Jumbofox55

1. Avant Assessment 4s
2. System Stamp
3. United States Postal System Stamps

Professor of Aeronautics and Astronautics

1. Quick Bytes cover the P2 programming topics requested by our customers. The examples demonstrate programming tools, smart pin modes (ADC, DAC, serial, PWM), communication protocols (SPI, serial, RF), RGB LEDs, games, and motors.
2. 'Digital Answering System with Time/Day Stamp Digital Answering System with Time/Day Stamp Reliable digital answering system with Message Guard memory. View larger This stand-alone answering system records outgoing announcements and incoming messages on a microchip, so there are no tricky tapes or moving parts to manage.

STAMP-based support tools: Features: Open-source, free, 7,000 downloads, generate test cases. Support formal software verification. Features: Supports user macros, flexible control structure abstraction (“zooming in”) Features: Open-source platform for designing and specifying usable and secure systems. Jika anda pernah mengunakan sistem STAMPS sebelum ini. Sila kemaskini No. The numbering system used by Scott to identify stamps is dominant among stamp collectors in the United States, Canada and Mexico. Cover of the first Scott catalog, 1868. The first Scott catalogue was a 21-page pamphlet with the title Descriptive Catalogue of American and Foreign Postage Stamps, Issued from.

(See also)
STAMP Workshop presentations, STAMP-related publications, etc.
System Safety Research Lab (SSRL)
System and Software Safety Research Project
Older papers available on-line
PSAS (Partnership for a Systems Approach to Safety information)

Avant Assessment 4s

Paper on the Role of Software in SpacecraftAccidents
Paper on the Columbia Loss


Phone: (617) 258-0505
Office: 33-334
Email: leveson 'at' mit.edu
Some recent papers on the use of STAMP by others

• Paper on the Use of STAMP on the U.S. Ballistic Missile Defense System
  
• Paper on the application of STAMP to the Comair 5191 Aircraft Accident
  
• Comparison of SOAM and STAMP for ATMincident investigation
  
• Modeling and Hazard Analysis UsingSTPA, the application of STPA on the JAXA HTV (unmanned transfer vehicleto the ISS)
  
• A Tool Suite Supporting a Systems-Theoretic HazardAnalysis Technique
  
• Preserving System Safety across the Boundarybetween System Integrator and Software Contractor
  

[If you want a serious bio or are downloading one, click here. Please do not usethe one below.]

Nancy Leveson received all her degrees, in math, management, and computerscience, from UCLA (Ph.D. 1980) and spent her formative years being aComputer Science professor at the University of California, Irvine. Movingto Seattle in 1993 in search of rain, she was Boeing Professor of ComputerScience and Engineering at the University of Washington. She has now movedto MIT in her continual search for worse weather and new fields to conquer.In the process, she somehow morphed herself into an aerospace engineer andhas dual faculty positions in the MIT Dept. of Aeronautics and Astronauticsand the Engineering Systems Division.

Professor Leveson started a new area of research, software safety, which isconcerned with the problems of building software for real-time systemswhere failures can result in loss of life or property. One advantage ofthis topic is that nobody questions its goals, except for a few misanthropes(who don't matter anyway). She and her students produced a formalrequirements specification for TCAS II, a real collision-avoidancesystem required on all commercial aircraft in U.S. airspace. One of thelessons she has learned from this project is never to do anything like itagain. The FAA was pleased with it though and adopted it as theirofficial specification. She and her students are now analyzing safety inNextGen (the planned upgrades to the air transportation system). She claims that you should not read anythinginto the fact that she has been taking the train a lot lately. Our TCASmodel is still being used to specify and evaluate potential upgrades toTCAS. Using this preliminary work, we have defined a complete systemengineering environment for software-intensive systemsthat is based on model-driven development and a concept called IntentSpecifications. A commercial set of tools was released to the unsuspectingworld in June 2003. Most recently, she has been applying these tools tospace projects (as if NASA does not have enough problems right now).

