Model-Based Design of Distributed ROS2 Systems
Using IEC 61499
2024 28th International Conference on Methods and Models in Automation and Robotics (MMAR) | 979-8-3503-6234-3/24/$31.00 ©2024 IEEE | DOI: 10.1109/MMAR62187.2024.10680751
Jörg Walter, Malte Grave
[email protected]
,
[email protected]
OFFIS – Institute for Information Technology
Abstract—ROS2 systems are distributed applications built
from strongly isolated components (nodes). Communication is
realized through a publish/subscribe mechanism. Despite having
these modern software architecture elements, ROS2 has no
canonical modelling language that captures overall application
design and helps in mapping nodes across distributed plat-
forms. We propose a model-based design approach based on
the graphical programming language IEC 61499, mapping ROS2
constructs to native IEC 61499 model elements. Code generation
creates native ROS2 nodes from IEC 61499 code. As an additional
benefit, this approach also eases integration of ROS2 systems with
non-ROS components.
I. I NTRODUCTION
A popular software environment for robotics systems is
the Robot Operating System (ROS), of which the newer
major revision is often just called ROS2. In ROS, applications
consist of multiple nodes, which are self-contained software
components. Nodes communicate through a publish/subscribe
message bus using strongly-typed messages. ROS is popular
due to its rich library of available software components for
robotics tasks, ranging from complex routing and mapping
algorithm to low-level hardware drivers.
A major shortcoming of the ROS ecosystem is the lack
of a canonical model-based design flow. By default, overall
application behaviour is not explicitly modelled, it is an
emerging property of how individual nodes were programmed.
This is most noticeable with communication: Despite having
a rich communication middleware at its heart, ROS nodes
only send and receive individual messages. The orchestration
and interaction of nodes is not an integral part of application
design, obscuring the overall control flow created by the
individual nodes that make up the system. The mapping of
nodes across a distributed system is not addressed at all.
For building complex ROS application, this reduces express-
iveness of developers, self-documenting properties of the code,
and maintainability. A popular approach would be to use a
Model-Based Design methodology to design complex cyber-
physical systems, but there is no canonical way to do so in
the ROS community.
An obvious approach would be to use UML or SysML. The
main drawback of these is that while they have many different
model types to design various aspects of the system, they lack
clear executable semantics to express the intended control flow
of the application.
For this reason, we propose a model-based design approach
for ROS2 based on a model-based control application design
979-8-3503-6234-3/24/$31.00 ©2024 IEEE
Authorized licensed use limited to: JILIN UNIVERSITY. Downloaded on December 16,2024 at 12:08:11 UTC from IEEE Xplore. Restrictions apply.
language from the domain of industrial distributed control
systems, IEC 61499. This language was designed to express
application functionality in an event-based model of computa-
tion. It is based on a component model that is similar to ROS
nodes, and it supports native modelling of publish/subscribe
communication. Using native IEC 61499 elements, higher-
level node interactions like services and actions can be mod-
elled in a clear and concise way.
This paper is structured in as follows: The next section
gives an overview of different activities in the area of ROS
modelling, with or without IEC 61499. Section III gives a short
overview of key elements of IEC 61499 that are relevant to our
proposed modelling approach, which we explain in Section IV.
After that, we discuss opportunities and shortcomings of this
approach in Section V, and give a summary and outlook on
future research in Section VI.
II. R ELATED W ORK
There is little work on applying model-based design meth-
odology to ROS applications. The most obvious approach is
to use SysML as a modelling language, which is presented in
[1]. The authors propose a new SysML profile to describe all
details of a ROS system. The main difference to our approach
is that effectively, the authors create a new domain-specific
language, whereas our proposal maps to an existing language
and thus reduces the learning curve.
A similar distinction can be made regarding [2], where the
authors model ROS systems using the Architecture Analysis
and Description Language. However, they only apply their
idea to a specific use case class and do not strive for feature-
completeness regarding arbitrary ROS applications.
