Archive for the 'Modbus' Category

CAS Modbus Explorer

Published by xcosminel April 27th, 2009 in Modbus, RS232, RS485 and Utilities and tools. Comments

Modbus communications not working ? How do you know what’s wrong – is it the baud rate, the parity or even the address? There are so many things that can affect communications.

The Modbus protocol does not support discovery. There is no broadcast message that you can send that will make a slave respond with its port and address settings. The protocol allows for broadcast messages to be sent but doesn’t demand that every vendor supports this feature.

modbusexplorer

Use the CAS Modbus Explorer to find the correct port settings and the correct slave address.
The tool automates the process of trying all the combinations and reports the results. We provide burst and standard mode. In burst mode we send messages to all the possible slave address before waiting for a reply from any of them. This dramatically improves the time required to do the discovery.

The tool works for RS232 and RS485 by allowing you to search for a single device or multiple slaves. To connect to a RS485 network from your laptop you simply need a USB-to-485 converter.

Here is the problem – there are thousands of combinations:

 

Baud 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, 115200
Parity, None, Odd, Even
Stop Bits 1, 2
Data Bits 7, 8
Address 1-254

 

If you had to manually search/test all these combinations it will take you ages. Relax, go for lunch and let the CAS Modbus Explorer do all the work for you.

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Converting Modbus 16 bit numbers to 32 bit numbers

Published by pchipkin April 15th, 2009 in Modbus. Comments

Often the Vendor documentation does not report the byte order in which registers are served or the order in which words must be combined to form 32 bit numbers. For this reason FieldServer provides 4 functions to convert Modbus 16 bit numbers to 32 bit numbers.

2.i16-1.i32

2.i16-1.i32-s

2.i16-1.i32-sw

2.i16-1.i32-sb

Each of these functions takes 2x 16 bits numbers to form a 32 bit number. Each processes the bytes in a different order.

Practical Tip: The easiest way to determine which function to use is to experiment. Look at the values in the FieldServer Data Arrays. If the values are obviously wrong try the other move functions. (Don’t forget that some numbers may be scaled so the number you see in the Data Array may 10x or 100x too big / small).

Example:

In the move below if

DA_B01_REG[21] == 1 and

DA_B01_REG[22] == 2

Then

DA_B01_INT32[21] == 131073

Explanation

1 + 65536* 2 = 131073

Or In Hexadecimal

0×0001 + 0×0002 * 0×10000 = 0×20001

Moves

Source_Data_Array ,Source_Offset ,Target_Data_Array ,Target_Offset ,Length ,Function

DA_B01_REG ,21 ,DA_B01_INT32 ,21 ,2 ,2.i16-1.i32

By the way, the length is 2 because the move must process two values from the source.

Example:

DA_B01_REG[21] == 1 and

DA_B01_REG[22] == 2

Function In Use Value found in DA_B01_INT32[21]
2.i16-1.i32 131073
2.i16-1.i32s 16777728
2.i16-1.i32-sw 65538
2.i16-1.i32-sb 33554688

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

How Real (Floating Point) and 32-bit Data is Encoded in Modbus RTU Messages

Published by xcosminel December 3rd, 2008 in Modbus and Uncategorized. Comments

The article discusses some of the typical difficulties encountered when handling 32-bit data types via Modbus RTU and offers practical help for solving these problems.

The point-to-point Modbus protocol is a popular choice for RTU communications if for no other reason that it’s basic convenience. The protocol itself controls the interactions of each device on a Modbus network, how device establishes a known address, how each device recognizes its messages and how basic information is extracted from the data. In essence, the protocol is the foundation of the entire Modbus network.

Such convenience does not come without some complications however, and Modbus RTU Message protocol is no exception. The protocol itself was designed based on devices with a 16-bit register length. Consequently, special considerations were required when implementing 32-bit data elements. This implementation settled on using two consecutive 16-bit registers to represent 32 bits of data or essentially 4 bytes of data. It is within these 4 bytes of data that single-precision floating point data can be encoded into a Modbus RTU message.

