000001  /*
000002  ** 2004 May 26
000003  **
000004  ** The author disclaims copyright to this source code.  In place of
000005  ** a legal notice, here is a blessing:
000006  **
000007  **    May you do good and not evil.
000008  **    May you find forgiveness for yourself and forgive others.
000009  **    May you share freely, never taking more than you give.
000010  **
000011  *************************************************************************
000012  **
000013  ** This file contains code use to manipulate "Mem" structure.  A "Mem"
000014  ** stores a single value in the VDBE.  Mem is an opaque structure visible
000015  ** only within the VDBE.  Interface routines refer to a Mem using the
000016  ** name sqlite_value
000017  */
000018  #include "sqliteInt.h"
000019  #include "vdbeInt.h"
000020  
000021  #ifdef SQLITE_DEBUG
000022  /*
000023  ** Check invariants on a Mem object.
000024  **
000025  ** This routine is intended for use inside of assert() statements, like
000026  ** this:    assert( sqlite3VdbeCheckMemInvariants(pMem) );
000027  */
000028  int sqlite3VdbeCheckMemInvariants(Mem *p){
000029    /* If MEM_Dyn is set then Mem.xDel!=0.  
000030    ** Mem.xDel might not be initialized if MEM_Dyn is clear.
000031    */
000032    assert( (p->flags & MEM_Dyn)==0 || p->xDel!=0 );
000033  
000034    /* MEM_Dyn may only be set if Mem.szMalloc==0.  In this way we
000035    ** ensure that if Mem.szMalloc>0 then it is safe to do
000036    ** Mem.z = Mem.zMalloc without having to check Mem.flags&MEM_Dyn.
000037    ** That saves a few cycles in inner loops. */
000038    assert( (p->flags & MEM_Dyn)==0 || p->szMalloc==0 );
000039  
000040    /* Cannot be both MEM_Int and MEM_Real at the same time */
000041    assert( (p->flags & (MEM_Int|MEM_Real))!=(MEM_Int|MEM_Real) );
000042  
000043    if( p->flags & MEM_Null ){
000044      /* Cannot be both MEM_Null and some other type */
000045      assert( (p->flags & (MEM_Int|MEM_Real|MEM_Str|MEM_Blob
000046                           |MEM_RowSet|MEM_Frame|MEM_Agg))==0 );
000047  
000048      /* If MEM_Null is set, then either the value is a pure NULL (the usual
000049      ** case) or it is a pointer set using sqlite3_bind_pointer() or
000050      ** sqlite3_result_pointer().  If a pointer, then MEM_Term must also be
000051      ** set.
000052      */
000053      if( (p->flags & (MEM_Term|MEM_Subtype))==(MEM_Term|MEM_Subtype) ){
000054        /* This is a pointer type.  There may be a flag to indicate what to
000055        ** do with the pointer. */
000056        assert( ((p->flags&MEM_Dyn)!=0 ? 1 : 0) +
000057                ((p->flags&MEM_Ephem)!=0 ? 1 : 0) +
000058                ((p->flags&MEM_Static)!=0 ? 1 : 0) <= 1 );
000059  
000060        /* No other bits set */
000061        assert( (p->flags & ~(MEM_Null|MEM_Term|MEM_Subtype
000062                             |MEM_Dyn|MEM_Ephem|MEM_Static))==0 );
000063      }else{
000064        /* A pure NULL might have other flags, such as MEM_Static, MEM_Dyn,
000065        ** MEM_Ephem, MEM_Cleared, or MEM_Subtype */
000066      }
000067    }else{
000068      /* The MEM_Cleared bit is only allowed on NULLs */
000069      assert( (p->flags & MEM_Cleared)==0 );
000070    }
000071  
000072    /* The szMalloc field holds the correct memory allocation size */
000073    assert( p->szMalloc==0
000074         || p->szMalloc==sqlite3DbMallocSize(p->db,p->zMalloc) );
000075  
000076    /* If p holds a string or blob, the Mem.z must point to exactly
000077    ** one of the following:
000078    **
000079    **   (1) Memory in Mem.zMalloc and managed by the Mem object
000080    **   (2) Memory to be freed using Mem.xDel
000081    **   (3) An ephemeral string or blob
000082    **   (4) A static string or blob
000083    */
000084    if( (p->flags & (MEM_Str|MEM_Blob)) && p->n>0 ){
000085      assert( 
000086        ((p->szMalloc>0 && p->z==p->zMalloc)? 1 : 0) +
000087        ((p->flags&MEM_Dyn)!=0 ? 1 : 0) +
000088        ((p->flags&MEM_Ephem)!=0 ? 1 : 0) +
000089        ((p->flags&MEM_Static)!=0 ? 1 : 0) == 1
000090      );
000091    }
000092    return 1;
000093  }
000094  #endif
000095  
000096  #ifdef SQLITE_DEBUG
000097  /*
000098  ** Check that string value of pMem agrees with its integer or real value.
000099  **
000100  ** A single int or real value always converts to the same strings.  But
000101  ** many different strings can be converted into the same int or real.
000102  ** If a table contains a numeric value and an index is based on the
000103  ** corresponding string value, then it is important that the string be
000104  ** derived from the numeric value, not the other way around, to ensure
000105  ** that the index and table are consistent.  See ticket
000106  ** https://www.sqlite.org/src/info/343634942dd54ab (2018-01-31) for
000107  ** an example.
000108  **
000109  ** This routine looks at pMem to verify that if it has both a numeric
000110  ** representation and a string representation then the string rep has
000111  ** been derived from the numeric and not the other way around.  It returns
000112  ** true if everything is ok and false if there is a problem.
000113  **
000114  ** This routine is for use inside of assert() statements only.
000115  */
000116  int sqlite3VdbeMemConsistentDualRep(Mem *p){
000117    char zBuf[100];
000118    char *z;
000119    int i, j, incr;
000120    if( (p->flags & MEM_Str)==0 ) return 1;
000121    if( (p->flags & (MEM_Int|MEM_Real))==0 ) return 1;
000122    if( p->flags & MEM_Int ){
000123      sqlite3_snprintf(sizeof(zBuf),zBuf,"%lld",p->u.i);
000124    }else{
000125      sqlite3_snprintf(sizeof(zBuf),zBuf,"%!.15g",p->u.r);
000126    }
000127    z = p->z;
000128    i = j = 0;
000129    incr = 1;
000130    if( p->enc!=SQLITE_UTF8 ){
000131      incr = 2;
000132      if( p->enc==SQLITE_UTF16BE ) z++;
000133    }
000134    while( zBuf[j] ){
000135      if( zBuf[j++]!=z[i] ) return 0;
000136      i += incr;
000137    }
000138    return 1;
000139  }
000140  #endif /* SQLITE_DEBUG */
000141  
000142  /*
000143  ** If pMem is an object with a valid string representation, this routine
000144  ** ensures the internal encoding for the string representation is
000145  ** 'desiredEnc', one of SQLITE_UTF8, SQLITE_UTF16LE or SQLITE_UTF16BE.
000146  **
000147  ** If pMem is not a string object, or the encoding of the string
000148  ** representation is already stored using the requested encoding, then this
000149  ** routine is a no-op.
000150  **
000151  ** SQLITE_OK is returned if the conversion is successful (or not required).
000152  ** SQLITE_NOMEM may be returned if a malloc() fails during conversion
000153  ** between formats.
000154  */
000155  int sqlite3VdbeChangeEncoding(Mem *pMem, int desiredEnc){
000156  #ifndef SQLITE_OMIT_UTF16
000157    int rc;
000158  #endif
000159    assert( (pMem->flags&MEM_RowSet)==0 );
000160    assert( desiredEnc==SQLITE_UTF8 || desiredEnc==SQLITE_UTF16LE
000161             || desiredEnc==SQLITE_UTF16BE );
000162    if( !(pMem->flags&MEM_Str) || pMem->enc==desiredEnc ){
000163      return SQLITE_OK;
000164    }
000165    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000166  #ifdef SQLITE_OMIT_UTF16
000167    return SQLITE_ERROR;
000168  #else
000169  
000170    /* MemTranslate() may return SQLITE_OK or SQLITE_NOMEM. If NOMEM is returned,
000171    ** then the encoding of the value may not have changed.
000172    */
000173    rc = sqlite3VdbeMemTranslate(pMem, (u8)desiredEnc);
000174    assert(rc==SQLITE_OK    || rc==SQLITE_NOMEM);
000175    assert(rc==SQLITE_OK    || pMem->enc!=desiredEnc);
000176    assert(rc==SQLITE_NOMEM || pMem->enc==desiredEnc);
000177    return rc;
000178  #endif
000179  }
000180  
000181  /*
000182  ** Make sure pMem->z points to a writable allocation of at least 
000183  ** min(n,32) bytes.
000184  **
000185  ** If the bPreserve argument is true, then copy of the content of
000186  ** pMem->z into the new allocation.  pMem must be either a string or
000187  ** blob if bPreserve is true.  If bPreserve is false, any prior content
000188  ** in pMem->z is discarded.
000189  */
000190  SQLITE_NOINLINE int sqlite3VdbeMemGrow(Mem *pMem, int n, int bPreserve){
000191    assert( sqlite3VdbeCheckMemInvariants(pMem) );
000192    assert( (pMem->flags&MEM_RowSet)==0 );
000193    testcase( pMem->db==0 );
000194  
000195    /* If the bPreserve flag is set to true, then the memory cell must already
000196    ** contain a valid string or blob value.  */
000197    assert( bPreserve==0 || pMem->flags&(MEM_Blob|MEM_Str) );
000198    testcase( bPreserve && pMem->z==0 );
000199  
000200    assert( pMem->szMalloc==0
000201         || pMem->szMalloc==sqlite3DbMallocSize(pMem->db, pMem->zMalloc) );
000202    if( n<32 ) n = 32;
000203    if( pMem->szMalloc>0 && bPreserve && pMem->z==pMem->zMalloc ){
000204      pMem->z = pMem->zMalloc = sqlite3DbReallocOrFree(pMem->db, pMem->z, n);
000205      bPreserve = 0;
000206    }else{
000207      if( pMem->szMalloc>0 ) sqlite3DbFreeNN(pMem->db, pMem->zMalloc);
000208      pMem->zMalloc = sqlite3DbMallocRaw(pMem->db, n);
000209    }
000210    if( pMem->zMalloc==0 ){
000211      sqlite3VdbeMemSetNull(pMem);
000212      pMem->z = 0;
000213      pMem->szMalloc = 0;
000214      return SQLITE_NOMEM_BKPT;
000215    }else{
000216      pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
000217    }
000218  
000219    if( bPreserve && pMem->z ){
000220      assert( pMem->z!=pMem->zMalloc );
000221      memcpy(pMem->zMalloc, pMem->z, pMem->n);
000222    }
000223    if( (pMem->flags&MEM_Dyn)!=0 ){
000224      assert( pMem->xDel!=0 && pMem->xDel!=SQLITE_DYNAMIC );
000225      pMem->xDel((void *)(pMem->z));
000226    }
000227  
000228    pMem->z = pMem->zMalloc;
000229    pMem->flags &= ~(MEM_Dyn|MEM_Ephem|MEM_Static);
000230    return SQLITE_OK;
000231  }
000232  
000233  /*
000234  ** Change the pMem->zMalloc allocation to be at least szNew bytes.
