Version 1.2 of ai12s/ai12-0444-1.txt

Unformatted version of ai12s/ai12-0444-1.txt version 1.2
Other versions for file ai12s/ai12-0444-1.txt

!standard 1.1.5(8) 22-05-02 AI12-0444-1/02
!standard 1.1.5(10)
!standard 2.1(4/5)
!standard 3.5.4(5)
!standard 3.5.4(24)
!standard 3.5.4(25)
!standard 3.5.4(26)
!standard 3.5.6(7/5)
!standard 3.5.6(8/5)
!standard 3.5.7(5)
!standard 3.5.7(16)
!standard 3.6(15)
!standard 3.9.3(6/4)
!standard 6.1.2(41/5)
!standard 6.3(4)
!standard 7.4(8/3)
!standard 7.6(19/3)
!standard 7.6(21/3)
!standard 9.5.3(22)
!standard 9.5.3(23/4)
!standard 9.5.3(25)
!standard 9.6(31)
!standard 9.8(3)
!standard 9.10.1(25/5)
!standard 10.1.3(11)
!standard 10.2.1(11.2/5)
!standard 11.4.2(27/3)
!standard 11.6(5)
!standard 13.1(22/3)
!standard 13.1(23/5)
!standard 13.1(24/3)
!standard 13.1(25/3)
!standard 13.1(26/3)
!standard 13.1(27/3)
!standard 13.1(28/3)
!standard 13.2(8/4)
!standard 13.3(29/2)
!standard 13.3(30/2)
!standard 13.3(30.1/2)
!standard 13.3(33.2/2)
!standard 13.3(51.2/2)
!standard 13.3(51.3/2)
!standard 13.3(65)
!standard 13.4(10)
!standard 13.5.1(22)
!standard 13.11(25.4/2)
!standard 13.12.1(7/2)
!standard 13.13.1(36/5)
!standard A.4.12(1/5)
!standard A.5.1(48)
!standard A.10(8)
!standard A.10.8(23)
!standard A.10.9(36)
!standard A.10.9(37)
!standard A.13(16)
!standard B.1(41/4)
!standard B.3(62.1/3)
!standard C.3.2(24/5)
!standard C.7.2(28)
!standard D.2.2(17/2)
!standard D.2.2(18/2)
!standard D.3(15/2)
!standard D.4(15/2)
!standard D.4.1(8/5)
!standard D.11(10)
!standard D.14(28/2)
!standard E.1(13)
!standard E.2.3(20/5)
!standard E.5(27)
!standard G.1.1(54)
!standard G.1.2(46)
!standard G.2(3)
!standard G.3.1(87/2)
!standard G.3.1(156/2)
!standard G.3.1(157/2)
!standard H.7.1(14/5)
!class presentation 22-04-27
!status work item 22-04-27
!status received 22-02-18
!priority Critical
!difficulty Medium
!subject Rewordings to remove "need not"
!summary
Several paragraphs needed to be reworded to avoid using "need not".
!question
ISO comment #20 says:
Verbal forms used to express provisions in the text do not always comply with the rules specified in the ISO/IEC Directives, Part 2. Do not use verbal forms ("could", "might", "need") that are not defined in the ISO/IEC Directives, Part 2.
Should we fix any uses of "need not"? (Yes.)
!recommendation
Reword all wording including "need not", preferably into a positive statement. Non-normative material like notes and examples including "need not" are handled in AI12-0442-1; a single case is found in AI12-0438-1 as the paragraph also includes "must"; the rest are found here.
!wording
Modify 1.1.5(8):
The language rules define certain kinds of errors that {are not expected to}[need not] be detected either prior to or during run time, but if not detected, the range of possible effects shall be bounded. The errors of this category are called bounded errors. The possible effects of a given bounded error are specified for each such error, but in any case one possible effect of a bounded error is the raising of the exception Program_Error.
Modify 1.1.5(10):
In addition to bounded errors, the language rules define certain kinds of errors as leading to erroneous execution. Like bounded errors, the implementation {is not expected to}[need not] detect such errors either prior to or during run time. Unlike bounded errors, there is no language-specified bound on the possible effect of erroneous execution; the effect is in general not predictable.
