History

Dane Sabo c5133401e0 Session work scratch: scram X_exit refactor, hot-standby SOS, fat scram tubes, model cheatsheet, journal entry

Multi-session work bundle on a draft branch.  Splits into a clean
sequence of commits later; pushed here so it isn't lost on a reboot.

Reach work
- code/scripts/reach/reach_scram_pj.jl: shutdown_margin halfspace
  X_exit (replaces "n <= 1e-4 AND T_f bound" framing); per-step
  envelope extraction added.
- code/scripts/reach/reach_scram_pj_fat.jl: per-step envelope
  extraction added; shutdown_margin discharge logic mirrored from the
  tight scram script.  3 probes (10/30/60s) all discharge from the
  fat union polytope.
- code/scripts/reach/reach_scram_full_fat.jl (NEW): full nonlinear
  PKE scram reach with fat entry.  Hits the stiffness wall at
  ~1.5 s plant time as expected; saves NaN-tolerant per-step
  envelopes.  Demonstrates concretely why PJ is the right tool for
  the longer-horizon proof.
- code/scripts/reach/reach_heatup_pj.jl: T_REF_START_C constant
  (entry-conditioned ramp) replaces T_STANDBY-init that was making
  the FL controller command cooling at t=0.  Per-step extraction
  already in place.
- code/configs/heatup/tight.toml: bumped maxsteps; probe horizon
  parameterized.

Hot-standby SOS barrier
- code/scripts/barrier/barrier_sos_2d_shutdown.jl (NEW): mirrors the
  operation SOS machinery on the hot-standby thermal projection.
  Includes the eps-slack pattern (so feasibility doesn't silently
  collapse to B == 0).
- code/scripts/barrier/barrier_sos_2d.jl: refactored to use the same
  helper.
- code/src/sos_barrier.jl (NEW): solve_sos_barrier_2d helper module
  factoring out the SOS construction; eps-slack with eps_cap=1.0 to
  avoid unbounded primal.

Library
- code/src/pke_states.jl (NEW): single source of truth for canonical
  initial-condition vectors per DRC mode (op, shutdown, heatup) keyed
  off plant + predicates.
- code/scripts/sim/{main_mode_sweep,validate_pj}.jl, code/CLAUDE.md:
  migrated to pke_states.

Predicates + invariants
- reachability/predicates.json: new shutdown_margin predicate (1%
  dk/k tech-spec floor, expressed as alpha_f*T_f + alpha_c*T_c
  halfspace).  Used as scram X_exit.

Plot script
- code/scripts/plot/plot_reach_tubes.jl: plot_tubes_scram_pj() with
  variant=:fat|:tight knob; plot_tubes_scram_full() for full-PKE
  3-panel (T_c, T_f, rho); plot_tubes_heatup_pj() reads results/
  not reachability/.

Journal + memory
- journal/entries/2026-04-27-shutdown-sos-and-scram-X_exit.tex (NEW):
  long-form entry on the SOS hot-standby barrier and the scram X_exit
  refactor.
- journal/journal.tex: input chain updated.
- claude_memory/ — three new session notes:
  * 2026-04-27-scram-X_exit-shutdown-margin.md
  * 2026-04-28-DICE-2026-conference-intel.md (people, sessions,
    strategic notes for the May 12 talk)
  * 2026-04-28-path1-sos-pj-sketch.md (sketch of nonlinear-SOS via
    polynomial multiply-through; saved for an overnight session)

Docs
- docs/model_cheatsheet.md (NEW): one-page reference of state vector,
  dynamics, constants, modes, predicates, sanity numbers — the talk
  prep cheatsheet Dane asked for.
- docs/figures/reach_*_tubes.png: regenerated with the new mat data.
- presentations/prelim-presentation/outline.md: revised arc per the
  April-28 review pass (cuts: Lyapunov-fails standalone slide,
  operation-tube standalone slide, SOS standalone; adds: scopes-of-
  control framing, scram on the headline result slide).
- app/predicate_explorer.jl: minor.

Hacker-Split: end-of-session scratch bundle

2026-05-02 23:02:50 -04:00

.gitignore

reachability: first per-mode reach tube and barrier-cert attempt

2026-04-17 12:52:37 -04:00

predicates.json

Session work scratch: scram X_exit refactor, hot-standby SOS, fat scram tubes, model cheatsheet, journal entry

2026-05-02 23:02:50 -04:00

README.md

julia migration: port MATLAB to Julia, delete MATLAB, rename julia-port -> code

2026-04-20 21:44:59 -04:00

WALKTHROUGH.md

walkthrough: document prompt-jump reach results (30x horizon win)

2026-04-21 14:47:19 -04:00

README.md

Reachability

Continuous-mode verification for the PWR_HYBRID_3 hybrid controller.

