Not sure where to put this so any help is appreciated. Have never posted in forum before so bare with me. I would like to talk about a way to protect possibly life, property, ect when doing micro controller based projects that are controlling things like heat elements, pumps, ect... I have not seen any discussion on this and if there is my apologizes. As i have seen may comments on and agree with you should not be using Arduino boards as finished products. These are developmental boards (and very good ones if I may) meaning they are to be used for initial design, troubleshooting and pre-proof of concept. Once you have a working and tested model it is time to either build on permanent perfboard or etch a PCB. With that being said I am not talking about cute little LED projects that sit around on Battery power (not that there is anything wrong with these projects, who dont like a RGB mood lamp to look at and see the current mood of the World according to twitter!) I am talking about projects that are going to control A/C units, Furnaces, Irrigation systems, Pumping systems, Heating elements and the like. None of these projects should be attempted by individuals without the working knowledge to understand how to size relays and contactors properly and the safe and proper techniques of working with line voltages. I am in America and am a licensed electrician and around here our mains are 120/208/220/240 or 277/480 volts AC. So on with my watchdog/ fail safe idea. I realized while building a project last week that although it may (or may not) be a concern but what would happen if my micro (in this case a ATMEGA328P) was to fail, lock up, crap out ever how you want to say it and left my pump running while i was gone for the weekend? I would come home to a horrible mess and possibly hundreds or thousands of dollars worth of damage. That $300.00 controller they wanted me to buy aint so expensive now is it? Just something to think about. So i set out to find a solution. Attached is a one line diagram (for simplicity) of a circuit i think might solve this problem (I will include a detailed drawing along with code and instruction on complete project if there is any interest in this post). I choose the 555 timer as the core of this solution because it has been around for a long time, has a wide range of voltage tolerance and proven itself as a reliable chip for decades and still used in electronics to this day.
The 555 is to be used in mono-stable multi-vibrator mode as a missing pulse detector. As long as the pulses keep coming the master control relay stays energized and all the power control relays get to work: however if the pulses start missing, meaning the controller locked up, then the 555 times out and the relay turns off, also killing control power to all power control relays. I would like the community to give me feed back on the following:
Do you find this to be a good idea?
Should I set the fuse to pass thru clk signal and use that at 555, or write a couple of lines in sketch to pulse a DO. my only concern was if it was possible that micro could lock up and still pass thru clk, if being done buy code and locked up it would have to stop.
What should my clk pulses to fail ratio be? Should i miss 2, 10 , ? before timing out
So your fail-safe means a watchdog timer.
Did you ever consider the chip's own watchdog ?
You do need to read up a bit, as the bootloader might interfere with that solution (which can be solved).
But who needs a bootloader in their end products ?
If you still want to go on with your external watchdog, there's ready to use watchdog timers from maxim and ST, and probably a bunch of others.
I wouldn't trust on the clock throughput for this, and periodically send out a reset pulse for your timer using a separate output pin.
Perhaps it would be possible to combine some function, and save a pin if you need to do so.
Thank you for your feed back. I was aware that the chip has internal watchdog but was considering worse case scenario failures where an output could get lock in an on condition and never turn off. I would hope that manual high limits in place would defeat expensive failures but there are never guarantees. Precautions build into design is always a good thing. I come from a control background in municipalities like waste water and there is almost always redundancy controllers. However I don't want to over complicate design and certainly don't understand the boot loader enough to know how it could interfere. Thanks for pointing that out and could you point me in the right direction?
I just googled for "328 watchdog", and found this information.
So you can do that yourself and find out about it.
If you want to prevent the output to be locked by whatever cause, you really should check that output.
Perhaps you can find out if you can create very short pauses in that control signal, triggering the watchdog counter's reset.
These pauses would be too short for the relay to switch, but large enough for the reset to be triggered.
Do check what disadvantages that would have (like possible voltage spikes), and how to counter that.
Thanks again for your feed back and interest. Your last reply made me think. You are correct, all I need to do is monitor the output of interest. If it stays on longer than 2 - 3 times normal cycle then trigger reset and or lock out control power (e-stop).
@jlcash61, may I suggest that you break your comments into different paragraphs to make them easier to read. Following is the text of your Original Post with some whitespace added. I think you will agree that it is easier to read when the reader knows nothing about your project
Not sure where to put this so any help is appreciated. Have never posted in forum before so bare with me.
I would like to talk about a way to protect possibly life, property, ect when doing micro controller based projects that are controlling things like heat elements, pumps, ect... I have not seen any discussion on this and if there is my apologizes.
As i have seen may comments on and agree with you should not be using Arduino boards as finished products. These are developmental boards (and very good ones if I may) meaning they are to be used for initial design, troubleshooting and pre-proof of concept.
Once you have a working and tested model it is time to either build on permanent perfboard or etch a PCB. With that being said I am not talking about cute little LED projects that sit around on Battery power (not that there is anything wrong with these projects, who dont like a RGB mood lamp to look at and see the current mood of the World according to twitter!)
I am talking about projects that are going to control A/C units, Furnaces, Irrigation systems, Pumping systems, Heating elements and the like. None of these projects should be attempted by individuals without the working knowledge to understand how to size relays and contactors properly and the safe and proper techniques of working with line voltages. I am in America and am a licensed electrician and around here our mains are 120/208/220/240 or 277/480 volts AC.
So on with my watchdog/ fail safe idea. I realized while building a project last week that although it may (or may not) be a concern but what would happen if my micro (in this case a ATMEGA328P) was to fail, lock up, crap out ever how you want to say it and left my pump running while i was gone for the weekend? I would come home to a horrible mess and possibly hundreds or thousands of dollars worth of damage. That $300.00 controller they wanted me to buy aint so expensive now is it? Just something to think about.
So i set out to find a solution. Attached is a one line diagram (for simplicity) of a circuit i think might solve this problem (I will include a detailed drawing along with code and instruction on complete project if there is any interest in this post). I choose the 555 timer as the core of this solution because it has been around for a long time, has a wide range of voltage tolerance and proven itself as a reliable chip for decades and still used in electronics to this day.
The 555 is to be used in mono-stable multi-vibrator mode as a missing pulse detector. As long as the pulses keep coming the master control relay stays energized and all the power control relays get to work: however if the pulses start missing, meaning the controller locked up, then the 555 times out and the relay turns off, also killing control power to all power control relays. I would like the community to give me feed back on the following:
I didn't want to comment on it (and scare OP away).
Instead i replied like i always do, trying to make correct punctuation and using paragraphs in order to make my reply as legible as possible and inspire anyone to do the same.
As I'm also looking for a fail safe I found this thread. My 2 cents ... I'm building a complete weather station and for some yet unknons reasons my Arduino Software Watch dog sometimes sleep ! For some problems it works for others it doesn't. Everything freezes.
To have a real fail safe, we must continously monitor a repeatitive and simple job done by the arduino (output pulses looks a good choice) and monitoring it must not be done by arduino. So I found a very simple circuit using few capacitors, few resistors and one comparator that does exactly that : watching the pulses for any absence. The circuit output is 1 with continous pulsing and goes low without pulses for some time (adjustable with components values).
Don't be afraid, this 1988 IBM patent is expired. Download the pdf doc to have all explanations to understand how it works. Quite simple to adjust to your timing requirement. I've used this in another project with success and I hope to use it again for my weather station fail safe.