000001  /*
000002  ** 2004 May 26
000003  **
000004  ** The author disclaims copyright to this source code.  In place of
000005  ** a legal notice, here is a blessing:
000006  **
000007  **    May you do good and not evil.
000008  **    May you find forgiveness for yourself and forgive others.
000009  **    May you share freely, never taking more than you give.
000010  **
000011  *************************************************************************
000012  **
000013  ** This file contains code use to manipulate "Mem" structure.  A "Mem"
000014  ** stores a single value in the VDBE.  Mem is an opaque structure visible
000015  ** only within the VDBE.  Interface routines refer to a Mem using the
000016  ** name sqlite_value
000017  */
000018  #include "sqliteInt.h"
000019  #include "vdbeInt.h"
000020  
000021  #ifdef SQLITE_DEBUG
000022  /*
000023  ** Check invariants on a Mem object.
000024  **
000025  ** This routine is intended for use inside of assert() statements, like
000026  ** this:    assert( sqlite3VdbeCheckMemInvariants(pMem) );
000027  */
000028  int sqlite3VdbeCheckMemInvariants(Mem *p){
000029    /* If MEM_Dyn is set then Mem.xDel!=0.  
000030    ** Mem.xDel might not be initialized if MEM_Dyn is clear.
000031    */
000032    assert( (p->flags & MEM_Dyn)==0 || p->xDel!=0 );
000033  
000034    /* MEM_Dyn may only be set if Mem.szMalloc==0.  In this way we
000035    ** ensure that if Mem.szMalloc>0 then it is safe to do
000036    ** Mem.z = Mem.zMalloc without having to check Mem.flags&MEM_Dyn.
000037    ** That saves a few cycles in inner loops. */
000038    assert( (p->flags & MEM_Dyn)==0 || p->szMalloc==0 );
000039  
000040    /* Cannot be both MEM_Int and MEM_Real at the same time */
000041    assert( (p->flags & (MEM_Int|MEM_Real))!=(MEM_Int|MEM_Real) );
000042  
000043    if( p->flags & MEM_Null ){
000044      /* Cannot be both MEM_Null and some other type */
000045      assert( (p->flags & (MEM_Int|MEM_Real|MEM_Str|MEM_Blob
000046                           |MEM_RowSet|MEM_Frame|MEM_Agg|MEM_Zero))==0 );
000047  
000048      /* If MEM_Null is set, then either the value is a pure NULL (the usual
000049      ** case) or it is a pointer set using sqlite3_bind_pointer() or
000050      ** sqlite3_result_pointer().  If a pointer, then MEM_Term must also be
000051      ** set.
000052      */
000053      if( (p->flags & (MEM_Term|MEM_Subtype))==(MEM_Term|MEM_Subtype) ){
000054        /* This is a pointer type.  There may be a flag to indicate what to
000055        ** do with the pointer. */
000056        assert( ((p->flags&MEM_Dyn)!=0 ? 1 : 0) +
000057                ((p->flags&MEM_Ephem)!=0 ? 1 : 0) +
000058                ((p->flags&MEM_Static)!=0 ? 1 : 0) <= 1 );
000059  
000060        /* No other bits set */
000061        assert( (p->flags & ~(MEM_Null|MEM_Term|MEM_Subtype
000062                             |MEM_Dyn|MEM_Ephem|MEM_Static))==0 );
000063      }else{
000064        /* A pure NULL might have other flags, such as MEM_Static, MEM_Dyn,
000065        ** MEM_Ephem, MEM_Cleared, or MEM_Subtype */
000066      }
000067    }else{
000068      /* The MEM_Cleared bit is only allowed on NULLs */
000069      assert( (p->flags & MEM_Cleared)==0 );
000070    }
000071  
000072    /* The szMalloc field holds the correct memory allocation size */
000073    assert( p->szMalloc==0
000074         || p->szMalloc==sqlite3DbMallocSize(p->db,p->zMalloc) );
000075  
000076    /* If p holds a string or blob, the Mem.z must point to exactly
000077    ** one of the following:
000078    **
000079    **   (1) Memory in Mem.zMalloc and managed by the Mem object
000080    **   (2) Memory to be freed using Mem.xDel
000081    **   (3) An ephemeral string or blob
000082    **   (4) A static string or blob
000083    */
000084    if( (p->flags & (MEM_Str|MEM_Blob)) && p->n>0 ){
000085      assert( 
000086        ((p->szMalloc>0 && p->z==p->zMalloc)? 1 : 0) +
000087        ((p->flags&MEM_Dyn)!=0 ? 1 : 0) +
000088        ((p->flags&MEM_Ephem)!=0 ? 1 : 0) +
000089        ((p->flags&MEM_Static)!=0 ? 1 : 0) == 1
000090      );
000091    }
000092    return 1;
000093  }
000094  #endif
000095  
000096  
000097  /*
000098  ** If pMem is an object with a valid string representation, this routine
000099  ** ensures the internal encoding for the string representation is
000100  ** 'desiredEnc', one of SQLITE_UTF8, SQLITE_UTF16LE or SQLITE_UTF16BE.
000101  **
000102  ** If pMem is not a string object, or the encoding of the string
000103  ** representation is already stored using the requested encoding, then this
000104  ** routine is a no-op.
000105  **
000106  ** SQLITE_OK is returned if the conversion is successful (or not required).
000107  ** SQLITE_NOMEM may be returned if a malloc() fails during conversion
000108  ** between formats.
000109  */
000110  int sqlite3VdbeChangeEncoding(Mem *pMem, int desiredEnc){
000111  #ifndef SQLITE_OMIT_UTF16
000112    int rc;
000113  #endif
000114    assert( (pMem->flags&MEM_RowSet)==0 );
000115    assert( desiredEnc==SQLITE_UTF8 || desiredEnc==SQLITE_UTF16LE
000116             || desiredEnc==SQLITE_UTF16BE );
000117    if( !(pMem->flags&MEM_Str) || pMem->enc==desiredEnc ){
000118      return SQLITE_OK;
000119    }
000120    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000121  #ifdef SQLITE_OMIT_UTF16
000122    return SQLITE_ERROR;
000123  #else
000124  
000125    /* MemTranslate() may return SQLITE_OK or SQLITE_NOMEM. If NOMEM is returned,
000126    ** then the encoding of the value may not have changed.
000127    */
000128    rc = sqlite3VdbeMemTranslate(pMem, (u8)desiredEnc);
000129    assert(rc==SQLITE_OK    || rc==SQLITE_NOMEM);
000130    assert(rc==SQLITE_OK    || pMem->enc!=desiredEnc);
000131    assert(rc==SQLITE_NOMEM || pMem->enc==desiredEnc);
000132    return rc;
000133  #endif
000134  }
000135  
000136  /*
000137  ** Make sure pMem->z points to a writable allocation of at least 
000138  ** min(n,32) bytes.
000139  **
000140  ** If the bPreserve argument is true, then copy of the content of
000141  ** pMem->z into the new allocation.  pMem must be either a string or
000142  ** blob if bPreserve is true.  If bPreserve is false, any prior content
000143  ** in pMem->z is discarded.
000144  */
000145  SQLITE_NOINLINE int sqlite3VdbeMemGrow(Mem *pMem, int n, int bPreserve){
000146    assert( sqlite3VdbeCheckMemInvariants(pMem) );
000147    assert( (pMem->flags&MEM_RowSet)==0 );
000148    testcase( pMem->db==0 );
000149  
000150    /* If the bPreserve flag is set to true, then the memory cell must already
000151    ** contain a valid string or blob value.  */
000152    assert( bPreserve==0 || pMem->flags&(MEM_Blob|MEM_Str) );
000153    testcase( bPreserve && pMem->z==0 );
000154  
000155    assert( pMem->szMalloc==0
000156         || pMem->szMalloc==sqlite3DbMallocSize(pMem->db, pMem->zMalloc) );
000157    if( n<32 ) n = 32;
000158    if( pMem->szMalloc>0 && bPreserve && pMem->z==pMem->zMalloc ){
000159      pMem->z = pMem->zMalloc = sqlite3DbReallocOrFree(pMem->db, pMem->z, n);
000160      bPreserve = 0;
000161    }else{
000162      if( pMem->szMalloc>0 ) sqlite3DbFreeNN(pMem->db, pMem->zMalloc);
000163      pMem->zMalloc = sqlite3DbMallocRaw(pMem->db, n);
000164    }
000165    if( pMem->zMalloc==0 ){
000166      sqlite3VdbeMemSetNull(pMem);
000167      pMem->z = 0;
000168      pMem->szMalloc = 0;
000169      return SQLITE_NOMEM_BKPT;
000170    }else{
000171      pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
000172    }
000173  
000174    if( bPreserve && pMem->z ){
000175      assert( pMem->z!=pMem->zMalloc );
000176      memcpy(pMem->zMalloc, pMem->z, pMem->n);
000177    }
000178    if( (pMem->flags&MEM_Dyn)!=0 ){
000179      assert( pMem->xDel!=0 && pMem->xDel!=SQLITE_DYNAMIC );
000180      pMem->xDel((void *)(pMem->z));
000181    }
000182  
000183    pMem->z = pMem->zMalloc;
000184    pMem->flags &= ~(MEM_Dyn|MEM_Ephem|MEM_Static);
000185    return SQLITE_OK;
000186  }
000187  
000188  /*
000189  ** Change the pMem->zMalloc allocation to be at least szNew bytes.
000190  ** If pMem->zMalloc already meets or exceeds the requested size, this
000191  ** routine is a no-op.
000192  **
000193  ** Any prior string or blob content in the pMem object may be discarded.
000194  ** The pMem->xDel destructor is called, if it exists.  Though MEM_Str
000195  ** and MEM_Blob values may be discarded, MEM_Int, MEM_Real, and MEM_Null
000196  ** values are preserved.
000197  **
000198  ** Return SQLITE_OK on success or an error code (probably SQLITE_NOMEM)
000199  ** if unable to complete the resizing.
