danesabo/Thesis
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Copy-edit thesis proposal: tactical, operational, strategic passes

Browse Source 
Tactical (sentence-level):
- Improved issue-point structure (old info → new info)
- Strengthened verb choice (active voice where appropriate)
- Enhanced topic strings across consecutive sentences
- Reduced subject-verb separation
- Better stress positioning at sentence ends

Operational (paragraph/section):
- Improved transitions between subsections
- Added rhetorical questions to bridge paragraphs
- Enhanced coherence within sections
- Clarified logical flow

Strategic (document-level):
- Reinforced Heilmeier catechism structure
- Made question-answer pairs more explicit
- Improved section-ending summaries
- Strengthened forward links between sections
- Enhanced parallel structure in enumerated lists
This commit is contained in:
Split 2026-03-09 15:18:56 -04:00
parent 0957023478
commit 914f821b5c
7 changed files with 41 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
1-goals-and-outcomes/research_statement_v1.tex
View File

@ -2,18 +2,18 @@
This research develops autonomous control systems with mathematical guarantees of safe and correct behavior.
% INTRODUCTORY PARAGRAPH Hook
Extensively trained human operators control today's nuclear reactors, following detailed written procedures and switching between control objectives based on plant conditions.
Human operators control today's nuclear reactors through extensive training, following detailed written procedures and switching between control objectives based on plant conditions.
% Gap
Small modular reactors face a fundamental economic challenge: their per-megawatt staffing costs significantly exceed those of conventional plants, threatening economic viability. Autonomous control systems could manage complex operational sequences without constant supervision—but only if they provide assurance equal to or exceeding human-operated systems.
Small modular reactors face a fundamental economic challenge: per-megawatt staffing costs significantly exceed those of conventional plants, threatening economic viability. Autonomous control systems could manage complex operational sequences without constant supervision—but only if they provide assurance equal to or exceeding that of human-operated systems.
% APPROACH PARAGRAPH Solution
This research combines formal methods from computer science with control theory to produce hybrid control systems correct by construction.
This research combines formal methods from computer science with control theory to produce hybrid control systems that are correct by construction.
% Rationale
Human operators already work this way: discrete logic switches between continuous control modes. Formal methods generate provably correct switching logic but fail when continuous dynamics govern transitions. Control theory verifies continuous behavior but cannot prove discrete switching correctness. Achieving end-to-end correctness requires both approaches working together.
Human operators already work this way: discrete logic switches between continuous control modes. Formal methods can generate provably correct switching logic but fail when continuous dynamics govern transitions. Control theory can verify continuous behavior but cannot prove discrete switching correctness. Both approaches must work together to achieve end-to-end correctness.
% Hypothesis and Technical Approach
Three stages bridge this gap. First, NASA's Formal Requirements Elicitation Tool (FRET) translates written operating procedures into temporal logic specifications, structuring requirements by scope, condition, component, timing, and response. Realizability checking exposes conflicts and ambiguities before implementation begins. Second, reactive synthesis generates deterministic automata provably correct by construction. Third, reachability analysis verifies that continuous controllers—designed using standard control theory—satisfy the requirements imposed by each discrete mode.
Three stages bridge this gap. First, NASA's Formal Requirements Elicitation Tool (FRET) translates written operating procedures into temporal logic specifications, structuring requirements by scope, condition, component, timing, and response. Realizability checking then exposes conflicts and ambiguities before implementation begins. Second, reactive synthesis generates deterministic automata that are provably correct by construction. Third, reachability analysis verifies that continuous controllers—designed using standard control theory—satisfy the requirements that each discrete mode imposes.
Continuous modes classify by control objective: transitory modes drive the plant between conditions, stabilizing modes maintain operation within regions, and expulsory modes ensure safety under failures. Barrier certificates and assume-guarantee contracts prove safe mode transitions, enabling local verification without global trajectory analysis. The methodology demonstrates on an Emerson Ovation control system.
Continuous modes classify by control objective. Transitory modes drive the plant between conditions. Stabilizing modes maintain operation within regions. Expulsory modes ensure safety under failures. Barrier certificates and assume-guarantee contracts prove safe mode transitions, enabling local verification without global trajectory analysis. The methodology demonstrates on an Emerson Ovation control system.
% Pay-off
This approach manages complex nuclear power operations autonomously while maintaining safety guarantees, directly addressing the economic constraints that threaten small modular reactor viability.

