Method of Testing and Predicting Failures of Electronic Mechanical Systems by Patterson-Hine, Frances A. & Iverson, David L.
United States Patent [191 
Iverson et al. 
Build and 
-c. Propagate 
I11111 11111111 111 11111 11111 11111 11111 11111 11111 11111 111 111111 111 11111 1111 
US005581 694A 
(0 ut p ut ’ -
Results 
[54] METHOD OF TESTING AND PREDICTING 
FAILURES OF ELECTRONIC MECHANICAL 
SYSTEMS 
[75] Inventors: 
[73] Assignee: 
[21] Appl. No. 
[22] Filed: 
David L. Iverson, Sunnyvale; Frances 
A. Patterson-Hine, Mountain View, 
both of Calif. 
The United States of America as 
represented by the Administrator of 
the National Aeronautics and Space 
Administration, Washington, D.C. 
332,198 
Oct. 17, 1994 
[51] Int. C1.6 ...................................................... G06F 11/34 
[52] U.S. C1. ......................................... 39Y183.02; 395/62 
[58] Field of Search ......................... 395A83.02, 183.13, 
395/183.15, 62, 63, 65 
[561 References Cited 
U.S. PATENT DOCUMENTS 
4,964,125 1011990 Kim ................................... 395/183.02 
A Pro pa gate 
Singletons J- 
[11] Patent Number: 5,581,694 
[45] Date of Patent: Dec. 3,1996 
4,967,337 10/1990 English et al. ..................... 395/183.02 
5,272,704 12/1993 Tong et al. ......................... 395A83.02 
5,297,150 3/1994 Clark .................................. 395/183.02 
5,127,005 6/1992 Oda et al. .......................... 395/183.02 
5,418,889 5/1995 Ito ............................................. 395/75 
Primary Examiner-Robert W. Beausoliel, Jr. 
Assistant Examiner-Trinh L. Tu 
[571 ABSTRACT 
A method employing a knowledge base of human expertise 
comprising a reliability model analysis implemented for 
diagnostic routines is disclosed. The reliability analysis 
comprises digraph models that determine target events cre- 
ated by hardware failures human actions, and other factors 
affecting the system operation. The reliability analysis con- 
tains a wealth of human expertise information that is used to 
build automatic diagnostic routines and which provides a 
knowledge base that can be used to solve other artificial 
intelligence problems. 
4 Claims, 5 Drawing Sheets 
https://ntrs.nasa.gov/search.jsp?R=19970004270 2020-06-18T00:13:05+00:00Z
U.S. Patent Dec. 3, 1996 Sheet 1 of 5 5,581,694 
10 
26 
f”” 830 
FIG- 1 
U.S. I Patent Dec. 3.1996 Sheet 2 of 5 
3-8 44 
56 
5,581 
6 
40 
FIG-2 
60 
? 694 
FIG-3 
U.S. Patent Dec. 3, 1996 Sheet 3 of 5 
Type: 
ID: 
80 
Mark: 0 
Singletons: 000000 1 1 
7 
node 
00000 1 00 
unit 
unit 
0 
Singletons: 000001 1 1  
Doubletons: A 1  
No n - Doub M o n s  
FIG-4A 
AND gate# 
AND gate 
00000000 
FIG-4B 
78 
f 9 4 4  Member-1 : unit 
84.< g63 Printed: 0 unit I Member-2: I I Propagated: 0 I 
5,581,694 
i” 
76 
FIG-4C 
U.S. Patent Dec. 3, 1996 Sheet 4 of 5 5,581,694 
112 116 /198 1
102 
104 106 108 
120 122 124 { 1 : 4 3  ( -' ( '
FIG-5 
112 116 
~ lp" ~ '8' 6; ~ 
Pro pa gate 
Singletons Results 
output Build and Propagate 
Doubletons 
0 
FIG-6 
146 
FIG-7 
U.S. Patent 
1 
0 
N 
C O  
;k 
Dec. 3, 1996 Sheet 5 of 5 5,581,694 
- I 
N 
5,58 1,694 
2 
Annual Reliability and Maintainability Symposium of the 
IEEE, New York-Las Vegas, Nev., USA, January, 1992, pp. 
354-362. 
Although the digraph models serve well their intended 
function in reliability analysis, as well as being used in 
diagnostic fault isolation techniques, digraph modeling 
applications are somewhat limited when the associated 
nodes (possible failures) in a sophisticated system being 
analyzed, reaches into the thousands, e.g., greater than 
1,000. For example, using the computing techniques 
described in the above two technical articles of Sachs and 
Iverson, when the system involves nodes of about 1100, 
about 3400, and about 7000, the processing time involved 
with computer workstations yielding a solution of the related 
digraph models respectively is about 12 minutes, 42 hours, 
and four days. It is desired that means be provided to allow 
digraph models to be used for reliability and diagnostic 
analysis of complex electronic systems, yet provide a solu- 
tion therefor within a relatively short operational time, such 
as seconds or minutes and not hours and days. 
Accordingly, it is a principal object of the present inven- 
tion to provide reliability and diagnostic analysis using 
digraph models and unique techniques and, more impor- 
tantly, to a method which substantially reduces the time 
required to derive a solution thereof. 
It is another object of the present invention to provide 
digraph techniques which incorporate human expertise so as 
to derive a knowledge base that can be used for various 
artificial intelligent applications to solve associated prob- 
lems. 
A further object of the present invention is to provide a 
knowledge base incorporating digraph models and tech- 
niques that may be used to provide solutions that may be 
graphically displayed to a user or provided by way of a 
printout. 
1 
METHOD OF TESTING AND PREDICTING 
FAILURES OF ELECTRONIC MECHANICAL 
SYSTEMS 
5 OlUGIN OF THE DISCLOSURE 
The invention described herein was made by an employee 
of the National Aeronautics and Space Administration and it 
may be manufactured and used by and for the United States 
Government for governmental purposes without the pay- 10 
ment of royalties thereon or therefor. 
BACKGROUND OF THE INVENTION 
A. Technical Field of Field of the Invention 15 
single failure render the system inopeiative. Reliabiky 
models take into account various parameters, such as the 
failure rate of the individual components and the interrela- 
tionship of the components making up the system. The 
reliability models are commonly implemented to be used in 
failure mode analysis of systems and one such usage 
described in U.S. Pat. No. 5,014,220, of C. M. McMann, 
herein incorporated by reference. 
Reliability analysis, such as failure mode effects analysis 
(FMEA), fault tree or digraphs analysis, are performed on 
many systems during their inception stage. Digraph analysis 
normally consists of digraph models which comprises AND/ 
OR directed graphs with nodes, connected by directed 
edges, representing hardware failures, human actions, 
modes of operation, and other factors affecting system 
operation. The reliability analysis contained in these digraph 
models, derived during the inception stage of the complex 
system, comprises a wealth of information that can be used 
to help build automatic diagnostic systems that service 
complex electronic systems. A significant amount of effort 
can be saved by using reliability analysis information inher- 
ent in the digraph models to build a diagnostic system since 
much of the knowledge or human expertise required for 
diagnosing a system failure has already been derived to 
develop the reliability-analysis models. 
