113 lines
5.7 KiB
TeX
113 lines
5.7 KiB
TeX
% GOAL PARAGRAPH
|
|
The goal of this research is to develop a methodology for creating autonomous
|
|
\oldt{control systems with event-driven control laws that have guarantees of
|
|
safe and correct behavior.} \newt{hybrid control systems with mathematical
|
|
guarantees of safe and correct behavior.}
|
|
|
|
% INTRODUCTORY PARAGRAPH Hook
|
|
Nuclear power relies on extensively trained operators who follow detailed
|
|
written procedures to manage reactor control. Based on these procedures and
|
|
\oldt{operators'} \newt{their} interpretation of plant conditions,
|
|
\oldt{operators} \newt{they} make critical decisions about when to switch
|
|
between control objectives.
|
|
% Gap
|
|
\oldt{But, reliance} \newt{This reliance} on human operators has created an
|
|
economic challenge for next-generation nuclear power plants. Small modular
|
|
reactors face significantly higher per-megawatt staffing costs than
|
|
conventional plants.Autonomous
|
|
control systems \oldt{are needed that can} \newt{must} safely manage complex
|
|
operational sequences with the same assurance as human-operated systems, but
|
|
without constant supervision.
|
|
|
|
% APPROACH PARAGRAPH Solution
|
|
To address this need, we will combine formal methods from computer science
|
|
with control theory \oldt{to build hybrid control systems that are correct by
|
|
construction.} \newt{to build hybrid control systems that are correct by
|
|
construction, leveraging the extensive domain knowledge already embedded in
|
|
existing operating procedures and safety analyses.}
|
|
% Rationale
|
|
Hybrid systems use discrete logic to switch between continuous control modes,
|
|
similar to how operators change control strategies. Existing formal methods
|
|
generate provably correct switching logic but cannot handle continuous
|
|
dynamics during transitions, while traditional control theory verifies
|
|
continuous behavior but lacks tools for proving discrete switching
|
|
correctness.
|
|
|
|
% Hypothesis and Technical Approach
|
|
We will bridge this gap through a three-stage methodology. First, we will
|
|
translate written operating procedures into temporal logic specifications
|
|
using NASA's Formal Requirements Elicitation Tool (FRET). \oldt{which
|
|
structures requirements into scope, condition, component, timing, and
|
|
response elements. This structured approach enables realizability checking to
|
|
identify conflicts and ambiguities in procedures before implementation.}
|
|
\newt{FRET structures requirements into scope, condition, component, timing,
|
|
and response elements, enabling realizability checking that identifies
|
|
conflicts and ambiguities in procedures before implementation.}
|
|
|
|
Second, we will synthesize discrete mode switching logic using reactive
|
|
synthesis \oldt{to generate deterministic automata that are provably correct
|
|
by construction.} \newt{to produce deterministic automata that are correct by
|
|
construction.}
|
|
Third, we will develop continuous controllers for each discrete mode using
|
|
standard control theory and reachability analysis. We will classify
|
|
continuous modes based on their transition objectives \oldt{, and then employ
|
|
assume-guarantee contracts and barrier certificates to prove that mode
|
|
transitions occur safely and as defined by the deterministic automata.}
|
|
\newt{and verify safe mode transitions using barrier certificates and
|
|
reachability analysis.}
|
|
|
|
This compositional approach enables local verification of continuous modes
|
|
without requiring global trajectory analysis across the entire hybrid system.
|
|
\oldt{We will demonstrate this on an Emerson Ovation control system.}
|
|
\newt{We will validate this methodology through hardware-in-the-loop testing
|
|
on an Emerson Ovation distributed control system, made possible through the
|
|
University of Pittsburgh Cyber Energy Center's industry partnership.}
|
|
|
|
% Pay-off
|
|
This approach \oldt{will demonstrate autonomous control can be used for}
|
|
\newt{enables autonomous management of} complex nuclear power operations
|
|
while maintaining safety guarantees.
|
|
|
|
% OUTCOMES PARAGRAPHS
|
|
If this research is successful, we will be able to do the following:
|
|
\begin{enumerate}
|
|
% OUTCOME 1 Title
|
|
\item \textit{Synthesize written procedures into verified control logic.}
|
|
% Strategy
|
|
We will develop a methodology for converting written operating procedures
|
|
into formal specifications. These specifications will be synthesized into
|
|
discrete control logic using reactive synthesis tools.
|
|
% Outcome
|
|
\oldt{Control engineers will be able to generate mode-switching
|
|
controllers from regulatory procedures with little formal methods
|
|
expertise, reducing barriers to high-assurance control systems.}
|
|
\newt{This will reduce barriers to high-assurance control systems by
|
|
generating verified mode-switching controllers directly from regulatory
|
|
procedures.}
|
|
|
|
% OUTCOME 2 Title
|
|
\item \textit{Verify continuous control behavior across mode transitions.}
|
|
% Strategy
|
|
We will develop methods using reachability analysis to ensure continuous
|
|
control modes satisfy discrete transition requirements.
|
|
% Outcome
|
|
Engineers will be able to design continuous controllers using standard
|
|
practices while ensuring system correctness and proving mode transitions
|
|
occur safely at the right times.
|
|
|
|
% OUTCOME 3 Title
|
|
\item \textit{Demonstrate autonomous reactor startup control with safety
|
|
guarantees.}
|
|
% Strategy
|
|
We will implement this methodology on a small modular reactor simulation
|
|
using industry-standard control hardware.
|
|
% Outcome
|
|
\oldt{Control engineers will be able to achieve autonomy without
|
|
retraining costs or developing new equipment by implementing
|
|
high-assurance autonomous controls on industrial platforms they already
|
|
use.} \newt{Without retraining costs or new equipment, control engineers
|
|
will be able to implement high-assurance autonomous controls on industrial
|
|
platforms they already use.}
|
|
|
|
\end{enumerate}
|