000235  ** If pMem->zMalloc already meets or exceeds the requested size, this
000236  ** routine is a no-op.
000237  **
000238  ** Any prior string or blob content in the pMem object may be discarded.
000239  ** The pMem->xDel destructor is called, if it exists.  Though MEM_Str
000240  ** and MEM_Blob values may be discarded, MEM_Int, MEM_Real, and MEM_Null
000241  ** values are preserved.
000242  **
000243  ** Return SQLITE_OK on success or an error code (probably SQLITE_NOMEM)
000244  ** if unable to complete the resizing.
000245  */
000246  int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
000247    assert( szNew>0 );
000248    assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
000249    if( pMem->szMalloc<szNew ){
000250      return sqlite3VdbeMemGrow(pMem, szNew, 0);
000251    }
000252    assert( (pMem->flags & MEM_Dyn)==0 );
000253    pMem->z = pMem->zMalloc;
000254    pMem->flags &= (MEM_Null|MEM_Int|MEM_Real);
000255    return SQLITE_OK;
000256  }
000257  
000258  /*
000259  ** It is already known that pMem contains an unterminated string.
000260  ** Add the zero terminator.
000261  */
000262  static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){
000263    if( sqlite3VdbeMemGrow(pMem, pMem->n+2, 1) ){
000264      return SQLITE_NOMEM_BKPT;
000265    }
000266    pMem->z[pMem->n] = 0;
000267    pMem->z[pMem->n+1] = 0;
000268    pMem->flags |= MEM_Term;
000269    return SQLITE_OK;
000270  }
000271  
000272  /*
000273  ** Change pMem so that its MEM_Str or MEM_Blob value is stored in
000274  ** MEM.zMalloc, where it can be safely written.
000275  **
000276  ** Return SQLITE_OK on success or SQLITE_NOMEM if malloc fails.
000277  */
000278  int sqlite3VdbeMemMakeWriteable(Mem *pMem){
000279    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000280    assert( (pMem->flags&MEM_RowSet)==0 );
000281    if( (pMem->flags & (MEM_Str|MEM_Blob))!=0 ){
000282      if( ExpandBlob(pMem) ) return SQLITE_NOMEM;
000283      if( pMem->szMalloc==0 || pMem->z!=pMem->zMalloc ){
000284        int rc = vdbeMemAddTerminator(pMem);
000285        if( rc ) return rc;
000286      }
000287    }
000288    pMem->flags &= ~MEM_Ephem;
000289  #ifdef SQLITE_DEBUG
000290    pMem->pScopyFrom = 0;
000291  #endif
000292  
000293    return SQLITE_OK;
000294  }
000295  
000296  /*
000297  ** If the given Mem* has a zero-filled tail, turn it into an ordinary
000298  ** blob stored in dynamically allocated space.
000299  */
000300  #ifndef SQLITE_OMIT_INCRBLOB
000301  int sqlite3VdbeMemExpandBlob(Mem *pMem){
000302    int nByte;
000303    assert( pMem->flags & MEM_Zero );
000304    assert( pMem->flags&MEM_Blob );
000305    assert( (pMem->flags&MEM_RowSet)==0 );
000306    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000307  
000308    /* Set nByte to the number of bytes required to store the expanded blob. */
000309    nByte = pMem->n + pMem->u.nZero;
000310    if( nByte<=0 ){
000311      nByte = 1;
000312    }
000313    if( sqlite3VdbeMemGrow(pMem, nByte, 1) ){
000314      return SQLITE_NOMEM_BKPT;
000315    }
000316  
000317    memset(&pMem->z[pMem->n], 0, pMem->u.nZero);
000318    pMem->n += pMem->u.nZero;
000319    pMem->flags &= ~(MEM_Zero|MEM_Term);
000320    return SQLITE_OK;
000321  }
000322  #endif
000323  
000324  /*
000325  ** Make sure the given Mem is \u0000 terminated.
000326  */
000327  int sqlite3VdbeMemNulTerminate(Mem *pMem){
000328    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000329    testcase( (pMem->flags & (MEM_Term|MEM_Str))==(MEM_Term|MEM_Str) );
000330    testcase( (pMem->flags & (MEM_Term|MEM_Str))==0 );
000331    if( (pMem->flags & (MEM_Term|MEM_Str))!=MEM_Str ){
000332      return SQLITE_OK;   /* Nothing to do */
000333    }else{
000334      return vdbeMemAddTerminator(pMem);
000335    }
000336  }
000337  
000338  /*
000339  ** Add MEM_Str to the set of representations for the given Mem.  Numbers
000340  ** are converted using sqlite3_snprintf().  Converting a BLOB to a string
000341  ** is a no-op.
000342  **
000343  ** Existing representations MEM_Int and MEM_Real are invalidated if
000344  ** bForce is true but are retained if bForce is false.
000345  **
000346  ** A MEM_Null value will never be passed to this function. This function is
000347  ** used for converting values to text for returning to the user (i.e. via
000348  ** sqlite3_value_text()), or for ensuring that values to be used as btree
000349  ** keys are strings. In the former case a NULL pointer is returned the
000350  ** user and the latter is an internal programming error.
000351  */
000352  int sqlite3VdbeMemStringify(Mem *pMem, u8 enc, u8 bForce){
000353    int fg = pMem->flags;
000354    const int nByte = 32;
000355  
000356    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000357    assert( !(fg&MEM_Zero) );
000358    assert( !(fg&(MEM_Str|MEM_Blob)) );
000359    assert( fg&(MEM_Int|MEM_Real) );
000360    assert( (pMem->flags&MEM_RowSet)==0 );
000361    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000362  
000363  
000364    if( sqlite3VdbeMemClearAndResize(pMem, nByte) ){
000365      pMem->enc = 0;
000366      return SQLITE_NOMEM_BKPT;
000367    }
000368  
000369    /* For a Real or Integer, use sqlite3_snprintf() to produce the UTF-8
000370    ** string representation of the value. Then, if the required encoding
000371    ** is UTF-16le or UTF-16be do a translation.
000372    ** 
000373    ** FIX ME: It would be better if sqlite3_snprintf() could do UTF-16.
000374    */
000375    if( fg & MEM_Int ){
000376      sqlite3_snprintf(nByte, pMem->z, "%lld", pMem->u.i);
000377    }else{
000378      assert( fg & MEM_Real );
000379      sqlite3_snprintf(nByte, pMem->z, "%!.15g", pMem->u.r);
000380    }
000381    pMem->n = sqlite3Strlen30(pMem->z);
000382    pMem->enc = SQLITE_UTF8;
000383    pMem->flags |= MEM_Str|MEM_Term;
000384    if( bForce ) pMem->flags &= ~(MEM_Int|MEM_Real);
000385    sqlite3VdbeChangeEncoding(pMem, enc);
000386    return SQLITE_OK;
000387  }
000388  
000389  /*
000390  ** Memory cell pMem contains the context of an aggregate function.
000391  ** This routine calls the finalize method for that function.  The
000392  ** result of the aggregate is stored back into pMem.
000393  **
000394  ** Return SQLITE_ERROR if the finalizer reports an error.  SQLITE_OK
000395  ** otherwise.
000396  */
000397  int sqlite3VdbeMemFinalize(Mem *pMem, FuncDef *pFunc){
000398    sqlite3_context ctx;
000399    Mem t;
000400    assert( pFunc!=0 );
000401    assert( pFunc->xFinalize!=0 );
000402    assert( (pMem->flags & MEM_Null)!=0 || pFunc==pMem->u.pDef );
000403    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000404    memset(&ctx, 0, sizeof(ctx));
000405    memset(&t, 0, sizeof(t));
000406    t.flags = MEM_Null;
000407    t.db = pMem->db;
000408    ctx.pOut = &t;
000409    ctx.pMem = pMem;
000410    ctx.pFunc = pFunc;
000411    pFunc->xFinalize(&ctx); /* IMP: R-24505-23230 */
000412    assert( (pMem->flags & MEM_Dyn)==0 );
000413    if( pMem->szMalloc>0 ) sqlite3DbFreeNN(pMem->db, pMem->zMalloc);
000414    memcpy(pMem, &t, sizeof(t));
000415    return ctx.isError;
000416  }
000417  
000418  /*
000419  ** If the memory cell contains a value that must be freed by
000420  ** invoking the external callback in Mem.xDel, then this routine
000421  ** will free that value.  It also sets Mem.flags to MEM_Null.
000422  **
000423  ** This is a helper routine for sqlite3VdbeMemSetNull() and
000424  ** for sqlite3VdbeMemRelease().  Use those other routines as the
000425  ** entry point for releasing Mem resources.
000426  */
000427  static SQLITE_NOINLINE void vdbeMemClearExternAndSetNull(Mem *p){
000428    assert( p->db==0 || sqlite3_mutex_held(p->db->mutex) );
000429    assert( VdbeMemDynamic(p) );
000430    if( p->flags&MEM_Agg ){
000431      sqlite3VdbeMemFinalize(p, p->u.pDef);
000432      assert( (p->flags & MEM_Agg)==0 );
000433      testcase( p->flags & MEM_Dyn );
000434    }
000435    if( p->flags&MEM_Dyn ){
000436      assert( (p->flags&MEM_RowSet)==0 );
000437      assert( p->xDel!=SQLITE_DYNAMIC && p->xDel!=0 );
000438      p->xDel((void *)p->z);
000439    }else if( p->flags&MEM_RowSet ){
000440      sqlite3RowSetClear(p->u.pRowSet);
000441    }else if( p->flags&MEM_Frame ){
000442      VdbeFrame *pFrame = p->u.pFrame;
000443      pFrame->pParent = pFrame->v->pDelFrame;
000444      pFrame->v->pDelFrame = pFrame;
000445    }
000446    p->flags = MEM_Null;
000447  }
000448  
000449  /*
000450  ** Release memory held by the Mem p, both external memory cleared
000451  ** by p->xDel and memory in p->zMalloc.
