** $Id: vdbe.c,v 1.268.2.3 2004/07/19 19:30:50 drh Exp $
54 */
55 #include "sqliteInt.h"
56 #include "os.h"
57 #include <ctype.h>
58 #include "vdbeInt.h"
59 
60 /*
61 ** The following global variable is incremented every time a cursor
62 ** moves, either by the OP_MoveTo or the OP_Next opcode.  The test
63 ** procedures use this information to make sure that indices are
64 ** working correctly.  This variable has no function other than to
65 ** help verify the correct operation of the library.
66 */
67 int sqlite_search_count = 0;
68 
69 /*
70 ** When this global variable is positive, it gets decremented once before
71 ** each instruction in the VDBE.  When reaches zero, the SQLITE_Interrupt
72 ** of the db.flags field is set in order to simulate an interrupt.
73 **
74 ** This facility is used for testing purposes only.  It does not function
75 ** in an ordinary build.
76 */
77 int sqlite_interrupt_count = 0;
78 
79 /*
80 ** Advance the virtual machine to the next output row.
81 **
82 ** The return vale will be either SQLITE_BUSY, SQLITE_DONE,
83 ** SQLITE_ROW, SQLITE_ERROR, or SQLITE_MISUSE.
84 **
85 ** SQLITE_BUSY means that the virtual machine attempted to open
86 ** a locked database and there is no busy callback registered.
87 ** Call sqlite_step() again to retry the open.  *pN is set to 0
88 ** and *pazColName and *pazValue are both set to NULL.
89 **
90 ** SQLITE_DONE means that the virtual machine has finished
91 ** executing.  sqlite_step() should not be called again on this
92 ** virtual machine.  *pN and *pazColName are set appropriately
93 ** but *pazValue is set to NULL.
94 **
95 ** SQLITE_ROW means that the virtual machine has generated another
96 ** row of the result set.  *pN is set to the number of columns in
97 ** the row.  *pazColName is set to the names of the columns followed
98 ** by the column datatypes.  *pazValue is set to the values of each
99 ** column in the row.  The value of the i-th column is (*pazValue)[i].
100 ** The name of the i-th column is (*pazColName)[i] and the datatype
101 ** of the i-th column is (*pazColName)[i+*pN].
102 **
103 ** SQLITE_ERROR means that a run-time error (such as a constraint
104 ** violation) has occurred.  The details of the error will be returned
105 ** by the next call to sqlite_finalize().  sqlite_step() should not
106 ** be called again on the VM.
107 **
108 ** SQLITE_MISUSE means that the this routine was called inappropriately.
109 ** Perhaps it was called on a virtual machine that had already been
110 ** finalized or on one that had previously returned SQLITE_ERROR or
111 ** SQLITE_DONE.  Or it could be the case the the same database connection
112 ** is being used simulataneously by two or more threads.
113 */
sqlite_step(sqlite_vm * pVm,int * pN,const char *** pazValue,const char *** pazColName)114 int sqlite_step(
115   sqlite_vm *pVm,              /* The virtual machine to execute */
116   int *pN,                     /* OUT: Number of columns in result */
117   const char ***pazValue,      /* OUT: Column data */
118   const char ***pazColName     /* OUT: Column names and datatypes */
119 ){
120   Vdbe *p = (Vdbe*)pVm;
121   sqlite *db;
122   int rc;
123 
124   if( p->magic!=VDBE_MAGIC_RUN ){
125     return SQLITE_MISUSE;
126   }
127   db = p->db;
128   if( sqliteSafetyOn(db) ){
129     p->rc = SQLITE_MISUSE;
130     return SQLITE_MISUSE;
131   }
132   if( p->explain ){
133     rc = sqliteVdbeList(p);
134   }else{
135     rc = sqliteVdbeExec(p);
136   }
137   if( rc==SQLITE_DONE || rc==SQLITE_ROW ){
138     if( pazColName ) *pazColName = (const char**)p->azColName;
139     if( pN ) *pN = p->nResColumn;
140   }else{
141     if( pazColName) *pazColName = 0;
142     if( pN ) *pN = 0;
143   }
144   if( pazValue ){
145     if( rc==SQLITE_ROW ){
146       *pazValue = (const char**)p->azResColumn;
147     }else{
148       *pazValue = 0;
149     }
150   }
151   if( sqliteSafetyOff(db) ){
152     return SQLITE_MISUSE;
153   }
154   return rc;
155 }
156 
157 /*
158 ** Insert a new aggregate element and make it the element that
159 ** has focus.
160 **
161 ** Return 0 on success and 1 if memory is exhausted.
162 */
AggInsert(Agg * p,char * zKey,int nKey)163 static int AggInsert(Agg *p, char *zKey, int nKey){
164   AggElem *pElem, *pOld;
165   int i;
166   Mem *pMem;
167   pElem = sqliteMalloc( sizeof(AggElem) + nKey +
168                         (p->nMem-1)*sizeof(pElem->aMem[0]) );
169   if( pElem==0 ) return 1;
170   pElem->zKey = (char*)&pElem->aMem[p->nMem];
171   memcpy(pElem->zKey, zKey, nKey);
172   pElem->nKey = nKey;
173   pOld = sqliteHashInsert(&p->hash, pElem->zKey, pElem->nKey, pElem);
174   if( pOld!=0 ){
175     assert( pOld==pElem );  /* Malloc failed on insert */
176     sqliteFree(pOld);
177     return 0;
178   }
179   for(i=0, pMem=pElem->aMem; i<p->nMem; i++, pMem++){
180     pMem->flags = MEM_Null;
181   }
182   p->pCurrent = pElem;
183   return 0;
184 }
185 
186 /*
187 ** Get the AggElem currently in focus
188 */
189 #define AggInFocus(P)   ((P).pCurrent ? (P).pCurrent : _AggInFocus(&(P)))
_AggInFocus(Agg * p)190 static AggElem *_AggInFocus(Agg *p){
191   HashElem *pElem = sqliteHashFirst(&p->hash);
192   if( pElem==0 ){
193     AggInsert(p,"",1);
194     pElem = sqliteHashFirst(&p->hash);
195   }
196   return pElem ? sqliteHashData(pElem) : 0;
197 }
198 
199 /*
200 ** Convert the given stack entity into a string if it isn't one
201 ** already.
202 */
203 #define Stringify(P) if(((P)->flags & MEM_Str)==0){hardStringify(P);}
hardStringify(Mem * pStack)204 static int hardStringify(Mem *pStack){
205   int fg = pStack->flags;
206   if( fg & MEM_Real ){
207     sqlite_snprintf(sizeof(pStack->zShort),pStack->zShort,"%.15g",pStack->r);
208   }else if( fg & MEM_Int ){
209     sqlite_snprintf(sizeof(pStack->zShort),pStack->zShort,"%d",pStack->i);
210   }else{
211     pStack->zShort[0] = 0;
212   }
213   pStack->z = pStack->zShort;
214   pStack->n = strlen(pStack->zShort)+1;
215   pStack->flags = MEM_Str | MEM_Short;
216   return 0;
217 }
218 
219 /*
220 ** Convert the given stack entity into a string that has been obtained
221 ** from sqliteMalloc().  This is different from Stringify() above in that
222 ** Stringify() will use the NBFS bytes of static string space if the string
223 ** will fit but this routine always mallocs for space.
224 ** Return non-zero if we run out of memory.
225 */
226 #define Dynamicify(P) (((P)->flags & MEM_Dyn)==0 ? hardDynamicify(P):0)
hardDynamicify(Mem * pStack)227 static int hardDynamicify(Mem *pStack){
228   int fg = pStack->flags;
229   char *z;
230   if( (fg & MEM_Str)==0 ){
231     hardStringify(pStack);
232   }
233   assert( (fg & MEM_Dyn)==0 );
234   z = sqliteMallocRaw( pStack->n );
235   if( z==0 ) return 1;
236   memcpy(z, pStack->z, pStack->n);
237   pStack->z = z;
238   pStack->flags |= MEM_Dyn;
239   return 0;
240 }
241 
242 /*
243 ** An ephemeral string value (signified by the MEM_Ephem flag) contains
244 ** a pointer to a dynamically allocated string where some other entity
245 ** is responsible for deallocating that string.  Because the stack entry
246 ** does not control the string, it might be deleted without the stack
247 ** entry knowing it.
248 **
249 ** This routine converts an ephemeral string into a dynamically allocated
250 ** string that the stack entry itself controls.  In other words, it
251 ** converts an MEM_Ephem string into an MEM_Dyn string.
252 */
253 #define Deephemeralize(P) \
254    if( ((P)->flags&MEM_Ephem)!=0 && hardDeephem(P) ){ goto no_mem;}
hardDeephem(Mem * pStack)255 static int hardDeephem(Mem *pStack){
256   char *z;
257   assert( (pStack->flags & MEM_Ephem)!=0 );
258   z = sqliteMallocRaw( pStack->n );
259   if( z==0 ) return 1;
260   memcpy(z, pStack->z, pStack->n);
261   pStack->z = z;
262   pStack->flags &= ~MEM_Ephem;
263   pStack->flags |= MEM_Dyn;
264   return 0;
265 }
266 
267 /*
268 ** Release the memory associated with the given stack level.  This
269 ** leaves the Mem.flags field in an inconsistent state.
270 */
271 #define	Release(P) \
272 	if ((P)->flags & MEM_Dyn) { \
273 		sqliteFree((P)->z); \
274 		(P)->z = NULL; \
275 	}
276 
277 /*
278 ** Pop the stack N times.
279 */
popStack(Mem ** ppTos,int N)280 static void popStack(Mem **ppTos, int N){
281   Mem *pTos = *ppTos;
282   while( N>0 ){
283     N--;
284     Release(pTos);
285     pTos--;
286   }
287   *ppTos = pTos;
288 }
289 
290 /*
291 ** Return TRUE if zNum is a 32-bit signed integer and write
292 ** the value of the integer into *pNum.  If zNum is not an integer
293 ** or is an integer that is too large to be expressed with just 32
294 ** bits, then return false.
295 **
296 ** Under Linux (RedHat 7.2) this routine is much faster than atoi()
297 ** for converting strings into integers.
298 */
toInt(const char * zNum,int * pNum)299 static int toInt(const char *zNum, int *pNum){
300   int v = 0;
301   int neg;
302   int i, c;
303   if( *zNum=='-' ){
304     neg = 1;
305     zNum++;
306   }else if( *zNum=='+' ){
307     neg = 0;
308     zNum++;
309   }else{
310     neg = 0;
311   }
312   for(i=0; (c=zNum[i])>='0' && c<='9'; i++){
313     v = v*10 + c - '0';
314   }
315   *pNum = neg ? -v : v;
316   return c==0 && i>0 && (i<10 || (i==10 && memcmp(zNum,"2147483647",10)<=0));
317 }
318 
319 /*
320 ** Convert the given stack entity into a integer if it isn't one
321 ** already.
322 **
323 ** Any prior string or real representation is invalidated.
324 ** NULLs are converted into 0.
325 */
326 #define Integerify(P) if(((P)->flags&MEM_Int)==0){ hardIntegerify(P); }
hardIntegerify(Mem * pStack)327 static void hardIntegerify(Mem *pStack){
328   if( pStack->flags & MEM_Real ){
329     pStack->i = (int)pStack->r;
330     Release(pStack);
331   }else if( pStack->flags & MEM_Str ){
332     toInt(pStack->z, &pStack->i);
333     Release(pStack);
334   }else{
335     pStack->i = 0;
336   }
337   pStack->flags = MEM_Int;
338 }
339 
340 /*
341 ** Get a valid Real representation for the given stack element.
342 **
343 ** Any prior string or integer representation is retained.
344 ** NULLs are converted into 0.0.
345 */
346 #define Realify(P) if(((P)->flags&MEM_Real)==0){ hardRealify(P); }
hardRealify(Mem * pStack)347 static void hardRealify(Mem *pStack){
348   if( pStack->flags & MEM_Str ){
349     pStack->r = sqliteAtoF(pStack->z, 0);
350   }else if( pStack->flags & MEM_Int ){
351     pStack->r = pStack->i;
352   }else{
353     pStack->r = 0.0;
354   }
355   pStack->flags |= MEM_Real;
356 }
357 
358 /*
359 ** The parameters are pointers to the head of two sorted lists
360 ** of Sorter structures.  Merge these two lists together and return
361 ** a single sorted list.  This routine forms the core of the merge-sort
362 ** algorithm.
363 **
364 ** In the case of a tie, left sorts in front of right.
365 */
Merge(Sorter * pLeft,Sorter * pRight)366 static Sorter *Merge(Sorter *pLeft, Sorter *pRight){
367   Sorter sHead;
368   Sorter *pTail;
369   pTail = &sHead;
370   pTail->pNext = 0;
371   while( pLeft && pRight ){
372     int c = sqliteSortCompare(pLeft->zKey, pRight->zKey);
373     if( c<=0 ){
374       pTail->pNext = pLeft;
375       pLeft = pLeft->pNext;
376     }else{
377       pTail->pNext = pRight;
378       pRight = pRight->pNext;
379     }
380     pTail = pTail->pNext;
381   }
382   if( pLeft ){
383     pTail->pNext = pLeft;
384   }else if( pRight ){
385     pTail->pNext = pRight;
386   }
387   return sHead.pNext;
388 }
389 
390 /*
391 ** The following routine works like a replacement for the standard
392 ** library routine fgets().  The difference is in how end-of-line (EOL)
393 ** is handled.  Standard fgets() uses LF for EOL under unix, CRLF
394 ** under windows, and CR under mac.  This routine accepts any of these
395 ** character sequences as an EOL mark.  The EOL mark is replaced by
396 ** a single LF character in zBuf.
397 */
vdbe_fgets(char * zBuf,int nBuf,FILE * in)398 static char *vdbe_fgets(char *zBuf, int nBuf, FILE *in){
399   int i, c;
400   for(i=0; i<nBuf-1 && (c=getc(in))!=EOF; i++){
401     zBuf[i] = c;
402     if( c=='\r' || c=='\n' ){
403       if( c=='\r' ){
404         zBuf[i] = '\n';
405         c = getc(in);
406         if( c!=EOF && c!='\n' ) ungetc(c, in);
407       }
408       i++;
409       break;
410     }
411   }
412   zBuf[i]  = 0;
413   return i>0 ? zBuf : 0;
414 }
415 
416 /*
417 ** Make sure there is space in the Vdbe structure to hold at least
418 ** mxCursor cursors.  If there is not currently enough space, then
419 ** allocate more.
420 **
421 ** If a memory allocation error occurs, return 1.  Return 0 if
422 ** everything works.
423 */
expandCursorArraySize(Vdbe * p,int mxCursor)424 static int expandCursorArraySize(Vdbe *p, int mxCursor){
425   if( mxCursor>=p->nCursor ){
426     Cursor *aCsr = sqliteRealloc( p->aCsr, (mxCursor+1)*sizeof(Cursor) );
427     if( aCsr==0 ) return 1;
428     p->aCsr = aCsr;
429     memset(&p->aCsr[p->nCursor], 0, sizeof(Cursor)*(mxCursor+1-p->nCursor));
430     p->nCursor = mxCursor+1;
431   }
432   return 0;
433 }
434 
435 #ifdef VDBE_PROFILE
436 /*
437 ** The following routine only works on pentium-class processors.
438 ** It uses the RDTSC opcode to read cycle count value out of the
439 ** processor and returns that value.  This can be used for high-res
440 ** profiling.
441 */
hwtime(void)442 __inline__ unsigned long long int hwtime(void){
443   unsigned long long int x;
444   __asm__("rdtsc\n\t"
445           "mov %%edx, %%ecx\n\t"
446           :"=A" (x));
447   return x;
448 }
449 #endif
450 
451 /*
452 ** The CHECK_FOR_INTERRUPT macro defined here looks to see if the
453 ** sqlite_interrupt() routine has been called.  If it has been, then
454 ** processing of the VDBE program is interrupted.
455 **
456 ** This macro added to every instruction that does a jump in order to
457 ** implement a loop.  This test used to be on every single instruction,
458 ** but that meant we more testing that we needed.  By only testing the
459 ** flag on jump instructions, we get a (small) speed improvement.
460 */
461 #define CHECK_FOR_INTERRUPT \
462    if( db->flags & SQLITE_Interrupt ) goto abort_due_to_interrupt;
463 
464 
465 /*
466 ** Execute as much of a VDBE program as we can then return.
467 **
468 ** sqliteVdbeMakeReady() must be called before this routine in order to
469 ** close the program with a final OP_Halt and to set up the callbacks
470 ** and the error message pointer.
471 **
472 ** Whenever a row or result data is available, this routine will either
473 ** invoke the result callback (if there is one) or return with
474 ** SQLITE_ROW.
475 **
476 ** If an attempt is made to open a locked database, then this routine
477 ** will either invoke the busy callback (if there is one) or it will
478 ** return SQLITE_BUSY.
479 **
480 ** If an error occurs, an error message is written to memory obtained
481 ** from sqliteMalloc() and p->zErrMsg is made to point to that memory.
482 ** The error code is stored in p->rc and this routine returns SQLITE_ERROR.
483 **
484 ** If the callback ever returns non-zero, then the program exits
485 ** immediately.  There will be no error message but the p->rc field is
486 ** set to SQLITE_ABORT and this routine will return SQLITE_ERROR.
487 **
488 ** A memory allocation error causes p->rc to be set to SQLITE_NOMEM and this
489 ** routine to return SQLITE_ERROR.
490 **
491 ** Other fatal errors return SQLITE_ERROR.
492 **
493 ** After this routine has finished, sqliteVdbeFinalize() should be
494 ** used to clean up the mess that was left behind.
495 */
sqliteVdbeExec(Vdbe * p)496 int sqliteVdbeExec(
497   Vdbe *p                    /* The VDBE */
498 ){
499   int pc;                    /* The program counter */
500   Op *pOp;                   /* Current operation */
501   int rc = SQLITE_OK;        /* Value to return */
502   sqlite *db = p->db;        /* The database */
503   Mem *pTos;                 /* Top entry in the operand stack */
504   char zBuf[100];            /* Space to sprintf() an integer */
505 #ifdef VDBE_PROFILE
506   unsigned long long start;  /* CPU clock count at start of opcode */
507   int origPc;                /* Program counter at start of opcode */
508 #endif
509 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
510   int nProgressOps = 0;      /* Opcodes executed since progress callback. */
511 #endif
512 
513   if( p->magic!=VDBE_MAGIC_RUN ) return SQLITE_MISUSE;
514   assert( db->magic==SQLITE_MAGIC_BUSY );
515   assert( p->rc==SQLITE_OK || p->rc==SQLITE_BUSY );
516   p->rc = SQLITE_OK;
517   assert( p->explain==0 );
518   if( sqlite_malloc_failed ) goto no_mem;
519   pTos = p->pTos;
520   if( p->popStack ){
521     popStack(&pTos, p->popStack);
522     p->popStack = 0;
523   }
524   CHECK_FOR_INTERRUPT;
525   for(pc=p->pc; rc==SQLITE_OK; pc++){
526     assert( pc>=0 && pc<p->nOp );
527     assert( pTos<=&p->aStack[pc] );
528 #ifdef VDBE_PROFILE
529     origPc = pc;
530     start = hwtime();
531 #endif
532     pOp = &p->aOp[pc];
533 
534     /* Only allow tracing if NDEBUG is not defined.
535     */
536 #ifndef NDEBUG
537     if( p->trace ){
538       sqliteVdbePrintOp(p->trace, pc, pOp);
539     }
540 #endif
541 
542     /* Check to see if we need to simulate an interrupt.  This only happens
543     ** if we have a special test build.
544     */
545 #ifdef SQLITE_TEST
546     if( sqlite_interrupt_count>0 ){
547       sqlite_interrupt_count--;
548       if( sqlite_interrupt_count==0 ){
549         sqlite_interrupt(db);
550       }
551     }
552 #endif
553 
554 #ifndef SQLITE_OMIT_PROGRESS_CALLBACK
555     /* Call the progress callback if it is configured and the required number
556     ** of VDBE ops have been executed (either since this invocation of
557     ** sqliteVdbeExec() or since last time the progress callback was called).
558     ** If the progress callback returns non-zero, exit the virtual machine with
559     ** a return code SQLITE_ABORT.
560     */
561     if( db->xProgress ){
562       if( db->nProgressOps==nProgressOps ){
563         if( db->xProgress(db->pProgressArg)!=0 ){
564           rc = SQLITE_ABORT;
565           continue; /* skip to the next iteration of the for loop */
566         }
567         nProgressOps = 0;
568       }
569       nProgressOps++;
570     }
571 #endif
572 
573     switch( pOp->opcode ){
574 
575 /*****************************************************************************
576 ** What follows is a massive switch statement where each case implements a
577 ** separate instruction in the virtual machine.  If we follow the usual
578 ** indentation conventions, each case should be indented by 6 spaces.  But
579 ** that is a lot of wasted space on the left margin.  So the code within
580 ** the switch statement will break with convention and be flush-left. Another
581 ** big comment (similar to this one) will mark the point in the code where
582 ** we transition back to normal indentation.
583 **
584 ** The formatting of each case is important.  The makefile for SQLite
585 ** generates two C files "opcodes.h" and "opcodes.c" by scanning this
586 ** file looking for lines that begin with "case OP_".  The opcodes.h files
587 ** will be filled with #defines that give unique integer values to each
588 ** opcode and the opcodes.c file is filled with an array of strings where
589 ** each string is the symbolic name for the corresponding opcode.
590 **
591 ** Documentation about VDBE opcodes is generated by scanning this file
592 ** for lines of that contain "Opcode:".  That line and all subsequent
593 ** comment lines are used in the generation of the opcode.html documentation
594 ** file.
595 **
596 ** SUMMARY:
597 **
598 **     Formatting is important to scripts that scan this file.
599 **     Do not deviate from the formatting style currently in use.
600 **
601 *****************************************************************************/
602 
603 /* Opcode:  Goto * P2 *
604 **
605 ** An unconditional jump to address P2.
606 ** The next instruction executed will be
607 ** the one at index P2 from the beginning of
608 ** the program.
609 */
610 case OP_Goto: {
611   CHECK_FOR_INTERRUPT;
612   pc = pOp->p2 - 1;
613   break;
614 }
615 
616 /* Opcode:  Gosub * P2 *
617 **
618 ** Push the current address plus 1 onto the return address stack
619 ** and then jump to address P2.
620 **
621 ** The return address stack is of limited depth.  If too many
622 ** OP_Gosub operations occur without intervening OP_Returns, then
623 ** the return address stack will fill up and processing will abort
624 ** with a fatal error.
625 */
626 case OP_Gosub: {
627   if( p->returnDepth>=sizeof(p->returnStack)/sizeof(p->returnStack[0]) ){
628     sqliteSetString(&p->zErrMsg, "return address stack overflow", (char*)0);
629     p->rc = SQLITE_INTERNAL;
630     return SQLITE_ERROR;
631   }
632   p->returnStack[p->returnDepth++] = pc+1;
633   pc = pOp->p2 - 1;
634   break;
635 }
636 
637 /* Opcode:  Return * * *
638 **
639 ** Jump immediately to the next instruction after the last unreturned
640 ** OP_Gosub.  If an OP_Return has occurred for all OP_Gosubs, then
641 ** processing aborts with a fatal error.
642 */
643 case OP_Return: {
644   if( p->returnDepth<=0 ){
645     sqliteSetString(&p->zErrMsg, "return address stack underflow", (char*)0);
646     p->rc = SQLITE_INTERNAL;
647     return SQLITE_ERROR;
648   }
649   p->returnDepth--;
650   pc = p->returnStack[p->returnDepth] - 1;
651   break;
652 }
653 
654 /* Opcode:  Halt P1 P2 *
655 **
656 ** Exit immediately.  All open cursors, Lists, Sorts, etc are closed
657 ** automatically.
658 **
659 ** P1 is the result code returned by sqlite_exec().  For a normal
660 ** halt, this should be SQLITE_OK (0).  For errors, it can be some
661 ** other value.  If P1!=0 then P2 will determine whether or not to
662 ** rollback the current transaction.  Do not rollback if P2==OE_Fail.