8
1-goals-and-outcomes/v1.tex
View File

@ -6,14 +6,14 @@ This research develops autonomous hybrid control systems with mathematical guara
% INTRODUCTORY PARAGRAPH Hook
Nuclear power plants require the highest levels of control system reliability. Control system failures risk economic losses, service interruptions, or radiological release.
% Known information
Extensively trained human operators control today's nuclear plants, following detailed written procedures and strict regulatory requirements while switching between control modes based on plant conditions and procedural guidance.
Human operators control today's nuclear plants through extensive training, following detailed written procedures and strict regulatory requirements while switching between control modes based on plant conditions and procedural guidance.
% Gap
This reliance on human operators prevents autonomous control and creates a fundamental economic challenge for next-generation reactor designs: per-megawatt staffing costs for small modular reactors far exceed those of conventional plants, threatening their economic viability. Autonomous control systems could manage complex operational sequences without constant human supervision—but only if they provide assurance equal to or exceeding that of human operators.
% APPROACH PARAGRAPH Solution
This research combines formal methods with control theory to produce hybrid control systems correct by construction.
This research combines formal methods with control theory to produce hybrid control systems that are correct by construction.
% Rationale
Human operators already work this way: discrete logic switches between continuous control modes. Formal methods can generate provably correct switching logic from written requirements, but they fail when continuous dynamics govern transitions. Control theory verifies continuous behavior but cannot prove discrete switching correctness. Achieving end-to-end correctness requires both approaches working together.
Human operators already work this way: discrete logic switches between continuous control modes. Formal methods can generate provably correct switching logic from written requirements, but they fail when continuous dynamics govern transitions. Control theory can verify continuous behavior but cannot prove discrete switching correctness. Both approaches must work together to achieve end-to-end correctness.
% Hypothesis
This approach closes the gap through two steps. First, it synthesizes discrete mode transitions directly from written operating procedures. Second, it verifies continuous behavior between transitions. Operating procedures formalize into logical specifications that constrain continuous dynamics. The result: autonomous controllers provably free from design defects.
@ -65,7 +65,7 @@ This approach produces three concrete outcomes:
% IMPACT PARAGRAPH Innovation
These three outcomes—procedure translation, continuous verification, and hardware demonstration—establish a complete methodology from regulatory documents to deployed systems.
\textbf{What makes this research new?} This work unifies discrete synthesis with continuous verification to enable end-to-end correctness guarantees for hybrid systems. The key innovation: treating discrete specifications as contracts that continuous controllers must satisfy. This allows each layer to verify independently while guaranteeing correct composition. Formal methods verify discrete logic. Control theory verifies continuous dynamics. No existing methodology bridges both with compositional guarantees. Section 2 (State of the Art) examines why prior work has not achieved this integration. Section 3 (Research Approach) details how this integration will be accomplished.
\textbf{What makes this research new?} This work unifies discrete synthesis with continuous verification to enable end-to-end correctness guarantees for hybrid systems—no existing methodology achieves this. The key innovation: treating discrete specifications as contracts that continuous controllers must satisfy. This allows each layer to verify independently while guaranteeing correct composition. Formal methods verify discrete logic. Control theory verifies continuous dynamics. No existing methodology bridges both with compositional guarantees. Section 2 (State of the Art) examines why prior work has not achieved this integration. Section 3 (Research Approach) details how this integration will be accomplished.
% Outcome Impact
If successful, control engineers create autonomous controllers from

