

Manual del programador de Step 7 del Trabajo Fin de Máster realizado por

### Manuel Vázquez Muñiz

para la obtención del título de

Máster en Ingeniería de Automatización e Informática Industrial

### Upgrade of the UNICOS Time Stamp Push Protocol (TSPP) broker to include ultra-fast events

# INDEX

| IND | EX     | ••••• |                       | 1  |
|-----|--------|-------|-----------------------|----|
| FIG | URE II | NDEX  | ,<br>                 | 2  |
| 1.  | Intro  | oduct | ion                   | 4  |
| 1   | .1.    | Proje | ect identification    | 4  |
| 1   | .2.    | Proje | ect overview          | 4  |
| 1   | .3.    | Docι  | ument overview        | 4  |
| 2.  | Imp    | leme  | ntation               | 5  |
| 2   | .1.    | Gene  | eral                  | 5  |
|     | 2.1.1  | 1.    | Program creation      | 5  |
|     | 2.1.2  | 2.    | TSPP treatment        | 7  |
|     | 2.1.3  | 3.    | Peripheral addressing | 10 |
|     | 2.1.4  | 4.    | Concurrency           | 11 |
|     | 2.1.5  | 5.    | Consistency           | 13 |
| 2   | .2.    | SCL f | files modifications   | 14 |
|     | 2.2.1  | 1.    | Files modified        | 14 |
|     | 2.2.2  | 2.    | Digital Input         |    |
|     | 2.2.3  | 3.    | Digital Output        |    |
|     | 2.2.4  | 4.    | Digital Alarm         |    |
|     | 2.2.5  | 5.    | OnOff                 |    |
|     | 2.2.6  |       | Communication         |    |
|     | 2.2.7  |       | TSPP                  |    |
|     | 2.2.8  |       | OB Compilation        |    |
|     | 2.2.9  |       | Logic                 |    |
| -   | .3.    |       | lware interrupt       |    |
| 2   | .4.    | Cycli | ic interrupt          | 23 |
| 3.  | Resu   | ults  |                       | 25 |
| 3   | .1.    | Deci  | sion                  | 31 |
| 4.  | Acro   | onym  | s                     | 32 |
| 5.  | Doci   | umen  | nts of the project    | 33 |
| 6.  |        |       | phy                   |    |

# **FIGURE INDEX**

| Step 7 Programmer Manual                                                                         | Manuel Vázquez Muñiz 2                 |
|--------------------------------------------------------------------------------------------------|----------------------------------------|
| Fig. 21. Maximum cycle time configuration                                                        |                                        |
| Fig. 20. Oscilloscope cursors used for measurement                                               | 25                                     |
| Fig. 19. CPU configuration for cyclic interrupt OB 34                                            | 24                                     |
| Fig. 18. Digital Input module configuration for hardware intern                                  | rupts23                                |
| Fig. 17. Function to execute the fast interlock logic contained                                  | in the OnOff dependent logic22         |
| Fig. 16. OB 34 execution code                                                                    |                                        |
| Fig. 15. OB 40 execution code                                                                    |                                        |
| Fig. 14. Extract of the new "TSPP_FI" function block used for t                                  | he fast interlock TSPP processing19    |
| Fig. 13. Extract of the new blocks included in the fast interlock                                | c processing18                         |
| Fig. 12. Extract of the new "FC_ONOFF_FI" function with fast i                                   | interlock objects17                    |
| Fig. 11. Difference between original (left) and new (right) imple<br>with fast interlock objects | _                                      |
| Fig. 10. Extract of the new "FB_DI_FI" function block with fast                                  | interlock objects16                    |
| block with fast interlock objects                                                                |                                        |
| Fig. 9. Difference between original (left) and new (right) impl                                  |                                        |
| of concurrency treatment. Current value is on blue, second las                                   | st column13                            |
| Fig. 8. State of "NbOfStatusReq" and "NbOfRequest" after m                                       | isbehaviour of the program due to lack |
| due to lack of concurrency treatment. Current value is on blue                                   | e, second last column13                |
| Fig. 7. State of "AlreadyInReqList" variables 1 to 5 after (top to                               | o bottom) misbehaviour of the program  |
| to lack of concurrency treatment. Current value is on blue, see                                  |                                        |
| Fig. 6. State of "StatusReqList" variables 1 to 3 (top to bottom)                                | after misbehaviour of the program due  |
| From left to right, objects are digital inputs, PCO, OnOffs and                                  |                                        |
| Fig. 5. State of WINCC OA after misbehaviour of the program                                      |                                        |
| Fig. 4. Peripheral input byte modification in fast interlock prog                                |                                        |
| Fig. 3. TSPP call for OB 34 correction concerning a fast interloc                                | ck digital input                       |
| Fig. 2. Event overwriting correction concerning a fast interlock                                 | د digital input9                       |
| Fig. 1. TSPP messages storage and sending diagram [4]                                            | 7                                      |

| Fig. 22. Response time for the normal input/output using hardware interrupts (theoretical range in     |
|--------------------------------------------------------------------------------------------------------|
| grey)                                                                                                  |
| Fig. 23. Response time for the fast interlock input/output using hardware interrupts                   |
| Fig. 24. Response time for the fast interlock input/output using different UNICOS objects and hardware |
| interrupts                                                                                             |
| Fig. 25. Response time for the normal input/output using cyclic interrupts (theoretical range in grey) |
|                                                                                                        |
| Fig. 26. Response time for the fast interlock input/output using cyclic interrupts                     |
| Fig. 27. Response time for the fast interlock input/output                                             |
| Fig. 28. Events received inside digital input 4 (fast interlock)                                       |

# 1. Introduction

#### 1.1. Project identification

- Title: Upgrade of the UNICOS Time Stamp Push Protocol (TSPP) broker to include ultra-fast events
- Author: Manuel Vázquez Muñiz
- Advisor: Víctor Manuel González Suárez
- Co-advisor: Jerónimo Ortolá Vidal
- Date: June 2017
- Organization: CERN

#### 1.2. Project overview

The current project objective is to solve the issue of the fast interlocks (or ultra-fast events) by improving the Time Stamp Push Protocol (TSPP) used to communicate the control and supervision layers. This protocol is used in the framework UNICOS, and this framework should also be modified as to support this new feature.

