Yuma Yamano, Toshihiko Ando & Keishi Okamoto International Journal of Software Engineering (IJSE), Volume (8) : Issue (3) : 2020 27 A Tool Generating a C# Code with Contracts of Code Contracts from a VDM++ Model with Conditions Yuma Yamano a1811531@sendai-nct.jp Department of Information Systems National Institute of Technology, Sendai College Sendai, 989-3128, Japan Toshihiko Ando tando@sendai-nct.ac.jp Department of Information Systems National Institute of Technology, Sendai College Sendai, 989-3128, Japan Keishi Okamoto okamoto@sendai-nct.ac.jp Department of Information Systems National Institute of Technology, Sendai College Sendai, 989-3128, Japan Abstract As systems rely on software, the reliability of the software is required. Formal methods are prominent ways to improve the reliability of software. Formal specification is one of the formal methods and offers a formal specification language based on mathematics and computer science. With this method, the ambiguity of the specification can be decreased, and verification can be facilitated. In development based on formal specification, specifications are formally described and then a code is generated from it. This generation is done manually in some cases, but it is done automatically by a tool in some cases. Generally, from the viewpoint of execution efficiency, etc., the generated code is modified, so it is necessary to verify whether the code meets the conditions in the specification. However, this task is manual in many cases, then it is time-consuming and error-prone. In this paper, we introduce a tool to generate a code in the programing language C# from a specification in the formal specification language VDM++. The tool also translates conditions of a specification into contracts of the library Code Contracts of #C. The above problem will be solved with this tool. Keywords: Formal Methods, Code Generation, VDM++, C#, Code Contracts. 1. INTRODUCTION Our society is highly dependent on software-intensive systems, for instance, automotive, medical devices, etc. Therefore, we require reliability, safety, security, etc. to the systems. However, the specification description and implementation of a software-intensive system are becoming complicated and complex as the system is becoming so. Formal methods can support these tasks to ensure a system to be reliable, safe, secure, etc. Because we can describe and verify target systems in a mathematical way with formal methods. In this paper, we focus on formal specification while formal methods contain model checking, theorem proving, etc. A formal specification consists of a formal specification language and verification methods. We can describe a formal specification of a target system in a formal specification language so that the resulting specification has no ambiguity, can be automatically verified, and is easy to validate. Moreover, some formal specification tools can generate code in a programming language from a formal specification in a specification language. VDM (Vienna Development Method) [1] [2] is one of the formal specifications. Moreover, VDM is called a