This work addresses the lack of formal verification in the VeriFast verification tool, whose internal flaws may lead to incorrect judgments about program correctness, thereby limiting its trustworthy deployment in safety-critical domains. To overcome this limitation, the authors propose an innovative approach that, upon successful verification of a Rust program by VeriFast, leverages hinted mirroring to transform VeriFast’s symbolic execution trace into a machine-checkable proof script in Rocq. This script is then replayed and validated within a theorem prover. The method represents the first technique to convert the output of an unverified verifier into an independently certifiable formal proof. By integrating separation logic semantics with axiomatic encodings of Rust, the approach significantly enhances the trustworthiness of verification results while preserving practical usability.

VeriFast is a leading tool for the modular formal verification of correctness properties of single-threaded and multi-threaded C and Rust programs. It verifies a program by symbolically executing each function in isolation, exploiting user-annotated preconditions, postconditions, and loop invariants written in a form of separation logic, and using a separation logic-based symbolic representation of memory. However, the tool itself, written in roughly 30K lines of OCaml code, has not been formally verified. Therefore, bugs in the tool could cause it to falsely report the correctness of the input program. We here report on an early result extending VeriFast to emit, upon successful verification of a Rust program, a Rocq proof script that proves correctness of the program with respect to a Rocq-encoded axiomatic semantics of Rust. This significantly enhances VeriFast's applicability in safety-critical domains. We apply hinted mirroring: we record key information from VeriFast's symbolic execution run, and use it to direct a replay of the run in Rocq.