With this new feature, the organization will be able to fulfil the requirements of the internal clients who need this capability as to have a proper use of their equipment.

#### 1.3. Document overview

This document explains the changes made to the SCL code used in the PLC as to make a functional fast interlock treatment using the UNICOS framework.

For an insight of the full code that is generated with the solution implemented, see the code existent in the example Step 7 application generated.

### 2.Implementation

Multiple SCL files have been modified as to implement the fast interlock feature. Changes made to them are described in this section.

The implementation of the application is the same in most of its part for both hardware and cyclic interrupts. As such, a general implementation with the common modifications will be described. The specific implementation for each solution will be described in its own subsection.

#### 2.1. General

#### 2.1.1. Program creation

An initial application was created with normal objects, and the code generated was modified as to support the fast interlocks in some of those objects. With those modifications, the validity of the implementations was checked and the response time, was measured. The modifications done to the code are explained via this example application.

The program was generated with 6 digital inputs (3 for the fast interlocks), 6 digital outputs (3 for the fast interlocks), 3 OnOff objects (just for the normal outputs) and a PCO (for the normal processing). An excel document with the specifications of the different objects was created and used to generate the Step 7 application (with all normal objects) as described in the UCPC creation of a Step 7 application document [1].

A WinCC OA application with the existent objects was created for the supervision of the program as described in the UCPC creation of a WinCC OA application document [2] and in the UNICOS creation and configuration of a PVSS WinCC OA application document [3].

The following steps were followed when the application was created:

- The execution of the fast interlock digital inputs was excluded from the function block that executes them ("FB\_DI\_all") and from the data block that contains its data ("DB\_DI\_all") and included in a different function block and data block for fast interlocks processing ("FB\_DI\_FI" and "DB\_DI\_FI"). A function for calling that function block was created ("FC\_DI\_FI").
- Same as for digital inputs was done for digital outputs ("FB\_DO\_FI", "DB\_DO\_FI" and "FC\_DO\_FI").

- The logic for connecting inputs and outputs (for this approach will just be a direct connection of the input to its respective output) was put directly in the OB, although it could have also been included in a function created and that could be called "FIL" (fast interlock logic).
- Inside the OB for the fast interlock processing (either OB 40 for hardware interrupt or OB 34 for cyclic interrupt), the input byte that included the different fast interlock inputs (connected to inputs 0.3, 0.4 and 0.5) was updated by peripheral addressing. After the execution of the digital input objects, the logic and the digital output objects, the output byte that included the different fast interlock outputs (connected to outputs 0.3, 0.4 and 0.5) was updated by peripheral addressing and 0.5) was updated by peripheral addressing and the digital output objects, the output byte that included the different fast interlock outputs (connected to outputs 0.3, 0.4 and 0.5) was updated by peripheral addressing as well.
- After the processing of the fast interlock events inside the PLC, the part of the TSPP necessary to treat inside the fast interlock event processing OB was called ("FC\_Event\_FI").

During the testing, some issues were corrected, such as the proper update of the input bits (as not to include input bits of the byte not used for the fast interlocks), and the call of the FI objects inside the main program in OB 1 (as to be able to interact and execute changes inside WINCC OA to the application objects, so that they are consistent with the rest of the objects in the application).

Having tested the first approach, other approaches were done with different changes:

- OnOff objects were included in the fast interlock processing. Just the ones relevant in the fast interlock processing were included, which meant 3 new OnOff objects were created and included in the fast interlock processing ("FC ONOFF FI").
- Digital alarms for both fast interlock and normal processing were created (3 for normal processing and 3 for fast interlock processing).
- Including logic for the fast interlock processing as a new module inside the PCO ("PCO\_FIL").
   Finally the whole relevant PCO was included inside the fast interlock processing, discarding this new function.
- Coordination between the fast interlock PCO and the no fast interlock objects was included trying to avoid the possible concurrency issues treated in section 2.1.4.
- The use of a fast interlock PCO was discarded and the logic will have to be placed inside the dependent logic of the OnOff objects.

The relevant changes were tested to compare the results and decide the best set of objects to implement as a solution for the project.

#### 2.1.2. TSPP treatment

There are 3 types of messages considered in the TSPP protocol, which are shown in Fig. 1.



Fig. 1. TSPP messages storage and sending diagram [4]

• Events

Event messages are sent whenever a signal changes inside the status register of a UNICOS object. The event includes information of the previous and the current state of the object. The status

Step 7 Programmer Manual

register is updated every time the object itself is called. The check of changes is done inside the function "FC\_Event" and both the storing and sending of the events are done inside the TSPP processing function block ("TSPP\_Unicos\_Manager").

• Status tables

Status tables store the current and old status of the objects. They are divided into groups and one group is processed each time the TSPP is called. While processed, the current value of the table is compared to the old value. If there is a change, the full table (of a predefined size) is stored as to send to the WINCC OA. It is both sent and copied to the old table. The current value is updated inside the UNICOS objects, but the checking, storing and sending of the tables are done inside the TSPP processing function block ("TSPP\_Unicos\_Manager").

Watchdog

A watchdog event is sent every time an IP is received from the WINCC OA. That makes WINCC OA and the PLC make sure the connection is still alive. Watchdog's storing and sending is done inside the TSPP processing function block ("TSPP\_Unicos\_Manager").

The ANY pointer inside the TSPP processing is used as to point a part of a data block of a defined size that is going to be copied to the frame to be sent. This pointer is used for doing that process regardless of the type and the size of the data. The Any pointer has the following fields:

- S7 identificator: 10h for Step 7.
- Data type: The type of data to be transferred. For example, 06h for double word.
- Repetition factor: The amount of elements of the data type specified that are pointed (used generally for arrays or structures. 1 for just an element).
- DBNumber: The number of the data block to be transferred.
- Memory area: The area of the memory of the PLC where the specified data is stored. For example, 84 for a data block.
- Address: The start address of the data. The last 3 bits are used to specify the bit position.