Digraph models used in reliability analysis have many 
benefits, one of which is that the models can be derived from 
system schematics in a fairly straightforward manner by 
associating a digraph node with each component in the 
schematic, adding directed edges to represent physically 
connections between components, and augmenting the basic 
digraph model with knowledge about component failure 
modes and rates, and other system design considerations, 
such as fault tolerant features provided by redundant com- 
ponents or duplicate subsystems. A further discussion of 
digraph modeling may be found in the technical article 
entitled Digraph Matrix Analysis of Ivan J. Sacks, published 
in the IEEE Transactions on Reliability, Vol. R-34, No. 5,  pp. 
437-445, December, 1985. A still further discussion of 
digraph modeling is described in the technical article 
entitled Automatic Translation of Digraph to Fault-Tree 
Models of D. L. Iverson, published in the Proceedings of the 
The present invention relates to a method for testing and 
predicting failures of an electronic system, and more par- 
ticularly, to a method that provides a knowledge base based 
on human expertise and comprising digraph models all used 
for analyzing faults in complex systems. 20 
B. Description of the Prior Art 
Reliability models are commonly derived during the 
inception of an electronic system, especially if such an 
electronic system is comdex and suscemive to having a 25 
30 
35 
40 
45 
50 
55 
60 
65 
SUMMARY OF THE INVENTION 
The invention is directed to a method that provides 
reliability and diagnostic analysis for a complex system by 
incorporating a knowledge database derived from digraph 
modeling events. The propagation is determined by execut- 
able singletons and doubletons. Each of the nodes, AND 
gates, and doubletons is assigned an individual object sepa- 
rately located in memory. The failure signals are classified as 
being one of a singleton and doubleton and a singleton and 
doubleton failure signal is generated therefor. The singleton 
failure signals are identified with its respective node and 
such identification is delivered to the respective object in 
memory. The identification step of the singleton further 
includes the monitoring for the generation of a respective 
target event associated with the singleton failure signal. A 
further sequential identification step is performed to identify 
the doubleton failure generated signal with its respective 
object as well as with its own identified node and delivers 
both identifications to their respective objects, while also 
monitoring for the occurrence of any target event. 
BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 is a schematic view showing the interrelationship 
of a space station and its monitoring and diagnostic equip- 
ment containing the knowledge base of the present inven- 
tion. 
FIG. 2 is an illustration of a segment of a digraph model 
associated with the present invention. 
5,58 1,694 
3 4 
FIG. 3 illustrates further details of the segment of the 
digraph model of FIG. 2. 
FIG. 4 is composed of FIGS. 4(A), 4(B) and 4(C) respec- 
tively illustrating a digraph node object, a digraph AND gate 
of operation of the present invention. 
28 and to a printer 30 both by way of digital communication 
link 32. 
Sophisticated systems, such as a space station 12, almost 
always require reliability analysis be Performed at their 
of events that contribute to the occurrence of undesirable 
conditions, and the application of probability theory to 
falls within acceptable limits. In other words, reliability 
1o analysis provides a statistical basis for making decisions as 
to the relative safety or usefulness of a particular device or 
Reliability analysis is especially important in complex 
systems, such as the space station 12, having flight control 
FIG. 8 is a flow c h m  illustrating the step-by-step 15 systems, wherein a failure Of a particular component or 
have become more and more sophisticated, digital systems 
and redundancy management schemes, such as backup 
object and a doubleton object, all associated with the method 5 inception. Reliability analysis Can be defined as the analysis 
‘IG’ a series Of equivalent ‘Odes. determine that the likelihood of these undesirable conditions 
FIG. 6 illustrates the sequential Singleton and doubleton 
solutions operations involved with the present invention. 
FIG. 7 is an exemplary illustration showing some of the 
interrelationship between doubletons, singletons and system. 
digraph AND gate objects associated with the knowledge 
base comprising digraph models. 
sequence for calculating doubletons associated with the subsystem a Of a mission. As systems 
knowledge base of the present invention. 
equipment that provides for a certain degree of fault tolei- 
ance, have been implemented to satisfy the system require- 
ments. The digital systems and redundant equipment have 
2o 
DETAILED DESCRIPTION OF THE 
INVENTION 
Refemng now to the drawings, wherein the same refer- 
ence techniques that yields a relatively rapid solution of a 
problem associated with a failure of the complex system. 
predicting failures of an electronic system comprising a 
ing, analyzing, directing, classifying and two 
receives data samples indicative of the operating status of 30 problems has already been uncovered by the 
each of the plurality of units making up the system. ne 
method analyzes the data samples to determine the presence 
of any failures of any of the plurality of units and generates 
a corresponding failure signal therefor. f i e  failure signals 
are directed to a digital computer having a memory for 35 
advantageously Provided high Performance, but relatively 
complex Systems, requiring ComPrehesive reliability analY- 
SiS of each component that makes UP the system. This 
The present invention provides a method of testing and 25 reliability analysis has become tedious, and time consuming. 
However, these reliability analyses contain a wealth of 
diagnostic systems for servicing the complex systems, since 
plurality of units. The method comprises the steps of receiv- 
steps of identifying. The method of the present invention 
information that can be used to to automatic 
much Of the required for diagnosing system 
engineers that derive the reliability analysis at the inception 
Of the 
The reliability and diagnostic analyses performed for 
complex systems should take into account the architecture of 
the system itself. For example, a system may be sub-divided 
systems. 
storing a knowledge base having a data structure with into subsystems that correspond to a Power supply sub- 
objects separately stored in memo, and each object having 
a plurality of slots. The data structure has encapsulation, 
inheritance and polymorphism characteristics and comprises 
a digraph model that determines predetermined target 
events. The digraph model comprises nodes and AND gates 
that are interconnected by directed edges. Each of the nodes 
is assigned to a particular unit and corresponds to a failure 
of that assigned unit, and each of the AND gates is related 
to redundant units or dual-failure paths of the system and has 
a plurality of inputs each assigned to a particular node 
designated for the particular failure thereof. The nodes and 
AND gates are connected by the directed edges so that 
propagation therebetween and exit therefrom determines the 
target numbers indicate the same elements, there is shown in 
FIG. 1 a system 10 associated with the monitoring and 
analyzing of a complex system 12, such as that that may be 
found in a space station 12 or any other sophisticated 
electrical equipment, wherein fault analyzing and fault 
localizing operations are desired. Communication between 
the space station 12 and a ground station 14 is commonly 
established by communication link 16, typically transmitting 
telemetry information. The ground station 14 communi- 
cates, by means of a digital link 18, with a digital computer 
20. Computer 20 may be of any suitable type, such as a SUN 
SPARC workstation from Sun Microsystems, Inc., of Moun- 
tain View, calif. Computer 20 is interconnected to a memory 
22 by way of a digital link 24. The memory 22 stores a data 
base 26, commonly referred to in artificial intelligent appli- 
cations related to the present invention as being a “knowl- 
edge base” which is derived from human expertise. The 
computer 20 is also interconnected to both a graphic display 
system, a telernetrykommand subsy slem, an attitude orbit 
control system, a propulsion subsystem or a heat control 
subsystem. Further, each subsystem may be sub-divided into 
40 devices that make up the subsystem, for example, primary 
and backup pumps for a cooling system. Further, the devices 
themselves may be further sub-divided into parts, such as 
sensors for sensing the operating conditions of the primary 
and backup pumps, a resistor, or a capacitor used in an 
45 integrated circuit. Still further, in addition to hardware 
failures, human actions and modes of operation, as well as 
other factors of system operation, should be taken into 
account for the reliability and diagnostic analyses of a 
complex system. As used herein, the system on which the 
50 reliability and diagnostic analyses arc being rendered, is 
considered to comprise a plurality of units, with each unit 
representing a hardware failure or other actions, including 
those of humans, that may disadvantageously contribute to 
the operation or readiness of a complex system. 
