A watchdog device can greatly improve the overall safety of a system. We recommend to periodically reset such a watchdog from within the main time domain of the control system, e.g. the time domain which runs your actuators. Set the watchdog time to a reasonable multiple of the period of the time domain. Now, if your system gets stuck and your time domain does not run within its desired limit, the watchdog will timeout and switch off your drives.

An external watchdog can be implemented with an external timer or with a simple retriggerable one shot timer. Implement a block in your control system which uses a digital peripheral output. Make sure to toggle the output state every time the block runs. This toggling output periodically reloads the timer. If your time domain blocks for a certain period the timer will run out.
Define a digital peripheral input which is connected to your watchdog timer output. Add this peripheral input to the critical inputs of your safety system, see Critical Inputs and Outputs. Depending on your safety level check the state of the watchdog timer, e.g.

slMoving.setInputActions({check(wdt, true, abort)});

Some HAL libraries implement a watchdog device, e.g. flink. When going through the HAL, you can use the Watchdog block. Such a block runs within the time domain of your control system