changeset 12698:f65605f4719b

Merge
author ddehaven
date Tue, 25 Aug 2015 14:32:08 -0700
parents d3ed8a8388b1 7abcba76f5e6
children ff6197f18756
files make/copy/Copy-jdk.hprof.agent.gmk make/launcher/Launcher-jdk.scripting.nashorn.gmk make/lib/Lib-jdk.hprof.agent.gmk make/mapfiles/libhprof/mapfile-vers make/mapfiles/libjava_crw_demo/mapfile-vers src/jdk.deploy.osx/macosx/classes/apple/security/AppleProvider.java src/jdk.deploy.osx/macosx/classes/apple/security/KeychainStore.java src/jdk.deploy.osx/macosx/native/libosx/KeystoreImpl.m src/jdk.hprof.agent/aix/native/libhprof/porting_aix.c src/jdk.hprof.agent/aix/native/libhprof/porting_aix.h src/jdk.hprof.agent/share/classes/com/sun/demo/jvmti/hprof/Tracker.java src/jdk.hprof.agent/share/native/libhprof/README.txt src/jdk.hprof.agent/share/native/libhprof/debug_malloc.c src/jdk.hprof.agent/share/native/libhprof/debug_malloc.h src/jdk.hprof.agent/share/native/libhprof/hprof.h src/jdk.hprof.agent/share/native/libhprof/hprof_b_spec.h src/jdk.hprof.agent/share/native/libhprof/hprof_blocks.c src/jdk.hprof.agent/share/native/libhprof/hprof_blocks.h src/jdk.hprof.agent/share/native/libhprof/hprof_check.c src/jdk.hprof.agent/share/native/libhprof/hprof_check.h src/jdk.hprof.agent/share/native/libhprof/hprof_class.c src/jdk.hprof.agent/share/native/libhprof/hprof_class.h src/jdk.hprof.agent/share/native/libhprof/hprof_cpu.c src/jdk.hprof.agent/share/native/libhprof/hprof_cpu.h src/jdk.hprof.agent/share/native/libhprof/hprof_error.c src/jdk.hprof.agent/share/native/libhprof/hprof_error.h src/jdk.hprof.agent/share/native/libhprof/hprof_event.c src/jdk.hprof.agent/share/native/libhprof/hprof_event.h src/jdk.hprof.agent/share/native/libhprof/hprof_frame.c src/jdk.hprof.agent/share/native/libhprof/hprof_frame.h src/jdk.hprof.agent/share/native/libhprof/hprof_init.c src/jdk.hprof.agent/share/native/libhprof/hprof_init.h src/jdk.hprof.agent/share/native/libhprof/hprof_io.c src/jdk.hprof.agent/share/native/libhprof/hprof_io.h src/jdk.hprof.agent/share/native/libhprof/hprof_ioname.c src/jdk.hprof.agent/share/native/libhprof/hprof_ioname.h src/jdk.hprof.agent/share/native/libhprof/hprof_listener.c src/jdk.hprof.agent/share/native/libhprof/hprof_listener.h src/jdk.hprof.agent/share/native/libhprof/hprof_loader.c src/jdk.hprof.agent/share/native/libhprof/hprof_loader.h src/jdk.hprof.agent/share/native/libhprof/hprof_md.h src/jdk.hprof.agent/share/native/libhprof/hprof_monitor.c src/jdk.hprof.agent/share/native/libhprof/hprof_monitor.h src/jdk.hprof.agent/share/native/libhprof/hprof_object.c src/jdk.hprof.agent/share/native/libhprof/hprof_object.h src/jdk.hprof.agent/share/native/libhprof/hprof_reference.c src/jdk.hprof.agent/share/native/libhprof/hprof_reference.h src/jdk.hprof.agent/share/native/libhprof/hprof_site.c src/jdk.hprof.agent/share/native/libhprof/hprof_site.h src/jdk.hprof.agent/share/native/libhprof/hprof_stack.c src/jdk.hprof.agent/share/native/libhprof/hprof_stack.h src/jdk.hprof.agent/share/native/libhprof/hprof_string.c src/jdk.hprof.agent/share/native/libhprof/hprof_string.h src/jdk.hprof.agent/share/native/libhprof/hprof_table.c src/jdk.hprof.agent/share/native/libhprof/hprof_table.h src/jdk.hprof.agent/share/native/libhprof/hprof_tag.c src/jdk.hprof.agent/share/native/libhprof/hprof_tag.h src/jdk.hprof.agent/share/native/libhprof/hprof_tls.c src/jdk.hprof.agent/share/native/libhprof/hprof_tls.h src/jdk.hprof.agent/share/native/libhprof/hprof_trace.c src/jdk.hprof.agent/share/native/libhprof/hprof_trace.h src/jdk.hprof.agent/share/native/libhprof/hprof_tracker.c src/jdk.hprof.agent/share/native/libhprof/hprof_tracker.h src/jdk.hprof.agent/share/native/libhprof/hprof_util.c src/jdk.hprof.agent/share/native/libhprof/hprof_util.h src/jdk.hprof.agent/share/native/libhprof/jvm.hprof.txt src/jdk.hprof.agent/share/native/libhprof/manual.html src/jdk.hprof.agent/unix/native/libhprof/hprof_md.c src/jdk.hprof.agent/windows/native/libhprof/hprof_md.c
diffstat 195 files changed, 5047 insertions(+), 26156 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Tue Aug 25 13:03:08 2015 +0300
+++ b/.hgtags	Tue Aug 25 14:32:08 2015 -0700
@@ -320,3 +320,4 @@
 4dd09cb5f7c2a2a23a9958ea7a602dd74d5709b2 jdk9-b75
 4526c0da8fb362eebd7e88f4d44e86858cf9b80b jdk9-b76
 7fd081100f48828431e7c1bff65c906ee759069b jdk9-b77
+0940ce86c614458f5bdd72278b190abbf36b7b45 jdk9-b78
--- a/make/copy/Copy-jdk.hprof.agent.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,37 +0,0 @@
-#
-# Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include CopyCommon.gmk
-
-################################################################################
-
-HPROF_SRC := $(JDK_TOPDIR)/src/jdk.hprof.agent/share/native/libhprof/jvm.hprof.txt
-
-$(LIB_DST_DIR)/jvm.hprof.txt: $(HPROF_SRC)
-	$(call install-file)
-
-TARGETS := $(LIB_DST_DIR)/jvm.hprof.txt
-
-################################################################################
--- a/make/launcher/Launcher-java.base.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ b/make/launcher/Launcher-java.base.gmk	Tue Aug 25 14:32:08 2015 -0700
@@ -31,7 +31,7 @@
 # into another dir and copy selectively so debuginfo for java.dll isn't
 # overwritten.
 $(eval $(call SetupLauncher,java, \
-    -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \
+    -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES,,,user32.lib comctl32.lib, \
     $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/jli_static.lib, $(JAVA_RC_FLAGS), \
     $(JAVA_VERSION_INFO_RESOURCE), $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/java_objs,true))
 
@@ -44,7 +44,7 @@
 
 ifeq ($(OPENJDK_TARGET_OS), windows)
   $(eval $(call SetupLauncher,javaw, \
-      -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS,,,user32.lib comctl32.lib, \
+      -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES,,,user32.lib comctl32.lib, \
       $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/jli_static.lib, $(JAVA_RC_FLAGS), \
       $(JAVA_VERSION_INFO_RESOURCE),,true))
 endif
--- a/make/launcher/Launcher-jdk.scripting.nashorn.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,30 +0,0 @@
-#
-# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include LauncherCommon.gmk
-
-$(eval $(call SetupLauncher,jjs, \
-    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "jdk.nashorn.tools.jjs.Main"$(COMMA) }'))
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/launcher/Launcher-jdk.scripting.nashorn.shell.gmk	Tue Aug 25 14:32:08 2015 -0700
@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LauncherCommon.gmk
+
+$(eval $(call SetupLauncher,jjs, \
+    -DJAVA_ARGS='{ "-J-ms8m"$(COMMA) "jdk.nashorn.tools.jjs.Main"$(COMMA) }'))
+
--- a/make/lib/CoreLibraries.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ b/make/lib/CoreLibraries.gmk	Tue Aug 25 14:32:08 2015 -0700
@@ -330,6 +330,13 @@
         -export:JLI_CmdToArgs \
         -export:JLI_GetStdArgc \
         -export:JLI_GetStdArgs \
+        -export:JLI_List_new \
+        -export:JLI_List_add \
+        -export:JLI_StringDup \
+        -export:JLI_MemFree \
+        -export:JLI_InitArgProcessing \
+        -export:JLI_PreprocessArg \
+        -export:JLI_GetAppArgIndex \
         advapi32.lib \
         comctl32.lib \
         user32.lib, \
--- a/make/lib/Lib-java.base.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ b/make/lib/Lib-java.base.gmk	Tue Aug 25 14:32:08 2015 -0700
@@ -32,3 +32,4 @@
 include CoreLibraries.gmk
 include NetworkingLibraries.gmk
 include NioLibraries.gmk
+include SecurityLibraries.gmk
--- a/make/lib/Lib-jdk.deploy.osx.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ b/make/lib/Lib-jdk.deploy.osx.gmk	Tue Aug 25 14:32:08 2015 -0700
@@ -80,7 +80,6 @@
           -framework ApplicationServices \
           -framework JavaNativeFoundation \
           -framework JavaRuntimeSupport \
-          -framework Security \
           -framework SystemConfiguration \
           $(LDFLAGS_JDKLIB_SUFFIX), \
       OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libosx, \
--- a/make/lib/Lib-jdk.hprof.agent.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,94 +0,0 @@
-#
-# Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-include LibCommon.gmk
-
-################################################################################
-
-BUILD_LIBHPROF_SRC := $(call FindSrcDirsForLib, jdk.hprof.agent, hprof)
-
-BUILD_LIBHPROF_CFLAGS := $(addprefix -I, $(BUILD_LIBHPROF_SRC)) \
-    -I$(JDK_TOPDIR)/src/demo/share/jvmti/java_crw_demo
-
-BUILD_LIBHPROF_LDFLAGS :=
-
-LIBHPROF_OPTIMIZATION := HIGHEST
-ifneq ($(findstring $(OPENJDK_TARGET_OS), solaris linux), )
-  ifeq ($(ENABLE_DEBUG_SYMBOLS), true)
-    LIBHPROF_OPTIMIZATION := LOW
-  endif
-endif
-
-$(eval $(call SetupNativeCompilation,BUILD_LIBHPROF, \
-    LIBRARY := hprof, \
-    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
-    SRC := $(BUILD_LIBHPROF_SRC), \
-    OPTIMIZATION := $(LIBHPROF_OPTIMIZATION), \
-    CFLAGS := $(CFLAGS_JDKLIB) \
-        $(BUILD_LIBHPROF_CFLAGS), \
-    CFLAGS_debug := -DHPROF_LOGGING, \
-    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libhprof/mapfile-vers, \
-    LDFLAGS := $(LDFLAGS_JDKLIB) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_windows := wsock32.lib winmm.lib advapi32.lib, \
-    LDFLAGS_SUFFIX_linux := $(LIBDL), \
-    LDFLAGS_SUFFIX_macosx := $(LIBDL), \
-    LDFLAGS_SUFFIX_solaris := -lsocket -lnsl $(LIBDL) -lc, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=hprof.dll" \
-        -D "JDK_INTERNAL_NAME=hprof" \
-        -D "JDK_FTYPE=0x2L", \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libhprof_jvmti, \
-    DEBUG_SYMBOLS := true))
-
-TARGETS += $(BUILD_LIBHPROF)
-
-################################################################################
-
-LIBJAVA_CRW_DEMO_SRC := $(JDK_TOPDIR)/src/demo/share/jvmti/java_crw_demo
-
-$(eval $(call SetupNativeCompilation,BUILD_LIBJAVA_CRW_DEMO, \
-    LIBRARY := java_crw_demo, \
-    OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
-    SRC := $(LIBJAVA_CRW_DEMO_SRC), \
-    OPTIMIZATION := LOW, \
-    CFLAGS := $(CFLAGS_JDKLIB) \
-        $(addprefix -I, $(LIBJAVA_CRW_DEMO_SRC)), \
-    MAPFILE := $(JDK_TOPDIR)/make/mapfiles/libjava_crw_demo/mapfile-vers, \
-    LDFLAGS := $(LDFLAGS_JDKLIB) \
-        $(call SET_SHARED_LIBRARY_ORIGIN), \
-    LDFLAGS_SUFFIX_solaris := -lc, \
-    VERSIONINFO_RESOURCE := $(GLOBAL_VERSION_INFO_RESOURCE), \
-    RC_FLAGS := $(RC_FLAGS) \
-        -D "JDK_FNAME=java_crw_demo.dll" \
-        -D "JDK_INTERNAL_NAME=java_crw_demo" \
-        -D "JDK_FTYPE=0x2L", \
-    OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libjava_crw_demo, \
-    DEBUG_SYMBOLS := true))
-
-TARGETS += $(BUILD_LIBJAVA_CRW_DEMO)
-
-################################################################################
--- a/make/lib/NioLibraries.gmk	Tue Aug 25 13:03:08 2015 +0300
+++ b/make/lib/NioLibraries.gmk	Tue Aug 25 14:32:08 2015 -0700
@@ -69,9 +69,6 @@
     OPTIMIZATION := HIGH, \
     CFLAGS := $(CFLAGS_JDKLIB) \
         $(BUILD_LIBNIO_CFLAGS), \
-    DISABLED_WARNINGS_gcc := type-limits, \
-    DISABLED_WARNINGS_clang := tautological-compare, \
-    DISABLED_WARNINGS_microsoft := 4244 4996, \
     MAPFILE := $(BUILD_LIBNIO_MAPFILE), \
     LDFLAGS := $(LDFLAGS_JDKLIB) $(BUILD_LIBNIO_LDFLAGS) \
         $(call SET_SHARED_LIBRARY_ORIGIN), \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/make/lib/SecurityLibraries.gmk	Tue Aug 25 14:32:08 2015 -0700
@@ -0,0 +1,63 @@
+#
+# Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.  Oracle designates this
+# particular file as subject to the "Classpath" exception as provided
+# by Oracle in the LICENSE file that accompanied this code.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+include LibCommon.gmk
+
+ifeq ($(OPENJDK_TARGET_OS), macosx)
+
+  ################################################################################
+
+  LIBOSXSECURITY_DIRS := $(JDK_TOPDIR)/src/java.base/macosx/native/libosxsecurity
+  LIBOSXSECURITY_CFLAGS := -I$(LIBOSXSECURITY_DIRS) \
+      $(LIBJAVA_HEADER_FLAGS) \
+      -I$(SUPPORT_OUTPUTDIR)/headers/java.base \
+
+  $(eval $(call SetupNativeCompilation,BUILD_LIBOSXSECURITY, \
+      LIBRARY := osxsecurity, \
+      OUTPUT_DIR := $(INSTALL_LIBRARIES_HERE), \
+      SRC := $(LIBOSXSECURITY_DIRS), \
+      OPTIMIZATION := LOW, \
+      CFLAGS := $(CFLAGS_JDKLIB) \
+          $(LIBOSXSECURITY_CFLAGS), \
+      DISABLED_WARNINGS_clang := deprecated-declarations, \
+      LDFLAGS := $(LDFLAGS_JDKLIB) \
+          -L$(SUPPORT_OUTPUTDIR)/modules_libs/java.base \
+          $(call SET_SHARED_LIBRARY_ORIGIN), \
+      LDFLAGS_SUFFIX_macosx := \
+          -fobjc-link-runtime \
+          -framework JavaNativeFoundation \
+          -framework CoreServices \
+          -framework Security \
+          $(LDFLAGS_JDKLIB_SUFFIX), \
+      OBJECT_DIR := $(SUPPORT_OUTPUTDIR)/native/$(MODULE)/libosxsecurity, \
+      DEBUG_SYMBOLS := $(DEBUG_ALL_BINARIES)))
+
+  $(BUILD_LIBOSXSECURITY): $(BUILD_LIBJAVA)
+
+  TARGETS += $(BUILD_LIBOSXSECURITY)
+
+  ################################################################################
+
+endif
--- a/make/mapfiles/libhprof/mapfile-vers	Tue Aug 25 13:03:08 2015 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-#
-# Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# Define public interface.
-
-SUNWprivate_1.1 {
-	global:
-	    Agent_OnLoad;
-	    Agent_OnUnload;
-	local:
-	    *;
-};
--- a/make/mapfiles/libjava_crw_demo/mapfile-vers	Tue Aug 25 13:03:08 2015 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,34 +0,0 @@
-#
-# Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-# Define public interface.
-
-SUNWprivate_1.1 {
-	global:
-	    java_crw_demo;
-	    java_crw_demo_classname;
-	local:
-	    *;
-};
--- a/make/mapfiles/libjli/mapfile-vers	Tue Aug 25 13:03:08 2015 +0300
+++ b/make/mapfiles/libjli/mapfile-vers	Tue Aug 25 14:32:08 2015 -0700
@@ -36,6 +36,13 @@
 		JLI_ReportExceptionDescription;
 		JLI_GetStdArgs;
 		JLI_GetStdArgc;
+		JLI_List_new;
+		JLI_List_add;
+		JLI_StringDup;
+		JLI_MemFree;
+		JLI_InitArgProcessing;
+		JLI_PreprocessArg;
+		JLI_GetAppArgIndex;
 
