diff --git a/src/test/tainting/print_r_01.php b/src/test/tainting/core/array.php
similarity index 57%
rename from src/test/tainting/print_r_01.php
rename to src/test/tainting/core/array.php
index 86573b4f668aa..5591bf692020e 100644
--- a/src/test/tainting/print_r_01.php
+++ b/src/test/tainting/core/array.php
@@ -14,22 +14,36 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
-$a = "good\n";
-$b = print_r($a, true);
+/**
+ * Sanity checks for tainting array entries.
+ */
 
-if(fb_get_taint($b) & TAINT_HTML_MASK){
-  echo "b is tainted\n";
-} else {
-  echo "b is not tainted\n";
-}
+$arrg1 = array($good1);
+$arrb1 = array($bad1);
+echo "Testing array() on strings:\n";
+assert_not_tainted($arrg1[0]);
+assert_tainted($arrb1[0]);
 
-$b = array($a);
-$c = print_r($b, true);
+$arr = array(
+  'good1' => $good1,
+  'bad1'  => $bad1,
+  42      => array(
+    'good2' => $good2,
+    'bad2'  => $bad2,
+  ),
+);
+echo "\n";
+echo "Testing array containing mixed taints:\n";
+assert_not_tainted($arr);
+assert_tainted(print_r($arr, true));
 
-if(fb_get_taint($c) & TAINT_HTML_MASK){
-  echo "c is tainted\n";
-} else {
-  echo "c is not tainted\n";
-}
+echo "\n";
+echo "Testing taint independence among array entries:\n";
+assert_not_tainted($arr['good1']);
+assert_tainted($arr['bad1']);
+assert_not_tainted($arr[42]);
+assert_tainted(print_r($arr[42], true));
+assert_not_tainted($arr[42]['good2']);
+assert_tainted($arr[42]['bad2']);
diff --git a/src/test/tainting/concatenations.php b/src/test/tainting/core/concatenations.php
similarity index 78%
rename from src/test/tainting/concatenations.php
rename to src/test/tainting/core/concatenations.php
index df934fda9a958..78c61cd296823 100644
--- a/src/test/tainting/concatenations.php
+++ b/src/test/tainting/core/concatenations.php
@@ -14,28 +14,29 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
 /**
- * Check that various forms of concatenations output the right taint information
+ * Check that various forms of concatenations output the right general taint
+ * information.  Concatenation tests for staticity can be found in ./static/
  */
 
 $a = $good1 . $good2;
-not_tainted($a);
+assert_not_tainted($a);
 
 $a = $good1 . $bad1;
-tainted($a);
+assert_tainted($a);
 
 $a = $good1;
 $a .= $good2;
-not_tainted($a);
+assert_not_tainted($a);
 
 $a = $good1;
 $a .= $bad1;
-tainted($a);
+assert_tainted($a);
 
 $a = "$good1 $good2";
-not_tainted($a);
+assert_not_tainted($a);
 
 $a = "$good1 $bad1";
-tainted($a);
+assert_tainted($a);
diff --git a/src/test/tainting/output.php b/src/test/tainting/core/output.php
similarity index 69%
rename from src/test/tainting/output.php
rename to src/test/tainting/core/output.php
index d6e47dc33fdbc..3d70cccd1d49b 100644
--- a/src/test/tainting/output.php
+++ b/src/test/tainting/core/output.php
@@ -14,21 +14,21 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
 /**
  * Taint tests for functions defined in output.idl.php
  */
 
-echo "testing ob_start\n";
+echo "Testing ob_start:\n";
 ob_start();
 ob_start();
 echo $good1;
 $a = ob_get_clean();
 echo $a;
 $b = ob_get_clean();
-not_tainted($a);
-not_tainted($b);
+assert_html_safe($a);
+assert_html_safe($b);
 
 ob_start();
 ob_start();
@@ -36,44 +36,44 @@
 $a = ob_get_clean();
 echo $a;
 $b = ob_get_clean();
-tainted($a);
-tainted($b);
+assert_html_unsafe($a);
+assert_html_unsafe($b);
 
-echo "\n\n";
-echo "testing ob_clean\n";
+echo "\n";
+echo "Testing ob_clean:\n";
 ob_start();
 echo $good1;
 ob_clean();
 echo $good2;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 echo $bad1;
 ob_clean();
 echo $good1;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 echo $good1;
 ob_clean();
 echo $bad1;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
 ob_start();
 echo $bad1;
 ob_clean();
 echo $bad2;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_flush\n";
+echo "\n";
+echo "Testing ob_flush:\n";
 ob_start();
 ob_start();
 echo $good1;
 ob_flush();
 ob_end_clean();
 $a = ob_get_clean();
-not_tainted($a);
+assert_html_safe($a);
 
 ob_start();
 ob_start();
@@ -81,86 +81,86 @@
 ob_flush();
 ob_end_clean();
 $a = ob_get_clean();
-tainted($a);
+assert_html_unsafe($a);
 
-echo "\n\n";
-echo "testing ob_end_clean\n";
+echo "\n";
+echo "Testing ob_end_clean:\n";
 ob_start();
 ob_start();
 echo $good1;
 ob_end_clean();
 echo $good2;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $bad1;
 ob_end_clean();
 echo $good1;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $good1;
 ob_end_clean();
 echo $bad1;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $bad1;
 ob_end_clean();
 echo $bad2;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_end_flush\n";
+echo "\n";
+echo "Testing ob_end_flush:\n";
 ob_start();
 ob_start();
 echo $good1;
 ob_end_flush();
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $bad1;
 ob_end_flush();
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_get_clean\n";
+echo "\n";
+echo "Testing ob_get_clean:\n";
 ob_start();
 echo $good1;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 echo $bad1;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_get_contents\n";
+echo "\n";
+echo "Testing ob_get_contents:\n";
 ob_start();
 echo $good1;
 $a = ob_get_contents();
 ob_end_clean();
-not_tainted($a);
+assert_html_safe($a);
 
 ob_start();
 echo $bad1;
 $a = ob_get_contents();
 ob_end_clean();
-tainted($a);
+assert_html_unsafe($a);
 
-echo "\n\n";
-echo "testing ob_get_flush\n";
+echo "\n";
+echo "Testing ob_get_flush:\n";
 ob_start();
 ob_start();
 echo $good1;
 $a = ob_get_flush();
 ob_end_clean();
 $b = ob_get_clean();
-not_tainted($a);
-not_tainted($b);
+assert_html_safe($a);
+assert_html_safe($b);
 
 ob_start();
 ob_start();
@@ -168,7 +168,7 @@
 $a = ob_get_flush();
 ob_end_clean();
 $b = ob_get_clean();
-tainted($a);
-tainted($b);
+assert_html_unsafe($a);
+assert_html_unsafe($b);
 
 
diff --git a/src/test/tainting/references.php b/src/test/tainting/core/references.php
similarity index 86%
rename from src/test/tainting/references.php
rename to src/test/tainting/core/references.php
index 7247a9a2ba892..41d3badf0e3a1 100644
--- a/src/test/tainting/references.php
+++ b/src/test/tainting/core/references.php
@@ -14,18 +14,18 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
 /**
- * Check that the reference operator doesn't cause us to loose any taint
- * information
+ * Check that the reference operator doesn't cause us to lose any taint
+ * information.
  */
 
