23.0 Watchdog [T-Series Datasheet]

Introduction

The Watchdog feature is used to trigger failsafe and recovery actions in the event of a communication failure. A communication failure is detected when a specified amount of time elapses without any qualifying communications. Recovery actions usually reset the device. Failsafe actions set the IO of the device to specified states.

Some common use cases:

• High reliability - Reset the device in the event that it can not be contacted.

• Master cutoff - Send a signal to a master cutoff switch. This will protect mechanical systems.

• Fail safe - Return the IO to a safe state in the event of communication loss.

Operation

The watchdog is a timer

The heart of the watchdog feature is a timer. That timer will count up until it reaches the specified timeout period. It will then execute any selected actions. During normal operation the count is is regularly reset by qualifying communications, see below for how to reset the timer.

Using the reset action and a timeout period which is too short can cause the device to reset too quickly for a host computer to establish a connection. When a USB device resets it takes a little time for USB to re-connect. That delay combined with the constant resets can produce a situation where the device is resetting too quickly for software to connect and clear the watchdog’s timer. LabJack recommends using timeout periods no shorter than 2-3 seconds.

The Watchdog timeout can be set as low as 1 second—but such a low value can prevent the device from communicating if reset is enabled. For example, when a USB device resets it takes a little time for USB to re-enumerate and software to be able to talk to the device again, so you could get in a situation where the device keeps resetting so often that you can't start talking to it again. A device stuck in this situation can be recovered by using the reset-to-factory jumper—see 11.0 SPC for details.

Multiple timeouts

Once the timer has reached the specified time period, it will perform the specified actions. If one of the actions was to reset the device, then the watchdog will be restarted as part of the bootup procedure. If the watchdog is not configured to reset, then the time period will be reset and the timer will continue to count upwards, and any enabled actions will be repeated if the timer expires a second time.

Startup Delay

A separate timeout can be specified for the first time period. The extra delay provides a host computer extra time to reconnect to the device. The startup timeout WATCHDOG_STARTUP_TIMEOUT_S_DEFAULT is used when the watchdog is enabled, the startup timeout is non-zero, and when the device is first powered on or when the watchdog is changed from a disabled to an enabled state. After the first successful reset of the timer or the first timeout, the normal delay WATCHDOG_TIMEOUT_S_DEFAULT will be used.

It is a good idea to have the startup IO configuration set to a failsafe condition. That will help ensure that, after the device resets, any connected equipment is protected while connection is established with the T-Series device. Keep in mind that there will be a temporary period during bootup where the states of the lines will be unknown. See HERE FOR DETAILS.

Resetting the watchdog’s timer

Also referred to as clearing the timer. There are two options for resetting the watchdog. The first is any successful command-response packet exchange. The timer reset occurs when the response packet is successfully transmitted from the T-Series device. The second is writing the proper code to the WATCHDOG_STRICT_CLEAR register. When the strict mode is enabled, normal command-response exchanges do not reset the watchdog.

Actions

When the timer reaches the timeout period, any combination of the following actions can be executed:

• DIO Update - Any combination of the digital IO can be set to desired states and directions.

• DAC0 and DAC1 - Set one or both DACs to specified values

• Reset IO Configs - Set the IO to startup or factory defaults

• Restart the device - Instructs the on-board processor to reboot. This will reset all configuration to startup settings and reset all communication interfaces.

Startup behavior

All watchdog settings are saved as startup settings. This behavior is indicated by _DEFAULT in the register names. Once activated, the watchdog will be enabled every time the T-Series device boots up.

The _DEFAULT registers are saved to flash. Writing to them too frequently can wear out the flash memory’s write-erase cycle life.

When Using Stream

Normal spontaneous stream data does not reset the Watchdog timeout. Write periodic command-response communication to reset the Watchdog timeout. For the difference between command-response and stream, see the Communication section.

Registers

Examples

• Reset after no communication for 60 seconds

• Set FIO0 to output low after a 15 second timeout

• Set all IO to power up defaults with strict resets enabled and a 10 second timeout

• Set DAC1 to 2.1 volts and use a startup delay

Example: Reset after no communication for 60 seconds

This configuration is often used when high reliability is required. This will reset the device when communication is lost.

