diff --git a/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html b/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html
index b85aa8e798..7c597b3150 100644
--- a/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html
+++ b/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html
@@ -7,6 +7,55 @@
 
 <BODY>
 
+<H1 align="center">Ghidra 10.0.3 Change History (September 2021)</H1>
+<blockquote><p><u>New Features</u></p>
+<ul>
+    <li><I>Debugger:Watches</I>. Added ability to modify target memory and registers via the Watches window. (GP-1264, Issue #2866)</li>
+</ul>
+</blockquote>
+<blockquote><p><u>Improvements</u></p>
+<ul>
+    <li><I>Analysis</I>. Improved SH4 constant reference analysis for PIC code, reference placement for jumps/calls, and non-return function analysis. General constant reference analysis has also been improved. (GP-1258)</li>
+    <li><I>Basic Infrastructure</I>. Removed usage of the <code>--illegal-access=permit</code> JVM argument for improved JDK 17 runtime support.  The Ghidra Server continues to require JDK 11 to successfully run at this time. (GP-1193, Issue #3355)</li>
+    <li><I>Debugger</I>. Debugger Agent windows now display log messages. (GP-507)</li>
+    <li><I>Debugger</I>. Changed Debugger's <B>Launch</B> action to propose the current program as the command line. (GP-1176)</li>
+    <li><I>Debugger</I>. Providing broader defaults for recording GDB-supported architectures. (GP-1237)</li>
+    <li><I>Debugger:GDB</I>. GDB connector's <B>Use existing session</B> prompts with more instructions. (GP-1076)</li>
+    <li><I>Debugger:GDB</I>. Added <B>use starti</B> option to GDB launcher. (GP-1158)</li>
+    <li><I>Debugger:Mappings</I>. Added <B>Map Identically</B> action to Modules window. (GP-1232)</li>
+    <li><I>GUI</I>. Changed analysis options to always show current program options when accessed via <B>Edit -> Options for &lt;program&gt;...</B>. Also added warning if the user makes changes to the analysis options and then changes the combo box without saving the changes first. (GP-1188)</li>
+    <li><I>Importer</I>. The ContinuesInterceptor, which allows the import process to proceed past uncaught exceptions that can be encountered while parsing corrupted headers, has been disabled by default. Its usage is now deprecated and will be removed in a future Ghidra release. It can be temporarily re-enabled in <B>support/launch.properties</B>. (GP-1248)</li>
+    <li><I>Importer:ELF</I>. Added support for additional ELF AARCH64 relocations such as <code>R_AARCH64_LDST64_ABS_LO12_NC</code>. (GP-1278, Issue #3352)</li>
+    <li><I>Processors</I>. Corrected semantics for x86/x64 <code>FXSAVE</code> and related instructions. (GP-1228)</li>
+    <li><I>Processors</I>. Added semantics for several x86/x64 vector operations. (GP-1262)</li>
+</ul>
+</blockquote>
+<blockquote><p><u>Bugs</u></p>
+<ul>
+    <li><I>Byte Viewer</I>. Fixed stack overflow issue in ByteViewer. (GP-1276)</li>
+    <li><I>C Parsing</I>. Eliminated static variables that caused follow-on CParser tasks to error because they started in a bad state. (GP-1251, Issue #1421, #3350)</li>
+    <li><I>Debugger</I>. Fixed NullPointerException in Objects window's <B>Import</B>/<B>Export</B> actions. (GP-1047)</li>
+    <li><I>Debugger</I>. Fixed NullPointerException in DBTraceStack. (GP-1059)</li>
+    <li><I>Debugger</I>. Fixed a rare deadlock involving DBTrace.addListener. (GP-1154)</li>
