Merge
authorduke
Wed, 05 Jul 2017 20:29:56 +0200
changeset 30003 6c1b82ea87f7
parent 30002 db70d6ebfa97 (current diff)
parent 29997 dd08b1d9f43f (diff)
child 30008 af6a00b61db7
Merge
jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseBuilder.java
jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseState.java
jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilderParameters.java
jdk/test/sun/security/provider/certpath/ReverseBuilder/BuildPath.java
jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java
jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2leadMA
jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2mgrM
jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2prjM
jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrMcrl
jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2divE
jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2mgrM
jdk/test/sun/security/provider/certpath/ReverseBuilder/prjMcrl
--- a/.hgtags-top-repo	Thu Apr 23 16:12:16 2015 -0700
+++ b/.hgtags-top-repo	Wed Jul 05 20:29:56 2017 +0200
@@ -303,3 +303,4 @@
 6e78dd9b121037719a065fe8fb25b936babdfecb jdk9-b58
 39e8a131289e8386aa4c3e4b184faa812a7c0421 jdk9-b59
 9fa2185bee17462d1014538bff60af6e6f0b01e7 jdk9-b60
+ea38728b4f4bdd8fd0d7a89b18069f521cf05013 jdk9-b61
--- a/corba/.hgtags	Thu Apr 23 16:12:16 2015 -0700
+++ b/corba/.hgtags	Wed Jul 05 20:29:56 2017 +0200
@@ -303,3 +303,4 @@
 86dd5de1f5cb09073019bd629e22cfcd012d8b4b jdk9-b58
 cda6ae062f85fac5555f4e1318885b0ecd998bd1 jdk9-b59
 caa330b275f39282793466529f6864766b31d9fd jdk9-b60
+d690f489ca0bb95a6157d996da2fa72bcbcf02ea jdk9-b61
--- a/hotspot/.hgtags	Thu Apr 23 16:12:16 2015 -0700
+++ b/hotspot/.hgtags	Wed Jul 05 20:29:56 2017 +0200
@@ -463,3 +463,4 @@
 ee878f3d6732856f7725c590312bfbe2ffa52cc7 jdk9-b58
 96bcaec07cb165782bae1b9a1f28450b37a10e3a jdk9-b59
 9c916db4bf3bc164a47b5a9cefe5ffd71e111f6a jdk9-b60
+715d2da5801c410746e92f08066d53bde1496286 jdk9-b61
--- a/hotspot/src/cpu/aarch64/vm/aarch64.ad	Thu Apr 23 16:12:16 2015 -0700
+++ b/hotspot/src/cpu/aarch64/vm/aarch64.ad	Wed Jul 05 20:29:56 2017 +0200
@@ -793,38 +793,832 @@
   }
 };
 
-  bool preceded_by_ordered_load(const Node *barrier);
+  // graph traversal helpers
+  MemBarNode *has_parent_membar(const Node *n,
+				ProjNode *&ctl, ProjNode *&mem);
+  MemBarNode *has_child_membar(const MemBarNode *n,
+			       ProjNode *&ctl, ProjNode *&mem);
+
+  // predicates controlling emit of ldr<x>/ldar<x> and associated dmb
+  bool unnecessary_acquire(const Node *barrier);
+  bool needs_acquiring_load(const Node *load);
+
+  // predicates controlling emit of str<x>/stlr<x> and associated dmbs
+  bool unnecessary_release(const Node *barrier);
+  bool unnecessary_volatile(const Node *barrier);
+  bool needs_releasing_store(const Node *store);
 
   // Use barrier instructions rather than load acquire / store
   // release.
-  const bool UseBarriersForVolatile = true;
+  const bool UseBarriersForVolatile = false;
+  // Use barrier instructions for unsafe volatile gets rather than
+  // trying to identify an exact signature for them
+  const bool UseBarriersForUnsafeVolatileGet = false;
 %}
 
 source %{
 
-  // AArch64 has load acquire and store release instructions which we
-  // use for ordered memory accesses, e.g. for volatiles.  The ideal
-  // graph generator also inserts memory barriers around volatile
-  // accesses, and we don't want to generate both barriers and acq/rel
-  // instructions.  So, when we emit a MemBarAcquire we look back in
-  // the ideal graph for an ordered load and only emit the barrier if
-  // we don't find one.
-
-bool preceded_by_ordered_load(const Node *barrier) {
+  // AArch64 has ldar<x> and stlr<x> instructions which we can safely
+  // use to implement volatile reads and writes. For a volatile read
+  // we simply need
+  //
+  //   ldar<x>
+  //
+  // and for a volatile write we need
+  //
+  //   stlr<x>
+  // 
+  // Alternatively, we can implement them by pairing a normal
+  // load/store with a memory barrier. For a volatile read we need
+  // 
+  //   ldr<x>
+  //   dmb ishld
+  //
+  // for a volatile write
+  //
+  //   dmb ish
+  //   str<x>
+  //   dmb ish
+  //
+  // In order to generate the desired instruction sequence we need to
+  // be able to identify specific 'signature' ideal graph node
+  // sequences which i) occur as a translation of a volatile reads or
+  // writes and ii) do not occur through any other translation or
+  // graph transformation. We can then provide alternative aldc
+  // matching rules which translate these node sequences to the
+  // desired machine code sequences. Selection of the alternative
+  // rules can be implemented by predicates which identify the
+  // relevant node sequences.
+  //
+  // The ideal graph generator translates a volatile read to the node
+  // sequence
+  //
+  //   LoadX[mo_acquire]
+  //   MemBarAcquire
+  //
+  // As a special case when using the compressed oops optimization we
+  // may also see this variant
+  //
+  //   LoadN[mo_acquire]
+  //   DecodeN
+  //   MemBarAcquire
+  //
+  // A volatile write is translated to the node sequence
+  //
+  //   MemBarRelease
+  //   StoreX[mo_release]
+  //   MemBarVolatile
+  //
+  // n.b. the above node patterns are generated with a strict
+  // 'signature' configuration of input and output dependencies (see
+  // the predicates below for exact details). The two signatures are
+  // unique to translated volatile reads/stores -- they will not
+  // appear as a result of any other bytecode translation or inlining
+  // nor as a consequence of optimizing transforms.
+  //
+  // We also want to catch inlined unsafe volatile gets and puts and
+  // be able to implement them using either ldar<x>/stlr<x> or some
+  // combination of ldr<x>/stlr<x> and dmb instructions.
+  //
+  // Inlined unsafe volatiles puts manifest as a minor variant of the
+  // normal volatile put node sequence containing an extra cpuorder
+  // membar
+  //
+  //   MemBarRelease
+  //   MemBarCPUOrder
+  //   StoreX[mo_release]
+  //   MemBarVolatile
+  //
+  // n.b. as an aside, the cpuorder membar is not itself subject to
+  // matching and translation by adlc rules.  However, the rule
+  // predicates need to detect its presence in order to correctly
+  // select the desired adlc rules.
+  //
+  // Inlined unsafe volatiles gets manifest as a somewhat different
+  // node sequence to a normal volatile get
+  //
+  //   MemBarCPUOrder
+  //        ||       \\
+  //   MemBarAcquire LoadX[mo_acquire]
+  //        ||
+  //   MemBarCPUOrder
+  //
+  // In this case the acquire membar does not directly depend on the
+  // load. However, we can be sure that the load is generated from an
+  // inlined unsafe volatile get if we see it dependent on this unique
+  // sequence of membar nodes. Similarly, given an acquire membar we
+  // can know that it was added because of an inlined unsafe volatile
+  // get if it is fed and feeds a cpuorder membar and if its feed
+  // membar also feeds an acquiring load.
+  //
+  // So, where we can identify these volatile read and write
+  // signatures we can choose to plant either of the above two code
+  // sequences. For a volatile read we can simply plant a normal
+  // ldr<x> and translate the MemBarAcquire to a dmb. However, we can
+  // also choose to inhibit translation of the MemBarAcquire and
+  // inhibit planting of the ldr<x>, instead planting an ldar<x>.
+  //
+  // When we recognise a volatile store signature we can choose to
+  // plant at a dmb ish as a translation for the MemBarRelease, a
+  // normal str<x> and then a dmb ish for the MemBarVolatile.
+  // Alternatively, we can inhibit translation of the MemBarRelease
+  // and MemBarVolatile and instead plant a simple stlr<x>
+  // instruction.
+  //
+  // Of course, the above only applies when we see these signature
+  // configurations. We still want to plant dmb instructions in any
+  // other cases where we may see a MemBarAcquire, MemBarRelease or
+  // MemBarVolatile. For example, at the end of a constructor which
+  // writes final/volatile fields we will see a MemBarRelease
+  // instruction and this needs a 'dmb ish' lest we risk the
+  // constructed object being visible without making the
+  // final/volatile field writes visible.
+  //
+  // n.b. the translation rules below which rely on detection of the
+  // volatile signatures and insert ldar<x> or stlr<x> are failsafe.
+  // If we see anything other than the signature configurations we
+  // always just translate the loads and stors to ldr<x> and str<x>
+  // and translate acquire, release and volatile membars to the
+  // relevant dmb instructions.
+  //
+  // n.b.b as a case in point for the above comment, the current
+  // predicates don't detect the precise signature for certain types
+  // of volatile object stores (where the heap_base input type is not
+  // known at compile-time to be non-NULL). In those cases the
+  // MemBarRelease and MemBarVolatile bracket an if-then-else sequence
+  // with a store in each branch (we need a different store depending
+  // on whether heap_base is actually NULL). In such a case we will
+  // just plant a dmb both before and after the branch/merge. The
+  // predicate could (and probably should) be fixed later to also
+  // detect this case.
+
+  // graph traversal helpers
+
+  // if node n is linked to a parent MemBarNode by an intervening
+  // Control or Memory ProjNode return the MemBarNode otherwise return
+  // NULL.
+  //
+  // n may only be a Load or a MemBar.
+  //
+  // The ProjNode* references c and m are used to return the relevant
+  // nodes.
+
+  MemBarNode *has_parent_membar(const Node *n, ProjNode *&c, ProjNode *&m)
+  {
+    Node *ctl = NULL;
+    Node *mem = NULL;
+    Node *membar = NULL;
+
+    if (n->is_Load()) {
+      ctl = n->lookup(LoadNode::Control);
+      mem = n->lookup(LoadNode::Memory);
+    } else if (n->is_MemBar()) {
+      ctl = n->lookup(TypeFunc::Control);
+      mem = n->lookup(TypeFunc::Memory);
+    } else {
+	return NULL;
+    }
+
+    if (!ctl || !mem || !ctl->is_Proj() || !mem->is_Proj())
+      return NULL;
+
+    c = ctl->as_Proj();
+
+    membar = ctl->lookup(0);
+
+    if (!membar || !membar->is_MemBar())
+      return NULL;
+
+    m = mem->as_Proj();
+
+    if (mem->lookup(0) != membar)
+      return NULL;
+
+    return membar->as_MemBar();
+  }
+
+  // if n is linked to a child MemBarNode by intervening Control and
+  // Memory ProjNodes return the MemBarNode otherwise return NULL.
+  //
+  // The ProjNode** arguments c and m are used to return pointers to
+  // the relevant nodes. A null argument means don't don't return a
+  // value.
+
+  MemBarNode *has_child_membar(const MemBarNode *n, ProjNode *&c, ProjNode *&m)
+  {
+    ProjNode *ctl = n->proj_out(TypeFunc::Control);
+    ProjNode *mem = n->proj_out(TypeFunc::Memory);
+
+    // MemBar needs to have both a Ctl and Mem projection
+    if (! ctl || ! mem)
+      return NULL;
+
+    c = ctl;
+    m = mem;
+
+    MemBarNode *child = NULL;
+    Node *x;
+
+    for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) {
+      x = ctl->fast_out(i);
+      // if we see a membar we keep hold of it. we may also see a new
+      // arena copy of the original but it will appear later
+      if (x->is_MemBar()) {
+	  child = x->as_MemBar();
+	  break;
+      }
+    }
+
+    if (child == NULL)
+      return NULL;
+
+    for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) {
+      x = mem->fast_out(i);
+      // if we see a membar we keep hold of it. we may also see a new
+      // arena copy of the original but it will appear later
+      if (x == child) {
+	return child;
+      }
+    }
+    return NULL;
+  }
+
+  // predicates controlling emit of ldr<x>/ldar<x> and associated dmb
+
+bool unnecessary_acquire(const Node *barrier) {
+  // assert barrier->is_MemBar();
+  if (UseBarriersForVolatile)
+    // we need to plant a dmb
+    return false;
+
+  // a volatile read derived from bytecode (or also from an inlined
+  // SHA field read via LibraryCallKit::load_field_from_object)
+  // manifests as a LoadX[mo_acquire] followed by an acquire membar
+  // with a bogus read dependency on it's preceding load. so in those
+  // cases we will find the load node at the PARMS offset of the
+  // acquire membar.  n.b. there may be an intervening DecodeN node.
+  //
+  // a volatile load derived from an inlined unsafe field access
+  // manifests as a cpuorder membar with Ctl and Mem projections
+  // feeding both an acquire membar and a LoadX[mo_acquire]. The
+  // acquire then feeds another cpuorder membar via Ctl and Mem
+  // projections. The load has no output dependency on these trailing
+  // membars because subsequent nodes inserted into the graph take
+  // their control feed from the final membar cpuorder meaning they
+  // are all ordered after the load.
+
   Node *x = barrier->lookup(TypeFunc::Parms);
-
-  if (! x)
+  if (x) {
+    // we are starting from an acquire and it has a fake dependency
+    //
+    // need to check for
+    //
+    //   LoadX[mo_acquire]
+    //   {  |1   }
+    //   {DecodeN}
+    //      |Parms
+    //   MemBarAcquire*
+    //
+    // where * tags node we were passed
+    // and |k means input k
+    if (x->is_DecodeNarrowPtr())
+      x = x->in(1);
+
+    return (x->is_Load() && x->as_Load()->is_acquire());
+  }
+  
+  // only continue if we want to try to match unsafe volatile gets
+  if (UseBarriersForUnsafeVolatileGet)
+    return false;
+
+  // need to check for
+  //
+  //     MemBarCPUOrder
+  //        ||       \\
+  //   MemBarAcquire* LoadX[mo_acquire]
+  //        ||
+  //   MemBarCPUOrder
+  //
+  // where * tags node we were passed
+  // and || or \\ are Ctl+Mem feeds via intermediate Proj Nodes
+
+  // check for a parent MemBarCPUOrder
+  ProjNode *ctl;
+  ProjNode *mem;
+  MemBarNode *parent = has_parent_membar(barrier, ctl, mem);
+  if (!parent || parent->Opcode() != Op_MemBarCPUOrder)
+    return false;
+  // ensure the proj nodes both feed a LoadX[mo_acquire]
+  LoadNode *ld = NULL;
+  for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) {
+    x = ctl->fast_out(i);
+    // if we see a load we keep hold of it and stop searching
+    if (x->is_Load()) {
+      ld = x->as_Load();
+      break;
+    }
+  }
+  // it must be an acquiring load
+  if (! ld || ! ld->is_acquire())
+    return false;
+  for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) {
+    x = mem->fast_out(i);
+    // if we see the same load we drop it and stop searching
+    if (x == ld) {
+      ld = NULL;
+      break;
+    }
+  }
+  // we must have dropped the load
+  if (ld)
+    return false;
+  // check for a child cpuorder membar
+  MemBarNode *child  = has_child_membar(barrier->as_MemBar(), ctl, mem);
+  if (!child || child->Opcode() != Op_MemBarCPUOrder)
+    return false;
+
+  return true;
+}
+
+bool needs_acquiring_load(const Node *n)
+{
+  // assert n->is_Load();
+  if (UseBarriersForVolatile)
+    // we use a normal load and a dmb
+    return false;
+
+  LoadNode *ld = n->as_Load();
+
+  if (!ld->is_acquire())
+    return false;
+
+  // check if this load is feeding an acquire membar
+  //
+  //   LoadX[mo_acquire]
+  //   {  |1   }
+  //   {DecodeN}
+  //      |Parms
+  //   MemBarAcquire*
+  //
+  // where * tags node we were passed
+  // and |k means input k
+
+  Node *start = ld;
+  Node *mbacq = NULL;
+
+  // if we hit a DecodeNarrowPtr we reset the start node and restart
+  // the search through the outputs
+ restart:
+
+  for (DUIterator_Fast imax, i = start->fast_outs(imax); i < imax; i++) {
+    Node *x = start->fast_out(i);
+    if (x->is_MemBar() && x->Opcode() == Op_MemBarAcquire) {
+      mbacq = x;
+    } else if (!mbacq &&
+	       (x->is_DecodeNarrowPtr() ||
+		(x->is_Mach() && x->Opcode() == Op_DecodeN))) {
+      start = x;
+      goto restart;
+    }
+  }
+
+  if (mbacq) {
+    return true;
+  }
+
+  // only continue if we want to try to match unsafe volatile gets
+  if (UseBarriersForUnsafeVolatileGet)
+    return false;
+
+  // check if Ctl and Proj feed comes from a MemBarCPUOrder
+  //
+  //     MemBarCPUOrder
+  //        ||       \\
+  //   MemBarAcquire* LoadX[mo_acquire]
+  //        ||
+  //   MemBarCPUOrder
+
+  MemBarNode *membar;
+  ProjNode *ctl;
+  ProjNode *mem;
+
+  membar = has_parent_membar(ld, ctl, mem);
+
+  if (!membar || !membar->Opcode() == Op_MemBarCPUOrder)
+    return false;
+
+  // ensure that there is a CPUOrder->Acquire->CPUOrder membar chain
+
+  membar = has_child_membar(membar, ctl, mem);
+
+  if (!membar || !membar->Opcode() == Op_MemBarAcquire)
+    return false;
+
+  membar = has_child_membar(membar, ctl, mem);
+  
+  if (!membar || !membar->Opcode() == Op_MemBarCPUOrder)
+    return false;
+
+  return true;
+}
+
+bool unnecessary_release(const Node *n) {
+  // assert n->is_MemBar();
+  if (UseBarriersForVolatile)
+    // we need to plant a dmb
+    return false;
+
+  // ok, so we can omit this release barrier if it has been inserted
+  // as part of a volatile store sequence
+  //
+  //   MemBarRelease
+  //  {      ||      }
+  //  {MemBarCPUOrder} -- optional
+  //         ||     \\
+  //         ||     StoreX[mo_release]
+  //         | \     /
+  //         | MergeMem
+  //         | /
+  //   MemBarVolatile
+  //
+  // where
+  //  || and \\ represent Ctl and Mem feeds via Proj nodes
+  //  | \ and / indicate further routing of the Ctl and Mem feeds
+  // 
+  // so we need to check that
+  //
+  // ia) the release membar (or its dependent cpuorder membar) feeds
+  // control to a store node (via a Control project node)
+  //
+  // ii) the store is ordered release
+  //
+  // iii) the release membar (or its dependent cpuorder membar) feeds
+  // control to a volatile membar (via the same Control project node)
+  //
+  // iv) the release membar feeds memory to a merge mem and to the
+  // same store (both via a single Memory proj node)
+  //
+  // v) the store outputs to the merge mem
+  //
+  // vi) the merge mem outputs to the same volatile membar
+  //
+  // n.b. if this is an inlined unsafe node then the release membar
+  // may feed its control and memory links via an intervening cpuorder
+  // membar. this case can be dealt with when we check the release
+  // membar projections. if they both feed a single cpuorder membar
+  // node continue to make the same checks as above but with the
+  // cpuorder membar substituted for the release membar. if they don't
+  // both feed a cpuorder membar then the check fails.
+  //
+  // n.b.b. for an inlined unsafe store of an object in the case where
+  // !TypePtr::NULL_PTR->higher_equal(type(heap_base_oop)) we may see
+  // an embedded if then else where we expect the store. this is
+  // needed to do the right type of store depending on whether
+  // heap_base is NULL. We could check for that but for now we can
+  // just take the hit of on inserting a redundant dmb for this
+  // redundant volatile membar
+
+  MemBarNode *barrier = n->as_MemBar();
+  ProjNode *ctl;
+  ProjNode *mem;
+  // check for an intervening cpuorder membar
+  MemBarNode *b = has_child_membar(barrier, ctl, mem);
+  if (b && b->Opcode() == Op_MemBarCPUOrder) {
+    // ok, so start form the dependent cpuorder barrier
+    barrier = b;
+  }
+  // check the ctl and mem flow
+  ctl = barrier->proj_out(TypeFunc::Control);
+  mem = barrier->proj_out(TypeFunc::Memory);
+
+  // the barrier needs to have both a Ctl and Mem projection
+  if (! ctl || ! mem)
+    return false;
+
+  Node *x = NULL;
+  Node *mbvol = NULL;
+  StoreNode * st = NULL;
+
+  // For a normal volatile write the Ctl ProjNode should have output
+  // to a MemBarVolatile and a Store marked as releasing
+  //
+  // n.b. for an inlined unsafe store of an object in the case where
+  // !TypePtr::NULL_PTR->higher_equal(type(heap_base_oop)) we may see
+  // an embedded if then else where we expect the store. this is
+  // needed to do the right type of store depending on whether
+  // heap_base is NULL. We could check for that case too but for now
+  // we can just take the hit of inserting a dmb and a non-volatile
+  // store to implement the volatile store
+
+  for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) {
+    x = ctl->fast_out(i);
+    if (x->is_MemBar() && x->Opcode() == Op_MemBarVolatile) {
+      if (mbvol) {
+	return false;
+      }
+      mbvol = x;
+    } else if (x->is_Store()) {
+      st = x->as_Store();
+      if (! st->is_release()) {
+	return false;
+      }
+    } else if (!x->is_Mach()) {
+      // we may see mach nodes added during matching but nothing else
+      return false;
+    }
+  }
+
+  if (!mbvol || !st)
     return false;
 
-  if (x->is_DecodeNarrowPtr())
-    x = x->in(1);
-
-  if (x->is_Load())
-    return ! x->as_Load()->is_unordered();
-
-  return false;
+  // the Mem ProjNode should output to a MergeMem and the same Store
+  Node *mm = NULL;
+  for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) {
+    x = mem->fast_out(i);
+    if (!mm && x->is_MergeMem()) {
+      mm = x;
+    } else if (x != st && !x->is_Mach()) {
+      // we may see mach nodes added during matching but nothing else
+      return false;
+    }
+  }
+
+  if (!mm)
+    return false;
+
+  // the MergeMem should output to the MemBarVolatile
+  for (DUIterator_Fast imax, i = mm->fast_outs(imax); i < imax; i++) {
+    x = mm->fast_out(i);
+    if (x != mbvol && !x->is_Mach()) {
+      // we may see mach nodes added during matching but nothing else
+      return false;
+    }
+  }
+
+  return true;
 }
 
+bool unnecessary_volatile(const Node *n) {
+  // assert n->is_MemBar();
+  if (UseBarriersForVolatile)
+    // we need to plant a dmb
+    return false;
+
+  // ok, so we can omit this volatile barrier if it has been inserted
+  // as part of a volatile store sequence
+  //
+  //   MemBarRelease
+  //  {      ||      }
+  //  {MemBarCPUOrder} -- optional
+  //         ||     \\
+  //         ||     StoreX[mo_release]
+  //         | \     /
+  //         | MergeMem
+  //         | /
+  //   MemBarVolatile
+  //
+  // where
+  //  || and \\ represent Ctl and Mem feeds via Proj nodes
+  //  | \ and / indicate further routing of the Ctl and Mem feeds
+  // 
+  // we need to check that
+  //
+  // i) the volatile membar gets its control feed from a release
+  // membar (or its dependent cpuorder membar) via a Control project
+  // node
+  //
+  // ii) the release membar (or its dependent cpuorder membar) also
+  // feeds control to a store node via the same proj node
+  //
+  // iii) the store is ordered release
+  //
+  // iv) the release membar (or its dependent cpuorder membar) feeds
+  // memory to a merge mem and to the same store (both via a single
+  // Memory proj node)
+  //
+  // v) the store outputs to the merge mem
+  //
+  // vi) the merge mem outputs to the volatile membar
+  //
+  // n.b. for an inlined unsafe store of an object in the case where
+  // !TypePtr::NULL_PTR->higher_equal(type(heap_base_oop)) we may see
+  // an embedded if then else where we expect the store. this is
+  // needed to do the right type of store depending on whether
+  // heap_base is NULL. We could check for that but for now we can
+  // just take the hit of on inserting a redundant dmb for this
+  // redundant volatile membar
+
+  MemBarNode *mbvol = n->as_MemBar();
+  Node *x = n->lookup(TypeFunc::Control);
+
+  if (! x || !x->is_Proj())
+    return false;
+
+  ProjNode *proj = x->as_Proj();
+
+  x = proj->lookup(0);
+
+  if (!x || !x->is_MemBar())
+    return false;
+
+  MemBarNode *barrier = x->as_MemBar();
+
+  // if the barrier is a release membar we have what we want. if it is
+  // a cpuorder membar then we need to ensure that it is fed by a
+  // release membar in which case we proceed to check the graph below
+  // this cpuorder membar as the feed
+
+  if (x->Opcode() != Op_MemBarRelease) {
+    if (x->Opcode() != Op_MemBarCPUOrder)
+      return false;
+    ProjNode *ctl;
+    ProjNode *mem;
+    MemBarNode *b = has_parent_membar(x, ctl, mem);
+    if (!b || !b->Opcode() == Op_MemBarRelease)
+      return false;
+  }
+
+  ProjNode *ctl = barrier->proj_out(TypeFunc::Control);
+  ProjNode *mem = barrier->proj_out(TypeFunc::Memory);
+
+  // barrier needs to have both a Ctl and Mem projection
+  // and we need to have reached it via the Ctl projection
+  if (! ctl || ! mem || ctl != proj)
+    return false;
+
+  StoreNode * st = NULL;
+
+  // The Ctl ProjNode should have output to a MemBarVolatile and
+  // a Store marked as releasing
+  for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) {
+    x = ctl->fast_out(i);
+    if (x->is_MemBar() && x->Opcode() == Op_MemBarVolatile) {
+      if (x != mbvol) {
+	return false;
+      }
+    } else if (x->is_Store()) {
+      st = x->as_Store();
+      if (! st->is_release()) {
+	return false;
+      }
+    } else if (!x->is_Mach()){
+      // we may see mach nodes added during matching but nothing else
+      return false;
+    }
+  }
+
+  if (!st)
+    return false;
+
+  // the Mem ProjNode should output to a MergeMem and the same Store
+  Node *mm = NULL;
+  for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) {
+    x = mem->fast_out(i);
+    if (!mm && x->is_MergeMem()) {
+      mm = x;
+    } else if (x != st && !x->is_Mach()) {
+      // we may see mach nodes added during matching but nothing else
+      return false;
+    }
+  }
+
+  if (!mm)
+    return false;
+
+  // the MergeMem should output to the MemBarVolatile
+  for (DUIterator_Fast imax, i = mm->fast_outs(imax); i < imax; i++) {
+    x = mm->fast_out(i);
+    if (x != mbvol && !x->is_Mach()) {
+      // we may see mach nodes added during matching but nothing else
+      return false;
+    }
+  }
+
+  return true;
+}
+
+
+
+bool needs_releasing_store(const Node *n)
+{
+  // assert n->is_Store();
+  if (UseBarriersForVolatile)
+    // we use a normal store and dmb combination
+    return false;
+
+  StoreNode *st = n->as_Store();
+
+  if (!st->is_release())
+    return false;
+
+  // check if this store is bracketed by a release (or its dependent
+  // cpuorder membar) and a volatile membar
+  //
+  //   MemBarRelease
+  //  {      ||      }
+  //  {MemBarCPUOrder} -- optional
+  //         ||     \\
+  //         ||     StoreX[mo_release]
+  //         | \     /
+  //         | MergeMem
+  //         | /
+  //   MemBarVolatile
+  //
+  // where
+  //  || and \\ represent Ctl and Mem feeds via Proj nodes
+  //  | \ and / indicate further routing of the Ctl and Mem feeds
+  // 
+
+
+  Node *x = st->lookup(TypeFunc::Control);
+
+  if (! x || !x->is_Proj())
+    return false;
+
+  ProjNode *proj = x->as_Proj();
+
+  x = proj->lookup(0);
+
+  if (!x || !x->is_MemBar())
+    return false;
+
+  MemBarNode *barrier = x->as_MemBar();
+
+  // if the barrier is a release membar we have what we want. if it is
+  // a cpuorder membar then we need to ensure that it is fed by a
+  // release membar in which case we proceed to check the graph below
+  // this cpuorder membar as the feed
+
+  if (x->Opcode() != Op_MemBarRelease) {
+    if (x->Opcode() != Op_MemBarCPUOrder)
+      return false;
+    Node *ctl = x->lookup(TypeFunc::Control);
+    Node *mem = x->lookup(TypeFunc::Memory);
+    if (!ctl || !ctl->is_Proj() || !mem || !mem->is_Proj())
+      return false;
+    x = ctl->lookup(0);
+    if (!x || !x->is_MemBar() || !x->Opcode() == Op_MemBarRelease)
+      return false;
+    Node *y = mem->lookup(0);
+    if (!y || y != x)
+      return false;
+  }
+
+  ProjNode *ctl = barrier->proj_out(TypeFunc::Control);
+  ProjNode *mem = barrier->proj_out(TypeFunc::Memory);
+
+  // MemBarRelease needs to have both a Ctl and Mem projection
+  // and we need to have reached it via the Ctl projection
+  if (! ctl || ! mem || ctl != proj)
+    return false;
+
+  MemBarNode *mbvol = NULL;
+
+  // The Ctl ProjNode should have output to a MemBarVolatile and
+  // a Store marked as releasing
+  for (DUIterator_Fast imax, i = ctl->fast_outs(imax); i < imax; i++) {
+    x = ctl->fast_out(i);
+    if (x->is_MemBar() && x->Opcode() == Op_MemBarVolatile) {
+      mbvol = x->as_MemBar();
+    } else if (x->is_Store()) {
+      if (x != st) {
+	return false;
+      }
+    } else if (!x->is_Mach()){
+      return false;
+    }
+  }
+
+  if (!mbvol)
+    return false;
+
+  // the Mem ProjNode should output to a MergeMem and the same Store
+  Node *mm = NULL;
+  for (DUIterator_Fast imax, i = mem->fast_outs(imax); i < imax; i++) {
+    x = mem->fast_out(i);
+    if (!mm && x->is_MergeMem()) {
+      mm = x;
+    } else if (x != st && !x->is_Mach()) {
+      return false;
+    }
+  }
+
+  if (!mm)
+    return false;
+
+  // the MergeMem should output to the MemBarVolatile
+  for (DUIterator_Fast imax, i = mm->fast_outs(imax); i < imax; i++) {
+    x = mm->fast_out(i);
+    if (x != mbvol && !x->is_Mach()) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+
+
 #define __ _masm.
 