Modify 2.1(4/5):
The coded representation for characters is implementation defined (it {can}[need not] be a representation {that is not} defined within ISO/IEC 10646:2017). A character whose relative code point in its plane is 16#FFFE# or 16#FFFF# is not allowed anywhere in the text of a program. The only characters allowed outside of comments are those in categories other_format, format_effector, and graphic_character.
Modify 3.5.4(5):
Each simple_expression in a signed_integer_type_definition is expected to be of any integer type; they [need not be of the same]{can be of different integer} type{s}. The expression in a modular_type_definition is likewise expected to be of any integer type.
Modify 3.5.4(24):
For the execution of a predefined operation of a signed integer type, {it is optional to}[the implementation need not] raise Constraint_Error if the result is outside the base range of the type, so long as the correct result is produced.
["Outside" was dubious; we now define it in 3.2(8) {see AI12-0445-1} in part to make this sensible - Editor.]
Alternatively: for the execution of a predefined operation of a signed integer type, {raising}[the implementation need not raise] Constraint_Error {is required} if the result is outside the base range of the type, {unless}[so long as] the correct result is produced.
Modify 3.5.4(25):
An implementation may provide additional predefined signed integer types, declared in the visible part of Standard, whose first subtypes have names of the form Short_Integer, Long_Integer, Short_Short_Integer, Long_Long_Integer, etc. Different predefined integer types are allowed to have the same base range. However, the range of Integer should be no wider than that of Long_Integer. Similarly, the range of Short_Integer (if provided) should be no wider than Integer. Corresponding recommendations apply to any other predefined integer types. [There need not be a named integer type corresponding to each distinct]{An implementation may support} base range{s} [supported by an implementation] for which there is no corresponding named integer type}. The range of each first subtype should be the base range of its type.
Modify 3.5.4(26):
An implementation may provide nonstandard integer types, descendants of root_integer that are declared outside of the specification of package Standard, which {may have different}[need not have all the standard] characteristics {than}[of] a type defined by an integer_type_definition. For example, a nonstandard integer type {can}[might] have an asymmetric base range or it {can be disallowed}[might not be allowed] as an array or loop index (a very long integer). Any type descended from a nonstandard integer type is also nonstandard. An implementation may place arbitrary restrictions on the use of such types; it is implementation defined whether operators that are predefined for "any integer type" are defined for a particular nonstandard integer type. In any case, such types are not permitted as explicit_generic_actual_parameters for formal scalar types - see 12.5.2.
["Could" would be better, especially for the second case, but that also a word that's not allowed. Negative permissions are not allowed at all, there is no negative form of "may". Thus the rewording for "need not" and "might not".
- Editor.]
Modify 3.5.6(7/5):
For the execution of a predefined operation of a real type, {it is optional to}[the implementation need not] raise Constraint_Error if the result is outside the base range of the type, so long as the correct result is produced, or the Machine_Overflows attribute of the type is False (see G.2.1).
["Outside" was dubious; we now define it in 3.2(8) {see AI12-0445-1} in part to make this sensible - Editor.]
An alternative update would be:
For the execution of a predefined operation of a real type, {raising} [the implementation need not raise] Constraint_Error {is required} if the result is outside the base range of the type, {unless}[so long as] the correct result is produced, or the Machine_Overflows attribute of the type is False (see G.2.1).
Modify 3.5.6(8/5):
An implementation may provide nonstandard real types, descendants of root_real that are declared outside of the specification of package Standard, which {may have different}[need not have all the standard] characteristics {than}[of] a type defined by a real_type_definition. For example, a nonstandard real type {can}[might] have an asymmetric or unsigned base range, or its predefined operations {can}[might] wrap around or "saturate" rather than overflow (modular or saturating arithmetic), or it {can have a different}[might not conform to the] accuracy model {than is standard }(see G.2.1). Any type descended from a nonstandard real type is also nonstandard. An implementation may place arbitrary restrictions on the use of such types; it is implementation defined whether operators that are predefined for "any real type" are defined for a particular nonstandard real type. In any case, such types are not permitted as explicit_generic_actual_parameters for formal scalar types - see 12.5.2.
[See 3.5.4(26) for comments - Editor.]
Modify 3.5.7(5):
Each simple_expression of a real_range_specification is expected to be of any real type; the types {can} [need not] be [the same]{different}.
