Use Watchdog Timers (EE Tip #143)

Watchdog timers are essential to many complete electronic system designs.  As Bob Japenga explains, following a few guidelines will help make your designs more effective.

No longer used in just the realm of fault-tolerant systems, independent watchdog timers are put on systems because we know something can go wrong and prevent it from being fully functional. Sometimes the dogs reset the processor and sometimes they just safe the device and notify a user. However they work, they are an essential part of any system design. Here are the main guidelines we use:

  • Make it independent of the processor. The last thing you want is for the processor to lock up and the watchdog to lock up too.
  • Do not tickle the watchdog during an interrupt. (The interrupt can keep going while a critical thread is locked up.)
  • Do not tickle the watchdog until you are sure that all of your threads are running and stable.
  • Provide a way for your debugger to have break points without tripping the watchdog.
  • If the watchdog can be disabled, provide a mechanism for this to be detected.

I provide many more guidelines for watchdog design in a white paper that’s posted on our website.—Bob Japenga, CC25, 2013