A common criticism of loosely coupled code is that it’s harder to understand. How do you see the big picture of an application when loose coupling is everywhere? When the entire code base has been programmed against interfaces instead of concrete classes, how do we understand how the objects are wired and how they interact?

In this post, I’ll provide answers on various levels, from high-level architecture over object-oriented principles to more nitty-gritty code. Before I do that, however, I’d like to pose a set of questions you should always be prepared to answer.

Mu

My first reaction to that sort of question is: you say loosely coupled code is harder to understand. Harder than what?

If we are talking about a non-trivial application, odds are that it’s going to take some time to understand the code base – whether or not it’s loosely coupled. Agreed: understanding a loosely coupled code base takes some work, but so does understanding a tightly coupled code base. The question is whether it’s harder to understand a loosely coupled code base?

Imagine that I’m having a discussion about this subject with Mary Rowan from my book.

Mary: “Loosely coupled code is harder to understand.”

Me: “Why do you think that is?”

Mary: “It’s very hard to navigate the code base because I always end up at an interface.”

Me: “Why is that a problem?”

Mary: “Because I don’t know what the interface does.”

At this point I’m very tempted to answer Mu. An interfaces doesn’t do anything – that’s the whole point of it. According to the Liskov Substitution Principle (LSP), a consumer shouldn’t have to care about what happens on the other side of the interface.

However, developers used to tightly coupled code aren’t used to think about services in this way. They are used to navigate the code base from consumer to service to understand how the two of them interact, and I will gladly admit this: in principle, that’s impossible to do in a loosely coupled code base. I’ll return to this subject in a little while, but first I want to discuss some strategies for understanding a loosely coupled code base.

Architecture and Documentation

Yes: documentation. Don’t dismiss it. While I agree with Uncle Bob and like-minded spirits that the code is the documentation, a two-page document that outlines the Big Picture might save you from many hours of code archeology.

The typical agile mindset is to minimize documentation because it tends to lose touch with the code base, but even so, it should be possible to maintain a two-page high-level document so that it stays up to date. Consider the alternative: if you have so much architectural churn that even a two-page overview regularly falls behind, then you’re probably having a greater problem than understanding your loosely coupled code base.

Maintaining such a document isn’t adverse to the agile spirit. You’ll find the same advice in Lean Architecture (p. 127). Don’t underestimate the value of such a document.

See the Forest Instead of the Trees

Understanding a loosely coupled code base typically tends to require a shift of mindset.

Recall my discussion with Mary Rowan. The criticism of loose coupling is that it’s difficult to understand which collaborators are being invoked. A developer like Mary Rowan is used to learn a code base by understanding all the myriad concrete details of it. In effect, while there may be ‘classes’ around, there are no abstractions in place. In order to understand the behavior of a user interface element, it’s necessary to also understand what’s happening in the database – and everything in between.

A loosely coupled code base shouldn’t be like that.

The entire purpose of loose coupling is that we should be able to reason about a part (a ‘unit’, if you will) without understanding the whole.

In a tightly coupled code base, it’s often impossible to see the forest for the trees. Although we developers are good at relating to details, a tightly coupled code base requires us to be able to contain the entire code base in our heads in order to understand it. As the size of the code base grows, this becomes increasingly difficult.

In a loosely coupled code base, on the other hand, it should be possible to understand smaller parts in isolation. However, I purposely wrote “should be”, because that’s not always the case. Often, a so-called “loosely coupled” code base violates basic principles of object-oriented design.

RAP

The criticism that it’s hard to see “what’s on the other side of an interface” is, in my opinion, central. It betrays a mindset which is still tightly coupled.

In many code bases there’s often a single implementation of a given interface, so developers can be forgiven if they think about an interface as only a piece of friction that prevents them from reaching the concrete class on the other side. However, if that’s the case with most of the interfaces in a code base, it signifies a violation of the Reused Abstractions Principle (RAP) more than it signifies loose coupling.

Jim Cooper, a reader of my book, put it quite eloquently on the book’s forum:

“So many people think that using an interface magically decouples their code. It doesn't. It only changes the nature of the coupling. If you don't believe that, try changing a method signature in an interface - none of the code containing method references or any of the implementing classes will compile. I call that coupled”

Refactoring tools aside, I completely agree with this statement. The RAP is a test we can use to verify whether or not an interface is truly reusable – what better test is there than to actually reuse your interfaces?

The corollary of this discussion is that if a code base is massively violating the RAP then it’s going to be hard to understand. It has all the disadvantages of loose coupling with few of the benefits. If that’s the case, you would gain more benefit from making it either more tightly coupled or truly loosely coupled.

What does “truly loosely coupled” mean?

LSP

According to the LSP a consumer must not concern itself with “what’s on the other side of the interface”. It should be possible to replace any implementation with any other implementation of the same interface without changing the correctness of the program.

This is why I previously said that in a truly loosely coupled code base, it isn’t ‘hard’ to understand “what’s on the other side of the interface” – it’s impossible. At design-time, there’s nothing ‘behind’ the interface. The interface is what you are programming against. It’s all there is.

Mary has been listening to all of this, and now she protests:

Mary: “At run-time, there’s going to be a concrete class behind the interface.”

Me (being annoyingly pedantic): “Not quite. There’s going to be an instance of a concrete class which the consumer invokes via the interface it implements.”

Mary: “Yes, but I still need to know which concrete class is going to be invoked.”

Me: “Why?”

Mary: “Because otherwise I don’t know what’s going to happen when I invoke the method.”

This type of answer often betrays a much more fundamental problem in a code base.

CQS

Now we are getting into the nitty-gritty details of class design. What would you expect that the following method does?

public List<Order> GetOpenOrders(Customer customer)

The method name indicates that it gets open orders, and the signature seems to back it up. A single database query might be involved, since this looks a lot like a read-operation. A quick glance at the implementation seems to verify that first impression:

public List<Order> GetOpenOrders(Customer customer)

{

    var orders = GetOrders(customer);

    return (from o in orders

            where o.Status == OrderStatus.Open

            select o).ToList();

}

Is it safe to assume that this is a side-effect-free method call? As it turns out, this is far from the case in this particular code base:

private List<Order> GetOrders(Customer customer)

{

    var gw = new CustomerGateway(this.ConnectionString);

    var orders = gw.GetOrders(customer);

    AuditOrders(orders);

    FixCustomer(gw, orders, customer);

    return orders;

}

The devil is in the details. What does AuditOrders do? And what does FixCustomer do? One method at a time:

private void AuditOrders(List<Order> orders)

{

    var user = Thread.CurrentPrincipal.Identity.ToString();

    var gw = new OrderGateway(this.ConnectionString);

    foreach (var o in orders)

    {

        var clone = o.Clone();

        var ar = new AuditRecord

        {

            Time = DateTime.Now,

            User = user

        };

        clone.AuditTrail.Add(ar);

        gw.Update(clone);

        // We don't want the consumer to see the audit trail.

        o.AuditTrail.Clear();

    }

}

OK, it turns out that this method actually makes a copy of each and every order and updates that copy, writing it back to the database in order to leave behind an audit trail. It also mutates each order before returning to the caller. Not only does this method result in an unexpected N+1 problem, it also mutates its input, and perhaps even more surprising, it’s leaving the system in a state where the in-memory object is different from the database. This could lead to some pretty interesting bugs.

Then what happens in the FixCustomer method? This:

// Fixes the customer status field if there were orders

// added directly through the database.

private static void FixCustomer(CustomerGateway gw,

    List<Order> orders, Customer customer)

{

    var total = orders.Sum(o => o.Total);

    if (customer.Status != CustomerStatus.Preferred

        && total > PreferredThreshold)

    {

        customer.Status = CustomerStatus.Preferred;

        gw.Update(customer);

    }

}

Another potential database write operation, as it turns out – complete with an apology. Now that we’ve learned all about the details of the code, even the GetOpenOrders method is beginning to look suspect. The GetOrders method returns all orders, with the side effect that all orders were audited as having been read by the user, but the GetOpenOrders filters the output. In the end, it turns out that we can’t even trust the audit trail.

While I must apologize for this contrived example of a Transaction Script, it’s clear that when code looks like that, it’s no wonder why developers think that it’s necessary to contain the entire code base in their heads. When this is the case, interfaces are only in the way.

However, this is not the fault of loose coupling, but rather a failure to adhere to the very fundamental principle of Command-Query Separation (CQS). You should be able to tell from the method signature alone whether invoking the method will or will not have side-effects. This is one of the key messages from Clean Code: the method name and signature is an abstraction. You should be able to reason about the behavior of the method from its declaration. You shouldn’t have to read the code to get an idea about what it does.

Abstractions always hide details. Method declarations do too. The point is that you should be able to read just the method declaration in order to gain a basic understanding of what’s going on. You can always return to the method’s code later in order to understand detail, but reading the method declaration alone should provide the Big Picture.

Strictly adhering to CQS goes a long way in enabling you to understand a loosely coupled code base. If you can reason about methods at a high level, you don’t need to see “the other side of the interface” in order to understand the Big Picture.

Stack Traces

Still, even in a loosely coupled code base with great test coverage, integration issues arise. While each class works fine in isolation, when you integrate them, sometimes the interactions between them cause errors. This is often because of incorrect assumptions about the collaborators, which often indicates that the LSP was somehow violated.

To understand why such errors occur, we need to understand which concrete classes are interacting. How do we do that in a loosely coupled code base?

That’s actually easy: look at the stack trace from your error report. If your error report doesn’t include a stack trace, make sure that it’s going to do that in the future.

The stack trace is one of the most important troubleshooting tools in a loosely coupled code base, because it’s going to tell you exactly which classes were interacting when an exception was thrown.

Furthermore, if the code base also adheres to the Single Responsibility Principle and the ideals from Clean Code, each method should be very small (under 15 lines of code). If that’s the case, you can often understand the exact nature of the error from the stack trace and the error message alone. It shouldn’t even be necessary to attach a debugger to understand the bug, but in a pinch, you can still do that.

Tooling

Returning to the original question, I often hear people advocating tools such as IDE add-ins which support navigation across interfaces. Such tools might provide a menu option which enables you to “go to implementation”. At this point it should be clear that such a tool is mainly going to be helpful in code bases that violate the RAP.

(I’m not naming any particular tools here because I’m not interested in turning this post into a discussion about the merits of various specific tools.)

Conclusion

It’s the responsibility of the loosely coupled code base to make sure that it’s easy to understand the Big Picture and that it’s easy to work with. In the end, that responsibility falls on the developers who write the code – not the developer who’s trying to understand it.

SOLID is a set of principles that, if applied consistently, has some surprising effect on code. In a previous post I provided a sketch of what it means to meticulously apply the Single Responsibility Principle. In this article I will describe what happens when you follow the Open/Closed Principle (OCP) to its logical conclusion.

In case a refresher is required, the OCP states that a class should be open for extension, but closed for modification. It seems to me that people often forget the second part. What does it mean?

It means that once implemented, you shouldn’t touch that piece of code ever again (unless you need to correct a bug).

Then how can new functionality be added to a code base? This is still possible through either inheritance or polymorphic recomposition. Since the L in SOLID signifies the Liskov Substitution Principle, SOLID code tends to be based on loosely coupled code composed into an application through copious use of interfaces – basically, Strategies injected into other Strategies and so on (also due to Dependency Inversion Principle). In order to add functionality, you can create new implementations of these interfaces and redefine the application’s Composition Root. Perhaps you’d be wrapping existing functionality in a Decorator or adding it to a Composite.

Once in a while, you’ll stop using an old implementation of an interface. Should you then delete this implementation? What would be the point? At a certain point in time, this implementation was valuable. Maybe it will become valuable again. Leaving it as an potential building block seems a better choice.

Thus, if we think about working with code as a CRUD endeavor, SOLID code can be Created and Read, but never Updated or Deleted. In other words, true SOLID code is append-only code.

Example: Changing AutoFixture’s Number Generation Algorithm

In early 2011 an issue was reported for AutoFixture: Anonymous numbers were created in monotonically increasing sequences, but with separate sequences for each number type:

integers: 1, 2, 3, 4, 5, …

decimals: 1.0, 2.0, 3.0, 4.0, 5.0, …

and so on. However, the person reporting the issue thought it made more sense if all numbers shared a single sequence. After thinking about it a little while, I agreed.

Because the AutoFixture code base is fairly SOLID we decided to leave the old implementations in place and implement the new behavior in new classes.

The old behavior was composed from a set of ISpecimenBuilders. As an example, integers were generated by this class:

public class Int32SequenceGenerator : ISpecimenBuilder

{

    private int i;

    public int CreateAnonymous()

    {

        return Interlocked.Increment(ref this.i);

    }

    public object Create(object request,

        ISpecimenContext context)

    {

        if (request != typeof(int))

        {

            return new NoSpecimen(request);

        }

        return this.CreateAnonymous();

    }

}

Similar implementations generated decimals, floats, doubles, etc. Instead of modifying any of these classes, we left them in the code base and created a new ISpecimenBuilder that generates all numbers from a single sequence:

public class NumericSequenceGenerator : ISpecimenBuilder

{

    private int value;

    public object Create(object request,

        ISpecimenContext context)

    {

        var type = request as Type;

        if (type == null)

            return new NoSpecimen(request);

        return this.CreateNumericSpecimen(type);

    }

    private object CreateNumericSpecimen(Type request)

    {

        var typeCode = Type.GetTypeCode(request);

        switch (typeCode)

        {

            case TypeCode.Byte:

                return (byte)this.GetNextNumber();

            case TypeCode.Decimal:

                return (decimal)this.GetNextNumber();

            case TypeCode.Double:

                return (double)this.GetNextNumber();

            case TypeCode.Int16:

                return (short)this.GetNextNumber();

            case TypeCode.Int32:

                return this.GetNextNumber();

            case TypeCode.Int64:

                return (long)this.GetNextNumber();

            case TypeCode.SByte:

                return (sbyte)this.GetNextNumber();

            case TypeCode.Single:

                return (float)this.GetNextNumber();

            case TypeCode.UInt16:

                return (ushort)this.GetNextNumber();

            case TypeCode.UInt32:

                return (uint)this.GetNextNumber();

            case TypeCode.UInt64:

                return (ulong)this.GetNextNumber();

            default:

                return new NoSpecimen(request);

        }

    }

    private int GetNextNumber()

    {

        return Interlocked.Increment(ref this.value);

    }

}

Adding a new class in itself has no effect, so in order to recompose the default behavior of AutoFixture, we changed a class called DefaultPrimitiveBuilders by removing the old ISpecimenBuilders like Int32SequenceGenerator and instead adding NumericSequenceGenerator:

yield return new StringGenerator(() => 

    Guid.NewGuid());

yield return new ConstrainedStringGenerator();

yield return new StringSeedRelay();

yield return new NumericSequenceGenerator();

yield return new CharSequenceGenerator();

yield return new RangedNumberGenerator();

// even more builders...

NumericSequenceGenerator is the fourth class being yielded here. Before we added NumericSequenceGenerator, this class instead yielded Int32SequenceGenerator and similar classes. These were removed.

The DefaultPrimitiveBuilders class is part of AutoFixture’s default Facade and is the closest we get to a Composition Root for the library. Recomposing this Facade enabled us to change the behavior of AutoFixture without modifying (other) existing classes.

As Enrico (who implemented this change) points out, the beauty is that the previous behavior is still in the box, and all it takes is a single method call to bring it back:

var fixture = new Fixture().Customize(

    new NumericSequencePerTypeCustomization());

The only class we had to modify was the DefaultPrimitiveBuilders, which is where the object graph is composed. In applications this corresponds to the Composition Root, so even in the face of SOLID code, you still need to modify the Composition Root in order to recompose the application. However, use of a good DI Container and a strong set of conventions can do much to minimize the required editing of such a class.

SOLID versus Refactoring

SOLID is a goal I strive towards in the way I write code and design APIs, but I don’t think I’ve ever written a significant code base which is perfectly SOLID. While I consider AutoFixture a ‘fairly’ SOLID code base, it’s not perfect, and I’m currently performing some design work in order to change some abstractions for version 3.0. This will require changing some of the existing types and thereby violating the OCP.

It’s worth noting that as long as you can stick with the OCP you can avoid introducing breaking changes. A breaking change is also an OCP violation, so adhering to the OCP is more than just an academic exercise – particularly if you write reusable libraries.

Still, while none of my code is perfect and I occasionally have to refactor, I don’t refactor much. By definition, refactoring means violating the OCP, and while I have nothing against refactoring code when it’s required, I much prefer putting myself in a situation where it’s rarely necessary in the first place.

I’ve often been derided for my lack of use of Resharper. When replying that I have little use for Resharper because I write SOLID code and thus don’t do much refactoring, I’ve been ridiculed for being totally clueless. People don’t realize the intimate relationship between SOLID and refactoring. I hope this post has helped highlight that connection.

Here’s a question I often get:

“Should I test my DI Container configuration?”

The motivation for asking mostly seems to be that people want to know whether or not their applications are correctly wired. That makes sense.

A related question I also often get is whether or not a particular container has a self-test feature? In this post I’ll attempt to answer both questions.

Container Self-testing

Some DI Containers have a method you can invoke to make it perform a consistency check on itself. As an example, StructureMap has the AssertConfigurationIsValid method that, according to documentation does “a full environment test of the configuration of [the] container.” It will “try to create every configured instance [...]”

Calling the method is really easy:

container.AssertConfigurationIsValid();

Such a self-test can often be an expensive operation (not only for StructureMap, but in general) because it’s basically attempting to create an instance of each and every Service registered in the container. If the configuration is large, it’s going to take some time, but it’s still going to be faster than performing a manual test of the application.

Two questions remain: Is it worth invoking this method? Why don’t all containers have such a method?

The quick answer is that such a method is close to worthless, which also explains why many containers don’t include one.

To understand the answer, consider the set of all components contained in the container in this figure:

The container contains the set of components IFoo, IBar, IBaz, Foo, Bar, Baz, and Qux so a self-test will try to create a single instance of each of these seven types. If all seven instances can be created, the test succeeds.

