Thank you for the clarifications. My setup will use an ECUMaster battery isolator with the 12v Enable circuit turning on the EMU Pro, an ADU, and (2) Hardwire Electronics PDMs. There will be a mechanical master power switch for the battery isolator and a blink keypad used for startup.
From the driver’s perspective, they should get in the car and activate the master power switch (all our race series requires re-fueling to be done with master power switch de-energized). This will turn on the ADU, keypads, PDMs, and ECU. I consider this a pre-ignition state. It allows the electronics to be safely enabled and controlled without anything that might blow the engine up or set the car on fire being energized; at this point the light on the Blink Button is Red.
The driver would press the START/STOP button on the blink keypad once, which will cause the PDMs to energize the Ignitors, Injectors, VVT, and WBO heater circuits; as well as have the primary pressure fuel pump prime the fuel system. The fuel pump should shut down when it successfully achieves and holds 42 PSI for 1 second. If the fuel pump has a runaway condition (either running up significantly over the 42 psi, indicating a failure of the fuel regulator or a disconnected dry-break, or failing to produce 42 psi in a reasonable time, indicating a leak or other failure) then the PDM will shut down the fuel pump and the ignition circuits above then display an alarm on the ADU and the system returns to pre-ignition state. There are fuel pressure sensors at both the regulator (last stop before returning to tank) and at the pump source (first stop as it leave the pressure pump). I will use differential data between them to look for any indications of a fuel system failure (leak or disconnected dry break or something else that could be a disaster).
Assuming the fuel pump successfully primes the fuel system (and none of the ignition circuits trip) then the light on the Blink START/STOP button changes from red to yellow indicating the engine is ready to start. At this point the driver presses the button again and if the driver has NOT depressed the clutch pedal then the IGN circuits are switched off and the system returns to the pre-ignition state. If the clutch was depressed then:
The PDM turns on the primary and lift fuel pumps. The pumps will run off a PWM coefficient scaled by consumption to not overload the regulator/return line’s ability to return fuel while still ensuring the fuel rails have a net-positive supply throughout trips up and down the power band. Apart from maintaining stable pressures, this is intended to reduce fuel pump wear/failures as well as reduces unnecessary fuel heating. Simultaneously, the PDM will open the AccuSump valve to begin pre-oiling. The PDMs will also disable any high-current accessories such as the electric power steering pump, radiator fans, and/or electric AC compressor/blower that might happen to have been enabled even though the engine was off. Once stable fuel pressure and a minimum of 15psi oil pressure OR 2 seconds have elapsed (in case the Accusump happens to have already been emptied) then the PDM will enable the starter solenoid and begin cranking the engine.
If after some period of time (TBD) the engine does not fire up, then the startup is aborted, the IGN, accusump, and Fuel Pump circuits are switched off, and the system returns to the pre-ignition state, the light on the button returns to red, and there is an alarm on the ADU (hopefully joined by some alarm information generated by the EMU indicating why startup failed such as timing sync failure)
At some point, either based on engine RPM or the EMU’s own logic, the engine is deemed to have started then the PDM will switch off the starter solenoid and the button light turns green. The power steering, AC, and cooling fan circuits are re-enabled on the PDM. The driver is free to race.
When it is time to stop the engine, the preferred method would be for the driver to push the START/STOP button for 2 seconds; however turning off the Master Power switch would be an option. Pressing the button would turn off the Accusump, IGN circuits, and both fuel pumps via the PDM. I still need to research if leaving the WBO heaters running for a moment after the engine is stopped is best for sensor longevity or if they can also be immediately de-energized without concern. The system returns to a pre-ignition state and the button light turns red.
If the master kill switch is pressed, all circuits are turned off immediately with the isolator timer set to give the ADU and EMU time to save information before shutdown.
If you are not familiar, the hardwire electronics PDMs have custom logic and canbus controls on par (or in the case of the EMU slightly better) than the ECU Master ADU/EMU. This effectively gives me 4 brains to leverage, but like the ADU/EMU each has a limitation on the total number of custom objects that can be created. I come from a software engineering and controls background, I know how I can make all of this logic work (I am NOT an engine tuner and so while I can work out the best way to implement levers of control, I do not pretend to know what values should be used in pulling those levers.) What I’m trying to do now is sort out is what aspects of this logic align with built in functions of the EMU because 1) every built in function I use is one (or more) custom object that is available for something else and 2) I believe it is always best to utilize something in the way the original engineer intended whenever possible.
Once I’ve sorted out what is already baked in and what I need to invent then I’ll need to sit down and spread out my available resources across the 4 brains to figure out the most efficient place to implement each piece. I know it all sounds overly complicated but I’m a firm believer in building bounds checking and exception handling into control systems so that when something goes wrong I have the greatest possible chance the system will react safely and reliably for the driver.