Lowercase letter l (ell) can easily be confused with the digit 1 (one). This can be particularly confusing when indicating that an integer literal constant is a long value. This recommendation is similar to DCL02-C. Use visually distinct identifiers. Likewise, you should use uppercase LL rather than lowercase ll when indicating that an integer literal constant is a long long value.
To be precise when using modifiers to indicate the type of an integer literal, the first character may not be l. It may be L, u, or U. Subsequent characters have no strict case requirements.
Noncompliant Code Example
This noncompliant example highlights the result of adding an integer and a long value even though it appears that two integers 1111 are being added:
printf("Sum is %ld\n", 1111 + 111l);
Compliant Solution
The compliant solution improvises by using an uppercase L instead of lowercase l to disambiguate the visual appearance:
printf("Sum is %ld\n", 1111 + 111L);
Risk Assessment
Confusing a lowercase letter l (ell) with a digit 1 (one) when indicating that an integer denotation is a long value could lead to an incorrect value being written into code.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL16-C | Low | Unlikely | Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Astrée | 24.04 | long-suffix | Fully checked |
| Axivion Bauhaus Suite | 7.2.0 | CertC-DCL16 | |
| CodeSonar | 8.1p0 | LANG.TYPE.CSUF | Confusing literal suffix |
1.2 | CC2.DCL16 | Fully implemented | |
| Helix QAC | 2024.1 | C1280 | |
| LDRA tool suite | 9.7.1 | 252 S | Fully implemented |
| Parasoft C/C++test | 2023.1 | CERT_C-DCL16-a | Use capital 'L' instead of lowercase 'l' to indicate long |
| PC-lint Plus | 1.4 | 620 | Fully supported |
| Polyspace Bug Finder | R2023b | CERT C: Rec. DCL16-C | Checks for use of lowercase "l" in literal suffix (rec. fully covered) |
| RuleChecker | 24.04 | long-suffix | Fully checked |
| SonarQube C/C++ Plugin | 3.11 | LiteralSuffix |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | DCL16-CPP. Use "L," not "l," to indicate a long value |
| MISRA C:2012 | Rule 7.3 (required) |
Bibliography
| [Lockheed Martin 2005] | AV Rule 14, Literal suffixes shall use uppercase rather than lowercase letters |
3 Comments
Dhruv Mohindra
Can we make this more general like - "do not use ambiguous notations", or something similar? How about including in the package the low priority rule "do not pad with zeroes since that can be interpreted as an octal value"? (For example, int arr[] = {10,20,030}; ... 030 is interpreted as an Octal value and hence may yield surprising results when used by an inexperienced programmer)
There might be more such cases...
David Svoboda
I'd say it depends on how many ambiguous notations there are. If there are only a few other types (eg octal as you cite), they prob each deserve their own rule/rec. If there are lots (eg > 10), then one rule could handle 'em all. I really doubt there are that many.
Aaron Ballman
I assume that this recommendation missed `lu` and `llu` by accident, but isn't intended to cover `ul` or `ull`?