 // advance declarations for helper functions to convert register
@@ -5151,7 +5945,7 @@
 instruct loadB(iRegINoSp dst, memory mem)
 %{
   match(Set dst (LoadB mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrsbw  $dst, $mem\t# byte" %}
@@ -5165,7 +5959,7 @@
 instruct loadB2L(iRegLNoSp dst, memory mem)
 %{
   match(Set dst (ConvI2L (LoadB mem)));
-  predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n->in(1)));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrsb  $dst, $mem\t# byte" %}
@@ -5179,7 +5973,7 @@
 instruct loadUB(iRegINoSp dst, memory mem)
 %{
   match(Set dst (LoadUB mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrbw  $dst, $mem\t# byte" %}
@@ -5193,7 +5987,7 @@
 instruct loadUB2L(iRegLNoSp dst, memory mem)
 %{
   match(Set dst (ConvI2L (LoadUB mem)));
-  predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n->in(1)));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrb  $dst, $mem\t# byte" %}
@@ -5207,7 +6001,7 @@
 instruct loadS(iRegINoSp dst, memory mem)
 %{
   match(Set dst (LoadS mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrshw  $dst, $mem\t# short" %}
@@ -5221,7 +6015,7 @@
 instruct loadS2L(iRegLNoSp dst, memory mem)
 %{
   match(Set dst (ConvI2L (LoadS mem)));
-  predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n->in(1)));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrsh  $dst, $mem\t# short" %}
@@ -5235,7 +6029,7 @@
 instruct loadUS(iRegINoSp dst, memory mem)
 %{
   match(Set dst (LoadUS mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrh  $dst, $mem\t# short" %}
@@ -5249,7 +6043,7 @@
 instruct loadUS2L(iRegLNoSp dst, memory mem)
 %{
   match(Set dst (ConvI2L (LoadUS mem)));
-  predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n->in(1)));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrh  $dst, $mem\t# short" %}
@@ -5263,7 +6057,7 @@
 instruct loadI(iRegINoSp dst, memory mem)
 %{
   match(Set dst (LoadI mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrw  $dst, $mem\t# int" %}
@@ -5277,7 +6071,7 @@
 instruct loadI2L(iRegLNoSp dst, memory mem)
 %{
   match(Set dst (ConvI2L (LoadI mem)));
-  predicate(UseBarriersForVolatile || n->in(1)->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n->in(1)));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrsw  $dst, $mem\t# int" %}
@@ -5291,7 +6085,7 @@
 instruct loadUI2L(iRegLNoSp dst, memory mem, immL_32bits mask)
 %{
   match(Set dst (AndL (ConvI2L (LoadI mem)) mask));
-  predicate(UseBarriersForVolatile || n->in(1)->in(1)->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n->in(1)->in(1)->as_Load()));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrw  $dst, $mem\t# int" %}
@@ -5305,7 +6099,7 @@
 instruct loadL(iRegLNoSp dst, memory mem)
 %{
   match(Set dst (LoadL mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldr  $dst, $mem\t# int" %}
@@ -5332,7 +6126,7 @@
 instruct loadP(iRegPNoSp dst, memory mem)
 %{
   match(Set dst (LoadP mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldr  $dst, $mem\t# ptr" %}
@@ -5346,7 +6140,7 @@
 instruct loadN(iRegNNoSp dst, memory mem)
 %{
   match(Set dst (LoadN mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrw  $dst, $mem\t# compressed ptr" %}
@@ -5360,7 +6154,7 @@
 instruct loadKlass(iRegPNoSp dst, memory mem)
 %{
   match(Set dst (LoadKlass mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldr  $dst, $mem\t# class" %}
@@ -5374,7 +6168,7 @@
 instruct loadNKlass(iRegNNoSp dst, memory mem)
 %{
   match(Set dst (LoadNKlass mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrw  $dst, $mem\t# compressed class ptr" %}
@@ -5388,7 +6182,7 @@
 instruct loadF(vRegF dst, memory mem)
 %{
   match(Set dst (LoadF mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrs  $dst, $mem\t# float" %}
@@ -5402,7 +6196,7 @@
 instruct loadD(vRegD dst, memory mem)
 %{
   match(Set dst (LoadD mem));
-  predicate(UseBarriersForVolatile || n->as_Load()->is_unordered());
+  predicate(!needs_acquiring_load(n));
 
   ins_cost(4 * INSN_COST);
   format %{ "ldrd  $dst, $mem\t# double" %}
@@ -5633,7 +6427,7 @@
 instruct storeB(iRegIorL2I src, memory mem)
 %{
   match(Set mem (StoreB mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strb  $src, $mem\t# byte" %}
@@ -5647,7 +6441,7 @@
 instruct storeimmB0(immI0 zero, memory mem)
 %{
   match(Set mem (StoreB mem zero));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strb zr, $mem\t# byte" %}
@@ -5661,7 +6455,7 @@
 instruct storeC(iRegIorL2I src, memory mem)
 %{
   match(Set mem (StoreC mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strh  $src, $mem\t# short" %}
@@ -5674,7 +6468,7 @@
 instruct storeimmC0(immI0 zero, memory mem)
 %{
   match(Set mem (StoreC mem zero));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strh  zr, $mem\t# short" %}
@@ -5689,7 +6483,7 @@
 instruct storeI(iRegIorL2I src, memory mem)
 %{
   match(Set mem(StoreI mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strw  $src, $mem\t# int" %}
@@ -5702,7 +6496,7 @@
 instruct storeimmI0(immI0 zero, memory mem)
 %{
   match(Set mem(StoreI mem zero));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strw  zr, $mem\t# int" %}
@@ -5716,7 +6510,7 @@
 instruct storeL(iRegL src, memory mem)
 %{
   match(Set mem (StoreL mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "str  $src, $mem\t# int" %}
@@ -5730,7 +6524,7 @@
 instruct storeimmL0(immL0 zero, memory mem)
 %{
   match(Set mem (StoreL mem zero));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "str  zr, $mem\t# int" %}
@@ -5744,7 +6538,7 @@
 instruct storeP(iRegP src, memory mem)
 %{
   match(Set mem (StoreP mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "str  $src, $mem\t# ptr" %}
@@ -5758,7 +6552,7 @@
 instruct storeimmP0(immP0 zero, memory mem)
 %{
   match(Set mem (StoreP mem zero));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "str zr, $mem\t# ptr" %}
@@ -5772,7 +6566,7 @@
 instruct storeN(iRegN src, memory mem)
 %{
   match(Set mem (StoreN mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strw  $src, $mem\t# compressed ptr" %}
@@ -5787,7 +6581,7 @@
   match(Set mem (StoreN mem zero));
   predicate(Universe::narrow_oop_base() == NULL &&
             Universe::narrow_klass_base() == NULL &&
-            (UseBarriersForVolatile || n->as_Store()->is_unordered()));
+            (!needs_releasing_store(n)));
 
   ins_cost(INSN_COST);
   format %{ "strw  rheapbase, $mem\t# compressed ptr (rheapbase==0)" %}
@@ -5801,7 +6595,7 @@
 instruct storeF(vRegF src, memory mem)
 %{
   match(Set mem (StoreF mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strs  $src, $mem\t# float" %}
@@ -5818,7 +6612,7 @@
 instruct storeD(vRegD src, memory mem)
 %{
   match(Set mem (StoreD mem src));
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
 
   ins_cost(INSN_COST);
   format %{ "strd  $src, $mem\t# double" %}
@@ -5831,7 +6625,7 @@
 // Store Compressed Klass Pointer
 instruct storeNKlass(iRegN src, memory mem)
 %{
-  predicate(UseBarriersForVolatile || n->as_Store()->is_unordered());
+  predicate(!needs_releasing_store(n));
   match(Set mem (StoreNKlass mem src));
 
   ins_cost(INSN_COST);
@@ -6293,7 +7087,7 @@
 %}
 
 instruct unnecessary_membar_acquire() %{
-  predicate(! UseBarriersForVolatile && preceded_by_ordered_load(n));
+  predicate(unnecessary_acquire(n));
   match(MemBarAcquire);
   ins_cost(0);
 
@@ -6345,6 +7139,19 @@
   ins_pipe(pipe_serial);
 %}
 
+instruct unnecessary_membar_release() %{
+  predicate(unnecessary_release(n));
+  match(MemBarRelease);
+  ins_cost(0);
+
+  format %{ "membar_release (elided)" %}
+
+  ins_encode %{
+    __ block_comment("membar_release (elided)");
+  %}
+  ins_pipe(pipe_serial);
+%}
+
 instruct membar_release() %{
   match(MemBarRelease);
   ins_cost(VOLATILE_REF_COST);
@@ -6382,6 +7189,20 @@
   ins_pipe(pipe_serial);
 %}
 
+instruct unnecessary_membar_volatile() %{
+  predicate(unnecessary_volatile(n));
+  match(MemBarVolatile);
+  ins_cost(0);
+
+  format %{ "membar_volatile (elided)" %}
+
+  ins_encode %{
+    __ block_comment("membar_volatile (elided)");
+  %}
+
+  ins_pipe(pipe_serial);
+%}
+
 instruct membar_volatile() %{
   match(MemBarVolatile);
   ins_cost(VOLATILE_REF_COST*100);
--- a/jdk/.hgtags	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/.hgtags	Wed Jul 05 20:29:56 2017 +0200
@@ -303,3 +303,4 @@
 36fc65e80d811ee43aedfc69284224b86a403662 jdk9-b58
 48ee960f29df93a9b2a895621321358a86909086 jdk9-b59
 84c5527f742bc64562e47d3149c16197fe1c4c1a jdk9-b60
+da84dcac1b0b12c5b836b05ac75ecbfadee0cd32 jdk9-b61
--- a/jdk/make/src/classes/build/tools/module/ext.modules	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/make/src/classes/build/tools/module/ext.modules	Wed Jul 05 20:29:56 2017 +0200
@@ -12,4 +12,5 @@
 jdk.localedata
 jdk.naming.dns
 jdk.scripting.nashorn
+jdk.xml.dom
 jdk.zipfs
--- a/jdk/src/java.base/linux/classes/sun/nio/ch/EPollPort.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/linux/classes/sun/nio/ch/EPollPort.java	Wed Jul 05 20:29:56 2017 +0200
@@ -105,7 +105,7 @@
 
         // create the queue and offer the special event to ensure that the first
         // threads polls
-        this.queue = new ArrayBlockingQueue<Event>(MAX_EPOLL_EVENTS);
+        this.queue = new ArrayBlockingQueue<>(MAX_EPOLL_EVENTS);
         this.queue.offer(NEED_TO_POLL);
     }
 
--- a/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxNativeDispatcher.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxNativeDispatcher.java	Wed Jul 05 20:29:56 2017 +0200
@@ -121,7 +121,7 @@
     private static native void init();
 
     static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             public Void run() {
                 System.loadLibrary("nio");
                 return null;
--- a/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxWatchService.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/linux/classes/sun/nio/fs/LinuxWatchService.java	Wed Jul 05 20:29:56 2017 +0200
@@ -190,7 +190,7 @@
             this.watcher = watcher;
             this.ifd = ifd;
             this.socketpair = sp;
-            this.wdToKey = new HashMap<Integer,LinuxWatchKey>();
+            this.wdToKey = new HashMap<>();
             this.address = unsafe.allocateMemory(BUFFER_SIZE);
         }
 
@@ -457,7 +457,7 @@
     private static native int poll(int fd1, int fd2) throws UnixException;
 
     static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             public Void run() {
                 System.loadLibrary("nio");
                 return null;
--- a/jdk/src/java.base/linux/classes/sun/nio/fs/MagicFileTypeDetector.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/linux/classes/sun/nio/fs/MagicFileTypeDetector.java	Wed Jul 05 20:29:56 2017 +0200
@@ -68,7 +68,7 @@
     private static native byte[] probe0(long pathAddress);
 
     static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public Void run() {
                 System.loadLibrary("nio");
--- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/NativeUnpack.java	Wed Jul 05 20:29:56 2017 +0200
@@ -87,7 +87,7 @@
         // If loading from stand alone build uncomment this.
         // System.loadLibrary("unpack");
         java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("unpack");
                     return null;
--- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/Package.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/Package.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1210,7 +1210,7 @@
         // This keeps files of similar format near each other.
         // Put class files at the end, keeping their fixed order.
         // Be sure the JAR file's required manifest stays at the front. (4893051)
-        Collections.sort(files, new Comparator<File>() {
+        Collections.sort(files, new Comparator<>() {
                 public int compare(File r0, File r1) {
                     // Get the file name.
                     String f0 = r0.nameString;
--- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageReader.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageReader.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1151,7 +1151,7 @@
         return -1;
     }
 
-    Comparator<Entry> entryOutputOrder = new Comparator<Entry>() {
+    Comparator<Entry> entryOutputOrder = new Comparator<>() {
         public int compare(Entry e0, Entry e1) {
             int k0 = getOutputIndex(e0);
             int k1 = getOutputIndex(e1);
--- a/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageWriter.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/com/sun/java/util/jar/pack/PackageWriter.java	Wed Jul 05 20:29:56 2017 +0200
@@ -829,7 +829,7 @@
         maxFlags = new int[ATTR_CONTEXT_LIMIT];
         allLayouts = new FixedList<>(ATTR_CONTEXT_LIMIT);
         for (int i = 0; i < ATTR_CONTEXT_LIMIT; i++) {
-            allLayouts.set(i, new HashMap<Attribute.Layout, int[]>());
+            allLayouts.set(i, new HashMap<>());
         }
         // Collect maxFlags and allLayouts.
         for (Class cls : pkg.classes) {
@@ -892,7 +892,7 @@
             // Sort by count, most frequent first.
             // Predefs. participate in this sort, though it does not matter.
             Arrays.sort(layoutsAndCounts,
-                        new Comparator<Map.Entry<Attribute.Layout, int[]>>() {
+                        new Comparator<>() {
                 public int compare(Map.Entry<Attribute.Layout, int[]> e0,
                                    Map.Entry<Attribute.Layout, int[]> e1) {
                     // Primary sort key is count, reversed.
@@ -1010,7 +1010,7 @@
         int numAttrDefs = defList.size();
         Object[][] defs = new Object[numAttrDefs][];
         defList.toArray(defs);
-        Arrays.sort(defs, new Comparator<Object[]>() {
+        Arrays.sort(defs, new Comparator<>() {
             public int compare(Object[] a0, Object[] a1) {
                 // Primary sort key is attr def header.
                 @SuppressWarnings("unchecked")
--- a/jdk/src/java.base/share/classes/java/io/ExpiringCache.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/io/ExpiringCache.java	Wed Jul 05 20:29:56 2017 +0200
@@ -64,7 +64,7 @@
     @SuppressWarnings("serial")
     ExpiringCache(long millisUntilExpiration) {
         this.millisUntilExpiration = millisUntilExpiration;
-        map = new LinkedHashMap<String,Entry>() {
+        map = new LinkedHashMap<>() {
             protected boolean removeEldestEntry(Map.Entry<String,Entry> eldest) {
               return size() > MAX_ENTRIES;
             }
--- a/jdk/src/java.base/share/classes/java/io/FilePermission.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/io/FilePermission.java	Wed Jul 05 20:29:56 2017 +0200
@@ -201,7 +201,7 @@
         }
 
         // store only the canonical cpath if possible
-        cpath = AccessController.doPrivileged(new PrivilegedAction<String>() {
+        cpath = AccessController.doPrivileged(new PrivilegedAction<>() {
             public String run() {
                 try {
                     String path = cpath;
--- a/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/io/ObjectInputStream.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1263,7 +1263,7 @@
      */
     private static boolean auditSubclass(final Class<?> subcl) {
         Boolean result = AccessController.doPrivileged(
-            new PrivilegedAction<Boolean>() {
+            new PrivilegedAction<>() {
                 public Boolean run() {
                     for (Class<?> cl = subcl;
                          cl != ObjectInputStream.class;
@@ -2255,7 +2255,7 @@
             try {
                 while (list != null) {
                     AccessController.doPrivileged(
-                        new PrivilegedExceptionAction<Void>()
+                        new PrivilegedExceptionAction<>()
                     {
                         public Void run() throws InvalidObjectException {
                             list.obj.validateObject();
--- a/jdk/src/java.base/share/classes/java/io/ObjectOutputStream.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/io/ObjectOutputStream.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1066,7 +1066,7 @@
      */
     private static boolean auditSubclass(final Class<?> subcl) {
         Boolean result = AccessController.doPrivileged(
-            new PrivilegedAction<Boolean>() {
+            new PrivilegedAction<>() {
                 public Boolean run() {
                     for (Class<?> cl = subcl;
                          cl != ObjectOutputStream.class;
--- a/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/io/ObjectStreamClass.java	Wed Jul 05 20:29:56 2017 +0200
@@ -367,7 +367,7 @@
                 entry = th;
             }
             if (future.set(entry)) {
-                Caches.localDescs.put(key, new SoftReference<Object>(entry));
+                Caches.localDescs.put(key, new SoftReference<>(entry));
             } else {
                 // nested lookup call already set future
                 entry = future.get();
@@ -430,7 +430,7 @@
             }
             if (interrupted) {
                 AccessController.doPrivileged(
-                    new PrivilegedAction<Void>() {
+                    new PrivilegedAction<>() {
                         public Void run() {
                             Thread.currentThread().interrupt();
                             return null;
@@ -465,7 +465,7 @@
         localDesc = this;
 
         if (serializable) {
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
                 public Void run() {
                     if (isEnum) {
                         suid = Long.valueOf(0);
@@ -1733,7 +1733,7 @@
             for (int i = 0; i < fields.length; i++) {
                 fieldSigs[i] = new MemberSignature(fields[i]);
             }
-            Arrays.sort(fieldSigs, new Comparator<MemberSignature>() {
+            Arrays.sort(fieldSigs, new Comparator<>() {
                 public int compare(MemberSignature ms1, MemberSignature ms2) {
                     return ms1.name.compareTo(ms2.name);
                 }
@@ -1764,7 +1764,7 @@
             for (int i = 0; i < cons.length; i++) {
                 consSigs[i] = new MemberSignature(cons[i]);
             }
-            Arrays.sort(consSigs, new Comparator<MemberSignature>() {
+            Arrays.sort(consSigs, new Comparator<>() {
                 public int compare(MemberSignature ms1, MemberSignature ms2) {
                     return ms1.signature.compareTo(ms2.signature);
                 }
@@ -1787,7 +1787,7 @@
             for (int i = 0; i < methods.length; i++) {
                 methSigs[i] = new MemberSignature(methods[i]);
             }
-            Arrays.sort(methSigs, new Comparator<MemberSignature>() {
+            Arrays.sort(methSigs, new Comparator<>() {
                 public int compare(MemberSignature ms1, MemberSignature ms2) {
                     int comp = ms1.name.compareTo(ms2.name);
                     if (comp == 0) {
@@ -2164,7 +2164,7 @@
                 entry = th;
             }
             future.set(entry);
-            Caches.reflectors.put(key, new SoftReference<Object>(entry));
+            Caches.reflectors.put(key, new SoftReference<>(entry));
         }
 
         if (entry instanceof FieldReflector) {
--- a/jdk/src/java.base/share/classes/java/lang/CharacterName.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/CharacterName.java	Wed Jul 05 20:29:56 2017 +0200
@@ -45,7 +45,7 @@
         DataInputStream dis = null;
         try {
             dis = new DataInputStream(new InflaterInputStream(
-                AccessController.doPrivileged(new PrivilegedAction<InputStream>()
+                AccessController.doPrivileged(new PrivilegedAction<>()
                 {
                     public InputStream run() {
                         return getClass().getResourceAsStream("uniName.dat");
--- a/jdk/src/java.base/share/classes/java/lang/Class.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/Class.java	Wed Jul 05 20:29:56 2017 +0200
@@ -437,7 +437,7 @@
                 // (the stack depth is wrong for the Constructor's
                 // security check to work)
                 java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedAction<Void>() {
+                    new java.security.PrivilegedAction<>() {
                         public Void run() {
                                 c.setAccessible(true);
                                 return null;
@@ -1068,7 +1068,7 @@
                                                  Reflection.getCallerClass(), true);
             // Client is ok to access declared methods but j.l.Class might not be.
             Method[] candidates = AccessController.doPrivileged(
-                    new PrivilegedAction<Method[]>() {
+                    new PrivilegedAction<>() {
                         @Override
                         public Method[] run() {
                             return enclosingCandidate.getDeclaredMethods();
@@ -1228,7 +1228,7 @@
                                                  Reflection.getCallerClass(), true);
             // Client is ok to access declared methods but j.l.Class might not be.
             Constructor<?>[] candidates = AccessController.doPrivileged(
-                    new PrivilegedAction<Constructor<?>[]>() {
+                    new PrivilegedAction<>() {
                         @Override
                         public Constructor<?>[] run() {
                             return enclosingCandidate.getDeclaredConstructors();
@@ -1542,7 +1542,7 @@
         // has already been ok'd by the SecurityManager.
 
         return java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Class<?>[]>() {
+            new java.security.PrivilegedAction<>() {
                 public Class<?>[] run() {
                     List<Class<?>> list = new ArrayList<>();
                     Class<?> currentClass = Class.this;
@@ -3293,7 +3293,7 @@
     private static boolean initted = false;
     private static void checkInitted() {
         if (initted) return;
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
                 public Void run() {
                     // Tests to ensure the system properties table is fully
                     // initialized. This is needed because reflection code is
@@ -3349,7 +3349,7 @@
             try {
                 final Method values = getMethod("values");
                 java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedAction<Void>() {
+                    new java.security.PrivilegedAction<>() {
                         public Void run() {
                                 values.setAccessible(true);
                                 return null;
--- a/jdk/src/java.base/share/classes/java/lang/ClassLoader.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/ClassLoader.java	Wed Jul 05 20:29:56 2017 +0200
@@ -496,7 +496,7 @@
             final String name = cls.getName();
             final int i = name.lastIndexOf('.');
             if (i != -1) {
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Void run() {
                         sm.checkPackageAccess(name.substring(0, i));
                         return null;
@@ -1265,7 +1265,7 @@
     {
         final Enumeration<Resource> e =
             getBootstrapClassPath().getResources(name);
-        return new Enumeration<URL> () {
+        return new Enumeration<> () {
             public URL nextElement() {
                 return e.nextElement().getURL();
             }
@@ -1867,7 +1867,7 @@
         boolean isBuiltin = (name != null);
         if (!isBuiltin) {
             name = AccessController.doPrivileged(
-                new PrivilegedAction<String>() {
+                new PrivilegedAction<>() {
                     public String run() {
                         try {
                             return file.exists() ? file.getCanonicalPath() : null;
--- a/jdk/src/java.base/share/classes/java/lang/Package.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/Package.java	Wed Jul 05 20:29:56 2017 +0200
@@ -595,7 +595,7 @@
 
         CachedManifest(final String fileName) {
             this.fileName = fileName;
-            this.url = AccessController.doPrivileged(new PrivilegedAction<URL>() {
+            this.url = AccessController.doPrivileged(new PrivilegedAction<>() {
                 public URL run() {
                     final File file = new File(fileName);
                     if (file.isFile()) {
@@ -626,7 +626,7 @@
                 if (m != null) {
                     return m;
                 }
-                m = AccessController.doPrivileged(new PrivilegedAction<Manifest>() {
+                m = AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Manifest run() {
                         try (FileInputStream fis = new FileInputStream(fileName);
                              JarInputStream jis = new JarInputStream(fis, false)) {
--- a/jdk/src/java.base/share/classes/java/lang/SecurityManager.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/SecurityManager.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1455,7 +1455,7 @@
             if (!packageAccessValid) {
                 String tmpPropertyStr =
                     AccessController.doPrivileged(
-                        new PrivilegedAction<String>() {
+                        new PrivilegedAction<>() {
                             public String run() {
                                 return java.security.Security.getProperty(
                                     "package.access");
@@ -1524,7 +1524,7 @@
             if (!packageDefinitionValid) {
                 String tmpPropertyStr =
                     AccessController.doPrivileged(
-                        new PrivilegedAction<String>() {
+                        new PrivilegedAction<>() {
                             public String run() {
                                 return java.security.Security.getProperty(
                                     "package.definition");
--- a/jdk/src/java.base/share/classes/java/lang/StringBuffer.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/StringBuffer.java	Wed Jul 05 20:29:56 2017 +0200
@@ -206,6 +206,7 @@
     }
 
     /**
+     * @throws IndexOutOfBoundsException {@inheritDoc}
      * @since      1.5
      */
     @Override
@@ -214,6 +215,7 @@
     }
 
     /**
+     * @throws IndexOutOfBoundsException {@inheritDoc}
      * @since     1.5
      */
     @Override
@@ -222,6 +224,7 @@
     }
 
     /**
+     * @throws IndexOutOfBoundsException {@inheritDoc}
      * @since     1.5
      */
     @Override
@@ -230,6 +233,7 @@
     }
 
     /**
+     * @throws IndexOutOfBoundsException {@inheritDoc}
      * @since     1.5
      */
     @Override
--- a/jdk/src/java.base/share/classes/java/lang/System.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/System.java	Wed Jul 05 20:29:56 2017 +0200
@@ -309,7 +309,7 @@
             // calls the installed security manager's checkPermission method
             // which will loop infinitely if there is a non-system class
             // (in this case: the new security manager class) on the stack).
-            AccessController.doPrivileged(new PrivilegedAction<Object>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
                 public Object run() {
                     s.getClass().getProtectionDomain().implies
                         (SecurityConstants.ALL_PERMISSION);
--- a/jdk/src/java.base/share/classes/java/lang/Thread.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/Thread.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1661,7 +1661,7 @@
      */
     private static boolean auditSubclass(final Class<?> subcl) {
         Boolean result = AccessController.doPrivileged(
-            new PrivilegedAction<Boolean>() {
+            new PrivilegedAction<>() {
                 public Boolean run() {
                     for (Class<?> cl = subcl;
                          cl != Thread.class;
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InfoFromMemberName.java	Wed Jul 05 20:29:56 2017 +0200
@@ -87,7 +87,7 @@
             // For more information see comments on {@link MethodHandleNatives#linkMethod}.
             throw new IllegalArgumentException("cannot reflect signature polymorphic method");
         }
-        Member mem = AccessController.doPrivileged(new PrivilegedAction<Member>() {
+        Member mem = AccessController.doPrivileged(new PrivilegedAction<>() {
                 public Member run() {
                     try {
                         return reflectUnchecked();
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InnerClassLambdaMetafactory.java	Wed Jul 05 20:29:56 2017 +0200
@@ -194,7 +194,7 @@
         final Class<?> innerClass = spinInnerClass();
         if (invokedType.parameterCount() == 0) {
             final Constructor<?>[] ctrs = AccessController.doPrivileged(
-                    new PrivilegedAction<Constructor<?>[]>() {
+                    new PrivilegedAction<>() {
                 @Override
                 public Constructor<?>[] run() {
                     Constructor<?>[] ctrs = innerClass.getDeclaredConstructors();
@@ -311,7 +311,7 @@
 
         // If requested, dump out to a file for debugging purposes
         if (dumper != null) {
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
                 @Override
                 public Void run() {
                     dumper.dumpClass(lambdaClassName, classBytes);
--- a/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Wed Jul 05 20:29:56 2017 +0200
@@ -167,7 +167,7 @@
     static void maybeDump(final String className, final byte[] classFile) {
         if (DUMP_CLASS_FILES) {
             java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     try {
                         String dumpName = className;
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -51,7 +51,7 @@
     private static final int MAX_ARITY;
     static {
         final Object[] values = { 255 };
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public Void run() {
                 values[0] = Integer.getInteger(MethodHandleImpl.class.getName()+".MAX_ARITY", 255);
@@ -1234,7 +1234,7 @@
         private static final byte[] T_BYTES;
         static {
             final Object[] values = {null};
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Void run() {
                         try {
                             Class<T> tClass = T.class;
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleProxies.java	Wed Jul 05 20:29:56 2017 +0200
@@ -199,7 +199,7 @@
             // sun.invoke.WrapperInstance is a restricted interface not accessible
             // by any non-null class loader.
             final ClassLoader loader = proxyLoader;
-            proxy = AccessController.doPrivileged(new PrivilegedAction<Object>() {
+            proxy = AccessController.doPrivileged(new PrivilegedAction<>() {
                 public Object run() {
                     return Proxy.newProxyInstance(
                             loader,
--- a/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java	Wed Jul 05 20:29:56 2017 +0200
@@ -53,7 +53,7 @@
 
     static {
         final Object[] values = new Object[9];
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
                 public Void run() {
                     values[0] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DEBUG_NAMES");
                     values[1] = Boolean.getBoolean("java.lang.invoke.MethodHandle.DUMP_CLASS_FILES");
--- a/jdk/src/java.base/share/classes/java/lang/invoke/ProxyClassesDumper.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/ProxyClassesDumper.java	Wed Jul 05 20:29:56 2017 +0200
@@ -64,7 +64,7 @@
         try {
             path = path.trim();
             final Path dir = Paths.get(path.length() == 0 ? "." : path);
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
                     @Override
                     public Void run() {
                         validateDumpDir(dir);
--- a/jdk/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/invoke/SerializedLambda.java	Wed Jul 05 20:29:56 2017 +0200
@@ -218,7 +218,7 @@
 
     private Object readResolve() throws ReflectiveOperationException {
         try {
-            Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() {
+            Method deserialize = AccessController.doPrivileged(new PrivilegedExceptionAction<>() {
                 @Override
                 public Method run() throws Exception {
                     Method m = capturingClass.getDeclaredMethod("$deserializeLambda$", SerializedLambda.class);
--- a/jdk/src/java.base/share/classes/java/lang/ref/Finalizer.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/ref/Finalizer.java	Wed Jul 05 20:29:56 2017 +0200
@@ -121,7 +121,7 @@
      */
     private static void forkSecondaryFinalizer(final Runnable proc) {
         AccessController.doPrivileged(
-            new PrivilegedAction<Void>() {
+            new PrivilegedAction<>() {
                 public Void run() {
                     ThreadGroup tg = Thread.currentThread().getThreadGroup();
                     for (ThreadGroup tgn = tg;
--- a/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/lang/reflect/Proxy.java	Wed Jul 05 20:29:56 2017 +0200
@@ -728,7 +728,7 @@
 
             final Constructor<?> cons = cl.getConstructor(constructorParams);
             if (!Modifier.isPublic(cl.getModifiers())) {
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Void run() {
                         cons.setAccessible(true);
                         return null;
--- a/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/AbstractPlainDatagramSocketImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -62,7 +62,7 @@
      */
     static {
         java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("net");
                     return null;
--- a/jdk/src/java.base/share/classes/java/net/AbstractPlainSocketImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/AbstractPlainSocketImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -79,7 +79,7 @@
      */
     static {
         java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("net");
                     return null;
--- a/jdk/src/java.base/share/classes/java/net/CookieManager.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/CookieManager.java	Wed Jul 05 20:29:56 2017 +0200
@@ -201,14 +201,13 @@
             throw new IllegalArgumentException("Argument is null");
         }
 
-        Map<String, List<String>> cookieMap =
-                        new java.util.HashMap<String, List<String>>();
+        Map<String, List<String>> cookieMap = new java.util.HashMap<>();
         // if there's no default CookieStore, no way for us to get any cookie
         if (cookieJar == null)
             return Collections.unmodifiableMap(cookieMap);
 
         boolean secureLink = "https".equalsIgnoreCase(uri.getScheme());
-        List<HttpCookie> cookies = new java.util.ArrayList<HttpCookie>();
+        List<HttpCookie> cookies = new java.util.ArrayList<>();
         String path = uri.getPath();
         if (path == null || path.isEmpty()) {
             path = "/";
@@ -411,7 +410,7 @@
     private List<String> sortByPath(List<HttpCookie> cookies) {
         Collections.sort(cookies, new CookiePathComparator());
 
-        List<String> cookieHeader = new java.util.ArrayList<String>();
+        List<String> cookieHeader = new java.util.ArrayList<>();
         for (HttpCookie cookie : cookies) {
             // Netscape cookie spec and RFC 2965 have different format of Cookie
             // header; RFC 2965 requires a leading $Version="1" string while Netscape
--- a/jdk/src/java.base/share/classes/java/net/DatagramPacket.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/DatagramPacket.java	Wed Jul 05 20:29:56 2017 +0200
@@ -47,7 +47,7 @@
      */
     static {
         java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("net");
                     return null;
--- a/jdk/src/java.base/share/classes/java/net/DatagramSocket.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/DatagramSocket.java	Wed Jul 05 20:29:56 2017 +0200
@@ -308,7 +308,7 @@
         // getDeclaredMethod, therefore we need permission to access the member
         try {
             AccessController.doPrivileged(
-                new PrivilegedExceptionAction<Void>() {
+                new PrivilegedExceptionAction<>() {
                     public Void run() throws NoSuchMethodException {
                         Class<?>[] cl = new Class<?>[1];
                         cl[0] = DatagramPacket.class;
--- a/jdk/src/java.base/share/classes/java/net/HttpConnectSocketImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/HttpConnectSocketImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -64,7 +64,7 @@
             serverSocketField = netClientClazz.getDeclaredField("serverSocket");
 
             java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<Void>() {
+                new java.security.PrivilegedAction<>() {
                     public Void run() {
                         httpField.setAccessible(true);
                         serverSocketField.setAccessible(true);
@@ -146,7 +146,7 @@
     {
         try {
             return java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedExceptionAction<Socket>() {
+                new java.security.PrivilegedExceptionAction<>() {
                     public Socket run() throws IOException {
                         return doTunnel(urlString, timeout);
                 }
--- a/jdk/src/java.base/share/classes/java/net/HttpCookie.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/HttpCookie.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1125,7 +1125,7 @@
      * @return  list of strings; never null
      */
     private static List<String> splitMultiCookies(String header) {
-        List<String> cookies = new java.util.ArrayList<String>();
+        List<String> cookies = new java.util.ArrayList<>();
         int quoteCount = 0;
         int p, q;
 
