One of the simplest and most common fault tolerance mechanisms is the watchdog timer. A watchdog timer is a piece of hardware usually found as a peripheral unit built into a microcontroller unit (MCU). It consists of a timer that counts towards a fixed, predetermined value. The system’s software needs to reset the timer to its original value before it times out. If a time-out occurs, it means the system has become too unresponsive to continue functioning and a system reset is asserted. The choice of the counter’s value needs to strike a balance between being small enough to respond to errors quickly, but big enough to avoid unnecessary resets due to execution variation. Although the basic way to handle a watchdog time-out is to reset the system, other actions can also be taken before the reset such as recording system information for debugging or ensuring the system boots up in a safe mode or state.
Further readings:
Looks great! Can you try and implement the following:
MX_IWDG1_Init**(); to inside the StartCommandHandler(...) and add a bool that will allow the timer to init only once a person has submitted a task, then stay, like this:void StartCommandHandler(void *argument)
{
/* USER CODE BEGIN 5 */
uint16_t command;
/* Infinite loop */
bool init_WD = False;
while(1)
{
if(osMessageQueueGet(CommandQueueHandle, (void*) &command, NULL, osWaitForever) == osOK)
{
if(!init_WD)
{
MX_IWDG1_Init();
init_WD = True;
}
command = command - 48; //From ASCII to int
That way the timer only starts counting once the first task has been sent (This is just for debugging purposes).
[ ] Edit task 1 to Refresh timer at the start of execution, not just ending.
[ ] Edit task 3 to Refresh timer at the start of execution and ending, and reduce the Non-inf loop to run within the time allowed by the timer, so that the following behaviour is acheived:
Task 1: Passive, never triggers a WD reset.
Task 2: Follow-through, always triggers a WD reset.
Task 3: Follow-through, never triggers a WD reset.