/[pcre]/code/trunk/pcre_compile.c

Diff of /code/trunk/pcre_compile.c

Parent Directory | Revision Log | View Patch Patch

-revision 91 by nigel,
Sat Feb 24 21:41:34 2007 UTC
+revision 221 by ph10,
Fri Aug 17 09:25:08 2007 UTC
 Line 6
  and semantics are as close as possible to those of the Perl 5 language.
                         Written by Philip Hazel
-            Copyright (c) 1997-2006 University of Cambridge
+            Copyright (c) 1997-2007 University of Cambridge
  -----------------------------------------------------------------------------
  Redistribution and use in source and binary forms, with or without
 Line 42 
 POSSIBILITY OF SUCH DAMAGE.
  supporting internal functions that are not used by other modules. */
- #define NLBLOCK cd            /* The block containing newline information */
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
+ #define NLBLOCK cd             /* Block containing newline information */
+ #define PSSTART start_pattern  /* Field containing processed string start */
+ #define PSEND   end_pattern    /* Field containing processed string end */
  #include "pcre_internal.h"
-Line 54 
 used by pcretest. DEBUG is not defined w
+Line 61 
 used by pcretest. DEBUG is not defined w
  #endif
+ /* Macro for setting individual bits in class bitmaps. */
+ #define SETBIT(a,b) a[b/8] |= (1 << (b%8))
+ /* Maximum length value to check against when making sure that the integer that
+ holds the compiled pattern length does not overflow. We make it a bit less than
+ INT_MAX to allow for adding in group terminating bytes, so that we don't have
+ to check them every time. */
+ #define OFLOW_MAX (INT_MAX - 20)
  /*************************************************
  *      Code parameters and static tables         *
  *************************************************/
- /* Maximum number of items on the nested bracket stacks at compile time. This
+ /* This value specifies the size of stack workspace that is used during the
- applies to the nesting of all kinds of parentheses. It does not limit
+ first pre-compile phase that determines how much memory is required. The regex
- un-nested, non-capturing parentheses. This number can be made bigger if
+ is partly compiled into this space, but the compiled parts are discarded as
- necessary - it is used to dimension one int and one unsigned char vector at
+ soon as they can be, so that hopefully there will never be an overrun. The code
- compile time. */
+ does, however, check for an overrun. The largest amount I've seen used is 218,
+ so this number is very generous.
+ The same workspace is used during the second, actual compile phase for
+ remembering forward references to groups so that they can be filled in at the
+ end. Each entry in this list occupies LINK_SIZE bytes, so even when LINK_SIZE
+ is 4 there is plenty of room. */
- #define BRASTACK_SIZE 200
+ #define COMPILE_WORK_SIZE (4096)
  /* Table for handling escaped characters in the range '0'-'z'. Positive returns
-Line 73 
 are simple data values; negative values
+Line 97 
 are simple data values; negative values
  on. Zero means further processing is needed (for things like \x), or the escape
  is invalid. */
- #if !EBCDIC   /* This is the "normal" table for ASCII systems */
+ #ifndef EBCDIC  /* This is the "normal" table for ASCII systems */
  static const short int escapes[] = {
 ,      0,      0,      0,      0,      0,      0,      0,   /* 0 - 7 */
 ,      0,    ':',    ';',    '<',    '=',    '>',    '?',   /* 8 - ? */
     '@', -ESC_A, -ESC_B, -ESC_C, -ESC_D, -ESC_E,      0, -ESC_G,   /* @ - G */
-,      0,      0,      0,      0,      0,      0,      0,   /* H - O */
+ -ESC_H,      0,      0, -ESC_K,      0,      0,      0,      0,   /* H - O */
- -ESC_P, -ESC_Q,      0, -ESC_S,      0,      0,      0, -ESC_W,   /* P - W */
+ -ESC_P, -ESC_Q, -ESC_R, -ESC_S,      0,      0, -ESC_V, -ESC_W,   /* P - W */
  -ESC_X,      0, -ESC_Z,    '[',   '\\',    ']',    '^',    '_',   /* X - _ */
     '`',      7, -ESC_b,      0, -ESC_d,  ESC_e,  ESC_f,      0,   /* ` - g */
-,      0,      0,      0,      0,      0,  ESC_n,      0,   /* h - o */
+ -ESC_h,      0,      0, -ESC_k,      0,      0,  ESC_n,      0,   /* h - o */
- -ESC_p,      0,  ESC_r, -ESC_s,  ESC_tee,    0,      0, -ESC_w,   /* p - w */
+ -ESC_p,      0,  ESC_r, -ESC_s,  ESC_tee,    0, -ESC_v, -ESC_w,   /* p - w */
 ,      0, -ESC_z                                            /* x - z */
  };
- #else         /* This is the "abnormal" table for EBCDIC systems */
+ #else           /* This is the "abnormal" table for EBCDIC systems */
  static const short int escapes[] = {
  /*  48 */     0,     0,      0,     '.',    '<',   '(',    '+',    '|',
  /*  50 */   '&',     0,      0,       0,      0,     0,      0,      0,
-Line 97 
 static const short int escapes[] = {
+Line 121 
 static const short int escapes[] = {
  /*  70 */     0,     0,      0,       0,      0,     0,      0,      0,
  /*  78 */     0,   '`',    ':',     '#',    '@',  '\'',    '=',    '"',
  /*  80 */     0,     7, -ESC_b,       0, -ESC_d, ESC_e,  ESC_f,      0,
- /*  88 */     0,     0,      0,     '{',      0,     0,      0,      0,
+ /*  88 */-ESC_h,     0,      0,     '{',      0,     0,      0,      0,
- /*  90 */     0,     0,      0,     'l',      0, ESC_n,      0, -ESC_p,
+ /*  90 */     0,     0, -ESC_k,     'l',      0, ESC_n,      0, -ESC_p,
  /*  98 */     0, ESC_r,      0,     '}',      0,     0,      0,      0,
- /*  A0 */     0,   '~', -ESC_s, ESC_tee,      0,     0, -ESC_w,      0,
+ /*  A0 */     0,   '~', -ESC_s, ESC_tee,      0,-ESC_v, -ESC_w,      0,
  /*  A8 */     0,-ESC_z,      0,       0,      0,   '[',      0,      0,
  /*  B0 */     0,     0,      0,       0,      0,     0,      0,      0,
  /*  B8 */     0,     0,      0,       0,      0,   ']',    '=',    '-',
  /*  C0 */   '{',-ESC_A, -ESC_B,  -ESC_C, -ESC_D,-ESC_E,      0, -ESC_G,
- /*  C8 */     0,     0,      0,       0,      0,     0,      0,      0,
+ /*  C8 */-ESC_H,     0,      0,       0,      0,     0,      0,      0,
- /*  D0 */   '}',     0,      0,       0,      0,     0,      0, -ESC_P,
+ /*  D0 */   '}',     0, -ESC_K,       0,      0,     0,      0, -ESC_P,
- /*  D8 */-ESC_Q,     0,      0,       0,      0,     0,      0,      0,
+ /*  D8 */-ESC_Q,-ESC_R,      0,       0,      0,     0,      0,      0,
- /*  E0 */  '\\',     0, -ESC_S,       0,      0,     0, -ESC_W, -ESC_X,
+ /*  E0 */  '\\',     0, -ESC_S,       0,      0,-ESC_V, -ESC_W, -ESC_X,
  /*  E8 */     0,-ESC_Z,      0,       0,      0,     0,      0,      0,
  /*  F0 */     0,     0,      0,       0,      0,     0,      0,      0,
  /*  F8 */     0,     0,      0,       0,      0,     0,      0,      0
-Line 116 
 static const short int escapes[] = {
+Line 140 
 static const short int escapes[] = {
  #endif
+ /* Table of special "verbs" like (*PRUNE) */
+ typedef struct verbitem {
+   const char *name;
+   int   len;
+   int   op;
+ } verbitem;
+ static verbitem verbs[] = {
+   { "ACCEPT", 6, OP_ACCEPT },
+   { "COMMIT", 6, OP_COMMIT },
+   { "F",      1, OP_FAIL },
+   { "FAIL",   4, OP_FAIL },
+   { "PRUNE",  5, OP_PRUNE },
+   { "SKIP",   4, OP_SKIP  },
+   { "THEN",   4, OP_THEN  }
+ };
+ static int verbcount = sizeof(verbs)/sizeof(verbitem);
  /* Tables of names of POSIX character classes and their lengths. The list is
  terminated by a zero length entry. The first three must be alpha, lower, upper,
  as this is assumed for handling case independence. */
-Line 156 
 static const int posix_class_maps[] = {
+Line 201 
 static const int posix_class_maps[] = {
  };
+ #define STRING(a)  # a
+ #define XSTRING(s) STRING(s)
  /* The texts of compile-time error messages. These are "char *" because they
- are passed to the outside world. */
+ are passed to the outside world. Do not ever re-use any error number, because
+ they are documented. Always add a new error instead. Messages marked DEAD below
+ are no longer used. */
  static const char *error_texts[] = {
    "no error",
-Line 172 
 static const char *error_texts[] = {
+Line 222 
 static const char *error_texts[] = {
    "range out of order in character class",
    "nothing to repeat",
    /* 10 */
-   "operand of unlimited repeat could match the empty string",
+   "operand of unlimited repeat could match the empty string",  /** DEAD **/
    "internal error: unexpected repeat",
    "unrecognized character after (?",
    "POSIX named classes are supported only within a class",
-Line 182 
 static const char *error_texts[] = {
+Line 232 
 static const char *error_texts[] = {
    "erroffset passed as NULL",
    "unknown option bit(s) set",
    "missing ) after comment",
-   "parentheses nested too deeply",
+   "parentheses nested too deeply",  /** DEAD **/
    /* 20 */
-   "regular expression too large",
+   "regular expression is too large",
    "failed to get memory",
    "unmatched parentheses",
    "internal error: code overflow",
-Line 194 
 static const char *error_texts[] = {
+Line 244 
 static const char *error_texts[] = {
    "malformed number or name after (?(",
    "conditional group contains more than two branches",
    "assertion expected after (?(",
-   "(?R or (?digits must be followed by )",
+   "(?R or (?[+-]digits must be followed by )",
    /* 30 */
    "unknown POSIX class name",
    "POSIX collating elements are not supported",
    "this version of PCRE is not compiled with PCRE_UTF8 support",
-   "spare error",
+   "spare error",  /** DEAD **/
    "character value in \\x{...} sequence is too large",
    /* 35 */
    "invalid condition (?(0)",
-Line 210 
 static const char *error_texts[] = {
+Line 260 
 static const char *error_texts[] = {
    /* 40 */
    "recursive call could loop indefinitely",
    "unrecognized character after (?P",
-   "syntax error after (?P",
+   "syntax error in subpattern name (missing terminator)",
    "two named subpatterns have the same name",
    "invalid UTF-8 string",
    /* 45 */
    "support for \\P, \\p, and \\X has not been compiled",
    "malformed \\P or \\p sequence",
    "unknown property name after \\P or \\p",
-   "subpattern name is too long (maximum 32 characters)",
+   "subpattern name is too long (maximum " XSTRING(MAX_NAME_SIZE) " characters)",
-   "too many named subpatterns (maximum 10,000)",
+   "too many named subpatterns (maximum " XSTRING(MAX_NAME_COUNT) ")",
    /* 50 */
-   "repeated subpattern is too long",
+   "repeated subpattern is too long",    /** DEAD **/
-   "octal value is greater than \\377 (not in UTF-8 mode)"
+   "octal value is greater than \\377 (not in UTF-8 mode)",
+   "internal error: overran compiling workspace",
+   "internal error: previously-checked referenced subpattern not found",
+   "DEFINE group contains more than one branch",
+   /* 55 */
+   "repeating a DEFINE group is not allowed",
+   "inconsistent NEWLINE options",
+   "\\g is not followed by a braced name or an optionally braced non-zero number",
+   "(?+ or (?- or (?(+ or (?(- must be followed by a non-zero number",
+   "(*VERB) with an argument is not supported",
+   /* 60 */
+   "(*VERB) not recognized",
+   "number is too big"
  };
-Line 241 
 For convenience, we use the same bit def
+Line 303 
 For convenience, we use the same bit def
  Then we can use ctype_digit and ctype_xdigit in the code. */
- #if !EBCDIC    /* This is the "normal" case, for ASCII systems */
+ #ifndef EBCDIC  /* This is the "normal" case, for ASCII systems */
  static const unsigned char digitab[] =
    {
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7 */
-Line 277 
 static const unsigned char digitab[] =
+Line 339 
 static const unsigned char digitab[] =
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 240-247 */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};/* 248-255 */
- #else          /* This is the "abnormal" case, for EBCDIC systems */
+ #else           /* This is the "abnormal" case, for EBCDIC systems */
  static const unsigned char digitab[] =
    {
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*   0-  7  0 */
-Line 291 
 static const unsigned char digitab[] =
+Line 353 
 static const unsigned char digitab[] =
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*    - 71 40 */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  72- |     */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  & - 87 50 */
-x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  88- �     */
+x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  88- 95    */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  - -103 60 */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 104- ?     */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 70 */
-Line 325 
 static const unsigned char ebcdic_charta
+Line 387 
 static const unsigned char ebcdic_charta
 x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*    - 71 */
 x00,0x00,0x00,0x80,0x00,0x80,0x80,0x80, /*  72- |  */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  & - 87 */
-x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /*  88- �  */
+x00,0x00,0x00,0x80,0x80,0x80,0x00,0x00, /*  88- 95 */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /*  - -103 */
 x00,0x00,0x00,0x00,0x00,0x10,0x00,0x80, /* 104- ?  */
 x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, /* 112-119 */
-Line 352 
 static const unsigned char ebcdic_charta
+Line 414 
 static const unsigned char ebcdic_charta
  /* Definition to allow mutual recursion */
  static BOOL
-   compile_regex(int, int, int *, uschar **, const uschar **, int *, BOOL, int,
+   compile_regex(int, int, uschar **, const uschar **, int *, BOOL, BOOL, int,
-     int *, int *, branch_chain *, compile_data *);
+     int *, int *, branch_chain *, compile_data *, int *);
-Line 363 
 static BOOL
+Line 425 
 static BOOL
  /* This function is called when a \ has been encountered. It either returns a
  positive value for a simple escape such as \n, or a negative value which
- encodes one of the more complicated things such as \d. When UTF-8 is enabled,
+ encodes one of the more complicated things such as \d. A backreference to group
- a positive value greater than 255 may be returned. On entry, ptr is pointing at
+ n is returned as -(ESC_REF + n); ESC_REF is the highest ESC_xxx macro. When
- the \. On exit, it is on the final character of the escape sequence.
+ UTF-8 is enabled, a positive value greater than 255 may be returned. On entry,
+ ptr is pointing at the \. On exit, it is on the final character of the escape
+ sequence.
  Arguments:
    ptrptr         points to the pattern position pointer
-Line 376 
 Arguments:
+Line 440 
 Arguments:
  Returns:         zero or positive => a data character
                   negative => a special escape sequence
-                  on error, errorptr is set
+                  on error, errorcodeptr is set
  */
  static int
-Line 398 
 if (c == 0) *errorcodeptr = ERR1;
+Line 462 
 if (c == 0) *errorcodeptr = ERR1;
  a table. A non-zero result is something that can be returned immediately.
  Otherwise further processing may be required. */
- #if !EBCDIC    /* ASCII coding */
+ #ifndef EBCDIC  /* ASCII coding */
  else if (c < '0' || c > 'z') {}                           /* Not alphameric */
  else if ((i = escapes[c - '0']) != 0) c = i;
- #else          /* EBCDIC coding */
+ #else           /* EBCDIC coding */
  else if (c < 'a' || (ebcdic_chartab[c] & 0x0E) == 0) {}   /* Not alphameric */
  else if ((i = escapes[c - 0x48]) != 0)  c = i;
  #endif
-Line 412 
 else if ((i = escapes[c - 0x48]) != 0)
+Line 476 
 else if ((i = escapes[c - 0x48]) != 0)
  else
    {
    const uschar *oldptr;
+   BOOL braced, negated;
    switch (c)
      {
      /* A number of Perl escapes are not handled by PCRE. We give an explicit
-Line 425 
 else
+Line 491 
 else
      *errorcodeptr = ERR37;
      break;
+     /* \g must be followed by a number, either plain or braced. If positive, it
+     is an absolute backreference. If negative, it is a relative backreference.
