CN-122019225-A - Zero clearing method and device for watchdog timer

Abstract

The invention discloses a zero clearing method of a watchdog timer. And S1, setting a zero clearing logic at an entry point of an idle thread of the operating system. And S2, setting the timing duration of a wake-up timer and a watchdog timer of one hardware as T1 and T2, wherein T1 is less than T2. And step S3, starting to count two timers at the same time, and generating hardware timer interrupt when the count of the wake-up timer reaches T1. And S4, executing the thread with higher priority than the idle thread, and then executing the idle thread. Step S5, if the zero clearing logic is successfully executed before T2, the two timers restart to count simultaneously. If the clear logic is not successfully executed before T2, a preset event is triggered when T2 is reached. According to the invention, the zero clearing operation of the watchdog timer is implanted into the idle thread of the operating system, a special zero clearing thread is not required to be established, and faults such as system halt, thread deadlock, thread starvation and the like can be effectively detected.

Inventors

• HUANG JINHUA
• YU JIA
• Sun Qinhan

Assignees

• 翱捷科技股份有限公司

Dates

Publication Date

20260512

Application Date

20260108

Claims (8)

1. 1. A method for resetting a watchdog timer is characterized by comprising the following steps of; Step S1, setting clear logic at an entry point of an idle thread of an operating system, wherein the clear logic is to execute clear operation on a watchdog timer and a hardware wake-up timer to restart timing; step S2, after the operating system is started, setting the timing time length of a wake-up timer of one hardware as T1, setting the timing time length of a watchdog timer as T2, wherein T1 is less than T2, and the wake-up timer is not provided with an interrupt callback function; Step S3, starting to count the awakening timer and the watchdog timer at the same time, and generating hardware timer interrupt of the awakening timer when the count of the awakening timer reaches T1, and entering an interrupt response flow; Step S4, executing the thread with higher priority than the idle thread, and executing the idle thread after all the threads with higher priority than the idle thread are blocked; step S5, if the zero clearing logic is successfully executed before the timing of the watchdog timer reaches T2, the watchdog timer and the wake-up timer restart timing at the same time, and then the step S3 is returned to; if the zero clearing logic is not successfully executed before the timing of the watchdog timer reaches T2, when the timing of the watchdog timer reaches T2, a preset event is triggered, and then the step S2 is returned.
2. 2. The method for clearing the watchdog timer according to claim 1, wherein in the step S1, the idle thread is the thread with the lowest priority in the operating system, and when no other service thread needs to be scheduled for execution, the idle thread is scheduled for execution.
3. 3. The method for resetting a watchdog timer according to claim 1, wherein in the step S3, when the wake-up timer generates a hardware timer interrupt, if the operating system is in a non-sleep state, the interrupt response flow is directly entered due to the hardware timer interrupt, and if the operating system is in a sleep state, the interrupt response flow is entered after the wake-up timer interrupt.
4. 4. The watchdog timer clearing method according to claim 1, wherein in the interrupt response procedure, if the hardware timer interrupts the registered interrupt callback function, the interrupt callback function is called in the interrupt context, if the hardware timer interrupts the unregistered interrupt callback function, the step of executing the interrupt callback function is skipped, and before the interrupt response procedure is ended, the scheduler is executed to select the thread to be executed next, and then the interrupt response procedure is ended.
5. 5. The method for clearing the watchdog timer according to claim 1, wherein in the step S4, when there are a plurality of scheduled threads, the scheduler first selects a thread in a certain ready state to execute, when the thread is executed or needs to be blocked for waiting, the thread blocks itself, then triggers the operating system to execute the scheduler again, the scheduler selects one of the scheduled threads in the remaining ready state to execute, and loops so until all the scheduled threads in the ready state are blocked, and at this time, the scheduler schedules to idle thread to execute.
6. 6. The method for clearing the watchdog timer according to claim 1, wherein in the step S5, if the clearing logic is successfully executed within the time period T2, it indicates that the idle thread can be scheduled within the time period T2, and it indicates that all threads in the operating system can be scheduled within the time period T2.
7. 7. The method for clearing the watchdog timer according to claim 1, wherein in step S5, if the clearing logic is not successfully executed within the period of T2, it indicates that the operating system has a software fault of thread starvation, thread deadlock, or dead halt, which results in that the idle thread cannot be scheduled within the period of T2.
8. 8. The watchdog timer clearing device is characterized by comprising an idle thread setting unit, a timer setting unit, an interrupt response processing unit, a thread scheduling execution unit and a clearing unit; the idle thread setting unit is used for setting clear logic at an entry point of an idle thread of an operating system, wherein the clear logic is used for executing clear operation on a watchdog timer and a hardware wake-up timer to restart timing of the watchdog timer and the hardware wake-up timer; The timer setting unit is used for setting the timing time length of a wake-up timer of one hardware to be T1 and setting the timing time length of a watchdog timer to be T2 after the operating system is started, wherein the wake-up timer is not provided with an interrupt callback function by T1< T2; the interrupt response processing unit is used for starting timing of the wake-up timer and the watchdog timer at the same time, generating hardware timer interrupt of the wake-up timer when the timing of the wake-up timer reaches T1, and entering an interrupt response flow; The thread scheduling execution unit is used for executing the thread with higher priority than the idle thread first, executing the idle thread after all the threads with higher priority than the idle thread are blocked, and executing the zero clearing logic when executing the idle thread; the zero clearing unit is used for restarting timing of the watchdog timer and the wake-up timer simultaneously when the zero clearing logic is successfully executed before the timing of the watchdog timer reaches T2, and is also used for triggering a preset event when the zero clearing logic is not successfully executed before the timing of the watchdog timer reaches T2 and the timing of the watchdog timer reaches T2.

Description

Zero clearing method and device for watchdog timer Technical Field The invention relates to a method for resetting a watchdog timer. Background In the fields of embedded systems, industrial control, automobile electronics and the like, which have high requirements on reliability, a watchdog timer (watchdog timer) is commonly adopted as a system fault recovery mechanism. The watchdog timer is used to monitor whether the system is in a normal state, and is essentially a monotonically increasing counter. When the counter reaches a predetermined threshold, a predetermined event is triggered, such as signaling a reset, restart, or shutdown of the system. During normal operation of the system, the watchdog timer needs to be periodically cleared to periodically restart counting when the preset threshold is not reached, which is colloquially referred to as "feeding a dog". If the watchdog timer is not cleared in time, the watchdog timer indicates that the system is in abnormal or fault such as dead halt, deadlock and the like, and a preset event is triggered to restore the system to a normal state. The existing watchdog timer clearing method, or colloquially called a feeding method, is divided into the following two types. The first is a software method, which uses a special zero clearing thread (thread) to zero the watchdog timer. A zeroing thread is a separate, low priority thread (or task) created in the operating system that has the core responsibility of monitoring the system state and periodically performing zeroing operations on the watchdog timer. The scheme can effectively detect software faults such as dead halt, thread deadlock, thread starvation and the like. Thread starvation refers to the high priority threads taking up CPU resources for a long period of time, resulting in low priority traffic threads not being scheduled. When the software fault occurs, the zero clearing thread cannot be executed because the zero clearing thread cannot be scheduled, so that a preset event of the watchdog timer is triggered. The disadvantage of this approach is that the zeroing thread hosts the operating system, which introduces significant memory overhead (e.g., task overhead) and running overhead (e.g., context switch, CPU overhead). The zeroing thread needs to be executed periodically, which may interrupt the execution of the normal service thread, and adversely affect the real-time performance of the system. The second is a hardware mode, and another hardware timer is adopted to clear the watchdog timer. This is to set a separate, periodic hardware timer in the interrupt callback function of which the watchdog timer is cleared. The scheme does not need to create additional threads in the operating system, so that the memory overhead and the operation overhead are small, and the utilization efficiency of system resources is high. The disadvantage of this approach is that software failures such as thread starvation cannot be detected because execution of the hardware timer interrupt is not tied to the thread scheduling state of the operating system. Whether the thread is running normally, deadlock or starving, the hardware timer will unconditionally trigger an interrupt and perform a clear operation on the watchdog timer after expiration. Therefore, the solution cannot effectively reflect the health status of threads in the system. The two existing watchdog timer clearing methods have advantages and disadvantages, and cannot be used for effectively detecting software faults and achieving low system resource overhead. Disclosure of Invention The invention aims to solve the technical problem of realizing a method for clearing a watchdog timer, which can effectively detect software faults and has lower system resource overhead. In order to solve the technical problems, the invention provides a method for resetting a watchdog timer, which comprises the following steps. And step S1, setting zero clearing logic at an entry point of an idle thread of an operating system, wherein the zero clearing logic is used for executing zero clearing operation on a watchdog timer and a hardware wake-up timer so as to restart timing of the watchdog timer and the hardware wake-up timer. Step S2, after the operating system is started, setting the timing time length of a wake-up timer of one hardware as T1, setting the timing time length of a watchdog timer as T2, wherein T1 is less than T2, the wake-up timer is not provided with an interrupt callback function, and triggering a preset event if the timing of the watchdog timer reaches T2. And step S3, starting to count the awakening timer and the watchdog timer at the same time, generating hardware timer interrupt of the awakening timer when the count of the awakening timer reaches T1, entering an interrupt response flow, and executing a scheduled thread by a scheduler after the interrupt response flow is finished. And step S4, executing the thread with the higher priority than the idle thre