In order to make the PLC controller conform to BACnet International Building Automation Control Standard, a PLC controller based on S TM32 control chip and MS/TP protocol is designed and developed. The controller can be programmed by ladder diagram and has complete control logic to meet the consistency requirement of BACnet. Experiments show that the PLC controller can use RS 485 bus to communicate with BACnet virtual machine on PC, reaching 0.596 ms response time and meeting the stability of PLC.
It has the characteristics of simple programming, high efficiency, good real-time performance and stable operation. PLC (Programmable Logic Controller) as a flexible, convenient, versatile, high reliability, simple interface, easy programming, stable and practical field controller, is currently one of the most widely used field controllers. In air-conditioning control system, elevator control system and other building control systems, the application of PLC controller is also very extensive. With the development and research of building automatic control system, BACnet (Building Automation and Control Networks) international standard is more applied to building control system. Because of the inconvenience of communication with BACnet network, the development and use of PLC controller are greatly limited.
The PLC controller based on BACnet protocol can enable operators to monitor the status of the PLC controller and its control equipment from the BACnet network without changing the programming mode of the PLC. This new type of PLC controller can reduce the training cost of programmers.
It is necessary for the development of intelligent building and the research and application of BACnet in China. BACnet protocol is simplified to the greatest extent on the basis of OSI/RM (Open System Interconnection/Reference Model) model. The simplified structure only leaves application layer, network layer, data link layer and physical layer.
According to the protocol structure, the whole automatic control system designed is shown in Figure 1. The system uses MS/TP (Master? Slave/Token? Passing Data Link Protocol) as the data link layer of the whole system. It is the data link layer protocol defined by BACnet standard itself. The protocol takes EIA? 485 standard as the physical layer, which has good stability and operability in building automatic control. It is made in BACnet standard at present. The most frequently used data link layer protocol [1]. STM32F103VET6 is chosen as the main control chip in the PLC controller. Its functions are mainly divided into two parts: one is to realize the basic functions of the PLC controller, and the other is to communicate with the upper and lower devices in the MS/TP network to acquire control information and transmit data. The overall structure of the controller is shown in Figure 2. PLC function realization part: The structure design of part of the program of PLC, according to IEC 61131?3 standard stipulated by PLCopen, through RS 232 bus, realizes the communication between the controller and the ladder diagram programming software of the upper computer and the field control function. BACnet communication part: The design of communication program is based on MS/TP protocol. It communicates with BACnet virtual software through RS 485 bus to obtain control information and data. PLC calls the PLC program in FLASH according to the control information, and carries out the corresponding control and data acquisition.
On the premise of guaranteeing normal and stable communication with BACnet network, the whole program needs to update and call the PLC control program. The block diagram of the whole program is shown in Figure 3. From Figure 3, we can see that the whole program has completed the unified call of the two parts of the program of PLC control function and BACnet communication function and the realization of the whole function. After communicating with the equipment in the network, the controller changes the internal control parameters and calls the control program according to the data acquired; according to the control results, the controlled variables are updated, and the controller controls the lower equipment; if it needs to update the PLC control program, the controller communicates with the upper computer’s PLC programming software, updates the program and starts the next control program. Loop; if you don’t need to update the program, the controller starts the next loop directly.
The realization of PLC function mainly consists of two parts: one part downloads the program parsed according to ladder diagram to the controller through RS 232 bus and stores its parsing in FLASH; the other part is responsible for calling the program in FLASH circularly, executing steps in sequence, making corresponding changes to the controlled variables, and controlling them according to the data obtained. Make the underlying equipment. Ladder diagram is the most widely used one of the five programming languages defined by IEC 61131?3 PLC standard. It has the characteristics of simplicity, intuition and practicality. It is the simplest and easiest to learn. The analysis of ladder diagram is to convert simple and intuitive graphics language into machine-recognizable machine language. The process of transformation is shown in Figure 4. The ladder diagram program written according to the graphical programming language IEC 61131? 3 is converted into instruction list in the order of left to right and top to bottom. Compile instruction list to form machine language. STM32 control chip downloads machine language from PC to FLASH on chip through RS 232 bus. The starting address of storage is 0xH. The analytic PLC program is stored in FLASH, which is different from the storage area of the general program. Therefore, the PLC control program will not be changed because of the power failure of the controller or the change of the general program. After communicating with BACnet, the controller obtains data from the upper layer and updates the array of control parameters. Enter the calling PLC control program. The call procedure is shown in Figure 5. The controller reads the control program from the FLASH header address 0xH stored in the PLC program. According to the characteristics of PLC, the program is executed sequentially without jumping and looping. Therefore, the calling program starts from the starting address in sequence and reads one by one. The control variables will be changed according to the control logic read, until the “END” instruction is read, and the parameters of the control variables will be updated when the whole PLC control program is finished. According to the change of control variables, the lower equipment makes the change of switch state, and the control program calls to complete a cycle. The traditional PLC controller will call the control program continuously and cycle after cycle until the end of the