@fairfox/polly 0.16.0 → 0.17.0

package/dist/tools/verify/src/cli.js

@@ -1832,7 +1832,7 @@ var init_tla = __esm(() => {
         this.addTemporalConstraints(config.tier2.temporalConstraints);
       }
       this.line("\\* State constraint to bound state space");
-      this.addStateConstraint(config);
+      this.addStateConstraint(config, _analysis);
       this.line("=============================================================================");
     }
     addTemporalConstraints(constraints) {
@@ -1862,10 +1862,11 @@ var init_tla = __esm(() => {
         });
       }
     }
-    addStateConstraint(config) {
+    addStateConstraint(config, analysis) {
       const hasPerMessageBounds = config.messages.perMessageBounds && Object.keys(config.messages.perMessageBounds).length > 0;
       const hasBoundedExploration = config.tier2?.boundedExploration?.maxDepth !== undefined;
-      const needsConjunction = hasPerMessageBounds || hasBoundedExploration;
+      const hasUserConstraints = (analysis.globalStateConstraints?.length ?? 0) > 0;
+      const needsConjunction = hasPerMessageBounds || hasBoundedExploration || hasUserConstraints;
       this.line("StateConstraint ==");
       this.indent++;
       if (needsConjunction) {
@@ -1879,6 +1880,13 @@ var init_tla = __esm(() => {
         if (hasBoundedExploration && config.tier2?.boundedExploration?.maxDepth) {
           this.line(`/\\ TLCGet("level") <= ${config.tier2.boundedExploration.maxDepth} \\* Tier 2: Bounded exploration`);
         }
+        if (hasUserConstraints && analysis.globalStateConstraints) {
+          for (const constraint of analysis.globalStateConstraints) {
+            const tlaExpr = this.tsExpressionToTLA(constraint.expression, false);
+            this.line(`\\* ${constraint.name}${constraint.message ? `: ${constraint.message}` : ""}`);
+            this.line(`/\\ \\A ctx \\in Contexts : (${tlaExpr})`);
+          }
+        }
       } else {
         this.line("Len(messages) <= MaxMessages");
       }
@@ -1887,6 +1895,9 @@ var init_tla = __esm(() => {
       if (hasBoundedExploration && config.tier2?.boundedExploration?.maxDepth) {
         console.log(`[INFO] [TLAGenerator] Tier 2: Bounded exploration with maxDepth = ${config.tier2.boundedExploration.maxDepth}`);
       }
+      if (hasUserConstraints && analysis.globalStateConstraints) {
+        console.log(`[INFO] [TLAGenerator] ${analysis.globalStateConstraints.length} user-defined state constraint(s) added to CONSTRAINT clause`);
+      }
     }
     addDeliveredTracking() {
       this.line("");
@@ -2366,6 +2377,400 @@ var init_docker = () => {};
 import * as fs4 from "node:fs";
 import * as path4 from "node:path";
 
+// tools/verify/src/analysis/expression-validator.ts
+var SIGNAL_VALUE_FIELD = /([a-zA-Z_]\w*)\.value\.([a-zA-Z_][\w.]*)/g;
+var SIGNAL_VALUE_BARE = /([a-zA-Z_]\w*)\.value\b(?!\.)/g;
+var STATE_DOT_FIELD = /state\.([a-zA-Z_][\w.]*)/g;
+var PAYLOAD_REF = /payload\.\w+/;
+function extractFieldRefs(expression) {
+  const refs = [];
+  for (const m of expression.matchAll(SIGNAL_VALUE_FIELD)) {
+    const prefix = m[1];
+    const suffix = m[2];
+    refs.push(`${prefix}.${suffix}`);
+  }
+  for (const m of expression.matchAll(SIGNAL_VALUE_BARE)) {
+    refs.push(m[1]);
+  }
+  for (const m of expression.matchAll(STATE_DOT_FIELD)) {
+    refs.push(m[1]);
+  }
+  return [...new Set(refs)];
+}
+function fieldInConfig(fieldRef, configKeys, stateConfig) {
+  if (configKeys.has(fieldRef))
+    return true;
+  const underscored = fieldRef.replace(/\./g, "_");
+  if (configKeys.has(underscored))
+    return true;
+  const dotted = fieldRef.replace(/_/g, ".");
+  if (configKeys.has(dotted))
+    return true;
+  if (stateConfig && fieldRef.endsWith(".length")) {
