IEC 62541-10:2020

IEC 62541-10 ®
Edition 3.0 2020-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
OPC unified architecture –
Part 10: Programs
Architecture unifiée OPC –
Partie 10: Programmes
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.

IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary

(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and Definitions clause of
IEC publications issued since 2002. Some entries have been
IEC Customer Service Centre - webstore.iec.ch/csc collected from earlier publications of IEC TC 37, 77, 86 and
If you wish to give us your feedback on this publication or CISPR.

need further assistance, please contact the Customer Service

Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Recherche de publications IEC - Electropedia - www.electropedia.org
webstore.iec.ch/advsearchform Le premier dictionnaire d'électrotechnologie en ligne au
La recherche avancée permet de trouver des publications IEC monde, avec plus de 22 000 articles terminologiques en
en utilisant différents critères (numéro de référence, texte, anglais et en français, ainsi que les termes équivalents dans
comité d’études,…). Elle donne aussi des informations sur les 16 langues additionnelles. Egalement appelé Vocabulaire
projets et les publications remplacées ou retirées. Electrotechnique International (IEV) en ligne.

IEC Just Published - webstore.iec.ch/justpublished Glossaire IEC - std.iec.ch/glossary
Restez informé sur les nouvelles publications IEC. Just 67 000 entrées terminologiques électrotechniques, en anglais
Published détaille les nouvelles publications parues. et en français, extraites des articles Termes et Définitions des
Disponible en ligne et une fois par mois par email. publications IEC parues depuis 2002. Plus certaines entrées
antérieures extraites des publications des CE 37, 77, 86 et
Service Clients - webstore.iec.ch/csc CISPR de l'IEC.

Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 62541-10 ®
Edition 3.0 2020-07
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
OPC unified architecture –
Part 10: Programs
Architecture unifiée OPC –
Partie 10: Programmes
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40; 35.100.05 ISBN 978-2-8322-8576-3

– 2 – IEC 62541-10:2020 © IEC 2020
CONTENTS
FOREWORD . 4
1 Scope . 6
2 Normative references . 6
3 Terms, definitions and abbreviated terms . 6
3.1 Terms and definitions . 6
3.2 Abbreviated terms . 7
4 Concepts . 7
4.1 General . 7
4.2 Programs . 8
4.2.1 Overview . 8
4.2.2 Security considerations . 9
4.2.3 Program Finite State Machine . 9
4.2.4 Program states . 10
4.2.5 State transitions . 11
4.2.6 Program state transition stimuli . 11
4.2.7 Program Control Methods . 11
4.2.8 Program state transition effects . 12
4.2.9 Program result data . 12
4.2.10 Program lifetime . 13
5 Model . 14
5.1 General . 14
5.2 ProgramStateMachineType . 14
5.2.1 Overview . 14
5.2.2 ProgramStateMachineType Properties . 15
5.2.3 ProgramStateMachineType components . 16
5.2.4 ProgramStateMachineType causes (Methods) . 20
5.2.5 ProgramStateMachineType effects (Events) . 22
5.2.6 AuditProgramTransitionEventType . 24
5.2.7 FinalResultData . 25
5.2.8 ProgramDiagnostic2 DataType . 25
5.2.9 ProgramDiagnostic2Type VariableType . 26
Annex A (informative) Program example . 27
A.1 Overview. 27
A.2 DomainDownload Program . 27
A.2.1 General . 27
A.2.2 DomainDownload states . 28
A.2.3 DomainDownload transitions. 28
A.2.4 DomainDownload Methods . 29
A.2.5 DomainDownload Events . 30
A.2.6 DomainDownload model . 30

Figure 1 – Automation facility control . 8
Figure 2 – Program illustration . 9
Figure 3 – Program states and transitions . 10
Figure 4 – Program Type . 14

Figure 5 – Program FSM References . 16
Figure 6 – ProgramStateMachineType causes and effects . 20
Figure A.1 – Program example . 27
Figure A.2 – DomainDownload state diagram . 28
Figure A.3 – DomainDownloadType partial state model . 35
Figure A.4 – Ready To Running model . 38
Figure A.5 – Opening To Sending To Closing model . 40
Figure A.6 – Running To Suspended model . 41
Figure A.7 – Suspended To Running model . 42
Figure A.8 – Running To Halted – Aborted model . 42
Figure A.9 – Suspended To Aborted model . 43
Figure A.10 – Running To Completed model . 44
Figure A.11 – Sequence of operations . 45

