MAX20431窗口看门狗的基本知识

资料来源于:
https://www.analog.com/en/technical-articles/the-basics-of-windowed-watchdogs.html

The Basics of Windowed Watchdogs

窗口看门狗的基本知识

Abstract

A watchdog is an important part of a comprehensive system and must be well understood to take full advantage of its functions. Most watchdogs are windowed, which require more precise timing than non-windowed watchdogs but allow for greater capability. Windowed watchdogs can be used by designers to implement features such as power-on extended open windows, latch features, and programmable hold times.
看门狗是一个综合系统的重要组成部分,要充分发挥其功能,必须充分了解它。大多数监视程序都是有窗口的,这比无窗口的监视程序需要更精确的定时,但允许更大的功能。窗口看门狗可以被设计人员用来实现诸如上电扩展打开窗口,锁存功能和可编程保持时间等功能。

Introduction

This application note describes the operation of windowed watchdogs featured in the MAX20478 and MAX20480 family of products. These watchdogs feature programmable extended windows, programmable RESETx hold times, single or consecutive watchdog fault assertions, and RESETx latch capability. This application note provides a more comprehensive understanding of watchdogs and their capabilities.
本应用说明描述了MAX20478和MAX20480系列产品中带有窗口看门狗的操作。这些看门狗具有可编程扩展窗口、可编程RESETx保持时间、单个或连续看门狗故障断言和RESETx锁存能力。本应用说明提供了对监督机构及其功能的更全面的了解。

Basics of Watchdog Operation

A watchdog is a feature that is used in systems to ensure that system-on-chip (SoC) devices or microcontrollers (MCUs) are operating properly. This could mean detecting an SoC that is caught in an infinite loop, is taking too long to perform a task, or even shut down completely. The use of a watchdog in a system requires the SoC to periodically send a signal to the watchdog in a step called servicing/refreshing. Once the SoC has serviced the watchdog, the watchdog has then confirmed proper operation of the SoC and then starts a new cycle in which it waits for another service command from the SoC. If the SoC does not service the watchdog for a duration set by the watchdog, a fault will assert. This operation describes a non-windowed watchdog which will not be addressed in this application note. A windowed watchdog operates in a very similar fashion but features a service cycle that is split into CLOSED and OPEN durations called windows. This requires more precise timing for valid services since a service is only valid at certain times in the windowed cycle.
看门狗是系统中使用的一种功能,用于确保片上系统(SoC)设备或微控制器(MCU)正常工作。这可能意味着检测到一个SoC陷入无限循环,执行任务的时间过长,甚至完全关闭。在系统中使用看门狗需要SoC在称为服务/刷新的步骤中定期向看门狗发送信号。一旦SoC为看门狗提供了服务,看门狗就会确认SoC的正常工作,然后开始一个新的周期,等待来自SoC的另一个服务命令。如果SoC在看门狗设置的持续时间内没有为看门狗服务,则会出现故障。此操作描述了一个非窗口看门狗,该看门狗将不会在本应用说明中提及。窗口看门狗的工作方式非常相似,但其特点是服务周期分为关闭和打开两个持续时间,称为窗口。这需要对有效服务进行更精确的计时,因为服务仅在窗口周期中的特定时间有效。

The duration of these windows is defined by the IC watchdog clock. The watchdog clock is derived from the IC system clock and typically starts at 1/32nd of the system clock which is normally 1.28MHz. Some parts have a programmable WDIV field that allows for this clock to be divided more to allow for longer window times. In the following examples, the watchdog period is 200μs and the equations used are specific to the MAX20478 (Figure 1).
这些窗口的持续时间由IC看门狗时钟定义。看门狗时钟源自IC系统时钟,通常从系统时钟的1/32开始,通常为1.28MHz。一些部件有一个可编程的WDIV字段,允许这个时钟被划分得更多,以允许更长的窗口时间。在下面的示例中,看门狗周期为200μs,所使用的方程是特定于MAX20478的(图1)。
在这里插入图片描述

Figure 1. Examples of combinations of CLOSED and OPEN window lengths according to MAX20478 watchdog equations.
图1所示。根据MAX20478看门狗方程的CLOSED和OPEN窗口长度组合示例。

