A Case Study of Modeling an ATM Using...

Technical Report HCIS-2003-01

A Case Study of Modeling an ATM Using SOFL

Shaoying Liu

March 15, 2003

http://cis.k.hosei.ac.jp

Faculty of Computer and Information Sciences Hosei University

3-7-2 Kajino-cho, Koganei-shi Tokyo 184-8584

Japan

The technical reports are published for early dissemination of research results

by the members of the Faculty of Computer and Information Sciences at Hosei University. The completed results may be submitted later to journals and conferences for publication.

Technical Report: HCIS-2003-01 Title: A Case Study of Modeling an ATM Using SOFL Authors: Shaoying Liu Key words and Phrases: ATM, Formal specification, SOFL, Abstract: In this report I present a case study of modeling an ATM using SOFL (Structured Object-oriented Formal Language), a formal engineering method for software development. The purpose of the case study is to demonstrate how SOFL can be used in a top-down manner to achieve good quality object-oriented design. I also try to show how SOFL can be used in a three-step approach to obtaining a formal design specification from informal user requirements specification through semi-formal functional specification. Report date: March 15, 2003 Distribution Statement: Electronic form Web site to download from: http://cis.k.hosei.ac.jp/TR/ Contact information: [email protected] Supplementary Notes: not submitted

Department of Computer Science Faculty of Computer and Information Sciences

Hosei University 3-7-2 Kajino-cho, Koganei-shi

Tokyo 184-8584 Japan

1 Introduction

The SOFL specification language is a powerful tool for modeling complex computer systems. In thisreport, I present a case study of specifying an ATM (Automated Teller Machine) using SOFL , based onthe informal description of the functionality of Mizuho Bank ATMs available at the website:http://www.mizuhobank.co.jp/start/atm/index.html. The purpose of this case study is to demonstratehow SOFL can be used in a top-down manner to achieve object-oriented detailed design. This studyalso aims to show how formal design specifications can be achieved by taking the three-step: informal,semi-formal, and formal, which is advocated by the SOFL method.From the next section, I will present the documentations produced in the case study in the followingorder: informal user requirements specification, semi-formal user requirements specification, formal designspecification (mainly composed of implicit specifications of processes and CDFDs), object-oriented formaldetailed design (mainly composed of explicit specifications of processes and CDFDs (Condition Data FlowDiagrams); that is, all the lowest level processes are refined into explicit specifications). Readers who arenot familiar with SOFL are suggested to visit my homepage at http://wwwcis.k.hosei.ac.jp/~sliu/ formore publications on the SOFL specification language, method, process model, and applications.

2 Informal user requirements

The services provided by the ATM we model in this report is based on the informal description of MizuhoBank’s ATM, available in Japanese at the web site: http://www.mizuhobank.co.jp/start/atm/index.html.

2.1 Desired functional services

2.1.1 Top level module

• 1. Operations on current account.

• 2. Operations on savings account

• 3. Transfer money between accounts

• 4. Manage foreign currency account

• 5. Change password

2.1.2 Decomposition of function 1

Operations

• 1.1 Deposit /* put money into the current account */

• 1.2 Withdraw /* get money out of the current account */

• 1.3 Show balance /* display the balance of the current account */

• 1.4 Print out transaction records /* print a list of transactions made by now */

1

Policy on operation

• 1. Withdraw: (1) Maximum amount to be withdrawn each time is

1, 000, 000 JPY.

• (2) Maximum amount to be withdrawn each day is

5, 000, 000 JPY

• (3) No overdraw is allowed.

• 2. Deposit: at most 1, 000,000 JPY can be deposited each time.

• 3. Password is required for all the four operations given above.

• 4. Bank-card is required for all the four operations.

• 5. Bank-book is required only for operation 1.4: print out transaction records.

Resources

• 1. Each customer has ONE current account.

• 2. It is necessary to record the following data items in the system for each customer:

• (1) full name

• (2) account number

• (3) password

2.1.3 Decomposition of function 2 in the top module

Operations

• 2.1 Deposit /* put money into the savings account */

• 2.2 Application of withdrawing money from the savings account.

/* withdrawing money from the savings account needs application in advance */

• 2.3 Withdraw /*only after a customer submits an application, can he withdraw money from thesavings account. */

• 2.4 Show balance

• 2.5 Print out transaction records

2

Resources

• 1. Each customer has ONE savings account.

• 2. Each customer needs the following data items to be recorded in the system:

• (1) full name


• (3) password

Policy on operations

• 1. After every 6 months the customer can withdraw money and money cannot be withdrawnwithout application in advance.

• 2. The maximum amount to be withdrawn each time is 3, 000, 000 JPY. That is, when applyingfor the withdraw, the customer can apply for up to 3, 000, 000 JPY

• 3. The maximum amount to deposit is 3,000,000 JPY


Operations

• 1. Transfer money by cash-card /*transfer from the current to another account, including boththe customer’s own savings account and other person’s account of any kind. */

Resources

• 1. A link to all the involved bank accounts.

Policy on operations

• 1. The maximum amount of each transferring transaction is 1,000,000 JPY.

• 2. It is forbidden to transfer money from any other account to the customer’s current account,no matter whether the transferring is made by cash-card (the customer’s own current accountcash-card) or by cash.

• 3. Purchase us dollars using cash and deposit the us dollars into the foreign currency account.

• 4. Withdraw JPY from the foreign currency account.

• 5. Show balance.

3


Operations

• 1. Purchase US dollars using the money of the current account.

• 2. Sell US dollars to JPY and deposit the money into the current account.

Resources

• 1. Each customer needs a foreign currency account.

• 2. Each customer’s following data items needs to be recorded in the account:

• (1) full name


• (3) password


• 1. Change password for the current account.

• 2. Change password for the savings account.

• 3. Change password for the foreign currency account.

2.2 The focus of the informal requirements specification

1. List all of the desired functional services or operations.2. Discover all the policies on operations that will be implemented as constraints on the functions of theoperations.3. Discover the necessary data resources the system needs to manage.4. Roughly understand the functionality of each required operation.

3 Semi-formal functional specification

3.1 The guidelines for transforming informal specification

1. Build the semi-formal specification in terms of modules.2. Define all the necessary data items with appropriate built-in types. In order to define them withappropriate data structures, we may need to investigate the relations among different data items, suchas Customer, Account, Account_number, and so on. Such relations should be defined in types.3. Transform operations into processes.4. Define each process with pre and postconditions, keeping the contents of the pre and postconditionsinformal.5. Draw CDFDs, if necessary.6. Try to make good use of common attributes in composite objects, which will facilitate the classdefinitions based on those composite types in the detailed design.

4

3.2 The contents of the semi-formal specification

Top-level module module SYSTEM_ATM; /*just for type declaration that all of its descendentmodules can share. */const

maximum_withdraw_once = 1,000,000; /*The unit is JPY, likewise for the following constants.*/maximum_withdraw_day = 5,000,000;maximum_deposit_once = 1,000,000;maximum_withdraw_application = 3,000,000;ATM_no = i; /*i is any natural number*/type

CustomerInf = composed of

account_no: nat0pass: Passwordend;

Password = nat0; /*A password is natural number */AccountInf = composed of

name: string /*The customer’s full name */balance: nat0 /*The unit is JPY*/transaction_history: seq of Transactionend;

CurrentAccountInf = AccountInf;SavingsAccountInf / AccountInf =composed of

withdraw_application_amount: nat0application_status: bool /*true for yes, false for no */end;ForeignCurrencyAccountInf = AccountInf;CurrentAccountFile = map CustomerInf to CurrentAccountInf;SavingsAccountFile = map CustomerInf to SavingsAccountInf;ForeignCurrencyAccountFile = map CustomerInf to ForeignCurrencyAccountInf;ApplicationNotice = composed of

application_amount: nat0;appication_successful: string;end;

Transaction = composed of

date: Datetime: Timepayment: nat0deposit: nat0balance: nat0atm_no: nat0end;

Date = Day * Month * Year;Day = nat0;Month = nat0;Year = nat0;var

ext #current_accounts: CurrentAccountFile;ext #savings_accounts: SavingsAccountFile;

5

ext #foreign_currency_accounts: ForeignCurrencyAccountFile;ext #today: Date; /*The variable today is assumed to change to reflect

the date of today in calender.*/ext #current_time: Time; /*This variable represents a clock telling the current time */inv

forall[x: CustomerInf] | not exists[y: CustomerInf] | x.account_no = y.account_no; /*Each customer’saccount is unique */forall[x, y: Transaction] | x <> y; /*All the transactions are different. */

process Manage_Current_Account(current: sign)end;

process Manage_Savings_Account(savings: sign)end;

process Manage_Transfer(transfer: sign)end;

process Manage_Foreign_Currency_Account(foreign_currency: sign)end;

process Change_Password(change_pass: sign)end;

end_module;

/*At this level, each process is defined with pre and postconditions both being true. Their specificfunctionalities will be defined by their decompositions. Furthermore, there is no need to provide anyCDFD at this moment because the lack of CDFD does not affect the documenting the user requirements.*/

module Manage_Current_Account_Decom / SYSTEM_ATM;typeNotice = composed of

transaction_account = nat0updated_balance: nat0end;

varext #current_accounts: CurrentAccountFile;

process Current_Authorization(current_inf: CustomerInf)permission: sign | e_mesg1: string

ext rd current_accountspost if the input account_no and password match those of the customer’s

current account in the store current_accountsthen generate output permissionelse output an error message.

end_process;

process Current_Deposit(permission: sign, current_inf: CustomerInf, deposit_amount: nat0)notice: Notice | warning: string

ext wr current_accounts;post if the input deposit_amount is less than or equal to the maximum_deposit_once

6

then(1) add the deposit_amount to current_account(2) give the customer a notice showing the amount of deposit and the updated balance(3) update the transaction history of the accountelse give a warning message to indicate that the amount is over the limit.

end_process;

process Current_Withdraw(permission: sign, current_inf: CustomerInf, amount: nat0)notice: Notice | warning2: string

ext wr current_accountspost if the input amount is less than or equal to the

balance of the account and the maximum_withdraw_oncethen(1) output the cash of the requested amount(2) reduce the withdraw amount from the balance(3) update the transaction history of the account(4) give the noticeelsegenerate the warning message

end_process;

process Current_Show_Balacnce(permission: sign, current_inf: CustomerInf)balance: nat0 | warning3: string

ext rd current_accountspost if the input account_no and pass match those of the customer in the store current_accounts

then display the balance of the customer’s current accountelse issue an error message

end_process;

process Current_Print_Transaction_Records(permission: sign, current_inf: CustomerInf, date: Date)transaction_records: TransactionRecords

ext rd current_accountspost print out the transaction records since the input dateend_process;

end_module;

module Manage_Savings_Account_Decom / SYSTEM_ATM;varext #savings_accounts: SavingsAccountFile;process Savings_Authorization(savings_inf: SavingsAccountInf)

permission1: sign | e_mesg2: signext rd savings_accountspost if the input account_no and pass match those of the customer in the

store savings_accountsthen generate permission1else generate an error message e_mesg2

end_process;

process Savings_Deposit(permission1: sign, savings_inf: SavingsAccountInf, deposit_amount: nat0)notice1: Notice | warning3: string

ext wr savings_accounts

7

post if the deposit_amount is less than or equal to the maximum_deposit_oncethen(1) add the deposit_amount to the savings account(2) give the customer a notice showing the amount of deposit and the updated balance(3) update the transaction histroy of the savings accountelse give a warning message to indicate that the deposit amount is over the limit

end_process;

process Apply_Withdraw(applied_amount: nat0)a_notice: ApplicationNotice | warning4: string

ext wr savings_accountspost if applied_amount is less than or equal to the maximum_withdraw_application amount

then(1) set the withdraw_application_amount to the applied_amount(2) set the application_status as true(3) give a notice to show the success of application.

