Merge
authorcoleenp
Fri, 10 May 2019 09:07:53 -0400
changeset 54808 cf94f5c214f6
parent 54807 33fe50b6d707 (current diff)
parent 54806 45bbef01a6ae (diff)
child 54809 351da897f409
Merge
src/hotspot/share/runtime/thread.cpp
--- a/make/autoconf/flags-ldflags.m4	Fri May 10 09:05:29 2019 -0400
+++ b/make/autoconf/flags-ldflags.m4	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -88,7 +88,7 @@
     BASIC_LDFLAGS_JVM_ONLY="-library=%none -mt -z noversion"
 
   elif test "x$TOOLCHAIN_TYPE" = xxlc; then
-    BASIC_LDFLAGS="-b64 -brtl -bnolibpath -bexpall -bernotok -btextpsize:64K \
+    BASIC_LDFLAGS="-b64 -brtl -bnorwexec -bnolibpath -bexpall -bernotok -btextpsize:64K \
         -bdatapsize:64K -bstackpsize:64K"
     # libjvm.so has gotten too large for normal TOC size; compile with qpic=large and link with bigtoc
     BASIC_LDFLAGS_JVM_ONLY="-Wl,-lC_r -bbigtoc"
--- a/make/conf/jib-profiles.js	Fri May 10 09:05:29 2019 -0400
+++ b/make/conf/jib-profiles.js	Fri May 10 09:07:53 2019 -0400
@@ -1301,7 +1301,7 @@
     var args = ["--with-version-build=" + common.build_number];
     if (input.build_type == "promoted") {
         args = concat(args,
-                      "--with-version-pre=" + version_numbers.get("DEFAULT_PROMOTION_VERSION_PRE"),
+                      "--with-version-pre=" + version_numbers.get("DEFAULT_PROMOTED_VERSION_PRE"),
                       "--without-version-opt");
     } else if (input.build_type == "ci") {
         var optString = input.build_id_data.ciBuildNumber;
--- a/src/hotspot/cpu/aarch64/compiledIC_aot_aarch64.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/cpu/aarch64/compiledIC_aot_aarch64.cpp	Fri May 10 09:07:53 2019 -0400
@@ -25,6 +25,7 @@
 #include "aot/compiledIC_aot.hpp"
 #include "code/codeCache.hpp"
 #include "memory/resourceArea.hpp"
+#include "memory/universe.hpp"
 
 void CompiledDirectStaticCall::set_to_far(const methodHandle& callee, address entry) {
   if (TraceICs) {
--- a/src/hotspot/cpu/aarch64/macroAssembler_aarch64.hpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/cpu/aarch64/macroAssembler_aarch64.hpp	Fri May 10 09:07:53 2019 -0400
@@ -27,6 +27,7 @@
 #define CPU_AARCH64_MACROASSEMBLER_AARCH64_HPP
 
 #include "asm/assembler.hpp"
+#include "oops/compressedOops.hpp"
 
 // MacroAssembler extends Assembler by frequently used macros.
 //
@@ -85,10 +86,10 @@
  public:
   MacroAssembler(CodeBuffer* code) : Assembler(code) {
     use_XOR_for_compressed_class_base
-      = (operand_valid_for_logical_immediate(false /*is32*/,
-                                             (uint64_t)Universe::narrow_klass_base())
-         && ((uint64_t)Universe::narrow_klass_base()
-             > (1UL << log2_intptr(Universe::narrow_klass_range()))));
+      = operand_valid_for_logical_immediate
+           (/*is32*/false, (uint64_t)CompressedKlassPointers::base())
+         && ((uint64_t)CompressedKlassPointers::base()
+             > (1UL << log2_intptr(CompressedKlassPointers::range())));
   }
 
  // These routines should emit JVMTI PopFrame and ForceEarlyReturn handling code.
--- a/src/hotspot/cpu/arm/c1_CodeStubs_arm.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/cpu/arm/c1_CodeStubs_arm.cpp	Fri May 10 09:07:53 2019 -0400
@@ -29,6 +29,7 @@
 #include "c1/c1_LIRAssembler.hpp"
 #include "c1/c1_MacroAssembler.hpp"
 #include "c1/c1_Runtime1.hpp"
+#include "memory/universe.hpp"
 #include "nativeInst_arm.hpp"
 #include "runtime/sharedRuntime.hpp"
 #include "utilities/macros.hpp"
--- a/src/hotspot/cpu/arm/c1_LIRAssembler_arm.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/cpu/arm/c1_LIRAssembler_arm.cpp	Fri May 10 09:07:53 2019 -0400
@@ -34,6 +34,7 @@
 #include "gc/shared/barrierSet.hpp"
 #include "gc/shared/cardTableBarrierSet.hpp"
 #include "gc/shared/collectedHeap.hpp"
+#include "memory/universe.hpp"
 #include "nativeInst_arm.hpp"
 #include "oops/objArrayKlass.hpp"
 #include "runtime/frame.inline.hpp"
--- a/src/hotspot/cpu/x86/sharedRuntime_x86_64.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/cpu/x86/sharedRuntime_x86_64.cpp	Fri May 10 09:07:53 2019 -0400
@@ -39,6 +39,7 @@
 #include "interpreter/interpreter.hpp"
 #include "logging/log.hpp"
 #include "memory/resourceArea.hpp"
+#include "memory/universe.hpp"
 #include "oops/compiledICHolder.hpp"
 #include "runtime/safepointMechanism.hpp"
 #include "runtime/sharedRuntime.hpp"
--- a/src/hotspot/cpu/x86/stubRoutines_x86.hpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/cpu/x86/stubRoutines_x86.hpp	Fri May 10 09:07:53 2019 -0400
@@ -33,7 +33,7 @@
 
 enum platform_dependent_constants {
   code_size1 = 20000 LP64_ONLY(+10000),         // simply increase if too small (assembler will crash if too small)
-  code_size2 = 35300 LP64_ONLY(+11000)          // simply increase if too small (assembler will crash if too small)
+  code_size2 = 35300 LP64_ONLY(+11200)          // simply increase if too small (assembler will crash if too small)
 };
 
 class x86 {
--- a/src/hotspot/os_cpu/linux_arm/thread_linux_arm.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/os_cpu/linux_arm/thread_linux_arm.cpp	Fri May 10 09:07:53 2019 -0400
@@ -28,6 +28,7 @@
 #include "gc/shared/cardTableBarrierSet.inline.hpp"
 #include "gc/shared/collectedHeap.hpp"
 #include "memory/metaspaceShared.hpp"
+#include "memory/universe.hpp"
 #include "runtime/frame.inline.hpp"
 
 frame JavaThread::pd_last_frame() {
--- a/src/hotspot/share/classfile/javaClasses.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/classfile/javaClasses.cpp	Fri May 10 09:07:53 2019 -0400
@@ -1738,9 +1738,6 @@
 }
 
 oop java_lang_Thread::park_blocker(oop java_thread) {
-  assert(JDK_Version::current().supports_thread_park_blocker(),
-         "Must support parkBlocker field");
-
   return java_thread->obj_field(_park_blocker_offset);
 }
 
--- a/src/hotspot/share/compiler/compileBroker.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/compiler/compileBroker.cpp	Fri May 10 09:07:53 2019 -0400
@@ -450,8 +450,8 @@
     save_hot_method = methodHandle(task->hot_method());
 
     remove(task);
-    purge_stale_tasks(); // may temporarily release MCQ lock
   }
+  purge_stale_tasks(); // may temporarily release MCQ lock
   return task;
 }
 
--- a/src/hotspot/share/gc/shenandoah/shenandoahCollectionSet.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/gc/shenandoah/shenandoahCollectionSet.cpp	Fri May 10 09:07:53 2019 -0400
@@ -28,6 +28,7 @@
 #include "gc/shenandoah/shenandoahHeapRegionSet.hpp"
 #include "gc/shenandoah/shenandoahUtils.hpp"
 #include "runtime/atomic.hpp"
+#include "services/memTracker.hpp"
 #include "utilities/copy.hpp"
 
 ShenandoahCollectionSet::ShenandoahCollectionSet(ShenandoahHeap* heap, char* heap_base, size_t size) :
--- a/src/hotspot/share/include/jvm.h	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/include/jvm.h	Fri May 10 09:07:53 2019 -0400
@@ -1280,18 +1280,7 @@
     unsigned int reserved3 : 8;
     unsigned int reserved1 : 16;
     unsigned int reserved2;
-
-    /* The following bits represents new JDK supports that VM has dependency on.
-     * VM implementation can use these bits to determine which JDK version
-     * and support it has to maintain runtime compatibility.
-     *
-     * When a new bit is added in a minor or update release, make sure
-     * the new bit is also added in the main/baseline.
-     */
-    unsigned int thread_park_blocker : 1;
-    unsigned int post_vm_init_hook_enabled : 1;
-    unsigned int pending_list_uses_discovered_field : 1;
-    unsigned int : 29;
+    unsigned int : 32;
     unsigned int : 32;
     unsigned int : 32;
 } jdk_version_info;
--- a/src/hotspot/share/jvmci/jvmciCompiler.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/jvmci/jvmciCompiler.cpp	Fri May 10 09:07:53 2019 -0400
@@ -26,6 +26,7 @@
 #include "classfile/moduleEntry.hpp"
 #include "jvmci/jvmciEnv.hpp"
 #include "jvmci/jvmciRuntime.hpp"
+#include "oops/objArrayOop.inline.hpp"
 #include "runtime/handles.inline.hpp"
 
 JVMCICompiler* JVMCICompiler::_instance = NULL;
--- a/src/hotspot/share/runtime/arguments.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/runtime/arguments.cpp	Fri May 10 09:07:53 2019 -0400
@@ -2959,14 +2959,6 @@
     LogConfiguration::configure_stdout(LogLevel::Info, true, LOG_TAGS(class, path));
   }
 
-  // Change the default value for flags  which have different default values
-  // when working with older JDKs.
-#ifdef LINUX
- if (JDK_Version::current().compare_major(6) <= 0 &&
-      FLAG_IS_DEFAULT(UseLinuxPosixThreadCPUClocks)) {
-    FLAG_SET_DEFAULT(UseLinuxPosixThreadCPUClocks, false);
-  }
-#endif // LINUX
   fix_appclasspath();
 
   return JNI_OK;
--- a/src/hotspot/share/runtime/java.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/runtime/java.cpp	Fri May 10 09:07:53 2019 -0400
@@ -710,14 +710,7 @@
   int security = JDK_VERSION_SECURITY(info.jdk_version);
   int build = JDK_VERSION_BUILD(info.jdk_version);
 
