User avatar
everslick
Posts: 8
Joined: Fri Jun 15, 2012 8:23 am
Location: Austrfia
Contact: Website

IDEA: reset button with watchdog

Fri Aug 31, 2012 8:46 am

IMHO, the pi desperately lacks a physical reset button, especially for us metallers. ;-) I think there is a soldering solution that involves soldering on the PCB, but that is not for the faint-hearted (like me). :lol:

how about setting up the watchdog (to trigger really fast, like 100ms) have an timer interrupt (firing twice as often) and having the timer ISR resetting the watchdog, if a specific GPIO (IN) is NOT set (pulled down/up... whatever).

what do you think?

best regards ...
clemens

BrianW
Posts: 83
Joined: Sun Jul 29, 2012 9:03 pm

Re: IDEA: reset button with watchdog

Fri Aug 31, 2012 12:52 pm

Much quicker and easier would surely be to fit a power switch to your supply cable.

Joe Schmoe
Posts: 4277
Joined: Sun Jan 15, 2012 1:11 pm

Re: IDEA: reset button with watchdog

Fri Aug 31, 2012 1:24 pm

BrianW wrote:Much quicker and easier would surely be to fit a power switch to your supply cable.
But not the same thing at all.
And some folks need to stop being fanboys and see the forest behind the trees.

(One of the best lines I've seen on this board lately)

User avatar
Dweeber
Posts: 606
Joined: Fri Aug 17, 2012 3:35 am
Location: Mesa, AZ
Contact: Website

Re: IDEA: reset button with watchdog

Mon Sep 03, 2012 11:05 pm

BrianW wrote:Much quicker and easier would surely be to fit a power switch to your supply cable.
Potentially with devastating affect.... just cutting power to a running system can corrupt your SDCard.

I was thinking of hooking up a momentary switch and using a script I found elsewhere that looks for a change on GPIO 0 . Just not sure if I need the resistor or not. My father a long retired Electronic Engineer without looking at it or knowing anything about the RPi suggested that the resistor would be a needed safety item. I have no real electronics background at all other than knowing what a resistor and momentary switch is.

Image

The script I've seen looks for the pin and if it sees it takes an action, in this case a command to the OS to shutdown.
Dweeber A.K.A. Kevin...
My RPI Info Pages including Current Setup - http://rpi.tnet.com

dwelch67
Posts: 955
Joined: Sat May 26, 2012 5:32 pm

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 12:07 am

You dont need to mix the watchdog and another interrupt unless you are looking to solve hangs.

If you are in control of the application, etc and you need to axe the system and reset (risking sd card corruption) your solution is fine. The raspberry pi gpio lines have pull up and pull down resistors you can configure so you dont have to use one externally. Easy to setup the watchdog and easy to setup a timer interrupt and poll a gpio line if the interrupt sees the button pressed, just go into an infinite loop and the watchdog will fire, otherwise tickle the watchdog to stay alive.

If you want a controlled shutdown when the system is safe, you dont need the watchdog running, when you detect the command or button press (can poll or interrupt) safe the system, then start the watchdog with a short timeout and go into an infinite loop. Basically a software initiated reset.

David

User avatar
kspn
Posts: 68
Joined: Mon Jan 16, 2012 9:52 pm
Location: Melbourne

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 12:22 am

I am also interested in this, how would you configure the interrupt on the GPIO line?

I have already got a script that loops and polls the GPIO, but that is CPU intensive and not the best solution. :)
No Coffee, No Workee

User avatar
jojopi
Posts: 3079
Joined: Tue Oct 11, 2011 8:38 pm

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 1:04 am

Dweeber wrote:I was thinking of hooking up a momentary switch and using a script I found elsewhere that looks for a change on GPIO 0 . Just not sure if I need the resistor or not.
The series resistor is not necessary. But it will limit the fault current and protect the GPIO from damage if you ever press the button when the pin is accidentally programmed as an output.

GPIOs 0 and 1, however, have relatively strong (1K8) pull-up resistors on the board. So the pin will not go anywhere near low enough if you use a 10K series resistor on the switch. You would need a value between 270Ω and 470Ω. For any other GPIO, using the SoC's built-in weak pull-ups, a series resistor up to 10K should be okay. I would go for 1K, however, and reserve 10K for external pull-ups, if needed.

User avatar
Dweeber
Posts: 606
Joined: Fri Aug 17, 2012 3:35 am
Location: Mesa, AZ
Contact: Website

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 1:18 am

@jojopi, thanks for the response.
Dweeber A.K.A. Kevin...
My RPI Info Pages including Current Setup - http://rpi.tnet.com

User avatar
DexOS
Posts: 876
Joined: Wed May 16, 2012 6:32 pm
Contact: Website

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 1:00 pm

Dweeber wrote:
BrianW wrote:Much quicker and easier would surely be to fit a power switch to your supply cable.
Potentially with devastating affect.... just cutting power to a running system can corrupt your SDCard.
I think your mixing up linux and the way it writes files, with a bare metal OS you will get no corrupt, unless you code a driver that works like linux.
Batteries not included, Some assembly required.

tufty
Posts: 1456
Joined: Sun Sep 11, 2011 2:32 pm

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 3:21 pm

DexOS wrote:
Dweeber wrote:
BrianW wrote:Much quicker and easier would surely be to fit a power switch to your supply cable.
Potentially with devastating affect.... just cutting power to a running system can corrupt your SDCard.
I think your mixing up linux and the way it writes files, with a bare metal OS you will get no corrupt, unless you code a driver that works like linux.
Anything that writes to the SD card can potentially corrupt the card if it's interrupted brutally. Doesn't matter if it's Linux or bare metal. Admittedly, you /probably/ have more chance of killing a linux system by so doing, but if you were to imagine (as I do) an OS that uses RAM as a local cache of persistent storage, you might well find yourself in a case where you either kill the card or the OS image rather rapidly by simply yanking the power.

Simon

User avatar
DexOS
Posts: 876
Joined: Wed May 16, 2012 6:32 pm
Contact: Website

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 5:37 pm

tufty wrote: Anything that writes to the SD card can potentially corrupt the card if it's interrupted brutally. Doesn't matter if it's Linux or bare metal. Admittedly, you /probably/ have more chance of killing a linux system by so doing, but if you were to imagine (as I do) an OS that uses RAM as a local cache of persistent storage, you might well find yourself in a case where you either kill the card or the OS image rather rapidly by simply yanking the power.

Simon
But most bare metal OS's do not write to SD card yet and if they do, they should do it in such away that if they did just power off you would lose unsaved data, but it would do no harm to image or SD card.
But to save data, do this command and than power off only when finished.
Batteries not included, Some assembly required.

tufty
Posts: 1456
Joined: Sun Sep 11, 2011 2:32 pm

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 8:27 pm

DexOS wrote:they should do it in such away that if they did just power off you would lose unsaved data, but it would do no harm to image or SD card.
It's not that simple.

Let's look at, for example, that perennial favourite filesystem, FAT. When you write to a FAT filesystem (or, indeed, most any filesystem), every time you allocate or reallocate a block (for example, you add new text to a file, move text around, open a new file, etc), you also need to write to the File Allocation Table (or other housekeeping areas).

The best case (in terms of a power glitch / outage / off affecting a write) is that you fail to finish writing some data to a file. Your file is now missing data, but hey, no biggie. Next up, you mess up a block on the card that is part of a file (or files). No particularly big deal, you've probably corrupted a file or two. Next worst is that you've managed to write file data but failed to write to the housekeeping areas (or vice versa). You now have an inconsistent filesystem, but it's probably mostly repairable. In odd cases,though, you're going to hit (and kill) a write to the housekeeping area, and you've killed the filesystem.

In my case, writing inconsistent data to "a file" might actually hose the entire system. I'm trying to work out ways around that, but it ain't easy. Or, in fact, always 100% possible.

At the media level, the situation can be even worse. Certain actions are carried out automagically by the media itself - if you hit and kill one of those, you can, at worst, kill the card totally and irretrievably. The cost of a new card is minimal, but it's not the media that's valuable.

Simon

SiriusHardware
Posts: 500
Joined: Thu Aug 02, 2012 9:09 pm
Location: UK

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 9:03 pm

tufty wrote: At the media level, the situation can be even worse. Certain actions are carried out automagically by the media itself - if you hit and kill one of those, you can, at worst, kill the card totally and irretrievably. The cost of a new card is minimal, but it's not the media that's valuable.

Simon
Simon, reading through your posts above, it seems quite clear that no-one should ever, ever, turn off a Raspberry Pi.

Ever.

The only way to avoid this situation is to give the operating system control over the power on/off system (as was done on PCs and compatibles on ATX hardware), in which:

The user tells the OS that he/she wants to turn the computer off.
The OS finishes any file writes and or reads that were in progress and wraps up any other business.
The OS sends a command to the hardware to kill the power to the system.

Prior to ATX, WIndows used to tell you wait until it was finished and then tell you that it was 'Now safe to turn off your computer'.

