Coding for Testability

There is no doubt that in recent years there has been an increased focus on unit testing our code before we throw it over the fence. Despite this increased focus we still see piles of code out in the field that is virtually untestable despite it exhibiting several other positive characteristics. So what is it that makes it so hard to write a piece of code that is easily unit testable?

Ironically I think that a lot of the blame falls on the unit testing gurus who produce frameworks which are supposed to guide us into making testable code. I’m talking about inversion of control frameworks which implement various flavors of the dependency injection pattern or the service locator pattern. While the frameworks themselves are powerful they are somewhat unapproachable to your average development team member which is having a hard enough time coming to terms with the humble DataSet – don’t laugh, every team has at least one!

Rather than focus on a set framework I think we should make one simple change to our collective coding styles. Lets take a look at the following piece of code that you might find any your typical layered business application:

public class CustomerBusinessComponent

{

    public Customer Find(string customerID)

    {

        CustomerDataComponent data = new CustomerDataComponent();

        Customer customer = data.Load(customerID);

        return customer;

    }

} 

In this example we can see that the higher caller would invoke Find and this business component would then load the customer based on the customer ID that was passed in. Hopefully a business logic component would justify its existence by doing more than this, but it is fine for the purposes of this demonstration. The problem with this code is that it is tightly coupled with the layer below, which probably means it is tightly coupled (ultimately) to the database.

Microsoft product teams have a saying about not taking any dependencies when you ship, but we can understand where the SQL and .NET teams went so wrong – its so easy to do! We do it with every piece of code that we write! In order to make the code above more unit testable we should really extract the hard dependency on CustomerDataComponent so that we can provide our own implementation, here is a quick and dirty example that gets the job done.

public class CustomerBusinessComponent

{

    private CustomerDataComponent m_CustomerDataComponent = new CustomerDataComponent();

 

    public CustomerDataComponent DataComponent

    {

        get { return this.m_CustomerDataComponent; }

        set { this.m_CustomerDataComponent = value; }

    }

 

    public Customer Find(string customerID)

    {

        Customer customer = this.DataComponent.Load(customerID);

        return customer;

    }

}

The beauty here is that our test code can now provide its own data component implementation:

public class TestCustomerDataComponent : CustomerDataComponent

{

    public override Customer Load(string customerID);

    {

        Customer cust = new Customer();

        cust.ID = “DUMMY”;

        return cust

    }

}

 

[TestClass()]

public class CustomerBusinessComponentTests

{

    [TestMethod()]

    public void SunnyWeatherFindTest() // This is a Jackism.

    {

        CustomerBusinessComponent businessComponent = new CustomerBusinessComponent();

        businessComponent.DataComponent = new TestCustomerDataComponent();

        Customer customer = businessComponent.Find(”DUMMY”);

        Assertion.AreEqual<string>(”DUMMY”, customer.ID);

    }

}

There are a couple of subtle implications here. The first is that your should start defining the methods you are planning on stubbing out as virtual but you should also consider the other changes when you switch to this style of coding. First of all – lets say I instantiated my CustomerBusinessComponent, well my CustomerDataComponent would get instantiated automatically – but if I never called Find that could have potentially been wasteful. If you applied this pattern throughout your layers you could well end up with thousands of objects being instantiated just to make one simple call, so we can optimise the code to be more memory efficient (memory efficiency is more important than runtime efficiency in .NET – space is king).

public class CustomerBusinessComponent

{

    private CustomerDataComponent m_CustomerDataComponent;

 

    public CustomerDataComponent DataComponent

    {

        get

        {

            if (this.m_CustomerDataComponent == null)

            {

                this.m_CustomerDataComponent = new CustomerDataComponent();

            }

 

            return this.m_CustomerDataComponent;

        }

        set { this.m_CustomerDataComponent = value; }

    }

 

    public Customer Find(string customerID)

    {

        Customer customer = this.DataComponent.Load(customerID);

        return customer;

    }

}

Finally, there are a few things that you could do to improve this as a testing mechanism. First, you could make the test data access component take an anonymous method in its constructor which would allow the test case code to define what the return value from the dependency it is injecting. This could be useful when dealing with data driven unit tests in Visual Studio Team System or combinatorial tests in MbUnit – but that’s a topic for another technical moment!

