@orcalang/orca-lang 0.1.19 → 0.1.21

package/src/verifier/dt-verifier.ts

@@ -1,7 +1,9 @@
 // Decision Table Verifier
-// Checks: completeness, consistency, redundancy, and structural integrity
+// Checks: completeness, consistency, redundancy, structural integrity, co-location alignment,
+// and machine integration (coverage gap + dead guard detection).
 
 import { DecisionTableDef, ConditionDef, CellValue, Rule } from '../parser/dt-ast.js';
+import { MachineDef, OrcaFile, ContextField, GuardExpression, ComparisonOp } from '../parser/ast.js';
 import { VerificationError, VerificationResult, Severity } from './types.js';
 
 // Helper to get all values for a condition
@@ -560,3 +562,367 @@ export function verifyDecisionTables(dts: DecisionTableDef[]): VerificationResul
     errors: allErrors,
   };
 }
+
+// ============================================================
+// Co-location Alignment Check
+// ============================================================
+
+/**
+ * Check that every condition name and output name in a co-located decision table
+ * exists as a context field in the machine. When a DT and machine are in the same
+ * file, this contract allows action generation to produce fully-wired code.
+ */
+export function checkDTContextAlignment(
+  dt: DecisionTableDef,
+  machine: MachineDef
+): VerificationError[] {
+  const errors: VerificationError[] = [];
+  const contextNames = new Set(machine.context.map(f => f.name));
+
+  for (const cond of dt.conditions) {
+    if (!contextNames.has(cond.name)) {
+      errors.push({
+        code: 'DT_CONTEXT_MISMATCH',
+        message: `Decision table '${dt.name}' condition '${cond.name}' has no matching context field in machine '${machine.name}'`,
+        severity: 'error',
+        location: { decisionTable: dt.name, condition: cond.name },
+        suggestion: `Add '${cond.name}' to the ## context section, or rename the condition to match an existing context field`,
+      });
+    }
+  }
+
+  for (const action of dt.actions) {
+    if (!contextNames.has(action.name)) {
+      errors.push({
+        code: 'DT_CONTEXT_MISMATCH',
+        message: `Decision table '${dt.name}' output '${action.name}' has no matching context field in machine '${machine.name}'`,
+        severity: 'error',
+        location: { decisionTable: dt.name, action: action.name },
+        suggestion: `Add '${action.name}' to the ## context section, or rename the output to match an existing context field`,
+      });
+    }
+  }
+
+  return errors;
+}
+
+/**
+ * For a file with exactly one machine and one or more decision tables, verify
+ * that every DT condition and output name matches a machine context field.
+ * Multi-machine files are skipped (ambiguous ownership).
+ */
+export function checkFileContextAlignment(file: OrcaFile): VerificationError[] {
+  if (file.machines.length !== 1 || file.decisionTables.length === 0) {
+    return [];
+  }
+  const machine = file.machines[0];
+  const errors: VerificationError[] = [];
+  for (const dt of file.decisionTables) {
+    errors.push(...checkDTContextAlignment(dt, machine));
+  }
+  return errors;
+}
+
+// ============================================================
+// Machine Integration Checks
+// ============================================================
+
+/**
+ * Get the enumerable values for a machine context field.
+ * Returns null for types that cannot be exhaustively enumerated (string, int, decimal).
+ * For enum fields, values are stored as a comma-separated defaultValue string.
+ */
+function getMachineFieldValues(field: ContextField): string[] | null {
+  if (field.type.kind === 'bool') return ['true', 'false'];
