Feature or Fault?

[rossw]

I bought a bunch of webcontrol boards earlier this year for a project (about 20), but by the time they got here the project was delayed and ultimately cancelled, so I got stuck with a bunch of boards.

I used some a couple of weeks ago on another project, sent them off (internationally), where they arrived today and were installed. Due to an electrician misinterpreting some instructions a couple of limitswitch inputs and two relay outputs were inverted. No problem, thought, so connected to the (running) boards, and checked the "State Inverted" checkbox on the affected inputs. Clicked "Send" and..... well, we almost had a catastrophic indicent with the hydraulics.... without any warning, ALL the variables were cleared back to zero! Sure, the input state inverted, but WTF is with all the variables being cleared???!

Having recovered from that heart-attack, I did the outputs and it's exactly the same!

If the program restarted it wouldn't be quite so bad - I have coded around initialising variables and testing for hydraulic pressure etc in my code - but when everything gets just cleared to zero - it's a disaster!

Is it just me?? This happened on one board, but I confirmed it on 3 others. (100% of the ones online with this code).
It's only 3.02.07, but not very old. (I can find little or no information on what changes from one version of the code to the next, so there's no indication what has been fixed (or broken) between versions.

 

[CAI_Support]

Hi Ross,

3.2.07 is the first version firmware for the hardware rev 2.2.2 board. That was released in July 2011. Since then, there are many fixes had done to the firmware.
The behavior your described is not abnormal, since the firmware will restart the I/O sub logic when the invert state is changed and saved. We should add warning that when
save any configuration, WebControl could restart its subsystems, including reset all the variables, rescan all the temp sensors.

We do strongly recommend to get latest firmware update for your boards. There are many enhancements in the latest firmware since the version you have.

Sincerely,
Support Team
CAI Networks, Inc.

 

[rossw]

The behavior your described is not abnormal, since the firmware will restart the I/O sub logic when the invert state is changed and saved. We should add warning that when save any configuration, WebControl could restart its subsystems, including reset all the variables, rescan all the temp sensors.

Restarting the I/O subsystem seems to me to be somewhat overkill for the fairly trivial task implied (I expect you just XOR the input/output word with a mask), but to be brutally honest - if you're going to restart the PART of the system, you'd be better off to restart the ENTIRE system. Those of us controlling real-world hardware, and who take steps to avoid DAMAGING THINGS by ensureing I/O, variables etc are set appropriately during startup have just had all that effort and care (silently) taken away from us by the knowledge that you can AND DO totally overwrite these things arbitarily and without any ability for us, as programmers, to know about.

How about, if you don't want to restart the WHOLE thing, at least making the PLC code call a powerup or iorestart or something subroutine, so we can tidy up the mess??

 

[CAI_Support]

Ross,

Thanks for the suggestion. If everyone like the idea that any configuration change will restart the ENTIRE system, we can do that way. Right now, only network configuraiton change will restart ENTIRE system, others only restart the portion of logic related to the subsystem being saved.

For all other subsystem, this is not a problem. However, for the I/O subsystem, if the I/O is inverted, the change in logic could have totally different result during restart. If I/O is not inverted, this is not a problem. If I/O is inverted, users must test to make sure all situations, including accidently lost power or power coming back, will not cause any harm. The relay board with invert input must also test to make sure when Webcontrol lost power, the output logic 0 will NOT be in high state, the relay board must be able to handle that case.

When power applied, WebControl's output is disabled for half second during power up. The invert output will not get the high level output, rather stay low during that period of time. Inverted input has no delay during power up.

With all those consideration, do you still think it is best to restart the entire system for any configuraiton saved? Please consider that restart ENTIRE system will reset all the VARs and RAMs in PLC as well. PLC logic is running in an endless lop. Do you think put a PLC logic actually help?

 

[rossw]

if the I/O is inverted, the change in logic could have totally different result during restart.

Yes, but the current situation - of simply clearing all the variables - is equally dangerous. For example, where this bit me - without any warning at all, all the counters were cleared. This caused my program to think the hydraulics were in the wrong position and tried to move 4 tons of actuator - without any chance of ever stopping, because the times were all cleared!

When power applied, WebControl's output is disabled for half second during power up. The invert output will not get the high level output, rather stay low during that period of time. Inverted input has no delay during power up.

"disabled" is not the same as "set low". Which is it? The plethora of output boards available at the moment all seem to be active-low. Those that use optoisolators would be fine with "disabled" (hi-Z), but NOT with an output driven low (TTL-0).

With all those consideration, do you still think it is best to restart the entire system for any configuraiton saved? Please consider that restart ENTIRE system will reset all the VARs and RAMs in PLC as well. PLC logic is running in an endless lop. Do you think put a PLC logic actually help?

I actually think that fixing the thing so it doesn't reset the VARs and RAMs would be the "correct" answer. It might be expedient for you to just restart, but seriously - why isn't the input/output word simply XORed with the invert word? That shouldn't require restarting anything. I grant you, it might cause some temporary odd behaviour with I/O that uses the [time] test condition, but that should recover soon enough.

 

[rossw]

Actually, there's another possibility here that would require you to do the minimum amount of rework and would allow people who are affected by this to take action(s) necessary, and that would be to introduce a new class of either test conditions or flags.

A simple status word where you set a register to different values to indicate what you might have restarted....
eg, status set to 1 would indicate an I/O subsystem restart, 2 might be network restart, 4 might be temperature sensor changes, etc.

This might be a good oportunity to add flags for NTP synchronised, ethernet link up etc.

 

[CAI_Support]

Because the memory limitation, we can not have all the I/O and vars, rams stored twice to XOR one at a time. Since each input/output and var also have a 32bit counter associated with it for the non-blocking delays. The problem is not just restart the I/O subsystem after modify configuraiton. What if the power lost during the middle of operation, would that cause problem? Maybe we can figure out how is the best way to have fail-safe during power loss, since that is similar like restart whole board.

 

[CAI_Support]

Ross,

Keep thinking this problem. I think for output inverted, you may want to have one TTL output not inverted, then inside your PLC code only make that TTL output high when all variables and logic ready. Then using this TTL output high as indication for output ready to your relay board. If this ready bit is not high, relay board does not actuate any quipment.

In this way, your PLC logic can control if the ready bit is set, so that any disaster can be avoided.