Event-triggered systems suffer from interrupt storms and degraded timeliness/safety when operating beyond their safe envelope—i.e., under unanticipated environmental conditions. To address this, we propose an importance-driven robust scheduling framework. Our approach introduces a novel “task importance” dimension—orthogonal to both priority and criticality—and integrates mixed-criticality principles to jointly model environmental assumptions and regulate interrupt traffic. We formally verify schedulability using rigorous real-time analysis techniques. Experimental evaluation demonstrates that the framework significantly enhances guarantee rates for critical tasks under anomalous workloads, substantially narrowing the robustness gap between event-triggered and time-triggered systems. This work establishes a new paradigm for designing real-time systems resilient to environmental uncertainty.

The design of real-time systems is based on assumptions about environmental conditions in which they will operate. We call this their safe operational envelope. Violation of these assumptions, i.e., out-of-envelope environments, can jeopardize timeliness and safety of real-time systems, e.g., by overwhelming them with interrupt storms. A long-lasting debate has been going on over which design paradigm, the time- or event-triggered, is more robust against such behavior. In this work, we investigate the claim that time-triggered systems are immune against out-of-envelope behavior and how event-triggered systems can be constructed to defend against being overwhelmed by interrupt showers. We introduce importance (independently of priority and criticality) as a means to express which tasks should still be scheduled in case environmental design assumptions cease to hold, draw parallels to mixed-criticality scheduling, and demonstrate how event-triggered systems can defend against out-of-envelope behavior.