Tuesday, July 18, 2006

Use of shall, should, may, can


shall

'shall' describes something that is mandatory. If a requirement uses 'shall', then that requirement _will_ be satisfied without fail.
Noncompliance is not allowed. Failure to comply with one single 'shall' is sufficient reason to reject the entire product. Indeed, it must be rejected under these circumstances.

Examples:
  • "Requirements shall make use of the word 'shall' only where compliance is mandatory."

    • This is a good example.
  • "C++ code shall have comments every 5th line."

    • This is a bad example. Using 'shall' here is too strong.

    should

    'should' is weaker. It describes something that might not be satisfied in the final product, but that is desirable enough that any noncompliance shall be explicitly justified. Any use of
    'should' should be examined carefully, as it probably means that something is not being stated clearly. If a 'should' can be replaced by a 'shall', or can be discarded entirely, so much the better.

    Examples:

  • "C++ code should be ANSI compliant."

    • A good example. It may not be possible to be ANSI compliant on all platforms, but we should try.
  • "Code should be tested thoroughly."

    • Bad example. This 'should' shall be replaced with 'shall' if this requirement is to be stated anywhere (to say nothing of defining what 'thoroughly' means).

    may

    'may' grants permission to do something, and makes only a weak statement.
    It does not mean that it is possible to do it, only that you have permission to do it. In a user requirements document it shall only appear rarely, if ever. It is more appropriate to the detailed design, where it may be used to define the behaviour of the product.

    Examples:

  • "A package may be released on one platform before it is ready on other platforms."

    • This grants permission, but does not force any particular behaviour. This is a good example.
  • "Package X may use package Y for function Z."

    • This is a bad example. If package X _needs_ function Z from package Y then it shall be clearly stated (with 'shall'!) that it does. If package X needs function Z, but may get it from package Y or elsewhere, then this
    statement shall not be accepted, because it is superfluous and adds nothing useful.

    can

    'can' is stronger than 'may'. It means that it is indeed possible to do something. It does not really belong in a requirements document, rather it belongs in a status report, where it says that a system has the ability do do what it is supposed to do.
    Examples:
  • I may climb Mont Blanc (if I want to, but I don't know if I can!)

    • A good example.
  • We can compile all our code with ANSI C++ compilers.

    • A bad example. We may use ANSI C++ compilers, when they exist, but we cannot now, because there isn't one that is fully ANSI compliant.

    Note:

  • 'can' does not imply 'may': "I can commit murder".
  • 'may' does not imply 'should': "I may give away all my money".
  • 'should' does not imply 'may' or 'can': "I should take a 6 month holiday".

    • another one(http://rfc.sunsite.dk/rfc/rfc2119.html)
    Network Working Group                                         S. Bradner
    Request for Comments: 2119                            Harvard University
    BCP: 14                                                       March 1997
    Category: Best Current Practice


           Key words for use in RFCs to Indicate Requirement Levels

    Status of this Memo

      This document specifies an Internet Best Current Practices for the
      Internet Community, and requests discussion and suggestions for
      improvements.  Distribution of this memo is unlimited.

    Abstract

      In many standards track documents several words are used to signify
      the requirements in the specification.  These words are often
      capitalized.  This document defines these words as they should be
      interpreted in IETF documents.  Authors who follow these guidelines
      should incorporate this phrase near the beginning of their document:

         The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
         NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and
         "OPTIONAL" in this document are to be interpreted as described in
         RFC 2119.

      Note that the force of these words is modified by the requirement
      level of the document in which they are used.

    1. MUST   This word, or the terms "REQUIRED" or "SHALL", mean that the
      definition is an absolute requirement of the specification.

    2. MUST NOT   This phrase, or the phrase "SHALL NOT", mean that the
      definition is an absolute prohibition of the specification.

    3. SHOULD   This word, or the adjective "RECOMMENDED", mean that there
      may exist valid reasons in particular circumstances to ignore a
      particular item, but the full implications must be understood and
      carefully weighed before choosing a different course.

    4. SHOULD NOT   This phrase, or the phrase "NOT RECOMMENDED" mean that
      there may exist valid reasons in particular circumstances when the
      particular behavior is acceptable or even useful, but the full
      implications should be understood and the case carefully weighed
      before implementing any behavior described with this label.





    Bradner                  Best Current Practice                  [Page 1]

    RFC 2119                     RFC Key Words                    March 1997


    5. MAY   This word, or the adjective "OPTIONAL", mean that an item is
      truly optional.  One vendor may choose to include the item because a
      particular marketplace requires it or because the vendor feels that
      it enhances the product while another vendor may omit the same item.
      An implementation which does not include a particular option MUST be
      prepared to interoperate with another implementation which does
      include the option, though perhaps with reduced functionality. In the
      same vein an implementation which does include a particular option
      MUST be prepared to interoperate with another implementation which
      does not include the option (except, of course, for the feature the
      option provides.)

    6. Guidance in the use of these Imperatives

      Imperatives of the type defined in this memo must be used with care
      and sparingly.  In particular, they MUST only be used where it is
      actually required for interoperation or to limit behavior which has
      potential for causing harm (e.g., limiting retransmisssions)  For
      example, they must not be used to try to impose a particular method
      on implementors where the method is not required for
      interoperability.

    7. Security Considerations

      These terms are frequently used to specify behavior with security
      implications.  The effects on security of not implementing a MUST or
      SHOULD, or doing something the specification says MUST NOT or SHOULD
      NOT be done may be very subtle. Document authors should take the time
      to elaborate the security implications of not following
      recommendations or requirements as most implementors will not have
      had the benefit of the experience and discussion that produced the
      specification.

    8. Acknowledgments

      The definitions of these terms are an amalgam of definitions taken
      from a number of RFCs.  In addition, suggestions have been
      incorporated from a number of people including Robert Ullmann, Thomas
      Narten, Neal McBurnett, and Robert Elz.












    Bradner                  Best Current Practice

    posted by edison at 10:39 PM 0 comments