000001  /*
000002  ** 2004 May 26
000003  **
000004  ** The author disclaims copyright to this source code.  In place of
000005  ** a legal notice, here is a blessing:
000006  **
000007  **    May you do good and not evil.
000008  **    May you find forgiveness for yourself and forgive others.
000009  **    May you share freely, never taking more than you give.
000010  **
000011  *************************************************************************
000012  **
000013  ** This file contains code use to manipulate "Mem" structure.  A "Mem"
000014  ** stores a single value in the VDBE.  Mem is an opaque structure visible
000015  ** only within the VDBE.  Interface routines refer to a Mem using the
000016  ** name sqlite_value
000017  */
000018  #include "sqliteInt.h"
000019  #include "vdbeInt.h"
000020  
000021  /* True if X is a power of two.  0 is considered a power of two here.
000022  ** In other words, return true if X has at most one bit set.
000023  */
000024  #define ISPOWEROF2(X)  (((X)&((X)-1))==0)
000025  
000026  #ifdef SQLITE_DEBUG
000027  /*
000028  ** Check invariants on a Mem object.
000029  **
000030  ** This routine is intended for use inside of assert() statements, like
000031  ** this:    assert( sqlite3VdbeCheckMemInvariants(pMem) );
000032  */
000033  int sqlite3VdbeCheckMemInvariants(Mem *p){
000034    /* If MEM_Dyn is set then Mem.xDel!=0.  
000035    ** Mem.xDel might not be initialized if MEM_Dyn is clear.
000036    */
000037    assert( (p->flags & MEM_Dyn)==0 || p->xDel!=0 );
000038  
000039    /* MEM_Dyn may only be set if Mem.szMalloc==0.  In this way we
000040    ** ensure that if Mem.szMalloc>0 then it is safe to do
000041    ** Mem.z = Mem.zMalloc without having to check Mem.flags&MEM_Dyn.
000042    ** That saves a few cycles in inner loops. */
000043    assert( (p->flags & MEM_Dyn)==0 || p->szMalloc==0 );
000044  
000045    /* Cannot have more than one of MEM_Int, MEM_Real, or MEM_IntReal */
000046    assert( ISPOWEROF2(p->flags & (MEM_Int|MEM_Real|MEM_IntReal)) );
000047  
000048    if( p->flags & MEM_Null ){
000049      /* Cannot be both MEM_Null and some other type */
000050      assert( (p->flags & (MEM_Int|MEM_Real|MEM_Str|MEM_Blob|MEM_Agg))==0 );
000051  
000052      /* If MEM_Null is set, then either the value is a pure NULL (the usual
000053      ** case) or it is a pointer set using sqlite3_bind_pointer() or
000054      ** sqlite3_result_pointer().  If a pointer, then MEM_Term must also be
000055      ** set.
000056      */
000057      if( (p->flags & (MEM_Term|MEM_Subtype))==(MEM_Term|MEM_Subtype) ){
000058        /* This is a pointer type.  There may be a flag to indicate what to
000059        ** do with the pointer. */
000060        assert( ((p->flags&MEM_Dyn)!=0 ? 1 : 0) +
000061                ((p->flags&MEM_Ephem)!=0 ? 1 : 0) +
000062                ((p->flags&MEM_Static)!=0 ? 1 : 0) <= 1 );
000063  
000064        /* No other bits set */
000065        assert( (p->flags & ~(MEM_Null|MEM_Term|MEM_Subtype|MEM_FromBind
000066                             |MEM_Dyn|MEM_Ephem|MEM_Static))==0 );
000067      }else{
000068        /* A pure NULL might have other flags, such as MEM_Static, MEM_Dyn,
000069        ** MEM_Ephem, MEM_Cleared, or MEM_Subtype */
000070      }
000071    }else{
000072      /* The MEM_Cleared bit is only allowed on NULLs */
000073      assert( (p->flags & MEM_Cleared)==0 );
000074    }
000075  
000076    /* The szMalloc field holds the correct memory allocation size */
000077    assert( p->szMalloc==0
000078         || p->szMalloc==sqlite3DbMallocSize(p->db,p->zMalloc) );
000079  
000080    /* If p holds a string or blob, the Mem.z must point to exactly
000081    ** one of the following:
000082    **
000083    **   (1) Memory in Mem.zMalloc and managed by the Mem object
000084    **   (2) Memory to be freed using Mem.xDel
000085    **   (3) An ephemeral string or blob
000086    **   (4) A static string or blob
000087    */
000088    if( (p->flags & (MEM_Str|MEM_Blob)) && p->n>0 ){
000089      assert( 
000090        ((p->szMalloc>0 && p->z==p->zMalloc)? 1 : 0) +
000091        ((p->flags&MEM_Dyn)!=0 ? 1 : 0) +
000092        ((p->flags&MEM_Ephem)!=0 ? 1 : 0) +
000093        ((p->flags&MEM_Static)!=0 ? 1 : 0) == 1
000094      );
000095    }
000096    return 1;
000097  }
000098  #endif
000099  
000100  /*
000101  ** Render a Mem object which is one of MEM_Int, MEM_Real, or MEM_IntReal
000102  ** into a buffer.
000103  */
000104  static void vdbeMemRenderNum(int sz, char *zBuf, Mem *p){
000105    StrAccum acc;
000106    assert( p->flags & (MEM_Int|MEM_Real|MEM_IntReal) );
000107    sqlite3StrAccumInit(&acc, 0, zBuf, sz, 0);
000108    if( p->flags & MEM_Int ){
000109      sqlite3_str_appendf(&acc, "%lld", p->u.i);
000110    }else if( p->flags & MEM_IntReal ){
000111      sqlite3_str_appendf(&acc, "%!.15g", (double)p->u.i);
000112    }else{
000113      sqlite3_str_appendf(&acc, "%!.15g", p->u.r);
000114    }
000115    assert( acc.zText==zBuf && acc.mxAlloc<=0 );
000116    zBuf[acc.nChar] = 0; /* Fast version of sqlite3StrAccumFinish(&acc) */
000117  }
000118  
000119  #ifdef SQLITE_DEBUG
000120  /*
000121  ** Validity checks on pMem.  pMem holds a string.
000122  **
000123  ** (1) Check that string value of pMem agrees with its integer or real value.
000124  ** (2) Check that the string is correctly zero terminated
000125  **
000126  ** A single int or real value always converts to the same strings.  But
000127  ** many different strings can be converted into the same int or real.
000128  ** If a table contains a numeric value and an index is based on the
000129  ** corresponding string value, then it is important that the string be
000130  ** derived from the numeric value, not the other way around, to ensure
000131  ** that the index and table are consistent.  See ticket
000132  ** https://www.sqlite.org/src/info/343634942dd54ab (2018-01-31) for
000133  ** an example.
000134  **
000135  ** This routine looks at pMem to verify that if it has both a numeric
000136  ** representation and a string representation then the string rep has
000137  ** been derived from the numeric and not the other way around.  It returns
000138  ** true if everything is ok and false if there is a problem.
000139  **
000140  ** This routine is for use inside of assert() statements only.
000141  */
000142  int sqlite3VdbeMemValidStrRep(Mem *p){
000143    char zBuf[100];
000144    char *z;
000145    int i, j, incr;
000146    if( (p->flags & MEM_Str)==0 ) return 1;
000147    if( p->flags & MEM_Term ){
000148      /* Insure that the string is properly zero-terminated.  Pay particular
000149      ** attention to the case where p->n is odd */
000150      if( p->szMalloc>0 && p->z==p->zMalloc ){
000151        assert( p->enc==SQLITE_UTF8 || p->szMalloc >= ((p->n+1)&~1)+2 );
000152        assert( p->enc!=SQLITE_UTF8 || p->szMalloc >= p->n+1 );
000153      }
000154      assert( p->z[p->n]==0 );
000155      assert( p->enc==SQLITE_UTF8 || p->z[(p->n+1)&~1]==0 );
000156      assert( p->enc==SQLITE_UTF8 || p->z[((p->n+1)&~1)+1]==0 );
000157    }
000158    if( (p->flags & (MEM_Int|MEM_Real|MEM_IntReal))==0 ) return 1;
000159    vdbeMemRenderNum(sizeof(zBuf), zBuf, p);
000160    z = p->z;
000161    i = j = 0;
000162    incr = 1;
000163    if( p->enc!=SQLITE_UTF8 ){
000164      incr = 2;
000165      if( p->enc==SQLITE_UTF16BE ) z++;
000166    }
000167    while( zBuf[j] ){
000168      if( zBuf[j++]!=z[i] ) return 0;
000169      i += incr;
000170    }
000171    return 1;
000172  }
000173  #endif /* SQLITE_DEBUG */
000174  
000175  /*
000176  ** If pMem is an object with a valid string representation, this routine
000177  ** ensures the internal encoding for the string representation is
000178  ** 'desiredEnc', one of SQLITE_UTF8, SQLITE_UTF16LE or SQLITE_UTF16BE.
000179  **
000180  ** If pMem is not a string object, or the encoding of the string
000181  ** representation is already stored using the requested encoding, then this
000182  ** routine is a no-op.
000183  **
000184  ** SQLITE_OK is returned if the conversion is successful (or not required).
000185  ** SQLITE_NOMEM may be returned if a malloc() fails during conversion
000186  ** between formats.
000187  */
000188  int sqlite3VdbeChangeEncoding(Mem *pMem, int desiredEnc){
000189  #ifndef SQLITE_OMIT_UTF16
000190    int rc;
000191  #endif
000192    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000193    assert( desiredEnc==SQLITE_UTF8 || desiredEnc==SQLITE_UTF16LE
000194             || desiredEnc==SQLITE_UTF16BE );
000195    if( !(pMem->flags&MEM_Str) || pMem->enc==desiredEnc ){
000196      return SQLITE_OK;
000197    }
000198    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000199  #ifdef SQLITE_OMIT_UTF16
000200    return SQLITE_ERROR;
000201  #else
000202  
000203    /* MemTranslate() may return SQLITE_OK or SQLITE_NOMEM. If NOMEM is returned,
000204    ** then the encoding of the value may not have changed.
000205    */
000206    rc = sqlite3VdbeMemTranslate(pMem, (u8)desiredEnc);
000207    assert(rc==SQLITE_OK    || rc==SQLITE_NOMEM);
000208    assert(rc==SQLITE_OK    || pMem->enc!=desiredEnc);
000209    assert(rc==SQLITE_NOMEM || pMem->enc==desiredEnc);
000210    return rc;
000211  #endif
000212  }
000213  
000214  /*
000215  ** Make sure pMem->z points to a writable allocation of at least n bytes.
000216  **
000217  ** If the bPreserve argument is true, then copy of the content of
000218  ** pMem->z into the new allocation.  pMem must be either a string or
000219  ** blob if bPreserve is true.  If bPreserve is false, any prior content
000220  ** in pMem->z is discarded.
