LLExec has two optional watchdog systems which can be used to protect a target PLC from the process abnormal termination, or locks and starvation conditions.
The two mechanism are the Hardware Watchdog and the Software Watchdog.

Hardware Watchdog

The hardware Watchdog depends on having a controller with a watchdog hardware cicrcuit on the board, and it is realized by a software component - LLSupportDaemon - which is extern to the LLExec process and performs some diagnostic tasks and collaborates with the LLExec process to handle the hardware circuit.
It works on realtime systems, where, on a given processor, an higher priority task could preempt a lower priority task on the system and and cannot be preempted by a lower priority task.
The Watchdog task in the LLSupportDaemon is a realtime task running at a certain priority which must be lower of the priority of all the LLExec realtime tasks it wants to protect, it wakes up ciclically and, if there is a mark value given by LLExec in a location on a shared memory, feeds the hardware circuit.
The mark value in the shared memory is written by the LLExec's highest priority task.
If the hardware circuit is not fed by the LLSupportDaemon, the system reboots.

Many behaviour could be configured and set in the configuration in the case a watchdog reboot is detected at the start of the system: for example the last PLC code would not be loaded, or a secondary application could be loaded, or the PLC could be loaded delayed by a certain period to allow user actions before the system is started.

Example critical conditions

LLExec process could crash because of a pointer error or a division by zero in the PLC code: in this case the mark value it's not written in the shared memory and the system reboots. Moreover LLExec support daemon can be configured to collect many diagnostic informations which could be logged on permanent storage.

As a second hypothesis, the LLExec higher priority task can incour in a infinite loop condition: in this case, it couldn't write the mark on the shared location and system reboots.

As an another case LLSupport daemon could, unprobably, crash for some operating system unpredictable reason: it couldn't fed the hardware circuit and the target reboots.

Finally an LLExec realtime task, above the priority of the watchdog task, con enter in an unlimited loop condition: in this case the LLExec higher priority task will sign the mark in the shared memory, but the watchdog task couldn't preempt the locked task to feed the watchdog, and target reboots.