The Importance of Byte Order

Modbus itself does not define a floating point data type but it is widely accepted that it implements 32-bit floating point data using the IEEE-754 standard. However, the IEEE standard has no clear cut definition of byte order of the data payload. Therefore the most important consideration when dealing with 32-bit data is that data is addressed in the proper order.

For example, the number 123456.00 as defined in the IEEE 754 standard for single-precision 32-bit floating point numbers appears as follows:

The affects of various byte orderings are significant. For example, ordering the 4 bytes of data that represent 123456.00 in a “B A D C” sequence in known as a “byte swap”. When interpreted as an IEEE 744 floating point data type, the result is quite different:

Ordering the same bytes in a “C D A B” sequence is known as a “word swap”. Again, the results differ drastically from the original value of 123456.00:

Furthermore, both a “byte swap” and a “word swap” would essentially reverse the sequence of the bytes altogether to produce yet another result:

Clearly, when using network protocols such as Modbus, strict attention must be paid to how bytes of memory are ordered when they are transmitted, also known as the ‘byte order’.

Determining Byte Order

The Modbus protocol itself is declared as a ‘big-Endian’ protocol, as per the Modbus Application Protocol Specification, V1.1.b:

“Modbus uses a “big-Endian” representation for addresses and data items. This means that when a numerical quantity larger than a single byte is transmitted, the most significant byte is sent first.”

Big-Endian is the most commonly used format for network protocols – so common, in fact, that it is also referred to as ‘network order’.

Given that the Modbus RTU message protocol is big-Endian, in order to successfully exchange a 32-bit datatype via a Modbus RTU message, the endianness of both the master and the slave must considered. Many RTU master and slave devices allow specific selection of byte order particularly in the case of software-simulated units. One must merely insure that both all units are set to the same byte order.

As a rule of thumb, the family of a device’s microprocessor determines its endianness. Typically, the big-Endian style (the high-order byte is stored first, followed by the low-order byte) is generally found in CPUs designed with a Motorola processor. The little-Endian style (the low-order byte is stored first, followed by the high-order byte) is generally found in CPUs using the Intel architecture. It is a matter of personal perspective as to which style is considered ‘backwards’.

If, however, byte order and endianness is not a configurable option, you will have to determine the how to interpret the byte. This can be done requesting a known floating-point value from the slave. If an impossible value is returned, i.e. a number with a double-digit exponent or such, the byte ordering will most likely need modification.

Practical Help

The FieldServer Modbus RTU drivers offer several function moves that handle 32-bit integers and 32-bit float values. More importantly, these function moves consider all different forms of byte sequencing. The following table shows the FieldServer function moves that copy two adjacent 16-bit registers to a 32-bit integer value.


Function Keyword Swap Mode Source Bytes Target Bytes
2.i16-1.i32 N/A [ a b ] [ c d ] [ a b c d ]
2.i16-1.i32-s byte and word swap [ a b ] [ c d ] [ d c b a ]
2.i16-1.i32-sb byte swap [ a b ] [ c d ] [ b a d c ]
2.i16-1.i32-sw word swap [ a b ] [ c d ] [ c d a b ]

The following table shows the FieldServer function moves that copy two adjacent 16-bit registers to a 32-bit floating point value:


Function Keyword Swap Mode Source Bytes Target Bytes
2.i16-1.ifloat N/A [ a b ] [ c d ] [ a b c d ]
2.i16-1.ifloat-s byte and word swap [ a b ] [ c d ] [ d c b a ]
2.i16-1.ifloat-sb byte swap [ a b ] [ c d ] [ b a d c ]
2.i16-1.ifloat-sw word swap [ a b ] [ c d ] [ c d a b ]

The following table shows the FieldServer function moves that copy a single 32-bit floating point value to two adjacent 16-bit registers:


