Deep neural network (DNN) verifiers often produce untrustworthy results in safety-critical applications due to floating-point inaccuracies and implementation bugs, leading to false positives or negatives. Method: We present the first end-to-end formally verified DNN proof checker, built atop the Imandra theorem prover and functional programming. It mechanically checks proofs—such as those derived from Farkas’ lemma and other core linear programming properties—generated by verifiers like Marabou, ensuring machine-checkable, mathematically complete validation. Contribution/Results: Unlike prior C++-based checkers, our approach provides full formal guarantees across the entire pipeline: proof input parsing, checking logic, and final decision output—eliminating all implementation-level trust assumptions. Experiments confirm that it preserves mathematical correctness while robustly mitigating reliability issues stemming from floating-point imprecision and software defects. This work establishes a certifiably trustworthy verification infrastructure for safety-critical AI systems.

Recent advances in the verification of deep neural networks (DNNs) have opened the way for broader usage of DNN verification technology in many application areas, including safety-critical ones. DNN verifiers are themselves complex programs that have been shown to be susceptible to errors and imprecisions; this in turn has raised the question of trust in DNN verifiers. One prominent attempt to address this issue is enhancing DNN verifiers with the capability of producing proofs of their results that are subject to independent algorithmic certification (proof checking). Formulations of proof production and proof checking already exist on top of the state-of-the-art Marabou DNN verifier. The native implementation of the proof checking algorithm for Marabou was done in C++ and itself raised the question of trust in the code (e.g., in the precision of floating point calculations or guarantees for implementation soundness). Here, we present an alternative implementation of the Marabou proof checking algorithm in Imandra -- an industrial functional programming language and prover -- that allows us to obtain an implementation with formal guarantees, including proofs of mathematical results underlying the algorithm, such as the use of the Farkas lemma.