Construction and Analysis of Distributed Processes

Construction and Analysis of Distributed Processes
Developer(s)	INRIA CONVECS team (formerly VASY team)
Initial release	1989, 34–35 years ago
Stable release	2023 / February 13, 2023;13 months ago
Operating system	Windows, macOS, Linux, Solaris, and OpenIndiana
Type	Toolbox for designing communication protocols and distributed systems
Website	cadp.inria.fr

Last updated April 05, 2024

CADP^[1] (Construction and Analysis of Distributed Processes) is a toolbox for the design of communication protocols and distributed systems. CADP is developed by the CONVECS team (formerly by the VASY team) at INRIA Rhone-Alpes and connected to various complementary tools. CADP is maintained, regularly improved, and used in many industrial projects.

CADP can be applied to any system that comprises asynchronous concurrency, i.e., any system whose behavior can be modeled as a set of parallel processes governed by interleaving semantics. Therefore, CADP can be used to design hardware architecture, distributed algorithms, telecommunications protocols, etc. The enumerative verification (also known as explicit state verification) techniques implemented in CADP, though less general that theorem proving, enable an automatic, cost-efficient detection of design errors in complex systems.

CADP includes tools to support use of two approaches in formal methods, both of which are needed for reliable systems design:

Models provide mathematical representations for parallel programs and related verification problems. Examples of models are automata, networks of communicating automata, Petri nets, binary decision diagrams, boolean equation systems, etc. From a theoretical point of view, research on models seeks for general results, independent of any particular description language.
In practice, models are often too elementary to describe complex systems directly (this would be tedious and error-prone). A higher level formalism known as process algebra or process calculus is needed for this task, as well as compilers that translate high-level descriptions into models suitable for verification algorithms.

History

Work began on CADP in 1986, when the development of the first two tools, CAESAR and ALDEBARAN, was undertaken. In 1989, the CADP acronym was coined, which stood for CAESAR/ALDEBARAN Distribution Package. Over time, several tools were added, including programming interfaces that enabled tools to be contributed: the CADP acronym then became the CAESAR/ALDEBARAN Development Package. Currently CADP contains over 50 tools. While keeping the same acronym, the name of the toolbox has been changed to better indicate its purpose: Construction and Analysis of Distributed Processes.

Major releases

The releases of CADP have been successively named with alphabetic letters (from "A" to "Z"), then with the names of cities hosting academic research groups actively working on the LOTOS language and, more generally, the names of cities in which major contributions to concurrency theory have been made.

Code name	Date
"A" ... "Z"	January 1990 - December 1996
Twente	June 1997
Liege	January 1999
Ottawa	July 2001
Edinburgh	December 2006
Zurich	December 2013
Amsterdam	December 2014
Stony Brook	December 2015
Oxford	December 2016
Sophia Antipolis	December 2017
Uppsala	December 2018
Pisa	December 2019
Aalborg	December 2020
Saarbruecken	December 2021
Kista	December 2022
Aachen	February 2023

Between major releases, minor releases are often available, providing early access to new features and improvements. For more information, see the change list page on the CADP website.

CADP features

CADP offers a wide set of functionalities, ranging from step-by-step simulation to massively parallel model checking. It includes:

Compilers for several input formalisms:
- High-level protocol descriptions written in the ISO language LOTOS.^[2] The toolbox contains two compilers (CAESAR and CAESAR.ADT) that translate LOTOS descriptions into C code to be used for simulation, verification, and testing purposes.
- Low-level protocol descriptions specified as finite state machines.
- Networks of communicating automata, i.e., finite state machines running in parallel and synchronized (either using process algebra operators or synchronization vectors).
Several equivalence checking tools (minimization and comparisons modulo bisimulation relations), such as BCG_MIN and BISIMULATOR.
Several model-checkers for various temporal logic and mu-calculus, such as EVALUATOR and XTL.
Several verification algorithms combined: enumerative verification, on-the-fly verification, symbolic verification using binary decision diagrams, compositional minimization, partial orders, distributed model checking, etc.
Plus other tools with advanced functionalities such as visual checking, performance evaluation, etc.

CADP is designed in a modular way and puts the emphasis on intermediate formats and programming interfaces (such as the BCG and OPEN/CAESAR software environments), which allow the CADP tools to be combined with other tools and adapted to various specification languages.

Models and verification techniques

Verification is comparison of a complex system against a set of properties characterizing the intended functioning of the system (for instance, deadlock freedom, mutual exclusion, fairness, etc.).

