Click to enter the Fast Procurement Mini Program ➡️, a bearing industrial control electronic procurement platform with 500,000 registered users and over 5,000 real-time demands updated daily. Why not take a look?
Introduction: A Programming Hazard That Must Be Eradicated
In the programming practice of Programmable Logic Controllers (PLCs), “Double Coil Output” refers to the “repeated use of output addresses,” which means performing multiple assignment operations on the same physical output point or internal storage bit at different locations in the program. For beginners, this may seem like an intuitive way to implement logic, such as starting a motor when condition A is met in one place and also starting it when condition B is met in another. However, this programming method can lead to a series of serious problems under the operational mechanism of PLCs, ranging from logical confusion and erroneous device actions to fatal safety incidents, with potential hazards far exceeding expectations. To fully understand the severity of its consequences, we must start from the most basic working principle of PLCs—the Scan Cycle. This is not only key to understanding the double coil issue but also the foundation for understanding all PLC program behaviors.
The Root of the Problem:
WEEKLY REPORT
In-Depth Analysis of the PLC Scan Cycle
PLCs are not devices that can process all logic in parallel. Their CPUs essentially follow a fixed, repetitive cycle to execute tasks, known as the “Scan Cycle.” Regardless of how complex the program is, it will be broken down into step-by-step operations executed sequentially within this cycle. A typical scan cycle mainly consists of the following core stages:
1. Internal Processing and Self-Diagnosis
At the beginning of each cycle, the PLC performs a quick internal check. This includes checking the hardware status (such as whether the CPU, memory, and I/O modules are functioning normally), communication processing, and battery voltage monitoring. If any fatal errors are detected at this stage, the CPU may enter a stop mode and illuminate the corresponding fault indicator to prevent erroneous programs or hardware states from damaging external devices.
2. Input Sampling Stage
After self-diagnosis, the PLC enters the input sampling stage. At this point, the CPU “freezes” the status of all physical input terminals and reads this instantaneous status snapshot into a specific internal memory area, commonly referred to as the “Process Image Input Table (PII).” It is important to understand that during the entire program execution phase that follows, the input signal states used by the PLC come from this “latched” image area, rather than from real-time physical input terminals. This approach helps avoid logical confusion caused by rapid fluctuations in external input signals during program execution, ensuring consistency in logical processing within a scan cycle.
3. Program Execution Stage
This is the core of the entire scan cycle. The PLC’s CPU starts executing the user program from the beginning (usually network 1 or Rung 0), processing the control program written by the user in a top-down, left-to-right order, instruction by instruction, and logic network by logic network. During execution, the CPU reads the status of input points from the input process image area, performs calculations based on program logic (AND, OR, NOT, timing, counting, etc.), and writes the results into another specific internal memory area—the “Process Image Output Table (PIQ).”
The key point here is: During the program execution stage, the results of any logical operations do not immediately affect the physical output modules. Whether driving a coil, setting a value, or resetting a flag, all operations only modify data in the PLC’s internal RAM, specifically altering the contents of the output process image area.
4. Output Refresh Stage
Once the entire user program has been executed from start to finish, the scan cycle enters the final output refresh stage. In this stage, the PLC updates all states stored in the “Process Image Output Table” to all physical output terminals simultaneously and “in parallel.” In other words, the data in the PIQ is transferred as a whole to the output module’s latches, thereby driving or turning off the corresponding relays, transistors, or thyristors, and controlling external loads such as contactors, solenoid valves, and indicator lights.
After completing the output refresh, the CPU returns to the first step (internal processing and self-diagnosis) to begin a new scan cycle. This process repeats rapidly, with the duration of a scan cycle typically ranging from microseconds (μs) to milliseconds (ms), depending on the PLC’s CPU performance and the complexity of the user program.
Direct Consequences of Double Coil:
WEEKLY REPORT
“Later Covers Earlier” Principle
Understanding the PLC’s scanning mechanism makes the essence of the double coil output problem clear. Since programs are executed sequentially and all output results are first written to the output process image area, when there are two or more coils targeting the same output address (for example, <span>Q0.0</span>), the phenomenon of “later covers earlier” occurs on the storage bit corresponding to that output address in the image area.