000221  */
000222  SQLITE_NOINLINE int sqlite3VdbeMemGrow(Mem *pMem, int n, int bPreserve){
000223    assert( sqlite3VdbeCheckMemInvariants(pMem) );
000224    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000225    testcase( pMem->db==0 );
000226  
000227    /* If the bPreserve flag is set to true, then the memory cell must already
000228    ** contain a valid string or blob value.  */
000229    assert( bPreserve==0 || pMem->flags&(MEM_Blob|MEM_Str) );
000230    testcase( bPreserve && pMem->z==0 );
000231  
000232    assert( pMem->szMalloc==0
000233         || pMem->szMalloc==sqlite3DbMallocSize(pMem->db, pMem->zMalloc) );
000234    if( pMem->szMalloc>0 && bPreserve && pMem->z==pMem->zMalloc ){
000235      if( pMem->db ){
000236        pMem->z = pMem->zMalloc = sqlite3DbReallocOrFree(pMem->db, pMem->z, n);
000237      }else{
000238        pMem->zMalloc = sqlite3Realloc(pMem->z, n);
000239        if( pMem->zMalloc==0 ) sqlite3_free(pMem->z);
000240        pMem->z = pMem->zMalloc;
000241      }
000242      bPreserve = 0;
000243    }else{
000244      if( pMem->szMalloc>0 ) sqlite3DbFreeNN(pMem->db, pMem->zMalloc);
000245      pMem->zMalloc = sqlite3DbMallocRaw(pMem->db, n);
000246    }
000247    if( pMem->zMalloc==0 ){
000248      sqlite3VdbeMemSetNull(pMem);
000249      pMem->z = 0;
000250      pMem->szMalloc = 0;
000251      return SQLITE_NOMEM_BKPT;
000252    }else{
000253      pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
000254    }
000255  
000256    if( bPreserve && pMem->z ){
000257      assert( pMem->z!=pMem->zMalloc );
000258      memcpy(pMem->zMalloc, pMem->z, pMem->n);
000259    }
000260    if( (pMem->flags&MEM_Dyn)!=0 ){
000261      assert( pMem->xDel!=0 && pMem->xDel!=SQLITE_DYNAMIC );
000262      pMem->xDel((void *)(pMem->z));
000263    }
000264  
000265    pMem->z = pMem->zMalloc;
000266    pMem->flags &= ~(MEM_Dyn|MEM_Ephem|MEM_Static);
000267    return SQLITE_OK;
000268  }
000269  
000270  /*
000271  ** Change the pMem->zMalloc allocation to be at least szNew bytes.
000272  ** If pMem->zMalloc already meets or exceeds the requested size, this
000273  ** routine is a no-op.
000274  **
000275  ** Any prior string or blob content in the pMem object may be discarded.
000276  ** The pMem->xDel destructor is called, if it exists.  Though MEM_Str
000277  ** and MEM_Blob values may be discarded, MEM_Int, MEM_Real, MEM_IntReal,
000278  ** and MEM_Null values are preserved.
000279  **
000280  ** Return SQLITE_OK on success or an error code (probably SQLITE_NOMEM)
000281  ** if unable to complete the resizing.
000282  */
000283  int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
000284    assert( CORRUPT_DB || szNew>0 );
000285    assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
000286    if( pMem->szMalloc<szNew ){
000287      return sqlite3VdbeMemGrow(pMem, szNew, 0);
000288    }
000289    assert( (pMem->flags & MEM_Dyn)==0 );
000290    pMem->z = pMem->zMalloc;
000291    pMem->flags &= (MEM_Null|MEM_Int|MEM_Real|MEM_IntReal);
000292    return SQLITE_OK;
000293  }
000294  
000295  /*
000296  ** It is already known that pMem contains an unterminated string.
000297  ** Add the zero terminator.
000298  **
000299  ** Three bytes of zero are added.  In this way, there is guaranteed
000300  ** to be a double-zero byte at an even byte boundary in order to
000301  ** terminate a UTF16 string, even if the initial size of the buffer
000302  ** is an odd number of bytes.
000303  */
000304  static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){
000305    if( sqlite3VdbeMemGrow(pMem, pMem->n+3, 1) ){
000306      return SQLITE_NOMEM_BKPT;
000307    }
000308    pMem->z[pMem->n] = 0;
000309    pMem->z[pMem->n+1] = 0;
000310    pMem->z[pMem->n+2] = 0;
000311    pMem->flags |= MEM_Term;
000312    return SQLITE_OK;
000313  }
000314  
000315  /*
000316  ** Change pMem so that its MEM_Str or MEM_Blob value is stored in
000317  ** MEM.zMalloc, where it can be safely written.
000318  **
000319  ** Return SQLITE_OK on success or SQLITE_NOMEM if malloc fails.
000320  */
000321  int sqlite3VdbeMemMakeWriteable(Mem *pMem){
000322    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000323    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000324    if( (pMem->flags & (MEM_Str|MEM_Blob))!=0 ){
000325      if( ExpandBlob(pMem) ) return SQLITE_NOMEM;
000326      if( pMem->szMalloc==0 || pMem->z!=pMem->zMalloc ){
000327        int rc = vdbeMemAddTerminator(pMem);
000328        if( rc ) return rc;
000329      }
000330    }
000331    pMem->flags &= ~MEM_Ephem;
000332  #ifdef SQLITE_DEBUG
000333    pMem->pScopyFrom = 0;
000334  #endif
000335  
000336    return SQLITE_OK;
000337  }
000338  
000339  /*
000340  ** If the given Mem* has a zero-filled tail, turn it into an ordinary
000341  ** blob stored in dynamically allocated space.
000342  */
000343  #ifndef SQLITE_OMIT_INCRBLOB
000344  int sqlite3VdbeMemExpandBlob(Mem *pMem){
000345    int nByte;
000346    assert( pMem->flags & MEM_Zero );
000347    assert( (pMem->flags&MEM_Blob)!=0 || MemNullNochng(pMem) );
000348    testcase( sqlite3_value_nochange(pMem) );
000349    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000350    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000351  
000352    /* Set nByte to the number of bytes required to store the expanded blob. */
000353    nByte = pMem->n + pMem->u.nZero;
000354    if( nByte<=0 ){
000355      if( (pMem->flags & MEM_Blob)==0 ) return SQLITE_OK;
000356      nByte = 1;
000357    }
000358    if( sqlite3VdbeMemGrow(pMem, nByte, 1) ){
000359      return SQLITE_NOMEM_BKPT;
000360    }
000361  
000362    memset(&pMem->z[pMem->n], 0, pMem->u.nZero);
000363    pMem->n += pMem->u.nZero;
000364    pMem->flags &= ~(MEM_Zero|MEM_Term);
000365    return SQLITE_OK;
000366  }
000367  #endif
000368  
000369  /*
000370  ** Make sure the given Mem is \u0000 terminated.
000371  */
000372  int sqlite3VdbeMemNulTerminate(Mem *pMem){
000373    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000374    testcase( (pMem->flags & (MEM_Term|MEM_Str))==(MEM_Term|MEM_Str) );
000375    testcase( (pMem->flags & (MEM_Term|MEM_Str))==0 );
000376    if( (pMem->flags & (MEM_Term|MEM_Str))!=MEM_Str ){
000377      return SQLITE_OK;   /* Nothing to do */
000378    }else{
000379      return vdbeMemAddTerminator(pMem);
000380    }
000381  }
000382  
000383  /*
000384  ** Add MEM_Str to the set of representations for the given Mem.  This
000385  ** routine is only called if pMem is a number of some kind, not a NULL
000386  ** or a BLOB.
000387  **
000388  ** Existing representations MEM_Int, MEM_Real, or MEM_IntReal are invalidated
000389  ** if bForce is true but are retained if bForce is false.
000390  **
000391  ** A MEM_Null value will never be passed to this function. This function is
000392  ** used for converting values to text for returning to the user (i.e. via
000393  ** sqlite3_value_text()), or for ensuring that values to be used as btree
000394  ** keys are strings. In the former case a NULL pointer is returned the
000395  ** user and the latter is an internal programming error.
000396  */
000397  int sqlite3VdbeMemStringify(Mem *pMem, u8 enc, u8 bForce){
000398    const int nByte = 32;
000399  
000400    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000401    assert( !(pMem->flags&MEM_Zero) );
000402    assert( !(pMem->flags&(MEM_Str|MEM_Blob)) );
000403    assert( pMem->flags&(MEM_Int|MEM_Real|MEM_IntReal) );
000404    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000405    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000406  
000407  
000408    if( sqlite3VdbeMemClearAndResize(pMem, nByte) ){
000409      pMem->enc = 0;
000410      return SQLITE_NOMEM_BKPT;
000411    }
000412  
000413    vdbeMemRenderNum(nByte, pMem->z, pMem);
000414    assert( pMem->z!=0 );
000415    pMem->n = sqlite3Strlen30NN(pMem->z);
000416    pMem->enc = SQLITE_UTF8;
000417    pMem->flags |= MEM_Str|MEM_Term;
000418    if( bForce ) pMem->flags &= ~(MEM_Int|MEM_Real|MEM_IntReal);
000419    sqlite3VdbeChangeEncoding(pMem, enc);
000420    return SQLITE_OK;
000421  }
000422  
000423  /*
000424  ** Memory cell pMem contains the context of an aggregate function.
000425  ** This routine calls the finalize method for that function.  The
000426  ** result of the aggregate is stored back into pMem.
000427  **
000428  ** Return SQLITE_ERROR if the finalizer reports an error.  SQLITE_OK
000429  ** otherwise.
000430  */
000431  int sqlite3VdbeMemFinalize(Mem *pMem, FuncDef *pFunc){
000432    sqlite3_context ctx;
000433    Mem t;
000434    assert( pFunc!=0 );
000435    assert( pFunc->xFinalize!=0 );
000436    assert( (pMem->flags & MEM_Null)!=0 || pFunc==pMem->u.pDef );
000437    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000438    memset(&ctx, 0, sizeof(ctx));
000439    memset(&t, 0, sizeof(t));
000440    t.flags = MEM_Null;
000441    t.db = pMem->db;
000442    ctx.pOut = &t;
000443    ctx.pMem = pMem;
000444    ctx.pFunc = pFunc;
000445    pFunc->xFinalize(&ctx); /* IMP: R-24505-23230 */
000446    assert( (pMem->flags & MEM_Dyn)==0 );
000447    if( pMem->szMalloc>0 ) sqlite3DbFreeNN(pMem->db, pMem->zMalloc);
000448    memcpy(pMem, &t, sizeof(t));
000449    return ctx.isError;
000450  }
000451  
000452  /*
000453  ** Memory cell pAccum contains the context of an aggregate function.