A watchdog service during an OPEN window of a watchdog cycle is considered a valid service. After a valid service, the OPEN window will immediately transition to a CLOSED window regardless of the time left in the OPEN window. Figure 2 shows an example of a valid watchdog cycle.
在看门狗周期的OPEN窗口期间的看门狗服务被认为是有效的服务。在一个有效的服务之后,打开窗口将立即过渡到一个关闭的窗口,而不管在打开窗口中还剩下多少时间。图2显示了一个有效看门狗周期的示例。
在这里插入图片描述

Figure 2. Valid watchdog refresh during an OPEN window. A new CLOSED and OPEN immediately follows.
图2。在打开窗口期间有效的看门狗刷新。一个新的CLOSED和OPEN紧随其后。
A watchdog service from the SoC in a CLOSED window of a watchdog cycle will be interpreted by the watchdog as a fault. If no service occurs by the time both the CLOSED and OPEN windows have elapsed, the watchdog asserts a fault. To understand how CLOSED windows operate in windowed watchdogs, extended windows must first be explored.
在看门狗周期的CLOSED窗口中,来自SoC的看门狗服务将被看门狗解释为故障。如果在CLOSED和OPEN窗口都经过的时候没有服务发生,看门狗就断言有错误。要了解CLOSED窗口如何在窗口监视程序中运行,必须首先探索扩展窗口。

Extended Windows

扩展窗口
In most systems, SoCs and MCUs require additional time to power on or to perform other more important tasks than servicing the watchdog. As a result, it’s possible a system will fail a normal windowed watchdog frame with a CLOSED and OPEN window. To address this, ADI products feature extended windows. These windows occur at first power-on and after every RESETx assertion and operate as an OPEN window where a service at any time during the window duration is considered valid.
在大多数系统中,soc和mcu需要额外的时间来上电或执行其他比维护看门狗更重要的任务。因此,系统可能会在具有CLOSED和OPEN窗口的正常窗口看门狗框架中失败。为了解决这个问题,ADI产品具有扩展窗口的功能。这些窗口在第一次上电和每次RESETx断言之后出现,并作为OPEN窗口运行,在该窗口持续时间内的任何时间服务都被认为是有效的。
During normal operation, with a valid watchdog service in the OPEN window, the watchdog will immediately start a new cycle after a valid refresh. This means a new CLOSED window followed by an OPEN window. In a watchdog with extended windows, if any fault occurs, the watchdog will immediately stop whatever window it is currently in and start a new extended window after the RESETx hold time has elapsed. This extended window does not have a CLOSED duration and will accept any watchdog service as valid for the duration of the window. If the watchdog is serviced in this window, the extended window is immediately stopped, and a normal CLOSE/OPEN cycle follows. If the watchdog is not serviced in the extended window, RESETx will assert for the hold time and another extended window will follow. This repeats until the watchdog is serviced.
在正常操作过程中,如果OPEN(打开)窗口中有一个有效的看门狗服务,看门狗将在有效刷新后立即开始新的周期。这意味着一个新的CLOSED(关闭)窗口后面跟着一个OPEN(打开)窗口。在具有扩展窗口的看门狗中,如果发生任何故障,看门狗将立即停止其当前所在的任何窗口,并在RESETx保持时间结束后启动新的扩展窗口。此扩展窗口没有CLOSED持续时间,并且将接受在该窗口持续时间内有效的任何看门狗服务。如果在该窗口中对看门狗进行维修,扩展窗口将立即停止,随后将进行正常的关闭/打开循环。如果看门狗没有在扩展窗口中得到服务,RESETx将在保持时间内断言,随后将出现另一个扩展窗口。此过程重复进行,直到检修看门狗为止。
Figures 3 and 4 show two potential timing situations for invalid refreshes.
图3和图4显示了无效刷新的两种潜在定时情况。
在这里插入图片描述

Figure 3. RESETx will immediately assert if WD is refreshed during the CLO window. An EXT window will start after the RESETx de-assertion. Extended windows continue to repeat until the watchdog is serviced.
图3。如果在CLO窗口期间刷新了WD, RESETx将立即断言。RESETx解除断言后将启动一个EXT窗口。扩展窗口继续重复,直到看门狗被服务。

在这里插入图片描述

Figure 4. RESETx will immediately assert after the end of the OPN window if the watchdog is not refreshed. A new EXT window will start after RESETx de-asserts. An EXT window will continue to repeat until the watchdog is refreshed.
图4。如果看门狗没有刷新,RESETx将在OPN窗口结束后立即断言。RESETx取消断言后将启动一个新的EXT窗口。EXT窗口将继续重复,直到看门狗被刷新。

Variable RESETx Hold Times

It is common for systems to enter an interrupt procedure after a failure to service a watchdog. These interrupt routines may take several milliseconds to complete before the SoC or MCU can refresh the watchdog again. This could cause the watchdog to assert RESETx again and possibly enter the interrupt routine repeatedly. This issue can be addressed by changing the duration of the RESETx hold time to allow the SoC or MCU to finish the interrupt routine. The variable RESETx hold time feature will hold the RESETx pin of the IC low for a set duration after a fault. If a fault occurs, the watchdog will immediately stop the window it was in and assert the RESETx pin of the IC for the set duration determined by the hold time. Once RESETx de-asserts, the watchdog resumes normal operation and the SoC or MCU can service the watchdog. In Figures 3 and 4, the RESETx hold time length has been omitted to simplify diagrams. Figures 5 and 6 describe two different RESETx hold times.
在看门狗服务失败后,系统通常会进入中断程序。在SoC或MCU能够再次刷新看门狗之前,这些中断例程可能需要几毫秒才能完成。这可能导致看门狗再次断言RESETx,并可能重复进入中断例程。这个问题可以通过改变RESETx保持时间的持续时间来解决,以允许SoC或MCU完成中断例程。可变RESETx保持时间功能将在故障后的设定持续时间内保持IC的RESETx引脚为低电平。如果发生故障,看门狗将立即停止其所在的窗口,并在由保持时间确定的设置持续时间内断言IC的RESETx引脚。一旦RESETx解除断言,看门狗将恢复正常操作,SoC或MCU可以为看门狗提供服务。在图3和图4中,为了简化图表,省略了RESETx保持时间长度。图5和图6描述了两种不同的RESETx保持时间。
在这里插入图片描述

Figure 5. The duration of the RESETx hold time is programmable. ADI parts have several set durations that are programmed when the part is made. Refer to the ADI IC datasheet for exact RESETx hold times.
图5。RESETx保持时间是可编程的。ADI零件有几个设定的持续时间,在零件制作时编程。请参阅ADI IC数据表了解确切的RESETx保持时间。

在这里插入图片描述

Figure 6. The duration of the RESETx hold time is set to 8ms in this diagram. Refer to ADI IC datasheet for exact RESETx hold times.
图6。在此图中,RESETx保持时间的持续时间设置为8ms。请参阅ADI IC数据表了解确切的RESETx保持时间。

Single/Consecutive WD Fault Counter

In some systems that implement a watchdog, RESETx assertions do not necessarily constitute a problem with the system. An errant RESETx assertion may appear in a system even if the system is operating correctly. To address this, ADI watchdogs feature watchdog fault counters which allow for RESETx assertions to occur on single or double watchdog faults.
在一些实现看门狗的系统中,RESETx断言不一定会构成系统的问题。即使系统运行正常,错误的RESETx断言也可能出现在系统中。为了解决这一问题,ADI看门狗具有看门狗故障计数器,允许在单看门狗或双看门狗故障时发生RESETx断言。

If a single fault counter option is selected, only one watchdog fault (no service, service during CLO window, etc.) is required to assert RESETx. If the double fault option is chosen, the first watchdog fault will increment the watchdog fault counter and the second fault will then assert RESETx. To RESETx the fault counter after one watchdog fault, two consecutive valid services of the watchdog are required. This is described in Figures 7 to 10.
如果选择单个故障计数器选项,则只需要一个看门狗故障(无服务,CLO窗口期间的服务等)就可以断言RESETx。如果选择双故障选项,第一个看门狗故障将增加看门狗故障计数器,然后第二个故障将断言RESETx。一次看门狗故障后复位故障计数器,需要看门狗连续两次有效服务。图7到图10描述了这一点。(需要看门狗连续两次有效服务才能复位故障计数器)
在这里插入图片描述

Figure 7. RESETx counter will increase to one if WD is refreshed during CLO window. No refresh after the end of the next OPN window will increase the counter to 2. This causes RESETx to assert, an EXT window will start after RESETx de-assertion, and the fault counter is RESETx to 0. RESETx asserts again after no refresh during EXT window or OPN window.
图7。如果在CLO窗口期间刷新WD, RESETx计数器将增加到1。在下一个OPN窗口结束后没有刷新将使计数器增加到2。这将导致RESETx断言,在RESETx解除断言后将启动一个EXT窗口,并且故障计数器将RESETx设置为0。在EXT窗口或OPN窗口期间没有刷新后,RESETx再次断言。

在这里插入图片描述

Figure 8. RESETx counter will increase to one if the watchdog is not refreshed during the 1st OPN window. Another normal CLO and OPEN will occur. If there is no refresh, RESETx counter will reach 2 and assert.
图8。如果在第一个OPN窗口期间没有刷新看门狗,RESETx计数器将增加到1。将出现另一个正常的CLO和OPEN。如果没有刷新,RESETx计数器将达到2并断言。

在这里插入图片描述

Figure 9. No refresh after the first OPN window increases the fault counter to 1. The next frame has a refresh, but the fault counter remains 1. The next OPN window does not receive a refresh, so the counter is increased to 2. Fault is asserted and the EXT window starts after RESETx de-assertion.
图9。第一个OPN窗口后不刷新将故障计数加为1。下一帧刷新,但故障计数器仍然是1。下一个OPN窗口没有收到刷新,所以计数器增加到2。错误被断言,RESETx解除断言后启动EXT窗口。
在这里插入图片描述

Figure 10.No refresh after the first OPN increases the fault counter to 1. The next frame has a refresh, but the counter remains 1. The third window also receives a refresh, so the counter is cleared to 0. The next two frames do not receive refresh, so the counter reaches 2 and the EXT window follows de-assertion.
图10。第一个OPN后不刷新将故障计数加为1。下一帧刷新,但计数器保持1。第三个窗口也接收到刷新,因此计数器被清除为0。接下来的两个帧没有收到刷新,因此计数器达到2,EXT窗口遵循取消断言。

RESETx Latch Feature

Another feature of ADI watchdogs is the ability to latch RESETx assertions. If a system sees a fault condition for longer than the longest possible RESETx hold time, it may be beneficial to continue to hold RESETx until the fault condition is removed. For example, if the SoC cannot service the watchdog, normal RESETx hold times will mean that RESETx would be de-asserted for the duration of the extended window and then will assert for hold time duration. This will mean the RESETx signal will toggle between asserted and de-asserted. Using the RESETx latch feature, the RESETx signal in this example will stay asserted until the SoC regains the ability to service the watchdog. This feature is also useful as an enable/disable for other signals. As an example, the watchdog latch feature can be used to disable all CAN bus communication if a fault is detected. All communication on the CAN bus will be stopped while the SoC addresses the system fault.
ADI监管机构的另一个功能是锁定RESETx断言的能力。如果系统看到故障状况的时间超过最长的RESETx保持时间,则继续保持RESETx直到故障状况消除可能是有益的。例如,如果SoC不能为看门狗提供服务,则正常的RESETx保持时间将意味着RESETx将在扩展窗口的持续时间内被取消断言,然后将在保持时间内断言。这意味着RESETx信号将在断言和去断言之间切换。使用RESETx锁存功能,本例中的RESETx信号将保持有效,直到SoC恢复为看门狗提供服务的能力。此功能还可用作其他信号的启用/禁用功能。例如,如果检测到故障,看门狗闩锁功能可用于禁用所有can总线通信。当SoC解决系统故障时,CAN总线上的所有通信都将停止。
If the watchdog has not been through first power-up, the SoC will only need one valid service to de-assert the latched RESETx signal. After power-up, the SoC needs two consecutive valid services to de-assert the latched RESETx signal, regardless of whether the consecutive fault counter feature is used or not. This is described in Figure 11.
如果看门狗没有经过第一次加电,SoC将只需要一个有效的服务来解除锁存的RESETx信号的断言。上电后,无论是否使用连续故障计数器功能,SoC都需要两个连续的有效服务来解除锁存的RESETx信号的断言。如图11所示。
在这里插入图片描述

Figure 11. The example above shows the watchdog RESETx signal will latch until the watchdog is serviced again. It shows a fault due to refreshing during a closed window, but it is true for any RESETx fault. The duration of the RESETx hold time is effectively the time that the SoC requires to properly service the watchdog. Normal CLO/OPN windows occur during RESETx latch.
图11。上面的例子显示看门狗RESETx信号将锁存,直到看门狗再次被服务。它显示由于在关闭窗口期间刷新而导致的错误,但对于任何RESETx错误都是正确的。RESETx保持时间的持续时间实际上是SoC正常服务看门狗所需的时间。正常的CLO/OPN窗口发生在复位锁存期间。

Challenge/Response Watchdog

Another feature of some ADI watchdogs is the ability to use a challenge/response to service the watchdog through I2C. In some systems, it is not enough to just require the SoC to send a pulse. It may be beneficial to require the SoC to perform a task or computation to ensure the SoC is fully operational. This is where a challenge/response watchdog can meet this requirement. In a challenge/response service, there is a key-value register in the IC that must be read by the SoC. After having read the register, the SoC must use this value to compute the appropriate response. This response is then sent back to the IC over I2C. Once the register has been updated with the correct response, the watchdog has been serviced. The watchdog operates the same way as in a windowed setup with the only change being that the key register is updated rather than the watchdog being refreshed with a rising edge. The IC contains a linear-feedback shift register with a polynomial of x8+x6+x5+x4+1. This will shift all bits upward towards the MSb and insert the calculated bit as the new LSb. The SoC must calculate the response in this manner and send it back to the register in the IC. This is described in Figure 12.
一些ADI监管机构的另一个功能是能够使用质询/响应通过I2C为监管机构提供服务。在一些系统中,仅仅要求SoC发送脉冲是不够的。要求SoC执行任务或计算以确保SoC完全可操作可能是有益的。这就是质询/响应监督程序可以满足这一要求的地方。在质询/响应服务中,IC中有一个密钥值寄存器,SoC必须读取该寄存器。读取寄存器后,SoC须使用该值来计算适当的响应。然后通过I2C将该响应发送回IC。一旦用正确的响应更新了寄存器,就可以为看门狗提供服务。看门狗的操作方式与窗口设置相同,唯一的变化是更新密钥寄存器,而不是用上升沿刷新看门狗。该IC包含一个线性反馈移位寄存器,其多项式为x8+x6+x5+x4+1。这将向MSb向上移位所有比特,并插入计算出的比特作为新的LSb。SoC必须以这种方式计算响应,并将其发送回IC中的寄存器。如图12所示。
在这里插入图片描述

Figure 12. Timing for challenge/response watchdogs are very similar to windowed watchdogs. The key register is read by the SoC via I2C and only needs to occur once. Once the SoC has read the key register, the next value is calculated using the previous one. The response is calculated and then written back to the register in the IC. On the next clock edge, the answer is confirmed and a new CLO/OPN window is started immediately.
图12。挑战/响应监督的时机与窗口监督非常相似。键寄存器由SoC通过I2C读取,只需要发生一次。一旦SoC读取了键寄存器,下一个值将使用前一个值计算。计算响应,然后将其写回IC中的寄存器。在下一个时钟边缘,确认答案并立即启动新的CLO/OPN窗口。

In Table 1, a feature list is shown with several ADI ICs that contain watchdogs. ADI has several design calculators available for those wanting to learn more. Please contact ADI for more technical literature as well as datasheets for any of the parts listed.
在这里插入图片描述

Conclusion

As windowed watchdogs become more commonly implemented, it is important to develop a basic understanding of their operation. This application note covered several features of windowed watchdogs for the reader to develop a general knowledge regarding the MAX20478 and MAX20480 product families. These features include programmable extended windows, programmable RESETx hold times, single or consecutive watchdog fault assertions, and RESETx latch capability. With these features, designers have more freedom to incorporate more complex designs into their projects.
随着窗口监督程序的实现越来越普遍,对其操作有一个基本的了解是很重要的。本应用笔记涵盖了窗口看门狗的几个功能,以便读者了解有关MAX20478和MAX20480产品系列的一般知识。这些特性包括可编程扩展窗口、可编程RESETx保持时间、单个或连续看门狗故障断言和RESETx锁存能力。有了这些功能,设计师可以更自由地将更复杂的设计融入到他们的项目中。