Departmental Papers (CIS)

Date of this Version


Document Type

Conference Paper


7th NASA Formal Methods Symposium (NFM 2015), Pasadena, CA, April 27-29, 2015.


The paper considers the problem of model-based deployment of platform-independent control code on a specific platform. The approach is based on automatic generation of platform-specific glue code from an architectural model of the system. We present a tool, ROSGen, that generates the glue code based on a declarative specification of platform interfaces. Our implementation targets the popular Robot Operating System (ROS) platform. We demonstrate that the code generation process is amenable to formal verification. The code generator is implemented in Coq and relies on the infrastructure provided by the CompCert and VST tool. We prove that the generated code always correctly connects the controller function to sensors and actuators in the robot. We use ROSGen to implement a cruise control system on the LandShark robot.

Subject Area

CPS Auto, CPS Embedded Control

Publication Source

NASA Formal Methods

Start Page


Last Page




Copyright/Permission Statement

The final publication is available at Springer via



Date Posted: 14 October 2015

This document has been peer reviewed.