The closes work to our proposal is presented in [3],
which also uses IEC 61499 as a host language. Similar to
the preceding example, however, the authors assume a spe-
cific overall system architecture using a higher-level tool and
method, using IEC 61499 only as an intermediate language.
Our approach aims at avoiding the introduction of additional
model/abstraction layers and using IEC 61499 as true origin
language for arbitrary ROS applications. Our assumption is
that users who need another abstraction layer on top of
IEC 61499 (like SysML) will already have a tool/method of
choice. By using native IEC 61499 functionality, our approach
can be integrated easily into complex multiple-language scen-
arios.
515

Figure III.1: IEC 61499 System model that is used for all
examples
Figure III.2: IEC 61499 Application model of a simple applic-
ation. A controller controls a motor in a 100ms loop based on
data from a distance sensor.
III. BACKGROUND
IEC 61499 (hereafter abbreviated as just 1499) is a graph-
ical programming language for industrial distributed control
systems that is suitable for model-based and model-driven
design flows [4]. It is a modern replacement for the standard
IEC 61131 [5], which is still the dominant way to program pro-
grammable logic controllers (PLCs). In order to ease system
upgrades, 1499 reuses much of IEC 61131, most importantly
the elementary data types.
A 1499 project consists of one S YSTEM model and multiple
A PPLICATION models.
The system model describes the execution devices that are
available to run the applications. Figure III.1 shows a system
model consisting of four devices and one network segment
connecting them, as rendered by the open-source IEC 61499
implementation Eclipse 4diac [6]. System models contain
some more information that is not relevant to this paper.
Application models describe functional behaviour. Applic-
ations are independent from each other and can run across
multiple devices. Devices run multiple applications concur-
rently, under control of an implementation-defined scheduling
algorithm.
Applications consist of a network of F UNCTION B LOCKS
(FBs) connected by edges representing events and data. FBs
encapsulate executable behaviour, event connections define
execution control, and data connections define data flow. The
execution model is strictly event-based, i. e. FB execution is
triggered by receiving an event, and FBs can send out new
events as part of their execution. Figure III.2 shows a typical
example of a simple control application.
Function blocks come in different variants. Three of them
are important for this paper:
• Basic function blocks (BFB) encapsulate behaviour as
a state machine (called Execution Control Chart, ECC)
516
Authorized licensed use limited to: JILIN UNIVERSITY. Downloaded on December 16,2024 at 12:08:11 UTC from IEEE Xplore. Restrictions apply.
containing portable code written in IEC 61131 Structured
Text (ST) [5].
• Subapplications allow hierarchical modelling by encap-
sulating a function block network just like a top-level
application.
• Service interface function blocks (SIFB) represent device-
specific functionality, usually implemented in native code.
They can create events from external sources, while all
other FBs can only create events as response to an
incoming event.
In the graphical representation, FBs have a notch at the
side, which separates connection points (called P INS) for
events (top) from data pins (bottom). Inputs are on the left
side, outputs on the right side. Colours refer to the devices
of the system model and specify where an FB should be
executed. Lines denote communication between FBs, text
denotes constant values in IEC 61131 syntax. Dashed lines
denote non-local communication, i. e. true network communic-
ation, whereas on-device communication uses solid lines. Line
colours represent different data type classes. Beyond simple
event and data connections, there is also the A DAPTER. An
adapter combines multiple bidirectional event and data edges
in a single connection, which we use heavily to represent ROS
communications.
The primitive data type system of 1499 is the type system of
IEC 61131. It is comparable to the type system of common lan-
guages like C++ and has integers of various widths, floating-
point values, strings, time and date values, and compositions
in the form of fixed- or variable-size arrays and structs [5].
IV. M ODELLING A PPROACH
Our proposal for modelling ROS2 applications using the
graphical language IEC 61499 stems from the observation
that all important elements of the ROS2 software ecosystem
map to 1499 elements in a natural and direct way. We focus
exclusively on modelling ROS applications in IEC 61499, not
on mapping arbitrary IEC 61499 applications to ROS.