Different industries have traditionally used very different approachesto safety engineering. See White Paper onApproaches to Safety Engineering for an overview. Our technology ischanging rapidly, however, and these approaches are quickly becomingineffective.The System Safety Research Lab is creating new approaches to system safety that handle increasedlevels of complexity and new technology. Our techniques are based on a newsystem-theoretic model of accidents (STAMP) that replaces the traditionalchain-of-events model underlying most current accident investigation,prevention, and assessment procedures. The model includes software,organizations, management, human decision-making, and migration of systemsover time to states of heightened risk. Several theses and dissertations aswell as my new book that appeared in January 2012 demonstrate theapplication of the new tools to a varietyof engineered systems. Looking for new worlds to conquer, we have beenexperimenting with the use of STAMP in non-engineering applications suchas hospital safety, pharmaceutical safety, food safety, corporate fraud,and (as if we were not already in enough trouble) the financial crisis.

An introduction toSTAMP (much shorter than the book draft) appeared in Safety Science in2003 titled A NewAccident Model for Engineering Safer Systems . Some publishedexamples of its use (by us and others) on an analysis of the causal factors in a water contamination accident , the use of STAMP to perform a risk analysis ofinadvertent launch in the new U.S. Ballistic Missile Defense System ,and the application of STAMPto the Comair 5191 Aircraft Accident can be downloaded.Another popular paper describes the software-related factors in recentaerospace accidents (AIAA Journal of Spacecraft and Rockets,to appear).

Because people keep reinventing n-version programming although they shouldknow better, a postscript version of the paper is included here thatKnight and Leveson wrote for Software Engineering Notes, January,1990. The paper, titled 'A Reply to the Criticisms of theKnight and Leveson Experiment' provides their view ofthe controversy that arose over their N-version programming experimentand the subsequent criticisms leveled at them and their experiment.

Professional Activities (or what I do to keep out of trouble)

Professor Leveson has been Editor-in-Chief of IEEE Transactionson Software Engineering, an elected member of the Board ofDirectors of the International Council on Systems Engineering (INCOSE),an elected member of the Board of Directors of the ComputingResearch, a member of the National Research Council Advisory Committeeto the Division on Engineering and Physical systems, a member of theACM Committee on Computers and Public Policy, a consultant to theNASA Aerospace Safety Advisory Panel (ASAP), and a member of variousblue ribbon and report writing committees on topics such as nuclearpower plants, automated highways, Space Shuttle upgrades, airtraffic management, and various aerospace systems. She is currentlyresting from all this frenetic activity, teaching, and writing a book.

Dr. Leveson is a Fellow of the ACM and was awardedthe 1995 AIAA Information Systems Award for contributions in space andaeronautics computer technology and science for 'developing the fieldof software safety and for promoting responsible software and systemengineering practices where life and property are at stake.' She wasawarded the ACM 1999 Allen Newell Award for research contributionsto computer science and the 2004 ACM Sigsoft Award for OutstandingSoftware Research. Several years ago she was elected to theNational Academy of Engineering (NAE).

Short Courses (or A five day tour of safety engineering)

Dr. Leveson occasionally gives short courses on software safety for industry.For information about these classes, click here.An old list of some of the companies and government agencies that have sentemployees to the class can be found here.

Commercial Ventures (or Yeah, but what can you do for me right now?)

Dr. Leveson, some former students of hers, and some people with lots ofreal industrial experience started a company in 1995 with the modest goalof making the world a safer place to live. For more information aboutSafeware Engineering Corporation, click here.

Publications (lots more can be found in papers ifyou are a glutton for punishment)

Dr. Leveson's book on software safety,(Safeware: System Safety and Computers, Addison-Wesley, 1995) includesalmost everything she knew about the subject in 1995. Since then she haseither gotten wiser or more confused (depending on your viewpoint) and iswriting a second book . As if I hadn't causedenough trouble in the English-speaking world, Safeware was translated intoJapanese and published in Japan in 2009 (Shoeisha Publishing Company).I cannot vouch for its correctness, of course, but it appears to be muchlonger in Japanese.
Recent research papers are available via the web.