equipment work, or need to update the program. With the addition of MS/TP PLC controller, the corresponding data exchange will be carried out with the underlying devices on BACnet network in each cycle, and the control logic and control variables will be updated in real time. Operators can monitor the state changes of the controlled devices in real time, as shown in Figure 6. Among the data link layer protocols stipulated by BACnet, MS/TP protocol is the most widely used and stable protocol. The working process of MS/TP protocol is realized by the state transition among three state machines: receiving state machine, sending state machine from main site and sending state machine from slave site. Because the master station receiving state machine covers all the functions of the slave station receiving state machine. Therefore, the protocol stack design process combines the two into one, defined as the sending State machine. Receiving state machine receives data and control information from RS 485 bus, and filters out information that the error and destination address are not the site. It should be noted that the receiving state machine can only get the content of data segment and the type of data frame from the data frame, that is, the content of BACnet message, and store it, but it can not read and parse the content of the message. Take HEADER status as an example: when the state machine is in PREAMBLE state, the synchronization precode read is “55 FF”, that is, the first two bytes of each frame data, indicating that the synchronization preamble is correct, and the state machine is converted to HEADER status. The main function of HEADER state is to parse and receive the destination address and source address in MS/TP data frame, and CRC check the whole data frame. When the receiving state machine is in the HEADER state, the state opportunity makes the following different actions: when the receiving time-out or error occurs, the data frame will be discarded by the state machine, and the receiving state machine will be transferred to the IDLE state; when the source address is not the token-holding site or the destination address is not the site, the data transmission error or the state machine receives its data transmission error. Information on his site, data frames will be discarded. The received data frame will be discarded and the receiving state machine will be transferred to the IDLE state; when the CRC check error of the data frame is considered wrong, the data frame will be discarded and transferred to the IDLE state by the state machine; when the destination address, source address and CRC check of the received data frame are correct, the data frame will be saved and the receiving state machine will rotate. Enter the DATA state and parse the data segment. When the controller is one of the main sites, the function of sending state machine is to send token polling frames, generate and send token frames to manage and maintain tokens in addition to sending data frames and content to be responded to. When the site is the main site and holds a token, the data frame will be sent according to the control requirements, and the data received by the receiving state machine will be analyzed to determine the response status of other sites. When the site is the primary site but does not hold a token or is a slave site, the sending State opportunity analyses the content received by the receiving state machine and sends the corresponding response frame. MSTP_MASTER_STATE_ANSWER_DATA_REQUEST (Response Data Request State) When the controller acts as a slave site, the sending state machine has only three states: initialization state, idle state and response data request state. The specific workflow of the sending state machine is shown in Figure 7. Take the state of POLL_FOR_MASTER as an example: when the sending state machine is in the state of NO_TOKEN and the data on the bus is not monitored within 500 ms, the sending state machine judges that the token is lost and needs to generate a token. The state machine declares that it is the main token-holding site and transfers to the state of POLL_FOR_MASTER; when the sending state machine is in the state of DONE_WITH_TOKEN, and when the sending state machine is in the state of DONE_WITH_TOKEN, The site has used the token 50 times as the main site or passed the token 50 times at the main site. The sending state machine is transferred to the POLL_FOR_MASTER state. The main function of the POLL_FOR_MASTER status is to send polling frames of the primary node and ask whether there are new primary sites in the MS/TP network. The sending state machine sends the primary polling frame to the main site address of MS/TP.
When the sending state machine is in the state of POLL_FOR_MASTER: when it receives the response frames of other primary nodes, it needs to pass tokens to the site, and the sending state machine goes to the state of PASS_TOKEN; when the state machine does not receive the response frames of the primary site and does not poll all 127 primary sites, the sending state machine continues to be in the state of POLL_FOR_MASTER, which is accurate. When the state machine does not receive the response frame of the main site and polls all 127 main sites, the site is declared to be a single main site, MS/TP becomes the main? From the network, the sending state machine moves to USE_TOKEN state. The state machine of protocol stack is the core content of the interaction between controller and BACnet network. The state machine can complete the function of receiving and sending data, and respond to the requests of the upper and lower levels correctly. On the premise of ensuring the correctness and stability of transmission, the protocol stack deletes many unnecessary functions and merges many functions, which ensures the lightweight of the protocol stack and speeds up the running speed of the program to a certain extent.
Data segment data obtained from MS/TP data frame includes network layer data (NPDU) and application layer data (APDU). At present, the controller is only used in a LAN. Therefore, the design of the controller deletes the analysis of network layer data, thermostatic element and the controller only parses APDU data. The application layer data is labeled by BACnet standard, which basically adopts the encoding algorithm in the basic encoding rules of ASN.1, but according to its own characteristics, TLV encoding method is modified to make it better applicable to APDU [4]. The tag encoding structure of BACnet is shown in Figure 8. The parsing process is as follows: the first 16 bits of data in data segment are compared with the standard coding type of APDU in BACnet standard, and the service type is obtained. The data content starting from the 17th bit is compared with the tag encoding structure of BACnet, and APDU content is parsed. Take “1000C4 02 00 01 22 01 E0 91 00 21 05” as an example.