1 /*
2 ** 2001 September 15
3 **
4 ** The author disclaims copyright to this source code.  In place of
5 ** a legal notice, here is a blessing:
6 **
7 **    May you do good and not evil.
8 **    May you find forgiveness for yourself and forgive others.
9 **    May you share freely, never taking more than you give.
10 **
11 *************************************************************************
12 ** This file contains routines used for analyzing expressions and
13 ** for generating VDBE code that evaluates expressions in SQLite.
14 **
15 ** $Id: expr.c,v 1.1.1.1 2004/08/08 15:03:57 matt Exp $
16 */
17 #include "sqliteInt.h"
18 #include <ctype.h>
19 
20 /*
21 ** Construct a new expression node and return a pointer to it.  Memory
22 ** for this node is obtained from sqliteMalloc().  The calling function
23 ** is responsible for making sure the node eventually gets freed.
24 */
sqliteExpr(int op,Expr * pLeft,Expr * pRight,Token * pToken)25 Expr *sqliteExpr(int op, Expr *pLeft, Expr *pRight, Token *pToken){
26   Expr *pNew;
27   pNew = sqliteMalloc( sizeof(Expr) );
28   if( pNew==0 ){
29     /* When malloc fails, we leak memory from pLeft and pRight */
30     return 0;
31   }
32   pNew->op = op;
33   pNew->pLeft = pLeft;
34   pNew->pRight = pRight;
35   if( pToken ){
36     assert( pToken->dyn==0 );
37     pNew->token = *pToken;
38     pNew->span = *pToken;
39   }else{
40     assert( pNew->token.dyn==0 );
41     assert( pNew->token.z==0 );
42     assert( pNew->token.n==0 );
43     if( pLeft && pRight ){
44       sqliteExprSpan(pNew, &pLeft->span, &pRight->span);
45     }else{
46       pNew->span = pNew->token;
47     }
48   }
49   return pNew;
50 }
51 
52 /*
53 ** Set the Expr.span field of the given expression to span all
54 ** text between the two given tokens.
55 */
sqliteExprSpan(Expr * pExpr,Token * pLeft,Token * pRight)56 void sqliteExprSpan(Expr *pExpr, Token *pLeft, Token *pRight){
57   assert( pRight!=0 );
58   assert( pLeft!=0 );
59   /* Note: pExpr might be NULL due to a prior malloc failure */
60   if( pExpr && pRight->z && pLeft->z ){
61     if( pLeft->dyn==0 && pRight->dyn==0 ){
62       pExpr->span.z = pLeft->z;
63       pExpr->span.n = pRight->n + Addr(pRight->z) - Addr(pLeft->z);
64     }else{
65       pExpr->span.z = 0;
66     }
67   }
68 }
69 
70 /*
71 ** Construct a new expression node for a function with multiple
72 ** arguments.
73 */
sqliteExprFunction(ExprList * pList,Token * pToken)74 Expr *sqliteExprFunction(ExprList *pList, Token *pToken){
75   Expr *pNew;
76   pNew = sqliteMalloc( sizeof(Expr) );
77   if( pNew==0 ){
78     /* sqliteExprListDelete(pList); // Leak pList when malloc fails */
79     return 0;
80   }
81   pNew->op = TK_FUNCTION;
82   pNew->pList = pList;
83   if( pToken ){
84     assert( pToken->dyn==0 );
85     pNew->token = *pToken;
86   }else{
87     pNew->token.z = 0;
88   }
89   pNew->span = pNew->token;
90   return pNew;
91 }
92 
93 /*
94 ** Recursively delete an expression tree.
95 */
sqliteExprDelete(Expr * p)96 void sqliteExprDelete(Expr *p){
97   if( p==0 ) return;
98   if( p->span.dyn ) sqliteFree((char*)p->span.z);
99   if( p->token.dyn ) sqliteFree((char*)p->token.z);
100   sqliteExprDelete(p->pLeft);
101   sqliteExprDelete(p->pRight);
102   sqliteExprListDelete(p->pList);
103   sqliteSelectDelete(p->pSelect);
104   sqliteFree(p);
105 }
106 
107 
108 /*
109 ** The following group of routines make deep copies of expressions,
110 ** expression lists, ID lists, and select statements.  The copies can
111 ** be deleted (by being passed to their respective ...Delete() routines)
112 ** without effecting the originals.
113 **
114 ** The expression list, ID, and source lists return by sqliteExprListDup(),
115 ** sqliteIdListDup(), and sqliteSrcListDup() can not be further expanded
116 ** by subsequent calls to sqlite*ListAppend() routines.
117 **
118 ** Any tables that the SrcList might point to are not duplicated.
119 */
sqliteExprDup(Expr * p)120 Expr *sqliteExprDup(Expr *p){
121   Expr *pNew;
122   if( p==0 ) return 0;
123   pNew = sqliteMallocRaw( sizeof(*p) );
124   if( pNew==0 ) return 0;
125   memcpy(pNew, p, sizeof(*pNew));
126   if( p->token.z!=0 ){
127     pNew->token.z = sqliteStrDup(p->token.z);
128     pNew->token.dyn = 1;
129   }else{
130     assert( pNew->token.z==0 );
131   }
132   pNew->span.z = 0;
133   pNew->pLeft = sqliteExprDup(p->pLeft);
134   pNew->pRight = sqliteExprDup(p->pRight);
135   pNew->pList = sqliteExprListDup(p->pList);
136   pNew->pSelect = sqliteSelectDup(p->pSelect);
137   return pNew;
138 }
sqliteTokenCopy(Token * pTo,Token * pFrom)139 void sqliteTokenCopy(Token *pTo, Token *pFrom){
140   if( pTo->dyn ) sqliteFree((char*)pTo->z);
141   if( pFrom->z ){
142     pTo->n = pFrom->n;
143     pTo->z = sqliteStrNDup(pFrom->z, pFrom->n);
144     pTo->dyn = 1;
145   }else{
146     pTo->z = 0;
147   }
148 }
sqliteExprListDup(ExprList * p)149 ExprList *sqliteExprListDup(ExprList *p){
150   ExprList *pNew;
151   struct ExprList_item *pItem;
152   int i;
153   if( p==0 ) return 0;
154   pNew = sqliteMalloc( sizeof(*pNew) );
155   if( pNew==0 ) return 0;
156   pNew->nExpr = pNew->nAlloc = p->nExpr;
157   pNew->a = pItem = sqliteMalloc( p->nExpr*sizeof(p->a[0]) );
158   if( pItem==0 ){
159     sqliteFree(pNew);
160     return 0;
161   }
162   for(i=0; i<p->nExpr; i++, pItem++){
163     Expr *pNewExpr, *pOldExpr;
164     pItem->pExpr = pNewExpr = sqliteExprDup(pOldExpr = p->a[i].pExpr);
165     if( pOldExpr->span.z!=0 && pNewExpr ){
166       /* Always make a copy of the span for top-level expressions in the
167       ** expression list.  The logic in SELECT processing that determines
168       ** the names of columns in the result set needs this information */
169       sqliteTokenCopy(&pNewExpr->span, &pOldExpr->span);
170     }
171     assert( pNewExpr==0 || pNewExpr->span.z!=0
172             || pOldExpr->span.z==0 || sqlite_malloc_failed );
173     pItem->zName = sqliteStrDup(p->a[i].zName);
174     pItem->sortOrder = p->a[i].sortOrder;
175     pItem->isAgg = p->a[i].isAgg;
176     pItem->done = 0;
177   }
178   return pNew;
179 }
sqliteSrcListDup(SrcList * p)180 SrcList *sqliteSrcListDup(SrcList *p){
181   SrcList *pNew;
182   int i;
183   int nByte;
184   if( p==0 ) return 0;
185   nByte = sizeof(*p) + (p->nSrc>0 ? sizeof(p->a[0]) * (p->nSrc-1) : 0);
186   pNew = sqliteMallocRaw( nByte );
187   if( pNew==0 ) return 0;
188   pNew->nSrc = pNew->nAlloc = p->nSrc;
189   for(i=0; i<p->nSrc; i++){
190     struct SrcList_item *pNewItem = &pNew->a[i];
191     struct SrcList_item *pOldItem = &p->a[i];
192     pNewItem->zDatabase = sqliteStrDup(pOldItem->zDatabase);
193     pNewItem->zName = sqliteStrDup(pOldItem->zName);
194     pNewItem->zAlias = sqliteStrDup(pOldItem->zAlias);
195     pNewItem->jointype = pOldItem->jointype;
196     pNewItem->iCursor = pOldItem->iCursor;
197     pNewItem->pTab = 0;
198     pNewItem->pSelect = sqliteSelectDup(pOldItem->pSelect);
199     pNewItem->pOn = sqliteExprDup(pOldItem->pOn);
200     pNewItem->pUsing = sqliteIdListDup(pOldItem->pUsing);
201   }
202   return pNew;
203 }
sqliteIdListDup(IdList * p)204 IdList *sqliteIdListDup(IdList *p){
205   IdList *pNew;
206   int i;
207   if( p==0 ) return 0;
208   pNew = sqliteMallocRaw( sizeof(*pNew) );
209   if( pNew==0 ) return 0;
210   pNew->nId = pNew->nAlloc = p->nId;
211   pNew->a = sqliteMallocRaw( p->nId*sizeof(p->a[0]) );
212   if( pNew->a==0 ) return 0;
213   for(i=0; i<p->nId; i++){
214     struct IdList_item *pNewItem = &pNew->a[i];
215     struct IdList_item *pOldItem = &p->a[i];
216     pNewItem->zName = sqliteStrDup(pOldItem->zName);
217     pNewItem->idx = pOldItem->idx;
218   }
219   return pNew;
220 }
sqliteSelectDup(Select * p)221 Select *sqliteSelectDup(Select *p){
222   Select *pNew;
223   if( p==0 ) return 0;
224   pNew = sqliteMallocRaw( sizeof(*p) );
225   if( pNew==0 ) return 0;
226   pNew->isDistinct = p->isDistinct;
227   pNew->pEList = sqliteExprListDup(p->pEList);
228   pNew->pSrc = sqliteSrcListDup(p->pSrc);
229   pNew->pWhere = sqliteExprDup(p->pWhere);
230   pNew->pGroupBy = sqliteExprListDup(p->pGroupBy);
231   pNew->pHaving = sqliteExprDup(p->pHaving);
232   pNew->pOrderBy = sqliteExprListDup(p->pOrderBy);
233   pNew->op = p->op;
234   pNew->pPrior = sqliteSelectDup(p->pPrior);
235   pNew->nLimit = p->nLimit;
236   pNew->nOffset = p->nOffset;
237   pNew->zSelect = 0;
238   pNew->iLimit = -1;
239   pNew->iOffset = -1;
240   return pNew;
241 }
242 
243 
244 /*
245 ** Add a new element to the end of an expression list.  If pList is
246 ** initially NULL, then create a new expression list.