+    const parent = fieldRef.slice(0, -".length".length);
+    const parentEntry = resolveConfigEntry(parent, stateConfig);
+    if (parentEntry !== undefined && isArrayLike(parentEntry))
+      return true;
+  }
+  return false;
+}
+function resolveConfigEntry(fieldRef, stateConfig) {
+  if (fieldRef in stateConfig)
+    return stateConfig[fieldRef];
+  const underscored = fieldRef.replace(/\./g, "_");
+  if (underscored in stateConfig)
+    return stateConfig[underscored];
+  const dotted = fieldRef.replace(/_/g, ".");
+  if (dotted in stateConfig)
+    return stateConfig[dotted];
+  return;
+}
+function isArrayLike(configEntry) {
+  if (configEntry && typeof configEntry === "object") {
+    const obj = configEntry;
+    if (obj.type === "array")
+      return true;
+    if ("maxLength" in obj)
+      return true;
+    if ("maxSize" in obj)
+      return true;
+  }
+  return false;
+}
+function isNullable(configEntry) {
+  if (Array.isArray(configEntry)) {
+    return configEntry.includes(null);
+  }
+  if (configEntry && typeof configEntry === "object") {
+    const obj = configEntry;
+    if (obj.abstract === true)
+      return true;
+    if (Array.isArray(obj.values)) {
+      return obj.values.includes(null);
+    }
+  }
+  return false;
+}
+var UNSUPPORTED_METHODS = /\.(some|every|find|filter)\s*\(/;
+var OPTIONAL_CHAIN = /\?\./;
+var NULL_COMPARISON = /(===?\s*null|!==?\s*null|null\s*===?|null\s*!==?)/;
+function checkUnmodeledFields(expression, configKeys, stateConfig, messageType, conditionType, location) {
+  const warnings = [];
+  const refs = extractFieldRefs(expression);
+  for (const ref of refs) {
+    if (!fieldInConfig(ref, configKeys, stateConfig)) {
+      warnings.push({
+        kind: "unmodeled_field",
+        message: `${conditionType}() in ${messageType} references unmodeled field '${ref}'`,
+        messageType,
+        conditionType,
+        expression,
+        location,
+        suggestion: `Add '${ref}' to state config or remove from ${conditionType}()`
+      });
+    }
+  }
+  return warnings;
+}
+function checkUnsupportedMethods(expression, configKeys, stateConfig, messageType, conditionType, location) {
+  const match = expression.match(UNSUPPORTED_METHODS);
+  if (!match)
+    return [];
+  const refs = extractFieldRefs(expression);
+  const allUnmodeled = refs.length > 0 && refs.every((r) => !fieldInConfig(r, configKeys, stateConfig));
+  if (allUnmodeled)
+    return [];
+  return [
+    {
+      kind: "unsupported_method",
+      message: `${conditionType}() in ${messageType} uses .${match[1]}() which cannot be translated to TLA+`,
+      messageType,
+      conditionType,
+      expression,
+      location,
+      suggestion: `Rewrite without .${match[1]}() or model the check as a boolean state field`
+    }
+  ];
+}
+function checkOptionalChaining(expression, messageType, conditionType, location) {
+  if (!OPTIONAL_CHAIN.test(expression))
+    return [];
+  return [
+    {
+      kind: "optional_chaining",
+      message: `${conditionType}() in ${messageType} uses optional chaining (?.)`,
+      messageType,
+      conditionType,
+      expression,
+      location,
+      suggestion: "Optional chaining translation is fragile — consider explicit null checks or restructuring"
+    }
+  ];
+}
+function checkNullComparisons(expression, stateConfig, configKeys, messageType, conditionType, location) {
+  if (!NULL_COMPARISON.test(expression))
+    return [];
+  const warnings = [];
+  const refs = extractFieldRefs(expression);
+  for (const ref of refs) {
+    if (!fieldInConfig(ref, configKeys, stateConfig))
+      continue;
+    const entry = resolveConfigEntry(ref, stateConfig);
+    if (entry !== undefined && !isNullable(entry)) {
+      warnings.push({
+        kind: "null_comparison",
