Electronic – Which of these approaches for a watchdog timer

microcontrollersafetytimerwatchdog

I recently learned about watchdog timers, and am trying to implement one for my circuit for the purpose of resetting my (AVR) microcontroller if it hangs (i.e., doesn't respond to the watchdog).

Based on some research, it appears to me that there are around four options:

  1. Connect my microcontroller with an external dedicated watchdog-timer-specific IC.
  2. Connect my microcontroller with an additional microcontroller (some very basic, inexpensive one), the latter coded for the sole dedicated purpose of watchdog-timing.
  3. Lay out my own 555-timer-based watchdog circuit and connect it to my microcontroller.
  4. Use the internal watchdog timer capability on my microcontroller.

.

Which of the above approaches would you rank higher and why?

I would like to set a watchdog time of around 6 seconds, based on certain criteria for the way I'm making the rest of my design and code (the device will be a battery-powered, periodic temperature logger).

A little note: My preference would be Option 1, for simplicity, however, based on the couple I have found, these parts either appear to be expensive (I'd like a solution under 1.25 USD at most), or only allow only less than 2 seconds for the watchdog timing period.

Best Answer

  1. More expensive, as you already found out. But it should give you the highest level of reliability: because the watchdog is completely independent of the microcontroller it will still keep running, and reset the microcontroller when the latter is on fire, so to say. See 4)
  2. Brian is against it, but there are cheap microcontrollers in a small package, like the PIC10F200 in SOT-23, which you can use as a retriggerable MMV (monostable multivibrator), which the watchdog actually is. If you would consider a 555, a 10F200 is better: no external parts, and more accurate timing (1% accuracy).
  3. a 555? Seriously?
  4. The internal watchdog will do if the dedicated IC is too expensive. If you're really paranoid you can think of a scenario where some hardware error will lock up the microcontroller and the watchdog with it. I've never known this happen, but I don't know how well you sleep.

Like pjc50 says 6 seconds is a long time. A typical microcontroller will execute tens of millions of instructions in that time, and then a lot can go wrong. Suppose you're controlling some load with PWM, and a low 10 % duty cycle keeps the dissipation low. Microcontroller goes bananas and the output gets stuck at a high level, 100 % duty cycle. The load doesn't like it, and dies. You don't want to wait 6 seconds for that to happen. There should be some part of your code where you pass much more frequenct. A main loop may be as short as 10 ms, then you could set the watchdog's timeout at 100 ms, for instance. If you kick the dog once every 10 ms, then a timeout means that you missed it 10 times! Once, OK, but ten times is disaster, and you have to take action. The load will be switched off after 100 ms instead of 6 seconds, which may be the difference between dead or alive.

Related Topic