A white-box test is also called a structure test or a logic-driven test, which is based on Program The internal structure test program checks whether the internal actions of the product are normal in accordance with the specifications of the design specification, and checks whether each path in the program works correctly according to the predefined requirements.
This method regards the test object as an open box. The tester designs or selects test cases based on the information about the internal logic structure of the program to test all the logic paths of the program, check the program status at different points to determine whether the actual status is consistent with the expected status.
How can I test the software? Common Software Testing Methods include static testing methods and dynamic testing methods. Static testing of the software does not require the actual execution of the tested program on the computer. It mainly analyzes and tests the software with some manual simulation techniques; dynamic Testing of software dynamically runs programs by inputting a set of instance data constructed in advance according to certain test criteria to detect program errors.
The white box test methods are as follows: Code Check Method, static structure analysis method, static quality measurement method, logical coverage method, basic path test method, domain test, symbol test, Z path coverage, program variation.
The coverage standards of the white box test method include logical coverage, cyclic coverage, and basic path testing. Logical overwrites include statement overwrites, decision overwrites, condition overwrites, decision/condition overwrites, condition combination overwrites, and path overwrites.
Six coverage criteria: statement coverage, decision coverage, condition coverage, decision/condition coverage, condition combination coverage, and path coverage. The ability to detect errors varies from weak to Xeon. The statement overwrites each statement and is executed at least once. The decision overwrites each decision and each branch must be executed at least once. When a condition overwrites each criterion, various possible values are obtained. Both decision/condition coverage and decision coverage. Condition combinations overwrite each combination of conditions in each decision at least once. The path overwrites each possible path in the program to be executed at least once.
The "white box" method provides a comprehensive understanding of the internal logic structure of the program and tests all logical paths. The "white box" method is to test the exhaustive path. When using this scheme, the tester must check the internal structure of the program and obtain the test data starting from the logic of the program. The number of independent paths throughout the program is astronomical. However, even if each path is tested, errors may still occur. First, the exhaustive path test cannot identify that the program violates the design specifications, that is, the program itself is a wrong program. Second, the exhaustive path test cannot identify errors caused by missing paths in the program. Third, some data-related errors may not be found in the exhaustive path test.
How to Select white box testing tools
White box testing is currently mainly used in software fields with high reliability requirements, such as military software, aerospace software, industrial control software, and so on. White box testing tools should be mainly used to support development languages, depth of code coverage, testing of embedded software, and visualization of testing.
Support for development languages: the white box testing tool is Source code The main content of the test includes lexical analysis and syntax analysis, static error analysis, and dynamic detection. However, for different development languages, the implementation methods and content of test tools differ greatly. Currently, the test tool supports the following development languages: Standard C, C ++, Visual C ++, Java, and Visual J ++.
Code coverage depth: from the detailed analysis of overwriting source program statements, the logic coverage standards include the following different coverage standards: overwrite statements, overwrite conditions, overwrite conditions, overwrite condition combinations, overwrite multiple conditions, and overwrite condition correction conditions.
· To expose errors in the program, each statement in the program should be executed at least once. Therefore, statement coverage means to select enough test data for each statement in the program to be executed at least once. Statement overwrite is a weak logical overwrite.
· Demo-coverage is the standard for a slightly higher overwrite ratio than a statement ). The meaning of decision coverage is: Design enough test cases so that each decision in the program gets at least one "True Value" or "false value ", in other words, each of the "true" branches in the program and the "false" branches must go through at least one time. Therefore, decision coverage is also called branch coverage.
· The conditions are covered in the design program. A judgment statement is a composite judgment composed of multiple conditions. To thoroughly implement logical coverage, the conditional coverage standard can be adopted. The meaning of condition coverage is: Construct a set of test cases so that the possible values of each logical condition in each decision statement are met at least once.
· Multi-condition coverage is also referred to as condition combination coverage. It means to design sufficient test cases so that all possible combinations of conditions in each decision can appear at least once. Obviously, the test cases that meet multi-condition coverage must meet the requirements of decision coverage, condition coverage, and condition decision combination coverage.
· Amendment condition determination coverage amendment condition determination coverage is the "air transportation and equipment system software certification standard" jointly developed by European and American aerospace/aerospace manufacturers and user agencies ", currently, it is widely used in foreign national defense and aerospace fields. This coverage measure requires sufficient test cases to determine the results of the Inclusion determination that each condition can affect. It requires that two conditions be met: first, the entry and exit points of each program module should be considered at least once, and each program should be converted to all possible result values at least once; secondly, the determination of the program is decomposed into boolean conditions connected by logical operators (and, or). Each condition is independent of the judgment result value.
Different test tools have different code coverage capabilities. Generally, testing tools that support conditional correction overwrite are extremely expensive.
Test of embedded software: To test embedded software, we also need to consider the support capability of testing tools for Embedded operating systems, such as DOS, VxWorks, neculeus, Linux, and Windows CE; on the other hand, we also need to consider the hardware platform support capabilities of the testing tool, including whether all 64/32/16-bit CPUs and MCU are supported, and whether the PCI/VME/CPCI bus is supported.
