] Natarajan Shankar. Mechanical Veriication of a Generalized Protocol for Byzantine Fault-tolerant Clock Synchronization. in J. Vytopil, Editor, For- Mal Techniques in Real-time and Fault-tolerant Appendix: a Fragment of the Formal Speciication and Veriication

An introduction to formal speciication and verii-cation using Ehdm. As an illustrative fragment of the text submitted to the Ehdm formal veriication system, the statement and proof of the manifest-faulty case of the hybrid version of Lemma 5 is reproduced below. The speciication has been prettyprinted by Ehdm. The text of the full veri-cation is 110 pages long. The list following the from keyword in the prove declaration enumerates the lemmas, axioms, and deeni-tions to be used in the proof; the material in braces indicates substitutions to be made for quantiied variables. Given this information, Ehdm generates a ground formula by Skolemization and substitution for free variables , and then applies a decision procedure for a combination of theories including real and integer arithmetic and propositional calculus. The whole process takes only a couple of seconds.