MODBUS Slave Protocol
Smart LCD MODBUS Salve Product can be accessed by MODBUS Master devices for real-time control and access.
Basic
MODBUS Communication
The MODBUS is a protocol, which is used to communicate between a host and one or multiple slave devices. Over the Modbus the host is able to communicate with up to 254 slaves. It can read or write data areas on these devices. The SMART LCD is operated as such a slave device. There are mainly two modes of communication: The binary RTU Mode and the ASCII Mode. The SMART LCD is operating in RTU Mode. Therefore, we only describe the RTU mode within this document.
The host issues a package, which consists of:
- An 8 Bit Device Address, to indicate which slave device shall be addressed
- An 8 Bit Function Code, to tell the addressed slave which data area is read or written
- Specific data, like addresses and data values
- A 2-Byte Error Check CRC to determine, whether the previous data are correct
| < - - - - - - - - - - - - - - - - - - - - MODBUS Package - - - - - - - - - - - - - - - - - - - - > | |||
|---|---|---|---|
Device Address (1byte) |
Function Code (1byte) |
Data (252bytes(max.)) |
Error Check (2bytes) |
| < - - - - - - - - - - MODBUS Frame - - - - - - - - - - > | |||
When the host receives the previous frame reply from the slave device, the host needs an interval of 5ms before it can continue to send the next frame command. Since the SMART LCD is a Modbus slave device, a device address must be assigned to it. This address will be defined while designing the GUI with TOPWAY’s SGTools.
MODBUS Function Codes
| MODBUS Function Code | Function Definition | Address Range | Object Type |
| 0x03 | Read Multiple Holding Registers | 0x0000 ~ 0xFFFF | 2 Bytes |
| 0x06 | Write Single Holding Register | 0x0000 ~ 0xFFFF | 2 Bytes |
| 0x10 | Write Multiple Holding Registers | 0x0000 ~ 0xFFFF | 2 Bytes |
| 0x11 | Report Slave ID | ||
| 0x14 | Read File Record | 1 File with 2048 Records of 128 Byte | |
Address Mapping
To access memory locations in the SMART LCD the host has to issue a Read or Write function, which includes a specific address. Each Read or Write function accesses a 2-Byte location within an area of up to 64k words. Since the multiple data areas (N16, N32, N64, etc.) are together larger than 64k Words, the different memory areas are separated into pages. To select a specific page the Modbus Page Map Register must be written with the page number. The Page Map Register is located within the set of Special Function Registers. The Special Function Registers (SFR) are accessible on all pages at the same location. They are placed within the final 4k words of all pages.
In SGTools, MENU --> View --> Show Modbus Holding Register Address can show up the VPs corresponding MODBUS ADDRESS for the display UI.
Relationship between MODBUS PAGE:addresses and the SMART LCD VPs
| VP type | SMART LCD VP Address | Modbus PAGE: Address | note |
| VP_STR | 0x000000, 0x000080 - 0x01DF80 | 0:0x0000, 0:0x0040 - 0:0xEFC0 | |
| VP_N32 | 0x020000, 0x020004 - 0x02FFDC | 1:0x0000, 1:0x0002 - 1:0x7FEE | |
| TIMER COUNTER | 0x02FFE0, 0x02FFE4 - 0x02FFFC | 1:0x7FF0, 1:0x7FF2 - 1:0x7FFE | Timer 0, Timer 1 - Timer 7 |
| VP_N64 | 0x030000, 0x030008 - 0x03FFF8 | 6:0x0000, 6:0x0004 - 6:0x7FFC | |
| VP_N16 | 0x080000, 0x080002 - 0x08FFFE | 4:0x0000 - 4:0x7FFF | |
| VP_BMP | 0x040000 - 0x05DFFE | 2:0x0000 - 2:0xEFFF | |
| VP_G16 | 0x060000 - 0x06EFFF | 3:0x0000 - 3:0xEFFF | |
| VP_Flash | 120kB Flash memory | 5:0x0000 - 5:0xEFFF | remain unchanged even after power down |
| VP_REG | 0xFFF000 - 0xFFFFFF | -- | VP_Reg can not be accessed directly via MODBUS |
| SFR | -- | n:0xF000 - n:0xFFFF | SFR provide direct access of some VP_REG functions |
Modbus Function Codes Details
The SMART LCD supports five different Modbus functions. After the host issues such a function the SMART LCD will:
- Check whether the Modbus address sent by the host matches the Modbus address assigned to the SMART LCD
- Decode command and total data count
- Check if CRC of received data is correct
- Check if command is valid
- Check if data count, address range and data are valid
- If all data were valid, update internal memory or retrieve data from memory and reply host with the corresponding success message
- If there was an error within these data, reply the host with an error message and apply one of four possible error codes
Function Code 0x03 - “Read Multiple Holding Registers”
This function code allows the host to read up to 250 Bytes from the memory (VP and SFR) of the SMART LCD at once.
