Every declaration should be for a single variable, on its own line, with an explanatory comment about the role of the variable. Declaring multiple variables in a single statement can cause confusion regarding the types of the variables and their initial values. If more than one variable is declared in a declaration, care must be taken to ensure that the type and initialized value of the variable is self evident.
| In this noncompliant code example, a programmer or code reviewer might mistakenly conceive that the two variables {{src}} and {{c}} are declared as {{int}}. In fact, {{src}} is of type {{int\[\]}}, while {{c}} has a type of {{int}}. | 
| int src[], c; | 
Another fallout of this example is that it declares the array in a largely antiquated and unpopular style, with the brackets appearing after the variable name as in type name[]. In practice, arrays are typically declared as type[] name.  
In this compliant solution, each variable is declared on a separate line. It also uses the preferable style for declaring arrays.
| int[] src; /* source array */ int c; /* max value */ | 
Although this change has no effect on compilation, the programmer's intent is clearer.
A programmer or code reviewer might mistakenly believe that both i and j are initialized to 1 while reviewing this noncompliant code example. In fact, only j is initialized, while i remains uninitialized.
| int i, j = 1; | 
In this compliant solution, it is readily apparent that both i and j are initialized to 1.
| int i = 1; int j = 1; | 
In this noncompliant example, the programmer declared multiple variables, including an array, on the same line. All instances of the type T have access to methods of the class Object. However, it is easy to miss that arrays need special treatment when some of these methods are overridden. Oversights of this genre typically go undetected by compilers and IDEs, alike.
| 
public class Example<T> {
  private T a, b, c[], d;
  public Example(T in){
    a = in;
    b = in;
    c = (T[]) new Object[10];
    d = in;
  }
}
 | 
As a result, when a method of Object like toString() is overridden, a programmer might accidentally provide a general implementation for type T without realizing that c is an array. 
| 
// The oversight error leads to an incorrect implementation
public String toString(){
  return a.toString() + b.toString() + c.toString() + d.toString();
}
 | 
However, the real intent might have been to invoke toString() on each individual member of the type T, in array c.
| 
// Correct functional implementation
public String toString(){
  String s = a.toString() + b.toString();
  for(int i = 0; i < c.length; i++){
    s += c[i].toString();
  }
  s += d.toString();
  return s;
}
 | 
To be compliant, move each declaration to a different line. Furthermore, declare arrays by placing the brackets adjacent to the type, as opposed to using the postfix notation.
| 
public class Example {
  private T a;
  private T b;
  private T[] c;
  private T d;
  public Example(T in){
    a = in;
    b = in;
    c = (T[]) new Object[10];
    d = in;
  }
}
 | 
DCL04-01: Note that the declaration of a loop counter in a for statement is in violation of this recommendation because the declaration is not on its own line with an explanatory comment about the role of the variable. However, the intent of the loop counter is clear enough from the context in which it is declared to typically not require a comment about the role of the variable.
Trivial declarations for loop counters can reasonably be included within a for statement:
| 
for (int i = 0; i < mx; ++i ) {
  /* ... */
}
 | 
Failing to declare no more than one variable per declaration can affect code readability and cause misinterpretations.
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| DCL01- J | low | unlikely | low | P3 | L3 | 
This rule appears in the C Secure Coding Standard as DCL04-C. Do not declare more than one variable per declaration.
This rule appears in the C++ Secure Coding Standard as DCL04-CPP. Do not declare more than one variable per declaration.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
| \[[JLS 05|AA. Java References#JLS 05]\] Section 6.1, "Declarations", Section 4.3.2, "The class Object" \[[ESA 05|AA. Java References#ESA 05]\] Rule 9: Put single variable definitions in separate lines. \[[Conventions 09|AA. Java References#Conventions 09]\] 6.1 Number Per Line | 
DCL02-J. Use meaningful symbolic constants to represent literal values in program logic 03. Declarations and Initialization (DCL) DCL03-J. Properly encode relationships in constant definitions