A recent thread in comp.arch.embedded concerns using watchdog timers. I made the point that they are used with software designs because of the many possible ways they can screw up while hardware designs tend to be less prone to failures that would require the use of a watchdog timer to restore operation. This of course does not include designs that are subject to single event upset (SEU) such as space flight.
Opinions? Anyone here use watchdogs and care to share examples?
Anyone seen an ASIC that used a watchdog to get it out of a stuck state? That would include a CPU monitoring behavior and giving the ASIC a swift kick in the reset.
One point I was challenged on was that every FSM has potential for locking up and if it can't be designed to preclude that an internal watchdog would reset the FSM. I don't agree that this is "always" needed, but if the protocol specifies a timeout, then this is part of the protocol and not a "watchdog" in a true sense looking for aberrant behavior.