If you really wanted to be able to guarantee that called code doesn’t affect the variables you provide it, as well as any mutable globals, you’d need to write a pass over the callee’s code_typed AST (recursively) and determine where writes occur. For calls to foreign libraries, if you know the library and functions ahead of time (like OpenBLAS or FFTW), then you could permit calls to certain functions and not others, depending on what variables they’re called with.