CN116149253B - PLC online monitoring and debugging system and implementation method thereof - Google Patents

The invention belongs to the technical field of industrial control, and discloses a PLC (programmable logic controller) on-line monitoring and debugging system and an implementation method thereof, wherein the system comprises the following steps that S1, an upper computer sends a request message to a lower computer through a communication module; the communication module comprises an instant communication protocol and a data acquisition and analysis module, wherein the instant communication protocol prescribes the format, transmission and analysis of data; the data acquisition and analysis module performs packaging processing and analysis on the received data and then transmits the data to the lower computer; s2, the lower computer responds to the identification code and the command code in the request message to operate and returns a response request, and the request is packed and analyzed by the data acquisition and analysis module and then transmitted to the upper computer; s3, the upper computer receives the response request to realize on-line monitoring and debugging of the lower computer. The invention solves the problems of higher CPU resource occupancy rate, imperfect debugging function and incapability of flexibly adjusting the monitoring mode to meet different user demands in the prior art.

一种PLC在线监控与调试系统及其实现方法A PLC online monitoring and debugging system and its implementation method

技术领域Technical Field

本发明属于工业控制的技术领域，更具体地，涉及一种PLC在线监控与调试系统及其实现方法。The present invention belongs to the technical field of industrial control, and more specifically, relates to a PLC online monitoring and debugging system and an implementation method thereof.

背景技术Background Art

PLC的发展与计算机技术、半导体技术、控制技术、数字技术、通信网络技术等息息相关，这些技术共同推动了PLC(可编程逻辑控制器)技术的发展。虽然有上述技术作为发展支持，但由于PLC自身先天性存在数据处理和管理能力不足，人机交互性差等问题，无法满足更高的交互式控制要求。因此，把个人计算机与PLC进行数据通信，完善控制方法是工业控制领域的首选做法。将计算机作为调试和监控上位机与PLC控制系统进行有机结合，可以有效实现对PLC的调试和监控，同时计算机也可以记录或者显示各种控制数据或图表，极大的方便了控制人员的操作，但在调试或程序运行过程中对PLC内部数据的实时监控会占用较多CPU的资源，调试功能的单一也会降低程序的开发效率。The development of PLC is closely related to computer technology, semiconductor technology, control technology, digital technology, communication network technology, etc. These technologies have jointly promoted the development of PLC (Programmable Logic Controller) technology. Although the above technologies are used as development support, due to the inherent problems of PLC itself such as insufficient data processing and management capabilities and poor human-computer interaction, it cannot meet higher interactive control requirements. Therefore, it is the preferred practice in the field of industrial control to communicate data between personal computers and PLCs and improve control methods. The organic combination of computers as debugging and monitoring host computers and PLC control systems can effectively realize the debugging and monitoring of PLCs. At the same time, computers can also record or display various control data or charts, which greatly facilitates the operation of control personnel. However, real-time monitoring of PLC internal data during debugging or program running will occupy more CPU resources, and the single debugging function will also reduce the development efficiency of the program.

虽然期间已经公开了多种PLC在线监控与调试的方案，但是依然无法实质性解决CPU资源浪费和调试功能单一且效率较低的技术问题：Although a variety of PLC online monitoring and debugging solutions have been made public, they still cannot substantially solve the technical problems of CPU resource waste and single debugging function with low efficiency:

中国专利CN111142469A文献公开了一种PLC的组态程序的调试方法，针对每个代码行添加调试信息，将编辑后的目标代码编译为PLC能够运行的组态程序，并将该组态程序发送至PLC；在调试模式下，PLC在运行组态程序的每一个指令行之前，基于调试信息调用第一函数，由第一函数基于调试设备发送的断点信息和/或单步调试信息确定当前的指令行是否为有效停止行，如果当前的指令行不是有效停止行，则运行当前的指令行，如果当前的指令行为有效停止行，基于调试信息调用第二函数，由第二函数控制运行组态程序的任务进入睡眠状态，以停止运行组态程序，直至接收到继续运行指令；调试设备获取PLC运行组态程序的运行数据并进行显示。Chinese patent CN111142469A document discloses a method for debugging a configuration program of a PLC, which adds debugging information to each code line, compiles the edited target code into a configuration program that can be run by the PLC, and sends the configuration program to the PLC; in debugging mode, before running each instruction line of the configuration program, the PLC calls a first function based on the debugging information, and the first function determines whether the current instruction line is a valid stop line based on breakpoint information and/or single-step debugging information sent by a debugging device. If the current instruction line is not a valid stop line, the current instruction line is run. If the current instruction line is a valid stop line, a second function is called based on the debugging information, and the second function controls the task of running the configuration program to enter a sleep state to stop running the configuration program until a continue running instruction is received; the debugging device obtains the running data of the PLC running the configuration program and displays it.

中国专利CN103218293A文献公开了一种PLC在线调试系统和方法，该系统由PLC后台控制模块和PLC通过通讯的方式，实现用户程序实时在线调试，包括相互通讯的PLC后台控制模块和PLC；其中PLC后台控制模块用于编写用户程序并进行编译，将编译后的用户程序发送至PLC，使能PLC进入PLC在线调试状态，调试并监控PLC中用户程序的运行数据；所述PLC用于接收PLC后台控制模块编译后的用户程序，下载至用户程序存储区，并根据PLC后台控制模块调试中生成的断点信息解析并执行所下载的用户程序，同时将监控的用户程序的运行数据反馈给PLC后台控制模块。Chinese patent CN103218293A discloses a PLC online debugging system and method, which realizes real-time online debugging of user programs by means of communication between a PLC background control module and a PLC, and includes a PLC background control module and a PLC that communicate with each other; wherein the PLC background control module is used to write and compile user programs, send the compiled user programs to the PLC, enable the PLC to enter the PLC online debugging state, debug and monitor the running data of the user programs in the PLC; the PLC is used to receive the user programs compiled by the PLC background control module, download them to the user program storage area, and parse and execute the downloaded user programs according to the breakpoint information generated during the debugging of the PLC background control module, and feed back the monitored running data of the user programs to the PLC background control module.

中国专利CN104898546A文献公开了一种基于SOC的PLC在线调试系统和方法，上位机系统中的程序编译模块将待测试程序的代码转换成用户程序的代码输出至SOC系统中的存储器，用户程序由预设的二进制代码构成。上位机系统的第一调试模块响应外部输入向SOC系统中的嵌入式微处理器IP核发送调试指令或配置指令。嵌入式微处理器IP核响应配置指令对SOC系统中的PLC控制器IP核进行配置，或响应调试指令在调试模式下控制PLC控制器IP核从存储器中读取并执行用户程序的二进制代码，执行中遇到断点或完成调试指令后PLC控制器IP核暂停执行并向第一调试模块发送反馈。Chinese patent CN104898546A discloses a PLC online debugging system and method based on SOC. The program compilation module in the host computer system converts the code of the program to be tested into the code of the user program and outputs it to the memory in the SOC system. The user program consists of a preset binary code. The first debugging module of the host computer system responds to external input and sends debugging instructions or configuration instructions to the embedded microprocessor IP core in the SOC system. The embedded microprocessor IP core responds to the configuration instruction to configure the PLC controller IP core in the SOC system, or responds to the debugging instruction to control the PLC controller IP core to read and execute the binary code of the user program from the memory in the debugging mode. After encountering a breakpoint during execution or completing the debugging instruction, the PLC controller IP core suspends execution and sends feedback to the first debugging module.

以上方法使得测试人员能够监测调试的细节，但是调试功能相对单一，无法对程序进行精确的调试，无法在调试过程中对PLC的内部数据进行监控，虽然在系统开发难度和工作量较小，但是调试过程中监控用户程序导致CPU资源占用较大。因此，依然无法实现本发明所提出的技术问题。The above method enables the tester to monitor the details of debugging, but the debugging function is relatively single, and it is impossible to debug the program accurately, and it is impossible to monitor the internal data of the PLC during the debugging process. Although the difficulty and workload of system development are relatively small, monitoring the user program during the debugging process causes a large CPU resource occupation. Therefore, the technical problem proposed by the present invention is still unable to be achieved.

发明内容Summary of the invention

本发明旨在克服上述现有技术的至少一种缺陷，提供一种PLC在线监控与调试系统及其实现方法。The present invention aims to overcome at least one defect of the above-mentioned prior art and provides a PLC online monitoring and debugging system and an implementation method thereof.

本发明详细的技术方案如下：The detailed technical scheme of the present invention is as follows:

本发明为了解决上述技术问题，提供了一种PLC在线监控与调试系统及其实现方法，以解决现有技术中无法实质性解决CPU资源浪费和调试功能单一且效率较低等问题：In order to solve the above technical problems, the present invention provides a PLC online monitoring and debugging system and an implementation method thereof, so as to solve the problems that the prior art cannot substantially solve, such as waste of CPU resources and single debugging function and low efficiency:

一种PLC在线监控与调试系统的实现方法，其特征在于，包括：A method for implementing a PLC online monitoring and debugging system, characterized by comprising:

S1、上位机通过通信模块发送请求报文至下位机；所述通信模块包括即时通信协议、数据采集和解析模块，所述即时通信协议规定了数据的格式、传输和解析；所述数据采集和解析模块对接收到的数据进行打包处理和解析后传至下位机；S1, the upper computer sends a request message to the lower computer through the communication module; the communication module includes an instant communication protocol and a data acquisition and analysis module, the instant communication protocol specifies the format, transmission and analysis of data; the data acquisition and analysis module packages and analyzes the received data and transmits it to the lower computer;

S2、下位机响应请求报文中的标识码和命令码运行并返回响应请求，经所述数据采集和解析模块进行打包处理和解析传至上位机；S2, the lower computer responds to the identification code and command code in the request message and returns the response request, which is packaged and analyzed by the data acquisition and analysis module and transmitted to the upper computer;

S3、上位机接收响应请求以实现对下位机的在线监控和调试。S3. The upper computer receives the response request to realize online monitoring and debugging of the lower computer.

所述数据采集和解析模块对接收到的数据进行打包处理具体包括：上位机发送请求数据，所述数据采集和解析模块将请求数据打包成数据包，并判断是否需要将数据包拆分，再经过数据转换把byteArray类型的数据包转换成二进制的数据流传出；The data acquisition and analysis module performs packaging processing on the received data, specifically including: the host computer sends request data, the data acquisition and analysis module packages the request data into a data packet, and determines whether the data packet needs to be split, and then converts the byteArray type data packet into a binary data stream for outflow through data conversion;

所述判断是否需要数据包拆分具体包括：首先判断封装好的数据包大小是否大于每帧发送数据最大长度(默认每帧发送数据最大长度为256个字节)，若大于，则分包处理，在每个小数据包后面添加序号码，若数据包发送失败则通过序号码确认丢失包，上位机重新发送该数据包(丢失包)，发送成功则结束；The determination of whether data packet splitting is required specifically includes: firstly determining whether the size of the encapsulated data packet is greater than the maximum length of the data sent per frame (the default maximum length of the data sent per frame is 256 bytes), if greater, then packet processing, adding a sequence number after each small data packet, if the data packet fails to be sent, then confirming the lost packet by the sequence number, the host computer resends the data packet (lost packet), and ends if the sending is successful;

若不大于，则不进行分包处理，直接将数据包发送；若数据包发送失败则通过上位机重新发送整个数据包。If it is not greater, no packet subdivision is performed and the data packet is sent directly; if the data packet fails to be sent, the entire data packet is resent through the host computer.

