Safety, WCET and measurements

I was at a meeting this week where someone put a slide on the screen that contained the sentence "Measuring WCET is unsafe." This statement is wrong on so many counts, and yet seems to be circulating in literature, is widely quoted, and is frequently re-stated "blindly", with no understanding of what it means. As it keeps getting quoted, I thought I'd write something about it.

What's wrong?

Grammar

The first problem that I have with this statement is the grammatical stupidity of this sentence. I've measured WCET many times and I've never hurt myself doing it! However, let's see past that. Let us assume that the implication is that use of a measured WCET is somehow unsafe.

Safety

The study and terminology of "safety" are well defined and well understood. The implication that the use of a measured value leads directly to the (un)safety of a system shows an appalling lack of understanding of the technology.

I doubt that the original user of this sentence (whoever that was!) meant the word "unsafe" to have any connection with "safety". However, the main area where WCET has any use is safety-related, or high reliability computer systems. In this area, which frequently deals with (real) safety issues, we should be very careful to avoid mixing terminology.

When this sentence is quoted, I see that the people reading it do believe that the sentence is related to "safety". Indeed, this wild dramatization is at the heart of why it is quoted so often.

Optimism and Pessimism

Despite the misleading use of the word "unsafe" from a related domain, of course what is meant by "unsafe" is that “a simple measured maximum value may be lower than the true worst case”. It uses the word unsafe in the sense that you might cut a piece of wood slightly larger than you need to “err on the safe side”, then plane it down.

This statement is so obvious that it's almost not worth stating! Of course if you measure something that is changing, your biggest measurement might be smaller than the biggest possible measurement. This is the reason why RapiTime exists in the first place - to automate and supplement your measurements with analysis to make sure that your measurements can be relied upon.

If the sentence was not dressed up in misleading dramatics, then it would not be so widely quoted! It is the over-dramatisation of the use of “unsafe” that makes people quote it blindly.

So please! Let's:

a) stop using terminology from the safety domain out of context to dramatize (we might use optimism and pessimism, or under-estimate and over-estimate as almost equivalent terms)

and

b) actually work out what we mean by measurement of WCET. And that's the subject of a follow-up blog post.