 	local:
 		*;
--- a/make/src/classes/build/tools/module/boot.modules	Tue Aug 25 13:03:08 2015 +0300
+++ b/make/src/classes/build/tools/module/boot.modules	Tue Aug 25 14:32:08 2015 -0700
@@ -19,7 +19,6 @@
 jdk.charsets
 jdk.deploy
 jdk.deploy.osx
-jdk.hprof.agent
 jdk.httpserver
 jdk.jfr
 jdk.management
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/macosx/classes/apple/security/AppleProvider.java	Tue Aug 25 14:32:08 2015 -0700
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package apple.security;
+
+import java.security.*;
+
+/**
+ * The Apple Security Provider.
+ */
+
+/**
+ * Defines the Apple provider.
+ *
+ * This provider only exists to provide access to the Apple keychain-based KeyStore implementation
+ */
+@SuppressWarnings("serial") // JDK implementation class
+public final class AppleProvider extends Provider {
+
+    private static final String info = "Apple Provider";
+
+    private static final class ProviderService extends Provider.Service {
+        ProviderService(Provider p, String type, String algo, String cn) {
+            super(p, type, algo, cn, null, null);
+        }
+
+        @Override
+        public Object newInstance(Object ctrParamObj)
+            throws NoSuchAlgorithmException {
+            String type = getType();
+            if (ctrParamObj != null) {
+                throw new InvalidParameterException
+                    ("constructorParameter not used with " + type + " engines");
+            }
+
+            String algo = getAlgorithm();
+            try {
+                if (type.equals("KeyStore")) {
+                    if (algo.equals("KeychainStore")) {
+                        return new KeychainStore();
+                    }
+                }
+            } catch (Exception ex) {
+                throw new NoSuchAlgorithmException("Error constructing " +
+                    type + " for " + algo + " using Apple", ex);
+            }
+            throw new ProviderException("No impl for " + algo +
+                " " + type);
+        }
+    }
+
+
+    public AppleProvider() {
+        /* We are the Apple provider */
+        super("Apple", 1.9d, info);
+
+        final Provider p = this;
+        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            public Void run() {
+                putService(new ProviderService(p, "KeyStore",
+                           "KeychainStore", "apple.security.KeychainStore"));
+                return null;
+            }
+        });
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/macosx/classes/apple/security/KeychainStore.java	Tue Aug 25 14:32:08 2015 -0700
@@ -0,0 +1,1149 @@
+/*
+ * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package apple.security;
+
+import java.io.*;
+import java.security.*;
+import java.security.cert.*;
+import java.security.cert.Certificate;
+import java.security.spec.*;
+import java.util.*;
+
+import javax.crypto.*;
+import javax.crypto.spec.*;
+import javax.security.auth.x500.*;
+
+import sun.security.pkcs.*;
+import sun.security.pkcs.EncryptedPrivateKeyInfo;
+import sun.security.util.*;
+import sun.security.x509.*;
+
+/**
+ * This class provides the keystore implementation referred to as "KeychainStore".
+ * It uses the current user's keychain as its backing storage, and does NOT support
+ * a file-based implementation.
+ */
+
+public final class KeychainStore extends KeyStoreSpi {
+
+    // Private keys and their supporting certificate chains
+    // If a key came from the keychain it has a SecKeyRef and one or more
+    // SecCertificateRef.  When we delete the key we have to delete all of the corresponding
+    // native objects.
+    class KeyEntry {
+        Date date; // the creation date of this entry
+        byte[] protectedPrivKey;
+        char[] password;
+        long keyRef;  // SecKeyRef for this key
+        Certificate chain[];
+        long chainRefs[];  // SecCertificateRefs for this key's chain.
+    };
+
+    // Trusted certificates
+    class TrustedCertEntry {
+        Date date; // the creation date of this entry
+
+        Certificate cert;
+        long certRef;  // SecCertificateRef for this key
+    };
+
+    /**
+     * Entries that have been deleted.  When something calls engineStore we'll
+     * remove them from the keychain.
+     */
+    private Hashtable<String, Object> deletedEntries = new Hashtable<>();
+
+    /**
+     * Entries that have been added.  When something calls engineStore we'll
+     * add them to the keychain.
+     */
+    private Hashtable<String, Object> addedEntries = new Hashtable<>();
+
+    /**
+     * Private keys and certificates are stored in a hashtable.
+     * Hash entries are keyed by alias names.
+     */
+    private Hashtable<String, Object> entries = new Hashtable<>();
+
+    /**
+     * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
+     */
+    private static final int keyBag[]  = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
+    private static final int pbeWithSHAAnd3KeyTripleDESCBC[] =     {1, 2, 840, 113549, 1, 12, 1, 3};
+    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
+    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
+
+    /**
+     * Constnats used in PBE decryption.
+     */
+    private static final int iterationCount = 1024;
+    private static final int SALT_LEN = 20;
+
+    static {
+        AccessController.doPrivileged(
+            new PrivilegedAction<Void>() {
+                public Void run() {
+                    System.loadLibrary("osxsecurity");
+                    return null;
+                }
+            });
+        try {
+            PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
+            pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
+        } catch (IOException ioe) {
+            // should not happen
+        }
+    }
+
+    private static void permissionCheck() {
+        SecurityManager sec = System.getSecurityManager();
+
+        if (sec != null) {
+            sec.checkPermission(new RuntimePermission("useKeychainStore"));
+        }
+    }
+
+
+    /**
+     * Verify the Apple provider in the constructor.
+     *
+     * @exception SecurityException if fails to verify
+     * its own integrity
+     */
+    public KeychainStore() { }
+
+    /**
+        * Returns the key associated with the given alias, using the given
+     * password to recover it.
+     *
+     * @param alias the alias name
+     * @param password the password for recovering the key. This password is
+     *        used internally as the key is exported in a PKCS12 format.
+     *
+     * @return the requested key, or null if the given alias does not exist
+     * or does not identify a <i>key entry</i>.
+     *
+     * @exception NoSuchAlgorithmException if the algorithm for recovering the
+     * key cannot be found
+     * @exception UnrecoverableKeyException if the key cannot be recovered
+     * (e.g., the given password is wrong).
+     */
+    public Key engineGetKey(String alias, char[] password)
+        throws NoSuchAlgorithmException, UnrecoverableKeyException
+    {
+        permissionCheck();
+
+        // An empty password is rejected by MacOS API, no private key data
+        // is exported. If no password is passed (as is the case when
+        // this implementation is used as browser keystore in various
+        // deployment scenarios like Webstart, JFX and applets), create
+        // a dummy password so MacOS API is happy.
+        if (password == null || password.length == 0) {
+            // Must not be a char array with only a 0, as this is an empty
+            // string.
+            if (random == null) {
+                random = new SecureRandom();
+            }
+            password = Long.toString(random.nextLong()).toCharArray();
+        }
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry == null || !(entry instanceof KeyEntry)) {
+            return null;
+        }
+
+        // This call gives us a PKCS12 bag, with the key inside it.
+        byte[] exportedKeyInfo = _getEncodedKeyData(((KeyEntry)entry).keyRef, password);
+        if (exportedKeyInfo == null) {
+            return null;
+        }
+
+        PrivateKey returnValue = null;
+
+        try {
+            byte[] pkcs8KeyData = fetchPrivateKeyFromBag(exportedKeyInfo);
+            byte[] encryptedKey;
+            AlgorithmParameters algParams;
+            ObjectIdentifier algOid;
+            try {
+                // get the encrypted private key
+                EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(pkcs8KeyData);
+                encryptedKey = encrInfo.getEncryptedData();
+
+                // parse Algorithm parameters
+                DerValue val = new DerValue(encrInfo.getAlgorithm().encode());
+                DerInputStream in = val.toDerInputStream();
+                algOid = in.getOID();
+                algParams = parseAlgParameters(in);
+
+            } catch (IOException ioe) {
+                UnrecoverableKeyException uke =
+                new UnrecoverableKeyException("Private key not stored as "
+                                              + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
+                uke.initCause(ioe);
+                throw uke;
+            }
+
+            // Use JCE to decrypt the data using the supplied password.
+            SecretKey skey = getPBEKey(password);
+            Cipher cipher = Cipher.getInstance(algOid.toString());
+            cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
+            byte[] decryptedPrivateKey = cipher.doFinal(encryptedKey);
+            PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(decryptedPrivateKey);
+
+             // Parse the key algorithm and then use a JCA key factory to create the private key.
+            DerValue val = new DerValue(decryptedPrivateKey);
+            DerInputStream in = val.toDerInputStream();
+
+            // Ignore this -- version should be 0.
+            int i = in.getInteger();
+
+            // Get the Algorithm ID next
+            DerValue[] value = in.getSequence(2);
+            AlgorithmId algId = new AlgorithmId(value[0].getOID());
+            String algName = algId.getName();
+
+            // Get a key factory for this algorithm.  It's likely to be 'RSA'.
+            KeyFactory kfac = KeyFactory.getInstance(algName);
+            returnValue = kfac.generatePrivate(kspec);
+        } catch (Exception e) {
+            UnrecoverableKeyException uke =
+            new UnrecoverableKeyException("Get Key failed: " +
+                                          e.getMessage());
+            uke.initCause(e);
+            throw uke;
+        }
+
+        return returnValue;
+    }
+
+    private native byte[] _getEncodedKeyData(long secKeyRef, char[] password);
+
+    /**
+     * Returns the certificate chain associated with the given alias.
+     *
+     * @param alias the alias name
+     *
+     * @return the certificate chain (ordered with the user's certificate first
+                                      * and the root certificate authority last), or null if the given alias
+     * does not exist or does not contain a certificate chain (i.e., the given
+                                                               * alias identifies either a <i>trusted certificate entry</i> or a
+                                                               * <i>key entry</i> without a certificate chain).
+     */
+    public Certificate[] engineGetCertificateChain(String alias) {
+        permissionCheck();
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry != null && entry instanceof KeyEntry) {
+            if (((KeyEntry)entry).chain == null) {
+                return null;
+            } else {
+                return ((KeyEntry)entry).chain.clone();
+            }
+        } else {
+            return null;
+        }
+    }
+
+    /**
+     * Returns the certificate associated with the given alias.
+     *
+     * <p>If the given alias name identifies a
+     * <i>trusted certificate entry</i>, the certificate associated with that
+     * entry is returned. If the given alias name identifies a
+     * <i>key entry</i>, the first element of the certificate chain of that
+     * entry is returned, or null if that entry does not have a certificate
+     * chain.
+     *
+     * @param alias the alias name
+     *
+     * @return the certificate, or null if the given alias does not exist or
+     * does not contain a certificate.
+     */
+    public Certificate engineGetCertificate(String alias) {
+        permissionCheck();
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry != null) {
+            if (entry instanceof TrustedCertEntry) {
+                return ((TrustedCertEntry)entry).cert;
+            } else {
+                KeyEntry ke = (KeyEntry)entry;
+                if (ke.chain == null || ke.chain.length == 0) {
+                    return null;
+                }
+                return ke.chain[0];
+            }
+        } else {
+            return null;
+        }
+    }
+
+    /**
+        * Returns the creation date of the entry identified by the given alias.
+     *
+     * @param alias the alias name
+     *
+     * @return the creation date of this entry, or null if the given alias does
+     * not exist
+     */
+    public Date engineGetCreationDate(String alias) {
+        permissionCheck();
+
+        Object entry = entries.get(alias.toLowerCase());
+
+        if (entry != null) {
+            if (entry instanceof TrustedCertEntry) {
+                return new Date(((TrustedCertEntry)entry).date.getTime());
+            } else {
+                return new Date(((KeyEntry)entry).date.getTime());
+            }
+        } else {
+            return null;
+        }
+    }
+
+    /**
+        * Assigns the given key to the given alias, protecting it with the given
+     * password.
+     *
+     * <p>If the given key is of type <code>java.security.PrivateKey</code>,
+     * it must be accompanied by a certificate chain certifying the
+     * corresponding public key.
+     *
+     * <p>If the given alias already exists, the keystore information
+     * associated with it is overridden by the given key (and possibly
+                                                          * certificate chain).
+     *
+     * @param alias the alias name
+     * @param key the key to be associated with the alias
+     * @param password the password to protect the key
+     * @param chain the certificate chain for the corresponding public
+     * key (only required if the given key is of type
+            * <code>java.security.PrivateKey</code>).
+     *
+     * @exception KeyStoreException if the given key cannot be protected, or
+     * this operation fails for some other reason
+     */
+    public void engineSetKeyEntry(String alias, Key key, char[] password,
+                                  Certificate[] chain)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+            try {
+                KeyEntry entry = new KeyEntry();
+                entry.date = new Date();
+
+                if (key instanceof PrivateKey) {
+                    if ((key.getFormat().equals("PKCS#8")) ||
+                        (key.getFormat().equals("PKCS8"))) {
+                        entry.protectedPrivKey = encryptPrivateKey(key.getEncoded(), password);
+                        entry.password = password.clone();
+                    } else {
+                        throw new KeyStoreException("Private key is not encoded as PKCS#8");
+                    }
+                } else {
+                    throw new KeyStoreException("Key is not a PrivateKey");
+                }
+
+                // clone the chain
+                if (chain != null) {
+                    if ((chain.length > 1) && !validateChain(chain)) {
+                        throw new KeyStoreException("Certificate chain does not validate");
+                    }
+
+                    entry.chain = chain.clone();
+                    entry.chainRefs = new long[entry.chain.length];
+                }
+
+                String lowerAlias = alias.toLowerCase();
+                if (entries.get(lowerAlias) != null) {
+                    deletedEntries.put(lowerAlias, entries.get(lowerAlias));
+                }
+
+                entries.put(lowerAlias, entry);
+                addedEntries.put(lowerAlias, entry);
+            } catch (Exception nsae) {
+                KeyStoreException ke = new KeyStoreException("Key protection algorithm not found: " + nsae);
+                ke.initCause(nsae);
+                throw ke;
+            }
+        }
+    }
+
+    /**
+        * Assigns the given key (that has already been protected) to the given
+     * alias.
+     *
+     * <p>If the protected key is of type
+     * <code>java.security.PrivateKey</code>, it must be accompanied by a
+     * certificate chain certifying the corresponding public key. If the
+     * underlying keystore implementation is of type <code>jks</code>,
+     * <code>key</code> must be encoded as an
+     * <code>EncryptedPrivateKeyInfo</code> as defined in the PKCS #8 standard.
+     *
+     * <p>If the given alias already exists, the keystore information
+     * associated with it is overridden by the given key (and possibly
+                                                          * certificate chain).
+     *
+     * @param alias the alias name
+     * @param key the key (in protected format) to be associated with the alias
+     * @param chain the certificate chain for the corresponding public
+     * key (only useful if the protected key is of type
+            * <code>java.security.PrivateKey</code>).
+     *
+     * @exception KeyStoreException if this operation fails.
+     */
+    public void engineSetKeyEntry(String alias, byte[] key,
+                                  Certificate[] chain)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+            // key must be encoded as EncryptedPrivateKeyInfo as defined in
+            // PKCS#8
+            KeyEntry entry = new KeyEntry();
+            try {
+                EncryptedPrivateKeyInfo privateKey = new EncryptedPrivateKeyInfo(key);
+                entry.protectedPrivKey = privateKey.getEncoded();
+            } catch (IOException ioe) {
+                throw new KeyStoreException("key is not encoded as "
+                                            + "EncryptedPrivateKeyInfo");
+            }
+
+            entry.date = new Date();
+
+            if ((chain != null) &&
+                (chain.length != 0)) {
+                entry.chain = chain.clone();
+                entry.chainRefs = new long[entry.chain.length];
+            }
+
+            String lowerAlias = alias.toLowerCase();
+            if (entries.get(lowerAlias) != null) {
+                deletedEntries.put(lowerAlias, entries.get(alias));
+            }
+            entries.put(lowerAlias, entry);
+            addedEntries.put(lowerAlias, entry);
+        }
+    }
+
+    /**
+        * Assigns the given certificate to the given alias.
+     *
+     * <p>If the given alias already exists in this keystore and identifies a
+     * <i>trusted certificate entry</i>, the certificate associated with it is
+     * overridden by the given certificate.
+     *
+     * @param alias the alias name
+     * @param cert the certificate
+     *
+     * @exception KeyStoreException if the given alias already exists and does
+     * not identify a <i>trusted certificate entry</i>, or this operation
+     * fails for some other reason.
+     */
+    public void engineSetCertificateEntry(String alias, Certificate cert)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+
+            Object entry = entries.get(alias.toLowerCase());
+            if ((entry != null) && (entry instanceof KeyEntry)) {
+                throw new KeyStoreException
+                ("Cannot overwrite key entry with certificate");
+            }
+
+            // This will be slow, but necessary.  Enumerate the values and then see if the cert matches the one in the trusted cert entry.
+            // Security framework doesn't support the same certificate twice in a keychain.
+            Collection<Object> allValues = entries.values();
+
+            for (Object value : allValues) {
+                if (value instanceof TrustedCertEntry) {
+                    TrustedCertEntry tce = (TrustedCertEntry)value;
+                    if (tce.cert.equals(cert)) {
+                        throw new KeyStoreException("Keychain does not support mulitple copies of same certificate.");
+                    }
+                }
+            }
+
+            TrustedCertEntry trustedCertEntry = new TrustedCertEntry();
+            trustedCertEntry.cert = cert;
+            trustedCertEntry.date = new Date();
+            String lowerAlias = alias.toLowerCase();
+            if (entries.get(lowerAlias) != null) {
+                deletedEntries.put(lowerAlias, entries.get(lowerAlias));
+            }
+            entries.put(lowerAlias, trustedCertEntry);
+            addedEntries.put(lowerAlias, trustedCertEntry);
+        }
+    }
+
+    /**
+        * Deletes the entry identified by the given alias from this keystore.
+     *
+     * @param alias the alias name
+     *
+     * @exception KeyStoreException if the entry cannot be removed.
+     */
+    public void engineDeleteEntry(String alias)
+        throws KeyStoreException
+    {
+        permissionCheck();
+
+        synchronized(entries) {
+            Object entry = entries.remove(alias.toLowerCase());
+            deletedEntries.put(alias.toLowerCase(), entry);
+        }
+    }
+
+    /**
+        * Lists all the alias names of this keystore.
+     *
+     * @return enumeration of the alias names
+     */
+    public Enumeration<String> engineAliases() {
+        permissionCheck();
+        return entries.keys();
+    }
+
+    /**
+        * Checks if the given alias exists in this keystore.
+     *
+     * @param alias the alias name
+     *
+     * @return true if the alias exists, false otherwise
+     */
+    public boolean engineContainsAlias(String alias) {
+        permissionCheck();
+        return entries.containsKey(alias.toLowerCase());
+    }
+
+    /**
+        * Retrieves the number of entries in this keystore.
+     *
+     * @return the number of entries in this keystore
+     */
+    public int engineSize() {
+        permissionCheck();
+        return entries.size();
+    }
+
+    /**
+        * Returns true if the entry identified by the given alias is a
+     * <i>key entry</i>, and false otherwise.
+     *
+     * @return true if the entry identified by the given alias is a
+     * <i>key entry</i>, false otherwise.
+     */
+    public boolean engineIsKeyEntry(String alias) {
+        permissionCheck();
+        Object entry = entries.get(alias.toLowerCase());
+        if ((entry != null) && (entry instanceof KeyEntry)) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+        * Returns true if the entry identified by the given alias is a
+     * <i>trusted certificate entry</i>, and false otherwise.
+     *
+     * @return true if the entry identified by the given alias is a
+     * <i>trusted certificate entry</i>, false otherwise.
+     */
+    public boolean engineIsCertificateEntry(String alias) {
+        permissionCheck();
+        Object entry = entries.get(alias.toLowerCase());
+        if ((entry != null) && (entry instanceof TrustedCertEntry)) {
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    /**
+        * Returns the (alias) name of the first keystore entry whose certificate
+     * matches the given certificate.
+     *
+     * <p>This method attempts to match the given certificate with each
+     * keystore entry. If the entry being considered
+     * is a <i>trusted certificate entry</i>, the given certificate is
+     * compared to that entry's certificate. If the entry being considered is
+     * a <i>key entry</i>, the given certificate is compared to the first
+     * element of that entry's certificate chain (if a chain exists).
+     *
+     * @param cert the certificate to match with.
+     *
+     * @return the (alias) name of the first entry with matching certificate,
+     * or null if no such entry exists in this keystore.
+     */
+    public String engineGetCertificateAlias(Certificate cert) {
+        permissionCheck();
+        Certificate certElem;
+
+        for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
+            String alias = e.nextElement();
+            Object entry = entries.get(alias);
+            if (entry instanceof TrustedCertEntry) {
+                certElem = ((TrustedCertEntry)entry).cert;
+            } else {
+                KeyEntry ke = (KeyEntry)entry;
+                if (ke.chain == null || ke.chain.length == 0) {
+                    continue;
+                }
+                certElem = ke.chain[0];
+            }
+            if (certElem.equals(cert)) {
+                return alias;
+            }
+        }
+        return null;
+    }
+
+    /**
+        * Stores this keystore to the given output stream, and protects its
+     * integrity with the given password.
+     *
+     * @param stream Ignored. the output stream to which this keystore is written.
+     * @param password the password to generate the keystore integrity check
+     *
+     * @exception IOException if there was an I/O problem with data
+     * @exception NoSuchAlgorithmException if the appropriate data integrity
+     * algorithm could not be found
+     * @exception CertificateException if any of the certificates included in
+     * the keystore data could not be stored
+     */
+    public void engineStore(OutputStream stream, char[] password)
+        throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        permissionCheck();
+
+        // Delete items that do have a keychain item ref.
+        for (Enumeration<String> e = deletedEntries.keys(); e.hasMoreElements(); ) {
+            String alias = e.nextElement();
+            Object entry = deletedEntries.get(alias);
+            if (entry instanceof TrustedCertEntry) {
+                if (((TrustedCertEntry)entry).certRef != 0) {
+                    _removeItemFromKeychain(((TrustedCertEntry)entry).certRef);
+                    _releaseKeychainItemRef(((TrustedCertEntry)entry).certRef);
+                }
+            } else {
+                Certificate certElem;
+                KeyEntry keyEntry = (KeyEntry)entry;
+
+                if (keyEntry.chain != null) {
+                    for (int i = 0; i < keyEntry.chain.length; i++) {
+                        if (keyEntry.chainRefs[i] != 0) {
+                            _removeItemFromKeychain(keyEntry.chainRefs[i]);
+                            _releaseKeychainItemRef(keyEntry.chainRefs[i]);
+                        }
+                    }
+
+                    if (keyEntry.keyRef != 0) {
+                        _removeItemFromKeychain(keyEntry.keyRef);
+                        _releaseKeychainItemRef(keyEntry.keyRef);
+                    }
+                }
+            }
+        }
+
+        // Add all of the certs or keys in the added entries.
+        // No need to check for 0 refs, as they are in the added list.
+        for (Enumeration<String> e = addedEntries.keys(); e.hasMoreElements(); ) {
+            String alias = e.nextElement();
+            Object entry = addedEntries.get(alias);
+            if (entry instanceof TrustedCertEntry) {
+                TrustedCertEntry tce = (TrustedCertEntry)entry;
+                Certificate certElem;
+                certElem = tce.cert;
+                tce.certRef = addCertificateToKeychain(alias, certElem);
+            } else {
+                KeyEntry keyEntry = (KeyEntry)entry;
+
+                if (keyEntry.chain != null) {
+                    for (int i = 0; i < keyEntry.chain.length; i++) {
+                        keyEntry.chainRefs[i] = addCertificateToKeychain(alias, keyEntry.chain[i]);
+                    }
+
+                    keyEntry.keyRef = _addItemToKeychain(alias, false, keyEntry.protectedPrivKey, keyEntry.password);
+                }
+            }
+        }
+
+        // Clear the added and deletedEntries hashtables here, now that we're done with the updates.
+        // For the deleted entries, we freed up the native references above.
+        deletedEntries.clear();
+        addedEntries.clear();
+    }
+
+    private long addCertificateToKeychain(String alias, Certificate cert) {
+        byte[] certblob = null;
+        long returnValue = 0;
+
+        try {
+            certblob = cert.getEncoded();
+            returnValue = _addItemToKeychain(alias, true, certblob, null);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        return returnValue;
+    }
+
+    private native long _addItemToKeychain(String alias, boolean isCertificate, byte[] datablob, char[] password);
+    private native int _removeItemFromKeychain(long certRef);
+    private native void _releaseKeychainItemRef(long keychainItemRef);
+
+    /**
+      * Loads the keystore from the Keychain.
+     *
+     * @param stream Ignored - here for API compatibility.
+     * @param password Ignored - if user needs to unlock keychain Security
+     * framework will post any dialogs.
+     *
+     * @exception IOException if there is an I/O or format problem with the
+     * keystore data
+     * @exception NoSuchAlgorithmException if the algorithm used to check
+     * the integrity of the keystore cannot be found
+     * @exception CertificateException if any of the certificates in the
+     * keystore could not be loaded
+     */
+    public void engineLoad(InputStream stream, char[] password)
+        throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        permissionCheck();
+
+        // Release any stray keychain references before clearing out the entries.
+        synchronized(entries) {
+            for (Enumeration<String> e = entries.keys(); e.hasMoreElements(); ) {
+                String alias = e.nextElement();
+                Object entry = entries.get(alias);
+                if (entry instanceof TrustedCertEntry) {
+                    if (((TrustedCertEntry)entry).certRef != 0) {
+                        _releaseKeychainItemRef(((TrustedCertEntry)entry).certRef);
+                    }
+                } else {
+                    KeyEntry keyEntry = (KeyEntry)entry;
+
+                    if (keyEntry.chain != null) {
+                        for (int i = 0; i < keyEntry.chain.length; i++) {
+                            if (keyEntry.chainRefs[i] != 0) {
+                                _releaseKeychainItemRef(keyEntry.chainRefs[i]);
+                            }
+                        }
+
+                        if (keyEntry.keyRef != 0) {
+                            _releaseKeychainItemRef(keyEntry.keyRef);
+                        }
+                    }
+                }
+            }
+
+            entries.clear();
+            _scanKeychain();
+        }
+    }
+
+    private native void _scanKeychain();
+
+    /**
+     * Callback method from _scanKeychain.  If a trusted certificate is found, this method will be called.
+     */
+    private void createTrustedCertEntry(String alias, long keychainItemRef, long creationDate, byte[] derStream) {
+        TrustedCertEntry tce = new TrustedCertEntry();
+
+        try {
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+            InputStream input = new ByteArrayInputStream(derStream);
+            X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
+            input.close();
+            tce.cert = cert;
+            tce.certRef = keychainItemRef;
+
+            // Make a creation date.
+            if (creationDate != 0)
+                tce.date = new Date(creationDate);
+            else
+                tce.date = new Date();
+
+            int uniqueVal = 1;
+            String originalAlias = alias;
+
+            while (entries.containsKey(alias.toLowerCase())) {
+                alias = originalAlias + " " + uniqueVal;
+                uniqueVal++;
+            }
+
+            entries.put(alias.toLowerCase(), tce);
+        } catch (Exception e) {
+            // The certificate will be skipped.
+            System.err.println("KeychainStore Ignored Exception: " + e);
+        }
+    }
+
+    /**
+     * Callback method from _scanKeychain.  If an identity is found, this method will be called to create Java certificate
+     * and private key objects from the keychain data.
+     */
+    private void createKeyEntry(String alias, long creationDate, long secKeyRef, long[] secCertificateRefs, byte[][] rawCertData)
+        throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
+        KeyEntry ke = new KeyEntry();
+
+        // First, store off the private key information.  This is the easy part.
+        ke.protectedPrivKey = null;
+        ke.keyRef = secKeyRef;
+
+        // Make a creation date.
+        if (creationDate != 0)
+            ke.date = new Date(creationDate);
+        else
+            ke.date = new Date();
+
+        // Next, create X.509 Certificate objects from the raw data.  This is complicated
+        // because a certificate's public key may be too long for Java's default encryption strength.
+        List<CertKeychainItemPair> createdCerts = new ArrayList<>();
+
+        try {
+            CertificateFactory cf = CertificateFactory.getInstance("X.509");
+
+            for (int i = 0; i < rawCertData.length; i++) {
+                try {
+                    InputStream input = new ByteArrayInputStream(rawCertData[i]);
+                    X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
+                    input.close();
+
+                    // We successfully created the certificate, so track it and its corresponding SecCertificateRef.
+                    createdCerts.add(new CertKeychainItemPair(secCertificateRefs[i], cert));
+                } catch (CertificateException e) {
+                    // The certificate will be skipped.
+                    System.err.println("KeychainStore Ignored Exception: " + e);
