White box testing is needed because of the following reasons:
ode coverage: Ensure that each code statement is executed once.
Data-flow testing looks at the lifecycle of a particular piece of data (i.e. a variable) in an application. By looking for patterns of data usage, risky areas of code can be found and more test cases can be applied.
There are four ways data can be used: defined, used in a predicate, used in a calculation, and killed. Certain patterns, using a piece of data in a calculation after it has been killed, show an anomaly in the code, and therefore the possibility of a bug.
There are three levels in which white box testing can be present:
API testing is done to make sure that the basic units of the software application function properly as desired. Reason why we perform API testing right from the initial stages of the product cycle to the final phase, ensuring that the product release in the market is error-free and worth every penny you invested. API testing process involves testing the methods of NET, JAVA, J2EE APIs for valid and invalid inputs, plus testing the APIs on Application servers.
API-testing targets the code-level, and can be done even by testers as well as developers.
The cyclomatic complexity is a software metric that provides a quantitative measure of the logical complexity of a program.
Stress testing is a testing technique used to determine if the system can function when subjected to large volumes of data. It includes areas like:
If the application functions properly with stressed data then it is assumed that it will function properly with normal volumes of work.
Objectives of Stress Testing: To simulate a production environment for determining that
Testing a function with knowing the internal structure it also call as white box testing it takes place in the developers area.
In general prerequisites for white box testing are the same as for black box testing. The only difference is the access to the application source code. The white box tester should ask for detailed requirement, functional specifications, high-level design documents, detailed design documents and source code. The white box QA Engineer would analyze the source code and prepare test cases for testing the functionality to ensure that the code is behaving according with the requirements and specifications.
Few major challenges faced during white box testing are as under:
Recovery testing is used to ensure that operations can be continued even after a disaster. If not only verifies the recovery process but also the effectiveness of the component parts of that process. Objectives of recovery testing are:
Examples of Recovery Testing
Basic stuff require for Test cases is full fledge knowledge of Functional design and STLC. Scenario plays a vital role for having Test Cases.
Coverage analyzers are a class of test tools that offer automated support for this approach to testing management. With this tool, the tester runs a set of test cases on a program that has been instrumented by the coverage analyzer. The analyzer then uses the information produced by the instrumentation code to generate a coverage report.
For example, in case of DD-path coverage, it identifies and labels all DD-paths in the original program. When the instrumented program is executed with test-cases, the analyzer tabulates the DD-paths traversed by each test case. So, a tester can experiment with different sets of test cases to determine the coverage of each set.
Execution testing is used to determine whether the system can meet the specific performance criteria. It includes
Execution testing can be done in any phase of SDLC. It can evaluate a single aspect of the system like a critical routine in the system. We can use hardware and software monitors or creating quick and dirty programs to evaluate the approximate performance of a completed system. This testing may be executed onsite or offsite for the performance of the test. It may be noted that the earlier the technique is used, the higher is the assurance that the completed application will meet the performance criteria.
A failure of a white box testing may result in a change that requires all black box testing to be repeated and white box testing paths to be reviewed and possibly changed.
A testing used to identify defects that are very difficult to identify. It involves determining that adequate attention is devoted to identifying security risks, determining that sufficient expertise exists to perform adequate security testing.
Examples of Security testing
White box testing is a type of testing used basically for checking the code of an application, where as equivalence partitioning is a strategy used for both white box and black box testing to decide the input values for the testing. In equivalence partitioning we will have to come up with multiple inputs in which each one represents a set of inputs of similar behavior.
Cyclomatic complexity is the number of linearly independent paths through a program's source code. Cyclomatic complexity is computed using the control flow graph of the program: the nodes of the graph correspond to the commands of a program, and a directed edge connects two nodes if the second command might be executed immediately after the first command.
CC = E − N + P
CC= cyclomatic complexity
E = the number of edges of the graph
N = the number of nodes of the graph
P = the number of connected components.
It is not possible for testing each and every path of the loops in program. This means exhaustive testing is impossible for large systems. This does not mean that white box testing is not effective. By selecting important logical paths and data structure for testing is practically possible and effective.
The following are the knowledge sources for white-box or structural testing
If we decide to develop a program in terms of compatible slices then we could code a slice and immediately test it. We can then code and test other slices and merge them into a fair solid program. This is known as slice splicing.
Path coverage measures whether each of the possible paths in each function have been covered for testing. A path is a unique sequence of branches from the function entry to the exit. A very through testing is possible by Path Coverage.