Table 1 – Program Finite State Machine . 10
Table 2 – Program states . 11
Table 3 – Program state transitions . 11
Table 4 – Program Control Methods . 12
Table 5 – ProgramStateMachineType . 15
Table 6 – Program states . 17
Table 7 – Program transitions . 18
Table 8 – ProgramStateMachineType causes . 21
Table 9 – ProgramTransitionEventType . 22
Table 10 – ProgramTransitionEvents . 23
Table 11 – AuditProgramTransitionEventType . 24
Table 12 – ProgramDiagnostic2DataType structure . 25
Table 13 – ProgramDiagnostic2DataType definition . 26
Table 14 – ProgramDiagnostic2Type VariableType . 26
Table A.1 – DomainDownload states . 29
Table A.2 – DomainDownload Type . 31
Table A.3 – Transfer State Machine Type . 32
Table A.4 – Transfer State Machine – states . 33
Table A.5 – Finish State Machine Type . 33
Table A.6 – Finish State Machine – states . 34
Table A.7 – DomainDownload Type Property Attributes variable values . 34
Table A.8 – Additional DomainDownload transition types . 36
Table A.9 – Start Method additions . 38
Table A.10 – StartArguments . 39
Table A.11 – IntermediateResults Object . 40
Table A.12 – Intermediate result data Variables . 41
Table A.13 – FinalResultData . 43

– 4 – IEC 62541-10:2020 © IEC 2020
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
OPC UNIFIED ARCHITECTURE –
Part 10: Programs
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as "IEC
Publication(s)"). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
IEC 62541-10 has been prepared by subcommittee 65E: Devices and integration in enterprise
systems, of IEC technical committee 65: Industrial-process measurement, control and
automation.
This third edition cancels and replaces the second edition published in 2015.
This edition includes several clarifications and in addition the following significant technical
changes with respect to the previous edition:
a) Changed ProgramType to ProgramStateMachineType. This is in line with the NodeSet
(and thus implementations). In ProgramDiagnosticDataType: changed the definition of
lastInputArguments and lastOutputArguments and added two additional fields for the
argument values. Also changed StatusResult into StatusCode. Created new version of the
type to ProgramDiagnostic2DataType.
b) Changed Optional modelling rule to OptionalPlaceHolder for Program control Methods.
Following the clarification in IEC 62541-3, this now allows subtypes (or instances) to add
arguments.
The text of this standard is based on the following documents:
FDIS Report on voting
65E/719/FDIS 65E/735/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
Throughout this document and the other parts of the IEC 62541 series, certain document
conventions are used:
Italics are used to denote a defined term or definition that appears in Clause 3 in one of the
parts of the series.
Italics are also used to denote the name of a service input or output parameter or the name of
a structure or element of a structure that are usually defined in tables.
The italicized terms and names are also, with a few exceptions, written in camel-case (the
practice of writing compound words or phrases in which the elements are joined without
spaces, with each element's initial letter capitalized within the compound). For example the
defined term is AddressSpace instead of Address Space. This makes it easier to understand
that there is a single definition for AddressSpace, not separate definitions for Address and
Space.
A list of all parts of the IEC 62541 series, published under the general title OPC Unified
Architecture, can be found on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 6 – IEC 62541-10:2020 © IEC 2020
OPC UNIFIED ARCHITECTURE –
Part 10: Programs
1 Scope
This part of IEC 62451 defines the information model associated with Programs in the OPC
Unified Architecture. This includes the description of the NodeClasses, standard Properties,
Methods and Events and associated behaviour and information for Programs.
The complete Address Space model including all NodeClasses and Attributes is specified in
IEC 62541‑3. The Services such as those used to invoke the Methods used to manage
Programs are specified in IEC 62541‑4.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and
are indispensable for its application. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any
amendments) applies.
IEC TR 62541‑1, OPC Unified Architecture – Part 1: Overview and Concepts
IEC 62541‑3, OPC Unified Architecture – Part 3: Address Space Model
IEC 62541‑4, OPC Unified Architecture – Part 4: Services
IEC 62541‑5, OPC Unified Architecture – Part 5: Information Model
IEC 62541‑7, OPC Unified Architecture – Part 7: Profiles
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC TR 62541-1,
IEC 62541-3 and the following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1.1
function
programmatic task performed by a Server or device, usually accomplished by computer code
execution
3.1.2
finite state machine
sequence of states and valid state transitions along with the causes and effects of those state
transitions that define the actions of a Program in terms of discrete stages
3.1.3
ProgramStateMachineType
type definition of a Program and is a subtype of the FiniteStateMachineType
3.1.4
program control method
Method having specific semantics designed for the control of a Program by causing a state
transition
3.1.5
program invocation
unique Object instance of a Program existing on a Server
Note 1 to entry: A Program Invocation is distinguished from other Object instances of the same
ProgramStateMachineType by the object node’s unique browse path.
3.2 Abbreviated terms
DA data access
FSM finite state machine
HMI human–machine interface
UA Unified Architecture
4 Concepts
4.1 General
Integrated automation facilities manage their operations through the exchange of data and the
coordinated invocation of system Functions as illustrated in Figure 1. Services are required to
perform the data exchanges and to invoke the Functions that constitute system operation.
These Functions may be invoked through Human Machine Interfaces, cell controllers, or other
supervisory control and data acquisition type systems. OPC UA defines Methods and
Programs as an interoperable way to advertise, discover, and request these Functions. They
provide a normalizing mechanism for the semantic description, invocation, and result
reporting of these Functions. Together Methods and Programs complement the other OPC UA
Services and ObjectTypes to facilitate the operation of an automation environment using a
client-server hierarchy.
– 8 – IEC 62541-10:2020 © IEC 2020

