Verifying the safety of distributed protocols relies on inductive invariants, yet existing approaches are either confined to restricted logical fragments or require manually crafted templates, hindering fully automated synthesis. This work proposes IC3Syn, a novel framework that integrates large language models with the symbolic IC3 algorithm to collaboratively synthesize invariants within TLA+ state spaces. By decomposing invariant generation into focused blocking subproblems and leveraging the protocol-level reasoning capabilities of large models, IC3Syn enables flexible and rigorous search without logical restrictions or human intervention. The framework successfully generates candidate invariants for 29 protocols—including industrial-grade variants like MLDR (a Raft derivative) and complex Paxos instances—all of which are formally verified by TLAPS to be inductive in unbounded models, thereby guaranteeing safety.

Distributed protocols are notoriously difficult to verify correctly. Proving safety typically requires inductive invariants that both imply the desired property and are preserved by every protocol transition; yet inferring such invariants remains a major bottleneck: existing approaches either restrict the protocol models to a decidable fragment of first-order logic or demand expert-crafted templates. We present IC3Syn, a neuro-symbolic framework that synthesizes inductive invariants by executing an IC3-style process over TLA+ states with the assistance of Large Language Models (LLMs). At large, IC3Syn combines a symbolic IC3 controller, which decomposes invariant synthesis into focused blocking tasks and an LLM which provides protocol-level reasoning that IC3 alone lacks for TLA+ specifications. This integration enables a disciplined yet flexible search for invariants without imposing logical restrictions or requiring manual templates. We evaluate IC3Syn on 29 distributed protocols spanning consensus, reconfiguration and client-server systems, and compare it against Endive, IC3PO, SWISS and DistAI. IC3Syn discovers candidate invariants for all 29 protocols, including MongoLoglessDynamicRaft (MLDR), an industrial-scale Raft-based reconfiguration protocol for which none of the compared tools reports a solution, as well as one complex Paxos variant. In each case, the invariants synthesized on finite instances are shown in TLAPS to be inductive for the full unbounded protocol, thereby establishing safety.