14
2-state-of-the-art/v2.tex
View File

@ -8,7 +8,7 @@ Understanding the limits of current practice requires first examining how nuclea
Nuclear plant procedures form a strict hierarchy: Normal operating procedures govern routine operations, abnormal operating procedures handle off-normal conditions, Emergency Operating Procedures (EOPs) manage design-basis accidents, Severe Accident Management Guidelines (SAMGs) address beyond-design-basis events, and Extensive Damage Mitigation Guidelines (EDMGs) cover catastrophic damage. These procedures must comply with 10 CFR 50.34(b)(6)(ii); NUREG-0899 provides development guidance~\cite{NUREG-0899, 10CFR50.34}.
Procedure development relies on expert judgment and simulator validation—not formal verification. 10 CFR 55.59~\cite{10CFR55.59} requires rigorous assessment through technical evaluation, simulator validation testing, and biennial review. Yet key safety properties escape formal verification: mathematical proofs confirming that procedures cover all possible plant states, that required actions complete within available timeframes, or that safety invariants hold across procedure-set transitions do not exist.
Procedure development relies on expert judgment and simulator validation—not formal verification. 10 CFR 55.59~\cite{10CFR55.59} requires rigorous assessment through technical evaluation, simulator validation testing, and biennial review. Yet key safety properties escape formal verification: no mathematical proofs confirm that procedures cover all possible plant states, that required actions complete within available timeframes, or that safety invariants hold across procedure-set transitions.
\textbf{LIMITATION:} \textit{Procedures lack formal verification of correctness
and completeness.} Current procedure development relies on expert judgment and
@ -25,7 +25,7 @@ This division between automated and human-controlled functions reveals the funda
\subsection{Human Factors in Nuclear Accidents}
The previous subsection established that procedures lack formal verification despite rigorous development. This represents only half the reliability challenge. Even perfect procedures cannot guarantee safe operation when humans execute them imperfectly. Human operators—the second pillar of current practice—introduce reliability limitations independent of procedure quality. Procedures define what to do; human operators determine when and how—introducing persistent failure modes that training alone cannot eliminate.
The previous subsection established that procedures lack formal verification despite rigorous development. This represents only half the reliability challenge. Even perfect procedures cannot guarantee safe operation when humans execute them imperfectly. Human operators—the second pillar of current practice—introduce reliability limitations independent of procedure quality. Procedures define what to do; human operators determine when and how. This human determination introduces persistent failure modes that training alone cannot eliminate.
Current-generation nuclear power plants employ over 3,600 active NRC-licensed
reactor operators in the United States~\cite{operator_statistics}. These
@ -44,9 +44,9 @@ reactor safety often becomes the root cause of failure.
Multiple independent analyses converge on a striking statistic: human error accounts for 70--80\% of nuclear power plant events, compared to approximately 20\% for equipment failures~\cite{WNA2020}. More significantly, human factors—poor safety management and safety culture—caused all severe accidents at nuclear power plants: Three Mile Island, Chernobyl, and Fukushima Daiichi~\cite{hogberg_root_2013}. A detailed analysis
of 190 events at Chinese nuclear power plants from
2007--2020~\cite{zhang_analysis_2025} found that 53\% of events involved active
errors, while 92\% were associated with latent errors—organizational and
systemic weaknesses that create conditions for failure.
2007--2020~\cite{zhang_analysis_2025} found that active
errors appeared in 53\% of events, while latent errors—organizational and
systemic weaknesses that create conditions for failure—appeared in 92\%.
\textbf{LIMITATION:} \textit{Human factors impose fundamental reliability limits
@ -56,7 +56,7 @@ limitations are fundamental to human-driven control, not remediable defects.
\subsection{Formal Methods}
The previous two subsections revealed two critical limitations of current practice: procedures lack formal verification, and human operators introduce persistent reliability issues that four decades of training improvements have failed to eliminate. Training and procedural improvements cannot solve these problems. Formal methods might offer mathematical guarantees of correctness that eliminate both human error and procedural ambiguity.
The previous two subsections revealed two critical limitations of current practice: procedures lack formal verification, and human operators introduce persistent reliability issues that four decades of training improvements have failed to eliminate. Training and procedural improvements cannot solve these problems. Formal methods might offer mathematical guarantees of correctness that eliminate both human error and procedural ambiguity—but can they?
Even the most advanced formal methods applications in nuclear control leave a critical verification gap for autonomous hybrid systems. This subsection examines two approaches illustrating this gap. HARDENS verified discrete logic without continuous dynamics. Differential dynamic logic handles hybrid verification only post-hoc. Each demonstrates the current state of formal methods while revealing the verification gap this research addresses.
@ -149,7 +149,7 @@ design loop for complex systems like nuclear reactor startup procedures.
\subsection{Summary: The Verification Gap}
This section answered two Heilmeier questions about current practice:
This section answered two Heilmeier questions about current practice.
\textbf{What has been done?} Human operators provide operational flexibility but introduce persistent reliability limitations that four decades of training improvements have failed to eliminate. Formal methods provide correctness guarantees but have not scaled to complete hybrid control design. HARDENS verified discrete logic without continuous dynamics. Differential dynamic logic expresses hybrid properties but requires post-design expert analysis and fails to scale to system synthesis. No existing approach addresses both discrete and continuous verification compositionally.

