james mckay dot net
because there are few things that are less logical than business logic

The state of IOC containers in ASP.NET Core

One of the first things that I had to do at my new job was to research the IOC container landscape for ASP.NET Core. Up to now we’ve been using the built-in container, but it’s turned out to be pretty limited in what it can do, so I’ve spent some time looking into the alternatives.

There is no shortage of IOC containers in the .NET world, some of them with a history stretching as far back as 2004. But with the arrival of .NET Core, Microsoft has now made dependency injection a core competency baked right into the heart of the framework, with an official abstraction layer to allow you to slide in whichever one you prefer.

This is good news for application developers. It is even better news for developers of libraries and NuGet packages, as they can now plug straight into whatever container their consumer uses, and no longer have to either do dependency injection by hand or to include their own copies of TinyIOC. But for developers of existing containers, it has caused a lot of headaches. And this means that not all IOC containers are created equal.

Conforming Containers in .NET Core

Originally, the .NET framework provided just a simple abstraction layer for IOC containers to implement: the IServiceProvider interface. This consisted of a single method, GetService(Type t). As such, all an IOC container was expected to do was to return a specific service type, and let the consumer do with it what it liked.

But there’s a whole lot more to dependency injection than just returning a service that you’re asked for. IOC containers also have to register the types to be resolved, and then — if required to do so — to manage their lifecycles, calling .Dispose() on any IDisposable instances at the appropriate time. When you add in the possibility of nested scopes and custom lifecycles, it quickly becomes clear that there’s much more to it than just resolving services.

And herein lies the problem. For with the introduction of Microsoft.Extensions.DependencyInjection and its abstractions, Microsoft now expects containers to provide a common interface to handle registration and lifecycle management as well.

This kind of abstraction is called a Conforming Container. The specification that conforming containers have to follow is defined in a set of more than fifty specification tests in the ASP.NET Dependency Injection repository on GitHub. It includes such requirements as:

  • When you register multiple services for a given type, when you request one, the one that you get back has to be the last one registered.
  • When you request all of them, they have to be returned in the order that they were registered.
  • When a container is disposed, it has to dispose services in the reverse order to that in which they were created.
  • There are also rules around which constructor to choose, registration of open generics, requesting types that haven’t been registered, resolving types lazily (Func<TService> or Lazy<TService>) and a whole lot more.

These specification tests are also available as a NuGet package.

There are two points worth noting here. First, conforming containers MUST pass these tests otherwise they will break ASP.NET Core or third party libraries. Secondly, some of these requirements simply cannot be catered for in an abstraction layer around your IOC container of choice. If a container disposes services in the wrong order, for example, there is nothing you can do about it. Cases such as these require fundamental and often complex changes to how your container works that in some cases might be breaking changes.

For what it’s worth, this is a salutary lesson for anyone who believes that they can make their data access layer swappable simply by wrapping it in an IRepository<T> and multiple sets of models. Data access layers are far more complicated than IOC containers, and the differences between containers are small change compared to what you’ll need to cater for if you want to swap out your DAL. As for making entire frameworks swappable, I’m sorry Uncle Bob, but you’re simply living in la-la land there.

All containers are equal, but some are more equal than others

So should we just stick with the default container? While many developers will, that is not Microsoft’s intention. The built in container was explicitly made as simple as possible and is severely lacking in useful features. It can not resolve unregistered concrete instances, for example. Nor does it implicitly register Func<T> or Lazy<T> (though the latter can be explicitly registered as an open generic). Nor does it have any form of validation or convention-based registration. It is quite clear that they want us to swap it out for an alternative implementation of our choice.

However, this is easier said than done. Not all IOC containers have managed to produce an adapter that conforms to Microsoft’s specifications. Those that have, have experienced a lot of pain in doing so, and in some cases have said that there will be behavioral differences that won’t be resolved.

For example, the authors of SimpleInjector have said that some of their most innovative features — specifically, those that support strong, early validation of your registrations — are simply not compatible with Microsoft’s abstractions. Travis Illig, one of the authors of Autofac, noted that some of the problems he faced were incredibly complex. Several commenters on the ASP.NET Dependency Injection GitHub repo expressed concerns that the abstraction is fragile with a very high risk that any changes will be breaking ones.

There are also concerns that third party library developers might only test against the default implementation and that subtle differences between containers, which are not covered by the specification, may end up causing problems. Additionally, there is a concern that by mandating a standard set of functionality that all containers MUST implement, Microsoft might be stifling innovation, by making it hard (or even impossible) to implement features that nobody else had thought of yet.