663 ** Do the rollback if P2==OE_Rollback.  If P2==OE_Abort, then back
664 ** out all changes that have occurred during this execution of the
665 ** VDBE, but do not rollback the transaction.
666 **
667 ** There is an implied "Halt 0 0 0" instruction inserted at the very end of
668 ** every program.  So a jump past the last instruction of the program
669 ** is the same as executing Halt.
670 */
671 case OP_Halt: {
672   p->magic = VDBE_MAGIC_HALT;
673   p->pTos = pTos;
674   if( pOp->p1!=SQLITE_OK ){
675     p->rc = pOp->p1;
676     p->errorAction = pOp->p2;
677     if( pOp->p3 ){
678       sqliteSetString(&p->zErrMsg, pOp->p3, (char*)0);
679     }
680     return SQLITE_ERROR;
681   }else{
682     p->rc = SQLITE_OK;
683     return SQLITE_DONE;
684   }
685 }
686 
687 /* Opcode: Integer P1 * P3
688 **
689 ** The integer value P1 is pushed onto the stack.  If P3 is not zero
690 ** then it is assumed to be a string representation of the same integer.
691 */
692 case OP_Integer: {
693   pTos++;
694   pTos->i = pOp->p1;
695   pTos->flags = MEM_Int;
696   if( pOp->p3 ){
697     pTos->z = pOp->p3;
698     pTos->flags |= MEM_Str | MEM_Static;
699     pTos->n = strlen(pOp->p3)+1;
700   }
701   break;
702 }
703 
704 /* Opcode: String * * P3
705 **
706 ** The string value P3 is pushed onto the stack.  If P3==0 then a
707 ** NULL is pushed onto the stack.
708 */
709 case OP_String: {
710   char *z = pOp->p3;
711   pTos++;
712   if( z==0 ){
713     pTos->flags = MEM_Null;
714   }else{
715     pTos->z = z;
716     pTos->n = strlen(z) + 1;
717     pTos->flags = MEM_Str | MEM_Static;
718   }
719   break;
720 }
721 
722 /* Opcode: Variable P1 * *
723 **
724 ** Push the value of variable P1 onto the stack.  A variable is
725 ** an unknown in the original SQL string as handed to sqlite_compile().
726 ** Any occurance of the '?' character in the original SQL is considered
727 ** a variable.  Variables in the SQL string are number from left to
728 ** right beginning with 1.  The values of variables are set using the
729 ** sqlite_bind() API.
730 */
731 case OP_Variable: {
732   int j = pOp->p1 - 1;
733   pTos++;
734   if( j>=0 && j<p->nVar && p->azVar[j]!=0 ){
735     pTos->z = p->azVar[j];
736     pTos->n = p->anVar[j];
737     pTos->flags = MEM_Str | MEM_Static;
738   }else{
739     pTos->flags = MEM_Null;
740   }
741   break;
742 }
743 
744 /* Opcode: Pop P1 * *
745 **
746 ** P1 elements are popped off of the top of stack and discarded.
747 */
748 case OP_Pop: {
749   assert( pOp->p1>=0 );
750   popStack(&pTos, pOp->p1);
751   assert( pTos>=&p->aStack[-1] );
752   break;
753 }
754 
755 /* Opcode: Dup P1 P2 *
756 **
757 ** A copy of the P1-th element of the stack
758 ** is made and pushed onto the top of the stack.
759 ** The top of the stack is element 0.  So the
760 ** instruction "Dup 0 0 0" will make a copy of the
761 ** top of the stack.
762 **
763 ** If the content of the P1-th element is a dynamically
764 ** allocated string, then a new copy of that string
765 ** is made if P2==0.  If P2!=0, then just a pointer
766 ** to the string is copied.
767 **
768 ** Also see the Pull instruction.
769 */
770 case OP_Dup: {
771   Mem *pFrom = &pTos[-pOp->p1];
772   assert( pFrom<=pTos && pFrom>=p->aStack );
773   pTos++;
774   memcpy(pTos, pFrom, sizeof(*pFrom)-NBFS);
775   if( pTos->flags & MEM_Str ){
776     if( pOp->p2 && (pTos->flags & (MEM_Dyn|MEM_Ephem)) ){
777       pTos->flags &= ~MEM_Dyn;
778       pTos->flags |= MEM_Ephem;
779     }else if( pTos->flags & MEM_Short ){
780       memcpy(pTos->zShort, pFrom->zShort, pTos->n);
781       pTos->z = pTos->zShort;
782     }else if( (pTos->flags & MEM_Static)==0 ){
783       pTos->z = sqliteMallocRaw(pFrom->n);
784       if( sqlite_malloc_failed ) goto no_mem;
785       memcpy(pTos->z, pFrom->z, pFrom->n);
786       pTos->flags &= ~(MEM_Static|MEM_Ephem|MEM_Short);
787       pTos->flags |= MEM_Dyn;
788     }
789   }
790   break;
791 }
792 
793 /* Opcode: Pull P1 * *
794 **
795 ** The P1-th element is removed from its current location on
796 ** the stack and pushed back on top of the stack.  The
797 ** top of the stack is element 0, so "Pull 0 0 0" is
798 ** a no-op.  "Pull 1 0 0" swaps the top two elements of
799 ** the stack.
800 **
801 ** See also the Dup instruction.
802 */
803 case OP_Pull: {
804   Mem *pFrom = &pTos[-pOp->p1];
805   int i;
806   Mem ts;
807 
808   ts = *pFrom;
809   Deephemeralize(pTos);
810   for(i=0; i<pOp->p1; i++, pFrom++){
811     Deephemeralize(&pFrom[1]);
812     *pFrom = pFrom[1];
813     assert( (pFrom->flags & MEM_Ephem)==0 );
814     if( pFrom->flags & MEM_Short ){
815       assert( pFrom->flags & MEM_Str );
816       assert( pFrom->z==pFrom[1].zShort );
817       pFrom->z = pFrom->zShort;
818     }
819   }
820   *pTos = ts;
821   if( pTos->flags & MEM_Short ){
822     assert( pTos->flags & MEM_Str );
823     assert( pTos->z==pTos[-pOp->p1].zShort );
824     pTos->z = pTos->zShort;
825   }
826   break;
827 }
828 
829 /* Opcode: Push P1 * *
830 **
831 ** Overwrite the value of the P1-th element down on the
832 ** stack (P1==0 is the top of the stack) with the value
833 ** of the top of the stack.  Then pop the top of the stack.
834 */
835 case OP_Push: {
836   Mem *pTo = &pTos[-pOp->p1];
837 
838   assert( pTo>=p->aStack );
839   Deephemeralize(pTos);
840   Release(pTo);
841   *pTo = *pTos;
842   if( pTo->flags & MEM_Short ){
843     assert( pTo->z==pTos->zShort );
844     pTo->z = pTo->zShort;
845   }
846   pTos--;
847   break;
848 }
849 
850 
851 /* Opcode: ColumnName P1 P2 P3
852 **
853 ** P3 becomes the P1-th column name (first is 0).  An array of pointers
854 ** to all column names is passed as the 4th parameter to the callback.
855 ** If P2==1 then this is the last column in the result set and thus the
856 ** number of columns in the result set will be P1.  There must be at least
857 ** one OP_ColumnName with a P2==1 before invoking OP_Callback and the
858 ** number of columns specified in OP_Callback must one more than the P1
859 ** value of the OP_ColumnName that has P2==1.
860 */
861 case OP_ColumnName: {
862   assert( pOp->p1>=0 && pOp->p1<p->nOp );
863   p->azColName[pOp->p1] = pOp->p3;
864   p->nCallback = 0;
865   if( pOp->p2 ) p->nResColumn = pOp->p1+1;
866   break;
867 }
868 
869 /* Opcode: Callback P1 * *
870 **
871 ** Pop P1 values off the stack and form them into an array.  Then
872 ** invoke the callback function using the newly formed array as the
873 ** 3rd parameter.
874 */
875 case OP_Callback: {
876   int i;
877   char **azArgv = p->zArgv;
878   Mem *pCol;
879 
880   pCol = &pTos[1-pOp->p1];
881   assert( pCol>=p->aStack );
882   for(i=0; i<pOp->p1; i++, pCol++){
883     if( pCol->flags & MEM_Null ){
884       azArgv[i] = 0;
885     }else{
886       Stringify(pCol);
887       azArgv[i] = pCol->z;
888     }
889   }
890   azArgv[i] = 0;
891   p->nCallback++;
892   p->azResColumn = azArgv;
893   assert( p->nResColumn==pOp->p1 );
894   p->popStack = pOp->p1;
895   p->pc = pc + 1;
896   p->pTos = pTos;
897   return SQLITE_ROW;
898 }
899 
900 /* Opcode: Concat P1 P2 P3
901 **
902 ** Look at the first P1 elements of the stack.  Append them all
903 ** together with the lowest element first.  Use P3 as a separator.
904 ** Put the result on the top of the stack.  The original P1 elements
905 ** are popped from the stack if P2==0 and retained if P2==1.  If
906 ** any element of the stack is NULL, then the result is NULL.
907 **
908 ** If P3 is NULL, then use no separator.  When P1==1, this routine
909 ** makes a copy of the top stack element into memory obtained
910 ** from sqliteMalloc().
911 */
912 case OP_Concat: {
913   char *zNew;
914   int nByte;
915   int nField;
916   int i, j;
917   char *zSep;
918   int nSep;
919   Mem *pTerm;
920 
921   nField = pOp->p1;
922   zSep = pOp->p3;
923   if( zSep==0 ) zSep = "";
924   nSep = strlen(zSep);
925   assert( &pTos[1-nField] >= p->aStack );
926   nByte = 1 - nSep;
927   pTerm = &pTos[1-nField];
928   for(i=0; i<nField; i++, pTerm++){
929     if( pTerm->flags & MEM_Null ){
930       nByte = -1;
931       break;
932     }else{
933       Stringify(pTerm);
934       nByte += pTerm->n - 1 + nSep;
935     }
936   }
937   if( nByte<0 ){
938     if( pOp->p2==0 ){
939       popStack(&pTos, nField);
940     }
941     pTos++;
942     pTos->flags = MEM_Null;
943     break;
944   }
945   zNew = sqliteMallocRaw( nByte );
946   if( zNew==0 ) goto no_mem;
947   j = 0;
948   pTerm = &pTos[1-nField];
949   for(i=j=0; i<nField; i++, pTerm++){
950     assert( pTerm->flags & MEM_Str );
951     memcpy(&zNew[j], pTerm->z, pTerm->n-1);
952     j += pTerm->n-1;
953     if( nSep>0 && i<nField-1 ){
954       memcpy(&zNew[j], zSep, nSep);
955       j += nSep;
956     }
957   }
958   zNew[j] = 0;
959   if( pOp->p2==0 ){
960     popStack(&pTos, nField);
961   }
962   pTos++;
963   pTos->n = nByte;
964   pTos->flags = MEM_Str|MEM_Dyn;
965   pTos->z = zNew;
966   break;
967 }
968 
969 /* Opcode: Add * * *
970 **
971 ** Pop the top two elements from the stack, add them together,
972 ** and push the result back onto the stack.  If either element
973 ** is a string then it is converted to a double using the atof()
974 ** function before the addition.
975 ** If either operand is NULL, the result is NULL.
976 */
977 /* Opcode: Multiply * * *
978 **
979 ** Pop the top two elements from the stack, multiply them together,
980 ** and push the result back onto the stack.  If either element
981 ** is a string then it is converted to a double using the atof()
982 ** function before the multiplication.
983 ** If either operand is NULL, the result is NULL.
984 */
985 /* Opcode: Subtract * * *
986 **
987 ** Pop the top two elements from the stack, subtract the
988 ** first (what was on top of the stack) from the second (the
989 ** next on stack)
990 ** and push the result back onto the stack.  If either element
991 ** is a string then it is converted to a double using the atof()
992 ** function before the subtraction.
993 ** If either operand is NULL, the result is NULL.
994 */
995 /* Opcode: Divide * * *
996 **
997 ** Pop the top two elements from the stack, divide the
998 ** first (what was on top of the stack) from the second (the
999 ** next on stack)
1000 ** and push the result back onto the stack.  If either element
1001 ** is a string then it is converted to a double using the atof()
1002 ** function before the division.  Division by zero returns NULL.
1003 ** If either operand is NULL, the result is NULL.
1004 */
1005 /* Opcode: Remainder * * *
1006 **
1007 ** Pop the top two elements from the stack, divide the
1008 ** first (what was on top of the stack) from the second (the
1009 ** next on stack)
1010 ** and push the remainder after division onto the stack.  If either element
1011 ** is a string then it is converted to a double using the atof()
1012 ** function before the division.  Division by zero returns NULL.
1013 ** If either operand is NULL, the result is NULL.
1014 */
1015 case OP_Add:
1016 case OP_Subtract:
1017 case OP_Multiply:
1018 case OP_Divide:
1019 case OP_Remainder: {
1020   Mem *pNos = &pTos[-1];
1021   assert( pNos>=p->aStack );
1022   if( ((pTos->flags | pNos->flags) & MEM_Null)!=0 ){
1023     Release(pTos);
1024     pTos--;
1025     Release(pTos);
1026     pTos->flags = MEM_Null;
1027   }else if( (pTos->flags & pNos->flags & MEM_Int)==MEM_Int ){
1028     int a, b;
1029     a = pTos->i;
1030     b = pNos->i;
1031     switch( pOp->opcode ){
1032       case OP_Add:         b += a;       break;
1033       case OP_Subtract:    b -= a;       break;
1034       case OP_Multiply:    b *= a;       break;
1035       case OP_Divide: {
1036         if( a==0 ) goto divide_by_zero;
1037         b /= a;
1038         break;
1039       }
1040       default: {
1041         if( a==0 ) goto divide_by_zero;
1042         b %= a;
1043         break;
1044       }
1045     }
1046     Release(pTos);
1047     pTos--;
1048     Release(pTos);
1049     pTos->i = b;
1050     pTos->flags = MEM_Int;
1051   }else{
1052     double a, b;
1053     Realify(pTos);
1054     Realify(pNos);
1055     a = pTos->r;
1056     b = pNos->r;
1057     switch( pOp->opcode ){
1058       case OP_Add:         b += a;       break;
1059       case OP_Subtract:    b -= a;       break;
1060       case OP_Multiply:    b *= a;       break;
1061       case OP_Divide: {
1062         if( a==0.0 ) goto divide_by_zero;
1063         b /= a;
1064         break;
1065       }
1066       default: {
1067         int ia = (int)a;
1068         int ib = (int)b;
1069         if( ia==0.0 ) goto divide_by_zero;
1070         b = ib % ia;
1071         break;
1072       }
1073     }
1074     Release(pTos);
1075     pTos--;
1076     Release(pTos);
1077     pTos->r = b;
1078     pTos->flags = MEM_Real;
1079   }
1080   break;
1081 
1082 divide_by_zero:
1083   Release(pTos);
1084   pTos--;
1085   Release(pTos);
1086   pTos->flags = MEM_Null;
1087   break;
1088 }
1089 
1090 /* Opcode: Function P1 * P3
1091 **
1092 ** Invoke a user function (P3 is a pointer to a Function structure that
1093 ** defines the function) with P1 string arguments taken from the stack.
1094 ** Pop all arguments from the stack and push back the result.
1095 **
1096 ** See also: AggFunc
1097 */
1098 case OP_Function: {
1099   int n, i;
1100   Mem *pArg;
1101   char **azArgv;
1102   sqlite_func ctx;
1103 
1104   n = pOp->p1;
1105   pArg = &pTos[1-n];
1106   azArgv = p->zArgv;
1107   for(i=0; i<n; i++, pArg++){
1108     if( pArg->flags & MEM_Null ){
1109       azArgv[i] = 0;
1110     }else{
1111       Stringify(pArg);
1112       azArgv[i] = pArg->z;
1113     }
1114   }
1115   ctx.pFunc = (FuncDef*)pOp->p3;
1116   ctx.s.flags = MEM_Null;
1117   ctx.s.z = 0;
1118   ctx.isError = 0;
1119   ctx.isStep = 0;
1120   if( sqliteSafetyOff(db) ) goto abort_due_to_misuse;
1121   (*ctx.pFunc->xFunc)(&ctx, n, (const char**)azArgv);
1122   if( sqliteSafetyOn(db) ) goto abort_due_to_misuse;
1123   popStack(&pTos, n);
1124   pTos++;
1125   *pTos = ctx.s;
1126   if( pTos->flags & MEM_Short ){
1127     pTos->z = pTos->zShort;
1128   }
1129   if( ctx.isError ){
1130     sqliteSetString(&p->zErrMsg,
1131        (pTos->flags & MEM_Str)!=0 ? pTos->z : "user function error", (char*)0);
1132     rc = SQLITE_ERROR;
1133   }
1134   break;
1135 }
1136 
1137 /* Opcode: BitAnd * * *
1138 **
1139 ** Pop the top two elements from the stack.  Convert both elements
1140 ** to integers.  Push back onto the stack the bit-wise AND of the
1141 ** two elements.
1142 ** If either operand is NULL, the result is NULL.
1143 */
1144 /* Opcode: BitOr * * *
1145 **
1146 ** Pop the top two elements from the stack.  Convert both elements
1147 ** to integers.  Push back onto the stack the bit-wise OR of the
1148 ** two elements.
1149 ** If either operand is NULL, the result is NULL.
1150 */
1151 /* Opcode: ShiftLeft * * *
1152 **
1153 ** Pop the top two elements from the stack.  Convert both elements
1154 ** to integers.  Push back onto the stack the top element shifted
1155 ** left by N bits where N is the second element on the stack.
1156 ** If either operand is NULL, the result is NULL.
1157 */
1158 /* Opcode: ShiftRight * * *
1159 **
1160 ** Pop the top two elements from the stack.  Convert both elements
1161 ** to integers.  Push back onto the stack the top element shifted
1162 ** right by N bits where N is the second element on the stack.
1163 ** If either operand is NULL, the result is NULL.
1164 */
1165 case OP_BitAnd:
1166 case OP_BitOr:
1167 case OP_ShiftLeft:
1168 case OP_ShiftRight: {
1169   Mem *pNos = &pTos[-1];
1170   int a, b;
1171 
1172   assert( pNos>=p->aStack );
1173   if( (pTos->flags | pNos->flags) & MEM_Null ){
1174     popStack(&pTos, 2);
1175     pTos++;
1176     pTos->flags = MEM_Null;
1177     break;
1178   }
1179   Integerify(pTos);
1180   Integerify(pNos);
1181   a = pTos->i;
1182   b = pNos->i;
1183   switch( pOp->opcode ){
1184     case OP_BitAnd:      a &= b;     break;
1185     case OP_BitOr:       a |= b;     break;
1186     case OP_ShiftLeft:   a <<= b;    break;
1187     case OP_ShiftRight:  a >>= b;    break;
1188     default:   /* CANT HAPPEN */     break;
1189   }
1190   assert( (pTos->flags & MEM_Dyn)==0 );
1191   assert( (pNos->flags & MEM_Dyn)==0 );
1192   pTos--;
1193   Release(pTos);
1194   pTos->i = a;
1195   pTos->flags = MEM_Int;
1196   break;
1197 }
1198 
1199 /* Opcode: AddImm  P1 * *
1200 **
1201 ** Add the value P1 to whatever is on top of the stack.  The result
1202 ** is always an integer.
1203 **
1204 ** To force the top of the stack to be an integer, just add 0.
1205 */
1206 case OP_AddImm: {
1207   assert( pTos>=p->aStack );
1208   Integerify(pTos);
1209   pTos->i += pOp->p1;
1210   break;
1211 }
1212 
1213 /* Opcode: ForceInt P1 P2 *
1214 **
1215 ** Convert the top of the stack into an integer.  If the current top of
1216 ** the stack is not numeric (meaning that is is a NULL or a string that
1217 ** does not look like an integer or floating point number) then pop the
1218 ** stack and jump to P2.  If the top of the stack is numeric then
1219 ** convert it into the least integer that is greater than or equal to its
1220 ** current value if P1==0, or to the least integer that is strictly
1221 ** greater than its current value if P1==1.
1222 */
1223 case OP_ForceInt: {
1224   int v;
1225   assert( pTos>=p->aStack );
1226   if( (pTos->flags & (MEM_Int|MEM_Real))==0
1227          && ((pTos->flags & MEM_Str)==0 || sqliteIsNumber(pTos->z)==0) ){
1228     Release(pTos);
1229     pTos--;
1230     pc = pOp->p2 - 1;
1231     break;
1232   }
1233   if( pTos->flags & MEM_Int ){
1234     v = pTos->i + (pOp->p1!=0);
1235   }else{
1236     Realify(pTos);
1237     v = (int)pTos->r;
1238     if( pTos->r>(double)v ) v++;
1239     if( pOp->p1 && pTos->r==(double)v ) v++;
1240   }
1241   Release(pTos);
1242   pTos->i = v;
1243   pTos->flags = MEM_Int;
1244   break;
1245 }
1246 
1247 /* Opcode: MustBeInt P1 P2 *
1248 **
1249 ** Force the top of the stack to be an integer.  If the top of the
1250 ** stack is not an integer and cannot be converted into an integer
1251 ** with out data loss, then jump immediately to P2, or if P2==0
1252 ** raise an SQLITE_MISMATCH exception.
1253 **
1254 ** If the top of the stack is not an integer and P2 is not zero and
1255 ** P1 is 1, then the stack is popped.  In all other cases, the depth
1256 ** of the stack is unchanged.
1257 */
1258 case OP_MustBeInt: {
1259   assert( pTos>=p->aStack );
1260   if( pTos->flags & MEM_Int ){
1261     /* Do nothing */
1262   }else if( pTos->flags & MEM_Real ){
1263     int i = (int)pTos->r;
1264     double r = (double)i;
1265     if( r!=pTos->r ){
1266       goto mismatch;
1267     }
1268     pTos->i = i;
1269   }else if( pTos->flags & MEM_Str ){
1270     int v;
1271     if( !toInt(pTos->z, &v) ){
1272       double r;
1273       if( !sqliteIsNumber(pTos->z) ){
1274         goto mismatch;
1275       }
1276       Realify(pTos);
1277       v = (int)pTos->r;
1278       r = (double)v;
1279       if( r!=pTos->r ){
1280         goto mismatch;
1281       }
1282     }
1283     pTos->i = v;
1284   }else{
1285     goto mismatch;
1286   }
1287   Release(pTos);
1288   pTos->flags = MEM_Int;
1289   break;
1290 
1291 mismatch:
1292   if( pOp->p2==0 ){
1293     rc = SQLITE_MISMATCH;
1294     goto abort_due_to_error;
1295   }else{
1296     if( pOp->p1 ) popStack(&pTos, 1);
1297     pc = pOp->p2 - 1;
1298   }
1299   break;
1300 }
1301 
1302 /* Opcode: Eq P1 P2 *
1303 **
1304 ** Pop the top two elements from the stack.  If they are equal, then
1305 ** jump to instruction P2.  Otherwise, continue to the next instruction.
1306 **
1307 ** If either operand is NULL (and thus if the result is unknown) then
1308 ** take the jump if P1 is true.
1309 **
1310 ** If both values are numeric, they are converted to doubles using atof()
1311 ** and compared for equality that way.  Otherwise the strcmp() library
1312 ** routine is used for the comparison.  For a pure text comparison
1313 ** use OP_StrEq.
1314 **
1315 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1316 ** stack if the jump would have been taken, or a 0 if not.  Push a
1317 ** NULL if either operand was NULL.
1318 */
1319 /* Opcode: Ne P1 P2 *
1320 **
1321 ** Pop the top two elements from the stack.  If they are not equal, then
1322 ** jump to instruction P2.  Otherwise, continue to the next instruction.
1323 **
1324 ** If either operand is NULL (and thus if the result is unknown) then
1325 ** take the jump if P1 is true.
