ESQL: Extend STATS command to support aggregate expressions

[costin]

Previously only aggregate functions (max/sum/etc..) were allowed inside
the stats command. This PR allows expressions involving one or multiple
aggregates to be used, such as:

 stats x = avg(salary % 3) + max(emp_no),
       y = min(emp_no / 3) + 10 - median(salary)
       by z = languages % 2

[elasticsearchmachine]

Hi @costin, I've created a changelog YAML for you.

[elasticsearchmachine]

Pinging @elastic/es-analytical-engine (Team:Analytics)

[costin]

The core of this PR - the changes are larger because:

1. the ReplaceDuplicateAggWithEval has been removed and incorporated into the new rule.
2. the behavior of CombineProjections has been fixed when dealing with a Project/Aggregate, simplifying the clean-up.

[costin]

Removed ReplaceDuplicateAgg and pushing down of limits again.

[costin]

The new rule breaks down expressions over aggs into eval so the underlying stats only works on top level aggregations.
While at it, it handles also duplicates to avoid repetitive computation.
This keeps the following rule simple since it's guarantees that an Aggregate will only contain AggregateFunctions not expressions over them.

[costin]

Small tweak - no need to return EsqlProject instead Project since the tree is already resolved.

[costin]

I've updated the temporary name to make it a bit less confusing/repetitive.

[costin]

Unrelated change - couldn't help not correct it to save the method invocation and replace the noise map with a good-ol' reliable iteration.

[costin]

The gist of this change takes care of the scenario creates by ReplaceStatsAggExpressionWithEval:

stats x = sum(), y = count()
project x, x as a, y

The combine rule previously would combine project into stats which would duplicate the count:

stats x = sum(), a = sum(), y = count()

It removes the project (which is cheap) but duplicates the sum (which is expensive and the reason we didn't want to duplicate it in the first place).

The rule thus tracks is there's any new alias - however it keeps on removing unused aggregations and in case of basic aliasing project, removes the project.
So the following

stats x = sum(), y = count()
project x as a

becomes

stats a = sum()

[costin]

Ternary operator ❤️

[costin]

Update the generator name strategy to be a bit more meaningful.

[costin]

The core of this PR - breaks down the expression over aggs and adds an eval lazily only for the fields that have an expression over aggregate functions.

[bpintea]

We could improve this a bit further for a referencing case: just like we now support | eval x = field, y = x + 1, we could now (but don't yet) support something like: | stats x = max(field), y = x + min(field) -- this now fails because column x isn't known.

[costin]

That would be a nice little feature - raised #105102 as a follow-up.

[costin]

Handled by ReplaceStatsAggExpressionWithEval

[costin]

/cc @leemthompo

[leemthompo]

@costin I understand that we tag some of these tests to be included as examples in the docs. Just wondering what the workflow was with Abdon to add these tags? Was it just simply a ping to alert the writer that we want this example in the docs? :)

(Might need to be slightly more explicit about the workflow in general just because I haven't that rhythm yet)

[costin]

The tests above are meant for internal consumption hence the ping - better to create other tests, that fix the general dataset and the rest of examples in the docs and add them in, as a separate PR after this one gets merged.
See the previous PRs authored by Abdon.

[elasticsearchmachine]

Hi @costin, I've created a changelog YAML for you.

[astefan]

LGTM
Left only minor comments. Maybe the one related to an additional test to be of more importance.

[alex-spies]

Gave this a first round, focusing on tests this time. I'll give this another go tomorrow.

Two observations:

• I think there's bugs for the following cases: stats max(l) by l=languages (verification exception) and, more severely, stats max(languages) + languages by l = languages (NPE, Cannot invoke \"org.elasticsearch.xpack.esql.planner.Layout$ChannelAndType.channel()\" because the return value of \"org.elasticsearch.xpack.esql.planner.Layout.get(org.elasticsearch.xpack.ql.expression.NameId)\" is null"); the latter works fine without the alias.
• This allows shenanigans like stats max(languages) + languages by languages (using a grouping in the expression), but not stats languages + 1 by languages; although that may be something for a follow-up, if we want to allow this.

Other than that I have mostly minor remarks; the tests do not fully assert the (complex) expressions that are being constructed, maybe we should be stricter there.

[alex-spies]

Suuuuper nit:
Shouldn't the error message be expected an aggregate function or group here as well? [x] is not an aggregate function technically implies that this should be replaced by an agg function.

[alex-spies]

Nit, low prio: The generated attribute names make optimized plans pretty hard to read/grasp, due to the leading underscores and @9efc3cf3 thingies. Maybe we could streamline the names?

