I'm discovering that 3rd party Modbus tester programs offer the option to justify register addresses to 0 or to 1. Presumably this accounts for differences in Modbus implementations between the myriad vendors in the marketplace.

For example, my 40001 register is accessed with command function 03H, at address 0000H - per the Modicon spec. However, some 3rd party programs want to send address 0001H for 40001 register, while others give the user the option to select one or the other.

Can anyone confirm this and also comment on the rationale for any vendor to part company with the Modicon specification? Which vendors?

I'm developing a Modbus slave product and am concerned with its compatibility with customer supplied Modbus master equipment.

Regards,
Steve C.

 

Modbus protocols start counting at 0.
Modicon PLCs start counting at 1.

I'm sure there was some Modicon engineer or manager a decade or more ago that said "people will get confused if we start counting at 0, so we should start counting at 1", and now, decades or more later, we're sitting here confused because half the people start counting at 0 and the other half at 1.

Alex Pavloff - [email protected]
Eason Technology -- www.eason.com

 

Steve,

The addresses always starts from 0 in the protocol, and for some reason PLC's starts from 1.
This is like Pascal language arrays starts from 1.
C language use 0.

That means you are doing it correct.
Protocol function 03 address 0 = 40001.

In the "Modbus Poll" test tool you can select if you want 0 or 1 as base. No matter what you select, the protocol request is equal.

Regards,
Brian
www.wittecom.com

 

In Modbus protocol specyfication (www.modbus.org) the register 40001 has address 0 in Modbus frame. In some devices first register has adres 0 so in Modbus implementation register 1 (40001) has address 1

 

Steve:
There is no rationale in departing from the MODBUS spec (maintained by www.modbus.org now). So please go ahead and implement your slave with address offset starting from 0000H only - most of the standard, popular devices in the market today follow this. As for those products that deviate, they have all the freedom to do it - its upto the customers to make a judicious choice!

Regards,
Ganesh Okade
[email protected]
Sunlux Technologies Ltd.
www.sunlux-india.com

 

I can't speak for anybody else, but I can tell you why we've provided the 0-or-1-based addressing option in our software.

The difference between devices we've encountered isn't how they implement the Modbus protocol, but how the device documentation refers to the registers. Some devices document the Modbus register map of their data using the protocol-level addressing (i.e. holding register 0000). Other devices document register contents using human-convenient addressing (i.e. 40001).

We provide the register addressing option so that users can configure their systems in a way that matches the device documentation, rather than forcing some users to do an off-by-one conversion in their heads - or on paper - while configuring (and later debugging) their systems.

We started doing this after we discovered that one of the most common sources of Modbus configuration error among our clients was the need to translate the documented register addresses for the sake of the configuration software. (The other most common error came from trying to map vendor bit numbering schemes onto registers and register pairs. We've run into several different numbering schemes, sometimes within the same device's documentation!)

As far as developing a device goes, I recommend you implement the spec:
the first register of a data type is specified in a Modbus message as register 0. And if your device contains specific data values at
particular register addresses, your users will thank you for documenting those registers clearly and consistently, and informing them - in great
big letters on every page of the register map - what register numbering scheme you are using.

Hope this helps,

Greg Goodman

 

Thank you Greg,

> I can't speak for anybody else, but I can tell you why we've provided the 0-or-1-based addressing option in our software.
>
> The difference between devices we've encountered isn't how they implement the Modbus protocol, but how the device documentation refers to the registers. Some devices document the Modbus register map of their data using the protocol-level addressing (i.e. holding register 0000). Other devices document register contents using human-convenient addressing (i.e. 40001).
>

If I understand you correctly, your interface software allows a convenient translation between numbering conventions in documentation to prevent user confusion. Your interface can be set up to match the convention adopted by the equipment vendor's documentation. In other words, the interface user can enter a register reference as 40001 OR as 0000 (or maybe as 40000?). In either case a properly formed packet will get sent.

What I meant was that the interface software I've used will either transmit in the Modbus packet a 0000H OR 0001H for register 40001, depending on a selectable option. It's not a matter of converting user naming conventions and tags into an address used by the protocol. It was a matter of actually redefining what the protocol would send for a given single register!

In my mind, I prefer to stick to the naming/ tag convention given by Modicon, that is, internal registers and memory locations are "named" 3000x, 4000x, 1000x, etc. AND always start at 1. Therefore, registers 00000, 10000, 30000, 40000, etc. are NOT valid references. However, protocol register address 0000H IS valid AND corresponds to the 1st register, namely x0001, where x can be 0, 1, 3, 4, etc.

What I think should be in a perfect world (haha) is whenever! an implementor sees a refence to, say register 40001, then the proper address in the Modbus packet to access said register shall be 0000H. No exceptions. But I guess I'm hearing that we don't live in a perfect world - and it's even worse than I thought. Not only do Modbus equipment vendors switch between 0 and 1 based addressing at the protocol level, but they also document the system with inconsistent and confusing naming and tag conventions.

So it should be no wonder that user groups are a necessary part of life in our line of work... sigh

Thanks to all for your kindly offered help.
Steve C.

 

A little history here. The MODBUS protocol is clearly the most used interface between automation devices and all types of computers. It dates from the 1970's as PDP-11's were just beginning to be used for supervisory control.

Many automation device manufacturers, especially PLC suppliers, all over the world wanted to use the MODBUS protocol, but objected to giving Modicon credit. Hence was born a new protocol called J-BUS. I don't know the original source of J-BUS, but I used it on Siemens and Telemechanique PLCs. The J_BUS specification had identical commands to MODBUS, even the same number. But someone decided that index numbering in all programming languages at that time began with 1 not 0. So J-BUS begins its register counting with 1 and MODBUS with 0. Almost all software providers such as for HMI and historian have a MODBUS interface which they adapt to J-BUS by providing a simple zero offset switch.

