the high level architecture federate conformance testing

advertisement
THE HIGH LEVEL ARCHITECTURE
FEDERATE CONFORMANCE TESTING PROCESS
(REVISED)
Margaret Loper, Thom McLean, Margaret Horst, Kyle Crawford
Georgia Tech Research Institute
Georgia Institute of Technology
347 Ferst Drive
Atlanta, Georgia 30332
Keywords
High Level Architecture, Compliance Testing, Test Process, Test Tools
ABSTRACT: Conformance testing is the process of verifying that an implementation performs in
accordance with a particular standard. HLA Conformance testing ensures that a federate performs in
accordance with the Interface Specification and the Object Model Template (OMT) standards, per the HLA
compliance checklist. In order to determine if a federate performs in accordance with the interface
specification and OMT, a series of conformance tests are conducted. This paper describes the current
state of the test process and the tests that implement the process. U.S. Department of Defense (DoD)
federates will follow the process described in this paper to determine compliance with HLA.
1. Introduction
The HLA Compliance process has two parts:
Conformance and Certification. Conformance is
the process of verifying that an implementation
performs in accordance with a particular
standard [1]. HLA Conformance testing ensures
that a federate performs in accordance with the
Interface Specification [2] and the Object Model
Template (OMT) [3] standards, per the HLA
compliance checklist [4]. In order to determine
if a federate performs in accordance with the
interface specification and OMT, a series of
conformance tests are conducted, as described in
the remainder of this paper.
Certification is the process of validating that a
federate has been tested for conformance. This
means that once a federate has completed
conformance testing, the test results must be
validated before the federate can be certified as
“HLA Compliant.” A Certification Agent who
is accredited by the government executes the
certification process. The Certification Agent is
legally responsible for validating a federate’s
conformance test results.
It is important to note that conformance is
specific to a federate, not a federation.
Therefore once a federate has passed
conformance testing and has been certified as
HLA Compliant, it can be reused as often as
needed in federations.
Also note, HLA
Compliance does not guarantee federation
interoperability, rather it is the first step.
2. Overview of the Conformance
Process
Conformance testing is a four-step process, as
shown in Figure 1. The process described below
is the one the DoD will follow to determine if a
federate complies with the HLA. More details
on the conformance tests can be found in the
remainder of this paper.
T h e T e st P ro c ess
F e d e ra te U n d er T e st
STEP 1
C e r t if ic a t io n A g e n t
R e q u e s t I n f o r m a tio n o n T e s t P r o c e s s a n d
S u b m it A p p lic a tio n
C heck
C o m p lia n c e
D a ta b a s e
A d m in P r o c e d u r e s a n d C o n f o r m a n c e G u id e
STEP 2
S u b m it C o n f o r m a n c e N o te b o o k : S O M ,
C o n f o r m a n c e S ta te m e n t, S c e n a r io D a ta
R e tu r n S O M T e s t R e s u lts , I F T e s t D a ta
( F O M a n d T e s t S e q u e n c e ) , a n d T e s t D a te
STEP 3
S u b m it T e s t E n v ir o n D a ta a n d .r id /.f e d file s ;
C o n f ir m T e s t S e q u e n c e a n d D a te
C o n f ir m T e s t I n f o ( D a te , S e q u e n c e , E n v ir o n )
STEP 4
E x e c u te I F T e s t
R e tu r n I F T e s t R e s u lts a n d C S R
C onduct SO M and
C o n fo r m a n c e X - C h e c k
T e s ts ; G e n e r a te T e s t
D a ta
C h eck T est
S c h e d u le
L o g D a ta a n d
A n a ly z e , G e n e r a te
T e s t R e s u lts
Figure 1: HLA Conformance Test Process
In Step 1 of the Conformance process, the
developers of a federate request information on
the test process from the Certification Agent by
completing a HLA test application.
The
Certification Agent checks the official
Compliance Database to determine the federate’s
priority for compliance testing and responds with
administrative procedures and the Conformance
Guide which describes the conformance tests. It
is important to note that the test process is
initiated by the federate developer, not the
Certification Agent, and it is the responsibility of
the federate developer to ensure that the federate
under test (FUT) represents a stable and mature
release of code. Ideally, the test process should
be initiated late in beta testing, so that the actual
tests are performed on the release version of the
code.
