john burns

You can import files for use in your tests using this simple little attribute on your test method:

[DeploymentItem(@"DataAccess\logger.config")]

This ensures that files needed for testing are copied to your test build directory. The path is relative to the solution folder. Simple or what.

Some might say that if you’re relying on external files in your unit tests then you’re not writing clean code. Well if you’re of that opinion and want to come and rewrite a ton of working legacy data access code then be my guest. Otherwise, I’ll have my unit tests passing before you’ve finished typing your argument.

Wow, it’s been a busy year. Last month I passed the foundation exam for my Microsoft Certified Technology Specialist exam and started on the second module. You only need two modules to get the certification: the hefty foundation exam and then a choice from WPF, WinForms, ASP.NET, WCF and a few more. I haven’t done much WPF but thought this would be a fine chance to learn and aim to hit full qualification by the end of February.

The foundation course covers the fundamentals which every .net developer ought to know: threading, appdomains, file access and streams, events, permissions, deployment and so on. Pretty basic stuff but covered in depth. It’s a shame that many developers are still cynical about these types of certification, but I think it’s an easy way to demonstrate a base level of skill. And the exams are apparently a lot harder now than they used to be. Still, if you do know your stuff I don’t think it’s too much hard work and it won’t take an age to complete. It’s possible to study for the exam purely by reading and completing the exercises in the textbook and without paying for expensive courses. It took me a couple of hours each weekend for about six weeks and then two days of cramming before the exam.

While I’m on the subject of learning, I’d also recommend this SQL Server book. We build a lot of data intensive apps and tend to do most of the data processing on the SQL Server to reduce latency. This makes query performance a likely bottleneck and concurrency a likely issue. Unfortunately SQL seems to be one of those languages like VBA and Javascript that developers just pick up on the job and learn by the Google Method. If you want to know how to safely and efficiently execute dynamic SQL, use transactions, prevent locking and generate efficient execution plans, then this book is a good place to start.

I was lucky enough to have a spanking new 64-bit dev box bestowed upon me and have been loving the response I’m getting out of the extra ram. Compilation times have been massively reduced and switching from design to code view when developing UIs no longer takes an age.

However, all was not sweetness and light. I found I was no longer able to edit code live when debugging. Instead I was receiving this message: “Changes to 64-bit applications are not allowed.”

What?! So all my productivity gains have been eliminated by having to rebuild when making tiny edits? I don’t usually condone coding on the fly while debugging, but when catching UI events, especially from certain third party grid controls, I find it very useful.

I think the problem is due to something being not quite fully implemented in the 64-bit edition of VS, but the workaround is simple enough. Just change the CPU you’re targeting to x86 while you’re developing.

The target platform is oft misunderstood. Changing this value does not optimise your deployment for that platform, it merely inserts a header into your assembly that tells the CLR how to run it. The platform target declares the developer’s intention for which OS bitness the application was intended for. Targeting any cpu will ensure your application runs as a 32-bit app on a 32-bit OS and as a 64-bit app on a 64-bit OS – the CLR will work out what to do. If you have any third party components that are reliant on running under a 32-bit process, then choose x86 and the app will run as a 32-bit on a 64-bit OS. If your application was developed specifically for a 64-bit OS, target x64 which will ensure the application can’t run on a 32-bit OS. Changing the target cpu will not change the IL that your program compiles to, nor will it optimise your application for 64-bit.

Another 64-bit misconception is that a .net int will compile to an int32 in a 32-bit OS and to a int64 in a 64-bit OS. This is not true. int is shorthand for int32 regardless of OS bitness as defined in the c# language spec. If you want an int64 just declare a long.

I’ve just spent a rather pleasant and sunny afternoon indoors trying to fix a problem with inserting entities that form many-to-many relationships in the .net Entity Framework.

I’ve been googling this error message:

Unable to update the EntitySet because it has a DefiningQuery and no <InsertFunction> element exists in the <ModificationFunctionMapping> element to support the current operation.

all afternoon, trawling through the O’Reilly book and generally losing my hair.

Many-to-many relationships are characterised by what we call link or junction tables:

Here the MovieActors table is the junction table.

