/*************************************************

*      Perl-Compatible Regular Expressions       *

*************************************************/

/* PCRE is a library of functions to support regular expressions whose syntax

and semantics are as close as possible to those of the Perl 5 language.

                       Written by Philip Hazel

           Copyright (c) 1997-2012 University of Cambridge

-----------------------------------------------------------------------------

Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright notice,

      this list of conditions and the following disclaimer.

    * Redistributions in binary form must reproduce the above copyright

      notice, this list of conditions and the following disclaimer in the

      documentation and/or other materials provided with the distribution.

    * Neither the name of the University of Cambridge nor the names of its

      contributors may be used to endorse or promote products derived from

      this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"

AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE

LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR

CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF

SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS

INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN

CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

POSSIBILITY OF SUCH DAMAGE.

-----------------------------------------------------------------------------

*/

/* This module contains the external function pcre_study(), along with local

supporting functions. */

#include "config.h"

#include "pcre_internal.h"

#define SET_BIT(c) start_bits[c/8] |= (1 << (c&7))

/* Returns from set_start_bits() */

enum { SSB_FAIL, SSB_DONE, SSB_CONTINUE, SSB_UNKNOWN };

/*************************************************

*   Find the minimum subject length for a group  *

*************************************************/

/* Scan a parenthesized group and compute the minimum length of subject that

is needed to match it. This is a lower bound; it does not mean there is a

string of that length that matches. In UTF8 mode, the result is in characters

rather than bytes.

Arguments:

  code            pointer to start of group (the bracket)

  startcode       pointer to start of the whole pattern

  options         the compiling options

  int             RECURSE depth

Returns:   the minimum length

           -1 if \C in UTF-8 mode or (*ACCEPT) was encountered

           -2 internal error (missing capturing bracket)

           -3 internal error (opcode not listed)

*/

static int

find_minlength(const pcre_uchar *code, const pcre_uchar *startcode, int options,

  int recurse_depth)

{

int length = -1;

/* PCRE_UTF16 has the same value as PCRE_UTF8. */

BOOL utf = (options & PCRE_UTF8) != 0;

BOOL had_recurse = FALSE;

int branchlength = 0;

pcre_uchar *cc = (pcre_uchar *)code + 1 + LINK_SIZE;

if (*code == OP_CBRA || *code == OP_SCBRA ||

    *code == OP_CBRAPOS || *code == OP_SCBRAPOS) cc += IMM2_SIZE;

/* Scan along the opcodes for this branch. If we get to the end of the

branch, check the length against that of the other branches. */

for (;;)

  {

  int d, min;

  pcre_uchar *cs, *ce;

  int op = *cc;

  switch (op)

    {

    case OP_COND:

    case OP_SCOND:

    /* If there is only one branch in a condition, the implied branch has zero

    length, so we don't add anything. This covers the DEFINE "condition"

    automatically. */

    cs = cc + GET(cc, 1);

    if (*cs != OP_ALT)

      {

      cc = cs + 1 + LINK_SIZE;

      break;

      }

    /* Otherwise we can fall through and treat it the same as any other

    subpattern. */

    case OP_CBRA:

    case OP_SCBRA:

    case OP_BRA:

    case OP_SBRA:

    case OP_CBRAPOS:

    case OP_SCBRAPOS:

    case OP_BRAPOS:

    case OP_SBRAPOS:

    case OP_ONCE:

    case OP_ONCE_NC:

    d = find_minlength(cc, startcode, options, recurse_depth);

    if (d < 0) return d;

    branchlength += d;

    do cc += GET(cc, 1); while (*cc == OP_ALT);

    cc += 1 + LINK_SIZE;

    break;

    /* ACCEPT makes things far too complicated; we have to give up. */

    case OP_ACCEPT:

    case OP_ASSERT_ACCEPT:

    return -1;