1326 **
1327 ** If both values are numeric, they are converted to doubles using atof()
1328 ** and compared in that format.  Otherwise the strcmp() library
1329 ** routine is used for the comparison.  For a pure text comparison
1330 ** use OP_StrNe.
1331 **
1332 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1333 ** stack if the jump would have been taken, or a 0 if not.  Push a
1334 ** NULL if either operand was NULL.
1335 */
1336 /* Opcode: Lt P1 P2 *
1337 **
1338 ** Pop the top two elements from the stack.  If second element (the
1339 ** next on stack) is less than the first (the top of stack), then
1340 ** jump to instruction P2.  Otherwise, continue to the next instruction.
1341 ** In other words, jump if NOS<TOS.
1342 **
1343 ** If either operand is NULL (and thus if the result is unknown) then
1344 ** take the jump if P1 is true.
1345 **
1346 ** If both values are numeric, they are converted to doubles using atof()
1347 ** and compared in that format.  Numeric values are always less than
1348 ** non-numeric values.  If both operands are non-numeric, the strcmp() library
1349 ** routine is used for the comparison.  For a pure text comparison
1350 ** use OP_StrLt.
1351 **
1352 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1353 ** stack if the jump would have been taken, or a 0 if not.  Push a
1354 ** NULL if either operand was NULL.
1355 */
1356 /* Opcode: Le P1 P2 *
1357 **
1358 ** Pop the top two elements from the stack.  If second element (the
1359 ** next on stack) is less than or equal to the first (the top of stack),
1360 ** then jump to instruction P2. In other words, jump if NOS<=TOS.
1361 **
1362 ** If either operand is NULL (and thus if the result is unknown) then
1363 ** take the jump if P1 is true.
1364 **
1365 ** If both values are numeric, they are converted to doubles using atof()
1366 ** and compared in that format.  Numeric values are always less than
1367 ** non-numeric values.  If both operands are non-numeric, the strcmp() library
1368 ** routine is used for the comparison.  For a pure text comparison
1369 ** use OP_StrLe.
1370 **
1371 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1372 ** stack if the jump would have been taken, or a 0 if not.  Push a
1373 ** NULL if either operand was NULL.
1374 */
1375 /* Opcode: Gt P1 P2 *
1376 **
1377 ** Pop the top two elements from the stack.  If second element (the
1378 ** next on stack) is greater than the first (the top of stack),
1379 ** then jump to instruction P2. In other words, jump if NOS>TOS.
1380 **
1381 ** If either operand is NULL (and thus if the result is unknown) then
1382 ** take the jump if P1 is true.
1383 **
1384 ** If both values are numeric, they are converted to doubles using atof()
1385 ** and compared in that format.  Numeric values are always less than
1386 ** non-numeric values.  If both operands are non-numeric, the strcmp() library
1387 ** routine is used for the comparison.  For a pure text comparison
1388 ** use OP_StrGt.
1389 **
1390 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1391 ** stack if the jump would have been taken, or a 0 if not.  Push a
1392 ** NULL if either operand was NULL.
1393 */
1394 /* Opcode: Ge P1 P2 *
1395 **
1396 ** Pop the top two elements from the stack.  If second element (the next
1397 ** on stack) is greater than or equal to the first (the top of stack),
1398 ** then jump to instruction P2. In other words, jump if NOS>=TOS.
1399 **
1400 ** If either operand is NULL (and thus if the result is unknown) then
1401 ** take the jump if P1 is true.
1402 **
1403 ** If both values are numeric, they are converted to doubles using atof()
1404 ** and compared in that format.  Numeric values are always less than
1405 ** non-numeric values.  If both operands are non-numeric, the strcmp() library
1406 ** routine is used for the comparison.  For a pure text comparison
1407 ** use OP_StrGe.
1408 **
1409 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1410 ** stack if the jump would have been taken, or a 0 if not.  Push a
1411 ** NULL if either operand was NULL.
1412 */
1413 case OP_Eq:
1414 case OP_Ne:
1415 case OP_Lt:
1416 case OP_Le:
1417 case OP_Gt:
1418 case OP_Ge: {
1419   Mem *pNos = &pTos[-1];
1420   int c, v;
1421   int ft, fn;
1422   assert( pNos>=p->aStack );
1423   ft = pTos->flags;
1424   fn = pNos->flags;
1425   if( (ft | fn) & MEM_Null ){
1426     popStack(&pTos, 2);
1427     if( pOp->p2 ){
1428       if( pOp->p1 ) pc = pOp->p2-1;
1429     }else{
1430       pTos++;
1431       pTos->flags = MEM_Null;
1432     }
1433     break;
1434   }else if( (ft & fn & MEM_Int)==MEM_Int ){
1435     c = pNos->i - pTos->i;
1436   }else if( (ft & MEM_Int)!=0 && (fn & MEM_Str)!=0 && toInt(pNos->z,&v) ){
1437     c = v - pTos->i;
1438   }else if( (fn & MEM_Int)!=0 && (ft & MEM_Str)!=0 && toInt(pTos->z,&v) ){
1439     c = pNos->i - v;
1440   }else{
1441     Stringify(pTos);
1442     Stringify(pNos);
1443     c = sqliteCompare(pNos->z, pTos->z);
1444   }
1445   switch( pOp->opcode ){
1446     case OP_Eq:    c = c==0;     break;
1447     case OP_Ne:    c = c!=0;     break;
1448     case OP_Lt:    c = c<0;      break;
1449     case OP_Le:    c = c<=0;     break;
1450     case OP_Gt:    c = c>0;      break;
1451     default:       c = c>=0;     break;
1452   }
1453   popStack(&pTos, 2);
1454   if( pOp->p2 ){
1455     if( c ) pc = pOp->p2-1;
1456   }else{
1457     pTos++;
1458     pTos->i = c;
1459     pTos->flags = MEM_Int;
1460   }
1461   break;
1462 }
1463 /* INSERT NO CODE HERE!
1464 **
1465 ** The opcode numbers are extracted from this source file by doing
1466 **
1467 **    grep '^case OP_' vdbe.c | ... >opcodes.h
1468 **
1469 ** The opcodes are numbered in the order that they appear in this file.
1470 ** But in order for the expression generating code to work right, the
1471 ** string comparison operators that follow must be numbered exactly 6
1472 ** greater than the numeric comparison opcodes above.  So no other
1473 ** cases can appear between the two.
1474 */
1475 /* Opcode: StrEq P1 P2 *
1476 **
1477 ** Pop the top two elements from the stack.  If they are equal, then
1478 ** jump to instruction P2.  Otherwise, continue to the next instruction.
1479 **
1480 ** If either operand is NULL (and thus if the result is unknown) then
1481 ** take the jump if P1 is true.
1482 **
1483 ** The strcmp() library routine is used for the comparison.  For a
1484 ** numeric comparison, use OP_Eq.
1485 **
1486 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1487 ** stack if the jump would have been taken, or a 0 if not.  Push a
1488 ** NULL if either operand was NULL.
1489 */
1490 /* Opcode: StrNe P1 P2 *
1491 **
1492 ** Pop the top two elements from the stack.  If they are not equal, then
1493 ** jump to instruction P2.  Otherwise, continue to the next instruction.
1494 **
1495 ** If either operand is NULL (and thus if the result is unknown) then
1496 ** take the jump if P1 is true.
1497 **
1498 ** The strcmp() library routine is used for the comparison.  For a
1499 ** numeric comparison, use OP_Ne.
1500 **
1501 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1502 ** stack if the jump would have been taken, or a 0 if not.  Push a
1503 ** NULL if either operand was NULL.
1504 */
1505 /* Opcode: StrLt P1 P2 *
1506 **
1507 ** Pop the top two elements from the stack.  If second element (the
1508 ** next on stack) is less than the first (the top of stack), then
1509 ** jump to instruction P2.  Otherwise, continue to the next instruction.
1510 ** In other words, jump if NOS<TOS.
1511 **
1512 ** If either operand is NULL (and thus if the result is unknown) then
1513 ** take the jump if P1 is true.
1514 **
1515 ** The strcmp() library routine is used for the comparison.  For a
1516 ** numeric comparison, use OP_Lt.
1517 **
1518 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1519 ** stack if the jump would have been taken, or a 0 if not.  Push a
1520 ** NULL if either operand was NULL.
1521 */
1522 /* Opcode: StrLe P1 P2 *
1523 **
1524 ** Pop the top two elements from the stack.  If second element (the
1525 ** next on stack) is less than or equal to the first (the top of stack),
1526 ** then jump to instruction P2. In other words, jump if NOS<=TOS.
1527 **
1528 ** If either operand is NULL (and thus if the result is unknown) then
1529 ** take the jump if P1 is true.
1530 **
1531 ** The strcmp() library routine is used for the comparison.  For a
1532 ** numeric comparison, use OP_Le.
1533 **
1534 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1535 ** stack if the jump would have been taken, or a 0 if not.  Push a
1536 ** NULL if either operand was NULL.
1537 */
1538 /* Opcode: StrGt P1 P2 *
1539 **
1540 ** Pop the top two elements from the stack.  If second element (the
1541 ** next on stack) is greater than the first (the top of stack),
1542 ** then jump to instruction P2. In other words, jump if NOS>TOS.
1543 **
1544 ** If either operand is NULL (and thus if the result is unknown) then
1545 ** take the jump if P1 is true.
1546 **
1547 ** The strcmp() library routine is used for the comparison.  For a
1548 ** numeric comparison, use OP_Gt.
1549 **
1550 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1551 ** stack if the jump would have been taken, or a 0 if not.  Push a
1552 ** NULL if either operand was NULL.
1553 */
1554 /* Opcode: StrGe P1 P2 *
1555 **
1556 ** Pop the top two elements from the stack.  If second element (the next
1557 ** on stack) is greater than or equal to the first (the top of stack),
1558 ** then jump to instruction P2. In other words, jump if NOS>=TOS.
1559 **
1560 ** If either operand is NULL (and thus if the result is unknown) then
1561 ** take the jump if P1 is true.
1562 **
1563 ** The strcmp() library routine is used for the comparison.  For a
1564 ** numeric comparison, use OP_Ge.
1565 **
1566 ** If P2 is zero, do not jump.  Instead, push an integer 1 onto the
1567 ** stack if the jump would have been taken, or a 0 if not.  Push a
1568 ** NULL if either operand was NULL.
1569 */
1570 case OP_StrEq:
1571 case OP_StrNe:
1572 case OP_StrLt:
1573 case OP_StrLe:
1574 case OP_StrGt:
1575 case OP_StrGe: {
1576   Mem *pNos = &pTos[-1];
1577   int c;
1578   assert( pNos>=p->aStack );
1579   if( (pNos->flags | pTos->flags) & MEM_Null ){
1580     popStack(&pTos, 2);
1581     if( pOp->p2 ){
1582       if( pOp->p1 ) pc = pOp->p2-1;
1583     }else{
1584       pTos++;
1585       pTos->flags = MEM_Null;
1586     }
1587     break;
1588   }else{
1589     Stringify(pTos);
1590     Stringify(pNos);
1591     c = strcmp(pNos->z, pTos->z);
1592   }
1593   /* The asserts on each case of the following switch are there to verify
1594   ** that string comparison opcodes are always exactly 6 greater than the
1595   ** corresponding numeric comparison opcodes.  The code generator depends
1596   ** on this fact.
1597   */
1598   switch( pOp->opcode ){
1599     case OP_StrEq:    c = c==0;    assert( pOp->opcode-6==OP_Eq );   break;
1600     case OP_StrNe:    c = c!=0;    assert( pOp->opcode-6==OP_Ne );   break;
1601     case OP_StrLt:    c = c<0;     assert( pOp->opcode-6==OP_Lt );   break;
1602     case OP_StrLe:    c = c<=0;    assert( pOp->opcode-6==OP_Le );   break;
1603     case OP_StrGt:    c = c>0;     assert( pOp->opcode-6==OP_Gt );   break;
1604     default:          c = c>=0;    assert( pOp->opcode-6==OP_Ge );   break;
1605   }
1606   popStack(&pTos, 2);
1607   if( pOp->p2 ){
1608     if( c ) pc = pOp->p2-1;
1609   }else{
1610     pTos++;
1611     pTos->flags = MEM_Int;
1612     pTos->i = c;
1613   }
1614   break;
1615 }
1616 
1617 /* Opcode: And * * *
1618 **
1619 ** Pop two values off the stack.  Take the logical AND of the
1620 ** two values and push the resulting boolean value back onto the
1621 ** stack.
1622 */
1623 /* Opcode: Or * * *
1624 **
1625 ** Pop two values off the stack.  Take the logical OR of the
1626 ** two values and push the resulting boolean value back onto the
1627 ** stack.
1628 */
1629 case OP_And:
1630 case OP_Or: {
1631   Mem *pNos = &pTos[-1];
1632   int v1, v2;    /* 0==TRUE, 1==FALSE, 2==UNKNOWN or NULL */
1633 
1634   assert( pNos>=p->aStack );
1635   if( pTos->flags & MEM_Null ){
1636     v1 = 2;
1637   }else{
1638     Integerify(pTos);
1639     v1 = pTos->i==0;
1640   }
1641   if( pNos->flags & MEM_Null ){
1642     v2 = 2;
1643   }else{
1644     Integerify(pNos);
1645     v2 = pNos->i==0;
1646   }
1647   if( pOp->opcode==OP_And ){
1648     static const unsigned char and_logic[] = { 0, 1, 2, 1, 1, 1, 2, 1, 2 };
1649     v1 = and_logic[v1*3+v2];
1650   }else{
1651     static const unsigned char or_logic[] = { 0, 0, 0, 0, 1, 2, 0, 2, 2 };
1652     v1 = or_logic[v1*3+v2];
1653   }
1654   popStack(&pTos, 2);
1655   pTos++;
1656   if( v1==2 ){
1657     pTos->flags = MEM_Null;
1658   }else{
1659     pTos->i = v1==0;
1660     pTos->flags = MEM_Int;
1661   }
1662   break;
1663 }
1664 
1665 /* Opcode: Negative * * *
1666 **
1667 ** Treat the top of the stack as a numeric quantity.  Replace it
1668 ** with its additive inverse.  If the top of the stack is NULL
1669 ** its value is unchanged.
1670 */
1671 /* Opcode: AbsValue * * *
1672 **
1673 ** Treat the top of the stack as a numeric quantity.  Replace it
1674 ** with its absolute value. If the top of the stack is NULL
1675 ** its value is unchanged.
1676 */
1677 case OP_Negative:
1678 case OP_AbsValue: {
1679   assert( pTos>=p->aStack );
1680   if( pTos->flags & MEM_Real ){
1681     Release(pTos);
1682     if( pOp->opcode==OP_Negative || pTos->r<0.0 ){
1683       pTos->r = -pTos->r;
1684     }
1685     pTos->flags = MEM_Real;
1686   }else if( pTos->flags & MEM_Int ){
1687     Release(pTos);
1688     if( pOp->opcode==OP_Negative || pTos->i<0 ){
1689       pTos->i = -pTos->i;
1690     }
1691     pTos->flags = MEM_Int;
1692   }else if( pTos->flags & MEM_Null ){
1693     /* Do nothing */
1694   }else{
1695     Realify(pTos);
1696     Release(pTos);
1697     if( pOp->opcode==OP_Negative || pTos->r<0.0 ){
1698       pTos->r = -pTos->r;
1699     }
1700     pTos->flags = MEM_Real;
1701   }
1702   break;
1703 }
1704 
1705 /* Opcode: Not * * *
1706 **
1707 ** Interpret the top of the stack as a boolean value.  Replace it
1708 ** with its complement.  If the top of the stack is NULL its value
1709 ** is unchanged.
1710 */
1711 case OP_Not: {
1712   assert( pTos>=p->aStack );
1713   if( pTos->flags & MEM_Null ) break;  /* Do nothing to NULLs */
1714   Integerify(pTos);
1715   Release(pTos);
1716   pTos->i = !pTos->i;
1717   pTos->flags = MEM_Int;
1718   break;
1719 }
1720 
1721 /* Opcode: BitNot * * *
1722 **
1723 ** Interpret the top of the stack as an value.  Replace it
1724 ** with its ones-complement.  If the top of the stack is NULL its
1725 ** value is unchanged.
1726 */
1727 case OP_BitNot: {
1728   assert( pTos>=p->aStack );
1729   if( pTos->flags & MEM_Null ) break;  /* Do nothing to NULLs */
1730   Integerify(pTos);
1731   Release(pTos);
1732   pTos->i = ~pTos->i;
1733   pTos->flags = MEM_Int;
1734   break;
1735 }
1736 
1737 /* Opcode: Noop * * *
1738 **
1739 ** Do nothing.  This instruction is often useful as a jump
1740 ** destination.
1741 */
1742 case OP_Noop: {
1743   break;
1744 }
1745 
1746 /* Opcode: If P1 P2 *
1747 **
1748 ** Pop a single boolean from the stack.  If the boolean popped is
1749 ** true, then jump to p2.  Otherwise continue to the next instruction.
1750 ** An integer is false if zero and true otherwise.  A string is
1751 ** false if it has zero length and true otherwise.
1752 **
1753 ** If the value popped of the stack is NULL, then take the jump if P1
1754 ** is true and fall through if P1 is false.
1755 */
1756 /* Opcode: IfNot P1 P2 *
1757 **
1758 ** Pop a single boolean from the stack.  If the boolean popped is
1759 ** false, then jump to p2.  Otherwise continue to the next instruction.
1760 ** An integer is false if zero and true otherwise.  A string is
1761 ** false if it has zero length and true otherwise.
1762 **
1763 ** If the value popped of the stack is NULL, then take the jump if P1
1764 ** is true and fall through if P1 is false.
1765 */
1766 case OP_If:
1767 case OP_IfNot: {
1768   int c;
1769   assert( pTos>=p->aStack );
1770   if( pTos->flags & MEM_Null ){
1771     c = pOp->p1;
1772   }else{
1773     Integerify(pTos);
1774     c = pTos->i;
1775     if( pOp->opcode==OP_IfNot ) c = !c;
1776   }
1777   assert( (pTos->flags & MEM_Dyn)==0 );
1778   pTos--;
1779   if( c ) pc = pOp->p2-1;
1780   break;
1781 }
1782 
1783 /* Opcode: IsNull P1 P2 *
1784 **
1785 ** If any of the top abs(P1) values on the stack are NULL, then jump
1786 ** to P2.  Pop the stack P1 times if P1>0.   If P1<0 leave the stack
1787 ** unchanged.
1788 */
1789 case OP_IsNull: {
1790   int i, cnt;
1791   Mem *pTerm;
1792   cnt = pOp->p1;
1793   if( cnt<0 ) cnt = -cnt;
1794   pTerm = &pTos[1-cnt];
1795   assert( pTerm>=p->aStack );
1796   for(i=0; i<cnt; i++, pTerm++){
1797     if( pTerm->flags & MEM_Null ){
1798       pc = pOp->p2-1;
1799       break;
1800     }
1801   }
1802   if( pOp->p1>0 ) popStack(&pTos, cnt);
1803   break;
1804 }
1805 
1806 /* Opcode: NotNull P1 P2 *
1807 **
1808 ** Jump to P2 if the top P1 values on the stack are all not NULL.  Pop the
1809 ** stack if P1 times if P1 is greater than zero.  If P1 is less than
1810 ** zero then leave the stack unchanged.
1811 */
1812 case OP_NotNull: {
1813   int i, cnt;
1814   cnt = pOp->p1;
1815   if( cnt<0 ) cnt = -cnt;
1816   assert( &pTos[1-cnt] >= p->aStack );
1817   for(i=0; i<cnt && (pTos[1+i-cnt].flags & MEM_Null)==0; i++){}
1818   if( i>=cnt ) pc = pOp->p2-1;
1819   if( pOp->p1>0 ) popStack(&pTos, cnt);
1820   break;
1821 }
1822 
1823 /* Opcode: MakeRecord P1 P2 *
1824 **
1825 ** Convert the top P1 entries of the stack into a single entry
1826 ** suitable for use as a data record in a database table.  The
1827 ** details of the format are irrelevant as long as the OP_Column
1828 ** opcode can decode the record later.  Refer to source code
1829 ** comments for the details of the record format.
1830 **
1831 ** If P2 is true (non-zero) and one or more of the P1 entries
1832 ** that go into building the record is NULL, then add some extra
1833 ** bytes to the record to make it distinct for other entries created
1834 ** during the same run of the VDBE.  The extra bytes added are a
1835 ** counter that is reset with each run of the VDBE, so records
1836 ** created this way will not necessarily be distinct across runs.
1837 ** But they should be distinct for transient tables (created using
1838 ** OP_OpenTemp) which is what they are intended for.
1839 **
1840 ** (Later:) The P2==1 option was intended to make NULLs distinct
1841 ** for the UNION operator.  But I have since discovered that NULLs
1842 ** are indistinct for UNION.  So this option is never used.
1843 */
1844 case OP_MakeRecord: {
1845   char *zNewRecord;
1846   int nByte;
1847   int nField;
1848   int i, j;
1849   int idxWidth;
1850   u32 addr;
1851   Mem *pRec;
1852   int addUnique = 0;   /* True to cause bytes to be added to make the
1853                        ** generated record distinct */
1854   char zTemp[NBFS];    /* Temp space for small records */
1855 
1856   /* Assuming the record contains N fields, the record format looks
1857   ** like this:
1858   **
1859   **   -------------------------------------------------------------------
1860   **   | idx0 | idx1 | ... | idx(N-1) | idx(N) | data0 | ... | data(N-1) |
1861   **   -------------------------------------------------------------------
1862   **
1863   ** All data fields are converted to strings before being stored and
1864   ** are stored with their null terminators.  NULL entries omit the
1865   ** null terminator.  Thus an empty string uses 1 byte and a NULL uses
1866   ** zero bytes.  Data(0) is taken from the lowest element of the stack
1867   ** and data(N-1) is the top of the stack.
1868   **
1869   ** Each of the idx() entries is either 1, 2, or 3 bytes depending on
1870   ** how big the total record is.  Idx(0) contains the offset to the start
1871   ** of data(0).  Idx(k) contains the offset to the start of data(k).
1872   ** Idx(N) contains the total number of bytes in the record.
1873   */
1874   nField = pOp->p1;
1875   pRec = &pTos[1-nField];
1876   assert( pRec>=p->aStack );
1877   nByte = 0;
1878   for(i=0; i<nField; i++, pRec++){
1879     if( pRec->flags & MEM_Null ){
1880       addUnique = pOp->p2;
1881     }else{
1882       Stringify(pRec);
1883       nByte += pRec->n;
1884     }
1885   }
1886   if( addUnique ) nByte += sizeof(p->uniqueCnt);
1887   if( nByte + nField + 1 < 256 ){
1888     idxWidth = 1;
1889   }else if( nByte + 2*nField + 2 < 65536 ){
1890     idxWidth = 2;
1891   }else{
1892     idxWidth = 3;
1893   }
1894   nByte += idxWidth*(nField + 1);
1895   if( nByte>MAX_BYTES_PER_ROW ){
1896     rc = SQLITE_TOOBIG;
1897     goto abort_due_to_error;
1898   }
1899   if( nByte<=NBFS ){
1900     zNewRecord = zTemp;
1901   }else{
1902     zNewRecord = sqliteMallocRaw( nByte );
1903     if( zNewRecord==0 ) goto no_mem;
1904   }
1905   j = 0;
1906   addr = idxWidth*(nField+1) + addUnique*sizeof(p->uniqueCnt);
1907   for(i=0, pRec=&pTos[1-nField]; i<nField; i++, pRec++){
1908     zNewRecord[j++] = addr & 0xff;
1909     if( idxWidth>1 ){
1910       zNewRecord[j++] = (addr>>8)&0xff;
1911       if( idxWidth>2 ){
1912         zNewRecord[j++] = (addr>>16)&0xff;
1913       }
1914     }
1915     if( (pRec->flags & MEM_Null)==0 ){
1916       addr += pRec->n;
1917     }
1918   }
1919   zNewRecord[j++] = addr & 0xff;
1920   if( idxWidth>1 ){
1921     zNewRecord[j++] = (addr>>8)&0xff;
1922     if( idxWidth>2 ){
1923       zNewRecord[j++] = (addr>>16)&0xff;
1924     }
1925   }
1926   if( addUnique ){
1927     memcpy(&zNewRecord[j], &p->uniqueCnt, sizeof(p->uniqueCnt));
1928     p->uniqueCnt++;
1929     j += sizeof(p->uniqueCnt);
1930   }
1931   for(i=0, pRec=&pTos[1-nField]; i<nField; i++, pRec++){
1932     if( (pRec->flags & MEM_Null)==0 ){
1933       memcpy(&zNewRecord[j], pRec->z, pRec->n);
1934       j += pRec->n;
1935     }
1936   }
1937   popStack(&pTos, nField);
1938   pTos++;
1939   pTos->n = nByte;
1940   if( nByte<=NBFS ){
1941     assert( zNewRecord==zTemp );
1942     memcpy(pTos->zShort, zTemp, nByte);
1943     pTos->z = pTos->zShort;
1944     pTos->flags = MEM_Str | MEM_Short;
1945   }else{
1946     assert( zNewRecord!=zTemp );
1947     pTos->z = zNewRecord;
1948     pTos->flags = MEM_Str | MEM_Dyn;
1949   }
1950   break;
1951 }
1952 
1953 /* Opcode: MakeKey P1 P2 P3
1954 **
1955 ** Convert the top P1 entries of the stack into a single entry suitable
1956 ** for use as the key in an index.  The top P1 records are
1957 ** converted to strings and merged.  The null-terminators
1958 ** are retained and used as separators.