+    <li><I>Debugger</I>. <B>Track PC</B> action now scrolls to cursor even if the cursor is already at PC. (GP-1175)</li>
+    <li><I>Debugger</I>. Created better mapping of GDB ARM architecture names to Ghidra languages for the Debugger. (GP-1221, Issue #3333)</li>
+    <li><I>Debugger</I>. <B>Capture Memory</B> button is more aggressive in finding the correct region to capture, reducing bad region errors. (GP-1227)</li>
+    <li><I>Debugger</I>. Fixed delay slot disassembly in Debugger dynamic listing. (GP-1246, Issue #3358)</li>
+    <li><I>Debugger:Emulator</I>. Fixed cache-reading issue in trace emulation. (GP-1187)</li>
+    <li><I>Debugger:Emulator</I>. Fixed a critical typo in PairedPcodeArithmetic. (GP-1191)</li>
+    <li><I>Debugger:Trace</I>. Dynamic listing now updates immediately when changing data type settings. (GP-1215)</li>
+    <li><I>Debugger:Trace</I>. Removed <code>Missing Instruction Prototype</code> exception in favor of using InvalidPrototype. (GP-1226)</li>
+    <li><I>Debugger:Trace</I>. Adding context fields to Register viewer no longer throws an exception. (GP-1256)</li>
+    <li><I>Decompiler</I>. Fixed a bug that could cause an infinite loop in the Decompiler when using bonded register pairs. (GP-1270, Issue #3105)</li>
+    <li><I>Decompiler</I>. Fixed a bug causing <code>Exceeded maximum restarts with more pending</code> warnings in the Decompiler. (GP-1277, Issue #3104)</li>
+    <li><I>Disassembly</I>. Fixed an IllegalArgumentException in the Non-Returning Functions analyzer caused by processor specifications without a defined context, such as Sparc and SH4. (GP-1216)</li>
+    <li><I>DWARF</I>. Corrected potential random errors in DWARF parsing caused by modifications to a shared global static DWARF decoder. (GP-1272)</li>
+    <li><I>Exporter</I>. Exporters with empty default extension names will no longer append a dot to the output filename. (GP-1201, Issue #3325)</li>
+    <li><I>GUI</I>. Fixed the missing mnemonic of the Graph menu. (GP-1244, Issue #3330)</li>
+    <li><I>Processors</I>. Corrected carry flag semantics for the 6502 processor's <code>SBC</code> instruction. (GP-1109, Issue #3189, #3190)</li>
+</ul>
+</blockquote>
+
 <H1 align="center">Ghidra 10.0.2 Change History (August 2021)</H1>
 <blockquote><p><u>New Features</u></p>
 <ul>
diff --git a/Ghidra/Debug/Debugger/src/test/java/ghidra/app/plugin/core/debug/gui/watch/DebuggerWatchesProviderTest.java b/Ghidra/Debug/Debugger/src/test/java/ghidra/app/plugin/core/debug/gui/watch/DebuggerWatchesProviderTest.java
index 05976b2654..bb5aed362c 100644
--- a/Ghidra/Debug/Debugger/src/test/java/ghidra/app/plugin/core/debug/gui/watch/DebuggerWatchesProviderTest.java
+++ b/Ghidra/Debug/Debugger/src/test/java/ghidra/app/plugin/core/debug/gui/watch/DebuggerWatchesProviderTest.java
@@ -280,7 +280,7 @@ public class DebuggerWatchesProviderTest extends AbstractGhidraHeadedDebuggerGUI
 
 		performAction(watchesProvider.actionAdd);
 		WatchRow row = Unique.assertOne(watchesProvider.watchTableModel.getModelData());
-		row.setExpression("r0");
+		row.setExpression(expression);
 
 		traceManager.openTrace(tb.trace);
 		traceManager.activateThread(thread);
diff --git a/Ghidra/Features/Decompiler/certification.manifest b/Ghidra/Features/Decompiler/certification.manifest
index f7819633aa..8aea441f58 100644
--- a/Ghidra/Features/Decompiler/certification.manifest
+++ b/Ghidra/Features/Decompiler/certification.manifest
@@ -12,12 +12,14 @@ src/decompile/cpp/Makefile||GHIDRA||||END|
