The failure rates of real-time computers must be extraordinarily small. Indeed, they must be
smaller than the failure rates of the components from which they are builts. Such computers
must therefore be ‘‘fault-tolerant’’, i.e., be able to continue operating despite the failure of a
limited subset of their hardwares or softwares. They must also be gracefully degradable i.e., as
the size of the faulty set increases the system must not suddenly collapse, but continue executing
part of its work load, figure shows how a properly designed fault-tolerant system behaves as
the failures increase in no scope.