But whether we like it or not, that is what Microsoft has decided, and that is what ASP.NET Core expects.

Build a better container?

So what is one to do? While these issues are certainly a massive headache for authors of existing IOC containers, it remains to be seen whether they are an issue for authors of new containers, written from scratch to implement the Microsoft specification from the ground up.

This is the option adopted by Jeremy Miller, the author of StructureMap. He recently released a new IOC container called Lamar, which, while it offers a similar API to StructureMap’s, has been rebuilt under the covers from the ground up, with the explicit goal of conforming to Microsoft’s specification out of the box.

Undoubtedly, there will be other new .NET IOC containers coming on the scene that adopt a similar approach. In fact, I think this is probably a good way forward, because it will allow for a second generation of containers that have learned the lessons of the past fifteen years and are less encumbered with cruft from the past.

Whether or not the concerns expressed by authors of existing containers will also prove to be a problem for authors of new containers remains to be seen. I personally think that in these cases, the concerns may be somewhat overblown, but whether or not that turns out to be the case remains to be seen. It will be interesting to see what comes out in the wash.

Just how clean is Uncle Bob’s Clean Architecture?

A colleague asked me the other day what I thought about “Uncle Bob” Robert C Martin’s Clean Architecture.

It’s admittedly not something to which I’ve given much thought. I’ve always had a lot of respect for Uncle Bob and his crusade for greater standards of professionalism and craftsmanship in software development. I have two of his books — Clean Code and The Clean Coder — and I heartily recommend them to software professionals everywhere.

But I hadn’t given much thought to what he says about architecture in particular, so I thought I’d check it out.

He has written a whole book about the subject. I haven’t read it in its entirety yet, but he also wrote a short summary in a blog post back in 2012. He illustrates it with this diagram:

The Clean Achitecture

It’s basically a different way of layering your application — one that rethinks what goes where. That’s fair enough. One of the things that a clean architecture needs to deliver is clear, unambiguous guidelines about what exactly goes where. A lot of confusion in many codebases arises from a lack of clarity on this one.

But the other thing that a clean architecture needs to deliver is a clearout of clutter and unnecessary complexity. It should not encourage us to build superfluous anaemic layers into our projects, nor to wrap complex, unreliable and time-wasting abstractions around things that do not need to be abstracted. My question is, how well does Uncle Bob’s Clean Architecture address this requirement?

Separation of concerns or speculative generality?

Uncle Bob points out that the objective at stake is separation of concerns:

Though these architectures all vary somewhat in their details, they are very similar. They all have the same objective, which is the separation of concerns. They all achieve this separation by dividing the software into layers. Each has at least one layer for business rules, and another for interfaces.

Now separation of concerns is important. Nobody likes working with spaghetti code that tangles up C#, HTML, JavaScript, CSS, SQL injection bugs, and DNA sequencing in a single thousand-line function. I’m not advocating that by any means.

But it’s important to remember that separation of concerns is a means to an end and not an end in itself. Separation of concerns is only a useful practice when it addresses requirements that we are actually facing in reality. Making your code easy to read and follow is one such requirement. Making it testable is another. When separation of concerns becomes detached from meeting actual business requirements and becomes self-serving, it degenerates into speculative generality. And here be dragons.

The classic example of speculative generality is the idea that you “might” want to swap out your database — or any other complex and fundamental part of your system — for some other unknown mystery alternative. This line of thinking is very, very common in enterprise software development and it has done immense damage to almost every codebase I’ve ever worked on. Time and time again I’ve encountered multiple sets of identical models, one for the Entity Framework queries, one for the (frequently anaemic) business layer, and one for the controllers, mapped one onto another in a grotesque violation of DRY that serves no purpose whatsoever but has only got in the way, made things hard, and crucified performance. Furthermore, this requirement is seldom needed, and on the rare occasions when it is, it turns out that the abstractions built to facilitate it were ineffective, insufficient, and incorrect. All abstractions are leaky, and no abstractions are more leaky than ones built against a single implementation.

You really don’t want to be subjecting your codebase to that kind of clutter. It is the complete antithesis of every reasonable concept of “clean” imaginable. In any case, if it’s not a requirement that your clients are actually asking for, and are willing to pay extra for, it is stealing from the business. It is no different from taking your car to the garage with nothing more than faulty spark plugs and being told you need a completely new engine.