 src/decompile/datatests/convert.xml||GHIDRA||||END|
 src/decompile/datatests/deadvolatile.xml||GHIDRA||||END|
 src/decompile/datatests/elseif.xml||GHIDRA||||END|
+src/decompile/datatests/deindirect.xml||GHIDRA||||END|
 src/decompile/datatests/floatprint.xml||GHIDRA||||END|
 src/decompile/datatests/forloop1.xml||GHIDRA||||END|
 src/decompile/datatests/forloop_loaditer.xml||GHIDRA||||END|
 src/decompile/datatests/forloop_thruspecial.xml||GHIDRA||||END|
 src/decompile/datatests/forloop_varused.xml||GHIDRA||||END|
 src/decompile/datatests/forloop_withskip.xml||GHIDRA||||END|
+src/decompile/datatests/indproto.xml||GHIDRA||||END|
 src/decompile/datatests/loopcomment.xml||GHIDRA||||END|
 src/decompile/datatests/multiret.xml||GHIDRA||||END|
 src/decompile/datatests/namespace.xml||GHIDRA||||END|
diff --git a/Ghidra/Features/Decompiler/src/decompile/cpp/fspec.cc b/Ghidra/Features/Decompiler/src/decompile/cpp/fspec.cc
index e87033c34d..aa8e41208b 100644
--- a/Ghidra/Features/Decompiler/src/decompile/cpp/fspec.cc
+++ b/Ghidra/Features/Decompiler/src/decompile/cpp/fspec.cc
@@ -4581,6 +4581,8 @@ void FuncCallSpecs::deindirect(Funcdata &data,Funcdata *newfd)
   if (isOverride())	// If we are overridden at the call-site
     return;		// Don't use the discovered function prototype
 
+  data.getOverride().insertIndirectOverride(op->getAddr(),entryaddress);
+
   // Try our best to merge existing prototype
   // with the one we have just been handed
   vector<Varnode *> newinput;
@@ -4592,7 +4594,6 @@ void FuncCallSpecs::deindirect(Funcdata &data,Funcdata *newfd)
     commitNewOutputs(data,newoutput);
   }
   else {
-    data.getOverride().insertIndirectOverride(op->getAddr(),entryaddress);
     data.setRestartPending(true);
   }
 }
@@ -4613,16 +4614,19 @@ void FuncCallSpecs::forceSet(Funcdata &data,const FuncProto &fp)
 {
   vector<Varnode *> newinput;
   Varnode *newoutput;
+
+  // Copy the recovered prototype into the override manager so that
+  // future restarts don't have to rediscover it
+  FuncProto *newproto = new FuncProto();
+  newproto->copy(fp);
+  data.getOverride().insertProtoOverride(op->getAddr(),newproto);
   if (lateRestriction(fp,newinput,newoutput)) {
     commitNewInputs(data,newinput);
     commitNewOutputs(data,newoutput);
   }
   else {
     // Too late to make restrictions to correct prototype
-    // Add a restart override with the forcing prototype
-    FuncProto *newproto = new FuncProto();
-    newproto->copy(fp);
-    data.getOverride().insertProtoOverride(op->getAddr(),newproto);
+    // Force a restart
     data.setRestartPending(true);
   }
   // Regardless of what happened, lock the prototype so it doesn't happen again
diff --git a/Ghidra/Features/Decompiler/src/decompile/datatests/deindirect.xml b/Ghidra/Features/Decompiler/src/decompile/datatests/deindirect.xml
new file mode 100644
index 0000000000..10fd58adfc
--- /dev/null
+++ b/Ghidra/Features/Decompiler/src/decompile/datatests/deindirect.xml
@@ -0,0 +1,36 @@
+<decompilertest>
+<binaryimage arch="x86:LE:64:default:gcc">
+  <!--
+      A contrived function with 2 indirect calls that share the same parameter set up.
+      The parameter setup initially gets associated with only one of the two indirect calls.
+      The indirects eventually collapse to direct calls and a prototype is associated with
+      both calls, but too late for one, forcing a restart.  The decompiler should be
+      able to collapse both indirects to direct calls AND associate the correct prototype.
