Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
GB/T 20438 consists of seven parts under the general title of Functional safety of electrical/electronic/programmable electronic safety-related systems:
——Part 1: General requirements;
——Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems;
——Part 3: Software requirements;
——Part 4: Definitions and abbreviations;
——Part 5: Examples of methods for the determination of safety integrity levels;
——Part 6: Guidelines on the application of GB/T 20438.2 and GB/T 20438.3;
——Part 7: Overview of techniques and measures.
This is Part 7 of GB/T 20438.
This part is developed in accordance with the rules given in GB/T 1.1-2009.
This part replaces GB/T 20438.7-2006 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures and the following main technical changes have been made with respect to GB/T 20438.7-2006:
——the overview of techniques and measures for design of ASICs is added (see Annex E);
——the definitions of properties of software lifecycle phases are added (see Annex F);
——the guidance for the development of safety-related object oriented software is added (see Annex G).
This part, by means of translation, is identical to IEC 61508-7: 2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures.
This part was proposed by China Machinery Industry Federation.
This part is under the jurisdiction of SAC/TC 124 National Technical Committee on Industrial Process Measurement and Control of Standardization Administration of China.
The previous edition of this part is as follow:
——GB/T 20438.7-2006.
Introduction
Systems comprised of electrical and/or electronic elements have been used for many years to perform safety functions in most application sectors. Computer-based systems (generically referred to as programmable electronic systems) are being used in all application sectors to perform non-safety functions and, increasingly, to perform safety functions. If computer system technology is to be effectively and safely exploited, it is essential that those responsible for making decisions have sufficient guidance on the safety aspects on which to make these decisions.
GB/T 20438 sets out a generic approach for all safety lifecycle activities for systems comprised of electrical and/or electronic and/or programmable electronic (E/E/PE) elements that are used to perform safety functions. This unified approach has been adopted in order that a rational and consistent technical policy be developed for all electrically-based safety-related systems. A major objective is to facilitate the development of product and application sector standards based on the GB/T 20438 series.
Note 1: Examples of product and application sector standards based on the GB/T 20438 series are given in the Bibliography (see references [1], [2] and [3]).
In most situations, safety is achieved by a number of systems which rely on many technologies (for example mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic). Any safety strategy must therefore consider not only all the elements within an individual system (for example sensors, controlling devices and actuators) but also all the safety-related systems making up the total combination of safety-related systems. Therefore, while GB/T 20438 is concerned with E/E/PE safety-related systems, it may also provide a framework within which safety-related systems based on other technologies may be considered.
It is recognized that there is a great variety of applications using E/E/PE safety-related systems in a variety of application sectors and covering a wide range of complexity, hazard and risk potentials. In any particular application, the required safety measures will be dependent on many factors specific to the application. GB/T 20438, by being generic, will enable such measures to be formulated in future product and application sector standards and in revisions of those that already exist.
GB/T 20438
——considers all relevant overall, E/E/PE system and software safety lifecycle phases (for example, from initial concept, thorough design, implementation, operation and maintenance to decommissioning) when E/E/PE systems are used to perform safety functions;
——has been conceived with a rapidly developing technology in mind; the framework is sufficiently robust and comprehensive to cater for future developments;
——enables product and application sector standards, dealing with E/E/PE safety-related systems, to be developed; the development of product and application sector standards, within the framework of GB/T 20438, should lead to a high level of consistency (for example, of underlying principles, terminology etc.) both within application sectors and across application sectors; this will have both safety and economic benefits;
——provides a method for the development of the safety requirements specification necessary to achieve the required functional safety for E/E/PE safety-related systems;
——adopts a risk-based approach by which the safety integrity requirements can be determined;
——introduces safety integrity levels for specifying the target level of safety integrity for the safety functions to be implemented by the E/E/PE safety-related systems;
Note 2: GB/T 20438 does not specify the safety integrity level requirements for any safety function, nor does it mandate how the safety integrity level is determined. Instead it provides a risk-based conceptual framework and example techniques.