Ground Control to Uncle Bob

So how does Uncle Bob’s Clean Architecture stack up in this respect? It becomes fairly clear when he lists its benefits.

1. Independent of Frameworks. The architecture does not depend on the existence of some library of feature laden software. This allows you to use such frameworks as tools, rather than having to cram your system into their limited constraints.

2. Testable. The business rules can be tested without the UI, Database, Web Server, or any other external element.

3. Independent of UI. The UI can change easily, without changing the rest of the system. A Web UI could be replaced with a console UI, for example, without changing the business rules.

4. Independent of Database. You can swap out Oracle or SQL Server, for Mongo, BigTable, CouchDB, or something else. Your business rules are not bound to the database.

5. Independent of any external agency. In fact your business rules simply don’t know anything at all about the outside world.

Points two and three are good ones. These are points that true separation of concerns really does need to address. We need to be able to test our software, and if we can test our business rules independently of the database, so much the better — though it should be borne in mind that this isn’t always possible. Similarly, just about every application needs to support multiple front ends these days: a web-based UI, a console application, a public API, and a smattering of mobile apps.

But points 1, 4 and 5 are the exact problem that I’m talking about here. They refer to complex, fundamental, deeply ingrained parts of your system, and the idea that you might want to replace them is nothing more than speculation.

Point 1 actually makes two mutually contradictory statements. A “library of feature laden software” is the exact polar opposite of “having to cram your system into their limited constraints.” In fact, if anything is “cramming your system into their limited constraints,” it is attempting to reduce your system to support the lowest common denominator between all the different frameworks.

When I get to point 5, I have to throw my hands up in the air and ask, what on earth is he even talking about here?! Business rules are, by their very definition, all about the outside world! Or is he trying to tell us that we need to abstract away tax codes, logistics, Brexit, and even the laws of physics themselves?

When I read things like this, it reminds me of one thing. This essay by Joel Spolsky:

When great thinkers think about problems, they start to see patterns. They look at the problem of people sending each other word-processor files, and then they look at the problem of people sending each other spreadsheets, and they realize that there’s a general pattern: sending files. That’s one level of abstraction already. Then they go up one more level: people send files, but web browsers also “send” requests for web pages. And when you think about it, calling a method on an object is like sending a message to an object! It’s the same thing again! Those are all sending operations, so our clever thinker invents a new, higher, broader abstraction called messaging, but now it’s getting really vague and nobody really knows what they’re talking about any more. Blah.

When you go too far up, abstraction-wise, you run out of oxygen. Sometimes smart thinkers just don’t know when to stop, and they create these absurd, all-encompassing, high-level pictures of the universe that are all good and fine, but don’t actually mean anything at all.

These are the people I call Architecture Astronauts…

I’m sorry, but if making your business logic independent of the outside world isn’t architecture astronaut territory, then I don’t know what is.

Clean means less clutter, not more

There are other problems too. At the start, he says this:

Each has at least one layer for business rules, and another for interfaces.

This will just encourage people to implement Interface/Implementation Pairs in the worst possible way: with your interfaces in one assembly and their sole implementations in another. While there may be valid reasons to do this (in particular, if you are designing some kind of plugin architecture), it shouldn’t be the norm. Besides making you jump around all over the place in your solution, it makes it hard to use the convention-based registration features provided by many IOC containers.

Then later on he speaks about what data should cross the boundaries between the layers. Here, he says this:

Typically the data that crosses the boundaries is simple data structures. You can use basic structs or simple Data Transfer objects if you like. Or the data can simply be arguments in function calls. Or you can pack it into a hashmap, or construct it into an object. The important thing is that isolated, simple, data structures are passed across the boundaries. We don’t want to cheat and pass Entities or Database rows. We don’t want the data structures to have any kind of dependency that violates The Dependency Rule.

This is horrible, horrible advice. It leads to the practice of having multiple sets of identical models for no reason whatsoever clogging up your code. Don’t do that. It’s far simpler to just pass your Entity Framework entities straight up to your controllers, and only transform things there if you have specific reasons to do so, such as security or a mismatch between what’s in the database and what needs to be displayed to the user. This does not affect testability because they are POCOs already. Don’t over-complicate things.

Of course, there may be things that I haven’t understood here. As I said, I haven’t read the book, only the blog post, and he no doubt mentions all sorts of caveats and nuances that need to be taken into account. But as they say, first impressions count, and when your first impressions include a sales pitch for layers of abstraction that experience tells me are unnecessary, over-complicated, and even outright absurd, it doesn’t exactly encourage me to read any further. One of the things that a clean architecture needs to deliver is the elimination of unnecessary and unwieldy layers of abstraction, and I’m not confident that that is what I’ll find.

