4

Structural (White-Box) Testing

1
 Outline:
⚫ White Box Testing

⚫ Grey Box Testing

⚫ Its Advantages and Disadvantages

2
 White Box Testing

⚫ White box testing is based on the knowledge of the internal logic of an application’s code

and includes tests such as coverage of code statements, branches, paths, and conditions.
⚫ This testing process is generally performed by software developers/Test Engineers by
using a targeted set of prearranged test cases.

⚫ White box testing is a form of application testing that provides the tester with complete

knowledge of the application being tested, including access to source code and design
documents.

⚫ This in-depth visibility makes it possible for white box testing to identify issues that are

invisible to gray and black box testing.

37
Cont.…
• Using this strategies, the software engineers can develop test cases that:

• Guarantee that all independent path within a model have been executed at
least once

• Execute all logical decision, on their true or false.

• Execute all loops at their boundaries and within their optional bounds

• Execute internal data structure to ensure their validity.

• Inputs required for White Box testing : Requirements ,Functional specifications , High-
level design documents , Detailed design documents and Application block source code
1. Control Flow Testing
⚫ Control flow testing is a testing technique that comes under white box testing.

⚫ The aim of this technique is to determine the execution order of statements or instructions of the program

through a control structure.

⚫ The control structure of a program is used to develop a test case for the program. In this technique, a particular

part of a large program is selected by the tester to set the testing path. It is mostly used in unit testing. Test
cases represented by the control graph of the program.

⚫ Control Flow Graph is formed from the node, edge, decision node, junction node to specify all
possible execution path.

Notations used for Control Flow Graph

1. Node
2. Edge
3. Decision Node
4. Junction node
2
8
Node: Nodes in the control flow graph are used to create a path of procedures. Basically, it
represents the sequence of procedures in which procedure is next to come so, the tester can
determine the sequence of occurrence of procedures.

Edge: The edge in the control flow graph is used to link the direction of nodes.

Decision node: The decision node in the control flow graph is used to decide next node of the
procedure as per the value.

Junction node: The junction node in the control flow graph is the point where at least three
links meet.

6
Cont.…
Example:

public class VoteEligiblityAge {

public static void main(String []args)

{
int n=45;
if(n>=18)
{
System.out.println("You are eligible for voting");
} else
{
System.out.println("You are not eligible for voting");
}
}
}

9
The above example shows eligibility criteria of age for
voting where if age is 18 or more than 18 so print message
"You are eligible for voting" if it is less than 18 then print
"You are not eligible for voting."

Program for this scenario is written above, and the control

flow graph is designed for the testing purpose.

In the control flow graph, start, age, eligible, not eligible

and stop are the nodes, n>=18 is a decision node to decide
which part (if or else) will execute as per the given value.
Connectivity of the eligible node and not eligible node is
there on the stop node.

Test cases are designed through the flow graph of the

programs to determine the execution path is correct or
not. All nodes, junction, edges, and decision are the
essential parts to design test cases.
 2. Condition Coverage
• Condition testing is a test construction method that focuses on exercising the logical
conditions in a program module.
• It focus on testing, each condition in program.
• The purpose of condition testing, not only to detect to error related to condition , but
also other error in program.
• Errors in conditions can be due to:
• Boolean operator error
• Boolean variable error
• Boolean parenthesis error
• Relational operator error
• Arithmetic expression error

11
 3. Data Flow Testing
• Selects test paths according to the location of definitions and use of variables.
• This is a somewhat sophisticated technique and is not practical for extensive
use.
• This approach is effective for error protection.
• Example:
Process A
P1
Do while B1
If B2 then
If B3 then
Else
B4
End if
-------------
-------------
-------------
End Process
12
4. Loop Testing
• Loops are fundamental to many algorithms and need thorough testing.

• There are four different classes of loops: simple, concatenated, nested, and
unstructured.
 5. Statement Coverage

• Statement Coverage is simplest form of white

box testing, whereby a series of test cases are
run such that each statement is executed at least
once.
• Often CASE Tool, keep track of how many
time each statement has been executed.
• Weakness of this approach is that, there is no
guarantee that all outcomes of branches are
properly tested.

14
 6. Branch Coverage
• Branch Coverage is an improvement over statement coverage, in that a series of tests are run to
ensure that all branches are tested at least once.

• It is also called Decision coverage. It requires sufficient test cases for each program decision or
branch to be executed, so that each possible outcome occurs at least once.

• It is considered to be a minimum level of coverage for most software product, but decision
coverage alone is insufficient for high integrity application. "For every decision, each branch
needs to be executed at least once."
• Obvious decision statements are if, for, while, switch.
• Subtle decisions are return (Boolean expression), ternary expressions, try-catch.
• One shortcoming - ignores implicit paths that result from compound conditionals.
• It will Treats a compound conditional as a single statement.

15
Cont.…
 7. Path Coverage:
• Path Coverage Testing is very powerful form of white box testing; all path are
tested.

• The number of path in a product with loop can be very large and method have
been devised to reduce the number of path to be examine.

