Abstract
Real-time systems which have to respond to environmental state changes within a very short latency period are often using event-triggered task activation. If the system has to work even in case of sensor failures, event-triggered task activation is not reliable. Task activations may occur too early, thus causing a system overload, they may occur too late or are entirely omitted. To overcome these problems the task-splitting model is introduced, which integrates fault tolerance into the analysis and construction of hard real-time systems. This model controls event-triggered task activations to handle faults while guaranteeing timely reponse to changes of environmental states. The task-splitting model is independent of any particular scheduling algorithm, it is based on a general task model. The result of this work has influenced the design of a robust engine controller of the next generation.<>