 $a = $good1;
 $b = &$a;
 
 $a .= $good2;
-not_tainted($b);
+assert_not_tainted($b);
 
 $a .= $bad1;
-tainted($b);
+assert_tainted($b);
diff --git a/src/test/tainting/core/strings.php b/src/test/tainting/core/strings.php
new file mode 100644
index 0000000000000..4bc1d580a4893
--- /dev/null
+++ b/src/test/tainting/core/strings.php
@@ -0,0 +1,253 @@
+<?php
+/*
+   +----------------------------------------------------------------------+
+   | HipHop for PHP                                                       |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com)          |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 3.01 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | http://www.php.net/license/3_01.txt                                  |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+*/
+require_once('../setup.inc');
+
+/**
+ * Taint tests for functions defined in string.idl.php
+ *
+ * Please make sure to test both cases, where a tainted result is expected
+ * as well as where an untainted result is expected.
+ */
+
+$common_suite_funcs = array(
+  "stripcslashes",
+  "addslashes",
+  "stripslashes",
+  "bin2hex",
+//  "hex2bin",
+  "nl2br",
+  "quotemeta",
+  "str_shuffle",
+  "strrev",
+  "strtolower",
+  "strtoupper",
+  "ucfirst",
+  "ucwords",
+  "strip_tags",
+  "trim",
+  "ltrim",
+  "rtrim",
+  "chop",
+  "html_entity_decode",
+  "htmlentities",
+  "htmlspecialchars_decode",
+  "htmlspecialchars",
+  "quoted_printable_encode",
+  "quoted_printable_decode",
+  "convert_uudecode",
+  "convert_uuencode",
+  "str_rot13",
+  "crypt",
+  "md5",
+  "sha1"
+);
+
+function test_common_suite($func) {
+  global $good1, $bad1;
+  echo "\n";
+  echo "Testing $func:\n";
+  assert_html_safe($func($good1));
+  assert_html_unsafe($func($bad1));
+  assert_not_static($func($good1));
+  assert_not_static($func($bad1));
+}
+
+echo "Testing addcslashes:\n";
+assert_html_safe(addcslashes($good1, $good2));
+assert_html_unsafe(addcslashes($bad1, $bad1));
+assert_html_unsafe(addcslashes($good1, $bad1));
+assert_not_static(addcslashes($good1, $good2));
+assert_not_static(addcslashes($bad1, $bad2));
+
+foreach ($common_suite_funcs as $func) {
+  test_common_suite($func);
+}
+
+echo "\n";
+echo "Testing explode:\n";
+$arr = explode("\n", $good1);
+assert_html_safe($arr[0]);
+assert_html_safe($arr[1]);
+assert_not_static($arr[0]);
+assert_not_static($arr[1]);
+$arr = explode("\n", $bad1);
+assert_html_unsafe($arr[0]);
+assert_html_unsafe($arr[1]);
+assert_not_static($arr[0]);
+assert_not_static($arr[1]);
+
+echo "\n";
+echo "Testing implode:\n";
+$arr = array();
+$arr[] = $good1;
+$arr[] = $good2;
+assert_html_safe(implode("\t", $arr));
+assert_not_static(implode("\t", $arr));
+$arr[] = $bad1;
+assert_html_unsafe(implode("\t", $arr));
+assert_not_static(implode("\t", $arr));
+
+echo "\n";
+echo "Testing join:\n";
+$arr = array();
+$arr[] = $good1;
+$arr[] = $good2;
+assert_html_safe(join("\t", $arr));
+assert_not_static(join("\t", $arr));
+$arr[] = $bad1;
+assert_html_unsafe(join("\t", $arr));
+assert_not_static(join("\t", $arr));
+
+echo "\n";
+echo "Testing str_split:\n";
+$arr = str_split($good1, 2);
+assert_html_safe($arr[0]);
+assert_html_safe($arr[1]);
+assert_not_static($arr[0]);
+assert_not_static($arr[1]);
+$arr = str_split($bad1, 2);
+assert_html_unsafe($arr[0]);
+assert_html_unsafe($arr[1]);
+assert_not_static($arr[0]);
+assert_not_static($arr[1]);
+
+echo "\n";
+echo "Testing chunk_split:\n";
+assert_html_safe(chunk_split($good1, 3, $good2));
+assert_html_unsafe(chunk_split($bad1, 3, $good1));
+assert_html_unsafe(chunk_split($good1, 3, $bad1));
+assert_not_static(chunk_split($good1, 3, $good2));
+assert_not_static(chunk_split($bad1, 3, $good1));
+assert_not_static(chunk_split($good1, 3, $bad1));
+
+echo "\n";
+echo "Testing strtok:\n";
+assert_html_safe(strtok($good1, "\n"));
+assert_html_safe(strtok(":\n"));
+assert_not_static(strtok($good1, "\n"));
+assert_not_static(strtok(":\n"));
+
+assert_html_unsafe(strtok($bad1, "\n"));
+assert_html_unsafe(strtok(":\n"));
+assert_not_static(strtok($bad1, "\n"));
+assert_not_static(strtok(":\n"));
+
+echo "\n";
+echo "Testing str_replace:\n";
+assert_html_safe(str_replace($good3, $good2, $good1));
+$arr = array($good1, $good2);
+$a = str_replace($good3, $good2, $arr);
+assert_html_safe($a[0]);
+assert_html_safe($a[1]);
+
+assert_html_unsafe(str_replace($good3, $bad1, $good1));
+$arr = array($bad1, $bad2);
+$a = str_replace($good3, $good2, $arr);
+assert_html_unsafe($a[0]);
+assert_html_unsafe($a[1]);
+
+echo "\n";
+echo "Testing str_ireplace:\n";
+assert_html_safe(str_ireplace($good3, $good2, $good1));
+assert_not_static(str_ireplace($good3, $good2, $good1));
+$arr = array($good1, $good2);
+$a = str_ireplace($good3, $good2, $arr);
+assert_html_safe($a[0]);
+assert_html_safe($a[1]);
+assert_not_static($a[0]);
+// Note: if no replacement occurs, static strings in array remain static.
+assert_static($a[1]);
+
+assert_html_unsafe(str_ireplace($good3, $bad1, $good1));
+assert_not_static(str_ireplace($good3, $bad1, $good1));
+$arr = array($bad1, $bad2);
+$a = str_ireplace($good3, $good2, $arr);
+assert_html_unsafe($a[0]);
+assert_html_unsafe($a[1]);
+assert_not_static($a[0]);
+assert_not_static($a[1]);
+
+echo "\n";
+echo "Testing substr_replace:\n";
+assert_html_safe(substr_replace($good1, $good2, 0, 3));
+assert_html_safe(substr_replace($good1, $good2, 0));
+assert_html_unsafe(substr_replace($bad1, $good1, 0, 3));
+assert_html_unsafe(substr_replace($bad1, $good1, 0));
+assert_html_unsafe(substr_replace($good1, $bad1, 0, 3));
+assert_html_unsafe(substr_replace($good1, $bad1, 0));
+assert_html_unsafe(substr_replace($bad1, $bad2, 0, 3));
+assert_html_unsafe(substr_replace($bad1, $bad2, 0));
+
+assert_not_static(substr_replace($good1, $good2, 0, 3));
+assert_not_static(substr_replace($good1, $good2, 0));
+assert_not_static(substr_replace($bad1, $good1, 0, 3));
+assert_not_static(substr_replace($bad1, $good1, 0));
+assert_not_static(substr_replace($good1, $bad1, 0, 3));
+assert_not_static(substr_replace($good1, $bad1, 0));
+assert_not_static(substr_replace($bad1, $bad2, 0, 3));
+assert_not_static(substr_replace($bad1, $bad2, 0));
+
+echo "\n";
+echo "Testing substr:\n";
+assert_html_safe(substr($good1, 5, 5));
+assert_html_unsafe(substr($bad1, 5, 5));
+assert_not_static(substr($good1, 5, 5));
+assert_not_static(substr($bad1, 5, 5));
+
+echo "\n";
+echo "Testing str_pad:\n";
+assert_html_safe(str_pad($good1, 5, $good2));
+assert_html_unsafe(str_pad($bad1, 5, $good1));
+assert_html_unsafe(str_pad($good1, 5, $bad1));
+assert_html_unsafe(str_pad($bad1, 5, $bad2));
+assert_not_static(str_pad($good1, 5, $good2));
+assert_not_static(str_pad($bad1, 5, $good1));
+assert_not_static(str_pad($good1, 5, $bad1));
+assert_not_static(str_pad($bad1, 5, $bad2));
+
+echo "\n";
+echo "Testing str_repeat:\n";
+assert_html_safe(str_repeat($good1, 5));
+assert_html_unsafe(str_repeat($bad1, 13));
+assert_not_static(str_repeat($good1, 5));
+assert_not_static(str_repeat($bad1, 13));
+
+echo "\n";
+echo "Testing wordwrap:\n";
+assert_html_safe(wordwrap($good1, 5, $good2, true));
+assert_html_unsafe(wordwrap($bad1, 5, $good1, true));
+assert_html_unsafe(wordwrap($good1, 5, $bad1, true));
+assert_html_unsafe(wordwrap($bad1, 5, $bad2, true));
+assert_not_static(wordwrap($good1, 5, $good2, true));
+assert_not_static(wordwrap($bad1, 5, $good1, true));
+assert_not_static(wordwrap($good1, 5, $bad1, true));
+assert_not_static(wordwrap($bad1, 5, $bad2, true));
+
+echo "\n";
+echo "Testing crc32:\n";
+assert_html_safe(crc32($good1));
+
+echo "\n";
+echo "Testing print_r:\n";
+$arr = array($good1, $good2);
+$x = print_r($arr, true);
+assert_html_safe($x);
+assert_not_static($x);
+$arr = array($good1, $bad1);
+$x = print_r($arr, true);
+assert_html_unsafe($x);
+assert_not_static($x);
diff --git a/src/test/tainting/variable.php b/src/test/tainting/core/variable.php
similarity index 62%
rename from src/test/tainting/variable.php
rename to src/test/tainting/core/variable.php
index cfe230783217e..bbd0a26b8e49d 100644
--- a/src/test/tainting/variable.php
+++ b/src/test/tainting/core/variable.php
@@ -14,87 +14,87 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
 /**
  * Taint tests for functions defined in variable.idl.php
  *
  * - Please keep these tests in the same order as the function declarations in
  *   the idl files.
- * - Please make sure to test both, where a tainted result is expected, as well
- *   as when an untainted result is expected.
+ * - Please make sure to test both cases, where a tainted result is expected
+ *   as well as where an untainted result is expected.
  */
 
-echo "testing strval\n";
-not_tainted(strval($good1));
-tainted(strval($bad1));
+echo "Testing strval:\n";
+assert_html_safe(strval($good1));
+assert_html_unsafe(strval($bad1));
 
-echo "\n\n";
-echo "testing var_export\n";
+echo "\n";
+echo "Testing var_export:\n";
 $a = var_export($good1, true);
-not_tainted($a);
+assert_html_safe($a);
 
 ob_start();
 var_export($good1);
 $a = ob_get_clean();
-not_tainted($a);
+assert_html_safe($a);
 
 $a = var_export($bad1, true);
-tainted($a);
+assert_html_unsafe($a);
 
 ob_start();
 var_export($bad1);
 $a = ob_get_clean();
-tainted($a);
+assert_html_unsafe($a);
 
-echo "\n\n";
-echo "testing var_dump\n";
+echo "\n";
+echo "Testing var_dump:\n";
 ob_start();
 var_dump($good1);
 $a = ob_get_clean();
-not_tainted($a);
+assert_html_safe($a);
 
 ob_start();
 var_dump($bad1);
 $a = ob_get_clean();
-tainted($a);
+assert_html_unsafe($a);
 
-echo "\n\n";
-echo "testing debug_zval_dump\n";
+echo "\n";
+echo "Testing debug_zval_dump:\n";
 ob_start();
 debug_zval_dump($good1);
 $a = ob_get_clean();
-not_tainted($a);
+assert_html_safe($a);
 
 ob_start();
 debug_zval_dump($bad1);
 $a = ob_get_clean();
-tainted($a);
+assert_html_unsafe($a);
 
-echo "\n\n";
-echo "testing serialize\n";
-not_tainted(serialize($good1));
-tainted(serialize($bad1));
+echo "\n";
+echo "Testing serialize:\n";
+assert_html_safe(serialize($good1));
+assert_html_unsafe(serialize($bad1));
 
-echo "\n\n";
-echo "testing unserialize\n";
-not_tainted(unserialize($serialized_good));
-tainted(unserialize($serialized_bad));
+echo "\n";
+echo "Testing unserialize:\n";
+assert_html_safe(unserialize($serialized_good));
+assert_html_unsafe(unserialize($serialized_bad));
 
-echo "\n\n";
-echo "testing get_defined_vars\n";
+echo "\n";
+echo "Testing get_defined_vars:\n";
 $arr = get_defined_vars();
-not_tainted($arr['good1']);
-tainted($arr['bad1']);
+assert_html_safe($arr['good1']);
+assert_html_unsafe($arr['bad1']);
 