——sets target failure measures for safety functions carried out by E/E/PE safety-related systems, which are linked to the safety integrity levels;
——sets a lower limit on the target failure measures for a safety function carried out by a single E/E/PE safety-related system. For E/E/PE safety-related systems operating in
——a low demand mode of operation, the lower limit is set at an average probability of a dangerous failure on demand of 10-5;
——a high demand or a continuous mode of operation, the lower limit is set at an average frequency of a dangerous failure of 10-9/h.
Note 3: A single E/E/PE safety-related system does not necessarily mean a single-channel architecture.
Note 4: It may be possible to achieve designs of safety-related systems with lower values for the target safety integrity for non-complex systems, but these limits are considered to represent what can be achieved for relatively complex systems (for example programmable electronic safety-related systems) at the present time.
——sets requirements for the avoidance and control of systematic faults, which are based on experience and judgment from practical experience gained in industry. Even though the probability of occurrence of systematic failures cannot in general be quantified GB/T 20438 does, however, allow a claim to be made, for a specified safety function, that the target failure measure associated with the safety function can be considered to be achieved if all the requirements in the standard have been met;
——introduces systematic capability which applies to an element with respect to its confidence that the systematic safety integrity meets the requirements of the specified safety integrity level;
——adopts a broad range of principles, techniques and measures to achieve functional safety for E/E/PE safety-related systems, but does not explicitly use the concept of fail safe. However, the concepts of “fail safe” and “inherently safe” principles may be applicable and adoption of such concepts is acceptable providing the requirements of the relevant clauses in the standard are met.
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures
1 Scope
1.1 This part of GB/T 20438 contains an overview of various safety techniques and measures relevant to GB/T 20438.2 and GB/T 20438.3.
The references should be considered as basic references to methods and tools or as examples, and may not represent the state of the art.
1.2 GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are basic safety publications, although this status does not apply in the context of low complexity E/E/PE safety-related systems (see 3.4.3 of GB/T 20438.4-2017). As basic safety publications, they are intended for use by technical committees in the preparation of standards in accordance with the principles contained in IEC Guide 104 and ISO/IEC Guide 51. GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are also intended for use as stand-alone standards. The horizontal safety function of GB/T 20438 does not apply to medical equipment in compliance with the IEC 60601 series.
1.3 One of the responsibilities of a technical committee is, wherever applicable, to make use of basic safety publications in the preparation of its publications. In this context, the requirements, test methods or test conditions of this basic safety publication will not apply unless specifically referred to or included in the publications prepared by those technical committees.
1.4 Figure 1 shows the overall framework of the GB/T 20438 series and indicates the role that this part plays in the achievement of functional safety for E/E/PE safety-related systems.
Figure 1 Overall framework of GB/T 20438
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20438.4-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations (IEC 61508-4: 2010, IDT)
3 Definitions and abbreviations
For the purposes of this document, the definitions and abbreviations given in GB/T 20438.4-2017 apply.
Annex A
(Informative)
Overview of techniques and measures for E/E/PE safety-related systems: control of random hardware failures (see GB/T 20438.2)
A.1 Electric
Global objective: To control failures in electromechanical components.
A.1.1 Failure detection by on-tine monitoring
Note: This technique/measure is referenced in Tables A.2, A.3, A.7 and A.13 to A.18 of GB/T 20438.2-2017.
Aim: To detect failures by monitoring the behaviour of the E/E/PE safety-related system in response to the normal (on-line) operation of the equipment under control (EUC).
Description: Under certain conditions, failures can be detected using information about (for example) the time behaviour of the EUC. For example, if a switch, which is part of the E/E/PE safety-related system, is normally actuated by the EUC, then if the switch does not change state at the expected time, a failure will have been detected. It is not usually possible to localise the failure.
A.1.2 Monitoring of relay contacts
Note: This technique/measure is referenced in Tables A.2 and A.14 of GB/T 20438.2-2017.
Aim: To detect failures (for example welding) of relay contacts.