    /* Reached end of a branch; if it's a ket it is the end of a nested

    call. If it's ALT it is an alternation in a nested call. If it is END it's

    the end of the outer call. All can be handled by the same code. If an

    ACCEPT was previously encountered, use the length that was in force at that

    time, and pass back the shortest ACCEPT length. */

    case OP_ALT:

    case OP_KET:

    case OP_KETRMAX:

    case OP_KETRMIN:

    case OP_KETRPOS:

    case OP_END:

    if (length < 0 || (!had_recurse && branchlength < length))

      length = branchlength;

    if (op != OP_ALT) return length;

    cc += 1 + LINK_SIZE;

    branchlength = 0;

    had_recurse = FALSE;

    break;

    /* Skip over assertive subpatterns */

    case OP_ASSERT:

    case OP_ASSERT_NOT:

    case OP_ASSERTBACK:

    case OP_ASSERTBACK_NOT:

    do cc += GET(cc, 1); while (*cc == OP_ALT);

    /* Fall through */

    /* Skip over things that don't match chars */

    case OP_REVERSE:

    case OP_CREF:

    case OP_NCREF:

    case OP_RREF:

    case OP_NRREF:

    case OP_DEF:

    case OP_CALLOUT:

    case OP_SOD:

    case OP_SOM:

    case OP_EOD:

    case OP_EODN:

    case OP_CIRC:

    case OP_CIRCM:

    case OP_DOLL:

    case OP_DOLLM:

    case OP_NOT_WORD_BOUNDARY:

    case OP_WORD_BOUNDARY:

    cc += PRIV(OP_lengths)[*cc];

    break;

    /* Skip over a subpattern that has a {0} or {0,x} quantifier */

    case OP_BRAZERO:

    case OP_BRAMINZERO:

    case OP_BRAPOSZERO:

    case OP_SKIPZERO:

    cc += PRIV(OP_lengths)[*cc];

    do cc += GET(cc, 1); while (*cc == OP_ALT);

    cc += 1 + LINK_SIZE;

    break;

    /* Handle literal characters and + repetitions */

    case OP_CHAR:

    case OP_CHARI:

    case OP_NOT:

    case OP_NOTI:

    case OP_PLUS:

    case OP_PLUSI:

    case OP_MINPLUS:

    case OP_MINPLUSI:

    case OP_POSPLUS:

    case OP_POSPLUSI:

    case OP_NOTPLUS:

    case OP_NOTPLUSI:

    case OP_NOTMINPLUS:

    case OP_NOTMINPLUSI:

    case OP_NOTPOSPLUS:

    case OP_NOTPOSPLUSI:

    branchlength++;

    cc += 2;

#ifdef SUPPORT_UTF

    if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);

#endif

    break;

    case OP_TYPEPLUS:

    case OP_TYPEMINPLUS:

    case OP_TYPEPOSPLUS:

    branchlength++;

    cc += (cc[1] == OP_PROP || cc[1] == OP_NOTPROP)? 4 : 2;

    break;

    /* Handle exact repetitions. The count is already in characters, but we

    need to skip over a multibyte character in UTF8 mode.  */

    case OP_EXACT:

    case OP_EXACTI:

    case OP_NOTEXACT:

    case OP_NOTEXACTI:

    branchlength += GET2(cc,1);

    cc += 2 + IMM2_SIZE;

#ifdef SUPPORT_UTF

    if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);

#endif

    break;

    case OP_TYPEEXACT:

    branchlength += GET2(cc,1);

    cc += 2 + IMM2_SIZE + ((cc[1 + IMM2_SIZE] == OP_PROP

      || cc[1 + IMM2_SIZE] == OP_NOTPROP)? 2 : 0);

    break;

    /* Handle single-char non-literal matchers */

    case OP_PROP:

    case OP_NOTPROP:

    cc += 2;

    /* Fall through */

    case OP_NOT_DIGIT:

    case OP_DIGIT:

    case OP_NOT_WHITESPACE:

    case OP_WHITESPACE:

    case OP_NOT_WORDCHAR:

    case OP_WORDCHAR:

    case OP_ANY:

    case OP_ALLANY:

    case OP_EXTUNI:

    case OP_HSPACE:

    case OP_NOT_HSPACE:

    case OP_VSPACE:

    case OP_NOT_VSPACE:

    branchlength++;

    cc++;

    break;

