In part 1, I started out with defining some FsCheck properties on dnAnalytics' Complex class. The properties I showed were fairly straightforward: break the complex number in its real and imaginary part, apply the definition of the operation and compare that to the result of the actual operation under test.

A possible critique on this kind of property is that it partly duplicates the implementation of the operation under test. In my experience, it almost never does completely: there is of course some overlap, but the property is invariably simpler, takes into account less detail, and is easier to understand. The property is mostly unusable for an actual implementation, for example because it is inefficient, is not tail recursive, causes more rounding errors etc. The only important thing about such a property is that is simple, so that you are sure it is correct (in fact, FsCheck will verify that it is correct...). So this critique is not justified.

But anyway, such definition properties are not the only kind that can be written using FsCheck. Today we'll look at properties that relate different operations (functions, methods) of the same class or module together.

As an example, we'll test that the complex numbers form a field over addition and multiplication, i.e. the field C+,*.

Now, the first thing to realize here is that instances of type Complex *do not* form an actual field, due to the presence of NaN, Infinity, rounding errors and overflow. So, for the purpose of this property we're about to write, we need to be able to generate Complex instances where these values are not generated.

There is a nice trick to define a custom generator that filters or otherwise manipulates values from another generator but keeps the other generator's type. First define a wrapper union type and define a generator for that:

type NoSpecials = NoSpecials of Complex type Generators = static member NoSpecials() = { new Arbitrary<NoSpecials>() with override x.Arbitrary = arbitrary |> suchThat (fun (C (r,i) as a) -> not (Complex.IsInfinity(a)) && not (Complex.IsNaN(a)) && r > 1e-16 && r < 1e16 && i > 1e-16 && i < 1e16 ) |> fmapGen NoSpecials override x.Shrink (NoSpecials c) = shrink c |> Seq.map NoSpecials }

Notice how special values like NaN, and very low and high values are filtered out in the generator using the *suchThat* generator combinator.

Now, we can write a property with a signature like:

`let prop_ComplexField (NoSpecials a,NoSpecials b,NoSpecials c) =`

which will generate "non-special" complex values in a, b and c. F#'s pattern matching and FsCheck's type directed value generation come together nicely here. (The alternative for this style is to use an explicit generator using forAll or forAllShrink).

Our property should check that both addition and multiplication are commutative, associative, distributive and have an an identity. So, the following functions will be useful:

let (=~=) (expected:Complex) actual = try TestHelper.TestRelativeError(expected, actual, 2e-10); true with _ -> false let commutative f (a,b) = f a b =~= f b a let associative f (a,b,c) = f (f a b) c =~= f a (f b c) //e.g. (a+b)+c = a+(b+c) let rightdistributive f g (a,b,c) = g (f a b) c =~= f (g a c) (g b c) //e.g. (a+b)c = ac+bc let leftdistributive f g (a,b,c) = g c (f a b) =~= f (g c a) (g c b) // e.g. c(a+b) = ca+cb let identity f id a = f a id = a

Armed with these, our property can be written as:

let prop_ComplexField (NoSpecials a,NoSpecials b,NoSpecials c) = commutative (+) (a,b) |@ "+ commutative" .&. commutative (*) (a,b) |@ "* commutative" .&. associative (+) (a,b,c) |@ "+ associative" .&. associative (*) (a,b,c) |@ "* associative" .&. rightdistributive (+) (*) (a,b,c) |@ "right distributive" .&. leftdistributive (+) (*) (a,b,c) |@ "left distributive" .&. identity (+) Complex.Zero a |@ "0 is identity of +" .&. identity (*) Complex.One a |@ "1 is identity of *" quickCheckN "Complex numbers are a field" prop_ComplexField

Complex numbers are a field-Ok, passed 100 tests.

It should be clear that the possibilities for coming up with such properties are almost limitless, and that you'll never have to repeat any part of your implementation to express them.

#### Conclusion

FsCheck makes it easy to test whether relations between a set of related methods or functions hold. This technique is in my experience sometimes neglected when unit testing, because of the focus on the *unit. *Nevertheless, such properties can have great value in documentation and testing.

In this post I took a few shortcuts to avoid having to deal with the "specials", and so in that sense this specification could be called misleading because indeed, instances of Complex do not form a field. I did this for two reasons. First, I wanted to show the wrapper type/pattern match technique to define derived generators that generate a subset of the values of an original generator. Second, I wanted to show that FsCheck makes you work if you want to ignore these special values - in other words, you have to make a very conscious decision to ignore them. In contrast, using unit tests the default is that you forget about these values until it's too late.

A third point I wanted to show is that with a little refactoring and common sense, you can write elegant and very readable properties that could conceivably be part of your documentation - in other words, true executable specifications.

## No comments:

## Post a Comment