Showing posts with label Design By Contract. Show all posts
Showing posts with label Design By Contract. Show all posts

Last week Fredrik Normén had a couple of nice posts on argument validation using C# extension methods. It got me thinking on a different approach where a method interceptor could handle the validation.

First a short recap on argument validation. I guess everyone have seen or written code with some kind of argument validation, like this for example: 

public void Add(string value)
{
  if (string.IsNullOrEmpty(value)) 
      throw new ArgumentException("The value can't be null or empty", "value");
    
  ///...
}

To make argument validation easier I have (to a small extent) used a modified version of this design by contract utility class. This utility class lets you write argument validation like this: 

public void Add(string value)
{
  Check.Require(value != null, "value should not be null");
    
  ///...
  
  Check.Ensure(Count > 0);
}

So this got me thinking on how you could handle argument validation using method interception. With a method interceptor you could inspect the function arguments checking for validation attributes. I envisioned code looking like this:  

[Ensure(() => this.Count > 0)]
public void Register([NotNull] string name, [InRange(5,10)] int value)
{
  ///...
}

Getting the ensure post condition to work like that will be impossible since you can only use constant expressions in attribute constructors. This is something I think they should look at for C# 4.0, being able to define lambdas in attribute arguments would make interesting scenarios possible (like this). The NotNull and InRange attributes were very simple to implement:  

public abstract class ArgumentValidationAttribute : Attribute
{        
  public abstract void Validate(object value, string argumentName);
}

[AttributeUsage(AttributeTargets.Parameter)]
public class NotNullAttribute : ArgumentValidationAttribute
{
  public override void Validate(object value, string argumentName)
  {
    if (value == null)
    {
        throw new ArgumentNullException(argumentName);
    }
  }    
}    

[AttributeUsage(AttributeTargets.Parameter)]
public class InRangeAttribute : ArgumentValidationAttribute
{
  private int min;
  private int max;

  public InRangeAttribute(int min, int max)
  {
    this.min = min;
    this.max = max;
  }

  public override void Validate(object value, string argumentName)
  {
    int intValue = (int)value;
    if (intValue < min || intValue > max)
    {
      throw new ArgumentOutOfRangeException(argumentName, string.Format("min={0}, max={1}", min, max));
    }
  }
}

This is of course the easy part. It is the actual interceptor that is making the magic happen. This implementation is just a proof of concept, and not optimal from a performance stand point.

public class ValidationInterceptor : IInterceptor
{
  public void Intercept(IInvocation invocation)
  {
    ParameterInfo[] parameters = invocation.Method.GetParameters(); 
    for (int index = 0; index < parameters.Length; index++)
    {
      var paramInfo = parameters[index];
      var attributes = paramInfo.GetCustomAttributes(typeof(ArgumentValidationAttribute), false);

      if (attributes.Length == 0)
        continue;

      foreach (ArgumentValidationAttribute attr in attributes)
      {    
        attr.Validate(invocation.Arguments[index], paramInfo.Name);
      }            
    }

    invocation.Proceed();
  }        
}

To make this interceptor more feasible for production you would probably have to add some smart caching mechanism. This interceptor based argument validation is of course somewhat limited in applicability. You have to use a dynamic proxy generator to get the interceptor functionality and only interface and virtual functions can be intercepted. But it is an interesting idea and shows another nice usage scenario for method interception.

The concept of being able to intercept method calls is something that would be great if it was built into a future version of the CLR runtime. That way static and non virtual methods could be intercepted. It is a nice way to implement cross-cutting concerns (like validation). But until then we will have to live with proxy generators, it works nicely for interfaces:

public interface IRegistrationService
{
  void Register([NotNull] string name, [InRange(5, 10)] int value);

  void Register([NotNullOrEmpty] string name);
}

If you specify the attributes on an interface you do not need to duplicate them on the implementation methods! A small update to the interceptor to support validation of the return value would allow something like this:

public interface IUserRepository
{
  [return: NotNull]
  User GetById([GreaterThanZero] int id);
  
  ///...
}

The syntax for attributes on return values are kind of funky. If Spec# isn't the future (I hope it is) then maybe something like this can be :)

Posted by Torkel Ödegaard at 10:52 PM 3 comments Links to this post
Labels: , ,

The ideas and concepts that the Microsoft research team has realized in spec# are too great not to be included in a future version of C# !

Just look a this example:

public static int Subtract(int x, int y)
     requires x > y;
     ensures result > y;
{
     return x - y;
}

It is not only the runtime aspects of spec# that are exiting. It is the amazing level of static analysis that they have implemented that at compile time validates (across many method boundaries) that requirements are uphold.

C# has really evolved a lot in the last two iterations (especially in 3.0), and think this fast evolution has given it a good edge compared to other static languages (java). But why stop now? Here are a few more things I would like in C# 4.0 :)

Extensible compilation pipeline:

The Boo .NET language has this concept of an extensible compilation pipeline that allows for really powerful usage scenarios. With it you can extend the language with new keyword constructs and attributes that actually manipulate the abstract syntax tree (AST). Here is an example where I have extended Boo with some constructs for design by contract:

[ensures(total > 0)] 
def Add(int value):
    requires value > 0
    total += value

Extending the Boo language like this is very trivial. For example the requires keyword is implemented like this: 

macro requires:
  return [|
    if $(requires.Arguments[0]) == false:
        raise ArgumentException("requires precondition failed")
    |]

This is just a simple example, you can do more powerful stuff. A Boo macro is very different from C++ macros. The Boo macros operate on the compiler's AST and can query the object model and modify it in very powerful ways. The open compiler architecture makes Boo a language suitable for writing domain specific languages. I doubt that something like this will be implemented in C# though since new compiler features are more likely to break existing implementations. Something I think the C# team are not allowed to do.

Dynamic method invocation and duck typing:

If a class implements the IQuackFu interface in Boo you can call methods on it that are resolved at runtime. This is similar to method missing in ruby. The IQuackFu interface looks like this:

public interface IQuackFu
{
  object QuackGet(string name, object[] parameters);
  object QuackSet(string name, object[] parameters, object value);
  object QuackInvoke(string name, params object[] args);
}

This interface can for example be used as front to an xml document, allowing you to access elements as properties. I think the C# team is actually considering something like this if you are to believe the rumours from the MVP Summit.

Anyone else having ideas or a whish list for C# 4.0?

Posted by Torkel Ödegaard at 8:51 AM 4 comments Links to this post
Labels: , ,
Subscribe to: Posts (Atom)