+                }
+            }
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        } catch (IOException ioe) {
+            ioe.printStackTrace();  // How would this happen?
+        }
+
+        // We have our certificates in the List, so now extract them into an array of
+        // Certificates and SecCertificateRefs.
+        CertKeychainItemPair[] objArray = createdCerts.toArray(new CertKeychainItemPair[0]);
+        Certificate[] certArray = new Certificate[objArray.length];
+        long[] certRefArray = new long[objArray.length];
+
+        for (int i = 0; i < objArray.length; i++) {
+            CertKeychainItemPair addedItem = objArray[i];
+            certArray[i] = addedItem.mCert;
+            certRefArray[i] = addedItem.mCertificateRef;
+        }
+
+        ke.chain = certArray;
+        ke.chainRefs = certRefArray;
+
+        // If we don't have already have an item with this item's alias
+        // create a new one for it.
+        int uniqueVal = 1;
+        String originalAlias = alias;
+
+        while (entries.containsKey(alias.toLowerCase())) {
+            alias = originalAlias + " " + uniqueVal;
+            uniqueVal++;
+        }
+
+        entries.put(alias.toLowerCase(), ke);
+    }
+
+    private class CertKeychainItemPair {
+        long mCertificateRef;
+        Certificate mCert;
+
+        CertKeychainItemPair(long inCertRef, Certificate cert) {
+            mCertificateRef = inCertRef;
+            mCert = cert;
+        }
+    }
+
+    /*
+     * Validate Certificate Chain
+     */
+    private boolean validateChain(Certificate[] certChain)
+    {
+        for (int i = 0; i < certChain.length-1; i++) {
+            X500Principal issuerDN =
+            ((X509Certificate)certChain[i]).getIssuerX500Principal();
+            X500Principal subjectDN =
+                ((X509Certificate)certChain[i+1]).getSubjectX500Principal();
+            if (!(issuerDN.equals(subjectDN)))
+                return false;
+        }
+        return true;
+    }
+
+    @SuppressWarnings("deprecation")
+    private byte[] fetchPrivateKeyFromBag(byte[] privateKeyInfo) throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        byte[] returnValue = null;
+        DerValue val = new DerValue(new ByteArrayInputStream(privateKeyInfo));
+        DerInputStream s = val.toDerInputStream();
+        int version = s.getInteger();
+
+        if (version != 3) {
+            throw new IOException("PKCS12 keystore not in version 3 format");
+        }
+
+        /*
+            * Read the authSafe.
+         */
+        byte[] authSafeData;
+        ContentInfo authSafe = new ContentInfo(s);
+        ObjectIdentifier contentType = authSafe.getContentType();
+
+        if (contentType.equals(ContentInfo.DATA_OID)) {
+            authSafeData = authSafe.getData();
+        } else /* signed data */ {
+            throw new IOException("public key protected PKCS12 not supported");
+        }
+
+        DerInputStream as = new DerInputStream(authSafeData);
+        DerValue[] safeContentsArray = as.getSequence(2);
+        int count = safeContentsArray.length;
+
+        /*
+         * Spin over the ContentInfos.
+         */
+        for (int i = 0; i < count; i++) {
+            byte[] safeContentsData;
+            ContentInfo safeContents;
+            DerInputStream sci;
+            byte[] eAlgId = null;
+
+            sci = new DerInputStream(safeContentsArray[i].toByteArray());
+            safeContents = new ContentInfo(sci);
+            contentType = safeContents.getContentType();
+            safeContentsData = null;
+
+            if (contentType.equals(ContentInfo.DATA_OID)) {
+                safeContentsData = safeContents.getData();
+            } else if (contentType.equals(ContentInfo.ENCRYPTED_DATA_OID)) {
+                // The password was used to export the private key from the keychain.
+                // The Keychain won't export the key with encrypted data, so we don't need
+                // to worry about it.
+                continue;
+            } else {
+                throw new IOException("public key protected PKCS12" +
+                                      " not supported");
+            }
+            DerInputStream sc = new DerInputStream(safeContentsData);
+            returnValue = extractKeyData(sc);
+        }
+
+        return returnValue;
+    }
+
+    @SuppressWarnings("deprecation")
+    private byte[] extractKeyData(DerInputStream stream)
+        throws IOException, NoSuchAlgorithmException, CertificateException
+    {
+        byte[] returnValue = null;
+        DerValue[] safeBags = stream.getSequence(2);
+        int count = safeBags.length;
+
+        /*
+         * Spin over the SafeBags.
+         */
+        for (int i = 0; i < count; i++) {
+            ObjectIdentifier bagId;
+            DerInputStream sbi;
+            DerValue bagValue;
+            Object bagItem = null;
+
+            sbi = safeBags[i].toDerInputStream();
+            bagId = sbi.getOID();
+            bagValue = sbi.getDerValue();
+            if (!bagValue.isContextSpecific((byte)0)) {
+                throw new IOException("unsupported PKCS12 bag value type "
+                                      + bagValue.tag);
+            }
+            bagValue = bagValue.data.getDerValue();
+            if (bagId.equals(PKCS8ShroudedKeyBag_OID)) {
+                // got what we were looking for.  Return it.
+                returnValue = bagValue.toByteArray();
+            } else {
+                // log error message for "unsupported PKCS12 bag type"
+                System.out.println("Unsupported bag type '" + bagId + "'");
+            }
+        }
+
+        return returnValue;
+    }
+
+    /*
+        * Generate PBE Algorithm Parameters
+     */
+    private AlgorithmParameters getAlgorithmParameters(String algorithm)
+        throws IOException
+    {
+        AlgorithmParameters algParams = null;
+
+        // create PBE parameters from salt and iteration count
+        PBEParameterSpec paramSpec =
+            new PBEParameterSpec(getSalt(), iterationCount);
+        try {
+            algParams = AlgorithmParameters.getInstance(algorithm);
+            algParams.init(paramSpec);
+        } catch (Exception e) {
+            IOException ioe =
+            new IOException("getAlgorithmParameters failed: " +
+                            e.getMessage());
+            ioe.initCause(e);
+            throw ioe;
+        }
+        return algParams;
+    }
+
+    // the source of randomness
+    private SecureRandom random;
+
+    /*
+     * Generate random salt
+     */
+    private byte[] getSalt()
+    {
+        // Generate a random salt.
+        byte[] salt = new byte[SALT_LEN];
+        if (random == null) {
+            random = new SecureRandom();
+        }
+        salt = random.generateSeed(SALT_LEN);
+        return salt;
+    }
+
+    /*
+     * parse Algorithm Parameters
+     */
+    private AlgorithmParameters parseAlgParameters(DerInputStream in)
+        throws IOException
+    {
+        AlgorithmParameters algParams = null;
+        try {
+            DerValue params;
+            if (in.available() == 0) {
+                params = null;
+            } else {
+                params = in.getDerValue();
+                if (params.tag == DerValue.tag_Null) {
+                    params = null;
+                }
+            }
+            if (params != null) {
+                algParams = AlgorithmParameters.getInstance("PBE");
+                algParams.init(params.toByteArray());
+            }
+        } catch (Exception e) {
+            IOException ioe =
+            new IOException("parseAlgParameters failed: " +
+                            e.getMessage());
+            ioe.initCause(e);
+            throw ioe;
+        }
+        return algParams;
+    }
+
+    /*
+     * Generate PBE key
+     */
+    private SecretKey getPBEKey(char[] password) throws IOException
+    {
+        SecretKey skey = null;
+
+        try {
+            PBEKeySpec keySpec = new PBEKeySpec(password);
+            SecretKeyFactory skFac = SecretKeyFactory.getInstance("PBE");
+            skey = skFac.generateSecret(keySpec);
+        } catch (Exception e) {
+            IOException ioe = new IOException("getSecretKey failed: " +
+                                              e.getMessage());
+            ioe.initCause(e);
+            throw ioe;
+        }
+        return skey;
+    }
+
+    /*
+     * Encrypt private key using Password-based encryption (PBE)
+     * as defined in PKCS#5.
+     *
+     * NOTE: Currently pbeWithSHAAnd3-KeyTripleDES-CBC algorithmID is
+     *       used to derive the key and IV.
+     *
+     * @return encrypted private key encoded as EncryptedPrivateKeyInfo
+     */
+    private byte[] encryptPrivateKey(byte[] data, char[] password)
+        throws IOException, NoSuchAlgorithmException, UnrecoverableKeyException
+    {
+        byte[] key = null;
+
+        try {
+            // create AlgorithmParameters
+            AlgorithmParameters algParams =
+            getAlgorithmParameters("PBEWithSHA1AndDESede");
+
+            // Use JCE
+            SecretKey skey = getPBEKey(password);
+            Cipher cipher = Cipher.getInstance("PBEWithSHA1AndDESede");
+            cipher.init(Cipher.ENCRYPT_MODE, skey, algParams);
+            byte[] encryptedKey = cipher.doFinal(data);
+
+            // wrap encrypted private key in EncryptedPrivateKeyInfo
+            // as defined in PKCS#8
+            AlgorithmId algid =
+                new AlgorithmId(pbeWithSHAAnd3KeyTripleDESCBC_OID, algParams);
+            EncryptedPrivateKeyInfo encrInfo =
+                new EncryptedPrivateKeyInfo(algid, encryptedKey);
+            key = encrInfo.getEncoded();
+        } catch (Exception e) {
+            UnrecoverableKeyException uke =
+            new UnrecoverableKeyException("Encrypt Private Key failed: "
+                                          + e.getMessage());
+            uke.initCause(e);
+            throw uke;
+        }
+
+        return key;
+    }
+
+
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/macosx/native/libosxsecurity/KeystoreImpl.m	Tue Aug 25 14:32:08 2015 -0700
@@ -0,0 +1,589 @@
+/*
+ * Copyright (c) 2011, 2014, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#import "apple_security_KeychainStore.h"
+
+#import <Security/Security.h>
+#import <Security/SecImportExport.h>
+#import <CoreServices/CoreServices.h>  // (for require() macros)
+#import <JavaNativeFoundation/JavaNativeFoundation.h>
+
+
+static JNF_CLASS_CACHE(jc_KeychainStore, "apple/security/KeychainStore");
+static JNF_MEMBER_CACHE(jm_createTrustedCertEntry, jc_KeychainStore, "createTrustedCertEntry", "(Ljava/lang/String;JJ[B)V");
+static JNF_MEMBER_CACHE(jm_createKeyEntry, jc_KeychainStore, "createKeyEntry", "(Ljava/lang/String;JJ[J[[B)V");
+
+static jstring getLabelFromItem(JNIEnv *env, SecKeychainItemRef inItem)
+{
+    OSStatus status;
+    jstring returnValue = NULL;
+    char *attribCString = NULL;
+
+    SecKeychainAttribute itemAttrs[] = { { kSecLabelItemAttr, 0, NULL } };
+    SecKeychainAttributeList attrList = { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs };
+
+    status = SecKeychainItemCopyContent(inItem, NULL, &attrList, NULL, NULL);
+
+    if(status) {
+        cssmPerror("getLabelFromItem: SecKeychainItemCopyContent", status);
+        goto errOut;
+    }
+
+    attribCString = malloc(itemAttrs[0].length + 1);
+    strncpy(attribCString, itemAttrs[0].data, itemAttrs[0].length);
+    attribCString[itemAttrs[0].length] = '\0';
+    returnValue = (*env)->NewStringUTF(env, attribCString);
+
+errOut:
+    SecKeychainItemFreeContent(&attrList, NULL);
+    if (attribCString) free(attribCString);
+    return returnValue;
+}
+
+static jlong getModDateFromItem(JNIEnv *env, SecKeychainItemRef inItem)
+{
+    OSStatus status;
+    SecKeychainAttribute itemAttrs[] = { { kSecModDateItemAttr, 0, NULL } };
+    SecKeychainAttributeList attrList = { sizeof(itemAttrs) / sizeof(itemAttrs[0]), itemAttrs };
+    jlong returnValue = 0;
+
+    status = SecKeychainItemCopyContent(inItem, NULL, &attrList, NULL, NULL);
+
+    if(status) {
+        // This is almost always missing, so don't dump an error.
+        // cssmPerror("getModDateFromItem: SecKeychainItemCopyContent", status);
+        goto errOut;
+    }
+
+    memcpy(&returnValue, itemAttrs[0].data, itemAttrs[0].length);
+
+errOut:
+    SecKeychainItemFreeContent(&attrList, NULL);
+    return returnValue;
+}
+
+static void setLabelForItem(NSString *inLabel, SecKeychainItemRef inItem)
+{
+    OSStatus status;
+    const char *labelCString = [inLabel UTF8String];
+
+    // Set up attribute vector (each attribute consists of {tag, length, pointer}):
+    SecKeychainAttribute attrs[] = {
+        { kSecLabelItemAttr, strlen(labelCString), (void *)labelCString }
+    };
+
+    const SecKeychainAttributeList attributes = { sizeof(attrs) / sizeof(attrs[0]), attrs };
+
+    // Not changing data here, just attributes.
+    status = SecKeychainItemModifyContent(inItem, &attributes, 0, NULL);
+
+    if(status) {
+        cssmPerror("setLabelForItem: SecKeychainItemModifyContent", status);
+    }
+}
+
+/*
+ * Given a SecIdentityRef, do our best to construct a complete, ordered, and
+ * verified cert chain, returning the result in a CFArrayRef. The result is
+ * can be passed back to Java as a chain for a private key.
+ */
+static OSStatus completeCertChain(
+                                     SecIdentityRef         identity,
+                                     SecCertificateRef    trustedAnchor,    // optional additional trusted anchor
+                                     bool                 includeRoot,     // include the root in outArray
+                                     CFArrayRef            *outArray)        // created and RETURNED
+{
+    SecTrustRef                    secTrust = NULL;
+    SecPolicyRef                policy = NULL;
+    SecPolicySearchRef            policySearch = NULL;
+    SecTrustResultType            secTrustResult;
+    CSSM_TP_APPLE_EVIDENCE_INFO *dummyEv;            // not used
+    CFArrayRef                    certChain = NULL;   // constructed chain, CERTS ONLY
+    CFMutableArrayRef             subjCerts;            // passed to SecTrust
+    CFMutableArrayRef             certArray;            // returned array starting with
+                                                    //   identity
+    CFIndex                     numResCerts;
+    CFIndex                     dex;
+    OSStatus                     ortn;
+      SecCertificateRef             certRef;
+
+    /* First element in out array is the SecIdentity */
+    certArray = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
+    CFArrayAppendValue(certArray, identity);
+
+    /* the single element in certs-to-be-evaluated comes from the identity */
+       ortn = SecIdentityCopyCertificate(identity, &certRef);
+    if(ortn) {
+        /* should never happen */
+        cssmPerror("SecIdentityCopyCertificate", ortn);
+        return ortn;
+    }
+
+    /*
+     * Now use SecTrust to get a complete cert chain, using all of the
+     * user's keychains to look for intermediate certs.
+     * NOTE this does NOT handle root certs which are not in the system
+     * root cert DB.
+     */
+    subjCerts = CFArrayCreateMutable(NULL, 1, &kCFTypeArrayCallBacks);
+    CFArraySetValueAtIndex(subjCerts, 0, certRef);
+
+    /* the array owns the subject cert ref now */
+    CFRelease(certRef);
+
+    /* Get a SecPolicyRef for generic X509 cert chain verification */
+    ortn = SecPolicySearchCreate(CSSM_CERT_X_509v3,
+                                 &CSSMOID_APPLE_X509_BASIC,
+                                 NULL,                // value
+                                 &policySearch);
+    if(ortn) {
+        /* should never happen */
+        cssmPerror("SecPolicySearchCreate", ortn);
+        goto errOut;
+    }
+    ortn = SecPolicySearchCopyNext(policySearch, &policy);
+    if(ortn) {
+        /* should never happen */
+        cssmPerror("SecPolicySearchCopyNext", ortn);
+        goto errOut;
+    }
+
+    /* build a SecTrustRef for specified policy and certs */
+    ortn = SecTrustCreateWithCertificates(subjCerts,
+                                          policy, &secTrust);
+    if(ortn) {
+        cssmPerror("SecTrustCreateWithCertificates", ortn);
+        goto errOut;
+    }
+
+    if(trustedAnchor) {
+        /*
+        * Tell SecTrust to trust this one in addition to the current
+         * trusted system-wide anchors.
+         */
+        CFMutableArrayRef newAnchors;
+        CFArrayRef currAnchors;
+
+        ortn = SecTrustCopyAnchorCertificates(&currAnchors);
+        if(ortn) {
+            /* should never happen */
+            cssmPerror("SecTrustCopyAnchorCertificates", ortn);
+            goto errOut;
+        }
+        newAnchors = CFArrayCreateMutableCopy(NULL,
+                                              CFArrayGetCount(currAnchors) + 1,
+                                              currAnchors);
+        CFRelease(currAnchors);
+        CFArrayAppendValue(newAnchors, trustedAnchor);
+        ortn = SecTrustSetAnchorCertificates(secTrust, newAnchors);
+        CFRelease(newAnchors);
+        if(ortn) {
+            cssmPerror("SecTrustSetAnchorCertificates", ortn);
+            goto errOut;
+        }
+    }
+
+    /* evaluate: GO */
+    ortn = SecTrustEvaluate(secTrust, &secTrustResult);
+    if(ortn) {
+        cssmPerror("SecTrustEvaluate", ortn);
+        goto errOut;
+    }
+    switch(secTrustResult) {
+        case kSecTrustResultUnspecified:
+            /* cert chain valid, no special UserTrust assignments; drop thru */
+        case kSecTrustResultProceed:
+            /* cert chain valid AND user explicitly trusts this */
+            break;
+        default:
+            /*
+             * Cert chain construction failed.
+             * Just go with the single subject cert we were given; maybe the
+             * peer can complete the chain.
+             */
+            ortn = noErr;
+            goto errOut;
+    }
+
+    /* get resulting constructed cert chain */
+    ortn = SecTrustGetResult(secTrust, &secTrustResult, &certChain, &dummyEv);
+    if(ortn) {
+        cssmPerror("SecTrustEvaluate", ortn);
+        goto errOut;
+    }
+
+    /*
+     * Copy certs from constructed chain to our result array, skipping
+     * the leaf (which is already there, as a SecIdentityRef) and possibly
+     * a root.
+     */
+    numResCerts = CFArrayGetCount(certChain);
+    if(numResCerts < 1) {
+        /*
+         * Can't happen: If chain doesn't verify to a root, we'd
+         * have bailed after SecTrustEvaluate().
+         */
+        ortn = noErr;
+        goto errOut;
+    }
+    if(!includeRoot) {
+        /* skip the last (root) cert) */
+        numResCerts--;
+    }
+    for(dex=1; dex<numResCerts; dex++) {
+        certRef = (SecCertificateRef)CFArrayGetValueAtIndex(certChain, dex);
+        CFArrayAppendValue(certArray, certRef);
+    }
+errOut:
+        /* clean up */
+        if(secTrust) {
+            CFRelease(secTrust);
+        }
+    if(subjCerts) {
+        CFRelease(subjCerts);
+    }
+    if(policy) {
+        CFRelease(policy);
+    }
+    if(policySearch) {
+        CFRelease(policySearch);
+    }
+    *outArray = certArray;
+    return ortn;
+}
+
+static void addIdentitiesToKeystore(JNIEnv *env, jobject keyStore)
+{
+    // Search the user keychain list for all identities. Identities are a certificate/private key association that
+    // can be chosen for a purpose such as signing or an SSL connection.
+    SecIdentitySearchRef identitySearch = NULL;
+    // Pass 0 if you want all identities returned by this search
+    OSStatus err = SecIdentitySearchCreate(NULL, 0, &identitySearch);
+    SecIdentityRef theIdentity = NULL;
+    OSErr searchResult = noErr;
+
+    do {
+        searchResult = SecIdentitySearchCopyNext(identitySearch, &theIdentity);
+
+        if (searchResult == noErr) {
+            // Get the cert from the identity, then generate a chain.
+            SecCertificateRef certificate;
+            SecIdentityCopyCertificate(theIdentity, &certificate);
+            CFArrayRef certChain = NULL;
+
+            // *** Should do something with this error...
+            err = completeCertChain(theIdentity, NULL, TRUE, &certChain);
+
+            CFIndex i, certCount = CFArrayGetCount(certChain);
+
+            // Make a java array of certificate data from the chain.
+            jclass byteArrayClass = (*env)->FindClass(env, "[B");
+            if (byteArrayClass == NULL) {
+                goto errOut;
+            }
+            jobjectArray javaCertArray = (*env)->NewObjectArray(env, certCount, byteArrayClass, NULL);
+            // Cleanup first then check for a NULL return code
+            (*env)->DeleteLocalRef(env, byteArrayClass);
+            if (javaCertArray == NULL) {
+                goto errOut;
+            }
+
+            // And, make an array of the certificate refs.
+            jlongArray certRefArray = (*env)->NewLongArray(env, certCount);
+            if (certRefArray == NULL) {
+                goto errOut;
+            }
+
+            SecCertificateRef currCertRef = NULL;
+
+            for (i = 0; i < certCount; i++) {
+                CSSM_DATA currCertData;
+
+                if (i == 0)
+                    currCertRef = certificate;
+                else
+                    currCertRef = (SecCertificateRef)CFArrayGetValueAtIndex(certChain, i);
+
+                bzero(&currCertData, sizeof(CSSM_DATA));
+                err = SecCertificateGetData(currCertRef, &currCertData);
+                jbyteArray encodedCertData = (*env)->NewByteArray(env, currCertData.Length);
+                if (encodedCertData == NULL) {
+                    goto errOut;
+                }
+                (*env)->SetByteArrayRegion(env, encodedCertData, 0, currCertData.Length, (jbyte *)currCertData.Data);
+                (*env)->SetObjectArrayElement(env, javaCertArray, i, encodedCertData);
+                jlong certRefElement = ptr_to_jlong(currCertRef);
+                (*env)->SetLongArrayRegion(env, certRefArray, i, 1, &certRefElement);
+            }
+
+            // Get the private key.  When needed we'll export the data from it later.
+            SecKeyRef privateKeyRef;
+            err = SecIdentityCopyPrivateKey(theIdentity, &privateKeyRef);
+
+            // Find the label.  It's a 'blob', but we interpret as characters.
+            jstring alias = getLabelFromItem(env, (SecKeychainItemRef)certificate);
+            if (alias == NULL) {
+                goto errOut;
+            }
+
+            // Find the creation date.
+            jlong creationDate = getModDateFromItem(env, (SecKeychainItemRef)certificate);
+
+            // Call back to the Java object to create Java objects corresponding to this security object.
+            jlong nativeKeyRef = ptr_to_jlong(privateKeyRef);
+            JNFCallVoidMethod(env, keyStore, jm_createKeyEntry, alias, creationDate, nativeKeyRef, certRefArray, javaCertArray);
+        }
+    } while (searchResult == noErr);
+
+errOut:
+    if (identitySearch != NULL) {
+        CFRelease(identitySearch);
+    }
+}
+
+static void addCertificatesToKeystore(JNIEnv *env, jobject keyStore)
+{
+    // Search the user keychain list for all X509 certificates.
+    SecKeychainSearchRef keychainItemSearch = NULL;
+    OSStatus err = SecKeychainSearchCreateFromAttributes(NULL, kSecCertificateItemClass, NULL, &keychainItemSearch);
+    SecKeychainItemRef theItem = NULL;
+    OSErr searchResult = noErr;
+
+    do {
+        searchResult = SecKeychainSearchCopyNext(keychainItemSearch, &theItem);
+
+        if (searchResult == noErr) {
+            // Make a byte array with the DER-encoded contents of the certificate.
+            SecCertificateRef certRef = (SecCertificateRef)theItem;
+            CSSM_DATA currCertificate;
+            err = SecCertificateGetData(certRef, &currCertificate);
+            jbyteArray certData = (*env)->NewByteArray(env, currCertificate.Length);
+            if (certData == NULL) {
+                goto errOut;
+            }
+            (*env)->SetByteArrayRegion(env, certData, 0, currCertificate.Length, (jbyte *)currCertificate.Data);
+
+            // Find the label.  It's a 'blob', but we interpret as characters.
+            jstring alias = getLabelFromItem(env, theItem);
+            if (alias == NULL) {
+                goto errOut;
+            }
+
+            // Find the creation date.
+            jlong creationDate = getModDateFromItem(env, theItem);
+
+            // Call back to the Java object to create Java objects corresponding to this security object.
+            jlong nativeRef = ptr_to_jlong(certRef);
+            JNFCallVoidMethod(env, keyStore, jm_createTrustedCertEntry, alias, nativeRef, creationDate, certData);
+        }
+    } while (searchResult == noErr);
+
+errOut:
+    if (keychainItemSearch != NULL) {
+        CFRelease(keychainItemSearch);
+    }
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _getEncodedKeyData
+ * Signature: (J)[B
+     */
+JNIEXPORT jbyteArray JNICALL Java_apple_security_KeychainStore__1getEncodedKeyData
+(JNIEnv *env, jobject this, jlong keyRefLong, jcharArray passwordObj)
+{
+    SecKeyRef keyRef = (SecKeyRef)jlong_to_ptr(keyRefLong);
+    SecKeyImportExportParameters paramBlock;
+    OSStatus err = noErr;
+    CFDataRef exportedData = NULL;
+    jbyteArray returnValue = NULL;
+    CFStringRef passwordStrRef = NULL;
+
+    jsize passwordLen = 0;
+    jchar *passwordChars = NULL;
+
+    if (passwordObj) {
+        passwordLen = (*env)->GetArrayLength(env, passwordObj);
+
+        if (passwordLen > 0) {
+            passwordChars = (*env)->GetCharArrayElements(env, passwordObj, NULL);
+            if (passwordChars == NULL) {
+                goto errOut;
+            }
+            passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen);
+        }
+    }
+
+    paramBlock.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
+    // Note that setting the flags field **requires** you to pass in a password of some kind.  The keychain will not prompt you.
+    paramBlock.flags = 0;
+    paramBlock.passphrase = passwordStrRef;
+    paramBlock.alertTitle = NULL;
+    paramBlock.alertPrompt = NULL;
+    paramBlock.accessRef = NULL;
+    paramBlock.keyUsage = CSSM_KEYUSE_ANY;
+    paramBlock.keyAttributes = CSSM_KEYATTR_RETURN_DEFAULT;
+
+    err = SecKeychainItemExport(keyRef, kSecFormatPKCS12, 0, &paramBlock, &exportedData);
+
+    if (err == noErr) {
+        CFIndex size = CFDataGetLength(exportedData);
+        returnValue = (*env)->NewByteArray(env, size);
+        if (returnValue == NULL) {
+            goto errOut;
+        }
+        (*env)->SetByteArrayRegion(env, returnValue, 0, size, (jbyte *)CFDataGetBytePtr(exportedData));
+    }
+
+errOut:
+    if (exportedData) CFRelease(exportedData);
+    if (passwordStrRef) CFRelease(passwordStrRef);
+
+    return returnValue;
+}
+
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _scanKeychain
+ * Signature: ()V
+ */
+JNIEXPORT void JNICALL Java_apple_security_KeychainStore__1scanKeychain
+(JNIEnv *env, jobject this)
+{
+    // Look for 'identities' -- private key and certificate chain pairs -- and add those.
+    // Search for these first, because a certificate that's found here as part of an identity will show up
+    // again later as a certificate.
+    addIdentitiesToKeystore(env, this);
+
+    // Scan current keychain for trusted certificates.
+    addCertificatesToKeystore(env, this);
+
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _addItemToKeychain
+ * Signature: (Ljava/lang/String;[B)I
+*/
+JNIEXPORT jlong JNICALL Java_apple_security_KeychainStore__1addItemToKeychain
+(JNIEnv *env, jobject this, jstring alias, jboolean isCertificate, jbyteArray rawDataObj, jcharArray passwordObj)
+{
+    OSStatus err;
+    jlong returnValue = 0;
+
+JNF_COCOA_ENTER(env);
+
+    jsize dataSize = (*env)->GetArrayLength(env, rawDataObj);
+    jbyte *rawData = (*env)->GetByteArrayElements(env, rawDataObj, NULL);
+    if (rawData == NULL) {
+        goto errOut;
+    }
+
+    CFDataRef cfDataToImport = CFDataCreate(kCFAllocatorDefault, (UInt8 *)rawData, dataSize);
+    CFArrayRef createdItems = NULL;
+
+    SecKeychainRef defaultKeychain = NULL;
+    SecKeychainCopyDefault(&defaultKeychain);
+
+    SecExternalItemType dataType = (isCertificate == JNI_TRUE ? kSecFormatX509Cert : kSecFormatWrappedPKCS8);
+
+    // Convert the password obj into a CFStringRef that the keychain importer can use for encryption.
+    SecKeyImportExportParameters paramBlock;
+    CFStringRef passwordStrRef = NULL;
+
+    jsize passwordLen = 0;
+    jchar *passwordChars = NULL;
+
+    if (passwordObj) {
+        passwordLen = (*env)->GetArrayLength(env, passwordObj);
+        passwordChars = (*env)->GetCharArrayElements(env, passwordObj, NULL);
+        passwordStrRef = CFStringCreateWithCharacters(kCFAllocatorDefault, passwordChars, passwordLen);
+    }
+
+    paramBlock.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION;
+    // Note that setting the flags field **requires** you to pass in a password of some kind.  The keychain will not prompt you.
+    paramBlock.flags = 0;
+    paramBlock.passphrase = passwordStrRef;
+    paramBlock.alertTitle = NULL;
+    paramBlock.alertPrompt = NULL;
+    paramBlock.accessRef = NULL;
+    paramBlock.keyUsage = CSSM_KEYUSE_ANY;
+    paramBlock.keyAttributes = CSSM_KEYATTR_RETURN_DEFAULT;
+
+    err = SecKeychainItemImport(cfDataToImport, NULL, &dataType, NULL,
+                                0, &paramBlock, defaultKeychain, &createdItems);
+
+    if (err == noErr) {
+        SecKeychainItemRef anItem = (SecKeychainItemRef)CFArrayGetValueAtIndex(createdItems, 0);
+
+        // Don't bother labeling keys. They become part of an identity, and are not an accessible part of the keychain.
+        if (CFGetTypeID(anItem) == SecCertificateGetTypeID()) {
+            setLabelForItem(JNFJavaToNSString(env, alias), anItem);
+        }
+
+        // Retain the item, since it will be released once when the array holding it gets released.
+        CFRetain(anItem);
+        returnValue = ptr_to_jlong(anItem);
+    } else {
+        cssmPerror("_addItemToKeychain: SecKeychainItemImport", err);
+    }
+
+    (*env)->ReleaseByteArrayElements(env, rawDataObj, rawData, JNI_ABORT);
+
+    if (createdItems != NULL) {
+        CFRelease(createdItems);
+    }
+
+errOut: ;
+
+JNF_COCOA_EXIT(env);
+
+    return returnValue;
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _removeItemFromKeychain
+ * Signature: (J)I
+*/
+JNIEXPORT jint JNICALL Java_apple_security_KeychainStore__1removeItemFromKeychain
+(JNIEnv *env, jobject this, jlong keychainItem)
+{
+    SecKeychainItemRef itemToRemove = jlong_to_ptr(keychainItem);
+    return SecKeychainItemDelete(itemToRemove);
+}
+
+/*
+ * Class:     apple_security_KeychainStore
+ * Method:    _releaseKeychainItemRef
+ * Signature: (J)V
+ */
+JNIEXPORT void JNICALL Java_apple_security_KeychainStore__1releaseKeychainItemRef
+(JNIEnv *env, jobject this, jlong keychainItem)
+{
+    SecKeychainItemRef itemToFree = jlong_to_ptr(keychainItem);
+    CFRelease(itemToFree);
+}
--- a/src/java.base/share/classes/java/lang/Character.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/Character.java	Tue Aug 25 14:32:08 2015 -0700
@@ -9356,7 +9356,7 @@
      *     <td>{@code FORM FEED}</td></tr>
      * <tr><td>{@code '\r'}</td>            <td>{@code U+000D}</td>
      *     <td>{@code CARRIAGE RETURN}</td></tr>
-     * <tr><td>{@code '&nbsp;'}</td>  <td>{@code U+0020}</td>
+     * <tr><td>{@code ' '}</td>             <td>{@code U+0020}</td>
      *     <td>{@code SPACE}</td></tr>
      * </table>
      *
--- a/src/java.base/share/classes/java/lang/Shutdown.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/Shutdown.java	Tue Aug 25 14:32:08 2015 -0700
@@ -86,10 +86,10 @@
      *               to be registered even if the shutdown is in progress.
      * @params hook  the hook to be registered
      *
-     * @throw IllegalStateException
-     *        if registerShutdownInProgress is false and shutdown is in progress; or
-     *        if registerShutdownInProgress is true and the shutdown process
-     *           already passes the given slot
+     * @throws IllegalStateException
+     *         if registerShutdownInProgress is false and shutdown is in progress; or
+     *         if registerShutdownInProgress is true and the shutdown process
+     *         already passes the given slot
      */
     static void add(int slot, boolean registerShutdownInProgress, Runnable hook) {
         synchronized (lock) {
--- a/src/java.base/share/classes/java/lang/invoke/MemberName.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/invoke/MemberName.java	Tue Aug 25 14:32:08 2015 -0700
@@ -93,7 +93,7 @@
     /** Return the simple name of this member.
      *  For a type, it is the same as {@link Class#getSimpleName}.
      *  For a method or field, it is the simple name of the member.
-     *  For a constructor, it is always {@code "&lt;init&gt;"}.
+     *  For a constructor, it is always {@code "<init>"}.
      */
     public String getName() {
         if (name == null) {
@@ -727,7 +727,7 @@
     }
     /** Create a method or constructor name from the given components:
      *  Declaring class, name, type, reference kind.
-     *  It will be a constructor if and only if the name is {@code "&lt;init&gt;"}.
+     *  It will be a constructor if and only if the name is {@code "<init>"}.
      *  The declaring class may be supplied as null if this is to be a bare name and type.
      *  The last argument is optional, a boolean which requests REF_invokeSpecial.
      *  The resulting name will in an unresolved state.
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleInfo.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleInfo.java	Tue Aug 25 14:32:08 2015 -0700
@@ -155,7 +155,7 @@
 