The transfer of the data is then done with the BLKMOV standard function block.

Inside the fast interlock processing, the watchdog is not something critical (does not have to do with the objects used). On the other hand, events need to be treated as to set the proper time stamp, and status tables should all be treated as to make sure changes are detected and stored to send, as the tables for the fast interlock objects are mixed with the rest in the normal processing. The sending should still be left to do for the normal processing, as it is not something critical for the fast interlock processing and can lead to errors if there are communication issues as the function is just called once every time an input changes (not cyclically).

Status table changes storing and sending can also be left to do to the normal processing, as it is just a visual information for the SCADA layer and does not need a precise time stamp.

All these changes were done for the implementation of the application for its testing. Some other issues were discovered and corrected in the application during the testing phase.

With this implementation, the events could be resent during the normal execution of the program if the corresponding UNICOS object was not called in between the interrupt and the TSPP processing in OB1. To avoid this issue, the current state of the event was copied to the old one after the TSPP fast interlock processing. The effect of this change can be seen in Fig. 2.



Fig. 2. Event overwriting correction concerning a fast interlock digital input

For the cyclic interrupt, the events could be not sent if the physical input changed and the UNICOS object was executed in OB1 before the interrupt was triggered, as the execution of the same object inside the interrupt would overwrite the change before the TSPP was called. To avoid this issue, the TSPP was called before the rest of the interrupt execution if the physical input change was detected, even though this could mean a rare resend of an event of a fast interlock object that had

changed the previous PLC cycle and had not been executed yet. The effect of this change can be seen in Fig. 3.



Fig. 3. TSPP call for OB 34 correction concerning a fast interlock digital input

#### 2.1.3. Peripheral addressing

The peripheral addressing of both inputs and outputs permits the overwriting of bytes as the minimum unit of information. In the first approach, this was the method used, updating the full input and output bytes necessary. For further approaches, as to update just the necessary bits (only in the input, as the output did not change the rest of the bits), the method shown in Fig. 4 was used.



Fig. 4. Peripheral input byte modification in fast interlock program

The current input in the input image is stored in a variable, and then the fast interlock bits that it contains are overwritten with the ones obtained from the peripheral input bit read. This is done for every byte that contains fast interlock bits in the application (in the test application, just one).

#### 2.1.4. Concurrency

The interrupts (either software or hardware) that occur need to share some resources with the main program OB (OB 1). As such, and considering interrupts can happen at any time, it appears the need of a synchronization on the access to those resources as to prevent unexpected misbehaviours of the program, similar to race conditions in typical computer programming with multithreading.

The first moment this problem appears in the current approach of the project is at the TSPP management inside the interrupt. It is necessary to store the events and status table changes as for the TSPP in the main program to send it to WinCC OA. There is not a simple solution as to coordinate both OB executions. As such, the search for some solutions is needed.

There is not a standard function or function block, or any instruction similar to a mutex or a semaphore in computer programming that allows the execution of some code avoiding other parts of the code the access to some protected resources. Nevertheless, there are some standard functions that allow the disabling of both synchronous and asynchronous interrupts that could be useful.

• SFC 39 (DIS\_IRT) and SFC 40 (EN\_IRT)

With these system functions [5] it is possible to disable and enable respectively the interrupts, such as hardware or cyclic interrupts. While the interrupts are disabled, no OB is triggered by an interrupt trigger occurrence.

• SFC 41 (DIS\_AIRT) and SFC 42 (EN\_AIRT)

With these system functions [5] it is possible to disable (until the end of OB execution, or until enabling the interrupts back) and enable respectively the interrupts, such as hardware or cyclic interrupts. Unlike SFC 39 and SFC 40, interrupts triggered during the interrupt disabling will be queued until the interrupts are enabled again (they are just delayed).

As to not lose any information regarding interrupt occurrence, SFC 41 and SFC 42 seem to be more useful for the purpose of the function. Still though, these system functions disable (even though just temporarily) all interrupts, including not only hardware interrupts, but also others such as cyclic interrupts from the program and cycle time exceeded (for example, OB 35 and OB 32 which are already being used in the UNICOS framework). This should be taken into consideration when using them as to protect the access to shared resources in OB 1.

During the execution of the code inside a cyclic interrupt, the functions SFC 39 and SFC40 can be used as to avoid having some calls of the function queued when the execution of them is exactly the same and is not triggered by an input change.

The state of the program after a synchronization failure happened inside the TSPP is shown in Fig. 5 for WINCC OA [2] and in Fig. 6, Fig. 7 and Fig. 8 for the variables inside the S7 program. This synchronization failure happened when the status table treatment was still being implemented inside the fast interlock treatment.



Fig. 5. State of WINCC OA after misbehaviour of the program due to lack of concurrency treatment. From left to right, objects are digital inputs, PCO, OnOffs and digital outputs

The status table 2 has been set to send inside OB40, and overwritten by OB1 inside the main program. As such, no more status tables are sent as the condition for sending status tables is checking the variable "StatusReqList[1]", and sending it if it's value is not 0. Still though, status table 2 is marked to be sent ("AlreadyInReqList[2]" is TRUE) and the number of status tables to be sent is 3 (number 2, which has disappeared, number 3 and number 4), although the number of requests is actually 0.

