For serious real time systems you need a watchdog to detect and recover from malfunctions e.g. deadlocks. STM32 MCUs have two of them: independent watchdog (IWDG) and window watchdog (WWDG). I prefer the WWDG because it has a time window (as the name implies) and an interrupt just before the watchdog is going to bite. Window means that the feeding time has to be in a time window (interval), to feed to early is harmful too. The early wakeup interrupt can be used to bring the system into a save state or log something before the CPU is going into reset.
There is a thread only for kicking (regularly feed) the watchdog. This thread has the second lowest priority (just higher than the idle thread),
if any task does not want to give up control, the watchdog thread does not get any more CPU time and cannot feed the watchdog and the watchdog will bite after the timeout.