247 */
sqliteExprListAppend(ExprList * pList,Expr * pExpr,Token * pName)248 ExprList *sqliteExprListAppend(ExprList *pList, Expr *pExpr, Token *pName){
249   if( pList==0 ){
250     pList = sqliteMalloc( sizeof(ExprList) );
251     if( pList==0 ){
252       /* sqliteExprDelete(pExpr); // Leak memory if malloc fails */
253       return 0;
254     }
255     assert( pList->nAlloc==0 );
256   }
257   if( pList->nAlloc<=pList->nExpr ){
258     pList->nAlloc = pList->nAlloc*2 + 4;
259     pList->a = sqliteRealloc(pList->a, pList->nAlloc*sizeof(pList->a[0]));
260     if( pList->a==0 ){
261       /* sqliteExprDelete(pExpr); // Leak memory if malloc fails */
262       pList->nExpr = pList->nAlloc = 0;
263       return pList;
264     }
265   }
266   assert( pList->a!=0 );
267   if( pExpr || pName ){
268     struct ExprList_item *pItem = &pList->a[pList->nExpr++];
269     memset(pItem, 0, sizeof(*pItem));
270     pItem->pExpr = pExpr;
271     if( pName ){
272       sqliteSetNString(&pItem->zName, pName->z, pName->n, 0);
273       sqliteDequote(pItem->zName);
274     }
275   }
276   return pList;
277 }
278 
279 /*
280 ** Delete an entire expression list.
281 */
sqliteExprListDelete(ExprList * pList)282 void sqliteExprListDelete(ExprList *pList){
283   int i;
284   if( pList==0 ) return;
285   assert( pList->a!=0 || (pList->nExpr==0 && pList->nAlloc==0) );
286   assert( pList->nExpr<=pList->nAlloc );
287   for(i=0; i<pList->nExpr; i++){
288     sqliteExprDelete(pList->a[i].pExpr);
289     sqliteFree(pList->a[i].zName);
290   }
291   sqliteFree(pList->a);
292   sqliteFree(pList);
293 }
294 
295 /*
296 ** Walk an expression tree.  Return 1 if the expression is constant
297 ** and 0 if it involves variables.
298 **
299 ** For the purposes of this function, a double-quoted string (ex: "abc")
300 ** is considered a variable but a single-quoted string (ex: 'abc') is
301 ** a constant.
302 */
sqliteExprIsConstant(Expr * p)303 int sqliteExprIsConstant(Expr *p){
304   switch( p->op ){
305     case TK_ID:
306     case TK_COLUMN:
307     case TK_DOT:
308     case TK_FUNCTION:
309       return 0;
310     case TK_NULL:
311     case TK_STRING:
312     case TK_INTEGER:
313     case TK_FLOAT:
314     case TK_VARIABLE:
315       return 1;
316     default: {
317       if( p->pLeft && !sqliteExprIsConstant(p->pLeft) ) return 0;
318       if( p->pRight && !sqliteExprIsConstant(p->pRight) ) return 0;
319       if( p->pList ){
320         int i;
321         for(i=0; i<p->pList->nExpr; i++){
322           if( !sqliteExprIsConstant(p->pList->a[i].pExpr) ) return 0;
323         }
324       }
325       return p->pLeft!=0 || p->pRight!=0 || (p->pList && p->pList->nExpr>0);
326     }
327   }
328   return 0;
329 }
330 
331 /*
332 ** If the given expression codes a constant integer that is small enough
333 ** to fit in a 32-bit integer, return 1 and put the value of the integer
334 ** in *pValue.  If the expression is not an integer or if it is too big
335 ** to fit in a signed 32-bit integer, return 0 and leave *pValue unchanged.
336 */
sqliteExprIsInteger(Expr * p,int * pValue)337 int sqliteExprIsInteger(Expr *p, int *pValue){
338   switch( p->op ){
339     case TK_INTEGER: {
340       if( sqliteFitsIn32Bits(p->token.z) ){
341         *pValue = atoi(p->token.z);
342         return 1;
343       }
344       break;
345     }
346     case TK_STRING: {
347       const char *z = p->token.z;
348       int n = p->token.n;
349       if( n>0 && z[0]=='-' ){ z++; n--; }
350       while( n>0 && *z && isdigit(*z) ){ z++; n--; }
351       if( n==0 && sqliteFitsIn32Bits(p->token.z) ){
352         *pValue = atoi(p->token.z);
353         return 1;
354       }
355       break;
356     }
357     case TK_UPLUS: {
358       return sqliteExprIsInteger(p->pLeft, pValue);
359     }
360     case TK_UMINUS: {
361       int v;
362       if( sqliteExprIsInteger(p->pLeft, &v) ){
363         *pValue = -v;
364         return 1;
365       }
366       break;
367     }
368     default: break;
369   }
370   return 0;
371 }
372 
373 /*
374 ** Return TRUE if the given string is a row-id column name.
375 */
sqliteIsRowid(const char * z)376 int sqliteIsRowid(const char *z){
377   if( sqliteStrICmp(z, "_ROWID_")==0 ) return 1;
378   if( sqliteStrICmp(z, "ROWID")==0 ) return 1;
379   if( sqliteStrICmp(z, "OID")==0 ) return 1;
380   return 0;
381 }
382 
383 /*
384 ** Given the name of a column of the form X.Y.Z or Y.Z or just Z, look up
385 ** that name in the set of source tables in pSrcList and make the pExpr
386 ** expression node refer back to that source column.  The following changes
387 ** are made to pExpr:
388 **
389 **    pExpr->iDb           Set the index in db->aDb[] of the database holding
390 **                         the table.
391 **    pExpr->iTable        Set to the cursor number for the table obtained
392 **                         from pSrcList.
393 **    pExpr->iColumn       Set to the column number within the table.
394 **    pExpr->dataType      Set to the appropriate data type for the column.
395 **    pExpr->op            Set to TK_COLUMN.
396 **    pExpr->pLeft         Any expression this points to is deleted
397 **    pExpr->pRight        Any expression this points to is deleted.
398 **
399 ** The pDbToken is the name of the database (the "X").  This value may be
400 ** NULL meaning that name is of the form Y.Z or Z.  Any available database
401 ** can be used.  The pTableToken is the name of the table (the "Y").  This
402 ** value can be NULL if pDbToken is also NULL.  If pTableToken is NULL it
403 ** means that the form of the name is Z and that columns from any table
404 ** can be used.
405 **
406 ** If the name cannot be resolved unambiguously, leave an error message
407 ** in pParse and return non-zero.  Return zero on success.