else give a warning message to indicate that the applied_amount is over limit.end_process;

process Savings_Withdraw(permission2: sign, withdraw_amount: nat0)notice2: Notice | warning5: string

ext wr savings_accountspost if the customer has applied for withdrawing in advance and the withdraw_amount

is less than or equal to the withdraw_application_amountthen(1) provide cash of the requested withdraw amount(2) give a notice to the customer to indicate the withdraw amount and the updated balanceelsegive a warning message to the customer

end_process;

process Savings_Show_Balance(permission3: sign) savings_balance: nat0ext rd savings_accountspost Display the balance of the savings accountend_process;

process Savings_Print_Transaction_Records(permission4: sign, date: Date)transaction_records1: TransactionRecords

ext rd savings_accountpost print out the transaction records since the input dateend_process;

end_module;

module Manage_Transfer_Decom / SYSTEM_ATM;typeTransferNotice = composed of

transaction_amount: nat0from_account_balance: nat0to_account_balance: nat0end;

var

8

ext #current_accounts;ext #savings_accounts;

process Transfer_From_Current_To_Savings(savings_account_no: nat0,transfer_amount1: nat0,current_inf: CurrentInf)notice1: TransferNotice | warning6: string

ext wr current_accountswr savings_accounts

pre the customer has a current account in the store current_accountsand a savings account in the store savings_accounts

post if transfer_account is greater than the balance of the current accountthen give a warning messageelse(1) add the requested amount to the savings account(2) reduce the requested amount from the balance of the current account(3) give a notice to show the detail of the transfer

end_process;

process Transfer_From_Savings_To_Current(savings_inf: CustomerInf,current_account_no: nat0,notice: TransferNotice | warning7: string


pre the customer has a current account and savings accountpost if (1) the customer has made an application of withdraw from

the savings account(2) the transfer amount is less than or equal to the applied amount

then(1) add the transfer amount to the balance of the current account(2) reduce the same amount from the balance of the savings account(3) reduce the amount from the applied amount, and if it becomes zero,

then set the application status as false; otherwise do nothing aboutthe status

else(4) give a warning message

end_process;

end_module;

module Manage_Foreign_Currency_Account / SYSTEM_ATM;typeExchangeNotice = composed of

amount_in_yen: nat0current_balance: nat0foreign_balance: realexchange_rate: nat0 /*US$1 = n JPY */end;

CashExchangeNotice =composed ofamount_in_yen: nat0amount_in_dollar: real

9

foreign_balance: realend;

process Buy_Dollars_From_Current(current_inf: CustomerInf,foreign_inf0: CustomerInf,amount_in_yen: nat0)notice0: ExchangeNotice | warning8: string

ext wr current_accountswr foreign_currency_accounts

pre the customer has a current account and a foreign currency accountpost if the amount_in_yen is less than or equal to the balance of the current account

then(1) calculate the transfer amount in US dollar based on the current exchange rate(2) reduce the amount transfered to the foreign currency account from the current account(3) add the transfered amount in US dollar to the foreign currency account(4) produce the notice to indicate the amount in yen, new balance of the current account,

amount in dollar, and the new balance of foreign currency accountelse give a warning message to indicate that the requested transfer amount is over the balance of

the requested transfer amount is over the balance of the current account.end_process;

process Buy_Yen_From_Foreign(current_account_no: nat0,foreign_inf: customerInf,amount_in_dollar: real)

notice1: ExchangeNotice | warning9: stringext wr current_accounts

wr foreign_currency_accountspre the customer has a current account and a foreign currency accountpost if the amount in dollar is less than or equal to the balance of the foreign

currency accountthen(1) calculate the transfered amount in yen based on the current exchange rate(2) add the amount in yen to the current account(3) reduce the requested transfer amount in US dollar from the foreign currency account(4) give a notice to show all the related data

else give a warning message to indicate that the requested transfer amount isover the balance of the foreign currency account

end_process;

process Buy_Dollars_Using_CashYen(amount_in_yen: nat0, foreign_inf: CustomerInf)notice2: CashExchangeNotice

ext wr foreign_currency_accountsrd current_exchange_rate

pre the customer has a foreign currency accountpost (1) calculate the amount in US dollar based on the amount_in_yen

and the current exchange rate(2) add the amount in dollar to the foreign currency account(3) give a notice to indicate the relevant data

end_process;

process Foreign_Withdraw(foreign_inf: CustomerInf, amount_in_yen: nat0)notice3: CashExchangeNotice | warning10: string

10

ext rd current_exchange_ratewr foreign_currency_accounts

pre the customer has a foreign currency accountpost if the amount_in_yen is less than or equal to the balance in yen, resulting

from converting the balance in dollar based on the current exchange ratethen(1) calculate the amount in dollar based on the requested amount in yen

and the current exchange rate(2) provide a notice to show the related details(3) reduce the amount in dollar from the balance of the foreign

currency accountelse give a warning message to indicate that the requested amount

is over the balance of the foreign currency accountend_process;

process Foreign_Show_Balance(foreign_inf: CustomerInf)balance: real

ext rd foreign_currency_accountspre the customer has a foeign currency accountpost show the balance of the foreign currency accountend_process;

end_module;

module Change_Password_Decom / SYSTEM_ATM;varext #current_accountsext #savings_accountsext #foreign_currency_accountsext #all_used_passwords: set of Passwords

process Change_Current_Password(old_pass, new_pass: Password,current_account_no: nat0)notice1: string | warning11: string

ext wr current_accountswr all_used_passwords

pre the customer has a current accountpost if the new_pass has been used for another customer

then give a warning message to indicate the necessity of providinganother new password

else (1) change the old_pass with the new_pass of the current account(2) remove the old_pass from all_used_passwords(3) give a successful notice ”The password is successfully changed.”

end_process;

process Change_Savings_Password(old_pass, new_pass: Password,savings_account_no: nat0)notice2: string | warning12: string

ext wr savings_accountswr all_used_passwords

pre the customer has a savings accountpost if the new_pass is not used for another customer

11

then(1) replace the old_pass with the new_pass of the savings account(2) remove the old_pass from all_used_passwords(3) give a successful notice ”The password is successfully changed.”

else give a warning message to ask the customer to provide anothernew password.

end_process;

process Change_Foreign_Password(old_pass, new_pass: Password,foreign_account_no: nat0)notice3: string | warning13: string

ext wr foreign_currency_accountswr all_used_passwords

pre the customer has a foreign currency accountpost if the new_pass is not used for another customer

then(1) replace the old_pass with the new_pass of the foreign currency account(2) remove the old_pass from the store all_used_passwords(3) give a successful notice ”The password is successfully changed.”

else give a warning message to ask the customer to provide anothernew password.

end_process;

end_module; /*The end of the semi-formal specification */

/*The implicit formal abstract design specification is given below*/

module SYSTEM_ATM;constmaximum_withdraw_once = 1,000,000; /*The unit is JPY, likewise for the following constants.*/maximum_withdraw_day = 5,000,000;maximum_deposit_once = 1,000,000;maximum_withdraw_application = 3,000,000;ATM_no = i; /*i is any natural number*/typeCustomerInf = composed of

account_no: nat0pass: Passwordend;

Password = nat0; /*A password is a natural number */AccountInf = composed of

name: string /*The customer’s full name */balance: nat0 /*The unit is JPY*/transaction_history: seq of Transactionend;

CurrentAccountInf = AccountInf;SavingsAccountInf / AccountInf =composed ofwithdraw_application_amount: nat0application_status: bool /*true for yes, false for no */end;ForeignCurrencyAccountInf = AccountInf;

12

CurrentAccountFile = map CustomerInf to CurrentAccountInf;SavingsAccountFile = map CustomerInf to SavingsAccountInf;ForeignCurrencyAccountFile = map CustomerInf to ForeignCurrencyAccountInf;ApplicationNotice = composed of

application_amount: nat0;application_successful: string;end;

Transaction = composed ofdate: Datetime: Timepayment: nat0deposit: nat0balance: nat0atm_no: nat0end;

Date = Day * Month * Year;Day = nat0;Month = nat0;Year = nat0;varext #current_accounts: CurrentAccountFile;ext #savings_accounts: SavingsAccountFile;ext #foreign_currency_accounts: ForeignCurrencyAccountFile;ext #today: Date; /*The variable today is assumed to change to reflect

the date of today in calender.*/ext #current_time: Time; /*This variable represents a clock telling the current time */invforall[x: CustomerInf] | not exists[y: CustomerInf] | x.account_no = y.account_no; /*Each customer’saccount is unique */forall[x, y: Transaction] | x <> y; /*All the transactions are different. */forall[x, y: {current, savings, transfer, foreign_currency, change_pass}] |

bound(x) and bound(y) = false;/*Any two of the reltaed control data flows cannot become available at the same time */behav CDFD_No1;

process Manage_Current_Account(current: sign)ext wr current_accountsend;

process Manage_Savings_Account(savings: sign)ext wr savings_accountsend;

process Manage_Transfer(transfer: sign)ext wr current_accounts

wr savings_accountsend;

process Manage_Foreign_Currency_Account(foreign_currency: sign)ext wr foreign_currency_accountsend;

13

Manage_Current_Account

Change_Password

Manage_Savings_Account

Manage_Transfer

Manage_Foreign_Currency_Account

current_accounts1

savings_accounts2

foreign_currency_accounts3

all_used_passwords4

1

1

current

savings

transfer

foreign_currency

change_pass

Figure 1: No1

process Change_Password(change_pass: sign)ext wr all_used_passwords

wr foreign_currency_accountswr savings_accountswr current_accounts

end;

end_module;

module Manage_Current_Account_Decom / SYSTEM_ATM;typeNotice = composed of

transaction_account = nat0updated_balance: nat0end;

OutputDevice = seq of universal;InputDevice = seq of universal;ServiceCollection = {<1>, <2>, <3>, <4>};varext #current_accounts: CurrentAccountFile;ext #output_device: OutputDevice;ext #InputDevice: InputDevice;invforall[x, y: {deposit, withdraw, s_balance, p_transactions}] |

bound(x) and bound(y) = false;behav CDFD_No2;

14

process Select_Services(deposit, a: sign |b, withdraw: sign |c, s_balance: sign |d, p_transactions: sign) sel: ServiceCollection

post bound(deposit) and sel = <1> orbound(withdraw) and sel = <2> orbound(s_balance) and sel = <3> orbound(p_transactions) and sel = <4>

commentThe output data flow sel is decided to take different value depending onthe availability of the input data flows.end_process;

process Current_Authorization(sel: ServiceCollection,current_inf: CustomerInf)current_inf1: CustomerInf |current_inf2: CustomerInf |current_inf3: CustomerInf |current_inf4: CustomerInf |e_mesg1: string

ext rd current_accountspost if current_inf inset dom(current_accounts)

then case sel of<1> —> current_inf1 = current_inf;<2> —> current_inf2 = current_inf;<3> —> current_inf3 = current_inf;<4> —> current_inf4 = current_inf;end

else e_mesg1 = “Your password or account number is incorrect.”commentif the input account_no and password match those of the customer’s

current account in the store current_accountsthen generate output permissionelse output an error message.end_process;

process Current_Deposit(deposit_amount: nat0, current_inf1: CustomerInf)notice1: Notice | warning1: string

ext wr current_accounts;post if deposit_amount <= maximum_deposit_once

thencurrent_accounts =override(~current_accounts,{current_inf1 —>modify(~current_accounts(current_inf1),balance —>~current_accounts(current_inf1).balance + deposit_amount,transaction_history —>conc(~current_accounts(current_inf1).transaction_history,

[Get_Transaction(current_accounts, today, current_time, 0, deposit_amount, current_inf1)]))

15

}) andnotice1 = mk_Notice(deposit_amount, current_accounts(current_inf1).balance))

else warning1 = “Your amount is over 1000000 yen limit.”commentif the input deposit_amount is less than or equal to the maximum_deposit_oncethen

(1) add the deposit_amount to the current_account(2) give the customer a notice showing the amount of deposit and the updated balance(3) update the transaction history of the account

else give a warning message to indicate that the amount is over the limit.end_process;

process Current_Withdraw(current_inf2: CustomerInf, amount: nat0)notice2: Notice | warning2: string

ext wr current_accountspost if amount <= maximum_withdraw_one and

amount <= ~current_accounts(current_inf2).balancethencurrent_accounts =override(~current_accounts,

{current_inf2 —>modify(~current_accounts(current_inf2),balance —>~current_accounts(current_inf2).balance - amount,transaction_history —>conc(~current_accounts(current_inf2).transaction_history,[Get_Transaction(current_accounts, today, current_time, amount, 0, current_inf2)]

))

}) andnotice2 = mk_Notice(amount, current_accounts(current_inf2).balance))

else warning2 = “Your withdraw amount is over the limit.”

commentif the input amount is less than or equal to the

balance of the account and the maximum_withdraw_oncethen

(1) output the cash of the requested amount(2) reduce the withdraw amount from the balance(3) update the transaction history of the account(4) give a notice

elsegenerate a warning message

end_process;

process Current_Show_Balacnce(current_inf3: CustomerInf)balance: nat0

ext rd current_accountspost balance = current_accounts(current_inf3).balancecomment

