Few questions on embedded stuff

Paul Keinanen wrote: ...

I just remembered another case I heard about where a WDT helped CAUSE a problem!: An intermittent hang in the acct. pac. caused the WDT to fire and shut down the system; when the system came up it would notify the other nodes in the system that it was Here (oh joy)! This notification would cause the other nodes to send a message to their acct. pac. and it (being intermittent) would occasionally hang that other node and the process spread throughout the system!!! (all nodes ran the same s/w release!)-- RM

Just request them in the same order in all processes. In the flow of logic of any process do lock 1 free 1 lock 2 free 2 lock 3 free 3

or lock 1 lock 2 free 2 lock 3 free 3 free 1

Never go 1-2-3 in one and 1-3-2 in another process. Nevertheless, you can go 1-2-3-4 and 1-2-4 and 1-3-4 in different processes.

To make this possible is called design. You can even resort to one super-resource, though your timing may suffer by this approach.

Andreas

Hi Rick,

Actually, yes. There are altimeter-equipped automatic opening devices in case someone panics, faints or whatever. They asked us on our first non-ripcord jump whether we wanted one. But they have downsides as well and can open inadvertently before you are in a good position to pull. I opted to go "without" but carried my wrist altimeter (which was legally required).

Regards, Joerg

Hi Ben,

That's exactly what a Boeing engineer once said to me. He thought it was insane to jump out of a fully serviceable airplane. But it isn't insane. We tried to convince our pilot and many of the glider folks to do at least 2-3 jumps so they know how it feels if they ever have to. Most of the glider folks declined and then one day the story was in the news. One had a structural failure a few thousand feet up, high enough to jump. He hesitated too long to bail out and didn't make it.

Regards, Joerg

Hi Ed,

Absolutely agree. Even rad hard stuff will have a chance to fail. Not using a WDT is like driving around without a safety belt. Some of us might live to be 90 that way, others not. All it takes is a tire blowing at 65mph.

What I don't like are designs that rely on WDT for regular operation.

Regards, Joerg

The real insanity is those people who jump out of an aircraft that isn't on fire into a forest that is...

Some of those Wdogs and processors sounded too complex to be dependable. There is always an element of system architecture selection to best suit the application's requirements Watchdogs style should be part of the architecture selection process.

Oh, I see. I do recall chips that have the "feature" of being able to differentiate an internally generated "power-on reset" from "reset-pin reset."

OTOH, some of us drive 90mph and hope to reach 65. ;-)

Yes, and I think that's always the fear of using WDT's -- that they'll be abused. Also, one participant in this thread already noted that a WDT is most useful if enough of the context is saved to be able to forensically analyze what went wrong. It's a technically sound comment, but it's not always possible in the case that an external WDT is used and tied to the microprocessor's reset line. In many cases, the reset itself wipes out all traces of evidence and makes diagnosis impossible. In such cases, and depending on the application, it may be preferable for the device to fail visibly than to reset and continue quietly. Like most engineering, it requires an analysis of the tradeoffs for the particular problem at hand...

Ed

serviceable airplane.

... or to get into one that isn't. I heard tell a few years back that the Boeing engineers who service the Chinese inland airliners travel by train:-).

Clifford.

It does not have to be a gamma ray.

In an ancient existence I used AMD87c521 (IIRC) devices and as I had to keep UV erasing the parts and being a typical lazy recent graduate could not be bothered to cover up the erase window. The parts worked fine through the start of the development but as the year went on I started to get sone peculiar failures where the processor went off with the faeries. Turned out that the brighter sunlight in the summer caused the device RAM to be corrupted during the run. (Yes I worked in a development lab with REAL WINDOWS ;-). Bill hadn't even got round to version 3.1 in those days :-D )

S-V

One of my previous colleagues told the story of where they proudly demoed the first prototype of a fairly large Servo Amp for the client. The device used a mcu with EPROM, and of course the window was uncovered. Someone took a photo while it was being demoed, and the flash caused the MCU to go haywire, and needless to say the whole prototype went up in smoke with nice loud bangs.

Regards Anton Erasmus

As I recall, the Motorola HC705P6 in the ceramic/windowed package would not even blank check if the window was not covered and would do strange things in operation if the window was not covered.

Jim

We once had an engineer who ran a phototransistor driving a 74HC input off of a 12V supply with no series resistor. He reasoned that the LED could never provide enough light to saturate it enough to exceed the current specs for the photoransistor or the input.

We replaced hundreds of units after users powered them up with the cover off and sunlight coming in through a window...

Anton, did you ever see it the other way around? Where an EPROM window starts an orange glow beneath the glass? That was really spooky.

Regards, Joerg

Joerg wrote in news:SzjEc.4656 $ snipped-for-privacy@newssvr27.news.prodigy.com:

As I recall, I plugged in a 128KB UV EPROM backwards once, and it lit up for a short while. The amazing thing was that it still worked after that. Mind you, I wouldn't place any bets on it's life expectancy.

Regards,

-=Dave

LOL! At best, if the wire was not damaged, I would expect some (or all) of the operating parameters of any still-functioning parts to have been affected.

You were lucky, that was really rare. Here, most EPROMs died with a nice flashlight effect.

Andreas