000200  */
000201  int sqlite3VdbeMemClearAndResize(Mem *pMem, int szNew){
000202    assert( szNew>0 );
000203    assert( (pMem->flags & MEM_Dyn)==0 || pMem->szMalloc==0 );
000204    if( pMem->szMalloc<szNew ){
000205      return sqlite3VdbeMemGrow(pMem, szNew, 0);
000206    }
000207    assert( (pMem->flags & MEM_Dyn)==0 );
000208    pMem->z = pMem->zMalloc;
000209    pMem->flags &= (MEM_Null|MEM_Int|MEM_Real);
000210    return SQLITE_OK;
000211  }
000212  
000213  /*
000214  ** It is already known that pMem contains an unterminated string.
000215  ** Add the zero terminator.
000216  */
000217  static SQLITE_NOINLINE int vdbeMemAddTerminator(Mem *pMem){
000218    if( sqlite3VdbeMemGrow(pMem, pMem->n+2, 1) ){
000219      return SQLITE_NOMEM_BKPT;
000220    }
000221    pMem->z[pMem->n] = 0;
000222    pMem->z[pMem->n+1] = 0;
000223    pMem->flags |= MEM_Term;
000224    return SQLITE_OK;
000225  }
000226  
000227  /*
000228  ** Change pMem so that its MEM_Str or MEM_Blob value is stored in
000229  ** MEM.zMalloc, where it can be safely written.
000230  **
000231  ** Return SQLITE_OK on success or SQLITE_NOMEM if malloc fails.
000232  */
000233  int sqlite3VdbeMemMakeWriteable(Mem *pMem){
000234    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000235    assert( (pMem->flags&MEM_RowSet)==0 );
000236    if( (pMem->flags & (MEM_Str|MEM_Blob))!=0 ){
000237      if( ExpandBlob(pMem) ) return SQLITE_NOMEM;
000238      if( pMem->szMalloc==0 || pMem->z!=pMem->zMalloc ){
000239        int rc = vdbeMemAddTerminator(pMem);
000240        if( rc ) return rc;
000241      }
000242    }
000243    pMem->flags &= ~MEM_Ephem;
000244  #ifdef SQLITE_DEBUG
000245    pMem->pScopyFrom = 0;
000246  #endif
000247  
000248    return SQLITE_OK;
000249  }
000250  
000251  /*
000252  ** If the given Mem* has a zero-filled tail, turn it into an ordinary
000253  ** blob stored in dynamically allocated space.
000254  */
000255  #ifndef SQLITE_OMIT_INCRBLOB
000256  int sqlite3VdbeMemExpandBlob(Mem *pMem){
000257    int nByte;
000258    assert( pMem->flags & MEM_Zero );
000259    assert( pMem->flags&MEM_Blob );
000260    assert( (pMem->flags&MEM_RowSet)==0 );
000261    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000262  
000263    /* Set nByte to the number of bytes required to store the expanded blob. */
000264    nByte = pMem->n + pMem->u.nZero;
000265    if( nByte<=0 ){
000266      nByte = 1;
000267    }
000268    if( sqlite3VdbeMemGrow(pMem, nByte, 1) ){
000269      return SQLITE_NOMEM_BKPT;
000270    }
000271  
000272    memset(&pMem->z[pMem->n], 0, pMem->u.nZero);
000273    pMem->n += pMem->u.nZero;
000274    pMem->flags &= ~(MEM_Zero|MEM_Term);
000275    return SQLITE_OK;
000276  }
000277  #endif
000278  
000279  /*
000280  ** Make sure the given Mem is \u0000 terminated.
000281  */
000282  int sqlite3VdbeMemNulTerminate(Mem *pMem){
000283    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000284    testcase( (pMem->flags & (MEM_Term|MEM_Str))==(MEM_Term|MEM_Str) );
000285    testcase( (pMem->flags & (MEM_Term|MEM_Str))==0 );
000286    if( (pMem->flags & (MEM_Term|MEM_Str))!=MEM_Str ){
000287      return SQLITE_OK;   /* Nothing to do */
000288    }else{
000289      return vdbeMemAddTerminator(pMem);
000290    }
000291  }
000292  
000293  /*
000294  ** Add MEM_Str to the set of representations for the given Mem.  Numbers
000295  ** are converted using sqlite3_snprintf().  Converting a BLOB to a string
000296  ** is a no-op.
000297  **
000298  ** Existing representations MEM_Int and MEM_Real are invalidated if
000299  ** bForce is true but are retained if bForce is false.
000300  **
000301  ** A MEM_Null value will never be passed to this function. This function is
000302  ** used for converting values to text for returning to the user (i.e. via
000303  ** sqlite3_value_text()), or for ensuring that values to be used as btree
000304  ** keys are strings. In the former case a NULL pointer is returned the
000305  ** user and the latter is an internal programming error.
000306  */
000307  int sqlite3VdbeMemStringify(Mem *pMem, u8 enc, u8 bForce){
000308    int fg = pMem->flags;
000309    const int nByte = 32;
000310  
000311    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000312    assert( !(fg&MEM_Zero) );
000313    assert( !(fg&(MEM_Str|MEM_Blob)) );
000314    assert( fg&(MEM_Int|MEM_Real) );
000315    assert( (pMem->flags&MEM_RowSet)==0 );
000316    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000317  
000318  
000319    if( sqlite3VdbeMemClearAndResize(pMem, nByte) ){
000320      pMem->enc = 0;
000321      return SQLITE_NOMEM_BKPT;
000322    }
000323  
000324    /* For a Real or Integer, use sqlite3_snprintf() to produce the UTF-8
000325    ** string representation of the value. Then, if the required encoding
000326    ** is UTF-16le or UTF-16be do a translation.
000327    ** 
000328    ** FIX ME: It would be better if sqlite3_snprintf() could do UTF-16.
000329    */
000330    if( fg & MEM_Int ){
000331      sqlite3_snprintf(nByte, pMem->z, "%lld", pMem->u.i);
000332    }else{
000333      assert( fg & MEM_Real );
000334      sqlite3_snprintf(nByte, pMem->z, "%!.15g", pMem->u.r);
000335    }
000336    pMem->n = sqlite3Strlen30(pMem->z);
000337    pMem->enc = SQLITE_UTF8;
000338    pMem->flags |= MEM_Str|MEM_Term;
000339    if( bForce ) pMem->flags &= ~(MEM_Int|MEM_Real);
000340    sqlite3VdbeChangeEncoding(pMem, enc);
000341    return SQLITE_OK;
000342  }
000343  
000344  /*
000345  ** Memory cell pMem contains the context of an aggregate function.
000346  ** This routine calls the finalize method for that function.  The
000347  ** result of the aggregate is stored back into pMem.
000348  **
000349  ** Return SQLITE_ERROR if the finalizer reports an error.  SQLITE_OK
000350  ** otherwise.
000351  */
000352  int sqlite3VdbeMemFinalize(Mem *pMem, FuncDef *pFunc){
000353    int rc = SQLITE_OK;
000354    if( ALWAYS(pFunc && pFunc->xFinalize) ){
000355      sqlite3_context ctx;
000356      Mem t;
000357      assert( (pMem->flags & MEM_Null)!=0 || pFunc==pMem->u.pDef );
000358      assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000359      memset(&ctx, 0, sizeof(ctx));
000360      memset(&t, 0, sizeof(t));
000361      t.flags = MEM_Null;
000362      t.db = pMem->db;
000363      ctx.pOut = &t;
000364      ctx.pMem = pMem;
000365      ctx.pFunc = pFunc;
000366      pFunc->xFinalize(&ctx); /* IMP: R-24505-23230 */
000367      assert( (pMem->flags & MEM_Dyn)==0 );
000368      if( pMem->szMalloc>0 ) sqlite3DbFreeNN(pMem->db, pMem->zMalloc);
000369      memcpy(pMem, &t, sizeof(t));
000370      rc = ctx.isError;
000371    }
000372    return rc;
000373  }
000374  
000375  /*
000376  ** If the memory cell contains a value that must be freed by
000377  ** invoking the external callback in Mem.xDel, then this routine
000378  ** will free that value.  It also sets Mem.flags to MEM_Null.
000379  **
000380  ** This is a helper routine for sqlite3VdbeMemSetNull() and
000381  ** for sqlite3VdbeMemRelease().  Use those other routines as the
000382  ** entry point for releasing Mem resources.
000383  */
000384  static SQLITE_NOINLINE void vdbeMemClearExternAndSetNull(Mem *p){
000385    assert( p->db==0 || sqlite3_mutex_held(p->db->mutex) );
000386    assert( VdbeMemDynamic(p) );
000387    if( p->flags&MEM_Agg ){
000388      sqlite3VdbeMemFinalize(p, p->u.pDef);
000389      assert( (p->flags & MEM_Agg)==0 );
000390      testcase( p->flags & MEM_Dyn );
000391    }
000392    if( p->flags&MEM_Dyn ){
000393      assert( (p->flags&MEM_RowSet)==0 );
000394      assert( p->xDel!=SQLITE_DYNAMIC && p->xDel!=0 );
000395      p->xDel((void *)p->z);
000396    }else if( p->flags&MEM_RowSet ){
000397      sqlite3RowSetClear(p->u.pRowSet);
000398    }else if( p->flags&MEM_Frame ){
000399      VdbeFrame *pFrame = p->u.pFrame;
000400      pFrame->pParent = pFrame->v->pDelFrame;
000401      pFrame->v->pDelFrame = pFrame;
000402    }
000403    p->flags = MEM_Null;
000404  }
000405  
000406  /*
000407  ** Release memory held by the Mem p, both external memory cleared
000408  ** by p->xDel and memory in p->zMalloc.
000409  **
000410  ** This is a helper routine invoked by sqlite3VdbeMemRelease() in
000411  ** the unusual case where there really is memory in p that needs
000412  ** to be freed.
000413  */
000414  static SQLITE_NOINLINE void vdbeMemClear(Mem *p){
000415    if( VdbeMemDynamic(p) ){
000416      vdbeMemClearExternAndSetNull(p);
000417    }
000418    if( p->szMalloc ){
000419      sqlite3DbFreeNN(p->db, p->zMalloc);
000420      p->szMalloc = 0;
000421    }
000422    p->z = 0;
000423  }
000424  
000425  /*
000426  ** Release any memory resources held by the Mem.  Both the memory that is
000427  ** free by Mem.xDel and the Mem.zMalloc allocation are freed.
