Multi-level editorial pass: Gopen + Heilmeier alignment

Pass 1 (Tactical): Sentence-level improvements
- Strengthened issue-point positioning (stress at sentence end)
- Improved topic-stress flow (known→new information)
- Converted passive to active voice where appropriate
- Tightened verb choice and eliminated weak constructions
- Fixed pronoun references and reduced unnecessary nominalizations

Pass 2 (Operational): Paragraph and section flow
- Improved transitions between paragraphs and subsections
- Strengthened section-to-section handoffs
- Enhanced coherence within major sections
- Clarified the discrete-continuous interface explanation
- Better signposting for the three controller types

Pass 3 (Strategic): Heilmeier catechism alignment
- Made 'What is new' and 'Why will it succeed' explicit
- Strengthened 'Who cares' and 'What difference' in Broader Impacts
- Clarified 'The exams' in Metrics section
- Added 'How long' statement to Schedule
- Improved overall narrative flow from problem→gap→solution→impact

All changes preserve technical accuracy while improving clarity and impact.

1-goals-and-outcomes/research_statement_v1.tex

@@ -1,41 +1,41 @@
 % GOAL PARAGRAPH
 This research develops a methodology for creating autonomous control systems
-with event-driven control laws that guarantee safe and correct behavior.
+that guarantee safe and correct behavior through event-driven control laws.
 
 % INTRODUCTORY PARAGRAPH Hook
-Nuclear power relies on extensively trained operators who follow detailed
+Nuclear power plants rely on extensively trained operators who follow detailed
-written procedures to manage reactor control. Operators interpret plant
+written procedures to manage reactor control. These operators interpret plant
 conditions and make critical decisions about when to switch between control
 objectives. 
 % Gap
-This reliance on human operators creates an economic challenge for
+Next-generation nuclear power plants face an economic challenge from this
-next-generation nuclear power plants. Small modular reactors face per-megawatt
+reliance on human operators. Small modular reactors face per-megawatt
-staffing costs that significantly exceed those of conventional plants. These
+staffing costs significantly exceeding those of conventional plants. These
-economic constraints demand autonomous control systems that safely manage
+economic constraints demand autonomous control systems that can safely manage
-complex operational sequences with the same assurance as human-operated systems,
+complex operational sequences without constant supervision while maintaining the
-but without constant supervision.
+same assurance as human-operated systems.
 
 % APPROACH PARAGRAPH Solution
-We will combine formal methods from computer science with control theory to
+We combine formal methods from computer science with control theory to
 build hybrid control systems that are correct by construction. 
 % Rationale
-Hybrid systems use discrete logic to switch between continuous control modes,
+Hybrid systems mirror how operators change control strategies: they use discrete
-mirroring how operators change control strategies. Existing formal methods
+logic to switch between continuous control modes. Existing formal methods
 generate provably correct switching logic but cannot handle continuous dynamics
 during transitions. Traditional control theory verifies continuous behavior but
 lacks tools for proving discrete switching correctness. 
 % Hypothesis and Technical Approach
-A three-stage methodology will bridge this gap. First, we translate written
+A three-stage methodology bridges this gap. First, we translate written
 operating procedures into temporal logic specifications using NASA's Formal
 Requirements Elicitation Tool (FRET). FRET structures requirements into scope,
 condition, component, timing, and response elements, enabling realizability
 checking that identifies conflicts and ambiguities before implementation.
-Second, we synthesize discrete mode switching logic using reactive synthesis to
+Second, reactive synthesis generates deterministic automata that are provably
-generate deterministic automata that are provably correct by construction.
+correct by construction for discrete mode switching logic.
 Third, we develop continuous controllers for each discrete mode using standard
 control theory and reachability analysis. We classify continuous modes based on
 their transition objectives, then employ assume-guarantee contracts and barrier
-certificates to prove that mode transitions occur safely and as the
+certificates to prove that mode transitions occur safely as the
 deterministic automata specify. Local verification of continuous modes becomes
 possible without global trajectory analysis across the entire hybrid system. An
 Emerson Ovation control system will demonstrate this methodology. 

1-goals-and-outcomes/v1.tex

@@ -2,11 +2,11 @@
 
 % GOAL PARAGRAPH
 This research develops a methodology for creating autonomous hybrid control
-systems with mathematical guarantees of safe and correct behavior.
+systems that provide mathematical guarantees of safe and correct behavior.
 