     /**
      * Returns the name of the cracked method handle's underlying member.
-     * This is {@code "&lt;init&gt;"} if the underlying member was a constructor,
+     * This is {@code "<init>"} if the underlying member was a constructor,
      * else it is a simple method name or field name.
      * @return the simple name of the underlying member
      */
--- a/src/java.base/share/classes/java/lang/invoke/Stable.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/invoke/Stable.java	Tue Aug 25 14:32:08 2015 -0700
@@ -51,7 +51,7 @@
  * If the field is an array type, then both the field value and
  * all the components of the field value (if the field value is non-null)
  * are indicated to be stable.
- * If the field type is an array type with rank {@code N &gt; 1},
+ * If the field type is an array type with rank {@code N > 1},
  * then each component of the field value (if the field value is non-null),
  * is regarded as a stable array of rank {@code N-1}.
  * <p>
--- a/src/java.base/share/classes/java/lang/invoke/SwitchPoint.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/invoke/SwitchPoint.java	Tue Aug 25 14:32:08 2015 -0700
@@ -55,20 +55,20 @@
  * At that point {@code guardWithTest} may ignore {@code T} and return {@code F}.
  * <p>
  * Here is an example of a switch point in action:
- * <blockquote><pre>{@code
-MethodHandle MH_strcat = MethodHandles.lookup()
-    .findVirtual(String.class, "concat", MethodType.methodType(String.class, String.class));
-SwitchPoint spt = new SwitchPoint();
-assert(!spt.hasBeenInvalidated());
-// the following steps may be repeated to re-use the same switch point:
-MethodHandle worker1 = MH_strcat;
-MethodHandle worker2 = MethodHandles.permuteArguments(MH_strcat, MH_strcat.type(), 1, 0);
-MethodHandle worker = spt.guardWithTest(worker1, worker2);
-assertEquals("method", (String) worker.invokeExact("met", "hod"));
-SwitchPoint.invalidateAll(new SwitchPoint[]{ spt });
-assert(spt.hasBeenInvalidated());
-assertEquals("hodmet", (String) worker.invokeExact("met", "hod"));
- * }</pre></blockquote>
+ * <pre>{@code
+ * MethodHandle MH_strcat = MethodHandles.lookup()
+ *     .findVirtual(String.class, "concat", MethodType.methodType(String.class, String.class));
+ * SwitchPoint spt = new SwitchPoint();
+ * assert(!spt.hasBeenInvalidated());
+ * // the following steps may be repeated to re-use the same switch point:
+ * MethodHandle worker1 = MH_strcat;
+ * MethodHandle worker2 = MethodHandles.permuteArguments(MH_strcat, MH_strcat.type(), 1, 0);
+ * MethodHandle worker = spt.guardWithTest(worker1, worker2);
+ * assertEquals("method", (String) worker.invokeExact("met", "hod"));
+ * SwitchPoint.invalidateAll(new SwitchPoint[]{ spt });
+ * assert(spt.hasBeenInvalidated());
+ * assertEquals("hodmet", (String) worker.invokeExact("met", "hod"));
+ * }</pre>
  * <p style="font-size:smaller;">
  * <em>Discussion:</em>
  * Switch points are useful without subclassing.  They may also be subclassed.
@@ -82,31 +82,31 @@
  * <em>Implementation Note:</em>
  * A switch point behaves as if implemented on top of {@link MutableCallSite},
  * approximately as follows:
- * <blockquote><pre>{@code
-public class SwitchPoint {
-  private static final MethodHandle
-    K_true  = MethodHandles.constant(boolean.class, true),
-    K_false = MethodHandles.constant(boolean.class, false);
-  private final MutableCallSite mcs;
-  private final MethodHandle mcsInvoker;
-  public SwitchPoint() {
-    this.mcs = new MutableCallSite(K_true);
-    this.mcsInvoker = mcs.dynamicInvoker();
-  }
-  public MethodHandle guardWithTest(
-                MethodHandle target, MethodHandle fallback) {
-    // Note:  mcsInvoker is of type ()boolean.
-    // Target and fallback may take any arguments, but must have the same type.
-    return MethodHandles.guardWithTest(this.mcsInvoker, target, fallback);
-  }
-  public static void invalidateAll(SwitchPoint[] spts) {
-    List&lt;MutableCallSite&gt; mcss = new ArrayList&lt;&gt;();
-    for (SwitchPoint spt : spts)  mcss.add(spt.mcs);
-    for (MutableCallSite mcs : mcss)  mcs.setTarget(K_false);
-    MutableCallSite.syncAll(mcss.toArray(new MutableCallSite[0]));
-  }
-}
- * }</pre></blockquote>
+ * <pre>{@code
+ * public class SwitchPoint {
+ *     private static final MethodHandle
+ *         K_true  = MethodHandles.constant(boolean.class, true),
+ *         K_false = MethodHandles.constant(boolean.class, false);
+ *     private final MutableCallSite mcs;
+ *     private final MethodHandle mcsInvoker;
+ *     public SwitchPoint() {
+ *         this.mcs = new MutableCallSite(K_true);
+ *         this.mcsInvoker = mcs.dynamicInvoker();
+ *     }
+ *     public MethodHandle guardWithTest(
+ *             MethodHandle target, MethodHandle fallback) {
+ *         // Note:  mcsInvoker is of type ()boolean.
+ *         // Target and fallback may take any arguments, but must have the same type.
+ *         return MethodHandles.guardWithTest(this.mcsInvoker, target, fallback);
+ *     }
+ *     public static void invalidateAll(SwitchPoint[] spts) {
+ *         List<MutableCallSite> mcss = new ArrayList<>();
+ *         for (SwitchPoint spt : spts)  mcss.add(spt.mcs);
+ *         for (MutableCallSite mcs : mcss)  mcs.setTarget(K_false);
+ *         MutableCallSite.syncAll(mcss.toArray(new MutableCallSite[0]));
+ *     }
+ * }
+ * }</pre>
  * @author Remi Forax, JSR 292 EG
  */
 public class SwitchPoint {
--- a/src/java.base/share/classes/java/lang/ref/ReferenceQueue.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/ref/ReferenceQueue.java	Tue Aug 25 14:32:08 2015 -0700
@@ -65,10 +65,13 @@
                 return false;
             }
             assert queue == this;
-            r.queue = ENQUEUED;
             r.next = (head == null) ? r : head;
             head = r;
             queueLength++;
+            // Update r.queue *after* adding to list, to avoid race
+            // with concurrent enqueued checks and fast-path poll().
+            // Volatiles ensure ordering.
+            r.queue = ENQUEUED;
             if (r instanceof FinalReference) {
                 sun.misc.VM.addFinalRefCount(1);
             }
@@ -80,10 +83,13 @@
     private Reference<? extends T> reallyPoll() {       /* Must hold lock */
         Reference<? extends T> r = head;
         if (r != null) {
+            r.queue = NULL;
+            // Update r.queue *before* removing from list, to avoid
+            // race with concurrent enqueued checks and fast-path
+            // poll().  Volatiles ensure ordering.
             @SuppressWarnings("unchecked")
             Reference<? extends T> rn = r.next;
             head = (rn == r) ? null : rn;
-            r.queue = NULL;
             r.next = r;
             queueLength--;
             if (r instanceof FinalReference) {
--- a/src/java.base/share/classes/java/lang/reflect/Method.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/reflect/Method.java	Tue Aug 25 14:32:08 2015 -0700
@@ -161,6 +161,21 @@
     }
 
