如何在看门狗定时器任务开始之前防止系统挂起 [英] How to prevent system hang before watchdog timer task kicks in

问题描述

我们使用基于 ARM AM1808 的嵌入式系统，带有 rtos 和文件系统.我们使用的是C语言.我们在应用程序代码中实现了一个看门狗定时器.因此，只要应用程序代码出现问题，看门狗定时器就会处理系统.

We are using an ARM AM1808 based Embedded System with an rtos and a File System. We are using C language. We have a watchdog timer implemented inside the Application code. So, whenever something goes wrong in the Application code, the watchdog timer takes care of the system.

但是，我们遇到了系统在看门狗定时器任务开始之前挂起的问题.系统挂起是因为文件系统代码被错误地编码，循环次数过多.有时由于 NAND 不好(或至少文件系统代码认为它不好)，代码会挂在一个 while 循环中并且永远不会摆脱它.我们得到的是一个死板.

However, we are experiencing an issue where the system hangs before the watchdog timer task starts. The system hangs because the File System code is badly coded with so many number of while loops. And sometimes due to a bad NAND(or atleast the File System code thinks it is bad) the code hangs in a while loop and never gets out of it. And what we get is a dead board.

所以，提供所有信息的目的是问你们是否有任何机制可以在应用程序代码之前运行的代码中实现?有没有硬件看门狗?可以采取哪些步骤来确保我们不会因某些 while 循环而导致死板.

So, the point of giving all the information is to ask you guys whether there is any mechanism which could be implemented in the code that runs before the application code? Is there any hardware watchdog? What steps can be taken in order to make sure we don't get a dead board caused by some while loop.

推荐答案

专业的嵌入式系统是这样设计的:

Professional embedded systems are designed like this:

• 选择具有上电复位中断和片上看门狗的 MCU.这是所有现代 MCU 的标准.
• 从复位中断向量内部实施以下步骤.
• 如果 MCU 存储器的设置很简单，例如只设置堆栈指针，那么请在重置后做的第一件事就是这样做.这使 C 编程成为可能.只要不声明任何变量，您通常可以用 C 编写复位 ISR - 反汇编以确保它不会触及任何 RAM 内存地址，直到这些地址可用.
• 如果内存设置很复杂 - 有 MMU 设置或类似设置 - 它必须等待并且您必须坚持使用汇编程序以防止由 C 代码引起的意外堆栈.
• 设置最基本的寄存器，例如模式/外设路由寄存器、看门狗和系统时钟.
• 设置低电压检测硬件(如果适用).希望 MCU 上 LVD 的非复位状态是正确的.
• 应从此处设置特定于应用程序的关键寄存器，例如 GPIO 方向和内部上拉电阻寄存器.默认情况下，许多 MCU 都有引脚作为输入，这使它们容易受到攻击.如果它们不打算作为应用中的输入，则应尽量减少它们在复位之外的时间，以避免出现噪声、瞬态和 ESD 问题.
• 设置 MMU(如果适用).
• 其他所有CRT"，例如 .data 和 .bss 的初始化.
• 调用main().

• Pick a MCU with power-on-reset interrupt and on-chip watchdog. This is standard on all modern MCUs.
• Implement the below steps from inside the reset interrupt vector.
• If the MCU memory is simple to setup, such as just setting the stack pointer, then do so the first thing you do out of reset. This enables C programming. You can usually write the reset ISR in C as long as you don't declare any variables - disassemble to make sure that it doesn't touch any RAM memory addresses until those are available.
• If the memory setup is complex - there is a MMU setup or similar - it will have to wait and you'll have to stick to assembler to prevent accidental stacking caused by C code.
• Setup the most fundamental registers, such as mode/peripheral routing registers, watchdog and system clock.
• Setup the low-voltage detect hardware, if applicable. Hopefully the out-of-reset state for LVD on the MCU is a sound one.
• Application-specific, critical registers such as GPIO direction and internal pull resistor registers should be set from here. Many MCU have pins as inputs by default, making them vulnerable. If they are not meant to be inputs in the application, the time they are kept as such out of reset should be minimized, to avoid problems with noise, transients and ESD.
• Setup the MMU, if applicable.
• Everything else "CRT", such as initialization of .data and .bss.
• Call main().

请注意，为您的 MCU 预先制作的启动代码不一定是由专业人士制作的！业余水平的CRT"是相当普遍的.与您的工具链一起提供，它无法尽早设置看门狗和时钟.这当然是不可接受的，因为:

Please note that pre-made startup code for your MCU is not necessarily made by professionals! It is fairly common that there's an amateur-level "CRT" delivered with your toolchain, which fails to setup the watchdog and clock early on. This is of course unacceptable since:

1. 这使得在该平台上运行的任何程序都存在明显的安全/质量问题，以防CRT"无论出于何种原因都会崩溃/挂起.
2. 这使得 .data 和 .bss 的初始化变得不必要、非常缓慢，因为它通常是在运行在默认片上 RC 振荡器上的时钟下执行的或类似的.

1. This makes any program running on that platform a notable safety/poor quality hazard, in case the "CRT" will crash/hang for whatever reason.
2. This makes the initialization of .data and .bss needlessly, painfully slow, as it is then typically executed with the clock running on the default on-chip RC oscillator or similar.

请注意，即使是行业事实上的启动代码，例如 ARM CMSIS，也无法执行上述某些特定于 MCU 的硬件设置.这可能是也可能不是问题.

Please note that even industry de facto startup code such as ARM CMSIS fails to do some of the MCU-specific hardware setups mentioned above. This may or may not be a problem.

这篇关于如何在看门狗定时器任务开始之前防止系统挂起的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！