Most of the verification algorithms in CADP are based on the labeled transition systems (or, simply, automata or graphs) model, which consists of a set of states, an initial state, and a transition relation between states. This model is often generated automatically from high level descriptions of the system under study, then compared against the system properties using various decision procedures. Depending on the formalism used to express the properties, two approaches are possible:

Behavioral properties express the intended functioning of the system in the form of automata (or higher level descriptions, which are then translated into automata). In such a case, the natural approach to verification is equivalence checking, which consists in comparing the system model and its properties (both represented as automata) modulo some equivalence or preorder relation. CADP contains equivalence checking tools that compare and minimize automata modulo various equivalence and preorder relations; some of these tools also apply to stochastic and probabilistic models (such as Markov chains). CADP also contains visual checking tools that can be used to verify a graphical representation of the system.
Logical properties express the intended functioning of the system in the form of temporal logic formulas. In such a case, the natural approach to verification is model checking, which consists of deciding whether or not the system model satisfies the logical properties. CADP contains model checking tools for a powerful form of temporal logic, the modal mu-calculus, which is extended with typed variables and expressions so as to express predicates over the data contained in the model. This extension provides for properties that could not be expressed in the standard mu-calculus (for instance, the fact that the value of a given variable is always increasing along any execution path).

Although these techniques are efficient and automated, their main limitation is the state explosion problem, which occurs when models are too large to fit in computer memory. CADP provides software technologies for handling models in two complementary ways:

Small models can be represented explicitly, by storing in memory all their states and transitions (exhaustive verification);
Larger models are represented implicitly, by exploring only the model states and transitions needed for the verification (on the fly verification).

Languages and compilation techniques

Accurate specification of reliable, complex systems requires a language that is executable (for enumerative verification) and has formal semantics (to avoid any as language ambiguities that could lead to interpretation divergences between designers and implementors). Formal semantics are also required when it is necessary to establish the correctness of an infinite system; this cannot be done using enumerative techniques because they deal only with finite abstractions, so must be done using theorem proving techniques, which only apply to languages with a formal semantics.

CADP acts on a LOTOS description of the system. LOTOS is an international standard for protocol description (ISO/IEC standard 8807:1989), which combines the concepts of process algebras (in particular CCS and CSP and algebraic abstract data types. Thus, LOTOS can describe both asynchronous concurrent processes and complex data structures.

LOTOS was heavily revised in 2001, leading to the publication of E-LOTOS (Enhanced-Lotos, ISO/IEC standard 15437:2001), which tries to provide a greater expressiveness (for instance, by introducing quantitative time to describe systems with real-time constraints) together with a better user friendliness.

Several tools exist to convert descriptions in other process calculi or intermediate format into LOTOS, so that the CADP tools can then be used for verification.

Licensing and installation

CADP is distributed free of charge to universities and public research centers. Users in industry can obtain an evaluation license for non-commercial use during a limited period of time, after which a full license is required. To request a copy of CADP, complete the registration form at.^[3] After the license agreement has been signed, you will receive details of how to download and install CADP.

Tools summary

The toolbox contains several tools:

CAESAR.ADT^[4] is a compiler that translates LOTOS abstract data types into C types and C functions. The translation involves pattern-matching compiling techniques and automatic recognition of usual types (integers, enumerations, tuples, etc.), which are implemented optimally.
CAESAR^[5] is a compiler that translates LOTOS processes into either C code (for rapid prototyping and testing purposes) or finite graphs (for verification). The translation is done using several intermediate steps, among which the construction of a Petri net extended with typed variables, data handling features, and atomic transitions.
OPEN/CAESAR^[6] is a generic software environment for developing tools that explore graphs on the fly (for instance, simulation, verification, and test generation tools). Such tools can be developed independently of any particular high level language. In this respect, OPEN/CAESAR plays a central role in CADP by connecting language-oriented tools with model-oriented tools. OPEN/CAESAR consists of a set of 16 code libraries with their programming interfaces, such as:
- Caesar_Hash, which contains several hash functions
- Caesar_Solve, which resolves boolean equation systems on the fly
- Caesar_Stack, which implements stacks for depth-first search exploration
- Caesar_Table, which handles tables of states, transitions, labels, etc.