Description: Forced contact (or positively guided contact) relays are designed so that their contacts are rigidly linked together. Assuming there are two sets of changeover contacts, a and b, if the normally open contact, a, welds, the normally closed contact, b, cannot close when the relay coil is next de-energised. Therefore, the monitoring of the closure of the normally closed contact b when the relay coil is de-energised may be used to prove that the normally open contact a has opened. Failure of normally closed contact b to close indicates a failure of contact a, so the monitoring circuit should ensure a safe shut-down, or ensure that shut-down is continued, for any machinery controlled by contact a.
References:
Zusammenstellung und Bewertung elektromechanischer Sicherheitsschaltungen für Ver-riegelungseinrichtungen. F. Kreutzkampf, W. Hertel, Sicherheitstechnisches Informations- und Arbeitsblatt 330212, BIA-Handbuch. 17. Lfg. X/91, Erich Schmidt Verlag, Bielefeld.
www.BGIA-HANDBUCHdigital.de/330212
A.1.3 Comparator
Note: This technique/measure is referenced in Tables A.2, A.3 and A.4 of GB/T 20438.2-2017.
Aim: To detect, as early as possible, (non-simultaneous) failures in an independent processing unit or in the comparator.
Description: The signals of independent processing units are compared cyclically or continuously by a hardware comparator. The comparator may itself be externally tested, or it may use self-monitoring technology. Detected differences in the behaviour of the processors lead to a failure message.
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Definitions and abbreviations
Annex A (Informative) Overview of techniques and measures for E/E/PE safety-related systems: control of random hardware failures (see GB/T 20438.2)
Annex B (Informative) Overview of techniques and measures for E/E/PE safety-related systems: Avoidance of systematic failures (see GB/T 20438.2 and GB/T 20438.3)
Annex C (Informative) Overview of techniques and measures for achieving software safety integrity (see GB/T 20438.3)
Annex D (Informative) A probabilistic approach to determining software safety integrity for pre-developed software
Annex E (Informative) Overview of techniques and measures for design of ASICs
Annex F (Informative) Definitions of properties of software lifecycle phases
Annex G (Informative) Guidance for the development of safety-related object oriented software
Bibliography
Index
Figure 1 Overall framework of GB/T 2
Table C.1 Recommendations for specific programming languages
Table D.1 Necessary history for confidence to safety integrity levels
Table D.2 Probabilities of failure for low demand mode of operation
Table D.3 Mean distances of two test points
Table D.4 Probabilities of failure for high demand or continuous mode of operation
Table D.5 Probability of testing all program properties
Table F.1 Software Safety Requirements Specification (see GB/T 20438.3-2017, 7.2 and Table C.1)
Table F.2 Software design and development: software architecture design (see GB/T 20438.3-2017, 7.4.3 and Table C.2)
Table F.3 Software design and development: support tools and programming language (see GB/T 20438.3-2017, 7.4.4 and Table C.3)
Table F.4 Software design and development: detailed design (see GB/T 20438.3-2017, 7.4.5, 7.4.6 and Table C.4)
Table F.5 Software design and development: software module testing and integration (see GB/T 20438.3-2017, 7.4.7, 7.4.8 and Table C.5)
Table F.6 Programmable electronics integration (hardware and software) (see GB/T 20438.3-2017, 7.5 and Table C.6)
Table F.7 Software aspects of system safety validation (see GB/T 20438.3-2017, 7.7 and Table C.7)
Table F.8 Software modification (see GB/T 20438.3-2017, 7.8 and Table C.8)
Table F.9 Software verification (see GB/T 20438.3-2017, 7.9 and Table C.9)
Table F.10 Functional safety assessment (see GB/T 20438.3-2017, Clause 8 and Table C.10)
Table G.1 Object Oriented Software Architecture
Table G.2 Object Oriented Detailed Design
Table G.3 Some Oriented Detailed terms
Codeofchina.com is in charge of this English translation. In case of any doubt about the English translation, the Chinese original shall be considered authoritative.
