Independent watchdog (IWDG) or Window watchdog (WWDG)

microcontrollerstm32watchdog

I'm still searching to find an answer for this question:

Why while the stm32 MCUs have a perfect watchdog (I mean Window watchdog (WWDG)), there is a simple watchdog (Independent watchdog (IWDG)) ?

I found this page that has said:

ST Microelectronics has a line of Cortex-M3 devices. The M3 has become extremely popular for lower-end embedded devices, and ST's STM32F is representative of these parts (though the WDT is an ST add-on, and does not necessarily mirror other vendors' implementations). The STM32F has two different protection mechanisms. An "Independent Watchdog" is a pretty vanilla design that has little going for it other than ease of use. But their Window Watchdog offers more robust protection. When a countdown timer expires, a reset is generated, which can be impeded by reloading the timer. Nothing special there. But if the reload happens too quickly, the system will also reset. In this case "too quickly" is determined by a value one programs into a control register.

Another cool feature: it can generate an interrupt just before
resetting. Write a bit of code to snag the interrupt and you can take
some action to, for instance, put the system in a safe state or to
snapshot data for debugging purposes. ST suggests using the ISR to
reload the watchdog — that is, kick the dog so a reset does not
occur. Don't take their advice. If the program crashes the interrupt
handlers may very well continue to function normally. And using an ISR
to reload the WDT invalidates the entire reason for a window watchdog.

and this:

STMicroelectronics' new series of STM32F4 Cortex™-M4 CPUs has two
independent watchdogs. One runs from its own internal RC oscillator.
That means that all kinds of things can collapse in the CPU and the
WDT will still fire. There is also a “window watchdog” (WWDT) which
requires the code to tickle it frequently, but not too often. This is
a very effective way to insure crashed code that randomly writes to
the protection mechanism does not cause a WDT tickle, and the WWDT can
generate an interrupt shortly before reset is asserted.

ok, let's to take a look in the reference manual:

The STM32F10xxx have two embedded watchdog peripherals which offer a
combination of high safety level, timing accuracy and flexibility of
use. Both watchdog peripherals (Independent and Window) serve to
detect and resolve malfunctions due to software failure, and to
trigger system reset or an interrupt (window watchdog only) when the
counter reaches a given timeout value. The independent watchdog (IWDG)
is clocked by its own dedicated low-speed clock (LSI) and thus stays
active even if the main clock fails. The window watchdog (WWDG) clock
is prescaled from the APB1 clock and has a configurable time-window
that can be programmed to detect abnormally late or early application
behavior. The IWDG is best suited to applications which require the
watchdog to run as a totally independent process outside the main
application, but have lower timing accuracy constraints. The WWDG is
best suited to applications which require the watchdog to react within
an accurate timing window.

The window watchdog is used to detect the occurrence of a software
fault, usually generated by external interference or by unforeseen
logical conditions, which causes the application program to abandon
its normal sequence. The watchdog circuit generates an MCU reset on
expiry of a programmed time period, unless the program refreshes the
contents of the downcounter before the T6 bit becomes cleared. An MCU
reset is also generated if the 7-bit downcounter value (in the control
register) is refreshed before the downcounter has reached the window
register value. This implies that the counter must be refreshed in a
limited window.

As you can see, none of them have said that Why there is two watchdog. if I ask that What are the differences between the both watchdog, you will count all features that you can see in the above and if you want compare the both, obviously the Window watchdog (WWDG) will be the winner! then Why there are two watchdog?

I want to know that when should I use IWDG and when WWDG?

and is there any reason that say us Why do they call the second watch by this name -> "Window watchdog"?

Best Answer

Regular watchdog timers must be reset at some time before they time out. If you have a 100ms WDT you can reset it every 99.9ms or every 10us and it will never time out.

Window watchdog timers have a time window within which they must be reset. If you reset it too early or too late (from the previous reset) it will cause the processor to reset.

The purpose, if it is not obvious, is to help ensure that the code resetting the WDT is the intended code, operating in the intended fashion. Some kind of unforeseen condition that generates high-frequency WDT resets won't prevent the system from being reset.

Running a WDT from the system clock could be a bit of an issue- if the clock fails and if there is not an independent clock monitor circuit, bad things can happen. The independent clock for the WDT means that if the thing for some reason started running at 1/10 speed, the WDT would reset (but the window WDT would not).

Use both if you can.

As the page says, resetting the WDT with an ISR is generally bad juju (but may be acceptable if the ISR verifies the reset of the firmware is functioning before resetting the timer).

Related Solutions

Watchdog enables itself after reset

Following is stated in page 615 of the reference manual, under section 23.3.2:

The new configuration takes effect only after all registers except WDOG_CNTH:L are written once after reset. Otherwise, the WDOG uses the reset values by default. If window mode is not used (WDOG_CS2[WIN] is 0), writing to WDOG_WINH:L is not required to make the new configuration take effect.

