Lesson 16. Improving the reliability of programs for Arduino. Watchdog timer.

Watchdog timer in Arduino

In this lesson we will talk about ways to increase the reliability of programs for Arduino, learn how to use the watchdog timer in the Arduino system.

Previous lesson     List of lessons     Next lesson

Like any electronic device on microcontrollers, the Arduino boards may hang. The reasons may be different:

  • controller malfunction;
  • abnormal power supply system of the controller, power surges, interference through the power supply circuit;
  • electromagnetic interference to the board and controller components;
  • impulse noise through common circuits of external system components (computer, other controllers, long communication lines, etc.);
  • parasitic connections on the board, especially in harsh operating conditions (high humidity, temperature, vibration);
  • incorrect (rather unintended by the programmer) user actions or the reaction of external components;
  • errors in the program.

Of course, this is not normal. This can not be allowed, but something is not provided for, something happened that does not depend on us. In addition, we program in a high-level language, which means that there is a software environment that we do not control. The compiler creates some stacks, areas of own data, and we do not know how reliably they are implemented.

Therefore, it is necessary to monitor the progress of the program and take action if it works abnormally.

 

Watchdog in the Arduino system.

One way to improve reliability is to use a watchdog timer to monitor program execution. It is a hardware timer that must be periodically reset by the program. If the watchdog reset does not occur within a specified time, it will cause a reboot of the entire system, i.e. will generate a microcontroller reset signal. Thus, if the program hangs and stops resetting the watchdog timer, the microcontroller will be reset, as if the reset button had been pressed.

In Arduino systems there is a watchdog timer, which is the internal node of the ATmega microcontroller.

 

Library for working with Arduino watchdog.

To control the watchdog timer, you need to include library avr/wdt.h to the project .

It is not necessary to search this library in the Internet, download it. It does not need to install. This is a standard library, it is in the Arduino directory. In my D:\Arduino\hardware\tools\avr\avr\include\avr\wdt.h

Just add a line to the project:

#include <avr/wdt.h>

The library has three functions.

void wdt_enable (timeout)

The function enables the watchdog timer, sets the time-out time. The argument (timeout time) can take the following values.

WDTO_15MS // 15 ms
WDTO_30MS // 30 ms
WDTO_60MS // 60 ms
WDTO_120MS // 120 ms
WDTO_250MS // 250 ms
WDTO_500MS // 500 ms
WDTO_1S // 1 sec
WDTO_2S // 2 sec
WDTO_4S // 4 sec
WDTO_8S // 8 sec

Example:

wdt_enable(WDTO_120MS); // enable watchdog timer with 120 ms timeout

void wdt_reset (void)

Reset watchdog timer. For normal operation, you must call this function at least the watchdog timer period. If the delay exceeds the timeout, a hardware reset of the controller will occur.

wdt_reset(); // reset the watchdog timer

void wdt_disable (void)

Disable the watchdog timer.

wdt_disable(); // prohibition of the watchdog timer

 

The use of a watchdog timer in the Arduino system.

Watchdog timer allows you to monitor the execution of individual cycles of the program. The function of its reset is not necessary to put anywhere. I usually control the timer interrupt cycle, from which the rest of the program cycles count. In previous lessons, I would set the watchdog reset in the 2 ms timer interrupt cycle.

Let's check the work of the watchdog on a real program. In the programme:

  • A 2ms timer interrupt cycle is organized.
  • In the main asynchronous cycle, control of the board LED is implemented (flashes with a period of 1 second).
  • In the main loop, data from the serial port is checked, and when any data appears, a timer interrupt is disabled. This simulates the failure of the timer settings.