All examples shown in this section are models created in
the open-source IEC 61499 implementation Eclipse 4diac and
use the system model shown in Figure III.1.
A. Mapping ROS Nodes
ROS nodes encapsulate all executable functionality. They
primarily react to incoming messages, but they can also create
messages in an asynchronous fashion, not as a causal result of
an incoming message. In 1499, function blocks have the same
role and very similar properties.
The main difference between both is that communication
separates events from data, whereas a ROS message can be
interpreted as a tuple of an event (sending/receiving the mes-
sage itself) and multiple data values. In 1499, the Adapter is
a model element that can represent this composition naturally.
As a result, a 1499 application that represents a simple ROS
system could look like Figure IV.1. This example also shows
the first benefit that goes beyond ROS2 expressivity: easy
specification of the distributed nature of the application.
Figure IV.1: Simple ROS application modelled in IEC 61499
Figure IV.2: Adapter definition of a ROS message
B. Mapping Topics and Messages
In this example, the connections use two
message types from the ROS2 standard lib-
rary, ROS::sensor_msgs::LaserScan and
ROS::geometry_msgs::Twist. Since type names
in 1499 cannot use the colon character, the ROS names
must be transformed by replacing the double-colon with a
double-underscore. This mapping is a compromise between
human readability and chance of an unintended conflict.
Other encoding schemes could be used to ensure that all
possible ROS identifiers map to a unique 1499 identifier. In
this example, the adapters each contain a single field using the
mapped type names ROS__sensor_msgs__LaserScan
and ROS__geometry_msgs__Twist. Figure IV.2 show
the definition of the cmd_vel adapter, containing one field
target and the associated event MSG. The laser_scan
adapter is defined similarly.
Connecting function blocks in this way implicitly defines
a ROS topic of the same name as the FB pins. In case the
pin names differ, the topic would need to be remapped in the
same way that ROS .launch files allow topic remapping.
C. Mapping Data Types
ROS message definitions have a dual nature: On one hand,
they define messages actively sent over the network, in which
case they also implicitly represent an event. On the other hand,
they simply define reusable data structures. ROS only distin-
guishes between these scenarios through their usage, while
1499 uses different model elements for these two purposes.
As has already been established, messages for the purpose
of sending them are modelled as adapters. These cannot be
composed hierarchically, however, so the proposed mapping
uses 1499 structs to express hierarchical composition. A ROS
message definition thus has two equivalent model elements on
the 1499 side:
• An adapter with the same fields as the ROS message plus
an event called MSG (figure IV.2)
• A struct with the same fields but no event
Primitive data types map between both type systems quite
naturally. They are not identical, but close enough that for
all ROS types there is an obvious choice on the 1499 (or
rather, IEC 61131) side. The only omission is that ROS2
can express bounded string sizes, which IEC 61499 does not
517
Authorized licensed use limited to: JILIN UNIVERSITY. Downloaded on December 16,2024 at 12:08:11 UTC from IEEE Xplore. Restrictions apply.
(a) ROS::std_msgs::Header
(b) ROS::sensor_msgs::LaserScan
Figure IV.3: IEC 61499 struct equivalent to a ROS2 standard
message with hierarchical composition
Figure IV.4: IEC 61499 adapter definition for a ROS service
support. Figure IV.3 shows an example from the ROS standard
library exercising some advanced data types. Notably, 1499
has dedicated time and date types and its arrays support the
full range of size limitations available in ROS.
D. Mapping Services and Actions
With the basic communication infrastructure defined, the
remaining part of the ROS2 communication middleware are
services and actions. The adapter mechanism is powerful
enough to express both of them.
Services differ from plain messages by providing a reverse
path for a result message. IEC 61499 adapters allow bidirec-
tional communications as well, so a service adapter is simply
an adapter with one event in each direction, plus associ-
ated data fields like for plain messages. Figure IV.4 shows
the 1499 definition for the ROS::srd_srvs::SetBool
service. Note that the event names are now REQ(uest) and
CNF(irm), imitating a popular 1499 naming convention.
