Lower case Lowercase letter 'l' (ell) can easily be confused with the digit '1' (one). This can be particularly confusing when indicating that an integer denotation is a long value.literal constant is a long value. This recommendation is similar to DCL02-C. Use visually distinct identifiers. Likewise, you should use uppercase LL rather than lowercase ll when indicating that an integer literal constant is a long long value.
To be precise when using modifiers to indicate the type of an integer literal, the first character may not be l. It may be L, u, or U. Subsequent characters have no strict case requirements.
Noncompliant Code Example
This noncompliant example highlights the result of adding an integer and a long value even though it appears that two integers 11111 1111 are being added. :
| Code Block | ||||
|---|---|---|---|---|
| ||||
printf("Sum is %ld\n", 1111 + 111l);
|
Compliant Solution
The compliant solution improvises by using an upper case 'uppercase L' instead of lower case 'lowercase l' to disambiguate the visual appearance.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
printf("Sum is %ld\n", 1111 + 111L);
|
Risk Assessment
Confusing a lower case lowercase letter 'l' (ell) with a digit '1' (one) when indicating that an integer denotation is a long value could lead to an incorrect value being written into code.
Rule
low
unlikely
low
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL16-C |
Low |
Unlikely |
Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| long-suffix | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-DCL16 | |||||||
| CodeSonar |
| LANG.TYPE.CSUF | Confusing literal suffix | ||||||
| CC2.DCL16 | Fully implemented | |||||||
| Helix QAC |
| C1280 | |||||||
| LDRA tool suite |
| 252 S | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-DCL16-a | The lowercase form of 'L' shall not be used as the first character in a literal suffix | ||||||
| PC-lint Plus |
| 620 | Fully supported | ||||||
| Polyspace Bug Finder |
| CERT C: Rec. DCL16-C | Checks for use of lowercase "l" in literal suffix (rec. fully covered) | ||||||
| RuleChecker |
| long-suffix | Fully checked | ||||||
| SonarQube C/C++ Plugin |
| LiteralSuffix |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
...
Related Guidelines
...
...
...
...
...
...
...
| MISRA C:2012 | Rule 7.3 (required) |
Bibliography
| [Lockheed Martin 2005] | AV Rule 14, Literal suffixes shall use uppercase rather than lowercase letters |
...
This rule appears in the Java Secure Coding Standard as DCL01-J. Use 'L', not 'l', to indicate a long value.
DCL15-C. Declare objects or functions that do not need external linkage with the storage-class specifier static 02. Declarations and Initialization (DCL)