--- a/jdk/src/java.base/share/classes/java/net/IDN.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/IDN.java	Wed Jul 05 20:29:56 2017 +0200
@@ -228,7 +228,7 @@
         try {
             final String IDN_PROFILE = "uidna.spp";
             if (System.getSecurityManager() != null) {
-                stream = AccessController.doPrivileged(new PrivilegedAction<InputStream>() {
+                stream = AccessController.doPrivileged(new PrivilegedAction<>() {
                     public InputStream run() {
                         return StringPrep.class.getResourceAsStream(IDN_PROFILE);
                     }
--- a/jdk/src/java.base/share/classes/java/net/InMemoryCookieStore.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/InMemoryCookieStore.java	Wed Jul 05 20:29:56 2017 +0200
@@ -62,9 +62,9 @@
      * The default ctor
      */
     public InMemoryCookieStore() {
-        cookieJar = new ArrayList<HttpCookie>();
-        domainIndex = new HashMap<String, List<HttpCookie>>();
-        uriIndex = new HashMap<URI, List<HttpCookie>>();
+        cookieJar = new ArrayList<>();
+        domainIndex = new HashMap<>();
+        uriIndex = new HashMap<>();
 
         lock = new ReentrantLock(false);
     }
@@ -115,7 +115,7 @@
             throw new NullPointerException("uri is null");
         }
 
-        List<HttpCookie> cookies = new ArrayList<HttpCookie>();
+        List<HttpCookie> cookies = new ArrayList<>();
         boolean secureLink = "https".equalsIgnoreCase(uri.getScheme());
         lock.lock();
         try {
@@ -157,7 +157,7 @@
      * of this cookie store.
      */
     public List<URI> getURIs() {
-        List<URI> uris = new ArrayList<URI>();
+        List<URI> uris = new ArrayList<>();
 
         lock.lock();
         try {
@@ -281,7 +281,7 @@
             String host, boolean secureLink) {
         // Use a separate list to handle cookies that need to be removed so
         // that there is no conflict with iterators.
-        ArrayList<HttpCookie> toRemove = new ArrayList<HttpCookie>();
+        ArrayList<HttpCookie> toRemove = new ArrayList<>();
         for (Map.Entry<String, List<HttpCookie>> entry : cookieIndex.entrySet()) {
             String domain = entry.getKey();
             List<HttpCookie> lst = entry.getValue();
@@ -368,7 +368,7 @@
 
                 cookies.add(cookie);
             } else {
-                cookies = new ArrayList<HttpCookie>();
+                cookies = new ArrayList<>();
                 cookies.add(cookie);
                 indexStore.put(index, cookies);
             }
--- a/jdk/src/java.base/share/classes/java/net/InetAddress.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/InetAddress.java	Wed Jul 05 20:29:56 2017 +0200
@@ -270,7 +270,7 @@
         preferIPv6Address = java.security.AccessController.doPrivileged(
             new GetBooleanAction("java.net.preferIPv6Addresses")).booleanValue();
         AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("net");
                     return null;
@@ -852,7 +852,7 @@
             final String providerName = provider;
             try {
                 nameService = java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedExceptionAction<NameService>() {
+                    new java.security.PrivilegedExceptionAction<>() {
                         public NameService run() {
                             Iterator<NameServiceDescriptor> itr =
                                 ServiceLoader.load(NameServiceDescriptor.class)
@@ -892,7 +892,7 @@
         String provider = null;;
         String propPrefix = "sun.net.spi.nameservice.provider.";
         int n = 1;
-        nameServices = new ArrayList<NameService>();
+        nameServices = new ArrayList<>();
         provider = AccessController.doPrivileged(
                 new GetPropertyAction(propPrefix + n));
         while (provider != null) {
--- a/jdk/src/java.base/share/classes/java/net/NetworkInterface.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/NetworkInterface.java	Wed Jul 05 20:29:56 2017 +0200
@@ -54,7 +54,7 @@
 
     static {
         AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("net");
                     return null;
@@ -167,7 +167,7 @@
      * @since 1.6
      */
     public java.util.List<InterfaceAddress> getInterfaceAddresses() {
-        java.util.List<InterfaceAddress> lst = new java.util.ArrayList<InterfaceAddress>(1);
+        java.util.List<InterfaceAddress> lst = new java.util.ArrayList<>(1);
         SecurityManager sec = System.getSecurityManager();
         for (int j=0; j<bindings.length; j++) {
             try {
@@ -346,7 +346,7 @@
         if (netifs == null)
             return null;
 
-        return new Enumeration<NetworkInterface>() {
+        return new Enumeration<>() {
             private int i = 0;
             public NetworkInterface nextElement() {
                 if (netifs != null && i < netifs.length) {
--- a/jdk/src/java.base/share/classes/java/net/Socket.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/Socket.java	Wed Jul 05 20:29:56 2017 +0200
@@ -470,7 +470,7 @@
         // getDeclaredMethod, therefore we need permission to access the member
 
         oldImpl = AccessController.doPrivileged
-                                (new PrivilegedAction<Boolean>() {
+                                (new PrivilegedAction<>() {
             public Boolean run() {
                 Class<?> clazz = impl.getClass();
                 while (true) {
@@ -911,7 +911,7 @@
         InputStream is = null;
         try {
             is = AccessController.doPrivileged(
-                new PrivilegedExceptionAction<InputStream>() {
+                new PrivilegedExceptionAction<>() {
                     public InputStream run() throws IOException {
                         return impl.getInputStream();
                     }
@@ -951,7 +951,7 @@
         OutputStream os = null;
         try {
             os = AccessController.doPrivileged(
-                new PrivilegedExceptionAction<OutputStream>() {
+                new PrivilegedExceptionAction<>() {
                     public OutputStream run() throws IOException {
                         return impl.getOutputStream();
                     }
--- a/jdk/src/java.base/share/classes/java/net/SocketPermission.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/SocketPermission.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1194,7 +1194,7 @@
      */
     private static int initEphemeralPorts(String suffix, int defval) {
         return AccessController.doPrivileged(
-            new PrivilegedAction<Integer>(){
+            new PrivilegedAction<>(){
                 public Integer run() {
                     int val = Integer.getInteger(
                             "jdk.net.ephemeralPortRange."+suffix, -1
@@ -1328,7 +1328,7 @@
      */
 
     public SocketPermissionCollection() {
-        perms = new ArrayList<SocketPermission>();
+        perms = new ArrayList<>();
     }
 
     /**
@@ -1466,7 +1466,7 @@
         // Get the one we want
         @SuppressWarnings("unchecked")
         Vector<SocketPermission> permissions = (Vector<SocketPermission>)gfields.get("permissions", null);
-        perms = new ArrayList<SocketPermission>(permissions.size());
+        perms = new ArrayList<>(permissions.size());
         perms.addAll(permissions);
     }
 }
--- a/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/SocksSocketImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -82,7 +82,7 @@
     {
         try {
             AccessController.doPrivileged(
-                new java.security.PrivilegedExceptionAction<Void>() {
+                new java.security.PrivilegedExceptionAction<>() {
                     public Void run() throws IOException {
                               superConnectServer(host, port, timeout);
                               cmdIn = getInputStream();
@@ -157,7 +157,7 @@
             final InetAddress addr = InetAddress.getByName(server);
             PasswordAuthentication pw =
                 java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedAction<PasswordAuthentication>() {
+                    new java.security.PrivilegedAction<>() {
                         public PasswordAuthentication run() {
                                 return Authenticator.requestPasswordAuthentication(
                                        server, addr, serverPort, "SOCKS5", "SOCKS authentication", null);
@@ -351,7 +351,7 @@
             // server is not null only when the socket was created with a
             // specified proxy in which case it does bypass the ProxySelector
             ProxySelector sel = java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<ProxySelector>() {
+                new java.security.PrivilegedAction<>() {
                     public ProxySelector run() {
                             return ProxySelector.getDefault();
                         }
@@ -595,7 +595,7 @@
         InetAddress naddr = baddr;
         if (naddr.isAnyLocalAddress()) {
             naddr = AccessController.doPrivileged(
-                        new PrivilegedAction<InetAddress>() {
+                        new PrivilegedAction<>() {
                             public InetAddress run() {
                                 return cmdsock.getLocalAddress();
 
@@ -671,7 +671,7 @@
             // server is not null only when the socket was created with a
             // specified proxy in which case it does bypass the ProxySelector
             ProxySelector sel = java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<ProxySelector>() {
+                new java.security.PrivilegedAction<>() {
                     public ProxySelector run() {
                             return ProxySelector.getDefault();
                         }
@@ -724,7 +724,7 @@
                 // Connects to the SOCKS server
                 try {
                     AccessController.doPrivileged(
-                        new PrivilegedExceptionAction<Void>() {
+                        new PrivilegedExceptionAction<>() {
                             public Void run() throws Exception {
                                 cmdsock = new Socket(new PlainSocketImpl());
                                 cmdsock.connect(new InetSocketAddress(server, serverPort));
@@ -755,7 +755,7 @@
         } else {
             try {
                 AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<Void>() {
+                    new PrivilegedExceptionAction<>() {
                         public Void run() throws Exception {
                             cmdsock = new Socket(new PlainSocketImpl());
                             cmdsock.connect(new InetSocketAddress(server, serverPort));
--- a/jdk/src/java.base/share/classes/java/net/URL.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/URL.java	Wed Jul 05 20:29:56 2017 +0200
@@ -268,6 +268,23 @@
      *     createURLStreamHandler} method of each provider, if instantiated, is
      *     invoked, with the protocol string, until a provider returns non-null,
      *     or all providers have been exhausted.
+     * <li>If the previous step fails to find a protocol handler, the
+     *     constructor reads the value of the system property:
+     *     <blockquote>{@code
+     *         java.protocol.handler.pkgs
+     *     }</blockquote>
+     *     If the value of that system property is not {@code null},
+     *     it is interpreted as a list of packages separated by a vertical
+     *     slash character '{@code |}'. The constructor tries to load
+     *     the class named:
+     *     <blockquote>{@code
+     *         <package>.<protocol>.Handler
+     *     }</blockquote>
+     *     where {@code <package>} is replaced by the name of the package
+     *     and {@code <protocol>} is replaced by the name of the protocol.
+     *     If this class does not exist, or if the class exists but it is not
+     *     a subclass of {@code URLStreamHandler}, then the next package
+     *     in the list is tried.
      * <li>If the previous step fails to find a protocol handler, then the
      *     constructor tries to load a built-in protocol handler.
      *     If this class does not exist, or if the class exists but it is not a
@@ -1139,8 +1156,41 @@
         }
     }
 
+    private static URLStreamHandler lookupViaProperty(String protocol) {
+        String packagePrefixList = java.security.AccessController.doPrivileged(
+                new PrivilegedAction<>() {
+                    public String run() {
+                        return System.getProperty(protocolPathProp, "");
+                    }
+                });
+        String[] packagePrefixes = packagePrefixList.split("\\|");
+
+        URLStreamHandler handler = null;
+        for (int i=0; handler == null && i<packagePrefixes.length; i++) {
+            String packagePrefix = packagePrefixes[i].trim();
+            try {
+                String clsName = packagePrefix + "." + protocol + ".Handler";
+                Class<?> cls = null;
+                try {
+                    cls = Class.forName(clsName);
+                } catch (ClassNotFoundException e) {
+                    ClassLoader cl = ClassLoader.getSystemClassLoader();
+                    if (cl != null) {
+                        cls = cl.loadClass(clsName);
+                    }
+                }
+                if (cls != null) {
+                    handler = (URLStreamHandler)cls.newInstance();
+                }
+            } catch (Exception e) {
+                // any number of exceptions can get thrown here
+            }
+        }
+        return handler;
+    }
+
     private static Iterator<URLStreamHandlerProvider> providers() {
-        return new Iterator<URLStreamHandlerProvider>() {
+        return new Iterator<>() {
 
             ClassLoader cl = ClassLoader.getSystemClassLoader();
             ServiceLoader<URLStreamHandlerProvider> sl =
@@ -1193,7 +1243,7 @@
         gate.set(gate);
         try {
             return AccessController.doPrivileged(
-                new PrivilegedAction<URLStreamHandler>() {
+                new PrivilegedAction<>() {
                     public URLStreamHandler run() {
                         Iterator<URLStreamHandlerProvider> itr = providers();
                         while (itr.hasNext()) {
@@ -1251,6 +1301,10 @@
             if (handler == null && !protocol.equalsIgnoreCase("jar")) {
                 handler = lookupViaProviders(protocol);
             }
+
+            if (handler == null) {
+                handler = lookupViaProperty(protocol);
+            }
         }
 
         synchronized (streamHandlerLock) {
--- a/jdk/src/java.base/share/classes/java/net/URLClassLoader.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/net/URLClassLoader.java	Wed Jul 05 20:29:56 2017 +0200
@@ -359,7 +359,7 @@
         final Class<?> result;
         try {
             result = AccessController.doPrivileged(
-                new PrivilegedExceptionAction<Class<?>>() {
+                new PrivilegedExceptionAction<>() {
                     public Class<?> run() throws ClassNotFoundException {
                         String path = name.replace('.', '/').concat(".class");
                         Resource res = ucp.getResource(path, false);
@@ -564,7 +564,7 @@
          * The same restriction to finding classes applies to resources
          */
         URL url = AccessController.doPrivileged(
-            new PrivilegedAction<URL>() {
+            new PrivilegedAction<>() {
                 public URL run() {
                     return ucp.findResource(name, true);
                 }
@@ -587,7 +587,7 @@
     {
         final Enumeration<URL> e = ucp.findResources(name, true);
 
-        return new Enumeration<URL>() {
+        return new Enumeration<>() {
             private URL url = null;
 
             private boolean next() {
@@ -596,7 +596,7 @@
                 }
                 do {
                     URL u = AccessController.doPrivileged(
-                        new PrivilegedAction<URL>() {
+                        new PrivilegedAction<>() {
                             public URL run() {
                                 if (!e.hasMoreElements())
                                     return null;
@@ -704,7 +704,7 @@
             final SecurityManager sm = System.getSecurityManager();
             if (sm != null) {
                 final Permission fp = p;
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Void run() throws SecurityException {
                         sm.checkPermission(fp);
                         return null;
@@ -735,7 +735,7 @@
         final AccessControlContext acc = AccessController.getContext();
         // Need a privileged block to create the class loader
         URLClassLoader ucl = AccessController.doPrivileged(
-            new PrivilegedAction<URLClassLoader>() {
+            new PrivilegedAction<>() {
                 public URLClassLoader run() {
                     return new FactoryURLClassLoader(urls, parent, acc);
                 }
@@ -760,7 +760,7 @@
         final AccessControlContext acc = AccessController.getContext();
         // Need a privileged block to create the class loader
         URLClassLoader ucl = AccessController.doPrivileged(
-            new PrivilegedAction<URLClassLoader>() {
+            new PrivilegedAction<>() {
                 public URLClassLoader run() {
                     return new FactoryURLClassLoader(urls, acc);
                 }
--- a/jdk/src/java.base/share/classes/java/nio/channels/AsynchronousFileChannel.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/channels/AsynchronousFileChannel.java	Wed Jul 05 20:29:56 2017 +0200
@@ -296,7 +296,7 @@
     public static AsynchronousFileChannel open(Path file, OpenOption... options)
         throws IOException
     {
-        Set<OpenOption> set = new HashSet<OpenOption>(options.length);
+        Set<OpenOption> set = new HashSet<>(options.length);
         Collections.addAll(set, options);
         return open(file, set, null, NO_ATTRIBUTES);
     }
--- a/jdk/src/java.base/share/classes/java/nio/channels/FileChannel.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/channels/FileChannel.java	Wed Jul 05 20:29:56 2017 +0200
@@ -330,7 +330,7 @@
     public static FileChannel open(Path path, OpenOption... options)
         throws IOException
     {
-        Set<OpenOption> set = new HashSet<OpenOption>(options.length);
+        Set<OpenOption> set = new HashSet<>(options.length);
         Collections.addAll(set, options);
         return open(path, set, NO_ATTRIBUTES);
     }
--- a/jdk/src/java.base/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/channels/spi/AsynchronousChannelProvider.java	Wed Jul 05 20:29:56 2017 +0200
@@ -76,7 +76,7 @@
 
         private static AsynchronousChannelProvider load() {
             return AccessController
-                .doPrivileged(new PrivilegedAction<AsynchronousChannelProvider>() {
+                .doPrivileged(new PrivilegedAction<>() {
                     public AsynchronousChannelProvider run() {
                         AsynchronousChannelProvider p;
                         p = loadProviderFromProperty();
--- a/jdk/src/java.base/share/classes/java/nio/channels/spi/SelectorProvider.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/channels/spi/SelectorProvider.java	Wed Jul 05 20:29:56 2017 +0200
@@ -172,7 +172,7 @@
             if (provider != null)
                 return provider;
             return AccessController.doPrivileged(
-                new PrivilegedAction<SelectorProvider>() {
+                new PrivilegedAction<>() {
                     public SelectorProvider run() {
                             if (loadProviderFromProperty())
                                 return provider;
--- a/jdk/src/java.base/share/classes/java/nio/charset/Charset.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/charset/Charset.java	Wed Jul 05 20:29:56 2017 +0200
@@ -335,7 +335,7 @@
     // thrown.  Should be invoked with full privileges.
     //
     private static Iterator<CharsetProvider> providers() {
-        return new Iterator<CharsetProvider>() {
+        return new Iterator<>() {
 
                 ClassLoader cl = ClassLoader.getSystemClassLoader();
                 ServiceLoader<CharsetProvider> sl =
@@ -404,7 +404,7 @@
             gate.set(gate);
 
             return AccessController.doPrivileged(
-                new PrivilegedAction<Charset>() {
+                new PrivilegedAction<>() {
                     public Charset run() {
                         for (Iterator<CharsetProvider> i = providers();
                              i.hasNext();) {
@@ -428,7 +428,7 @@
         // returns ExtendedProvider, if installed
         private static CharsetProvider extendedProvider() {
             return AccessController.doPrivileged(
-                       new PrivilegedAction<CharsetProvider>() {
+                       new PrivilegedAction<>() {
                            public CharsetProvider run() {
                                 try {
                                     Class<?> epc
@@ -570,10 +570,10 @@
      */
     public static SortedMap<String,Charset> availableCharsets() {
         return AccessController.doPrivileged(
-            new PrivilegedAction<SortedMap<String,Charset>>() {
+            new PrivilegedAction<>() {
                 public SortedMap<String,Charset> run() {
                     TreeMap<String,Charset> m =
-                        new TreeMap<String,Charset>(
+                        new TreeMap<>(
                             ASCIICaseInsensitiveComparator.CASE_INSENSITIVE_ORDER);
                     put(standardProvider.charsets(), m);
                     CharsetProvider ecp = ExtendedProviderHolder.extendedProvider;
@@ -663,7 +663,7 @@
         if (aliasSet != null)
             return aliasSet;
         int n = aliases.length;
-        HashSet<String> hs = new HashSet<String>(n);
+        HashSet<String> hs = new HashSet<>(n);
         for (int i = 0; i < n; i++)
             hs.add(aliases[i]);
         aliasSet = Collections.unmodifiableSet(hs);
--- a/jdk/src/java.base/share/classes/java/nio/charset/CoderResult.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/charset/CoderResult.java	Wed Jul 05 20:29:56 2017 +0200
@@ -204,13 +204,13 @@
             WeakReference<CoderResult> w;
             CoderResult e = null;
             if (cache == null) {
-                cache = new HashMap<Integer,WeakReference<CoderResult>>();
+                cache = new HashMap<>();
             } else if ((w = cache.get(k)) != null) {
                 e = w.get();
             }
             if (e == null) {
                 e = create(len);
-                cache.put(k, new WeakReference<CoderResult>(e));
+                cache.put(k, new WeakReference<>(e));
             }
             return e;
         }
--- a/jdk/src/java.base/share/classes/java/nio/file/FileSystems.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/file/FileSystems.java	Wed Jul 05 20:29:56 2017 +0200
@@ -93,7 +93,7 @@
         private static FileSystem defaultFileSystem() {
             // load default provider
             FileSystemProvider provider = AccessController
-                .doPrivileged(new PrivilegedAction<FileSystemProvider>() {
+                .doPrivileged(new PrivilegedAction<>() {
                     public FileSystemProvider run() {
                         return getDefaultProvider();
                     }
--- a/jdk/src/java.base/share/classes/java/nio/file/Files.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/file/Files.java	Wed Jul 05 20:29:56 2017 +0200
@@ -402,7 +402,7 @@
     public static SeekableByteChannel newByteChannel(Path path, OpenOption... options)
         throws IOException
     {
-        Set<OpenOption> set = new HashSet<OpenOption>(options.length);
+        Set<OpenOption> set = new HashSet<>(options.length);
         Collections.addAll(set, options);
         return newByteChannel(path, set);
     }
@@ -516,7 +516,7 @@
         // create a matcher and return a filter that uses it.
         FileSystem fs = dir.getFileSystem();
         final PathMatcher matcher = fs.getPathMatcher("glob:" + glob);
-        DirectoryStream.Filter<Path> filter = new DirectoryStream.Filter<Path>() {
+        DirectoryStream.Filter<Path> filter = new DirectoryStream.Filter<>() {
             @Override
             public boolean accept(Path entry)  {
                 return matcher.matches(entry.getFileName());
@@ -1541,7 +1541,7 @@
         // creates the default file type detector
         private static FileTypeDetector createDefaultFileTypeDetector() {
             return AccessController
-                .doPrivileged(new PrivilegedAction<FileTypeDetector>() {
+                .doPrivileged(new PrivilegedAction<>() {
                     @Override public FileTypeDetector run() {
                         return sun.nio.fs.DefaultFileTypeDetector.create();
                 }});
@@ -1550,7 +1550,7 @@
         // loads all installed file type detectors
         private static List<FileTypeDetector> loadInstalledDetectors() {
             return AccessController
-                .doPrivileged(new PrivilegedAction<List<FileTypeDetector>>() {
+                .doPrivileged(new PrivilegedAction<>() {
                     @Override public List<FileTypeDetector> run() {
                         List<FileTypeDetector> list = new ArrayList<>();
                         ServiceLoader<FileTypeDetector> loader = ServiceLoader
@@ -3468,7 +3468,7 @@
             final Iterator<Path> delegate = ds.iterator();
 
             // Re-wrap DirectoryIteratorException to UncheckedIOException
-            Iterator<Path> iterator = new Iterator<Path>() {
+            Iterator<Path> iterator = new Iterator<>() {
                 @Override
                 public boolean hasNext() {
                     try {
--- a/jdk/src/java.base/share/classes/java/nio/file/Path.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/file/Path.java	Wed Jul 05 20:29:56 2017 +0200
@@ -801,7 +801,7 @@
      */
     @Override
     default Iterator<Path> iterator() {
-        return new Iterator<Path>() {
+        return new Iterator<>() {
             private int i = 0;
 
             @Override
--- a/jdk/src/java.base/share/classes/java/nio/file/attribute/AclEntry.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/file/attribute/AclEntry.java	Wed Jul 05 20:29:56 2017 +0200
@@ -306,7 +306,7 @@
      * @return the permissions component
      */
     public Set<AclEntryPermission> permissions() {
-        return new HashSet<AclEntryPermission>(perms);
+        return new HashSet<>(perms);
     }
 
     /**
@@ -317,7 +317,7 @@
      * @return the flags component
      */
     public Set<AclEntryFlag> flags() {
-        return new HashSet<AclEntryFlag>(flags);
+        return new HashSet<>(flags);
     }
 
     /**
--- a/jdk/src/java.base/share/classes/java/nio/file/attribute/PosixFilePermissions.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/file/attribute/PosixFilePermissions.java	Wed Jul 05 20:29:56 2017 +0200
@@ -160,13 +160,13 @@
     {
         // copy set and check for nulls (CCE will be thrown if an element is not
         // a PosixFilePermission)
-        perms = new HashSet<PosixFilePermission>(perms);
+        perms = new HashSet<>(perms);
         for (PosixFilePermission p: perms) {
             if (p == null)
                 throw new NullPointerException();
         }
         final Set<PosixFilePermission> value = perms;
-        return new FileAttribute<Set<PosixFilePermission>>() {
+        return new FileAttribute<>() {
             @Override
             public String name() {
                 return "posix:permissions";
--- a/jdk/src/java.base/share/classes/java/nio/file/spi/FileSystemProvider.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/nio/file/spi/FileSystemProvider.java	Wed Jul 05 20:29:56 2017 +0200
@@ -110,7 +110,7 @@
 
     // loads all installed providers
     private static List<FileSystemProvider> loadInstalledProviders() {
-        List<FileSystemProvider> list = new ArrayList<FileSystemProvider>();
+        List<FileSystemProvider> list = new ArrayList<>();
 
         ServiceLoader<FileSystemProvider> sl = ServiceLoader
             .load(FileSystemProvider.class, ClassLoader.getSystemClassLoader());
@@ -163,7 +163,7 @@
                     loadingProviders = true;
 
                     List<FileSystemProvider> list = AccessController
-                        .doPrivileged(new PrivilegedAction<List<FileSystemProvider>>() {
+                        .doPrivileged(new PrivilegedAction<>() {
                             @Override
                             public List<FileSystemProvider> run() {
                                 return loadInstalledProviders();
@@ -419,7 +419,7 @@
         throws IOException
     {
         int len = options.length;
-        Set<OpenOption> opts = new HashSet<OpenOption>(len + 3);
+        Set<OpenOption> opts = new HashSet<>(len + 3);
         if (len == 0) {
             opts.add(StandardOpenOption.CREATE);
             opts.add(StandardOpenOption.TRUNCATE_EXISTING);
--- a/jdk/src/java.base/share/classes/java/time/format/DateTimeParseContext.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/time/format/DateTimeParseContext.java	Wed Jul 05 20:29:56 2017 +0200
@@ -399,7 +399,7 @@
      */
     void addChronoChangedListener(Consumer<Chronology> listener) {
         if (chronoListeners == null) {
-            chronoListeners = new ArrayList<Consumer<Chronology>>();
+            chronoListeners = new ArrayList<>();
         }
         chronoListeners.add(listener);
     }
--- a/jdk/src/java.base/share/classes/java/time/zone/ZoneRulesProvider.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/time/zone/ZoneRulesProvider.java	Wed Jul 05 20:29:56 2017 +0200
@@ -141,7 +141,7 @@
         // if the property java.time.zone.DefaultZoneRulesProvider is
         // set then its value is the class name of the default provider
         final List<ZoneRulesProvider> loaded = new ArrayList<>();
-        AccessController.doPrivileged(new PrivilegedAction<Object>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             public Object run() {
                 String prop = System.getProperty("java.time.zone.DefaultZoneRulesProvider");
                 if (prop != null) {
--- a/jdk/src/java.base/share/classes/java/util/Calendar.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/util/Calendar.java	Wed Jul 05 20:29:56 2017 +0200
@@ -3579,7 +3579,7 @@
         ZoneInfo zi = null;
         try {
             zi = AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<ZoneInfo>() {
+                    new PrivilegedExceptionAction<>() {
                         @Override
                         public ZoneInfo run() throws Exception {
                             return (ZoneInfo) input.readObject();
--- a/jdk/src/java.base/share/classes/java/util/Currency.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/util/Currency.java	Wed Jul 05 20:29:56 2017 +0200
@@ -212,7 +212,7 @@
     private static final int VALID_FORMAT_VERSION = 2;
 
     static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public Void run() {
                 try {
--- a/jdk/src/java.base/share/classes/java/util/ResourceBundle.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/util/ResourceBundle.java	Wed Jul 05 20:29:56 2017 +0200
@@ -2655,7 +2655,7 @@
                 InputStream stream = null;
                 try {
                     stream = AccessController.doPrivileged(
-                        new PrivilegedExceptionAction<InputStream>() {
+                        new PrivilegedExceptionAction<>() {
                             public InputStream run() throws IOException {
                                 InputStream is = null;
                                 if (reloadFlag) {
--- a/jdk/src/java.base/share/classes/java/util/TimeZone.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/util/TimeZone.java	Wed Jul 05 20:29:56 2017 +0200
@@ -678,7 +678,7 @@
         assert tz != null;
 
         final String id = zoneID;
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
                 public Void run() {
                     System.setProperty("user.timezone", id);
--- a/jdk/src/java.base/share/classes/java/util/jar/JarFile.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/util/jar/JarFile.java	Wed Jul 05 20:29:56 2017 +0200
@@ -593,7 +593,7 @@
         if (includeUnsigned) {
             return unsignedEntryNames();
         } else {
-            return new Enumeration<String>() {
+            return new Enumeration<>() {
 
                 public boolean hasMoreElements() {
                     return false;
@@ -619,7 +619,7 @@
 
         // screen out entries which are never signed
         final Enumeration<? extends ZipEntry> enum_ = super.entries();
-        return new Enumeration<JarEntry>() {
+        return new Enumeration<>() {
 
             ZipEntry entry;
 
@@ -669,7 +669,7 @@
 
     private Enumeration<String> unsignedEntryNames() {
         final Enumeration<JarEntry> entries = entries();
-        return new Enumeration<String>() {
+        return new Enumeration<>() {
 
             String name;
 
--- a/jdk/src/java.base/share/classes/java/util/jar/JarVerifier.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/java/util/jar/JarVerifier.java	Wed Jul 05 20:29:56 2017 +0200
@@ -684,7 +684,7 @@
         final List<CodeSigner[]> signersReq = req;
         final Enumeration<String> enum2 = (matchUnsigned) ? unsignedEntryNames(jar) : emptyEnumeration;
 
-        return new Enumeration<String>() {
+        return new Enumeration<>() {
 
             String name;
 
@@ -726,7 +726,7 @@
         final Map<String, CodeSigner[]> map = new HashMap<>();
         map.putAll(signerMap());
         final Enumeration<? extends ZipEntry> enum_ = e;
-        return new Enumeration<JarEntry>() {
+        return new Enumeration<>() {
 
             Enumeration<String> signers = null;
             JarEntry entry;
@@ -786,7 +786,7 @@
     private Enumeration<String> unsignedEntryNames(JarFile jar) {
         final Map<String, CodeSigner[]> map = signerMap();
         final Enumeration<JarEntry> entries = jar.entries();
-        return new Enumeration<String>() {
+        return new Enumeration<>() {
 
             String name;
 
--- a/jdk/src/java.base/share/classes/sun/misc/Cleaner.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/misc/Cleaner.java	Wed Jul 05 20:29:56 2017 +0200
@@ -142,7 +142,7 @@
         try {
             thunk.run();
         } catch (final Throwable x) {
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Void run() {
                         if (System.err != null)
                             new Error("Cleaner terminated abnormally", x)
--- a/jdk/src/java.base/share/classes/sun/misc/URLClassPath.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/misc/URLClassPath.java	Wed Jul 05 20:29:56 2017 +0200
@@ -97,16 +97,16 @@
     }
 
     /* The original search path of URLs. */
-    private ArrayList<URL> path = new ArrayList<URL>();
+    private ArrayList<URL> path = new ArrayList<>();
 
     /* The stack of unopened URLs */
-    Stack<URL> urls = new Stack<URL>();
+    Stack<URL> urls = new Stack<>();
 
     /* The resulting search path of Loaders */
-    ArrayList<Loader> loaders = new ArrayList<Loader>();
+    ArrayList<Loader> loaders = new ArrayList<>();
 
     /* Map of each URL opened to its corresponding Loader */
-    HashMap<String, Loader> lmap = new HashMap<String, Loader>();
+    HashMap<String, Loader> lmap = new HashMap<>();
 
     /* The jar protocol handler to use when creating new URLs */
     private URLStreamHandler jarHandler;
@@ -142,7 +142,7 @@
         if (closed) {
             return Collections.emptyList();
         }
-        List<IOException> result = new LinkedList<IOException>();
+        List<IOException> result = new LinkedList<>();
         for (Loader loader : loaders) {
             try {
                 loader.close();
@@ -234,7 +234,7 @@
      */
     public Enumeration<URL> findResources(final String name,
                                      final boolean check) {
-        return new Enumeration<URL>() {
+        return new Enumeration<>() {
             private int index = 0;
             private URL url = null;
 
