"Broadcast" semaphores and watchdog timers

philpem wrote on Thursday, February 25, 2016:


I’ve designed a system which uses the idle task to reset (kick/poke/whatever) the watchdog timer. Effectively this means that if the system is stuck in a tight loop for an extended period of time, it will reboot.

Unfortunately, sometimes there are long-running tasks which need to be handled, but the watchdog still needs to be dealt with too. Without yielding some time to the WDT, these long-running tasks will cause spurious watchdog resets. So as an extension to this design, the idle task gives a semaphore after the WDT is reset, which can then be taken by long-running tasks.

This raises the question: what can I do if I have two long-running tasks which want to yield? One watchdog reset is as good as any other, and if I have two tasks waiting, I should be able to wake both of them up. Is it possible to have a semaphore wake two tasks?

One solution I thought of was to have a queue which tracked the task handles of the tasks waiting for the watchdog to update.

When a task wants to wait, it puts its handle in the queue, then calls vTaskSuspend().

When the idle task has finished updating the watchdog, it looks in the queue and calls vTaskResume against all the task handles in the queue.

But this seems a little over-engineered. Can anyone suggest a better way to do this?


davedoors wrote on Thursday, February 25, 2016:

Brainstorm -

Use an event group instead of a semaphore?

Use a trace macro or tick hook to count the number of times each task executes, then check the counts on every ‘n’ ticks and clear the watchdog if the counts match expectation?

philpem wrote on Friday, February 26, 2016:

That looks like a nice way to do it – I hadn’t even looked at Event Groups before. I’m now doing this:

  • Tasks use EventGroupSync with no bits to set and one “watchdog done” bit specified to wait for
  • Watchdog idle hook sets “watchdog done” event group bit when it’s finished resetting the watchdog

Which beats my queue implementation by… well, not wasting memory on a queue. If another task needs to wait for a watchdog update, it simply ends up joining the end of the line and is resumed at the same time as the first one.

The timeout on the EventGroupSync call is only 10 ticks, so in practice not many tasks will end up waiting… but it would seem to guarantee that if multiple long-running tasks end up running, they can at least yield a small slice of CPU time back to the watchdog :slight_smile:

How elegant!