This idea describes a new concept that utilizes two watchdog timers instead of the typical single watchdog timer found in most embedded systems. One watchdog is the typical hardware type, which handles recovery from absolute firmware failure. The other is a watchdog interrupt that initiates the task of forced housekeeping of vital data prior to an impending system crash.
As shown in the figure, IC1A (74HCT132) supplies a continuous source of slow-rate pulses to the CPU reset input. The time period is selected by resistor R1 and capacitor C1. The second watchdog (SoftDog), which has an active-low output, is a faster rate gated oscillator (IC1B). The faster rate is due to a smaller R2C2 time constant whose output drives a CPU hardware interrupt input.
These pulses are early warning signals to save vital data. Such pulses are counted in a memory counter. When they reach a limit count, all of the vital system data is protected and the CPU is reset via software. If the SoftDog signal fails to execute properly, then the original hardware watchdog will reset the CPU for certain. It’s recommended that the time constant R1*C1 >> 10*R2*C2.
The dual method is superior in small systems where a sudden watchdog reset may cause loss of vital data. The circuit has been used with 8051, PIC, 8085, and 8088 CPUs. Excellent results were observed when noise pulses were injected in the data lines to deliberately cause firmware failure.