+  if (field.type.kind === 'custom' && field.type.name === 'enum') {
+    if (!field.defaultValue) return null;
+    const vals = field.defaultValue.split(',').map(v => v.trim()).filter(Boolean);
+    return vals.length > 0 ? vals : null;
+  }
+  return null;
+}
+
+/**
+ * Generate all combinations of condition values using machine context values as the
+ * input domain. Returns null if any condition cannot be enumerated or if the
+ * total combinations exceed the safety limit.
+ */
+function generateMachineContextCombinations(
+  dt: DecisionTableDef,
+  contextMap: Map<string, ContextField>
+): Map<string, string>[] | null {
+  const domainPerCondition: string[][] = [];
+
+  for (const cond of dt.conditions) {
+    const field = contextMap.get(cond.name);
+    if (!field) return null; // Alignment not met — caller should have checked
+    const vals = getMachineFieldValues(field);
+    if (!vals) return null; // Non-enumerable type
+    domainPerCondition.push(vals);
+  }
+
+  // Safety limit
+  let total = 1;
+  for (const vals of domainPerCondition) total *= vals.length;
+  if (total > 4096) return null;
+
+  // Cartesian product
+  const combos: Map<string, string>[] = [];
+  function cartesian(idx: number, current: Map<string, string>): void {
+    if (idx === dt.conditions.length) {
+      combos.push(new Map(current));
+      return;
+    }
+    const condName = dt.conditions[idx].name;
+    for (const val of domainPerCondition[idx]) {
+      current.set(condName, val);
+      cartesian(idx + 1, current);
+      current.delete(condName);
+    }
+  }
+  cartesian(0, new Map());
+  return combos;
+}
+
+/**
+ * DT_COVERAGE_GAP: Decision table must cover all input combinations the machine
+ * context can actually produce. Uses machine enum/bool values as the authoritative
+ * domain — stricter than DT_INCOMPLETE which only checks DT-declared values.
+ */
+function checkDTCoverageGap(
+  dt: DecisionTableDef,
+  contextMap: Map<string, ContextField>
+): VerificationError[] {
+  const errors: VerificationError[] = [];
+
+  const combos = generateMachineContextCombinations(dt, contextMap);
+  if (!combos) return errors; // Non-enumerable conditions or too many combinations
+
+  for (const combo of combos) {
+    const matched = dt.rules.some(rule => ruleMatchesInput(rule, dt.conditions, combo));
+    if (!matched) {
+      const comboDesc = [...combo.entries()].map(([k, v]) => `${k}=${v}`).join(', ');
+      errors.push({
+        code: 'DT_COVERAGE_GAP',
+        message: `Decision table '${dt.name}' has no rule for machine context combination: ${comboDesc}`,
+        severity: 'error',
+        location: { decisionTable: dt.name },
+        suggestion: `Add a rule covering this combination, or add a catch-all row using '-' wildcards`,
+      });
+    }
+  }
+
+  return errors;
+}
+
+/**
+ * Recursively collect all equality comparisons from a guard expression.
+ * Returns tuples of (fieldName, op, comparedValue) for any `ctx.X op Y` node.
+ */
+function collectFieldComparisons(
+  expr: GuardExpression
+): Array<{ field: string; op: ComparisonOp; value: string }> {
+  if (expr.kind === 'compare') {
+    // Only handle ctx.fieldName comparisons
+    if (expr.left.path.length === 2 && expr.left.path[0] === 'ctx') {
+      return [{ field: expr.left.path[1], op: expr.op, value: String(expr.right.value) }];
+    }
+    return [];
+  }
+  if (expr.kind === 'not') return collectFieldComparisons(expr.expr);
+  if (expr.kind === 'and' || expr.kind === 'or') {
+    return [...collectFieldComparisons(expr.left), ...collectFieldComparisons(expr.right)];
+  }
+  return [];
+}
+
+/**
+ * Compute the set of guard names that test a DT output field against a value