Since the Pi does not (to my knowledge) have a system controlled power switch, it appears that we can only either never turn the Pi off, or accept the small possibility that it may be accessing the card just as we turn the power off. That's just the way it is. The best we can do is exit any running applications that we know of before pulling the power, but that's it.

User avatar
DexOS
Posts: 876
Joined: Wed May 16, 2012 6:32 pm
Contact: Website

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 9:44 pm

I have written many files sys, including fat and i agree with you that if you are updating certain parts of the file sys and turn your sys off it could do bad things.
We agree on that, but if the OS is designed in such away to make it as safe as possible, that at anytime the OS could be switched off, then you will have no more chance of corrupting the file sys than using linux and someone kick the plug out or you have a fuse blow.
I am thinking about a Dos like sys, which is as close to a bare metal sys than it is to a desktop OS.
How many times have you heard of MS Dos being corrupted by just turning off the power switch ?, i have never heard of it or had it happen to me.

From what your saying about your file sys, it sounds like you want to load the whole file image into ram from SD (maybe a img file), do any read/writes in ram, then before turning the pi off write any changes back in one block.
Am i right ;) .
Batteries not included, Some assembly required.

SiriusHardware
Posts: 500
Joined: Thu Aug 02, 2012 9:09 pm
Location: UK

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 9:50 pm

DexOS, briefly Off Topic, but is that Sheldon Cooper I see on your sig photo? :D

I wonder how long it will be before we see a Pi being talked about / being used / being a background prop in The Big Bang Theory?

They get so many small details right. Have you noticed that their desktop PCs never have the side panels on?

Neither do mine...

User avatar
jojopi
Posts: 3079
Joined: Tue Oct 11, 2011 8:38 pm

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 9:57 pm

SiriusHardware wrote:Prior to ATX, WIndows used to tell you wait until it was finished and then tell you that it was 'Now safe to turn off your computer'.
The Pi has several very similar states to this. It has the linux kernel "system halted" state, with display still on, that you get to after "shutdown -h -H now". It has the gpu firmware low-power halt state, preceded by ten flashes of OK led, that you get to after "shutdown -h now". And it also has the idle state where it is generally safe to turn off the power because of the filesystem journal.

The main problem with turning off the power when idle is that on a preemptive OS you can never be sure that some background process is not just about to wake up and write to the SD card. On general linux systems even that can only result in minor data loss, because the filesystem layout integrity is protected by the journal. But on SD cards, as tufty has said, there is an additional risk that removing power while the card is writing could corrupt the hidden metadata related to wear-levelling, possibly making the card unusable.

So use the recommended shutdown methods for your OS. Or if you must pull the power, at least do so when the system is not writing to the SD card.

User avatar
DexOS
Posts: 876
Joined: Wed May 16, 2012 6:32 pm
Contact: Website

Re: IDEA: reset button with watchdog

Tue Sep 04, 2012 10:10 pm

SiriusHardware wrote:DexOS, briefly Off Topic, but is that Sheldon Cooper I see on your sig photo? :D

I wonder how long it will be before we see a Pi being talked about / being used / being a background prop in The Big Bang Theory?

They get so many small details right. Have you noticed that their desktop PCs never have the side panels on?

Neither do mine...
[Off Topic] Yes it is Sheldon Cooper and i agree about the pi will be in a future episode 8-).
Not noticed the side panels off, i will keep a eye open for it :lol: .
Batteries not included, Some assembly required.

tufty
Posts: 1456
Joined: Sun Sep 11, 2011 2:32 pm

Re: IDEA: reset button with watchdog

Wed Sep 05, 2012 4:36 am

DexOS wrote:How many times have you heard of MS Dos being corrupted by just turning off the power switch ?, i have never heard of it or had it happen to me.
You never had to support dos in a business environment, did you :)

Admittedly, most file system and data ******* came from application bugs *coff* Ashton-Tate's DBase 4 'data recovery' tool *coff* but I saw a lot of destroyed dos installs due to users getting impatient and power cycling. It got worse, unsurprisingly enough, with the introduction of Windows.
From what your saying about your file sys, it sounds like you want to load the whole file image into ram from SD (maybe a img file), do any read/writes in ram, then before turning the pi off write any changes back in one block.
Am i right ;) .
Something like that. A 'file system' that maintains a consistent 'system state' at /all/ times. The idea beng that you turn off your system, when you turn it back on you are exactly where you were -same ui, same data open, cursor in the same place, undo/redo history still in place, etc. Basically, system state is persistent, ram used as a write buffer for that persistent storage.