1959 ** The lowest entry in the stack is the first field and the top of the
1960 ** stack becomes the last.
1961 **
1962 ** If P2 is not zero, then the original entries remain on the stack
1963 ** and the new key is pushed on top.  If P2 is zero, the original
1964 ** data is popped off the stack first then the new key is pushed
1965 ** back in its place.
1966 **
1967 ** P3 is a string that is P1 characters long.  Each character is either
1968 ** an 'n' or a 't' to indicates if the argument should be intepreted as
1969 ** numeric or text type.  The first character of P3 corresponds to the
1970 ** lowest element on the stack.  If P3 is NULL then all arguments are
1971 ** assumed to be of the numeric type.
1972 **
1973 ** The type makes a difference in that text-type fields may not be
1974 ** introduced by 'b' (as described in the next paragraph).  The
1975 ** first character of a text-type field must be either 'a' (if it is NULL)
1976 ** or 'c'.  Numeric fields will be introduced by 'b' if their content
1977 ** looks like a well-formed number.  Otherwise the 'a' or 'c' will be
1978 ** used.
1979 **
1980 ** The key is a concatenation of fields.  Each field is terminated by
1981 ** a single 0x00 character.  A NULL field is introduced by an 'a' and
1982 ** is followed immediately by its 0x00 terminator.  A numeric field is
1983 ** introduced by a single character 'b' and is followed by a sequence
1984 ** of characters that represent the number such that a comparison of
1985 ** the character string using memcpy() sorts the numbers in numerical
1986 ** order.  The character strings for numbers are generated using the
1987 ** sqliteRealToSortable() function.  A text field is introduced by a
1988 ** 'c' character and is followed by the exact text of the field.  The
1989 ** use of an 'a', 'b', or 'c' character at the beginning of each field
1990 ** guarantees that NULLs sort before numbers and that numbers sort
1991 ** before text.  0x00 characters do not occur except as separators
1992 ** between fields.
1993 **
1994 ** See also: MakeIdxKey, SortMakeKey
1995 */
1996 /* Opcode: MakeIdxKey P1 P2 P3
1997 **
1998 ** Convert the top P1 entries of the stack into a single entry suitable
1999 ** for use as the key in an index.  In addition, take one additional integer
2000 ** off of the stack, treat that integer as a four-byte record number, and
2001 ** append the four bytes to the key.  Thus a total of P1+1 entries are
2002 ** popped from the stack for this instruction and a single entry is pushed
2003 ** back.  The first P1 entries that are popped are strings and the last
2004 ** entry (the lowest on the stack) is an integer record number.
2005 **
2006 ** The converstion of the first P1 string entries occurs just like in
2007 ** MakeKey.  Each entry is separated from the others by a null.
2008 ** The entire concatenation is null-terminated.  The lowest entry
2009 ** in the stack is the first field and the top of the stack becomes the
2010 ** last.
2011 **
2012 ** If P2 is not zero and one or more of the P1 entries that go into the
2013 ** generated key is NULL, then jump to P2 after the new key has been
2014 ** pushed on the stack.  In other words, jump to P2 if the key is
2015 ** guaranteed to be unique.  This jump can be used to skip a subsequent
2016 ** uniqueness test.
2017 **
2018 ** P3 is a string that is P1 characters long.  Each character is either
2019 ** an 'n' or a 't' to indicates if the argument should be numeric or
2020 ** text.  The first character corresponds to the lowest element on the
2021 ** stack.  If P3 is null then all arguments are assumed to be numeric.
2022 **
2023 ** See also:  MakeKey, SortMakeKey
2024 */
2025 case OP_MakeIdxKey:
2026 case OP_MakeKey: {
2027   char *zNewKey;
2028   int nByte;
2029   int nField;
2030   int addRowid;
2031   int i, j;
2032   int containsNull = 0;
2033   Mem *pRec;
2034   char zTemp[NBFS];
2035 
2036   addRowid = pOp->opcode==OP_MakeIdxKey;
2037   nField = pOp->p1;
2038   pRec = &pTos[1-nField];
2039   assert( pRec>=p->aStack );
2040   nByte = 0;
2041   for(j=0, i=0; i<nField; i++, j++, pRec++){
2042     int flags = pRec->flags;
2043     int len;
2044     char *z;
2045     if( flags & MEM_Null ){
2046       nByte += 2;
2047       containsNull = 1;
2048     }else if( pOp->p3 && pOp->p3[j]=='t' ){
2049       Stringify(pRec);
2050       pRec->flags &= ~(MEM_Int|MEM_Real);
2051       nByte += pRec->n+1;
2052     }else if( (flags & (MEM_Real|MEM_Int))!=0 || sqliteIsNumber(pRec->z) ){
2053       if( (flags & (MEM_Real|MEM_Int))==MEM_Int ){
2054         pRec->r = pRec->i;
2055       }else if( (flags & (MEM_Real|MEM_Int))==0 ){
2056         pRec->r = sqliteAtoF(pRec->z, 0);
2057       }
2058       Release(pRec);
2059       z = pRec->zShort;
2060       sqliteRealToSortable(pRec->r, z);
2061       len = strlen(z);
2062       pRec->z = 0;
2063       pRec->flags = MEM_Real;
2064       pRec->n = len+1;
2065       nByte += pRec->n+1;
2066     }else{
2067       nByte += pRec->n+1;
2068     }
2069   }
2070   if( nByte+sizeof(u32)>MAX_BYTES_PER_ROW ){
2071     rc = SQLITE_TOOBIG;
2072     goto abort_due_to_error;
2073   }
2074   if( addRowid ) nByte += sizeof(u32);
2075   if( nByte<=NBFS ){
2076     zNewKey = zTemp;
2077   }else{
2078     zNewKey = sqliteMallocRaw( nByte );
2079     if( zNewKey==0 ) goto no_mem;
2080   }
2081   j = 0;
2082   pRec = &pTos[1-nField];
2083   for(i=0; i<nField; i++, pRec++){
2084     if( pRec->flags & MEM_Null ){
2085       zNewKey[j++] = 'a';
2086       zNewKey[j++] = 0;
2087     }else if( pRec->flags==MEM_Real ){
2088       zNewKey[j++] = 'b';
2089       memcpy(&zNewKey[j], pRec->zShort, pRec->n);
2090       j += pRec->n;
2091     }else{
2092       assert( pRec->flags & MEM_Str );
2093       zNewKey[j++] = 'c';
2094       memcpy(&zNewKey[j], pRec->z, pRec->n);
2095       j += pRec->n;
2096     }
2097   }
2098   if( addRowid ){
2099     u32 iKey;
2100     pRec = &pTos[-nField];
2101     assert( pRec>=p->aStack );
2102     Integerify(pRec);
2103     iKey = intToKey(pRec->i);
2104     memcpy(&zNewKey[j], &iKey, sizeof(u32));
2105     popStack(&pTos, nField+1);
2106     if( pOp->p2 && containsNull ) pc = pOp->p2 - 1;
2107   }else{
2108     if( pOp->p2==0 ) popStack(&pTos, nField);
2109   }
2110   pTos++;
2111   pTos->n = nByte;
2112   if( nByte<=NBFS ){
2113     assert( zNewKey==zTemp );
2114     pTos->z = pTos->zShort;
2115     memcpy(pTos->zShort, zTemp, nByte);
2116     pTos->flags = MEM_Str | MEM_Short;
2117   }else{
2118     pTos->z = zNewKey;
2119     pTos->flags = MEM_Str | MEM_Dyn;
2120   }
2121   break;
2122 }
2123 
2124 /* Opcode: IncrKey * * *
2125 **
2126 ** The top of the stack should contain an index key generated by
2127 ** The MakeKey opcode.  This routine increases the least significant
2128 ** byte of that key by one.  This is used so that the MoveTo opcode
2129 ** will move to the first entry greater than the key rather than to
2130 ** the key itself.
2131 */
2132 case OP_IncrKey: {
2133   assert( pTos>=p->aStack );
2134   /* The IncrKey opcode is only applied to keys generated by
2135   ** MakeKey or MakeIdxKey and the results of those operands
2136   ** are always dynamic strings or zShort[] strings.  So we
2137   ** are always free to modify the string in place.
2138   */
2139   assert( pTos->flags & (MEM_Dyn|MEM_Short) );
2140   pTos->z[pTos->n-1]++;
2141   break;
2142 }
2143 
2144 /* Opcode: Checkpoint P1 * *
2145 **
2146 ** Begin a checkpoint.  A checkpoint is the beginning of a operation that
2147 ** is part of a larger transaction but which might need to be rolled back
2148 ** itself without effecting the containing transaction.  A checkpoint will
2149 ** be automatically committed or rollback when the VDBE halts.
2150 **
2151 ** The checkpoint is begun on the database file with index P1.  The main
2152 ** database file has an index of 0 and the file used for temporary tables
2153 ** has an index of 1.
2154 */
2155 case OP_Checkpoint: {
2156   int i = pOp->p1;
2157   if( i>=0 && i<db->nDb && db->aDb[i].pBt && db->aDb[i].inTrans==1 ){
2158     rc = sqliteBtreeBeginCkpt(db->aDb[i].pBt);
2159     if( rc==SQLITE_OK ) db->aDb[i].inTrans = 2;
2160   }
2161   break;
2162 }
2163 
2164 /* Opcode: Transaction P1 * *
2165 **
2166 ** Begin a transaction.  The transaction ends when a Commit or Rollback
2167 ** opcode is encountered.  Depending on the ON CONFLICT setting, the
2168 ** transaction might also be rolled back if an error is encountered.
2169 **
2170 ** P1 is the index of the database file on which the transaction is
2171 ** started.  Index 0 is the main database file and index 1 is the
2172 ** file used for temporary tables.
2173 **
2174 ** A write lock is obtained on the database file when a transaction is
2175 ** started.  No other process can read or write the file while the
2176 ** transaction is underway.  Starting a transaction also creates a
2177 ** rollback journal.  A transaction must be started before any changes
2178 ** can be made to the database.
2179 */
2180 case OP_Transaction: {
2181   int busy = 1;
2182   int i = pOp->p1;
2183   assert( i>=0 && i<db->nDb );
2184   if( db->aDb[i].inTrans ) break;
2185   while( db->aDb[i].pBt!=0 && busy ){
2186     rc = sqliteBtreeBeginTrans(db->aDb[i].pBt);
2187     switch( rc ){
2188       case SQLITE_BUSY: {
2189         if( db->xBusyCallback==0 ){
2190           p->pc = pc;
2191           p->undoTransOnError = 1;
2192           p->rc = SQLITE_BUSY;
2193           p->pTos = pTos;
2194           return SQLITE_BUSY;
2195         }else if( (*db->xBusyCallback)(db->pBusyArg, "", busy++)==0 ){
2196           sqliteSetString(&p->zErrMsg, sqlite_error_string(rc), (char*)0);
2197           busy = 0;
2198         }
2199         break;
2200       }
2201       case SQLITE_READONLY: {
2202         rc = SQLITE_OK;
2203         /* Fall thru into the next case */
2204       }
2205       case SQLITE_OK: {
2206         p->inTempTrans = 0;
2207         busy = 0;
2208         break;
2209       }
2210       default: {
2211         goto abort_due_to_error;
2212       }
2213     }
2214   }
2215   db->aDb[i].inTrans = 1;
2216   p->undoTransOnError = 1;
2217   break;
2218 }
2219 
2220 /* Opcode: Commit * * *
2221 **
2222 ** Cause all modifications to the database that have been made since the
2223 ** last Transaction to actually take effect.  No additional modifications
2224 ** are allowed until another transaction is started.  The Commit instruction
2225 ** deletes the journal file and releases the write lock on the database.
2226 ** A read lock continues to be held if there are still cursors open.
2227 */
2228 case OP_Commit: {
2229   int i;
2230   if( db->xCommitCallback!=0 ){
2231     if( sqliteSafetyOff(db) ) goto abort_due_to_misuse;
2232     if( db->xCommitCallback(db->pCommitArg)!=0 ){
2233       rc = SQLITE_CONSTRAINT;
2234     }
2235     if( sqliteSafetyOn(db) ) goto abort_due_to_misuse;
2236   }
2237   for(i=0; rc==SQLITE_OK && i<db->nDb; i++){
2238     if( db->aDb[i].inTrans ){
2239       rc = sqliteBtreeCommit(db->aDb[i].pBt);
2240       db->aDb[i].inTrans = 0;
2241     }
2242   }
2243   if( rc==SQLITE_OK ){
2244     sqliteCommitInternalChanges(db);
2245   }else{
2246     sqliteRollbackAll(db);
2247   }
2248   break;
2249 }
2250 
2251 /* Opcode: Rollback P1 * *
2252 **
2253 ** Cause all modifications to the database that have been made since the
2254 ** last Transaction to be undone. The database is restored to its state
2255 ** before the Transaction opcode was executed.  No additional modifications
2256 ** are allowed until another transaction is started.
2257 **
2258 ** P1 is the index of the database file that is committed.  An index of 0
2259 ** is used for the main database and an index of 1 is used for the file used
2260 ** to hold temporary tables.
2261 **
2262 ** This instruction automatically closes all cursors and releases both
2263 ** the read and write locks on the indicated database.
2264 */
2265 case OP_Rollback: {
2266   sqliteRollbackAll(db);
2267   break;
2268 }
2269 
2270 /* Opcode: ReadCookie P1 P2 *
2271 **
2272 ** Read cookie number P2 from database P1 and push it onto the stack.
2273 ** P2==0 is the schema version.  P2==1 is the database format.
2274 ** P2==2 is the recommended pager cache size, and so forth.  P1==0 is
2275 ** the main database file and P1==1 is the database file used to store
2276 ** temporary tables.
2277 **
2278 ** There must be a read-lock on the database (either a transaction
2279 ** must be started or there must be an open cursor) before
2280 ** executing this instruction.
2281 */
2282 case OP_ReadCookie: {
2283   int aMeta[SQLITE_N_BTREE_META];
2284   assert( pOp->p2<SQLITE_N_BTREE_META );
2285   assert( pOp->p1>=0 && pOp->p1<db->nDb );
2286   assert( db->aDb[pOp->p1].pBt!=0 );
2287   rc = sqliteBtreeGetMeta(db->aDb[pOp->p1].pBt, aMeta);
2288   pTos++;
2289   pTos->i = aMeta[1+pOp->p2];
2290   pTos->flags = MEM_Int;
2291   break;
2292 }
2293 
2294 /* Opcode: SetCookie P1 P2 *
2295 **
2296 ** Write the top of the stack into cookie number P2 of database P1.
2297 ** P2==0 is the schema version.  P2==1 is the database format.
2298 ** P2==2 is the recommended pager cache size, and so forth.  P1==0 is
2299 ** the main database file and P1==1 is the database file used to store
2300 ** temporary tables.
2301 **
2302 ** A transaction must be started before executing this opcode.
2303 */
2304 case OP_SetCookie: {
2305   int aMeta[SQLITE_N_BTREE_META];
2306   assert( pOp->p2<SQLITE_N_BTREE_META );
2307   assert( pOp->p1>=0 && pOp->p1<db->nDb );
2308   assert( db->aDb[pOp->p1].pBt!=0 );
2309   assert( pTos>=p->aStack );
2310   Integerify(pTos)
2311   rc = sqliteBtreeGetMeta(db->aDb[pOp->p1].pBt, aMeta);
2312   if( rc==SQLITE_OK ){
2313     aMeta[1+pOp->p2] = pTos->i;
2314     rc = sqliteBtreeUpdateMeta(db->aDb[pOp->p1].pBt, aMeta);
2315   }
2316   Release(pTos);
2317   pTos--;
2318   break;
2319 }
2320 
2321 /* Opcode: VerifyCookie P1 P2 *
2322 **
2323 ** Check the value of global database parameter number 0 (the
2324 ** schema version) and make sure it is equal to P2.
2325 ** P1 is the database number which is 0 for the main database file
2326 ** and 1 for the file holding temporary tables and some higher number
2327 ** for auxiliary databases.
2328 **
2329 ** The cookie changes its value whenever the database schema changes.
2330 ** This operation is used to detect when that the cookie has changed
2331 ** and that the current process needs to reread the schema.
2332 **
2333 ** Either a transaction needs to have been started or an OP_Open needs
2334 ** to be executed (to establish a read lock) before this opcode is
2335 ** invoked.
2336 */
2337 case OP_VerifyCookie: {
2338   int aMeta[SQLITE_N_BTREE_META];
2339   assert( pOp->p1>=0 && pOp->p1<db->nDb );
2340   rc = sqliteBtreeGetMeta(db->aDb[pOp->p1].pBt, aMeta);
2341   if( rc==SQLITE_OK && aMeta[1]!=pOp->p2 ){
2342     sqliteSetString(&p->zErrMsg, "database schema has changed", (char*)0);
2343     rc = SQLITE_SCHEMA;
2344   }
2345   break;
2346 }
2347 
2348 /* Opcode: OpenRead P1 P2 P3
2349 **
2350 ** Open a read-only cursor for the database table whose root page is
2351 ** P2 in a database file.  The database file is determined by an
2352 ** integer from the top of the stack.  0 means the main database and
2353 ** 1 means the database used for temporary tables.  Give the new
2354 ** cursor an identifier of P1.  The P1 values need not be contiguous
2355 ** but all P1 values should be small integers.  It is an error for
2356 ** P1 to be negative.
2357 **
2358 ** If P2==0 then take the root page number from the next of the stack.
2359 **
2360 ** There will be a read lock on the database whenever there is an
2361 ** open cursor.  If the database was unlocked prior to this instruction
2362 ** then a read lock is acquired as part of this instruction.  A read
2363 ** lock allows other processes to read the database but prohibits
2364 ** any other process from modifying the database.  The read lock is
2365 ** released when all cursors are closed.  If this instruction attempts
2366 ** to get a read lock but fails, the script terminates with an
2367 ** SQLITE_BUSY error code.
2368 **
2369 ** The P3 value is the name of the table or index being opened.
2370 ** The P3 value is not actually used by this opcode and may be
2371 ** omitted.  But the code generator usually inserts the index or
2372 ** table name into P3 to make the code easier to read.
2373 **
2374 ** See also OpenWrite.
2375 */
2376 /* Opcode: OpenWrite P1 P2 P3
2377 **
2378 ** Open a read/write cursor named P1 on the table or index whose root
2379 ** page is P2.  If P2==0 then take the root page number from the stack.
2380 **
2381 ** The P3 value is the name of the table or index being opened.
2382 ** The P3 value is not actually used by this opcode and may be
2383 ** omitted.  But the code generator usually inserts the index or
2384 ** table name into P3 to make the code easier to read.
2385 **
2386 ** This instruction works just like OpenRead except that it opens the cursor
2387 ** in read/write mode.  For a given table, there can be one or more read-only
2388 ** cursors or a single read/write cursor but not both.
2389 **
2390 ** See also OpenRead.
2391 */
2392 case OP_OpenRead:
2393 case OP_OpenWrite: {
2394   int busy = 0;
2395   int i = pOp->p1;
2396   int p2 = pOp->p2;
2397   int wrFlag;
2398   Btree *pX;
2399   int iDb;
2400 
2401   assert( pTos>=p->aStack );
2402   Integerify(pTos);
2403   iDb = pTos->i;
2404   pTos--;
2405   assert( iDb>=0 && iDb<db->nDb );
2406   pX = db->aDb[iDb].pBt;
2407   assert( pX!=0 );
2408   wrFlag = pOp->opcode==OP_OpenWrite;
2409   if( p2<=0 ){
2410     assert( pTos>=p->aStack );
2411     Integerify(pTos);
2412     p2 = pTos->i;
2413     pTos--;
2414     if( p2<2 ){
2415       sqliteSetString(&p->zErrMsg, "root page number less than 2", (char*)0);
2416       rc = SQLITE_INTERNAL;
2417       break;
2418     }
2419   }
2420   assert( i>=0 );
2421   if( expandCursorArraySize(p, i) ) goto no_mem;
2422   sqliteVdbeCleanupCursor(&p->aCsr[i]);
2423   memset(&p->aCsr[i], 0, sizeof(Cursor));
2424   p->aCsr[i].nullRow = 1;
2425   if( pX==0 ) break;
2426   do{
2427     rc = sqliteBtreeCursor(pX, p2, wrFlag, &p->aCsr[i].pCursor);
2428     switch( rc ){
2429       case SQLITE_BUSY: {
2430         if( db->xBusyCallback==0 ){
2431           p->pc = pc;
2432           p->rc = SQLITE_BUSY;
2433           p->pTos = &pTos[1 + (pOp->p2<=0)]; /* Operands must remain on stack */
2434           return SQLITE_BUSY;
2435         }else if( (*db->xBusyCallback)(db->pBusyArg, pOp->p3, ++busy)==0 ){
2436           sqliteSetString(&p->zErrMsg, sqlite_error_string(rc), (char*)0);
2437           busy = 0;
2438         }
2439         break;
2440       }
2441       case SQLITE_OK: {
2442         busy = 0;
2443         break;
2444       }
2445       default: {
2446         goto abort_due_to_error;
2447       }
2448     }
2449   }while( busy );
2450   break;
2451 }
2452 
2453 /* Opcode: OpenTemp P1 P2 *
2454 **
2455 ** Open a new cursor to a transient table.
2456 ** The transient cursor is always opened read/write even if
2457 ** the main database is read-only.  The transient table is deleted
2458 ** automatically when the cursor is closed.
2459 **
2460 ** The cursor points to a BTree table if P2==0 and to a BTree index
2461 ** if P2==1.  A BTree table must have an integer key and can have arbitrary
2462 ** data.  A BTree index has no data but can have an arbitrary key.
2463 **
2464 ** This opcode is used for tables that exist for the duration of a single
2465 ** SQL statement only.  Tables created using CREATE TEMPORARY TABLE
2466 ** are opened using OP_OpenRead or OP_OpenWrite.  "Temporary" in the
2467 ** context of this opcode means for the duration of a single SQL statement
2468 ** whereas "Temporary" in the context of CREATE TABLE means for the duration
2469 ** of the connection to the database.  Same word; different meanings.