+        message: `${conditionType}() in ${messageType} compares '${ref}' to null but field is not nullable`,
+        messageType,
+        conditionType,
+        expression,
+        location,
+        suggestion: `Add null to '${ref}' values in state config, or remove the null check`
+      });
+    }
+  }
+  return warnings;
+}
+var WEAK_NEGATION = /([a-zA-Z_][\w.]*(?:\.value\.[\w.]+|\.value\b|))?\s*!==?\s*("[^"]*"|'[^']*'|\d+|true|false|null)/;
+function checkWeakPostconditions(expression, handler, messageType, conditionType, location) {
+  if (conditionType !== "ensures")
+    return [];
+  const match = expression.match(WEAK_NEGATION);
+  if (!match)
+    return [];
+  const refs = extractFieldRefs(expression);
+  if (refs.length === 0)
+    return [];
+  for (const ref of refs) {
+    const underscoredRef = ref.replace(/\./g, "_");
+    const hasAssignment = handler.assignments.some((a) => a.field === ref || a.field === underscoredRef || a.field.replace(/_/g, ".") === ref);
+    if (hasAssignment) {
+      const assignment = handler.assignments.find((a) => a.field === ref || a.field === underscoredRef || a.field.replace(/_/g, ".") === ref);
+      const assignedValue = assignment ? JSON.stringify(assignment.value) : "<value>";
+      return [
+        {
+          kind: "weak_postcondition",
+          message: `ensures() in ${messageType} uses !== for '${ref}' which has a concrete assignment`,
+          messageType,
+          conditionType,
+          expression,
+          location,
+          suggestion: `Consider ensures(${ref} === ${assignedValue}) for a stronger postcondition`
+        }
+      ];
+    }
+  }
+  return [];
+}
+function validateExpressions(handlers, stateConfig) {
+  const warnings = [];
+  let validCount = 0;
+  const configKeys = new Set(Object.keys(stateConfig));
+  for (const handler of handlers) {
+    const conditions = [
+      ...handler.preconditions.map((c) => ({
+        cond: c,
+        type: "requires"
+      })),
+      ...handler.postconditions.map((c) => ({
+        cond: c,
+        type: "ensures"
+      }))
+    ];
+    for (const { cond, type } of conditions) {
+      const refs = extractFieldRefs(cond.expression);
+      const isPayloadOnly = refs.length === 0 && PAYLOAD_REF.test(cond.expression);
+      const loc = {
+        file: handler.location.file,
+        line: cond.location.line,
+        column: cond.location.column
+      };
+      const condWarnings = [];
+      if (!isPayloadOnly) {
+        condWarnings.push(...checkUnmodeledFields(cond.expression, configKeys, stateConfig, handler.messageType, type, loc));
+      }
+      condWarnings.push(...checkUnsupportedMethods(cond.expression, configKeys, stateConfig, handler.messageType, type, loc));
+      condWarnings.push(...checkOptionalChaining(cond.expression, handler.messageType, type, loc));
+      condWarnings.push(...checkNullComparisons(cond.expression, stateConfig, configKeys, handler.messageType, type, loc));
+      condWarnings.push(...checkWeakPostconditions(cond.expression, handler, handler.messageType, type, loc));
+      if (condWarnings.length === 0) {
+        validCount++;
+      } else {
+        warnings.push(...condWarnings);
+      }
+    }
+  }
+  return { warnings, validCount, warnCount: warnings.length };
+}
+
+// tools/verify/src/config/types.ts
+function isAdapterConfig(config) {
+  return "adapter" in config;
+}
+function isLegacyConfig(config) {
+  return "messages" in config && !("adapter" in config);
+}
+
+// tools/verify/src/analysis/state-space-estimator.ts
+function typedFieldCardinality(name, obj) {
+  if (!("type" in obj))
+    return null;
+  switch (obj.type) {
+    case "boolean":
+      return { name, cardinality: 2, kind: "boolean" };
+    case "enum":
