CaaFM: Compliance-as-a-Formal-Model

CaaFM is my MTech thesis research implementation for automated MISRA-C compliance verification over embedded C software using a Multi-Layered Compliance Hypergraph. This scaffold targets a dummy embedded avionics C module and is structured to support formal compliance modeling, graph reasoning, anomaly detection, and decision support.

Architecture Overview

The framework models compliance across five interconnected layers:

1. Normative Layer (layer1_normative): Captures MISRA-C rule ontology and normative constraints.
2. Specification Layer (layer2_specification): Represents software requirements/specification entities and trace links.
3. Implementation Layer (layer3_implementation): Extracts code-level structure from C sources into graph entities.
4. V&V Layer (layer4_verification): Encodes static checks, verification outcomes, and MISRA rule evaluations.
5. Process Layer (layer5_process): Tracks lifecycle and process evidence (review, test, release, etc.).

These layers are fused into a compliance hypergraph to support:

• rule traceability across heterogeneous artifacts,
• temporal/process constraint checks (LTL-style rules),
• GNN-based anomaly scoring on compliance behavior,
• C3 charting for continuous compliance monitoring.

Research Target

This project validates MISRA-C compliance workflows on a dummy embedded avionics C module located under data/dummy_module/.

Tech Stack

• Python 3.10+
• PyTorch + PyTorch Geometric
• NetworkX + HyperNetX
• Owlready2 (OWL ontology support)
• Streamlit dashboard
• Matplotlib + Plotly visual analytics

Project Layout

Top-level package: caafm/

• config/ - runtime configuration (rules, model, chart settings)
• data/ - dummy sources, generated artifacts, serialized graphs, reports
• src/ - layered modeling, hypergraph core, reasoning, temporal, GNN, pipeline
• ontology/ - MISRA-C DCCO OWL ontology asset
• dashboard/ - Streamlit application and visual components
• notebooks/ - interactive walkthrough
• tests/ - baseline test modules

Installation

From the repository root:

cd caafm
python -m venv .venv
source .venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt

Optional editable install:

pip install -e .

Run the Pipeline

The pipeline entrypoint is scaffolded at:

• src/pipeline/run_pipeline.py

Run:

python -m src.pipeline.run_pipeline

Generated outputs are expected in:

• data/artifacts/
• data/graphs/
• data/reports/

Launch the Dashboard

streamlit run dashboard/app.py

The dashboard is intended to provide:

• layer-wise compliance visibility,
• C3 chart visual monitoring,
• root-cause-analysis (RCA) insights.

C3 Charts (Compliance Control Charts)

C3 extends classic statistical process control to compliance telemetry by combining:

• graph/verification signals from the hypergraph,
• GNN-derived anomaly scores,
• adaptive control limits (e.g., mu ± k*sigma over baseline windows).
  This supports early detection of non-compliance drift, out-of-control states, and process degradation before formal release gates fail.

Notes

• This initial scaffold provides project structure, packaging, configuration, and integration entrypoints.
• Main analytical modules are intentionally scaffold-first for phased thesis development.