-  // Incompatible with pre-4243978 JDK.
-  if (info.pending_list_uses_discovered_field == 0) {
-    vm_exit_during_initialization(
-      "Incompatible JDK is not using Reference.discovered field for pending list");
-  }
-  _current = JDK_Version(major, minor, security, info.patch_version, build,
-                         info.thread_park_blocker == 1,
-                         info.post_vm_init_hook_enabled == 1);
+  _current = JDK_Version(major, minor, security, info.patch_version, build);
 }
 
 void JDK_Version_init() {
--- a/src/hotspot/share/runtime/java.hpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/runtime/java.hpp	Fri May 10 09:07:53 2019 -0400
@@ -74,9 +74,6 @@
   uint8_t _patch;
   uint8_t _build;
 
-  bool _thread_park_blocker;
-  bool _post_vm_init_hook_enabled;
-
   bool is_valid() const {
     return (_major != 0);
   }
@@ -86,16 +83,13 @@
 
  public:
 
-  JDK_Version() : _major(0), _minor(0), _security(0), _patch(0), _build(0),
-                  _thread_park_blocker(false), _post_vm_init_hook_enabled(false)
-                  {}
+  JDK_Version() :
+      _major(0), _minor(0), _security(0), _patch(0), _build(0)
+      {}
 
   JDK_Version(uint8_t major, uint8_t minor = 0, uint8_t security = 0,
-              uint8_t patch = 0, uint8_t build = 0,
-              bool thread_park_blocker = false, bool post_vm_init_hook_enabled = false) :
-      _major(major), _minor(minor), _security(security), _patch(patch), _build(build),
-      _thread_park_blocker(thread_park_blocker),
-      _post_vm_init_hook_enabled(post_vm_init_hook_enabled)
+              uint8_t patch = 0, uint8_t build = 0) :
+      _major(major), _minor(minor), _security(security), _patch(patch), _build(build)
       {}
 
   // Returns the current running JDK version
@@ -120,13 +114,6 @@
   uint8_t patch_version() const          { return _patch; }
   uint8_t build_number() const           { return _build; }
 
-  bool supports_thread_park_blocker() const {
-    return _thread_park_blocker;
-  }
-  bool post_vm_init_hook_enabled() const {
-    return _post_vm_init_hook_enabled;
-  }
-
   // Performs a full ordering comparison using all fields (patch, build, etc.)
   int compare(const JDK_Version& other) const;
 
--- a/src/hotspot/share/runtime/thread.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/runtime/thread.cpp	Fri May 10 09:07:53 2019 -0400
@@ -3194,8 +3194,7 @@
 oop JavaThread::current_park_blocker() {
   // Support for JSR-166 locks
   oop thread_oop = threadObj();
-  if (thread_oop != NULL &&
-      JDK_Version::current().supports_thread_park_blocker()) {
+  if (thread_oop != NULL) {
     return java_lang_Thread::park_blocker(thread_oop);
   }
   return NULL;
@@ -4011,13 +4010,11 @@
   RTMLockingCounters::init();
 #endif
 
-  if (JDK_Version::current().post_vm_init_hook_enabled()) {
-    call_postVMInitHook(THREAD);
-    // The Java side of PostVMInitHook.run must deal with all
-    // exceptions and provide means of diagnosis.
-    if (HAS_PENDING_EXCEPTION) {
-      CLEAR_PENDING_EXCEPTION;
-    }
+  call_postVMInitHook(THREAD);
+  // The Java side of PostVMInitHook.run must deal with all
+  // exceptions and provide means of diagnosis.
+  if (HAS_PENDING_EXCEPTION) {
+    CLEAR_PENDING_EXCEPTION;
   }
 
   {
--- a/src/hotspot/share/services/threadService.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/services/threadService.cpp	Fri May 10 09:07:53 2019 -0400
@@ -893,10 +893,7 @@
   }
 
   // Support for JSR-166 locks
-  if (JDK_Version::current().supports_thread_park_blocker() &&
-        (_thread_status == java_lang_Thread::PARKED ||
-         _thread_status == java_lang_Thread::PARKED_TIMED)) {
-
+  if (_thread_status == java_lang_Thread::PARKED || _thread_status == java_lang_Thread::PARKED_TIMED) {
     _blocker_object = thread->current_park_blocker();
     if (_blocker_object != NULL && _blocker_object->is_a(SystemDictionary::java_util_concurrent_locks_AbstractOwnableSynchronizer_klass())) {
       _blocker_object_owner = java_util_concurrent_locks_AbstractOwnableSynchronizer::get_owner_threadObj(_blocker_object);
--- a/src/hotspot/share/utilities/tableStatistics.cpp	Fri May 10 09:05:29 2019 -0400
+++ b/src/hotspot/share/utilities/tableStatistics.cpp	Fri May 10 09:07:53 2019 -0400
@@ -23,11 +23,14 @@
  */
 
 #include "precompiled.hpp"
-#include "jfr/jfr.hpp"
 #include "runtime/atomic.hpp"
 #include "runtime/os.hpp"
 #include "utilities/debug.hpp"
+#include "utilities/macros.hpp"
 #include "utilities/tableStatistics.hpp"
+#if INCLUDE_JFR
+#include "jfr/jfr.hpp"
+#endif
 
 TableRateStatistics::TableRateStatistics() :
   _added_items(0), _removed_items(0),
@@ -38,15 +41,19 @@
 TableRateStatistics::~TableRateStatistics() { };
 
 void TableRateStatistics::add() {
+#if INCLUDE_JFR
   if (Jfr::is_recording()) {
     Atomic::inc(&_added_items);
   }
+#endif
 }
 
 void TableRateStatistics::remove() {
+#if INCLUDE_JFR
   if (Jfr::is_recording()) {
     Atomic::inc(&_removed_items);
   }
+#endif
 }
 
 void TableRateStatistics::stamp() {
@@ -108,11 +115,13 @@
   _bucket_size = (_number_of_buckets <= 0) ? 0 : (_bucket_bytes / _number_of_buckets);
   _entry_size = (_number_of_entries <= 0) ? 0 : (_entry_bytes / _number_of_entries);
 
+#if INCLUDE_JFR
   if (Jfr::is_recording()) {
     rate_stats.stamp();
     _add_rate = rate_stats.get_add_rate();
     _remove_rate = rate_stats.get_remove_rate();
   }
+#endif
 }
 
 TableStatistics::~TableStatistics() { }
--- a/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java	Fri May 10 09:07:53 2019 -0400
@@ -1666,25 +1666,33 @@
             // and deduce the coder from there. Arguments would be either converted to Strings
             // during the initial filtering, or handled by specializations in MIXERS.
             //
-            // The method handle shape before and after all mixers are combined in is:
+            // The method handle shape before all mixers are combined in is:
             //   (long, <args>)String = ("indexCoder", <args>)
+            //
+            // We will bind the initialLengthCoder value to the last mixer (the one that will be
+            // executed first), then fold that in. This leaves the shape after all mixers are
+            // combined in as:
+            //   (<args>)String = (<args>)
 
+            int ac = -1;
+            MethodHandle mix = null;
             for (RecipeElement el : recipe.getElements()) {
                 switch (el.getTag()) {
                     case TAG_CONST:
                         // Constants already handled in the code above
                         break;
                     case TAG_ARG:
-                        int ac = el.getArgPos();
-
-                        Class<?> argClass = ptypes[ac];
-                        MethodHandle mix = mixer(argClass);
+                        if (ac >= 0) {
+                            // Compute new "index" in-place using old value plus the appropriate argument.
+                            mh = MethodHandles.filterArgumentsWithCombiner(mh, 0, mix,
+                                    0, // old-index
+                                    1 + ac // selected argument
+                            );
+                        }
 
-                        // Compute new "index" in-place using old value plus the appropriate argument.
-                        mh = MethodHandles.filterArgumentsWithCombiner(mh, 0, mix,
-                                0, // old-index
-                                1 + ac // selected argument
-                        );
+                        ac = el.getArgPos();
+                        Class<?> argClass = ptypes[ac];
+                        mix = mixer(argClass);
 
                         break;
                     default:
@@ -1692,9 +1700,19 @@
                 }
             }
 
-            // Insert initial length and coder value here.
+            // Insert the initialLengthCoder value into the final mixer, then
+            // fold that into the base method handle
+            if (ac >= 0) {
+                mix = MethodHandles.insertArguments(mix, 0, initialLengthCoder);
+                mh = MethodHandles.foldArgumentsWithCombiner(mh, 0, mix,
+                        1 + ac // selected argument
+                );
+            } else {
+                // No mixer (constants only concat), insert initialLengthCoder directly
+                mh = MethodHandles.insertArguments(mh, 0, initialLengthCoder);
+            }
+
             // The method handle shape here is (<args>).
-            mh = MethodHandles.insertArguments(mh, 0, initialLengthCoder);
 
             // Apply filters, converting the arguments:
             if (filters != null) {
--- a/src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.base/share/classes/sun/security/provider/certpath/URICertStore.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -123,23 +123,40 @@
     // allowed when downloading CRLs
     private static final int DEFAULT_CRL_CONNECT_TIMEOUT = 15000;
 
+    // Default maximum read timeout in milliseconds (15 seconds)
+    // allowed when downloading CRLs
+    private static final int DEFAULT_CRL_READ_TIMEOUT = 15000;
+
     /**
      * Integer value indicating the connect timeout, in seconds, to be
      * used for the CRL download. A timeout of zero is interpreted as
      * an infinite timeout.
      */
-    private static final int CRL_CONNECT_TIMEOUT = initializeTimeout();
+    private static final int CRL_CONNECT_TIMEOUT =
+        initializeTimeout("com.sun.security.crl.timeout",
+                          DEFAULT_CRL_CONNECT_TIMEOUT);
 
     /**
-     * Initialize the timeout length by getting the CRL timeout
-     * system property. If the property has not been set, or if its
-     * value is negative, set the timeout length to the default.
+     * Integer value indicating the read timeout, in seconds, to be
+     * used for the CRL download. A timeout of zero is interpreted as
+     * an infinite timeout.
      */
-    private static int initializeTimeout() {
-        Integer tmp = java.security.AccessController.doPrivileged(
-                new GetIntegerAction("com.sun.security.crl.timeout"));
+    private static final int CRL_READ_TIMEOUT =
+        initializeTimeout("com.sun.security.crl.readtimeout",
+                          DEFAULT_CRL_READ_TIMEOUT);
+
+    /**
+     * Initialize the timeout length by getting the specified CRL timeout
+     * system property. If the property has not been set, or if its
+     * value is negative, set the timeout length to the specified default.
+     */
+    private static int initializeTimeout(String prop, int def) {
+        Integer tmp = GetIntegerAction.privilegedGetProperty(prop);
         if (tmp == null || tmp < 0) {
-            return DEFAULT_CRL_CONNECT_TIMEOUT;
+            return def;
+        }
+        if (debug != null) {
+            debug.println(prop + " set to " + tmp + " seconds");
         }
         // Convert to milliseconds, as the system property will be
         // specified in seconds
@@ -364,6 +381,7 @@
             }
             long oldLastModified = lastModified;
             connection.setConnectTimeout(CRL_CONNECT_TIMEOUT);
+            connection.setReadTimeout(CRL_READ_TIMEOUT);
             try (InputStream in = connection.getInputStream()) {
                 lastModified = connection.getLastModified();
                 if (oldLastModified != 0) {
--- a/src/java.base/share/conf/security/java.security	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.base/share/conf/security/java.security	Fri May 10 09:07:53 2019 -0400
@@ -1161,6 +1161,23 @@
 #jdk.includeInExceptions=hostInfo,jar
 
