danesabo/Obsidian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto sync: 2025-12-05 17:46:13 (15 files changed)

Browse Source 
D  Writing/ERLM/:w

A  Writing/ERLM/biblatex.sty

M  Writing/ERLM/dane_proposal_format.cls

M  Writing/ERLM/main.aux

M  Writing/ERLM/main.bbl

M  Writing/ERLM/main.blg

M  Writing/ERLM/main.fdb_latexmk

M  Writing/ERLM/main.fls
This commit is contained in:
Dane Sabo 2025-12-05 17:46:13 -05:00
parent 90c328872a
commit 54cc24e2f9
15 changed files with 949 additions and 1496 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

627
Writing/ERLM/:w
View File

@ -1,627 +0,0 @@
# ERLM Proposal Writing Review - Executive Summary
**Date**: December 2, 2025 **Reviewer**: Claude Code
**Framework**: Gopen's Sense of Structure
---
## Overview
This proposal demonstrates strong technical content, clear
methodology, and comprehensive coverage of all required
elements. The research approach is well-conceived, and the
progression from problem statement through solution is
logical. The writing is generally clear and professional.
**Key Strengths:**
- Excellent technical depth and specificity
- Strong motivation established through human factors
statistics
- Clear three-thrust research structure
- Comprehensive risk analysis with concrete contingencies
- Good use of specific examples (TMI accident, HARDENS
project)
**Priority Areas for Revision:**
- Sentence-level: Strengthen stress positions to emphasize
key claims
- Paragraph-level: Sharpen point-issue structure in some
sections
- Section-level: Tighten organization in State of the Art
section
- Big picture: Strengthen "so what" connections throughout
---
## Priority Issues (Top 10)
### 1. **SOTA Section Length and Organization**
[SECTION-LEVEL] **Location**: State of the Art section (358
lines) **Issue**: The SOTA section is the longest in the
proposal and covers multiple distinct topics (current
procedures, human factors, HARDENS). While comprehensive, it
risks overwhelming readers and obscuring your key
contributions. **Impact**: HIGH - Reviewers may lose track
of your argument in the density **Recommendation**:
Consider restructuring with clearer signposting. Each
subsection should explicitly connect back to what gap
you're filling. The current "\textbf{LIMITATION:}" callouts
are excellent—ensure every major subsection has one.
### 2. **Weak Stress Positions Throughout** [SENTENCE-LEVEL]
**Location**: All sections, especially Goals and State of
the Art **Issue**: Many sentences place old/known
information in stress position (sentence-final), missing
opportunities to emphasize new claims **Impact**:
MEDIUM-HIGH - Reduces rhetorical impact of key claims **See
Pattern**: "Stress Position Weakness" below for examples and
fixes
### 3. **Missing "So What" Connections** [BIG PICTURE]
**Location**: Transitions between major sections **Issue**:
The proposal moves from problem → approach → metrics without
always explicitly stating "this matters because..." at
transition points **Impact**: MEDIUM-HIGH - Reviewers may
not fully grasp significance **Recommendation**: Add
explicit "if successful, this enables..." statements at the
end of Goals section and beginning of Metrics section
### 4. **Passive Voice Obscuring Agency** [SENTENCE-LEVEL]
**Location**: Research Approach, especially subsection
introductions **Issue**: Passive constructions like "will be
employed" and "will be used" hide who does what and reduce
directness **Impact**: MEDIUM - Reduces clarity and makes
writing feel less confident **See Pattern**: "Passive Voice"
below
### 5. **Point-Issue Structure in Paragraphs**
[PARAGRAPH-LEVEL] **Location**: State of the Art, Risk
sections **Issue**: Some paragraphs present information
without first establishing why readers should care (the
"issue") **Impact**: MEDIUM - Readers may wonder "why are
you telling me this?" **See Pattern**: "Point-Issue
Structure" below
### 6. **Topic String Breaks** [PARAGRAPH-LEVEL]
**Location**: Research Approach, subsection transitions
**Issue**: Topic position doesn't always establish clear
continuity from previous sentence, forcing readers to
reconstruct connections **Impact**: MEDIUM - Increases
cognitive load **See Pattern**: "Topic Position &
Continuity" below
### 7. **Nominalization Hiding Action** [SENTENCE-LEVEL]
**Location**: Throughout, especially Research Approach
**Issue**: Action buried in nouns (e.g., "implementation"
instead of "implement", "verification" instead of "verify")
**Impact**: MEDIUM - Makes writing feel static rather than
dynamic **Recommendation**: Convert nominalizations to
active verbs where possible
### 8. **Long Complex Sentences** [SENTENCE-LEVEL]
**Location**: State of the Art (lines 45-51), Risks (lines
72-79) **Issue**: Some sentences exceed 40-50 words with
multiple subordinate clauses, challenging comprehension
**Impact**: MEDIUM - Reviewers may have to re-read
**Recommendation**: Break into 2-3 shorter sentences with
clear logical flow
### 9. **Subsection Balance in Risks Section**
[SECTION-LEVEL] **Location**: Risks and Contingencies
section **Issue**: Four subsections of vastly different
lengths (computational tractability gets more space than
discrete-continuous interface, despite latter being more
fundamental) **Impact**: LOW-MEDIUM - May suggest misaligned
priorities **Recommendation**: Consider whether space
allocation reflects actual risk magnitude
### 10. **Broader Impacts Underutilized** [BIG PICTURE]
**Location**: Broader Impacts section (75 lines vs 358 for
SOTA) **Issue**: This section is relatively brief given that
economic impact is a major motivation for SMRs **Impact**:
LOW-MEDIUM - Missing opportunity to strengthen value
proposition **Recommendation**: Consider expanding economic
analysis or adding brief discussion of workforce/educational
impacts
---
## Key Patterns Identified
### Pattern 1: Stress Position Weakness
**Principle** (Gopen): The stress position (end of sentence)
should contain the most important new information. Readers
expect climax at sentence-end and are disappointed when they
find old information or weak phrases there.
**Example 1** (Goals and Outcomes, lines 13-17): ```
Current: "Currently, nuclear plant operations rely on
extensively trained human operators who follow detailed
written procedures and strict regulatory requirements to
manage reactor control." ```
- **Issue**: Sentence ends with "manage reactor control"—a
restatement of the opening. The key claim is buried
mid-sentence: "extensively trained...detailed
procedures...strict requirements"
- **Fixed**: "Currently, nuclear plant operations require
extensively trained human operators following detailed
written procedures under strict regulatory requirements."
**Example 2** (State of the Art, lines 53-54): ``` Current:
"Procedures lack formal verification of correctness and
completeness." ```
- **Issue**: Ends weakly with "completeness" which is minor
compared to the bigger issue
- **Fixed**: "Procedures lack formal verification, leaving
correctness and completeness unproven."
**Example 3** (Research Approach, lines 41-42): ``` Current:
"The following sections discuss how these thrusts will be
accomplished." ```
- **Issue**: Pure metadiscourse in stress position, provides
no new information
- **Fixed**: Delete this sentence—the enumeration provides
sufficient transition, or combine with previous sentence:
"...through three main thrusts, each detailed below."
**Similar instances**:
- Goals lines 29-32: "...we will combine formal methods..."
- State of the Art lines 81-85: "...no application of hybrid
control theory exists..."
- Research Approach lines 115-116: "...enable progression to
the next step..."
- Metrics lines 29-31: "...makes this metric directly
relevant..."
- Risks lines 12-13: "...identification of remaining
barriers to deployment"
**How to fix**: Identify the most important new claim in
each sentence and move it to the end. Often this means
converting from "X does Y to achieve Z" to "X achieves Z by
doing Y."
---
### Pattern 2: Passive Voice Obscuring Agency
**Principle** (Gopen): Passive voice obscures who does what
and reduces directness. In proposal writing, active voice
demonstrates confidence and control. Use passive only when
the agent is truly unimportant or unknown.
**Example 1** (Research Approach, line 118): ``` Current:
"We will employ state-of-the-art reactive synthesis
tools..." ```
- **Issue**: "Employ" is weak; you're not hiring the tools,
you're using them
- **Better**: "We will use Strix, a state-of-the-art
reactive synthesis tool..."
- **Best**: "Strix will translate our temporal logic
specifications into deterministic automata..." (Shows what
the tool *does*, not just that you'll use it)
**Example 2** (Research Approach, line 207): ``` Current:
"Control barrier functions will be employed when..." ```
- **Issue**: Passive—who employs them? And "employed" sounds
formal/stuffy
- **Fixed**: "We will use control barrier functions to
verify..." or better "Control barrier functions verify..."
**Example 3** (Metrics, line 67): ``` Current: "This
milestone delivers an internal technical report..." ```
- **Issue**: Milestones don't deliver, people do
- **Fixed**: "We will deliver an internal technical report
documenting..."
**Similar instances**:
- Research Approach lines 161, 175, 206, 220: "will be
employed", "will be developed", "will be used"
- Metrics lines 69, 73, 79, 84: "...delivers a [document]"
- Risks lines 57, 109, 163: various passives
**How to fix**:
1. Identify the real agent (usually "we")
2. Make agent the subject: "We will X" or "X will Y"
3. Choose strong active verbs: use/apply/develop/verify (not
employ/utilize)
---
### Pattern 3: Point-Issue Structure Weakness
**Principle** (Gopen): Paragraphs should begin by
establishing (1) the point/claim being made and (2) why it
matters (the issue). Discussion then supports that point.
Readers need context before details.
**Example 1** (State of the Art, lines 88-107): ``` Current
paragraph begins: "The persistent role of human error in
nuclear safety incidents, despite decades of
improvements..." ```
- **Analysis**: This paragraph immediately dives into the
"persistent role" without first establishing why we're
discussing human factors at all. Reader thinks: "Wait,
weren't we just talking about procedures?"
- **Fixed**: Add issue statement first: "Human factors
provide the most compelling motivation for formal automated
control. Despite decades of improvements in training and
procedures, human error persists in 70-80% of nuclear
incidents—suggesting that operator-based control faces
fundamental, not remediable, limitations."
**Example 2** (Risks, first paragraph): ``` Current: "This
research relies on several critical assumptions that, if
invalidated, would require scope adjustment..." ```
- **Analysis**: Good—this establishes both point (critical
assumptions exist) and issue (invalidity requires
adjustment) immediately. The paragraph then delivers on this
promise. This is a good model!
**Example 3** (Research Approach, lines 166-169): ```
Current: "While discrete system components will be
synthesized with correctness guarantees, they represent only
half of the complete system." ```
- **Analysis**: Good issue statement (discrete alone
insufficient), but could be sharper about the point. What
will this section show?
- **Fixed**: "While discrete system components will be
synthesized with correctness guarantees, they represent only
half of the complete system. This section describes how we
will develop continuous control modes, verify their
correctness, and address the unique verification challenges
at the discrete-continuous interface."
**Similar instances**:
- State of the Art lines 13-34: long paragraph with delayed
point
- Goals lines 103-119: impact paragraph could be tighter
- Approach lines 178-208: three-mode classification needs
clearer framing
**How to fix**:
1. First sentence should state the paragraph's point
2. Second sentence (or same sentence) should state why this
matters
3. Remaining sentences provide supporting detail
---
### Pattern 4: Topic Position & Continuity
**Principle** (Gopen): The topic position (beginning of
sentence) should contain old/familiar information that links
to what came before. This creates flow and coherence. Abrupt
topic shifts disorient readers.