All this accomplishes is to verify that the configuration is internally consistent. Even so, an application could require instances of the ICorge, Corge or Grault types which are completely external to the configuration, in which case resolution would fail.

Even more subtly, resolution would also fail whenever the container is queried for an instance of IQux, since this interface isn’t part of the configuration, even though it’s related to the concrete Qux type which is registered in the container. A self-test only verifies that the concrete Qux class can be resolved, but it never attempts to create an instance of the IQux interface.

In short, the fact that a container’s configuration is internally consistent doesn’t guarantee that all services required by an application can be served.

Still, you may think that at least a self-test can constitute an early warning system: if the self-test fails, surely it must mean that the configuration is invalid? Unfortunately, that’s not true either.

If a container is being configured using Auto-registration/Convention over Configuration to scan one or more assemblies and register certain types contained within, chances are that ‘too many’ types will end up being registered – particularly if one or more of these assemblies are reusable libraries (as opposed to application-specific assemblies). Often, the number of redundant types added is negligible, but they may make the configuration internally inconsistent. However, if the inconsistency only affects the redundant types, it doesn’t matter. The container will still be able to resolve everything the current application requires.

Thus, a container self-test method is worthless.

Then how can the container configuration be tested?

Explicit Testing of Container Configuration

Since a container self-test doesn’t achieve the desired goal, how can we ensure that an application can be composed correctly?

One option is to write an automated integration test (not a unit test) for each service that the application requires. Still, if done manually, you run the risk of forgetting to write a test for a specific service. A better option is to come up with a convention so that you can identify all the services required by a specific application, and then write a convention-based test to verify that the container can resolve them all.

Will this guarantee that the application can be correctly composed?

No, it only guarantees that it can be composed – not that this composition is correct.

Even when a composed instance can be created for each and every service, many things may still be wrong:

• Composition is just plain wrong:
  • Decorators may be missing
  • Decorators may have been added in the wrong order
  • The wrong services are injected into consumers (this is more likely to happen when you follow the Reused Abstractions Principle, since there will be multiple concrete implementations of each interface)
• Configuration values like connection strings and such are incorrect – e.g. while a connection string is supplied to a constructor, it may not contain the correct values.
• Even if everything is correctly composed, the run-time environment may prevent the application from working. As an example, even if an injected connection string is correct, there may not be any connection to the database due to network or security misconfiguration.

In short, a Subcutaneous Test or full System Test is the only way to verify that everything is correctly wired. However, if you have good test coverage at the unit test level, a series of Smoke Tests is all that you need at the System Test level because in general you have good reason to believe that all behavior is correct. The remaining question is whether all this correct behavior can be correctly connected, and that tends to be an all-or-nothing proposition.

Conclusion

While it would be possible to write a set of convention-based integration tests to verify the configuration of a DI Container, the return of investment is too low since it doesn’t remove the need for a set of Smoke Tests at the System Test level.

Recently I received a question from Kelly Sommers about good ways to refactor away from Factory Overload. Basically, she’s working in a code base where there’s an explosion of Abstract Factories which seems to be counter-productive. In this post I’ll take a look at the example problem and propose a set of alternatives.

An Abstract Factory (and its close relative Product Trader) can serve as a solution to various challenges that come up when writing loosely coupled code (chapter 6 of my book describes the most common scenarios). However, introducing an Abstract Factory may be a leaky abstraction, so don’t do it blindly. For example, an Abstract Factory is rarely the best approach to address lifetime management concerns. In other words, the Abstract Factory has to make sense as a pure model element.

That’s not the case in the following example.

Problem Statement

The question centers around a code base that integrates with a database closely guarded by DBA police. Apparently, every single database access must happen through a set of very fine-grained stored procedures.

For example, to update the first name of a user, a set of stored procedures exist to support this scenario, depending on the context of the current application user:

As this table demonstrates, not only is there a stored procedure for each user context, but the parameter name differs as well. However, in this particular case it seems as though there’s a pattern to the names.

If this pattern is consistent, I think the easiest way to address these variations would be to algorithmically build the strings from a couple of templates.

However, this is not the route taken by Kelly’s team, so I assume that things are more complicated than that; apparently, a templated approach is not viable, so for the rest of  this article I’m going to assume that it’s necessary to write at least some code to address each case individually.

The current solution that Kelly’s team has implemented is to use an Abstract Factory (Product Trader) to translate the user type into an appropriate IUserFirstNameModifier instance. From the consuming code, it looks like this:

var modifier = factory.Create(UserTypes.Admin);

modifier.Commit("first");

where the factory variable is an instance of the IUserFirstNameModifierFactory interface. This is certainly loosely coupled, but looks like a leaky abstraction. Why is a factory needed? It seems that its single responsibility is to translate a UserTypes instance (an enum) into an IUserFirstNameModifier. There’s a code smell buried here – try to spot it before you read on :)

Proposed Solution

Kelly herself suggests an alternative involving a concrete Builder which can create instances of a single concrete UserFirstNameModifier with or without an implicit conversion:

// Implicit conversion.

UserFirstNameModifier modifier1 = 

    builder.WithUserType(UserTypes.Guest);

// Without implicit conversion.

var modifier2 = builder

    .WithUserType(UserTypes.Restricted)

    .Create();

While this may seem to reduce the number of classes involved, it has several drawbacks:

• First of all, the Fluent Builder pattern implies that you can forgo invoking any of the WithXyz methods (WithUserType) and just accept all the default values encapsulated in the builder. This again implies that there’s a default user type, which may or may not make sense in that particular domain. Looking at Kelly’s code, UserTypes is an enum (and thus has a default value), so if WithUserType isn’t invoked, the Create method defaults to UserTypes.Admin. That’s a bit too implicit for my taste.
• Since all involved classes are now concrete, the proposed solution isn’t extensibile (and by corollary hard to unit test).
• The builder is essentially a big switch statement.

Both the current implementation and the proposed solution involves passing an enum as a method parameter to a different class. If you’ve read and memorized Refactoring you should by now have recognized both a code smell and the remedy.

Alternative 1a: Make UserType Polymorphic

The code smell is Feature Envy and a possible refactoring is to replace the enum with a Strategy. In order to do that, an IUserType interface is introduced:

public interface IUserType

{

    IUserFirstNameModifer CreateUserFirstNameModifier();

}

Usage becomes as simple as this:

var modifier = userType.CreateUserFirstNameModifier();

Obviously, more methods can be added to IUserType to support other update operations, but care should be taken to avoid creating a Header Interface.

While this solution is much more object-oriented, I’m still not quite happy with it, because apparently, the context is a CQRS style architecture. Since an update operation is essentially a Command, then why model the implementation along the lines of a Query? Both Abstract Factory and Factory Method patterns represent Queries, so it seems redundant in this case. It should be possible to apply the Hollywood Principle here.

Alternative 1b: Tell, Don’t Ask

Why have the user type return an modifier? Why can’t it perform the update itself? The IUserType interface should be changed to something like this:

public interface IUserType

{

    void CommitUserFirtName(string firstName);

}

This makes it easier for the consumer to commit the user’s first name because it can be done directly on the IUserType instance instead of first creating the modifier.

It also makes it much easier to unit test the consumer because there’s no longer a mix of Command and Queries within the same method. From Growing Object-Oriented Software we know that Queries should be modeled with Stubs and Commands with Mocks, and if you’ve ever tried mixing the two you know that it’s a sort of interaction that should be minimized.

Alternative 2a: Distinguish by Type

While I personally like alternative 1b best, it may not be practical in all situations, so it’s always valuable to examine other alternatives.

The root cause of the problem is that there’s a lot of stored procedures. I want to reiterate that I still think that the absolutely easiest solution would be to generate a SqlCommand from a string template, but given that this article assumes that this isn’t possible or desirable, it follows that code must be written for each stored procedure.

Why not simply define an interface for each one? As an example, to update the user’s first name in the context of being an ‘Admin’ user, this Role Interface can be used:

public interface IUserFirstNameAdminModifier

{

    void Commit(string firstName);

}

Similar interfaces can be defined for the other user types, such as IUserFirstNameRestrictedModifier, IUserFirstNameGuestModifier and so on.

This is a very simple solution; it’s easy to implement, but risks violating the Reused Abstractions Principle (RAP).

Alternative 2b: Distinguish by Generic Type

The problem with introducing interfaces like IUserFirstNameAdminModifier, IUserFirstNameRestrictedModifier, IUserFirstNameGuestModifier etc. is that they differ only by name. The Commit method is the same for all these interfaces, so this seems to violate the RAP. It’d be better to merge all these interfaces into a single interface, which is what Kelly’s team is currently doing. However, the problem with this is that the type carries no information about the role that the modifier is playing.

Another alternative is to turn the modifier interface into a generic interface like this:

public interface IUserFirstNameModifier<T> 

    where T : IUserType

{

    void Commit(string firstName);

}

The IUserType is a Marker Interface, so .NET purists are not going to like this solution, since the .NET Type Design Guidelines recommend against using Marker Interfaces. However, it’s impossible to constrain a generic type argument against an attribute, so the party line solution is out of the question.

This solution ensures that consumers can now have dependencies on IUserFirstNameModifier<AdminUserType>, IUserFirstNameModifier<RestrictedUserType>, etc.

However, the need for a marker interface gives off another odeur.

Alternative 3: Distinguish by Role

The problem at the heart of alternative 2 is that it attempts to use the type of the interfaces as an indicator of the roles that Services play. It’s seems that making the type distinct works against the RAP, but when the RAP is applied, the type becomes ambiguous.

However, as Ted Neward points out in his excellent series on Multiparadigmatic .NET, the type is only one axis of variability among many. Perhaps, in this case, it may be much easier to use the name of the dependency to communicate its role instead of the type.

Given a single, ambiguous IUserFirstNameModifier interface (just as in the original problem statement), a consumer can distinguish between the various roles of modifiers by their names:

public partial class SomeConsumer

{

    private readonly IUserFirstNameModifier adminModifier;

    private readonly IUserFirstNameModifier guestModifier;

    public SomeConsumer(

        IUserFirstNameModifier adminModifier,

        IUserFirstNameModifier guestModifier)

    {

        this.adminModifier = adminModifier;

        this.guestModifier = guestModifier;

    }

    public void DoSomething()

    {

        if (this.UseAdmin)

            this.adminModifier.Commit("first");

        else

            this.guestModifier.Commit("first");

    }

}

Now it’s entirely up to the Composition Root to compose SomeConsumer with the correct modifiers, and while this can be done manually, it’s an excellent case for a DI Container and a bit of Convention over Configuration.

Conclusion

I’m sure that if I’d spent more time analyzing the problem I could have come up with more alternatives, but this post is becoming long enough already.

Of the alternatives I’ve suggested here, I prefer 1b or 3, depending on the exact requirements.

Asynchronous message passing combined with eventual consistency makes it possible to build very scalable systems. However, sometimes eventual consistency isn’t appropriate in parts of the system, while it’s acceptable in other parts. How can a consistent architecture be defined to fit both ACID and eventual consistency? This article provides an answer.

The case of an online game

Last week I visited Pixel Pandemic, a company that produces browser-based MMORPGs. Since each game world has lots of players who can all potentially interact with each other, scalability is very important.

In traditional line of business applications, eventual consistency is often an excellent fit because the application is a projection of the real world. My favorite example is an inventory system: it models what’s going on in one or more physical warehouses, but the real world is the ultimate source of truth. A warehouse worker might accidentally drop and damage some of the goods, in which case the application must adjust after the fact.

In other words, the information contained within line of business applications tend to lag after the real world. It’s impossible to guarantee that the application is always consistent with the real world, so eventual consistency is a natural fit.

That’s not the case with an online game world. The game world itself is the source of truth, and it must be internally consistent at all times. As an example, in Zombie Pandemic, players fight against zombies and may take damage along the way. Players can heal themselves, but they would prefer (I gather) that the healing action takes place immediately, and not some time in the future where the character might be dead. Similarly, when a player hits a zombie, they’d prefer to apply the damage immediately. (However, I think that even here, eventual consistency might provide some interesting game mechanics, but that’s another discussion.)

While discussing these matters with the nice people in Pixel Pandemic, it turned out that while some parts of the game world have to be internally consistent, it’s perfectly acceptable to use eventual consistency in other cases. One example is the game’s high score table. While a single player should have a consistent view of his or her own score, it’s acceptable if the high score table lags a bit.

At this point it seemed clear that this particular online game could use an appropriate combination of ACID and eventual consistency, and I think this conclusion can be generalized. The question now becomes: how can a consistent architecture encompass both types of consistency?

Problem statement

With the above example scenario in mind the problem statement can be generalized:

Given that an application should apply a mix of ACID and eventual consistency, how can a consistent architecture be defined?

Keep in mind that ACID consistency implies that all writes to a transactional resource must take place as a blocking method call. This seems to be at odds with the concept of asynchronous message passing that works so well with eventual consistency.

However, an application architecture where blocking ACID calls are fundamentally different than asynchronous message passing isn’t really an architecture at all. Developers will have to decide up-front whether or not a given operation is or isn’t synchronous, so the ‘architecture’ offers little implementation guidance. The end result is likely to be a heterogeneous mix of Services, Repositories, Units of Work, Message Channels, etc. A uniform principle will be difficult to distill, and the whole thing threatens to devolve into Spaghetti Code.

The solution turns out to be not at all difficult, but it requires that we invert our thinking a bit. Most of us tend to think about synchronous code first. When we think about code performing synchronous work it seems difficult (perhaps even impossible) to retrofit asynchrony to that model. On the other hand, the converse isn’t true.

Given an asynchronous API, it’s trivial to provide a synchronous, blocking implementation.

Adopting an architecture based on asynchronous message passing (the Pipes and Filters architecture) enables both scenarios. Eventual consistency can be achieved by passing messages around on persistent queues, while ACID consistency can be achieved by handling a message in a blocking call that enlists a (potentially distributed) transaction.

An example seems to be in order here.

Example: keeping score

In the online game world, each player accumulates a score based on his or her actions. From the perspective of the player, the score should always be consistent. When you defeat the zombie boss, you want to see the result in your score right away. That sounds an awful lot like the Player is an Aggregate Root and the score is part of that Entity. ACID consistency is warranted whenever the Player is updated.

On the other hand, each time a score changes it may influence the high score table, but this doesn’t need to be ACID consistent; eventual consistency is fine in this case.

Once again, polymorphism comes to the rescue.

Imagine that the application has a GameEngine class that handles updates in the game. Using an injected IChannel<PointsChangedEvent> it can update the score for a player as simple as this:

/* Lots of other interesting things happen

    * here, like calculating the new score... */

var cmd =

    new ScoreChangedEvent(this.playerId, score);

this.pointsChannel.Send(cmd);

The Send method returns void, so it’s a good example of a naturally asynchronous API. However, the implementation must do two things:

• Update the Player Aggregate Root in a transaction
• Update the high score table (eventually)

That’s two different types of consistency within the same method call.

The first step to enable this is to employ the trusty old Composite design pattern:

public class CompositeChannel<T> : IChannel<T>

{

    private readonly IEnumerable<IChannel<T>> channels;

    public CompositeChannel(params IChannel<T>[] channels)

    {

        this.channels = channels;

    }

    public void Send(T message)

    {

        foreach (var c in this.channels)

        {

            c.Send(message);

        }

    }

}

With a Composite channel it’s possible to compose a polymorphic mix of IChannel<T> implementations, some blocking and some asynchronous.

ACID write

To update the Player Aggregate Root a simple Adapter writes the event to a persistent data store. This could be a relational database, a document database, a REST resource or something else – it doesn’t really matter exactly which technology is used.

public class PlayerStoreChannel : 

    IChannel<ScoreChangedEvent>

{

    private readonly IPlayerStore store;

    public PlayerStoreChannel(IPlayerStore store)

    {

        this.store = store;

    }

    public void Send(ScoreChangedEvent message)

    {

        this.store.Save(message.PlayerId, message);

    }

}

The important thing to realize is that the IPlayerStore.Save method will be a blocking method call – perhaps wrapped in a distributed transaction. This ensures that updates to the Player Aggregate Root always leave the data store in a consistent state. Either the operation succeeds or it fails during the method call itself.

This takes care of the ACID consistent write, but the application must also update the high score table.

Asynchronous write

Since eventual consistency is acceptable for the high score table, the message can be transmitted over a persistent queue to be picked up by a background process.

A generic class can server as an Adapter over an IQueue abstraction:

public class QueueChannel<T> : IChannel<T>

{

    private readonly IQueue queue;

    private readonly IMessageSerializer serializer;

    public QueueChannel(IQueue queue,

        IMessageSerializer serializer)

    {

        this.queue = queue;

        this.serializer = serializer;

    }

    public void Send(T message)

    {

        this.queue.Enqueue(

            this.serializer.Serialize(message));

    }

}

Obvously, the Enqueue method is another void method. In the case of a persistent queue, it’ll block while the message is being written to the queue, but that will tend to be a fast operation.

Composing polymorphic consistency

Now all the building blocks are available to compose both channel implementations into the GameEngine via the CompositeChannel. That might look like this:

var playerConnString = ConfigurationManager

    .ConnectionStrings["player"].ConnectionString;

var gameEngine = new GameEngine(

    new CompositeChannel<ScoreChangedEvent>(

        new PlayerStoreChannel(

            new DbPlayerStore(playerConnString)),

        new QueueChannel<ScoreChangedEvent>(

            new PersistentQueue("messageQueue"),                        

            new JsonSerializer())));

When the Send method is invoked on the channel, it’ll first invoke a blocking call that ensures ACID consistency for the Player, followed by asynchronous message passing for eventual consistency in other parts of the application.

Conclusion

Even when parts of an application must be implemented in a synchronous fashion to ensure ACID consistency, an architecture based on asynchronous message passing provides a flexible foundation that enables you to polymorphically mix both kinds of consistency in a single method call. From the perspective of the application layer, this provides a consistent and uniform architecture because all mutating actions are modeled as commands end events encapsulated in messages.

Soon after I posted my previous blog post on message dispatching without Service Location I received an email from Jeff Saunders with some great observations. Jeff has been so kind to allow me to quote his email here on the blog, so here it is:

“I enjoyed your latest blog post about message dispatching. I have to ask, though: why do we want weakly-typed messages? Why can't we just inject an appropriate IConsumer<T> into our services - they know which messages they're going to send or receive.