Similarly, actions are just another extension by a third
event and associated data fields. Figure IV.5 shows an ex-
ample from the ROS wiki, defining a dishwasher action
with feedback consisting of the completion percentage. Note
how IEC 61499 is able to differentiate which data fields are
associated with which event, represented as vertical connec-
tions between event and data pins. That way, the adapter
uniquely defines an action with dishwasher_id as initial
message, total_dishes_cleaned as result message, and
percent_complete as feedback message.
Applications using services and actions look the same as
applications using simple messages. Since 1499 is strongly

Figure IV.5: IEC 61499 adapter definition for a ROS action
Figure IV.6: Application examples for services and actions.
typed, there is no danger of confusing anything – connections
are only possible between matching pins. Figure IV.6 demon-
strates this in trivial examples.
E. Modelling Communication Topologies
Up to now, we have presented a sensible mapping for repres-
enting all basic ROS2 middleware components as IEC 61499
elements. But the true power of this approach lies in the
ability to model overall application structure in a way that
ROS code does not permit. To demonstrate this, we show
examples of a robotic vehicle control application in various
scenarios exercising four major communication topologies: a
single or multiple publishers paired with a single or multiple
subscribers.
The basic scenario is always the same: The system model
(figure III.1) defines three controllers for the robot, a powerful
control device (orange), a less powerful IO device (green), and
for one of the examples also a special radar device (blue).
Furthermore, the robot is part of a larger swarm of robots that
have varying degrees of coordination and distributed control,
depending on example. The other robots in the swarm are
represented by a dummy device (gray) with the assumptions
that all members of the swarm run the same software. Each
robot has distance sensors of some kind, which provides
data for some autonomous drive decision algorithm (possibly
involving map building and complex path planning), and then
motor control driver(s) that perform the actions decided by the
control algorithm. The system is not executed periodically, but
triggered by the availability of new sensor data.
1) Single-Publisher, Single-Subscriber: This is the trivial
case that we used to describe the basic mapping approach
(Figure IV.1). It has already been discussed at great length.
2) Single-Publisher, Multiple-Subscriber: Figure IV.7
shows a scenario where a dual-tracked vehicle has separate
518
Authorized licensed use limited to: JILIN UNIVERSITY. Downloaded on December 16,2024 at 12:08:11 UTC from IEEE Xplore. Restrictions apply.
Figure IV.7: Single-Publisher Multiple-Subscriber scenario
Figure IV.8: Multiple-Publisher Single-Subscriber scenario
drive controllers for each side. The LIDAR publishes its
sensor data, and both control algorithms subscribe to that
topic. In this case, the ROS2 topic is represented by a dummy
subapplication TOPIC_LASER_SCAN that only serves to
connect publishers and subscribers. It does not represent any
executable code and thus it is not mapped to any device
(recognizable by the white FB colour).
This pattern is repeated in all other examples. In fact,
we propose that every topic has an empty subapplication
representing it. Only trivial 1:1 connections may omit this
element for simplicity.
3) Multiple-Publisher, Single-Subscriber: Figure IV.8
shows the inverse situation, multiple data sources publishing
their measurements on a single topic, while a single subscriber
continuously updates its state from incoming data. In the
example, the vehicle has multiple LIDAR scanners. From the
modelling perspective, the approach is the same: a dummy
subapplication tailored to the amount of publishers and
subscribers represents the n:1 connectivity.
4) Multiple-Publisher, Multiple-Subscriber: The scenario
in Figure IV.9 shows a more complex setup utilizing all system
model elements. Sensors do not simply publish raw data to
the control algorithm; local sensors are merged by a sensor
fusion algorithm that determines the robots position in a global
coordinate system. This position is then published, not just
for the local device, but for all members of the swarm to see
Figure IV.9: Multiple-Publisher Multiple-Subscriber scenario

Figure IV.10: Advanced distributed control scenario
(SWARM_DriveDecision at the bottom right). Likewise,
the local control algorithm receives all swarm member position
(SWARM_SensorFusion at the bottom left) as input for its
autonomous drive decision.
