1 /*
2 ** 2008 August 18
3 **
4 ** The author disclaims copyright to this source code. In place of
5 ** a legal notice, here is a blessing:
6 **
7 ** May you do good and not evil.
8 ** May you find forgiveness for yourself and forgive others.
9 ** May you share freely, never taking more than you give.
10 **
11 *************************************************************************
12 **
13 ** This file contains routines used for walking the parser tree and
14 ** resolve all identifiers by associating them with a particular
15 ** table and column.
16 */
17 #include "sqliteInt.h"
18
19 /*
20 ** Walk the expression tree pExpr and increase the aggregate function
21 ** depth (the Expr.op2 field) by N on every TK_AGG_FUNCTION node.
22 ** This needs to occur when copying a TK_AGG_FUNCTION node from an
23 ** outer query into an inner subquery.
24 **
25 ** incrAggFunctionDepth(pExpr,n) is the main routine. incrAggDepth(..)
26 ** is a helper function - a callback for the tree walker.
27 */
incrAggDepth(Walker * pWalker,Expr * pExpr)28 static int incrAggDepth(Walker *pWalker, Expr *pExpr){
29 if( pExpr->op==TK_AGG_FUNCTION ) pExpr->op2 += pWalker->u.n;
30 return WRC_Continue;
31 }
incrAggFunctionDepth(Expr * pExpr,int N)32 static void incrAggFunctionDepth(Expr *pExpr, int N){
33 if( N>0 ){
34 Walker w;
35 memset(&w, 0, sizeof(w));
36 w.xExprCallback = incrAggDepth;
37 w.u.n = N;
38 sqlite3WalkExpr(&w, pExpr);
39 }
40 }
41
42 /*
43 ** Turn the pExpr expression into an alias for the iCol-th column of the
44 ** result set in pEList.
45 **
46 ** If the reference is followed by a COLLATE operator, then make sure
47 ** the COLLATE operator is preserved. For example:
48 **
49 ** SELECT a+b, c+d FROM t1 ORDER BY 1 COLLATE nocase;
50 **
51 ** Should be transformed into:
52 **
53 ** SELECT a+b, c+d FROM t1 ORDER BY (a+b) COLLATE nocase;
54 **
55 ** The nSubquery parameter specifies how many levels of subquery the
56 ** alias is removed from the original expression. The usual value is
57 ** zero but it might be more if the alias is contained within a subquery
58 ** of the original expression. The Expr.op2 field of TK_AGG_FUNCTION
59 ** structures must be increased by the nSubquery amount.
60 */
resolveAlias(Parse * pParse,ExprList * pEList,int iCol,Expr * pExpr,const char * zType,int nSubquery)61 static void resolveAlias(
62 Parse *pParse, /* Parsing context */
63 ExprList *pEList, /* A result set */
64 int iCol, /* A column in the result set. 0..pEList->nExpr-1 */
65 Expr *pExpr, /* Transform this into an alias to the result set */
66 const char *zType, /* "GROUP" or "ORDER" or "" */
67 int nSubquery /* Number of subqueries that the label is moving */
68 ){
69 Expr *pOrig; /* The iCol-th column of the result set */
70 Expr *pDup; /* Copy of pOrig */
71 sqlite3 *db; /* The database connection */
72
73 assert( iCol>=0 && iCol<pEList->nExpr );
74 pOrig = pEList->a[iCol].pExpr;
75 assert( pOrig!=0 );
76 db = pParse->db;
77 pDup = sqlite3ExprDup(db, pOrig, 0);
78 if( pDup==0 ) return;
79 if( zType[0]!='G' ) incrAggFunctionDepth(pDup, nSubquery);
80 if( pExpr->op==TK_COLLATE ){
81 pDup = sqlite3ExprAddCollateString(pParse, pDup, pExpr->u.zToken);
82 }
83 ExprSetProperty(pDup, EP_Alias);
84
85 /* Before calling sqlite3ExprDelete(), set the EP_Static flag. This
86 ** prevents ExprDelete() from deleting the Expr structure itself,
87 ** allowing it to be repopulated by the memcpy() on the following line.
88 ** The pExpr->u.zToken might point into memory that will be freed by the
89 ** sqlite3DbFree(db, pDup) on the last line of this block, so be sure to
90 ** make a copy of the token before doing the sqlite3DbFree().
91 */
92 ExprSetProperty(pExpr, EP_Static);
93 sqlite3ExprDelete(db, pExpr);
94 memcpy(pExpr, pDup, sizeof(*pExpr));
95 if( !ExprHasProperty(pExpr, EP_IntValue) && pExpr->u.zToken!=0 ){
96 assert( (pExpr->flags & (EP_Reduced|EP_TokenOnly))==0 );
97 pExpr->u.zToken = sqlite3DbStrDup(db, pExpr->u.zToken);
98 pExpr->flags |= EP_MemToken;
99 }
100 sqlite3DbFree(db, pDup);
101 }
102
103
104 /*
105 ** Return TRUE if the name zCol occurs anywhere in the USING clause.
106 **
107 ** Return FALSE if the USING clause is NULL or if it does not contain
108 ** zCol.
109 */
nameInUsingClause(IdList * pUsing,const char * zCol)110 static int nameInUsingClause(IdList *pUsing, const char *zCol){
111 if( pUsing ){
112 int k;
113 for(k=0; k<pUsing->nId; k++){
114 if( sqlite3StrICmp(pUsing->a[k].zName, zCol)==0 ) return 1;
115 }
116 }
117 return 0;
118 }
119
120 /*
121 ** Subqueries stores the original database, table and column names for their
122 ** result sets in ExprList.a[].zSpan, in the form "DATABASE.TABLE.COLUMN".
123 ** Check to see if the zSpan given to this routine matches the zDb, zTab,
124 ** and zCol. If any of zDb, zTab, and zCol are NULL then those fields will
125 ** match anything.
126 */
sqlite3MatchSpanName(const char * zSpan,const char * zCol,const char * zTab,const char * zDb)127 int sqlite3MatchSpanName(
128 const char *zSpan,
129 const char *zCol,
130 const char *zTab,
131 const char *zDb
132 ){
133 int n;
134 for(n=0; ALWAYS(zSpan[n]) && zSpan[n]!='.'; n++){}
135 if( zDb && (sqlite3StrNICmp(zSpan, zDb, n)!=0 || zDb[n]!=0) ){
136 return 0;
137 }
138 zSpan += n+1;
139 for(n=0; ALWAYS(zSpan[n]) && zSpan[n]!='.'; n++){}
140 if( zTab && (sqlite3StrNICmp(zSpan, zTab, n)!=0 || zTab[n]!=0) ){
141 return 0;
142 }
143 zSpan += n+1;
144 if( zCol && sqlite3StrICmp(zSpan, zCol)!=0 ){
145 return 0;
146 }
147 return 1;
148 }
149
150 /*
151 ** Given the name of a column of the form X.Y.Z or Y.Z or just Z, look up
152 ** that name in the set of source tables in pSrcList and make the pExpr
153 ** expression node refer back to that source column. The following changes
154 ** are made to pExpr:
155 **
156 ** pExpr->iDb Set the index in db->aDb[] of the database X
157 ** (even if X is implied).
158 ** pExpr->iTable Set to the cursor number for the table obtained
159 ** from pSrcList.
160 ** pExpr->pTab Points to the Table structure of X.Y (even if
161 ** X and/or Y are implied.)
162 ** pExpr->iColumn Set to the column number within the table.
163 ** pExpr->op Set to TK_COLUMN.
164 ** pExpr->pLeft Any expression this points to is deleted
165 ** pExpr->pRight Any expression this points to is deleted.
166 **
167 ** The zDb variable is the name of the database (the "X"). This value may be
168 ** NULL meaning that name is of the form Y.Z or Z. Any available database
169 ** can be used. The zTable variable is the name of the table (the "Y"). This
170 ** value can be NULL if zDb is also NULL. If zTable is NULL it
171 ** means that the form of the name is Z and that columns from any table
172 ** can be used.
173 **
174 ** If the name cannot be resolved unambiguously, leave an error message
175 ** in pParse and return WRC_Abort. Return WRC_Prune on success.
