This brings us to an important lesson about formal verification and system design: the paradigm gap. Pure TLA+ is a beautiful event-driven way to describe the mathematically correct state of your system. However, the environments where these systems actually live (Java, Go, C++, or Rust) are fundamentally built around sequential threads, loops, and queues, just like our PlusCal model. The impedance mismatch between an event-driven specification and a sequential implementation introduces the risk of HOL blocking. Because modern programming languages make it so effortless to pause a thread and wait for a resource, it is incredibly easy for a system to fall into the blocking trap. We should be cognizant of this pitfall when implementing our designs.

This touches on something that FizzBee helps a lot with compared to pure TLA+.

It makes it very easy to write the spec similarly to pseudo-code while experiencing the failures associated with real async code.

muratbuffalo.blogspot.com/2026/03/mode...

@pierrezemb.fr Looking forward to hear more about what you modeled and your thoughts about it.

Formal verification tools like TLA+, FizzBee, and Antithesis serve different stages: design-level verification versus implementation-level testing.

Jayaprabhakar(JP) Kadarkarai on Formal Methods & Verification from ep.5

Issues · slatedb/slatedb-go A cloud native embedded storage engine built on object storage. - Issues · slatedb/slatedb-go

@hillelwayne.com FizzBee does exactly this. At present only supports Go.
github.com/slatedb/slat...

It started with the idea from @emptysqua.re's paper "Extreme modeling in practice" but making it easier to use. In addition to that FizzBee also tests concurrency that's not typically covered.

Locks, leases, fencing tokens, FizzBee! FizzBee is a new formal specification language, originally announced back in May of last year. FizzBee’s author, Jayaprabhakar (JP) Kadarkarai, reached out to me recently and asked me what I …

Locks, leases, fencing tokens, FizzBee https://lobste.rs/s/987gmh #distributed

FizzBee automatically tests with various fault injection. Node crash is one of them.
fizzbee.io/tutorials/fa...
To mark some fields as ephemeral, you just need to add an annotation `@state(ephemeral=["inmem_field1", "inmem_field2"])`.
I'd be happy to assist.

Paxos made visual in FizzBee Unfortunately, Paxos is quite difficult to understand, in spite of numerous attempts to make it more approachable. — Diego Ongaro and John Ousterhout, In Search of an Understandable Consensus Algor…

New blog post on using FizzBee to model Paxos

surfingcomplexity.blog/2025/03/09/p...

SF Systems Meetup: Correctness and Security for Distributed Systems · Luma The SF Systems Meetup is back for the new year! This meetup, our theme is correctness and security. It's easy to write a distributed protocol, but very hard to…

The SF Systems Meetup is back! On 2/27, we're excited to have headline talks from the creator of FizzBee and a research collaborator with Signal. This is going to be a super fun night diving deep into making distributed protocols work, hope you'll join us! lu.ma/vqjf30k3

I really thought you were talking about 1:30 am until I got to the end...

That would be awesome. I'd be happy to answer any questions about FizzBee.