 % INTRODUCTORY PARAGRAPH Hook
-Nuclear power plants require the highest levels of control system reliability,
+Nuclear power plants require the highest levels of control system reliability.
-where failures can result in significant economic losses, service interruptions,
+Failures can result in significant economic losses, service interruptions,
 or radiological release.
 % Known information
 Currently, nuclear plant operations rely on extensively trained human operators
@@ -17,34 +17,34 @@ conditions and procedural guidance.
 % Gap
 This reliance on human operators prevents autonomous control capabilities and
 creates a fundamental economic challenge for next-generation reactor designs.
-Small modular reactors, in particular, face per-megawatt staffing costs far
+Small modular reactors face per-megawatt staffing costs far
-exceeding those of conventional plants and threaten their economic viability.
+exceeding those of conventional plants, threatening their economic viability.
 
 % Critical Need
 The nuclear industry needs autonomous control systems that safely manage complex
-operational sequences with the same assurance as human-operated systems, but
+operational sequences without constant human supervision while maintaining the
-without constant human supervision.
+same assurance as human-operated systems.
 % APPROACH PARAGRAPH Solution
-We will combine formal methods with control theory to build hybrid control
+We combine formal methods with control theory to build hybrid control
 systems that are correct by construction.
 % Rationale
-Hybrid systems use discrete logic to switch between continuous control modes,
+Hybrid systems mirror how operators change control strategies: they use discrete
-mirroring how operators change control strategies. Existing formal methods
+logic to switch between continuous control modes. Existing formal methods
 generate provably correct switching logic from written requirements but cannot
-handle the continuous dynamics that occur during transitions between modes.
+handle the continuous dynamics occurring during transitions between modes.
 Traditional control theory verifies continuous behavior but lacks tools for
 proving correctness of discrete switching decisions. This gap between discrete
 and continuous verification prevents end-to-end correctness guarantees.
 % Hypothesis
 Our approach closes this gap by synthesizing discrete mode transitions directly
 from written operating procedures and verifying continuous behavior between
-transitions. If existing procedures can be formalized into logical
+transitions. If we can formalize existing procedures into logical
-specifications and continuous dynamics verified against transition requirements,
+specifications and verify continuous dynamics against transition requirements,
-then autonomous controllers can be built that are provably free from design
+we can build autonomous controllers provably free from design
 defects.
 % Pay-off
-This approach will enable autonomous control in nuclear power plants while
+This approach enables autonomous control in nuclear power plants while
-maintaining the high safety standards required by the industry.
+maintaining the high safety standards the industry requires.
 
 % Qualifications
 This work is conducted within the University of Pittsburgh Cyber Energy Center,
@@ -107,9 +107,9 @@ documents to deployed systems.
 verification to enable end-to-end correctness guarantees for hybrid systems.
 While formal methods can verify discrete logic and control theory can verify
 continuous dynamics, no existing methodology bridges both with compositional
-guarantees. This work establishes that bridge by treating discrete specifications
+guarantees. This work establishes that bridge. It treats discrete specifications
-as contracts that continuous controllers must satisfy, enabling verification of
+as contracts that continuous controllers must satisfy, enabling independent
-each layer independently while guaranteeing correct composition.
+verification of each layer while guaranteeing correct composition.
 
 % Outcome Impact
 If successful, control engineers will create autonomous controllers from

2-state-of-the-art/v2.tex

@@ -1,10 +1,10 @@
 \section{State of the Art and Limits of Current Practice}
 
 This research aims to create autonomous reactor control systems that are
-tractably safe. Understanding what we automate requires first understanding how
+tractably safe. Understanding what we automate requires understanding how
 nuclear reactors operate today. This section examines reactor operators and the
-operating procedures we leverage, investigates limitations of human-based
+operating procedures we will leverage, investigates limitations of human-based
-operation, and concludes with current formal methods approaches to reactor
+operation, and reviews current formal methods approaches to reactor
 control systems.
 