+     This is a Perl 5.10 feature. Perl 5.10 also supports \g{name} as a
+     reference to a named group. This is part of Perl's movement towards a
+     unified syntax for back references. As this is synonymous with \k{name}, we
+     fudge it up by pretending it really was \k. */
+     case 'g':
+     if (ptr[1] == '{')
+       {
+       const uschar *p;
+       for (p = ptr+2; *p != 0 && *p != '}'; p++)
+         if (*p != '-' && (digitab[*p] & ctype_digit) == 0) break;
+       if (*p != 0 && *p != '}')
+         {
+         c = -ESC_k;
+         break;
+         }
+       braced = TRUE;
+       ptr++;
+       }
+     else braced = FALSE;
+     if (ptr[1] == '-')
+       {
+       negated = TRUE;
+       ptr++;
+       }
+     else negated = FALSE;
+     c = 0;
+     while ((digitab[ptr[1]] & ctype_digit) != 0)
+       c = c * 10 + *(++ptr) - '0';
+     if (c < 0)
+       {
+       *errorcodeptr = ERR61;
+       break;
+       }
+     if (c == 0 || (braced && *(++ptr) != '}'))
+       {
+       *errorcodeptr = ERR57;
+       break;
+       }
+     if (negated)
+       {
+       if (c > bracount)
+         {
+         *errorcodeptr = ERR15;
+         break;
+         }
+       c = bracount - (c - 1);
+       }
+     c = -(ESC_REF + c);
+     break;
      /* The handling of escape sequences consisting of a string of digits
      starting with one that is not zero is not straightforward. By experiment,
      the way Perl works seems to be as follows:
-Line 446 
 else
+Line 571 
 else
        c -= '0';
        while ((digitab[ptr[1]] & ctype_digit) != 0)
          c = c * 10 + *(++ptr) - '0';
+       if (c < 0)
+         {
+         *errorcodeptr = ERR61;
+         break;
+         }
        if (c < 10 || c <= bracount)
          {
          c = -(ESC_REF + c);
-Line 495 
 else
+Line 625 
 else
          if (c == 0 && cc == '0') continue;     /* Leading zeroes */
          count++;
- #if !EBCDIC    /* ASCII coding */
+ #ifndef EBCDIC  /* ASCII coding */
          if (cc >= 'a') cc -= 32;               /* Convert to upper case */
          c = (c << 4) + cc - ((cc < 'A')? '0' : ('A' - 10));
- #else          /* EBCDIC coding */
+ #else           /* EBCDIC coding */
          if (cc >= 'a' && cc <= 'z') cc += 64;  /* Convert to upper case */
          c = (c << 4) + cc - ((cc >= '0')? '0' : ('A' - 10));
  #endif
-Line 522 
 else
+Line 652 
 else
        {
        int cc;                               /* Some compilers don't like ++ */
        cc = *(++ptr);                        /* in initializers */
- #if !EBCDIC    /* ASCII coding */
+ #ifndef EBCDIC  /* ASCII coding */
        if (cc >= 'a') cc -= 32;              /* Convert to upper case */
        c = c * 16 + cc - ((cc < 'A')? '0' : ('A' - 10));
- #else          /* EBCDIC coding */
+ #else           /* EBCDIC coding */
        if (cc <= 'z') cc += 64;              /* Convert to upper case */
        c = c * 16 + cc - ((cc >= '0')? '0' : ('A' - 10));
  #endif
        }
      break;
-     /* Other special escapes not starting with a digit are straightforward */
+     /* For \c, a following letter is upper-cased; then the 0x40 bit is flipped.
+     This coding is ASCII-specific, but then the whole concept of \cx is
+     ASCII-specific. (However, an EBCDIC equivalent has now been added.) */
      case 'c':
      c = *(++ptr);
      if (c == 0)
        {
        *errorcodeptr = ERR2;
-       return 0;
+       break;
        }
-     /* A letter is upper-cased; then the 0x40 bit is flipped. This coding
+ #ifndef EBCDIC  /* ASCII coding */
-     is ASCII-specific, but then the whole concept of \cx is ASCII-specific.
-     (However, an EBCDIC equivalent has now been added.) */
- #if !EBCDIC    /* ASCII coding */
      if (c >= 'a' && c <= 'z') c -= 32;
      c ^= 0x40;
- #else          /* EBCDIC coding */
+ #else           /* EBCDIC coding */
      if (c >= 'a' && c <= 'z') c += 64;
      c ^= 0xC0;
  #endif
-Line 619 
 if (c == '{')
+Line 747 
 if (c == '{')
      *negptr = TRUE;
      ptr++;
      }
-   for (i = 0; i < sizeof(name) - 1; i++)
+   for (i = 0; i < (int)sizeof(name) - 1; i++)
      {
      c = *(++ptr);
      if (c == 0) goto ERROR_RETURN;
-Line 772 
 return p;
+Line 900 
 return p;
  /*************************************************
- *     Find forward referenced named subpattern   *
+ *       Find forward referenced subpattern       *
  *************************************************/
- /* This function scans along a pattern looking for capturing subpatterns, and
+ /* This function scans along a pattern's text looking for capturing
- counting them. If it finds a named pattern that matches the name it is given,
+ subpatterns, and counting them. If it finds a named pattern that matches the
- it returns its number. This is used for forward references to named
+ name it is given, it returns its number. Alternatively, if the name is NULL, it
- subpatterns. We know that if (?P< is encountered, the name will be terminated
+ returns when it reaches a given numbered subpattern. This is used for forward
- by '>' because that is checked in the first pass.
+ references to subpatterns. We know that if (?P< is encountered, the name will
+ be terminated by '>' because that is checked in the first pass.
  Arguments:
-   pointer      current position in the pattern
+   ptr          current position in the pattern
-   count        current count of capturing parens
+   count        current count of capturing parens so far encountered
-   name         name to seek
+   name         name to seek, or NULL if seeking a numbered subpattern
-   namelen      name length
+   lorn         name length, or subpattern number if name is NULL
+   xmode        TRUE if we are in /x mode
  Returns:       the number of the named subpattern, or -1 if not found
  */
  static int
- find_named_parens(const uschar *ptr, int count, const uschar *name, int namelen)
+ find_parens(const uschar *ptr, int count, const uschar *name, int lorn,
+   BOOL xmode)
  {
  const uschar *thisname;
  for (; *ptr != 0; ptr++)
    {
-   if (*ptr == '\\' && ptr[1] != 0) { ptr++; continue; }
+   int term;
+   /* Skip over backslashed characters and also entire \Q...\E */
+   if (*ptr == '\\')
+     {
+     if (*(++ptr) == 0) return -1;
+     if (*ptr == 'Q') for (;;)
+       {
+       while (*(++ptr) != 0 && *ptr != '\\');
+       if (*ptr == 0) return -1;
+       if (*(++ptr) == 'E') break;
+       }
+     continue;
+     }
+   /* Skip over character classes */
+   if (*ptr == '[')
+     {
+     while (*(++ptr) != ']')
+       {
+       if (*ptr == 0) return -1;
+       if (*ptr == '\\')
+         {
+         if (*(++ptr) == 0) return -1;
+         if (*ptr == 'Q') for (;;)
+           {
+           while (*(++ptr) != 0 && *ptr != '\\');
+           if (*ptr == 0) return -1;
+           if (*(++ptr) == 'E') break;
+           }
+         continue;
+         }
+       }
+     continue;
+     }
+   /* Skip comments in /x mode */
+   if (xmode && *ptr == '#')
+     {
+     while (*(++ptr) != 0 && *ptr != '\n');
+     if (*ptr == 0) return -1;
+     continue;
+     }
+   /* An opening parens must now be a real metacharacter */
    if (*ptr != '(') continue;
-   if (ptr[1] != '?') { count++; continue; }
+   if (ptr[1] != '?' && ptr[1] != '*')
-   if (ptr[2] == '(') { ptr += 2; continue; }
+     {
-   if (ptr[2] != 'P' || ptr[3] != '<') continue;
+     count++;
+     if (name == NULL && count == lorn) return count;
+     continue;
+     }
+   ptr += 2;
+   if (*ptr == 'P') ptr++;                      /* Allow optional P */
+   /* We have to disambiguate (?<! and (?<= from (?<name> */
+   if ((*ptr != '<' || ptr[1] == '!' || ptr[1] == '=') &&
+        *ptr != '\'')
+     continue;
    count++;
-   ptr += 4;
+   if (name == NULL && count == lorn) return count;
+   term = *ptr++;
+   if (term == '<') term = '>';
    thisname = ptr;
-   while (*ptr != '>') ptr++;
+   while (*ptr != term) ptr++;
-   if (namelen == ptr - thisname && strncmp(name, thisname, namelen) == 0)
+   if (name != NULL && lorn == ptr - thisname &&
+       strncmp((const char *)name, (const char *)thisname, lorn) == 0)
      return count;
    }
  return -1;
  }
-Line 862 
 for (;;)
+Line 1060 
 for (;;)
      case OP_CALLOUT:
      case OP_CREF:
-     case OP_BRANUMBER:
+     case OP_RREF:
+     case OP_DEF:
      code += _pcre_OP_lengths[*code];
      break;
-Line 907 
 for (;;)
+Line 1106 
 for (;;)
    {
    int d;
    register int op = *cc;
-   if (op >= OP_BRA) op = OP_BRA;
    switch (op)
      {
+     case OP_CBRA:
      case OP_BRA:
      case OP_ONCE:
      case OP_COND:
-     d = find_fixedlength(cc, options);
+     d = find_fixedlength(cc + ((op == OP_CBRA)? 2:0), options);
      if (d < 0) return d;
      branchlength += d;
      do cc += GET(cc, 1); while (*cc == OP_ALT);
-Line 949 
 for (;;)
+Line 1147 
 for (;;)
      /* Skip over things that don't match chars */
      case OP_REVERSE:
-     case OP_BRANUMBER:
      case OP_CREF:
+     case OP_RREF:
+     case OP_DEF:
      case OP_OPT:
      case OP_CALLOUT:
      case OP_SOD:
-Line 995 
 for (;;)
+Line 1194 
 for (;;)
      case OP_TYPEEXACT:
      branchlength += GET2(cc,1);
+     if (cc[3] == OP_PROP || cc[3] == OP_NOTPROP) cc += 2;
      cc += 4;
      break;
-Line 1094 
 for (;;)
+Line 1294 
 for (;;)
    if (c == OP_XCLASS) code += GET(code, 1);
-   /* Handle bracketed group */
+   /* Handle capturing bracket */
-   else if (c > OP_BRA)
+   else if (c == OP_CBRA)
      {
-     int n = c - OP_BRA;
+     int n = GET2(code, 1+LINK_SIZE);
-     if (n > EXTRACT_BASIC_MAX) n = GET2(code, 2+LINK_SIZE);
      if (n == number) return (uschar *)code;
-     code += _pcre_OP_lengths[OP_BRA];
+     code += _pcre_OP_lengths[c];
      }
-   /* Otherwise, we get the item's length from the table. In UTF-8 mode, opcodes
+   /* Otherwise, we can get the item's length from the table, except that for
-   that are followed by a character may be followed by a multi-byte character.
+   repeated character types, we have to test for \p and \P, which have an extra
-   The length in the table is a minimum, so we have to scan along to skip the
+   two bytes of parameters. */
-   extra bytes. All opcodes are less than 128, so we can use relatively
-   efficient code. */
    else
      {
+     switch(c)
+       {
+       case OP_TYPESTAR:
+       case OP_TYPEMINSTAR:
+       case OP_TYPEPLUS:
+       case OP_TYPEMINPLUS:
+       case OP_TYPEQUERY:
+       case OP_TYPEMINQUERY:
+       case OP_TYPEPOSSTAR:
+       case OP_TYPEPOSPLUS:
+       case OP_TYPEPOSQUERY:
+       if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
+       break;
+       case OP_TYPEUPTO:
+       case OP_TYPEMINUPTO:
+       case OP_TYPEEXACT:
+       case OP_TYPEPOSUPTO:
+       if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
+       break;
+       }
+     /* Add in the fixed length from the table */
      code += _pcre_OP_lengths[c];
+   /* In UTF-8 mode, opcodes that are followed by a character may be followed by
+   a multi-byte character. The length in the table is a minimum, so we have to
+   arrange to skip the extra bytes. */
+ #ifdef SUPPORT_UTF8
      if (utf8) switch(c)
        {
        case OP_CHAR:
-Line 1120 
 for (;;)
+Line 1347 
 for (;;)
        case OP_EXACT:
        case OP_UPTO:
        case OP_MINUPTO:
+       case OP_POSUPTO:
        case OP_STAR:
        case OP_MINSTAR:
+       case OP_POSSTAR:
        case OP_PLUS:
        case OP_MINPLUS:
+       case OP_POSPLUS:
        case OP_QUERY:
        case OP_MINQUERY:
-       while ((*code & 0xc0) == 0x80) code++;
+       case OP_POSQUERY:
+       if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
        break;
        }
+ #endif
      }
    }
  }
-Line 1164 
 for (;;)
+Line 1396 
 for (;;)
    if (c == OP_XCLASS) code += GET(code, 1);
-   /* All bracketed groups have the same length. */
+   /* Otherwise, we can get the item's length from the table, except that for
+   repeated character types, we have to test for \p and \P, which have an extra
+   two bytes of parameters. */
-   else if (c > OP_BRA)
+   else
      {
-     code += _pcre_OP_lengths[OP_BRA];
+     switch(c)
-     }
+       {
+       case OP_TYPESTAR:
+       case OP_TYPEMINSTAR:
+       case OP_TYPEPLUS:
+       case OP_TYPEMINPLUS:
+       case OP_TYPEQUERY:
+       case OP_TYPEMINQUERY:
+       case OP_TYPEPOSSTAR:
+       case OP_TYPEPOSPLUS:
+       case OP_TYPEPOSQUERY:
+       if (code[1] == OP_PROP || code[1] == OP_NOTPROP) code += 2;
+       break;
+       case OP_TYPEPOSUPTO:
+       case OP_TYPEUPTO:
+       case OP_TYPEMINUPTO:
+       case OP_TYPEEXACT:
+       if (code[3] == OP_PROP || code[3] == OP_NOTPROP) code += 2;
+       break;
+       }
-   /* Otherwise, we get the item's length from the table. In UTF-8 mode, opcodes
+     /* Add in the fixed length from the table */
-   that are followed by a character may be followed by a multi-byte character.
-   The length in the table is a minimum, so we have to scan along to skip the
-   extra bytes. All opcodes are less than 128, so we can use relatively
-   efficient code. */
-   else
-     {
      code += _pcre_OP_lengths[c];
+     /* In UTF-8 mode, opcodes that are followed by a character may be followed
+     by a multi-byte character. The length in the table is a minimum, so we have
+     to arrange to skip the extra bytes. */
+ #ifdef SUPPORT_UTF8
      if (utf8) switch(c)
        {
        case OP_CHAR:
-Line 1187 
 for (;;)
+Line 1440 
 for (;;)
        case OP_EXACT:
        case OP_UPTO:
        case OP_MINUPTO:
+       case OP_POSUPTO:
        case OP_STAR:
        case OP_MINSTAR:
+       case OP_POSSTAR:
        case OP_PLUS:
        case OP_MINPLUS:
+       case OP_POSPLUS:
        case OP_QUERY:
        case OP_MINQUERY:
-       while ((*code & 0xc0) == 0x80) code++;
+       case OP_POSQUERY:
+       if (code[-1] >= 0xc0) code += _pcre_utf8_table4[code[-1] & 0x3f];
        break;
        }
+ #endif
      }
    }
  }
-Line 1207 
 for (;;)
+Line 1465 
 for (;;)
  *************************************************/
  /* This function scans through a branch of a compiled pattern to see whether it
- can match the empty string or not. It is called only from could_be_empty()
+ can match the empty string or not. It is called from could_be_empty()
- below. Note that first_significant_code() skips over assertions. If we hit an
+ below and from compile_branch() when checking for an unlimited repeat of a
- unclosed bracket, we return "empty" - this means we've struck an inner bracket
+ group that can match nothing. Note that first_significant_code() skips over
- whose current branch will already have been scanned.
+ assertions. If we hit an unclosed bracket, we return "empty" - this means we've
+ struck an inner bracket whose current branch will already have been scanned.