Step 7 Programmer Manual

| 267 | 500.0 | stat | StatusReqL | INT | 0 | 0 | 0 |
|-----|-------|------|------------|-----|---|---|---|
| 268 | 502.0 | stat | StatusReqL | INT | 0 | 3 | 0 |
| 269 | 504.0 | stat | StatusReqL | INT | 0 | 4 | 0 |

Fig. 6. State of "StatusReqList" variables 1 to 3 (top to bottom) after misbehaviour of the program due to lack of concurrency treatment. Current value is on blue, second last column

| 302 | 564.3 | stat | AlreadyInR | BOOL | FALSE | TRUE  | FALSE |
|-----|-------|------|------------|------|-------|-------|-------|
| 301 | 564.2 | stat | AlreadyInR | BOOL | FALSE | TRUE  | FALSE |
| 300 | 564.1 | stat | AlreadyInR | BOOL | FALSE | TRUE  | FALSE |
| 299 | 564.0 | stat | AlreadyInR | BOOL | FALSE | FALSE | FALSE |

Fig. 7. State of "AlreadyInReqList" variables 1 to 5 after (top to bottom) misbehaviour of the program due to lack of concurrency treatment. Current value is on blue, second last column

| 51 | 66.0 | stat | NbOfStatus  | INT | 0 | 3 | 0 | 1 |
|----|------|------|-------------|-----|---|---|---|---|
| 52 | 68.0 | stat | NbOfRequest | INT | 0 | 0 | 0 |   |

Fig. 8. State of "NbOfStatusReq" and "NbOfRequest" after misbehaviour of the program due to lack of concurrency treatment. Current value is on blue, second last column

#### 2.1.5. Consistency

Another problem that needs to be treated is the inconsistency of the data used both during the normal PLC cycle and in the fast interlock processing. In general, the data during the fast interlock processing should be consistent during its whole execution, but the data used during the main program of the PLC can be inconsistent if it is not properly treated inside the fast interlock interrupts.

As such, the points of the fast interlock program where the main program could be affected must be detected and taken into consideration as to decide if the inconsistency issues can or not be a problem for the normal functionality of the program.

Some of the inconsistency issues detected appear in the peripheral input and output update. In the peripheral input, some of the normal digital inputs that are connected to the same byte as the fast interlock ones could change their value during the normal processing, which could not be convenient for the processing of the program. This issue can be solved by updating just the peripheral input bits of the fast interlock inputs and leaving the rest as they were before the peripheral update by doing some bit operations between the existent input byte in the input image and the updated input byte read by peripheral input update. Those operations are shown in Fig. 4.

For the peripheral output update, some of the normal output bits connected to the same output byte as the fast interlock ones could be updated in the output of the PLC before the normal output update at the end of the PLC cycle. This known issue is not considered as a critical one and is not corrected in the program.

Finally, the points of interaction between the fast interlock processing and the main one are a point of inconsistency if a fast interlock triggers in between two uses of the same fast interlock variable (for example, if a fast interlock digital alarm is used by two PCOs and the fast interlock event triggers in between the execution of them). This known issue is not either treated as it is not considered to be a critical one and the way of resolving it would imply delaying the PLC interrupts during a possible large time that would correspond to the execution of all the elements where the fast interlock objects are connected to, which could make it inviable to treat the fast interlock events on an affordable amount of time.

#### 2.2. SCL files modifications

In most of the cases, as the processing of the objects is also needed to be done inside the normal processing (not just in the fast interlock treatment), the fast interlock functions have been called inside the normal processing of each device type (for example, the "FB\_DI\_FI" function block is called inside the "FC\_DI" function), while having delayed the interrupts to avoid concurrency issues.

#### 2.2.1. Files modified

This chapter contains the list of the SCL files modified for each generation tool in UAB.

- Instance generator
  - 4\_Compilation\_OB
  - COMMUNICATION
  - CPC\_TSPP\_UNICOS
  - o DA
  - o DI
  - DO
  - o ONOFF
- Logic generator
  - FC\_PCO\_Logic
  - OnOff04\_DL (one file for each fast interlock OnOff. In the example application three files for "OnOff04\_DL", "OnOff05\_DL" and "OnOff06\_DL")
  - PCO02\_IL (one file for each PCO to which a fast interlock digital alarm is connected. In the example application just one file)

- PCO02\_BL (modified automatically by the templates)
- WinCC OA generator
  - Wincc\_oa\_db\_file (not a SCL file. Modified for the proper DB number for the fast interlock objects)

#### 2.2.2. Digital Input

The digital input file ("DI") has been modified as to include the fast interlock digital inputs in different blocks than the original ones. Those blocks are the manual request ("DB\_DI\_ManRequest"), the event status register ("DB\_Event\_DI"), the binary status both current and old ("DB\_bin\_status\_DI" and "DB\_bin\_status\_DI\_old"), and the function block, data block and function to call the digital input objects ("FB\_DI\_all", "DB\_DI\_all" and "FC\_DI"). The blocks of the fast interlock are the same changing the "DI" for a "DI\_FI". A sample of the difference for the same specifications file is shown in Fig. 9 for the "FB\_DI\_all" function block and in Fig. 10 for the new "FB\_DI\_FI" function block.



Fig. 9. Difference between original (left) and new (right) implementation of the "FB\_DI\_all" function block with fast interlock objects

```
FUNCTION_BLOCK FB_DI_FI
TITLE = FB DI FI
// Call the DI treatment
11
AUTHOR: 'UNICOS'
NAME: 'CallDI'
FAMILY: 'DI'
CONST
    // Constants for the CPC DB DI S ENS-7060
    SIZE_DB_DI_S_IN_BYTES:=2; //one WORD
OFFSET_POSST_IN_BYTES:=0; //Same WORD
OFFSET_FOMOST_IN_BYTES:=0; //Same WORD
    OFFSET_IOERRORW_IN_BYTES:=0; //Same WORD
    OFFSET_IOSIMUW_IN_BYTES:=0; //Same WORD
    BIT POSST:=0;
    BIT FOMOST:=1;
    BIT_IOERRORW:=2;
BIT_IOSIMUW:=3;
END_CONST
VAR
   // Static variables
   DI SET: STRUCT
   UDI04_FI: CPC_DB_DI;// DI number <1>UDI05_FI: CPC_DB_DI;// DI number <2>UDI06_FI: CPC_DB_DI;// DI number <3>
END STRUCT;
// Different variable view declaration
  DI AT DI_SET: ARRAY[1..3] OF CPC_DB_DI;
  // Support variables
  old_status : DWORD;
  I: INT;
  IOError_Var: BOOL;
END_VAR
FOR I:=1 TO 3 DO
```

Fig. 10. Extract of the new "FB\_DI\_FI" function block with fast interlock objects

#### 2.2.3. Digital Output

The digital output file ("DO") has been modified similar to the digital input one with the appropriate names ("DO" instead of "DI").