Modify 3.5.7(16):
An implementation is allowed to provide additional predefined floating point types, declared in the visible part of Standard, whose (unconstrained) first subtypes have names of the form Short_Float, Long_Float, Short_Short_Float, Long_Long_Float, etc. Different predefined floating point types are allowed to have the same base decimal precision. However, the precision of Float should be no greater than that of Long_Float. Similarly, the precision of Short_Float (if provided) should be no greater than Float. Corresponding recommendations apply to any other predefined floating point types. [There need not be a named floating point type corresponding to each distinct]{An implementation may support} base decimal precision{s for which there is no corresponding named floating point type} [supported by an implementation].
Modify 3.6(15):
An unconstrained_array_definition defines an array type with an unconstrained first subtype. Each index_subtype_definition defines the corresponding index subtype to be the subtype denoted by the subtype_mark. The compound delimiter <> (called a box) of an index_subtype_definition stands for an undefined range (different objects of the type [need not]{can} have [the same] {different} bounds).
Modify 3.9.3(6/4):
* Otherwise, the subprogram shall be overridden with a nonabstract subprogram or, in the case of a private extension inheriting a nonabstract function with a controlling result, have a full type that is a null extension; for a type declared in the visible part of a package, the overriding may be either in the visible or the private part. Such a subprogram is said to require overriding. However, if the type is a generic formal type, the subprogram {is allowed to be inherited as is, without being} [need not be] overridden for the formal type itself; a nonabstract version will necessarily be provided by the actual type.
Modify 6.1.2(41/5):
An implementation [need not require that all]{can allow some} references to a constant object [be]{which are not} accounted for by the Global or Global'Class aspect when it is considered a variable in the above rules{,} if the implementation can determine that the object is in fact immutable.
Modify 6.3(4):
In contrast to other bodies, a subprogram_body {is allowed to be defined without it being} [need not be] the completion of a previous declaration, in which case the body declares the subprogram. If the body is a completion, it shall be the completion of a subprogram_declaration or generic_subprogram_declaration. The profile of a subprogram_body that completes a declaration shall conform fully to that of the declaration.
Modify 7.4(8/3):
A deferred constant declaration for which the Import aspect is True [need not]{can} appear [in the visible part of a package_specification]{anywhere that an object_declaration is allowed}, and has no full constant declaration.
Modify 7.6(19/3):
* If an object is assigned the value of that same object, the implementation [need not do anything]{may omit the assignment}.
Modify 7.6(21/3):
* The implementation [need not create]{may avoid creating} an anonymous object if the value being assigned is the result of evaluating a name denoting an object (the source object) whose storage cannot overlap with the target. If the source object [might]{can} overlap with the target object, then the implementation can avoid the need for an intermediary anonymous object by exercising one of the above permissions and perform the assignment one component at a time (for an overlapping array assignment), or not at all (for an assignment where the target and the source of the assignment are the same object).
["need not", bonus "might" - Editor.]
Modify 9.5.3(22):
An implementation may perform the sequence of steps of a protected action using any thread of control; it [need not be]{can be a thread other than} that of the task that started the protected action. If an entry_body completes without requeuing, then the corresponding calling task may be made ready without waiting for the entire protected action to complete.
Modify 9.5.3(23/4):
When the entry of a protected object is checked to see whether it is open, the implementation [need not reevaluate]{can bypass reevaluating} the condition of the corresponding entry_barrier if no variable or attribute referenced by the condition (directly or indirectly) has been altered by the execution (or cancellation) of a call to an exclusive protected operation of the object since the condition was last evaluated.
Modify 9.5.3(25):
When an attempt is made to cancel an entry call, the implementation {can use a}[need not make the attempt using the] thread of control {other than that} of the task (or interrupt) that initiated the cancellation; in particular, it may use the thread of control of the caller itself to attempt the cancellation, even if this {can}[might] allow the entry call to be selected in the interim.
["need not" is replaced by other wording. Also "might" is changed to "can". - Editor.]
Modify 9.6(31):
The time base for delay_relative_statements should be monotonic; it {can be different than}[need not be] the [same] time base as used for Calendar.Clock.
Modify 9.8(3):
Each task_name is expected to be of any task type; [they need not all be of the same]{each can be of a different} task type.
Modify 9.10.1(25/5):
Specifying the Parallel_Calls aspect to be True for a subprogram indicates that the subprogram can be safely called in parallel. Conflict checks (if required by the Conflict_Check_Policy in effect) are made on the subprogram assuming that multiple concurrent calls exist. Such checks [need not be repeated at each]{can then be omitted on a} call of the subprogram in a parallel iteration context.
