A watchdog device can greatly improve the overall safety of a system. We recommend to periodically reset such a watchdog from within the main time domain of the control system, e.g. the time domain which runs your actuators. Set the watchdog time to a reasonable multiple of the period of the time domain. Now, if your system gets stuck and your time domain does not run within its desired limit, the watchdog will timeout and switch off your drives.

An external watchdog can be implemented with an external timer or with a simple retriggerable one shot timer. Implement a block in your control system which uses a digital peripheral output. Make sure to toggle the output state every time the block runs. This toggling output periodically reloads the timer. If your time domain blocks for a certain period the timer will run out.
Define a digital peripheral input which is connected to your watchdog timer output. Add this peripheral input to the critical inputs of your safety system, see Critical Inputs and Outputs. Depending on your safety level check the state of the watchdog timer, e.g.

slMoving.setInputActions({check(wdt, true, abort)});

Some HAL libraries implement a watchdog device, e.g. flink. When going through the HAL, you can use the Watchdog block. Such a block runs within the time domain of your control system and periodically resets the timer. The timer must be configured within the configuration file (see Configuration File. This could be done for example as follows

"subdevice5": {
  "type": "Watchdog",
  "channel0": {
    "signalId": "Wdt",
    "additionalArguments": "0.05"
   }
}

Here, the watchdog timeout is set to 50ms. You have to start the timer, which is called arming as soon as your time domain starts running.

wdt.arm();

The watchdog block in your control system defines a peripheral input. Check for the state of this input with a critical input in your safety system, see Using the HAL with a Watchdog Timer.