// check the watchdog timer
#include <MsTimer2.h>
#include <avr/wdt.h>

#define LED_PIN 13 // LED is connected to pin 13
int ledCount; // LED flashing time counter

void setup() {
  pinMode(LED_PIN, OUTPUT); // determine the output of the led as an output
  Serial.begin(9600); // initialize the serial port
  MsTimer2::set(2, timerInterupt); // set the interrupt period from the timer 2 ms
  MsTimer2::start(); // enable timer interrupt
  // wdt_enable(WDTO_15MS); // enable watchdog timer with 15 ms timeout
}

void loop() {
  // blinking LED
  if ( ledCount > 250 ) {
    ledCount= 0;
    digitalWrite(LED_PIN, ! digitalRead(LED_PIN)); // LED state inversion
  }

  // check data in the serial buffer (imitation of failure)
  if ( Serial.available() != 0 ) MsTimer2::stop(); // disable timer interrupt
  }

// interrupt handler
  void timerInterupt() {
  ledCount++; // LED counter
  // wdt_reset(); // reset the watchdog timer
}

Let's load the program into the board. The LED flashes once per second. Open the port monitor and send some character. The LED will stop flashing. We simulated the failure of the timer settings and the program hung. If you press the reset button on the board, the program will start working again, the LED will flash.

Now we will free from comments two lines of enable and reset of the watchdog timer.

wdt_enable (WDTO_15MS); // enable watchdog timer with 15 ms timeout
wdt_reset (); // reset the watchdog timer

Let's load the program to the board. Now, when simulating a failure, the watchdog timer resets the microcontroller, and the program continues to run.

 

Ways to improve the reliability of the program.

Watchdog timer is not a panacea for program malfunction. Imagine that in the previous example, setting the interrupt timer will fail so that it will work with a period of not 2 ms, but 5 ms. And how will the watchdog help here? If the serial port settings fail? The program will not perform its functions.

Only a set of measures will allow you to create a reliable program. I am developing software for PIC-controllers of Microchip. The programs are used in devices requiring high reliability. Hanging or incorrect operation can lead to fatal consequences. These are powerful specialized power sources, cathodic protection stations, technological process control systems, GSM telemetry, etc. The reliability of programs is a very extensive, complex topic. I will briefly talk about the basic principles of creating reliable programs.

What can happen to the program? After which it stops working correctly?

  • Data (variables) may be corrupted in RAM.
  • Possible erroneous change in the state of microcontroller registers.
  • The program can endlessly expect some event that does not occur, and the developer believed that it would be by all means.

 

Control of data, variables, registers of the microcontroller.

Variables that are used for intermediate results of calculations we are not able to control. How do we know what should be in them at the moment. And variables in which parameters, modes, technological installations, etc. are stored can be controlled. And you can reinstall them cyclically.

In my programs for PIC-controllers there is always a program block called “cyclic settings”. With a certain period, all variables and registers of the microcontroller are reinstalled in it. Of course those that do not change in the cycle.

For example, in the program there is a cyclic timer interrupt with a specific period time. In cyclic installations, all timer and interrupt controller modes are reinstalled. With this approach, the time period of the timer interrupt cannot change, get lost, spoil. Although, it must be admitted that when developing programs in a high-level language, it is not easy to reinstall all variables and registers.

I protect large data blocks with checksums and periodically check. Data integrity monitoring is written in lesson 14.

In case of erroneous data, it is better to reload the entire program, forming a software reset. It is not known that it still remains erroneous in it.

But it is better to use hardware reset to reset all registers of the microcontroller. This can be done using the watchdog timer:

wdt_enable (WDTO_15MS);
while (1) {}

 

Monitoring the progress of the program.

One common error that causes a program to hang is waiting for an event in an infinite loop.

Suppose you are receiving data from a computer via a serial port. You wait for 10 bytes, and have received 9. And the program is endlessly waiting for the 10th byte. I have seen a lot of programs that hang when there is a violation of data reception on the serial interface.

In such cases it is necessary to control the time of the operation. If the byte did not arrive within 1 second, then it will never come. It is necessary to count the waiting time for the event and in the absence of it take action. Each expected event should have its own time-out - waiting time. And to use for this the watchdog timer or software counters - the programmer decides.

In the next lesson, we will develop a fully working device based on the Arduino board - a security alarm system. Knowledge for this is now enough.

Previous lesson     List of lessons     Next lesson

One thought on “Lesson 16. Improving the reliability of programs for Arduino. Watchdog timer.

  1. Very interesting topic that of “cyclic settings”, but a working example would make it even better.

    You also might include the brownout (BOD) and power-on-reset (POR) features. Both are very handy when programming more secure firmware. BTW, the ATMEGA328 is old enough not to include a windowed watchdog 🙁

    Greetings!

Leave a Reply

Your email address will not be published. Required fields are marked *