+ * the DT never produces. These guards are always false after the DT action fires.
+ */
+function computeDeadGuardNames(dt: DecisionTableDef, machine: MachineDef): Set<string> {
+  const outputDomain = new Map<string, Set<string>>();
+  for (const action of dt.actions) {
+    outputDomain.set(action.name, new Set<string>());
+  }
+  for (const rule of dt.rules) {
+    for (const [name, value] of rule.actions) {
+      outputDomain.get(name)?.add(value);
+    }
+  }
+
+  const outputFields = new Set(dt.actions.map(a => a.name));
+  const dead = new Set<string>();
+
+  for (const guardDef of machine.guards) {
+    const comparisons = collectFieldComparisons(guardDef.expression);
+    for (const { field, op, value } of comparisons) {
+      if (!outputFields.has(field)) continue;
+      if (op !== 'eq') continue;
+      const possible = outputDomain.get(field)!;
+      if (!possible.has(value)) {
+        dead.add(guardDef.name);
+      }
+    }
+  }
+
+  return dead;
+}
+
+/**
+ * DT_GUARD_DEAD: A guard that compares a DT output field against a value the DT
+ * never produces is a dead guard — it can never be true immediately after the
+ * DT action fires. Reported as a warning since another action might set the field.
+ */
+function checkDTGuardDead(dt: DecisionTableDef, machine: MachineDef): VerificationError[] {
+  const errors: VerificationError[] = [];
+
+  // Build output domain: field → set of values the DT can produce
+  const outputDomain = new Map<string, Set<string>>();
+  for (const action of dt.actions) {
+    outputDomain.set(action.name, new Set<string>());
+  }
+  for (const rule of dt.rules) {
+    for (const [name, value] of rule.actions) {
+      outputDomain.get(name)?.add(value);
+    }
+  }
+
+  const outputFields = new Set(dt.actions.map(a => a.name));
+
+  for (const guardDef of machine.guards) {
+    const comparisons = collectFieldComparisons(guardDef.expression);
+    for (const { field, op, value } of comparisons) {
+      if (!outputFields.has(field)) continue; // Not a DT output field
+      if (op !== 'eq') continue;              // Only equality checks are conclusive
+
+      const possible = outputDomain.get(field)!;
+      if (!possible.has(value)) {
+        const possibleList = [...possible].join(', ') || '(none)';
+        errors.push({
+          code: 'DT_GUARD_DEAD',
+          message: `Guard '${guardDef.name}' tests '${field} == ${value}' but '${dt.name}' never outputs '${value}' for '${field}' (possible: ${possibleList})`,
+          severity: 'warning',
+          location: { decisionTable: dt.name, condition: field },
+          suggestion: `Update '${dt.name}' to produce '${value}' for '${field}', or remove this guard`,
+        });
+      }
+    }
+  }
+
+  return errors;
+}
+
+/**
+ * BFS from initial state, optionally skipping transitions guarded by dead guards.
+ * A non-negated transition guarded by a name in `deadGuards` is skipped (never fires).
+ * A negated dead guard (!dead) is NOT skipped — negation of a dead guard is always true.
+ */
+function bfsReachableWithDeadGuards(machine: MachineDef, deadGuards: Set<string>): Set<string> {
+  const initial = machine.states.find(s => s.isInitial);
+  if (!initial) return new Set();
+
+  const visited = new Set<string>();
+  const queue = [initial.name];
+
+  while (queue.length > 0) {
+    const state = queue.shift()!;
+    if (visited.has(state)) continue;
+    visited.add(state);
+
+    for (const t of machine.transitions) {
+      if (t.source !== state) continue;
+      // A non-negated dead guard means the transition can never fire
+      if (t.guard && !t.guard.negated && deadGuards.has(t.guard.name)) continue;