Adding these lines in initialize_CPU() function under file init.c, I can configure the watchdog timer, and disable it:

WDOG_CS1 = 0x60;
WDOG_CS2 = 1;
WDOG_TOVAL = 0x04;

Also, it is good to note that watchdog timer registers are write-once only. So, individual bit changes are not going to have an effect after first write to the same watchdog timer register.

If user wants to configure any of the watchdog timer registers later on, updates should be enabled in the first configuration. After that following is used to configure watchdog timer the second time. For more information, please have a look at the reference manual.

/* Initialize watchdog with ~1-kHz clock source, ~1s time-out */
DisableInterrupts; // disable global interrupt
WDOG_CNT = 0xC520; // write the 1st unlock word
WDOG_CNT = 0xD928; // write the 2nd unlock word
WDOG_TOVAL = 1000; // setting timeout value
WDOG_CS2 = WDOG_CS2_CLK_MASK; // setting 1-kHz clock source
WDOG_CS1 = WDOG_CS1_EN_MASK; // enable counter running
EnableInterrupts; // enable global interrupt

Electronic – Use AVR Watchdog like normal ISR

You most certainly can. According to the datasheet, the watchdog timer can be setup to reset the MCU or cause an interrupt when it triggers. It seems you are more interested in the interrupt possibility.

The WDT is actually easier to setup than a normal Timer for the same reason it is less useful: fewer options. It runs on an internally calibrated 128kHz clock, meaning its timing is not effected by the main clock speed of the MCU. It can also continue to run during the deepest sleep modes to provide a wake up source.

I will go over a couple of the datasheet examples as well as some code I have used (in C).

Included Files and Definitions

To start, you will probably want to include the following two header files for things to work:

#include <avr/wdt.h>        // Supplied Watch Dog Timer Macros 
#include <avr/sleep.h>      // Supplied AVR Sleep Macros

Also, I use the Macro <_BV(BIT)> which is defined in one of the standard AVR headers as the following (which might be more familial to you):

#define _BV(BIT)   (1<<BIT)

Beginning of Code

When the MCU is first started, you would typically initialize the I/O, set up timers, etc. Somewhere here is a good time to make sure the WDT didn't cause a reset because it could do it again, keeping your program in an unstable loop.

if(MCUSR & _BV(WDRF)){            // If a reset was caused by the Watchdog Timer...
    MCUSR &= ~_BV(WDRF);                 // Clear the WDT reset flag
    WDTCSR |= (_BV(WDCE) | _BV(WDE));   // Enable the WD Change Bit
    WDTCSR = 0x00;                      // Disable the WDT
}

WDT Setup

Then, after you have setup the rest of the chip, redo the WDT. Setting up the WDT requires a "timed sequence," but it is really easy to do...

// Set up Watch Dog Timer for Inactivity
WDTCSR |= (_BV(WDCE) | _BV(WDE));   // Enable the WD Change Bit
WDTCSR =   _BV(WDIE) |              // Enable WDT Interrupt
           _BV(WDP2) | _BV(WDP1);   // Set Timeout to ~1 seconds

Of course, your interrupts should be disabled during this code. Be sure to re-enable them afterwards!

cli();    // Disable the Interrupts
sei();    // Enable the Interrupts

WDT Interrupt Service Routine The next thing to worry about is handling the WDT ISR. This is done as such:

ISR(WDT_vect)
{
  sleep_disable();          // Disable Sleep on Wakeup
  // Your code goes here...
  // Whatever needs to happen every 1 second
  sleep_enable();           // Enable Sleep Mode
}

MCU Sleep

Rather than put the MCU to sleep inside of the WDT ISR, I recommend simply enabling the sleep mode at the end of the ISR, then have the MAIN program put the MCU to sleep. That way, the program is actually leaving the ISR before it goes to sleep, and it will wake up and go directly back into the WDT ISR.

// Enable Sleep Mode for Power Down
set_sleep_mode(SLEEP_MODE_PWR_DOWN);    // Set Sleep Mode: Power Down
sleep_enable();                     // Enable Sleep Mode  
sei();                              // Enable Interrupts 

/****************************
 *  Enter Main Program Loop  *
 ****************************/
 for(;;)
 {
   if (MCUCR & _BV(SE)){    // If Sleep is Enabled...
     cli();                 // Disable Interrupts
     sleep_bod_disable();   // Disable BOD
     sei();                 // Enable Interrupts
     sleep_cpu();           // Go to Sleep

 /****************************
  *   Sleep Until WDT Times Out  
  *   -> Go to WDT ISR   
  ****************************/

   }
 }

Best Answer

Related Solutions

Watchdog enables itself after reset

Electronic – Use AVR Watchdog like normal ISR

Related Topic