000428  **
000429  ** Use this routine prior to clean up prior to abandoning a Mem, or to
000430  ** reset a Mem back to its minimum memory utilization.
000431  **
000432  ** Use sqlite3VdbeMemSetNull() to release just the Mem.xDel space
000433  ** prior to inserting new content into the Mem.
000434  */
000435  void sqlite3VdbeMemRelease(Mem *p){
000436    assert( sqlite3VdbeCheckMemInvariants(p) );
000437    if( VdbeMemDynamic(p) || p->szMalloc ){
000438      vdbeMemClear(p);
000439    }
000440  }
000441  
000442  /*
000443  ** Convert a 64-bit IEEE double into a 64-bit signed integer.
000444  ** If the double is out of range of a 64-bit signed integer then
000445  ** return the closest available 64-bit signed integer.
000446  */
000447  static SQLITE_NOINLINE i64 doubleToInt64(double r){
000448  #ifdef SQLITE_OMIT_FLOATING_POINT
000449    /* When floating-point is omitted, double and int64 are the same thing */
000450    return r;
000451  #else
000452    /*
000453    ** Many compilers we encounter do not define constants for the
000454    ** minimum and maximum 64-bit integers, or they define them
000455    ** inconsistently.  And many do not understand the "LL" notation.
000456    ** So we define our own static constants here using nothing
000457    ** larger than a 32-bit integer constant.
000458    */
000459    static const i64 maxInt = LARGEST_INT64;
000460    static const i64 minInt = SMALLEST_INT64;
000461  
000462    if( r<=(double)minInt ){
000463      return minInt;
000464    }else if( r>=(double)maxInt ){
000465      return maxInt;
000466    }else{
000467      return (i64)r;
000468    }
000469  #endif
000470  }
000471  
000472  /*
000473  ** Return some kind of integer value which is the best we can do
000474  ** at representing the value that *pMem describes as an integer.
000475  ** If pMem is an integer, then the value is exact.  If pMem is
000476  ** a floating-point then the value returned is the integer part.
000477  ** If pMem is a string or blob, then we make an attempt to convert
000478  ** it into an integer and return that.  If pMem represents an
000479  ** an SQL-NULL value, return 0.
000480  **
000481  ** If pMem represents a string value, its encoding might be changed.
000482  */
000483  static SQLITE_NOINLINE i64 memIntValue(Mem *pMem){
000484    i64 value = 0;
000485    sqlite3Atoi64(pMem->z, &value, pMem->n, pMem->enc);
000486    return value;
000487  }
000488  i64 sqlite3VdbeIntValue(Mem *pMem){
000489    int flags;
000490    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000491    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000492    flags = pMem->flags;
000493    if( flags & MEM_Int ){
000494      return pMem->u.i;
000495    }else if( flags & MEM_Real ){
000496      return doubleToInt64(pMem->u.r);
000497    }else if( flags & (MEM_Str|MEM_Blob) ){
000498      assert( pMem->z || pMem->n==0 );
000499      return memIntValue(pMem);
000500    }else{
000501      return 0;
000502    }
000503  }
000504  
000505  /*
000506  ** Return the best representation of pMem that we can get into a
000507  ** double.  If pMem is already a double or an integer, return its
000508  ** value.  If it is a string or blob, try to convert it to a double.
000509  ** If it is a NULL, return 0.0.
000510  */
000511  static SQLITE_NOINLINE double memRealValue(Mem *pMem){
000512    /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
000513    double val = (double)0;
000514    sqlite3AtoF(pMem->z, &val, pMem->n, pMem->enc);
000515    return val;
000516  }
000517  double sqlite3VdbeRealValue(Mem *pMem){
000518    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000519    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000520    if( pMem->flags & MEM_Real ){
000521      return pMem->u.r;
000522    }else if( pMem->flags & MEM_Int ){
000523      return (double)pMem->u.i;
000524    }else if( pMem->flags & (MEM_Str|MEM_Blob) ){
000525      return memRealValue(pMem);
000526    }else{
000527      /* (double)0 In case of SQLITE_OMIT_FLOATING_POINT... */
000528      return (double)0;
000529    }
000530  }
000531  
000532  /*
000533  ** The MEM structure is already a MEM_Real.  Try to also make it a
000534  ** MEM_Int if we can.
000535  */
000536  void sqlite3VdbeIntegerAffinity(Mem *pMem){
000537    i64 ix;
000538    assert( pMem->flags & MEM_Real );
000539    assert( (pMem->flags & MEM_RowSet)==0 );
000540    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000541    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000542  
000543    ix = doubleToInt64(pMem->u.r);
000544  
000545    /* Only mark the value as an integer if
000546    **
000547    **    (1) the round-trip conversion real->int->real is a no-op, and
000548    **    (2) The integer is neither the largest nor the smallest
000549    **        possible integer (ticket #3922)
000550    **
000551    ** The second and third terms in the following conditional enforces
000552    ** the second condition under the assumption that addition overflow causes
000553    ** values to wrap around.
000554    */
000555    if( pMem->u.r==ix && ix>SMALLEST_INT64 && ix<LARGEST_INT64 ){
000556      pMem->u.i = ix;
000557      MemSetTypeFlag(pMem, MEM_Int);
000558    }
000559  }
000560  
000561  /*
000562  ** Convert pMem to type integer.  Invalidate any prior representations.
000563  */
000564  int sqlite3VdbeMemIntegerify(Mem *pMem){
000565    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000566    assert( (pMem->flags & MEM_RowSet)==0 );
000567    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000568  
000569    pMem->u.i = sqlite3VdbeIntValue(pMem);
000570    MemSetTypeFlag(pMem, MEM_Int);
000571    return SQLITE_OK;
000572  }
000573  
000574  /*
000575  ** Convert pMem so that it is of type MEM_Real.
000576  ** Invalidate any prior representations.
000577  */
000578  int sqlite3VdbeMemRealify(Mem *pMem){
000579    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000580    assert( EIGHT_BYTE_ALIGNMENT(pMem) );
000581  
000582    pMem->u.r = sqlite3VdbeRealValue(pMem);
000583    MemSetTypeFlag(pMem, MEM_Real);
000584    return SQLITE_OK;
000585  }
000586  
000587  /*
000588  ** Convert pMem so that it has types MEM_Real or MEM_Int or both.
000589  ** Invalidate any prior representations.
000590  **
000591  ** Every effort is made to force the conversion, even if the input
000592  ** is a string that does not look completely like a number.  Convert
000593  ** as much of the string as we can and ignore the rest.
000594  */
000595  int sqlite3VdbeMemNumerify(Mem *pMem){
000596    if( (pMem->flags & (MEM_Int|MEM_Real|MEM_Null))==0 ){
000597      int rc;
000598      assert( (pMem->flags & (MEM_Blob|MEM_Str))!=0 );
000599      assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000600      rc = sqlite3Atoi64(pMem->z, &pMem->u.i, pMem->n, pMem->enc);
000601      if( rc==0 ){
000602        MemSetTypeFlag(pMem, MEM_Int);
000603      }else{
000604        i64 i = pMem->u.i;
000605        sqlite3AtoF(pMem->z, &pMem->u.r, pMem->n, pMem->enc);
000606        if( rc==1 && pMem->u.r==(double)i ){
000607          pMem->u.i = i;
000608          MemSetTypeFlag(pMem, MEM_Int);
000609        }else{
000610          MemSetTypeFlag(pMem, MEM_Real);
000611        }
000612      }
000613    }
000614    assert( (pMem->flags & (MEM_Int|MEM_Real|MEM_Null))!=0 );
000615    pMem->flags &= ~(MEM_Str|MEM_Blob|MEM_Zero);
000616    return SQLITE_OK;
000617  }
000618  
000619  /*
000620  ** Cast the datatype of the value in pMem according to the affinity
000621  ** "aff".  Casting is different from applying affinity in that a cast
000622  ** is forced.  In other words, the value is converted into the desired
000623  ** affinity even if that results in loss of data.  This routine is
000624  ** used (for example) to implement the SQL "cast()" operator.
000625  */
000626  void sqlite3VdbeMemCast(Mem *pMem, u8 aff, u8 encoding){
000627    if( pMem->flags & MEM_Null ) return;
000628    switch( aff ){
000629      case SQLITE_AFF_BLOB: {   /* Really a cast to BLOB */
000630        if( (pMem->flags & MEM_Blob)==0 ){
000631          sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
000632          assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
000633          if( pMem->flags & MEM_Str ) MemSetTypeFlag(pMem, MEM_Blob);
000634        }else{
000635          pMem->flags &= ~(MEM_TypeMask&~MEM_Blob);
000636        }
000637        break;
000638      }
000639      case SQLITE_AFF_NUMERIC: {
000640        sqlite3VdbeMemNumerify(pMem);
000641        break;
000642      }
000643      case SQLITE_AFF_INTEGER: {
000644        sqlite3VdbeMemIntegerify(pMem);
000645        break;
000646      }
000647      case SQLITE_AFF_REAL: {
000648        sqlite3VdbeMemRealify(pMem);
000649        break;
000650      }
000651      default: {
000652        assert( aff==SQLITE_AFF_TEXT );
000653        assert( MEM_Str==(MEM_Blob>>3) );
000654        pMem->flags |= (pMem->flags&MEM_Blob)>>3;
000655        sqlite3ValueApplyAffinity(pMem, SQLITE_AFF_TEXT, encoding);
000656        assert( pMem->flags & MEM_Str || pMem->db->mallocFailed );
000657        pMem->flags &= ~(MEM_Int|MEM_Real|MEM_Blob|MEM_Zero);
000658        break;
000659      }
000660    }
000661  }
000662  
000663  /*
000664  ** Initialize bulk memory to be a consistent Mem object.
000665  **
000666  ** The minimum amount of initialization feasible is performed.
