{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T21:02:03Z","timestamp":1760043723062,"version":"3.37.3"},"publisher-location":"Cham","reference-count":86,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319898834"},{"type":"electronic","value":"9783319898841"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-89884-1_22","type":"book-chapter","created":{"date-parts":[[2018,4,13]],"date-time":"2018-04-13T21:02:32Z","timestamp":1523653352000},"page":"619-650","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":23,"title":["Velisarios: Byzantine Fault-Tolerant Protocols Powered by Coq"],"prefix":"10.1007","author":[{"given":"Vincent","family":"Rahli","sequence":"first","affiliation":[]},{"given":"Ivana","family":"Vukotic","sequence":"additional","affiliation":[]},{"given":"Marcus","family":"V\u00f6lp","sequence":"additional","affiliation":[]},{"given":"Paulo","family":"Esteves-Verissimo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,4,14]]},"reference":[{"key":"22_CR1","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781139195881","volume-title":"Modeling in Event-B - System and Software Engineering","author":"J-R Abrial","year":"2010","unstructured":"Abrial, J.-R.: Modeling in Event-B - System and Software Engineering. Cambridge University Press, Cambridge (2010)"},{"issue":"6","key":"22_CR2","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1007\/s10009-010-0145-y","volume":"12","author":"J-R Abrial","year":"2010","unstructured":"Abrial, J.-R., Butler, M.J., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. STTT 12(6), 447\u2013466 (2010)","journal-title":"STTT"},{"key":"22_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"34","DOI":"10.1007\/978-3-319-22102-1_3","volume-title":"Interactive Theorem Proving","author":"A Anand","year":"2015","unstructured":"Anand, A., Knepper, R.: ROSCoq: robots powered by constructive reals. In: Urban, C., Zhang, X. (eds.) ITP 2015. LNCS, vol. 9236, pp. 34\u201350. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-22102-1_3"},{"key":"22_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1007\/978-3-662-43652-3_9","volume-title":"Abstract State Machines, Alloy, B, TLA, VDM, and Z","author":"MB Andriamiarina","year":"2014","unstructured":"Andriamiarina, M.B., M\u00e9ry, D., Singh, N.K.: Analysis of self-$$\\star $$\u22c6 and P2P systems using refinement. In: Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014. LNCS, vol. 8477, pp. 117\u2013123. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43652-3_9"},{"unstructured":"Async. https:\/\/janestreet.github.io\/guide-async.html","key":"22_CR5"},{"doi-asserted-by":"crossref","unstructured":"Aublin, P.-L., Mokhtar, S.B., Q\u00e9uma, V.: RBFT: redundant Byzantine fault tolerance. In: ICDCS 2013, pp. 297\u2013306. IEEE Computer Society (2013)","key":"22_CR6","DOI":"10.1109\/ICDCS.2013.53"},{"issue":"2","key":"22_CR7","doi-asserted-by":"publisher","first-page":"205","DOI":"10.1016\/0890-5401(92)90035-E","volume":"97","author":"A Bar-Noy","year":"1992","unstructured":"Bar-Noy, A., Dolev, D., Dwork, C., Raymond Strong, H.: Shifting gears: changing algorithms on the fly to expedite Byzantine agreement. Inf. Comput. 97(2), 205\u2013233 (1992)","journal-title":"Inf. Comput."},{"doi-asserted-by":"crossref","unstructured":"Bessani, A.N., Sousa, J., Alchieri, E.A.P.: State machine replication for the masses with BFT-SMART. In: DSN 2014, pp. 355\u2013362. IEEE (2014)","key":"22_CR8","DOI":"10.1109\/DSN.2014.43"},{"key":"22_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1007\/978-3-642-02414-6_9","volume-title":"Component-Based Software Engineering","author":"M Bickford","year":"2009","unstructured":"Bickford, M.: Component specification using event classes. In: Lewis, G.A., Poernomo, I., Hofmeister, C. (eds.) CBSE 2009. LNCS, vol. 5582, pp. 140\u2013155. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-02414-6_9"},{"key":"22_CR10","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1007\/978-3-540-32275-7_30","volume-title":"Logic for Programming, Artificial Intelligence, and Reasoning","author":"M Bickford","year":"2005","unstructured":"Bickford, M., Constable, R.C., Halpern, J.Y., Petride, S.: Knowledge-based synthesis of distributed systems using event structures. In: Baader, F., Voronkov, A. (eds.) LPAR 2005. LNCS (LNAI), vol. 3452, pp. 449\u2013465. Springer, Heidelberg (2005). https:\/\/doi.org\/10.1007\/978-3-540-32275-7_30"},{"unstructured":"Bickford, M., Constable, R.L., Rahli, V.: Logic of events, a framework to reason about distributed systems. In: Languages for Distributed Algorithms Workshop (2012)","key":"22_CR11"},{"issue":"2","key":"22_CR12","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1145\/1243418.1243422","volume":"41","author":"WJ Bolosky","year":"2007","unstructured":"Bolosky, W.J., Douceur, J.R., Howell, J.: The Farsite project: a retrospective. Oper. Syst. Rev. 41(2), 17\u201326 (2007)","journal-title":"Oper. Syst. Rev."},{"unstructured":"Mechanically Checked Safety Proof of a Byzantine Paxos Algorithm. http:\/\/lamport.azurewebsites.net\/tla\/byzpaxos.html","key":"22_CR13"},{"unstructured":"Castro, M.: Practical Byzantine Fault Tolerance. Also as Technical report MIT-LCS-TR-817. Ph.D. MIT, January 2001","key":"22_CR14"},{"unstructured":"Castro, M., Liskov, B.: A correctness proof for a practical Byzantine-fault-tolerant replication algorithm. Technical Memo MIT-LCS-TM-590. MIT, June 1999","key":"22_CR15"},{"unstructured":"Castro, M., Liskov, B.: Practical Byzantine fault tolerance. In: OSDI 1999, pp. 173\u2013186. USENIX Association (1999)","key":"22_CR16"},{"issue":"4","key":"22_CR17","doi-asserted-by":"publisher","first-page":"398","DOI":"10.1145\/571637.571640","volume":"20","author":"M Castro","year":"2002","unstructured":"Castro, M., Liskov, B.: Practical Byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398\u2013461 (2002)","journal-title":"ACM Trans. Comput. Syst."},{"key":"22_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"119","DOI":"10.1007\/978-3-319-48989-6_8","volume-title":"FM 2016: Formal Methods","author":"S Chand","year":"2016","unstructured":"Chand, S., Liu, Y.A., Stoller, S.D.: Formal verification of multi-paxos for distributed consensus. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A. (eds.) FM 2016. LNCS, vol. 9995, pp. 119\u2013136. Springer, Cham (2016). https:\/\/doi.org\/10.1007\/978-3-319-48989-6_8"},{"issue":"1","key":"22_CR19","doi-asserted-by":"publisher","first-page":"63","DOI":"10.1145\/214451.214456","volume":"3","author":"K Mani Chandy","year":"1985","unstructured":"Mani Chandy, K., Lamport, L.: Distributed snapshots: determining global states of distributed systems. ACM Trans. Comput. Syst. 3(1), 63\u201375 (1985)","journal-title":"ACM Trans. Comput. Syst."},{"issue":"1","key":"22_CR20","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/BF01843569","volume":"1","author":"K Mani Chandy","year":"1986","unstructured":"Mani Chandy, K., Misra, J.: How processes learn. Distrib. Comput. 1(1), 40\u201352 (1986)","journal-title":"Distrib. Comput."