Unintended Acceleration...

[Oppie]

With all the revelations coming out of the Toyota unintended acceleration
trials, it's got me thinking about how fewer and fewer "ignition switches"
directly control the engine. More and more we see drive by wire and ignition
switches that are simply logic inputs to the Engine Control Unit (ECU). ECU
goes haywire and all bets are off.

I was thinking of putting a Estop kill switch in series with the fuel pump.
Minimally invasive to other systems and will shut the engine down in short
order. Would be in series with the pump and after the control relay, one
less thing to get stuck. Some vehicles I've seen in the past have dual fuel
pumps; one in-tank and an external booster pump. Both should get
interrupted.

Thoughts?

 

[tm]

With all the revelations coming out of the Toyota unintended acceleration
trials, it's got me thinking about how fewer and fewer "ignition switches"
directly control the engine. More and more we see drive by wire and
ignition switches that are simply logic inputs to the Engine Control Unit
(ECU). ECU goes haywire and all bets are off.

I was thinking of putting a Estop kill switch in series with the fuel
pump. Minimally invasive to other systems and will shut the engine down in
short order. Would be in series with the pump and after the control relay,
one less thing to get stuck. Some vehicles I've seen in the past have dual
fuel pumps; one in-tank and an external booster pump. Both should get
interrupted.

Thoughts?

Not a bad idea. Also serves as a anti-theft device if hidden somewhere.

tm

 

[tm]

Since the fuel injection system is pressurized, it might _not_ "shut
the engine down in short order".

For an emergency shutdown I'd try to somehow shut off the ignition.

...Jim Thompson

But it is a pressurized liquid. There is no stored potential energy like a
compressed air system.

Stopping the pump will kill the engine in seconds.

 

[Oppie]

Accidental engine shutdown -> no power brakes and no power steering.

VLV

The rationale was that power to the ECU might be supplied by several
circuits plus any possible parasitic power sources that may keep it
energized. Too much possible interaction that will vary from one vehicle's
implementation to another. Working here on the KISS principle. Interrupting
the fuel source seems reasonable.

Many cars are electric assist steering. Engine loss will not affect steering
in that case. With hydraulic assist, yes, it does get more difficult - but
not impossible to steer. Particularly true when you are still moving.

Most brakes are still vacuum assist. On all cars I've tried it on, if you
keep pressure on the brake and not take your foot off, there is adequate
safety margin to bring the car to a stop. Worst case, pumping the brake
(foot totally off and then on again) I usually see at least 5 cycles before
boost is lost. After this, you put two feet on the brake pedal and push
HARD.

Oppie

 

[Oppie]

The rationale was that power to the ECU might be supplied by several
circuits plus any possible parasitic power sources that may keep it
energized. Too much possible interaction that will vary from one vehicle's
implementation to another. Working here on the KISS principle.
Interrupting the fuel source seems reasonable.

Regarding parasitic power sources- think of the engine run-on condition that
was a problem in the late 60s and into the 70s.

A parasitic power source supplied limited power to the ignition coil when
the engine was running and the ignition switch was turned off. Supplied from
the battery through the closed alternator field coil relay, through the
alternator idiot light and into the ignition coil. In that case the fix was
to add a diode in the idiot light circuit (oriented so the light would come
on when the key was in run and engine not started). Fixed quite a few
run-ons that way.

 

[Oppie]

Since the fuel injection system is pressurized, it might _not_ "shut
the engine down in short order".

There ARE some systems that use a fuel pressure accumulator akin to the
expansion tank on a hydronic heating system or pressure tank on a well-pump
water system. In this case, it would take some time to deplete the stored
volume. At WOT (wide-open-throttle) this interval is likely to be minimal.

Oppie

 

[Oppie]

I don't if that will work either. Been awhile since I did automotive,
but my designs would drop to a default timing regimen if the sensor
was lost.


Yep. If it has mechanical injector pumping... who knows how you stop
it :-(

Reminds me of a late '70's event with a Chrysler product rented from
AVIS while on a family Disneyland trip. Driving down from LAX, the
accelerator pedal kept sticking.

When we got to our hotel, I called AVIS and told them of the problem.
They allowed as how they could get me a replacement vehicle by late
the next afternoon.

I allowed as how that was OK... if the car tried to run away on me
again, I'd just take it out of gear and blow the f***ing engine.

