So how does a PLC work step by step?
Fellow industrial control colleagues should be familiar with the fact that PLC operates in a cyclic scanning manner. However, if we delve deeper and pose a few specific questions, not everyone might be able to respond accurately. For instance: What are the steps involved in cyclic scanning? During cyclic scanning, do both digital and analog inputs enter the buffer zone? What is the program structure of PLC? In today's article, we will delve into the working principles of PLC and address these questions.
Before discussing the operational principles of PLC, let's first examine its program structure.
PLC's CPU contains two types of programs: one is the operating system, designed by the PLC manufacturer and embedded into the CPU before leaving the factory; the other is the user program, which is designed by programmers based on actual requirements to accomplish specific functions.
The operating system reserves some interfaces for user programs. Through these interfaces, the operating system can control the execution of user programs. Generally, there are two types of interfaces: the main program interface and the interrupt program interface.
The main program interface is the starting point for the normal execution of user programs. This design philosophy of PLC is similar to computer programming. As we know, in C language programming, the program's execution begins with the Main function. In the Main function, the code is executed sequentially from top to bottom. The Main function serves as the interface for the operating system to execute user programs.
 |
| Main function |
In the Siemens S7-300/400 series PLCs, program execution begins with the organization block OB1. OB1 is analogous to the Main function in C language. In the S7-200 smart series, OB1 is directly referred to as the Main block.
For complex programs, commonly used functionalities can be designed as modules for reuse. These small modules are called subroutines.
Subroutines reside within the main program, and the operating system, through the invocation of the main program, ensures the execution of subroutines as well. In the S7-300/400 series, subroutines include FB (Function Blocks) and FC (Function Calls).
Apart from the main program interface, PLC also provides interfaces for interrupt programs. For instance, in the S7-300/400 series PLCs, organization blocks like OB35 (cycle interrupt), OB40 (hardware interrupt), OB82 (diagnostic interrupt), OB122 (IO access fault interrupt), etc., are available. Programs within the interrupt program interface are referred to as "interrupt service routines," which users write themselves.
During PLC operation, if an interrupt request is detected, the operating system suspends the execution of the current user program and seeks the interface for the interrupt program to execute the corresponding interrupt service routine. Taking the S7-300/400 series as an example: when the PLC detects a peripheral IO access fault, it invokes OB122 for handling. If OB122 is not added at this point, the CPU will halt; if OB122 is added but no code is written (no interrupt service routine), the CPU will continue running, but the SF lamp will illuminate to indicate a system fault.
Interrupt execution follows a priority scheme, where higher priority interrupts are responded to first. Interrupts can also be nested, meaning higher priority interrupts will interrupt lower priority interrupts.
From the description of the main program interface and interrupt program interface above, we can observe that the operating system acts as the PLC's steward, controlling the execution of user programs and the response to interrupts.
In fact, before executing user programs, the PLC's operating system performs other tasks, as illustrated in the following diagram:
 |
| PLC cyclic scanning |
After a cold or warm start, the PLC performs a startup scan during which certain variables can be initialized. The startup scan occurs only once after each start-up. In the S7-300/400 series PLCs, organization blocks OB100 (warm start), OB101 (hot start), and OB102 (cold start) are used for the startup scan.
Once the startup scan is completed, the PLC enters the cyclic scanning phase. Initially, internal checks are performed, followed by the reading of external digital inputs into the CPU's input image. It's important to note that only digital input signals are read, excluding analog input signals. After the status of digital input signals is read into the input image, the user program execution begins.
During the execution of the user program, if digital input signals are required, the CPU will read them from the input image rather than fetching them from external devices. However, for analog input signals, direct reading from external analog sensors occurs.
There are several advantages to reading digital input signals into the input image:
- The value of signals is fixed within the current scanning cycle, unaffected by external signal fluctuations, ensuring consistent program execution results.
- Reading from the input image is significantly faster than directly accessing external signal values, promoting quick program execution.
- External digital input signals can only be accessed in bits, but after reading into the input image, they can be accessed in various formats such as bits, bytes, words, and double words, providing more flexibility in program coding.
For digital output signals, the results of user program execution are stored in the output image. After the user program execution is completed, the operating system refreshes the computation results stored in the output image to the digital output modules.
Regarding analog output signals, they are not stored in the output image but are directly output to peripheral devices during program execution.
That concludes the introduction to the program structure of PLC and the working principle of cyclic scanning in PLCs.