408 */
lookupName(Parse * pParse,Token * pDbToken,Token * pTableToken,Token * pColumnToken,SrcList * pSrcList,ExprList * pEList,Expr * pExpr)409 static int lookupName(
410   Parse *pParse,      /* The parsing context */
411   Token *pDbToken,     /* Name of the database containing table, or NULL */
412   Token *pTableToken,  /* Name of table containing column, or NULL */
413   Token *pColumnToken, /* Name of the column. */
414   SrcList *pSrcList,   /* List of tables used to resolve column names */
415   ExprList *pEList,    /* List of expressions used to resolve "AS" */
416   Expr *pExpr          /* Make this EXPR node point to the selected column */
417 ){
418   char *zDb = 0;       /* Name of the database.  The "X" in X.Y.Z */
419   char *zTab = 0;      /* Name of the table.  The "Y" in X.Y.Z or Y.Z */
420   char *zCol = 0;      /* Name of the column.  The "Z" */
421   int i, j;            /* Loop counters */
422   int cnt = 0;         /* Number of matching column names */
423   int cntTab = 0;      /* Number of matching table names */
424   sqlite *db = pParse->db;  /* The database */
425 
426   assert( pColumnToken && pColumnToken->z ); /* The Z in X.Y.Z cannot be NULL */
427   if( pDbToken && pDbToken->z ){
428     zDb = sqliteStrNDup(pDbToken->z, pDbToken->n);
429     sqliteDequote(zDb);
430   }else{
431     zDb = 0;
432   }
433   if( pTableToken && pTableToken->z ){
434     zTab = sqliteStrNDup(pTableToken->z, pTableToken->n);
435     sqliteDequote(zTab);
436   }else{
437     assert( zDb==0 );
438     zTab = 0;
439   }
440   zCol = sqliteStrNDup(pColumnToken->z, pColumnToken->n);
441   sqliteDequote(zCol);
442   if( sqlite_malloc_failed ){
443     return 1;  /* Leak memory (zDb and zTab) if malloc fails */
444   }
445   assert( zTab==0 || pEList==0 );
446 
447   pExpr->iTable = -1;
448   for(i=0; i<pSrcList->nSrc; i++){
449     struct SrcList_item *pItem = &pSrcList->a[i];
450     Table *pTab = pItem->pTab;
451     Column *pCol;
452 
453     if( pTab==0 ) continue;
454     assert( pTab->nCol>0 );
455     if( zTab ){
456       if( pItem->zAlias ){
457         char *zTabName = pItem->zAlias;
458         if( sqliteStrICmp(zTabName, zTab)!=0 ) continue;
459       }else{
460         char *zTabName = pTab->zName;
461         if( zTabName==0 || sqliteStrICmp(zTabName, zTab)!=0 ) continue;
462         if( zDb!=0 && sqliteStrICmp(db->aDb[pTab->iDb].zName, zDb)!=0 ){
463           continue;
464         }
465       }
466     }
467     if( 0==(cntTab++) ){
468       pExpr->iTable = pItem->iCursor;
469       pExpr->iDb = pTab->iDb;
470     }
471     for(j=0, pCol=pTab->aCol; j<pTab->nCol; j++, pCol++){
472       if( sqliteStrICmp(pCol->zName, zCol)==0 ){
473         cnt++;
474         pExpr->iTable = pItem->iCursor;
475         pExpr->iDb = pTab->iDb;
476         /* Substitute the rowid (column -1) for the INTEGER PRIMARY KEY */
477         pExpr->iColumn = j==pTab->iPKey ? -1 : j;
478         pExpr->dataType = pCol->sortOrder & SQLITE_SO_TYPEMASK;
479         break;
480       }
481     }
482   }
483 
484   /* If we have not already resolved the name, then maybe
485   ** it is a new.* or old.* trigger argument reference
486   */
487   if( zDb==0 && zTab!=0 && cnt==0 && pParse->trigStack!=0 ){
488     TriggerStack *pTriggerStack = pParse->trigStack;
489     Table *pTab = 0;
490     if( pTriggerStack->newIdx != -1 && sqliteStrICmp("new", zTab) == 0 ){
491       pExpr->iTable = pTriggerStack->newIdx;
492       assert( pTriggerStack->pTab );
493       pTab = pTriggerStack->pTab;
494     }else if( pTriggerStack->oldIdx != -1 && sqliteStrICmp("old", zTab) == 0 ){
495       pExpr->iTable = pTriggerStack->oldIdx;
496       assert( pTriggerStack->pTab );
497       pTab = pTriggerStack->pTab;
498     }
499 
500     if( pTab ){
501       int j;
502       Column *pCol = pTab->aCol;
503 
504       pExpr->iDb = pTab->iDb;
505       cntTab++;
506       for(j=0; j < pTab->nCol; j++, pCol++) {
507         if( sqliteStrICmp(pCol->zName, zCol)==0 ){
508           cnt++;
509           pExpr->iColumn = j==pTab->iPKey ? -1 : j;
510           pExpr->dataType = pCol->sortOrder & SQLITE_SO_TYPEMASK;
511           break;
512         }
513       }
514     }
515   }
516 
517   /*
518   ** Perhaps the name is a reference to the ROWID
519   */
520   if( cnt==0 && cntTab==1 && sqliteIsRowid(zCol) ){
521     cnt = 1;
522     pExpr->iColumn = -1;
523     pExpr->dataType = SQLITE_SO_NUM;
524   }
525 
526   /*
527   ** If the input is of the form Z (not Y.Z or X.Y.Z) then the name Z
528   ** might refer to an result-set alias.  This happens, for example, when
529   ** we are resolving names in the WHERE clause of the following command:
530   **
531   **     SELECT a+b AS x FROM table WHERE x<10;
532   **
533   ** In cases like this, replace pExpr with a copy of the expression that
534   ** forms the result set entry ("a+b" in the example) and return immediately.
535   ** Note that the expression in the result set should have already been
536   ** resolved by the time the WHERE clause is resolved.
537   */
538   if( cnt==0 && pEList!=0 ){
539     for(j=0; j<pEList->nExpr; j++){
540       char *zAs = pEList->a[j].zName;
541       if( zAs!=0 && sqliteStrICmp(zAs, zCol)==0 ){
542         assert( pExpr->pLeft==0 && pExpr->pRight==0 );
543         pExpr->op = TK_AS;
544         pExpr->iColumn = j;
545         pExpr->pLeft = sqliteExprDup(pEList->a[j].pExpr);
546         sqliteFree(zCol);
547         assert( zTab==0 && zDb==0 );
548         return 0;
549       }
550     }
551   }
552 
553   /*
554   ** If X and Y are NULL (in other words if only the column name Z is
555   ** supplied) and the value of Z is enclosed in double-quotes, then
556   ** Z is a string literal if it doesn't match any column names.  In that
557   ** case, we need to return right away and not make any changes to
558   ** pExpr.
559   */
560   if( cnt==0 && zTab==0 && pColumnToken->z[0]=='"' ){
561     sqliteFree(zCol);
562     return 0;
563   }
564 
565   /*
566   ** cnt==0 means there was not match.  cnt>1 means there were two or
567   ** more matches.  Either way, we have an error.
568   */
569   if( cnt!=1 ){
570     char *z = 0;
571     char *zErr;
572     zErr = cnt==0 ? "no such column: %s" : "ambiguous column name: %s";
573     if( zDb ){
574       sqliteSetString(&z, zDb, ".", zTab, ".", zCol, 0);
575     }else if( zTab ){
576       sqliteSetString(&z, zTab, ".", zCol, 0);
577     }else{
578       z = sqliteStrDup(zCol);
579     }
580     sqliteErrorMsg(pParse, zErr, z);
581     sqliteFree(z);
582   }
583 
584   /* Clean up and return
585   */
586   sqliteFree(zDb);
587   sqliteFree(zTab);
588   sqliteFree(zCol);
589   sqliteExprDelete(pExpr->pLeft);
590   pExpr->pLeft = 0;
591   sqliteExprDelete(pExpr->pRight);
592   pExpr->pRight = 0;
593   pExpr->op = TK_COLUMN;
594   sqliteAuthRead(pParse, pExpr, pSrcList);
595   return cnt!=1;
596 }
597 
598 /*
599 ** This routine walks an expression tree and resolves references to
600 ** table columns.  Nodes of the form ID.ID or ID resolve into an
601 ** index to the table in the table list and a column offset.  The
602 ** Expr.opcode for such nodes is changed to TK_COLUMN.  The Expr.iTable
603 ** value is changed to the index of the referenced table in pTabList
604 ** plus the "base" value.  The base value will ultimately become the
605 ** VDBE cursor number for a cursor that is pointing into the referenced
606 ** table.  The Expr.iColumn value is changed to the index of the column
607 ** of the referenced table.  The Expr.iColumn value for the special
608 ** ROWID column is -1.  Any INTEGER PRIMARY KEY column is tried as an
609 ** alias for ROWID.
610 **
611 ** We also check for instances of the IN operator.  IN comes in two
612 ** forms:
613 **
614 **           expr IN (exprlist)
615 ** and
616 **           expr IN (SELECT ...)
617 **
618 ** The first form is handled by creating a set holding the list
619 ** of allowed values.  The second form causes the SELECT to generate
620 ** a temporary table.
621 **
622 ** This routine also looks for scalar SELECTs that are part of an expression.
623 ** If it finds any, it generates code to write the value of that select
624 ** into a memory cell.
625 **
626 ** Unknown columns or tables provoke an error.  The function returns
627 ** the number of errors seen and leaves an error message on pParse->zErrMsg.
