Use Statechart to specify a nuclear power plant control-system. In this system, temperature and pressure levels must be constantly monitored for safety reasons. Assuming that sensors are installed to detect and generate appropriate signals when either of these level (pressure or temperature) exceeds some predefined threshold values. The requirements and assumptions for managing the plant are the following:

1. When one of the two signals is raised the system must enter into a recovery state in which it tries to apply a recovery procedure.

2. If, after a while, the recovery action succeeds, the system is automatically entering into the normal state, and sends an appropriate message (e.g., everything is OK) to the external environment.

3. Otherwise, the alarm signal must be raised and the plant MUST be shut off. In this case, the system as a whole must also be switched off if it is trying to recover from one kind of anomaly (i.e., excessive pressure or temperature) and the other signal is raised.

4. It is assumed that the two signals (excessive pressure or excessive temperature) cannot occur simultaneously.