34
3-research-approach/v3.tex
View File

@ -21,9 +21,9 @@ This work bridges the gap by composing formal methods from computer science with
Hybrid system verification faces a fundamental challenge: discrete transitions change the governing vector field, creating discontinuities in system behavior through the interaction between discrete and continuous dynamics. Traditional verification techniques fail to handle this interaction directly.
Our methodology decomposes this problem by verifying discrete switching logic and continuous mode behavior separately, then composing them to establish guarantees for the complete hybrid system. This two-layer approach mirrors reactor operations: discrete supervisory logic determines which control mode is active, while continuous controllers govern plant behavior within each mode.
Our methodology decomposes this problem by verifying discrete switching logic and continuous mode behavior separately, then composing them to establish guarantees for the complete hybrid system. This two-layer approach mirrors reactor operations: discrete supervisory logic determines which control mode is active; continuous controllers govern plant behavior within each mode.
Building a high-assurance hybrid autonomous control system requires a mathematical description of the system. This work draws on automata theory, temporal logic, and control theory to provide that description. A hybrid system is a dynamical system with both continuous and discrete states. This proposal addresses continuous autonomous hybrid systems specifically—systems with no external input where continuous states remain continuous when discrete states change. These continuous states represent physical quantities that remain Lipschitz continuous. This work follows the nomenclature from the Handbook on Hybrid Systems Control~\cite{HANDBOOK ON HYBRID SYSTEMS}, redefined here for convenience:
A high-assurance hybrid autonomous control system requires a mathematical description. This work draws on automata theory, temporal logic, and control theory to provide that description. A hybrid system is a dynamical system with both continuous and discrete states. This proposal addresses continuous autonomous hybrid systems specifically—systems with no external input where continuous states remain continuous when discrete states change. These continuous states represent physical quantities that remain Lipschitz continuous. This work follows the nomenclature from the Handbook on Hybrid Systems Control~\cite{HANDBOOK ON HYBRID SYSTEMS}, redefined here for convenience:
\begin{equation}
H = (\mathcal{Q}, \mathcal{X}, \mathbf{f}, Init, \mathcal{G}, \delta, \mathcal{R}, Inv)
@ -46,7 +46,7 @@ where:
\item $Inv$: safety invariants on the continuous dynamics
\end{itemize}
Creating a HAHACS requires constructing this tuple together with proof artifacts demonstrating that the control system's actual implementation satisfies its intended behavior.
A HAHACS requires this tuple together with proof artifacts demonstrating that the control system's actual implementation satisfies its intended behavior.
\textbf{What is new in this research?} Section 2 established that existing approaches verify either discrete logic or continuous dynamics—never both compositionally. Reactive synthesis, reachability analysis, and barrier certificates each exist independently. Prior work has not integrated them into a systematic design methodology spanning procedures to verified implementation. Three innovations enable this integration:
@ -56,13 +56,13 @@ Creating a HAHACS requires constructing this tuple together with proof artifacts
\item \textbf{Procedure-driven structure:} Nuclear procedures already decompose operations into discrete phases. Leveraging this existing structure avoids imposing artificial abstractions, making the approach tractable for complex systems like nuclear reactor startup.
\end{enumerate>
\textbf{Why will it succeed?} Three factors ensure practical feasibility where prior work has failed:
\textbf{Why will it succeed?} Three factors ensure practical feasibility where prior work has failed.
\begin{enumerate}
\item \textbf{Leverage existing structure:} Nuclear procedures already decompose operations into discrete phases with explicit transition criteria. This work formalizes existing structure rather than imposing artificial abstractions, making adoption tractable for domain experts without formal methods training.
\item \textbf{Avoid state explosion:} Mode-level verification checks each mode against local contracts rather than attempting global hybrid system analysis. This decomposition bounds computational complexity, transforming an intractable global problem into tractable local verifications.
\item \textbf{Industrial validation:} The Emerson collaboration provides both domain expertise to validate procedure formalization and industrial hardware to demonstrate implementation feasibility, ensuring solutions address real deployment constraints, not just theoretical correctness.
\end{enumerate}
\textbf{First, leverage existing structure:} Nuclear procedures already decompose operations into discrete phases with explicit transition criteria. This work formalizes existing structure rather than imposing artificial abstractions, making adoption tractable for domain experts without formal methods training.
\textbf{Second, avoid state explosion:} Mode-level verification checks each mode against local contracts rather than attempting global hybrid system analysis. This decomposition bounds computational complexity, transforming an intractable global problem into tractable local verifications.
\textbf{Third, industrial validation:} The Emerson collaboration provides both domain expertise to validate procedure formalization and industrial hardware to demonstrate implementation feasibility, ensuring solutions address real deployment constraints, not just theoretical correctness.
These factors combine to demonstrate feasibility on production control systems with realistic reactor models—not merely in principle. Figure~\ref{fig:hybrid_automaton} illustrates the hybrid structure for a simplified reactor startup sequence.
@ -130,7 +130,7 @@ These factors combine to demonstrate feasibility on production control systems w
\subsection{System Requirements, Specifications, and Discrete Controllers}
The previous subsection established the hybrid automaton formalism—a mathematical framework for describing discrete modes, continuous dynamics, guards, and invariants. Where do these formal descriptions originate? This subsection demonstrates that nuclear operations already possess a natural hybrid structure that maps directly to the automaton formalism through three control scopes: strategic, operational, and tactical. Rather than imposing artificial abstractions, this approach constructs formal hybrid systems from existing operational knowledge—leveraging decades of domain expertise encoded in operating procedures.
The previous subsection established the hybrid automaton formalism—a mathematical framework for describing discrete modes, continuous dynamics, guards, and invariants. But where do these formal descriptions originate? This subsection demonstrates that nuclear operations already possess a natural hybrid structure that maps directly to the automaton formalism through three control scopes: strategic, operational, and tactical. Rather than imposing artificial abstractions, this approach constructs formal hybrid systems from existing operational knowledge—leveraging decades of domain expertise encoded in operating procedures.
Human control of nuclear power divides into three scopes: strategic, operational, and tactical. Strategic control represents high-level, long-term decision making spanning months or years. It manages labor needs and supply chains to optimize scheduled maintenance and downtime.