 // Note: import_request_variables is not supported in hphp
 
-echo "\n\n";
-echo "testing extract\n";
+echo "\n";
+echo "Testing extract:\n";
 $arr = array(
   'good1' => $good1,
   'bad1' => $bad1,
 );
 extract($arr, EXTR_PREFIX_ALL, 'extract');
-not_tainted($extract_good1);
-tainted($extract_bad1);
+assert_html_safe($extract_good1);
+assert_html_unsafe($extract_bad1);
diff --git a/src/test/tainting/print_r_01.php.exp b/src/test/tainting/print_r_01.php.exp
deleted file mode 100644
index 8c9a94b2bd516..0000000000000
--- a/src/test/tainting/print_r_01.php.exp
+++ /dev/null
@@ -1,4 +0,0 @@
-
-b is not tainted
-
-c is not tainted
diff --git a/src/test/tainting/print_r_02.php b/src/test/tainting/print_r_02.php
deleted file mode 100644
index 2cc7463db43a0..0000000000000
--- a/src/test/tainting/print_r_02.php
+++ /dev/null
@@ -1,37 +0,0 @@
-<?php
-/*
-   +----------------------------------------------------------------------+
-   | HipHop for PHP                                                       |
-   +----------------------------------------------------------------------+
-   | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com)          |
-   +----------------------------------------------------------------------+
-   | This source file is subject to version 3.01 of the PHP license,      |
-   | that is bundled with this package in the file LICENSE, and is        |
-   | available through the world-wide-web at the following url:           |
-   | http://www.php.net/license/3_01.txt                                  |
-   | If you did not receive a copy of the PHP license and are unable to   |
-   | obtain it through the world-wide-web, please send a note to          |
-   | license@php.net so we can mail you a copy immediately.               |
-   +----------------------------------------------------------------------+
-*/
-require_once('setup.inc');
-
-$a = "bad\n";
-fb_set_taint($a, 1);
-
-$b = print_r($a, true);
-
-if(fb_get_taint($b) & TAINT_HTML_MASK){
-  echo "b is tainted\n";
-} else {
-  echo "b is not tainted\n";
-}
-
-$b = array($a);
-$c = print_r($b, true);
-
-if(fb_get_taint($c) & TAINT_HTML_MASK){
-  echo "c is tainted\n";
-} else {
-  echo "c is not tainted\n";
-}
diff --git a/src/test/tainting/print_r_02.php.exp b/src/test/tainting/print_r_02.php.exp
deleted file mode 100644
index 881c3d7119468..0000000000000
--- a/src/test/tainting/print_r_02.php.exp
+++ /dev/null
@@ -1,4 +0,0 @@
-
-b is tainted
-
-c is tainted
diff --git a/src/test/tainting/print_r_05.php b/src/test/tainting/print_r_05.php
deleted file mode 100644
index a62824b15bf3b..0000000000000
--- a/src/test/tainting/print_r_05.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-/*
-   +----------------------------------------------------------------------+
-   | HipHop for PHP                                                       |
-   +----------------------------------------------------------------------+
-   | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com)          |
-   +----------------------------------------------------------------------+
-   | This source file is subject to version 3.01 of the PHP license,      |
-   | that is bundled with this package in the file LICENSE, and is        |
-   | available through the world-wide-web at the following url:           |
-   | http://www.php.net/license/3_01.txt                                  |
-   | If you did not receive a copy of the PHP license and are unable to   |
-   | obtain it through the world-wide-web, please send a note to          |
-   | license@php.net so we can mail you a copy immediately.               |
-   +----------------------------------------------------------------------+
-*/
-require_once('setup.inc');
-
-$a = "good\n";
-
-print_r($a);
-
-$b = array($a);
-
-print_r($b);
-
diff --git a/src/test/tainting/print_r_05.php.exp b/src/test/tainting/print_r_05.php.exp
deleted file mode 100644
index 63c1745155bd5..0000000000000
--- a/src/test/tainting/print_r_05.php.exp
+++ /dev/null
@@ -1,12 +0,0 @@
-
-good
-
-Array
-
-(
-
-    [0] => good
-
-
-
-)
diff --git a/src/test/tainting/print_r_06.php b/src/test/tainting/print_r_06.php
index 9f755fdd09ff4..5915389cefa47 100644
--- a/src/test/tainting/print_r_06.php
+++ b/src/test/tainting/print_r_06.php
@@ -17,7 +17,7 @@
 require_once('setup.inc');
 
 $a = "bad\n";
-fb_set_taint($a, TAINT_HTML_MASK);
+fb_set_taint($a, TAINT_ALL_MASK);
 
 print_r($a);
 
diff --git a/src/test/tainting/setup.inc b/src/test/tainting/setup.inc
index 05902211466eb..8fb5c9c3e7312 100644
--- a/src/test/tainting/setup.inc
+++ b/src/test/tainting/setup.inc
@@ -15,52 +15,78 @@
    +----------------------------------------------------------------------+
 */
 
-define('TAINT_HTML_MASK', 0x1);
+define('TAINT_HTML',    0x1);
+define('TAINT_SQL',     0x2);
+define('TAINT_MUTATED', 0x4);
+define('TAINT_ALL',     0x7);
 
 $good1 = "heLlO\nwoRld\ntoto\ntiti\ntata";
 $good2 = "world";
 $good3 = "toto";
-
 $serialized_good = 's:5:"hello";';
 
 $bad1 = "eViL\nsTring\nare\tfun\narent\tthey?";
 $bad2 = "some\nthing\ntoto\nbad!";
-
 $serialized_bad = 's:11:"evil string";';
-fb_set_taint($bad1, TAINT_HTML_MASK);
-fb_set_taint($bad2, TAINT_HTML_MASK);
-fb_set_taint($serialized_bad, TAINT_HTML_MASK);
 
-function not_tainted($v) {
+fb_set_taint($bad1, TAINT_ALL);
+fb_set_taint($bad2, TAINT_ALL);
+fb_set_taint($serialized_bad, TAINT_ALL);
+
+function assert_positive($v, $taint) {
   if (ob_get_level()) {
-    die("HEY YOU CAN'T CALL not_tainted INSIDE ob_start()");
+    die("Error: may not call assert_negative() inside ob_start()\n");
   }
 
-  $r = fb_get_taint($v);
-  if ($r) {
-    echo chr(27)."[0;31m";
-    echo "FAIL (tainted something which shouldn't be tainted)\n";
+  if (!fb_get_taint($v, $taint)) {
+    echo chr(27)."[0;32m";
+    echo "OK\n";
     echo chr(27)."[0m";
   } else {
-    echo chr(27)."[0;32m";
-    echo "Ok\n";
+    echo chr(27)."[0;31m";
+    echo "FAIL\n";
     echo chr(27)."[0m";
   }
 }
 
-function tainted($v) {
+function assert_negative($v, $taint) {
   if (ob_get_level()) {
-    die("HEY YOU CAN'T CALL tainted INSIDE ob_start()");
+    die("Error: may not call assert_positive() inside ob_start()\n");
   }
 