A number of tools have been developed within the OPEN/CAESAR environment:

- BISIMULATOR, which checks bisimulation equivalences and preorders
- CUNCTATOR, which performs on-the-fly steady state simulation
- DETERMINATOR, which eliminates stochastic nondeterminism in normal, probabilistic, or stochastic systems
- DISTRIBUTOR, which generates the graph of reachable states using several machines
- EVALUATOR, which evaluates regular alternation-free mu-calculus formulas
- EXECUTOR, which performs random execution of code
- EXHIBITOR, which searches for execution sequences matching a given regular expression
- GENERATOR, which constructs the graph of reachable states
- PREDICTOR, which predict the feasibility of reachability analysis,
- PROJECTOR, which computes abstractions of communicating systems
- REDUCTOR, which constructs and minimizes the graph of reachable states modulo various equivalence relations
- SIMULATOR, X-SIMULATOR and OCIS, which allow interactive simulation
- TERMINATOR, which searches for deadlock states
BCG (Binary Coded Graphs) is both a file format for storing very large graphs on disk (using efficient compression techniques) and a software environment for handling this format, including partitioning graphs for distributed processing. BCG also plays a key role in CADP as many tools rely on this format for their inputs/outputs. The BCG environment consists of various libraries with their programming interfaces, and of several tools, including:
- BCG_DRAW, which builds a two-dimensional view of a graph,
- BCG_EDIT which allows to modify interactively the graph layout produced by Bcg_Draw
- BCG_GRAPH, which generates various forms of practically useful graphs
- BCG_INFO, which displays various statistical information about a graph
- BCG_IO, which performs conversions between BCG and many other graph formats
- BCG_LABELS, which hides and/or renames (using regular expressions) the transition labels of a graph
- BCG_MERGE, which gathers graph fragments obtained from distributed graph construction
- BCG_MIN, which minimizes a graph modulo strong or branching equivalences (and can also deal with probabilistic and stochastic systems)
- BCG_STEADY, which performs steady-state numerical analysis of (extended) continuous-time Markov chains
- BCG_TRANSIENT, which performs transient numerical analysis of (extended) continuous-time Markov chains
- PBG_CP, which copies a partitioned BCG graph
- PBG_INFO, which displays information about a partitioned BCG graph
- PBG_MV which moves a partitioned BCG graph
- PBG_RM, which removes a partitioned BCG graph
- XTL (eXecutable Temporal Language), which is a high level, functional language for programming exploration algorithms on BCG graphs. XTL provides primitives to handle states, transitions, labels, successor and predecessor functions, etc. For instance, one can define recursive functions on sets of states, which allow to specify in XTL evaluation and diagnostic generation fixed point algorithms for usual temporal logics (such as HML,^[7] CTL,^[8] ACTL,^[9] etc.).

The connection between explicit models (such as BCG graphs) and implicit models (explored on the fly) is ensured by OPEN/CAESAR-compliant compilers including:

- CAESAR.OPEN, for models expressed as LOTOS descriptions
- BCG.OPEN, for models represented as BCG graphs
- EXP.OPEN, for models expressed as communicating automata
- FSP.OPEN, for models expressed as FSP descriptions
- LNT.OPEN, for models expressed as LNT descriptions
- SEQ.OPEN, for models represented as sets of execution traces

The CADP toolbox also includes additional tools, such as ALDEBARAN and TGV (Test Generation based on Verification) developed by the Verimag laboratory (Grenoble) and the Vertecs project-team of INRIA Rennes.

The CADP tools are well-integrated and can be accessed easily using either the EUCALYPTUS graphical interface or the SVL^[10] scripting language. Both EUCALYPTUS and SVL provide users with an easy, uniform access to the CADP tools by performing file format conversions automatically whenever needed and by supplying appropriate command-line options as the tools are invoked.

Awards

In 2002, Radu Mateescu, who designed and developed the EVALUATOR model checker of CADP, received the Information Technology Award attributed during the 10th edition of the yearly symposium organized by the Foundation Rhône-Alpes Futur.^[11]

In 2011, Hubert Garavel, software architect and developer of CADP, received the Gay-Lussac Humboldt Prize.^[12]

In 2019, Frédéric Lang and Franco Mazzanti won all the gold medals for the parallel problems of the RERS challenge by using CADP to successfully and correctly evaluate 360 computational tree logic (CTL) and linear temporal logic (LTL) formulas on various sets of communicating state machines.^[13]^[14]

In 2020, Frédéric Lang, Franco Mazzanti, and Wendelin Serwe won three gold medals at the RERS'2020 challenge by correctly solving 88% of the "Parallel CTL" problems, only giving "don't know" answers for 11 formulas out of 90.^[15]^[16]^[17]

