Power Reboot (Pboot) and Soft Reboot (WD watchdog) - crestlinesoaring/ArduinoWeatherStation GitHub Wiki

(brief)
Our weatherstation is in the raw and remote wilderness, at the slope of a high hill, so we implemented an automatic reboot to ensure continuous operation.
It is actually a power cycle (turn off Mega and electronics, and then on again) we accomplish with Pboot.
Pboot is a self contained circuit which turns off the power to the M each hour for 8 seconds.
Power is turned off at 3592 seconds (1 hour minus 8s) and is turned on again at 3600 seconds exactly.
Each hour, 24h/365.

This circuit is derived from a 24h/12h power cycling circuit.
Two 2^14 timers (4060) are driven by the (default) 32kHz output from the ZS-042 (DS3231 based) RTC.
Two “AND” gates connect to various counter outputs representing a the binary count stages at mentioned times.
The first AND gate drives the N.C. (normally closed) relay and activates at 3592 seconds (1 hour minus 8s).
Eight seconds later, at exactly 3600 seconds, the second AND gate is activated and resets the timers and a new cycle begins.
(brief)

Sboot
Sboot (Soft reboot) is a backup to the Pboot (Power reboot).
It should use the WDT to loop through the hour in 8 second steps.
If a pboot didn’t happen after an hour, Sboot issues a WD reset.

Watchdog Timer (WDT):
Contrary to the 8/16bit timers, which use an external clock source, the WDT on the Mega is driven by an internal 128kHz oscillator.
External Resonators are vulnerable to the high humidity levels we experience.
The internal on-chip oscillator is less vulnerable to such humidity related issues.
This separate, internal oscillator also works in the lowest power mode: SLEEP_MODE_PWR_DOWN which we are using.

Watchdog Oscillator Precision:
Unfortunately, the Watchdog Oscillator (which drives above WDT) can be off by some large percentage (10%?).
For an hour this would eat into 6 minutes of data gathering, worst case.
We would need to use the RTC as reference to stay inside the schedule of sending.
We need, on a running basis, to compare and calculate the discrepancy between the RTC and the internal Watchdog Oscillator to work out the actual elapsed time.
WDelta will be different for each M and must be a life variable.

For now we’ll use 3960 seconds as worst case scenario + 10 seconds (Ariadne) + 6 seconds (time to boot)= 3976s as the timeout.
3976s/8s = 497 loops.
Runtime of the executed program needs also be regarded.
WD will wake up the M each 8 seconds and if the Variable Sbootcount exceeded 497 counts it triggers an WD reset.

After each Pboot (or reboot in general?), the Sbootcount variable is reset to 497.
Think: if Pboot failed this will move through the hours due to the extra “oscillator tolerance margin” seconds.
Would need to “correct” Sbootcount depending on Pboot occurance on a life basis.
That means Pboot occurance might need to be timestamped.
A Pboot timestamp variable in EEPROM might be needed, which records the time right after a Pboot (use EEPROM.Update ).

After reviewing many approaches, I liked this very much:
http://folk.uio.no/jeanra/Microelectronics/ArduinoWatchdog.html
half page down:
“Using the watchdog for both preventing failures and energy savings”