000667  */
000668  void sqlite3VdbeMemInit(Mem *pMem, sqlite3 *db, u16 flags){
000669    assert( (flags & ~MEM_TypeMask)==0 );
000670    pMem->flags = flags;
000671    pMem->db = db;
000672    pMem->szMalloc = 0;
000673  }
000674  
000675  
000676  /*
000677  ** Delete any previous value and set the value stored in *pMem to NULL.
000678  **
000679  ** This routine calls the Mem.xDel destructor to dispose of values that
000680  ** require the destructor.  But it preserves the Mem.zMalloc memory allocation.
000681  ** To free all resources, use sqlite3VdbeMemRelease(), which both calls this
000682  ** routine to invoke the destructor and deallocates Mem.zMalloc.
000683  **
000684  ** Use this routine to reset the Mem prior to insert a new value.
000685  **
000686  ** Use sqlite3VdbeMemRelease() to complete erase the Mem prior to abandoning it.
000687  */
000688  void sqlite3VdbeMemSetNull(Mem *pMem){
000689    if( VdbeMemDynamic(pMem) ){
000690      vdbeMemClearExternAndSetNull(pMem);
000691    }else{
000692      pMem->flags = MEM_Null;
000693    }
000694  }
000695  void sqlite3ValueSetNull(sqlite3_value *p){
000696    sqlite3VdbeMemSetNull((Mem*)p); 
000697  }
000698  
000699  /*
000700  ** Delete any previous value and set the value to be a BLOB of length
000701  ** n containing all zeros.
000702  */
000703  void sqlite3VdbeMemSetZeroBlob(Mem *pMem, int n){
000704    sqlite3VdbeMemRelease(pMem);
000705    pMem->flags = MEM_Blob|MEM_Zero;
000706    pMem->n = 0;
000707    if( n<0 ) n = 0;
000708    pMem->u.nZero = n;
000709    pMem->enc = SQLITE_UTF8;
000710    pMem->z = 0;
000711  }
000712  
000713  /*
000714  ** The pMem is known to contain content that needs to be destroyed prior
000715  ** to a value change.  So invoke the destructor, then set the value to
000716  ** a 64-bit integer.
000717  */
000718  static SQLITE_NOINLINE void vdbeReleaseAndSetInt64(Mem *pMem, i64 val){
000719    sqlite3VdbeMemSetNull(pMem);
000720    pMem->u.i = val;
000721    pMem->flags = MEM_Int;
000722  }
000723  
000724  /*
000725  ** Delete any previous value and set the value stored in *pMem to val,
000726  ** manifest type INTEGER.
000727  */
000728  void sqlite3VdbeMemSetInt64(Mem *pMem, i64 val){
000729    if( VdbeMemDynamic(pMem) ){
000730      vdbeReleaseAndSetInt64(pMem, val);
000731    }else{
000732      pMem->u.i = val;
000733      pMem->flags = MEM_Int;
000734    }
000735  }
000736  
000737  /* A no-op destructor */
000738  static void sqlite3NoopDestructor(void *p){ UNUSED_PARAMETER(p); }
000739  
000740  /*
000741  ** Set the value stored in *pMem should already be a NULL.
000742  ** Also store a pointer to go with it.
000743  */
000744  void sqlite3VdbeMemSetPointer(
000745    Mem *pMem,
000746    void *pPtr,
000747    const char *zPType,
000748    void (*xDestructor)(void*)
000749  ){
000750    assert( pMem->flags==MEM_Null );
000751    pMem->u.zPType = zPType ? zPType : "";
000752    pMem->z = pPtr;
000753    pMem->flags = MEM_Null|MEM_Dyn|MEM_Subtype|MEM_Term;
000754    pMem->eSubtype = 'p';
000755    pMem->xDel = xDestructor ? xDestructor : sqlite3NoopDestructor;
000756  }
000757  
000758  #ifndef SQLITE_OMIT_FLOATING_POINT
000759  /*
000760  ** Delete any previous value and set the value stored in *pMem to val,
000761  ** manifest type REAL.
000762  */
000763  void sqlite3VdbeMemSetDouble(Mem *pMem, double val){
000764    sqlite3VdbeMemSetNull(pMem);
000765    if( !sqlite3IsNaN(val) ){
000766      pMem->u.r = val;
000767      pMem->flags = MEM_Real;
000768    }
000769  }
000770  #endif
000771  
000772  /*
000773  ** Delete any previous value and set the value of pMem to be an
000774  ** empty boolean index.
000775  */
000776  void sqlite3VdbeMemSetRowSet(Mem *pMem){
000777    sqlite3 *db = pMem->db;
000778    assert( db!=0 );
000779    assert( (pMem->flags & MEM_RowSet)==0 );
000780    sqlite3VdbeMemRelease(pMem);
000781    pMem->zMalloc = sqlite3DbMallocRawNN(db, 64);
000782    if( db->mallocFailed ){
000783      pMem->flags = MEM_Null;
000784      pMem->szMalloc = 0;
000785    }else{
000786      assert( pMem->zMalloc );
000787      pMem->szMalloc = sqlite3DbMallocSize(db, pMem->zMalloc);
000788      pMem->u.pRowSet = sqlite3RowSetInit(db, pMem->zMalloc, pMem->szMalloc);
000789      assert( pMem->u.pRowSet!=0 );
000790      pMem->flags = MEM_RowSet;
000791    }
000792  }
000793  
000794  /*
000795  ** Return true if the Mem object contains a TEXT or BLOB that is
000796  ** too large - whose size exceeds SQLITE_MAX_LENGTH.
000797  */
000798  int sqlite3VdbeMemTooBig(Mem *p){
000799    assert( p->db!=0 );
000800    if( p->flags & (MEM_Str|MEM_Blob) ){
000801      int n = p->n;
000802      if( p->flags & MEM_Zero ){
000803        n += p->u.nZero;
000804      }
000805      return n>p->db->aLimit[SQLITE_LIMIT_LENGTH];
000806    }
000807    return 0; 
000808  }
000809  
000810  #ifdef SQLITE_DEBUG
000811  /*
000812  ** This routine prepares a memory cell for modification by breaking
000813  ** its link to a shallow copy and by marking any current shallow
000814  ** copies of this cell as invalid.
000815  **
000816  ** This is used for testing and debugging only - to make sure shallow
000817  ** copies are not misused.
000818  */
000819  void sqlite3VdbeMemAboutToChange(Vdbe *pVdbe, Mem *pMem){
000820    int i;
000821    Mem *pX;
000822    for(i=0, pX=pVdbe->aMem; i<pVdbe->nMem; i++, pX++){
000823      if( pX->pScopyFrom==pMem ){
000824        pX->flags |= MEM_Undefined;
000825        pX->pScopyFrom = 0;
000826      }
000827    }
000828    pMem->pScopyFrom = 0;
000829  }
000830  #endif /* SQLITE_DEBUG */
000831  
000832  
000833  /*
000834  ** Make an shallow copy of pFrom into pTo.  Prior contents of
000835  ** pTo are freed.  The pFrom->z field is not duplicated.  If
000836  ** pFrom->z is used, then pTo->z points to the same thing as pFrom->z
000837  ** and flags gets srcType (either MEM_Ephem or MEM_Static).
000838  */
000839  static SQLITE_NOINLINE void vdbeClrCopy(Mem *pTo, const Mem *pFrom, int eType){
000840    vdbeMemClearExternAndSetNull(pTo);
000841    assert( !VdbeMemDynamic(pTo) );
000842    sqlite3VdbeMemShallowCopy(pTo, pFrom, eType);
000843  }
000844  void sqlite3VdbeMemShallowCopy(Mem *pTo, const Mem *pFrom, int srcType){
000845    assert( (pFrom->flags & MEM_RowSet)==0 );
000846    assert( pTo->db==pFrom->db );
000847    if( VdbeMemDynamic(pTo) ){ vdbeClrCopy(pTo,pFrom,srcType); return; }
000848    memcpy(pTo, pFrom, MEMCELLSIZE);
000849    if( (pFrom->flags&MEM_Static)==0 ){
000850      pTo->flags &= ~(MEM_Dyn|MEM_Static|MEM_Ephem);
000851      assert( srcType==MEM_Ephem || srcType==MEM_Static );
000852      pTo->flags |= srcType;
000853    }
000854  }
000855  
000856  /*
000857  ** Make a full copy of pFrom into pTo.  Prior contents of pTo are
000858  ** freed before the copy is made.
000859  */
000860  int sqlite3VdbeMemCopy(Mem *pTo, const Mem *pFrom){
000861    int rc = SQLITE_OK;
000862  
000863    assert( (pFrom->flags & MEM_RowSet)==0 );
000864    if( VdbeMemDynamic(pTo) ) vdbeMemClearExternAndSetNull(pTo);
000865    memcpy(pTo, pFrom, MEMCELLSIZE);
000866    pTo->flags &= ~MEM_Dyn;
000867    if( pTo->flags&(MEM_Str|MEM_Blob) ){
000868      if( 0==(pFrom->flags&MEM_Static) ){
000869        pTo->flags |= MEM_Ephem;
000870        rc = sqlite3VdbeMemMakeWriteable(pTo);
000871      }
000872    }
000873  
000874    return rc;
000875  }
000876  
000877  /*
000878  ** Transfer the contents of pFrom to pTo. Any existing value in pTo is
000879  ** freed. If pFrom contains ephemeral data, a copy is made.
000880  **
000881  ** pFrom contains an SQL NULL when this routine returns.
000882  */
000883  void sqlite3VdbeMemMove(Mem *pTo, Mem *pFrom){
000884    assert( pFrom->db==0 || sqlite3_mutex_held(pFrom->db->mutex) );
000885    assert( pTo->db==0 || sqlite3_mutex_held(pTo->db->mutex) );
000886    assert( pFrom->db==0 || pTo->db==0 || pFrom->db==pTo->db );
000887  
000888    sqlite3VdbeMemRelease(pTo);
000889    memcpy(pTo, pFrom, sizeof(Mem));
000890    pFrom->flags = MEM_Null;
000891    pFrom->szMalloc = 0;
000892  }
000893  
000894  /*
000895  ** Change the value of a Mem to be a string or a BLOB.