Had a replacement car in 20 minutes >:-}

Love the diesel rental story!
I worked on diesels long ago though mostly industrial stationary units.
Those had all mechanical pumps and injectors. The only electric item was a
fuel shut-off solenoid. Of course, if you had a leak in your turbocharger
seals and lube oil got sucked into the intake, the engine would run away.
Often thought about putting in a backup butterfly in the intake to choke off
air induction or a compression release.

For the crank sensor. Again, it goes through the ECU and like you said, it
may go to limp home parameters. Most engines use the crank sensor to enable
the fuel pump. No signal and the pump stops... if the ECU is in it's right
mind.

 

[tm]

That depends on how many flexible hoses there are in the system, and
whether there's an accumulator somewhere. I doubt the accumulator -- but
hoses, and even steel pipes, will flex a bit, as will the liquid itself.

Barring an accumulator (which I doubt is there), at full throttle there's
probably not enough spring in there to cause problems.

It's probably gentler on the engine to cut the ignition -- cutting the
fuel means it stops lean, hot, and without lubrication to valves and
injectors.

All the better. Toyota will replace everything then, maybe even a new car.

Also, at wide open throttle, cutting the ignition may not stop it from
dieseling. Cutting the fuel will. And at w-o-t, it won't run for long.

 

[Oppie]

It might increase your chances of a serious accident.. consider the
small chance of the factory setup failing in a bad mode, vs. the
chance of your home-made mod failing so as to kill the engine at an
inopportune time.

I'd rather be alive and wrong than dead and right.

 

[Ecnerwal]

But it is a pressurized liquid. There is no stored potential energy like a
compressed air system.

Stopping the pump will kill the engine in seconds.

True. Went over a bump one day in a VW Rabbit, croaked, in a very
direct, noticeable, no long delay manner. Had wrong fuse in fuel pump,
the bump had been the last straw for it. Pulled the fuse from the fan,
put it in the fuel pump, got home, bought spare fuses. Not sure who the
guilty party was on the wrong fuse, though I'd bet the dealer.

 

[Spehro Pefhany]

Not a bad idea. Also serves as a anti-theft device if hidden somewhere.

tm

It might increase your chances of a serious accident.. consider the
small chance of the factory setup failing in a bad mode, vs. the
chance of your home-made mod failing so as to kill the engine at an
inopportune time.

 

[Oppie]

Yes, the funny thing about that lawsuit was that NASA experts had looked a
the thing and
concluded it was OK....
No wonder they need Russian taxies.

NASA from what I understand, got all their information from what Toyota
chose to furnish. In the Oklahoma trial, expert witnesses actually got
source code to analyze.

http://www.edn.com/design/automotiv...a4112a4dfa967142852fed7c13&elqCampaignId=2082

http://www.eetimes.com/document.asp...&fb_source=other_multiline&action_object_map={%2210201648823856545%22%3A223060667870311%2C%2210201647359779944%22%3A559431030795004}&action_type_map={%2210201648823856545%22%3A%22og.likes%22%2C%2210201647359779944%22%3A%22og.likes%22}&action_ref_map=[]

 

[Oppie]

I coined the "limp home" phrase while working with GM in the late
'60's - early '70's.

They were so panicked by Californica smog standards that they wanted
the ignition to simply die if the sensor was lost.

I refused to be a party to such a fiasco, arguing someone could die if
the engine quit at just the wrong moment, and suggested the "limp
home" method. When they realized I'd simply bow out and rat ("whistle
blow" in modern lingo on the whole scheme they agreed with me.

I'm well aware of your involvement in the auto industry Jim. Didn't know
that about you and limp-home though. Got to respect someone that stands by
their principles and refuses to cave. Does help to be a certifiable genius
and irreplaceable.

 

[Don Y]

With all the revelations coming out of the Toyota unintended
acceleration trials, it's got me thinking about how fewer and fewer
"ignition switches" directly control the engine. More and more we see
drive by wire and ignition switches that are simply logic inputs to the
Engine Control Unit (ECU). ECU goes haywire and all bets are off.

I was thinking of putting a Estop kill switch in series with the fuel
pump. Minimally invasive to other systems and will shut the engine down
in short order. Would be in series with the pump and after the control
relay, one less thing to get stuck. Some vehicles I've seen in the past
have dual fuel pumps; one in-tank and an external booster pump. Both
should get interrupted.