000454  ** This routine calls the xValue method for that function and stores
000455  ** the results in memory cell pMem.
000456  **
000457  ** SQLITE_ERROR is returned if xValue() reports an error. SQLITE_OK 
000458  ** otherwise.
000459  */
000460  #ifndef SQLITE_OMIT_WINDOWFUNC
000461  int sqlite3VdbeMemAggValue(Mem *pAccum, Mem *pOut, FuncDef *pFunc){
000462    sqlite3_context ctx;
000463    assert( pFunc!=0 );
000464    assert( pFunc->xValue!=0 );
000465    assert( (pAccum->flags & MEM_Null)!=0 || pFunc==pAccum->u.pDef );
000466    assert( pAccum->db==0 || sqlite3_mutex_held(pAccum->db->mutex) );
000467    memset(&ctx, 0, sizeof(ctx));
000468    sqlite3VdbeMemSetNull(pOut);
000469    ctx.pOut = pOut;
000470    ctx.pMem = pAccum;
000471    ctx.pFunc = pFunc;
000472    pFunc->xValue(&ctx);
000473    return ctx.isError;
000474  }
000475  #endif /* SQLITE_OMIT_WINDOWFUNC */
000476  
000477  /*
000478  ** If the memory cell contains a value that must be freed by
000479  ** invoking the external callback in Mem.xDel, then this routine
000480  ** will free that value.  It also sets Mem.flags to MEM_Null.
000481  **
000482  ** This is a helper routine for sqlite3VdbeMemSetNull() and
000483  ** for sqlite3VdbeMemRelease().  Use those other routines as the
000484  ** entry point for releasing Mem resources.
000485  */
000486  static SQLITE_NOINLINE void vdbeMemClearExternAndSetNull(Mem *p){
000487    assert( p->db==0 || sqlite3_mutex_held(p->db->mutex) );
000488    assert( VdbeMemDynamic(p) );
000489    if( p->flags&MEM_Agg ){
000490      sqlite3VdbeMemFinalize(p, p->u.pDef);
000491      assert( (p->flags & MEM_Agg)==0 );
000492      testcase( p->flags & MEM_Dyn );
000493    }
000494    if( p->flags&MEM_Dyn ){
000495      assert( p->xDel!=SQLITE_DYNAMIC && p->xDel!=0 );
000496      p->xDel((void *)p->z);
000497    }
000498    p->flags = MEM_Null;
000499  }
000500  
000501  /*
000502  ** Release memory held by the Mem p, both external memory cleared
000503  ** by p->xDel and memory in p->zMalloc.
000504  **
000505  ** This is a helper routine invoked by sqlite3VdbeMemRelease() in
000506  ** the unusual case where there really is memory in p that needs
000507  ** to be freed.
000508  */
000509  static SQLITE_NOINLINE void vdbeMemClear(Mem *p){
000510    if( VdbeMemDynamic(p) ){
000511      vdbeMemClearExternAndSetNull(p);
000512    }
000513    if( p->szMalloc ){
000514      sqlite3DbFreeNN(p->db, p->zMalloc);
000515      p->szMalloc = 0;
000516    }
000517    p->z = 0;
000518  }
000519  
000520  /*
000521  ** Release any memory resources held by the Mem.  Both the memory that is
000522  ** free by Mem.xDel and the Mem.zMalloc allocation are freed.
000523  **
000524  ** Use this routine prior to clean up prior to abandoning a Mem, or to
000525  ** reset a Mem back to its minimum memory utilization.
000526  **
000527  ** Use sqlite3VdbeMemSetNull() to release just the Mem.xDel space
000528  ** prior to inserting new content into the Mem.
000529  */
000530  void sqlite3VdbeMemRelease(Mem *p){
000531    assert( sqlite3VdbeCheckMemInvariants(p) );
000532    if( VdbeMemDynamic(p) || p->szMalloc ){
000533      vdbeMemClear(p);
000534    }
000535  }
000536  
000537  /*
000538  ** Convert a 64-bit IEEE double into a 64-bit signed integer.
000539  ** If the double is out of range of a 64-bit signed integer then
000540  ** return the closest available 64-bit signed integer.
000541  */
000542  static SQLITE_NOINLINE i64 doubleToInt64(double r){
000543  #ifdef SQLITE_OMIT_FLOATING_POINT
000544    /* When floating-point is omitted, double and int64 are the same thing */
000545    return r;
000546  #else
000547    /*
000548    ** Many compilers we encounter do not define constants for the
000549    ** minimum and maximum 64-bit integers, or they define them
000550    ** inconsistently.  And many do not understand the "LL" notation.
000551    ** So we define our own static constants here using nothing
000552    ** larger than a 32-bit integer constant.
000553    */
000554    static const i64 maxInt = LARGEST_INT64;
000555    static const i64 minInt = SMALLEST_INT64;
000556  
000557    if( r<=(double)minInt ){
000558      return minInt;
000559    }else if( r>=(double)maxInt ){
000560      return maxInt;
000561    }else{
000562      return (i64)r;
000563    }
000564  #endif
000565  }
000566  
000567  /*
000568  ** Return some kind of integer value which is the best we can do
000569  ** at representing the value that *pMem describes as an integer.
000570  ** If pMem is an integer, then the value is exact.  If pMem is
000571  ** a floating-point then the value returned is the integer part.
000572  ** If pMem is a string or blob, then we make an attempt to convert
000573  ** it into an integer and return that.  If pMem represents an
000574  ** an SQL-NULL value, return 0.
000575  **
000576  ** If pMem represents a string value, its encoding might be changed.
000577  */
000578  static SQLITE_NOINLINE i64 memIntValue(Mem *pMem){
000579    i64 value = 0;
000580    sqlite3Atoi64(pMem->z, &value, pMem->n, pMem->enc);
000581    return value;
000582  }
000583  i64 sqlite3VdbeIntValue(Mem *pMem){
000584    int flags;
000585    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000586    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000587    flags = pMem->flags;
000588    if( flags & (MEM_Int|MEM_IntReal) ){
000589      testcase( flags & MEM_IntReal );
000590      return pMem->u.i;
000591    }else if( flags & MEM_Real ){
000592      return doubleToInt64(pMem->u.r);
000593    }else if( (flags & (MEM_Str|MEM_Blob))!=0 && pMem->z!=0 ){
000594      return memIntValue(pMem);
000595    }else{
000596      return 0;
000597    }
000598  }
000599  
000600  /*
000601  ** Return the best representation of pMem that we can get into a
000602  ** double.  If pMem is already a double or an integer, return its
000603  ** value.  If it is a string or blob, try to convert it to a double.
000604  ** If it is a NULL, return 0.0.
000605  */
000606  static SQLITE_NOINLINE double memRealValue(Mem *pMem){
000607    /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
000608    double val = (double)0;
000609    sqlite3AtoF(pMem->z, &val, pMem->n, pMem->enc);
000610    return val;
000611  }
000612  double sqlite3VdbeRealValue(Mem *pMem){
000613    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000614    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000615    if( pMem->flags & MEM_Real ){
000616      return pMem->u.r;
000617    }else if( pMem->flags & (MEM_Int|MEM_IntReal) ){
000618      testcase( pMem->flags & MEM_IntReal );
000619      return (double)pMem->u.i;
000620    }else if( pMem->flags & (MEM_Str|MEM_Blob) ){
000621      return memRealValue(pMem);
000622    }else{
000623      /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
000624      return (double)0;
000625    }
000626  }
000627  
000628  /*
000629  ** Return 1 if pMem represents true, and return 0 if pMem represents false.
000630  ** Return the value ifNull if pMem is NULL.  
000631  */
000632  int sqlite3VdbeBooleanValue(Mem *pMem, int ifNull){
000633    testcase( pMem->flags & MEM_IntReal );
000634    if( pMem->flags & (MEM_Int|MEM_IntReal) ) return pMem->u.i!=0;
000635    if( pMem->flags & MEM_Null ) return ifNull;
000636    return sqlite3VdbeRealValue(pMem)!=0.0;
000637  }
000638  
000639  /*
000640  ** The MEM structure is already a MEM_Real.  Try to also make it a
000641  ** MEM_Int if we can.
000642  */
000643  void sqlite3VdbeIntegerAffinity(Mem *pMem){
000644    i64 ix;
000645    assert( pMem->flags & MEM_Real );
000646    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000647    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000648    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000649  
000650    ix = doubleToInt64(pMem->u.r);
000651  
000652    /* Only mark the value as an integer if
000653    **
000654    **    (1) the round-trip conversion real->int->real is a no-op, and
000655    **    (2) The integer is neither the largest nor the smallest
000656    **        possible integer (ticket #3922)
000657    **
000658    ** The second and third terms in the following conditional enforces
000659    ** the second condition under the assumption that addition overflow causes
000660    ** values to wrap around.
000661    */
000662    if( pMem->u.r==ix && ix>SMALLEST_INT64 && ix<LARGEST_INT64 ){
000663      pMem->u.i = ix;
000664      MemSetTypeFlag(pMem, MEM_Int);
000665    }
000666  }
000667  
000668  /*
000669  ** Convert pMem to type integer.  Invalidate any prior representations.
000670  */
000671  int sqlite3VdbeMemIntegerify(Mem *pMem){
000672    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000673    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000674    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000675  
000676    pMem->u.i = sqlite3VdbeIntValue(pMem);
000677    MemSetTypeFlag(pMem, MEM_Int);
000678    return SQLITE_OK;
000679  }
000680  
000681  /*
000682  ** Convert pMem so that it is of type MEM_Real.
000683  ** Invalidate any prior representations.
000684  */
000685  int sqlite3VdbeMemRealify(Mem *pMem){
000686    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000687    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000688  
000689    pMem->u.r = sqlite3VdbeRealValue(pMem);
000690    MemSetTypeFlag(pMem, MEM_Real);
000691    return SQLITE_OK;
000692  }
000693  
000694  /* Compare a floating point value to an integer.  Return true if the two
000695  ** values are the same within the precision of the floating point value.
000696  **
000697  ** This function assumes that i was obtained by assignment from r1.
000698  **
000699  ** For some versions of GCC on 32-bit machines, if you do the more obvious
000700  ** comparison of "r1==(double)i" you sometimes get an answer of false even
000701  ** though the r1 and (double)i values are bit-for-bit the same.
000702  */
000703  int sqlite3RealSameAsInt(double r1, sqlite3_int64 i){
000704    double r2 = (double)i;
000705    return r1==0.0
000706        || (memcmp(&r1, &r2, sizeof(r1))==0
000707            && i >= -2251799813685248LL && i < 2251799813685248LL);
000708  }
000709  
000710  /*
000711  ** Convert pMem so that it has type MEM_Real or MEM_Int.
000712  ** Invalidate any prior representations.