In Step 2 of the test process, the federate
developer submits the Conformance Notebook
(CN) to the Certification Agent. The CN
includes the Simulation Object Model (SOM),
the Federate Conformance Statement (CS), and,
as an option, Scenario Data. The CS is a record
of the Interface services a federate can invoke
and respond to (described in section 3.3 below);
Scenario data describes existing scenarios the
federate can execute which invoke the Interface
services asserted in the CS. The Certification
Agent checks the SOM for conformance to the
OMT (“SOM Conformance Test”) and, once
conformant, the Certification Agent checks the
SOM against the CS for consistency
(“Conformance Cross-Check”). Results for the
first two tests are then returned to the federate
developer.
Once the FUT successfully passes the SOM and
Conformance
Cross-Check
tests,
the
Certification Agent uses the SOM, CS and
Scenario data to generate a Test Sequence and
Test FOM to be used by the FUT during the
Interface (IF) test. The Test Sequence and Test
FOM indicate the services the federate must
invoke and the range of data it must use to prove
it implements the Interface services correctly.
The Test FOM and Test Sequence are described
in Section 3.3. In addition to the IF test data, the
Certification Agent sends the federate developer
instructions for downloading the version of the
Run Time Infrastructure (RTI) that is
instrumented for testing. The FUT is required to
use this particular RTI version for IF testing.
The Certification Agent proposes a date and time
for IF testing based on other testing
commitments in a schedule maintained by the
Certification Agent.
In Step 3, the federate developer reviews the
Test FOM and Test Sequence generated by the
Certification Agent, download and install the
RTI to use for testing at the developer’s site, and
submit test environment data to the Certification
Agent. At this point, both the federate developer
and the Certification Agent confirms the test date
and time. The FUT must be able to connect to
the RTI that is instrumented for testing and must
be prepared to conduct the test sequence multiple
times.
In Step 4 of the test process, the IF test is
executed by the federate developer and the
Certification Agent. The IF Test uses two types
of input data to verify the correct implementation
of the Interface services by the federate. First is
Nominal test data, which ensures that the FUT
can invoke and respond to all services for which
it is capable, per its CS. The second type of data
is the Representative SOM (RepSOM), which
ensures that the FUT is capable of invoking and
responding to services using the range of data
contained in its SOM (as suggested by the
Scenario data if supplied). The Certification
Agent logs service data from the test, analyze the
data, generate test results, and return a
Certification Summary Report (CSR) to the
federate developer. The CSR is the official
record of HLA compliance for the specific
version of the federate code tested.
3. Conformance Tests
The conformance processes for the object model
template and interface specification are distinct
but related. For each standard, there are several
distinct tests a FUT must complete. Then to test
the rules, a consistency test is performed
between the OMT and IF. These tests are
described below.
3.1 SOM Conformance Testing
In accordance with Federate compliance
checklist item 1, a federate must have a
Simulation Object Model in the OMT format. In
order to facilitate automated testing, the SOM is
tested using the OMT Data Interchange Format
(DIF) [5]. The DIF is a standard file exchange
format used to store and transfer object models
between OMT development tools. The SOM
conformance test process has three parts:
Parseability: ensure the SOM DIF is readable,
Completeness: ensure that all required data in
tables have been completed,
Consistency: ensure that data are consistent
across tables.
The parseability test is not strictly part of
conformance, but is a requirement of the
automated testing process, which ensures that the
DIF is readable.
The completeness and
consistency checks are conducted in accordance
with the OMT Test Procedures [6].
3.1.1 Parseability
The parseability tests ensure that the Object
Model conforms to the DIF standard [5].
Because of the specificity of the DIF, simply
parsing the DIF file can reveal many potential
problems in an object model. The parseability
test is completed simply through a parse tool,
which is programmed to accept only DIF
conformant data.
