Semester 4 / Internet of Things /Supervisory Circuit

Supervisory Circuit

3 min read Last updated Fri Jun 12 2026 01:43:02 GMT+0000 (Coordinated Universal Time)
Open in ChatGPT Open in Claude

Independent hardware component that monitors system health separately from the CPU. Can reset the processor, shut down the system, switch to a backup clock, or generate alarms.

Watchdog Timer

A hardware timer that runs independently of the CPU. Resets the MCU if software fails to service it before the timeout expires.

Operation:

  • Software must periodically write a specific value to the watchdog register (“kicking” or “petting” the watchdog)
  • If the software hangs, crashes, or enters an infinite loop, the kick never arrives
  • On timeout, the watchdog asserts a reset signal and restarts the MCU

Timeout period is configurable, typically ranging from a few milliseconds to several seconds.

The kick must be placed at a point reachable only if the entire expected execution path completed successfully. Placing it inside a sub-loop defeats the mechanism: if that sub-loop stalls, it keeps resetting the counter, the overflow never fires, and the fault goes undetected.

Brown-out Reset

Monitors VccV_\text{cc}. If it drops below a configurable threshold VBORV_\text{BOR}, the processor is held in reset until the voltage recovers. Can fire repeatedly during operation. Without it, a processor executing during a slow ramp-down may corrupt non-volatile memory.

Threshold voltage is configurable on most MCUs via fuse bits or configuration registers.

Power-on Reset

Holds the CPU in reset on power-up until VccV_\text{cc} reaches a stable operating level. Ensures registers and peripherals are in defined states before execution begins. Fires once per power cycle.

Without this, the CPU may begin fetching instructions while voltage is still ramping up, producing unpredictable results: incorrect register values, corrupted peripheral state, or a partially-executed first instruction.

Oscillator Delay

Holds the CPU in reset after the oscillator is enabled until the clock signal is stable and at its correct frequency. Crystal and RC oscillators take time to reach their steady-state frequency after power is applied or after waking from sleep.

If execution begins before the clock is stable, instruction timing is wrong: peripherals may miss setup/hold windows, UART baud rates are incorrect, and timer periods are inaccurate.

Fail-Safe Clock Monitor

Detects clock failure or out-of-range frequency during operation. Switches the CPU to an internal backup oscillator and optionally triggers a reset or interrupt. Normal operation resumes only after the primary clock is re-established.

Stack Monitor

Triggers a reset or interrupt if the stack pointer overflows into data memory or underflows past the base. Catches deep recursion, excessive interrupt nesting, and stack pointer corruption.

Was this helpful?
PreviousTimers and Counters
NextI/O Ports