+      if (!visited.has(t.target)) queue.push(t.target);
+    }
+  }
+
+  return visited;
+}
+
+/**
+ * DT_UNREACHABLE_STATE: A state that is graph-reachable but only accessible via
+ * transitions guarded by dead guards — it can never be entered given DT outputs.
+ * Reported as a warning (structural reachability is preserved; the constraint is semantic).
+ */
+function checkDTDeadGuardReachability(dt: DecisionTableDef, machine: MachineDef): VerificationError[] {
+  const deadGuards = computeDeadGuardNames(dt, machine);
+  if (deadGuards.size === 0) return [];
+
+  const plainReachable = bfsReachableWithDeadGuards(machine, new Set());
+  const dtReachable = bfsReachableWithDeadGuards(machine, deadGuards);
+
+  const errors: VerificationError[] = [];
+  const deadList = [...deadGuards].join(', ');
+
+  for (const state of machine.states) {
+    if (plainReachable.has(state.name) && !dtReachable.has(state.name)) {
+      errors.push({
+        code: 'DT_UNREACHABLE_STATE',
+        message: `State '${state.name}' is unreachable given '${dt.name}' output constraints — all entry paths are gated by dead guards (${deadList})`,
+        severity: 'warning',
+        location: { state: state.name, decisionTable: dt.name },
+        suggestion: `Update '${dt.name}' to produce values that satisfy the guards leading to '${state.name}', or revise the guard expressions`,
+      });
+    }
+  }
+
+  return errors;
+}
+
+/**
+ * Check DT integration with the machine: coverage gap, dead guards, and
+ * DT-constrained reachability. Only runs when exactly one machine is present
+ * and the DT is fully aligned. Multi-machine files are skipped (ambiguous ownership).
+ */
+export function checkDTMachineIntegration(file: OrcaFile): VerificationError[] {
+  if (file.machines.length !== 1 || file.decisionTables.length === 0) {
+    return [];
+  }
+  const machine = file.machines[0];
+  const contextMap = new Map(machine.context.map(f => [f.name, f]));
+  const errors: VerificationError[] = [];
+
+  for (const dt of file.decisionTables) {
+    // Only verify DTs that are fully aligned with machine context
+    const allAligned = [...dt.conditions, ...dt.actions].every(item => contextMap.has(item.name));
+    if (!allAligned) continue;
+
+    errors.push(...checkDTCoverageGap(dt, contextMap));
+    errors.push(...checkDTGuardDead(dt, machine));
+    errors.push(...checkDTDeadGuardReachability(dt, machine));
+  }
+
+  return errors;
+}
+
+/**
+ * Compute the merged output domain across all aligned DTs in a single-machine file.
+ * Returns a map from DT output field name → set of values the DT(s) can produce.
+ * Used by the properties checker to prune guard-protected transitions that are
+ * semantically impossible given DT output constraints.
+ * Returns undefined if no aligned DTs are found.
+ */
+export function computeAlignedDTOutputDomain(file: OrcaFile): Map<string, Set<string>> | undefined {
+  if (file.machines.length !== 1 || file.decisionTables.length === 0) return undefined;
+  const machine = file.machines[0];
+  const contextMap = new Map(machine.context.map(f => [f.name, f]));
+
+  const domain = new Map<string, Set<string>>();
+
+  for (const dt of file.decisionTables) {
+    const allAligned = [...dt.conditions, ...dt.actions].every(item => contextMap.has(item.name));
+    if (!allAligned) continue;
+
+    for (const actionDef of dt.actions) {
+      if (!domain.has(actionDef.name)) domain.set(actionDef.name, new Set());
+      for (const rule of dt.rules) {
+        const val = rule.actions.get(actionDef.name);
+        if (val !== undefined) domain.get(actionDef.name)!.add(val);
+      }
+    }
+  }
+
+  return domain.size > 0 ? domain : undefined;
+}