3.1.2 Completeness and Consistency
The completeness of an object model ensures
that it is self-sufficient. That is, it goes beyond
what is specifically required in the DIF format
definition to ensure that each element of the
object model is fully defined, and all
dependencies are resolvable. For example, if a
class is defined as having a superclass, the
completeness checks ensure that the definition of
that superclass exists.
Consistency checks
enforce context dependent rules on the object
model, which are not defined in the DIF. The
consistency checks are designed to catch logic
errors in the definition of an object model.
Below are examples of the specific checks for
parseability, completeness and consistency used
in one of the Object Model Development Tools
developed under DMSO sponsorship [7].
Object Model
Check for the existence of at least one class.
Classes
1. The class name is checked in order to make
sure it conforms to the OMT DIF
2.
3.
4.
5.
specification. [REF 5, section 2.2 Basic
BNF Constructs].
The class name is checked to make sure it
does not conflict with another class. [REF 3,
section 3.1.1 Purpose/Rationale].
The number of superclasses is checked to
insure that the class does not inherit from
more than one superclass. [REF 3, section
3.1.1 Purpose/Rationale].
The Publish and Subscribe options are
checked depending on the model type of
FOM or SOM. [REF 3, section 3.12].
Class definitions are checked to insure that
each class has its own textual description.
Attributes
1. The attribute name is checked in order to
make sure it conforms to the C standard for
user declared variables. [REF 5, section 2.2
Basic BNF Constructs].
2. The attribute name is checked to make sure
it does not conflict with another attribute in
its owning class. [REF 3, section 3.3.2]
1. The attribute name is then checked to make
sure it does not conflict with another
attribute that is inherited by its owning class.
Subclass attributes are not checked at this
point because as classes are checked all
superclasses and subclasses are checked and
any duplicate attributes are detected in the
hierarchy. [REF 3, section 3.3.2]
3. Transferable and Acceptable options are
checked. For a SOM the legitimate
combinations are T-Transferable, AAcceptable, TA, and N-Neither. For a FOM,
the legitimate combinations are TA and N.
[REF 3, section 3.3.2 Table Format].
4. Updateable and Reflectable options are
checked. For a SOM the legitimate
combinations are U- Updateable, RReflectable, and UR. For a FOM, the only
legitimate combination is UR. [REF 3,
section 3.3.2 Table Format].
5. Class definitions are checked to insure that
each attribute has its own textual
description.
3.2 Conformance Cross-Check Testing
The conformance cross-check rules, shown in
Table 1, list each OMT Table with its required
interface services, corresponding Interface
Specification [2] reference, and OMT [3]
reference. For the cross-check test, the services
asserted in the FUT’s Conformance Statement
are compared to the services implied by the
FUT’s SOM to determine if the two
specifications are consistent.
3.3 Interface Testing
In accordance with Federate compliance
checklist items 2-6, a federate must be capable of
supporting the services in the Interface
Specification, and as specified in its SOM. The
services a federate can invoke and respond to are
recorded in a Federate Conformance Statement.
The Conformance Statement, in the format
indicated in Table 2, is a list of all the interface
services with their corresponding Interface
Specification [2] reference, OMT [3] reference,
HLA Compliance Checklist [4] reference, and
whether the service is optional or mandatory, per
the Compliance Checklist.
A FUT is required to complete the Conformance
Statement indicating which services the federate
supports when submitting the Conformance
Notebook.
Only the services specifically
asserted in the Conformance Statement are tested
using the procedures outlined in the IF
Specification Test Procedures [8].
Two types of input data are used to verify the
correct implementation of the services asserted
in the Conformance Statement. The Nominal
test data ensures that the FUT can invoke and
respond to all services for which it is capable per
its CS. The Representative SOM (RepSOM)
test data ensures that the FUT is capable of
invoking and responding to services using the
range of data contained in its SOM, as suggested
by Scenario Data (if supplied by the FUT in its
Conformance Notebook).
In order to pass the interface tests, the federate
must execute a Test Sequence (scenario) which
proves it can invoke and respond to the services
as specified in the nominal and RepSOM test
data. The Test Sequence can be based on a
federate’s existing scenario data (if scenario data
submitted) or it can be arbitrarily generated by
the certification agent. These tests are described
more fully below.
