type FState      is union NOMINAL | LOST | ERROR end
type FailureType is union Err | Loss | Ok end
type Flows       is record I:FailureType, O:FailureType end
   
function update(S : FState, env : Flows) : Flows is
   var  f : Flows := {I=env.I, O=env.O}
   begin
      f.O := (S = NOMINAL ? f.I : (S = LOST ? Loss : Err));
      return f
   end

process Function(&S : FState, &env : Flows) is
   states s0
   from s0 select
      on (S != LOST); S := LOST; env := update(S, env); loop
   [] on (S = NOMINAL); S := ERROR; env := update(S, env); loop
   end