@@ -281,7 +281,7 @@
      */
     public Enumeration<Resource> getResources(final String name,
                                     final boolean check) {
-        return new Enumeration<Resource>() {
+        return new Enumeration<>() {
             private int index = 0;
             private Resource res = null;
 
@@ -374,7 +374,7 @@
     private Loader getLoader(final URL url) throws IOException {
         try {
             return java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedExceptionAction<Loader>() {
+                new java.security.PrivilegedExceptionAction<>() {
                 public Loader run() throws IOException {
                     String file = url.getFile();
                     if (file != null && file.endsWith("/")) {
@@ -689,7 +689,7 @@
             if (jar == null) {
                 try {
                     java.security.AccessController.doPrivileged(
-                        new java.security.PrivilegedExceptionAction<Void>() {
+                        new java.security.PrivilegedExceptionAction<>() {
                             public Void run() throws IOException {
                                 if (DEBUG) {
                                     System.err.println("Opening " + csu);
@@ -870,7 +870,7 @@
             if (index == null)
                 return null;
 
-            HashSet<String> visited = new HashSet<String>();
+            HashSet<String> visited = new HashSet<>();
             return getResource(name, check, visited);
         }
 
@@ -912,7 +912,7 @@
                              * before
                              */
                             newLoader = AccessController.doPrivileged(
-                                new PrivilegedExceptionAction<JarLoader>() {
+                                new PrivilegedExceptionAction<>() {
                                     public JarLoader run() throws IOException {
                                         return new JarLoader(url, handler,
                                             lmap);
--- a/jdk/src/java.base/share/classes/sun/net/NetworkClient.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/NetworkClient.java	Wed Jul 05 20:29:56 2017 +0200
@@ -69,7 +69,7 @@
         final String encs[] = { null };
 
         AccessController.doPrivileged(
-                new PrivilegedAction<Void>() {
+                new PrivilegedAction<>() {
                     public Void run() {
                         vals[0] = Integer.getInteger("sun.net.client.defaultReadTimeout", 0).intValue();
                         vals[1] = Integer.getInteger("sun.net.client.defaultConnectTimeout", 0).intValue();
@@ -154,7 +154,7 @@
         if (proxy != null) {
             if (proxy.type() == Proxy.Type.SOCKS) {
                 s = AccessController.doPrivileged(
-                    new PrivilegedAction<Socket>() {
+                    new PrivilegedAction<>() {
                         public Socket run() {
                                        return new Socket(proxy);
                                    }});
@@ -201,7 +201,7 @@
         if (serverSocket == null)
             throw new IOException("not connected");
         return  AccessController.doPrivileged(
-                        new PrivilegedAction<InetAddress>() {
+                        new PrivilegedAction<>() {
                             public InetAddress run() {
                                 return serverSocket.getLocalAddress();
 
--- a/jdk/src/java.base/share/classes/sun/net/ProgressMonitor.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/ProgressMonitor.java	Wed Jul 05 20:29:56 2017 +0200
@@ -64,7 +64,7 @@
      * Return a snapshot of the ProgressSource list
      */
     public ArrayList<ProgressSource> getProgressSources()    {
-        ArrayList<ProgressSource> snapshot = new ArrayList<ProgressSource>();
+        ArrayList<ProgressSource> snapshot = new ArrayList<>();
 
         try {
             synchronized(progressSourceList)    {
@@ -114,7 +114,7 @@
         if (progressListenerList.size() > 0)
         {
             // Notify progress listener if there is progress change
-            ArrayList<ProgressListener> listeners = new ArrayList<ProgressListener>();
+            ArrayList<ProgressListener> listeners = new ArrayList<>();
 
             // Copy progress listeners to another list to avoid holding locks
             synchronized(progressListenerList) {
@@ -151,7 +151,7 @@
         if (progressListenerList.size() > 0)
         {
             // Notify progress listener if there is progress change
-            ArrayList<ProgressListener> listeners = new ArrayList<ProgressListener>();
+            ArrayList<ProgressListener> listeners = new ArrayList<>();
 
             // Copy progress listeners to another list to avoid holding locks
             synchronized(progressListenerList) {
@@ -183,7 +183,7 @@
         if (progressListenerList.size() > 0)
         {
             // Notify progress listener if there is progress change
-            ArrayList<ProgressListener> listeners = new ArrayList<ProgressListener>();
+            ArrayList<ProgressListener> listeners = new ArrayList<>();
 
             // Copy progress listeners to another list to avoid holding locks
             synchronized(progressListenerList)  {
--- a/jdk/src/java.base/share/classes/sun/net/www/MessageHeader.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/MessageHeader.java	Wed Jul 05 20:29:56 2017 +0200
@@ -244,7 +244,7 @@
     public synchronized Map<String, List<String>> filterAndAddHeaders(
             String[] excludeList, Map<String, List<String>>  include) {
         boolean skipIt = false;
-        Map<String, List<String>> m = new HashMap<String, List<String>>();
+        Map<String, List<String>> m = new HashMap<>();
         for (int i = nkeys; --i >= 0;) {
             if (excludeList != null) {
                 // check if the key is in the excludeList.
@@ -260,7 +260,7 @@
             if (!skipIt) {
                 List<String> l = m.get(keys[i]);
                 if (l == null) {
-                    l = new ArrayList<String>();
+                    l = new ArrayList<>();
                     m.put(keys[i], l);
                 }
                 l.add(values[i]);
@@ -274,7 +274,7 @@
                 for (Map.Entry<String,List<String>> entry: include.entrySet()) {
                 List<String> l = m.get(entry.getKey());
                 if (l == null) {
-                    l = new ArrayList<String>();
+                    l = new ArrayList<>();
                     m.put(entry.getKey(), l);
                 }
                 l.addAll(entry.getValue());
--- a/jdk/src/java.base/share/classes/sun/net/www/http/HttpCapture.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/http/HttpCapture.java	Wed Jul 05 20:29:56 2017 +0200
@@ -64,7 +64,7 @@
     private static synchronized void init() {
         initialized = true;
         String rulesFile = java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<String>() {
+            new java.security.PrivilegedAction<>() {
                 public String run() {
                     return NetProperties.get("sun.net.http.captureRules");
                 }
@@ -85,8 +85,8 @@
                         String[] s = line.split(",");
                         if (s.length == 2) {
                             if (patterns == null) {
-                                patterns = new ArrayList<Pattern>();
-                                capFiles = new ArrayList<String>();
+                                patterns = new ArrayList<>();
+                                capFiles = new ArrayList<>();
                             }
                             patterns.add(Pattern.compile(s[0].trim()));
                             capFiles.add(s[1].trim());
--- a/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java	Wed Jul 05 20:29:56 2017 +0200
@@ -479,7 +479,7 @@
     {
         try {
             java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedExceptionAction<Void>() {
+                new java.security.PrivilegedExceptionAction<>() {
                     public Void run() throws IOException {
                     openServer(server.getHostString(), server.getPort());
                     return null;
--- a/jdk/src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/http/KeepAliveCache.java	Wed Jul 05 20:29:56 2017 +0200
@@ -94,7 +94,7 @@
              */
             final KeepAliveCache cache = this;
             java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<Void>() {
+                new java.security.PrivilegedAction<>() {
                 public Void run() {
                     keepAliveTimer = new InnocuousThread(cache, "Keep-Alive-Timer");
                     keepAliveTimer.setDaemon(true);
@@ -178,7 +178,7 @@
                 long currentTime = System.currentTimeMillis();
 
                 ArrayList<KeepAliveKey> keysToRemove
-                    = new ArrayList<KeepAliveKey>();
+                    = new ArrayList<>();
 
                 for (KeepAliveKey key : keySet()) {
                     ClientVector v = get(key);
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java	Wed Jul 05 20:29:56 2017 +0200
@@ -122,7 +122,7 @@
         this.dontUseNegotiate = dontUseNegotiate;
         rsp = response;
         this.hdrname = hdrname;
-        schemes = new HashMap<String,SchemeMapValue>();
+        schemes = new HashMap<>();
         parse();
     }
 
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java	Wed Jul 05 20:29:56 2017 +0200
@@ -62,7 +62,7 @@
 
     static {
         Boolean b = AccessController.doPrivileged(
-            new PrivilegedAction<Boolean>() {
+            new PrivilegedAction<>() {
                 public Boolean run() {
                     return NetProperties.getBoolean(compatPropName);
                 }
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java	Wed Jul 05 20:29:56 2017 +0200
@@ -244,7 +244,7 @@
                 new sun.security.action.GetBooleanAction(
                     "sun.net.http.allowRestrictedHeaders")).booleanValue();
         if (!allowRestrictedHeaders) {
-            restrictedHeaderSet = new HashSet<String>(restrictedHeaders.length);
+            restrictedHeaderSet = new HashSet<>(restrictedHeaders.length);
             for (int i=0; i < restrictedHeaders.length; i++) {
                 restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase());
             }
@@ -413,7 +413,7 @@
                             final URL url,
                             final RequestorType authType) {
         return java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<PasswordAuthentication>() {
+            new java.security.PrivilegedAction<>() {
                 public PasswordAuthentication run() {
                     if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
                         logger.finest("Requesting Authentication: host =" + host + " url = " + url);
@@ -817,14 +817,14 @@
             } catch (SecurityException se) { /* swallow exception */ }
         } else {
             cookieHandler = java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<CookieHandler>() {
+                new java.security.PrivilegedAction<>() {
                 public CookieHandler run() {
                     return CookieHandler.getDefault();
                 }
             });
         }
         cacheHandler = java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<ResponseCache>() {
+            new java.security.PrivilegedAction<>() {
                 public ResponseCache run() {
                 return ResponseCache.getDefault();
             }
@@ -909,7 +909,7 @@
         final boolean result[] = {false};
 
         java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                 try {
                     InetAddress a1 = InetAddress.getByName(h1);
@@ -954,7 +954,7 @@
         try {
             // lookup hostname and use IP address if available
             host = AccessController.doPrivileged(
-                new PrivilegedExceptionAction<String>() {
+                new PrivilegedExceptionAction<>() {
                     public String run() throws IOException {
                             InetAddress addr = InetAddress.getByName(hostarg);
                             return addr.getHostAddress();
@@ -984,7 +984,7 @@
         if (p != null) {
             try {
                 AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<Void>() {
+                    new PrivilegedExceptionAction<>() {
                         public Void run() throws IOException {
                             plainConnect0();
                             return null;
@@ -1086,7 +1086,7 @@
                  */
                 ProxySelector sel =
                     java.security.AccessController.doPrivileged(
-                        new java.security.PrivilegedAction<ProxySelector>() {
+                        new java.security.PrivilegedAction<>() {
                             public ProxySelector run() {
                                      return ProxySelector.getDefault();
                                  }
@@ -1245,7 +1245,7 @@
         if (p != null) {
             try {
                 return AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<OutputStream>() {
+                    new PrivilegedExceptionAction<>() {
                         public OutputStream run() throws IOException {
                             return getOutputStream0();
                         }
@@ -1423,7 +1423,7 @@
         if (p != null) {
             try {
                 return AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<InputStream>() {
+                    new PrivilegedExceptionAction<>() {
                         public InputStream run() throws IOException {
                             return getInputStream0();
                         }
@@ -1877,7 +1877,7 @@
             final Object[] args = { rememberedException.getMessage() };
             IOException chainedException =
                 java.security.AccessController.doPrivileged(
-                    new java.security.PrivilegedExceptionAction<IOException>() {
+                    new java.security.PrivilegedExceptionAction<>() {
                         public IOException run() throws Exception {
                             return (IOException)
                                 rememberedException.getClass()
@@ -2204,7 +2204,7 @@
                     try {
                         final String finalHost = host;
                         addr = java.security.AccessController.doPrivileged(
-                            new java.security.PrivilegedExceptionAction<InetAddress>() {
+                            new java.security.PrivilegedExceptionAction<>() {
                                 public InetAddress run()
                                     throws java.net.UnknownHostException {
                                     return InetAddress.getByName(finalHost);
@@ -2566,7 +2566,7 @@
         if (p != null) {
             try {
                 return AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<Boolean>() {
+                    new PrivilegedExceptionAction<>() {
                         public Boolean run() throws IOException {
                             return followRedirect0(loc, stat, locUrl0);
                         }
--- a/jdk/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/jar/URLJarFile.java	Wed Jul 05 20:29:56 2017 +0200
@@ -213,7 +213,7 @@
             /* get the stream before asserting privileges */
             try (final InputStream in = url.openConnection().getInputStream()) {
                 result = AccessController.doPrivileged(
-                    new PrivilegedExceptionAction<JarFile>() {
+                    new PrivilegedExceptionAction<>() {
                         public JarFile run() throws IOException {
                             Path tmpFile = Files.createTempFile("jar_cache", null);
                             try {
--- a/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousChannelGroupImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -76,7 +76,7 @@
         this.pool = pool;
 
         if (pool.isFixedThreadPool()) {
-            taskQueue = new ConcurrentLinkedQueue<Runnable>();
+            taskQueue = new ConcurrentLinkedQueue<>();
         } else {
             taskQueue = null;   // not used
         }
@@ -115,7 +115,7 @@
     }
 
     private void startInternalThread(final Runnable task) {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public Void run() {
                 // internal threads should not be visible to application so
@@ -246,7 +246,7 @@
     abstract void shutdownHandlerTasks();
 
     private void shutdownExecutors() {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             public Void run() {
                 pool.executor().shutdown();
                 timeoutExecutor.shutdown();
@@ -323,7 +323,7 @@
             task = new Runnable() {
                 @Override
                 public void run() {
-                    AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                    AccessController.doPrivileged(new PrivilegedAction<>() {
                         @Override
                         public Void run() {
                             delegate.run();
--- a/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousServerSocketChannelImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousServerSocketChannelImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -228,7 +228,7 @@
         static final Set<SocketOption<?>> defaultOptions = defaultOptions();
 
         private static Set<SocketOption<?>> defaultOptions() {
-            HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(2);
+            HashSet<SocketOption<?>> set = new HashSet<>(2);
             set.add(StandardSocketOptions.SO_RCVBUF);
             set.add(StandardSocketOptions.SO_REUSEADDR);
             return Collections.unmodifiableSet(set);
--- a/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/AsynchronousSocketChannelImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -503,7 +503,7 @@
         static final Set<SocketOption<?>> defaultOptions = defaultOptions();
 
         private static Set<SocketOption<?>> defaultOptions() {
-            HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(5);
+            HashSet<SocketOption<?>> set = new HashSet<>(5);
             set.add(StandardSocketOptions.SO_SNDBUF);
             set.add(StandardSocketOptions.SO_RCVBUF);
             set.add(StandardSocketOptions.SO_KEEPALIVE);
--- a/jdk/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/DatagramChannelImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -294,7 +294,7 @@
         static final Set<SocketOption<?>> defaultOptions = defaultOptions();
 
         private static Set<SocketOption<?>> defaultOptions() {
-            HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(8);
+            HashSet<SocketOption<?>> set = new HashSet<>(8);
             set.add(StandardSocketOptions.SO_SNDBUF);
             set.add(StandardSocketOptions.SO_RCVBUF);
             set.add(StandardSocketOptions.SO_REUSEADDR);
--- a/jdk/src/java.base/share/classes/sun/nio/ch/MembershipKeyImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/MembershipKeyImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -184,7 +184,7 @@
 
             // created blocked set if required and add source address
             if (blockedSet == null)
-                blockedSet = new HashSet<InetAddress>();
+                blockedSet = new HashSet<>();
             blockedSet.add(toBlock);
         }
         return this;
--- a/jdk/src/java.base/share/classes/sun/nio/ch/MembershipRegistry.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/MembershipRegistry.java	Wed Jul 05 20:29:56 2017 +0200
@@ -84,13 +84,13 @@
         InetAddress group = key.group();
         List<MembershipKeyImpl> keys;
         if (groups == null) {
-            groups = new HashMap<InetAddress,List<MembershipKeyImpl>>();
+            groups = new HashMap<>();
             keys = null;
         } else {
             keys = groups.get(group);
         }
         if (keys == null) {
-            keys = new LinkedList<MembershipKeyImpl>();
+            keys = new LinkedList<>();
             groups.put(group, keys);
         }
         keys.add(key);
--- a/jdk/src/java.base/share/classes/sun/nio/ch/SelectorImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/SelectorImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -52,8 +52,8 @@
 
     protected SelectorImpl(SelectorProvider sp) {
         super(sp);
-        keys = new HashSet<SelectionKey>();
-        selectedKeys = new HashSet<SelectionKey>();
+        keys = new HashSet<>();
+        selectedKeys = new HashSet<>();
         if (Util.atBugLevel("1.4")) {
             publicKeys = keys;
             publicSelectedKeys = selectedKeys;
--- a/jdk/src/java.base/share/classes/sun/nio/ch/ServerSocketChannelImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/ServerSocketChannelImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -182,7 +182,7 @@
         static final Set<SocketOption<?>> defaultOptions = defaultOptions();
 
         private static Set<SocketOption<?>> defaultOptions() {
-            HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(2);
+            HashSet<SocketOption<?>> set = new HashSet<>(2);
             set.add(StandardSocketOptions.SO_RCVBUF);
             set.add(StandardSocketOptions.SO_REUSEADDR);
             set.add(StandardSocketOptions.IP_TOS);
--- a/jdk/src/java.base/share/classes/sun/nio/ch/SocketChannelImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/ch/SocketChannelImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -229,7 +229,7 @@
         static final Set<SocketOption<?>> defaultOptions = defaultOptions();
 
         private static Set<SocketOption<?>> defaultOptions() {
-            HashSet<SocketOption<?>> set = new HashSet<SocketOption<?>>(8);
+            HashSet<SocketOption<?>> set = new HashSet<>(8);
             set.add(StandardSocketOptions.SO_SNDBUF);
             set.add(StandardSocketOptions.SO_RCVBUF);
             set.add(StandardSocketOptions.SO_KEEPALIVE);
--- a/jdk/src/java.base/share/classes/sun/nio/cs/CharsetMapping.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/cs/CharsetMapping.java	Wed Jul 05 20:29:56 2017 +0200
@@ -135,7 +135,7 @@
 
     // init the CharsetMapping object from the .dat binary file
     public static CharsetMapping get(final InputStream is) {
-        return AccessController.doPrivileged(new PrivilegedAction<CharsetMapping>() {
+        return AccessController.doPrivileged(new PrivilegedAction<>() {
             public CharsetMapping run() {
                 return new CharsetMapping().load(is);
             }
--- a/jdk/src/java.base/share/classes/sun/nio/fs/AbstractPoller.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/fs/AbstractPoller.java	Wed Jul 05 20:29:56 2017 +0200
@@ -48,7 +48,7 @@
     private boolean shutdown;
 
     protected AbstractPoller() {
-        this.requestList = new LinkedList<Request>();
+        this.requestList = new LinkedList<>();
         this.shutdown = false;
     }
 
@@ -57,7 +57,7 @@
      */
     public void start() {
         final Runnable thisRunnable = this;
-        AccessController.doPrivileged(new PrivilegedAction<Object>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public Object run() {
                 Thread thr = new ManagedLocalsThread(thisRunnable);
--- a/jdk/src/java.base/share/classes/sun/nio/fs/AbstractWatchKey.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/nio/fs/AbstractWatchKey.java	Wed Jul 05 20:29:56 2017 +0200
@@ -70,8 +70,8 @@
         this.watcher = watcher;
         this.dir = dir;
         this.state = State.READY;
-        this.events = new ArrayList<WatchEvent<?>>();
-        this.lastModifyEvents = new HashMap<Object,WatchEvent<?>>();
+        this.events = new ArrayList<>();
+        this.lastModifyEvents = new HashMap<>();
     }
 
     final AbstractWatchService watcher() {
@@ -146,7 +146,7 @@
 
             // non-repeated event
             Event<Object> ev =
-                new Event<Object>((WatchEvent.Kind<Object>)kind, context);
+                new Event<>((WatchEvent.Kind<Object>)kind, context);
             if (isModify) {
                 lastModifyEvents.put(context, ev);
             } else if (kind == StandardWatchEventKinds.OVERFLOW) {
@@ -163,7 +163,7 @@
     public final List<WatchEvent<?>> pollEvents() {
         synchronized (this) {
             List<WatchEvent<?>> result = events;
-            events = new ArrayList<WatchEvent<?>>();
+            events = new ArrayList<>();
             lastModifyEvents.clear();
             return result;
         }
--- a/jdk/src/java.base/share/classes/sun/reflect/ReflectionFactory.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/reflect/ReflectionFactory.java	Wed Jul 05 20:29:56 2017 +0200
@@ -375,7 +375,7 @@
     private static void checkInitted() {
         if (initted) return;
         AccessController.doPrivileged(
-            new PrivilegedAction<Void>() {
+            new PrivilegedAction<>() {
                 public Void run() {
                     // Tests to ensure the system properties table is fully
                     // initialized. This is needed because reflection code is
--- a/jdk/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java	Wed Jul 05 20:29:56 2017 +0200
@@ -106,16 +106,16 @@
             throw new IllegalArgumentException("Not an annotation type");
 
         Method[] methods =
-            AccessController.doPrivileged(new PrivilegedAction<Method[]>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
                 public Method[] run() {
                     // Initialize memberTypes and defaultValues
                     return annotationClass.getDeclaredMethods();
                 }
             });
 
-        memberTypes = new HashMap<String,Class<?>>(methods.length+1, 1.0f);
-        memberDefaults = new HashMap<String, Object>(0);
-        members = new HashMap<String, Method>(methods.length+1, 1.0f);
+        memberTypes = new HashMap<>(methods.length+1, 1.0f);
+        memberDefaults = new HashMap<>(0);
+        members = new HashMap<>(methods.length+1, 1.0f);
 
         for (Method method : methods) {
             if (method.getParameterTypes().length != 0)
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/Builder.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/Builder.java	Wed Jul 05 20:29:56 2017 +0200
@@ -102,8 +102,8 @@
 
     /**
      * Verifies whether the input certificate completes the path.
-     * When building forward, a trust anchor will complete the path.
-     * When building reverse, the target certificate will complete the path.
+     * When building in the forward direction, a trust anchor will
+     * complete the path.
      *
      * @param cert the certificate to test
      * @return a boolean value indicating whether the cert completes the path.
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIX.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/PKIX.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,7 +25,6 @@
 package sun.security.provider.certpath;
 
 import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyStore;
 import java.security.PublicKey;
 import java.security.cert.*;
 import java.security.interfaces.DSAPublicKey;
@@ -194,7 +193,6 @@
 
     static class BuilderParams extends ValidatorParams {
         private PKIXBuilderParameters params;
-        private boolean buildForward = true;
         private List<CertStore> stores;
         private X500Principal targetSubject;
 
@@ -213,10 +211,6 @@
                     + "targetCertConstraints parameter must be an "
                     + "X509CertSelector");
             }
-            if (params instanceof SunCertPathBuilderParameters) {
-                buildForward =
-                    ((SunCertPathBuilderParameters)params).getBuildForward();
-            }
             this.params = params;
             this.targetSubject = getTargetSubject(
                 certStores(), (X509CertSelector)targetCertConstraints());
@@ -230,7 +224,6 @@
             return stores;
         }
         int maxPathLength() { return params.getMaxPathLength(); }
-        boolean buildForward() { return buildForward; }
         PKIXBuilderParameters params() { return params; }
         X500Principal targetSubject() { return targetSubject; }
 