“A really good example of this is ISubject<T> from Rx. It implements both IObserver<T> (a message consumer) and IObservable<T> (a message producer) and the default implementation Subject<T> routes messages directly from its IObserver side to its IObservable side.

“We can use this with DI quite nicely - I have written an example in .NET Pad: http://dotnetpad.net/ViewPaste/woTkGk6_GEq3P9xTVEJYZg#c9,c26,

“The good thing about this is that we now have access to all of the standard LINQ query operators and the new ones added in Rx, so we can use a select query to map messages between layers, for instance.

“This way we get all the benefits of a weakly-typed IChannel interface, with the added advantages of strong typing for our messages and composability using Rx.

“One potential benefit of weak typing that could be raised is that we can have just a single implementation for IChannel, instead of an ISubject<T> for each message type. I don't think this is really a benefit, though, as we may want different propagation behaviour for each message type - there are other implementations of ISubject<T> that call consumers asynchronously, and we could pass any IObservable<T> or IObserver<T> into a service for testing purposes.”

These are great observations and I think that Rx holds much promise in this space. Basically you can say that in CQRS-style architectures we’re already pushing events (and commands) around, so why not build upon what the framework offers?

Even if you find the IObserver<T> interface a bit too clunky with its OnNext, OnError and OnCompleted methods compared to the strongly typed IConsumer<T> interface, the question still remains: why do we want weakly-typed messages?

We don’t, necessarily. My previous post wasn’t meant as a particular endorsement of a weakly typed messaging channel. It was more an observation that I’ve seen many variations of this IChannel interface:

public interface IChannel

{

    void Send<T>(T message);

}

The most important thing I wanted to point out was that while the generic type argument may create the illusion that this is a strongly typed method, this is all it is: an illusion. IChannel isn’t strongly typed because you can invoke the Send method with any type of message – and the code will still compile. This is no different than the mechanical distinction between a Service Locator and an Abstract Factory.

Thus, when defining a channel interface I normally prefer to make this explicit and instead model it like this:

public interface IChannel

{

    void Send(object message);

}

This achieves exactly the same and is more honest.

Still, this doesn’t really answer Jeff’s question: is this preferable to one or more strongly typed IConsumer<T> dependencies?

Any high-level application entry point that relies on a weakly typed IChannel can get by with a single IChannel dependency. This is flexible, but (just like with Service Locator), it might hide that the client may have (or (d)evolve) too many responsibilities.

If, instead, the client would rely on strongly typed dependencies it becomes much easier to see if/when it violates the Single Responsibility Principle.

In conclusion, I’d tend to prefer strongly typed Datatype Channels instead of a single weakly typed channel, but one shouldn’t underestimate the flexibility of a general-purpose channel either.

Once upon a time I wrote a blog post about why Service Locator is an anti-pattern, and ever since then, I occasionally receive rebuffs from people who agree with me in principle, but think that, still: in various special cases (the argument goes), Service Locator does have its uses.

Most of these arguments actually stem from mistaking the mechanics for the role of a Service Locator. Still, once in a while a compelling argument seems to come my way. One of the most insistent arguments concerns message dispatching – a pattern which is currently gaining in prominence due to the increasing popularity of CQRS, Domain Events and kindred architectural styles.

In this article I’ll first provide a quick sketch of the scenario, followed by a typical implementation based on a ‘Service Locator’, and then conclude by demonstrating why a Service Locator isn’t necessary.

Scenario: Message Dispatching

Appropriate use of message dispatching internally in an application can significantly help decouple the code and make roles explicit. A common implementation utilizes a messaging interface like this one:

public interface IChannel

{

    void Send<T>(T message);

}

Personally, I find that the generic typing of the Send method is entirely redundant (not to mention heavily reminiscent of the shape of a Service Locator), but it’s very common and not particularly important right now (but more about that later).

An application might use the IChannel interface like this:

var registerUser = new RegisterUserCommand(

    Guid.NewGuid(),

    "Jane Doe",

    "password",

    "jane@ploeh.dk");

this.channel.Send(registerUser);

// ...

var changeUserName = new ChangeUserNameCommand(

    registerUser.UserId,

    "Jane Ploeh");

this.channel.Send(changeUserName);

// ...

var resetPassword = new ResetPasswordCommand(

    registerUser.UserId);

this.channel.Send(resetPassword);

Obviously, in this example, the channel variable is an injected instance of the IChannel interface.

On the receiving end, these messages must be dispatched to appropriate consumers, which must all implement this interface:

public interface IConsumer<T>

{

    void Consume(T message);

}

Thus, each of the command messages in the example have a corresponding consumer:

public class RegisterUserConsumer : IConsumer<RegisterUserCommand>

public class ChangeUserNameConsumer : IConsumer<ChangeUserNameCommand>

public class ResetPasswordConsumer : IConsumer<ResetPasswordCommand>

This certainly is a very powerful pattern, so it’s often used as an argument to prove that Service Locator is, after all, not an anti-pattern.

Message Dispatching using a DI Container

In order to implement IChannel it’s necessary to match messages to their appropriate consumers. One easy way to do this is by employing a DI Container. Here’s an example that uses Autofac to implement IChannel, but any other container would do as well:

private class AutofacChannel : IChannel

{

    private readonly IComponentContext container;

    public AutofacChannel(IComponentContext container)

    {

        if (container == null)

            throw new ArgumentNullException("container");

        this.container = container;

    }

    public void Send<T>(T message)

    {

        var consumer = this.container.Resolve<IConsumer<T>>();

        consumer.Consume(message);

    }

}

This class is an Adapter from Autofac’s IComponentContext interface to the IChannel interface. At this point I can always see the “Q.E.D.” around the corner: “look! Service Locator isn’t an anti-pattern after all! I’d like to see you implement IChannel without a Service Locator.”

While I’ll do the latter in just a moment, I’d like to dwell on the DI Container-based implementation for a moment.

• Is it simple? Yes.
• Is it flexible? Yes, although it has shortcomings.
• Would I use it like this? Perhaps. It depends :)
• Is it the only way to implement IChannel? No – see the next section.
• Does it use a Service Locator? No.

While AutofacChannel uses Autofac (a DI Container) to implement the functionality, it’s not (necessarily) a Service Locator in action. This was the point I already tried to get across in my previous post about the subject: just because its mechanics look like Service Locator it doesn’t mean that it is one. In my implementation, the AutofacChannel class is a piece of pure infrastructure code. I even made it a private nested class in my Composition Root to underscore the point. The container is still not available to the application code, so is never used in the Service Locator role.

One of the shortcomings about the above implementations is that it provides no fallback mechanism. What happens if the container can’t resolve the matching consumer? Perhaps there isn’t a consumer for the message. That’s entirely possible because there are no safeguards in place to ensure that there’s a consumer for every possibly message.

The shape of the Send method enables the client to send any conceivable message type, and the code still compiles even if no consumer exists. That may look like a problem, but is actually an important insight into implementing an alternative IChannel class.

Message Dispatching using weakly typed matching

Consider the IChannel.Send method once again:

void Send<T>(T message);

Despite its generic signature it’s important to realize that this is, in fact, a weakly typed method (at least when used with type inferencing, as in the above example). Equivalently to a bona fide Service Locator, it’s possible for a developer to define a new class (Foo) and send it – and the code still compiles:

this.channel.Send(new Foo());

However, at run-time, this will fail because there’s no matching consumer. Despite the generic signature of the Send method, it contains no type safety. This insight can be used to implement IChannel without a DI Container.

Before I go on I should point out that I don’t consider the following solution intrinsically superior to using a DI Container. However, readers of my book will know that I consider it a very illuminating exercise to try to implement everything with Poor Man’s DI once in a while.

Using Poor Man’s DI often helps unearth some important design elements of DI because it helps to think about solutions in terms of patterns and principles instead of in terms of technology.

However, once I have arrived at an appropriate conclusion while considering Poor Man’s DI, I still tend to prefer mapping it back to an implementation that involves a DI Container.

Thus, the purpose of this section is first and foremost to outline how message dispatching can be implemented without relying on a Service Locator.

While this alternative implementation isn’t allowed to change any of the existing API, it’s a pure implementation detail to encapsulate the insight about the weakly typed nature of IChannel into a similarly weakly typed consumer interface:

private interface IConsumer

{

    void Consume(object message);

}

Notice that this is a private nested interface of my Poor Man’s DI Composition Root – it’s a pure implementation detail. However, given this private interface, it’s now possible to implement IChannel like this:

private class PoorMansChannel : IChannel

{

    private readonly IEnumerable<IConsumer> consumers;

    public PoorMansChannel(params IConsumer[] consumers)

    {

        this.consumers = consumers;

    }

    public void Send<T>(T message)

    {

        foreach (var c in this.consumers)

            c.Consume(message);

    }

}

Notice that this is another private nested type that belongs to the Composition Root. It loops though all injected consumers, so it’s up to each consumer to decide whether or not to do anything about the message.

A final private nested class bridges the generically typed world with the weakly typed world:

private class Consumer<T> : IConsumer

{

    private readonly IConsumer<T> consumer;

    public Consumer(IConsumer<T> consumer)

    {

        this.consumer = consumer;

    }

    public void Consume(object message)

    {

        if (message is T)

            this.consumer.Consume((T)message);

    }

}

This generic class is another Adapter – this time adapting the generic IConsumer<T> interface to the weakly typed (private) IConsumer interface. Notice that it only delegates the message to the adapted consumer if the type of the message matches the consumer.

Each implementer of IConsumer<T> can be wrapped in the (private) Consumer<T> class and injected into the PoorMansChannel class:

var channel = new PoorMansChannel(

    new Consumer<ChangeUserNameCommand>(

        new ChangeUserNameConsumer(store)),

    new Consumer<RegisterUserCommand>(

        new RegisterUserConsumer(store)),

    new Consumer<ResetPasswordCommand>(

        new ResetPasswordConsumer(store)));

So there you have it: type-based message dispatching without a DI Container in sight. However, it would be easy to use convention-based configuration to scan an assembly and register all IConsumer<T> implementations and wrap them in Consumer<T> instances and use this list to compose a PoorMansChannel instance. However, I will leave this as an exercise to the reader (or a later blog post).

My claim still stands

In conclusion, I find that I can still defend my original claim: Service Locator is an anti-pattern.

That claim, by the way, is falsifiable, so I do appreciate that people take it seriously enough by attempting to disprove it. However, until now, I’ve yet to be presented with a scenario where I couldn’t come up with a better solution that didn’t involve a Service Locator.

Keep in mind that a Service Locator is defined by the role it plays – not the shape of the API.

It’s time to take a step back from the whole debate about whether or not Service Locator is, or isn’t, an anti-pattern. It remains my strong belief that it’s an anti-pattern, while others disagree. Although everyone is welcome to think differently than me, I’ve noticed that some of the arguments being put forth in defense of Service Locator seem very convincing. However, I believe that in those cases we no longer talk about Service Locator, but something that looks an awful lot like it.

Some APIs are easy to confuse with a ‘real’ Service Locator. It probably doesn’t help that last year I published an article on how to tell the difference between a Service Locator and an Abstract Factory. In this article I may have focused too much on the mechanics of Service Locator, but as Derick Bailey was so kind to point out, this hides the role the API might play.

To repeat that earlier post, a Service Locator looks like this:

public interface IServiceLocator

{

    T Create<T>(object context);

}

All Service Locators I’ve seen so far look like that, or some variation thereof, but that doesn’t mean that the relationship is transitive. Just because an API looks like that it doesn’t automatically means that it’s a Service Locator.

If it was, all DI containers would be Service Locators. As an example, here’s Castle Windsor’s Resolve method:

public T Resolve<T>()

Even AutoFixture has an API like that:

MyClass sut = fixture.CreateAnonymous<MyClass>();

It has never been my intention to denounce every single DI container available, as well as my own open source framework. Service Locator is ultimately not identified by the mechanics of its API, but by the role it plays.

A DI container encapsulated in a Composition Root is not a Service Locator – it’s an infrastructure component.

It becomes a Service Locator if used incorrectly: when application code (as opposed to infrastructure code) actively queries a service in order to be provided with required dependencies, then it has become a Service Locator.

Service Locators are spread thinly and pervasively throughout a code base – that is just as much a defining characteristic.

In my book I describe the Composition Root pattern in chapter 3. This post serves as a summary description of the pattern.

The Constructor Injection pattern is easy to understand until a follow-up question comes up:

Where should we compose object graphs?

It’s easy to understand that each class should require its dependencies through its constructor, but this pushes the responsibility of composing the classes with their dependencies to a third party. Where should that be?

It seems to me that most people are eager to compose as early as possible, but the correct answer is:

As close as possible to the application’s entry point.

This place is called the Composition Root of the application and defined like this:

A Composition Root is a (preferably) unique location in an application where modules are composed together.

This means that all the application code relies solely on Constructor Injection (or other injection patterns), but is never composed. Only at the entry point of the application is the entire object graph finally composed.

The appropriate entry point depends on the framework:

• In console applications it’s the Main method
• In ASP.NET MVC applications it’s global.asax and a custom IControllerFactory
• In WPF applications it’s the Application.OnStartup method
• In WCF it’s a custom ServiceHostFactory
• etc.

(you can read more about framework-specific Composition Roots in chapter 7 of my book.)

The Composition Root is an application infrastructure component.

Only applications should have Composition Roots. Libraries and frameworks shouldn’t.

The Composition Root can be implemented with Poor Man’s DI, but is also the (only) appropriate place to use a DI Container.

A DI Container should only be referenced from the Composition Root. All other modules should have no reference to the container.

Using a DI Container is often a good choice. In that case it should be applied using the Register Resolve Release pattern entirely from within the Composition Root.

Read more in Dependency Injection in .NET.

Developers exposed to ASP.NET are likely to be familiar with the so-called Provider pattern. You see it a lot in that part of the BCL: Role Provider, Membership Provider, Profile Provider, etc. Lots of text has already been written about Providers, but the reason I want to add yet another blog post on the topic is because once in a while I get the question on how it relates to Dependency Injection (DI).

Is Provider a proper way to do DI?

No, it has nothing to do with DI, but as it tries to mimic loose coupling I can understand the confusion.

First things first. Let’s start with the name. Is it a pattern at all? Regular readers of this blog may get the impression that I’m fond of calling everything and the kitchen sink an anti-pattern. That’s not true because I only make that claim when I’m certain I can hold that position, so I’m not going to denounce Provider as an anti-pattern. On the contrary I will make the claim that Provider is not a pattern at all.

A design pattern is not invented – it’s discovered as a repeated solution to a commonly recurring problem. Providers, on the other hand, were invented by Microsoft, and I’ve rarely seen them used outside their original scope. Secondly I’d also dispute that they solve anything.

That aside, however, I want to explain why Provider is bad design:

• It uses the Constrained Construction anti-pattern
• It hides complexity
• It prevents proper lifetime management
• It’s not testable

In the rest of this post I will explain each point in detail, but before I do that we need an example to look at. The old OrderProcessor example suffices, but instead of injecting IOrderValidator, IOrderCollector, and IOrderShipper this variation uses Providers to provide instances of the Services:

public SuccessResult Process(Order order)

{

    IOrderValidator validator = 

        ValidatorProvider.Validator;

    bool isValid = validator.Validate(order);

    if (isValid)

    {

        CollectorProvider.Collector.Collect(order);

        ShipperProvider.Shipper.Ship(order);

    }

    return this.CreateStatus(isValid);

}

The ValidatorProvider uses the configuration system to create and return an instance of IOrderValidator:

public static IOrderValidator Validator

{

    get 

    {

        var section = 

            OrderValidationConfigurationSection

                .GetSection();

        var typeName = section.ValidatorTypeName;

        var type = Type.GetType(typeName, true);

        var obj = Activator.CreateInstance(type);

        return (IOrderValidator)obj;

    }

}

There are lots of details I omitted here. I could have saved the reference for later use instead of creating a new instance each time the property is accessed. In that case I would also have had to make the code thread-safe, so I decided to skip that complexity. The code could also be more defensive, but I’m sure you get the picture.

The type name is defined in the app.config file like this:

<orderValidation 

  type="Ploeh.Samples.OrderModel.UnitTest.TrueOrderValidator,

        Ploeh.Samples.OrderModel.UnitTest" />

Obviously, CollectorProvider and ShipperProvider follow the same… blueprint.

This should be well-known to most .NET developers, so what’s wrong with this model?

Constrained Construction

In my book’s chapter on DI anti-patterns I describe the Constrained Construction anti-pattern. Basically it occurs every time there’s an implicit constraint on the constructor of an implementer. In the case of Providers the constraint is that each implementer must have a default constructor. In the example the culprit is this line of code:

var obj = Activator.CreateInstance(type);

This constrains any implementation of IOrderValidator to have a default constructor, which obviously means that the most fundamental DI pattern Constructor Injection is out of the question.

Variations of the Provider idiom is to supply an Initialize method with a context, but this creates a temporal coupling while still not enabling us to inject arbitrary Services into our implementations. I’m not going to repeat six pages of detailed description of Constrained Construction here, but the bottom line is that you can’t fix it – you have to refactor towards true DI – preferably Constructor Injection.

Hidden complexity

Providers hide the complexity of their implementations. This is not the same as encapsulation. Rather it’s a dishonest API and the problem is that it just postpones the moment when you discover how complex the implementation really is.

When you implement a client and use code like the following everything looks deceptively simple:

IOrderValidator validator = 

    ValidatorProvider.Validator;

However, if this is the only line of code you write it will fail, but you will not notice until run-time. Check back to the implementation of the Validator property if you need to refresh the implementation: there’s a lot of things that can go wrong here:

• The appropriate configuration section is not available in the app.config file.
• The ValidatorTypeName is not provided, or is null, or is malformed.
• The ValidatorTypeName is correctly formed, but the type in question cannot be located by Fusion.
• The Type doesn’t have a default constructor. This is one of the other problems of Constrained Construction: it can’t be statically enforced because a constructor is not part of an abstraction’s API.
• The created type doesn’t implement IOrderValidator.

