\section{Goals and Outcomes} % GOAL PARAGRAPH The goal of this research is to develop a methodology for creating autonomous hybrid control systems\footnote{A \textit{hybrid control system} combines two types of control: discrete decisions (like ``switch from heating mode to cooling mode'') and continuous control (like gradually adjusting a temperature). Most complex systems---cars, aircraft, power plants---work this way, switching between different operating modes while smoothly controlling physical processes within each mode.} with mathematical guarantees of safe and correct behavior. % INTRODUCTORY PARAGRAPH Hook Nuclear power plants require the highest levels of control system reliability, where failures can result in significant economic losses, service interruptions, or radiological release. % Known information Currently, nuclear plant operations rely on extensively trained human operators who follow detailed written procedures and strict regulatory requirements to manage reactor control. These operators make critical decisions about when to switch between different control modes based on their interpretation of plant conditions and procedural guidance. % Gap This reliance on human operators prevents autonomous control and creates a fundamental economic barrier for next-generation reactor designs. Small modular reactors\footnote{\textit{Small modular reactors} (SMRs) are a new generation of nuclear reactors that are physically smaller than traditional plants and can be factory-built in modules. Think of the difference between building a custom house on-site versus assembling a prefabricated one. They produce less power individually but are designed to be cheaper and faster to deploy.} face per-megawatt staffing costs far exceeding those of conventional plants, threatening their economic viability. % Critical Need What is needed is a method to create autonomous control systems that safely manage complex operational sequences with the same assurance as human-operated systems, but without constant human supervision. % APPROACH PARAGRAPH Solution To address this need, we will combine formal methods\footnote{\textit{Formal methods} are mathematical techniques used to prove that a system will behave exactly as intended---not just test it and hope, but actually \textit{prove} it the way you prove a theorem in geometry. If the proof holds, the system cannot have certain types of errors. This is the gold standard for safety-critical systems.} with control theory to build hybrid control systems that are correct by construction.\footnote{\textit{Correct by construction} means the system is built in a way that guarantees correctness from the start, rather than building something and then testing to find bugs. The design process itself prevents errors from being introduced.} % Rationale Hybrid systems use discrete logic\footnote{\textit{Discrete logic} deals with distinct, separate states---like an on/off switch or a set of step-by-step instructions. This is in contrast to \textit{continuous} behavior, which changes smoothly over time, like temperature rising gradually. The challenge Dane is tackling is that nuclear reactors involve \textit{both}: operators follow step-by-step procedures (discrete) that control smoothly changing physical processes (continuous).} to switch between continuous control modes, mirroring how operators change control strategies. Existing formal methods can generate provably correct switching logic from written requirements, but they cannot handle the continuous dynamics that occur during transitions between modes. Meanwhile, traditional control theory can verify continuous behavior but lacks tools for proving correctness of discrete switching decisions. % Hypothesis By synthesizing discrete mode transitions directly from written operating procedures and verifying continuous behavior between transitions, we can create hybrid control systems with end-to-end correctness guarantees. If existing procedures can be formalized into logical specifications and continuous dynamics verified against transition requirements, then autonomous controllers can be built that are provably free from design defects. % Pay-off This approach will enable autonomous control in nuclear power plants while maintaining the high safety standards required by the industry. The University of Pittsburgh Cyber Energy Center's partnership with Emerson provides access to industry-standard control hardware, ensuring that developed solutions align with practical implementation requirements from the outset. % OUTCOMES PARAGRAPHS If this research is successful, we will be able to do the following: \begin{enumerate} % OUTCOME 1 Title \item \textbf{Translate written procedures into verified control logic.} % Strategy We will develop a methodology for converting existing written operating procedures into formal specifications\footnote{A \textit{formal specification} is a precise, mathematical description of what a system must do. Written operating procedures say things like ``if temperature exceeds 315\textdegree{}C, switch to cooling mode.'' A formal specification says the same thing in mathematical language that a computer can reason about and verify.} that can be automatically synthesized into discrete control logic. This process will use structured intermediate representations to bridge natural language procedures and mathematical logic. % Outcome Control system engineers will generate verified mode-switching controllers directly from regulatory procedures, lowering the barrier to high-assurance control systems. % OUTCOME 2 Title \item \textbf{Verify continuous control behavior across mode transitions.} % Strategy We will establish methods for analyzing continuous control modes to ensure they satisfy discrete transition requirements. Using classical control theory for linear systems and reachability analysis\footnote{\textit{Reachability analysis} answers the question: ``Starting from here, what are all the possible places the system could end up?'' If you can show that all possible paths stay within safe boundaries and eventually reach the target, you have proven the controller works correctly.} for nonlinear dynamics, we will verify that each continuous mode safely reaches its intended transitions. % Outcome Engineers will design continuous controllers using standard practices while iterating to ensure broader system correctness, proving that mode transitions occur safely and at the correct times. % OUTCOME 3 Title \item \textbf{Demonstrate autonomous reactor startup control with safety guarantees.} % Strategy We will apply this methodology to develop an autonomous controller for nuclear reactor startup procedures, implementing it on a small modular reactor simulation using industry-standard control hardware. This demonstration will prove correctness across multiple coordinated control modes from cold shutdown through criticality\footnote{\textit{Criticality} is the point at which a nuclear reactor sustains a chain reaction on its own. Getting there safely from a cold, shut-down state involves carefully coordinated steps---this is the startup sequence Dane aims to automate.} to power operation. % Outcome We will demonstrate that autonomous hybrid control can be realized in the nuclear industry with current equipment, establishing a path toward reduced operator staffing while maintaining safety. \end{enumerate} % IMPACT PARAGRAPH Innovation The innovation in this work is unifying discrete synthesis with continuous verification to enable end-to-end correctness guarantees for hybrid systems. % Outcome Impact If successful, control engineers will create autonomous controllers from existing procedures with mathematical proof of correct behavior. High-assurance autonomous control will become practical for safety-critical applications. % Impact/Pay-off This research will provide the tools to achieve that autonomy while maintaining the exceptional safety record the nuclear industry requires.