Work began on CADP in 1986, when the development of the first two tools, CAESAR and ALDEBARAN, was undertaken. In 1989, the CADP acronym was coined, which stood for CAESAR/ALDEBARAN Distribution Package. Over time, several tools were added, including programming interfaces that enabled tools to be contributed: the CADP acronym then became the CAESAR/ALDEBARAN Development Package. Currently CADP contains over 50 tools. While keeping the same acronym, the name of the toolbox has been changed to better indicate its purpose: Construction and Analysis of Distributed Processes.

Major releases edit

The releases of CADP have been successively named with alphabetic letters (from "A" to "Z"), then with the names of cities hosting academic research groups actively working on the LOTOS language and, more generally, the names of cities in which major contributions to concurrency theory have been made.

Between major releases, minor releases are often available, providing early access to new features and improvements. For more information, see the change list page on the CADP website.

CADP offers a wide set of functionalities, ranging from step-by-step simulation to massively parallel model checking. It includes:

• Compilers for several input formalisms:
  • High-level protocol descriptions written in the ISO language LOTOS.^[2] The toolbox contains two compilers (CAESAR and CAESAR.ADT) that translate LOTOS descriptions into C code to be used for simulation, verification, and testing purposes.
  • Low-level protocol descriptions specified as finite state machines.
  • Networks of communicating automata, i.e., finite state machines running in parallel and synchronized (either using process algebra operators or synchronization vectors).
• Several equivalence checking tools (minimization and comparisons modulo bisimulation relations), such as BCG_MIN and BISIMULATOR.
• Several model-checkers for various temporal logic and mu-calculus, such as EVALUATOR and XTL.
• Several verification algorithms combined: enumerative verification, on-the-fly verification, symbolic verification using binary decision diagrams, compositional minimization, partial orders, distributed model checking, etc.
• Plus other tools with advanced functionalities such as visual checking, performance evaluation, etc.

CADP is designed in a modular way and puts the emphasis on intermediate formats and programming interfaces (such as the BCG and OPEN/CAESAR software environments), which allow the CADP tools to be combined with other tools and adapted to various specification languages.

Models and verification techniques edit

Verification is comparison of a complex system against a set of properties characterizing the intended functioning of the system (for instance, deadlock freedom, mutual exclusion, fairness, etc.).

Most of the verification algorithms in CADP are based on the labeled transition systems (or, simply, automata or graphs) model, which consists of a set of states, an initial state, and a transition relation between states. This model is often generated automatically from high level descriptions of the system under study, then compared against the system properties using various decision procedures. Depending on the formalism used to express the properties, two approaches are possible:

• Behavioral properties express the intended functioning of the system in the form of automata (or higher level descriptions, which are then translated into automata). In such a case, the natural approach to verification is equivalence checking, which consists in comparing the system model and its properties (both represented as automata) modulo some equivalence or preorder relation. CADP contains equivalence checking tools that compare and minimize automata modulo various equivalence and preorder relations; some of these tools also apply to stochastic and probabilistic models (such as Markov chains). CADP also contains visual checking tools that can be used to verify a graphical representation of the system.
• Logical properties express the intended functioning of the system in the form of temporal logic formulas. In such a case, the natural approach to verification is model checking, which consists of deciding whether or not the system model satisfies the logical properties. CADP contains model checking tools for a powerful form of temporal logic, the modal mu-calculus, which is extended with typed variables and expressions so as to express predicates over the data contained in the model. This extension provides for properties that could not be expressed in the standard mu-calculus (for instance, the fact that the value of a given variable is always increasing along any execution path).

Although these techniques are efficient and automated, their main limitation is the state explosion problem, which occurs when models are too large to fit in computer memory. CADP provides software technologies for handling models in two complementary ways:

• Small models can be represented explicitly, by storing in memory all their states and transitions (exhaustive verification);
• Larger models are represented implicitly, by exploring only the model states and transitions needed for the verification (on the fly verification).

