How to Perform White Box Testing – Explained with a Simple Example

Understanding White Box Testing with a Simple Example

Its almost a decade now, since I’m into Software testing industry. And in my career so far, I have noticed the testers to be the most enthusiastic community in the whole of the software industry.

The prime reason behind it is that a tester always has something in their scope to learn. Be it a domain, process or a technology, a tester can have a complete development if they wish to.

But as they say “There is always a darker side”. Testers also indeed avoid a type of testing which they feel to be very complicated and the developer’s piece of cake. Yes, you have guessed it right. It’s the “WHITE BOX TESTING”.

What You Will Learn:

White Box and Black Box Testing

If we go by the definition, “White box testing” (also known as clear, glass box or structural testing) is a testing technique which evaluates the code and the internal structure of a program.

It is the counterpart of Black box testing.

To put it in simple terms – Under Black box testing, we test the software from a user’s point of view, but in White box, we see and test the actual code. In Black box testing, we perform testing without seeing the internal system code, but in White box testing we do see and test the internal code.

White box testing technique is used by both the developers as well as testers. It helps them to understand which line of code is actually executed and which is not. This may indicate that there is either a missing logic or a typo, which eventually can lead to some negative consequences.

Steps to Perform White Box Testing

Step #1 – Understand the functionality of an application through its source code. Which means that a tester must be well versed with the programming language and the other tools as well techniques used to develop the software.

Step #2– Create the tests and execute them.

When we discuss the concept of testing, “coverage” is considered to be the most important factor. Here I will explain how to have maximum coverage from the context of White box testing.

Also read => Cause and Effect Graph – Dynamic Test Case Writing Technique For Maximum Coverage

Types of White Box Testing

There are several types and different methods for each white box testing type. See the below image for your reference.

Today, we are going to focus mainly on the execution testing types of ‘Unit testing white box technique’.

The 3 main White Box Testing Techniques are:

  1. Statement Coverage
  2. Branch Coverage
  3. Path Coverage

Let’s understand these techniques one by one with a simple example.

#1) Statement coverage:

In a programming language, a statement is nothing but the line of code or instruction for the computer to understand and act accordingly. A statement becomes an executable statement when it gets compiled and converted into the object code and performs the action when the program is in a running mode.

Hence “Statement Coverage”, as the name itself suggests, it is the method of validating whether each and every line of the code is executed at least once.

#2) Branch Coverage:

“Branch” in a programming language is like the “IF statements”. An IF statement has two branches: True and False.

So in Branch coverage (also called Decision coverage), we validate whether each branch is executed at least once.

In case of an “IF statement”, there will be two test conditions:

Hence, in theory, Branch Coverage is a testing method which is when executed ensures that each and every branch from each decision point is executed.

#3) Path Coverage

Path coverage tests all the paths of the program. This is a comprehensive technique which ensures that all the paths of the program are traversed at least once. Path Coverage is even more powerful than Branch coverage. This technique is useful for testing the complex programs.

Let’s take a simple example to understand all these white box testing techniques.

White Box Testing Example

Consider the below simple pseudocode:

 INPUT A & B
C = A + B
IF C>100
PRINT “IT’S DONE” 

For Statement Coverage – we would only need one test case to check all the lines of the code.

That means:

If I consider TestCase_01 to be (A=40 and B=70), then all the lines of code will be executed.

Now the question arises:

  1. Is that sufficient?
  2. What if I consider my Test case as A=33 and B=45?

Because Statement coverage will only cover the true side, for the pseudo code, only one test case would NOT be sufficient to test it. As a tester, we have to consider the negative cases as well.

Hence for maximum coverage, we need to consider Branch Coverage, which will evaluate the “FALSE” conditions.

In the real world, you may add appropriate statements when the condition fails.

So now the pseudocode becomes:

 INPUT A & B
C = A + B
IF C>100
PRINT “IT’S DONE”
ELSE
PRINT “IT’S PENDING” 

Since Statement coverage is not sufficient to test the entire pseudo code, we would require Branch coverage to ensure maximum coverage.

So for Branch coverage, we would require two test cases to complete the testing of this pseudo code.

TestCase_01: A=33, B=45

TestCase_02: A=25, B=30

With this, we can see that each and every line of the code is executed at least once.

Here are the Conclusions that are derived so far:

Now let’s move on to Path Coverage:

As said earlier, Path coverage is used to test the complex code snippets, which basically involve loop statements or combination of loops and decision statements.

Consider this pseudocode:

 INPUT A & B
C = A + B
IF C>100
PRINT “IT’S DONE”
END IF
IF A>50
PRINT “IT’S PENDING”
END IF 

Now to ensure maximum coverage, we would require 4 test cases.

