 |
Synergy Software Package User's Manual
|
|
Synergy Software Package User's Manual
|
RTOS-integrated Framework Interface for monitoring of threads. More...
Data Structures | |
| struct | sf_thread_monitor_cfg_t |
| struct | sf_thread_monitor_thread_counter_t |
| struct | sf_thread_monitor_counter_min_max_t |
| struct | sf_thread_monitor_api_t |
| struct | sf_thread_monitor_instance_t |
Macros | |
| #define | SF_THREAD_MONITOR_API_VERSION_MAJOR (2U) |
Typedefs | |
| typedef void | sf_thread_monitor_ctrl_t |
RTOS-integrated Framework Interface for monitoring of threads.
Any misbehaving threads cause a reset of the device. Both the WDT and IWDT HAL modules are supported by this framework module.
This is a ThreadX aware Watchdog Timer Thread Monitor Framework for monitoring threads in an application in which threads are executing at an expected rate. Threads to be monitored register themselves through SF_THREAD_MONITOR_ThreadRegister() and increment a count by calling SF_THREAD_MONITOR_CountIncrement() each time they execute. Each monitored thread also provides expected maximum and minimum count values for normal execution.
The Thread Monitor runs periodically and checks the count value of each monitored thread. If the count value falls outside of the expected range of values, the Watchdog Timer is allowed to reset the device. If all thread counts are within their expected ranges, then the Watchdog Timer is refreshed.
The WDT and IWDT modules are supported by the Thread Monitor.
The Framework Layer can be used to protect the entire software project. This is achieved through a high priority thread (Framework Layer) which runs periodically within the refresh permitted window of the Watchdog Timer selected (IWDT is safest as has its own clock source and is started automatically after reset). This thread monitors the state of every other thread in the system. If any of these threads are not running as expected, then the Watchdog Timer is not refreshed and is not allowed to reset the system. If the threads are running as expected, then the Watchdog Timer is refreshed.
Monitoring the other threads is achieved as follows: Each monitored thread increments a count variable each time it runs. The Thread Monitor thread checks the count variable of each thread to make sure it is within an expected range. If any of the variables are out of range a reset is allowed. Otherwise all variables are cleared to zero and the watchdog is refreshed. A profiling mode is used to establish the expected ranges.
This approach is described in the following article:
Jack Ganssle, "Great Watchdog Timers for Embedded Systems," www.ganssle.com/watchdogs.htm
This method requires the instrumenting of each thread to increment its count variable, but this is little overhead for the massive gain in protection.
Interface used: WDT Interface
Related SSP architecture topics:
Thread Monitor Interface description: Thread Monitor Framework
| #define SF_THREAD_MONITOR_API_VERSION_MAJOR (2U) |
Version of the API defined in this file
| typedef void sf_thread_monitor_ctrl_t |
Thread monitor control block. Allocate an instance specific control block to pass into the thread monitor API calls.