I’m sure I even forgot a thing or two, but the above list is sufficient for me. None of these problems are caught by the compiler, so you don’t discover these issues until you run an integration test. So much for rapid feedback.

I don’t like APIs that lie about their complexity.

Hiding complexity does not make an API easier to use; it makes it harder.

An API that hides necessary complexity makes it impossible to discover problems at compile time. It simply creates more friction.

Lifetime management issues

A Provider exerts too much control over the instances it creates. This is a variation of the Control Freak anti-pattern (also from my book). In the current implementation the Validator property totally violates the Principle of least surprise since it returns a new instance every time you invoke the getter. I did this to keep the implementation simple (this is, after all, example code), but a more normal implementation would reuse the same instance every time.

However, reusing the same instance every time may be problematic in a multi-threaded context (such as a web application) because you’ll need to make sure that the implementation is thread-safe. Often, we’d much prefer to scope the lifetime of the Service to each HTTP request.

HTTP request scoping can be built into the Provider, but then it would only work in web applications. That’s not very flexible.

What’s even more problematic is that once we move away from the Singleton lifestyle (not to be confused with the Singleton design pattern) we may have a memory leak at hand, since the implementation may implement IDisposable. This can be solved by adding a Release method to each Provider, but now we are moving so far into DI Container territory that I find it far more reasonable to just use proper DI instead of trying to reinvent the wheel.

Furthermore, the fact that each Provider owns the lifetime of the Service it controls makes it impossible to share resources. What if the implementation we want to use implements several Role Interfaces each served up by a different Provider? We might want to use that common implementation to share or coordinate state across different Services, but that’s not possible because we can’t share an instance across multiple providers.

Even if we configure all Providers with the same concrete class, each will instantiate and serve its own separate instance.

Testability

The Control Freak also impacts testability. Since a Provider creates instances of interfaces based on XML configuration and Activator.CreateInstance, there’s no way to inject a dynamic mock.

It is possible to use hard-coded Test Doubles such as Stubs or Fakes because we can configure the XML with their type names, but even a Spy is problematic because we’ll rarely have an object reference to the Test Double.

In short, the Provider idiom is not a good approach to loose coupling. Although Microsoft uses it in some of their products, it only leads to problems, so there’s no reason to mimic it. Instead, use Constructor Injection to create loosely coupled components and wire them in the application’s Composition Root using the Register Resolve Release pattern.

When AutoFixture creates complex objects it invokes the constructors of the types in question. When a class exposes more than one constructor, the default behavior is to pick the constructor with the fewest number  of arguments. This is the exact opposite of most DI Containers that select the greediest constructor.

For a DI Container it makes more sense to select the greediest constructor because that maximizes the chance that all dependencies are properly being auto-wired.

The reason that AutoFixture’s default behavior is different is that it maximizes the chance that an object graph can be created at all. If a convenience overload is available, this gives AutoFixture a better chance to compose the object graph.

This works well until a class comes along and introduces the wrong kind of ambiguity. Consider this case of Bastard Injection (Dependency Injection in .NET, section 5.2):

public class Bastard

{

    private readonly IFoo foo;

    public Bastard()

        : this(new DefaultFoo())

    {

    }

    public Bastard(IFoo foo)

    {

        if (foo == null)

        {

            throw new ArgumentNullException("foo");

        }

        this.foo = foo;

    }

    public IFoo Foo

    {

        get { return this.foo; }

    }

}

By default AutoFixture will use the default constructor which means that the Foo will always be the instance of DefaultFoo owned by the Bastard class itself. This is problematic if we wish to inject and freeze a Test Double because even if we freeze an IFoo instance, it will never be injected because the default constructor is being invoked.

var fixture = new Fixture();

fixture.Register<IFoo>(

    fixture.CreateAnonymous<DummyFoo>);

var b = fixture.CreateAnonymous<Bastard>();

Assert.IsAssignableFrom<DefaultFoo>(b.Foo);

As the above unit test demonstrates, even though the Register method call defines a mapping from IFoo to DummyFoo, the Foo property is an instance of DefaultFoo. The DummyFoo instance is never injected into the Bastard instance since the default constructor is used.

Your first reaction in such a case should be to get rid of all convenience constructors to make the the class’ constructor unambiguous. However, it’s also possible to change AutoFixture’s behavior.

The following is a description of a feature that will be a available in AutoFixture 2.1. It’s not available in AutoFixture 2.0, but is already available in the code repository. Thus, if you can’t wait for AutoFixture 2.1 you can download the source and build it.

As always, AutoFixture’s very extensible interface makes it possible to change this behavior. Constructor selection is guided by an interface called IConstructorQuery, and while ModestConstructorQuery is the default implementation, there’s also an implementation called GreedyConstructorQuery.

To change the behavior specifically for the Bastard class the Fixture instance must be customized. The following unit test demonstrates how to do that.

var fixture = new Fixture();

fixture.Customize<Bastard>(c => c.FromFactory(

    new ConstructorInvoker(

        new GreedyConstructorQuery())));

fixture.Register<IFoo>(

    fixture.CreateAnonymous<DummyFoo>);

var b = fixture.CreateAnonymous<Bastard>();

Assert.IsAssignableFrom<DummyFoo>(b.Foo);

Notice that the only difference from before is an additional call to the Customize method where Bastard is modified to use greedy constructor selection. This changes the factory for the Bastard type, but not for any other types.

If you’d rather prefer to completely change the overall constructor selection behavior for AutoFixture you can add the GreedyConstructorQuery wrapped in a ConstructorInvoker to the Fixture’s Customizations:

var fixture = new Fixture();

fixture.Customizations.Add(

    new ConstructorInvoker(

        new GreedyConstructorQuery()));

fixture.Register<IFoo>(

    fixture.CreateAnonymous<DummyFoo>);

var b = fixture.CreateAnonymous<Bastard>();

Assert.IsAssignableFrom<DummyFoo>(b.Foo);

In this unit test, the only change from the previous is that instead of assigning the GreedyConstructorQuery specifically to Bastard, it’s now assigned as the new default strategy. All specimens created by AutoFixture will be created by invoking their most greedy constructor.

As always I find the default behavior more attractive, but the option to change behavior is there if you need it.

A while back I posed the challenge of resolving closed types with MEF. I received some responses, but I also wanted to provide an alternative outline for a solution. In case you don’t remember the problem statement, it revolved around using the Managed Extensibility Framework (MEF) to compose classes in those cases where it’s impossible to annotate those classes with the MEF attributes. In the given example I want to compose the Mayonnaise class from EggYolk and OliveOil, but all three classes are sealed and cannot be recompiled.

As I describe in my book, a general solution to this type of problem is to create a sort of adapter the exports the closed type via a read-only attribute, like these EggYolkAdapter and MayonnaiseAdapter classes (the OliveOilAdapter looks just like the EggYolkAdapter):

public class EggYolkAdapter

{

    private readonly EggYolk eggYolk;

    public EggYolkAdapter()

    {

        this.eggYolk = new EggYolk();

    }

    [Export]

    public virtual EggYolk EggYolk

    {

        get { return this.eggYolk; }

    }

}

public class MayonnaiseAdapter

{

    private readonly Mayonnaise mayo;

    [ImportingConstructor]

    public MayonnaiseAdapter(

        EggYolk yolk, OliveOil oil)

    {

        if (yolk == null)

        {

            throw new ArgumentNullException("yolk");

        }

        if (oil == null)

        {

            throw new ArgumentNullException("oil");

        }

        this.mayo = new Mayonnaise(yolk, oil);

    }

    [Export]

    public virtual Mayonnaise Mayonnaise

    {

        get { return this.mayo; }

    }

}

Doing it like this is always possible, but if you have a lot of types that you need to compose, it becomes tedious having to define a lot of similar adapters. Fortunately, we can take it a step further and generalize the idea of a MEF adapter to a small set of generic classes.

The EggYolkAdapter can be generalized as follows:

public class MefAdapter<T> where T : new()

{

    private readonly T export;

    public MefAdapter()

    {

        this.export = new T();

    }

    [Export]

    public virtual T Export

    {

        get { return this.export; }

    }

}

Notice that I’ve more or less just replaced the EggYolk class with a type argument (T). However, I also had to add the generic new() constraint, which is often quite restrictive. However, to support a type like Mayonnaise, I can create another, similar generic MEF adapter like this:

public class MefAdapter<T1, T2, TResult>

{

    private readonly static Func<T1, T2, TResult> createExport =

        FuncFactory.Create<T1, T2, TResult>();

    private readonly TResult export;

    [ImportingConstructor]

    public MefAdapter(T1 arg1, T2 arg2)

    {

        this.export = createExport(arg1, arg2);

    }

    [Export]

    public virtual TResult Export

    {

        get { return this.export; }

    }

}

The major difference from the simple MefAdapter<T> is that we need slightly more complicated code to invoke the constructor of TResult, which is expected to take two constructor arguments of types T1 and T2. This work is delegated to a FuncFactory that builds and compiles the appropriate delegate using an expression tree:

internal static Func<T1, T2, TResult>

    Create<T1, T2, TResult>()

{

    var arg1Exp =

        Expression.Parameter(typeof(T1), "arg1");

    var arg2Exp = 

        Expression.Parameter(typeof(T2), "arg2");

    var ctorInfo = 

        typeof(TResult).GetConstructor(new[]

        {

            typeof(T1),

            typeof(T2)

        });

    var ctorExp =

        Expression.New(ctorInfo, arg1Exp, arg2Exp);

    return Expression.Lambda<Func<T1, T2, TResult>>(

        ctorExp, arg1Exp, arg2Exp).Compile();

}

With a couple of MEF adapters, I can now compose a MEF Catalog almost like I can with a real DI Container, and resolve the Mayonnaise class:

var catalog = new TypeCatalog(

    typeof(MefAdapter<OliveOil>),

    typeof(MefAdapter<EggYolk>),

    typeof(MefAdapter<EggYolk, OliveOil, Mayonnaise>)

    );

var container = new CompositionContainer(catalog);

var mayo = container.GetExportedValue<Mayonnaise>();

If you want to change the Creation Policy to NonShared, you can derive from the MefAdapter classes and annotate them with [PartCreationPolicy] attributes.

I’d never voluntarily choose to use MEF like this, but if I was stuck with MEF in a project and had to use it like a DI Container, I’d do something like this.

The main principle behind the Register Resolve Release pattern is that loosely coupled object graphs should be composed as a single action in the entry point of the application (the Composition Root). For request-based applications (web sites and services), we use a variation where we compose once per request.

It seems to me that a lot of people are apprehensive when they first hear about this concept. It may sound reasonable from an architectural point of view, but isn’t it horribly inefficient? A well-known example of such a concern is Jeffrey Palermo’s blog post Constructor over-injection anti-pattern. Is it really a good idea to compose a complete object graph in one go? What if we don’t need part of the graph, or only need it later? Doesn’t it adversely affect response times?

Normally it doesn’t, and if it does, there are elegant ways to address the issue.

In the rest of this blog post I will expand on this topic. To keep the discussion as simple as possible, I’ll restrict my analysis to object trees instead of full graphs. This is quite a reasonable simplification as we should strive to avoid circular dependencies, but even in the case of full graphs the arguments and techniques put forward below hold.

Consider a simple tree composed of classes from three different assemblies:

All the A classes (blue) are defined in the A assembly, B classes (green) in the B assembly, and the C1 class (red) in the C assembly. In code we create the tree with Constructor Injection like this:

var t =

    new A1(

        new A2(

            new B1(

                new B2()),

            new A3()),

        new C1(

            new B3()));

Given the tree above, we can now address the most common concerns about composing object trees in one go.

Will it be slow?

Most likely not. Keep in mind that Injection Constructors should be very simple, so not a lot of work is going on during composition. Obviously just creating new object instances takes a bit of time in itself, but we create objects instances all the time in .NET code, and it’s often a very fast operation.

Even when using DI Containers, which perform a lot of (necessary) extra work when creating objects, we can create tens of thousand trees per second. Creation of objects simply isn’t that big a deal.

But still: what about assembly loading?

I glossed over an important point in the above argument. While object creation is fast, it sometimes takes a bit of time to load an assembly. The tree above uses classes from three different assemblies, so to create the tree all three assemblies must be loaded.

In many cases that’s a performance hit you’ll have to take because you need those classes anyway, but sometimes you might be concerned with taking this performance hit too early. However, I make the claim that in the vast majority of cases, this concern is irrelevant.

In this particular context there are two different types of applications: Request-based applications (web) and all the rest (desktop apps, daemons, batch-jobs, etc.).

Request-based applications

For request-based applications such as web sites and REST services, an object tree must be composed for each request. However, all requests are served by the same AppDomain, so once an assembly is loaded, it sticks around to be available for all subsequent requests. Thus, the first few requests will suffer a performance penalty from having to load all assemblies, but after that there will be no performance impact.

In short, in request-based applications, you can compose object trees with confidence. In only extremely rare cases should you have performance issues from composing the entire tree in one go.

Long-running applications

For long-running applications the entire object tree must be composed at start-up. For background services such as daemons and batch processes the start-up time probably doesn’t matter much, but for desktop applications it can be of great importance.

In some cases the application requires the entire tree to be immediately available, in which case there’s not a lot you can do. Still, once all assemblies have been loaded, actually creating the tree will be very fast.

In other cases an entire branch of the tree may not be immediately required. As an example, if the C1 node in the above graph isn’t needed right away, we could improve start-up time if we could somehow defer creating that branch, because this would also defer loading of the entire C assembly.

Deferred branches

Since object creation is fast, the only case where it makes sense to defer loading of a branch is when creation of that branch causes an assembly to be loaded. If we can defer creation of such a branch, we can also defer loading of the assembly, thus improving the time it takes to compose the initial tree.

Imagine that we wish to defer creation of the C1 branch of the above tree. It will prevent the C assembly from being loaded because that assembly is not used in any other place in the tree. However, it will not prevent the B assembly from being loaded, since that assembly is also being used by the A2 node.

Still, in those rare situations where it makes sense to defer creation of a branch, we can make that cut into a part of the infrastructure of the tree. I originally described this technique as a reaction to the above mentioned post by Jeffrey Palermo, but here’s a restatement in the current context.

We can defer creating the C1 node by wrapping it in a lazy implementation of the same interface. The C1 node implements an interface called ISolo<IMarker>, so we can wrap it in a Virtual Proxy that defers creation of C1 until it’s needed:

public class LazySoloMarker : ISolo<IMarker>

{

    private readonly Lazy<ISolo<IMarker>> lazy;

    public LazySoloMarker(Lazy<ISolo<IMarker>> lazy)

    {

        if (lazy == null)

        {

            throw new ArgumentNullException("lazy");

        }

        this.lazy = lazy;

    }

    #region ISolo<IMarker> Members

    public IMarker Item

    {

        get { return this.lazy.Value.Item; }

    }

    #endregion

}

This Virtual Proxy takes a Lazy<ISolo<IMarker>> as input and defers to it to implement the members of the interface. This only causes the Value property to be created when it’s first accessed – which may be long after the LazySoloMarker instance was created.

The tree can now be composed like this:

var t =

    new A1(

        new A2(

            new B1(

                new B2()),

            new A3()),

        new LazySoloMarker(

            new Lazy<ISolo<IMarker>>(() => new C1(

                new B3()))));

This retains all the original behavior of the original tree, but defers creation of the C1 node until it’s needed for the first time.

The bottom line is this: you can compose the entire object graph with confidence. It’s not going to be a performance bottleneck.

The Constructor Injection design pattern is a extremely useful way to implement loose coupling. It’s easy to understand and implement, but sometime perhaps a bit misunderstood.

The pattern itself is easily described through an example:

private readonly ISpecimenBuilder builder;

public SpecimenContext(ISpecimenBuilder builder)

{

    if (builder == null)

    {

        throw new ArgumentNullException("builder");

    }

    this.builder = builder;

}

The SpecimenContext constructor statically declares that it requires an ISpecimenBuilder instance as an argument. To guarantee that the the builder field is an invariant of the class, the constructor contains a Guard Clause before it assigns the builder parameter to the builder field. This pattern can be repeated for each constructor argument.

It’s important to understand that when using Constructor Injection the constructor should contain no additional logic.

An Injection Constructor should do no more than receiving the dependencies.

This is simply a rephrasing of Nikola Malovic’s 4th law of IoC. There are several reasons for this rule of thumb:

• When we compose applications with Constructor Injection we often create substantial object graphs, and we want to be able to create these graphs as efficiently as possible. This is Nikola’s original argument.
• In the odd (and not recommended) cases where you have circular dependencies, the injected dependencies may not yet be fully initialized, so an attempt to invoke their members at that time may result in an exception. This issue is similar to the issue of invoking virtual members from the constructor. Conceptually, an injected dependency is equivalent to a virtual member.
• With Constructor Injection, the constructor’s responsibility is to demand and receive the dependencies. Thus, according to the Single Responsibility Principle (SRP), it should not try to do something else as well. Some readers might argue that I’m misusing the SRP here, but I think I’m simply applying the underlying principle in a more granular context.

There’s no reason to feel constrained by this rule, as in any case the constructor is an implementation detail. In loosely coupled code, the constructor is not part of the overall application API. When we consider the API at that level, we are still free to design the API as we’d like.

Please notice that this rule is contextual: it applies to Services that use Constructor Injection. Entities and Value Objects tend not to use DI, so their constructors are covered by other rules.

.NET developers should by familiar with the standard access modifiers (public, protected, internal, private). However, in loosely coupled code we can regard interface implementations as a fifth access modifier. This concept was originally introduced to me by Udi Dahan the only time I’ve had the pleasure of meeting him. That was many years ago and while I didn’t grok it back then, I’ve subsequently come to appreciate it quite a lot.

Although I can’t take credit for the idea, I’ve never seen it described, and it really deserves to be.

The basic idea is simple:

If a consumer respects the Liskov Substitution Principle (LSP), the only visible members are those belonging to the interface. Thus, the interface represents a dimension of visibility.

