WO2001024006A1 - Embedded computer system and method with dual watchdog timer - Google Patents

Embedded computer system and method with dual watchdog timer Download PDF

Info

Publication number
WO2001024006A1
WO2001024006A1 PCT/US2000/025428 US0025428W WO0124006A1 WO 2001024006 A1 WO2001024006 A1 WO 2001024006A1 US 0025428 W US0025428 W US 0025428W WO 0124006 A1 WO0124006 A1 WO 0124006A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
counter
value
recovery signal
signal
system
Prior art date
Application number
PCT/US2000/025428
Other languages
French (fr)
Inventor
Raymond Brinks
Kaido Kevvai
Andrus Aaslaid
Jüri-Henrik PÕLDRE
Gustav Poola
Original Assignee
Zf Linux Devices, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy
    • G06F11/0754Error or fault detection not based on redundancy by exceeding limits
    • G06F11/0757Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs

Abstract

Dual watchdog timer [Fig.2] and method for recovering a computer system in the event of a problem. A first counter (21) is advanced from an initial value toward a final value, and a first recovery signal is delivered if the final value is reached. If the system is functioning properly, the first counter is reset periodically to the initial value so that the first recovery signal will not be delivered. A second counter (23) is advanced from an initial value toward a second value in response to the first recovery signal, and a second recovery signal is delivered if the second value is reached. The second counter will not reach the second value and deliver the second recovery signal if proper operation of the system is restored before the second count is reached. The recovery signals are utilized as a software interrupt and/or as a hardware reset signal.

Description

EMBEDDED COMPUTER SYSTEM AND METHOD WITH DUAL WATCHDOG TIMER

This invention pertains generally to embedded computer systems and, more particularly, to an embedded computer system and method having a dual watchdog timer.

U.S. Patent 5,742,844 discloses an embedded computer module in a package the size of an integrated circuit, with the functionality of a desktop computer. The module includes an Intel X86 processor, serial and parallel interfaces, drive controllers, a keyboard interface, a DRAM interface and flash memory.

A more recently developed system includes a complete processor and peripheral subsystem on a single chip, with the only external components being a clock, SDRAM and a flash memory containing system start-up code (BIOS) and/or application software.

Such systems typically include a watchdog timer which checks for problems in the operation of the system and produces a signal in the event of an error condition. The timer counts down toward zero and is periodically reset to a predetermined level if the system is functioning properly. If a problem occurs, the timer is not reset, and when the count reaches zero, the timer delivers an output signal that can be utilized to initiate action to recover the system. With a conventional watchdog timer, there is only one output signal and one chance to recover the system. It is in general an object of the invention to provide a new and improved watchdog timer and method for use in an embedded computer system.

Another object of the invention is to provide a watchdog timer and method of the above character overcome the limitations and disadvangates of watchdog timers heretofore provided.

These and other objects are achieved in accordance with the invention by providing a dual watchdog timer and method in which a first counter is advanced from an initial value toward a final value, and a first recovery signal is delivered if the final value is reached . If the system is functioning properly, the first counter is reset periodically to the initial value so that the first recovery signal will not be delivered. A second counter is advanced from an initial value toward a second value in response to the first recovery signal, and a second recovery signal is delivered if the second value is reached. The second counter will not reach the second value and deliver the second recovery signal if proper operation of the system is restored before the second count is reached. The recovery signals are utilized as a software interrupt and/or as a hardware reset signal.

Figure 1 is a block diagram of one embodiment of an embedded computer system with a watchdog timer incorporating the invention.

Figure 2 is a block diagram of the watchdog timer in the embodiment of

Figure 1 .

The embedded computer system illustrated in Figure 1 is constructed on a single chip 10 packaged in a 35 mm, 388 pin ball grid array (not shown) . The system includes a processor core 1 1 which in one embodiment comprises a standard X86 processor (e.g., Intel 386) with an integrated floating point co-processor and 8K bytes of write-back level 1 cache. The system also includes a north bridge system controller 1 2 with a frontside PCI interface and an SDRAM interface, and a south bridge controller 1 3 having a frontside PCI interface to the north bridge controller and a backside PCI system interface. The south bridge controller also has an enhanced ICE controller which supports two devices on a single channel, a USB controller with two hub ports, a real time clock, a floppy disk controller, serial ports, an access bus, a keyboard and mouse controller, a parallel port, general purpose programmable l/O's and counters, PC/AT system components, and power management. The PC/AT system components include DMA controllers, interrupt controllers, a system timer, and an ISA bus interface.