 #
+# Disabled mechanisms for the Simple Authentication and Security Layer (SASL)
+#
+# Disabled mechanisms will not be negotiated by both SASL clients and servers.
+# These mechanisms will be ignored if they are specified in the mechanisms argument
+# of `Sasl.createClient` or the mechanism argument of `Sasl.createServer`.
+#
+# The value of this property is a comma-separated list of SASL mechanisms.
+# The mechanisms are case-sensitive. Whitespaces around the commas are ignored.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+# Example:
+#   jdk.sasl.disabledMechanisms=PLAIN, CRAM-MD5, DIGEST-MD5
+jdk.sasl.disabledMechanisms=
+
+#
 # Policies for distrusting Certificate Authorities (CAs).
 #
 # This is a comma separated value of one or more case-sensitive strings, each
--- a/src/java.base/share/native/libjava/jdk_util.c	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.base/share/native/libjava/jdk_util.c	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -46,9 +46,4 @@
                         ((version_security & 0xFF) << 8)  |
                         (version_build & 0xFF);
     info->patch_version = version_patch;
-    info->thread_park_blocker = 1;
-    // Advertise presence of PostVMInitHook:
-    // future optimization: detect if this is enabled.
-    info->post_vm_init_hook_enabled = 1;
-    info->pending_list_uses_discovered_field = 1;
 }
--- a/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.security.sasl/share/classes/javax/security/sasl/Sasl.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,9 +26,12 @@
 package javax.security.sasl;
 
 import javax.security.auth.callback.CallbackHandler;
-
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.HashSet;
@@ -38,6 +41,8 @@
 import java.security.Provider;
 import java.security.Provider.Service;
 import java.security.Security;
+import java.util.logging.Level;
+import java.util.logging.Logger;
 
 /**
  * A static class for creating SASL clients and servers.
@@ -65,6 +70,30 @@
  * @author Rob Weltman
  */
 public class Sasl {
+
+    private static List<String> disabledMechanisms = new ArrayList<>();
+
+    static {
+        String prop = AccessController.doPrivileged(
+                (PrivilegedAction<String>)
+                () -> Security.getProperty("jdk.sasl.disabledMechanisms"));
+
+        if (prop != null) {
+            for (String s : prop.split("\\s*,\\s*")) {
+                if (!s.isEmpty()) {
+                    disabledMechanisms.add(s);
+                }
+            }
+        }
+    }
+
+    private static final String SASL_LOGGER_NAME = "javax.security.sasl";
+
+    /**
+     * Logger for debug messages
+     */
+    private static final Logger logger = Logger.getLogger(SASL_LOGGER_NAME);
+
     // Cannot create one of these
     private Sasl() {
     }
@@ -318,6 +347,9 @@
      * the preferred provider order for the specified algorithm. This
      * may be different than the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
+     * <p>
+     * If a mechanism is listed in the {@code jdk.sasl.disabledMechanisms}
+     * security property, it will be ignored and won't be negotiated.
      *
      * @param mechanisms The non-null list of mechanism names to try. Each is the
      * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
@@ -381,6 +413,10 @@
                     "Mechanism name cannot be null");
             } else if (mechName.length() == 0) {
                 continue;
+            } else if (isDisabled(mechName)) {
+                logger.log(Level.FINE,
+                        "Disabled " + mechName + " mechanism ignored");
+                continue;
             }
             String type = "SaslClientFactory";
             Provider[] provs = Security.getProviders(type + "." + mechName);
@@ -468,6 +504,9 @@
      * the preferred provider order for the specified algorithm. This
      * may be different than the order of providers returned by
      * {@link Security#getProviders() Security.getProviders()}.
+     * <p>
+     * If {@code mechanism} is listed in the {@code jdk.sasl.disabledMechanisms}
+     * security property, it will be ignored and this method returns {@code null}.
      *
      * @param mechanism The non-null mechanism name. It must be an
      * IANA-registered name of a SASL mechanism. (e.g. "GSSAPI", "CRAM-MD5").
@@ -521,6 +560,10 @@
             throw new NullPointerException("Mechanism name cannot be null");
         } else if (mechanism.length() == 0) {
             return null;
+        } else if (isDisabled(mechanism)) {
+            logger.log(Level.FINE,
+                    "Disabled " + mechanism + " mechanism ignored");
+            return null;
         }
 
         String type = "SaslServerFactory";
@@ -616,4 +659,8 @@
         }
         return Collections.unmodifiableSet(result);
     }
+
+    private static boolean isDisabled(String name) {
+        return disabledMechanisms.contains(name);
+    }
 }
--- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/dv/xs/TypeValidator.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/dv/xs/TypeValidator.java	Fri May 10 09:07:53 2019 -0400
@@ -1,6 +1,5 @@
 /*
- * reserved comment block
- * DO NOT REMOVE OR ALTER!
+ * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -23,6 +22,8 @@
 
 import com.sun.org.apache.xerces.internal.impl.dv.InvalidDatatypeValueException;
 import com.sun.org.apache.xerces.internal.impl.dv.ValidationContext;
+import com.sun.org.apache.xerces.internal.util.XMLChar;
+import jdk.xml.internal.SecuritySupport;
 
 /**
  * All primitive types plus ID/IDREF/ENTITY/INTEGER are derived from this abstract
@@ -35,9 +36,14 @@
  * @author Neeraj Bajaj, Sun Microsystems, inc.
  * @author Sandy Gao, IBM
  *
+ * @LastModified: Apr 2019
  */
 public abstract class TypeValidator {
 
+    private static final boolean USE_CODE_POINT_COUNT_FOR_STRING_LENGTH =
+            Boolean.parseBoolean(SecuritySupport.getSystemProperty(
+                    "com.sun.org.apache.xerces.internal.impl.dv.xs.useCodePointCountForStringLength", "false"));
+
     // which facets are allowed for this type
     public abstract short getAllowedFacets();
 
@@ -82,7 +88,14 @@
     // get the length of the value
     // the parameters are in compiled form (from getActualValue)
     public int getDataLength(Object value) {
-        return (value instanceof String) ? ((String)value).length() : -1;
+        if (value instanceof String) {
+            final String str = (String)value;
+            if (!USE_CODE_POINT_COUNT_FOR_STRING_LENGTH) {
+                return str.length();
+            }
+            return getCodePointLength(str);
+        }
+        return -1;
     }
 
     // get the number of digits of the value
@@ -97,6 +110,25 @@
         return -1;
     }
 
