Yes, I would wrap the sequence in a critical section if not a full interrupt disable as even with a very high priority interrupt you don’t want to break the pattern and risk getting the dog to trip.
Also, try to access the watchdog from only one task. I often have one
task that monitors all the other tasks, and kicks the watchdog only if
it is happy with everything (for example, it has determined that all the
tasks have executed within their expected time frame, etc.). Having
only one task access reduces the risk of interleaved writes of the key.
One thing worth pointing out is that in my experiance, for most watchdogs the sequence isn’t just first write the first value, and then some time later write the second, but that the two writes need to be very tightly timed to each other, so an interrupt seperating them, even if it doesn’t touch the watchdog, is enough to disrupt the kick of the watchdog. For some processors it needs a very specific instruction sequence, and there is a macro defined that will generate it.
This is why I suggest it should be wrapped in a full interrupt disable.
Thank you for your fast reply.
If I well understood the macro’s taskENTER_CRITICAL() and taskEXIT_CRITICAL() aren’t enough?
Do you suggest to use disable_irq() and enable_irq() instead?
Or not?
taskENTER_CRITICAL is good enough IF there are no other interrupts that might happen that don’t use the FreeRTOS Interrupt API that might still happen. If such an interrupt exists in your system then you want to wrap with a total interrupt disable block (not just taskENTER_CRITICAL).
After few days of extensive tests I can confirm (on my system) that taskENTER_CRITICAL / taskEXIT_CRITICAL are not enough.
I must wrapping the watchdog trigger code with disable_irq() / enable_irq() macros.
Doing so It seems to woks reliable.
My system has several interrupts, mostly comes form timers and UART.
Thank you so much for the suggestions.