Figure 1 – Automation facility control
Methods and Programs model Functions typically have different scopes, behaviours, lifetimes,
and complexities in OPC Servers and the underlying systems. These Functions are not
normally characterized by the reading or writing of data which is accomplished with the OPC
UA Attribute service set.
Methods represent basic Functions in the Server that can be invoked by a Client. Programs,
by contrast, model more complex and stateful functionality in the system. For example, a
method call may be used to perform a calculation or reset a counter. A Program is used to run
and control a batch process, execute a machine tool part program, or manage a domain
download. Methods and their invocation mechanism are described in IEC 62541‑3 and
IEC 62541‑4.
This document describes the extensions to, or specific use of, the core capabilities defined in
IEC 62541‑5 as required for Programs.
4.2 Programs
4.2.1 Overview
Programs are complex Functions in a Server or underlying system that can be invoked and
managed by a Client. Programs can represent any level of functionality within a system or
process in which Client control or intervention is required and progress monitoring is desired.
Figure 2 illustrates the model.

Figure 2 – Program illustration
Programs are stateful and transition through a prescribed sequence of states as they execute.
Their behaviour is defined by a Program Finite State Machine (PFSM). The elements of the
PFSM describe the phases of a Program’s execution in terms of valid transitions between a
set of states, the stimuli or causes of those transitions, and the resultant effects of the
transitions.
4.2.2 Security considerations
Since Programs can be used to perform advanced control algorithms or other actions, their
use should be restricted to personnel with appropriate access rights. It is recommended that
AuditUpdateMethodEvents are generated to allow monitoring the number of running Programs
in addition to their execution frequency.
4.2.3 Program Finite State Machine
The states, transitions, causes and effects that compose the Program Finite State Machine
are listed in Table 1 and illustrated in Figure 3.