Languages and compilation techniques edit

Accurate specification of reliable, complex systems requires a language that is executable (for enumerative verification) and has formal semantics (to avoid any as language ambiguities that could lead to interpretation divergences between designers and implementors). Formal semantics are also required when it is necessary to establish the correctness of an infinite system; this cannot be done using enumerative techniques because they deal only with finite abstractions, so must be done using theorem proving techniques, which only apply to languages with a formal semantics.

CADP acts on a LOTOS description of the system. LOTOS is an international standard for protocol description (ISO/IEC standard 8807:1989), which combines the concepts of process algebras (in particular CCS and CSP and algebraic abstract data types. Thus, LOTOS can describe both asynchronous concurrent processes and complex data structures.

LOTOS was heavily revised in 2001, leading to the publication of E-LOTOS (Enhanced-Lotos, ISO/IEC standard 15437:2001), which tries to provide a greater expressiveness (for instance, by introducing quantitative time to describe systems with real-time constraints) together with a better user friendliness.

Several tools exist to convert descriptions in other process calculi or intermediate format into LOTOS, so that the CADP tools can then be used for verification.

CADP is distributed free of charge to universities and public research centers. Users in industry can obtain an evaluation license for non-commercial use during a limited period of time, after which a full license is required. To request a copy of CADP, complete the registration form at.^[3] After the license agreement has been signed, you will receive details of how to download and install CADP.

The toolbox contains several tools:

• CAESAR.ADT^[4] is a compiler that translates LOTOS abstract data types into C types and C functions. The translation involves pattern-matching compiling techniques and automatic recognition of usual types (integers, enumerations, tuples, etc.), which are implemented optimally.
• CAESAR^[5] is a compiler that translates LOTOS processes into either C code (for rapid prototyping and testing purposes) or finite graphs (for verification). The translation is done using several intermediate steps, among which the construction of a Petri net extended with typed variables, data handling features, and atomic transitions.
• OPEN/CAESAR^[6] is a generic software environment for developing tools that explore graphs on the fly (for instance, simulation, verification, and test generation tools). Such tools can be developed independently of any particular high level language. In this respect, OPEN/CAESAR plays a central role in CADP by connecting language-oriented tools with model-oriented tools. OPEN/CAESAR consists of a set of 16 code libraries with their programming interfaces, such as:
  • Caesar_Hash, which contains several hash functions
  • Caesar_Solve, which resolves boolean equation systems on the fly
  • Caesar_Stack, which implements stacks for depth-first search exploration
  • Caesar_Table, which handles tables of states, transitions, labels, etc.

A number of tools have been developed within the OPEN/CAESAR environment:

• • BISIMULATOR, which checks bisimulation equivalences and preorders
  • CUNCTATOR, which performs on-the-fly steady state simulation
  • DETERMINATOR, which eliminates stochastic nondeterminism in normal, probabilistic, or stochastic systems
  • DISTRIBUTOR, which generates the graph of reachable states using several machines
  • EVALUATOR, which evaluates regular alternation-free mu-calculus formulas
  • EXECUTOR, which performs random execution of code
  • EXHIBITOR, which searches for execution sequences matching a given regular expression
  • GENERATOR, which constructs the graph of reachable states
  • PREDICTOR, which predict the feasibility of reachability analysis,
  • PROJECTOR, which computes abstractions of communicating systems
  • REDUCTOR, which constructs and minimizes the graph of reachable states modulo various equivalence relations
  • SIMULATOR, X-SIMULATOR and OCIS, which allow interactive simulation
  • TERMINATOR, which searches for deadlock states
• BCG (Binary Coded Graphs) is both a file format for storing very large graphs on disk (using efficient compression techniques) and a software environment for handling this format, including partitioning graphs for distributed processing. BCG also plays a key role in CADP as many tools rely on this format for their inputs/outputs. The BCG environment consists of various libraries with their programming interfaces, and of several tools, including:
  • BCG_DRAW, which builds a two-dimensional view of a graph,
  • BCG_EDIT which allows to modify interactively the graph layout produced by Bcg_Draw
  • BCG_GRAPH, which generates various forms of practically useful graphs
  • BCG_INFO, which displays various statistical information about a graph
  • BCG_IO, which performs conversions between BCG and many other graph formats
  • BCG_LABELS, which hides and/or renames (using regular expressions) the transition labels of a graph
  • BCG_MERGE, which gathers graph fragments obtained from distributed graph construction
  • BCG_MIN, which minimizes a graph modulo strong or branching equivalences (and can also deal with probabilistic and stochastic systems)
  • BCG_STEADY, which performs steady-state numerical analysis of (extended) continuous-time Markov chains
  • BCG_TRANSIENT, which performs transient numerical analysis of (extended) continuous-time Markov chains
  • PBG_CP, which copies a partitioned BCG graph
  • PBG_INFO, which displays information about a partitioned BCG graph
  • PBG_MV which moves a partitioned BCG graph
  • PBG_RM, which removes a partitioned BCG graph
  • XTL (eXecutable Temporal Language), which is a high level, functional language for programming exploration algorithms on BCG graphs. XTL provides primitives to handle states, transitions, labels, successor and predecessor functions, etc. For instance, one can define recursive functions on sets of states, which allow to specify in XTL evaluation and diagnostic generation fixed point algorithms for usual temporal logics (such as HML,^[7] CTL,^[8] ACTL,^[9] etc.).

