Scribd
Upload
17 views2 pages

S7 ReadMe

Uploaded by

designselva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
17 views2 pages

S7 ReadMe

Uploaded by

designselva
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

Warning, the attached files are experimental VIs provided for educational purposes

only. No warrantee is expressed or implied. You should test your code and
completely understand the implications of writing to or reading from an operating
PLC.

PLCs are often used to control hazardous processes and/or equipment. Writing to or
reading from a PLC in active control of equipment or process can result in the
disruption of the PLC program or data areas, potentially causing economic loss,
property damage, generation or release of hazardous substances and/or personal
injury up to and including death. Test your software in a controlled environment
and qualify it before using it on active equipment or processes.

To my knowledge, Siemens has never released the details of the S7 protocol. Much
of what is publicly available on S7 is based on observations of the protocol by
others. There is an open source S7 data exchange package available at
http://libnodave.sourceforge.net/ that documents many S7 features.

These VIs were based upon the example posted at


http://decibel.ni.com/content/docs/DOC-5467. They were modified by observing and
mimicking a S7 data exchange between a protocol converter and a S7-300 series PLC.
The observations were accomplished with the wireshark network protocol analyzer,
available at http://www.wireshark.org/ and the Wireshark Plugin f�r S7-Protokoll,
available at http://sps-forum.de/showthread.php?p=202763.

The Address Area parameter determines which PLC memory area is the target for the
reads and writes. I have only tested reads and writes to the Data Block (DB) Area.
Your application should read and write to separate read and write DBs dedicated for
transfer only. By confining reads and writes to dedicated Data Blocks, the risk of
unintended overwrites may be reduced.

The data type: S7Com_Transport_Size.ctl is a ring variable that contains the


parameter for the size or type of the transfer. I have only had success with the
BYTE, INT and DINT transport sizes on an S7-300 series PLC. The other sizes remain
in the ring variable for testing on other PLCs.

I do not know if the bytes of a multiple-byte variable are read or written


atomically.

The example contains two top-level VIs: S7Com_Once.vi and S7Com_W+R_Loop.vi.

S7Com_Once.vi performs one read or write per execution. It writes to the target
PLC from an array of I32, it reads from the target PLC into an array of I32. The
number of bytes written is proportional to the number of elements in the array to
be written and the transport size parameter.

S7Com_W+R_Loop.vi regularly writes to and reads from a pair of DBs in the target
PLC. In order to use it, your Step7 PLC project should provide two Data Blocks,
DB11 and DB12. See the screen capture image db11&12.PNG for their layout. After
downloading the DBs to your PLC, monitor and change DB VAlues with a VAT. As can
be seen in the VI, the transfer size is DWORD.

Included are example VIs (S7Com_to_PLC(SubVI).vi and S7Com_from_PLC(SubVI).vi) to


map variables between Labview and the S7 PLC DBs. In the example, they use the
same cluster type definition (S7Com_PLC_Data.ctl) but that is not a requirement.
When you change the mappings, you must calculate the size of the variables to be
read from the PLC in order to use the correct Read Length parameter. The read
length parameter is in transport size units. The write length parameter is taken
from the size of the write data array, so if the write data array is larger than
you anticipate, data may be overwritten.
The hex byte and hex byte array type definitions were created to format the
internal data structures to show hex values so that they could be easily compared
to the wireshark packet dumps.

These VIs have been minimally tested on a NI 9072 cRIO.

This is not finished. Needed are better error checking, cleaner S7 Response
decoding, and stress testing with malformed data.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy