You assume they are only there to protect from the elements. There are more external cases (and the odd bug that can slip through) which can throw a spanner in the works.
Expect the unexpected, and you are less likely to be caught short.
Glyn
Hi Don,
Perhaps there are special circumstances, like when lives or -- (gasp) -- actual *money* is at stake :)
I suppose my point is basically, don't use a watchdog to cover up an inadequate hardware design. It will still be flaky.
-- John Devereux
IME, money trumps lives :-(
Agreed. Though I would say "inadequate hardware *or* software design". I.e., it is equally likely that the watchdog catches some condition that was improperly tested in the software (e.g., attempting to resolve a NULL pointer).
In such situations, double or triple redundant systems are typically used, which allows much more sanity cross checks than a simple watchdog.
Redundant sometimes, but redundancy has its drawbacks as well look at the very first flight of the space shuttle. Triple redundancy did not prevent a failure for the the processors to boot up and communicate.
In automotive the starting transient that crashes one processor probably would crash two or three.
There are alternatives for reliable systems, redundancy tends to find common cause in a system. For processors error correcting registers and memory help. Software consistency checks help.
Regards,
Walter..
-- Walter Banks Byte Craft Limited
For "safety", yes. But, the types of threats faced when money is involved are very different.
In safety/health related systems, you don't usually have someone
*deliberately* trying to subvert your system, its safeguards, etc. In the safety arena, if you can demonstrate due diligence, you're usually "off the hook". I.e., if a guy comes in with a carbide tipped chainsaw and cuts his way through the interlocked safety shields (so that the interlocks *don't* see this as a breach) and then manages to get his hand mangled by the now unprotected mechanism, he probably *won't* win a liability lawsuit against you.OTOH, if a guy sticks a spark coil up *inside* your coin dispensing mechanism and manages to completely foul the control logic so that it dispenses coins continuously, you probably are NOT going to have much recourse unless you can catch him in the act.
(ever notice how many closed circuit cameras and "plain clothes" folks there are in gaming establishments? And that doesn't count the "detectors" that you *don't* see!)
Redundancy only works if those redundant systems aren't vulnerable to the "attack". :-/ This is why gaming establishments require things to be done in teams, use lots of surveillance, "standards", etc. (and they still get "beat" for a healthy sum despite their precautions... thieves are more creative than idiots :> )
It worked perfectly, preventing the launch in a faulty vehicle.
If this prevents operating such faulty vehicle, then fine.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.