16

display the balance of the customer’s current accountend_process;

process Current_Print_Transaction_Records(current_inf4: CustomerInf, date: Date)transaction_records: TransactionRecords

ext rd current_accountspost let transactions = current_accounts(current_inf4).transaction_history

in let i = get({i | i: inds(transactions) & transactions(i).date = date})intransaction_records = transactions(i, ..., len(transactions))

commentprint out the transaction records since the input dateend_process;

process Display_Information(notice1: Notice |notice2: Notice |balance: nat0 |transaction_records: TransactionRecords)

ext wr output_devicepost bound(notice1) and output_device = conc(~output_device, [notice1]) or

bound(notice2) and output_device = conc(~output_device, [notice2]) orbound(balance) and output_device = conc(~output_device, [balance]) orbound(transaction_records) and output_device =conc(~output_device, [transactions_records])

commentDisplay the input data flows onto the output device based on theiravailability.end_process;

process Display_Message(warning1: string |warning2: string |e_mesg1: string)

ext wr output_devicepost bound(warning1) and output_device = conc(~output_device, [warning1]) or

bound(warning2) and output_device = conc(~output_device, [warning2]) orbound(e_mesg1) and output_device = conc(~output_device, [e_mesg1])


function Get_Transaction(current_accounts: CurrentAccountFile,to_day: Date,time: Time,pay_amount: nat0,deposit_amount: nat0,customer_inf: CustomerInf): Transaction

== mk_Transaction(to_day, time, pay_amount, deposit_amount,current_accounts(customer_inf).balanceATM_no)

end_functionend_module;

17

S e l e c t _S e r v i c e s

a

d e p o s i t

b

w i th d r a w

2

2

c u r r e n t

c

3

s _ b a la n c e

3d

p _ t ra n s a c t io n s s e l

c u r r e n t_ in f

C u r r e n t_A u t h o r iz a t i o n

d e p o s i t_ a m o u n t

c u r r e n t_ in f 2

4

a m o u n t

4

c u r r e n t_ in f3

c u r r e n t _ in f 4

d a t e

e _ m e s g 1

C u r r e n t_D e p o s i t

C u r r e n t_W it h d r a w

C u r r e n t_S h o w _

B a la n c e

C u r r e n t _P r i n t _

T r a n s a c t io n _R e c o r d s

n o t ic e 1

5n o t ic e 2

8w a r n in g 1

6b a la n c e

c u r r e n t _ in f 1

7

t r a n s a c t io n _ r e c o r d s

9w a r n in g 2

5

67

89

D i s p l a y _I n f o r m a t i o n

D i s p l a y _M e s s a g e

o u t p u t_ d e v ic e5

1 0

1 0

c u r r e n t_ a c c o u n t s1

1 1

1 1

1 1

1 1

Figure 2: No2

module Manage_Savings_Account_Decom / SYSTEM_ATM;typeNotice = Manage_Current_Account_Decom.Notice;OutputDevice = Manage_Current_Account_Decom.OutputDevice;InputDevice = Manage_Current_Account_Decom.InputDevice;SavingsServiceCollection = {<1>, <2>, <3>, <4>, <5>};varext #current_accounts: CurrentAccountFile;ext #output_device: OutputDevice;ext #InputDevice: InputDevice;invforall[x, y: {s_deposit, apply, s_withdraw, s_s_balance, s_p_transactions}] |


process Select_Savings_Services(s_deposit, a1: sign |b1, apply: sign |c1, s_withdraw: sign |d1, s_s_balance: sign |e1, s_p_transactions: sign)sel: SavingsServiceCollection

post bound(s_deposit) and sel = <1> orbound(apply) and sel = <2> orbound(s_withdraw) and sel = <3> orbound(s_s_balance) and sel = <4> orbound(s_p_transactions) and sel = <5>

18

commentThe output data flow sel is decided to take different value depending onthe availability of the input data flows.end_process;

process Savings_Authorization(sel: SavingsServiceCollection,savings_inf: CustomerInf)savings_inf1: CustomerInf |savings_inf2: CustomerInf |savings_inf3: CustomerInf |savings_inf4: CustomerInf |savings_inf5: CustomerInf |e_mesg2: string

ext rd savings_accountspost if savings_inf inset dom(savings_accounts)

then case sel of<1> —> savings_inf1 = savings_inf;<2> —> savings_inf2 = savings_inf;<3> —> savings_inf3 = savings_inf;<4> —> savings_inf4 = savings_inf;<5> —> savings_inf5 = savings_inf;end

else e_mesg2 = “Your password or account number is incorrect.”commentif the input account_no and password match those of the customer’s

savings account in the store savings_accountsthen generate output data flows based on the value of variable selelse output an error message.end_process;

process Savings_Deposit(d_amount: nat0, savings_inf1: CustomerInf)notice1: Notice | warning3: string

ext wr savings_accounts;post if d_amount <= maximum_deposit_once

thensavings_accounts =override(~savings_accounts,{savings_inf1 —>modify(~savings_accounts(savings_inf1),balance —>~savings_accounts(savings_inf1).balance + d_amount,transaction_history —>conc(~savings_accounts(savings_inf1).transaction_history,

[Get_Savings_Transaction(savings_accounts, today, current_time, 0, d_amount,savings_inf1)]

))

}) andnotice1 = mk_Notice(d_amount, savings_accounts(savings_inf1).balance))

else warning3 = “Your amount is over 1000000 yen limit.”comment

19

if the input d_amount is less than or equal to the maximum_deposit_oncethen

(1) add the d_amount to the savings_account(2) give the customer a notice showing the amount of deposit and the updated balance(3) update the transaction history of the account


process Apply_Withdraw(savings_inf2: CustomerInf, a_amount: nat0)a_notice: string | warning4: string

ext wr savings_accountspost if a_amount is maximum_withdraw_application

thensavings_accounts =override(~savings_accounts,

{savings_inf2 —>modify(~savings_accounts(savings_inf2),withdraw_application_amount: nat0 —>a_amount,application_status —> true)

}) and

a_notice = “Your application is successful”else warning4 = “Your application amount is over the limit.”

commentIf the applied withdraw amount a_amount is within the fixed limit,then change the withdraw_application_amount to the applied withdrawamount and the application_status to true, indicating the application ismade, and issue a notice to tell the customer that the application issuccessful. Otherwise, give a warning message to indicate that theapplied withdraw amount is over the fixed limit.end_process;

process Savings_Withdraw(savings_inf3: CustomerInf, w_amount: nat0)notice2: Notice | warning5: string

ext wr savings_accountspost if w_amount <= ~savings_accounts(savings_inf3).withdraw_application_amount and

w_amount <= ~savings_accounts(savings_inf3).balancethensavings_accounts =override(~savings_accounts,

{savings_inf3 —>modify(~savings_accounts(savings_inf3),balance —>~savings_accounts(savings_inf3).balance - w_amount,transaction_history —>conc(~savings_accounts(savings_inf3).transaction_history,

[Get_Savings_Transaction(savings_accounts, today, current_time, w_amount, 0,savings_inf2)]

))

20

}) andnotice2 = mk_Notice(w_amount, savings_accounts(savings_inf3).balance))

else warning5 = “Your withdraw amount is over the limit.”

commentif the input w_amount is less than or equal to the applied withdraw amountand the balance of the savings account

then(1) output the cash of the requested amount(2) reduce the withdraw amount from the balance(3) update the transaction history of the account(4) give a notice


end_process;

process Savings_Show_Balacnce(savings_inf4: CustomerInf)s_balance: nat0

ext rd savings_accountspost s_balance = savings_accounts(savings_inf4).balancecommentDisplay the balance of the customer’s savings accountend_process;

process Savings_Print_Transaction_Records(savings_inf5: CustomerInf, date: Date)transaction_records: TransactionRecords

ext rd savings_accountspost let transactions = savings_accounts(savings_inf5).transaction_history


commentPrint out the transaction records since the input dateend_process;

process Savings_Display_Information(notice1: Notice |a_notice: string |notice2: Notice |s_balance: nat0 |transaction_records: TransactionRecords)


bound(a_notice) and output_device = conc(~output_device, [a_notice]) orbound(notice2) and output_device = conc(~output_device, [notice2]) orbound(s_balance) and output_device = conc(~output_device, [s_balance]) orbound(transaction_records) and output_device =conc(~output_device, [transactions_records])


21

S e l e c t _S a v i n g s _S e r v i c e s

a 1

s _ d e p o s i t

b 1

a p p l y

2

2

s a v i n g s

c 1

3

s _ w i t h d r a w

3d 1

s _ p _ t r a n s a c t i o n s s e l

s a v i n g s _ i n f

S a v i n g s _A u t h o r i z a t i o n

d _ a m o u n t

s a v i n g s _ i n f 2

4

a _ a m o u n t

4



e _ m e s g 2

S a v i n g s _D e p o s i t

A p p l y _W i t h d r a w

S a v i n g s _W i t h d r a w

S a q v i n g s _S h o w _

B a l a n c e

n o t i c e 1

5a _ n o t i c e

8w a r n i n g 3

6n o t i c e 2


7

s _ b a l a n c e

9w a r n i n g 4

5

67

89

S a v i n g s _D i s p l a y _

I n f o r m a t i o n

S a v i n g s _D i s p l a y _M e s s a g e

o u t p u t _ d e v i c e5

1 0

1 0

s a v i n g s _ a c c o u n t s2

1 1

1 1

1 1

1 1

e 1s _ s _ b a l a n c e

1 2

w _ a m o u n t

1 2

1 3

1 3


d a t e

S a v i n g s _P r i n t _

T r a n s a c t i o n _R e c o r d s

t r a n s a c t i o n _ r e c o r d s

1 41 4

1 41 4

1 5

1 5

w a r n i n g 5

Figure 3: No3

process Savings_Display_Message(warning3: string |warning4: string |warning5: string |e_mesg2: string)


bound(warning4) and output_device = conc(~output_device, [warning4]) orbound(warning5) and output_device = conc(~output_device, [warning5]) orbound(e_mesg2) and output_device = conc(~output_device, [e_mesg2])


function Get_Savings_Transaction(savings_accounts: SavingsAccountFile,to_day: Date,time: Time,pay_amount: nat0,deposit_amount: nat0,customer_inf: CustomerInf): Transaction

== mk_Transaction(to_day, time, pay_amount, deposit_amount,savings_accounts(customer_inf).balanceATM_no)

end_functionend_module;

22

module Manage_Transfer_Decom / SYSTEM_ATM;typeTransferNotice = composed of

transaction_amount: nat0from_account_balance: nat0to_account_balance: nat0end;

varext #savings_accounts;ext #savings_accounts;

process Select_Transfer_Services(current_to_savings, a2: sign |b2, savings_to_current: sign)sel1: bool

post bound(current_to_savings) and sel1 = true orbound(savings_to_current) and sel1 = false

commentsel1 is decided based on the availability of the input data flows.end_process;

process Transfer_Authorization(sel1: bool,customer_inf: CustomerInf)customer_inf1: CustomerInf |customer_inf2: CustomerInf |w_mesg: string

ext rd savings_accountsrd current_accounts

post if sel1then if customer_inf inset dom(current_accounts)

then customer_inf1 = customer_infelse w_mesg = “The password or account number of

your current account is incorrect.”else if customer_inf inset dom(savings_accounts)


your savings account is incorrect.”commentCheck whether the customer’s account number and passwordare confirmed. If yes, pass the input customer_inf to eithercustomer_inf1 or customer_inf2, depending on from whichof the current and savings accounts the transfer will be done.end_process;



post if transfer_amount1 <= current_accounts(current_inf).balancethencurrent_accounts = override(~current_accounts,

23

{current_inf —>modify(~current_accounts(current_inf),balance —>~current_accounts(current_inf).balance - transfer_amount1

)}

) and(exists![x: dom(savings_accounts)] |

x.account_no = savings_account_no andsavings_accounts =override(~savings_accounts,{x —> modify(~savings_accounts(x).balance + transfer_amount1)}

) andnotice1 =mk_TransferNotice(transfer_amount1,

current_accounts(current_inf).balance,savings_accounts(x).balance)

else warning6 = “Your transfer amount is over the balance.”commentif transfer_account is greater than the balance of the current accountthen give a warning messageelse

(1) add the requested amount to the savings account(2) reduce the requested amount from the balance of the current account(3) give a notice to show the detail of the transfer

end_process;

process Transfer_From_Savings_To_Current(savings_inf: CustomerInf,current_account_no: nat0,transfer_amount2: nat0)notice2: TransferNotice |warning7: string


post let savings_account_inf = ~savings_accounts(savings_inf)in if savings_account_inf.application_status and

savings_account_inf.withdraw_application_amount >=transfer_amount2


{savings_inf —>modify(savings_account_inf,

balance —>savings_account_inf.balance -transfer_amount2,

withdraw_application_amount —>savings_account_inf.withdraw_application_amount -transfer_amount2)