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseBuilder.java	Thu Apr 23 16:12:16 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,551 +0,0 @@
-/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.provider.certpath;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.security.cert.CertificateException;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.CertStore;
-import java.security.cert.CertStoreException;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.PKIXParameters;
-import java.security.cert.PKIXReason;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509Certificate;
-import java.security.cert.X509CertSelector;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.LinkedList;
-import java.util.Set;
-
-import javax.security.auth.x500.X500Principal;
-
-import sun.security.provider.certpath.PKIX.BuilderParams;
-import sun.security.util.Debug;
-import sun.security.x509.Extension;
-import static sun.security.x509.PKIXExtensions.*;
-import sun.security.x509.X500Name;
-import sun.security.x509.X509CertImpl;
-import sun.security.x509.PolicyMappingsExtension;
-
-/**
- * This class represents a reverse builder, which is able to retrieve
- * matching certificates from CertStores and verify a particular certificate
- * against a ReverseState.
- *
- * @since       1.4
- * @author      Sean Mullan
- * @author      Yassir Elley
- */
-
-class ReverseBuilder extends Builder {
-
-    private Debug debug = Debug.getInstance("certpath");
-
-    private final Set<String> initPolicies;
-
-    /**
-     * Initialize the builder with the input parameters.
-     *
-     * @param params the parameter set used to build a certification path
-     */
-    ReverseBuilder(BuilderParams buildParams) {
-        super(buildParams);
-
-        Set<String> initialPolicies = buildParams.initialPolicies();
-        initPolicies = new HashSet<String>();
-        if (initialPolicies.isEmpty()) {
-            // if no initialPolicies are specified by user, set
-            // initPolicies to be anyPolicy by default
-            initPolicies.add(PolicyChecker.ANY_POLICY);
-        } else {
-            initPolicies.addAll(initialPolicies);
-        }
-    }
-
-    /**
-     * Retrieves all certs from the specified CertStores that satisfy the
-     * requirements specified in the parameters and the current
-     * PKIX state (name constraints, policy constraints, etc).
-     *
-     * @param currentState the current state.
-     *        Must be an instance of <code>ReverseState</code>
-     * @param certStores list of CertStores
-     */
-    @Override
-    Collection<X509Certificate> getMatchingCerts
-        (State currState, List<CertStore> certStores)
-        throws CertStoreException, CertificateException, IOException
-    {
-        ReverseState currentState = (ReverseState) currState;
-
-        if (debug != null)
-            debug.println("In ReverseBuilder.getMatchingCerts.");
-
-        /*
-         * The last certificate could be an EE or a CA certificate
-         * (we may be building a partial certification path or
-         * establishing trust in a CA).
-         *
-         * Try the EE certs before the CA certs. It will be more
-         * common to build a path to an end entity.
-         */
-        Collection<X509Certificate> certs =
-            getMatchingEECerts(currentState, certStores);
-        certs.addAll(getMatchingCACerts(currentState, certStores));
-
-        return certs;
-    }
-
-    /*
-     * Retrieves all end-entity certificates which satisfy constraints
-     * and requirements specified in the parameters and PKIX state.
-     */
-    private Collection<X509Certificate> getMatchingEECerts
-        (ReverseState currentState, List<CertStore> certStores)
-        throws CertStoreException, CertificateException, IOException {
-
-        /*
-         * Compose a CertSelector to filter out
-         * certs which do not satisfy requirements.
-         *
-         * First, retrieve clone of current target cert constraints, and
-         * then add more selection criteria based on current validation state.
-         */
-        X509CertSelector sel = (X509CertSelector) targetCertConstraints.clone();
-
-        /*
-         * Match on issuer (subject of previous cert)
-         */
-        sel.setIssuer(currentState.subjectDN);
-
-        /*
-         * Match on certificate validity date.
-         */
-        sel.setCertificateValid(buildParams.date());
-
-        /*
-         * Policy processing optimizations
-         */
-        if (currentState.explicitPolicy == 0)
-            sel.setPolicy(getMatchingPolicies());
-
-        /*
-         * If previous cert has a subject key identifier extension,
-         * use it to match on authority key identifier extension.
-         */
-        /*if (currentState.subjKeyId != null) {
-          AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
-                (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
-                null, null);
-        sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
-        }*/
-
-        /*
-         * Require EE certs
-         */
-        sel.setBasicConstraints(-2);
-
-        /* Retrieve matching certs from CertStores */
-        HashSet<X509Certificate> eeCerts = new HashSet<>();
-        addMatchingCerts(sel, certStores, eeCerts, true);
-
-        if (debug != null) {
-            debug.println("ReverseBuilder.getMatchingEECerts got "
-                          + eeCerts.size() + " certs.");
-        }
-        return eeCerts;
-    }
-
-    /*
-     * Retrieves all CA certificates which satisfy constraints
-     * and requirements specified in the parameters and PKIX state.
-     */
-    private Collection<X509Certificate> getMatchingCACerts
-        (ReverseState currentState, List<CertStore> certStores)
-        throws CertificateException, CertStoreException, IOException {
-
-        /*
-         * Compose a CertSelector to filter out
-         * certs which do not satisfy requirements.
-         */
-        X509CertSelector sel = new X509CertSelector();
-
-        /*
-         * Match on issuer (subject of previous cert)
-         */
-        sel.setIssuer(currentState.subjectDN);
-
-        /*
-         * Match on certificate validity date.
-         */
-        sel.setCertificateValid(buildParams.date());
-
-        /*
-         * Match on target subject name (checks that current cert's
-         * name constraints permit it to certify target).
-         * (4 is the integer type for DIRECTORY name).
-         */
-        byte[] subject = targetCertConstraints.getSubjectAsBytes();
-        if (subject != null) {
-            sel.addPathToName(4, subject);
-        } else {
-            X509Certificate cert = targetCertConstraints.getCertificate();
-            if (cert != null) {
-                sel.addPathToName(4,
-                                  cert.getSubjectX500Principal().getEncoded());
-            }
-        }
-
-        /*
-         * Policy processing optimizations
-         */
-        if (currentState.explicitPolicy == 0)
-            sel.setPolicy(getMatchingPolicies());
-
-        /*
-         * If previous cert has a subject key identifier extension,
-         * use it to match on authority key identifier extension.
-         */
-        /*if (currentState.subjKeyId != null) {
-          AuthorityKeyIdentifierExtension authKeyId = new AuthorityKeyIdentifierExtension(
-                (KeyIdentifier) currentState.subjKeyId.get(SubjectKeyIdentifierExtension.KEY_ID),
-                                null, null);
-          sel.setAuthorityKeyIdentifier(authKeyId.getExtensionValue());
-        }*/
-
-        /*
-         * Require CA certs
-         */
-        sel.setBasicConstraints(0);
-
-        /* Retrieve matching certs from CertStores */
-        ArrayList<X509Certificate> reverseCerts = new ArrayList<>();
-        addMatchingCerts(sel, certStores, reverseCerts, true);
-
-        /* Sort remaining certs using name constraints */
-        Collections.sort(reverseCerts, new PKIXCertComparator());
-
-        if (debug != null)
-            debug.println("ReverseBuilder.getMatchingCACerts got " +
-                          reverseCerts.size() + " certs.");
-        return reverseCerts;
-    }
-
-    /*
-     * This inner class compares 2 PKIX certificates according to which
-     * should be tried first when building a path to the target. For
-     * now, the algorithm is to look at name constraints in each cert and those
-     * which constrain the path closer to the target should be
-     * ranked higher. Later, we may want to consider other components,
-     * such as key identifiers.
-     */
-    class PKIXCertComparator implements Comparator<X509Certificate> {
-
-        private Debug debug = Debug.getInstance("certpath");
-
-        @Override
-        public int compare(X509Certificate cert1, X509Certificate cert2) {
-
-            /*
-             * if either cert certifies the target, always
-             * put at head of list.
-             */
-            X500Principal targetSubject = buildParams.targetSubject();
-            if (cert1.getSubjectX500Principal().equals(targetSubject)) {
-                return -1;
-            }
-            if (cert2.getSubjectX500Principal().equals(targetSubject)) {
-                return 1;
-            }
-
-            int targetDist1;
-            int targetDist2;
-            try {
-                X500Name targetSubjectName = X500Name.asX500Name(targetSubject);
-                targetDist1 = Builder.targetDistance(
-                    null, cert1, targetSubjectName);
-                targetDist2 = Builder.targetDistance(
-                    null, cert2, targetSubjectName);
-            } catch (IOException e) {
-                if (debug != null) {
-                    debug.println("IOException in call to Builder.targetDistance");
-                    e.printStackTrace();
-                }
-                throw new ClassCastException
-                    ("Invalid target subject distinguished name");
-            }
-
-            if (targetDist1 == targetDist2)
-                return 0;
-
-            if (targetDist1 == -1)
-                return 1;
-
-            if (targetDist1 < targetDist2)
-                return -1;
-
-            return 1;
-        }
-    }
-
-    /**
-     * Verifies a matching certificate.
-     *
-     * This method executes any of the validation steps in the PKIX path validation
-     * algorithm which were not satisfied via filtering out non-compliant
-     * certificates with certificate matching rules.
-     *
-     * If the last certificate is being verified (the one whose subject
-     * matches the target subject, then the steps in Section 6.1.4 of the
-     * Certification Path Validation algorithm are NOT executed,
-     * regardless of whether or not the last cert is an end-entity
-     * cert or not. This allows callers to certify CA certs as
-     * well as EE certs.
-     *
-     * @param cert the certificate to be verified
-     * @param currentState the current state against which the cert is verified
-     * @param certPathList the certPathList generated thus far
-     */
-    @Override
-    void verifyCert(X509Certificate cert, State currState,
-        List<X509Certificate> certPathList)
-        throws GeneralSecurityException
-    {
-        if (debug != null) {
-            debug.println("ReverseBuilder.verifyCert(SN: "
-                + Debug.toHexString(cert.getSerialNumber())
-                + "\n  Subject: " + cert.getSubjectX500Principal() + ")");
-        }
-
-        ReverseState currentState = (ReverseState) currState;
-
-        /* we don't perform any validation of the trusted cert */
-        if (currentState.isInitial()) {
-            return;
-        }
-
-        // Don't bother to verify untrusted certificate more.
-        currentState.untrustedChecker.check(cert,
-                                    Collections.<String>emptySet());
-
-        /*
-         * check for looping - abort a loop if
-         * ((we encounter the same certificate twice) AND
-         * ((policyMappingInhibited = true) OR (no policy mapping
-         * extensions can be found between the occurrences of the same
-         * certificate)))
-         * in order to facilitate the check to see if there are
-         * any policy mapping extensions found between the occurrences
-         * of the same certificate, we reverse the certpathlist first
-         */
-        if ((certPathList != null) && (!certPathList.isEmpty())) {
-            List<X509Certificate> reverseCertList = new ArrayList<>();
-            for (X509Certificate c : certPathList) {
-                reverseCertList.add(0, c);
-            }
-
-            boolean policyMappingFound = false;
-            for (X509Certificate cpListCert : reverseCertList) {
-                X509CertImpl cpListCertImpl = X509CertImpl.toImpl(cpListCert);
-                PolicyMappingsExtension policyMappingsExt =
-                        cpListCertImpl.getPolicyMappingsExtension();
-                if (policyMappingsExt != null) {
-                    policyMappingFound = true;
-                }
-                if (debug != null)
-                    debug.println("policyMappingFound = " + policyMappingFound);
-                if (cert.equals(cpListCert)) {
-                    if ((buildParams.policyMappingInhibited()) ||
-                        (!policyMappingFound)){
-                        if (debug != null)
-                            debug.println("loop detected!!");
-                        throw new CertPathValidatorException("loop detected");
-                    }
-                }
-            }
-        }
-
-        /* check if target cert */
-        boolean finalCert = cert.getSubjectX500Principal().equals(buildParams.targetSubject());
-
-        /* check if CA cert */
-        boolean caCert = (cert.getBasicConstraints() != -1 ? true : false);
-
-        /* if there are more certs to follow, verify certain constraints */
-        if (!finalCert) {
-
-            /* check if CA cert */
-            if (!caCert)
-                throw new CertPathValidatorException("cert is NOT a CA cert");
-
-            /* If the certificate was not self-issued, verify that
-             * remainingCerts is greater than zero
-             */
-            if ((currentState.remainingCACerts <= 0) && !X509CertImpl.isSelfIssued(cert)) {
-                    throw new CertPathValidatorException
-                        ("pathLenConstraint violated, path too long", null,
-                         null, -1, PKIXReason.PATH_TOO_LONG);
-            }
-
-            /*
-             * Check keyUsage extension (only if CA cert and not final cert)
-             */
-            KeyChecker.verifyCAKeyUsage(cert);
-
-        } else {
-
-            /*
-             * If final cert, check that it satisfies specified target
-             * constraints
-             */
-            if (targetCertConstraints.match(cert) == false) {
-                throw new CertPathValidatorException("target certificate " +
-                    "constraints check failed");
-            }
-        }
-
-        /*
-         * Check revocation.
-         */
-        if (buildParams.revocationEnabled() && currentState.revChecker != null) {
-            currentState.revChecker.check(cert, Collections.<String>emptySet());
-        }
-
-        /* Check name constraints if this is not a self-issued cert */
-        if (finalCert || !X509CertImpl.isSelfIssued(cert)){
-            if (currentState.nc != null) {
-                try {
-                    if (!currentState.nc.verify(cert)){
-                        throw new CertPathValidatorException
-                            ("name constraints check failed", null, null, -1,
-                             PKIXReason.INVALID_NAME);
-                    }
-                } catch (IOException ioe) {
-                    throw new CertPathValidatorException(ioe);
-                }
-            }
-        }
-
-        /*
-         * Check policy
-         */
-        X509CertImpl certImpl = X509CertImpl.toImpl(cert);
-        currentState.rootNode = PolicyChecker.processPolicies
-            (currentState.certIndex, initPolicies,
-            currentState.explicitPolicy, currentState.policyMapping,
-            currentState.inhibitAnyPolicy,
-            buildParams.policyQualifiersRejected(), currentState.rootNode,
-            certImpl, finalCert);
-
-        /*
-         * Check CRITICAL private extensions
-         */
-        Set<String> unresolvedCritExts = cert.getCriticalExtensionOIDs();
-        if (unresolvedCritExts == null) {
-            unresolvedCritExts = Collections.<String>emptySet();
-        }
-
-        /*
-         * Check that the signature algorithm is not disabled.
-         */
-        currentState.algorithmChecker.check(cert, unresolvedCritExts);
-
-        for (PKIXCertPathChecker checker : currentState.userCheckers) {
-            checker.check(cert, unresolvedCritExts);
-        }
-
-        /*
-         * Look at the remaining extensions and remove any ones we have
-         * already checked. If there are any left, throw an exception!
-         */
-        if (!unresolvedCritExts.isEmpty()) {
-            unresolvedCritExts.remove(BasicConstraints_Id.toString());
-            unresolvedCritExts.remove(NameConstraints_Id.toString());
-            unresolvedCritExts.remove(CertificatePolicies_Id.toString());
-            unresolvedCritExts.remove(PolicyMappings_Id.toString());
-            unresolvedCritExts.remove(PolicyConstraints_Id.toString());
-            unresolvedCritExts.remove(InhibitAnyPolicy_Id.toString());
-            unresolvedCritExts.remove(SubjectAlternativeName_Id.toString());
-            unresolvedCritExts.remove(KeyUsage_Id.toString());
-            unresolvedCritExts.remove(ExtendedKeyUsage_Id.toString());
-
-            if (!unresolvedCritExts.isEmpty())
-                throw new CertPathValidatorException
-                    ("Unrecognized critical extension(s)", null, null, -1,
-                     PKIXReason.UNRECOGNIZED_CRIT_EXT);
-        }
-
-        /*
-         * Check signature.
-         */
-        if (buildParams.sigProvider() != null) {
-            cert.verify(currentState.pubKey, buildParams.sigProvider());
-        } else {
-            cert.verify(currentState.pubKey);
-        }
-    }
-
-    /**
-     * Verifies whether the input certificate completes the path.
-     * This checks whether the cert is the target certificate.
-     *
-     * @param cert the certificate to test
-     * @return a boolean value indicating whether the cert completes the path.
-     */
-    @Override
-    boolean isPathCompleted(X509Certificate cert) {
-        return cert.getSubjectX500Principal().equals(buildParams.targetSubject());
-    }
-
-    /** Adds the certificate to the certPathList
-     *
-     * @param cert the certificate to be added
-     * @param certPathList the certification path list
-     */
-    @Override
-    void addCertToPath(X509Certificate cert,
-        LinkedList<X509Certificate> certPathList) {
-        certPathList.addLast(cert);
-    }
-
-    /** Removes final certificate from the certPathList
-     *
-     * @param certPathList the certification path list
-     */
-    @Override
-    void removeFinalCertFromPath(LinkedList<X509Certificate> certPathList) {
-        certPathList.removeLast();
-    }
-}
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/ReverseState.java	Thu Apr 23 16:12:16 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,406 +0,0 @@
-/*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.provider.certpath;
-
-import java.io.IOException;
-import java.security.PublicKey;
-import java.security.cert.CertificateException;
-import java.security.cert.CertPathValidatorException;
-import java.security.cert.PKIXCertPathChecker;
-import java.security.cert.PKIXRevocationChecker;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.Set;
-import javax.security.auth.x500.X500Principal;
-
-import sun.security.provider.certpath.PKIX.BuilderParams;
-import sun.security.util.Debug;
-import sun.security.x509.NameConstraintsExtension;
-import sun.security.x509.SubjectKeyIdentifierExtension;
-import sun.security.x509.X509CertImpl;
-
-/**
- * A specification of a reverse PKIX validation state
- * which is initialized by each build and updated each time a
- * certificate is added to the current path.
- * @since       1.4
- * @author      Sean Mullan
- * @author      Yassir Elley
- */
-
-class ReverseState implements State {
-
-    private static final Debug debug = Debug.getInstance("certpath");
-
-    /* The subject DN of the last cert in the path */
-    X500Principal subjectDN;
-
-    /* The subject public key of the last cert */
-    PublicKey pubKey;
-
-    /* The subject key identifier extension (if any) of the last cert */
-    SubjectKeyIdentifierExtension subjKeyId;
-
-    /* The PKIX constrained/excluded subtrees state variable */
-    NameConstraintsExtension nc;
-
-    /* The PKIX explicit policy, policy mapping, and inhibit_any-policy
-       state variables */
-    int explicitPolicy;
-    int policyMapping;
-    int inhibitAnyPolicy;
-    int certIndex;
-    PolicyNodeImpl rootNode;
-
-    /* The number of remaining CA certs which may follow in the path.
-     * -1: previous cert was an EE cert
-     * 0: only EE certs may follow.
-     * >0 and <Integer.MAX_VALUE:no more than this number of CA certs may follow
-     * Integer.MAX_VALUE: unlimited
-     */
-    int remainingCACerts;
-
-    /* The list of user-defined checkers retrieved from the PKIXParameters
-     * instance */
-    ArrayList<PKIXCertPathChecker> userCheckers;
-
-    /* Flag indicating if state is initial (path is just starting) */
-    private boolean init = true;
-
-    /* the checker used for revocation status */
-    RevocationChecker revChecker;
-
-    /* the algorithm checker */
-    AlgorithmChecker algorithmChecker;
-
-    /* the untrusted certificates checker */
-    UntrustedChecker untrustedChecker;
-
-    /* the trust anchor used to validate the path */
-    TrustAnchor trustAnchor;
-
-    /* Flag indicating if current cert can vouch for the CRL for
-     * the next cert
-     */
-    boolean crlSign = true;
-
-    /**
-     * Returns a boolean flag indicating if the state is initial
-     * (just starting)
-     *
-     * @return boolean flag indicating if the state is initial (just starting)
-     */
-    @Override
-    public boolean isInitial() {
-        return init;
-    }
-
-    /**
-     * Display state for debugging purposes
-     */
-    @Override
-    public String toString() {
-        StringBuilder sb = new StringBuilder();
-        sb.append("State [");
-        sb.append("\n  subjectDN of last cert: ").append(subjectDN);
-        sb.append("\n  subjectKeyIdentifier: ").append
-                 (String.valueOf(subjKeyId));
-        sb.append("\n  nameConstraints: ").append(String.valueOf(nc));
-        sb.append("\n  certIndex: ").append(certIndex);
-        sb.append("\n  explicitPolicy: ").append(explicitPolicy);
-        sb.append("\n  policyMapping:  ").append(policyMapping);
-        sb.append("\n  inhibitAnyPolicy:  ").append(inhibitAnyPolicy);
-        sb.append("\n  rootNode: ").append(rootNode);
-        sb.append("\n  remainingCACerts: ").append(remainingCACerts);
-        sb.append("\n  crlSign: ").append(crlSign);
-        sb.append("\n  init: ").append(init);
-        sb.append("\n]\n");
-        return sb.toString();
-    }
-
-    /**
-     * Initialize the state.
-     *
-     * @param buildParams builder parameters
-     */
-    public void initState(BuilderParams buildParams)
-        throws CertPathValidatorException
-    {
-        /*
-         * Initialize number of remainingCACerts.
-         * Note that -1 maxPathLen implies unlimited.
-         * 0 implies only an EE cert is acceptable.
-         */
-        int maxPathLen = buildParams.maxPathLength();
-        remainingCACerts = (maxPathLen == -1) ? Integer.MAX_VALUE
-                                              : maxPathLen;
-
-        /* Initialize explicit policy state variable */
-        if (buildParams.explicitPolicyRequired()) {
-            explicitPolicy = 0;
-        } else {
-            // unconstrained if maxPathLen is -1,
-            // otherwise, we want to initialize this to the value of the
-            // longest possible path + 1 (i.e. maxpathlen + finalcert + 1)
-            explicitPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
-        }
-
-        /* Initialize policy mapping state variable */
-        if (buildParams.policyMappingInhibited()) {
-            policyMapping = 0;
-        } else {
-            policyMapping = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
-        }
-
-        /* Initialize inhibit any policy state variable */
-        if (buildParams.anyPolicyInhibited()) {
-            inhibitAnyPolicy = 0;
-        } else {
-            inhibitAnyPolicy = (maxPathLen == -1) ? maxPathLen : maxPathLen + 2;
-        }
-
-        /* Initialize certIndex */
-        certIndex = 1;
-
-        /* Initialize policy tree */
-        Set<String> initExpPolSet = new HashSet<>(1);
-        initExpPolSet.add(PolicyChecker.ANY_POLICY);
-
-        rootNode = new PolicyNodeImpl(null, PolicyChecker.ANY_POLICY, null,
-                                      false, initExpPolSet, false);
-
-        /*
-         * Initialize each user-defined checker
-         * Shallow copy the checkers
-         */
-        userCheckers = new ArrayList<>(buildParams.certPathCheckers());
-        /* initialize each checker (just in case) */
-        for (PKIXCertPathChecker checker : userCheckers) {
-            checker.init(false);
-        }
-
-        /* Start by trusting the cert to sign CRLs */
-        crlSign = true;
-
-        init = true;
-    }
-
-    /**
-     * Update the state with the specified trust anchor.
-     *
-     * @param anchor the most-trusted CA
-     * @param buildParams builder parameters
-     */
-    public void updateState(TrustAnchor anchor, BuilderParams buildParams)
-        throws CertificateException, IOException, CertPathValidatorException
-    {
-        trustAnchor = anchor;
-        X509Certificate trustedCert = anchor.getTrustedCert();
-        if (trustedCert != null) {
-            updateState(trustedCert);
-        } else {
-            X500Principal caName = anchor.getCA();
-            updateState(anchor.getCAPublicKey(), caName);
-        }
-
-        // The user specified AlgorithmChecker and RevocationChecker may not be
-        // able to set the trust anchor until now.
-        boolean revCheckerAdded = false;
-        for (PKIXCertPathChecker checker : userCheckers) {
-            if (checker instanceof AlgorithmChecker) {
-                ((AlgorithmChecker)checker).trySetTrustAnchor(anchor);
-            } else if (checker instanceof PKIXRevocationChecker) {
-                if (revCheckerAdded) {
-                    throw new CertPathValidatorException(
-                        "Only one PKIXRevocationChecker can be specified");
-                }
-                // if it's our own, initialize it
-                if (checker instanceof RevocationChecker) {
-                    ((RevocationChecker)checker).init(anchor, buildParams);
-                }
-                ((PKIXRevocationChecker)checker).init(false);
-                revCheckerAdded = true;
-            }
-        }
-
-        // only create a RevocationChecker if revocation is enabled and
-        // a PKIXRevocationChecker has not already been added
-        if (buildParams.revocationEnabled() && !revCheckerAdded) {
-            revChecker = new RevocationChecker(anchor, buildParams);
-            revChecker.init(false);
-        }
-
-        init = false;
-    }
-
-    /**
-     * Update the state. This method is used when the most-trusted CA is
-     * a trusted public-key and caName, instead of a trusted cert.
-     *
-     * @param pubKey the public key of the trusted CA
-     * @param subjectDN the subject distinguished name of the trusted CA
-     */
-    private void updateState(PublicKey pubKey, X500Principal subjectDN) {
-
-        /* update subject DN */
-        this.subjectDN = subjectDN;
-
-        /* update subject public key */
-        this.pubKey = pubKey;
-    }
-
-    /**
-     * Update the state with the next certificate added to the path.
-     *
-     * @param cert the certificate which is used to update the state
-     */
-    public void updateState(X509Certificate cert)
-        throws CertificateException, IOException, CertPathValidatorException {
-
-        if (cert == null) {
-            return;
-        }
-
-        /* update subject DN */
-        subjectDN = cert.getSubjectX500Principal();
-
-        /* check for key needing to inherit alg parameters */
-        X509CertImpl icert = X509CertImpl.toImpl(cert);
-        PublicKey newKey = cert.getPublicKey();
-        if (PKIX.isDSAPublicKeyWithoutParams(newKey)) {
-            newKey = BasicChecker.makeInheritedParamsKey(newKey, pubKey);
-        }
-
-        /* update subject public key */
-        pubKey = newKey;
-
-        /*
-         * if this is a trusted cert (init == true), then we
-         * don't update any of the remaining fields
-         */
-        if (init) {
-            init = false;
-            return;
-        }
-
-        /* update subject key identifier */
-        subjKeyId = icert.getSubjectKeyIdentifierExtension();
-
-        /* update crlSign */
-        crlSign = RevocationChecker.certCanSignCrl(cert);
-
-        /* update current name constraints */
-        if (nc != null) {
-            nc.merge(icert.getNameConstraintsExtension());
-        } else {
-            nc = icert.getNameConstraintsExtension();
-            if (nc != null) {
-                // Make sure we do a clone here, because we're probably
-                // going to modify this object later and we don't want to
-                // be sharing it with a Certificate object!
-                nc = (NameConstraintsExtension) nc.clone();
-            }
-        }
-
-        /* update policy state variables */
-        explicitPolicy =
-            PolicyChecker.mergeExplicitPolicy(explicitPolicy, icert, false);
-        policyMapping =
-            PolicyChecker.mergePolicyMapping(policyMapping, icert);
-        inhibitAnyPolicy =
-            PolicyChecker.mergeInhibitAnyPolicy(inhibitAnyPolicy, icert);
-        certIndex++;
-
-        /*
-         * Update remaining CA certs
-         */
-        remainingCACerts =
-            ConstraintsChecker.mergeBasicConstraints(cert, remainingCACerts);
-
-        init = false;
-    }
-
-    /**
-     * Returns a boolean flag indicating if a key lacking necessary key
-     * algorithm parameters has been encountered.
-     *
-     * @return boolean flag indicating if key lacking parameters encountered.
-     */
-    @Override
-    public boolean keyParamsNeeded() {
-        /* when building in reverse, we immediately get parameters needed
-         * or else throw an exception
-         */
-        return false;
-    }
-
-    /*
-     * Clone current state. The state is cloned as each cert is
-     * added to the path. This is necessary if backtracking occurs,
-     * and a prior state needs to be restored.
-     *
-     * Note that this is a SMART clone. Not all fields are fully copied,
-     * because some of them (e.g., subjKeyId) will
-     * not have their contents modified by subsequent calls to updateState.
-     */
-    @Override
-    @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
-    public Object clone() {
-        try {
-            ReverseState clonedState = (ReverseState) super.clone();
-
-            /* clone checkers, if cloneable */
-            clonedState.userCheckers =
-                        (ArrayList<PKIXCertPathChecker>)userCheckers.clone();
-            ListIterator<PKIXCertPathChecker> li =
-                        clonedState.userCheckers.listIterator();
-            while (li.hasNext()) {
-                PKIXCertPathChecker checker = li.next();
-                if (checker instanceof Cloneable) {
-                    li.set((PKIXCertPathChecker)checker.clone());
-                }
-            }
-
-            /* make copy of name constraints */
-            if (nc != null) {
-                clonedState.nc = (NameConstraintsExtension) nc.clone();
-            }
-
-            /* make copy of policy tree */
-            if (rootNode != null) {
-                clonedState.rootNode = rootNode.copyTree();
-            }
-
-            return clonedState;
-        } catch (CloneNotSupportedException e) {
-            throw new InternalError(e.toString(), e);
-        }
-    }
-}
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilder.java	Wed Jul 05 20:29:56 2017 +0200
@@ -35,8 +35,6 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashSet;
-import java.util.Iterator;
 import java.util.List;
 import java.util.LinkedList;
 import java.util.Set;
@@ -47,8 +45,7 @@
 import sun.security.util.Debug;
 
 /**
- * This class is able to build certification paths in either the forward
- * or reverse directions.
+ * This class builds certification paths in the forward direction.
  *
  * <p> If successful, it returns a certification path which has successfully
  * satisfied all the constraints and requirements specified in the
@@ -102,10 +99,8 @@
     /**
      * Attempts to build a certification path using the Sun build
      * algorithm from a trusted anchor(s) to a target subject, which must both
-     * be specified in the input parameter set. By default, this method will
-     * attempt to build in the forward direction. In order to build in the
-     * reverse direction, the caller needs to pass in an instance of
-     * SunCertPathBuilderParameters with the buildForward flag set to false.
+     * be specified in the input parameter set. This method will
+     * attempt to build in the forward direction: from the target to the CA.
      *
      * <p>The certification path that is constructed is validated
      * according to the PKIX specification.
@@ -162,11 +157,7 @@
         policyTreeResult = null;
         LinkedList<X509Certificate> certPathList = new LinkedList<>();
         try {
-            if (buildParams.buildForward()) {
-                buildForward(adjList, certPathList, searchAllCertStores);
-            } else {
-                buildReverse(adjList, certPathList);
-            }
+            buildForward(adjList, certPathList, searchAllCertStores);
         } catch (GeneralSecurityException | IOException e) {
             if (debug != null) {
                 debug.println("SunCertPathBuilder.engineBuild() exception in "
@@ -210,81 +201,6 @@
     }
 
     /*
-     * Private build reverse method.
-     */
-    private void buildReverse(List<List<Vertex>> adjacencyList,
-                              LinkedList<X509Certificate> certPathList)
-        throws GeneralSecurityException, IOException
-    {
-        if (debug != null) {
-            debug.println("SunCertPathBuilder.buildReverse()...");
-            debug.println("SunCertPathBuilder.buildReverse() InitialPolicies: "
-                + buildParams.initialPolicies());
-        }
-
-        ReverseState currentState = new ReverseState();
-        /* Initialize adjacency list */
-        adjacencyList.clear();
-        adjacencyList.add(new LinkedList<Vertex>());
-
-        /*
-         * Perform a search using each trust anchor, until a valid
-         * path is found
-         */
-        Iterator<TrustAnchor> iter = buildParams.trustAnchors().iterator();
-        while (iter.hasNext()) {
-            TrustAnchor anchor = iter.next();
-
-            /* check if anchor satisfies target constraints */
-            if (anchorIsTarget(anchor, buildParams.targetCertConstraints())) {
-                this.trustAnchor = anchor;
-                this.pathCompleted = true;
-                this.finalPublicKey = anchor.getTrustedCert().getPublicKey();
-                break;
-            }
-
-            // skip anchor if it contains a DSA key with no DSA params
-            X509Certificate trustedCert = anchor.getTrustedCert();
-            PublicKey pubKey = trustedCert != null ? trustedCert.getPublicKey()
-                                                   : anchor.getCAPublicKey();
-
-            if (PKIX.isDSAPublicKeyWithoutParams(pubKey)) {
-                continue;
-            }
-
-            /* Initialize current state */
-            currentState.initState(buildParams);
-            currentState.updateState(anchor, buildParams);
-
-            currentState.algorithmChecker = new AlgorithmChecker(anchor);
-            currentState.untrustedChecker = new UntrustedChecker();
-            try {
-                depthFirstSearchReverse(null, currentState,
-                                        new ReverseBuilder(buildParams),
-                                        adjacencyList, certPathList);
-            } catch (GeneralSecurityException | IOException e) {
-                // continue on error if more anchors to try
-                if (iter.hasNext())
-                    continue;
-                else
-                    throw e;
-            }
-
-            // break out of loop if search is successful
-            if (pathCompleted) {
-                break;
-            }
-        }
-
-        if (debug != null) {
-            debug.println("SunCertPathBuilder.buildReverse() returned from "
-                + "depthFirstSearchReverse()");
-            debug.println("SunCertPathBuilder.buildReverse() "
-                + "certPathList.size: " + certPathList.size());
-        }
-    }
-
-    /*
      * Private build forward method.
      */
     private void buildForward(List<List<Vertex>> adjacencyList,
@@ -632,147 +548,6 @@
     }
 
     /*
-     * This method performs a depth first search for a certification
-     * path while building reverse which meets the requirements set in
-     * the parameters object.
-     * It uses an adjacency list to store all certificates which were
-     * tried (i.e. at one time added to the path - they may not end up in
-     * the final path if backtracking occurs). This information can
-     * be used later to debug or demo the build.
-     *
-     * See "Data Structure and Algorithms, by Aho, Hopcroft, and Ullman"
-     * for an explanation of the DFS algorithm.
-     *
-     * @param dN the distinguished name being currently searched for certs
-     * @param currentState the current PKIX validation state
-     */
-    private void depthFirstSearchReverse(X500Principal dN,
-                                         ReverseState currentState,
-                                         ReverseBuilder builder,
-                                         List<List<Vertex>> adjList,
-                                         LinkedList<X509Certificate> cpList)
-        throws GeneralSecurityException, IOException
-    {
-        if (debug != null)
-            debug.println("SunCertPathBuilder.depthFirstSearchReverse(" + dN
-                + ", " + currentState.toString() + ")");
-
-        /*
-         * Find all the certificates issued by dN which
-         * satisfy the PKIX certification path constraints.
-         */
-        Collection<X509Certificate> certs =
-            builder.getMatchingCerts(currentState, buildParams.certStores());
-        List<Vertex> vertices = addVertices(certs, adjList);
-        if (debug != null)
-            debug.println("SunCertPathBuilder.depthFirstSearchReverse(): "
-                + "certs.size=" + vertices.size());
-
-        /*
-         * For each cert in the collection, verify anything
-         * that hasn't been checked yet (signature, revocation, etc)
-         * and check for loops. Call depthFirstSearchReverse()
-         * recursively for each good cert.
-         */
-        for (Vertex vertex : vertices) {
-            /**
-             * Restore state to currentState each time through the loop.
-             * This is important because some of the user-defined
-             * checkers modify the state, which MUST be restored if
-             * the cert eventually fails to lead to the target and
-             * the next matching cert is tried.
-             */
-            ReverseState nextState = (ReverseState) currentState.clone();
-            X509Certificate cert = vertex.getCertificate();
-            try {
-                builder.verifyCert(cert, nextState, cpList);
-            } catch (GeneralSecurityException gse) {
-                if (debug != null)
-                    debug.println("SunCertPathBuilder.depthFirstSearchReverse()"
-                        + ": validation failed: " + gse);
-                vertex.setThrowable(gse);
-                continue;
-            }
-
-            /*
-             * Certificate is good, add it to the path (if it isn't a
-             * self-signed cert) and update state
-             */
-            if (!currentState.isInitial())
-                builder.addCertToPath(cert, cpList);
-            // save trust anchor
-            this.trustAnchor = currentState.trustAnchor;
-
-            /*
-             * Check if path is completed, return ASAP if so.
-             */
-            if (builder.isPathCompleted(cert)) {
-                if (debug != null)
-                    debug.println("SunCertPathBuilder.depthFirstSearchReverse()"
-                        + ": path completed!");
-                pathCompleted = true;
-
-                PolicyNodeImpl rootNode = nextState.rootNode;
-
-                if (rootNode == null)
-                    policyTreeResult = null;
-                else {
-                    policyTreeResult = rootNode.copyTree();
-                    ((PolicyNodeImpl)policyTreeResult).setImmutable();
-                }
-
-                /*
-                 * Extract and save the final target public key
-                 */
-                finalPublicKey = cert.getPublicKey();
-                if (PKIX.isDSAPublicKeyWithoutParams(finalPublicKey)) {
-                    finalPublicKey =
-                        BasicChecker.makeInheritedParamsKey
-                            (finalPublicKey, currentState.pubKey);
-                }
-
-                return;
-            }
-
-            /* Update the PKIX state */
-            nextState.updateState(cert);
-
-            /*
-             * Append an entry for cert in adjacency list and
-             * set index for current vertex.
-             */
-            adjList.add(new LinkedList<Vertex>());
-            vertex.setIndex(adjList.size() - 1);
-
-            /* recursively search for matching certs at next dN */
-            depthFirstSearchReverse(cert.getSubjectX500Principal(), nextState,
-                                    builder, adjList, cpList);
-
-            /*
-             * If path has been completed, return ASAP!
-             */
-            if (pathCompleted) {
-                return;
-            } else {
-                /*
-                 * If we get here, it means we have searched all possible
-                 * certs issued by the dN w/o finding any matching certs. This
-                 * means we have to backtrack to the previous cert in the path
-                 * and try some other paths.
-                 */
-                if (debug != null)
-                    debug.println("SunCertPathBuilder.depthFirstSearchReverse()"
-                        + ": backtracking");
-                if (!currentState.isInitial())
-                    builder.removeFinalCertFromPath(cpList);
-            }
-        }
-        if (debug != null)
-            debug.println("SunCertPathBuilder.depthFirstSearchReverse() all "
-                + "certs in this adjacency list checked");
-    }
-
-    /*
      * Adds a collection of matching certificates to the
      * adjacency list.
      */
--- a/jdk/src/java.base/share/classes/sun/security/provider/certpath/SunCertPathBuilderParameters.java	Thu Apr 23 16:12:16 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,131 +0,0 @@
-/*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package sun.security.provider.certpath;
-
-import java.security.InvalidAlgorithmParameterException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.cert.*;
-import java.util.Set;
-
-/**
- * This class specifies the set of parameters used as input for the Sun
- * certification path build algorithm. It is identical to PKIXBuilderParameters
- * with the addition of a <code>buildForward</code> parameter which allows
- * the caller to specify whether or not the path should be constructed in
- * the forward direction.
- *
- * The default for the <code>buildForward</code> parameter is
- * true, which means that the build algorithm should construct paths
- * from the target subject back to the trusted anchor.
- *
- * @since       1.4
- * @author      Sean Mullan
- * @author      Yassir Elley
- */
-public class SunCertPathBuilderParameters extends PKIXBuilderParameters {
-
-    private boolean buildForward = true;
-
-    /**
-     * Creates an instance of <code>SunCertPathBuilderParameters</code> with the
-     * specified parameter values.
-     *
-     * @param trustAnchors a <code>Set</code> of <code>TrustAnchor</code>s
-     * @param targetConstraints a <code>CertSelector</code> specifying the
-     * constraints on the target certificate
-     * @throws InvalidAlgorithmParameterException if the specified
-     * <code>Set</code> is empty <code>(trustAnchors.isEmpty() == true)</code>
-     * @throws NullPointerException if the specified <code>Set</code> is
-     * <code>null</code>
-     * @throws ClassCastException if any of the elements in the <code>Set</code>
-     * are not of type <code>java.security.cert.TrustAnchor</code>
-     */
-    public SunCertPathBuilderParameters(Set<TrustAnchor> trustAnchors,
-        CertSelector targetConstraints) throws InvalidAlgorithmParameterException
-    {
-        super(trustAnchors, targetConstraints);
-        setBuildForward(true);
-    }
-
-    /**
-     * Creates an instance of <code>SunCertPathBuilderParameters</code> that
-     * uses the specified <code>KeyStore</code> to populate the set
-     * of most-trusted CA certificates.
-     *
-     * @param keystore A keystore from which the set of most-trusted
-     * CA certificates will be populated.
-     * @param targetConstraints a <code>CertSelector</code> specifying the
-     * constraints on the target certificate
-     * @throws KeyStoreException if the keystore has not been initialized.
-     * @throws InvalidAlgorithmParameterException if the keystore does
-     * not contain at least one trusted certificate entry
-     * @throws NullPointerException if the keystore is <code>null</code>
-     */
-    public SunCertPathBuilderParameters(KeyStore keystore,
-        CertSelector targetConstraints)
-        throws KeyStoreException, InvalidAlgorithmParameterException
-    {
-        super(keystore, targetConstraints);
-        setBuildForward(true);
-    }
-
-    /**
-     * Returns the value of the buildForward flag.
-     *
-     * @return the value of the buildForward flag
-     */
-    public boolean getBuildForward() {
-        return this.buildForward;
-    }
-
-    /**
-     * Sets the value of the buildForward flag. If true, paths
-     * are built from the target subject to the trusted anchor.
-     * If false, paths are built from the trusted anchor to the
-     * target subject. The default value if not specified is true.
-     *
-     * @param buildForward the value of the buildForward flag
-     */
-    public void setBuildForward(boolean buildForward) {
-        this.buildForward = buildForward;
-    }
-
-    /**
-     * Returns a formatted string describing the parameters.
-     *
-     * @return a formatted string describing the parameters.
-     */
-    @Override
-    public String toString() {
-        StringBuilder sb = new StringBuilder();
-        sb.append("[\n");
-        sb.append(super.toString());
-        sb.append("  Build Forward Flag: " + String.valueOf(buildForward) + "\n");
-        sb.append("]\n");
-        return sb.toString();
-    }
-}
--- a/jdk/src/java.base/share/classes/sun/util/PreHashedMap.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/PreHashedMap.java	Wed Jul 05 20:29:56 2017 +0200
@@ -166,14 +166,14 @@
     }
 
     public Set<String> keySet() {
-        return new AbstractSet<String> () {
+        return new AbstractSet<> () {
 
             public int size() {
                 return size;
             }
 
             public Iterator<String> iterator() {
-                return new Iterator<String>() {
+                return new Iterator<>() {
                     private int i = -1;
                     Object[] a = null;
                     String cur = null;
--- a/jdk/src/java.base/share/classes/sun/util/logging/PlatformLogger.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/logging/PlatformLogger.java	Wed Jul 05 20:29:56 2017 +0200
@@ -161,7 +161,7 @@
     private static boolean loggingEnabled;
     static {
         loggingEnabled = AccessController.doPrivileged(
-            new PrivilegedAction<Boolean>() {
+            new PrivilegedAction<>() {
                 public Boolean run() {
                     String cname = System.getProperty("java.util.logging.config.class");
                     String fname = System.getProperty("java.util.logging.config.file");
--- a/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/resources/LocaleData.java	Wed Jul 05 20:29:56 2017 +0200
@@ -159,7 +159,7 @@
     }
 
     public static ResourceBundle getBundle(final String baseName, final Locale locale) {
-        return AccessController.doPrivileged(new PrivilegedAction<ResourceBundle>() {
+        return AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public ResourceBundle run() {
                 return ResourceBundle
@@ -169,7 +169,7 @@
     }
 
     private static OpenListResourceBundle getSupplementary(final String baseName, final Locale locale) {
-        return AccessController.doPrivileged(new PrivilegedAction<OpenListResourceBundle>() {
+        return AccessController.doPrivileged(new PrivilegedAction<>() {
            @Override
            public OpenListResourceBundle run() {
                OpenListResourceBundle rb = null;
--- a/jdk/src/java.base/share/classes/sun/util/resources/ParallelListResourceBundle.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/share/classes/sun/util/resources/ParallelListResourceBundle.java	Wed Jul 05 20:29:56 2017 +0200
@@ -213,7 +213,7 @@
             if (parent == null) {
                 return set.iterator();
             }
-            return new Iterator<String>() {
+            return new Iterator<>() {
                 private Iterator<String> itr = set.iterator();
                 private boolean usingParent;
 