000713  **
000714  ** Every effort is made to force the conversion, even if the input
000715  ** is a string that does not look completely like a number.  Convert
000716  ** as much of the string as we can and ignore the rest.
000717  */
000718  int sqlite3VdbeMemNumerify(Mem *pMem){
000719    testcase( pMem->flags & MEM_Int );
000720    testcase( pMem->flags & MEM_Real );
000721    testcase( pMem->flags & MEM_IntReal );
000722    testcase( pMem->flags & MEM_Null );
000723    if( (pMem->flags & (MEM_Int|MEM_Real|MEM_IntReal|MEM_Null))==0 ){
000724      int rc;
000725      sqlite3_int64 ix;
000726      assert( (pMem->flags & (MEM_Blob|MEM_Str))!=0 );
000727      assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000728      rc = sqlite3AtoF(pMem->z, &pMem->u.r, pMem->n, pMem->enc);
000729      if( ((rc==0 || rc==1) && sqlite3Atoi64(pMem->z, &ix, pMem->n, pMem->enc)<=1)
000730       || sqlite3RealSameAsInt(pMem->u.r, (ix = (i64)pMem->u.r))
000731      ){
000732        pMem->u.i = ix;
000733        MemSetTypeFlag(pMem, MEM_Int);
000734      }else{
000735        MemSetTypeFlag(pMem, MEM_Real);
000736      }
000737    }
000738    assert( (pMem->flags & (MEM_Int|MEM_Real|MEM_IntReal|MEM_Null))!=0 );
000739    pMem->flags &= ~(MEM_Str|MEM_Blob|MEM_Zero);
000740    return SQLITE_OK;
000741  }
000742  
000743  /*
000744  ** Cast the datatype of the value in pMem according to the affinity
000745  ** "aff".  Casting is different from applying affinity in that a cast
000746  ** is forced.  In other words, the value is converted into the desired
000747  ** affinity even if that results in loss of data.  This routine is
000748  ** used (for example) to implement the SQL "cast()" operator.
000749  */
000750  int sqlite3VdbeMemCast(Mem *pMem, u8 aff, u8 encoding){
000751    if( pMem->flags & MEM_Null ) return SQLITE_OK;
000752    switch( aff ){
000753      case SQLITE_AFF_BLOB: {   /* Really a cast to BLOB */
000754        if( (pMem->flags & MEM_Blob)==0 ){
000755          sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
000756          assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
000757          if( pMem->flags & MEM_Str ) MemSetTypeFlag(pMem, MEM_Blob);
000758        }else{
000759          pMem->flags &= ~(MEM_TypeMask&~MEM_Blob);
000760        }
000761        break;
000762      }
000763      case SQLITE_AFF_NUMERIC: {
000764        sqlite3VdbeMemNumerify(pMem);
000765        break;
000766      }
000767      case SQLITE_AFF_INTEGER: {
000768        sqlite3VdbeMemIntegerify(pMem);
000769        break;
000770      }
000771      case SQLITE_AFF_REAL: {
000772        sqlite3VdbeMemRealify(pMem);
000773        break;
000774      }
000775      default: {
000776        assert( aff==SQLITE_AFF_TEXT );
000777        assert( MEM_Str==(MEM_Blob>>3) );
000778        pMem->flags |= (pMem->flags&MEM_Blob)>>3;
000779        sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
000780        assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
000781        pMem->flags &= ~(MEM_Int|MEM_Real|MEM_IntReal|MEM_Blob|MEM_Zero);
000782        return sqlite3VdbeChangeEncoding(pMem, encoding);
000783      }
000784    }
000785    return SQLITE_OK;
000786  }
000787  
000788  /*
000789  ** Initialize bulk memory to be a consistent Mem object.
000790  **
000791  ** The minimum amount of initialization feasible is performed.
000792  */
000793  void sqlite3VdbeMemInit(Mem *pMem, sqlite3 *db, u16 flags){
000794    assert( (flags & ~MEM_TypeMask)==0 );
000795    pMem->flags = flags;
000796    pMem->db = db;
000797    pMem->szMalloc = 0;
000798  }
000799  
000800  
000801  /*
000802  ** Delete any previous value and set the value stored in *pMem to NULL.
000803  **
000804  ** This routine calls the Mem.xDel destructor to dispose of values that
000805  ** require the destructor.  But it preserves the Mem.zMalloc memory allocation.
000806  ** To free all resources, use sqlite3VdbeMemRelease(), which both calls this
000807  ** routine to invoke the destructor and deallocates Mem.zMalloc.
000808  **
000809  ** Use this routine to reset the Mem prior to insert a new value.
000810  **
000811  ** Use sqlite3VdbeMemRelease() to complete erase the Mem prior to abandoning it.
000812  */
000813  void sqlite3VdbeMemSetNull(Mem *pMem){
000814    if( VdbeMemDynamic(pMem) ){
000815      vdbeMemClearExternAndSetNull(pMem);
000816    }else{
000817      pMem->flags = MEM_Null;
000818    }
000819  }
000820  void sqlite3ValueSetNull(sqlite3_value *p){
000821    sqlite3VdbeMemSetNull((Mem*)p); 
000822  }
000823  
000824  /*
000825  ** Delete any previous value and set the value to be a BLOB of length
000826  ** n containing all zeros.
000827  */
000828  void sqlite3VdbeMemSetZeroBlob(Mem *pMem, int n){
000829    sqlite3VdbeMemRelease(pMem);
000830    pMem->flags = MEM_Blob|MEM_Zero;
000831    pMem->n = 0;
000832    if( n<0 ) n = 0;
000833    pMem->u.nZero = n;
000834    pMem->enc = SQLITE_UTF8;
000835    pMem->z = 0;
000836  }
000837  
000838  /*
000839  ** The pMem is known to contain content that needs to be destroyed prior
000840  ** to a value change.  So invoke the destructor, then set the value to
000841  ** a 64-bit integer.
000842  */
000843  static SQLITE_NOINLINE void vdbeReleaseAndSetInt64(Mem *pMem, i64 val){
000844    sqlite3VdbeMemSetNull(pMem);
000845    pMem->u.i = val;
000846    pMem->flags = MEM_Int;
000847  }
000848  
000849  /*
000850  ** Delete any previous value and set the value stored in *pMem to val,
000851  ** manifest type INTEGER.
000852  */
000853  void sqlite3VdbeMemSetInt64(Mem *pMem, i64 val){
000854    if( VdbeMemDynamic(pMem) ){
000855      vdbeReleaseAndSetInt64(pMem, val);
000856    }else{
000857      pMem->u.i = val;
000858      pMem->flags = MEM_Int;
000859    }
000860  }
000861  
000862  /* A no-op destructor */
000863  void sqlite3NoopDestructor(void *p){ UNUSED_PARAMETER(p); }
000864  
000865  /*
000866  ** Set the value stored in *pMem should already be a NULL.
000867  ** Also store a pointer to go with it.
000868  */
000869  void sqlite3VdbeMemSetPointer(
000870    Mem *pMem,
000871    void *pPtr,
000872    const char *zPType,
000873    void (*xDestructor)(void*)
000874  ){
000875    assert( pMem->flags==MEM_Null );
000876    pMem->u.zPType = zPType ? zPType : "";
000877    pMem->z = pPtr;
000878    pMem->flags = MEM_Null|MEM_Dyn|MEM_Subtype|MEM_Term;
000879    pMem->eSubtype = 'p';
000880    pMem->xDel = xDestructor ? xDestructor : sqlite3NoopDestructor;
000881  }
000882  
000883  #ifndef SQLITE_OMIT_FLOATING_POINT
000884  /*
000885  ** Delete any previous value and set the value stored in *pMem to val,
000886  ** manifest type REAL.
000887  */
000888  void sqlite3VdbeMemSetDouble(Mem *pMem, double val){
000889    sqlite3VdbeMemSetNull(pMem);
000890    if( !sqlite3IsNaN(val) ){
000891      pMem->u.r = val;
000892      pMem->flags = MEM_Real;
000893    }
000894  }
000895  #endif
000896  
000897  #ifdef SQLITE_DEBUG
000898  /*
000899  ** Return true if the Mem holds a RowSet object.  This routine is intended
000900  ** for use inside of assert() statements.
000901  */
000902  int sqlite3VdbeMemIsRowSet(const Mem *pMem){
000903    return (pMem->flags&(MEM_Blob|MEM_Dyn))==(MEM_Blob|MEM_Dyn)
000904           && pMem->xDel==sqlite3RowSetDelete;
000905  }
000906  #endif
000907  
000908  /*
000909  ** Delete any previous value and set the value of pMem to be an
000910  ** empty boolean index.
000911  **
000912  ** Return SQLITE_OK on success and SQLITE_NOMEM if a memory allocation
000913  ** error occurs.
000914  */
000915  int sqlite3VdbeMemSetRowSet(Mem *pMem){
000916    sqlite3 *db = pMem->db;
000917    RowSet *p;
000918    assert( db!=0 );
000919    assert( !sqlite3VdbeMemIsRowSet(pMem) );
000920    sqlite3VdbeMemRelease(pMem);
000921    p = sqlite3RowSetInit(db);
000922    if( p==0 ) return SQLITE_NOMEM;
000923    pMem->z = (char*)p;
000924    pMem->flags = MEM_Blob|MEM_Dyn;
000925    pMem->xDel = sqlite3RowSetDelete;
000926    return SQLITE_OK;
000927  }
000928  
000929  /*
000930  ** Return true if the Mem object contains a TEXT or BLOB that is
000931  ** too large - whose size exceeds SQLITE_MAX_LENGTH.
000932  */
000933  int sqlite3VdbeMemTooBig(Mem *p){
000934    assert( p->db!=0 );
000935    if( p->flags & (MEM_Str|MEM_Blob) ){
000936      int n = p->n;
000937      if( p->flags & MEM_Zero ){
000938        n += p->u.nZero;
000939      }
000940      return n>p->db->aLimit[SQLITE_LIMIT_LENGTH];
000941    }
000942    return 0; 
000943  }
000944  
000945  #ifdef SQLITE_DEBUG
000946  /*
000947  ** This routine prepares a memory cell for modification by breaking
000948  ** its link to a shallow copy and by marking any current shallow
000949  ** copies of this cell as invalid.
000950  **
000951  ** This is used for testing and debugging only - to make sure shallow
000952  ** copies are not misused.
000953  */
000954  void sqlite3VdbeMemAboutToChange(Vdbe *pVdbe, Mem *pMem){
000955    int i;
000956    Mem *pX;
000957    for(i=0, pX=pVdbe->aMem; i<pVdbe->nMem; i++, pX++){
000958      if( pX->pScopyFrom==pMem ){
000959        /* If pX is marked as a shallow copy of pMem, then verify that
000960        ** no significant changes have been made to pX since the OP_SCopy.
