You are on page 1of 80

Software Development

Aurel GONTEAN

May 5, 2015

PLCs

What is a PLC?
A programmable logic controller,

also called a PLC or


programmable controller, is a computer-type device used to
control equipment in an industrial facility.
The kinds of equipment that PLCs can control are as varied as
industrial facilities themselves:
Conveyor systems,
food processing machinery,
auto assembly lines

What is a PLC?
In a traditional industrial control system, all control devices are

wired directly to each other according to how the system is


supposed to operate.
In a PLC system, however, the PLC replaces the wiring
between the devices. Thus, instead of being wired directly to
each other, all equipment is wired to the PLC.
Then, the control program inside the PLC provides the wiring
connection between the devices.

What is a PLC?
The control program is the computer program stored in the

PLCs memory that tells the PLC whats supposed to be going


on in the system.
The use of a PLC to provide the wiring connections between
system devices is called softwiring.

Example
Lets say that a push button is supposed to control the

operation of a motor.
In a traditional control system, the push button would be wired
directly to the motor.
In a PLC system, however, both the push button and the motor
would be wired to the PLC instead.
Then, the PLCs control program would complete the electrical
circuit between the two, allowing the button to control the
motor.

Example

Why Use PLCs?


The softwiring advantage provided by programmable

controllers is tremendous.
Softwiring makes changes in the control system easy
and cheap.
If you want a device in a PLC system to behave
differently or to control a different process element, all
you have to do is change the control program.
In a traditional system, making this type of change
would involve physically changing the wiring between
the devices, a costly and time-consuming endeavor.
8

Example
Lets say that two push buttons, PB1 and PB2, are connected to a

PLC.
Two pilot lights, PL1 and PL2, are also connected to the PLC.
The way these devices are connected now pressing push button
PB1 turns on pilot light PL1 and pressing push button PB2 turns on
pilot light PL2.
Lets say that you want to change this around so that PB1 controls
PL2 and PB2 controls PL1. In a traditional system, you would have
to rewire the circuit so that the wiring from the first push button goes
to the second pilot light and vice versa.
However, because these devices are connected to a PLC, making
this change is as simple as making a small change in the control
program.
9

PLCs Additional Advantages


high reliability
small space requirements
computing capabilities
reduced costs
ability to withstand harsh environments
expandability

10

Detailed view of a PLC


A PLC basically consists of two elements:

the central processing unit


the input/output system

11

CPU
The (CPU) is the part of a PLC that retrieves, decodes, stores,

and processes information.


The CPU has three parts:
the processor
the memory system
the power supply

12

The Input/Output (I/O) System


The input/output (I/O)

system is the section of a PLC to which


all of the field devices are connected.
The I/O system is what actually physically carries out the
control commands from the program stored in the PLCs
memory.
The I/O system consists of two main parts:
the rack
I/O modules

13

The Rack and I/O Modules

14

More about I/Os


All of the field devices connected to a PLC can be classified in

one of two categories:


Inputs
Outputs
Inputs are devices that supply a signal/data to a PLC.
Typical examples of inputs are

push buttons,
switches, and
measurement devices.

15

Outputs
Outputs are devices that await a signal/data from the

PLC to perform their control functions.


Typical examples of outputs are:

Lights,
horns,
motors
valves

16

Example

17

I/Os
There are two basic types of input and output devices:

Discrete (digital) 0s and 1s


Analog infinite number of states
Examples

Discrete (digital)

overhead light and switch

Examples - Analog

Thermometer, valve

18

I/Os
different input and output devices send different kinds of

signals
While PLCs are powerful devices, they cant always speak the
language of every device connected to them
I/O modules act as translators between the field devices and
the PLC

19

Control Program
The control program is a software program in the PLCs

memory.
The control program is made up of instructions
Remember, changing the system is a snap.
All PLCs use two basic types of instructions:
Contacts
Coils

20

Contacts
Contacts are instructions that refer to the input conditions to

the control programthat is, to the information supplied by the


input field devices.
Each contact in the control program monitors a certain field
device. The contact waits for the input to do something in
particular.