000452  **
000453  ** This is a helper routine invoked by sqlite3VdbeMemRelease() in
000454  ** the unusual case where there really is memory in p that needs
000455  ** to be freed.
000456  */
000457  static SQLITE_NOINLINE void vdbeMemClear(Mem *p){
000458    if( VdbeMemDynamic(p) ){
000459      vdbeMemClearExternAndSetNull(p);
000460    }
000461    if( p->szMalloc ){
000462      sqlite3DbFreeNN(p->db, p->zMalloc);
000463      p->szMalloc = 0;
000464    }
000465    p->z = 0;
000466  }
000467  
000468  /*
000469  ** Release any memory resources held by the Mem.  Both the memory that is
000470  ** free by Mem.xDel and the Mem.zMalloc allocation are freed.
000471  **
000472  ** Use this routine prior to clean up prior to abandoning a Mem, or to
000473  ** reset a Mem back to its minimum memory utilization.
000474  **
000475  ** Use sqlite3VdbeMemSetNull() to release just the Mem.xDel space
000476  ** prior to inserting new content into the Mem.
000477  */
000478  void sqlite3VdbeMemRelease(Mem *p){
000479    assert( sqlite3VdbeCheckMemInvariants(p) );
000480    if( VdbeMemDynamic(p) || p->szMalloc ){
000481      vdbeMemClear(p);
000482    }
000483  }
000484  
000485  /*
000486  ** Convert a 64-bit IEEE double into a 64-bit signed integer.
000487  ** If the double is out of range of a 64-bit signed integer then
000488  ** return the closest available 64-bit signed integer.
000489  */
000490  static SQLITE_NOINLINE i64 doubleToInt64(double r){
000491  #ifdef SQLITE_OMIT_FLOATING_POINT
000492    /* When floating-point is omitted, double and int64 are the same thing */
000493    return r;
000494  #else
000495    /*
000496    ** Many compilers we encounter do not define constants for the
000497    ** minimum and maximum 64-bit integers, or they define them
000498    ** inconsistently.  And many do not understand the "LL" notation.
000499    ** So we define our own static constants here using nothing
000500    ** larger than a 32-bit integer constant.
000501    */
000502    static const i64 maxInt = LARGEST_INT64;
000503    static const i64 minInt = SMALLEST_INT64;
000504  
000505    if( r<=(double)minInt ){
000506      return minInt;
000507    }else if( r>=(double)maxInt ){
000508      return maxInt;
000509    }else{
000510      return (i64)r;
000511    }
000512  #endif
000513  }
000514  
000515  /*
000516  ** Return some kind of integer value which is the best we can do
000517  ** at representing the value that *pMem describes as an integer.
000518  ** If pMem is an integer, then the value is exact.  If pMem is
000519  ** a floating-point then the value returned is the integer part.
000520  ** If pMem is a string or blob, then we make an attempt to convert
000521  ** it into an integer and return that.  If pMem represents an
000522  ** an SQL-NULL value, return 0.
000523  **
000524  ** If pMem represents a string value, its encoding might be changed.
000525  */
000526  static SQLITE_NOINLINE i64 memIntValue(Mem *pMem){
000527    i64 value = 0;
000528    sqlite3Atoi64(pMem->z, &value, pMem->n, pMem->enc);
000529    return value;
000530  }
000531  i64 sqlite3VdbeIntValue(Mem *pMem){
000532    int flags;
000533    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000534    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000535    flags = pMem->flags;
000536    if( flags & MEM_Int ){
000537      return pMem->u.i;
000538    }else if( flags & MEM_Real ){
000539      return doubleToInt64(pMem->u.r);
000540    }else if( flags & (MEM_Str|MEM_Blob) ){
000541      assert( pMem->z || pMem->n==0 );
000542      return memIntValue(pMem);
000543    }else{
000544      return 0;
000545    }
000546  }
000547  
000548  /*
000549  ** Return the best representation of pMem that we can get into a
000550  ** double.  If pMem is already a double or an integer, return its
000551  ** value.  If it is a string or blob, try to convert it to a double.
000552  ** If it is a NULL, return 0.0.
000553  */
000554  static SQLITE_NOINLINE double memRealValue(Mem *pMem){
000555    /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
000556    double val = (double)0;
000557    sqlite3AtoF(pMem->z, &val, pMem->n, pMem->enc);
000558    return val;
000559  }
000560  double sqlite3VdbeRealValue(Mem *pMem){
000561    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000562    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000563    if( pMem->flags & MEM_Real ){
000564      return pMem->u.r;
000565    }else if( pMem->flags & MEM_Int ){
000566      return (double)pMem->u.i;
000567    }else if( pMem->flags & (MEM_Str|MEM_Blob) ){
000568      return memRealValue(pMem);
000569    }else{
000570      /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
000571      return (double)0;
000572    }
000573  }
000574  
000575  /*
000576  ** Return 1 if pMem represents true, and return 0 if pMem represents false.
000577  ** Return the value ifNull if pMem is NULL.  
000578  */
000579  int sqlite3VdbeBooleanValue(Mem *pMem, int ifNull){
000580    if( pMem->flags & MEM_Int ) return pMem->u.i!=0;
000581    if( pMem->flags & MEM_Null ) return ifNull;
000582    return sqlite3VdbeRealValue(pMem)!=0.0;
000583  }
000584  
000585  /*
000586  ** The MEM structure is already a MEM_Real.  Try to also make it a
000587  ** MEM_Int if we can.
000588  */
000589  void sqlite3VdbeIntegerAffinity(Mem *pMem){
000590    i64 ix;
000591    assert( pMem->flags & MEM_Real );
000592    assert( (pMem->flags & MEM_RowSet)==0 );
000593    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000594    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000595  
000596    ix = doubleToInt64(pMem->u.r);
000597  
000598    /* Only mark the value as an integer if
000599    **
000600    **    (1) the round-trip conversion real->int->real is a no-op, and
000601    **    (2) The integer is neither the largest nor the smallest
000602    **        possible integer (ticket #3922)
000603    **
000604    ** The second and third terms in the following conditional enforces
000605    ** the second condition under the assumption that addition overflow causes
000606    ** values to wrap around.
000607    */
000608    if( pMem->u.r==ix && ix>SMALLEST_INT64 && ix<LARGEST_INT64 ){
000609      pMem->u.i = ix;
000610      MemSetTypeFlag(pMem, MEM_Int);
000611    }
000612  }
000613  
000614  /*
000615  ** Convert pMem to type integer.  Invalidate any prior representations.
000616  */
000617  int sqlite3VdbeMemIntegerify(Mem *pMem){
000618    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000619    assert( (pMem->flags & MEM_RowSet)==0 );
000620    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000621  
000622    pMem->u.i = sqlite3VdbeIntValue(pMem);
000623    MemSetTypeFlag(pMem, MEM_Int);
000624    return SQLITE_OK;
000625  }
000626  
000627  /*
000628  ** Convert pMem so that it is of type MEM_Real.
000629  ** Invalidate any prior representations.
000630  */
000631  int sqlite3VdbeMemRealify(Mem *pMem){
000632    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000633    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000634  
000635    pMem->u.r = sqlite3VdbeRealValue(pMem);
000636    MemSetTypeFlag(pMem, MEM_Real);
000637    return SQLITE_OK;
000638  }
000639  
000640  /* Compare a floating point value to an integer.  Return true if the two
000641  ** values are the same within the precision of the floating point value.
000642  **
000643  ** For some versions of GCC on 32-bit machines, if you do the more obvious
000644  ** comparison of "r1==(double)i" you sometimes get an answer of false even
000645  ** though the r1 and (double)i values are bit-for-bit the same.
000646  */
000647  static int sqlite3RealSameAsInt(double r1, sqlite3_int64 i){
000648    double r2 = (double)i;
000649    return memcmp(&r1, &r2, sizeof(r1))==0;
000650  }
000651  
000652  /*
000653  ** Convert pMem so that it has types MEM_Real or MEM_Int or both.
000654  ** Invalidate any prior representations.
000655  **
000656  ** Every effort is made to force the conversion, even if the input
000657  ** is a string that does not look completely like a number.  Convert
000658  ** as much of the string as we can and ignore the rest.
000659  */
000660  int sqlite3VdbeMemNumerify(Mem *pMem){
000661    if( (pMem->flags & (MEM_Int|MEM_Real|MEM_Null))==0 ){
000662      int rc;
000663      assert( (pMem->flags & (MEM_Blob|MEM_Str))!=0 );
000664      assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000665      rc = sqlite3Atoi64(pMem->z, &pMem->u.i, pMem->n, pMem->enc);
000666      if( rc==0 ){
000667        MemSetTypeFlag(pMem, MEM_Int);
000668      }else{
000669        i64 i = pMem->u.i;
000670        sqlite3AtoF(pMem->z, &pMem->u.r, pMem->n, pMem->enc);
000671        if( rc==1 && sqlite3RealSameAsInt(pMem->u.r, i) ){
000672          pMem->u.i = i;
000673          MemSetTypeFlag(pMem, MEM_Int);
000674        }else{
000675          MemSetTypeFlag(pMem, MEM_Real);
000676        }
000677      }
000678    }
000679    assert( (pMem->flags & (MEM_Int|MEM_Real|MEM_Null))!=0 );
000680    pMem->flags &= ~(MEM_Str|MEM_Blob|MEM_Zero);
000681    return SQLITE_OK;
000682  }
000683  
000684  /*
000685  ** Cast the datatype of the value in pMem according to the affinity
000686  ** "aff".  Casting is different from applying affinity in that a cast
000687  ** is forced.  In other words, the value is converted into the desired
000688  ** affinity even if that results in loss of data.  This routine is
000689  ** used (for example) to implement the SQL "cast()" operator.