000896  **
000897  ** The memory management strategy depends on the value of the xDel
000898  ** parameter. If the value passed is SQLITE_TRANSIENT, then the 
000899  ** string is copied into a (possibly existing) buffer managed by the 
000900  ** Mem structure. Otherwise, any existing buffer is freed and the
000901  ** pointer copied.
000902  **
000903  ** If the string is too large (if it exceeds the SQLITE_LIMIT_LENGTH
000904  ** size limit) then no memory allocation occurs.  If the string can be
000905  ** stored without allocating memory, then it is.  If a memory allocation
000906  ** is required to store the string, then value of pMem is unchanged.  In
000907  ** either case, SQLITE_TOOBIG is returned.
000908  */
000909  int sqlite3VdbeMemSetStr(
000910    Mem *pMem,          /* Memory cell to set to string value */
000911    const char *z,      /* String pointer */
000912    int n,              /* Bytes in string, or negative */
000913    u8 enc,             /* Encoding of z.  0 for BLOBs */
000914    void (*xDel)(void*) /* Destructor function */
000915  ){
000916    int nByte = n;      /* New value for pMem->n */
000917    int iLimit;         /* Maximum allowed string or blob size */
000918    u16 flags = 0;      /* New value for pMem->flags */
000919  
000920    assert( pMem->db==0 || sqlite3_mutex_held(pMem->db->mutex) );
000921    assert( (pMem->flags & MEM_RowSet)==0 );
000922  
000923    /* If z is a NULL pointer, set pMem to contain an SQL NULL. */
000924    if( !z ){
000925      sqlite3VdbeMemSetNull(pMem);
000926      return SQLITE_OK;
000927    }
000928  
000929    if( pMem->db ){
000930      iLimit = pMem->db->aLimit[SQLITE_LIMIT_LENGTH];
000931    }else{
000932      iLimit = SQLITE_MAX_LENGTH;
000933    }
000934    flags = (enc==0?MEM_Blob:MEM_Str);
000935    if( nByte<0 ){
000936      assert( enc!=0 );
000937      if( enc==SQLITE_UTF8 ){
000938        nByte = 0x7fffffff & (int)strlen(z);
000939        if( nByte>iLimit ) nByte = iLimit+1;
000940      }else{
000941        for(nByte=0; nByte<=iLimit && (z[nByte] | z[nByte+1]); nByte+=2){}
000942      }
000943      flags |= MEM_Term;
000944    }
000945  
000946    /* The following block sets the new values of Mem.z and Mem.xDel. It
000947    ** also sets a flag in local variable "flags" to indicate the memory
000948    ** management (one of MEM_Dyn or MEM_Static).
000949    */
000950    if( xDel==SQLITE_TRANSIENT ){
000951      int nAlloc = nByte;
000952      if( flags&MEM_Term ){
000953        nAlloc += (enc==SQLITE_UTF8?1:2);
000954      }
000955      if( nByte>iLimit ){
000956        return SQLITE_TOOBIG;
000957      }
000958      testcase( nAlloc==0 );
000959      testcase( nAlloc==31 );
000960      testcase( nAlloc==32 );
000961      if( sqlite3VdbeMemClearAndResize(pMem, MAX(nAlloc,32)) ){
000962        return SQLITE_NOMEM_BKPT;
000963      }
000964      memcpy(pMem->z, z, nAlloc);
000965    }else if( xDel==SQLITE_DYNAMIC ){
000966      sqlite3VdbeMemRelease(pMem);
000967      pMem->zMalloc = pMem->z = (char *)z;
000968      pMem->szMalloc = sqlite3DbMallocSize(pMem->db, pMem->zMalloc);
000969    }else{
000970      sqlite3VdbeMemRelease(pMem);
000971      pMem->z = (char *)z;
000972      pMem->xDel = xDel;
000973      flags |= ((xDel==SQLITE_STATIC)?MEM_Static:MEM_Dyn);
000974    }
000975  
000976    pMem->n = nByte;
000977    pMem->flags = flags;
000978    pMem->enc = (enc==0 ? SQLITE_UTF8 : enc);
000979  
000980  #ifndef SQLITE_OMIT_UTF16
000981    if( pMem->enc!=SQLITE_UTF8 && sqlite3VdbeMemHandleBom(pMem) ){
000982      return SQLITE_NOMEM_BKPT;
000983    }
000984  #endif
000985  
000986    if( nByte>iLimit ){
000987      return SQLITE_TOOBIG;
000988    }
000989  
000990    return SQLITE_OK;
000991  }
000992  
000993  /*
000994  ** Move data out of a btree key or data field and into a Mem structure.
000995  ** The data is payload from the entry that pCur is currently pointing
000996  ** to.  offset and amt determine what portion of the data or key to retrieve.
000997  ** The result is written into the pMem element.
000998  **
000999  ** The pMem object must have been initialized.  This routine will use
001000  ** pMem->zMalloc to hold the content from the btree, if possible.  New
001001  ** pMem->zMalloc space will be allocated if necessary.  The calling routine
001002  ** is responsible for making sure that the pMem object is eventually
001003  ** destroyed.
001004  **
001005  ** If this routine fails for any reason (malloc returns NULL or unable
001006  ** to read from the disk) then the pMem is left in an inconsistent state.
001007  */
001008  static SQLITE_NOINLINE int vdbeMemFromBtreeResize(
001009    BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
001010    u32 offset,       /* Offset from the start of data to return bytes from. */
001011    u32 amt,          /* Number of bytes to return. */
001012    Mem *pMem         /* OUT: Return data in this Mem structure. */
001013  ){
001014    int rc;
001015    pMem->flags = MEM_Null;
001016    if( SQLITE_OK==(rc = sqlite3VdbeMemClearAndResize(pMem, amt+1)) ){
001017      rc = sqlite3BtreePayload(pCur, offset, amt, pMem->z);
001018      if( rc==SQLITE_OK ){
001019        pMem->z[amt] = 0;   /* Overrun area used when reading malformed records */
001020        pMem->flags = MEM_Blob;
001021        pMem->n = (int)amt;
001022      }else{
001023        sqlite3VdbeMemRelease(pMem);
001024      }
001025    }
001026    return rc;
001027  }
001028  int sqlite3VdbeMemFromBtree(
001029    BtCursor *pCur,   /* Cursor pointing at record to retrieve. */
001030    u32 offset,       /* Offset from the start of data to return bytes from. */
001031    u32 amt,          /* Number of bytes to return. */
001032    Mem *pMem         /* OUT: Return data in this Mem structure. */
001033  ){
001034    char *zData;        /* Data from the btree layer */
001035    u32 available = 0;  /* Number of bytes available on the local btree page */
001036    int rc = SQLITE_OK; /* Return code */
001037  
001038    assert( sqlite3BtreeCursorIsValid(pCur) );
001039    assert( !VdbeMemDynamic(pMem) );
001040  
001041    /* Note: the calls to BtreeKeyFetch() and DataFetch() below assert() 
001042    ** that both the BtShared and database handle mutexes are held. */
001043    assert( (pMem->flags & MEM_RowSet)==0 );
001044    zData = (char *)sqlite3BtreePayloadFetch(pCur, &available);
001045    assert( zData!=0 );
001046  
001047    if( offset+amt<=available ){
001048      pMem->z = &zData[offset];
001049      pMem->flags = MEM_Blob|MEM_Ephem;
001050      pMem->n = (int)amt;
001051    }else{
001052      rc = vdbeMemFromBtreeResize(pCur, offset, amt, pMem);
001053    }
001054  
001055    return rc;
001056  }
001057  
001058  /*
001059  ** The pVal argument is known to be a value other than NULL.
001060  ** Convert it into a string with encoding enc and return a pointer
001061  ** to a zero-terminated version of that string.
001062  */
001063  static SQLITE_NOINLINE const void *valueToText(sqlite3_value* pVal, u8 enc){
001064    assert( pVal!=0 );
001065    assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
001066    assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
001067    assert( (pVal->flags & MEM_RowSet)==0 );
001068    assert( (pVal->flags & (MEM_Null))==0 );
001069    if( pVal->flags & (MEM_Blob|MEM_Str) ){
001070      if( ExpandBlob(pVal) ) return 0;
001071      pVal->flags |= MEM_Str;
001072      if( pVal->enc != (enc & ~SQLITE_UTF16_ALIGNED) ){
001073        sqlite3VdbeChangeEncoding(pVal, enc & ~SQLITE_UTF16_ALIGNED);
001074      }
001075      if( (enc & SQLITE_UTF16_ALIGNED)!=0 && 1==(1&SQLITE_PTR_TO_INT(pVal->z)) ){
001076        assert( (pVal->flags & (MEM_Ephem|MEM_Static))!=0 );
001077        if( sqlite3VdbeMemMakeWriteable(pVal)!=SQLITE_OK ){
001078          return 0;
001079        }
001080      }
001081      sqlite3VdbeMemNulTerminate(pVal); /* IMP: R-31275-44060 */
001082    }else{
001083      sqlite3VdbeMemStringify(pVal, enc, 0);
001084      assert( 0==(1&SQLITE_PTR_TO_INT(pVal->z)) );
001085    }
001086    assert(pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) || pVal->db==0
001087                || pVal->db->mallocFailed );
001088    if( pVal->enc==(enc & ~SQLITE_UTF16_ALIGNED) ){
001089      return pVal->z;
001090    }else{
001091      return 0;
001092    }
001093  }
001094  
001095  /* This function is only available internally, it is not part of the
001096  ** external API. It works in a similar way to sqlite3_value_text(),
001097  ** except the data returned is in the encoding specified by the second
001098  ** parameter, which must be one of SQLITE_UTF16BE, SQLITE_UTF16LE or
001099  ** SQLITE_UTF8.
001100  **
001101  ** (2006-02-16:)  The enc value can be or-ed with SQLITE_UTF16_ALIGNED.
001102  ** If that is the case, then the result must be aligned on an even byte
001103  ** boundary.
