As an experiment, I recently tried developing HelloWorld using a "test driven" approach.
You can review the commit history on GitHub.
In Java, HelloWorld is a one-liner -- except that you are trapped in the Kingdom of Nouns, so there is boilerplate to manage.
Now you can implement HelloWorld in a perfectly natural way, and test it -- System.setOut allows you to replace the stream, so the write happens to a buffer that is under the control of the test.
It's not entirely clear to me what happens, however, if you have multiple tests concurrently writing to that stream. The synchronization primitives ensure that each write is atomic, but there is a lot of time for the stream to be corrupted with other writes by the time the test harness gets to inspect the result.
This is why we normally design our tests so that they are isolated from shared mutable state; we want predictable results. So in HelloWorld, this means we need to be able to ensure that the write happens to an isolated, rather than a shared stream.
So instead of testing HelloWorld::main, we end up testing HelloWorld.writeTo, or some improved spelling of the same idea.
Another pressure that shows up quickly is duplication - the byte sequence we want to test needs to be written into both the test and the implementation. Again, we've learned patterns for dealing with that -- the data should move toward the test, so we have a function that accepts a message/prompt as an argument (in addition to passing along the target stream). As an added bonus, we get a more general implementation for free.
Did we really need a more general implementation of HelloWorld?
Another practice that I associate with TDD is using the test as an example of how the subject may be used -- if the test is clumsy, then that's a hint that maybe the API needs some work. The test needs a mutable buffer, and a PrintStream around it, and then needs to either unpack the contents of the buffer or express the specification as a byte array, when the natural primitive to use is a String literal.
You can, indeed, simplify the API, replacing the buffer with a useful object that serves a similar role. At which point you either have two parallel code paths in your app (duplication of idea), or you introduce a bunch of additional composition so that the main logic always sees the same interface.
Our "testable" code turns more and more into spaghetti.
Now, it's possible that I simply lack imagination, and that once all of these tests are in place, you'll be able to refactor your way to an elegant implementation. But to me, it looks like a trash fire.
There's a lesson here, and I think it is: left-pad.
Which is to say, not only is HelloWorld "so simple that there are obviously no deficiencies", but also that it is too simple to share; which is to say, the integration cost required to share the element exceeds the costs of writing it from scratch each time you need it.
Expressed a different way: there is virtually no chance that the duplication is going to burn you, because once written the implementation will not require any kind of coordinated future change (short of a massive incompatibility being introduced in the language runtime itself, in which case you are going to have bigger fires to fight).
Showing posts with label java. Show all posts
Showing posts with label java. Show all posts
Friday, February 8, 2019
Wednesday, October 10, 2018
Event Sourcing: Lessons on failure, part one.
I've written a couple of solo projects using "event sourcing", failing miserably at them because I failed to properly understand how to properly apply that pattern to the problem I was attempting to solve.
My preparation for the draft was relatively straight forward - I would attempt to build many ranked lists of players that I was potentially interested in claiming for my team, and during the draft I would look at these lists, filtering out the players that had already been selected.
So what I needed was a simple way to track lists of all of the players that had already been drafted, so that they could be excluded from my lists. Easy.
Getting all of this support right requires being able to accurately report on all of the players who were drafted. Which in turn means managing a database of players, and keeping it up to date when somebody chooses to draft a player that I hadn't been tracking, and dealing with the variations in spellings, and the fact that players change names and so on.
But for MVP, I didn't need this grief. I had already uniquely identified all of the players that I was specifically interested in. I just needed to keep track of those players; so long as I had all of the people I was considering in the player registry, and could track which of those had been taken (no need to worry about order, and I was tracking my own choices separately anyway).
What I was really doing was caching outcomes from the real world process into my system. In other words, I should have been thinking of my inputs as a stream of events, not commands, and arranging for the system to detect and warn about conflicts, rather than rejecting messages that would introduce a conflict.
There was no particular urgency about matching picks with identifiers of players in the registry, or in registering players who were not part of the registry. All of that math could be delayed a hundred milliseconds without anybody noticing.
Because I was trying to track the draft faithfully (not realizing until later that doing so wasn't strictly necessary for my use case), I would stop the program when my registry had a data error. The registry itself was just dumb bytes on disk; any query I ran against the database was a query against "now". So changing the entries in the registry would change the behavior of my program during "replay".
So old messages would break, or do something new, screwing up the replay until I went into the "immutable" journal to fix the input errors by hand.
Part 1: Fantasy Draft Automation
I came into event sourcing somewhat sideways - I had first discovered the LMAX disruptor around March of 2013. That gave me my entry into the idea that state could be message driven. I decided, after some reading and experimenting, that a message driven approach could be used to implement a tool I needed for my fantasy baseball draft.My preparation for the draft was relatively straight forward - I would attempt to build many ranked lists of players that I was potentially interested in claiming for my team, and during the draft I would look at these lists, filtering out the players that had already been selected.
So what I needed was a simple way to track lists of all of the players that had already been drafted, so that they could be excluded from my lists. Easy.