+  -->
+<bytechunk space="ram" offset="0x10071a" readonly="true">
+                    554889e54883
+ec20897dec8975e88955e4488d0598ff
+ffff488945f88b45e48d50058b45e883
+c00389d689c79090909090837dec097f
+14488b45f8ffd0488d3d2c010000e81d
+feffffeb12488b45f8ffd0488d3d1d01
+0000e809feffff90c9c3
+</bytechunk>
+<bytechunk space="ram" offset="0x10088a" readonly="true">
+  4c657373004d6f726500
+</bytechunk>
+<symbol space="ram" offset="0x10071a" name="deindirect"/>
+<symbol space="ram" offset="0x1006ca" name="realfunc"/>
+<symbol space="ram" offset="0x100580" name="puts"/>
+</binaryimage>
+<script>
+  <com>parse line extern void deindirect(int4 a,int4 b,int4 c);</com>
+  <com>parse line extern void realfunc(int4 a,int4 b);</com>
+  <com>lo fu deindirect</com>
+  <com>decompile</com>
+  <com>print C</com>
+  <com>quit</com>
+</script>
+<stringmatch name="Deindirect #1" min="0" max="0">Exceeded maximum restarts</stringmatch>
+<stringmatch name="Deindirect #2" min="2" max="2">realfunc\(b \+ 3,c \+ 5\)</stringmatch>
+</decompilertest>
diff --git a/Ghidra/Features/Decompiler/src/decompile/datatests/indproto.xml b/Ghidra/Features/Decompiler/src/decompile/datatests/indproto.xml
new file mode 100644
index 0000000000..980558cd3f
--- /dev/null
+++ b/Ghidra/Features/Decompiler/src/decompile/datatests/indproto.xml
@@ -0,0 +1,35 @@
+<decompilertest>
+<binaryimage arch="x86:LE:64:default:gcc">
+  <!--
+      A contrived function with 2 indirect calls that share the same parameter set up.
+      The parameter setup initially gets associated with only one of the two indirect calls.
+      A prototype data-type is eventually propagated to both indirect calls
+      but too late for one, forcing a restart.  The decompiler should be able to
+      associate the correct prototype with both indirect calls.
+  -->
+<bytechunk space="ram" offset="0x100771" readonly="true">
+  554889e54883ec10897dfc8975f848
+8955f08b45fc89c79090909090837df8
+647517488b45f0488b00ffd0488d3d53
+010000e838feffffeb16488b45f0488b
+4008ffd0488d3d40010000e820feffff
+90c9c3
+</bytechunk>
+<bytechunk space="ram" offset="0x1008f6" readonly="true">
+  5065656b0047657400
+</bytechunk>
+<symbol space="ram" offset="0x100771" name="indproto"/>
+<symbol space="ram" offset="0x1005e0" name="puts"/>
+</binaryimage>
+<script>
+  <com>parse line struct methods { void (*peek)(int4 a); void (*get)(int4 b); };</com>
+  <com>parse line extern void indproto(int4 a,int4 b,methods *ptr);</com>
+  <com>lo fu indproto</com>
+  <com>decompile</com>
+  <com>print C</com>
+  <com>quit</com>
+</script>
+<stringmatch name="Indirect prototype #1" min="0" max="0">Exceeded maximum restarts</stringmatch>
+<stringmatch name="Indirect prototype #2" min="1" max="1">ptr-&gt;peek\)\(a\)</stringmatch>
+<stringmatch name="Indirect prototype #3" min="1" max="1">ptr-&gt;get\)\(a\)</stringmatch>
+</decompilertest>
diff --git a/Ghidra/Processors/6502/data/languages/6502.slaspec b/Ghidra/Processors/6502/data/languages/6502.slaspec
index 6cf3f005eb..a4f37d6721 100644
--- a/Ghidra/Processors/6502/data/languages/6502.slaspec
+++ b/Ghidra/Processors/6502/data/languages/6502.slaspec
@@ -421,7 +421,7 @@ ADDRI:  imm16   is imm16    { tmp:2 = imm16; export *:2 tmp; }
 :SBC OP1     is (cc=1 & aaa=7) ... & OP1
 {
 	local op1 = OP1;
-	local result = A - op1 - C;
+	local result = A - op1 - !C;
 	
 	subtraction_flags1(A, op1, result);
 	A = result;