23.0 Watchdog [T-Series Datasheet]
Overview
The Watchdog feature is used to trigger failsafe and recovery actions in the event of a communication failure. A communication failure is detected when a specified amount of time elapses without any qualifying communications. Recovery actions usually reset the device. Failsafe actions set the IO of the device to specified states.
Some common use cases:
High reliability - Reset the device in the event that it can not be contacted.
Master cutoff - Send a signal to a master cutoff switch. This will protect mechanical systems.
Fail safe - Return the IO to a safe state in the event of communication loss.
Operation
The watchdog is a timer
The heart of the watchdog feature is a timer. That timer will count up until it reaches the specified timeout period. It will then execute any enabled actions. During normal operation the count is is regularly reset by qualifying communications, see below for how to reset the timer.
Short Timeout Periods
Using the reset action and a timeout period which is too short can cause the device to reset too quickly for a host computer to establish a connection. When a USB device resets it takes time for the USB system to re-connect. That delay combined with the constant resets can produce a situation where the device is resetting too quickly for software to connect and clear the watchdog’s timer. LabJack recommends using timeout periods no shorter than 2-3 seconds. A device stuck in this situation can be recovered by using the reset-to-factory jumper—see 11.0 SPC for details.
Multiple timeouts
Once the timer has reached the specified time period, it will perform the specified actions. If one of the actions was to reset the device, then the watchdog will be restarted as part of the bootup procedure. If the watchdog is not configured to reset, then the time period will be reset and the timer will continue to count upwards, and any enabled actions will be repeated if the timer expires a second time.
Startup Delay
A separate timeout can be specified for the first time period. The extra delay provides a host computer extra time to reconnect to the device. The startup timeout WATCHDOG_STARTUP_TIMEOUT_S_DEFAULT is used when the watchdog is enabled, the startup timeout is non-zero, and when the device is first powered on or when the watchdog is changed from a disabled to an enabled state. After the first successful reset of the timer or the first timeout, the normal delay WATCHDOG_TIMEOUT_S_DEFAULT will be used.
It is a good idea to have the startup IO configuration set to a failsafe condition. That will help ensure that, after the device resets, any connected equipment is protected while connection is established with the T-Series device. Keep in mind that there will be a temporary period during bootup where the states of the lines will be unknown. See HERE FOR DETAILS.
Resetting the watchdog’s timer
Also referred to as clearing the timer. There are two options for resetting the watchdog. The first is any successful command-response packet exchange. The timer reset occurs when the response packet is successfully transmitted from the T-Series device. The second is writing the proper code to the WATCHDOG_STRICT_CLEAR register. When the strict mode is enabled, normal command-response exchanges do not reset the watchdog.
Actions
When the timer reaches the timeout period, any combination of the following actions can be executed:
DIO Update - Any combination of the digital IO can be set to desired states and directions.
DAC0 and DAC1 - Set one or both DACs to specified values
Reset IO Configs - Set the IO to startup or factory defaults
Restart the device - Instructs the on-board processor to reboot. This will reset all configuration to startup settings and reset all communication interfaces.
Startup behavior
All watchdog settings are saved as startup settings. This behavior is indicated by _DEFAULT in the register names. Once activated, the watchdog will be enabled every time the T-Series device boots up.
The _DEFAULT registers are saved to flash. Writing to them too frequently can wear out the flash memory’s write-erase cycle life.
When Using Stream
Normal spontaneous stream data does not reset the Watchdog timeout. Write periodic command-response communication to reset the Watchdog timeout. For the difference between command-response and stream, see the Communication section.