This goes beyond "system policy" (which would be some default
way to handle these types of incidents)
The variety of different conditions that could be practical
one might condition the *second* schedule() with:

if (first_scheduled)
schedule(event_time+delta)
And, no matter how many -- and how BLOATED the syscall becomes -- there
will STILL be conditions that are applicable to specific tasks.

Rather than trying to anticipate ALL of them to handle *in* the
syscall (and STILL having to account for others that were not
envisioned), it seems more prudent to have the syscall UNCONDITIONALLY
perform its action and let the developer assume responsibility for
writing explicit code to handle cases that *it* considers as "special".
Especially as bugs *there* are readily contained in the task's
environment and don't risk corrupting the kernel.

You asked: "What OS?" The OS doesn't matter. Rather, how
the mechanism is modeled.

As you've said, the OS "should implement something simple".
Something easily conceptualized, even if it doesn't address
all possible use cases.

If, for example, the OS assumes that "past" events are no longer of
interest and ignores the request, then any higher layers have to
take that into account to COMPENSATE for the POLICY decision that
the OS has enforced.
A library function or a *service*.
Correct.
You should only solve those that are commonplace -- and, only
as a convenience for your clients.

If nothing is common (unlike windows where applications may want
to know if the host is running on batteries, just came out of
hibernation, etc), then anything additional that you do in
the kernel just adds to the kernel's complexity without any
real reward.
The "constraints" would then have to be available/accessible
to the scheduler. This leads to monolithic designs -- the scheduler
has to be able to know ANYTHING that may be of importance.

Instead, it should only have to know what is ESSENTIAL for it to perform
its action.

"Schedule this at 1:00AM but only if it did not rain, today"

Why should the scheduler have to know about local precipitation?
Instead, the task that thought that was a significant criteria
likely already knows about it; why not let *it* condition the
scheduler's actions?
The code doesn't even have to be malicious. I'm sure everyone
has had their workstation grind to a halt because something is
working as designed, but the set of applications aren't working
as EXPECTED.

(E.g., my browser routinely seems to run out of memory... or sockets...
or <whatever> meaning I can't open another page until I close it
and reopen it. Even if all the same tabs are reopened with it!)
Yes. Or, the developer may have "noticed" (or expected)
certain behaviors that it can exploit. E.g., at this time,
the system load is low so it would be a good use of resources
(without incurring conflicts) for me to perform this resource
intensive task.
No. It means you care MORE about other things.

E.g., if power fails, I start shedding computational
loads so I can power down processors. The first to
go are those that are "unessential" or that can easily
be restarted to resume their state.

As I don't know how long a power outage will last
(but I *do* know how long my backup supply will support
a particular load set), I can't guarantee that "your"
task will be running anywhere when its deadline or
event times come to pass.

Similarly, if some high priority task manages to continually
preempt you, then you can't predict when you will next
"run" on the processor.

You've been preempted because your stated timing requirements
have been deemed insufficient to compete for the CURRENT
set of resources, given the other candidates vying for them.

The consequences of you not running may be serious. Or,
insignificant. Only YOU can determine that.

If, instead, you make a proclamation to the system
regarding your "importance"/timeliness, then it's easy
for foreign code to abuse that mechanism and always
claim to be "very important" and with "immediate"
timing criteria.

[To counter such abuse, if the workload manager sees
that it can't meet your requirements, it simply refuses
to run your application: "Why bother? You've already
CLAIMED to have these requirements and I *know* that
I can't meet them, so why forfeit resources trying to
meet your goals -- at the expense of other tasks -- only
to KNOW it will fail?"]
Exactly. Baking that into the OS is wrong. It should
implement MECHANISMS (i.e., the ability to load an application
into memory and ensure it's required resources are available)
and not POLICY (the criteria that an application may deem important)
In *one* sense of the term. A service can operate at an
elevated sense of "importance" and timeliness. But, it
should be an appendage and not be able to interfere
with the operation of the kernel.

E.g., if a scheduler service dies, then NEW tasks can't
be invoked at specific times. But, tasks that are
already running -- or, explicitly loaded by them -- are
not affected. The 'damage" is contained.

One can then implement a "Lazarus service" that watches for
key services crashing and restarts them. E.g., there are
times when the display driver on my main workstation
crashes (usually coming out of hibernation or some other
significant hardware change). But, that is detected and
it is restarted so I am only momentarily inconvenienced.
Exactly. Everything in my world is capability based.
E.g., you can't even USE the scheduler if you haven't been
given a capability to do so.

"Why should the 'Flashlight' app in your phone be able to start
other tasks???"
The app has to declare what it wasn't to be able to access
before it is installed in the system. If it attempts to
ask for some capabilities that it shouldn't need, then the
installer can refuse to allow the code to be installed.

If it misbehaves while running (abuses some capability
that it has been granted), the system can refuse to allow
it to be restarted.
Users can schedule some activities/actions through a "user accessible
service". If they want to schedule something at a "bad time",
that's their problem.

But, other tasks can have built-in heuristics that can provide hints
to when they should be scheduled IN THE ABSENCE OF SPECIFIC
CRITERIA FROM THE USER.

E.g., we irrigate at night. This is done because there are less
evaporative losses. And, because it is unlikely that users will
want to take showers at 3AM.

If the user overrides (cancels) such an action, the task
knows that the need for irrigation water still exists (just
because you don't want to irrigate now doesn't mean the
plants suddenly stop needing water). So, it tries to
find a better time.

Or, if the user explicitly gives it a better time (periodic
or aperiodic), then it learns from these preferences.
Yes. Hence the "SLEEP" option in the start menu.
That requires adjusting the sleep interval. I often leave
a workstation for some other activity. I would be annoyed if
it DIDN'T go to sleep after I'd been "gone" (inactive) for 30
minutes.

OTOH, I've been scanning legal documents on my larger scanner.
It is networked so need not be located proximate to my
workstation. I can control it and retrieve scans without
being AT its side (though I need to be so to load new documents).

Often, I have to post-process a scan (e.g., if I have "receipts"
that I might want to scan alongside a document and, later,
"cut them off" as separate pages). While I am doing this,
the scanner often times out.

This is annoying as I have to restart the application.
(There is no obvious timeout value for the *application*,
though there is for the connection to the scanner).

But, tolerable. Compared to the time required to walk
over to the scanner (in another room to conserve on desk
space in the office), arrange the documents, walk back
to the workstation, perform a "preview" scan so I can
determine what portion of the flatbed is important, do
a real scan, and then import to photoshop, etc.

[A control in the scanning application that would let me
set the timeout -- or, disable it -- would be welcome]