TrainingConferencesAbout UsContact UsAdvertiseSQE.comRSS Feed
StickyMinds.com: brain food for building better software

Log In

Search For:
 Clarify Your Search Criteria

Tips on Using Our Search Feature(s)
 
StickyMinds.com Home
ResourcesTopicsCommunityPowerPassBlogs
Home  >  Detail: Thinking Outside the Boxes



A StickyMinds.com Original
Article Picture
Thinking Outside the Boxes

By Bret Pettichord

Send This Content to a FriendGet a Short Link to This ContentPrint This ContentSee User Comments About This Content

Summary: We've all heard the terms "black box" and "white box" thrown around in a variety of contexts, but what do they really mean? This week, industry expert Bret Pettichord explains some of the fundamental problems with using these terms as shorthand labels for techniques and how they can lead to confusion.


Infosys
As a writer on software testing, I get questions from testers who need help. Twice in the past week people studying for software testing certification exams have written to me to get clarification about a column I wrote awhile back for StickyMinds: “Five Ways to Think about Black Box Testing.” I wrote that column after I noticed that several people on my project were using the term "black box testing" in fairly different ways. Recognizing a pattern in the various interpretations, I came up with even more definitions of black box testing that I considered to be just as valid. So I wrote the column for StickyMinds, and I revised the test plan for my project to be specific about how those terms were being used. That resolved the issue for my team, but how does it help someone who is looking for a definitive answer for an exam? 
 
Fundamentally, the problem with terms like "black box" and "white box" is that they describe the thinking behind the tests, not the tests themselves. They describe what kind of information was or wasn't used in the design of the tests. Black box means we don't know what the code looks like when we write out tests. White box means we do. (Though logically, it should really be called "clear box.") So you can't tell by looking at the test itself whether it is a black box test or a white box test. You'd have to know how it was created. 
 
To add to the confusion, both terms are commonly used -- even by experts -- as shorthand labels for techniques. Code coverage analysis is typically described as a white box technique, because it provides a method for assessing tests based on how they exercise (or cover) the code. This requires knowing what the code looks like. On the other hand, boundary value analysis is typically described as a black box technique, because it starts by noticing boundaries in 
external program behavior and then suggests focusing testing at those boundaries. It doesn't require knowledge of the internals of the code. 
 
But code coverage tools can be used with black box tests. What would you call that? And boundary value analysis can benefit from knowing where internal boundaries are in the code. Is this gray box testing? 
 
Black box and white box are simply metaphors. They can be useful to highlight 
an important issue in testing: How much knowledge of the system do we need before we can apply a particular technique? But that’s just be the beginning of thinking of how to test software. The black box metaphor shouldn't be seen as implying that some testing is better when done out of ignorance. And both metaphors could be criticized for orienting to the code, rather than the customer. Sadly, to invert the metaphor, many programmers and development organizations treat the customers and users as black boxes, when they might be better off trying to understand the internal goals and thought processes that their users have when they are using the software. 
 
Any metaphor can be either useful or misleading depending on how it is used. Black box and white box become particularly dangerous when they are mistaken for scientific terminology. Consider these questions from the preparation workbook for the QAI certified software test engineer exam that the testers asked me about 
 
Unit testing uses which test strategy or strategies? 
a. Black box testing 
b. Gray box testing 
c. White box testing 
d. Both b and c  
 
Acceptance testing uses which test strategy or strategies? 
a. Black box testing  
b. Gray box testing 
c. White box testing 
d. Both a and c 
 
Integration testing uses which test strategy or strategies? 
a. Black box testing  
b. Gray box testing  
c. White box testing  
d. Both a and b 
 
 
The real answer is that unit testing, acceptance testing, and integration testing can all use black box, white box, or gray box techniques, but that’s not given as a possible answer. Typically, unit testing is associated with white box testing and acceptance testing with black box testing, but there is no rule saying this always must be. For example, test-driven development is a programming method based on unit tests. With this method, a programmer first writes a test that fails—because the necessary code is missing. Only after writing this test does the programmer write the code that makes the test pass. Because these tests are written before the code, they are arguably black box unit tests -- they can't be based on a knowledge of code, because the code hasn't been written yet! Indeed, the very goal of test-driven development is to encourage programmers to focus more on interfaces and behavior and less on structure and algorithms -- to think more about how their code will be used by others. 
 
It gets worse. If the exam questions mentioned only white and black box testing and acceptance and unit testing, then I could guess what the certifiers had intended the correct answers to be (even if I disagreed). But the answer choices include gray box testing, so I have no idea what was intended. Gray box testing isn't a scientific term either, but an attempt to suggest that it is often useful to gain partial knowledge of the system under test, its major components and its architecture. I've heard the term used only with regard to system testing, when a full white box understanding would be nearly impossible, and yet a black box understanding is often insufficient. I can't even imagine what would be meant by gray box unit testing. And how much knowledge does it take before black box testing becomes gray box testing? Well, there’s no way to draw a line. It’s just another metaphor, not a scientific classification. 
 
