Главная Обзор Помощь
Регистрация Вход
ECS
/
repos_ecs
3
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 25c518355a
Ветки Метки
repos_ecs
/
串口调试工具
/
ModScan
/
PROTOCOL.TXT

PROTOCOL.TXT 13 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187 
  1. 

  2. Modes of Transmission
    3. 

  3. 

  4. The mode of transmission is the structure of the individual units of information within a message, and the numbering system used to transmit the data.  Two modes of transmission are available for use in a MODBUS system.  Both modes provide the same capabilities for communicating with PLC slaves;  the mode is selected depending on the equipment used as a MODBUS Master.  One mode must be used per MODBUS system; mixing of modes is not allowed.  The modes are ASCII (American Standard Code for Information Interchange), and RTU, (Remote Terminal Unit.)  The characteristics of the two transmission modes are defined below:
    5. 

  5. 

  6. Characteristic	ASCII (7-bit)	RTU (8-bit)
    7. 

  7. Coding System	hexadecimal (uses ASCIIprintable characters (0-9, A-F)	8-bit binary
    8. 

  8. Number of bits per character:		
    9. 

  9. start bits	1	1
    10. 

  10. data bits (least significant first)	7	8
    11. 

  11. parity (optional)	1	1
    12. 

  12. (1-bit sent for even or odd parity, no bits for no parity)	(1-bit sent for even or odd parity, no bits for no parity)
    13. 

  13. stop bits	1 or 2	1 or 2
    14. 

  14. Error Checking	LRC (Longitudinal Redundancy Check)	CRC (Cyclical Redundancy Check)
    15. 

  15. 

  16. 

  17. 

  18. MODBUS Message Types
    19. 

  19. 

  20. 

  21. ASCII Framing
    22. 

  22. 

  23. Framing in ASCII Transmission mode is accomplished by the use of the unique colon, (:), character to indicate the beginning of frame and carriage return/line feed, (CRLF), to delineate end of frame.  The line feed character also serves as a synchronizing character which indicates that the transmitting station is ready to receive an immediate reply.
    24. 

  24. 

  25. 

  26. BEGIN FRAME	ADDRESS	FUNCTION	DATA	ERROR CHECK	EOF	READY TO RECEIVE
    27. 

  27. :	2-CHAR 16-BIT	2-CHAR 16-BITS	N X 4-CHARN X 16-BITS	2-CHAR16-BITS	CR	LF
    28. 

  28. RTU Framing
    29. 

  29. 

  30. Frame synchronization can be maintained in RTU transmission mode only by simulating a synchronous message.  The receiving device monitors the elapsed time between receipt of characters.  If three and one-half character times elapse without a new character or completion of the frame, then the device flushes the frame and assumes that the next byte received will be an address.
    31. 

  31. 

  32. 

  33. T1,T2,T3	ADDRESS	FUNCTION	DATA	CHECK	T1,T2,T3
    34. 

  34. 

  35. 

  36. Error Detection
    37. 

  37. 

  38. 

  39. There are two types of errors which may occur in a communications system: transmission errors and programming errors.  The MODBUS system has specific methods for dealing with either type of error.
    40. 

  40. 

  41. Communications errors usually consist of a changed bit or bits within a message.  The most frequent cause of communications errors is noise: unwanted electrical signals in a communications channel.  These signals occur because of electrical interference from machinery, damage to the communications channel, impulse noise, (spikes), etc.  Communications errors are detected by character framing, a parity check, and a redundancy check.
    42. 

  42. 

  43. When the character framing, parity, or redundancy checks detect a communications error, processing of the message stops.  A PLC slave will not act on or respond to the message.  (The same occurs if a non-existent slave address is used.)
    44. 

  44. 

  45. When a communications error occurs, the message is unreliable.  The PLC slave cannot know for sure if this message was intended for it.  So the CPU might be answering a message which was not its message to begin with.  It is essential to program the MODBUS Master to assume a communications error has occurred if there is no response in a reasonable time.  The length of this time depends upon the baud rate, type of message, and scan time of the PLC slave.  Once this time is determined, the master may be programmed to automatically retransmit the message.
    46. 