+      if (Array.isArray(obj.values)) {
+        return { name, cardinality: obj.values.length, kind: "enum" };
+      }
+      return { name, cardinality: "unbounded", kind: "enum" };
+    case "number":
+      if (typeof obj.min === "number" && typeof obj.max === "number") {
+        return { name, cardinality: obj.max - obj.min + 1, kind: "number" };
+      }
+      return { name, cardinality: "unbounded", kind: "number" };
+    case "array":
+      return { name, cardinality: "unbounded", kind: "array" };
+    case "string":
+      return { name, cardinality: "unbounded", kind: "string" };
+    default:
+      return null;
+  }
+}
+function legacyFieldCardinality(name, obj) {
+  if ("values" in obj && Array.isArray(obj.values)) {
+    const base = obj.values.length;
+    const extra = obj.abstract === true ? 1 : 0;
+    return {
+      name,
+      cardinality: base + extra,
+      kind: obj.abstract ? "enum (abstract)" : "enum (values)"
+    };
+  }
+  if ("maxLength" in obj && !("type" in obj)) {
+    return { name, cardinality: "unbounded", kind: "array" };
+  }
+  if ("min" in obj && "max" in obj && typeof obj.min === "number" && typeof obj.max === "number" && !("type" in obj)) {
+    return { name, cardinality: obj.max - obj.min + 1, kind: "number" };
+  }
+  return null;
+}
+function fieldCardinality(name, value) {
+  if (Array.isArray(value)) {
+    return { name, cardinality: value.length, kind: "enum (literal)" };
+  }
+  if (typeof value !== "object" || value === null) {
+    return { name, cardinality: "unbounded", kind: "unknown" };
+  }
+  const obj = value;
+  return typedFieldCardinality(name, obj) ?? legacyFieldCardinality(name, obj) ?? { name, cardinality: "unbounded", kind: "unknown" };
+}
+function permutations(n, k) {
+  if (k > n)
+    return 1;
+  let result = 1;
+  for (let i = 0;i < k; i++) {
+    result *= n - i;
+  }
+  return result;
+}
+function getHandlerCount(config, analysis) {
+  if (isLegacyConfig(config)) {
+    const msgs = config.messages;
+    if (msgs.include) {
+      return msgs.include.length;
+    }
+    if (msgs.exclude) {
+      return Math.max(0, analysis.handlers.length - msgs.exclude.length);
+    }
+  }
+  return analysis.handlers.length;
+}
+function getMaxInFlight(config) {
+  if (isLegacyConfig(config)) {
+    return config.messages.maxInFlight ?? 1;
+  }
+  if (isAdapterConfig(config)) {
+    return config.bounds?.maxInFlight ?? 1;
+  }
+  return 1;
+}
+function getMaxTabs(config) {
+  if (isLegacyConfig(config)) {
+    return config.messages.maxTabs ?? 1;
+  }
+  return 1;
+}
+function getFeasibility(states) {
+  if (states < 1e5)
+    return "trivial";
+  if (states <= 1e6)
+    return "feasible";
+  if (states <= 1e7)
+    return "slow";
+  return "infeasible";
+}
+function feasibilityLabel(f) {
+  switch (f) {
+    case "trivial":
+      return "trivial (should complete in seconds)";
+    case "feasible":
+      return "feasible (should complete in minutes)";
+    case "slow":
+      return "slow (may take 10–30 minutes)";
+    case "infeasible":
+      return "infeasible (likely won't terminate)";
+  }
+}
+function estimateStateSpace(config, analysis) {
+  const state = config.state;
+  const fields = [];
+  const warnings = [];
+  const suggestions = [];
+  for (const [name, value] of Object.entries(state)) {
+    fields.push(fieldCardinality(name, value));
+  }
+  const unboundedFields = fields.filter((f) => f.cardinality === "unbounded");
+  const boundedFields = fields.filter((f) => f.cardinality !== "unbounded");
+  const fieldProduct = boundedFields.length > 0 ? boundedFields.reduce((acc, f) => acc * f.cardinality, 1) : 1;
+  if (unboundedFields.length > 0) {
+    warnings.push(`${unboundedFields.length} field(s) have unbounded domains: ${unboundedFields.map((f) => f.name).join(", ")}`);