Failure #1: Scope creep
My real ambition for this system was that it would support all of the owners, including helping them to track what was going on in the draft while they were away. So web pages, and twitter, and atom feeds, and REST, and so on.Getting all of this support right requires being able to accurately report on all of the players who were drafted. Which in turn means managing a database of players, and keeping it up to date when somebody chooses to draft a player that I hadn't been tracking, and dealing with the variations in spellings, and the fact that players change names and so on.
But for MVP, I didn't need this grief. I had already uniquely identified all of the players that I was specifically interested in. I just needed to keep track of those players; so long as I had all of the people I was considering in the player registry, and could track which of those had been taken (no need to worry about order, and I was tracking my own choices separately anyway).
Failure #2: Where is the book of record?
A second place where I failed was in understanding that my system wasn't the book of record for the actions of the draft. I should have noticed that we had been drafting for years without this database. And over the years we've worked out protocols for unwinding duplicated picks, and resolving ambiguity.What I was really doing was caching outcomes from the real world process into my system. In other words, I should have been thinking of my inputs as a stream of events, not commands, and arranging for the system to detect and warn about conflicts, rather than rejecting messages that would introduce a conflict.
There was no particular urgency about matching picks with identifiers of players in the registry, or in registering players who were not part of the registry. All of that math could be delayed a hundred milliseconds without anybody noticing.
Failure #3: Temporal queries
The constraints that the system with were trying to enforce the rules that only players in the player registry could be selected, and that each player in the registry could only be selected once. In addition to the fact that wasn't the responsibility of the system, it was complicated by the fact that the player registry wasn't static.Because I was trying to track the draft faithfully (not realizing until later that doing so wasn't strictly necessary for my use case), I would stop the program when my registry had a data error. The registry itself was just dumb bytes on disk; any query I ran against the database was a query against "now". So changing the entries in the registry would change the behavior of my program during "replay".
Failure #4: Compatibility
Somewhat related to the above - I wasn't always being careful to ensure that the domain logic was backwards compatible with the app that wrote the messages, nor did my message journal have any explicit markers in it to track when message traffic should switch to the new handlers.So old messages would break, or do something new, screwing up the replay until I went into the "immutable" journal to fix the input errors by hand.
Failure #5: Messages
My message schemas, such as they were, were just single lines of text - really just a transcript of what I was typing at the interactive shell. And my typing sucks, so I was deliberately making choices to minimize typing. Which again made it harder to support change.Kata: Refactor the Wumpus
I've shared a Java port of Hunt the Wumpus on Github.
https://github.com/DanilSuits/refactor-the-wumpus
The port is deliberately dreadful -- I tried to simulate a legacy code base by adhering as closely as I could manage, both in structure and in style, to the original.
Java doesn't have a useful goto, and I needed line number hints to keep track of where I was in the source code, so I've introduced a few awful names as well.
But there is a battery of tests available: record-and-playback of my implementation through a number of potentially interesting transcripts.
The argument for a feature flag goes something like this: what I'm really doing is introducing a change in behavior that should not be visible at run time - a dark deploy, so to speak. Therefore, all of the techniques for doing that are in bounds.
It took a bit of trial and error before I hit on the right mechanism for implementing the changed behavior. The code in the repository is only a sketch (the object of this exercise is _wumpus_, not feature flags), but if you squint you may be able to see Mark Seemann's ideas taking form.
With the tests in place to manage expectations, you can then engage the Simple Design Dynamo and get to work. I think in practice this particular exercise is biased more toward improve names than it is toward remove duplication, because of the style of the original.
https://github.com/DanilSuits/refactor-the-wumpus
The port is deliberately dreadful -- I tried to simulate a legacy code base by adhering as closely as I could manage, both in structure and in style, to the original.
Java doesn't have a useful goto, and I needed line number hints to keep track of where I was in the source code, so I've introduced a few awful names as well.
But there is a battery of tests available: record-and-playback of my implementation through a number of potentially interesting transcripts.
The key thing is that correct behavior is defined by what the set of classes did yesterday -- Michael FeathersProducing stable, repeatable behaviors took a bit of thinking, but I was able to work out (eventually) that feature flags were the right approach. By accident, I got part of the way there early; I had elected to make the record-and-playback tests an optional part of the build via maven profiles.
The argument for a feature flag goes something like this: what I'm really doing is introducing a change in behavior that should not be visible at run time - a dark deploy, so to speak. Therefore, all of the techniques for doing that are in bounds.
It took a bit of trial and error before I hit on the right mechanism for implementing the changed behavior. The code in the repository is only a sketch (the object of this exercise is _wumpus_, not feature flags), but if you squint you may be able to see Mark Seemann's ideas taking form.
With the tests in place to manage expectations, you can then engage the Simple Design Dynamo and get to work. I think in practice this particular exercise is biased more toward improve names than it is toward remove duplication, because of the style of the original.