#### 2.2.4. Digital Alarm

The digital alarm file ("DA") has been modified similar to the digital input one with the appropriate names ("DA" instead of "DI").

#### 2.2.5. OnOff

The manual request, event status register and binary status both current and old contained in the OnOff file ("ONOFF") have been modified the same way as other objects (digital input, digital

output and digital alarm). The OnOff objects have their own data block for each instance though, so there is no need to modify the data block, and no function block is used. As such, only the function ("FC\_ONOFF") has been modified as to include the OnOff objects in a different function call ("FC\_ONOFF\_FI"). A comparison between current UNICOS implementation and the fast interlock one is shown in Fig. 11 for the "FC\_ONOFF" function and in Fig. 12 for the new "FC\_ONOFF\_FI" function for the fast interlock OnOffs.

| <pre>TITLE = 'FC_ONOFF' /// NOFF calls /// NOFF calls /// NUTCOS' NAME: 'Call_OO' FAMILX: 'OnOff' Gal_status1 : DWORD; old_status2 : DWORD; </pre> | <pre>ITILE = 'FC_ONOFF' /// ONOFF calls // Authors: 'UNICOS' NAME: 'Call_oO' FAMILY: 'onGff' cal_status1 : DWORD; cal_status2 : DWORD;</pre>     |
|----------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------|
|                                                                                                                                                    | NbOfDelayedInterrupts : INT;<br>NbOfQueuedInterrupts : INT;                                                                                      |
| END_VAR<br>BEGIN                                                                                                                                   | END_VAR<br>BEGIN                                                                                                                                 |
|                                                                                                                                                    | ////////LOCK//////////<br>MoDDelayddInterrupts := DIS_AIRT();<br>FC_ONOFF_FI();<br>////////WMLOCK/////////<br>NbOFQueuedInterrupts := EN_AIRT(); |
| //                                                                                                                                                 | //                                                                                                                                               |
| // OnOff <1>: OnOff01                                                                                                                              | // onoff <1>: onoff01                                                                                                                            |
| //                                                                                                                                                 | //                                                                                                                                               |





Fig. 12. Extract of the new "FC\_ONOFF\_FI" function with fast interlock objects

#### 2.2.6. Communication

The communication file ("COMMUNICATION") used as to set the data blocks necessary for the communication and the functions for checking the event changes and to call the TSPP has been modified as to include the new status data blocks and the new functions for checking the fast interlock events and calling the TSPP code for the fast interlocks. The new blocks added have been the

"DB\_FIEvent" as to store the event changes, just like "DB\_EventData" does for normal communication processing; and "FC\_Event\_FI" as to check the event changes and to call the TSPP processing of the fast interlock, like "FC\_Event" does. A sample of that code is shown in Fig. 13.



Fig. 13. Extract of the new blocks included in the fast interlock processing

#### 2.2.7. TSPP

The file that contains the TSPP processing ("CPC\_TSPP\_UNICOS") has been modified as to include the "TSPP\_FI" function block which is used inside the fast interlock processing, as well as its "TSPP\_FI\_DB" data block. Its new content is shown in Fig. 14.

```
FUNCTION_BLOCK TSPP_FI
TITLE = 'TSPP FI'
// Commentaire du bloc ...
VERSION : '4.3' //optimization of the redundant implementation
AUTHOR : 'UNICOS'
      : 'COMM'
NAME
FAMILY : 'COMMS'
CONST
These parameters MUST be adjusted to fullfill the user requirements *)
               := 100; // ### Const1:To be set by the user
MaxNbOfTSEvent
                          // Nb of event wich will trig the send to WinCCOA
                         // ### Const2:To be set by the user
// spare places to be able to continue to ../..
SpareEventNumber
                  := 50;
                         // record event when the send function is buzy
Word in_one_TSEvent := 2;
                         // ### Const3:To be set by the user
                          // Number of data word in one Event
                  := 11; // ### Const4:To be set by the user
MaxStatusTable
                          // Max number of status tables (the length of one
                          // table is 200 bytes without the header)
MaxTableInOneSend := 11; // ### Const5:To be set by the user
                          //(MAX value S7-400:250 S7-300:100)
                          // Max nb of status tables in one TSPP message
                          // Must lower or equal to MaxStatusTable
Redundant PLC := FALSE;
                          // Const6:To be set by the user
                          // Using a S7-400H PLC in Redundance mode
                         // ### Const7:To be set by the user
// Size of the Event List
ListEventSize := 1000;
```

Fig. 14. Extract of the new "TSPP\_FI" function block used for the fast interlock TSPP processing

The normal function block "TSPP\_UNICOS\_Manager" has also been modified as to delay the interrupts in the parts of the code where concurrency issues could appear.

#### 2.2.8. OB Compilation

The file that compiles the different OBs ("4\_Compilation\_OB"), as well as some other functions, has been modified as to include the fast interlock processing. That processing is done differently in both hardware and cyclic interrupts, although the schedule is the same for both in most of its part. First, the peripheral inputs are read, then the digital input objects are executed. After that, the execution of the logic is done (as to set the inputs of the alarms), and after the alarms are executed, the logic is executed once again (to set the output of the alarms). After this process, the OnOff objects are executed. Then the digital outputs are executed and set to the periphery right after. Finally, the TSPP processing inside the fast interlocks is called.

Just the events are treated inside this TSPP processing.