Two popular papers you might find interesting and fun to read:

'High-Pressure Steam Engines and Computer Software'(Postscript) or (PDF).This paper started as akeynote address at the International Conference on Software Engineering inMelbourne, Australia) and later was published in IEEE Software, October 1994.

'The Therac-25 Accidents' (Postscript ) or(PDF). This paperis an updated version of the original IEEE Computer (July 1993) article.It also appears in the appendix of my book.

You may also like to argue with me about the future of software engineering Software Engineering: A Look Back and a Path tothe Future (html) , which was invited for the 50th Anniversity issueof the CACM (February 1997).

Women in computer science papers:

'Women in Computer Science' (Postscript ) or(PDF).This is a report I wrote for the NSF CISECross-Disciplinary Activities Advisory Committee in December 1989.

' educational=' pipeline=' issues=' for=' women'(Postscript ) or (PDF): A transcript of a presentation Imade to the Snowbird Meeting of CS and CE department chairs a few years ago.It also appeared in Computer Research News, but I have no idea when.

NSF Report on the Status of Women in Computer Science: A report I wrotein response to a request from Eric Bloch, who was head of NSF at the time,on the status of women in computer science( postscript) ) or (PDF).

Stamp Game
Materials
- Large quantities of wooden squares of equal size about 1 inch square like stamps:
Each stamp of 1 is green marked with ‘1’.
Each stamp of 10 is blue marked with ‘10’.
Each stamp of 100 is red marked with ‘100’.
Each stamp of 1000 is green marked with ‘1000’.
- A pencil and ruler
- Special grid paper
Notes
This material is more symbolic, so this work is moving from the concrete to the more abstract.
With this material, we will introduce writing the problem and will therefore introduce the symbol for writing the problem. This work will be all individual.

Introduction

• Invite the child to come and work with you.
• Show the child the material and have him first bring over the paper needed. Then show the child the material and have him bring over the box of wooden tiles as well as the tray from Introduction to Quantity.
• Show the child the 1 green tile and show the 1 unit to the child. Tell the child that it is the same as the unit bead.
• Show the child the blue tile and have him read the ‘10’ written on it. Tell the child that this is just like the ten-bar.
• Repeat for the tiles of 100 and 1000.
• Do a Three Period Lesson with the 1, 10, 100, and 1000 tiles.
• Show the child that when we take out the 1 tiles, we place them directly in front of the compartment where the other 1’s are.
• Tell the child that you are going to take out 5. Take out 5 of the 1 tiles and place them all in front of the 1 compartment.
• Put them back and give the child a few numbers to take out. Such as make 3 tens, or 5 hundreds, or 2 thousands.
• Then give the child a larger number.
• Say, “Now we are going to make a larger number. This number will have 3 units, 5 tens, 2 hundreds, 1 thousand.
• As you give the child each number, have him take out the appropriate tiles.
• Count to check the final product and then have the child put the tiles back into their compartments.

Presentation 1: Addition

To be done directly following the Introduction.

Static Addition

1. Show the child the paper on which we write our problems.
2. Tell the child that the first column is where we write the units. The second column is where we write the tens, the third column is where we write the hundreds, and the fourth column is where we write the thousands.
3. Write a number, such as 1524 and read it with the child as: 4 units, 2 tens, 5 hundreds, and 1 thousand. Then read it: 1524.
4. Have the child create the number using the tiles.
5. Tell the child that we are going to make another number.
6. Show the child that you will write this new number below the first number on the piece of paper.
7. Write: 1241 and read it with the child as before.
8. Show the child that we will place the tiles for this number a little below the other tiles.
9. Have the child create this number using the tiles.
10. Tell him that we will see how much we have all together.
11. Tell the child that we show this by using the addition sign. Show the child the sign and where to place it on the paper.
12. Then draw a line under the last number using the ruler.
13. Have the child count all of the units: 4 + 1 = 5
14. Write in 5 under the units on the paper.
15. Have the child count the tens, hundreds, and thousands, each time writing the answer down.
16. Read the final answer with the child: When we have 1524 and we add 1241 we get 2765!
    