As discussed in the “Background” section, digraph mod- 
els may advantageously be used to implement reliability and 
diagnostic analyses. The digraph technique employs AND- 
OR directed graphs with nodes, connected by directed 
edges, representing hardware failures each associated with a 
60 particular unit of the system, human actions, modes of 
operation and other factors aEecting system operation. The 
redundancies of units within the system is represented by 
digraph AND gates. The digraph directed edges represent 
connectivity, such as physical connections between node or 
65 AND gates or functional dependency. The digraph directed 
edges also provide paths wherein a failure represented by a 
given node could propagate through the directed edges and 
55 
5 3 8  1,694 
5 6 
cause other failures represented by nodes in the propagation 
path. Propagation through the nodes is unrestricted and not 
dependent on transient conditions. 
calculation of single failures or pairs of failures that could 
TABLE 1-continued 
REFERENCE TYPE OF APPLICABLE FAILURE 
A common operation performed on digraph models is a NO. ELEMENT EVENT 
42 Node Cooling Umt 
44 AND Gate - 
example, a calculation or solution may be performed and 46 Directed Edge - 
48 Directed Edge - 
50 Directed Edge - 
52 Directed Edge - 
unit). A target event may be any representation of the 54 Directed Edge - 
digraph model that signifies the occurrence of the particular 56 DirectedEdge - 
cause a given target event of the digraph model to occur. For 
uncover that a single failure (e.g., loss of coolant) could 
cause a predetermined target event (e.g., loss of the coolant 1o 
conditions, such as the failure of a particular unit that may 
render the complete system inoperative. If a given failure 
causes a target failure event, that failure is identified a 
singleton of that target event. If two failures combine, via a 
digraph AND gate, to cause a target event, those two failures 
Each digraph node, such as nodes 34,36,38,40 and 42, 
represent a failure in the system 12 of FIG. 1, whereas the 
directed edges, such as 46,48,50,52,54 and 56, show how 
are identified a doubleton of that target event. Finding the Occurrence Of the can flow through the system 
singletons and doubletons for a digraph model is useful for and other failures. Each digraph node is assigned to a 
finding or solving for weak links in the system (such as a 2o Particular unit of the complex system 12 and7 as is to be 
single point failure) and for calculating quantitative values described, the failure of that unit creates a failure node. As 
for system reliability. is to be further discussed, if a node is marked as failed, the 
The present invention uses the singleton and doubleton failure will propagate through all directed edges leading out 
solutions to provide for system diagnostics since these of that node and mark the nodes connected thereto as failed. 
solutions represent possible causes for the failure or target 25 Redundancy involved in the digraph modeling of the present 
events of the digraph models. The present invention not Only invention is taken care of by the use of the digraph AND 
solves for singletons and doubletons of all nodes derived gates. M~~~ particularly, redundant units are represented by 
tion paths) must fail in order for the AND gate to fail (be techniques related to digraph modeling discussed in the “Background” section, provides for a relatively rapid 30 
response time. The present invention improves the response qualified) and provide an Output therefrom. An AND gate 
time by utilizing a bowledge base 26 derived ensures that a failure must occur in every input of the AND 
from the human expertise, more than likely developed by gate in order to qualify the gate SO as to Propagate the failure 
deriving reliability analysis at the inception of the complex through the output directed edge connected to that failed 
system, such as the space station 12. The knowledge base 26 35 AND gate. The techniques of the present invention treats all 
has a data structure with objects having a plurality of slots digraph AND gates as having two inputs. If desired, digraph 
and which objects are Separately stored in the memory. The AND gates with more than two inputs can be constructed 
data structure has encapsulation, inheritance and polymor- with combinations of input AND gates. The digraph 
phorism characteristics related to object-oriented program nodes can be in one of two states, true or false. If the node 
techniques that can be implemented by C programming 40 . is true, or marked, it means that the failure represented by language. More particularly, encapsulation is a characteristic 
the data and processing being performed for an object to be system 12 has occurred. If the node is false, or not marked, 
modified without causing any disruption to other operations then the failure has not OCcurred. 
being performed elsewhere in a computer, such as computer 45 
‘Om the digraph but, ”like the prior art and two-input AND gales so that both inputs (units or propaga- 
that makes the data and processing private in that it allows that ‘Ode to a Particular unit Of the 
The digraph configuration of FIG. 2 is for illustration 
20 Of  FIG. 1. Inheritance is a characteristic that manifests the 
ability of one object (sometimes called a lower object) to 
inherit Properties from a higher object. PolYmoThoriSm is 
the characteristic that manifests the ability of a generated 
the object that the request is sent to. 
purposes and related to a cooling system, wherein each node 
(34,36,38,40 and 42) represents a possible failure of a unit 
of the complex system 12 and the directed edges (46,48,50, 
52, 54 and 56) correspond to the flow of the coolant failure 
the coolant failure represents the connectivity (physical 
The digraph modeling of the Present invention that Uti- connection) between units and the dependency between 
acteristics are graphical combinational failure models com- representative of a coolant reservoir failure, or node 36 
prising nodes and AND gates connected by directed edges 55 representative of coolant pipes failures, could propagate and 
cause both the primary and backup pumps (Eodes 38 and 40) and may be further described with reference to FIG. 2 and with reference to Table 1 listing the nodes, AND gates and to fail in their function of delivering a coolant to the coolant directed edges shown in FIG. 2. 
unit (node 42). The bar 44 in the digraph of FIG. 2, as well 
as all digraphs related to the present invention, is indicative 
of an AND gate, such as AND gate 44, which indicates, in 
FIG. 2, that both the primary (node 38) and backup (node 
40) pumps must fail to operate before the coolant unit (node 
34 Node Coolant Reservoir 42) fails due to lack of coolant. Further details of desired 
36 Node Coolant Pipes 65 nodes may be further described with reference to FIG. 3 38 Node Primary pump 
40 Node Backup Pump which is similar to FIG. 2 except for the additional nodes and 
directed edges shown in FIG. 3 and given in Table 2. 
