Per Westermark
02/22/12 08:02
#186139 - I just can not agree with that reasoning
Responding to: Kai Klaas's previous message
Sorry, but I don't agree at all.

1) You basically claim that a watchdog doesn't do anything. That is bull. It can't help in 100% of cases. But it most definitely can help. A good watchdog have a very simple state change diagram. So it is way harder to make it lock up.

2) You basically claim that you trust 100% your fuses/arrestors, ... They are no better than a watchdog. They can only improve the situation. Not give 100% security. So availability of input protection is no argument for removal of watchdog.

I haven't heard any claim that it was impossible to fail a curve with the Audi Quattro. Only that it did stay on the road, until it couldn't anymore. So people didn't have any feedback how near the limit they where. And no margin for recovery when it finally passed the limit. But the car did deliver, if the requirement was to stay on the road as long as possible. And that is what we want our hardware to do - keep working as long as possible. Until the hardware gets so abused that we just can't keep ticking anymore.

"But it gives you only the illusion of safety."

That requires that you can prove that a watchdog can never help. Because if one in 100 failures gets recovered by a watchdog reset, they your sentence is directly wrong.

But to use the word "illusion" correctly, I can claim that it is an illusion to believe that you can design a sellable product where input protection can be 100.000% guaranteed to protect the unit from a hang. As Erik notes, you can't power up a device and expect 100% reliability.

"No, the only way to handle these problems is proper filtering, shielding and grounding."
Totally male bovine manure, to use an expression loved by another forum visitor. There are no "only way". Engineering is about looking at "all ways". You are ignoring a large part of all research done about the design of reliable devices with your "only way". You are putting all your energy on a single link of a multi-linked chain.

No one in this forum have made a claim that a watchdog can replace good protection circuitry. But you are making the claim that good protection circuitry can replace a watchdog. You can't even sell your products in some product areas with such a design rule.