Simon.

dwelch67
Posts: 955
Joined: Sat May 26, 2012 5:32 pm

Re: IDEA: reset button with watchdog

Wed Sep 05, 2012 7:17 am

Dos, linux, bare metal. it doesnt matter, if you have any plans to save anything to non-volatile memory there are critical sections of code that you cannot simply axe the power and hope to have that data saved properly. And actually some non volatile hardware (eeprom, flash) can be corrupted by being read as well. Read disturb on flash, and I know of at least one eeprom that if powerdown is not sloped and controlled properly relative to reset you can start to corrupt the prom as the power is going away.

In general though if you only use that non-volatile storage as read-only in your application, flipping the power switch is usually okay at any time. If you ever need to save something though you want to give the thing a fighting chance, have your application software watch the power button and reset the system when everything is written, and no writes are in progress or will be in progress as power goes away. If the system becomes unstable and the button doesnt work they can unplug the thing from the wall. The instability itself could be running code that is thrashing and trashing non-volatile memory anyway so it may already be dead.

The watch dog timer is an easy way for the arm to reset the board programmatically, from what I remember it causes the gpu to reset and re-boot as well...Have a bootloader on the sd card that
loads a program into the arm, use jtag or a bootloader load some other program into the arm that programs the wdt to reset, watch the sd card based arm program run again meaning the gpu rebooted.

the purpose of a watch dog timer is for automatically attempting to recover from an unstable system, set it long enough that you are pretty sure that whatever is going on you cant recover from, and have to sacrifice the idea of saving state before rebooting, but save the user from having to yank the power plug. The one problem with a watchdog timer is that your broken application code can be stuck in a loop kicking the watch dog timer to keep it alive. I am not broken... broken... broken... broken...

saving up a lot of non-volatile writes might make the transfer faster relative to individual smaller writes, but at the same time provides a larger target to hit if there is a reset or power failure. not always the case but dont automatically assume that saving up all your writes and doing them at once solves the problem.

I have many times axed dos, windows, linux. and see all of them suffer pain from it, and all of them not suffer from it. windows and dos historically lean toward actually finishing a file transfer before telling you they are done. and the unix world historically considers a write to file cache (ram/memory) a completed file transfer as unix software assumes there will never be a power cycle of any kind, we dont have to finish writing that sector until you choose to reboot the system manually or shut down manually. thus the sync; sync; sync; halt you used to type to shut down. more recently the unixes have gotten better but definitely two different cultures. we have linux based systems where we power cycle to test our hardware by yanking power through programmable power switches, many many power cycles and amazingly the operating system survives much more of that than you would expect. In part that is driven by the test as all the os needs to do is power up, detect the card came up properly and report pass/fail, then the os idles until the axe falls again.

if you are looking to build a fault tolerant product, I would design that product from the ground up, not buy a raspberry pi and put it in a box with your product name on it. If you dont store anything and basically run your operating system (assuming linux) in ram using a ramdisk only using nv memory to read the kernel and root file system one time. You can axe the power on that a lot before it will fail. You could try using say a spi flash or eeprom or something for some storage or maybe the sd card, but format the information in a round robin fashion or something like that, first time goes in memory bank a, erase a, write a, only valid banks have a checksum and sequence number. next bank b erase, write including sequence and checksum. Then when you go to read back the info look for banks that are complete meaning the checksum or crc pass and have the largest sequence number. If the power goes down on a save you lose one save and revert back to the one before but you dont lose your system. This is just an example you need to design the solution to be fault tolerant if you plan to let the user axe the power. (and dont plan on having the user format and prepare sd cards from time to time to bring up the product or recover it from failure).

BlackJack
Posts: 288
Joined: Sat Aug 04, 2012 8:28 am
Contact: Website

Re: IDEA: reset button with watchdog

Wed Sep 05, 2012 8:05 am

@dwelch67: One reason why power cycling DOS has a greater chance of failing to come up again unharmed than modern Linux systems is that modern filesystems try very hard to make sure that at least the filesystem's metadata is always in a consistent state. There might not be all user data saved but at least the infrastructure is not corrupted.

Code: Select all

while not self.asleep():
    sheep += 1

dwelch67
Posts: 955
Joined: Sat May 26, 2012 5:32 pm

Re: IDEA: reset button with watchdog

Wed Sep 05, 2012 2:22 pm

BlackJack I am well aware of all of this...

User avatar
dougie
Posts: 6
Joined: Sat Jan 12, 2013 7:01 am
Location: NRW, Germany
Contact: Website

Re: IDEA: reset button with watchdog

Sat Jan 12, 2013 7:04 am

All,

here are just my two cents.

http://www.m1n1.de/html/raspberry_pi_reset_switch.html

By using a small transistor, it helps getting thing done by some other µC ... just adding some flexibility.

