danesabo/Obsidian
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Obsidian/Presentations/ERLM/presentation-outline.md
Dane Sabo 2497bb4aa5 Auto sync: 2025-11-12 15:59:19 (110 files changed) 
M  .task/backlog.data

M  .task/completed.data

M  .task/pending.data

M  .task/undo.data

A  PLAN_OF_STUDY_111225.pdf

R  Writing/202510270-Emerson-Pres/SaboOneSlide.pdf -> Presentations/202510270-Emerson-Pres/SaboOneSlide.pdf

R  Writing/202510270-Emerson-Pres/beamerthemedane.sty -> Presentations/202510270-Emerson-Pres/beamerthemedane.sty

R  Writing/202510270-Emerson-Pres/beamerthemedane_native.sty -> Presentations/202510270-Emerson-Pres/beamerthemedane_native.sty
2025-11-12 15:59:19 -05:00

371 lines
14 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Presentation Outline: Formally Verified Autonomous Hybrid Control for Nuclear Reactors
**Audience:** Engineering PhDs (not necessarily control, nuclear, or formal methods experts)
**Presentation Style:** Assertion-Evidence
---
## 1. Title Slide
**Assertion:** Autonomous Hybrid Control with Formal Safety Guarantees Enables Economic Viability of Next-Generation Nuclear Power
**Content:**
- Your name, affiliation
- Brief subtitle about bridging formal methods and control theory
---
## 2. The Economic Challenge
**Assertion:** Small modular reactors face an unsustainable staffing cost problem that threatens their economic viability
**Evidence:**
- Comparison chart: staffing costs per MW for conventional vs SMR
- Current requirement: 2+ ROs + 1 SRO per reactor
- Training timeline: up to 6 years to become a reactor operator
- Cost breakdown showing O&M as 23-30% of levelized cost
- Projected datacenter demand reaching 1,050 TWh by 2030 = $21-28B annually in O&M
**Key Message:** Automation is not optional—it's economically essential
---
## 3. The Safety Imperative
**Assertion:** Human operators are the root cause of 70-80% of nuclear incidents despite decades of training improvements
**Evidence:**
- Bar chart: 70-80% human error vs 20% equipment failure
- IAEA statement: "Human error was the root cause of all severe accidents"
- TMI case study visualization:
- 100+ simultaneous alarms
- 44% core meltdown
- 500-fold underestimation of risk
- Human Error Probability table showing degradation under stress:
- Optimal: 0.001-0.01
- Under accident conditions: 0.1-1.0 (essentially guaranteed failure)
**Key Message:** Training alone cannot overcome fundamental cognitive limitations
---
## 4. The Paradox
**Assertion:** Nuclear control faces a fundamental tension—human operators are both essential for flexibility and the primary source of failure
**Evidence:**
- Two-column comparison:
- LEFT: "Why we need humans" (judgment, adaptability, procedure interpretation)
- RIGHT: "Why humans fail" (cognitive limits, stress, 7±2 working memory, response time: seconds vs milliseconds)
- Current division of labor diagram:
- Automated: Emergency protection (trip systems, ECCS)
- Manual: Strategic operations (startup, mode transitions, power changes)
- Quote from TMI Commission about "ambiguity in responsibility"
**Key Message:** We need the reliability of automation with the sophistication of human decision-making
---
## 5. What Are Hybrid Control Systems?
**Assertion:** Hybrid systems combine continuous dynamics with discrete mode switching—exactly how nuclear plants operate
**Evidence:**
- Simple equations showing hybrid dynamics:
- Continuous: ẋ(t) = f(x(t), q(t), u(t))
- Discrete: q(k+1) = ν(x(k), q(k), u(k))
- Intuitive example diagram: Nuclear reactor startup
- Mode 1 (Cold Shutdown): Temperature control
- Transition condition: T > 400°F
- Mode 2 (Heatup): Ramp rate control
- Transition condition: Approach criticality
- Mode 3 (Low Power): Neutron flux control
- Contrast with pure continuous (traditional control) and pure discrete (software)
**Key Message:** Nuclear operations are inherently hybrid—continuous physics with discrete strategic decisions
---
## 6. The Gap in Current Approaches
**Assertion:** Existing methods can handle either continuous dynamics or discrete logic, but not both with formal guarantees
**Evidence:**
- Venn diagram showing the gap:
- Circle 1: Formal Methods (HARDENS) → Discrete logic verification ✓, Continuous dynamics ✗
- Circle 2: Control Theory → Continuous stability ✓, Discrete transitions ✗
- Gap in middle: Hybrid system verification
- HARDENS achievement summary:
- Complete RTS verification in 9 months
- Requirements → verified binaries
- BUT: No continuous dynamics, no closed-loop verification
- TRL 3-4, no experimental validation
**Key Message:** We can verify half the system with existing tools—we need to bridge the gap
---
## 7. Our Three-Thrust Approach
**Assertion:** Unifying discrete synthesis and continuous verification enables end-to-end correctness guarantees for hybrid systems
**Evidence:**
- Pipeline diagram with three stages:
**Thrust 1:** Procedures → Temporal Logic (FRET)
- Input: Written procedures
- Tool: NASA FRET (FRETish language)
- Output: LTL specifications
- Key feature: Realizability checking
**Thrust 2:** Temporal Logic → Discrete Automaton (Reactive Synthesis)
- Input: LTL specifications
- Tool: Strix (reactive synthesis)
- Output: Discrete state machine
- Key feature: Correct by construction
**Thrust 3:** Continuous Controllers + Verification
- Input: Discrete automaton + plant model
- Tools: Reachability analysis, barrier certificates
- Output: Verified continuous modes
- Key feature: Compositional verification
**Key Message:** Each piece uses state-of-the-art tools; innovation is in the integration
---
## 8. Thrust 1: From Procedures to Logic
**Assertion:** NASA's FRET tool systematically translates written procedures into unambiguous temporal logic specifications
**Evidence:**
- Side-by-side example:
- LEFT: Natural language: "If a high temperature alarm triggers, control rods must immediately insert and remain inserted until operator reset"
- RIGHT: Temporal logic: G(HighTemp → X(RodsInserted ∧ (¬RodsWithdrawn U OperatorReset)))
- FRETish structure diagram showing 6 required components:
- Scope | Condition | Component | Shall | Timing | Response
- Realizability checking benefits:
- Detects conflicting requirements
- Identifies undefined behaviors
- Finds "bugs" in procedures before implementation
**Key Message:** FRET bridges human-readable procedures and machine-verifiable specifications
---
## 9. Thrust 2: Synthesizing Discrete Controllers
**Assertion:** Reactive synthesis automatically generates provably correct discrete switching logic from temporal specifications
**Evidence:**
- What is reactive synthesis? Simple explanation:
- Input: Temporal logic formula (what should happen)
- Output: State machine (how to make it happen)
- Guarantee: If a solution exists, it is correct by construction
- Example automaton visualization for reactor mode transitions
- Nodes: Cold Shutdown, Heatup, Low Power, Full Power, SCRAM
- Edges: Transition conditions
- Highlight: This is the "operator's decision-making" automated
- Strix tool performance (SYNTCOMP winner)
**Key Message:** The discrete controller is mathematically guaranteed to follow procedures—no switching errors possible
---
## 10. Thrust 3: Continuous Mode Verification
**Assertion:** Continuous controllers are verified using three complementary techniques that avoid global trajectory analysis
**Evidence:**
- Three types of continuous modes based on transition objectives:
- **Stabilizing:** Stay in current mode (e.g., full-power operation)
- **Transitory:** Drive toward next mode (e.g., startup heatup)
- **Expulsory:** Force to safe mode (e.g., SCRAM)
- Three verification techniques:
1. **Reachability Analysis:**
- Computes reachable state sets
- Verifies boundary conditions are met
- Recent advances: Neural Hamilton-Jacobi for high dimensions
2. **Assume-Guarantee Contracts:**
- Each mode verified with input/output bounds
- Compositional: local verification, global guarantees
3. **Barrier Certificates:**
- Proves safe set forward invariance
- Guarantees transitions occur correctly
- Ensures stability across mode switches
**Key Message:** Local verification of each mode is tractable; composition ensures global correctness
---
## 11. Why This Works: The Key Insight
**Assertion:** Designing continuous controllers after synthesizing the discrete automaton enables local verification instead of intractable global analysis
**Evidence:**
- Problem with traditional approach:
- Design everything at once
- Verify entire trajectory through all modes
- Computationally intractable for complex systems
- Our approach:
- Discrete automaton defines transition boundaries
- Design each continuous mode to satisfy its local transitions
- Use assume-guarantee to chain modes together
- Barrier certificates prove transitions are safe
- Diagram showing modular verification:
- Each mode verified independently
- Interface contracts guarantee composition
- Total system correctness follows from local proofs
**Key Message:** Decomposition is the key to tractable verification
---
## 12. Demonstration: SmAHTR Startup
**Assertion:** Autonomous startup of a Small Modular Advanced High Temperature Reactor provides a rigorous test case spanning multiple coordinated modes
**Evidence:**
- Why SmAHTR?
- Well-documented startup procedures
- Multiple distinct operational modes
- Complex thermal-hydraulics + neutron kinetics
- Representative of next-gen reactor designs
- Startup sequence complexity:
- Cold conditions → Controlled heating → Approach criticality → Low-power physics → Full power
- Multiple coordinated subsystems
- Strict timing and temperature constraints
- Implementation platform:
- High-fidelity Simulink model (thermal-hydraulics + neutron kinetics)
- Emerson Ovation control hardware (industry standard)
- ARCADE integration (hardware-in-the-loop)
- Real-time performance validation
**Key Message:** This is not a toy problem—it's representative of actual deployment challenges
---
## 13. Expected Outcomes
**Assertion:** Success will be measured by progression to TRL 5, demonstrating practical feasibility beyond theoretical proof
**Evidence:**
- TRL progression chart:
- Starting point: TRL 2-3 (basic concepts, HARDENS as precedent)
- Target: TRL 5 (validated prototype in relevant environment)
- Gap: Experimental validation with continuous dynamics
- Three concrete deliverables:
**Outcome 1:** Procedure translation methodology
- Engineers can generate verified controllers from regulatory procedures
- No formal methods expertise required
**Outcome 2:** Continuous verification framework
- Standard control design + iterative verification
- Proof of safe mode transitions
**Outcome 3:** SmAHTR demonstration
- Autonomous startup on industrial hardware
- Hardware-in-the-loop validation
- Path to deployment
**Key Message:** TRL 5 proves both theoretical validity and practical implementability
---
## 14. Broader Impact: Beyond Nuclear
**Assertion:** This methodology generalizes to any safety-critical hybrid system with documented operational procedures
**Evidence:**
- Common pattern across domains:
- Written procedures exist
- Continuous dynamics + discrete decisions
- Safety is paramount
- Autonomy has economic benefits
- Application domains table:
- Chemical process control (batch processes, safety interlocks)
- Aerospace (flight phases, emergency procedures)
- Autonomous transportation (driving modes, emergency maneuvers)
- Medical devices (therapy modes, patient monitoring)
- Economic multiplier:
- Nuclear O&M: $21-28B annually (projected datacenter demand alone)
- Broader safety-critical infrastructure: Much larger
- Regulatory pathway:
- Proving concept in nuclear (highest safety bar)
- Establishes precedent for other industries
- Mathematical proof as regulatory evidence
**Key Message:** Nuclear is the proving ground; impact extends far beyond
---
## 15. Innovation Summary
**Assertion:** The innovation is not in individual techniques but in their systematic integration to bridge a fundamental gap in cyber-physical systems
**Evidence:**
- What's NOT new (but state-of-the-art):
- Temporal logic and reactive synthesis (computer science)
- Reachability analysis and barrier certificates (control theory)
- Hardware-in-the-loop validation (industry practice)
- What IS new:
- **Integration:** Unifying discrete and continuous verification
- **Methodology:** Systematic tool-supported workflow from procedures to verified controller
- **Decomposition:** Local verification with compositional guarantees
- **Practical:** Targets existing industrial hardware (Emerson Ovation)
- Comparison to HARDENS:
- HARDENS: Discrete only, TRL 3-4, no continuous dynamics
- This work: Full hybrid system, TRL 5, hardware-in-the-loop
- Key enabling insight:
- Automaton-first design enables tractable continuous verification
**Key Message:** Standing on the shoulders of giants to solve a previously intractable problem
---
## 16. Timeline and Feasibility
**Assertion:** This research is feasible within a PhD timeline given existing tools, models, and infrastructure access
**Evidence:**
- Existing infrastructure:
- University of Pittsburgh Cyber Energy Center
- Emerson control hardware access
- SmAHTR Simulink model already developed
- ARCADE platform operational
- Industry collaboration channels
- Tool maturity:
- FRET: Production-ready (NASA JPL)
- Strix: Competition-winning synthesis tool
- Reachability tools: Recent advances make high-dimensional systems tractable
- Risk mitigation:
- Start with simpler mode sequences, add complexity incrementally
- Extensive simulation before hardware-in-the-loop
- Fallback: Manual continuous controller design if synthesis proves intractable
- Precedent: HARDENS achieved similar scope in 9 months
**Key Message:** Ambitious but achievable with existing resources and tools
---
## 17. Conclusion: The Path Forward
**Assertion:** Formally verified autonomous hybrid control is essential for next-generation nuclear power and provides a template for broader safety-critical autonomy
**Evidence:**
- Three converging imperatives:
1. **Economic:** SMRs need autonomy to be viable ($21-28B annual O&M for datacenter demand)
2. **Safety:** Human error causes 70-80% of incidents; training can't fix cognitive limits
3. **Technical:** Tools now exist to verify hybrid systems; HARDENS proved discrete is feasible
- This research closes the gap:
- HARDENS + Continuous Verification = Complete Hybrid System
- Theory + Hardware-in-the-Loop = TRL 5
- Nuclear Demonstration = Pathway for broader adoption
- Vision: Control engineers generate high-assurance autonomous controllers from procedures
- No formal methods PhD required
- Mathematical proof of correctness included
- Deployable on existing industrial hardware
**Key Message:** The pieces exist; we're putting them together at the right time for the right application
---
## 18. Questions
**Assertion:** (Keep a few backup slides here for common questions)
Potential backup slides:
- Detailed FRET example
- Reactive synthesis algorithm overview
- Reachability analysis visualization
- Comparison with other autonomy approaches (ML, MPC, etc.)
- Regulatory acceptance pathway
- Scalability to larger systems
Reference in New Issue View Git Blame Copy Permalink