    /* "Any newline" might match two characters, but it also might match just

    one. */

    case OP_ANYNL:

    branchlength += 1;

    cc++;

    break;

    /* The single-byte matcher means we can't proceed in UTF-8 mode. (In

    non-UTF-8 mode \C will actually be turned into OP_ALLANY, so won't ever

    appear, but leave the code, just in case.) */

    case OP_ANYBYTE:

#ifdef SUPPORT_UTF

    if (utf) return -1;

#endif

    branchlength++;

    cc++;

    break;

    /* For repeated character types, we have to test for \p and \P, which have

    an extra two bytes of parameters. */

    case OP_TYPESTAR:

    case OP_TYPEMINSTAR:

    case OP_TYPEQUERY:

    case OP_TYPEMINQUERY:

    case OP_TYPEPOSSTAR:

    case OP_TYPEPOSQUERY:

    if (cc[1] == OP_PROP || cc[1] == OP_NOTPROP) cc += 2;

    cc += PRIV(OP_lengths)[op];

    break;

    case OP_TYPEUPTO:

    case OP_TYPEMINUPTO:

    case OP_TYPEPOSUPTO:

    if (cc[1 + IMM2_SIZE] == OP_PROP

      || cc[1 + IMM2_SIZE] == OP_NOTPROP) cc += 2;

    cc += PRIV(OP_lengths)[op];

    break;

    /* Check a class for variable quantification */

#if defined SUPPORT_UTF || !defined COMPILE_PCRE8

    case OP_XCLASS:

    cc += GET(cc, 1) - PRIV(OP_lengths)[OP_CLASS];

    /* Fall through */

#endif

    case OP_CLASS:

    case OP_NCLASS:

    cc += PRIV(OP_lengths)[OP_CLASS];

    switch (*cc)

      {

      case OP_CRPLUS:

      case OP_CRMINPLUS:

      branchlength++;

      /* Fall through */

      case OP_CRSTAR:

      case OP_CRMINSTAR:

      case OP_CRQUERY:

      case OP_CRMINQUERY:

      cc++;

      break;

      case OP_CRRANGE:

      case OP_CRMINRANGE:

      branchlength += GET2(cc,1);

      cc += 1 + 2 * IMM2_SIZE;

      break;

      default:

      branchlength++;

      break;

      }

    break;

    /* Backreferences and subroutine calls are treated in the same way: we find

    the minimum length for the subpattern. A recursion, however, causes an

    a flag to be set that causes the length of this branch to be ignored. The

    logic is that a recursion can only make sense if there is another

    alternation that stops the recursing. That will provide the minimum length

    (when no recursion happens). A backreference within the group that it is

    referencing behaves in the same way.

    If PCRE_JAVASCRIPT_COMPAT is set, a backreference to an unset bracket

    matches an empty string (by default it causes a matching failure), so in

    that case we must set the minimum length to zero. */

    case OP_REF:

    case OP_REFI:

    if ((options & PCRE_JAVASCRIPT_COMPAT) == 0)

      {

      ce = cs = (pcre_uchar *)PRIV(find_bracket)(startcode, utf, GET2(cc, 1));

      if (cs == NULL) return -2;

      do ce += GET(ce, 1); while (*ce == OP_ALT);

      if (cc > cs && cc < ce)

        {

        d = 0;

        had_recurse = TRUE;

        }

      else

        {

        d = find_minlength(cs, startcode, options, recurse_depth);

        }

      }

    else d = 0;

    cc += 1 + IMM2_SIZE;

    /* Handle repeated back references */

    switch (*cc)

