Product Details
Avionics Certification: A Complete Guide to DO-178 (Software), DO-254 (Hardware)

Avionics Certification: A Complete Guide to DO-178 (Software), DO-254 (Hardware)
By Vance Hilderman and Tony Baghai

Price: $95.00 & eligible for FREE Super Saver Shipping on orders over $25. Details

Availability: Usually ships in 24 hours
Ships from and sold by Amazon.com

5 new or used available from $95.00

Average customer review:

Product Description

This book explains the most critical safety certification required by commercial and military aircraft. The authors describe each step in creating and submitting formal documents for government approval. Their advice is highly practical, acquired over 20 years of performing successful certifications now flying aboard every major airliner and many military aircraft. The book includes dozens of real-life anecdotes to show where applicants go wrong, fall victim to common myths and waste time with misconceptions. The authors approach avoids the abstract by delivering clear advice on such practical matters as budgets, staff members, tools, programming languages and schedules. They give numerous rules-of-thumb for guiding the reader along what can otherwise be an arduous path to certification. Although the book deals with each milestone of a program, the authors point out, We don t teach regulations, but how to think like the FAA! That approach has worked for scores of companies, helping avoid damaging overruns in budgets and schedules. As DO-178 (software) and DO-254 (hardware) certification become established in aviation, they are spreading to other industries, such transportation, medical instruments and power generation. As in aviation, these technologies are now in the digital world, and need to meet high standards of safe operation demanded for aircraft. Increasingly, these other industries are required to meet DO-178/254 certification. As the authors explain, the official DO-178 and DO-254 documents are not only vague and non-specific, but have to be! The reason is, they need to apply to a wide range of systems. The authors meet the challenge by skillfully interpreting the intent of the documents. They have been doing it for years in world-wide seminars that have trained more people than all other seminars combined. Their book is the first text on this critical subject. Contents of "Avionics Certification" 1. Introduction 2. Real World of DO-178B 3. Planning the Project 4. Criticality Levels 5. What is Certified ? 6. Cost Vs Benefits 7. Military Certification 8. Getting Started 9. Safety Assessment 10. Planning, Development and Correctness 11. Quality Assurance Plan 12. Configuration Management 13. Software Development Plan 14. System Requirements| 15. Software Design 16. Unit Testing 17. Software Testing 18. Structural Coverag 19. Test and Tools 20. DO-254 (Hardware) 21. Hardware Design Life Cycle 22. Gap Analysis 23. Verification 24. Project Organization 25. PSAC 26. Tool Qualification 27. Software Design Aspects 28. Cost Estimation and Metrics Glossary

Product Details

  • Amazon Sales Rank: #81231 in Books
  • Published on: 2007-02-05
  • Binding: Paperback
  • 244 pages

Editorial Reviews

About the Author
Vance Hilderman spent 25 years designing and testing over 150 aerospace systems. He holds BSEE and MBA degrees, and a computer engineering MS from the Univ. of So. California. He founded the world's largest avionics software organization and completed several hundred programs for 50 major avionics companies. Tony Baghai has over 20 years' experience in software certification. He holds a BS degree in Mechanical Engineering and an MS in Aeronautical Engineering. He was one of the youngest Designated Engineering Representatives ever to earn FAA certification for Systems and Level A software

Customer Reviews

Avionics Certification - Awaiting revision1
As an engineer that has used DO-178B since it was first published, I was intrigued by the title of the book. What a disappointment!! I can overlook the formatting, typographical, selling, and grammatical mistakes, of which there are many e.g. "Level A (least critical)" [p40] - is just sloppy editing, but the technical content and misinformation is more worrying, especially if used by inexperienced engineers.

The structure of the book follows the table of contents; unfortunately, the content of the chapters does not.

There is a great deal of repetition that was not checked. The book contradicts itself on the numbers, 20-40% for DO-178B cost, 25-40% level A-D [p140], 50% A-D [p40], cost metric table [p228], and quality/cost graph [p231]. I am not disputing the numbers, but I would expect the numbers to be consistent within the book, at least.

The errors in guidance are much harder to accept, because others may be using this book as a guide. Here are some examples:

1) "An operating system such as can be certifiable, but tools, other components or board support package are not as they can only be verified when integrated with other software components." [p38] Unless the board support package can be partitioned from the operating system, which in general cannot be done, the board support package must have the same level of certification evidence as required by the operating system. .

2) In the discussion of independence, it is difficult to establish if the test/review is to be independent or the review of the coverage analysis [p143]. DO-178B is very clear on this in Table A7.

