Existing network verification languages (e.g., NetKAT) lack expressive power to model cyclic control flow, finite-state variables, nondeterminism, and explicit stack operations (e.g., push/pop), limiting precise verification of packet parsing, source routing, and programmable telemetry. This paper introduces StacKAT—the first network verification language supporting explicit stack manipulation and infinite-state modeling. Our approach integrates stack-machine semantics into a Kleene algebraic framework, enabling faithful representation of protocol-level stateful behaviors. Key contributions include: (1) a novel language design grounded in stack-machine semantics; (2) the first sound and complete axiomatization of stack-augmented Kleene algebra; and (3) a decidable equivalence-checking algorithm based on finite automata, capable of generating counterexamples. StacKAT overcomes fundamental expressiveness barriers of prior languages in modeling infinite-state network behaviors, providing both a rigorous theoretical foundation and practical tool support for end-to-end property verification of complex network protocols.

We develop StacKAT, a network verification language featuring loops, finite state variables, nondeterminism, and---most importantly---access to a stack with accompanying push and pop operations. By viewing the variables and stack as the (parsed) headers and (to-be-parsed) contents of a network packet, StacKAT can express a wide range of network behaviors including parsing, source routing, and telemetry. These behaviors are difficult or impossible to model using existing languages like NetKAT. We develop a decision procedure for StacKAT program equivalence, based on finite automata. This decision procedure provides the theoretical basis for verifying network-wide properties and is able to provide counterexamples for inequivalent programs. Finally, we provide an axiomatization of StacKAT equivalence and establish its completeness.