Let’s analyze this process through a specific example:
Assume the program has the following two logic networks:
- Network 10:
<span><span>IF I0.0 THEN</span></span><span><span> </span></span><span><span>Q0.0 := 1; (* Start Motor *)</span></span><span><span>END_IF;</span></span>
- Network 50:
<span><span>IF I0.1 THEN</span></span><span><span> </span></span><span><span>Q0.0 := 0; (* Stop Motor *)</span></span><span><span>END_IF;</span></span>
Scenario Analysis: In a certain scan cycle, assume inputs <span>I0.0</span> and <span>I0.1</span> are both ON (i.e., status is 1).
- Input Sampling: The PLC reads
<span>I0.0 = 1</span>and<span>I0.1 = 1</span>at the beginning of its cycle and stores these states in the input process image area. - Program Execution:
-
The CPU starts executing the program and scans to Network 10. It reads the status of
<span>I0.0</span>from the input image area as 1, satisfying the condition. Therefore, the CPU writes “1” to the corresponding storage bit of<span>Q0.0</span>in the output process image area. -
The CPU continues scanning down to Network 50. It reads the status of
<span>I0.1</span>from the input image area as 1, which also satisfies the condition. Thus, the CPU again operates on the corresponding storage bit of<span>Q0.0</span>in the output process image area, writing it to “0”. At this point, the “1” previously written by Network 10 is ruthlessly overwritten.
<span>Q0.0</span> in the output process image area, which is “0”. Therefore, the PLC sets the physical output point <span>Q0.0</span> to OFF.Conclusion: Although the starting condition of Network 10 has been met, the instruction from Network 50 executed later ultimately prevents the motor <span>Q0.0</span> from starting. The actual behavior of the program is entirely determined by the last write operation to that output point. This behavioral pattern is the root cause of all problems caused by double coil outputs.
Hazards:
WEEKLY REPORT
Deep-seated Hazards Caused by Double Coils
Based on the aforementioned “later covers earlier” principle, double coil programming can lead to a series of chain reactions and severe negative consequences in practical industrial applications.
1. Logical Confusion and Unpredictability of the Program
This is the most direct issue. The execution results of the program are no longer solely determined by logical conditions but are strongly correlated with the order of logic networks in the program. This makes the program extremely difficult to understand and maintain. An engineer unfamiliar with the program may see that the condition of Network 10 is satisfied but find that the output <span>Q0.0</span> does not act, leading to confusion and potentially misdirecting troubleshooting efforts towards hardware wiring, output module failures, or even the PLC hardware itself, wasting valuable downtime. The program’s behavior becomes no longer “what you see is what you get” but rather hides “traps” dependent on the scanning order.
2. Intermittent and Unexpected Device Actions
In complex working conditions, the conditions controlling two coils may alternate between different scan cycles. This can lead to seemingly random “flickering” or “jittering” of output points. For example, a conveyor motor may start and stop unexpectedly during production, causing material accumulation or interruptions in the production process. A cylinder may extend or retract at inappropriate times, damaging workpieces or molds. Such unstable control behavior not only reduces production efficiency and product quality but also impacts the equipment itself, accelerating wear on mechanical components (such as contactor contacts and solenoid valve cores) and shortening equipment lifespan.
3. Fatal Safety Risks
This is the most alarming hazard of double coil outputs. In modern industrial safety systems, the determinism and reliability of control logic are fundamental to ensuring personnel safety. Double coil outputs completely undermine this determinism.
Consider a typical safety scenario: A stamping device is controlled by output <span>Q0.1</span>. A safety switch is installed on the safety door of the device <span>I0.3</span>.
- Safety Logic (located in Network 20):
<span><span>IF (NOT I0.3) THEN (* If the safety door is open *)</span></span>Q0.1 := 0; (* Must stop stamping *)<span><span>END_IF;</span></span>
- Normal Production Logic (located in Network 100):
<span><span>IF I0.4 THEN (* If the start button is pressed *)</span></span><span><span> </span></span><span><span>Q0.1 := 1; (* Start stamping *)</span></span><span><span>END_IF;</span></span>
Risk Analysis: Assume that during the operation of the device, the operator opens the safety door (<span>I0.3</span> becomes OFF). During the PLC’s scan cycle, the program executes Network 20, detects that the safety door is open, and sets <span>Q0.1</span> to 0 in the output image area. However, if the start button <span>I0.4</span> is still pressed (or there is a self-locking start signal), the program continues scanning down to Network 100, where the condition is satisfied, and it will again set <span>Q0.1</span> to 1 in the output image area. Ultimately, during the output refresh stage, the stamping device will not stop because the safety stop command is overridden by the subsequent production command! This could directly lead to extremely serious personal injury accidents.