21

Coils
Coils are instructions that refer to the outputs of the control

program that is, to what each particular output device is


supposed to do in the system.
Like a contact, each coil also monitors a certain field device.
However, unlike a contact, which monitors the field device and
then tells the PLC what to do, a coil monitors the PLC control
program and then tells the field device what to do.

22

Example

23

The Scan
In PLC talk, this three-step process of:

monitoring the inputs


executing the PLC control program
changing the status of the outputs accordingly
is called the scan.

24

The Scan

25

A Practical PLC
Siemens S7-200

26

Introducing the S7-200 Micro PLC


The Siemens S7-200 series is a line of micro-programmable

logic controllers (Micro PLCs)


perfect for controlling small applications

compact design,
powerful instruction set
expandability,
low cost

27

A typical PLC setup

28

Features

29

Features

30

Features

31

Features

32

Features

33

Understanding the Scan Cycle


The S7-200 CPU is designed to execute a series of tasks,

including your program, repetitively (scan cycle).


During the scan cycle shown in next slide, the CPU performs
most or all of the following tasks:

Reading the inputs


Executing the program
Processing any communication requests
Executing the CPU self-test diagnostics
Writing to the outputs

34

Understanding the Scan Cycle

The series of tasks executed during the scan cycle is


dependent upon the operating mode of the CPU.
The S7-200 CPU has two modes of operation,
STOP mode (program is not executed).
RUN mode (program is executed)

35

Reading the Digital Inputs


Each scan cycle begins by reading the current value of the

digital inputs and then writing these values to the processimage input register.
The CPU reserves the process-image input register in
increments of eight bits (one byte).
The CPU does not automatically update analog inputs as part
of the scan cycle and does not maintain an analog input image
register.
You must access the analog inputs directly from your program.

36

Executing the Program


The CPU executes the program, starting with the first

instruction and proceeding to the end instruction.


The immediate I/O instructions give immediate access to
inputs and outputs during the execution of either the program
or an interrupt routine.
If used, the interrupt routines that are associated with the
interrupt events are stored as part of the program.
The interrupt routines are not executed as part of the normal
scan cycle, but are executed when the interrupt event occurs
(which may be at any point in the scan cycle).

37

Communication / Self-Diagnostic Test


Processing the Communication Requests

During the message-processing phase of the scan cycle, the CPU


processes any messages that were received from the communications
port.
Executing the CPU Self-Diagnostic Test

During this phase of the scan cycle, the CPU checks its firmware and
your program memory (RUN mode only). It also checks the status of
any I/O modules.

38

Writing to the Digital Outputs


At the end of every scan cycle, the CPU writes the values

stored in the process-image output register to the digital


outputs.
The CPU does not automatically update analog outputs as
part of the scan cycle and does not maintain an analog output
image register. You must access the analog outputs directly
from your program.
When the CPU operating mode is changed from RUN to
STOP:
the digital outputs are set to the values defined in the Output Table, or
are left in their current state.
Analog outputs remain at the value last written.
39

Immediate I/O
Immediate I/O instructions allow direct access to the actual

input or output point, even though the image registers are


normally used as either the source or the destination for I/O
accesses.
The corresponding process-image input register location is not
modified when you use an immediate instruction to access an
input point.
The corresponding process-image output register location is
updated simultaneously when you use an immediate
instruction to access an output point.

40

Interrupting the Scan Cycle


If you use interrupts, the routines associated with each

interrupt event are stored as part of the program.


The interrupt routines are not executed as part of the normal
scan cycle, but are executed when the interrupt event occurs
(which may be at any point in the scan cycle).
Interrupts are serviced by the CPU on a first-come-first-served
basis within their respective priority assignments.

41

Process-Image Input / Output Registers


It is usually advantageous to use the process-image register

rather than to directly access inputs or outputs.