000961        ** A significant change would indicated a missed call to this
000962        ** function for pX.  Minor changes, such as adding or removing a
000963        ** dual type, are allowed, as long as the underlying value is the
000964        ** same. */
000965        u16 mFlags = pMem->flags & pX->flags & pX->mScopyFlags;
000966        assert( (mFlags&(MEM_Int|MEM_IntReal))==0 || pMem->u.i==pX->u.i );
000967        assert( (mFlags&MEM_Real)==0 || pMem->u.r==pX->u.r );
000968        assert( (mFlags&MEM_Str)==0  || (pMem->n==pX->n && pMem->z==pX->z) );
000969        assert( (mFlags&MEM_Blob)==0  || sqlite3BlobCompare(pMem,pX)==0 );
000970        
000971        /* pMem is the register that is changing.  But also mark pX as
000972        ** undefined so that we can quickly detect the shallow-copy error */
000973        pX->flags = MEM_Undefined;
000974        pX->pScopyFrom = 0;
000975      }
000976    }
000977    pMem->pScopyFrom = 0;
000978  }
000979  #endif /* SQLITE_DEBUG */
000980  
000981  
000982  /*
000983  ** Make an shallow copy of pFrom into pTo.  Prior contents of
000984  ** pTo are freed.  The pFrom->z field is not duplicated.  If
000985  ** pFrom->z is used, then pTo->z points to the same thing as pFrom->z
000986  ** and flags gets srcType (either MEM_Ephem or MEM_Static).
000987  */
000988  static SQLITE_NOINLINE void vdbeClrCopy(Mem *pTo, const Mem *pFrom, int eType){
000989    vdbeMemClearExternAndSetNull(pTo);
000990    assert( !VdbeMemDynamic(pTo) );
000991    sqlite3VdbeMemShallowCopy(pTo, pFrom, eType);
000992  }
000993  void sqlite3VdbeMemShallowCopy(Mem *pTo, const Mem *pFrom, int srcType){
000994    assert( !sqlite3VdbeMemIsRowSet(pFrom) );
000995    assert( pTo->db==pFrom->db );
000996    if( VdbeMemDynamic(pTo) ){ vdbeClrCopy(pTo,pFrom,srcType); return; }
000997    memcpy(pTo, pFrom, MEMCELLSIZE);
000998    if( (pFrom->flags&MEM_Static)==0 ){
000999      pTo->flags &= ~(MEM_Dyn|MEM_Static|MEM_Ephem);
001000      assert( srcType==MEM_Ephem || srcType==MEM_Static );
001001      pTo->flags |= srcType;
001002    }
001003  }
001004  
001005  /*
001006  ** Make a full copy of pFrom into pTo.  Prior contents of pTo are
001007  ** freed before the copy is made.
001008  */
001009  int sqlite3VdbeMemCopy(Mem *pTo, const Mem *pFrom){
001010    int rc = SQLITE_OK;
001011  
001012    assert( !sqlite3VdbeMemIsRowSet(pFrom) );
001013    if( VdbeMemDynamic(pTo) ) vdbeMemClearExternAndSetNull(pTo);
001014    memcpy(pTo, pFrom, MEMCELLSIZE);
001015    pTo->flags &= ~MEM_Dyn;
001016    if( pTo->flags&(MEM_Str|MEM_Blob) ){
001017      if( 0==(pFrom->flags&MEM_Static) ){
001018        pTo->flags |= MEM_Ephem;
001019        rc = sqlite3VdbeMemMakeWriteable(pTo);
001020      }
001021    }
001022  
001023    return rc;
001024  }
001025  
001026  /*
001027  ** Transfer the contents of pFrom to pTo. Any existing value in pTo is
001028  ** freed. If pFrom contains ephemeral data, a copy is made.
001029  **
001030  ** pFrom contains an SQL NULL when this routine returns.
001031  */
001032  void sqlite3VdbeMemMove(Mem *pTo, Mem *pFrom){
001033    assert( pFrom->db==0 || sqlite3_mutex_held(pFrom->db->mutex) );
001034    assert( pTo->db==0 || sqlite3_mutex_held(pTo->db->mutex) );
001035    assert( pFrom->db==0 || pTo->db==0 || pFrom->db==pTo->db );
001036  
001037    sqlite3VdbeMemRelease(pTo);
001038    memcpy(pTo, pFrom, sizeof(Mem));
001039    pFrom->flags = MEM_Null;
001040    pFrom->szMalloc = 0;
001041  }
001042  
001043  /*
001044  ** Change the value of a Mem to be a string or a BLOB.
001045  **
001046  ** The memory management strategy depends on the value of the xDel
001047  ** parameter. If the value passed is SQLITE_TRANSIENT, then the 
001048  ** string is copied into a (possibly existing) buffer managed by the 
001049  ** Mem structure. Otherwise, any existing buffer is freed and the
001050  ** pointer copied.
001051  **
001052  ** If the string is too large (if it exceeds the SQLITE_LIMIT_LENGTH
001053  ** size limit) then no memory allocation occurs.  If the string can be
001054  ** stored without allocating memory, then it is.  If a memory allocation
001055  ** is required to store the string, then value of pMem is unchanged.  In
001056  ** either case, SQLITE_TOOBIG is returned.
001057  */
001058  int sqlite3VdbeMemSetStr(
001059    Mem *pMem,          /* Memory cell to set to string value */
001060    const char *z,      /* String pointer */
001061    int n,              /* Bytes in string, or negative */
001062    u8 enc,             /* Encoding of z.  0 for BLOBs */
001063    void (*xDel)(void*) /* Destructor function */
001064  ){
001065    int nByte = n;      /* New value for pMem->n */
001066    int iLimit;         /* Maximum allowed string or blob size */
001067    u16 flags = 0;      /* New value for pMem->flags */
001068  
001069    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
001070    assert( !sqlite3VdbeMemIsRowSet(pMem) );
001071  
001072    /* If z is a NULL pointer, set pMem to contain an SQL NULL. */
001073    if( !z ){
001074      sqlite3VdbeMemSetNull(pMem);
001075      return SQLITE_OK;
001076    }
001077  
001078    if( pMem->db ){
001079      iLimit = pMem->db->aLimit[SQLITE_LIMIT_LENGTH];
001080    }else{
001081      iLimit = SQLITE_MAX_LENGTH;
001082    }
001083    flags = (enc==0?MEM_Blob:MEM_Str);
001084    if( nByte<0 ){
001085      assert( enc!=0 );
001086      if( enc==SQLITE_UTF8 ){
001087        nByte = 0x7fffffff & (int)strlen(z);
001088      }else{
001089        for(nByte=0; nByte<=iLimit && (z[nByte] | z[nByte+1]); nByte+=2){}
001090      }
001091      flags |= MEM_Term;
001092    }
001093  
001094    /* The following block sets the new values of Mem.z and Mem.xDel. It
001095    ** also sets a flag in local variable "flags" to indicate the memory
001096    ** management (one of MEM_Dyn or MEM_Static).
001097    */
001098    if( xDel==SQLITE_TRANSIENT ){
001099      u32 nAlloc = nByte;
001100      if( flags&MEM_Term ){
001101        nAlloc += (enc==SQLITE_UTF8?1:2);
001102      }
001103      if( nByte>iLimit ){
001104        return sqlite3ErrorToParser(pMem->db, SQLITE_TOOBIG);
001105      }
001106      testcase( nAlloc==0 );
001107      testcase( nAlloc==31 );
001108      testcase( nAlloc==32 );
001109      if( sqlite3VdbeMemClearAndResize(pMem, (int)MAX(nAlloc,32)) ){
001110        return SQLITE_NOMEM_BKPT;
001111      }
001112      memcpy(pMem->z, z, nAlloc);
001113    }else{
001114      sqlite3VdbeMemRelease(pMem);
001115      pMem->z = (char *)z;
001116      if( xDel==SQLITE_DYNAMIC ){
001117        pMem->zMalloc = pMem->z;
001118        pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
001119      }else{
001120        pMem->xDel = xDel;
001121        flags |= ((xDel==SQLITE_STATIC)?MEM_Static:MEM_Dyn);
001122      }
001123    }
001124  
001125    pMem->n = nByte;
001126    pMem->flags = flags;
001127    pMem->enc = (enc==0 ? SQLITE_UTF8 : enc);
001128  
001129  #ifndef SQLITE_OMIT_UTF16
001130    if( pMem->enc!=SQLITE_UTF8 && sqlite3VdbeMemHandleBom(pMem) ){
001131      return SQLITE_NOMEM_BKPT;
001132    }
001133  #endif
001134  
001135    if( nByte>iLimit ){
001136      return SQLITE_TOOBIG;
001137    }
001138  
001139    return SQLITE_OK;
001140  }
001141  
001142  /*
001143  ** Move data out of a btree key or data field and into a Mem structure.
001144  ** The data is payload from the entry that pCur is currently pointing
001145  ** to.  offset and amt determine what portion of the data or key to retrieve.
001146  ** The result is written into the pMem element.
001147  **
001148  ** The pMem object must have been initialized.  This routine will use
001149  ** pMem->zMalloc to hold the content from the btree, if possible.  New
001150  ** pMem->zMalloc space will be allocated if necessary.  The calling routine
001151  ** is responsible for making sure that the pMem object is eventually
001152  ** destroyed.
001153  **
001154  ** If this routine fails for any reason (malloc returns NULL or unable
001155  ** to read from the disk) then the pMem is left in an inconsistent state.
001156  */
001157  static SQLITE_NOINLINE int vdbeMemFromBtreeResize(
001158    BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
001159    u32 offset,       /* Offset from the start of data to return bytes from. */
001160    u32 amt,          /* Number of bytes to return. */
001161    Mem *pMem         /* OUT: Return data in this Mem structure. */
001162  ){
001163    int rc;
001164    pMem->flags = MEM_Null;
001165    if( sqlite3BtreeMaxRecordSize(pCur)<offset+amt ){
001166      return SQLITE_CORRUPT_BKPT;
001167    }
001168    if( SQLITE_OK==(rc = sqlite3VdbeMemClearAndResize(pMem, amt+1)) ){
001169      rc = sqlite3BtreePayload(pCur, offset, amt, pMem->z);
001170      if( rc==SQLITE_OK ){
001171        pMem->z[amt] = 0;   /* Overrun area used when reading malformed records */
001172        pMem->flags = MEM_Blob;
001173        pMem->n = (int)amt;
001174      }else{
001175        sqlite3VdbeMemRelease(pMem);
001176      }
001177    }
001178    return rc;
001179  }
001180  int sqlite3VdbeMemFromBtree(
001181    BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
001182    u32 offset,       /* Offset from the start of data to return bytes from. */
001183    u32 amt,          /* Number of bytes to return. */
001184    Mem *pMem         /* OUT: Return data in this Mem structure. */
001185  ){
001186    char *zData;        /* Data from the btree layer */
001187    u32 available = 0;  /* Number of bytes available on the local btree page */
001188    int rc = SQLITE_OK; /* Return code */
001189  
001190    assert( sqlite3BtreeCursorIsValid(pCur) );
001191    assert( !VdbeMemDynamic(pMem) );
001192  
001193    /* Note: the calls to BtreeKeyFetch() and DataFetch() below assert() 
001194    ** that both the BtShared and database handle mutexes are held. */
001195    assert( !sqlite3VdbeMemIsRowSet(pMem) );
001196    zData = (char *)sqlite3BtreePayloadFetch(pCur, &available);
001197    assert( zData!=0 );
001198  
001199    if( offset+amt<=available ){
001200      pMem->z = &zData[offset];
001201      pMem->flags = MEM_Blob|MEM_Ephem;
001202      pMem->n = (int)amt;
001203    }else{
001204      rc = vdbeMemFromBtreeResize(pCur, offset, amt, pMem);
001205    }
001206  
001207    return rc;
001208  }
001209  
001210  /*
001211  ** The pVal argument is known to be a value other than NULL.