GB/T 20438 consists of seven parts under the general title of Functional safety of electrical/electronic/programmable electronic safety-related systems:
——Part 1: General requirements;
——Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems;
——Part 3: Software requirements;
——Part 4: Definitions and abbreviations;
——Part 5: Examples of methods for the determination of safety integrity levels;
——Part 6: Guidelines on the application of GB/T 20438.2 and GB/T 20438.3;
——Part 7: Overview of techniques and measures.
This is Part 7 of GB/T 20438.
This part is developed in accordance with the rules given in GB/T 1.1-2009.
This part replaces GB/T 20438.7-2006 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures and the following main technical changes have been made with respect to GB/T 20438.7-2006:
——the overview of techniques and measures for design of ASICs is added (see Annex E);
——the definitions of properties of software lifecycle phases are added (see Annex F);
——the guidance for the development of safety-related object oriented software is added (see Annex G).
This part, by means of translation, is identical to IEC 61508-7: 2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures.
This part was proposed by China Machinery Industry Federation.
This part is under the jurisdiction of SAC/TC 124 National Technical Committee on Industrial Process Measurement and Control of Standardization Administration of China.
The previous edition of this part is as follow:
——GB/T 20438.7-2006.
Introduction
Systems comprised of electrical and/or electronic elements have been used for many years to perform safety functions in most application sectors. Computer-based systems (generically referred to as programmable electronic systems) are being used in all application sectors to perform non-safety functions and, increasingly, to perform safety functions. If computer system technology is to be effectively and safely exploited, it is essential that those responsible for making decisions have sufficient guidance on the safety aspects on which to make these decisions.
GB/T 20438 sets out a generic approach for all safety lifecycle activities for systems comprised of electrical and/or electronic and/or programmable electronic (E/E/PE) elements that are used to perform safety functions. This unified approach has been adopted in order that a rational and consistent technical policy be developed for all electrically-based safety-related systems. A major objective is to facilitate the development of product and application sector standards based on the GB/T 20438 series.
Note 1: Examples of product and application sector standards based on the GB/T 20438 series are given in the Bibliography (see references [1], [2] and [3]).
In most situations, safety is achieved by a number of systems which rely on many technologies (for example mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic). Any safety strategy must therefore consider not only all the elements within an individual system (for example sensors, controlling devices and actuators) but also all the safety-related systems making up the total combination of safety-related systems. Therefore, while GB/T 20438 is concerned with E/E/PE safety-related systems, it may also provide a framework within which safety-related systems based on other technologies may be considered.
It is recognized that there is a great variety of applications using E/E/PE safety-related systems in a variety of application sectors and covering a wide range of complexity, hazard and risk potentials. In any particular application, the required safety measures will be dependent on many factors specific to the application. GB/T 20438, by being generic, will enable such measures to be formulated in future product and application sector standards and in revisions of those that already exist.
GB/T 20438
——considers all relevant overall, E/E/PE system and software safety lifecycle phases (for example, from initial concept, thorough design, implementation, operation and maintenance to decommissioning) when E/E/PE systems are used to perform safety functions;
——has been conceived with a rapidly developing technology in mind; the framework is sufficiently robust and comprehensive to cater for future developments;
——enables product and application sector standards, dealing with E/E/PE safety-related systems, to be developed; the development of product and application sector standards, within the framework of GB/T 20438, should lead to a high level of consistency (for example, of underlying principles, terminology etc.) both within application sectors and across application sectors; this will have both safety and economic benefits;
——provides a method for the development of the safety requirements specification necessary to achieve the required functional safety for E/E/PE safety-related systems;
——adopts a risk-based approach by which the safety integrity requirements can be determined;
——introduces safety integrity levels for specifying the target level of safety integrity for the safety functions to be implemented by the E/E/PE safety-related systems;
Note 2: GB/T 20438 does not specify the safety integrity level requirements for any safety function, nor does it mandate how the safety integrity level is determined. Instead it provides a risk-based conceptual framework and example techniques.
