--- layout: fc_discuss_archives title: Message 26 from Frama-C-discuss on July 2009 ---
Hello everyone, I wonder about a general question. When is a proof considered to be sufficient and exhaustive? As i found different opinions I would like to make sure I understand this issue correctly. Is it necessary that at least one prover proves all PO's of a specified function. Or is it demanded that even more than one can prove it or is it exhaustive if each PO is proved by any of the provers, even if there's no prover proving all PO's at once ? I wonder which case would withstand appraisers or surveyors, when making official certificates about safety of a software.( for example) Could a proof that only consists of an addition of proved PO's, where each is proved but not by one prover but severals, be considered to be safe? I am really interested in understanding where are the limits and what is sufficient. I appreciate your thoughts about that, Thank you in advance, Regards, Kerstin