000690  */
000691  void sqlite3VdbeMemCast(Mem *pMem, u8 aff, u8 encoding){
000692    if( pMem->flags & MEM_Null ) return;
000693    switch( aff ){
000694      case SQLITE_AFF_BLOB: {   /* Really a cast to BLOB */
000695        if( (pMem->flags & MEM_Blob)==0 ){
000696          sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
000697          assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
000698          if( pMem->flags & MEM_Str ) MemSetTypeFlag(pMem, MEM_Blob);
000699        }else{
000700          pMem->flags &= ~(MEM_TypeMask&~MEM_Blob);
000701        }
000702        break;
000703      }
000704      case SQLITE_AFF_NUMERIC: {
000705        sqlite3VdbeMemNumerify(pMem);
000706        break;
000707      }
000708      case SQLITE_AFF_INTEGER: {
000709        sqlite3VdbeMemIntegerify(pMem);
000710        break;
000711      }
000712      case SQLITE_AFF_REAL: {
000713        sqlite3VdbeMemRealify(pMem);
000714        break;
000715      }
000716      default: {
000717        assert( aff==SQLITE_AFF_TEXT );
000718        assert( MEM_Str==(MEM_Blob>>3) );
000719        pMem->flags |= (pMem->flags&MEM_Blob)>>3;
000720        sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
000721        assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
000722        pMem->flags &= ~(MEM_Int|MEM_Real|MEM_Blob|MEM_Zero);
000723        break;
000724      }
000725    }
000726  }
000727  
000728  /*
000729  ** Initialize bulk memory to be a consistent Mem object.
000730  **
000731  ** The minimum amount of initialization feasible is performed.
000732  */
000733  void sqlite3VdbeMemInit(Mem *pMem, sqlite3 *db, u16 flags){
000734    assert( (flags & ~MEM_TypeMask)==0 );
000735    pMem->flags = flags;
000736    pMem->db = db;
000737    pMem->szMalloc = 0;
000738  }
000739  
000740  
000741  /*
000742  ** Delete any previous value and set the value stored in *pMem to NULL.
000743  **
000744  ** This routine calls the Mem.xDel destructor to dispose of values that
000745  ** require the destructor.  But it preserves the Mem.zMalloc memory allocation.
000746  ** To free all resources, use sqlite3VdbeMemRelease(), which both calls this
000747  ** routine to invoke the destructor and deallocates Mem.zMalloc.
000748  **
000749  ** Use this routine to reset the Mem prior to insert a new value.
000750  **
000751  ** Use sqlite3VdbeMemRelease() to complete erase the Mem prior to abandoning it.
000752  */
000753  void sqlite3VdbeMemSetNull(Mem *pMem){
000754    if( VdbeMemDynamic(pMem) ){
000755      vdbeMemClearExternAndSetNull(pMem);
000756    }else{
000757      pMem->flags = MEM_Null;
000758    }
000759  }
000760  void sqlite3ValueSetNull(sqlite3_value *p){
000761    sqlite3VdbeMemSetNull((Mem*)p); 
000762  }
000763  
000764  /*
000765  ** Delete any previous value and set the value to be a BLOB of length
000766  ** n containing all zeros.
000767  */
000768  void sqlite3VdbeMemSetZeroBlob(Mem *pMem, int n){
000769    sqlite3VdbeMemRelease(pMem);
000770    pMem->flags = MEM_Blob|MEM_Zero;
000771    pMem->n = 0;
000772    if( n<0 ) n = 0;
000773    pMem->u.nZero = n;
000774    pMem->enc = SQLITE_UTF8;
000775    pMem->z = 0;
000776  }
000777  
000778  /*
000779  ** The pMem is known to contain content that needs to be destroyed prior
000780  ** to a value change.  So invoke the destructor, then set the value to
000781  ** a 64-bit integer.
000782  */
000783  static SQLITE_NOINLINE void vdbeReleaseAndSetInt64(Mem *pMem, i64 val){
000784    sqlite3VdbeMemSetNull(pMem);
000785    pMem->u.i = val;
000786    pMem->flags = MEM_Int;
000787  }
000788  
000789  /*
000790  ** Delete any previous value and set the value stored in *pMem to val,
000791  ** manifest type INTEGER.
000792  */
000793  void sqlite3VdbeMemSetInt64(Mem *pMem, i64 val){
000794    if( VdbeMemDynamic(pMem) ){
000795      vdbeReleaseAndSetInt64(pMem, val);
000796    }else{
000797      pMem->u.i = val;
000798      pMem->flags = MEM_Int;
000799    }
000800  }
000801  
000802  /* A no-op destructor */
000803  void sqlite3NoopDestructor(void *p){ UNUSED_PARAMETER(p); }
000804  
000805  /*
000806  ** Set the value stored in *pMem should already be a NULL.
000807  ** Also store a pointer to go with it.
000808  */
000809  void sqlite3VdbeMemSetPointer(
000810    Mem *pMem,
000811    void *pPtr,
000812    const char *zPType,
000813    void (*xDestructor)(void*)
000814  ){
000815    assert( pMem->flags==MEM_Null );
000816    pMem->u.zPType = zPType ? zPType : "";
000817    pMem->z = pPtr;
000818    pMem->flags = MEM_Null|MEM_Dyn|MEM_Subtype|MEM_Term;
000819    pMem->eSubtype = 'p';
000820    pMem->xDel = xDestructor ? xDestructor : sqlite3NoopDestructor;
000821  }
000822  
000823  #ifndef SQLITE_OMIT_FLOATING_POINT
000824  /*
000825  ** Delete any previous value and set the value stored in *pMem to val,
000826  ** manifest type REAL.
000827  */
000828  void sqlite3VdbeMemSetDouble(Mem *pMem, double val){
000829    sqlite3VdbeMemSetNull(pMem);
000830    if( !sqlite3IsNaN(val) ){
000831      pMem->u.r = val;
000832      pMem->flags = MEM_Real;
000833    }
000834  }
000835  #endif
000836  
000837  /*
000838  ** Delete any previous value and set the value of pMem to be an
000839  ** empty boolean index.
000840  */
000841  void sqlite3VdbeMemSetRowSet(Mem *pMem){
000842    sqlite3 *db = pMem->db;
000843    assert( db!=0 );
000844    assert( (pMem->flags & MEM_RowSet)==0 );
000845    sqlite3VdbeMemRelease(pMem);
000846    pMem->zMalloc = sqlite3DbMallocRawNN(db, 64);
000847    if( db->mallocFailed ){
000848      pMem->flags = MEM_Null;
000849      pMem->szMalloc = 0;
000850    }else{
000851      assert( pMem->zMalloc );
000852      pMem->szMalloc = sqlite3DbMallocSize(db, pMem->zMalloc);
000853      pMem->u.pRowSet = sqlite3RowSetInit(db, pMem->zMalloc, pMem->szMalloc);
000854      assert( pMem->u.pRowSet!=0 );
000855      pMem->flags = MEM_RowSet;
000856    }
000857  }
000858  
000859  /*
000860  ** Return true if the Mem object contains a TEXT or BLOB that is
000861  ** too large - whose size exceeds SQLITE_MAX_LENGTH.
000862  */
000863  int sqlite3VdbeMemTooBig(Mem *p){
000864    assert( p->db!=0 );
000865    if( p->flags & (MEM_Str|MEM_Blob) ){
000866      int n = p->n;
000867      if( p->flags & MEM_Zero ){
000868        n += p->u.nZero;
000869      }
000870      return n>p->db->aLimit[SQLITE_LIMIT_LENGTH];
000871    }
000872    return 0; 
000873  }
000874  
000875  #ifdef SQLITE_DEBUG
000876  /*
000877  ** This routine prepares a memory cell for modification by breaking
000878  ** its link to a shallow copy and by marking any current shallow
000879  ** copies of this cell as invalid.
000880  **
000881  ** This is used for testing and debugging only - to make sure shallow
000882  ** copies are not misused.
000883  */
000884  void sqlite3VdbeMemAboutToChange(Vdbe *pVdbe, Mem *pMem){
000885    int i;
000886    Mem *pX;
000887    for(i=0, pX=pVdbe->aMem; i<pVdbe->nMem; i++, pX++){
000888      if( pX->pScopyFrom==pMem ){
000889        pX->flags |= MEM_Undefined;
000890        pX->pScopyFrom = 0;
000891      }
000892    }
000893    pMem->pScopyFrom = 0;
000894  }
000895  #endif /* SQLITE_DEBUG */
000896  
000897  
000898  /*
000899  ** Make an shallow copy of pFrom into pTo.  Prior contents of
000900  ** pTo are freed.  The pFrom->z field is not duplicated.  If
000901  ** pFrom->z is used, then pTo->z points to the same thing as pFrom->z
000902  ** and flags gets srcType (either MEM_Ephem or MEM_Static).
000903  */
000904  static SQLITE_NOINLINE void vdbeClrCopy(Mem *pTo, const Mem *pFrom, int eType){
000905    vdbeMemClearExternAndSetNull(pTo);
000906    assert( !VdbeMemDynamic(pTo) );
000907    sqlite3VdbeMemShallowCopy(pTo, pFrom, eType);
000908  }
000909  void sqlite3VdbeMemShallowCopy(Mem *pTo, const Mem *pFrom, int srcType){
000910    assert( (pFrom->flags & MEM_RowSet)==0 );
000911    assert( pTo->db==pFrom->db );
000912    if( VdbeMemDynamic(pTo) ){ vdbeClrCopy(pTo,pFrom,srcType); return; }
000913    memcpy(pTo, pFrom, MEMCELLSIZE);
000914    if( (pFrom->flags&MEM_Static)==0 ){
000915      pTo->flags &= ~(MEM_Dyn|MEM_Static|MEM_Ephem);
000916      assert( srcType==MEM_Ephem || srcType==MEM_Static );
000917      pTo->flags |= srcType;
000918    }
000919  }
000920  
000921  /*
000922  ** Make a full copy of pFrom into pTo.  Prior contents of pTo are
000923  ** freed before the copy is made.
000924  */
000925  int sqlite3VdbeMemCopy(Mem *pTo, const Mem *pFrom){
000926    int rc = SQLITE_OK;
000927  
000928    assert( (pFrom->flags & MEM_RowSet)==0 );
000929    if( VdbeMemDynamic(pTo) ) vdbeMemClearExternAndSetNull(pTo);
000930    memcpy(pTo, pFrom, MEMCELLSIZE);
000931    pTo->flags &= ~MEM_Dyn;
000932    if( pTo->flags&(MEM_Str|MEM_Blob) ){
000933      if( 0==(pFrom->flags&MEM_Static) ){
000934        pTo->flags |= MEM_Ephem;
000935        rc = sqlite3VdbeMemMakeWriteable(pTo);
000936      }
000937    }
000938  
000939    return rc;
000940  }
000941  
000942  /*
000943  ** Transfer the contents of pFrom to pTo. Any existing value in pTo is
000944  ** freed. If pFrom contains ephemeral data, a copy is made.
