Software Supervisory; Introduction; Windowed Watchdog Timer (Wdt) - Infineon XMC4000 Series Application Manual

5

Software Supervisory

5.1

Introduction

The following aspects of fail-safe software surveillance are covered in the subsequent sections:


Windowed Watchdog Timer (WDT)


Flexible CRC Engine (FCE)
5.2 Windowed Watchdog Timer (WDT)
Purpose of the Window Watchdog Timer module is improvement of system integrity. WDT triggers the
system reset or other corrective action like e.g. non-maskable interrupt if the main program, due to
some fault condition, neglects to regularly service the watchdog (also referred to as "kicking the dog",
"petting the dog", "feeding the watchdog" or "waking the watchdog"). The intention is to automatically
bring the system back from unresponsive state into normal operation in case a severe lock-up
condition occurred and only reset and reboot is an option.
System Clock Supervisory
Figure 16

programmable WDT with open/close window

period and window can be programmed

has to be refreshed in open window otherwise it will generate a RESET

uses same clock source as CPU
−
clock fails are detected by Clock Supervisory

WDT refresh should be done within main or low priority routines
−
usually embedded software has a predictable flow with constant periods and cycles
−
a global variable can indicate the software state
−
several user routines can manipulate one global state-variable in a way that wrong execution
sequence will lead to a none-refresh of the WDT
Application Guide 42
Fail-Safe Features
XMC4000 Family
Software Supervisory
V1.0, 2013-04