Focal Interest
Focal Interest

FLAT: Formal Languages as Types

A workspace scene showing a laptop with code visible on its screen, black over-ear headphones resting on the desk, and office supplies, with a blurred office environment in the background.
Image Credit: Photo by RobertGourley on Pixabay (SourceLicense)

AI Summary of Peer-Reviewed Research

This page presents an AI-generated summary of a published research paper. The original authors did not write or review this article. See full disclosure ↓

ACM Transactions on Software Engineering and Methodology·2026-03-07·Peer-reviewed·View original paper ↗·Follow this topic (RSS)
Computer Science & AIAlgorithms, Logic & Theory
Publication Signals show what we were able to verify about where this research was published.STRONGWe verified multiple publication signals for this source, including independently confirmed credentials. Publication Signals reflect the source’s verifiable credentials, not the quality of the research.
  • ✔ Peer-reviewed source
  • ✔ Published in indexed journal
  • ✔ No retraction or integrity flags

Overview

FLAT proposes a type system approach that treats formal languages as first-class types in programming languages to distinguish between conceptually different string encodings. Conventional type systems conflate semantically distinct string types such as file paths, URLs, and email addresses under a single string type, creating opportunities for type-related vulnerabilities. The approach leverages context-free grammars and optional semantic constraints to restrict valid string values at the type level, enabling comprehensive solutions for documentation, validation, anomaly detection, and test generation.

Methods and approach

The FLAT framework uses context-free grammars as type definitions to enforce syntactic validity of strings. Semantic constraints can be layered atop grammatical restrictions for additional validation requirements. FLAT-PY instantiates this approach for Python through code instrumentation that performs runtime type checking on annotated code. Users annotate Python functions with formal language types and optional preconditions and postconditions. The instrumentation mechanism intercepts function calls and validates input and output strings against their declared types, reporting violations immediately upon detection.

Key Findings

Case studies on real Python code fragments demonstrate that FLAT-PY can detect logical bugs when combined with language-based fuzzing. The detection capability depends on an appropriate level of user annotation density. Runtime checking via instrumentation successfully identifies type mismatches between actual and expected string encodings, validating the practical utility of the approach for automated bug discovery.

Implications

Applying formal language types to strings addresses a fundamental gap in mainstream programming language type systems, where syntactic and semantic distinctions in string data are not captured. The integration of formal languages as types creates a foundation for multiple downstream applications including API documentation clarity, input validation automation, security vulnerability detection, fuzzing heuristics, and test oracle generation without requiring separate implementations.

Disclosure

  • Research title: FLAT: Formal Languages as Types
  • Authors: Fengmin Zhu, Andreas Zeller
  • Institutions: Helmholtz Center for Information Security
  • Publication date: 2026-03-07
  • DOI: https://doi.org/10.1145/3799978
  • OpenAlex record: View
  • Image credit: Photo by RobertGourley on Pixabay (SourceLicense)
  • Disclosure: This post was generated by Claude (Anthropic). The original authors did not write or review this post.

Get the weekly research newsletter

Stay current with peer-reviewed research without reading academic papers — one filtered digest, every Friday.

Related research in Computer Science & AI

More posts