Board: MSP-EXP432P401R
MCU: MSP432P401R
How do I count the number of times the watchdog timer has been reset?
Can anyone help me in this.
Write code to detect that a watchdog reset has occurred. The microcontroller may have a register flag that indicates the reason for the previous reset (e.g., hard, soft, brown-out, watchdog, etc.). Look for this register flag in the reset or power control registers in your microcontroller's reference manual. Read this register flag during system initialization to detect that a watchdog reset occurred. Or alternately, enable the watchdog reset interrupt handler to detect that a watchdog reset is occurring.
When a watchdog reset is detected, increment a counter variable and save the counter value to nonvolatile memory. Read/restore the watchdog counter value from nonvolatile memory during system initialization or before incrementing the count. Saving the count value in nonvolatile memory allows the count value to be remembered through a power loss.
TI don't make it easy to find the documentation! The MSP432FR401 datasheet has a broken link to the reference manual. I can only find copies at various non-TI sites such as this. YMMV.
Section 3.3.2 and 3.3.5 describe the hard and soft reset status registers respectively. The one you need depends on how you have configured the watchdog timer (section 4.11.3).
The reset sources are device specific and not explicitly stated in the general user manual. It refers you to the datasheet. Unfortunately as far as I can find, the promised information is not there either! I suggest that you experiment and read the register on start-up following a reset and determine which bit is unique to a watchdog reset rather than say a power-on reset. (To be honest however I'd also suggest not using a part so poorly documented and supported).
If you can determine which RSTCTL_HARDRESET_STAT/RSTCTL_SOFTRESET_STAT bit relates specifically to a watchdog reset, you can test it on start-up and increment your counter. Neither your board or MCU have any convenient non-volatile storage for such a counter. If you only need to count watchdog resets whilst continuously powered, you can keep the counter in a reserved location in SRAM (a specific address not initialised on start-up and not available to the linker to locate data objects), but if you want a "lifetime" count, then you may need to dedicate an entire 4K flash sector to the counter (and deal with the flash endurance issue - that probably warrants a new question if it is relevant).
Related
I am working on MM32Spin05 MCU. After power on, all 6 flags in the RCC(Reset and Clock Control) register are getting set.
After a reset, the default value of this register should be 0X XC000000.
But I am observing it as 0X FC000000.
I am not doing anything with respect to the watchdog timers, or the low power module or the s/w reset.
I have a requirement, that, if a software reset is done, a certain page in the flash memory is to be cleared. But on boot up, the flag is set for reasons unknown to me and hence, the flash memory page is getting cleared.
I am actually doing a Power Reset. I am turning off and then turning on the power supply to the MCU. On boot-up, the Software Reset flag is set and hence, according to my code, it is triggering the flash memory page erase. The Flash memory page should be erased ONLY on a software reset, not a power reset. Immediately after the MCU boots up, I print the RCC_CSR Register value, and see that all 6 flags are set.
LPWRRSTF: Low power reset flag
WDGRSTF: Window watchdog reset flag
IWDGRSTF: Independent watchdog reset flag
SFTRSTF: Software reset flag
PORRSTF: POR/PDR reset flag
PINRSTF: PIN reset flag
I am confused, as to why, a power reset is causing the software reset flag to set?
I am stuck on this for more than a week and am fully clueless about it. Any help or suggestions would be highly welcome.
Thanks in Advance
As the manual says, the top 4 bits are "don't care" on power-on (or pin) reset, and they can have any value.
Only if none of PORRSTF and PINRSTF are set, the other bits are relevant.
Even then you need to read the manual carefully to understand the conditions of these bits. There might be more to do than a simple single-bit check.
how can I determine whether the power up is because power cut Or reset
I am working on STM32L152ZE
Regards,
Look up the datasheet for your processor.
Find the system status registers. There will be one that signifies the reason for boot up (for example, in a PIC, there is one that has bits indicating whether the boot was due to a watchdog timer, reset line, etc.)
Interrogate this register to find your answer.
The STM32L100/151/152/162 User Manual section section 6.3.14 describes the RCC_CSR register which has bit flags for all reset causes including Power On/Power Down Reset.
I am coding a simple game and trying to test it on an MSP430F5529 microcontroller. The problem I have encountered is relating to the watchdog timer.
The code I have written causes a device reset, which is an indication of a watchdog timer issue. I assume I need to stop it even before the first line of my main code, some sort of pre-initialisation code. Am I on the right track by sayin that or may the problem lie some other sections of the code as well?
To make it more clear, my main code is as follows (in simple form):
Stop the watchdog timer.
Initialize the board (GPIO pins).
Set up the Vcore voltage for CPU.
Set up the reference crystal (XTAL).
Set up the system clock.
Enable interrupts (globally).
Set up real time clock (RTC).
Set up LCD display.
Initialize the buttons.
Wait in an appropriate LPM mode for the user input.
As far as I am concerned, this sequence of code should be right.
