Input-signal monitoring Input-signal monitoring Sensors,
Sensors,plug plug connectconnectors,ors,and and connectconnectinging lines (signal path) t
lines (signal path) to the contro the control unit (Fig.ol unit (Fig.2)2) are monitored by evaluating the input are monitored by evaluating the input sig-nal.
nal.This monitoThis monitoring strategy is capable ring strategy is capable of of detecting sen
detecting sensor errors,sor errors,short-circuits inshort-circuits in the battery-power circuit
the battery-power circuitU U BattBattand vehicle-and vehicle-ground
ground circuit,circuit,and linand line breae breaks.ks.The foThe follow- llow-ing methods are applied:
ing methods are applied:
MonitoMonitoring sensor sring sensor supply voltage upply voltage (if(if ap- ap-plicable).
plicable).
Monitoring detected values for permissi-Monitoring detected values for permissi-ble value ranges (e.g.0.5....4.5 V).
ble value ranges (e.g.0.5....4.5 V).
IfIfadditadditional inional informformation is avaation is availablilable,e,aa plausibility check is conducted using the plausibility check is conducted using the detected
detected value value (e.g.(e.g.comparison comparison ofofcrank- crank-shaft speed and camcrank-shaft speed).
shaft speed and camshaft speed).
Critical sensors (e.g.Critical sensors (e.g.pedal-travel sensopedal-travel sensor)r) are fitted in redundant configuration, are fitted in redundant configuration, which means that their signals can be which means that their signals can be directly compared with each other.
directly compared with each other.
Output-signal monitoring Output-signal monitoring
Actuators triggered by a control unit via Actuators triggered by a control unit via outpu
output stages (Fig.t stages (Fig.2) are monit2) are monitoreored.d.TheThe monitoring functions detects line breaks and monitoring functions detects line breaks and short-circuits in addition to
short-circuits in addition to actuator faults.actuator faults.
The following methods are applied:
The following methods are applied:
MonitorinMonitoring an output signal g an output signal by the out-by the out-put stage.
put stage.The electric circuit is monThe electric circuit is monitoreditored for short-circuits to battery
for short-circuits to battery voltagevoltageU U BattBatt,, to vehicle groun
to vehicle ground,d,and for open circand for open circuit.uit.
Impacts on the system by the actuator areImpacts on the system by the actuator are detected directly or indirectly by a detected directly or indirectly by a func-tion or plausibility monitor
tion or plausibility monitor..System actuSystem actua- a-tors,
tors,e.g.e.g.exhaust-gas exhaust-gas recirculatrecirculation vion valves,alves, throttle
throttle valves,valves,or whior whirl flaprl flaps,s,are are moni- moni-tored indirectly via
tored indirectly via closed-contrclosed-control loopsol loops (e.g.
(e.g.continuoucontinuous s control control variance),variance),andand also partly by
also partly by means ofmeans ofposition sposition sensorsensors (e.g.
(e.g.positposition ofion ofturbturbine geoine geometry in tmetry in thehe exhaust-gas turbocharger). with low-idle switch with low-idle switch and kickdown switch and kickdown switch
Temperature sensors Temperature sensors (charge-air, exhaust-gas, (charge-air, exhaust-gas, and engine temperature) and engine temperature)
ISO interface ISO interface (e.g. diagnostics) (e.g. diagnostics) Glow-plug control unit Glow-plug control unit Diagnosis lamp Switch inputs (clutch
Switch inputs (clutch switch, terminal 15, switch, terminal 15, vehicle-speed controller) Sensors and setpoint generators
Sensors and setpoint generators ECUECU ActuatorsActuators
Signal processing
Rail-pressure control valve Rail-pressure control valve High-pressure pump High-pressure pump
Additional output stages Additional output stages Exhaust-gas recirculation System chart of an electronic system (example: common rail)
System chart of an electronic system (example: common rail)
2
Monitoring internal ECU functions Monitoring internal ECU functions Monitoring functions are implemented in Monitoring functions are implemented in contr
control-unit harol-unit hardware (dware (e.g.e.g.“intelligent“intelligent””out- out-put-stage modules) and software to ensure put-stage modules) and software to ensure that the control unit functions correctly at that the control unit functions correctly at all times.
all times.The monitoring fuThe monitoring functions check nctions check each of
each ofthe contrthe control-unit comol-unit components (e.g.ponents (e.g.
microc
microcontrollerontroller,,flash flash EPROM,EPROM,RAM).RAM).