}

24

) and(exists![x: dom(current_accounts)] |

x.account_no = current_account_no andcurrent_accounts =override(~current_accounts,{x —> modify(~current_accounts(x).balance + transfer_amount1)}


savings_accounts(savings_inf).balance,current_accounts(x).balance)

else warning7 = “Your transfer amount is over the applied transfer amount.”commentif (1) the customer has made an application of withdraw from




elsegive a warning message

end_process;process Transfer_Display_Information(notice1: TransferNotice |

notice2: TransferNotice)ext wr output_devicepost bound(notice1) and output_device = conc(~output_device, [notice1]) or

bound(notice2) and output_device = conc(~output_device, [notice2])commentDisplay the input data flows onto the output device based on theiravailability.end_process;

process Transfer_Display_Message(w_mesg: string |warning6: string |warning7: string)

ext wr output_devicepost bound(w_mesg) and output_device = conc(~output_device, [w_mesg]) or

bound(warning6) and output_device = conc(~output_device, [warning6]) orbound(warning7) and output_device = conc(~output_device, [warning7])


end_module;

module Manage_Foreign_Currency_Account / SYSTEM_ATM;type

25

tran s fe r

a2

b 2

cu rre n t_to _sav in g s

S e lec t_T ran sfe r_S e rv ices

s e l1

cu stome r_in f

T ran s fe r_A u th o riza t io n

1

sa v in g_ a cc o u n t_ n o

tra n sfe r_ a m ou n t1

cu stom e r_ in f1

c u stom e r_ in f2

cu rre n t_ a c co u n t_n o

tra ns fer_ a m ou nt2

T ran s fe r_ F ro m _C u r ren t_ T o _

S av in g s

T ra n sfe r_ F ro m _S av in g s _ T o _

C u rren t

sa v in gs _a c c o un ts2

c u rre n t_ ac c o un ts1

2

2

w _m e sgT ra n sfe r_D is p lay_M es sag e

T ran sfe r_D is p lay _

In fo rm a tio n

3

4

5

6

3

no tic e 1

4

n o t ic e2

5

1

6

w arn in g6

w a rn in g7

s av in gs _ to_ c urre n t

ou tp u t_d e v ice5

Figure 4: No4

26

ExchangeNotice = composed ofamount_in_yen: nat0current_balance: nat0foreign_balance: realexchange_rate: nat0 /*US$1 = n JPY */end;

CashExchangeNotice =composed ofamount_in_yen: nat0amount_in_dollar: realforeign_balance: realend;

process Select_Foreign_Services(buying_yen, x1: sign |x2, buying_dollar: sign |x3, f_withdraw: sign |x4, s_balance: sign)f_sel: ForeignServiceCollection

post bound(buying_yen) and f_sel = <1> orbound(buying_dollar) and f_sel = <2> orbound(f_withdraw) and f_sel = <3> orbound(s_balance) and f_sel = <4>

commentThe output data flow f_sel is decided to take different value depending onthe availability of the input data flows.end_process;

process Foreign_Authorization(f_sel: SavingsServiceCollection,foreign_inf: CustomerInf)foreign_inf0: CustomerInf |foreign_inf1: CustomerInf |foreign_inf2: CustomerInf |foreign_inf3: CustomerInf |foreign_inf4: CustomerInf |f_mesg: string

ext rd foreign_currency_accountspost if foreign_inf inset dom(foreign_currency_accounts)

then case f_sel of<1> —> foreign_inf1 = foreign_inf;<2> —> foreign_inf2 = foreign_inf;<3> —> foreign_inf3 = foreign_inf;<4> —> foreign_inf4 = foreign_inf;end

else f_mesg = “Your password or account number is incorrect.”commentif the input account_no and password match those of the customer’sforeign currency account in the store foreign_currency_accounts

then generate output data flows based on the value of variable f_selelse output an error message.end_process;

process Buy_Dollars_From_Current(current_inf: CustomerInf,

27

foreign_inf0: CustomerInf,amount_in_yen: nat0)notice0: ExchangeNotice | warning8: string

ext wr current_accountswr foreign_currency_accountswr current_exchange_rate

post if amount_in_yen <= current_accounts(current_inf).balancethen let amount_in_dollar = amount_in_yen / current_exchange_rate

in current_accounts =override(~current_accounts,{current_inf —>modify(~current_accounts(current_inf),balance —>~current_accounts(current_inf).balance - amount_in_yen

)}

) andforeign_currency_accounts =override(~foreign_currency_accounts,{foreign_inf0 —>modify(~foreign_currency_accounts(foreign_inf0),balance —>~foreign_currency_accounts(foreign_inf0).balance + amount_in_dollar

)}

) andnotice0 = mk_ExchangeNotice(amount_in_yen, current_accounts(current_inf).balance,

foreign_currency_accounts(foreign_inf0).balance)else warning8 = “The requested amount is over the balance of your current account.”

commentif the amount_in_yen is less than or equal to the balance of the current accountthen

(1) calculate the transfer amount in US dollar based on the current exchange rate(2) reduce the amount transfered to the foreign currency account from the current account(3) add the transfered amount in US dollar to the foreign currency account(4) produce the notice to indicate the amount in yen, new balance of the current account,



process Buy_Yen_From_Foreign(current_account_no: nat0,foreign_inf1: customerInf,amount_in_dollar: real)notice1: ExchangeNotice | warning9: string

ext wr current_accountswr foreign_currency_accountsrd current_exchange_rate

post if amount_in_dollar <= foreign_currency_accounts(foreign_inf1).balancethen let amount_in_yen = floor(amount_in_dollar / current_exchange_rate)

in foreign_currency_accounts =override(~foreign_currency_accounts,

28

{foreign_inf1 —>modify(~foreign_currency_accounts(foreign_inf1),balance —>~foreign_currency_accounts(foreign_inf1).balance - amount_in_dollar

)}

) and(exists![x: dom(current_accounts)] |x.account_no = current_account_no andcurrent_accounts =override(~current_accounts,{x —>modify(~current_accounts(x),balance —>~current_accounts(x).balance + amount_in_yen

)}

)) andnotice1 =mk_ExchangeNotice(amount_in_yen,

current_accounts(x).balance,foreign_currency_accounts(foreign_inf1).balance)

else warning9= “The requested amount is over the balance of your foreign currency account.”commentif the amount in dollar is less than or equal to the balance of the foreign

currency accountthen

(1) calculate the transfered amount in yen based on the current exchange rate(2) add the amount in yen to the current account(3) reduce the requested transfer amount in US dollar from the foreign currency account(4) give a notice to show all the related data

else give a warning message to indicate that the requested transfer amount isover the balance of the foreign currency account.

end_process;

process Buy_Dollars_Using_CashYen(amount_in_yen: nat0, foreign_inf2: CustomerInf)notice2: CashExchangeNotice


post let amount_in_dollar = amount_in_yen / current_exchange_ratein foreign_currency_accounts =

override(~foreign_currency_accounts,{foreign_inf2 —>modify(~foreign_currency_accounts(foreign_inf2),balance —>~foreign_currency_accounts(foreign_inf2).balance + amount_in_dollar

)}

) andnotice2 =mk_CashExchangeNotice(amount_in_yen,

29

amount_in_dollar,foreign_currency_accounts(foreign_inf2).balance)

comment(1) calculate the amount in US dollar based on the amount_in_yen

and the current exchange rate(2) add the amount in dollar to the foreign currency account(3) give a notice to indicate the relevant data

end_process;

process Foreign_Withdraw(foreign_inf3: CustomerInf, amount_in_yen: nat0)notice3: CashExchangeNotice | warning10: string


post let amount_in_dollar = amount_in_yen / current_exchange_rateinif amount_in_dollar <= ~foreign_currency_accounts(foreign_inf3).balancethenforeign_currency_accounts =override(~foreign_currency_accounts,{foreign_inf3 —>modify(~foreign_currency_accounts(foreign_inf3),balance —>~foreign_currency_accounts(foreign_inf3).balance - amount_in_dollar

)}



else warning10 = “The requested amount is bigger thanthe balance of your foreign currencyaccount.”

comment if the amount_in_yen is less than or equal to the balance in yen, resultingfrom converting the balance in dollar based on the current exchange rate

then(1) calculate the amount in dollar based on the requested amount in yen

and the current exchange rate(2) provide a notice to show the related details(3) reduce the amount in dollar from the balance of the foreign



process Foreign_Show_Balance(foreign_inf4: CustomerInf)balance: real

ext rd foreign_currency_accountspost balance = foreign_currency_account(foreign_inf4).balancecommentProvide the balance of the foreign currency accountend_process;

30

process Foreign_Display_Information(notice0: ExchangeNotice |notice1: ExchangeNotice |notice2: CashExchangeNotice |notice3: CashExchangeNotice |balance: nat0)


bound(notice1) and output_device = conc(~output_device, [notice1]) orbound(notice2) and output_device = conc(~output_device, [notice2]) orbound(notice3) and output_device = conc(~output_device, [notice3]) orbound(balance) and output_device = conc(~output_device, [balance]) or


process Foreign_Display_Message(warning8: string |warning9: string |warning10: string)




end_module;


process Select_Password_Services(change_current, y1: sign |change_savings, y2: sign |y3, change_foreign: sign)p_sel: {<1>, <2>, <3>}

post bound(change_current) and p_sel = <1> orbound(change_savings) and p_sel = <2> orbound(change_foreign) and p_sel = <3>

commentAssign different values to p_sel depending on the availability ofthe input data flows.end_process;

process Decide_Account(p_sel: {<1>, <2>, <3>})q1: sign | q2: sign | q3: sign

post p_sel = <1> and bound(q1) or

31

S e lec t_S e r v ic e s

x 1

b u y in g _ y e n

x 2

b u yin g _ d o l la r

2

2

fo re ig n

x 3

3

f_ w ith d raw

3x 4

s_ b a lan c e f_ se l

fo re ig n _ in f

F o r e ig n _A u th o riz a tio n

c u rre n t_ in f

4

a m o u n t

a m o u n t_ in _ ye n

B u y _ D o lla rs _F ro m _ C u r re n t

B u y _ Y e n _F r o m _ F o r e ig n

B u y _ D o lla r s_U s in g _ C a sh Y e n

F o re ig n _W ith d r a w

n o tic e 0

5n o tice 1

8w a rn in g 8

6

n o t ic e 2

f o re ig n _ in f0

7

9w a rn in g 9

5

67

89

F o re ig n _D is p la y _

In fo rm a tio n

F o re ig n _D is p la y _M es sa g e

o u tp u t_ d ev ice5

10

10

c u r re n t_ a c co u n ts1

1 1

1 1

1 1

12

amo un t_ in _y e n

1 2

13

c u r re n t _a c c o u n t _n o

1 3fo re ig n _ in f1

am oun t_ in _d o llar

1 4

1 5

16

17

am o un t _in _y e n

1 4

fo r e ig n _in f2

F o r e ign _S ho w _

B a la n c e

15

fo r e ign _in f3

1 6

fo r e ig n _in f4

1 8

n o t ic e 3

1 8ba la n c e

w a r n in g 1 0

17

f_m esg

fo re ig n _ c u rre n c y_ a c c o u n ts

3

1 9

19

19

1 9

19

20

2 0

Figure 5: No5

32

p_sel = <2> and bound(q2) orp_sel = <3> and bound(q3)

commentGenerate q1, q2, or q3 depending on the value of the input data flowp_sel.end_process;

process Change_Current_Password(current_inf: CustomerInf,new_pass1: Password,q1: sign)s_notice1: string |warning11: string

ext wr current_accountswr all_used_passwords

post let old_pass = current_inf.passinif current_inf inset dom(current_accounts)thencurrent_accounts =override(domrb({current_inf}, ~current_accounts),{modify(current_inf, pass —> new_pass1) —>~current_accounts(current_inf)} ) and

all_used_passwords = diff(~all_used_passwords, {old_pass}) ands_notice1 = “successful”

else warning11 = “Your old password or account number is incorrect.”commentIf the customer has a current account, then his old password will be changedto the new one and a notice is issued to indiate the success of the change.Otherwise, a warning message will be generated.end_process;

process Change_Savings_Password(q2: sign, savings_inf: CustomerInf,new_pass2: Password)s_notice2: string |warning12: string

ext wr savings_accountswr all_used_passwords

post let old_pass = savings_inf.passinif savings_inf inset dom(savings_accounts)thensavings_accounts =override(domrb({savings_inf}, ~savings_accounts),{modify(savings_inf, pass —> new_pass2) —>~savings_accounts(savings_inf)} ) and


else warning12 = “Your old password or account number is incorrect.”commentIf the customer has a savings account, then his old password will be changed