OMT Table
Object Class
(P)
(S)
Object Interaction
(I)
(S)
(R)
Attribute/Parameter
(T) Active
(T) Passive
(A) Active
(A) Passive
(U)
(R)
IF Service Name
OMT Reference
IF Reference
Publish Object Class
Register Object
Subscribe Object Class Attributes
Discover Object
sec 3.1.2, page 10
sec 3.1.2, page 10
sec 3.1.2, page 10
sec 3.1.2, page 10
3.1
4.2
3.3
4.4
Publish Interaction Class
Send Interaction
Subscribe Interaction Class
Receive Interaction
Receive Interaction
Update Attribute Values
Publish Object Class
sec 3.2.2, page 19
sec 3.2.2, page 20
sec 3.2.2, page 20
sec 3.2.2, page 20
sec 3.2.2, page 20
sec 3.2.2, page 20
sec 3.2.2, page 20
3.2
4.6
3.4
4.7
4.7
4.3
3.1
Request Attribute Ownership
Divestiture
Attribute Ownership Divestiture
Notification†
Update Attribute Values
Publish Object Class
Request Attribute Ownership
Release†
Attribute Ownership Acquisition
Notification†
Update Attribute Values
Publish Object Class
Request Attribute Ownership
Acquisition
Attribute Ownership Acquisition
Notification†
Update Attribute Values
Request Attribute Ownership
Assumption†
Attribute Ownership Acquisition
Notification†
Update Attribute Values
Update Attribute Values
Publish Object Class
Reflect Attribute Values
Subscribe Object Class Attributes
sec 3.3.2, page 27
5.1
sec 3.3.2, page 27
5.3
sec 3.3.2, page 27
sec 3.3.2, page 27
sec 3.3.2, page 27
4.3
3.1
5.6
sec 3.3.2, page 27
5.4
sec 3.3.2, page 27
sec 3.3.2, page 27
sec 3.3.2, page 28
4.3
3.1
5.5
sec 3.3.2, page 28
5.4
sec 3.3.2, page 28
sec 3.3.2, page 28
4.3
5.2
sec 3.3.2, page 28
5.4
sec 3.3.2, page 28
sec 3.3.2, page 28
sec 3.3.2, page 28
sec 3.3.2, page 28
sec 3.3.2, page 28
4.3
4.3
3.1
4.5
3.3
Table 1: Conformance Cross Check (v0.2, 10 April 1997)
SERVICE
GROUP
Create/Destroy
Join/Resign
Pause/Resume
Save/Restore
SERVICE
Create Federation Execution
Destroy Federation Execution
Join Federation Execution
Resign Federation Execution
Request Pause
Initiate Pause†
Paused Achieved
Request Resume
Initiate Resume†
Resume Achieved
Request Federation Save
Initiate Federate Save†
Federation Save Begun
Federation Save Achieved
Request Restore
Initiate Restore†
Restore Achieved
IF
Ref
2.1
2.2
2.3
2.4
2.5
2.6
2.7
2.8
2.9
2.10
2.11
2.12
2.13
2.14
2.15
2.16
2.17
OMT
Ref
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Check
List
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
Item 6
M/O
M
M
M
M
O
O
O
O
O
O
O
O
O
O
O
O
O
Supported?
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
No
No
No
No
No
No
No
No
No
No
No
No
No
Table 2: (Partial) Conformance Statement
3.3.1 Nominal Test Data
3.3.2 Representative SOM Test Data
The Nominal test data ensures that the FUT can
invoke and respond to all services for which it is
capable.
As shown in Figure 2, the
Conformance Statement is compared to the
Master Sequence to create the Nominal
Sequence of services that the FUT can support.
The Master Sequence is a dependency tree of all
services defined in the IF Specification [2].
Where true dependencies exist (e.g., Publish
before Update), the Master Sequence shows a
mandatory ordering. If no dependency exists
(e.g., Update and Pause), the Master Sequence
ordering is arbitrary. Therefore, the Nominal
sequence is an ordering of IF services the
federate can invoke. If the FUT can invoke and
respond to all services in the IF specification, its
nominal sequence is equivalent to the Master
sequence.