**Example 1** (Goals, lines 18-23): ``` Sentence 1: "...this
reliance on human operators prevents the introduction of
autonomous control capabilities..."
Sentence 2: "Emerging technologies like small modular
reactors face significantly higher per-megawatt staffing
costs..." ```
- **Issue**: Topic shifts abruptly from "reliance on
operators" to "emerging technologies". Connection exists
(both about staffing challenges) but isn't explicit
- **Fixed**: "...prevents autonomous control capabilities.
This limitation creates particular challenges for emerging
technologies like small modular reactors, which face
significantly higher per-megawatt staffing costs..."
**Example 2** (State of the Art, lines 234-243): ```
Sentence about what HARDENS addressed: "...discrete digital
control logic..."
Next sentence: "However, the project did not address
continuous dynamics..." ```
- **Analysis**: Good use of "however, the project" in topic
position—maintains focus on HARDENS while pivoting to
limitation. This is a good model!
**Example 3** (Research Approach, lines 56-58): ``` Sentence
1: "...we may be able to translate them into logical
formulae..."
Sentence 2: "Linear Temporal Logic (LTL) provides four
fundamental operators..." ```
- **Issue**: Abrupt topic shift from "translating
procedures" to "LTL provides". Missing: why LTL? Why now?
- **Fixed**: "...translate them into logical formulae. To
formalize these procedures, we will use Linear Temporal
Logic (LTL), which provides four fundamental operators..."
**Similar instances**:
- Goals lines 23-27: "emerging technologies" → "what is
needed"
- State of the Art lines 72-74: control modes → division
between automated/human
- Approach lines 183-185: stabilizing mode example →
transitory mode definition
**How to fix**:
1. Identify the topic of the previous sentence
2. Begin next sentence with something related to that topic
3. Use transitional phrases when shifting topics: "This
[previous thing] leads to [new thing]"
---
### Pattern 5: Long Complex Sentences
**Principle**: Sentences with multiple subordinate clauses
(especially over 35-40 words) tax reader working memory.
Breaking into multiple sentences often improves clarity
without losing sophistication.
**Example 1** (State of the Art, lines 48-51): ``` Current
(51 words): "Procedures undergo technical evaluation,
simulator validation testing, and biennial review as part of
operator requalification under 10 CFR 55.59, but despite
these rigorous development processes, procedures
fundamentally lack formal verification of key safety
properties." ```
- **Issue**: Long sentence with list, subordinate clause,
and contrast—hard to parse
- **Fixed (2 sentences)**: "Procedures undergo technical
evaluation, simulator validation testing, and biennial
review as part of operator requalification under 10 CFR
55.59. Despite these rigorous development processes,
procedures fundamentally lack formal verification of key
safety properties."
**Example 2** (Risks, lines 72-78): ``` Current (57 words):
"Temporal logic operates on boolean predicates, while
continuous control requires reasoning about differential
equations and reachable sets, and guard conditions that
require complex nonlinear predicates may resist boolean
abstraction, making synthesis intractable." ```
- **Issue**: Run-on with multiple clauses strung together
with commas
- **Fixed (3 sentences)**: "Temporal logic operates on
boolean predicates, while continuous control requires
reasoning about differential equations and reachable sets.
Guard conditions requiring complex nonlinear predicates may
resist boolean abstraction. This mismatch could make
synthesis intractable."
**Similar instances**:
- State of the Art lines 44-51: procedure development
description
- Research Approach lines 40-45: hybrid system description
- Risks lines 17-24: computational tractability discussion
- Broader Impacts lines 13-23: economic analysis
**How to fix**:
1. Identify natural breakpoints (usually where you have
"and" or "but")
2. Create new sentences at these breaks
3. Ensure each new sentence has clear topic position
4. May need to repeat/reference previous sentence's subject
for clarity
---
## Section-Level Issues
### Goals and Outcomes Section **Strengths**: Excellent
structure with clear goal → problem → approach → outcomes →
impact progression. The four-paragraph opening is very
strong.
**Issues**:
- Lines 29-53 (Approach paragraph): This is dense and tries
to cover too much. Consider breaking into two paragraphs:
one on the approach concept, one on the hypothesis and
rationale.
- Outcomes enumeration: Very clear, but could strengthen the
transition from strategy to outcome in each item. Currently
reads as "we'll do X. [new sentence] This enables Y."
Consider: "We'll do X, enabling Y."
### State of the Art Section **Strengths**: Comprehensive,
well-researched, excellent use of the HARDENS case study as
both positive example and gap identifier.
**Issues**:
- **Length**: At 358 lines, this risks losing readers. Most
concerning: readers may forget your framing by the time they
reach your contribution.
- **Organization**: Four major subsections (procedures,
human factors, HARDENS, research imperative) would benefit
from a roadmap sentence at the beginning: "To understand the
need for hybrid control synthesis, we first examine..."
- **Balance**: HARDENS subsection is 89 lines—nearly 25% of
SOTA. While impressive, consider whether this should be a
separate section or whether some detail could move to an
appendix.
- **Transition to Approach**: The "Research Imperative"
subsection is excellent but feels like it belongs at the
start of Research Approach rather than end of SOTA.
### Research Approach Section **Strengths**: Clear
three-thrust structure, good use of equations and examples,
strong technical detail.
**Issues**:
- **Subsection transitions**: The transitions between the
three main subsections (Procedures→Temporal,
Temporal→Discrete, Discrete→Continuous) could be smoother.
Each starts somewhat abruptly.
- **SmAHTR introduction**: The SmAHTR demonstration case is
introduced suddenly at line 253. Consider introducing it
earlier (perhaps in Goals section or at start of Approach)
so readers know it's coming.
- **Three-mode classification**: Lines 178-208 present the
stabilizing/transitory/expulsory framework, which is
innovative. This deserves more prominence—consider
highlighting it as a key contribution.
### Metrics of Success Section **Strengths**: TRL framework
is well-justified, progression through levels is clear.
**Issues**:
- **Defensive tone**: Lines 11-30 spend considerable space
justifying why TRL is appropriate. This is good but could be
more concise. Consider: one paragraph on why TRLs (lines
10-19) rather than two.
- **Grading criteria**: The TRL definitions (3, 4, 5) are
excellent. Very concrete and measurable.
### Risks and Contingencies Section **Strengths**:
Comprehensive, each risk has indicators and contingencies,
well-organized.
**Issues**:
- **Subsection balance**: Four subsections range from 41
lines (computational) to 65 lines (discrete-continuous).
Ensure space reflects actual risk level.
- **Mitigation vs. contingency**: Some subsections blur
"mitigation" (preventing problems) and "contingency"
(response if they occur). Consider clarifying this
structure.
### Broader Impacts Section **Strengths**: Clear economic
motivation, good connection to SMRs and datacenter
application.
**Issues**:
- **Brevity**: At 75 lines, this is the shortest technical
section. Given that economic viability is a key motivation,
consider expanding.
- **Missed opportunities**: Could briefly mention
workforce/educational impacts (training future engineers in
formal methods), equity (providing reliable clean energy to
underserved areas), broader applicability beyond nuclear.
### Budget Section **Brief review**: Budget is
comprehensive, well-justified, appropriate. Minor note:
Consider whether the high-performance workstation (Year 1)
might need upgrades in Year 2-3 as synthesis scales up.
### Schedule Section **Brief review**: Schedule is ambitious
but realistic. Six trimesters for dissertation research is
reasonable. Publication strategy is smart (nuclear community
first, then broader control theory community). Minor note:
Line 73 has a space issue ("t ranslation").
---
## Big Picture Observations
### Narrative and Argument Structure
**Strengths**:
- Clear problem-solution arc: operators make errors →
procedures lack formal guarantees → hybrid control synthesis
provides guarantees
- Good use of motivating examples (TMI, human error
statistics, HARDENS)
- Technical progression is logical: discrete synthesis →
continuous verification → integrated system
**Opportunities**:
1. **Strengthen "so what" transitions**: The proposal
sometimes presents information without explicitly stating
significance. Add more "This matters because..." statements.
2. **Emphasize novelty earlier**: The three-mode
classification and discrete-continuous interface
verification are novel contributions. Signal this earlier
and more explicitly.
3. **Create more callbacks**: When describing Research
Approach, refer back to specific limitations identified in
State of the Art. Currently these connections are implicit.
### Rhetorical Effectiveness
**Credibility established through**:
- Comprehensive literature review
- Specific technical detail
- Access to industry hardware (Emerson partnership)
- Prior conference recognition (best student paper)
**Value proposition**:
- Clear economic impact (O&M cost reduction)
- Safety improvement (mathematical guarantees vs. human
operators)
- Broader applicability (methodology generalizes)
**Could strengthen**:
- More explicit statements of what's novel vs. what's
established practice
- Stronger emphasis on the unique combination of discrete
synthesis + continuous verification (others do one or the
other, not both)
### Content Gaps and Consistency
**Terminology**:
- Generally consistent
- Good introduction of technical terms (hybrid automata,
temporal logic, reachability analysis)
- Minor: "correct by construction" vs. "provably
correct"—used interchangeably, which is fine, but could note
they're synonymous
**Scope consistency**:
- Excellent—stays focused on startup procedures for SmAHTR
- Appropriately acknowledges limitations (TRL 5, not
deployment-ready)
- Risk section addresses what happens if scope must narrow
**Potential gaps**:
1. **Cybersecurity**: Not mentioned. For autonomous nuclear
control, shouldn't there be at least a paragraph on security
verification?
2. **Regulatory path**: You mention "regulatory
requirements" but don't detail what NRC approval process
would look like. Even a paragraph would strengthen
credibility.
3. **Comparison with alternatives**: What about machine
learning approaches to autonomous control? Worth a paragraph
explaining why formal methods are superior for
safety-critical systems.
---
## Gopen Framework Quick Reference
**Stress Position**: End of sentence should contain most
important new information. Readers expect climax there.
**Topic Position**: Beginning of sentence should contain
familiar information that links to previous sentence.
Creates flow.
**Point-Issue Structure**: Paragraphs should open by stating
(1) the point/claim and (2) why it matters, before providing
supporting detail.
**Topic String**: The chain of topics across sentences in a
paragraph. Strong topic strings create coherence; broken
ones confuse readers.
**Old→New Information Flow**: Information should flow from
familiar (old) to unfamiliar (new) within sentences and
paragraphs.
---
## Next Steps
1. **Start with Priority Issues 1-3**: These have the
highest impact
2. **Apply Patterns**: Use the pattern examples to fix
similar instances throughout
3. **Consult Detailed Document**: For comprehensive
checkbox-by-checkbox revisions
4. **Section-by-section revision**: Work through one section
at a time, applying patterns
5. **Final pass for consistency**: Ensure changes maintain
consistent terminology and tone
This proposal has strong technical content and a solid
structure. The revisions suggested here will strengthen
clarity, emphasize key contributions, and make the argument
even more compelling for reviewers. Good luck with your
revisions!

0
Writing/ERLM/biblatex.sty Normal file
View File

1
Writing/ERLM/dane_proposal_format.cls
View File

@ -28,7 +28,6 @@
\singlespacing
\setcounter{secnumdepth}{3}
\setcounter{tocdepth}{5}
\bibliographystyle{unsrt}
% Graphics and figures
\RequirePackage{graphicx}

127
Writing/ERLM/main.aux
View File

@ -1,26 +1,22 @@
\relax
\bibstyle{unsrt}
\providecommand \oddpage@label [2]{}
\@writefile{toc}{\contentsline {section}{\numberline {1}Goals and Outcomes}{1}{}\protected@file@percent }
\citation{NUREG-0899}
\citation{10CFR55}
\citation{NUREG-0899,10CFR50.34}
\citation{10CFR55.59}
\citation{WRPS.Description,gentillon_westinghouse_1999}
\@writefile{toc}{\contentsline {section}{\numberline {2}State of the Art and Limits of Current Practice}{3}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Current Reactor Procedures and Operation}{3}{}\protected@file@percent }
\citation{operator_statistics}
\citation{10CFR55}
\citation{NRC WEBSITE IN ZOTERO FOR PRES}
\citation{ALSO IN PRES FOLDER}
\citation{10CFR55}
\citation{NRC WEBSITE IN ZOTERO FOR PRES}
\citation{ALSO IN PRES FOLDER}
\citation{10CFR50.54}
\citation{Kemeny1979}
\citation{Kemeny1979}
\citation{DOE-HDBK-1028-2009,WNA2020}
\citation{IAEA-severe-accidents}
\citation{Wang2025}
\citation{Reason1990}
\citation{WNA2020}
\citation{hogberg_root_2013}
\citation{zhang_analysis_2025}
\citation{Kiniry2024}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Human Factors in Nuclear Accidents}{4}{}\protected@file@percent }
\citation{Kiniry2022}
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}HARDENS and Formal Methods}{5}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {2.3}HARDENS and Formal Methods}{4}{}\protected@file@percent }
\citation{Kiniry2024}
\@writefile{toc}{\contentsline {section}{\numberline {3}Research Approach}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}$(Procedures \wedge FRET) \rightarrow Temporal Specifications$}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {3.2}$(TemporalLogic \wedge ReactiveSynthesis) \rightarrow DiscreteAutomata$}{7}{}\protected@file@percent }
@ -38,54 +34,57 @@
\citation{eesi_datacenter_2024}
\citation{eia_lcoe_2022}
\@writefile{toc}{\contentsline {section}{\numberline {6}Broader Impacts}{16}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Budget and Budget Justification}{17}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {7.1}Budget Summary}{17}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {7.2}Budget Justification}{17}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.1}Senior Personnel}{17}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Faculty Advisor}{17}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.2}Other Personnel}{17}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Graduate Research Assistant (Principal Investigator)}{17}{}\protected@file@percent }
\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces Proposed Budget by Year and Category}}{18}{}\protected@file@percent }
\newlabel{tab:budget}{{1}{18}{Budget Summary}{}{}}
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.3}Fringe Benefits}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Faculty Fringe Benefits}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Graduate Research Assistant Fringe Benefits}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.4}Equipment}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.5}Travel}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Conference Travel (\$4,000 per year)}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Industry Collaboration Visits (\$1,500 per year)}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.6}Participant Support Costs}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.7}Other Direct Costs}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Materials and Supplies}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Publication Costs}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Computing and Cloud Services}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.8}H. Indirect Costs (Facilities \& Administrative)}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.9}Cost Sharing}{21}{}\protected@file@percent }
\newlabel{sec:cost-sharing}{{7.2.9}{21}{Cost Sharing}{}{}}
\@writefile{toc}{\contentsline {paragraph}{Emerson Process Management Partnership}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{University Infrastructure}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Total In-Kind Contributions}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.10}Budget Inflation and Escalation}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {8}Schedule, Milestones, and Deliverables}{21}{}\protected@file@percent }
\gtt@chartextrasize{0}{164.1287pt}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces Project schedule showing major research thrusts, milestones (orange row), and publications (green row). Red diamonds indicate completion points. Overlapping bars indicate parallel work where appropriate.}}{22}{}\protected@file@percent }
\newlabel{fig:gantt}{{1}{22}{Schedule, Milestones, and Deliverables}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {8.1}Milestones and Deliverables}{22}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {9}Supplemental Sections}{23}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {9.1}Biosketch}{23}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {9.2}Data Management Plan}{26}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {9.3}Facilities}{30}{}\protected@file@percent }
\bibstyle{ieeetr}
\bibdata{references}
\bibcite{NUREG-0899}{1}
\bibcite{10CFR55}{2}
\bibcite{Kemeny1979}{3}
\bibcite{DOE-HDBK-1028-2009}{4}
\bibcite{WNA2020}{5}
\bibcite{IAEA-severe-accidents}{6}
\bibcite{Wang2025}{7}
\bibcite{Reason1990}{8}
\bibcite{Kiniry2022}{9}
\bibcite{eia_lcoe_2022}{10}
\bibcite{eesi_datacenter_2024}{11}
\@writefile{toc}{\contentsline {section}{References}{31}{}\protected@file@percent }
\gdef \@abspage@last{32}
\bibcite{10CFR50.34}{2}
\bibcite{10CFR55.59}{3}
\bibcite{WRPS.Description}{4}
\bibcite{gentillon_westinghouse_1999}{5}
\bibcite{operator_statistics}{6}
\bibcite{10CFR55}{7}
\bibcite{10CFR50.54}{8}
\bibcite{Kemeny1979}{9}
\bibcite{WNA2020}{10}
\bibcite{hogberg_root_2013}{11}
\bibcite{zhang_analysis_2025}{12}
\bibcite{Kiniry2024}{13}
\@writefile{toc}{\contentsline {section}{References}{18}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Budget and Budget Justification}{19}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {7.1}Budget Summary}{19}{}\protected@file@percent }
\@writefile{lot}{\contentsline {table}{\numberline {1}{\ignorespaces Proposed Budget by Year and Category}}{19}{}\protected@file@percent }
\newlabel{tab:budget}{{1}{19}{Budget Summary}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {7.2}Budget Justification}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.1}Senior Personnel}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Faculty Advisor}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.2}Other Personnel}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Graduate Research Assistant (Principal Investigator)}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.3}Fringe Benefits}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Faculty Fringe Benefits}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Graduate Research Assistant Fringe Benefits}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.4}Equipment}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.5}Travel}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Conference Travel (\$4,000 per year)}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Industry Collaboration Visits (\$1,500 per year)}{20}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.6}Participant Support Costs}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.7}Other Direct Costs}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Materials and Supplies}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Publication Costs}{21}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Computing and Cloud Services}{22}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.8}H. Indirect Costs (Facilities \& Administrative)}{22}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.9}Cost Sharing}{22}{}\protected@file@percent }
\newlabel{sec:cost-sharing}{{7.2.9}{22}{Cost Sharing}{}{}}
\@writefile{toc}{\contentsline {paragraph}{Emerson Process Management Partnership}{22}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{University Infrastructure}{22}{}\protected@file@percent }
\@writefile{toc}{\contentsline {paragraph}{Total In-Kind Contributions}{22}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsubsection}{\numberline {7.2.10}Budget Inflation and Escalation}{22}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {8}Schedule, Milestones, and Deliverables}{23}{}\protected@file@percent }
\gtt@chartextrasize{0}{164.1287pt}
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces Project schedule showing major research thrusts, milestones (orange row), and publications (green row). Red diamonds indicate completion points. Overlapping bars indicate parallel work where appropriate.}}{23}{}\protected@file@percent }
\newlabel{fig:gantt}{{1}{23}{Schedule, Milestones, and Deliverables}{}{}}
\@writefile{toc}{\contentsline {subsection}{\numberline {8.1}Milestones and Deliverables}{23}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {9}Supplemental Sections}{25}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {9.1}Biosketch}{25}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {9.2}Data Management Plan}{28}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {9.3}Facilities}{32}{}\protected@file@percent }
\gdef \@abspage@last{33}

78
Writing/ERLM/main.bbl
View File

@ -1,64 +1,44 @@
\begin{thebibliography}{10}
\bibitem{NUREG-0899}
{U.S. Nuclear Regulatory Commission}.
\newblock Guidelines for the preparation of emergency operating procedures.
\newblock Technical Report NUREG-0899, U.S. Nuclear Regulatory Commission, 1982.
{U.S. Nuclear Regulatory Commission}, ``Guidelines for the preparation of emergency operating procedures,'' Tech. Rep. NUREG-0899, U.S. Nuclear Regulatory Commission, 1982.
\bibitem{10CFR50.34}
{U.S. Nuclear Regulatory Commission}, ``{10 CFR Part 50.34}.'' Code of Federal Regulations.
\bibitem{10CFR55.59}
{U.S. Nuclear Regulatory Commission}, ``{10 CFR Part 55.59}.'' Code of Federal Regulations.
\bibitem{WRPS.Description}
``{Westinghouse RPS System Description},'' tech. rep., Westinghouse Electric Corporation.
\bibitem{gentillon_westinghouse_1999}
C.~D. Gentillon, D.~Marksberry, D.~Rasmuson, M.~B. Calley, S.~A. Eide, and T.~Wierman, ``Westinghouse reactor protection system unavailability, 1984-1995.''
\newblock Number: {INEEL}/{CON}-99-00374 Publisher: Idaho National Engineering and Environmental Laboratory.
\bibitem{operator_statistics}
{U.S. Nuclear Regulatory Commission}, ``{Operator Licensing}.'' \url{https://www.nrc.gov/reactors/operator-licensing}.
\bibitem{10CFR55}
{U.S. Nuclear Regulatory Commission}.
\newblock Operators' licenses.
\newblock 10 CFR Part 55.
\newblock Code of Federal Regulations.
{U.S. Nuclear Regulatory Commission}, ``{Part 55—Operators' Licenses}.'' \url{https://www.nrc.gov/reading-rm/doc-collections/cfr/part055/full-text}.
\bibitem{10CFR50.54}
{U.S. Nuclear Regulatory Commission}, ``{§ 50.54 Conditions of Licenses}.'' \url{https://www.nrc.gov/reading-rm/doc-collections/cfr/part050/part050-0054}.
\bibitem{Kemeny1979}
John~G. Kemeny et~al.
\newblock Report of the president's commission on the accident at three mile island.
\newblock Technical report, President's Commission on the Accident at Three Mile Island, October 1979.
\bibitem{DOE-HDBK-1028-2009}
{U.S. Department of Energy}.
\newblock Human performance handbook.
\newblock Handbook DOE-HDBK-1028-2009, U.S. Department of Energy, 2009.
J.~G. Kemeny {\em et~al.}, ``Report of the president's commission on the accident at three mile island,'' tech. rep., President's Commission on the Accident at Three Mile Island, October 1979.
\bibitem{WNA2020}
{World Nuclear Association}.
\newblock Safety of nuclear power reactors.
\newblock \url{https://www.world-nuclear.org/information-library/safety-and-security/safety-of-plants/safety-of-nuclear-power-reactors.aspx}, 2020.
{World Nuclear Association}, ``Safety of nuclear power reactors.'' \url{https://www.world-nuclear.org/information-library/safety-and-security/safety-of-plants/safety-of-nuclear-power-reactors.aspx}, 2020.
\bibitem{IAEA-severe-accidents}
{International Atomic Energy Agency}.
\newblock Human error as root cause in severe nuclear accidents.
\newblock IAEA Safety Report.
\newblock Analysis of TMI, Chernobyl, and Fukushima accidents.
\bibitem{hogberg_root_2013}
L.~Högberg, ``Root causes and impacts of severe accidents at large nuclear power plants,'' vol.~42, no.~3, pp.~267--284.
\bibitem{Wang2025}
Y.~Wang et~al.
\newblock Analysis of human error in nuclear power plant operations: A systematic review of events from 2007--2020.
\newblock {\em Journal of Nuclear Safety}, 2025.
\newblock Analysis of 190 events at Chinese nuclear power plants.
\bibitem{zhang_analysis_2025}
M.~Zhang, L.~Dai, W.~Chen, and E.~Pang, ``Analysis of human errors in nuclear power plant event reports,'' vol.~57, no.~10, p.~103687.
\bibitem{Reason1990}
James Reason.
\newblock {\em Human Error}.
\newblock Cambridge University Press, 1990.
\bibitem{Kiniry2022}
Joseph Kiniry, Alexander Bakst, Michal Podhradsky, Simon Hansen, and Andrew Bivin.
\newblock High assurance rigorous digital engineering for nuclear safety (hardens) final technical report.
\newblock Technical Report ML22326A307, Galois, Inc. / U.S. Nuclear Regulatory Commission, 2022.
\bibitem{Kiniry2024}
J.~Kiniry, A.~Bakst, S.~Hansen, M.~Podhradsky, and A.~Bivin, ``High assurance rigorous digital engineering for nuclear safety (hardens) final technical report,'' Tech. Rep. TLR-RES-RES/DE-2024-005, Galois, Inc. / U.S. Nuclear Regulatory Commission, 2024.
\newblock NRC Contract 31310021C0014.
\bibitem{eia_lcoe_2022}
{U.S. Energy Information Administration}.
\newblock Levelized costs of new generation resources in the annual energy outlook 2022.
\newblock Report, U.S. Energy Information Administration, March 2022.
\newblock See Table 1b, page 9.
\bibitem{eesi_datacenter_2024}
{Environmental and Energy Study Institute}.
\newblock Data center energy needs are upending power grids and threatening the climate.
\newblock Web article, 2024.
\newblock Accessed: 2025-09-29.
\end{thebibliography}

98
Writing/ERLM/main.blg
View File

@ -1,63 +1,61 @@
This is BibTeX, Version 0.99d (TeX Live 2023/Debian)
Capacity: max_strings=200000, hash_size=200000, hash_prime=170003
The top-level auxiliary file: main.aux
The style file: unsrt.bst
White space in argument---line 10 of file main.aux
: \citation{NRC
: WEBSITE IN ZOTERO FOR PRES}
I'm skipping whatever remains of this command
White space in argument---line 11 of file main.aux
: \citation{ALSO
: IN PRES FOLDER}
I'm skipping whatever remains of this command
White space in argument---line 13 of file main.aux
: \citation{NRC
: WEBSITE IN ZOTERO FOR PRES}
I'm skipping whatever remains of this command
White space in argument---line 14 of file main.aux
: \citation{ALSO
: IN PRES FOLDER}
I'm skipping whatever remains of this command
The style file: ieeetr.bst
Database file #1: references.bib
You've used 11 entries,
1791 wiz_defined-function locations,
514 strings with 5426 characters,
and the built_in function-call counts, 1577 in all, are:
= -- 140
> -- 65
< -- 3
+ -- 28
- -- 17
* -- 41
:= -- 291
add.period$ -- 39
call.type$ -- 11
change.case$ -- 12
Warning--entry type for "gentillon_westinghouse_1999" isn't style-file defined
--line 32 of file references.bib
Warning--entry type for "operator_statistics" isn't style-file defined
--line 45 of file references.bib
Warning--entry type for "10CFR50.54" isn't style-file defined
--line 59 of file references.bib
Warning--I didn't find a database entry for "eia_lcoe_2022"
Warning--I didn't find a database entry for "eesi_datacenter_2024"
Warning--empty author in WRPS.Description
Warning--empty year in WRPS.Description
Warning--empty journal in hogberg_root_2013
Warning--empty year in hogberg_root_2013
Warning--empty journal in zhang_analysis_2025
Warning--empty year in zhang_analysis_2025
You've used 13 entries,
1876 wiz_defined-function locations,
544 strings with 5480 characters,
and the built_in function-call counts, 2138 in all, are:
= -- 192
> -- 92
< -- 2
+ -- 38
- -- 25
* -- 130
:= -- 326
add.period$ -- 14
call.type$ -- 13
change.case$ -- 15
chr.to.int$ -- 0
cite$ -- 11
duplicate$ -- 71
empty$ -- 166
format.name$ -- 17
if$ -- 349
cite$ -- 19
duplicate$ -- 92
empty$ -- 229
format.name$ -- 25
if$ -- 511
int.to.chr$ -- 0
int.to.str$ -- 11
missing$ -- 3
newline$ -- 64
num.names$ -- 11
pop$ -- 43
int.to.str$ -- 13
missing$ -- 2
newline$ -- 44
num.names$ -- 12
pop$ -- 57
preamble$ -- 1
purify$ -- 0
quote$ -- 0
skip$ -- 20
skip$ -- 74
stack$ -- 0
substring$ -- 0
swap$ -- 9
text.length$ -- 3
substring$ -- 44
swap$ -- 22
text.length$ -- 2
text.prefix$ -- 0
top$ -- 0
type$ -- 0
warning$ -- 0
while$ -- 11
width$ -- 13
write$ -- 127
(There were 4 error messages)
warning$ -- 6
while$ -- 16
width$ -- 15
write$ -- 107
(There were 11 warnings)

