Relay ladder logic considered harmful

Abstract

MIT’s Haystack Observatory employs a 150’ diameter Cold War era radar repurposed from swords (looking for the start of WWIII) to plowshares (studying the ionosphere). In 1978 the radar was cut apart and trucked from its original location at an Air Force base in Hamilton to the Haystack Observatory in Westford and welded back together to begin its second life. At fifty-plus years, it’s fully functional if a bit rusty. Recently, funding was acquired to replace and modernize the radar’s control house, cabling and servo-controls and improve safety with access gate interlocks. What may be of interest is that the servo and safety controls are now executed by a programmable logic controller (PLC). PLC’s (http://en.wikipedia.org/wiki/Programmable_logic_controller ) are programmed in relay ladder logic (RLL), a non-portable, nonprocedural, typeless, visual language (http://en.wikipedia.org/wiki/Ladder_logic ). It’s called relay ladder logic because the program actually looks like a ladder, with rows of relay symbols connected at the edges by two vertical posts, read left to right and top to bottom. The ladder can be tall there can be hundreds to thousands of rungs in a program. After evaluating the Boolean logic in one rung, “true” or “false” is output and fed into the next. The relay ladder logic for the radar was initially coded by a subcontractor using requirements taken from a supplied specification. The more complicated functions needed for analog servo controls were implemented through vendor supplied logic blocks, the equivalent of library calls in functional languages. Vendor logic blocks are “black boxes”, the internal details hidden from the programmer. Safety functions are also handled through vendor supplied logic blocks. My understanding is that the PLC is implemented with dual redundant CPU’s that execute safety assertions in parallel. Each CPU has to agree within 250 milliseconds else a final enable will not be asserted, preventing operation. Safety is not the same thing as functionality however, and a system may be perfectly safe yet not operate correctly, something we discovered during integration. Getting the motor servo block to function correctly requires an understanding of motors, an understanding of what’s going on inside the vendor block, and knowing how the MISA is supposed to operate. During integration a vendor product specialist was brought in as a consultant to sort out motor issues, and the observatory scientists debugged and rewrote significant portions of the delivered ladder logic. To their surprise the scientists discovered race conditions, which got me thinking about the very idea of using relay ladder logic. Ladder logic sits in an unacknowledged area of programming practice, not part of the typical computer science or software engineering curricula. It is frozen in time, unchanged after 50 years of advances in computer science. Today, the very idea of using relay ladder logic, the normality of it, should be surprising to any programmer. Consider if no computer language were invented after FORTRAN, COBOL or Basic, and consider that today’s PLC’s execute much, much faster than the relays they control. Processor clock cycle times have been reduced to the order of tenths of nanoseconds while relay-switching times have remained the same 50 years on on the order of tens of milliseconds. It should be to no surprise that PLC’s are prone to race conditions. There are alternatives to using ladder logic but the alternatives don’t have leverage, at least not in the United States. Visiting the “talk” tab on Wikipedia’s entry on ladder logic one sees the claim that European industry avoids purchasing American technology if their only choice is ladder logic. Instead, Europe uses a combination of IEC Structured Text (IEC 61131), C, and code generated from simulation tools. There is also a claim that ladder logic costs significantly more to implement. It’s not that the industrial controls market is so small it ought to be ignored. Again, according to Wikipedia approximately 50% of the manufacturing capacity in the United States is programmed in RLL. Industrial PLC programming appears to exist in a parallel universe, a “Bizarro world” (http://en.wikipedia.org/wiki/Bizarro_World

DOI: 10.1145/2439976.2439978

Extracted Key Phrases

Cite this paper

@article{Schaefer2013RelayLL, title={Relay ladder logic considered harmful}, author={Robert Schaefer}, journal={ACM SIGSOFT Software Engineering Notes}, year={2013}, volume={38}, pages={8-9} }