The famous "Hartbleed" exploit, which became public in 2014, was due to a bug in the OpenSSL library. This and potentially future misimplementations can be prevented by following a clear formal language definition for the underlying format. Upon closer examination, we determined that the so-called "length-prefix" formats are a formal language class that is neither context-free nor context-sensitive.
Two new related complexity-theoretic language classes called "Calc-Regular" and "Calc-Context-Free" have been proposed by us to precisely define the set of length-prefix languages.
Selected publications on this topic:
Lucks, Stefan, Norina Marie Grosch, and Joshua König. "Taming the length field in binary data: calc-regular languages." 2017 IEEE Security and Privacy Workshops (SPW). IEEE, 2017 [Link].
Jakoby, Andreas, Jannis Leuther, and Stefan Lucks. "Formal Language Theory for Practical Security-Extended Abstract." 2021 IEEE Security and Privacy Workshops (SPW). IEEE, 2021 [Link]