As an example, consider this simple interface from AutoFixture:

public interface ISpecimenContext

{

    object Resolve(object request);

}

A well-behaved consumer can only invoke the Resolve method even though an implementation may have additional public members:

public class SpecimenContext : ISpecimenContext

{

    private readonly ISpecimenBuilder builder;

    public SpecimenContext(ISpecimenBuilder builder)

    {

        if (builder == null)

        {

            throw new ArgumentNullException("builder");

        }

        this.builder = builder;

    }

    public ISpecimenBuilder Builder

    {

        get { return this.builder; }

    }

    #region ISpecimenContext Members

    public object Resolve(object request)

    {

        return this.Builder.Create(request, this);

    }

    #endregion

}

Even though the SpecimenContext class defines the Builder property, as well as a public constructor, any consumer respecting the LSP will only see the Resolve method.

In fact, the Builder property on the SpecimenContext class mostly exists to support unit testing because I sometimes need to assert that a given instance of SpecimenContext contains the expected ISpecimenBuilder. This doesn’t break encapsulation since the Builder is exposed as a read-only property, and it more importantly doesn’t pollute the API.

To support unit testing (and whichever other clients might be interested in the encapsulated ISpecimenBuilder) we have a public property that follows all framework design guidelines. However, it’s essentially an implementation detail, so it’s not visible via the ISpecimenContext interface.

When writing loosely coupled code, I’ve increasingly begun to see the interfaces as the real API. Most other (even public) members are pure implementation details. If the members are public, I still demand that they follow the framework design guidelines, but I don’t consider them parts of the API. It’s a very important distinction.

The interfaces define the bulk of an application’s API. Most other types and members are implementation details.

An important corollary is that constructors are implementation details too, since they can never by part of any interfaces.

In that sense we can regard interfaces as a fifth access modifier – perhaps even the most important one.

A week ago I concluded Microsoft Denmark’s 2010 .NET Community Christmas Calendar with a challenge about resolving closed types with MEF. As 2011 came around, the deadline ended, so it’s now time to pick the winner.

I didn’t get a lot of entries, which can be interpreted in at least one (or more) of the following ways:

• The challenge was too difficult
• The challenge wasn’t interesting
• The prize wasn’t attractive
• People had other things to do during the holidays

Whatever the reason, it made my task of picking a winner that much easier. The best Danish entry came from Daniel Volder Guarnieri who cheated a bit by partially hard-coding the composition of Mayonnaise into the ContainerBuilder. As I wrote in the original challenge, there are many ways to tackle the challenge, and one was to take the unit tests very literally :)

However, honorable mention must go to Boyan Mihaylov who participated just for the honor. He took a more general approach similar to Fluent MEF. This involves implementing a completely new ComposablePartCatalog with associated ComposablePartDefinition and ComposablePart implementations – not a trivial undertaking.

Kudos to Boyan and congratulations to Daniel. My thanks for your submissions, and a happy new year to all my readers!

For my international reader, a bit of context is in order for this post: Microsoft Denmark sponsors a series of Christmas challenges known as the Microsoft Christmas Calendar. Different bloggers alternate hosting a coding challenge for the day, and Microsoft sponsors the prizes.

Today I have the honor of hosting the last challenge for 2010. Contestants from the Danish .NET community have the opportunity to win a Molecular Gastronomy Starter Kit – if any of my international readers feel like joining in, they are welcome, but (probably) not eligible for the prize.

The challenge

The Managed Extensibility Framework (MEF) enables us to compose applications by annotating types and members with [Import] and [Export] attributes, but what can you do when you have types without these attributes and you can’t add the attributes?

For example, how can we compose Mayonnaise from these three classes?

public sealed class EggYolk { }

public sealed class OliveOil { }

public sealed class Mayonnaise

{

    private readonly EggYolk eggYolk;

    private readonly OliveOil oil;

    public Mayonnaise(EggYolk eggYolk, OliveOil oil)

    {

        if (eggYolk == null)

        {

            throw new ArgumentNullException("eggYolk");

        }

        if (oil == null)

        {

            throw new ArgumentNullException("oil");

        }

        this.eggYolk = eggYolk;

        this.oil = oil;

    }

    public EggYolk EggYolk

    {

        get { return this.eggYolk; }

    }

    public OliveOil Oil

    {

        get { return this.oil; }

    }

}

The challenge is to come up with a good solution to that problem. Here are the formal rules:

• The unit test suite at the end of this post must pass.
• You are not allowed to edit the unit tests.
• You are only allowed to add one (1) using directive to the unit test file to reference the namespace of your proposed solution.
• You must work from the Visual Studio 2010 solution attached to this post. Add a new project that contains your solution. Send me the solution in a .zip file to enter the contest.
• You are allowed to implement your solution in any language you would like as long as it compiles and runs from Visual Studio 2010 Premium.
• The winner is chosen by my subjective judgment, but I will emphasize clean code and design. A tip: attempt to get as good scores as possible from Visual Studio’s Code Analysis and Code Metrics. Good scores does not guarantee that you win, but bad scores will most likely ensure that you don’t.
• Since many of you are on Christmas vacation the deadline is this year. As long as you submit a solution in 2010 (Danish time) you’re a contestant.

There are lots of different ways to skin this cat, so I’m looking forward to your submissions to see all your creative solutions.

This unit test suite is the specification:

using System.ComponentModel.Composition.Hosting;

using Ploeh.Samples.MeffyXmas.MenuModel;

using Xunit;

namespace Ploeh.Samples.MeffyXmas.MefMenu.UnitTest

{

    public class ContainerBuilderFacts

    {

        [Fact]

        public void DefaultContainerCorrectlyResolvesOliveOil()

        {

            CompositionContainer container = new ContainerBuilder()

                .Build();

            var oil = container.GetExportedValue<OliveOil>();

            Assert.NotNull(oil);

        }

        [Fact]

        public void DefaultContainerCorrectlyResolvesEggYolk()

        {

            CompositionContainer container = new ContainerBuilder()

                .Build();

            var yolk = container.GetExportedValue<EggYolk>();

            Assert.NotNull(yolk);

        }

        [Fact]

        public void DefaultContainerCorrectlyResolvesMayonnaise()

        {

            CompositionContainer container = new ContainerBuilder()

                .Build();

            var mayo = container.GetExportedValue<Mayonnaise>();

            Assert.NotNull(mayo);

        }

        [Fact]

        public void DefaultContainerReturnsSingletonMayonnaise()

        {

            CompositionContainer container = new ContainerBuilder()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.Same(mayo1, mayo2);

        }

        [Fact]

        public void WithTransientMayonnaiseReturnTransientMayonnaise()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.NotSame(mayo1, mayo2);

        }

        [Fact]

        public void TransientMayonnaiseByDefaultContainsSingletonEggYolk()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.Same(mayo1.EggYolk, mayo2.EggYolk);

        }

        [Fact]

        public void TransientMayonnaiseByDefaultContainsSingletonOil()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.Same(mayo1.Oil, mayo2.Oil);

        }

        [Fact]

        public void TransientMayonnaiseCanHaveTransientEggYolk()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .WithNonSharedEggYolk()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.NotSame(mayo1.EggYolk, mayo2.EggYolk);

        }

        [Fact]

        public void TransientMayonnaiseCanHaveSingletonOil()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .WithNonSharedEggYolk()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.Same(mayo1.Oil, mayo2.Oil);

        }

        [Fact]

        public void TransientMayonnaiseCanHaveTransientOil()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .WithNonSharedOil()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.NotSame(mayo1.Oil, mayo2.Oil);

        }

        [Fact]

        public void TransientMayonnaiseCanHaveSingletonEggYolk()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .WithNonSharedOil()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.Same(mayo1.EggYolk, mayo2.EggYolk);

        }

        [Fact]

        public void PureTransientMayonnaiseIsTransient()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .WithNonSharedEggYolk()

                .WithNonSharedOil()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.NotSame(mayo1, mayo2);

        }

        [Fact]

        public void PureTransientMayonnaiseHasTransientEggYolk()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .WithNonSharedEggYolk()

                .WithNonSharedOil()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.NotSame(mayo1.EggYolk, mayo2.EggYolk);

        }

        [Fact]

        public void PureTransientMayonnaiseHasTransientOil()

        {

            CompositionContainer container = new ContainerBuilder()

                .WithNonSharedMayonnaise()

                .WithNonSharedEggYolk()

                .WithNonSharedOil()

                .Build();

            var mayo1 = container.GetExportedValue<Mayonnaise>();

            var mayo2 = container.GetExportedValue<Mayonnaise>();

            Assert.NotSame(mayo1.Oil, mayo2.Oil);

        }

    }

}

ContainerBuilder is the class you must implement, so the unit tests don’t compile until you make them. Meffy xmas!

As a comment to my previous post about interfaces being no guarantee for abstractions, Danny asks some interesting questions. In particular, his questions relate to Udi Dahan’s presentation Intentions & Interfaces: Making patterns concrete (also known as Making Roles Explicit). Danny writes:

it would seem that Udi recommends creating interfaces for each "role" the domain object plays and using a Service Locator to find the concrete implementation ... or in his case the concrete FetchingStrategy used to pull data back from his ORM. This sounds like his application would have many 1:1 abstractions.

Can this be true, or can we consolidate Role Interfaces with the Reused Abstractions Principle (RAP) – preferably without resorting to a Service Locator? Yes, of course we can.

In Udi Dahan’s talks, we see various examples where he queries a Service Locator for a Role Interface. If the Service Locator returns an instance he uses it; otherwise, he falls back to some sort of default behavior. Here is my interpretation of Udi Dahan’s slides:

public void Persist(Customer entity)

{

    var validator = this.serviceLocator

        .Get<IValidator<Customer>>();

    if (validator != null)

    {

        validator.Validate(entity);

    }

    // Save entity in actual store

}

This is actually not very pretty object-oriented code, but I have Udi Dahan suspected of choosing this implementation to better communicate the essence of how to use Role Interfaces. However, a more proper implementation would have a default (or Null Object) implementation of the Role Interface, and then the special implementation.

If we assume that a NullValidator exists, we can require that the Service Locator can always serve up a proper instance of IValidator<Customer>. This enables us to simplify the Persist method to something like this:

public void Persist(Customer entity)

{

    var validator = this.serviceLocator

        .Get<IValidator<Customer>>();

    validator.Validate(entity);

    // Save entity in actual store

}

Either the Service Locator returns a specialized CustomerValidator, or it returns the NullValidator. In any case, this assumption enables us to leverage the Liskov Substitution Principle and refactor the conditional logic to polymorphism.

In other words: every single time we discover the need to extract a Role Interface, we should end up with at least two implementations: the Null Object and the Special Case. Thus the RAP is satisfied.

As a last refactoring, we can also get rid of the Service Locator. Instead, we can use Constructor Injection to inject IValidator<Customer> directly into the Persistence class:

public class CustomerPersistence 

{

    private readonly IValidator<Customer> validator;

    public CustomerPersistence(IValidator<Customer> v)

    {

        if (v == null)

        {

            throw new ArgumentNullException("...");

        }

        this.validator = v;

    }

    public void Persist(Customer entity)

    {

        this.validator.Validate(entity);

        // Save entity in actual store

    }

}

Thus, the use of Role Interfaces in no way hinges on using a Service Locator, and everything is good again :)

Garth Kidd was so nice to point out to me that I hadn’t needed stop where I did in my previous post, and he is, of course, correct. Taking a dependency on an Abstract Factory that doesn’t take any contextual information (i.e. has no method parameters) is often an indication of a Leaky Abstraction. It indicates that the consumer has knowledge about the dependency’s lifetime that it shouldn’t have.

We can remove this flaw by introducing a Decorator of the IRepository<T> interface. Something like this should suffice:

public class FoundRepository<T> : IRepository<T>

{

    private readonly IRepository<T> repository;

    public FoundRepository(IRepositoryFinder<T> finder)

    {

        if (finder == null)

        {

            throw new ArgumentNullException("finder");

        }

        this.repository = finder.FindRepository();

    }

    /* Implement IRepository<T> by delegating to

     * this.repository */

}

This means that we can change the implementation of MyServiceOperation to this:

public void MyServiceOperation(

    IRepository<Customer> repository)

{

    // ...

}

This is much better, but this requires a couple of notes.

First of all we should keep in mind that since FoundRepository creates and saves an instance of IRepository right away, we should control the lifetime of FoundRepository. In essense, the lifetime should be tied to the specific service operation. Two concurrent invocations of MyServiceOperation should each receive separate instances of FoundRepository.

Many DI containers support Factory methods, so it may not even be necessary to implement FoundRepository explicitly. Rather, it would be possible to register IRepository<T> so that an instance is always created by invoking IRepositoryFinder<T>.FindRepository().

One of the readers of my book recently asked me an interesting question that relates to the disadvantages of the Service Locator anti-pattern. I found both the question and the potential solution so interesting that I would like to share it.

In short, the reader’s organization currently uses Service Locator in their code, but don’t really see a way out of it. This post demonstrates how we can refactor from Service Locator to Abstract Factory. Here’s the original question:

“We have been writing a WCF middle tier using DI”

“Our application talks to multiple databases.  There is one Global database which contains Enterprise records, and each Enterprise has the connection string of a corresponding Enterprise database.”

“The trick is when we want to write a service which connects to an Enterprise database.  The context for which enterprise we are dealing with is not available until one of the service methods is called, so what we do is this:”

public void MyServiceOperation(
    EnterpriseContext context)
{
    /* Get a Customer repository operating
        * in the given enterprise’s context
        * (database) */
    var customerRepository = 
        context.FindRepository<Customer>(
            context.EnterpriseId);
    // ...
}

“I’m not sure how, in this case, we can turn what we’ve got into a more pure DI system, since we have the dependency on the EnterpriseContext passed in to each service method.  We are mocking and testing just fine, and seem reasonably well decoupled.  Any ideas?”

When we look at the FindRepository method we quickly find that it’s a Service Locator. There are many problems with Service Locator, but the general issue is that the generic argument can be one of an unbounded set of types.

The problem is that seen from the outside, the consuming type (MyService in the example) doesn’t advertise its dependencies. In the example the dependency is a CustomerRepository, but you could later go into the implementation of MyServiceOperation and change the call to context.FindRepository<Qux>(context.EnterpriseId) and everything would still compile. However, at run-time, you’d likely get an exception.

It would be much safer to use an Abstract Factory, but how do we get there from here, and will it be better?

Let’s see how we can do that. First, we’ll have to make some assumptions on how EnterpriseContext works. In the following, I’ll assume that it looks like this – warning: it’s ugly, but that’s the point, so don’t give up reading just yet:

public class EnterpriseContext
{
    private readonly int enterpriseId;
    private readonly IDictionary<int, string> 
        connectionStrings;
 
    public EnterpriseContext(int enterpriseId)
    {
        this.enterpriseId = enterpriseId;
 
        this.connectionStrings =
            new Dictionary<int, string>();
        this.connectionStrings[1] = "Foo";
        this.connectionStrings[2] = "Bar";
        this.connectionStrings[3] = "Baz";
    }
 
    public virtual int EnterpriseId
    {
        get { return this.enterpriseId; }
    }
 
    public virtual IRepository<T> FindRepository<T>(
        int enterpriseId)
    {
        if (typeof(T) == typeof(Customer))
        {
            return (IRepository<T>)this
                .FindCustomerRepository(enterpriseId);
        }
        if (typeof(T) == typeof(Campaign))
        {
            return (IRepository<T>)this
                .FindCampaignRepository(enterpriseId);
        }
        if (typeof(T) == typeof(Product))
        {
            return (IRepository<T>)this
                .FindProductRepository(enterpriseId);
        }
 
        throw new InvalidOperationException("...");
    }
 
    private IRepository<Campaign>
        FindCampaignRepository(int enterpriseId)
    {
        var cs = this.connectionStrings[enterpriseId];
        return new CampaignRepository(cs);
    }
 
    private IRepository<Customer>
        FindCustomerRepository(int enterpriseId)
    {
        var cs = this.connectionStrings[enterpriseId];
        return new CustomerRepository(cs);
    }
 
    private IRepository<Product>
        FindProductRepository(int enterpriseId)
    {
        var cs = this.connectionStrings[enterpriseId];
        return new ProductRepository(cs);
    }
}

That’s pretty horrible, but that’s exactly the point. Every time we need to to add a new type of repository, we’ll need to modify this class, so it’s one big violation of the Open/Closed Principle.

I didn’t implement EnterpriseContext with a DI Container on purpose. Yes: using a DI Container would make it appear less ugly, but it would only hide the design issue – not address it. I chose the above implementation to demonstrate just how ugly this sort of design really is.

So, let’s start refactoring.

Step 1

We change each of the private finder methods to public methods.

In this example, there are only three methods, but I realize that in a real system there might be many more. However, we’ll end up with only a single interface and its implementation, so don’t despair just yet. It’ll turn out just fine.

As a single example the FindCustomerRepository method is shown here:

public IRepository<Customer>
    FindCustomerRepository(int enterpriseId)
{
    var cs = this.connectionStrings[enterpriseId];
    return new CustomerRepository(cs);
}

For each of the methods we extract an interface, like this:

public interface ICustomerRepositoryFinder
{
    int EnterpriseId { get; }
 
    IRepository<Customer> FindCustomerRepository(
        int enterpriseId);
}

We also include the EnterpriseId property because we’ll need it soon. This is just an intermediary artifact which is not going to survive until the end.

This is very reminiscent of the steps described by Udi Dahan in his excellent talk Intentions & Interfaces: Making patterns concrete. We make the roles of finding repositories explicit.

This leaves us with three distinct interfaces that EnterpriseContext can implement:

public class EnterpriseContext : 
    ICampaignRepositoryFinder,
    ICustomerRepositoryFinder,
    IProductRepositoryFinder

Until now, we haven’t touched the service.

Step 2

We can now change the implementation of MyServiceOperation to explicitly require only the role that it needs:

public void MyServiceOperation(
    ICustomerRepositoryFinder finder)
{
    var customerRepository = 
        finder.FindCustomerRepository(
            finder.EnterpriseId);
}

Since we now only consume the strongly typed role interfaces, we can now delete the original FindRepository<T> method from EnterpriseContext.

