Page History

Every declaration should be for a single variable, on its own line, with an explanatory comment about the role of the variable. Declaring multiple variables in a single declaration can cause confusion regarding the types of the variables and their initial values. If more than one variable is declared in a declaration, care must be taken that the type and initialized value of the variable are handled correctly.

Noncompliant Code Example

In this noncompliant code example, a programmer or code reviewer might mistakenly believe that the two variables src and c are declared as char *. In fact, src has a type of char *, whereas c has a type of char.

Code Block

bgColor	#FFcccc
lang	c

char *src = 0, c = 0;

Compliant Solution

In this compliant solution, each variable is declared on a separate line:

Code Block

bgColor	#ccccff
lang	c

char *src;    /* Source string */
char c;       /* Character being tested */

Although this change has no effect on compilation, the programmer's intent is clearer.

Noncompliant Code Example

In this noncompliant code example, a programmer or code reviewer might mistakenly believe that both i and j have been initialized to 1. In fact, only j has been initialized, and i remains uninitialized.

Code Block

bgColor	#FFcccc
lang	c

int i, j = 1;

Compliant Solution

In this compliant solution, it is readily apparent that both i and j have been initialized to 1:

Code Block

bgColor	#ccccff
lang	c

int i = 1;
int j = 1;

Exceptions

Anchor

	DCL04-EX1
	DCL04-EX1

DCL04-C-EX1: Multiple loop control variables can be declared in the same for statement, as shown in the following function:

Code Block

bgColor	#ccccff
lang	c

#include <limits.h>  /* For CHAR_BIT */
#include <stddef.h>  /* For size_t   */
 
extern size_t popcount(uintmax_t);
#define PRECISION(umax_value) popcount(umax_value) 

 size_t bitcount(size_t n) {
  const size_t limit = PRECISION(SIZE_MAX);
  size_t count = 0;
  for (size_t i = 0, j = 1; i < limit; ++i, j <<= 1) {
    if (n & j)
      ++count;
  }
  return count;
}

The PRECISION() macro provides the correct precision for any integer type and is defined in INT35-C. Use correct integer precisions—see that rule for more information.

Anchor

	DCL04-EX2
	DCL04-EX2

DCL04-C-EX2: Multiple, simple variable declarations can be declared on the same line given that there are no initializations. A simple variable declaration is one that is not a pointer or array.

Code Block

bgColor	#ccccff
lang	c

int i, j, k;

Risk Assessment

Declaring no more than one variable per declaration can make code easier to read and eliminate confusion.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
DCL04-C	Low	Unlikely	Low	P3	L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-DCL04

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.STRUCT.DECL.ML

Multiple Declarations on Line

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.DCL04

Fully implemented

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

579 S

Fully implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-DCL04-a

Each variable should be declared in a separate declaration statement

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

9146

Partially supported: exceptions not supported

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

SingleDeclarationPerStatement

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard

VOID DCL04-CPP. Do not declare more than one variable per declaration

Space shortcuts

Page tree

Versions Compared

Old Version 112

New Version Current

Key

Noncompliant Code Example

Compliant Solution

Noncompliant Code Example

Compliant Solution

Exceptions

Risk Assessment

Automated Detection

Related Vulnerabilities

Related Guidelines