628 */
sqliteExprResolveIds(Parse * pParse,SrcList * pSrcList,ExprList * pEList,Expr * pExpr)629 int sqliteExprResolveIds(
630   Parse *pParse,     /* The parser context */
631   SrcList *pSrcList, /* List of tables used to resolve column names */
632   ExprList *pEList,  /* List of expressions used to resolve "AS" */
633   Expr *pExpr        /* The expression to be analyzed. */
634 ){
635   int i;
636 
637   if( pExpr==0 || pSrcList==0 ) return 0;
638   for(i=0; i<pSrcList->nSrc; i++){
639     assert( pSrcList->a[i].iCursor>=0 && pSrcList->a[i].iCursor<pParse->nTab );
640   }
641   switch( pExpr->op ){
642     /* Double-quoted strings (ex: "abc") are used as identifiers if
643     ** possible.  Otherwise they remain as strings.  Single-quoted
644     ** strings (ex: 'abc') are always string literals.
645     */
646     case TK_STRING: {
647       if( pExpr->token.z[0]=='\'' ) break;
648       /* Fall thru into the TK_ID case if this is a double-quoted string */
649     }
650     /* A lone identifier is the name of a columnd.
651     */
652     case TK_ID: {
653       if( lookupName(pParse, 0, 0, &pExpr->token, pSrcList, pEList, pExpr) ){
654         return 1;
655       }
656       break;
657     }
658 
659     /* A table name and column name:     ID.ID
660     ** Or a database, table and column:  ID.ID.ID
661     */
662     case TK_DOT: {
663       Token *pColumn;
664       Token *pTable;
665       Token *pDb;
666       Expr *pRight;
667 
668       pRight = pExpr->pRight;
669       if( pRight->op==TK_ID ){
670         pDb = 0;
671         pTable = &pExpr->pLeft->token;
672         pColumn = &pRight->token;
673       }else{
674         assert( pRight->op==TK_DOT );
675         pDb = &pExpr->pLeft->token;
676         pTable = &pRight->pLeft->token;
677         pColumn = &pRight->pRight->token;
678       }
679       if( lookupName(pParse, pDb, pTable, pColumn, pSrcList, 0, pExpr) ){
680         return 1;
681       }
682       break;
683     }
684 
685     case TK_IN: {
686       Vdbe *v = sqliteGetVdbe(pParse);
687       if( v==0 ) return 1;
688       if( sqliteExprResolveIds(pParse, pSrcList, pEList, pExpr->pLeft) ){
689         return 1;
690       }
691       if( pExpr->pSelect ){
692         /* Case 1:     expr IN (SELECT ...)
693         **
694         ** Generate code to write the results of the select into a temporary
695         ** table.  The cursor number of the temporary table has already
696         ** been put in iTable by sqliteExprResolveInSelect().
697         */
698         pExpr->iTable = pParse->nTab++;
699         sqliteVdbeAddOp(v, OP_OpenTemp, pExpr->iTable, 1);
700         sqliteSelect(pParse, pExpr->pSelect, SRT_Set, pExpr->iTable, 0,0,0);
701       }else if( pExpr->pList ){
702         /* Case 2:     expr IN (exprlist)
703         **
704         ** Create a set to put the exprlist values in.  The Set id is stored
705         ** in iTable.
706         */
707         int i, iSet;
708         for(i=0; i<pExpr->pList->nExpr; i++){
709           Expr *pE2 = pExpr->pList->a[i].pExpr;
710           if( !sqliteExprIsConstant(pE2) ){
711             sqliteErrorMsg(pParse,
712               "right-hand side of IN operator must be constant");
713             return 1;
714           }
715           if( sqliteExprCheck(pParse, pE2, 0, 0) ){
716             return 1;
717           }
718         }
719         iSet = pExpr->iTable = pParse->nSet++;
720         for(i=0; i<pExpr->pList->nExpr; i++){
721           Expr *pE2 = pExpr->pList->a[i].pExpr;
722           switch( pE2->op ){
723             case TK_FLOAT:
724             case TK_INTEGER:
725             case TK_STRING: {
726               int addr;
727               assert( pE2->token.z );
728               addr = sqliteVdbeOp3(v, OP_SetInsert, iSet, 0,
729                                   pE2->token.z, pE2->token.n);
730               sqliteVdbeDequoteP3(v, addr);
731               break;
732             }
733             default: {
734               sqliteExprCode(pParse, pE2);
735               sqliteVdbeAddOp(v, OP_SetInsert, iSet, 0);
736               break;
737             }
738           }
739         }
740       }
741       break;
742     }
743 
744     case TK_SELECT: {
745       /* This has to be a scalar SELECT.  Generate code to put the
746       ** value of this select in a memory cell and record the number
747       ** of the memory cell in iColumn.
748       */
749       pExpr->iColumn = pParse->nMem++;
750       if( sqliteSelect(pParse, pExpr->pSelect, SRT_Mem, pExpr->iColumn,0,0,0) ){
751         return 1;
752       }
753       break;
754     }
755 
756     /* For all else, just recursively walk the tree */
757     default: {
758       if( pExpr->pLeft
759       && sqliteExprResolveIds(pParse, pSrcList, pEList, pExpr->pLeft) ){
760         return 1;
761       }
762       if( pExpr->pRight
763       && sqliteExprResolveIds(pParse, pSrcList, pEList, pExpr->pRight) ){
764         return 1;
765       }
766       if( pExpr->pList ){
767         int i;
768         ExprList *pList = pExpr->pList;
769         for(i=0; i<pList->nExpr; i++){
770           Expr *pArg = pList->a[i].pExpr;
771           if( sqliteExprResolveIds(pParse, pSrcList, pEList, pArg) ){
772             return 1;
773           }
774         }
775       }
776     }
777   }
778   return 0;
779 }
780 
781 /*
782 ** pExpr is a node that defines a function of some kind.  It might
783 ** be a syntactic function like "count(x)" or it might be a function
784 ** that implements an operator, like "a LIKE b".
785 **
786 ** This routine makes *pzName point to the name of the function and
787 ** *pnName hold the number of characters in the function name.
788 */
getFunctionName(Expr * pExpr,const char ** pzName,int * pnName)789 static void getFunctionName(Expr *pExpr, const char **pzName, int *pnName){
790   switch( pExpr->op ){
791     case TK_FUNCTION: {
792       *pzName = pExpr->token.z;
793       *pnName = pExpr->token.n;
794       break;
795     }
796     case TK_LIKE: {
797       *pzName = "like";
798       *pnName = 4;
799       break;
800     }
801     case TK_GLOB: {
802       *pzName = "glob";
803       *pnName = 4;
804       break;
805     }
806     default: {
807       *pzName = "can't happen";
808       *pnName = 12;
809       break;
810     }
811   }
812 }
813 
814 /*
815 ** Error check the functions in an expression.  Make sure all
816 ** function names are recognized and all functions have the correct
817 ** number of arguments.  Leave an error message in pParse->zErrMsg
818 ** if anything is amiss.  Return the number of errors.
819 **
820 ** if pIsAgg is not null and this expression is an aggregate function
821 ** (like count(*) or max(value)) then write a 1 into *pIsAgg.
