Page 139 - The Art of Designing Embedded Systems
P. 139

126  THE  ART OF  DESIGNING EMBEDDED SYSTEMS

                       the system had an unexpected reset. Don’t use a bit of clever watchdog
                       code to compensate for software or hardware glitches.



                              Should embedded systems have a reset switch?
                              It seems almost traditional to put a reset  switch on the back
                         panel of an embedded system. When something horrible happens, hit
                         the reset and retry! Doesn’t this make the customer feel that we don’t
                         trust our own products? Electronic systems never had reset switches
                         until the introduction of the microprocessor. Why add them now?
                              A reset switch is no substitute for flaky hardware. It’s pretty
                         easy (or, at least possible) to design robust, reliable microprocessor
                         circuits. Any failure is most likely to be a hard fault that a simple
                         reset will not cure.
                              This argument implies that a reset switch is mostly useful to
                         cure software bugs. We have a choice of writing 100% reliable code
                         or adding some sort of an escape hatch for the user. I hereby pro-
                         claim, “We shall all now write correct code.”
                              The problem is now cured.
                              OK, so perhaps a bug just might creep in once in a while. My
                         feeling is that a reset switch is still a mistake. It conveys the message
                         that no one really trusts the product. It’s much better to include a
                         very robust  watchdog  timer that asserts a good, hard reset  when
                         things fall apart. The code might still be unreliable, but at least we’re
                         not  announcing  to the  world that bugs  are perhaps rampant.  Re-
                         member when  Microsoft  eliminated the  Unexpected  Application
                         Error message from Windows 3.1 . . . by renaming it?
                              No watchdog is perfect, but even a simple one will catch 99% of
                         all possible code crashes. Combine this percentage with the (ideally)
                         low probability of a software crash, and the watchdog failure rate falls
                         to essentially zero.




                           Making PCBs
                           In the bad old days we created wire-wrapped prototypes because they
                       were faster to make than a PCB, and a lot cheaper. This is no longer the
                       case. Except for the very smallest boards, the cost of labor is so high that
                       it’s hard to get a wire-wrapped prototype made for less than $500 to sev-
                       eral thousand dollars. Turnaround time is easily a week.
   134   135   136   137   138   139   140   141   142   143   144