001212  ** Convert it into a string with encoding enc and return a pointer
001213  ** to a zero-terminated version of that string.
001214  */
001215  static SQLITE_NOINLINE const void *valueToText(sqlite3_value* pVal, u8 enc){
001216    assert( pVal!=0 );
001217    assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
001218    assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
001219    assert( !sqlite3VdbeMemIsRowSet(pVal) );
001220    assert( (pVal->flags & (MEM_Null))==0 );
001221    if( pVal->flags & (MEM_Blob|MEM_Str) ){
001222      if( ExpandBlob(pVal) ) return 0;
001223      pVal->flags |= MEM_Str;
001224      if( pVal->enc != (enc & ~SQLITE_UTF16_ALIGNED) ){
001225        sqlite3VdbeChangeEncoding(pVal, enc & ~SQLITE_UTF16_ALIGNED);
001226      }
001227      if( (enc & SQLITE_UTF16_ALIGNED)!=0 && 1==(1&SQLITE_PTR_TO_INT(pVal->z)) ){
001228        assert( (pVal->flags & (MEM_Ephem|MEM_Static))!=0 );
001229        if( sqlite3VdbeMemMakeWriteable(pVal)!=SQLITE_OK ){
001230          return 0;
001231        }
001232      }
001233      sqlite3VdbeMemNulTerminate(pVal); /* IMP: R-31275-44060 */
001234    }else{
001235      sqlite3VdbeMemStringify(pVal, enc, 0);
001236      assert( 0==(1&SQLITE_PTR_TO_INT(pVal->z)) );
001237    }
001238    assert(pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) || pVal->db==0
001239                || pVal->db->mallocFailed );
001240    if( pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) ){
001241      assert( sqlite3VdbeMemValidStrRep(pVal) );
001242      return pVal->z;
001243    }else{
001244      return 0;
001245    }
001246  }
001247  
001248  /* This function is only available internally, it is not part of the
001249  ** external API. It works in a similar way to sqlite3_value_text(),
001250  ** except the data returned is in the encoding specified by the second
001251  ** parameter, which must be one of SQLITE_UTF16BE, SQLITE_UTF16LE or
001252  ** SQLITE_UTF8.
001253  **
001254  ** (2006-02-16:)  The enc value can be or-ed with SQLITE_UTF16_ALIGNED.
001255  ** If that is the case, then the result must be aligned on an even byte
001256  ** boundary.
001257  */
001258  const void *sqlite3ValueText(sqlite3_value* pVal, u8 enc){
001259    if( !pVal ) return 0;
001260    assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
001261    assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
001262    assert( !sqlite3VdbeMemIsRowSet(pVal) );
001263    if( (pVal->flags&(MEM_Str|MEM_Term))==(MEM_Str|MEM_Term) && pVal->enc==enc ){
001264      assert( sqlite3VdbeMemValidStrRep(pVal) );
001265      return pVal->z;
001266    }
001267    if( pVal->flags&MEM_Null ){
001268      return 0;
001269    }
001270    return valueToText(pVal, enc);
001271  }
001272  
001273  /*
001274  ** Create a new sqlite3_value object.
001275  */
001276  sqlite3_value *sqlite3ValueNew(sqlite3 *db){
001277    Mem *p = sqlite3DbMallocZero(db, sizeof(*p));
001278    if( p ){
001279      p->flags = MEM_Null;
001280      p->db = db;
001281    }
001282    return p;
001283  }
001284  
001285  /*
001286  ** Context object passed by sqlite3Stat4ProbeSetValue() through to 
001287  ** valueNew(). See comments above valueNew() for details.
001288  */
001289  struct ValueNewStat4Ctx {
001290    Parse *pParse;
001291    Index *pIdx;
001292    UnpackedRecord **ppRec;
001293    int iVal;
001294  };
001295  
001296  /*
001297  ** Allocate and return a pointer to a new sqlite3_value object. If
001298  ** the second argument to this function is NULL, the object is allocated
001299  ** by calling sqlite3ValueNew().
001300  **
001301  ** Otherwise, if the second argument is non-zero, then this function is 
001302  ** being called indirectly by sqlite3Stat4ProbeSetValue(). If it has not
001303  ** already been allocated, allocate the UnpackedRecord structure that 
001304  ** that function will return to its caller here. Then return a pointer to
001305  ** an sqlite3_value within the UnpackedRecord.a[] array.
001306  */
001307  static sqlite3_value *valueNew(sqlite3 *db, struct ValueNewStat4Ctx *p){
001308  #ifdef SQLITE_ENABLE_STAT4
001309    if( p ){
001310      UnpackedRecord *pRec = p->ppRec[0];
001311  
001312      if( pRec==0 ){
001313        Index *pIdx = p->pIdx;      /* Index being probed */
001314        int nByte;                  /* Bytes of space to allocate */
001315        int i;                      /* Counter variable */
001316        int nCol = pIdx->nColumn;   /* Number of index columns including rowid */
001317    
001318        nByte = sizeof(Mem) * nCol + ROUND8(sizeof(UnpackedRecord));
001319        pRec = (UnpackedRecord*)sqlite3DbMallocZero(db, nByte);
001320        if( pRec ){
001321          pRec->pKeyInfo = sqlite3KeyInfoOfIndex(p->pParse, pIdx);
001322          if( pRec->pKeyInfo ){
001323            assert( pRec->pKeyInfo->nAllField==nCol );
001324            assert( pRec->pKeyInfo->enc==ENC(db) );
001325            pRec->aMem = (Mem *)((u8*)pRec + ROUND8(sizeof(UnpackedRecord)));
001326            for(i=0; i<nCol; i++){
001327              pRec->aMem[i].flags = MEM_Null;
001328              pRec->aMem[i].db = db;
001329            }
001330          }else{
001331            sqlite3DbFreeNN(db, pRec);
001332            pRec = 0;
001333          }
001334        }
001335        if( pRec==0 ) return 0;
001336        p->ppRec[0] = pRec;
001337      }
001338    
001339      pRec->nField = p->iVal+1;
001340      return &pRec->aMem[p->iVal];
001341    }
001342  #else
001343    UNUSED_PARAMETER(p);
001344  #endif /* defined(SQLITE_ENABLE_STAT4) */
001345    return sqlite3ValueNew(db);
001346  }
001347  
001348  /*
001349  ** The expression object indicated by the second argument is guaranteed
001350  ** to be a scalar SQL function. If
001351  **
001352  **   * all function arguments are SQL literals,
001353  **   * one of the SQLITE_FUNC_CONSTANT or _SLOCHNG function flags is set, and
001354  **   * the SQLITE_FUNC_NEEDCOLL function flag is not set,
001355  **
001356  ** then this routine attempts to invoke the SQL function. Assuming no
001357  ** error occurs, output parameter (*ppVal) is set to point to a value 
001358  ** object containing the result before returning SQLITE_OK.
001359  **
001360  ** Affinity aff is applied to the result of the function before returning.
001361  ** If the result is a text value, the sqlite3_value object uses encoding 
001362  ** enc.
001363  **
001364  ** If the conditions above are not met, this function returns SQLITE_OK
001365  ** and sets (*ppVal) to NULL. Or, if an error occurs, (*ppVal) is set to
001366  ** NULL and an SQLite error code returned.
001367  */
001368  #ifdef SQLITE_ENABLE_STAT4
001369  static int valueFromFunction(
001370    sqlite3 *db,                    /* The database connection */
001371    Expr *p,                        /* The expression to evaluate */
001372    u8 enc,                         /* Encoding to use */
001373    u8 aff,                         /* Affinity to use */
001374    sqlite3_value **ppVal,          /* Write the new value here */
001375    struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
001376  ){
001377    sqlite3_context ctx;            /* Context object for function invocation */
001378    sqlite3_value **apVal = 0;      /* Function arguments */
001379    int nVal = 0;                   /* Size of apVal[] array */
001380    FuncDef *pFunc = 0;             /* Function definition */
001381    sqlite3_value *pVal = 0;        /* New value */
001382    int rc = SQLITE_OK;             /* Return code */
001383    ExprList *pList = 0;            /* Function arguments */
001384    int i;                          /* Iterator variable */
001385  
001386    assert( pCtx!=0 );
001387    assert( (p->flags & EP_TokenOnly)==0 );
001388    pList = p->x.pList;
001389    if( pList ) nVal = pList->nExpr;
001390    pFunc = sqlite3FindFunction(db, p->u.zToken, nVal, enc, 0);
001391    assert( pFunc );
001392    if( (pFunc->funcFlags & (SQLITE_FUNC_CONSTANT|SQLITE_FUNC_SLOCHNG))==0 
001393     || (pFunc->funcFlags & SQLITE_FUNC_NEEDCOLL)
001394    ){
001395      return SQLITE_OK;
001396    }
001397  
001398    if( pList ){
001399      apVal = (sqlite3_value**)sqlite3DbMallocZero(db, sizeof(apVal[0]) * nVal);
001400      if( apVal==0 ){
001401        rc = SQLITE_NOMEM_BKPT;
001402        goto value_from_function_out;
001403      }
001404      for(i=0; i<nVal; i++){
001405        rc = sqlite3ValueFromExpr(db, pList->a[i].pExpr, enc, aff, &apVal[i]);
001406        if( apVal[i]==0 || rc!=SQLITE_OK ) goto value_from_function_out;
001407      }
001408    }
001409  
001410    pVal = valueNew(db, pCtx);
001411    if( pVal==0 ){
001412      rc = SQLITE_NOMEM_BKPT;
001413      goto value_from_function_out;
001414    }
001415  
001416    assert( pCtx->pParse->rc==SQLITE_OK );
001417    memset(&ctx, 0, sizeof(ctx));
001418    ctx.pOut = pVal;
001419    ctx.pFunc = pFunc;
001420    pFunc->xSFunc(&ctx, nVal, apVal);
001421    if( ctx.isError ){
001422      rc = ctx.isError;
001423      sqlite3ErrorMsg(pCtx->pParse, "%s", sqlite3_value_text(pVal));
001424    }else{
001425      sqlite3ValueApplyAffinity(pVal, aff, SQLITE_UTF8);
001426      assert( rc==SQLITE_OK );
001427      rc = sqlite3VdbeChangeEncoding(pVal, enc);
001428      if( rc==SQLITE_OK && sqlite3VdbeMemTooBig(pVal) ){
001429        rc = SQLITE_TOOBIG;
001430        pCtx->pParse->nErr++;
001431      }
001432    }
001433    pCtx->pParse->rc = rc;
001434  
001435   value_from_function_out:
001436    if( rc!=SQLITE_OK ){
001437      pVal = 0;
001438    }
001439    if( apVal ){
001440      for(i=0; i<nVal; i++){
001441        sqlite3ValueFree(apVal[i]);
001442      }
001443      sqlite3DbFreeNN(db, apVal);
001444    }
001445  
001446    *ppVal = pVal;
001447    return rc;
001448  }
001449  #else
001450  # define valueFromFunction(a,b,c,d,e,f) SQLITE_OK
001451  #endif /* defined(SQLITE_ENABLE_STAT4) */
001452  
001453  /*
001454  ** Extract a value from the supplied expression in the manner described
001455  ** above sqlite3ValueFromExpr(). Allocate the sqlite3_value object
001456  ** using valueNew().
