I've used the watchdog before to reset my board if something went wrong and hung up my code. Works great.
I want to talk about using the Watchdog ISR to save some critical state variables to EEPROM right before the reset so I can come back up in the same state I was in before reset. That is a fairly simple thing to code, but I wanted to ask about the reliability of that ISR. I mean how much can I count on that to run and run properly. Let's say for instance that I had foolishly used the String library in a part of my code and corrupted the stack or the heap and locked up the program. When the watchdog goes off, will the ISR be able to run in that state? And how would I ever be able to know that the variables weren't corrupted in the crash? If the code is truly locked up and the ISR can't complete, will the reset still happen or is it just going to hang there waiting for the ISR to finish?
Is there a piece of the approach that I am missing here?
One last question... Is plopping a while(true){} somewhere in my code an acceptable way to simulate a hang in order to test the watchdog code? Or should I intentionally do something wrong (like with the String library) to simulate a real fault.