Make the change easy, then make the easy change. -- Kent BeckMy guess is that rather than trying to attack the code base as a whole, that it may be more effective to work toward particular goals. Parnas taught us to limit the visibility of design decisions, so that we might more easily change them. So look through the code for decisions that we might want to change.
- The existing code implements its own interactive shell; how would we change the code to replace it with a library?
- The interface for making a move or shooting an arrow is a bit clumsy, can it be replaced?
- What changes do we need to support a web version, where each input from the player occurs in its own session.
- Knowing the layout of the tunnel system gives the hunter a significant advantage when shooting arrows. We could disguise the hunter's location by using randomized names.
- Can we change the system to support mazes of different size? Mazes with more tunnels? Mazes where the rooms are not symmetric, with "missing" tunnels? Mazes with more/fewer hazards?
- Does the language need to be English?
Friday, October 23, 2015
Can we enforce the transaction consistency boundaries with interfaces?
Maybe.
Let's first consider the case where we have an aggregate which includes a reference to another aggregate. That's perfectly reasonable, provided that the business is satisfied that coordinated changes between the aggregates are eventually consistent.
Now, each of the aggregates has their own commands (each changing their own state). Best practices suggest that we should only be modifying one aggregate per transaction; in other words, we should only be running command(s?) on one aggregate or the other.
Can we organize our code to enforce that?
I've been chewing on a remark from Greg Young, that getters and setters are evil. Setters, sure -- setters should instead be commands, written in the Ubiquitous Language. But getters? how on earth are you going to do anything useful with another object if you can't read it? What are you going to do with a Specification that can't read the object it is supposed to constrain?
I've chosen, for the moment, to understand his comment in this way: getters and setters have no place in the model; getters are perfectly acceptable in an immutable projection.
I'm borrowing these two ideas from Greg;which I believe he lifted from an earlier generation of CQRS experts [wrong - Greg is the earlier generation of CQRS experts]. Commands are sent to the model, which is optimized for validating and calculate all changes. Queries are sent to a projection -- there can be several -- which is optimized for reads, but may be stale.
So if we send a command to a model, and the execution of that command required state from some other aggregate, then we need to hydrate the appropriate projection of the remote aggregate.
I had been blocked on this until recently, because I couldn't see past needing a getter to obtain the reference to the remote aggregate to do the hydration.
But the answer to that puzzle is to pass a DomainService as one of the arguments in the command. The root can look up the referenceId without needing to expose it, and pass that value to the service to get back an immutable projection with precisely the data that it needs.
Essentially, we are building into the signature of the command the contract that promises we won't change anybody else.
Two use cases where I need more thought. The first is factory commands; calls into this aggregate to create a new instance of that aggregate. The second is a query on this aggregate to run a command on that one.
Another perspective on the problem: if the other aggregate is responsible for a business invariant, then it may throw a checked exception. I don't see how I can claim to be implementing a query that changes the model (in another aggregate), or an immutable object that throws exceptions.
My guess right now is that You Don't Do That. Instead, some hand waving happens in the Application Service fronting this mess that gets all the dancers on the correct step.
Let's first consider the case where we have an aggregate which includes a reference to another aggregate. That's perfectly reasonable, provided that the business is satisfied that coordinated changes between the aggregates are eventually consistent.
Now, each of the aggregates has their own commands (each changing their own state). Best practices suggest that we should only be modifying one aggregate per transaction; in other words, we should only be running command(s?) on one aggregate or the other.
Can we organize our code to enforce that?
I've been chewing on a remark from Greg Young, that getters and setters are evil. Setters, sure -- setters should instead be commands, written in the Ubiquitous Language. But getters? how on earth are you going to do anything useful with another object if you can't read it? What are you going to do with a Specification that can't read the object it is supposed to constrain?
I've chosen, for the moment, to understand his comment in this way: getters and setters have no place in the model; getters are perfectly acceptable in an immutable projection.
I'm borrowing these two ideas from Greg;
So if we send a command to a model, and the execution of that command required state from some other aggregate, then we need to hydrate the appropriate projection of the remote aggregate.
I had been blocked on this until recently, because I couldn't see past needing a getter to obtain the reference to the remote aggregate to do the hydration.
But the answer to that puzzle is to pass a DomainService as one of the arguments in the command. The root can look up the referenceId without needing to expose it, and pass that value to the service to get back an immutable projection with precisely the data that it needs.
Essentially, we are building into the signature of the command the contract that promises we won't change anybody else.
Two use cases where I need more thought. The first is factory commands; calls into this aggregate to create a new instance of that aggregate. The second is a query on this aggregate to run a command on that one.
Another perspective on the problem: if the other aggregate is responsible for a business invariant, then it may throw a checked exception. I don't see how I can claim to be implementing a query that changes the model (in another aggregate), or an immutable object that throws exceptions.
My guess right now is that You Don't Do That. Instead, some hand waving happens in the Application Service fronting this mess that gets all the dancers on the correct step.
Subscribe to:
Posts (Atom)