SQLite recently patched a rare, 16-year-old bug in its Write-Ahead Log (WAL) checkpointing system that could lead to database corruption. This post from Canonical's dqlite (distributed SQLite) team walks through how they used TLA+ to formally model SQLite's internal behavior, isolate the exact sequence of steps needed to trigger the corruption, and determine whether their own system was vulnerable.