Discrete watchdog

As with other projects, I use Hackaday to "open source" my work, keep design notes tidy, help and inspire others... Here, I don't believe the system can be covered by copyright so I guess that no license applies.

The system:

A Raspberry Pi controls some lights and stuff. This could be any other programmable digital platform though.

The problem:

a safety relay must be released when the main program stops.

atexit() is not fired in all the cases and can't garantee perfect reliability and safety.

The approach:

An "active" system is required: it is not enough to set a GPIO pin off at the end of the program. There is no OS feature that restores the GPIO state in ALL conditions (such as emergency shutdown or i the kernel hanged).

Usually, people use a "watchdog", a piece of HW that is polled continuously and that resets the system when a timeout occurs.

In the current system, there is no need to reset the computer, only the safety relay.

A GPIO pin is already used: setting it works but clearing it is not perfect, for countless platform-specific reasons.

The idea:

Borrow from the classical watchdog paradigm with software polling.

Instead of pinging a particular memory or I/O address, the program toggles the existing GPIO pins instead of using a given signal level.

The program can generate at least 10Hz from the main loop.

The design:

Now the question is how to turn the oscillation into a level.

DC signals shouldn't pass, only AC and transients : a blocking cap (C1) is required.

A charge pump follows, with a couple of diodes (Schottky for lower drop).

At the end of the chain, the charge pumps fills a storage cap (C2) that controls the gate of a N-MOSFET.

In the middle, a diode (SD1) rectifies the current and lets it only charge the storage capacitor (think about a primitive crystal radio). Discharge goes through a high-value resistor (R1, 1M) to provide a long (and adjustable ?) RC time constant.

SD2 lets the blocking cap C1 recharge.

Did you notice the absence of freewheel diode across the relay's coil pins ? It is not needed because the MOSFET does not switch abruptly and the coil has a lot of time to release its energy.

If higher current is required, the charge pump can be extended to two stage to (almost) double the initial voltage. Since the Pi drives its pin with 3.3V, the single-stage circuit provides about 3V to the MOSFET's gate, which is enough for a small relay.

The parts values are chosen for a time constant of approximately one second. C1 could be increased to require fewer cycles until the MOSFET is fully conducting, though it also depends on the input signal's frequency.

Logs:
1. First implementation

Project Logs

Collapse

First implementation
Yann Guidon / YGDES • 10/29/2016 at 16:11 • 11 comments
My first version went quite well and I didn't have many surprises.
First, let's talk about software.
The Raspberry Pi's SoC doesn't allow you to write a value to a given pin. Instead, you have to write bits to a certain register to set the corresponding pin(s) to 1, and to another register to reset to 0. This is intended to remove some problems with a heavily shared I/O pins and avoid race conditions with Read/Modify/Write cycles.
Other platforms (MIPS-based PIC32, others?) have a third register to "toggle" the pin, but the BCM2835 doesn't. Damnit.
I wanted to write something elegant, with no IF, so I used a different approach. Since the pin's state must alternate, the register number will alternate too. Each time the pin is toggled, the variable that contains register number is then XORed with the difference between the SET and CLEAR registers.
The output toggling should also be enabled or disabled. A second variable is created: it is cleared when the output is disabled (no toggling because x^0=x) and it is set to the difference ("delta") for toggling the input.
(note: the following code uses my #C GPIO library for Raspberry Pi)
```
/* Include my personal GPIO library */
#define PI_GPIO_ERR  // includes errno.h
#include "PI_GPIO.c" // includes stdio.h,
// sys/mman.h, fcntl.h, stdlib.h - signal.h

// number of the toggled pin
#define PI_OUT_MOSFET (7)

/* Toggle : alternate the pointer from RPI_GPSET0 to RPI_GPCLR0 */
#define TOGGLE_DELTA ( RPI_GPSET0 ^ RPI_GPCLR0 )
int toggle_var=RPI_GPCLR0, // start with pin OFF
    toggle_en=0;

...

// interruptible wait (5ms) in the main loop
nanosleep(&nanosleeptime,NULL);
// Toggle the GPIO
*(PI_gpio+toggle_var)= (1 << PI_OUT_MOSFET);
toggle_var^=toggle_en;

// to disable toggling:
toggle_en=0;

// to enable toggling:
toggle_en=TOGGLE_DELTA;

...
```
My code already contains a very short, interruptible delay (5ms) which creates a pretty good (slightly jittery) 100Hz signal on the selected pin.
Jitter is not a problem here. At least I have an approximate frequency range so I can tune the rest of the circuit.
Now, the hardware.
I checked the program's behaviour with the scope then proceeded to assemble the charge pump.
I used the same part as the following schematic:
The discharge time constant is approximately 1µ×1M=1s. This means that the same charge as C2 should be reinjected several times per second, to keep its nominal voltage.
C1 is chosen smaller to reduce the strain/current on the GPIO pin, and also because at least 10 cycles are needed to charge C2. Actually it's more like 30 to reach a good voltage, so 30Hz is like a minimum frequency. I have a 3:1 margin, that's good. The CPU can miss a few beats, and the relay has some hysteresis so the whole will not oscillate wildly in case of high CPU load.
For the beginner, the interesting trick is that the ratio of capacity between C1 and C2 deternmines the speed of rising voltage. It's also influenced by the signal frequency. A larger C1 will charge C2 faster but also create higher currents. A higher input frequency requires a smaller capacitor.
Discharge curve:
The discharge is slow and no freewheel diode is required for the relay :-)
Charge curve:
As expected, 10 cycles bring the level to 2/3Vcc (2V). At 30 cycles, it's "almost there".
The curve at the intermediary node:
Now the only problem is that the BS170 barely lets current flow at Vgs=2.90.
I have used BAT85 (small signal Schottky diodes) to minimize the losses but this is yet not enough. The BS170 would rather have 3.3V or 5V to switcth the required 65mA with the least losses possible.
(Note: "just for safety" I left the freewheel diode from the previous iterations of the board, which has seen some serious work already)
The normal solution is to wire 2 more diodes and capacitors to double the charge pump's voltage:
But space was too tight so I used the other solution: get a better transistor. I could have some use for @DeepSOIC's depletion trick but he saw that the effect doesn't last :-P
I settled for a SI4920...
Read more »