822 */
sqliteExprCheck(Parse * pParse,Expr * pExpr,int allowAgg,int * pIsAgg)823 int sqliteExprCheck(Parse *pParse, Expr *pExpr, int allowAgg, int *pIsAgg){
824   int nErr = 0;
825   if( pExpr==0 ) return 0;
826   switch( pExpr->op ){
827     case TK_GLOB:
828     case TK_LIKE:
829     case TK_FUNCTION: {
830       int n = pExpr->pList ? pExpr->pList->nExpr : 0;  /* Number of arguments */
831       int no_such_func = 0;       /* True if no such function exists */
832       int wrong_num_args = 0;     /* True if wrong number of arguments */
833       int is_agg = 0;             /* True if is an aggregate function */
834       int i;
835       int nId;                    /* Number of characters in function name */
836       const char *zId;            /* The function name. */
837       FuncDef *pDef;
838 
839       getFunctionName(pExpr, &zId, &nId);
840       pDef = sqliteFindFunction(pParse->db, zId, nId, n, 0);
841       if( pDef==0 ){
842         pDef = sqliteFindFunction(pParse->db, zId, nId, -1, 0);
843         if( pDef==0 ){
844           no_such_func = 1;
845         }else{
846           wrong_num_args = 1;
847         }
848       }else{
849         is_agg = pDef->xFunc==0;
850       }
851       if( is_agg && !allowAgg ){
852         sqliteErrorMsg(pParse, "misuse of aggregate function %.*s()", nId, zId);
853         nErr++;
854         is_agg = 0;
855       }else if( no_such_func ){
856         sqliteErrorMsg(pParse, "no such function: %.*s", nId, zId);
857         nErr++;
858       }else if( wrong_num_args ){
859         sqliteErrorMsg(pParse,"wrong number of arguments to function %.*s()",
860              nId, zId);
861         nErr++;
862       }
863       if( is_agg ){
864         pExpr->op = TK_AGG_FUNCTION;
865         if( pIsAgg ) *pIsAgg = 1;
866       }
867       for(i=0; nErr==0 && i<n; i++){
868         nErr = sqliteExprCheck(pParse, pExpr->pList->a[i].pExpr,
869                                allowAgg && !is_agg, pIsAgg);
870       }
871       if( pDef==0 ){
872         /* Already reported an error */
873       }else if( pDef->dataType>=0 ){
874         if( pDef->dataType<n ){
875           pExpr->dataType =
876              sqliteExprType(pExpr->pList->a[pDef->dataType].pExpr);
877         }else{
878           pExpr->dataType = SQLITE_SO_NUM;
879         }
880       }else if( pDef->dataType==SQLITE_ARGS ){
881         pDef->dataType = SQLITE_SO_TEXT;
882         for(i=0; i<n; i++){
883           if( sqliteExprType(pExpr->pList->a[i].pExpr)==SQLITE_SO_NUM ){
884             pExpr->dataType = SQLITE_SO_NUM;
885             break;
886           }
887         }
888       }else if( pDef->dataType==SQLITE_NUMERIC ){
889         pExpr->dataType = SQLITE_SO_NUM;
890       }else{
891         pExpr->dataType = SQLITE_SO_TEXT;
892       }
893     }
894     default: {
895       if( pExpr->pLeft ){
896         nErr = sqliteExprCheck(pParse, pExpr->pLeft, allowAgg, pIsAgg);
897       }
898       if( nErr==0 && pExpr->pRight ){
899         nErr = sqliteExprCheck(pParse, pExpr->pRight, allowAgg, pIsAgg);
900       }
901       if( nErr==0 && pExpr->pList ){
902         int n = pExpr->pList->nExpr;
903         int i;
904         for(i=0; nErr==0 && i<n; i++){
905           Expr *pE2 = pExpr->pList->a[i].pExpr;
906           nErr = sqliteExprCheck(pParse, pE2, allowAgg, pIsAgg);
907         }
908       }
909       break;
910     }
911   }
912   return nErr;
913 }
914 
915 /*
916 ** Return either SQLITE_SO_NUM or SQLITE_SO_TEXT to indicate whether the
917 ** given expression should sort as numeric values or as text.
918 **
919 ** The sqliteExprResolveIds() and sqliteExprCheck() routines must have
920 ** both been called on the expression before it is passed to this routine.
921 */
sqliteExprType(Expr * p)922 int sqliteExprType(Expr *p){
923   if( p==0 ) return SQLITE_SO_NUM;
924   while( p ) switch( p->op ){
925     case TK_PLUS:
926     case TK_MINUS:
927     case TK_STAR:
928     case TK_SLASH:
929     case TK_AND:
930     case TK_OR:
931     case TK_ISNULL:
932     case TK_NOTNULL:
933     case TK_NOT:
934     case TK_UMINUS:
935     case TK_UPLUS:
936     case TK_BITAND:
937     case TK_BITOR:
938     case TK_BITNOT:
939     case TK_LSHIFT:
940     case TK_RSHIFT:
941     case TK_REM:
942     case TK_INTEGER:
943     case TK_FLOAT:
944     case TK_IN:
945     case TK_BETWEEN:
946     case TK_GLOB:
947     case TK_LIKE:
948       return SQLITE_SO_NUM;
949 
950     case TK_STRING:
951     case TK_NULL:
952     case TK_CONCAT:
953     case TK_VARIABLE:
954       return SQLITE_SO_TEXT;
955 
956     case TK_LT:
957     case TK_LE:
958     case TK_GT:
959     case TK_GE:
960     case TK_NE:
961     case TK_EQ:
962       if( sqliteExprType(p->pLeft)==SQLITE_SO_NUM ){
963         return SQLITE_SO_NUM;
964       }
965       p = p->pRight;
966       break;
967 
968     case TK_AS:
969       p = p->pLeft;
970       break;
971 
972     case TK_COLUMN:
973     case TK_FUNCTION:
974     case TK_AGG_FUNCTION:
975       return p->dataType;
976 
977     case TK_SELECT:
978       assert( p->pSelect );
979       assert( p->pSelect->pEList );
980       assert( p->pSelect->pEList->nExpr>0 );
981       p = p->pSelect->pEList->a[0].pExpr;
982       break;
983 
984     case TK_CASE: {
985       if( p->pRight && sqliteExprType(p->pRight)==SQLITE_SO_NUM ){
986         return SQLITE_SO_NUM;
987       }
988       if( p->pList ){
989         int i;
990         ExprList *pList = p->pList;
991         for(i=1; i<pList->nExpr; i+=2){
992           if( sqliteExprType(pList->a[i].pExpr)==SQLITE_SO_NUM ){
993             return SQLITE_SO_NUM;
994           }
995         }
996       }
997       return SQLITE_SO_TEXT;
998     }
999 
1000     default:
1001       assert( p->op==TK_ABORT );  /* Can't Happen */
1002       break;
1003   }
1004   return SQLITE_SO_NUM;
1005 }
1006 
1007 /*
1008 ** Generate code into the current Vdbe to evaluate the given
1009 ** expression and leave the result on the top of stack.
1010 */
sqliteExprCode(Parse * pParse,Expr * pExpr)1011 void sqliteExprCode(Parse *pParse, Expr *pExpr){
1012   Vdbe *v = pParse->pVdbe;
1013   int op;
1014   if( v==0 || pExpr==0 ) return;
1015   switch( pExpr->op ){
1016     case TK_PLUS:     op = OP_Add;      break;
1017     case TK_MINUS:    op = OP_Subtract; break;
1018     case TK_STAR:     op = OP_Multiply; break;
1019     case TK_SLASH:    op = OP_Divide;   break;
1020     case TK_AND:      op = OP_And;      break;
1021     case TK_OR:       op = OP_Or;       break;
1022     case TK_LT:       op = OP_Lt;       break;
1023     case TK_LE:       op = OP_Le;       break;
1024     case TK_GT:       op = OP_Gt;       break;
1025     case TK_GE:       op = OP_Ge;       break;
1026     case TK_NE:       op = OP_Ne;       break;
1027     case TK_EQ:       op = OP_Eq;       break;
1028     case TK_ISNULL:   op = OP_IsNull;   break;
1029     case TK_NOTNULL:  op = OP_NotNull;  break;
1030     case TK_NOT:      op = OP_Not;      break;
1031     case TK_UMINUS:   op = OP_Negative; break;
1032     case TK_BITAND:   op = OP_BitAnd;   break;
1033     case TK_BITOR:    op = OP_BitOr;    break;
1034     case TK_BITNOT:   op = OP_BitNot;   break;
1035     case TK_LSHIFT:   op = OP_ShiftLeft;  break;
1036     case TK_RSHIFT:   op = OP_ShiftRight; break;
1037     case TK_REM:      op = OP_Remainder;  break;
1038     default: break;
1039   }
1040   switch( pExpr->op ){
1041     case TK_COLUMN: {
1042       if( pParse->useAgg ){
1043         sqliteVdbeAddOp(v, OP_AggGet, 0, pExpr->iAgg);
1044       }else if( pExpr->iColumn>=0 ){
1045         sqliteVdbeAddOp(v, OP_Column, pExpr->iTable, pExpr->iColumn);
1046       }else{