 \subsection{Current Reactor Procedures and Operation}
@@ -15,7 +15,7 @@ Emergency Operating Procedures (EOPs) for design-basis accidents, Severe
 Accident Management Guidelines (SAMGs) for beyond-design-basis events, and
 Extensive Damage Mitigation Guidelines (EDMGs) for catastrophic damage
 scenarios. These procedures must comply with 10 CFR 50.34(b)(6)(ii). NUREG-0899
-provides guidance for their development~\cite{NUREG-0899, 10CFR50.34}, but this
+provides guidance for their development~\cite{NUREG-0899, 10CFR50.34}, but their
 development relies fundamentally on expert judgment and simulator validation
 rather than formal verification. Procedures undergo technical evaluation,
 simulator validation testing, and biennial review as part of operator
@@ -55,19 +55,20 @@ startup/shutdown sequences, mode transitions, and procedure implementation.
 
 \subsection{Human Factors in Nuclear Accidents}
 
-Having established how nuclear plants currently operate through written
+The preceding subsection established how nuclear plants currently operate:
-procedures and human operators, we now examine why this human-centered approach
+through written procedures executed by human operators. This subsection examines
-poses fundamental limitations. Current-generation nuclear power plants employ
+why this human-centered approach poses fundamental limitations.
-over 3,600 active NRC-licensed reactor operators in the United
+
-States~\cite{operator_statistics}. These
+Current-generation nuclear power plants employ over 3,600 active NRC-licensed
+reactor operators in the United States~\cite{operator_statistics}. These
 operators divide into Reactor Operators (ROs), who manipulate reactor controls,
 and Senior Reactor Operators (SROs), who direct plant operations and serve as
 shift supervisors~\cite{10CFR55}. Staffing typically requires at least two ROs
 and one SRO for current-generation units~\cite{10CFR50.54}. Becoming a reactor
 operator requires several years of training.
 
-The persistent role of human error in nuclear safety incidents---despite decades
+Human error persistently plays a role in nuclear safety incidents despite decades
-of improvements in training and procedures---provides the most compelling
+of improvements in training and procedures. This provides the most compelling
 motivation for formal automated control with mathematical safety guarantees.
 Operators hold legal authority under 10 CFR Part 55 to make critical decisions,
 including departing from normal regulations during emergencies. The Three Mile
@@ -100,10 +101,10 @@ limitations are fundamental rather than a remediable part of human-driven contro
 
 \subsection{Formal Methods}
 
-The persistent human error problem motivates exploration of formal methods to
+The persistent human error problem motivates exploring formal methods to
 provide mathematical guarantees of correctness that human-centered approaches
 cannot achieve. This subsection examines recent formal methods work in nuclear
-control and identifies their limitations for autonomous hybrid systems.
+control and identifies limitations for autonomous hybrid systems.
 
 \subsubsection{HARDENS}
 
@@ -211,13 +212,16 @@ design loop for complex systems like nuclear reactor startup procedures.
 
 \subsection{Summary: The Verification Gap}
 
-Current practice reveals a fundamental gap: human operators provide operational
+Current practice reveals a fundamental gap. Human operators provide operational
-flexibility but introduce persistent reliability limitations, while formal
+flexibility but introduce persistent reliability limitations. Formal
 methods provide correctness guarantees but have not scaled to complete hybrid
-control design. HARDENS verified discrete logic without continuous dynamics.
+control design.
+
+HARDENS verified discrete logic without continuous dynamics.
 Differential dynamic logic can express hybrid properties but requires
 post-design expert analysis. No existing methodology synthesizes provably
 correct hybrid controllers from operational procedures with verification
-integrated into the design process. This gap—between discrete-only formal
+integrated into the design process.
-methods and post-hoc hybrid verification—defines the challenge this research
+
-addresses.
+This gap—between discrete-only formal methods and post-hoc hybrid
+verification—defines the challenge this research addresses.

3-research-approach/v3.tex

@@ -20,17 +20,17 @@ continuous control behavior, but not both simultaneously. Today's continuous
 controller validation consists of extensive simulation trials. Human operators
 drive discrete switching logic for routine operation; their evaluation includes
 simulated control room testing and human factors research. Neither method
-provides rigorous guarantees of control system behavior, despite being
+provides rigorous guarantees of control system behavior despite being
 extremely resource intensive. HAHACS bridges this gap by composing formal
-methods from computer science with control-theoretic verification, formalizing
+methods from computer science with control-theoretic verification and
-reactor operations using the framework of hybrid automata.
+formalizing reactor operations using the framework of hybrid automata.
 