| Data Byte Index | Data Description | Byte Count | Valid Range |
|---|---|---|---|
| 0 | Modbus Device Address | 1 | 0x01 … 0xF7 |
| 1 | Function Code | 1 | 0x03 |
| 2 | Start Address
pointing to address of currently selected page within the SMART LCD |
2 | 0x0000 … 0xFFFF |
| 4 | Quantity of 16 Bit data values to be read | 2 | 0x0001 … 0x007D |
| 6 | CRC | 2 | 0x0000 … 0xFFFF |
| Data Byte Index | Data Description | Byte Count | Valid Range |
|---|---|---|---|
| 0 | Modbus Device Address | 1 | 0x01 … 0xF7 |
| 1 | Function Code | 1 | 0x03 |
| 4 | Byte Count N | 1 | 0x02 … 0xFA (must be an even number, must be double of the requested Quantity of 16 Bit values) |
| 6 | N Bytes of data | N | 0x00 … 0xFF |
| 6 + N | CRC | 2 | 0x0000 … 0xFFFF |
| steps | Host to Smart LCD | Smart LCD to Host | Descriptions |
|---|---|---|---|
| 1 | Host send | 01 06 F0 01 00 01 2A CA | |
| 2 | Smart LCD reply | 01 06 F0 01 00 01 2A CA | Switch MOMDUB PAGE; It is not necessary for reading operation on every time |
| 3 | Host send | 01 03 00 00 00 02 C4 0B | Read the data |
| 4 | Smart LCD reply | 01 03 04 33 44 11 22 39 2B |
Example. Read 32bit Number Variables: Step 1: TX: 01 06 F0 01 00 01 2A CA RX: 01 06 F0 01 00 01 2A CA Step 2: TX: 01 03 00 00 00 02 C4 0B RX: 01 03 04 33 44 11 22 39 2B Step one is switch Modbus memory page, step two is read data, and the step one is not necessary for reading operation on every time. Number value is 0x11223344.
Accessing the Smart LCD
To access data the host should do following steps using the Modbus protocol:
- Use “Write Single Holding Register” with function code (0x06) to address 0xF001 and the data value of the desired memory page (0x01 … 0x05)
- Write to or read from the desired address within the selected page with: “Read Multiple Holding Registers” with function code (0x03) “Write Single Holding Register” with function code (0x06) "Write Multiple Holding Registers” with function code (0x10)
Each Modbus address holds 16 Bit of data. Therefore, it might be necessary to read multiple address locations:
- STR, up to 64 consecutive accesses might be necessary to read an entire string, One single access will manipulate two characters.
- N16, just one access is necessary to access one N16 variable. Multiple N16 variables might be accessed with a single Modbus command.
- N32, two accesses are necessary to access one N32 variable. Multiple N32 variables might be accessed with a single Modbus command.
- N64, four accesses are necessary to access one N64 variable. Multiple N64 variables might be accessed with a single Modbus command.
- Bitmap, one access can manipulate 16 pixels of a bitmap variable. Multiple pixels might be accessed with a single Modbus command.
- Graph, one access can manipulate one data point of a graph. Multiple data points might be accessed with a single Modbus command.
“Read Multiple Holding Registers” with function code (0x03) allows accessing of up to 125 consecutive address locations at once, with each location holding two Bytes of data.
“Write Multiple Holding Registers” with function code (0x10) allows accessing of up to 123 consecutive address locations at once, with each location holding two Bytes of data.
Access to the Special Function Registers, which are mapped to all pages, should not exceed the required Byte count assigned to each SFR. In such a case the SMART LCD would reply the host with an error message.
Note: Since the Modbus protocol uses a “Big-Endian” representation of data, the first Byte of each 16 Bit word represents the upper 8 Bit of the data word. In contrary the memory organization of the SMART LCD is “Little-Endian” requiring the host to swap upper and lower Byte of each transaction.
