Home » Php » regex – Regexp to detect call time pass by references in PHP source code

regex – Regexp to detect call time pass by references in PHP source code

Posted by: admin July 12, 2020 Leave a comment


I’m looking for a regular expression that will accurately identify any PHP call time pass by references in source code in order to aid migration to PHP 5.3.

Currently, I have [^=&]\s*&\s*\$, but this doesn’t filter out assignment cases ($var = &$othervar;).

This regexp should be compatible with eclipse (sorry, not sure what flavor of regexp eclipse parses).

Edit: This one is a little bit closer (although a bit of a hack): (?<!([&=]\s{0,15}))&\s*\$

How to&Answers:

You can use phpcs for this. It has a rule to detect Call Time Pass by References:

Ensures that variables are not passed by reference when calling a function.

There is also a plugin to integrate phpcs into Eclipse

Generating rulesets for PHPCS (and PMD) is easy with this online generator:


php -l (php-linter) finds call-time pass-by-reference errors, I used

find -name '*.php' -exec php -l '{}' \; >/dev/null

in linux


You can’t get those with regex. Use the Tokenizer instead. You will need to look for '&' where the next '(' to the left (resolve brackets while walking there) is preceded by T_STRING but not by T_FUNCTION.

$tokens = new TokenStream($source);
foreach ($tokens as $i => $token) {
    if ($token->is(T_AMP)) {
        while ($i--) {
            if ($tokens[$i]->is(T_CLOSE_ROUND, T_CLOSE_SQUARE, T_CLOSE_CURLY)) {
                $i = $tokens->complementaryBracket($i);
            } elseif ($tokens[$i]->is(T_OPEN_ROUND)) {
                if ((($tokens[--$i]->is(T_WHITESPACE) && $tokens[--$i]->is(T_STRING))
                     || $tokens[$i]->is(T_STRING))
                    && !$tokens[--$i]->is(T_WHITESPACE)
                    && !$tokens[--$i]->is(T_FUNCTION)
                ) {
                    throw new Exception('Call-time pass by reference');

This utilizes my TokenStream wrapper. With the native output it will get quite a bit harder 😉



This should help.


You can use this pattern:


It will match the following strings:

'->($arg1, &$arg2)'
'->(&$arg1, $arg2)'
'::($arg1, &$arg2)'
'::(&$arg1, $arg2)'
'call_user_func($callback, &$arg2)'
'$callback, &$arg2)'
'call_user_func_callable $callback, &$param_arr)'

In case of call_user_func_callable it is not necessary to check if the parameter array holds references. Passing references within an array is not considered call time pass by reference and totally fine.