The Eiffel language definition [Mey92] attempts to compensate for these problems by mandating a link-time ``system validity check'' that performs a dataflow analysis of the complete final program at link time in order to identify those expressions that are at risk for unsafe method calls. Unfortunately, systems that depend on a dataflow analysis for type safety are fragile, as potentially problematic code can go undetected for a long while until a ``dangerous'' method call is made in a new or modified class.
While a detailed algorithm for the system validity check can be found in [Mey92], it has apparently never been implemented, and is not available in any of the existing commercial Eiffel compilers. As a result, it is unknown how conservative (or expensive) this system validity check is.