This brings us back to the testers who asked my advice. The fact that two people preparing for this test noticed the ambiguity and wrote to me about it, shows they are better at thinking about the nuances of these issues than the certifiers. The sensitivity they show is critical to excellent software testing. This says more to me about their abilities than the exam could ever say. Good testers notice ambiguities in systems and press on them, just as these two did by questioning the exam.  
 
It's too bad that this exam puts so much weight on such simple concepts. I hope other testers getting this certification won't be confused into thinking these terms mean more than they do. A lot of people would like to see software testers get more respect. But certifications that treat figures of speech as if they were scientific categories don't help. 
 
 
Further Reading: 
Five Ways to Think About Black Box Testing

About the Author
Bret Pettichord helps teams improve the effectiveness of their software testing and provides training and consulting on test automation and tools. He is a co-author of Lessons Learned in Software Testing. Read more of his thoughts on software testing at www.pettichord.com and his blog.

Back to Top 
 

Member Comments
Add Your CommentExpand Comments
 
Comment:    
by Eric Neumann 9/10/2005

Great article, however upsetting to those of us that have taken the CSTE test and FAILED due to the ambiguity, and seemingly subjective nature of the entire exam. I am appalled after having so much real world experience, and having study not one, but two of the study guides, and almost every book in the bibliographies - that I have managed to fail it. My goodness... not just me...?? That is what this article has culled from me - a response that echos any protests against the horrible QAI bastards. Yes, it's sour grapes - but with good reason I say. Thanks, for the memories.

 
 
Comment:    
by Arunkumar Balakrishnan 8/18/2005

Very nice distinction between Black and White box testing, in that they represent the 'thinking' behind the tests and not the tests themselves. They also represent situations. During development, the focus for each developer is to make sure that the module under development functions correctly, with respect to its functionality as well as to its internal data structures. Accordingly White box testing is used. Here knowledge about the structure of the module and internal data flow is required for testing and is known to the developer. During integration followed by pre-shipment testing, the focus is on interoperability, overall...Read On

 
 
Comment:    
by Patrick Bailey 8/17/2005

I'm not sure how it could be coordinated, but I would think that since testing is as much art as it is science (Jorgensen uses the craftsman metaphor), certification should be based on a form of apprenticeship under a "master" tester. Other areas do this. For instance, mechanical engineers must work under the guidance of a more experienced engineer for a number years and receive an endorsement from that person for certification in some states (although, that too requires a written test with it.) Maybe a combination so that the written test doesn't have to concentrate on terminology as much. Given that some systems now are life...Read On

 
 
Comment:    
by Steve Stramaglia 8/17/2005

Good article Bret, although I have always thought of ‘White’ & ‘Black’ box testing in simpler terms. White box testing is what Developers should do to ensure that the code Installs, starts the application and functions per the requirements. In other words, is functioning enough for QE to test all of the intended features. Hopefully they would have used a combination of unit tests (code coverage), basic tests of functionality and maybe some general systems tests to accomplish this. Black box testing is what Quality engineers do to ensure that the feature(s) work, based on the requirements and domain...Read On

 
 
Comment:    
by Chakravarthy M 11/29/2004

Great Article.

 
 
Comment:    
by vignan rao 4/10/2004

How the testing will be different in testing PROJECT and Product.On what we have to concentrate more in testing PRODUCTS.I wants to know same about client server and web applications.Is integration testing is testers part,if yes which approach is better and why?

 
 
Comment:    
by K Narayanan 4/8/2004

Bret - "The Jurisprudence of Software Testing" ! . Thanks for making it easier . Besides "Black" & "White" tag , everything else is only a colorful euphemism.

 
 
Comment:    
by Rodger Drabick 4/6/2004

Very interesting article, Bret. Has anyone taken the time to forward this article and the associated reader responses to QAI? Seems like they could learn something from this discussion, and I think they'd be WILLING to learn as well. On a different perspective, I always LIKED the concept of "gray box" for describing what most system and acceptance test engineers that I personally know do, namely look at the requirements, and at least look at the design structure that underlays the solution (e.g., the code). Sorry if the rest of the community can't handle that. And why wouldn't a unit tester use a gray box method? Are you saying that unit...Read On

Author's Response: 4/6/2004    
In one way of thinking, testing is either black-box or white-box, with grey-box somewhere in the middle. That was how i was thinking of the terms and how the certification questions were phrased. But if you think of black-box testing as being customer/requirements focussed and white-box testing as being code focussed, as you do, then of course you would want to have both. Is that what grey means? I was using grey box mean we had incomplete knowledge of the code. That's why it didn't make much sense to me to speak of grey-box unit testing. (How could i have partial knowledge of a five-line function?) But if grey-box means both white-box and black-box, as you use it, then i could see where it could make sense. I guess the meaning of grey box is a grey area!