},{"key":"22_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"93","DOI":"10.1007\/978-3-642-04420-5_10","volume-title":"Reachability Problems","author":"M Chaouch-Saad","year":"2009","unstructured":"Chaouch-Saad, M., Charron-Bost, B., Merz, S.: A reduction theorem for the verification of round-based distributed algorithms. In: Bournez, O., Potapov, I. (eds.) RP 2009. LNCS, vol. 5797, pp. 93\u2013106. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-642-04420-5_10"},{"key":"22_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1007\/978-3-642-24550-3_11","volume-title":"Stabilization, Safety, and Security of Distributed Systems","author":"B Charron-Bost","year":"2011","unstructured":"Charron-Bost, B., Debrat, H., Merz, S.: Formal verification of consensus algorithms tolerating malicious faults. In: D\u00e9fago, X., Petit, F., Villain, V. (eds.) SSS 2011. LNCS, vol. 6976, pp. 120\u2013134. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-24550-3_11"},{"issue":"1","key":"22_CR23","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1007\/s00446-009-0084-6","volume":"22","author":"B Charron-Bost","year":"2009","unstructured":"Charron-Bost, B., Schiper, A.: The Heard-Of model: computing in distributed systems with benign faults. Distrib. Comput. 22(1), 49\u201371 (2009)","journal-title":"Distrib. Comput."},{"key":"22_CR24","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"142","DOI":"10.1007\/978-3-642-14203-1_12","volume-title":"Automated Reasoning","author":"K Chaudhuri","year":"2010","unstructured":"Chaudhuri, K., Doligez, D., Lamport, L., Merz, S.: Verifying safety properties with the TLA+ proof system. In: Giesl, J., H\u00e4hnle, R. (eds.) IJCAR 2010. LNCS (LNAI), vol. 6173, pp. 142\u2013148. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14203-1_12"},{"unstructured":"The Coq Proof Assistant. http:\/\/coq.inria.fr\/","key":"22_CR25"},{"issue":"9","key":"22_CR26","doi-asserted-by":"publisher","first-page":"2807","DOI":"10.1109\/TC.2015.2495213","volume":"65","author":"T Distler","year":"2016","unstructured":"Distler, T., Cachin, C., Kapitza, R.: Resource-efficient Byzantine fault tolerance. IEEE Trans. Comput. 65(9), 2807\u20132819 (2016)","journal-title":"IEEE Trans. Comput."},{"key":"22_CR27","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"161","DOI":"10.1007\/978-3-642-54013-4_10","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"C Dr\u0103goi","year":"2014","unstructured":"Dr\u0103goi, C., Henzinger, T.A., Veith, H., Widder, J., Zufferey, D.: A logic-based framework for verifying consensus algorithms. In: McMillan, K.L., Rival, X. (eds.) VMCAI 2014. LNCS, vol. 8318, pp. 161\u2013181. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-54013-4_10"},{"issue":"1","key":"22_CR28","doi-asserted-by":"publisher","first-page":"400","DOI":"10.1145\/2914770.2837650","volume":"51","author":"Cezara Dr\u0103goi","year":"2016","unstructured":"Dragoi, C., Henzinger, T.A., Zufferey, D.: PSync: a partially synchronous language for fault-tolerant distributed algorithms. In: POPL 2016, pp. 400\u2013415. ACM (2016)","journal-title":"ACM SIGPLAN Notices"},{"unstructured":"Dragoi, C., Henzinger, T.A., Zufferey, D.: The need for language support for fault-tolerant distributed systems. In: SNAPL 2015. LIPIcs, vol. 32, pp. 90\u2013102. Schloss Dagstuhl - Leibniz-Zentrum fuerInformatik (2015)","key":"22_CR29"},{"issue":"2","key":"22_CR30","doi-asserted-by":"publisher","first-page":"156","DOI":"10.1016\/0890-5401(90)90014-9","volume":"88","author":"C Dwork","year":"1990","unstructured":"Dwork, C., Moses, Y.: Knowledge and common knowledge in a Byzantine environment: crash failures. Inf. Comput. 88(2), 156\u2013186 (1990)","journal-title":"Inf. Comput."