A. Abbassi, A. Bandali, N. Day, and J. Serna, A Comparison of the Declarative Modelling Languages B, Dash, and TLA+, 2018 IEEE 8th International Model-Driven Requirements Engineering Workshop (MoDRE), pp.11-20, 2018.

J. Abrial, The B-book: assigning programs to meanings, 2005.

A. ;. Tla and Z. Vdm, 6th International ABZ Conference ASM, 2018.

H. Attiya and J. Welch, Distributed Computing: Fundamentals, Simulations and Advanced Topics, 2004.

N. Azmy, S. Merz, and C. Weidenbach, A machine-checked correctness proof for Pastry, Sci. Comput. Program, vol.158, pp.64-80, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01768758

T. Ball, R. Majumdar, T. D. Millstein, and S. K. Rajamani, Automatic Predicate Abstraction of C Programs, PLDI, pp.203-213, 2001.

M. Barnett, -. Bor, R. Chang, B. Deline, K. Jacobs et al., Boogie: A modular reusable verifier for object-oriented programs, International Symposium on Formal Methods for Components and Objects, pp.364-387, 2005.

M. Barnett, M. Rustan, W. Leino, and . Schulte, The Spec# programming system: An overview, International Workshop on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, pp.49-69, 2004.

C. Barrett, P. Fontaine, and C. Tinelli, The SMT-LIB Standard: Version 2.6, 2017.

P. Behm, P. Benoit, A. Faivre, and J. Meynadier, METEOR: A successful application of B in a large project, International Symposium on Formal Methods, pp.369-387, 1999.

I. Berkovits, M. Lazic, and G. Losa, Verification of Threshold-Based Distributed Algorithms by Decomposition to Decidable Logics, pp.245-266, 2019.

Y. Bertot and P. Castéran, Interactive theorem proving and program development: Coq'Art: the calculus of inductive constructions, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00344237

S. Jasmin-christian-blanchette, L. Böhme, and . Paulson, Extending Sledgehammer with SMT solvers, Journal of automated reasoning, vol.51, pp.109-128, 2013.

M. Carlsson, J. Widen, J. Andersson, S. Andersson, K. Boortz et al., SICStus Prolog user's manual, vol.3, 1988.

R. Cavada, A. Cimatti, M. Dorigatti, A. Griggio, A. Mariotti et al., The nuXmv symbolic model checker, International Conference on Computer Aided Verification, pp.334-342, 2014.

A. Champion, A. Mebsout, C. Sticksel, and C. Tinelli, The Kind 2 model checker, International Conference on Computer Aided Verification, pp.510-517, 2016.

K. Chaudhuri, D. Doligez, L. Lamport, and S. Merz, The TLA + proof system: Building a heterogeneous verification platform, Theoretical aspects of computing, pp.44-44, 2010.
URL : https://hal.archives-ouvertes.fr/inria-00521886

A. Cimatti, E. Clarke, E. Giunchiglia, F. Giunchiglia, M. Pistore et al., Nusmv 2: An opensource tool for symbolic model checking, International Conference on Computer Aided Verification, pp.359-364, 2002.

E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith, Counterexample-guided abstraction refinement for symbolic model checking, J. ACM, vol.50, pp.752-794, 2003.

E. Cohen, M. Dahlweid, M. Hillebrand, D. Leinenbach, M. Moskal et al., VCC: A practical system for verifying concurrent C, International Conference on Theorem Proving in Higher Order Logics, pp.23-42, 2009.

E. Cohen and L. Lamport, Reduction in TLA, CONCUR (LNCS), pp.317-331, 1998.

M. Cristiá and G. Rossi, A Decision Procedure for Sets, Binary Relations and Partial Functions, CAV, pp.179-198, 2016.

A. Damian, C. Dragoi, A. Militaru, and J. Widder, Communication-Closed Asynchronous Protocols, CAV, pp.344-363, 2019.
URL : https://hal.archives-ouvertes.fr/hal-01991415

L. De-moura and N. Bjørner, Z3: An efficient SMT solver, TACAS. LNCS, vol.1579, pp.337-340, 2008.

G. Delzanno, M. Tatarek, and R. Traverso, Model Checking Paxos in Spin, Proceedings Fifth International Symposium on Games, Automata, Logics and Formal Verification, pp.131-146, 2014.

C. Dr?goi, T. A. Henzinger, H. Veith, J. Widder, and D. Zufferey, A Logic-based Framework for Verifying Consensus Algorithms, VMCAI, vol.8318, pp.161-181, 2014.

C. Dr?goi, T. A. Henzinger, and D. Zufferey, PSync: a partially synchronous language for fault-tolerant distributed algorithms, pp.400-415, 2016.