+    // Returns the length of the string in Unicode code points.
+    private int getCodePointLength(String value) {
+        // Count the number of surrogate pairs, and subtract them from
+        // the total length.
+        final int len = value.length();
+        int surrogatePairCount = 0;
+        for (int i = 0; i < len - 1; ++i) {
+            if (XMLChar.isHighSurrogate(value.charAt(i))) {
+                if (XMLChar.isLowSurrogate(value.charAt(++i))) {
+                    ++surrogatePairCount;
+                }
+                else {
+                    --i;
+                }
+            }
+        }
+        return len - surrogatePairCount;
+    }
+
     // check whether the character is in the range 0x30 ~ 0x39
     public static final boolean isDigit(char ch) {
         return ch >= '0' && ch <= '9';
--- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/msg/XMLSchemaMessages.properties	Fri May 10 09:07:53 2019 -0400
@@ -39,7 +39,6 @@
         cvc-complex-type.2.4.b = cvc-complex-type.2.4.b: The content of element ''{0}'' is not complete. One of ''{1}'' is expected.
         cvc-complex-type.2.4.c = cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element ''{0}''.
         cvc-complex-type.2.4.d = cvc-complex-type.2.4.d: Invalid content was found starting with element ''{0}''. No child element is expected at this point.
-        cvc-complex-type.2.4.d.1 = cvc-complex-type.2.4.d: Invalid content was found starting with element ''{0}''. No child element ''{1}'' is expected at this point.
         cvc-complex-type.2.4.e = cvc-complex-type.2.4.e: ''{0}'' can occur a maximum of ''{2}'' times in the current sequence. This limit was exceeded. At this point one of ''{1}'' is expected.
         cvc-complex-type.2.4.f = cvc-complex-type.2.4.f: ''{0}'' can occur a maximum of ''{1}'' times in the current sequence. This limit was exceeded. No child element is expected at this point.
         cvc-complex-type.2.4.g = cvc-complex-type.2.4.g: Invalid content was found starting with element ''{0}''. ''{1}'' is expected to occur a minimum of ''{2}'' times in the current sequence. One more instance is required to satisfy this constraint.
@@ -103,7 +102,7 @@
         src-ct.1 = src-ct.1: Complex Type Definition Representation Error for type ''{0}''.  When <complexContent> is used, the base type must be a complexType. ''{1}'' is a simpleType.
         src-ct.2.1 = src-ct.2.1: Complex Type Definition Representation Error for type ''{0}''.  When <simpleContent> is used, the base type must be a complexType whose content type is simple, or, only if restriction is specified, a complex type with mixed content and emptiable particle, or, only if extension is specified, a simple type. ''{1}'' satisfies none of these conditions.
         src-ct.2.2 = src-ct.2.2: Complex Type Definition Representation Error for type ''{0}''.  When a complexType with simpleContent restricts a complexType with mixed content and emptiable particle, then there must be a <simpleType> among the children of <restriction>.
-        src-ct.4 = src-ct.4: Complex Type Definition Representation Error for type ''{0}''.  The intersection of wildcards is not expressible.
+        src-ct.4 = src-ct.4: Complex Type Definition Representation Error for type ''{0}''. The intersection of wildcards is not expressible.
         src-ct.5 = src-ct.5: Complex Type Definition Representation Error for type ''{0}''. The union of wildcards is not expressible.
         src-element.1 = src-element.1: The properties ''default'' and ''fixed'' cannot both be present in element declaration ''{0}''. Use only one of them.
         src-element.2.1 = src-element.2.1: : One of 'ref' or 'name' must be present in a local element declaration.
@@ -234,14 +233,14 @@
         rcase-MapAndSum.2 = rcase-MapAndSum.2: Group''s occurrence range, ({0},{1}), is not a valid restriction of base group''s occurrence range, ({2},{3}).
         rcase-NameAndTypeOK.1 = rcase-NameAndTypeOK.1: Elements have names and target namespaces which are not the same:  Element ''{0}'' in namespace ''{1}'' and element ''{2}'' in namespace ''{3}''.
         rcase-NameAndTypeOK.2 = rcase-NameAndTypeOK.2: Error for the particle whose '{'term'}' is the element declaration ''{0}''. The element declaration''s '{'nillable'}' is true, but the corresponding particle in the base type has an element declaration whose '{'nillable'}' is false.
-        rcase-NameAndTypeOK.3 = rcase-NameAndTypeOK.3: Error for the particle whose '{'term'}' is the element declaration ''{0}''. Its occurrence range, ({1},{2}), is not a valid restriction of the range, ({3},{4}, of the corresponding particle in the base type.
+        rcase-NameAndTypeOK.3 = rcase-NameAndTypeOK.3: Error for the particle whose '{'term'}' is the element declaration ''{0}''. Its occurrence range, ({1},{2}), is not a valid restriction of the range, ({3},{4}), of the corresponding particle in the base type.
         rcase-NameAndTypeOK.4.a = rcase-NameAndTypeOK.4.a: Element ''{0}'' is not fixed, but the corresponding element in the base type is fixed with value ''{1}''.
         rcase-NameAndTypeOK.4.b = rcase-NameAndTypeOK.4.b: Element ''{0}'' is fixed with value ''{1}'', but the corresponding element in the base type is fixed with value ''{2}''.
         rcase-NameAndTypeOK.5 = rcase-NameAndTypeOK.5: Identity constraints for element ''{0}'' are not a subset of those in base.
         rcase-NameAndTypeOK.6 = rcase-NameAndTypeOK.6: The disallowed substitutions for element ''{0}'' are not a superset of those in the base.
         rcase-NameAndTypeOK.7 = rcase-NameAndTypeOK.7: The type of element ''{0}'', ''{1}'', is not derived from the type of the base element, ''{2}''.
         rcase-NSCompat.1 = rcase-NSCompat.1: Element ''{0}'' has a namespace ''{1}'' which is not allowed by the wildcard in the base.
-        rcase-NSCompat.2 = rcase-NSCompat.2: Error for the particle whose '{'term'}' is the element declaration ''{0}''. Its occurrence range, ({1},{2}), is not a valid restriction of the range, ({3},{4}, of the corresponding particle in the base type.
+        rcase-NSCompat.2 = rcase-NSCompat.2: Error for the particle whose '{'term'}' is the element declaration ''{0}''. Its occurrence range, ({1},{2}), is not a valid restriction of the range, ({3},{4}), of the corresponding particle in the base type.
         rcase-NSRecurseCheckCardinality.1 = rcase-NSRecurseCheckCardinality.1: There is not a complete functional mapping between the particles.
         rcase-NSRecurseCheckCardinality.2 = rcase-NSRecurseCheckCardinality.2: Group''s occurrence range, ({0},{1}), is not a valid restriction of base wildcard''s range, ({2},{3}).
         rcase-NSSubset.1 = rcase-NSSubset.1: Wildcard is not a subset of corresponding wildcard in base.
@@ -286,15 +285,15 @@
         EmptyTargetNamespace = EmptyTargetNamespace: In schema document ''{0}'', the value of the ''targetNamespace'' attribute cannot be an empty string.
         FacetValueFromBase = FacetValueFromBase: In the declaration of type ''{0}'', value ''{1}'' of facet ''{2}'' must be from the value space of the base type, ''{3}''.
         FixedFacetValue = FixedFacetValue: In the definition of {3}, the value ''{1}'' for the facet ''{0}'' is invalid, because the value for ''{0}'' has been set to ''{2}'' in one of the ancestor types, and '{'fixed'}' = true.
-        InvalidRegex = InvalidRegex: Pattern value ''{0}'' is not a valid regular expression. The reported error was: ''{1}'' at column ''{2}''.
-        MaxOccurLimit = Current configuration of the parser doesn''t allow a maxOccurs attribute value to be set greater than the value {0}.
+        InvalidRegex = InvalidRegex: Pattern value ''{0}'' is not a valid regular expression. The reported error was: ''{1}''.
+        MaxOccurLimit = Current configuration of the parser doesn''t allow the expansion of a content model for a complex type to contain more than {0} nodes.
         PublicSystemOnNotation = PublicSystemOnNotation: At least one of ''public'' and ''system'' must appear in element ''notation''.
         SchemaLocation = SchemaLocation: schemaLocation value = ''{0}'' must have even number of URI''s.
         TargetNamespace.1 = TargetNamespace.1: Expecting namespace ''{0}'', but the target namespace of the schema document is ''{1}''.
         TargetNamespace.2 = TargetNamespace.2: Expecting no namespace, but the schema document has a target namespace of ''{1}''.
         UndeclaredEntity = UndeclaredEntity: Entity ''{0}'' is not declared.
         UndeclaredPrefix = UndeclaredPrefix: Cannot resolve ''{0}'' as a QName: the prefix ''{1}'' is not declared.
-
+        FacetsContradict = FacetsContradict: For simpleType definition ''{2}'', the enumeration value ''{0}'' contradicts with value of ''{1}'' facet.
 
 # JAXP 1.2 schema source property errors
 
--- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDAbstractTraverser.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDAbstractTraverser.java	Fri May 10 09:07:53 2019 -0400
@@ -23,6 +23,8 @@
 import com.sun.org.apache.xerces.internal.impl.dv.InvalidDatatypeValueException;
 import com.sun.org.apache.xerces.internal.impl.dv.XSFacets;
 import com.sun.org.apache.xerces.internal.impl.dv.XSSimpleType;
+import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
+import com.sun.org.apache.xerces.internal.impl.dv.xs.XSSimpleTypeDecl;
 import com.sun.org.apache.xerces.internal.impl.validation.ValidationState;
 import com.sun.org.apache.xerces.internal.impl.xs.SchemaGrammar;
 import com.sun.org.apache.xerces.internal.impl.xs.SchemaSymbols;
@@ -42,6 +44,7 @@
 import com.sun.org.apache.xerces.internal.xni.QName;
 import com.sun.org.apache.xerces.internal.xs.XSAttributeUse;
 import com.sun.org.apache.xerces.internal.xs.XSObjectList;
+import com.sun.org.apache.xerces.internal.xs.XSSimpleTypeDefinition;
 import com.sun.org.apache.xerces.internal.xs.XSTypeDefinition;
 import java.util.ArrayList;
 import java.util.List;
@@ -280,6 +283,7 @@
     }
 
     FacetInfo traverseFacets(Element content,
+            XSTypeDefinition typeDef,
             XSSimpleType baseValidator,
             XSDocumentInfo schemaDoc) {
 
@@ -293,6 +297,9 @@
         List<NamespaceContext> enumNSDecls = hasQName ? new ArrayList<>() : null;
         int currentFacet = 0;
         xsFacets.reset();
+        boolean seenPattern = false;
+        Element contextNode = (Element)content.getParentNode();
+        boolean hasLengthFacet = false, hasMinLengthFacet = false, hasMaxLengthFacet = false;
         while (content != null) {
             // General Attribute Checking
             Object[] attrs = null;
@@ -364,7 +371,6 @@
                 }
             }
             else if (facet.equals(SchemaSymbols.ELT_PATTERN)) {
-                facetsPresent |= XSSimpleType.FACET_PATTERN;
                 attrs = fAttrChecker.checkAttributes(content, false, schemaDoc);
                 String patternVal = (String)attrs[XSAttributeChecker.ATTIDX_VALUE];
                 // The facet can't be used if the value is missing. Ignore
@@ -376,6 +382,7 @@
                     continue;
                 }
 
+                seenPattern = true;
                 if (fPattern.length() == 0) {
                     fPattern.append(patternVal);
                 } else {
@@ -477,9 +484,11 @@
                 switch (currentFacet) {
                 case XSSimpleType.FACET_MINLENGTH:
                     xsFacets.minLength = ((XInt)attrs[XSAttributeChecker.ATTIDX_VALUE]).intValue();
+                    hasMinLengthFacet = true;
                     break;
                 case XSSimpleType.FACET_MAXLENGTH:
                     xsFacets.maxLength = ((XInt)attrs[XSAttributeChecker.ATTIDX_VALUE]).intValue();
+                    hasMaxLengthFacet = true;
                     break;
                 case XSSimpleType.FACET_MAXEXCLUSIVE:
                     xsFacets.maxExclusive = (String)attrs[XSAttributeChecker.ATTIDX_VALUE];
@@ -504,6 +513,7 @@
                     break;
                 case XSSimpleType.FACET_LENGTH:
                     xsFacets.length = ((XInt)attrs[XSAttributeChecker.ATTIDX_VALUE]).intValue();
+                    hasLengthFacet = true;
                     break;
                 }
 
@@ -566,16 +576,148 @@
             xsFacets.enumNSDecls = enumNSDecls;
             xsFacets.enumAnnotations = enumAnnotations;
         }
-        if ((facetsPresent & XSSimpleType.FACET_PATTERN) != 0) {
+        if (seenPattern) {
+            facetsPresent |= XSSimpleType.FACET_PATTERN;
             xsFacets.pattern = fPattern.toString();
             xsFacets.patternAnnotations = patternAnnotations;
         }
 
         fPattern.setLength(0);
 
+        // check if length, minLength and maxLength facets contradict with enumeration facets.
+        // currently considers the case when the baseValidator is a built-in type.
+        if (enumData != null) {
+           if (hasLengthFacet) {
+              checkEnumerationAndLengthInconsistency(baseValidator, enumData, contextNode, getSchemaTypeName(typeDef));
+           }
+           if (hasMinLengthFacet) {
+              checkEnumerationAndMinLengthInconsistency(baseValidator, enumData, contextNode, getSchemaTypeName(typeDef));
+           }
+           if (hasMaxLengthFacet) {
+              checkEnumerationAndMaxLengthInconsistency(baseValidator, enumData, contextNode, getSchemaTypeName(typeDef));
+           }
+        }
+
         return new FacetInfo(xsFacets, content, facetsPresent, facetsFixed);
     }
 
