Provability Boundaries in COBOL
The unifying theory behind deterministic authority — and why it must terminate when guarantees collapse.
The Question Everyone Asks (Incorrectly)
Most modernization initiatives begin with the wrong question:
“How risky is this migration?”
Risk is probabilistic. Regulated decisions are not.
The correct question is binary:
“Can this behavior be proven deterministically from source artifacts alone — or can it not?”
What Provability Means
Provability is the ability to derive complete, replayable guarantees about system behavior without executing the system.
A guarantee is provable only if:
- All control flow is statically resolvable
- All data dependencies are visible
- All external effects are declared
- No runtime mutation alters execution paths
If any of these conditions fail, provability collapses.
The Boundary Principle
A provability boundary is a construct where static analysis can no longer guarantee behavior.
Boundaries are not bugs. They are epistemic limits.
Authority does not cross epistemic limits.
Canonical Boundary Classes
| Boundary Type | Why Guarantees Collapse |
|---|---|
| ALTER | Control flow is modified at runtime |
| GO TO DEPENDING ON | Branch targets computed dynamically |
| CALL variable-name | Call graph cannot be resolved statically |
| CICS without RESP/RESP2 | Error paths are environment-dependent |
| IMS DL/I | Navigation state persists across calls |
| Assembler linkage | Execution exits analyzable domain |
Detailed boundary analyses cover ALTER control-flow mutation and dynamic CALL resolution.
Why Testing Does Not Restore Authority
Testing demonstrates observed behavior.
Authority requires proof of all behavior.
A test suite cannot prove the absence of unobserved paths, particularly when runtime state influences execution.
Why Scores and Confidence Percentages Are Invalid
Statements like:
- “87% safe to migrate”
- “Low risk”
- “High confidence”
are category errors.
Provability is binary. Either a guarantee exists — or it does not.
How Authority Is Issued
Under a declared governance context, authority is issued only when:
- No provability boundaries are present
- No blocking rules are triggered
- All guarantees are derivable from source
When a boundary is encountered:
- Authority terminates
- A NO-GO or REFUSE is issued
- The decision is recorded immutably
What This Means for Institutions
Deterministic authority changes governance posture:
- No optimism bias
- No vendor assurances
- No undocumented assumptions
Decisions become defensible precisely because refusal is allowed.
How This Research Is Used
Authority records cite this page to establish:
- Why a refusal was issued
- Which boundary terminated guarantees
- Why no further inference was permitted
This ensures decisions remain reviewable years later.
Explicit Non-Claims
- No runtime execution or simulation
- No operational recommendations
- No compliance certification
- No probabilistic scoring
- No prediction of behavior
This article defines a general governance framework. It does not analyze any specific institution’s code and does not issue an authority decision.