进一步地，所述S2具体包括：下位机将接收到的数据解析，提取数据包的标识码和命令码，判断是否需要校验数据：Furthermore, the S2 specifically includes: the lower computer parses the received data, extracts the identification code and command code of the data packet, and determines whether the data needs to be verified:

若不需要校验，则下位机直接执行请求报文；若校验不成功，则数据包接收错误则下位机返回异常响应；若校验成功，则数据包接收完成且正确，且根据数据包中的标识码和命令码下位机执行相应操作，并返回对应的请求响应；If verification is not required, the lower computer directly executes the request message; if verification is unsuccessful, the data packet reception error occurs and the lower computer returns an abnormal response; if verification is successful, the data packet reception is complete and correct, and the lower computer performs the corresponding operation according to the identification code and command code in the data packet, and returns the corresponding request response;

下位机返回对应的请求响应后，将PLC的请求响应数据进行打包，判断是否需要数据包拆分，然后数据包经过数据转换，转换成二进制数据流，上位机将接收到的数据包解析，提取数据包的标识码和命令码，并判断是否需要校验数据：After the lower computer returns the corresponding request response, it packages the PLC's request response data to determine whether the data packet needs to be split. The data packet is then converted into a binary data stream after data conversion. The upper computer parses the received data packet, extracts the identification code and command code of the data packet, and determines whether the data needs to be verified:

若不需要校验，则上位机直接执行请求响应；若校验不成功，则数据包接收错误则上位机提示接收错误；若校验成功，则数据包接收完成且正确，且根据数据包中的命令码上位机执行结束响应、接收数据并将返回的数据存入RECVDATA数组中、异常响应或调试结束等操作。If verification is not required, the host computer directly executes the request response; if the verification is unsuccessful, the data packet is received incorrectly and the host computer prompts a reception error; if the verification is successful, the data packet is received correctly and the host computer executes the end response, receives data and stores the returned data in the RECVDATA array, responds to exceptions or ends debugging, and other operations according to the command code in the data packet.

进一步地，所述S3的在线监控具体包括轮询监控方式和手动监控方式，所述轮询监控：下位机会按照设置的轮询周期向上位机返回响应请求，上位机接收并在监控图表界面进行实时数据刷新。在轮询监控下可以设置轮询周期；所述手动监控：上位机通过串口中断发送监控请求报文，监控请求报文发送结束，将上位机恢复为接收状态准备接收下位机的应答报文：所述串口中断的由手动选择。Furthermore, the online monitoring of S3 specifically includes polling monitoring mode and manual monitoring mode. The polling monitoring mode: the lower computer returns a response request to the upper computer according to the set polling cycle, and the upper computer receives and performs real-time data refresh on the monitoring chart interface. The polling cycle can be set under polling monitoring; the manual monitoring mode: the upper computer sends a monitoring request message through a serial port interrupt, and after the monitoring request message is sent, the upper computer is restored to a receiving state to prepare to receive a response message from the lower computer: the serial port interrupt is manually selected.

具体的，所述串口中断的方法具体为：串口中断进入，判断是下位机是否接收到串口中断；若下位机接收到串口中断，则启动定时器，将SENDING标志位置为1，代表上位机接收并组装下位机返回的数据帧，若数据没有接收结束则复位定时器，等待接收并组装数据帧；若接收结束将SENDING标志位置为0，则代表上位机接收结束，串口中断返回；若下位机没有接收到串口中断，则启动定时器，上位机重新发送串口中断请求；若上位机没有收到下位机返回的数据帧请求，则显示串口中断接收异常。Specifically, the method of serial port interrupt is as follows: when a serial port interrupt enters, it is determined whether the lower computer has received the serial port interrupt; if the lower computer has received the serial port interrupt, the timer is started, and the SENDING flag is set to 1, which means that the upper computer receives and assembles the data frame returned by the lower computer. If the data is not received, the timer is reset to wait for the reception and assembly of the data frame; if the reception is completed, the SENDING flag is set to 0, which means that the upper computer has completed the reception and the serial port interrupt returns; if the lower computer has not received the serial port interrupt, the timer is started, and the upper computer resends the serial port interrupt request; if the upper computer does not receive the data frame request returned by the lower computer, it is displayed that the serial port interrupt reception is abnormal.

进一步地，所述在线监控还包括全局监控功能、I/O监控功能和自定义监控功能，所述全局监控：对程序内的所有变量、正在使用的地址和指令进行监控；Furthermore, the online monitoring also includes a global monitoring function, an I/O monitoring function and a custom monitoring function. The global monitoring: monitors all variables, addresses and instructions in use within the program;

所述I/O监控：监控所有正在使用的I点和Q点的状态，监控图表显示程序使用到的I点和Q点并通过0或1来判断该I点和Q点接通状态，1为接通，0为断开。The I/O monitoring: monitors the status of all I points and Q points in use. The monitoring chart displays the I points and Q points used by the program and determines the connection status of the I points and Q points by 0 or 1, 1 for connection and 0 for disconnection.

所述自定义监控包括：①对单个数据地址监控：获取指定数据地址的值(比如某个位、某个字节或某个双字节)并可以在上位机监控图表上实时显示；②对连续数据地址监控：获取一段连续数据地址的值，该段连续的数据地址存放数据的类型相同；③对数据块监控：可以获得某块指定数据块的值，该数据块存放数据的类型相同；The custom monitoring includes: ① monitoring a single data address: obtaining the value of a specified data address (such as a bit, a byte or a double byte) and displaying it in real time on a host computer monitoring chart; ② monitoring continuous data addresses: obtaining the value of a continuous data address, which stores data of the same type; ③ monitoring data blocks: obtaining the value of a specified data block, which stores data of the same type;

所述全局监控功能、I/O监控功能和自定义监控功能与所述轮询监控方式和手动监控方式可结合形成六种监控模式：The global monitoring function, I/O monitoring function and custom monitoring function can be combined with the polling monitoring mode and manual monitoring mode to form six monitoring modes:

监控模式1：在使用轮询监控的方式下，开启全局监控功能，会按照轮询周期返回全局监控的变量、寄存器、地址和指令的值或状态；Monitoring mode 1: When using polling monitoring, the global monitoring function is turned on, and the value or status of the globally monitored variables, registers, addresses, and instructions will be returned according to the polling cycle;

监控模式2：在使用轮询监控的方式下，开启I/O监控功能，会按照轮询周期返回监控的I点和O点的状态；Monitoring mode 2: When using polling monitoring, the I/O monitoring function is turned on, and the status of the monitored I and O points will be returned according to the polling cycle;

监控模式3：在使用轮询监控的下，开启自定义监控功能分为三种子模式；Monitoring mode 3: When using polling monitoring, the custom monitoring function is divided into three sub-modes;

子模式1会按照轮询周期返回指定单个数据地址的值；子模式2会按照轮询周期返回一段连续数据地址的值；子模式3会按照轮询周期返回数据块地址的值；Submode 1 returns the value of a specified single data address according to the polling cycle; submode 2 returns the value of a continuous data address according to the polling cycle; submode 3 returns the value of a data block address according to the polling cycle;

监控模式4：在手动监控的方式下，开启全局监控，当下位机收到全局监控的命令，返回一次全局监控的变量、寄存器、地址和指令的值或状态；Monitoring mode 4: In manual monitoring mode, global monitoring is turned on. When the lower computer receives the command of global monitoring, it returns the value or status of the variables, registers, addresses and instructions of global monitoring.

监控模式5：在手动监控的方式下，开启I/O监控功能，下位机收到I/O监控的命令，返回一次监控的I点和O点的状态；Monitoring mode 5: In manual monitoring mode, the I/O monitoring function is turned on. The lower computer receives the I/O monitoring command and returns the status of the monitored I and O points.

监控模式6：在手动监控的方式下、开启自定义监控功能分为三种子模式：子模式1，下位机收到单个数据地址监控命令，返回一次指定单个数据地址的值；子模式2，下位机收到连续数据地址监控命令，返回一次一段连续数据地址的值；子模式3，下位机收到数据块地址监控命令，返回一次数据块地址的值。Monitoring mode 6: In manual monitoring mode, the custom monitoring function is divided into three sub-modes: Sub-mode 1, the lower computer receives a single data address monitoring command and returns the value of a specified single data address once; Sub-mode 2, the lower computer receives a continuous data address monitoring command and returns the value of a continuous data address once; Sub-mode 3, the lower computer receives a data block address monitoring command and returns the value of a data block address once.

所述S3的调试包括：断点和断点向量表的实现、梯级的控制和梯级向量表的实现、虚拟调试系统的搭建和调试、多种调试功能的实现；所述断点在调试功能的图形化设计界面上中需要将程序暂停在某个梯形图位置；所述断点向量表是一个由序号、程序号和行号组成的结构体数组；所述序号为断点在断点向量表中的排序，所述程序号和行号是指断点所在的程序的序号、程序号和行号。The debugging of S3 includes: the realization of breakpoints and breakpoint vector tables, the control of ladders and the realization of ladder vector tables, the construction and debugging of virtual debugging systems, and the realization of various debugging functions; the breakpoints need to pause the program at a certain ladder diagram position in the graphical design interface of the debugging function; the breakpoint vector table is a structure array composed of serial numbers, program numbers and line numbers; the serial number is the order of the breakpoints in the breakpoint vector table, and the program number and line number refer to the serial number, program number and line number of the program where the breakpoint is located.

所述断点和断点向量表的实现具体为：点击添加断点，首先对断点向量表进行遍历判断是否重复添加，重复添加则显示断点已存在，不重复添加则将该行梯形图程序的程序号和行号加入到断点向量表中；点击删除断点，对断点向量表进行遍历，存在断点则将该断点信息删除，不存在则显示删除失败；The implementation of the breakpoint and the breakpoint vector table is specifically as follows: click Add Breakpoint, first traverse the breakpoint vector table to determine whether it is added repeatedly, if it is added repeatedly, it will be displayed that the breakpoint already exists, if it is not added repeatedly, the program number and line number of the ladder diagram program line will be added to the breakpoint vector table; click Delete Breakpoint, traverse the breakpoint vector table, if there is a breakpoint, delete the breakpoint information, if not, it will be displayed that the deletion fails;

所述梯级的控制和梯级向量表的实现具体为：进入梯级指令会根据梯级向量表定位到程序中下一处调用函数或者子程序的位置，首先将调用函数或子程序此行程序下一行梯形图程序的梯级信息加入到梯级向量表中，然后再进入函数或子程序中，同时梯级号加1；当跳出梯级、函数执行完成或子程序执行完成后，程序返回上一梯级时只需将梯级号减1，根据此时的梯级号查询梯级向量表，找到此时梯级号对应的梯级信息，根据梯级信息中的程序号和行号，跳转到指定位置后删除梯级向量表中此条梯级信息，以此实现调试中对程序的梯级控制；所述梯级号就相当于是梯级向量表中的索引(在查询梯级向量表时会首先查询梯级向量表中的梯级号，找到对应的梯级号，就能知道该梯级号所对应的程序号和行号来确定程序运行到那个位置)。其中，所述梯级向量表是一个由程序号、行号和梯级号组成的结构体数组；所述梯级信息包括程序号和行号，所述梯级向量表的程序号、行号和梯级号是指梯形图程序的程序号、行号和梯级号。The control of the ladder and the implementation of the ladder vector table are specifically as follows: entering the ladder instruction will locate the next location of the function or subroutine in the program according to the ladder vector table, first add the ladder information of the ladder diagram program in the next line of the calling function or subroutine to the ladder vector table, and then enter the function or subroutine, and increase the ladder number by 1; when jumping out of the ladder, the function execution is completed, or the subroutine execution is completed, when the program returns to the previous ladder, it only needs to reduce the ladder number by 1, query the ladder vector table according to the ladder number at this time, find the ladder information corresponding to the ladder number at this time, jump to the specified position according to the program number and line number in the ladder information, and then delete this ladder information in the ladder vector table, so as to realize the ladder control of the program during debugging; the ladder number is equivalent to the index in the ladder vector table (when querying the ladder vector table, the ladder number in the ladder vector table will be queried first, and the corresponding ladder number will be found, so that the program number and line number corresponding to the ladder number can be known to determine the position where the program runs to). Among them, the ladder vector table is a structure array composed of program number, row number and ladder number; the ladder information includes program number and row number, and the program number, row number and ladder number of the ladder vector table refer to the program number, row number and ladder number of the ladder diagram program.

