didi71 wrote on Tuesday, October 16, 2018:
Hello everybody.
The typical sequence for to feed the watchdog onto one LPC17xx is the follow:
LPC_WDT->WDFEED = 0xAA;
LPC_WDT->WDFEED = 0x55;
My question: is It recommended to wrap the upper two lines inside a
taskENTER_CRITICAL()
taskEXIT_CRITICAL()
section?
I got very rare watchdog events and I start to believe that they could be caused because one task switch happen between the two rows.
Thanks in advance.
Diego.
richarddamon wrote on Wednesday, October 17, 2018:
Yes, I would wrap the sequence in a critical section if not a full interrupt disable as even with a very high priority interrupt you don’t want to break the pattern and risk getting the dog to trip.
rtel wrote on Wednesday, October 17, 2018:
Also, try to access the watchdog from only one task. I often have one
task that monitors all the other tasks, and kicks the watchdog only if
it is happy with everything (for example, it has determined that all the
tasks have executed within their expected time frame, etc.). Having
only one task access reduces the risk of interleaved writes of the key.
richarddamon wrote on Wednesday, October 17, 2018:
One thing worth pointing out is that in my experiance, for most watchdogs the sequence isn’t just first write the first value, and then some time later write the second, but that the two writes need to be very tightly timed to each other, so an interrupt seperating them, even if it doesn’t touch the watchdog, is enough to disrupt the kick of the watchdog. For some processors it needs a very specific instruction sequence, and there is a macro defined that will generate it.
This is why I suggest it should be wrapped in a full interrupt disable.
didi71 wrote on Wednesday, October 17, 2018:
Hi Richard.
Thank you for your fast reply.
If I well understood the macro’s taskENTER_CRITICAL() and taskEXIT_CRITICAL() aren’t enough?
Do you suggest to use disable_irq() and enable_irq() instead?
Or not?
didi71 wrote on Wednesday, October 17, 2018:
Thank you Richard.
My current implementation triggers the watchdog from only one task.
Diego.
didi71 wrote on Wednesday, October 17, 2018:
Hi everybody.
I’ve wrapped my watchdog trigger function inside the safe blocks as follows:
taskENTER_CRITICAL();
{
LPC_WDT->WDFEED = 0xAA;
LPC_WDT->WDFEED = 0x55;
}
taskEXIT_CRITICAL();
Currently I’m doing an extensive stress test to check if this solution can fixs my issue.
I keep you updated.
Thank you so much.
Diego.
richarddamon wrote on Saturday, October 20, 2018:
taskENTER_CRITICAL is good enough IF there are no other interrupts that might happen that don’t use the FreeRTOS Interrupt API that might still happen. If such an interrupt exists in your system then you want to wrap with a total interrupt disable block (not just taskENTER_CRITICAL).
didi71 wrote on Monday, October 22, 2018:
Hello.
After few days of extensive tests I can confirm (on my system) that taskENTER_CRITICAL / taskEXIT_CRITICAL are not enough.
I must wrapping the watchdog trigger code with disable_irq() / enable_irq() macros.
Doing so It seems to woks reliable.
My system has several interrupts, mostly comes form timers and UART.
Thank you so much for the suggestions.
Best regards.
Diego.