I would lean towards types and property testing here using tools like Coq.