  46. 

  47. The MODBUS system provides several levels of error checking to assure the quality of the data transmission.  To detect multibit errors where the parity has not changed, the system uses redundancy checks: Cyclical Redundancy Check, (CRC), for the RTU mode and Longitudinal Redundancy Check, (LRC), for the ASCII mode.
    48. 

  48. 

  49. CRC-16 Cyclic Redundancy Check
    50. 

  50. 

  51. The CRC-16 error check sequence is implemented as described in the following paragraphs.
    52. 

  52. 

  53. The message, (data bits only, disregarding start/stop and parity bits), is considered as one continuous binary number whose most significant bit, (MSB), is transmitted first.  The message is pre-multiplied by X**16, (shifted left 16 bits), then divided by X**16 + X**15 + X**2 + 1 expressed as a binary number (11000000000000101).  The integer quotient digits are ignored and the 16-bit remainder (initialized to all ones at the start to avoid the case where all zeroes being an accepted message), is appended to the message, (MSB first), as the two CRC check bytes.  The resulting message including the CRC, when divided by the same polynomial (X**16 + X**15 + X**2 + 1), at the receiver will give a zero remainder if no errors have occurred.  (The receiving unit recalculates the CRC and compares it to the transmitted CRC).  All arithmetic is performed modulo two, (no carries).  An example of the CRC-16 error check for message HEX 0207, (address 2, function 7 or a status request to slave number 2) follows:
    54. 

  54. 

  55. The device used to serialize the data for transmission will send the conventional LSB or right-most bit of each character first.  In generating the CRC, the first bit transmitted is defined as the MSB of the dividend.  For convenience then, and since there are no carries used in arithmetic, let’s assume while computing the CRC that the MSB is on the right.  To be consistent, the bit order of the generating polynomial must be reversed.  The MSB of the polynomial is dropped since it affects only the quotient and not the remainder.  This yields 1010 0000 0000 0001, (HEX A001)..  Note that this reversal of the bit order will have no effect whatever on the interpretation or the bit order of characters external to the CRC calculations.
    56. 

  56. 

  57. The step by step procedure to form the CRC-16 is as follows:
    58. 

  58. 

  59. 1.	Load a 16-bit register with all 1’s.
    60. 

  60. 

  61. 2.	Exclusive OR the first 8-bit byte with the high order byte of the 16-bit register, putting the result in the 16-bit register.
    62. 

  62. 

  63. 3.	Shift the 16-bit register one bit to the right.
    64. 

  64. 

  65. 4a.	If the bit shifted out to the right is one, exclusive OR the generating polynomial 1010 0000 0000 0001 with the 16-bit register.
    66. 

  66. 

  67. 4b.	If the bit shifted out to the right is zero; return to step 3.
    68. 

  68. 

  69. 5.	Repeat steps 3 and 4 until 8 shifts have been performed.
    70. 

  70. 

  71. 6.	Exclusive OR the next 8-bit byte with the 16-bit register.
    72. 

  72. 

  73. 7.	Repeat step 3 through 6 until all bytes of the message have been exclusive OR’rd with the 16-bit register and shifted 8 times.
    74. 

  74. 

  75. 8.	The contents of the 16-bit register are the 2 byte CRC error check and is added to the message most significant bits first.
    76. 

  76. 

  77. 

  78. 16-BIT REGISTER	MSB			Flag
    79. 

  79. (Exclusive OR)	1111	1111	1111	1111	
    80. 

  80. 02			0000	0010	
    81. 

  81. 1111	1111	1111	1101	
    82. 

  82. Shift 1	0111	1111	1111	1110	1
    83. 

  83. Polynomial	1010	0000	0000	0001	
    84. 

  84. 1101	1111	1111	1111	
    85. 