1047         sqliteVdbeAddOp(v, OP_Recno, pExpr->iTable, 0);
1048       }
1049       break;
1050     }
1051     case TK_STRING:
1052     case TK_FLOAT:
1053     case TK_INTEGER: {
1054       if( pExpr->op==TK_INTEGER && sqliteFitsIn32Bits(pExpr->token.z) ){
1055         sqliteVdbeAddOp(v, OP_Integer, atoi(pExpr->token.z), 0);
1056       }else{
1057         sqliteVdbeAddOp(v, OP_String, 0, 0);
1058       }
1059       assert( pExpr->token.z );
1060       sqliteVdbeChangeP3(v, -1, pExpr->token.z, pExpr->token.n);
1061       sqliteVdbeDequoteP3(v, -1);
1062       break;
1063     }
1064     case TK_NULL: {
1065       sqliteVdbeAddOp(v, OP_String, 0, 0);
1066       break;
1067     }
1068     case TK_VARIABLE: {
1069       sqliteVdbeAddOp(v, OP_Variable, pExpr->iTable, 0);
1070       break;
1071     }
1072     case TK_LT:
1073     case TK_LE:
1074     case TK_GT:
1075     case TK_GE:
1076     case TK_NE:
1077     case TK_EQ: {
1078       if( pParse->db->file_format>=4 && sqliteExprType(pExpr)==SQLITE_SO_TEXT ){
1079         op += 6;  /* Convert numeric opcodes to text opcodes */
1080       }
1081       /* Fall through into the next case */
1082     }
1083     case TK_AND:
1084     case TK_OR:
1085     case TK_PLUS:
1086     case TK_STAR:
1087     case TK_MINUS:
1088     case TK_REM:
1089     case TK_BITAND:
1090     case TK_BITOR:
1091     case TK_SLASH: {
1092       sqliteExprCode(pParse, pExpr->pLeft);
1093       sqliteExprCode(pParse, pExpr->pRight);
1094       sqliteVdbeAddOp(v, op, 0, 0);
1095       break;
1096     }
1097     case TK_LSHIFT:
1098     case TK_RSHIFT: {
1099       sqliteExprCode(pParse, pExpr->pRight);
1100       sqliteExprCode(pParse, pExpr->pLeft);
1101       sqliteVdbeAddOp(v, op, 0, 0);
1102       break;
1103     }
1104     case TK_CONCAT: {
1105       sqliteExprCode(pParse, pExpr->pLeft);
1106       sqliteExprCode(pParse, pExpr->pRight);
1107       sqliteVdbeAddOp(v, OP_Concat, 2, 0);
1108       break;
1109     }
1110     case TK_UMINUS: {
1111       assert( pExpr->pLeft );
1112       if( pExpr->pLeft->op==TK_FLOAT || pExpr->pLeft->op==TK_INTEGER ){
1113         Token *p = &pExpr->pLeft->token;
1114         char *z = sqliteMalloc( p->n + 2 );
1115         sprintf(z, "-%.*s", p->n, p->z);
1116         if( pExpr->pLeft->op==TK_INTEGER && sqliteFitsIn32Bits(z) ){
1117           sqliteVdbeAddOp(v, OP_Integer, atoi(z), 0);
1118         }else{
1119           sqliteVdbeAddOp(v, OP_String, 0, 0);
1120         }
1121         sqliteVdbeChangeP3(v, -1, z, p->n+1);
1122         sqliteFree(z);
1123         break;
1124       }
1125       /* Fall through into TK_NOT */
1126     }
1127     case TK_BITNOT:
1128     case TK_NOT: {
1129       sqliteExprCode(pParse, pExpr->pLeft);
1130       sqliteVdbeAddOp(v, op, 0, 0);
1131       break;
1132     }
1133     case TK_ISNULL:
1134     case TK_NOTNULL: {
1135       int dest;
1136       sqliteVdbeAddOp(v, OP_Integer, 1, 0);
1137       sqliteExprCode(pParse, pExpr->pLeft);
1138       dest = sqliteVdbeCurrentAddr(v) + 2;
1139       sqliteVdbeAddOp(v, op, 1, dest);
1140       sqliteVdbeAddOp(v, OP_AddImm, -1, 0);
1141       break;
1142     }
1143     case TK_AGG_FUNCTION: {
1144       sqliteVdbeAddOp(v, OP_AggGet, 0, pExpr->iAgg);
1145       break;
1146     }
1147     case TK_GLOB:
1148     case TK_LIKE:
1149     case TK_FUNCTION: {
1150       ExprList *pList = pExpr->pList;
1151       int nExpr = pList ? pList->nExpr : 0;
1152       FuncDef *pDef;
1153       int nId;
1154       const char *zId;
1155       getFunctionName(pExpr, &zId, &nId);
1156       pDef = sqliteFindFunction(pParse->db, zId, nId, nExpr, 0);
1157       assert( pDef!=0 );
1158       nExpr = sqliteExprCodeExprList(pParse, pList, pDef->includeTypes);
1159       sqliteVdbeOp3(v, OP_Function, nExpr, 0, (char*)pDef, P3_POINTER);
1160       break;
1161     }
1162     case TK_SELECT: {
1163       sqliteVdbeAddOp(v, OP_MemLoad, pExpr->iColumn, 0);
1164       break;
1165     }
1166     case TK_IN: {
1167       int addr;
1168       sqliteVdbeAddOp(v, OP_Integer, 1, 0);
1169       sqliteExprCode(pParse, pExpr->pLeft);
1170       addr = sqliteVdbeCurrentAddr(v);
1171       sqliteVdbeAddOp(v, OP_NotNull, -1, addr+4);
1172       sqliteVdbeAddOp(v, OP_Pop, 2, 0);
1173       sqliteVdbeAddOp(v, OP_String, 0, 0);
1174       sqliteVdbeAddOp(v, OP_Goto, 0, addr+6);
1175       if( pExpr->pSelect ){
1176         sqliteVdbeAddOp(v, OP_Found, pExpr->iTable, addr+6);
1177       }else{
1178         sqliteVdbeAddOp(v, OP_SetFound, pExpr->iTable, addr+6);
1179       }
1180       sqliteVdbeAddOp(v, OP_AddImm, -1, 0);
1181       break;
1182     }
1183     case TK_BETWEEN: {
1184       sqliteExprCode(pParse, pExpr->pLeft);
1185       sqliteVdbeAddOp(v, OP_Dup, 0, 0);
1186       sqliteExprCode(pParse, pExpr->pList->a[0].pExpr);
1187       sqliteVdbeAddOp(v, OP_Ge, 0, 0);
1188       sqliteVdbeAddOp(v, OP_Pull, 1, 0);
1189       sqliteExprCode(pParse, pExpr->pList->a[1].pExpr);
1190       sqliteVdbeAddOp(v, OP_Le, 0, 0);
1191       sqliteVdbeAddOp(v, OP_And, 0, 0);
1192       break;
1193     }
1194     case TK_UPLUS:
1195     case TK_AS: {
1196       sqliteExprCode(pParse, pExpr->pLeft);
1197       break;
1198     }
1199     case TK_CASE: {
1200       int expr_end_label;
1201       int jumpInst;
1202       int addr;
1203       int nExpr;
1204       int i;
1205 
1206       assert(pExpr->pList);
1207       assert((pExpr->pList->nExpr % 2) == 0);
1208       assert(pExpr->pList->nExpr > 0);
1209       nExpr = pExpr->pList->nExpr;
1210       expr_end_label = sqliteVdbeMakeLabel(v);
1211       if( pExpr->pLeft ){
1212         sqliteExprCode(pParse, pExpr->pLeft);
1213       }
1214       for(i=0; i<nExpr; i=i+2){
1215         sqliteExprCode(pParse, pExpr->pList->a[i].pExpr);
1216         if( pExpr->pLeft ){
1217           sqliteVdbeAddOp(v, OP_Dup, 1, 1);
1218           jumpInst = sqliteVdbeAddOp(v, OP_Ne, 1, 0);
1219           sqliteVdbeAddOp(v, OP_Pop, 1, 0);
1220         }else{
1221           jumpInst = sqliteVdbeAddOp(v, OP_IfNot, 1, 0);
1222         }
1223         sqliteExprCode(pParse, pExpr->pList->a[i+1].pExpr);
1224         sqliteVdbeAddOp(v, OP_Goto, 0, expr_end_label);
1225         addr = sqliteVdbeCurrentAddr(v);
1226         sqliteVdbeChangeP2(v, jumpInst, addr);
1227       }
1228       if( pExpr->pLeft ){
1229         sqliteVdbeAddOp(v, OP_Pop, 1, 0);
1230       }
1231       if( pExpr->pRight ){
1232         sqliteExprCode(pParse, pExpr->pRight);
1233       }else{
1234         sqliteVdbeAddOp(v, OP_String, 0, 0);
1235       }
1236       sqliteVdbeResolveLabel(v, expr_end_label);
1237       break;
1238     }
1239     case TK_RAISE: {
1240       if( !pParse->trigStack ){
1241         sqliteErrorMsg(pParse,
1242                        "RAISE() may only be used within a trigger-program");
1243         pParse->nErr++;
1244 	return;
1245       }
1246       if( pExpr->iColumn == OE_Rollback ||
1247 	  pExpr->iColumn == OE_Abort ||
1248 	  pExpr->iColumn == OE_Fail ){
1249 	  sqliteVdbeOp3(v, OP_Halt, SQLITE_CONSTRAINT, pExpr->iColumn,
1250                            pExpr->token.z, pExpr->token.n);
1251 	  sqliteVdbeDequoteP3(v, -1);
1252       } else {
1253 	  assert( pExpr->iColumn == OE_Ignore );
1254 	  sqliteVdbeOp3(v, OP_Goto, 0, pParse->trigStack->ignoreJump,
1255                            "(IGNORE jump)", 0);
1256       }
1257     }
1258     break;
1259   }
1260 }
1261 
1262 /*
1263 ** Generate code that pushes the value of every element of the given
1264 ** expression list onto the stack.  If the includeTypes flag is true,
1265 ** then also push a string that is the datatype of each element onto
1266 ** the stack after the value.
1267 **
1268 ** Return the number of elements pushed onto the stack.