The connection between explicit models (such as BCG graphs) and implicit models (explored on the fly) is ensured by OPEN/CAESAR-compliant compilers including:

• • CAESAR.OPEN, for models expressed as LOTOS descriptions
  • BCG.OPEN, for models represented as BCG graphs
  • EXP.OPEN, for models expressed as communicating automata
  • FSP.OPEN, for models expressed as FSP descriptions
  • LNT.OPEN, for models expressed as LNT descriptions
  • SEQ.OPEN, for models represented as sets of execution traces

The CADP toolbox also includes additional tools, such as ALDEBARAN and TGV (Test Generation based on Verification) developed by the Verimag laboratory (Grenoble) and the Vertecs project-team of INRIA Rennes.

The CADP tools are well-integrated and can be accessed easily using either the EUCALYPTUS graphical interface or the SVL^[10] scripting language. Both EUCALYPTUS and SVL provide users with an easy, uniform access to the CADP tools by performing file format conversions automatically whenever needed and by supplying appropriate command-line options as the tools are invoked.

• In 2002, Radu Mateescu, who designed and developed the EVALUATOR model checker of CADP, received the Information Technology Award attributed during the 10th edition of the yearly symposium organized by the Foundation Rhône-Alpes Futur.^[11]

• In 2011, Hubert Garavel, software architect and developer of CADP, received the Gay-Lussac Humboldt Prize.^[12]

• In 2019, Frédéric Lang and Franco Mazzanti won all the gold medals for the parallel problems of the RERS challenge by using CADP to successfully and correctly evaluate 360 computational tree logic (CTL) and linear temporal logic (LTL) formulas on various sets of communicating state machines.^[13][14]

• In 2020, Frédéric Lang, Franco Mazzanti, and Wendelin Serwe won three gold medals at the RERS'2020 challenge by correctly solving 88% of the "Parallel CTL" problems, only giving "don't know" answers for 11 formulas out of 90.^[15][16][17]

• In 2021, Hubert Garavel, Frédéric Lang, Radu Mateescu, and Wendelin Serwe jointly won the Innovation Prize of Inria – Académie des sciences – Dassault Systèmes for their scientific work that led to the development of the CADP toolbox.^[18]

• In 2023, Hubert Garavel, Frédéric Lang, Radu Mateescu, and Wendelin Serwe jointly received, for the CADP toolbox, the first ever Test-of-Time Tool Award from ETAPS, the premier European forum for software science.^[19]

• SYNTAX compiler generator (used to build many CADP compilers and translators)

• http://cadp.inria.fr/
• http://vasy.inria.fr/
• http://convecs.inria.fr/