AutoSAR configuration and practice (in-depth) 8.2 WatchDog function of BSW (Part 2)
BSW’s WatchDog function (Part 2)
->Return to general directory<-
1. Ordinary Dogs and Window Watchdogs
Chapter 8.1 mainly introduces the basic functions of Wdg. This chapter mainly introduces the advantages and implementation principles of window dog.
A summary of the functions of window dogs :
It is mainly aimed at defects in ordinary dog feeding, such as misoperation of registers to illegally feed dogs, or recovery after running away. Ordinary dogs cannot effectively detect these abnormalities.
The window dog can detect the above anomalies in most cases, improving the system's error-proofing ability to a certain extent.
As for the difference between window dogs and ordinary dogs , here are a few pictures to show it. I believe it will be easier to understand after seeing it.
scene one:
Analysis:
The system is running normally, and the task is feeding the dog in a normal cycle.
Scene 2: *
Analysis:
System abnormality (such as software runaway), but the application misuses the Wdg register, the system can still run normally. Ordinary dogs cannot detect this illegal dog feeding scenario .
Scene three:
** Analysis: **
Note
-
The window dog is fed in the form of an interrupt, and the timing of feeding the dog must meet a certain window (the example in the figure is 75%-100% of the total timeout period);
-
When the system runs abnormally (such as software running away), but the application can still misoperate the Wdg register, in window dog mode, it is detected that the dog is fed in an invalid window, and it is determined as an error and error processing (such as reset) is taken.
-
Window Dog can detect illegal dog feeding scenes and perform effective protection .
2. Summary of window dog initialization and dog feeding process
- Wdg initialization : The Wdg_<>_ init function is called in the Main function. (Because there may be multiple Wdg, <> is a user-defined name)
Do the following operations in Wdg_<>_ init:
-
Call <>_Wdg_init to initialize the register configuration and make the default timeout, 75% interrupt dog feeding, default Fast/Slow mode (timeout action, dog feeding window) and other configurations effective. At this time, the watchdog has been started.
-
Call <>_ Wdg_ SetTriggerCondition to reset the default timeout count N. Considering the initialization time, the default timeout setting is generally longer.
-
Call <>_Wdta_Trigger to feed the dog for the first time (optional).
-
Load fast/slow dog mode : Call the EcuM_Init function in the Main function, and use WdgIf_SetMode to complete the Wdg mode setting (Fast/Slow).
After completing the corresponding settings, start the OS at the same time.
Note: The setting timing can also be set by WdgM_Main after the OS starts. Some ECUs no longer allow SetMode to be set after Wdg_init is initialized. -
Count reset : After the OS starts, on the one hand, the WdgM main function periodically calls WdgIf_SetTriggerCondition to reset the dog feeding count WdgCnt, and then resets it cyclically (for the dog feeding count calculation method, please refer to the configuration item explanation summary below);
-
Interrupt feeding the dog: On the other hand, Wdg_6_Wdta1_Rb_ServiceWDTA periodically interrupts the feeding the dog.
- The dog feeding count is managed within the interrupt, decrementing it by 1 each time.
- If it is found that the count is not 0, the dog is fed within the interrupt.
- If the dog feeding count is found to be 0, stop feeding the dog and wait for WdgM to reset.
This indicates an abnormality. WgM may be blocked by other tasks and does not reset the count in time.
3. Detailed explanation of Wdg configuration items
Whether to use 75% interrupt (Watchdog 75% ISR): whether to use 75% of the corresponding mode (Fast/Slow) timeout as the interrupt dog feeding time, wdg_init uses the
initial mode (WatchDog default init mode): initial mode (Fast/Slow) , wdg_init uses
Initial timeout : Default timeout, used by wdg_init.
In this example, set 500ms
FastMode timeout (Timeout in fast mode): timeout under FastMode.
This example sets 34 ms.
Wdg responds after detecting an error (watchdog error detection reaction): triggering a reset or entering an NMI interrupt. Note: The error here may refer to feeding the dog during a non-window period, or it may cause a timeout due to not feeding the dog.
This example configures reset.
Interrupt dog feeding cycle (Service Interval): Interrupt the dog feeding cycle. Two things will be done in the interrupt. First, check whether the dog feeding count is 0. If it is not 0, feed the dog. If it is 0, an error response will be triggered.
This example configures 26ms
Setting basis: Since FastMode timeout is 34ms, 75% interrupt is 26ms.
Dog feeding window (window open period): The allowed dog feeding time window.
In this example, it is 25%, that is, the effective dog feeding window for interrupting is 75%-100% of the Fast (Slow) Mode timeout, that is, the dog feeding window is 25.5 ms -34ms. Combined with the above interrupt dog feeding period of 26ms, the dog feeding period is within the window period .
User timeout time (WdgMTrigger Time): The timeout expected by the user determines the final timeout time for timeout action (such as reset). In
this example, it is 75 ms. The mode selected by the trigger dog is the fast dog mode.
Feeding dog count calculation method :
WdgCnt= WdgMTrigger Time/ Service Interval +1, that is, dog feeding count = user timeout/dog feeding period.
The general mechanism of dog feeding and timeout judgment is as follows:
- Poll Reset Count: wdgM Poll Reset WdgCnt
- Polling consumption count: Interrupt dog feeding to consume WdgCnt regularly. If the dog feeding is not completed, keep feeding the dog. When interrupting the dog feeding, it is found that WdgCnt has been consumed, and stop feeding the dog to trigger a timeout.
In this example, Trigger Count =75/26 + 1 = 3;, that is, the dog feeding count is 3 times, and the dog feeding cycle is 26ms, that is, starting from the wdgm scheduling exception that cannot reset the count, it has experienced 3 interrupt cycles: total detection time = 3*26=78ms. Roughly in line with our needs (75ms).
Fourth, the detailed process of the window dog
1. Watchdog initialization : Initialize the watchdog after the system starts. For the initialization process, refer to the aforementioned <Process Summary>
This example defaults to fastmode, timeout time is 500ms, interrupt dog feeding time is 26ms, initial dog feeding count WdgCnt =500/26+1=20 times
2. Periodic reset count : After the OS starts scheduling, it will reset the watchdog in WdgM_MainFunction according to the user timeout and reset it periodically.
In this example, the user timeout is 75ms and the dog feeding count is reset WdgCnt =75/26+1=3
3. Periodic dog feeding : 75% interrupt is generated. During the interrupt, it is found that the dog feeding count is not 0, the dog feeding operation is triggered, and 1 dog feeding count is consumed. The same operation will be performed in each interrupt thereafter.
In this example, the dog feeding count is N=3, and after consumption, N-1=2;
4-5: Normal dog feeding : The system is operating normally, and the dog feeding count is being reset and consumed normally.
6. System scheduling is abnormal , WdgM_MainFcuntion scheduling is lost (may be preempted by other tasks or the system runs away), and Wdg count N cannot be reset.
7. The count continues to be consumed : As the dog feeding interruption occurs, the dog feeding count is still consumed (the reset source is lost, and the count is no longer reset and added).
8. Waiting for timeout : In the third interrupt after the timeout, the dog feeding count was found to be 0, and an exception was detected, so the dog feeding was stopped and waited until timeout
9. Execute the timeout Action . WdgM determines timeout and triggers timeout Action response.
In this example, the Action response is set to reset, so the reset operation is triggered.