001104  */
001105  const void *sqlite3ValueText(sqlite3_value* pVal, u8 enc){
001106    if( !pVal ) return 0;
001107    assert( pVal->db==0 || sqlite3_mutex_held(pVal->db->mutex) );
001108    assert( (enc&3)==(enc&~SQLITE_UTF16_ALIGNED) );
001109    assert( (pVal->flags & MEM_RowSet)==0 );
001110    if( (pVal->flags&(MEM_Str|MEM_Term))==(MEM_Str|MEM_Term) && pVal->enc==enc ){
001111      return pVal->z;
001112    }
001113    if( pVal->flags&MEM_Null ){
001114      return 0;
001115    }
001116    return valueToText(pVal, enc);
001117  }
001118  
001119  /*
001120  ** Create a new sqlite3_value object.
001121  */
001122  sqlite3_value *sqlite3ValueNew(sqlite3 *db){
001123    Mem *p = sqlite3DbMallocZero(db, sizeof(*p));
001124    if( p ){
001125      p->flags = MEM_Null;
001126      p->db = db;
001127    }
001128    return p;
001129  }
001130  
001131  /*
001132  ** Context object passed by sqlite3Stat4ProbeSetValue() through to 
001133  ** valueNew(). See comments above valueNew() for details.
001134  */
001135  struct ValueNewStat4Ctx {
001136    Parse *pParse;
001137    Index *pIdx;
001138    UnpackedRecord **ppRec;
001139    int iVal;
001140  };
001141  
001142  /*
001143  ** Allocate and return a pointer to a new sqlite3_value object. If
001144  ** the second argument to this function is NULL, the object is allocated
001145  ** by calling sqlite3ValueNew().
001146  **
001147  ** Otherwise, if the second argument is non-zero, then this function is 
001148  ** being called indirectly by sqlite3Stat4ProbeSetValue(). If it has not
001149  ** already been allocated, allocate the UnpackedRecord structure that 
001150  ** that function will return to its caller here. Then return a pointer to
001151  ** an sqlite3_value within the UnpackedRecord.a[] array.
001152  */
001153  static sqlite3_value *valueNew(sqlite3 *db, struct ValueNewStat4Ctx *p){
001154  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001155    if( p ){
001156      UnpackedRecord *pRec = p->ppRec[0];
001157  
001158      if( pRec==0 ){
001159        Index *pIdx = p->pIdx;      /* Index being probed */
001160        int nByte;                  /* Bytes of space to allocate */
001161        int i;                      /* Counter variable */
001162        int nCol = pIdx->nColumn;   /* Number of index columns including rowid */
001163    
001164        nByte = sizeof(Mem) * nCol + ROUND8(sizeof(UnpackedRecord));
001165        pRec = (UnpackedRecord*)sqlite3DbMallocZero(db, nByte);
001166        if( pRec ){
001167          pRec->pKeyInfo = sqlite3KeyInfoOfIndex(p->pParse, pIdx);
001168          if( pRec->pKeyInfo ){
001169            assert( pRec->pKeyInfo->nAllField==nCol );
001170            assert( pRec->pKeyInfo->enc==ENC(db) );
001171            pRec->aMem = (Mem *)((u8*)pRec + ROUND8(sizeof(UnpackedRecord)));
001172            for(i=0; i<nCol; i++){
001173              pRec->aMem[i].flags = MEM_Null;
001174              pRec->aMem[i].db = db;
001175            }
001176          }else{
001177            sqlite3DbFreeNN(db, pRec);
001178            pRec = 0;
001179          }
001180        }
001181        if( pRec==0 ) return 0;
001182        p->ppRec[0] = pRec;
001183      }
001184    
001185      pRec->nField = p->iVal+1;
001186      return &pRec->aMem[p->iVal];
001187    }
001188  #else
001189    UNUSED_PARAMETER(p);
001190  #endif /* defined(SQLITE_ENABLE_STAT3_OR_STAT4) */
001191    return sqlite3ValueNew(db);
001192  }
001193  
001194  /*
001195  ** The expression object indicated by the second argument is guaranteed
001196  ** to be a scalar SQL function. If
001197  **
001198  **   * all function arguments are SQL literals,
001199  **   * one of the SQLITE_FUNC_CONSTANT or _SLOCHNG function flags is set, and
001200  **   * the SQLITE_FUNC_NEEDCOLL function flag is not set,
001201  **
001202  ** then this routine attempts to invoke the SQL function. Assuming no
001203  ** error occurs, output parameter (*ppVal) is set to point to a value 
001204  ** object containing the result before returning SQLITE_OK.
001205  **
001206  ** Affinity aff is applied to the result of the function before returning.
001207  ** If the result is a text value, the sqlite3_value object uses encoding 
001208  ** enc.
001209  **
001210  ** If the conditions above are not met, this function returns SQLITE_OK
001211  ** and sets (*ppVal) to NULL. Or, if an error occurs, (*ppVal) is set to
001212  ** NULL and an SQLite error code returned.
001213  */
001214  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001215  static int valueFromFunction(
001216    sqlite3 *db,                    /* The database connection */
001217    Expr *p,                        /* The expression to evaluate */
001218    u8 enc,                         /* Encoding to use */
001219    u8 aff,                         /* Affinity to use */
001220    sqlite3_value **ppVal,          /* Write the new value here */
001221    struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
001222  ){
001223    sqlite3_context ctx;            /* Context object for function invocation */
001224    sqlite3_value **apVal = 0;      /* Function arguments */
001225    int nVal = 0;                   /* Size of apVal[] array */
001226    FuncDef *pFunc = 0;             /* Function definition */
001227    sqlite3_value *pVal = 0;        /* New value */
001228    int rc = SQLITE_OK;             /* Return code */
001229    ExprList *pList = 0;            /* Function arguments */
001230    int i;                          /* Iterator variable */
001231  
001232    assert( pCtx!=0 );
001233    assert( (p->flags & EP_TokenOnly)==0 );
001234    pList = p->x.pList;
001235    if( pList ) nVal = pList->nExpr;
001236    pFunc = sqlite3FindFunction(db, p->u.zToken, nVal, enc, 0);
001237    assert( pFunc );
001238    if( (pFunc->funcFlags & (SQLITE_FUNC_CONSTANT|SQLITE_FUNC_SLOCHNG))==0 
001239     || (pFunc->funcFlags & SQLITE_FUNC_NEEDCOLL)
001240    ){
001241      return SQLITE_OK;
001242    }
001243  
001244    if( pList ){
001245      apVal = (sqlite3_value**)sqlite3DbMallocZero(db, sizeof(apVal[0]) * nVal);
001246      if( apVal==0 ){
001247        rc = SQLITE_NOMEM_BKPT;
001248        goto value_from_function_out;
001249      }
001250      for(i=0; i<nVal; i++){
001251        rc = sqlite3ValueFromExpr(db, pList->a[i].pExpr, enc, aff, &apVal[i]);
001252        if( apVal[i]==0 || rc!=SQLITE_OK ) goto value_from_function_out;
001253      }
001254    }
001255  
001256    pVal = valueNew(db, pCtx);
001257    if( pVal==0 ){
001258      rc = SQLITE_NOMEM_BKPT;
001259      goto value_from_function_out;
001260    }
001261  
001262    assert( pCtx->pParse->rc==SQLITE_OK );
001263    memset(&ctx, 0, sizeof(ctx));
001264    ctx.pOut = pVal;
001265    ctx.pFunc = pFunc;
001266    pFunc->xSFunc(&ctx, nVal, apVal);
001267    if( ctx.isError ){
001268      rc = ctx.isError;
001269      sqlite3ErrorMsg(pCtx->pParse, "%s", sqlite3_value_text(pVal));
001270    }else{
001271      sqlite3ValueApplyAffinity(pVal, aff, SQLITE_UTF8);
001272      assert( rc==SQLITE_OK );
001273      rc = sqlite3VdbeChangeEncoding(pVal, enc);
001274      if( rc==SQLITE_OK && sqlite3VdbeMemTooBig(pVal) ){
001275        rc = SQLITE_TOOBIG;
001276        pCtx->pParse->nErr++;
001277      }
001278    }
001279    pCtx->pParse->rc = rc;
001280  
001281   value_from_function_out:
001282    if( rc!=SQLITE_OK ){
001283      pVal = 0;
001284    }
001285    if( apVal ){
001286      for(i=0; i<nVal; i++){
001287        sqlite3ValueFree(apVal[i]);
001288      }
001289      sqlite3DbFreeNN(db, apVal);
001290    }
001291  
001292    *ppVal = pVal;
001293    return rc;
001294  }
001295  #else
001296  # define valueFromFunction(a,b,c,d,e,f) SQLITE_OK
001297  #endif /* defined(SQLITE_ENABLE_STAT3_OR_STAT4) */
001298  
001299  /*
001300  ** Extract a value from the supplied expression in the manner described
001301  ** above sqlite3ValueFromExpr(). Allocate the sqlite3_value object
001302  ** using valueNew().
001303  **
001304  ** If pCtx is NULL and an error occurs after the sqlite3_value object
001305  ** has been allocated, it is freed before returning. Or, if pCtx is not
001306  ** NULL, it is assumed that the caller will free any allocated object
001307  ** in all cases.
001308  */
001309  static int valueFromExpr(
001310    sqlite3 *db,                    /* The database connection */
001311    Expr *pExpr,                    /* The expression to evaluate */
001312    u8 enc,                         /* Encoding to use */
001313    u8 affinity,                    /* Affinity to use */
001314    sqlite3_value **ppVal,          /* Write the new value here */
001315    struct ValueNewStat4Ctx *pCtx   /* Second argument for valueNew() */
001316  ){
001317    int op;
001318    char *zVal = 0;
001319    sqlite3_value *pVal = 0;
001320    int negInt = 1;
001321    const char *zNeg = "";
001322    int rc = SQLITE_OK;
001323  
001324    assert( pExpr!=0 );
001325    while( (op = pExpr->op)==TK_UPLUS || op==TK_SPAN ) pExpr = pExpr->pLeft;
001326    if( NEVER(op==TK_REGISTER) ) op = pExpr->op2;
001327  
001328    /* Compressed expressions only appear when parsing the DEFAULT clause
001329    ** on a table column definition, and hence only when pCtx==0.  This
001330    ** check ensures that an EP_TokenOnly expression is never passed down
001331    ** into valueFromFunction(). */
001332    assert( (pExpr->flags & EP_TokenOnly)==0 || pCtx==0 );
001333  
001334    if( op==TK_CAST ){
001335      u8 aff = sqlite3AffinityType(pExpr->u.zToken,0);
001336      rc = valueFromExpr(db, pExpr->pLeft, enc, aff, ppVal, pCtx);
001337      testcase( rc!=SQLITE_OK );
001338      if( *ppVal ){
001339        sqlite3VdbeMemCast(*ppVal, aff, SQLITE_UTF8);
001340        sqlite3ValueApplyAffinity(*ppVal, affinity, SQLITE_UTF8);
001341      }
001342      return rc;
001343    }
001344  
001345    /* Handle negative integers in a single step.  This is needed in the
001346    ** case when the value is -9223372036854775808.
