Fail Safe and Limp Modes

Unlike aftermarket systems OEM ECUs must continue to run even when faults occur, both to prevent inconvience to the driver and to meet safety legislation. In the worst case a vehicle should be able to limp to the side of a road even when the main processor has failed. Manufacturers use different terms for these modes and that has caused confusion on some internet sites. Suzuki generally use the terms 'Fail Safe' and 'Limp Mode' although on some early models 'Back-Up Mode' is used instead of limp mode; limp mode should not be confused with what other manufacturers describe as 'Limp Home Mode' which is essentially the same as fail safe mode.

It is important for tuners to understand these modes and it is also useful for diagnosing faults.

Limp Mode

Limp Mode is implemented in hardware and will very rarely ever occur, this mode is not intended to let you start the vehicle or to drive home, it is intended to keep a vehicle running long enough to allow it to be stopped at a place of safety.

Limp Mode is entered when the ECU's safety supervisor or watchdog chip detects a failure of the main processor. The safety supervisor then forces the main processor into reset and signals from the limp circuitry are then switched in to drive the injector(s) and ignition based on the Crank Angle Sensor and MAP/MAF or TPS signals. The limp circuitry implements an extremely crude control method and is often implemented by a special integrated circuit. The image below shows the limp chip (IC201) in an early Denso ECU:

A vehicle will not usually start in Limp Mode.

Fail Safe Mode

There are a multitude of Fail Safe Modes which are implemented in software. When a sensor or actuator failure is detected then the ECU will substitute a default value stored in memory and it may disable some emission functions, it may also switch to a different fuelling or timing algorithm using another sensor; in almost all cases the ECU will disable closed loop running. The diagnostic link on some ECUs will continue to report the measured value but others will report the Fail Safe value and in a number of cases there may be no discernable change to the way that the vehicle runs except for the Check Engine Light/MIL being illuminated or a high idle speed. The CEL may not be lit if the cause of the problem can not be determined by the ECU, for example if the ECU cannot control idle speed but has not detected a sensor fault. When tuning an ECU it may be necessary to modify the values at which the ECU determines a fault to prevent a fail safe mode from becoming active when there is no fault.

There will be at least one fail safe mode for each of the sensor or actuator faults that can be detected; the Factory Service Manual will give some detail on these but the descriptions are rarely comprehensive and code analysis is the only way to gain complete understanding. The fail safe table for an M13A engined Suzuki Jimny is given below:

A vehicle will start and run while in fail safe mode.

Fail Safe Mode and the O2 sensor

When the ECU is in fail safe mode closed loop operation will be disabled however, despite a common misconception, in many cases the O2 sensor will continue to switch between approx. 0.1V and 0.9V. If an oscilloscope is used to observe the waveform then it will be seen to switch very quickly with a 50% duty cycle. When using an OBD1 scan tool the O2 sensor reading will be observed to be switching, the Rich/Lean flag will be stable and the Short Term Fuel Trim will not change despite the engine being fully warmed up. An OBD2 scan tool will indicate that the ECU is not in closed loop.

Fail Safe Mode and the idle speed

Probably the simplest form of fail safe is when the ECU cannot control the idle speed. If no fault is detected with any of the sensors then the idle speed may be raised to one of several default values and closed loop will be disabled. The CEL will not be lit if the cause of the bad idle is not known. A scan tool may detect the O2 sensor acting as described above, and an OBD1 capable scan tool will report a high target idle speed.