},{"issue":"4","key":"22_CR31","doi-asserted-by":"publisher","first-page":"199","DOI":"10.1007\/s004460050038","volume":"10","author":"R Fagin","year":"1997","unstructured":"Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.Y.: Knowledge-based programs. Distrib. Comput. 10(4), 199\u2013225 (1997)","journal-title":"Distrib. Comput."},{"key":"22_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1007\/978-3-319-10181-1_20","volume-title":"Integrated Formal Methods","author":"A F\u00fcrst","year":"2014","unstructured":"F\u00fcrst, A., Hoang, T.S., Basin, D., Desai, K., Sato, N., Miyazaki, K.: Code generation for Event-B. In: Albert, E., Sekerinski, E. (eds.) IFM 2014. LNCS, vol. 8739, pp. 323\u2013338. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-10181-1_20"},{"unstructured":"Garland, S., Lynch, N., Tauber, J., Vaziri, M.: IOA user guide and reference manual. Technical report MIT\/LCS\/TR-961. Laboratory for Computer Science, Massachusetts Institute of Technology, Cambridge, MA (2004)","key":"22_CR33"},{"unstructured":"Garland, S.J., Lynch, N.: Using I\/O automata for developing distributed systems. In: Foundations of Component Based Systems, pp. 285\u2013312. Cambridge University Press, New York (2000)","key":"22_CR34"},{"key":"22_CR35","doi-asserted-by":"publisher","first-page":"153","DOI":"10.1007\/s10009-008-0097-7","volume":"11","author":"C Georgiou","year":"2009","unstructured":"Georgiou, C., Lynch, N., Mavrommatis, P., Tauber, J.A.: Automated implementation of complex distributed algorithms specified in the IOA language. Int. J. Softw. Tools Technol. Transf. 11, 153\u2013171 (2009)","journal-title":"Int. J. Softw. Tools Technol. Transf."},{"doi-asserted-by":"crossref","unstructured":"Gifford, D.K.: Weighted voting for replicated data. In: SOSP 1979, pp. 150\u2013162. ACM (1979)","key":"22_CR36","DOI":"10.1145\/800215.806583"},{"issue":"1","key":"22_CR37","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1146\/annurev.cs.02.060187.000345","volume":"2","author":"JY Halpern","year":"1987","unstructured":"Halpern, J.Y.: Using reasoning about knowledge to analyze distributed systems. Ann. Rev. Comput. Sci. 2(1), 37\u201368 (1987). https:\/\/doi.org\/10.1146\/annurev.cs.02.060187.000345","journal-title":"Ann. Rev. Comput. Sci."},{"issue":"3","key":"22_CR38","doi-asserted-by":"publisher","first-page":"549","DOI":"10.1145\/79147.79161","volume":"37","author":"JY Halpern","year":"1990","unstructured":"Halpern, J.Y., Moses, Y.: Knowledge and common knowledge in a distributed environment. J. ACM 37(3), 549\u2013587 (1990)","journal-title":"J. ACM"},{"issue":"3","key":"22_CR39","doi-asserted-by":"publisher","first-page":"449","DOI":"10.1145\/146637.146638","volume":"39","author":"JY Halpern","year":"1992","unstructured":"Halpern, J.Y., Zuck, L.D.: A little knowledge goes a long way: knowledge-based derivations and correctness proofs for a family of protocols. J. ACM 39(3), 449\u2013478 (1992)","journal-title":"J. ACM"},{"doi-asserted-by":"crossref","unstructured":"Hawblitzel, C., Howell, J., Kapritsos, M., Lorch, J.R., Parno, B., Roberts, M.L., Setty, S.T.V., Zill, B.: IronFleet: proving practical distributed systems correct. In: SOSP 2015, pp. 1\u201317. ACM (2015)","key":"22_CR40","DOI":"10.1145\/2815400.2815428"},{"issue":"7","key":"22_CR41","doi-asserted-by":"publisher","first-page":"83","DOI":"10.1145\/3068608","volume":"60","author":"C Hawblitzel","year":"2017","unstructured":"Hawblitzel, C., Howell, J., Kapritsos, M., Lorch, J.R., Parno, B., Roberts, M.L., Setty, S.T.V., Zill, B.: IronFleet: proving safety and liveness of practical distributed systems. Commun. ACM 60(7), 83\u201392 (2017)","journal-title":"Commun. ACM"},{"doi-asserted-by":"crossref","unstructured":"Herlihy, M., Wing, J.M.: Axioms for concurrent objects. In: POPL 1987, pp. 13\u201326. ACM Press (1987)","key":"22_CR42","DOI":"10.21236\/ADA200584"},{"key":"22_CR43","series-title":"Advances in Information Security","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4614-0977-9","volume-title":"Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats","author":"S Jajodia","year":"2011","unstructured":"Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C., Wang, X.S.: Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats. Advances in Information Security, vol. 54. Springer, New York (2011). https:\/\/doi.org\/10.1007\/978-1-4614-0977-9"},{"issue":"2","key":"22_CR44","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1023\/A:1022969405325","volume":"22","author":"R Joshi","year":"2003","unstructured":"Joshi, R., Lamport, L., Matthews, J., Tasiran, S., Tuttle, M.R., Yuan, Y.: Checking cache-coherence protocols with TLA$$^{+}$$+. Formal Methods Syst. Des. 22(2), 125\u2013131 (2003)","journal-title":"Formal Methods Syst. Des."},{"doi-asserted-by":"crossref","unstructured":"Kapitza, R., Behl, J., Cachin, C., Distler, T., Kuhnle, S., Mohammadi, S.V., Schr\u00f6der-Preikschat, W., Stengel, K.: CheapBFT: resource-efficient Byzantine fault tolerance. In: EuroSys 2012, pp. 295\u2013308. ACM (2012)","key":"22_CR45","DOI":"10.1145\/2168836.2168866"},{"unstructured":"Kokoris-Kogias, E., Jovanovic, P., Gailly, N., Khoffi, I., Gasser, L., Ford, B.: Enhancing Bitcoin security and performance with strong consistency via collective signing. In: USENIX Security Symposium, pp. 279\u2013296. USENIX Association (2016)","key":"22_CR46"},{"issue":"1","key":"22_CR47","doi-asserted-by":"publisher","first-page":"719","DOI":"10.1145\/3093333.3009860","volume":"52","author":"Igor Konnov","year":"2017","unstructured":"Konnov, I.V., Lazic, M., Veith, H., Widder, J.: A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms. In: POPL 2017, pp. 719\u2013734. ACM (2017)","journal-title":"ACM SIGPLAN Notices"},{"key":"22_CR48","doi-asserted-by":"publisher","first-page":"95","DOI":"10.1016\/j.ic.2016.03.006","volume":"252","author":"IV Konnov","year":"2017","unstructured":"Konnov, I.V., Veith, H., Widder, J.: On the completeness of bounded model checking for threshold-based distributed algorithms: reachability. Inf. Comput. 252, 95\u2013109 (2017)","journal-title":"Inf. Comput."},{"key":"22_CR49","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/978-3-319-21690-4_6","volume-title":"Computer Aided Verification","author":"I Konnov","year":"2015","unstructured":"Konnov, I., Veith, H., Widder, J.: SMT and POR beat counter abstraction: parameterized model checking of threshold-based distributed algorithms. In: Kroening, D., P\u0103s\u0103reanu, C.S. (eds.) CAV 2015, Part I. LNCS, vol. 9206, pp. 85\u2013102. Springer, Cham (2015). https:\/\/doi.org\/10.1007\/978-3-319-21690-4_6"},{"unstructured":"Krenick\u00fd, R., Ulbrich, M.: Deductive verification of a Byzantine agreement protocol. Technical report 2010-7. Karlsruhe Institute of Technology, Department of Computer Science (2010)","key":"22_CR50"},{"unstructured":"Lamport, L.: Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers. Addison-Wesley, Boston (2004)","key":"22_CR51"},{"issue":"3","key":"22_CR52","doi-asserted-by":"publisher","first-page":"872","DOI":"10.1145\/177492.177726","volume":"16","author":"L Lamport","year":"1994","unstructured":"Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872\u2013923 (1994)","journal-title":"ACM Trans. Program. Lang. Syst."