There are three reasons for using the image registers:

The sampling of all inputs at the top of the scan synchronizes


and freezes the values of the inputs for the program execution
phase of the scan cycle. The outputs are updated from the image
register after the execution of the program is complete. This
provides a stabilizing effect on the system.
Your program can access the image register much quicker than it
can access I/O points, allowing faster execution of the program.
I/O points are bit entities and must be accessed as bits, but you
can access the image register as bits, bytes, words, or double
words. Thus, the image registers provide additional flexibility.

42

Process-Image Input / Output Registers


An additional benefit is

that the image registers are large enough to handle the maximum
number of input and output points. There is always some number of
image register locations not used, that can be used as extra internal
memory bits.

43

Direct Addressing of the


CPU Memory Areas

44

Using the Memory Address to


Access Data

45

Accessing a bit
To access a bit in a memory area, one must specify

the address, which includes the memory area identifier,


the byte address, and
the bit number.

46

Accessing a Byte, Word, DWord


Using the byte address format, one can access data in many

CPU memory areas (V, I, Q, M, and SM) as bytes, words, or


double words. The address must be specified similar to
specifying the address for a bit.
This includes
an area identifier,
data size designation, and
the starting byte address of the byte, word, or double-word
Data in other CPU memory areas (such as T, C, HC, and the

accumulators) are accessed by using an address format that


includes an area identifier and a device number.

47

Accessing a Byte, Word, DWord

48

Representation of Numbers
Data Size Designations and Associated Integer Ranges
Data Size

Unsigned Integer Range


Decimal

Hexadecimal

Signed Integer Range


Decimal

Hexadecimal

B (Byte):
8-bit value

0 to 255

0 to FF

128 to 127

-80 to 7F

W (Word):
16-bit value

0 to 65,535

0 to FFFF

-32,768 to 32,767

8000 to 7FFF

D (Double word,
Dword): 32-bit value

0 to
4,294,967,295

0 to
FFFF FFFF

-2,147,483,648 to
2,147,483,647

8000 0000 to
7FFF FFFF

49

The Process-Image Input Register (I)


The CPU samples the physical input points

at the beginning of
each scan cycle and writes these values to the process-image
input register.
You can access the process-image input register in bits, bytes,
words, or double words.
Format:
Bit
Byte, Word, Double Word

I[byte address].[bit address] I0.1


I[size][starting byte address] IB4

50

The Process-Image Output Register (Q)


At the end of the scan cycle, the CPU

copies the values stored


in the process-image output register to the physical output
points.
You can access the process-image output register in bits,
bytes, words, or double words.
Format:
Bit
Byte, Word, Double Word

Q[byte address].[bit address] Q1.1


Q[size][starting byte address] QB5

51

The Variable (V) Memory Area


You can use V memory to store

intermediate results of
operations being performed by the control logic in your
program.
You can also use V memory to store other data pertaining to
your process or task. You can access the V memory area in
bits, bytes, words, or double words.
Format:
Bit
Byte, Word, Double Word

V[byte address].[bit address] V10.2


V[size][starting byte address] VW100

52

The Bit Memory (M) Area


You can use the internal memory bits (M memory) as control

relays to store the intermediate status of an operation or other


control information.
While the name bit memory area implies that this information
is stored in bit-length units, you can access the bit memory
area not only in bits, but also in bytes, words, or double words.
Format:
Bit
Byte, Word, Double Word

M[byte address].[bit address] M26.7


M[size][starting byte address] MD20

53

The Sequence Control Relay (S)


Memory Area

Sequence Control Relay bits (S) are used to organize machine

operations or steps into equivalent program segments.


SCRs allow logical segmentation of the control program.
You can access the S bits as bits, bytes, words, or double
words.
Format:
Bit
Byte, Word, Double Word

S[byte address].[bit address] S3.1


S[size][starting byte address] SB4

54

The Special Memory (SM) Bits


The SM bits provide a means for communicating information

between the CPU and your program.


You can use these bits to select and control some of the
special functions of the S7-200 CPU, such as:
A bit that turns on for the first scan
Bits that toggle at fixed rates
Bits that show the status of math or operational instructions
While the SM area is based on bits, you can access the data

in this area as bits, bytes, words, or double words.