     /**
+     * Make a copy of a leaf method.
+     */
+    Method leafCopy() {
+        if (this.root == null)
+            throw new IllegalArgumentException("Can only leafCopy a non-root Method");
+
+        Method res = new Method(clazz, name, parameterTypes, returnType,
+                exceptionTypes, modifiers, slot, signature,
+                annotations, parameterAnnotations, annotationDefault);
+        res.root = root;
+        res.methodAccessor = methodAccessor;
+        return res;
+    }
+
+    /**
      * Used by Excecutable for annotation sharing.
      */
     @Override
--- a/src/java.base/share/classes/java/lang/reflect/ReflectAccess.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/lang/reflect/ReflectAccess.java	Tue Aug 25 14:32:08 2015 -0700
@@ -139,6 +139,9 @@
     public Method      copyMethod(Method arg) {
         return arg.copy();
     }
+    public Method      leafCopyMethod(Method arg) {
+        return arg.leafCopy();
+    }
 
     public Field       copyField(Field arg) {
         return arg.copy();
--- a/src/java.base/share/classes/java/net/ContentHandler.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/net/ContentHandler.java	Tue Aug 25 14:32:08 2015 -0700
@@ -47,7 +47,7 @@
  * If no content handler could be {@linkplain URLConnection#getContent() found},
  * URLConnection will look for a content handler in a user-definable set of places.
  * Users can define a vertical-bar delimited set of class prefixes
- * to search through by defining the <i>{@value java.net.URLConnection#contentPathProp}</i>
+ * to search through by defining the <i>{@link java.net.URLConnection#contentPathProp}</i>
  * property. The class name must be of the form:
  * <blockquote>
  *     <i>{package-prefix}.{major}.{minor}</i>
--- a/src/java.base/share/classes/java/nio/Buffer.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/nio/Buffer.java	Tue Aug 25 14:32:08 2015 -0700
@@ -215,8 +215,8 @@
      * {@code put(src)} when the parameter is the {@code Buffer} on which the
      * method is being invoked.
      *
-     * @returns  IllegalArgumentException
-     *           With a message indicating equal source and target buffers
+     * @return  IllegalArgumentException
+     *          With a message indicating equal source and target buffers
      */
     static IllegalArgumentException createSameBufferException() {
         return new IllegalArgumentException("The source buffer is this buffer");
--- a/src/java.base/share/classes/java/security/KeyStoreSpi.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/security/KeyStoreSpi.java	Tue Aug 25 14:32:08 2015 -0700
@@ -618,9 +618,12 @@
      * @throws IOException if there is an I/O problem with the keystore data.
      * @throws NullPointerException if stream is {@code null}.
      *
-     * @since 1.9
+     * @since 9
      */
     public boolean engineProbe(InputStream stream) throws IOException {
+        if (stream == null) {
+            throw new NullPointerException("input stream must not be null");
+        }
         return false;
     }
 }
--- a/src/java.base/share/classes/java/time/chrono/ChronoLocalDate.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/java/time/chrono/ChronoLocalDate.java	Tue Aug 25 14:32:08 2015 -0700
@@ -715,7 +715,7 @@
      * only compares the underlying date and not the chronology.
      * This allows dates in different calendar systems to be compared based
      * on the time-line position.
-     * This is equivalent to using {@code date1.toEpochDay() &gt; date2.toEpochDay()}.
+     * This is equivalent to using {@code date1.toEpochDay() > date2.toEpochDay()}.
      * <p>
      * This default implementation performs the comparison based on the epoch-day.
      *
@@ -733,7 +733,7 @@
      * only compares the underlying date and not the chronology.
      * This allows dates in different calendar systems to be compared based
      * on the time-line position.
-     * This is equivalent to using {@code date1.toEpochDay() &lt; date2.toEpochDay()}.
+     * This is equivalent to using {@code date1.toEpochDay() < date2.toEpochDay()}.
      * <p>
      * This default implementation performs the comparison based on the epoch-day.
      *
--- a/src/java.base/share/classes/javax/crypto/Cipher.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/javax/crypto/Cipher.java	Tue Aug 25 14:32:08 2015 -0700
@@ -52,7 +52,7 @@
  * Extension (JCE) framework.
  *
  * <p>In order to create a Cipher object, the application calls the
- * Cipher's <code>getInstance</code> method, and passes the name of the
+ * Cipher's {@code getInstance} method, and passes the name of the
  * requested <i>transformation</i> to it. Optionally, the name of a provider
  * may be specified.
  *
@@ -78,12 +78,12 @@
  *     Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>");
  * </pre>
  *
- * Using modes such as <code>CFB</code> and <code>OFB</code>, block
+ * Using modes such as {@code CFB} and {@code OFB}, block
  * ciphers can encrypt data in units smaller than the cipher's actual
  * block size.  When requesting such a mode, you may optionally specify
  * the number of bits to be processed at a time by appending this number
- * to the mode name as shown in the "<code>DES/CFB8/NoPadding</code>" and
- * "<code>DES/OFB32/PKCS5Padding</code>" transformations. If no such
+ * to the mode name as shown in the "{@code DES/CFB8/NoPadding}" and
+ * "{@code DES/OFB32/PKCS5Padding}" transformations. If no such
  * number is specified, a provider-specific default is used. (For
  * example, the SunJCE provider uses a default of 64 bits for DES.)
  * Thus, block ciphers can be turned into byte-oriented stream ciphers by
@@ -101,8 +101,8 @@
  * AEAD modes such as GCM/CCM perform all AAD authenticity calculations
  * before starting the ciphertext authenticity calculations.  To avoid
  * implementations having to internally buffer ciphertext, all AAD data
- * must be supplied to GCM/CCM implementations (via the {@code
- * updateAAD} methods) <b>before</b> the ciphertext is processed (via
+ * must be supplied to GCM/CCM implementations (via the {@code updateAAD}
+ * methods) <b>before</b> the ciphertext is processed (via
  * the {@code update} and {@code doFinal} methods).
  * <p>
  * Note that GCM mode has a uniqueness requirement on IVs used in
@@ -130,24 +130,24 @@
  *
  * </pre>
  * Every implementation of the Java platform is required to support
- * the following standard <code>Cipher</code> transformations with the keysizes
+ * the following standard {@code Cipher} transformations with the keysizes
  * in parentheses:
  * <ul>
- * <li><tt>AES/CBC/NoPadding</tt> (128)</li>
- * <li><tt>AES/CBC/PKCS5Padding</tt> (128)</li>
- * <li><tt>AES/ECB/NoPadding</tt> (128)</li>
- * <li><tt>AES/ECB/PKCS5Padding</tt> (128)</li>
- * <li><tt>DES/CBC/NoPadding</tt> (56)</li>
- * <li><tt>DES/CBC/PKCS5Padding</tt> (56)</li>
- * <li><tt>DES/ECB/NoPadding</tt> (56)</li>
- * <li><tt>DES/ECB/PKCS5Padding</tt> (56)</li>
- * <li><tt>DESede/CBC/NoPadding</tt> (168)</li>
- * <li><tt>DESede/CBC/PKCS5Padding</tt> (168)</li>
- * <li><tt>DESede/ECB/NoPadding</tt> (168)</li>
- * <li><tt>DESede/ECB/PKCS5Padding</tt> (168)</li>
- * <li><tt>RSA/ECB/PKCS1Padding</tt> (1024, 2048)</li>
- * <li><tt>RSA/ECB/OAEPWithSHA-1AndMGF1Padding</tt> (1024, 2048)</li>
- * <li><tt>RSA/ECB/OAEPWithSHA-256AndMGF1Padding</tt> (1024, 2048)</li>
+ * <li>{@code AES/CBC/NoPadding} (128)</li>
+ * <li>{@code AES/CBC/PKCS5Padding} (128)</li>
+ * <li>{@code AES/ECB/NoPadding} (128)</li>
+ * <li>{@code AES/ECB/PKCS5Padding} (128)</li>
+ * <li>{@code DES/CBC/NoPadding} (56)</li>
+ * <li>{@code DES/CBC/PKCS5Padding} (56)</li>
+ * <li>{@code DES/ECB/NoPadding} (56)</li>
+ * <li>{@code DES/ECB/PKCS5Padding} (56)</li>
+ * <li>{@code DESede/CBC/NoPadding} (168)</li>
+ * <li>{@code DESede/CBC/PKCS5Padding} (168)</li>
+ * <li>{@code DESede/ECB/NoPadding} (168)</li>
+ * <li>{@code DESede/ECB/PKCS5Padding} (168)</li>
+ * <li>{@code RSA/ECB/PKCS1Padding} (1024, 2048)</li>
+ * <li>{@code RSA/ECB/OAEPWithSHA-1AndMGF1Padding} (1024, 2048)</li>
+ * <li>{@code RSA/ECB/OAEPWithSHA-256AndMGF1Padding} (1024, 2048)</li>
  * </ul>
  * These transformations are described in the
  * <a href="{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher">
@@ -466,7 +466,7 @@
     }
 
     /**
-     * Returns a <code>Cipher</code> object that implements the specified
+     * Returns a {@code Cipher} object that implements the specified
      * transformation.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -487,12 +487,12 @@
      *
      * @return a cipher that implements the requested transformation.
      *
-     * @exception NoSuchAlgorithmException if <code>transformation</code>
+     * @exception NoSuchAlgorithmException if {@code transformation}
      *          is null, empty, in an invalid format,
      *          or if no Provider supports a CipherSpi implementation for the
      *          specified algorithm.
      *
-     * @exception NoSuchPaddingException if <code>transformation</code>
+     * @exception NoSuchPaddingException if {@code transformation}
      *          contains a padding scheme that is not available.
      *
      * @see java.security.Provider
@@ -542,7 +542,7 @@
     }
 