The most notable modelling extension is the representation
of an unspecified number of external devices through function
blocks mapped to a dummy ‘SWARM’ device. These FBs
are not actually part of the application’s behaviour. They only
serve documentation purposes, clearly marking the topic as
having n:m topology, and documenting the intention that the
other swarm members use a very similar, if not the same,
software architecture.
5) Distributed Control: As a final scenario, Figure IV.10
shows another n:m topology, but one with a feedback loop. In
this scenario, drive decisions by the swarm are performed in
a truly distributed manner, with each controller updating all
other controllers about their decisions as their state evolves.
This would be suitable for coordinated task planning without
central controller. It has no new modelling patterns, but it does
show that models can get crowded if a lot of feedback is
involved. Robotic control software engineers should make sure
to use proper abstractions to avoid spaghetti code (which, in
a graphical language, should be taken quite literally).
F. Deployment
Modelling ROS systems in a model-based language is
only half the story. After creating these models, the question
remains how robotic software engineers can run the ROS
applications they have designed. The intention of our approach
is heavy use of automatic code generation. There are different
levels of automation with different manual and tool effort:
a) Deployment and composition aid: The IEC 61499
model contains all information required to create .launch
files for preexisting ROS nodes. Unfortunately, ROS node
source code does not allow generalized extraction of the
communication interface. As a result, FBs representing ROS
nodes must be manually created in a way that is compatible
with their implementation. Message types of ROS are available
in a format that allows automatic generation of equivalent 1499
data type definitions, saving some work.
519
Authorized licensed use limited to: JILIN UNIVERSITY. Downloaded on December 16,2024 at 12:08:11 UTC from IEEE Xplore. Restrictions apply.
b) Template code generation: Instead of using preexist-
ing ROS nodes, 1499 function blocks contain enough inform-
ation to generate a template implementation of a ROS node
including its communication interface. Developers then only
need to fill in the actual behaviour code. This eliminates cre-
ating boilerplate code and ensures consistency in the interface
between multiple nodes across the application.
c) Full code generation: Developers could also exploit
the full expressivity of IEC 61499, most notably the ability
to mix textual (C++) algorithm descriptions with ECC state
machines. In this level, developers would not need to manually
build ROS code at all: The full ROS application can be
generated from the IEC 61499 model.
d) Code generation with portable algorithms: IEC 61499
includes a standardized, portable programming language for
textual algorithms, Structured Text. It is simple enough to
translate it to native C++ code (as done by Eclipse 4diac).
While it may seem counter-intuitive to force developers to
learn a new language, this approach allows heterogeneous
systems that are not restricted to the ROS runtime. In such
an application, individual nodes can be mapped to a native
IEC 61499 device, e. g. a PLC that supports 1499 natively.
V. D ISCUSSION
Overall, it is easy to see that IEC 61499 and ROS2 are a
good match. ROS middleware elements map to 1499 model
elements in a straightforward way. The reverse is not true,
however. IEC 61499 allows many more constructs that are not
covered by our proposed modelling approach.
The graphical models clearly express developer intent on a
suitable abstraction level, with a strong focus on application
composition. We did not present full details on modelling ROS
node behaviour, but initial experiments show that the ‘full
code generation’ automation level is viable: A prototypical
tool implementation can generate clean and correct C++ ROS2
code for simple ECC state machines and communication
patterns. We have not yet performed a systematic evaluation
of corner cases and limitations, however. We also did not yet
explore the ’portable algorithms’ automation level.
A big advantage of our approach is the fact that the models
themselves are executable. They have clear semantics (within
the limits of IEC 61499, which does have some undefined
areas), which allows early testing of interaction patterns long
before the final behaviour is implemented or even the commu-
nication interfaces are fixed. Tools like the Eclipse 4diac IDE
built-in simulator [7] can do so without having to generate
ROS code at all.