176 */
lookupName(Parse * pParse,const char * zDb,const char * zTab,const char * zCol,NameContext * pNC,Expr * pExpr)177 static int lookupName(
178 Parse *pParse, /* The parsing context */
179 const char *zDb, /* Name of the database containing table, or NULL */
180 const char *zTab, /* Name of table containing column, or NULL */
181 const char *zCol, /* Name of the column. */
182 NameContext *pNC, /* The name context used to resolve the name */
183 Expr *pExpr /* Make this EXPR node point to the selected column */
184 ){
185 int i, j; /* Loop counters */
186 int cnt = 0; /* Number of matching column names */
187 int cntTab = 0; /* Number of matching table names */
188 int nSubquery = 0; /* How many levels of subquery */
189 sqlite3 *db = pParse->db; /* The database connection */
190 struct SrcList_item *pItem; /* Use for looping over pSrcList items */
191 struct SrcList_item *pMatch = 0; /* The matching pSrcList item */
192 NameContext *pTopNC = pNC; /* First namecontext in the list */
193 Schema *pSchema = 0; /* Schema of the expression */
194 int isTrigger = 0; /* True if resolved to a trigger column */
195 Table *pTab = 0; /* Table hold the row */
196 Column *pCol; /* A column of pTab */
197
198 assert( pNC ); /* the name context cannot be NULL. */
199 assert( zCol ); /* The Z in X.Y.Z cannot be NULL */
200 assert( !ExprHasProperty(pExpr, EP_TokenOnly|EP_Reduced) );
201
202 /* Initialize the node to no-match */
203 pExpr->iTable = -1;
204 pExpr->pTab = 0;
205 ExprSetVVAProperty(pExpr, EP_NoReduce);
206
207 /* Translate the schema name in zDb into a pointer to the corresponding
208 ** schema. If not found, pSchema will remain NULL and nothing will match
209 ** resulting in an appropriate error message toward the end of this routine
210 */
211 if( zDb ){
212 testcase( pNC->ncFlags & NC_PartIdx );
213 testcase( pNC->ncFlags & NC_IsCheck );
214 if( (pNC->ncFlags & (NC_PartIdx|NC_IsCheck))!=0 ){
215 /* Silently ignore database qualifiers inside CHECK constraints and
216 ** partial indices. Do not raise errors because that might break
217 ** legacy and because it does not hurt anything to just ignore the
218 ** database name. */
219 zDb = 0;
220 }else{
221 for(i=0; i<db->nDb; i++){
222 assert( db->aDb[i].zDbSName );
223 if( sqlite3StrICmp(db->aDb[i].zDbSName,zDb)==0 ){
224 pSchema = db->aDb[i].pSchema;
225 break;
226 }
227 }
228 }
229 }
230
231 /* Start at the inner-most context and move outward until a match is found */
232 assert( pNC && cnt==0 );
233 do{
234 ExprList *pEList;
235 SrcList *pSrcList = pNC->pSrcList;
236
237 if( pSrcList ){
238 for(i=0, pItem=pSrcList->a; i<pSrcList->nSrc; i++, pItem++){
239 pTab = pItem->pTab;
240 assert( pTab!=0 && pTab->zName!=0 );
241 assert( pTab->nCol>0 );
242 if( pItem->pSelect && (pItem->pSelect->selFlags & SF_NestedFrom)!=0 ){
243 int hit = 0;
244 pEList = pItem->pSelect->pEList;
245 for(j=0; j<pEList->nExpr; j++){
246 if( sqlite3MatchSpanName(pEList->a[j].zSpan, zCol, zTab, zDb) ){
247 cnt++;
248 cntTab = 2;
249 pMatch = pItem;
250 pExpr->iColumn = j;
251 hit = 1;
252 }
253 }
254 if( hit || zTab==0 ) continue;
255 }
256 if( zDb && pTab->pSchema!=pSchema ){
257 continue;
258 }
259 if( zTab ){
260 const char *zTabName = pItem->zAlias ? pItem->zAlias : pTab->zName;
261 assert( zTabName!=0 );
262 if( sqlite3StrICmp(zTabName, zTab)!=0 ){
263 continue;
264 }
265 }
266 if( 0==(cntTab++) ){
267 pMatch = pItem;
268 }
269 for(j=0, pCol=pTab->aCol; j<pTab->nCol; j++, pCol++){
270 if( sqlite3StrICmp(pCol->zName, zCol)==0 ){
271 /* If there has been exactly one prior match and this match
272 ** is for the right-hand table of a NATURAL JOIN or is in a
273 ** USING clause, then skip this match.
274 */
275 if( cnt==1 ){
276 if( pItem->fg.jointype & JT_NATURAL ) continue;
277 if( nameInUsingClause(pItem->pUsing, zCol) ) continue;
278 }
279 cnt++;
280 pMatch = pItem;
281 /* Substitute the rowid (column -1) for the INTEGER PRIMARY KEY */
282 pExpr->iColumn = j==pTab->iPKey ? -1 : (i16)j;
283 break;
284 }
285 }
286 }
287 if( pMatch ){
288 pExpr->iTable = pMatch->iCursor;
289 pExpr->pTab = pMatch->pTab;
290 /* RIGHT JOIN not (yet) supported */
291 assert( (pMatch->fg.jointype & JT_RIGHT)==0 );
292 if( (pMatch->fg.jointype & JT_LEFT)!=0 ){
293 ExprSetProperty(pExpr, EP_CanBeNull);
294 }
295 pSchema = pExpr->pTab->pSchema;
296 }
297 } /* if( pSrcList ) */
298
299 #ifndef SQLITE_OMIT_TRIGGER
300 /* If we have not already resolved the name, then maybe
301 ** it is a new.* or old.* trigger argument reference
302 */
303 if( zDb==0 && zTab!=0 && cntTab==0 && pParse->pTriggerTab!=0 ){
304 int op = pParse->eTriggerOp;
305 assert( op==TK_DELETE || op==TK_UPDATE || op==TK_INSERT );
306 if( op!=TK_DELETE && sqlite3StrICmp("new",zTab) == 0 ){
307 pExpr->iTable = 1;
308 pTab = pParse->pTriggerTab;
309 }else if( op!=TK_INSERT && sqlite3StrICmp("old",zTab)==0 ){
310 pExpr->iTable = 0;
311 pTab = pParse->pTriggerTab;
312 }else{
313 pTab = 0;
314 }
315
316 if( pTab ){
317 int iCol;
318 pSchema = pTab->pSchema;
319 cntTab++;
320 for(iCol=0, pCol=pTab->aCol; iCol<pTab->nCol; iCol++, pCol++){
321 if( sqlite3StrICmp(pCol->zName, zCol)==0 ){
322 if( iCol==pTab->iPKey ){
323 iCol = -1;
324 }
325 break;
326 }
327 }
328 if( iCol>=pTab->nCol && sqlite3IsRowid(zCol) && VisibleRowid(pTab) ){
329 /* IMP: R-51414-32910 */
330 iCol = -1;
331 }
332 if( iCol<pTab->nCol ){
333 cnt++;
334 if( iCol<0 ){
335 pExpr->affinity = SQLITE_AFF_INTEGER;
336 }else if( pExpr->iTable==0 ){
337 testcase( iCol==31 );
338 testcase( iCol==32 );
339 pParse->oldmask |= (iCol>=32 ? 0xffffffff : (((u32)1)<<iCol));
340 }else{
341 testcase( iCol==31 );
342 testcase( iCol==32 );
343 pParse->newmask |= (iCol>=32 ? 0xffffffff : (((u32)1)<<iCol));
344 }
345 pExpr->iColumn = (i16)iCol;
346 pExpr->pTab = pTab;
347 isTrigger = 1;
348 }
349 }
350 }
351 #endif /* !defined(SQLITE_OMIT_TRIGGER) */
352
353 /*
354 ** Perhaps the name is a reference to the ROWID
355 */
356 if( cnt==0
357 && cntTab==1
358 && pMatch
359 && (pNC->ncFlags & NC_IdxExpr)==0
360 && sqlite3IsRowid(zCol)
361 && VisibleRowid(pMatch->pTab)
362 ){
363 cnt = 1;
364 pExpr->iColumn = -1;
365 pExpr->affinity = SQLITE_AFF_INTEGER;
366 }
367
368 /*
369 ** If the input is of the form Z (not Y.Z or X.Y.Z) then the name Z
370 ** might refer to an result-set alias. This happens, for example, when
371 ** we are resolving names in the WHERE clause of the following command:
372 **
373 ** SELECT a+b AS x FROM table WHERE x<10;
374 **
375 ** In cases like this, replace pExpr with a copy of the expression that
376 ** forms the result set entry ("a+b" in the example) and return immediately.
377 ** Note that the expression in the result set should have already been
378 ** resolved by the time the WHERE clause is resolved.
379 **
380 ** The ability to use an output result-set column in the WHERE, GROUP BY,
381 ** or HAVING clauses, or as part of a larger expression in the ORDER BY
382 ** clause is not standard SQL. This is a (goofy) SQLite extension, that
383 ** is supported for backwards compatibility only. Hence, we issue a warning
384 ** on sqlite3_log() whenever the capability is used.
