> On a side note, I've found QuickCheck to be great for these kinds of
> unit tests. As an example, I was able to turn someone else's code for a
> trie data structure into a multi-trie (like a bag is to a set) without
> fully understanding the code and still be fairly confident that the code
> was correct!

I agree that QuickCheck is great for this kind of task, but I still find
myself exporting unnecessary functions.  For example, suppose you are
writing a balanced binary search tree-based FiniteMap data structure,
and want to test it with QuickCheck.  As well as testing the interface,
you need to test at least three internal invariants after each operation:

    - that the tree is balanced with respect to the balance condition,
    - that the meta-data used to maintain the balance condition is
      correct, and
    - that the tree is a binary search tree (i.e. that the keys are in
      sorted order if you do an inorder traversal).

For this simple example, one extra exported function should do the trick:

        structuralInvariantFM :: (Ord k) => FiniteMap k v -> Bool

However, a more complex data structure with multiple invariants would
require even more exported functions, because it would become more
important to know which invariant was broken.

Andrew Bromage