001457  **
001458  ** If pCtx is NULL and an error occurs after the sqlite3_value object
001459  ** has been allocated, it is freed before returning. Or, if pCtx is not
001460  ** NULL, it is assumed that the caller will free any allocated object
001461  ** in all cases.
001462  */
001463  static int valueFromExpr(
001464    sqlite3 *db,                    /* The database connection */
001465    Expr *pExpr,                    /* The expression to evaluate */
001466    u8 enc,                         /* Encoding to use */
001467    u8 affinity,                    /* Affinity to use */
001468    sqlite3_value **ppVal,          /* Write the new value here */
001469    struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
001470  ){
001471    int op;
001472    char *zVal = 0;
001473    sqlite3_value *pVal = 0;
001474    int negInt = 1;
001475    const char *zNeg = "";
001476    int rc = SQLITE_OK;
001477  
001478    assert( pExpr!=0 );
001479    while( (op = pExpr->op)==TK_UPLUS || op==TK_SPAN ) pExpr = pExpr->pLeft;
001480  #if defined(SQLITE_ENABLE_STAT4)
001481    if( op==TK_REGISTER ) op = pExpr->op2;
001482  #else
001483    if( NEVER(op==TK_REGISTER) ) op = pExpr->op2;
001484  #endif
001485  
001486    /* Compressed expressions only appear when parsing the DEFAULT clause
001487    ** on a table column definition, and hence only when pCtx==0.  This
001488    ** check ensures that an EP_TokenOnly expression is never passed down
001489    ** into valueFromFunction(). */
001490    assert( (pExpr->flags & EP_TokenOnly)==0 || pCtx==0 );
001491  
001492    if( op==TK_CAST ){
001493      u8 aff = sqlite3AffinityType(pExpr->u.zToken,0);
001494      rc = valueFromExpr(db, pExpr->pLeft, enc, aff, ppVal, pCtx);
001495      testcase( rc!=SQLITE_OK );
001496      if( *ppVal ){
001497        sqlite3VdbeMemCast(*ppVal, aff, SQLITE_UTF8);
001498        sqlite3ValueApplyAffinity(*ppVal, affinity, SQLITE_UTF8);
001499      }
001500      return rc;
001501    }
001502  
001503    /* Handle negative integers in a single step.  This is needed in the
001504    ** case when the value is -9223372036854775808.
001505    */
001506    if( op==TK_UMINUS
001507     && (pExpr->pLeft->op==TK_INTEGER || pExpr->pLeft->op==TK_FLOAT) ){
001508      pExpr = pExpr->pLeft;
001509      op = pExpr->op;
001510      negInt = -1;
001511      zNeg = "-";
001512    }
001513  
001514    if( op==TK_STRING || op==TK_FLOAT || op==TK_INTEGER ){
001515      pVal = valueNew(db, pCtx);
001516      if( pVal==0 ) goto no_mem;
001517      if( ExprHasProperty(pExpr, EP_IntValue) ){
001518        sqlite3VdbeMemSetInt64(pVal, (i64)pExpr->u.iValue*negInt);
001519      }else{
001520        zVal = sqlite3MPrintf(db, "%s%s", zNeg, pExpr->u.zToken);
001521        if( zVal==0 ) goto no_mem;
001522        sqlite3ValueSetStr(pVal, -1, zVal, SQLITE_UTF8, SQLITE_DYNAMIC);
001523      }
001524      if( (op==TK_INTEGER || op==TK_FLOAT ) && affinity==SQLITE_AFF_BLOB ){
001525        sqlite3ValueApplyAffinity(pVal, SQLITE_AFF_NUMERIC, SQLITE_UTF8);
001526      }else{
001527        sqlite3ValueApplyAffinity(pVal, affinity, SQLITE_UTF8);
001528      }
001529      assert( (pVal->flags & MEM_IntReal)==0 );
001530      if( pVal->flags & (MEM_Int|MEM_IntReal|MEM_Real) ){
001531        testcase( pVal->flags & MEM_Int );
001532        testcase( pVal->flags & MEM_Real );
001533        pVal->flags &= ~MEM_Str;
001534      }
001535      if( enc!=SQLITE_UTF8 ){
001536        rc = sqlite3VdbeChangeEncoding(pVal, enc);
001537      }
001538    }else if( op==TK_UMINUS ) {
001539      /* This branch happens for multiple negative signs.  Ex: -(-5) */
001540      if( SQLITE_OK==valueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal,pCtx) 
001541       && pVal!=0
001542      ){
001543        sqlite3VdbeMemNumerify(pVal);
001544        if( pVal->flags & MEM_Real ){
001545          pVal->u.r = -pVal->u.r;
001546        }else if( pVal->u.i==SMALLEST_INT64 ){
001547          pVal->u.r = -(double)SMALLEST_INT64;
001548          MemSetTypeFlag(pVal, MEM_Real);
001549        }else{
001550          pVal->u.i = -pVal->u.i;
001551        }
001552        sqlite3ValueApplyAffinity(pVal, affinity, enc);
001553      }
001554    }else if( op==TK_NULL ){
001555      pVal = valueNew(db, pCtx);
001556      if( pVal==0 ) goto no_mem;
001557      sqlite3VdbeMemSetNull(pVal);
001558    }
001559  #ifndef SQLITE_OMIT_BLOB_LITERAL
001560    else if( op==TK_BLOB ){
001561      int nVal;
001562      assert( pExpr->u.zToken[0]=='x' || pExpr->u.zToken[0]=='X' );
001563      assert( pExpr->u.zToken[1]=='\'' );
001564      pVal = valueNew(db, pCtx);
001565      if( !pVal ) goto no_mem;
001566      zVal = &pExpr->u.zToken[2];
001567      nVal = sqlite3Strlen30(zVal)-1;
001568      assert( zVal[nVal]=='\'' );
001569      sqlite3VdbeMemSetStr(pVal, sqlite3HexToBlob(db, zVal, nVal), nVal/2,
001570                           0, SQLITE_DYNAMIC);
001571    }
001572  #endif
001573  #ifdef SQLITE_ENABLE_STAT4
001574    else if( op==TK_FUNCTION && pCtx!=0 ){
001575      rc = valueFromFunction(db, pExpr, enc, affinity, &pVal, pCtx);
001576    }
001577  #endif
001578    else if( op==TK_TRUEFALSE ){
001579      pVal = valueNew(db, pCtx);
001580      if( pVal ){
001581        pVal->flags = MEM_Int;
001582        pVal->u.i = pExpr->u.zToken[4]==0;
001583      }
001584    }
001585  
001586    *ppVal = pVal;
001587    return rc;
001588  
001589  no_mem:
001590  #ifdef SQLITE_ENABLE_STAT4
001591    if( pCtx==0 || pCtx->pParse->nErr==0 )
001592  #endif
001593      sqlite3OomFault(db);
001594    sqlite3DbFree(db, zVal);
001595    assert( *ppVal==0 );
001596  #ifdef SQLITE_ENABLE_STAT4
001597    if( pCtx==0 ) sqlite3ValueFree(pVal);
001598  #else
001599    assert( pCtx==0 ); sqlite3ValueFree(pVal);
001600  #endif
001601    return SQLITE_NOMEM_BKPT;
001602  }
001603  
001604  /*
001605  ** Create a new sqlite3_value object, containing the value of pExpr.
001606  **
001607  ** This only works for very simple expressions that consist of one constant
001608  ** token (i.e. "5", "5.1", "'a string'"). If the expression can
001609  ** be converted directly into a value, then the value is allocated and
001610  ** a pointer written to *ppVal. The caller is responsible for deallocating
001611  ** the value by passing it to sqlite3ValueFree() later on. If the expression
001612  ** cannot be converted to a value, then *ppVal is set to NULL.
001613  */
001614  int sqlite3ValueFromExpr(
001615    sqlite3 *db,              /* The database connection */
001616    Expr *pExpr,              /* The expression to evaluate */
001617    u8 enc,                   /* Encoding to use */
001618    u8 affinity,              /* Affinity to use */
001619    sqlite3_value **ppVal     /* Write the new value here */
001620  ){
001621    return pExpr ? valueFromExpr(db, pExpr, enc, affinity, ppVal, 0) : 0;
001622  }
001623  
001624  #ifdef SQLITE_ENABLE_STAT4
001625  /*
001626  ** Attempt to extract a value from pExpr and use it to construct *ppVal.
001627  **
001628  ** If pAlloc is not NULL, then an UnpackedRecord object is created for
001629  ** pAlloc if one does not exist and the new value is added to the
001630  ** UnpackedRecord object.
001631  **
001632  ** A value is extracted in the following cases:
001633  **
001634  **  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
001635  **
001636  **  * The expression is a bound variable, and this is a reprepare, or
001637  **
001638  **  * The expression is a literal value.
001639  **
001640  ** On success, *ppVal is made to point to the extracted value.  The caller
001641  ** is responsible for ensuring that the value is eventually freed.