The key to getting many-to-many relationships is those little keys on the MovieActors table. They’re a pair of Foreign Keys linking back to their respective primary tables with a Primary Key over the top of them both.

To get many-to-many relationships to work in the Entity Framework, you need a primary key on the junction table! Or you can roll your own stored procedure insert statement, stick it in the SSDL designer mess and pray that no-one refreshes the model and overwrites it.

(Obviously you should have these keys in place anyway, but sometimes, in the big bad real world, the database design was created 20 years ago by a man in a hurry and changing the design may make the company walls crumble and the corporate empire fall. Gladly, here it was fine. Even more obviously, how did I expect the Entity Framework to magically realise what it was supposed to do on insert without these keys? Lessons have been learned.)

Regex is something that’s scared me for a long time. Previously I thought it only to be understood by Indiana Jones coders and only with the help of a wax crayon, a sheet of tracing paper and a secret book of biblical drawings. But this morning I discovered otherwise.

I’ve been studying for the Microsoft Certified Technology Specialist foundation exam, reading through and writing code from this big book. I whizzed through the first two chapters with massive enjoyment, then came to regex in the third chapter and hid the book in a drawer for a month being too busy to look at it. It’s not that it’s overly tough, it’s just tough enough to put you off with loads of weird characters in undecipherable sequences that are not very intuitive and require committing to memory. Check this out:

        static bool IsZip(string s)
        {
            return Regex.IsMatch(s, @"^\d{5}(\-\d{4})?$");
        }

It’s a piece of regex to accept US zip codes which can either look like 90210 or 90210-1111 (5 digits or five digits dash four digits). It doesn’t look too inviting does it? But let’s break it down:

^ Means match from the start of the line

\d{5} Means match 5 digits (5 numerical characters)

\- Means match a dash

\d{4} Means match 4 digits

(\-\d{4})? Together means optionally match a dash followed by four digits. The ? means optional and the parentheses means you have to have a dash AND four digits. So it will accept a dash and four digits, or nothing, but not a dash alone, or four digits alone.

$ Means match the end of the line. This is important. If you miss this you could end up accepting 90210beverlyhillscopsucks as a valid zip code.

Piece it all together and you feel a bit like Indiana Jones. Unfortunately deciphering this regex string hasn’t led to a quest to the Brazilian rainforest to dig for skulls in haunted caves, but we’ll see what the rest of the MCTS book brings.

The important thing is that like Mac and that water heater thing in the basement from Home Alone - I’m not afraid anymore.

We use Subversion for version control with the TortoiseSVN and VisualSVN plugins. Using a version control system that supports branching and tagging is a must if you want to Always Keep Your Project Releasable and keep your HEAD clean (more on this another time).

Merging has been a source of frustration for the team – not the cleaning up of conflicts, but the actual process. We use the TortoiseSVN UI for merging and the process isn’t very intuitive so I’ve written a little guide. 

I’m assuming you have a branch you’ve been developing on and now want to merge that branch back into the HEAD.

1. Check in all edits you’ve made to your branch.

2. Checkout the latest revision of the HEAD (the head of the head) into a new folder on your local drive.

3. Right click on the folder and select Merge.

4. Choose the Merge a Range of Revisions option and hit next (our svn server doesn’t seem to support mergeinfo, so we can’t use the second option. I think we need to upgrade).

5. We want to merge from the point we made the branch to the latest revision of the branch. To do this, leave the Revision Range to Merge box empty. Otherwise, fill in the range you wish to merge. Hit next.

6. Leave the default settings in the Merge Options page and hit the Test Merge button. It will show any conflicts that occur between your branch and the HEAD.

7. If satisfied, hit the merge button. Your branch should now be merged with the HEAD in the Project Head folder.

8. Edit any conflicts. If a lot of changes have been made to the HEAD while you were working on your branch, this could take some time. Avoid having too many conflicts by merging early and merging often.

9. Open up the project and make sure everything runs and that all tests pass. This is particularly important if you’re not operating in a CI environment.

10. If everything runs ok, all tests pass and you’re completely satisfied, check in the project to the HEAD. Your working copy is now the head. YOU SHOULD NEVER CHECK ANYTHING TO THE HEAD THAT WILL BREAK THE BUILD. If another developer cannot check out the HEAD and have it compile, you’ve gone wrong.