Visualization of testing: white box testing is a huge workload and boring job. visual design is very important for testing. When purchasing a white-box testing tool, you should consider whether the visualization of the testing tool is good, for example, whether the coverage rate function distribution chart and the rising trend chart can be displayed during the testing process, whether to use different colors to distinguish between executed and unexecuted code segments and display allocated memory real-time charts. These charts play a significant role in improving the test efficiency and quality.
Test the basic path of white box testing
White box testing methods include code check, static structure analysis, static quality measurement, logical coverage, basic path testing, domain testing, symbol testing, Z path coverage, and program variation.
The most widely used is the basic path test method.
The basic path test method is based on the control flow diagram of the program. By analyzing the loop complexity of the control structure, the basic executable path set is exported to design the test case method.
The designed test case should ensure that each executable statement of the program in the test should be executed at least once.
Based on the control flow diagram of the program, the complexity of the loop is analyzed and the set of basic executable paths is exported to design the test cases. This includes the following four steps and a tool method:
1. control flow diagram of a program: A graphical method that describes the control flow of a program.
2. Program circle complexity: McCabe complexity measurement. From the loop complexity of the program, you can export the number of independent paths in the set of program basic paths, which is the upper limit to determine the number of test cases required for each executable statement in the program to be executed at least once.
3. Export test cases: design case data input and expected results based on the complexity of the circle and the program structure.
4. Prepare test cases: ensure the execution of each path in the basic path set.
Tool method:
Graphical matrix: a software tool that assists in basic path testing. It can be used to automatically determine a basic path set.
Control Flow Diagram of a program: A graphical method that describes the control flow of a program.
A circle is a node of a control flow chart. It represents one or more non-branch statements or source program statements.
A flow chart has only two types of graphical symbols:
Each circle in the graph is called the node of the stream graph and represents one or more statements.
The arrows in a flow chart are called edges or links, representing the control flow.
Any process design should be translated into a control flow diagram.
How to draw a control flow chart based on the program flow chart?
Note the following when simplifying a program flow chart into a control flow chart:
In the selection or multi-branch structure, the branch aggregation should have one aggregation node.
The area delineated by the edge and the node is called a region. When the area is counted, the area outside the graph should also be recorded as a region.
Steps for the basic path test:
Step 1: Draw a control flow chart
The flowchart describes the program control structure. You can map a flow chart to a corresponding flow chart (assuming that the diamond decision box of the flow chart does not contain composite conditions ). In a flow chart, each circle is called a node of a flow chart and represents one or more statements. A processing box sequence and a diamond test box can be mapped to a node. Arrows in a flow chart, called edges or connections, represent the control flow, similar to arrows in a flow chart. An edge must end at a node, even if the node does not represent any statement (for example, if-else-then structure ). The range defined by the edge and node is region. The calculation area should include the external scope of the graph.
Step 2: computation lap complexity
Circle complexity is a software measure that provides quantitative measurement for the complexity of program logic. It is used to calculate the basic number of independent paths of a program, the upper limit of the number of tests executed at least once for all statements. An independent path must contain an edge that is not used before the definition.
There are three methods to calculate the complexity of the circle:
The number of areas in the flow chart corresponds to the complexity of the cycle;
Given the circle complexity V (G) of the flow graph G, it is defined as V (G) = E-N + 2, e is the number of edge in the flow graph, n is the number of nodes in the flow graph;
Given the sphere complexity V (G) of the stream graph G, it is defined as V (G) = p + 1, and P is the number of nodes identified in the stream graph G.
Step 3: export the test case. Based on the above calculation method, four independent paths can be obtained. (An independent path refers to at least one new processing statement or a new judgment program path introduced in comparison with other independent paths. The value of V (G) is equal to the number of independent paths of the program .)
Path:-14
Path:-6-7-14
Path 3: 4-6-8-10-13-4-14
Path: 4-6-8-11-13-4-14
Based on the independent path above, design the input data so that the program runs to the above four paths respectively.
Three-Step white box testing
1) manually design test cases to test the basic functions based on the Code functions;
2) Calculate the white box coverage rate and design test cases for uncovered white box units to achieve complete white box coverage. The ideal coverage rate is 100% statement, condition, branch, and path coverage;
3) automatically generate a large number of test cases to capture the errors caused by "Programmer does not handle certain special inputs.
The test cases in step 1 are usually ready-made, because the detailed design documentation specifies the basic functions of the program, and there is no documentation. When programming, programmers should also be clear about the functions of the program, these basic functions are basic test cases;
Step 2 is based on Step 3. Check the uncovered white box unit. Because the uncovered logical unit usually corresponds to the untested equivalence class, therefore, the test cases omitted in step 1 can be found;
Step 1 uses automatic dynamic testing to compensate for inherent defects in step 2.