B. Ekici, A. Mebsout, C. Tinelli, C. Keller, G. Katz et al., SMTCoq: A plug-in for integrating SMT solvers into Coq, International Conference on Computer Aided Verification, pp.126-133, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01669345

E. Aboubakr-achraf, M. Ghazi, and . Taghdiri, Relational reasoning via SMT solving, International Symposium on Formal Methods, pp.133-148, 2011.

A. Farzan, Z. Kincaid, and A. Podelski, Proving Liveness of Parameterized Programs, LICS, pp.185-196, 2016.

E. Gafni and L. Lamport, Disk Paxos. Distributed Computing, vol.16, pp.1-20, 2003.

J. Stephen, N. A. Garland, and . Lynch, The IOA language and toolset: Support for designing, analyzing, and building distributed systems, 1998.

J. Gray and L. Lamport, Consensus on transaction commit, ACM Trans. Database Syst, vol.31, issue.1, pp.133-160, 2006.

R. Guerraoui, N. Kne?evi?, V. Quéma, and M. Vukoli?, The next 700 BFT protocols, Proceedings of the 5th European conference on Computer systems, pp.363-376, 2010.
URL : https://hal.archives-ouvertes.fr/hal-00945717

J. Gustafson, Kafka Improvement Proposal 320, 2019.

D. Hansen and M. Leuschel, Translating TLA + to B for Validation with ProB, IFM, pp.24-38, 2012.

C. Hawblitzel, J. Howell, M. Kapritsos, J. R. Lorch, B. Parno et al., IronFleet: Proving Safety and Liveness of Practical Distributed Systems, Commun. ACM, vol.60, issue.7, pp.83-92, 2017.

C. Hoare, An axiomatic basis for computer programming, The SPIN Model Checker, vol.12, pp.576-580, 1969.

H. Howard, D. Malkhi, and A. Spiegelman, Flexible Paxos: Quorum Intersection Revisited, OPODIS, vol.25, p.14, 2016.

D. Jackson, Software Abstractions: logic, language, and analysis, 2012.

B. Cliff and . Jones, Systematic software development using VDM, vol.2, 1990.

I. Konnov, J. Kukovec, and T. Tran, APALACHE Model Checker, 2019.

I. Konnov, M. Lazic, H. Veith, and J. Widder, Para 2 : Parameterized Path Reduction, Acceleration, and SMT for Reachability in Threshold-Guarded Distributed Algorithms, Formal Methods in System Design, vol.51, pp.270-307, 2017.

I. Konnov, M. Lazi?, H. Veith, and J. Widder, A Short Counterexample Property for Safety and Liveness Verification of Fault-tolerant Distributed Algorithms, pp.719-734, 2017.

S. Krings, J. Schmidt, C. Brings, M. Frappier, M. Leuschel et al., A Translation from Alloy to B, International Conference on Abstract State Machines, pp.71-86, 2018.

J. Kukovec, T. Tran, I. Konnov, ;. Tla, V. et al., Extracting Symbolic Transitions from TLA+ Specifications, Abstract State Machines, pp.89-104, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01871131

V. Kuncak, H. Huu, M. C. Nguyen, and . Rinard, An Algorithm for Deciding BAPA: Boolean Algebra with Presburger Arithmetic, pp.260-277, 2005.

L. Lamport, The Temporal Logic of Actions, ACM Trans. Program. Lang. Syst, vol.16, pp.872-923, 1994.

L. Lamport, Specifying systems: The TLA+ language and tools for hardware and software engineers, 2002.

L. Lamport, Byzantizing Paxos by Refinement, DISC, vol.6950, pp.211-224, 2011.

L. Lamport, TLA +2 : A Preliminary Guide, ACM Sigact News, vol.32, pp.18-25, 2001.

B. Lampson, E. Howard, and . Sturgis, Crash recovery in a distributed data storage system, 1979.

M. K-rustan and . Leino, This is boogie 2, vol.178, p.9, 2008.

M. K-rustan and . Leino, Dafny: An automatic program verifier for functional correctness, International Conference on Logic for Programming Artificial Intelligence and Reasoning, pp.348-370, 2010.

M. Leuschel and M. Butler, ProB: an automated analysis toolset for the B method, International Journal on Software Tools for Technology Transfer, vol.10, pp.185-203, 2008.

R. J. Lipton, Reduction: A Method of Proving Properties of Parallel Programs, Commun. ACM, vol.18, pp.717-721, 1975.

A. Nancy and . Lynch, Distributed algorithms, 1996.

N. A. Lynch and E. W. Stark, A Proof of the Kahn Principle for Input/Output Automata, Inf. Comput, vol.82, pp.81-92, 1989.

N. Macedo, J. Brunel, D. Chemouil, A. Cunha, and D. Kuperberg, Lightweight specification and analysis of dynamic systems with rich configurations, Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp.373-383, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01355062

N. Macedo and A. Cunha, Alloy meets TLA+: An exploratory study, 2016.

O. Maric, C. Sprenger, and D. A. Basin, Cutoff Bounds for Consensus Algorithms, CAV, pp.217-237, 2017.

. Kenneth-l-mcmillan, The SMV system, Symbolic Model Checking, pp.61-85, 1993.

