When you're looking at a function (an actual function or a method), you can usually identify several blocks of code in there. There are pre-conditions, there's the function body, and there may be post-conditions. The pre-conditions are there to verify that the function can safely proceed to do its real job. Post-conditions may be there to verify that you're going to give something back to the caller that will make sense to them.
1/xx = 0It works the same way for function pre-conditions and post-conditions in code; you'll usually only find pre-conditions in code, no post-conditions. Quite often however you may not even find pre-conditions, but "medio-conditions"; that's when input validation happens everywhere inside the function.
This is not a desirable situation: for the function body to be as clear as possible, we'd want to push all pre-condition checks to the top of the function. Then we'll end up with a function body where "nothing can go wrong".
Sometimes the programming language itself can help with these pre-conditions: for instance, the language may support strict typing, which prevents certain types of invalid input to be provided. Some languages offer more advanced ways of defining pre-conditions, like pattern matching.
intstringif (!is_string($name)) {
throw new InvalidArgumentException('$name should be a string');
}
Assert::string($value)Assert::greaterThan($value)InvalidArgumentExceptionAssertion::string($name, '$name should be a string');
The funny thing is, PHP already has a built-in assertion tool. It's not as convenient as the assertion functions that these libraries provide. You'd have to write all the checks yourself:
assert(is_string($name), '$name should be a string');
On the other hand, it has one interesting feature that exposes the core idea of assertions: the fact that you can turn them off (e.g. in a production environment), without touching the code. Even though you can't easily turn off an assertion library once you start using it, I still think it's a very interesting test to see if you're using such a library in the correct way: just entertain the thought that you would turn the assertions off, would the system still function correctly?
InvalidArgumentExceptionSo the first rule of using assertions is: don't use assertions to validate user input, use it to validate function arguments. This means that, given that the user uses the application in a way that is valid and supported by our user interface (e.g. they are not trying to "hack" our system by tampering with POST request data), they should never receive a useless "500 Internal server error" response because some assertion failed. The other way around: if you find an assertion exception in your logs, assuming that all your users are innocent, you know that something is wrong about your user interface, since it apparently allows the user to accidentally provide the wrong data.
// $page is taken from the request's query parameters
$page = ...;
Assertion::greaterThan(0, $page, 'The page query parameter should be larger than 0');
LogicExceptionRuntimeExceptionExceptionRuntimeExceptionLogicExceptionInvalidArgumentExceptionLogicExceptionThis brings us to the second rule of using assertions: don't use assertions to validate return values from other functions.
$id = 123;
$entity = $repository->findById($id);
// Don't use an assertion here
Assertion::isInstanceOf($entity, Entity::class);
// Instead, throw a RuntimeException, or a domain-specific one
if ($entity === null) {
throw new RuntimeException('Entity with ID ' . $id . ' not found');
}
Another example of making an assertion about a return value:
$dateTime = DateTimeImmutable::createFromFormat('d/m/Y', $dateString);
Assertion::isInstanceOf(DateTimeImmutable::class, $datetime);
DateTimeImmutable::createFromFormat()falseDateTimeImmutable$dateStringfinal class DateTime
{
public static createFromFormat(
string $format,
string $dateString
): DateTimeImmutable {
$dateTime = DateTimeImmutable::createFromFormat($format, $dateString);
if (!$dateTime instanceof DateTimeImmutable) {
throw new InvalidArgumentException(
'The provided date string is in the wrong format'
);
}
return $dateTime;
}
}
if/*
* There's a separate branch in the code that throws this exception,
* so theoretically it should be covered with an extra unit test.
*/
if ($entity === null) {
throw new RuntimeException('Entity with ID ' . $id . ' not found');
}
/*
* There's no longer a separate branch, so the unit test for the happy
* path of this function will also cover this line, even though it
* won't trigger the exception.
*/
Assertion::isInstanceOf($entity, Entity::class);
There's more to talk about with regard to unit testing, and the big question to me is: should we write unit tests to verify that our assertions work?
Assertions should be used as sanity checks. In that sense, they are more like a trace: evidence that someone called a function with an incompatible piece of data. In that sense, you usually don't need to write specific unit test cases that catch the exceptions produced by these assertions.
Assertion::string()The same goes for the type system. For instance, if your language supports union types, like something is either This or That, you don't have to write an assertion for that anymore. With pattern matching, things become even more advanced, and you could omit assertions like "there should be at least one element in the list".
Now let's combine this with the idea that it should be possible to switch off assertions and still have a working program (except that it may be harder to debug the weird issues that would be caught by assertions otherwise). Should or shouldn't we write unit tests for assertions? I find that not every assertion is as important, and so not every assertion requires an extra test,
Rules of thumb for me are: If a better type system would be able to fix it, then don't test it. For example:
// Verify that all elements of a list are of a certain type
Assertion::allIsInstanceOf($list, Element::class);
// And all the primitive type assertions for PHP 5 applications
Assertion::string($value);
Assertion::boolean($value);
// etc.
On the other hand, If you're asserting that an input value is within the allowed domain, test it.
For example:
// Verify that the value is within a certain range:
Assertion::greaterThan($value, 0);
Assertion::lessThan($value, 10);
// etc.
// Verify that a string matches a certain pattern:
Assertion::regex($value, '/\d+/');
Assertion::alnum($value);
// etc.
// Verify a number of elements:
Assertion::count($value, 2);
This explains why I find myself testing mostly assertions from the constructors of value objects, since value objects are much like native language types, but they usually limit the domain of the input arguments.
Conclusion
Assertions are sanity checks. When they would be left out, you should still have a correctly function application. They should never become user-facing errors.
Useful rules of thumb for working with assertions and assertion libraries are:
- Use them to validate function arguments, but only at the beginning of a function.
- Instead of making assertions about another function's return value, throw an exception inside the that other function.
- Don't use assertions as replacement for exceptions.
- If a better type system would fix be able to it, use an assertion, but don't unit test for its exception.
- If an assertion validates the domain of a value, write a unit test that shows that it works.