A logic module 14 is connected internally to the ISA bus and uses external pads on the chip to control external devices. This module includes general purpose and specific chip selects, a watchdog timer, and a flash controller.

A BIOS update ROM (BUR) 1 6 on the chip contains the minimal necessary code to read data into the chip and to update an externally connected flash memory device 1 7. The connection between the chip and the flash memory device can be made either via a serial port or by multiplexing the floppy disk drive interface between the floppy disk drive and the flash memory device. The serial connection utilizes a standard UART1 embedded in the chip, and allows a remote PC with special host software or to access the flash device to do the update. This approach can be used only in applications where the serial port is not hardwired to an external device and where access to the serial port is physically possible. The use of the floppy disk drive interface for the flash memory is disclosed in detail in Serial No. , filed of even date.

As illustrated in Figure 2, the watchdog timer includes a first counter 21 which counts down from a preset value and delivers an output signal when the count reaches zero. When the system is operating normally, the counter periodically receives an input signal WDI which resets the count to the preset value and thereby prevents the output signal from being generated . The output signal is applied to a demultiplexer 22 and can be utilized either as a software interrupt (e.g., NMI, SCI or SMI) or as a hardware RESET signal.

The output signal from the first counter is also applied to the ENABLE input of a second counter 23. This counter counts down from its own preset value and delivers an output signal when the count in it reaches zero. If the problem which caused the output signal to be generated by counter 21 is corrected before the count in counter 23 reaches zero, counter 21 will be reset to the preset value, and counter 23 will be disabled and will not deliver its output signal.

The counts in the two counters are decremented at the same rate in response to clock signals supplied by the system, although counter 21 is preferably a larger counter and is preset to a higher count than counter 23.

In one present embodiment, for example, the clock pulses are supplied at a rate of 32 KHz, counter 21 is a 1 6-bit register, and counter 23 is an 8-bit register. In this example, counter 21 has a maximum period of 64 seconds, and counter 23 has a maximum period of 29 milliseconds.

The register which sets the counter timeout for counter 21 (WD1 ) is configured as follows:

Figure imgf000005_0001

The register which sets the counter timeout for counter 23 (WD2) is configured as follows:

Figure imgf000006_0001

The control register for the watchdog timer is configured as follows:

Figure imgf000006_0002

Bits 7-4 select the action which is taken when counter 21 reaches zero. Bits 3 and 2 enable the watchdog counters. Bit 1 enables the external load signal, and Bit 0 selects the external load signal polarity.

The register which controls the loading of the two counters from their count registers is configured as follows:

Figure imgf000007_0001

Status bits save the history of the watchdog timer in a register which is configured as follows:

Figure imgf000007_0002

The status register is not reset by the POWER-ON RESET (POR) signal, but the bits can be reset by writing any value to the register.

Operation and use of the dual watchdog timer, and therein the method of the invention, is as follows. Counter 21 counts down continuously in response to the clock signal applied to it, and during normal operation of the system, it is reset periodically before it reaches zero. In the event of a problem, counter 21 is not reset, and when the count in it reaches zero, it generates an output signal which can be utilized either as a software interrupt or as a hardware reset. The output signal from counter also starts counter 23 counting down from its preset value toward zero. If the count reaches zero, counter 23 also generates an output signal which is used as a hardware reset which should always recover the system. If the problem is corrected before the count reaches zero, counter 21 is reset, and counter 23 is disabled so that the second output signal is not generated.

The invention has a number of important features and advantages. It checks for possible hardware failures and program bugs which make the system uncontrollable and generates signals to initiate corrective action. With two counters or timers, it can generate two output signals, one of which can be utilized as a software interrupt, and the other can be used as a hardware reset in the event that the software is unable to correct the problem.

It is apparent from the foregoing that a new and improved watchdog timer and method have been provided. While only certain presently preferred embodiments have been described in detail, as will be apparent to those familiar with the art, certain changes and modifications can be made without departing from the scope of the invention as defined by the following claims.