S. Meier and B. Schmidt, Cas Cremers, and David Basin. 2013. The TAMARIN prover for the symbolic analysis of security protocols, International Conference on Computer Aided Verification, pp.696-701

B. Meng, A. Reynolds, C. Tinelli, and C. Barrett, Relational constraint solving in SMT, International Conference on Automated Deduction, pp.148-165, 2017.

S. Merz, The Specification Language TLA +, Logics of Specification Languages, pp.401-451, 2008.
URL : https://hal.archives-ouvertes.fr/inria-00338330

S. Merz, On the Logic of TLA +, Computing and Informatics, vol.22, pp.351-379, 2012.
URL : https://hal.archives-ouvertes.fr/inria-00099800

S. Merz and H. Vanzetto, Automatic Verification of TLA + Proof Obligations with SMT Solvers, LPAR, vol.7180, pp.289-303, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00760570

S. Merz and H. Vanzetto, Encoding TLA+ into unsorted and many-sorted first-order logic, Science of Computer Programming, vol.158, pp.3-20, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01768750

I. Moraru, M. David-g-andersen, and . Kaminsky, There is more consensus in egalitarian parliaments, SOSP. ACM, pp.358-372, 2013.

C. ;. Newcombe, . Tla, Z. Vdm, and . Springer, Why amazon chose TLA+, International Conference on Abstract State Machines, pp.25-39, 2014.

C. Newcombe, T. Rath, F. Zhang, B. Munteanu, M. Brooker et al., How Amazon web services uses formal methods, Comm. ACM, vol.58, pp.66-73, 2015.

T. Nipkow, C. Lawrence, M. Paulson, and . Wenzel, Isabelle/HOL: a proof assistant for higher-order logic, vol.2283, 2002.

D. Ongaro, Consensus: Bridging theory and practice, 2014.

O. Padon, G. Losa, M. Sagiv, and S. Shoham, Paxos made EPR: decidable reasoning about distributed protocols, PACMPL, vol.1, p.31, 2017.

C. Lawrence, K. Paulson, and . Susanto, Source-level proof reconstruction for interactive theorem proving, International Conference on Theorem Proving in Higher Order Logics, pp.232-245, 2007.

D. Plagge and M. Leuschel, Validating B, Z and TLA+ using ProB and Kodkod, International Symposium on Formal Methods, pp.372-386, 2012.

V. Rahli, D. Guaspari, M. Bickford, and R. L. Constable, EventML: Specification, verification, and implementation of crash-tolerant state machine replication systems, Sci. Comput. Program, vol.148, pp.26-48, 2017.

M. Raynal, Communication and Agreement Abstractions for Fault-Tolerant Asynchronous Distributed Systems, 2010.
URL : https://hal.archives-ouvertes.fr/inria-00543036

I. Sergey, J. R. Wilcox, and Z. Tatlock, Programming and proving with distributed protocols, POPL, vol.2, p.30, 2018.

M. Spivey, The Z notation, 1992.

N. Swamy, C. Hri?cu, C. Keller, A. Rastogi, A. Delignat-lavaud et al., Dependent types and multi-monadic effects in F, In ACM SIGPLAN Notices, vol.51, pp.256-270, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01265793

C. Tinelli, A. Reynolds, C. Barrett, and K. Bansal, Reasoning with Finite Sets and Cardinality Constraints in SMT, Logical Methods in Computer Science, vol.14, 2018.

. Tlaplus, A collection of TLA+ specifications of varying complexities, International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pp.632-647, 2007.

N. Klaus-von-gleissenthall, A. Bjørner, and . Rybalchenko, Cardinalities and universal quantifiers for verifying parameterized systems, PLDI, pp.599-613, 2016.

R. G. Klaus-von-gleissenthall, A. Kici, D. Bakst, R. Stefan, and . Jhala, Pretend synchrony: synchronous verification of asynchronous distributed programs, PACMPL, vol.3, p.30, 2019.

H. Wayne, , 2018.

J. R. Wilcox, D. Woos, P. Panchekha, Z. Tatlock, X. Wang et al., Verdi: a framework for implementing and formally verifying distributed systems, PLDI, pp.357-368, 2015.

K. Yessenov, R. Piskac, and V. Kuncak, Collections, Cardinalities, and Relations, VMCAI, pp.380-395, 2010.

Y. Yu, P. Manolios, and L. Lamport, Model checking TLA + specifications, Correct Hardware Design and Verification Methods, pp.54-66, 1999.

P. Zave, Using lightweight modeling to understand Chord, ACM SIGCOMM Computer Communication Review, vol.42, pp.49-57, 2012.

P. Zave, A practical comparison of Alloy and Spin, Formal Aspects of Computing, vol.27, pp.239-253, 2015.