While security is a necessary emphasis when designing for the Internet of Things (IoT), what’s often overlooked is the importance of developing systems that are robust enough to recover from failure without human intervention. To ensure this robustness, designers should look closely at the humble watchdog timer (WDT), which now comes in a variety of forms ranging from simple timers to smart, integrated watchdogs.
This article will re-visit the fundamentals of internal and external WDTs before introducing some of the latest WDT devices and how to use them to ensure system robustness.
Why watchdog timers are critical for the IoT
With billions of IoT devices being deployed in the field, it would be impossible for a technician to service them in a timely manner if something goes wrong. As a result, IoT systems must be able to detect and recover from faults on their own without any human intervention.
Watchdogs come in different shapes and sizes, but can generally be categorized as simple timers, windowed timers and smart watchdogs. Watchdogs may exist internally to microcontrollers as hardware and software, externally as hardware, and even as separate microcontrollers with both hardware and software components. At the end of the day, no matter which watchdog solution is used, the sole purpose is to monitor and recover the system. To this end, each watchdog has its own unique characteristics and design challenges that developers need to consider for a robust IoT system design.
Internal watchdog fundamentals
Internal watchdog timers are hardware peripherals that are included in nearly every single microcontroller and can interact with the onboard peripherals and system clock (Figure 1). By default, the internal watchdog timer is disabled and requires a developer to set a predefined period before enabling the watchdog. If the software locks up, or there is a hardware fault that affects the software’s execution, the watchdog timer will expire and force the microcontroller to reset. In the process, it will clear the error and allow the microcontroller to reinitialize the system.
