How to effectively use watchdog in mbed?

Hi,

The project I am working on will occasionally crash (hard fault) due to memory leak or something that I am still trying to figure out. What bothers me is, despite watchdog is started at the right beginning of main function, system will just stay dead after crash.

Watchdog &watchdog = Watchdog::get_instance();
watchdog.start(30000); 

Isn’t the purpose of watchdog to restart system when crash happens? What could be the cause of failure of watchdog?

The project is based on STM32F429ZI and Mbed-os-5.15.

I cannot repeat this with artificially generated hard fault. So it must be something else.

Hello,

just for info, you can handle MbedOS crash according to Error handling - API references and tutorials | Mbed OS 6 Documentation and additional info is here.

According to platform/mbed_lib.json are necessary setting already set for auto reboot of your target. However the counter is set to 1 so the MbedOS will stop after first crash, but it can be solved in two ways.

1. insert the function below before the main. That will reset the counter every time when a crash occurs

   void mbed_error_reboot_callback(mbed_error_ctx *error_context)
   {
       error_context->error_reboot_count = 0; // reset counter
   }

2. insert settings below to mbed_app.json. That will set a max for the counter. Two boolean macros do not may be set for your case

   {
    "target_overrides": {
         "*": {
           "platform.crash-capture-enabled": true,
           "platform.fatal-error-auto-reboot-enabled": true,
           "platform.error-reboot-max": 10
         }
       }
   }

BR, Jan

Hi Jan,

Thanks for the information. Does this mean we can use auto-reboot in place of hardware watchdog? I don’t know how this auto-reboot on error is implemented. I assume it is based on watchdog one way or another.

My understanding is that for a hard crash, auto reboot will take over.

Watchdogs are interesting if your code gets stuck somewhere, like infinite loop, or reaching the end of main.

But be careful though, in case of infinite loop, the watchdog must be a on low priority thread, otherwise, round robin might kick in and it will be kicked.

Here is a little spike we used for testing:

I don’t know, I do not have deeper knowledge, but no where was written about Watchdog, everywhere is written only about fatal errors or processor exceptions.

But important info is that when you see the MbedOS crash report in console, then the system was already restarted and only the counter prevents from continuing to your application again.

BR, Jan

A round of applause to this. In the last couple of hours since I include this in my code, every 2 hour or so system will crash then reboot. Before including this code, system will crash and stay dead, despite watchdog is being used in main thread/loop.

This makes sense. Basically even watchdog kicks in, mbed itself will stop code from running.