20
Writing/ERLM/main.fdb_latexmk
View File

@ -1,13 +1,13 @@
# Fdb version 4
["bibtex main"] 1764869648.5559 "main.aux" "main.bbl" "main" 1764869648.59189 2
"./references.bib" 1760575541.11204 17887 8c959c4bb228b5a8c44fd08ed0751b05 ""
"/usr/share/texlive/texmf-dist/bibtex/bst/base/unsrt.bst" 1292289607 18030 1376b4b231b50c66211e47e42eda2875 ""
"main.aux" 1764869648.39348 7615 5821c96fe1a36195d8b7d010b233e163 "pdflatex"
["bibtex main"] 1764974760.71217 "main.aux" "main.bbl" "main" 1764974761.6655 0
"./references.bib" 1764974759.12837 5129 de2dc116e7908a86456f09f33e7d7ac7 ""
"/usr/share/texlive/texmf-dist/bibtex/bst/base/ieeetr.bst" 1292289607 18361 1a00e58565e7f19bf2b3e1bfb82254ae ""
"main.aux" 1764974761.51097 7608 f4f0b295bef52d13062032206cc95973 "pdflatex"
(generated)
"main.bbl"
"main.blg"
(rewritten before read)
["pdflatex"] 1764869647.67076 "main.tex" "main.pdf" "main" 1764869648.59211 0
["pdflatex"] 1764974760.76605 "main.tex" "main.pdf" "main" 1764974761.66567 0
"/etc/texmf/web2c/texmf.cnf" 1726065852.27662 475 c0e671620eb5563b2130f56340a5fde8 ""
"/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc" 1165713224 4850 80dc9bab7f31fb78a000ccfed0e27cab ""
"/usr/share/texlive/texmf-dist/fonts/map/fontname/texfonts.map" 1577235249 3524 cb3e574dea2d1052e39280babc910dc8 ""
@ -243,16 +243,16 @@
"/var/lib/texmf/web2c/pdftex/pdflatex.fmt" 1726065868 6800790 607442c924ed54405961d2b8ac2a25ae ""
"broader-impacts/v1.tex" 1762446356.88898 4913 f040011f0dbfa050cad013bb8737b473 ""
"budget/v1.tex" 1762446356.88898 12864 1341c4cfdaf82dc649f2f47f3cc8ecd7 ""
"dane_proposal_format.cls" 1761234879.88179 2596 f4b1a6fb5a74347c13e92ea1ba135818 ""
"dane_proposal_format.cls" 1764974397.2375 2570 f29186d8a9397205c58fccc0fcffb76c ""
"goals-and-outcomes/v6.tex" 1760575541.11104 6070 286ca847b1aac31431e0658cd2989ea2 ""
"main.aux" 1764869648.39348 7615 5821c96fe1a36195d8b7d010b233e163 "pdflatex"
"main.bbl" 1764869648.58848 2497 61aa87b86cf1e92fd5306af01b0a5409 "bibtex main"
"main.tex" 1764866127.56542 768 21c161623549be714dc49726837188d5 ""
"main.aux" 1764974761.51097 7608 f4f0b295bef52d13062032206cc95973 "pdflatex"
"main.bbl" 1764974760.75697 2467 75ddd8bc744ac1d7c685bc124699a008 "bibtex main"
"main.tex" 1764974466.74023 804 d25a45e5732ab0e63adac220a8893f96 ""
"metrics-of-success/v1.tex" 1760575541.11204 6867 9f08b3208bb158042e2fc9bbfeecae68 ""
"research-approach/v3.tex" 1760575541.11304 17351 6ed3e4ff3c33dd86d80597dbdb0cf36f ""
"risks-and-contingencies/v1.tex" 1762446356.89155 15209 c8ff47d0cfbf72d9c457463c5114f2a8 ""
"schedule/v1.tex" 1764192995.54631 8440 1c6c59ab8379c2aee45e5ad9b447e61d ""
"state-of-the-art/v6.tex" 1764869646.62949 14571 be2cbb52663460e4a029066fb8854728 ""
"state-of-the-art/v6.tex" 1764972984.45499 13382 928592dcd1dd1113207582a3c5467b68 ""
"supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf" 1764192995.54731 76839 d12cfa78304f51e96ce0e12460ece1e3 ""
"supplemental-sections/cv-1786798.pdf" 1764192995.54731 31602 224112b9f507ae1e989c0341a7eb3f42 ""
"supplemental-sections/v1.tex" 1764192995.54731 2302 accf9c1dd3b7c2f35a3a051140113d63 ""

10
Writing/ERLM/main.fls
View File

@ -483,6 +483,10 @@ INPUT /usr/share/texlive/texmf-dist/tex/latex/psnfss/ts1ptm.fd
INPUT /usr/share/texlive/texmf-dist/tex/latex/psnfss/ts1ptm.fd
INPUT /usr/share/texlive/texmf-dist/fonts/tfm/adobe/times/ptmr8c.tfm
INPUT /usr/share/texlive/texmf-dist/fonts/vf/adobe/times/ptmr8c.vf
INPUT ./main.bbl
INPUT ./main.bbl
INPUT main.bbl
INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/cm/cmtt12.tfm
INPUT ./budget/v1.tex
INPUT ./budget/v1.tex
INPUT ./budget/v1.tex
@ -503,8 +507,8 @@ INPUT /usr/share/texlive/texmf-dist/fonts/vf/adobe/times/ptmr8c.vf
INPUT /usr/share/texlive/texmf-dist/fonts/vf/adobe/times/ptmri7t.vf
INPUT /usr/share/texlive/texmf-dist/fonts/tfm/adobe/times/ptmri8r.tfm
INPUT /usr/share/texlive/texmf-dist/fonts/tfm/adobe/times/ptmb8c.tfm
INPUT /usr/share/texlive/texmf-dist/fonts/tfm/adobe/times/ptmri8c.tfm
INPUT /usr/share/texlive/texmf-dist/fonts/vf/adobe/times/ptmb8c.vf
INPUT /usr/share/texlive/texmf-dist/fonts/tfm/adobe/times/ptmri8c.tfm
INPUT /usr/share/texlive/texmf-dist/fonts/vf/adobe/times/ptmri8c.vf
INPUT ./schedule/v1.tex
INPUT ./schedule/v1.tex
@ -554,10 +558,6 @@ INPUT ./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf
INPUT ./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf
INPUT ./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf
INPUT ./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf
INPUT ./main.bbl
INPUT ./main.bbl
INPUT main.bbl
INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/cm/cmtt12.tfm
INPUT main.aux
INPUT /usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmmi10.pfb
INPUT /usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb

188
Writing/ERLM/main.log
View File

@ -1,4 +1,4 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.25 (TeX Live 2023/Debian) (preloaded format=pdflatex 2024.9.11) 4 DEC 2025 12:34
This is pdfTeX, Version 3.141592653-2.6-1.40.25 (TeX Live 2023/Debian) (preloaded format=pdflatex 2024.9.11) 5 DEC 2025 17:46
entering extended mode
restricted \write18 enabled.
file:line:error style messages enabled.
@ -881,47 +881,49 @@ LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <8> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 12.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc}] (./goals-and-outcomes/v6.tex [1]) (./state-of-the-art/v6.tex [2] [3]
LaTeX Warning: Citation `NRC WEBSITE IN ZOTERO FOR PRES' on page 4 undefined on input line 77.
LaTeX Warning: Citation `ALSO IN PRES FOLDER' on page 4 undefined on input line 79.
LaTeX Warning: Citation `NRC WEBSITE IN ZOTERO FOR PRES' on page 4 undefined on input line 85.
LaTeX Warning: Citation `ALSO IN PRES FOLDER' on page 4 undefined on input line 86.
[4] [5]) (./research-approach/v3.tex
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}{/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc}] (./goals-and-outcomes/v6.tex [1]) (./state-of-the-art/v6.tex [2] [3] [4]) (./research-approach/v3.tex [5]
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <12> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 8.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <9> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 8.
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <7> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 8.
[6] [7] [8] [9]) (./metrics-of-success/v1.tex [10] [11]) (./risks-and-contingencies/v1.tex [12] [13] [14] [15]) (./broader-impacts/v1.tex
[6] [7] [8] [9]) (./metrics-of-success/v1.tex [10] [11]) (./risks-and-contingencies/v1.tex [12] [13] [14]) (./broader-impacts/v1.tex [15]
LaTeX Font Info: Trying to load font information for TS1+ptm on input line 14.
(/usr/share/texlive/texmf-dist/tex/latex/psnfss/ts1ptm.fd
File: ts1ptm.fd 2001/06/04 font definitions for TS1/ptm.
) [16]) (./budget/v1.tex
)
LaTeX Warning: Citation `eia_lcoe_2022' on page 16 undefined on input line 14.
LaTeX Warning: Citation `eesi_datacenter_2024' on page 16 undefined on input line 16.
LaTeX Warning: Citation `eia_lcoe_2022' on page 16 undefined on input line 21.
[16]) [17] (./main.bbl
Underfull \hbox (badness 10000) in paragraph at lines 32--33
\OT1/cmtt/m/n/12 nuclear . org / information -[] library / safety -[] and -[] security / safety -[] of -[]
[]
) [18] (./budget/v1.tex
LaTeX Font Info: Font shape `OT1/ptm/bx/n' in size <6> not available
(Font) Font shape `OT1/ptm/b/n' tried instead on input line 22.
[17] [18] [19] [20]
[19] [20] [21]
Overfull \hbox (22.53047pt too wide) in paragraph at lines 264--271
[] []\OT1/ptm/b/n/12 Uni-ver-sity In-fras-truc-ture[] \OT1/ptm/m/n/12 The Uni-ver-sity of Pitts-burgh pro-vides com-pre-hen-sive MAT-LAB/Simulink
[]
) (./schedule/v1.tex [21]
) (./schedule/v1.tex [22]
Missing character: There is no , in font nullfont!
Overfull \hbox (35.80641pt too wide) in paragraph at lines 61--62
[][]
[]
[22]) (./supplemental-sections/v1.tex
<supplemental-sections/cv-1786798.pdf, id=110, 614.295pt x 794.97pt>
[23]) (./supplemental-sections/v1.tex [24]
<supplemental-sections/cv-1786798.pdf, id=118, 614.295pt x 794.97pt>
File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf used on input line 4.
@ -930,7 +932,7 @@ File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf used on input line 4.
(pdftex.def) Requested size: 614.29349pt x 794.96806pt.
<supplemental-sections/cv-1786798.pdf, id=113, page=1, 614.295pt x 794.97pt>
<supplemental-sections/cv-1786798.pdf, id=121, page=1, 614.295pt x 794.97pt>
File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf, page 1>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf , page1 used on input line 4.
@ -939,7 +941,7 @@ File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf, page 1>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf , page1 used on input line 4.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[23]
[25]
File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf, page 1>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf , page1 used on input line 4.
@ -952,10 +954,10 @@ File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf, page 1>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf , page1 used on input line 4.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[24
[26
<./supplemental-sections/cv-1786798.pdf>]
<supplemental-sections/cv-1786798.pdf, id=134, page=2, 614.295pt x 794.97pt>
<supplemental-sections/cv-1786798.pdf, id=141, page=2, 614.295pt x 794.97pt>
File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf, page 2>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf , page2 used on input line 4.
@ -967,81 +969,76 @@ Package pdftex.def Info: supplemental-sections/cv-1786798.pdf , page2 used on in
File: supplemental-sections/cv-1786798.pdf Graphic file (type pdf)
<use supplemental-sections/cv-1786798.pdf, page 2>
Package pdftex.def Info: supplemental-sections/cv-1786798.pdf , page2 used on input line 4.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[25
<./supplemental-sections/cv-1786798.pdf>]
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=138, 614.295pt x 794.97pt>
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf used on input line 7.
(pdftex.def) Requested size: 614.29349pt x 794.96806pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf used on input line 7.
(pdftex.def) Requested size: 614.29349pt x 794.96806pt.
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=141, page=1, 614.295pt x 794.97pt>
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.29349pt x 794.96806pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[26]
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[27
<./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>]
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=165, page=2, 614.295pt x 794.97pt>
<./supplemental-sections/cv-1786798.pdf>]
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=145, 614.295pt x 794.97pt>
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 2>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page2 used on input line 7.
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf used on input line 7.
(pdftex.def) Requested size: 614.29349pt x 794.96806pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf used on input line 7.
(pdftex.def) Requested size: 614.29349pt x 794.96806pt.
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=148, page=1, 614.295pt x 794.97pt>
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.29349pt x 794.96806pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[28]
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 2>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page2 used on input line 7.
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 2>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page2 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[28
<./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>]
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=169, page=3, 614.295pt x 794.97pt>
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 3>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page3 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 3>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page3 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 3>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page3 used on input line 7.
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 1>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page1 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[29
<./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>]) [30] (./main.bbl
Underfull \hbox (badness 10000) in paragraph at lines 25--28
\OT1/cmtt/m/n/12 nuclear . org / information -[] library / safety -[] and -[] security / safety -[] of -[]
[]
<./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>]
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=172, page=2, 614.295pt x 794.97pt>
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 2>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page2 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 2>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page2 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 2>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page2 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[30
) [31] (./main.aux)
<./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>]
<supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, id=177, page=3, 614.295pt x 794.97pt>
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 3>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page3 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 3>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page3 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
File: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf Graphic file (type pdf)
<use supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf, page 3>
Package pdftex.def Info: supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf , page3 used on input line 7.
(pdftex.def) Requested size: 614.58406pt x 795.3441pt.
[31
<./supplemental-sections/High_Assurance_Autonomous_Control_Systems.pdf>]) [32] (./main.aux)
***********
LaTeX2e <2023-11-01> patch level 1
L3 programming layer <2024-01-22>
@ -1050,23 +1047,20 @@ L3 programming layer <2024-01-22>
LaTeX Warning: There were undefined references.
LaTeX Warning: Label(s) may have changed. Rerun to get cross-references right.
)
Here is how much of TeX's memory you used:
26054 strings out of 476182
542860 string characters out of 5795595
26056 strings out of 476182
542834 string characters out of 5795595
1947975 words of memory out of 5000000
47473 multiletter control sequences out of 15000+600000
47475 multiletter control sequences out of 15000+600000
596976 words of font info for 119 fonts, out of 8000000 for 9000
14 hyphenation exceptions out of 8191
110i,17n,107p,1062b,952s stack positions out of 10000i,1000n,20000p,200000b,200000s
</usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmmi10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texlive/texmf-dist/fonts/type1/public/amsfonts/cm/cmtt12.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/symbol/usyr.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmbi8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmr8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmri8a.pfb>
Output written on main.pdf (32 pages, 254817 bytes).
Output written on main.pdf (33 pages, 254858 bytes).
PDF statistics:
222 PDF objects out of 1000 (max. 8388607)
131 compressed objects within 2 object streams
225 PDF objects out of 1000 (max. 8388607)
133 compressed objects within 2 object streams
0 named destinations out of 1000 (max. 500000)
164 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
Writing/ERLM/main.pdf
View File

Binary file not shown.