--- a/jdk/src/java.base/unix/classes/java/lang/ProcessEnvironment.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/java/lang/ProcessEnvironment.java	Wed Jul 05 20:29:56 2017 +0200
@@ -99,7 +99,7 @@
 
     /* Only for use by Runtime.exec(...String[]envp...) */
     static Map<String,String> emptyEnvironment(int capacity) {
-        return new StringEnvironment(new HashMap<Variable,Value>(capacity));
+        return new StringEnvironment(new HashMap<>(capacity));
     }
 
     private static native byte[][] environ();
--- a/jdk/src/java.base/unix/classes/sun/net/PortConfig.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/net/PortConfig.java	Wed Jul 05 20:29:56 2017 +0200
@@ -42,7 +42,7 @@
 
     static {
         AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("net");
                     String os = System.getProperty("os.name");
--- a/jdk/src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/net/dns/ResolverConfigurationImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -85,6 +85,15 @@
                     if (val.charAt(0) == '#' || val.charAt(0) == ';') {
                         break;
                     }
+                    if ("nameserver".equals(keyword)) {
+                        if (val.indexOf(':') >= 0 &&
+                            val.indexOf('.') < 0 && // skip for IPv4 literals with port
+                            val.indexOf('[') < 0 &&
+                            val.indexOf(']') < 0 ) {
+                            // IPv6 literal, in non-BSD-style.
+                            val = "[" + val + "]";
+                        }
+                    }
                     ll.add(val);
                     if (--maxvalues == 0) {
                         break;
@@ -122,7 +131,7 @@
         // get the name servers from /etc/resolv.conf
         nameservers =
             java.security.AccessController.doPrivileged(
-                new java.security.PrivilegedAction<LinkedList<String>>() {
+                new java.security.PrivilegedAction<>() {
                     public LinkedList<String> run() {
                         // typically MAXNS is 3 but we've picked 5 here
                         // to allow for additional servers if required.
@@ -147,7 +156,7 @@
         // first try the search keyword in /etc/resolv.conf
 
         sl = java.security.AccessController.doPrivileged(
-                 new java.security.PrivilegedAction<LinkedList<String>>() {
+                 new java.security.PrivilegedAction<>() {
                     public LinkedList<String> run() {
                         LinkedList<String> ll;
 
@@ -173,7 +182,7 @@
 
         String localDomain = localDomain0();
         if (localDomain != null && localDomain.length() > 0) {
-            sl = new LinkedList<String>();
+            sl = new LinkedList<>();
             sl.add(localDomain);
             return sl;
         }
@@ -181,7 +190,7 @@
         // try domain keyword in /etc/resolv.conf
 
         sl = java.security.AccessController.doPrivileged(
-                 new java.security.PrivilegedAction<LinkedList<String>>() {
+                 new java.security.PrivilegedAction<>() {
                     public LinkedList<String> run() {
                         LinkedList<String> ll;
 
@@ -251,7 +260,7 @@
 
     static {
         java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<Void>() {
+            new java.security.PrivilegedAction<>() {
                 public Void run() {
                     System.loadLibrary("net");
                     return null;
--- a/jdk/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/net/sdp/SdpProvider.java	Wed Jul 05 20:29:56 2017 +0200
@@ -198,7 +198,7 @@
     {
         Scanner scanner = new Scanner(new File(file));
         try {
-            List<Rule> result = new ArrayList<Rule>();
+            List<Rule> result = new ArrayList<>();
             while (scanner.hasNextLine()) {
                 String line = scanner.nextLine().trim();
 
--- a/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java	Wed Jul 05 20:29:56 2017 +0200
@@ -95,7 +95,7 @@
     private void init0() {
 
         hostname = java.security.AccessController.doPrivileged(
-            new java.security.PrivilegedAction<String>() {
+            new java.security.PrivilegedAction<>() {
             public String run() {
                 String localhost;
                 try {
--- a/jdk/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/ch/UnixAsynchronousServerSocketChannelImpl.java	Wed Jul 05 20:29:56 2017 +0200
@@ -216,7 +216,7 @@
         // permission check must always be in initiator's context
         try {
             if (acc != null) {
-                AccessController.doPrivileged(new PrivilegedAction<Void>() {
+                AccessController.doPrivileged(new PrivilegedAction<>() {
                     public Void run() {
                         SecurityManager sm = System.getSecurityManager();
                         if (sm != null) {
@@ -287,7 +287,7 @@
                 synchronized (updateLock) {
                     if (handler == null) {
                         this.acceptHandler = null;
-                        result = new PendingFuture<AsynchronousSocketChannel,Object>(this);
+                        result = new PendingFuture<>(this);
                         this.acceptFuture = result;
                     } else {
                         this.acceptHandler = handler;
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/GnomeFileTypeDetector.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/GnomeFileTypeDetector.java	Wed Jul 05 20:29:56 2017 +0200
@@ -93,7 +93,7 @@
     private static native byte[] probeUsingGnomeVfs(long pathAddress);
 
     static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             public Void run() {
                 System.loadLibrary("nio");
                 return null;
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/MimeTypesFileTypeDetector.java	Wed Jul 05 20:29:56 2017 +0200
@@ -106,7 +106,7 @@
             synchronized (this) {
                 if (!loaded) {
                     List<String> lines = AccessController.doPrivileged(
-                        new PrivilegedAction<List<String>>() {
+                        new PrivilegedAction<>() {
                             @Override
                             public List<String> run() {
                                 try {
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixCopyFile.java	Wed Jul 05 20:29:56 2017 +0200
@@ -606,7 +606,7 @@
         throws UnixException;
 
     static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
             public Void run() {
                 System.loadLibrary("nio");
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileStore.java	Wed Jul 05 20:29:56 2017 +0200
@@ -222,7 +222,7 @@
             synchronized (loadLock) {
                 if (props == null) {
                     props = AccessController.doPrivileged(
-                        new PrivilegedAction<Properties>() {
+                        new PrivilegedAction<>() {
                             @Override
                             public Properties run() {
                                 return loadProperties();
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixFileSystem.java	Wed Jul 05 20:29:56 2017 +0200
@@ -152,7 +152,7 @@
     public final Iterable<Path> getRootDirectories() {
         final List<Path> allowedList =
            Collections.unmodifiableList(Arrays.asList((Path)rootDirectory));
-        return new Iterable<Path>() {
+        return new Iterable<>() {
             public Iterator<Path> iterator() {
                 try {
                     SecurityManager sm = System.getSecurityManager();
@@ -254,7 +254,7 @@
                 return Collections.emptyList();
             }
         }
-        return new Iterable<FileStore>() {
+        return new Iterable<>() {
             public Iterator<FileStore> iterator() {
                 return new FileStoreIterator();
             }
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixNativeDispatcher.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixNativeDispatcher.java	Wed Jul 05 20:29:56 2017 +0200
@@ -568,7 +568,7 @@
 
     private static native int init();
     static {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        AccessController.doPrivileged(new PrivilegedAction<>() {
             public Void run() {
                 System.loadLibrary("nio");
                 return null;
--- a/jdk/src/java.base/unix/classes/sun/nio/fs/UnixPath.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.base/unix/classes/sun/nio/fs/UnixPath.java	Wed Jul 05 20:29:56 2017 +0200
@@ -121,7 +121,7 @@
             ce = Util.jnuEncoding().newEncoder()
                 .onMalformedInput(CodingErrorAction.REPORT)
                 .onUnmappableCharacter(CodingErrorAction.REPORT);
-            encoder.set(new SoftReference<CharsetEncoder>(ce));
+            encoder.set(new SoftReference<>(ce));
         }
 
         char[] ca = fs.normalizeNativePath(input.toCharArray());
--- a/jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.naming/share/classes/com/sun/jndi/ldap/LdapURL.java	Wed Jul 05 20:29:56 2017 +0200
@@ -26,9 +26,6 @@
 package com.sun.jndi.ldap;
 
 import javax.naming.*;
-import javax.naming.directory.*;
-import javax.naming.spi.*;
-import java.net.URL;
 import java.net.MalformedURLException;
 import java.io.UnsupportedEncodingException;
 import java.util.StringTokenizer;
@@ -211,43 +208,52 @@
 
         // query begins with a '?' or is null
 
-        if (query == null) {
+        if (query == null || query.length() < 2) {
+            return;
+        }
+
+        int currentIndex = 1;
+        int nextQmark;
+        int endIndex;
+
+        // attributes:
+        nextQmark = query.indexOf('?', currentIndex);
+        endIndex = nextQmark == -1 ? query.length() : nextQmark;
+        if (endIndex - currentIndex > 0) {
+            attributes = query.substring(currentIndex, endIndex);
+        }
+        currentIndex = endIndex + 1;
+        if (currentIndex >= query.length()) {
             return;
         }
 
-        int qmark2 = query.indexOf('?', 1);
-
-        if (qmark2 < 0) {
-            attributes = query.substring(1);
+        // scope:
+        nextQmark = query.indexOf('?', currentIndex);
+        endIndex = nextQmark == -1 ? query.length() : nextQmark;
+        if (endIndex - currentIndex > 0) {
+            scope = query.substring(currentIndex, endIndex);
+        }
+        currentIndex = endIndex + 1;
+        if (currentIndex >= query.length()) {
             return;
-        } else if (qmark2 != 1) {
-            attributes = query.substring(1, qmark2);
         }
 
-        int qmark3 = query.indexOf('?', qmark2 + 1);
-
-        if (qmark3 < 0) {
-            scope = query.substring(qmark2 + 1);
+        // filter:
+        nextQmark = query.indexOf('?', currentIndex);
+        endIndex = nextQmark == -1 ? query.length() : nextQmark;
+        if (endIndex - currentIndex > 0) {
+            filter = query.substring(currentIndex, endIndex);
+            filter = UrlUtil.decode(filter, "UTF8");
+        }
+        currentIndex = endIndex + 1;
+        if (currentIndex >= query.length()) {
             return;
-        } else if (qmark3 != qmark2 + 1) {
-            scope = query.substring(qmark2 + 1, qmark3);
         }
 
-        int qmark4 = query.indexOf('?', qmark3 + 1);
-
-        if (qmark4 < 0) {
-            filter = query.substring(qmark3 + 1);
-        } else {
-            if (qmark4 != qmark3 + 1) {
-                filter = query.substring(qmark3 + 1, qmark4);
-            }
-            extensions = query.substring(qmark4 + 1);
-            if (extensions.length() > 0) {
-                extensions = UrlUtil.decode(extensions, "UTF8");
-            }
-        }
-        if (filter != null && filter.length() > 0) {
-            filter = UrlUtil.decode(filter, "UTF8");
+        // extensions:
+        if (query.length() - currentIndex > 0) {
+            extensions = query.substring(currentIndex);
+            extensions = UrlUtil.decode(extensions, "UTF8");
         }
     }
 
--- a/jdk/src/java.security.jgss/share/classes/org/ietf/jgss/GSSCredential.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.security.jgss/share/classes/org/ietf/jgss/GSSCredential.java	Wed Jul 05 20:29:56 2017 +0200
@@ -35,7 +35,7 @@
  * may be used to perform context initiation, acceptance, or both.<p>
  *
  * Credentials are instantiated using one of the
- * <code>createCredential</code> methods in the {@link GSSManager
+ * {@code createCredential} methods in the {@link GSSManager
  * GSSManager} class. GSS-API credential creation is not
  * intended to provide a "login to the network" function, as such a
  * function would involve the creation of new credentials rather than
@@ -75,7 +75,7 @@
  *
  *    Oid [] mechs = cred.getMechs();
  *    if (mechs != null) {
- *            for (int i = 0; i < mechs.length; i++)
+ *            for (int i = 0; i{@literal <} mechs.length; i++)
  *                    System.out.println(mechs[i].toString());
  *    }
  *
@@ -297,8 +297,8 @@
      * with a variety of clients using different security mechanisms.<p>
      *
      * This routine adds the new credential element "in-place".  To add the
-     * element in a new credential, first call <code>clone</code> to obtain a
-     * copy of this credential, then call its <code>add</code> method.<p>
+     * element in a new credential, first call {@code clone} to obtain a
+     * copy of this credential, then call its {@code add} method.<p>
      *
      * As always, GSS-API implementations must impose a local access-control
      * policy on callers to prevent unauthorized callers from acquiring
@@ -311,7 +311,7 @@
      * getRemainingAcceptLifetime} on the credential.
      *
      * @param name the name of the principal for whom this credential is to
-     * be acquired.  Use <code>null</code> to specify the default
+     * be acquired.  Use {@code null} to specify the default
      * principal.
      * @param initLifetime the number of seconds that the credential element
      * should remain valid for initiating of security contexts. Use {@link
@@ -354,8 +354,8 @@
      * object.  The two credentials must be acquired over the same
      * mechanisms and must refer to the same principal.
      *
-     * @return <code>true</code> if the two GSSCredentials assert the same
-     * entity; <code>false</code> otherwise.
+     * @return {@code true} if the two GSSCredentials assert the same
+     * entity; {@code false} otherwise.
      * @param another another GSSCredential for comparison to this one
      */
     public boolean equals(Object another);
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dom/package.html	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dom/package.html	Wed Jul 05 20:29:56 2017 +0200
@@ -44,11 +44,7 @@
 RFC 3275: XML-Signature Syntax and Processing</a>
 </ul>
 
-<p>
-<dl>
-<dt><b>Since:</b></dt>
-  <dd>1.6</dd>
-</dl>
+@since 1.6
 
 </body>
 </html>
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/package.html	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/dom/package.html	Wed Jul 05 20:29:56 2017 +0200
@@ -44,11 +44,7 @@
 RFC 3275: XML-Signature Syntax and Processing</a>
 </ul>
 
-<p>
-<dl>
-<dt><b>Since:</b></dt>
-  <dd>1.6</dd>
-</dl>
+@since 1.6
 
 </body>
 </html>
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/package.html	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/keyinfo/package.html	Wed Jul 05 20:29:56 2017 +0200
@@ -55,11 +55,7 @@
 RFC 3275: XML-Signature Syntax and Processing</a>
 </ul>
 
-<p>
-<dl>
-<dt><b>Since:</b></dt>
-  <dd>1.6</dd>
-</dl>
+@since 1.6
 
 </body>
 </html>
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/package.html	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/package.html	Wed Jul 05 20:29:56 2017 +0200
@@ -65,11 +65,7 @@
 RFC 3275: XML-Signature Syntax and Processing</a>
 </ul>
 
-<p>
-<dl>
-<dt><b>Since:</b></dt>
-  <dd>1.6</dd>
-</dl>
+@since 1.6
 
 </body>
 </html>
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/package.html	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/spec/package.html	Wed Jul 05 20:29:56 2017 +0200
@@ -49,11 +49,7 @@
 XPath Filter 2.0 Transform Algorithm: W3C Recommendation</a>
 </ul>
 
-<p>
-<dl>
-<dt><b>Since:</b></dt>
-  <dd>1.6</dd>
-</dl>
+@since 1.6
 
 </body>
 </html>
--- a/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/package.html	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/src/java.xml.crypto/share/classes/javax/xml/crypto/package.html	Wed Jul 05 20:29:56 2017 +0200
@@ -42,11 +42,7 @@
 RFC 3275: XML-Signature Syntax and Processing</a>
 </ul>
 
-<p>
-<dl>
-<dt><b>Since:</b></dt>
-  <dd>1.6</dd>
-</dl>
+@since 1.6
 
 </body>
 </html>
--- a/jdk/test/com/sun/jdi/JdbReadTwiceTest.sh	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/com/sun/jdi/JdbReadTwiceTest.sh	Wed Jul 05 20:29:56 2017 +0200
@@ -206,39 +206,6 @@
 
 echo
 echo "+++++++++++++++++++++++++++++++++++"
-echo "Read an unreadable file - verify the read fails."
-
-canMakeUnreadable=No
-id > $HOME/jdb.ini
-if chmod a-r $HOME/jdb.ini 
-then
-  grep -q 'uid=0(' $HOME/jdb.ini 2> /dev/null
-  case $? in
-    0)
-      echo "Error! Can't make file unreadable running as root"
-    ;;
-    1)
-      echo "Error! Can't make file unreadable for some other reason (windows?)"
-    ;;
-    *)
-      echo "OK. the file is unreadable"
-      canMakeUnreadable=Yes 
-    ;;
-   esac
-else    
-  echo "Error! Can't create or chmod file"
-fi  
-
-if [ "$canMakeUnreadable" = "Yes" ]
-then
-    doit
-    failIfNot 1 "open: $HOME/jdb.ini"
-fi
-clean
-
-
-echo
-echo "+++++++++++++++++++++++++++++++++++"
 echo "Read a directory - verify the read fails"
 # If the file (IE. directory) exists, we try to read it.  The
 # read will fail.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/jndi/dns/IPv6NameserverPlatformParsingTest.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,104 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.lang.reflect.Field;
+import java.util.Hashtable;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import javax.naming.spi.NamingManager;
+
+import com.sun.jndi.dns.DnsContext;
+
+/**
+ * @test
+ * @bug 6991580
+ * @summary IPv6 Nameservers in resolv.conf throws NumberFormatException
+ * @run main/manual IPv6NameserverPlatformParsingTest
+ *
+ * In order to run this test be sure to place, for example, the following
+ * snippet into your platform's {@code /etc/resolv.conf}:
+ * <pre>
+ * nameserver 127.0.0.1
+ * nameserver 2001:4860:4860::8888
+ * nameserver [::1]:5353
+ * nameserver 127.0.0.1:5353
+ * </pre>
+ *
+ * Then, run this test as manual jtreg test.
+ *
+ * @author Severin Gehwolf
+ *
+ */
+public class IPv6NameserverPlatformParsingTest {
+
+    private static boolean foundIPv6 = false;
+
+    public static void main(String[] args) {
+        Hashtable<String, String> env = new Hashtable<>();
+        env.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.dns.DnsContextFactory.class.getName());
+
+        String[] servers;
+        try {
+            Context ctx = NamingManager.getInitialContext(env);
+            if (!com.sun.jndi.dns.DnsContextFactory.platformServersAvailable()) {
+                throw new RuntimeException("FAIL: no platform servers available, test does not make sense");
+            }
+            DnsContext context = (DnsContext)ctx;
+            servers = getServersFromContext(context);
+        } catch (NamingException e) {
+            throw new RuntimeException(e);
+        }
+        for (String server: servers) {
+            System.out.println("DEBUG: 'nameserver = " + server + "'");
+            if (server.indexOf(':') >= 0 && server.indexOf('.') < 0) {
+                System.out.println("DEBUG: ==> Found IPv6 address in servers list: " + server);
+                foundIPv6 = true;
+            }
+        }
+        try {
+            new com.sun.jndi.dns.DnsClient(servers, 100, 1);
+        } catch (NumberFormatException e) {
+            throw new RuntimeException("FAIL: Tried to parse non-[]-encapsulated IPv6 address.", e);
+        } catch (Exception e) {
+            throw new RuntimeException("ERROR: Something unexpected happened.");
+        }
+        if (!foundIPv6) {
+            // This is a manual test, since it requires changing /etc/resolv.conf on Linux/Unix
+            // platforms. See comment as to how to run this test.
+            throw new RuntimeException("ERROR: No IPv6 address returned from platform.");
+        }
+        System.out.println("PASS: Found IPv6 address and DnsClient parsed it correctly.");
+    }
+
+    private static String[] getServersFromContext(DnsContext context) {
+        try {
+            Field serversField = DnsContext.class.getDeclaredField("servers");
+            serversField.setAccessible(true);
+            return (String[])serversField.get(context);
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/com/sun/jndi/ldap/LdapURLOptionalFields.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2015, Red Hat, Inc.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8074761
+ * @summary RFC-2255 allows attribute, scope and filter to be empty.
+ */
+
+import com.sun.jndi.ldap.LdapURL;
+
+public class LdapURLOptionalFields {
+
+    private static final String[] TEST_URLS = {
+        "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com",
+        "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com?",
+        "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com??",
+        "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com???",
+        "ldap://localhost:10389/ou=RefPeople,dc=example,dc=com????"
+    };
+
+    public static void main(String[] args) throws Exception {
+        for (int i = 0; i < TEST_URLS.length; i++) {
+            String url = TEST_URLS[i];
+            checkEmptyAttributes(url);
+        }
+    }
+
+    private static void checkEmptyAttributes(String urlString) throws Exception {
+        LdapURL url = new LdapURL(urlString);
+        if (url.getAttributes() != null) {
+            throw new Exception("Expected null attributes for url: '" + urlString + "'");
+        }
+        if (url.getScope() != null) {
+            throw new Exception("Expected null scope for url: '" + urlString + "'");
+        }
+        if (url.getFilter() != null) {
+            throw new Exception("Expected null filter for url: '" + urlString + "'");
+        }
+    }
+
+}
--- a/jdk/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/com/sun/security/auth/login/ConfigFile/InconsistentError.java	Wed Jul 05 20:29:56 2017 +0200
@@ -26,6 +26,7 @@
  * @bug 4406033
  * @summary     ConfigFile throws an inconsistent error message
  *              when the configuration file is not found
+ * @run main/othervm -Duser.language=en InconsistentError
  */
 
 import com.sun.security.auth.login.*;
--- a/jdk/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/com/sun/security/auth/module/KeyStoreLoginModule/OptionTest.java	Wed Jul 05 20:29:56 2017 +0200
@@ -25,6 +25,7 @@
  * @test
  * @bug 4919147
  * @summary Support for token-based KeyStores
+ * @run main/othervm -Duser.language=en OptionTest
  */
 