+    /*
+     * Get name of an XSD type definition as a string value (which will typically be the value of "name" attribute of a
+     * type definition, or an internal name determined by the validator for anonymous types).
+     */
+    public static String getSchemaTypeName(XSTypeDefinition typeDefn) {
+
+        String typeNameStr = "";
+        if (typeDefn instanceof XSSimpleTypeDefinition) {
+            typeNameStr = ((XSSimpleTypeDecl) typeDefn).getTypeName();
+        }
+        else {
+            typeNameStr = ((XSComplexTypeDecl) typeDefn).getTypeName();
+        }
+
+        return typeNameStr;
+
+    } // getSchemaTypeName
+
+    /*
+     * Check whether values of xs:maxLength and xs:enumeration are consistent. Report a warning message if they are not.
+     */
+    private void checkEnumerationAndMaxLengthInconsistency(XSSimpleType baseValidator, List<String> enumData, Element contextNode, String typeName) {
+        if (SchemaSymbols.URI_SCHEMAFORSCHEMA.equals(baseValidator.getNamespace()) &&
+            SchemaSymbols.ATTVAL_HEXBINARY.equals(baseValidator.getName())) {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                if (enumVal.length() / 2 > xsFacets.maxLength) {
+                    reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_MAXLENGTH, typeName}, contextNode);
+                }
+            }
+        }
+        else if (SchemaSymbols.URI_SCHEMAFORSCHEMA.equals(baseValidator.getNamespace()) &&
+                 SchemaSymbols.ATTVAL_BASE64BINARY.equals(baseValidator.getName())) {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                byte[] decodedVal = Base64.decode(enumVal);
+                if (decodedVal != null && (new String(decodedVal)).length() > xsFacets.maxLength) {
+                   reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_MAXLENGTH, typeName}, contextNode);
+                }
+            }
+        }
+        else {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                if (enumVal.length() > xsFacets.maxLength) {
+                    reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_MAXLENGTH, typeName}, contextNode);
+                }
+            }
+        }
+    } // checkEnumerationAndMaxLengthInconsistency
+
+    /*
+     * Check whether values of xs:minLength and xs:enumeration are consistent. Report a warning message if they are not.
+     */
+    private void checkEnumerationAndMinLengthInconsistency(XSSimpleType baseValidator, List<String> enumData, Element contextNode, String typeName) {
+        if (SchemaSymbols.URI_SCHEMAFORSCHEMA.equals(baseValidator.getNamespace()) &&
+            SchemaSymbols.ATTVAL_HEXBINARY.equals(baseValidator.getName())) {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                if (enumVal.length() / 2 < xsFacets.minLength) {
+                    reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_MINLENGTH, typeName}, contextNode);
+                }
+            }
+        }
+        else if (SchemaSymbols.URI_SCHEMAFORSCHEMA.equals(baseValidator.getNamespace()) &&
+                 SchemaSymbols.ATTVAL_BASE64BINARY.equals(baseValidator.getName())) {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                byte[] decodedVal = Base64.decode(enumVal);
+                if (decodedVal != null && (new String(decodedVal)).length() < xsFacets.minLength) {
+                   reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_MINLENGTH, typeName}, contextNode);
+                }
+            }
+        }
+        else {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                if (enumVal.length() < xsFacets.minLength) {
+                    reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_MINLENGTH, typeName}, contextNode);
+                }
+            }
+        }
+    } // checkEnumerationAndMinLengthInconsistency
+
+    /*
+     * Check whether values of xs:length and xs:enumeration are consistent. Report a warning message if they are not.
+     */
+    private void checkEnumerationAndLengthInconsistency(XSSimpleType baseValidator, List<String> enumData, Element contextNode, String typeName) {
+        if (SchemaSymbols.URI_SCHEMAFORSCHEMA.equals(baseValidator.getNamespace()) &&
+            SchemaSymbols.ATTVAL_HEXBINARY.equals(baseValidator.getName())) {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                if (enumVal.length() / 2 != xsFacets.length) {
+                    reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_LENGTH, typeName}, contextNode);
+                }
+            }
+        }
+        else if (SchemaSymbols.URI_SCHEMAFORSCHEMA.equals(baseValidator.getNamespace()) &&
+                 SchemaSymbols.ATTVAL_BASE64BINARY.equals(baseValidator.getName())) {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                byte[] decodedVal = Base64.decode(enumVal);
+                if (decodedVal != null && (new String(decodedVal)).length() != xsFacets.length) {
+                   reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_LENGTH, typeName}, contextNode);
+                }
+            }
+        }
+        else {
+            for (int enumIdx = 0; enumIdx < enumData.size(); enumIdx++) {
+                String enumVal = (enumData.get(enumIdx));
+                if (enumVal.length() != xsFacets.length) {
+                    reportSchemaWarning("FacetsContradict", new Object[]{enumVal, SchemaSymbols.ELT_LENGTH, typeName}, contextNode);
+                }
+            }
+        }
+    } // checkEnumerationAndLengthInconsistency
+
 
     // return whether QName/NOTATION is part of the given type
     private boolean containsQName(XSSimpleType type) {
@@ -724,6 +866,10 @@
         fSchemaHandler.reportSchemaError(key, args, ele);
     }
 
+    void reportSchemaWarning (String key, Object[] args, Element ele) {
+        fSchemaHandler.reportSchemaWarning(key, args, ele);
+    }
+
     /**
      * Element/Attribute traversers call this method to check whether
      * the type is NOTATION without enumeration facet
--- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDComplexTypeTraverser.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDComplexTypeTraverser.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -62,7 +62,7 @@
  * </complexType>
  *
  * @xerces.internal
- *
+ * @LastModified: Apr 2019
  */
 
 class  XSDComplexTypeTraverser extends XSDAbstractParticleTraverser {
@@ -574,7 +574,7 @@
             short fixedFacets = 0 ;
 
             if (simpleContent!=null) {
-                FacetInfo fi = traverseFacets(simpleContent, baseValidator, schemaDoc);
+                FacetInfo fi = traverseFacets(simpleContent, fComplexTypeDecl, baseValidator, schemaDoc);
                 attrNode = fi.nodeAfterFacets;
                 facetData = fi.facetdata;
                 presentFacets = fi.fPresentFacets;
@@ -1193,9 +1193,6 @@
         // REVISIT: do we need to remove all attribute uses already added into
         // the attribute group? maybe it's ok to leave them there. -SG
         fAttrGrp.fAttributeWC = getErrorWildcard();
-
-        return;
-
     }
 
     private void contentBackup() {
--- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDHandler.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -60,6 +60,7 @@
 import com.sun.org.apache.xerces.internal.util.SymbolHash;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
 import com.sun.org.apache.xerces.internal.util.URI.MalformedURIException;
+import com.sun.org.apache.xerces.internal.util.XMLChar;
 import com.sun.org.apache.xerces.internal.util.XMLSymbols;
 import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
 import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
@@ -129,7 +130,7 @@
  * @author Neil Graham, IBM
  * @author Pavani Mukthipudi, Sun Microsystems
  *
- * @LastModified: Nov 2017
+ * @LastModified: Apr 2019
  */
 @SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
 public class XSDHandler {
@@ -591,10 +592,27 @@
         } //is instanceof XMLInputSource
 
         if (schemaRoot == null) {
+            if (is instanceof XSInputSource) {
+                // Need to return a grammar. If the XSInputSource has a list
+                // of grammar objects, then get the first one and return it.
+                // If it has a list of components, then get the grammar that
+                // contains the first component and return it.
+                // If we return null, the XMLSchemaLoader will think nothing
+                // was loaded, and will not try to put the grammar objects
+                // into the grammar pool.
+                XSInputSource xsinput = (XSInputSource)is;
+                SchemaGrammar[] grammars = xsinput.getGrammars();
+                if (grammars != null && grammars.length > 0) {
+                    grammar = fGrammarBucket.getGrammar(grammars[0].getTargetNamespace());
+                }
+                else {
+                    XSObject[] components = xsinput.getComponents();
+                    if (components != null && components.length > 0) {
+                        grammar = fGrammarBucket.getGrammar(components[0].getNamespace());
+                    }
+                }
+            }
             // something went wrong right off the hop
-            if (is instanceof XSInputSource) {
-                return fGrammarBucket.getGrammar(desc.getTargetNamespace());
-            }
             return grammar;
         }
 
@@ -1299,6 +1317,7 @@
                         String qName = currSchemaDoc.fTargetNamespace == null ?
                                 ","+lName:
                                     currSchemaDoc.fTargetNamespace +","+lName;
+                        qName = XMLChar.trim(qName);
                         String componentType = DOMUtil.getLocalName(redefineComp);
                         if (componentType.equals(SchemaSymbols.ELT_ATTRIBUTEGROUP)) {
                             checkForDuplicateNames(qName, ATTRIBUTEGROUP_TYPE, fUnparsedAttributeGroupRegistry, fUnparsedAttributeGroupRegistrySub, redefineComp, currSchemaDoc);
@@ -1343,6 +1362,7 @@
                     String qName = currSchemaDoc.fTargetNamespace == null?
                             ","+lName:
                                 currSchemaDoc.fTargetNamespace +","+lName;
+                    qName = XMLChar.trim(qName);
                     String componentType = DOMUtil.getLocalName(globalComp);
 
                     if (componentType.equals(SchemaSymbols.ELT_ATTRIBUTE)) {
@@ -2466,9 +2486,15 @@
             return getSchemaDocument0(key, schemaId, schemaElement);
         }
         catch (XMLStreamException e) {
-            StAXLocationWrapper slw = new StAXLocationWrapper();
-            slw.setLocation(e.getLocation());
-            throw new XMLParseException(slw, e.getMessage(), e);
+            Throwable t = e.getNestedException();
+            if (t instanceof IOException) {
+                exception = (IOException) t;
+            }
+            else {
+                StAXLocationWrapper slw = new StAXLocationWrapper();
+                slw.setLocation(e.getLocation());
+                throw new XMLParseException(slw, e.getMessage(), e);
+            }
         }
         catch (IOException e) {
             exception = e;
@@ -2741,16 +2767,29 @@
 