Format:
Bit
SM[byte address].[bit address] SM0.1
Byte, Word, Double Word SM[size][starting byte address] SMB86
55

SMB0: Status Bits

Special Memory Byte SMB0 (SM0.0 to SM0.7)

SM

Bits Description

SM0.0

This bit is always on.

SM0.1

This bit is on for the first scan. One use is to call an initialization subroutine.

SM0.2

This bit is turned on for one scan if retentive data was lost. This bit can be used as
either an error memory bit or as a mechanism to invoke a special startup sequence.

SM0.3

This bit is turned on for one scan when RUN mode is entered from a power-up
condition. This bit can be used to provide machine warm-up time before starting an
operation.

SM0.4

This bit provides a clock pulse that is on for 30 seconds and off for 30 seconds, for a
cycle time of 1 minute. It provides an easy-to-use delay, or a 1-minute clock pulse.

SM0.5

This bit provides a clock pulse that is on for 0.5 seconds and then off for 0.5 seconds,
for a cycle time of 1 second. It provides an easy-to-use delay or a 1-second clock pulse.

SM0.6

This bit is a scan clock which is on for one scan and then off for the next scan. This bit
can be used as a scan counter input.

SM0.7

This bit reflects the position of the Mode switch (off is TERM position, and on is RUN
position). If you use this bit to enable Freeport mode when the switch is in the RUN
position, normal communication with the programming device can be enabled by
switching to the TERM position.

56

SMB1: Status Bits


SM

Bits Description

SM1.0

This bit is turned on by the execution of certain instructions when the result of the
operation is zero.

SM1.1

This bit is turned on by the execution of certain instructions either when an overflow
results or when an illegal numeric value is detected.

SM1.2

This bit is turned on when a negative result is produced by a math operation.

SM1.3

This bit is turned on when division by zero is attempted.

SM1.4

This bit is turned on when the Add to Table instruction attempts to overfill the table.

SM1.5

This bit is turned on when either LIFO or FIFO instructions attempt to read from an
empty table.

SM1.6

This bit is turned on when an attempt to convert a non-BCD value to binary is made.

SM1.7

This bit is turned on when an ASCII value cannot be converted to a valid hexadecimal
value.

57

The Timer (T) Memory Area


Timers are devices that count increments of time.
The S7-200 timers have resolutions of 1, 10 or 100 ms.
There are two variables that are associated with a timer:

Current value: this 16-bit signed integer stores the amount of time
counted by the timer.
Timer bit: this bit turns on (is set to 1) when the current value of the
timer is greater than or equal to the preset value. (The preset value is
entered as part of the timer instruction.)
You access both of these variables by using the timer address

(T + timer number).
Format:
T[timer number]

T24

58

Accessing the Timer Data

59

The Counter (C) Memory Area


Counters are devices that count each low-to-high transition

event on the counter input(s).


The CPU provides two types of counters:
one type counts up only
the other counts both up and down.
There are two variables that are associated with a counter:

Current value: this 16-bit signed integer stores the accumulated count.
Counter bit: this bit turns on (is set to 1) when the current value of the
counter is greater than or equal to the preset value. (The preset value is
entered as part of the counter instruction.)
You access both of these variables by using the counter

address (C + counter number).


60

The Counter (C) Memory Area


Access to either the counter bit or the current value is

dependent on the instruction used: instructions with bit


operands access the counter bit, while instructions with word
operands access the current value.
As shown in next slide, the Normally Open Contact instruction
accesses the counter bit, while the Move Word (MOV_W)
instruction accesses the current value of the counter.
Format:
C[counter number] C20

61

Accessing the Counter Data

62

The Analog Inputs (AI)


The S7-200 converts a real-world, analog value (such as

temperature or voltage) into a word-length (16-bit) digital


value.
You access these values by
the area identifier (AI),
size of the data (W), and
the starting byte address.