request (message) to produce different based 50 (node 34-coolant reservoir) through the system. The flow of 
lizes encapsulation, inheritance, and polymoThorism char- units. It should be noted that a failure, such as node 34, 
TABLE 1 6o 
APPLICABLE FAILURE REFERENCE TYPEOF 
NO. ELEMENT EVENT 
5,581,694 
7 8 
and output slots of the objects of FIG. 4(A) and 4(B) contain 
lists of pointers (sometimes referred to as “linked lists’:) to 
digraph objects representing nodes and AND gates that are 
NO. TYPE OF ELEMENT ELEMENT directly connected to the particular node. The singletons slot 
of FIGS. 4(A) and 4(B) contains a rcpresentation of the node 
58 Node ID’S of the singletons of the node. The doubleton slot of 
FIGS. 4(A) and 4(B) contains a list of pointers to doubleton 60 Node Low Primary Pump 
62 Node Low Backup Pump objects, such as illustrated in FIG. 4(C). The doubleton 
objects of FIG. 4(C) contain slots pointing to each doubleton 
64 Node High Coolant Unit 10 members indicated by reference numbers 94 and 96 and 
associated with a respective node object and flags (printed 66 Dxected Edge - 
6X Directed Edge - and propagated) to indicate if the doubleton has been printed 
70 Directed Edge - or processed. More particularly, as seen in FIG. 4(C), the 
doubleton objects have member 1 and member 2 slots which 12 Directed Edge - 
15 make up the doubleton and which specify the node (UNIT) 
Of the associated members. 
Calculating Singletons 
TABLE 2 
REFERENCE TYPICAL FAILURE 
5 
Low ReServOu Level 
output Pressure 
Output Pressure 
Ouput Temperature 
The primary diKerence between FIG. 2 and FIG. 3 is the 
addition to FIG. 3 of sensor nodes 58,60,62 and 64 each of 
which represent a failure and for the embodiment of FIG. 3 
represent a respective failure for the cooling equipment for 
the complex system 12 of FIG. 1. In other embodiments, the 
failure nodes of both FIGS. 2 and 3 may represent the failure 
signatures of other units of the complex system 12 that may 
be correlated to telemetry quantities transmitted by the 
complex system 12 by way of the communication link 16 
shown in FIG. 1. 
The method of the present invention may be implemented 
by the use of object-oriented programming techniques hav- 
ing classes, commonly referred to as objects. The digraph 
modeling of the present invention may be implemented 
using these objects thereof which are self-contained modules 
of data and associated processing. Furthermore, the method 
of the present invention implements the advantageous 
encapsulation, inheritance and polymorphism characteristics 
so as to provide a solution pin pointing a failure of a unit 
within the complex system in minutes or seconds not days 
or hours. The method of the present invention uses objects 
as the storage medium of failure set solutions and partial 
solutions which objects may be further described with 
reference to FIG. 4 which comprises FIGS. 4(A), 4(B) and 
4(C), respectively indicating a digraph node object, a 
digraph AND gate object, and a digraph doubleton object 
whose memory contents are respectively and generally 
indicated as 74, 76 and 78. 
Each of the digraph node, AND gate and doubleton 
objects of FIG. 4 are separately stored in memory, in 
particular, separately stored in the knowledge base 26 which, 
in turn, is stored and accessible in the memory 22 of the 
computer 20 shown in FIG. 1. Further, each of the objects of 
FIG. 4 has a plurality of slots (80, 82 and 84 of FIGS. 4(A), 
4(B) and 4(C) respectively) for storing status information, 
e.g., connectivity and solution information. For example, the 
objects of FIGS. 4(A) and 4(B) have at least 8 slots such as 
name type identification (ID), inputs (86 of FIG. 4(A) and 88 
of FIG. 4(B)), outputs (90 of FIG. 4(A) and 92 of FIG. 4(B)), 
mark, singletons and doubletons, and the digraph node 
object of FIG. 4(A) further has a slot of equivs. Connectivity 
information of the slots of FIG. 4(A) and 4(B) primarily 
comprise the input and output slots thereof generally clas- 
sified therein as UNIT associated with the failure equipment 
or incorrect operation of such. For example, and with 
reference to FIG. 2, the digraph AND gate object of FIG. 
4@) may have a name of AND gate No. 1 and to which are 
connected, to its two inputs, the failure occurrences of the 
unit’s primary pump (node 38) and backup pump (node 40) 
and from which its output slot is connected, via its directed 
edge, to the node cooling unit (node 42). 
The mark slot of FIGS. 4(A) and 4(B) is used to indicate 
if a failure has propagated to the particular node. The input 
The present invention calculates or solves for singletons 
and doubletons by using a herein termed “source operation.” 
2o In general, in a source operation, a digraph node is marked 
as failed and that mark is propagated through the digraph’s 
directed edges (output slots) to determine which other nodes 
will fail. When a digraph node is marked, the mark will 
propagate to all the outputs (output slots) of the failed 
25 digraph node object. If the mark reaches an AND gate, in 
particular a digraph AND gate object, all the input nodes of 
the AND gate must be marked (failed) in order for the mark 
to propagate to the outputs (output slots) of the digraph AND 
gate object. This is the same as the operation of an ordinary 
30 logic AND gate that delivers an output signal only when all 
of several input signals occur simultaneously. 
The method of the present invention uses the mark slot in 
each digraph object (node, AND gate and doubleton) to 
35 perform the source operation. If a digraph node object is 
marked or if a digraph AND gate object is marked, the mark 
slot in the respective object is set to true (l), otherwise the 
mark slot is set to false (0). When a digraph node object or 
digraph AND gate object is set to true, the mark propagates 
4o through all the respective outputs by way of the associated 
directed edges to adjacent nodes. If the mark reaches a node 
that is already marked, the mark does not propagate any 
further. This prevents the method of the present invention 
from entering an infinite loop. 
A straightforward technique for calculating singletons is 
to perform a source operation for each node in the digraph 
model and add the sourced node as a singleton slot (see 
FIGS. 4(A) and 4(B)) of every digraph node object, includ- 
ing the digraph AND gate object, that the mark reaches. All 
50 marked nodes are reset to false (0) after each source opera- 
tion so that stray marks do not corrupt the next singleton 
operation. 
Doubleton Candidates and Equivalent Nodes 
The knowledge base 26 of the present invention compris- 
55 ing the digraph model constructed by human expertise may 
contain a series of connected nodes that all, or substantially 
all, reach one output such as that illustrated in FIG. 5 as an 
arrangement 98 having the nodes, AND gates and directed 
edges all given in Table 3. 
45 
60 
TABLE 3 
REFERENCE NO. ELEMENT 
65 
100 
102 
104 
106 
Node 
Node 
Node 
Node 
5,58 1,694 
9 10 
that they reach. With this scheme of only propagating 
doubleton candidates, each of the singletons that reach a 
node represents the singleton node itself and all of its 
equivalents. 