  85. Shift 2	0110	1111	1111	1111	1
    86. 

  86. Polynomial	1010	0000	0000	0001	
    87. 

  87. 1100	1111	1111	1110	
    88. 

  88. Shift 3	0110	0111	1111	1111	0
    89. 

  89. Shift 4	0011	0011	1111	1111	1
    90. 

  90. Polynomial	1010	0000	0000	0001	
    91. 

  91. 1001	0011	1111	1110	
    92. 

  92. Shift 5	0100	1001	1111	1111	0
    93. 

  93. Shift 6	0010	0100	1111	1111	1
    94. 

  94. Polynomial	1010	0000	0000	0001	
    95. 

  95. 1000	0100	1111	1110	
    96. 

  96. Shift 7	0100	0010	0111	1111	0
    97. 

  97. Shift 8	0010	0001	0011	1111	1
    98. 

  98. Polynomial	1010	0000	0000	0001	
    99. 

  99. 1000	0001	0011	1110	
    100. 

  100. 07			0000	0111	
    101. 

  101. 1000	0001	0011	1001	
    102. 

  102. Shift 1	0100	0000	1001	1100	1
    103. 

  103. Polynomial	1010	0000	0000	0001	
    104. 

  104. 1110	0000	1001	1101	
    105. 

  105. Shift 2	0111	0000	0100	1110	1
    106. 

  106. Polynomial	1010	0000	0000	0001	
    107. 

  107. 1101	0000	0010	1111	
    108. 

  108. Shift 3	0110	1000	0010	0111	1
    109. 

  109. Polynommial	1010	0000	0000	0001	
    110. 

  110. 1100	1000	0010	0110	
    111. 

  111. Shift 4	0110	0100	0001	0011	0
    112. 

  112. Shift 5	0011	0010	0000	1001	1
    113. 

  113. Polynomial	1010	0000	0000	0001	
    114. 

  114. 1001	0010	0000	1000	
    115. 

  115. Shift 6	0100	1001	0000	0100	0
    116. 

  116. Shift 7	0010	0100	1000	0010	0
    117. 

  117. Shift 8	0001	0010	0100	0001	0
    118. 

  118. HEX 12			HEX 41	
    119. 

  119. TRANSMITTED MESSAGE WITH CRC-16
    120. 

  120. (MESSAGE SHIFTED TO RIGHT TO TRANSMIT)
    121. 

  121. 

  122.        12                   41                    07                   02
    123. 

  123. 

  124. 0001    0010    0100    0001    0000    0111    0000    0010
    125. 

  125. 

  126. 

  127. 

  128. LRC (Longitudinal Redundancy Check)
    129. 

  129. 

  130. 

  131. The error check sequence for the ASCII mode is LRC.  The error check is an 8-bit binary number represented and transmitted as two ASCII hexadecimal (hex) characters.  The error check is produced by converting the hex characters to binary, adding the binary characters without wraparound carry, and two’s complementing the result.  At the received end the LRC is recalculated and compared to the sent LRC.  The colon, CR, LF, and any imbedded non-ASCII hex characters are ignored in calculating the LRC.
    132. 

  132. 

  133. Address	02		0000 0010
    134. 

  134. Function	01		0000 0001
    135. 

  135. Start Add H.O.	00		0000 0000
    136. 

  136. Start Add L.O.	00		0000 0000
    137. 

  137. Quantity of Pts	00		0000 0000
    138. 

  138. 08		0000 1000
    139. 

  139. Sum	0000 1011
    140. 

  140. 1’s complement	1111 0100
    141. 

  141. +1	0000 0001
    142. 

  142. Error Check	F5	2’s complement	1111 0101
    143. 

  143. 

  144. 8-BITS	8-BITS	N X 8-BITS	16-BITS	
    145. 

  145. Address Field
    146. 

  146. 

  147. The address field immediately follows the beginning of frame and consists of 8-bits, (RTU), or 2 characters, (ASCII).   These bits indicate the user assigned address of the slave device that is to receive the message sent by the attached master.
    148. 

