--- layout: fc_discuss_archives title: Message 26 from Frama-C-discuss on July 2009 ---
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Frama-c-discuss] Jessie - sufficiency of proofs



Hello everyone,

I wonder about a general question. When is a proof considered to be
sufficient and exhaustive?
As i found different opinions I would like to make sure I understand this
issue correctly.
Is it necessary that at least one prover proves all PO's of a specified
function. Or is it demanded that even more than one can prove it or is it
exhaustive if each PO is proved by any of the provers, even if there's no
prover proving all PO's at once ?
  
I wonder which case would withstand appraisers or surveyors, when making
official certificates about safety of a software.( for example) Could a
proof that only consists of an addition of proved PO's, where each is proved
but not by one prover but severals, be considered to be safe?

I am really interested in understanding where are the limits and what is
sufficient.

I appreciate your thoughts about that,

Thank you in advance,
Regards,

Kerstin