Modify 10.1.3(11):
In contrast, a subprogram_body_stub [need not be]{can be defined without it being} the completion of a previous declaration, in which case the _stub declares the subprogram. If the _stub is a completion, it shall be the completion of a subprogram_declaration or generic_subprogram_declaration. The profile of a subprogram_body_stub that completes a declaration shall conform fully to that of the declaration.
Modify 10.2.1(11.2/5):
* The partial view of a private type or private extension, a protected type without entry_declarations, a generic formal private type, or a generic formal derived type, has preelaborable initialization if and only if the Preelaborable_Initialization aspect has been specified True for them. A protected type with entry_declarations or a task type never has preelaborable initialization. The Preelaborable_Initialization aspect of a partial view of a type may be specified as False, even if the full view of the type has preelaborable initialization. Similarly, a generic formal type [need not]{may} be specified [to have preelaborable initialization]{with Preelaborable_Initialization False}, even if the actual type in an instance has preelaborable initialization.
Modify 11.4.2(27/3):
An implementation [need not allow]{may disallow} the specification of an assertion expression if the evaluation of the expression has a side effect such that an immediate reevaluation of the expression {can}[could] produce a different value. Similarly, an implementation [need not allow]{may disallow} the specification of an assertion expression that is checked as part of a call on or return from a callable entity C, if the evaluation of the expression has a side effect such that the evaluation of some other assertion expression associated with the same call of (or return from) C {can}[could] produce a different value than [it would if]{in the case when} the first expression had not been evaluated.
[Multiple "need not allow"; two bonus "could"s too - Editor.]
Modify 11.6(5):
* An implementation {can omit raising}[need not always raise] an exception when a language-defined check fails. Instead, the operation that failed the check can simply yield an undefined result. The exception {is required to be}[need be] raised by the implementation only if, in the absence of raising it, the value of this undefined result would have some effect on the external interactions of the program. In determining this, the implementation shall not presume that an undefined result has a value that belongs to its subtype, nor even to the base range of its type, if scalar. Having removed the raise of the exception, the canonical semantics will in general allow the implementation to omit the code for the check, and some or all of the operation itself.
[Replace "need not" and "need be".]
Modify 12.5.1(15):
For a generic formal type with an unknown_discriminant_part, the actual may[, but need not,] have discriminants{, though that is not required}, and may be definite or indefinite.
Modify 13.1(22/3):
* An implementation {is not required to}[need not] support the specification for a representation aspect that contains nonstatic expressions, unless each nonstatic expression is a name that statically denotes a constant declared before the entity.
[We tried a large number of rewordings here; this was the easiest that seems that it might be OK. For the 13.1 wording, I had suggested "never" rather than "not", to emphasize that these are the most important rules and they apply even when the Recommended Level of Support is required. Tuck thought that was overkill.
Other ideas included "may disallow" and "support is optional" - Editor.]
Modify 13.1(23/5):
* An implementation {is not required to}[need not] support a specification for the Object_Size or Size for a given composite subtype, nor the size or storage place for an object (including a component) of a given composite subtype, unless the constraints on the subtype and its composite subcomponents (if any) are all static constraints.
Modify 13.1(24/3):
* An implementation {is not required to}[need not] support specifying a nonconfirming representation aspect value if it [could]{can} cause an aliased object or an object of a by-reference type to be allocated at a nonaddressable location or, when the alignment attribute of the subtype of such an object is nonzero, at an address that is not an integral multiple of that alignment.
[Replace "need not support", "could cause" - Editor.]
Modify 13.1(25/3):
* An implementation {is not required to}[need not] support specifying a nonconfirming representation aspect value if it [could]{can} cause an aliased object of an elementary type to have a size other than that which would have been chosen by default.
[Replace "need not support", "could cause" - Editor.]
Modify 13.1(26/3):
* An implementation {is not required to}[need not] support specifying a nonconfirming representation aspect value if it [could]{can} cause an aliased object of a composite type, or an object whose type is by-reference, to have a size smaller than that which would have been chosen by default.
[Replace "need not support", "could cause" - Editor.]
Modify 13.1(27/3):
* An implementation {is not required to}[need not] support specifying a nonconfirming subtype-specific representation aspect value for an indefinite or abstract subtype.