所述虚拟调试系统的搭建和调试：采用将下位机中原程序在flash中进行备份后，将原系统作为虚拟调试系统进行调试操作。在调试结束后将所有的调试信息包括调试运行的程序全部清除，将备份的原程序写入到原系统，程序恢复正常运行，虚拟调试系统恢复为原系统；The construction and debugging of the virtual debugging system: after backing up the original program in the lower computer in the flash, the original system is used as the virtual debugging system for debugging. After the debugging is completed, all debugging information including the debugging program is cleared, the backed-up original program is written into the original system, the program resumes normal operation, and the virtual debugging system is restored to the original system;

所述多种调试功能的实现包括：程序控制和梯级控制；所述程序控制包括：单步执行、连续执行、暂停、结束调试、添加断点、清除断点；所述梯级控制包括：进入梯级、下一梯级、跳出梯级；The realization of the multiple debugging functions includes: program control and ladder control; the program control includes: single-step execution, continuous execution, pause, end debugging, add breakpoints, clear breakpoints; the ladder control includes: enter ladder, next ladder, jump out of ladder;

本发明还公布了一种PLC在线监控与调试系统，其特征在于，包括：通过通信模块通信的上位机和下位机；所述上位机设备发出请求消息至通信模块，经通信模块处理发送至下位机进行运行，所述下位机运行结束后发出响应请求至通信模块，再经通信模块处理发送至上位机；The present invention also discloses a PLC online monitoring and debugging system, which is characterized by comprising: an upper computer and a lower computer communicating through a communication module; the upper computer sends a request message to the communication module, which is processed by the communication module and sent to the lower computer for operation; after the lower computer completes the operation, it sends a response request to the communication module, which is then processed by the communication module and sent to the upper computer;

所述通信模块包括即时通信协议和数据采集和解析模块，所述即时通信协议规定了数据的格式、传输和解析；所述数据采集和解析模块对接收到的数据进行打包处理和解析；The communication module includes an instant communication protocol and a data collection and analysis module. The instant communication protocol specifies the format, transmission and analysis of data; the data collection and analysis module packages and analyzes the received data;

所述上位机包括监控模块和调试模块，所述监控模块实现一种PLC在线监控与调试系统的实现方法中对下位机的监控，所述调试模块实现一种PLC在线监控与调试系统的实现方法中对下位机的调试。The upper computer includes a monitoring module and a debugging module. The monitoring module implements monitoring of the lower computer in a method for implementing a PLC online monitoring and debugging system, and the debugging module implements debugging of the lower computer in a method for implementing a PLC online monitoring and debugging system.

所述数据采集和解析模块包括数据处理单元、数据转换单元和数据解析单元；The data acquisition and analysis module includes a data processing unit, a data conversion unit and a data analysis unit;

所述数据处理单元负责数据包的拆分和将数据打包成一整个数据包；The data processing unit is responsible for splitting the data packets and packaging the data into a whole data packet;

所述数据转换单元负责将bytearray类型数据包转换为二进制数据流；The data conversion unit is responsible for converting the bytearray type data packet into a binary data stream;

所述数据解析单元负责将接收到的数据包进行解析，先判断是否需要CRC校验，需要校验则校验后解析并传输至上位机或下位机；不需要校验则直接解析并传输。The data parsing unit is responsible for parsing the received data packets, first determining whether CRC verification is required, and if verification is required, parsing and transmitting the data packets to the upper computer or the lower computer; if verification is not required, parsing and transmitting the data packets directly.

与现有技术相比，本发明的有益效果为：Compared with the prior art, the present invention has the following beneficial effects:

(1)本发明提供的一种PLC在线监控与调试系统及其实现方法，具有全局监控、I/O监控和自定义监控三种监控功能，支持轮询监控和手动监控两种监控方式，可以自由组合成六种监控模式，减少CPU资源的浪费；并且可根据不同的调式和监控场景，可以灵活的调整轮询周期，在满足用户需求的前提下，降低CPU的负载。(1) The present invention provides a PLC online monitoring and debugging system and an implementation method thereof, which has three monitoring functions: global monitoring, I/O monitoring, and custom monitoring. It supports two monitoring modes: polling monitoring and manual monitoring. It can be freely combined into six monitoring modes to reduce the waste of CPU resources. In addition, the polling cycle can be flexibly adjusted according to different debugging and monitoring scenarios to reduce the CPU load while meeting user needs.

(2)本发明提供的一种PLC在线监控与调试系统及其实现方法，本系统调试功能齐全包括单步执行、连续执行、暂停、结束调试、添加断点、清除断点、进入梯级、下一梯级和跳出梯级等调试命令。在调试过程中可以调用监控图表查看调试过程中正在运行指令的实时状态、使用到的各触点的值或指定数据地址的值，可以精确定位到程序问题所在，提高程序开发效率。(2) The present invention provides a PLC online monitoring and debugging system and its implementation method. The system has complete debugging functions including single-step execution, continuous execution, pause, end debugging, add breakpoints, clear breakpoints, enter the ladder, next ladder and jump out of the ladder. During the debugging process, the monitoring chart can be called to view the real-time status of the running instructions, the values of each contact used or the value of the specified data address during the debugging process, so as to accurately locate the program problem and improve the efficiency of program development.

(3)本发明提供的一种PLC在线监控与调试系统及其实现方法，可配置通信事件的优先级，当系统中因为故障等原因造成通信负载较重时，可以对需要传输的不同信息分配不同的优先权，紧急事件可以分配较高的优先权，使其在多个任务并发执行的情况下，免于排队，优先完成传输，从而改善监控的实时性能力。(3) The present invention provides a PLC online monitoring and debugging system and an implementation method thereof, which can configure the priority of communication events. When the communication load in the system is heavy due to faults or other reasons, different priorities can be assigned to different information that needs to be transmitted. Emergency events can be assigned a higher priority so that they can be exempted from queuing and completed with priority when multiple tasks are executed concurrently, thereby improving the real-time monitoring capability.

(4)本发明提供的一种PLC在线监控与调试系统及其实现方法，对于较大的数据包采取数据分包技术，根据程序的大小，可以动态更改每帧数据的最大长度，提高数据包传输效率；本系统多数情况下发送较短的报文，针对数据拥塞问题如果采用接收缓冲区来存储没有及时接收的数据，会比较浪费内存资源，因此本系统通过根据每帧数据的最大长度，动态更改数据包发送的延时时间解决数据拥塞问题。(4) The present invention provides a PLC online monitoring and debugging system and an implementation method thereof. For larger data packets, data packetization technology is adopted. According to the size of the program, the maximum length of each frame of data can be dynamically changed to improve the data packet transmission efficiency. In most cases, the system sends shorter messages. To address the data congestion problem, if a receiving buffer is used to store data that is not received in time, memory resources will be wasted. Therefore, the system solves the data congestion problem by dynamically changing the delay time of data packet sending according to the maximum length of each frame of data.

(5)本发明提供的一种PLC在线监控与调试系统及其实现方法，采用将原程序在FLASH中备份后，将原系统作为虚拟调试系统进行调试操作，在调试结束后将虚拟调试系统恢复为程序正常运行的原系统，相比于直接在原系统调试程序可靠性更高，相比于额外搭建一个虚拟的调试系统用来调试程序，开发成本更低。(5) The present invention provides a PLC online monitoring and debugging system and an implementation method thereof. After backing up the original program in FLASH, the original system is used as a virtual debugging system for debugging operations. After the debugging is completed, the virtual debugging system is restored to the original system with normal program operation. Compared with directly debugging the program in the original system, the reliability is higher. Compared with setting up an additional virtual debugging system for debugging the program, the development cost is lower.

(6)本发明提供的一种PLC在线监控与调试系统及其实现方法，本系统对函数或子程序的控制统一为梯级控制，通过查询梯级向量表实现梯级控制。每进入一次梯级，梯级向量表中梯级号加1，每跳出一次梯级，梯级号减1，通过梯级信息可实现程序的直接跳转，方法简单且效率较高。(6) The present invention provides a PLC online monitoring and debugging system and its implementation method. The system controls functions or subroutines in a unified way as step control, and step control is achieved by querying a step vector table. Each time a step is entered, the step number in the step vector table is increased by 1, and each time a step is exited, the step number is decreased by 1. The program can be directly jumped through the step information. The method is simple and efficient.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本发明系统框架图。FIG. 1 is a system framework diagram of the present invention.

图2是本发明实施例1中即时通讯协议框架图。FIG. 2 is a framework diagram of an instant messaging protocol in Embodiment 1 of the present invention.

图3是本发明实施例1中数据包传输流程图。FIG3 is a flow chart of data packet transmission in Embodiment 1 of the present invention.

图4是本发明实施例2中监控模块框架图。FIG. 4 is a framework diagram of a monitoring module in Embodiment 2 of the present invention.

图5是本发明实施例2中监控流程图。FIG5 is a monitoring flow chart in Embodiment 2 of the present invention.

图6是本发明实施例2中中断流程图。FIG6 is an interruption flow chart in Embodiment 2 of the present invention.

图7是本发明实施例3中调试信息图。FIG. 7 is a diagram of debugging information in Embodiment 3 of the present invention.

图8是本发明实施例3中断点向量表结构图。FIG8 is a structural diagram of an interruption point vector table according to Embodiment 3 of the present invention.

图9是本发明实施例3中梯级向量表结构图。FIG9 is a diagram showing the structure of a ladder vector table in Embodiment 3 of the present invention.

图10是本发明实施例3中梯级控制流程图。FIG. 10 is a flow chart of ladder control in Embodiment 3 of the present invention.

图11是本发明实施例3中调试流程图。FIG. 11 is a flowchart of debugging in Embodiment 3 of the present invention.

图12是本发明实施例3中虚拟调试系统运行流程图。FIG. 12 is a flowchart of the operation of the virtual debugging system in Embodiment 3 of the present invention.

图13是本发明实施例3中调试功能图。FIG. 13 is a diagram of the debugging function in Embodiment 3 of the present invention.

具体实施方式DETAILED DESCRIPTION

下面结合附图与实施例对本发明做进一步说明。The present invention will be further described below in conjunction with the accompanying drawings and embodiments.

应该指出，以下详细说明都是示例性的，旨在对本发明提供进一步的说明。除非另有指明，本文使用的所有技术和科学术语具有与本发明所属技术领域的普通技术人员通常理解的相同含义。It should be noted that the following detailed descriptions are exemplary and are intended to provide further explanation of the present invention. Unless otherwise specified, all technical and scientific terms used herein have the same meanings as those commonly understood by those skilled in the art to which the present invention belongs.

需要注意的是，这里所使用的术语仅是为了描述具体实施方式，而非意图限制根据本发明的示例性实施方式。如在这里所使用的，除非上下文另外明确指出，否则单数形式也意图包括复数形式，此外，还应当理解的是，当在本说明书中使用术语“包含”和/或“包括”时，其指明存在特征、步骤、操作、器件、组件和/或它们的组合。It should be noted that the terms used herein are only for describing specific embodiments and are not intended to limit exemplary embodiments according to the present invention. As used herein, unless the context clearly indicates otherwise, the singular form is also intended to include the plural form. In addition, it should be understood that when the terms "comprising" and/or "including" are used in this specification, it indicates the presence of features, steps, operations, devices, components and/or combinations thereof.

在不冲突的情况下，本发明中的实施例及实施例中的特征可以相互组合。In the absence of conflict, the embodiments of the present invention and the features of the embodiments may be combined with each other.