17. Allow the child a turn with another example. Guide him with questions.
    

Dynamic Addition

1. Have the child construct and write the first add-in, first the units, tens, hundreds, and then thousands.
2. Have the child write another add in, but guide the child so that there will be a need to change the numbers.
3. Have the child construct the two numbers using the tiles.
4. Count all of the tiles and notice that you are going to need to change some of the tiles. Have the child do so.
5. Read the finished problem with the child.
   
6. Allow the child a turn with another example. Guide him with questions.

Exercice

The child works alone, creating his own problems.

Presentation 2: Substraction

Static Substraction

1. Invite the child to come and work with you.
2. Write a first number and a second number. Introduce the new subtraction sign.
3. Have the child construct the first number.
   
4. Tell the child that we are going to take 3 units from the four units constructed.
5. Have the child move 3 units off to the left side of the table.
6. Count how many units you have left and write the answer.
7. Have the child take 2 tens away from the 5 and more them off to the side of the table. Count and then write how many tens are left.
8. Repeat for the hundreds and thousands.
9. Read the answer with the child.
   

Dynamic Substraction

1. Write a first large number and a second number under it. Make sure that this will lead to dynamic subtraction.

2. Have the child create the first number.
3. Ask the child how many units are we going to take away: 3 units. But as the child becomes stuck, say that we are going to have to change one of the tens for units. Take out ten units and replace it with one of the ten tiles.
4. Then have the child take 3 units away from the now 12 units. Place the unneeded tiles off to the side of the table.


5. Have the child write how many units he has left.
6. Repeat for the tens, hundreds, and thousands. Change when needed.
7. Read the final problem with the answer with the child.
   
8. Repeat until the child feels comfortable to work alone.
   

Exercice

The child works alone, creating his own problems.

System Stamp

Presentation 3: Multiplication

Static Multiplication

1. Invite the child to come and work with you.
2. Create a problem.
3. Introduce the new multiplication symbol to the child. “This is a new symbol for multiplication. It is called the ‘times’ symbol.
4. Read the problem with the child: 2123 times 3.
5. Have the child create 2123.
6. Read with the child and say, “Yes, this is 2123. But we want 2123 three times. Lets see you make this number a total of three times!”
7. Have the child create 2123 three times.


8. Slide all of the tiles from the same category up together to create only four rows.
9. Have the child count all the units and then fill in the answer on the paper.
10. Repeat for the tens, hundreds, and thousands.
    

Dynamic Multiplication

1. Invite a child to come and work with you.
2. Create a problem
3. Read it: 2635 times 5. Make mention that we are going to take this number 5 times!
4. Take out the skittles and place them in a vertical line with ample space between them.
5. Have the child create 2635 to line up with the first skittle.
6. Have the child create 2635 four more times.
7. Have the child count the total amount of units, changing when needed.
8. Count the total amount of tens, changing when needed.
9. Count the total amount of hundreds, changing when needed.
10. Once done, have the child count what is left and write the answer on the piece of paper.

Exercice

The child works alone as shown in the presentation

Note

Although there is a limitation in the material, the child may multiply any number he may wish.

Presentation 3: Division

Static Division

1. Invite a child to come and work with you and have him bring the material to the table.
2. Create a problem.
3. Introduce the two new symbols to the child.
4. Have the child create 3636 using the tiles.
5. Show the child the green skittle and place them in a row to the right of the tiles. Explain to the child that we are going to give each skittle the same amount of tiles.
6. Tell the child that when we divide, we always start with the thousands.
7. “Give” each skittle a thousand tile.
8. Notice that there are no more 1000 tiles to give.
9. “Give” each skittle a 100 tile. Notice that there are more 100 tiles. Give each skittle another 100 tile.


10. Give each skittle a 10 tile and notice that there are no more left to give.
11. Give each skittle a 1 tile until there are none left.
12. Tell the child: “In division, we always look at what one get, so lets see how many one skittle got.”
13. Count what one skittle got, writing in the units, the tens, the hundreds, and then the thousands.
    

