Pin behaviour in case of chip defect

doglike
Posts: 63
Joined: Fri Aug 18, 2017 4:21 pm

Pin behaviour in case of chip defect

Postby doglike » Mon Jan 11, 2021 11:41 am

Hi,

I have an application (see attachment), where I switch a N-Channel Mosfet with GPIO16 of ESP-WROOM-32E.
GPIO16=HIGH switches the Mosfet ON, that switches a solenoid.

The state of the solenoid is critical and has to be always in a controlled state.
I have a lot code for monitor this (electrical check etc...).
In case of an error, I switch GPIO16=LOW and turn off the Mosfet and solenoid :arrow: this is the failsafe state.

The only possible error, where I am not sure what will happen is:
What will happen, if the chip/ESP gets broken during runtime?
My desired behaviour is, that GPIO16 goes LOW and triggers the failsafe state automatically.

Does anyone know what will happen in this case?

Thanks in advance!
Attachments
enaPin.jpg
schematic
enaPin.jpg (58.11 KiB) Viewed 5625 times

ESP_Sprite
Posts: 9769
Joined: Thu Nov 26, 2015 4:08 am

Re: Pin behaviour in case of chip defect

Postby ESP_Sprite » Tue Jan 12, 2021 2:31 am

That is hard to say, especially because a chip can theoretically have a whole bunch of different failure modes. I would say that for a fair few of them, however, the watchdog will eventually reset the chip, so IO16 will be at whatever level it is after a reboot. (I assume that would be tristated, but I'm not sure.)

If you want to be 100% sure of your failsafe, you could implement something like an external watchdog chip combined with a flipflop. If the watchdog times out (because the ESP32 is broken somehow), it resets the ESP32 but also triggers the flipflop which in turn can force the IO-pin into a failsafe state.

becorey
Posts: 92
Joined: Sat Mar 28, 2020 4:18 pm

Re: Pin behaviour in case of chip defect

Postby becorey » Tue Jan 12, 2021 4:49 am

You could do a 555 timer that will pull the gate low after some short time like 50 ms. Then have your esp32 pulse to reset the 555 timer like every 40 ms. If your esp32 fails to reset the timer for any reason then the 555 will complete and pull the gate low.
There are probably also watchdog chips that do similar things in a dedicated ic, do some searching.

doglike
Posts: 63
Joined: Fri Aug 18, 2017 4:21 pm

Re: Pin behaviour in case of chip defect

Postby doglike » Wed Jan 13, 2021 10:21 am

Hi and thanks for your replies!

I also thought about an additional timer/watchdog chip.
But don't you just shift the failure-problem from the ESP to the timer/watchdog?
Then the additional chip can fail...
I am a little bit stuck...

chegewara
Posts: 2378
Joined: Wed Jun 14, 2017 9:00 pm

Re: Pin behaviour in case of chip defect

Postby chegewara » Wed Jan 13, 2021 11:56 am

doglike wrote:
Wed Jan 13, 2021 10:21 am
Then the additional chip can fail...
I am a little bit stuck...
Then i will follow this way of thinking and i will ask, do you have fail safe in case of transistor fail, or selenoid, bad soldering, or just a wires? Everything may pass quality tests, but after some time fail.

In other hand esp32 is complicated chip, with software that may fail to work, so your initial questions is correct, but watchdog chip is very simple and assuming it will fail is just overthinking IMO.

becorey
Posts: 92
Joined: Sat Mar 28, 2020 4:18 pm

Re: Pin behaviour in case of chip defect

Postby becorey » Fri Jan 15, 2021 1:42 am

Yes as chegewara said the watchdog chip is simpler and less likely to fail and the esp32. So you have shifted the problem from the ESP 32 over to the watchdog chip, you shifted the problem from a more likely failure to a less likely failure and that is a success.

You also can have a watchdog chip that is communicating with the esp32, so they are both checking each other bi-directionally. Then the most likely occurrence is that ESP 32 fails, and watchdog protects. The next most likely occurrence is that just the watchdog fails, the ESP detects that and maybe can do something in response like let you know. and finally the least likely occurrence is that both the ESP and the watchdog fail at the same time before the watchdog can act. that would pass through a failure but the probability of occurring is so much smaller than your original issue.

doglike
Posts: 63
Joined: Fri Aug 18, 2017 4:21 pm

Re: Pin behaviour in case of chip defect

Postby doglike » Fri Jan 15, 2021 2:45 pm

Thank you guys for all the valueable input!
I think I will implement an additional external watchdog.
Do you have any suggestion IC for me?

Who is online

Users browsing this forum: No registered users and 95 guests