Since analog inputs are words and always start on even-

number bytes (such as 0, 2, or 4), you access them with evennumber byte addresses (such as AIW0, AIW2, or AIW4)
Analog input values are read-only values.
Format:
AIW[starting byte address] AIW4
63

Accessing an Analog Input


Accessing an Analog Output
Accessing an Analog Input

Accessing an Analog Output

64

The Analog Outputs (AQ)


The S7-200 converts a word-length (16-bit) digital value into a

current or voltage, proportional to the digital value (such as for a


current or voltage).
You write these values by
the area identifier (AQ),
size of the data (W), and
the starting byte address.
Since analog outputs are words and always start on even-number

bytes (such as 0, 2, or 4), you write them with even-number byte


addresses (such as AQW0, AQW2, or AQW4).
Your program cannot read the values of the analog outputs.
Format:
AQW[starting byte address] AQW4
65

Accessing an Analog Input


Accessing an Analog Output
Accessing an Analog Input

Accessing an Analog Output

66

The Accumulators (AC)


Accumulators are read/write devices that can be used like

memory.
For example, you can use accumulators to pass parameters to
and from subroutines and to store intermediate values used in
a calculation.
The CPU provides four 32-bit accumulators (AC0, AC1, AC2,
and AC3).
The data in the accumulators can be accessed as bytes,
words, or double words.
Format:
AC[accumulator number]

AC0

67

Addressing the Accumulators

68

The High-Speed Counters (HC)


High-speed counters are designed to count events faster than

the CPU can scan the events.


High-speed counters have a signed, 32-bit integer counting
value (or current value).
To access the count value for the high-speed counter, you
specify the address of the high-speed counter, using the
memory type (HC) and the counter number (such as HC0).
The current value of the high-speed counter is a read-only
value and can be addressed only as a double word (32 bits).
Format:
HC[high-speed counter number]

HC1

69

Accessing the High-Speed Counter Current Values

70

Using Constant Values


You can use a constant value in many of the S7-200

instructions. Constants can be bytes, words, or double words.


The CPU stores all constants as binary numbers, which can
then be represented in decimal, hexadecimal, or ASCII
formats.
Decimal Format:
Hexadecimal Format:
ASCII Format:

[decimal value]
16#[hexadecimal value]
[ASCII text]

71

Using Constant Values


The S7-200 CPU does not support data typing or data

checking (such as specifying that the constant is stored as an


integer, a signed integer, or a double integer).
For example, an Add instruction can use the value in VW100
as a signed integer value, while an Exclusive Or instruction
can use the same value in VW100 as an unsigned binary
value.
Examples:
Decimal constant:
Hexadecimal constant:
ASCII constant:

20047
16#4E4F
Text goes between single quotes.

72

Indirect Addressing of the


CPU Memory Areas
TBD

73

Valid Ranges for the S7-200 CPUs


Description

212

214

215

216

User program size

512 words

2 kwords

4 kwords

4 kwords

User data size

512 words

2 kwords

2.5 kwords

2.5 kwords

Process Image Input Register

I0.0 I7.7

Process Image Output Register

Q0.0 Q0.7

Analog Inputs (Read Only)

AIW0 AIW30

Analog Outputs (write only)

AQW0 AQW30

Variable memory (V)


Permanent area (max)

V0.0 to V1023.7
V0.0 to V199.7

Bit Memory (M)


Permanent area (max)

M0.0 to M15.7
MB0 to MB13

Special Memory (SM)


Real Memory

SM0.0 to SM45.7
SM0.0 to SM29.7

V0.0 to V4095.7
V0.0 to V1023.7

V0.0 to V5119.7
V0.0 to V5119.7
M0.0 to M31.7
MB0 to MB13

SM0.0 to SM85.7
SM0.0 to SM29.7

SM0.0 to SM194.7
SM0.0 to SM29.7

74

Valid Ranges for the S7-200 CPUs


Description

212

214

215

Timers

64 (T0 to T63)

128 (T0 to T127)

Counters

C0 to C63

C0 to C127

High Speed Counter

HC0

216
256 (T0 to T255)
C0 to C255

HC0 to HC2

Accumulator registers

AC0 to AC3

Jumps / Labels

0 to 63

0 to 255

Call / Subroutines

0 to 15

0 to 63

Interrupt Routines

0 to 31

0 to 127

Interrupt events

0, 1, 8 to 10,12

PID loops
Ports

0 to 20

0 to 23

Not supported

0 to 26
0 to 7

0 and 1

75

S7-200 CPU Operand Ranges


Access
Method

212

Bit
access
(byte.bit)