 
 
Comment:    
by Richard Whitehead 4/6/2004

I think I'm OK with fuzzy definitions for the terms: as you say, they're just metaphors, a rough-and-ready classification of test development methodologies. My question is, why would the certifiers want to consider these terms as defining "test strategies"? They have nothing to do with what I would consider to be a test strategy. Makes you wonder what the certification is worth.

Author's Response: 4/6/2004    
Would you want to hire a tester who was certified to have simplistic views of test strategy? As Rex Black has said, you need to be careful about who you choose to be certified by.

 
 
Comment:    
by Matthew Edwards 4/5/2004

I think the separation of "black" versus "white" (clear/glass) has served its purposes historically helping those who need a separation .. have it. I wonder the validity today. I've grown more agnostic on this matter in that ... it's more important to me to have a systems thinking tester capable of requirements driven stuff all the way down to build routine attached unit test case work ... I don't much care about the label other than to help me understand "how" they were thinking when working on their test solutions. More like a logical versus physical separation .. but not real important to me at this point in my thought. Incrementally...Read On

Author's Response: 4/6/2004    
Problem solving is a key skill of software testing, but it is hard to test for with multiple choice. So instead the certifiers focus on definitions and practices that are often tendentious.

 
 
Comment:    
by Danny Faught 4/5/2004

It was out of a similar frustration that I wrote the "What is black box/white box testing?" section of the comp.software.testing FAQ (which was influenced partially by Dr. Beizer). The biggest thing I realized while trying to put it on paper was that the boxes didn't matter after the tests were designed. White box/black box/X-box are test design techniques, but they're irrelevant after the tests are written and running as regression tests. One of my pet peeves is seeing overly simplified terms like "white box testing" and "coverage testing" and practically any phrase ending with "testing", because they imply that they're all cookie cutter...Read On

Author's Response: 4/5/2004    
Here's the link to essay that Danny wrote about this: http://www.crim.ca/ctl/cst.FAQ.html#boxen The only think i would add is that I've never seen anyone discourage (much less forbid) black box testers from gaining internal knowledge of the code. In fact, it is usually encouraged when you have testers who understand code. But black box techniques simply don't require internal knowledge. As a practical matter, there is often too much code. As a black box tester, i would often look at diffs for fixes to understand better the sources of the problems i found. Cheating? I don't think so.

 
 
Comment:    
by Jim Hazen 4/5/2004

Brett - whole heartedly agree. I took the CSTE exam (passed it first time, yipee!) and there were questions that I did not agree with (due to 15+ years of experience and my own biases). I have to admit though I have been a "box" person (black vs. white, what the heck is grey?). But I tend to believe that the "hard" boundaries of the "boxes" are not hard and instead are amorphous (no shape). Each has techniques that can cross over and be used just as well. I like to think like Dr. Boris Beizer does, "there are no boxes". He wrote a short paper a few years back stating alot of what you do here. His whole premise (from what I remember)...Read On

Author's Response: 4/5/2004    
With 15 years experience, i'm sure you know there are few hard and fast rules in software testing. That's what makes many of these certifications so infuriating. Beizer suggests that speak of behavioral testing and structural testing instead of "black box" and "white box". My view is the techniques that are commonly called "white box" testing -- code coverage analysis techniques -- are not really testing at all, but rather methods for assessing tests. They are meta-testing.

 
 
Comment:    
by Matthew Heusser 4/5/2004

Interesting. I agree with the idea that Grey box is unscientific, but I suspect the certification vendors have a different motive: It is a respectable-sounding distraction option. By this logic, anyone who checks grey box "doesn't get it" and is trying to fake it as a tester, and should thus not get certified. The problem with this logic is that Grey box sounds really appealling to the kind of testing people often do at the system level, where they want some clue as to what's going on but the system is too complex for clear box testing. Thus, if I were taking the test, I would never have checked Grey box. Interesting article, and, I...Read On

Author's Response: 4/5/2004    
Grey box testing is appealing for just the reasons you state.

 
Back to Top



 
Ads By Google
What's This?
 
 

Home   |   Resources   |   Topics   |   Community   |   PowerPass



© 2010 StickyMinds.com. All rights reserved.
StickyMinds.com is a division of Software Quality Engineering.
Privacy Policy    Terms & Conditions    Link to StickyMinds.com    Feedback
ThoughtWorks

Rally Software




Agile Development Practices 

STARWEST