Realizing the communication between MCU and PLC under Modbus protocol

    HMI (Human Machine Interface) is increasingly used in industrial automation systems and equipment due to its small size, high performance, and strong real-time features. It has different displays such as letters, Chinese characters, graphics, and pictures, and the interface is simple and friendly. It is equipped with a long-life membrane button keyboard and is easy to operate. It generally uses a single-chip microcomputer [1] with the advantages of high integration, high speed, high reliability, and low price as its core controller to achieve real-time and fast processing. The combination of PLC and single-chip microcomputer can not only improve the data processing capability of PLC, but also provide users with a friendly and concise interface. This article takes the Modbus communication protocol as an example to discuss in detail how to use C51 to realize the communication between single-chip microcomputer and PLC in a human-machine system.

    2Modbus communication protocol

    Modbus protocol is a universal language used in electronic controllers. Through this protocol, controllers can communicate with each other and with other devices via the network.

    The Modbus protocol provides a master-slave principle, that is, only one device (master) can initiate a transmission (query). Other devices (slave devices) respond accordingly based on the data provided by the master query. The format of the master query: device address (or broadcast, no response is required at this time), function code, all data to be sent, and an error detection field. The slave response message includes the confirmation address, function code, any data to be returned, and an error detection field. If an error occurs during the message reception process, or the slave device cannot execute its command, the slave device will create an error message and send it out as a response.

    The controller can be set to two transmission modes: ASCII and RTU. At the same baud rate, RTU can transmit more data than ASCII, so KTU mode is used.

    (1) Typical RTU message frame

    A typical RTU message frame is shown in Table 1.    

    The address field of the RTU message frame contains 8 bits. The possible slave device addresses are 0...127 (decimal). Address 0 is used as a broadcast address so that all slave devices can recognize it. The master device selects the slave device by putting the address of the slave device to be contacted into the address field in the message. When the slave device sends a response message, it puts its own address in the address field of the response so that the master device knows which device is responding.    

    The function code field in the RTU message frame contains 8 bits. When the message is sent from the master device to the slave device, the function code field will tell the slave device what actions need to be performed; when the slave device responds, it uses the function code field to indicate whether it is a normal response (error-free) or an error has occurred (called an objection response, which generally changes the highest bit of the function code from 0 to 1).

    The data field of the message sent from the master to the slave contains additional information: the slave must be used to perform the behavior defined by the function code. This includes things like discrete register addresses, the number of items to be processed, and the actual number of data bytes in the field. If no error occurs, the data field returned from the slave contains the requested data. If an error occurs, this field contains an objection code that the master application can use to determine the next action to take.

    When RTU mode is selected as the character frame, the error detection field contains a 16-bit value (implemented by two 8-bit characters). The content of the error detection field is obtained by performing a cyclic redundancy check (CRC) method on the message content. The CRC field is attached to the end of the message, first the low byte and then the high byte.

    (2) All Modbus function codes

    The Modbus function code definition is shown in Table 2.    

    3 Design of common functional communication programs[5]

    This article introduces the design of several commonly used Modbus function programs. The author uses a single-chip microcomputer as the host and writes a program on the single-chip microcomputer to realize the communication between the single-chip microcomputer and the PLC. The single-chip microcomputer sends command information to the PLC, and the PLC automatically responds. The PLC communicates through the serial communication port of the single-chip microcomputer, and the program is implemented with C51. The sub-functions of the program and their functions:

    (1) Serial port initialization

    voidProtocolInit(void)

    Function: Set the serial port to asynchronous communication mode 1 (1 start bit, 8 data bits, 1 stop bit); set timer/counter 1 to baud rate generator, communication rate 9600bps; turn on serial interrupt, and set the serial interrupt to high priority.

    (2) CRC simple function

    unsignedcharCrc16(unsignedchar*puchMsg,unsignedcharusDataLen)

    Function: First, load a 16-bit register with a value of all "1", and then call a process to process the values ​​of the current registers of the consecutive 8-bit bytes in the message. Each 8-bit character is ORed with the register content individually, and the result moves toward the least significant bit, and the most significant bit is filled with 0. The LSB is extracted for detection. If the LSB is 1, the register is ORed with the preset value alone. If the LSB is 0, it is not performed. The whole process is repeated 8 times. After the last bit (the 8th bit) is completed, the next 8-bit byte is ORed with the current value of the register alone. The final value in the register is the CRC value after all bytes in the message are executed.

    (3) Initialize variables

    voidInitvar(void)

    Function: Initialize all process variables.

    (4)Serial interrupt service routine

    voidProtocolSerialProcess(void)interrupt4using2

    Function: Send interrupt sends the command array formed by the host, and sets the flag after sending; receive interrupt receives the response array returned by the PLC, stores it in the receive array, sets the flag, and assumes that the response is correct and leaves it for the host to process.

    (5) Read N bit variables (coils)

    voidProtocolRead_bit(unsignedcharDeviceAddr/*PLC station number*/,unsignedcharRegType/*register type*/,unsignedintBitAddr/*starting address*/,unsignedcharSubAddr/*subaddress*/,unsignedintBitNum/*number of bits*/)

    Function: According to the function parameters, form a command array for reading N bit variables and start sending. Wait for sending and receiving to be completed (if it times out and is not received, resend). Analyze the received array: if it is correct, save the read data; if it is wrong, resend.

    (6) Write a bit variable

    voidProtocolSetBit(unsignedcharDeviceAddr/*PLC station number*/,unsignedcharRegType/*register type*/,unsignedintBitAddr/*address*/,unsignedcharSubAddr/*subaddress*/,unsignedint

    ntClrSet/*write value "1" or "0"*/)

    Function: According to the function parameters, form a command array to set a certain variable to "1" or "0" to start sending. Wait for the sending and receiving to be completed (if the receiving is not completed before the timeout, resend). Analyze the receiving array: if correct, return; if wrong, resend.

    (7) Read N bytes of variables

    voidProtocolReadByte(unsignedcharDeviceAddr/*PLC station number*/,unsignedcharRegType/*register type*/,unsignedintRegAddr/*starting address*/,unsignedcharSubAddr/*subaddress*/,unsignedintRegNum/*number*/)

    Function: According to the function parameters, form a command array for reading N bytes of variables and start sending. Wait for the sending and receiving to be completed (if the receiving is not completed before the timeout, resend). Analyze the received array: if correct, save the read data; if wrong, resend.

    (8) Write N bytes of variables

    voidProtocolSetByte(unsignedcharDeviceAddr/*PLC station number*/,unsignedcharRegType/*register type*/,unsignedintRegAddr/*starting address*/,unsignedcharSubAddr/*subaddress*/,unsignedintRegNum/*number*/)

    Function: According to the function parameters, form a command array for writing N word variables (the number to be written is read from a parameter array), and start sending. Wait for the sending and receiving to be completed (if the receiving is not completed before the timeout, resend). Analyze the received array: if correct, return; if wrong, resend.

    4 Conclusion

    The above program has passed the experiment and applied to the actual human-machine system. According to the similar method, other programs with different functions can be written to realize different control and operation of PLC. By using the complementary advantages of single-chip microcomputer and PLC, a networked and intelligent industrial control system can be formed. In addition, the entire single-chip microcomputer system program is programmed in C51 language, which is concise and easy to read and debug. The combination of single-chip microcomputer and human-machine interface can display the working status of PLC in real time, control, set and adjust the working status of PLC in real time, and improve the automation and real-time performance of industrial control.