– 10 – IEC 62541-10:2020 © IEC 2020
Table 1 – Program Finite State Machine
No. Transition name Cause From state To state Effect
Report Transition 1
1 HaltedToReady Reset Method Halted Ready
Event/Result
Report Transition 2
2 ReadyToRunning Start Method Ready Running
Event/Result
Halt Method or Report Transition 3
3 RunningToHalted Running Halted
Internal (Error) Event/Result
Report Transition 4
4 RunningToReady Internal Running Ready
Event/Result
Suspend Report Transition 5
5 RunningToSuspended Running Suspended
Method Event/Result
Report Transition 6
6 SuspendedToRunning Resume Method Suspended Running
Event/Result
Report Transition 7
7 SuspendedToHalted Halt Method Suspended Halted
Event/Result
Report Transition 8
8 SuspendedToReady Internal Suspended Ready
Event/Result
Report Transition 9
9 ReadyToHalted Halt Method Ready Halted
Event/Result
Figure 3 – Program states and transitions
4.2.4 Program states
A standard set of base states is defined for Programs as part of the Program Finite State
Machine. These states represent the stages in which a Program can exist at an instant in time
as viewed by a Client. This state is the Program’s current state. All Programs shall support
this base set. A Program may or may not require a Client action to cause the state to change.
The states are formally defined in Table 2.

Table 2 – Program states
State Description
Ready The Program is properly initialized and may be started.
Running The Program is executing making progress towards completion.
The Program has been stopped prior to reaching a terminal state but may be
Suspended
resumed.
Halted The Program is in a terminal or failed state, and it cannot be started or resumed
without being reset.
The set of states defined to describe a Program can be expanded. Program sub states can be
defined for the base states to provide more resolution of a process and to describe the cause
and effect(s) of additional stimuli and transitions. Standards bodies and industry groups may
extend the base Program Finite State Model to conform to various industry models. For
example, the Halted state can include the sub states "Aborted" and "Completed" to indicate if
the Function achieved a successful conclusion prior to the transition to Halted. Transitional
states such as "Starting" or "Suspending" might also be extensions of the Running state, for
example.
4.2.5 State transitions
A standard set of state transitions is defined for the Program Finite State Machine. These
transitions define the valid changes to the Program’s current state in terms of an initial state
and a resultant state. The transitions are formally defined in Table 3.
Table 3 – Program state transitions
Transition no. Transition name Initial state Resultant state
1 HaltedToReady Halted Ready
2 ReadyToRunning Ready Running
3 RunningToHalted Running Halted
4 RunningToReady Running Ready
5 RunningToSuspended Running Suspended
6 SuspendedToRunning Suspended Running
7 SuspendedToHalted Suspended Halted
8 SuspendedToReady Suspended Ready
9 ReadyToHalted Ready Halted
4.2.6 Program state transition stimuli
The stimuli or causes for a Program’s state transitions can be internal to the Server or
external. The completion of machining steps, the detection of an alarm condition, or the
transmission of a data packet are examples of internal stimuli. Methods are an example of
external stimuli. Standard Methods are defined which act as stimuli for the control of a
Program.
4.2.7 Program Control Methods
Clients manage a Program by calling Methods. The Methods impact a Program’s behaviour by
causing specified state transitions. The state transitions dictate the actions performed by the
Program. This document defines a set of standard Program Control Methods. These Methods
provide sufficient means for a Client to run a Program.

– 12 – IEC 62541-10:2020 © IEC 2020
Table 4 lists the set of defined Program Control Methods. Each Method causes transitions
from specified states and shall be called when the Program is in one of those states.
Individual Programs can optionally support any subset of the Program Control Methods. For
example, some Programs may not be permitted to suspend and so would not provide the
Suspend and Resume Methods.
Programs can support additional user defined Methods. User defined Methods shall not
change the behaviour of the base Program Finite State Machine.
Table 4 – Program Control Methods
Method Description
Name
Start Causes the Program to transition from the Ready state to the Running state.
Suspend Causes the Program to transition from the Running state to the Suspended state.
Resume Causes the Program to transition from the Suspended state to the Running state.
Halt Causes the Program to transition from the Ready, Running or Suspended state to the Halted state.
Reset Causes the Program to transition from the Halted state to the Ready state.