• Hardware interrupts

The OB 40 has been included in the file with the fast interlock treatment. A function and a function block (with its data block) have also been implemented as to get and set the peripheral inputs and outputs of the fast interlock event. The execution of the OB 40 is shown in Fig. 15.

```
ORGANIZATION_BLOCK OB40
TITLE = 'Hardware Interrupt'
// Called after a hardware interrupt trigger
11
AUTHOR: 'ICE/PLC'
NAME: 'OB40'
FAMILY: 'UNICOS'
VAR TEMP
   (*UNUSED VARIABLE*)
   UNUSED_VARIABLE : ARRAY [0..20] OF BYTE;
END VAR
BEGIN
   (*Update inputs*)
   FB_FI_PIU.DB_FI_PIU(); // Peripheral input update
   (*Getting inputs*)
   FC_DI_FI(); // Digital inputs
   FC FI LOGIC();
   FC_DA_FI(); // DIGITAL ALARM objects
   (*Process Logic Control*)
   FC_FI_LOGIC(); // Process Control object logic
   (*UNICOS objects calculating*)
   FC ONOFF FI(); // OnOff objects
   (*Setting Outputs*)
   FC_DO_FI(); //Digital Outputs
   (*Update outputs*)
   FI_POU(); // Peripheral output update
   //Calling TS_Event_Manager for TSPP communication with the SCADA
   FC_Event_FI();
END ORGANIZATION BLOCK
```

Fig. 15. OB 40 execution code

#### • Cyclic interrupts

The OB 34 is included in the file with the fast interlock treatment. A function and a function block (with its data block) have also been implemented as to get and set the peripheral inputs and outputs of the fast interlock event. The different objects after the peripheral input update are only executed if there has been a change in the input signals, and the cyclic interrupts are disabled while the OB is executed in that case. The execution described is preceded by a TSPP call. The execution of this OB is the one shown in Fig. 16.

```
ORGANIZATION BLOCK OB34
TITLE = 'Cyclic Interrupt'
11
// Called every user-defined cyclic time
11
AUTHOR: 'ICE/PLC'
NAME: 'OB34'
FAMILY: 'UNICOS'
VAR TEMP
   (*UNUSED VARIABLE*)
   UNUSED_VARIABLE : ARRAY [0..20] OF BYTE;
   Dis_error : INT;
En_error : INT;
END VAR
BEGIN
   (*Update inputs*)
   FB_FI_PIU.DB_FI_PIU();
                        // Peripheral input update
   IF (DB_FI_PIU.Inp_change) THEN
   Dis_error := DIS_IRT(MODE := B#16#02, OB_NR := 34);
   //Calling TS_Event_Manager for TSPP communication with the SCADA
   FC Event FI();
   (*Getting inputs*)
   FC_DI_FI();
               // Digital inputs
   FC_FI_LOGIC();
   FC_DA_FI(); // DIGITAL ALARM objects
   (*Process Logic Control*)
   FC_FI_LOGIC(); // Process Control object logic
   (*UNICOS objects calculating*)
                  // OnOff objects
   FC_ONOFF_FI();
   (*Setting Outputs*)
   FC DO FI(); //Digital Outputs
   (*Update outputs*)
   FI POU(); // Peripheral output update
   //Calling TS_Event_Manager for TSPP communication with the SCADA
   FC Event FI();
   En_error := EN_IRT(MODE := B#16#02, OB_NR := 34);
   END_IF;
END ORGANIZATION BLOCK
```

Fig. 16. OB 34 execution code

#### 2.2.9. Logic

The logic is called from the FC\_PCO\_LOGIC function (in the "FC\_PCO\_Logic" file) in a normal UNICOS application. For the fast interlock, the file where this function is defined has been modified as to include another function ("FC\_FI\_LOGIC") which executes the fast interlock logic, which is the dependent logic of the OnOffs selected as fast interlock.

The function is shown in Fig. 17.

```
FUNCTION FC_FI_LOGIC : VOID
TITLE = 'FC_FI_LOGIC'
//
// Call FI DL sections
//
AUTHOR: 'ICE/PLC'
NAME: 'Logic'
FAMILY: 'UNICOS'
BEGIN
// Calling the DL of the FI devices with no master
// Calling the DL of the Dependent Devices for PC001
// Calling the DL of the Dependent Devices for PC002
// Calling the DL of the Dependent Devices for NO_Master
OnOff04_DL();
OnOff05_DL();
OnOff06_DL();
END FUNCTION
```

Fig. 17. Function to execute the fast interlock logic contained in the OnOff dependent logic

#### 2.3. Hardware interrupt

For hardware interrupts handling, the OB 40 is called. This OB is defined including the elements described in section 2.1.1. The digital input module must be configured as to support hardware interrupts in both rising and falling edges for the fast interlock bit inputs (2-3 and 4-5, as they are configured in groups of 2). The diagnostic interrupts are also enabled as to check the input module errors in the PLC diagnostic buffer. The input delay is set to 3 ms by default. The configuration of the digital input module is the one shown in Fig. 18.

| Enable<br>Diagnostic interrup                                            | t 🔽 Hardv | ware inter |       | Input dela<br>3 | y (ms) |         |         |        |
|--------------------------------------------------------------------------|-----------|------------|-------|-----------------|--------|---------|---------|--------|
| Input                                                                    | 0-1       | 2-3        | 4 - 5 | 6-7             | 8 - 9  | 10 - 11 | 12 - 13 | 14 - 1 |
| Diagnostics                                                              | -         |            |       |                 |        |         |         |        |
| No sensor supply:                                                        |           |            |       |                 |        |         |         |        |
| No sensor supply:<br>Trigger for hardware int<br>Rising (positive) edge: | emupt     |            |       |                 |        |         |         |        |

Fig. 18. Digital Input module configuration for hardware interrupts

#### 2.4. Cyclic interrupt

For cyclic interrupts handling, the OB 34 is called (as OB 35 is already in use in the framework). This OB is defined including the elements described in section 2.1.1. As soon as the Inputs are updated, they are compared to their previous state as to decide if the rest of the OB processing is necessary (as it would be a waste of CPU time to process them without changes having appeared in the inputs). The CPU is configured to support cyclic interrupts of OB 34 every 1 ms (shortest time possible). The input delay in the digital input module is set to 3 ms by default. The configuration of the CPU is the one shown in Fig. 19.