      {

      case OP_CRSTAR:

      case OP_CRMINSTAR:

      case OP_CRQUERY:

      case OP_CRMINQUERY:

      min = 0;

      cc++;

      break;

      case OP_CRPLUS:

      case OP_CRMINPLUS:

      min = 1;

      cc++;

      break;

      case OP_CRRANGE:

      case OP_CRMINRANGE:

      min = GET2(cc, 1);

      cc += 1 + 2 * IMM2_SIZE;

      break;

      default:

      min = 1;

      break;

      }

    branchlength += min * d;

    break;

    /* We can easily detect direct recursion, but not mutual recursion. This is

    caught by a recursion depth count. */

    case OP_RECURSE:

    cs = ce = (pcre_uchar *)startcode + GET(cc, 1);

    do ce += GET(ce, 1); while (*ce == OP_ALT);

    if ((cc > cs && cc < ce) || recurse_depth > 10)

      had_recurse = TRUE;

    else

      {

      branchlength += find_minlength(cs, startcode, options, recurse_depth + 1);

      }

    cc += 1 + LINK_SIZE;

    break;

    /* Anything else does not or need not match a character. We can get the

    item's length from the table, but for those that can match zero occurrences

    of a character, we must take special action for UTF-8 characters. As it

    happens, the "NOT" versions of these opcodes are used at present only for

    ASCII characters, so they could be omitted from this list. However, in

    future that may change, so we include them here so as not to leave a

    gotcha for a future maintainer. */

    case OP_UPTO:

    case OP_UPTOI:

    case OP_NOTUPTO:

    case OP_NOTUPTOI:

    case OP_MINUPTO:

    case OP_MINUPTOI:

    case OP_NOTMINUPTO:

    case OP_NOTMINUPTOI:

    case OP_POSUPTO:

    case OP_POSUPTOI:

    case OP_NOTPOSUPTO:

    case OP_NOTPOSUPTOI:

    case OP_STAR:

    case OP_STARI:

    case OP_NOTSTAR:

    case OP_NOTSTARI:

    case OP_MINSTAR:

    case OP_MINSTARI:

    case OP_NOTMINSTAR:

    case OP_NOTMINSTARI:

    case OP_POSSTAR:

    case OP_POSSTARI:

    case OP_NOTPOSSTAR:

    case OP_NOTPOSSTARI:

    case OP_QUERY:

    case OP_QUERYI:

    case OP_NOTQUERY:

    case OP_NOTQUERYI:

    case OP_MINQUERY:

    case OP_MINQUERYI:

    case OP_NOTMINQUERY:

    case OP_NOTMINQUERYI:

    case OP_POSQUERY:

    case OP_POSQUERYI:

    case OP_NOTPOSQUERY:

    case OP_NOTPOSQUERYI:

    cc += PRIV(OP_lengths)[op];

#ifdef SUPPORT_UTF

    if (utf && HAS_EXTRALEN(cc[-1])) cc += GET_EXTRALEN(cc[-1]);

#endif

    break;

    /* Skip these, but we need to add in the name length. */

    case OP_MARK:

    case OP_PRUNE_ARG:

    case OP_SKIP_ARG:

    case OP_THEN_ARG:

    cc += PRIV(OP_lengths)[op] + cc[1];

    break;

    /* The remaining opcodes are just skipped over. */

    case OP_CLOSE:

    case OP_COMMIT:

    case OP_FAIL:

    case OP_PRUNE:

    case OP_SET_SOM:

    case OP_SKIP:

    case OP_THEN:

    cc += PRIV(OP_lengths)[op];

    break;

    /* This should not occur: we list all opcodes explicitly so that when

    new ones get added they are properly considered. */

    default:

    return -3;

    }

  }

/* Control never gets here */

}

/*************************************************

*      Set a bit and maybe its alternate case    *

*************************************************/

/* Given a character, set its first byte's bit in the table, and also the

corresponding bit for the other version of a letter if we are caseless. In

UTF-8 mode, for characters greater than 127, we can only do the caseless thing

when Unicode property support is available.

