Embedded Systems November 2000 Vol13_12

Issue link:

Contents of this Issue


Page 123 of 189

I a. the task switch occurs, it is impossible to get an illegal value written to the byte. In the case of the monitor, the byte The Watchdog Monitor Task The System Tasks If all Flags are ALIVE { Kick the dog else { record failure record flag index } Set all flags to UNKNOWN is read and then written. Theoretically, a task switch between the read and the write could change the state of the byte, and then that change would be overwritten by the monitor. This can never happen if the monitor is a high- er priority task than the tasks being monitored. The tasks being moni- tored never read the flag. They only write to it. Monitor interval As stated, the timeout inte• r! J Wait for period less than watchdog timeout interval t . Flags[1) = ALIVE; Task 2 Loop body ·val must Flags[2) = ALIVE; be enough fo r all of the tasks being monitored to complete at least one loop. If there is a big difference between the shortest task loop and the longest then the tasks with hort- e r execution times may only be get- ting checked after a few hundred loops. The list of flags can be divided into high frequency fl ags and low fre- quency fl ags. Each time the monitor is awakened, the high frequency tasks' flags are checked, but the low frequency tasks ' flags are on ly checked on every nth iteration, where n is the ratio between the high and low frequency. against a deadlock. This timeout could be rar longer than the watchdog time- out period. In the case of this extra timer timing out, t11e system would be judged to be in deadlock. In some cases, you may choose to assign two flags to one task. The flags could t11en be set to ALIVE at different points within the task's main loop. This would catch a problem where a task was stuck in a loop that reset one of the flags but skipped some vital part of its work. The monitor would only consid- er the task to be healthy if both flags are set to ALIVE witl1in each period. For waiting tasks, all of the tasks' flags are set to ASLEEP at the waiting point and all of them set to ALIVE immediately afterwards. For example if a task was allocated two flags called myFlagl and myFlag2 then the sequence of calls when this task is wait- ing is as follows: myFlag1 = ASLEEP; myFLag2 = ASLEEP; KS_wait(KEY_?RESS_HAPPENED); myFLag1 ALIVE; myFlag2 = ALIVE; Concurrent access Since writes of a single byte are atom- ic, it is safe to use a single byte as a flag for a single task. No matter when 122 NOVEMBER 2ooo Embedded Systems Programming Debugging When testing and debugging the sys- tem, it is a good idea to run the system with the watchdog timeout set tighter than it nom1ally will be in the field. This will help identify any of the paths in the code that are borderline. It i also a good idea to install the monitor task early in tl1e develop- ment cycle, since that will show how the system reacts to the real bugs in th e monitored tasks during develop- ment. During debugging, always place a breakpoint in tl1e monitor task at the point where it de tects a failed flag. Then a failed task is not only detected immediately, but you can also use the debugger to look at its state and figure out why it missed its deadline.

Articles in this issue

Archives of this issue

view archives of EETimes - Embedded Systems November 2000 Vol13_12