This is a feature I get asked about many times each year. People want their car to shut off when something is not working right. As shutting down the engine can easily cause an accident a rev limit and boost cut is a better option.

Before this will work the lambda warning system (which is useless at this time) must be improved. After a short consideration I think that we need two hardcoded tables as described below.

kpa      Margin over Lambda target    Time to light     Time to trigg limiter(0=infinity)
<50kPa   No light or safety shutdown
<110kPa  +0,1  lambda                    1.0s            4.0s
<150kPa  +0,1  lambda                    1.0s            2.0s
<200kPa  +0,05 lambda                    0.5s            1.0s
<250kPa  +0,05 lambda                    0.5s            1.0s
<300kPa  +0,05 lambda                    0.5s            1.0s

The less strict table could have twice as high margin before it triggs the safety limiter, the less strict table should be the default.

The above changes are the most important as the lambda warning is usless now!

The different fault conditions severity require different safety measures. Using hardcoded rev limits could also help diagnose the problem.

The lambda warning can be safely handled with a 130kPa fuel cut and a 3000rpm rev limit. Below that it is reasonably hard to damage the motor with bad lambda.

The water temp warning on the other hand is different, at 110C the above mentioned 3000rpm, 130kPa limits is a good start. But at 115-120C we need to be more restrictive to make sure that it is noticed. Maybe a 1500rpm limit. A special condition is when the car has been idling for at least 15 seconds, shutting down the engine at 120C then when it is idling is unlikely to cause an accident and it is also the condition that most often cause engine damage because of overtemp. The shutdown should not be allowed to occur before the engine has been running for a minute for safety reasons, you may need to move the car without regard for engine health.

The EGT limit can be hard coded 50C above the warning light temperature and a 130kPa boost limit in addition to a 5000rpm rev limit should be sufficient to lower the temp and to notify the driver that there is a problem.

Intake Air Temperature needs to be added to the warning light menu. Only the 130kPa limit is needed.

Oil Pressure needs to be added. This needs two trigg levels, one at <3000rpm and one >3000rpm. The 130kPa and 3000rpm limit is sufficient in the >3000rpm case. The <3000rpm oil pressure level limiter is harder, we must shut the engine off in that case. Just as for the high water temp we must treat the shutdown carefully because of the safety concerns, allowing the engine to run for 30 seconds with a rev limit of 1500rpm after startup without oil pressure should be allowed as the engine health may need to be disregarded for safety reasons.