The Dafny toolchain—including its verification condition generator (VCG) and compiler—lacks formal correctness guarantees, and several soundness bugs have been identified. Method: We develop, for the first time, a HOL4-based functional big-step semantics for a key Dafny subset supporting recursion, loops, and arrays, and use it to machine-check the end-to-end functional correctness of both the VCG and the compiler. Contribution/Results: Our verified VCG generates complete and sound verification conditions from annotated Dafny source code; our verified compiler produces CakeML code that is proven to compile further into correct machine code. This work bridges critical trust gaps in the Dafny ecosystem by establishing end-to-end formal assurance for both verification and compilation. We demonstrate feasibility on benchmark programs including the McCarthy 91 function, achieving a fully trusted pipeline from specification-annotated source to executable machine code.

Dafny is a verification-aware programming language that comes with a compiler and static program verifier. However, neither the compiler nor the verifier is proved correct; in fact, soundness bugs have been found in both tools. This paper shows that the aforementioned Dafny tools can be developed with foundational correctness guarantees. We present a functional big-step semantics for an imperative subset of Dafny and, based on this semantics, a verified verification condition generator (VCG) and a verified compiler for Dafny. The subset of Dafny we have formalized includes mutually recursive method calls, while loops, and arrays -- these language features are significant enough to cover challenging examples such as McCarthy's 91 function and array-based programs that are used when teaching Dafny. The verified VCG allows one to prove functional correctness of annotated Dafny programs, while the verified compiler can be used to compile verified Dafny programs to CakeML programs. From there, one can obtain executable machine code via the (already verified) CakeML compiler, all while provably maintaining the functional correctness guarantees that were proved for the source-level Dafny programs. Our work has been mechanized in the HOL4 theorem prover.