001642  */
001643  static int stat4ValueFromExpr(
001644    Parse *pParse,                  /* Parse context */
001645    Expr *pExpr,                    /* The expression to extract a value from */
001646    u8 affinity,                    /* Affinity to use */
001647    struct ValueNewStat4Ctx *pAlloc,/* How to allocate space.  Or NULL */
001648    sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
001649  ){
001650    int rc = SQLITE_OK;
001651    sqlite3_value *pVal = 0;
001652    sqlite3 *db = pParse->db;
001653  
001654    /* Skip over any TK_COLLATE nodes */
001655    pExpr = sqlite3ExprSkipCollate(pExpr);
001656  
001657    assert( pExpr==0 || pExpr->op!=TK_REGISTER || pExpr->op2!=TK_VARIABLE );
001658    if( !pExpr ){
001659      pVal = valueNew(db, pAlloc);
001660      if( pVal ){
001661        sqlite3VdbeMemSetNull((Mem*)pVal);
001662      }
001663    }else if( pExpr->op==TK_VARIABLE && (db->flags & SQLITE_EnableQPSG)==0 ){
001664      Vdbe *v;
001665      int iBindVar = pExpr->iColumn;
001666      sqlite3VdbeSetVarmask(pParse->pVdbe, iBindVar);
001667      if( (v = pParse->pReprepare)!=0 ){
001668        pVal = valueNew(db, pAlloc);
001669        if( pVal ){
001670          rc = sqlite3VdbeMemCopy((Mem*)pVal, &v->aVar[iBindVar-1]);
001671          sqlite3ValueApplyAffinity(pVal, affinity, ENC(db));
001672          pVal->db = pParse->db;
001673        }
001674      }
001675    }else{
001676      rc = valueFromExpr(db, pExpr, ENC(db), affinity, &pVal, pAlloc);
001677    }
001678  
001679    assert( pVal==0 || pVal->db==db );
001680    *ppVal = pVal;
001681    return rc;
001682  }
001683  
001684  /*
001685  ** This function is used to allocate and populate UnpackedRecord 
001686  ** structures intended to be compared against sample index keys stored 
001687  ** in the sqlite_stat4 table.
001688  **
001689  ** A single call to this function populates zero or more fields of the
001690  ** record starting with field iVal (fields are numbered from left to
001691  ** right starting with 0). A single field is populated if:
001692  **
001693  **  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
001694  **
001695  **  * The expression is a bound variable, and this is a reprepare, or
001696  **
001697  **  * The sqlite3ValueFromExpr() function is able to extract a value 
001698  **    from the expression (i.e. the expression is a literal value).
001699  **
001700  ** Or, if pExpr is a TK_VECTOR, one field is populated for each of the
001701  ** vector components that match either of the two latter criteria listed
001702  ** above.
001703  **
001704  ** Before any value is appended to the record, the affinity of the 
001705  ** corresponding column within index pIdx is applied to it. Before
001706  ** this function returns, output parameter *pnExtract is set to the
001707  ** number of values appended to the record.
001708  **
001709  ** When this function is called, *ppRec must either point to an object
001710  ** allocated by an earlier call to this function, or must be NULL. If it
001711  ** is NULL and a value can be successfully extracted, a new UnpackedRecord
001712  ** is allocated (and *ppRec set to point to it) before returning.
001713  **
001714  ** Unless an error is encountered, SQLITE_OK is returned. It is not an
001715  ** error if a value cannot be extracted from pExpr. If an error does
001716  ** occur, an SQLite error code is returned.
001717  */
001718  int sqlite3Stat4ProbeSetValue(
001719    Parse *pParse,                  /* Parse context */
001720    Index *pIdx,                    /* Index being probed */
001721    UnpackedRecord **ppRec,         /* IN/OUT: Probe record */
001722    Expr *pExpr,                    /* The expression to extract a value from */
001723    int nElem,                      /* Maximum number of values to append */
001724    int iVal,                       /* Array element to populate */
001725    int *pnExtract                  /* OUT: Values appended to the record */
001726  ){
001727    int rc = SQLITE_OK;
001728    int nExtract = 0;
001729  
001730    if( pExpr==0 || pExpr->op!=TK_SELECT ){
001731      int i;
001732      struct ValueNewStat4Ctx alloc;
001733  
001734      alloc.pParse = pParse;
001735      alloc.pIdx = pIdx;
001736      alloc.ppRec = ppRec;
001737  
001738      for(i=0; i<nElem; i++){
001739        sqlite3_value *pVal = 0;
001740        Expr *pElem = (pExpr ? sqlite3VectorFieldSubexpr(pExpr, i) : 0);
001741        u8 aff = sqlite3IndexColumnAffinity(pParse->db, pIdx, iVal+i);
001742        alloc.iVal = iVal+i;
001743        rc = stat4ValueFromExpr(pParse, pElem, aff, &alloc, &pVal);
001744        if( !pVal ) break;
001745        nExtract++;
001746      }
001747    }
001748  
001749    *pnExtract = nExtract;
001750    return rc;
001751  }
001752  
001753  /*
001754  ** Attempt to extract a value from expression pExpr using the methods
001755  ** as described for sqlite3Stat4ProbeSetValue() above. 
001756  **
001757  ** If successful, set *ppVal to point to a new value object and return 
001758  ** SQLITE_OK. If no value can be extracted, but no other error occurs
001759  ** (e.g. OOM), return SQLITE_OK and set *ppVal to NULL. Or, if an error
001760  ** does occur, return an SQLite error code. The final value of *ppVal
001761  ** is undefined in this case.
001762  */
001763  int sqlite3Stat4ValueFromExpr(
001764    Parse *pParse,                  /* Parse context */
001765    Expr *pExpr,                    /* The expression to extract a value from */
001766    u8 affinity,                    /* Affinity to use */
001767    sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
001768  ){
001769    return stat4ValueFromExpr(pParse, pExpr, affinity, 0, ppVal);
001770  }
001771  
001772  /*
001773  ** Extract the iCol-th column from the nRec-byte record in pRec.  Write
001774  ** the column value into *ppVal.  If *ppVal is initially NULL then a new
001775  ** sqlite3_value object is allocated.
001776  **
001777  ** If *ppVal is initially NULL then the caller is responsible for 
001778  ** ensuring that the value written into *ppVal is eventually freed.
001779  */
001780  int sqlite3Stat4Column(
001781    sqlite3 *db,                    /* Database handle */
001782    const void *pRec,               /* Pointer to buffer containing record */
001783    int nRec,                       /* Size of buffer pRec in bytes */
001784    int iCol,                       /* Column to extract */
001785    sqlite3_value **ppVal           /* OUT: Extracted value */
001786  ){
001787    u32 t = 0;                      /* a column type code */
001788    int nHdr;                       /* Size of the header in the record */
001789    int iHdr;                       /* Next unread header byte */
001790    int iField;                     /* Next unread data byte */
001791    int szField = 0;                /* Size of the current data field */
001792    int i;                          /* Column index */
001793    u8 *a = (u8*)pRec;              /* Typecast byte array */
001794    Mem *pMem = *ppVal;             /* Write result into this Mem object */
001795  
001796    assert( iCol>0 );
001797    iHdr = getVarint32(a, nHdr);
001798    if( nHdr>nRec || iHdr>=nHdr ) return SQLITE_CORRUPT_BKPT;
001799    iField = nHdr;
001800    for(i=0; i<=iCol; i++){
001801      iHdr += getVarint32(&a[iHdr], t);
001802      testcase( iHdr==nHdr );
001803      testcase( iHdr==nHdr+1 );
001804      if( iHdr>nHdr ) return SQLITE_CORRUPT_BKPT;
001805      szField = sqlite3VdbeSerialTypeLen(t);
001806      iField += szField;
001807    }
001808    testcase( iField==nRec );
001809    testcase( iField==nRec+1 );
001810    if( iField>nRec ) return SQLITE_CORRUPT_BKPT;
001811    if( pMem==0 ){
001812      pMem = *ppVal = sqlite3ValueNew(db);
001813      if( pMem==0 ) return SQLITE_NOMEM_BKPT;
001814    }
001815    sqlite3VdbeSerialGet(&a[iField-szField], t, pMem);
001816    pMem->enc = ENC(db);
001817    return SQLITE_OK;
001818  }
001819  
001820  /*
001821  ** Unless it is NULL, the argument must be an UnpackedRecord object returned
001822  ** by an earlier call to sqlite3Stat4ProbeSetValue(). This call deletes
001823  ** the object.
001824  */
001825  void sqlite3Stat4ProbeFree(UnpackedRecord *pRec){
001826    if( pRec ){
001827      int i;
001828      int nCol = pRec->pKeyInfo->nAllField;
001829      Mem *aMem = pRec->aMem;
001830      sqlite3 *db = aMem[0].db;
001831      for(i=0; i<nCol; i++){
001832        sqlite3VdbeMemRelease(&aMem[i]);
001833      }
001834      sqlite3KeyInfoUnref(pRec->pKeyInfo);
001835      sqlite3DbFreeNN(db, pRec);
001836    }
001837  }
001838  #endif /* ifdef SQLITE_ENABLE_STAT4 */
001839  
001840  /*
001841  ** Change the string value of an sqlite3_value object
001842  */
001843  void sqlite3ValueSetStr(
001844    sqlite3_value *v,     /* Value to be set */
001845    int n,                /* Length of string z */
001846    const void *z,        /* Text of the new string */
001847    u8 enc,               /* Encoding to use */
001848    void (*xDel)(void*)   /* Destructor for the string */
001849  ){
001850    if( v ) sqlite3VdbeMemSetStr((Mem *)v, z, n, enc, xDel);
001851  }
001852  
001853  /*
001854  ** Free an sqlite3_value object
001855  */
001856  void sqlite3ValueFree(sqlite3_value *v){
001857    if( !v ) return;
001858    sqlite3VdbeMemRelease((Mem *)v);
001859    sqlite3DbFreeNN(((Mem*)v)->db, v);
001860  }
001861  
001862  /*
001863  ** The sqlite3ValueBytes() routine returns the number of bytes in the
001864  ** sqlite3_value object assuming that it uses the encoding "enc".
001865  ** The valueBytes() routine is a helper function.
001866  */
001867  static SQLITE_NOINLINE int valueBytes(sqlite3_value *pVal, u8 enc){
001868    return valueToText(pVal, enc)!=0 ? pVal->n : 0;
001869  }
001870  int sqlite3ValueBytes(sqlite3_value *pVal, u8 enc){
001871    Mem *p = (Mem*)pVal;
001872    assert( (p->flags & MEM_Null)==0 || (p->flags & (MEM_Str|MEM_Blob))==0 );
001873    if( (p->flags & MEM_Str)!=0 && pVal->enc==enc ){
001874      return p->n;
001875    }
001876    if( (p->flags & MEM_Blob)!=0 ){
001877      if( p->flags & MEM_Zero ){
001878        return p->n + p->u.nZero;
001879      }else{
001880        return p->n;
001881      }
001882    }
001883    if( p->flags & MEM_Null ) return 0;
001884    return valueBytes(pVal, enc);
001885  }