|                               | gnostics/Cloc |                  |              | Communication                             | Web                 |  |
|-------------------------------|---------------|------------------|--------------|-------------------------------------------|---------------------|--|
| General<br>Cycle/Clock Memory |               | Retentive Memory |              | Synchronous Cycle<br>me-of-Day Interrupts |                     |  |
|                               | Priority      | Execution        | Phase offset | Unit Proc                                 | ess image partition |  |
| OB30;                         | 0             | 5000             | 0            | ms 💌                                      | *                   |  |
| OB31;                         | 0             | 2000             | 0            | ms 💌                                      | Ŧ                   |  |
| OB32:                         | 9             | 1000             | 0            | ms 💌                                      | Ŧ                   |  |
| OB33:                         | 10            | 500              | 0            | ms 💌 🖳                                    |                     |  |
| OB34:                         | 11            | 1                | 0            | ms 💌 🖳                                    | <u>~</u>            |  |
| OB35:                         | 12            | 100              | 0            | ms 💌 🦳                                    | <b>v</b>            |  |
| OB36:                         | 0             | 50               | 0            | ms 💌 🦳                                    | v.                  |  |
| OB37:                         | 0             | 20               | 0            | ms 💌 🦳                                    | Y                   |  |
| OB38;                         | 0             | 10               | 0            | ms 💌                                      | Ŧ                   |  |
|                               |               |                  |              |                                           |                     |  |

Fig. 19. CPU configuration for cyclic interrupt OB 34

### 3.Results

For acquiring the response time, measures have been made with the use of the oscilloscope cursors capability, as shown in Fig. 20. In general, response times have been tested from the rising edge of the input to the rising edge of the output, although falling edges would have also been valid for the measures, as the hardware interrupts were configured for both edges.



Fig. 20. Oscilloscope cursors used for measurement

Different measures have been made for both the normal and the fast interlock response times with different PLC cycle times [6]. As to enlarge the PLC cycle time, a loop of different sizes has been added each time as to reach different PLC cycle time values.

The PLC maximum cycle time permitted has been configured in the Hardware configuration of the CPU inside the Step 7 software, as shown in Fig. 21. This time has been set to 1000 ms as to avoid any issue concerning long PLC cycle times.

| perties - CPU 317-2PN/DP - (R    |                   |                        |                  |
|----------------------------------|-------------------|------------------------|------------------|
| Diagnostics/Clock                | Protection        | Communication          | Web              |
| General                          | Startup           | Synchronous Cycle      | L                |
| ycle/Clock Memory Retentive      | Memory Interrupts | Time-of-Day Interrupts | Cyclic Interrupt |
| Cycle                            |                   |                        |                  |
| 🔽 Update OB1 process image       | cyclically        |                        |                  |
| Scan cycle monitoring time [ms]: | 1000              |                        |                  |
| Minimum scan cycle time [ms]:    | 0                 |                        |                  |
| Scan cycle load from communic    | ation [%]: 20     |                        |                  |
| Prioritized OCM communicat       | ion               |                        |                  |
| Size of the process-image input  | area: 256         |                        |                  |
| Size of the process-image output | tarea: 256        |                        |                  |
| OB85 - call up at I/O access em  | or: No OB8        | 5 call up              | -                |
|                                  |                   |                        |                  |
| Clock Memory                     |                   |                        |                  |
| Clock memory                     |                   | _                      |                  |
| Memory byte:                     | 0                 |                        |                  |
|                                  |                   |                        |                  |
| ок                               |                   |                        | 1                |

Fig. 21. Maximum cycle time configuration

Results for the normal response times using hardware interrupts are shown in Fig. 22. Values are present in the expected theoretical range.



Fig. 22. Response time for the normal input/output using hardware interrupts (theoretical range in grey)

Results for the fast interlock response times using hardware interrupts are shown in Fig. 23. It has been considered a small discrepancy since the input delay had been set to 3 ms and some values were measured below that amount.



Fig. 23. Response time for the fast interlock input/output using hardware interrupts

In Fig. 24, response times for the fast interlocks using just digital input, digital output objects and processing (as well as TSPP managing), as well as with OnOff objects and with OnOff, digital alarms and PCO (interlocks and instantiation) using hardware interrupts are shown.



Fig. 24. Response time for the fast interlock input/output using different UNICOS objects and hardware interrupts

Same measures for cyclic interrupts are shown in Fig. 25 and Fig. 26. A comparison of hardware interrupt response times and cyclic interrupt response times (both without the OnOff objects) is shown in Fig. 27.



Fig. 25. Response time for the normal input/output using cyclic interrupts (theoretical range in grey)



Fig. 26. Response time for the fast interlock input/output using cyclic interrupts



Fig. 27. Response time for the fast interlock input/output

The proper reception of TSPP messages has been made using WINCC OA [2] in the computer where the Step 7 program was created. The reception of changes in the status tables has just been checked by sight in the objects inside the application configured, whereas events have been checked inside the faceplate of each object, as shown in Fig. 28 for a fast interlock digital input.