实施例1Example 1

本实施例提供一种PLC在线监控与调试系统的实现方法，用以解决在调试或程序运行过程中对PLC内部数据的实时监控会占用较多CPU的资源，调试功能的单一也会降低程序的开发效率，如图1所示：This embodiment provides a method for implementing a PLC online monitoring and debugging system, which is used to solve the problem that real-time monitoring of PLC internal data during debugging or program running will occupy more CPU resources, and the single debugging function will also reduce the development efficiency of the program, as shown in Figure 1:

一种PLC在线监控与调试系统的实现方法，其特征在于，包括：A method for implementing a PLC online monitoring and debugging system, characterized by comprising:

S1、上位机(计算机)通过通信模块发送请求报文至下位机(PLC)；所述通信模块包括即时通信协议、数据采集和解析模块，所述即时通信协议规定了数据的格式、传输和解析；所述数据采集和解析模块对接收到的数据进行拆分、打包和解析后传至下位机；S1. The host computer (computer) sends a request message to the slave computer (PLC) through a communication module; the communication module includes an instant communication protocol and a data acquisition and analysis module, and the instant communication protocol specifies the format, transmission and analysis of the data; the data acquisition and analysis module splits, packages and analyzes the received data and transmits it to the slave computer;

所述即时通信协议定义了本系统能够认识和使用的消息结构，而不管它们是经过哪种网络进行通信。所述即时通讯协议对应了请求消息、数据的结构、命令和应答方式，数据通讯采用主从方式，上位机发出请求消息，下位机接收正确消息后可以返回报文到上位机以响应请求；上位机也可以直接发消息修改下位机的数据，实现双向读写。所述即时通讯协议需要采用16位CRC(循环冗余校验码)对传输数据进行校验。另外，所述即时通信通信协议采用定时收发数据，在实际使用中如果某下位机断开后，上位机可以诊断出来，当故障修复后，通讯又可以自动接通。The instant messaging protocol defines the message structure that this system can recognize and use, regardless of which network they communicate through. The instant messaging protocol corresponds to the request message, the structure of data, the command and the response mode. The data communication adopts the master-slave mode. The host computer sends a request message, and the lower computer can return a message to the host computer to respond to the request after receiving the correct message; the host computer can also directly send a message to modify the data of the lower computer to achieve two-way reading and writing. The instant messaging protocol needs to use a 16-bit CRC (cyclic redundancy check code) to verify the transmitted data. In addition, the instant messaging communication protocol adopts timed data transmission and reception. In actual use, if a lower computer is disconnected, the host computer can diagnose it, and when the fault is repaired, the communication can be automatically connected again.

当通讯命令由发送设备(上位机)发送至接收设备(下位机)时，符合相应终端地址的下位机接收通讯命令，并根据命令码执行相应的操作，如果CRC校验无误，则执行相应的任务，然后把执行结果(数据)返回给上位机。数据打包后的数据包的传输以及判断拆分流程如图3所示，包括：首先判断封装好的数据包大小是否大于每帧发送数据最大长度(默认每帧发送数据最大长度为256个字节)，若大于，则分包处理，在每个小数据包后面添加序号码，若数据包发送失败则通过序号码确认丢失包，上位机重新发送该数据包(丢失包)，发送成功则结束；若不大于，则不进行分包处理，直接将数据包发送；若数据包发送失败则通过上位机重新发送整个数据包。When the communication command is sent from the sending device (host computer) to the receiving device (slave computer), the slave computer that meets the corresponding terminal address receives the communication command and performs the corresponding operation according to the command code. If the CRC check is correct, the corresponding task is executed, and then the execution result (data) is returned to the host computer. The transmission and judgment splitting process of the data packet after data packaging is shown in Figure 3, including: first, judging whether the size of the encapsulated data packet is greater than the maximum length of the data sent per frame (the default maximum length of the data sent per frame is 256 bytes). If it is greater, it is sub-packetized, and a sequence number is added after each small data packet. If the data packet fails to be sent, the lost packet is confirmed by the sequence number, and the host computer resends the data packet (lost packet). If it is sent successfully, it ends; if it is not greater, it does not undergo sub-packetization and directly sends the data packet; if the data packet fails to be sent, the entire data packet is resent through the host computer.

所述即时通讯协议具体包括：8位标识码、8位终端地址、8位命令码、16位数据地址(低位在前)、16位数据长度(低位在前)、16位帧数(低位在前)、n位数据位和16位CRC校验位(低位在前)。所述即时通讯协议规定了在本系统中所有通讯报文的格式，数据的传输和解析都需要按照即时通讯协议格式进行，如图2所示。具体每字节报文信息如下：The instant messaging protocol specifically includes: 8-bit identification code, 8-bit terminal address, 8-bit command code, 16-bit data address (low bit first), 16-bit data length (low bit first), 16-bit frame number (low bit first), n-bit data bit and 16-bit CRC check bit (low bit first). The instant messaging protocol specifies the format of all communication messages in this system. The transmission and analysis of data need to be carried out in accordance with the instant messaging protocol format, as shown in Figure 2. The specific message information per byte is as follows:

标识码：用来表示发送的指令，规定报文的格式，使协议只保留必要的信息，尽可能缩短报文的长度。包括调试指令、读指令和写指令，该位置长度为8byte；Identification code: used to indicate the instruction to be sent, and to define the format of the message, so that the protocol retains only necessary information and shortens the length of the message as much as possible. This includes debug instructions, read instructions, and write instructions. The length of this position is 8 bytes.

终端地址：存在一个计算机连接多个PLC时，计算机向PLC发送的请求根据终端地址发送到对应的PLC，该位置长度为8byte；Terminal address: When a computer is connected to multiple PLCs, the request sent by the computer to the PLC is sent to the corresponding PLC according to the terminal address. The length of this location is 8 bytes.

命令码：不同的命令码对应不同的操作，包括但不限于：巡检、读取数据、写入数据、在线调试、响应结束、接收数据、异常响应和调试结束命令，该位置长度为8byte。不同的16进制数表示不同命令，本发明中不详细列举命令码具体的数值；Command code: Different command codes correspond to different operations, including but not limited to: inspection, read data, write data, online debugging, response end, receive data, abnormal response and debugging end command. The length of this position is 8 bytes. Different hexadecimal numbers represent different commands. The specific values of the command codes are not listed in detail in this invention.

数据地址：记录需要写入和读取数据的起始地址，长度为16byte，为了规范解析数据，采用小端模式，低8位在前，高8位在后；Data address: records the starting address of the data to be written and read. The length is 16 bytes. In order to standardize the parsing of data, the little-endian mode is adopted, with the lower 8 bits in front and the higher 8 bits in the back.

数据长度：当需要向下位机写入或读取数据时，会记录写入或读取数据的长度，该位置长度为16byte，为保证数据解析规范，采用小端模式，低8位在前，高8位在后；Data length: When data needs to be written or read from the lower computer, the length of the written or read data will be recorded. The length of this position is 16 bytes. To ensure data parsing specifications, the little-endian mode is adopted, with the lower 8 bits in front and the higher 8 bits in the back;

帧数：数据打包功能将数据封装数据包后，如果数据包较大时，会按照规定的每帧发送数据最大长度，将数据包划分为小包数据发送到下位机。该位置记录一共划分了多少个小数据包，该位置长度为16byte，采用小端模式，低8位在前，高8位在后；Frame number: After the data packing function encapsulates the data into a data packet, if the data packet is large, it will divide the data packet into small packets according to the maximum length of data sent per frame and send it to the lower computer. This position records how many small data packets are divided in total. The length of this position is 16 bytes, using the little end mode, with the lower 8 bits in front and the upper 8 bits in the back;

数据位：当需要写入或返回数据时，该位置存放需要写入或返回的数据，该位置长度为需要写入或返回数据的长度；Data bit: When data needs to be written or returned, this position stores the data to be written or returned, and the length of this position is the length of the data to be written or returned;

CRC校验：下位机或上位机发送数据包前，会将数据进行CRC校验，并将校验的结果存放到该位置。在进行CRC计算时只用8个数据位，起始位、停止位和奇偶校验位，都不参与CRC计算。该位置长度为16byte，采用小端模式，低8位在前，高8位在后。CRC check: Before the lower or upper computer sends a data packet, it will perform a CRC check on the data and store the check result in this position. Only 8 data bits are used in the CRC calculation, and the start bit, stop bit, and parity bit are not involved in the CRC calculation. The length of this position is 16 bytes, using the little end mode, with the lower 8 bits in front and the higher 8 bits in the back.

当发送不同指令时发送报文的即时通讯协议的格式如下：The format of the instant messaging protocol when sending different commands is as follows:

当发送调试指令时，发送报文格式为8位标识码，8位终端地址、8位命令码组成，无需16位数据地址、16位数据长度、16位帧数、n位数据位和CRC校验。命令码包括但不限于单步执行、连续执行、暂停、结束调试、添加断点、清除断点、进入梯级、下一梯级和跳出梯级命令。When sending debugging instructions, the message format is composed of 8-bit identification code, 8-bit terminal address, and 8-bit command code, without 16-bit data address, 16-bit data length, 16-bit frame number, n-bit data bit and CRC check. The command code includes but is not limited to single-step execution, continuous execution, pause, end debugging, add breakpoint, clear breakpoint, enter ladder, next ladder and jump ladder commands.

当发送读指令时，发送报文格式为8位标识码，8位终端地址、8位命令码、16位数据地址和16位数据长度，无需16位帧数、n位数据位和16位CRC校验位。命令码包括但不限于读单个数据地址、读一片连续数据地址或读某个数据块地址。When sending a read command, the message format is 8-bit identification code, 8-bit terminal address, 8-bit command code, 16-bit data address and 16-bit data length, without 16-bit frame number, n-bit data bit and 16-bit CRC check bit. The command code includes but is not limited to reading a single data address, reading a continuous data address or reading a certain data block address.

当发送写指令时，发送报文格式为8位标识码、8位终端地址、8位命令码、16位数据地址、16位数据长度、16位帧数、n位数据位和16位CRC校验位。命令码包括但不限于写单个地址数据、写一片连续数据地址或写某个寄存器的值。When sending a write instruction, the message format is 8-bit identification code, 8-bit terminal address, 8-bit command code, 16-bit data address, 16-bit data length, 16-bit frame number, n-bit data bit and 16-bit CRC check bit. The command code includes but is not limited to writing a single address data, writing a continuous data address or writing the value of a register.

当下位机返回读指令请求时，返回报文格式为8位标识码、8位命令码、16位数据地址、16位数据长度、16位帧数、n位数据位和16位CRC校验位，无需8位终端地址，返回的命令码与接收命令码相同。When the lower computer returns a read instruction request, the returned message format is an 8-bit identification code, an 8-bit command code, a 16-bit data address, a 16-bit data length, a 16-bit frame number, n data bits and a 16-bit CRC check bit. An 8-bit terminal address is not required, and the returned command code is the same as the received command code.

当下位机返回写指令请求时，返回报文格式为8位标识码、8位命令码，无需8位终端地址、16位数据地址，16位数据长度、16位帧数、n位数据位和16位CRC校验位，返回的命令码与接收命令码相同。When the lower computer returns a write command request, the returned message format is an 8-bit identification code and an 8-bit command code. There is no need for an 8-bit terminal address, a 16-bit data address, a 16-bit data length, a 16-bit frame number, n data bits, and a 16-bit CRC check bit. The returned command code is the same as the received command code.

当下位机返回调试指令请求时，返回的命令码与接收命令码相同，命令码不同返回的报文格式不同。When the lower computer returns a debugging command request, the returned command code is the same as the received command code, and different command codes result in different message formats.