2470 */
2471 case OP_OpenTemp: {
2472   int i = pOp->p1;
2473   Cursor *pCx;
2474   assert( i>=0 );
2475   if( expandCursorArraySize(p, i) ) goto no_mem;
2476   pCx = &p->aCsr[i];
2477   sqliteVdbeCleanupCursor(pCx);
2478   memset(pCx, 0, sizeof(*pCx));
2479   pCx->nullRow = 1;
2480   rc = sqliteBtreeFactory(db, 0, 1, TEMP_PAGES, &pCx->pBt);
2481 
2482   if( rc==SQLITE_OK ){
2483     rc = sqliteBtreeBeginTrans(pCx->pBt);
2484   }
2485   if( rc==SQLITE_OK ){
2486     if( pOp->p2 ){
2487       int pgno;
2488       rc = sqliteBtreeCreateIndex(pCx->pBt, &pgno);
2489       if( rc==SQLITE_OK ){
2490         rc = sqliteBtreeCursor(pCx->pBt, pgno, 1, &pCx->pCursor);
2491       }
2492     }else{
2493       rc = sqliteBtreeCursor(pCx->pBt, 2, 1, &pCx->pCursor);
2494     }
2495   }
2496   break;
2497 }
2498 
2499 /* Opcode: OpenPseudo P1 * *
2500 **
2501 ** Open a new cursor that points to a fake table that contains a single
2502 ** row of data.  Any attempt to write a second row of data causes the
2503 ** first row to be deleted.  All data is deleted when the cursor is
2504 ** closed.
2505 **
2506 ** A pseudo-table created by this opcode is useful for holding the
2507 ** NEW or OLD tables in a trigger.
2508 */
2509 case OP_OpenPseudo: {
2510   int i = pOp->p1;
2511   Cursor *pCx;
2512   assert( i>=0 );
2513   if( expandCursorArraySize(p, i) ) goto no_mem;
2514   pCx = &p->aCsr[i];
2515   sqliteVdbeCleanupCursor(pCx);
2516   memset(pCx, 0, sizeof(*pCx));
2517   pCx->nullRow = 1;
2518   pCx->pseudoTable = 1;
2519   break;
2520 }
2521 
2522 /* Opcode: Close P1 * *
2523 **
2524 ** Close a cursor previously opened as P1.  If P1 is not
2525 ** currently open, this instruction is a no-op.
2526 */
2527 case OP_Close: {
2528   int i = pOp->p1;
2529   if( i>=0 && i<p->nCursor ){
2530     sqliteVdbeCleanupCursor(&p->aCsr[i]);
2531   }
2532   break;
2533 }
2534 
2535 /* Opcode: MoveTo P1 P2 *
2536 **
2537 ** Pop the top of the stack and use its value as a key.  Reposition
2538 ** cursor P1 so that it points to an entry with a matching key.  If
2539 ** the table contains no record with a matching key, then the cursor
2540 ** is left pointing at the first record that is greater than the key.
2541 ** If there are no records greater than the key and P2 is not zero,
2542 ** then an immediate jump to P2 is made.
2543 **
2544 ** See also: Found, NotFound, Distinct, MoveLt
2545 */
2546 /* Opcode: MoveLt P1 P2 *
2547 **
2548 ** Pop the top of the stack and use its value as a key.  Reposition
2549 ** cursor P1 so that it points to the entry with the largest key that is
2550 ** less than the key popped from the stack.
2551 ** If there are no records less than than the key and P2
2552 ** is not zero then an immediate jump to P2 is made.
2553 **
2554 ** See also: MoveTo
2555 */
2556 case OP_MoveLt:
2557 case OP_MoveTo: {
2558   int i = pOp->p1;
2559   Cursor *pC;
2560 
2561   assert( pTos>=p->aStack );
2562   assert( i>=0 && i<p->nCursor );
2563   pC = &p->aCsr[i];
2564   if( pC->pCursor!=0 ){
2565     int res, oc;
2566     pC->nullRow = 0;
2567     if( pTos->flags & MEM_Int ){
2568       int iKey = intToKey(pTos->i);
2569       if( pOp->p2==0 && pOp->opcode==OP_MoveTo ){
2570         pC->movetoTarget = iKey;
2571         pC->deferredMoveto = 1;
2572         Release(pTos);
2573         pTos--;
2574         break;
2575       }
2576       sqliteBtreeMoveto(pC->pCursor, (char*)&iKey, sizeof(int), &res);
2577       pC->lastRecno = pTos->i;
2578       pC->recnoIsValid = res==0;
2579     }else{
2580       Stringify(pTos);
2581       sqliteBtreeMoveto(pC->pCursor, pTos->z, pTos->n, &res);
2582       pC->recnoIsValid = 0;
2583     }
2584     pC->deferredMoveto = 0;
2585     sqlite_search_count++;
2586     oc = pOp->opcode;
2587     if( oc==OP_MoveTo && res<0 ){
2588       sqliteBtreeNext(pC->pCursor, &res);
2589       pC->recnoIsValid = 0;
2590       if( res && pOp->p2>0 ){
2591         pc = pOp->p2 - 1;
2592       }
2593     }else if( oc==OP_MoveLt ){
2594       if( res>=0 ){
2595         sqliteBtreePrevious(pC->pCursor, &res);
2596         pC->recnoIsValid = 0;
2597       }else{
2598         /* res might be negative because the table is empty.  Check to
2599         ** see if this is the case.
2600         */
2601         int keysize;
2602         res = sqliteBtreeKeySize(pC->pCursor,&keysize)!=0 || keysize==0;
2603       }
2604       if( res && pOp->p2>0 ){
2605         pc = pOp->p2 - 1;
2606       }
2607     }
2608   }
2609   Release(pTos);
2610   pTos--;
2611   break;
2612 }
2613 
2614 /* Opcode: Distinct P1 P2 *
2615 **
2616 ** Use the top of the stack as a string key.  If a record with that key does
2617 ** not exist in the table of cursor P1, then jump to P2.  If the record
2618 ** does already exist, then fall thru.  The cursor is left pointing
2619 ** at the record if it exists. The key is not popped from the stack.
2620 **
2621 ** This operation is similar to NotFound except that this operation
2622 ** does not pop the key from the stack.
2623 **
2624 ** See also: Found, NotFound, MoveTo, IsUnique, NotExists
2625 */
2626 /* Opcode: Found P1 P2 *
2627 **
2628 ** Use the top of the stack as a string key.  If a record with that key
2629 ** does exist in table of P1, then jump to P2.  If the record
2630 ** does not exist, then fall thru.  The cursor is left pointing
2631 ** to the record if it exists.  The key is popped from the stack.
2632 **
2633 ** See also: Distinct, NotFound, MoveTo, IsUnique, NotExists
2634 */
2635 /* Opcode: NotFound P1 P2 *
2636 **
2637 ** Use the top of the stack as a string key.  If a record with that key
2638 ** does not exist in table of P1, then jump to P2.  If the record
2639 ** does exist, then fall thru.  The cursor is left pointing to the
2640 ** record if it exists.  The key is popped from the stack.
2641 **
2642 ** The difference between this operation and Distinct is that
2643 ** Distinct does not pop the key from the stack.
2644 **
2645 ** See also: Distinct, Found, MoveTo, NotExists, IsUnique
2646 */
2647 case OP_Distinct:
2648 case OP_NotFound:
2649 case OP_Found: {
2650   int i = pOp->p1;
2651   int alreadyExists = 0;
2652   Cursor *pC;
2653   assert( pTos>=p->aStack );
2654   assert( i>=0 && i<p->nCursor );
2655   if( (pC = &p->aCsr[i])->pCursor!=0 ){
2656     int res, rx;
2657     Stringify(pTos);
2658     rx = sqliteBtreeMoveto(pC->pCursor, pTos->z, pTos->n, &res);
2659     alreadyExists = rx==SQLITE_OK && res==0;
2660     pC->deferredMoveto = 0;
2661   }
2662   if( pOp->opcode==OP_Found ){
2663     if( alreadyExists ) pc = pOp->p2 - 1;
2664   }else{
2665     if( !alreadyExists ) pc = pOp->p2 - 1;
2666   }
2667   if( pOp->opcode!=OP_Distinct ){
2668     Release(pTos);
2669     pTos--;
2670   }
2671   break;
2672 }
2673 
2674 /* Opcode: IsUnique P1 P2 *
2675 **
2676 ** The top of the stack is an integer record number.  Call this
2677 ** record number R.  The next on the stack is an index key created
2678 ** using MakeIdxKey.  Call it K.  This instruction pops R from the
2679 ** stack but it leaves K unchanged.
2680 **
2681 ** P1 is an index.  So all but the last four bytes of K are an
2682 ** index string.  The last four bytes of K are a record number.
2683 **
2684 ** This instruction asks if there is an entry in P1 where the
2685 ** index string matches K but the record number is different
2686 ** from R.  If there is no such entry, then there is an immediate
2687 ** jump to P2.  If any entry does exist where the index string
2688 ** matches K but the record number is not R, then the record
2689 ** number for that entry is pushed onto the stack and control
2690 ** falls through to the next instruction.
2691 **
2692 ** See also: Distinct, NotFound, NotExists, Found
2693 */
2694 case OP_IsUnique: {
2695   int i = pOp->p1;
2696   Mem *pNos = &pTos[-1];
2697   BtCursor *pCrsr;
2698   int R;
2699 
2700   /* Pop the value R off the top of the stack
2701   */
2702   assert( pNos>=p->aStack );
2703   Integerify(pTos);
2704   R = pTos->i;
2705   pTos--;
2706   assert( i>=0 && i<=p->nCursor );
2707   if( (pCrsr = p->aCsr[i].pCursor)!=0 ){
2708     int res, rc;
2709     int v;         /* The record number on the P1 entry that matches K */
2710     char *zKey;    /* The value of K */
2711     int nKey;      /* Number of bytes in K */
2712 
2713     /* Make sure K is a string and make zKey point to K
2714     */
2715     Stringify(pNos);
2716     zKey = pNos->z;
2717     nKey = pNos->n;
2718     assert( nKey >= 4 );
2719 
2720     /* Search for an entry in P1 where all but the last four bytes match K.
2721     ** If there is no such entry, jump immediately to P2.
2722     */
2723     assert( p->aCsr[i].deferredMoveto==0 );
2724     rc = sqliteBtreeMoveto(pCrsr, zKey, nKey-4, &res);
2725     if( rc!=SQLITE_OK ) goto abort_due_to_error;
2726     if( res<0 ){
2727       rc = sqliteBtreeNext(pCrsr, &res);
2728       if( res ){
2729         pc = pOp->p2 - 1;
2730         break;
2731       }
2732     }
2733     rc = sqliteBtreeKeyCompare(pCrsr, zKey, nKey-4, 4, &res);
2734     if( rc!=SQLITE_OK ) goto abort_due_to_error;
2735     if( res>0 ){
2736       pc = pOp->p2 - 1;
2737       break;
2738     }
2739 
2740     /* At this point, pCrsr is pointing to an entry in P1 where all but
2741     ** the last for bytes of the key match K.  Check to see if the last
2742     ** four bytes of the key are different from R.  If the last four
2743     ** bytes equal R then jump immediately to P2.
2744     */
2745     sqliteBtreeKey(pCrsr, nKey - 4, 4, (char*)&v);
2746     v = keyToInt(v);
2747     if( v==R ){
2748       pc = pOp->p2 - 1;
2749       break;
2750     }
2751 
2752     /* The last four bytes of the key are different from R.  Convert the
2753     ** last four bytes of the key into an integer and push it onto the
2754     ** stack.  (These bytes are the record number of an entry that
2755     ** violates a UNIQUE constraint.)
2756     */
2757     pTos++;
2758     pTos->i = v;
2759     pTos->flags = MEM_Int;
2760   }
2761   break;
2762 }
2763 
2764 /* Opcode: NotExists P1 P2 *
2765 **
2766 ** Use the top of the stack as a integer key.  If a record with that key
2767 ** does not exist in table of P1, then jump to P2.  If the record
2768 ** does exist, then fall thru.  The cursor is left pointing to the
2769 ** record if it exists.  The integer key is popped from the stack.
2770 **
2771 ** The difference between this operation and NotFound is that this
2772 ** operation assumes the key is an integer and NotFound assumes it
2773 ** is a string.
2774 **
2775 ** See also: Distinct, Found, MoveTo, NotFound, IsUnique
2776 */
2777 case OP_NotExists: {
2778   int i = pOp->p1;
2779   BtCursor *pCrsr;
2780   assert( pTos>=p->aStack );
2781   assert( i>=0 && i<p->nCursor );
2782   if( (pCrsr = p->aCsr[i].pCursor)!=0 ){
2783     int res, rx, iKey;
2784     assert( pTos->flags & MEM_Int );
2785     iKey = intToKey(pTos->i);
2786     rx = sqliteBtreeMoveto(pCrsr, (char*)&iKey, sizeof(int), &res);
2787     p->aCsr[i].lastRecno = pTos->i;
2788     p->aCsr[i].recnoIsValid = res==0;
2789     p->aCsr[i].nullRow = 0;
2790     if( rx!=SQLITE_OK || res!=0 ){
2791       pc = pOp->p2 - 1;
2792       p->aCsr[i].recnoIsValid = 0;
2793     }
2794   }
2795   Release(pTos);
2796   pTos--;
2797   break;
2798 }
2799 
2800 /* Opcode: NewRecno P1 * *
2801 **
2802 ** Get a new integer record number used as the key to a table.
2803 ** The record number is not previously used as a key in the database
2804 ** table that cursor P1 points to.  The new record number is pushed
2805 ** onto the stack.
2806 */
2807 case OP_NewRecno: {
2808   int i = pOp->p1;
2809   int v = 0;
2810   Cursor *pC;
2811   assert( i>=0 && i<p->nCursor );
2812   if( (pC = &p->aCsr[i])->pCursor==0 ){
2813     v = 0;
2814   }else{
2815     /* The next rowid or record number (different terms for the same
2816     ** thing) is obtained in a two-step algorithm.
2817     **
2818     ** First we attempt to find the largest existing rowid and add one
2819     ** to that.  But if the largest existing rowid is already the maximum
2820     ** positive integer, we have to fall through to the second
2821     ** probabilistic algorithm
2822     **
2823     ** The second algorithm is to select a rowid at random and see if
2824     ** it already exists in the table.  If it does not exist, we have
2825     ** succeeded.  If the random rowid does exist, we select a new one
2826     ** and try again, up to 1000 times.
2827     **
2828     ** For a table with less than 2 billion entries, the probability
2829     ** of not finding a unused rowid is about 1.0e-300.  This is a
2830     ** non-zero probability, but it is still vanishingly small and should
2831     ** never cause a problem.  You are much, much more likely to have a
2832     ** hardware failure than for this algorithm to fail.
2833     **
2834     ** The analysis in the previous paragraph assumes that you have a good
2835     ** source of random numbers.  Is a library function like lrand48()
2836     ** good enough?  Maybe. Maybe not. It's hard to know whether there
2837     ** might be subtle bugs is some implementations of lrand48() that
2838     ** could cause problems. To avoid uncertainty, SQLite uses its own
2839     ** random number generator based on the RC4 algorithm.
2840     **
2841     ** To promote locality of reference for repetitive inserts, the
2842     ** first few attempts at chosing a random rowid pick values just a little
2843     ** larger than the previous rowid.  This has been shown experimentally
2844     ** to double the speed of the COPY operation.
2845     */
2846     int res, rx, cnt, x;
2847     cnt = 0;
2848     if( !pC->useRandomRowid ){
2849       if( pC->nextRowidValid ){
2850         v = pC->nextRowid;
2851       }else{
2852         rx = sqliteBtreeLast(pC->pCursor, &res);
2853         if( res ){
2854           v = 1;
2855         }else{
2856           sqliteBtreeKey(pC->pCursor, 0, sizeof(v), (void*)&v);
2857           v = keyToInt(v);
2858           if( v==0x7fffffff ){
2859             pC->useRandomRowid = 1;
2860           }else{
2861             v++;
2862           }
2863         }
2864       }
2865       if( v<0x7fffffff ){
2866         pC->nextRowidValid = 1;
2867         pC->nextRowid = v+1;
2868       }else{
2869         pC->nextRowidValid = 0;
2870       }
2871     }
2872     if( pC->useRandomRowid ){
2873       v = db->priorNewRowid;
2874       cnt = 0;
2875       do{
2876         if( v==0 || cnt>2 ){
2877           sqliteRandomness(sizeof(v), &v);
2878           if( cnt<5 ) v &= 0xffffff;
2879         }else{
2880           unsigned char r;
2881           sqliteRandomness(1, &r);
2882           v += r + 1;
2883         }
2884         if( v==0 ) continue;
2885         x = intToKey(v);
2886         rx = sqliteBtreeMoveto(pC->pCursor, &x, sizeof(int), &res);
2887         cnt++;
2888       }while( cnt<1000 && rx==SQLITE_OK && res==0 );
2889       db->priorNewRowid = v;
2890       if( rx==SQLITE_OK && res==0 ){
2891         rc = SQLITE_FULL;
2892         goto abort_due_to_error;
2893       }
2894     }
2895     pC->recnoIsValid = 0;
2896     pC->deferredMoveto = 0;
2897   }
2898   pTos++;
2899   pTos->i = v;
2900   pTos->flags = MEM_Int;
2901   break;
2902 }
2903 
2904 /* Opcode: PutIntKey P1 P2 *
2905 **
2906 ** Write an entry into the table of cursor P1.  A new entry is
2907 ** created if it doesn't already exist or the data for an existing
2908 ** entry is overwritten.  The data is the value on the top of the
2909 ** stack.  The key is the next value down on the stack.  The key must
2910 ** be an integer.  The stack is popped twice by this instruction.
2911 **
2912 ** If the OPFLAG_NCHANGE flag of P2 is set, then the row change count is
2913 ** incremented (otherwise not).  If the OPFLAG_CSCHANGE flag is set,
2914 ** then the current statement change count is incremented (otherwise not).
2915 ** If the OPFLAG_LASTROWID flag of P2 is set, then rowid is
2916 ** stored for subsequent return by the sqlite_last_insert_rowid() function
2917 ** (otherwise it's unmodified).
2918 */
2919 /* Opcode: PutStrKey P1 * *
2920 **
2921 ** Write an entry into the table of cursor P1.  A new entry is
2922 ** created if it doesn't already exist or the data for an existing
2923 ** entry is overwritten.  The data is the value on the top of the
2924 ** stack.  The key is the next value down on the stack.  The key must
2925 ** be a string.  The stack is popped twice by this instruction.
2926 **
2927 ** P1 may not be a pseudo-table opened using the OpenPseudo opcode.
2928 */
2929 case OP_PutIntKey:
2930 case OP_PutStrKey: {
2931   Mem *pNos = &pTos[-1];
2932   int i = pOp->p1;
2933   Cursor *pC;
2934   assert( pNos>=p->aStack );
2935   assert( i>=0 && i<p->nCursor );
2936   if( ((pC = &p->aCsr[i])->pCursor!=0 || pC->pseudoTable) ){
2937     char *zKey;
2938     int nKey, iKey;
2939     if( pOp->opcode==OP_PutStrKey ){
2940       Stringify(pNos);
2941       nKey = pNos->n;
2942       zKey = pNos->z;
2943     }else{
2944       assert( pNos->flags & MEM_Int );
2945       nKey = sizeof(int);
2946       iKey = intToKey(pNos->i);
2947       zKey = (char*)&iKey;
2948       if( pOp->p2 & OPFLAG_NCHANGE ) db->nChange++;
2949       if( pOp->p2 & OPFLAG_LASTROWID ) db->lastRowid = pNos->i;
2950       if( pOp->p2 & OPFLAG_CSCHANGE ) db->csChange++;
2951       if( pC->nextRowidValid && pTos->i>=pC->nextRowid ){
2952         pC->nextRowidValid = 0;
2953       }
2954     }
2955     if( pTos->flags & MEM_Null ){
2956       pTos->z = 0;
2957       pTos->n = 0;
2958     }else{
2959       assert( pTos->flags & MEM_Str );
2960     }
2961     if( pC->pseudoTable ){
2962       /* PutStrKey does not work for pseudo-tables.
2963       ** The following assert makes sure we are not trying to use
2964       ** PutStrKey on a pseudo-table
2965       */
2966       assert( pOp->opcode==OP_PutIntKey );
2967       sqliteFree(pC->pData);
2968       pC->iKey = iKey;
2969       pC->nData = pTos->n;
2970       if( pTos->flags & MEM_Dyn ){
2971         pC->pData = pTos->z;
2972         pTos->flags = MEM_Null;
2973       }else{
2974         pC->pData = sqliteMallocRaw( pC->nData );
2975         if( pC->pData ){
2976           memcpy(pC->pData, pTos->z, pC->nData);
2977         }
2978       }
2979       pC->nullRow = 0;
2980     }else{
2981       rc = sqliteBtreeInsert(pC->pCursor, zKey, nKey, pTos->z, pTos->n);
2982     }
2983     pC->recnoIsValid = 0;
2984     pC->deferredMoveto = 0;
2985   }
2986   popStack(&pTos, 2);
2987   break;
2988 }
2989 
2990 /* Opcode: Delete P1 P2 *
2991 **
2992 ** Delete the record at which the P1 cursor is currently pointing.
2993 **
2994 ** The cursor will be left pointing at either the next or the previous
2995 ** record in the table. If it is left pointing at the next record, then
2996 ** the next Next instruction will be a no-op.  Hence it is OK to delete
2997 ** a record from within an Next loop.
2998 **
2999 ** If the OPFLAG_NCHANGE flag of P2 is set, then the row change count is
3000 ** incremented (otherwise not).  If OPFLAG_CSCHANGE flag is set,
3001 ** then the current statement change count is incremented (otherwise not).
3002 **
3003 ** If P1 is a pseudo-table, then this instruction is a no-op.
3004 */
3005 case OP_Delete: {
3006   int i = pOp->p1;
3007   Cursor *pC;
3008   assert( i>=0 && i<p->nCursor );
3009   pC = &p->aCsr[i];
3010   if( pC->pCursor!=0 ){
3011     sqliteVdbeCursorMoveto(pC);
3012     rc = sqliteBtreeDelete(pC->pCursor);
3013     pC->nextRowidValid = 0;
3014   }
3015   if( pOp->p2 & OPFLAG_NCHANGE ) db->nChange++;
3016   if( pOp->p2 & OPFLAG_CSCHANGE ) db->csChange++;
3017   break;
3018 }
3019 
3020 /* Opcode: SetCounts * * *
3021 **
3022 ** Called at end of statement.  Updates lsChange (last statement change count)
3023 ** and resets csChange (current statement change count) to 0.
3024 */
3025 case OP_SetCounts: {
3026   db->lsChange=db->csChange;
3027   db->csChange=0;
3028   break;
3029 }
3030 
3031 /* Opcode: KeyAsData P1 P2 *
3032 **
3033 ** Turn the key-as-data mode for cursor P1 either on (if P2==1) or
3034 ** off (if P2==0).  In key-as-data mode, the OP_Column opcode pulls
3035 ** data off of the key rather than the data.  This is used for
3036 ** processing compound selects.
3037 */
3038 case OP_KeyAsData: {
3039   int i = pOp->p1;
3040   assert( i>=0 && i<p->nCursor );
3041   p->aCsr[i].keyAsData = pOp->p2;
3042   break;
3043 }
3044 
3045 /* Opcode: RowData P1 * *
3046 **
3047 ** Push onto the stack the complete row data for cursor P1.
3048 ** There is no interpretation of the data.  It is just copied
3049 ** onto the stack exactly as it is found in the database file.
3050 **
3051 ** If the cursor is not pointing to a valid row, a NULL is pushed
3052 ** onto the stack.
3053 */
3054 /* Opcode: RowKey P1 * *
3055 **
3056 ** Push onto the stack the complete row key for cursor P1.
3057 ** There is no interpretation of the key.  It is just copied
3058 ** onto the stack exactly as it is found in the database file.
3059 **
3060 ** If the cursor is not pointing to a valid row, a NULL is pushed
3061 ** onto the stack.