To configure the watchdog, write to the registers in this order:

1. WATCHDOG_ENABLE_DEFAULT=0        // Disable the Watchdog

2. WATCHDOG_TIMEOUT_S_DEFAULT=60    // Set the timeout in seconds

3. ATCHDOG_RESET_ENABLE_DEFAULT=1  // Enable reset upon timeout

4. WATCHDOG_ENABLE_DEFAULT=1        // Enable the Watchdog

The watchdog is now operating and will be enabled every time the device boots up. The watchdog will timeout if does not receive any valid communications over a 60 second period. Once the timeout occurs the action taken will be to reset (reboot) the T-Series DAQ device.

The power up defaults for all of the IO will be loaded during the reboot process. Use the IO Config system to configure the power-up defaults as desired.

Example: Set FIO0 to output low after a 15 second timeout

This configuration can be used to trigger a master cutoff or other actions.

Configure the watchdog by writing to the registers in this order:

1. WATCHDOG_ENABLE_DEFAULT=0        // Disable the Watchdog

2. WATCHDOG_TIMEOUT_S_DEFAULT=15    // Set the timeout in seconds

3. WATCHDOG_DIO_ENABLE_DEFAULT=1  // Enable DIO update upon timeout

4. WATCHDOG_DIO_INHIBIT_DEFAULT=0xFFFFE  // set the IO mask to allow changes only to FIO0.

5. WATCHDOG_DIO_DIRECTION_DEFAULT=1 // Set FIO0 to output

6. WATCHDOG_DIO_STATE_DEFAULT=0  // Set FIO0 to low.

7. WATCHDOG_ENABLE_DEFAULT=1        // Enable the Watchdog

The watchdog is now operating and will be enabled every time the device boots up. The watchdog will timeout if does not receive any valid communications over a 15 second period. Once the timeout occurs the action taken will be to FIO0 to output low, see this section for more information about how to configure the INHIBIT, DIRECITON and STATE registers.

Example: Set all IO to power up defaults with strict resets enabled and a 10 second timeout

This configuration can be used to set all IO to startup defaults which should be configured to a failsafe state. Additionally, only writes to the strict register will reset the timer.

Configure the watchdog by writing to the registers in this order:

1. WATCHDOG_ENABLE_DEFAULT=0        // Disable the Watchdog

2. WATCHDOG_TIMEOUT_S_DEFAULT=10    // Set the timeout in seconds

3. WATCHDOG_ADVANCED_DEFAULT=2  // Enable setting the IO to startup defaults

4. WATCHDOG_STRICT_ENABLE_DEFAULT = 1 // Turn on strict clears

5. WATCHDOG_STRICT_KEY_DEFAULT=1234 // Set strict key

6. WATCHDOG_ENABLE_DEFAULT=1        // Enable the Watchdog

The watchdog is now operating and will be enabled every time the device boots up. The timer will expire after 10 seconds even if normal communication is occurring. 1234 must be written to WATCHDOG_STRICT_CLEAR at regular intervals to prevent the watchdog from timing out.

When the timeout expires all of the IO will be set the startup defaults.

Example: Set DAC1 to 2.1 volts and use a startup delay

This configuration can be used to set all IO to startup defaults which should be configured to a failsafe state. Additionally, only writes to the strict register will reset the timer.

Configure the watchdog by writing to the registers in this order:

1. WATCHDOG_ENABLE_DEFAULT=0        // Disable the Watchdog

2. WATCHDOG_TIMEOUT_S_DEFAULT=5    // Set the timeout in seconds

3. WATCHDOG_STARTUP_DELAY_S_DEFAULT = 50 // Set the startup delay in seconds

4. WATCHDOG_DAC1_ENABLE_DEFAULT = 1 // Turn on DAC1 update

5. WATCHDOG_DAC1_DEFAULT = 2.1 // Set the voltage that DAC1 will be set to

6. WATCHDOG_ENABLE_DEFAULT=1        // Enable the Watchdog

The watchdog is now operating and will be enabled every time the device boots up. The first timeout after bootup or writing 1 to WATCHDOG_ENABLE_DEFAULT will be set to 50 seconds. The first successful communication will set the timer to zero and the timeout to 5 seconds.

When the timer expires DAC1 will be set to 2.1 volts.