33

to the new one and a notice is issued to indiate the success of the change.Otherwise, a warning message will be generated.end_process;

process Change_Foreign_Password(q3: sign, foreign_inf: CustomerInf,new_pass3: Password)s_notice3: string |warning13: string

ext wr foreign_currency_accountswr all_used_passwords

post let old_pass = foreign_inf.passinif foreign_inf inset dom(foreign_currency_accounts)thenforeign_currency_accounts =override(domrb({foreign_inf}, ~foreign_currency_accounts),{modify(foreign_inf, pass —> new_pass3) —>~foreign_currency_accounts(foreign_inf)} ) and


else warning13 = “Your old password or account number is incorrect.”commentIf the customer has a foreign currency account, then his old password will be changedto the new one and a notice is issued to indiate the success of the change.Otherwise, a warning message will be generated.end_process;

process Display_Success_Message(s_notice1: string |s_notice2: string |s_notice3: string)

ext wr output_devicepost bound(s_notice1) and output_device = conc(~output_device, [s_notice1]) or

bound(s_notice2) and output_device = conc(~output_device, [s_notice2]) orbound(s_notice3) and output_device = conc(~output_device, [s_notice3])


process Display_Warning_Message(warning11: string |warning12: string |warning13: string)



commentDisplay the input warning messages onto the output device based on theiravailability.end_process;

34

cu r ren t _a ccoun ts1

sav in g s _a ccoun ts2

f o r e ign _ cu rr ency _

accoun t s3

ou t p ut _ d ev ice5

c h a n ge _ p a s sy1

y2

c h a n g e _ c u rr e n t

1

c h a n g e _ s a v in gs

1

y3

c h a n g e _ fo re ig n

S e le c t_P as s w o rd _

S e rv ic e s p _ s e l

D ec id e_A cc o u n t

q 1

q 2

q 3

c u rre n t_ in f

n e w _ p a s s 1

2 3

s a v in g s _ in f n e w _ p a s s 2

2

3

fo r e ign _ in f

n e w _ p a s s3

C h an g e _C u rren t_P a s sw o rd

C h a n g e_S a v in g s _P as s w o rd

C h an g e _F o re i g n _P a s sw o rd

4

5

6

7

8

9

s _ n o t ic e 1

w a rn in g 11

s _ n o tic e 2

w a rn in g 1 2

s_ n o t ic e 3

w a rn in g1 3

D is p la y _S u cc es s _M es s a g e

D is p la y _W a rn in g _M es s ag e

4

6

8

5

7

9

a l l_ u s e d _ p a s s w o rd s4

10

10

Figure 6: No6

end_module; /*The end of the implicit abstract design specification */

/*The explicit formal detailed design specification is given below. */

module SYSTEM_ATM;constmaximum_withdraw_once = 1,000,000; /*The unit is JPY, likewise for the following constants.*/maximum_withdraw_day = 5,000,000;maximum_deposit_once = 1,000,000;maximum_withdraw_application = 3,000,000;ATM_no = i; /*i is any natural number*/typePassword = nat0; /*A password is a natural number */CurrentAccountInf = AccountInf;CurrentAccountFile = map CustomerInf to CurrentAccountInf;SavingsAccountFile = map CustomerInf to SavingsAccountInf;ForeignCurrencyAccountFile = map CustomerInf to ForeignCurrencyAccountInf;varext #current_accounts: CurrentAccountFile;ext #savings_accounts: SavingsAccountFile;ext #foreign_currency_accounts: ForeignCurrencyAccountFile;

35

ext #today: Date; /*The variable today is assumed to change to reflectthe date of today in calender.*/

ext #current_time: Time; /*This variable represents a clock telling the current time */invforall[x: CustomerInf] | not exists[y: CustomerInf] | x.account_no = y.account_no;

/*Each customer’s account is unique */forall[x, y: Transaction] | x <> y; /*All the transactions are different. */forall[x, y: {current, savings, transfer, foreign_currency, change_pass}] |

bound(x) and bound(y) = false;/*Any two of the reltaed control data flows cannot become available at the same time */behav CDFD_No1;

process Manage_Current_Account(current: sign)ext wr current_accountsend;

process Manage_Savings_Account(savings: sign)ext wr savings_accountsend;

process Manage_Transfer(transfer: sign)ext wr current_accounts

wr savings_accountsend;

process Manage_Foreign_Currency_Account(foreign_currency: sign)ext wr foreign_currency_accountsend;

process Change_Password(change_pass: sign)ext wr all_used_passwords

wr foreign_currency_accountswr savings_accountswr current_accounts

end;

end_module;/* Below gives the class definitions resulting from the composite types defined in themodules of the abstract design specification. */

class CustomerInf;varaccount_no: nat0;pass: nat0;

method Init()post account_no = 0 and

pass = 0end_method;end_class;

class AccountInf;

36

varname: string;balance: nat0;transaction_history: seq of Transaction;method Init()explicitbeginname := ””; /*empty string*/balance := 0;transaction_history := [ ] /*empty sequence */endend_method;method Increase_Balance(amount: nat0)ext wr balancepost balance = ~balance + amountend_method;

method Decrease_Balance(amount: nat0)ext wr balancepost balance = ~balance - amountend_method;

method Update_Transaction_History(transaction: Transaction)ext wr transaction_historypost transaction_history = conc(~transaction_history, [transaction])end_method;end_class;

class CurrentAccountInf / AccountInf;end_class;

class SavingsAccountInf / AccountInf;varwithdraw_application_amount: nat0;application_status: bool;

method Init()post withdraw_application_amount = 0 and

application_status = trueend_method;

method Set_Application_Amount(amount: nat0)ext wr withdraw_application_amount

wr application_statuspost withdraw_application_amount = amount and

application_status = trueend_method;

end_class;

class ForeignCurrencyAccountInf / AccountInf;

37

end_class;

class ApplicationNotice;varapplication_amount: nat0;application_successful: string;

method Init()post application_amount = 0 and

application_successful = ””end_method;

end_class;

class Transaction;typeCurrentAccountsFile = SYSTEM_ATM.CurrentAccountsFile;vardate: Date;time: Time;payment: nat0;deposit: nat0;balance: nat0;atm_no: nat0;

method Init()explicitbegindate := new Date;time := new Time;payment = 0;deposit = 0;atm_no = 0;

endend_method;

method Get_Transaction(current_accounts: CurrentAccountsFile,date1: SYSTEM_ATM.Date,time1: SYSTEM_ATM.Time,pay1: nat0,deposit1: nat0,current_inf: CustomerInf) transaction: Transaction

ext wr datewr timewr paymentwr depositwr balance

explicitbegindate := date1;time := time1;

38

payment := pay1;deposit := deposit1;balance := current_accounts(current_inf).balance;transation := this /*assign current object to transaction */endend_method;

method Get_Savings_Transaction(savings_accounts: SavingsAccountsFile,date1: SYSTEM_ATM.Date,time1: SYSTEM_ATM.Time,pay1: nat0,deposit1: nat0,customer_inf: CustomerInf) transaction: Transaction

ext wr datewr timewr paymentwr depositwr balance

explicitbegindate := date1;time := time1;payment := pay1;deposit := deposit1;balance := savings_accounts(customer_inf).balance;transaction := this /* assign the current object to transaction */endend_method;end_class;

class Date;varday: nat0;month: nat0;year: nat0;method Init()post day = 0 and

month = 0 andyear = 0

end_method;

end_class;

class Notice;vartransaction_amount: nat0;updated_balance: nat0;method Init()post transaction_amount = 0 and

updated_balance = 0end_method;

39

method Make_Notice(amount: nat0, balance: nat0)ext wr transaction_amount

wr updated_balanceexplicitbegintransaction_amount := amount;updated_balance := balanceendend_method;end_class;

class TransferNotice;vartransaction_amount: nat0from_account_balance: nat0to_account_balance: nat0

method Init()post transaction_amount = 0 and

from_account_balance = 0 andto_account_balance = 0

end_method;

method Make_TransferNotice(transfer_amount1: nat0,from_balance: nat0,to_balance: nat0)

ext wr transaction_amountwr from_account_balancewr to_account_balance

post transaction_amount = transfer_amount1 andfrom_account_balance = from_balance andto_account_balance = to_balance

end_method

end_class;/*The end of class definitions at this point. Below gives other modulesdeinitions, which are decompositions of the high level processesdefined in the top-level module SYSTEM_ATM. */

module Manage_Current_Account_Decom / SYSTEM_ATM;typeOutputDevice = seq of universal;/*universal is a union type containing any possible types */InputDevice = seq of universal;ServiceCollection = {<1>, <2>, <3>, <4>};varext #current_accounts: CurrentAccountFile;ext #output_device: OutputDevice;ext #inputDevice: InputDevice;invforall[x, y: {deposit, withdraw, s_balance, p_transactions}] |


40

process Select_Services(deposit, a: sign |b, withdraw: sign |c, s_balance: sign |d, p_transactions: sign) sel: ServiceCollection

post bound(deposit) and sel = <1> orbound(withdraw) and sel = <2> orbound(s_balance) and sel = <3> orbound(p_transactions) and sel = <4>

explicitif bound(deposit)then sel := <1>else if bound(withdraw)

then sel := <2>else if bound(s_balance)

then sel := <3>else if bound(p_transactions)

then sel := <4>commentThe output data flow sel is decided to take different value depending onthe availability of the input data flows.end_process;

process Current_Authorization(sel: ServiceCollection,current_inf: CustomerInf)current_inf1: CustomerInf |current_inf2: CustomerInf |current_inf3: CustomerInf |current_inf4: CustomerInf |e_mesg1: string

ext rd current_accountspost if current_inf inset dom(current_accounts)

then case sel of<1> —> current_inf1 = current_inf;<2> —> current_inf2 = current_inf;<3> —> current_inf3 = current_inf;<4> —> current_inf4 = current_inf;end

else e_mesg1 = “Your password or account number is incorrect.”explicit

if current_inf inset dom(current_accounts)then case sel of

<1> —> current_inf1 := current_inf;<2> —> current_inf2 := current_inf;<3> —> current_inf3 := current_inf;<4> —> current_inf4 := current_inf;end

else e_mesg1 := “Your password or account number is incorrect.”commentif the input account_no and password match those of the customer’s

current account in the store current_accountsthen generate output permissionelse output an error message.

41

end_process;

process Current_Deposit(deposit_amount: nat0, current_inf1: CustomerInf)notice1: Notice | warning1: string

ext wr current_accounts;post if deposit_amount <= maximum_deposit_once

thencurrent_accounts =override(~current_accounts,{current_inf1 —>modify(~current_accounts(current_inf1),balance —>~current_accounts(current_inf1).balance + deposit_amount,transaction_history —>conc(~current_accounts(current_inf1).transaction_history,

[Get_Transaction(current_accounts, today, current_time, 0, deposit_amount, current_inf1)]))

}) andnotice1 = mk_Notice(deposit_amount, current_accounts(current_inf1).balance))

else warning1 = “Your amount is over 1000000 yen limit.”explicitaccount_inf: CurrentAccountInf;transaction: Transaction;begin

account_inf := new CurrentAccountInf;transaction := new Transaction;if deposit_amount <= maximum_deposit_oncethenbeginaccount_inf := current_accounts(current_inf1);account_inf.Increase_Balance(deposit_amount);account_inf.Update_Transaction_History(transaction.Get_Transaction(current_accounts, today, current_time,

0, deposit_amount, current_inf1));current_accounts :=override(current_accounts,{current_inf1 —> account_inf});

notice1 := new Notice;notice1.Make_Notice(deposit_amount,

current_accounts(current_inf1).balance)end

else warning1 := “Your amount is over 1000000 yen limit.”end

commentif the input deposit_amount is less than or equal to the maximum_deposit_oncethen

(1) add the deposit_amount to the current_account(2) give the customer a notice showing the amount of deposit and the updated balance(3) update the transaction history of the account

else give a warning message to indicate that the amount is over the limit.

