Arduino - maximum run time and fault tolerance

Hi, Is there a limit on how long an arduino can run for? I've built a project that allows a boat to navigate around a given course, currently it's an electric boat, but I was thinking of converting it to sail and sending it out across the atlantic.

First question is that the current design uses functions like millis() that rely on the time since starting, eventually (i assume) these counters are going to recycle, what happens then?. The second issue is that we all know that computers occasionally just get stroppy and require someone to press the big red button, there's not going to be anyone to press the button in the middle of the atlantic, is there anyway of forcing the processor to reset itself every day?

I'd also thought about having three separate arduinos and designing some sort of 'voting system' to check which ones are working. when everything is working OK the three arduinos should all say the same things, if two of them say one thing and the other says something else then the 'voting system' should be able to deduce that one of the arduinos is faulty, and either ignore and reset it. The problem here what to do if the 'voting system' fails? Any suggestions about this?

All ideas welcome!

The Arduino is fine.

It's the Atlantic ocean that will be the problem.

Sea water will get in and the system will fail. Period. Don't waste your money.

You don't say what size boat you are thinking of, but it doesn't really matter.

If you doubt my comments, just read about any of the round-the-world sailing races and consider how much money is spent trying to make them reliable.

...R

If you look in the [u]Language Reference[/u], it tells you millis() rolls-over in about 50 days. It returns type unsigned ling, which is 32-bits. It can count up to 4,294,967,295 milliseconds.

I don't have a code example handy, but "philosophically" it's an easy problem... You can simply count the number of times it rolls-over. Or, you can convert to hours, every hour, etc. It's probably better to by an RTC (real-time-clock) chip. It will be more accurate.

I'd also thought about having three separate arduinos and designing some sort of 'voting system' to check which ones are working.

If nothing's defective and nothing unexpected goes wrong, and there is no mechanical, electrical, or environmental damage, solid state electronics should essentially "last forever".

If something is going into space or out to sea, redundancy is a good idea. Two would probably be enough. You can include something in your software called a "watchdog timer" to make sure the processor is running (approximately correctly) and re-boot if necessary. You can also check any sensor inputs to see if they are in a "reasonable range"... For example, if the temperature is reading 1000 degrees, something is wrong.... It could be the sensor, the microprossor/software, a loose (or wet) connection, or a fire!

I have a 1994 van. When it was fairly new (I don't remember exactly), I built and installed an alarm system (using a now "antique" microprocessor). It runs 24/7, even when turned "off". It's still running nearly 20 years later. The only time it's stopped is when the car battery dies every 4 or 5 years.

This is from the [u]Atmel Website[/u]:

What is the Mean Time Between Failure (MTBF) data for the AVR micro controller?

Answer
Mean Time Between Failures is an indication of the number of hours to pass between failures.

Here are the MTBF numbers calculated from life test and data retention
results:

65ºC 1.69x10e7 hours. => 1929 years
85ºC 4.46x10e6 hours. => 509 years
105ºC 1.34x10e6 hours. => 153 years

With good programming, you won't run into the problem that computers have. Computers are constantly storing stuff that is going on, which increases its memory consumption and/or Hard disk space. Assuming you are not doing this, then the Arduino will last longer than you need it to.

As for trying to autonomously sail a boat across the Atlantic, good luck, that sounds like a terribly complicated problem that would require years and some good amount of money to develop.

Whatever else happens, you're gonna need a bigger battery!

thanks guys - some useful stuff their, plus a surprising amount of pessimism.

The navigation side of the issue should be reasonably easy - I've already done something similar for an electric boat. The battery could be charged from a solar cell, and a small pump could get any water out should there be a leak (minor leak anyway)

I was thinking of a 1 or 2 meter long model boat, or even a laser type dingy (I know where I can get an old one for free). The sail can be set in a fixed position (not very efficient, but will still propel the boat). The comms can be achieved via satellite link (already done this, so shouldn't be a big problem). I've built a weather station before so getting windspeed and direction should be achievable. What I haven't done before is to do the maths to plot an optimum course given the wind direction and the fix setting of the sail.

The part of the project that looks hardest is building something that will withstand Atlantic storms for many months on end.

Cheers

The part of the project that looks hardest is building something that will withstand Atlantic storms for many months on end.

Why not build a submarine?

RobvdVeer:

The part of the project that looks hardest is building something that will withstand Atlantic storms for many months on end.

Why not build a submarine?