+    suggestions.push(`Fields ${unboundedFields.map((f) => f.name).join(", ")} have unbounded domains — their actual impact depends on handler logic`);
+  }
+  const handlerCount = getHandlerCount(config, analysis);
+  const maxInFlight = getMaxInFlight(config);
+  const maxTabs = getMaxTabs(config);
+  const contextCount = maxTabs + 1;
+  const totalStateSpace = fieldProduct ** contextCount;
+  const interleavingFactor = permutations(handlerCount, maxInFlight);
+  const estimatedStates = totalStateSpace * interleavingFactor;
+  const feasibility = getFeasibility(estimatedStates);
+  if (handlerCount > 15) {
+    suggestions.push("Consider splitting into subsystems");
+  }
+  for (const f of boundedFields) {
+    if (f.cardinality > 50) {
+      suggestions.push(`Consider reducing bounds for field "${f.name}" (${f.cardinality} values)`);
+    }
+  }
+  if (maxInFlight > 2) {
+    const reducedInterleaving = permutations(handlerCount, 2);
+    const reduction = reducedInterleaving > 0 ? Math.round(interleavingFactor / reducedInterleaving) : 1;
+    suggestions.push(`Reducing maxInFlight from ${maxInFlight} to 2 would reduce interleaving by ~${reduction}x`);
+  }
+  return {
+    fields,
+    fieldProduct,
+    handlerCount,
+    maxInFlight,
+    contextCount,
+    totalStateSpace,
+    interleavingFactor,
+    estimatedStates,
+    feasibility,
+    warnings,
+    suggestions
+  };
+}
+
 // tools/verify/src/codegen/config.ts
 class ConfigGenerator {
   lines = [];
@@ -3717,13 +4122,14 @@ class HandlerExtractor {
     const messageTypes = new Set;
     const invalidMessageTypes = new Set;
     const stateConstraints = [];
+    const globalStateConstraints = [];
     const verifiedStates = [];
     this.warnings = [];
     const allSourceFiles = this.project.getSourceFiles();
     const entryPoints = allSourceFiles.filter((f) => this.isWithinPackage(f.getFilePath()));
     this.debugLogSourceFiles(allSourceFiles, entryPoints);
     for (const entryPoint of entryPoints) {
-      this.analyzeFileAndImports(entryPoint, handlers, messageTypes, invalidMessageTypes, stateConstraints, verifiedStates);
+      this.analyzeFileAndImports(entryPoint, handlers, messageTypes, invalidMessageTypes, stateConstraints, globalStateConstraints, verifiedStates);
     }
     if (verifiedStates.length > 0) {
       if (process.env["POLLY_DEBUG"]) {
@@ -3753,11 +4159,12 @@ class HandlerExtractor {
       handlers,
       messageTypes,
       stateConstraints,
+      globalStateConstraints,
       verifiedStates,
       warnings: this.warnings
     };
   }
-  analyzeFileAndImports(sourceFile, handlers, messageTypes, invalidMessageTypes, stateConstraints, verifiedStates) {
+  analyzeFileAndImports(sourceFile, handlers, messageTypes, invalidMessageTypes, stateConstraints, globalStateConstraints, verifiedStates) {
     const filePath = sourceFile.getFilePath();
     if (this.analyzedFiles.has(filePath)) {
       return;
@@ -3771,6 +4178,8 @@ class HandlerExtractor {
     this.categorizeHandlerMessageTypes(fileHandlers, messageTypes, invalidMessageTypes);
     const fileConstraints = this.extractStateConstraintsFromFile(sourceFile);
     stateConstraints.push(...fileConstraints);
+    const fileGlobalConstraints = this.extractGlobalStateConstraintsFromFile(sourceFile);
+    globalStateConstraints.push(...fileGlobalConstraints);
     const fileVerifiedStates = this.extractVerifiedStatesFromFile(sourceFile);
     verifiedStates.push(...fileVerifiedStates);
     const importDeclarations = sourceFile.getImportDeclarations();
@@ -3784,7 +4193,7 @@ class HandlerExtractor {
           }
           continue;
         }
-        this.analyzeFileAndImports(importedFile, handlers, messageTypes, invalidMessageTypes, stateConstraints, verifiedStates);