How? Simply – there are 2 decision statements, so for each decision statement, we would need two branches to test. One for true and the other for the false condition. So for 2 decision statements, we would require 2 test cases to test the true side and 2 test cases to test the false side, which makes a total of 4 test cases.

To simplify these let’s consider below flowchart of the pseudo code we have:

In order to have the full coverage, we would need following test cases:

TestCase_01: A=50, B=60

TestCase_02: A=55, B=40

TestCase_03: A=40, B=65

TestCase_04: A=30, B=30

So the path covered will be:



Red Line – TestCase_01 = (A=50, B=60)

Blue Line = TestCase_02 = (A=55, B=40)

Orange Line = TestCase_03 = (A=40, B=65)

Green Line = TestCase_04 = (A=30, B=30)

Also See => Different Types of testing

White Box Testing Tools

Given below is a list of white box testing tools.

**********

=>> Contact us to suggest your listing here

**********

#1) Veracode

Veracode’s white box testing tools will help you in identifying and resolving the software flaws quickly and easily at a reduced cost. It supports several application languages like .NET, C++, JAVA etc and also enables you to test the security of desktop, web as well as mobile applications. Still, there are several other benefits of Veracode tool. For detailed information about Veracode White box testing tools, please check the below link.

Website Link: Veracode

#2) EclEmma

EclEmma was initially designed for test runs and analysis within the Eclipse workbench. It is considered to be a free Java code coverage tool and has several features as well. To install or know more about EclEmma please check out the below link.

Website Link: EclEmma

#3)RCUNIT 

A framework which is used for testing C programs is known as RCUNIT. RCUNIT can be used accordingly based on the terms of the MIT License. It is free to use and in order to install or know more about it, please check the below link.

Website Link: RCUNIT

#4) cfix

cfix is one of the unit testing frameworks for C/C++ which solely aims at making test suites development as simple and easy as possible. Meanwhile, cfix is typically specialized for NT Kernel mode and Win32. To install and know more about cfix, please check out the below link

Website Link: cfix

#5) Googletest 

Googletest is Google’s C++ test framework. Test Discovery, Death tests, Value-parameterized tests, fatal & non-fatal failures, XML test report generation etc are few features of GoogleTest but there are several other features too. Linux, Windows, Symbian, Mac OS X are few platforms where GoogleTest has been used. In order to Download, please check the below link.

Download Link: Googletest

#6) EMMA

Emma is an easy to use free JAVA code coverage tool. It includes several features and benefits. To Download and know more about Emma, please check the below link.

Download Link:  EMMA

#7) NUnit

NUnit is an easy to use open source unit testing framework which does not require any manual intervention to judge the test results. It supports all .NET languages. It also supports data-driven tests and tests run parallel under NUnit. Earlier releases of NUnit used NUnit license but NUnit 3 is released under the MIT license. But both the licenses allow free use without any restrictions. In order to download and know more about NUnit please check the below link.

Download Link: NUnit

#8) CppUnit

CppUnit is a unit testing framework written in C++ and is considered to be the port of JUnit. The test output for CppUnit may be either in the XML or text format. It creates unit tests with its own class and runs tests in the test suites. It is licensed under LGPL. In order to download and know more about CppUnit please check the below link.

Download Link: CppUnit

#9) JUnit

JUnit is a quiet simple unit testing framework that supports test automation in Java Programming Language. It mainly supports in Test Driven Development and provides the Test coverage report as well. It is licensed under Eclipse Public License. For free download and in order to know more about JUnit please check the below link.

Download Link: JUnit

#10) JsUnit

JsUnit is considered to be the port of JUnit to javascript. And it is an open source unit testing framework to support Client sided Javascript. It is licensed under GNU Public License 2.0, GNU Lesser Public License 2.1 and Mozilla Public License 1.1. In order to download and know more about JsUnit please check the below link.

Download Link: JsUnit

Also, check all the tools that we have listed under Static code analysis here.

Conclusion

Also, note that the statement, branch or path coverage does not identify any bug or defect that needs to be fixed. It only identifies those lines of code which are either never executed or remains untouched. Based on this further testing can be focused on.

Relying only on black box testing is not sufficient for maximum test coverage. We need to have a combination of both black box and white box testing techniques to cover maximum defects.

If done properly, White box testing will certainly contribute to the software quality. It’s also good for testers to participate in this testing as it can provide the most “unbiased” opinion about the code. :)

About the author: This is a guest article by Shilpa C. Roy. She is working in software testing field for the past 9 years in domains like Internet advertising, Investment Banking, and Telecom. She has also cleared the CTAL test manager exam with a good score.

This is just a start and there is much more that can be discussed on this topic. Let us know if you have any questions about the methods we discussed in this article.

**********

=>> Contact us to suggest your listing here

**********

Feel free to suggest more simple or advanced tools that you are using for white box testing.