@ -176,9 +176,9 @@ This structure reveals why the operational and tactical levels fundamentally for
\end{figure}
This operational control level is the main reason nuclear control requires human operators: the hybrid nature of this control system makes proving controller performance against strategic requirements difficult, and unified infrastructure for building and verifying hybrid systems does not currently exist. Humans fill this layer because their general intelligence provides a safe way to manage the system's hybrid nature, following prescriptive operating manuals where strict procedures govern what control to implement at any given time. These procedures provide the key to the operational control scope.
This operational control level explains why nuclear control requires human operators: the hybrid nature of this control system makes proving controller performance against strategic requirements difficult, and no unified infrastructure exists for building and verifying hybrid systems. Humans fill this layer because their general intelligence provides a safe way to manage the system's hybrid nature, following prescriptive operating manuals where strict procedures govern what control to implement at any given time. These procedures provide the key to the operational control scope.
Constructing a HAHACS leverages two key observations about current practice. First, operational scope control is effectively discrete control. Second, operating procedures describe implementation rules before construction begins. A HAHACS's intended behavior must be completely described before construction. Requirements define the behavior of any control system: statements about what
A HAHACS construction leverages two key observations about current practice. First, operational scope control is effectively discrete control. Second, operating procedures describe implementation rules before construction begins. A HAHACS's intended behavior must be completely described before construction. Requirements define the behavior of any control system: statements about what
the system must do, must not do, and under what conditions. For nuclear systems,
these requirements derive from multiple sources including regulatory mandates,
design basis analyses, and operating procedures. The challenge is formalizing
@ -199,7 +199,7 @@ Discrete mode transitions include predicates—Boolean functions over the
continuous state space: $p_i: \mathcal{X} \rightarrow \{\text{true},
\text{false}\}$. These predicates formalize conditions like ``coolant
temperature exceeds 315°C'' or ``pressurizer level is between 30\% and 60\%.''
We do not impose this discrete abstraction artificially. Operating
This discrete abstraction is not imposed artificially—operating
procedures for nuclear systems already define go/no-go conditions as discrete
predicates. Design basis safety analysis determined these thresholds; decades of operational experience validated them. Our methodology assumes
this domain knowledge exists and provides a framework to formalize it. The approach proves feasible for nuclear applications because generations
@ -246,7 +246,7 @@ FRET has been successfully applied to spacecraft control systems, autonomous veh
\subsection{Discrete Controller Synthesis}
The previous subsection showed how operating procedures translate into temporal logic specifications using FRET. These specifications define what the system must do. The next question: how do we implement those requirements? Reactive synthesis provides the answer. This technique automatically constructs controllers guaranteed to satisfy temporal logic specifications.
The previous subsection showed how operating procedures translate into temporal logic specifications using FRET. These specifications define what the system must do. But how do we implement those requirements? Reactive synthesis provides the answer—this technique automatically constructs controllers guaranteed to satisfy temporal logic specifications.
Reactive synthesis automates the creation of reactive programs from temporal logic—programs that take input for a given state and produce output. System requirements defined as temporal logic specifications enable reactive synthesis to build the discrete control system. Our systems fit this model: the current discrete state and status of guard conditions form the input; the next discrete state forms the output.
@ -484,7 +484,7 @@ safety margins will matter more than performance during emergency shutdown.
\subsection{Industrial Implementation}
The complete methodology—procedure formalization, discrete synthesis, and continuous verification across three mode types—provides a theoretical framework for hybrid control synthesis. Theory alone, however, does not demonstrate practical feasibility. Validation on realistic systems using industrial-grade hardware is required, advancing from analytical concepts (TRL 2-3) to laboratory demonstration (TRL 5).
The complete methodology—procedure formalization, discrete synthesis, and continuous verification across three mode types—provides a theoretical framework for hybrid control synthesis. But theory alone does not demonstrate practical feasibility. Advancing from analytical concepts (TRL 2-3) to laboratory demonstration (TRL 5) requires validation on realistic systems using industrial-grade hardware.
This research will leverage the University of Pittsburgh Cyber Energy Center's
partnership with Emerson to implement and test the HAHACS methodology on
production control equipment. Emerson's Ovation distributed control system is widely deployed
@ -520,7 +520,9 @@ This section answered two critical Heilmeier questions about the research approa
\textbf{Why will this approach succeed?} Three factors ensure practical feasibility: nuclear procedures already decompose operations into discrete phases with explicit transition criteria (allowing the approach to formalize existing structure rather than impose artificial abstractions), mode-level verification bounds each verification problem locally (avoiding the state explosion that makes global hybrid system analysis intractable), and the Emerson collaboration provides both domain expertise to validate procedure formalization and industrial hardware to demonstrate implementation feasibility—ensuring solutions address real deployment constraints, not just theoretical correctness.
The methodology is now complete: procedure formalization, discrete synthesis, continuous verification across three mode types, and hardware implementation. What remains are operational questions about executing this research plan. Section 4 addresses \textit{How will success be measured?} through Technology Readiness Level advancement. Section 5 addresses \textit{What could prevent success?} through risk analysis and contingency planning. Section 6 addresses \textit{Who cares? Why now? What difference will it make?} through economic and societal impact analysis.
The methodology is now complete: procedure formalization, discrete synthesis, continuous verification across three mode types, and hardware implementation. What remains are operational questions about executing this research plan.
Section 4 addresses \textit{How will success be measured?} through Technology Readiness Level advancement. Section 5 addresses \textit{What could prevent success?} through risk analysis and contingency planning. Section 6 addresses \textit{Who cares? Why now? What difference will it make?} through economic and societal impact analysis.
%%% NOTES (Section 5):
% - Get specific details on ARCADE interface from Emerson collaboration

