S. J. Stein
Experimental Facilities Division, Argonne National Laboratory
9700 S. Cass Ave. Argonne, IL, 60439 USA
The Personnel Safety System for the experimental beamlines at the Advanced Photon Source will use a large number of Allen Bradley Programmable Logic Controllers (PLC) to replace conventional relay logic. PLCs allow for the design of a very advanced safety system that can handle a large number of I/O points. Certain situations require monitoring of the safety system from various locations around the storage ring via EPICS OPI (operator interface) consoles. This presentation covers the method of choice for transferring data from the Personnel Safety System into an EPICS database. Specifics on PLC ladder design, EPICS database design, and hardware selection are also discussed.
The design of the Personnel Safety System for the experimental beamlines at the Advanced Photon Source revolves extensively around the use of Programmable Logic Controllers (PLCs) for decision making and control. This type of system replaces discrete relay logic with a rugged, microprocessor-based solid-state system. It will be necessary to monitor the status of the beamline equipment and safety components in the main control room and throughout the storage ring. Instead of running discrete signals to fixed places around the ring, it was decided to interface with the EPICS-based ring control system.
II. CONCEPTUAL DESIGN
It was desired to incorporate interlock status information into EPICS OPI screens, which can be called up from any authorized X terminal or workstation. To accomplish this, some type of connection was needed between the VME-based control system (EPICS) and the PLC based interlock system. Allen Bradley produces a VME scanner card that can be used to communicate with an Allen Bradley back plane. This scanner typically connects via shielded twisted pair wire, to an Allen Bradley Remote I/O Adapter, which sits in an Allen Bradley crate. It is then possible to perform most functions of an Allen Bradley PLC-5 processor including reads and writes. Note that the intelligence of this system comes solely from the VME scanner the Remote I/O Adapter is a non-intelligent device. At this point, it would seem that the simplest method of transferring data to EPICS from the PLCs was to use the VME Scanner to Remote I/O Adapter communication. Two overriding concerns prevent this. First, the interlock system must be stand-alone and not dependent on the VME scanner, and second, any type of write operation (from the VME to the PLC) must not be allowed as it may compromise the integrity of the interlock program. A data transfer method that only reads from the Interlock System is required : a one-way communication that filters the data the VME side can access. To facilitate such a communication requires the use of an Allen-Bradley Direct Communications Module (DCM). This module was designed to allow a remote PLC processor to access the local processors data space (both read and write) through shielded, twisted pair cable (blue hose). The DCM occupies a slot in the same chassis as the local processor. Communication between the (local) processor and the DCM is done directly through the local back plane. The local processor decides what data it wants the DCM to read and/or write. It is this ability that allows us to achieve the desired communication protocol.
* Supported by the U.S. Department of Energy, BES-Materials Sciences, under contract W-31-109-ENG-38
To the remote processor, the DCM looks like a Remote I/O Adapter with its own I/O and data table the remote processor can access data as if it is communicating with a Remote I/O Adapter. In our case, the remote processor is the VME scanner card. We can fool the scanner into thinking it is talking to a Remote I/O Adapter just as a PLC processor is fooled.
With proper PLC ladder and EPICS database design, it is possible to transfer status information, one way, from the Personnel Safety System to EPICS.
III. HARDWARE SELECTION
Two pieces of hardware are required to support this type of communication. Residing in an Allen Bradley crate is the 1771-DCM (Direct Communications Module). This card can sit in any open slot except 0, which is reserved for the PLC-5 processor. In the VME rack, the Allen Bradley VMEbus 6008 scanner can occupy any slot but 0, which is reserved for a VME slot-0 controller. These two devices are connected via a standard, shielded, twisted pair cable.
IV. HARDWARE CONFIGURATION
Configuring the DCM and VME scanner is done through a series of DIP switches and straps. Details are given in the EPICS document EPICS: Allen-Bradley Hardware Reference Manual.