Soundness status: APPROXIMATE

The current linear-reach results are not a sound reach tube for the physical plant. They are sound over-approximations of the linearized closed-loop system (A_{\mathrm{cl}} = A - BK around x_{\mathrm{op}}) under bounded disturbance. The linear model is itself an approximation of the nonlinear plant (../code/src/pke_th_rhs.jl), and that approximation error is not currently bounded or inflated into the tube.

Two paths to upgrade to a sound result:

Nonlinear reach directly — TMJets (Taylor-model integration) via ReachabilityAnalysis.jl. Currently limited to ~10-second horizons by prompt-neutron stiffness; needs a reduced-order PKE (prompt-jump approximation) to extend to mode-obligation horizons.
Linear reach + Taylor-remainder inflation — compute an upper bound on ||f_nl(x, u) - (A x + B u)|| over the reach set and inflate the linear tube by that bound. Cheaper, still rigorous.

Both are thesis-blocking for any safety claim. The current 5-orders-of-margin buffer (reach envelope ~0.03 K against a 5 K safety band on T_c) means linearization error would have to be huge to invalidate the conclusion — but that's vibes, not a proof.

Saturation semantics. ctrl_heatup.jl uses clamp(u, u_min, u_max). Saturation is formally a 3-mode piecewise-affine system. For heatup reach this must be handled as (a) hybrid locations, or (b) proven dormant via reach on u_unsat. Not modeled in the current artifacts (operation-mode LQR saturation is dormant in practice but the proof is implicit).
Parametric uncertainty in α_f, α_c. Real plants have α drift with burnup (~20%), boron (α_c ranges 10×), xenon. The feedback-linearization in ctrl_heatup assumes exact α; a robust treatment would make α an interval and propagate parametric reach. Currently idealized.

What's here

Per-mode only. Following the compositionality argument in the thesis: verify each continuous mode separately, let the DRC handle discrete switching.

Files:

predicates.json — single source of truth for predicate concretizations. Three groups:
- operational_deadbands — soft bands used by DRC for mode transitions (t_avg_above_min, t_avg_in_range, p_above_crit).
- safety_limits — hard one-sided halfspaces (fuel centerline, trip setpoints, subcooling, heatup-rate bounds).
- mode_invariants — inv1_holds, inv2_holds as conjunctions of safety limits.
- mode_boundaries — per-mode X_{\mathrm{entry}}, X_{\mathrm{safe}}, X_{\mathrm{exit}}, T_{\min}, T_{\max}.
WALKTHROUGH.md — standalone document explaining the reach-obligation taxonomy, per-mode entry/exit definitions, current results, soundness status. Read this for the full story.

The reach code itself lives in ../code/:

../code/src/reach_linear.jl — hand-rolled box reach propagator.
../code/src/load_predicates.jl — reads predicates.json.
../code/scripts/reach_operation.jl — operation-mode linear reach.
../code/scripts/barrier_lyapunov.jl — Lyapunov barrier attempt.
../code/scripts/barrier_compare_OL_CL.jl — OL vs CL comparison.
../code/scripts/reach_heatup_nonlinear.jl — TMJets nonlinear reach (heatup, saturation-disabled, 10-second horizon cap).

Running

cd code
julia --project=. scripts/reach_operation.jl
julia --project=. scripts/barrier_lyapunov.jl
julia --project=. scripts/barrier_compare_OL_CL.jl
julia --project=. scripts/reach_heatup_nonlinear.jl

Results save here as *.mat (gitignored).

What this does NOT do yet

Any sound reach tube (see top of this file).
Nonlinear reach on horizons > 10 s (needs reduced-order PKE).
Shutdown, scram, initialization reach.
Hybrid-system level verification (mode switching validity).
Parametric robustness to α_f, α_c drift.
Polytopic or SOS barriers — the canonical quadratic Lyapunov barrier fails structurally on this plant (see WALKTHROUGH.md and the OL-vs-CL comparison script).

README.md Unescape Escape

Reachability

Soundness status: APPROXIMATE

Related open issues

What's here

Running

What this does NOT do yet

README.md