BIN
Writing/ERLM/main.synctex.gz
View File

Binary file not shown.

6
Writing/ERLM/main.tex
View File

@ -16,12 +16,14 @@
\input{metrics-of-success/v1}
\input{risks-and-contingencies/v1}
\input{broader-impacts/v1}
\newpage
\bibliographystyle{ieeetr}
\bibliography{references}
\newpage
\input{budget/v1}
\input{schedule/v1}
\input{supplemental-sections/v1}
\newpage
\bibliography{references}
% White Paper

605
Writing/ERLM/references.bib
View File

@ -1,363 +1,67 @@
% Foundational Papers
@article{alur1995algorithmic,
title={The algorithmic analysis of hybrid systems},
author={Alur, Rajeev and Courcoubetis, Costas and Halbwachs, Nicolas and Henzinger, Thomas A and Ho, Pei-Hsin and Nicollin, Xavier and Olivero, Alfredo and Sifakis, Joseph and Yovine, Sergio},
journal={Theoretical Computer Science},
volume={138},
number={1},
pages={3--34},
year={1995},
publisher={Elsevier}
@techreport{NUREG-0899,
title = {Guidelines for the Preparation of Emergency Operating Procedures},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {1982},
number = {NUREG-0899}
}
@inproceedings{alur1993hybrid,
title={Hybrid automata: An algorithmic approach to the specification and verification of hybrid systems},
author={Alur, Rajeev and Courcoubetis, Costas and Henzinger, Thomas A and Ho, Pei-Hsin},
booktitle={Hybrid Systems},
pages={209--229},
year={1993},
publisher={Springer}
@misc{10CFR50.34,
title = {{10 CFR Part 50.34}},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {Code of Federal Regulations},
urldate = {2025-12-05},
url = {https://www.nrc.gov/reading-rm/doc-collections/cfr/part050/part050-0034}
}
@article{mitchell2005time,
title={A time-dependent Hamilton-Jacobi formulation of reachable sets for continuous dynamic games},
author={Mitchell, Ian M and Bayen, Alexandre M and Tomlin, Claire J},
journal={IEEE Transactions on Automatic Control},
volume={50},
number={7},
pages={947--957},
year={2005},
publisher={IEEE}
@misc{10CFR55.59,
title = {{10 CFR Part 55.59}},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {Code of Federal Regulations},
urldate = {2025-12-05},
url = {https://www.nrc.gov/reading-rm/doc-collections/cfr/part055/part055-0059}
}
@article{platzer2008differential,
title={Differential dynamic logic for hybrid systems},
author={Platzer, Andr{\'e}},
journal={Journal of Automated Reasoning},
volume={41},
number={2},
pages={143--189},
year={2008},
publisher={Springer}
@techreport{WRPS.Description,
title = {{Westinghouse RPS System Description}},
institution = {Westinghouse Electric Corporation},
url = {https://nrcoe.inl.gov/publicdocs/SystemStudies/rps-w-description.pdf},
urldate = {2025-12-05}
}
@article{platzer2017complete,
title={A complete uniform substitution calculus for differential dynamic logic},
author={Platzer, Andr{\'e}},
journal={Journal of Automated Reasoning},
volume={59},
number={2},
pages={219--265},
year={2017},
publisher={Springer}
@online{gentillon_westinghouse_1999,
title = {Westinghouse Reactor Protection System Unavailability, 1984-1995},
url = {https://digital.library.unt.edu/ark:/67531/metadc620476/},
titleaddon = {{PSA} '99, Washington, {DC} ({US}), 08/22/1999--08/25/1999},
type = {Article},
author = {Gentillon, C. D. and Marksberry, D. and Rasmuson, D. and Calley, M. B. and Eide, S. A. and Wierman, T.},
urldate = {2025-12-05},
date = {1999-08-01},
note = {Number: {INEEL}/{CON}-99-00374
Publisher: Idaho National Engineering and Environmental Laboratory},
file = {Full Text PDF:/home/danesabo/Zotero/storage/7QKWQ8NI/Gentillon et al. - 1999 - Westinghouse Reactor Protection System Unavailability, 1984-1995.pdf:application/pdf},
}
@inproceedings{donze2010robust,
title={Robust satisfaction of temporal logic over real-valued signals},
author={Donz{\'e}, Alexandre and Maler, Oded},
booktitle={International Conference on Formal Modeling and Analysis of Timed Systems},
pages={92--106},
year={2010},
publisher={Springer}
}
% Control Theory and Stability
@article{geromel2006stability,
title={Stability and stabilization of continuous-time switched linear systems},
author={Geromel, Jos{\'e} C and Colaneri, Patrizio},
journal={SIAM Journal on Control and Optimization},
volume={45},
number={5},
pages={1915--1930},
year={2006},
publisher={SIAM}
}
@book{liberzon2003switching,
title={Switching in systems and control},
author={Liberzon, Daniel},
year={2003},
publisher={Birkh{\"a}user Boston}
}
@article{branicky1998multiple,
title={Multiple Lyapunov functions and other analysis tools for switched and hybrid systems},
author={Branicky, Michael S},
journal={IEEE Transactions on Automatic Control},
volume={43},
number={4},
pages={475--482},
year={1998},
publisher={IEEE}
}
% Recent Advances (2020-2025)
@article{yang2024learning,
title={Learning Local Control Barrier Functions for Hybrid Systems},
author={Yang, Shuo and Chen, Yiwei and Yin, Xiang and Mangharam, Rahul},
journal={arXiv preprint arXiv:2401.14907},
year={2024}
}
@inproceedings{su2024switching,
title={Switching Controller Synthesis for Hybrid Systems Against STL Formulas},
author={Su, Mingyu and Vizel, Yakir and Vardi, Moshe Y},
booktitle={International Symposium on Formal Methods},
pages={231--248},
year={2024},
publisher={Springer}
}
@article{yao2024model,
title={Model predictive control of stochastic hybrid systems with signal temporal logic constraints},
author={Yao, Li and Wang, Yiming and Chen, Xiang},
journal={Automatica},
volume={159},
pages={111037},
year={2024},
publisher={Elsevier}
}
@article{yu2024online,
title={Online control synthesis for uncertain systems under signal temporal logic specifications},
author={Yu, Pian and Gao, Yulong and Jiang, Frank J and Johansson, Karl H and Dimarogonas, Dimos V},
journal={The International Journal of Robotics Research},
volume={43},
number={3},
pages={284--307},
year={2024},
publisher={SAGE}
}
% Tools and Frameworks
@inproceedings{meyer2018strix,
title={Strix: Explicit reactive synthesis strikes back!},
author={Meyer, Philipp J and Luttenberger, Michael},
booktitle={International Conference on Computer Aided Verification},
pages={578--586},
year={2018},
publisher={Springer}
}
@techreport{giannakopoulou2022fret,
title={Capturing and Analyzing Requirements with FRET},
author={Giannakopoulou, Dimitra and Mavridou, Anastasia and Rhein, Julian and Pressburger, Thomas and Schumann, Johann and Shi, Nija},
institution={NASA Ames Research Center},
year={2022},
number={NASA/TM-20220007610}
}
@inproceedings{fulton2015keymaera,
title={KeYmaera X: An axiomatic tactical theorem prover for hybrid systems},
author={Fulton, Nathan and Mitsch, Stefan and Quesel, Jan-David and V{\"o}lp, Marcus and Platzer, Andr{\'e}},
booktitle={International Conference on Automated Deduction},
pages={527--538},
year={2015},
publisher={Springer}
}
@inproceedings{frehse2011spaceex,
title={SpaceEx: Scalable verification of hybrid systems},
author={Frehse, Goran and Le Guernic, Colas and Donz{\'e}, Alexandre and Cotton, Scott and Ray, Rajarshi and Lebeltel, Olivier and Ripado, Rodolfo and Girard, Antoine and Dang, Thao and Maler, Oded},
booktitle={International Conference on Computer Aided Verification},
pages={379--395},
year={2011},
publisher={Springer}
}
@inproceedings{chen2013flow,
title={Flow*: An analyzer for non-linear hybrid systems},
author={Chen, Xin and {\'A}brah{\'a}m, Erika and Sankaranarayanan, Sriram},
booktitle={International Conference on Computer Aided Verification},
pages={258--263},
year={2013},
publisher={Springer}
}
@inproceedings{larsen1997uppaal,
title={UPPAAL in a nutshell},
author={Larsen, Kim G and Pettersson, Paul and Yi, Wang},
journal={International Journal on Software Tools for Technology Transfer},
volume={1},
number={1-2},
pages={134--152},
year={1997},
publisher={Springer}
}
% Reachability and Verification
@INPROCEEDINGS{bansal2017hamilton,
author={Bansal, Somil and Chen, Mo and Herbert, Sylvia and Tomlin, Claire J.},
booktitle={2017 IEEE 56th Annual Conference on Decision and Control (CDC)},
title={Hamilton-Jacobi reachability: A brief overview and recent advances},
year={2017},
volume={},
pages={2242-2253},
keywords={Games;Safety;Tools;Trajectory;Tutorials;Level set;Aircraft},
doi={10.1109/CDC.2017.8263977}
}
@article{althoff2021set,
title={Set propagation techniques for reachability analysis},
author={Althoff, Matthias and Frehse, Goran and Girard, Antoine},
journal={Annual Review of Control, Robotics, and Autonomous Systems},
volume={4},
pages={369--395},
year={2021},
publisher={Annual Reviews}
}
@inproceedings{tabuada2004compositional,
title={Compositional abstractions of hybrid control systems},
author={Tabuada, Paulo and Pappas, George J and Lima, Pedro},
journal={Discrete Event Dynamic Systems},
volume={14},
number={2},
pages={203--238},
year={2004},
publisher={Springer}
}
% Applications
@article{varaiya1993smart,
title={Smart cars on smart roads: Problems of control},
author={Varaiya, Pravin},
journal={IEEE Transactions on Automatic Control},
volume={38},
number={2},
pages={195--207},
year={1993},
publisher={IEEE}
}
@article{verlinden2024hybrid,
title={Hybrid reliability modeling of nuclear safety systems: A case study on the reactor protection system of a research reactor},
author={Verlinden, S and Deridder, F and Wagemans, P},
journal={Nuclear Engineering and Design},
volume={417},
pages={112868},
year={2024},
publisher={Elsevier}
}
% Competitions and Benchmarks
@inproceedings{hscc2024proceedings,
title={Proceedings of the 27th ACM International Conference on Hybrid Systems: Computation and Control},
booktitle={HSCC '24},
year={2024},
publisher={ACM},
address={New York, NY, USA}
}
@inproceedings{jacobs2017syntcomp,
title={The 4th reactive synthesis competition (SYNTCOMP 2017): Benchmarks, participants \& results},
author={Jacobs, Swen and Bloem, Roderick and Brenguier, Romain and others},
booktitle={6th Workshop on Synthesis},
year={2017},
series={EPTCS},
volume={260}
}
% Supporting Papers
@article{wabersich2018linear,
title={Linear model predictive safety certification for learning-based control},
author={Wabersich, Kim P and Zeilinger, Melanie N},
journal={Automatica},
volume={97},
pages={48--59},
year={2018},
publisher={Elsevier}
}
@inproceedings{prajna2004safety,
title={Safety verification of hybrid systems using barrier certificates},
author={Prajna, Stephen and Jadbabaie, Ali},
booktitle={International Workshop on Hybrid Systems: Computation and Control},