Dynamic Division: no remainder

1. Invite a child to come and work with you and have him>bring the material to the table.
2. Create a problem: 6525 ¸ 5 =
3. Have the child create 6525 using the tiles.
4. remind the child that when we divide, we start with the thousand.
5. “Give” each skittle a thousand tile.
6. Notice that we have 1 left over. Change it for ten hundred tiles.
7. “Give” each skittle a hundred until there are no more hundred tiles. Notice that there are none left after we gave each skittle 3 hundreds.
8. Notice that there are not enough ten tiles to give to each skittle. Change one ten tile into 10 unit tiles and then change the second ten tile into 10 unit tiles.
9. Give each skittle a unit tile until there are none left.
10. Count how many tiles one skittle has and write down the number each number at a time.
    

Dynamic Division: remainder

1. Create a problem for the child: 6738 ¸ 5 =
2. The procedure for this exercise is the same as in the above procedure for Division with no remainder except for the end.
3. Notice with the child that there are some unit tiles left and not enough to give to each skittle. Tell the child that these tiles are called a “remainder”. Show the child how to write the remainder.
   

Dynamic Division: 2 level divisor

1. Invite a child to come and work with you and have himbring the material to the table.
2. Create a problem:
3. Have the child create 4583 using the tiles.
4. Discuss how many units there are in 12 = 2 units.
5. Place two green skittles at the top of the table.
6. Discuss how many tens there are in 12 = 1 ten.
7. Place one blue skittle at the top of the table to the left of the green skittles.
8. Begin by giving the blue skittle a tile of a thousand. Discuss with the child that if the blue skittle gets a thousand tile, the green tiles must each get a hundred tile because the green tile is ten times less than the blue tile.
9. Give each green skittle a hundred tile for every thousand tile you give to the blue skittle.
10. When there are two thousand tiles left but only a hundred tile, change one of the thousand tiles for ten hundreds. Give the last thousand to the blue skittle and two hundred tiles to the two green skittles.




11. Continue in this manner, giving the green skittles ten times less that what you give the blue skittle.
12. Once all of the tiles that can be shared are shared, remind the child that in division, we always look at what one person gets. Have the child count the tiles for one of the green skittles, writing in how many units, tens, hundreds, and thousands one skittle gets and have the child write in the remainder.

Dynamic Division: 3 level divisor

This is to be done in the same way as Division with a 2 level divisor. The hundred should be represented by a red skittle.

Dynamic Division: 3 level divisor with a zero in the tens

United States Postal System Stamps

As above but since there are no tens, “keep” the place of the ten by placing a blue circle where the skittle would have gone. Tell the child that this “holds” the tens spot. From time to time, ask the child what the ten would get if it was not a zero.
Move the circle down before beginning to give out a new grouping of tiles. (The child should answer that he would get 100 times less than the hundred skittle.) See diagram for finished product:

Dynamic Division: 3 level divisor with a zero in the units

As above but since there are no units, “keep” the place of the unit by placing a green circle where the skittle would have gone. Tell the child that this “holds” the unit’s spot. From time to time, ask the child what the unit would get if it was not a zero.

Move the circle down before beginning to give out a new grouping of tiles. (The child should answer that the unit would get 10 times less than the ten skittle.) Once the operation is complete, remind the child that in division we always look at what one gets so you will need to divide what a ten skittle got into ten unit skittles. See diagram for finished product:

Exercice

The child can work alone, creating his own division problems to solve as he was shown in the presentations.

Purpose

Direct
To give the child the opportunity of carrying out individual
Exercises in the four operations. Previously, he needed the collaboration of other children to do these operations with the bead material of the decimal system.

Long division
As above, and so become more familiar with all the steps involved in long division. The use of this more symbolic material helps the child to move closer towards abstraction.

Control of Error
The child’s growing knowledge.

Age
To 5 1/2 years for addition, subtraction, multiplication and short division.
To 6 years for long division.

Questions, Comments ?

Share your experiences in the Forum