385 */
386 if( (pEList = pNC->pEList)!=0
387 && zTab==0
388 && cnt==0
389 ){
390 for(j=0; j<pEList->nExpr; j++){
391 char *zAs = pEList->a[j].zName;
392 if( zAs!=0 && sqlite3StrICmp(zAs, zCol)==0 ){
393 Expr *pOrig;
394 assert( pExpr->pLeft==0 && pExpr->pRight==0 );
395 assert( pExpr->x.pList==0 );
396 assert( pExpr->x.pSelect==0 );
397 pOrig = pEList->a[j].pExpr;
398 if( (pNC->ncFlags&NC_AllowAgg)==0 && ExprHasProperty(pOrig, EP_Agg) ){
399 sqlite3ErrorMsg(pParse, "misuse of aliased aggregate %s", zAs);
400 return WRC_Abort;
401 }
402 if( sqlite3ExprVectorSize(pOrig)!=1 ){
403 sqlite3ErrorMsg(pParse, "row value misused");
404 return WRC_Abort;
405 }
406 resolveAlias(pParse, pEList, j, pExpr, "", nSubquery);
407 cnt = 1;
408 pMatch = 0;
409 assert( zTab==0 && zDb==0 );
410 goto lookupname_end;
411 }
412 }
413 }
414
415 /* Advance to the next name context. The loop will exit when either
416 ** we have a match (cnt>0) or when we run out of name contexts.
417 */
418 if( cnt ) break;
419 pNC = pNC->pNext;
420 nSubquery++;
421 }while( pNC );
422
423
424 /*
425 ** If X and Y are NULL (in other words if only the column name Z is
426 ** supplied) and the value of Z is enclosed in double-quotes, then
427 ** Z is a string literal if it doesn't match any column names. In that
428 ** case, we need to return right away and not make any changes to
429 ** pExpr.
430 **
431 ** Because no reference was made to outer contexts, the pNC->nRef
432 ** fields are not changed in any context.
433 */
434 if( cnt==0 && zTab==0 && ExprHasProperty(pExpr,EP_DblQuoted) ){
435 pExpr->op = TK_STRING;
436 pExpr->pTab = 0;
437 return WRC_Prune;
438 }
439
440 /*
441 ** cnt==0 means there was not match. cnt>1 means there were two or
442 ** more matches. Either way, we have an error.
443 */
444 if( cnt!=1 ){
445 const char *zErr;
446 zErr = cnt==0 ? "no such column" : "ambiguous column name";
447 if( zDb ){
448 sqlite3ErrorMsg(pParse, "%s: %s.%s.%s", zErr, zDb, zTab, zCol);
449 }else if( zTab ){
450 sqlite3ErrorMsg(pParse, "%s: %s.%s", zErr, zTab, zCol);
451 }else{
452 sqlite3ErrorMsg(pParse, "%s: %s", zErr, zCol);
453 }
454 pParse->checkSchema = 1;
455 pTopNC->nErr++;
456 }
457
458 /* If a column from a table in pSrcList is referenced, then record
459 ** this fact in the pSrcList.a[].colUsed bitmask. Column 0 causes
460 ** bit 0 to be set. Column 1 sets bit 1. And so forth. If the
461 ** column number is greater than the number of bits in the bitmask
462 ** then set the high-order bit of the bitmask.
463 */
464 if( pExpr->iColumn>=0 && pMatch!=0 ){
465 int n = pExpr->iColumn;
466 testcase( n==BMS-1 );
467 if( n>=BMS ){
468 n = BMS-1;
469 }
470 assert( pMatch->iCursor==pExpr->iTable );
471 pMatch->colUsed |= ((Bitmask)1)<<n;
472 }
473
474 /* Clean up and return
475 */
476 sqlite3ExprDelete(db, pExpr->pLeft);
477 pExpr->pLeft = 0;
478 sqlite3ExprDelete(db, pExpr->pRight);
479 pExpr->pRight = 0;
480 pExpr->op = (isTrigger ? TK_TRIGGER : TK_COLUMN);
481 ExprSetProperty(pExpr, EP_Leaf);
482 lookupname_end:
483 if( cnt==1 ){
484 assert( pNC!=0 );
485 if( !ExprHasProperty(pExpr, EP_Alias) ){
486 sqlite3AuthRead(pParse, pExpr, pSchema, pNC->pSrcList);
487 }
488 /* Increment the nRef value on all name contexts from TopNC up to
489 ** the point where the name matched. */
490 for(;;){
491 assert( pTopNC!=0 );
492 pTopNC->nRef++;
493 if( pTopNC==pNC ) break;
494 pTopNC = pTopNC->pNext;
495 }
496 return WRC_Prune;
497 } else {
498 return WRC_Abort;
499 }
500 }
501
502 /*
503 ** Allocate and return a pointer to an expression to load the column iCol
504 ** from datasource iSrc in SrcList pSrc.
505 */
sqlite3CreateColumnExpr(sqlite3 * db,SrcList * pSrc,int iSrc,int iCol)506 Expr *sqlite3CreateColumnExpr(sqlite3 *db, SrcList *pSrc, int iSrc, int iCol){
507 Expr *p = sqlite3ExprAlloc(db, TK_COLUMN, 0, 0);
508 if( p ){
509 struct SrcList_item *pItem = &pSrc->a[iSrc];
510 p->pTab = pItem->pTab;
511 p->iTable = pItem->iCursor;
512 if( p->pTab->iPKey==iCol ){
513 p->iColumn = -1;
514 }else{
515 p->iColumn = (ynVar)iCol;
516 testcase( iCol==BMS );
517 testcase( iCol==BMS-1 );
518 pItem->colUsed |= ((Bitmask)1)<<(iCol>=BMS ? BMS-1 : iCol);
519 }
520 }
521 return p;
522 }
523
524 /*
525 ** Report an error that an expression is not valid for some set of
526 ** pNC->ncFlags values determined by validMask.
527 */
notValid(Parse * pParse,NameContext * pNC,const char * zMsg,int validMask)528 static void notValid(
529 Parse *pParse, /* Leave error message here */
530 NameContext *pNC, /* The name context */
531 const char *zMsg, /* Type of error */
532 int validMask /* Set of contexts for which prohibited */
533 ){
534 assert( (validMask&~(NC_IsCheck|NC_PartIdx|NC_IdxExpr))==0 );
535 if( (pNC->ncFlags & validMask)!=0 ){
536 const char *zIn = "partial index WHERE clauses";
537 if( pNC->ncFlags & NC_IdxExpr ) zIn = "index expressions";
538 #ifndef SQLITE_OMIT_CHECK
539 else if( pNC->ncFlags & NC_IsCheck ) zIn = "CHECK constraints";
540 #endif
541 sqlite3ErrorMsg(pParse, "%s prohibited in %s", zMsg, zIn);
542 }
543 }
544
545 /*
546 ** Expression p should encode a floating point value between 1.0 and 0.0.
547 ** Return 1024 times this value. Or return -1 if p is not a floating point
548 ** value between 1.0 and 0.0.
549 */
exprProbability(Expr * p)550 static int exprProbability(Expr *p){
551 double r = -1.0;
552 if( p->op!=TK_FLOAT ) return -1;
553 sqlite3AtoF(p->u.zToken, &r, sqlite3Strlen30(p->u.zToken), SQLITE_UTF8);
554 assert( r>=0.0 );
555 if( r>1.0 ) return -1;
556 return (int)(r*134217728.0);
557 }
558
559 /*
560 ** This routine is callback for sqlite3WalkExpr().
561 **
562 ** Resolve symbolic names into TK_COLUMN operators for the current
563 ** node in the expression tree. Return 0 to continue the search down
564 ** the tree or 2 to abort the tree walk.
565 **
566 ** This routine also does error checking and name resolution for
567 ** function names. The operator for aggregate functions is changed
568 ** to TK_AGG_FUNCTION.
569 */
resolveExprStep(Walker * pWalker,Expr * pExpr)570 static int resolveExprStep(Walker *pWalker, Expr *pExpr){
571 NameContext *pNC;
572 Parse *pParse;
573
574 pNC = pWalker->u.pNC;
575 assert( pNC!=0 );
576 pParse = pNC->pParse;
577 assert( pParse==pWalker->pParse );
578
579 #ifndef NDEBUG
580 if( pNC->pSrcList && pNC->pSrcList->nAlloc>0 ){
581 SrcList *pSrcList = pNC->pSrcList;
582 int i;
583 for(i=0; i<pNC->pSrcList->nSrc; i++){
584 assert( pSrcList->a[i].iCursor>=0 && pSrcList->a[i].iCursor<pParse->nTab);
585 }
586 }
587 #endif
588 switch( pExpr->op ){
589
590 #if defined(SQLITE_ENABLE_UPDATE_DELETE_LIMIT) && !defined(SQLITE_OMIT_SUBQUERY)
591 /* The special operator TK_ROW means use the rowid for the first
592 ** column in the FROM clause. This is used by the LIMIT and ORDER BY
593 ** clause processing on UPDATE and DELETE statements.
