Email: Password: Remember Me | Create Account (Free)

Back to Subject List

Old thread has been locked -- no new posts accepted in this thread
???
02/21/12 18:08
Read: times


 		 #186113 - The simpler, the more trustworthy.
Responding to: ???'s previous message
Kai Klaas said:
If a µC is vulnerable, then everything inside is vulnerable as well. This obviously includes the internal watchdog.


Well, the watchdog should be simpler than the uC. That means that its failure modes are easier to examine, and that it's easier to design it to be fail-safe, i.e. that failures will lead to the watchdog triggering a reset instead of the watchdog locking up.

Of course, a watchdog that can have its clock turned off by the uC performing a simple write isn't going to cut it it situations where you can't expect the user to remove and reinsert the battery. It might be ok for game consoles, music players and cellphones, though.

Jack Ganssle wrote an interesting article about watchdogs and how to identify good ones and bad ones:

http://www.ganssle.com/watchdogs.htm


List of 44 messages in thread
TopicAuthorDate
Pointless watchdog?            01/01/70 00:00      
   Sounds Like From What You Said...            01/01/70 00:00      
      Didn't want to point fingers.            01/01/70 00:00      
         A?            01/01/70 00:00      
            Don't forget AVR            01/01/70 00:00      
               One more argument ...            01/01/70 00:00      
                  Independently testable            01/01/70 00:00      
                     Slow but critical.            01/01/70 00:00      
                        Yes            01/01/70 00:00      
                           ESD            01/01/70 00:00      
                               You can't            01/01/70 00:00      
                                 You can...            01/01/70 00:00      
                                    But emi-filter, overvoltage protection etc may not be enough            01/01/70 00:00      
                                       ESD ...            01/01/70 00:00      
                                          It's not just ESD, it's "the works"            01/01/70 00:00      
                                             I do not trust the watchdog...            01/01/70 00:00      
                                                The simpler, the more trustworthy.            01/01/70 00:00      
                                                   Less complex does not mean less probable to fail!            01/01/70 00:00      
                                                   WDT and debug breadcrumbs            01/01/70 00:00      
                                                Lightning strikes            01/01/70 00:00      
                                                   A watchdog should never be needed - but should be there            01/01/70 00:00      
                                                   A watchdog isn't a fuse...            01/01/70 00:00      
                                                      correction            01/01/70 00:00      
                                                      I just can not agree with that reasoning            01/01/70 00:00      
                                                         Oh please, don't...            01/01/70 00:00      
                                                            so?            01/01/70 00:00      
                                                Why you need a watchdog            01/01/70 00:00      
                                                   And even if you had perfect software and hardware ...            01/01/70 00:00      
                                                      Reset versus power cycle            01/01/70 00:00      
                                                         Mars Pathfinder            01/01/70 00:00      
                                                         many modern chips            01/01/70 00:00      
                                                            The problem with bidirectional reset pins.            01/01/70 00:00      
                                                               The uC in question            01/01/70 00:00      
                                                            Latchup            01/01/70 00:00      
                                                               ONLY clocked circuits?            01/01/70 00:00      
                                                                  That kitchen exhaust fan ...            01/01/70 00:00      
                                                            link...            01/01/70 00:00      
                                                               Sales talk            01/01/70 00:00      
                                                   certified applications            01/01/70 00:00      
                  Using external watchdog            01/01/70 00:00      
                     It's a feature, actually.            01/01/70 00:00      
               Wet            01/01/70 00:00      
   Featuritis...            01/01/70 00:00      
   Looking at it from another perspective            01/01/70 00:00      

Back to Subject List