Productivity suggestion: stop using the mouse

I could write a long, rambling blog post here with anecdotes and examples, but instead, I’ll just get straight to the point. If you want to see significant productivity gains, and avoid having repetitive strain injury destroying your programming career when you head into middle age, stop using the mouse. Mousing may be easy and intuitive, but it is slow, cumbersome, and it trashes your wrists.

I speak from experience there. When I first started experiencing wrist pain, I found that of all the things I tried — ergonomic keyboards, learning Colemak, what have you — by far the most effective step that I took was to cut down on my mouse usage and adopt a more keyboard-centric workflow. Today, about thirteen years after the first onset of discomfort, I’m almost entirely pain-free.

But even if you aren’t suffering wrist pain, mousing is still painfully inefficient and cumbersome for many tasks. Watching people thrashing around with the mouse, selecting text then faffing about with toolbars and popup menus is painful when you know that they could achieve pretty much the same thing far more quickly with judicious use of Ctrl-C and Ctrl-V.

Here are things that you can do to make a start:

  • Start by learning keyboard shortcuts in your IDE, your word processor, and your web browser. Find (or create) cheat sheets, print them out and refer to them regularly.
  • Look for features of your software that let you accomplish things all the more quickly. For example, most modern text editors will let you quickly search for a file by name by typing a keystroke such as Ctrl-P, or a command by typing Ctrl-Shift-P.
  • Learn to use Spotlight on the Mac, or the search facility in the Windows start menu (press the Win key, then just type the name of the program or document you want to open).
  • Install Vimium on Chrome or Firefox. With this, you can press “f” to bring up shortcuts on each link or input box on a web page that you can type to jump to them.
  • Learn to use the command line. If you’re on Windows, git bash is your friend.

Once you get into the swing of things, you can then start considering other more advanced techniques, such as customising shortcuts in your most commonly used programs, or even learning to use a keyboard-centric editor such as emacs or vim.

Learning to go mouseless takes time and effort, and the chances are that you’re not going to be able to go cold turkey right from the start. But like learning a new language, it’s well worth the effort of learning a new shortcut every day. Your wrists will thank you for it, your boss will thank you for it, and your stakeholders will thank you for it.

First impressions of JetBrains Rider

Up until recently, if you wanted to develop in .NET, your options for which IDE to use were pretty limited. Your choice was basically Visual Studio or … er, Visual Studio. Sure, there are one or two open source alternatives such as SharpDevelop, or you could use OmniSharp with a text editor, but these are pretty basic by comparison, and they tend not to see much use by anyone other than hobbyists.

Now there’s nothing wrong with Visual Studio per se. It’s a great IDE, with a ton of cool features, it does the job, and it does it well. But having just one high quality IDE to choose from contributed massively to the monoculture nature of .NET, with its pervasive insistence by many teams on being spoon-fed by Microsoft. Not surprisingly, many leading .NET developers have been clamouring for a decent, professional quality alternative over the years.

And what better company to deliver on that demand than JetBrains? As authors of not only the phenomenally popular Resharper but also IDEs for other platforms including IntelliJ IDEA, PyCharm, RubyMine and WebStorm, they were already most of the way there as it was. The absence of a fully-fledged .NET IDE to complete their line-up was puzzling, to say the least.

Well about a year ago, they finally delivered. And in the past couple of weeks or so I’ve been trying out their offering: Rider.

The first impression that I get of Rider is that it seems a lot more stable and less resource intensive than the combination of Visual Studio and Resharper. Although it has a different look and feel to Visual Studio, it brings you the full power of almost all of Resharper’s toolchain into a standalone editor that works, and works well. It comes in versions for Windows, Linux and OSX, giving you true cross-platform development. If you’ve ever wanted to do .NET development on Linux, now you have a way to do so.

Rider has some particularly nice touches. One thing I like about it is its built-in file comparison tool. As well as comparing two files against each other, or a locally checked out file against a version in source control, and as well as editing the differences, you get some handy buttons that let you copy chunks from one side to the other with a single mouse click. And it gets even better than that — thanks to its tight integration with the rest of the IDE, you get full code completion functionality, and even access to refactoring tools such as renaming methods or organising usings from within the diff window. A feature such as this really comes into its own when dealing with copy-and-paste code.