594 */
595 case TK_ROW: {
596 SrcList *pSrcList = pNC->pSrcList;
597 struct SrcList_item *pItem;
598 assert( pSrcList && pSrcList->nSrc==1 );
599 pItem = pSrcList->a;
600 pExpr->op = TK_COLUMN;
601 pExpr->pTab = pItem->pTab;
602 pExpr->iTable = pItem->iCursor;
603 pExpr->iColumn = -1;
604 pExpr->affinity = SQLITE_AFF_INTEGER;
605 break;
606 }
607 #endif /* defined(SQLITE_ENABLE_UPDATE_DELETE_LIMIT)
608 && !defined(SQLITE_OMIT_SUBQUERY) */
609
610 /* A column name: ID
611 ** Or table name and column name: ID.ID
612 ** Or a database, table and column: ID.ID.ID
613 **
614 ** The TK_ID and TK_OUT cases are combined so that there will only
615 ** be one call to lookupName(). Then the compiler will in-line
616 ** lookupName() for a size reduction and performance increase.
617 */
618 case TK_ID:
619 case TK_DOT: {
620 const char *zColumn;
621 const char *zTable;
622 const char *zDb;
623 Expr *pRight;
624
625 if( pExpr->op==TK_ID ){
626 zDb = 0;
627 zTable = 0;
628 zColumn = pExpr->u.zToken;
629 }else{
630 notValid(pParse, pNC, "the \".\" operator", NC_IdxExpr);
631 pRight = pExpr->pRight;
632 if( pRight->op==TK_ID ){
633 zDb = 0;
634 zTable = pExpr->pLeft->u.zToken;
635 zColumn = pRight->u.zToken;
636 }else{
637 assert( pRight->op==TK_DOT );
638 zDb = pExpr->pLeft->u.zToken;
639 zTable = pRight->pLeft->u.zToken;
640 zColumn = pRight->pRight->u.zToken;
641 }
642 }
643 return lookupName(pParse, zDb, zTable, zColumn, pNC, pExpr);
644 }
645
646 /* Resolve function names
647 */
648 case TK_FUNCTION: {
649 ExprList *pList = pExpr->x.pList; /* The argument list */
650 int n = pList ? pList->nExpr : 0; /* Number of arguments */
651 int no_such_func = 0; /* True if no such function exists */
652 int wrong_num_args = 0; /* True if wrong number of arguments */
653 int is_agg = 0; /* True if is an aggregate function */
654 int nId; /* Number of characters in function name */
655 const char *zId; /* The function name. */
656 FuncDef *pDef; /* Information about the function */
657 u8 enc = ENC(pParse->db); /* The database encoding */
658
659 assert( !ExprHasProperty(pExpr, EP_xIsSelect) );
660 zId = pExpr->u.zToken;
661 nId = sqlite3Strlen30(zId);
662 pDef = sqlite3FindFunction(pParse->db, zId, n, enc, 0);
663 if( pDef==0 ){
664 pDef = sqlite3FindFunction(pParse->db, zId, -2, enc, 0);
665 if( pDef==0 ){
666 no_such_func = 1;
667 }else{
668 wrong_num_args = 1;
669 }
670 }else{
671 is_agg = pDef->xFinalize!=0;
672 if( pDef->funcFlags & SQLITE_FUNC_UNLIKELY ){
673 ExprSetProperty(pExpr, EP_Unlikely|EP_Skip);
674 if( n==2 ){
675 pExpr->iTable = exprProbability(pList->a[1].pExpr);
676 if( pExpr->iTable<0 ){
677 sqlite3ErrorMsg(pParse,
678 "second argument to likelihood() must be a "
679 "constant between 0.0 and 1.0");
680 pNC->nErr++;
681 }
682 }else{
683 /* EVIDENCE-OF: R-61304-29449 The unlikely(X) function is
684 ** equivalent to likelihood(X, 0.0625).
685 ** EVIDENCE-OF: R-01283-11636 The unlikely(X) function is
686 ** short-hand for likelihood(X,0.0625).
687 ** EVIDENCE-OF: R-36850-34127 The likely(X) function is short-hand
688 ** for likelihood(X,0.9375).
689 ** EVIDENCE-OF: R-53436-40973 The likely(X) function is equivalent
690 ** to likelihood(X,0.9375). */
691 /* TUNING: unlikely() probability is 0.0625. likely() is 0.9375 */
692 pExpr->iTable = pDef->zName[0]=='u' ? 8388608 : 125829120;
693 }
694 }
695 #ifndef SQLITE_OMIT_AUTHORIZATION
696 {
697 int auth = sqlite3AuthCheck(pParse, SQLITE_FUNCTION, 0,pDef->zName,0);
698 if( auth!=SQLITE_OK ){
699 if( auth==SQLITE_DENY ){
700 sqlite3ErrorMsg(pParse, "not authorized to use function: %s",
701 pDef->zName);
702 pNC->nErr++;
703 }
704 pExpr->op = TK_NULL;
705 return WRC_Prune;
706 }
707 }
708 #endif
709 if( pDef->funcFlags & (SQLITE_FUNC_CONSTANT|SQLITE_FUNC_SLOCHNG) ){
710 /* For the purposes of the EP_ConstFunc flag, date and time
711 ** functions and other functions that change slowly are considered
712 ** constant because they are constant for the duration of one query */
713 ExprSetProperty(pExpr,EP_ConstFunc);
714 }
715 if( (pDef->funcFlags & SQLITE_FUNC_CONSTANT)==0 ){
716 /* Date/time functions that use 'now', and other functions like
717 ** sqlite_version() that might change over time cannot be used
718 ** in an index. */
719 notValid(pParse, pNC, "non-deterministic functions",
720 NC_IdxExpr|NC_PartIdx);
721 }
722 }
723 if( is_agg && (pNC->ncFlags & NC_AllowAgg)==0 ){
724 sqlite3ErrorMsg(pParse, "misuse of aggregate function %.*s()", nId,zId);
725 pNC->nErr++;
726 is_agg = 0;
727 }else if( no_such_func && pParse->db->init.busy==0
728 #ifdef SQLITE_ENABLE_UNKNOWN_SQL_FUNCTION
729 && pParse->explain==0
730 #endif
731 ){
732 sqlite3ErrorMsg(pParse, "no such function: %.*s", nId, zId);
733 pNC->nErr++;
734 }else if( wrong_num_args ){
735 sqlite3ErrorMsg(pParse,"wrong number of arguments to function %.*s()",
736 nId, zId);
737 pNC->nErr++;
738 }
739 if( is_agg ) pNC->ncFlags &= ~NC_AllowAgg;
740 sqlite3WalkExprList(pWalker, pList);
741 if( is_agg ){
742 NameContext *pNC2 = pNC;
743 pExpr->op = TK_AGG_FUNCTION;
744 pExpr->op2 = 0;
745 while( pNC2 && !sqlite3FunctionUsesThisSrc(pExpr, pNC2->pSrcList) ){
746 pExpr->op2++;
747 pNC2 = pNC2->pNext;
748 }
749 assert( pDef!=0 );
750 if( pNC2 ){
751 assert( SQLITE_FUNC_MINMAX==NC_MinMaxAgg );
752 testcase( (pDef->funcFlags & SQLITE_FUNC_MINMAX)!=0 );
753 pNC2->ncFlags |= NC_HasAgg | (pDef->funcFlags & SQLITE_FUNC_MINMAX);
754
755 }
756 pNC->ncFlags |= NC_AllowAgg;
757 }
758 /* FIX ME: Compute pExpr->affinity based on the expected return
759 ** type of the function
760 */
761 return WRC_Prune;
762 }
763 #ifndef SQLITE_OMIT_SUBQUERY
764 case TK_SELECT:
765 case TK_EXISTS: testcase( pExpr->op==TK_EXISTS );
766 #endif
767 case TK_IN: {
768 testcase( pExpr->op==TK_IN );
769 if( ExprHasProperty(pExpr, EP_xIsSelect) ){
770 int nRef = pNC->nRef;
771 notValid(pParse, pNC, "subqueries", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
772 sqlite3WalkSelect(pWalker, pExpr->x.pSelect);
773 assert( pNC->nRef>=nRef );
774 if( nRef!=pNC->nRef ){
775 ExprSetProperty(pExpr, EP_VarSelect);
776 pNC->ncFlags |= NC_VarSelect;
777 }
778 }
779 break;
780 }
781 case TK_VARIABLE: {
782 notValid(pParse, pNC, "parameters", NC_IsCheck|NC_PartIdx|NC_IdxExpr);
783 break;
784 }
785 case TK_BETWEEN:
786 case TK_EQ:
787 case TK_NE:
788 case TK_LT:
789 case TK_LE:
790 case TK_GT:
791 case TK_GE:
792 case TK_IS:
793 case TK_ISNOT: {
794 int nLeft, nRight;
795 if( pParse->db->mallocFailed ) break;
796 assert( pExpr->pLeft!=0 );
797 nLeft = sqlite3ExprVectorSize(pExpr->pLeft);
798 if( pExpr->op==TK_BETWEEN ){
799 nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[0].pExpr);
800 if( nRight==nLeft ){
801 nRight = sqlite3ExprVectorSize(pExpr->x.pList->a[1].pExpr);
802 }
803 }else{
804 assert( pExpr->pRight!=0 );
805 nRight = sqlite3ExprVectorSize(pExpr->pRight);
806 }
807 if( nLeft!=nRight ){
808 testcase( pExpr->op==TK_EQ );
809 testcase( pExpr->op==TK_NE );
810 testcase( pExpr->op==TK_LT );
811 testcase( pExpr->op==TK_LE );
812 testcase( pExpr->op==TK_GT );
813 testcase( pExpr->op==TK_GE );
814 testcase( pExpr->op==TK_IS );
815 testcase( pExpr->op==TK_ISNOT );
816 testcase( pExpr->op==TK_BETWEEN );
817 sqlite3ErrorMsg(pParse, "row value misused");
818 }
819 break;
820 }
821 }
822 return (pParse->nErr || pParse->db->mallocFailed) ? WRC_Abort : WRC_Continue;
823 }
824
825 /*
826 ** pEList is a list of expressions which are really the result set of the
827 ** a SELECT statement. pE is a term in an ORDER BY or GROUP BY clause.