Modify 13.1(28/3):
for purposes of these rules, the determination of whether specifying a representation aspect value for a type [could]{can} cause an object to have some property is based solely on the properties of the type itself, not on any available information about how the type is used. in particular, it presumes that minimally aligned objects of this type [might]{can} be declared at some point.
[Replace "could cause"; that is used sort of like a technical term, but it isn't a defined term. "might" also occurs here. This paragraph was left with the related other paragraphs so that the fix was consistent (there is no "need not" in this paragraph) - Editor.]
Modify 13.2(8/4):
* For a packed record type, the components should be packed as tightly as possible subject to the above alignment requirements, the Sizes of the component subtypes, and any record_representation_clause that applies to the type; the implementation [may, but need not,]{is allowed to} reorder components or cross aligned word boundaries to improve the packing. A component whose Size is greater than the word size may be allocated an integral number of words.
Modify 13.3(29/2):
* An implementation {is not required to}[need not] support an Alignment clause for a signed integer type specifying an Alignment greater than the largest Alignment value that is ever chosen by default by the implementation for any signed integer type. A corresponding limitation may be imposed for modular integer types, fixed point types, enumeration types, record types, and array types.
Modify 13.3(30/2):
* An implementation {is not required to}[need not] support a nonconfirming Alignment clause which {can cause}[could enable] the creation of an object of an elementary type which cannot be easily loaded and stored by available machine instructions.
[Replace "need not support", "could enable" - Editor.]
Modify 13.3(30.1/2):
* An implementation {is not required to}[need not] support an Alignment specified for a derived tagged type which is not a multiple of the Alignment of the parent type. An implementation need not support a nonconfirming Alignment specified for a derived untagged by-reference type.
Modify 13.3(33.2/2):
* An implementation {is not required to}[need not] support Alignments specified for objects of a by-reference type or for objects of types containing aliased subcomponents if the specified Alignment is not a multiple of the Alignment of the subtype of the object.
Modify 13.3(51.2/2):
* An implementation {is not required to}[need not] support a Size clause for a signed integer type specifying a Size greater than that of the largest signed integer type supported by the implementation in the absence of a size clause (that is, when the size is chosen by default). A corresponding limitation may be imposed for modular integer types, fixed point types, enumeration types, record types, and array types.
Modify 13.3(51.3/2):
* A nonconfirming size clause for the first subtype of a derived untagged by-reference type {is not required to}[need not] be supported.
Modify 13.3(65):
* An implementation {is not required to}[need not] support specified Component_Sizes that are less than the Size of the component subtype.
Modify 13.4(10):
* An implementation should support at least the internal codes in the range System.Min_Int .. System.Max_Int. An implementation {is not required to}[need not] support enumeration_representation_clauses for boolean types.
Modify 13.5.1(22):
* An implementation {is not required to}[need not] support a component_clause for a component of an extension part if the storage place is not after the storage places of all components of the parent type, whether or not those storage places had been specified.
Modify 13.11(25.4/2):
* Otherwise, a default storage pool should be created at the point where the anonymous access type is elaborated; such a storage pool [need not support]{can have no mechanism for the} deallocation of individual objects.
Modify 13.12.1(7/2):
The restriction_parameter_argument of a No_Dependence restriction shall be a name; the name shall have the form of a full expanded name of a library unit, but [need not denote a]{can be a name that has no corresponding} unit {currently} present in the environment.
Modify 13.13.1(36/5):
If Stream_Element'Size is not a multiple of System.Storage_Unit, then the components of Stream_Element_Array [need]{will} not be aliased.
[Tucker says: It really cannot be aliased if Stream_Element'Size is not a multiple of Storage_Unit - Editor.]
Modify A.4.12(1/5):
A universal text buffer can be used to save and retrieve text of any language-defined string type. The types used to save and retrieve the text [need not be the same]{can be different}.
Modify A.5.1(48):
The nongeneric equivalent packages [may, but need not,]{can} be actual instantiations of the generic package for the appropriate predefined type{, though that is not required}.
Modify A.10(8):
The actual nature of terminators is not defined by the language and hence depends on the implementation. Although terminators are recognized or generated by certain of the procedures that follow, they are not necessarily implemented as characters or as sequences of characters. Whether they are characters (and if so which ones) in any particular implementation [need]{is} not {of} concern {to} a user who neither explicitly outputs nor explicitly inputs control characters. The effect of input (Get) or output (Put) of control characters (other than horizontal tabulation) is not specified by the language.
