4.6: MLE-SWE Integration Patterns

What You'll Learn

Here's what you'll take away from this section:

  • Integrate ML models with traditional embedded software
  • Design interfaces between ML and SW components
  • Manage MLE-SWE process interactions
  • Apply safety patterns for ML-enabled systems

Integration Architecture

System Architecture with ML

The diagram below shows how ML components integrate into the overall system architecture, highlighting the inference engine, data preprocessing pipeline, and fallback mechanisms.

ML-Enabled System Architecture

Interface Design Patterns

Pattern 1: Synchronous Inference

/**
 * @file ml_perception_service.h
 * @brief ML Perception Service Interface
 * @pattern Synchronous inference call
 */

#ifndef ML_PERCEPTION_SERVICE_H
#define ML_PERCEPTION_SERVICE_H

#include "Std_Types.h"
#include "ml_detection_interface.h"

/*===========================================================================*/
/* SERVICE API                                                                */
/*===========================================================================*/

/**
 * @brief Run perception cycle (synchronous)
 * @param image Input camera image
 * @param result Output perception result
 * @return E_OK on success
 * @timing Max 100ms (including preprocessing)
 *
 * @note Blocks until inference complete
 * @trace MLE-ADAS-002, SWE-ADAS-050
 */
Std_ReturnType Perception_RunCycle(
    const Camera_ImageType* image,
    Perception_ResultType* result
);

#endif

Pattern 2: Asynchronous Pipeline

/**
 * @file ml_perception_async.h
 * @brief Asynchronous ML Perception Pipeline
 * @pattern Producer-consumer with double buffering
 */

#ifndef ML_PERCEPTION_ASYNC_H
#define ML_PERCEPTION_ASYNC_H

/*===========================================================================*/
/* ASYNCHRONOUS API                                                           */
/*===========================================================================*/

/**
 * @brief Submit image for inference (non-blocking)
 * @param image Input image
 * @param request_id Output request identifier
 * @return E_OK on queued, E_NOT_OK on queue full
 */
Std_ReturnType Perception_SubmitAsync(
    const Camera_ImageType* image,
    uint32* request_id
);

/**
 * @brief Check if result ready
 * @param request_id Request to check
 * @return TRUE if result available
 */
boolean Perception_IsResultReady(uint32 request_id);

/**
 * @brief Get inference result
 * @param request_id Request identifier
 * @param result Output result
 * @return E_OK on success, E_NOT_OK if not ready
 */
Std_ReturnType Perception_GetResult(
    uint32 request_id,
    Perception_ResultType* result
);

/**
 * @brief Register result callback
 * @param callback Function to call when result ready
 */
void Perception_RegisterCallback(Perception_CallbackType callback);

#endif

Pattern 3: Safety Wrapper

Note: ML_InputType, ML_ResultType, and related types should be defined in a common types header.

/**
 * @file ml_safety_wrapper.h
 * @brief Safety wrapper for ML inference
 * @pattern Watchdog + fallback mechanism
 */

#ifndef ML_SAFETY_WRAPPER_H
#define ML_SAFETY_WRAPPER_H

#include "ml_detection_interface.h"  /* For ML_InputType, ML_ResultType */

/*===========================================================================*/
/* SAFETY CONFIGURATION                                                       */
/*===========================================================================*/

/** @brief Maximum allowed inference time */
#define ML_SAFETY_TIMEOUT_MS        (50U)

/** @brief Maximum consecutive failures */
#define ML_SAFETY_MAX_FAILURES      (3U)

/** @brief Minimum confidence for valid detection */
#define ML_SAFETY_MIN_CONFIDENCE    (0.5f)

/*===========================================================================*/
/* SAFETY API                                                                 */
/*===========================================================================*/

/**
 * @brief Safe inference with timeout and fallback
 * @param input Input data
 * @param result Output result (may be from fallback)
 * @param source Output: ML_SOURCE_INFERENCE or ML_SOURCE_FALLBACK
 * @return E_OK on success (from either source)
 *
 * Safety behavior:
 * - If inference exceeds timeout: Use previous valid result
 * - If consecutive failures exceed threshold: Set DTC, request driver attention
 * - If confidence below threshold: Mark detection as uncertain
 */
Std_ReturnType ML_SafeInference(
    const ML_InputType* input,
    ML_ResultType* result,
    ML_ResultSource* source
);

/**
 * @brief Get ML subsystem health status
 * @return ML_HEALTH_OK, ML_HEALTH_DEGRADED, ML_HEALTH_FAILED
 */
ML_HealthStatus ML_GetHealthStatus(void);

#endif

Process Integration

MLE-SWE Process Mapping

The following diagram maps MLE processes to their corresponding SWE processes, showing where work products, reviews, and verification activities align between the two process groups.

MLE-SWE Process Integration

Safety Considerations

SOTIF for ML (ISO 21448)

The diagram below illustrates Safety of the Intended Functionality (SOTIF) considerations specific to ML components, including known/unknown unsafe scenarios and the validation strategy to address them.

SOTIF Considerations for ML

Integration Testing

MLE-SWE Integration Test

# Integration test specification
integration_test:
  id: MLE-SWE-INT-001
  name: "Perception to ADAS Controller Integration"
  components:
    - ML_Detection_Module (MLE)
    - ADAS_Controller (SWE)

  test_cases:
    - id: INT-001
      name: "Normal detection flow"
      steps:
        - inject: camera_frame_with_vehicle
        - wait: 100ms
        - verify: ADAS_Controller receives detection
        - verify: detection_id matches
        - verify: latency < 100ms

    - id: INT-002
      name: "ML timeout handling"
      steps:
        - inject: camera_frame
        - inject: ml_timeout_fault
        - verify: ADAS_Controller uses fallback
        - verify: driver_warning activated
        - verify: no system crash

    - id: INT-003
      name: "Low confidence handling"
      steps:
        - inject: camera_frame_ambiguous
        - wait: inference_complete
        - verify: confidence < 0.5 flagged
        - verify: ADAS_Controller treats as uncertain

    - id: INT-004
      name: "Multi-frame consistency"
      steps:
        - inject: 30_consecutive_frames_same_vehicle
        - verify: tracking_id consistent
        - verify: no duplicate detections
        - verify: smooth position updates

Work Products

WP ID Work Product Owner
04-12 Integration architecture SWE + MLE
08-63 Integration test spec Test Team
13-63 Integration test report Test Team
17-11 Traceability record CM

Summary

MLE-SWE Integration:

  • Key Interfaces: Synchronous, asynchronous, safety-wrapped
  • Process Alignment: Parallel development with integration points
  • Safety Focus: SOTIF (ISO 21448) for ML-specific risks
  • Testing: End-to-end integration validation
  • Human Essential: Architecture decisions, safety assessment
Previous
MLE.5 ML Model Deployment
Next
Support Processes