I'm well aware that safety critical != hard real-time.
Though hard real-time systems must be designed in a way that they guarantee not to ever miss a deadline, simply because missing a single deadline is considered a fatal full system failure. So how do you guarantee that by other means than by mathematical proof?
> And for a practical note: The theoretical upper boundary is not magnitudes higher than what you can measure in tests.
None of those systems including Preempt-RT can specify their theoretical upper boundary, except in safe ranges which make them not at all different :)