     /**
-     * Returns a <code>Cipher</code> object that implements the specified
+     * Returns a {@code Cipher} object that implements the specified
      * transformation.
      *
      * <p> A new Cipher object encapsulating the
@@ -564,7 +564,7 @@
      *
      * @return a cipher that implements the requested transformation.
      *
-     * @exception NoSuchAlgorithmException if <code>transformation</code>
+     * @exception NoSuchAlgorithmException if {@code transformation}
      *          is null, empty, in an invalid format,
      *          or if a CipherSpi implementation for the specified algorithm
      *          is not available from the specified provider.
@@ -572,10 +572,10 @@
      * @exception NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception NoSuchPaddingException if <code>transformation</code>
+     * @exception NoSuchPaddingException if {@code transformation}
      *          contains a padding scheme that is not available.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null or empty.
      *
      * @see java.security.Provider
@@ -597,7 +597,7 @@
     }
 
     /**
-     * Returns a <code>Cipher</code> object that implements the specified
+     * Returns a {@code Cipher} object that implements the specified
      * transformation.
      *
      * <p> A new Cipher object encapsulating the
@@ -616,15 +616,15 @@
      *
      * @return a cipher that implements the requested transformation.
      *
-     * @exception NoSuchAlgorithmException if <code>transformation</code>
+     * @exception NoSuchAlgorithmException if {@code transformation}
      *          is null, empty, in an invalid format,
      *          or if a CipherSpi implementation for the specified algorithm
      *          is not available from the specified Provider object.
      *
-     * @exception NoSuchPaddingException if <code>transformation</code>
+     * @exception NoSuchPaddingException if {@code transformation}
      *          contains a padding scheme that is not available.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null.
      *
      * @see java.security.Provider
@@ -897,9 +897,9 @@
     }
 
     /**
-     * Returns the provider of this <code>Cipher</code> object.
+     * Returns the provider of this {@code Cipher} object.
      *
-     * @return the provider of this <code>Cipher</code> object
+     * @return the provider of this {@code Cipher} object
      */
     public final Provider getProvider() {
         chooseFirstProvider();
@@ -907,13 +907,13 @@
     }
 
     /**
-     * Returns the algorithm name of this <code>Cipher</code> object.
+     * Returns the algorithm name of this {@code Cipher} object.
      *
      * <p>This is the same name that was specified in one of the
-     * <code>getInstance</code> calls that created this <code>Cipher</code>
+     * {@code getInstance} calls that created this {@code Cipher}
      * object..
      *
-     * @return the algorithm name of this <code>Cipher</code> object.
+     * @return the algorithm name of this {@code Cipher} object.
      */
     public final String getAlgorithm() {
         return this.transformation;
@@ -932,15 +932,15 @@
 