All Program Control Methods are defined with their BrowseName on the
ProgramStateMachineType with the OptionalPlaceholder ModellingRule. As defined in
IEC 62541‑3, this rule allows the inclusion of Arguments to these Methods on subtypes or on
instances. For example, a Start Method may include an options argument that specifies
dynamic options used to determine some program behaviour. The Method Call service
specified in IEC 62541‑4 defines a return status. This return status indicates the success of
the Program Control Method or a reason for its failure.
4.2.8 Program state transition effects
A Program’s state transition generally has a cause and also yields an effect. The effect is a by
product of a Program state transition that can be used by a Client to monitor the progress of
the Program. Effects can be internal or external. An external effect of a state transition is the
generation of an Event notification. Each Program state transition is associated with a unique
Event. These Events reflect the progression and trajectory of the Program through its set of
defined states. The internal effects of a state transition can be the performance of some
programmatic action such as the generation of data.
4.2.9 Program result data
4.2.9.1 Overview
Result data is generated by a running Program. The result data can be intermediate or final.
Result data may be associated with specific Program state transitions.
4.2.9.2 Intermediate result data
Intermediate result data is transient and is generated by the Program in conjunction with non-
terminal state transitions. The data items that compose the intermediate results are defined in
association with specific Program state transitions. Their values are relevant only at the
transition level.
Each Program state transition can be associated with different result data items. Alternately, a
set of transitions can share a result data item. Percentage complete is an example of
intermediate result data. The value of percentage complete is produced when the state
transition occurs and is available to the Client.

Clients acquire intermediate result data by subscribing to Program state transition Events.
The Events specify the data items for each transition. When the transition occurs, the
generated Event conveys the result data values captured to the subscribed Clients. If no
Client is monitoring the Program, intermediate result data may be discarded.
4.2.9.3 Terminal result data
Terminal result data is the final data generated by the Program as it ceases execution. Total
execution time, number of widgets produced, and fault condition encountered are examples of
terminal result data. When the Program enters the terminal state, this result data can be
conveyed to the Client by the transition Event. Terminal result data is also available within the
Program to be read by a Client after the program stops. This data persists until the Program
Instance is rerun or deleted.
4.2.9.4 Monitoring Programs
Clients can monitor the activities associated with a Program’s execution. These activities
include the invocation of the management Methods, the generation of result data, and the
progression of the Program through its states. Audit Events are provided for Method Calls and
state transitions. These Events allow a record to be maintained of the Clients that interacted
with any Program and the Program state transitions that resulted from that interaction.
4.2.10 Program lifetime
4.2.10.1 Overview
Programs can have different lifetimes. Some Programs may always be present on a Server
while others are created and removed. Creation and removal can be controlled by a Client or
may be restricted to local means.
A Program can be Client creatable. If a Program is Client creatable, then the Client can add
the Program to the Server. The Object Create Method defined in IEC 62541‑3 is used to
create the Program instance. The initial state of the Program can be Halted or Ready. Some
Programs, for example, may require that a resource becomes available after its creation and
before it is ready to run. In this case, it would be initialized in the Halted state and transition
to Ready when the resource is delivered.
A Program can be Client removable. If the Program is Client removable, then the Client can
delete the Program instance from the Server. The DeleteNodes Service defined in
IEC 62541‑4 is used to remove the Program Instance. The Program shall be in a Halted state
to be removed. A Program may also be auto removable. An auto removable Program deletes
itself when execution has terminated.
4.2.10.2 Program instances
Programs can be multiple instanced or single instanced. A Server can support multiple
instances of a Program if these Program Instances can be run in parallel. For example, the
Program may define a Start Method that has an input argument to specify which resource is
acted upon by its Functions. Each instance of the Program is then started designating use of
different resources. The Client can discover all instances of a Program that are running on a
Server. Each instance of a Program is uniquely identified on the Server and is managed
independently by the Client.
4.2.10.3 Program recycling
Programs can be run once or run multiple times (recycled). A Program that is run once will
remain in the Halted state indefinitely once it has run. The normal course of action would be
to delete it following the inspection of its terminal results.

– 14 – IEC 62541-10:2020 © IEC 2020
Recyclable Programs may have a limited or unlimited cycle count. These Programs may
require a reset step to transition from the Halted state to the Ready state. This allows for
replenishing resources or reinitializing parameters prior to restarting the Program. The
Program Control Method "Reset" triggers this state transition and any associated actions or
effects.
5 Model
5.1 General
The Program model extends the FiniteStateMachineType and basic ObjectType models
presented in IEC 62541‑5. Each Program has a Type Definition that is the subtype of the
FiniteStateMachineType. The ProgramStateMachineType describes the Finite State Machine
model supported by any Program Invocation of that type. The ProgramStateMachineType also
defines the property set that characterizes specific aspects of that Program’s behaviour such
as lifetime and recycling as well as specifying the result data that is produced by the Program.