1269 */
sqliteExprCodeExprList(Parse * pParse,ExprList * pList,int includeTypes)1270 int sqliteExprCodeExprList(
1271   Parse *pParse,     /* Parsing context */
1272   ExprList *pList,   /* The expression list to be coded */
1273   int includeTypes   /* TRUE to put datatypes on the stack too */
1274 ){
1275   struct ExprList_item *pItem;
1276   int i, n;
1277   Vdbe *v;
1278   if( pList==0 ) return 0;
1279   v = sqliteGetVdbe(pParse);
1280   n = pList->nExpr;
1281   for(pItem=pList->a, i=0; i<n; i++, pItem++){
1282     sqliteExprCode(pParse, pItem->pExpr);
1283     if( includeTypes ){
1284       sqliteVdbeOp3(v, OP_String, 0, 0,
1285          sqliteExprType(pItem->pExpr)==SQLITE_SO_NUM ? "numeric" : "text",
1286          P3_STATIC);
1287     }
1288   }
1289   return includeTypes ? n*2 : n;
1290 }
1291 
1292 /*
1293 ** Generate code for a boolean expression such that a jump is made
1294 ** to the label "dest" if the expression is true but execution
1295 ** continues straight thru if the expression is false.
1296 **
1297 ** If the expression evaluates to NULL (neither true nor false), then
1298 ** take the jump if the jumpIfNull flag is true.
1299 */
sqliteExprIfTrue(Parse * pParse,Expr * pExpr,int dest,int jumpIfNull)1300 void sqliteExprIfTrue(Parse *pParse, Expr *pExpr, int dest, int jumpIfNull){
1301   Vdbe *v = pParse->pVdbe;
1302   int op = 0;
1303   if( v==0 || pExpr==0 ) return;
1304   switch( pExpr->op ){
1305     case TK_LT:       op = OP_Lt;       break;
1306     case TK_LE:       op = OP_Le;       break;
1307     case TK_GT:       op = OP_Gt;       break;
1308     case TK_GE:       op = OP_Ge;       break;
1309     case TK_NE:       op = OP_Ne;       break;
1310     case TK_EQ:       op = OP_Eq;       break;
1311     case TK_ISNULL:   op = OP_IsNull;   break;
1312     case TK_NOTNULL:  op = OP_NotNull;  break;
1313     default:  break;
1314   }
1315   switch( pExpr->op ){
1316     case TK_AND: {
1317       int d2 = sqliteVdbeMakeLabel(v);
1318       sqliteExprIfFalse(pParse, pExpr->pLeft, d2, !jumpIfNull);
1319       sqliteExprIfTrue(pParse, pExpr->pRight, dest, jumpIfNull);
1320       sqliteVdbeResolveLabel(v, d2);
1321       break;
1322     }
1323     case TK_OR: {
1324       sqliteExprIfTrue(pParse, pExpr->pLeft, dest, jumpIfNull);
1325       sqliteExprIfTrue(pParse, pExpr->pRight, dest, jumpIfNull);
1326       break;
1327     }
1328     case TK_NOT: {
1329       sqliteExprIfFalse(pParse, pExpr->pLeft, dest, jumpIfNull);
1330       break;
1331     }
1332     case TK_LT:
1333     case TK_LE:
1334     case TK_GT:
1335     case TK_GE:
1336     case TK_NE:
1337     case TK_EQ: {
1338       sqliteExprCode(pParse, pExpr->pLeft);
1339       sqliteExprCode(pParse, pExpr->pRight);
1340       if( pParse->db->file_format>=4 && sqliteExprType(pExpr)==SQLITE_SO_TEXT ){
1341         op += 6;  /* Convert numeric opcodes to text opcodes */
1342       }
1343       sqliteVdbeAddOp(v, op, jumpIfNull, dest);
1344       break;
1345     }
1346     case TK_ISNULL:
1347     case TK_NOTNULL: {
1348       sqliteExprCode(pParse, pExpr->pLeft);
1349       sqliteVdbeAddOp(v, op, 1, dest);
1350       break;
1351     }
1352     case TK_IN: {
1353       int addr;
1354       sqliteExprCode(pParse, pExpr->pLeft);
1355       addr = sqliteVdbeCurrentAddr(v);
1356       sqliteVdbeAddOp(v, OP_NotNull, -1, addr+3);
1357       sqliteVdbeAddOp(v, OP_Pop, 1, 0);
1358       sqliteVdbeAddOp(v, OP_Goto, 0, jumpIfNull ? dest : addr+4);
1359       if( pExpr->pSelect ){
1360         sqliteVdbeAddOp(v, OP_Found, pExpr->iTable, dest);
1361       }else{
1362         sqliteVdbeAddOp(v, OP_SetFound, pExpr->iTable, dest);
1363       }
1364       break;
1365     }
1366     case TK_BETWEEN: {
1367       int addr;
1368       sqliteExprCode(pParse, pExpr->pLeft);
1369       sqliteVdbeAddOp(v, OP_Dup, 0, 0);
1370       sqliteExprCode(pParse, pExpr->pList->a[0].pExpr);
1371       addr = sqliteVdbeAddOp(v, OP_Lt, !jumpIfNull, 0);
1372       sqliteExprCode(pParse, pExpr->pList->a[1].pExpr);
1373       sqliteVdbeAddOp(v, OP_Le, jumpIfNull, dest);
1374       sqliteVdbeAddOp(v, OP_Integer, 0, 0);
1375       sqliteVdbeChangeP2(v, addr, sqliteVdbeCurrentAddr(v));
1376       sqliteVdbeAddOp(v, OP_Pop, 1, 0);
1377       break;
1378     }
1379     default: {
1380       sqliteExprCode(pParse, pExpr);
1381       sqliteVdbeAddOp(v, OP_If, jumpIfNull, dest);
1382       break;
1383     }
1384   }
1385 }
1386 
1387 /*
1388 ** Generate code for a boolean expression such that a jump is made
1389 ** to the label "dest" if the expression is false but execution
1390 ** continues straight thru if the expression is true.
1391 **
1392 ** If the expression evaluates to NULL (neither true nor false) then
1393 ** jump if jumpIfNull is true or fall through if jumpIfNull is false.
1394 */
sqliteExprIfFalse(Parse * pParse,Expr * pExpr,int dest,int jumpIfNull)1395 void sqliteExprIfFalse(Parse *pParse, Expr *pExpr, int dest, int jumpIfNull){
1396   Vdbe *v = pParse->pVdbe;
1397   int op = 0;
1398   if( v==0 || pExpr==0 ) return;
1399   switch( pExpr->op ){
1400     case TK_LT:       op = OP_Ge;       break;
1401     case TK_LE:       op = OP_Gt;       break;
1402     case TK_GT:       op = OP_Le;       break;
1403     case TK_GE:       op = OP_Lt;       break;
1404     case TK_NE:       op = OP_Eq;       break;
1405     case TK_EQ:       op = OP_Ne;       break;
1406     case TK_ISNULL:   op = OP_NotNull;  break;
1407     case TK_NOTNULL:  op = OP_IsNull;   break;
1408     default:  break;
1409   }
1410   switch( pExpr->op ){
1411     case TK_AND: {
1412       sqliteExprIfFalse(pParse, pExpr->pLeft, dest, jumpIfNull);
1413       sqliteExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
1414       break;
1415     }
1416     case TK_OR: {
1417       int d2 = sqliteVdbeMakeLabel(v);
1418       sqliteExprIfTrue(pParse, pExpr->pLeft, d2, !jumpIfNull);
1419       sqliteExprIfFalse(pParse, pExpr->pRight, dest, jumpIfNull);
1420       sqliteVdbeResolveLabel(v, d2);
1421       break;
1422     }
1423     case TK_NOT: {
1424       sqliteExprIfTrue(pParse, pExpr->pLeft, dest, jumpIfNull);
1425       break;
1426     }
1427     case TK_LT:
1428     case TK_LE:
1429     case TK_GT:
1430     case TK_GE:
1431     case TK_NE:
1432     case TK_EQ: {
1433       if( pParse->db->file_format>=4 && sqliteExprType(pExpr)==SQLITE_SO_TEXT ){
1434         /* Convert numeric comparison opcodes into text comparison opcodes.
1435         ** This step depends on the fact that the text comparision opcodes are
1436         ** always 6 greater than their corresponding numeric comparison
1437         ** opcodes.
1438         */
1439         assert( OP_Eq+6 == OP_StrEq );
1440         op += 6;
1441       }
1442       sqliteExprCode(pParse, pExpr->pLeft);
1443       sqliteExprCode(pParse, pExpr->pRight);
1444       sqliteVdbeAddOp(v, op, jumpIfNull, dest);
1445       break;
1446     }
1447     case TK_ISNULL:
1448     case TK_NOTNULL: {
1449       sqliteExprCode(pParse, pExpr->pLeft);
1450       sqliteVdbeAddOp(v, op, 1, dest);
1451       break;
1452     }
1453     case TK_IN: {
1454       int addr;
1455       sqliteExprCode(pParse, pExpr->pLeft);
1456       addr = sqliteVdbeCurrentAddr(v);
1457       sqliteVdbeAddOp(v, OP_NotNull, -1, addr+3);
1458       sqliteVdbeAddOp(v, OP_Pop, 1, 0);
1459       sqliteVdbeAddOp(v, OP_Goto, 0, jumpIfNull ? dest : addr+4);
1460       if( pExpr->pSelect ){
1461         sqliteVdbeAddOp(v, OP_NotFound, pExpr->iTable, dest);
1462       }else{
1463         sqliteVdbeAddOp(v, OP_SetNotFound, pExpr->iTable, dest);
1464       }
1465       break;
1466     }
1467     case TK_BETWEEN: {
1468       int addr;
1469       sqliteExprCode(pParse, pExpr->pLeft);
1470       sqliteVdbeAddOp(v, OP_Dup, 0, 0);
1471       sqliteExprCode(pParse, pExpr->pList->a[0].pExpr);
1472       addr = sqliteVdbeCurrentAddr(v);
1473       sqliteVdbeAddOp(v, OP_Ge, !jumpIfNull, addr+3);
1474       sqliteVdbeAddOp(v, OP_Pop, 1, 0);
1475       sqliteVdbeAddOp(v, OP_Goto, 0, dest);
1476       sqliteExprCode(pParse, pExpr->pList->a[1].pExpr);
1477       sqliteVdbeAddOp(v, OP_Gt, jumpIfNull, dest);
1478       break;
1479     }
1480     default: {
1481       sqliteExprCode(pParse, pExpr);
1482       sqliteVdbeAddOp(v, OP_IfNot, jumpIfNull, dest);
1483       break;
1484     }
1485   }
1486 }
1487 
1488 /*
1489 ** Do a deep comparison of two expression trees.  Return TRUE (non-zero)
1490 ** if they are identical and return FALSE if they differ in any way.