Passwords: Reality check . . .

So we all know the drill for passwords:

• Make them unique, don’t use the same password twice.
• Change them every month or so.
• Make them complex, paraphrases are good.

I’m sorry, your reality cheque just bounced. Lets be conservative and say I have about twenty usernames and passwords for online sites including things like my blog, my personal e-mail, Passport and the like.

Because I am a consultant I also am actively managing between five to ten passwords to access client systems on top of my Readify username and password. I am forced to cycle each of these every one to two months and if I don’t lock out occurs. The cute thing about lock out is that it typically requires me to call an outsourced service provider over an unencrypted telephone network (no – I don’t have a speak easy sitting on my desk – and the help desk operator definately doesn’t).

So what is the solution? A password manager? Essentially a password manager hopes to defend multiple passwords through one super strong paraphrase-style password. That doesn’t make me terribly comfortable, but even if I could get over it I have a more serious problem to contend with.

For example – most password managers run on your local machine and require you to back up their data files (no problem). But what happens when I forget my laptop? Occasionally I go into high security sites where I can’t bring in my laptop or mobile phone - what do I do then? Should I load the data onto the Internet? Now I am feeling really uncomfortable!

The reality is that the security guys demand that we use complex and unique passwords but don’t consider how well that scales in reality. The only way a mortal can cope is by deliberately weakening their passwords so they can remember them.

What is the solution? Until strong biometrics are everywhere I don’t think there is one!

Be careful where you type in your Passport password . . .

Rocky and Grant’s little story about the password generator over at Gibson Research reminded me of a little episode I had recently with one of the local .NET community members.

Basically this nice chap had decided to put together a little community site that allowed users to log in and share content, but rather than force them to remember yet another username and password combination they decided allow them to type in their Passport username and password.

Ummm – okay – pass. The key detail I have left out here is that the site is not a member of the Passport network, so they essentially take your username and password and store it in their database (whether it is hashed or not is irrelevant).

No – I am not going to link to the site.

Great little journaling tool.

Grant points to a great little tool by Leon Bambrick and Atli Bjorgvin Oddsson. I was pondering today why timesheets are so hard – some people think that they are easy, but I don’t think they have to fill in the two different timesheets I have to, and I don’t think they are working across three projects simultaneously.

Anyway – its a neat find, now if only it could take a stab at filling in the timesheet for me automagically!

70-536: Collection interfaces

The 70–536 skills matrix says that I need to know about the full set of collection interfaces inside the .NET Framework, specifically:

• ICollection and IList
• IComparer, IEqualityComparer and IKeyComparer
• IDictionary and IDictionaryEnumerator
• IEnumerable and IEnumerator
• IHashCodeProvider

Rather than tackle these in order I will rearrange the list a little so it is a little bit more logical, first up the main interfaces!

IEnumerable, ICollection and IList

These three interfaces are the core of the collection system. IEnumerable defines one method called GetEnumerator which returns an object that implements IEnumerator. It is a generic mechanism where every object can work with the variety of “foreach” constructs in every language.

It supports forward only traversal over a set of objects – not only do you find it arrays and collection classes but you find it on other types such as System.String to allow you to enumerate over a block of text as a sequence of characters - very useful.

The ICollection interface actually inherits from the IEnumerable interface, so by definition everything an IEnumerable object can do an ICollection object can as well. What is different about the ICollection interface is that it represents a known quanitity of elements so that you can get a count of how many elements there are in the collection. It also introduces a number of properties to support synchronised access to elements (you lock on SyncRoot).