进一步地，所述数据采集和解析模块具体流程为：计算机发送请求数据，数据打包功能将标识码、终端地址、命令码、数据地址、数据长度、帧数、数据或CRC校验码打包成数据包后，判断是否需要数据包拆分，再经过数据转换把byteArray类型的数据包转换成二进制的数据流发送出去。PLC将接收到的数据解析，提取数据包的标识码和命令码，判断是否需要校验数据：Furthermore, the specific process of the data acquisition and analysis module is as follows: the computer sends the request data, the data packaging function packages the identification code, terminal address, command code, data address, data length, number of frames, data or CRC check code into a data packet, determines whether the data packet needs to be split, and then converts the byteArray type data packet into a binary data stream through data conversion and sends it out. The PLC parses the received data, extracts the identification code and command code of the data packet, and determines whether the data needs to be verified:

若不需要校验，则PLC直接执行请求报文；若校验不成功，则数据包接收错误则PLC返回异常响应；若校验成功，则数据包接收完成且正确，且根据数据包中的标识码和命令码PLC执行相应操作，并返回对应的请求响应；If verification is not required, the PLC directly executes the request message; if verification is unsuccessful, the data packet reception is incorrect and the PLC returns an abnormal response; if verification is successful, the data packet reception is complete and correct, and the PLC performs the corresponding operation according to the identification code and command code in the data packet, and returns the corresponding request response;

PLC返回对应的请求响应后，将PLC的请求响应数据进行打包，判断是否需要数据包拆分，然后数据包经过数据转换，转换成二进制数据流，计算机将接收到的数据包解析，提取数据包的标识码和命令码，并判断是否需要校验数据：After the PLC returns the corresponding request response, the PLC's request response data is packaged to determine whether the data packet needs to be split. The data packet is then converted into a binary data stream after data conversion. The computer parses the received data packet, extracts the identification code and command code of the data packet, and determines whether the data needs to be verified:

若不需要校验，则计算机直接执行请求响应；若校验不成功，则数据包接收错误则计算机提示接收错误；若校验成功，则数据包接收完成且正确，且根据数据包中的命令码计算机执行结束响应、接收数据并将返回的数据存入RECVDATA数组中、异常响应或调试结束等操作。If verification is not required, the computer directly executes the request response; if the verification is unsuccessful, the data packet is received incorrectly and the computer prompts a reception error; if the verification is successful, the data packet reception is complete and correct, and according to the command code in the data packet, the computer executes the end response, receives data and stores the returned data in the RECVDATA array, responds to an exception or ends debugging, and other operations.

具体的，所述校验方法为crc校验，为本领域人员常规校验方法不再赘述。Specifically, the verification method is CRC verification, which is a conventional verification method for those skilled in the art and will not be described in detail.

所述数据采集和解析模块指令和命令包括：The data acquisition and analysis module instructions and commands include:

巡检指令：在系统开始运行前，上位机向下位机发送巡检命令，上位机如果收到返回报文则代表上位机和下位机可以正常通讯，标识码为01。Inspection command: Before the system starts running, the upper computer sends an inspection command to the lower computer. If the upper computer receives a return message, it means that the upper computer and the lower computer can communicate normally, and the identification code is 01.

读取数据指令：上位机向下位机发送读取数据指令，该指令可以读取对应地址的数据或寄存器的状态，下位机接收成功后则返回对应报文。标识码为02，命令码包括：全局读取命令、I/O读取命令、单个数据地址读取命令、连续数据地址读取命令、数据块读取命令。Read data command: The upper computer sends a read data command to the lower computer. This command can read the data of the corresponding address or the status of the register. The lower computer returns the corresponding message after receiving it successfully. The identification code is 02, and the command codes include: global read command, I/O read command, single data address read command, continuous data address read command, and data block read command.

写入数据指令：上位机向下位机发送写入数据命令，该命令可以向对应地址的写入数据或强制写入某个寄存器的值，下位机接收并校验数据，校验成功后则进行写入操作，返回对应报文。标识码为03，命令码包括但不限于：单个数据地址写入命令、连续数据地址写入命令或寄存器写入命令。Write data instruction: The upper computer sends a write data command to the lower computer. This command can write data to the corresponding address or force the value of a register to be written. The lower computer receives and verifies the data. After the verification is successful, the write operation is performed and the corresponding message is returned. The identification code is 03, and the command code includes but is not limited to: single data address write command, continuous data address write command or register write command.

在线调试指令：上位机向下位机发送在线调试指令，打开虚拟调试系统，可以进行多种调试操作。标识码为04，命令码包括但不限于：单步执行命令、连续执行命令、调试结束命令、添加断点命令、暂停命令、清除断点命令、软复位命令、进入梯级命令、下一梯级命令和跳出梯级命令。Online debugging instructions: The upper computer sends online debugging instructions to the lower computer, opens the virtual debugging system, and can perform various debugging operations. The identification code is 04, and the command code includes but is not limited to: single-step execution command, continuous execution command, debugging end command, add breakpoint command, pause command, clear breakpoint command, soft reset command, enter ladder command, next ladder command, and jump out ladder command.

结束响应命令：下位机向上位机返回响应结束的命令，代表本次通讯已经结束。标识码与接收报文的标识码相同。End response command: The lower computer returns the end response command to the upper computer, indicating that the communication has ended. The identification code is the same as the identification code of the received message.

接收数据命令：下位机向上位机返回对应地址的数据，上位机接收并校验数据是否正确，校验成功后则上位机将返回的数据存到RECVDATA数组中暂存，并调用相应的处理程序执行后续操作，标识码为05。Receive data command: The lower computer returns the data of the corresponding address to the upper computer. The upper computer receives and verifies whether the data is correct. If the verification is successful, the upper computer stores the returned data in the RECVDATA array temporarily and calls the corresponding processing program to perform subsequent operations. The identification code is 05.

异常响应命令：下位机接收数据校验失败或返回报文失败，下位机则向上位机返回异常响应命令，标识码与接收报文的标识码相同。Abnormal response command: If the lower computer fails to verify the received data or fails to return the message, the lower computer returns an abnormal response command to the upper computer, and the identification code is the same as the identification code of the received message.

调试结束命令：上位机向下位机发送调试结束命令，下位机收到报文，关闭虚拟调试系统，程序恢复正常运行后，返回调试结束命令，代表调试完成已结束，标识码为04。Debug end command: The upper computer sends a debug end command to the lower computer. After the lower computer receives the message, it shuts down the virtual debugging system. After the program resumes normal operation, it returns a debug end command, indicating that the debugging is complete. The identification code is 04.

所述接收报文的标识码为：接收的标识码是多少则返回该标识码的值(如：接收标识码是02则返回标识码是02)，即哪一步出了问题就返回哪一步的标识码。The identification code of the received message is: the value of the identification code is returned according to the received identification code (eg, if the received identification code is 02, the returned identification code is 02), that is, the identification code of the step where the problem occurs is returned.

所述数据采集和解析模块包括以下功能：The data acquisition and analysis module includes the following functions:

所述数据采集和解析模块具有数据包拆分功能，如图4所示，具体数据包拆分流程为：首先判断封装好的数据包大小是否大于每帧发送数据最大长度(默认每帧发送数据最大长度为256个字节)，若大于，则分包处理，在每个小数据包后面添加序号码，若数据包发送失败则通过序号码确认丢失包，上位机重新发送该数据包(丢失包)；若不大于，则不进行分包处理，直接将数据包发送；若数据包发送失败则通过上位机重新发送整个数据包。如果用m表示数据包总长度，n表示每帧发送数据的最大长度，s表示数据分包的总数量，那么分包公式为：The data acquisition and analysis module has a data packet splitting function, as shown in Figure 4. The specific data packet splitting process is: first determine whether the size of the encapsulated data packet is greater than the maximum length of the data sent per frame (the default maximum length of the data sent per frame is 256 bytes). If it is greater, then sub-packet processing is performed, and a sequence number is added after each small data packet. If the data packet fails to be sent, the lost packet is confirmed by the sequence number, and the host computer resends the data packet (lost packet); if it is not greater, no sub-packet processing is performed, and the data packet is sent directly; if the data packet fails to be sent, the entire data packet is resent through the host computer. If m represents the total length of the data packet, n represents the maximum length of the data sent per frame, and s represents the total number of data sub-packets, then the sub-packetization formula is:

其中，m％n表示数据包总长度对每帧数据的最大长度取模运算，如果结果为0则代表可以被整除，如果大于0则不能被整除。n-1表示每帧数据的最大长度减去1字节得到实际每个数据包中存放的数据长度，m/(n-1)表示对每帧数据的最大长度减去1字节的序号码进行取整运算；Among them, m%n represents the total length of the data packet modulo the maximum length of each frame of data. If the result is 0, it means it is divisible, and if it is greater than 0, it is not divisible. n-1 means that the maximum length of each frame of data minus 1 byte is used to obtain the actual data length stored in each data packet. m/(n-1) means that the maximum length of each frame of data minus 1 byte of the sequence number is rounded up;

所述数据采集和解析模块具有自定义调整每帧发送数据最大长度功能，在数据打包完成后，会将数据包按照默认的每帧发送数据最大长度，转换成数据流传出(默认每帧发送数据最大长度为256字节)，如果数据包过大时，增大每帧发送数据最大长度，可以适当提高发送效率，数据较小时，适当减小每帧发送数据最大长度，可以提高数据传输的准确率，进而提高数据的传输效率，因此根据实际应用中存在的干扰以及数据包的大小，动态每帧发送数据最大长度，保证数据传输的完整性，优化数据包传输效率；The data acquisition and analysis module has a function of customizing the maximum length of data sent per frame. After the data is packaged, the data packet will be converted into a data stream according to the default maximum length of data sent per frame (the default maximum length of data sent per frame is 256 bytes). If the data packet is too large, the maximum length of data sent per frame can be increased to appropriately improve the transmission efficiency. When the data is small, the maximum length of data sent per frame can be appropriately reduced to improve the accuracy of data transmission, thereby improving the data transmission efficiency. Therefore, according to the interference existing in the actual application and the size of the data packet, the maximum length of data sent per frame is dynamically set to ensure the integrity of data transmission and optimize the data packet transmission efficiency.

所述数据采集和解析模块具有动态更改发送延时功能(默认50ms)，数据帧的发送、接收、数据包解析和将数据写入相对应的地址都需要时间，如果发送延时较小则会出现数据接收不完整进而导致程序崩溃，如果发送延时过大会出现较长的时间等待间隔进而导致发送速度较慢，因此根据不同类型的PLC，动态更改发送的延时时间，提高数据包传输效率；The data acquisition and analysis module has a function of dynamically changing the sending delay (default 50ms). The sending, receiving, data packet parsing and writing data to the corresponding address of the data frame all require time. If the sending delay is small, the data reception will be incomplete, which will cause the program to crash. If the sending delay is too large, there will be a long waiting interval, which will lead to a slow sending speed. Therefore, according to different types of PLCs, the sending delay time is dynamically changed to improve the efficiency of data packet transmission;

所述数据采集和解析模块具有断点重发功能，如果数据包传输的过程中存在干扰，导致数据传输中断，下位机返回已接收数据包的序号码，上位机根据返回的序号码，定位到丢失的是哪一帧数据包，上位机重新发送该包数据；The data acquisition and analysis module has a breakpoint retransmission function. If there is interference during the data packet transmission, resulting in data transmission interruption, the lower computer returns the sequence number of the received data packet, and the upper computer locates which frame of the data packet is lost according to the returned sequence number, and the upper computer resends the packet data;

所述通信模块具有配置通信事件的优先级功能：在上位机与下位机进行通信时可配置通信事件的优先级，数据采集和解析模块先对数据进行处理和分析，若存在优先级，则根据即时通信协议定义的优先级分配不同的优先权；若不存在优先级，则按照先后顺序传输。如果下位机存在通信负载较重的情况，对较为紧急的事件(比如某个寄存器的状态量变化、输出特定的值)分配较高的优先级，使该通信事件在多个任务并发的情况下，免于排队，优先完成传输。对于一些滞后传输也不会对PLC的运行造成很大影响的事件，可以分配较低的优先级。The communication module has the function of configuring the priority of communication events: the priority of communication events can be configured when the upper computer communicates with the lower computer. The data acquisition and analysis module first processes and analyzes the data. If there is a priority, different priorities are assigned according to the priority defined by the instant communication protocol; if there is no priority, the data is transmitted in order. If the lower computer has a heavy communication load, a higher priority is assigned to more urgent events (such as changes in the state of a register, output of a specific value), so that the communication event is exempted from queuing and the transmission is completed first when multiple tasks are concurrent. For some events whose delayed transmission will not have a great impact on the operation of the PLC, a lower priority can be assigned.

S2、下位机响应请求报文中的标识码和命令码运行并返回响应请求，经所述数据采集和解析模块进行打包处理和解析传至上位机；S2, the lower computer responds to the identification code and command code in the request message and returns the response request, which is packaged and analyzed by the data acquisition and analysis module and transmitted to the upper computer;

下位机将接收到的数据解析，提取数据包的标识码和命令码，判断是否需要校验数据，如果数据包接收错误则下位机返回异常响应；若数据包接收完成且正确，下位机根据数据包中的标识码和命令码执行操作，并返回对应的请求响应。The lower computer parses the received data, extracts the identification code and command code of the data packet, and determines whether the data needs to be verified. If the data packet is received incorrectly, the lower computer returns an abnormal response; if the data packet is received correctly, the lower computer performs operations according to the identification code and command code in the data packet, and returns the corresponding request response.