At the present time, the only way to force the VME scanner to do a block transfer using EPICS is by treating the DCM as an Allen Bradley Analog Input Card (1771-IFE). By properly formulating the safety status word (see below) in the PLC ladder program, the scanner card can poll the DCM like an analog input card. This causes the VME scanner to initiate block transfer reads (DCM to VME) without doing any block transfer writes. This data arrives in an analog input (ai) record in the form of a 16-bit Safety Status Word (SSW) and is then converted to discrete status information. In the future, it will not be necessary to treat the DCM as an analog input EPICS will be able to do generic block transfer operations.
The analog input card, which is emulated, is an eight-channel device. This corresponds to a maximum of eight Safety Status Words for each DCM. A single analog input (ai) record is responsible for reading an entire 16-bit Safety Status Word. This number appears in the VAL field as an integer between 0 and 128K. Since we are typically concerned with the specific bits that make up this number (each bit may correspond to physical properties of the Interlock System), a calculation (calc) record is needed to test each of the 16 bits. Using one calc record for each bit of the SSW, we can effectively parse our the status, which is encoded in the analog (integer) record. It is also possible to transfer analog values, but, with the limited number of Safety Status Words available for each DCM, it is very inefficient. If only digital status information is transferred, a single DCM can pass 128 status points. Note that this limitation is due to EPICS software constraints. Once a generic block transfer is supported, many more bits can be transferred per DCM.
A minimum of two rungs must be dedicated to transfer the Safety Status Word. The first is the File Array Logic (FAL) Copy operation. This step is required to formulate the SSW in PLC data space. This command is used to move an input image (n bits) from the transient input image file to a user specified file. In this case, a PLC file is somewhat like an array. Typically, an entire input card image can be copied to an empty integer file. Note that bit positions 0 through 3 correspond to status bits on the analog input card and should be set to zero to avoid confusing the analog input record. So to transfer 16 bits of data, a total of 20 bits needs to be reserved. This instruction should be configured to execute the file copy during each PLC scan by using the done field of the FAL instruction to cycle the rung.
The second rung is the BTW (Block Transfer Write), which transfers the data from the processors file space to the DCM via the Allen Bradley back plane. The BTW should be configured to run in continuous mode, which will do a write during each scan of the processor. Again, care must be taken to assure that the Block Transfer also sends the four words of (dummy) status information.
These are the only two instructions that are required to transfer the SSW from the PLC to EPICS. In practice, more FALs may be needed depending on the location (within the PLC data table) and size of the different status bits/words. Note that at no time did we execute a block transfer read (from the DCM into PLC data space) which guarantees that inadvertent modification of a status bit is impossible.
VI. SAFETY STATUS WORD
In order to transfer a large amount of status information efficiently, as much data as possible should be sent in a single transfer. To accomplish this, a 16-bit Safety Status Word (SSW) is formulated in the (PLC) processor and transferred, as a whole, to the VME scanner. Since EPICS believes that we are talking to an eight-channel analog input card, we are limited to transferring eight SSWs per DCM. Again, this limitation will be eliminated when EPICS directly supports the DCM through generic block transfers.
VII. OPERATOR INTERFACE
Separate EPICS operator interfaces (designed with MEDM - the Motif-based EPICS display editor) will be provided for reporting on the status of the Personnel Safety System at various points around the storage ring, along the beamlines, and in the control room. An overall view will show a general view of the entire ring, including the sectors. Green and red indicators will show the status of a particular sector. Messages reporting certain changes of state will be generated, time-stamped, and logged.
Selecting a given sector will zoom in to a detail that shows front-end components and beamline status. Another click will zoom in on the experimental beamline, showing experimental details such as hutch and shutter status.
The Personnel Safety System will report information into the EPICS environment through a one-way communication protocol. This protocol assures that an EPICS database cannot inadvertently alter the status of the safety system, while allowing complete flexibility in the format of messages and the presentation of information. It is guaranteed that EPICS cannot affect the safety system.
I wish to thank the entire EPICS development team for supplying a versatile and extremely useful software tool kit. Without their efforts, none of this would have been possible.
I would also like to thank the following people for their assistance and guidance: Tunch Kuzay, Bill McDowell, Greg Nawrocki, John Winans, and David Reid.