Emergency action during software hang problem

Discussion in 'General Electronics Chat' started by muthukumar_ece2004, Jun 1, 2011.

Thread Status:
Not open for further replies.
  1. muthukumar_ece2004

    Thread Starter New Member

    May 20, 2011
    9
    0
    Hi,

    We are doing a project for US client and its a somewhat critical project. The system software frequently goes to hang state, so we are decided to to use a Watch Dog Timer (WDT) to reset the someone. Here i need your valuable comments regarding what to do with this WDT either we need to shutdown the hardware or software reset is enough? Because this is a medical device project needs to take a care.
     
  2. debjit625

    Well-Known Member

    Apr 17, 2010
    790
    186
    If its a medical device project,then you should debug your software and hardware both to eliminate the problem, rather using WDT.Because WDT is not the solution for system which hangs very often.Of course you should use WDT for software reset but only sometimes in case of system malfunction.

    Good Luck
     
  3. DumboFixer

    Active Member

    Feb 10, 2009
    219
    34
    You would be better trying to work out why the software hangs rather than trying to sort out what to do when it has.

    Whether to shutdown the hardware or do a software reset is, I think, something we really can't help you with - you know the system, we don't.

    What are the implications of shutting down the hardware (is patient safety or wellbeing at risk if you do so) ?

    If the software hang is caused by a hardware problem then a software reset probably won't cure the problem.

    Investigate, and fix, the software hang first.
     
  4. ErnieM

    AAC Fanatic!

    Apr 24, 2011
    7,394
    1,606
    Gee, I once built a small embedded system device we then qualified to IEC-60601-1-4. If after you study this document and can find the section for "bang unit on side if it stops working" as an acceptable criteria then we can continue this discussion.

    Buy a debugger, add some debug trace code, figure out the ACTUAL problem and fix it before you kill someone.
     
  5. muthukumar_ece2004

    Thread Starter New Member

    May 20, 2011
    9
    0
    Thanks for your comments,

    oh....sorry friends, actually software does not hang frequently. According to safety issue consideration, we are try to implement the WDT if software fails in a worst case. For that we plan to place a WDT to solve the problem (this is for worst case of safety purpose only). and Our plan is to reset the software if code fails, is it worthfull? or need to change to another solution?
     
  6. DumboFixer

    Active Member

    Feb 10, 2009
    219
    34
    In my experience, having worked on mission computer software for aircraft, resetting the software isn't an option if its a critical real time system.

    Your code should be written "defensively" - by that I mean it checks for errors in data/inputs and takes the appropriate action. for example when dividing 2 numbers check that the divisor is not zero rather than doing the division and handling a divide-by-zero error. Check for possible errors before they happen.

    What is this worst case, what causes it ?

    What are the implications of doing a reset ? Does a life support machine reset, does a blood pressure reading need to be done again ? One of these is potentially lifethreatening, one not.

    Only you can decide if the system can be safely reset/restarted.
     
  7. ErnieM

    AAC Fanatic!

    Apr 24, 2011
    7,394
    1,606
    Gee, what changed from:

    I should quote for truth everything DumboFixer said.

    Its your project, you haven't shared any details for anyone to even guess at the consequences.

    The sensor system I worked on gave a single bit output as "GOOD." It took a dual redundant controller to keep that bit fail safe, meaning there were two outputs and one was either correct or signaling "BAD" for any single point failure.

    Even on non-redundant units a "GOOD" output was testable by an external signal that would make the system tend to the "BAD" output state. Note I say "tend," we didn't just change the single output bit, we changed the sensor drive to give a "BAD" output as to test the entire electronics chain.

    It did have a watchdog timer running to do a reset as we did not need previous state history, the test was a "real time" test. But a watchdog hit would still make the output give a momentarily "BAD" output.
     
  8. #12

    Expert

    Nov 30, 2010
    16,343
    6,828
    What? This site doesn't have a smiley that is tearing its hair out and screaming "bloody murder"?

    I can't believe somebody is designing a medical "critical" project by asking questions at a public opinion website. Why is this allowed on this site when fixing the vanity mirror in your car is considered too risky for this site?

    'scuse me if you think I'm a sissy, but the alarm bells in my head are ringing loudly.
     
    DumboFixer likes this.
  9. Adjuster

    Well-Known Member

    Dec 26, 2010
    2,147
    300
    This makes me think that sourcing such products from countries where things are not well regulated puts us all in danger.

    Imagine some unfortunate patient receiving his dose of radiation therapy, using a machine where the software repeatedly hangs and requires some last-ditch watchdog to pull the plug. While the system reboots, the Grays pile up until the victim is done to a crisp!

    In my opinion, this thread should be closed.
     
  10. beenthere

    Retired Moderator

    Apr 20, 2004
    15,815
    282
    Well, we are not about to see the code, learn the purpose, or - we pray - be subjected to the device that this failing code is supposed to operate.

    If the coders can't use experience and a programming skill set to find the problem - not to mention a debugger - then someone bid on a job dishonestly.
     
Loading...
Thread Status:
Not open for further replies.