  Arguments:
    code        points to start of search
-Line 1224 
 static BOOL
+Line 1483 
 static BOOL
  could_be_empty_branch(const uschar *code, const uschar *endcode, BOOL utf8)
  {
  register int c;
- for (code = first_significant_code(code + 1 + LINK_SIZE, NULL, 0, TRUE);
+ for (code = first_significant_code(code + _pcre_OP_lengths[*code], NULL, 0, TRUE);
       code < endcode;
       code = first_significant_code(code + _pcre_OP_lengths[c], NULL, 0, TRUE))
    {
-Line 1232 
 for (code = first_significant_code(code
+Line 1491 
 for (code = first_significant_code(code
    c = *code;
-   if (c >= OP_BRA)
+   /* Groups with zero repeats can of course be empty; skip them. */
+   if (c == OP_BRAZERO || c == OP_BRAMINZERO)
+     {
+     code += _pcre_OP_lengths[c];
+     do code += GET(code, 1); while (*code == OP_ALT);
+     c = *code;
+     continue;
+     }
+   /* For other groups, scan the branches. */
+   if (c == OP_BRA || c == OP_CBRA || c == OP_ONCE || c == OP_COND)
      {
      BOOL empty_branch;
      if (GET(code, 1) == 0) return TRUE;    /* Hit unclosed bracket */
-Line 1248 
 for (code = first_significant_code(code
+Line 1519 
 for (code = first_significant_code(code
        }
      while (*code == OP_ALT);
      if (!empty_branch) return FALSE;   /* All branches are non-empty */
-     code += 1 + LINK_SIZE;
      c = *code;
+     continue;
      }
-   else switch (c)
+   /* Handle the other opcodes */
+   switch (c)
      {
-     /* Check for quantifiers after a class */
+     /* Check for quantifiers after a class. XCLASS is used for classes that
+     cannot be represented just by a bit map. This includes negated single
+     high-valued characters. The length in _pcre_OP_lengths[] is zero; the
+     actual length is stored in the compiled code, so we must update "code"
+     here. */
  #ifdef SUPPORT_UTF8
      case OP_XCLASS:
-     ccode = code + GET(code, 1);
+     ccode = code += GET(code, 1);
      goto CHECK_CLASS_REPEAT;
  #endif
-Line 1308 
 for (code = first_significant_code(code
+Line 1585 
 for (code = first_significant_code(code
      case OP_NOT:
      case OP_PLUS:
      case OP_MINPLUS:
+     case OP_POSPLUS:
      case OP_EXACT:
      case OP_NOTPLUS:
      case OP_NOTMINPLUS:
+     case OP_NOTPOSPLUS:
      case OP_NOTEXACT:
      case OP_TYPEPLUS:
      case OP_TYPEMINPLUS:
+     case OP_TYPEPOSPLUS:
      case OP_TYPEEXACT:
      return FALSE;
-Line 1325 
 for (code = first_significant_code(code
+Line 1605 
 for (code = first_significant_code(code
      case OP_ALT:
      return TRUE;
-     /* In UTF-8 mode, STAR, MINSTAR, QUERY, MINQUERY, UPTO, and MINUPTO  may be
+     /* In UTF-8 mode, STAR, MINSTAR, POSSTAR, QUERY, MINQUERY, POSQUERY, UPTO,
-     followed by a multibyte character */
+     MINUPTO, and POSUPTO may be followed by a multibyte character */
  #ifdef SUPPORT_UTF8
      case OP_STAR:
      case OP_MINSTAR:
+     case OP_POSSTAR:
      case OP_QUERY:
      case OP_MINQUERY:
+     case OP_POSQUERY:
      case OP_UPTO:
      case OP_MINUPTO:
+     case OP_POSUPTO:
      if (utf8) while ((code[2] & 0xc0) == 0x80) code++;
      break;
  #endif
-Line 1452 
 earlier groups that are outside the curr
+Line 1735 
 earlier groups that are outside the curr
  optional (i.e. the minimum quantifier is zero), OP_BRAZERO is inserted before
  it, after it has been compiled. This means that any OP_RECURSE items within it
  that refer to the group itself or any contained groups have to have their
- offsets adjusted. That is the job of this function. Before it is called, the
+ offsets adjusted. That one of the jobs of this function. Before it is called,
- partially compiled regex must be temporarily terminated with OP_END.
+ the partially compiled regex must be temporarily terminated with OP_END.
+ This function has been extended with the possibility of forward references for
+ recursions and subroutine calls. It must also check the list of such references
+ for the group we are dealing with. If it finds that one of the recursions in
+ the current group is on this list, it adjusts the offset in the list, not the
+ value in the reference (which is a group number).
  Arguments:
    group      points to the start of the group
    adjust     the amount by which the group is to be moved
    utf8       TRUE in UTF-8 mode
    cd         contains pointers to tables etc.
+   save_hwm   the hwm forward reference pointer at the start of the group
  Returns:     nothing
  */
  static void
- adjust_recurse(uschar *group, int adjust, BOOL utf8, compile_data *cd)
+ adjust_recurse(uschar *group, int adjust, BOOL utf8, compile_data *cd,
+   uschar *save_hwm)
  {
  uschar *ptr = group;
  while ((ptr = (uschar *)find_recurse(ptr, utf8)) != NULL)
    {
-   int offset = GET(ptr, 1);
+   int offset;
-   if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);
+   uschar *hc;
+   /* See if this recursion is on the forward reference list. If so, adjust the
+   reference. */
+   for (hc = save_hwm; hc < cd->hwm; hc += LINK_SIZE)
+     {
+     offset = GET(hc, 0);
+     if (cd->start_code + offset == ptr + 1)
+       {
+       PUT(hc, 0, offset + adjust);
+       break;
+       }
+     }
+   /* Otherwise, adjust the recursion offset if it's after the start of this
+   group. */
+   if (hc >= cd->hwm)
+     {
+     offset = GET(ptr, 1);
+     if (cd->start_code + offset >= group) PUT(ptr, 1, offset + adjust);
+     }
    ptr += 1 + LINK_SIZE;
    }
  }
-Line 1550 
 Yield:        TRUE when range returned;
+Line 1864 
 Yield:        TRUE when range returned;
  */
  static BOOL
- get_othercase_range(int *cptr, int d, int *ocptr, int *odptr)
+ get_othercase_range(unsigned int *cptr, unsigned int d, unsigned int *ocptr,
+   unsigned int *odptr)
  {
- int c, othercase, next;
+ unsigned int c, othercase, next;
  for (c = *cptr; c <= d; c++)
-   { if ((othercase = _pcre_ucp_othercase(c)) >= 0) break; }
+   { if ((othercase = _pcre_ucp_othercase(c)) != NOTACHAR) break; }
  if (c > d) return FALSE;
-Line 1576 
 return TRUE;
+Line 1891 
 return TRUE;
  #endif  /* SUPPORT_UCP */
  /*************************************************
- *           Compile one branch                   *
+ *     Check if auto-possessifying is possible    *
  *************************************************/
- /* Scan the pattern, compiling it into the code vector. If the options are
+ /* This function is called for unlimited repeats of certain items, to see
- changed during the branch, the pointer is used to change the external options
+ whether the next thing could possibly match the repeated item. If not, it makes
- bits.
+ sense to automatically possessify the repeated item.
  Arguments:
-   optionsptr     pointer to the option bits
+   op_code       the repeated op code
-   brackets       points to number of extracting brackets used
+   this          data for this item, depends on the opcode
-   codeptr        points to the pointer to the current code point
+   utf8          TRUE in UTF-8 mode
-   ptrptr         points to the current pattern pointer
+   utf8_char     used for utf8 character bytes, NULL if not relevant
-   errorcodeptr   points to error code variable
+   ptr           next character in pattern
-   firstbyteptr   set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)
+   options       options bits
-   reqbyteptr     set to the last literal character required, else < 0
+   cd            contains pointers to tables etc.
-   bcptr          points to current branch chain
-   cd             contains pointers to tables etc.
- Returns:         TRUE on success
+ Returns:        TRUE if possessifying is wanted
-                  FALSE, with *errorcodeptr set non-zero on error
  */
  static BOOL
- compile_branch(int *optionsptr, int *brackets, uschar **codeptr,
+ check_auto_possessive(int op_code, int item, BOOL utf8, uschar *utf8_char,
-   const uschar **ptrptr, int *errorcodeptr, int *firstbyteptr,
+   const uschar *ptr, int options, compile_data *cd)
-   int *reqbyteptr, branch_chain *bcptr, compile_data *cd)
  {
- int repeat_type, op_type;
+ int next;
- int repeat_min = 0, repeat_max = 0;      /* To please picky compilers */
- int bravalue = 0;
+ /* Skip whitespace and comments in extended mode */
- int greedy_default, greedy_non_default;
- int firstbyte, reqbyte;
+ if ((options & PCRE_EXTENDED) != 0)
- int zeroreqbyte, zerofirstbyte;
+   {
- int req_caseopt, reqvary, tempreqvary;
+   for (;;)
- int options = *optionsptr;
+     {
- int after_manual_callout = 0;
+     while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
- register int c;
+     if (*ptr == '#')
- register uschar *code = *codeptr;
+       {
- uschar *tempcode;
+       while (*(++ptr) != 0)
- BOOL inescq = FALSE;
+         if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
- BOOL groupsetfirstbyte = FALSE;
+       }
- const uschar *ptr = *ptrptr;
+     else break;
- const uschar *tempptr;
+     }
- uschar *previous = NULL;
+   }
- uschar *previous_callout = NULL;
- uschar classbits[32];
+ /* If the next item is one that we can handle, get its value. A non-negative
+ value is a character, a negative value is an escape value. */
+ if (*ptr == '\\')
+   {
+   int temperrorcode = 0;
+   next = check_escape(&ptr, &temperrorcode, cd->bracount, options, FALSE);
+   if (temperrorcode != 0) return FALSE;
+   ptr++;    /* Point after the escape sequence */
+   }
+ else if ((cd->ctypes[*ptr] & ctype_meta) == 0)
+   {
  #ifdef SUPPORT_UTF8
- BOOL class_utf8;
+   if (utf8) { GETCHARINC(next, ptr); } else
- BOOL utf8 = (options & PCRE_UTF8) != 0;
- uschar *class_utf8data;
- uschar utf8_char[6];
- #else
- BOOL utf8 = FALSE;
  #endif
+   next = *ptr++;
+   }
- /* Set up the default and non-default settings for greediness */
+ else return FALSE;
- greedy_default = ((options & PCRE_UNGREEDY) != 0);
+ /* Skip whitespace and comments in extended mode */
- greedy_non_default = greedy_default ^ 1;
- /* Initialize no first byte, no required byte. REQ_UNSET means "no char
+ if ((options & PCRE_EXTENDED) != 0)
- matching encountered yet". It gets changed to REQ_NONE if we hit something that
+   {
- matches a non-fixed char first char; reqbyte just remains unset if we never
+   for (;;)
- find one.
+     {
+     while ((cd->ctypes[*ptr] & ctype_space) != 0) ptr++;
+     if (*ptr == '#')
+       {
+       while (*(++ptr) != 0)
+         if (IS_NEWLINE(ptr)) { ptr += cd->nllen; break; }
+       }
+     else break;
+     }
+   }
- When we hit a repeat whose minimum is zero, we may have to adjust these values
+ /* If the next thing is itself optional, we have to give up. */
- to take the zero repeat into account. This is implemented by setting them to
- zerofirstbyte and zeroreqbyte when such a repeat is encountered. The individual
- item types that can be repeated set these backoff variables appropriately. */
- firstbyte = reqbyte = zerofirstbyte = zeroreqbyte = REQ_UNSET;
+ if (*ptr == '*' || *ptr == '?' || strncmp((char *)ptr, "{0,", 3) == 0)
+   return FALSE;
- /* The variable req_caseopt contains either the REQ_CASELESS value or zero,
+ /* Now compare the next item with the previous opcode. If the previous is a
- according to the current setting of the caseless flag. REQ_CASELESS is a bit
+ positive single character match, "item" either contains the character or, if
- value > 255. It is added into the firstbyte or reqbyte variables to record the
+ "item" is greater than 127 in utf8 mode, the character's bytes are in
- case status of the value. This is used only for ASCII characters. */
+ utf8_char. */
- req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
- /* Switch on next character until the end of the branch */
+ /* Handle cases when the next item is a character. */
- for (;; ptr++)
+ if (next >= 0) switch(op_code)
    {
-   BOOL negate_class;
+   case OP_CHAR:
-   BOOL possessive_quantifier;
+ #ifdef SUPPORT_UTF8
-   BOOL is_quantifier;
+   if (utf8 && item > 127) { GETCHAR(item, utf8_char); }
-   int class_charcount;
+ #endif
-   int class_lastchar;
+   return item != next;
-   int newoptions;
-   int recno;
-   int skipbytes;
-   int subreqbyte;
-   int subfirstbyte;
-   int mclength;
-   uschar mcbuffer[8];
-   /* Next byte in the pattern */
+   /* For CHARNC (caseless character) we must check the other case. If we have
+   Unicode property support, we can use it to test the other case of
+   high-valued characters. */
-   c = *ptr;
+   case OP_CHARNC:
+ #ifdef SUPPORT_UTF8
+   if (utf8 && item > 127) { GETCHAR(item, utf8_char); }
+ #endif
+   if (item == next) return FALSE;
+ #ifdef SUPPORT_UTF8
+   if (utf8)
+     {
+     unsigned int othercase;
+     if (next < 128) othercase = cd->fcc[next]; else
+ #ifdef SUPPORT_UCP
+     othercase = _pcre_ucp_othercase((unsigned int)next);
+ #else
+     othercase = NOTACHAR;
+ #endif
+     return (unsigned int)item != othercase;
+     }
+   else
+ #endif  /* SUPPORT_UTF8 */
+   return (item != cd->fcc[next]);  /* Non-UTF-8 mode */
-   /* If in \Q...\E, check for the end; if not, we have a literal */
+   /* For OP_NOT, "item" must be a single-byte character. */
-   if (inescq && c != 0)
+   case OP_NOT:
+   if (next < 0) return FALSE;  /* Not a character */
+   if (item == next) return TRUE;
+   if ((options & PCRE_CASELESS) == 0) return FALSE;
+ #ifdef SUPPORT_UTF8
+   if (utf8)
      {
-     if (c == '\\' && ptr[1] == 'E')
+     unsigned int othercase;
-       {
+     if (next < 128) othercase = cd->fcc[next]; else
-       inescq = FALSE;
+ #ifdef SUPPORT_UCP
-       ptr++;
+     othercase = _pcre_ucp_othercase(next);
-       continue;
+ #else
-       }
+     othercase = NOTACHAR;
-     else
+ #endif
-       {
+     return (unsigned int)item == othercase;
-       if (previous_callout != NULL)
+     }
-         {
+   else
-         complete_callout(previous_callout, ptr, cd);
+ #endif  /* SUPPORT_UTF8 */
+   return (item == cd->fcc[next]);  /* Non-UTF-8 mode */
+   case OP_DIGIT:
+   return next > 127 || (cd->ctypes[next] & ctype_digit) == 0;
+   case OP_NOT_DIGIT:
+   return next <= 127 && (cd->ctypes[next] & ctype_digit) != 0;
+   case OP_WHITESPACE:
+   return next > 127 || (cd->ctypes[next] & ctype_space) == 0;
+   case OP_NOT_WHITESPACE:
+   return next <= 127 && (cd->ctypes[next] & ctype_space) != 0;
+   case OP_WORDCHAR:
+   return next > 127 || (cd->ctypes[next] & ctype_word) == 0;
+   case OP_NOT_WORDCHAR:
+   return next <= 127 && (cd->ctypes[next] & ctype_word) != 0;
+   case OP_HSPACE:
+   case OP_NOT_HSPACE:
+   switch(next)
+     {
+     case 0x09:
+     case 0x20:
+     case 0xa0:
+     case 0x1680:
+     case 0x180e:
+     case 0x2000:
+     case 0x2001:
+     case 0x2002:
+     case 0x2003:
+     case 0x2004:
+     case 0x2005:
+     case 0x2006:
+     case 0x2007:
+     case 0x2008:
+     case 0x2009:
+     case 0x200A:
+     case 0x202f:
+     case 0x205f:
+     case 0x3000:
+     return op_code != OP_HSPACE;
+     default:
+     return op_code == OP_HSPACE;
+     }
+   case OP_VSPACE:
+   case OP_NOT_VSPACE:
+   switch(next)
+     {
+     case 0x0a:
+     case 0x0b:
+     case 0x0c:
+     case 0x0d:
+     case 0x85:
+     case 0x2028:
+     case 0x2029:
+     return op_code != OP_VSPACE;
+     default:
+     return op_code == OP_VSPACE;
+     }
+   default:
+   return FALSE;
+   }
+ /* Handle the case when the next item is \d, \s, etc. */
+ switch(op_code)
+   {
+   case OP_CHAR:
+   case OP_CHARNC:
+ #ifdef SUPPORT_UTF8
+   if (utf8 && item > 127) { GETCHAR(item, utf8_char); }
+ #endif
+   switch(-next)
+     {
+     case ESC_d:
+     return item > 127 || (cd->ctypes[item] & ctype_digit) == 0;
+     case ESC_D:
+     return item <= 127 && (cd->ctypes[item] & ctype_digit) != 0;
+     case ESC_s:
+     return item > 127 || (cd->ctypes[item] & ctype_space) == 0;
+     case ESC_S:
+     return item <= 127 && (cd->ctypes[item] & ctype_space) != 0;
+     case ESC_w:
+     return item > 127 || (cd->ctypes[item] & ctype_word) == 0;
+     case ESC_W:
+     return item <= 127 && (cd->ctypes[item] & ctype_word) != 0;
+     case ESC_h:
+     case ESC_H:
+     switch(item)
+       {
+       case 0x09:
+       case 0x20:
+       case 0xa0:
+       case 0x1680:
+       case 0x180e:
+       case 0x2000:
+       case 0x2001:
+       case 0x2002:
+       case 0x2003:
+       case 0x2004:
+       case 0x2005:
+       case 0x2006:
+       case 0x2007:
+       case 0x2008:
+       case 0x2009:
+       case 0x200A:
+       case 0x202f:
+       case 0x205f:
+       case 0x3000:
+       return -next != ESC_h;
+       default:
+       return -next == ESC_h;
+       }
+     case ESC_v:
+     case ESC_V:
+     switch(item)
+       {
+       case 0x0a:
+       case 0x0b:
+       case 0x0c:
+       case 0x0d:
+       case 0x85:
+       case 0x2028:
+       case 0x2029:
+       return -next != ESC_v;
+       default:
+       return -next == ESC_v;
+       }
+     default:
+     return FALSE;
+     }
+   case OP_DIGIT:
+   return next == -ESC_D || next == -ESC_s || next == -ESC_W ||
+          next == -ESC_h || next == -ESC_v;
+   case OP_NOT_DIGIT:
+   return next == -ESC_d;
+   case OP_WHITESPACE:
+   return next == -ESC_S || next == -ESC_d || next == -ESC_w;
+   case OP_NOT_WHITESPACE:
+   return next == -ESC_s || next == -ESC_h || next == -ESC_v;
+   case OP_HSPACE:
+   return next == -ESC_S || next == -ESC_H || next == -ESC_d || next == -ESC_w;
+   case OP_NOT_HSPACE:
+   return next == -ESC_h;
+   /* Can't have \S in here because VT matches \S (Perl anomaly) */
+   case OP_VSPACE:
+   return next == -ESC_V || next == -ESC_d || next == -ESC_w;
+   case OP_NOT_VSPACE:
+   return next == -ESC_v;
+   case OP_WORDCHAR:
+   return next == -ESC_W || next == -ESC_s || next == -ESC_h || next == -ESC_v;
+   case OP_NOT_WORDCHAR:
+   return next == -ESC_w || next == -ESC_d;
+   default:
+   return FALSE;
+   }
+ /* Control does not reach here */
+ }
+ /*************************************************
+ *           Compile one branch                   *
+ *************************************************/
+ /* Scan the pattern, compiling it into the a vector. If the options are
+ changed during the branch, the pointer is used to change the external options
+ bits. This function is used during the pre-compile phase when we are trying
+ to find out the amount of memory needed, as well as during the real compile
+ phase. The value of lengthptr distinguishes the two phases.