pages={477--492},
year={2004},
publisher={Springer}
}
@article{ames2017control,
title={Control barrier function based quadratic programs for safety critical systems},
author={Ames, Aaron D and Xu, Xiangru and Grizzle, Jessy W and Tabuada, Paulo},
journal={IEEE Transactions on Automatic Control},
volume={62},
number={8},
pages={3861--3876},
year={2017},
publisher={IEEE}
}
@article{srinivasan2018control,
title={Control of mobile robots using barrier functions under temporal logic specifications},
author={Srinivasan, Mohit and Coogan, Samuel},
journal={IEEE Transactions on Robotics},
volume={37},
number={2},
pages={363--374},
year={2021},
publisher={IEEE}
}
%broader impacts
@techreport{eia_lcoe_2022,
author = {{U.S. Energy Information Administration}},
title = {Levelized Costs of New Generation Resources in the Annual Energy Outlook 2022},
institution = {U.S. Energy Information Administration},
year = {2022},
month = {March},
type = {Report},
url = {https://www.eia.gov/outlooks/aeo/pdf/electricity_generation.pdf},
note = {See Table 1b, page 9}
}
@misc{eesi_datacenter_2024,
author = {{Environmental and Energy Study Institute}},
title = {Data Center Energy Needs Are Upending Power Grids and Threatening the Climate},
howpublished = {Web article},
year = {2024},
url = {https://www.eesi.org/articles/view/data-center-energy-needs-are-upending-power-grids-and-threatening-the-climate},
note = {Accessed: 2025-09-29}
}
@techreport{DOE-HDBK-1028-2009,
title = {Human Performance Handbook},
author = {{U.S. Department of Energy}},
institution = {U.S. Department of Energy},
year = {2009},
number = {DOE-HDBK-1028-2009},
type = {Handbook}
}
@misc{WNA2020,
title = {Safety of Nuclear Power Reactors},
author = {{World Nuclear Association}},
year = {2020},
howpublished = {\url{https://www.world-nuclear.org/information-library/safety-and-security/safety-of-plants/safety-of-nuclear-power-reactors.aspx}}
}
@article{Wang2025,
title = {Analysis of Human Error in Nuclear Power Plant Operations: A Systematic Review of Events from 2007--2020},
author = {Wang, Y. and others},
journal = {Journal of Nuclear Safety},
year = {2025},
note = {Analysis of 190 events at Chinese nuclear power plants}
@online{operator_statistics,
title = {{Operator Licensing}},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {\url{https://www.nrc.gov/reactors/operator-licensing}},
urldate = {2025-11-28},
file = {Operator Licensing | Nuclear Regulatory Commission:/home/danesabo/Zotero/storage/KUP9B5GH/operator-licensing.html:text/html},
}
@misc{10CFR55,
title = {Operators' Licenses},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {10 CFR Part 55},
note = {Code of Federal Regulations}
title = {{Part 55—Operators' Licenses}},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {\url{https://www.nrc.gov/reading-rm/doc-collections/cfr/part055/full-text}},
}
@online{10CFR50.54,
title = {{§ 50.54 Conditions of Licenses}},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {\url{https://www.nrc.gov/reading-rm/doc-collections/cfr/part050/part050-0054}},
urldate = {2025-11-28},
file = {§ 50.54 Conditions of licenses. | Nuclear Regulatory Commission:/home/danesabo/Zotero/storage/THTZUD3T/part050-0054.html:text/html},
}
@techreport{Kemeny1979,
@ -368,180 +72,53 @@
month = {October}
}
@misc{10CFR50,
title = {Domestic Licensing of Production and Utilization Facilities},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {10 CFR Part 50},
note = {Code of Federal Regulations}
@misc{WNA2020,
title = {Safety of Nuclear Power Reactors},
author = {{World Nuclear Association}},
year = {2020},
howpublished = {\url{https://www.world-nuclear.org/information-library/safety-and-security/safety-of-plants/safety-of-nuclear-power-reactors.aspx}}
}
@techreport{NUREG-0899,
title = {Guidelines for the Preparation of Emergency Operating Procedures},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {1982},
number = {NUREG-0899}
@article{hogberg_root_2013,
title = {Root Causes and Impacts of Severe Accidents at Large Nuclear Power Plants},
volume = {42},
issn = {0044-7447},
url = {https://pmc.ncbi.nlm.nih.gov/articles/PMC3606704/},
doi = {10.1007/s13280-013-0382-x},
pages = {267--284},
number = {3},
journaltitle = {Ambio},
shortjournal = {Ambio},
author = {Högberg, Lars},
urldate = {2025-12-05},
date = {2013-04},
pmid = {23423737},
pmcid = {PMC3606704},
file = {Full Text:/home/danesabo/Zotero/storage/E8F2QZGR/Högberg - 2013 - Root Causes and Impacts of Severe Accidents at Large Nuclear Power Plants.pdf:application/pdf},
}
@techreport{IAEA-TECDOC-1580,
title = {Good Practices for Cost Effective Maintenance of Nuclear Power Plants},
author = {{International Atomic Energy Agency}},
institution = {International Atomic Energy Agency},
year = {2007},
number = {TECDOC-1580}
@article{zhang_analysis_2025,
title = {Analysis of human errors in nuclear power plant event reports},
volume = {57},
issn = {1738-5733},
url = {https://www.sciencedirect.com/science/article/pii/S1738573325002554},
doi = {10.1016/j.net.2025.103687},
pages = {103687},
number = {10},
journaltitle = {Nuclear Engineering and Technology},
shortjournal = {Nuclear Engineering and Technology},
author = {Zhang, Meihui and Dai, Licao and Chen, Wenming and Pang, Ensheng},
urldate = {2025-12-05},
date = {2025-10-01},
keywords = {Active errors, {HFACS} model, Latent errors, Licensee event reports},
file = {ScienceDirect Snapshot:/home/danesabo/Zotero/storage/N5R2Z3GL/S1738573325002554.html:text/html},
}
@techreport{NUREG-2114,
title = {Cognitive Basis for Human Reliability Analysis},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {2016},
number = {NUREG-2114}
}
@article{Zerovnik2023,
title = {Knowledge Transfer Challenges in Nuclear Operations},
author = {\v{Z}erovnik, Gašper and others},
journal = {Nuclear Engineering and Design},
year = {2023},
note = {Analysis of knowledge transfer from experienced operators}
}
@article{Jo2021,
title = {Automation Paradox in Nuclear Power Plant Control: Effects on Operator Situation Awareness},
author = {Jo, Y. and others},
journal = {Nuclear Engineering and Technology},
year = {2021},
note = {Empirical study of automation effects on operator performance}
}
@techreport{IAEA2008,
title = {Modern Instrumentation and Control for Nuclear Power Plants: A Guidebook},
author = {{International Atomic Energy Agency}},
institution = {International Atomic Energy Agency},
year = {2008},
number = {Technical Reports Series No. 387}
}
@article{Lee2019,
title = {Autonomous Control of Nuclear Reactors Using Long Short-Term Memory Networks},
author = {Lee, D. and others},
journal = {Nuclear Engineering and Technology},
year = {2019},
note = {Demonstration of LSTM-based autonomous control in LOC and SGTR scenarios}
}
@inproceedings{IEEE2019,
title = {Formal Verification Challenges for Nuclear I\&C Systems},
author = {{IEEE Working Group}},
booktitle = {IEEE Conference on Nuclear Power Instrumentation, Control and Human-Machine Interface Technologies},
year = {2019},
note = {Discussion of state space explosion in formal verification}
}
@misc{IAEA-severe-accidents,
title = {Human Error as Root Cause in Severe Nuclear Accidents},
author = {{International Atomic Energy Agency}},
howpublished = {IAEA Safety Report},
note = {Analysis of TMI, Chernobyl, and Fukushima accidents}
}
@article{Dumas1999,
title = {Worker Error and Safety in Nuclear Facilities},
author = {Dumas, Lloyd},
journal = {Journal of Nuclear Safety},
year = {1999},
note = {Study of incidents at 10 nuclear centers}
}
@techreport{IAEA-INSAG-1,
title = {Summary Report on the Post-Accident Review Meeting on the Chernobyl Accident},
author = {{International Nuclear Safety Advisory Group}},
institution = {International Atomic Energy Agency},
year = {1986},
number = {INSAG-1}
}
@techreport{IAEA-INSAG-7,
title = {The Chernobyl Accident: Updating of INSAG-1},
author = {{International Nuclear Safety Advisory Group}},
institution = {International Atomic Energy Agency},
year = {1992},
number = {INSAG-7}
}
@techreport{NUREG-CR-1278,
title = {Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications (THERP)},
author = {Swain, A. D. and Guttmann, H. E.},
institution = {U.S. Nuclear Regulatory Commission},
year = {1983},
number = {NUREG/CR-1278}
}
@techreport{NUREG-CR-6883,
title = {The SPAR-H Human Reliability Analysis Method},
author = {Gertman, D. and others},
institution = {U.S. Nuclear Regulatory Commission},
year = {2005},
number = {NUREG/CR-6883}
}
@techreport{NUREG-2127,
title = {International HRA Empirical Study: Phase 1 Report},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {2013},
number = {NUREG-2127}
}
@article{Rasmussen1983,
title = {Skills, Rules, and Knowledge; Signals, Signs, and Symbols, and Other Distinctions in Human Performance Models},
author = {Rasmussen, J.},
journal = {IEEE Transactions on Systems, Man, and Cybernetics},
year = {1983},
volume = {SMC-13},
number = {3},
pages = {257--266}
}
@article{Miller1956,
title = {The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information},
author = {Miller, George A.},
journal = {Psychological Review},
year = {1956},
volume = {63},
number = {2},
pages = {81--97}
}
@techreport{NUREG-2256,
title = {Integrated Human Event Analysis System for Emergency Crew Actions (IDHEAS-ECA)},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {2022},
number = {NUREG-2256}
}
@book{Reason1990,
title = {Human Error},
author = {Reason, James},
publisher = {Cambridge University Press},
year = {1990}
}
@article{Lee2018,
title = {Deep Reinforcement Learning for Autonomous Nuclear Reactor Control},
author = {Lee, D. and others},
journal = {Nuclear Engineering and Design},
year = {2018},
note = {Demonstration of autonomous control superior to human-plus-automation}
}
@techreport{Kiniry2022,
@techreport{Kiniry2024,
title = {High Assurance Rigorous Digital Engineering for Nuclear Safety (HARDENS) Final Technical Report},
author = {Kiniry, Joseph and Bakst, Alexander and Podhradsky, Michal and Hansen, Simon and Bivin, Andrew},
author = {Kiniry, Joseph and Bakst, Alexander and Hansen, Simon and Podhradsky, Michal and Bivin, Andrew},
institution = {Galois, Inc. / U.S. Nuclear Regulatory Commission},
year = {2022},
number = {ML22326A307},
year = {2024},
number = {TLR-RES-RES/DE-2024-005},
note = {NRC Contract 31310021C0014}
}