3) The explanation of Decision and MCDC coverage objectives is unnecessarily confusing. The example would have been better if the condition included an "else" part, which would have shown the differences between level B and C coverage [p144]. Readers are referred to DO-248B for clarification.

4) "What is a `statement'? Answer: smallest compilable entity, e.g. one line of code" [p139], -- clearly this depends on the programming language and how it was written. `Smallest compilable entity' is also vague; it could be an expression - after all common sub-expressions are often identified by compilers.

5) Recommendations for the use of COTS run-time libraries implies that the verification can be performed at the black box level because the source is not available [p133]. How can a system ensure that the functions are continuous and that equivalence classes can be used for testing? I have seen many run-time libraries that include checks for de-normalized numbers (quiet and signaling NaN's, plus and minus zero as well as plus and minus infinity on the PowerPC). The functions are not simple polynomials but include acceleration algorithms to get fast convergence on the result with stated precision as well as tables of initialized constants. Without looking inside, such libraries cannot be verified using equivalence classes because the classes cannot be established.

There are other inaccuracies: "It's the only standard with multiple criticality levels." [p140]. Read other standards like IEC-61508. It is not clear to me that ground-based and homeland security domains are using or considering use of DO-178B. [p58] Ground-based systems are moving to DO-278 and homeland-security is more likely to use the many security standards including Common Criteria.

This review is incomplete, because after reading 25% of the text, I decided to hope for a professionally rewritten second edition. Hopefully, the next revision will be reviewed with independence -- by a DER.

Almost the Ritz cracker for a starving man...4
I was very excited to learn that this book was out, as the practical information about DO-178B is scattered throughout trade and technical journal articles, wikipedia pages, whitepapers, etc. This book truly is a significant contribution that puts a lot of practical information at your fingertips. The authors shoot from the hip and give both technical and practical advice.

Not being a true expert in avionics software certification, I cannot judge the book's technical quality from this regard. However, I do know that DO-178B is a living standard, and that all civil avionics software (practically everywhere in the world) on commercial planes these days had to be written to conform to DO-178B in some way. There are rumors that the recently announced Boeing 787 delay was partially due to the headaches of this standard. But the 787 is certainly one of the most complex avionics systems to have been developed, so this is no surprise that the certification to DO-178B is pushing the envelope and hard to predict in terms of time.

I do know quite well the text of the DO-178B standard. By itself, it provides little practical knowledge, as it was written and maintained by a smallish group of people within the US civil aviations industry. The FAQ part of the DO-178B standard, known as DO-248B, is more useful, but is still hard to digest for those of us trying to get some insight about this arena.

That being said, this book is simple and to the point, and it helps you understand where are the important pitfalls in a DO-178B certification. It's full of practical information, and it's obvious that you're getting the authors' bias of 20+ years' experience in avionics software development. Subjectivity isn't always bad, but sometimes it's hard to separate fact from opinion, because of the loose style of writing employed by the authors.

The real downside, and why I couldn't give the book 5 stars, is the overall sub-par quality control of the book (ironic, since the authors are supposed to know about QA). It's not hard to find typos. Acronyms are used without being introduced first (luckily there's a table in the back). None of the figures or tables are numbered, and some of the figures look like screen-shots as their graphics are sometimes grainy. The writing style is very informal, which is not of itself a bad thing. However, some of the sentences are reminiscent of George Bush-speak. It makes me wonder if the editor for the publisher was doing her job. Here's part of the third paragraph on page 19, speaking of "alternative compliance", to give you a idea of how tough the read can be:

'So, you like this "alternative means of compliance" and want to avoid explicitly testing your operating system by simply showing that you exhaustively use it. But wait, why can't you test the operating system that way? Because what is the combination of inputs into an operating system and the combinations of outputs? You don't know it's a large number that is simply uncalculable (sic) and, therefore, unknown. So you cannot apply exhaustive testing to such an "alternative," therefore, that alternative is not valid. So it was decided that software components were complex and cannot be fully tested.'

For a $90+ paperback, I expected clearer writing and better presentation.

But the content makes it definitely a resource worth having, at least these days, because of the lack of anything else in this niche market. To paraphrase part of an Eddie Murphy routine, "A starving man who's offered a saltine may think he's getting a Ritz cracker."

Best DO-178B Book & Resource I've Seen5
I found the book contained a great deal of practical advice. Most of the other sources I've found seem to take a stronger theoretical and academic approach, while this book offered real world examples, easily understood explanations, and organized in a logical method. If you're an engineer, or perhaps managing a project, that's the information you can use. If you're a professor, looking for the next great literary work of the century, maybe it isn't for you.