Lower case Lowercase letter 'l' (ell) can easily be confused with the digit '1' (one). This can be particularly confusing when indicating that an integer denotation is a long value.literal constant is a long value. This recommendation is similar to DCL02-C. Use visually distinct identifiers. Likewise, you should use uppercase LL rather than lowercase ll when indicating that an integer literal constant is a long long
value.
To be precise when using modifiers to indicate the type of an integer literal, the first character may not be l
. It may be L
, u
, or U
. Subsequent characters have no strict case requirements.
Noncompliant Code Example
This noncompliant example highlights the result of adding an integer and a long value even though it appears that two integers 11111
1111
are being added. :
Code Block | ||||
---|---|---|---|---|
| ||||
printf("Sum is %ld\n", 1111 + 111l);
|
Compliant Solution
The compliant solution improvises by using an upper case 'uppercase L' instead of lower case 'lowercase l' to disambiguate the visual appearance.:
Code Block | ||||
---|---|---|---|---|
| ||||
printf("Sum is %ld\n", 1111 + 111L);
|
Risk Assessment
Confusing a lower case lowercase letter 'l' (ell) with a digit '1' (one) when indicating that an integer denotation is a long
value could lead to an incorrect value being written into code.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL16-C |
Low |
Unlikely |
Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| long-suffix | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC-DCL16 | |||||||
CodeSonar |
| LANG.TYPE.CSUF | Confusing literal suffix | ||||||
| CC2.DCL16 | Fully implemented | |||||||
Helix QAC |
| C1280 | |||||||
LDRA tool suite |
| 252 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-DCL16-a | The lowercase form of 'L' shall not be used as the first character in a literal suffix | ||||||
PC-lint Plus |
| 620 | Fully supported | ||||||
Polyspace Bug Finder |
| CERT C: Rec. DCL16-C | Checks for use of lowercase "l" in literal suffix (rec. fully covered) | ||||||
RuleChecker |
| long-suffix | Fully checked | ||||||
SonarQube C/C++ Plugin |
| LiteralSuffix |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
...
Related Guidelines
...
...
...
...
...
...
...
MISRA C:2012 | Rule 7.3 (required) |
Bibliography
[Lockheed Martin 2005] | AV Rule 14, Literal suffixes shall use uppercase rather than lowercase letters |
...
This rule appears in the Java Secure Coding Standard as DCL30-J. Use 'L', not 'l', to indicate a long value.
DCL15-C. Declare objects that do not need external linkage with the storage-class specifier static 02. Declarations and Initialization (DCL)