Rider’s diff/merge window, complete with code completion tools

Having said that, it does have its quirks and gotchas that Visual Studio users need to be aware of. Being based on the same core as other JetBrains IDEs, it follows their workflows and mental models rather than Visual Studio’s. So, for example, clicking “Run” on the toolbar doesn’t attach the debugger; you have to click the “Debug” button next to it to do that. And unlike Visual Studio, it doesn’t warn you when you edit your source code while the debugger is attached, nor does it lock the files down into read-only mode. This can lead to some initially puzzling situations when you try stepping through some code only to find that it has lost track of all the local variables. But the differences aren’t extensive, and if you’ve used other JetBrains IDEs before, or even if you’ve just used something else as well as Visual Studio, it doesn’t take long to get up to speed with it. To make the transition easier, Rider allows you to use Visual Studio key bindings instead of the Resharper-based or IntelliJ-like options.

Although Rider will handle most Visual Studio solutions just fine, there are a few corner cases that it struggles with. It didn’t work well with one of our products at work that includes a number of WCF services, and a colleague who also tried it out six months ago said he ran into problems with some older WebForms-based code. Its Docker support is also less mature than Visual Studio’s. But it’s improving all the time, and no doubt these problems will be resolved sooner or later.

Is it worth switching to Rider? Certainly some people will benefit from it more than others. I think the people most likely to get value out of Rider are polylot programmers who have a subscription to the entire suite of JetBrains desktop tools, and who will benefit greatly from having a common set of IDEs across multiple languages. Small businesses with more than five developers (which thus exceed the licensing limits for Visual Studio Community) will also benefit because Rider is considerably cheaper than a subscription to Visual Studio Professional. And Linux users now have an option for a high-end, professional quality IDE that targets the .NET ecosystem. But .NET traditionalists probably won’t touch it with a barge pole, and some legacy projects may experience a certain amount of friction.

But it’s well worth considering nonetheless. And whether you adopt it or not, Rider brings some much needed diversity to the landscape of high-end .NET IDEs. In so doing, it goes a long way towards breaking down the suffocating monoculture in many parts of the .NET ecosystem that insists on being spoon-fed by Microsoft. And that can only be a good thing.

It’s not just an opinion, it’s scar tissue

Software developers such as myself often have strong opinions about how code should be written. While some people may be tempted to dismiss these as “just an opinion,” the truth of the matter is that more often than not, these strong opinions are forged in the fires of Things Going Wrong And Having To Clear Up Afterwards.

Take exception handling for example. Bad exception handling practices are one of my big bugbears in code. Whether it’s Pokémon exception handling, or advocating return codes instead of exceptions, or just incoherent or unclear guidelines about how to use them, bad error handling really, really gets up my nose.

The project that you have to thank for that is called Bills Knowledge Base.

Bills Knowledge Base, or BKB as it was affectionately known, was an internal web application in Parliament used to keep track of the progress of legislation. When I was brought onto the project in early 2009, it had all of a sudden stopped displaying any data. And I was asked to fix it. NOW.

It quickly became clear why this was the case. Someone had just deployed a new version and had missed out an important DLL. The reason why it wasn’t showing any data instead of crashing out with a stack trace or an error page was that it was riddled with Pokémon exception handling. All over the place. Put there by some code generation for which the templates had been thrown away.

Having deployed the missing DLL, I then turned my attention to the database.

It probably won’t surprise you when I tell you that it was a complete mess. Foreign key constraints were missing, leaving orphaned rows everywhere. Dates were stored in text fields in a whole array of mutually incompatible formats. Fields that were supposed to be required were blank. Enumeration fields contained unrecognisable mystery values. It was a miracle that the system actually ran at all, given the state it was in.

I did the only thing that one can do in such a situation. I rolled up my sleeves and set to work cleaning up the data.

It took me a month. One whole month.

I eventually managed to rip out the Pokémon exception handling, harden the system, and make it behave properly. That took even longer.

It’s now more than five years since I last worked on BKB. When I handed it over, it worked properly, it was robust, and the data had long since been licked into shape. I don’t know what development has been done on it since then, but it was still faithfully doing its job when I left the place earlier this year. So if you ever feel inclined to question what I have to say about exceptions, just head over to https://services.parliament.uk/bills/. Getting that little corner of the web to the place where it is today left me with some scar tissue. And it’s that scar tissue that makes me twitch whenever I see bad error handling code.