TABLE 3-continued 
REFERENCE NO. ELEMENT 
108 Node 5 Digraph Doubletons 
110 AND Gate 
Directed Edge 112 
114 Directed Edge 
116 Directed Edge 
118 Directed Edge 
120 Directed Edge 
A doubleton for a node used in digraph models, such as 
the present invention illustrated in FIG. 4(C) for digraph 
doubleton object representation, is a pair of nodes with the 
property that if both nodes are sourced (i.e., both failure 
10 represented by the respective nodes occurred concurrently), 
then the mark (or failure) will propagate to the target node 
interchangeably referred to herein as target event. For 
122 Directed Edge 
124 Directed Edge 
The series of nodes that has input and output directed 
edges arranged as illustrated in FIG. 5 can terminate at a 
node (100) with no outputs, a node (102) with more than one l5 
output, or a node (108) that is an input to an AND gate (110). 
When sourced, that is, when a source operation is per- 
formed, each node in the series (except for node 100 having 
no output and node 102, in particular, the output thereof 
indicated by directed edge 116) will reach the same digraph 20 
nodes outside of the series as the other nodes in the series. 
For digraph evaluation purposes, related to the method of the 
present invention, it is assumed, and without any high risk 
therefor, that all of the nodes (except for those already 
specified) in the series and the terminating nodes are equiva- 25 
lent and reach the same nodes when sourced. This assump- 
tion allows for the saving of processing time (in addition to 
the saving provided by the encapsulation, inheritance and 
polymorphorism characteristics) by performing a sourcing 
operation only on the terminating node of each series, 30 
instead of each node in the series, when calculating single- 
tons and doubletons. If the terminating node becomes a 
singleton or part of the doubleton of another node, then all 
the other nodes in the series are a singleton or part of a 
doubleton of that node. For example, if node 108 of FIG. 5 35 
becomes a singleton or part of a doubleton (such as shown 
in FIG. 5 as having its directed edge 124 as an input to the 
digraph AND gate object l l O ) ,  then all the equivalent nodes, 
such as 104 and 106, are classified as a singleton or part of 
a doubleton respectively. The present invention uses the 40 
equivalent node principles extensively since, in the practice 
of the present invention, a great share of its processing time 
is associated with nodes that have more than one output or 
that have an AND gate as an output, that is, its directed edge 
propagates to a digraph AND gate object. These series of 45 
equivalent nodes, such as that illustrated in FIG. 5, are 
usually terminated by this type, that is, an AND gate that 
receives the directed edge of the failed node or a node with 
multiple outputs (such as node 102). These nodes, that is, 
one that has an AND gate as an output, are herein termed 50 
“doubleton candidates” since they are the only nodes that are 
processed during doubleton calculations to be described. 
Further Considerations for Solving Singletons 
When the method of the present invention solves for 
singletons, the method does not propagate every node 55 
through the entire digraph model. Rather, only doubleton 
candidates are propagated exhaustively through every con- 
nected node in the digraph model. Nodes that are not 
doubleton candidates (single outputs in an equivalent series 
such as nodes 104 and 106 illustrated in FIG. 5) only 60 
propagate to the terminating node (e.g., 108 of FIG. 5) of the 
series. This terminating node (e.g., 108 of FIG. 5) is either 
a doubleton candidate (e.g., as seen in FIG. 5 node 108 has 
its output applied to an AND gate 110), or a node with no 
outputs. As the non-doubleton candidate nodes (e.g., nodes 65 
104 and 106 of FIG. 5) propagate, they are added to a list in 
the equiv slot (see FIG. 4(A)) in each digraph node object 
example, with reference back to FIG. 2, when failures as 
represented by nodes 38 and 40 (primary pump and backup 
pump, respectively) occur, then the represented failure will 
propagate to the target node 42 (cooling unit). The set of 
doubletons (e.g., nodes 38 and 40) for the target node (42) 
will consist of all pairs of nodes that when sourced would 
include at least one singleton (e.g., coolant reservoir node 34 
of FIG. 2), of a target node (e.g., node 42 of FIG. 2) and all 
pairs of that node, when sourced, would mark a digraph 
AND gate object (e.g., AND gate 44 of FIG. 2) that is 
directly upstream of the target node (42). A node, for 
example node A, is considered to be “upstream” of a node, 
for example node B, if you can trace a path from node B to 
node A through the digraph edges in the opposite direction 
of the directed edge arrows. Similarly, node B is downstream 
of node A if you can trace a path from node A to node B 
following the directed edges in the direction of the arrows. 
A digraph AND gate object used in the present invention is 
considered to be “directly upstream” of a node if you can 
trace a path from the digraph AND gate object to the node, 
in the direction of the directed edge arrows, without passing 
through another digraph AND gate object. The present 
invention only solves for doubletons that mark a digraph 
AND gate object directly upstream of the target node. Some 
of the doubletons may include singletons of the target node 
as doubleton members (see FIG. 4(C) member slots 94 and 
96). 
Since the digraph techniques of the method of the present 
invention define doubletons for a node as the doubletons that 
would mark a digraph AND gate object directly upstream of 
the node, it is only necessary to solve for these defined 
doubletons of the digraph AND gate objects in the digraph 
model. To find the doubletons for a given node, (see FIG. 
4(A)) one finds the doubletons for all the digraph AND gate 
objects directly upstream of that given node. To locate the 
AND gates directly upstream of that given node, or any 
node, the digraph techniques of the present invention per- 
form a limited source operation on each digraph AND gate 
object included in the digraph model. In this limited source 
operation, the generated mark is only allowed to travel, 
sometimes referred to herein as propagate, to nodes and not 
through digraph AND gate objects. After the digraph AND 
gate object has been determined, by the use of the limited 
source operation, the digraph AND gate object is added to 
the upstream-ands list in each node that the mark reached, 
as to be further described hereinafter with reference to FIG. 
8. The upstream-ands is stored in a slot in each digraph 
node object, in particular in a node set out for a predeter- 
mined target event. Also, each node that the digraph AND 
gate object’s mark reached which has a digraph AND gate 
object as an output, is stored in the downstream-andins slot 
of the limited source digraph AND gate object. For such 
processing, the method of the present invention advanta- 
geously skips over nodes between these specified digraph 
AND gate objects when solving for doubletons. 