3062 */
3063 case OP_RowKey:
3064 case OP_RowData: {
3065   int i = pOp->p1;
3066   Cursor *pC;
3067   int n;
3068 
3069   pTos++;
3070   assert( i>=0 && i<p->nCursor );
3071   pC = &p->aCsr[i];
3072   if( pC->nullRow ){
3073     pTos->flags = MEM_Null;
3074   }else if( pC->pCursor!=0 ){
3075     BtCursor *pCrsr = pC->pCursor;
3076     sqliteVdbeCursorMoveto(pC);
3077     if( pC->nullRow ){
3078       pTos->flags = MEM_Null;
3079       break;
3080     }else if( pC->keyAsData || pOp->opcode==OP_RowKey ){
3081       sqliteBtreeKeySize(pCrsr, &n);
3082     }else{
3083       sqliteBtreeDataSize(pCrsr, &n);
3084     }
3085     pTos->n = n;
3086     if( n<=NBFS ){
3087       pTos->flags = MEM_Str | MEM_Short;
3088       pTos->z = pTos->zShort;
3089     }else{
3090       char *z = sqliteMallocRaw( n );
3091       if( z==0 ) goto no_mem;
3092       pTos->flags = MEM_Str | MEM_Dyn;
3093       pTos->z = z;
3094     }
3095     if( pC->keyAsData || pOp->opcode==OP_RowKey ){
3096       sqliteBtreeKey(pCrsr, 0, n, pTos->z);
3097     }else{
3098       sqliteBtreeData(pCrsr, 0, n, pTos->z);
3099     }
3100   }else if( pC->pseudoTable ){
3101     pTos->n = pC->nData;
3102     pTos->z = pC->pData;
3103     pTos->flags = MEM_Str|MEM_Ephem;
3104   }else{
3105     pTos->flags = MEM_Null;
3106   }
3107   break;
3108 }
3109 
3110 /* Opcode: Column P1 P2 *
3111 **
3112 ** Interpret the data that cursor P1 points to as
3113 ** a structure built using the MakeRecord instruction.
3114 ** (See the MakeRecord opcode for additional information about
3115 ** the format of the data.)
3116 ** Push onto the stack the value of the P2-th column contained
3117 ** in the data.
3118 **
3119 ** If the KeyAsData opcode has previously executed on this cursor,
3120 ** then the field might be extracted from the key rather than the
3121 ** data.
3122 **
3123 ** If P1 is negative, then the record is stored on the stack rather
3124 ** than in a table.  For P1==-1, the top of the stack is used.
3125 ** For P1==-2, the next on the stack is used.  And so forth.  The
3126 ** value pushed is always just a pointer into the record which is
3127 ** stored further down on the stack.  The column value is not copied.
3128 */
3129 case OP_Column: {
3130   int amt, offset, end, payloadSize;
3131   int i = pOp->p1;
3132   int p2 = pOp->p2;
3133   Cursor *pC;
3134   char *zRec;
3135   BtCursor *pCrsr;
3136   int idxWidth;
3137   unsigned char aHdr[10];
3138 
3139   assert( i<p->nCursor );
3140   pTos++;
3141   if( i<0 ){
3142     assert( &pTos[i]>=p->aStack );
3143     assert( pTos[i].flags & MEM_Str );
3144     zRec = pTos[i].z;
3145     payloadSize = pTos[i].n;
3146   }else if( (pC = &p->aCsr[i])->pCursor!=0 ){
3147     sqliteVdbeCursorMoveto(pC);
3148     zRec = 0;
3149     pCrsr = pC->pCursor;
3150     if( pC->nullRow ){
3151       payloadSize = 0;
3152     }else if( pC->keyAsData ){
3153       sqliteBtreeKeySize(pCrsr, &payloadSize);
3154     }else{
3155       sqliteBtreeDataSize(pCrsr, &payloadSize);
3156     }
3157   }else if( pC->pseudoTable ){
3158     payloadSize = pC->nData;
3159     zRec = pC->pData;
3160     assert( payloadSize==0 || zRec!=0 );
3161   }else{
3162     payloadSize = 0;
3163   }
3164 
3165   /* Figure out how many bytes in the column data and where the column
3166   ** data begins.
3167   */
3168   if( payloadSize==0 ){
3169     pTos->flags = MEM_Null;
3170     break;
3171   }else if( payloadSize<256 ){
3172     idxWidth = 1;
3173   }else if( payloadSize<65536 ){
3174     idxWidth = 2;
3175   }else{
3176     idxWidth = 3;
3177   }
3178 
3179   /* Figure out where the requested column is stored and how big it is.
3180   */
3181   if( payloadSize < idxWidth*(p2+1) ){
3182     rc = SQLITE_CORRUPT;
3183     goto abort_due_to_error;
3184   }
3185   if( zRec ){
3186     memcpy(aHdr, &zRec[idxWidth*p2], idxWidth*2);
3187   }else if( pC->keyAsData ){
3188     sqliteBtreeKey(pCrsr, idxWidth*p2, idxWidth*2, (char*)aHdr);
3189   }else{
3190     sqliteBtreeData(pCrsr, idxWidth*p2, idxWidth*2, (char*)aHdr);
3191   }
3192   offset = aHdr[0];
3193   end = aHdr[idxWidth];
3194   if( idxWidth>1 ){
3195     offset |= aHdr[1]<<8;
3196     end |= aHdr[idxWidth+1]<<8;
3197     if( idxWidth>2 ){
3198       offset |= aHdr[2]<<16;
3199       end |= aHdr[idxWidth+2]<<16;
3200     }
3201   }
3202   amt = end - offset;
3203   if( amt<0 || offset<0 || end>payloadSize ){
3204     rc = SQLITE_CORRUPT;
3205     goto abort_due_to_error;
3206   }
3207 
3208   /* amt and offset now hold the offset to the start of data and the
3209   ** amount of data.  Go get the data and put it on the stack.
3210   */
3211   pTos->n = amt;
3212   if( amt==0 ){
3213     pTos->flags = MEM_Null;
3214   }else if( zRec ){
3215     pTos->flags = MEM_Str | MEM_Ephem;
3216     pTos->z = &zRec[offset];
3217   }else{
3218     if( amt<=NBFS ){
3219       pTos->flags = MEM_Str | MEM_Short;
3220       pTos->z = pTos->zShort;
3221     }else{
3222       char *z = sqliteMallocRaw( amt );
3223       if( z==0 ) goto no_mem;
3224       pTos->flags = MEM_Str | MEM_Dyn;
3225       pTos->z = z;
3226     }
3227     if( pC->keyAsData ){
3228       sqliteBtreeKey(pCrsr, offset, amt, pTos->z);
3229     }else{
3230       sqliteBtreeData(pCrsr, offset, amt, pTos->z);
3231     }
3232   }
3233   break;
3234 }
3235 
3236 /* Opcode: Recno P1 * *
3237 **
3238 ** Push onto the stack an integer which is the first 4 bytes of the
3239 ** the key to the current entry in a sequential scan of the database
3240 ** file P1.  The sequential scan should have been started using the
3241 ** Next opcode.
3242 */
3243 case OP_Recno: {
3244   int i = pOp->p1;
3245   Cursor *pC;
3246   int v;
3247 
3248   assert( i>=0 && i<p->nCursor );
3249   pC = &p->aCsr[i];
3250   sqliteVdbeCursorMoveto(pC);
3251   pTos++;
3252   if( pC->recnoIsValid ){
3253     v = pC->lastRecno;
3254   }else if( pC->pseudoTable ){
3255     v = keyToInt(pC->iKey);
3256   }else if( pC->nullRow || pC->pCursor==0 ){
3257     pTos->flags = MEM_Null;
3258     break;
3259   }else{
3260     assert( pC->pCursor!=0 );
3261     sqliteBtreeKey(pC->pCursor, 0, sizeof(u32), (char*)&v);
3262     v = keyToInt(v);
3263   }
3264   pTos->i = v;
3265   pTos->flags = MEM_Int;
3266   break;
3267 }
3268 
3269 /* Opcode: FullKey P1 * *
3270 **
3271 ** Extract the complete key from the record that cursor P1 is currently
3272 ** pointing to and push the key onto the stack as a string.
3273 **
3274 ** Compare this opcode to Recno.  The Recno opcode extracts the first
3275 ** 4 bytes of the key and pushes those bytes onto the stack as an
3276 ** integer.  This instruction pushes the entire key as a string.
3277 **
3278 ** This opcode may not be used on a pseudo-table.
3279 */
3280 case OP_FullKey: {
3281   int i = pOp->p1;
3282   BtCursor *pCrsr;
3283 
3284   assert( p->aCsr[i].keyAsData );
3285   assert( !p->aCsr[i].pseudoTable );
3286   assert( i>=0 && i<p->nCursor );
3287   pTos++;
3288   if( (pCrsr = p->aCsr[i].pCursor)!=0 ){
3289     int amt;
3290     char *z;
3291 
3292     sqliteVdbeCursorMoveto(&p->aCsr[i]);
3293     sqliteBtreeKeySize(pCrsr, &amt);
3294     if( amt<=0 ){
3295       rc = SQLITE_CORRUPT;
3296       goto abort_due_to_error;
3297     }
3298     if( amt>NBFS ){
3299       z = sqliteMallocRaw( amt );
3300       if( z==0 ) goto no_mem;
3301       pTos->flags = MEM_Str | MEM_Dyn;
3302     }else{
3303       z = pTos->zShort;
3304       pTos->flags = MEM_Str | MEM_Short;
3305     }
3306     sqliteBtreeKey(pCrsr, 0, amt, z);
3307     pTos->z = z;
3308     pTos->n = amt;
3309   }
3310   break;
3311 }
3312 
3313 /* Opcode: NullRow P1 * *
3314 **
3315 ** Move the cursor P1 to a null row.  Any OP_Column operations
3316 ** that occur while the cursor is on the null row will always push
3317 ** a NULL onto the stack.
3318 */
3319 case OP_NullRow: {
3320   int i = pOp->p1;
3321 
3322   assert( i>=0 && i<p->nCursor );
3323   p->aCsr[i].nullRow = 1;
3324   p->aCsr[i].recnoIsValid = 0;
3325   break;
3326 }
3327 
3328 /* Opcode: Last P1 P2 *
3329 **
3330 ** The next use of the Recno or Column or Next instruction for P1
3331 ** will refer to the last entry in the database table or index.
3332 ** If the table or index is empty and P2>0, then jump immediately to P2.
3333 ** If P2 is 0 or if the table or index is not empty, fall through
3334 ** to the following instruction.
3335 */
3336 case OP_Last: {
3337   int i = pOp->p1;
3338   Cursor *pC;
3339   BtCursor *pCrsr;
3340 
3341   assert( i>=0 && i<p->nCursor );
3342   pC = &p->aCsr[i];
3343   if( (pCrsr = pC->pCursor)!=0 ){
3344     int res;
3345     rc = sqliteBtreeLast(pCrsr, &res);
3346     pC->nullRow = res;
3347     pC->deferredMoveto = 0;
3348     if( res && pOp->p2>0 ){
3349       pc = pOp->p2 - 1;
3350     }
3351   }else{
3352     pC->nullRow = 0;
3353   }
3354   break;
3355 }
3356 
3357 /* Opcode: Rewind P1 P2 *
3358 **
3359 ** The next use of the Recno or Column or Next instruction for P1
3360 ** will refer to the first entry in the database table or index.
3361 ** If the table or index is empty and P2>0, then jump immediately to P2.
3362 ** If P2 is 0 or if the table or index is not empty, fall through
3363 ** to the following instruction.
3364 */
3365 case OP_Rewind: {
3366   int i = pOp->p1;
3367   Cursor *pC;
3368   BtCursor *pCrsr;
3369 
3370   assert( i>=0 && i<p->nCursor );
3371   pC = &p->aCsr[i];
3372   if( (pCrsr = pC->pCursor)!=0 ){
3373     int res;
3374     rc = sqliteBtreeFirst(pCrsr, &res);
3375     pC->atFirst = res==0;
3376     pC->nullRow = res;
3377     pC->deferredMoveto = 0;
3378     if( res && pOp->p2>0 ){
3379       pc = pOp->p2 - 1;
3380     }
3381   }else{
3382     pC->nullRow = 0;
3383   }
3384   break;
3385 }
3386 
3387 /* Opcode: Next P1 P2 *
3388 **
3389 ** Advance cursor P1 so that it points to the next key/data pair in its
3390 ** table or index.  If there are no more key/value pairs then fall through
3391 ** to the following instruction.  But if the cursor advance was successful,
3392 ** jump immediately to P2.
3393 **
3394 ** See also: Prev
3395 */
3396 /* Opcode: Prev P1 P2 *
3397 **
3398 ** Back up cursor P1 so that it points to the previous key/data pair in its
3399 ** table or index.  If there is no previous key/value pairs then fall through
3400 ** to the following instruction.  But if the cursor backup was successful,
3401 ** jump immediately to P2.
3402 */
3403 case OP_Prev:
3404 case OP_Next: {
3405   Cursor *pC;
3406   BtCursor *pCrsr;
3407 
3408   CHECK_FOR_INTERRUPT;
3409   assert( pOp->p1>=0 && pOp->p1<p->nCursor );
3410   pC = &p->aCsr[pOp->p1];
3411   if( (pCrsr = pC->pCursor)!=0 ){
3412     int res;
3413     if( pC->nullRow ){
3414       res = 1;
3415     }else{
3416       assert( pC->deferredMoveto==0 );
3417       rc = pOp->opcode==OP_Next ? sqliteBtreeNext(pCrsr, &res) :
3418                                   sqliteBtreePrevious(pCrsr, &res);
3419       pC->nullRow = res;
3420     }
3421     if( res==0 ){
3422       pc = pOp->p2 - 1;
3423       sqlite_search_count++;
3424     }
3425   }else{
3426     pC->nullRow = 1;
3427   }
3428   pC->recnoIsValid = 0;
3429   break;
3430 }
3431 
3432 /* Opcode: IdxPut P1 P2 P3
3433 **
3434 ** The top of the stack holds a SQL index key made using the
3435 ** MakeIdxKey instruction.  This opcode writes that key into the
3436 ** index P1.  Data for the entry is nil.
3437 **
3438 ** If P2==1, then the key must be unique.  If the key is not unique,
3439 ** the program aborts with a SQLITE_CONSTRAINT error and the database
3440 ** is rolled back.  If P3 is not null, then it becomes part of the
3441 ** error message returned with the SQLITE_CONSTRAINT.
3442 */
3443 case OP_IdxPut: {
3444   int i = pOp->p1;
3445   BtCursor *pCrsr;
3446   assert( pTos>=p->aStack );
3447   assert( i>=0 && i<p->nCursor );
3448   assert( pTos->flags & MEM_Str );
3449   if( (pCrsr = p->aCsr[i].pCursor)!=0 ){
3450     int nKey = pTos->n;
3451     const char *zKey = pTos->z;
3452     if( pOp->p2 ){
3453       int res, n;
3454       assert( nKey >= 4 );
3455       rc = sqliteBtreeMoveto(pCrsr, zKey, nKey-4, &res);
3456       if( rc!=SQLITE_OK ) goto abort_due_to_error;
3457       while( res!=0 ){
3458         int c;
3459         sqliteBtreeKeySize(pCrsr, &n);
3460         if( n==nKey
3461            && sqliteBtreeKeyCompare(pCrsr, zKey, nKey-4, 4, &c)==SQLITE_OK
3462            && c==0
3463         ){
3464           rc = SQLITE_CONSTRAINT;
3465           if( pOp->p3 && pOp->p3[0] ){
3466             sqliteSetString(&p->zErrMsg, pOp->p3, (char*)0);
3467           }
3468           goto abort_due_to_error;
3469         }
3470         if( res<0 ){
3471           sqliteBtreeNext(pCrsr, &res);
3472           res = +1;
3473         }else{
3474           break;
3475         }
3476       }
3477     }
3478     rc = sqliteBtreeInsert(pCrsr, zKey, nKey, "", 0);
3479     assert( p->aCsr[i].deferredMoveto==0 );
3480   }
3481   Release(pTos);
3482   pTos--;
3483   break;
3484 }
3485 
3486 /* Opcode: IdxDelete P1 * *
3487 **
3488 ** The top of the stack is an index key built using the MakeIdxKey opcode.
3489 ** This opcode removes that entry from the index.
3490 */
3491 case OP_IdxDelete: {
3492   int i = pOp->p1;
3493   BtCursor *pCrsr;
3494   assert( pTos>=p->aStack );
3495   assert( pTos->flags & MEM_Str );
3496   assert( i>=0 && i<p->nCursor );
3497   if( (pCrsr = p->aCsr[i].pCursor)!=0 ){
3498     int rx, res;
3499     rx = sqliteBtreeMoveto(pCrsr, pTos->z, pTos->n, &res);
3500     if( rx==SQLITE_OK && res==0 ){
3501       rc = sqliteBtreeDelete(pCrsr);
3502     }
3503     assert( p->aCsr[i].deferredMoveto==0 );
3504   }
3505   Release(pTos);
3506   pTos--;
3507   break;
3508 }
3509 
3510 /* Opcode: IdxRecno P1 * *
3511 **
3512 ** Push onto the stack an integer which is the last 4 bytes of the
3513 ** the key to the current entry in index P1.  These 4 bytes should
3514 ** be the record number of the table entry to which this index entry
3515 ** points.
3516 **
3517 ** See also: Recno, MakeIdxKey.
3518 */
3519 case OP_IdxRecno: {
3520   int i = pOp->p1;
3521   BtCursor *pCrsr;
3522 
3523   assert( i>=0 && i<p->nCursor );
3524   pTos++;
3525   if( (pCrsr = p->aCsr[i].pCursor)!=0 ){
3526     int v;
3527     int sz;
3528     assert( p->aCsr[i].deferredMoveto==0 );
3529     sqliteBtreeKeySize(pCrsr, &sz);
3530     if( sz<sizeof(u32) ){
3531       pTos->flags = MEM_Null;
3532     }else{
3533       sqliteBtreeKey(pCrsr, sz - sizeof(u32), sizeof(u32), (char*)&v);
3534       v = keyToInt(v);
3535       pTos->i = v;
3536       pTos->flags = MEM_Int;
3537     }
3538   }else{
3539     pTos->flags = MEM_Null;
3540   }
3541   break;
3542 }
3543 
3544 /* Opcode: IdxGT P1 P2 *
3545 **
3546 ** Compare the top of the stack against the key on the index entry that
3547 ** cursor P1 is currently pointing to.  Ignore the last 4 bytes of the
3548 ** index entry.  If the index entry is greater than the top of the stack
3549 ** then jump to P2.  Otherwise fall through to the next instruction.
3550 ** In either case, the stack is popped once.
3551 */
3552 /* Opcode: IdxGE P1 P2 *
3553 **
3554 ** Compare the top of the stack against the key on the index entry that
3555 ** cursor P1 is currently pointing to.  Ignore the last 4 bytes of the
3556 ** index entry.  If the index entry is greater than or equal to
3557 ** the top of the stack
3558 ** then jump to P2.  Otherwise fall through to the next instruction.
3559 ** In either case, the stack is popped once.
3560 */
3561 /* Opcode: IdxLT P1 P2 *
3562 **
3563 ** Compare the top of the stack against the key on the index entry that
3564 ** cursor P1 is currently pointing to.  Ignore the last 4 bytes of the
3565 ** index entry.  If the index entry is less than the top of the stack
3566 ** then jump to P2.  Otherwise fall through to the next instruction.
3567 ** In either case, the stack is popped once.
3568 */
3569 case OP_IdxLT:
3570 case OP_IdxGT:
3571 case OP_IdxGE: {
3572   int i= pOp->p1;
3573   BtCursor *pCrsr;
3574 
3575   assert( i>=0 && i<p->nCursor );
3576   assert( pTos>=p->aStack );
3577   if( (pCrsr = p->aCsr[i].pCursor)!=0 ){
3578     int res, rc;
3579 
3580     Stringify(pTos);
3581     assert( p->aCsr[i].deferredMoveto==0 );
3582     rc = sqliteBtreeKeyCompare(pCrsr, pTos->z, pTos->n, 4, &res);
3583     if( rc!=SQLITE_OK ){
3584       break;
3585     }
3586     if( pOp->opcode==OP_IdxLT ){
3587       res = -res;
3588     }else if( pOp->opcode==OP_IdxGE ){
3589       res++;
3590     }
3591     if( res>0 ){
3592       pc = pOp->p2 - 1 ;
3593     }
3594   }
3595   Release(pTos);
3596   pTos--;
3597   break;
3598 }
3599 
3600 /* Opcode: IdxIsNull P1 P2 *
3601 **
3602 ** The top of the stack contains an index entry such as might be generated
3603 ** by the MakeIdxKey opcode.  This routine looks at the first P1 fields of
3604 ** that key.  If any of the first P1 fields are NULL, then a jump is made
3605 ** to address P2.  Otherwise we fall straight through.
3606 **
3607 ** The index entry is always popped from the stack.
3608 */
3609 case OP_IdxIsNull: {
3610   int i = pOp->p1;
3611   int k, n;
3612   const char *z;
3613 
3614   assert( pTos>=p->aStack );
3615   assert( pTos->flags & MEM_Str );
3616   z = pTos->z;
3617   n = pTos->n;
3618   for(k=0; k<n && i>0; i--){
3619     if( z[k]=='a' ){
3620       pc = pOp->p2-1;
3621       break;
3622     }
3623     while( k<n && z[k] ){ k++; }
3624     k++;
3625   }
3626   Release(pTos);
3627   pTos--;
3628   break;
3629 }
3630 
3631 /* Opcode: Destroy P1 P2 *
3632 **
3633 ** Delete an entire database table or index whose root page in the database
3634 ** file is given by P1.
3635 **
3636 ** The table being destroyed is in the main database file if P2==0.  If
3637 ** P2==1 then the table to be clear is in the auxiliary database file
3638 ** that is used to store tables create using CREATE TEMPORARY TABLE.
3639 **
3640 ** See also: Clear
3641 */
3642 case OP_Destroy: {
3643   rc = sqliteBtreeDropTable(db->aDb[pOp->p2].pBt, pOp->p1);
3644   break;
3645 }
3646 
3647 /* Opcode: Clear P1 P2 *
3648 **
3649 ** Delete all contents of the database table or index whose root page
3650 ** in the database file is given by P1.  But, unlike Destroy, do not
3651 ** remove the table or index from the database file.
3652 **
3653 ** The table being clear is in the main database file if P2==0.  If
3654 ** P2==1 then the table to be clear is in the auxiliary database file
3655 ** that is used to store tables create using CREATE TEMPORARY TABLE.
3656 **
3657 ** See also: Destroy
3658 */
3659 case OP_Clear: {
3660   rc = sqliteBtreeClearTable(db->aDb[pOp->p2].pBt, pOp->p1);
3661   break;
3662 }
3663 
3664 /* Opcode: CreateTable * P2 P3
3665 **
3666 ** Allocate a new table in the main database file if P2==0 or in the
3667 ** auxiliary database file if P2==1.  Push the page number
3668 ** for the root page of the new table onto the stack.
3669 **
3670 ** The root page number is also written to a memory location that P3
3671 ** points to.  This is the mechanism is used to write the root page
3672 ** number into the parser's internal data structures that describe the
3673 ** new table.
3674 **
3675 ** The difference between a table and an index is this:  A table must
3676 ** have a 4-byte integer key and can have arbitrary data.  An index
3677 ** has an arbitrary key but no data.
3678 **
3679 ** See also: CreateIndex
3680 */
3681 /* Opcode: CreateIndex * P2 P3
3682 **
3683 ** Allocate a new index in the main database file if P2==0 or in the
3684 ** auxiliary database file if P2==1.  Push the page number of the
3685 ** root page of the new index onto the stack.
3686 **
3687 ** See documentation on OP_CreateTable for additional information.