 The challenge of hybrid system verification lies in the interaction between
 discrete and continuous dynamics. Discrete transitions change the governing
 vector field, creating discontinuities in the system's behavior. Traditional
 verification techniques designed for purely discrete or purely continuous
 systems cannot handle this interaction directly. Our methodology addresses this
-challenge through decomposition. We verify discrete switching logic and
+challenge through decomposition: we verify discrete switching logic and
 continuous mode behavior separately, then compose these guarantees to reason
 about the complete hybrid system. This two-layer approach mirrors the structure
 of reactor operations themselves: discrete supervisory logic determines which
@@ -76,14 +76,18 @@ system is satisfied by its actual implementation.
 
 \textbf{What is new:} This approach is tractable now because the infrastructure
 for each component has matured, but no existing work composes them for
-end-to-end hybrid system verification. The novelty lies in the architecture that
+end-to-end hybrid system verification. The novelty lies in the architecture
-connects discrete synthesis with continuous verification through well-defined
+connecting discrete synthesis with continuous verification through well-defined
-interfaces. By defining
+interfaces.
+
+\textbf{Why it will succeed:} By defining
 entry, exit, and safety conditions at the discrete level first, we transform the
 intractable problem of global hybrid verification into a collection of local
-verification problems with clear interfaces. Verification is performed per mode
+verification problems with clear interfaces. Verification operates per mode
-rather than on the full hybrid system, keeping the analysis tractable even for
+rather than on the full hybrid system, keeping analysis tractable even for
-complex reactor operations.
+complex reactor operations. Nuclear procedures already define discrete boundaries
+between operating regimes, providing the natural decomposition this methodology
+requires.
 
 \begin{figure} 
   \centering
@@ -149,10 +153,10 @@ complex reactor operations.
 
 \subsection{System Requirements, Specifications, and Discrete Controllers}
 
-Having defined the hybrid system mathematical framework, we now establish how to
+The hybrid system mathematical framework defined above provides the foundation.
-construct such systems from existing operational knowledge. The key insight is
+Now we establish how to construct such systems from existing operational knowledge.
-that nuclear operations already have a natural hybrid structure that maps
+The key insight: nuclear operations already possess a natural hybrid structure
-directly to the automaton formalism.
+that maps directly to the automaton formalism.
 
 Human control of nuclear power divides into three scopes: strategic,
 operational, and tactical. Strategic control is high-level and
@@ -364,9 +368,11 @@ according to operating procedures.
 
 \subsection{Continuous Control Modes}
 
-With the discrete controller synthesized and provably correct, we turn to the
+The discrete controller synthesized above is provably correct. Now we turn to the
-continuous dynamics that execute within each discrete mode. The synthesis of the
+continuous dynamics executing within each discrete mode.
-discrete operational controller is only half of an autonomous controller. These control systems are hybrid, with both discrete and
+
+Synthesizing the discrete operational controller completes only half of an
+autonomous controller. These control systems are hybrid: they have both discrete and
 continuous components. This section describes the continuous control modes that
 execute within each discrete state, and how we verify that they satisfy the
 requirements imposed by the discrete layer. It is important to clarify the scope
@@ -393,11 +399,11 @@ computationally expensive, and analytic solutions often become intractable
 \cite{MANYUS THESIS}.
 
 We circumvent these issues by designing our hybrid system from the bottom up
-with verification in mind. Each continuous control mode has an input set and
+with verification in mind. The discrete transitions define each continuous
-output set clearly defined by our discrete transitions \textit{a priori}.
+control mode's input set and output set clearly \textit{a priori}.
-Consider that we define the continuous state space as $\mathcal{X}$.  Each
+
-discrete mode $q_i$ then provides three key pieces of information for continuous
+The continuous state space is $\mathcal{X}$. Each discrete mode $q_i$ provides
-controller design:
+three key pieces of information for continuous controller design:
 \begin{enumerate}
   \item \textbf{Entry conditions:} $\mathcal{X}_{entry,i} \subseteq \mathcal{X}$,
     the set of possible initial states when entering this mode
@@ -488,9 +494,10 @@ appropriate to the fidelity of the reactor models available.
 