42

end_process;

process Current_Withdraw(current_inf2: CustomerInf, amount: nat0)notice2: Notice | warning2: string

ext wr current_accountspost if amount <= maximum_withdraw_one and

amount <= ~current_accounts(current_inf2).balancethencurrent_accounts =override(~current_accounts,

{current_inf2 —>modify(~current_accounts(current_inf2),balance —>~current_accounts(current_inf2).balance - amount,transaction_history —>conc(~current_accounts(current_inf2).transaction_history,[Get_Transaction(current_accounts, today, current_time, amount, 0, current_inf2)]

))

}) andnotice2 = mk_Notice(amount, current_accounts(current_inf2).balance))

else warning2 = “Your withdraw amount is over the limit.”explicitaccount_inf: CurrentAccountInf;transaction: Transaction;begin

account_inf := new CurrentAccountInf;transaction := new Transaction;if amount <= maximum_withdraw_once andamount <= current_accounts(current_inf2).balance

thenbeginaccount_inf := current_accounts(current_inf2);account_inf.Decrease_Balance(amount);account_inf.Update_Transaction_History(transaction.Get_Transaction(current_accounts, today, current_time,

amount, 0, current_inf2));current_accounts :=override(current_accounts,{current_inf2 —> account_inf});

notice2 := new Notice;notice2.Make_Notice(amount,

current_accounts(current_inf2).balance)end


commentif the input amount is less than or equal to the

balance of the account and the maximum_withdraw_oncethen

(1) output the cash of the requested amount

43

(2) reduce the withdraw amount from the balance(3) update the transaction history of the account(4) give a notice


end_process;

process Current_Show_Balacnce(current_inf3: CustomerInf)balance: nat0

ext rd current_accountspost balance = current_accounts(current_inf3).balanceexplicitbalance := current_accounts(current_inf3).balancecommentdisplay the balance of the customer’s current accountend_process;

process Current_Print_Transaction_Records(current_inf4: CustomerInf, date: Date)transaction_records: TransactionRecords

ext rd current_accountspost let transactions = current_accounts(current_inf4).transaction_history


explicittransactions: seq of Transaction;index: nat0;begintransactions := current_accounts(current_inf4).transaction_history;index := get({i | i: inds(transactions) & transactions(i).date = date});transaction_records := transactions(index, ..., len(transactions))endcommentprint out the transaction records since the input dateend_process;

process Display_Information(notice1: Notice |notice2: Notice |balance: nat0 |transaction_records: TransactionRecords)


bound(notice2) and output_device = conc(~output_device, [notice2]) orbound(balance) and output_device = conc(~output_device, [balance]) orbound(transaction_records) and output_device =conc(~output_device, [transactions_records])

explicitif bound(notice1)then output_device := conc(~output_device, [notice1])else if bound(notice2)

then output_device = conc(~output_device, [notice2])else if bound(balance)

44

then output_device = conc(~output_device, [balance])else output_device = conc(~output_device, [transactions_records])


process Display_Message(warning1: string |warning2: string |e_mesg1: string)


bound(warning2) and output_device = conc(~output_device, [warning2]) orbound(e_mesg1) and output_device = conc(~output_device, [e_mesg1])

explicitif bound(warning1)then output_device := conc(~output_device, [warning1])else if bound(warning2)

then output_device := conc(~output_device, [warning2])else output_device := conc(~output_device, [e_mesg1])


end_module;

module Manage_Savings_Account_Decom / SYSTEM_ATM;typeNotice = Manage_Current_Account_Decom.Notice;OutputDevice = Manage_Current_Account_Decom.OutputDevice;InputDevice = Manage_Current_Account_Decom.InputDevice;SavingsServiceCollection = {<1>, <2>, <3>, <4>, <5>};varext #current_accounts: CurrentAccountFile;ext #output_device: OutputDevice;ext #InputDevice: InputDevice;invforall[x, y: {s_deposit, apply, s_withdraw, s_s_balance, s_p_transactions}] |


process Select_Savings_Services(s_deposit, a1: sign |b1, apply: sign |c1, s_withdraw: sign |d1, s_s_balance: sign |e1, s_p_transactions: sign)sel: SavingsServiceCollection

post bound(s_deposit) and sel = <1> orbound(apply) and sel = <2> orbound(s_withdraw) and sel = <3> orbound(s_s_balance) and sel = <4> or

45

bound(s_p_transactions) and sel = <5>explicitbeginif bound(s_deposit)then sel := <1>else if bound(apply)

then sel := <2>else if bound(s_withdraw)

then sel := <3>else if bound(s_s_balance)

then sel := <4>else sel := <5>

endcommentThe output data flow sel is decided to take different value depending onthe availability of the input data flows.end_process;

process Savings_Authorization(sel: SavingsServiceCollection,savings_inf: CustomerInf)savings_inf1: CustomerInf |savings_inf2: CustomerInf |savings_inf3: CustomerInf |savings_inf4: CustomerInf |savings_inf5: CustomerInf |e_mesg2: string

ext rd savings_accountspost if savings_inf inset dom(savings_accounts)

then case sel of<1> —> savings_inf1 = savings_inf;<2> —> savings_inf2 = savings_inf;<3> —> savings_inf3 = savings_inf;<4> —> savings_inf4 = savings_inf;<5> —> savings_inf5 = savings_inf;end

else e_mesg2 = “Your password or account number is incorrect.”explicit

if savings_inf inset dom(savings_accounts)then case sel of

<1> —> savings_inf1 := savings_inf;<2> —> savings_inf2 := savings_inf;<3> —> savings_inf3 := savings_inf;<4> —> savings_inf4 := savings_inf;<5> —> savings_inf5 := savings_infend

else e_mesg2 := “Your password or account number is incorrect.”commentif the input account_no and password match those of the customer’s

savings account in the store savings_accountsthen generate output data flows based on the value of variable selelse output an error message.end_process;

46

process Savings_Deposit(d_amount: nat0, savings_inf1: CustomerInf)notice1: Notice | warning3: string

ext wr savings_accounts;post if d_amount <= maximum_deposit_once

thensavings_accounts =override(~savings_accounts,{savings_inf1 —>modify(~savings_accounts(savings_inf1),balance —>~savings_accounts(savings_inf1).balance + d_amount,transaction_history —>conc(~savings_accounts(savings_inf1).transaction_history,

[Get_Savings_Transaction(savings_accounts, today, current_time, 0, d_amount,savings_inf1)]

))

}) andnotice1 = mk_Notice(d_amount, savings_accounts(savings_inf1).balance))

else warning3 = “Your amount is over 1000000 yen limit.”explicitaccount_inf: savingsAccountInf;transaction: Transaction;begin

account_inf := new savingsAccountInf;transaction := new Transaction;if d_amount <= maximum_deposit_oncethenbeginaccount_inf := savings_accounts(savings_inf1);account_inf.Increase_Balance(d_amount);account_inf.Update_Transaction_History(transaction.Get_Savings_Transaction(savings_accounts, today, current_time,

0, d_amount, savings_inf1));savings_accounts :=override(savings_accounts,{savings_inf1 —> account_inf});

notice1 := new Notice;notice1.Make_Notice(d_amount,

savings_accounts(savings_inf1).balance)end


commentif the input d_amount is less than or equal to the maximum_deposit_oncethen

(1) add the d_amount to the savings_account(2) give the customer a notice showing the amount of deposit and the updated balance(3) update the transaction history of the account


47

process Apply_Withdraw(savings_inf2: CustomerInf, a_amount: nat0)a_notice: string | warning4: string

ext wr savings_accountspost if a_amount <= maximum_withdraw_application


{savings_inf2 —>modify(~savings_accounts(savings_inf2),withdraw_application_amount: nat0 —>a_amount,application_status —> true)

}) and

a_notice = “Your application is successful”else warning4 = “Your application amount is over the limit.”

explicitbeginaccount_inf := new SavingsAccountInf;if a_amount <= maximum_withdraw_applicationthenbeginaccount_inf := savings_accounts(savings_inf2);account_inf.Set_Application_Amount(a_amount);savings_accounts :=override(~savings_accounts,

{savings_inf2 —> account_inf)});

a_notice := “Your application is successful”endelse warning4 := “Your application amount is over the limit.”

endcommentIf the applied withdraw amount a_amount is within the fixed limit,then change the withdraw_application_amount to the applied withdrawamount and the application_status to true, indicating the application ismade, and issue a notice to tell the customer that the application issuccessful. Otherwise, give a warning message to indicate that theapplied withdraw amount is over the fixed limit.end_process;

process Savings_Withdraw(savings_inf3: CustomerInf, w_amount: nat0)notice2: Notice | warning5: string

ext wr savings_accountspost if w_amount <= ~savings_accounts(savings_inf3).withdraw_application_amount and

w_amount <= ~savings_accounts(savings_inf3).balancethensavings_accounts =override(~savings_accounts,

{savings_inf3 —>modify(~savings_accounts(savings_inf3),

48

balance —>~savings_accounts(savings_inf3).balance - w_amount,transaction_history —>conc(~savings_accounts(savings_inf3).transaction_history,

[Get_Savings_Transaction(savings_accounts, today, savings_time, w_amount, 0,savings_inf3)]

))

}) andnotice2 = mk_Notice(w_amount, savings_accounts(savings_inf3).balance))

else warning5 = “Your withdraw amount is over the limit.”explicitaccount_inf: SavingsAccountInf;transaction: Transaction;beginaccount_inf := new SavingsAccountInf;transaction := new Transaction;if w_amount <= ~savings_accounts(savings_inf3).withdraw_application_amount andamount <= savings_accounts(savings_inf3).balance

thenbeginaccount_inf := savings_accounts(savings_inf3);account_inf.Decrease_Balance(w_amount);account_inf.Update_Transaction_History(transaction.Get_Savings_Transaction(savings_accounts, today, current_time,

w_amount, 0, savings_inf3));savings_accounts :=override(savings_accounts,{savings_inf3 —> account_inf});

notice2 := new Notice;notice2.Make_Notice(w_amount,

savings_accounts(savings_inf3).balance)end


commentif the input w_amount is less than or equal to the applied withdraw amountand the balance of the savings account

then(1) output the cash of the requested amount(2) reduce the withdraw amount from the balance(3) update the transaction history of the account(4) give a notice


end_process;

process Savings_Show_Balacnce(savings_inf4: CustomerInf)s_balance: nat0

ext rd savings_accountspost s_balance = savings_accounts(savings_inf4).balance

49

explicits_balance := savings_accounts(savings_inf4).balancecommentDisplay the balance of the customer’s savings accountend_process;

process Savings_Print_Transaction_Records(savings_inf5: CustomerInf, date: Date)transaction_records: TransactionRecords

ext rd savings_accountspost let transactions = savings_accounts(savings_inf5).transaction_history


explicittransactions: seq of Transaction;index: nat0;begintransactions := savings_accounts(savings_inf5).transaction_history;index := get({i | i: inds(transactions) & transactions(i).date = date});transaction_records := transactions(index, ..., len(transactions))

endcommentPrint out the transaction records since the input dateend_process;

process Savings_Display_Information(notice1: Notice |a_notice: string |notice2: Notice |s_balance: nat0 |transaction_records: TransactionRecords)


bound(a_notice) and output_device = conc(~output_device, [a_notice]) orbound(notice2) and output_device = conc(~output_device, [notice2]) orbound(s_balance) and output_device = conc(~output_device, [s_balance]) orbound(transaction_records) and output_device =conc(~output_device, [transactions_records])

explicitif bound(notice1)then output_device := conc(~output_device, [notice1])else if bound(a_notice)

then output_device := conc(~output_device, [a_notice])else if bound(notice2)

then output_device := conc(~output_device, [notice2])else if bound(s_balance)

then output_device := conc(~output_device, [s_balance])else output_device := conc(~output_device, [transactions_records])


50

process Savings_Display_Message(warning3: string |warning4: string |warning5: string |e_mesg2: string)


bound(warning4) and output_device = conc(~output_device, [warning4]) orbound(warning5) and output_device = conc(~output_device, [warning5]) orbound(e_mesg2) and output_device = conc(~output_device, [e_mesg2])


then output_device := conc(~output_device, [warning4])else if bound(warning5)

then output_device := conc(~output_device, [warning5])else output_device := conc(~output_device, [e_mesg2])

commentDisplay the input data flows onto the output device based on theiravailability.end_process;end_module;

module Manage_Transfer_Decom / SYSTEM_ATM;varext #savings_accounts;ext #savings_accounts;

process Select_Transfer_Services(current_to_savings, a2: sign |b2, savings_to_current: sign)sel1: bool

post bound(current_to_savings) and sel1 = true orbound(savings_to_current) and sel1 = false

explicitif bound(current_to_savings)then sel1 := trueelse sel1 := falsecommentsel1 is decided based on the availability of the input data flows.end_process;

process Transfer_Authorization(sel1: bool,customer_inf: CustomerInf)customer_inf1: CustomerInf |customer_inf2: CustomerInf |w_mesg: string

ext rd savings_accountsrd current_accounts

post if sel1then if customer_inf inset dom(current_accounts)