BR
Ralf

User avatar
DavidS
Posts: 4334
Joined: Thu Dec 15, 2011 6:39 am
Location: USA
Contact: Website

Re: IDEA: reset button with watchdog

Sat Jan 12, 2013 10:30 pm

tufty wrote:
DexOS wrote:they should do it in such away that if they did just power off you would lose unsaved data, but it would do no harm to image or SD card.
It's not that simple.

Let's look at, for example, that perennial favourite filesystem, FAT. When you write to a FAT filesystem (or, indeed, most any filesystem), every time you allocate or reallocate a block (for example, you add new text to a file, move text around, open a new file, etc), you also need to write to the File Allocation Table (or other housekeeping areas).

The best case (in terms of a power glitch / outage / off affecting a write) is that you fail to finish writing some data to a file. Your file is now missing data, but hey, no biggie. Next up, you mess up a block on the card that is part of a file (or files). No particularly big deal, you've probably corrupted a file or two. Next worst is that you've managed to write file data but failed to write to the housekeeping areas (or vice versa). You now have an inconsistent filesystem, but it's probably mostly repairable. In odd cases,though, you're going to hit (and kill) a write to the housekeeping area, and you've killed the filesystem.

In my case, writing inconsistent data to "a file" might actually hose the entire system. I'm trying to work out ways around that, but it ain't easy. Or, in fact, always 100% possible.

At the media level, the situation can be even worse. Certain actions are carried out automagically by the media itself - if you hit and kill one of those, you can, at worst, kill the card totally and irretrievably. The cost of a new card is minimal, but it's not the media that's valuable.

Simon
I do not know how you are handling filesystem stuff. On FAT12/16/32 file systems If you wrie the file data to known unused blocks, then write the directory entry for a 1 block file starting a the first block of your file, then write the FAT cain to the primary FAT, then for the secondar FAT, then update the directory entry to the length of your file the process can be inteupted at any point with out causing any file system corruption. Also any errors that are created due to inconsistancies can be undone by just about any fat fschck program. Yes you may loose the file that whas being written at the moment.
If you wish to make things safer, when updating an exising file, write the entire file to a new location after it is modified, then update the fat, then update the existing directory entry.
RPi = The best ARM based RISC OS computer around
More than 95% of posts made from RISC OS on RPi 1B/1B+ computers. Most of the rest from RISC OS on RPi 2B/3B/3B+ computers

Rene_is_I
Posts: 172
Joined: Tue Dec 25, 2012 12:52 pm

Re: IDEA: reset button with watchdog

Sat Jan 12, 2013 11:51 pm

dougie wrote:All,

here are just my two cents.

http://www.m1n1.de/html/raspberry_pi_reset_switch.html

By using a small transistor, it helps getting thing done by some other µC ... just adding some flexibility.

BR
Ralf
On your site, you mentioned that you have not implemented the circuit because all the pins
go to a high state during initialization.
OK, how about this for a solution, since all the GPIO pins will pretty much go to the same logic
level whilst the board is being initialized by the OS, why not have a circuit that uses say 4 GPIO's
but each one must be at an alternate state, for example GPIO_1 must be high and GPIO_2
must be low and so on and only then will the reset be active.
Since the chances of this happening randomly is very small (even smaller if one uses more GPIO pins),
then it can be created only when needed by a script.
Below is the circuit which uses NAND gates but any logic invertors would work.
At least it's not a uP which adds to the complexity by needing to be programmed.
The whole circuit could easily be built on a small piece of Vero board.

Image

To recap, Reset only active when:
(GPIO_1 = 1) & (GPIO_2 = 0) & (GPIO_3 = 1) & (GPIO_4 = 0)
Larger circuit diagram here: http://s7.postimage.org/5isg4y7rv/RPI_RESET.jpg

Rene_is_I
Posts: 172
Joined: Tue Dec 25, 2012 12:52 pm

Re: IDEA: reset button with watchdog

Sun Jan 13, 2013 12:34 am

Here is the same circuit modified to also accept an output from a WDT.
Depending whether the WDT has active hi or active lo outputs, connect
to the corresponding input on the circuit.

This way one can reset the Pi either by writing the correct data to the GPIO or if
the WDT times out.
The WDT can be periodically "poked" by another GPIO pin.

Image

http://s8.postimage.org/ixvc59rxh/RPI_RESET_2.jpg

Return to “Bare metal, Assembly language”