Add some comments

Author: swar8080

instrumentation-api-incubator/src/main/jflex/SqlSanitizer.jflex

@@ -54,6 +54,7 @@ WHITESPACE          = [ \t\r\n]+
   // max length of the sanitized statement - SQLs longer than this will be trimmed
   static final int LIMIT = 32 * 1024;
 
+  // Match on "IN(?, ?, ...)". This can also match invalid sql syntax like IN(?,,), which is a tradeoff to avoid stack overflows
   private static final Pattern IN_STATEMENT_PATTERN = Pattern.compile("\\sin\\s*\\(\\s*\\?[\\s?,]*?\\)", Pattern.CASE_INSENSITIVE);
   private static final String IN_STATEMENT_NORMALIZED = " in(?)";
 
@@ -283,7 +284,10 @@ WHITESPACE          = [ \t\r\n]+
       builder.delete(LIMIT, builder.length());
     }
     String fullStatement = builder.toString();
+
+    // Normalize all 'in (?, ?, ...)' statements to in (?) to reduce cardinality
     String normalizedStatement = IN_STATEMENT_PATTERN.matcher(fullStatement).replaceAll(IN_STATEMENT_NORMALIZED);
+
     return operation.getResult(normalizedStatement);
   }