Figure 4 – Program Type
The base ProgramStateMachineType defines the standard Finite State Machine specified for
all Programs. This includes the states, transitions, and transition causes (Methods) and
effects (Events). Subtypes of the base ProgramStateMachineType can be defined to extend or
more specifically characterize the behaviour of an individual Program as illustrated with
"MyProgramType" in Figure 4.
5.2 ProgramStateMachineType
5.2.1 Overview
The additional properties and components that compose the ProgramStateMachineType are
listed in Table 5. No ProgramStateMachineType specific semantics are assigned to the other
base ObjectType or FiniteStateMachineType Attributes or Properties.

Table 5 – ProgramStateMachineType
Attribute Value
Includes all attributes specified for the FiniteStateMachineType
BrowseName ProgramStateMachineType
IsAbstract False
References NodeClass BrowseName Data Type TypeDefinition Modelling Rule
HasProperty Variable Creatable Boolean PropertyType –
HasProperty Variable Deletabe Boolean PropertyType Mandatory
HasProperty Variable AutoDelete Boolean PropertyType Mandatory
HasProperty Variable RecycleCount Int32 PropertyType Mandatory
HasProperty Variable InstanceCount UInt32 PropertyType –
HasProperty Variable MaxInstanceCount UInt32 PropertyType –
HasProperty Variable MaxRecycleCount UInt32 PropertyType –

HasComponent Variable ProgramDiagnostic ProgramDiagnos ProgramDiagnos Optional
tic2DataType tic2Type
HasComponent Object Halted StateType –
HasComponent Object Ready StateType –
HasComponent Object Running StateType –
HasComponent Object Suspended StateType –

HasComponent Object HaltedToReady TransitionType –
HasComponent Object ReadyToRunning TransitionType –
HasComponent Object RunningToHalted TransitionType –
HasComponent Object RunningToReady TransitionType –
HasComponent Object RunningToSuspended TransitionType –
HasComponent Object SuspendedToRunning TransitionType –
HasComponent Object SuspendedToHalted TransitionType –
HasComponent Object SuspendedToReady TransitionType –
HasComponent Object ReadyToHalted TransitionType –

HasComponent Method Start  OptionalPlaceholder
HasComponent Method Suspend  OptionalPlaceholder
HasComponent Method Reset  OptionalPlaceholder
HasComponent Method Halt  OptionalPlaceholder
HasComponent Method Resume  OptionalPlaceholder

HasComponent Object FinalResultData BaseObjectType Optional

5.2.2 ProgramStateMachineType Properties
The Creatable Property is a boolean that specifies if Program Invocations of this
ProgramStateMachineType can be created by a Client. If False, these Program Invocations
are persistent or may only be created by the Server.

– 16 – IEC 62541-10:2020 © IEC 2020
The Deletable Property is a boolean that specifies if a Program Invocation of this
ProgramStateMachineType can be deleted by a Client. If False, these Program Invocations
can only be deleted by the Server.
The AutoDelete Property is a boolean that specifies if Program Invocations of this
ProgramStateMachineType are removed by the Server when execution terminates. If False,
these Program Invocations persist on the Server until they are deleted by the Client. When
the Program Invocation is deleted, any result data associated with the instance is also
removed.
The RecycleCount Property is an unsigned integer that specifies the number of times a
Program Invocation of this type has been recycled or restarted from its starting point (not
resumed). Note that the Reset Method may be required to prepare a Program to be restarted.
The MaxRecycleCount Property is an integer that specifies the maximum number of times a
Program Invocation of this type can be recycled or restarted from its starting point (not
resumed). If the value is less than 0, then there is no limit to the number of restarts. If the
value is zero, then the Program may not be recycled or restarted.
The InstanceCount Property is an unsigned integer that specifies the number of Program
Invocations of this type that currently exist.
The MaxInstanceCount Property is an integer that specifies the maximum number of Program
Invocations of this type that can
...