145 lines
8.0 KiB
TeX
145 lines
8.0 KiB
TeX
\section{Goals and Outcomes}
|
|
|
|
% GOAL PARAGRAPH
|
|
The goal of this research is to develop a methodology for creating autonomous
|
|
hybrid control systems\footnote{A \textit{hybrid control system} combines two
|
|
types of control: discrete decisions (like ``switch from heating mode to
|
|
cooling mode'') and continuous control (like gradually adjusting a
|
|
temperature). Most complex systems---cars, aircraft, power plants---work this
|
|
way, switching between different operating modes while smoothly controlling
|
|
physical processes within each mode.} with mathematical guarantees of safe and
|
|
correct behavior.
|
|
|
|
% INTRODUCTORY PARAGRAPH Hook
|
|
Nuclear power plants require the highest levels of control system reliability,
|
|
where failures can result in significant economic losses, service interruptions,
|
|
or radiological release.
|
|
% Known information
|
|
Currently, nuclear plant operations rely on extensively trained human operators
|
|
who follow detailed written procedures and strict regulatory requirements to
|
|
manage reactor control. These operators make critical decisions about when to
|
|
switch between different control modes based on their interpretation of plant
|
|
conditions and procedural guidance.
|
|
% Gap
|
|
This reliance on human operators prevents autonomous control and creates a
|
|
fundamental economic barrier for next-generation reactor designs. Small modular
|
|
reactors\footnote{\textit{Small modular reactors} (SMRs) are a new generation
|
|
of nuclear reactors that are physically smaller than traditional plants and can
|
|
be factory-built in modules. Think of the difference between building a custom
|
|
house on-site versus assembling a prefabricated one. They produce less power
|
|
individually but are designed to be cheaper and faster to deploy.} face
|
|
per-megawatt staffing costs far exceeding those of conventional plants,
|
|
threatening their economic viability.
|
|
|
|
% Critical Need
|
|
What is needed is a method to create autonomous control systems that safely
|
|
manage complex operational sequences with the same assurance as human-operated
|
|
systems, but without constant human supervision.
|
|
% APPROACH PARAGRAPH Solution
|
|
To address this need, we will combine formal methods\footnote{\textit{Formal
|
|
methods} are mathematical techniques used to prove that a system will behave
|
|
exactly as intended---not just test it and hope, but actually \textit{prove}
|
|
it the way you prove a theorem in geometry. If the proof holds, the system
|
|
cannot have certain types of errors. This is the gold standard for
|
|
safety-critical systems.} with control theory to build hybrid control systems
|
|
that are correct by construction.\footnote{\textit{Correct by construction}
|
|
means the system is built in a way that guarantees correctness from the start,
|
|
rather than building something and then testing to find bugs. The design
|
|
process itself prevents errors from being introduced.}
|
|
% Rationale
|
|
Hybrid systems use discrete logic\footnote{\textit{Discrete logic} deals with
|
|
distinct, separate states---like an on/off switch or a set of step-by-step
|
|
instructions. This is in contrast to \textit{continuous} behavior, which
|
|
changes smoothly over time, like temperature rising gradually. The challenge
|
|
Dane is tackling is that nuclear reactors involve \textit{both}: operators
|
|
follow step-by-step procedures (discrete) that control smoothly changing
|
|
physical processes (continuous).} to switch between continuous control modes,
|
|
mirroring how operators change control strategies. Existing formal methods can
|
|
generate provably correct switching logic from written requirements, but they
|
|
cannot handle the continuous dynamics that occur during transitions between
|
|
modes. Meanwhile, traditional control theory can verify continuous behavior but
|
|
lacks tools for proving correctness of discrete switching decisions.
|
|
% Hypothesis
|
|
By synthesizing discrete mode transitions directly from written operating
|
|
procedures and verifying continuous behavior between transitions, we can create
|
|
hybrid control systems with end-to-end correctness guarantees. If existing
|
|
procedures can be formalized into logical specifications and continuous dynamics
|
|
verified against transition requirements, then autonomous controllers can be
|
|
built that are provably free from design defects.