+        this.analyzeFileAndImports(importedFile, handlers, messageTypes, invalidMessageTypes, stateConstraints, globalStateConstraints, verifiedStates);
       } else if (process.env["POLLY_DEBUG"]) {
         const specifier = importDecl.getModuleSpecifierValue();
         if (!specifier.startsWith("node:") && !this.isNodeModuleImport(specifier)) {
@@ -5119,6 +5528,81 @@ class HandlerExtractor {
     });
     return constraints;
   }
+  extractGlobalStateConstraintsFromFile(sourceFile) {
+    const constraints = [];
+    const filePath = sourceFile.getFilePath();
+    sourceFile.forEachDescendant((node) => {
+      const constraint = this.recognizeGlobalStateConstraint(node, filePath);
+      if (constraint) {
+        constraints.push(constraint);
+      }
+    });
+    return constraints;
+  }
+  recognizeGlobalStateConstraint(node, filePath) {
+    if (!Node2.isCallExpression(node)) {
+      return null;
+    }
+    const expression = node.getExpression();
+    if (!Node2.isIdentifier(expression)) {
+      return null;
+    }
+    const functionName = expression.getText();
+    if (functionName !== "stateConstraint") {
+      return null;
+    }
+    const args = node.getArguments();
+    if (args.length < 2) {
+      return null;
+    }
+    const nameArg = args[0];
+    if (!Node2.isStringLiteral(nameArg)) {
+      return null;
+    }
+    const name = nameArg.getLiteralValue();
+    const predicateArg = args[1];
+    if (!Node2.isArrowFunction(predicateArg)) {
+      return null;
+    }
+    const body = predicateArg.getBody();
+    let expressionText;
+    if (Node2.isBlock(body)) {
+      const returnStatement = body.getStatements().find((s) => Node2.isReturnStatement(s));
+      if (!returnStatement || !Node2.isReturnStatement(returnStatement)) {
+        return null;
+      }
+      const returnExpr = returnStatement.getExpression();
+      if (!returnExpr) {
+        return null;
+      }
+      expressionText = returnExpr.getText();
+    } else {
+      expressionText = body.getText();
+    }
+    let message;
+    if (args.length >= 3) {
+      const optionsArg = args[2];
+      if (Node2.isObjectLiteralExpression(optionsArg)) {
+        for (const prop of optionsArg.getProperties()) {
+          if (Node2.isPropertyAssignment(prop) && prop.getName() === "message") {
+            const value = prop.getInitializer();
+            if (value && Node2.isStringLiteral(value)) {
+              message = value.getLiteralValue();
+            }
+          }
+        }
+      }
+    }
+    return {
+      name,
+      expression: expressionText,
+      message,
+      location: {
+        file: filePath,
+        line: node.getStartLineNumber()
+      }
+    };
+  }
   recognizeStateConstraint(node, filePath) {
     if (!Node2.isCallExpression(node)) {
       return [];
@@ -5433,7 +5917,8 @@ class TypeExtractor {
       messageTypes: validMessageTypes,
       fields,
       handlers: completeHandlers,
-      stateConstraints: handlerAnalysis.stateConstraints
+      stateConstraints: handlerAnalysis.stateConstraints,
+      globalStateConstraints: handlerAnalysis.globalStateConstraints
     };
   }
   extractHandlerAnalysis() {
@@ -5864,6 +6349,10 @@ async function main() {
     case "validate":
       await validateCommand();
       break;
+    case "--estimate":
+    case "estimate":
+      await estimateCommand();
+      break;
     case "--help":
     case "help":
       showHelp();
@@ -5980,6 +6469,70 @@ async function validateCommand() {
 `, COLORS.red));
   process.exit(1);
 }
+async function estimateCommand() {
+  const configPath = path4.join(process.cwd(), "specs", "verification.config.ts");
+  console.log(color(`
+\uD83D\uDCCA Estimating state space...
