Set Condition

A failure is detected if one of the following conditions occurs:

• A failure in the SPI communication between the CPU and the watchdog ASIC (e.g. timeout of SPI message) is detected.
• The status value of the watchdog ASIC, which includes the watchdog error counter, is unequal to the expected value in the CPU software.
• The watchdog error counter is above the threshold to switch off the output stages.
• The number of safety relevant software modules monitored by the Program Flow Control is not as expected.
• A safety relevant software module monitored by the Program Flow Control has calculated an invalid checksum.
• The actual sequence of safety relevant software modules monitored by the Program Flow Control is not equal to the expected sequence.