An initial proof of concept of applicative assertions in C# by Mark Seemann
Worthwhile? Not obviously.
This article is the first instalment in a small articles series about applicative assertions. It explores a way to compose assertions in such a way that failure messages accumulate rather than short-circuit. It assumes that you've read the article series introduction.
Assertions are typically based on throwing exceptions. As soon as one assertion fails, an exception is thrown and no further assertions are evaluated. This is normal short-circuiting behaviour of exceptions. In some cases, however, it'd be useful to keep evaluating other assertions and collect error messages.
This article series explores an intriguing idea to address such issues: Use an applicative functor to collect multiple assertion messages. I started experimenting with the idea to see where it would lead. The article series serves as a report of what I found. It is neither a recommendation nor a caution. I still find the idea interesting, but I'm not sure whether the complexity is warranted.
Example scenario #
A realistic example is often illustrative, although there's a risk that the realism carries with it some noise that detracts from the core of the matter. I'll reuse an example that I've already discussed and explained in greater detail. The code is from the code base that accompanies my book Code That Fits in Your Head.
This test has two independent assertions:
[Theory] [InlineData(884, 18, 47, "c@example.net", "Nick Klimenko", 2)] [InlineData(902, 18, 50, "emot@example.gov", "Emma Otting", 5)] public async Task DeleteReservation( int days, int hours, int minutes, string email, string name, int quantity) { using var api = new LegacyApi(); var at = DateTime.Today.AddDays(days).At(hours, minutes) .ToIso8601DateTimeString(); var dto = Create.ReservationDto(at, email, name, quantity); var postResp = await api.PostReservation(dto); Uri address = FindReservationAddress(postResp); var deleteResp = await api.CreateClient().DeleteAsync(address); Assert.True( deleteResp.IsSuccessStatusCode, $"Actual status code: {deleteResp.StatusCode}."); var getResp = await api.CreateClient().GetAsync(address); Assert.Equal(HttpStatusCode.NotFound, getResp.StatusCode); }
The test exercises the REST API to first create a reservation, then delete it, and finally check that the reservation no longer exists. Two independent postconditions must be true for the test to pass:
- The
DELETErequest must result in a status code that indicates success. - The resource must no longer exist.
It's conceivable that a bug might fail one of these without invalidating the other.
As the test is currently written, it uses xUnit.net's standard assertion library. If the Assert.True verification fails, the Assert.Equal statement isn't evaluated.
Assertions as validations #
Is it possible to evaluate the Assert.Equal postcondition even if the first assertion fails? You could use a try/catch block, but is there a more composable and elegant option? How about an applicative functor?
Since I was interested in exploring this question as a proof of concept, I decided to reuse the machinery that I'd already put in place for the article An applicative reservation validation example in C#: The Validated class and its associated functions. In a sense, you can think of an assertion as a validation of a postcondition.
This is not a resemblance I intend to carry too far. What I learn by experimenting with Validated I can apply to a more appropriately-named class like Asserted.
Neither of the two above assertions return a value; they are one-stop assertions. If they succeed, they return nothing; if they fail, they produce an error.
It's possible to model this kind of behaviour with Validated. You can model a collection of errors with, well, a collection. To keep the proof of concept simple, I decided to use a collection of strings: IReadOnlyCollection<string>. To model 'nothing' I had to add a unit type:
public sealed class Unit { private Unit() { } public readonly static Unit Value = new Unit(); }
This enabled me to define assertions as Validated<IReadOnlyCollection<string>, Unit> values: Either a collection of error messages, or nothing.
Asserting truth #
Instead of xUnit.net's Assert.True, you can now define an equivalent function:
public static Validated<IReadOnlyCollection<string>, Unit> AssertTrue( this bool condition, string message) { return condition ? Succeed<IReadOnlyCollection<string>, Unit>(Unit.Value) : Fail<IReadOnlyCollection<string>, Unit>(new[] { message }); }
It simply returns a Success value containing nothing when condition is true, and otherwise a Failure value containing the error message.
You can use it like this:
var assertResponse = Validated.AssertTrue( deleteResp.IsSuccessStatusCode, $"Actual status code: {deleteResp.StatusCode}.");
Later in the article you'll see how this assertion combines with another assertion.
Asserting equality #
Instead of xUnit.net's Assert.Equal, you can also define a function that works the same way but returns a Validated value:
public static Validated<IReadOnlyCollection<string>, Unit> AssertEqual<T>( T expected, T actual) { return Equals(expected, actual) ? Succeed<IReadOnlyCollection<string>, Unit>(Unit.Value) : Fail<IReadOnlyCollection<string>, Unit>(new[] { $"Expected {expected}, but got {actual}." }); }
The AssertEqual function first uses Equals to compare expected with actual. If the result is true, the function returns a Success value containing nothing; otherwise, it returns a Failure value containing a failure message. Since this is only a proof of concept, the failure message is useful, but minimal.
Notice that this function returns a value of the same type (Validated<IReadOnlyCollection<string>, Unit>) as AssertTrue.
You can use the function like this:
var assertState = Validated.AssertEqual(HttpStatusCode.NotFound, getResp.StatusCode);
Again, you'll see how to combine this assertion with the above assertResponse value later in this article.