+ Arguments:
+   optionsptr     pointer to the option bits
+   codeptr        points to the pointer to the current code point
+   ptrptr         points to the current pattern pointer
+   errorcodeptr   points to error code variable
+   firstbyteptr   set to initial literal character, or < 0 (REQ_UNSET, REQ_NONE)
+   reqbyteptr     set to the last literal character required, else < 0
+   bcptr          points to current branch chain
+   cd             contains pointers to tables etc.
+   lengthptr      NULL during the real compile phase
+                  points to length accumulator during pre-compile phase
+ Returns:         TRUE on success
+                  FALSE, with *errorcodeptr set non-zero on error
+ */
+ static BOOL
+ compile_branch(int *optionsptr, uschar **codeptr, const uschar **ptrptr,
+   int *errorcodeptr, int *firstbyteptr, int *reqbyteptr, branch_chain *bcptr,
+   compile_data *cd, int *lengthptr)
+ {
+ int repeat_type, op_type;
+ int repeat_min = 0, repeat_max = 0;      /* To please picky compilers */
+ int bravalue = 0;
+ int greedy_default, greedy_non_default;
+ int firstbyte, reqbyte;
+ int zeroreqbyte, zerofirstbyte;
+ int req_caseopt, reqvary, tempreqvary;
+ int options = *optionsptr;
+ int after_manual_callout = 0;
+ int length_prevgroup = 0;
+ register int c;
+ register uschar *code = *codeptr;
+ uschar *last_code = code;
+ uschar *orig_code = code;
+ uschar *tempcode;
+ BOOL inescq = FALSE;
+ BOOL groupsetfirstbyte = FALSE;
+ const uschar *ptr = *ptrptr;
+ const uschar *tempptr;
+ uschar *previous = NULL;
+ uschar *previous_callout = NULL;
+ uschar *save_hwm = NULL;
+ uschar classbits[32];
+ #ifdef SUPPORT_UTF8
+ BOOL class_utf8;
+ BOOL utf8 = (options & PCRE_UTF8) != 0;
+ uschar *class_utf8data;
+ uschar utf8_char[6];
+ #else
+ BOOL utf8 = FALSE;
+ uschar *utf8_char = NULL;
+ #endif
+ #ifdef DEBUG
+ if (lengthptr != NULL) DPRINTF((">> start branch\n"));
+ #endif
+ /* Set up the default and non-default settings for greediness */
+ greedy_default = ((options & PCRE_UNGREEDY) != 0);
+ greedy_non_default = greedy_default ^ 1;
+ /* Initialize no first byte, no required byte. REQ_UNSET means "no char
+ matching encountered yet". It gets changed to REQ_NONE if we hit something that
+ matches a non-fixed char first char; reqbyte just remains unset if we never
+ find one.
+ When we hit a repeat whose minimum is zero, we may have to adjust these values
+ to take the zero repeat into account. This is implemented by setting them to
+ zerofirstbyte and zeroreqbyte when such a repeat is encountered. The individual
+ item types that can be repeated set these backoff variables appropriately. */
+ firstbyte = reqbyte = zerofirstbyte = zeroreqbyte = REQ_UNSET;
+ /* The variable req_caseopt contains either the REQ_CASELESS value or zero,
+ according to the current setting of the caseless flag. REQ_CASELESS is a bit
+ value > 255. It is added into the firstbyte or reqbyte variables to record the
+ case status of the value. This is used only for ASCII characters. */
+ req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
+ /* Switch on next character until the end of the branch */
+ for (;; ptr++)
+   {
+   BOOL negate_class;
+   BOOL possessive_quantifier;
+   BOOL is_quantifier;
+   BOOL is_recurse;
+   BOOL reset_bracount;
+   int class_charcount;
+   int class_lastchar;
+   int newoptions;
+   int recno;
+   int refsign;
+   int skipbytes;
+   int subreqbyte;
+   int subfirstbyte;
+   int terminator;
+   int mclength;
+   uschar mcbuffer[8];
+   /* Get next byte in the pattern */
+   c = *ptr;
+   /* If we are in the pre-compile phase, accumulate the length used for the
+   previous cycle of this loop. */
+   if (lengthptr != NULL)
+     {
+ #ifdef DEBUG
+     if (code > cd->hwm) cd->hwm = code;                 /* High water info */
+ #endif
+     if (code > cd->start_workspace + COMPILE_WORK_SIZE) /* Check for overrun */
+       {
+       *errorcodeptr = ERR52;
+       goto FAILED;
+       }
+     /* There is at least one situation where code goes backwards: this is the
+     case of a zero quantifier after a class (e.g. [ab]{0}). At compile time,
+     the class is simply eliminated. However, it is created first, so we have to
+     allow memory for it. Therefore, don't ever reduce the length at this point.
+     */
+     if (code < last_code) code = last_code;
+     /* Paranoid check for integer overflow */
+     if (OFLOW_MAX - *lengthptr < code - last_code)
+       {
+       *errorcodeptr = ERR20;
+       goto FAILED;
+       }
+     *lengthptr += code - last_code;
+     DPRINTF(("length=%d added %d c=%c\n", *lengthptr, code - last_code, c));
+     /* If "previous" is set and it is not at the start of the work space, move
+     it back to there, in order to avoid filling up the work space. Otherwise,
+     if "previous" is NULL, reset the current code pointer to the start. */
+     if (previous != NULL)
+       {
+       if (previous > orig_code)
+         {
+         memmove(orig_code, previous, code - previous);
+         code -= previous - orig_code;
+         previous = orig_code;
+         }
+       }
+     else code = orig_code;
+     /* Remember where this code item starts so we can pick up the length
+     next time round. */
+     last_code = code;
+     }
+   /* In the real compile phase, just check the workspace used by the forward
+   reference list. */
+   else if (cd->hwm > cd->start_workspace + COMPILE_WORK_SIZE)
+     {
+     *errorcodeptr = ERR52;
+     goto FAILED;
+     }
+   /* If in \Q...\E, check for the end; if not, we have a literal */
+   if (inescq && c != 0)
+     {
+     if (c == '\\' && ptr[1] == 'E')
+       {
+       inescq = FALSE;
+       ptr++;
+       continue;
+       }
+     else
+       {
+       if (previous_callout != NULL)
+         {
+         if (lengthptr == NULL)  /* Don't attempt in pre-compile phase */
+           complete_callout(previous_callout, ptr, cd);
          previous_callout = NULL;
          }
        if ((options & PCRE_AUTO_CALLOUT) != 0)
-Line 1713 
 for (;; ptr++)
+Line 2441 
 for (;; ptr++)
    if (!is_quantifier && previous_callout != NULL &&
         after_manual_callout-- <= 0)
      {
-     complete_callout(previous_callout, ptr, cd);
+     if (lengthptr == NULL)      /* Don't attempt in pre-compile phase */
+       complete_callout(previous_callout, ptr, cd);
      previous_callout = NULL;
      }
-Line 1724 
 for (;; ptr++)
+Line 2453 
 for (;; ptr++)
      if ((cd->ctypes[c] & ctype_space) != 0) continue;
      if (c == '#')
        {
-       while (*(++ptr) != 0) if (IS_NEWLINE(ptr)) break;
+       while (*(++ptr) != 0)
-       if (*ptr != 0)
          {
-         ptr += cd->nllen - 1;
+         if (IS_NEWLINE(ptr)) { ptr += cd->nllen - 1; break; }
-         continue;
          }
+       if (*ptr != 0) continue;
        /* Else fall through to handle end of string */
        c = 0;
        }
-Line 1745 
 for (;; ptr++)
+Line 2474 
 for (;; ptr++)
    switch(c)
      {
-     /* The branch terminates at end of string, |, or ). */
+     /* ===================================================================*/
+     case 0:                        /* The branch terminates at string end */
-     case 0:
+     case '|':                      /* or | or ) */
-     case '|':
      case ')':
      *firstbyteptr = firstbyte;
      *reqbyteptr = reqbyte;
      *codeptr = code;
      *ptrptr = ptr;
+     if (lengthptr != NULL)
+       {
+       if (OFLOW_MAX - *lengthptr < code - last_code)
+         {
+         *errorcodeptr = ERR20;
+         goto FAILED;
+         }
+       *lengthptr += code - last_code;   /* To include callout length */
+       DPRINTF((">> end branch\n"));
+       }
      return TRUE;
+     /* ===================================================================*/
      /* Handle single-character metacharacters. In multiline mode, ^ disables
      the setting of any following char as a first character. */
-Line 1784 
 for (;; ptr++)
+Line 2524 
 for (;; ptr++)
      *code++ = OP_ANY;
      break;
+     /* ===================================================================*/
      /* Character classes. If the included characters are all < 256, we build a
 -byte bitmap of the permitted characters, except in the special case
      where there is only one such character. For negated classes, we build the
-Line 1809 
 for (;; ptr++)
+Line 2551 
 for (;; ptr++)
        goto FAILED;
        }
-     /* If the first character is '^', set the negation flag and skip it. */
+     /* If the first character is '^', set the negation flag and skip it. Also,
+     if the first few characters (either before or after ^) are \Q\E or \E we
+     skip them too. This makes for compatibility with Perl. */
-     if ((c = *(++ptr)) == '^')
+     negate_class = FALSE;
+     for (;;)
        {
-       negate_class = TRUE;
        c = *(++ptr);
-       }
+       if (c == '\\')
-     else
+         {
-       {
+         if (ptr[1] == 'E') ptr++;
-       negate_class = FALSE;
+           else if (strncmp((const char *)ptr+1, "Q\\E", 3) == 0) ptr += 3;
+             else break;
+         }
+       else if (!negate_class && c == '^')
+         negate_class = TRUE;
+       else break;
        }
      /* Keep a count of chars with values < 256 so that we can optimize the case
-     of just a single character (as long as it's < 256). For higher valued UTF-8
+     of just a single character (as long as it's < 256). However, For higher
-     characters, we don't yet do any optimization. */
+     valued UTF-8 characters, we don't yet do any optimization. */
      class_charcount = 0;
      class_lastchar = -1;
+     /* Initialize the 32-char bit map to all zeros. We build the map in a
+     temporary bit of memory, in case the class contains only 1 character (less
+     than 256), because in that case the compiled code doesn't use the bit map.
+     */
+     memset(classbits, 0, 32 * sizeof(uschar));
  #ifdef SUPPORT_UTF8
      class_utf8 = FALSE;                       /* No chars >= 256 */
-     class_utf8data = code + LINK_SIZE + 34;   /* For UTF-8 items */
+     class_utf8data = code + LINK_SIZE + 2;    /* For UTF-8 items */
  #endif
-     /* Initialize the 32-char bit map to all zeros. We have to build the
-     map in a temporary bit of store, in case the class contains only 1
-     character (< 256), because in that case the compiled code doesn't use the
-     bit map. */
-     memset(classbits, 0, 32 * sizeof(uschar));
      /* Process characters until ] is reached. By writing this as a "do" it
-     means that an initial ] is taken as a data character. The first pass
+     means that an initial ] is taken as a data character. At the start of the
-     through the regex checked the overall syntax, so we don't need to be very
+     loop, c contains the first byte of the character. */
-     strict here. At the start of the loop, c contains the first byte of the
-     character. */
-     do
+     if (c != 0) do
        {
+       const uschar *oldptr;
  #ifdef SUPPORT_UTF8
        if (utf8 && c > 127)
          {                           /* Braces are required because the */
-Line 1859 
 for (;; ptr++)
+Line 2608 
 for (;; ptr++)
        if (inescq)
          {
-         if (c == '\\' && ptr[1] == 'E')
+         if (c == '\\' && ptr[1] == 'E')     /* If we are at \E */
            {
-           inescq = FALSE;
+           inescq = FALSE;                   /* Reset literal state */
-           ptr++;
+           ptr++;                            /* Skip the 'E' */
-           continue;
+           continue;                         /* Carry on with next */
            }
-         else goto LONE_SINGLE_CHARACTER;
+         goto CHECK_RANGE;                   /* Could be range if \E follows */
          }
        /* Handle POSIX class names. Perl allows a negation extension of the
-Line 1956 
 for (;; ptr++)
+Line 2705 
 for (;; ptr++)
          }
        /* Backslash may introduce a single character, or it may introduce one
-       of the specials, which just set a flag. Escaped items are checked for
+       of the specials, which just set a flag. The sequence \b is a special
-       validity in the pre-compiling pass. The sequence \b is a special case.
+       case. Inside a class (and only there) it is treated as backspace.
-       Inside a class (and only there) it is treated as backspace. Elsewhere
+       Elsewhere it marks a word boundary. Other escapes have preset maps ready
-       it marks a word boundary. Other escapes have preset maps ready to
+       to 'or' into the one we are building. We assume they have more than one
-       or into the one we are building. We assume they have more than one
        character in them, so set class_charcount bigger than one. */
        if (c == '\\')
          {
-         c = check_escape(&ptr, errorcodeptr, *brackets, options, TRUE);
+         c = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
+         if (*errorcodeptr != 0) goto FAILED;
          if (-c == ESC_b) c = '\b';       /* \b is backslash in a class */
          else if (-c == ESC_X) c = 'X';   /* \X is literal X in a class */
+         else if (-c == ESC_R) c = 'R';   /* \R is literal R in a class */
          else if (-c == ESC_Q)            /* Handle start of quoted string */
            {
            if (ptr[1] == '\\' && ptr[2] == 'E')
-Line 1978 
 for (;; ptr++)
+Line 2728 
 for (;; ptr++)
            else inescq = TRUE;
            continue;
            }
+         else if (-c == ESC_E) continue;  /* Ignore orphan \E */
          if (c < 0)
            {
            register const uschar *cbits = cd->cbits;
            class_charcount += 2;     /* Greater than 1 is what matters */
-           switch (-c)
+           /* Save time by not doing this in the pre-compile phase. */
+           if (lengthptr == NULL) switch (-c)
              {
              case ESC_d:
              for (c = 0; c < 32; c++) classbits[c] |= cbits[c+cbit_digit];
-Line 2011 
 for (;; ptr++)
+Line 2765 
 for (;; ptr++)
              classbits[1] |= 0x08;    /* Perl 5.004 onwards omits VT from \s */
              continue;
- #ifdef SUPPORT_UCP
+             case ESC_E: /* Perl ignores an orphan \E */
-             case ESC_p:
+             continue;
-             case ESC_P:
+             default:    /* Not recognized; fall through */
+             break;      /* Need "default" setting to stop compiler warning. */
+             }
+           /* In the pre-compile phase, just do the recognition. */
+           else if (c == -ESC_d || c == -ESC_D || c == -ESC_w ||
+                    c == -ESC_W || c == -ESC_s || c == -ESC_S) continue;
+           /* We need to deal with \H, \h, \V, and \v in both phases because
+           they use extra memory. */
+           if (-c == ESC_h)
+             {
+             SETBIT(classbits, 0x09); /* VT */
+             SETBIT(classbits, 0x20); /* SPACE */
+             SETBIT(classbits, 0xa0); /* NSBP */
+ #ifdef SUPPORT_UTF8
+             if (utf8)
                {
-               BOOL negated;
-               int pdata;
-               int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
-               if (ptype < 0) goto FAILED;
                class_utf8 = TRUE;
-               *class_utf8data++ = ((-c == ESC_p) != negated)?