Many tests are conducted immediately after Many tests are conducted immediately after startup.
startup.Other monitoOther monitoring functions arring functions aree performed during normal operation and performed during normal operation and re-peated at regular intervals in order to detect peated at regular intervals in order to detect compon
component failure during operation.ent failure during operation.TTestest runs that require int
runs that require intensive CPU capacityensive CPU capacity,,oror that cannot be performed during vehicle that cannot be performed during vehicle op-eration for other r
eration for other reasons,easons,are conduare conducted incted in after-run more when the engine is switched after-run more when the engine is switched off.
off.This method enThis method ensures that the sures that the otherother functions ar
functions are not interfere not interfered with.ed with.In theIn the common-rail system for diesel engines, common-rail system for diesel engines, functions such as the
functions such as the injector switchoff injector switchoff paths are tested during engine runup or paths are tested during engine runup or after-r
after-run.un.With a spark-ignition engineWith a spark-ignition engine,, functions such as the flash EPROM are functions such as the flash EPROM are tested in engine after-run.
tested in engine after-run.
Monitoring ECU communication Monitoring ECU communication As a rule,
As a rule,communcommunication with other ECUication with other ECUss takes place over the CAN bus (
takes place over the CAN bus (CControllerontroller
A
AreareaNNetwork).etwork).The CAN protocThe CAN protocol containsol contains control mechanisms to detect malfunctions.
control mechanisms to detect malfunctions.
As a result,
As a result,transmission errtransmission errors are even de-ors are even de-tectable at CAN-m
tectable at CAN-module level.odule level.A number of A number of other checks are also performed in the ECU.
other checks are also performed in the ECU.
Since the
Since the majority ofmajority ofCAN messaCAN messages are sentges are sent at regular intervals by the individual control at regular intervals by the individual control unit
units,s,the failthe failure ofure ofa CAN cona CAN controltroller in aler in a control unit is detectable by testing at control unit is detectable by testing at regu-lar
lar intervals.intervals.In In addition,addition,when when redundantredundant information is a
information is available in the ECUvailable in the ECU,,the re-the re-ceived signals are checked in the same way ceived signals are checked in the same way as all input signals.
as all input signals.
Error handling Error handling Error detection Error detection
A signal path is categorized at finally A signal path is categorized at finally defec-tive if
tive ifan error ocan error occurs over curs over a definite perioda definite period of
oftimetime..UnUntil thtil the defee defect is cact is categotegorizedrized,,thethe system uses the last valid value
system uses the last valid value detected.detected.
When the defe
When the defect is categorized,ct is categorized,a standby a standby function is trig
function is triggered (e.g.gered (e.g.engine-tempera- engine-tempera-ture substitute value
ture substitute valueT T = 90= 90°C)°C)..
Most errors can be rectified or detected Most errors can be rectified or detected as intact during
as intact during vehicle operatiovehicle operation,n,providedprovided the signal path
the signal path remains intact for a definiteremains intact for a definite perio
period d ofoftimetime.. Fault storage Fault storage
Each fault is stored as a fault code in the Each fault is stored as a fault code in the non-volatile
non-volatile area ofarea ofthe data memthe data memory.ory.
The fault code also describes the fault type The fault code also describes the fault type (e.g.
(e.g.shortshort-cir-circuit,cuit,line break,line break,plauplausibilsibilityity,, value range exc
value range exceeded).eeded).Each fault-code inpuEach fault-code inputt is accompanied by
is accompanied by additional information,additional information, e.g.
e.g.the operating and enthe operating and environmental cvironmental con- on-ditions (fr
ditions (freeze frame) eeze frame) at the time at the time ofoffaultfault occurren
occurrence ce (e.g.(e.g.engine engine speed,speed,engine engine tem- tem-perature).
perature).
Limp-home function Limp-home function If
Ifa fault is deteca fault is detected,ted,limplimp-home str-home strategiategieses can be triggered in addition to
can be triggered in addition to substitutsubstitutee values (e.g.
values (e.g.engine output powengine output power or speeder or speed limited).
limited).These stratThese strategies help to:egies help to:
Maintain driving safety Maintain driving safety
Avoid consequential damageAvoid consequential damage
Minimize exhaust-gas emissionsMinimize exhaust-gas emissions
88
88 Fault diagnosticsFault diagnostics Monitoring during vehicle operation (on-board Monitoring during vehicle operation (on-board diagnosis)diagnosis)