• This technique capable to uncover more fault than branch testing.

• It states that each and every programming statement from start to end, executed
at least once.

• Due to large number of possible path through software program, path coverage is
generally is generally not achievable.

• The amount of path coverage is normally established based on the risk or critical
software under test.
17
Cont.…
 8. Mutation Testing

• Idea: make small changes to the program source code (so that the modified versions
still compile) and see if your test cases fail for the modified versions
• Purpose: estimate the quality of your test suite
• Mutation operator = a rule that specifies a syntactic variation of the program text so
that the modified program still compiles
• Mutant = the result of an application of a mutation operator
• The quality of the mutation operators determines the quality of the mutation testing
process.
• Mutation operator coverage (MOC): For each mutation operator, create a mutant
using that mutation operator.

19
20
21
 What Does White Box Testing Focus On?
White box testing takes advantage of extensive knowledge of an application’s internals to
develop highly-targeted test cases. Examples of tests that might be performed during white box
testing include:
Path Checking: White box testing can be used to explore the various execution paths within an
application to ensure that all conditional statements are correct, necessary, and efficient.
Output Validation: This enumerates the various potential inputs to a function and ensures that
each produces the expected result.
Security Testing: Static code analysis and other white box testing techniques are used to
identify potential vulnerabilities within an application and validate that it follows secure
developmentbest practices.
Loop Testing: Tests the loops within an application to ensure that they are correct, efficient, and
properly manage the variableswithin their scope.
Data Flow Testing: Tracks variables throughout the execution paths of a program to ensure that
variables are declared, initialized, used, and properly manipulated.
White Box Testing
Advantages
As the tester has knowledge of the source
code, it becomes very easy to find out which
type of data can help in testing the application
effectively.
It helps in optimizing the code.
Extra lines of code can be removed which can
bring in hidden defects.
Due to the tester's knowledge about the code,
maximum coverage is attained during test
scenario writing.
Disadvantages
Due to the fact that a skilled tester is needed
to perform white-box testing, the costs are
increased.
Sometimes it is impossible to look into every
nook and corner to find out hidden errors that
may create problems, as many paths will go
untested.
It is difficult to maintain white-box testing, as
it requires specialized tools like code analyzers
and debugging tools.
 Grey Box Testing
⚫ Grey-box testing is a software testing method to test the software application with partial

knowledge of the internal working structure. It is a combination of black box and white box
testing because it involves access to internal coding to design test cases as white box testing
and testing practices are done at functionality level as black box testing.

⚫ Grey-box testing commonly identifies context-specific errors that belong to web systems. For

example; while testing, if tester encounters any defect then he makes changes in code to
resolve the defect and then test it again in real time. It concentrates on all the layers of any
complex software system to increase testing coverage. It gives the ability to test both

presentation layer as well as internal coding structure. It is primarily used in integration testing
42 and penetration testing.
 Why Grey Box testing?
▪ Reasons for GreyBox testing are as follows
▪ It provides combined benefits of both Black box and
White Box testing.
▪ It includes the input values of both developers and testers at the same
time to improve the overall quality of the product.

▪ It reduces time consumption of long process of

functional and non-functional testing.

▪ It gives sufficient time to the developer to fix the

product defects.
▪ It includes user point of view rather than designer or tester point of view.

▪ It involves examination of requirements and determination of

specifications by user point of view deeply.

25
 Grey Box Testing Strategy
⚫ Generic Steps to perform Grey box Testing are:
1. First, select and identify inputs from BlackBox and WhiteBox testing inputs.
2. Second, Identify expected outputs from these selected inputs.
3. Third, identify all the major paths to traverse through during the testing period.
4. The fourth task is to identify sub-functions which are the part of main functions to perform
deep level testing.
5. The fifth task is to identify inputs for subfunctions.
6. The sixth task is to identify expected outputs for subfunctions.
7. The seventh task includes executing a test case for Subfunctions.
8. The eighth task includes verification of the correctness of result.
The test cases designed for Greybox testing includes Security related, Browser related, GUI
related, Operational system related and Database related testing.

26
 Grey Box Testing
Advantages Disadvantages

Offers combined benefits of black-box and Since the access to source code is not available, the
white-box testing wherever possible. ability to go over the code and test coverage is
limited.

Grey box testers don't rely on the source code; The tests can be redundant if the software
instead they rely on interface definition and designer has already run a test case.
functional specifications.

Based on the limited information available, a grey- Testing every possible input stream is unrealistic
box tester can design excellent test scenarios because it would take an unreasonable amount of
especially around communication protocols and time; therefore, many program paths will go
data type handling. untested.

The test is done from the point of view of the user

and not the designer.

27
 Black-BoxTesting Grey-BoxTesting White-BoxTesting
The internal workings of an The tester has limited knowledge of Tester has full knowledge of the
application need not be known. the internal workings of the internal workings of the
application. application.