In 2021, Hubert Garavel, Frédéric Lang, Radu Mateescu, and Wendelin Serwe jointly won the Innovation Prize of Inria – Académie des sciences – Dassault Systèmes for their scientific work that led to the development of the CADP toolbox.^[18]

In 2023, Hubert Garavel, Frédéric Lang, Radu Mateescu, and Wendelin Serwe jointly received, for the CADP toolbox, the first ever Test-of-Time Tool Award from ETAPS, the premier European forum for software science.^[19]

Related Research Articles

In computer engineering, a hardware description language (HDL) is a specialized computer language used to describe the structure and behavior of electronic circuits, most commonly to design ASICs and program FPGAs.

In computer science, formal methods are mathematically rigorous techniques for the specification, development, analysis, and verification of software and hardware systems. The use of formal methods for software and hardware design is motivated by the expectation that, as in other engineering disciplines, performing appropriate mathematical analysis can contribute to the reliability and robustness of a design.

Electronic design automation (EDA), also referred to as electronic computer-aided design (ECAD), is a category of software tools for designing electronic systems such as integrated circuits and printed circuit boards. The tools work together in a design flow that chip designers use to design and analyze entire semiconductor chips. Since a modern semiconductor chip can have billions of components, EDA tools are essential for their design; this article in particular describes EDA specifically with respect to integrated circuits (ICs).

In the context of hardware and software systems, formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property, using formal methods of mathematics. Formal verification is a key incentive for formal specification of systems, and is at the core of formal methods. It represents an important dimension of analysis and verification in electronic design automation and is one approach to software verification. The use of formal verification enables the highest Evaluation Assurance Level (EAL7) in the framework of common criteria for computer security certification.

The National Institute for Research in Digital Science and Technology (Inria) is a French national research institution focusing on computer science and applied mathematics. It was created under the name French Institute for Research in Computer Science and Automation (IRIA) in 1967 at Rocquencourt near Paris, part of Plan Calcul. Its first site was the historical premises of SHAPE, which is still used as Inria's main headquarters. In 1980, IRIA became INRIA. Since 2011, it has been styled Inria.

In computer science, model checking or property checking is a method for checking whether a finite-state model of a system meets a given specification. This is typically associated with hardware or software systems, where the specification contains liveness requirements as well as safety requirements.

A hybrid system is a dynamical system that exhibits both continuous and discrete dynamic behavior – a system that can both flow and jump. Often, the term "hybrid dynamical system" is used, to distinguish over hybrid systems such as those that combine neural nets and fuzzy logic, or electrical and mechanical drivelines. A hybrid system has the benefit of encompassing a larger class of systems within its structure, allowing for more flexibility in modeling dynamic phenomena.

In logic, linear temporal logic or linear-time temporal logic (LTL) is a modal temporal logic with modalities referring to time. In LTL, one can encode formulae about the future of paths, e.g., a condition will eventually be true, a condition will be true until another fact becomes true, etc. It is a fragment of the more complex CTL*, which additionally allows branching time and quantifiers. LTL is sometimes called propositional temporal logic, abbreviated PTL. In terms of expressive power, linear temporal logic (LTL) is a fragment of first-order logic.

Formal equivalence checking process is a part of electronic design automation (EDA), commonly used during the development of digital integrated circuits, to formally prove that two representations of a circuit design exhibit exactly the same behavior.

In computer science Language Of Temporal Ordering Specification (LOTOS) is a formal specification language based on temporal ordering of events. LOTOS is used for communications protocol specification in International Organization for Standardization (ISO) Open Systems Interconnection model (OSI) standards.

SPIN is a general tool for verifying the correctness of concurrent software models in a rigorous and mostly automated fashion. It was written by Gerard J. Holzmann and others in the original Unix group of the Computing Sciences Research Center at Bell Labs, beginning in 1980. The software has been available freely since 1991, and continues to evolve to keep pace with new developments in the field.

Anatoly Abramovich Shalyto is a Russian scientist, doctor of sciences, and professor. He was awarded by Russian State Government in 2008 for his achievements in education and his development of the technology for Automata-based programming called "Switch-technology." He is also an initiator of the Open Project Documentation Initiative.