001347    */
001348    if( op==TK_UMINUS
001349     && (pExpr->pLeft->op==TK_INTEGER || pExpr->pLeft->op==TK_FLOAT) ){
001350      pExpr = pExpr->pLeft;
001351      op = pExpr->op;
001352      negInt = -1;
001353      zNeg = "-";
001354    }
001355  
001356    if( op==TK_STRING || op==TK_FLOAT || op==TK_INTEGER ){
001357      pVal = valueNew(db, pCtx);
001358      if( pVal==0 ) goto no_mem;
001359      if( ExprHasProperty(pExpr, EP_IntValue) ){
001360        sqlite3VdbeMemSetInt64(pVal, (i64)pExpr->u.iValue*negInt);
001361      }else{
001362        zVal = sqlite3MPrintf(db, "%s%s", zNeg, pExpr->u.zToken);
001363        if( zVal==0 ) goto no_mem;
001364        sqlite3ValueSetStr(pVal, -1, zVal, SQLITE_UTF8, SQLITE_DYNAMIC);
001365      }
001366      if( (op==TK_INTEGER || op==TK_FLOAT ) && affinity==SQLITE_AFF_BLOB ){
001367        sqlite3ValueApplyAffinity(pVal, SQLITE_AFF_NUMERIC, SQLITE_UTF8);
001368      }else{
001369        sqlite3ValueApplyAffinity(pVal, affinity, SQLITE_UTF8);
001370      }
001371      if( pVal->flags & (MEM_Int|MEM_Real) ) pVal->flags &= ~MEM_Str;
001372      if( enc!=SQLITE_UTF8 ){
001373        rc = sqlite3VdbeChangeEncoding(pVal, enc);
001374      }
001375    }else if( op==TK_UMINUS ) {
001376      /* This branch happens for multiple negative signs.  Ex: -(-5) */
001377      if( SQLITE_OK==valueFromExpr(db,pExpr->pLeft,enc,affinity,&pVal,pCtx) 
001378       && pVal!=0
001379      ){
001380        sqlite3VdbeMemNumerify(pVal);
001381        if( pVal->flags & MEM_Real ){
001382          pVal->u.r = -pVal->u.r;
001383        }else if( pVal->u.i==SMALLEST_INT64 ){
001384          pVal->u.r = -(double)SMALLEST_INT64;
001385          MemSetTypeFlag(pVal, MEM_Real);
001386        }else{
001387          pVal->u.i = -pVal->u.i;
001388        }
001389        sqlite3ValueApplyAffinity(pVal, affinity, enc);
001390      }
001391    }else if( op==TK_NULL ){
001392      pVal = valueNew(db, pCtx);
001393      if( pVal==0 ) goto no_mem;
001394      sqlite3VdbeMemNumerify(pVal);
001395    }
001396  #ifndef SQLITE_OMIT_BLOB_LITERAL
001397    else if( op==TK_BLOB ){
001398      int nVal;
001399      assert( pExpr->u.zToken[0]=='x' || pExpr->u.zToken[0]=='X' );
001400      assert( pExpr->u.zToken[1]=='\'' );
001401      pVal = valueNew(db, pCtx);
001402      if( !pVal ) goto no_mem;
001403      zVal = &pExpr->u.zToken[2];
001404      nVal = sqlite3Strlen30(zVal)-1;
001405      assert( zVal[nVal]=='\'' );
001406      sqlite3VdbeMemSetStr(pVal, sqlite3HexToBlob(db, zVal, nVal), nVal/2,
001407                           0, SQLITE_DYNAMIC);
001408    }
001409  #endif
001410  
001411  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001412    else if( op==TK_FUNCTION && pCtx!=0 ){
001413      rc = valueFromFunction(db, pExpr, enc, affinity, &pVal, pCtx);
001414    }
001415  #endif
001416  
001417    *ppVal = pVal;
001418    return rc;
001419  
001420  no_mem:
001421    sqlite3OomFault(db);
001422    sqlite3DbFree(db, zVal);
001423    assert( *ppVal==0 );
001424  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001425    if( pCtx==0 ) sqlite3ValueFree(pVal);
001426  #else
001427    assert( pCtx==0 ); sqlite3ValueFree(pVal);
001428  #endif
001429    return SQLITE_NOMEM_BKPT;
001430  }
001431  
001432  /*
001433  ** Create a new sqlite3_value object, containing the value of pExpr.
001434  **
001435  ** This only works for very simple expressions that consist of one constant
001436  ** token (i.e. "5", "5.1", "'a string'"). If the expression can
001437  ** be converted directly into a value, then the value is allocated and
001438  ** a pointer written to *ppVal. The caller is responsible for deallocating
001439  ** the value by passing it to sqlite3ValueFree() later on. If the expression
001440  ** cannot be converted to a value, then *ppVal is set to NULL.
001441  */
001442  int sqlite3ValueFromExpr(
001443    sqlite3 *db,              /* The database connection */
001444    Expr *pExpr,              /* The expression to evaluate */
001445    u8 enc,                   /* Encoding to use */
001446    u8 affinity,              /* Affinity to use */
001447    sqlite3_value **ppVal     /* Write the new value here */
001448  ){
001449    return pExpr ? valueFromExpr(db, pExpr, enc, affinity, ppVal, 0) : 0;
001450  }
001451  
001452  #ifdef SQLITE_ENABLE_STAT3_OR_STAT4
001453  /*
001454  ** The implementation of the sqlite_record() function. This function accepts
001455  ** a single argument of any type. The return value is a formatted database 
001456  ** record (a blob) containing the argument value.
001457  **
001458  ** This is used to convert the value stored in the 'sample' column of the
001459  ** sqlite_stat3 table to the record format SQLite uses internally.
001460  */
001461  static void recordFunc(
001462    sqlite3_context *context,
001463    int argc,
001464    sqlite3_value **argv
001465  ){
001466    const int file_format = 1;
001467    u32 iSerial;                    /* Serial type */
001468    int nSerial;                    /* Bytes of space for iSerial as varint */
001469    u32 nVal;                       /* Bytes of space required for argv[0] */
001470    int nRet;
001471    sqlite3 *db;
001472    u8 *aRet;
001473  
001474    UNUSED_PARAMETER( argc );
001475    iSerial = sqlite3VdbeSerialType(argv[0], file_format, &nVal);
001476    nSerial = sqlite3VarintLen(iSerial);
001477    db = sqlite3_context_db_handle(context);
001478  
001479    nRet = 1 + nSerial + nVal;
001480    aRet = sqlite3DbMallocRawNN(db, nRet);
001481    if( aRet==0 ){
001482      sqlite3_result_error_nomem(context);
001483    }else{
001484      aRet[0] = nSerial+1;
001485      putVarint32(&aRet[1], iSerial);
001486      sqlite3VdbeSerialPut(&aRet[1+nSerial], argv[0], iSerial);
001487      sqlite3_result_blob(context, aRet, nRet, SQLITE_TRANSIENT);
001488      sqlite3DbFreeNN(db, aRet);
001489    }
001490  }
001491  
001492  /*
001493  ** Register built-in functions used to help read ANALYZE data.
001494  */
001495  void sqlite3AnalyzeFunctions(void){
001496    static FuncDef aAnalyzeTableFuncs[] = {
001497      FUNCTION(sqlite_record,   1, 0, 0, recordFunc),
001498    };
001499    sqlite3InsertBuiltinFuncs(aAnalyzeTableFuncs, ArraySize(aAnalyzeTableFuncs));
001500  }
001501  
001502  /*
001503  ** Attempt to extract a value from pExpr and use it to construct *ppVal.
001504  **
001505  ** If pAlloc is not NULL, then an UnpackedRecord object is created for
001506  ** pAlloc if one does not exist and the new value is added to the
001507  ** UnpackedRecord object.
001508  **
001509  ** A value is extracted in the following cases:
001510  **
001511  **  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
001512  **
001513  **  * The expression is a bound variable, and this is a reprepare, or
001514  **
001515  **  * The expression is a literal value.
001516  **
001517  ** On success, *ppVal is made to point to the extracted value.  The caller
001518  ** is responsible for ensuring that the value is eventually freed.
001519  */
001520  static int stat4ValueFromExpr(
001521    Parse *pParse,                  /* Parse context */
001522    Expr *pExpr,                    /* The expression to extract a value from */
001523    u8 affinity,                    /* Affinity to use */
001524    struct ValueNewStat4Ctx *pAlloc,/* How to allocate space.  Or NULL */
001525    sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
001526  ){
001527    int rc = SQLITE_OK;
001528    sqlite3_value *pVal = 0;
001529    sqlite3 *db = pParse->db;
001530  
001531    /* Skip over any TK_COLLATE nodes */
001532    pExpr = sqlite3ExprSkipCollate(pExpr);
001533  
001534    assert( pExpr==0 || pExpr->op!=TK_REGISTER || pExpr->op2!=TK_VARIABLE );
001535    if( !pExpr ){
001536      pVal = valueNew(db, pAlloc);
001537      if( pVal ){
001538        sqlite3VdbeMemSetNull((Mem*)pVal);
001539      }
001540    }else if( pExpr->op==TK_VARIABLE && (db->flags & SQLITE_EnableQPSG)==0 ){
001541      Vdbe *v;
001542      int iBindVar = pExpr->iColumn;
001543      sqlite3VdbeSetVarmask(pParse->pVdbe, iBindVar);
001544      if( (v = pParse->pReprepare)!=0 ){
001545        pVal = valueNew(db, pAlloc);
001546        if( pVal ){
001547          rc = sqlite3VdbeMemCopy((Mem*)pVal, &v->aVar[iBindVar-1]);
001548          sqlite3ValueApplyAffinity(pVal, affinity, ENC(db));
001549          pVal->db = pParse->db;
001550        }
001551      }
001552    }else{
001553      rc = valueFromExpr(db, pExpr, ENC(db), affinity, &pVal, pAlloc);
001554    }
001555  
001556    assert( pVal==0 || pVal->db==db );
001557    *ppVal = pVal;
001558    return rc;
001559  }
001560  
001561  /*
001562  ** This function is used to allocate and populate UnpackedRecord 
001563  ** structures intended to be compared against sample index keys stored 
001564  ** in the sqlite_stat4 table.