Evaluating assertions #
The DeleteReservation test only has two independent assertions, so in my proof of concept, all I needed to do was to figure out a way to combine two applicative assertions into one, and then evaluate it. This rather horrible method does that:
public static void RunAssertions( Validated<IReadOnlyCollection<string>, Unit> assertion1, Validated<IReadOnlyCollection<string>, Unit> assertion2) { var f = Succeed<IReadOnlyCollection<string>, Func<Unit, Unit, Unit>>((_, __) => Unit.Value); Func<IReadOnlyCollection<string>, IReadOnlyCollection<string>, IReadOnlyCollection<string>> combine = (x, y) => x.Concat(y).ToArray(); Validated<IReadOnlyCollection<string>, Unit> composition = f .Apply(assertion1, combine) .Apply(assertion2, combine); string errors = composition.Match( onFailure: f => string.Join(Environment.NewLine, f), onSuccess: _ => string.Empty); if (!string.IsNullOrEmpty(errors)) throw new Exception(errors);
C# doesn't have good language features for applicative functors the same way that F# and Haskell do, and although you can use various tricks to make the programming experience better that what is on display here, I was still doing a proof of concept. If it turns out that this approach is useful and warranted, we can introduce some of the facilities to make the API more palatable. For now, though, we're dealing with all the rough edges.
The way that applicative functors work, you typically use a 'lifted' function to combine two (or more) 'lifted' values. Here, 'lifted' means 'being inside the Validated container'.
Each of the assertions that I want to combine has the same type: Validated<IReadOnlyCollection<string>, Unit>. Notice that the S (success) generic type argument is Unit in both cases. While it seems redundant, formally I needed a 'lifted' function to combine two Unit values into a single value. This single value can (in principle) have any type I'd like it to have, but since you can't extract any information out of a Unit value, it makes sense to use the monoidal nature of unit to combine two into one.
Basically, you just ignore the Unit input values because they carry no information. Also, they're all the same value anyway, since the type is a Singleton. In its 'naked' form, the function might be implemented like this: (_, __) => Unit.Value. Due to the ceremony required by the combination of C# and applicative functors, however, this monoidal binary operation has to be 'lifted' to a Validated value. That's the f value in the RunAssertions function body.
The Validated.Apply function requires as an argument a function that combines the generic F (failure) values into one, in order to deal with the case where there's multiple failures. In this case F is IReadOnlyCollection<string>. Since declarations of Func values in C# requires explicit type declaration, that's a bit of a mouthful, but the combine function just concatenates two collections into one.
The RunAssertions method can now Apply both assertion1 and assertion2 to f, which produces a combined Validated value, composition. It then matches on the combined value to produce a string value. If there are no assertion messages, the result is the empty string; otherwise, the function combines the assertion messages with a NewLine between each. Again, this is proof-of-concept code. A more robust and flexible API (if warranted) might keep the errors around as a collection of strongly typed Value Objects.
Finally, if the resulting errors string is not null or empty, the RunAssertions method throws an exception with the combined error message(s). Here I once more invoked my proof-of-concept privilege to throw an Exception, even though the framework design guidelines admonishes against doing so.
Ultimately, then, the assert phase of the test looks like this:
var assertResponse = Validated.AssertTrue( deleteResp.IsSuccessStatusCode, $"Actual status code: {deleteResp.StatusCode}."); var getResp = await api.CreateClient().GetAsync(address); var assertState = Validated.AssertEqual(HttpStatusCode.NotFound, getResp.StatusCode); Validated.RunAssertions(assertResponse, assertState);
The rest of the test hasn't changed.
Outcomes #
Running the test with the applicative assertions passes, as expected. In order to verify that it works as it's supposed to, I tried to sabotage the System Under Test (SUT) in various ways. First, I made the Delete method that handles DELETE requests a no-op, while still returning 200 OK. As you'd expect, the result is a test failure with this message:
Message: System.Exception : Expected NotFound, but got OK.
This is the assertion that verifies that getResp.StatusCode is 404 Not Found. It fails because the sabotaged Delete method doesn't delete the reservation.
Then I further sabotaged the SUT to also return an incorrect status code (400 Bad Request), which produced this failure message:
Message: System.Exception : Actual status code: BadRequest. Expected NotFound, but got OK.
Notice that the message contains information about both failure conditions.
Finally, I re-enabled the correct behaviour (deleting the reservation from the data store) while still returning 400 Bad Request:
Message: System.Exception : Actual status code: BadRequest.
As desired, the assertions collect all relevant failure messages.
Conclusion #
Not surprisingly, it's possible to design a composable assertion API that collects multiple failure messages using an applicative functor. Anyone who knows how applicative validation works would have been able to predict that outcome. That's not what the above proof of concept was about. What I wanted to see was rather how it would play out in a realistic scenario, and whether using an applicative functor is warranted.
Applicative functors don't gel well with C#, so unsurprisingly the API is awkward. It's likely possible to smooth much of the friction, but without good language support and syntactic sugar, it's unlikely to become idiomatic C#.
Rather than taking the edge off the unwieldy API, the implementation of RunAssertions suggests another alternative.