Step 3

At this point, we’re actually already done, since ICustomerRepositoryFinder is an Abstract Factory, but we can make the API even better. When we consider the implementation of MyServiceOperation, it should quickly become clear that there’s a sort of local Feature Envy in play. Why do we need to access finder.EnterpriseId to invoke finder.FindCustomerRepository? Shouldn’t it rather be the finder’s own responsibility to figure that out for us?

Instead, let us change the implementation so that the method does not need the enterpriseId parameter:

public IRepository<Customer> FindCustomerRepository()
{
    var cs = 
        this.connectionStrings[this.EnterpriseId];
    return new CustomerRepository(cs);
}

Notice that the EnterpriseId can be accessed just as well from the implementation of the method itself. This change requires us to also change the interface:

public interface ICustomerRepositoryFinder
{
    IRepository<Customer> FindCustomerRepository();
}

Notice that we removed the EnterpriseId property, as well as the enterpriseId parameter. The fact that there’s an enterprise ID in play is now an implementation detail.

MyServiceOperation now looks like this:

public void MyServiceOperation(
    ICustomerRepositoryFinder finder)
{
    var customerRepository = 
        finder.FindCustomerRepository();
}

This takes care of the Feature Envy smell, but still leaves us with a lot of very similarly looking interfaces: ICampaignRepositoryFinder, ICustomerRepositoryFinder and IProductRepositoryFinder.

Step 4

We can collapse all the very similar interfaces into a single generic interface:

public interface IRepositoryFinder<T>
{
    IRepository<T> FindRepository();
}

With that, MyServiceOperation now becomes:

public void MyServiceOperation(
    IRepositoryFinder<Customer> finder)
{
    var customerRepository = 
        finder.FindRepository();
}

Now that we only have a single generic interface (which is still an Abstract Factory), we can seriously consider getting rid of all the very similarly looking implementations in EnterpriseContext and instead just create a single generic class. We now have a more explicit API that better communicates intent.

How is this better? What if a method needs both an IRepository<Customer> and an IRepository<Product>? We’ll now have to pass two parameters instead of one.

Yes, but that’s good because it explicitly calls to your attention exactly which collaborators are involved. With the original Service Locator, you might not notice the responsibility creep as you over time request more and more repositories from the EnterpriseContext. With Abstract Factories in play, violations of the Single Responsibility Principle (SRP) becomes much more obvious.

Refactoring from Service Locator to Abstract Factories make it more painful to violate the SRP.

You can always make roles explicit to get rid of Service Locators. This is likely to result in a more explicit design where doing the right thing feels more natural than doing the wrong thing.

It’s easy to confuse the Abstract Factory pattern with the Service Locator anti-pattern – particularly so when generics or contextual information is involved. However, it’s really easy to distinguish between there two, and here’s how!

Here are both (anti-)patterns in condensed form opposite each other:

public interface IFactory<T>
{
    T Create(object context);
}

public interface IServiceLocator
{
    T Create<T>(object context);
}

For these examples I chose to demonstrate both as generic interfaces that take some kind of contextual information (context) as input.

In this example the context can be any object, but we could also have considered a more strongly typed context parameter. Other variations include more than one method parameter, or, in the degenerate case, no parameters at all.

Both interfaces have a simple Create method that returns the generic type T, so it’s easy to confuse the two. However, even for generic types, it’s easy to tell one from the other:

An Abstract Factory is a generic type, and the return type of the Create method is determined by the type of the factory itself. In other words, a constructed type can only return instances of a single type.

A Service Locator, on the other hand, is a non-generic interface with a generic method. The Create method of a single Service Locator can return instances of an infinite number of types.

Even simpler:

An Abstract Factory is a generic type with a non-generic Create method; a Service Locator is a non-generic type with a generic Create method.

The name of the method, the number of parameters, and other circumstances may vary. The types may not be generic, or may be base classes instead of interfaces, but at the heart of it, the question is whether you can ask for an arbitrary type from the service, or only a single, static type.

The subject of Dependency Injection (DI) in general, and DI Containers specifically, suffers from horrible terminology that seems to confuse a lot of people. Newcomers to DI often think about DI Containers as a sort of Abstract Factory on steroids. It’s not. Nicholas Blumhardt already realized and described this phenomenon a couple of years ago.

The core of the matter is that as developers, we are extremely accustomed to thinking about components and services in terms of queries instead of commands. However, the Hollywood Principle insists that we should embrace a tell, don’t ask philosophy. We can apply this principles to DI Containers as well: Don’t call the container; it’l call you.

This leads us to what Krzysztof Koźmic calls the three calls pattern. Basically it states that we should only do three things with a DI Container:

1. Bootstrap the container
2. Resolve root components
3. Dispose this container

This is very sound advice and independently of Krzysztof I’ve been doing something similar for years – so perhaps the pattern label is actually in order here.

However, I think that the pattern deserves a more catchy name, so in the spirit of the Arrange Act Assert (AAA) pattern for unit testing I propose that we name it the Register Resolve Release (RRR) pattern. The names originate with Castle Windsor terminology, where we:

1. Register components with the container
2. Resolve root components
3. Release components from the container

Other containers also support the RRR pattern, but if we were to pick their terminology, it would rather be the Configure GetInstance Dispose (CGD) pattern (or something similar), and that’s just not as catchy.

We can rewrite a previous example with Castle Windsor and annotate it with comments to call out where the three container phases occur:

private static void Main(string[] args)

{

    var container = new WindsorContainer();

    container.Kernel.Resolver.AddSubResolver(

        new CollectionResolver(container.Kernel));

    // Register

    container.Register(

        Component.For<IParser>()

            .ImplementedBy<WineInformationParser>(),

        Component.For<IParser>()

            .ImplementedBy<HelpParser>(),

        Component.For<IParseService>()

            .ImplementedBy<CoalescingParserSelector>(),

        Component.For<IWineRepository>()

            .ImplementedBy<SqlWineRepository>(),

        Component.For<IMessageWriter>()

            .ImplementedBy<ConsoleMessageWriter>());

    // Resolve

    var ps = container.Resolve<IParseService>();

    ps.Parse(args).CreateCommand().Execute();

    // Release

    container.Release(ps);

    container.Dispose();

}

Notice that in most cases, explicitly invoking the Release method isn’t necessary, but I included it here to make the pattern stand out.

So there it is: the Register Resolve Release pattern.

One of my readers recently asked me an interesting question. It relates to my book’s chapter about Interception (chapter 9) and Decorators and how they can be used for instrumentation-like purposes.

In an earlier blog post we saw how we can use Decorators to implement Cross-Cutting Concerns, but the question relates to how a set of Decorators can be used to log additional information about code execution, such as the time before and after a method is called, the name of the method and so on.

A Decorator can excellently address such a concern as well, as we will see here. Let us first define an IRegistrar interface and create an implementation like this:

public class ConsoleRegistrar : IRegistrar

{

    public void Register(Guid id, string text)

    {

        var now = DateTimeOffset.Now;

        Console.WriteLine("{0}\t{1:s}.{2}\t{3}",

            id, now, now.Millisecond, text);

    }

}

Although this implementation ‘logs’ to the Console, I’m sure you can imagine other implementations. The point is that given this interface, we can add all sorts of ambient information such as the thread ID, the name of the current principal, the current culture and whatnot, while the text string variable still gives us an option to log more information. If we want a more detailed API, we can just make it more detailed – after all, the IRegistrar interface is just an example.

We now know how to register events, but are seemingly no nearer to instrumenting an application. How do we do that? Let us see how we can instrument the OrderProcessor class that I have described several times in past posts.

At the place I left off, the OrderProcessor class uses Constructor Injection all the way down. Although I would normally prefer using a DI Container to auto-wire it, here’s a manual composition using Poor Man’s DI just to remind you of the general structure of the class and its dependencies:

var sut = new OrderProcessor(

    new OrderValidator(), 

    new OrderShipper(),

    new OrderCollector(

        new AccountsReceivable(),

        new RateExchange(),

        new UserContext()));

All the dependencies injected into the OrderProcessor instance implement interfaces on which OrderProcessor relies. This means that we can decorate each concrete dependency with an implementation that instruments it.

Here’s an example that instruments the IOrderProcessor interface itself:

public class InstrumentedOrderProcessor : IOrderProcessor

{

    private readonly IOrderProcessor orderProcessor;

    private readonly IRegistrar registrar;

    public InstrumentedOrderProcessor(

        IOrderProcessor processor,

        IRegistrar registrar)

    {

        if (processor == null)

        {

            throw new ArgumentNullException("processor");

        }

        if (registrar == null)

        {

            throw new ArgumentNullException("registrar");

        }

        this.orderProcessor = processor;

        this.registrar = registrar;

    }

    #region IOrderProcessor Members

    public SuccessResult Process(Order order)

    {

        var correlationId = Guid.NewGuid();

        this.registrar.Register(correlationId,

            string.Format("Process begins ({0})",

                this.orderProcessor.GetType().Name));

        var result = this.orderProcessor.Process(order);

        this.registrar.Register(correlationId,

            string.Format("Process ends   ({0})", 

            this.orderProcessor.GetType().Name));

        return result;

    }

    #endregion

}

That looks like quite a mouthful, but it’s really quite simple – the cyclomatic complexity of the Process method is as low as it can be: 1. We really just register the Process method call before and after invoking the decorated IOrderProcessor.

Without changing anything else than the composition itself, we can now instrument the IOrderProcessor interface:

var registrar = new ConsoleRegistrar();

var sut = new InstrumentedOrderProcessor(

    new OrderProcessor(

        new OrderValidator(),

        new OrderShipper(),

        new OrderCollector(

            new AccountsReceivable(),

            new RateExchange(),

            new UserContext())),

    registrar);

However, imagine implementing an InstrumentedXyz for every IXyz and compose the application with them. It’s possible, but it’s going to get old really fast – not to mention that it massively violates the DRY principle.

Fortunately we can solve this issue with any DI Container that supports dynamic interception. Castle Windsor does, so let’s see how that could work.

Instead of implementing the same code ‘template’ over and over again to instrument an interface, we can do it once and for all with an interceptor. Imagine that we delete the InstrumentedOrderProcessor; instead, we create this:

public class InstrumentingInterceptor : IInterceptor

{

    private readonly IRegistrar registrar;

    public InstrumentingInterceptor(IRegistrar registrar)

    {

        if (registrar == null)

        {

            throw new ArgumentNullException("registrar");

        }

        this.registrar = registrar;

    }

    #region IInterceptor Members

    public void Intercept(IInvocation invocation)

    {

        var correlationId = Guid.NewGuid();

        this.registrar.Register(correlationId, 

            string.Format("{0} begins ({1})", 

                invocation.Method.Name,

                invocation.TargetType.Name));

        invocation.Proceed();

        this.registrar.Register(correlationId,

            string.Format("{0} ends   ({1})", 

                invocation.Method.Name, 

                invocation.TargetType.Name));

    }

    #endregion

}

If you compare this to the Process method of InstrumentedOrderProcessor (that we don’t need anymore), you should be able to see that they are very similar. In this version, we just use the invocation argument to retrieve information about the decorated method.

We can now add InstrumentingInterceptor to a WindsorContainer and enable it for all appropriate components. When we do that and invoke the Process method on the resolved IOrderProcessor, we get a result like this:

  bbb9724e-0fad-4b06-9bb0-b8c1c460cded    2010-09-20T21:01:16.744    Process begins (OrderProcessor)

  43349d42-a463-463b-8ddf-e569e3170c97    2010-09-20T21:01:16.745    Validate begins (TrueOrderValidator)

  43349d42-a463-463b-8ddf-e569e3170c97    2010-09-20T21:01:16.745    Validate ends   (TrueOrderValidator)

  44fdccc8-f12d-4057-ae03-791225686504    2010-09-20T21:01:16.746    Collect begins (OrderCollector)

  8bbb1a0c-6134-4652-a4af-cd8c0c7184a0    2010-09-20T21:01:16.746    GetCurrentUser begins (UserContext)

  8bbb1a0c-6134-4652-a4af-cd8c0c7184a0    2010-09-20T21:01:16.747    GetCurrentUser ends   (UserContext)

  d54359ff-8c32-487f-8728-b19ff0bf4942    2010-09-20T21:01:16.747    GetCurrentUser begins (UserContext)

  d54359ff-8c32-487f-8728-b19ff0bf4942    2010-09-20T21:01:16.747    GetCurrentUser ends   (UserContext)

  c54c4506-23a8-4553-ba9a-066fc64252d2    2010-09-20T21:01:16.748    GetSelectedCurrency begins (UserContext)

  c54c4506-23a8-4553-ba9a-066fc64252d2    2010-09-20T21:01:16.748    GetSelectedCurrency ends   (UserContext)

  b3dba76b-6b4e-44fa-aca5-52b2d8509db3    2010-09-20T21:01:16.750    Convert begins (RateExchange)

  b3dba76b-6b4e-44fa-aca5-52b2d8509db3    2010-09-20T21:01:16.751    Convert ends   (RateExchange)

  e07765bd-fe07-4486-96f1-f74d77241343    2010-09-20T21:01:16.751    Collect begins (AccountsReceivable)

  e07765bd-fe07-4486-96f1-f74d77241343    2010-09-20T21:01:16.752    Collect ends   (AccountsReceivable)

  44fdccc8-f12d-4057-ae03-791225686504    2010-09-20T21:01:16.752    Collect ends   (OrderCollector)

  231055d3-4ebb-425d-8d69-fb9c85d9a860    2010-09-20T21:01:16.752    Ship begins (OrderShipper)

  231055d3-4ebb-425d-8d69-fb9c85d9a860    2010-09-20T21:01:16.753    Ship ends   (OrderShipper)

  bbb9724e-0fad-4b06-9bb0-b8c1c460cded    2010-09-20T21:01:16.753    Process ends   (OrderProcessor)

Notice how we care easily see where and when method calls begin and end using the descriptive text as well as the correlation id. I will leave it as an exercise for the reader to come up with an API that provides better parsing options etc.

As a final note it’s worth pointing out that this way of instrumenting an application (or part of it) can be done following the Open/Closed Principle. I never changed the original implementation of any of the components.

There still seems to be some confusion about what is Dependency Injection (DI) and what is a DI Container, so in this post I will try to sort it out as explicitly as possible.

DI is a set of principles and patterns that enable loose coupling.

That’s it; nothing else. Remember that old quote from p. 18 of Design Patterns?

Program to an interface; not an implementation.

This is the concern that DI addresses. The most useful DI pattern is Constructor Injection where we inject dependencies into consumers via their constructors. No container is required to do this.

The easiest way to build a DI-friendly application is to just use Constructor Injection all the way. Conversely, an application does not automatically become loosely coupled when we use a DI Container. Every time application code queries a container we have an instance of the Service Locator anti-pattern. The corollary leads to this variation of the Hollywood Principle:

Don’t call the container; it’ll call you.

A DI Container is a fantastic tool. It’s like a (motorized) mixer: you can whip cream by hand, but it’s easier with a mixer. On the other hand, without the cream the mixer is nothing. The same is true for a DI Container: to really be valuable, your code must employ Constructor Injection so that the container can auto-wire dependencies.

A well-designed application adheres to the Hollywood Principle for DI Containers: it doesn’t call the container. On the other hand, we can use the container to compose the application – or we can do it the hard way; this is called Poor Man’s DI. Here’s an example that uses Poor Man’s DI to compose a complete application graph in a console application:

private static void Main(string[] args)

{

    var msgWriter = new ConsoleMessageWriter();

    new CoalescingParserSelector(

        new IParser[]

        {

            new HelpParser(msgWriter),

            new WineInformationParser(

                new SqlWineRepository(),

                msgWriter)

        })

        .Parse(args)

        .CreateCommand()

        .Execute();

}

Notice how the nested structure of all the dependencies gives you an almost visual idea about the graph. What we have here is Constructor Injection all the way in.

CoalescingParserSelector’s constructor takes an IEnumerable<IParser> as input. Both HelpParser and WineInformationParser requires an IMessageWriter, and WineInformationParser also an IWineRepository. We even pull in types from different assemblies because SqlWineRepository is defined in the SQL Server-based data access assembly.

Another thing to notice is that the msgWriter variable is shared among two consumers. This is what a DI Container normally addresses with its ability to manage component lifetime. Although there’s not a DI Container in sight, we could certainly benefit from one. Let’s try to wire up the same graph using Unity (just for kicks):

private static void Main(string[] args)

{

    var container = new UnityContainer();

    container.RegisterType<IParser, WineInformationParser>("parser.info");

    container.RegisterType<IParser, HelpParser>("parser.help");

    container.RegisterType<IEnumerable<IParser>, IParser[]>();

    container.RegisterType<IParseService, CoalescingParserSelector>();

    container.RegisterType<IWineRepository, SqlWineRepository>();

    container.RegisterType<IMessageWriter, ConsoleMessageWriter>(

        new ContainerControlledLifetimeManager());

    container.Resolve<IParseService>()

        .Parse(args)

        .CreateCommand()

        .Execute();

    container.Dispose();

}

We are using Constructor Injection throughout, and most DI Containers (even Unity, but not MEF) natively understands that pattern. Consequently, this means that we can mostly just map interfaces to concrete types and the container will figure out the rest for us.

Notice that I’m using the Configure-Resolve-Release pattern described by Krzysztof Koźmic. First I configure the container, then I resolve the entire object graph, and lastly I dispose the container.

The main part of the application’s execution time will be spent within the Execute method, which is where all the real application code runs.

In this example I wire up a console application, but it just as well might be any other type of application. In a web application we just do a resolve per web request instead.

But wait! does that mean that we have to resolve the entire object graph of the application, even if we have dependencies that cannot be resolved at run-time? No, but that does not mean that you should pull from the container. Pull from an Abstract Factory instead.

Another question that is likely to arise is: what if I have dependencies that I rarely use? Must I wire these prematurely, even if they are expensive? No, you don’t have to do that either.

In conclusion: there is never any reason to query the container. Use a container to compose your object graph, but don’t rely on it by querying from it. Constructor Injection all the way enables most containers to auto-wire your application, and an Abstract Factory can be a dependency too.