000945  **
000946  ** pFrom contains an SQL NULL when this routine returns.
000947  */
000948  void sqlite3VdbeMemMove(Mem *pTo, Mem *pFrom){
000949    assert( pFrom->db==0 || sqlite3_mutex_held(pFrom->db->mutex) );
000950    assert( pTo->db==0 || sqlite3_mutex_held(pTo->db->mutex) );
000951    assert( pFrom->db==0 || pTo->db==0 || pFrom->db==pTo->db );
000952  
000953    sqlite3VdbeMemRelease(pTo);
000954    memcpy(pTo, pFrom, sizeof(Mem));
000955    pFrom->flags = MEM_Null;
000956    pFrom->szMalloc = 0;
000957  }
000958  
000959  /*
000960  ** Change the value of a Mem to be a string or a BLOB.
000961  **
000962  ** The memory management strategy depends on the value of the xDel
000963  ** parameter. If the value passed is SQLITE_TRANSIENT, then the 
000964  ** string is copied into a (possibly existing) buffer managed by the 
000965  ** Mem structure. Otherwise, any existing buffer is freed and the
000966  ** pointer copied.
000967  **
000968  ** If the string is too large (if it exceeds the SQLITE_LIMIT_LENGTH
000969  ** size limit) then no memory allocation occurs.  If the string can be
000970  ** stored without allocating memory, then it is.  If a memory allocation
000971  ** is required to store the string, then value of pMem is unchanged.  In
000972  ** either case, SQLITE_TOOBIG is returned.
000973  */
000974  int sqlite3VdbeMemSetStr(
000975    Mem *pMem,          /* Memory cell to set to string value */
000976    const char *z,      /* String pointer */
000977    int n,              /* Bytes in string, or negative */
000978    u8 enc,             /* Encoding of z.  0 for BLOBs */
000979    void (*xDel)(void*) /* Destructor function */
000980  ){
000981    int nByte = n;      /* New value for pMem->n */
000982    int iLimit;         /* Maximum allowed string or blob size */
000983    u16 flags = 0;      /* New value for pMem->flags */
000984  
000985    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000986    assert( (pMem->flags & MEM_RowSet)==0 );
000987  
000988    /* If z is a NULL pointer, set pMem to contain an SQL NULL. */
000989    if( !z ){
000990      sqlite3VdbeMemSetNull(pMem);
000991      return SQLITE_OK;
000992    }
000993  
000994    if( pMem->db ){
000995      iLimit = pMem->db->aLimit[SQLITE_LIMIT_LENGTH];
000996    }else{
000997      iLimit = SQLITE_MAX_LENGTH;
000998    }
000999    flags = (enc==0?MEM_Blob:MEM_Str);
001000    if( nByte<0 ){
001001      assert( enc!=0 );
001002      if( enc==SQLITE_UTF8 ){
001003        nByte = 0x7fffffff & (int)strlen(z);
001004        if( nByte>iLimit ) nByte = iLimit+1;
001005      }else{
001006        for(nByte=0; nByte<=iLimit && (z[nByte] | z[nByte+1]); nByte+=2){}
001007      }
001008      flags |= MEM_Term;
001009    }
001010  
001011    /* The following block sets the new values of Mem.z and Mem.xDel. It
001012    ** also sets a flag in local variable "flags" to indicate the memory
001013    ** management (one of MEM_Dyn or MEM_Static).
001014    */
001015    if( xDel==SQLITE_TRANSIENT ){
001016      int nAlloc = nByte;
001017      if( flags&MEM_Term ){
001018        nAlloc += (enc==SQLITE_UTF8?1:2);
001019      }
001020      if( nByte>iLimit ){
001021        return SQLITE_TOOBIG;
001022      }
001023      testcase( nAlloc==0 );
001024      testcase( nAlloc==31 );
001025      testcase( nAlloc==32 );
001026      if( sqlite3VdbeMemClearAndResize(pMem, MAX(nAlloc,32)) ){
001027        return SQLITE_NOMEM_BKPT;
001028      }
001029      memcpy(pMem->z, z, nAlloc);
001030    }else if( xDel==SQLITE_DYNAMIC ){
001031      sqlite3VdbeMemRelease(pMem);
001032      pMem->zMalloc = pMem->z = (char *)z;
001033      pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
001034    }else{
001035      sqlite3VdbeMemRelease(pMem);
001036      pMem->z = (char *)z;
001037      pMem->xDel = xDel;
001038      flags |= ((xDel==SQLITE_STATIC)?MEM_Static:MEM_Dyn);
001039    }
001040  
001041    pMem->n = nByte;
001042    pMem->flags = flags;
001043    pMem->enc = (enc==0 ? SQLITE_UTF8 : enc);
001044  
001045  #ifndef SQLITE_OMIT_UTF16
001046    if( pMem->enc!=SQLITE_UTF8 && sqlite3VdbeMemHandleBom(pMem) ){
001047      return SQLITE_NOMEM_BKPT;
001048    }
001049  #endif
001050  
001051    if( nByte>iLimit ){
001052      return SQLITE_TOOBIG;
001053    }
001054  
001055    return SQLITE_OK;
001056  }
001057  
001058  /*
001059  ** Move data out of a btree key or data field and into a Mem structure.
001060  ** The data is payload from the entry that pCur is currently pointing
001061  ** to.  offset and amt determine what portion of the data or key to retrieve.
001062  ** The result is written into the pMem element.
001063  **
001064  ** The pMem object must have been initialized.  This routine will use
001065  ** pMem->zMalloc to hold the content from the btree, if possible.  New
001066  ** pMem->zMalloc space will be allocated if necessary.  The calling routine
001067  ** is responsible for making sure that the pMem object is eventually
001068  ** destroyed.
001069  **
001070  ** If this routine fails for any reason (malloc returns NULL or unable
001071  ** to read from the disk) then the pMem is left in an inconsistent state.
001072  */
001073  static SQLITE_NOINLINE int vdbeMemFromBtreeResize(
001074    BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
001075    u32 offset,       /* Offset from the start of data to return bytes from. */
001076    u32 amt,          /* Number of bytes to return. */
001077    Mem *pMem         /* OUT: Return data in this Mem structure. */
001078  ){
001079    int rc;
001080    pMem->flags = MEM_Null;
001081    if( SQLITE_OK==(rc = sqlite3VdbeMemClearAndResize(pMem, amt+1)) ){
001082      rc = sqlite3BtreePayload(pCur, offset, amt, pMem->z);
001083      if( rc==SQLITE_OK ){
001084        pMem->z[amt] = 0;   /* Overrun area used when reading malformed records */
001085        pMem->flags = MEM_Blob;
001086        pMem->n = (int)amt;
001087      }else{
001088        sqlite3VdbeMemRelease(pMem);
001089      }
001090    }
001091    return rc;
001092  }
001093  int sqlite3VdbeMemFromBtree(
001094    BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
001095    u32 offset,       /* Offset from the start of data to return bytes from. */
001096    u32 amt,          /* Number of bytes to return. */
001097    Mem *pMem         /* OUT: Return data in this Mem structure. */
001098  ){
001099    char *zData;        /* Data from the btree layer */
001100    u32 available = 0;  /* Number of bytes available on the local btree page */
001101    int rc = SQLITE_OK; /* Return code */
001102  
001103    assert( sqlite3BtreeCursorIsValid(pCur) );
001104    assert( !VdbeMemDynamic(pMem) );
001105  
001106    /* Note: the calls to BtreeKeyFetch() and DataFetch() below assert() 
001107    ** that both the BtShared and database handle mutexes are held. */
001108    assert( (pMem->flags & MEM_RowSet)==0 );
001109    zData = (char *)sqlite3BtreePayloadFetch(pCur, &available);
001110    assert( zData!=0 );
001111  
001112    if( offset+amt<=available ){
001113      pMem->z = &zData[offset];
001114      pMem->flags = MEM_Blob|MEM_Ephem;
001115      pMem->n = (int)amt;
001116    }else{
001117      rc = vdbeMemFromBtreeResize(pCur, offset, amt, pMem);
001118    }
001119  
001120    return rc;
001121  }
001122  
001123  /*
001124  ** The pVal argument is known to be a value other than NULL.
001125  ** Convert it into a string with encoding enc and return a pointer
001126  ** to a zero-terminated version of that string.
001127  */
001128  static SQLITE_NOINLINE const void *valueToText(sqlite3_value* pVal, u8 enc){
001129    assert( pVal!=0 );
001130    assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
001131    assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
001132    assert( (pVal->flags & MEM_RowSet)==0 );
001133    assert( (pVal->flags & (MEM_Null))==0 );
001134    if( pVal->flags & (MEM_Blob|MEM_Str) ){
001135      if( ExpandBlob(pVal) ) return 0;
001136      pVal->flags |= MEM_Str;
001137      if( pVal->enc != (enc & ~SQLITE_UTF16_ALIGNED) ){
001138        sqlite3VdbeChangeEncoding(pVal, enc & ~SQLITE_UTF16_ALIGNED);
001139      }
001140      if( (enc & SQLITE_UTF16_ALIGNED)!=0 && 1==(1&SQLITE_PTR_TO_INT(pVal->z)) ){
001141        assert( (pVal->flags & (MEM_Ephem|MEM_Static))!=0 );
001142        if( sqlite3VdbeMemMakeWriteable(pVal)!=SQLITE_OK ){
001143          return 0;
001144        }
001145      }
001146      sqlite3VdbeMemNulTerminate(pVal); /* IMP: R-31275-44060 */
001147    }else{
001148      sqlite3VdbeMemStringify(pVal, enc, 0);
001149      assert( 0==(1&SQLITE_PTR_TO_INT(pVal->z)) );
001150    }
001151    assert(pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) || pVal->db==0
001152                || pVal->db->mallocFailed );
001153    if( pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) ){
001154      assert( sqlite3VdbeMemConsistentDualRep(pVal) );
001155      return pVal->z;
001156    }else{
001157      return 0;
001158    }
001159  }
001160  
001161  /* This function is only available internally, it is not part of the
001162  ** external API. It works in a similar way to sqlite3_value_text(),
001163  ** except the data returned is in the encoding specified by the second
001164  ** parameter, which must be one of SQLITE_UTF16BE, SQLITE_UTF16LE or
001165  ** SQLITE_UTF8.