Here are some thoughts. You must explicitly disable the watchdog if you do not plan on feeding it. You shouldn't have to do this in the pre-init code (unless you personally modified the pre-init code and made it longer to execute). Doing it at the beginning of main should be OK barring the following case. There's the possibility that having static arrays may force them to be initialized to zero in the pre-init code. If they are large, that could take some time, maybe enough to have the watchdog trigger before getting out of the pre-init code. Also, on at least some MSP430s, you must unlock the Clock registers with a password before writing to them. If you don't, the chip will reset.
Here is a link discussing watchdog in pre-init code if you haven't seen it already:
http://e2e.ti.com/support/microcontrollers/msp430/f/166/t/267695.aspx
I need to implement the following feature for my device running embedde linux on a 200mhz MIPS cpu:
1) if a reset button is pressed and held for less then a second - proceed with reboot
2) if a reset button is pressed and held for at least 3 sec. - restore the system's configuration with default values from NVRAM and then reboot.
I'm thinking of two ways:
1) a daemon that constantly polls the button's state with proper timings via GPIO ioctls
(likely too big overhead, lots of context switching ?)
2) simple char driver polling the button, measuring timings and reporting the state, for example, via /proc to user space where daemon or a shell script can check and do what's required.
And for both cases I have no idea how to measure the time :(
What would you suggest/recommend?
You have to implement those in hardware. The purpose of the "restore defaults from NVRAM" is to restore a so-called "bricked" device.
For example, what if an NVRAM seting is modified (cosmic ray?) such that the device cannot boot? In that case, your proposed button-polling daemon will never execute.
For the one-second held reboot, use an RC (resistor + capacitor) circuit to "debounce" the button press. Select an RC time constant which is appropriate for the one second delay. Use a comparator watching the RC voltage to signal the RESET pin on the MIPS cpu.
For the three-second press functionality (restore NVRAM defaults), you have to do something more complicated, probably.
One possibility is to put a tiny PIC microcontroller into the reset circuit, but only use a microcontroller with fuse (non-erasable) ROM, not NVRAM.
An easier possibility is to have a ROM containing defaults on the same circuit and bus as the NVRAM. A J/K flip-flop latch can become part of your reset circuitry. You'll also need a three-second-tuned RC circuit and comparator. On sub-three-second presses, the flip-flop should latch a 0 output and on three-second-plus presses, the 2nd RC circuit should trigger the comparator after 3 seconds and present a 1 to the J/K latch, which will toggle its output.
The flip-flop output Q will store the single bit telling your circuit whether this reset cycle was subsequent to a three-second push. If so, that output Q is driving the chip select to the NVRAM and Q* is driving the chip select to ROM. (I assume chip select is negative logic on both NVRAM and ROM chips.)
Then when your CPU boots, it will fetch the settings from either the NVRAM or the ROM, depending on the chip select line.
Your boot code can detect that it booted with ROM chip select, and can later reset the J/K flip-flop with a GPIO line. Then the CPU will be able to write good values back into the NVRAM. That unbricks the device, hopefully.
You want to use ROM that is not erasable or reusable. That kind of ROM is the most resistant to static electricity, power supply trouble, and radiation. Radiation is much more present than we generally realize, and the amount of cosmic ray flux is multiplied by taking a device onboard an airliner, for example.
I am not familiar with the MIPS processor and the GPIO/interrupt capabilities of the pin that you could be using but a possible methodology could be as follows.
Configure the input pin as an interrupt input.
When the interrupt fires disable the interrupt and start a short 100ms-ish timer
When the timer triggers check that the button is still pressed (for debounce). If it is not then re-enable the GPIO interrupt and restart, otherwise set the timer to re-trigger after the 3 second timeout.
When the timer triggers this time then if the button is not pressed then do your reboot otherwise reset the system configuration and reboot.
If the pin cannot provide an interrupt then step 1 will be a polling task to look at the input.
The time between the reset button being pressed and the full reset process being run will always be 3 seconds from a debounced button press. In a reset situation this may not be important particularly if as part of step 3 you make it apparent to the user that a reset sequence has started - blank the display for example.
If you want to do this in software, you need to put this in kernel (interrupt) code, rather than in a shell script or daemon. The better approach would be to put this in hardware.
In my experience, the likely reason for resetting the device will be bad user code which has locked or bricked the processor. If the issue is a corruption of memory due to RF energy or something of that nature, you may require hardware or an external (hardened) processor to reflash the device and fix the problem.
In the bad-user-code case, processor interrupts and kernel code should continue to run, while user code may be completely stalled. If you can poll the pin from an interrupt, you stand a much better chance of actually getting the reset you expect. Also, this enables you to do event-driven programming, rather than constantly polling the pin.
One other approach (not to the specs you listed, but a popular method for achieving the same goal) would be to have the startup routines check a GPIO line, and hold a button down when you want to re-initialize the device. On most embedded Linux devices which I've seen, the "Reset" button is wired to a dedicated reset pin on the microcontroller, and not to a GPIO pin. You may have to go with this route, unless you want to start cutting traces.