2
4-metrics-of-success/v1.tex
View File

@ -4,7 +4,7 @@
This work begins at TRL 2--3 and aims to reach TRL 5, where system components operate successfully in a relevant laboratory environment. TRL advancement provides the most appropriate success metric by explicitly measuring the gap between academic proof-of-concept and practical deployment. This section explains why TRLs are the right metric, then defines specific criteria for each level from TRL 3 through TRL 5.
Technology Readiness Levels provide the ideal success metric by explicitly measuring the gap between academic proof-of-concept and practical deployment—precisely what this work bridges. Academic metrics like papers published or theorems proved fail to capture practical feasibility. Empirical metrics like simulation accuracy or computational speed fail to demonstrate theoretical rigor. Both measure simultaneously through TRLs.
Technology Readiness Levels provide the ideal success metric by explicitly measuring the gap between academic proof-of-concept and practical deployment—precisely what this work bridges. Academic metrics like papers published or theorems proved fail to capture practical feasibility. Empirical metrics like simulation accuracy or computational speed fail to demonstrate theoretical rigor. TRLs measure both simultaneously.
Advancing from TRL 3 to TRL 5 requires maintaining theoretical rigor while progressively demonstrating practical feasibility. Formal verification must remain valid as the system moves from individual components to integrated hardware testing—the proofs must compose as the system scales.