51



your savings account is incorrect.”explicit

if sel1then if customer_inf inset dom(current_accounts)

then customer_inf1 := customer_infelse w_mesg := “The password or account number of


then customer_inf2 := customer_infelse w_mesg := “The password or account number of

your savings account is incorrect.”commentCheck whether the customer’s account number and passwordare confirmed. If yes, pass the input customer_inf to eithercustomer_inf1 or customer_inf2, depending on from whichof the current and savings accounts the transfer will be done.end_process;



post if transfer_amount1 <= current_accounts(current_inf).balancethencurrent_accounts = override(~current_accounts,{current_inf —>modify(~current_accounts(current_inf),balance —>~current_accounts(current_inf).balance - transfer_amount1

)}

) and(exists![x: dom(savings_accounts)] |

x.account_no = savings_account_no andsavings_accounts =override(~savings_accounts,{x —>modify(~savings_accounts(x),

balance —>~savings_accounts(x).balance + transfer_amount1)}) and

notice1 =mk_TransferNotice(transfer_amount1,

current_accounts(current_inf).balance,savings_accounts(x).balance)

52

else warning6 = “Your transfer amount is over the balance.”explicitbeginaccount_inf: CurrentAccountInf;s_account_inf: SavingsAccountInf;savings_inf: CustomerInf;account_inf = new CurrentAccountInf;s_account_inf := new SavingsAccountInf;savings_inf := new CustomerInf;if transfer_amount1 <= current_accounts(current_inf).balancethenbeginaccount_inf :=modify(current_accounts(current_inf),

balance —>current_accounts(current_inf).balance - transfer_amount1);

current_accounts :=override(current_accounts,{current_inf —> account_inf});

savings_inf := get{x | x: dom(savings_accounts) &x.account_no = savings_account_no};

s_account_inf :=modify(savings_accounts(savings_inf),

balance —>savings_accounts(savings_inf).balance + transfer_amount1);

savings_accounts :=override(savings_accounts,

savings_inf —> s_account_inf});notice1 := new TransferNotice;notice1.Make_TransferNotice(transfer_amount1,

current_accounts(current_inf).balance,savings_accounts(x).balance);

endelse warning6 := “Your transfer amount is over the balance.”

endcommentif transfer_account is greater than the balance of the current accountthen give a warning messageelse

(1) add the requested amount to the savings account(2) reduce the requested amount from the balance of the current account(3) give a notice to show the detail of the transfer

end_process;

process Transfer_From_Savings_To_Current(savings_inf: CustomerInf,current_account_no: nat0,transfer_amount2: nat0)notice2: TransferNotice |warning7: string


53

post let savings_account_inf = ~savings_accounts(savings_inf)in if savings_account_inf.application_status and

savings_account_inf.withdraw_application_amount >=transfer_amount2


{savings_inf —>modify(savings_account_inf,

balance —>savings_account_inf.balance -transfer_amount2,

withdraw_application_amount —>savings_account_inf.withdraw_application_amount -transfer_amount2)

}) and

(exists![x: dom(current_accounts)] |x.account_no = current_account_no andcurrent_accounts =override(~current_accounts,{x —> modify(~current_accounts(x).balance + transfer_amount2)}


savings_accounts(savings_inf).balance,current_accounts(x).balance)

else warning7 = “Your transfer amount is over the applied transfer amount.”explicitaccount_inf: CurrentAccountInf;savings_account_inf: SavingsAccountInf;current_inf: CustomerInf;account_inf = new CurrentAccountInf;current_inf := new CurrentInf;savings_account_inf := new SavingsAccountInf;savings_account_inf := savings_accounts(savings_inf);s_account_inf := new SavingsAccountInf;savings_inf := new CustomerInf;if savings_account_inf.application_status andsavings_account_inf.withdraw_application_amount >=transfer_amount2

thenbeginsavings_account_inf :=modify(savings_account_inf,

balance —>savings_account_inf.balance -transfer_amount2,withdraw_application_amount —>savings_account_inf.withdraw_application_amount -

54

transfer_amount2);savings_accounts =

override(savings_accounts,{savings_inf —> savings_account_inf};

current_inf := get{x | x: dom(current_accounts) &x.account_no = current_account_no};

account_inf :=modify(current_accounts(current_inf),

balance —>current_accounts(current_inf).balance + transfer_amount2);

current_accounts :=override(current_accounts,

current_inf —> account_inf});notice2.Make_TransferNotice(transfer_amount2,

savings_accounts(savings_inf).balance,current_accounts(current_inf).balance);

endelse warning7 := “Your transfer amount is over the applied transfer amount.”

commentif (1) the customer has made an application of withdraw from




elsegive a warning message

end_process;

process Transfer_Display_Information(notice1: TransferNotice |notice2: TransferNotice)


bound(notice2) and output_device = conc(~output_device, [notice2])explicitif bound(notice1)then output_device := conc(~output_device, [notice1])else output_device := conc(~output_device, [notice2])commentDisplay the input data flows onto the output device based on theiravailability.end_process;

process Transfer_Display_Message(w_mesg: string |warning6: string |warning7: string)

ext wr output_device

55

post bound(w_mesg) and output_device = conc(~output_device, [w_mesg]) orbound(warning6) and output_device = conc(~output_device, [warning6]) orbound(warning7) and output_device = conc(~output_device, [warning7])

explicitif bound(w_mesg)then output_device := conc(~output_device, [w_mesg])else if bound(warning6)

then output_device := conc(~output_device, [warning6])else output_device := conc(~output_device, [warning7])


end_module;

class ExchangeNotice;varamount_in_yen: nat0;current_balance: nat0;foreign_balance: real;exchange_rate: nat0; /*Assume US$1 = 120 JPY */

method Init()post amount_in_yen = 0 and

current_balance = 0 andforeign_balance = 0 andexchange_rate = 120

end_method;

method Make_ExchangeNotice(amount_in_yen,c_balance,f_balance: nat0)

ext wr amount_in_yenwr current_balancewr foreign_balance

post this.amount_in_yen = amount_in_yen andcurrent_balance = c_balance andforeign_balance = f_balance

end_method

end_class;

class CashExchangeNoticevaramount_in_yen: nat0;amount_in_dollar: real;foreign_balance: real;

method Init()post amount_in_yen = 0 and

56

amount_in_dollar = 0 andforeign_balance = 0

end_method;

method Make_CashExchangeNotice(yen_amount: nat0,dollar_amount,f_balance: : real)

ext wr amount_in_yenwr amount_in_dollarwr foreign_balance

post amount_in_yen = yen_amount andamount_in_dollar = dollar_amount andforeign_balance = f_balance

end_method;

end_class;

module Manage_Foreign_Currency_Account / SYSTEM_ATM;varext #foreign_currency_accounts: ForeignCurrencyAccounts;process Select_Foreign_Services(buying_yen, x1: sign |

x2, buying_dollar: sign |x3, f_withdraw: sign |x4, s_balance: sign)f_sel: ForeignServiceCollection

post bound(buying_yen) and f_sel = <1> orbound(buying_dollar) and f_sel = <2> orbound(f_withdraw) and f_sel = <3> orbound(s_balance) and f_sel = <4>

explicitif bound(buying_yen)then f_sel := <1>else if bound(buying_dollar)

then f_sel := <2>else if bound(f_withdraw)

then f_sel := <3>else f_sel := <4>

commentThe output data flow f_sel is decided to take different value depending onthe availability of the input data flows.end_process;

process Foreign_Authorization(f_sel: SavingsServiceCollection,foreign_inf: CustomerInf)foreign_inf0: CustomerInf |foreign_inf1: CustomerInf |foreign_inf2: CustomerInf |foreign_inf3: CustomerInf |foreign_inf4: CustomerInf |f_mesg: string

ext rd foreign_currency_accounts

57

post if foreign_inf inset dom(foreign_currency_accounts)then case f_sel of

<1> —> foreign_inf0 = foreign_inf;<2> —> foreign_inf1 = foreign_inf;<3> —> foreign_inf2 = foreign_inf;<4> —> foreign_inf3 = foreign_inf;<5> —> foreign_inf4 = foreign_infend

else f_mesg = “Your password or account number is incorrect.”explicitif foreign_inf inset dom(foreign_currency_accounts)then case f_sel of

<1> —> foreign_inf0 := foreign_inf;<2> —> foreign_inf1 := foreign_inf;<3> —> foreign_inf2 := foreign_inf;<4> —> foreign_inf3 := foreign_inf;<5> —> foreign_inf4 := foreign_infend

else f_mesg := “Your password or account number is incorrect.”commentif the input account_no and password match those of the customer’sforeign currency account in the store foreign_currency_accounts

then generate output data flows based on the value of variable f_selelse output an error message.end_process;

process Buy_Dollars_From_Current(current_inf: CustomerInf,foreign_inf0: CustomerInf,amount_in_yen: nat0)notice0: ExchangeNotice | warning8: string

ext wr current_accountswr foreign_currency_accountswr current_exchange_rate

post if amount_in_yen <= current_accounts(current_inf).balancethen let amount_in_dollar = amount_in_yen / current_exchange_rate

in current_accounts =override(~current_accounts,{current_inf —>modify(~current_accounts(current_inf),balance —>~current_accounts(current_inf).balance - amount_in_yen

)}

) andforeign_currency_accounts =override(~foreign_currency_accounts,{foreign_inf0 —>modify(~foreign_currency_accounts(foreign_inf0),balance —>~foreign_currency_accounts(foreign_inf0).balance + amount_in_dollar

)}

58

) andnotice0 = mk_ExchangeNotice(amount_in_yen, current_accounts(current_inf).balance,

foreign_currency_accounts(foreign_inf0).balance)else warning8 = “The requested amount is over the balance of your current account.”

explicitamount_in_dollar: real;current_account_inf: CurrentAccountInf;foreign_currency_account_inf: ForeignCurrencyAccountInf;

amount_in_dollar := amount_in_yen / current_exchange_rate;current_account_inf := new CurrentAccountInf;foreign_currency_account_inf := new ForeignCurrencyAccountInf;

if amount_in_yen <= current_accounts(current_inf).balancethenbegincurrent_account_inf :=modify(current_accounts(current_inf),

balance —>current_accounts(current_inf).balance -

amount_in_yen);current_accounts :=override(current_accounts,

{current_inf —> current_account_inf});foreign_currency_account_inf :=modify(foreign_currency_accounts(foreign_inf0),

balance —>foreign_currency_accounts(foreign_inf0).balance +

amount_in_dollarforeign_currency_accounts :=

override(~foreign_currency_accounts,{foreign_inf0 —> foreign_currency_account_inf});

notice0.Make_ExchangeNotice(amount_in_yen,current_accounts(current_inf).balance,foreign_currency_accounts(foreign_inf0).balance)

endelse warning8 := “The requested amount is over the balance of

your current account.”commentif the amount_in_yen is less than or equal to the balance of the current accountthen

(1) calculate the transfer amount in US dollar based on the current exchange rate(2) reduce the amount transfered to the foreign currency account from the current account(3) add the transfered amount in US dollar to the foreign currency account(4) produce the notice to indicate the amount in yen, new balance of the current account,



process Buy_Yen_From_Foreign(current_account_no: nat0,

59

foreign_inf1: customerInf,amount_in_dollar: real)notice1: ExchangeNotice | warning9: string

ext wr current_accountswr foreign_currency_accountsrd current_exchange_rate

post if amount_in_dollar <= ~foreign_currency_accounts(foreign_inf1).balancethen let amount_in_yen = floor(amount_in_dollar / current_exchange_rate)

in foreign_currency_accounts =override(~foreign_currency_accounts,{foreign_inf1 —>modify(~foreign_currency_accounts(foreign_inf1),balance —>~foreign_currency_accounts(foreign_inf1).balance - amount_in_dollar

)}

) and(exists![x: dom(current_accounts)] |x.account_no = current_account_no andcurrent_accounts =override(~current_accounts,{x —>modify(~current_accounts(x),balance —>~current_accounts(x).balance + amount_in_yen