Introducing IList! I list inherits both ICollection and IEnumerable but adds a number of methods to support adding and removing items from the underlying collection of objects. In an amazing stroke of inconsistent naming you will find that most classes that implement IList are actually called somethingCollection, and not all those that have IList-like methods are actually IList implementors. The only reason I have to explain this inconsistency is history.

Many of the frameworks that Microsoft published in the past exposed collections of objects, and those collections were mutable with add and remove methods. I suspect that Microsoft could have called ControlCollection ControlList but the natives would have gotten restless.

IComparer, IEqualityComparer and IKeyComparer

These three interfaces are used in various ways by the collections framework in .NET. Take IComparer for example – it can be used to provide a sort ranking for any two objects. Now - there is a related interface called IComparable in which an element object can sort itself but it is fairly common for this interface not to be implemented so the IComparer gives you an external and more flexible mechanism for sorting.

One pattern that I used with comparers is to create one for each of my domain objects, then sub-class it for each of the various properties. These sub-classes then become accessible off the base domain object comparer as static properties (SortByLastName type stuff). If you want to get really fancy you can even make it support multi-property sorts by having the base comparer take a paramarray of sorts which it then applies sequentially to determine the ultimate sort order.

So thats IComparer – what about IEqualityComparer and IKeyComparer? Well IEqualityComparer is a special kind of comparer which is use to determine equality only – so it can’t really be used for sorts. Its reason for being is a bit fuzzy for me but from what I read the idea is that it is useful for culture aware comparisons where a straight string comparison wouldn’t work correctly. The MSDN documentation also had some interesting implementation notes:

“The Equals method is reflexive, symmetric, and transitive. That is, it returns true if used to compare an object with itself; true for two objects x and y if it is true for y and x; and true for two objects x and z if it is true for x and y and also true for y and z. Implementations are required to ensure that if the Equals method returns true for two objects x and y, then the value returned by the GetHashCode method for x must equal the value returned for y.”

Looks to me like a good candidate for a unit test whenever you implement one because it would be so easy to get one of those implementation details wrong and cause all kinds of wierdness.

IKeyComparer? OK – you could probably carbon date when this skills matrix was put together by the names of the interfaces and classes that no longer exist, but basically the IKeyComparer was slated to be renamed to IHashComparer. You can read about the change here on Krzysztof Cwalina’s blog – however, I suspect that this never happened and the interface has been dropped entirely.

IDictionary

The IList interface is all about storing a set of elements and making them indexable by a numerical key. The IDictionary interface expands the concept of having an index to access elements in a set by allowing you to define what that key value is. The IDictionary interface is kind of loose in that it allows us to use any key and any value as long as it derives from System.Object (now find me one that doesn’t). With the generic IDictionary<K,V> interface you can lock that down a little bit.

IEnumerator and IDictionaryEnumerator

Implementors of IEnumerator are returned from the GetEnumerator method from classes that implement IEnumerable. The interface defines two methods, Reset and MoveNext and a Current propertyly that allows you to grab the current element. The IDictionaryEnumerator is a specialisation of the IEnumerator interface for dictionary objects. It defines an additional three properties, Entry, Key and Value.

The Entry property is the same as Current on IEnumerator except it is hardwired to return a DictionaryEntry and the Key and Value properties just provide easier access to the the Key and Value properties of the DictionaryEntry instance returned by the Entry property (phew – what a mouthful).

Actually, one of the things that always gets me about working with dictionaries is that when I go to enumerate them in a “foreach” loop I get an InvalidCastException – its because I always think that I am just enumerating the values, not a set of DictionaryEntry instances.

IHashCodeProvider

The IHashCodeProvider interface has now been obsoleted and we should use IEqualityComparer instead (see above). I guess the theory behind this was that we shouldn’t allow people to get in and trash the hashing algorithm in classes like the Hashtable, instead we should give them a specific interface to implement for all the things that would normally make them take that drastic step.