001565  **
001566  ** A single call to this function populates zero or more fields of the
001567  ** record starting with field iVal (fields are numbered from left to
001568  ** right starting with 0). A single field is populated if:
001569  **
001570  **  * (pExpr==0). In this case the value is assumed to be an SQL NULL,
001571  **
001572  **  * The expression is a bound variable, and this is a reprepare, or
001573  **
001574  **  * The sqlite3ValueFromExpr() function is able to extract a value 
001575  **    from the expression (i.e. the expression is a literal value).
001576  **
001577  ** Or, if pExpr is a TK_VECTOR, one field is populated for each of the
001578  ** vector components that match either of the two latter criteria listed
001579  ** above.
001580  **
001581  ** Before any value is appended to the record, the affinity of the 
001582  ** corresponding column within index pIdx is applied to it. Before
001583  ** this function returns, output parameter *pnExtract is set to the
001584  ** number of values appended to the record.
001585  **
001586  ** When this function is called, *ppRec must either point to an object
001587  ** allocated by an earlier call to this function, or must be NULL. If it
001588  ** is NULL and a value can be successfully extracted, a new UnpackedRecord
001589  ** is allocated (and *ppRec set to point to it) before returning.
001590  **
001591  ** Unless an error is encountered, SQLITE_OK is returned. It is not an
001592  ** error if a value cannot be extracted from pExpr. If an error does
001593  ** occur, an SQLite error code is returned.
001594  */
001595  int sqlite3Stat4ProbeSetValue(
001596    Parse *pParse,                  /* Parse context */
001597    Index *pIdx,                    /* Index being probed */
001598    UnpackedRecord **ppRec,         /* IN/OUT: Probe record */
001599    Expr *pExpr,                    /* The expression to extract a value from */
001600    int nElem,                      /* Maximum number of values to append */
001601    int iVal,                       /* Array element to populate */
001602    int *pnExtract                  /* OUT: Values appended to the record */
001603  ){
001604    int rc = SQLITE_OK;
001605    int nExtract = 0;
001606  
001607    if( pExpr==0 || pExpr->op!=TK_SELECT ){
001608      int i;
001609      struct ValueNewStat4Ctx alloc;
001610  
001611      alloc.pParse = pParse;
001612      alloc.pIdx = pIdx;
001613      alloc.ppRec = ppRec;
001614  
001615      for(i=0; i<nElem; i++){
001616        sqlite3_value *pVal = 0;
001617        Expr *pElem = (pExpr ? sqlite3VectorFieldSubexpr(pExpr, i) : 0);
001618        u8 aff = sqlite3IndexColumnAffinity(pParse->db, pIdx, iVal+i);
001619        alloc.iVal = iVal+i;
001620        rc = stat4ValueFromExpr(pParse, pElem, aff, &alloc, &pVal);
001621        if( !pVal ) break;
001622        nExtract++;
001623      }
001624    }
001625  
001626    *pnExtract = nExtract;
001627    return rc;
001628  }
001629  
001630  /*
001631  ** Attempt to extract a value from expression pExpr using the methods
001632  ** as described for sqlite3Stat4ProbeSetValue() above. 
001633  **
001634  ** If successful, set *ppVal to point to a new value object and return 
001635  ** SQLITE_OK. If no value can be extracted, but no other error occurs
001636  ** (e.g. OOM), return SQLITE_OK and set *ppVal to NULL. Or, if an error
001637  ** does occur, return an SQLite error code. The final value of *ppVal
001638  ** is undefined in this case.
001639  */
001640  int sqlite3Stat4ValueFromExpr(
001641    Parse *pParse,                  /* Parse context */
001642    Expr *pExpr,                    /* The expression to extract a value from */
001643    u8 affinity,                    /* Affinity to use */
001644    sqlite3_value **ppVal           /* OUT: New value object (or NULL) */
001645  ){
001646    return stat4ValueFromExpr(pParse, pExpr, affinity, 0, ppVal);
001647  }
001648  
001649  /*
001650  ** Extract the iCol-th column from the nRec-byte record in pRec.  Write
001651  ** the column value into *ppVal.  If *ppVal is initially NULL then a new
001652  ** sqlite3_value object is allocated.
001653  **
001654  ** If *ppVal is initially NULL then the caller is responsible for 
001655  ** ensuring that the value written into *ppVal is eventually freed.
001656  */
001657  int sqlite3Stat4Column(
001658    sqlite3 *db,                    /* Database handle */
001659    const void *pRec,               /* Pointer to buffer containing record */
001660    int nRec,                       /* Size of buffer pRec in bytes */
001661    int iCol,                       /* Column to extract */
001662    sqlite3_value **ppVal           /* OUT: Extracted value */
001663  ){
001664    u32 t;                          /* a column type code */
001665    int nHdr;                       /* Size of the header in the record */
001666    int iHdr;                       /* Next unread header byte */
001667    int iField;                     /* Next unread data byte */
001668    int szField;                    /* Size of the current data field */
001669    int i;                          /* Column index */
001670    u8 *a = (u8*)pRec;              /* Typecast byte array */
001671    Mem *pMem = *ppVal;             /* Write result into this Mem object */
001672  
001673    assert( iCol>0 );
001674    iHdr = getVarint32(a, nHdr);
001675    if( nHdr>nRec || iHdr>=nHdr ) return SQLITE_CORRUPT_BKPT;
001676    iField = nHdr;
001677    for(i=0; i<=iCol; i++){
001678      iHdr += getVarint32(&a[iHdr], t);
001679      testcase( iHdr==nHdr );
001680      testcase( iHdr==nHdr+1 );
001681      if( iHdr>nHdr ) return SQLITE_CORRUPT_BKPT;
001682      szField = sqlite3VdbeSerialTypeLen(t);
001683      iField += szField;
001684    }
001685    testcase( iField==nRec );
001686    testcase( iField==nRec+1 );
001687    if( iField>nRec ) return SQLITE_CORRUPT_BKPT;
001688    if( pMem==0 ){
001689      pMem = *ppVal = sqlite3ValueNew(db);
001690      if( pMem==0 ) return SQLITE_NOMEM_BKPT;
001691    }
001692    sqlite3VdbeSerialGet(&a[iField-szField], t, pMem);
001693    pMem->enc = ENC(db);
001694    return SQLITE_OK;
001695  }
001696  
001697  /*
001698  ** Unless it is NULL, the argument must be an UnpackedRecord object returned
001699  ** by an earlier call to sqlite3Stat4ProbeSetValue(). This call deletes
001700  ** the object.
001701  */
001702  void sqlite3Stat4ProbeFree(UnpackedRecord *pRec){
001703    if( pRec ){
001704      int i;
001705      int nCol = pRec->pKeyInfo->nAllField;
001706      Mem *aMem = pRec->aMem;
001707      sqlite3 *db = aMem[0].db;
001708      for(i=0; i<nCol; i++){
001709        sqlite3VdbeMemRelease(&aMem[i]);
001710      }
001711      sqlite3KeyInfoUnref(pRec->pKeyInfo);
001712      sqlite3DbFreeNN(db, pRec);
001713    }
001714  }
001715  #endif /* ifdef SQLITE_ENABLE_STAT4 */
001716  
001717  /*
001718  ** Change the string value of an sqlite3_value object
001719  */
001720  void sqlite3ValueSetStr(
001721    sqlite3_value *v,     /* Value to be set */
001722    int n,                /* Length of string z */
001723    const void *z,        /* Text of the new string */
001724    u8 enc,               /* Encoding to use */
001725    void (*xDel)(void*)   /* Destructor for the string */
001726  ){
001727    if( v ) sqlite3VdbeMemSetStr((Mem *)v, z, n, enc, xDel);
001728  }
001729  
001730  /*
001731  ** Free an sqlite3_value object
001732  */
001733  void sqlite3ValueFree(sqlite3_value *v){
001734    if( !v ) return;
001735    sqlite3VdbeMemRelease((Mem *)v);
001736    sqlite3DbFreeNN(((Mem*)v)->db, v);
001737  }
001738  
001739  /*
001740  ** The sqlite3ValueBytes() routine returns the number of bytes in the
001741  ** sqlite3_value object assuming that it uses the encoding "enc".
001742  ** The valueBytes() routine is a helper function.
001743  */
001744  static SQLITE_NOINLINE int valueBytes(sqlite3_value *pVal, u8 enc){
001745    return valueToText(pVal, enc)!=0 ? pVal->n : 0;
001746  }
001747  int sqlite3ValueBytes(sqlite3_value *pVal, u8 enc){
001748    Mem *p = (Mem*)pVal;
001749    assert( (p->flags & MEM_Null)==0 || (p->flags & (MEM_Str|MEM_Blob))==0 );
001750    if( (p->flags & MEM_Str)!=0 && pVal->enc==enc ){
001751      return p->n;
001752    }
001753    if( (p->flags & MEM_Blob)!=0 ){
001754      if( p->flags & MEM_Zero ){
001755        return p->n + p->u.nZero;
001756      }else{
001757        return p->n;
001758      }
001759    }
001760    if( p->flags & MEM_Null ) return 0;
001761    return valueBytes(pVal, enc);
001762  }