You still have pressure in the lines. And, a carbureted engine
still has fuel in the bowl! A *second* of continued operation is
enough to drive you into that wreck!

Thoughts?

I've gone through a similar exercise with "theft prevention" in mind
(aftermarket being far preferable to factory installed as it would
be less ubiquitous -- less likely to be a "known" to a would-be thief),

In your specific case, "neutral" is your friend! :>

The biggest risk associated with uncontrolled acceleration, et al.
is that it can *move* the vehicle without your control. You want
to disconnect the engine from the drive train without losing everything
that the engine also provides (brakes, steering).

Drop car into neutral (which, IME, is possible on *any* vehicle
at any speed) and let the engine race. Worst case, you throw a
rod, need a new engine -- but walk away from an *avoided* accident!

And, it doesn't cost you a penny to implement! ;-)

 

[tm]

Modern ignitions know when to fire the spark (and turn on the injector)
because of the crank position sensor. If you lose that, the computer has
no idea where the crank is.

Trying to "free run" the ignition would soon lead to it getting out of
sync with the crank, meaning that before the engine died entirely you'd
get some very interesting pops and bangs and possibly tongues of flame
out of various orifices before the inevitable happened and the engine
stopped turning.

--

Tim Wescott
Wescott Design Services
http://www.wescottdesign.com

I know some engines have more than one sensor for timing. There is a crank
position sensor for TDC and also a valve timing sensor.

If one fails, it is still possible to fire the plugs in a usable manor.

 

[Lasse Langwadt Christensen]

Den torsdag den 31. oktober 2013 22.30.21 UTC+1 skrev Jim Thompson:

It's been 30 years since I last did any serious ignition stuff, but

there used to be a coarse position indicator on the flywheel to handle

such events.

the is only one sensor hall/reluctance looking at a wheel with teeth,
the Bosch timing wheel is 60 teeth with 2 missing, japanese i think
36 one missing and there is a few others

so with out the software continuously looking at the timing of the teeth
and finding the missing ones it doesn't even know where the crank is

Also, are you forgetting that the distributor (if there is any such

animal in multi-coil designs) knows where you are (roughly).

doubt there is any distributors left, everything is wasted spark
or coil on plug

some have a cam sensor because for some number of cylinder or
odd cylinder angles it is important to know which in which stroke to
fire, and it can be good know to do injection in intake
or exhaust stroke at some loads one might be better than the other

I believe some ECU do with out a cam sensor and find the stroke by
looking the varying speed of the crank at low rpms

I don't know how they handle keyless but with Bosch has always been
KL30 is permanent power, KL15 is ignition key switched power and that
is what powers ignition coils and injectors


-Lasse

 

[Paul E Bennett]

Don Y wrote:

[%X---stuff on Toyota Unintended acceleration event -- %X]

I've gone through a similar exercise with "theft prevention" in mind
(aftermarket being far preferable to factory installed as it would
be less ubiquitous -- less likely to be a "known" to a would-be thief),

In your specific case, "neutral" is your friend! :>
Absolutely.

The biggest risk associated with uncontrolled acceleration, et al.
is that it can *move* the vehicle without your control. You want
to disconnect the engine from the drive train without losing everything
that the engine also provides (brakes, steering).

Drop car into neutral (which, IME, is possible on *any* vehicle
at any speed) and let the engine race. Worst case, you throw a
rod, need a new engine -- but walk away from an *avoided* accident!

And, it doesn't cost you a penny to implement! ;-)

I have had cars with mechanical failures of the clutch, throttle linkage and
accelerator pedal springs at various times. Even one with a gear-box that
decided to be extremely random about which gear it would let you have. All
still limped home for remedial work OK. All of the recovery actions that
should be common sense to all drivers (sadly it does not seem to be) always
worked well enough for me. This was, however, before the ECU became an
addition to the vehicles. Only had a failed hydraulic clutch system since
then and still managed to get that home as well.

Now consider the emergence of the Electric Vehicles into the general
populace. Having loked for the current "Construction and Use Regulations
(UK), there was only mention of the charging points for such vehicles.
Thankfully the United Nations has something (see UN100):
"5.2.2.3 Unintentional acceleration, deceleration and reversal of the drive
train shall be prevented. In particular, a failure (e.g. in the power train)
shall not cause more than 0.1m movement of a standing unbraked vehicle."