StructureMap offers several different lifetimes, among these two known as PerRequest and Unique respectively. Recently I found myself wondering what was the difference between those two, but a little help from Jeremy Miller put me on the right track.

In short, Unique is equivalent to what Castle Windsor calls Transient: every time an instance of a type is needed, a new instance is created. Even if we need the same service multiple times in the same resolved graph, multiple instances are created.

PerRequest, on the other hand, is a bit special. Each type can be viewed as a Singleton within a single call to GetInstance, but as Transient across different invocations of GetInstance. In other words, the same instance will be shared within a resolved object graph, but if we resolve the same root type once more, we will get a new shared instance – a Singleton local to that graph.

Here are some unit tests I wrote to verify this behavior (recall that PerRequest is StructureMap’s default lifestyle):

[Fact]

public void ResolveServicesWithSameUniqueDependency()

{

    var container = new Container();

    container.Configure(x =>

    {

        var unique = new UniquePerRequestLifecycle();

        x.For<IIngredient>().LifecycleIs(unique)

            .Use<Shrimp>();

        x.For<OliveOil>().LifecycleIs(unique);

        x.For<EggYolk>().LifecycleIs(unique);

        x.For<Vinegar>().LifecycleIs(unique);

        x.For<IIngredient>().LifecycleIs(unique)

            .Use<Vinaigrette>();

        x.For<IIngredient>().LifecycleIs(unique)

            .Use<Mayonnaise>();

        x.For<Course>().LifecycleIs(unique);

    });

    var c1 = container.GetInstance<Course>();

    var c2 = container.GetInstance<Course>();

    Assert.NotSame(

        c1.Ingredients.OfType<Vinaigrette>().Single().Oil,

        c1.Ingredients.OfType<Mayonnaise>().Single().Oil);

    Assert.NotSame(

        c2.Ingredients.OfType<Vinaigrette>().Single().Oil,

        c2.Ingredients.OfType<Mayonnaise>().Single().Oil);

    Assert.NotSame(

        c1.Ingredients.OfType<Vinaigrette>().Single().Oil,

        c2.Ingredients.OfType<Vinaigrette>().Single().Oil);

}

[Fact]

public void ResolveServicesWithSamePerRequestDependency()

{

    var container = new Container();

    container.Configure(x =>

    {

        x.For<IIngredient>().Use<Shrimp>();

        x.For<OliveOil>();

        x.For<EggYolk>();

        x.For<Vinegar>();

        x.For<IIngredient>().Use<Vinaigrette>();

        x.For<IIngredient>().Use<Mayonnaise>();

    });

    var c1 = container.GetInstance<Course>();

    var c2 = container.GetInstance<Course>();

    Assert.Same(

        c1.Ingredients.OfType<Vinaigrette>().Single().Oil,

        c1.Ingredients.OfType<Mayonnaise>().Single().Oil);

    Assert.Same(

        c2.Ingredients.OfType<Vinaigrette>().Single().Oil,

        c2.Ingredients.OfType<Mayonnaise>().Single().Oil);

    Assert.NotSame(

        c1.Ingredients.OfType<Vinaigrette>().Single().Oil,

        c2.Ingredients.OfType<Vinaigrette>().Single().Oil);

}

Notice that in both cases, the OliveOil instances are different across two independently resolved graphs (c1 and c2).

However, within each graph, the same OliveOil instance is shared in the PerRequest configuration, whereas they are different in the Unique configuration.

In the next couple of weeks I will be giving a couple of talks in Copenhagen.

At Community Day 2010 I will be giving two talks on respectively Dependency Injection and TDD.

In early June I will be giving a repeat of my previous CNUG TDD talk.

One of Castle Windsor’s facilities addresses wiring up of WCF services. So far, the sparse documentation for the WCF Facility seems to indicate that you have to configure your container in a global.asax. That’s not much to my liking. First of all, it reeks of ASP.NET, and secondly, it’s not going to work if you expose WCF over protocols other than HTTP.

However, now that we know that a custom ServiceHostFactory is effectively a Singleton, a much better alternative is to derive from the WCF Facility’s DefaultServiceHost class:

public class FooServiceHostFactory : 

    DefaultServiceHostFactory

{

    public FooServiceHostFactory()

        : base(FooServiceHostFactory.CreateKernel())

    {

    }

    private static IKernel CreateKernel()

    {

        var container = new WindsorContainer();

        container.AddFacility<WcfFacility>();

        container.Register(Component

            .For<FooService>()

            .LifeStyle.Transient);

        container.Register(Component

            .For<IBar>()

            .ImplementedBy<Bar>());

        return container.Kernel;

    }

}

Although it feels a little odd to create a container and then not really use it, but only its Kernel property, this works like a charm. It correctly wires up this FooService:

public class FooService : IFooService

{

    private readonly IBar bar;

    public FooService(IBar bar)

    {

        if (bar == null)

        {

            throw new ArgumentNullException("bar");

        }

        this.bar = bar;

    }

    #region IFooService Members

    public string Foo()

    {

        return this.bar.Baz;

    }

    #endregion

}

However, instead of the static CreateKernel method that creates the IKernel instance, I suggest that the WCF Facility utilizes the Factory Method pattern. As the WCF Facility has not yet been released, perhaps there’s still time for that change.

In any case, the WCF Facility saves you from writing a lot of infrastructure code if you would like to wire your WCF services with Castle Windsor.

For a while I’ve been wondering about the lifetime behavior of custom ServiceHostFactory classes hosted in IIS. Does IIS create an instance per request? Or a single instance to handle all requests?

I decided to find out, so I wrote a little test service. The conclusion seems to be that there is only a single instance that servers as a factory for all requests. This is very fortunate, since it gives us an excellent place to host a DI Container. The container can then manage the lifetime of all components, including Singletons that will live for the duration of the process.

If you are curious how I arrived at this conclusion, here’s the code I wrote. I started out with this custom ServiceHostFactory:

public class PocServiceHostFactory : ServiceHostFactory

{

    private static int number = 1;

    public PocServiceHostFactory()

    {

        Interlocked.Increment(

            ref PocServiceHostFactory.number);

    }

    protected override ServiceHost CreateServiceHost(

        Type serviceType, Uri[] baseAddresses)

    {

        return new PocServiceHost(

            PocServiceHostFactory.number, serviceType,

            baseAddresses);

    }

}

The idea is that every time a new instance of ServiceHostFactory is created, the static number is incremented.

The PocServiceHostFactory just forwards the number to the PocServiceHost:

public class PocServiceHost : ServiceHost

{

    public PocServiceHost(int number, Type serviceType,

        Uri[] baseAddresses)

        : base(serviceType, baseAddresses)

    {

        foreach (var cd in 

            this.ImplementedContracts.Values)

        {

            cd.Behaviors.Add(

                new NumberServiceInstanceProvider(

                    number));

        }

    }

}

The PocServiceHost just forwards the number to the NumberServiceInstanceProvider:

public class NumberServiceInstanceProvider : 

    IInstanceProvider, IContractBehavior

{

    private readonly int number;

    public NumberServiceInstanceProvider(int number)

    {

        this.number = number;

    }

    #region IInstanceProvider Members

    public object GetInstance(

        InstanceContext instanceContext,

        Message message)

    {

        return this.GetInstance(instanceContext);

    }

    public object GetInstance(

        InstanceContext instanceContext)

    {

        return new NumberService(this.number);

    }

    public void ReleaseInstance(

        InstanceContext instanceContext,

        object instance)

    {

    }

    #endregion

    #region IContractBehavior Members

    public void AddBindingParameters(

        ContractDescription contractDescription,

        ServiceEndpoint endpoint,

        BindingParameterCollection bindingParameters)

    {

    }

    public void ApplyClientBehavior(

        ContractDescription contractDescription,

        ServiceEndpoint endpoint,

        ClientRuntime clientRuntime)

    {

    }

    public void ApplyDispatchBehavior(

        ContractDescription contractDescription,

        ServiceEndpoint endpoint,

        DispatchRuntime dispatchRuntime)

    {

        dispatchRuntime.InstanceProvider = this;

    }

    public void Validate(

        ContractDescription contractDescription,

        ServiceEndpoint endpoint)

    {

    }

    #endregion

}

The relevant part of NumberServiceInstanceProvider is the GetInstanceMethod that simply forwards the number to the NumberService:

public class NumberService : INumberService

{

    private readonly int number;

    public NumberService(int number)

    {

        this.number = number;

    }

    #region INumberService Members

    public int GetNumber()

    {

        return this.number;

    }

    #endregion

}

As you can see, NumberService simply returns the injected number.

The experiment is now to host NumberService in IIS using PocServiceHostFactory. If there is only one ServiceHostFactory per application process, we would expect that the same number (2) is returned every time we invoke the GetNumber operation. If, on the other hand, a new instance of ServiceHostFactory is created per request, we would expect the number to increase for every request.

To test this I spun up a few instances of WcfTestClient.exe and invoked the operation. It consistently returns 2 across multiple clients and multiple requests. This supports the hypothesis that there is only one ServiceHostFactory per service process.

My book contains a section on the Ambient Context pattern that uses a TimeProvider as an example. It’s used like this:

this.closedAt = TimeProvider.Current.UtcNow;

Yesterday I was TDDing a state machine that consumes TimeProvider and needed to freeze and advance time at different places in the test. Always on the lookout for making unit tests more readable, I decided to have a little fun with literal extensions and TimeProvider. I ended up with this test:

// Fixture setup

var fixture = new WcfFixture();

DateTime.Now.Freeze();

fixture.Register(1.Minutes());

var sut = fixture.CreateAnonymous<CircuitBreaker>();

sut.PutInOpenState();

2.Minutes().Pass();

// Exercise system

sut.Guard();

// Verify outcome

Assert.IsInstanceOfType(sut.State,

    typeof(HalfOpenCircuitState));

// Teardown

There are several items of note. Imagine that we can freeze time!

DateTime.Now.Freeze();

With the TimeProvider and an extension method, we can:

internal static void Freeze(this DateTime dt)

{

    var timeProviderStub = new Mock<TimeProvider>();

    timeProviderStub.SetupGet(tp => tp.UtcNow).Returns(dt);

    TimeProvider.Current = timeProviderStub.Object;

}

This effectively sets up the TimeProvider to always return the same time.

Later in the test I state that 2 minutes pass:

2.Minutes().Pass();

I particularly like the grammatically correct English. This is accomplished with a combination of a literal extension and changing the state of TimeProvider.

First, the literal extension:

internal static TimeSpan Minutes(this int m)

{

    return TimeSpan.FromMinutes(m);

}

Given the TimeSpan returned from the Minutes method, I can now invoke the Pass extension method:

internal static void Pass(this TimeSpan ts)

{

    var previousTime = TimeProvider.Current.UtcNow;

    (previousTime + ts).Freeze();

}

Note that I just add the TimeSpan to the current time and invoke the Freeze extension method with the new value.

Last, but not least, I should point out that the PutInOpenState method isn’t some smelly test-specific method on the SUT, but rather yet another extension method.

I recently had the need to change the lifestyles of all components in a WindsorContainer (read on to the end if you want to know why). This turned out to be amazingly simple to do.

The problem was this: I had numerous components registered in a WindsorContainer, some of them as Singletons, some as Transients and yet again some as PerWebRequest. Configuration was even defined in numerous IWindsorInstallers, including some distributed XML files. I now needed to spin up a second container with the same configuration as the first one, except that the lifestyles should be all Singletons across the board.

This can be easily accomplished by implementing a custom IContributeComponentModelConstruction type. Here’s a simple example:

Consider this IWindsorInstaller:

public class FooInstaller : IWindsorInstaller

{

    #region IWindsorInstaller Members

    public void Install(IWindsorContainer container,

        IConfigurationStore store)

    {

        container.Register(Component

            .For<IFoo>()

            .ImplementedBy<Foo>()

            .LifeStyle.Transient);

    }

    #endregion

}

The important point to notice is that it registers the lifestyle as Transient. In other words, this container will always return new Foo instances:

var container = new WindsorContainer();

container.Install(new FooInstaller());

We can override this behavior by adding this custom IContributeComponentModelConstruction:

public class SingletonEqualizer :

    IContributeComponentModelConstruction

{

    public void ProcessModel(IKernel kernel, 

        ComponentModel model)

    {

        model.LifestyleType = LifestyleType.Singleton;

    }

}

In this very simple example, I always set the lifestyle type to the same value, but obviously we can write as complex code in the ProcessModel method as we would like. We can now configure the container like this:

var container = new WindsorContainer();

container.Kernel.ComponentModelBuilder

    .AddContributor(new SingletonEqualizer());

container.Install(new FooInstaller());

With this configuration we will now get the same instance of Foo every time we Resolve IFoo.

We did I need this? Because my application is a web application and I’m using the PerWebRequest lifestyle in a number of places. However, I needed to spin up a second container that would compose object hierarchies for a background process. This background process needs the same component configuration as the rest of the application, but can’t use the PerWebRequest lifestyle as there will be no web request available to the background process. Hence the need to change lifestyles across the board.

It seems to me that I’ve lately encountered a particular mindset towards Dependency Injection (DI). People seem to think that it’s only really good for replacing one data access implementation with another. Once you get to that point, you know that the following argument isn’t far behind:

“That’s all well and good, but we know for certain that we will never exchange [insert name of RDBMS here] with anything else in this application.”

Apart from the hubris of making such a bold statement about the future of any software endeavor, such a statement reveals the narrow view on DI that its only purpose is for replacing data access components – and perhaps for unit testing.

Those are relevant reasons for using DI, but they are only some of the reasons. Let’s briefly revisit why we employ DI.

We use DI to enable loose coupling.

DI is only a means to an end. Even if you never intend to replace your database and even if you never want to write a single unit test, DI still offers benefits in form of a more maintainable code base. The loose coupling gives you better separation of concerns because it allows you to apply the Open/Closed Principle.

Example coming right up:

Imagine that we need to implement a PrécisViewModel class with a TopSellers property that returns an IEnumerable<string>. To implement this class, we have a data access component. Let’s use the ubiquitous Repository pattern and define IProductRepository to see where that leads us:

public interface IProductRepository

{

    IEnumerable<Product> SelectTopSellers();

}

We can now implement PrécisViewModel like this:

public class PrécisViewModel

{

    private readonly IProductRepository repository;

    public PrécisViewModel(IProductRepository repository)

    {

        if (repository == null)

        {

            throw new ArgumentNullException("repository");

        }

        this.repository = repository;

    }

    public IEnumerable<string> TopSellers

    {

        get

        {

            var topSellers = 

                this.repository.SelectTopSellers();

            return from p in topSellers

                   select p.Name;

        }

    }

}

Nothing fancy is going on here. It’s just straight Constructor Injection at work.

Obviously, we can now implement and use a SQL Server-based repository:

var repository = new SqlProductRepository();

var vm = new PrécisViewModel(repository);

So what does all this loose coupling buy us? It doesn’t seem to help us a lot.

The real benefit is not yet apparent, but it should become more obvious when we start adding requirements. Let’s start with some caching. It turns out that the SelectTopSellers implementation is slow, so we would like to add some caching somewhere.

Where should we add this caching functionality? Without loose coupling, we would more or less be constrained to adding it to either PrécisViewModel or SqlProductRepository, but both have issues:

• First of all we would be violating the Single Responsibility Principle (SRP) in both cases.
• If we implement caching in PrécisViewModel, other consumers of the SelectTopSellers would not benefit from it.
• If we implement caching in SqlProductRepository, it wouldn’t be available for any other IProductRepository implementations.

Since the premise for this post is that we will never use any other database than SQL Server, implementing caching directly in SqlProductRepository sounds like the correct choice, but we would still be violating the SRP, and thus making our code more difficult to maintain.

A better solution is to introduce a caching Decorator like this one:

public class CachingProductRepository : IProductRepository

{

    private readonly ICache cache;

    private readonly IProductRepository repository;

    public CachingProductRepository(

        IProductRepository repository, ICache cache)

    {

        if (repository == null)

        {

            throw new ArgumentNullException("repository");

        }

        if (cache == null)

        {

            throw new ArgumentNullException("cache");

        }

        this.cache = cache;

        this.repository = repository;

    }

    #region IProductRepository Members

    public IEnumerable<Product> SelectTopSellers()

    {

        return this.cache

            .Retrieve<IEnumerable<Product>>("topSellers",

                this.repository.SelectTopSellers);

    }

    #endregion

}

For completeness sake is here the definition of ICache:

public interface ICache

{

    T Retrieve<T>(string key, Func<T> readThrough);

}

The point is that CachingProductRepository extends any IProductRepository we provide to it (including SqlProductRepository) without modifying it. Thus, we have satisfied both the OCP and the SRP.

Just to drive home the point, let us assume that we also wish to record execution times for various methods for purposes of SLA compliance. We can do this by introducing yet another Decorator:

public class PerformanceMeasuringProductRepository : 

    IProductRepository

{

    private readonly IProductRepository repository;

    private readonly IStopwatch stopwatch;

    public PerformanceMeasuringProductRepository(

        IProductRepository repository, 

        IStopwatch stopwatch)

    {

        if (repository == null)

        {

            throw new ArgumentNullException("repository");

        }

        if (stopwatch == null)

        {

            throw new ArgumentNullException("stopwatch");

        }

        this.repository = repository;

        this.stopwatch = stopwatch;

    }

    #region IProductRepository Members

    public IEnumerable<Product> SelectTopSellers()

    {

        var timer = this.stopwatch

            .StartMeasuring("SelectTopSellers");

        var topSellers = 

            this.repository.SelectTopSellers();

        timer.StopMeasuring();

        return topSellers;

    }

    #endregion

}

Once again, we modified neither SqlProductRepository nor CachingProductRepository to introduce this new feature. We can implement security and auditing features by following the same principle.

To me, this is what loose coupling (and DI) is all about. That we can also replace data access components and unit test using dynamic mocks are very fortunate side effects, but the loose coupling is valuable in itself because it enables us to write more maintainable code.