The "Three-Step Method" should avoid repeated work as much as possible. The white box method and the black box method are combined, and the manual method and the automatic method are supplemented. If the coverage rate of step 1 is satisfactory, therefore, it is basically guaranteed to find all the equivalence classes. Within the limits allowed by the development process, the "three-step method" is close to the limit, and the word "thorough test" is enough.
[Edit this section]
Differences between black box testing and white box testing
Black box testing
A black box test is also called a function test or a data-driven test. It is a function of a known product. It is tested to check whether each function can be used normally. during testing, taking the program as an unopened hacker, the tester tests the program interface without considering the internal structure and features of the program, it only checks whether the function of the program can be used properly according to the requirements of the specification, and whether the program can properly receive the input saw to generate the correct output information, and maintain the integrity of external information (such as databases or files. The black box testing method mainly includes equivalence classification, edge value analysis, cause-result diagram, and error speculation. It is mainly used for software validation testing. The black box method focuses on the external structure of the program, does not consider the internal logic structure, and tests the software interface and software functions. The "black box" method is an exhaustive input test. Only when all possible inputs are used as test conditions can all program errors be identified in this way. In fact, there are infinite number of tests. People should not only test all valid inputs, but also test those illegal but possible inputs.
White box testing
The white-box test is also called the structure test or logic-driven test. It knows the internal working process of the product and can be used to test whether the internal operation of the product is normal according to the specifications, test the program according to the internal structure of the program to check whether each channel in the program can work correctly according to the predefined requirements, regardless of its functions, the main methods of white box testing include logic-driven and baseline testing, which are mainly used for software verification.
The "white box" method provides a comprehensive understanding of the internal logic structure of the program and tests all logical paths. The "white box" method is to test the exhaustive path. When using this scheme, the tester must check the internal structure of the program and obtain the test data starting from the logic of the program. The number of independent paths throughout the program is astronomical. However, even if each path is tested, errors may still occur. First, the exhaustive path test cannot identify that the program violates the design specifications, that is, the program itself is a wrong program. Second, the exhaustive path test cannot identify errors caused by missing paths in the program. Third, some data-related errors may not be found in the exhaustive path test.
When using the white box testing method, software engineers mainly want to check the program module as follows:
-Test all independent execution paths of the program module at least once;
-For all logic judgments, the test should be performed at least once in the case of "true" and "false;
-Execute the loop body within the loop boundary and running boundary;
-Test the validity of the internal data structure.
Specific logic overwrites include:-statement overwrites-decision overwrites-condition overwrites-decision-condition overwrites-path overwrites.
White box testing (white box testing): it goes deep into the code-Level Test and uses this technology to discover the earliest problems and achieve the best results. The main feature of this technology is that the test object enters the code. Based on the developer's familiarity with the Code and the program, the necessary parts are carried out in the software coding stage, the software tests performed by developers based on their understanding and contact with the code are called white box tests. This phase of testing is mainly for software developers. The xunit series tools are used for testing on the Java platform. The xunit testing tool is a Class-level testing tool that tests each class and its methods.
Black box testing: black box testing mainly includes the following aspects, but it is mainly functional. It mainly covers all functions and can be carried out in combination with compatibility and performance testing. Based on the software requirements, design documents, simulate the actual testing of customer scenarios with the system, this testing technology is the most widely used testing technology that covers all aspects of testing. You can consider the following aspects:
C correctness (correctness): calculation results, naming, and other aspects.
D. availability (usability): Description of whether the software can be satisfied.
Boundary condition: the boundary value of the input part, which is to use the equivalence class defined in the general book, and try the maximum, minimum, and invalid data.
F Performance: the time required for the system to complete a task during normal use, and the response time for multiple users to use at the same time is within the acceptable range. The performance of systems implemented by J2EE technology needs to be taken care of. The general principle is to accept the performance within 3 seconds, 3-5 seconds, and more than 5 seconds, which affects ease of use. If you find performance problems during the testing process, it is very difficult to fix them, because this often means that Algorithm Poor, poor structure, or design problems. Therefore, in the initial stage of product development, we must consider the performance of the software.
Stress Testing (stress): stress testing tools can be considered for multiple users. We recommend that you combine stress and performance testing. If there is load balancing, you need to turn on the monitoring tool on the server to view the server's CPU usage and memory usage. If necessary, you can simulate a large amount of data input, the impact on the hard disk, and other information. Performance optimization is required if necessary (both software and hardware are acceptable ). The stress test here targets several features.
H error recovery: error handling, page data verification, including sudden power failure and dirty data input.
I Security Testing (security): this field is under research. Firewall, patch pack, anti-virus software, and so on do not have to be mentioned, but you can consider it. In the destructive test, I read some information and learned that the knowledge I designed here can be written in this book. It is not a one or two sentence clear, especially for some business websites, or the web related to money or company secrets requires tests in this area. In foreign countries, someone who specializes in this field is called a security consultant and can review the code, I have not heard of any content dedicated to security technology testing in China, including security suggestions and solutions for emergencies.
J compatibility: different browsers and application versions provide different functions for accessing the Internet. If you are testing a public website.