The hardware will usually assert the processor's reset line, but other actions are also possible. Once your watchdog has bitten, you have to decide what action to take. In a complex embedded system, it may not be possible to guarantee that there are no bugs, but by using a watchdog you can guarantee that none of those bugs will hang the system indefinitely. Obviously, it is preferable to fix the root cause, rather than getting the watchdog to pick up the pieces. This is exactly the sort of transient failure that watchdogs will catch.īugs in software can also cause the system to hang, if they lead to an infinite loop, an accidental jump out of the code area of memory, or a dead-lock condition (in multitasking situations). The software would crash almost immediately, even if the code is completely bug free. In electrically noisy environments, a power glitch may corrupt the program counter, stack pointer, or data in RAM. What errors are caughtĪ properly designed watchdog mechanism should, at the very least, catch events that hang the system. It is also possible to design the hardware so that a kick that occurs too soon will cause a bite, but in order to use such a system, very precise knowledge of the timing characteristics of the main loop of your program is required. If the man stops kicking the dog, the dog will take advantage of the hesitation and bite the man. However, in this article we will use the more visual metaphor of a man kicking the dog periodically-with apologies to animal lovers. In other texts, you will see various terms for restarting the timer: strobing, stroking or updating the watchdog. If it does reach zero, it is assumed that the software has failed in some manner and the CPU is reset. It is the responsibility of the software to set the count to its original value often enough to ensure that it never reaches zero. The hardware component of a watchdog is a counter that is set to a certain value and then counts down towards zero. The second half covers a scheme for making use of a watchdog in a multi-tasking system. The first half of the article will assume that there is no RTOS present. This article will discuss exactly the sort of failures a watchdog can detect, and the decisions that must be made in the design of your watchdog system. In addition, the recovery actions you implement can have a big impact on overall system reliability.Ī watchdog timer is a piece of hardware, often built into a microcontroller that can cause a processor reset when it judges that the system has hung, or is no longer executing the correct sequence of code. If you have a watchdog timer in your system, you must choose the timeout period carefully, ensure that the watchdog timer is tested regularly, and, if you are multitasking, monitor all of the tasks. Making proper use of a watchdog timer is not as simple as restarting a counter. We will examine the use and testing of a watchdog, as well as the integration of a watchdog into a multitasking environment. But that's not all there is to watchdog science. To keep a watchdog timer from resetting your system, you've got to kick it regularly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |