Summary: This page briefly describes watchdog timers and explains how they might cause unexpected resets in Arduino based systems.
The diagram below gives a basic diagram of an Arduino program.
When creating a new program/sketch the user is presented with a minimal program stub that contains two functions:
(i) setup( ) which be be executed once, and
(ii) loop( ) that will be run repetitively forever.
In the background there is a program that performs any initialisation such as setting up a stack and calls the setup and loop functions. As indicated setup( ) will be called once but loop( ) will be called continually.
Between every loop( ) call the background program may perform other activities. For example, with the ESP8266 it will perform WiFi operations**. From the user's point of view if the time to execute the loop( ) function is too long this might stall the WiFi operations. While the user might have some appreciation of how long their code takes they might not know the details of the performance of any library routines and this could create problems.
A second background operation is resetting the watchdog timers++. This is the topic of this page.
**The WiFi operations will not occur on every cycle.
++ If the user program spends less than a few seconds in the loop( ) function the user will not even know there is a watchdog timer present.
------------------------------------------
Programs might fail**. For example with spaceflight radiation could corrupt a program or data bit causing the program to not perform as expected. It might branch to the wrong function due to a failed data bit or even to attempt to execute non-code due to a corrupted program bit.
At the other end of the scale programs might fail due to coding errors or contingencies not included in the design specifications.
One solution is to include a watchdog timer. The watchdog timer is simply a resetable timer where code in the user program resets the timer in the watchdog before it times out and generates an interrupt.
**Often explained as "go into the weeds".
----------------------------
The watchdog timer (WDT) is simply a resetable or retriggerable timer. Each time the WDT is retriggered it starts a new count down. Provided the WDT is retriggered before it times out the WDT will perform no further action. However if it is not retriggered it will time out and generate an interrupt. A simple interrupt routine will be to reset the micro-controller.++
In practice the WDT will be reset via user software. The user will place in their code instructions that retrigger the WDT**.
In the case of the Arduino there are two interrupts, a hardware at about 8 seconds and a software of approximately 3 seconds. These are enable by default and retriggered as part of the background/under the hood operations. If users keep their setup() and loop functions to less than 3 seconds they could go through their whole life not being aware of the existence of the WDT. However, not being aware of the WDT makes the matter worse when a WDT timeout does occur.
++There is also the dead man timer (DMT) that counts the number of micro-controller fetch cycles and generates an interrupt if it ever times out.
**WDT can be quite complex and to avoid a program running amok they must be triggered with a given sequence (eg 0xAA, 0x55) or pattern.
---------------------
The watchdog timers can be demonstrated by adding a "while(1)" to the start up program.
The while(1) does not include code to retrigger the watchdog so ultimately it will time out and generate a reset. This was tested using an ESP8266 where the reset routine flashed the LED every 3.2 seconds (This "exact" time was measured using a Logic Analyser). The reset routine also gives the message that may be observed using the Arduino Serial monitor**.
In this case it is the software watchdog that has timed out.
By adding the method/function ESP.wdtDisable( ); to the setup routine the software watchdog is disabled.
This will allow the hardware watchdog to take over causing the ESP8266 to reset every 8.4 seconds and generate the boot reset message cause 4 (compared with 2 above).
**The message repeats approximately every 3 seconds.
------------------------------------
The ESP8266 contains two watchdog timers that normally operate in the background and are completely transparent to the developer/programmer. However if ever the duration of the setup or loop routines approach 3 seconds the developer must be aware that the timers might time out and generate a reset. There is an excellent internet page on the WDT https://techtutorialsx.com/2017/01/21/esp8266-watchdog-functions/
The yield( ) function will allow the Arduino to perform background or "under the hood" operations such as retriggering the watch dog timers.
Thus modifying the while(1) statement in the above code eliminates the issue of the ESP8266 timing out. ie use
while(1) { yield ( ) };
The library function delay(mS) contains the yield( ) function so while delay( ) will block user code it will not cause the watch dog timers to generate a reset. This can be tested by replacing while(1) with delay(10000) in the sample code above.
Readers can perform further tests by writing their own delay routine with and without the yield( ) function/method. For example, without the yield( ) the following function will work with delays up a few seconds but above that the WDT will reset the system.
----------------------