The RepSOM test data ensures that the FUT is
capable of invoking and responding to services
using the range of data contained in its SOM.
For example, a FUT may be capable of
representing multiple objects, attributes, and
interactions. Instead of attempting an exhaustive
test using all combinations of the objects,
attributes, and interactions, a subset of the SOM
is chosen by the Certification Agent, which
represents a valid range of SOM data. This
“logical subset” forms the FUT’s Test FOM that
is the basis for RepSOM testing.
The RepSOM test data is generated from the
SOM and available Scenario Data submitted
with the Conformance Notebook, as shown in
Figure 2. The logical subset is derived from the
SOM by a set of rules, which select one to three
instances from each object, attribute, and
interaction table.
FUT Conformance Notebook
of FUT’s SOM
Figure 2: NominalSubset
and RepSOM
Tests Used to Create Test Sequence
SOM
RepSOM
Available Scenario
Data
+
Conformance Statement
∩
Master
Sequence
Test FOM
& Test
Sequence
FUT
Nominal
Sequence
RTI
Sequence of services
FUT can support
Sequence of all services in IFSpec
3.3.3 IF Test Sequence
Taking the Nominal Sequence and expanding it
by the RepSOM data generates the final Test
Sequence, as shown in Figure 2. The final Test
Sequence is, therefore, context sensitive as
compared to the nominal sequence. The FUT
should be prepared to execute the Test Sequence
multiple times within the Test Federation, as
specified by the Certification Agent.
The
Certification Agent logs service interactions via
Management Object Model (MOM) interaction
reports, for later analysis and report generation.
4. Test Instructions
This section describes how to prepare for the
Conformance tests.
4.1 Conformance Notebook
The Conformance Notebook is the information a
FUT brings to the test and is comprised of three
items:
the
Simulation
Object
Model,
Conformance Statement, and (optional) Scenario
Data.
The SOM should be submitted in OMT Data
Interchange Format as described in [5].
The CS (shown in part in Table 2) can be
submitted in hardcopy or electronically. If
submitted electronically, the CS must be an ascii
text file which contains the name of every I/F
service, indicating with YES or NO whether the
federate supports each particular service. The
following notation gives an example of the
beginning of a CS file:
createFederationExecution YES
destroyFederationExecution YES
JoinFederationExecution YES
resignFederationExecution YES
requestPause NO
initiatePause NO
…
The last part of the Conformance Notebook is
the Scenario Data. This part of the Conformance
Notebook is optional and is not required for
conformance testing. The purpose of Scenario
Data is to assist the Certification Agent in
developing the RepSOM for the FUT. It is
recognized that developing a scenario which
satisfies the requirements of the Test Sequence
can be both labor intensive and costly for some
federates. It is not the intent of the RepSOM test
to add cost and complexity to conformance
testing. Therefore a federate can submit existing
Scenario Data in its Conformance Notebook to
aid the Certification Agent in developing a Test
FOM test that meets the objectives of the
conformance tests. The format for submitting
the scenario data is shown in Figure 3.
Figure 3: Scenario Data Format, v 0.1, 25 April 1997
(Scenario (meta-data)
(Objects
(Object_name instance_count controlled
(Attrib_name transferred acquired)
(Attrib_name transferred acquired)
.....
)
)
(Interactions
(Interaction_name controlled
(Parameter_name)
(Parameter_name)
....
)
)
)
4.1.1 Interface Test Set-Up
On test day, the FUT shall be prepared to
execute the test sequence using the version of the
RTI instrumented for testing. The federate
developer must show the testing representative
all configuration files relevant to the test.