A second notable advantage is the potentially tight integra-
tion of industrial control systems with robotics applications.
Given that industrial robotics are a major part of the entire
robotics domain, this can make system composition much
cleaner, faster, and more maintainable. Eclipse 4diac already
contains some parts to reach that goal: it has an initial
implementation of the required communication infrastructure
so that native 1499 code can talk to ROS2 nodes via their
native DDS protocol.
 For the integration goal, it would also be interesting to
be able to migrate existing industrial control system code to
ROS. The presented modelling approach explicitly did not
address this use case. Nevertheless, many common interactions
between function blocks are compatible with ROS message
semantics (see Figure III.2 for a pretty typical example). Since
1499 models are on a high abstraction level, these cases
can be identified statically, opening the potential for seamless
introduction of ROS code into pure 1499 applications.
In general, static analysability is a final advantage of model-
based ROS application design. Methodologies for systematic-
ally ensuring functional and extra-functional system properties
work well with a fully model-based design flow, e. g. Contract-
Based Design [8].
VI. C ONCLUSION & F UTURE W ORK
We have presented a comprehensive modelling approach for
graphical, model-based design of ROS2 applications. We used
IEC 61499 as host language to express all basic ROS2 ele-
ments and showcased a variety of application patterns, clearly
demonstrating its advantage in readability and development
effort.
These models can be used for different levels of automated
code generation, from a simple deployment aid to a fully
model-based software development workflow. While basic
viability can be shown, corner cases and limitations of this
automation need to be explored in future work.
In the long run, our modelling approach allows tight integ-
ration of robotics applications with industrial control applic-
ations in typical factory settings and other systems utilising
industrial control equipment (e. g. maritime, railway).
ACKNOWLEDGEMENT
This research was partially funded by the Ministry of
Science and Culture of the federal state of Lower Saxony,
Germany under research grant number ZN3489.
R EFERENCES
[1] T. Winiarski, “MeROS: SysML-based Metamodel for ROS-based Sys-
tems,” IEEE Access, 2023.
[2] G. Bardaro, A. Semprebon, and M. Matteucci, “A use case in model-
based robot development using AADL and ROS,” in Proceedings of the
1st International Workshop on Robotics Software Engineering, 2018.
[3] M. Wenger, W. Eisenmenger, G. Neugschwandtner, B. Schneider, and
A. Zoitl, “A model based engineering tool for ROS component com-
positioning, configuration and generation of deployment information,” in
2016 IEEE 21st international conference on emerging technologies and
factory automation (ETFA), 2016.
[4] L. H. Yoong, P. S. Roop, Z. E. Bhatti, and M. M. Kuo, Model-Driven
Design Using EC 61499: A Synchronous Approach for Embedded and
Automation Systems. 2014.
[5] P. Neumann, SPS-Standard: IEC 61131: Programmierung in verteilten
Automatisierungssystemen. Oldenbourg Industrieverlag, 2000.
[6] The Eclipse 4diac Project, “Eclipse 4diac - The Open Source Envir-
onment for Distributed Industrial Automation and Control Systems,” in
https://www.eclipse.org/4diac, 2024.
[7] B. Wiesmayr, A. Zoitl, A. Garmendia, and M. Wimmer, “A model-based
execution framework for interpreting control software,” in 2021 26th
IEEE International Conference on Emerging Technologies and Factory
Automation (ETFA), IEEE, 2021.
[8] A. Sangiovanni-Vincentelli, W. Damm, and R. Passerone, “Taming
Dr. Frankenstein: Contract-based design for cyber-physical systems,”
European journal of control, vol. 18, 2012.

520
Authorized licensed use limited to: JILIN UNIVERSITY. Downloaded on December 16,2024 at 12:08:11 UTC from IEEE Xplore. Restrictions apply.