S3、上位机接收响应请求以实现对下位机的在线监控和调试。S3. The upper computer receives the response request to realize online monitoring and debugging of the lower computer.

本实施例还公布了一种PLC在线监控与调试系统，包括：通过通信模块通信的上位机和下位机；所述上位机设备发出请求消息至通信模块，经通信模块处理发送至下位机进行运行，所述下位机运行结束后发出响应请求至通信模块，再经通信模块处理发送至上位机；This embodiment also discloses a PLC online monitoring and debugging system, including: an upper computer and a lower computer communicating through a communication module; the upper computer sends a request message to the communication module, which is processed by the communication module and sent to the lower computer for operation; after the lower computer completes the operation, it sends a response request to the communication module, which is then processed by the communication module and sent to the upper computer;

所述通信模块包括即时通信协议和数据采集和解析模块，所述即时通信协议规定了数据的格式、传输和解析；所述数据采集和解析模块对接收到的数据进行打包处理和解析；The communication module includes an instant communication protocol and a data collection and analysis module. The instant communication protocol specifies the format, transmission and analysis of data; the data collection and analysis module packages and analyzes the received data;

所述上位机包括监控模块和调试模块，所述监控模块实现对下位机的监控，所述调试模块实现对下位机的调试。The upper computer includes a monitoring module and a debugging module. The monitoring module realizes monitoring of the lower computer, and the debugging module realizes debugging of the lower computer.

所述数据采集和解析模块包括数据处理单元、数据转换单元和数据解析单元；The data acquisition and analysis module includes a data processing unit, a data conversion unit and a data analysis unit;

所述数据处理单元负责数据包的拆分和将数据打包成一整个数据包；The data processing unit is responsible for splitting the data packets and packaging the data into a whole data packet;

所述数据转换单元负责将bytearray类型数据包转换为二进制数据流；The data conversion unit is responsible for converting the bytearray type data packet into a binary data stream;

所述数据解析单元负责将接收到的数据包进行解析，先判断是否需要CRC校验，需要校验则校验后解析并传输至上位机或下位机；不需要校验则直接解析并传输。The data parsing unit is responsible for parsing the received data packets, first determining whether CRC verification is required, and if verification is required, parsing and transmitting the data packets to the upper computer or the lower computer; if verification is not required, parsing and transmitting the data packets directly.

实施例2Example 2

本实施例与实施例1基本相同，不同之处在于，步骤S3中在线监控的方法为：This embodiment is basically the same as Embodiment 1, except that the method for online monitoring in step S3 is:

所述监控模块如图5所示，三种监控功能都通过通信读取地址当前的值信息，保存相应的地址信息，并且可以实时修改对应地址的值，达到对整个PLC的监控目的。本系统上位机对下位机的监控通过通信来完成，两者之间使用上文所述的即时通讯协议，以数据帧的形式交换数据信息。交换数据信息有两种情况：一是计算机作为上位机读取PLC内存单元的数据，二是计算机作为上位机把数据写入PLC。The monitoring module is shown in Figure 5. The three monitoring functions all read the current value information of the address through communication, save the corresponding address information, and can modify the value of the corresponding address in real time to achieve the purpose of monitoring the entire PLC. The monitoring of the lower computer by the upper computer of this system is completed through communication. The two use the instant messaging protocol described above to exchange data information in the form of data frames. There are two situations for exchanging data information: one is that the computer reads the data of the PLC memory unit as the upper computer, and the other is that the computer writes data into the PLC as the upper computer.

所述监控模块描述了一种高效、快速和CPU负载较小的PLC状态查看方式，根据不同的用户需求，可实时反映PLC运行状况。所述监控模块具有全局监控、I/O监控和自定义监控三种监控功能，并且具有轮询监控和手动监控两种监控方式，可组合成六种监控模式。The monitoring module describes an efficient, fast and low CPU load PLC status viewing method, which can reflect the PLC operation status in real time according to different user needs. The monitoring module has three monitoring functions: global monitoring, I/O monitoring and custom monitoring, and has two monitoring methods: polling monitoring and manual monitoring, which can be combined into six monitoring modes.

所述全局监控功能：对程序内的所有变量、正在使用的地址和指令进行监控；The global monitoring function: monitors all variables, addresses and instructions in use within the program;

所述I/O监控功能：监控所有正在使用的I点和Q点的状态，监控图表显示程序使用到的I点和Q点并通过0或1来判断该I点和Q点接通状态，1为接通，0为断开。The I/O monitoring function: monitors the status of all I points and Q points in use, the monitoring chart displays the I points and Q points used by the program and determines the connection status of the I points and Q points by 0 or 1, 1 for connection and 0 for disconnection.

所述自定义监控功能包括：①对单个数据地址监控：获取指定数据地址的值(比如某个位、某个字节或某个双字节)并可以在上位机监控图表上实时显示；②对连续数据地址监控：获取一段连续数据地址的值，该段连续的数据地址存放数据的类型相同；③对数据块监控：可以获得某块指定数据块的值，该数据块存放数据的类型相同。The custom monitoring functions include: ① monitoring a single data address: obtaining the value of a specified data address (such as a bit, a byte or a double byte) and displaying it in real time on a host computer monitoring chart; ② monitoring continuous data addresses: obtaining the value of a segment of continuous data addresses, and the type of data stored in this segment of continuous data addresses is the same; ③ monitoring data blocks: the value of a specified data block can be obtained, and the type of data stored in this data block is the same.

所述轮询监控方式：下位机会按照设置的轮询周期向上位机返回响应请求，上位机接收并在监控图表界面进行实时数据刷新。在轮询监控下可以手动的配置轮询周期，默认为500ms；Polling monitoring mode: The lower computer returns a response request to the upper computer according to the set polling cycle, and the upper computer receives and refreshes the real-time data in the monitoring chart interface. The polling cycle can be manually configured under polling monitoring, and the default is 500ms;

所述手动监控方式：上位机通过串口中断发送监控请求报文，监控请求报文发送完，将上位机恢复为接收状态准备接收下位机应答报文：接收过程中采用定时器，判断报文是否接收完成，当接收完某帧数据后，若规定时间内仍无新数据帧到来(即通信空闲时间结束)，则判断数据包接收结束。当中断结束后，监控处于暂停状态，上位机需要重新开启轮询监控或手动监控才能再次监控下位机数据。The manual monitoring method is as follows: the host computer sends a monitoring request message through the serial port interrupt. After the monitoring request message is sent, the host computer is restored to the receiving state to prepare to receive the response message of the lower computer: a timer is used in the receiving process to determine whether the message is received. After receiving a certain frame of data, if no new data frame arrives within the specified time (that is, the communication idle time ends), it is determined that the data packet reception is completed. When the interrupt ends, the monitoring is in a suspended state, and the host computer needs to restart polling monitoring or manual monitoring to monitor the lower computer data again.

具体中断流程如图6所示：串口中断进入，判断是下位机是否接收到中断，如果接收到中断则启动定时器，将SENDING标志位置为1，上位机接收并组装数据帧，通过判断接收结束标志位是否为1判定是否接收完成，如果数据没有接收结束则复位定时器，等待接收并组装数据帧；如果接收结束将SENDING标志位置为0，则接收结束并且串口中断返回；The specific interruption process is shown in Figure 6: the serial port interruption enters, and it is determined whether the lower computer receives the interruption. If the interruption is received, the timer is started, and the SENDING flag is set to 1. The upper computer receives and assembles the data frame, and determines whether the reception is completed by judging whether the reception end flag is 1. If the data reception is not completed, the timer is reset, and the reception and assembly of the data frame are waiting; if the reception is completed, the SENDING flag is set to 0, and the reception is completed and the serial port interrupt returns;

如果下位机没有接收到中断，则启动定时器，上位机重新发送中断请求，在规定时间内接收到中断请求则复位定时器，发送数据；如果没有收到中断请求则显示中断接收异常。If the lower computer does not receive the interrupt, the timer is started and the upper computer resends the interrupt request. If the interrupt request is received within the specified time, the timer is reset and the data is sent; if the interrupt request is not received, the interrupt reception exception is displayed.

所述组合的六种监控模式如下：The six monitoring modes of the combination are as follows:

监控模式1：在使用轮询监控的方式下，开启全局监控功能，会按照轮询周期返回全局监控的变量、寄存器、地址和指令的值或状态。Monitoring mode 1: When using polling monitoring, the global monitoring function is turned on and the value or status of the globally monitored variables, registers, addresses, and instructions will be returned according to the polling cycle.

监控模式2：在使用轮询监控的方式下，开启I/O监控功能，会按照轮询周期返回监控的I点和O点的状态。Monitoring mode 2: When using polling monitoring, turn on the I/O monitoring function and the status of the monitored I and O points will be returned according to the polling cycle.

监控模式3：在使用轮询监控的下，开启自定义监控功能分为三种子模式。Monitoring mode 3: When using polling monitoring, the custom monitoring function is divided into three sub-modes.

子模式1会按照轮询周期返回指定单个数据地址的值；子模式2会按照轮询周期返回一段连续数据地址的值；子模式3会按照轮询周期返回数据块地址的值。Sub-mode 1 returns the value of a specified single data address according to the polling cycle; sub-mode 2 returns the value of a continuous data address according to the polling cycle; sub-mode 3 returns the value of a data block address according to the polling cycle.

监控模式4：在手动监控的方式下，开启全局监控，当下位机收到全局监控的命令，返回一次全局监控的变量、寄存器、地址和指令的值或状态。Monitoring mode 4: In manual monitoring mode, global monitoring is turned on. When the lower computer receives the command of global monitoring, it returns the value or status of the variables, registers, addresses and instructions of global monitoring.

监控模式5：在手动监控的方式下，开启I/O监控功能，下位机收到I/O监控的命令，返回一次监控的I点和O点的状态。Monitoring mode 5: In manual monitoring mode, turn on the I/O monitoring function. The lower computer receives the I/O monitoring command and returns the status of the monitored I and O points.

监控模式6：在手动监控的方式下、开启自定义监控功能分为三种子模式。子模式1，下位机收到单个数据地址监控命令，返回一次指定单个数据地址的值；子模式2，下位机收到连续数据地址监控命令，返回一次一段连续数据地址的值；子模式3，下位机收到数据块地址监控命令，返回一次数据块地址的值。Monitoring mode 6: In manual monitoring mode, the custom monitoring function is divided into three sub-modes. Sub-mode 1, the lower computer receives a single data address monitoring command and returns the value of a specified single data address once; sub-mode 2, the lower computer receives a continuous data address monitoring command and returns the value of a continuous data address once; sub-mode 3, the lower computer receives a data block address monitoring command and returns the value of a data block address once.

命令码字段包含但不限于以下命令：巡检命令、全局监控命令、I/O监控命令、读取或写入单个数据地址命令、读取或写入一段连续数据地址命令、读取或写入一次数据块地址命令，下位机返回命令码相同。The command code field includes but is not limited to the following commands: inspection command, global monitoring command, I/O monitoring command, read or write single data address command, read or write a continuous data address command, read or write a data block address command, and the lower computer returns the same command code.