 \subsubsection{Stabilizing Modes}
 
-While transitory modes drive the system toward exit conditions, stabilizing
+Transitory modes drive the system toward exit conditions. Stabilizing modes, in
-modes maintain the system within a desired operating region. Stabilizing modes
+contrast, maintain the system within a desired operating region.
-are continuous controllers with an objective of maintaining a particular
+
+Stabilizing modes are continuous controllers designed to maintain a particular
 discrete state indefinitely. Rather than driving the system toward an
 exit condition, they keep the system within a safe operating region. Examples
 include steady-state power operation, hot standby, and load-following at
@@ -547,9 +554,11 @@ controller.
 
 \subsubsection{Expulsory Modes}
 
-Transitory and stabilizing modes handle nominal operations. When the plant
+Transitory and stabilizing modes handle nominal operations. Expulsory modes
-deviates from expected behavior, expulsory modes take over. Expulsory modes are
+handle off-nominal conditions.
-continuous controllers responsible for ensuring safety when failures occur. They are designed for robustness rather
+
+When the plant deviates from expected behavior, expulsory modes take over. These
+continuous controllers ensure safety when failures occur. They are designed for robustness rather
 than optimality. The control objective is to drive the plant to a safe shutdown
 state from potentially anywhere in the state space, under degraded or uncertain
 dynamics. Examples include emergency core cooling, reactor SCRAM sequences, and

4-metrics-of-success/v1.tex

@@ -1,8 +1,10 @@
 \section{Metrics for Success}
 
-This research will be measured by advancement through Technology Readiness
+\textbf{The exams:} This research will be measured by advancement through
-Levels, progressing from fundamental concepts to validated prototype
+Technology Readiness Levels, progressing from fundamental concepts to validated
-demonstration. This work begins at TRL 2--3 and aims to reach TRL 5, where
+prototype demonstration.
+
+This work begins at TRL 2--3 and aims to reach TRL 5, where
 system components operate successfully in a relevant laboratory environment.
 This section explains why TRL advancement provides the most appropriate success
 metric and defines the specific criteria required to achieve TRL 5.

6-broader-impacts/v1.tex

@@ -1,5 +1,9 @@
 \section{Broader Impacts}
 
+\textbf{Who cares:} The nuclear industry, datacenter operators, and clean energy
+advocates all face the same economic constraint: high operating costs driven by
+staffing requirements.
+
 Nuclear power presents both a compelling application domain and an urgent
 economic challenge. Recent interest in powering artificial intelligence
 infrastructure has renewed focus on small modular reactors (SMRs), particularly
@@ -21,14 +25,16 @@ expenses~\cite{eia_lcoe_2022}. Combined, O\&M-related costs represent
 approximately 23--30\% of the total levelized cost of electricity, translating
 to \$21--28 billion annually for projected datacenter demand.
 
-This research directly addresses the multi-billion-dollar O\&M cost challenge
+\textbf{What difference it makes:} This research directly addresses the
-through the high-assurance autonomous control methodology developed in this
+multi-billion-dollar O\&M cost challenge through high-assurance autonomous
-work. Current nuclear operations require full control room staffing for each
+control.
+
+Current nuclear operations require full control room staffing for each
 reactor, whether large conventional units or small modular designs. These staffing requirements drive the high O\&M costs
 that make nuclear power economically challenging, particularly for smaller
 reactor designs where the same staffing overhead must be spread across lower
 power output. Synthesizing provably correct hybrid controllers from formal
-specifications can automate routine operational sequences that currently require
+specifications automates routine operational sequences that currently require
 constant human oversight. This enables a fundamental shift from direct operator
 control to supervisory monitoring, where operators oversee multiple autonomous
 reactors rather than manually controlling individual units.

8-schedule/v1.tex

@@ -1,7 +1,10 @@
 \section{Schedule, Milestones, and Deliverables}
 
-This research will be conducted over six trimesters (24 months) of full-time
+\textbf{How long it will take:} This research will be conducted over six
-effort following the proposal defense in Spring 2026. The work progresses
+trimesters (24 months) of full-time effort following the proposal defense in
+Spring 2026. All work uses existing computational and experimental resources
+available through the University of Pittsburgh Cyber Energy Center and NRC
+Fellowship funding. The work progresses
 sequentially through three main research thrusts before culminating in
 integrated demonstration and validation.