Can anyone tell me whether we should enable or disable watch dog during the startup/boot code executes? My friend told me that we usually disable watch dog in the boot code. Can anyone one tell me what is the advantage or disadvantage of doing so?
It really depends on your project. The watchdog is there to help you ensure that your program won't get "stuck" while executing code. -- If there is a chance that your program may hang during the boot-procedure, it may make sense to incorporate the watchdog there too.
That being said, I generally start the watchdog at the end of my boot-up procedures.
Usually the WD (watchdog) is enabled after the boot-up procedure, because this is when the program enters its "loop" and periodically kicks the WD. During boot-up, by which I suppose you mean linear initialization of hardware and peripherals, there's much less periodicity in your code and hard to insert a WD kicking cycle.
Production code should always enable the watchdog. Hobby and/or prototype projects are obviously a special case that may not require the watchdog.
If the watchdog is enabled during boot, there is a special case which must be considered. Erasing and writing memory take a long time (erasing an entire device may take seconds to complete). So you must insure that your erase and write routines periodically service the watchdog to prevent a reset.
If you're debugging, you want it off or the device will reboot on your when you try to step through code. Otherwise it's up to you. I've seen watchdogs save projects' butts and I've seen watchdogs lead to inadvertent reboot loops that cause customers to clog up the support lines and thus cost the company a ton.
You make the call.
The best practice would be to have the watchdog activate automatically on power up. If your hardware is not designed for that then switch it on as soon as possible. Generally I set the watchdog up for long duration during boot up but once I am past boot up I go for a short time out and service the watchdog regularly.
You might not always be around to reset a board that hanged after a plant shut down and restart at a remote location. Or the board is located in a inaccessible basement crawl space and it did not restart after a power dip. Lab easy practices is not real world best practices.
Try and design your hardware so that your software can check the reset cause at boot up and report. If you get a watchdog timeout you need to know because it is a failure in your system and ignoring it can cause problems later.
It is easier to debug with the watchdog off but during development regularly test with the watchdog on to ensure everything is on track.
I always have it enabled. What is the advantage of disabling it? So what if I have to reset it during the bootup code?
Watchdogs IMHO serve three two, but distinct, primary purposes, along with a third, less-strongly-related purpose: (1) Ensure that in all cases where the system is knocked out of whack, it will recover, eventually; (2) Ensure that when hardware is enabled which must not go too long without service, anything that would prevent such servicing shuts down the system, reasonably quickly; (3) Provide a means by which a system can go to sleep for awhile, without sleeping forever.
While disabling a watchdog during a boot loader may not interfere with purpose #2, it may interfere with purpose #1. My preference is to leave watchdogs enabled during a boot loader, and have the boot loader hit the watchdog any time something happens to indicate that the system is really supposed to be in the boot loader (e.g. every time it receives a valid boot-loader-command packet). On one project where I didn't do this, and just had the boot loader blindly feed the watchdog, static zaps could sometimes knock units into bootloader mode where they would sit, forever. Having watchdog kick the system out of the boot loader when no actual boot-loading is going on alleviates that problem.
Incidentally, if I were designing my 'ideal' embedded-watchdog circuit, I would have a hardware-configurable parameter for maximum watchdog time, and would have software settings for 'requested watchdog time' and 'maximum watchdog time'. Initially, both software settings would be set to maximum; any time the watchdog is fed, the time would be set to the minimum of the three settings. Software could change the 'requested watchdog time' any time, to any value; the 'maximum watchdog time' setting could be decreased at any time, but could only be increased via system reset.
BTW, I might also include a "periodic reset" timer, which would force the system to unconditionally reset at some interval. Software would not be able to override the behavior of this timer, but would be able to query it and request a reset early. Even systems which try to do everything right with a watchdog can still fall into states which are 'broken' but the watchdog gets fed just fine. If periodic scheduled downtime is acceptable, periodic resets can avoid such issues. One may minimize the effect of such resets on system usefulness by performing them early whenever it wouldn't disrupt some action in progress which would be disrupted. For example, if the reset interval is set to seven hours one could, any time the clock got down to one hour, ask that no further actions be requested, wait a few seconds to see if anyone tried to send an action just as they were asked to stop, and if no actions were requested, reset, and then invite further requests. A request which would have been sent just as the system was about to reset would be delayed until after the reset occurred, but provided no requests would take longer than an hour to complete, no requests would be lost or disrupted.
Fewer transistors switching, I suppose, so minuscule power savings. Depending on how much you sleep, this might actually be a big savings. Your friend might be referring to the practice of turning off the WDT when you're actually doing something, then turning it on when you sleep. There's a nice little point that Microchip gives about their PICs:
"If the WDT is disabled during normal operation (FWDTEN = 0), then the SWDTEN bit (RCON<5>) can be used to turn on the WDT just before entering Sleep mode"