——sets target failure measures for safety functions carried out by E/E/PE safety-related systems, which are linked to the safety integrity levels;
——sets a lower limit on the target failure measures for a safety function carried out by a single E/E/PE safety-related system. For E/E/PE safety-related systems operating in
——a low demand mode of operation, the lower limit is set at an average probability of a dangerous failure on demand of 10-5;
——a high demand or a continuous mode of operation, the lower limit is set at an average frequency of a dangerous failure of 10-9/h.
Note 3: A single E/E/PE safety-related system does not necessarily mean a single-channel architecture.
Note 4: It may be possible to achieve designs of safety-related systems with lower values for the target safety integrity for non-complex systems, but these limits are considered to represent what can be achieved for relatively complex systems (for example programmable electronic safety-related systems) at the present time.
——sets requirements for the avoidance and control of systematic faults, which are based on experience and judgment from practical experience gained in industry. Even though the probability of occurrence of systematic failures cannot in general be quantified GB/T 20438 does, however, allow a claim to be made, for a specified safety function, that the target failure measure associated with the safety function can be considered to be achieved if all the requirements in the standard have been met;
——introduces systematic capability which applies to an element with respect to its confidence that the systematic safety integrity meets the requirements of the specified safety integrity level;
——adopts a broad range of principles, techniques and measures to achieve functional safety for E/E/PE safety-related systems, but does not explicitly use the concept of fail safe. However, the concepts of “fail safe” and “inherently safe” principles may be applicable and adoption of such concepts is acceptable providing the requirements of the relevant clauses in the standard are met.
Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 7: Overview of techniques and measures
1 Scope
1.1 This part of GB/T 20438 contains an overview of various safety techniques and measures relevant to GB/T 20438.2 and GB/T 20438.3.
The references should be considered as basic references to methods and tools or as examples, and may not represent the state of the art.
1.2 GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are basic safety publications, although this status does not apply in the context of low complexity E/E/PE safety-related systems (see 3.4.3 of GB/T 20438.4-2017). As basic safety publications, they are intended for use by technical committees in the preparation of standards in accordance with the principles contained in IEC Guide 104 and ISO/IEC Guide 51. GB/T 20438.1, GB/T 20438.2, GB/T 20438.3 and GB/T 20438.4 are also intended for use as stand-alone standards. The horizontal safety function of GB/T 20438 does not apply to medical equipment in compliance with the IEC 60601 series.
1.3 One of the responsibilities of a technical committee is, wherever applicable, to make use of basic safety publications in the preparation of its publications. In this context, the requirements, test methods or test conditions of this basic safety publication will not apply unless specifically referred to or included in the publications prepared by those technical committees.
1.4 Figure 1 shows the overall framework of the GB/T 20438 series and indicates the role that this part plays in the achievement of functional safety for E/E/PE safety-related systems.
Figure 1 Overall framework of GB/T 20438
2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20438.4-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 4: Definitions and abbreviations (IEC 61508-4: 2010, IDT)
3 Definitions and abbreviations
For the purposes of this document, the definitions and abbreviations given in GB/T 20438.4-2017 apply.
Annex A
(Informative)
Overview of techniques and measures for E/E/PE safety-related systems: control of random hardware failures (see GB/T 20438.2)
A.1 Electric
Global objective: To control failures in electromechanical components.
A.1.1 Failure detection by on-tine monitoring
Note: This technique/measure is referenced in Tables A.2, A.3, A.7 and A.13 to A.18 of GB/T 20438.2-2017.
Aim: To detect failures by monitoring the behaviour of the E/E/PE safety-related system in response to the normal (on-line) operation of the equipment under control (EUC).
Description: Under certain conditions, failures can be detected using information about (for example) the time behaviour of the EUC. For example, if a switch, which is part of the E/E/PE safety-related system, is normally actuated by the EUC, then if the switch does not change state at the expected time, a failure will have been detected. It is not usually possible to localise the failure.
A.1.2 Monitoring of relay contacts
Note: This technique/measure is referenced in Tables A.2 and A.14 of GB/T 20438.2-2017.