According to functional safety standards such as ISO 13849-1 and IEC 61508, the design of safety-related control systems must avoid any logical ambiguities and uncertainties. Double coil outputs are one of the most serious violations of such standards.
4. Poor Program Extensibility and Portability
When a program filled with double coil outputs needs to be modified or extended, maintenance personnel will face significant challenges. They cannot easily determine what unforeseen impacts modifying one logic will have on other parts of the program. When adding new control logic, they must painstakingly search for all write operations to the relevant output points to ensure that the new logic will not be accidentally overridden. This makes the iterative development of the program extremely costly and prone to introducing new errors.
Solutions:
WEEKLY REPORT
Responses from Modern Programming Environments and Correct Programming Paradigms
Fortunately, almost all modern PLC programming software (such as Siemens TIA Portal, Rockwell Studio 5000, Schneider EcoStruxure Control Expert, etc.) comes with powerful static code analysis features. When compiling the program, if the same address is detected to be used multiple times as an output coil, the compiler will generate a warning or even an error.
Developers must treat these warnings as the highest priority issues to resolve. They must never ignore these warnings just because the program can be downloaded and run. Compiler warnings are the last line of defense against logical errors.
So, what is the correct programming approach? The answer is to follow the “Single Coil Principle”:
In a program (especially in the main program logic block), any output address should only appear once as the target of an output coil or assignment instruction.
If there are indeed multiple conditions that need to control the same output, the correct approach is to logically integrate these conditions, ultimately converging them into one network that drives that unique coil.
Taking the initial motor start-stop example, the correct writing should be:
Integrate all start conditions using “OR” and negate all stop conditions to perform an “AND” operation.
- Integrated Logic Network:
<span><span><span>Q0.0 := (I0.0 OR I0.2 OR ...) AND (NOT I0.1) AND (NOT I0.3);</span></span></span>
In ladder diagram form, this is represented as:
- All start conditions (such as
<span><span>I0.0</span></span>,<span><span>I0.2</span></span>) are connected in parallelto form a start logic branch.
<span><span>I0.1</span></span>, <span><span>I0.3</span></span>) are connected in series.<span><span>Q0.0</span></span> coil.This writing style is clear in logic and unique in structure, with execution results independent of the network’s position in the program, ensuring complete determinism. This is the professional, reliable, and maintainable PLC programming style.
Special Note on SET/RESET Instructions:
Set (SET/Latch) and Reset (RESET/Unlatch) instructions are designed to operate on the same storage bit; they are a special case of the “Single Coil Principle.” The <span>SET</span> instruction sets the target position to 1 and holds it, while the <span>RESET</span> instruction clears it to 0. Although they appear in different locations in the program, their behavior is clearly defined and not a direct logical overwrite. However, even when using SET/RESET, careful planning is necessary to avoid setting the same point under multiple unrelated conditions or creating confusing RESET logic, as this can also introduce uncertainty into the program. In many cases, using standard “start-hold-stop” circuits (self-locking circuits) is more readable and intuitive than using SET/RESET instructions.
Conclusion:
In summary, double coil outputs in PLC programs are an extremely dangerous and unprofessional programming habit. They stem from a misunderstanding of the PLC scanning mechanism and directly lead to logical conflicts of “later covers earlier.” The consequences are catastrophic, ranging from program logical confusion, unexpected device actions, increased maintenance costs, to potential safety function failures and personal injuries.
As a qualified automation engineer, it is essential to strictly adhere to the “Single Coil Principle” in programming practices, skillfully use logical integration to handle complex multi-condition control, and maintain a zero-tolerance attitude towards any relevant warnings from programming software. Writing clear, logically rigorous, and predictable code is not only a responsibility to the equipment and production but also a solemn commitment to the safety of operators’ lives.
Stay tuned for the next exciting issue