Arguments:

  start_bits    points to the bit map

  p             points to the character

  caseless      the caseless flag

  cd            the block with char table pointers

  utf           TRUE for UTF-8 / UTF-16 mode

Returns:        pointer after the character

*/

static const pcre_uchar *

set_table_bit(pcre_uint8 *start_bits, const pcre_uchar *p, BOOL caseless,

  compile_data *cd, BOOL utf)

{

unsigned int c = *p;

#ifdef COMPILE_PCRE8

SET_BIT(c);

#ifdef SUPPORT_UTF

if (utf && c > 127)

  {

  GETCHARINC(c, p);

#ifdef SUPPORT_UCP

  if (caseless)

    {

    pcre_uchar buff[6];

    c = UCD_OTHERCASE(c);

    (void)PRIV(ord2utf)(c, buff);

    SET_BIT(buff[0]);

    }

#endif

  return p;

  }

#endif

/* Not UTF-8 mode, or character is less than 127. */

if (caseless && (cd->ctypes[c] & ctype_letter) != 0) SET_BIT(cd->fcc[c]);

return p + 1;

#endif

#ifdef COMPILE_PCRE16

if (c > 0xff)

  {

  c = 0xff;

  caseless = FALSE;

  }

SET_BIT(c);

#ifdef SUPPORT_UTF

if (utf && c > 127)

  {

  GETCHARINC(c, p);

#ifdef SUPPORT_UCP

  if (caseless)

    {

    c = UCD_OTHERCASE(c);

    if (c > 0xff)

      c = 0xff;

    SET_BIT(c);

    }

#endif

  return p;

  }

#endif

if (caseless && (cd->ctypes[c] & ctype_letter) != 0) SET_BIT(cd->fcc[c]);

return p + 1;

#endif

}

/*************************************************

*     Set bits for a positive character type     *

*************************************************/

/* This function sets starting bits for a character type. In UTF-8 mode, we can

only do a direct setting for bytes less than 128, as otherwise there can be

confusion with bytes in the middle of UTF-8 characters. In a "traditional"

environment, the tables will only recognize ASCII characters anyway, but in at

least one Windows environment, some higher bytes bits were set in the tables.

So we deal with that case by considering the UTF-8 encoding.

Arguments:

  start_bits     the starting bitmap

  cbit type      the type of character wanted

  table_limit    32 for non-UTF-8; 16 for UTF-8

  cd             the block with char table pointers

Returns:         nothing

*/

static void

set_type_bits(pcre_uint8 *start_bits, int cbit_type, int table_limit,

  compile_data *cd)

{

int c;

for (c = 0; c < table_limit; c++) start_bits[c] |= cd->cbits[c+cbit_type];

#if defined SUPPORT_UTF && defined COMPILE_PCRE8

if (table_limit == 32) return;

for (c = 128; c < 256; c++)

  {

  if ((cd->cbits[c/8] & (1 << (c&7))) != 0)

    {

    pcre_uchar buff[6];

    (void)PRIV(ord2utf)(c, buff);

    SET_BIT(buff[0]);

    }

  }

#endif

}

/*************************************************

*     Set bits for a negative character type     *

*************************************************/

/* This function sets starting bits for a negative character type such as \D.

In UTF-8 mode, we can only do a direct setting for bytes less than 128, as

otherwise there can be confusion with bytes in the middle of UTF-8 characters.

Unlike in the positive case, where we can set appropriate starting bits for

specific high-valued UTF-8 characters, in this case we have to set the bits for

all high-valued characters. The lowest is 0xc2, but we overkill by starting at

0xc0 (192) for simplicity.