Function Keyword Swap Mode Source Bytes Target Bytes
1.float-2.i16 N/A [ a b c d ] [ a b ][ c d ]
1.float-2.i16-s byte and word swap [ a b c d ] [ d c ][ b a ]
1.float-2.i16-sb byte swap [ a b c d ] [ b a ][ d c ]
1.float-2.i16-sw word swap [ a b c d ] [ c d ][ a b ]

Given the vairous FieldServer function moves, the correct handling of 32-bit data is dependent on choosing the proper one. Observe the following behavior of these FieldServer function moves on the known single-precision decimal float value of 123456.00:


16-bit Values Function Move Result Function Move Result
0×2000 0×47F1 2.i16-1.float 123456.00 1.float-2.i16 0×2000 0×47F1
0xF147 0×0020 2.i16-1.float-s 123456.00 1.float-2.i16-s 0xF147 0X0020
0×0020 0xF147 2.i16-1.float-sb 123456.00 1.float-2.i16-sb 0×0020 0xF147
0×47F1 0×2000 2.i16-1.float-sw 123456.00 1.float-2.i16-sw 0×47F1 0×2000

Notice that different byte and word orderings require the use of the appropriate FieldServer function move. Once the proper function move is selected, the data can be converted in both directions.

Of the many hex-to-floating point converters and calculators that are available in the Internet, very few actually allow manipulation of the byte and word orders. One such utility is located at www.61131.com/download.htm where both Linux and Windows versions of the utilities can be downloaded. Once installed, the utility is run as an executable with a single dialog interface. The utility presents the decimal float value of 123456.00 as follows:

One can then swap bytes and/or words to analyze what potential endianness issues may exist between Modbus RTU master and slave devices.

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Multiple Clients of a Modbus slave

Published by xcosminel October 22nd, 2008 in FieldServer, Modbus and Uncategorized. Comments

We are frequenty asked how you deal with a situation where you have more than one client for a slave(s). The Modbus spec does not support this but we have a solution.

The essence of the solution if to use a multi-port FieldServer. Connect each client to its own port and the slave(s) to thier own ports. Each client will see a single virtual slave(s) on its network. This not only solves the problem but is extremely efficient. Of course the FieldServer needs to be correctly configured.

In a situation like this we exploit the FieldServer technology known as ‘Port Expansion’

Figure 1: Normally it is not possible to connect two clients to the same slave. There are two primary reasons:
1) If you are using RS232 then there can only be two devices on the cable segment.
2) If you are using RS485 then the 2nd client will not know to proceess the poll from the 1st client. It will cause errors.



Click to enlarge

Figure 2: Using a FieldServer with an appropriate configuration solves this problem whether you are using RS232 otr RS485.



Click to enlarge

Figure 3: Each client is on its own port. Thus each client does not see poll messages from the other client. In this example client#1 sends a poll to the FieldServer. The is directed a specific slave address. When the poll arrives at the FieldServer, the FieldServer checks the address against its configuration. If there is no match then an exception response is sent. If there is a match the FieldServer determines the port that the matching slave is configured on. The poll message is then relayed to the slave port.



Click to enlarge

Figure 4: The slave responds. The FieldServer relays the response to client#1. The FieldServer also extracts the data from the response and stores in a temporary location (FieldServer calls that a cache block). The duration/expiry of the storage is configurable.



Click to enlarge

Figure 5: If any client requests the same data (client#1 or #2) and the data hasnt expired then the FieldServer responds with data from the temporary storage.



Click to enlarge

Figure 6: If any client requests different data or if the temporary data has expired then the match and relay process is repeated requesting the new data.



Click to enlarge

Figure 7: The slave responds, the response is relayed to the client doing the polling (Client#2 in this case) and the data is stored temporarily so that it is available to the other client.



Click to enlarge

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Scaling / Bit Packing

Published by xcosminel October 21st, 2008 in FieldServer, Modbus and Uncategorized. Comments

FieldServers can scale data and manipulate values using some binary logic and arithmetic functions. Scaling can be applied to each block of Modbus Data read/served.

  • Move to change type : Convert from any FIeldServer Data Type to any other.
  • Move to pack/unpack bits and bytes: Its possible to address each bit in a 8,16 or 32 bit data element by using the packed data types.
  • Move to change byte/word order: Handle the endianess of the remote system easily.
  • Convert to/from Float, MK10, IEE754, 32 bit, 16 bit, 8 bit numbers
  • Move conditionally:
  • Perform Arithmetic Operation: + – * div sqrt, sqr
  • Perform Binary Logic Operation: And, Or, Not, >, >= , <, <=

Most functions can be configured to occur on a configurable period or on update of the data source.


Click for larger view

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Why 7 data bits is no good for Modbus RTU

Published by pchipkin October 10th, 2008 in Modbus. Comments

Modbus RTU is a binary protocol. It requires the use of all 8 bits in each character / byte that forms the message because there are many situations where the 8th bit is used. For example, an exception response has the 8th (most significant bit set. If you wanted to read holding register 40130 then the message contains the offset. In this case the offset is 129 (The distance from 40001). The number 129 requires 8 bits of storage. In fact all numbers greater than 127 require the 8th bit.  These are just two example of why 8 data bits are required to send RTU messages. It is concievable that a device could which supports less than 128 registers which will never have a value larger than 128 stored in any register could use 7 data bits but the message contains a checksum which might require the use of the 8th bit and this is why 7 data bits is never used for Modbus RTU. In fact you cant use 7 data bits for any binary protocol.

Example: Read 40130 length 31 from device 11.

[01]               [03]              [00]             [81]               [00]             [1f]               [54]               [2a] (Hex Values)

[0000 0001] [0000 0011] [0000 0000] [1000 0001] [0000 0000] [0001 1111] [0101 1000] [0010 1010]

Modbus Ascii (JBUS) is an ASCII protocol. Every character in the message is encoded in ASCII characters and ANSI ASCII character set only require 7 data bits to be encoded since the max value of an ASCII characters is 127. These days the set has been extended and contains non-human readable characters numbered from 128-255.

The same message sent in Jbus sends this string of human readable characters.

“01030081001f542a”

Keywords for this article: 8 Data_Bits

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Modbus Developer Resources

Published by Steven Smethurst August 28th, 2007 in Modbus and Scott Cosby. Comment

This article will present Modbus resources to further aid the automation developer. The internet offers a wide variety of sites related to Modbus development from personal to commercial sites. This article will focus on two of the more detailed Modbus related websites.

The first website to be examined will be the official Modbus organization site, which offers a webpage specifically geared for the developer. The developer page on this site is divided into two categories:

  • Modbus Technical Resources
  • Offsite Links

The Modbus Technical Resources section of the developer page includes the following links:

The offsite links section of the developer page offers:

  • The link allows the developer to compile with Visual C++ 6.0 with Windows 95/98/2000 support.
  • FreeMODBUS offers the developer a no-cost implementation of the Modbus protocol, and is specially targeted for embedded systems. This implementation is based upon the most recent standards and should be fully standard compliant.
  • Modbus implementation through a Java library. The site is geared towards Java developers that need to access or share data using the Modbus protocol. The library is fully object oriented, based on abstractions which should support easy understanding, reusability and extensibility. This library is a free and open source to the public.
  • This link offers communication with Modbus/RTU slave devices connected to a PC serial port.
  • Modbus Poll allows the developer to test Modbus slave devices. Modbus Poll is a shareware program that supports Windows 95/98/ME/2000/XP.

There are other links in this section of the webpage. Developers should closely examine this page for other information and products for their specific needs.

A page of the Chipkin Automation Systems (CAS) website is the second important resource for the Modbus developer. CAS is a premier building automation authority. The company’s primary focus is on system integration and protocol conversion.

