Watchdog Services is a set of modules in the AUTOSAR layered architecture wherein modules like Watchdog Manager(Services Layer), Watchdog Interface(ECU Abstraction Layer) and Watchdog Driver(MCAL Layer) provide services for monitoring the timing and the correctness of execution of an entity in the application and basic software. It avoids the system from resetting if no failure occurs continuously in the application or basic software.
Watchdog Stack in AUTOSAR
The monitored entity in the application or basic software in known as the Supervised entity. These supervised entities can be any function or a runnable(a set of instruction, similar to a function, which can execute as an independent unit). These entities are monitored by placing some points in the software known as Checkpoints.
Monitoring /Supervision of an entity are of three types :
1. Alive Supervision 2. Deadline Supervision 3. Logical Supervision
Alive Supervision :
Some supervised entities should execute at a particular rate i.e. periodically. Alive Supervision monitors the rate of execution for these supervised entities.
Example : A 1ms task is being monitored at every 10ms. So, after 10ms the counter monitoring the the 1ms task should be updated to 10(-/+). Whether the monitoring counter is being updated to 10(-/+) ismonitored under Alive Supervision.
Deadline Supervision :
Some supervised entities should execute within a specified time duration. Deadline Supervision monitors the time taken for the execution of a supervised entity.
Example : A supervised entity is meant to execute within 10ms. Two checkpoints will be placed in this supervised entity and time stamps will be taken between the start and the end checkpoint. The time difference between the checkpoints will give the time taken for execution of the supervised entity.
Logical Supervision :
In some supervised entities, the flow of execution has to be monitored for the error free execution of the program. Logical supervision is used to monitor the flow of execution in the program.
Example : In the supervised entity, there are two conditional path for execution A and B, wherein one path is correct. Checkpoints are placed in the supervised entity. The flow of execution is monitored by monitoring these checkpoints.
The Status of the WdgM and Supervised Entities can be monitored using Global Supervision Status and Local Supervision Status. Global Supervision Status is the status of the WdgM under the active WdgM mode. Local Supervision Status is the status of the individual supervised entities. Global supervision status is based on the Local supervision status of the supervised entities.
Different valid statuses of WdgM and Supervised entities are listed in the table :
Transition from one state to another depends depends on the WdgM mode, Local Supervised entity status and failure threshold set during the configuration of supervised entity.
During a monitoring cycle, the supervised entities configured in the current WdgM mode are evaluated and the local status of each entity is updated based on the results of the evaluation. Based on the update in the local status the global status of WdgM is also updated.
If a failure occurs for a supervised entity, the failure counters are incremented till they reach the pre-configured threshold. If a threshold is reached the local status of the supervised entity is updated. Based on the local status the global WdgM status is also updated.
If the pre-configured Global Threshold counters exceed due to failure of the supervised entities the WdgM triggers a reset command to the Wdg driver resulting in the reset of the system.
WdgIf is a module which maps a WdgM request to a driver if there are multiple drivers available.
Wdg driver is responsible for driver initialization, managing the operation mode(off mode, fast mode, slow mode) and setting up the watchdog trigger. WdgM provides a value to Wdg driver(WdgM_SetTiggerCondition → WdgIf_SetTiggerCondition → Wdg_SetTiggerCondition) to service the driver and avoid a reset in case of no failure. In case of a failure condition from the application the value given to Wdg driver by WdgM is ‘0’. This results in resetting of the Watchdog Driver.