Perhaps this should apply to all vehicles anyway.

--
********************************************************************
Paul E. Bennett IEng MIET.....<email://[email protected]>
Forth based HIDECS Consultancy.............<http://www.hidecs.co.uk>
Mob: +44 (0)7811-639972
Tel: +44 (0)1235-510979
Going Forth Safely ..... EBA. www.electric-boat-association.org.uk..
********************************************************************

 

[tm]

You still have pressure in the lines. And, a carbureted engine
still has fuel in the bowl! A *second* of continued operation is
enough to drive you into that wreck!


I've gone through a similar exercise with "theft prevention" in mind
(aftermarket being far preferable to factory installed as it would
be less ubiquitous -- less likely to be a "known" to a would-be thief),

In your specific case, "neutral" is your friend! :>

The biggest risk associated with uncontrolled acceleration, et al.
is that it can *move* the vehicle without your control. You want
to disconnect the engine from the drive train without losing everything
that the engine also provides (brakes, steering).

Drop car into neutral (which, IME, is possible on *any* vehicle
at any speed) and let the engine race. Worst case, you throw a
rod, need a new engine -- but walk away from an *avoided* accident!

And, it doesn't cost you a penny to implement! ;-)

Does the transmission selection go through the computer on some of these
vehicles?

 

[Don Y]

Hi Paul,

Don Y wrote:

[%X---stuff on Toyota Unintended acceleration event -- %X]

I've gone through a similar exercise with "theft prevention" in mind
(aftermarket being far preferable to factory installed as it would
be less ubiquitous -- less likely to be a "known" to a would-be thief),

In your specific case, "neutral" is your friend! :>

Absolutely.

It always amazes me how easily people seem to panic/lose all
sense of reason in these situations! :-(

I have had cars with mechanical failures of the clutch, throttle linkage and
accelerator pedal springs at various times. Even one with a gear-box that
decided to be extremely random about which gear it would let you have. All
still limped home for remedial work OK. All of the recovery actions that
should be common sense to all drivers (sadly it does not seem to be) always
worked well enough for me. This was, however, before the ECU became an
addition to the vehicles. Only had a failed hydraulic clutch system since
then and still managed to get that home as well.

I once lost a wheel bearing in one of the front rotors (disintegrated).
The wobble in the rotor was enough to forcibly drive the calipers
apart rendering the hydraulics useless.

I discovered this in rush-hour freeway traffic while driving in the
left lane (65+). And, still quick-witted enough to think of stomping
on the "parking brake" before ass-ending the bloke in front of me!
*And* aware enough of the latching nature of that mechanism (a pedal
in my case) to simultaneously reach down and grab the "ratchet release"
so the pedal didn't stay locked.

I drove the 20 miles home "hunched over" so I could keep my hand on
that release to "unapply" the brake each time I stepped on it! :-/

Thankfully, didn't mangle the spindle so it just cost me a rotor
and bearing (and an hour of my time)! Though, in the process,
discovered that the shop I had brought the car to many years before
had neglected to re-install one of the components that allowed the
"parking brake" to work correctly -- which accounted for its
poor performance in this situation! (maybe a GOOD thing?)

That was the event that convinced me not to let anyone work on
my vehicles -- regardless of how "easy"/routine the task! :<

Now consider the emergence of the Electric Vehicles into the general
populace. Having loked for the current "Construction and Use Regulations
(UK), there was only mention of the charging points for such vehicles.
Thankfully the United Nations has something (see UN100):
"5.2.2.3 Unintentional acceleration, deceleration and reversal of the drive
train shall be prevented. In particular, a failure (e.g. in the power train)
shall not cause more than 0.1m movement of a standing unbraked vehicle."

Perhaps this should apply to all vehicles anyway.

Doesn't say anything about how you can "enforce" a "brake". Or,
disengage the drive if it doesn't want to! (would they call that
"unintended ignorance of intended operations"?? :> )

When things *work* is not when you have the problems! :-/

 

[Don Y]

Does the transmission selection go through the computer on some of these
vehicles?

Ouch! That would be unfortunate!

"Open the pod bay doors, HAL."