11. Check out a fresh copy of the HEAD and make sure it builds and all tests pass. If not, fix them and check it back in.

12. Your working copy should contain your features, the features of the other developers on the project and all that went before. Everything should build and feel fresh and clean. Now you can re-branch and keep on coding more features!

Lutz Roeder’s Reflector is an excellent free program that lets you take a .net assembly and decompile it into completely human readable source code. It’s so simple a chimp could do it. It’s so scarily good that you can almost take the decompiled code, stick it in Visual Studio, hit F5 and have it run as if you’ve just built it yourself. Great if you’re a hobbyist wanting to learn how an awesome app was built, also good if you’re an evil corporate hacker wishing to rip off the hard work of a smart development team.

We’re about to release a client–server app where the client is freely downloadable, but useless without authentication at the server. The client is relatively thin, but still contains a lot of hard, hand crafted code which will sit on the client machine. We started to get a little paranoid about the possibility of dirty haxxors decompiling our work and using it in competing products, so we turned to the black art of obfuscation.  

Obfuscation is the process of converting your nice, tidy, readable code into nonsense gibberish before compilation. It still runs as intended, but means that anyone decompiling your assemblies and executables won’t easily be able to figure out what the hell is going on in your code.

There are a few different techniques an obfuscator uses to do this, the most basic and common being to rename your methods, variables and parameters to short strings like a, a0, aa1. A guy I shared a flat with at university wrote code like this on purpose to try and ensure the university didn’t exercise its rights on IP to take his self proclaimed “five million pound ideas” and turn a profit themselves. Unfortunately, after taking a couple of weeks off from coding he couldn’t follow the code himself and eventually ended up flunking his CS course with a 2:2.

I used Dotfuscator CE which comes bundled with Visual Studio to compile a small sample project and compared the results in Reflector:

Clean, unobfuscated code (left) and code obfuscated using Dotfuscator (right).

Note how the class and method names are contracted to be meaningless and how the obfuscator has taken advantage of overloading to give the different methods with differing signatures the same name. Less code results in smaller assemblies with Dotfuscator reporting an average of 30% reduction in size.

Nobody wants to have their hard work stolen, so why doesn’t everyone obfuscate their code as a matter of course? Why isn’t the output from your build automatically obfuscated?

The answer is because it’s bloody hard to get it to work effectively for real applications. In my admittedly limited experience at least. There are certain parts of your application that can’t be obfuscated without breaking your code. If any of your libraries expose APIs, those methods and parameters can’t be obfuscated or any calling methods will fail. If you use reflection and are testing for types that have been renamed through obfuscation, you’ll get errors. And any stack traces you receive from error messages in an obfuscated program will also be obfuscated. You can get around these issues by manually configuring the obfuscator to avoid every method that will cause an error, but this takes a crazy amount of time. Imagine stepping through code that looks like the picture on the right above, like my friend from university, trying to find what’s causing the program to crash. It’s enough to make your eyes bleed.

And worst of all, for all the effort involved, obfuscation isn’t failsafe. If a team of hackers is determined enough to recover your code, then they can and will given enough time. Obfuscation will stop the casual weekend types, but these aren’t likely to be the guys that are trying to steal IP from you. So at best, obfuscation will only slow decompilation down and at a huge cost of maintenance. Real obfuscation is hard, maybe even impossible.

After a lot of effort I managed to get most of our code obfuscated and deployed, but at a huge time cost for what I see as a relatively minor threat. From now on, any projects requiring obfuscation are going to be architected for it.

My advice is this: If you’re really developing top secret, proprietary code, then you should encompass obfuscation aspects in your initial design from the outset, isolating the sensitive parts of the code and either sticking them on a server, or ensuring that they can be properly obfuscated without affecting the rest of the codebase by incorporating checks into your build tests.

If someone copies your program successfully enough to become a competitor then you’re hopefully going to notice that fact and get lawyers to sort it out. Hint: it’s usually when someone whacks your business partner around the head with a bat to steal the satellite uplink code.