Skip to content

Commit d6ff5e8

Browse files
nbareilnbareil
committed
Optimizing ANTLR4 syntax
Removing ambiguities
1 parent 5bc4815 commit d6ff5e8

File tree

1 file changed

+50
-67
lines changed

1 file changed

+50
-67
lines changed

SPL.g4

Lines changed: 50 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ XOR: 'XOR';
77

88
BY: 'BY' | 'by';
99
AS: 'AS' | 'as';
10+
IN: 'IN';
1011

1112
IF: 'IF' | 'if';
1213
CASE: 'CASE' | 'case';
@@ -107,7 +108,7 @@ reserved_keywords
107108
| 'span'
108109
| 'sort'
109110
| 'transpose'
110-
| 'in'
111+
| IN
111112
| 'allnum'
112113
| 'delim'
113114
| 'extendtimerange'
@@ -150,21 +151,9 @@ PLUS: '+';
150151
MINUS: '-';
151152
CONCAT: '.';
152153

153-
WORD
154-
: LetterOrDigitOrPunctFinal LetterOrDigitOrPunct*? LetterOrDigitOrPunctFinal+?
155-
| LetterOrPunctFinal
156-
;
157-
158-
left_side_value
159-
: WORD
160-
| ID
161-
| reserved_keywords
162-
;
163-
164154
fieldname
165-
: WORD
166-
| ID
167-
| reserved_keywords
155+
: ID
156+
//| reserved_keywords
168157
//| '"' fieldname '"'
169158
| '*'
170159
| STRING
@@ -284,42 +273,39 @@ spl_generating_command
284273
;
285274

286275
spl_command_search
287-
: ('search') search_arg*
276+
: ('search') search_arg+
288277
;
289278

290279
search_arg
291-
: search_arg logical_operator search_arg
292-
| unary_operator search_arg
280+
: unary_operator search_arg
281+
| LPAR search_arg RPAR
282+
| search_arg comparison_operator search_arg
283+
| search_arg logical_operator search_arg
293284
| search_arg_expr
294-
| in_expr
295-
| LPAR search_arg+ RPAR
296285
;
297286

298287
search_arg_expr
299-
: keyword_expr
288+
: fieldname
289+
| keyword_expr
300290
| wildcard_expr
301-
| field_comparison_expr
291+
| in_expr
302292
| subsearch_expr
303-
| logical_expr
304-
| comparative_expr
305-
| unary_operator search_arg_expr
293+
//| logical_expr
294+
//| comparative_expr
306295
;
307296

308297
// https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Eval
309298
// eval <field>=<expression>["," <field>=<expression>]...
310299
spl_command_eval
311-
: 'eval' left_side_value EQ eval_expr (',' left_side_value '=' eval_expr)*
300+
: 'eval' fieldname EQ eval_expr (',' fieldname EQ eval_expr)*
312301
;
313302

314303
eval_expr
315304
: eval_expr math_operator eval_expr
316305
| function_call_expr
317306
| INT
318307
| unary_operator INT
319-
| STRING
320-
| WORD
321308
| ID
322-
| reserved_keywords
323309
| subsearch_expr
324310
| LPAR eval_expr RPAR
325311
;
@@ -350,14 +336,14 @@ tstats_fieldname_list
350336
// [WHERE <search-query> | <field> IN (<value-list>)]
351337
// [BY (<field-list> | (PREFIX(<field>))) [span=<timespan>] ]
352338
spl_command_tstats
353-
: 'tstats' (( 'summariesonly' '=' boolean_value)
354-
| ('prestats' '=' boolean_value)
355-
| ('local' '=' boolean_value)
356-
| ('append' '=' boolean_value)
357-
| ('include_reduced_buckets' '=' boolean_value)
358-
| ('allow_old_summaries' '=' boolean_value)
359-
| ('chunk_size' '=' INT)
360-
| ('fillnull_value' '=' STRING))*
339+
: 'tstats' (( 'summariesonly' EQ boolean_value)
340+
| ('prestats' EQ boolean_value)
341+
| ('local' EQ boolean_value)
342+
| ('append' EQ boolean_value)
343+
| ('include_reduced_buckets' EQ boolean_value)
344+
| ('allow_old_summaries' EQ boolean_value)
345+
| ('chunk_size' EQ INT)
346+
| ('fillnull_value' EQ STRING))*
361347
aggregation_expr_list
362348
(FROM ( ('datamodel' EQ fieldname)
363349
| (loose_string)
@@ -400,11 +386,11 @@ spl_command_fields
400386
fields_modifier: MINUS|PLUS;
401387

402388
in_expr
403-
: fieldname 'IN' LPAR keyword_expr (',' keyword_expr)* RPAR
404-
| fieldname 'IN' LPAR keyword_expr (keyword_expr)* RPAR // XXX: Should be banned
405-
| fieldname 'IN' LPAR wildcard_expr (',' wildcard_expr)* RPAR
406-
| fieldname 'IN' LPAR wildcard_expr (wildcard_expr)* RPAR // XXX: Should be banned
407-
| fieldname 'IN' LPAR subsearch_expr RPAR
389+
: fieldname IN LPAR keyword_expr (',' keyword_expr)* RPAR
390+
| fieldname IN LPAR keyword_expr (keyword_expr)* RPAR // XXX: Should be banned
391+
| fieldname IN LPAR wildcard_expr (',' wildcard_expr)* RPAR
392+
| fieldname IN LPAR wildcard_expr (wildcard_expr)* RPAR // XXX: Should be banned
393+
| fieldname IN LPAR subsearch_expr RPAR
408394
;
409395

