Besides: redundancy still isn't a good reason not to use watchdogs.
You may have 4 redundant devices, but what if they all fail at the same time (which could happen under extreme, unplanned condition)? What if only one of them fails, but there is another unexpected failure that prevents redundancy to function as expected (that is, you have
3 working devices, but the whole system fails to notice there is something wrong with the 4th)? Well, you get the idea.If fighting planes were perfect, pilots were perfect and conditions were perfect, guaranteed 100% of the time, we wouldn't need to design ejecting seats. But we still design them, and once in a while, they are actually useful and save a life. That's exactly the same thing. Who cares whose fault it is when an unexpected event occurs? It's useful to be able to retrieve detailed info of failures, but right when it happens, nobody cares at this point: the system has to recover in the quickest way possible. Period.
As a basic rule of thumb, I'd just say that watchdogs are good for dealing with transient, temporary, unexpected failures. Redundancy is used more with a long-term (or complete) failure of one or several devices in mind. Of course, if designed in a sensible manner, they can complement one other and even interact with one another. That's when things get interesting.