5,581,694 
11 12 
Calculating Digraph Doubletons 
FIG. 6 illustrates a program flow 126 of the method of the 
present invention that shows the singleton calculations, in 
particular process segment 128 of propagating singletons, as 
being performed before the calculations of the doubletons, 5 170 Directed Edge 
172 Duected Edge 
in particular process segment 130 of building and propagat- 174 Directed Edge 
ing doubletons, and then shows the results (output results 176 Directed Edge 
segment 132) of the sequential (singletons and then double- 180 Directed Edge 
182 Duected Edge 
184 Duected Edge tons) calculations being performed. For each digraph node 
object that is an input to a digraph AND gate object, the 186 Directed Edge 
method of the present invention stores a list of the node's 188 Directed Edge 
singletons in the digraph AND gate object (see FIG. 4(B)) 
associated with the digraph node object. These singletons For the sake of clarity, the description of FIG. 7 will refer 
are used to build doubletons that are propagated through the 15 to the reference letter designation of the nodes and omit the 
digraph model. As previously discussed, only doubleton Proper node designation which is actually digraph node 
candidate nodes are propagated through the entire digraph objects. Further, the description of FIG. 7 will refer to the 
model so the digraph AND gate object singleton list (see number designation (e.g., AND 1) of the AND gates and also 
FIG. 4(B)) will only contain doubleton candidate nodes. TO omit the designation that the AND gates are actually digraph 
(see FIG. 4(B)), the method of the present invention finds the AND gate (AND are formed from the cross product Of the doubleton candidates that are singletons of nodes B (B, F, H) 
and C (C, F, H). More particularly, the cross product of the cross product, sometimes referred to as the cross multipli- cation (to be further described), of the singletons of each doubleton candidates B, F, and c, F, are singletons of 
formed is represented by an Object, as shown in 25 doubleton candidates result in the doubletons (B, C), (B, F), 
TABLE 4-continued 
REFERENCE NO ELEMENT 
10 
construct doubletons for a given digraph AND gate object AND gate Objects. As Seen in 7, regu1ar doubletons for 
input of the digraph AND gate Object (see FIG. 4(B)). 
FIG. 4(c). Each doubleton object (see FIG. 4(c)) is unique, 
so that no two doubleton Objects have the Same Inember 
nodes B and C respectively, These formed cross product 
(B, H) (H, C) (H, F) and (F, C). The doubletons built from 
equivalent (equiv) nodes ofthe regular doubletons are (DC), 
(DF), (DH), (EC), (EF), and (EH) since nodes D and E are 
in the equivalent series terminating with node B. The nodes 
doubleton o f ~ N ~  1 since it propagates from  AN^ 3 and 
reaches both nodes B and C. The nodes G and H, in 
particular, the cross product (GH) also forms a hidden 
slots (see 94 and 96 of FIG. 4(C)). If a doubleton calculation 
related to a digraph AND gate object produces a doubleton 
already created doubleton object will be assigned to the 
digraph AND gate object. 
Before calculating doubletons, the method of the present 
whose object (see FIG. 4(B)) has already been created, the 30 1 and J, in particular, the cross product (IJ) forms a hidden 
invention sorts the digraph AND gate Objects so that each 
digraph AND gate Object upstream 
digraph AND gate object downstream Of it. This Priority 
doubleton ofAND 1 since it propagates from AND 2 to node 
be processed before 35 B, and enabling singleton H reaches node C. Doubletons 
containing nodes which are singletons of both AND gate 
assignment allows the method of the present invention to 
propagate the doubletons that reach a AND gate 
produced from the digraph AND gate objects input nodes, 4o a different rate than the singleton only. 
tions. This priority assignment contributes to increasing the invention foms doubletons from digraph node objects 
speed of response of the method of the present invention to are singletons, as discussed with reference to FIG. 7, and 
provide solutions. A digraph model that illustrates interac- propagates those doubletons, along with other doubletons 
tion and creation between regular doubletons, doubleton 45 that have arrived from upstream, to other downstream 
candidates, and doubletons built from equivalent (equiv) digraph mD gate objects via a list of downskeam-andins 
nodes is illustrated in FIG. 7, comprising a plurality of to be further described with reference to FIG. 8, The 
but it only involves digraph AND gate objects and their 
50 inputs specified in their respective slot. If a mark reaches one 
input of a digraph AND gate object but not the other input 
to the same digraph AND gate object, the AND gate object 
is added to a list of failed ANDS and the doubletons that 134 Node (A) 136 Node (B) 
138 Node (C) reach the one input is stored in the object representing the 
140 Node @) 55 input node. This doubleton stored in an object is a partial 
142 Node (E) solution and represents one of the benefits of the present 
Node (F) invention using a method having encapsulation, inheritance 144 146 Node (G) 
148 Node (H) and polymorphism characteristic in that this partial solution 
150 Node (I) now stored in the object is to be re-accessed from the object 
152 Node (J) 60 to derive the full solution and such re-access is accom- 
plished without any disturbance to the other portions of the 154 AND Gate (AND 1) 156 AND Gate (AND 2) 
158 AND Gate (AND 3) solutions being determined by the method of the present 
160 Dlrected Edge invention or without any disturbance to the other (non- 
162 Ihrected Edge diagnostic) program residing and running in the computer 
168 Duected Edge After the propagation from a digraph AND gate object is 
complete, the method of the present invention checks each 
inputs (e.g., and are included for use with digraph 
models containing failure propagation times. In some cases, 
Object from nodes together with the doubletons a doubleton failure may reach the output of the AND gate at 
rather than propagating those groups in different Opera- In general, for each digraph AND gate object, the present 
nodes, AND gates, and directed edges in 4. propagation is similar to the Source operation for singletons, 
TABLE 4 
REFERENCE NO ELEMENT 
65 20. 164 Duected Edge 166 Directed Edge 
5,581,694 
13 
of the failed digraph AND gate objects to see if any of the 
doubletons that reached one input of the digraph AND gate 
object can propagate through the digraph AND gate object. 
This will occur if that doubleton reached the other input of 
the same digraph AND gate object through another path, or 
if a node that is a member of a digraph doubleton object (see 
FIG. 4(C)) is a singleton of the other input to the digraph 
AND gate object. These doubletons are called hidden 
doubletons (discussed with reference to FIG. 7) since they 
are not formed by the cross product of the singletons 
(discussed with reference to FIG. 7) of a failed (qualified) 
digraph AND gate object’s inputs. 
Representing doubletons as objects, each, as previously 
mentioned, stored in a memory location of the knowledge 
base 26 in the memory 22 of computer 20 all shown in FIG. 
1, facilitates the comparison of the doubletons that reach 
inputs to a digraph AND gate object since the method of the 
present invention only needs to check if the doubleton object 
under consideration reached the other input of the same 
digraph AND gate object. Without the benefits of the present 
invention, in particular, if the doubletons were not repre- 
sented as unique objects, an operational program (other than 
the present invention) would need to compare pairs of nodes 
from each doubleton listed in the input slot of the digraph 
node object to see if the doubleton members (see HG. 4(C)) 
are the same as those in the doubleton being considered. 
Again, the principles of the present invention increase the 
speed of response of supplying solutions to problems. 
A second way for a hidden doubleton to pass through an 
original digraph AND gate object, is if an enabling singleton 
reached the opposite input of the same digraph AND gate 
object. An enabling singleton is created from a node that is 
a member (see 94 or 96 slot of FIG. 4(C)) of the doubleton 
in question and, when a source operation is performed, it 
would allow the doubleton to pass through the digraph AND 
gate object by marking the other input of the same digraph 
AND gate object. To check for enabling singletons that 
reached the other input of the same digraph AND gate 
object, the method of the present invention marks another 
slot (called mark 2, not shown in FIGS. 4(A) nor 4(B)) in the 
digraph objects of each singleton of that other input of the 
same digraph AND gate object. The method of the present 
invention propagates those doubletons that reached the 
original input of the same digraph AND gate object which 
has one of their singleton’s slots marked. 