|         |          |                       |       |       |     | U     | 0104_FI      |             | Τ.       | DI       |    |
|---------|----------|-----------------------|-------|-------|-----|-------|--------------|-------------|----------|----------|----|
| Status  | Trer     | nds                   | Ala   | rm    | Eve | nt    | Comme        | nts         |          |          |    |
| + Filte | r: UDI0  | 4_FI-                 |       |       |     |       |              |             | 1 hou    | ur 10 mi | in |
| Local T | ime      |                       |       | Alias |     | Bit   |              |             | P        | Event    |    |
| 2016.10 | ).24 09: | 32:22                 | 2.328 | UDI04 | _FI | Har   | dware Fee    | dback Statu | s        | Rising   |    |
| 2016.10 | .24 09:  | 32.22                 | 2.328 | UDI04 | FI  | Mar   | ual Positio  | on Requeste | d Status | Rising   |    |
| 2016.10 | ).24 09: | 32:22                 | 2.328 | UDI04 | FI  | Pos   | ition Statu  | S           |          | Rising   |    |
| 2016.10 | ).24 09: | 32:22                 | 2.446 | UDI04 | FI  | Har   | dware Fee    | dback Statu | S        | Falling  |    |
| 2016.10 | 0.24 09: | 32:22                 | 2.446 | UDI04 | FI  | Mar   | ual Positio  | on Requeste | d Status | Falling  |    |
| 2016.10 | ).24 09: | 32:22                 | 2.446 | UDI04 | FI  | Pos   | ition Statu  | S           |          | Falling  |    |
| 2016.10 | 0.24 09: | :32: <mark>2</mark> 2 | 2.637 | UDI04 | FI  | Har   | dware Fee    | dback Statu | s        | Rising   |    |
| 2016.10 | .24 09:  | 32:22                 | 2.637 | UDI04 | FI  | Mar   | nual Positio | on Requeste | d Status | Rising   |    |
| 1       | 04.00    | 20.00                 |       |       |     | iii i |              |             |          | •        |    |
| On      | Off      |                       |       |       |     |       |              |             |          | Alarms.  |    |
| Auto N  | lode     | 1                     |       |       |     | Force | ed Mode      | Ack. Ala    | m        | Deseled  | t  |

Fig. 28. Events received inside digital input 4 (fast interlock)

It has been detected that sometimes events reception is done unordered in WINCC OA objects faceplates (more specifically during fast input state changes, especially with long PLC cycle times) although time stamping is properly set. This fact is not considered a big issue, and is supposed to be a SCADA layer problem. As such, it has been ignored for the realization of the current project.

#### 3.1. Decision

With the conclusions extracted from the results obtained for the different possibilities, the final decision has been to support both hardware and software (cyclic) interrupts for the fast interlock feature, by selecting the desired type in the specifications file.

The UNICOS objects that will be used inside the fast interlock processing will be the digital inputs, digital alarms, OnOffs and digital outputs. These objects will have a new column in the specifications file as to be selected for the fast interlock processing.

## 4. Acronyms

| CERN       | European Organization for Nuclear Research                                              |
|------------|-----------------------------------------------------------------------------------------|
| UNICOS     | Unified Industrial Control Systems                                                      |
| UAB        | UNICOS Application Builder                                                              |
| СРС        | Continuous Process Control                                                              |
| BE-ICS-PCS | Beams department, Industrial Controls and Safety group, Process Control Systems Section |
| FI         | Fast Interlock                                                                          |
| TSPP       | Time Stamp Push Protocol                                                                |
| PLC        | Programmable Logic Controller                                                           |
| ST         | Structured Text                                                                         |
| SCL        | Structured Control Language                                                             |
| ОВ         | Organization Block                                                                      |
| FB         | Function Block                                                                          |
| FC         | Function                                                                                |
| SFB        | Standard Function Block                                                                 |
| SFC        | Standard Function                                                                       |
| PII        | Peripheral Image of Inputs                                                              |
| PIO/PIQ    | Peripheral Image of Outputs                                                             |
| IEC        | International Electrotechnical Commission                                               |
| SCADA      | Supervisory Control And Data Acquisition                                                |
| WINCC OA   | WinCC Open Architecture                                                                 |
| DI         | Digital Input                                                                           |
| DA         | Digital Alarm                                                                           |
| DO         | Digital Output                                                                          |
| РСО        | Process Control Object                                                                  |

# 5. Documents of the project

The current project has been elaborated in multiple documents that describe a certain part of the project.

- 1. Report: General description of the project. Objectives and conditions for its test. Conclusion from the realization of the project and future works.
- 2. Planning and budget: Schedule of the different tasks that compound the project and price of the resources used.
- 3. Step 7 programmer manual: Modifications to the code of the UNICOS applications to support the fast interlock capability. Results obtained from these modifications.
- 4. Templates programmer manual: Modifications to the code of the templates and of the plugin used to generate the SCL files used in the PLC.
- 5. User manual: Steps to create a fast interlock UNICOS application.
- 6. Templates code: Modified template files inside the resources folder of an application and of the UAB plugin.
- 7. Datasheets: Datasheets of the devices used to research and test the solution for the fast interlocks issue.

Attachments.

1. Attachment 1: Fast interlock application example.

## 6. Bibliography

- [1] S. Izquierdo Rosas and M. Zimny, "Creation of a Siemens S7 UNICOS-CPC 6 Application," 16 October 2015. [Online]. Available: https://edms.cern.ch/ui/file/1228441/1.8.0/Procedure\_S7-UCPC\_Application.pdf. [Accessed 15 December 2016].
- [2] S. Izquierdo Rosas, A. Merezhin and M. Bes, "Creation of a WINCC OA 3.11SP1 CPC 6 Application," 28 October 2015. [Online]. Available: https://edms.cern.ch/ui/file/1228441/1.9.1/Procedure\_WinCCOA-UCPC\_Application.pdf. [Accessed 15 December 2016].
- [3] M. Boccioli, "Creation and configuration of a PVSS (WINCC OA) UNICOS application," 21 September 2012. [Online]. Available: https://unicos.web.cern.ch/sites/unicos.web.cern.ch/files/page/unicos-wincc-oadocumentation/winccoa-unicos-application-setup.pdf. [Accessed 23 January 2017].
- [4] J. Brahy, "TSPP UNICOS MANAGER," 14 May 2005. [Online]. Available: https://svn.cern.ch/reps/en-icesvn/trunk/tools/UNICOS/CPC/TSPP/DriverS7/Doc/TSPP\_description.pdf. [Accessed 15 December 2016].
- [5] "PLC dev," [Online]. Available: http://www.plcdev.com/s7\_library\_functions. [Accessed 11 November 2016].
- [6] Siemens, "How do you process the data from the temporary variables of an organization block in order to determine the cycle time of OB1, for example?," 12 February 2007. [Online]. Available: https://support.industry.siemens.com/cs/document/245243/how-do-you-processthe-data-from-the-temporary-variables-of-an-organization-block-in-order-to-determine-thecycle-time-of-ob1-for-example-?dti=0&lc=en-WW. [Accessed 11 November 2016].