Dick Caro
============================================
Richard H. Caro, CEO
CMC Associates
2 Beth Circle, Acton, MA 01720
Tel: +1.978.635.9449 Mobile: +1.978.764.4728
Fax: +1.978.246.1270
E-mail: [email protected]
Web: http://www.CMC.us
============================================

 

> If I understand you correctly, your interface software allows
> a convenient translation between numbering conventions in
> documentation to prevent user confusion. Your interface can
> be set up to match the convention adopted by the equipment
> vendor's documentation. In other words, the interface user
> can enter a register reference as 40001 OR as 0000 (or maybe
> as 40000?). In either case a properly formed packet will get sent.

My software has the same switch.

> What I meant was that the interface software I've used will
> either transmit in the Modbus packet a 0000H OR 0001H for
> register 40001, depending on a selectable option. It's not a
> matter of converting user naming conventions and tags into an
> address used by the protocol. It was a matter of actually
> redefining what the protocol would send for a given single register!

That the same thing as what was mentioned. I do the same thing. If "1 based" Modbus is selected, a 1 will be subtracted from any register/coil before sending the command.

> In my mind, I prefer to stick to the naming/ tag convention
> given by Modicon, that is, internal registers and memory
> locations are "named" 3000x, 4000x, 1000x, etc. AND always
> start at 1. Therefore, registers 00000, 10000, 30000, 40000,
> etc. are NOT valid references. However, protocol register
> address 0000H IS valid AND corresponds to the 1st register,
> namely x0001, where x can be 0, 1, 3, 4, etc.

Well in my mind, that's needlessly complicated. If you start counting at 0 everywhere there's no chance of being off by 1.

It all depends on what you're used too, and one would hope the documentation is correct. However, I've written things trying to explain the 0 vs 1 issue, and still, people get confused every single time. Would anyone like to take a gander at explaining this in user terms how to deal with this, and more importantly, what to do when the documentation starts at 0 and Intellution (or something) starts at 1 with no documentation to that effect?

Alex Pavloff - [email protected] Eason Technology -- www.eason.com

 

My guess; Modbus always starts addressing at 0000H and always requires return of two 16-bit words in return (big-endian, little-endian). Most applications can work with only the little-endian portion (16-bit integer) as follows: 0000H(BE), 0001H(LE) at 40001, and the big-endian portion is ignored. The swap bit allows: 0000H(LE), 0001H(BE). The application uses 0000H(LE) at 40000, and again, the big-endian is ignored. Other formats, like IEEE 7.54, utilize both words, to create the floating point value. Here too, the swap bit can be implemented, while additional processing is required to include the big-endian in the calculation. Modscan32 is a download tool which can be explored for implementation of these variations and review of coil and discrete input registering, also.

Here is a link: http://www.win-tech.com/html/modscan32.htm

 

Alex,

How about this?

The value used in a Modbus message to identify the target register or bit in the PLC (or other device) is an OFFSET - not an address as such.

To find the target register etc, this offset must be added to the address of the first element in the target register set. In Modicon standard target systems, this first address is the target is 00001, 10001, 30001, 40001. In some other systems, the starting value may be x0000, y0000, etc. In either case, we do not refer to the initial digit since that is identified by the function code in the Modbus message.

This even works for devices such as the Solartron densitometers, where registers are 32-bit, but must be treared as 2 x 16 bit (so if you want to get 3 registers you must enter a count of 6 into the Modbus message length field.)

Bruce.

 

On March 14, 2003, Alex Pavloff wrote:
> Would anyone like to take a gander at explaining this in user terms
> how to deal with this, and more importantly, what to do when the
> documentation starts at 0 and Intellution (or something) starts at 1
> with no documentation to that effect?


Take a pen and write in the manual, "add 1 to these addresses to give Intellution addresses" or words to that effect. Date and initial.

Your company may have other procedures in this event, but in the absence of such procedures, this seems a reasonable course of action.

Document it also in such other places as make sense - basically, anywhere the addresses are used and it's possible to comment (register maps, electrical drawings, end-user manuals, program source, etc).

Ideally, one would of course prefer to eliminate the existence of two separate (but identical-looking) addressing schemes; but until such time as all programs are procured in source-included form, this will rarely be possible.

Jiri
--
Jiri Baum <[email protected]> http://www.csse.monash.edu.au/~jirib
MAT LinuxPLC project --- http://mat.sf.net --- Machine Automation Tools

 

Steve Ciricillo wrote:
> What I think should be in a perfect world (haha) is whenever! an
> implementor sees a refence to, say register 40001, then the proper
> address in the Modbus packet to access said register shall be 0000H.
> No exceptions. ...

Yup, that's what I've always seen. 40001 (or 400001) = 0.

I haven't run across the 40001 = 1, and since most user's never see the actual protocol on the wire this isn't really needed. I hadn't heard about the JBus starting only at 1 only, but then I rarely hear JBus mentioned in any current context.

best regards

Lynn August Linse
IA Firmware Specialist, Digi Int'l (www.digi.com)

 

> We provide the register addressing option so that users can configure
> their systems in a way that matches the device documentation, rather
> than forcing some users to do an off-by-one conversion in their heads -
> or on paper - while configuring (and later debugging) their systems.

This is a good argument for the 0 or 1 setting. I haven't seen any devices mapping 400001 to 1, but I have (as you say) seen many devices that document (as you point out) as holding registers 0 to X, but then are forced to use a software that requires the (40000 + x + 1) notation.

The other option is to create 2 columns to show the 0-N and 40001-4000N+1 explicitly.

Regards
- Lynn