TAPAs is a tool for specifying and analyzing concurrent systems. Its aim is to support teaching of process algebras. Systems are described as process algebra terms that are then mapped to labeled transition systems (LTSs). Properties can be verified by checking equivalences between concrete and abstract system descriptions or by model checking temporal formulas over the obtained LTS. A key feature of TAPAs that makes it particularly suited for teaching is that it maintains a consistent graphical and textual representation of each system. After a change in the graphic notation, the textual representation is updated immediately; but after textual modifications, the update of the graphical representation has to be manually triggered.

TLA⁺ is a formal specification language developed by Leslie Lamport. It is used for designing, modelling, documentation, and verification of programs, especially concurrent systems and distributed systems. TLA⁺ is considered to be exhaustively-testable pseudocode, and its use likened to drawing blueprints for software systems; TLA is an acronym for Temporal Logic of Actions.

<span class="mw-page-title-main">Device driver synthesis and verification</span>

Device drivers are programs which allow software or higher-level computer programs to interact with a hardware device. These software components act as a link between the devices and the operating systems, communicating with each of these systems and executing commands. They provide an abstraction layer for the software above and also mediate the communication between the operating system kernel and the devices below.

SIGNAL is a programming language based on synchronized data-flow : a process is a set of equations on elementary flows describing both data and control.

In computer science E-LOTOS is a formal specification language designed between 1993 and 1999, and standardized by International Organization for Standardization (ISO) in 2001.

Patricia Bouyer-Decitre is a French theoretical computer scientist known for her research on timed automata, model checking, and temporal logic. She is a senior researcher for the French National Centre for Scientific Research (CNRS), and director of the Laboratoire Méthodes Formelles of CNRS and the École normale supérieure Paris-Saclay.

References

↑ Garavel H, Lang F, Mateescu R, Serwe W: CADP 2011: A Toolbox for the Construction and Analysis of Distributed Processes International Journal on Software Tools for Technology Transfer (STTT), 15(2):89-107, April 2013
↑ ISO 8807, Language of Temporal Ordering Specification
↑ CADP Online Request Form. Cadp.inria.fr (2011-08-30). Retrieved on 2014-06-16.
↑ H. Garavel. Compilation of LOTOS Abstract Data Types, in Proceedings of the 2nd International Conference on Formal Description Techniques FORTE'89 (Vancouver B.C., Canada), S. T. Vuong (editor), North-Holland, December 1989, p. 147–162.
↑ H. Garavel, J. Sifakis. Compilation and Verification of LOTOS Specifications, in Proceedings of the 10th International Symposium on Protocol Specification, Testing and Verification (Ottawa, Canada), L. Logrippo, R. L. Probert, H. Ural (editors), North-Holland, IFIP, June 1990, p. 379–394.
↑ H. Garavel. OPEN/CÆSAR: An Open Software Architecture for Verification, Simulation, and Testing, in Proceedings of the First International Conference on Tools and Algorithms for the Construction and Analysis of Systems TACAS'98 (Lisbon, Portugal), Berlin, B. Steffen (editor), Lecture Notes in Computer Science, Full version available as Inria Research Report RR-3352, Springer Verlag, March 1998, vol. 1384, p. 68–84.
↑ M. Hennessy, R. Milner. Algebraic Laws for Nondeterminism and Concurrency, in: Journal of the ACM, 1985, vol. 32, p. 137–161.
↑ E. M. Clarke, E. A. Emerson, A. P. Sistla. Automatic Verification of Finite-State Concurrent Systems using Temporal Logic Specifications, in: ACM Transactions on Programming Languages and Systems, April 1986, vol. 8, no 2, p. 244–263.
↑ R. De Nicola, F. W. Vaandrager. Action versus State Based Logics for Transition Systems, Lecture Notes in Computer Science, Springer Verlag, 1990, vol. 469, p. 407–419.
↑ H. Garavel, F. Lang. SVL: a Scripting Language for Compositional Verification, in: Proceedings of the 21st IFIP WG 6.1 International Conference on Formal Techniques for Networked and Distributed Systems FORTE'2001 (Cheju Island, Korea), M. Kim, B. Chin, S. Kang, D. Lee (editors), Full version available as Inria Research Report RR-4223, Kluwer Academic Publishers, IFIP, August 2001, p. 377–392.
↑ "Radu Mateescu wins the IT Award granted by Fondation Rhône-Alpes Futur".
↑ Isabelle Bellin (16 April 2011). "Hubert Garavel received the Gay-Lussac Humboldt Research Award". Archived from the original on 2016-07-10.
↑ "Results of the RERS Challenge 2019".
↑ "The CADP Newsletter Nr. 12 - April 10, 2019".
↑ "Results of the RERS Challenge 2020".
↑ "CNR-Inria Team Wins Gold Medals at the RERS 2020 Parallel CTL Challenge".
↑ "The CADP Newsletter Nr. 13 - February 22, 2021".
↑ "The Convecs team strengthens the security of parallel systems".
↑ "ETAPS Test-of-Time Tool Award".