Once the method of the present invention determines 
which doubletons to propagate for a failed digraph AND 
gate object, that is, a digraph AND gate object not haviiig 
both of its inputs marked, the doubleton propagation process 
is repeated for those doubletons. Doubletons that have 
already passed through the failed AND gate object are not 
propagated. This non-propagation prevents repeated double- 
tons and infinite loops. If a failed digraph AND gate object 
has not propagated its non-hidden doubletons yet, the new 
hidden doubletons are stored in a pending doubleton slot in 
the digraph AND gate object and are propagated with the 
digraph AND gate object’s non-hidden doubletons. The 
step-by-step processing for calculating digraph doubletons 
may be further described with reference to FIG. 8, illustrat- 
ing a plurality of programming segments, generally indi- 
cated by the reference number 190, and of the types speci- 
fied in Table 5. 
14 
TABLE 5 
REFERENCE NO. PROGRAM SEGMENT TYPE 
5 192 Input event 
194 Decisional 
196 Terminal 
198 Process 
200 Process 
202 Process 
10 204 Process 
206 Process 
208 Process 
210 Process 
212 Decisional 
214 Process 
216 Feedback 
218 
220 Process 
Decisional 15 
Calculating or solving for the digraph doubletons starts 
with event 192 that leads into the segment 194 which 
2o determines if any unprocessed AND gate objects are remain- 
ing. It should be noted, and as already discussed with 
reference to FIG. 6, that the start event 192 does not occur 
until the solutions for the singletons have been completed. If 
there are no unprocessed digraph AND gate objects, the 
25 calculations for the digraph doubleton is finished (196), but 
if the answer of decision block 194 is yes, the program 
sequences to segment 198. The segment 198 selects an 
unprocessed digraph AND gate object and builds the double- 
tons from the input singleton slots of the selected digraph 
3o AND gate object, in a manner as previously discussed. The 
segment 198 outputs its information to segment 200 which, 
in turn, propagates the mark from the digraph AND gate 
object through the digraph AND gate objects located down- 
stream therefrom, sets (process 202) the digraph AND gate’s 
object processed flag, and turns control over to segment 204. 
Segment 204 adds the doubletons of the digraph AND 
gate objects, and pending doubletons, to all marked digraph 
AND gate objects and allows the method of the present 
invention to sequence to segment 206. Segment 206 deter- 
mines all of the digraph AND gate objects with one input 
40 that is marked and, then, adds all these digraph AND gate 
objects to the failed ANDS list (all of the digraph AND gate 
objects having only one input marked (failed)), and then 
sequences to segment 208 which resets all marks and which, 
in turn, sequences to segment 210. 
Segment 210 analyzes each digraph AND gate object on 
the failed ANDs list to find hidden doubletons to propagate 
and, then, sequences to segment 212 which determines if 
any processed failed digraph AND gate objects have hidden 
doubletons and if the answer is yes, sequences to segment 
50 214, but if the answer is no, sequences to decisional block 
218. The segment 214 analyzes each processed failed 
digraph AND gate object and adds its hidden doubletons to 
the doubleton list, removes the failed digraph AND gate 
from failed list, and recursively propagates the related mark 
55 which, in turn, requests a recursive call message 216 which 
is inputted to segment 200 which, in turn, causes segments 
202,204,206,208, 210 and 212 to be repeated. 
If the answer of decision block 212 is no, that is, the 
processed failed AND gates did not have hidden doubletons, 
60 segment 218 is activated. Segment 218 determines if any 
non-processed failed digraph AND gate objects have hidden 
doubletons and if the answer is no, the process returns to the 
initial decision block 194 which proceeds to process any 
unprocessed AND gates, but if the answer is yes, decision 
65 block 218 sequences to segment 220. 
The segment 220 determines each unprocessed failed 
AND gate objects and adds its hidden doubletons to its 
35 
45 
5,58 1,694 
15 
pending doubleton list and then allows control to be returned 
to the initial decisional block 194. 
Results Yielded by the Method of the Present Invention 
After all the singletons have been processed and after all 
the doubletons from each digraph AND gate object have 
been propagated, the diagnostic solution employing reliabil- 
ity digraph models has been completed. More particularly, 
with reference again to FIG. 1, after data sample signals 
indicative of the operation of each of the plurality of units 
making up complex system 12 of FIG. 1 have been analyzed, 
in a manner known in the art, to determine if any failure of 
these units has occurred and those failures are represented in 
the digraph model, in particular, then the method of the 
present invention determines if any predetermined target 
events have occurrcd. The failure signals are routed to the 
computer 20 having acccss to the knowledge base 26 
comprising the digraph model having objects representative 
of nodes, AND gates and doubletons, which are handled or 
processed to come up with a solution by an operation having 
encapsulation, inheritance and polymorphism characteris- 
tics. The operation with these characteristics is also self- 
contained having the further benefit of reducing the number 
of accesses to memory which, advantageously reduces the 
processing time to come up with a solution. The knowledge 
base 26 assigns a particular digraph node object for each unit 
which represents a failure of that assigned unit. Upon the 
occurrence of a failure condition of the assigned unit, a 
target event will or will not be detected, dependent upon the 
predetermined digraph model arranged in the knowledge 
base 26 and the predetermined conditions needed to qualify 
thc target event. As discussed hereinbefore, the solutions of 
singletons and doubletons execute or allow the failure of the 
unit to propagate to a target event or not allow this failure to 
propagate to a target event. If such a target event occurs, it 
is recognized by the method of the present invention and 
printed out on printer 30 or on the graphic display 28 both 
shown in FIG. 1. 
To print out the singletons of a given node object, the 
operating programs of the method of the present invention 
may print the names (ID - see FIG. 4) of the nodes stored in 
the singleton slot of the digraph node object and the names 
of the equivalent (equiv) nodes of each of those stored 
singletons. To print out the doubletons for a particular 
digraph node object or for a particular AND gate object, the 
present invention prints the names of the nodes in the 
digraph doubleton object from each of the digraph AND gate 
objects directly upstream of the node (listed in the 
upstream-ands slot of the digraph node object). For each 
doubleton object listed in an upstream digraph gate object, 
the cross product of the nodes equivalent to the doubleton 
candidate nodes listed in the doubleton object is calculated. 
The results of this cross product are doubletons represented 
by that digraph doubleton object. Once a doubleton is 
printed for a digraph node object, its object is marked so that 
it will not be printed twice for that same digraph node object. 
The method of the present invention finds and prints the 
singletons and doubletons for every node in the digraph 
model. When the method of the present invention is used 
with a graphic user, the results are preferably displayed with 
colors on a graphic depiction of the digraph model or even 
along with the system schematic of system 12 correlating the 
failure to its assigned unit of the complex system 12. 