)}

)) andnotice1 =mk_ExchangeNotice(amount_in_yen,

current_accounts(x).balance,foreign_currency_accounts(foreign_inf1).balance)

else warning9 = “The requested amount is over the balance of your foreign currency account.”explicitamount_in_yen: nat0;foreign_currency_account_inf: ForeignCurrencyAccountInf;current_inf: CurrentAccountInf;current_account_inf: CurrentAccountInf;

amount_in_yen := floor(amount_in_dollar / current_exchange_rate);foreign_currency_account_inf := new ForeignCurrencyAccountInf;current_inf := new CurrentAccountInf;current_account_inf := new CurrentAccountInf;

if amount_in_dollar <= foreign_currency_accounts(foreign_inf1).balancethenbeginforeign_currency_account_inf :=modify(foreign_currency_accounts(foreign_inf1),

balance —>foreign_currency_accounts(foreign_inf1).balance -

60

amount_in_dollar);foreign_currency_accounts :=

override(~foreign_currency_accounts,{foreign_inf1 —> foreign_currency_account_inf});

current_inf := get({x | x: dom(current_accounts) &x.account_no = current_account_no});

current_account_inf :=modify(current_accounts(x),

balance —>current_accounts(x).balance + amount_in_yen);

current_accounts :=override(~current_accounts,{current_inf —> current_account_inf});

notice1 := new ExchangeNotice;notice1.Make_ExchangeNotice(

amount_in_yen,current_accounts(current_inf).balance,foreign_currency_accounts(foreign_inf1).balance)

endelse warning9 := “The requested amount is over the balance

of your foreign currency account.”commentif the amount in dollar is less than or equal to the balance of the foreign

currency accountthen

(1) calculate the transfered amount in yen based on the current exchange rate(2) add the amount in yen to the current account(3) reduce the requested transfer amount in US dollar from the foreign currency account(4) give a notice to show all the related data

else give a warning message to indicate that the requested transfer amount isover the balance of the foreign currency account.

end_process;

process Buy_Dollars_Using_CashYen(amount_in_yen: nat0, foreign_inf2: CustomerInf)notice2: CashExchangeNotice


post let amount_in_dollar = amount_in_yen / current_exchange_ratein foreign_currency_accounts =

override(~foreign_currency_accounts,{foreign_inf2 —>modify(~foreign_currency_accounts(foreign_inf2),balance —>~foreign_currency_accounts(foreign_inf2).balance + amount_in_dollar

)}



explicit

61

amount_in_dollar: real;foreign_currency_account_inf: ForeignCurrencyAccountInf;

beginamount_in_dollar := amount_in_yen / current_exchange_rate;foreign_currency_account_inf :=modify(foreign_currency_accounts(foreign_inf2),

balance —>foreign_currency_accounts(foreign_inf2).balance +amount_in_dollar);

foreign_currency_accounts :=override(foreign_currency_accounts,

{foreign_inf2 —> foreign_currency_accounts});notice2.Make_CashExchangeNotice(

amount_in_yen,amount_in_dollar,foreign_currency_accounts(foreign_inf2).balance)

endcomment

(1) calculate the amount in US dollar based on the amount_in_yenand the current exchange rate

(2) add the amount in dollar to the foreign currency account(3) give a notice to indicate the relevant data

end_process;

process Foreign_Withdraw(foreign_inf3: CustomerInf, amount_in_yen: nat0)notice3: CashExchangeNotice | warning10: string


post let amount_in_dollar = amount_in_yen / current_exchange_rateinif amount_in_dollar <= ~foreign_currency_accounts(foreign_inf3).balancethenforeign_currency_accounts =override(~foreign_currency_accounts,{foreign_inf3 —>modify(~foreign_currency_accounts(foreign_inf3),balance —>~foreign_currency_accounts(foreign_inf3).balance - amount_in_dollar

)}



else warning10 = “The requested amount is bigger thanthe balance of your foreign currencyaccount.”

explicitamount_in_dollar: real;

62

foreign_currency_account_inf: ForeignCurrencyAccountInf;

beginamount_in_dollar := amount_in_yen / current_exchange_rate;foreign_currency_account_inf := new ForeignCurrencyAccountInf;

if amount_in_dollar <= foreign_currency_accounts(foreign_inf3).balancethenbeginforeign_currency_account_inf :=modify(foreign_currency_accounts(foreign_inf3),

balance —>foreign_currency_accounts(foreign_inf3).balance -amount_in_dollar);

foreign_currency_accounts :=override(~foreign_currency_accounts,{foreign_inf3 —> foreign_currency_account_inf});

notice3.Make_CashExchangeNotice(amount_in_yen,amount_in_dollar,foreign_currency_accounts(foreign_inf3).balance);

endelse warning10 := “The requested amount is bigger than

the balance of your foreign currencyaccount.”

endcommentif the amount_in_yen is less than or equal to the balance in yen, resulting

from converting the balance in dollar based on the current exchange ratethen

(1) calculate the amount in dollar based on the requested amount in yenand the current exchange rate

(2) provide a notice to show the related details(3) reduce the amount in dollar from the balance of the foreign



process Foreign_Show_Balance(foreign_inf4: CustomerInf)balance: real

ext rd foreign_currency_accountspost balance = foreign_currency_account(foreign_inf4).balanceexplicitbalance := foreign_currency_account(foreign_inf4).balancecommentProvide the balance of the foreign currency accountend_process;

process Foreign_Display_Information(notice0: ExchangeNotice |notice1: ExchangeNotice |notice2: CashExchangeNotice |

63

notice3: CashExchangeNotice |balance: nat0)


bound(notice1) and output_device = conc(~output_device, [notice1]) orbound(notice2) and output_device = conc(~output_device, [notice2]) orbound(notice3) and output_device = conc(~output_device, [notice3]) orbound(balance) and output_device = conc(~output_device, [balance]) or

explicitif bound(notice0)then output_device := conc(~output_device, [notice0])else if bound(notice1)

then output_device := conc(~output_device, [notice1])else if bound(notice2)

then output_device := conc(~output_device, [notice2])else if bound(notice3)

then output_device := conc(~output_device, [notice3])else output_device := conc(~output_device, [balance])


process Foreign_Display_Message(warning8: string |warning9: string |warning10: string)






end_module;


process Select_Password_Services(change_current, y1: sign |change_savings, y2: sign |

64

y3, change_foreign: sign)p_sel: {<1>, <2>, <3>}

post bound(change_current) and p_sel = <1> orbound(change_savings) and p_sel = <2> orbound(change_foreign) and p_sel = <3>

explicitif bound(change_current)then p_sel := <1>else if bound(change_savings)

then p_sel := <2>else p_sel := <3>

commentAssign different values to p_sel depending on the availability ofthe input data flows.end_process;

process Decide_Account(p_sel: {<1>, <2>, <3>})q1: sign | q2: sign | q3: sign

post p_sel = <1> and bound(q1) orp_sel = <2> and bound(q2) orp_sel = <3> and bound(q3)

explicitif p_sel = <1>then q1 := ! /*make bound(q1) be true */else if p_sel = <2>

then q2 := !else q3 := !

commentGenerate q1, q2, or q3 depending on the value of the input data flowp_sel.end_process;

process Change_Current_Password(current_inf: CustomerInf,new_pass1: Password,q1: sign)s_notice1: string |warning11: string

ext wr current_accountspost if current_inf inset dom(current_accounts)

thencurrent_accounts =override(domrb({current_inf}, ~current_accounts),{modify(current_inf, pass —> new_pass1) —>~current_accounts(current_inf)} ) and

s_notice1 = “successful”else warning11 = “Your old password or account number is incorrect.”

explicitcurrent_account_inf: CurrentAccountInf;begincurrent_account_inf := new CurrentAccountInf;

65

if current_inf inset dom(current_accounts)thenbegincurrent_account_inf := current_accounts(current_inf);current_accounts := domrb({current_inf}, current_accounts);current_inf := modify(current_inf, pass —> new_pass1);current_accounts :=

override(current_accounts,{current_inf —> current_account_inf});

s_notice1 := “successful”endelse warning11 := “Your old password or account number is incorrect.”

endcommentIf the customer has a current account, then his old password will be changedto the new one and a notice is issued to indiate the success of the change.Otherwise, a warning message will be generated.end_process;

process Change_Savings_Password(q2: sign, savings_inf: CustomerInf,new_pass2: Password)s_notice2: string |warning12: string

ext wr savings_accountspost if savings_inf inset dom(savings_accounts)

thensavings_accounts =override(domrb({savings_inf}, ~savings_accounts),{modify(savings_inf, pass —> new_pass2) —>~savings_accounts(savings_inf)} ) and


explicitsavings_account_inf: SavingsAccountInf;beginsavings_account_inf := new SavingsAccountInf;

if savings_inf inset dom(savings_accounts)thenbeginsavings_account_inf := savings_accounts(savings_inf);savings_accounts := domrb({savings_inf}, savings_accounts);savings_inf := modify(savings_inf, pass —> new_pass2);savings_accounts :=

override(savings_accounts,{savings_inf —> savings_account_inf});


endcomment

66

If the customer has a savings account, then his old password will be changedto the new one and a notice is issued to indiate the success of the change.Otherwise, a warning message will be generated.end_process;

process Change_Foreign_Password(q3: sign, foreign_inf: CustomerInf,new_pass3: Password)s_notice3: string |warning13: string

ext wr foreign_currency_accountspost if foreign_inf inset dom(foreign_currency_accounts)

thenforeign_currency_accounts =override(domrb({foreign_inf}, ~foreign_currency_accounts),{modify(foreign_inf, pass —> new_pass3) —>~foreign_currency_accounts(foreign_inf)} ) and


explicitforeign_currency_account_inf: ForeignCurrencyAccountInf;beginforeign_currency_account_inf := new ForeignCurrencyAccountInf;

if foreign_currency_inf inset dom(foreign_currency_accounts)thenbeginforeign_currency_account_inf := foreign_currency_accounts(foreign_currency_inf);foreign_currency_accounts := domrb({foreign_currency_inf}, foreign_currency_accounts);foreign_currency_inf := modify(foreign_currency_inf, pass —> new_pass3);foreign_currency_accounts :=

override(foreign_currency_accounts,{foreign_currency_inf —> foreign_currency_account_inf});


endcommentIf the customer has a foreign currency account, then his old password will be changedto the new one and a notice is issued to indiate the success of the change.Otherwise, a warning message will be generated.end_process;

process Display_Success_Message(s_notice1: string |s_notice2: string |s_notice3: string)

ext wr output_devicepost bound(s_notice1) and output_device = conc(~output_device, [s_notice1]) or

bound(s_notice2) and output_device = conc(~output_device, [s_notice2]) orbound(s_notice3) and output_device = conc(~output_device, [s_notice3])

explicitif bound(s_notice1)

67

then output_device := conc(~output_device, [s_notice1])else if bound(s_notice2)

then output_device := conc(~output_device, [s_notice2])else output_device := conc(~output_device, [s_notice3])


process Display_Warning_Message(warning11: string |warning12: string |warning13: string)





commentDisplay the input warning messages onto the output device based on theiravailability.end_process;

end_module;

/*The end of the explicit detailed design specification */

4 Discussions

The case study presented in this report has given me another opportunity to explore advantages andproblems in using the SOFL specification language and method. I have again gained more confidencein the effectiveness of SOFL in helping develop correct software systems. The major advantages I havefound include the followings:

1. The three-step approach to building formal design specifications is very effective in providing asystematic and incremental way to build correct specifications.

2. The specifications provide a very good traceability for their evolution (extension, modification, orrefinement).

3. The high level specification serves as a firm foundation for constructing the next lower level specifi-cation, and the contents of the high level specification are used as part of the low level specification.Thus, writing informal, semi-formal, and formal specifications does not waste time and efforts;rather it effectively helps improve the quality of each level specification. For example, the informalspecification provides a framework for developing a more precise and complete semi-formal spec-ification, while the semi-formal specification offers the base for writing a formal abstract designspecification. In the formal design specification, the semi-formal specification is used as the com-ment to interpret the formal specification. The formal abstract design specification then serves asa firm foundation for working out a detailed and more algorithmic design specification.

68

4. The well-documented specifications are very helpful in reviewing and testing the requirements anddesign.

5. The possibility of automating the transformation from a high level specification to a low level oneis very high due to the well-defined syntax and semantics of the SOFL specification languages.

Through this case study I have also realized that drawing condition data flow diagrams can be a bottleneckfor using the SOFL specification language. Since I use Microsoft Viso software tool to draw all thecondition data flow diagrams, it took a lot of efforts and time. However, I believe that this problem canbe resolved by an effective GUI for SOFL, including all the editing functionalities.

5 Conclusions

I have again gained the confidence in the effectiveness of the SOFL specification language and methodthrough the case study presented in this report. The most impressive points of SOFL is that by usingSOFL we do not only provide well-defined specifications, but are forced to identify more functionalities anddesign ideas. Furthermore, identifying and correcting faults in specifications are easier than in programs,and therefore it has a great potential to help reduce the costs and efforts of software development as awhole.

References

69

A Case Study of Modeling an ATM Using...

Documents

Transcript of A Case Study of Modeling an ATM Using...