监控流程如图5所示，程序开始运行后，上位机发送对应的监控报文，下位机如果收到报文，解析监控标识码执行判断是否是读指令，如果是读指令，则解析命令码，执行相应的从PLC读取数据的操作。如果不是读指令则判断是否是写指令，如果是写指令，则解析命令码，则执行相应将数据写入PLC的操作，如果不是写指令则为其它指令(比如巡检指令，调试指令)，执行其它操作，下位机发送返回报文，监控通讯结束。如果没有收到报文，则重新发送报文，超过五次则判定报文发送失败。The monitoring process is shown in Figure 5. After the program starts running, the upper computer sends the corresponding monitoring message. If the lower computer receives the message, it will parse the monitoring identification code to determine whether it is a read instruction. If it is a read instruction, it will parse the command code and execute the corresponding operation of reading data from the PLC. If it is not a read instruction, it will determine whether it is a write instruction. If it is a write instruction, it will parse the command code and execute the corresponding operation of writing data to the PLC. If it is not a write instruction, it is other instructions (such as inspection instructions, debugging instructions). After executing other operations, the lower computer sends a return message and the monitoring communication ends. If the message is not received, the message will be resent. If it exceeds five times, it will be determined that the message sending failed.

实施例3Example 3

本实施例与实施例1、实施例2基本相同，不同之处在于，本实施例为描述了一种在虚拟调试系统中利用断点向量表和梯级向量表的上位机对下位机的调试方法。所述方法中S3中调试的方法具体包括：断点和断点向量表的实现、梯级的控制和梯级向量表的实现、虚拟调试系统的搭建和调试、多种调试功能的实现。This embodiment is basically the same as Embodiment 1 and Embodiment 2, except that this embodiment describes a method for debugging a lower computer by a host computer using a breakpoint vector table and a ladder vector table in a virtual debugging system. The debugging method in S3 of the method specifically includes: realization of breakpoints and breakpoint vector tables, control of ladders and realization of ladder vector tables, construction and debugging of a virtual debugging system, and realization of multiple debugging functions.

文中出现的程序包括主程序和子程序，主程序为子程序的入口，执行程序时可从主程序中调用子程序，在本领域属于公知常识。The programs mentioned in this article include main programs and subprograms. The main program is the entry point to the subprogram. When executing the program, the subprogram can be called from the main program, which is common knowledge in the art.

在调试功能的图形化设计界面上中需要将程序暂停在某个梯形图位置上，该位置称梯形图断点(断点)，所述调试功能的图形化设计界面为本领域常识。所述断点向量表是一个由序号、程序号和行号组成的结构体数组，如图7所示。在点击添加断点后会将该行梯形图调试信息中的程序号和行号加入到断点向量表中，比如(0，5)则代表在主程序中第五行处暂停，(1，10)则代表在子程序1中的第10行程序处暂停。本调试系统中支持查看断点向量表的数据，更加清晰简单的确定断点的位置，便于后续调试工作。In the graphical design interface of the debugging function, the program needs to be paused at a certain ladder diagram position, which is called a ladder diagram breakpoint (breakpoint). The graphical design interface of the debugging function is common knowledge in this field. The breakpoint vector table is a structure array composed of a sequence number, a program number, and a line number, as shown in Figure 7. After clicking Add Breakpoint, the program number and line number in the ladder diagram debugging information of that line will be added to the breakpoint vector table. For example, (0, 5) means pausing at the fifth line in the main program, and (1, 10) means pausing at the 10th line of the program in subroutine 1. This debugging system supports viewing the data of the breakpoint vector table, which makes it clearer and simpler to determine the position of the breakpoint, which is convenient for subsequent debugging work.

所述调试信息是包括程序号和行号的结构体，如图7所示。具体每行程序调试信息初始化过程为：主程序中的梯形图程序的程序号为0，子程序1中的所有梯形图程序的程序号为1，子程序2中的所有梯形图程序的程序号为2，按照递增顺序每次增加1。行号在主程序中第一行梯形图程序的行号为0，第二行梯形图程序为1，第二行梯形图程序为2，在子程序中第一行梯形图程序的行号为0，第二行梯形图程序为1，在不同的程序中梯形图行号会进行重置，从0开始每行增加1。梯级号在程序刚开始后梯级号默认为1，当进入程序中调用的函数或子程序时梯级号加1，当跳出函数或者子程序时梯级号减1，以此类推。The debugging information is a structure including a program number and a line number, as shown in FIG7. The specific initialization process of the debugging information for each line of the program is: the program number of the ladder program in the main program is 0, the program number of all ladder programs in subprogram 1 is 1, and the program number of all ladder programs in subprogram 2 is 2, and it increases by 1 each time in ascending order. The line number of the first line of the ladder program in the main program is 0, the second line of the ladder program is 1, and the second line of the ladder program is 2. The line number of the first line of the ladder program in the subprogram is 0, and the second line of the ladder program is 1. The ladder line number will be reset in different programs, starting from 0 and increasing by 1 for each line. The rung number defaults to 1 at the beginning of the program. When entering the function or subroutine called in the program, the rung number increases by 1, and when jumping out of the function or subroutine, the rung number decreases by 1, and so on.

进一步地，所述断点和断点向量表的实现具体为：点击添加断点，首先对断点向量表进行遍历判断是否重复添加，重复添加则显示断点已存在，不重复添加则将该行梯形图程序的程序号和行号加入到断点向量表中；点击删除断点，对断点向量表进行遍历，存在断点则将该断点信息删除，不存在则显示删除失败；Further, the breakpoint and breakpoint vector table are specifically implemented as follows: click Add Breakpoint, first traverse the breakpoint vector table to determine whether it is added repeatedly, if it is added repeatedly, it will be displayed that the breakpoint already exists, if it is not added repeatedly, the program number and line number of the ladder diagram program line will be added to the breakpoint vector table; click Delete Breakpoint, traverse the breakpoint vector table, if there is a breakpoint, delete the breakpoint information, if not, it will be displayed that the deletion failed;

所述梯级向量表是一个由程序号、行号和梯级号(默认为1)组成的结构体数组，如图9所示，此时梯级向量表中的梯级信息为(0，21，1)和(1，10，2)。通过梯级向量表的方式实现跳出梯级只需每次遍历梯级向量表且梯级向量表中的存储的梯级信息较少，每进入一次梯级添加一条梯级信息，每跳出一次梯级删除一条梯级信息(实际调试过程中可能只有1-5条梯级信息)，相比于每次跳出梯级都要先查看是否存在与其父梯级同级的下一梯级，直到到达母线(几何用语，属于本领域公知常识)处的方法更加简单直接，极大的节省了调试过程中梯级控制花费的时间。The ladder vector table is a structure array composed of a program number, a row number and a ladder number (the default is 1), as shown in FIG9 , at this time, the ladder information in the ladder vector table is (0, 21, 1) and (1, 10, 2). To realize jumping out of the ladder by means of the ladder vector table, it is only necessary to traverse the ladder vector table each time and the ladder information stored in the ladder vector table is relatively small, and a ladder information is added each time a ladder is entered, and a ladder information is deleted each time a ladder is jumped out (there may be only 1-5 ladder information in the actual debugging process). Compared with the method of checking whether there is a next ladder at the same level as its parent ladder each time a ladder is jumped out, until reaching the busbar (a geometric term, which belongs to common knowledge in this field) is more simple and direct, which greatly saves the time spent on ladder control during the debugging process.

进一步地，所述梯级的控制和梯级向量表的实现具体为，如图10所示：进入梯级指令会根据梯级向量表定位到程序中下一处调用函数或者子程序的位置，首先将调用函数或子程序此行程序下一行梯形图程序的梯级信息加入到梯级向量表中，然后再进入函数或子程序中，同时梯级号加1；当跳出梯级、函数执行完成或子程序执行完成后，程序返回上一梯级时只需将梯级号减1，根据此时的梯级号查询梯级向量表，找到此时梯级号对应的梯级信息，根据梯级信息中的程序号和行号，跳转到指定位置后删除梯级向量表中此条梯级信息，以此实现调试中对程序的梯级控制。Furthermore, the control of the ladder and the implementation of the ladder vector table are specifically as shown in Figure 10: the ladder instruction entering will locate the next location of the function or subroutine call in the program according to the ladder vector table, first add the ladder information of the ladder diagram program on the next line of the calling function or subroutine to the ladder vector table, and then enter the function or subroutine, and increase the ladder number by 1; when jumping out of the ladder, the function execution is completed, or the subroutine execution is completed, when the program returns to the previous ladder, it only needs to reduce the ladder number by 1, query the ladder vector table according to the ladder number at this time, find the ladder information corresponding to the ladder number at this time, and delete this ladder information in the ladder vector table after jumping to the specified position according to the program number and line number in the ladder information, so as to realize the ladder control of the program during debugging.

例如：进入梯级前，找到调用函数或子程序的位置，该行梯形图程序的程序号，行号和此时梯级号为(0，20，1)，当进入梯级之前会将该行梯形图程序的下一行梯形图程序的程序号、行号和此时梯级号存储到梯级向量表中，需要保存的程序号，行号和梯级号为(0，21，1)，然后进入梯级，首先进入到函数或者子程序中第一行的位置处(此处以进入子程序为例)，进入子程序中1中，此时程序号，行号和梯级号为(1，0，2)，如果想跳出梯级，只需在梯级减1，在向量表中找到梯级号为1的梯级信息，然后直接跳转到程序号和行号(0，21)的位置，然后将梯形向量表中(0，21，1)的梯级信息删除，依次类推来实现梯级控制。For example: before entering the ladder, find the location of the calling function or subroutine. The program number, row number and rung number of the ladder diagram program in this row are (0, 20, 1). Before entering the ladder, the program number, row number and rung number of the ladder diagram program in the next row of the ladder diagram program in this row are stored in the ladder vector table. The program number, row number and rung number that need to be saved are (0, 21, 1). Then enter the ladder and first enter the first row of the function or subroutine (here taking entering the subroutine as an example). Enter subroutine 1. At this time, the program number, row number and rung number are (1, 0, 2). If you want to jump out of the ladder, just subtract 1 from the rung, find the rung information with rung number 1 in the vector table, and then jump directly to the program number and row number (0, 21). Then delete the rung information in the ladder vector table (0, 21, 1), and so on to achieve ladder control.

为保证调试的安全性，本系统采用将下位机中原程序在flash预留备份地址中进行备份后，将原系统作为虚拟调试系统进行调试操作，调试结束后虚拟调试系统恢复为原系统，如图11所示。To ensure the security of debugging, this system backs up the original program in the lower computer in the reserved backup address of the flash, and then uses the original system as a virtual debugging system for debugging operations. After debugging, the virtual debugging system is restored to the original system, as shown in Figure 11.

进一步地，所述虚拟调试系统的搭建和调试：将原程序在flash中进行备份后，将原系统作为虚拟调试系统进行调试操作。对备份的程序与原程序进行比较，验证是否备份正确，如果验证成功，则虚拟调试系统开始工作，在调试结束后将所有的调试信息包括调试运行的程序全部清除，将备份的原程序写入到原系统，程序恢复正常运行，虚拟调试系统恢复为原系统；如果备份程序验证失败则返回程序备份错误信息；Furthermore, the construction and debugging of the virtual debugging system: after backing up the original program in the flash, the original system is used as a virtual debugging system for debugging. The backed-up program is compared with the original program to verify whether the backup is correct. If the verification is successful, the virtual debugging system starts working. After the debugging is completed, all debugging information including the debugged program is cleared, and the backed-up original program is written to the original system. The program resumes normal operation and the virtual debugging system is restored to the original system. If the backup program verification fails, the program backup error information is returned.

进一步地，所述多种调试功能的实现包括，如图13所示：程序控制和梯级控制；所述程序控制包括：单步执行、连续执行、暂停、结束调试、添加断点、清除断点；所述梯级控制包括：进入梯级、下一梯级、跳出梯级；所述多种调试功能可精确高效的控制每行梯形图程序，直观的显示调试过程中正在运行指令的状态和使用到的各触点的值，同时可以通过调用监控图表查看调试过程中内存地址的数据。Furthermore, the implementation of the various debugging functions includes, as shown in Figure 13: program control and ladder control; the program control includes: single-step execution, continuous execution, pause, end debugging, add breakpoints, and clear breakpoints; the ladder control includes: enter the ladder, next ladder, and jump out of the ladder; the various debugging functions can accurately and efficiently control each line of the ladder diagram program, intuitively display the status of the running instructions and the values of each contact used during the debugging process, and at the same time, the data of the memory address during the debugging process can be viewed by calling the monitoring chart.