package/src/verifier/properties.ts

@@ -1,29 +1,66 @@
-import { MachineDef, Property, ReachabilityProperty, PassesThroughProperty, RespondsProperty, InvariantProperty, GuardRef, GuardDef } from '../parser/ast.js';
+import { MachineDef, Property, ReachabilityProperty, PassesThroughProperty, RespondsProperty, InvariantProperty, GuardRef, GuardDef, GuardExpression } from '../parser/ast.js';
 import { VerificationResult, VerificationError, MachineAnalysis, StateInfo } from './types.js';
 import { analyzeMachine, flattenStates, FlattenedState } from './structural.js';
 import { resolveGuardExpression, isExpressionStaticallyFalse } from './determinism.js';
 
 const DEFAULT_MAX_STATES = 64;
 
+/**
+ * Check if a guard expression is statically false given DT output domain constraints.
+ * A comparison `ctx.field == value` is false if the DT never outputs `value` for `field`.
+ * Handles AND (false if either branch is domain-blocked) and OR (false only if both are).
+ */
+function isExpressionBlockedByDomain(
+  expr: GuardExpression,
+  domain: Map<string, Set<string>>
+): boolean {
+  if (expr.kind === 'compare' && expr.op === 'eq') {
+    if (expr.left.path.length === 2 && expr.left.path[0] === 'ctx') {
+      const field = expr.left.path[1];
+      const value = String(expr.right.value);
+      const possible = domain.get(field);
+      if (possible !== undefined && !possible.has(value)) return true;
+    }
+  }
+  if (expr.kind === 'and') {
+    return isExpressionBlockedByDomain(expr.left, domain) ||
+           isExpressionBlockedByDomain(expr.right, domain);
+  }
+  if (expr.kind === 'or') {
+    return isExpressionBlockedByDomain(expr.left, domain) &&
+           isExpressionBlockedByDomain(expr.right, domain);
+  }
+  return false;
+}
+
 /**
  * Check if a transition's guard is statically false (can never fire).
  * Used in guard-aware BFS to prune impossible transitions.
+ * When dtOutputDomain is provided, also prunes guards that compare DT output
+ * fields against values the DT never produces.
  */
 function isTransitionStaticallyBlocked(
   transition: { guard?: GuardRef },
-  guardDefs: Map<string, GuardDef>
+  guardDefs: Map<string, GuardDef>,
+  dtOutputDomain?: Map<string, Set<string>>
 ): boolean {
   if (!transition.guard) return false; // No guard = always possible
 
   const resolved = resolveGuardExpression(transition.guard, guardDefs);
   if (!resolved) return false; // Can't resolve = assume possible
 
-  return isExpressionStaticallyFalse(resolved);
+  if (isExpressionStaticallyFalse(resolved)) return true;
+
+  if (dtOutputDomain && isExpressionBlockedByDomain(resolved, dtOutputDomain)) return true;
+
+  return false;
 }
 
 /**
  * BFS from source state, returning reachable set and parent map for counterexample traces.
  * Supports guard-aware mode: skips transitions with statically false guards.
+ * When dtOutputDomain is provided, also skips transitions whose guards are impossible
+ * given the DT output domain constraints.
  */
 function bfs(
   stateMap: Map<string, StateInfo>,
@@ -31,7 +68,8 @@ function bfs(
   options?: {
     excludeState?: string;
     maxDepth?: number;
-    guardDefs?: Map<string, GuardDef>;  // Enable guard-aware pruning
+    guardDefs?: Map<string, GuardDef>;
+    dtOutputDomain?: Map<string, Set<string>>;
   }
 ): { reachable: Set<string>; parent: Map<string, { state: string; event: string; guard?: string }> } {
   const reachable = new Set<string>();
@@ -56,8 +94,8 @@ function bfs(
       // Skip excluded state
       if (options?.excludeState && target === options.excludeState) continue;
 
-      // Guard-aware: skip transitions with statically false guards
-      if (options?.guardDefs && isTransitionStaticallyBlocked(t, options.guardDefs)) continue;
+      // Guard-aware: skip transitions with statically false guards (including DT domain constraints)
+      if (options?.guardDefs && isTransitionStaticallyBlocked(t, options.guardDefs, options.dtOutputDomain)) continue;
 
       if (!reachable.has(target)) {
         reachable.add(target);
@@ -157,7 +195,8 @@ function checkReachable(
   prop: ReachabilityProperty,
   analysis: MachineAnalysis,
   flattenedStates: FlattenedState[],
-  guardDefs: Map<string, GuardDef>
+  guardDefs: Map<string, GuardDef>,
+  dtOutputDomain?: Map<string, Set<string>>
 ): VerificationError[] {
   const errors: VerificationError[] = [];
 