+               *class_utf8data++ = XCL_SINGLE;
-                 XCL_PROP : XCL_NOTPROP;
+               class_utf8data += _pcre_ord2utf8(0x1680, class_utf8data);
-               *class_utf8data++ = ptype;
+               *class_utf8data++ = XCL_SINGLE;
-               *class_utf8data++ = pdata;
+               class_utf8data += _pcre_ord2utf8(0x180e, class_utf8data);
-               class_charcount -= 2;   /* Not a < 256 character */
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2000, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x200A, class_utf8data);
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x202f, class_utf8data);
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x205f, class_utf8data);
+               *class_utf8data++ = XCL_SINGLE;
+               class_utf8data += _pcre_ord2utf8(0x3000, class_utf8data);
                }
-             continue;
  #endif
+             continue;
+             }
-             /* Unrecognized escapes are faulted if PCRE is running in its
+           if (-c == ESC_H)
-             strict mode. By default, for compatibility with Perl, they are
+             {
-             treated as literals. */
+             for (c = 0; c < 32; c++)
+               {
+               int x = 0xff;
+               switch (c)
+                 {
+                 case 0x09/8: x ^= 1 << (0x09%8); break;
+                 case 0x20/8: x ^= 1 << (0x20%8); break;
+                 case 0xa0/8: x ^= 1 << (0xa0%8); break;
+                 default: break;
+                 }
+               classbits[c] |= x;
+               }
-             default:
+ #ifdef SUPPORT_UTF8
-             if ((options & PCRE_EXTRA) != 0)
+             if (utf8)
                {
-               *errorcodeptr = ERR7;
+               class_utf8 = TRUE;
-               goto FAILED;
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x167f, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x1681, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x180d, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x180f, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x1fff, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x200B, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x202e, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2030, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x205e, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2060, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x2fff, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x3001, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
                }
-             c = *ptr;              /* The final character */
+ #endif
-             class_charcount -= 2;  /* Undo the default count from above */
+             continue;
              }
-           }
+           if (-c == ESC_v)
-         /* Fall through if we have a single character (c >= 0). This may be
+             {
-         > 256 in UTF-8 mode. */
+             SETBIT(classbits, 0x0a); /* LF */
+             SETBIT(classbits, 0x0b); /* VT */
+             SETBIT(classbits, 0x0c); /* FF */
+             SETBIT(classbits, 0x0d); /* CR */
+             SETBIT(classbits, 0x85); /* NEL */
+ #ifdef SUPPORT_UTF8
+             if (utf8)
+               {
+               class_utf8 = TRUE;
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2028, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
+               }
+ #endif
+             continue;
+             }
+           if (-c == ESC_V)
+             {
+             for (c = 0; c < 32; c++)
+               {
+               int x = 0xff;
+               switch (c)
+                 {
+                 case 0x0a/8: x ^= 1 << (0x0a%8);
+                              x ^= 1 << (0x0b%8);
+                              x ^= 1 << (0x0c%8);
+                              x ^= 1 << (0x0d%8);
+                              break;
+                 case 0x85/8: x ^= 1 << (0x85%8); break;
+                 default: break;
+                 }
+               classbits[c] |= x;
+               }
+ #ifdef SUPPORT_UTF8
+             if (utf8)
+               {
+               class_utf8 = TRUE;
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x0100, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x2027, class_utf8data);
+               *class_utf8data++ = XCL_RANGE;
+               class_utf8data += _pcre_ord2utf8(0x2029, class_utf8data);
+               class_utf8data += _pcre_ord2utf8(0x7fffffff, class_utf8data);
+               }
+ #endif
+             continue;
+             }
+           /* We need to deal with \P and \p in both phases. */
+ #ifdef SUPPORT_UCP
+           if (-c == ESC_p || -c == ESC_P)
+             {
+             BOOL negated;
+             int pdata;
+             int ptype = get_ucp(&ptr, &negated, &pdata, errorcodeptr);
+             if (ptype < 0) goto FAILED;
+             class_utf8 = TRUE;
+             *class_utf8data++ = ((-c == ESC_p) != negated)?
+               XCL_PROP : XCL_NOTPROP;
+             *class_utf8data++ = ptype;
+             *class_utf8data++ = pdata;
+             class_charcount -= 2;   /* Not a < 256 character */
+             continue;
+             }
+ #endif
+           /* Unrecognized escapes are faulted if PCRE is running in its
+           strict mode. By default, for compatibility with Perl, they are
+           treated as literals. */
+           if ((options & PCRE_EXTRA) != 0)
+             {
+             *errorcodeptr = ERR7;
+             goto FAILED;
+             }
+           class_charcount -= 2;  /* Undo the default count from above */
+           c = *ptr;              /* Get the final character and fall through */
+           }
+         /* Fall through if we have a single character (c >= 0). This may be
+         greater than 256 in UTF-8 mode. */
          }   /* End of backslash handling */
        /* A single character may be followed by '-' to form a range. However,
        Perl does not permit ']' to be the end of the range. A '-' character
-       here is treated as a literal. */
+       at the end is treated as a literal. Perl ignores orphaned \E sequences
+       entirely. The code for handling \Q and \E is messy. */
+       CHECK_RANGE:
+       while (ptr[1] == '\\' && ptr[2] == 'E')
+         {
+         inescq = FALSE;
+         ptr += 2;
+         }
+       oldptr = ptr;
-       if (ptr[1] == '-' && ptr[2] != ']')
+       if (!inescq && ptr[1] == '-')
          {
          int d;
          ptr += 2;
+         while (*ptr == '\\' && ptr[1] == 'E') ptr += 2;
+         /* If we hit \Q (not followed by \E) at this point, go into escaped
+         mode. */
+         while (*ptr == '\\' && ptr[1] == 'Q')
+           {
+           ptr += 2;
+           if (*ptr == '\\' && ptr[1] == 'E') { ptr += 2; continue; }
+           inescq = TRUE;
+           break;
+           }
+         if (*ptr == 0 || (!inescq && *ptr == ']'))
+           {
+           ptr = oldptr;
+           goto LONE_SINGLE_CHARACTER;
+           }
  #ifdef SUPPORT_UTF8
          if (utf8)
-Line 2071 
 for (;; ptr++)
+Line 2991 
 for (;; ptr++)
          not any of the other escapes. Perl 5.6 treats a hyphen as a literal
          in such circumstances. */
-         if (d == '\\')
+         if (!inescq && d == '\\')
            {
-           const uschar *oldptr = ptr;
+           d = check_escape(&ptr, errorcodeptr, cd->bracount, options, TRUE);
-           d = check_escape(&ptr, errorcodeptr, *brackets, options, TRUE);
+           if (*errorcodeptr != 0) goto FAILED;
-           /* \b is backslash; \X is literal X; any other special means the '-'
+           /* \b is backslash; \X is literal X; \R is literal R; any other
-           was literal */
+           special means the '-' was literal */
            if (d < 0)
              {
              if (d == -ESC_b) d = '\b';
-             else if (d == -ESC_X) d = 'X'; else
+             else if (d == -ESC_X) d = 'X';
+             else if (d == -ESC_R) d = 'R'; else
                {
-               ptr = oldptr - 2;
+               ptr = oldptr;
                goto LONE_SINGLE_CHARACTER;  /* A few lines below */
                }
              }
            }
-         /* The check that the two values are in the correct order happens in
+         /* Check that the two values are in the correct order. Optimize
-         the pre-pass. Optimize one-character ranges */
+         one-character ranges */
+         if (d < c)
+           {
+           *errorcodeptr = ERR8;
+           goto FAILED;
+           }
          if (d == c) goto LONE_SINGLE_CHARACTER;  /* A few lines below */
-Line 2112 
 for (;; ptr++)
+Line 3039 
 for (;; ptr++)
  #ifdef SUPPORT_UCP
            if ((options & PCRE_CASELESS) != 0)
              {
-             int occ, ocd;
+             unsigned int occ, ocd;
-             int cc = c;
+             unsigned int cc = c;
-             int origd = d;
+             unsigned int origd = d;
              while (get_othercase_range(&cc, origd, &occ, &ocd))
                {
-               if (occ >= c && ocd <= d) continue;  /* Skip embedded ranges */
+               if (occ >= (unsigned int)c &&
+                   ocd <= (unsigned int)d)
+                 continue;                          /* Skip embedded ranges */
-               if (occ < c  && ocd >= c - 1)        /* Extend the basic range */
+               if (occ < (unsigned int)c  &&
+                   ocd >= (unsigned int)c - 1)      /* Extend the basic range */
                  {                                  /* if there is overlap,   */
                  c = occ;                           /* noting that if occ < c */
                  continue;                          /* we can't have ocd > d  */
                  }                                  /* because a subrange is  */
-               if (ocd > d && occ <= d + 1)         /* always shorter than    */
+               if (ocd > (unsigned int)d &&
+                   occ <= (unsigned int)d + 1)      /* always shorter than    */
                  {                                  /* the basic range.       */
                  d = ocd;
                  continue;
-Line 2172 
 for (;; ptr++)
+Line 3103 
 for (;; ptr++)
          ranges that lie entirely within 0-127 when there is UCP support; else
          for partial ranges without UCP support. */
-         for (; c <= d; c++)
+         class_charcount += d - c + 1;
+         class_lastchar = d;
+         /* We can save a bit of time by skipping this in the pre-compile. */
+         if (lengthptr == NULL) for (; c <= d; c++)
            {
            classbits[c/8] |= (1 << (c&7));
            if ((options & PCRE_CASELESS) != 0)
-Line 2180 
 for (;; ptr++)
+Line 3116 
 for (;; ptr++)
              int uc = cd->fcc[c];           /* flip case */
              classbits[uc/8] |= (1 << (uc&7));
              }
-           class_charcount++;                /* in case a one-char range */
-           class_lastchar = c;
            }
          continue;   /* Go get the next char in the class */
-Line 2205 
 for (;; ptr++)
+Line 3139 
 for (;; ptr++)
  #ifdef SUPPORT_UCP
          if ((options & PCRE_CASELESS) != 0)
            {
-           int othercase;
+           unsigned int othercase;
-           if ((othercase = _pcre_ucp_othercase(c)) >= 0)
+           if ((othercase = _pcre_ucp_othercase(c)) != NOTACHAR)
              {
              *class_utf8data++ = XCL_SINGLE;
              class_utf8data += _pcre_ord2utf8(othercase, class_utf8data);
-Line 2231 
 for (;; ptr++)
+Line 3165 
 for (;; ptr++)
          }
        }
-     /* Loop until ']' reached; the check for end of string happens inside the
+     /* Loop until ']' reached. This "while" is the end of the "do" above. */
-     loop. This "while" is the end of the "do" above. */
+     while ((c = *(++ptr)) != 0 && (c != ']' || inescq));
-     while ((c = *(++ptr)) != ']' || inescq);
+     if (c == 0)                          /* Missing terminating ']' */
+       {
+       *errorcodeptr = ERR6;
+       goto FAILED;
+       }
      /* If class_charcount is 1, we saw precisely one character whose value is
      less than 256. In non-UTF-8 mode we can always optimize. In UTF-8 mode, we
-Line 2298 
 for (;; ptr++)
+Line 3237 
 for (;; ptr++)
      /* If there are characters with values > 255, we have to compile an
      extended class, with its own opcode. If there are no characters < 256,
-     we can omit the bitmap. */
+     we can omit the bitmap in the actual compiled code. */
  #ifdef SUPPORT_UTF8
      if (class_utf8)
-Line 2308 
 for (;; ptr++)
+Line 3247 
 for (;; ptr++)
        code += LINK_SIZE;
        *code = negate_class? XCL_NOT : 0;
-       /* If the map is required, install it, and move on to the end of
+       /* If the map is required, move up the extra data to make room for it;
-       the extra data */
+       otherwise just move the code pointer to the end of the extra data. */
        if (class_charcount > 0)
          {
          *code++ |= XCL_MAP;
+         memmove(code + 32, code, class_utf8data - code);
          memcpy(code, classbits, 32);
-         code = class_utf8data;
+         code = class_utf8data + 32;
-         }
-       /* If the map is not required, slide down the extra data. */
-       else
-         {
-         int len = class_utf8data - (code + 33);
-         memmove(code + 1, code + 33, len);
-         code += len + 1;
          }
+       else code = class_utf8data;
        /* Now fill in the complete length of the item */
-Line 2342 
 for (;; ptr++)
+Line 3274 
 for (;; ptr++)
      if (negate_class)
        {
        *code++ = OP_NCLASS;
-       for (c = 0; c < 32; c++) code[c] = ~classbits[c];
+       if (lengthptr == NULL)    /* Save time in the pre-compile phase */
+         for (c = 0; c < 32; c++) code[c] = ~classbits[c];
        }
      else
        {
-Line 2352 
 for (;; ptr++)
+Line 3285 
 for (;; ptr++)
      code += 32;
      break;
+     /* ===================================================================*/
      /* Various kinds of repeat; '{' is not necessarily a quantifier, but this
      has been tested above. */
-Line 2419 
 for (;; ptr++)
+Line 3354 
 for (;; ptr++)
        }
      else repeat_type = greedy_default;
-     /* If previous was a recursion, we need to wrap it inside brackets so that
-     it can be replicated if necessary. */
-     if (*previous == OP_RECURSE)
-       {
-       memmove(previous + 1 + LINK_SIZE, previous, 1 + LINK_SIZE);
-       code += 1 + LINK_SIZE;
-       *previous = OP_BRA;
-       PUT(previous, 1, code - previous);
-       *code = OP_KET;
-       PUT(code, 1, code - previous);
-       code += 1 + LINK_SIZE;
-       }
      /* If previous was a character match, abolish the item and generate a
      repeat item instead. If a char item has a minumum of more than one, ensure
      that it is set in reqbyte - it might not be if a sequence such as x{3} is
-Line 2466 
 for (;; ptr++)
+Line 3387 
 for (;; ptr++)
          if (repeat_min > 1) reqbyte = c | req_caseopt | cd->req_varyopt;
          }
+       /* If the repetition is unlimited, it pays to see if the next thing on
+       the line is something that cannot possibly match this character. If so,
+       automatically possessifying this item gains some performance in the case
+       where the match fails. */
+       if (!possessive_quantifier &&
+           repeat_max < 0 &&
+           check_auto_possessive(*previous, c, utf8, utf8_char, ptr + 1,
+             options, cd))
+         {
+         repeat_type = 0;    /* Force greedy */
+         possessive_quantifier = TRUE;
+         }
        goto OUTPUT_SINGLE_REPEAT;   /* Code shared with single character types */
        }
      /* If previous was a single negated character ([^a] or similar), we use
      one of the special opcodes, replacing it. The code is shared with single-
      character repeats by setting opt_type to add a suitable offset into
-     repeat_type. OP_NOT is currently used only for single-byte chars. */
+     repeat_type. We can also test for auto-possessification. OP_NOT is
+     currently used only for single-byte chars. */
      else if (*previous == OP_NOT)
        {
        op_type = OP_NOTSTAR - OP_STAR;  /* Use "not" opcodes */
        c = previous[1];
+       if (!possessive_quantifier &&
+           repeat_max < 0 &&
+           check_auto_possessive(OP_NOT, c, utf8, NULL, ptr + 1, options, cd))
+         {
+         repeat_type = 0;    /* Force greedy */
+         possessive_quantifier = TRUE;
+         }
        goto OUTPUT_SINGLE_REPEAT;
        }
-Line 2495 
 for (;; ptr++)
+Line 3438 
 for (;; ptr++)
        op_type = OP_TYPESTAR - OP_STAR;  /* Use type opcodes */
        c = *previous;
+       if (!possessive_quantifier &&
+           repeat_max < 0 &&
+           check_auto_possessive(c, 0, utf8, NULL, ptr + 1, options, cd))
+         {
+         repeat_type = 0;    /* Force greedy */
+         possessive_quantifier = TRUE;
+         }
        OUTPUT_SINGLE_REPEAT:
        if (*previous == OP_PROP || *previous == OP_NOTPROP)
          {
-Line 2535 
 for (;; ptr++)
+Line 3486 
 for (;; ptr++)
          }
        /* A repeat minimum of 1 is optimized into some special cases. If the
-       maximum is unlimited, we use OP_PLUS. Otherwise, the original item it
+       maximum is unlimited, we use OP_PLUS. Otherwise, the original item is
        left in place and, if the maximum is greater than 1, we use OP_UPTO with
        one less than the maximum. */
-Line 2588 
 for (;; ptr++)
+Line 3539 
 for (;; ptr++)
            }
          /* Else insert an UPTO if the max is greater than the min, again