1491 */
sqliteExprCompare(Expr * pA,Expr * pB)1492 int sqliteExprCompare(Expr *pA, Expr *pB){
1493   int i;
1494   if( pA==0 ){
1495     return pB==0;
1496   }else if( pB==0 ){
1497     return 0;
1498   }
1499   if( pA->op!=pB->op ) return 0;
1500   if( !sqliteExprCompare(pA->pLeft, pB->pLeft) ) return 0;
1501   if( !sqliteExprCompare(pA->pRight, pB->pRight) ) return 0;
1502   if( pA->pList ){
1503     if( pB->pList==0 ) return 0;
1504     if( pA->pList->nExpr!=pB->pList->nExpr ) return 0;
1505     for(i=0; i<pA->pList->nExpr; i++){
1506       if( !sqliteExprCompare(pA->pList->a[i].pExpr, pB->pList->a[i].pExpr) ){
1507         return 0;
1508       }
1509     }
1510   }else if( pB->pList ){
1511     return 0;
1512   }
1513   if( pA->pSelect || pB->pSelect ) return 0;
1514   if( pA->iTable!=pB->iTable || pA->iColumn!=pB->iColumn ) return 0;
1515   if( pA->token.z ){
1516     if( pB->token.z==0 ) return 0;
1517     if( pB->token.n!=pA->token.n ) return 0;
1518     if( sqliteStrNICmp(pA->token.z, pB->token.z, pB->token.n)!=0 ) return 0;
1519   }
1520   return 1;
1521 }
1522 
1523 /*
1524 ** Add a new element to the pParse->aAgg[] array and return its index.
1525 */
appendAggInfo(Parse * pParse)1526 static int appendAggInfo(Parse *pParse){
1527   if( (pParse->nAgg & 0x7)==0 ){
1528     int amt = pParse->nAgg + 8;
1529     AggExpr *aAgg = sqliteRealloc(pParse->aAgg, amt*sizeof(pParse->aAgg[0]));
1530     if( aAgg==0 ){
1531       return -1;
1532     }
1533     pParse->aAgg = aAgg;
1534   }
1535   memset(&pParse->aAgg[pParse->nAgg], 0, sizeof(pParse->aAgg[0]));
1536   return pParse->nAgg++;
1537 }
1538 
1539 /*
1540 ** Analyze the given expression looking for aggregate functions and
1541 ** for variables that need to be added to the pParse->aAgg[] array.
1542 ** Make additional entries to the pParse->aAgg[] array as necessary.
1543 **
1544 ** This routine should only be called after the expression has been
1545 ** analyzed by sqliteExprResolveIds() and sqliteExprCheck().
1546 **
1547 ** If errors are seen, leave an error message in zErrMsg and return
1548 ** the number of errors.
1549 */
sqliteExprAnalyzeAggregates(Parse * pParse,Expr * pExpr)1550 int sqliteExprAnalyzeAggregates(Parse *pParse, Expr *pExpr){
1551   int i;
1552   AggExpr *aAgg;
1553   int nErr = 0;
1554 
1555   if( pExpr==0 ) return 0;
1556   switch( pExpr->op ){
1557     case TK_COLUMN: {
1558       aAgg = pParse->aAgg;
1559       for(i=0; i<pParse->nAgg; i++){
1560         if( aAgg[i].isAgg ) continue;
1561         if( aAgg[i].pExpr->iTable==pExpr->iTable
1562          && aAgg[i].pExpr->iColumn==pExpr->iColumn ){
1563           break;
1564         }
1565       }
1566       if( i>=pParse->nAgg ){
1567         i = appendAggInfo(pParse);
1568         if( i<0 ) return 1;
1569         pParse->aAgg[i].isAgg = 0;
1570         pParse->aAgg[i].pExpr = pExpr;
1571       }
1572       pExpr->iAgg = i;
1573       break;
1574     }
1575     case TK_AGG_FUNCTION: {
1576       aAgg = pParse->aAgg;
1577       for(i=0; i<pParse->nAgg; i++){
1578         if( !aAgg[i].isAgg ) continue;
1579         if( sqliteExprCompare(aAgg[i].pExpr, pExpr) ){
1580           break;
1581         }
1582       }
1583       if( i>=pParse->nAgg ){
1584         i = appendAggInfo(pParse);
1585         if( i<0 ) return 1;
1586         pParse->aAgg[i].isAgg = 1;
1587         pParse->aAgg[i].pExpr = pExpr;
1588         pParse->aAgg[i].pFunc = sqliteFindFunction(pParse->db,
1589              pExpr->token.z, pExpr->token.n,
1590              pExpr->pList ? pExpr->pList->nExpr : 0, 0);
1591       }
1592       pExpr->iAgg = i;
1593       break;
1594     }
1595     default: {
1596       if( pExpr->pLeft ){
1597         nErr = sqliteExprAnalyzeAggregates(pParse, pExpr->pLeft);
1598       }
1599       if( nErr==0 && pExpr->pRight ){
1600         nErr = sqliteExprAnalyzeAggregates(pParse, pExpr->pRight);
1601       }
1602       if( nErr==0 && pExpr->pList ){
1603         int n = pExpr->pList->nExpr;
1604         int i;
1605         for(i=0; nErr==0 && i<n; i++){
1606           nErr = sqliteExprAnalyzeAggregates(pParse, pExpr->pList->a[i].pExpr);
1607         }
1608       }
1609       break;
1610     }
1611   }
1612   return nErr;
1613 }
1614 
1615 /*
1616 ** Locate a user function given a name and a number of arguments.
1617 ** Return a pointer to the FuncDef structure that defines that
1618 ** function, or return NULL if the function does not exist.
1619 **
1620 ** If the createFlag argument is true, then a new (blank) FuncDef
1621 ** structure is created and liked into the "db" structure if a
1622 ** no matching function previously existed.  When createFlag is true
1623 ** and the nArg parameter is -1, then only a function that accepts
1624 ** any number of arguments will be returned.
1625 **
1626 ** If createFlag is false and nArg is -1, then the first valid
1627 ** function found is returned.  A function is valid if either xFunc
1628 ** or xStep is non-zero.
1629 */
sqliteFindFunction(sqlite * db,const char * zName,int nName,int nArg,int createFlag)1630 FuncDef *sqliteFindFunction(
1631   sqlite *db,        /* An open database */
1632   const char *zName, /* Name of the function.  Not null-terminated */
1633   int nName,         /* Number of characters in the name */
1634   int nArg,          /* Number of arguments.  -1 means any number */
1635   int createFlag     /* Create new entry if true and does not otherwise exist */
1636 ){
1637   FuncDef *pFirst, *p, *pMaybe;
1638   pFirst = p = (FuncDef*)sqliteHashFind(&db->aFunc, zName, nName);
1639   if( p && !createFlag && nArg<0 ){
1640     while( p && p->xFunc==0 && p->xStep==0 ){ p = p->pNext; }
1641     return p;
1642   }
1643   pMaybe = 0;
1644   while( p && p->nArg!=nArg ){
1645     if( p->nArg<0 && !createFlag && (p->xFunc || p->xStep) ) pMaybe = p;
1646     p = p->pNext;
1647   }
1648   if( p && !createFlag && p->xFunc==0 && p->xStep==0 ){
1649     return 0;
1650   }
1651   if( p==0 && pMaybe ){
1652     assert( createFlag==0 );
1653     return pMaybe;
1654   }
1655   if( p==0 && createFlag && (p = sqliteMalloc(sizeof(*p)))!=0 ){
1656     p->nArg = nArg;
1657     p->pNext = pFirst;
1658     p->dataType = pFirst ? pFirst->dataType : SQLITE_NUMERIC;
1659     sqliteHashInsert(&db->aFunc, zName, nName, (void*)p);
1660   }
1661   return p;
1662 }
1663