Modify A.10.8(23):
The nongeneric equivalent packages [may, but need not,]{can} be actual instantiations of the generic package for the appropriate predefined type{, though that is not required}.
Modify A.10.9(36):
The implementation of Put [need not]{may} produce an output value with {no} greater accuracy than {that which} is supported for the base subtype. The additional accuracy, if any, of the value produced by Put when the number of requested digits in the integer and fractional parts exceeds the required accuracy is implementation defined.
Modify A.10.9(37):
The nongeneric equivalent packages [may, but need not,]{can} be actual instantiations of the generic package for the appropriate predefined type{, though that is not required}.
Modify A.13(16):
{When}[If] the associated check is [too] complex, {it is optional to}[an implementation need not] propagate Data_Error as part of a procedure Read (or the Read attribute) {when}[if] the value read cannot be interpreted is a value of the required subtype.]
[Less radical alternative:
If the associated check is too complex, an implementation {does not have to}[need not] propagate Data_Error as part of a procedure Read (or the Read attribute) [if]{even though} the value read cannot be interpreted as a value of the required subtype.
"does not have to" sounds rather close to a negative permission, as does most of the alternatives we tried. So the more substantial rewrite is preferred - Editor.]
Modify B.1(41/4):
For each supported convention L other than Intrinsic, an implementation should support specifying the Import and Export aspects for objects of L-compatible types and for subprograms, and the Convention aspect for L-eligible types and for subprograms, presuming the other language has corresponding features. Specifying the Convention aspect [need not]{should} be supported for [scalar types, other than] enumeration types whose internal codes fall within the range 0 .. 2**15-1{, but no recommendation is made for other scalar types}.
Modify B.3(62.1/3):
An implementation {is not required to}[need not] support specifying the Convention aspect with convention_identifier C in the following cases:
Modify C.3.2(24/5):
The implementation shall document, when the Ceiling_Locking policy (see D.3) is in effect, the default ceiling priority assigned to a protected object that contains a protected procedure that specifies either the Attach_Handler or Interrupt_Handler aspects, but does not specify the Interrupt_Priority aspect. This default [need not be the same]{can be different} for [all]{different} interrupts.
Modify C.7.2(28):
An implementation [need not]{can avoid} actually [create]{creating} the object corresponding to a task attribute until its value is set to something other than that of Initial_Value, or until Reference is called for the task attribute. Similarly, when the value of the attribute is to be reinitialized to that of Initial_Value, the object may instead be finalized and its storage reclaimed, to be recreated when needed later. While the object does not exist, the function Value may simply return Initial_Value, rather than implicitly creating the object.
Modify D.2.2(17/2):
Implementations are allowed to define other task dispatching policies, but {are not required to}[need not] support {specifying} more than one task dispatching policy per partition.
Modify D.2.2(18/2):
An implementation {is not required to}[need not] support pragma Priority_Specific_Dispatching if it is infeasible to support it in the target environment.
Modify D.3(15/2):
Implementations are allowed to define other locking policies, but {are not required to}[need not] support {specifying} more than one locking policy per partition.
Modify D.4(15/2):
Implementations are allowed to define other queuing policies, but {are not required to}[need not] support {specifying} more than one queuing policy per partition.
Modify D.4.1(8/5):
Implementations are allowed to define other admission policies, but {are not required to}[need not] support {specifying} more than one admission policy per partition.
Modify D.8(46):
Implementations targeted to machines with word size smaller than 32 bits [need not support]{may omit support for} the full range and granularity of the Time and Time_Span types.
[This and the ones like it below are Implementation Permissions, so they should be using some form of "may" - Editor.]
Modify D.11(10):
An implementation [need not support]{may omit support for} Asynchronous_Task_Control if it is infeasible to support it in the target environment.
Modify D.14(28/2):
Implementations targeted to machines with word size smaller than 32 bits [need not support]{may omit support for} the full range and granularity of the CPU_Time type.
Modify E.1(13):
In an implementation, the partitions of a distributed program [need not]{may} be loaded and elaborated [all at the same time]{at different times}; they may be loaded and elaborated one at a time over an extended period of time. An implementation may provide facilities to abort and reload a partition during the execution of a distributed program.
