“Fail-Safe” refers to the incorporation of design techniques that allow safe system operation and enhance the reliability of the products in which they are used. For example, the MCUs in the R8C Family have a main clock oscillator stop detection feature. This function provides an automatic switch to the internal oscillator if the external oscillator fails. The R8C is then able to put the system into a safe mode of operation or shut it down in an orderly manner. The second illustration shows the configuration of the R8C's enhanced Watchdog Timers (WDT). This timer can be configured to start counting automatically after a reset, or it can be initiated by software. If the system is operating normally, the WDT is periodically reset. Abnormal operation will allow it to time out, in which case it can generate an interrupt or reset signal and direct the CPU to recover appropriately. The WDT can be configured to operate off of the same clock supplied to the CPU or from a separate internal oscillator. This setting is selected through a combination of registers located in Flash and RAM, thus providing configuration protection. Some R8C devices incorporate a dedicated 125kHz on-chip oscillator, providing an extra level of reliability. Also, access to the Special Function registers (SFRs) and other critical system registers is via a Protect register that safeguards critical content if the program goes out of control. Other features that enhance reliability are two special instructions—BRK (Break) and UND (undefined instruction). If the program goes out of control, these special instructions direct the CPU to an error-recovery program.