828 ** This routine checks to see if pE is a simple identifier which corresponds
829 ** to the AS-name of one of the terms of the expression list. If it is,
830 ** this routine return an integer between 1 and N where N is the number of
831 ** elements in pEList, corresponding to the matching entry. If there is
832 ** no match, or if pE is not a simple identifier, then this routine
833 ** return 0.
834 **
835 ** pEList has been resolved. pE has not.
836 */
resolveAsName(Parse * pParse,ExprList * pEList,Expr * pE)837 static int resolveAsName(
838 Parse *pParse, /* Parsing context for error messages */
839 ExprList *pEList, /* List of expressions to scan */
840 Expr *pE /* Expression we are trying to match */
841 ){
842 int i; /* Loop counter */
843
844 UNUSED_PARAMETER(pParse);
845
846 if( pE->op==TK_ID ){
847 char *zCol = pE->u.zToken;
848 for(i=0; i<pEList->nExpr; i++){
849 char *zAs = pEList->a[i].zName;
850 if( zAs!=0 && sqlite3StrICmp(zAs, zCol)==0 ){
851 return i+1;
852 }
853 }
854 }
855 return 0;
856 }
857
858 /*
859 ** pE is a pointer to an expression which is a single term in the
860 ** ORDER BY of a compound SELECT. The expression has not been
861 ** name resolved.
862 **
863 ** At the point this routine is called, we already know that the
864 ** ORDER BY term is not an integer index into the result set. That
865 ** case is handled by the calling routine.
866 **
867 ** Attempt to match pE against result set columns in the left-most
868 ** SELECT statement. Return the index i of the matching column,
869 ** as an indication to the caller that it should sort by the i-th column.
870 ** The left-most column is 1. In other words, the value returned is the
871 ** same integer value that would be used in the SQL statement to indicate
872 ** the column.
873 **
874 ** If there is no match, return 0. Return -1 if an error occurs.
875 */
resolveOrderByTermToExprList(Parse * pParse,Select * pSelect,Expr * pE)876 static int resolveOrderByTermToExprList(
877 Parse *pParse, /* Parsing context for error messages */
878 Select *pSelect, /* The SELECT statement with the ORDER BY clause */
879 Expr *pE /* The specific ORDER BY term */
880 ){
881 int i; /* Loop counter */
882 ExprList *pEList; /* The columns of the result set */
883 NameContext nc; /* Name context for resolving pE */
884 sqlite3 *db; /* Database connection */
885 int rc; /* Return code from subprocedures */
886 u8 savedSuppErr; /* Saved value of db->suppressErr */
887
888 assert( sqlite3ExprIsInteger(pE, &i)==0 );
889 pEList = pSelect->pEList;
890
891 /* Resolve all names in the ORDER BY term expression
892 */
893 memset(&nc, 0, sizeof(nc));
894 nc.pParse = pParse;
895 nc.pSrcList = pSelect->pSrc;
896 nc.pEList = pEList;
897 nc.ncFlags = NC_AllowAgg;
898 nc.nErr = 0;
899 db = pParse->db;
900 savedSuppErr = db->suppressErr;
901 db->suppressErr = 1;
902 rc = sqlite3ResolveExprNames(&nc, pE);
903 db->suppressErr = savedSuppErr;
904 if( rc ) return 0;
905
906 /* Try to match the ORDER BY expression against an expression
907 ** in the result set. Return an 1-based index of the matching
908 ** result-set entry.
909 */
910 for(i=0; i<pEList->nExpr; i++){
911 if( sqlite3ExprCompare(0, pEList->a[i].pExpr, pE, -1)<2 ){
912 return i+1;
913 }
914 }
915
916 /* If no match, return 0. */
917 return 0;
918 }
919
920 /*
921 ** Generate an ORDER BY or GROUP BY term out-of-range error.
922 */
resolveOutOfRangeError(Parse * pParse,const char * zType,int i,int mx)923 static void resolveOutOfRangeError(
924 Parse *pParse, /* The error context into which to write the error */
925 const char *zType, /* "ORDER" or "GROUP" */
926 int i, /* The index (1-based) of the term out of range */
927 int mx /* Largest permissible value of i */
928 ){
929 sqlite3ErrorMsg(pParse,
930 "%r %s BY term out of range - should be "
931 "between 1 and %d", i, zType, mx);
932 }
933
934 /*
935 ** Analyze the ORDER BY clause in a compound SELECT statement. Modify
936 ** each term of the ORDER BY clause is a constant integer between 1
937 ** and N where N is the number of columns in the compound SELECT.
938 **
939 ** ORDER BY terms that are already an integer between 1 and N are
940 ** unmodified. ORDER BY terms that are integers outside the range of
941 ** 1 through N generate an error. ORDER BY terms that are expressions
942 ** are matched against result set expressions of compound SELECT
943 ** beginning with the left-most SELECT and working toward the right.
944 ** At the first match, the ORDER BY expression is transformed into
945 ** the integer column number.
946 **
947 ** Return the number of errors seen.
