Arm

What is watchdog in microcontroller?

Holly Lindsey
Holly Lindsey 8 Min Read

A watchdog timer (WDT) is a hardware circuit that is used to detect anomalies and reset the microcontroller if it stops functioning correctly. It is an essential component for building robust and reliable embedded systems.

Contents
Why use a watchdog?How does a watchdog timer work?Watchdog hardware implementationWatchdog control registersWatchdog programmingWatchdog feeding techniquesWatchdog reset handlingWatchdog error scenariosWatchdog design considerationsSummary

Why use a watchdog?

Microcontrollers are susceptible to lockups and crashes due to software bugs, electrical noises, power glitches, etc. A lockup renders the microcontroller unresponsive and the system non-functional. Watchdog timers provide a way to automatically detect such lockup conditions and reset the microcontroller before the system fails dangerously. This improves the overall reliability and availability of embedded systems.

Some key reasons to use a watchdog timer are:

  • Recover from software crashes and hangs:
  • Detect hardware failures:
  • Overcome electromagnetic interference issues:
  • Handle indefinite loops and infinite recursion:
  • Reduce human monitoring needs:

How does a watchdog timer work?

A WDT is basically just a counter that counts down from a preset value to zero. The microcontroller has to periodically restart the counter to prevent it from reaching zero. If the counter does reach zero, it will trigger a reset signal to reset the microcontroller.

The working principle involves the following key steps:

  1. The watchdog counter register is loaded with a preset timeout value on startup.
  2. The program running on the microcontroller periodically restarts the watchdog counter by writing to a specific register before the counter reaches zero.
  3. If the program fails to restart the counter within the timeout period, the WDT counter reaches zero and resets the microcontroller.
  4. The microcontroller boots up again after reset and starts executing from the beginning.

As long as the program is executing properly, it will keep restarting the watchdog counter. If the program hangs, the counter resets the microcontroller to revive it from hangs or crashes.

Watchdog hardware implementation

Microcontroller units contain dedicated watchdog timer modules or circuits to implement the watchdog functionality. The key hardware components of a WDT include:

  • Watchdog counter register: Stores the current counter value. Needs periodic restarting.
  • Watchdog control and status registers: To enable, configure and monitor the WDT.
  • Clock source: Provides the clock/timebase pulses for the counter.
  • Reset generation circuitry: Triggers a reset signal when the counter reaches zero.

The watchdog module derives its clock either from an independent internal oscillator or from the system clock. Using a separate clock source isolates it from system clock failures.The reset signal generated by the WDT is routed to the reset pin or reset generation logic of the microcontroller.

Watchdog control registers

The control registers are used to enable, disable and configure the watchdog timer module. Typical watchdog control registers include:

  • WDT enable (WDTEN): This bit enables or disables WDT. Setting it starts the watchdog operation.
  • WDT configuration (WDTCFG): Sets the timeout period and operating mode.
  • WDT clock source (WDTSRC): Selects clock source – internal or external.
  • WDT window enable (WDWINDOW): Enables the watchdog window mode.
  • WDT lock (WDTLOCK): Locks the watchdog configuration from accidental writes.

These registers allow flexible control over the watchdog behavior as per the application needs.

Watchdog programming

To utilize the watchdog timer effectively, the software has to be written to interact with it properly. The key WDT programming steps are:

  1. Enable the WDT and set the timeout period on startup.
  2. Setup the watchdog interrupt or hook periodic tasks to a watchdog feed function.
  3. The feed function must restart the WDT counter at sufficient frequency.
  4. Deploy robust exception handling and recovery mechanisms.
  5. Handle watchdog resets properly on restart.

Frequent feeding of the watchdog is crucial. The feed rate determines how quickly a system can recover from crashes. The feeding frequency is a tradeoff between reset latency and overhead.

Watchdog feeding techniques

Main program loops are generally too slow for feeding the watchdog. Some commonly used techniques for regular WDT feeding are:

  • Dedicated watchdog task: A high priority periodic task that feeds the WDT at set intervals.
  • Scheduler or RTOS ticks: Tie the feeding to the scheduler ticks or kernel tick interrupts.
  • Timer interrupts: Use periodic timer interrupts to feed the watchdog at fixed intervals.
  • I/O interrupts: Use external stimuli like I/O interrupts to feed the watchdog if no timers are available.

The feeding technique is chosen based on the system design constraints like performance, accuracy, overhead, reliability needs etc.

Watchdog reset handling

When the watchdog resets the system, the program starts executing from the beginning. Proper reset handling is needed to maintain continuity and recover properly after resets.

  • Critical system state information needs to be stored in non-volatile memory.
  • Auto-restart procedures and flags help recover and resume application execution.
  • Reset event counters and logs help identify reset sources and frequencies.
  • Reset handling hooks allow taking application-specific recovery actions.

Robust reset handling mechanisms help maintain continuity and prevent data loss across watchdog resets.

Watchdog error scenarios

Some common watchdog timing related issues encountered in real applications include:

  • Starvation: Failing to feed the watchdog within the timeout period leading to frequent resets.
  • Tardiness: Delayed feeding due to software lags causing sporadic resets.
  • Incorrect timeout value: Wrong timeout configuration resulting in premature or late resets.
  • Blocked interrupts: Interrupts disabled for long periods missing the feed scheduled via interrupts.

Careful setting of timeout values, proper task scheduling, and robust feeding techniques help avoid these pitfalls.

Watchdog design considerations

Some key considerations when designing with watchdog timers are:

  • Timeout period: Should be adequate for intended feed rates and reset latency.
  • Clock tolerance: Account for clock accuracy and drifts in timeout thresholds.
  • Startup delays: Add delays on startup before enabling watchdog, to avoid premature resets.
  • Interrupt latency: Account for worst-case interrupt blocking times.
  • Task scheduling: Schedule periodic feeds based on priority and deadlines.
  • Disable control: Allow watchdog disable only for debugging.

Properly accounting for these factors results in a robust watchdog implementation.

Summary

In summary, a watchdog timer is an essential fail-safe mechanism that enables automatic recovery from crashes in embedded systems. The periodic resetting of the microcontroller by the watchdog timer helps restore normal behavior and improves reliability. Proper configuration, feeding techniques, reset handling are needed to utilize it effectively. Watchdog timers find widespread use in mission-critical embedded devices and safety-related systems across industries.

Newsletter Form (#3)

More ARM insights right in your inbox

 

Share This Article
Previous Article What is watchdog software used for?
Next Article What is watchdog in PLC?
Leave a comment
- Sponsored-
Ad image