CPU Supervision

This section discusses functions that help the CPU maintain itself through some otherwise catastrophic situations. The functions covered here are (in order of importance) a power monitor for reset pulse generation, a watchdog timer, a power monitor for SRAM nonvolatility, and a time-of-day clock. The latter two are not actually considered part of CPU supervision, but it is very common to see various combinations of these functions in the class of integrated circuits which are referred to as CPU supervisors.

Reset

Before the CPU can do anything at all, it needs to be powered up, which simply requires a connection to the power and ground pins on the device. Once powered up, its essential that the internals of the device are allowed to synchronize and start up in a sane state. A RESET signal forces key CPU components to a known initial state. Typical requirements on a reset input line of a processor are that it be held in a constant active (usually low) state for some duration (say 100ms). In some designs, a simple resistor/ capacitor (RC) combination is used to keep the RESET line in a low state for the 100ms time period when power is applied to the system (this is referred to as power-on reset).

Without getting into a lot of detail, assume that the resistor/capacitor (RC) circuit of Figure 1.2 provides a time-delay power-up. While the other pins have the supply voltage applied immediately (Signal A), the RC connection to the RESET pin holds it low for some delay longer (Signal B), thereby providing the minimum 100ms of low state to RESET after power-up . Unfortunately, the RC pair is not very good at detecting when it should apply the low level to the RESET pin. That means that it doesnt work well for systems that are in remote locations and must be automatically reset after power outages and dips. In these situations, the power could dip and cause the power supply level to fall, which would in turn cause the CPU to go insane, but would not cause the RC circuit to pull the RESET line low enough to bring the CPU out of its insane state. In some respects, the RC combination is an analog solution for a digital problem. The real solution for a safe power-up reset is to monitor the supply line and pulse the RESET line for the designated amount of time whenever it transitions from out of to within CPU tolerance. Fortunately, there are components out there that do just that! There are several different components available that monitor the supply voltage and automatically generate a clean reset pulse into the CPU when the supply drops below a certain level.

image from book
Figure 1.2: Conditioned Reset Input.

When power is applied to the system (Signal A), the charge time of the RC circuit attached to the reset input (Signal B) delays the reset activation. While this reset mechanism works when the power is cycled cleanly, it can cause problems when power is momentarily interrupted .

Watchdog Timer

The watchdog timer (WDT) acts as a safety net for the system. If the software stops responding or attending to the task at hand, the watchdog timer detects that something is amiss and resets the software automatically. The system might stop responding as a result of any number of difficult-to-detect hardware or firmware defects. For example, if an unusual condition causes a buffer overrun that corrupts the stack frame, some functions return address could be overwritten. When that function completes, it then returns to the wrong spot leaving the system utterly confused . Runaway pointers (firmware) or a glitch on the data bus (hardware) can cause similar crashes. Different external factors can cause glitches. For example, even a small electrostatic discharge near the device might cause enough interference to momentarily change the state of one bit on the address or data bus. Unfortunately, these kinds of defects can be very intermittent, making them easy to miss during the projects system test stage.

The watchdog timer is a great protector. Its sole purpose is to monitor the CPU with a you scratch my back and Ill scratch yours kind of relationship. The typical watchdog (see Figure 1.3) has an input pin that must be toggled periodically (for example, once every second). If the watchdog is not toggled within that period, it pulses one of its output pins. Typically, this output pin is tied either to the CPUs reset line or to some nonmaskable interrupt (NMI), and the input pin is tied to an I/O line of the CPU. Consequently, if the firmware does not keep the watchdog input line toggling at the specified rate, the watchdog assumes that the firmware has stopped working, complains, and causes the CPU to be restarted.

image from book
Figure 1.3: External Watchdog Timer.

The watchdog timer is a simple re-triggerable timer. When the application is operating normally, it periodically resets the WDT by toggling its input. If something causes the application to hang or crash, the WDT times out and forces the CPU to restart.

Battery- Backed SRAM

Not all systems need to maintain the integrity of their SRAM when power is turned off, but this requirement is becoming more and more common because the components that provide that capability are getting cheaper and easier to use. Not too long ago, embedded systems used an arrangement of discrete components to determine what voltage was higher (power supply or battery) and properly steer the higher supply to the power pin of the SRAM (or the whole system). Now a handful of companies provide nonvolatile SRAM modules that have the battery and the power supply monitoring circuitry built right into the part. These parts are guaranteed to retain data for up to 10 years (with certain restrictions regarding the actual amount of time the internal battery is powering the SRAM, of course). Modules with built-in batteries are often available in versions that are pin-compatible with standard SRAM chips. These pin-compatible packages can be a life-saver if you need to add nonvolatile read/write storage to an existing design.

Time-of-Day Clock

For most embedded systems, the CPU provides all that is needed for maintaining time. Typically, there is no need to keep track of the time of day; nevertheless, when you need the time of day, you cant get it without some type of battery-backed time-of-day clock function. Even though the CPU has its own crystal and can keep relatively good time, the CPUs notion of time only persists as long as the CPU is powered up and running. When the board is reset, the CPUs clock is reset as well, making it impossible for the CPU to maintain the time on its own. If you need time of day in your system, then you need a battery and a time-of-day chip. An exception to this case is if the embedded system knows that it has an external device from which it can get the current time after being reset.



Embedded Systems Firmware Demystified
Embedded Systems Firmware Demystified (With CD-ROM)
ISBN: 1578200997
EAN: 2147483647
Year: 2002
Pages: 118
Authors: Ed Sutter

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net