External links

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Garavel H, Lang F, Mateescu R, Serwe W: CADP 2011: A Toolbox for the Construction and Analysis of Distributed Processes International Journal on Software Tools for Technology Transfer (STTT), 15(2):89-107, April 2013

[2] ISO 8807, Language of Temporal Ordering Specification

[3] CADP Online Request Form. Cadp.inria.fr (2011-08-30). Retrieved on 2014-06-16.

[4] H. Garavel. Compilation of LOTOS Abstract Data Types, in Proceedings of the 2nd International Conference on Formal Description Techniques FORTE'89 (Vancouver B.C., Canada), S. T. Vuong (editor), North-Holland, December 1989, p. 147–162.

[5] H. Garavel, J. Sifakis. Compilation and Verification of LOTOS Specifications, in Proceedings of the 10th International Symposium on Protocol Specification, Testing and Verification (Ottawa, Canada), L. Logrippo, R. L. Probert, H. Ural (editors), North-Holland, IFIP, June 1990, p. 379–394.

[6] H. Garavel. OPEN/CÆSAR: An Open Software Architecture for Verification, Simulation, and Testing, in Proceedings of the First International Conference on Tools and Algorithms for the Construction and Analysis of Systems TACAS'98 (Lisbon, Portugal), Berlin, B. Steffen (editor), Lecture Notes in Computer Science, Full version available as Inria Research Report RR-3352, Springer Verlag, March 1998, vol. 1384, p. 68–84.

[7] M. Hennessy, R. Milner. Algebraic Laws for Nondeterminism and Concurrency, in: Journal of the ACM, 1985, vol. 32, p. 137–161.

[8] E. M. Clarke, E. A. Emerson, A. P. Sistla. Automatic Verification of Finite-State Concurrent Systems using Temporal Logic Specifications, in: ACM Transactions on Programming Languages and Systems, April 1986, vol. 8, no 2, p. 244–263.

[9] R. De Nicola, F. W. Vaandrager. Action versus State Based Logics for Transition Systems, Lecture Notes in Computer Science, Springer Verlag, 1990, vol. 469, p. 407–419.

[10] H. Garavel, F. Lang. SVL: a Scripting Language for Compositional Verification, in: Proceedings of the 21st IFIP WG 6.1 International Conference on Formal Techniques for Networked and Distributed Systems FORTE'2001 (Cheju Island, Korea), M. Kim, B. Chin, S. Kang, D. Lee (editors), Full version available as Inria Research Report RR-4223, Kluwer Academic Publishers, IFIP, August 2001, p. 377–392.

[Radu_Mateescu_wins_the_IT_Award_granted_by_Fondation_Rhône-Alpes_Futur-11] "Radu Mateescu wins the IT Award granted by Fondation Rhône-Alpes Futur".

[Hubert_Garavel_received_the_Gay-Lussac_Humboldt_Research_Award-12] Isabelle Bellin (16 April 2011). "Hubert Garavel received the Gay-Lussac Humboldt Research Award". Archived from the original on 2016-07-10.

[Results_of_the_RERS_Challenge_2019-13] "Results of the RERS Challenge 2019".

[The_CADP_Newsletter_Nr._12_-_April_10,_2019-14] "The CADP Newsletter Nr. 12 - April 10, 2019".

[Results_of_the_RERS_Challenge_2020-15] "Results of the RERS Challenge 2020".

[CNR-Inria_Team_Wins_Gold_Medals_at_the_RERS_2020_Parallel_CTL_Challenge-16] "CNR-Inria Team Wins Gold Medals at the RERS 2020 Parallel CTL Challenge".

[The_CADP_Newsletter_Nr._13_-_February_22,_2021-17] "The CADP Newsletter Nr. 13 - February 22, 2021".

[The_Convecs_team_strengthens_the_security_of_parallel_systems-18] "The Convecs team strengthens the security of parallel systems".

[ETAPS_Test-of-Time_Tool_Award-19] "ETAPS Test-of-Time Tool Award".

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]