001166  **
001167  ** (2006-02-16:)  The enc value can be or-ed with SQLITE_UTF16_ALIGNED.
001168  ** If that is the case, then the result must be aligned on an even byte
001169  ** boundary.
001170  */
001171  const void *sqlite3ValueText(sqlite3_value* pVal, u8 enc){
001172    if( !pVal ) return 0;
001173    assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
001174    assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
001175    assert( (pVal->flags & MEM_RowSet)==0 );
001176    if( (pVal->flags&(MEM_Str|MEM_Term))==(MEM_Str|MEM_Term) && pVal->enc==enc ){
001177      assert( sqlite3VdbeMemConsistentDualRep(pVal) );
001178      return pVal->z;
001179    }
001180    if( pVal->flags&MEM_Null ){
001181      return 0;
001182    }
001183    return valueToText(pVal, enc);
001184  }
001185  
001186  /*
001187  ** Create a new sqlite3_value object.
001188  */
001189  sqlite3_value *sqlite3ValueNew(sqlite3 *db){
001190    Mem *p = sqlite3DbMallocZero(db, sizeof(*p));
001191    if( p ){
001192      p->flags = MEM_Null;
001193      p->db = db;
001194    }
001195    return p;
001196  }
001197  
001198  /*
001199  ** Context object passed by sqlite3Stat4ProbeSetValue() through to 
001200  ** valueNew(). See comments above valueNew() for details.
001201  */
001202  struct ValueNewStat4Ctx {
001203    Parse *pParse;
001204    Index *pIdx;
001205    UnpackedRecord **ppRec;
001206    int iVal;
001207  };
001208  
001209  /*
001210  ** Allocate and return a pointer to a new sqlite3_value object. If
001211  ** the second argument to this function is NULL, the object is allocated
001212  ** by calling sqlite3ValueNew().
001213  **
001214  ** Otherwise, if the second argument is non-zero, then this function is 
001215  ** being called indirectly by sqlite3Stat4ProbeSetValue(). If it has not
001216  ** already been allocated, allocate the UnpackedRecord structure that 
001217  ** that function will return to its caller here. Then return a pointer to
001218  ** an sqlite3_value within the UnpackedRecord.a[] array.
001219  */
001220  static sqlite3_value *valueNew(sqlite3 *db, struct ValueNewStat4Ctx *p){
001221  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001222    if( p ){
001223      UnpackedRecord *pRec = p->ppRec[0];
001224  
001225      if( pRec==0 ){
001226        Index *pIdx = p->pIdx;      /* Index being probed */
001227        int nByte;                  /* Bytes of space to allocate */
001228        int i;                      /* Counter variable */
001229        int nCol = pIdx->nColumn;   /* Number of index columns including rowid */
001230    
001231        nByte = sizeof(Mem) * nCol + ROUND8(sizeof(UnpackedRecord));
001232        pRec = (UnpackedRecord*)sqlite3DbMallocZero(db, nByte);
001233        if( pRec ){
001234          pRec->pKeyInfo = sqlite3KeyInfoOfIndex(p->pParse, pIdx);
001235          if( pRec->pKeyInfo ){
001236            assert( pRec->pKeyInfo->nAllField==nCol );
001237            assert( pRec->pKeyInfo->enc==ENC(db) );
001238            pRec->aMem = (Mem *)((u8*)pRec + ROUND8(sizeof(UnpackedRecord)));
001239            for(i=0; i<nCol; i++){
001240              pRec->aMem[i].flags = MEM_Null;
001241              pRec->aMem[i].db = db;
001242            }
001243          }else{
001244            sqlite3DbFreeNN(db, pRec);
001245            pRec = 0;
001246          }
001247        }
001248        if( pRec==0 ) return 0;
001249        p->ppRec[0] = pRec;
001250      }
001251    
001252      pRec->nField = p->iVal+1;
001253      return &pRec->aMem[p->iVal];
001254    }
001255  #else
001256    UNUSED_PARAMETER(p);
001257  #endif /* defined(SQLITE_ENABLE_STAT3_OR_STAT4) */
001258    return sqlite3ValueNew(db);
001259  }
001260  
001261  /*
001262  ** The expression object indicated by the second argument is guaranteed
001263  ** to be a scalar SQL function. If
001264  **
001265  **   * all function arguments are SQL literals,
001266  **   * one of the SQLITE_FUNC_CONSTANT or _SLOCHNG function flags is set, and
001267  **   * the SQLITE_FUNC_NEEDCOLL function flag is not set,
001268  **
001269  ** then this routine attempts to invoke the SQL function. Assuming no
001270  ** error occurs, output parameter (*ppVal) is set to point to a value 
001271  ** object containing the result before returning SQLITE_OK.
001272  **
001273  ** Affinity aff is applied to the result of the function before returning.
001274  ** If the result is a text value, the sqlite3_value object uses encoding 
001275  ** enc.
001276  **
001277  ** If the conditions above are not met, this function returns SQLITE_OK
001278  ** and sets (*ppVal) to NULL. Or, if an error occurs, (*ppVal) is set to
001279  ** NULL and an SQLite error code returned.
001280  */
001281  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001282  static int valueFromFunction(
001283    sqlite3 *db,                    /* The database connection */
001284    Expr *p,                        /* The expression to evaluate */
001285    u8 enc,                         /* Encoding to use */
001286    u8 aff,                         /* Affinity to use */
001287    sqlite3_value **ppVal,          /* Write the new value here */
001288    struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
001289  ){
001290    sqlite3_context ctx;            /* Context object for function invocation */
001291    sqlite3_value **apVal = 0;      /* Function arguments */
001292    int nVal = 0;                   /* Size of apVal[] array */
001293    FuncDef *pFunc = 0;             /* Function definition */
001294    sqlite3_value *pVal = 0;        /* New value */
001295    int rc = SQLITE_OK;             /* Return code */
001296    ExprList *pList = 0;            /* Function arguments */
001297    int i;                          /* Iterator variable */
001298  
001299    assert( pCtx!=0 );
001300    assert( (p->flags & EP_TokenOnly)==0 );
001301    pList = p->x.pList;
001302    if( pList ) nVal = pList->nExpr;
001303    pFunc = sqlite3FindFunction(db, p->u.zToken, nVal, enc, 0);
001304    assert( pFunc );
001305    if( (pFunc->funcFlags & (SQLITE_FUNC_CONSTANT|SQLITE_FUNC_SLOCHNG))==0 
001306     || (pFunc->funcFlags & SQLITE_FUNC_NEEDCOLL)
001307    ){
001308      return SQLITE_OK;
001309    }
001310  
001311    if( pList ){
001312      apVal = (sqlite3_value**)sqlite3DbMallocZero(db, sizeof(apVal[0]) * nVal);
001313      if( apVal==0 ){
001314        rc = SQLITE_NOMEM_BKPT;
001315        goto value_from_function_out;
001316      }
001317      for(i=0; i<nVal; i++){
001318        rc = sqlite3ValueFromExpr(db, pList->a[i].pExpr, enc, aff, &apVal[i]);
001319        if( apVal[i]==0 || rc!=SQLITE_OK ) goto value_from_function_out;
001320      }
001321    }
001322  
001323    pVal = valueNew(db, pCtx);
001324    if( pVal==0 ){
001325      rc = SQLITE_NOMEM_BKPT;
001326      goto value_from_function_out;
001327    }
001328  
001329    assert( pCtx->pParse->rc==SQLITE_OK );
001330    memset(&ctx, 0, sizeof(ctx));
001331    ctx.pOut = pVal;
001332    ctx.pFunc = pFunc;
001333    pFunc->xSFunc(&ctx, nVal, apVal);
001334    if( ctx.isError ){
001335      rc = ctx.isError;
001336      sqlite3ErrorMsg(pCtx->pParse, "%s", sqlite3_value_text(pVal));
001337    }else{
001338      sqlite3ValueApplyAffinity(pVal, aff, SQLITE_UTF8);
001339      assert( rc==SQLITE_OK );
001340      rc = sqlite3VdbeChangeEncoding(pVal, enc);
001341      if( rc==SQLITE_OK && sqlite3VdbeMemTooBig(pVal) ){
001342        rc = SQLITE_TOOBIG;
001343        pCtx->pParse->nErr++;
001344      }
001345    }
001346    pCtx->pParse->rc = rc;
001347  
001348   value_from_function_out:
001349    if( rc!=SQLITE_OK ){
001350      pVal = 0;
001351    }
001352    if( apVal ){
001353      for(i=0; i<nVal; i++){
001354        sqlite3ValueFree(apVal[i]);
001355      }
001356      sqlite3DbFreeNN(db, apVal);
001357    }
001358  
001359    *ppVal = pVal;
001360    return rc;
001361  }
001362  #else
001363  # define valueFromFunction(a,b,c,d,e,f) SQLITE_OK
001364  #endif /* defined(SQLITE_ENABLE_STAT3_OR_STAT4) */
001365  
001366  /*
001367  ** Extract a value from the supplied expression in the manner described
001368  ** above sqlite3ValueFromExpr(). Allocate the sqlite3_value object
001369  ** using valueNew().
001370  **
001371  ** If pCtx is NULL and an error occurs after the sqlite3_value object
001372  ** has been allocated, it is freed before returning. Or, if pCtx is not
001373  ** NULL, it is assumed that the caller will free any allocated object
001374  ** in all cases.