V
I
Q
M
SM
T
C
S

0.0
0.0
0.0
0.0
0.0
0
0
0.0

Byte
access

VB
IB
QB
MB
SMB
AC
SB

0
0
0
0
0
0
0

Constant

to
to
to
to
to
to
to
to

to
to
to
to
to
to
to

214
1023.7
7.7
7.7
15.7
45.7
63
63
7.7

1023
7
7
15
45
3
7

V
I
Q
M
SM
T
C
S

0.0
0.0
0.0
0.0
0.0
0
0
0.0

VB
IB
QB
MB
SMB
AC
SB

0
0
0
0
0
0
0

Constant

to
to
to
to
to
to
to
to

to
to
to
to
to
to
to

215
4095.7
7.7
7.7
31.7
85.7
127
127
15.7

4095
7
7
31
85
3
15

V
I
Q
M
SM
T
C
S

0.0
0.0
0.0
0.0
0.0
0
0
0.0

VB
IB
QB
MB
SMB
AC
SB

0
0
0
0
0
0
0

Constant

to
to
to
to
to
to
to
to

to
to
to
to
to
to
to

216
5119.7
7.7
7.7
31.7
194.7
255
255
31.7

5119
7
7
31
194
3
31

V
I
Q
M
SM
T
C
S

0.0 to 5119.7
0.0 to 7.7
0.0 to 7.7
0.0 to 31.7
0.0 to 194.7
0 to 255
0 to 255
0.0 to 31.7

VB
IB
QB
MB
SMB
AC
SB

0
0
0
0
0
0
0

to
to
to
to
to
to
to

5119
7
7
31
194
3
31

Constant

76

S7-200 CPU Operand Ranges


Access
Method
Word
access

212
VW
T
C
IW
QW
MW
SMW
AC
AIW
AQW
SW

0
0
0
0
0
0
0
0
0
0
0

to
to
to
to
to
to
to
to
to
to
to

214
1022
63
63
6
6
14
44
3
30
30
6

Constant

Double
word
access

VD
ID
QD
MD
SMD
AC
HC
SD

0
0
0
0
0
0
0
0

Constant

VW
T
C
IW
QW
MW
SMW
AC
AIW
AQW
SW

0
0
0
0
0
0
0
0
0
0
0

to
to
to
to
to
to
to
to
to
to
to

215
4094
127
127
6
6
30
84
3
30
30
14

Constant
to
to
to
to
to
to

1020
4
4
12
42
3

to 4

VD
ID
QD
MD
SMD
AC
HC
SD
Constant

VW
T
C
IW
QW
MW
SMW
AC
AIW
AQW
SW

0
0
0
0
0
0
0
0
0
0
0

to
to
to
to
to
to
to
to
to
to
to

216
5118
255
255
6
6
30
193
3
30
30
30

Constant
0
0
0
0
0
0
0
0

to
to
to
to
to
to
to
to

4092
4
4
28
82
3
2
12

VD
ID
QD
MD
SMD
AC
HC
SD

0
0
0
0
0
0
0
0

Constant

VW
T
C
IW
QW
MW
SMW
AC
AIW
AQW
SW

0
0
0
0
0
0
0
0
0
0
0

to
to
to
to
to
to
to
to
to
to
to

5118
255
255
6
6
30
193
3
30
30
30

to
to
to
to
to
to
to
to

5116
4
4
28
191
3
2
28

Constant
to
to
to
to
to
to
to
to

5116
4
4
28
191
3
2
28

VD
ID
QD
MD
SMD
AC
HC
SD

0
0
0
0
0
0
0
0

Constant
77

Equivalent Ladder/Logic Diagrams

78

Equivalent Ladder/Logic Diagrams

79

Equivalent Ladder/Logic Diagrams


Homework: NOR, XNOR

80