优选地，所述虚拟调试系统工作流程如图12所示：首先对程序进行初始化，对每行程序赋予一个唯一的调试信息，等待调试命令(包括单步执行、连续执行、结束调试、添加断点、清除断点、暂停、清除断点、软复位、进入梯级、下一梯级和跳出梯级)。程序开始运行，在程序运行过程中有新的调试命令则执行新的调试命令，没有则继续运行；程序在运行到每行代码之前，将该行代码的程序号和行号与断点向量表中的程序号和行号进行比较，判断是否有断点，没有断点则执行下一行程序；有断点则程序暂停在此行，等待下一步的调试命令，直到调试结束；调试结束后删除原程序，虚拟调试系统恢复原系统。Preferably, the virtual debugging system workflow is as shown in FIG12: first, the program is initialized, each line of the program is assigned a unique debugging information, and the debugging command (including single-step execution, continuous execution, end debugging, add breakpoints, clear breakpoints, pause, clear breakpoints, soft reset, enter rung, next rung, and exit rung) is waited. The program starts to run. If there is a new debugging command during the program running process, the new debugging command is executed, otherwise it continues to run; before the program runs to each line of code, the program number and line number of the line of code are compared with the program number and line number in the breakpoint vector table to determine whether there is a breakpoint, and if there is no breakpoint, the next line of the program is executed; if there is a breakpoint, the program is paused at this line, waiting for the next debugging command until the debugging is completed; after the debugging is completed, the original program is deleted, and the virtual debugging system restores the original system.

梯形图在整个设计过程中是以梯级的形式存在，因此在线调试以此为依据分为对程序的控制和对梯级的控制。The ladder diagram exists in the form of steps during the entire design process, so online debugging is divided into program control and ladder control based on this.

在调试开始后，单步执行、连续执行、结束调试、添加断点、进入梯级、下一梯级和软复位使能打开，暂停、清除断点和跳出梯级使能关闭。After debugging starts, single-step execution, continuous execution, end debugging, add breakpoints, enter rung, next rung and soft reset are enabled, and pause, clear breakpoints and jump out rung are enabled and disabled.

单步执行：点击单步执行后，发送调试指令和单步执行命令码(报文格式为标识码、终端地址和命令码，标识码为调试指令，终端地址为下位机地址，命令码为单步执行命令码)，需要返回报文，得到当前程序暂停的程序号和行号，无需对该行梯形图程序进行的断点检测(所述的断点检测，即将该梯形图程序的程序号和行号与断点向量表进行比较)直接进入到下一行梯形图程序并在此行程序暂停。Single-step execution: After clicking single-step execution, the debugging instruction and single-step execution command code are sent (the message format is identification code, terminal address and command code, the identification code is the debugging instruction, the terminal address is the lower computer address, and the command code is the single-step execution command code). The message needs to be returned to obtain the program number and line number of the current program pause. There is no need to perform breakpoint detection on this line of ladder diagram program (the breakpoint detection is to compare the program number and line number of the ladder diagram program with the breakpoint vector table) to directly enter the next line of ladder diagram program and pause at this line of program.

连续执行：在没有添加断点的情况下(断点向量表为空时)，点击连续执行，发送调试指令和连续执行命令码，无需返回报文，不会进行断点检测，暂停、结束调试和软复位使能打开，其余使能关闭，程序正常运行到结尾处停止。在有添加断点的情况下，点击连续执行，会对每行程序检测其程序号和行号，暂停使能关闭，其余使能打开，程序最终会暂停在断点处。Continuous execution: When no breakpoints are added (when the breakpoint vector table is empty), click Continuous Execution to send debugging instructions and continuous execution command codes. No return message is required, breakpoint detection will not be performed, pause, end debugging, and soft reset are enabled, and the rest are disabled. The program runs normally until it stops at the end. When breakpoints are added, click Continuous Execution to detect the program number and line number of each line of the program, disable the pause enable, and enable the rest. The program will eventually pause at the breakpoint.

暂停：只有在连续运行的时候暂停功能使能打开，点击暂停，发送调试指令和暂停命令码，需要返回报文，得到当前程序暂停的程序号和行号，程序暂停后，暂停使能关闭，其余使能打开。Pause: The pause function can only be enabled during continuous running. Click Pause, send the debug command and pause command code, and return a message to get the program number and line number of the current program pause. After the program is paused, the pause function is turned off and the rest functions are turned on.

结束调试：点击结束调试，发送调试指令和调试结束命令码，返回报文，调试系统所有使能均关闭，删除所有的调试信息和调试程序，将备份的程序重新写入到原系统中，调试结束，程序恢复到正常运行。End debugging: Click to end debugging, send debugging instructions and debugging end command code, return message, all debugging system enables are turned off, all debugging information and debugging programs are deleted, and the backed-up program is rewritten into the original system. Debugging ends and the program returns to normal operation.

添加断点：点击添加断点，发送调试指令和添加断点命令码，需要返回报文，得到当前断点的程序号和行号，将当前行梯形图程序的程序号和行号加入断点向量表。如果断点向量表中已有当前的行的断点信息则显示重复添加；如果断点设置成功，在调试系统界面的该行梯形图程序处增加断点标记，直观的显示出程序在此处暂停。Add breakpoint: Click Add Breakpoint, send debugging instructions and add breakpoint command code, need to return message, get the program number and line number of the current breakpoint, add the program number and line number of the current line of ladder diagram program to the breakpoint vector table. If the breakpoint vector table already has the breakpoint information of the current line, it will show that it is added repeatedly; if the breakpoint is set successfully, add a breakpoint mark to the line of ladder diagram program in the debugging system interface, and intuitively show that the program is paused here.

清除断点：清除断点分为单行清除和全部清除。点击单行清除，发送调试指令和单行清除命令码，无需返回报文，会在断点向量表中删除指定行的程序号和行号，同时清除该行梯形图程序在调试系统界面的断点标记；点击全部清除，发送调试指令和全部清除命令码，无需返回报文，会删除断点向量表中所有的断点信息，同时清除调试系统中的所有断点标记。可以通过查看调试系统界面的断点标记或断点向量表中的断点信息是否被清除，判断是否清除成功。Clear breakpoints: Clear breakpoints can be cleared in single line or all. Click Clear Single Line to send debugging instructions and clear single line command code without returning message. The program number and line number of the specified line will be deleted in the breakpoint vector table, and the breakpoint mark of the ladder diagram program in the debugging system interface will be cleared. Click Clear All to send debugging instructions and clear all command code without returning message. All breakpoint information in the breakpoint vector table will be deleted, and all breakpoint marks in the debugging system will be cleared. You can check whether the breakpoint mark in the debugging system interface or the breakpoint information in the breakpoint vector table is cleared to determine whether the clearing is successful.

软复位：点击软复位，发送调试指令和软复位命令码，无需返回报文，暂停使能关闭，其余使能打开。断点信息将会被保留，程序恢复到调试准备状态，从主程序的第一行程序开始执行其他调试操作。Soft reset: Click soft reset to send debugging instructions and soft reset command codes, without returning messages, turn off the pause enable and turn on the rest of the enable. The breakpoint information will be retained, the program will be restored to the debugging ready state, and other debugging operations will be performed from the first line of the main program.

进入梯级：点击进入梯级，发送调试指令和进入梯级命令码，需要返回报文，得到当前梯形图程序的梯级号，暂停使能关闭其余使能打开。进入梯级指令会自动找到所在程序中下一处调用函数或者子程序的位置，进入梯级之前会将该行梯形图程序的下一行梯形图程序的程序号、行号和此时的梯级号存储到梯级向量表中。进入到函数或者子程序中，在函数或子程序的第一行梯形图程序处暂停，梯级号加1，此时梯形图程序的梯级号为2(默认为梯级号为1，每进入一次梯级，梯级号加1)。如果所在程序中没有调用函数或者子程序则显示进入梯级失败。Enter the ladder: Click Enter the ladder, send the debug command and the Enter the ladder command code, and return the message to get the ladder number of the current ladder program, pause the enable and turn off the rest of the enable. The Enter the ladder command will automatically find the next location in the program where the function or subroutine is called. Before entering the ladder, the program number, line number and ladder number of the next line of the ladder program of the line of ladder program will be stored in the ladder vector table. Enter the function or subroutine, pause at the first line of the ladder program of the function or subroutine, and increase the ladder number by 1. At this time, the ladder number of the ladder program is 2 (the default ladder number is 1, and the ladder number increases by 1 each time the ladder is entered). If there is no function or subroutine called in the program, it will be displayed that the ladder failed to enter.

下一梯级：点击下一梯级，发送调试指令和下一梯级命令码，需要返回报文，得到当前梯形图程序暂停的程序号、行号和梯级号，暂停使能关闭其余使能打开。进入梯级指令会自动找到所在程序中下一处调用函数或者子程序的位置并在此行暂停，如果所在程序中没有调用函数或者子程序则显示寻找下一梯级失败。Next rung: Click the next rung to send the debug command and the next rung command code. You need to return a message to get the program number, line number and rung number of the current ladder diagram program that is paused. The pause enable is turned off and the rest are turned on. The enter rung command will automatically find the next location in the program where the function or subroutine is called and pause at this line. If there is no function or subroutine called in the program, it will show that the search for the next rung failed.

跳出梯级：点击跳出梯级，发送调试指令和跳出梯级命令码，需要返回报文，得到当前梯形图程序暂停的程序号、行号和梯级号，暂停使能关闭其余使能打开。跳出梯级、函数执行完或子程序执行完，返回上一梯级的程序中，是根据动态的梯级号完成的，梯级号减1，在梯级向量表中查询梯级号相同的梯级信息并跳转到该行程序。Jump out of the ladder: Click Jump out of the ladder, send the debugging instruction and the jump out of the ladder command code, and need to return the message to get the program number, line number and ladder number of the current ladder program paused, and turn off the pause enable and turn on the rest. Jump out of the ladder, the function is executed, or the subroutine is executed. Return to the previous ladder program, which is completed according to the dynamic ladder number. The ladder number is reduced by 1, and the ladder information with the same ladder number is queried in the ladder vector table and jump to the line of the program.

本实施例所述的调试系统的图形化界面根据能流是否通过对指令进行颜色区分，有能流通过的指令进行高亮显示，没有能流通过的指令为暗灰色，将有能流通过的连接线样式设置为实线同时高亮显示，将没有能流通过的连接线样式设置为虚线同时颜色设置为暗灰色。图形化界面有单步执行、连续执行、添加断点、清除断点、暂停、进入梯级、下一级梯级、跳出梯级、暂停、软复位、调试结束、监控图表等按钮。The graphical interface of the debugging system described in this embodiment distinguishes the colors of instructions according to whether the energy flow passes through. Instructions with energy flow passing through are highlighted, and instructions without energy flow passing through are dark gray. The connection line style with energy flow passing through is set to solid line and highlighted, and the connection line style without energy flow passing through is set to dotted line and the color is set to dark gray. The graphical interface has buttons such as single-step execution, continuous execution, add breakpoints, clear breakpoints, pause, enter rung, next rung, jump out of rung, pause, soft reset, debug end, monitoring chart, etc.

监控图表：点击监控图表后会在调试的过程中打开监控图表，可选择六种监控模式，支持查看下位机内部数据地址或寄存器的值，所述寄存器及其作用为本领域的公知常识，不再赘述。Monitoring chart: Clicking the monitoring chart will open the monitoring chart during debugging. Six monitoring modes can be selected, which supports viewing the internal data address or register value of the lower computer. The registers and their functions are common knowledge in the field and will not be repeated here.

显然，本发明的上述实施例仅仅是为清楚地说明本发明技术方案所作的举例，而并非是对本发明的具体实施方式的限定。凡在本发明权利要求书的精神和原则之内所做的任何修改、等同替换和改进等，均应包含在本发明权利要求的保护范围之内。Obviously, the above embodiments of the present invention are merely examples for clearly illustrating the technical solution of the present invention, and are not intended to limit the specific implementation methods of the present invention. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of the claims of the present invention shall be included in the protection scope of the claims of the present invention.