: If it appears that the hardware is falling apart, how could you trust
: that it makes any sensible decisions ? Of course, if each output
You've changed the situation -- 'the hardware is falling apart' is hardly the
same as a single hardware failure.
Generally, an MCU on reset sets the outputs to a known value -- all 0 or all
1. If you design fail-safe, then a hardware reset, in the face of some
failing hardware, will at least make sure everything is off.
: In any really safety critical system, you should use double or triple
: (voting) redundant system, not watchdogs.
There is a WHOLE class of problems for which that is completely overkill.
Take an arcade game, or vending machine, or any machine that is going to take
physical punishment and need regular maintanance.
People are going to beat on a soda machine. Do you want to put
tripple-redunancy memory on that, or just design it such that when it breaks
it just sits there resetting itself, so no one can get free soda ?
Arcade games use watchdogs because there is a very small window where they
will make money. (Or used, when it was dedicated hardware, now it's largely
PC level hardware, but I digress) Competition means getting the thing out
the door relatively quickly, and cheap enough to sell.
You want to get every bug, but if you wait too long, you'll be into the next
generation. The watchdog means that if there IS a bug, the machine will just
reset and keep earning money, instead of not earning money until an op gets
Fail-safe means that WHEN the thing fails, you try your best to make sure
it's in a 'safe' condition.
Chris Candreva -- firstname.lastname@example.org -- (914) 967-7816
Click to see the full signature.