EQL: ambiguous syntax for chained predicates

[rw-access]

Existing implementations of EQL have peg-based grammars, and as part of the design can't support chaining predicates.

For example, 1 == 1 == 1 raises a syntax error. This seems like good behavior, forcing the user to do (1 == 1) == 1.

$ eql query 'any where 1 == 1 == 1'
Error at line:1,column:18
Invalid syntax
any where 1 == 1 == 1
                 ^

Then you get this

$ eql query 'any where (1 == 1) == 1'
Error at line:1,column:11
Invalid comparison of boolean to number
any where (1 == 1) == 1
          ^^^^^^^^^^^^^

However, for Elasticsearch, we accept this syntax. But it's not clear what it means.
(I think there's another issue here with data type validation isn't detecting a type mismatch with (bool) == long

GET logs-endpoint.alerts-default/_eql/search
{
  "query": """
    any where 1 == 1 == 1
  """
  ,
  "size": 1
}

GET logs-endpoint.alerts-default/_eql/search
{
  "query": """
    any where 1 < 2 < 3
  """
  ,
  "size": 1
}

[elasticmachine]

Pinging @elastic/es-ql (:Query Languages/EQL)

[rw-access]

Update: I think this is actually okay in its current implementation. It's not a bug then, more of a specification question.

I looked into this a little bit more, and I think that the expectation for many languages is for the equality operator to be left-associative. Thus a == b == c is equivalent to (a == b) == c

I think it comes to a matter of specification, and what we think is desired behavior for the language. Do we want this operator to be left-associative or do we want to forbid this syntax? We can decide the ideal specification, and from there we can work out the implementation details, if any need to be changed. I added the label team-discuss to ask in the next meeting.

[matriv]

Just listing the behaviour of SQL in some popular DBs:
PostgreSQL:

postgres=# select 1 < 2 < 3;
ERROR:  syntax error at or near "<"
LINE 1: select 1 < 2 < 3;
                     ^
postgres=# select 1 = 2 = 3;
ERROR:  syntax error at or near "="
LINE 1: select 1 = 2 = 3;
                     ^
postgres=# select (1 = 2) = true;
 ?column?
----------
 f
(1 row)

postgres=# select 1 = 1 = 1;
ERROR:  syntax error at or near "="
LINE 1: select 1 = 1 = 1;
                     ^

MySQL:

select 1 = 1 = 1;

1 = 1 = 1
--
1

select 1 = 2 = 3

1 = 2 = 3
--
0

select 1 < 2 < 3

1 < 2 < 3
--
1

select 1 > 2 > 3

1 > 2 > 3
--
0

Oracle gives a syntax error for those expressions.

I have no real personal preference, I'd say to keep it as is (left-associative) rather than forbid it.