Building distributed systems is particularly difficult because of the asynchronous, heterogeneous, and failure-prone environment where these systems must run. This asynchrony makes verifying the correctness of systems implementations even more challenging. Tools for building distributed systems must strike a compromise between reducing programmer effort and increasing system efficiency. Mace is a C++ language extension, compiler, runtime, and toolset, that translates a concise but expressive distributed system specification into a C++ implementation. Mace exploits a natural decomposition of distributed systems into a layered, event-driven state machine. A key design principle of Mace is to separate each service algorithm from the implementation mechanics (serialization, dispatch, synchronization, etc.), debugging code (logging and property testing), and its utility services (lower-level services providing a specified interface). Our experience indicates that precisely because Mace imposes limits on the design structure of distributed systems, it supports the implementation of a wide variety of high-level supporting tools, including model checking, simulation, live debugging, and visualization. Mace is fully operational, has been in development for four years, and has been used to build a wide variety of Internet-ready distributed systems. This talk will describe both the Mace programming language design and MaceMC, the first model checker that can find liveness violations in unmodified systems implementations.