     @SuppressWarnings("unchecked")
     private void addNewImportedGrammars(SchemaGrammar srcGrammar, SchemaGrammar dstGrammar) {
-        final ArrayList<SchemaGrammar> igs1 = (ArrayList<SchemaGrammar>)srcGrammar.getImportedGrammars();
-        if (igs1 != null) {
-           ArrayList<SchemaGrammar> igs2 = (ArrayList<SchemaGrammar>)dstGrammar.getImportedGrammars();
-
-            if (igs2 == null) {
-                igs2 = (ArrayList<SchemaGrammar>)igs1.clone();
-                dstGrammar.setImportedGrammars(igs2);
+        final ArrayList<SchemaGrammar> src = (ArrayList<SchemaGrammar>)srcGrammar.getImportedGrammars();
+        if (src != null) {
+            ArrayList<SchemaGrammar> dst = (ArrayList<SchemaGrammar>)dstGrammar.getImportedGrammars();
+            if (dst == null) {
+                dst = new ArrayList<>();
+                dstGrammar.setImportedGrammars(dst);
             }
-            else {
-                updateImportList(igs1, igs2);
+            for (SchemaGrammar sg :src) {
+                // Can't use the object from the source import list directly.
+                // It's possible there is already a grammar with the same
+                // namespace in the bucket but a different object.
+                // This can happen if the bucket has grammar A1, and we try
+                // to add B and A2, where A2 imports B. When B is added, we
+                // create a new object B' and store it in the bucket. Then we
+                // try to merge A2 and A1. We can't use B. Need to get B' from
+                // the bucket and store it in A's import list.
+                SchemaGrammar sg1 = fGrammarBucket.getGrammar(sg.getTargetNamespace());
+                if (sg1 != null) {
+                    sg = sg1;
+                }
+                if (!containedImportedGrammar(dst, sg)) {
+                    dst.add(sg);
+                }
             }
         }
     }
@@ -3162,7 +3201,7 @@
 
     private void addRelatedType(XSTypeDefinition type, List<XSObject> componentList, String namespace, Map<String, List<String>> dependencies) {
         if (!type.getAnonymous()) {
-            if (!type.getNamespace().equals(SchemaSymbols.URI_SCHEMAFORSCHEMA)) { //REVISIT - do we use == instead
+            if (!SchemaSymbols.URI_SCHEMAFORSCHEMA.equals(type.getNamespace())) { //REVISIT - do we use == instead
                 if (!componentList.contains(type)) {
                     final List<String> importedNamespaces = findDependentNamespaces(namespace, dependencies);
                     addNamespaceDependency(namespace, type.getNamespace(), importedNamespaces);
--- a/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDSimpleTypeTraverser.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/xs/traversers/XSDSimpleTypeTraverser.java	Fri May 10 09:07:53 2019 -0400
@@ -395,7 +395,7 @@
         }
         // now traverse facets, if it's derived by restriction
         if (restriction && content != null) {
-            FacetInfo fi = traverseFacets(content, baseValidator, schemaDoc);
+            FacetInfo fi = traverseFacets(content, newDecl, baseValidator, schemaDoc);
             content = fi.nodeAfterFacets;
 
             try {
--- a/src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Attr.java	Fri May 10 09:05:29 2019 -0400
+++ b/src/jdk.compiler/share/classes/com/sun/tools/javac/comp/Attr.java	Fri May 10 09:07:53 2019 -0400
@@ -2914,7 +2914,7 @@
                 public void visitLambda(JCLambda that) {
                     // or lambda expressions!
                 }
-            }.scan(tree);
+            }.scan(tree.body);
         }
 
         Types.MapVisitor<DiagnosticPosition> targetChecker = new Types.MapVisitor<DiagnosticPosition>() {
--- a/test/hotspot/jtreg/runtime/exceptionMsgs/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/hotspot/jtreg/runtime/exceptionMsgs/ArrayIndexOutOfBoundsException/ArrayIndexOutOfBoundsExceptionTest.java	Fri May 10 09:07:53 2019 -0400
@@ -26,8 +26,14 @@
  * @test
  * @summary Test extended ArrayIndexOutOfBoundsException message. The
  *   message lists information about the array and the indexes involved.
- * @compile ArrayIndexOutOfBoundsExceptionTest.java
+ * @comment This will run in 'normal' mode when Graal is not enabled, else
+ *   Graal mode.
  * @run testng ArrayIndexOutOfBoundsExceptionTest
+ */
+/**
+ * @test
+ * @requires !vm.graal.enabled
+ * @comment These test C1 and C2 so make no sense when Graal is enabled.
  * @run testng/othervm -Xcomp -XX:-TieredCompilation  ArrayIndexOutOfBoundsExceptionTest
  * @run testng/othervm -Xcomp -XX:TieredStopAtLevel=1 ArrayIndexOutOfBoundsExceptionTest
  */
--- a/test/jaxp/javax/xml/jaxp/unittest/validation/SchemaTest.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jaxp/javax/xml/jaxp/unittest/validation/SchemaTest.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,23 +24,70 @@
 package validation;
 
 import java.io.File;
-
+import java.io.StringReader;
+import java.util.ArrayList;
+import java.util.List;
 import javax.xml.XMLConstants;
+import javax.xml.transform.stream.StreamSource;
 import javax.xml.validation.SchemaFactory;
-
+import org.testng.Assert;
 import org.testng.annotations.Listeners;
 import org.testng.annotations.Test;
+import org.xml.sax.ErrorHandler;
+import org.xml.sax.SAXException;
+import org.xml.sax.SAXParseException;
 
 /*
  * @test
+ * @bug 8149915 8222991
  * @library /javax/xml/jaxp/libs /javax/xml/jaxp/unittest
- * @run testng/othervm -DrunSecMngr=true validation.SchemaTest
  * @run testng/othervm validation.SchemaTest
  * @summary Test Schema creation
- * @bug 8149915
  */
 @Listeners({jaxp.library.FilePolicy.class})
 public class SchemaTest {
+    /**
+     * Verifies that an over-the-limit value of an enumeration is caught as a
+     * warning.
+     * @throws Exception if the test fails
+     */
+    @Test
+    public void testSchema() throws Exception {
+        String xsd = "<xsd:schema xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\">\n" +
+                "    <xsd:simpleType name=\"PaymentStatus\">\n" +
+                "        <xsd:restriction base=\"xsd:string\">\n" +
+                "            <xsd:maxLength value=\"15\"/>\n" +
+                "            <xsd:enumeration value=\"AWAIT_PAY_INFO\"/>\n" +
+                "            <xsd:enumeration value=\"AWAIT_AUTH\"/>\n" +
+                "            <xsd:enumeration value=\"REQUESTED_AUTH\"/>\n" +
+                "            <xsd:enumeration value=\"REQUESTED_CHARGE\"/>\n" +
+                "            <xsd:enumeration value=\"PAID\"/>\n" +
+                "        </xsd:restriction>\n" +
+                "    </xsd:simpleType> \n" +
+                "</xsd:schema>";
+        SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+        final List<SAXParseException> exceptions = new ArrayList<>();
+
+        factory.setErrorHandler(new ErrorHandler()
+        {
+          @Override
+          public void warning(SAXParseException exception) throws SAXException
+          {
+            exceptions.add(exception);
+          }
+
+          @Override
+          public void fatalError(SAXParseException exception) throws SAXException
+          {}
+
+          @Override
+          public void error(SAXParseException exception) throws SAXException
+          {}
+        });
+        factory.newSchema(new StreamSource(new StringReader(xsd)));
+        Assert.assertTrue(exceptions.get(0).toString().contains("FacetsContradict"),
+                "Report warning when the maxLength limit is exceeded in an enumeration");
+    }
 
     /*
      * @bug 8149915
--- a/test/jdk/java/net/Socket/Streams.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/java/net/Socket/Streams.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,8 @@
 
 import java.io.IOException;
 import java.lang.reflect.Constructor;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
 import java.net.ServerSocket;
 import java.net.Socket;
 import java.util.concurrent.Phaser;
@@ -42,7 +44,9 @@
 
     public static void main(String[] args) throws Exception {
 
-        try (ServerSocket ss = new ServerSocket(0)) {
+        try (ServerSocket ss = new ServerSocket()) {
+            InetAddress loopback = InetAddress.getLoopbackAddress();
+            ss.bind(new InetSocketAddress(loopback, 0));
             runTest(OutputStreamGetter.class, ss);
             runTest(InputStreamGetter.class, ss);
         }
@@ -55,9 +59,12 @@
         throws Exception
     {
         final int port = ss.getLocalPort();
+        final InetAddress address = ss.getInetAddress();
         Socket[] sockets = new Socket[NUM_THREADS];
         for (int i=0; i<NUM_THREADS; i++) {
-            sockets[i] = new Socket("localhost", port);
+            sockets[i] = address.isAnyLocalAddress()
+                         ? new Socket("localhost", port)
+                         : new Socket(address, port);
             try (Socket socket = ss.accept()) {}
         }
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/javax/security/sasl/Sasl/DisabledMechanisms.java	Fri May 10 09:07:53 2019 -0400
@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8200400
+ * @modules java.security.sasl
+ * @library /test/lib
+ * @run main/othervm DisabledMechanisms
+ *      DIGEST-MD5 DIGEST-MD5
+ * @run main/othervm -DdisabledMechanisms= DisabledMechanisms
+ *      DIGEST-MD5 DIGEST-MD5
+ * @run main/othervm -DdisabledMechanisms=DIGEST-MD5,NTLM DisabledMechanisms
+ *      null null
+ * @run main/othervm -DdisabledMechanisms=DIGEST-MD5 DisabledMechanisms
+ *      NTLM null
+ * @run main/othervm -DdisabledMechanisms=NTLM DisabledMechanisms
+ *      DIGEST-MD5 DIGEST-MD5
+ */
+
+import java.security.Security;
+import java.util.Collections;
+import java.util.Map;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.sasl.Sasl;
+import javax.security.sasl.SaslClient;
+import javax.security.sasl.SaslServer;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+
+import jdk.test.lib.Asserts;
+
+public class DisabledMechanisms {
+
+    public static void main(String[] args) throws Exception {
+
+        String authorizationId = "username";
+        String protocol = "ldap";
+        String serverName = "server1";
+        Map props = Collections.emptyMap();
+
+        String disabled = System.getProperty("disabledMechanisms");
+        if (disabled != null) {
+            Security.setProperty("jdk.sasl.disabledMechanisms", disabled);
+        }
+
+        CallbackHandler callbackHandler = callbacks -> {
+            for (Callback cb : callbacks) {
+                if (cb instanceof PasswordCallback) {
+                    ((PasswordCallback) cb).setPassword("password".toCharArray());
+                }
+            }
+        };
+
+        SaslClient client = Sasl.createSaslClient(
+                new String[]{"DIGEST-MD5", "NTLM"}, authorizationId,
+                protocol, serverName, props, callbackHandler);
+        Asserts.assertEQ(client == null ? null : client.getMechanismName(),
+                args[0].equals("null") ? null : args[0]);
+
+        SaslServer server = Sasl.createSaslServer(
+                "DIGEST-MD5", protocol, serverName, props, callbackHandler);
+        Asserts.assertEQ(server == null ? null : server.getMechanismName(),
+                args[1].equals("null") ? null : args[1]);
+    }
+}
--- a/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -253,7 +253,7 @@
         }
 