@@ -166,7 +205,7 @@ function checkReachable(
   const toRes = resolveStateName(prop.to, flattenedStates);
   if (toRes.error) return [toRes.error];
 
-  const { reachable } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs });
+  const { reachable } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs, dtOutputDomain });
 
   if (!reachable.has(toRes.resolved)) {
     errors.push({
@@ -185,7 +224,8 @@ function checkUnreachable(
   prop: ReachabilityProperty,
   analysis: MachineAnalysis,
   flattenedStates: FlattenedState[],
-  guardDefs: Map<string, GuardDef>
+  guardDefs: Map<string, GuardDef>,
+  dtOutputDomain?: Map<string, Set<string>>
 ): VerificationError[] {
   const errors: VerificationError[] = [];
 
@@ -194,7 +234,7 @@ function checkUnreachable(
   const toRes = resolveStateName(prop.to, flattenedStates);
   if (toRes.error) return [toRes.error];
 
-  const { reachable, parent } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs });
+  const { reachable, parent } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs, dtOutputDomain });
 
   if (reachable.has(toRes.resolved)) {
     const path = reconstructPath(parent, fromRes.resolved, toRes.resolved);
@@ -218,7 +258,8 @@ function checkPassesThrough(
   prop: PassesThroughProperty,
   analysis: MachineAnalysis,
   flattenedStates: FlattenedState[],
-  guardDefs: Map<string, GuardDef>
+  guardDefs: Map<string, GuardDef>,
+  dtOutputDomain?: Map<string, Set<string>>
 ): VerificationError[] {
   const errors: VerificationError[] = [];
 
@@ -230,7 +271,7 @@ function checkPassesThrough(
   if (throughRes.error) return [throughRes.error];
 
   // First check: is target reachable from source at all?
-  const { reachable: fullReachable } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs });
+  const { reachable: fullReachable } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs, dtOutputDomain });
   if (!fullReachable.has(toRes.resolved)) {
     errors.push({
       code: 'PROPERTY_PATH_FAIL',
@@ -246,6 +287,7 @@ function checkPassesThrough(
   const { reachable: withoutThrough, parent } = bfs(analysis.stateMap, fromRes.resolved, {
     excludeState: throughRes.resolved,
     guardDefs,
+    dtOutputDomain,
   });
 
   if (withoutThrough.has(toRes.resolved)) {
@@ -265,14 +307,15 @@ function checkPassesThrough(
 function checkLive(
   analysis: MachineAnalysis,
   flattenedStates: FlattenedState[],
-  guardDefs: Map<string, GuardDef>
+  guardDefs: Map<string, GuardDef>,
+  dtOutputDomain?: Map<string, Set<string>>
 ): VerificationError[] {
   const errors: VerificationError[] = [];
 
   if (!analysis.initialState) return errors;
 
   // Find all reachable states from initial
-  const { reachable: reachableFromInitial } = bfs(analysis.stateMap, analysis.initialState.name, { guardDefs });
+  const { reachable: reachableFromInitial } = bfs(analysis.stateMap, analysis.initialState.name, { guardDefs, dtOutputDomain });
 
   // Find all final state names
   const finalStateNames = new Set(analysis.finalStates.map(s => s.name));
@@ -285,7 +328,7 @@ function checkLive(
     const fs = flattenedStates.find(f => f.name === stateName);
     if (fs && (fs.isCompound || fs.isRegion)) continue;
 
-    const { reachable: reachableFromState } = bfs(analysis.stateMap, stateName, { guardDefs });
+    const { reachable: reachableFromState } = bfs(analysis.stateMap, stateName, { guardDefs, dtOutputDomain });
 
     let canReachFinal = false;
     for (const finalName of finalStateNames) {
@@ -313,7 +356,8 @@ function checkResponds(
   prop: RespondsProperty,
   analysis: MachineAnalysis,
   flattenedStates: FlattenedState[],
-  guardDefs: Map<string, GuardDef>
+  guardDefs: Map<string, GuardDef>,
+  dtOutputDomain?: Map<string, Set<string>>
 ): VerificationError[] {
   const errors: VerificationError[] = [];
 