948 */
resolveCompoundOrderBy(Parse * pParse,Select * pSelect)949 static int resolveCompoundOrderBy(
950 Parse *pParse, /* Parsing context. Leave error messages here */
951 Select *pSelect /* The SELECT statement containing the ORDER BY */
952 ){
953 int i;
954 ExprList *pOrderBy;
955 ExprList *pEList;
956 sqlite3 *db;
957 int moreToDo = 1;
958
959 pOrderBy = pSelect->pOrderBy;
960 if( pOrderBy==0 ) return 0;
961 db = pParse->db;
962 #if SQLITE_MAX_COLUMN
963 if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
964 sqlite3ErrorMsg(pParse, "too many terms in ORDER BY clause");
965 return 1;
966 }
967 #endif
968 for(i=0; i<pOrderBy->nExpr; i++){
969 pOrderBy->a[i].done = 0;
970 }
971 pSelect->pNext = 0;
972 while( pSelect->pPrior ){
973 pSelect->pPrior->pNext = pSelect;
974 pSelect = pSelect->pPrior;
975 }
976 while( pSelect && moreToDo ){
977 struct ExprList_item *pItem;
978 moreToDo = 0;
979 pEList = pSelect->pEList;
980 assert( pEList!=0 );
981 for(i=0, pItem=pOrderBy->a; i<pOrderBy->nExpr; i++, pItem++){
982 int iCol = -1;
983 Expr *pE, *pDup;
984 if( pItem->done ) continue;
985 pE = sqlite3ExprSkipCollate(pItem->pExpr);
986 if( sqlite3ExprIsInteger(pE, &iCol) ){
987 if( iCol<=0 || iCol>pEList->nExpr ){
988 resolveOutOfRangeError(pParse, "ORDER", i+1, pEList->nExpr);
989 return 1;
990 }
991 }else{
992 iCol = resolveAsName(pParse, pEList, pE);
993 if( iCol==0 ){
994 pDup = sqlite3ExprDup(db, pE, 0);
995 if( !db->mallocFailed ){
996 assert(pDup);
997 iCol = resolveOrderByTermToExprList(pParse, pSelect, pDup);
998 }
999 sqlite3ExprDelete(db, pDup);
1000 }
1001 }
1002 if( iCol>0 ){
1003 /* Convert the ORDER BY term into an integer column number iCol,
1004 ** taking care to preserve the COLLATE clause if it exists */
1005 Expr *pNew = sqlite3Expr(db, TK_INTEGER, 0);
1006 if( pNew==0 ) return 1;
1007 pNew->flags |= EP_IntValue;
1008 pNew->u.iValue = iCol;
1009 if( pItem->pExpr==pE ){
1010 pItem->pExpr = pNew;
1011 }else{
1012 Expr *pParent = pItem->pExpr;
1013 assert( pParent->op==TK_COLLATE );
1014 while( pParent->pLeft->op==TK_COLLATE ) pParent = pParent->pLeft;
1015 assert( pParent->pLeft==pE );
1016 pParent->pLeft = pNew;
1017 }
1018 sqlite3ExprDelete(db, pE);
1019 pItem->u.x.iOrderByCol = (u16)iCol;
1020 pItem->done = 1;
1021 }else{
1022 moreToDo = 1;
1023 }
1024 }
1025 pSelect = pSelect->pNext;
1026 }
1027 for(i=0; i<pOrderBy->nExpr; i++){
1028 if( pOrderBy->a[i].done==0 ){
1029 sqlite3ErrorMsg(pParse, "%r ORDER BY term does not match any "
1030 "column in the result set", i+1);
1031 return 1;
1032 }
1033 }
1034 return 0;
1035 }
1036
1037 /*
1038 ** Check every term in the ORDER BY or GROUP BY clause pOrderBy of
1039 ** the SELECT statement pSelect. If any term is reference to a
1040 ** result set expression (as determined by the ExprList.a.u.x.iOrderByCol
1041 ** field) then convert that term into a copy of the corresponding result set
1042 ** column.
1043 **
1044 ** If any errors are detected, add an error message to pParse and
1045 ** return non-zero. Return zero if no errors are seen.
1046 */
sqlite3ResolveOrderGroupBy(Parse * pParse,Select * pSelect,ExprList * pOrderBy,const char * zType)1047 int sqlite3ResolveOrderGroupBy(
1048 Parse *pParse, /* Parsing context. Leave error messages here */
1049 Select *pSelect, /* The SELECT statement containing the clause */
1050 ExprList *pOrderBy, /* The ORDER BY or GROUP BY clause to be processed */
1051 const char *zType /* "ORDER" or "GROUP" */
1052 ){
1053 int i;
1054 sqlite3 *db = pParse->db;
1055 ExprList *pEList;
1056 struct ExprList_item *pItem;
1057
1058 if( pOrderBy==0 || pParse->db->mallocFailed ) return 0;
1059 #if SQLITE_MAX_COLUMN
1060 if( pOrderBy->nExpr>db->aLimit[SQLITE_LIMIT_COLUMN] ){
1061 sqlite3ErrorMsg(pParse, "too many terms in %s BY clause", zType);
1062 return 1;
1063 }
1064 #endif
1065 pEList = pSelect->pEList;
1066 assert( pEList!=0 ); /* sqlite3SelectNew() guarantees this */
1067 for(i=0, pItem=pOrderBy->a; i<pOrderBy->nExpr; i++, pItem++){
1068 if( pItem->u.x.iOrderByCol ){
1069 if( pItem->u.x.iOrderByCol>pEList->nExpr ){
1070 resolveOutOfRangeError(pParse, zType, i+1, pEList->nExpr);
1071 return 1;
1072 }
1073 resolveAlias(pParse, pEList, pItem->u.x.iOrderByCol-1, pItem->pExpr,
1074 zType,0);
1075 }
1076 }
1077 return 0;
1078 }
1079
1080 /*
1081 ** pOrderBy is an ORDER BY or GROUP BY clause in SELECT statement pSelect.
1082 ** The Name context of the SELECT statement is pNC. zType is either
1083 ** "ORDER" or "GROUP" depending on which type of clause pOrderBy is.
1084 **
1085 ** This routine resolves each term of the clause into an expression.
1086 ** If the order-by term is an integer I between 1 and N (where N is the
1087 ** number of columns in the result set of the SELECT) then the expression
1088 ** in the resolution is a copy of the I-th result-set expression. If
1089 ** the order-by term is an identifier that corresponds to the AS-name of
1090 ** a result-set expression, then the term resolves to a copy of the
1091 ** result-set expression. Otherwise, the expression is resolved in
1092 ** the usual way - using sqlite3ResolveExprNames().
1093 **
1094 ** This routine returns the number of errors. If errors occur, then
1095 ** an appropriate error message might be left in pParse. (OOM errors
1096 ** excepted.)
1097 */
resolveOrderGroupBy(NameContext * pNC,Select * pSelect,ExprList * pOrderBy,const char * zType)1098 static int resolveOrderGroupBy(
1099 NameContext *pNC, /* The name context of the SELECT statement */
1100 Select *pSelect, /* The SELECT statement holding pOrderBy */
1101 ExprList *pOrderBy, /* An ORDER BY or GROUP BY clause to resolve */
1102 const char *zType /* Either "ORDER" or "GROUP", as appropriate */
1103 ){
1104 int i, j; /* Loop counters */
1105 int iCol; /* Column number */
1106 struct ExprList_item *pItem; /* A term of the ORDER BY clause */
1107 Parse *pParse; /* Parsing context */
1108 int nResult; /* Number of terms in the result set */
1109
1110 if( pOrderBy==0 ) return 0;
1111 nResult = pSelect->pEList->nExpr;
1112 pParse = pNC->pParse;
1113 for(i=0, pItem=pOrderBy->a; i<pOrderBy->nExpr; i++, pItem++){
1114 Expr *pE = pItem->pExpr;
1115 Expr *pE2 = sqlite3ExprSkipCollate(pE);
1116 if( zType[0]!='G' ){
1117 iCol = resolveAsName(pParse, pSelect->pEList, pE2);
1118 if( iCol>0 ){
1119 /* If an AS-name match is found, mark this ORDER BY column as being
1120 ** a copy of the iCol-th result-set column. The subsequent call to
1121 ** sqlite3ResolveOrderGroupBy() will convert the expression to a
1122 ** copy of the iCol-th result-set expression. */
1123 pItem->u.x.iOrderByCol = (u16)iCol;
1124 continue;
1125 }
1126 }
1127 if( sqlite3ExprIsInteger(pE2, &iCol) ){
1128 /* The ORDER BY term is an integer constant. Again, set the column
1129 ** number so that sqlite3ResolveOrderGroupBy() will convert the
1130 ** order-by term to a copy of the result-set expression */
1131 if( iCol<1 || iCol>0xffff ){
1132 resolveOutOfRangeError(pParse, zType, i+1, nResult);
1133 return 1;
1134 }
1135 pItem->u.x.iOrderByCol = (u16)iCol;
1136 continue;
1137 }
1138
1139 /* Otherwise, treat the ORDER BY term as an ordinary expression */
1140 pItem->u.x.iOrderByCol = 0;
1141 if( sqlite3ResolveExprNames(pNC, pE) ){
1142 return 1;
1143 }
1144 for(j=0; j<pSelect->pEList->nExpr; j++){
1145 if( sqlite3ExprCompare(0, pE, pSelect->pEList->a[j].pExpr, -1)==0 ){
1146 pItem->u.x.iOrderByCol = j+1;
1147 }
1148 }
1149 }
1150 return sqlite3ResolveOrderGroupBy(pParse, pSelect, pOrderBy, zType);
1151 }
1152
1153 /*
1154 ** Resolve names in the SELECT statement p and all of its descendants.
1155 */
resolveSelectStep(Walker * pWalker,Select * p)1156 static int resolveSelectStep(Walker *pWalker, Select *p){
1157 NameContext *pOuterNC; /* Context that contains this SELECT */
1158 NameContext sNC; /* Name context of this SELECT */
1159 int isCompound; /* True if p is a compound select */
1160 int nCompound; /* Number of compound terms processed so far */
1161 Parse *pParse; /* Parsing context */
1162 int i; /* Loop counter */
1163 ExprList *pGroupBy; /* The GROUP BY clause */
1164 Select *pLeftmost; /* Left-most of SELECT of a compound */
1165 sqlite3 *db; /* Database connection */
1166
1167
1168 assert( p!=0 );
1169 if( p->selFlags & SF_Resolved ){
1170 return WRC_Prune;
1171 }
1172 pOuterNC = pWalker->u.pNC;
1173 pParse = pWalker->pParse;
1174 db = pParse->db;
1175
1176 /* Normally sqlite3SelectExpand() will be called first and will have
1177 ** already expanded this SELECT. However, if this is a subquery within
1178 ** an expression, sqlite3ResolveExprNames() will be called without a
1179 ** prior call to sqlite3SelectExpand(). When that happens, let
1180 ** sqlite3SelectPrep() do all of the processing for this SELECT.