2
5-risks-and-contingencies/v1.tex
View File

@ -20,7 +20,7 @@ If computational tractability becomes the limiting factor, we reduce scope to a
\subsection{Discrete-Continuous Interface Formalization}
While computational tractability addresses whether synthesis can complete within practical time bounds—a practical constraint—the second risk proves more fundamental: whether boolean guard conditions in temporal logic can map cleanly to continuous state boundaries required for mode transitions.
Computational tractability addresses whether synthesis can complete within practical time bounds—a practical constraint. The second risk proves more fundamental: whether boolean guard conditions in temporal logic can map cleanly to continuous state boundaries required for mode transitions.
This interface represents the fundamental challenge of hybrid systems: relating discrete switching logic to continuous dynamics. Temporal logic operates on boolean predicates. Continuous control requires reasoning about differential equations and reachable sets. Guard conditions requiring complex nonlinear predicates may resist boolean abstraction, making synthesis intractable. Continuous safety regions that cannot be expressed as conjunctions of verifiable constraints would similarly create insurmountable verification challenges. The risk extends beyond static interface definition to dynamic behavior across transitions. Barrier certificates may fail to exist for proposed transitions. Continuous modes may be unable to guarantee convergence to discrete transition boundaries.

8
6-broader-impacts/v1.tex
View File

@ -4,9 +4,9 @@
The technical approach enables compositional hybrid verification—a capability that did not exist before. But why does this matter beyond academic contribution? Three stakeholder groups converge on the same economic constraint: high operating costs driven by staffing requirements.
The nuclear industry faces uncompetitive per-megawatt costs for small modular reactors. Datacenter operators need hundreds of megawatts of continuous clean power for AI infrastructure. Clean energy advocates need nuclear power to be economically viable.
The nuclear industry faces uncompetitive per-megawatt costs for small modular reactors. Datacenter operators need hundreds of megawatts of continuous clean power for AI infrastructure. Clean energy advocates need nuclear power to be economically viable.
What has changed? Exponentially growing AI infrastructure demands have transformed this longstanding challenge into an immediate crisis. The market now demands solutions that did not exist before.
What has changed? Exponentially growing AI infrastructure demands have transformed this longstanding challenge into an immediate crisis—the market now demands solutions that did not exist before.
Nuclear power presents both a compelling application domain and an urgent economic challenge. Recent interest in powering artificial intelligence infrastructure has renewed focus on small modular reactors (SMRs), particularly for hyperscale datacenters requiring hundreds of megawatts of continuous power. SMRs deployed at datacenter sites minimize transmission losses and eliminate emissions, but nuclear power economics at this scale demand careful attention to operating costs.
@ -58,9 +58,9 @@ establish both the technical feasibility and regulatory pathway for broader
adoption across critical infrastructure.
This section answered three critical Heilmeier questions about impact:
This section answered three critical Heilmeier questions about impact.
\textbf{Who cares?} Three stakeholder groups face the same constraint: the nuclear industry faces an economic crisis for small modular reactors due to per-megawatt staffing costs, datacenter operators need hundreds of megawatts of continuous clean power for AI infrastructure, and clean energy advocates need nuclear power to be economically competitive. All three need autonomous control with safety guarantees.
\textbf{Who cares?} Three stakeholder groups face the same constraint. The nuclear industry faces an economic crisis for small modular reactors due to per-megawatt staffing costs. Datacenter operators need hundreds of megawatts of continuous clean power for AI infrastructure. Clean energy advocates need nuclear power to be economically competitive. All three need autonomous control with safety guarantees.
\textbf{Why now?} Two forces converge: exponentially growing AI infrastructure demands have created immediate need for economical nuclear power at datacenter scale (projections show datacenter electricity demand reaching 1,050 terawatt-hours annually by 2030), and formal methods tools have matured, making compositional hybrid verification computationally achievable. What was theoretically possible but practically intractable a decade ago is now feasible.