Watchdog Timers:
Raja Rai M. Faheem Abid
BEE-8 (Bahria University)
airblue
Software Reliability;
—Embedded systems must be able to cope with both hardware and software anomalies to be truly robust.
—In many cases, embedded devices operate in total isolation and are not accessible to an operator.
—Manually resetting a device in this scenario when its software “hangs” is not possible.
—In extreme cases, this can result in damaged hardware or loss of life and incur significant cost impact.
The Clementine:
—In 1994, a deep space probe, the Clementine, was launched to make observations of the moon and a large asteroid (1620 Geographos).
—After months of operation, a software exception caused a control thruster to fire for 11 minutes, which depleted most of the remaining fuel and caused the probe to rotate at 80 RPM.
Control was eventually regained, but it was too late to successfully complete the missionWatchdog Timers;
—While it is not possible to cope with all hardware and software anomalies, the developer can employ the use of watchdog timers to help mitigate the risks.
—A watchdog timer is a hardware timing device that triggers a system reset, or similar operation, after a designated amount of time has elapsed.
—A watchdog timer can be either a stand-alone hardware component or built into the processor itself.
—To avoid a reset, an application must periodically reset the watchdog timer before this interval elapses. This is also known as “kicking the dog”.
External Watchdogs:
—External watchdog timers are integrated circuits that physically assert the reset pin of the processor.
—The Processor must assert an output pin in some fashion to reset the timing mechanism of the watchdog.
—This type of watchdog is generally considered the most appropriate because of the complete independence of the watchdog from the processor.
—Some external watchdogs feature a “windowed” reset.
◦Enforces timing constraints for a proper watchdog reset.
◦Minimizes likelihood of errant software resetting the watchdog.
Windowed Watchdog Operation:
Internal Watchdogs:
—Many processors and microcontrollers have built-in watchdog circuitry available to the programmer.
—This typically consists of a memory-mapped counter that triggers a non-maskable interrupt (NMI), or reset, when the counter reaches a predefined value.
—Instead of issuing a reset via an I/O pin assertion, an internal counter of reset to an initial value.
—Watchdog configuration is controlled user software.
—Watchdog may even be used as a general purpose timer in some cases.
Internal Watchdog Considerations:
—Internal watchdogs are not as “safe” as watchdog circuits external to the processor.
◦Watchdogs that issue a NMI instead of a reset may not properly reinitialize the system.
◦Watchdog control registers may be inadvertently overwritten by runaway code, disabling the watchdog all together.
◦Reset is limited to the processor itself (no outside peripherals).
—To circumvent these issues, most built-in watchdogs have extra safety-steps designed to prohibit errant code from interfering with the operation of the watchdog timer.
—On-chip solutions have a significant cost and space advantage over their external counterparts.
No comments:
Post a Comment