Most complex PLC program?

Talking about programmers trying to make their software so complicated and difficult for other programmers to decipher, some time ago I was asked to modify a program that controlled some conveyors 22 in all, The original programmer had created a standard function block (S5) with many calls throughout the program. The FB used a timer passed to it as a value i.e. decimal 1 so on that call timer 1 was addressed by using indirect addressing (if you understand what I mean). However S5 timers were limited to 0-255, the values passed as the timer number all started at 257, for a while this foxed me then I realised that what they had done was try to hide the fact the actual timer was timer 1 as the timers are addressed as 8 bit word 257 = hi byte = 1 low byte = 1 and as call to the timer indirectly only used the lower byte Easy when you know but at first glance why point to it like this when 1 would be the timer number, why not just pass a 1. It became obvious that the programmer had tried to hide the actual addresses and found other instances of this by using values in DB's to point to other memory however he had passed the values for say a DB at a value larger than the actual DB and subtracted a value i.e. for DB 100 he had passed a value of 400, in the function block subtracted 300 then called the DB indirectly. Another one was to code MC5 instructions in a Data Word then process the instruction within the FB. this was a case of deliberately trying to hide the code.
 
I always wanted to get the opportunity to get into the UPS air distribution center in Louisville, KY or FedEx's in Memphis, TN. I was at a hotel next to the Louisville airport and could not count the UPS jets landing there were so many, the number of daily packages would be impressive.

All those conveyors tied together with hundreds of discharge points, multi-level storage, package tracking (in, out & moves), logging, etc. Those must be some pretty complex systems.

I talked to some of the Rockwell guys that were involved in upgrading Fedex Memphis from their old PLC-3 redundant PLCs to Controllogix. It was pretty amazing.
 
I have done that myself but not trying to, just more like not fully understanding what I am doing before I jump in a start with the program

http://www.plctalk.net/qanda/showthread.php?t=26650

Yep I had another one that was even more complex.
While I was commissioning a plant for a major food company I was asked to look at a cooking process (hydrostatic) not mentioning the name of the original supplier but it relates to a bird with long legs & neck.
They had lost the program due to failed battery and powered it down for maintenance, they had a copy of the source code, tried to load it but it failed on memory full. I looked into it and found the program and data was larger than the memory, this stumped me for a while, however I found that they generated an enormous DB in cold start up, the technicians often backed up the DB's to the master disk. The programmer had on cold start ran some code that checked for amount of free space then generated a DB large enough to fill the memory, this was done to create a block used as a print buffer just in case the printer failed (critical process so evidence was required for food safety).
The code was quite clever so I assume the OEM had used a Siemens guy who knew many of the MC5 instructions not commonly known. Deleting the block then downloading allowed the code to be loaded, however it would not go into run. It turned out that even though the program was complete the start up sequence had to be done via the PG and run/stop switch, cannot remember the sequence but something like power up in stop mode, switch to run then to stop the warm start via PG. Looking at some of the other code the programmer had used absolute jumps over segments so any change of code would require these jumps to be re-entered. there were also MC5 instructions i.e. generated on the fly to operate code so potentially a self modifying code.
an example is (not actual code) a Data word would be populated with a hex value as a MC5 instruction for example And I 0.0 and by processing the instruction would test input 0.0, in essence depending on the values set in the DW in the program it would indirectly process the DW as an instruction i.e. on the fly it could use any input depending on the logic before it. Very dangerous in my opinion but this guy certainly knew his S5.
 
Speak of.... I was involved with one RSLogix 500 program that was one ladder, ladder 2 and it was almost 2000 rungs long, that boy should of been taken to the back behind the barn and beat with a hickory stick

I'm "updating" one now - PLC5/20C (controlnet), an Ultra3000i and a 250hp AB Impact VFD all connected via devicenet. Everything in program #2. Believe you me, I'm making minimal changes and backing up every change.
 
I've done many different things, but one of the more special was calculating the setpoint for a machine that make holes and cuts into endless coil steel.

It started with a call from the salesrep. of PLC systems who asked if I could help, as one of his customers had trouble calculating the setpoint in a new machine he was making.

It sounded interesting, so I said yes and contacted the customer.
It turned out that it was a bit more complicated, as 30 recipes had to be entered in the HMI panel and each recipe containing a distance of up to 150 jobs, distributed using the 25 tools in the machine. The 25 tools in the machine did not sit at the same distance and a tool could be used several times in the same item. It should be possible from the panel to select a production of up to 500 items with 2 active recipes simultaneously, and up to 15 items was in the machine at the same time.
For all the active items in the machine, a setpoint for step forward has to be calculated 2.5 times per second, and new items were continuously added as it was coil steel.

The PLC program therefore had to recalculate data for every 400ms for all holes in active items so that the distance to the next tool was calculated and the shortest distance was passed as set point. The calculation included up to 750,000 REAL data words, so calculation was done in separate PLC with very powerful CPU.

The job succeeds after some time to find the solution and a lot of testing. :p
 

Similar Topics

I have my L5K file imported into my project, and the tags I need in the "available addresses". Is there a way to access my PLC tags in a complex...
Replies
2
Views
2,910
Yes it's very legacy.. but sometimes it's necessary to use old stuff for fun.. and because it's so much cheaper. Crimson 3.0 had the ability to...
Replies
4
Views
1,573
Hello all, I am fairly new to programming HMI's and am working with Crimson 3.1 for the first time. I am trying to recreate an annunciator of...
Replies
12
Views
6,271
I have this complex code tag that returns as a string variable. For some reason it returns the two strings with a ?? between them -- not the...
Replies
2
Views
3,469
Hello, I have 6 RTUs all with the same program load. I am trying to setup my HMI with one set of data tags and one set of screens and use a...
Replies
7
Views
5,773
Back
Top Bottom