Definition:
A watchdog timer is typically an independent hardware or software timer that must be regularly reset (‘kicked’ or ‘petted’) by the main program. If it is not reset within a set interval, it triggers a safe state (e.g. reboot, trip, or alert).
Watchdog action may cause the system to reboot, shut down, or trigger a hardware interlock. For smart devices, it should be considered part of the diagnostics and would trigger a SD or a DD error depending on the device.
Watchdog timers could exist anywhere in a SIS, but most likely in the logic solver, then a smart instrument, and lastly the final element. Many even in remote I/O panels
Key Points:
- Prevents frozen logic solvers from missing safety actions.
- Required for many safety-critical devices.
- Tied to diagnostics and DD and SD alerts.
Example:
A PLC reboots automatically if no reset signal is received within 100 ms. This can send all SIFs to a safe state, depending on how it is configured.
See Also: safety PLC
Cited Source:
- IEC 61508-2:2010, Clause 7.4.7
- IEC 61511-1:2016, Clause 3.2.88
- Wikipedia – Watchdog Timer