sql support for dynamic parameters

[clintropolis]

This PR adds support for parameterized SQL queries of the form:

SELECT COUNT(*) FROM data_source WHERE foo = ? AND __time > ?

Over the HTTP API :

{
  "query" : "SELECT COUNT(*) FROM data_source WHERE foo = ? AND __time > ?",
  "parameters": [
    { "type": "VARCHAR", "value": "bar"},
    { "type": "TIMESTAMP", "value": "2000-01-01 00:00:00" }
  ]
}

JDBC:

PreparedStatement statement = connection.prepareStatement("SELECT COUNT(*) AS cnt FROM druid.foo WHERE dim1 = ? OR dim1 = ?");
statement.setString(1, "abc");
statement.setString(2, "def");
final ResultSet resultSet = statement.executeQuery();

Design

Dynamic parameter binding for Druid queries is performed in a "query optimized" (rather than "planner optimized") manner which substitutes the dynamic parameters (SqlDynamicParam and RexDynamicParam) nodes of the expression with the literals of the value that they are bound to as early as we can. This lets us maximize simplification of the query expression as much as possible prior to execution, which is likely always going to be better for query performance. For JDBC, this pushes the actual planning into the 'execute' call, so re-using a prepared statement with different parameters will result in re-planning the query, which is what I meant by the earlier assertion that this approach is "query optimized" instead of "planner optimized". Since planning is expected to be cheap compared to the actual query, this seems like the correct approach to take here, especially since these unoptimized queries could result in either complex or un-necessary virtual column expressions at execution time.

This is done through two layers of expression tree transformation, the first SqlParametizerShuttle transforming the SqlNode expression, and the second RelParameterizerShuttle transforming the RelNode expression after the SqlNode has been parsed and validated and translated into a relational form. Through experimentation I have got the first transformation to catch all of the test cases I have so far, but the ability to create a SqlLiteral from arbitrary JDBC types is less rich than the facilities to create a RexLiteral, so I still have the second transformation in place, just in case. Some additional details are available in a Calcite dev-list thread about how to approach this problem.

[clintropolis]

One of the primary motivators was to provide a mechanism to supply very large literals (serialized bloom filters) to a Druid query without choking the tokenizer with a 10MB+ string literal, as the timings of this test show it's a nice improvement:

I meant to mark the slow test as ignore though so it doesn't get run, so will update PR.

[peterlittig]

I found my way here via CALCITE-2873 and am receiving the same AvaticaSqlException when attempting to prepare statements against my Druid cluster. Two questions: 1) How broad is the scope of fix in this PR? (i.e., I'm wondering if my use-case will likely be covered by the fix) and 2) Is there a best-guess timeline for when it will be merged into apache:master?

Many thanks!

[clintropolis]

@peterlittig, I expect this will probably be merged to master within the next couple of weeks, barring any major issues uncovered during review, and should be included in release 0.15 (which is quickly sneaking up on us even though 0.14 isn't quite finalized yet).

I'm not sure on your use case, but I hope so? I've attempted this PR to add general purpose support for dynamic parameters to Druid sql queries through both the JSON API and JDBC interfaces. I've added a handful of test cases for a variety of expressions to the new in this PR CalciteParameterQueryTest, have a look to see if the queries you're trying to do look similar to any of those, and if not I'd be happy to add a test case to make sure it works correctly.

One thing to note, sometimes dynamic parameters can trip up the type inference, which will result in a query failing to validate before it can plan. As far as I can tell, this is largely on the calcite side, as queries will confuse the SqlValidator that parses the SqlNode prior to where this PR does it's thing, but there is a sort of work around for this through using a CAST(? as <type>) in the expression to explicitly type the parameters, e.g. like this example from the linked test cases:

WHEN ? THEN SUM(cnt) / CAST(? as INT)

In this example, the first ? passes through the validator, but the 2nd must be explicitly cast to an INT to pass validation. It's unfortunate, but should get better with time and new versions.

[peterlittig]

Thanks for the response, @clintropolis! The use-cases I currently have in mind are fairly simple/straightforward. I'll definitely take a look at the test class you linked and see I'm covered. Thanks also for the timeline estimate. It would be great to see this go out in 0.15!

[clintropolis]

One note: given that parameters are specified in a list, could it be legal to leave out all ordinals and have them default to their 1-based list index if they are all missing?

@glasser I have modified the parameters in the http call to no longer have the ordinal property, in favor of the more user friendly approach you suggested of using list order. I have updated the PR description (and docs) to reflect this.

[clintropolis]

this test will fail CI in sql compatible mode until #9251 is merged

[ccaominh]

I think the original example is better as the semicolon is not needed

[clintropolis]

removed

[ccaominh]

Per #6974 (comment), it'd be good to ignore this slow test

[clintropolis]

Marked both as ignored

[ccaominh]

Suggestion: Declare as List instead of ArrayList to separate behavior from implementation

[ccaominh]

I think a comment for why this is not Float.class would be helpful

[clintropolis]

Added link to docs I used as reference for mappings from JDBC to Java types

[ccaominh]

Suggest adding an EqualsVerifier unit test for this

[clintropolis]

added

[ccaominh]

Suggest adding an EqualsVerifier unit test for this

[clintropolis]

added

[ccaominh]

Would it be beneficial to test binding a null?

[clintropolis]

Hmm, thanks for asking as the current implementation wasn't accepting null valued parameters because a year ago when I made this branch we didn't really publicly acknowledge that null could exist, and it had a precondition check that value was not in fact null. I've adjusted this to accept null parameters.

However, since there is no null equivalence in sql, it doesn't really seem to be all that useful, and in all cases I could think of you need a different expression to be able to explicitly use a null parameter, making using a parameter to pass null basically pointless afaict unless I'm missing some obvious case.

Additionally, calcite seems to fail to parse stuff like:

SELECT COUNT(*)
FROM table
WHERE column IS ?

producing an error of the form:

org.apache.calcite.sql.parser.SqlParseException: Encountered "IS ?" at line 3, column 10.1

I did add a couple of contrived examples, one using coalesce that optimizes out the parameter if it is null since coalesce returns first non-null, and a bloom filter test which is optimized out because it ends up being a constant, just to test the path of a null parameter getting fed into things.

[ccaominh]

Can you add an explanation of why it's ignored (the annotation takes a value, which can be used for the comment).

[ccaominh]

Same comment about adding explanation

[sthetland]

Looks good. Two suggestions and a typo.

[sthetland]

I misread this at first as meaning JDBC enables parameterized queries somehow. Is this wording clearer:
"You can use parameterized queries in JDBC code, as in this example;"

[clintropolis]

changed

[sthetland]

nit: "...is a friendly wrapper..."

[clintropolis]

👍

[sthetland]

Suggestion: This description feels like it could be expanded upon just a bit, just to draw out what is meant by "in order," for one thing. How about something like:

"Druid SQL supports dynamic parameters in question mark (?) syntax, where parameters are bound to the ? placeholders at execution time. To use dynamic parameters, replace any  literal in the query with a ? character and ensure that corresponding parameter values are provided at execution time. Parameters are bound to the placeholders in the order in which they are passed."

[clintropolis]

sgtm, changed

[jihoonson]

nit: please break the line.

[clintropolis]

done

[jihoonson]

Would you add a comment on why this is always false?

[clintropolis]

added comment

[jihoonson]

It seems that this needs to lock lock.. Maybe parameters can be passed to execute() directly without having this method.

[clintropolis]

good catch, reworked to make execute take a list of parameters to avoid messing with the lock

[jihoonson]

LGTM.

[clintropolis]

Thanks for review all 👍