Definitely will solve the issue of "What if it capsizes" and "How do I deal with strong winds"

My pessimism comes from what I remember of the complexity of sailing a boat. I do not think that this is an impossible task, in fact I think it is a great task, and has some interesting engineering challenges. However, I also remember that it was pretty hard to keep the small boats (Like a sunfish) from capsizing. While I would be fine with this idea in a lake and generally in fair weather, the fact that you want to cross an ocean with it's weather makes me think that this isn't the best idea, as most likely after the first big storm, you'll just lose your boat.

Interesting project, be sure to keep us advised if you proceed with it!

Regarding millis() rollover, it is absolutely not an issue and has been discussed ad nauseam here. Rather than trudge through all the forum threads, I'd recommend this page that Nick Gammon recently created which does a great job of explaining things.

For those unforeseen situations that require a reset, research the proper application of the watchdog timer.

Why not build a submarine?

I did think about this, but any boat driven by an electric motor is going to need a motor that can run reliably for 6 months.

A simple fixed-sail sailing boat has just one moving part - the rudder, hopefully there's less chance of failure with fewer moving parts.

Checkout this link....
http://www.microtransat.org/

there are several others trying something similar

mirith:
I also remember that it was pretty hard to keep the small boats (Like a sunfish) from capsizing.

I think if you are to have any chance of success you would have to design your boat so that it could be shoved tens of feet under water and still float to the surface and right itself. It would need to be built more like a submarine than like a conventional boat.

When your boat disappears under the waves how much money and how many hours of work will you have lost?

If you don't care about the cost, go for it.

But don't, even for a microsecond, think that a sailing dinghy has any role to play.

...R

As far as this issue:

The second issue is that we all know that computers occasionally just get stroppy and require someone to press the big red button, there's not going to be anyone to press the button in the middle of the atlantic, is there anyway of forcing the processor to reset itself every day?

You can program a "watchdog timer", part of your code must reset this timer every so often, if not reset then the chip will reset itself.
You can also hardcode in a reset based on millis time if needed.
With a little care in coding, this should not be needed tho.

You can also hardcode in a reset based on millis time if needed.

Sounds like a good idea, now do I do a software reset?

thanks

Forget the arduino piece for now; it's trivial compared to the problems you need to solve for the boat itself, particularly such a small one. See what your prototype vessel can do on a beam reach at a fixed angle to the wind (just like model racing yachts) in enclosed waters in a storm. Bear in mind that such a test is hardly even baby steps compared to what you're trying to achieve in the ocean.

Some of the single handed crossings without able bodied crew demonstrate that it's possible to build a vessel that can manage without someone to go outside to fix broken gear, but these are full size yachts and the crew can trim and more critically reef the sails. What you're proposing is I suspect, much more difficult than you realize.

Build a radio controlled model sailing boat - say minimum 2ft long, preferably 3ft. Build it, don't buy it, so that you can learn how sail boats work. You will probably find plans or advice in model boat magazines. It doesn't have to be a racing boat, indeed probably better if it's not, because racing models can be expensive and unforgiving.

Sail it on a piece of water where you can easily retrieve it if it blows out of control.

When you are satisfied that you can control it well even in strong winds then think about what features you could control with an Arduino and try them out. If it continues to sail well then you could consider scaling up the idea.

If you find you can't sail it well with radio control ask an expert R/C sailor to test your boat. Don't assume there is a problem with your boat. And if there is, all it will probably need is some fine adjustment of the position or rake of the mast.

I have sailed RC models I built myself and full sized sail boats. I was amazed how the full sized boats behave just like the models - or is it vice versa?

...R

To repeat - I think that anything you want to survive being sent out into the ocean must be designed to tolerate being completely submerged under several feet of water. You need to be thinking about something built like a submarine but with lots of excess bouyancy to keep it on the surface - not a conventional yacht design.

Peter, I agree it has to be robust and waterproof - but it also needs to be a sail boat because it wouldn't be possible to carry enough fuel for any other type of propulsion. Without propulsion it's just a message in a bottle.

If the OP starts with a regular model sail boat he will have enough to occupy him for a few months.

...R

When you say start with a sailboat I envisage a hull and a keel and a mast, and something that will sink if pushed under water. What I'm trying to describe is a fully enclosed vehicle like a submarine, with a ballasted keel for stability and a sealed hull for bouyancy, with a mast stick out of the top and whatever sail controls and steering mechanism you choose connected to that in some way that lets you keep the hull sealed. I'd envisage that looking more like a lifeboat/escape pod than a sailing yacht.

There are lots of design options - monohull, catermaran or trimaran. Plus several propulsion options - solar-electric, windturbine-electic or simple sail.

my current plan is to get a simple design for autonomous boat that will work in light wind conditions on the local lake. If this is feasible, then i'll move onto making a ruggedized version.