External Watchdog Testing the watchdog32 breakout
Improving Security and Reliability of Arduino (and Raspberry) with an External Watchdog: Testing the watchdog32 breakout
In the world of Arduino and embedded electronics in general, security and reliability are two fundamental aspects. One common issue that developers may encounter is the unexpected freezing of the microcontroller, which can lead to critical malfunctions in the entire system. In this article, we will explore how the use of an external watchdog can significantly help prevent undesired locks and enhance the security and reliability of the system.
Understanding Arduino's Internal Watchdog (what it is and how it works)
Arduino's internal watchdog is a built-in safety function in the chip that helps prevent blocks or abnormal halts of the microcontroller in case of errors in the program or electrical malfunctions.
Here's how it works and how to enable it: the internal watchdog is essentially a timer that must be periodically reloaded or, in slang, retriggered, with a specific function called wdt_reset() to be included in our program. If the timer is not retriggered within a certain period, it reaches its counting limit, and then the microcontroller is automatically restarted following the generation of a reset. The internal watchdog timer of Arduino is configured with a default period, close to one second.
In summary, every time the function wdt_reset() is called, the watchdog timer is retriggered. Our program must continuously retrigger the watchdog so that the timer does not expire. If the program gets stuck due to a programming error or an infinite loop or stops retriggering the watchdog due to an electrical disturbance, the microcontroller will be restarted as soon as the watchdog timer's time ends, generating a hardware reset.
To enable the internal watchdog on Arduino, follow these steps:
- Include the watchdog library: #include <avr/wdt.h>
- Configure the watchdog timer with one of the predefined options, which are WDTO_1S for a 1-second timeout and WDTO_2S for 2 seconds.
- Next, retrigger the Watchdog Timer in your loop or in the parts of the code where you want to do this, by inserting the call to the function wdt_reset().
Make sure to retrigger the watchdog timer regularly; otherwise, the microcontroller will be automatically restarted if the timer expires.
Using the internal watchdog is a good practice to increase the robustness and reliability of your Arduino projects, especially in critical applications where CPU lockup could lead to user issues or affect software professionalism and image.
Ensure that when the CPU restarts following a reset, this event is tracked, for example, by incrementing a non-volatile variable in the EEPROM. This will be useful for verifying the system's robustness even after many months by reading the value of this variable.
Internal or External Watchdog?
Although the internal watchdog is a safety aid and improves reliability, there are several reasons to add an external watchdog to the system.
- The internal watchdog uses one of the microcontroller's timers, which could be a limitation for our needs.
- There are some libraries (for example, those related to OLED display management) that conflict with the internal watchdog due to the use of the same timer.
- In highly critical or dangerous scenarios, a good solution, as dictated by safety certifications, is to have redundancy in safety systems, preferably built with different circuits or technologies. Here, an external watchdog can complement the internal one.
Personally, I always use an external watchdog where possible because it is more manageable. I can physically disconnect it from the reset while still having the trigger on the oscilloscope to resolve code issues more quickly, which would continuously reset the CPU otherwise, causing significant time losses.
In Practice (Testing the WATCHDOG32 board)
Searching on Google for the term watchdog, you immediately realize how many available chips perform this function, almost always accompanied by power supply voltage control, one of the major problems that can cause CPU blocks.
To quickly test one of these chips, I naturally turned to a breakout, a pre-assembled board. My choice fell on a module called WatchDog32, which I found in a kit on eBay (https://www.ebay.com/itm/235363182136).
Let's analyze the Watchdog32 module:
- It is available in three versions: component kit, pre-assembled, or PCB only.
- It mounts the ADM1232 or MAX1232 chip.
- It has three adjustable times (0.15 sec, 0.6 sec, and 1.2 sec) set by closing a solder jumper.
- It has two power supply voltage control thresholds (4.75V or 4.5V) set by closing a solder jumper.
- It has an essential feature for use with Arduino: the ENABLE pin and the corresponding cut jumper, allowing exclusion of the reset generated during preliminary sketch adjustment operations and enabling the watchdog only when Arduino has finished its boot, avoiding an infinite restart that would prevent it from starting. We can also enable the watchdog after Arduino's boot operations, typically as the last operation in our SETUP, after the first retrigger.
- It has a green LED to indicate the presence of power.
- It has a red LED to indicate a reset from watchdog32. If the module is not enabled via the ENABLE pin or has the jumper that cuts the chip's reset from Arduino's, we will see the red LED light up, but Arduino will not be actually reset.
Once the breakout (our watchdog32 module) was connected with the usual Dupont wires, as per the attached diagram, I used the sketch available on eBay along with the module to quickly test it. This sketch has a menu where we can perform some tests:
- Retrigger watchdog32 within the preset times, where no reset will be observed.
- Retrigger watchdog32 with times longer than necessary, where a reset will occur.
- Retrigger watchdog32 with increasing times to discover the actual intervention time.
Needless to say, all these operations must be done via the serial terminal of the Arduino IDE.
Final Considerations and External Auto-Startup Logic for the External Watchdog:
Security and reliability are crucial priorities when developing projects with Arduino. Adding an external watchdog can facilitate debugging operations. With the right understanding and implementation, you can increase the stability and trust in your embedded projects.
A good solution would be to enable the external watchdog with a hardware delay circuit, such as an NE555 in monostable configuration, which enables Watchdog32 after a few seconds at power on. This would also cover those very rare cases where a disturbance occurs between power on and watchdog enablement, a remote but not impossible case that could lock the CPU without recovery possibility, except with manual reset; the system would restart automatically.
L.Pautasso (contacts: lpautas gmail)
The link to the board https://www.ebay.com/itm/235363182136
The advertising banners on this page are boring, but they allow us to pay the server expenses. If you click on one of them, you will also contribute to the site's maintenance. THANK YOU