On August 30, 2016 at 12:28:50 PM, will sanfilippo ([email protected]<mailto:[email protected]>) wrote: Sounds reasonable. As I am sure you know, doing it through the sanity task sometimes is an issue getting the time right as you would then need to know the worst-case timing of all the tasks that could be running… but any way you cut it, you have to put some time limit on that… in past lives I have seen some pretty complicated ways to deal with this but this seems reasonable and if developers need something different they can implement it with this hal.
I would consider making the return value of init() be the time or some reference to the time that was actually set. So, for example, if the user asks for 10000 ticks, and the system can only support 2000, it could return 2000 from init, after trying it’s best to support the request. It could be done in powers of two or some other mechanism, but conceptually using that return value to explain what was actually set would be a nice interface. If watchdog was not implemented on given hardware, default return could be negative (error) or 0, implying watchdog was not set (although 0 also implies success… so…).
