SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 25

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 2024.1

Lower case Lowercase letter 'l' (ell) can easily be confused with the digit '1' (one). This can be particularly confusing when indicating that an integer literal constant is a long value. This rule recommendation is similar to recommendation DCL02-C. Use visually distinct identifiers. Likewise, you should use 'uppercase LL' rather than 'lowercase ll' when indicating that an integer literal constant is a long long value.

To be precise when using modifiers to indicate the type of an integer literal, the first character may not be l.  It may be Lu, or U. Subsequent characters have no strict case requirements.

Noncompliant Code Example

This noncompliant example highlights the result of adding an integer and a long value even though it appears that two integers 1111 are being added. :

Code Block
bgColor#FFCCCC
langc

	printf("Sum is %ld\n", 1111 + 111l);

Compliant Solution

The compliant solution improvises by using an upper case 'uppercase L' instead of lower case 'lowercase l' to disambiguate the visual appearance.:

Code Block
bgColor#ccccff
langc

	printf("Sum is %ld\n", 1111 + 111L);

Risk Assessment

Confusing a lower case lowercase letter 'l' (ell) with a digit '1' (one) when indicating that an integer denotation is a long value could lead to an incorrect value being written into code.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL16-C

low

Low

unlikely

Unlikely

low

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
long-suffixFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-DCL16
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.TYPE.CSUFConfusing literal suffix

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.DCL16

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C1280
LDRA tool suite
 
Include Page
LDRA_V
LDRA_V
252 SFully implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-DCL16-a

The lowercase form of 'L' shall not be used as the first character in a literal suffix

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

620

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. DCL16-CChecks for use of lowercase "l" in literal suffix (rec. fully covered)


RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
long-suffixFully checked
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
LiteralSuffix

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

...

Coding Standard

...

DCL16-CPP. Use

...

"L

...

," not

...

"l

...

," to indicate a long value

The CERT Oracle Secure Coding Standard for Java: DCL06-J. Use 'L', not 'l', to indicate that an integer literal is of type long

Bibliography

MISRA C:2012Rule 7.3 (required)

Bibliography

...

[Lockheed Martin 2005]
AV Rule 14,

...

Literal suffixes shall use uppercase rather than lowercase letters

...


...

Image Modified      02. Declarations and Initialization (DCL)       Image Added Image Modified