FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IWDG short period (125 us) problem

Rub�n Acerete Halli
Associate III

‎2017-02-23 04:04 AM

Posted on February 23, 2017 at 13:04

Hello,

We are developing a PV converter and we have choose an STM32F407VGT microcontroller in order to controlling its power electronics and communications. 

We are using the

in order to ensuring that the software works properly and if not reset the system and initialize in a safe state. Mainly stopping the PWM modules and stop triggering the Mosfets. We would like configuring the IWDG at minimum period (125us). We carries out the IWDG reset in a timer (TIM2) update event interrupt each 50us. For reseting de WDG we are using the HAL function HAL_IWDG_Refresh(&hiwdg). Following is the IWDG initialization code:

hiwdg.Instance = IWDG;

hiwdg.Init.Prescaler = IWDG_PRESCALER_4;

hiwdg.Init.Reload = 0;

if (HAL_IWDG_Init(&hiwdg) != HAL_OK)

{

  Error_Handler();

}

We have tested 3 different values for hiwdg.Init.Reload, 0, 1, and 2. If we use 0 or 1 the systems restarts continuously. If we use 2 the watchdog works, but four application the watching time is too long and produce that some converter components could explode. How can we configuring the IWGD in order to having a WD period of 125us as told in the manual reference?

#iwdg #stm-32 #stm32f407 #problem
Labels:
0 Kudos
24 REPLIES 24
Rub�n Acerete Halli
Associate III
In response to waclawek.jan

‎2017-02-24 01:41 AM

Posted on February 24, 2017 at 09:41

I think that I am already doing it. because the RCC initializacion function test de return value. I will attach the whole code below.

0 Kudos
AVI-crak
Senior
In response to Rub�n Acerete Halli

‎2017-02-24 02:59 AM

Posted on February 24, 2017 at 10:59

Then it is necessary to use more predictable mechanism of protection, on WWDG (a step from PCLK) + NMI_Handler ().

In this case there is a possibility of correct end of an emergency. Iron dumping - it isn't always ideal. Sometimes it is required to establish quickly legs мк in a necessary state which differs from dumping.

NMI_Handler () - all timers (except a dog) will automatically stop. It is impossible to work normally further already, it is necessary to finish correctly operation of the device + the ravine of an event on the independent carrier.

WWDG - a step from PCLK + normal interruption in which it is possible to finish accurately work of a cycle forcibly - transfer of a task to other prepared address, or in a forehead - start of an emergency task. For example the stop of the engine can lasts minutes and more. It is necessary to hold мк to a full stop of the engine, otherwise there can be problems.

It is simple to stamp a huge number of a code in interruption - it won't turn out. All environment is simpler to kill (this interruption very strong) - and to start only resolved. The stop of timers and installation of legs мк in a safe state is the simplest and bystry, remains in the interruption.
0 Kudos
Rub�n Acerete Halli
Associate III
In response to AVI-crak

‎2017-02-24 06:20 AM

Posted on February 24, 2017 at 14:20

I will try implement the WWDG but the IWGD cotinues existing and I do not understnad Why. Maybe It is a documentation error. I do not. 

0 Kudos
AVI-crak
Senior
In response to Rub�n Acerete Halli

‎2017-02-24 08:20 AM

Posted on February 24, 2017 at 16:20

There are no documentation errors, there is not a full understanding.

IWGD - is intended for fatal cumulative errors when several physical devices of the periphery + an error of a program code, hangup on the data bus or to that similar can fail as avalanche directly. In this case helps only rest.

WWDG is intended for detection of errors of a program code, more precisely than incorrect distribution of machine time. As a rule when actuating similar interruption, мк works operationally: all data buses, all periphery and so on. Just instead of computation necessary at present - мк it was busy with some nonsense absolutely not necessary at this moment. And as a result - didn't manage to execute a basis cycle.

WWDG use as is - doesn't give security blanket. It is necessary to track the PLL generator, for its monitoring there is a separate interruption.

In case of PLL failure - the processor doesn't execute complete reset, but all timers pass into an inactive status. It is feeble protection if the logical unit on a timer output at rest is required from you.
0 Kudos
Rub�n Acerete Halli
Associate III
In response to AVI-crak

‎2017-02-24 10:26 AM

Posted on February 24, 2017 at 18:26

Ok Thank you very much for the detailed explanation. I will try the WWGD. I did not know that if the PLL fall the PWM modules stops in a safe way.

0 Kudos
Top