Arguments:

  start_bits     the starting bitmap

  cbit type      the type of character wanted

  table_limit    32 for non-UTF-8; 16 for UTF-8

  cd             the block with char table pointers

Returns:         nothing

*/

static void

set_nottype_bits(pcre_uint8 *start_bits, int cbit_type, int table_limit,

  compile_data *cd)

{

int c;

for (c = 0; c < table_limit; c++) start_bits[c] |= ~cd->cbits[c+cbit_type];

#if defined SUPPORT_UTF && defined COMPILE_PCRE8

if (table_limit != 32) for (c = 24; c < 32; c++) start_bits[c] = 0xff;

#endif

}

/*************************************************

*          Create bitmap of starting bytes       *

*************************************************/

/* This function scans a compiled unanchored expression recursively and

attempts to build a bitmap of the set of possible starting bytes. As time goes

by, we may be able to get more clever at doing this. The SSB_CONTINUE return is

useful for parenthesized groups in patterns such as (a*)b where the group

provides some optional starting bytes but scanning must continue at the outer

level to find at least one mandatory byte. At the outermost level, this

function fails unless the result is SSB_DONE.

Arguments:

  code         points to an expression

  start_bits   points to a 32-byte table, initialized to 0

  utf          TRUE if in UTF-8 / UTF-16 mode

  cd           the block with char table pointers

Returns:       SSB_FAIL     => Failed to find any starting bytes

               SSB_DONE     => Found mandatory starting bytes

               SSB_CONTINUE => Found optional starting bytes

               SSB_UNKNOWN  => Hit an unrecognized opcode

*/

static int

set_start_bits(const pcre_uchar *code, pcre_uint8 *start_bits, BOOL utf,

  compile_data *cd)

{

int c;

int yield = SSB_DONE;

#if defined SUPPORT_UTF && defined COMPILE_PCRE8

int table_limit = utf? 16:32;

#else

int table_limit = 32;

#endif

#if 0

/* ========================================================================= */

/* The following comment and code was inserted in January 1999. In May 2006,

when it was observed to cause compiler warnings about unused values, I took it

out again. If anybody is still using OS/2, they will have to put it back

manually. */

/* This next statement and the later reference to dummy are here in order to

trick the optimizer of the IBM C compiler for OS/2 into generating correct

code. Apparently IBM isn't going to fix the problem, and we would rather not

disable optimization (in this module it actually makes a big difference, and

the pcre module can use all the optimization it can get). */

volatile int dummy;

/* ========================================================================= */

#endif

do

  {

  BOOL try_next = TRUE;

  const pcre_uchar *tcode = code + 1 + LINK_SIZE;

  if (*code == OP_CBRA || *code == OP_SCBRA ||

      *code == OP_CBRAPOS || *code == OP_SCBRAPOS) tcode += IMM2_SIZE;

  while (try_next)    /* Loop for items in this branch */

    {

    int rc;

    switch(*tcode)

      {

      /* If we reach something we don't understand, it means a new opcode has

      been created that hasn't been added to this code. Hopefully this problem

      will be discovered during testing. */

      default:

      return SSB_UNKNOWN;

      /* Fail for a valid opcode that implies no starting bits. */

      case OP_ACCEPT:

      case OP_ASSERT_ACCEPT:

      case OP_ALLANY:

      case OP_ANY:

      case OP_ANYBYTE:

      case OP_CIRC:

      case OP_CIRCM:

      case OP_CLOSE:

      case OP_COMMIT:

      case OP_COND:

      case OP_CREF:

      case OP_DEF:

      case OP_DOLL:

      case OP_DOLLM:

      case OP_END:

      case OP_EOD:

      case OP_EODN:

      case OP_EXTUNI:

      case OP_FAIL:

      case OP_MARK:

      case OP_NCREF:

      case OP_NOT:

      case OP_NOTEXACT:

      case OP_NOTEXACTI:

      case OP_NOTI:

      case OP_NOTMINPLUS:

      case OP_NOTMINPLUSI:

      case OP_NOTMINQUERY:

      case OP_NOTMINQUERYI:

      case OP_NOTMINSTAR:

      case OP_NOTMINSTARI:

      case OP_NOTMINUPTO:

      case OP_NOTMINUPTOI:

      case OP_NOTPLUS:

      case OP_NOTPLUSI:

      case OP_NOTPOSPLUS:

      case OP_NOTPOSPLUSI:

      case OP_NOTPOSQUERY:

