Essential PCB Design Tips: How to Implement a Watchdog Timer in Your PCB Design

Created: November 1, 2017
Updated: October 16, 2020
Boiling kettle

When you work from home there are some perks of the job. You can make your own meals, slot in some laundry over lunch, and drink all the tea you want. I use a stove-top kettle to boil water for my tea, so when I get in the writing zone, I rely on its high-pitched whistle to tell me when it’s done.

Sometimes when I’m careless, I don’t fit the lid on properly. As a result, the kettle remains silent despite the fact that the liquid water inside of it is rapidly becoming a gas. My careless behavior in this scenario only means that I’ll be drinking less tea, in embedded systems, the consequences are much higher if you don’t know how to operate a Watchdog Timer (WDT). When your timer fails to operate, a stalled microcontroller will remain stalled and cause your embedded system remains down. Let’s look at how watchdog timer works, how to implement a watchdog timer circuit, and how to get them to function correctly on the first try so that you can avoid this scenario.

Why Embedded Systems Failed To Recover Despite Having A WDT

The Watchdog Timer is a simple fail-safe feature in electronics that helps to reboot a microcontroller in the event of a hardware or software watchdog circuit crash. The STM32 Watchdog Timers are available as a separate integrated circuit (IC) or as a built-in feature within the microcontroller itself. Not using a WDT In embedded systems design is often an unpardonable sin.

The way Watchdog Timers operate is simple. It is programmed to countdown over a set Watchdog timeout interval. Under normal operation, the microcontroller periodically refreshes the countdown timer of timer to prevent it from expiring. If the microcontroller is unresponsive then it will not refresh the Watchdog Timer. As a result, when Watchdog Timers expire, it will trigger a pulse or signal to Watchdog Timer reset the microcontroller. This simple feature compensates for design errors or environmental factors that may cause a microcontroller to crash.

Yet, if your WDT fails, then it is unlikely that your embedded system will recover from its erroneous state. This is why it is important to pinpoint the cause of why a Watchdog Timer might fail to reset the microcontroller. The most obvious answer is that the Watchdog Timer chips are faulty. However, if you repeatedly have embedded systems in multiple units failing to recover, then there could be something up with your designs.

Actually, in my many years of designing and deploying hundreds of microcontroller-based devices, I’ve never encountered a single case of a failed STM32 Watchdog Timer. The root cause is often simply human error.

Error on a red screen
What you see when a WDT Fails to revive a stalled microcontroller

Why a WDT Might Not Operate Properly

For embedded systems using an internal WDT, runaways code can deactivate the Watchdog Timer if the configuration bits are unintentionally overwritten. External Watchdog Timer chips suffer from entirely different problems. In this case, it is common to have a jumper pin that can disconnect the reset signal from the external Watchdog Timer when firmware engineers are developing and debugging a program. Often these jumper pins need to be manually connected before the units are deployed on-site. If they’re not, then the WDT reset signals will remain disconnected and fail to reset the microcontroller.

A more common reason why Watchdog Timers fail to function is because of coding errors. If the functions that refresh the WDT timers are placed in the wrong part of the program, they won’t operate when they’re supposed to. Firmware for microcontrollers gets complicated when there are multiple tasks with different priorities in a Real-Time Operating System (RTOS). Higher priority Watchdog circuit tasks may continue to execute even when lower priority tasks are in an abnormal infinite loop. If refreshing the Watchdog Timer circuit is the highest priority task, then the microcontroller will not be refreshed when it is not functioning correctly.

Man programming at computer
It is good practice to ensure that Watchdog Timers are refreshed correctly

How To Ensure The WDT Is Functioning Reliably

Ensuring that the WDT does its job involves the firmware developer, system installer, and hardware watchdog designer. Firmware developers should apply the best practices in programming to avoid code overruns that switch off internal WDT. Firmware developers must have a good understanding of the memory architecture of the microcontroller and how to correctly use memory pointers and allocation in the code.

Besides that, the structure of the program should be drafted so that the Watchdog Timers are refreshed at appropriate locations in the program. This means that the program will trigger a Watchdog reset if an infinite loop develops at any point in the program. You can also develop a test utility to check the functionality of the WDT on-site. This also eliminates the risk of missing any disconnected jumper pins between an external Watchdog Timer and the microcontroller.

When you need to access an easy-to-use PCB layout tool that includes everything needed to build high-quality manufacturable circuit boards, look no further than CircuitMaker. In addition to easy-to-use PCB design software, all CircuitMaker users have access to a personal workspace on the Altium 365 platform. You can upload and store your design data in the cloud, and you can easily view your projects via your web browser in a secure platform.

Start using CircuitMaker today and stay tuned for the new CircuitMaker Pro from Altium.

 

Check out Altium Designer in action...

Powerful PCB Design

Related Resources

Related Technical Documentation

Back to Home
Thank you, you are now subscribed to updates.