},{"issue":"7","key":"22_CR53","doi-asserted-by":"publisher","first-page":"558","DOI":"10.1145\/359545.359563","volume":"21","author":"L Lamport","year":"1978","unstructured":"Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558\u2013565 (1978)","journal-title":"Commun. ACM"},{"issue":"3","key":"22_CR54","doi-asserted-by":"publisher","first-page":"382","DOI":"10.1145\/357172.357176","volume":"4","author":"L Lamport","year":"1982","unstructured":"Lamport, L., Shostak, R.E., Pease, M.C.: The Byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382\u2013401 (1982)","journal-title":"ACM Trans. Program. Lang. Syst."},{"key":"22_CR55","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"348","DOI":"10.1007\/978-3-642-17511-4_20","volume-title":"Logic for Programming, Artificial Intelligence, and Reasoning","author":"KRM Leino","year":"2010","unstructured":"Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) LPAR-16. LNCS (LNAI), vol. 6355, pp. 348\u2013370. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17511-4_20"},{"key":"22_CR56","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/978-3-642-21461-5_16","volume-title":"Formal Techniques for Distributed Systems","author":"T Lu","year":"2011","unstructured":"Lu, T., Merz, S., Weidenbach, C.: Towards verification of the pastry protocol using TLA+. In: Bruni, R., Dingel, J. (eds.) FMOODS\/FORTE 2011. LNCS, vol. 6722, pp. 244\u2013258. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-21461-5_16"},{"key":"22_CR57","volume-title":"Distributed Algorithms","author":"NA Lynch","year":"1996","unstructured":"Lynch, N.A.: Distributed Algorithms. Morgan Kaufmann, San Francisco (1996)"},{"doi-asserted-by":"crossref","unstructured":"Lynch, N.A., Tuttle, M.R.: Hierarchical correctness proofs for distributed algorithms. In: PODC 1987, pp. 137\u2013151. ACM (1987)","key":"22_CR58","DOI":"10.1145\/41840.41852"},{"doi-asserted-by":"crossref","unstructured":"Malkhi, D., Reiter, M.K.: Byzantine quorum systems. In: STOC 1997, pp. 569\u2013578. ACM (1997)","key":"22_CR59","DOI":"10.1145\/258533.258650"},{"unstructured":"Mattern, F.: Virtual time and global states of distributed systems. In: Proceedings of the Workshop on Parallel and Distributed Algorithms, pp. 215\u2013226. North-Holland\/Elsevier (1989). Reprinted. In: Yang, Z., Marsland, T.A. (eds.) Global States and Time in Distributed Systems, pp. 123\u2013133. IEEE (1994)","key":"22_CR60"},{"doi-asserted-by":"crossref","unstructured":"M\u00e9ry, D., Singh, N.K.: Automatic code generation from event-B models. In: Symposium on Information and Communication Technology, SoICT 2011, pp. 179\u2013188. ACM (2011)","key":"22_CR61","DOI":"10.1145\/2069216.2069252"},{"key":"22_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"337","DOI":"10.1007\/978-3-540-78800-3_24","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"L Moura de","year":"2008","unstructured":"de Moura, L., Bj\u00f8rner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337\u2013340. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-78800-3_24"},{"key":"22_CR63","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/978-3-662-43652-3_3","volume-title":"Abstract State Machines, Alloy, B, TLA, VDM, and Z","author":"C Newcombe","year":"2014","unstructured":"Newcombe, C.: Why Amazon chose TLA+. In: Ait Ameur, Y., Schewe, K.D. (eds.) ABZ 2014. LNCS, vol. 8477, pp. 25\u201339. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-662-43652-3_3"},{"issue":"4","key":"22_CR64","doi-asserted-by":"publisher","first-page":"66","DOI":"10.1145\/2699417","volume":"58","author":"C Newcombe","year":"2015","unstructured":"Newcombe, C., Rath, T., Zhang, F., Munteanu, B., Brooker, M., Deardeuff, M.: How Amazon web services uses formal methods. Commun. ACM 58(4), 66\u201373 (2015)","journal-title":"Commun. ACM"},{"key":"22_CR65","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1016\/0304-3975(81)90112-2","volume":"13","author":"M Nielsen","year":"1981","unstructured":"Nielsen, M., Plotkin, G.D., Winskel, G.: Petri Nets, event structures and domains, Part I. Theor. Comput. Sci. 13, 85\u2013108 (1981)","journal-title":"Theor. Comput. Sci."},{"unstructured":"nocrypto. https:\/\/github.com\/mirleft\/ocaml-nocrypto","key":"22_CR66"},{"unstructured":"Ongaro, D., Ousterhout, J.K.: In search of an understandable consensus algorithm. In: 2014 USENIX Annual Technical Conference, USENIX ATC 2014, Philadelphia, PA, USA, 19\u201320 June 2014, pp. 305\u2013319. USENIX Association (2014)","key":"22_CR67"},{"issue":"2","key":"22_CR68","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1109\/32.345827","volume":"21","author":"S Owre","year":"1995","unstructured":"Owre, S., Rushby, J.M., Shankar, N., von Henke, F.W.: Formal verification for fault-tolerant architectures: prolegomena to the design of PVS. IEEE Trans. Softw. Eng. 21(2), 107\u2013125 (1995)","journal-title":"IEEE Trans. Softw. Eng."},{"issue":"6","key":"22_CR69","doi-asserted-by":"publisher","first-page":"614","DOI":"10.1145\/2980983.2908118","volume":"51","author":"Oded Padon","year":"2016","unstructured":"Padon, O., McMillan, K.L., Panda, A., Sagiv, M., Shoham, S.: Ivy: safety verification by interactive generalization. In: PLDI 2016, pp. 614\u2013630. ACM (2016)","journal-title":"ACM SIGPLAN Notices"},{"issue":"2","key":"22_CR70","doi-asserted-by":"publisher","first-page":"73","DOI":"10.1007\/BF02252679","volume":"6","author":"P Panangaden","year":"1992","unstructured":"Panangaden, P., Taylor, K.: Concurrent common knowledge: defining agreement for asynchronous systems. Distrib. Comput. 6(2), 73\u201393 (1992)","journal-title":"Distrib. Comput."},{"key":"22_CR71","doi-asserted-by":"publisher","first-page":"26","DOI":"10.1016\/j.scico.2017.05.009","volume":"148","author":"Vincent Rahli","year":"2017","unstructured":"Rahli, V., Guaspari, D., Bickford, M., Constable, R.L.: EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems. In: SCP (2017)","journal-title":"Science of Computer Programming"},{"key":"22_CR72","volume-title":"The Theory and Practice of Concurrency","author":"AW Roscoe","year":"1997","unstructured":"Roscoe, A.W., Hoare, C.A.R., Bird, R.: The Theory and Practice of Concurrency. Prentice Hall PTR, Upper Saddle River (1997)"},{"doi-asserted-by":"crossref","unstructured":"Schiper, N., Rahli, V., van Renesse, R., Bickford, M., Constable, R.L.: Developing correctly replicated databases using formal tools. In: DSN 2014, pp. 395\u2013406. IEEE (2014)","key":"22_CR73","DOI":"10.1109\/DSN.2014.45"},{"doi-asserted-by":"crossref","unstructured":"Schmid, U., Weiss, B., Rushby, J.M.: Formally verified Byzantine agreement in presence of link faults. In: ICDCS, pp. 608\u2013616 (2002)","key":"22_CR74","DOI":"10.1109\/ICDCS.2002.1022311"},{"doi-asserted-by":"crossref","unstructured":"Sergey, I., Wilcox, J.R., Tatlock, Z.: Programming and proving with distributed protocols. In: POPL 2018 (2018)","key":"22_CR75","DOI":"10.1145\/3158116"},{"unstructured":"Sousa, P.: Proactive resilience. Ph.D. thesis. Faculty of Sciences, University of Lisbon, Lisbon, May 2007","key":"22_CR76"},{"key":"22_CR77","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"699","DOI":"10.1007\/978-3-662-49498-1_27","volume-title":"Programming Languages and Systems","author":"AJ Summers","year":"2016","unstructured":"Summers, A.J., M\u00fcller, P.: Actor services. In: Thiemann, P. (ed.) ESOP 2016. LNCS, vol. 9632, pp. 699\u2013726. Springer, Heidelberg (2016). https:\/\/doi.org\/10.1007\/978-3-662-49498-1_27"},{"unstructured":"Tauber, J.A.: Verifiable compilation of I\/O automata without global synchronization. Ph.D. thesis. Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA (2004)","key":"22_CR78"},{"issue":"2","key":"22_CR79","doi-asserted-by":"publisher","first-page":"180","DOI":"10.1145\/320071.320076","volume":"4","author":"RH Thomas","year":"1979","unstructured":"Thomas, R.H.: A majority consensus approach to concurrency control for multiple copy databases. ACM Trans. Database Syst. 4(2), 180\u2013209 (1979)","journal-title":"ACM Trans. Database Syst."},{"doi-asserted-by":"crossref","unstructured":"Tsuchiya, T., Schiper, A.: Model checking of consensus algorithm. In: SRDS 2007, pp. 137\u2013148. IEEE Computer Society (2007)","key":"22_CR80","DOI":"10.1109\/SRDS.2007.4365691"},{"key":"22_CR81","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"466","DOI":"10.1007\/978-3-540-87779-0_32","volume-title":"Distributed Computing","author":"T Tsuchiya","year":"2008","unstructured":"Tsuchiya, T., Schiper, A.: Using bounded model checking to verify consensus algorithms. In: Taubenfeld, G. (ed.) DISC 2008. LNCS, vol. 5218, pp. 466\u2013480. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-87779-0_32"},{"issue":"1","key":"22_CR82","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1109\/TC.2011.221","volume":"62","author":"GS Veronese","year":"2013","unstructured":"Veronese, G.S., Correia, M., Bessani, A.N., Lung, L.C., Ver\u00edssimo, P.: Efficient Byzantine fault-tolerance. IEEE Trans. Comput. 62(1), 16\u201330 (2013)","journal-title":"IEEE Trans. Comput."},{"key":"22_CR83","first-page":"125","volume":"101","author":"M Vukolic","year":"2010","unstructured":"Vukolic, M.: The origin of quorum systems. Bull. EATCS 101, 125\u2013147 (2010)","journal-title":"Bull. EATCS"},{"unstructured":"Wilcox, J.R., Sergey, I., Tatlock, Z.: Programming language abstractions for modularly verified distributed systems. In: SNAPL 2017. LIPIcs, vol. 71, pp. 19:1\u201319:12. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2017)","key":"22_CR84"},{"issue":"6","key":"22_CR85","doi-asserted-by":"publisher","first-page":"357","DOI":"10.1145\/2813885.2737958","volume":"50","author":"James R. Wilcox","year":"2015","unstructured":"Wilcox, J.R., Woos, D., Panchekha, P., Tatlock, Z., Wang, X., Ernst, M.D., Anderson, T.E.: Verdi: a framework for implementing and formally verifying distributed systems. In: PLDI 2015, pp. 357\u2013368. ACM (2015)","journal-title":"ACM SIGPLAN Notices"},{"doi-asserted-by":"crossref","unstructured":"Woos, D., Wilcox, J.R., Anton, S., Tatlock, Z., Ernst, M.D., Anderson, T.E.: Planning for change in a formal verification of the raft consensus protocol. In: CPP 2016, pp. 154\u2013165. ACM (2016)","key":"22_CR86","DOI":"10.1145\/2854065.2854081"}],"container-title":["Lecture Notes in Computer Science","Programming Languages and Systems"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-89884-1_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,15]],"date-time":"2019-10-15T16:33:24Z","timestamp":1571157204000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-89884-1_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319898834","9783319898841"],"references-count":86,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-89884-1_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2018]]}}}