Application for the Method of the Present Invention 
The method of the present invention provides a consid- 
erable increase in the processing speed when compared with 
the system techniques described in the “Background” sec- 
Lion. This performance increase is substantial. For example, 
5 
10 
15 
20 
25 
30 
35 
40 
45 
50 
55 
60 
65 
16 
for a complex system 12 having a number of nodes of about 
7271, each corresponding to a particular unit and its asso- 
ciated failure, the processing time for digraph model reli- 
ability and diagnostic analysis was reduced from 4 days to 
14 seconds. This increase in processing time provided by the 
present invention creates a wide variety of possible appli- 
cations for the present invention. For example, system 
designers can experiment with reliability models for new 
designs without waiting hours for test results. The method of 
the present invention can be used to test full scenarios for a 
deployed system by introducing faults into the digraph 
model and evaluating the resulting digraph solution pro- 
vided by the method of the present invention. The present 
invention by providing faster digraph evaluation also allows 
automatic diagnostic systcms using digraph models to pro- 
vide a relatively quick response when called upon to provide 
a solution in a dynamic operating environment. 
It should now be appreciated that the practice of the 
present invention provides for digraph reliability models that 
also provide for diagnostic analysis of complex systems, 
such as the space station of NASA which tends to be very 
large and complex. The method of the present invention 
reduces the processing time for digraph models of complex 
systems from days to minutes and even seconds. This 
reduction speeds up the operational response allowing for 
the digraph models to be used in automatic monitoring and 
diagnostics of complex systems. 
Further, although the invention has been described rela- 
tive to specific embodiments thereof, it is not so limited and 
many modifications and variations thereof now will be 
readily apparent to those skilled in the art in light of the 
above teachings. 
What we claim is: 
1. A method of testing and predicting failures of electronic 
and mechanical systems each comprising a plurality of units, 
said method comprising the steps of 
(a) receiving data samples indicative of the operating 
status of each of said plurality of units of said system; 
(b) analyzing said data samples to determine any failures 
of any of said plurality of units and generating respec- 
tive failure signals thereof; 
(c) directing said failure signals to a digital computer 
having a memory for storing a knowledge base com- 
prising objects separately stored in memory and each 
object having a plurality of slots, said knowledge base 
having encapsulation, inheritance and polymorphism 
characteristics, said knowledge base further comprising 
a digraph model that determines predetermined target 
events and comprises nodes and AND gates that are 
connected by directed edges, each of said nodes cor- 
responding to a particular failure of said plurality of 
units and each of said AND gates having a plurality of 
inputs, said nodes and AND gates being connected by 
the directed edges so that propagation therebetween 
and exit therefrom determines said target events, said 
propagation being determined by executable singletons 
and doubletons, each of said nodes, said AND gates and 
said doubletons being assigned as an individual object 
in memory; 
(d) classifying said failure signal as one of said singletons 
and doubletons and generating singleton and doubleton 
failure signals therefor; 
(e) identifying said singleton generated failure signal with 
its respective node, then delivering said node identifi- 
cation to its object and monitoring for the occurrence of 
its respective predetermined target event; and 
5,58 1,694 
17 18 
(f) identifying said doubleton generated failure signal 
with its respective node as well as its own identity and 
delivering said node identification to its object and said 
doubleton identification to its object, and monitoring 
for the occurrence of any predetermined target event. 5 
2. A method of testing and predicting failures of electronic 
and mechanical systems each comprising a plurality ofunits, 
said method comprising the steps of: 
(f) identifying said doubleton generated failure signal 
with its respective node as well as its own identity and 
delivering said node identification to its object and said 
doubleton identification to its object, and monitoring 
for the OCcurrence of any Predetermined target event. 
3. The method of testing and predicting failures of elec- 
tronic and mechanical systems according to claim 2 further 
comprising the step of identifying said propagated nodes 
that are reached by said directed and propagating edges as 
(a) receiving data sanP1es indicative Of the operating being inputs to one of a group consisting of an AND gate 
Status Of each Of said plurality Of Units Of said System; lo object and a multiple output node object and then 
(b) analyzing said data samples to determine any failures 
of any of said plurality of units and generating respec- 
tive failure signals thereof; 
(c) directing said failure signals to a digital computer 
one of said slots of one or more respective node objects that 
are reached by said directed and propagating edges as an 
object which is equivalent to said objects of said group. 
4. The method of testing and medictine failures of elec- 
having amemory for storing a knowledge base ;om- 
prising objects separately stored in memory and each 
object having a plurality of slots, said knowledge base 
having encapsulation, inheritance and polymorphism 
characteristics, said knowledge base further comprising 
a digraph model that determines predetermined target 
events and comprises nodes and AND gates that are 
connected by directed edges, each of said nodes cor- 
responding to a particular failure of said plurality of 
units and each of said AND dates having a plurality of 
inputs, said nodes and AND gates being connected by 
the directed edges so that propagation therebetween 
and exit therefrom determines said target events, said 
propagation being determined by executable singletons 
and doubletons, each of said nodes, said AND gates and 
said doubletons being assigned as an individual object 
in memory; 
(d) classifying said failure signal as one of said singletons 
and doubletons and generating singleton and doubleton 
failure signals therefor, said step of classifying said 
failure signals and generating said singleton signal 
further comprises the steps of 
(i) marking one of said plurality of slots of said node of 
said object of said respective failed node as failed; 
and 
(ii) identifying other nodes that said marked node 
propagates thereto by way of said directed edges and 
marking said other propagated nodes as failed in one 
of said plurality of slots of said objects of each of 
said other propagated nodes; and 
(iii) monitoring for the occurrence of any target events; 
(e) identifying said singletons generated failure signal 
with its respective node, then delivering said node 
identification to its object and monitoring for the occur- 
rence of its respective predetermined target event; and 
l5 tronic and mechanical systems accorGng to claim 3, 
wherein said step of classifying and generating said double- 
ton failure signal further comprises the steps of: 
(a) analyzing each failure node to determine if its directed 
edge is connected to an input of an AND gate object 
and also determining if a failure node object has been 
marked as an equivalent node; 
(b) constructing doubletons for each AND gate object by 
determining a cross product singleton node objects 
each of which cross product being an input of said AND 
gate object analyzed in step 4(a); 
(c) creating a unique said doubleton object for at least two 
cross product inputs to said constructed AND gate 
object; 
(d) sorting said AND gate objects into upstream and 
downstream AND gate objects and giving priority to 
said sorted upstream AND gate objects over said down- 
stream AND gate objects in the processing involved 
with testing and predicting of failures; 
(e) propagating said AND gate objects having an input 
which has its object marked as equivalent to form a 
downstream-andins list; 
(f) checking said downstrean-andins list to determine if 
any associated AND gate objects have been qualified 
and if any target events has been generated; 
(8) checking said AND gate objects which have their 
object marked as being an equivalent object to deter- 
mine if the objects marked as equivalent propagate 
through said qualified AND gates and classifying such 
AND gate objects as hidden doubletons; and 
(h) repeating steps (b) through (g) for said hidden double- 
tons. 
2o 
25 
30 
35 
40 
45 
* * * * *  
