Skip to end of metadata
Go to start of metadata

Lowercase letter l (ell) can easily be confused with the digit 1 (one). This can be particularly confusing when indicating that an integer literal constant is a long value. This recommendation is similar to DCL02-C. Use visually distinct identifiers. Likewise, you should use uppercase LL rather than lowercase ll when indicating that an integer literal constant is a long long value.

To be precise when using modifiers to indicate the type of an integer literal, the first character may not be l.  It may be Lu, or U. Subsequent characters have no strict case requirements.

Noncompliant Code Example

This noncompliant example highlights the result of adding an integer and a long value even though it appears that two integers 1111 are being added:

	printf("Sum is %ld\n", 1111 + 111l);

Compliant Solution

The compliant solution improvises by using an uppercase L instead of lowercase l to disambiguate the visual appearance:

	printf("Sum is %ld\n", 1111 + 111L);

Risk Assessment

Confusing a lowercase letter l (ell) with a digit 1 (one) when indicating that an integer denotation is a long value could lead to an incorrect value being written into code.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL16-C

Low

Unlikely

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
19.04
long-suffixFully checked
Axivion Bauhaus Suite

6.9.0

CertC-DCL16
CodeSonar
5.1p0
LANG.TYPE.CSUFConfusing literal suffix

ECLAIR

1.2

CC2.DCL16

Fully implemented

LDRA tool suite
 9.7.1
252 SFully implemented
Parasoft C/C++test
10.4.2

CERT_C-DCL16-a

Use capital 'L' instead of lowercase 'l' to indicate long

Polyspace Bug Finder

R2018a

MISRA C:2012 Rule 7.3

The lowercase character “l” shall not be used in a literal suffix

PRQA QA-C
9.5
1280Fully implemented
RuleChecker
19.04
long-suffixFully checked
SonarQube C/C++ Plugin
3.11
LiteralSuffix

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[Lockheed Martin 2005]AV Rule 14, Literal suffixes shall use uppercase rather than lowercase letters



3 Comments

  1. Can we make this more general like - "do not use ambiguous notations", or something similar? How about including in the package the low priority rule "do not pad with zeroes since that can be interpreted as an octal value"? (For example, int arr[] = {10,20,030}; ... 030 is interpreted as an Octal value and hence may yield surprising results when used by an inexperienced programmer)

    There might be more such cases...

    1. I'd say it depends on how many ambiguous notations there are. If there are only a few other types (eg octal as you cite), they prob each deserve their own rule/rec. If there are lots (eg > 10), then one rule could handle 'em all. I really doubt there are that many.

  2. I assume that this recommendation missed `lu` and `llu` by accident, but isn't intended to cover `ul` or `ull`?