  148. 

  149. Each slave must be assigned a unique address and only the addressed slave will respond to a query that contains its address.  When the slave sends a response, the slave address informs the master which slave is communicating.  In a broadcast message, an address of 0 is used.  All slaves interpret this as an instruction to read and take action on the message, but not to issue a response message.
    150. 

  150. 

  151. Function Field
    152. 

  152. 

  153. The Function Code field tells the addressed slave what function to perform.  MODBUS function codes are specifically designed for interacting with a PLC on the MODBUS industrial communications system.  The high order bit in this field is set by the slave device to indicate an exception condition in the response message.  If no exceptions exist, the high-order bit is maintained as zero in the response message.
    154. 

  154. 

  155. The following table lists those functions supported by the ModScan application:
    156. 

  156. 

  157. CODE	MEANING	ACTION
    158. 

  158. 01	READ COIL STATUS	Obtains current status, (ON/OFF), of a group of logic coils.
    159. 

  159. 02	READ INPUT STATUS	Obtains current status, (ON/OFF), of a group of discrete inputs.
    160. 

  160. 03	READ HOLDING REGISTER	Obtains current binary value in one or more holding registers.
    161. 

  161. 04	READ INPUT REGISTER	Obtains current binary value in one or more input registers.
    162. 

  162. 05	FORCE SINGLE COIL	Force logic coil to a state of ON or OFF.
    163. 

  163. 06	PRESET SINGLE REGISTER	Place a specific binary value into a holding register.
    164. 

  164. Data Field
    165. 

  165. 

  166. The data field contains information needed by the slave to perform the specific function or it contains data collected by the slave in response to a query.  This information may be values, address references, or limits.  For example, the function code tells the slave to read a holding register, and the data field is needed to indicate which register to start at and how many to read.  The imbedded address and data information varies with the type and capacity of the PLC associated with the slave.
    167. 

  167. 

  168. Error Check Field
    169. 

  169. 

  170. This field allows the master and slave devices to check a message for errors in transmission.  Sometimes, because of electrical noise or other interference, a message may be changed slightly while its on its way from one device to another.  The error checking assures hat the slave or master does not react to messages that have changed during transmission.  This increases the safety and the efficiency of the MODBUS system.
    171. 

  171. 

  172. The error check field uses a Longitudinal Redundancy Check, (LRC), in the ASCII mode of transmission, and a CRC-16 check in the RTU mode.
    173. 

  173. 

  174. 

  175. Exception Responses
    176. 

  176. 

  177. 

  178. Programming or operation errors are those involving illegal data in a message, no response from the PLC to its interface unit, or difficulty in communicating with a slave.  These errors result in an exception response from either the master computer software or the PLC slave, depending on the type of error.  The exception response codes are listed below.  When a PLC slave detects one of these errors, it sends a response message to the master consisting of the slave address, function code, error code, and error check fields.  To indicate that the response is a notification of an error, the high-order bit of the function code is set to one.
    179. 

  179. 

  180. CODE	NAME	MEANING
    181. 

  181. 01	ILLEGAL FUNCTION	The message function received is not an allowable action for the addressed slave.
    182. 

  182. 02	ILLEGAL DATA ADDRESS	The address referenced in the data field is not an allowable address for the addressed slave device.
    183. 

  183. 03	ILLEGAL DATA VALUE	The value referenced in the data field is not allowable in the addressed slave location.
    184. 

  184. 04	FAILURE IN ASSOCIATED DEVICE	The slave’s PC has failed to respond to a message or an abortive error occurred.
    185. 

  185. 05	ACKNOWLEDGE	The slave PLC has accepted and is processing the long duration program command.
    186. 

  186. 06	BUSY, REJECTED MESSAGE	The message was received without error, but the PLC is engaged in processing a long duration program command.
    187. 

  187. 07	NAK-NEGATIVE ACKNOWLEDGMENT	The PROGRAM function just requested could not be performed.
    188.