 import java.io.File;
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/net/URL/HandlersPkgPrefix/HandlersPkgPrefix.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,95 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.function.Consumer;
+
+/*
+ * @test
+ * @bug 8075139
+ * @summary Basic test for java.protocol.handler.pkgs
+ * @compile handlers/foo/Handler.java handlers/bar/Handler.java HandlersPkgPrefix.java
+ * @run main/othervm HandlersPkgPrefix
+ */
+
+public class HandlersPkgPrefix {
+    static final Consumer<Result> KNOWN = r -> {
+        if (r.exception != null)
+            throw new RuntimeException("Unexpected exception " + r.exception);
+        String p = r.url.getProtocol();
+        if (!r.protocol.equals(p))
+            throw new RuntimeException("Expected:" + r.protocol + ", got:" + p);
+    };
+    static final Consumer<Result> UNKNOWN = r -> {
+        if (r.url != null)
+            throw new RuntimeException("Unexpected url:" + r.url);
+        if (!(r.exception instanceof MalformedURLException))
+            throw new RuntimeException("Expected MalformedURLException, got:"
+                                       + r.exception);
+    };
+
+    public static void main(String[] args) {
+        withPrefix("unknown", "", UNKNOWN);
+        withPrefix("unknown", "handlers", UNKNOWN);
+
+        withPrefix("foo", "", UNKNOWN);
+        withPrefix("foo", "xxx|yyy|zzz", UNKNOWN);
+        withPrefix("foo", "||||", UNKNOWN);
+        withPrefix("foo", "|a|b|c|handlers", KNOWN);
+
+        withPrefix("bar", "", UNKNOWN);
+        withPrefix("bar", "x.y.z|y.y.y|z.z.z", UNKNOWN);
+        withPrefix("bar", " x.y.z | y.y.y | z.z.z| |  ", UNKNOWN);
+        withPrefix("bar", "| a | b | c | handlers | d | e", KNOWN);
+    }
+
+    static void withPrefix(String protocol, String pkgPrefix,
+                           Consumer<Result> resultChecker) {
+        System.out.println("Testing, " + protocol + ", " + pkgPrefix);
+
+        // The long standing implementation behavior is that the
+        // property is read multiple times, not cached.
+        System.setProperty("java.protocol.handler.pkgs", pkgPrefix);
+        URL url = null;
+        Exception exception = null;
+        try {
+            url = new URL(protocol + "://");
+        } catch (MalformedURLException x) {
+            exception = x;
+        }
+        resultChecker.accept(new Result(protocol, url, exception));
+    }
+
+    static class Result {
+        final String protocol;
+        final URL url;
+        final Exception exception;
+        Result(String protocol, URL url, Exception exception) {
+            this.protocol = protocol;
+            this.url = url;
+            this.exception = exception;
+        }
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/net/URL/HandlersPkgPrefix/handlers/bar/Handler.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package handlers.bar;
+
+import java.io.IOException;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLStreamHandler;
+
+public class Handler extends URLStreamHandler {
+    @Override
+    protected URLConnection openConnection(URL u) throws IOException {
+        return null;
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/java/net/URL/HandlersPkgPrefix/handlers/foo/Handler.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,37 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package handlers.foo;
+
+import java.io.IOException;
+import java.net.URL;
+import java.net.URLConnection;
+import java.net.URLStreamHandler;
+
+public class Handler extends URLStreamHandler {
+    @Override
+    protected URLConnection openConnection(URL u) throws IOException {
+        return null;
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/CustomLoginModule.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,275 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Locale;
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.ChoiceCallback;
+import javax.security.auth.callback.ConfirmationCallback;
+import javax.security.auth.callback.LanguageCallback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
+import javax.security.auth.callback.TextOutputCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.FailedLoginException;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+public class CustomLoginModule implements LoginModule {
+
+    static final String HELLO = "Hello";
+
+    private Subject subject;
+    private CallbackHandler callbackHandler;
+    private boolean loginSucceeded = false;
+    private String username;
+    private char[] password;
+
+    /*
+     * Initialize this LoginModule.
+     */
+    @Override
+    public void initialize(Subject subject, CallbackHandler callbackHandler,
+            Map<String, ?> sharedState, Map<String, ?> options) {
+        this.subject = subject;
+        this.callbackHandler = callbackHandler;
+
+        // check if custom parameter is passed from comfiguration
+        if (options == null) {
+            throw new RuntimeException("options is null");
+        }
+
+        // read username/password from configuration
+        Object o = options.get("username");
+        if (o == null) {
+            throw new RuntimeException("Custom parameter not passed");
+        }
+        if (!(o instanceof String)) {
+            throw new RuntimeException("Password is not a string");
+        }
+        username = (String) o;
+
+        o = options.get("password");
+        if (o == null) {
+            throw new RuntimeException("Custom parameter not passed");
+        }
+        if (!(o instanceof String)) {
+            throw new RuntimeException("Password is not a string");
+        }
+        password = ((String) o).toCharArray();
+    }
+
+    /*
+     * Authenticate the user.
+     */
+    @Override
+    public boolean login() throws LoginException {
+        // prompt for a user name and password
+        if (callbackHandler == null) {
+            throw new LoginException("No CallbackHandler available");
+        }
+
+        // standard callbacks
+        NameCallback name = new NameCallback("username: ", "default");
+        PasswordCallback passwd = new PasswordCallback("password: ", false);
+
+        LanguageCallback language = new LanguageCallback();
+
+        TextOutputCallback error = new TextOutputCallback(
+                TextOutputCallback.ERROR, "This is an error");
+        TextOutputCallback warning = new TextOutputCallback(
+                TextOutputCallback.WARNING, "This is a warning");
+        TextOutputCallback info = new TextOutputCallback(
+                TextOutputCallback.INFORMATION, "This is a FYI");
+
+        TextInputCallback text = new TextInputCallback("Please type " + HELLO,
+                "Bye");
+
+        ChoiceCallback choice = new ChoiceCallback("Choice: ",
+                new String[] { "pass", "fail" }, 1, true);
+
+        ConfirmationCallback confirmation = new ConfirmationCallback(
+                "confirmation: ", ConfirmationCallback.INFORMATION,
+                ConfirmationCallback.YES_NO_OPTION, ConfirmationCallback.NO);
+
+        CustomCallback custom = new CustomCallback();
+
+        Callback[] callbacks = new Callback[] {
+            choice, info, warning, error, name, passwd, text, language,
+            confirmation, custom
+        };
+
+        boolean uce = false;
+        try {
+            callbackHandler.handle(callbacks);
+        } catch (UnsupportedCallbackException e) {
+            Callback callback = e.getCallback();
+            if (custom.equals(callback)) {
+                uce = true;
+                System.out.println("CustomLoginModule: "
+                        + "custom callback not supported as expected");
+            } else {
+                throw new LoginException("Unsupported callback: " + callback);
+            }
+        } catch (IOException ioe) {
+            throw new LoginException(ioe.toString());
+        }
+
+        if (!uce) {
+            throw new RuntimeException("UnsupportedCallbackException "
+                    + "not thrown");
+        }
+
+        if (!HELLO.equals(text.getText())) {
+            System.out.println("Text: " + text.getText());
+            throw new FailedLoginException("No hello");
+        }
+
+        if (!Locale.GERMANY.equals(language.getLocale())) {
+            System.out.println("Selected locale: " + language.getLocale());
+            throw new FailedLoginException("Achtung bitte");
+        }
+
+        String readUsername = name.getName();
+        char[] readPassword = passwd.getPassword();
+        if (readPassword == null) {
+            // treat a NULL password as an empty password
+            readPassword = new char[0];
+        }
+        passwd.clearPassword();
+
+        // verify the username/password
+        if (!username.equals(readUsername)
+                || !Arrays.equals(password, readPassword)) {
+            loginSucceeded = false;
+            throw new FailedLoginException("Username/password is not correct");
+        }
+
+        // check chosen option
+        int[] selected = choice.getSelectedIndexes();
+        if (selected == null || selected.length == 0) {
+            throw new FailedLoginException("Nothing selected");
+        }
+
+        if (selected[0] != 0) {
+            throw new FailedLoginException("Wrong choice: " + selected[0]);
+        }
+
+        // check confirmation
+        if (confirmation.getSelectedIndex() != ConfirmationCallback.YES) {
+            throw new FailedLoginException("Not confirmed: "
+                    + confirmation.getSelectedIndex());
+        }
+
+        loginSucceeded = true;
+        System.out.println("CustomLoginModule: authentication succeeded");
+        return true;
+    }
+
+    /*
+     * This method is called if the LoginContext's overall authentication
+     * succeeded.
+     */
+    @Override
+    public boolean commit() throws LoginException {
+        if (loginSucceeded) {
+            // add a Principal to the Subject
+            Principal principal = new TestPrincipal(username);
+            if (!subject.getPrincipals().contains(principal)) {
+                subject.getPrincipals().add(principal);
+            }
+            return true;
+        }
+
+        return false;
+    }
+
+    /*
+     * This method is called if the LoginContext's overall authentication
+     * failed.
+     */
+    @Override
+    public boolean abort() throws LoginException {
+        loginSucceeded = false;
+        return true;
+    }
+
+    /*
+     * Logout the user.
+     */
+    @Override
+    public boolean logout() throws LoginException {
+        loginSucceeded = false;
+        boolean removed = subject.getPrincipals().remove(
+                new TestPrincipal(username));
+        if (!removed) {
+            throw new LoginException("Coundn't remove a principal: "
+                    + username);
+        }
+        return true;
+    }
+
+    static class TestPrincipal implements Principal {
+
+        private final String name;
+
+        public TestPrincipal(String name) {
+            this.name = name;
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        @Override
+        public String toString() {
+            return("TestPrincipal [name =" + name + "]");
+        }
+
+        @Override
+        public int hashCode() {
+            return name.hashCode();
+        }
+
+        @Override
+        public boolean equals(Object o) {
+            if (o == null) {
+                return false;
+            }
+            if (!(o instanceof TestPrincipal)) {
+                return false;
+            }
+            TestPrincipal other = (TestPrincipal) o;
+            return name != null ? name.equals(other.name) : other.name == null;
+        }
+    }
+
+    static class CustomCallback implements Callback {}
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/SharedState.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,98 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+import javax.security.auth.spi.LoginModule;
+
+/**
+ * @test
+ * @bug 8048138
+ * @summary Check if shared state is passed to login module
+ * @run main/othervm SharedState
+ */
+public class SharedState {
+
+    static final String NAME = "name";
+    static final String VALUE = "shared";
+
+    public static void main(String[] args) throws LoginException {
+        System.setProperty("java.security.auth.login.config",
+                System.getProperty("test.src")
+                        + System.getProperty("file.separator")
+                        + "shared.config");
+
+        new LoginContext("SharedState").login();
+    }
+
+    public static abstract class Module implements LoginModule {
+
+        @Override
+        public boolean login() throws LoginException {
+            return true;
+        }
+
+        @Override
+        public boolean commit() throws LoginException {
+            return true;
+        }
+
+        @Override
+        public boolean abort() throws LoginException {
+            return true;
+        }
+
+        @Override
+        public boolean logout() throws LoginException {
+            return true;
+        }
+    }
+
+    public static class FirstModule extends Module {
+
+        @Override
+        public void initialize(Subject subject, CallbackHandler callbackHandler,
+                            Map<String,?> sharedState, Map<String,?> options) {
+            ((Map)sharedState).put(NAME, VALUE);
+        }
+
+    }
+
+    public static class SecondModule extends Module {
+
+        @Override
+        public void initialize(Subject subject, CallbackHandler callbackHandler,
+                            Map<String,?> sharedState, Map<String,?> options) {
+            // check shared object
+            Object shared = sharedState.get(NAME);
+            if (!VALUE.equals(shared)) {
+                throw new RuntimeException("Unexpected shared object: "
+                        + shared);
+            }
+        }
+
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/StandardCallbacks.java	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,189 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.Locale;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.ChoiceCallback;
+import javax.security.auth.callback.ConfirmationCallback;
+import javax.security.auth.callback.LanguageCallback;
+import javax.security.auth.callback.NameCallback;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.TextInputCallback;
+import javax.security.auth.callback.TextOutputCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.login.LoginContext;
+import javax.security.auth.login.LoginException;
+
+/*
+ * @test
+ * @bug 8048138
+ * @summary Checks if JAAS login works fine with standard callbacks
+ * @compile DefaultHandlerModule.java
+ * @run main/othervm StandardCallbacks
+ */
+public class StandardCallbacks {
+
+    private static final String USERNAME = "username";
+    private static final char[] PASSWORD = "password".toCharArray();
+
+    public static void main(String[] args) throws LoginException {
+        System.setProperty("java.security.auth.login.config",
+                System.getProperty("test.src")
+                        + System.getProperty("file.separator")
+                        + "custom.config");
+
+        CustomCallbackHandler handler = new CustomCallbackHandler(USERNAME);
+        LoginContext context = new LoginContext("StandardCallbacks", handler);
+
+        handler.setPassword(PASSWORD);
+        System.out.println("Try to login with correct password, "
+                + "successful authentication is expected");
+        context.login();
+        System.out.println("Authentication succeeded!");
+
+        Subject subject = context.getSubject();
+        System.out.println("Authenticated user has the following principals ["
+                + subject.getPrincipals().size() + " ]:");
+        boolean found = true;
+        for (Principal principal : subject.getPrincipals()) {
+            System.out.println("principal: " + principal);
+            if (principal instanceof CustomLoginModule.TestPrincipal) {
+                CustomLoginModule.TestPrincipal testPrincipal =
+                        (CustomLoginModule.TestPrincipal) principal;
+                if (USERNAME.equals(testPrincipal.getName())) {
+                    System.out.println("Found test principal: "
+                            + testPrincipal);
+                    found = true;
+                    break;
+                }
+            }
+        }
+
+        if (!found) {
+            throw new RuntimeException("TestPrincipal not found");
+        }
+
+        // check if all expected text output callbacks have been called
+        if (!handler.info) {
+            throw new RuntimeException("TextOutputCallback.INFO not called");
+        }
+
+        if (!handler.warning) {
+            throw new RuntimeException("TextOutputCallback.WARNING not called");
+        }
+
+        if (!handler.error) {
+            throw new RuntimeException("TextOutputCallback.ERROR not called");
+        }
+
+        System.out.println("Authenticated user has the following public "
+                + "credentials [" + subject.getPublicCredentials().size()
+                + "]:");
+        subject.getPublicCredentials().stream().
+                forEach((o) -> {
+                    System.out.println("public credential: " + o);
+        });
+
+        context.logout();
+
+        System.out.println("Test passed");
+    }
+
+    private static class CustomCallbackHandler implements CallbackHandler {
+
+        private final String username;
+        private char[] password;
+        private boolean info = false;
+        private boolean warning = false;
+        private boolean error = false;
+
+        CustomCallbackHandler(String username) {
+            this.username = username;
+        }
+
+        void setPassword(char[] password) {
+            this.password = password;
+        }
+
+        @Override
+        public void handle(Callback[] callbacks)
+                throws UnsupportedCallbackException {
+            for (Callback callback : callbacks) {
+                if (callback instanceof TextOutputCallback) {
+                    TextOutputCallback toc = (TextOutputCallback) callback;
+                    switch (toc.getMessageType()) {
+                        case TextOutputCallback.INFORMATION:
+                            System.out.println("INFO: " + toc.getMessage());
+                            info = true;
+                            break;
+                        case TextOutputCallback.ERROR:
+                            System.out.println("ERROR: " + toc.getMessage());
+                            error = true;
+                            break;
+                        case TextOutputCallback.WARNING:
+                            System.out.println("WARNING: " + toc.getMessage());
+                            warning = true;
+                            break;
+                        default:
+                            throw new UnsupportedCallbackException(toc,
+                                    "Unsupported message type: "
+                                            + toc.getMessageType());
+                    }
+                } else if (callback instanceof TextInputCallback) {
+                    TextInputCallback tic = (TextInputCallback) callback;
+                    System.out.println(tic.getPrompt());
+                    tic.setText(CustomLoginModule.HELLO);
+                } else if (callback instanceof LanguageCallback) {
+                    LanguageCallback lc = (LanguageCallback) callback;
+                    lc.setLocale(Locale.GERMANY);
+                } else if (callback instanceof ConfirmationCallback) {
+                    ConfirmationCallback cc = (ConfirmationCallback) callback;
+                    System.out.println(cc.getPrompt());
+                    cc.setSelectedIndex(ConfirmationCallback.YES);
+                } else if (callback instanceof ChoiceCallback) {
+                    ChoiceCallback cc = (ChoiceCallback) callback;
+                    System.out.println(cc.getPrompt()
+                            + Arrays.toString(cc.getChoices()));
+                    cc.setSelectedIndex(0);
+                } else if (callback instanceof NameCallback) {
+                    NameCallback nc = (NameCallback) callback;
+                    System.out.println(nc.getPrompt());
+                    nc.setName(username);
+                } else if (callback instanceof PasswordCallback) {
+                    PasswordCallback pc = (PasswordCallback) callback;
+                    System.out.println(pc.getPrompt());
+                    pc.setPassword(password);
+                } else {
+                    throw new UnsupportedCallbackException(callback,
+                            "Unknown callback");
+                }
+            }
+        }
+
+    }
+
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/custom.config	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,4 @@
+StandardCallbacks {
+    DefaultHandlerModule required;
+    CustomLoginModule required username="username" password="password";
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/security/auth/login/LoginContext/shared.config	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,4 @@
+SharedState {
+    SharedState$FirstModule required;
+    SharedState$SecondModule required;
+};
\ No newline at end of file
--- a/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/javax/xml/ws/8046817/GenerateEnumSchema.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -23,57 +23,83 @@
 
 /*
  * @test
- * @bug 8046817
- * @summary schemagen fails to generate xsd for enum types
+ * @bug 8046817 8073357
+ * @summary schemagen fails to generate xsd for enum types.
+ * Check that order of Enum values is preserved.
  * @run main/othervm GenerateEnumSchema
  */
 import java.io.BufferedReader;
 import java.io.File;
-import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStreamReader;
+import java.nio.file.Files;
 import java.nio.file.Paths;
-import java.util.Scanner;
+import java.util.stream.Collectors;
 
 public class GenerateEnumSchema {
 
     private static final String SCHEMA_OUTPUT_FILENAME = "schema1.xsd";
     private static final File schemaOutputFile = new File(SCHEMA_OUTPUT_FILENAME);
+    private static final String[] expectedEnums = {
+        "\"FIRST\"", "\"ONE\"", "\"TWO\"", "\"THREE\"",
+        "\"FOUR\"", "\"FIVE\"", "\"SIX\"", "\"LAST\""};
+    private static String schemaContent = "";
 
-    public static void main(String[] args) throws Exception, IOException {
+    public static void main(String[] args) throws Exception {
+
         //Check schema generation for class type
         runSchemaGen("TestClassType.java");
         checkIfSchemaGenerated();
+        readSchemaContent();
         checkSchemaContent("<xs:complexType name=\"testClassType\">");
         checkSchemaContent("<xs:element name=\"a\" type=\"xs:int\"/>");
-        schemaOutputFile.delete();
+
         //Check schema generation for enum type
         runSchemaGen("TestEnumType.java");
         checkIfSchemaGenerated();
+        readSchemaContent();
+        //Check if Enum type schema is generated
         checkSchemaContent("<xs:simpleType name=\"testEnumType\">");
-        checkSchemaContent("<xs:enumeration value=\"ONE\"/>");
-        checkSchemaContent("<xs:enumeration value=\"TWO\"/>");
-        checkSchemaContent("<xs:enumeration value=\"THREE\"/>");
+        //Check the sequence of enum values order
+        checkEnumOrder();
         schemaOutputFile.delete();
     }
 
+    // Check if schema file successfully generated by schemagen
     private static void checkIfSchemaGenerated() {
         if (!schemaOutputFile.exists()) {
             throw new RuntimeException("FAIL:" + SCHEMA_OUTPUT_FILENAME + " was not generated by schemagen tool");
         }
     }
 
-    private static void checkSchemaContent(String exp_token) throws FileNotFoundException {
-        System.out.print("Check if generated schema contains '" + exp_token + "' string: ");
-        try (Scanner scanner = new Scanner(schemaOutputFile)) {
-            if (scanner.findWithinHorizon(exp_token, 0) != null) {
-                System.out.println("OK");
-                return;
-            }
+    //Read schema content from file
+    private static void readSchemaContent() throws Exception {
+        schemaContent = Files.lines(schemaOutputFile.toPath()).collect(Collectors.joining(""));
+    }
+
+    // Check if schema file contains specific string
+    private static void checkSchemaContent(String expContent) {
+        System.out.print("Check if generated schema contains '" + expContent + "' string: ");
+        if (schemaContent.contains(expContent)) {
+            System.out.println("OK");
+            return;
         }
         System.out.println("FAIL");
-        throw new RuntimeException("The '" + exp_token + "' is not found in generated schema");
+        throw new RuntimeException("The '" + expContent + "' is not found in generated schema");
+    }
 
+    // Check if the generated schema contains all enum constants
+    // and their order is preserved
+    private static void checkEnumOrder() throws Exception {
+        int prevElem = -1;
+        for (String elem : expectedEnums) {
+            int curElem = schemaContent.indexOf(elem);
+            System.out.println(elem + " position = " + curElem);
+            if (curElem < prevElem) {
+                throw new RuntimeException("FAIL: Enum values order is incorrect or " + elem + " element is not found");
+            }
+            prevElem = curElem;
+        }
     }
 
     private static String getClassFilePath(String filename) {
--- a/jdk/test/javax/xml/ws/8046817/TestEnumType.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/javax/xml/ws/8046817/TestEnumType.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,5 +25,5 @@
 
 @XmlEnum(String.class)
 public enum TestEnumType {
-    ONE, TWO, THREE
+    FIRST, ONE, TWO, THREE, FOUR, FIVE, SIX, LAST
 }
--- a/jdk/test/sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/sun/management/jmxremote/bootstrap/RmiSslBootstrapTest.sh	Wed Jul 05 20:29:56 2017 +0200
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2003, 2004, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2003, 2015, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
 # @library /lib/testlibrary
 # @build jdk.testlibrary.* TestLogger Utils RmiBootstrapTest
 # @run shell/timeout=300  RmiSslBootstrapTest.sh
+# @ignore 8077924
 
 # Define the Java class test name
 TESTCLASS="RmiBootstrapTest"
--- a/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/sun/security/pkcs11/sslecc/CipherTest.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,7 +45,7 @@
 public class CipherTest {
 
     // use any available port for the server socket
-    static int serverPort = 0;
+    static volatile int serverPort = 0;
 
     final int THREADS;
 
--- a/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java	Thu Apr 23 16:12:16 2015 -0700
+++ b/jdk/test/sun/security/pkcs11/sslecc/JSSEServer.java	Wed Jul 05 20:29:56 2017 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,7 +42,7 @@
         serverContext.init(new KeyManager[] {cipherTest.keyManager}, new TrustManager[] {cipherTest.trustManager}, cipherTest.secureRandom);
 
         SSLServerSocketFactory factory = (SSLServerSocketFactory)serverContext.getServerSocketFactory();
-        serverSocket = (SSLServerSocket)factory.createServerSocket(cipherTest.serverPort);
+        serverSocket = (SSLServerSocket)factory.createServerSocket(0);
         cipherTest.serverPort = serverSocket.getLocalPort();
         serverSocket.setEnabledCipherSuites(factory.getSupportedCipherSuites());
         serverSocket.setWantClientAuth(true);
--- a/jdk/test/sun/security/provider/certpath/ReverseBuilder/BuildPath.java	Thu Apr 23 16:12:16 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 2007, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-/**
- * @test
- * @bug 6511784
- * @summary Make sure that building a path to a CRL issuer works in the
- *          reverse direction
- * @library ../../../../../java/security/testlibrary
- * @build CertUtils
- * @run main BuildPath
- */
-import java.security.cert.*;
-import java.util.Collections;
-import sun.security.provider.certpath.SunCertPathBuilderParameters;
-
-public class BuildPath {
-
-    public static void main(String[] args) throws Exception {
-
-        TrustAnchor anchor =
-            new TrustAnchor(CertUtils.getCertFromFile("mgrM2mgrM"), null);
-        X509Certificate target = CertUtils.getCertFromFile("mgrM2leadMA");
-        X509CertSelector xcs = new X509CertSelector();
-        xcs.setSubject("CN=leadMA,CN=mgrM,OU=prjM,OU=divE,OU=Comp,O=sun,C=us");
-        xcs.setCertificate(target);
-        SunCertPathBuilderParameters params =
-            new SunCertPathBuilderParameters(Collections.singleton(anchor),xcs);
-        params.setBuildForward(false);
-        CertStore cs = CertUtils.createStore(new String[]
-            {"mgrM2prjM", "prjM2mgrM", "prjM2divE", "mgrM2leadMA" });
-        params.addCertStore(cs);
-        CertStore cs2 = CertUtils.createCRLStore
-            (new String[] {"mgrMcrl", "prjMcrl"});
-        params.addCertStore(cs2);
-        PKIXCertPathBuilderResult res = CertUtils.build(params);
-    }
-}
--- a/jdk/test/sun/security/provider/certpath/ReverseBuilder/ReverseBuild.java	Thu Apr 23 16:12:16 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,356 +0,0 @@
-/*
- * Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-//
-// Security properties, once set, cannot revert to unset.  To avoid
-// conflicts with tests running in the same VM isolate this test by
-// running it in otherVM mode.
-//
-
-/*
- * @test
- * @bug 7167988
- * @summary PKIX CertPathBuilder in reverse mode doesn't work if more than
- *          one trust anchor is specified
- * @run main/othervm ReverseBuild
- */
-import java.io.*;
-import java.util.*;
-import java.security.cert.*;
-import java.security.Security;
-
-import sun.security.provider.certpath.SunCertPathBuilderParameters;
-
-public class ReverseBuild {
-    // Certificate information:
-    // Issuer: C=US, ST=Some-State, L=Some-City, O=Some-Org
-    // Validity
-    //     Not Before: Dec  8 02:43:36 2008 GMT
-    //     Not After : Aug 25 02:43:36 2028 GMT
-    // Subject: C=US, ST=Some-State, L=Some-City, O=Some-Org
-    // X509v3 Subject Key Identifier:
-    //     FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
-    // X509v3 Authority Key Identifier:
-    //     keyid:FA:B9:51:BF:4C:E7:D9:86:98:33:F9:E7:CB:1E:F1:33:49:F7:A8:14
-    //     DirName:/C=US/ST=Some-State/L=Some-City/O=Some-Org
-    //     serial:00
-    static String NoiceTrusedCertStr =
-        "-----BEGIN CERTIFICATE-----\n" +
-        "MIICrDCCAhWgAwIBAgIBADANBgkqhkiG9w0BAQQFADBJMQswCQYDVQQGEwJVUzET\n" +
-        "MBEGA1UECBMKU29tZS1TdGF0ZTESMBAGA1UEBxMJU29tZS1DaXR5MREwDwYDVQQK\n" +
-        "EwhTb21lLU9yZzAeFw0wODEyMDgwMjQzMzZaFw0yODA4MjUwMjQzMzZaMEkxCzAJ\n" +
-        "BgNVBAYTAlVTMRMwEQYDVQQIEwpTb21lLVN0YXRlMRIwEAYDVQQHEwlTb21lLUNp\n" +
-        "dHkxETAPBgNVBAoTCFNvbWUtT3JnMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
-        "gQDLxDggB76Ip5OwoUNRLdeOha9U3a2ieyNbz5kTU5lFfe5tui2/461uPZ8a+QOX\n" +
-        "4BdVrhEmV94BKY4FPyH35zboLjfXSKxT1mAOx1Bt9sWF94umxZE1cjyU7vEX8HHj\n" +
-        "7BvOyk5AQrBt7moO1uWtPA/JuoJPePiJl4kqlRJM2Akq6QIDAQABo4GjMIGgMB0G\n" +
-        "A1UdDgQWBBT6uVG/TOfZhpgz+efLHvEzSfeoFDBxBgNVHSMEajBogBT6uVG/TOfZ\n" +
-        "hpgz+efLHvEzSfeoFKFNpEswSTELMAkGA1UEBhMCVVMxEzARBgNVBAgTClNvbWUt\n" +
-        "U3RhdGUxEjAQBgNVBAcTCVNvbWUtQ2l0eTERMA8GA1UEChMIU29tZS1PcmeCAQAw\n" +
-        "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBcIm534U123Hz+rtyYO5uA\n" +
-        "ofd81G6FnTfEAV8Kw9fGyyEbQZclBv34A9JsFKeMvU4OFIaixD7nLZ/NZ+IWbhmZ\n" +
-        "LovmJXyCkOufea73pNiZ+f/4/ScZaIlM/PRycQSqbFNd4j9Wott+08qxHPLpsf3P\n" +
-        "6Mvf0r1PNTY2hwTJLJmKtg==\n" +
-        "-----END CERTIFICATE-----";
-
-    // Certificate information:
-    // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce
-    // Validity
-    //     Not Before: Aug 19 01:52:19 2011 GMT
-    //     Not After : Jul 29 01:52:19 2032 GMT
-    // Subject: C=US, O=Java, OU=SunJSSE Test Serivce
-
-    // X509v3 Subject Key Identifier:
-    //     B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1
-    // X509v3 Authority Key Identifier:
-    //     keyid:B9:7C:D5:D9:DF:A7:4C:03:AE:FD:0E:27:5B:31:95:6C:C7:F3:75:E1
-    //     DirName:/C=US/O=Java/OU=SunJSSE Test Serivce
-    //     serial:00
-    static String NoiceTrusedCertStr_2nd =
-        "-----BEGIN CERTIFICATE-----\n" +
-        "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
-        "MTEwODE5MDE1MjE5WhcNMzIwNzI5MDE1MjE5WjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
-        "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
-        "KoZIhvcNAQEBBQADgY0AMIGJAoGBAM8orG08DtF98TMSscjGsidd1ZoN4jiDpi8U\n" +
-        "ICz+9dMm1qM1d7O2T+KH3/mxyox7Rc2ZVSCaUD0a3CkhPMnlAx8V4u0H+E9sqso6\n" +
-        "iDW3JpOyzMExvZiRgRG/3nvp55RMIUV4vEHOZ1QbhuqG4ebN0Vz2DkRft7+flthf\n" +
-        "vDld6f5JAgMBAAGjgaUwgaIwHQYDVR0OBBYEFLl81dnfp0wDrv0OJ1sxlWzH83Xh\n" +
-        "MGMGA1UdIwRcMFqAFLl81dnfp0wDrv0OJ1sxlWzH83XhoT+kPTA7MQswCQYDVQQG\n" +
-        "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
-        "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEE\n" +
-        "BQADgYEALlgaH1gWtoBZ84EW8Hu6YtGLQ/L9zIFmHonUPZwn3Pr//icR9Sqhc3/l\n" +
-        "pVTxOINuFHLRz4BBtEylzRIOPzK3tg8XwuLb1zd0db90x3KBCiAL6E6cklGEPwLe\n" +
-        "XYMHDn9eDsaq861Tzn6ZwzMgw04zotPMoZN0mVd/3Qca8UJFucE=\n" +
-        "-----END CERTIFICATE-----";
-
-
-    // Certificate information:
-    // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce
-    // Validity
-    //     Not Before: May  5 02:40:50 2012 GMT
-    //     Not After : Apr 15 02:40:50 2033 GMT
-    // Subject: C=US, O=Java, OU=SunJSSE Test Serivce
-    // X509v3 Subject Key Identifier:
-    //     DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B
-    // X509v3 Authority Key Identifier:
-    //     keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B
-    //     DirName:/C=US/O=Java/OU=SunJSSE Test Serivce
-    //     serial:00
-    static String trustedCertStr =
-        "-----BEGIN CERTIFICATE-----\n" +
-        "MIICkjCCAfugAwIBAgIBADANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
-        "MTIwNTA1MDI0MDUwWhcNMzMwNDE1MDI0MDUwWjA7MQswCQYDVQQGEwJVUzENMAsG\n" +
-        "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwgZ8wDQYJ\n" +
-        "KoZIhvcNAQEBBQADgY0AMIGJAoGBANtiq0AIJK+iVRwFrqcD7fYXTCbMYC5Qz/k6\n" +
-        "AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwvzuURbc9+paOBWeHbN+Sc\n" +
-        "x3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStFhSHXATjtdbskNOAYGLTV\n" +
-        "x8uEy9GbAgMBAAGjgaUwgaIwHQYDVR0OBBYEFN1OjSoRwIMD8Kzror/58n3IaR+b\n" +
-        "MGMGA1UdIwRcMFqAFN1OjSoRwIMD8Kzror/58n3IaR+boT+kPTA7MQswCQYDVQQG\n" +
-        "EwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2\n" +
-        "Y2WCAQAwDwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC\n" +
-        "BQADgYEAjjkJesQrkbr36N40egybaIxw7RcqT6iy5fkAGS1JYlBDk8uSCK1o6bCH\n" +
-        "ls5EpYcGeEoabSS73WRdkO1lgeyWDduO4ef8cCCSpmpT6/YdZG0QS1PtcREeVig+\n" +
-        "Zr25jNemS4ADHX0aaXP4kiV/G80cR7nX5t5XCUm4bYdbwM07NgI=\n" +
-        "-----END CERTIFICATE-----";
-    static String trustedPrivateKey = // Private key in the format of PKCS#8
-        "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBANtiq0AIJK+iVRwF\n" +
-        "rqcD7fYXTCbMYC5Qz/k6AXBy7/1rI8wDhEJLE3m/+NSqiJwZcmdq2dNh/1fJFrwv\n" +
-        "zuURbc9+paOBWeHbN+Scx3huw91oPZme385VpoK3G13rSE114S/rF4DM9mz4EStF\n" +
-        "hSHXATjtdbskNOAYGLTVx8uEy9GbAgMBAAECgYEA2VjHkIiA0ABjkX+PqKeb+VLb\n" +
-        "fxS7tSca5C8zfdRhLxAWRui0/3ihst0eCJNrBDuxvAOACovsDWyLuaUjtI2v2ysz\n" +
-        "vz6SPyGy82PhQOFzyKQuQ814N6EpothpiZzF0yFchfKIGhUsdY89UrGs9nM7m6NT\n" +
-        "rztYvgIu4avg2VPR2AECQQD+pFAqipR2BplQRIuuRSZfHRxvoEyDjT1xnHJsC6WP\n" +
-        "I5hCLghL91MhQGWbP4EJMKYQOTRVukWlcp2Kycpf+P5hAkEA3I43gmVUAPEdyZdY\n" +
-        "fatW7OaLlbbYJb6qEtpCZ1Rwe/BIvm6H6E3qSi/lpz7Ia7WDulpbF6BawHH3pRFq\n" +
-        "CUY5ewJBAP3pUDqrRpBN0jB0uSeDslhjSciQ+dqvSpZv3rSYBHUvlBJhnkpJiy37\n" +
-        "7ZUZhIxqYxyIPgRBolLwb+FFh7OdL+ECQCtldDic9WVmC+VheRDpCKZ+SlK/8lGi\n" +
-        "7VXeShiIvcU1JysJFoa35fSI7hf1O3wt7+hX5PqGG7Un94EsJwACKEcCQQC1TWt6\n" +
-        "ArKH6tRxKjOxFtqfs8fgEVYUaOr3j1jF4KBUuX2mtQtddZe3VfJ2wPsuKMMxmhkB\n" +
-        "e7xWWZnJsErt2e+E";
-
-    // Certificate information:
-    // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce
-    // Validity
-    //     Not Before: May  5 02:40:53 2012 GMT
-    //     Not After : Jan 21 02:40:53 2032 GMT
-    // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner
-    // X509v3 Subject Key Identifier:
-    //     13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A
-    // X509v3 Authority Key Identifier:
-    //     keyid:DD:4E:8D:2A:11:C0:83:03:F0:AC:EB:A2:BF:F9:F2:7D:C8:69:1F:9B
-    //     DirName:/C=US/O=Java/OU=SunJSSE Test Serivce
-    //     serial:00
-    static String caSignerStr =
-        "-----BEGIN CERTIFICATE-----\n" +
-        "MIICqDCCAhGgAwIBAgIBAjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UwHhcN\n" +
-        "MTIwNTA1MDI0MDUzWhcNMzIwMTIxMDI0MDUzWjBOMQswCQYDVQQGEwJVUzENMAsG\n" +
-        "A1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAPBgNV\n" +
-        "BAMTCGNhc2lnbmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+x8+o7oM0\n" +
-        "ct/LZmZLXBL4CQ8jrULD5P7NtEW0hg/zxBFZfBHf+44Oo2eMPYZj+7xaREOH5BmV\n" +
-        "KRYlzRtONAaC5Ng4Mrm5UKNPcMIIUjUOvm7vWM4oSTMSfoEcSX+vp99uUAkw3w7Z\n" +
-        "+frYDm1M4At/j0b+lLij71GFN2L8drpgPQIDAQABo4GoMIGlMB0GA1UdDgQWBBQT\n" +
-        "B+ARB9vrMyOHMdDbfhZWvhGQCjBjBgNVHSMEXDBagBTdTo0qEcCDA/Cs66K/+fJ9\n" +
-        "yGkfm6E/pD0wOzELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsT\n" +
-        "FFN1bkpTU0UgVGVzdCBTZXJpdmNlggEAMBIGA1UdEwEB/wQIMAYBAf8CAQEwCwYD\n" +
-        "VR0PBAQDAgEGMA0GCSqGSIb3DQEBBAUAA4GBAI+LXA/UCPkTANablUkt80JNPWsl\n" +
-        "pS4XLNgPxWaN0bkRDs5oI4ooWAz1rwpeJ/nfetOvWlpmrVjSeovBFja5Hl+dUHTf\n" +
-        "VfuyzkxXbhuNiJIpo1mVBpNsjwu9YRxuwX6UA2LTUQpgvtVJEE012x3zRvxBCbu2\n" +
-        "Y/v1R5fZ4c+hXDfC\n" +
-        "-----END CERTIFICATE-----";
-    static String caSignerPrivateKey = // Private key in the format of PKCS#8
-        "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAL7Hz6jugzRy38tm\n" +
-        "ZktcEvgJDyOtQsPk/s20RbSGD/PEEVl8Ed/7jg6jZ4w9hmP7vFpEQ4fkGZUpFiXN\n" +
-        "G040BoLk2DgyublQo09wwghSNQ6+bu9YzihJMxJ+gRxJf6+n325QCTDfDtn5+tgO\n" +
-        "bUzgC3+PRv6UuKPvUYU3Yvx2umA9AgMBAAECgYBYvu30cW8LONyt62Zua9hPFTe7\n" +
-        "qt9B7QYyfkdmoG5PQMepTrOp84SzfoOukvgvDm0huFuJnSvhXQl2cCDhkgXskvFj\n" +
-        "Hh7KBCFViVXokGdq5YoS0/KYMyQV0TZfJUvILBl51uc4/siQ2tClC/N4sa+1JhgW\n" +
-        "a6dFGfRjiUKSSlmMwQJBAPWpIz3Q/c+DYMvoQr5OD8EaYwYIevlTdXb97RnJJh2b\n" +
-        "UnhB9jrqesJiHYVzPmP0ukyPOXOwlp2T5Am4Kw0LFOkCQQDGz150NoHOp28Mvyc4\n" +
-        "CTqz/zYzUhy2eCJESl196uyP4N65Y01VYQ3JDww4DlsXiU17tVSbgA9TCcfTYOzy\n" +
-        "vyw1AkARUky+1hafZCcWGZljK8PmnMKwsTZikCTvL/Zg5BMA8Wu+OQBwpQnk3OAy\n" +
-        "Aa87gw0DyvGFG8Vy9POWT9sRP1/JAkBqP0hrMvYMSs6+MSn0eHo2151PsAJIQcuO\n" +
-        "U2/Da1khSzu8N6WMi2GiobgV/RYRbf9KrY2ZzMZjykZQYOxAjopBAkEAghCu38cN\n" +
-        "aOsW6ueo24uzsWI1FTdE+qWNVEi3RSP120xXBCyhaBjIq4WVSlJK9K2aBaJpit3j\n" +
-        "iQ5tl6zrLlxQhg==";
-
-    // Certificate information:
-    // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=casigner
-    // Validity
-    //     Not Before: May  5 02:40:57 2012 GMT
-    //     Not After : Jan 21 02:40:57 2032 GMT
-    // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer
-    // X509v3 Subject Key Identifier:
-    //     39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8
-    // X509v3 Authority Key Identifier:
-    //     keyid:13:07:E0:11:07:DB:EB:33:23:87:31:D0:DB:7E:16:56:BE:11:90:0A
-    //     DirName:/C=US/O=Java/OU=SunJSSE Test Serivce
-    //     serial:02
-    static String certIssuerStr =
-        "-----BEGIN CERTIFICATE-----\n" +
-        "MIICvjCCAiegAwIBAgIBAzANBgkqhkiG9w0BAQQFADBOMQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxETAP\n" +
-        "BgNVBAMTCGNhc2lnbmVyMB4XDTEyMDUwNTAyNDA1N1oXDTMyMDEyMTAyNDA1N1ow\n" +
-        "UDELMAkGA1UEBhMCVVMxDTALBgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0Ug\n" +
-        "VGVzdCBTZXJpdmNlMRMwEQYDVQQDEwpjZXJ0aXNzdWVyMIGfMA0GCSqGSIb3DQEB\n" +
-        "AQUAA4GNADCBiQKBgQCyz55zinU6kNL/LeiTNiBI0QWYmDG0YTotuC4D75liBNqs\n" +
-        "7Mmladsh2mTtQUAwmuGaGzaZV25a+cUax0DXZoyBwdbTI09u1bUYsZcaUUKbPoCC\n" +
-        "HH26e4jLFL4olW13Sv4ZAd57tIYevMw+Fp5f4fLPFGegCJTFlv2Qjpmic/cuvQID\n" +
-        "AQABo4GpMIGmMB0GA1UdDgQWBBQ5DsYzsVC8cwcx5dgE97uXVc+byDBjBgNVHSME\n" +
-        "XDBagBQTB+ARB9vrMyOHMdDbfhZWvhGQCqE/pD0wOzELMAkGA1UEBhMCVVMxDTAL\n" +
-        "BgNVBAoTBEphdmExHTAbBgNVBAsTFFN1bkpTU0UgVGVzdCBTZXJpdmNlggECMBMG\n" +
-        "A1UdEwEB/wQJMAcBAf8CAgQAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQQFAAOB\n" +
-        "gQCQTagenCdClT98C+oTJGJrw/dUBD9K3tE6ZJKPMc/2bUia8G5ei1C0eXj4mWG2\n" +
-        "lu9umR6C90/A6qB050QB2h50qtqxSrkpu+ym1yypauZpg7U3nUY9wZWJNI1vqrQZ\n" +
-        "pqUMRcXY3iQIVKx+Qj+4/Za1wwFQzpEoGmqRW31V1SdMEw==\n" +
-        "-----END CERTIFICATE-----";
-    static String certIssuerPrivateKey = // Private key in the format of PKCS#8
-        "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALLPnnOKdTqQ0v8t\n" +
-        "6JM2IEjRBZiYMbRhOi24LgPvmWIE2qzsyaVp2yHaZO1BQDCa4ZobNplXblr5xRrH\n" +
-        "QNdmjIHB1tMjT27VtRixlxpRQps+gIIcfbp7iMsUviiVbXdK/hkB3nu0hh68zD4W\n" +
-        "nl/h8s8UZ6AIlMWW/ZCOmaJz9y69AgMBAAECgYEAjtew2tgm4gxDojqIauF4VPM1\n" +
-        "pzsdqd1p3pAdomNLgrQiBLZ8N7oiph6TNb1EjA+OXc+ThFgF/oM9ZDD8qZZwcvjN\n" +
-        "qDZlpTkFs2TaGcyEZfUaMB45NHVs6Nn+pSkagSNwwy3xeyAct7sQEzGNTDlEwVv5\n" +
-        "7V9LQutQtBd6xT48KzkCQQDpNRfv2OFNG/6GtzJoO68oJhpnpl2MsYNi4ntRkre/\n" +
-        "6uXpiCYaDskcrPMRwOOs0m7mxG+Ev+uKnLnSoEMm1GCbAkEAxEmDtiD0Psb8Z9BL\n" +
-        "ZRb83Jqho3xe2MCAh3xUfz9b/Mhae9dZ44o4OCgQZuwvW1mczF0NtpgZl93BmYa2\n" +
-        "hTwHhwJBAKHrEj6ep/fA6x0gD2idoATRR94VfbiU+7NpqtO9ecVP0+gsdr/66hn1\n" +
-        "3yLBeZLh3MxvMTrLgkAQh1i9m0JXjOcCQQClLXAHHegrw+u3uNMZeKTFR+Lp3sk6\n" +
-        "AZSnbvr0Me9I45kxSeG81x3ENALJecvIRbrrRws5MvmmkNhQR8rkh8WVAkEAk6b+\n" +
-        "aVtmBgUaTS5+FFlHGHJY9HFrfT1a1C/dwyMuqlmbC3YsBmZaMOlKli5TXNybLff8\n" +
-        "5KMeGEpXMzgC7AscGA==";
-
-    // Certificate information:
-    // Issuer: C=US, O=Java, OU=SunJSSE Test Serivce, CN=certissuer
-    // Validity
-    //     Not Before: May  5 02:41:01 2012 GMT
-    //     Not After : Jan 21 02:41:01 2032 GMT
-    // Subject: C=US, O=Java, OU=SunJSSE Test Serivce, CN=localhost
-    // X509v3 Subject Key Identifier:
-    //     AD:C0:2C:4C:E4:C2:2E:A1:BB:5D:92:BE:66:E0:4E:E0:0D:2F:11:EF
-    // X509v3 Authority Key Identifier:
-    //     keyid:39:0E:C6:33:B1:50:BC:73:07:31:E5:D8:04:F7:BB:97:55:CF:9B:C8
-    static String targetCertStr =
-        "-----BEGIN CERTIFICATE-----\n" +
-        "MIICjTCCAfagAwIBAgIBBDANBgkqhkiG9w0BAQQFADBQMQswCQYDVQQGEwJVUzEN\n" +
-        "MAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNTRSBUZXN0IFNlcml2Y2UxEzAR\n" +
-        "BgNVBAMTCmNlcnRpc3N1ZXIwHhcNMTIwNTA1MDI0MTAxWhcNMzIwMTIxMDI0MTAx\n" +
-        "WjBPMQswCQYDVQQGEwJVUzENMAsGA1UEChMESmF2YTEdMBsGA1UECxMUU3VuSlNT\n" +
-        "RSBUZXN0IFNlcml2Y2UxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B\n" +
-        "AQEFAAOBjQAwgYkCgYEAvwaUd7wmBSKqycEstYLWD26vkU08DM39EtaT8wL9HnQ0\n" +
-        "fgPblwBFI4zdLa2cuYXRZcFUb04N8nrkcpR0D6kkE+AlFAoRWrrZF80B7JTbtEK4\n" +
-        "1PIeurihXvUT+4MpzGLOojIihMfvM4ufelblD56SInso4WFHm7t4qCln88J1gjkC\n" +
-        "AwEAAaN4MHYwCwYDVR0PBAQDAgPoMB0GA1UdDgQWBBStwCxM5MIuobtdkr5m4E7g\n" +
-        "DS8R7zAfBgNVHSMEGDAWgBQ5DsYzsVC8cwcx5dgE97uXVc+byDAnBgNVHSUEIDAe\n" +
-        "BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBAUAA4GB\n" +
-        "AGfwcfdvEG/nSCiAn2MGbYHp34mgF3OA1SJLWUW0LvWJhwm2cn4AXlSoyvbwrkaB\n" +
-        "IDDCwhJvvc0vUyL2kTx7sqVaFTq3mDs+ktlB/FfH0Pb+i8FE+g+7T42Iw/j0qxHL\n" +
-        "YmgbrjBQf5WYN1AvBE/rrPt9aOtS3UsqtVGW574b0shW\n" +
-        "-----END CERTIFICATE-----";
-    static String targetPrivateKey = // Private key in the format of PKCS#8
-        "MIICdAIBADANBgkqhkiG9w0BAQEFAASCAl4wggJaAgEAAoGBAL8GlHe8JgUiqsnB\n" +
-        "LLWC1g9ur5FNPAzN/RLWk/MC/R50NH4D25cARSOM3S2tnLmF0WXBVG9ODfJ65HKU\n" +
-        "dA+pJBPgJRQKEVq62RfNAeyU27RCuNTyHrq4oV71E/uDKcxizqIyIoTH7zOLn3pW\n" +
-        "5Q+ekiJ7KOFhR5u7eKgpZ/PCdYI5AgMBAAECf3CscOYvFD3zNMnMJ5LomVqA7w3F\n" +
-        "gKYM2jlCWAH+wU41PMEXhW6Lujw92jgXL1o+lERwxFzirVdZJWZwKgUSvzP1G0h3\n" +
-        "fkucq1/UWnToK+8NSXNM/yS8hXbBgSEoJo5f7LKcIi1Ev6doBVofMxs+njzyWKbM\n" +
-        "Nb7rOLHadghoon0CQQDgQzbzzSN8Dc1YmmylhI5v+0sQRHH0DL7D24k4Weh4vInG\n" +
-        "EAbt4x8M7ZKEo8/dv0s4hbmNmAnJl93/RRxIyEqLAkEA2g87DiswSQam2pZ8GlrO\n" +
-        "+w4Qg9mH8uxx8ou2rl0XlHzH1XiTNbkjfY0EZoL7L31BHFk9n11Fb2P85g6ws+Hy\n" +
-        "ywJAM/xgyLNM/nzUlS128geAXUULaYH0SHaL4isJ7B4rXZGW/mrIsGxtzjlkNYsj\n" +
-        "rGujrD6TfNc5rZmexIXowJZtcQJBAIww+pCzZ4mrgx5JXWQ8OZHiiu+ZrPOa2+9J\n" +
-        "r5sOMpi+WGN/73S8oHqZbNjTINZ5OqEVJq8MchWZPQBTNXuQql0CQHEjUzzkCQa3\n" +
-        "j6JTa2KAdqyvLOx0XF9zcc1gA069uNQI2gPUHS8V215z57f/gMGnDNhVfLs/vMKz\n" +
-        "sFkVZ3zg7As=";
-
-
-    public static void main(String args[]) throws Exception {
-        // MD5 is used in this test case, don't disable MD5 algorithm.
-        Security.setProperty(
-                "jdk.certpath.disabledAlgorithms", "MD2, RSA keySize < 1024");
-
-        // generate certificate from cert string
-        CertificateFactory cf = CertificateFactory.getInstance("X.509");
-
-        // create a set of trust anchors
-        LinkedHashSet<TrustAnchor> trustAnchors = new LinkedHashSet<>();
-
-        ByteArrayInputStream is =
-            new ByteArrayInputStream(NoiceTrusedCertStr.getBytes());
-        Certificate trustedCert = cf.generateCertificate(is);
-        is.close();
-        TrustAnchor anchor =
-            new TrustAnchor((X509Certificate)trustedCert, null);
-        trustAnchors.add(anchor);
-
-        is = new ByteArrayInputStream(trustedCertStr.getBytes());
-        trustedCert = cf.generateCertificate(is);
-        is.close();
-        anchor = new TrustAnchor((X509Certificate)trustedCert, null);
-        trustAnchors.add(anchor);
-
-        is = new ByteArrayInputStream(NoiceTrusedCertStr_2nd.getBytes());
-        trustedCert = cf.generateCertificate(is);
-        is.close();
-        anchor = new TrustAnchor((X509Certificate)trustedCert, null);
-        trustAnchors.add(anchor);
-
-        // create a list of certificates
-        List<Certificate> chainList = new ArrayList<>();
-
-        is = new ByteArrayInputStream(targetCertStr.getBytes());
-        Certificate cert = cf.generateCertificate(is);
-        is.close();
-        chainList.add(cert);
-
-        is = new ByteArrayInputStream(certIssuerStr.getBytes());
-        cert = cf.generateCertificate(is);
-        is.close();
-        chainList.add(cert);
-
-        is = new ByteArrayInputStream(caSignerStr.getBytes());
-        cert = cf.generateCertificate(is);
-        is.close();
-        chainList.add(cert);
-
-        // create a certificate selector
-        X509CertSelector xcs = new X509CertSelector();
-        X509Certificate eeCert = (X509Certificate)chainList.get(0);
-        xcs.setSubject(eeCert.getSubjectX500Principal());
-
-        // reverse build
-        SunCertPathBuilderParameters params =
-            new SunCertPathBuilderParameters(trustAnchors, xcs);
-        params.setBuildForward(false);
-        params.setRevocationEnabled(false);
-
-        CollectionCertStoreParameters ccsp =
-            new CollectionCertStoreParameters(chainList);
-        params.addCertStore(CertStore.getInstance("Collection", ccsp));
-
-        CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX");
-        CertPathBuilderResult res = cpb.build(params);
-    }
-}
Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2leadMA has changed
Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2mgrM has changed
Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrM2prjM has changed
Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/mgrMcrl has changed
Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2divE has changed
Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/prjM2mgrM has changed
Binary file jdk/test/sun/security/provider/certpath/ReverseBuilder/prjMcrl has changed
--- a/make/Images.gmk	Thu Apr 23 16:12:16 2015 -0700
+++ b/make/Images.gmk	Wed Jul 05 20:29:56 2017 +0200
@@ -38,7 +38,7 @@
 ############################################################################
 