      case OP_NOTPOSQUERYI:

      case OP_NOTPOSSTAR:

      case OP_NOTPOSSTARI:

      case OP_NOTPOSUPTO:

      case OP_NOTPOSUPTOI:

      case OP_NOTPROP:

      case OP_NOTQUERY:

      case OP_NOTQUERYI:

      case OP_NOTSTAR:

      case OP_NOTSTARI:

      case OP_NOTUPTO:

      case OP_NOTUPTOI:

      case OP_NOT_HSPACE:

      case OP_NOT_VSPACE:

      case OP_NRREF:

      case OP_PROP:

      case OP_PRUNE:

      case OP_PRUNE_ARG:

      case OP_RECURSE:

      case OP_REF:

      case OP_REFI:

      case OP_REVERSE:

      case OP_RREF:

      case OP_SCOND:

      case OP_SET_SOM:

      case OP_SKIP:

      case OP_SKIP_ARG:

      case OP_SOD:

      case OP_SOM:

      case OP_THEN:

      case OP_THEN_ARG:

#if defined SUPPORT_UTF || !defined COMPILE_PCRE8

      case OP_XCLASS:

#endif

      return SSB_FAIL;

      /* We can ignore word boundary tests. */

      case OP_WORD_BOUNDARY:

      case OP_NOT_WORD_BOUNDARY:

      tcode++;

      break;

      /* If we hit a bracket or a positive lookahead assertion, recurse to set

      bits from within the subpattern. If it can't find anything, we have to

      give up. If it finds some mandatory character(s), we are done for this

      branch. Otherwise, carry on scanning after the subpattern. */

      case OP_BRA:

      case OP_SBRA:

      case OP_CBRA:

      case OP_SCBRA:

      case OP_BRAPOS:

      case OP_SBRAPOS:

      case OP_CBRAPOS:

      case OP_SCBRAPOS:

      case OP_ONCE:

      case OP_ONCE_NC:

      case OP_ASSERT:

      rc = set_start_bits(tcode, start_bits, utf, cd);

      if (rc == SSB_FAIL || rc == SSB_UNKNOWN) return rc;

      if (rc == SSB_DONE) try_next = FALSE; else

        {

        do tcode += GET(tcode, 1); while (*tcode == OP_ALT);

        tcode += 1 + LINK_SIZE;

        }

      break;

      /* If we hit ALT or KET, it means we haven't found anything mandatory in

      this branch, though we might have found something optional. For ALT, we

      continue with the next alternative, but we have to arrange that the final

      result from subpattern is SSB_CONTINUE rather than SSB_DONE. For KET,

      return SSB_CONTINUE: if this is the top level, that indicates failure,

      but after a nested subpattern, it causes scanning to continue. */

      case OP_ALT:

      yield = SSB_CONTINUE;

      try_next = FALSE;

      break;

      case OP_KET:

      case OP_KETRMAX:

      case OP_KETRMIN:

      case OP_KETRPOS:

      return SSB_CONTINUE;

      /* Skip over callout */

      case OP_CALLOUT:

      tcode += 2 + 2*LINK_SIZE;

      break;

      /* Skip over lookbehind and negative lookahead assertions */

      case OP_ASSERT_NOT:

      case OP_ASSERTBACK:

      case OP_ASSERTBACK_NOT:

      do tcode += GET(tcode, 1); while (*tcode == OP_ALT);

      tcode += 1 + LINK_SIZE;

      break;

      /* BRAZERO does the bracket, but carries on. */

      case OP_BRAZERO:

      case OP_BRAMINZERO:

      case OP_BRAPOSZERO:

      rc = set_start_bits(++tcode, start_bits, utf, cd);

      if (rc == SSB_FAIL || rc == SSB_UNKNOWN) return rc;

/* =========================================================================

      See the comment at the head of this function concerning the next line,

      which was an old fudge for the benefit of OS/2.

      dummy = 1;

  ========================================================================= */

      do tcode += GET(tcode,1); while (*tcode == OP_ALT);