1181 ** sqlite3SelectPrep() will invoke both sqlite3SelectExpand() and
1182 ** this routine in the correct order.
1183 */
1184 if( (p->selFlags & SF_Expanded)==0 ){
1185 sqlite3SelectPrep(pParse, p, pOuterNC);
1186 return (pParse->nErr || db->mallocFailed) ? WRC_Abort : WRC_Prune;
1187 }
1188
1189 isCompound = p->pPrior!=0;
1190 nCompound = 0;
1191 pLeftmost = p;
1192 while( p ){
1193 assert( (p->selFlags & SF_Expanded)!=0 );
1194 assert( (p->selFlags & SF_Resolved)==0 );
1195 p->selFlags |= SF_Resolved;
1196
1197 /* Resolve the expressions in the LIMIT and OFFSET clauses. These
1198 ** are not allowed to refer to any names, so pass an empty NameContext.
1199 */
1200 memset(&sNC, 0, sizeof(sNC));
1201 sNC.pParse = pParse;
1202 if( sqlite3ResolveExprNames(&sNC, p->pLimit) ||
1203 sqlite3ResolveExprNames(&sNC, p->pOffset) ){
1204 return WRC_Abort;
1205 }
1206
1207 /* If the SF_Converted flags is set, then this Select object was
1208 ** was created by the convertCompoundSelectToSubquery() function.
1209 ** In this case the ORDER BY clause (p->pOrderBy) should be resolved
1210 ** as if it were part of the sub-query, not the parent. This block
1211 ** moves the pOrderBy down to the sub-query. It will be moved back
1212 ** after the names have been resolved. */
1213 if( p->selFlags & SF_Converted ){
1214 Select *pSub = p->pSrc->a[0].pSelect;
1215 assert( p->pSrc->nSrc==1 && p->pOrderBy );
1216 assert( pSub->pPrior && pSub->pOrderBy==0 );
1217 pSub->pOrderBy = p->pOrderBy;
1218 p->pOrderBy = 0;
1219 }
1220
1221 /* Recursively resolve names in all subqueries
1222 */
1223 for(i=0; i<p->pSrc->nSrc; i++){
1224 struct SrcList_item *pItem = &p->pSrc->a[i];
1225 if( pItem->pSelect ){
1226 NameContext *pNC; /* Used to iterate name contexts */
1227 int nRef = 0; /* Refcount for pOuterNC and outer contexts */
1228 const char *zSavedContext = pParse->zAuthContext;
1229
1230 /* Count the total number of references to pOuterNC and all of its
1231 ** parent contexts. After resolving references to expressions in
1232 ** pItem->pSelect, check if this value has changed. If so, then
1233 ** SELECT statement pItem->pSelect must be correlated. Set the
1234 ** pItem->fg.isCorrelated flag if this is the case. */
1235 for(pNC=pOuterNC; pNC; pNC=pNC->pNext) nRef += pNC->nRef;
1236
1237 if( pItem->zName ) pParse->zAuthContext = pItem->zName;
1238 sqlite3ResolveSelectNames(pParse, pItem->pSelect, pOuterNC);
1239 pParse->zAuthContext = zSavedContext;
1240 if( pParse->nErr || db->mallocFailed ) return WRC_Abort;
1241
1242 for(pNC=pOuterNC; pNC; pNC=pNC->pNext) nRef -= pNC->nRef;
1243 assert( pItem->fg.isCorrelated==0 && nRef<=0 );
1244 pItem->fg.isCorrelated = (nRef!=0);
1245 }
1246 }
1247
1248 /* Set up the local name-context to pass to sqlite3ResolveExprNames() to
1249 ** resolve the result-set expression list.
1250 */
1251 sNC.ncFlags = NC_AllowAgg;
1252 sNC.pSrcList = p->pSrc;
1253 sNC.pNext = pOuterNC;
1254
1255 /* Resolve names in the result set. */
1256 if( sqlite3ResolveExprListNames(&sNC, p->pEList) ) return WRC_Abort;
1257
1258 /* If there are no aggregate functions in the result-set, and no GROUP BY
1259 ** expression, do not allow aggregates in any of the other expressions.
1260 */
1261 assert( (p->selFlags & SF_Aggregate)==0 );
1262 pGroupBy = p->pGroupBy;
1263 if( pGroupBy || (sNC.ncFlags & NC_HasAgg)!=0 ){
1264 assert( NC_MinMaxAgg==SF_MinMaxAgg );
1265 p->selFlags |= SF_Aggregate | (sNC.ncFlags&NC_MinMaxAgg);
1266 }else{
1267 sNC.ncFlags &= ~NC_AllowAgg;
1268 }
1269
1270 /* If a HAVING clause is present, then there must be a GROUP BY clause.
1271 */
1272 if( p->pHaving && !pGroupBy ){
1273 sqlite3ErrorMsg(pParse, "a GROUP BY clause is required before HAVING");
1274 return WRC_Abort;
1275 }
1276
1277 /* Add the output column list to the name-context before parsing the
1278 ** other expressions in the SELECT statement. This is so that
1279 ** expressions in the WHERE clause (etc.) can refer to expressions by
1280 ** aliases in the result set.
1281 **
1282 ** Minor point: If this is the case, then the expression will be
1283 ** re-evaluated for each reference to it.
1284 */
1285 sNC.pEList = p->pEList;
1286 if( sqlite3ResolveExprNames(&sNC, p->pHaving) ) return WRC_Abort;
1287 if( sqlite3ResolveExprNames(&sNC, p->pWhere) ) return WRC_Abort;
1288
1289 /* Resolve names in table-valued-function arguments */
1290 for(i=0; i<p->pSrc->nSrc; i++){
1291 struct SrcList_item *pItem = &p->pSrc->a[i];
1292 if( pItem->fg.isTabFunc
1293 && sqlite3ResolveExprListNames(&sNC, pItem->u1.pFuncArg)
1294 ){
1295 return WRC_Abort;
1296 }
1297 }
1298
1299 /* The ORDER BY and GROUP BY clauses may not refer to terms in
1300 ** outer queries
1301 */
1302 sNC.pNext = 0;
1303 sNC.ncFlags |= NC_AllowAgg;
1304
1305 /* If this is a converted compound query, move the ORDER BY clause from
1306 ** the sub-query back to the parent query. At this point each term
1307 ** within the ORDER BY clause has been transformed to an integer value.
1308 ** These integers will be replaced by copies of the corresponding result
1309 ** set expressions by the call to resolveOrderGroupBy() below. */
1310 if( p->selFlags & SF_Converted ){
1311 Select *pSub = p->pSrc->a[0].pSelect;
1312 p->pOrderBy = pSub->pOrderBy;
1313 pSub->pOrderBy = 0;
1314 }
1315
1316 /* Process the ORDER BY clause for singleton SELECT statements.
1317 ** The ORDER BY clause for compounds SELECT statements is handled
1318 ** below, after all of the result-sets for all of the elements of
1319 ** the compound have been resolved.
1320 **
1321 ** If there is an ORDER BY clause on a term of a compound-select other
1322 ** than the right-most term, then that is a syntax error. But the error
1323 ** is not detected until much later, and so we need to go ahead and
1324 ** resolve those symbols on the incorrect ORDER BY for consistency.
1325 */
1326 if( isCompound<=nCompound /* Defer right-most ORDER BY of a compound */
1327 && resolveOrderGroupBy(&sNC, p, p->pOrderBy, "ORDER")
1328 ){
1329 return WRC_Abort;
1330 }
1331 if( db->mallocFailed ){
1332 return WRC_Abort;
1333 }
1334
1335 /* Resolve the GROUP BY clause. At the same time, make sure
1336 ** the GROUP BY clause does not contain aggregate functions.
