Email: Password: Remember Me | Create Account (Free)

Back to Subject List

Old thread has been locked -- no new posts accepted in this thread
???
02/23/12 12:03
Read: times


 		 #186153 - And even if you had perfect software and hardware ...
Responding to: ???'s previous message
Oliver Sedlacek said:
It is now widely recognised that it is impossible to write bug-free code of real world complexity. Assuming a 100% reliable hardware platform, you will not convince any auditor that the software running on it is bug free. A watchdog can therefore protect you from a wide range of software bugs that would otherwise lock up your system. It's not a guarantee, but it does cover a large range of software bugs.


Famous example of a watchdog saving the day: Mars Pathfinder. It's hard to send someone to hit the reset button on a device that's located on another planet.

However, even if software and hardware were perfect and both bug-free, they'd still be operating in the less-than-perfect real world. There are external events that you cannot shield your device from (cosmic rays, radioactive decay of the atoms inside your shielding, etc.), or the amount of shielding required for complete immunity would conflict with the requirements specification - i.e. the device would be immune to the external event, but the shielding would keep it from performing its intended function.

In the end, it's a matter of statistics. If the watchdog solves more problems than it causes (i.e. by turning unsafe failures into safe failures, or by restoring normal operation after an otherwise unrecoverable failure), use it, otherwise leave it out.


List of 44 messages in thread
TopicAuthorDate
Pointless watchdog?            01/01/70 00:00      
   Sounds Like From What You Said...            01/01/70 00:00      
      Didn't want to point fingers.            01/01/70 00:00      
         A?            01/01/70 00:00      
            Don't forget AVR            01/01/70 00:00      
               One more argument ...            01/01/70 00:00      
                  Independently testable            01/01/70 00:00      
                     Slow but critical.            01/01/70 00:00      
                        Yes            01/01/70 00:00      
                           ESD            01/01/70 00:00      
                               You can't            01/01/70 00:00      
                                 You can...            01/01/70 00:00      
                                    But emi-filter, overvoltage protection etc may not be enough            01/01/70 00:00      
                                       ESD ...            01/01/70 00:00      
                                          It's not just ESD, it's "the works"            01/01/70 00:00      
                                             I do not trust the watchdog...            01/01/70 00:00      
                                                The simpler, the more trustworthy.            01/01/70 00:00      
                                                   Less complex does not mean less probable to fail!            01/01/70 00:00      
                                                   WDT and debug breadcrumbs            01/01/70 00:00      
                                                Lightning strikes            01/01/70 00:00      
                                                   A watchdog should never be needed - but should be there            01/01/70 00:00      
                                                   A watchdog isn't a fuse...            01/01/70 00:00      
                                                      correction            01/01/70 00:00      
                                                      I just can not agree with that reasoning            01/01/70 00:00      
                                                         Oh please, don't...            01/01/70 00:00      
                                                            so?            01/01/70 00:00      
                                                Why you need a watchdog            01/01/70 00:00      
                                                   And even if you had perfect software and hardware ...            01/01/70 00:00      
                                                      Reset versus power cycle            01/01/70 00:00      
                                                         Mars Pathfinder            01/01/70 00:00      
                                                         many modern chips            01/01/70 00:00      
                                                            The problem with bidirectional reset pins.            01/01/70 00:00      
                                                               The uC in question            01/01/70 00:00      
                                                            Latchup            01/01/70 00:00      
                                                               ONLY clocked circuits?            01/01/70 00:00      
                                                                  That kitchen exhaust fan ...            01/01/70 00:00      
                                                            link...            01/01/70 00:00      
                                                               Sales talk            01/01/70 00:00      
                                                   certified applications            01/01/70 00:00      
                  Using external watchdog            01/01/70 00:00      
                     It's a feature, actually.            01/01/70 00:00      
               Wet            01/01/70 00:00      
   Featuritis...            01/01/70 00:00      
   Looking at it from another perspective            01/01/70 00:00      

Back to Subject List