547
Writing/ERLM/references_old.bib Normal file
View File

@ -0,0 +1,547 @@
% Foundational Papers
@article{alur1995algorithmic,
title={The algorithmic analysis of hybrid systems},
author={Alur, Rajeev and Courcoubetis, Costas and Halbwachs, Nicolas and Henzinger, Thomas A and Ho, Pei-Hsin and Nicollin, Xavier and Olivero, Alfredo and Sifakis, Joseph and Yovine, Sergio},
journal={Theoretical Computer Science},
volume={138},
number={1},
pages={3--34},
year={1995},
publisher={Elsevier}
}
@inproceedings{alur1993hybrid,
title={Hybrid automata: An algorithmic approach to the specification and verification of hybrid systems},
author={Alur, Rajeev and Courcoubetis, Costas and Henzinger, Thomas A and Ho, Pei-Hsin},
booktitle={Hybrid Systems},
pages={209--229},
year={1993},
publisher={Springer}
}
@article{mitchell2005time,
title={A time-dependent Hamilton-Jacobi formulation of reachable sets for continuous dynamic games},
author={Mitchell, Ian M and Bayen, Alexandre M and Tomlin, Claire J},
journal={IEEE Transactions on Automatic Control},
volume={50},
number={7},
pages={947--957},
year={2005},
publisher={IEEE}
}
@article{platzer2008differential,
title={Differential dynamic logic for hybrid systems},
author={Platzer, Andr{\'e}},
journal={Journal of Automated Reasoning},
volume={41},
number={2},
pages={143--189},
year={2008},
publisher={Springer}
}
@article{platzer2017complete,
title={A complete uniform substitution calculus for differential dynamic logic},
author={Platzer, Andr{\'e}},
journal={Journal of Automated Reasoning},
volume={59},
number={2},
pages={219--265},
year={2017},
publisher={Springer}
}
@inproceedings{donze2010robust,
title={Robust satisfaction of temporal logic over real-valued signals},
author={Donz{\'e}, Alexandre and Maler, Oded},
booktitle={International Conference on Formal Modeling and Analysis of Timed Systems},
pages={92--106},
year={2010},
publisher={Springer}
}
% Control Theory and Stability
@article{geromel2006stability,
title={Stability and stabilization of continuous-time switched linear systems},
author={Geromel, Jos{\'e} C and Colaneri, Patrizio},
journal={SIAM Journal on Control and Optimization},
volume={45},
number={5},
pages={1915--1930},
year={2006},
publisher={SIAM}
}
@book{liberzon2003switching,
title={Switching in systems and control},
author={Liberzon, Daniel},
year={2003},
publisher={Birkh{\"a}user Boston}
}
@article{branicky1998multiple,
title={Multiple Lyapunov functions and other analysis tools for switched and hybrid systems},
author={Branicky, Michael S},
journal={IEEE Transactions on Automatic Control},
volume={43},
number={4},
pages={475--482},
year={1998},
publisher={IEEE}
}
% Recent Advances (2020-2025)
@article{yang2024learning,
title={Learning Local Control Barrier Functions for Hybrid Systems},
author={Yang, Shuo and Chen, Yiwei and Yin, Xiang and Mangharam, Rahul},
journal={arXiv preprint arXiv:2401.14907},
year={2024}
}
@inproceedings{su2024switching,
title={Switching Controller Synthesis for Hybrid Systems Against STL Formulas},
author={Su, Mingyu and Vizel, Yakir and Vardi, Moshe Y},
booktitle={International Symposium on Formal Methods},
pages={231--248},
year={2024},
publisher={Springer}
}
@article{yao2024model,
title={Model predictive control of stochastic hybrid systems with signal temporal logic constraints},
author={Yao, Li and Wang, Yiming and Chen, Xiang},
journal={Automatica},
volume={159},
pages={111037},
year={2024},
publisher={Elsevier}
}
@article{yu2024online,
title={Online control synthesis for uncertain systems under signal temporal logic specifications},
author={Yu, Pian and Gao, Yulong and Jiang, Frank J and Johansson, Karl H and Dimarogonas, Dimos V},
journal={The International Journal of Robotics Research},
volume={43},
number={3},
pages={284--307},
year={2024},
publisher={SAGE}
}
% Tools and Frameworks
@inproceedings{meyer2018strix,
title={Strix: Explicit reactive synthesis strikes back!},
author={Meyer, Philipp J and Luttenberger, Michael},
booktitle={International Conference on Computer Aided Verification},
pages={578--586},
year={2018},
publisher={Springer}
}
@techreport{giannakopoulou2022fret,
title={Capturing and Analyzing Requirements with FRET},
author={Giannakopoulou, Dimitra and Mavridou, Anastasia and Rhein, Julian and Pressburger, Thomas and Schumann, Johann and Shi, Nija},
institution={NASA Ames Research Center},
year={2022},
number={NASA/TM-20220007610}
}
@inproceedings{fulton2015keymaera,
title={KeYmaera X: An axiomatic tactical theorem prover for hybrid systems},
author={Fulton, Nathan and Mitsch, Stefan and Quesel, Jan-David and V{\"o}lp, Marcus and Platzer, Andr{\'e}},
booktitle={International Conference on Automated Deduction},
pages={527--538},
year={2015},
publisher={Springer}
}
@inproceedings{frehse2011spaceex,
title={SpaceEx: Scalable verification of hybrid systems},
author={Frehse, Goran and Le Guernic, Colas and Donz{\'e}, Alexandre and Cotton, Scott and Ray, Rajarshi and Lebeltel, Olivier and Ripado, Rodolfo and Girard, Antoine and Dang, Thao and Maler, Oded},
booktitle={International Conference on Computer Aided Verification},
pages={379--395},
year={2011},
publisher={Springer}
}
@inproceedings{chen2013flow,
title={Flow*: An analyzer for non-linear hybrid systems},
author={Chen, Xin and {\'A}brah{\'a}m, Erika and Sankaranarayanan, Sriram},
booktitle={International Conference on Computer Aided Verification},
pages={258--263},
year={2013},
publisher={Springer}
}
@inproceedings{larsen1997uppaal,
title={UPPAAL in a nutshell},
author={Larsen, Kim G and Pettersson, Paul and Yi, Wang},
journal={International Journal on Software Tools for Technology Transfer},
volume={1},
number={1-2},
pages={134--152},
year={1997},
publisher={Springer}
}
% Reachability and Verification
@INPROCEEDINGS{bansal2017hamilton,
author={Bansal, Somil and Chen, Mo and Herbert, Sylvia and Tomlin, Claire J.},
booktitle={2017 IEEE 56th Annual Conference on Decision and Control (CDC)},
title={Hamilton-Jacobi reachability: A brief overview and recent advances},
year={2017},
volume={},
pages={2242-2253},
keywords={Games;Safety;Tools;Trajectory;Tutorials;Level set;Aircraft},
doi={10.1109/CDC.2017.8263977}
}
@article{althoff2021set,
title={Set propagation techniques for reachability analysis},
author={Althoff, Matthias and Frehse, Goran and Girard, Antoine},
journal={Annual Review of Control, Robotics, and Autonomous Systems},
volume={4},
pages={369--395},
year={2021},
publisher={Annual Reviews}
}
@inproceedings{tabuada2004compositional,
title={Compositional abstractions of hybrid control systems},
author={Tabuada, Paulo and Pappas, George J and Lima, Pedro},
journal={Discrete Event Dynamic Systems},
volume={14},
number={2},
pages={203--238},
year={2004},
publisher={Springer}
}
% Applications
@article{varaiya1993smart,
title={Smart cars on smart roads: Problems of control},
author={Varaiya, Pravin},
journal={IEEE Transactions on Automatic Control},
volume={38},
number={2},
pages={195--207},
year={1993},
publisher={IEEE}
}
@article{verlinden2024hybrid,
title={Hybrid reliability modeling of nuclear safety systems: A case study on the reactor protection system of a research reactor},
author={Verlinden, S and Deridder, F and Wagemans, P},
journal={Nuclear Engineering and Design},
volume={417},
pages={112868},
year={2024},
publisher={Elsevier}
}
% Competitions and Benchmarks
@inproceedings{hscc2024proceedings,
title={Proceedings of the 27th ACM International Conference on Hybrid Systems: Computation and Control},
booktitle={HSCC '24},
year={2024},
publisher={ACM},
address={New York, NY, USA}
}
@inproceedings{jacobs2017syntcomp,
title={The 4th reactive synthesis competition (SYNTCOMP 2017): Benchmarks, participants \& results},
author={Jacobs, Swen and Bloem, Roderick and Brenguier, Romain and others},
booktitle={6th Workshop on Synthesis},
year={2017},
series={EPTCS},
volume={260}
}
% Supporting Papers
@article{wabersich2018linear,
title={Linear model predictive safety certification for learning-based control},
author={Wabersich, Kim P and Zeilinger, Melanie N},
journal={Automatica},
volume={97},
pages={48--59},
year={2018},
publisher={Elsevier}
}
@inproceedings{prajna2004safety,
title={Safety verification of hybrid systems using barrier certificates},
author={Prajna, Stephen and Jadbabaie, Ali},
booktitle={International Workshop on Hybrid Systems: Computation and Control},
pages={477--492},
year={2004},
publisher={Springer}
}
@article{ames2017control,
title={Control barrier function based quadratic programs for safety critical systems},
author={Ames, Aaron D and Xu, Xiangru and Grizzle, Jessy W and Tabuada, Paulo},
journal={IEEE Transactions on Automatic Control},
volume={62},
number={8},
pages={3861--3876},
year={2017},
publisher={IEEE}
}
@article{srinivasan2018control,
title={Control of mobile robots using barrier functions under temporal logic specifications},
author={Srinivasan, Mohit and Coogan, Samuel},
journal={IEEE Transactions on Robotics},
volume={37},
number={2},
pages={363--374},
year={2021},
publisher={IEEE}
}
%broader impacts
@techreport{eia_lcoe_2022,
author = {{U.S. Energy Information Administration}},
title = {Levelized Costs of New Generation Resources in the Annual Energy Outlook 2022},
institution = {U.S. Energy Information Administration},
year = {2022},
month = {March},
type = {Report},
url = {https://www.eia.gov/outlooks/aeo/pdf/electricity_generation.pdf},
note = {See Table 1b, page 9}
}
@misc{eesi_datacenter_2024,
author = {{Environmental and Energy Study Institute}},
title = {Data Center Energy Needs Are Upending Power Grids and Threatening the Climate},
howpublished = {Web article},
year = {2024},
url = {https://www.eesi.org/articles/view/data-center-energy-needs-are-upending-power-grids-and-threatening-the-climate},
note = {Accessed: 2025-09-29}
}
@techreport{DOE-HDBK-1028-2009,
title = {Human Performance Handbook},
author = {{U.S. Department of Energy}},
institution = {U.S. Department of Energy},
year = {2009},
number = {DOE-HDBK-1028-2009},
type = {Handbook}
}
@misc{WNA2020,
title = {Safety of Nuclear Power Reactors},
author = {{World Nuclear Association}},
year = {2020},
howpublished = {\url{https://www.world-nuclear.org/information-library/safety-and-security/safety-of-plants/safety-of-nuclear-power-reactors.aspx}}
}
@article{Wang2025,
title = {Analysis of Human Error in Nuclear Power Plant Operations: A Systematic Review of Events from 2007--2020},
author = {Wang, Y. and others},
journal = {Journal of Nuclear Safety},
year = {2025},
note = {Analysis of 190 events at Chinese nuclear power plants}
}
@misc{10CFR55,
title = {Operators' Licenses},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {10 CFR Part 55},
note = {Code of Federal Regulations}
}
@techreport{Kemeny1979,
title = {Report of the President's Commission on the Accident at Three Mile Island},
author = {Kemeny, John G. and others},
institution = {President's Commission on the Accident at Three Mile Island},
year = {1979},
month = {October}
}
@misc{10CFR50,
title = {Domestic Licensing of Production and Utilization Facilities},
author = {{U.S. Nuclear Regulatory Commission}},
howpublished = {10 CFR Part 50},
note = {Code of Federal Regulations}
}
@techreport{NUREG-0899,
title = {Guidelines for the Preparation of Emergency Operating Procedures},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {1982},
number = {NUREG-0899}
}
@techreport{IAEA-TECDOC-1580,
title = {Good Practices for Cost Effective Maintenance of Nuclear Power Plants},
author = {{International Atomic Energy Agency}},
institution = {International Atomic Energy Agency},
year = {2007},
number = {TECDOC-1580}
}
@techreport{NUREG-2114,
title = {Cognitive Basis for Human Reliability Analysis},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {2016},
number = {NUREG-2114}
}
@article{Zerovnik2023,
title = {Knowledge Transfer Challenges in Nuclear Operations},
author = {\v{Z}erovnik, Gašper and others},
journal = {Nuclear Engineering and Design},
year = {2023},
note = {Analysis of knowledge transfer from experienced operators}
}
@article{Jo2021,
title = {Automation Paradox in Nuclear Power Plant Control: Effects on Operator Situation Awareness},
author = {Jo, Y. and others},
journal = {Nuclear Engineering and Technology},
year = {2021},
note = {Empirical study of automation effects on operator performance}
}
@techreport{IAEA2008,
title = {Modern Instrumentation and Control for Nuclear Power Plants: A Guidebook},
author = {{International Atomic Energy Agency}},
institution = {International Atomic Energy Agency},
year = {2008},
number = {Technical Reports Series No. 387}
}
@article{Lee2019,
title = {Autonomous Control of Nuclear Reactors Using Long Short-Term Memory Networks},
author = {Lee, D. and others},
journal = {Nuclear Engineering and Technology},
year = {2019},
note = {Demonstration of LSTM-based autonomous control in LOC and SGTR scenarios}
}
@inproceedings{IEEE2019,
title = {Formal Verification Challenges for Nuclear I\&C Systems},
author = {{IEEE Working Group}},
booktitle = {IEEE Conference on Nuclear Power Instrumentation, Control and Human-Machine Interface Technologies},
year = {2019},
note = {Discussion of state space explosion in formal verification}
}
@misc{IAEA-severe-accidents,
title = {Human Error as Root Cause in Severe Nuclear Accidents},
author = {{International Atomic Energy Agency}},
howpublished = {IAEA Safety Report},
note = {Analysis of TMI, Chernobyl, and Fukushima accidents}
}
@article{Dumas1999,
title = {Worker Error and Safety in Nuclear Facilities},
author = {Dumas, Lloyd},
journal = {Journal of Nuclear Safety},
year = {1999},
note = {Study of incidents at 10 nuclear centers}
}
@techreport{IAEA-INSAG-1,
title = {Summary Report on the Post-Accident Review Meeting on the Chernobyl Accident},
author = {{International Nuclear Safety Advisory Group}},
institution = {International Atomic Energy Agency},
year = {1986},
number = {INSAG-1}
}
@techreport{IAEA-INSAG-7,
title = {The Chernobyl Accident: Updating of INSAG-1},
author = {{International Nuclear Safety Advisory Group}},
institution = {International Atomic Energy Agency},
year = {1992},
number = {INSAG-7}
}
@techreport{NUREG-CR-1278,
title = {Handbook of Human Reliability Analysis with Emphasis on Nuclear Power Plant Applications (THERP)},
author = {Swain, A. D. and Guttmann, H. E.},
institution = {U.S. Nuclear Regulatory Commission},
year = {1983},
number = {NUREG/CR-1278}
}
@techreport{NUREG-CR-6883,
title = {The SPAR-H Human Reliability Analysis Method},
author = {Gertman, D. and others},
institution = {U.S. Nuclear Regulatory Commission},
year = {2005},
number = {NUREG/CR-6883}
}
@techreport{NUREG-2127,
title = {International HRA Empirical Study: Phase 1 Report},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {2013},
number = {NUREG-2127}
}
@article{Rasmussen1983,
title = {Skills, Rules, and Knowledge; Signals, Signs, and Symbols, and Other Distinctions in Human Performance Models},
author = {Rasmussen, J.},
journal = {IEEE Transactions on Systems, Man, and Cybernetics},
year = {1983},
volume = {SMC-13},
number = {3},
pages = {257--266}
}
@article{Miller1956,
title = {The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information},
author = {Miller, George A.},
journal = {Psychological Review},
year = {1956},
volume = {63},
number = {2},
pages = {81--97}
}
@techreport{NUREG-2256,
title = {Integrated Human Event Analysis System for Emergency Crew Actions (IDHEAS-ECA)},
author = {{U.S. Nuclear Regulatory Commission}},
institution = {U.S. Nuclear Regulatory Commission},
year = {2022},
number = {NUREG-2256}
}
@book{Reason1990,
title = {Human Error},
author = {Reason, James},
publisher = {Cambridge University Press},
year = {1990}
}
@article{Lee2018,
title = {Deep Reinforcement Learning for Autonomous Nuclear Reactor Control},
author = {Lee, D. and others},
journal = {Nuclear Engineering and Design},
year = {2018},
note = {Demonstration of autonomous control superior to human-plus-automation}
}
@techreport{Kiniry2022,
title = {High Assurance Rigorous Digital Engineering for Nuclear Safety (HARDENS) Final Technical Report},
author = {Kiniry, Joseph and Bakst, Alexander and Podhradsky, Michal and Hansen, Simon and Bivin, Andrew},
institution = {Galois, Inc. / U.S. Nuclear Regulatory Commission},
year = {2022},
number = {ML22326A307},
note = {NRC Contract 31310021C0014}
}