The CAS Modbus Scanner provides the developer with a utility program for the retrieval and review of Modbus enabled device(s) in a wide variety of formats, and at no-cost to the developer.

Written by: Scott Cosby

© Chipkin Automation Systems 2007

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Free Tool: CAS Modbus Scanner

Published by Steven Smethurst August 23rd, 2007 in Modbus and RS485. Comments

Chipkin Automation Systems has updated there CAS Modbus Scanner to version 1.00bE.

The changes to the utility has come from comments and requests of ts users, if you have a suggestion or a request that you would like to see in the next version of CAS Modbus Scanner feel free to contact us or leave a comment.

As always this utility still remains 100% free, no registration, no email, no trial period, its 100% functional with no disabled features.

screenshot_sm.gif

This new version includes

  • New interface – The interface of CAS Modbus Scanner has been updated to include a side bar where you can defined different connections, devices and tasks. flicker free updates, status bar, auto refresh have also been added to enhance your user experiences.
  • Multiple Connections, Devices, and tasks - In the previous version of CAS Modbus Scanner you where only able to define one connection, device and task at a time. If you wanted to query a different devices you has to set up a new query over writing the old one. In the new version you can set up multiple tasks each with there own query. Each of these tasks are displayed in a easy to read tree format on the left side of the dialog. changing between two different tasks is as easy as selecting a new tasks from the tree.
  • Better error message - All the error messages have been updated, to include possible causes and resolutions to common problems. Chipkin Automation Systems wants your system to work and we do our best to help you in any way possible.
  • Works with RS485 and RS232 – Your are no longer limited to just one physical layer

You can download the new version from Chipkin Automation Systems web site CAS Modbus Scanner 1.00bE

If you have any questions or comments (we like comments) feel free to contact us or leave a comment.

© Chipkin Automation Systems 2007

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Modbus: Create a Modbus client in C#

Published by Steven Smethurst July 13th, 2007 in Modbus. Comments

Q: Given hardware, can I write .NET software for the slave device itself? Is the software on slave device embedded C? Some other language I have never heard of? Can it use C#? The reason I ask is because I have been tasked with writing slave software, NOT master software, and only know C#, VB.NET, VBA, VBScript, and Javascript.
Is this possible?

A: You should be able to write a Modbus client in any language that has access to the serial ports or a TCP connection.
C# has access to both the serial port and a RAW TCP connection; it will not be too hard to create a simple Modbus Client with C#.

Modbus is an open protocol and the Modbus spec is freely available from Modbus.org.
I would suggest that you start there.

I have to ask, Why would you want to create a anther Modbus Slave utility when there are already so many good freely available ones out there?

I would recommended that you take a look at CAS Modbus Scanner, it’s a free Modbus client that you can use to test your Modbus devices

© Chipkin Automation Systems 2007

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

Modbus: Testing Modbus communication

Published by Steven Smethurst July 12th, 2007 in Modbus. Comments

Q: We want to check the communication between our device and personal computer, so we need the 232 communication software. Control.com/Q1026236536

A: There are a few free utilities to check communications between your PC and your Modbus device. Try searching Google for Free Modbus Slave utilities. I recomeded that you use CAS Modbus Scanner its pretty simple to use and completely free.

If your PC does not have a RS232 port (AKA serial port) you may have perchance a USB to rs232 converter, Any Staples or Best Buy will have one.

Once you download and install the utility you will have to configure both the device and your utility to have the same communications settings.

Then it’s as simple as trying to read one of your registers on your device.

© Chipkin Automation Systems 2007

Did you like this post?

Subscribe To The RSS Feed!
To catch many more articles like this in the future, make it easy on yourself and subscribe to me via RSS. You will not regret it!

Do you have a question?
We will do our best to try and solve any building automation, protocol, integration problem you may have

« Previous Entries