410396
logical_expr
@@ -443,7 +429,6 @@ field_comparison_expr
443429

444430
right_value_expr
445431
: timeExpression
446-
| WORD
447432
| boolean_value
448433
| wildcard_expr
449434
| ID
@@ -528,7 +513,6 @@ aggregation_expr
528513
aggregation_function_expr
529514
: aggregation_function
530515
| aggregation_function LPAR aggregation_function_expr RPAR
531-
| aggregation_function LPAR eval_expr RPAR
532516
| aggregation_function LPAR stats_fieldname RPAR
533517
;
534518

@@ -545,7 +529,7 @@ spl_command_mvexpand // XXX #25
545529
// https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Mvcombine
546530
// mvcombine [delim=<string>] <field>
547531
spl_command_mvcombine
548-
: 'mvcombine' ('delim' '=' loose_string)? fieldname
532+
: 'mvcombine' ('delim' EQ loose_string)? fieldname
549533
;
550534

551535
spl_command_transaction
@@ -557,8 +541,7 @@ transaction_option
557541
;
558542

559543
loose_string
560-
: WORD
561-
| STRING
544+
: STRING
562545
| ID
563546
;
564547

@@ -569,8 +552,8 @@ sed_expr: STRING;
569552
// rex [field=<field>]
570553
// ( <regex-expression> [max_match=<int>] [offset_field=<string>] ) | (mode=sed <sed-expression>)
571554
spl_command_rex
572-
: 'rex' 'field' '=' fieldname regex_string (('max_match' '=' INT)|('offset_field' '=' loose_string))*
573-
| 'rex' (('field' '=' fieldname)|('mode' '=' SED))+ sed_expr
555+
: 'rex' 'field' EQ fieldname regex_string (('max_match' EQ INT)|('offset_field' EQ loose_string))*
556+
| 'rex' (('field' EQ fieldname)|('mode' EQ SED))+ sed_expr
574557
| 'rex' STRING
575558
;
576559

@@ -582,10 +565,10 @@ spl_command_append
582565
;
583566

584567
subsearch_option
585-
: 'extendtimerange' '=' boolean_value
586-
| 'maxtime' '=' INT
587-
| 'maxout' '=' INT
588-
| 'timeout' '=' INT
568+
: 'extendtimerange' EQ boolean_value
569+
| 'maxtime' EQ INT
570+
| 'maxout' EQ INT
571+
| 'timeout' EQ INT
589572
;
590573

591574
// https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Makeresults
@@ -619,10 +602,10 @@ spl_command_bucket
619602
;
620603

621604
bin_option // XXX: I use loose_string randomly
622-
: 'bins' '=' loose_string
623-
| 'minspan' '=' loose_string
624-
| 'span' '=' loose_string
625-
| 'aligntime' '=' loose_string
605+
: 'bins' EQ loose_string
606+
| 'minspan' EQ loose_string
607+
| 'span' EQ loose_string
608+
| 'aligntime' EQ loose_string
626609
;
627610

628611
// https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Join
@@ -633,11 +616,11 @@ spl_command_join
633616

634617
// type=(inner | outer | left) | usetime=<bool> | earlier=<bool> | overwrite=<bool> | max=<int>
635618
join_option
636-
: 'type' '=' ID
637-
| 'usetime' '=' boolean_value
638-
| 'earlier' '=' boolean_value
639-
| 'overwrite' '=' boolean_value
640-
| 'max' '=' INT
619+
: 'type' EQ ID
620+
| 'usetime' EQ boolean_value
621+
| 'earlier' EQ boolean_value
622+
| 'overwrite' EQ boolean_value
623+
| 'max' EQ INT
641624
;
642625

643626
// https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Makemv
@@ -647,10 +630,10 @@ spl_command_makemv
647630
;
648631

649632
makemv_option
650-
: 'delim' '=' loose_string
651-
| 'tokenizer' '=' loose_string
652-
| 'allowempty' '=' boolean_value
653-
| 'setsv' '=' boolean_value
633+
: 'delim' EQ loose_string
634+
| 'tokenizer' EQ loose_string
635+
| 'allowempty' EQ boolean_value
636+
| 'setsv' EQ boolean_value
654637
;
655638

656639
// https://docs.splunk.com/Documentation/Splunk/8.0.2/SearchReference/Timechart
@@ -664,7 +647,7 @@ spl_command_timechart
664647
;
665648

666649
timechart_option
667-
: 'span' EQ WORD
650+
: 'span' EQ ID
668651
| 'sep' EQ STRING
669652
| 'format' EQ STRING
670653
| 'partial' EQ boolean_value

0 commit comments

Comments
 (0)