-         preceded by the character, for the previously inserted code. */
+         preceded by the character, for the previously inserted code. If the
+         UPTO is just for 1 instance, we can use QUERY instead. */
          else if (repeat_max != repeat_min)
            {
-Line 2607 
 for (;; ptr++)
+Line 3559 
 for (;; ptr++)
              *code++ = prop_value;
              }
            repeat_max -= repeat_min;
-           *code++ = OP_UPTO + repeat_type;
-           PUT2INC(code, 0, repeat_max);
+           if (repeat_max == 1)
+             {
+             *code++ = OP_QUERY + repeat_type;
+             }
+           else
+             {
+             *code++ = OP_UPTO + repeat_type;
+             PUT2INC(code, 0, repeat_max);
+             }
            }
          }
-Line 2675 
 for (;; ptr++)
+Line 3635 
 for (;; ptr++)
      /* If previous was a bracket group, we may have to replicate it in certain
      cases. */
-     else if (*previous >= OP_BRA || *previous == OP_ONCE ||
+     else if (*previous == OP_BRA  || *previous == OP_CBRA ||
-              *previous == OP_COND)
+              *previous == OP_ONCE || *previous == OP_COND)
        {
        register int i;
        int ketoffset = 0;
        int len = code - previous;
        uschar *bralink = NULL;
+       /* Repeating a DEFINE group is pointless */
+       if (*previous == OP_COND && previous[LINK_SIZE+1] == OP_DEF)
+         {
+         *errorcodeptr = ERR55;
+         goto FAILED;
+         }
        /* If the maximum repeat count is unlimited, find the end of the bracket
        by scanning through from the start, and compute the offset back to it
        from the current code pointer. There may be an OP_OPT setting following
-Line 2717 
 for (;; ptr++)
+Line 3685 
 for (;; ptr++)
          /* If the maximum is 1 or unlimited, we just have to stick in the
          BRAZERO and do no more at this point. However, we do need to adjust
          any OP_RECURSE calls inside the group that refer to the group itself or
-         any internal group, because the offset is from the start of the whole
+         any internal or forward referenced group, because the offset is from
-         regex. Temporarily terminate the pattern while doing this. */
+         the start of the whole regex. Temporarily terminate the pattern while
+         doing this. */
          if (repeat_max <= 1)
            {
            *code = OP_END;
-           adjust_recurse(previous, 1, utf8, cd);
+           adjust_recurse(previous, 1, utf8, cd, save_hwm);
            memmove(previous+1, previous, len);
            code++;
            *previous++ = OP_BRAZERO + repeat_type;
-Line 2741 
 for (;; ptr++)
+Line 3710 
 for (;; ptr++)
            {
            int offset;
            *code = OP_END;
-           adjust_recurse(previous, 2 + LINK_SIZE, utf8, cd);
+           adjust_recurse(previous, 2 + LINK_SIZE, utf8, cd, save_hwm);
            memmove(previous + 2 + LINK_SIZE, previous, len);
            code += 2 + LINK_SIZE;
            *previous++ = OP_BRAZERO + repeat_type;
-Line 2761 
 for (;; ptr++)
+Line 3730 
 for (;; ptr++)
        /* If the minimum is greater than zero, replicate the group as many
        times as necessary, and adjust the maximum to the number of subsequent
        copies that we need. If we set a first char from the group, and didn't
-       set a required char, copy the latter from the former. */
+       set a required char, copy the latter from the former. If there are any
+       forward reference subroutine calls in the group, there will be entries on
+       the workspace list; replicate these with an appropriate increment. */
        else
          {
          if (repeat_min > 1)
            {
-           if (groupsetfirstbyte && reqbyte < 0) reqbyte = firstbyte;
+           /* In the pre-compile phase, we don't actually do the replication. We
-           for (i = 1; i < repeat_min; i++)
+           just adjust the length as if we had. Do some paranoid checks for
+           potential integer overflow. */
+           if (lengthptr != NULL)
+             {
+             int delta = (repeat_min - 1)*length_prevgroup;
+             if ((double)(repeat_min - 1)*(double)length_prevgroup >
+                                                             (double)INT_MAX ||
+                 OFLOW_MAX - *lengthptr < delta)
+               {
+               *errorcodeptr = ERR20;
+               goto FAILED;
+               }
+             *lengthptr += delta;
+             }
+           /* This is compiling for real */
+           else
              {
-             memcpy(code, previous, len);
+             if (groupsetfirstbyte && reqbyte < 0) reqbyte = firstbyte;
-             code += len;
+             for (i = 1; i < repeat_min; i++)
+               {
+               uschar *hc;
+               uschar *this_hwm = cd->hwm;
+               memcpy(code, previous, len);
+               for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
+                 {
+                 PUT(cd->hwm, 0, GET(hc, 0) + len);
+                 cd->hwm += LINK_SIZE;
+                 }
+               save_hwm = this_hwm;
+               code += len;
+               }
              }
            }
          if (repeat_max > 0) repeat_max -= repeat_min;
          }
-Line 2781 
 for (;; ptr++)
+Line 3783 
 for (;; ptr++)
        the maximum is limited, it replicates the group in a nested fashion,
        remembering the bracket starts on a stack. In the case of a zero minimum,
        the first one was set up above. In all cases the repeat_max now specifies
-       the number of additional copies needed. */
+       the number of additional copies needed. Again, we must remember to
+       replicate entries on the forward reference list. */
        if (repeat_max >= 0)
          {
-         for (i = repeat_max - 1; i >= 0; i--)
+         /* In the pre-compile phase, we don't actually do the replication. We
+         just adjust the length as if we had. For each repetition we must add 1
+         to the length for BRAZERO and for all but the last repetition we must
+         add 2 + 2*LINKSIZE to allow for the nesting that occurs. Do some
+         paranoid checks to avoid integer overflow. */
+         if (lengthptr != NULL && repeat_max > 0)
+           {
+           int delta = repeat_max * (length_prevgroup + 1 + 2 + 2*LINK_SIZE) -
+- 2*LINK_SIZE;   /* Last one doesn't nest */
+           if ((double)repeat_max *
+                 (double)(length_prevgroup + 1 + 2 + 2*LINK_SIZE)
+                   > (double)INT_MAX ||
+               OFLOW_MAX - *lengthptr < delta)
+             {
+             *errorcodeptr = ERR20;
+             goto FAILED;
+             }
+           *lengthptr += delta;
+           }
+         /* This is compiling for real */
+         else for (i = repeat_max - 1; i >= 0; i--)
            {
+           uschar *hc;
+           uschar *this_hwm = cd->hwm;
            *code++ = OP_BRAZERO + repeat_type;
            /* All but the final copy start a new nesting, maintaining the
-Line 2802 
 for (;; ptr++)
+Line 3831 
 for (;; ptr++)
              }
            memcpy(code, previous, len);
+           for (hc = save_hwm; hc < this_hwm; hc += LINK_SIZE)
+             {
+             PUT(cd->hwm, 0, GET(hc, 0) + len + ((i != 0)? 2+LINK_SIZE : 1));
+             cd->hwm += LINK_SIZE;
+             }
+           save_hwm = this_hwm;
            code += len;
            }
-Line 2824 
 for (;; ptr++)
+Line 3859 
 for (;; ptr++)
        /* If the maximum is unlimited, set a repeater in the final copy. We
        can't just offset backwards from the current code point, because we
        don't know if there's been an options resetting after the ket. The
-       correct offset was computed above. */
+       correct offset was computed above.
-       else code[-ketoffset] = OP_KETRMAX + repeat_type;
+       Then, when we are doing the actual compile phase, check to see whether
+       this group is a non-atomic one that could match an empty string. If so,
+       convert the initial operator to the S form (e.g. OP_BRA -> OP_SBRA) so
+       that runtime checking can be done. [This check is also applied to
+       atomic groups at runtime, but in a different way.] */
+       else
+         {
+         uschar *ketcode = code - ketoffset;
+         uschar *bracode = ketcode - GET(ketcode, 1);
+         *ketcode = OP_KETRMAX + repeat_type;
+         if (lengthptr == NULL && *bracode != OP_ONCE)
+           {
+           uschar *scode = bracode;
+           do
+             {
+             if (could_be_empty_branch(scode, ketcode, utf8))
+               {
+               *bracode += OP_SBRA - OP_BRA;
+               break;
+               }
+             scode += GET(scode, 1);
+             }
+           while (*scode == OP_ALT);
+           }
+         }
        }
      /* Else there's some kind of shambles */
-Line 2837 
 for (;; ptr++)
+Line 3897 
 for (;; ptr++)
        goto FAILED;
        }
-     /* If the character following a repeat is '+', we wrap the entire repeated
+     /* If the character following a repeat is '+', or if certain optimization
-     item inside OP_ONCE brackets. This is just syntactic sugar, taken from
+     tests above succeeded, possessive_quantifier is TRUE. For some of the
-     Sun's Java package. The repeated item starts at tempcode, not at previous,
+     simpler opcodes, there is an special alternative opcode for this. For
-     which might be the first part of a string whose (former) last char we
+     anything else, we wrap the entire repeated item inside OP_ONCE brackets.
-     repeated. However, we don't support '+' after a greediness '?'. */
+     The '+' notation is just syntactic sugar, taken from Sun's Java package,
+     but the special opcodes can optimize it a bit. The repeated item starts at
+     tempcode, not at previous, which might be the first part of a string whose
+     (former) last char we repeated.
+     Possessifying an 'exact' quantifier has no effect, so we can ignore it. But
+     an 'upto' may follow. We skip over an 'exact' item, and then test the
+     length of what remains before proceeding. */
      if (possessive_quantifier)
        {
-       int len = code - tempcode;
+       int len;
-       memmove(tempcode + 1+LINK_SIZE, tempcode, len);
+       if (*tempcode == OP_EXACT || *tempcode == OP_TYPEEXACT ||
-       code += 1 + LINK_SIZE;
+           *tempcode == OP_NOTEXACT)
-       len += 1 + LINK_SIZE;
+         tempcode += _pcre_OP_lengths[*tempcode];
-       tempcode[0] = OP_ONCE;
+       len = code - tempcode;
-       *code++ = OP_KET;
+       if (len > 0) switch (*tempcode)
-       PUTINC(code, 0, len);
+         {
-       PUT(tempcode, 1, len);
+         case OP_STAR:  *tempcode = OP_POSSTAR; break;
+         case OP_PLUS:  *tempcode = OP_POSPLUS; break;
+         case OP_QUERY: *tempcode = OP_POSQUERY; break;
+         case OP_UPTO:  *tempcode = OP_POSUPTO; break;
+         case OP_TYPESTAR:  *tempcode = OP_TYPEPOSSTAR; break;
+         case OP_TYPEPLUS:  *tempcode = OP_TYPEPOSPLUS; break;
+         case OP_TYPEQUERY: *tempcode = OP_TYPEPOSQUERY; break;
+         case OP_TYPEUPTO:  *tempcode = OP_TYPEPOSUPTO; break;
+         case OP_NOTSTAR:  *tempcode = OP_NOTPOSSTAR; break;
+         case OP_NOTPLUS:  *tempcode = OP_NOTPOSPLUS; break;
+         case OP_NOTQUERY: *tempcode = OP_NOTPOSQUERY; break;
+         case OP_NOTUPTO:  *tempcode = OP_NOTPOSUPTO; break;
+         default:
+         memmove(tempcode + 1+LINK_SIZE, tempcode, len);
+         code += 1 + LINK_SIZE;
+         len += 1 + LINK_SIZE;
+         tempcode[0] = OP_ONCE;
+         *code++ = OP_KET;
+         PUTINC(code, 0, len);
+         PUT(tempcode, 1, len);
+         break;
+         }
        }
      /* In all case we no longer have a previous item. We also set the
-Line 2865 
 for (;; ptr++)
+Line 3956 
 for (;; ptr++)
      break;
-     /* Start of nested bracket sub-expression, or comment or lookahead or
+     /* ===================================================================*/
-     lookbehind or option setting or condition. First deal with special things
+     /* Start of nested parenthesized sub-expression, or comment or lookahead or
-     that can come after a bracket; all are introduced by ?, and the appearance
+     lookbehind or option setting or condition or all the other extended
-     of any of them means that this is not a referencing group. They were
+     parenthesis forms.  */
-     checked for validity in the first pass over the string, so we don't have to
-     check for syntax errors here.  */
      case '(':
      newoptions = options;
      skipbytes = 0;
+     bravalue = OP_CBRA;
+     save_hwm = cd->hwm;
+     reset_bracount = FALSE;
+     /* First deal with various "verbs" that can be introduced by '*'. */
+     if (*(++ptr) == '*' && (cd->ctypes[ptr[1]] & ctype_letter) != 0)
+       {
+       int i, namelen;
+       const uschar *name = ++ptr;
+       previous = NULL;
+       while ((cd->ctypes[*++ptr] & ctype_letter) != 0);
+       if (*ptr == ':')
+         {
+         *errorcodeptr = ERR59;   /* Not supported */
+         goto FAILED;
+         }
+       if (*ptr != ')')
+         {
+         *errorcodeptr = ERR60;
+         goto FAILED;
+         }
+       namelen = ptr - name;
+       for (i = 0; i < verbcount; i++)
+         {
+         if (namelen == verbs[i].len &&
+             strncmp((char *)name, verbs[i].name, namelen) == 0)
+           {
+           *code = verbs[i].op;
+           if (*code++ == OP_ACCEPT) cd->had_accept = TRUE;
+           break;
+           }
+         }
+       if (i < verbcount) continue;
+       *errorcodeptr = ERR60;
+       goto FAILED;
+       }
-     if (*(++ptr) == '?')
+     /* Deal with the extended parentheses; all are introduced by '?', and the
+     appearance of any of them means that this is not a capturing group. */
+     else if (*ptr == '?')
        {
-       int set, unset;
+       int i, set, unset, namelen;
        int *optset;
+       const uschar *name;
+       uschar *slot;
        switch (*(++ptr))
          {
          case '#':                 /* Comment; skip to ket */
          ptr++;
-         while (*ptr != ')') ptr++;
+         while (*ptr != 0 && *ptr != ')') ptr++;
+         if (*ptr == 0)
+           {
+           *errorcodeptr = ERR18;
+           goto FAILED;
+           }
          continue;
-         case ':':                 /* Non-extracting bracket */
+         /* ------------------------------------------------------------ */
+         case '|':                 /* Reset capture count for each branch */
+         reset_bracount = TRUE;
+         /* Fall through */
+         /* ------------------------------------------------------------ */
+         case ':':                 /* Non-capturing bracket */
          bravalue = OP_BRA;
          ptr++;
          break;
+         /* ------------------------------------------------------------ */
          case '(':
          bravalue = OP_COND;       /* Conditional group */
-         /* A condition can be a number, referring to a numbered group, a name,
+         /* A condition can be an assertion, a number (referring to a numbered
-         referring to a named group, 'R', referring to recursion, or an
+         group), a name (referring to a named group), or 'R', referring to
-         assertion. There are two unfortunate ambiguities, caused by history.
+         recursion. R<digits> and R&name are also permitted for recursion tests.
-         (a) 'R' can be the recursive thing or the name 'R', and (b) a number
-         could be a name that consists of digits. In both cases, we look for a
+         There are several syntaxes for testing a named group: (?(name)) is used
-         name first; if not found, we try the other cases. If the first
+         by Python; Perl 5.10 onwards uses (?(<name>) or (?('name')).
-         character after (?( is a word character, we know the rest up to ) will
-         also be word characters because the syntax was checked in the first
+         There are two unfortunate ambiguities, caused by history. (a) 'R' can
-         pass. */
+         be the recursive thing or the name 'R' (and similarly for 'R' followed
+         by digits), and (b) a number could be a name that consists of digits.
-         if ((cd->ctypes[ptr[1]] & ctype_word) != 0)
+         In both cases, we look for a name first; if not found, we try the other
-           {
+         cases. */
-           int i, namelen;
-           int condref = 0;
+         /* For conditions that are assertions, check the syntax, and then exit
-           const uschar *name;
+         the switch. This will take control down to where bracketed groups,
-           uschar *slot = cd->name_table;
+         including assertions, are processed. */
-           /* This is needed for all successful cases. */
+         if (ptr[1] == '?' && (ptr[2] == '=' || ptr[2] == '!' || ptr[2] == '<'))
+           break;
-           skipbytes = 3;
+         /* Most other conditions use OP_CREF (a couple change to OP_RREF
+         below), and all need to skip 3 bytes at the start of the group. */
-           /* Read the name, but also get it as a number if it's all digits */
+         code[1+LINK_SIZE] = OP_CREF;
+         skipbytes = 3;
+         refsign = -1;
-           name = ++ptr;
+         /* Check for a test for recursion in a named group. */
-           while (*ptr != ')')
-             {
+         if (ptr[1] == 'R' && ptr[2] == '&')
-             if (condref >= 0)
+           {
-               condref = ((digitab[*ptr] & ctype_digit) != 0)?