Also known as closed-box testing, Also known as translucent testing, Also known as clear-box testing,
data-driven testing, or functional as the tester has limited knowledge of structural testing, or code-based
testing. the insides of the application. testing.

Performed by end-users and also Performed by end-users and also Normally done by testers and
by testers and developers. by testers and developers. developers.

Testing is based on external Testing is done on the basis of Internal workings are fully known
expectations - Internal behavior of high-level database diagrams and and the tester can design test data
the application is unknown. data flow diagrams. accordingly.

It is exhaustive and the least time- Partly time-consuming and The most exhaustive and time-
consuming. exhaustive. consuming type of testing.

Not suited for algorithm testing. Not suited for algorithm testing. Suited for algorithm testing.

This can only be done by trial-and- Data domains and internal Data domains and internal
error method. boundaries can be tested, if known. boundaries can be better tested.

28
 The different types of Software Testing
⚫ The categorization of software testing is a part of diverse testing activities, such

as test strategy, test deliverables, a defined test objective, etc. And software
testing is the execution of the software to find defects.

⚫ The purpose of having a testing type is to confirm the AUT (Application Under

Test).

⚫ To start testing, we should have a requirement, application-ready, necessary

resources available. To maintain accountability, we should assign a respective

module to different test engineers.

29
 Cont.…
• Acceptance Testing : Acceptance testing, is the final testing of the product against the specifications of
the end user or customer. It is the formal testing conducted to determine whether or not a system satisfies
its acceptance criteria and to enable the customer to determine whether or not to accept the system.
• It is usually based on “hands-on” use of the product by the end users/customers over some limited period
of time.
• This testing process is usually performed by customer representatives or UAT team.

⚫ Load Testing: Load testing puts demand on a system or device and measures its response. It involves testing

an application under heavy loads such as testing a website under a range of loads to determine at what
point the system’s response time degrades or fails. Load testing is frequently performed on an ad hoc
basis during the normal developmental process.

⚫ It is particularly useful because it can quickly and economically identify performance problems without

hand checking. It is usually conducted by the performance engineers

30
 Cont.…
⚫ Stress Testing: Stress testing evaluates a system or component at or beyond the limits of its specified
requirements. This is a term that is often used interchangeably with “load” and “performance” testing
by professionals. It serves the same purpose as load testing in the sense that it is looking to predict
failure thresholds.
⚫ Stress tests normally test system functioning under specific conditions such as unusually heavy loads,
heavy repetition of certain actions, input of large numerical values, and large complex queries to a
database system.
⚫ It differs from load testing in the sense that any potential area of failure under stress is targeted (not

just load). This testing process is usually conducted by the performance engineer.
 Cont.…
⚫ Usability Testing: Usability testing is one of the more common general testing approaches. It verifies the ease

with which a user can learn to operate, prepare inputs for, and interpret outputs of a system or component.
Usability testing could be understood as testing for “user friendliness” or user comfortability. This testing process
is usually performed by the end users. User interviews, surveys, video recording of user sessions, and other
techniques can be used. Programmers and testers are usually not appropriate as usability testers.

⚫ Install/Uninstall Testing: Install/uninstall testing is a type of quality assurance work that focuses on what
customers will need to do to install and set up the new software successfully. It may involve full, partial, or
upgrades install/uninstall processes. It is typically done by a software testing engineer in conjunction with the
configuration manager.
 Cont.…
⚫ Recovery Testing: Recovery testing evaluates how well a system recovers from crashes, hardware
failures, or other catastrophic problems. This testing process is performed by the testing teams.

⚫ Security Testing: Security testing determines that an information system protects data and maintains

functionality as intended, and how well the system protects against unauthorized internal or external
access. It may require sophisticated testing techniques. Security testing can be performed by testing
teams or by specialized security testing companies.

⚫ Alpha Testing: Alpha testing is a type of testing of a software product or system conducted at the
developer’s site. It is typically done by end users or others and definitely not by programmers or testers.
It takes place when an application is nearing completion. Some minor design changes can be made as a
result of such testing, so it is not as widely circulated.

52
 Cont.…
⚫ Beta Testing: Beta testing is the final testing before releasing the application for commercial purpose.

This is by far the most common method of final testing a new product in the real world. Beta testing
takes place when development and testing are essentially completed and final bugs and problems
need to be found before final release. It is typically done by end users or others and not by
programmers or testers.

⚫ Automated Testing: Automated testing is the testing technique that uses automation testing tools to
control the environmental setup, the execution of tests, and reporting of the results. This testing
process is performed by a computer and is used inside the testing teams. This requires a formalized
“manual testing process” that currently exists. The tester must first establish an effective testing
process.

⚫ The real use and purpose of automated test tools is to automate regression testing. This means that
a tester must have or must develop a database of detailed test cases that are repeatable and these tests
should be run every time there is a change to the application to ensure that the change does not
53 produce unintended consequences.