Declare each variable on its own line with an explanatory comment about the role of the variable. Declaring multiple variables in a single declaration may could cause confusion regarding about the types of the variables and their initial values. When more than one variable is declared In particular, do not declare any of the following in a single declaration, ensure that the type and initial value of the variable are self evident:
- Variables of different types
- A mixture of initialized and uninitialized variables
In general, you should declare each variable on its own line with an explanatory comment regarding its role. While not required for conformance with this guideline, this practice is also recommended in the Code Conventions for the Java Programming Language, §6.1, "Number Per Line" [Conventions 2009].
This guideline applies to:
...
- Local variable declaration statements
...
- [JLS
...
...
- ]
...
- Field declarations
...
- [JLS
...
...
- ]
...
- Field (constant) declarations
...
- [JLS
...
...
- ]
Noncompliant Code Example (Initialization)
This noncompliant code example might lead a programmer or reviewer to mistakenly believe that both i and j are initialized to 1. In fact, only j is initialized; , while i remains uninitialized.:
| Code Block | ||
|---|---|---|
| ||
int i, j = 1;
|
Compliant Solution (Initialization)
In this compliant solution, it is readily apparent that both i and j are initialized to 1.:
| Code Block | ||
|---|---|---|
| ||
int i = 1; // purposePurpose of i... int j = 1; // purposePurpose of j... |
Noncompliant Code Example
...
Compliant Solution (Initialization)
In this noncompliant code example, a programmer or code reviewer could mistakenly believe that the variables {{src}} and {{c}} are both declared to be type {{int}}. In fact, {{src}} is of type {{int\[\]}}, while {{c}} has a type of {{int}}.this compliant solution, it is readily apparent that both i and j are initialized to 1:
| Code Block | ||
|---|---|---|
| ||
int src[], c; |
Note: this example declares the array in an antiquated and unpopular style, with the brackets appearing after the variable name. Arrays should be declared type[] name for improved clarity.
Compliant Solution
In this compliant solution, each variable is declared on a separate line, using the preferred style for declaring arrays.
| Code Block | ||
|---|---|---|
| ||
int[] src; /* source array */
int c; /* max value */
|
Although this change has no effect on compilation, it clarifies the programmer's intent.
i = 1, j = 1;
|
Declaring each variable on a separate line is the preferred method. However, multiple variables on one line are acceptable when they are trivial temporary variables such as array indices.
Noncompliant Code Example (Different Types)
...
In this noncompliant code example, the programmer declared declares multiple variables, including an array, on the same line. All instances of the type T have access to methods of the Object class Object. However, it is easy to forget that arrays require special treatment when some of these methods are overridden.
| Code Block | ||
|---|---|---|
| ||
public class Example<T> { private T a, b, c[], d; public Example(T in) { a = in; b = in; c = (T[]) new Object[10]; d = in; } } |
When a an Object method of Object , such as toString(), is overridden, a programmer might could accidentally provide an implementation for type T that fails to consider that c is an array of T, rather than a reference to an object of type T.
| Code Block |
|---|
// The oversight leads to an incorrect implementation public String toString() { return a.toString() + b.toString() + c.toString() + d.toString(); } |
However, the programmer's actual intent might could have been to invoke toString() on each individual element of the array c.
| Code Block |
|---|
// Correct functional implementation public String toString(){ String s = a.toString() + b.toString(); for (int i = 0; i < c.length; i++){ s += c[i].toString(); } s += d.toString(); return s; } |
Compliant Solution (Different Types)
This compliant solution places each declaration on its own line , as well as using and uses the preferred notation for array declaration.:
| Code Block | ||
|---|---|---|
| ||
public class ExampleExample<T> { private T a; // purposePurpose of a... private T b; // purposePurpose of b... private T[] c; // purposePurpose of c[]... private T d; // purposePurpose of d... public Example(T in){ a = in; b = in; c = (T[]) new Object[10]; d = in; } } |
Exceptions
Applicability
Declaration of multiple variables per line can reduce code readability and lead to programmer confusion.
When more than one variable is declared in a single declaration, ensure that both the type and the initial value of each variable are self-evidentDCL01-EX1: Note that the declaration of a loop counter in a for statement is in violation of this recommendation because the declaration is not on its own line with an explanatory comment about the role of the variable. However, declaration of loop indices in for statements is not only a common idiom; it also provides the benefit of restricting the scope of the loop index to that of the for loop itself. These are sufficient reasons to relax this guideline in this specific case.
Declarations of loop indices should be included within a for statement even when this results in variable declarations that lack a comment about the purpose of the variable:
| Code Block | ||
|---|---|---|
| ||
public class Example { void function() { int mx = 100; // Some max value for (int i = 0; i < mx; ++i ) { /* ... */ } |
Risk Assessment
Declaration of multiple variables per line can reduce code readability and lead to programmer confusion.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL01-J | low | unlikely | low | P3 | L3 |
Related Guidelines
C Secure Coding Standard: DCL04-C. Do not declare more than one variable per declaration
C++ Secure Coding Standard: DCL04-CPP. Do not declare more than one variable per declaration
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
| Wiki Markup |
|---|
\[[Conventions 2009|AA. Bibliography#Conventions 09]\] 6.1 Number Per Line
\[[ESA 2005|AA. Bibliography#ESA 05]\] Rule 9: Put single variable definitions in separate lines.
\[[JLS 2005|AA. Bibliography#JLS 05]\] Section 6.1, "Declarations", Section 4.3.2, "The class Object" |
}
}
|
Such declarations are not required to be in a separate line, and the explanatory comment may be omitted.
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.DCL52.MVOS | Do not declare multiple variables in one statement | ||||||
| SonarQube |
| S1659 |
Bibliography
§6.1, "Number Per Line" | |
[ESA 2005] | Rule 9, Put Single Variable Definitions in Separate Lines |
[JLS 2013] | §4.3.2, "The |
...
DCL00-J. Use visually distinct identifiers 03. Declarations and Initialization (DCL) DCL02-J. Use meaningful symbolic constants to represent literal values in program logic