-  $r = fb_get_taint($v);
-  if (!$r) {
-    echo chr(27)."[0;31m";
-    echo "FAIL (did not taint something which should have been)\n";
+  if (fb_get_taint($v, $taint)) {
+    echo chr(27)."[0;32m";
+    echo "OK\n";
     echo chr(27)."[0m";
   } else {
-    echo chr(27)."[0;32m";
-    echo "Ok\n";
+    echo chr(27)."[0;31m";
+    echo "FAIL\n";
     echo chr(27)."[0m";
   }
 }
+
+function assert_not_tainted($v) {
+  return assert_positive($v, TAINT_ALL);
+}
+function assert_html_safe($v) {
+  return assert_positive($v, TAINT_HTML);
+}
+function assert_sql_safe($v) {
+  return assert_positive($v, TAINT_SQL);
+}
+function assert_static($v) {
+  return assert_positive($v, TAINT_MUTATED);
+}
+
+function assert_tainted($v) {
+  return assert_negative($v, TAINT_ALL);
+}
+function assert_html_unsafe($v) {
+  return assert_negative($v, TAINT_HTML);
+}
+function assert_sql_unsafe($v) {
+  return assert_negative($v, TAINT_SQL);
+}
+function assert_not_static($v) {
+  return assert_negative($v, TAINT_MUTATED);
+}
diff --git a/src/test/tainting/static/static_concat.php b/src/test/tainting/static/static_concat.php
new file mode 100644
index 0000000000000..1d1165de4bddb
--- /dev/null
+++ b/src/test/tainting/static/static_concat.php
@@ -0,0 +1,144 @@
+<?php
+/*
+   +----------------------------------------------------------------------+
+   | HipHop for PHP                                                       |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com)          |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 3.01 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | http://www.php.net/license/3_01.txt                                  |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+*/
+require_once('../setup.inc');
+
+/**
+ * Check that basic concatenations deal with static-ness correctly.
+ */
+
+echo "Testing literals:\n";
+if (fb_get_taint("heLlO\nwoRld\ntoto\ntiti\ntata", TAINT_MUTATED)) {
+  echo chr(27)."[0;31m";
+  echo "FAIL\n";
+  echo chr(27)."[0m";
+} else {
+  echo chr(27)."[0;32m";
+  echo "OK\n";
+  echo chr(27)."[0m";
+}
+if (fb_get_taint("heLlO\nwoRld\ntoto\ntiti\ntata" . "world", TAINT_MUTATED)) {
+  echo chr(27)."[0;31m";
+  echo "FAIL\n";
+  echo chr(27)."[0m";
+} else {
+  echo chr(27)."[0;32m";
+  echo "OK\n";
+  echo chr(27)."[0m";
+}
+if (fb_get_taint("heLlO\nwoRld\ntoto\ntiti\ntata" . "world" . "toto",
+                 TAINT_MUTATED)) {
+  echo chr(27)."[0;31m";
+  echo "FAIL\n";
+  echo chr(27)."[0m";
+} else {
+  echo chr(27)."[0;32m";
+  echo "OK\n";
+  echo chr(27)."[0m";
+}
+
+echo "\n";
+echo "Testing passed literals:\n";
+assert_static("heLlO\nwoRld\ntoto\ntiti\ntata");
+assert_static("heLlO\nwoRld\ntoto\ntiti\ntata" . "world");
+assert_static("heLlO\nwoRld\ntoto\ntiti\ntata" . "world" . "toto");
+
+echo "\n";
+echo "Testing assigned literals:\n";
+assert_static($good1);
+assert_static($good1 . $good2);
+assert_not_static($bad1);
+assert_not_static($bad1 . $good2);
+
+echo "\n";
+echo "Testing in-quote concat:\n";
+assert_static("$good1");
+assert_static("$good1$good2");
+assert_not_static("$bad1");
+assert_not_static("$bad1$good2");
+
+echo "\n";
+echo "Testing assignment:\n";
+$a = $good1;
+assert_static($a);
+$a .= $good2;
+assert_static($a);
+$a .= $good2 . $good3;
+assert_static($a);
+$a = $bad1;
+assert_not_static($a);
+$a .= $good2;
+assert_not_static($a);
+
+echo "\n";
+echo "Testing global constants:\n";
+define('CONSTANT', 'constant');
+assert_static(CONSTANT);
+assert_static($good1 . CONSTANT);
+assert_not_static($bad1 . CONSTANT);
+
+function wrap_concat($a, $b) {
+  return $a . $b;
+}
+function wrap_concat_with_local($b) {
+  $a = "local";
+  return $a . $b;
+}
+function wrap_concat_with_bad_local($b) {
+  global $bad2;
+  $a = $bad2;
+  return $a . $b;
+}
+echo "\n";
+echo "Testing function-wrapped concat:\n";
+assert_static(wrap_concat("heLlO\nwoRld\ntoto\ntiti\ntata", "world"));
+assert_static(wrap_concat($good1, $good2));
+assert_static(wrap_concat_with_local($good1));
+assert_not_static(wrap_concat_with_bad_local($good1));
+assert_not_static(wrap_concat($good1, $bad2));
+assert_not_static(wrap_concat_with_local($bad1));
+
+class StaticConcat {
+  const SC_CONST = "constant";
+  public $sc_prop;
+
+  function __construct() {
+    $this->sc_prop = "property";
+  }
+
+  public function concatWithConstant($str) {
+    return $str . self::SC_CONST;
+  }
+
+  public function concatWithProperty($str) {
+    return $str . $this->sc_prop;
+  }
+}
+echo "\n";
+echo "Testing class-wrapped concat:\n";
+assert_static($good1 . StaticConcat::SC_CONST);
+$sc = new StaticConcat();
+assert_static($sc->concatWithConstant($good1));
+assert_static($good1 . $sc->sc_prop);
+assert_static($sc->concatWithProperty($good1));
+
+echo "\n";
+echo "Testing concat with other types:\n";
+assert_static($good1 . NULL);
+assert_static($good1 . true);
+assert_static($good1 . false);
+assert_not_static($good1 . 42);
+assert_not_static($good1 . 3.1415926535897);
diff --git a/src/test/tainting/static/static_typecast.php b/src/test/tainting/static/static_typecast.php
new file mode 100644
index 0000000000000..35d169dd3e829
--- /dev/null
+++ b/src/test/tainting/static/static_typecast.php
@@ -0,0 +1,96 @@
+<?php
+/*
+   +----------------------------------------------------------------------+
+   | HipHop for PHP                                                       |
+   +----------------------------------------------------------------------+
+   | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com)          |
+   +----------------------------------------------------------------------+
+   | This source file is subject to version 3.01 of the PHP license,      |
+   | that is bundled with this package in the file LICENSE, and is        |
+   | available through the world-wide-web at the following url:           |
+   | http://www.php.net/license/3_01.txt                                  |
+   | If you did not receive a copy of the PHP license and are unable to   |
+   | obtain it through the world-wide-web, please send a note to          |
+   | license@php.net so we can mail you a copy immediately.               |
+   +----------------------------------------------------------------------+
+*/
+require_once('../setup.inc');
+
+/**
+ * Check that fb_is_static_string works correctly on various static values
+ * cast to strings.  Currently:
+ *   - all numeric values (ints, doubles) are by default non-static (see
+ *     constructors in runtime/base/type_string.cpp)
+ *   - bools and NULL are static (N.B.: this is done because when implicitly
+ *     typecast in HPHP, bools and NULL are converted to global string
+ *     constants, and tainting these constants could have undesired side-