@@ -325,11 +369,12 @@ function checkResponds(
   const { reachable } = bfs(analysis.stateMap, fromRes.resolved, {
     maxDepth: prop.within,
     guardDefs,
+    dtOutputDomain,
   });
 
   if (!reachable.has(toRes.resolved)) {
     // Check if it's reachable at all (just beyond the bound)
-    const { reachable: unbounded } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs });
+    const { reachable: unbounded } = bfs(analysis.stateMap, fromRes.resolved, { guardDefs, dtOutputDomain });
     const reachableButBeyondBound = unbounded.has(toRes.resolved);
 
     const suffix = reachableButBeyondBound
@@ -453,7 +498,16 @@ function checkMachineSize(
 
 // --- Main entry point ---
 
-export function checkProperties(machine: MachineDef, options?: { maxStates?: number }): VerificationResult {
+export function checkProperties(
+  machine: MachineDef,
+  options?: {
+    maxStates?: number;
+    /** DT output domain from co-located aligned decision tables. When provided,
+     *  the guard-aware BFS will prune transitions whose guards compare DT output
+     *  fields against values the DT never produces, giving more precise results. */
+    dtOutputDomain?: Map<string, Set<string>>;
+  }
+): VerificationResult {
   const maxStates = options?.maxStates ?? DEFAULT_MAX_STATES;
   const flattenedStates = flattenStates(machine.states);
   const errors: VerificationError[] = [];
@@ -470,6 +524,7 @@ export function checkProperties(machine: MachineDef, options?: { maxStates?: num
   }
 
   const analysis = analyzeMachine(machine);
+  const dtOutputDomain = options?.dtOutputDomain;
 
   // Build guard definition map for guard-aware BFS
   const guardDefs = new Map<string, GuardDef>();
@@ -480,19 +535,19 @@ export function checkProperties(machine: MachineDef, options?: { maxStates?: num
   for (const prop of machine.properties) {
     switch (prop.kind) {
       case 'reachable':
-        errors.push(...checkReachable(prop, analysis, flattenedStates, guardDefs));
+        errors.push(...checkReachable(prop, analysis, flattenedStates, guardDefs, dtOutputDomain));
         break;
       case 'unreachable':
-        errors.push(...checkUnreachable(prop, analysis, flattenedStates, guardDefs));
+        errors.push(...checkUnreachable(prop, analysis, flattenedStates, guardDefs, dtOutputDomain));
         break;
       case 'passes_through':
-        errors.push(...checkPassesThrough(prop, analysis, flattenedStates, guardDefs));
+        errors.push(...checkPassesThrough(prop, analysis, flattenedStates, guardDefs, dtOutputDomain));
         break;
       case 'live':
-        errors.push(...checkLive(analysis, flattenedStates, guardDefs));
+        errors.push(...checkLive(analysis, flattenedStates, guardDefs, dtOutputDomain));
         break;
       case 'responds':
-        errors.push(...checkResponds(prop, analysis, flattenedStates, guardDefs));
+        errors.push(...checkResponds(prop, analysis, flattenedStates, guardDefs, dtOutputDomain));
         break;
       case 'invariant':
         errors.push(...checkInvariant(prop, machine, flattenedStates));

package/src/verifier/structural.ts

@@ -183,7 +183,11 @@ export function analyzeMachine(machine: MachineDef): MachineAnalysis {
     if (fs) {
       // Find the original state definition
       const originalState = findOriginalState(machine.states, fs.simpleName, fs.parentName);
-      if (originalState?.ignoredEvents) {
+      if (originalState?.ignoredAll) {
+        for (const event of machine.events) {
+          info.eventsIgnored.add(event.name);
+        }
+      } else if (originalState?.ignoredEvents) {
         for (const event of originalState.ignoredEvents) {
           info.eventsIgnored.add(event);
         }