     /**
      * Returns the length in bytes that an output buffer would need to be in
-     * order to hold the result of the next <code>update</code> or
-     * <code>doFinal</code> operation, given the input length
-     * <code>inputLen</code> (in bytes).
+     * order to hold the result of the next {@code update} or
+     * {@code doFinal} operation, given the input length
+     * {@code inputLen} (in bytes).
      *
      * <p>This call takes into account any unprocessed (buffered) data from a
-     * previous <code>update</code> call, padding, and AEAD tagging.
+     * previous {@code update} call, padding, and AEAD tagging.
      *
-     * <p>The actual output length of the next <code>update</code> or
-     * <code>doFinal</code> call may be smaller than the length returned by
+     * <p>The actual output length of the next {@code update} or
+     * {@code doFinal} call may be smaller than the length returned by
      * this method.
      *
      * @param inputLen the input length (in bytes)
@@ -1135,14 +1135,14 @@
      *
      * <p>The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping or key unwrapping, depending
-     * on the value of <code>opmode</code>.
+     * on the value of {@code opmode}.
      *
      * <p>If this cipher requires any algorithm parameters that cannot be
-     * derived from the given <code>key</code>, the underlying cipher
+     * derived from the given {@code key}, the underlying cipher
      * implementation is supposed to generate the required parameters itself
      * (using provider-specific default or random values) if it is being
      * initialized for encryption or key wrapping, and raise an
-     * <code>InvalidKeyException</code> if it is being
+     * {@code InvalidKeyException} if it is being
      * initialized for decryption or key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1168,8 +1168,8 @@
      *
      * @param opmode the operation mode of this cipher (this is one of
      * the following:
-     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
-     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
+     * {@code WRAP_MODE} or {@code UNWRAP_MODE})
      * @param key the key
      *
      * @exception InvalidKeyException if the given key is inappropriate for
@@ -1191,14 +1191,14 @@
      *
      * <p>The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping or  key unwrapping, depending
-     * on the value of <code>opmode</code>.
+     * on the value of {@code opmode}.
      *
      * <p>If this cipher requires any algorithm parameters that cannot be
-     * derived from the given <code>key</code>, the underlying cipher
+     * derived from the given {@code key}, the underlying cipher
      * implementation is supposed to generate the required parameters itself
      * (using provider-specific default or random values) if it is being
      * initialized for encryption or key wrapping, and raise an
-     * <code>InvalidKeyException</code> if it is being
+     * {@code InvalidKeyException} if it is being
      * initialized for decryption or key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1211,7 +1211,7 @@
      *
      * <p>If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
-     * them from <code>random</code>.
+     * them from {@code random}.
      *
      * <p>Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
@@ -1220,8 +1220,8 @@
      *
      * @param opmode the operation mode of this cipher (this is one of the
      * following:
-     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
-     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
+     * {@code WRAP_MODE} or {@code UNWRAP_MODE})
      * @param key the encryption key
      * @param random the source of randomness
      *
@@ -1269,14 +1269,14 @@
      *
      * <p>The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping or  key unwrapping, depending
-     * on the value of <code>opmode</code>.
+     * on the value of {@code opmode}.
      *
      * <p>If this cipher requires any algorithm parameters and
-     * <code>params</code> is null, the underlying cipher implementation is
+     * {@code params} is null, the underlying cipher implementation is
      * supposed to generate the required parameters itself (using
      * provider-specific default or random values) if it is being
      * initialized for encryption or key wrapping, and raise an
-     * <code>InvalidAlgorithmParameterException</code> if it is being
+     * {@code InvalidAlgorithmParameterException} if it is being
      * initialized for decryption or key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1302,8 +1302,8 @@
      *
      * @param opmode the operation mode of this cipher (this is one of the
      * following:
-     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
-     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
+     * {@code WRAP_MODE} or {@code UNWRAP_MODE})
      * @param key the encryption key
      * @param params the algorithm parameters
      *
@@ -1313,7 +1313,7 @@
      * @exception InvalidAlgorithmParameterException if the given algorithm
      * parameters are inappropriate for this cipher,
      * or this cipher requires
-     * algorithm parameters and <code>params</code> is null, or the given
+     * algorithm parameters and {@code params} is null, or the given
      * algorithm parameters imply a cryptographic strength that would exceed
      * the legal limits (as determined from the configured jurisdiction
      * policy files).
@@ -1333,14 +1333,14 @@
      *
      * <p>The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping or  key unwrapping, depending
-     * on the value of <code>opmode</code>.
+     * on the value of {@code opmode}.
      *
      * <p>If this cipher requires any algorithm parameters and
-     * <code>params</code> is null, the underlying cipher implementation is
+     * {@code params} is null, the underlying cipher implementation is
      * supposed to generate the required parameters itself (using
      * provider-specific default or random values) if it is being
      * initialized for encryption or key wrapping, and raise an
-     * <code>InvalidAlgorithmParameterException</code> if it is being
+     * {@code InvalidAlgorithmParameterException} if it is being
      * initialized for decryption or key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1353,7 +1353,7 @@
      *
      * <p>If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
-     * them from <code>random</code>.
+     * them from {@code random}.
      *
      * <p>Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
@@ -1362,8 +1362,8 @@
      *
      * @param opmode the operation mode of this cipher (this is one of the
      * following:
-     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
-     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
+     * {@code WRAP_MODE} or {@code UNWRAP_MODE})
      * @param key the encryption key
      * @param params the algorithm parameters
      * @param random the source of randomness
@@ -1374,7 +1374,7 @@
      * @exception InvalidAlgorithmParameterException if the given algorithm
      * parameters are inappropriate for this cipher,
      * or this cipher requires
-     * algorithm parameters and <code>params</code> is null, or the given
+     * algorithm parameters and {@code params} is null, or the given
      * algorithm parameters imply a cryptographic strength that would exceed
      * the legal limits (as determined from the configured jurisdiction
      * policy files).
@@ -1412,14 +1412,14 @@
      *
      * <p>The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping or  key unwrapping, depending
-     * on the value of <code>opmode</code>.
+     * on the value of {@code opmode}.
      *
      * <p>If this cipher requires any algorithm parameters and
-     * <code>params</code> is null, the underlying cipher implementation is
+     * {@code params} is null, the underlying cipher implementation is
      * supposed to generate the required parameters itself (using
      * provider-specific default or random values) if it is being
      * initialized for encryption or key wrapping, and raise an
-     * <code>InvalidAlgorithmParameterException</code> if it is being
+     * {@code InvalidAlgorithmParameterException} if it is being
      * initialized for decryption or key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1444,9 +1444,9 @@
      * it.
      *
      * @param opmode the operation mode of this cipher (this is one of the
-     * following: <code>ENCRYPT_MODE</code>,
-     * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code>
-     * or <code>UNWRAP_MODE</code>)
+     * following: {@code ENCRYPT_MODE},
+     * {@code DECRYPT_MODE}, {@code WRAP_MODE}
+     * or {@code UNWRAP_MODE})
      * @param key the encryption key
      * @param params the algorithm parameters
      *
@@ -1456,7 +1456,7 @@
      * @exception InvalidAlgorithmParameterException if the given algorithm
      * parameters are inappropriate for this cipher,
      * or this cipher requires
-     * algorithm parameters and <code>params</code> is null, or the given
+     * algorithm parameters and {@code params} is null, or the given
      * algorithm parameters imply a cryptographic strength that would exceed
      * the legal limits (as determined from the configured jurisdiction
      * policy files).
@@ -1476,14 +1476,14 @@
      *
      * <p>The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping or  key unwrapping, depending
-     * on the value of <code>opmode</code>.
+     * on the value of {@code opmode}.
      *
      * <p>If this cipher requires any algorithm parameters and
-     * <code>params</code> is null, the underlying cipher implementation is
+     * {@code params} is null, the underlying cipher implementation is
      * supposed to generate the required parameters itself (using
      * provider-specific default or random values) if it is being
      * initialized for encryption or key wrapping, and raise an
-     * <code>InvalidAlgorithmParameterException</code> if it is being
+     * {@code InvalidAlgorithmParameterException} if it is being
      * initialized for decryption or key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1496,7 +1496,7 @@
      *
      * <p>If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
-     * them from <code>random</code>.
+     * them from {@code random}.
      *
      * <p>Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
@@ -1504,9 +1504,9 @@
      * it.
      *
      * @param opmode the operation mode of this cipher (this is one of the
-     * following: <code>ENCRYPT_MODE</code>,
-     * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code>
-     * or <code>UNWRAP_MODE</code>)
+     * following: {@code ENCRYPT_MODE},
+     * {@code DECRYPT_MODE}, {@code WRAP_MODE}
+     * or {@code UNWRAP_MODE})
      * @param key the encryption key
      * @param params the algorithm parameters
      * @param random the source of randomness
@@ -1517,7 +1517,7 @@
      * @exception InvalidAlgorithmParameterException if the given algorithm
      * parameters are inappropriate for this cipher,
      * or this cipher requires
-     * algorithm parameters and <code>params</code> is null, or the given
+     * algorithm parameters and {@code params} is null, or the given
      * algorithm parameters imply a cryptographic strength that would exceed
      * the legal limits (as determined from the configured jurisdiction
      * policy files).
@@ -1553,15 +1553,15 @@
      * Initializes this cipher with the public key from the given certificate.
      * <p> The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping or  key unwrapping, depending
-     * on the value of <code>opmode</code>.
+     * on the value of {@code opmode}.
      *
      * <p>If the certificate is of type X.509 and has a <i>key usage</i>
      * extension field marked as critical, and the value of the <i>key usage</i>
      * extension field implies that the public key in
      * the certificate and its corresponding private key are not
      * supposed to be used for the operation represented by the value
-     * of <code>opmode</code>,
-     * an <code>InvalidKeyException</code>
+     * of {@code opmode},
+     * an {@code InvalidKeyException}
      * is thrown.
      *
      * <p> If this cipher requires any algorithm parameters that cannot be
@@ -1569,8 +1569,8 @@
      * cipher
      * implementation is supposed to generate the required parameters itself
      * (using provider-specific default or random values) if it is being
-     * initialized for encryption or key wrapping, and raise an <code>
-     * InvalidKeyException</code> if it is being initialized for decryption or
+     * initialized for encryption or key wrapping, and raise an
+     * {@code InvalidKeyException} if it is being initialized for decryption or
      * key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1584,7 +1584,7 @@
      * <p>If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
      * them using the
-     * <code>SecureRandom</code>
+     * {@code SecureRandom}
      * implementation of the highest-priority
      * installed provider as the source of randomness.
      * (If none of the installed providers supply an implementation of
@@ -1597,8 +1597,8 @@
      *
      * @param opmode the operation mode of this cipher (this is one of the
      * following:
-     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
-     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
+     * {@code WRAP_MODE} or {@code UNWRAP_MODE})
      * @param certificate the certificate
      *
      * @exception InvalidKeyException if the public key in the given
@@ -1626,24 +1626,24 @@
      * <p>The cipher is initialized for one of the following four operations:
      * encryption, decryption, key wrapping
      * or key unwrapping, depending on
-     * the value of <code>opmode</code>.
+     * the value of {@code opmode}.
      *
      * <p>If the certificate is of type X.509 and has a <i>key usage</i>
      * extension field marked as critical, and the value of the <i>key usage</i>
      * extension field implies that the public key in
      * the certificate and its corresponding private key are not
      * supposed to be used for the operation represented by the value of
-     * <code>opmode</code>,
-     * an <code>InvalidKeyException</code>
+     * {@code opmode},
+     * an {@code InvalidKeyException}
      * is thrown.
      *
      * <p>If this cipher requires any algorithm parameters that cannot be
-     * derived from the public key in the given <code>certificate</code>,
+     * derived from the public key in the given {@code certificate},
      * the underlying cipher
      * implementation is supposed to generate the required parameters itself
      * (using provider-specific default or random values) if it is being
      * initialized for encryption or key wrapping, and raise an
-     * <code>InvalidKeyException</code> if it is being
+     * {@code InvalidKeyException} if it is being
      * initialized for decryption or key unwrapping.
      * The generated parameters can be retrieved using
      * {@link #getParameters() getParameters} or
@@ -1656,7 +1656,7 @@
      *
      * <p>If this cipher (including its underlying feedback or padding scheme)
      * requires any random bytes (e.g., for parameter generation), it will get
-     * them from <code>random</code>.
+     * them from {@code random}.
      *
      * <p>Note that when a Cipher object is initialized, it loses all
      * previously-acquired state. In other words, initializing a Cipher is
@@ -1665,8 +1665,8 @@
      *
      * @param opmode the operation mode of this cipher (this is one of the
      * following:
-     * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
-     * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
+     * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
+     * {@code WRAP_MODE} or {@code UNWRAP_MODE})
      * @param certificate the certificate
      * @param random the source of randomness
      *
@@ -1762,11 +1762,11 @@
      * (depending on how this cipher was initialized), processing another data
      * part.
      *
-     * <p>The bytes in the <code>input</code> buffer are processed, and the
+     * <p>The bytes in the {@code input} buffer are processed, and the
      * result is stored in a new buffer.
      *
-     * <p>If <code>input</code> has a length of zero, this method returns
-     * <code>null</code>.
+     * <p>If {@code input} has a length of zero, this method returns
+     * {@code null}.
      *
      * @param input the input buffer
      *
@@ -1797,15 +1797,15 @@
      * (depending on how this cipher was initialized), processing another data
      * part.
      *
-     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
-     * buffer, starting at <code>inputOffset</code> inclusive, are processed,
+     * <p>The first {@code inputLen} bytes in the {@code input}
+     * buffer, starting at {@code inputOffset} inclusive, are processed,
      * and the result is stored in a new buffer.
      *
-     * <p>If <code>inputLen</code> is zero, this method returns
-     * <code>null</code>.
+     * <p>If {@code inputLen} is zero, this method returns
+     * {@code null}.
      *
      * @param input the input buffer
-     * @param inputOffset the offset in <code>input</code> where the input
+     * @param inputOffset the offset in {@code input} where the input
      * starts
      * @param inputLen the input length
      *
@@ -1837,31 +1837,31 @@
      * (depending on how this cipher was initialized), processing another data
      * part.
      *
-     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
-     * buffer, starting at <code>inputOffset</code> inclusive, are processed,
-     * and the result is stored in the <code>output</code> buffer.
+     * <p>The first {@code inputLen} bytes in the {@code input}
+     * buffer, starting at {@code inputOffset} inclusive, are processed,
+     * and the result is stored in the {@code output} buffer.
      *
-     * <p>If the <code>output</code> buffer is too small to hold the result,
-     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
+     * <p>If the {@code output} buffer is too small to hold the result,
+     * a {@code ShortBufferException} is thrown. In this case, repeat this
      * call with a larger output buffer. Use
      * {@link #getOutputSize(int) getOutputSize} to determine how big
      * the output buffer should be.
      *
-     * <p>If <code>inputLen</code> is zero, this method returns
+     * <p>If {@code inputLen} is zero, this method returns
      * a length of zero.
      *
      * <p>Note: this method should be copy-safe, which means the
-     * <code>input</code> and <code>output</code> buffers can reference
+     * {@code input} and {@code output} buffers can reference
      * the same byte array and no unprocessed input data is overwritten
      * when the result is copied into the output buffer.
      *
      * @param input the input buffer
-     * @param inputOffset the offset in <code>input</code> where the input
+     * @param inputOffset the offset in {@code input} where the input
      * starts
      * @param inputLen the input length
      * @param output the buffer for the result
      *
-     * @return the number of bytes stored in <code>output</code>
+     * @return the number of bytes stored in {@code output}
      *
      * @exception IllegalStateException if this cipher is in a wrong state
      * (e.g., has not been initialized)
@@ -1892,34 +1892,34 @@
      * (depending on how this cipher was initialized), processing another data
      * part.
      *
-     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
-     * buffer, starting at <code>inputOffset</code> inclusive, are processed,
-     * and the result is stored in the <code>output</code> buffer, starting at
-     * <code>outputOffset</code> inclusive.
+     * <p>The first {@code inputLen} bytes in the {@code input}
+     * buffer, starting at {@code inputOffset} inclusive, are processed,
+     * and the result is stored in the {@code output} buffer, starting at
+     * {@code outputOffset} inclusive.
      *
-     * <p>If the <code>output</code> buffer is too small to hold the result,
-     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
+     * <p>If the {@code output} buffer is too small to hold the result,
+     * a {@code ShortBufferException} is thrown. In this case, repeat this
      * call with a larger output buffer. Use
      * {@link #getOutputSize(int) getOutputSize} to determine how big
      * the output buffer should be.
      *
-     * <p>If <code>inputLen</code> is zero, this method returns
+     * <p>If {@code inputLen} is zero, this method returns
      * a length of zero.
      *
      * <p>Note: this method should be copy-safe, which means the
-     * <code>input</code> and <code>output</code> buffers can reference
+     * {@code input} and {@code output} buffers can reference
      * the same byte array and no unprocessed input data is overwritten
      * when the result is copied into the output buffer.
      *
      * @param input the input buffer
-     * @param inputOffset the offset in <code>input</code> where the input
+     * @param inputOffset the offset in {@code input} where the input
      * starts
      * @param inputLen the input length
      * @param output the buffer for the result
-     * @param outputOffset the offset in <code>output</code> where the result
+     * @param outputOffset the offset in {@code output} where the result
      * is stored
      *
-     * @return the number of bytes stored in <code>output</code>
+     * @return the number of bytes stored in {@code output}
      *
      * @exception IllegalStateException if this cipher is in a wrong state
      * (e.g., has not been initialized)
@@ -1951,29 +1951,29 @@
      * (depending on how this cipher was initialized), processing another data
      * part.
      *
-     * <p>All <code>input.remaining()</code> bytes starting at
-     * <code>input.position()</code> are processed. The result is stored
+     * <p>All {@code input.remaining()} bytes starting at
+     * {@code input.position()} are processed. The result is stored
      * in the output buffer.
      * Upon return, the input buffer's position will be equal
      * to its limit; its limit will not have changed. The output buffer's
      * position will have advanced by n, where n is the value returned
      * by this method; the output buffer's limit will not have changed.
      *
-     * <p>If <code>output.remaining()</code> bytes are insufficient to
-     * hold the result, a <code>ShortBufferException</code> is thrown.
+     * <p>If {@code output.remaining()} bytes are insufficient to
+     * hold the result, a {@code ShortBufferException} is thrown.
      * In this case, repeat this call with a larger output buffer. Use
      * {@link #getOutputSize(int) getOutputSize} to determine how big
      * the output buffer should be.
      *
      * <p>Note: this method should be copy-safe, which means the
-     * <code>input</code> and <code>output</code> buffers can reference
+     * {@code input} and {@code output} buffers can reference
      * the same block of memory and no unprocessed input data is overwritten
      * when the result is copied into the output buffer.
      *
      * @param input the input ByteBuffer
      * @param output the output ByteByffer
      *
-     * @return the number of bytes stored in <code>output</code>
+     * @return the number of bytes stored in {@code output}
      *
      * @exception IllegalStateException if this cipher is in a wrong state
      * (e.g., has not been initialized)
@@ -2008,7 +2008,7 @@
      * on how this cipher was initialized.
      *
      * <p>Input data that may have been buffered during a previous
-     * <code>update</code> operation is processed, with padding (if requested)
+     * {@code update} operation is processed, with padding (if requested)
      * being applied.
      * If an AEAD mode such as GCM/CCM is being used, the authentication
      * tag is appended in the case of encryption, or verified in the
@@ -2016,10 +2016,10 @@
      * The result is stored in a new buffer.
      *
      * <p>Upon finishing, this method resets this cipher object to the state
-     * it was in when previously initialized via a call to <code>init</code>.
+     * it was in when previously initialized via a call to {@code init}.
      * That is, the object is reset and available to encrypt or decrypt
      * (depending on the operation mode that was specified in the call to
-     * <code>init</code>) more data.
+     * {@code init}) more data.
      *
      * <p>Note: if any exception is thrown, this cipher object may need to
      * be reset before it can be used again.
@@ -2053,34 +2053,34 @@
      * on how this cipher was initialized.
      *
      * <p>Input data that may have been buffered during a previous
-     * <code>update</code> operation is processed, with padding (if requested)
+     * {@code update} operation is processed, with padding (if requested)
      * being applied.
      * If an AEAD mode such as GCM/CCM is being used, the authentication
      * tag is appended in the case of encryption, or verified in the
      * case of decryption.
-     * The result is stored in the <code>output</code> buffer, starting at
-     * <code>outputOffset</code> inclusive.
+     * The result is stored in the {@code output} buffer, starting at
+     * {@code outputOffset} inclusive.
      *
-     * <p>If the <code>output</code> buffer is too small to hold the result,
-     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
+     * <p>If the {@code output} buffer is too small to hold the result,
+     * a {@code ShortBufferException} is thrown. In this case, repeat this
      * call with a larger output buffer. Use
      * {@link #getOutputSize(int) getOutputSize} to determine how big
      * the output buffer should be.
      *
      * <p>Upon finishing, this method resets this cipher object to the state
-     * it was in when previously initialized via a call to <code>init</code>.
+     * it was in when previously initialized via a call to {@code init}.
      * That is, the object is reset and available to encrypt or decrypt
      * (depending on the operation mode that was specified in the call to
-     * <code>init</code>) more data.
+     * {@code init}) more data.
      *
      * <p>Note: if any exception is thrown, this cipher object may need to
      * be reset before it can be used again.
      *
      * @param output the buffer for the result
-     * @param outputOffset the offset in <code>output</code> where the result
+     * @param outputOffset the offset in {@code output} where the result
      * is stored
      *
-     * @return the number of bytes stored in <code>output</code>
+     * @return the number of bytes stored in {@code output}
      *
      * @exception IllegalStateException if this cipher is in a wrong state
      * (e.g., has not been initialized)
@@ -2117,8 +2117,8 @@
      * multiple-part operation. The data is encrypted or decrypted,
      * depending on how this cipher was initialized.
      *
-     * <p>The bytes in the <code>input</code> buffer, and any input bytes that
-     * may have been buffered during a previous <code>update</code> operation,
+     * <p>The bytes in the {@code input} buffer, and any input bytes that
+     * may have been buffered during a previous {@code update} operation,
      * are processed, with padding (if requested) being applied.
      * If an AEAD mode such as GCM/CCM is being used, the authentication
      * tag is appended in the case of encryption, or verified in the
@@ -2126,10 +2126,10 @@
      * The result is stored in a new buffer.
      *
      * <p>Upon finishing, this method resets this cipher object to the state
-     * it was in when previously initialized via a call to <code>init</code>.
+     * it was in when previously initialized via a call to {@code init}.
      * That is, the object is reset and available to encrypt or decrypt
      * (depending on the operation mode that was specified in the call to
-     * <code>init</code>) more data.
+     * {@code init}) more data.
      *
      * <p>Note: if any exception is thrown, this cipher object may need to
      * be reset before it can be used again.
@@ -2170,9 +2170,9 @@
      * multiple-part operation. The data is encrypted or decrypted,
      * depending on how this cipher was initialized.
      *
-     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
-     * buffer, starting at <code>inputOffset</code> inclusive, and any input
-     * bytes that may have been buffered during a previous <code>update</code>
+     * <p>The first {@code inputLen} bytes in the {@code input}
+     * buffer, starting at {@code inputOffset} inclusive, and any input
+     * bytes that may have been buffered during a previous {@code update}
      * operation, are processed, with padding (if requested) being applied.
      * If an AEAD mode such as GCM/CCM is being used, the authentication
      * tag is appended in the case of encryption, or verified in the
@@ -2180,16 +2180,16 @@
      * The result is stored in a new buffer.
      *
      * <p>Upon finishing, this method resets this cipher object to the state
-     * it was in when previously initialized via a call to <code>init</code>.
+     * it was in when previously initialized via a call to {@code init}.
      * That is, the object is reset and available to encrypt or decrypt
      * (depending on the operation mode that was specified in the call to
-     * <code>init</code>) more data.
+     * {@code init}) more data.
      *
      * <p>Note: if any exception is thrown, this cipher object may need to
      * be reset before it can be used again.
      *
      * @param input the input buffer
-     * @param inputOffset the offset in <code>input</code> where the input
+     * @param inputOffset the offset in {@code input} where the input
      * starts
      * @param inputLen the input length
      *
@@ -2228,42 +2228,42 @@
      * multiple-part operation. The data is encrypted or decrypted,
      * depending on how this cipher was initialized.
      *
-     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
-     * buffer, starting at <code>inputOffset</code> inclusive, and any input
-     * bytes that may have been buffered during a previous <code>update</code>
+     * <p>The first {@code inputLen} bytes in the {@code input}
+     * buffer, starting at {@code inputOffset} inclusive, and any input
+     * bytes that may have been buffered during a previous {@code update}
      * operation, are processed, with padding (if requested) being applied.
      * If an AEAD mode such as GCM/CCM is being used, the authentication
      * tag is appended in the case of encryption, or verified in the
      * case of decryption.
-     * The result is stored in the <code>output</code> buffer.
+     * The result is stored in the {@code output} buffer.
      *
-     * <p>If the <code>output</code> buffer is too small to hold the result,
-     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
+     * <p>If the {@code output} buffer is too small to hold the result,
+     * a {@code ShortBufferException} is thrown. In this case, repeat this
      * call with a larger output buffer. Use
      * {@link #getOutputSize(int) getOutputSize} to determine how big
      * the output buffer should be.
      *
      * <p>Upon finishing, this method resets this cipher object to the state
-     * it was in when previously initialized via a call to <code>init</code>.
+     * it was in when previously initialized via a call to {@code init}.
      * That is, the object is reset and available to encrypt or decrypt
      * (depending on the operation mode that was specified in the call to
-     * <code>init</code>) more data.
+     * {@code init}) more data.
      *
      * <p>Note: if any exception is thrown, this cipher object may need to
      * be reset before it can be used again.
      *
      * <p>Note: this method should be copy-safe, which means the
-     * <code>input</code> and <code>output</code> buffers can reference
+     * {@code input} and {@code output} buffers can reference
      * the same byte array and no unprocessed input data is overwritten
      * when the result is copied into the output buffer.
      *
      * @param input the input buffer
-     * @param inputOffset the offset in <code>input</code> where the input
+     * @param inputOffset the offset in {@code input} where the input
      * starts
      * @param inputLen the input length
      * @param output the buffer for the result
      *
-     * @return the number of bytes stored in <code>output</code>
+     * @return the number of bytes stored in {@code output}
      *
      * @exception IllegalStateException if this cipher is in a wrong state
      * (e.g., has not been initialized)
@@ -2303,46 +2303,46 @@
      * multiple-part operation. The data is encrypted or decrypted,
      * depending on how this cipher was initialized.
      *
-     * <p>The first <code>inputLen</code> bytes in the <code>input</code>
-     * buffer, starting at <code>inputOffset</code> inclusive, and any input
+     * <p>The first {@code inputLen} bytes in the {@code input}
+     * buffer, starting at {@code inputOffset} inclusive, and any input
      * bytes that may have been buffered during a previous
-     * <code>update</code> operation, are processed, with padding
+     * {@code update} operation, are processed, with padding
      * (if requested) being applied.
      * If an AEAD mode such as GCM/CCM is being used, the authentication
      * tag is appended in the case of encryption, or verified in the
      * case of decryption.
-     * The result is stored in the <code>output</code> buffer, starting at
-     * <code>outputOffset</code> inclusive.
+     * The result is stored in the {@code output} buffer, starting at
+     * {@code outputOffset} inclusive.
      *
-     * <p>If the <code>output</code> buffer is too small to hold the result,
-     * a <code>ShortBufferException</code> is thrown. In this case, repeat this
+     * <p>If the {@code output} buffer is too small to hold the result,
+     * a {@code ShortBufferException} is thrown. In this case, repeat this
      * call with a larger output buffer. Use
      * {@link #getOutputSize(int) getOutputSize} to determine how big
      * the output buffer should be.
      *
      * <p>Upon finishing, this method resets this cipher object to the state
-     * it was in when previously initialized via a call to <code>init</code>.
+     * it was in when previously initialized via a call to {@code init}.
      * That is, the object is reset and available to encrypt or decrypt
      * (depending on the operation mode that was specified in the call to
-     * <code>init</code>) more data.
+     * {@code init}) more data.
      *
      * <p>Note: if any exception is thrown, this cipher object may need to
      * be reset before it can be used again.
      *
      * <p>Note: this method should be copy-safe, which means the
-     * <code>input</code> and <code>output</code> buffers can reference
+     * {@code input} and {@code output} buffers can reference
      * the same byte array and no unprocessed input data is overwritten
      * when the result is copied into the output buffer.
      *
      * @param input the input buffer
-     * @param inputOffset the offset in <code>input</code> where the input
+     * @param inputOffset the offset in {@code input} where the input
      * starts
      * @param inputLen the input length
      * @param output the buffer for the result
-     * @param outputOffset the offset in <code>output</code> where the result
+     * @param outputOffset the offset in {@code output} where the result
      * is stored
      *
-     * @return the number of bytes stored in <code>output</code>
+     * @return the number of bytes stored in {@code output}
      *
      * @exception IllegalStateException if this cipher is in a wrong state
      * (e.g., has not been initialized)
@@ -2383,8 +2383,8 @@
      * multiple-part operation. The data is encrypted or decrypted,
      * depending on how this cipher was initialized.
      *
-     * <p>All <code>input.remaining()</code> bytes starting at
-     * <code>input.position()</code> are processed.
+     * <p>All {@code input.remaining()} bytes starting at
+     * {@code input.position()} are processed.
      * If an AEAD mode such as GCM/CCM is being used, the authentication
      * tag is appended in the case of encryption, or verified in the
      * case of decryption.
@@ -2394,30 +2394,30 @@
      * position will have advanced by n, where n is the value returned
      * by this method; the output buffer's limit will not have changed.
      *
-     * <p>If <code>output.remaining()</code> bytes are insufficient to
-     * hold the result, a <code>ShortBufferException</code> is thrown.
+     * <p>If {@code output.remaining()} bytes are insufficient to
+     * hold the result, a {@code ShortBufferException} is thrown.
      * In this case, repeat this call with a larger output buffer. Use
      * {@link #getOutputSize(int) getOutputSize} to determine how big
      * the output buffer should be.
      *
      * <p>Upon finishing, this method resets this cipher object to the state
-     * it was in when previously initialized via a call to <code>init</code>.
+     * it was in when previously initialized via a call to {@code init}.
      * That is, the object is reset and available to encrypt or decrypt
      * (depending on the operation mode that was specified in the call to
-     * <code>init</code>) more data.
+     * {@code init}) more data.
      *
      * <p>Note: if any exception is thrown, this cipher object may need to
      * be reset before it can be used again.
      *
      * <p>Note: this method should be copy-safe, which means the
-     * <code>input</code> and <code>output</code> buffers can reference
+     * {@code input} and {@code output} buffers can reference
      * the same byte array and no unprocessed input data is overwritten
      * when the result is copied into the output buffer.
      *
      * @param input the input ByteBuffer
      * @param output the output ByteBuffer
      *
-     * @return the number of bytes stored in <code>output</code>
+     * @return the number of bytes stored in {@code output}
      *
      * @exception IllegalStateException if this cipher is in a wrong state
      * (e.g., has not been initialized)
@@ -2507,8 +2507,8 @@
      * key.
      *
      * @param wrappedKeyType the type of the wrapped key. This must be one of
-     * <code>SECRET_KEY</code>, <code>PRIVATE_KEY</code>, or
-     * <code>PUBLIC_KEY</code>.
+     * {@code SECRET_KEY}, {@code PRIVATE_KEY}, or
+     * {@code PUBLIC_KEY}.
      *
      * @return the unwrapped key.
      *
@@ -2516,12 +2516,12 @@
      * (e.g., has not been initialized).
      *
      * @exception NoSuchAlgorithmException if no installed providers
-     * can create keys of type <code>wrappedKeyType</code> for the
-     * <code>wrappedKeyAlgorithm</code>.
+     * can create keys of type {@code wrappedKeyType} for the
+     * {@code wrappedKeyAlgorithm}.
      *
-     * @exception InvalidKeyException if <code>wrappedKey</code> does not
-     * represent a wrapped key of type <code>wrappedKeyType</code> for
-     * the <code>wrappedKeyAlgorithm</code>.
+     * @exception InvalidKeyException if {@code wrappedKey} does not
+     * represent a wrapped key of type {@code wrappedKeyType} for
+     * the {@code wrappedKeyAlgorithm}.
      *
      * @throws UnsupportedOperationException if the corresponding method in the
      * {@code CipherSpi} is not supported.
@@ -2600,8 +2600,8 @@
      *
      * @param transformation the cipher transformation.
      * @return the maximum key length in bits or Integer.MAX_VALUE.
-     * @exception NullPointerException if <code>transformation</code> is null.
-     * @exception NoSuchAlgorithmException if <code>transformation</code>
+     * @exception NullPointerException if {@code transformation} is null.
+     * @exception NoSuchAlgorithmException if {@code transformation}
      * is not a valid transformation, i.e. in the form of "algorithm" or
      * "algorithm/mode/padding".
      * @since 1.5
@@ -2623,9 +2623,9 @@
      * @param transformation the cipher transformation.
      * @return an AlgorithmParameterSpec which holds the maximum
      * value or null.
-     * @exception NullPointerException if <code>transformation</code>
+     * @exception NullPointerException if {@code transformation}
      * is null.
-     * @exception NoSuchAlgorithmException if <code>transformation</code>
+     * @exception NoSuchAlgorithmException if {@code transformation}
      * is not a valid transformation, i.e. in the form of "algorithm" or
      * "algorithm/mode/padding".
      * @since 1.5
@@ -2643,8 +2643,8 @@
      * Calls to this method provide AAD to the cipher when operating in
      * modes such as AEAD (GCM/CCM).  If this cipher is operating in
      * either GCM or CCM mode, all AAD must be supplied before beginning
-     * operations on the ciphertext (via the {@code update} and {@code
-     * doFinal} methods).
+     * operations on the ciphertext (via the {@code update} and
+     * {@code doFinal} methods).
      *
      * @param src the buffer containing the Additional Authentication Data
      *
@@ -2676,8 +2676,8 @@
      * Calls to this method provide AAD to the cipher when operating in
      * modes such as AEAD (GCM/CCM).  If this cipher is operating in
      * either GCM or CCM mode, all AAD must be supplied before beginning
-     * operations on the ciphertext (via the {@code update} and {@code
-     * doFinal} methods).
+     * operations on the ciphertext (via the {@code update}
+     * and {@code doFinal} methods).
      *
      * @param src the buffer containing the AAD
      * @param offset the offset in {@code src} where the AAD input starts
@@ -2722,8 +2722,8 @@
      * Calls to this method provide AAD to the cipher when operating in
      * modes such as AEAD (GCM/CCM).  If this cipher is operating in
      * either GCM or CCM mode, all AAD must be supplied before beginning
-     * operations on the ciphertext (via the {@code update} and {@code
-     * doFinal} methods).
+     * operations on the ciphertext (via the {@code update}
+     * and {@code doFinal} methods).
      * <p>
      * All {@code src.remaining()} bytes starting at
      * {@code src.position()} are processed.
--- a/src/java.base/share/classes/javax/crypto/KeyAgreement.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/javax/crypto/KeyAgreement.java	Tue Aug 25 14:32:08 2015 -0700
@@ -40,24 +40,24 @@
  * exchange) protocol.
  * <p>
  * The keys involved in establishing a shared secret are created by one of the
- * key generators (<code>KeyPairGenerator</code> or
- * <code>KeyGenerator</code>), a <code>KeyFactory</code>, or as a result from
+ * key generators ({@code KeyPairGenerator} or
+ * {@code KeyGenerator}), a {@code KeyFactory}, or as a result from
  * an intermediate phase of the key agreement protocol.
  *
- * <p> For each of the correspondents in the key exchange, <code>doPhase</code>
+ * <p> For each of the correspondents in the key exchange, {@code doPhase}
  * needs to be called. For example, if this key exchange is with one other
- * party, <code>doPhase</code> needs to be called once, with the
- * <code>lastPhase</code> flag set to <code>true</code>.
+ * party, {@code doPhase} needs to be called once, with the
+ * {@code lastPhase} flag set to {@code true}.
  * If this key exchange is
- * with two other parties, <code>doPhase</code> needs to be called twice,
- * the first time setting the <code>lastPhase</code> flag to
- * <code>false</code>, and the second time setting it to <code>true</code>.
+ * with two other parties, {@code doPhase} needs to be called twice,
+ * the first time setting the {@code lastPhase} flag to
+ * {@code false}, and the second time setting it to {@code true}.
  * There may be any number of parties involved in a key exchange.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>KeyAgreement</code> algorithm:
+ * following standard {@code KeyAgreement} algorithm:
  * <ul>
- * <li><tt>DiffieHellman</tt></li>
+ * <li>{@code DiffieHellman}</li>
  * </ul>
  * This algorithm is described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyAgreement">
@@ -125,20 +125,20 @@
     }
 