+ *     effects; we would like it if they could be marked non-static, hence
+ *     the test failure)
+ *   - HPHP casts all arrays to the string "Array"; this is considered
+ *     static
+ *   - values in an array are static or non-static (or, in general, tainted
+ *     or not tainted) independent of other values
+ *   - whether an object is cast to a static string depends on whether its
+ *     __toString() method returns a static string
+ */
+
+echo "Testing string literal: ";
+if (fb_get_taint("str", TAINT_MUTATED)) {
+  echo chr(27)."[0;31m";
+  echo "FAIL\n";
+  echo chr(27)."[0m";
+} else {
+  echo chr(27)."[0;32m";
+  echo "OK\n";
+  echo chr(27)."[0m";
+}
+
+$str = "str";
+echo "Testing static string variable: ";
+assert_static($str);
+
+echo "Testing NULL: ";
+assert_not_static(NULL);
+
+echo "Testing true: ";
+assert_not_static(true);
+echo "Testing false: ";
+assert_not_static(false);
+
+echo "Testing int: ";
+assert_not_static(42);
+
+echo "Testing double: ";
+assert_not_static(3.1415926535897);
+
+$array = array(
+  'str' => 42,
+  42 => 'str',
+  1 => true,
+);
+echo "Testing array...\n";
+echo "  int value: ";
+assert_not_static($array['str']);
+echo "  string value: ";
+assert_static($array[42]);
+echo "  bool value: ";
+assert_not_static($array[1]);
+echo "  typecast as string: ";
+assert_static($array);
+
+class ObjToStringLiteral {
+  function __toString() { return "obj"; }
+}
+class ObjToStringNonliteral {
+  function __toString() {
+    global $bad1;
+    return "obj" . $bad1;
+  }
+}
+echo "Testing object...\n";
+$obj1 = new ObjToStringLiteral();
+echo "  cast as literal: ";
+assert_static($obj1);
+$obj2 = new ObjToStringNonliteral();
+echo "  cast as nonliteral: ";
+assert_not_static($obj2);
diff --git a/src/test/tainting/strings.php b/src/test/tainting/strings.php
deleted file mode 100644
index c708516eb925c..0000000000000
--- a/src/test/tainting/strings.php
+++ /dev/null
@@ -1,266 +0,0 @@
-<?php
-/*
-   +----------------------------------------------------------------------+
-   | HipHop for PHP                                                       |
-   +----------------------------------------------------------------------+
-   | Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com)          |
-   +----------------------------------------------------------------------+
-   | This source file is subject to version 3.01 of the PHP license,      |
-   | that is bundled with this package in the file LICENSE, and is        |
-   | available through the world-wide-web at the following url:           |
-   | http://www.php.net/license/3_01.txt                                  |
-   | If you did not receive a copy of the PHP license and are unable to   |
-   | obtain it through the world-wide-web, please send a note to          |
-   | license@php.net so we can mail you a copy immediately.               |
-   +----------------------------------------------------------------------+
-*/
-require_once('setup.inc');
-
-/**
- * Taint tests for functions defined in string.idl.php
- *
- * - Please keep these tests in the same order as the function declarations in
- *   the idl files.
- * - Please make sure to test both, where a tainted result is expected, as well
- *   as when an untainted result is expected.
- */
-
-echo "testing addcslashes\n";
-not_tainted(addcslashes($good1, $good2));
-tainted(addcslashes($bad1, $bad1));
-tainted(addcslashes($good1, $bad1));
-
-echo "\n\n";
-echo "testing stripcslashes\n";
-not_tainted(stripcslashes($good1));
-tainted(stripcslashes($bad1));
-
-echo "\n\n";
-echo "testing addslashes\n";
-not_tainted(addslashes($good1));
-tainted(addslashes($bad1));
-
-echo "\n\n";
-echo "testing stripslashes\n";
-not_tainted(stripslashes($good1));
-tainted(stripslashes($bad1));
-
-echo "\n\n";
-echo "testing bin2hex\n";
-not_tainted(bin2hex($good1));
-tainted(bin2hex($bad1));
-
-echo "\n\n";
-echo "testing nl2br\n";
-not_tainted(nl2br($good1));
-tainted(nl2br($bad1));
-
-echo "\n\n";
-echo "testing quotemeta\n";
-not_tainted(quotemeta($good1));
-tainted(quotemeta($bad1));
-
-echo "\n\n";
-echo "testing str_shuffle\n";
-not_tainted(str_shuffle($good1));
-tainted(str_shuffle($bad1));
-
-echo "\n\n";
-echo "testing strrev\n";
-not_tainted(strrev($good1));
-tainted(strrev($bad1));
-
-echo "\n\n";
-echo "testing strtolower\n";
-not_tainted(strtolower($good1));
-tainted(strtolower($bad1));
-
-echo "\n\n";
-echo "testing strtoupper\n";
-not_tainted(strtoupper($good1));
-tainted(strtoupper($bad1));
-
-echo "\n\n";
-echo "testing ucfirst\n";
-not_tainted(ucfirst($good1));
-tainted(ucfirst($bad1));
-
-echo "\n\n";
-echo "testing ucwords\n";
-not_tainted(ucwords($good1));
-tainted(ucwords($bad1));
-
-echo "\n\n";
-echo "testing strip_tags\n";
-not_tainted(strip_tags($good1));
-tainted(strip_tags($bad1));
-
-echo "\n\n";
-echo "testing trim\n";
-not_tainted(trim($good1));
-tainted(trim($bad1));
-
-echo "\n\n";
-echo "testing ltrim\n";
-not_tainted(ltrim($good1));
-tainted(ltrim($bad1));
-
-echo "\n\n";
-echo "testing rtrim\n";
-not_tainted(rtrim($good1));
-tainted(rtrim($bad1));
-
-echo "\n\n";
-echo "testing chop\n";
-not_tainted(chop($good1));
-tainted(chop($bad1));
-
-echo "\n\n";
-echo "testing explode\n";
-$arr = explode("\n", $good1);
-not_tainted($arr[0]);
-not_tainted($arr[1]);
-$arr = explode("\n", $bad1);
-tainted($arr[0]);
-tainted($arr[1]);
-
-echo "\n\n";
-echo "testing implode\n";
-$arr = array();
-$arr[] = $good1;
-$arr[] = $good2;
-not_tainted(implode("\t", $arr));
-$arr[] = $bad1;
-tainted(implode("\t", $arr));
-
-echo "\n\n";
-echo "testing join\n";
-$arr = array();
-$arr[] = $good1;
-$arr[] = $good2;
-not_tainted(join("\t", $arr));
-$arr[] = $bad1;
-tainted(join("\t", $arr));
-
-echo "\n\n";
-echo "testing str_split\n";
-$arr = str_split($good1, 2);
-not_tainted($arr[0]);
-not_tainted($arr[1]);
-$arr = str_split($bad1, 2);
-tainted($arr[0]);
-tainted($arr[1]);
-
-echo "\n\n";
-echo "testing chunk_split\n";
-not_tainted(chunk_split($good1, 3, $good2));
-tainted(chunk_split($bad1, 3, $good1));
-tainted(chunk_split($good1, 3, $bad1));
-
-echo "\n\n";
-echo "testing strtok\n";
-not_tainted(strtok($good1, "\n"));
-not_tainted(strtok("\n"));
-
-tainted(strtok($bad1, "\n"));
-tainted(strtok("\n"));
-
-echo "\n\n";
-echo "testing str_replace\n";
-
-not_tainted(str_replace($good3, $good2, $good1));
-$arr = array($good1, $good2);
-$a = str_replace($good3, $good2, $arr);
-not_tainted($a[0]);
-not_tainted($a[1]);
-
-tainted(str_replace($good3, $bad1, $good1));
-$arr = array($bad1, $bad2);
-$a = str_replace($good3, $good2, $arr);
-tainted($a[0]);
-tainted($a[1]);
-
-echo "\n\n";
-echo "testing str_ireplace\n";
-
-not_tainted(str_ireplace($good3, $good2, $good1));