+           terminator = -1;
-                 condref * 10 + *ptr - '0' : -1;
+           ptr += 2;
-             ptr++;
+           code[1+LINK_SIZE] = OP_RREF;    /* Change the type of test */
-             }
+           }
-           namelen = ptr - name;
+         /* Check for a test for a named group's having been set, using the Perl
+         syntax (?(<name>) or (?('name') */
+         else if (ptr[1] == '<')
+           {
+           terminator = '>';
+           ptr++;
+           }
+         else if (ptr[1] == '\'')
+           {
+           terminator = '\'';
            ptr++;
+           }
+         else
+           {
+           terminator = 0;
+           if (ptr[1] == '-' || ptr[1] == '+') refsign = *(++ptr);
+           }
-           for (i = 0; i < cd->names_found; i++)
+         /* We now expect to read a name; any thing else is an error */
-             {
-             if (strncmp((char *)name, (char *)slot+2, namelen) == 0) break;
-             slot += cd->name_entry_size;
-             }
-           /* Found a previous named subpattern */
+         if ((cd->ctypes[ptr[1]] & ctype_word) == 0)
+           {
+           ptr += 1;  /* To get the right offset */
+           *errorcodeptr = ERR28;
+           goto FAILED;
+           }
-           if (i < cd->names_found)
+         /* Read the name, but also get it as a number if it's all digits */
-             {
-             condref = GET2(slot, 0);
-             code[1+LINK_SIZE] = OP_CREF;
-             PUT2(code, 2+LINK_SIZE, condref);
-             }
-           /* Search the pattern for a forward reference */
+         recno = 0;
+         name = ++ptr;
+         while ((cd->ctypes[*ptr] & ctype_word) != 0)
+           {
+           if (recno >= 0)
+             recno = ((digitab[*ptr] & ctype_digit) != 0)?
+               recno * 10 + *ptr - '0' : -1;
+           ptr++;
+           }
+         namelen = ptr - name;
-           else if ((i = find_named_parens(ptr, *brackets, name, namelen)) > 0)
+         if ((terminator > 0 && *ptr++ != terminator) || *ptr++ != ')')
-             {
+           {
-             code[1+LINK_SIZE] = OP_CREF;
+           ptr--;      /* Error offset */
-             PUT2(code, 2+LINK_SIZE, i);
+           *errorcodeptr = ERR26;
-             }
+           goto FAILED;
+           }
-           /* Check for 'R' for recursion */
+         /* Do no further checking in the pre-compile phase. */
-           else if (namelen == 1 && *name == 'R')
+         if (lengthptr != NULL) break;
-             {
-             code[1+LINK_SIZE] = OP_CREF;
-             PUT2(code, 2+LINK_SIZE, CREF_RECURSE);
-             }
-           /* Check for a subpattern number */
+         /* In the real compile we do the work of looking for the actual
+         reference. If the string started with "+" or "-" we require the rest to
+         be digits, in which case recno will be set. */
-           else if (condref > 0)
+         if (refsign > 0)
+           {
+           if (recno <= 0)
+             {
+             *errorcodeptr = ERR58;
+             goto FAILED;
+             }
+           if (refsign == '-')
              {
-             code[1+LINK_SIZE] = OP_CREF;
+             recno = cd->bracount - recno + 1;
-             PUT2(code, 2+LINK_SIZE, condref);
+             if (recno <= 0)
+               {
+               *errorcodeptr = ERR15;
+               goto FAILED;
+               }
              }
+           else recno += cd->bracount;
+           PUT2(code, 2+LINK_SIZE, recno);
+           break;
+           }
-           /* Either an unidentified subpattern, or a reference to (?(0) */
+         /* Otherwise (did not start with "+" or "-"), start by looking for the
+         name. */
-           else
+         slot = cd->name_table;
+         for (i = 0; i < cd->names_found; i++)
+           {
+           if (strncmp((char *)name, (char *)slot+2, namelen) == 0) break;
+           slot += cd->name_entry_size;
+           }
+         /* Found a previous named subpattern */
+         if (i < cd->names_found)
+           {
+           recno = GET2(slot, 0);
+           PUT2(code, 2+LINK_SIZE, recno);
+           }
+         /* Search the pattern for a forward reference */
+         else if ((i = find_parens(ptr, cd->bracount, name, namelen,
+                         (options & PCRE_EXTENDED) != 0)) > 0)
+           {
+           PUT2(code, 2+LINK_SIZE, i);
+           }
+         /* If terminator == 0 it means that the name followed directly after
+         the opening parenthesis [e.g. (?(abc)...] and in this case there are
+         some further alternatives to try. For the cases where terminator != 0
+         [things like (?(<name>... or (?('name')... or (?(R&name)... ] we have
+         now checked all the possibilities, so give an error. */
+         else if (terminator != 0)
+           {
+           *errorcodeptr = ERR15;
+           goto FAILED;
+           }
+         /* Check for (?(R) for recursion. Allow digits after R to specify a
+         specific group number. */
+         else if (*name == 'R')
+           {
+           recno = 0;
+           for (i = 1; i < namelen; i++)
              {
-             *errorcodeptr = (condref == 0)? ERR35: ERR15;
+             if ((digitab[name[i]] & ctype_digit) == 0)
-             goto FAILED;
+               {
+               *errorcodeptr = ERR15;
+               goto FAILED;
+               }
+             recno = recno * 10 + name[i] - '0';
              }
+           if (recno == 0) recno = RREF_ANY;
+           code[1+LINK_SIZE] = OP_RREF;      /* Change test type */
+           PUT2(code, 2+LINK_SIZE, recno);
+           }
+         /* Similarly, check for the (?(DEFINE) "condition", which is always
+         false. */
+         else if (namelen == 6 && strncmp((char *)name, "DEFINE", 6) == 0)
+           {
+           code[1+LINK_SIZE] = OP_DEF;
+           skipbytes = 1;
+           }
+         /* Check for the "name" actually being a subpattern number. */
+         else if (recno > 0)
+           {
+           PUT2(code, 2+LINK_SIZE, recno);
            }
-         /* For conditions that are assertions, we just fall through, having
+         /* Either an unidentified subpattern, or a reference to (?(0) */
-         set bravalue above. */
+         else
+           {
+           *errorcodeptr = (recno == 0)? ERR35: ERR15;
+           goto FAILED;
+           }
          break;
+         /* ------------------------------------------------------------ */
          case '=':                 /* Positive lookahead */
          bravalue = OP_ASSERT;
          ptr++;
          break;
+         /* ------------------------------------------------------------ */
          case '!':                 /* Negative lookahead */
-         bravalue = OP_ASSERT_NOT;
          ptr++;
+         if (*ptr == ')')          /* Optimize (?!) */
+           {
+           *code++ = OP_FAIL;
+           previous = NULL;
+           continue;
+           }
+         bravalue = OP_ASSERT_NOT;
          break;
-         case '<':                 /* Lookbehinds */
-         switch (*(++ptr))
+         /* ------------------------------------------------------------ */
+         case '<':                 /* Lookbehind or named define */
+         switch (ptr[1])
            {
            case '=':               /* Positive lookbehind */
            bravalue = OP_ASSERTBACK;
-           ptr++;
+           ptr += 2;
            break;
            case '!':               /* Negative lookbehind */
            bravalue = OP_ASSERTBACK_NOT;
-           ptr++;
+           ptr += 2;
            break;
+           default:                /* Could be name define, else bad */
+           if ((cd->ctypes[ptr[1]] & ctype_word) != 0) goto DEFINE_NAME;
+           ptr++;                  /* Correct offset for error */
+           *errorcodeptr = ERR24;
+           goto FAILED;
            }
          break;
+         /* ------------------------------------------------------------ */
          case '>':                 /* One-time brackets */
          bravalue = OP_ONCE;
          ptr++;
          break;
+         /* ------------------------------------------------------------ */
          case 'C':                 /* Callout - may be followed by digits; */
          previous_callout = code;  /* Save for later completion */
          after_manual_callout = 1; /* Skip one item before completing */
-         *code++ = OP_CALLOUT;     /* Already checked that the terminating */
+         *code++ = OP_CALLOUT;
-           {                       /* closing parenthesis is present. */
+           {
            int n = 0;
            while ((digitab[*(++ptr)] & ctype_digit) != 0)
              n = n * 10 + *ptr - '0';
+           if (*ptr != ')')
+             {
+             *errorcodeptr = ERR39;
+             goto FAILED;
+             }
            if (n > 255)
              {
              *errorcodeptr = ERR38;
-Line 3034 
 for (;; ptr++)
+Line 4315 
 for (;; ptr++)
          previous = NULL;
          continue;
-         case 'P':                 /* Named subpattern handling */
-         if (*(++ptr) == '<')      /* Definition */
+         /* ------------------------------------------------------------ */
+         case 'P':                 /* Python-style named subpattern handling */
+         if (*(++ptr) == '=' || *ptr == '>')  /* Reference or recursion */
+           {
+           is_recurse = *ptr == '>';
+           terminator = ')';
+           goto NAMED_REF_OR_RECURSE;
+           }
+         else if (*ptr != '<')    /* Test for Python-style definition */
            {
-           int i, namelen;
+           *errorcodeptr = ERR41;
-           uschar *slot = cd->name_table;
+           goto FAILED;
-           const uschar *name;     /* Don't amalgamate; some compilers */
+           }
-           name = ++ptr;           /* grumble at autoincrement in declaration */
+         /* Fall through to handle (?P< as (?< is handled */
-           while (*ptr++ != '>');
-           namelen = ptr - name - 1;
-           for (i = 0; i < cd->names_found; i++)
+         /* ------------------------------------------------------------ */
+         DEFINE_NAME:    /* Come here from (?< handling */
+         case '\'':
+           {
+           terminator = (*ptr == '<')? '>' : '\'';
+           name = ++ptr;
+           while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
+           namelen = ptr - name;
+           /* In the pre-compile phase, just do a syntax check. */
+           if (lengthptr != NULL)
              {
-             int crc = memcmp(name, slot+2, namelen);
+             if (*ptr != terminator)
-             if (crc == 0)
+               {
+               *errorcodeptr = ERR42;
+               goto FAILED;
+               }
+             if (cd->names_found >= MAX_NAME_COUNT)
+               {
+               *errorcodeptr = ERR49;
+               goto FAILED;
+               }
+             if (namelen + 3 > cd->name_entry_size)
                {
-               if (slot[2+namelen] == 0)
+               cd->name_entry_size = namelen + 3;
+               if (namelen > MAX_NAME_SIZE)
                  {
-                 if ((options & PCRE_DUPNAMES) == 0)
+                 *errorcodeptr = ERR48;
-                   {
+                 goto FAILED;
-                   *errorcodeptr = ERR43;
-                   goto FAILED;
-                   }
                  }
-               else crc = -1;      /* Current name is substring */
                }
-             if (crc < 0)
+             }
+           /* In the real compile, create the entry in the table */
+           else
+             {
+             slot = cd->name_table;
+             for (i = 0; i < cd->names_found; i++)
                {
-               memmove(slot + cd->name_entry_size, slot,
+               int crc = memcmp(name, slot+2, namelen);
-                 (cd->names_found - i) * cd->name_entry_size);
+               if (crc == 0)
-               break;
+                 {
+                 if (slot[2+namelen] == 0)
+                   {
+                   if ((options & PCRE_DUPNAMES) == 0)
+                     {
+                     *errorcodeptr = ERR43;
+                     goto FAILED;
+                     }
+                   }
+                 else crc = -1;      /* Current name is substring */
+                 }
+               if (crc < 0)
+                 {
+                 memmove(slot + cd->name_entry_size, slot,
+                   (cd->names_found - i) * cd->name_entry_size);
+                 break;
+                 }
+               slot += cd->name_entry_size;
                }
-             slot += cd->name_entry_size;
-             }
-           PUT2(slot, 0, *brackets + 1);
+             PUT2(slot, 0, cd->bracount + 1);
-           memcpy(slot + 2, name, namelen);
+             memcpy(slot + 2, name, namelen);
-           slot[2+namelen] = 0;
+             slot[2+namelen] = 0;
-           cd->names_found++;
+             }
-           goto NUMBERED_GROUP;
            }
-         if (*ptr == '=' || *ptr == '>')  /* Reference or recursion */
+         /* In both cases, count the number of names we've encountered. */
+         ptr++;                    /* Move past > or ' */
+         cd->names_found++;
+         goto NUMBERED_GROUP;
+         /* ------------------------------------------------------------ */
+         case '&':                 /* Perl recursion/subroutine syntax */
+         terminator = ')';
+         is_recurse = TRUE;
+         /* Fall through */
+         /* We come here from the Python syntax above that handles both
+         references (?P=name) and recursion (?P>name), as well as falling
+         through from the Perl recursion syntax (?&name). */
+         NAMED_REF_OR_RECURSE:
+         name = ++ptr;
+         while ((cd->ctypes[*ptr] & ctype_word) != 0) ptr++;
+         namelen = ptr - name;
+         /* In the pre-compile phase, do a syntax check and set a dummy
+         reference number. */
+         if (lengthptr != NULL)
            {
-           int i, namelen;
+           if (*ptr != terminator)
-           int type = *ptr++;
+             {
-           const uschar *name = ptr;
+             *errorcodeptr = ERR42;
-           uschar *slot = cd->name_table;
+             goto FAILED;
+             }
+           if (namelen > MAX_NAME_SIZE)
+             {
+             *errorcodeptr = ERR48;
+             goto FAILED;
+             }
+           recno = 0;
+           }
-           while (*ptr != ')') ptr++;
+         /* In the real compile, seek the name in the table */
-           namelen = ptr - name;
+         else
+           {
+           slot = cd->name_table;
            for (i = 0; i < cd->names_found; i++)
              {
              if (strncmp((char *)name, (char *)slot+2, namelen) == 0) break;
-Line 3097 
 for (;; ptr++)
+Line 4458 
 for (;; ptr++)
              recno = GET2(slot, 0);
              }
            else if ((recno =                /* Forward back reference */
-                     find_named_parens(ptr, *brackets, name, namelen)) <= 0)
+                     find_parens(ptr, cd->bracount, name, namelen,
+                       (options & PCRE_EXTENDED) != 0)) <= 0)
              {
              *errorcodeptr = ERR15;
              goto FAILED;
              }
+           }
-           if (type == '>') goto HANDLE_RECURSION;  /* A few lines below */
+         /* In both phases, we can now go to the code than handles numerical
+         recursion or backreferences. */
-           /* Back reference */
-           previous = code;
+         if (is_recurse) goto HANDLE_RECURSION;
-           *code++ = OP_REF;
+           else goto HANDLE_REFERENCE;
-           PUT2INC(code, 0, recno);
-           cd->backref_map |= (recno < 32)? (1 << recno) : 1;
-           if (recno > cd->top_backref) cd->top_backref = recno;
-           continue;
-           }
-         /* Should never happen */
-         break;
-         case 'R':                 /* Pattern recursion */
+         /* ------------------------------------------------------------ */
+         case 'R':                 /* Recursion */
          ptr++;                    /* Same as (?0)      */
          /* Fall through */
-         /* Recursion or "subroutine" call */
-         case '0': case '1': case '2': case '3': case '4':
+         /* ------------------------------------------------------------ */
-         case '5': case '6': case '7': case '8': case '9':
+         case '-': case '+':
+         case '0': case '1': case '2': case '3': case '4':   /* Recursion or */
+         case '5': case '6': case '7': case '8': case '9':   /* subroutine */
            {
            const uschar *called;
+           if ((refsign = *ptr) == '+') ptr++;
+           else if (refsign == '-')
+             {
+             if ((digitab[ptr[1]] & ctype_digit) == 0)
+               goto OTHER_CHAR_AFTER_QUERY;
+             ptr++;
+             }
            recno = 0;
            while((digitab[*ptr] & ctype_digit) != 0)
              recno = recno * 10 + *ptr++ - '0';
+           if (*ptr != ')')
+             {
+             *errorcodeptr = ERR29;
+             goto FAILED;
+             }
+           if (refsign == '-')
+             {
+             if (recno == 0)
+               {
+               *errorcodeptr = ERR58;
+               goto FAILED;
+               }
+             recno = cd->bracount - recno + 1;
+             if (recno <= 0)
+               {
+               *errorcodeptr = ERR15;
+               goto FAILED;
+               }
+             }
+           else if (refsign == '+')
+             {
+             if (recno == 0)
+               {
+               *errorcodeptr = ERR58;
+               goto FAILED;
+               }
+             recno += cd->bracount;
+             }
            /* Come here from code above that handles a named recursion */
            HANDLE_RECURSION:
            previous = code;
+           called = cd->start_code;
-           /* Find the bracket that is being referenced. Temporarily end the
+           /* When we are actually compiling, find the bracket that is being
-           regex in case it doesn't exist. */
+           referenced. Temporarily end the regex in case it doesn't exist before
+           this point. If we end up with a forward reference, first check that
+           the bracket does occur later so we can give the error (and position)
+           now. Then remember this forward reference in the workspace so it can
+           be filled in at the end. */
-           *code = OP_END;
+           if (lengthptr == NULL)
-           called = (recno == 0)? cd->start_code :
-             find_bracket(cd->start_code, utf8, recno);
-           if (called == NULL)
              {
-             *errorcodeptr = ERR15;
+             *code = OP_END;
-             goto FAILED;
+             if (recno != 0) called = find_bracket(cd->start_code, utf8, recno);
-             }
-           /* If the subpattern is still open, this is a recursive call. We
+             /* Forward reference */
-           check to see if this is a left recursion that could loop for ever,
-           and diagnose that case. */
-           if (GET(called, 1) == 0 && could_be_empty(called, code, bcptr, utf8))
+             if (called == NULL)
-             {
+               {
-             *errorcodeptr = ERR40;
+               if (find_parens(ptr, cd->bracount, NULL, recno,
-             goto FAILED;
+                    (options & PCRE_EXTENDED) != 0) < 0)
+                 {
+                 *errorcodeptr = ERR15;
+                 goto FAILED;
+                 }
+               called = cd->start_code + recno;
+               PUTINC(cd->hwm, 0, code + 2 + LINK_SIZE - cd->start_code);
+               }
+             /* If not a forward reference, and the subpattern is still open,
+             this is a recursive call. We check to see if this is a left
+             recursion that could loop for ever, and diagnose that case. */
+             else if (GET(called, 1) == 0 &&
+                      could_be_empty(called, code, bcptr, utf8))
+               {
+               *errorcodeptr = ERR40;
+               goto FAILED;
+               }
              }
            /* Insert the recursion/subroutine item, automatically wrapped inside
-           "once" brackets. */
+           "once" brackets. Set up a "previous group" length so that a
+           subsequent quantifier will work. */
            *code = OP_ONCE;
            PUT(code, 1, 2 + 2*LINK_SIZE);
-Line 3174 
 for (;; ptr++)
+Line 4588 
 for (;; ptr++)
            *code = OP_KET;
            PUT(code, 1, 2 + 2*LINK_SIZE);
            code += 1 + LINK_SIZE;
+           length_prevgroup = 3 + 3*LINK_SIZE;
            }
+         /* Can't determine a first byte now */
+         if (firstbyte == REQ_UNSET) firstbyte = REQ_NONE;
          continue;
-         /* Character after (? not specially recognized */
-         default:                  /* Option setting */
+         /* ------------------------------------------------------------ */
+         default:              /* Other characters: check option setting */
+         OTHER_CHAR_AFTER_QUERY:
          set = unset = 0;
          optset = &set;
-Line 3189 
 for (;; ptr++)
+Line 4610 
 for (;; ptr++)
              {
              case '-': optset = &unset; break;
+             case 'J':    /* Record that it changed in the external options */
+             *optset |= PCRE_DUPNAMES;
+             cd->external_options |= PCRE_JCHANGED;
+             break;
              case 'i': *optset |= PCRE_CASELESS; break;
-             case 'J': *optset |= PCRE_DUPNAMES; break;
              case 'm': *optset |= PCRE_MULTILINE; break;
              case 's': *optset |= PCRE_DOTALL; break;
              case 'x': *optset |= PCRE_EXTENDED; break;
              case 'U': *optset |= PCRE_UNGREEDY; break;
              case 'X': *optset |= PCRE_EXTRA; break;
+             default:  *errorcodeptr = ERR12;
+                       ptr--;    /* Correct the offset */
+                       goto FAILED;
              }
            }
-Line 3204 
 for (;; ptr++)
+Line 4633 
 for (;; ptr++)
          newoptions = (options | set) & (~unset);
          /* If the options ended with ')' this is not the start of a nested
-         group with option changes, so the options change at this level. Compile
+         group with option changes, so the options change at this level. If this
-         code to change the ims options if this setting actually changes any of
+         item is right at the start of the pattern, the options can be
-         them. We also pass the new setting back so that it can be put at the
+         abstracted and made external in the pre-compile phase, and ignored in
-         start of any following branches, and when this group ends (if we are in
+         the compile phase. This can be helpful when matching -- for instance in
-         a group), a resetting item can be compiled.