+`, COLORS.blue));
+  const validation = validateConfig(configPath);
+  if (!validation.valid) {
+    const errors = validation.issues.filter((i) => i.severity === "error");
+    console.log(color(`❌ Configuration incomplete (${errors.length} error(s))
+`, COLORS.red));
+    for (const error of errors.slice(0, 3)) {
+      console.log(color(`   • ${error.message}`, COLORS.red));
+    }
+    console.log(`
+   Run 'polly verify --validate' to see all issues`);
+    process.exit(1);
+  }
+  const config = await loadVerificationConfig(configPath);
+  const analysis = await runCodebaseAnalysis();
+  const typedConfig = config;
+  const typedAnalysis = analysis;
+  const exprValidation = validateExpressions(typedAnalysis.handlers, typedConfig.state);
+  if (exprValidation.warnings.length > 0) {
+    displayExpressionWarnings(exprValidation);
+  }
+  const estimate = estimateStateSpace(typedConfig, typedAnalysis);
+  displayEstimate(estimate);
+}
+function displayEstimate(estimate) {
+  console.log(color(`State space estimate:
+`, COLORS.blue));
+  console.log(color("  Fields:", COLORS.blue));
+  for (const field of estimate.fields) {
+    const name = field.name.padEnd(28);
+    const kind = field.kind.padEnd(18);
+    const card = field.cardinality === "unbounded" ? color("(excluded — unbounded)", COLORS.yellow) : `${field.cardinality} values`;
+    console.log(`    ${name} ${kind} ${card}`);
+  }
+  console.log();
+  console.log(`  Field combinations:     ${color(String(estimate.fieldProduct), COLORS.green)}`);
+  console.log(`  Handlers:               ${estimate.handlerCount}`);
+  console.log(`  Max in-flight:          ${estimate.maxInFlight}`);
+  console.log(`  Contexts:               ${estimate.contextCount} (${estimate.contextCount - 1} tab${estimate.contextCount - 1 !== 1 ? "s" : ""} + background)`);
+  console.log(`  Interleaving factor:    ${estimate.interleavingFactor}`);
+  console.log();
+  console.log(`  Estimated states:       ${color(`~${estimate.estimatedStates.toLocaleString()}`, COLORS.green)}`);
+  const feasColor = estimate.feasibility === "trivial" || estimate.feasibility === "feasible" ? COLORS.green : estimate.feasibility === "slow" ? COLORS.yellow : COLORS.red;
+  console.log();
+  console.log(`  Assessment: ${color(feasibilityLabel(estimate.feasibility), feasColor)}`);
+  if (estimate.warnings.length > 0) {
+    console.log();
+    for (const w of estimate.warnings) {
+      console.log(color(`  ⚠️  ${w}`, COLORS.yellow));
+    }
+  }
+  if (estimate.suggestions.length > 0) {
+    console.log();
+    console.log(color("  Suggestions:", COLORS.blue));
+    for (const s of estimate.suggestions) {
+      console.log(color(`    • ${s}`, COLORS.gray));
+    }
+  }
+  console.log();
+}
 function displayValidationErrors(errors) {
   if (errors.length === 0)
     return;
@@ -6011,6 +6564,19 @@ function displayValidationWarnings(warnings) {
     console.log();
   }
 }
+function displayExpressionWarnings(result) {
+  if (result.warnings.length === 0)
+    return;
+  console.log(color(`⚠️  Found ${result.warnCount} expression warning(s):
+`, COLORS.yellow));
+  for (const w of result.warnings) {
+    console.log(color(`   ⚠  ${w.message}`, COLORS.yellow));
+    console.log(color(`      ${w.expression}`, COLORS.gray));
+    console.log(color(`      at ${w.location.file}:${w.location.line}`, COLORS.gray));
+    console.log(color(`      → ${w.suggestion}`, COLORS.yellow));
+    console.log();
+  }
+}
 async function verifyCommand() {
   const configPath = path4.join(process.cwd(), "specs", "verification.config.ts");
   console.log(color(`
@@ -6073,6 +6639,12 @@ function getMaxDepth(config) {
 async function runFullVerification(configPath) {
   const config = await loadVerificationConfig(configPath);
   const analysis = await runCodebaseAnalysis();
+  const typedConfig = config;
+  const typedAnalysis = analysis;
+  const exprValidation = validateExpressions(typedAnalysis.handlers, typedConfig.state);
+  if (exprValidation.warnings.length > 0) {
+    displayExpressionWarnings(exprValidation);
+  }
   const { specPath, specDir } = await generateAndWriteTLASpecs(config, analysis);
   findAndCopyBaseSpec(specDir);
   console.log(color("✓ Specification generated", COLORS.green));
@@ -6260,6 +6832,9 @@ ${color("Commands:", COLORS.blue)}
   ${color("bun verify --validate", COLORS.green)}
     Validate existing configuration without running verification
 
+  ${color("bun verify --estimate", COLORS.green)}
+    Estimate state space without running TLC
+
   ${color("bun verify --help", COLORS.green)}
     Show this help message
 
@@ -6314,4 +6889,4 @@ main().catch((error) => {
   process.exit(1);
 });
 
-//# debugId=0CD51D5DC046B30964756E2164756E21
+//# debugId=35FC1B345D5CADC664756E2164756E21