3688 */
3689 case OP_CreateIndex:
3690 case OP_CreateTable: {
3691   int pgno;
3692   assert( pOp->p3!=0 && pOp->p3type==P3_POINTER );
3693   assert( pOp->p2>=0 && pOp->p2<db->nDb );
3694   assert( db->aDb[pOp->p2].pBt!=0 );
3695   if( pOp->opcode==OP_CreateTable ){
3696     rc = sqliteBtreeCreateTable(db->aDb[pOp->p2].pBt, &pgno);
3697   }else{
3698     rc = sqliteBtreeCreateIndex(db->aDb[pOp->p2].pBt, &pgno);
3699   }
3700   pTos++;
3701   if( rc==SQLITE_OK ){
3702     pTos->i = pgno;
3703     pTos->flags = MEM_Int;
3704     *(u32*)pOp->p3 = pgno;
3705     pOp->p3 = 0;
3706   }else{
3707     pTos->flags = MEM_Null;
3708   }
3709   break;
3710 }
3711 
3712 /* Opcode: IntegrityCk P1 P2 *
3713 **
3714 ** Do an analysis of the currently open database.  Push onto the
3715 ** stack the text of an error message describing any problems.
3716 ** If there are no errors, push a "ok" onto the stack.
3717 **
3718 ** P1 is the index of a set that contains the root page numbers
3719 ** for all tables and indices in the main database file.  The set
3720 ** is cleared by this opcode.  In other words, after this opcode
3721 ** has executed, the set will be empty.
3722 **
3723 ** If P2 is not zero, the check is done on the auxiliary database
3724 ** file, not the main database file.
3725 **
3726 ** This opcode is used for testing purposes only.
3727 */
3728 case OP_IntegrityCk: {
3729   int nRoot;
3730   int *aRoot;
3731   int iSet = pOp->p1;
3732   Set *pSet;
3733   int j;
3734   HashElem *i;
3735   char *z;
3736 
3737   assert( iSet>=0 && iSet<p->nSet );
3738   pTos++;
3739   pSet = &p->aSet[iSet];
3740   nRoot = sqliteHashCount(&pSet->hash);
3741   aRoot = sqliteMallocRaw( sizeof(int)*(nRoot+1) );
3742   if( aRoot==0 ) goto no_mem;
3743   for(j=0, i=sqliteHashFirst(&pSet->hash); i; i=sqliteHashNext(i), j++){
3744     toInt((char*)sqliteHashKey(i), &aRoot[j]);
3745   }
3746   aRoot[j] = 0;
3747   sqliteHashClear(&pSet->hash);
3748   pSet->prev = 0;
3749   z = sqliteBtreeIntegrityCheck(db->aDb[pOp->p2].pBt, aRoot, nRoot);
3750   if( z==0 || z[0]==0 ){
3751     if( z ) sqliteFree(z);
3752     pTos->z = "ok";
3753     pTos->n = 3;
3754     pTos->flags = MEM_Str | MEM_Static;
3755   }else{
3756     pTos->z = z;
3757     pTos->n = strlen(z) + 1;
3758     pTos->flags = MEM_Str | MEM_Dyn;
3759   }
3760   sqliteFree(aRoot);
3761   break;
3762 }
3763 
3764 /* Opcode: ListWrite * * *
3765 **
3766 ** Write the integer on the top of the stack
3767 ** into the temporary storage list.
3768 */
3769 case OP_ListWrite: {
3770   Keylist *pKeylist;
3771   assert( pTos>=p->aStack );
3772   pKeylist = p->pList;
3773   if( pKeylist==0 || pKeylist->nUsed>=pKeylist->nKey ){
3774     pKeylist = sqliteMallocRaw( sizeof(Keylist)+999*sizeof(pKeylist->aKey[0]) );
3775     if( pKeylist==0 ) goto no_mem;
3776     pKeylist->nKey = 1000;
3777     pKeylist->nRead = 0;
3778     pKeylist->nUsed = 0;
3779     pKeylist->pNext = p->pList;
3780     p->pList = pKeylist;
3781   }
3782   Integerify(pTos);
3783   pKeylist->aKey[pKeylist->nUsed++] = pTos->i;
3784   Release(pTos);
3785   pTos--;
3786   break;
3787 }
3788 
3789 /* Opcode: ListRewind * * *
3790 **
3791 ** Rewind the temporary buffer back to the beginning.
3792 */
3793 case OP_ListRewind: {
3794   /* What this opcode codes, really, is reverse the order of the
3795   ** linked list of Keylist structures so that they are read out
3796   ** in the same order that they were read in. */
3797   Keylist *pRev, *pTop;
3798   pRev = 0;
3799   while( p->pList ){
3800     pTop = p->pList;
3801     p->pList = pTop->pNext;
3802     pTop->pNext = pRev;
3803     pRev = pTop;
3804   }
3805   p->pList = pRev;
3806   break;
3807 }
3808 
3809 /* Opcode: ListRead * P2 *
3810 **
3811 ** Attempt to read an integer from the temporary storage buffer
3812 ** and push it onto the stack.  If the storage buffer is empty,
3813 ** push nothing but instead jump to P2.
3814 */
3815 case OP_ListRead: {
3816   Keylist *pKeylist;
3817   CHECK_FOR_INTERRUPT;
3818   pKeylist = p->pList;
3819   if( pKeylist!=0 ){
3820     assert( pKeylist->nRead>=0 );
3821     assert( pKeylist->nRead<pKeylist->nUsed );
3822     assert( pKeylist->nRead<pKeylist->nKey );
3823     pTos++;
3824     pTos->i = pKeylist->aKey[pKeylist->nRead++];
3825     pTos->flags = MEM_Int;
3826     if( pKeylist->nRead>=pKeylist->nUsed ){
3827       p->pList = pKeylist->pNext;
3828       sqliteFree(pKeylist);
3829     }
3830   }else{
3831     pc = pOp->p2 - 1;
3832   }
3833   break;
3834 }
3835 
3836 /* Opcode: ListReset * * *
3837 **
3838 ** Reset the temporary storage buffer so that it holds nothing.
3839 */
3840 case OP_ListReset: {
3841   if( p->pList ){
3842     sqliteVdbeKeylistFree(p->pList);
3843     p->pList = 0;
3844   }
3845   break;
3846 }
3847 
3848 /* Opcode: ListPush * * *
3849 **
3850 ** Save the current Vdbe list such that it can be restored by a ListPop
3851 ** opcode. The list is empty after this is executed.
3852 */
3853 case OP_ListPush: {
3854   p->keylistStackDepth++;
3855   assert(p->keylistStackDepth > 0);
3856   p->keylistStack = sqliteRealloc(p->keylistStack,
3857           sizeof(Keylist *) * p->keylistStackDepth);
3858   if( p->keylistStack==0 ) goto no_mem;
3859   p->keylistStack[p->keylistStackDepth - 1] = p->pList;
3860   p->pList = 0;
3861   break;
3862 }
3863 
3864 /* Opcode: ListPop * * *
3865 **
3866 ** Restore the Vdbe list to the state it was in when ListPush was last
3867 ** executed.
3868 */
3869 case OP_ListPop: {
3870   assert(p->keylistStackDepth > 0);
3871   p->keylistStackDepth--;
3872   sqliteVdbeKeylistFree(p->pList);
3873   p->pList = p->keylistStack[p->keylistStackDepth];
3874   p->keylistStack[p->keylistStackDepth] = 0;
3875   if( p->keylistStackDepth == 0 ){
3876     sqliteFree(p->keylistStack);
3877     p->keylistStack = 0;
3878   }
3879   break;
3880 }
3881 
3882 /* Opcode: ContextPush * * *
3883 **
3884 ** Save the current Vdbe context such that it can be restored by a ContextPop
3885 ** opcode. The context stores the last insert row id, the last statement change
3886 ** count, and the current statement change count.
3887 */
3888 case OP_ContextPush: {
3889   p->contextStackDepth++;
3890   assert(p->contextStackDepth > 0);
3891   p->contextStack = sqliteRealloc(p->contextStack,
3892           sizeof(Context) * p->contextStackDepth);
3893   if( p->contextStack==0 ) goto no_mem;
3894   p->contextStack[p->contextStackDepth - 1].lastRowid = p->db->lastRowid;
3895   p->contextStack[p->contextStackDepth - 1].lsChange = p->db->lsChange;
3896   p->contextStack[p->contextStackDepth - 1].csChange = p->db->csChange;
3897   break;
3898 }
3899 
3900 /* Opcode: ContextPop * * *
3901 **
3902 ** Restore the Vdbe context to the state it was in when contextPush was last
3903 ** executed. The context stores the last insert row id, the last statement
3904 ** change count, and the current statement change count.
3905 */
3906 case OP_ContextPop: {
3907   assert(p->contextStackDepth > 0);
3908   p->contextStackDepth--;
3909   p->db->lastRowid = p->contextStack[p->contextStackDepth].lastRowid;
3910   p->db->lsChange = p->contextStack[p->contextStackDepth].lsChange;
3911   p->db->csChange = p->contextStack[p->contextStackDepth].csChange;
3912   if( p->contextStackDepth == 0 ){
3913     sqliteFree(p->contextStack);
3914     p->contextStack = 0;
3915   }
3916   break;
3917 }
3918 
3919 /* Opcode: SortPut * * *
3920 **
3921 ** The TOS is the key and the NOS is the data.  Pop both from the stack
3922 ** and put them on the sorter.  The key and data should have been
3923 ** made using SortMakeKey and SortMakeRec, respectively.
3924 */
3925 case OP_SortPut: {
3926   Mem *pNos = &pTos[-1];
3927   Sorter *pSorter;
3928   assert( pNos>=p->aStack );
3929   if( Dynamicify(pTos) || Dynamicify(pNos) ) goto no_mem;
3930   pSorter = sqliteMallocRaw( sizeof(Sorter) );
3931   if( pSorter==0 ) goto no_mem;
3932   pSorter->pNext = p->pSort;
3933   p->pSort = pSorter;
3934   assert( pTos->flags & MEM_Dyn );
3935   pSorter->nKey = pTos->n;
3936   pSorter->zKey = pTos->z;
3937   assert( pNos->flags & MEM_Dyn );
3938   pSorter->nData = pNos->n;
3939   pSorter->pData = pNos->z;
3940   pTos -= 2;
3941   break;
3942 }
3943 
3944 /* Opcode: SortMakeRec P1 * *
3945 **
3946 ** The top P1 elements are the arguments to a callback.  Form these
3947 ** elements into a single data entry that can be stored on a sorter
3948 ** using SortPut and later fed to a callback using SortCallback.
3949 */
3950 case OP_SortMakeRec: {
3951   char *z;
3952   char **azArg;
3953   int nByte;
3954   int nField;
3955   int i;
3956   Mem *pRec;
3957 
3958   nField = pOp->p1;
3959   pRec = &pTos[1-nField];
3960   assert( pRec>=p->aStack );
3961   nByte = 0;
3962   for(i=0; i<nField; i++, pRec++){
3963     if( (pRec->flags & MEM_Null)==0 ){
3964       Stringify(pRec);
3965       nByte += pRec->n;
3966     }
3967   }
3968   nByte += sizeof(char*)*(nField+1);
3969   azArg = sqliteMallocRaw( nByte );
3970   if( azArg==0 ) goto no_mem;
3971   z = (char*)&azArg[nField+1];
3972   for(pRec=&pTos[1-nField], i=0; i<nField; i++, pRec++){
3973     if( pRec->flags & MEM_Null ){
3974       azArg[i] = 0;
3975     }else{
3976       azArg[i] = z;
3977       memcpy(z, pRec->z, pRec->n);
3978       z += pRec->n;
3979     }
3980   }
3981   popStack(&pTos, nField);
3982   pTos++;
3983   pTos->n = nByte;
3984   pTos->z = (char*)azArg;
3985   pTos->flags = MEM_Str | MEM_Dyn;
3986   break;
3987 }
3988 
3989 /* Opcode: SortMakeKey * * P3
3990 **
3991 ** Convert the top few entries of the stack into a sort key.  The
3992 ** number of stack entries consumed is the number of characters in
3993 ** the string P3.  One character from P3 is prepended to each entry.
3994 ** The first character of P3 is prepended to the element lowest in
3995 ** the stack and the last character of P3 is prepended to the top of
3996 ** the stack.  All stack entries are separated by a \000 character
3997 ** in the result.  The whole key is terminated by two \000 characters
3998 ** in a row.
3999 **
4000 ** "N" is substituted in place of the P3 character for NULL values.
4001 **
4002 ** See also the MakeKey and MakeIdxKey opcodes.
4003 */
4004 case OP_SortMakeKey: {
4005   char *zNewKey;
4006   int nByte;
4007   int nField;
4008   int i, j, k;
4009   Mem *pRec;
4010 
4011   nField = strlen(pOp->p3);
4012   pRec = &pTos[1-nField];
4013   nByte = 1;
4014   for(i=0; i<nField; i++, pRec++){
4015     if( pRec->flags & MEM_Null ){
4016       nByte += 2;
4017     }else{
4018       Stringify(pRec);
4019       nByte += pRec->n+2;
4020     }
4021   }
4022   zNewKey = sqliteMallocRaw( nByte );
4023   if( zNewKey==0 ) goto no_mem;
4024   j = 0;
4025   k = 0;
4026   for(pRec=&pTos[1-nField], i=0; i<nField; i++, pRec++){
4027     if( pRec->flags & MEM_Null ){
4028       zNewKey[j++] = 'N';
4029       zNewKey[j++] = 0;
4030       k++;
4031     }else{
4032       zNewKey[j++] = pOp->p3[k++];
4033       memcpy(&zNewKey[j], pRec->z, pRec->n-1);
4034       j += pRec->n-1;
4035       zNewKey[j++] = 0;
4036     }
4037   }
4038   zNewKey[j] = 0;
4039   assert( j<nByte );
4040   popStack(&pTos, nField);
4041   pTos++;
4042   pTos->n = nByte;
4043   pTos->flags = MEM_Str|MEM_Dyn;
4044   pTos->z = zNewKey;
4045   break;
4046 }
4047 
4048 /* Opcode: Sort * * *
4049 **
4050 ** Sort all elements on the sorter.  The algorithm is a
4051 ** mergesort.
4052 */
4053 case OP_Sort: {
4054   int i;
4055   Sorter *pElem;
4056   Sorter *apSorter[NSORT];
4057   for(i=0; i<NSORT; i++){
4058     apSorter[i] = 0;
4059   }
4060   while( p->pSort ){
4061     pElem = p->pSort;
4062     p->pSort = pElem->pNext;
4063     pElem->pNext = 0;
4064     for(i=0; i<NSORT-1; i++){
4065     if( apSorter[i]==0 ){
4066         apSorter[i] = pElem;
4067         break;
4068       }else{
4069         pElem = Merge(apSorter[i], pElem);
4070         apSorter[i] = 0;
4071       }
4072     }
4073     if( i>=NSORT-1 ){
4074       apSorter[NSORT-1] = Merge(apSorter[NSORT-1],pElem);
4075     }
4076   }
4077   pElem = 0;
4078   for(i=0; i<NSORT; i++){
4079     pElem = Merge(apSorter[i], pElem);
4080   }
4081   p->pSort = pElem;
4082   break;
4083 }
4084 
4085 /* Opcode: SortNext * P2 *
4086 **
4087 ** Push the data for the topmost element in the sorter onto the
4088 ** stack, then remove the element from the sorter.  If the sorter
4089 ** is empty, push nothing on the stack and instead jump immediately
4090 ** to instruction P2.
4091 */
4092 case OP_SortNext: {
4093   Sorter *pSorter = p->pSort;
4094   CHECK_FOR_INTERRUPT;
4095   if( pSorter!=0 ){
4096     p->pSort = pSorter->pNext;
4097     pTos++;
4098     pTos->z = pSorter->pData;
4099     pTos->n = pSorter->nData;
4100     pTos->flags = MEM_Str|MEM_Dyn;
4101     sqliteFree(pSorter->zKey);
4102     sqliteFree(pSorter);
4103   }else{
4104     pc = pOp->p2 - 1;
4105   }
4106   break;
4107 }
4108 
4109 /* Opcode: SortCallback P1 * *
4110 **
4111 ** The top of the stack contains a callback record built using
4112 ** the SortMakeRec operation with the same P1 value as this
4113 ** instruction.  Pop this record from the stack and invoke the
4114 ** callback on it.
4115 */
4116 case OP_SortCallback: {
4117   assert( pTos>=p->aStack );
4118   assert( pTos->flags & MEM_Str );
4119   p->nCallback++;
4120   p->pc = pc+1;
4121   p->azResColumn = (char**)pTos->z;
4122   assert( p->nResColumn==pOp->p1 );
4123   p->popStack = 1;
4124   p->pTos = pTos;
4125   return SQLITE_ROW;
4126 }
4127 
4128 /* Opcode: SortReset * * *
4129 **
4130 ** Remove any elements that remain on the sorter.
4131 */
4132 case OP_SortReset: {
4133   sqliteVdbeSorterReset(p);
4134   break;
4135 }
4136 
4137 /* Opcode: FileOpen * * P3
4138 **
4139 ** Open the file named by P3 for reading using the FileRead opcode.
4140 ** If P3 is "stdin" then open standard input for reading.
4141 */
4142 case OP_FileOpen: {
4143   assert( pOp->p3!=0 );
4144   if( p->pFile ){
4145     if( p->pFile!=stdin ) fclose(p->pFile);
4146     p->pFile = 0;
4147   }
4148   if( sqliteStrICmp(pOp->p3,"stdin")==0 ){
4149     p->pFile = stdin;
4150   }else{
4151     p->pFile = fopen(pOp->p3, "r");
4152   }
4153   if( p->pFile==0 ){
4154     sqliteSetString(&p->zErrMsg,"unable to open file: ", pOp->p3, (char*)0);
4155     rc = SQLITE_ERROR;
4156   }
4157   break;
4158 }
4159 
4160 /* Opcode: FileRead P1 P2 P3
4161 **
4162 ** Read a single line of input from the open file (the file opened using
4163 ** FileOpen).  If we reach end-of-file, jump immediately to P2.  If
4164 ** we are able to get another line, split the line apart using P3 as
4165 ** a delimiter.  There should be P1 fields.  If the input line contains
4166 ** more than P1 fields, ignore the excess.  If the input line contains
4167 ** fewer than P1 fields, assume the remaining fields contain NULLs.
4168 **
4169 ** Input ends if a line consists of just "\.".  A field containing only
4170 ** "\N" is a null field.  The backslash \ character can be used be used
4171 ** to escape newlines or the delimiter.
4172 */
4173 case OP_FileRead: {
4174   int n, eol, nField, i, c, nDelim;
4175   char *zDelim, *z;
4176   CHECK_FOR_INTERRUPT;
4177   if( p->pFile==0 ) goto fileread_jump;
4178   nField = pOp->p1;
4179   if( nField<=0 ) goto fileread_jump;
4180   if( nField!=p->nField || p->azField==0 ){
4181     char **azField = sqliteRealloc(p->azField, sizeof(char*)*nField+1);
4182     if( azField==0 ){ goto no_mem; }
4183     p->azField = azField;
4184     p->nField = nField;
4185   }
4186   n = 0;
4187   eol = 0;
4188   while( eol==0 ){
4189     if( p->zLine==0 || n+200>p->nLineAlloc ){
4190       char *zLine;
4191       p->nLineAlloc = p->nLineAlloc*2 + 300;
4192       zLine = sqliteRealloc(p->zLine, p->nLineAlloc);
4193       if( zLine==0 ){
4194         p->nLineAlloc = 0;
4195         sqliteFree(p->zLine);
4196         p->zLine = 0;
4197         goto no_mem;
4198       }
4199       p->zLine = zLine;
4200     }
4201     if( vdbe_fgets(&p->zLine[n], p->nLineAlloc-n, p->pFile)==0 ){
4202       eol = 1;
4203       p->zLine[n] = 0;
4204     }else{
4205       int c;
4206       while( (c = p->zLine[n])!=0 ){
4207         if( c=='\\' ){
4208           if( p->zLine[n+1]==0 ) break;
4209           n += 2;
4210         }else if( c=='\n' ){
4211           p->zLine[n] = 0;
4212           eol = 1;
4213           break;
4214         }else{
4215           n++;
4216         }
4217       }
4218     }
4219   }
4220   if( n==0 ) goto fileread_jump;
4221   z = p->zLine;
4222   if( z[0]=='\\' && z[1]=='.' && z[2]==0 ){
4223     goto fileread_jump;
4224   }
4225   zDelim = pOp->p3;
4226   if( zDelim==0 ) zDelim = "\t";
4227   c = zDelim[0];
4228   nDelim = strlen(zDelim);
4229   p->azField[0] = z;
4230   for(i=1; *z!=0 && i<=nField; i++){
4231     int from, to;
4232     from = to = 0;
4233     if( z[0]=='\\' && z[1]=='N'
4234        && (z[2]==0 || strncmp(&z[2],zDelim,nDelim)==0) ){
4235       if( i<=nField ) p->azField[i-1] = 0;
4236       z += 2 + nDelim;
4237       if( i<nField ) p->azField[i] = z;
4238       continue;
4239     }
4240     while( z[from] ){
4241       if( z[from]=='\\' && z[from+1]!=0 ){
4242         int tx = z[from+1];
4243         switch( tx ){
4244           case 'b':  tx = '\b'; break;
4245           case 'f':  tx = '\f'; break;
4246           case 'n':  tx = '\n'; break;
4247           case 'r':  tx = '\r'; break;
4248           case 't':  tx = '\t'; break;
4249           case 'v':  tx = '\v'; break;
4250           default:   break;
4251         }
4252         z[to++] = tx;
4253         from += 2;
4254         continue;
4255       }
4256       if( z[from]==c && strncmp(&z[from],zDelim,nDelim)==0 ) break;
4257       z[to++] = z[from++];
4258     }
4259     if( z[from] ){
4260       z[to] = 0;
4261       z += from + nDelim;
4262       if( i<nField ) p->azField[i] = z;
4263     }else{
4264       z[to] = 0;
4265       z = "";
4266     }
4267   }
4268   while( i<nField ){
4269     p->azField[i++] = 0;
4270   }
4271   break;
4272 
4273   /* If we reach end-of-file, or if anything goes wrong, jump here.
4274   ** This code will cause a jump to P2 */
4275 fileread_jump:
4276   pc = pOp->p2 - 1;
4277   break;
4278 }
4279 
4280 /* Opcode: FileColumn P1 * *
4281 **
4282 ** Push onto the stack the P1-th column of the most recently read line
4283 ** from the input file.
4284 */
4285 case OP_FileColumn: {
4286   int i = pOp->p1;
4287   char *z;
4288   assert( i>=0 && i<p->nField );
4289   if( p->azField ){
4290     z = p->azField[i];
4291   }else{
4292     z = 0;
4293   }
4294   pTos++;
4295   if( z ){
4296     pTos->n = strlen(z) + 1;
4297     pTos->z = z;
4298     pTos->flags = MEM_Str | MEM_Ephem;
4299   }else{
4300     pTos->flags = MEM_Null;
4301   }
4302   break;
4303 }
4304 
4305 /* Opcode: MemStore P1 P2 *
4306 **
4307 ** Write the top of the stack into memory location P1.
4308 ** P1 should be a small integer since space is allocated
4309 ** for all memory locations between 0 and P1 inclusive.
4310 **
4311 ** After the data is stored in the memory location, the
4312 ** stack is popped once if P2 is 1.  If P2 is zero, then
4313 ** the original data remains on the stack.