Path coverage is measures by an entity called cyclomatic complexity. The cyclomatic complexity of a software program is calculated from a connected graph of the module (that shows the topology of control flow within the program):
Cyclomatic complexity (CC) = E - N + P
where E = the number of edges of the graph
N = the number of nodes of the graph
P = the number of connected components
Everything is visible inside a glass box. When you perform white box testing , you can see the code and test it. But in black box testing the tester does not know what is happening inside the code when he is giving a particular input. He only sees the output, but does not get to know how that output has come. In white box testing the tester can know what exactly is happening inside the code and why a particular out put is coming for a particular input. That's why it is called Glass box testing.
Dirty test cases are those that check the functionalities for the negative scenarios. In dirty test cases we provide negative / invalid inputs and verify if the application is behaving correctly. Here the application is tested for maximum amount of invalid inputs.
Example: For a banking application which allows fund transfer of maximum $10000 US per day. A dirty test case would be to try to transfer more than that values, i.e. say $10001 US. Here the application should sanely give an error that maximum allowed amount for transfer is $10000 US. It should not perform any transaction.
Test plan contains the following points they are
test cases contains
A program slice is a set of program statements that contribute to or affect a value for a variable at some point in the program. This is an informal definition.
Let us see now more formal definitions of a program slice.
"Given a program, P and a set of V of variables in P, a slice on the variable set V at statement n, written as S(V, n), is the set of all statements in P that contribute to the values of variables in V".
It may be noted that listing elements in a slice S(V, n) will be cumbersome because the elements are the program statement fragments.
We can further refine the definition of a program slice.
"Given a program P and a program graph G(P) in which statements and statement fragments are numbered and a set V of variables in P, the slice on the variable set V at statement fragment n, written as S(V, n), is the set of node numbers of all statement fragments in P prior to n that contribute to the values of variables in V at statement fragment n."
The basic idea is to separate a program into components (slices) that have some useful / functional meaning.
It may be noted that we have used the words "prior to" (in the 2nd definition) in the dynamic sense. Thus a slice, captures the execution time behavior of a program with respect to the variables in the slice. This develops a lattice or a directed, acyclic graph of slices in which nodes are slices and edges correspond to the subset relationship.
We have also used a word -"contribute' which means that data declaration statements have an effect on the value of a variable. We simply exclude all non-executable statements.
White Box testing is done by both developers and tester. In case of projects (eg: Railways , aeronautics) there are standards (eg CENELAC)to be which demands testing to be done by a tester in such cases the white box testing is done by tester and not developer. The tester will have a knowledge of the coding language only then is he called a white box tester The tester does the white box testing using rational tools like Rational Test Real Time (RTRT) .
Online systems should be stress tested by allowing people to enter transactions of a normal or above normal pace.
Batch systems can be stress tested with large input batches. Please note that the error conditions should be included in tested transactions. Transactions that are used in stress testing can be obtained from Test data generators, test transactions created by test group or the transactions previously processed in the production environment.
In stress testing, the system should be run as it would in the production environment. Operators should use standard documentation and the people entering transactions or working with the system should be the clerical personnel that will use the system.
Examples of Stress Testing:
Operations testing is designed to determine whether the system is executable during normal system operations. It evaluates both the process and the execution of the process. During different phases of SDLC, it can be used as follows
Phase 1: Requirements Phase: During this phase, operational requirements can be evaluated to determine the reasonableness and completeness of these requirements.
Phase 2: Design Phase: During this phase, the operating procedures should be designed and thus can be evaluated.
Examples of Operations Testing
Test plan is a document that contains the scope, approach, test design and test strategies. It includes the following:-
While A test case is a noted/documented set of steps/activities that are carried out or executed on the software in order to confirm its functionality/behavior to certain set of inputs.
Let's say you have an entity that is stored across multiple tables and the test case is to delete the entity. In black-box testing, once the entity disappears from the GUI after deletion, your black-box test case is considered passed. But with white-box testing, you'd check if all related rows are deleted from the tables. If the deletion happens to delete only the parent record and leave behind orphan rows, the test case is considered failed.
White box testing can be performed by anybody who has a good understanding of the code and the program logic. Generally developers perform white box testing during unit testing for their own components. API tester also perform white box testing.
White box testing is a method to test the functionality of the code by passing parameters within the code itself. White box testing involves looking at the structure of the code. When you know the internal structure of a product, tests can be conducted to ensure that the internal operations performed according to the specification. And all internal components have been adequately exercised.
White box testing is also called Structural testing or Glass box testing.