To conduct a test for the interface specification,
at least two federates are required. The first
federate is the FUT, which contains the
implementation being tested. The second and
subsequent auxiliary federates are present, as
required by the FUT, to demonstrate the test
sequence. For example, the FUT may be
designed to function in a federation with others
like itself, therefore, multiple instances of the
FUT are could be used as auxiliary federates. If,
on the other hand, a FUT is designed to work as
a specialized subsystem within a broader
framework, the FUT would require a sufficiently
sophisticated set of auxiliary federates to provide
all necessary input and output for the test
sequence. In either case, it is the responsibility
of the federate developer to ensure that all
necessary auxiliary federates are present and
operating during each test period.
For the purpose of conformance testing, a
specially configured federate, referred to as the
Test Utility, must also be present and performs
federation management activities during the test
period.
The Test Utility subscribes to
Management Object Model level attributes to
record service interactions between the FUT and
the RTI.
The FUT and Test Utility are
connected via the RTI, as shown in Figure 4.
FUT executes test sequence using
scenario and auxiliary federates,
as required
Test Utility joins federation and
logs service invocations using
MOM
Auxiliary
Federates present
during testing
IF Test
Sequence
Test
Utility
FUT
Service Interaction
Report Log
MOM data is then
analyzed using
Nominal and
RepSOM data
Analysis
RTI
IF Test Report
IF Test Report
is generated
Figure 4: Interface Test Configuration
Along with the environment data submitted in
Step 3, the FUT submits the .rid and .fed
file used to initialize the RTI. The Test Utility is
configured to operate in the execution with the
FUT.
During the start of the test period, the Test
Utility is initialized and joins the execution after
the FUT has created and joined the federation
execution. The Test Utility initializes and begins
logging service invocations via MOM [9] service
interaction reports. Upon completion of a test
sequence, the logging may be stopped at any
time, and the test log is immediately labeled and
stored for post processing.
The final step of the interface testing involves
the post processing of the test logs. The
Interaction Report Post Processor tool is
designed to reduce and analyze Service
Interaction Report Logs to determine whether
each service in the test sequence was
demonstrated and whether the classes,
interactions, and attributes specified in the
RepSOM were demonstrated.
5. Certification Summary Report
Once the conformance tests are completed, the
Certification Agent generates a Certification
Summary Report (CSR), as shown in Figure 5.
The CSR stands as the official record of
conformance testing. Once the Certification
Agent has verified the data as correct, and the
FUT has successfully completed all tests, the
Certification Agent can certify the FUT is HLA
Compliant.
Federate Under Test Information
Name
Version Number
Developer’s Point of Contact for Testing
Test Configuration
RTI Federation Executive (fedex) Host
Application Programmer’s Interface (API) Used
Federate Hardware
Federate Software
.fed and .rid Files
Test Results
Object Model Tests
Pass/Deficiencies with comments
Conformance Cross-Check Tests
Pass/Deficiencies with comments
Interface Tests
Pass/Deficiencies with comments
Supporting Information
SOM (in DIF)
Conformance Statement
Test FOM
Test Sequence
Figure 5: Certification Summary Report
[6]
6. References
[1]
[2]
[3]
[4]
[5]
Knightson,
K.:
OSI
Protocol
Conformance
Testing:
IS
9646
Explained, McGraw-Hill, New York,
1993.
Defense Modeling and Simulation
Office, High Level Architecture
Interface Specification, Version 1.1, 4
February 1997.
Defense Modeling and Simulation
Office, High Level Architecture Object
Model Template, Version 1.1, 12
February 1997.
Defense Modeling and Simulation
Office, High Level Architecture
Compliance Checklist, Version 1.1, 2
March 1997.
Defense Modeling and Simulation
Office, High Level Architecture Object
Model Template Data Interchange
Format, Version 1.2, 10 March 1997.
[7]
[8]
[9]
Defense Modeling and Simulation
Office, High Level Architecture Object
Model Template Test Procedures,
Version 1.0, 5 September 1996.
Aegis Research Corporation, Software
Design Specification for OMDT
Version 1.0 Beta, Module Consistency
Checker, 27 February 1977.
Defense Modeling and Simulation
Office, High Level Architecture
Interface Specification Test Procedures,
Version 1.1, 25 April 1997.
Defense Modeling and Simulation
Office, High Level Architecture
Management Object Model, Version
0.2, 17 October 1996.
Download