 MAIN_MODULES += java.se java.smartcardio jdk.httpserver jdk.sctp \
-               jdk.security.auth jdk.security.jgss jdk.pack200
+               jdk.security.auth jdk.security.jgss jdk.pack200 jdk.xml.dom
 
 # providers
 PROVIDER_MODULES += jdk.charsets jdk.crypto.ec jdk.crypto.pkcs11 jdk.jvmstat jdk.localedata \
--- a/nashorn/.hgtags	Thu Apr 23 16:12:16 2015 -0700
+++ b/nashorn/.hgtags	Wed Jul 05 20:29:56 2017 +0200
@@ -294,3 +294,4 @@
 5096a7cca5f0fda814832ac777966bea893f837e jdk9-b58
 ea4e794c3927df4e03f53202e15a3248375b7902 jdk9-b59
 c55ce3738888b6c7596780b7b2ad1aa0f9ebccd7 jdk9-b60
+89937bee80bd28826de8cf60aa63a21edab63f79 jdk9-b61
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/clickcounter.fxml	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,65 @@
+<!-- simple self-contained .fxml file -->
+
+<!--
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+
+<?import javafx.scene.*?>
+<?import javafx.scene.control.*?>
+<?import javafx.scene.layout.*?>
+<?language javascript?>
+
+<VBox xmlns:fx="http://javafx.com/fxml">
+    <!-- script to handle events -->
+
+    <fx:script>
+
+    // button click handler
+    var clickCount = 0;
+    function onButtonClick(event) {
+        // get another control via scene object
+        var scene = event.source.scene;
+        var textField = scene.lookup("#nameText");
+
+        print(textField.text + ", you clicked " + ++clickCount + " times!");
+    }
+
+    </fx:script>
+
+    <!-- GUI description -->
+    <children>
+    <HBox>
+        <Label text="Your name please:"/>
+        <TextField fx:id="nameText" text="Nashorn"/>
+    </HBox>
+    <Button text="Click!" onAction="onButtonClick(event)"/>
+    </children>
+</VBox>
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/colorfulcircles.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,144 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Nashorn port of ColorfulCircles.java JavaFX animation example at
+// https://docs.oracle.com/javafx/2/get_started/ColorfulCircles.java.html
+// ColorfulCircles.java is under the following license terms:
+ 
+/*
+* Copyright (c) 2011, 2012 Oracle and/or its affiliates.
+* All rights reserved. Use is subject to license terms.
+*
+* This file is available and licensed under the following license:
+*
+* Redistribution and use in source and binary forms, with or without
+* modification, are permitted provided that the following conditions
+* are met:
+*
+* - Redistributions of source code must retain the above copyright
+* notice, this list of conditions and the following disclaimer.
+* - Redistributions in binary form must reproduce the above copyright
+* notice, this list of conditions and the following disclaimer in
+* the documentation and/or other materials provided with the distribution.
+* - Neither the name of Oracle nor the names of its
+* contributors may be used to endorse or promote products derived
+* from this software without specific prior written permission.
+*
+* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+ 
+// Usage: jjs -fx colorfulcircles.fx
+ 
+// Porting note: No imports - just load these fx scripts!
+load("fx:controls.js");
+load("fx:graphics.js");
+ 
+// Porting note: whatever is inside
+// public void start(Stage primaryStage)
+// goes into "start" function
+ 
+function start(primaryStage) {
+    // Porting note: Replace types with 'var'. "Group root" becomes "var root".
+    // and so on..
+ 
+    var root = new Group();
+    var scene = new Scene(root, 800, 600, Color.BLACK);
+    primaryStage.setScene(scene);
+    var circles = new Group();
+    // Porting note: for (int i = 0....) becomes for (var i = 0...)
+ 
+    for (var i = 0; i < 30; i++) {
+        var circle = new Circle(150, Color.web("white", 0.05));
+        circle.setStrokeType(StrokeType.OUTSIDE);
+        circle.setStroke(Color.web("white", 0.16));
+        circle.setStrokeWidth(4);
+        circles.getChildren().add(circle);
+    }
+ 
+    // Porting note: There is no "f" suffix for float literals in JS.
+    // LinearGradient(0f, 1f, 1f, 0f,..) becomes just
+    // LinearGradient(0, 1, 1, 0,..)
+ 
+    // Porting note: LinearGradient's constructor is a varargs method
+    // No need to create Stop[] just pass more Stop objects at the end!
+    var colors = new Rectangle(scene.getWidth(), scene.getHeight(),
+       new LinearGradient(0, 1, 1, 0, true, CycleMethod.NO_CYCLE,
+       new Stop(0, Color.web("#f8bd55")),
+       new Stop(0.14, Color.web("#c0fe56")),
+       new Stop(0.28, Color.web("#5dfbc1")),
+       new Stop(0.43, Color.web("#64c2f8")),
+       new Stop(0.57, Color.web("#be4af7")),
+       new Stop(0.71, Color.web("#ed5fc2")),
+       new Stop(0.85, Color.web("#ef504c")),
+       new Stop(1, Color.web("#f2660f"))));
+    colors.widthProperty().bind(scene.widthProperty());
+    colors.heightProperty().bind(scene.heightProperty());
+    var blendModeGroup =
+       new Group(new Group(new Rectangle(scene.getWidth(), scene.getHeight(),
+         Color.BLACK), circles), colors);
+    colors.setBlendMode(BlendMode.OVERLAY);
+    root.getChildren().add(blendModeGroup);
+    circles.setEffect(new BoxBlur(10, 10, 3));
+ 
+    // Porting note: Java code uses static import of
+    // java.lang.Math.random. Just use JS Math.random here
+    var random = Math.random;
+ 
+    var timeline = new Timeline();
+    // Porting note: Java enhanced for loop
+    // for (Node circle : circles.getChildren())
+    // becomes
+    // for each (var circle: circles.getChildren())
+  
+    for each (var circle in circles.getChildren()) {
+        timeline.getKeyFrames().addAll(
+            new KeyFrame(Duration.ZERO, // set start position at 0
+            new KeyValue(circle.translateXProperty(), random() * 800),
+            new KeyValue(circle.translateYProperty(), random() * 600)),
+            new KeyFrame(new Duration(40000), // set end position at 40s
+            new KeyValue(circle.translateXProperty(), random() * 800),
+            new KeyValue(circle.translateYProperty(), random() * 600)));
+    }
+
+    // play 40s of animation
+    timeline.play();
+    primaryStage.show();
+} 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/colorpick.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,52 @@
+#simple color picker example
+
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+if (! $OPTIONS._fx) {
+    print("Usage: jjs -fx colorpick.js");
+    exit(1);
+}
+ 
+var ColorPicker = Java.type("javafx.scene.control.ColorPicker");
+var Scene = Java.type("javafx.scene.Scene");
+ 
+function start(stage) {
+    var picker = new ColorPicker();
+    // just print color details in stdout for fun!
+    picker.onAction = function(evt) {
+        var ld = Object.bindProperties({}, picker.value);
+        print(JSON.stringify(ld));
+    }
+    var scene = new Scene(picker, 200, 30);
+    stage.scene = scene;
+    stage.show();
+} 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/datepick.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,51 @@
+#simple sample to use #javafx8 date picker with #nashorn
+
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+if (! $OPTIONS._fx) {
+    print("Usage: jjs -fx datepick.js");
+    exit(1);
+}
+
+load("fx:controls.js");
+
+function start(stage) {
+    var picker = new DatePicker();
+    picker.onAction = function(evt) {
+        var ld = Object.bindProperties({}, picker.value);
+        print(JSON.stringify(ld));
+    }
+
+    var scene = new Scene(picker, 100, 30);
+    stage.scene = scene;
+    stage.show();
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/fjson.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+// Usage: jjs -scripting flexijson.js fjson.js
+
+var obj = FlexiJSON.parse(<<EOF
+// this is a comment
+{
+    foo: 23,
+    bar: [ 34, 454, 54,],
+    // inline comment here
+
+    /** multi line
+        comments are fine too! */
+
+    # shell style line comment is fine!
+
+    regex: /gdfg/i, // regexp literal
+
+    str: <<END
+Multiple line strings via nashorn 
+-scripting mode extension as well
+END
+}
+EOF)
+
+print(obj.foo);
+print(obj.bar);
+print(obj.regex);
+print(obj.str);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/flexijson.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,167 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Hjson - "the Human JSON - A configuration file format that 
+ * caters to humans and helps reduce the errors they make"
+ * See also: http://hjson.org/
+ *
+ * I wanted to see if we can use Nashorn Parser API (jdk9) to support
+ * similar flexible JSON extension with #nashorn. In this FlexiJSON.parse
+ * implementation, Nashorn Parser API is used to validate that the 
+ * extendable flexi JSON is "data only" (i.e., no executable code) and
+ * then 'eval'ed to make an object out of it.
+ *
+ * FlexiJSON allows the following:
+ *
+ *   * single and mutliple line comments anywhere
+ *   * non-quoted property names and values
+ *   * regexp literal values
+ *   * omitting trailing comma
+ *
+ * When nashorn -scripting mode is enabled, FlexiJSON supports these
+ * as well:
+ *
+ *   * shell style # comments
+ *   * multiple line (Unix heredoc style) string values
+ */
+
+"use strict";
+
+function FlexiJSON() {}
+
+// helper to locate Nashorn Parser API classes
+FlexiJSON.treeType = function(name) {
+    return Java.type("jdk.nashorn.api.tree." + name);
+}
+
+// Nashorn Parser API classes used
+FlexiJSON.ArrayLiteral = FlexiJSON.treeType("ArrayLiteralTree");
+FlexiJSON.ExpressionStatement = FlexiJSON.treeType("ExpressionStatementTree");
+FlexiJSON.ObjectLiteral = FlexiJSON.treeType("ObjectLiteralTree");
+FlexiJSON.RegExpLiteral = FlexiJSON.treeType("RegExpLiteralTree");
+FlexiJSON.Literal = FlexiJSON.treeType("LiteralTree");
+FlexiJSON.Parser = FlexiJSON.treeType("Parser");
+FlexiJSON.SimpleTreeVisitor = FlexiJSON.treeType("SimpleTreeVisitorES5_1");
+
+// FlexiJSON.parse API
+
+FlexiJSON.parse = function(str) {
+    var parser = (typeof $OPTIONS == "undefined")? 
+        FlexiJSON.Parser.create() :
+        FlexiJSON.Parser.create("-scripting");
+
+    // force the string to be an expression by putting it inside (, )
+    str = "(" + str + ")";
+    var ast = parser.parse("<flexijsondoc>", str, null);
+    // Should not happen. parse would have thrown syntax error
+    if (!ast) {
+        return undefined;
+    }
+
+    // allowed 'literal' values in flexi JSON
+    function isLiteral(node) {
+        return node instanceof FlexiJSON.ArrayLiteral ||
+            node instanceof FlexiJSON.Literal ||
+            node instanceof FlexiJSON.ObjectLiteral ||
+            node instanceof FlexiJSON.RegExpLiteral;
+    }
+
+    var visitor;
+    ast.accept(visitor = new (Java.extend(FlexiJSON.SimpleTreeVisitor)) {
+         lineMap: null,
+
+         throwError: function(msg, node) {
+             if (this.lineMap) {
+                 var pos = node.startPosition;
+                 var line = this.lineMap.getLineNumber(pos);
+                 var column = this.lineMap.getColumnNumber(pos);
+                 // we introduced extra '(' at start. So, adjust column number
+                 msg = msg + " @ " + line + ":" + (column - 1);
+             }
+             throw new TypeError(msg);
+         },
+
+         visitLiteral: function(node, extra) {
+             print(node.value);
+         },
+
+         visitExpressionStatement: function(node, extra) {
+             var expr = node.expression;
+             if (isLiteral(expr)) {
+                 expr.accept(visitor, extra);
+             } else {
+                 this.throwError("only literals can occur", expr);
+             }
+         },
+
+         visitArrayLiteral: function(node, extra) {
+             for each (var elem in node.elements) {
+                 if (isLiteral(elem)) {
+                     elem.accept(visitor, extra);
+                 } else {
+                     this.throwError("only literal array element value allowed", elem);
+                 }
+             }
+         },
+
+         visitObjectLiteral: function(node, extra) {
+             for each (var prop in node.properties) {
+                 if (prop.getter != null || prop.setter != null) {
+                     this.throwError("getter/setter property not allowed", node);
+                 }
+
+                 var value = prop.value;
+                 if (isLiteral(value)) {
+                     value.accept(visitor, extra);
+                 } else {
+                     this.throwError("only literal property value allowed", value);
+                 }
+             }
+         },
+
+         visitCompilationUnit: function(node, extra) {
+             this.lineMap = node.lineMap;
+             var elements = node.sourceElements;
+             if (elements.length > 1) {
+                 this.throwError("more than one top level expression", node.sourceElements[1]);
+             } 
+             var stat = node.sourceElements[0];
+             if (! (stat instanceof FlexiJSON.ExpressionStatement)) {
+                 this.throwError("only one top level expresion allowed", stat);
+             }
+             stat.accept(visitor, extra);
+         },
+    }, null);
+
+    // safe to eval given string as flexi JSON!
+    return eval(str);
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/fxml_example.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,86 @@
+#Usage: jjs -fx fxml_example.js
+#nashorn simple example using FXML with #javafx
+
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+// See also https://docs.oracle.com/javase/8/javafx/api/javafx/fxml/doc-files/introduction_to_fxml.html
+ 
+if (! $OPTIONS._fx) {
+    print("Usage: jjs -fx fxml_example.js");
+    exit(1);
+}
+ 
+// inline FXML document here
+var fxml = <<EOF
+ 
+<?import javafx.scene.*?>
+<?import javafx.scene.control.*?>
+<?import javafx.scene.layout.*?>
+ 
+<VBox xmlns:fx="http://javafx.com/fxml">
+    <children>
+    <!-- ids will be used script later -->
+    <HBox>
+        <Label text="Your name please:"/>
+        <TextField fx:id="nameText" text="Nashorn"/>
+    </HBox>
+    <Button fx:id="clickButton" text="Click!"/>
+    </children>
+</VBox>
+ 
+EOF
+ 
+// Java and FX classes used
+var ByteArrayInputStream = Java.type("java.io.ByteArrayInputStream");
+var FXMLLoader = Java.type("javafx.fxml.FXMLLoader");
+var Scene = Java.type("javafx.scene.Scene");
+ 
+function start(stage) {
+    var loader = new FXMLLoader();
+    // load FXML from a string
+    var root = loader.load(new ByteArrayInputStream(fxml.getBytes("UTF-8")));
+ 
+    // get the button and the text field controls
+    var button = root.lookup("#clickButton");
+    var textField = root.lookup("#nameText");
+ 
+    // event handler for button
+    var clickCount = 0;
+    button.onAction = function() {
+        print(textField.text + ", you clicked me: " + ++clickCount + " time(s)");
+    }
+ 
+    var scene = new Scene(root, 300, 275);
+    stage.title = "FXML Example";
+    stage.scene = scene;
+    stage.show();
+} 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/samples/fxmlrunner.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,64 @@
+#Usage: jjs -fx fxmlrunner.js -- <.fxml file>
+
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   - Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *
+ *   - Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in the
+ *     documentation and/or other materials provided with the distribution.
+ *
+ *   - Neither the name of Oracle nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+ * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+ * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ 
+// See also https://docs.oracle.com/javase/8/javafx/api/javafx/fxml/doc-files/introduction_to_fxml.html
+
+// Simple script to "run" a .FXML file specified in
+// command line. FXML file is expected to have inline
+// fx:script to handle GUI events. i.e., self-contained
+// FXML file is assumed.
+ 
+var file = arguments[0];
+var File = Java.type("java.io.File"); 
+if (!$OPTIONS._fx || !file || !new File(file).isFile()) {
+    print("Usage: jjs -fx fxmlrunner.js -- <.fxml file> [width] [height]");
+    exit(1);
+}
+
+// optional stage width and height from command line
+var width = arguments[1]? parseInt(arguments[1]) : 400;
+var height = arguments[2]? parseInt(arguments[2]) : 300;
+
+// JavaFX classes used
+var FXMLLoader = Java.type("javafx.fxml.FXMLLoader");
+var Scene = Java.type("javafx.scene.Scene");
+ 
+function start(stage) {
+    // load FXML
+    var root = FXMLLoader.load(new File(file).toURL());
+    // show it in a scene
+    var scene = new Scene(root, width, height);
+    stage.title = file;
+    stage.scene = scene;
+    stage.show();
+} 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8071928.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,57 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ * 
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ * 
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ * 
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8071928: Instance properties with getters returning wrong values
+ *
+ * @test
+ * @run
+ */
+
+
+var types = {};
+
+function Type() {}
+
+Type.prototype.getName = function() {
+    return this._name;
+};
+
+function defineType(init) {
+    return Object.create(Type.prototype, {
+        _name: { get: function() { return init.name; } }
+    });
+}
+
+types.A = defineType({ name: 'A' });
+types.B = defineType({ name: 'B' });
+types.C = defineType({ name: 'C' });
+types.D = defineType({ name: 'D' });
+
+var keys = Object.keys(types);
+for (var i = 0; i < keys.length; i++) {
+    var t = types[keys[i]];
+    if (t.getName() != keys[i]) {
+        throw 'wrong name for ' + keys[i] + ': ' + t.getName();
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8073846.js	Wed Jul 05 20:29:56 2017 +0200
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ * 
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ * 
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ * 
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ * 
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8073846: Javascript for-in loop returned extra keys
+ *
+ * @test
+ * @run
+ */
+
+var obj = {};
+
+var list = [
+    '2100000',
+    '420000',
+    '430000'
+];
+
+for (var i = 0; i < list.length; i++) {
+    if (obj[list[i]]) print("duplicate: " + list[i]);
+    obj[list[i]] = 'obj' + list[i]
+}
+
+var count = 0;
+for (var a in obj) {
+    count++;
+    if ('obj' + a !== obj[a]) {
+        throw 'wrong key or value: ' + a + ', ' + obj[a];
+    }
+}
+
+if (count !== 3) {
+    throw 'wrong entry count: ' + count;
+}