Even if the code is perfect, a controller’s program may “crash” because of conditions that are beyond the control of the software engineer: complete power failures, brownouts and “spikes” on the incoming power lines, or even human error.

Software cannot reliably identify or handle all hardware related failures because, after all, the software runs on the failing hardware. Detecting hardware failures requires special-purpose hardware.

For example, a “watchdog timer” is an independent hardware device that monitors the health of the software. The watchdog timer will reset the controller unless it receives a signal from the software within a specified time, usually about 1 second.