Aim: To detect failures (for example welding) of relay contacts.
Description: Forced contact (or positively guided contact) relays are designed so that their contacts are rigidly linked together. Assuming there are two sets of changeover contacts, a and b, if the normally open contact, a, welds, the normally closed contact, b, cannot close when the relay coil is next de-energised. Therefore, the monitoring of the closure of the normally closed contact b when the relay coil is de-energised may be used to prove that the normally open contact a has opened. Failure of normally closed contact b to close indicates a failure of contact a, so the monitoring circuit should ensure a safe shut-down, or ensure that shut-down is continued, for any machinery controlled by contact a.
References:
Zusammenstellung und Bewertung elektromechanischer Sicherheitsschaltungen für Ver-riegelungseinrichtungen. F. Kreutzkampf, W. Hertel, Sicherheitstechnisches Informations- und Arbeitsblatt 330212, BIA-Handbuch. 17. Lfg. X/91, Erich Schmidt Verlag, Bielefeld.
www.BGIA-HANDBUCHdigital.de/330212
A.1.3 Comparator
Note: This technique/measure is referenced in Tables A.2, A.3 and A.4 of GB/T 20438.2-2017.
Aim: To detect, as early as possible, (non-simultaneous) failures in an independent processing unit or in the comparator.
Description: The signals of independent processing units are compared cyclically or continuously by a hardware comparator. The comparator may itself be externally tested, or it may use self-monitoring technology. Detected differences in the behaviour of the processors lead to a failure message.
Contents of GB/T 20438.7-2017
Foreword i
Introduction iii
1 Scope
2 Normative references
3 Definitions and abbreviations
Annex A (Informative) Overview of techniques and measures for E/E/PE safety-related systems: control of random hardware failures (see GB/T 20438.2)
Annex B (Informative) Overview of techniques and measures for E/E/PE safety-related systems: Avoidance of systematic failures (see GB/T 20438.2 and GB/T 20438.3)
Annex C (Informative) Overview of techniques and measures for achieving software safety integrity (see GB/T 20438.3)
Annex D (Informative) A probabilistic approach to determining software safety integrity for pre-developed software
Annex E (Informative) Overview of techniques and measures for design of ASICs
Annex F (Informative) Definitions of properties of software lifecycle phases
Annex G (Informative) Guidance for the development of safety-related object oriented software
Bibliography
Index
Figure 1 Overall framework of GB/T 2
Table C.1 Recommendations for specific programming languages
Table D.1 Necessary history for confidence to safety integrity levels
Table D.2 Probabilities of failure for low demand mode of operation
Table D.3 Mean distances of two test points
Table D.4 Probabilities of failure for high demand or continuous mode of operation
Table D.5 Probability of testing all program properties
Table F.1 Software Safety Requirements Specification (see GB/T 20438.3-2017, 7.2 and Table C.1)
Table F.2 Software design and development: software architecture design (see GB/T 20438.3-2017, 7.4.3 and Table C.2)
Table F.3 Software design and development: support tools and programming language (see GB/T 20438.3-2017, 7.4.4 and Table C.3)
Table F.4 Software design and development: detailed design (see GB/T 20438.3-2017, 7.4.5, 7.4.6 and Table C.4)
Table F.5 Software design and development: software module testing and integration (see GB/T 20438.3-2017, 7.4.7, 7.4.8 and Table C.5)
Table F.6 Programmable electronics integration (hardware and software) (see GB/T 20438.3-2017, 7.5 and Table C.6)
Table F.7 Software aspects of system safety validation (see GB/T 20438.3-2017, 7.7 and Table C.7)
Table F.8 Software modification (see GB/T 20438.3-2017, 7.8 and Table C.8)
Table F.9 Software verification (see GB/T 20438.3-2017, 7.9 and Table C.9)
Table F.10 Functional safety assessment (see GB/T 20438.3-2017, Clause 8 and Table C.10)
Table G.1 Object Oriented Software Architecture
Table G.2 Object Oriented Detailed Design
Table G.3 Some Oriented Detailed terms