         // Generate CertPath with certsToValidate
-        ArrayList<X509Certificate> certs = new ArrayList();
+        ArrayList<X509Certificate> certs = new ArrayList<>();
         for (String cert : certsToValidate) {
             if (cert != null) {
                 certs.add(getCertificate(cert));
--- a/test/jdk/sun/net/ftp/FtpURLConnectionLeak.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/ftp/FtpURLConnectionLeak.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -32,17 +32,19 @@
 import java.io.FileNotFoundException;
 import java.io.InputStream;
 import java.io.OutputStream;
+import java.net.InetAddress;
 import java.net.URL;
 
 public class FtpURLConnectionLeak {
 
     public static void main(String[] args) throws Exception {
-        FtpServer server = new FtpServer(0);
+        InetAddress loopback = InetAddress.getLoopbackAddress();
+        FtpServer server = new FtpServer(loopback, 0);
         server.setFileSystemHandler(new CustomFileSystemHandler("/"));
         server.setAuthHandler(new MyAuthHandler());
-        int port = server.getLocalPort();
+        String authority = server.getAuthority();
         server.start();
-        URL url = new URL("ftp://localhost:" + port + "/filedoesNotExist.txt");
+        URL url = new URL("ftp://" + authority + "/filedoesNotExist.txt");
         try (server) {
             for (int i = 0; i < 3; i++) {
                 try {
--- a/test/jdk/sun/net/www/AuthHeaderTest.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/AuthHeaderTest.java	Fri May 10 09:07:53 2019 -0400
@@ -96,10 +96,11 @@
     public static void main (String[] args) throws Exception {
         MyAuthenticator auth = new MyAuthenticator ();
         Authenticator.setDefault (auth);
+        InetAddress loopback = InetAddress.getLoopbackAddress();
         try {
-            server = new TestHttpServer (new AuthHeaderTest(), 1, 10, 0);
-            System.out.println ("Server: listening on port: " + server.getLocalPort());
-            client ("http://localhost:"+server.getLocalPort()+"/d1/foo.html");
+            server = new TestHttpServer (new AuthHeaderTest(), 1, 10, loopback, 0);
+            System.out.println ("Server: listening on port: " + server.getAuthority());
+            client ("http://" + server.getAuthority() + "/d1/foo.html");
         } catch (Exception e) {
             if (server != null) {
                 server.terminate();
--- a/test/jdk/sun/net/www/ftptest/FtpServer.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/ftptest/FtpServer.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -59,6 +59,16 @@
      * connections on the specified port. If the port is set to 0, it will
      * automatically select an available ephemeral port.
      */
+    public FtpServer(InetAddress addr, int port) throws IOException {
+        listener = new ServerSocket();
+        listener.bind(new InetSocketAddress(addr, port));
+    }
+
+    /**
+     * Creates an instance of an FTP server which will listen for incoming
+     * connections on the specified port. If the port is set to 0, it will
+     * automatically select an available ephemeral port.
+     */
     public FtpServer(int port) throws IOException {
         listener = new ServerSocket(port);
     }
@@ -100,6 +110,17 @@
         return listener.getLocalPort();
     }
 
+    public String getAuthority() {
+        InetAddress address = listener.getInetAddress();
+        String hostaddr = address.isAnyLocalAddress()
+            ? "localhost" : address.getHostAddress();
+        if (hostaddr.indexOf(':') > -1) {
+            hostaddr = "[" + hostaddr + "]";
+        }
+        return hostaddr + ":" + getLocalPort();
+    }
+
+
     void addClient(Socket client) {
         FtpCommandHandler h = new FtpCommandHandler(client, this);
         h.setHandlers(fsh, auth);
--- a/test/jdk/sun/net/www/http/ChunkedInputStream/ChunkedEncodingTest.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/http/ChunkedInputStream/ChunkedEncodingTest.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 4333920
  * @modules jdk.httpserver
+ * @library /test/lib
  * @run main ChunkedEncodingTest
  * @summary ChunkedEncodingTest unit test
  */
@@ -36,6 +37,7 @@
 import com.sun.net.httpserver.HttpHandler;
 import com.sun.net.httpserver.HttpExchange;
 import static java.lang.System.out;
+import jdk.test.lib.net.URIBuilder;
 
 public class ChunkedEncodingTest{
     private static MessageDigest serverDigest, clientDigest;
@@ -61,7 +63,13 @@
 
             int port = server.getAddress().getPort();
             out.println ("Server listening on port: " + port);
-            client("http://localhost:" + port + "/chunked/");
+            String url = URIBuilder.newBuilder()
+                .scheme("http")
+                .host(server.getAddress().getAddress())
+                .port(port)
+                .path("/chunked/")
+                .build().toString();
+            client(url);
 
             if (!MessageDigest.isEqual(clientMac, serverMac)) {
                 throw new RuntimeException(
@@ -83,7 +91,8 @@
      * Http Server
      */
     static HttpServer startHttpServer() throws IOException {
-        HttpServer httpServer = HttpServer.create(new InetSocketAddress(0), 0);
+        InetAddress loopback = InetAddress.getLoopbackAddress();
+        HttpServer httpServer = HttpServer.create(new InetSocketAddress(loopback, 0), 0);
         HttpHandler httpHandler = new SimpleHandler();
         httpServer.createContext("/chunked/", httpHandler);
         httpServer.start();
--- a/test/jdk/sun/net/www/http/ChunkedInputStream/ChunkedEncodingWithProgressMonitorTest.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/http/ChunkedInputStream/ChunkedEncodingWithProgressMonitorTest.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -27,6 +27,7 @@
  * @summary ChunkedEncoding unit test; MeteredStream/ProgressData problem
  * @modules java.base/sun.net
  *          jdk.httpserver
+ * @library /test/lib
  * @run main ChunkedEncodingWithProgressMonitorTest
  */
 
--- a/test/jdk/sun/net/www/http/ChunkedInputStream/TestAvailable.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/http/ChunkedInputStream/TestAvailable.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 6446990
  * @modules jdk.httpserver
+ * @library /test/lib
  * @run main/othervm TestAvailable
  * @summary HttpURLConnection#available() reads more and more data into memory
  */
@@ -35,6 +36,7 @@
 import com.sun.net.httpserver.*;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ExecutorService;
+import jdk.test.lib.net.URIBuilder;
 
 public class TestAvailable
 {
@@ -60,7 +62,13 @@
         try {
             InetSocketAddress address = httpServer.getAddress();
 
-            URL url = new URL("http://localhost:" + address.getPort() + "/testAvailable/");
+            URL url = URIBuilder.newBuilder()
+                      .scheme("http")
+                      .host(address.getAddress())
+                      .port(address.getPort())
+                      .path("/testAvailable/")
+                      .toURLUnchecked();
+
             HttpURLConnection uc = (HttpURLConnection)url.openConnection();
 
             uc.setDoOutput(true);
@@ -102,7 +110,9 @@
      * Http Server
      */
     public void startHttpServer() throws IOException {
-        httpServer = com.sun.net.httpserver.HttpServer.create(new InetSocketAddress(0), 0);
+        InetAddress loopback = InetAddress.getLoopbackAddress();
+        InetSocketAddress sockaddr = new InetSocketAddress(loopback, 0);
+        httpServer = com.sun.net.httpserver.HttpServer.create(sockaddr, 0);
 
         // create HttpServer context
         HttpContext ctx = httpServer.createContext("/testAvailable/", new MyHandler());
--- a/test/jdk/sun/net/www/http/HttpClient/MultiThreadTest.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/http/HttpClient/MultiThreadTest.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2018, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -84,8 +84,8 @@
     byte[] b;
     int requests;
 
-    MultiThreadTest(int port, int requests) throws Exception {
-        uri = "http://localhost:" + port + "/foo.html";
+    MultiThreadTest(String authority, int requests) throws Exception {
+        uri = "http://" + authority + "/foo.html";
 
         b = new byte [256];
         this.requests = requests;
@@ -134,14 +134,16 @@
         }
 
         /* start the server */
-        ServerSocket ss = new ServerSocket(0);
+        InetAddress loopback = InetAddress.getLoopbackAddress();
+        ServerSocket ss = new ServerSocket();
+        ss.bind(new InetSocketAddress(loopback, 0));
         Server svr = new Server(ss);
         svr.start();
 
         Object lock = MultiThreadTest.getLock();
         synchronized (lock) {
             for (int i=0; i<threads; i++) {
-                MultiThreadTest t = new MultiThreadTest(ss.getLocalPort(), requests);
+                MultiThreadTest t = new MultiThreadTest(svr.getAuthority(), requests);
                 t.start ();
             }
             try {
@@ -185,6 +187,16 @@
             this.ss = ss;
         }
 
+        public String getAuthority() {
+            InetAddress address = ss.getInetAddress();
+            String hostaddr = address.isAnyLocalAddress()
+                ? "localhost" : address.getHostAddress();
+            if (hostaddr.indexOf(':') > -1) {
+                hostaddr = "[" + hostaddr + "]";
+            }
+            return hostaddr + ":" + ss.getLocalPort();
+        }
+
         public Queue<Worker> workers() {
             return workers;
         }
--- a/test/jdk/sun/net/www/http/HttpURLConnection/DigestAuth.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/http/HttpURLConnection/DigestAuth.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -29,6 +29,7 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.Authenticator;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.PasswordAuthentication;
 import java.net.URL;
@@ -54,7 +55,6 @@
  */
 public class DigestAuth {
 
-    static final String LOCALHOST = "localhost";
     static final String EXPECT_FAILURE = null;
     static final String EXPECT_DIGEST = "Digest";
     static final String REALM = "testrealm@host.com";
@@ -119,8 +119,7 @@
             AuthenticatorImpl auth = new AuthenticatorImpl();
             Authenticator.setDefault(auth);
 
-            String url = String.format("http://%s:%d/test/",
-                    LOCALHOST, server.getPort());
+            String url = String.format("http://%s/test/", server.getAuthority());
 
             boolean success = true;
             switch (testcase) {
@@ -322,6 +321,16 @@
             this.server = server;
         }
 
+        public String getAuthority() {
+            InetAddress address = server.getAddress().getAddress();
+            String hostaddr = address.isAnyLocalAddress()
+                ? "localhost" : address.getHostAddress();
+            if (hostaddr.indexOf(':') > -1) {
+                hostaddr = "[" + hostaddr + "]";
+            }
+            return hostaddr + ":" + getPort();
+        }
+
         void setWWWAuthHeader(String wwwAuthHeader) {
             this.wwwAuthHeader = wwwAuthHeader;
         }
@@ -331,8 +340,9 @@
         }
 
         static LocalHttpServer startServer() throws IOException {
+            InetAddress loopback = InetAddress.getLoopbackAddress();
             HttpServer httpServer = HttpServer.create(
-                    new InetSocketAddress(0), 0);
+                    new InetSocketAddress(loopback, 0), 0);
             LocalHttpServer localHttpServer = new LocalHttpServer(httpServer);
             localHttpServer.start();
 