001375  */
001376  static int valueFromExpr(
001377    sqlite3 *db,                    /* The database connection */
001378    Expr *pExpr,                    /* The expression to evaluate */
001379    u8 enc,                         /* Encoding to use */
001380    u8 affinity,                    /* Affinity to use */
001381    sqlite3_value **ppVal,          /* Write the new value here */
001382    struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
001383  ){
001384    int op;
001385    char *zVal = 0;
001386    sqlite3_value *pVal = 0;
001387    int negInt = 1;
001388    const char *zNeg = "";
001389    int rc = SQLITE_OK;
001390  
001391    assert( pExpr!=0 );
001392    while( (op = pExpr->op)==TK_UPLUS || op==TK_SPAN ) pExpr = pExpr->pLeft;
001393  #if defined(SQLITE_ENABLE_STAT3_OR_STAT4)
001394    if( op==TK_REGISTER ) op = pExpr->op2;
001395  #else
001396    if( NEVER(op==TK_REGISTER) ) op = pExpr->op2;
001397  #endif
001398  
001399    /* Compressed expressions only appear when parsing the DEFAULT clause
001400    ** on a table column definition, and hence only when pCtx==0.  This
001401    ** check ensures that an EP_TokenOnly expression is never passed down
001402    ** into valueFromFunction(). */
001403    assert( (pExpr->flags & EP_TokenOnly)==0 || pCtx==0 );
001404  
001405    if( op==TK_CAST ){
001406      u8 aff = sqlite3AffinityType(pExpr->u.zToken,0);
001407      rc = valueFromExpr(db, pExpr->pLeft, enc, aff, ppVal, pCtx);
001408      testcase( rc!=SQLITE_OK );
001409      if( *ppVal ){
001410        sqlite3VdbeMemCast(*ppVal, aff, SQLITE_UTF8);
001411        sqlite3ValueApplyAffinity(*ppVal, affinity, SQLITE_UTF8);
001412      }
001413      return rc;
001414    }
001415  
001416    /* Handle negative integers in a single step.  This is needed in the
001417    ** case when the value is -9223372036854775808.
001418    */
001419    if( op==TK_UMINUS
001420     && (pExpr->pLeft->op==TK_INTEGER || pExpr->pLeft->op==TK_FLOAT) ){
001421      pExpr = pExpr->pLeft;
001422      op = pExpr->op;
001423      negInt = -1;
001424      zNeg = "-";
001425    }
001426  
001427    if( op==TK_STRING || op==TK_FLOAT || op==TK_INTEGER ){
001428      pVal = valueNew(db, pCtx);
001429      if( pVal==0 ) goto no_mem;
001430      if( ExprHasProperty(pExpr, EP_IntValue) ){
001431        sqlite3VdbeMemSetInt64(pVal, (i64)pExpr->u.iValue*negInt);
001432      }else{
001433        zVal = sqlite3MPrintf(db, "%s%s", zNeg, pExpr->u.zToken);
001434        if( zVal==0 ) goto no_mem;
001435        sqlite3ValueSetStr(pVal, -1, zVal, SQLITE_UTF8, SQLITE_DYNAMIC);
001436      }
001437      if( (op==TK_INTEGER || op==TK_FLOAT ) && affinity==SQLITE_AFF_BLOB ){
001438        sqlite3ValueApplyAffinity(pVal, SQLITE_AFF_NUMERIC, SQLITE_UTF8);
001439      }else{
001440        sqlite3ValueApplyAffinity(pVal, affinity, SQLITE_UTF8);
001441      }
001442      if( pVal->flags & (MEM_Int|MEM_Real) ) pVal->flags &= ~MEM_Str;
001443      if( enc!=SQLITE_UTF8 ){
001444        rc = sqlite3VdbeChangeEncoding(pVal, enc);
001445      }
001446    }else if( op==TK_UMINUS ) {
001447      /* This branch happens for multiple negative signs.  Ex: -(-5) */
001448      if( SQLITE_OK==valueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal,pCtx) 
001449       && pVal!=0
001450      ){
001451        sqlite3VdbeMemNumerify(pVal);
001452        if( pVal->flags & MEM_Real ){
001453          pVal->u.r = -pVal->u.r;
001454        }else if( pVal->u.i==SMALLEST_INT64 ){
001455          pVal->u.r = -(double)SMALLEST_INT64;
001456          MemSetTypeFlag(pVal, MEM_Real);
001457        }else{
001458          pVal->u.i = -pVal->u.i;
001459        }
001460        sqlite3ValueApplyAffinity(pVal, affinity, enc);
001461      }
001462    }else if( op==TK_NULL ){
001463      pVal = valueNew(db, pCtx);
001464      if( pVal==0 ) goto no_mem;
001465      sqlite3VdbeMemNumerify(pVal);
001466    }
001467  #ifndef SQLITE_OMIT_BLOB_LITERAL
001468    else if( op==TK_BLOB ){
001469      int nVal;
001470      assert( pExpr->u.zToken[0]=='x' || pExpr->u.zToken[0]=='X' );
001471      assert( pExpr->u.zToken[1]=='\'' );
001472      pVal = valueNew(db, pCtx);
001473      if( !pVal ) goto no_mem;
001474      zVal = &pExpr->u.zToken[2];
001475      nVal = sqlite3Strlen30(zVal)-1;
001476      assert( zVal[nVal]=='\'' );
001477      sqlite3VdbeMemSetStr(pVal, sqlite3HexToBlob(db, zVal, nVal), nVal/2,
001478                           0, SQLITE_DYNAMIC);
001479    }
001480  #endif
001481  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001482    else if( op==TK_FUNCTION && pCtx!=0 ){
001483      rc = valueFromFunction(db, pExpr, enc, affinity, &pVal, pCtx);
001484    }
001485  #endif
001486    else if( op==TK_TRUEFALSE ){
001487       pVal = valueNew(db, pCtx);
001488       pVal->flags = MEM_Int;
001489       pVal->u.i = pExpr->u.zToken[4]==0;
001490    }
001491  
001492    *ppVal = pVal;
001493    return rc;
001494  
001495  no_mem:
001496  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001497    if( pCtx==0 || pCtx->pParse->nErr==0 )
001498  #endif
001499      sqlite3OomFault(db);
001500    sqlite3DbFree(db, zVal);
001501    assert( *ppVal==0 );
001502  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001503    if( pCtx==0 ) sqlite3ValueFree(pVal);
001504  #else
001505    assert( pCtx==0 ); sqlite3ValueFree(pVal);
001506  #endif
001507    return SQLITE_NOMEM_BKPT;
001508  }
001509  
001510  /*
001511  ** Create a new sqlite3_value object, containing the value of pExpr.
001512  **
001513  ** This only works for very simple expressions that consist of one constant
001514  ** token (i.e. "5", "5.1", "'a string'"). If the expression can
001515  ** be converted directly into a value, then the value is allocated and
001516  ** a pointer written to *ppVal. The caller is responsible for deallocating
001517  ** the value by passing it to sqlite3ValueFree() later on. If the expression
001518  ** cannot be converted to a value, then *ppVal is set to NULL.
001519  */
001520  int sqlite3ValueFromExpr(
001521    sqlite3 *db,              /* The database connection */
001522    Expr *pExpr,              /* The expression to evaluate */
001523    u8 enc,                   /* Encoding to use */
001524    u8 affinity,              /* Affinity to use */
001525    sqlite3_value **ppVal     /* Write the new value here */
001526  ){
001527    return pExpr ? valueFromExpr(db, pExpr, enc, affinity, ppVal, 0) : 0;
001528  }
001529  
001530  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001531  /*
001532  ** The implementation of the sqlite_record() function. This function accepts
001533  ** a single argument of any type. The return value is a formatted database 
001534  ** record (a blob) containing the argument value.
001535  **
001536  ** This is used to convert the value stored in the 'sample' column of the
001537  ** sqlite_stat3 table to the record format SQLite uses internally.
001538  */
001539  static void recordFunc(
001540    sqlite3_context *context,
001541    int argc,
001542    sqlite3_value **argv
001543  ){
001544    const int file_format = 1;
001545    u32 iSerial;                    /* Serial type */
001546    int nSerial;                    /* Bytes of space for iSerial as varint */
001547    u32 nVal;                       /* Bytes of space required for argv[0] */
001548    int nRet;
001549    sqlite3 *db;
001550    u8 *aRet;
001551  
001552    UNUSED_PARAMETER( argc );
001553    iSerial = sqlite3VdbeSerialType(argv[0], file_format, &nVal);
001554    nSerial = sqlite3VarintLen(iSerial);
001555    db = sqlite3_context_db_handle(context);
001556  
001557    nRet = 1 + nSerial + nVal;
001558    aRet = sqlite3DbMallocRawNN(db, nRet);
001559    if( aRet==0 ){
001560      sqlite3_result_error_nomem(context);
001561    }else{
001562      aRet[0] = nSerial+1;
001563      putVarint32(&aRet[1], iSerial);
001564      sqlite3VdbeSerialPut(&aRet[1+nSerial], argv[0], iSerial);
001565      sqlite3_result_blob(context, aRet, nRet, SQLITE_TRANSIENT);
001566      sqlite3DbFreeNN(db, aRet);
001567    }
001568  }
001569  
001570  /*
001571  ** Register built-in functions used to help read ANALYZE data.
001572  */
001573  void sqlite3AnalyzeFunctions(void){
001574    static FuncDef aAnalyzeTableFuncs[] = {
001575      FUNCTION(sqlite_record,   1, 0, 0, recordFunc),
001576    };
001577    sqlite3InsertBuiltinFuncs(aAnalyzeTableFuncs, ArraySize(aAnalyzeTableFuncs));
001578  }
001579  
001580  /*
001581  ** Attempt to extract a value from pExpr and use it to construct *ppVal.
001582  **
001583  ** If pAlloc is not NULL, then an UnpackedRecord object is created for
001584  ** pAlloc if one does not exist and the new value is added to the
001585  ** UnpackedRecord object.
001586  **
001587  ** A value is extracted in the following cases:
001588  **
001589  **  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
001590  **
001591  **  * The expression is a bound variable, and this is a reprepare, or
001592  **
001593  **  * The expression is a literal value.
001594  **
001595  ** On success, *ppVal is made to point to the extracted value.  The caller
001596  ** is responsible for ensuring that the value is eventually freed.
