Pegasus: Sound Continuous Invariant Generation

TL;DR

Pegasus is an automated tool that combines multiple methods to generate continuous invariants, aiding the formal verification of hybrid systems, and is integrated with the KeYmaera X theorem prover for improved safety proofs.

Contribution

We introduce Pegasus, a novel invariant generator that integrates diverse techniques and connects with KeYmaera X, enhancing automation in hybrid system verification.

Findings

Effective combination of methods for invariant generation

Successful integration with KeYmaera X theorem prover

Positive experimental results on benchmark suite

Abstract

Continuous invariants are an important component in deductive verification of hybrid and continuous systems. Just like discrete invariants are used to reason about correctness in discrete systems without having to unroll their loops, continuous invariants are used to reason about differential equations without having to solve them. Automatic generation of continuous invariants remains one of the biggest practical challenges to the automation of formal proofs of safety for hybrid systems. There are at present many disparate methods available for generating continuous invariants; however, this wealth of diverse techniques presents a number of challenges, with different methods having different strengths and weaknesses. To address some of these challenges, we develop Pegasus: an automatic continuous invariant generator which allows for combinations of various methods, and integrate it with the KeYmaera X theorem prover for hybrid systems. We describe some of the architectural aspects of this integration, comment on its methods and challenges, and present an experimental evaluation on a suite of benchmarks.