138
Writing/ERLM/state-of-the-art/v6.tex
View File

@ -17,11 +17,11 @@ Emergency Operating Procedures (EOPs) for design-basis accidents, Severe
Accident Management Guidelines (SAMGs) for beyond-design-basis events, and
Extensive Damage Mitigation Guidelines (EDMGs) for catastrophic damage
scenarios. These procedures must comply with 10 CFR 50.34(b)(6)(ii) and are
developed using guidance from NUREG-0899~\cite{NUREG-0899}, but their
developed using guidance from NUREG-0900~\cite{NUREG-0899, 10CFR50.34}, but their
development process relies fundamentally on expert judgment and simulator
validation rather than formal verification. Procedures undergo technical
evaluation, simulator validation testing, and biennial review as part of
operator requalification under 10 CFR 55.59~\cite{10CFR55}. Despite these
operator requalification under 10 CFR 55.59~\cite{10CFR55.59}. Despite these
rigorous development processes, procedures fundamentally lack formal
verification of key safety properties. There is no mathematical proof that
procedures cover all possible plant states, that required actions can be
@ -38,29 +38,30 @@ computer-based procedure systems lack the formal guarantees that automated
reasoning could provide.
Nuclear plants operate with multiple control modes: automatic control where the
reactor control system maintains target parameters through continuous rod
adjustment, manual control where operators directly manipulate control rods, and
reactor control system maintains target parameters through continuous reactivity
adjustment, manual control where operators directly manipulate the reactor, and
various intermediate modes. In typical pressurized water reactor operation, the
reactor control system automatically maintains a floating average temperature,
compensating for changes in power demand with reactivity feedback loops alone.
Safety systems instead operate with implemented automation. Reactor
reactor control system automatically maintains a floating average temperature
and compensates for changes in power demand with reactivity feedback loops
alone. Safety systems instead operate with implemented automation. Reactor
Protection Systems trip automatically on safety signals with millisecond
response times, and engineered safety features actuate automatically on accident
signals without operator action required.
The current division between automated and human-controlled functions
reveals the fundamental challenge of hybrid control. Highly
automated systems handle reactor protection like automatic trips on safety
parameters, emergency core cooling actuation, containment isolation,
and basic process control. Human operators, however, retain control of
strategic decision-making such as power level changes, startup/shutdown
sequences, mode transitions, and procedure implementation. %%%NEED MORE
\textbf{LIMITATION:} \textit{Current practice treats continuous plant
dynamics and discrete control logic separately.} No application of
hybrid control theory exists that could provide mathematical guarantees
across mode transitions, verify timing properties formally, or optimize
the automation-human interaction trade-off with provable safety bounds.
% \textbf{LIMITATION:} \textit{Current practice treats continuous plant
% dynamics and discrete control logic separately.} No application of
% hybrid control theory exists that could provide mathematical guarantees
% across mode transitions, verify timing properties formally, or optimize
% the automation-human interaction trade-off with provable safety bounds.
%
The current division between automated and human-controlled functions reveals
the fundamental challenge of hybrid control. Highly automated systems handle
reactor protection like automatic trips on safety parameters, emergency core
cooling actuation, containment isolation, and basic process
control~\cite{WRPS.Description, gentillon_westinghouse_1999}. Human operators,
however, retain control of strategic decision-making such as power level
changes, startup/shutdown sequences, mode transitions, and procedure
implementation. %%%NEED MORE
\subsection{Human Factors in Nuclear Accidents}
@ -70,50 +71,39 @@ most compelling motivation for formal automated control with
mathematical safety guarantees.
Current generation nuclear power plants employ 3,600+ active NRC-licensed
reactor operators in the United States. These operators are divided into Reactor
Operators (ROs) who manipulate reactor controls and Senior Reactor Operators
(SROs) who direct plant operations and serve as shift
supervisors~\cite{10CFR55}. Staffing typically requires 2+ ROs with at least one
SRO for current generation units~\cite{NRC WEBSITE IN ZOTERO FOR PRES}. To
become a reactor operator, an individual spends several years to pass completed
training~\cite{ALSO IN PRES FOLDER}. Current generation nuclear power plants
employ 3,600+ active NRC-licensed reactor operators in the United States. These
reactor operators in the United States~\cite{operator_statistics}. These
operators are divided into Reactor Operators (ROs) who manipulate reactor
controls and Senior Reactor Operators (SROs) who direct plant operations and
serve as shift supervisors~\cite{10CFR55}. Staffing typically requires 2+ ROs
with at least one SRO for current generation units~\cite{NRC WEBSITE IN ZOTERO
FOR PRES}. To become a reactor operator, an individual spends several years to
pass completed training~\cite{ALSO IN PRES FOLDER}.
with at least one SRO for current generation units~\cite{10CFR50.54}. To become
a reactor operator, an individual spends several years to pass completed
training.
The role of these human operators is paradoxically both critical and
problematic. Operators hold legal authority under 10 CFR Part 55 to make
critical decisions including departing from normal regulations during
emergencies. The Three Mile Island (TMI) accident demonstrated how ``combination
of personnel error, design deficiencies, and component failures'' led to partial
meltdown when operators ``misread confusing and contradictory readings and shut
off the emergency water system''~\cite{Kemeny1979}. The President's Commission
on TMI identified a fundamental ambiguity: placing ``responsibility and
accountability for safe power plant operations...on the licensee in all
circumstances'' without formal verification that operators can fulfill this
responsibility under all conditions~\cite{Kemeny1979}.% CHECK THIS SOURCE...
This tension between operational flexibility and safety assurance remains
unresolved in current practice as the person responsible for reactor safety
simultaneously is usually the root cause of a failure.
emergencies. The Three Mile Island (TMI) accident demonstrated how combination
of personnel error, design deficiencies, and component failures led to partial
meltdown when operators misread confusing and contradictory readings and shut
off the emergency water system~\cite{Kemeny1979}. The President's Commission on
TMI identified a fundamental ambiguity: placing responsibility and
accountability for safe power plant operations on the licensee in all
circumstances without formal verification that operators can fulfill this
responsibility under all conditions does not guarantee safety. This tension
between operational flexibility and safety assurance remains unresolved in
current practice as the person responsible for reactor safety simultaneously is
usually the root cause of a failure.
Multiple independent analyses converge on a striking statistic: 70--80\%
of all nuclear power plant events are attributed to human error versus
approximately 20\% to equipment failures~\cite{DOE-HDBK-1028-2009,WNA2020}. More
significantly, the International Atomic Energy Agency concluded that ``human
error was the root cause of all severe accidents at nuclear power plants''---a
categorical statement spanning Three Mile Island, Chernobyl, and Fukushima
Daiichi~\cite{IAEA-severe-accidents}. A detailed analysis of 190 events at
Chinese nuclear power plants from 2007--2020~\cite{Wang2025} found that 53\% of
events involved active errors while 92\% were associated with latent errors
(organizational and systemic weaknesses that create conditions for failure). The
persistence of this 70--80\% human error contribution despite four decades of
continuous improvements in operator training, control room design, procedures,
and human factors engineering. This suggests fundamental cognitive limitations
rather than remediable deficiencies. %check all of these sources
Multiple independent analyses converge on a striking statistic: 70--80\% of all
nuclear power plant events are attributed to human error versus approximately
20\% to equipment failures~\cite{WNA2020}. More significantly, the root cause of
all severe accidents at nuclear power plants such as those at Three Mile Island,
Chernobyl, and Fukushima Daiichi, has been identified as poor safety management
and poor safety culture--primarily human factors~\cite{hogberg_root_2013}. A
detailed analysis of 190 events at Chinese nuclear power plants from
2007--2020~\cite{zhang_analysis_2025} found that 53\% of events involved active
errors while 92\% were associated with latent errors (organizational and
systemic weaknesses that create conditions for failure).
%%%%% This seems like a bad paragraph. Doesn't really connect with the idea of
%%%%% autonomy. Seems more like a design issue for the control room. With more
@ -139,37 +129,31 @@ rather than remediable deficiencies. %check all of these sources
% assessed through expert judgment and historical data alone.
% % how does autonomy fix these issues exactly? This seems like
\textbf{LIMITATION:} \textit{Human factors impose fundamental reliability
limits that cannot be overcome through training alone.} Response time
limitations constrain human effectiveness---reactor protection systems
must respond in milliseconds, 100--1000 times faster than human
operators. Cognitive biases systematically distort judgment:
confirmation bias, overconfidence, and anchoring bias are inherent
features of human cognition, not individual failings~\cite{Reason1990}.
The persistent 70--80\% human error contribution despite four decades of
improvements demonstrates that these limitations are fundamental
rather than remediable part of human-driven control.
\textbf{LIMITATION:} \textit{Human factors impose fundamental reliability limits
that cannot be overcome through training alone.} The persistent human
error contribution despite four decades of improvements demonstrates that these
limitations are fundamental rather than remediable part of human-driven control.
\subsection{HARDENS and Formal Methods}
The High Assurance Rigorous Digital Engineering for Nuclear Safety (HARDENS)
project represents the most advanced application of formal methods to nuclear
reactor control systems to date. HARDENS aimed to address the nuclear industry's
reactor control systems to date~\cite{Kiniry2024}. HARDENS aimed to address the nuclear industry's
fundamental dilemma: existing U.S. nuclear control rooms rely on analog
technologies from the 1950s--60s. This technology is woefully out of date
compared to modern control technologies, and incurs significant risk and cost to
plant operation. The NRC contracted Galois to demonstrate that Model-Based
Systems Engineering and formal methods could design, verify, and implement a
complex protection system meeting regulatory criteria at a fraction of typical
cost. The project delivered a Reactor Trip System (RTS) implementation with full
traceability from NRC Request for Proposals and IEEE standards through
formal architecture specifications to formally verified binaries and
hardware running on FPGA demonstrator boards.
plant operation. The NRC contracted Galois, a company of formal methods experts,
to demonstrate that Model-Based Systems Engineering and formal methods could
design, verify, and implement a complex protection system meeting regulatory
criteria at a fraction of typical cost. The project delivered a Reactor Trip
System (RTS) implementation with full traceability from NRC Request for
Proposals and IEEE standards through formal architecture specifications to
formally verified software.
%%% did it actually do an FPGA demonstration? Dubious.
HARDENS employed an array of formal methods tools and techniques across the
verification hierarchy. High-level specifications used Lando, SysMLv2, and FRET
(NASA JPL's Formal Requirements Elicitation Tool) to capture stakeholder
(NASA Formal Requirements Elicitation Tool) to capture stakeholder
requirements, domain engineering, certification requirements, and safety
requirements. % this sentence is long af
Requirements were formally analyzed for consistency, completeness,
@ -202,8 +186,8 @@ safety margins.
HARDENS produced a demonstrator system at Technology Readiness Level 2--3
(analytical proof of concept with laboratory breadboard validation) rather than
a deployment-ready system validated through extended operational testing. The
NRC Final Report explicitly notes~\cite{Kiniry2022}: ``All material is
considered in development and not a finalized product'' and ``The demonstration
NRC Final Report explicitly notes~\cite{Kiniry2024} that all material is
considered in development and not a finalized product and ``The demonstration
of its technical soundness was to be at a level consistent with satisfaction of
the current regulatory criteria, although with no explicit demonstration of how
regulatory requirements are met.'' The project did not include deployment in