Failure Management for Reliable Automotive Start Up Process Suguna Thanagasundram, Mark Amor Segan, Ross McMurran International Automotive Research Centre (IARC) University of Warwick Coventry CV4 7AL, UK e-mail: s.thanagasundram@warwick.ac.uk; mark.amor-segan@warwick.ac.uk; Ross.McMurran@warwick.ac.uk; R. Peter Jones School of Engineering, University of Warwick, Coventry, CV4 7AL, UK e-mail: peter.jones@warwick.ac.uk Abstract— This paper describes the work done on advanced fault management strategies at a system of systems level on the start authorization process in a vehicle. The start authorization system in a vehicle is a complicated and critical vehicle process. It manifests itself as a complex multi-stage process which involves several stages of verification and validation amongst various distributed automotive systems through the exchange of messages and signals on a common network. The behavior of the start-up process in a vehicle is inferred: 50% from interaction of signals in the data in a start up process and 50% from expert knowledge already gathered from vehicle specifications and functionality testing. A model is constructed to diagnose vehicle no-start faults in a vehicle. With data collected from real vehicles, the start authorization process is benchmarked and a nominal behavior is established. In a vehicle no-start condition, the start–up process differs greatly from this nominal behavior and the different failure modes are identified to advise the driver of the root cause of the problem. Keywords-Automotive Diagnostics; Failure Management; Electronic Controller Units (ECUs); Start Authorization Process; Rapid Control Prototyping I. INTRODUCTION Recent studies have shown that 90% of automotive innovations stem from electronics, and automotive electronics will show impressive growth in the next 4 years [1]. An average car can have as many as 40 Electronic Controller Units (ECUs); this number maybe up to 70 in an upscale luxury car [2, 3]. A typical vehicle can have four or more different types of communication networks such as CAN (Controller Area Network), Local Interconnect Network (LIN), Media Oriented System Transport (MOST) or even the latest emerging protocol based on FlexRay technology. Today’s high-end vehicles have more than 4 kilometers of wiring compared to 45 meters in vehicles manufactured in 1955 and this can support as many as 2500 signals [4, 5]. With the embracement of the concept of mechatronic products, there is an increasing integration of mechanical structures with electronics and control functionalities in the automobile industry [5, 6]. While the demand for increasing processing power and more electronic control units in a car has increased, the development of effective diagnostics systems, in particular for analysis of faults at the network level has lagged behind [7-9]. On-Board Diagnostics (OBD) in an automotive context is the generic term referring to the vehicle's diagnostic and error logging capability. OBD was originally developed with a regulatory intention to monitor the polluting emissions from a car in the early 1980s so that car manufacturers will be encouraged to design reliable emission control systems. Since the origin of OBD lies in engine control, there has been much research in fault detection through model-based, data-driven and knowledge based approaches for engine based systems [10- 13] but diagnosis of automotive faults at a network level is an area which still needs further research. In this paper, a case study of diagnostics for the start authorization process in a vehicle is studied. The start authorization in a modern vehicle today is a complicated process and involves several key automotive components integrated at the network level in this example. Typically it would involve the driver of the vehicle pressing the engine starting switch while simultaneously pressing the brake pedal for a length of time (1). Refer to Figure 1 for sequence of events in the engine start authorization process. This action invokes the engine start control system embedded in the body controller ECU which in turn carries out driver authorization via the remote key entry system of the car (2). Antennas located in the cabin of the vehicle transmit a radio frequency signal which is picked up by the key transponder carried by the driver of the vehicle and sends a response. This is done to authenticate the valid driver of the vehicle. Then preparatory validation actions are taken by the body controller ECU prior to starting the engine. It is first checked from sensors that the steering column is unlocked and if not the steering lock controller ECU permits the steering column to be unlocked (3). Additional information from the gearbox is obtained to verify whether it is in the ‘park’ or ‘neutral’ condition via the Transmission Control ECU (4). The engine is checked to see whether it is in a ready condition by the Engine Management ECU (5). The fuel pump is checked to verify that there is enough fuel to crank the vehicle and maintain the engine at the running state (6). Finally, if all these checks are completed satisfactorily, the Engine ___________________________________ 978-1-4244-8728-8/11/$26.00 ©2011 IEEE