E.g.

 \_Aggregate[[],[SUM(salary{f}#11) AS x_AVG_SUM, COUNT(salary{f}#11) AS x_AVG_COUNT, MAX(salary{f}#11) AS x_MAX

We could still append a number in case of conflict.

[costin]

I've revisited the naming strategy to rely on a counter across the entire rule - hopefully this avoids clashes and improves readability.

[alex-spies]

We're technically not asserting the whole expression here - maybe better to just assert the expression string?

Applies to all added tests in this file.

[alex-spies]

nit: the attribute names are constructed from the aggs where they will be used, but not from the expression where they will be used; this makes it a bit hard to read this bottom-up (and top-down is also hard). I think it will also lead to tricky attribute names in cases like y = min(emp_no /3) - min(emp_no + 2), as both attributes will be called ____y_MIN@...._MIN@.....
Maybe this would be more consistent?

Suggested change

	* emp_no{f}#1923 / 3[INTEGER] AS ____y_MIN@80cee21c_MIN@80cee21c]]
	* emp_no{f}#1923 / 3[INTEGER] AS y_SUB1_MIN]]

(resp. ...SUB0... for the left hand side)

[fang-xing-esql]

LGTM in general, this is more like educational purposes for me. I left two minor suggestions on the test cases, and a question on the CombineProjections rule.

[fang-xing-esql]

The asserts with the same exception messages can be factored out.

[fang-xing-esql]

Perhaps one of these test cases can be modified to use different groupings, for example, by auto_bucket(emp_no, 10, 1, 10000), to increase the coverage a bit more.

[fang-xing-esql]

Do we want to support removing duplicated expressions over aggregations? Like below:

| stats x = avg(salary) /2 + max(salary) , y = avg(salary) /2 + max(salary)

It seems like we recalculate expression part for x and y, the duplicated aggregations - avg and max are not recalculated. Detecting equivalent expressions over aggregations could be more complicated than detecting equivalent aggregations. Perhaps it is because CombineProjections does not check the pattern created by ReplaceStatsAggExpressionWithEval, CombineProjections checks project over project, this case has the pattern of project over eval over project over eval. Just to take a note here, not sure if it worth supporting it.

[alex-spies]

I think this would be covered as part of our plan to eliminate common (sub-) expressions: #103301

[alex-spies]

Gave it another round, focusing on the optimizer code this time. I didn't find anything not already covered by others' remarks. Looks good, very neat feature!

[alex-spies]

++ to the examples in the javadoc, very useful.

[bpintea]

Left a more relevant note in a comment and some smaller nits.
Otherwise, while not fundamental, this PR together with #104387 make ESQL writing really "liberating" -- very nice.

[bpintea]

nit: not sure if this makes it easier to read, but an alternative to unify the way the nodes are named:

Suggested change

	String name = expression instanceof NamedExpression ne
	? ne.name()
	: expression.nodeName() + "@" + Integer.toHexString(expression.hashCode());
	return "__" + name + "_" + af.functionName() + "@" + Integer.toHexString(af.hashCode());
	Function<Expression, String> nf = e -> (e == af ? af.functionName() : e.nodeName()) + "@" + Integer.toHexString(e.hashCode());
	String name = expression instanceof NamedExpression ne ? ne.name() : nf.apply(expression);
	return "__" + name + "_" + nf.apply(af);

[costin]

• I think there's bugs for the following cases: stats max(l) by l=languages (verification exception) and, more severely, stats max(languages) + languages by l = languages (NPE, Cannot invoke \"org.elasticsearch.xpack.esql.planner.Layout$ChannelAndType.channel()\" because the return value of \"org.elasticsearch.xpack.esql.planner.Layout.get(org.elasticsearch.xpack.ql.expression.NameId)\" is null"); the latter works fine without the alias.
• This allows shenanigans like stats max(languages) + languages by languages (using a grouping in the expression), but not stats languages + 1 by languages; although that may be something for a follow-up, if we want to allow this.

There's a subtle bug when dealing with an aliased grouping which sometimes popped up because the validation allowed the grouping column in some queries.
I've raised #105172 as a follow-up and in the meantime improved the validator to not allow this scenario.

[costin]

Changed the strategy to indicate the inner and outer expression as that can differ across rules - in some an aggregation is an inner expressions while in others is the outer one.

[costin]

Opted for $$a$ instead of _ as that was used to replace spaces.

[costin]

An example of the new naming strategy.