Modify E.2.3(20/5):
An implementation [need not support]{may omit support for} the Remote_Call_Interface aspect [nor]{or} the All_Calls_Remote aspect. Explicit message-based communication between active partitions can be supported as an alternative to RPC.
Modify E.5(27):
A body for the package System.RPC {is not required to}[need not] be supplied by the implementation.
Modify G.1.1(54):
The nongeneric equivalent packages [may, but need not,]{can} be actual instantiations of the generic package for the appropriate predefined type{, though that is not required}.
Modify G.1.2(46):
The nongeneric equivalent packages [may, but need not,]{can} be actual instantiations of the generic package with the appropriate predefined nongeneric equivalent of Numerics.Generic_Complex_Types{, though that is not required}; if they are, then the latter shall have been obtained by actual instantiation of Numerics.Generic_Complex_Types.
Modify G.2(3):
The two modes [need not actually be different]{can be one and the same}.
Modify G.3.1(87/2):
The nongeneric equivalent packages [may, but need not,]{can} be actual instantiations of the generic package for the appropriate predefined type{, though that is not required}.
Modify G.3.1(156/2):
The nongeneric equivalent packages [may, but need not,]{can} be actual instantiations of the generic package for the appropriate predefined type{, though that is not required}.
Modify G.3.1(157/2):
Although many operations are defined in terms of operations from numerics.generic_complex_types, they [need not]{can} be implemented by [calling those operations provided that the]{other operations that have the same} effect[ is the same].
Modify H.7.1(14/5):
The dispatching operation set is identified by a set of dispatching_operation_specifiers. It indicates that the Nonblocking and global effects of dispatching calls that match one of the specifiers{, rather than being} [need not be] accounted for by the Nonblocking or global aspect, [but] are instead to be accounted for by the invoker of the operation. A dispatching call matches a dispatching_operation_specifier if the name or prefix of the call statically denotes the same operation(s) as that of the dispatching_operation_specifier, and at least one of the objects controlling the call is denoted by, or designated by, a name that statically names the same object as that denoted by the object_name of the dispatching_operation_specifier.
!discussion
To summarize the ISO rules from the Directives part 2 (often referred to as the drafting standard):
Requirements use "shall" preferably, or phrases involving forms of "require", "has to", or "it is necessary". "Must" is not allowed (it can be used for external requirements, such as government laws, but that usually doesn't apply to us).
Recommendations use "should" preferably, or phrases involving forms of "recommend" or "ought to".
Permissions should use "may" preferably, or phrases using forms of "permit" or "allow". "Might" is not allowed in this context. Negative forms are not allowed (no "may not"); permissions must be positive. A quote: "Rather than using negative permissions, either rewrite the sentence to state what is permitted, or rewrite as a requirement/recommendation not to do something."
Possibility should use "can", or phrases using forms of "able" or "possible".
ISO has taken this further and does not want to see "might", "could", or "need" at all; they assume that they are being used in one of the above contexts. I don't know where "need" comes from (other than the "House Style", but that's not normative), the Directives never mentions it as a word to avoid, and in fact it uses the word "needs" with the meaning of desires repeatedly. But the Directives is clear that one should not use any words other than the above to express requirements, recommendations, or permissions.
Note that while some phrases are given meanings, other uses of the words seem be to be allowed by the Directives. For instance, "necessary" is used in many contexts in the Directives that are not requirements.
We have a particular problem with "need not", used frequently to get around not being able to say "may not". But negative permissions aren't allowed at all, in any verbal form. (They have to be reworded positively, or integrated into the requirements if that's not possible.) This is a problem since many of our permissions are exceptions to rules stated elsewhere, and those have to be written negatively. We handle just this problem in this AI; other wording changes needed are handled in AI12-0438-1, AI12-0439-1, and AI12-0445-1.
--
We could consider making wording changes only for the ISO version (new commands would be needed in the formatter to support that if is done a lot
- currently, we can only do that on a full paragraph basis or with a few
macros - but new commands should not be hard to define and implement).
However, that would add complications to future maintenance (as we would need to somehow have both versions in any Corrigendum document, one for our use and one for the actual ISO Corrigendum). As such, we want to make any changes that do not clearly alter the meaning or harm the understandability of the text.
!ASIS
No ASIS effect.
!ACATS test
No ACATS test should be needed, no change in meaning is intended and these are notes anyway.
!appendix

****************************************************************



Questions? Ask the ACAA Technical Agent