-$arr = array($good1, $good2);
-$a = str_ireplace($good3, $good2, $arr);
-not_tainted($a[0]);
-not_tainted($a[1]);
-
-tainted(str_ireplace($good3, $bad1, $good1));
-$arr = array($bad1, $bad2);
-$a = str_ireplace($good3, $good2, $arr);
-tainted($a[0]);
-tainted($a[1]);
-
-echo "\n\n";
-echo "testing substr_replace\n";
-not_tainted(substr_replace($good1, $good2, 0, 3));
-not_tainted(substr_replace($good1, $good2, 0));
-tainted(substr_replace($bad1, $good1, 0, 3));
-tainted(substr_replace($bad1, $good1, 0));
-tainted(substr_replace($good1, $bad1, 0, 3));
-tainted(substr_replace($good1, $bad1, 0));
-tainted(substr_replace($bad1, $bad2, 0, 3));
-tainted(substr_replace($bad1, $bad2, 0));
-
-echo "\n\n";
-echo "testing substr\n";
-not_tainted(substr($good1, 5, 5));
-tainted(substr($bad1, 5, 5));
-
-echo "\n\n";
-echo "testing str_pad\n";
-not_tainted(str_pad($good1, 5, $good2));
-tainted(str_pad($bad1, 5, $good1));
-tainted(str_pad($good1, 5, $bad1));
-tainted(str_pad($bad1, 5, $bad2));
-
-echo "\n\n";
-echo "testing str_repeat\n";
-not_tainted(str_repeat($good1, 5));
-tainted(str_repeat($bad1, 13));
-
-echo "\n\n";
-echo "testing wordwrap\n";
-not_tainted(wordwrap($good1, 5, $good2, true));
-tainted(wordwrap($bad1, 5, $good1, true));
-tainted(wordwrap($good1, 5, $bad1, true));
-tainted(wordwrap($bad1, 5, $bad2, true));
-
-echo "\n\n";
-echo "testing html_entity_decode\n";
-not_tainted(html_entity_decode($good1));
-tainted(html_entity_decode($bad1));
-
-echo "\n\n";
-echo "testing htmlentities\n";
-not_tainted(htmlentities($good1));
-tainted(htmlentities($bad1));
-
-echo "\n\n";
-echo "testing convert_uuencode\n";
-not_tainted(convert_uuencode($good1));
-tainted(convert_uuencode($bad1));
-
-echo "\n\n";
-echo "testing md5\n";
-// We consider md5 operation to generate dangerous output. It unlikely to be
-// exploitable, but it's better for us to be safe than sorry...
-not_tainted(md5($good1));
-tainted(md5($bad1));
-
-
-
-echo "\n\n";
-echo "testing print_r\n";
-
-$arr = array($good1, $good2);
-$x = print_r($arr, true);
-not_tainted($x);
-
-$arr = array($good1, $bad1);
-$x = print_r($arr, true);
-tainted($x);
diff --git a/src/test/tainting/taint01.php b/src/test/tainting/taint01.php
deleted file mode 100644
index 7a5eeb9246f41..0000000000000
--- a/src/test/tainting/taint01.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-  $a = "good\n";
-  if(fb_get_taint($a) & 0x1){
-    echo "a is tainted\n";
-  } else {
-    echo "a is not tainted\n";
-  }
-  echo $a; // not tainted
diff --git a/src/test/tainting/taint01.php.exp b/src/test/tainting/taint01.php.exp
deleted file mode 100644
index 2488ebba85628..0000000000000
--- a/src/test/tainting/taint01.php.exp
+++ /dev/null
@@ -1,4 +0,0 @@
-
-a is not tainted
-
-good
diff --git a/src/test/tainting/taint02.php b/src/test/tainting/taint02.php
deleted file mode 100644
index 0434a60e15d5e..0000000000000
--- a/src/test/tainting/taint02.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-  $a="bad\n";
-  fb_set_taint($a, 0x1);
-  if(fb_get_taint($a) & 0x1){
-    echo "a is tainted\n";
-  } else {
-    echo "a is not tainted\n";
-  }
-  echo $a; // tainted
diff --git a/src/test/tainting/taint02.php.exp b/src/test/tainting/taint02.php.exp
deleted file mode 100644
index 7206a18b15562..0000000000000
--- a/src/test/tainting/taint02.php.exp
+++ /dev/null
@@ -1,19 +0,0 @@
-
-a is tainted
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'bad
-'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint02.php:3]
-  it was successively modified at:
-    <never>
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint02.php:9]
-  the echoed string is : 'bad
-'
-
-[end of the echoed string]
-
-
-bad
diff --git a/src/test/tainting/taint03.php b/src/test/tainting/taint03.php
deleted file mode 100644
index 9f33c292e1c42..0000000000000
--- a/src/test/tainting/taint03.php
+++ /dev/null
@@ -1,5 +0,0 @@
-<?php
-  $a="bad";
-  fb_set_taint($a, 0x1);
-  $c=$a . "good";
-  echo $c; // tainted
diff --git a/src/test/tainting/taint03.php.exp b/src/test/tainting/taint03.php.exp
deleted file mode 100644
index 014e684b74ad4..0000000000000
--- a/src/test/tainting/taint03.php.exp
+++ /dev/null
@@ -1,16 +0,0 @@
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'bad'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint03.php:3]
-  it was successively modified at:
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint03.php:4]
-    ---
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint03.php:5]
-  the echoed string is : 'badgood'
-
-[end of the echoed string]
-
-
-badgood
\ No newline at end of file
diff --git a/src/test/tainting/taint04.php b/src/test/tainting/taint04.php
deleted file mode 100644
index 822ef9a427894..0000000000000
--- a/src/test/tainting/taint04.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-  $a="bad";
-  fb_set_taint($a, 0x1);
-  $c=$a . "good";
-  echo $c; // tainted
-  fb_unset_taint($c, 0x1);
-  echo $c; // not tainted
diff --git a/src/test/tainting/taint04.php.exp b/src/test/tainting/taint04.php.exp
deleted file mode 100644
index b3c90a6b39ae7..0000000000000
--- a/src/test/tainting/taint04.php.exp
+++ /dev/null
@@ -1,16 +0,0 @@
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'bad'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint04.php:3]
-  it was successively modified at:
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint04.php:4]
-    ---
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint04.php:5]
-  the echoed string is : 'badgood'
-
-[end of the echoed string]
-
-
-badgoodbadgood
\ No newline at end of file
diff --git a/src/test/tainting/taint05.php b/src/test/tainting/taint05.php
deleted file mode 100644
index 4acc06d264845..0000000000000
--- a/src/test/tainting/taint05.php
+++ /dev/null
@@ -1,9 +0,0 @@
-<?php
-  $d="worse ";
-  $e="great";
-  fb_set_taint($e, 0x1);
-  $f=$d . $e;
-  echo($f); // tainted
-  fb_set_taint($e, 0x1);
-  echo($e); // tainted
-  echo($f); // tainted
diff --git a/src/test/tainting/taint05.php.exp b/src/test/tainting/taint05.php.exp
deleted file mode 100644
index 83134b807706e..0000000000000
--- a/src/test/tainting/taint05.php.exp
+++ /dev/null
@@ -1,43 +0,0 @@
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'great'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:4]
-  it was successively modified at:
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:5]
-    ---
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:6]
-  the echoed string is : 'worse great'
-
-[end of the echoed string]
-
-
-worse greatHipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'great'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:7]
-  it was successively modified at:
-    <never>
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:8]