@@ -342,7 +352,7 @@
         void start() {
             server.createContext("/test", this);
             server.start();
-            System.out.println("HttpServer: started on port " + getPort());
+            System.out.println("HttpServer: started on port " + getAuthority());
         }
 
         void stop() {
--- a/test/jdk/sun/net/www/protocol/http/6550798/test.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/protocol/http/6550798/test.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2010, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -43,14 +43,15 @@
     public static void main(String[] args)  throws Exception {
 
         TestCache.reset();
-        HttpServer s = HttpServer.create (new InetSocketAddress(0), 10);
-        s.createContext ("/", new HttpHandler () {
-            public void handle (HttpExchange e) {
+        InetAddress loopback = InetAddress.getLoopbackAddress();
+        HttpServer s = HttpServer.create(new InetSocketAddress(loopback, 0), 10);
+        s.createContext("/", new HttpHandler() {
+            public void handle(HttpExchange e) {
                 try {
                     byte[] buf = new byte [LEN];
                     OutputStream o = e.getResponseBody();
                     e.sendResponseHeaders(200, LEN);
-                    o.write (buf);
+                    o.write(buf);
                     e.close();
                 } catch (IOException ex) {
                     ex.printStackTrace();
@@ -91,10 +92,10 @@
         }
 
         if (TestCache.fail) {
-            System.out.println ("TEST FAILED");
-            throw new RuntimeException ();
+            System.out.println("TEST FAILED");
+            throw new RuntimeException();
         } else {
-            System.out.println ("TEST OK");
+            System.out.println("TEST OK");
         }
     }
 }
--- a/test/jdk/sun/net/www/protocol/http/CloseOptionHeader.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/net/www/protocol/http/CloseOptionHeader.java	Fri May 10 09:07:53 2019 -0400
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2019, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,6 +25,7 @@
  * @test
  * @bug 6189206
  * @modules java.base/sun.net.www
+ * @library /test/lib
  * @run main/othervm -Dhttp.keepAlive=false CloseOptionHeader
  * @summary  HTTP client should set "Connection: close" header in request when keepalive is disabled
  */
@@ -33,7 +34,7 @@
 import java.util.*;
 import java.io.*;
 import sun.net.www.MessageHeader;
-
+import jdk.test.lib.net.URIBuilder;
 
 public class CloseOptionHeader implements Runnable {
     static ServerSocket ss;
@@ -79,14 +80,20 @@
         Thread tester = new Thread(new CloseOptionHeader());
 
         /* start the server */
-        ss = new ServerSocket(0);
+        InetAddress loopback = InetAddress.getLoopbackAddress();
+        ss = new ServerSocket();
+        ss.bind(new InetSocketAddress(loopback, 0));
         tester.start();
 
         /* connect to the server just started
          * server then check the request to see whether
          * there is a close connection option header in it
          */
-        URL url = new URL("http://localhost:" + ss.getLocalPort());
+        URL url = URIBuilder.newBuilder()
+            .scheme("http")
+            .host(ss.getInetAddress())
+            .port(ss.getLocalPort())
+            .toURL();
         HttpURLConnection huc = (HttpURLConnection)url.openConnection();
         huc.connect();
         huc.getResponseCode();
--- a/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java	Fri May 10 09:05:29 2019 -0400
+++ b/test/jdk/sun/security/lib/cacerts/VerifyCACerts.java	Fri May 10 09:07:53 2019 -0400
@@ -32,8 +32,15 @@
 import java.io.FileInputStream;
 import java.security.KeyStore;
 import java.security.MessageDigest;
-import java.security.cert.*;
-import java.util.*;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
 
 public class VerifyCACerts {
 
@@ -45,8 +52,8 @@
     private static final int COUNT = 92;
 
     // map of cert alias to SHA-256 fingerprint
-    private static final Map<String, String> FINGERPRINT_MAP
-            = new HashMap<String, String>() {
+    @SuppressWarnings("serial")
+    private static final Map<String, String> FINGERPRINT_MAP = new HashMap<>() {
         {
             put("actalisauthenticationrootca [jdk]",
                     "55:92:60:84:EC:96:3A:64:B9:6E:2A:BE:01:CE:0B:A8:6A:64:FB:FE:BC:C7:AA:B5:AF:C1:55:B3:7F:D7:60:66");
@@ -237,6 +244,7 @@
 
     // Exception list to 90 days expiry policy
     // No error will be reported if certificate in this list expires
+    @SuppressWarnings("serial")
     private static final HashSet<String> EXPIRY_EXC_ENTRIES = new HashSet<>() {
         {
             // Valid until: Sat Jul 06 19:59:59 EDT 2019
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/sun/security/x509/URICertStore/CRLReadTimeout.java	Fri May 10 09:07:53 2019 -0400
@@ -0,0 +1,162 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8191808
+ * @summary check that CRL download is interrupted if it takes too long
+ * @library /test/lib
+ * @run main/othervm -Dcom.sun.security.crl.readtimeout=1 CRLReadTimeout
+ */
+
+import java.io.File;
+import java.io.InputStream;
+import java.io.IOException;
+import java.net.InetSocketAddress;
+import java.net.SocketTimeoutException;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CertPath;
+import java.security.cert.CertPathValidator;
+import java.security.cert.CertPathValidatorException;
+import java.security.cert.PKIXParameters;
+import java.security.cert.PKIXRevocationChecker;
+import static java.security.cert.PKIXRevocationChecker.Option.*;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509Certificate;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Set;
+import com.sun.net.httpserver.HttpServer;
+
+import jdk.test.lib.SecurityTools;
+import jdk.test.lib.process.OutputAnalyzer;
+
+public class CRLReadTimeout {
+
+    public static void main(String[] args) throws Exception {
+
+        String timeout = System.getProperty("com.sun.security.crl.readtimeout");
+        if (timeout == null) {
+            timeout = "15";
+        }
+        System.out.println("Testing timeout of " + timeout + " seconds");
+
+        CrlHttpServer crlServer = new CrlHttpServer(Integer.parseInt(timeout));
+        try {
+            crlServer.start();
+            testTimeout(crlServer.getPort());
+        } finally {
+            crlServer.stop();
+        }
+    }
+
+    private static void testTimeout(int port) throws Exception {
+
+        // create certificate chain with two certs, root and end-entity
+        keytool("-alias duke -dname CN=duke -genkey -keyalg RSA");
+        keytool("-alias root -dname CN=root -genkey -keyalg RSA");
+        keytool("-certreq -alias duke -file duke.req");
+        // set CRL URI to local server
+        keytool("-gencert -infile duke.req -alias root -rfc -outfile duke.cert "
+                + "-ext crl=uri:http://localhost:" + port + "/crl");
+        keytool("-importcert -file duke.cert -alias duke");
+
+        KeyStore ks = KeyStore.getInstance(new File("ks"),
+                                           "changeit".toCharArray());
+        X509Certificate cert = (X509Certificate)ks.getCertificate("duke");
+        X509Certificate root = (X509Certificate)ks.getCertificate("root");
+
+        // validate chain
+        CertPathValidator cpv = CertPathValidator.getInstance("PKIX");
+        PKIXRevocationChecker prc =
+            (PKIXRevocationChecker)cpv.getRevocationChecker();
+        prc.setOptions(EnumSet.of(PREFER_CRLS, NO_FALLBACK, SOFT_FAIL));
+        PKIXParameters params =
+            new PKIXParameters(Set.of(new TrustAnchor(root, null)));
+        params.addCertPathChecker(prc);
+        CertificateFactory cf = CertificateFactory.getInstance("X.509");
+        CertPath cp = cf.generateCertPath(List.of(cert));
+        cpv.validate(cp, params);
+
+        // unwrap soft fail exceptions and check for SocketTimeoutException
+        boolean expected = false;
+        for (CertPathValidatorException softFail:prc.getSoftFailExceptions()) {
+            Throwable cause = softFail.getCause();
+            while (cause != null) {
+                if (cause instanceof SocketTimeoutException) {
+                    expected = true;
+                    break;
+                }
+                cause = cause.getCause();
+            }
+            if (expected) {
+                break;
+            }
+        }
+        if (!expected) {
+            throw new Exception("SocketTimeoutException not thrown");
+        }
+    }
+
+    private static OutputAnalyzer keytool(String cmd) throws Exception {
+        return SecurityTools.keytool("-storepass changeit "
+                + "-keystore ks " + cmd);
+    }
+
+    private static class CrlHttpServer {
+
+        private final HttpServer server;
+        private final int timeout;
+
+        public CrlHttpServer(int timeout) throws IOException {
+            server = HttpServer.create();
+            this.timeout = timeout;
+        }
+
+        public void start() throws IOException {
+            server.bind(new InetSocketAddress(0), 0);
+            server.createContext("/", t -> {
+                try (InputStream is = t.getRequestBody()) {
+                    is.readAllBytes();
+                }
+                try {
+                    // sleep for 2 seconds longer to force timeout
+                    Thread.sleep((timeout + 2)*1000);
+                } catch (InterruptedException ie) {
+                    throw new IOException(ie);
+                }
+            });
+            server.setExecutor(null);
+            server.start();
+        }
+
+        public void stop() {
+            server.stop(0);
+        }
+
+        int getPort() {
+            return server.getAddress().getPort();
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/langtools/tools/javac/T8222251/PreflowNotVisitingLambdaExpTest.java	Fri May 10 09:07:53 2019 -0400
@@ -0,0 +1,64 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8222251
+ * @summary preflow visitor is not visiting lambda expressions
+ * @compile PreflowNotVisitingLambdaExpTest.java
+ */
+
+public class PreflowNotVisitingLambdaExpTest {
+    interface HandleCallback<T, X extends Exception> {
+        T withHandle(Handle handle) throws X;
+    }
+
+    interface HandleConsumer<X extends Exception> {
+        void useHandle(Handle handle) throws X;
+    }
+
+    interface Handle {}
+
+    interface Jdbi {
+        <R, X extends Exception> R withHandle(HandleCallback<R, X> callback) throws X;
+        <X extends Exception> void useHandle(final HandleConsumer<X> callback) throws X;
+    }
+
+    interface ObjectAssert<ACTUAL> {
+        void isSameAs(ACTUAL t);
+    }
+
+    static <T> ObjectAssert<T> assertThat(T actual) {
+        return null;
+    }
+
+    private Jdbi jdbi;
+
+    public void nestedUseHandle() {
+        jdbi.withHandle(h1 -> {
+            jdbi.useHandle(h2 ->
+                    assertThat(h1).isSameAs(h2));
+            return null;
+        });
+    }
+}