We don’t even need a DI Container to wire up all these repositories (although it sure would be helpful). Here’s how we can do it with Poor Man’s DI:

IProductRepository repository =

    new PerformanceMeasuringProductRepository(

        new CachingProductRepository(

            new SqlProductRepository(), new Cache()

            ),

        new RealStopwatch()

    );

var vm = new PrécisViewModel(repository);

The next time someone on your team claims that you don’t need DI because the choice of RDBMS is fixed, you can tell them that it’s irrelevant. The choice is between DI and Spaghetti Code.

Service Locator is a well-known pattern, and since it was described by Martin Fowler, it must be good, right?

No, it’s actually an anti-pattern and should be avoided.

Let’s examine why this is so. In short, the problem with Service Locator is that it hides a class’ dependencies, causing run-time errors instead of compile-time errors, as well as making the code more difficult to maintain because it becomes unclear when you would be introducing a breaking change.

OrderProcessor example

As an example, let’s pick a hot topic in DI these days: an OrderProcessor. To process an order, the OrderProcessor must validate the order and ship it if valid. Here’s an example using a static Service Locator:

public class OrderProcessor : IOrderProcessor

{

    public void Process(Order order)

    {

        var validator = Locator.Resolve<IOrderValidator>();

        if (validator.Validate(order))

        {

            var shipper = Locator.Resolve<IOrderShipper>();

            shipper.Ship(order);

        }

    }

}

The Service Locator is used as a replacement for the new operator. It looks like this:

public static class Locator

{

    private readonly static Dictionary<Type, Func<object>>

        services = new Dictionary<Type, Func<object>>();

    public static void Register<T>(Func<T> resolver)

    {

        Locator.services[typeof(T)] = () => resolver();

    }

    public static T Resolve<T>()

    {

        return (T)Locator.services[typeof(T)]();

    }

    public static void Reset()

    {

        Locator.services.Clear();

    }

}

We can configure the Locator using the Register method. A ‘real’ Service Locator implementation would be much more advanced than this, but this example captures the gist of it.

This is flexible and extensible, and it even supports replacing services with Test Doubles, as we will see shortly.

Given that, then what could be the problem?

API usage issues

Let’s assume for a moment that we are simply consumers of the OrderProcessor class. We didn’t write it ourselves, it was given to us in an assembly by a third party, and we have yet to look at it in Reflector.

This is what we get from IntelliSense in Visual Studio:

Okay, so the class has a default constructor. That means I can simply create a new instance of it and invoke the Process method right away:

var order = new Order();

var sut = new OrderProcessor();

sut.Process(order);

Alas, running this code surprisingly throws a KeyNotFoundException because the IOrderValidator was never registered with Locator. This is not only surprising, it may be quite baffling if we don’t have access to the source code.

By perusing the source code (or using Reflector) or consulting the documentation (ick!) we may finally discover that we need to register an IOrderValidator instance with Locator (a completely unrelated static class) before this will work.

In a unit test test, this can be done like this:

var validatorStub = new Mock<IOrderValidator>();

validatorStub.Setup(v => v.Validate(order)).Returns(false);

Locator.Register(() => validatorStub.Object);

What is even more annoying is that because the Locator’s internal store is static, we need to invoke the Reset method after each unit test, but granted: that is mainly a unit testing issue.

All in all, however, we can’t reasonably claim that this sort of API provides a positive developer experience.

Maintenance issues

While this use of Service Locator is problematic from the consumer’s point of view, what seems easy soon becomes an issue for the maintenance developer as well.

Let’s say that we need to expand the behavior of OrderProcessor to also invoke the IOrderCollector.Collect method. This is easily done, or is it?

public void Process(Order order)

{

    var validator = Locator.Resolve<IOrderValidator>();

    if (validator.Validate(order))

    {

        var collector = Locator.Resolve<IOrderCollector>();

        collector.Collect(order);

        var shipper = Locator.Resolve<IOrderShipper>();

        shipper.Ship(order);

    }

}

From a pure mechanistic point of view, that was easy – we simply added a new call to Locator.Resolve and invoke IOrderCollector.Collect.

Was this a breaking change?

This can be surprisingly hard to answer. It certainly compiled fine, but broke one of my unit tests. What happens in a production application? The IOrderCollector interface may already be registered with the Service Locator because it is already in use by other components, in which case it will work without a hitch. On the other hand, this may not be the case.

The bottom line is that it becomes a lot harder to tell whether you are introducing a breaking change or not. You need to understand the entire application in which the Service Locator is being used, and the compiler is not going to help you.

Variation: Concrete Service Locator

Can we fix these issues in some way?

One variation commonly encountered is to make the Service Locator a concrete class, used like this:

public void Process(Order order)

{

    var locator = new Locator();

    var validator = locator.Resolve<IOrderValidator>();

    if (validator.Validate(order))

    {

        var shipper = locator.Resolve<IOrderShipper>();

        shipper.Ship(order);

    }

}

However, to be configured, it still needs a static in-memory store:

public class Locator

{

    private readonly static Dictionary<Type, Func<object>>

        services = new Dictionary<Type, Func<object>>();

    public static void Register<T>(Func<T> resolver)

    {

        Locator.services[typeof(T)] = () => resolver();

    }

    public T Resolve<T>()

    {

        return (T)Locator.services[typeof(T)]();

    }

    public static void Reset()

    {

        Locator.services.Clear();

    }

}

In other words: there’s no structural difference between the concrete Service Locator and the static Service Locator we already reviewed. It has the same issues and solves nothing.

Variation: Abstract Service Locator

A different variation seems more in line with true DI: the Service Locator is a concrete class implementing an interface.

public interface IServiceLocator

{

    T Resolve<T>();

}

public class Locator : IServiceLocator

{

    private readonly Dictionary<Type, Func<object>> services;

    public Locator()

    {

        this.services = new Dictionary<Type, Func<object>>();

    }

    public void Register<T>(Func<T> resolver)

    {

        this.services[typeof(T)] = () => resolver();

    }

    public T Resolve<T>()

    {

        return (T)this.services[typeof(T)]();

    }

}

With this variation it becomes necessary to inject the Service Locator into the consumer. Constructor Injection is always a good choice for injecting dependencies, so OrderProcessor morphs into this implementation:

public class OrderProcessor : IOrderProcessor

{

    private readonly IServiceLocator locator;

    public OrderProcessor(IServiceLocator locator)

    {

        if (locator == null)

        {

            throw new ArgumentNullException("locator");

        }

        this.locator = locator;

    }

    public void Process(Order order)

    {

        var validator = 

            this.locator.Resolve<IOrderValidator>();

        if (validator.Validate(order))

        {

            var shipper =

                this.locator.Resolve<IOrderShipper>();

            shipper.Ship(order);

        }

    }

}

Is this good, then?

From a developer perspective, we now get a bit of help from IntelliSense:

What does this tell us? Nothing much, really. Okay, so OrderProcessor needs a ServiceLocator – that’s a bit more information than before, but it still doesn’t tell us which services are needed. The following code compiles, but crashes with the same KeyNotFoundException as before:

var order = new Order();

var locator = new Locator();

var sut = new OrderProcessor(locator);

sut.Process(order);

From the maintenance developer’s point of view, things don’t improve much either. We still get no help if we need to add a new dependency: is it a breaking change or not? Just as hard to tell as before.

Summary

The problem with using a Service Locator isn’t that you take a dependency on a particular Service Locator implementation (although that may be a problem as well), but that it’s a bona-fide anti-pattern. It will give consumers of your API a horrible developer experience, and it will make your life as a maintenance developer worse because you will need to use considerable amounts of brain power to grasp the implications of every change you make.

The compiler can offer both consumers and producers so much help when Constructor Injection is used, but none of that assistance is available for APIs that rely on Service Locator.

You can read more about DI patterns and anti-patterns in my upcoming book.

In a follow-up to his earlier post on Constructor Over-Injection, Jeffrey Palermo changes his stance on Constructor Over-Injection from anti-pattern to the more palatable code smell. In this post I introduce the concept of a Facade Service and outline a refactoring that addresses this code smell.

If I should extract a core message from Jeffrey Palermo’s blog post it would be that it’s a code smell if you have a class that takes too many dependencies in its constructor.

I can only agree, but only so far as it’s a code smell. However, it has nothing to do with DI in general or Constructor Injection specifically. Rather, it’s a smell that indicates a violation of the Single Responsibility Principle (SRP). Let’s review the example constructor:

public OrderProcessor(IOrderValidator validator,

                      IOrderShipper shipper,

                      IAccountsReceivable receivable,

                      IRateExchange exchange,

                      IUserContext userContext)

In this version, I even added IOrderShipper back in as I described in my earlier post. Surely, five constructor parameters are too many.

Constructor Injection makes SRP violations glaringly obvious.

What’s not to like? My personal threshold lies somewhere around 3-4 constructor parameters, so whenever I hit three, I start to consider if I could perhaps aggregate some of the dependencies into a new type.

I call such a type a Facade Service. It’s closely related to Parameter Objects, but the main difference is that a Parameter Object only moves the parameters to a common root, while a Facade Service hides the aggregate behavior behind a new abstraction. While the Facade Service may start its life as a result of a pure mechanistic refactoring, it often turns out that the extracted behavior represents a Domain Concept in its own right. Congratulations: you’ve just move a little closer to adhering to the SRP!

Let’s look at Jeffrey Palermo’s OrderProcessor example. The core implementation of the class is reproduced here (recall that in my version, IOrderShipper is also an injected dependency):

public SuccessResult Process(Order order)

{

    bool isValid = _validator.Validate(order);

    if (isValid)

    {

        Collect(order);

        _shipper.Ship(order);

    }

    return CreateStatus(isValid);

}

private void Collect(Order order)

{

    User user = _userContext.GetCurrentUser();

    Price price = order.GetPrice(_exchange, _userContext);

    _receivable.Collect(user, price);

}

If you examine the code it should quickly become apparent that the Collect method encapsulates a cluster of dependencies: IAccountsReceivable, IRateExchange and IUserContext. In this case it’s pretty obvious because they are already encapsulated in a single private method. In real production code, you may need to perform a series of internal refactorings before a pattern starts to emerge and you can extract an interface that aggregates several dependencies.

Now that we have identified the cluster of dependencies, we can extract an interface that closely resembles the Collect method:

public interface IOrderCollector

{

    void Collect(Order order);

}

In lieu of a better name, I simply chose to call it IOrderCollector, but what’s interesting about extracting Facade Services is that over time, they often turn out to be previously implicit Domain Concepts that we have now dragged out in the open and made explicit.

We can now inject IOrderCollector into OrderProcessor and change the implementation of the private Collect method:

private void Collect(Order order)

{

    _collector.Collect(order);

}

Next, we can remove the redundant dependencies, leaving us with this constructor:

public OrderProcessor(IOrderValidator validator,

                      IOrderShipper shipper,

                      IOrderCollector collector)

With three constructor parameters it’s much more acceptable, but we can always consider repeating the procedure and extract a new Facade Service that aggregates IOrderShipper and IOrderCollector.

The original behavior from the Collect method is still required, but is now implemented in the OrderCollector class:

public class OrderCollector : IOrderCollector

{

    private readonly IUserContext _userContext;

    private readonly IRateExchange _exchange;

    private readonly IAccountsReceivable _receivable;

    public OrderCollector(IAccountsReceivable receivable,

                          IRateExchange exchange,

                          IUserContext userContext)

    {

        _receivable = receivable;

        _exchange = exchange;

        _userContext = userContext;

    }

    #region IOrderCollector Members

    public void Collect(Order order)

    {

        User user = _userContext.GetCurrentUser();

        Price price = 

            order.GetPrice(_exchange, _userContext);

        _receivable.Collect(user, price);

    }

    #endregion

}

Here’s another class with three constructor parameters, which falls within the reasonable range. However, once again, we can begin to consider whether the interaction between IUserContext and the Order could be better modeled.

In outline form, the Introduce Facade Service refactoring follows these steps:

1. Analyze how dependencies interact to identify clusters of behavior.
2. Extract an interface from these clusters.
3. Copy the original implementation to a class that implements the new interface.
4. Inject the new interface into the consumer.
5. Replace the original implementation with a call the new dependency.
6. Remove the redundant dependencies.
7. Rinse and repeat :)

The beauty of Facade Services is that we can keep wrapping one Facade Service in new Facade Services to define more and more coarse-grained building blocks as we get closer and closer to the application boundary.

Keeping each class and its dependencies to simple interactions also makes it much easier to unit test all of them because none of them do anything particularly complex.

Adhering strictly to Constructor Injection makes it easy to see when one violates the SRP and should refactor to an Facade Service.

Update (2011.04.10): In my book I've changed the name of this concept to Facade Service as it more clearly communicates the relationship with the Facade pattern.

Last modified (2011.08.23): Changed all references to Aggregate Service (the old name of the concept) to Facade Service.

In a reaction to Uncle Bob's recent post on Dependency Injection Inversion, Colin Decker writes that he doesn't consider the use of the single Guice @Inject annotation particularly problematic. As I read it, the central argument is that

annotations are not code. By themselves, they do nothing.

I'll have to take that at face value, but if we translate this reasoning to .NET it certainly holds true. Attributes don't do anything by themselves.

I'm not aware of any DI Container for .NET that requires us to sprinkle attributes all over our code to work (I don't consider MEF a DI Container), but for the sake of argument, let's assume that such a container exists (let's call it Needle). Would it be so bad if we had to liberally apply the Needle [Inject] attribute in large parts of our code bases?

Colin suggests no. As usual, my position is that it depends, but in most cases I would consider it bad.

If Needle is implemented like most libraries, InjectAttribute is just one of many types that make up the entire API. Other types would include NeedleContainer and its associated classes.

Java annotations may work differently, but in .NET we need to reference a library to apply one of its attributes. To apply the [Inject] attribute, we would have to reference Needle, and herein lies the problem.

Once Needle is referenced, it becomes much easier for a junior developer to accidentally start directly using other parts of the Needle API. Particularly he or she may start using Needle as a Service Locator. When that happens, Needle is no longer a passive participant of the code, but a very active one, and it becomes much harder to separate the code from the Container.

To paraphrase Uncle Bob: I don't want to write a Needle application.

We can't even protect ourselves from accidental usage by writing a convention-based unit test that fails if Needle is referenced by our code, because it must be referenced for the [Inject] attribute to be applied.

The point is that the attribute drags in a reference to the entire container, which in my opinion is a bad thing.

So when would it be less problematic?

If Needle was implemented in such a way that InjectAttribute was defined in an assembly that only contains that one type, and the rest of Needle was implemented in a different assembly, the attribute wouldn't drag the rest of the container along.

Whether this whole analysis makes sense at all in Java, and whether Guice is implemented like that, I can't say, but in most cases I would consider even a single attribute to be unacceptable pollution of my code base.

Reacting to my previous post, Krzysztof Koźmic was so kind to point out to me that I really should be using an IWindsorInstaller instead of writing the registration code in a static helper method (it did make me cringe a bit).

As it turns out, IWindsorInstaller is not a particularly well-described feature of Castle Windsor, so here's a quick introduction. Fortunately, it is very easy to understand.

The idea is simply to package configuration code in reusable modules (just like the Guice modules from Uncle Bob's post).

Refactoring the bootstrap code from my previous post, I can now move all the container configuration code into a reusable module:

While I was at it, I also changed from the fluent registration API to the generic registration methods as I didn't really need the full API, but I could have left it as it was.

BillingContainerInstaller implements IWindsorInstaller, and I can now configure my container instance like this:

The Install method takes a parameter array of IWindsorInstaller instances, so you can pass as many as you'd like.

About a week ago Uncle Bob published a post on Dependency Injection Inversion that caused quite a stir in the tiny part of the .NET community I usually pretend to hang out with. Twitter was alive with much debate, but Ayende seems to sum up the .NET DI community's sentiment pretty well:

if this is a typical example of IoC usage in the Java world, then [Uncle Bob] should peek over the fence to see how IoC is commonly implemented in the .Net space

Despite having initially left a more or less positive note to Uncle Bob's post, after having re-read it carefully, I am beginning to think the same, but instead of just telling everyone how much greener the grass is on the .NET side, let me show you.

First of all, let's translate Uncle Bob's BillingService to C#:

It's nice how easy it is to translate Java code to C#, but apart from casing and other minor deviations, let's focus on the main difference. I've added Guard Clauses to protect the injected dependencies against null values as I consider this an essential and required part of Constructor Injection – I think Uncle Bob should have added those as well, but he might have omitted them for brevity.

If you disregard the Guard Clauses, the C# version is a logical line of code shorter than the Java version because it has no DI attribute like Guice's @Inject.

Does this mean that we can't do DI with the C# version of BillingService? Uncle Bob seems to imply that we can do Dependency Inversion, but not Dependency Injection - or is it the other way around? I can't really make head or tails of that part of the post…

The interesting part is that in .NET, there's no difference! We can use DI Containers with the BillingService without sprinkling DI attributes all over our code base. The BillingService class has no reference to any DI Container.

It does, however, use the central DI pattern Constructor Injection. .NET DI Containers know all about this pattern, and with .NET's static type system they know all they need to know to wire dependencies up correctly. (I thought that Java had a static type system as well, but perhaps I am mistaken.) The .NET DI Containers will figure it out for you – you don't have to explicitly tell them how to invoke a constructor with two parameters.

We can write an entire application by using Constructor Injection and stacking dependencies without ever referencing a container!

Like the Lean concept of the Last Responsible Moment, we can wait until the application's entry point to decide how we will wire up the dependencies.

As Uncle Bob suggests, we can use Poor Man's DI and manually create the dependencies directly in Main, but as Ayende correctly observes, that only looks like an attractive alternative because the example is so simple. For complex dependency graphs, a DI Container is a much better choice.

With the C# version of BillingService, which DI Container must we select?

It doesn't matter: we can choose whichever one we would like because we have been following patterns instead of using a framework.

Here's an example of an implementation of Main using Castle Windsor:

This looks a lot like Uncle Bob's first Guice example, but instead of injecting a BillingModule into the container, we can configure it inline or in a helper method:

This corresponds more or less to the Guice-specific BillingModule, although Windsor also requires us to register the concrete BillingService as a component (this last step varies a bit from DI Container to DI Container – it is, for example, redundant in Unity).