4314 */
4315 case OP_MemStore: {
4316   int i = pOp->p1;
4317   Mem *pMem;
4318   assert( pTos>=p->aStack );
4319   if( i>=p->nMem ){
4320     int nOld = p->nMem;
4321     Mem *aMem;
4322     p->nMem = i + 5;
4323     aMem = sqliteRealloc(p->aMem, p->nMem*sizeof(p->aMem[0]));
4324     if( aMem==0 ) goto no_mem;
4325     if( aMem!=p->aMem ){
4326       int j;
4327       for(j=0; j<nOld; j++){
4328         if( aMem[j].flags & MEM_Short ){
4329           aMem[j].z = aMem[j].zShort;
4330         }
4331       }
4332     }
4333     p->aMem = aMem;
4334     if( nOld<p->nMem ){
4335       memset(&p->aMem[nOld], 0, sizeof(p->aMem[0])*(p->nMem-nOld));
4336     }
4337   }
4338   Deephemeralize(pTos);
4339   pMem = &p->aMem[i];
4340   Release(pMem);
4341   *pMem = *pTos;
4342   if( pMem->flags & MEM_Dyn ){
4343     if( pOp->p2 ){
4344       pTos->flags = MEM_Null;
4345     }else{
4346       pMem->z = sqliteMallocRaw( pMem->n );
4347       if( pMem->z==0 ) goto no_mem;
4348       memcpy(pMem->z, pTos->z, pMem->n);
4349     }
4350   }else if( pMem->flags & MEM_Short ){
4351     pMem->z = pMem->zShort;
4352   }
4353   if( pOp->p2 ){
4354     Release(pTos);
4355     pTos--;
4356   }
4357   break;
4358 }
4359 
4360 /* Opcode: MemLoad P1 * *
4361 **
4362 ** Push a copy of the value in memory location P1 onto the stack.
4363 **
4364 ** If the value is a string, then the value pushed is a pointer to
4365 ** the string that is stored in the memory location.  If the memory
4366 ** location is subsequently changed (using OP_MemStore) then the
4367 ** value pushed onto the stack will change too.
4368 */
4369 case OP_MemLoad: {
4370   int i = pOp->p1;
4371   assert( i>=0 && i<p->nMem );
4372   pTos++;
4373   memcpy(pTos, &p->aMem[i], sizeof(pTos[0])-NBFS);;
4374   if( pTos->flags & MEM_Str ){
4375     pTos->flags |= MEM_Ephem;
4376     pTos->flags &= ~(MEM_Dyn|MEM_Static|MEM_Short);
4377   }
4378   break;
4379 }
4380 
4381 /* Opcode: MemIncr P1 P2 *
4382 **
4383 ** Increment the integer valued memory cell P1 by 1.  If P2 is not zero
4384 ** and the result after the increment is greater than zero, then jump
4385 ** to P2.
4386 **
4387 ** This instruction throws an error if the memory cell is not initially
4388 ** an integer.
4389 */
4390 case OP_MemIncr: {
4391   int i = pOp->p1;
4392   Mem *pMem;
4393   assert( i>=0 && i<p->nMem );
4394   pMem = &p->aMem[i];
4395   assert( pMem->flags==MEM_Int );
4396   pMem->i++;
4397   if( pOp->p2>0 && pMem->i>0 ){
4398      pc = pOp->p2 - 1;
4399   }
4400   break;
4401 }
4402 
4403 /* Opcode: AggReset * P2 *
4404 **
4405 ** Reset the aggregator so that it no longer contains any data.
4406 ** Future aggregator elements will contain P2 values each.
4407 */
4408 case OP_AggReset: {
4409   sqliteVdbeAggReset(&p->agg);
4410   p->agg.nMem = pOp->p2;
4411   p->agg.apFunc = sqliteMalloc( p->agg.nMem*sizeof(p->agg.apFunc[0]) );
4412   if( p->agg.apFunc==0 ) goto no_mem;
4413   break;
4414 }
4415 
4416 /* Opcode: AggInit * P2 P3
4417 **
4418 ** Initialize the function parameters for an aggregate function.
4419 ** The aggregate will operate out of aggregate column P2.
4420 ** P3 is a pointer to the FuncDef structure for the function.
4421 */
4422 case OP_AggInit: {
4423   int i = pOp->p2;
4424   assert( i>=0 && i<p->agg.nMem );
4425   p->agg.apFunc[i] = (FuncDef*)pOp->p3;
4426   break;
4427 }
4428 
4429 /* Opcode: AggFunc * P2 P3
4430 **
4431 ** Execute the step function for an aggregate.  The
4432 ** function has P2 arguments.  P3 is a pointer to the FuncDef
4433 ** structure that specifies the function.
4434 **
4435 ** The top of the stack must be an integer which is the index of
4436 ** the aggregate column that corresponds to this aggregate function.
4437 ** Ideally, this index would be another parameter, but there are
4438 ** no free parameters left.  The integer is popped from the stack.
4439 */
4440 case OP_AggFunc: {
4441   int n = pOp->p2;
4442   int i;
4443   Mem *pMem, *pRec;
4444   char **azArgv = p->zArgv;
4445   sqlite_func ctx;
4446 
4447   assert( n>=0 );
4448   assert( pTos->flags==MEM_Int );
4449   pRec = &pTos[-n];
4450   assert( pRec>=p->aStack );
4451   for(i=0; i<n; i++, pRec++){
4452     if( pRec->flags & MEM_Null ){
4453       azArgv[i] = 0;
4454     }else{
4455       Stringify(pRec);
4456       azArgv[i] = pRec->z;
4457     }
4458   }
4459   i = pTos->i;
4460   assert( i>=0 && i<p->agg.nMem );
4461   ctx.pFunc = (FuncDef*)pOp->p3;
4462   pMem = &p->agg.pCurrent->aMem[i];
4463   ctx.s.z = pMem->zShort;  /* Space used for small aggregate contexts */
4464   ctx.pAgg = pMem->z;
4465   ctx.cnt = ++pMem->i;
4466   ctx.isError = 0;
4467   ctx.isStep = 1;
4468   (ctx.pFunc->xStep)(&ctx, n, (const char**)azArgv);
4469   pMem->z = ctx.pAgg;
4470   pMem->flags = MEM_AggCtx;
4471   popStack(&pTos, n+1);
4472   if( ctx.isError ){
4473     rc = SQLITE_ERROR;
4474   }
4475   break;
4476 }
4477 
4478 /* Opcode: AggFocus * P2 *
4479 **
4480 ** Pop the top of the stack and use that as an aggregator key.  If
4481 ** an aggregator with that same key already exists, then make the
4482 ** aggregator the current aggregator and jump to P2.  If no aggregator
4483 ** with the given key exists, create one and make it current but
4484 ** do not jump.
4485 **
4486 ** The order of aggregator opcodes is important.  The order is:
4487 ** AggReset AggFocus AggNext.  In other words, you must execute
4488 ** AggReset first, then zero or more AggFocus operations, then
4489 ** zero or more AggNext operations.  You must not execute an AggFocus
4490 ** in between an AggNext and an AggReset.
4491 */
4492 case OP_AggFocus: {
4493   AggElem *pElem;
4494   char *zKey;
4495   int nKey;
4496 
4497   assert( pTos>=p->aStack );
4498   Stringify(pTos);
4499   zKey = pTos->z;
4500   nKey = pTos->n;
4501   pElem = sqliteHashFind(&p->agg.hash, zKey, nKey);
4502   if( pElem ){
4503     p->agg.pCurrent = pElem;
4504     pc = pOp->p2 - 1;
4505   }else{
4506     AggInsert(&p->agg, zKey, nKey);
4507     if( sqlite_malloc_failed ) goto no_mem;
4508   }
4509   Release(pTos);
4510   pTos--;
4511   break;
4512 }
4513 
4514 /* Opcode: AggSet * P2 *
4515 **
4516 ** Move the top of the stack into the P2-th field of the current
4517 ** aggregate.  String values are duplicated into new memory.
4518 */
4519 case OP_AggSet: {
4520   AggElem *pFocus = AggInFocus(p->agg);
4521   Mem *pMem;
4522   int i = pOp->p2;
4523   assert( pTos>=p->aStack );
4524   if( pFocus==0 ) goto no_mem;
4525   assert( i>=0 && i<p->agg.nMem );
4526   Deephemeralize(pTos);
4527   pMem = &pFocus->aMem[i];
4528   Release(pMem);
4529   *pMem = *pTos;
4530   if( pMem->flags & MEM_Dyn ){
4531     pTos->flags = MEM_Null;
4532   }else if( pMem->flags & MEM_Short ){
4533     pMem->z = pMem->zShort;
4534   }
4535   Release(pTos);
4536   pTos--;
4537   break;
4538 }
4539 
4540 /* Opcode: AggGet * P2 *
4541 **
4542 ** Push a new entry onto the stack which is a copy of the P2-th field
4543 ** of the current aggregate.  Strings are not duplicated so
4544 ** string values will be ephemeral.
4545 */
4546 case OP_AggGet: {
4547   AggElem *pFocus = AggInFocus(p->agg);
4548   Mem *pMem;
4549   int i = pOp->p2;
4550   if( pFocus==0 ) goto no_mem;
4551   assert( i>=0 && i<p->agg.nMem );
4552   pTos++;
4553   pMem = &pFocus->aMem[i];
4554   *pTos = *pMem;
4555   if( pTos->flags & MEM_Str ){
4556     pTos->flags &= ~(MEM_Dyn|MEM_Static|MEM_Short);
4557     pTos->flags |= MEM_Ephem;
4558   }
4559   break;
4560 }
4561 
4562 /* Opcode: AggNext * P2 *
4563 **
4564 ** Make the next aggregate value the current aggregate.  The prior
4565 ** aggregate is deleted.  If all aggregate values have been consumed,
4566 ** jump to P2.
4567 **
4568 ** The order of aggregator opcodes is important.  The order is:
4569 ** AggReset AggFocus AggNext.  In other words, you must execute
4570 ** AggReset first, then zero or more AggFocus operations, then
4571 ** zero or more AggNext operations.  You must not execute an AggFocus
4572 ** in between an AggNext and an AggReset.
4573 */
4574 case OP_AggNext: {
4575   CHECK_FOR_INTERRUPT;
4576   if( p->agg.pSearch==0 ){
4577     p->agg.pSearch = sqliteHashFirst(&p->agg.hash);
4578   }else{
4579     p->agg.pSearch = sqliteHashNext(p->agg.pSearch);
4580   }
4581   if( p->agg.pSearch==0 ){
4582     pc = pOp->p2 - 1;
4583   } else {
4584     int i;
4585     sqlite_func ctx;
4586     Mem *aMem;
4587     p->agg.pCurrent = sqliteHashData(p->agg.pSearch);
4588     aMem = p->agg.pCurrent->aMem;
4589     for(i=0; i<p->agg.nMem; i++){
4590       int freeCtx;
4591       if( p->agg.apFunc[i]==0 ) continue;
4592       if( p->agg.apFunc[i]->xFinalize==0 ) continue;
4593       ctx.s.flags = MEM_Null;
4594       ctx.s.z = aMem[i].zShort;
4595       ctx.pAgg = (void*)aMem[i].z;
4596       freeCtx = aMem[i].z && aMem[i].z!=aMem[i].zShort;
4597       ctx.cnt = aMem[i].i;
4598       ctx.isStep = 0;
4599       ctx.pFunc = p->agg.apFunc[i];
4600       (*p->agg.apFunc[i]->xFinalize)(&ctx);
4601       if( freeCtx ){
4602         sqliteFree( aMem[i].z );
4603       }
4604       aMem[i] = ctx.s;
4605       if( aMem[i].flags & MEM_Short ){
4606         aMem[i].z = aMem[i].zShort;
4607       }
4608     }
4609   }
4610   break;
4611 }
4612 
4613 /* Opcode: SetInsert P1 * P3
4614 **
4615 ** If Set P1 does not exist then create it.  Then insert value
4616 ** P3 into that set.  If P3 is NULL, then insert the top of the
4617 ** stack into the set.
4618 */
4619 case OP_SetInsert: {
4620   int i = pOp->p1;
4621   if( p->nSet<=i ){
4622     int k;
4623     Set *aSet = sqliteRealloc(p->aSet, (i+1)*sizeof(p->aSet[0]) );
4624     if( aSet==0 ) goto no_mem;
4625     p->aSet = aSet;
4626     for(k=p->nSet; k<=i; k++){
4627       sqliteHashInit(&p->aSet[k].hash, SQLITE_HASH_BINARY, 1);
4628     }
4629     p->nSet = i+1;
4630   }
4631   if( pOp->p3 ){
4632     sqliteHashInsert(&p->aSet[i].hash, pOp->p3, strlen(pOp->p3)+1, p);
4633   }else{
4634     assert( pTos>=p->aStack );
4635     Stringify(pTos);
4636     sqliteHashInsert(&p->aSet[i].hash, pTos->z, pTos->n, p);
4637     Release(pTos);
4638     pTos--;
4639   }
4640   if( sqlite_malloc_failed ) goto no_mem;
4641   break;
4642 }
4643 
4644 /* Opcode: SetFound P1 P2 *
4645 **
4646 ** Pop the stack once and compare the value popped off with the
4647 ** contents of set P1.  If the element popped exists in set P1,
4648 ** then jump to P2.  Otherwise fall through.
4649 */
4650 case OP_SetFound: {
4651   int i = pOp->p1;
4652   assert( pTos>=p->aStack );
4653   Stringify(pTos);
4654   if( i>=0 && i<p->nSet && sqliteHashFind(&p->aSet[i].hash, pTos->z, pTos->n)){
4655     pc = pOp->p2 - 1;
4656   }
4657   Release(pTos);
4658   pTos--;
4659   break;
4660 }
4661 
4662 /* Opcode: SetNotFound P1 P2 *
4663 **
4664 ** Pop the stack once and compare the value popped off with the
4665 ** contents of set P1.  If the element popped does not exists in
4666 ** set P1, then jump to P2.  Otherwise fall through.
4667 */
4668 case OP_SetNotFound: {
4669   int i = pOp->p1;
4670   assert( pTos>=p->aStack );
4671   Stringify(pTos);
4672   if( i<0 || i>=p->nSet ||
4673        sqliteHashFind(&p->aSet[i].hash, pTos->z, pTos->n)==0 ){
4674     pc = pOp->p2 - 1;
4675   }
4676   Release(pTos);
4677   pTos--;
4678   break;
4679 }
4680 
4681 /* Opcode: SetFirst P1 P2 *
4682 **
4683 ** Read the first element from set P1 and push it onto the stack.  If the
4684 ** set is empty, push nothing and jump immediately to P2.  This opcode is
4685 ** used in combination with OP_SetNext to loop over all elements of a set.
4686 */
4687 /* Opcode: SetNext P1 P2 *
4688 **
4689 ** Read the next element from set P1 and push it onto the stack.  If there
4690 ** are no more elements in the set, do not do the push and fall through.
4691 ** Otherwise, jump to P2 after pushing the next set element.
4692 */
4693 case OP_SetFirst:
4694 case OP_SetNext: {
4695   Set *pSet;
4696   CHECK_FOR_INTERRUPT;
4697   if( pOp->p1<0 || pOp->p1>=p->nSet ){
4698     if( pOp->opcode==OP_SetFirst ) pc = pOp->p2 - 1;
4699     break;
4700   }
4701   pSet = &p->aSet[pOp->p1];
4702   if( pOp->opcode==OP_SetFirst ){
4703     pSet->prev = sqliteHashFirst(&pSet->hash);
4704     if( pSet->prev==0 ){
4705       pc = pOp->p2 - 1;
4706       break;
4707     }
4708   }else{
4709     if( pSet->prev ){
4710       pSet->prev = sqliteHashNext(pSet->prev);
4711     }
4712     if( pSet->prev==0 ){
4713       break;
4714     }else{
4715       pc = pOp->p2 - 1;
4716     }
4717   }
4718   pTos++;
4719   pTos->z = sqliteHashKey(pSet->prev);
4720   pTos->n = sqliteHashKeysize(pSet->prev);
4721   pTos->flags = MEM_Str | MEM_Ephem;
4722   break;
4723 }
4724 
4725 /* Opcode: Vacuum * * *
4726 **
4727 ** Vacuum the entire database.  This opcode will cause other virtual
4728 ** machines to be created and run.  It may not be called from within
4729 ** a transaction.
4730 */
4731 case OP_Vacuum: {
4732   if( sqliteSafetyOff(db) ) goto abort_due_to_misuse;
4733   rc = sqliteRunVacuum(&p->zErrMsg, db);
4734   if( sqliteSafetyOn(db) ) goto abort_due_to_misuse;
4735   break;
4736 }
4737 
4738 /* Opcode: StackDepth * * *
4739 **
4740 ** Push an integer onto the stack which is the depth of the stack prior
4741 ** to that integer being pushed.
4742 */
4743 case OP_StackDepth: {
4744   int depth = (&pTos[1]) - p->aStack;
4745   pTos++;
4746   pTos->i = depth;
4747   pTos->flags = MEM_Int;
4748   break;
4749 }
4750 
4751 /* Opcode: StackReset * * *
4752 **
4753 ** Pop a single integer off of the stack.  Then pop the stack
4754 ** as many times as necessary to get the depth of the stack down
4755 ** to the value of the integer that was popped.
4756 */
4757 case OP_StackReset: {
4758   int depth, goal;
4759   assert( pTos>=p->aStack );
4760   Integerify(pTos);
4761   goal = pTos->i;
4762   depth = (&pTos[1]) - p->aStack;
4763   assert( goal<depth );
4764   popStack(&pTos, depth-goal);
4765   break;
4766 }
4767 
4768 /* An other opcode is illegal...
4769 */
4770 default: {
4771   sqlite_snprintf(sizeof(zBuf),zBuf,"%d",pOp->opcode);
4772   sqliteSetString(&p->zErrMsg, "unknown opcode ", zBuf, (char*)0);
4773   rc = SQLITE_INTERNAL;
4774   break;
4775 }
4776 
4777 /*****************************************************************************
4778 ** The cases of the switch statement above this line should all be indented
4779 ** by 6 spaces.  But the left-most 6 spaces have been removed to improve the
4780 ** readability.  From this point on down, the normal indentation rules are
4781 ** restored.
4782 *****************************************************************************/
4783     }
4784 
4785 #ifdef VDBE_PROFILE
4786     {
4787       long long elapse = hwtime() - start;
4788       pOp->cycles += elapse;
4789       pOp->cnt++;
4790 #if 0
4791         fprintf(stdout, "%10lld ", elapse);
4792         sqliteVdbePrintOp(stdout, origPc, &p->aOp[origPc]);
4793 #endif
4794     }
4795 #endif
4796 
4797     /* The following code adds nothing to the actual functionality
4798     ** of the program.  It is only here for testing and debugging.
4799     ** On the other hand, it does burn CPU cycles every time through
4800     ** the evaluator loop.  So we can leave it out when NDEBUG is defined.
4801     */
4802 #ifndef NDEBUG
4803     /* Sanity checking on the top element of the stack */
4804     if( pTos>=p->aStack ){
4805       assert( pTos->flags!=0 );  /* Must define some type */
4806       if( pTos->flags & MEM_Str ){
4807         int x = pTos->flags & (MEM_Static|MEM_Dyn|MEM_Ephem|MEM_Short);
4808         assert( x!=0 );            /* Strings must define a string subtype */
4809         assert( (x & (x-1))==0 );  /* Only one string subtype can be defined */
4810         assert( pTos->z!=0 );      /* Strings must have a value */
4811         /* Mem.z points to Mem.zShort iff the subtype is MEM_Short */
4812         assert( (pTos->flags & MEM_Short)==0 || pTos->z==pTos->zShort );
4813         assert( (pTos->flags & MEM_Short)!=0 || pTos->z!=pTos->zShort );
4814       }else{
4815         /* Cannot define a string subtype for non-string objects */
4816         assert( (pTos->flags & (MEM_Static|MEM_Dyn|MEM_Ephem|MEM_Short))==0 );
4817       }
4818       /* MEM_Null excludes all other types */
4819       assert( pTos->flags==MEM_Null || (pTos->flags&MEM_Null)==0 );
4820     }
4821     if( pc<-1 || pc>=p->nOp ){
4822       sqliteSetString(&p->zErrMsg, "jump destination out of range", (char*)0);
4823       rc = SQLITE_INTERNAL;
4824     }
4825     if( p->trace && pTos>=p->aStack ){
4826       int i;
4827       fprintf(p->trace, "Stack:");
4828       for(i=0; i>-5 && &pTos[i]>=p->aStack; i--){
4829         if( pTos[i].flags & MEM_Null ){
4830           fprintf(p->trace, " NULL");
4831         }else if( (pTos[i].flags & (MEM_Int|MEM_Str))==(MEM_Int|MEM_Str) ){
4832           fprintf(p->trace, " si:%d", pTos[i].i);
4833         }else if( pTos[i].flags & MEM_Int ){
4834           fprintf(p->trace, " i:%d", pTos[i].i);
4835         }else if( pTos[i].flags & MEM_Real ){
4836           fprintf(p->trace, " r:%g", pTos[i].r);
4837         }else if( pTos[i].flags & MEM_Str ){
4838           int j, k;
4839           char zBuf[100];
4840           zBuf[0] = ' ';
4841           if( pTos[i].flags & MEM_Dyn ){
4842             zBuf[1] = 'z';
4843             assert( (pTos[i].flags & (MEM_Static|MEM_Ephem))==0 );
4844           }else if( pTos[i].flags & MEM_Static ){
4845             zBuf[1] = 't';
4846             assert( (pTos[i].flags & (MEM_Dyn|MEM_Ephem))==0 );
4847           }else if( pTos[i].flags & MEM_Ephem ){
4848             zBuf[1] = 'e';
4849             assert( (pTos[i].flags & (MEM_Static|MEM_Dyn))==0 );
4850           }else{
4851             zBuf[1] = 's';
4852           }
4853           zBuf[2] = '[';
4854           k = 3;
4855           for(j=0; j<20 && j<pTos[i].n; j++){
4856             int c = pTos[i].z[j];
4857             if( c==0 && j==pTos[i].n-1 ) break;
4858             if( isprint(c) && !isspace(c) ){
4859               zBuf[k++] = c;
4860             }else{
4861               zBuf[k++] = '.';
4862             }
4863           }
4864           zBuf[k++] = ']';
4865           zBuf[k++] = 0;
4866           fprintf(p->trace, "%s", zBuf);
4867         }else{
4868           fprintf(p->trace, " ???");
4869         }
4870       }
4871       if( rc!=0 ) fprintf(p->trace," rc=%d",rc);
4872       fprintf(p->trace,"\n");
4873     }
4874 #endif
4875   }  /* The end of the for(;;) loop the loops through opcodes */
4876 
4877   /* If we reach this point, it means that execution is finished.
4878   */
4879 vdbe_halt:
4880   CHECK_FOR_INTERRUPT
4881   if( rc ){
4882     p->rc = rc;
4883     rc = SQLITE_ERROR;
4884   }else{
4885     rc = SQLITE_DONE;
4886   }
4887   p->magic = VDBE_MAGIC_HALT;
4888   p->pTos = pTos;
4889   return rc;
4890 
4891   /* Jump to here if a malloc() fails.  It's hard to get a malloc()
4892   ** to fail on a modern VM computer, so this code is untested.
4893   */
4894 no_mem:
4895   sqliteSetString(&p->zErrMsg, "out of memory", (char*)0);
4896   rc = SQLITE_NOMEM;
4897   goto vdbe_halt;
4898 
4899   /* Jump to here for an SQLITE_MISUSE error.
4900   */
4901 abort_due_to_misuse:
4902   rc = SQLITE_MISUSE;
4903   /* Fall thru into abort_due_to_error */
4904 
4905   /* Jump to here for any other kind of fatal error.  The "rc" variable
4906   ** should hold the error number.
4907   */
4908 abort_due_to_error:
4909   if( p->zErrMsg==0 ){
4910     if( sqlite_malloc_failed ) rc = SQLITE_NOMEM;
4911     sqliteSetString(&p->zErrMsg, sqlite_error_string(rc), (char*)0);
4912   }
4913   goto vdbe_halt;
4914 
4915   /* Jump to here if the sqlite_interrupt() API sets the interrupt
4916   ** flag.
4917   */
4918 abort_due_to_interrupt:
4919   assert( db->flags & SQLITE_Interrupt );
4920   db->flags &= ~SQLITE_Interrupt;
4921   if( db->magic!=SQLITE_MAGIC_BUSY ){
4922     rc = SQLITE_MISUSE;
4923   }else{
4924     rc = SQLITE_INTERRUPT;
4925   }
4926   sqliteSetString(&p->zErrMsg, sqlite_error_string(rc), (char*)0);
4927   goto vdbe_halt;
4928 }
4929