1337 */
1338 if( pGroupBy ){
1339 struct ExprList_item *pItem;
1340
1341 if( resolveOrderGroupBy(&sNC, p, pGroupBy, "GROUP") || db->mallocFailed ){
1342 return WRC_Abort;
1343 }
1344 for(i=0, pItem=pGroupBy->a; i<pGroupBy->nExpr; i++, pItem++){
1345 if( ExprHasProperty(pItem->pExpr, EP_Agg) ){
1346 sqlite3ErrorMsg(pParse, "aggregate functions are not allowed in "
1347 "the GROUP BY clause");
1348 return WRC_Abort;
1349 }
1350 }
1351 }
1352
1353 /* If this is part of a compound SELECT, check that it has the right
1354 ** number of expressions in the select list. */
1355 if( p->pNext && p->pEList->nExpr!=p->pNext->pEList->nExpr ){
1356 sqlite3SelectWrongNumTermsError(pParse, p->pNext);
1357 return WRC_Abort;
1358 }
1359
1360 /* Advance to the next term of the compound
1361 */
1362 p = p->pPrior;
1363 nCompound++;
1364 }
1365
1366 /* Resolve the ORDER BY on a compound SELECT after all terms of
1367 ** the compound have been resolved.
1368 */
1369 if( isCompound && resolveCompoundOrderBy(pParse, pLeftmost) ){
1370 return WRC_Abort;
1371 }
1372
1373 return WRC_Prune;
1374 }
1375
1376 /*
1377 ** This routine walks an expression tree and resolves references to
1378 ** table columns and result-set columns. At the same time, do error
1379 ** checking on function usage and set a flag if any aggregate functions
1380 ** are seen.
1381 **
1382 ** To resolve table columns references we look for nodes (or subtrees) of the
1383 ** form X.Y.Z or Y.Z or just Z where
1384 **
1385 ** X: The name of a database. Ex: "main" or "temp" or
1386 ** the symbolic name assigned to an ATTACH-ed database.
1387 **
1388 ** Y: The name of a table in a FROM clause. Or in a trigger
1389 ** one of the special names "old" or "new".
1390 **
1391 ** Z: The name of a column in table Y.
1392 **
1393 ** The node at the root of the subtree is modified as follows:
1394 **
1395 ** Expr.op Changed to TK_COLUMN
1396 ** Expr.pTab Points to the Table object for X.Y
1397 ** Expr.iColumn The column index in X.Y. -1 for the rowid.
1398 ** Expr.iTable The VDBE cursor number for X.Y
1399 **
1400 **
1401 ** To resolve result-set references, look for expression nodes of the
1402 ** form Z (with no X and Y prefix) where the Z matches the right-hand
1403 ** size of an AS clause in the result-set of a SELECT. The Z expression
1404 ** is replaced by a copy of the left-hand side of the result-set expression.
1405 ** Table-name and function resolution occurs on the substituted expression
1406 ** tree. For example, in:
1407 **
1408 ** SELECT a+b AS x, c+d AS y FROM t1 ORDER BY x;
1409 **
1410 ** The "x" term of the order by is replaced by "a+b" to render:
1411 **
1412 ** SELECT a+b AS x, c+d AS y FROM t1 ORDER BY a+b;
1413 **
1414 ** Function calls are checked to make sure that the function is
1415 ** defined and that the correct number of arguments are specified.
1416 ** If the function is an aggregate function, then the NC_HasAgg flag is
1417 ** set and the opcode is changed from TK_FUNCTION to TK_AGG_FUNCTION.
1418 ** If an expression contains aggregate functions then the EP_Agg
1419 ** property on the expression is set.
1420 **
1421 ** An error message is left in pParse if anything is amiss. The number
1422 ** if errors is returned.
1423 */
sqlite3ResolveExprNames(NameContext * pNC,Expr * pExpr)1424 int sqlite3ResolveExprNames(
1425 NameContext *pNC, /* Namespace to resolve expressions in. */
1426 Expr *pExpr /* The expression to be analyzed. */
1427 ){
1428 u16 savedHasAgg;
1429 Walker w;
1430
1431 if( pExpr==0 ) return SQLITE_OK;
1432 savedHasAgg = pNC->ncFlags & (NC_HasAgg|NC_MinMaxAgg);
1433 pNC->ncFlags &= ~(NC_HasAgg|NC_MinMaxAgg);
1434 w.pParse = pNC->pParse;
1435 w.xExprCallback = resolveExprStep;
1436 w.xSelectCallback = resolveSelectStep;
1437 w.xSelectCallback2 = 0;
1438 w.u.pNC = pNC;
1439 #if SQLITE_MAX_EXPR_DEPTH>0
1440 w.pParse->nHeight += pExpr->nHeight;
1441 if( sqlite3ExprCheckHeight(w.pParse, w.pParse->nHeight) ){
1442 return SQLITE_ERROR;
1443 }
1444 #endif
1445 sqlite3WalkExpr(&w, pExpr);
1446 #if SQLITE_MAX_EXPR_DEPTH>0
1447 w.pParse->nHeight -= pExpr->nHeight;
1448 #endif
1449 if( pNC->ncFlags & NC_HasAgg ){
1450 ExprSetProperty(pExpr, EP_Agg);
1451 }
1452 pNC->ncFlags |= savedHasAgg;
1453 return pNC->nErr>0 || w.pParse->nErr>0;
1454 }
1455
1456 /*
1457 ** Resolve all names for all expression in an expression list. This is
1458 ** just like sqlite3ResolveExprNames() except that it works for an expression
1459 ** list rather than a single expression.
1460 */
sqlite3ResolveExprListNames(NameContext * pNC,ExprList * pList)1461 int sqlite3ResolveExprListNames(
1462 NameContext *pNC, /* Namespace to resolve expressions in. */
1463 ExprList *pList /* The expression list to be analyzed. */
1464 ){
1465 int i;
1466 if( pList ){
1467 for(i=0; i<pList->nExpr; i++){
1468 if( sqlite3ResolveExprNames(pNC, pList->a[i].pExpr) ) return WRC_Abort;
1469 }
1470 }
1471 return WRC_Continue;
1472 }
1473
1474 /*
1475 ** Resolve all names in all expressions of a SELECT and in all
1476 ** decendents of the SELECT, including compounds off of p->pPrior,
1477 ** subqueries in expressions, and subqueries used as FROM clause
1478 ** terms.
1479 **
1480 ** See sqlite3ResolveExprNames() for a description of the kinds of
1481 ** transformations that occur.
1482 **
1483 ** All SELECT statements should have been expanded using
1484 ** sqlite3SelectExpand() prior to invoking this routine.
1485 */
sqlite3ResolveSelectNames(Parse * pParse,Select * p,NameContext * pOuterNC)1486 void sqlite3ResolveSelectNames(
1487 Parse *pParse, /* The parser context */
1488 Select *p, /* The SELECT statement being coded. */
1489 NameContext *pOuterNC /* Name context for parent SELECT statement */
1490 ){
1491 Walker w;
1492
1493 assert( p!=0 );
1494 w.xExprCallback = resolveExprStep;
1495 w.xSelectCallback = resolveSelectStep;
1496 w.xSelectCallback2 = 0;
1497 w.pParse = pParse;
1498 w.u.pNC = pOuterNC;
1499 sqlite3WalkSelect(&w, p);
1500 }
1501
1502 /*
1503 ** Resolve names in expressions that can only reference a single table:
1504 **
1505 ** * CHECK constraints
1506 ** * WHERE clauses on partial indices
1507 **
1508 ** The Expr.iTable value for Expr.op==TK_COLUMN nodes of the expression
1509 ** is set to -1 and the Expr.iColumn value is set to the column number.
1510 **
1511 ** Any errors cause an error message to be set in pParse.
1512 */
sqlite3ResolveSelfReference(Parse * pParse,Table * pTab,int type,Expr * pExpr,ExprList * pList)1513 void sqlite3ResolveSelfReference(
1514 Parse *pParse, /* Parsing context */
1515 Table *pTab, /* The table being referenced */
1516 int type, /* NC_IsCheck or NC_PartIdx or NC_IdxExpr */
1517 Expr *pExpr, /* Expression to resolve. May be NULL. */
1518 ExprList *pList /* Expression list to resolve. May be NUL. */
1519 ){
1520 SrcList sSrc; /* Fake SrcList for pParse->pNewTable */
1521 NameContext sNC; /* Name context for pParse->pNewTable */
1522
1523 assert( type==NC_IsCheck || type==NC_PartIdx || type==NC_IdxExpr );
1524 memset(&sNC, 0, sizeof(sNC));
1525 memset(&sSrc, 0, sizeof(sSrc));
1526 sSrc.nSrc = 1;
1527 sSrc.a[0].zName = pTab->zName;
1528 sSrc.a[0].pTab = pTab;
1529 sSrc.a[0].iCursor = -1;
1530 sNC.pParse = pParse;
1531 sNC.pSrcList = &sSrc;
1532 sNC.ncFlags = type;
1533 if( sqlite3ResolveExprNames(&sNC, pExpr) ) return;
1534 if( pList ) sqlite3ResolveExprListNames(&sNC, pList);
1535 }
1536