|
|
% Pay-off
|
|
This approach will enable autonomous control in nuclear power plants while
|
|
maintaining the high safety standards required by the industry. The University
|
|
of Pittsburgh Cyber Energy Center's partnership with Emerson provides access to
|
|
industry-standard control hardware, ensuring that developed solutions align with
|
|
practical implementation requirements from the outset.
|
|
|
|
% OUTCOMES PARAGRAPHS
|
|
If this research is successful, we will be able to do the following:
|
|
|
|
\begin{enumerate}
|
|
|
|
% OUTCOME 1 Title
|
|
\item \textbf{Translate written procedures into verified control logic.}
|
|
% Strategy
|
|
We will develop a methodology for converting existing written operating
|
|
procedures into formal specifications\footnote{A \textit{formal
|
|
specification} is a precise, mathematical description of what a system
|
|
must do. Written operating procedures say things like ``if temperature
|
|
exceeds 315\textdegree{}C, switch to cooling mode.'' A formal specification
|
|
says the same thing in mathematical language that a computer can reason
|
|
about and verify.} that can be automatically synthesized
|
|
into discrete control logic. This process will use structured intermediate
|
|
representations to bridge natural language procedures and mathematical
|
|
logic.
|
|
% Outcome
|
|
Control system engineers will generate verified mode-switching controllers
|
|
directly from regulatory procedures, lowering the barrier to high-assurance
|
|
control systems.
|
|
|
|
% OUTCOME 2 Title
|
|
\item \textbf{Verify continuous control behavior across mode transitions.}
|
|
% Strategy
|
|
We will establish methods for analyzing continuous control modes to ensure
|
|
they satisfy discrete transition requirements. Using classical control
|
|
theory for linear systems and reachability analysis\footnote{\textit{Reachability analysis} answers the question: ``Starting from
|
|
here, what are all the possible places the system could end up?'' If you
|
|
can show that all possible paths stay within safe boundaries and eventually
|
|
reach the target, you have proven the controller works correctly.} for
|
|
nonlinear dynamics, we will verify that each continuous mode safely reaches
|
|
its intended transitions.
|
|
% Outcome
|
|
Engineers will design continuous controllers using standard practices
|
|
while iterating to ensure broader system correctness, proving that mode
|
|
transitions occur safely and at the correct times.
|
|
|
|
% OUTCOME 3 Title
|
|
\item \textbf{Demonstrate autonomous reactor startup control with safety
|
|
guarantees.}
|
|
% Strategy
|
|
We will apply this methodology to develop an autonomous controller for
|
|
nuclear reactor startup procedures, implementing it on a small modular
|
|
reactor simulation using industry-standard control hardware. This
|
|
demonstration will prove correctness across multiple coordinated control
|
|
modes from cold shutdown through criticality\footnote{\textit{Criticality}
|
|
is the point at which a nuclear reactor sustains a chain reaction on its
|
|
own. Getting there safely from a cold, shut-down state involves carefully
|
|
coordinated steps---this is the startup sequence Dane aims to automate.}
|
|
to power operation.
|
|
% Outcome
|
|
We will demonstrate that autonomous hybrid control can be realized in the
|
|
nuclear industry with current equipment, establishing a path toward
|
|
reduced operator staffing while maintaining safety.
|
|
|
|
\end{enumerate}
|
|
|
|
% IMPACT PARAGRAPH Innovation
|
|
The innovation in this work is unifying discrete synthesis with continuous
|
|
verification to enable end-to-end correctness guarantees for hybrid systems.
|
|
% Outcome Impact
|
|
If successful, control engineers will create autonomous controllers from
|
|
existing procedures with mathematical proof of correct behavior. High-assurance
|
|
autonomous control will become practical for safety-critical applications.
|
|
% Impact/Pay-off
|
|
This research will provide the tools to achieve that autonomy while maintaining
|
|
the exceptional safety record the nuclear industry requires.
|