Distributed in-network computing offloads logic to switches but enlarges the fault domain through cross-device interactions; existing verification techniques support only single-device analysis and thus fail to detect distributed interaction errors causing state inconsistency. Method: We propose the first efficient verification framework for distributed in-network computing, innovatively integrating the actor model with Communicating Sequential Processes (CSP) to model pipelines as event-driven interactive actors; we design a semantics-aware state pruning mechanism to significantly improve scalability. The framework employs a unified intent language with formal semantics to enable end-to-end modeling and verification of distributed interaction behavior. Contribution/Results: Evaluated on real-world systems, our framework discovers 10 interaction-induced defects, achieves up to 913.2× speedup in verification time, and reduces memory overhead by 1.9× compared to baseline approaches.

Distributed in-network programs are increasingly deployed in data centers for their performance benefits, but shifting application logic to switches also enlarges the failure domain. Ensuring their correctness before deployment is thus critical for reliability. While prior verification frameworks can efficiently detect bugs for programs running on a single switch, they overlook the common interactive behaviors in distributed settings, thereby missing related bugs that can cause state inconsistencies and system failures. This paper presents Procurator, a verification framework that efficiently captures interactive behaviors in distributed in-network programs. Procurator introduces a formal model combining the actor paradigm with Communicating Sequential Processes (CSP), translating pipeline execution into reactive, event-driven actors and unifying their interactions as message passing. To support flexible specification of distributed properties, it provides a unified intent language. Additionally, it incorporates a semantic-aware state pruner to reduce verification complexity, thus ensuring system scalability. Evaluation results show that Procurator efficiently uncovers 10 distinct bugs caused by interactive behaviors across five real-world in-network systems. It also reduces verification time by up to 913.2x and memory consumption by up to 1.9x compared to the state-of-the-art verifier.