… TLA + proof system, is a platform for the development and mechanical verification of TLA +
proofs… The TLA + language supports a hierarchical, non-linear proof development process …

… provers to produce proofs that can be checked by Isabelle/TLA+, our most trusted back-end,
and this is currently implemented for the Zenon back-end. I will review our experiences with …

… Because temporal reasoning is such a small part of TLA proofs, we have deferred its
implementation. The PM now handles only action formulas. We have enough experience …

… We obtained the TLA proof that Tiny satisfies GNI from its RTLA proof in Section IV-C by …
This same transformation from an RTLA proof to a TLA proof works for any RTLA proof that …

… by initial condition and next-state relation Correctness expressed as TLA formula … ▶ each
step recursively has a proof proof tree ▶ proof step with higher level number starts subproof …

… We therefore decided to write a TLA to LP translator, so specifications, theorems, and proof
… It is obviously easier to write a TLA proof in TLA than in an LP encoding of TLA. It was not …

… Instead, we perform several rewriting steps to reduce the number of derived TLA+
operators that occur in a proof obligation, essentially applying the “obvious” instances of the …

… The specification language TLA+ [4] has recently been extended by notation to describe
formal, declarative proofs for theorems asserted in TLA+ modules. The proof language is …

… By evaluating the performance of the backend over several existing TLA+ proofs we show
… TLA+ expressions, which make up the vast majority of proof obligations that arise in TLA+ …

… This thesis presents effective techniques for discharging TLA + proof obligations to automated
… improve the automation capabilities of the proof development performed with the TLA …