+         caseless checking of required bytes.
-         Note that if this item is right at the start of the pattern, the
+         If the code pointer is not (cd->start_code + 1 + LINK_SIZE), we are
-         options will have been abstracted and made global, so there will be no
+         definitely *not* at the start of the pattern because something has been
-         change to compile. */
+         compiled. In the pre-compile phase, however, the code pointer can have
+         that value after the start, because it gets reset as code is discarded
+         during the pre-compile. However, this can happen only at top level - if
+         we are within parentheses, the starting BRA will still be present. At
+         any parenthesis level, the length value can be used to test if anything
+         has been compiled at that level. Thus, a test for both these conditions
+         is necessary to ensure we correctly detect the start of the pattern in
+         both phases.
+         If we are not at the pattern start, compile code to change the ims
+         options if this setting actually changes any of them. We also pass the
+         new setting back so that it can be put at the start of any following
+         branches, and when this group ends (if we are in a group), a resetting
+         item can be compiled. */
          if (*ptr == ')')
            {
-           if ((options & PCRE_IMS) != (newoptions & PCRE_IMS))
+           if (code == cd->start_code + 1 + LINK_SIZE &&
+                (lengthptr == NULL || *lengthptr == 2 + 2*LINK_SIZE))
              {
-             *code++ = OP_OPT;
+             cd->external_options = newoptions;
-             *code++ = newoptions & PCRE_IMS;
+             options = newoptions;
              }
+          else
+             {
+             if ((options & PCRE_IMS) != (newoptions & PCRE_IMS))
+               {
+               *code++ = OP_OPT;
+               *code++ = newoptions & PCRE_IMS;
+               }
-           /* Change options at this level, and pass them back for use
+             /* Change options at this level, and pass them back for use
-           in subsequent branches. Reset the greedy defaults and the case
+             in subsequent branches. Reset the greedy defaults and the case
-           value for firstbyte and reqbyte. */
+             value for firstbyte and reqbyte. */
-           *optionsptr = options = newoptions;
+             *optionsptr = options = newoptions;
-           greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
+             greedy_default = ((newoptions & PCRE_UNGREEDY) != 0);
-           greedy_non_default = greedy_default ^ 1;
+             greedy_non_default = greedy_default ^ 1;
-           req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
+             req_caseopt = ((options & PCRE_CASELESS) != 0)? REQ_CASELESS : 0;
+             }
            previous = NULL;       /* This item can't be repeated */
            continue;              /* It is complete */
-Line 3242 
 for (;; ptr++)
+Line 4693 
 for (;; ptr++)
          bravalue = OP_BRA;
          ptr++;
-         }
+         }     /* End of switch for character following (? */
-       }
+       }       /* End of (? handling */
-     /* If PCRE_NO_AUTO_CAPTURE is set, all unadorned brackets become
+     /* Opening parenthesis not followed by '?'. If PCRE_NO_AUTO_CAPTURE is set,
-     non-capturing and behave like (?:...) brackets */
+     all unadorned brackets become non-capturing and behave like (?:...)
+     brackets. */
      else if ((options & PCRE_NO_AUTO_CAPTURE) != 0)
        {
        bravalue = OP_BRA;
        }
-     /* Else we have a referencing group; adjust the opcode. If the bracket
+     /* Else we have a capturing group. */
-     number is greater than EXTRACT_BASIC_MAX, we set the opcode one higher, and
-     arrange for the true number to follow later, in an OP_BRANUMBER item. */
      else
        {
        NUMBERED_GROUP:
-       if (++(*brackets) > EXTRACT_BASIC_MAX)
+       cd->bracount += 1;
-         {
+       PUT2(code, 1+LINK_SIZE, cd->bracount);
-         bravalue = OP_BRA + EXTRACT_BASIC_MAX + 1;
+       skipbytes = 2;
-         code[1+LINK_SIZE] = OP_BRANUMBER;
-         PUT2(code, 2+LINK_SIZE, *brackets);
-         skipbytes = 3;
-         }
-       else bravalue = OP_BRA + *brackets;
        }
-     /* Process nested bracketed re. Assertions may not be repeated, but other
+     /* Process nested bracketed regex. Assertions may not be repeated, but
-     kinds can be. We copy code into a non-register variable in order to be able
+     other kinds can be. All their opcodes are >= OP_ONCE. We copy code into a
-     to pass its address because some compilers complain otherwise. Pass in a
+     non-register variable in order to be able to pass its address because some
-     new setting for the ims options if they have changed. */
+     compilers complain otherwise. Pass in a new setting for the ims options if
+     they have changed. */
      previous = (bravalue >= OP_ONCE)? code : NULL;
      *code = bravalue;
      tempcode = code;
      tempreqvary = cd->req_varyopt;     /* Save value before bracket */
+     length_prevgroup = 0;              /* Initialize for pre-compile phase */
      if (!compile_regex(
           newoptions,                   /* The complete new option state */
           options & PCRE_IMS,           /* The previous ims option state */
-          brackets,                     /* Extracting bracket count */
           &tempcode,                    /* Where to put code (updated) */
           &ptr,                         /* Input pointer (updated) */
           errorcodeptr,                 /* Where to put an error message */
           (bravalue == OP_ASSERTBACK ||
            bravalue == OP_ASSERTBACK_NOT), /* TRUE if back assert */
-          skipbytes,                    /* Skip over OP_COND/OP_BRANUMBER */
+          reset_bracount,               /* True if (?| group */
+          skipbytes,                    /* Skip over bracket number */
           &subfirstbyte,                /* For possible first char */
           &subreqbyte,                  /* For possible last char */
           bcptr,                        /* Current branch chain */
-          cd))                          /* Tables block */
+          cd,                           /* Tables block */
+          (lengthptr == NULL)? NULL :   /* Actual compile phase */
+            &length_prevgroup           /* Pre-compile phase */
+          ))
        goto FAILED;
      /* At the end of compiling, code is still pointing to the start of the
-Line 3302 
 for (;; ptr++)
+Line 4752 
 for (;; ptr++)
      is on the bracket. */
      /* If this is a conditional bracket, check that there are no more than
-     two branches in the group. */
+     two branches in the group, or just one if it's a DEFINE group. We do this
+     in the real compile phase, not in the pre-pass, where the whole group may
+     not be available. */
-     else if (bravalue == OP_COND)
+     if (bravalue == OP_COND && lengthptr == NULL)
        {
        uschar *tc = code;
        int condcount = 0;
-Line 3315 
 for (;; ptr++)
+Line 4767 
 for (;; ptr++)
           }
        while (*tc != OP_KET);
-       if (condcount > 2)
+       /* A DEFINE group is never obeyed inline (the "condition" is always
+       false). It must have only one branch. */
+       if (code[LINK_SIZE+1] == OP_DEF)
          {
-         *errorcodeptr = ERR27;
+         if (condcount > 1)
-         goto FAILED;
+           {
+           *errorcodeptr = ERR54;
+           goto FAILED;
+           }
+         bravalue = OP_DEF;   /* Just a flag to suppress char handling below */
+         }
+       /* A "normal" conditional group. If there is just one branch, we must not
+       make use of its firstbyte or reqbyte, because this is equivalent to an
+       empty second branch. */
+       else
+         {
+         if (condcount > 2)
+           {
+           *errorcodeptr = ERR27;
+           goto FAILED;
+           }
+         if (condcount == 1) subfirstbyte = subreqbyte = REQ_NONE;
          }
+       }
+     /* Error if hit end of pattern */
+     if (*ptr != ')')
+       {
+       *errorcodeptr = ERR14;
+       goto FAILED;
+       }
-       /* If there is just one branch, we must not make use of its firstbyte or
+     /* In the pre-compile phase, update the length by the length of the group,
-       reqbyte, because this is equivalent to an empty second branch. */
+     less the brackets at either end. Then reduce the compiled code to just a
+     set of non-capturing brackets so that it doesn't use much memory if it is
+     duplicated by a quantifier.*/
-       if (condcount == 1) subfirstbyte = subreqbyte = REQ_NONE;
+     if (lengthptr != NULL)
+       {
+       if (OFLOW_MAX - *lengthptr < length_prevgroup - 2 - 2*LINK_SIZE)
+         {
+         *errorcodeptr = ERR20;
+         goto FAILED;
+         }
+       *lengthptr += length_prevgroup - 2 - 2*LINK_SIZE;
+       *code++ = OP_BRA;
+       PUTINC(code, 0, 1 + LINK_SIZE);
+       *code++ = OP_KET;
+       PUTINC(code, 0, 1 + LINK_SIZE);
+       break;    /* No need to waste time with special character handling */
        }
-     /* Handle updating of the required and first characters. Update for normal
+     /* Otherwise update the main code pointer to the end of the group. */
-     brackets of all kinds, and conditions with two branches (see code above).
-     If the bracket is followed by a quantifier with zero repeat, we have to
+     code = tempcode;
-     back off. Hence the definition of zeroreqbyte and zerofirstbyte outside the
-     main loop so that they can be accessed for the back off. */
+     /* For a DEFINE group, required and first character settings are not
+     relevant. */
+     if (bravalue == OP_DEF) break;
+     /* Handle updating of the required and first characters for other types of
+     group. Update for normal brackets of all kinds, and conditions with two
+     branches (see code above). If the bracket is followed by a quantifier with
+     zero repeat, we have to back off. Hence the definition of zeroreqbyte and
+     zerofirstbyte outside the main loop so that they can be accessed for the
+     back off. */
      zeroreqbyte = reqbyte;
      zerofirstbyte = firstbyte;
      groupsetfirstbyte = FALSE;
-     if (bravalue >= OP_BRA || bravalue == OP_ONCE || bravalue == OP_COND)
+     if (bravalue >= OP_ONCE)
        {
        /* If we have not yet set a firstbyte in this branch, take it from the
        subpattern, remembering that it was set here so that a repeat of more
-Line 3378 
 for (;; ptr++)
+Line 4884 
 for (;; ptr++)
      firstbyte, looking for an asserted first char. */
      else if (bravalue == OP_ASSERT && subreqbyte >= 0) reqbyte = subreqbyte;
+     break;     /* End of processing '(' */
-     /* Now update the main code pointer to the end of the group. */
-     code = tempcode;
-     /* Error if hit end of pattern */
-     if (*ptr != ')')
-       {
-       *errorcodeptr = ERR14;
-       goto FAILED;
-       }
-     break;
-     /* Check \ for being a real metacharacter; if not, fall through and handle
-     it as a data character at the start of a string. Escape items are checked
-     for validity in the pre-compiling pass. */
-     case '\\':
-     tempptr = ptr;
-     c = check_escape(&ptr, errorcodeptr, *brackets, options, FALSE);
-     /* Handle metacharacters introduced by \. For ones like \d, the ESC_ values
+     /* ===================================================================*/
+     /* Handle metasequences introduced by \. For ones like \d, the ESC_ values
      are arranged to be the negation of the corresponding OP_values. For the
      back references, the values are ESC_REF plus the reference number. Only
      back references and those types that consume a character may be repeated.
      We can test for values between ESC_b and ESC_Z for the latter; this may
      have to change if any new ones are ever created. */
+     case '\\':
+     tempptr = ptr;
+     c = check_escape(&ptr, errorcodeptr, cd->bracount, options, FALSE);
+     if (*errorcodeptr != 0) goto FAILED;
      if (c < 0)
        {
        if (-c == ESC_Q)            /* Handle start of quoted string */
-Line 3416 
 for (;; ptr++)
+Line 4909 
 for (;; ptr++)
          continue;
          }
+       if (-c == ESC_E) continue;  /* Perl ignores an orphan \E */
        /* For metasequences that actually match a character, we disable the
        setting of a first character if it hasn't already been set. */
-Line 3427 
 for (;; ptr++)
+Line 4922 
 for (;; ptr++)
        zerofirstbyte = firstbyte;
        zeroreqbyte = reqbyte;
-       /* Back references are handled specially */
+       /* \k<name> or \k'name' is a back reference by name (Perl syntax).
+       We also support \k{name} (.NET syntax) */
+       if (-c == ESC_k && (ptr[1] == '<' || ptr[1] == '\'' || ptr[1] == '{'))
+         {
+         is_recurse = FALSE;
+         terminator = (*(++ptr) == '<')? '>' : (*ptr == '\'')? '\'' : '}';
+         goto NAMED_REF_OR_RECURSE;
+         }
+       /* Back references are handled specially; must disable firstbyte if