-  the echoed string is : 'great'
-
-[end of the echoed string]
-
-
-greatHipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'great'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:4]
-  it was successively modified at:
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:5]
-    ---
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint05.php:9]
-  the echoed string is : 'worse great'
-
-[end of the echoed string]
-
-
-worse great
\ No newline at end of file
diff --git a/src/test/tainting/taint06.php b/src/test/tainting/taint06.php
deleted file mode 100644
index 4bf59a94920aa..0000000000000
--- a/src/test/tainting/taint06.php
+++ /dev/null
@@ -1,8 +0,0 @@
-<?php
-  $d="worse ";
-  $e="great";
-  fb_set_taint($e, 0x1);
-  $f=$d . $e;
-  fb_unset_taint($f, 0x1);
-  echo($e); // tainted
-  echo($f); // not tainted
diff --git a/src/test/tainting/taint06.php.exp b/src/test/tainting/taint06.php.exp
deleted file mode 100644
index a42f2a5f85dba..0000000000000
--- a/src/test/tainting/taint06.php.exp
+++ /dev/null
@@ -1,15 +0,0 @@
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'great'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint06.php:4]
-  it was successively modified at:
-    <never>
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint06.php:7]
-  the echoed string is : 'great'
-
-[end of the echoed string]
-
-
-greatworse great
\ No newline at end of file
diff --git a/src/test/tainting/taint07.php b/src/test/tainting/taint07.php
deleted file mode 100644
index 577e7a3be9836..0000000000000
--- a/src/test/tainting/taint07.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-  $d="worse ";
-  $e="great";
-  fb_set_taint($e, 0x1);
-  $f=$d . $e;
-  $f .= " really great";
-  echo($f); // tainted
diff --git a/src/test/tainting/taint07.php.exp b/src/test/tainting/taint07.php.exp
deleted file mode 100644
index 11e3b79147a43..0000000000000
--- a/src/test/tainting/taint07.php.exp
+++ /dev/null
@@ -1,18 +0,0 @@
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'great'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint07.php:4]
-  it was successively modified at:
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint07.php:5]
-    ---
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint07.php:6]
-    ---
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint07.php:7]
-  the echoed string is : 'worse great really great'
-
-[end of the echoed string]
-
-
-worse great really great
\ No newline at end of file
diff --git a/src/test/tainting/taint08.php b/src/test/tainting/taint08.php
deleted file mode 100644
index 33ab8061432f2..0000000000000
--- a/src/test/tainting/taint08.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-  $d="worse ";
-  $e="great";
-  fb_set_taint($e, 0x1);
-  $f=$d . $e;
-  $f .= " really great";
-  echo($f); // tainted
-  $foo = " foo";
-  $f .= $foo;
-  echo($f); // tainted
diff --git a/src/test/tainting/taint08.php.exp b/src/test/tainting/taint08.php.exp
deleted file mode 100644
index d2e2b74b4773d..0000000000000
--- a/src/test/tainting/taint08.php.exp
+++ /dev/null
@@ -1,36 +0,0 @@
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'great'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:4]
-  it was successively modified at:
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:5]
-    ---
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:6]
-    ---
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:7]
-  the echoed string is : 'worse great really great'
-
-[end of the echoed string]
-
-
-worse great really greatHipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'great'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:4]
-  it was successively modified at:
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:5]
-    ---
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:6]
-    ---
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:9]
-    ---
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint08.php:10]
-  the echoed string is : 'worse great really great foo'
-
-[end of the echoed string]
-
-
-worse great really great foo
\ No newline at end of file
diff --git a/src/test/tainting/taint09.php b/src/test/tainting/taint09.php
deleted file mode 100644
index 044ae3c5912f5..0000000000000
--- a/src/test/tainting/taint09.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-  $d="worse ";
-  $e="great";
-  fb_set_taint($e, 0x1);
-  $f=$d . $e;
-  $f .= " really great";
-  $foo = " foo";
-  $f .= $foo;
-  fb_unset_taint($f, 0x1);
-  $f .= $foo;
-  echo($f); // not tainted
diff --git a/src/test/tainting/taint09.php.exp b/src/test/tainting/taint09.php.exp
deleted file mode 100644
index 9264d5c583169..0000000000000
--- a/src/test/tainting/taint09.php.exp
+++ /dev/null
@@ -1,2 +0,0 @@
-
-worse great really great foo foo
\ No newline at end of file
diff --git a/src/test/tainting/taint10.php b/src/test/tainting/taint10.php
deleted file mode 100644
index ecb72a7705733..0000000000000
--- a/src/test/tainting/taint10.php
+++ /dev/null
@@ -1,4 +0,0 @@
-<?php
-  require("taint10_aux.php");
-  $aaa = foo();
-  echo $aaa; // tainted
diff --git a/src/test/tainting/taint10.php.exp b/src/test/tainting/taint10.php.exp
deleted file mode 100644
index 61e4f2b548c45..0000000000000
--- a/src/test/tainting/taint10.php.exp
+++ /dev/null
@@ -1,31 +0,0 @@
-
-HipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'a weird string'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint10_aux.php:4]
-    #1 foo(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint10.php:3]
-  it was successively modified at:
-    <never>
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint10_aux.php:5]
-    #1 foo(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint10.php:3]
-  the echoed string is : 'a weird string'
-
-[end of the echoed string]
-
-
-a weird stringHipHop Warning:  Echoing a tainted string:
-  the originally tainted string was : 'a weird string'
-  it was tainted at :
-    #0 fb_set_taint(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint10_aux.php:4]
-    #1 foo(), called at [/data/users/jjeannin/hphp/src/test/tainting/taint10.php:3]
-  it was successively modified at:
-    <never>
-  it was echoed at :
-    #0 at [/data/users/jjeannin/hphp/src/test/tainting/taint10.php:4]
-  the echoed string is : 'a weird string'
-
-[end of the echoed string]
-
-
-a weird string
\ No newline at end of file
diff --git a/src/test/tainting/taint10_aux.php b/src/test/tainting/taint10_aux.php
deleted file mode 100644
index 7b8e36639dc79..0000000000000
--- a/src/test/tainting/taint10_aux.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-  function foo(){
-    $a = "a weird string";
-    fb_set_taint($a, 0x1);
-    echo($a);
-    return $a;
-  }