The firmware needs some diagnostic logic to determine when sensors have failed, have been unplugged or whatever. OEMs often implement what is known as limp mode to allow the car to be driven to the dealership for repair.
There are very few items already implemented and many that should be implemented.
First there needs to be some settings to define what is outside of the acceptable range for various sensors. For example some cars will not need a MAT sensor installed so we need to skip over its check.
We need to implement a check engine light feature. This is especially important in some areas with emissions testing because a functioning CEL is necessary. They turn the ignition on and if the CEL does not illuminate the car will fail. Next we need to define some flash codes like OEM computers to alert the user. Not everyone has an LCD installed.
What if critical sensors such as the MAP fails or becomes unplugged?
I firmly believe we should kill the engine right there. Currently the system defaults to 100kpa and tries to inject fuel based on that. Many engines will simply die and in normal driving the first instinct is to lift the throttle when something starts "acting up". So you lift the throttle and it dies.
Try to restart it will flood. Even if you hold the gas down you're more likely to foul the plugs. Now you're left on the side of the road and it will be necessary to at least remove all the plugs and wire-brush them to restart the engine.
One other change to this area of the code that I recommend is automatically hitting fuel cut when the sensor is railed. The reason being if we pass above that the ECU will never know and the user will quite likely end up with a blown engine. Consider one tuned to 2bar absolute. The wastegate line pops off. The tuner should have a maxkpa configured anyway but the boost will fly up another 0.5 bar to the maximum of their 2 bar sensor and it will cut. Otherwise the engine quite likely will continue until the internals become afraid of the pressure and try to escape via the side of the block. I've seen this happen many times.
(mcel enter your argument here.)
With CLT there may need to be some generic value chosen. For cold startup we could use the MAT value if configured. This should at least allow cranking and startup to occur properly. No telling after the engine has run for a minute and is still cold. In my experience it should be able to be kept going with your foot.
WBO2 failure is definitely a situation to detect as these sensors do have a fixed life. Mcel can probably tell us how best to detect failure.
What other failures do we have to deal with?