001597  */
001598  static int stat4ValueFromExpr(
001599    Parse *pParse,                  /* Parse context */
001600    Expr *pExpr,                    /* The expression to extract a value from */
001601    u8 affinity,                    /* Affinity to use */
001602    struct ValueNewStat4Ctx *pAlloc,/* How to allocate space.  Or NULL */
001603    sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
001604  ){
001605    int rc = SQLITE_OK;
001606    sqlite3_value *pVal = 0;
001607    sqlite3 *db = pParse->db;
001608  
001609    /* Skip over any TK_COLLATE nodes */
001610    pExpr = sqlite3ExprSkipCollate(pExpr);
001611  
001612    assert( pExpr==0 || pExpr->op!=TK_REGISTER || pExpr->op2!=TK_VARIABLE );
001613    if( !pExpr ){
001614      pVal = valueNew(db, pAlloc);
001615      if( pVal ){
001616        sqlite3VdbeMemSetNull((Mem*)pVal);
001617      }
001618    }else if( pExpr->op==TK_VARIABLE && (db->flags & SQLITE_EnableQPSG)==0 ){
001619      Vdbe *v;
001620      int iBindVar = pExpr->iColumn;
001621      sqlite3VdbeSetVarmask(pParse->pVdbe, iBindVar);
001622      if( (v = pParse->pReprepare)!=0 ){
001623        pVal = valueNew(db, pAlloc);
001624        if( pVal ){
001625          rc = sqlite3VdbeMemCopy((Mem*)pVal, &v->aVar[iBindVar-1]);
001626          sqlite3ValueApplyAffinity(pVal, affinity, ENC(db));
001627          pVal->db = pParse->db;
001628        }
001629      }
001630    }else{
001631      rc = valueFromExpr(db, pExpr, ENC(db), affinity, &pVal, pAlloc);
001632    }
001633  
001634    assert( pVal==0 || pVal->db==db );
001635    *ppVal = pVal;
001636    return rc;
001637  }
001638  
001639  /*
001640  ** This function is used to allocate and populate UnpackedRecord 
001641  ** structures intended to be compared against sample index keys stored 
001642  ** in the sqlite_stat4 table.
001643  **
001644  ** A single call to this function populates zero or more fields of the
001645  ** record starting with field iVal (fields are numbered from left to
001646  ** right starting with 0). A single field is populated if:
001647  **
001648  **  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
001649  **
001650  **  * The expression is a bound variable, and this is a reprepare, or
001651  **
001652  **  * The sqlite3ValueFromExpr() function is able to extract a value 
001653  **    from the expression (i.e. the expression is a literal value).
001654  **
001655  ** Or, if pExpr is a TK_VECTOR, one field is populated for each of the
001656  ** vector components that match either of the two latter criteria listed
001657  ** above.
001658  **
001659  ** Before any value is appended to the record, the affinity of the 
001660  ** corresponding column within index pIdx is applied to it. Before
001661  ** this function returns, output parameter *pnExtract is set to the
001662  ** number of values appended to the record.
001663  **
001664  ** When this function is called, *ppRec must either point to an object
001665  ** allocated by an earlier call to this function, or must be NULL. If it
001666  ** is NULL and a value can be successfully extracted, a new UnpackedRecord
001667  ** is allocated (and *ppRec set to point to it) before returning.
001668  **
001669  ** Unless an error is encountered, SQLITE_OK is returned. It is not an
001670  ** error if a value cannot be extracted from pExpr. If an error does
001671  ** occur, an SQLite error code is returned.
001672  */
001673  int sqlite3Stat4ProbeSetValue(
001674    Parse *pParse,                  /* Parse context */
001675    Index *pIdx,                    /* Index being probed */
001676    UnpackedRecord **ppRec,         /* IN/OUT: Probe record */
001677    Expr *pExpr,                    /* The expression to extract a value from */
001678    int nElem,                      /* Maximum number of values to append */
001679    int iVal,                       /* Array element to populate */
001680    int *pnExtract                  /* OUT: Values appended to the record */
001681  ){
001682    int rc = SQLITE_OK;
001683    int nExtract = 0;
001684  
001685    if( pExpr==0 || pExpr->op!=TK_SELECT ){
001686      int i;
001687      struct ValueNewStat4Ctx alloc;
001688  
001689      alloc.pParse = pParse;
001690      alloc.pIdx = pIdx;
001691      alloc.ppRec = ppRec;
001692  
001693      for(i=0; i<nElem; i++){
001694        sqlite3_value *pVal = 0;
001695        Expr *pElem = (pExpr ? sqlite3VectorFieldSubexpr(pExpr, i) : 0);
001696        u8 aff = sqlite3IndexColumnAffinity(pParse->db, pIdx, iVal+i);
001697        alloc.iVal = iVal+i;
001698        rc = stat4ValueFromExpr(pParse, pElem, aff, &alloc, &pVal);
001699        if( !pVal ) break;
001700        nExtract++;
001701      }
001702    }
001703  
001704    *pnExtract = nExtract;
001705    return rc;
001706  }
001707  
001708  /*
001709  ** Attempt to extract a value from expression pExpr using the methods
001710  ** as described for sqlite3Stat4ProbeSetValue() above. 
001711  **
001712  ** If successful, set *ppVal to point to a new value object and return 
001713  ** SQLITE_OK. If no value can be extracted, but no other error occurs
001714  ** (e.g. OOM), return SQLITE_OK and set *ppVal to NULL. Or, if an error
001715  ** does occur, return an SQLite error code. The final value of *ppVal
001716  ** is undefined in this case.
001717  */
001718  int sqlite3Stat4ValueFromExpr(
001719    Parse *pParse,                  /* Parse context */
001720    Expr *pExpr,                    /* The expression to extract a value from */
001721    u8 affinity,                    /* Affinity to use */
001722    sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
001723  ){
001724    return stat4ValueFromExpr(pParse, pExpr, affinity, 0, ppVal);
001725  }
001726  
001727  /*
001728  ** Extract the iCol-th column from the nRec-byte record in pRec.  Write
001729  ** the column value into *ppVal.  If *ppVal is initially NULL then a new
001730  ** sqlite3_value object is allocated.
001731  **
001732  ** If *ppVal is initially NULL then the caller is responsible for 
001733  ** ensuring that the value written into *ppVal is eventually freed.
001734  */
001735  int sqlite3Stat4Column(
001736    sqlite3 *db,                    /* Database handle */
001737    const void *pRec,               /* Pointer to buffer containing record */
001738    int nRec,                       /* Size of buffer pRec in bytes */
001739    int iCol,                       /* Column to extract */
001740    sqlite3_value **ppVal           /* OUT: Extracted value */
001741  ){
001742    u32 t;                          /* a column type code */
001743    int nHdr;                       /* Size of the header in the record */
001744    int iHdr;                       /* Next unread header byte */
001745    int iField;                     /* Next unread data byte */
001746    int szField;                    /* Size of the current data field */
001747    int i;                          /* Column index */
001748    u8 *a = (u8*)pRec;              /* Typecast byte array */
001749    Mem *pMem = *ppVal;             /* Write result into this Mem object */
001750  
001751    assert( iCol>0 );
001752    iHdr = getVarint32(a, nHdr);
001753    if( nHdr>nRec || iHdr>=nHdr ) return SQLITE_CORRUPT_BKPT;
001754    iField = nHdr;
001755    for(i=0; i<=iCol; i++){
001756      iHdr += getVarint32(&a[iHdr], t);
001757      testcase( iHdr==nHdr );
001758      testcase( iHdr==nHdr+1 );
001759      if( iHdr>nHdr ) return SQLITE_CORRUPT_BKPT;
001760      szField = sqlite3VdbeSerialTypeLen(t);
001761      iField += szField;
001762    }
001763    testcase( iField==nRec );
001764    testcase( iField==nRec+1 );
001765    if( iField>nRec ) return SQLITE_CORRUPT_BKPT;
001766    if( pMem==0 ){
001767      pMem = *ppVal = sqlite3ValueNew(db);
001768      if( pMem==0 ) return SQLITE_NOMEM_BKPT;
001769    }
001770    sqlite3VdbeSerialGet(&a[iField-szField], t, pMem);
001771    pMem->enc = ENC(db);
001772    return SQLITE_OK;
001773  }
001774  
001775  /*
001776  ** Unless it is NULL, the argument must be an UnpackedRecord object returned
001777  ** by an earlier call to sqlite3Stat4ProbeSetValue(). This call deletes
001778  ** the object.
001779  */
001780  void sqlite3Stat4ProbeFree(UnpackedRecord *pRec){
001781    if( pRec ){
001782      int i;
001783      int nCol = pRec->pKeyInfo->nAllField;
001784      Mem *aMem = pRec->aMem;
001785      sqlite3 *db = aMem[0].db;
001786      for(i=0; i<nCol; i++){
001787        sqlite3VdbeMemRelease(&aMem[i]);
001788      }
001789      sqlite3KeyInfoUnref(pRec->pKeyInfo);
001790      sqlite3DbFreeNN(db, pRec);
001791    }
001792  }
001793  #endif /* ifdef SQLITE_ENABLE_STAT4 */
001794  
001795  /*
001796  ** Change the string value of an sqlite3_value object
001797  */
001798  void sqlite3ValueSetStr(
001799    sqlite3_value *v,     /* Value to be set */
001800    int n,                /* Length of string z */
001801    const void *z,        /* Text of the new string */
001802    u8 enc,               /* Encoding to use */
001803    void (*xDel)(void*)   /* Destructor for the string */
001804  ){
001805    if( v ) sqlite3VdbeMemSetStr((Mem *)v, z, n, enc, xDel);
001806  }
001807  
001808  /*
001809  ** Free an sqlite3_value object
001810  */
001811  void sqlite3ValueFree(sqlite3_value *v){
001812    if( !v ) return;
001813    sqlite3VdbeMemRelease((Mem *)v);
001814    sqlite3DbFreeNN(((Mem*)v)->db, v);
001815  }
001816  
001817  /*
001818  ** The sqlite3ValueBytes() routine returns the number of bytes in the
001819  ** sqlite3_value object assuming that it uses the encoding "enc".
001820  ** The valueBytes() routine is a helper function.
001821  */
001822  static SQLITE_NOINLINE int valueBytes(sqlite3_value *pVal, u8 enc){
001823    return valueToText(pVal, enc)!=0 ? pVal->n : 0;
001824  }
001825  int sqlite3ValueBytes(sqlite3_value *pVal, u8 enc){
001826    Mem *p = (Mem*)pVal;
001827    assert( (p->flags & MEM_Null)==0 || (p->flags & (MEM_Str|MEM_Blob))==0 );
001828    if( (p->flags & MEM_Str)!=0 && pVal->enc==enc ){
001829      return p->n;
001830    }
001831    if( (p->flags & MEM_Blob)!=0 ){
001832      if( p->flags & MEM_Zero ){
001833        return p->n + p->u.nZero;
001834      }else{
001835        return p->n;
001836      }
001837    }
001838    if( p->flags & MEM_Null ) return 0;
001839    return valueBytes(pVal, enc);
001840  }