Skip to Content

dsPIC33A Deadman Timer (DMT) Peripheral

Last modified by Microchip on 2025/09/19 13:40

Overview

On this page, you will learn about the Deadman Timer (DMT) on the dsPIC33A microcontroller (MCU). The DMT is a safety feature used in mission-critical applications to monitor whether your software is running correctly. If the software fails or gets stuck, the DMT can trigger a generic trap, interrupting the processor or even causing a reset to help recover from the error. 

The DMT works as a 32-bit counter that increases with every CPU instruction fetch. You can set how many instructions are allowed before the DMT triggers an event by configuring the PSCNT (count limit) and PSINTV (window interval) registers. These settings are made through Special Function Registers (SFRs) and can only be changed before the DMT is enabled. Once the DMT is turned on, it cannot be turned off except by resetting the system. 

To prevent the DMT from triggering a trap, your software must regularly clear the DMT counter. This is done using a two-step sequence; first, you write 0x40 to a register (STEP1), then 0x08 (STEP2), and this must be done within a specific time window. If the sequence is done incorrectly or out of order, it can cause a DMT reset. 

If a DMT event does occur, the DMT trap handler is called. Inside this handler, you can try to fix the problem and clear the DMT using another two-step sequence; write 0x41 to the NMI Preclear Register, then 0x88 to the NMI Clear Register. If this is not done correctly, the system may reset.

Features

  • DMT is designed to enable you to monitor the health of their application software
  • Free-running instruction fetch 32-bit counter
  • Generates a trap, interrupt, or reset to the processor, if not serviced before a set number of instructions
  • Typically used in mission-critical and safety critical applications
  • Interrupts the processor in the event of software malfunction
  • Software-controlled
  • User-configurable instruction counter
  • Two-step windowed clear sequence
  • Post-event DMT counter clear
DMT Features
Click image to enlarge.

Differences From dsPIC33C to dsPIC33A

  • Removed FDMT, FDMTCNT, and FDMTIVT configuration fuses
  • Removed DMT HOLDREG register
  • Software now initializes both (1) DMT Instruction Count Limit Value (PSCNT) and (2) DMT Window Interval (PSINTV) SFRs instead of configuration fuses
  • Hence, PSCNT and PSINTV SFRs are now R/W
  • Writes to PSCNT and PSINTV SFRs are disabled once DMT is enabled 
  • Added support to clear the DMT counter, post DMT_event in DMT Trap handler
  • Added DMT NMI Preclear Register (PPPC) and DMT NMI Clear Register (PPC) registers to reset DMT post DMT_event

Note: To clear the DMT event, two consecutive writes of specific values must be written into the PPPC register, followed by a write to the PPC register.

Back to Top

Peripheral Architecture

Block Diagram

Dead Man Timer Block Diagram

Setup

  • DMT is a software-controlled module
    • Set appropriate count limit value to PSCNT and window interval value to PSINTV
    • Enable DMT by setting DMTCON.ON bit
  • Once DMT is enabled, writes to PSCNT and PSINTV are disabled
  • DMT cannot be disabled, once the module is enabled
  • DMTCON.ON bit can be cleared only with System Reset

Clear

The DMT needs to be serviced like Watchdog Timer (WDT) at regular intervals. The module provides STEP1 and STEP2 for the DMT service sequence. Executing a valid STEP1 and STEP2 sequence resets the DMT counter.

DMT clearing sequence

STEP 1: The software must first do a pre-clear action to the DMT (DMTPRECLR[15:08] = 0x40). This action sets an enable-for-clearing state that enables the DMT to be cleared by STEP 2.

  • Setting DMTPRECLR[15:08] to any other value causes the improper sequence (BAD1) flag to be set
  • The improper sequence flag will still be raised if the enable-for-clearing state has already been set

STEP 2: The software must then do a clear of the DMT (DMTCLR[7:0] = 0x08). The clearing of the DMTCNT will only occur only if this action was preceded by a pre-clear (STEP 1) action that set the enable-for-clearing state, the clear occurs during an open window interval.

The BAD2 flag in DMTSTAT gets raised if:

  • The clear instruction is executed and was not preceded by a pre-clear.
  • The clear instruction is executed at a time other than when the window interval is open.
  • An invalid, clear sequence was detected.

Any occurrence of BAD1 or BAD2 results in a DMT Event.

The proper clearing occurrence of the DMT will clear DMTPRECLR[15:8] and DMTCLR[7:0] and restart the DMT counter.

Why a Two-Step Clear Sequence?

The reasoning for this placement and why a two-step action is required to reset the DMT is based upon the single-fault model. In this model, failure of the software is assumed to occur from just one fault under the assumption that the software functionality is correct. Should that fault occur, the DMT count match should still occur.

One fault pattern that might occur would be the repeated clearing of the timer in a tight loop. For example, a response input may be required for the application to proceed. Should that response not occur, the count match would happen, yet a single fault could defeat that detection if that fault caused a loop of just a single action, which resets the timer. To overcome this potential failure, a second separate action is required to reset the timer. Separating the second action spatially as well as temporally reduces the possibility that the two sequential actions to reset the timer could occur because of a single fault. The second action is further constrained to occur during a “window interval” so that it may not occur too early.

DMT Generic Trap

When the DMT counter expires or an action sequence fails (Bad1, Bad2) to clear the DMT counter, the DMT counter is disabled and a dmt_event is generated, which results in a generic trap and one can exit generic trap only after clearing/resetting DMT status using post NMI event clear sequence. This sequence has to be executed within DMT generic trap handler only.

DMT Trap Handler Flowchart

To clear the DMT exception, the TRAP handler must issue a sequence of two instructions to clear the DMT event.

  • NMI_Step1 PPPC (Post processing Pre-Clear): PPPC must be written 0x4100.
  • NMI Step2 PPC (Post processing Clear): PPC must be written with 0x88 and preceded by the correct execution of a PPPC NMI Pre-clear instruction. At the successful execution of this instruction, the dmt_event is cleared.

If they are correctly executed, the DMT will clear the DMT event, and it will reinitialize itself. In this way, resetting the entire device can be avoided if the user chooses to.

Back to Top

Applications

  • The primary function of the DMT is to generate a generic trap in the event of a software malfunction.
  • The trap handler may contain the routine to correct the erroneous event (if possible) or restart the software.
DMT Application Flow Chart
Click image to enlarge.

Back to Top