Claims

1 . A watchdog timer for initiating action to recover a computer system in the event of a problem, comprising a first counter which counts from an initial value toward a final value and delivers a first recovery signal if the final value is reached, means responsive to proper operation of the system for resetting the first counter to the initial value before the final value is reached so that the first recovery signal is not delivered when the system is functioning properly, a second counter which begins counting from an initial value toward a second value in response to the first recovery signal and delivers a second recovery signal if the second value is reached, and means for preventing the second counter from reaching the second value and delivering the second recovery signal if proper operation of the system is restored before the second count is reached .
2. The watchdog timer of Claim 1 wherein the first recovery signal is a software interrupt signal, and the second recovery signal is a hardware reset signal.
3. A method of initiating action to recover a computer system in the event of a problem, comprising the steps of: advancing a first counter from an initial value toward a final value, delivering a first recovery signal if the final value is reached, resetting the first counter to the initial value before the final value is reached if the system is functioning properly so that the first recovery signal will not be delivered, advancing a second counter from an initial value toward a second value in response to the first recovery signal, delivering a second recovery signal if the second value is reached, and preventing the second counter from reaching the second value and delivering the second recovery signal if proper operation of the system is restored before the second count is reached .
4. The method of Claim 3 wherein the first recovery signal is utilized as a software interrupt, and the second recovery signal is utilized as a hardware reset signal.
PCT/US2000/025428 1999-09-27 2000-09-14 Embedded computer system and method with dual watchdog timer WO2001024006A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US40504299 true 1999-09-27 1999-09-27
US09/405,042 1999-09-27

Publications (1)

Publication Number Publication Date
WO2001024006A1 true true WO2001024006A1 (en) 2001-04-05

Family

ID=23602052

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/025428 WO2001024006A1 (en) 1999-09-27 2000-09-14 Embedded computer system and method with dual watchdog timer

Country Status (1)

Country Link
WO (1) WO2001024006A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2835330A1 (en) * 2002-01-31 2003-08-01 Siemens Ag Method and circuit arrangement for monitoring the operation of a processor
GB2415271A (en) * 2004-06-16 2005-12-21 Sendo Int Ltd Computing device with watchdog timer
US7774648B2 (en) 2007-05-02 2010-08-10 Honeywell International Inc. Microprocessor supervision in a special purpose computer system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6012154A (en) * 1997-09-18 2000-01-04 Intel Corporation Method and apparatus for detecting and recovering from computer system malfunction

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6012154A (en) * 1997-09-18 2000-01-04 Intel Corporation Method and apparatus for detecting and recovering from computer system malfunction

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2835330A1 (en) * 2002-01-31 2003-08-01 Siemens Ag Method and circuit arrangement for monitoring the operation of a processor
GB2415271A (en) * 2004-06-16 2005-12-21 Sendo Int Ltd Computing device with watchdog timer
US7774648B2 (en) 2007-05-02 2010-08-10 Honeywell International Inc. Microprocessor supervision in a special purpose computer system

Similar Documents

Publication Publication Date Title
US5978911A (en) Automatic error recovery in data processing systems
US5283792A (en) Power up/power down controller and power fail detector for processor
US4959860A (en) Power-on password functions for computer system
US4747040A (en) Dual operating system computer
US6438687B2 (en) Method and apparatus for improved storage of computer system configuration information
US6122748A (en) Control of computer system wake/sleep transitions
US7149823B2 (en) System and method for direct memory access from host without processor intervention wherein automatic access to memory during host start up does not occur
US6615374B1 (en) First and next error identification for integrated circuit devices
US6119189A (en) Bus master transactions on a low pin count bus
US6874103B2 (en) Adapter-based recovery server option
US6463550B1 (en) Computer system implementing fault detection and isolation using unique identification codes stored in non-volatile memory
US6098132A (en) Installation and removal of components of a computer
US5125093A (en) Interrupt control for multiprocessor computer system
US6018810A (en) Fault-tolerant interconnection means in a computer system
US6785835B2 (en) Raid memory
US6487623B1 (en) Replacement, upgrade and/or addition of hot-pluggable components in a computer system
US5301281A (en) Method and apparatus for expanding a backplane interconnecting bus in a multiprocessor computer system without additional byte select signals
US4914576A (en) Apparatus and method of loading a control store memory of a central subsystem
US5038320A (en) Computer system with automatic initialization of pluggable option cards
US5923838A (en) Microcomputer with built-in flash memory
US20030126498A1 (en) Method and apparatus for functional redundancy check mode recovery
US20030065915A1 (en) Method for initializing computer system
US5237692A (en) Internal interrupt controller for a peripheral controller
US6112164A (en) Computer system thermal management
US6112320A (en) Computer watchdog timer

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase in:

Ref country code: JP