     /**
-     * Returns the algorithm name of this <code>KeyAgreement</code> object.
+     * Returns the algorithm name of this {@code KeyAgreement} object.
      *
      * <p>This is the same name that was specified in one of the
-     * <code>getInstance</code> calls that created this
-     * <code>KeyAgreement</code> object.
+     * {@code getInstance} calls that created this
+     * {@code KeyAgreement} object.
      *
-     * @return the algorithm name of this <code>KeyAgreement</code> object.
+     * @return the algorithm name of this {@code KeyAgreement} object.
      */
     public final String getAlgorithm() {
         return this.algorithm;
     }
 
     /**
-     * Returns a <code>KeyAgreement</code> object that implements the
+     * Returns a {@code KeyAgreement} object that implements the
      * specified key agreement algorithm.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -157,7 +157,7 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new <code>KeyAgreement</code> object.
+     * @return the new {@code KeyAgreement} object.
      *
      * @exception NullPointerException if the specified algorithm
      *          is null.
@@ -186,7 +186,7 @@
     }
 
     /**
-     * Returns a <code>KeyAgreement</code> object that implements the
+     * Returns a {@code KeyAgreement} object that implements the
      * specified key agreement algorithm.
      *
      * <p> A new KeyAgreement object encapsulating the
@@ -206,7 +206,7 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new <code>KeyAgreement</code> object.
+     * @return the new {@code KeyAgreement} object.
      *
      * @exception NullPointerException if the specified algorithm
      *          is null.
@@ -218,7 +218,7 @@
      * @exception NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null or empty.
      *
      * @see java.security.Provider
@@ -233,7 +233,7 @@
     }
 
     /**
-     * Returns a <code>KeyAgreement</code> object that implements the
+     * Returns a {@code KeyAgreement} object that implements the
      * specified key agreement algorithm.
      *
      * <p> A new KeyAgreement object encapsulating the
@@ -250,7 +250,7 @@
      *
      * @param provider the provider.
      *
-     * @return the new <code>KeyAgreement</code> object.
+     * @return the new {@code KeyAgreement} object.
      *
      * @exception NullPointerException if the specified algorithm
      *          is null.
@@ -259,7 +259,7 @@
      *          implementation for the specified algorithm is not available
      *          from the specified Provider object.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null.
      *
      * @see java.security.Provider
@@ -408,9 +408,9 @@
     }
 
     /**
-     * Returns the provider of this <code>KeyAgreement</code> object.
+     * Returns the provider of this {@code KeyAgreement} object.
      *
-     * @return the provider of this <code>KeyAgreement</code> object
+     * @return the provider of this {@code KeyAgreement} object
      */
     public final Provider getProvider() {
         chooseFirstProvider();
@@ -447,10 +447,10 @@
      * parameters required for this key agreement.
      *
      * <p> If the key agreement algorithm requires random bytes, it gets them
-     * from the given source of randomness, <code>random</code>.
+     * from the given source of randomness, {@code random}.
      * However, if the underlying
      * algorithm implementation does not require any random bytes,
-     * <code>random</code> is ignored.
+     * {@code random} is ignored.
      *
      * @param key the party's private information. For example, in the case
      * of the Diffie-Hellman key agreement, this would be the party's own
@@ -570,9 +570,9 @@
     /**
      * Generates the shared secret and returns it in a new buffer.
      *
-     * <p>This method resets this <code>KeyAgreement</code> object, so that it
+     * <p>This method resets this {@code KeyAgreement} object, so that it
      * can be reused for further key agreements. Unless this key agreement is
-     * reinitialized with one of the <code>init</code> methods, the same
+     * reinitialized with one of the {@code init} methods, the same
      * private information and algorithm parameters will be used for
      * subsequent key agreements.
      *
@@ -588,23 +588,23 @@
 
     /**
      * Generates the shared secret, and places it into the buffer
-     * <code>sharedSecret</code>, beginning at <code>offset</code> inclusive.
+     * {@code sharedSecret}, beginning at {@code offset} inclusive.
      *
-     * <p>If the <code>sharedSecret</code> buffer is too small to hold the
-     * result, a <code>ShortBufferException</code> is thrown.
+     * <p>If the {@code sharedSecret} buffer is too small to hold the
+     * result, a {@code ShortBufferException} is thrown.
      * In this case, this call should be repeated with a larger output buffer.
      *
-     * <p>This method resets this <code>KeyAgreement</code> object, so that it
+     * <p>This method resets this {@code KeyAgreement} object, so that it
      * can be reused for further key agreements. Unless this key agreement is
-     * reinitialized with one of the <code>init</code> methods, the same
+     * reinitialized with one of the {@code init} methods, the same
      * private information and algorithm parameters will be used for
      * subsequent key agreements.
      *
      * @param sharedSecret the buffer for the shared secret
-     * @param offset the offset in <code>sharedSecret</code> where the
+     * @param offset the offset in {@code sharedSecret} where the
      * shared secret will be stored
      *
-     * @return the number of bytes placed into <code>sharedSecret</code>
+     * @return the number of bytes placed into {@code sharedSecret}
      *
      * @exception IllegalStateException if this key agreement has not been
      * completed yet
@@ -619,12 +619,12 @@
     }
 
     /**
-     * Creates the shared secret and returns it as a <code>SecretKey</code>
+     * Creates the shared secret and returns it as a {@code SecretKey}
      * object of the specified algorithm.
      *
-     * <p>This method resets this <code>KeyAgreement</code> object, so that it
+     * <p>This method resets this {@code KeyAgreement} object, so that it
      * can be reused for further key agreements. Unless this key agreement is
-     * reinitialized with one of the <code>init</code> methods, the same
+     * reinitialized with one of the {@code init} methods, the same
      * private information and algorithm parameters will be used for
      * subsequent key agreements.
      *
--- a/src/java.base/share/classes/javax/crypto/KeyGenerator.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/javax/crypto/KeyGenerator.java	Tue Aug 25 14:32:08 2015 -0700
@@ -38,7 +38,7 @@
 /**
  * This class provides the functionality of a secret (symmetric) key generator.
  *
- * <p>Key generators are constructed using one of the <code>getInstance</code>
+ * <p>Key generators are constructed using one of the {@code getInstance}
  * class methods of this class.
  *
  * <p>KeyGenerator objects are reusable, i.e., after a key has been
@@ -57,14 +57,14 @@
  * {@link #init(int, java.security.SecureRandom) init}
  * method in this KeyGenerator class that takes these two universally
  * shared types of arguments. There is also one that takes just a
- * <code>keysize</code> argument, and uses the SecureRandom implementation
+ * {@code keysize} argument, and uses the SecureRandom implementation
  * of the highest-priority installed provider as the source of randomness
  * (or a system-provided source of randomness if none of the installed
  * providers supply a SecureRandom implementation), and one that takes just a
  * source of randomness.
  *
  * <p>Since no other parameters are specified when you call the above
- * algorithm-independent <code>init</code> methods, it is up to the
+ * algorithm-independent {@code init} methods, it is up to the
  * provider what to do about the algorithm-specific parameters (if any) to be
  * associated with each of the keys.
  *
@@ -72,8 +72,8 @@
  * <p>For situations where a set of algorithm-specific parameters already
  * exists, there are two
  * {@link #init(java.security.spec.AlgorithmParameterSpec) init}
- * methods that have an <code>AlgorithmParameterSpec</code>
- * argument. One also has a <code>SecureRandom</code> argument, while the
+ * methods that have an {@code AlgorithmParameterSpec}
+ * argument. One also has a {@code SecureRandom} argument, while the
  * other uses the SecureRandom implementation
  * of the highest-priority installed provider as the source of randomness
  * (or a system-provided source of randomness if none of the installed
@@ -81,18 +81,18 @@
  * </ul>
  *
  * <p>In case the client does not explicitly initialize the KeyGenerator
- * (via a call to an <code>init</code> method), each provider must
+ * (via a call to an {@code init} method), each provider must
  * supply (and document) a default initialization.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>KeyGenerator</code> algorithms with the keysizes in
+ * following standard {@code KeyGenerator} algorithms with the keysizes in
  * parentheses:
  * <ul>
- * <li><tt>AES</tt> (128)</li>
- * <li><tt>DES</tt> (56)</li>
- * <li><tt>DESede</tt> (168)</li>
- * <li><tt>HmacSHA1</tt></li>
- * <li><tt>HmacSHA256</tt></li>
+ * <li>{@code AES} (128)</li>
+ * <li>{@code DES} (56)</li>
+ * <li>{@code DESede} (168)</li>
+ * <li>{@code HmacSHA1}</li>
+ * <li>{@code HmacSHA256}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#KeyGenerator">
@@ -177,20 +177,20 @@
     }
 
     /**
-     * Returns the algorithm name of this <code>KeyGenerator</code> object.
+     * Returns the algorithm name of this {@code KeyGenerator} object.
      *
      * <p>This is the same name that was specified in one of the
-     * <code>getInstance</code> calls that created this
-     * <code>KeyGenerator</code> object.
+     * {@code getInstance} calls that created this
+     * {@code KeyGenerator} object.
      *
-     * @return the algorithm name of this <code>KeyGenerator</code> object.
+     * @return the algorithm name of this {@code KeyGenerator} object.
      */
     public final String getAlgorithm() {
         return this.algorithm;
     }
 
     /**
-     * Returns a <code>KeyGenerator</code> object that generates secret keys
+     * Returns a {@code KeyGenerator} object that generates secret keys
      * for the specified algorithm.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -208,7 +208,7 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new <code>KeyGenerator</code> object.
+     * @return the new {@code KeyGenerator} object.
      *
      * @exception NullPointerException if the specified algorithm is null.
      *
@@ -224,7 +224,7 @@
     }
 
     /**
-     * Returns a <code>KeyGenerator</code> object that generates secret keys
+     * Returns a {@code KeyGenerator} object that generates secret keys
      * for the specified algorithm.
      *
      * <p> A new KeyGenerator object encapsulating the
@@ -243,7 +243,7 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new <code>KeyGenerator</code> object.
+     * @return the new {@code KeyGenerator} object.
      *
      * @exception NullPointerException if the specified algorithm is null.
      *
@@ -254,7 +254,7 @@
      * @exception NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null or empty.
      *
      * @see java.security.Provider
@@ -269,7 +269,7 @@
     }
 
     /**
-     * Returns a <code>KeyGenerator</code> object that generates secret keys
+     * Returns a {@code KeyGenerator} object that generates secret keys
      * for the specified algorithm.
      *
      * <p> A new KeyGenerator object encapsulating the
@@ -285,7 +285,7 @@
      *
      * @param provider the provider.
      *
-     * @return the new <code>KeyGenerator</code> object.
+     * @return the new {@code KeyGenerator} object.
      *
      * @exception NullPointerException if the specified algorithm is null.
      *
@@ -293,7 +293,7 @@
      *          implementation for the specified algorithm is not available
      *          from the specified Provider object.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null.
      *
      * @see java.security.Provider
@@ -307,9 +307,9 @@
     }
 
     /**
-     * Returns the provider of this <code>KeyGenerator</code> object.
+     * Returns the provider of this {@code KeyGenerator} object.
      *
-     * @return the provider of this <code>KeyGenerator</code> object
+     * @return the provider of this {@code KeyGenerator} object
      */
     public final Provider getProvider() {
         synchronized (lock) {
@@ -437,7 +437,7 @@
      * @param params the key generation parameters
      * @param random the source of randomness for this key generator
      *
-     * @exception InvalidAlgorithmParameterException if <code>params</code> is
+     * @exception InvalidAlgorithmParameterException if {@code params} is
      * inappropriate for this key generator
      */
     public final void init(AlgorithmParameterSpec params, SecureRandom random)
--- a/src/java.base/share/classes/javax/crypto/Mac.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/javax/crypto/Mac.java	Tue Aug 25 14:32:08 2015 -0700
@@ -54,11 +54,11 @@
  * specified in RFC 2104.
  *
  * <p> Every implementation of the Java platform is required to support
- * the following standard <code>Mac</code> algorithms:
+ * the following standard {@code Mac} algorithms:
  * <ul>
- * <li><tt>HmacMD5</tt></li>
- * <li><tt>HmacSHA1</tt></li>
- * <li><tt>HmacSHA256</tt></li>
+ * <li>{@code HmacMD5}</li>
+ * <li>{@code HmacSHA1}</li>
+ * <li>{@code HmacSHA256}</li>
  * </ul>
  * These algorithms are described in the
  * <a href="{@docRoot}/../technotes/guides/security/StandardNames.html#Mac">
@@ -127,20 +127,20 @@
     }
 
     /**
-     * Returns the algorithm name of this <code>Mac</code> object.
+     * Returns the algorithm name of this {@code Mac} object.
      *
      * <p>This is the same name that was specified in one of the
-     * <code>getInstance</code> calls that created this
-     * <code>Mac</code> object.
+     * {@code getInstance} calls that created this
+     * {@code Mac} object.
      *
-     * @return the algorithm name of this <code>Mac</code> object.
+     * @return the algorithm name of this {@code Mac} object.
      */
     public final String getAlgorithm() {
         return this.algorithm;
     }
 
     /**
-     * Returns a <code>Mac</code> object that implements the
+     * Returns a {@code Mac} object that implements the
      * specified MAC algorithm.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -158,7 +158,7 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new <code>Mac</code> object.
+     * @return the new {@code Mac} object.
      *
      * @exception NoSuchAlgorithmException if no Provider supports a
      *          MacSpi implementation for the
@@ -183,7 +183,7 @@
     }
 
     /**
-     * Returns a <code>Mac</code> object that implements the
+     * Returns a {@code Mac} object that implements the
      * specified MAC algorithm.
      *
      * <p> A new Mac object encapsulating the
@@ -202,7 +202,7 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new <code>Mac</code> object.
+     * @return the new {@code Mac} object.
      *
      * @exception NoSuchAlgorithmException if a MacSpi
      *          implementation for the specified algorithm is not
@@ -211,7 +211,7 @@
      * @exception NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null or empty.
      *
      * @see java.security.Provider
@@ -224,7 +224,7 @@
     }
 
     /**
-     * Returns a <code>Mac</code> object that implements the
+     * Returns a {@code Mac} object that implements the
      * specified MAC algorithm.
      *
      * <p> A new Mac object encapsulating the
@@ -240,13 +240,13 @@
      *
      * @param provider the provider.
      *
-     * @return the new <code>Mac</code> object.
+     * @return the new {@code Mac} object.
      *
      * @exception NoSuchAlgorithmException if a MacSpi
      *          implementation for the specified algorithm is not available
      *          from the specified Provider object.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null.
      *
      * @see java.security.Provider
@@ -380,9 +380,9 @@
     }
 
     /**
-     * Returns the provider of this <code>Mac</code> object.
+     * Returns the provider of this {@code Mac} object.
      *
-     * @return the provider of this <code>Mac</code> object.
+     * @return the provider of this {@code Mac} object.
      */
     public final Provider getProvider() {
         chooseFirstProvider();
@@ -400,7 +400,7 @@
     }
 
     /**
-     * Initializes this <code>Mac</code> object with the given key.
+     * Initializes this {@code Mac} object with the given key.
      *
      * @param key the key.
      *
@@ -426,7 +426,7 @@
     }
 
     /**
-     * Initializes this <code>Mac</code> object with the given key and
+     * Initializes this {@code Mac} object with the given key and
      * algorithm parameters.
      *
      * @param key the key.
@@ -457,7 +457,7 @@
      *
      * @param input the input byte to be processed.
      *
-     * @exception IllegalStateException if this <code>Mac</code> has not been
+     * @exception IllegalStateException if this {@code Mac} has not been
      * initialized.
      */
     public final void update(byte input) throws IllegalStateException {
@@ -473,7 +473,7 @@
      *
      * @param input the array of bytes to be processed.
      *
-     * @exception IllegalStateException if this <code>Mac</code> has not been
+     * @exception IllegalStateException if this {@code Mac} has not been
      * initialized.
      */
     public final void update(byte[] input) throws IllegalStateException {
@@ -487,14 +487,14 @@
     }
 
     /**
-     * Processes the first <code>len</code> bytes in <code>input</code>,
-     * starting at <code>offset</code> inclusive.
+     * Processes the first {@code len} bytes in {@code input},
+     * starting at {@code offset} inclusive.
      *
      * @param input the input buffer.
-     * @param offset the offset in <code>input</code> where the input starts.
+     * @param offset the offset in {@code input} where the input starts.
      * @param len the number of bytes to process.
      *
-     * @exception IllegalStateException if this <code>Mac</code> has not been
+     * @exception IllegalStateException if this {@code Mac} has not been
      * initialized.
      */
     public final void update(byte[] input, int offset, int len)
@@ -512,14 +512,14 @@
     }
 
     /**
-     * Processes <code>input.remaining()</code> bytes in the ByteBuffer
-     * <code>input</code>, starting at <code>input.position()</code>.
+     * Processes {@code input.remaining()} bytes in the ByteBuffer
+     * {@code input}, starting at {@code input.position()}.
      * Upon return, the buffer's position will be equal to its limit;
      * its limit will not have changed.
      *
      * @param input the ByteBuffer
      *
-     * @exception IllegalStateException if this <code>Mac</code> has not been
+     * @exception IllegalStateException if this {@code Mac} has not been
      * initialized.
      * @since 1.5
      */
@@ -537,20 +537,20 @@
     /**
      * Finishes the MAC operation.
      *
-     * <p>A call to this method resets this <code>Mac</code> object to the
+     * <p>A call to this method resets this {@code Mac} object to the
      * state it was in when previously initialized via a call to
-     * <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      * That is, the object is reset and available to generate another MAC from
-     * the same key, if desired, via new calls to <code>update</code> and
-     * <code>doFinal</code>.
-     * (In order to reuse this <code>Mac</code> object with a different key,
-     * it must be reinitialized via a call to <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * the same key, if desired, via new calls to {@code update} and
+     * {@code doFinal}.
+     * (In order to reuse this {@code Mac} object with a different key,
+     * it must be reinitialized via a call to {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      *
      * @return the MAC result.
      *
-     * @exception IllegalStateException if this <code>Mac</code> has not been
+     * @exception IllegalStateException if this {@code Mac} has not been
      * initialized.
      */
     public final byte[] doFinal() throws IllegalStateException {
@@ -566,27 +566,27 @@
     /**
      * Finishes the MAC operation.
      *
-     * <p>A call to this method resets this <code>Mac</code> object to the
+     * <p>A call to this method resets this {@code Mac} object to the
      * state it was in when previously initialized via a call to
-     * <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      * That is, the object is reset and available to generate another MAC from
-     * the same key, if desired, via new calls to <code>update</code> and
-     * <code>doFinal</code>.
-     * (In order to reuse this <code>Mac</code> object with a different key,
-     * it must be reinitialized via a call to <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * the same key, if desired, via new calls to {@code update} and
+     * {@code doFinal}.
+     * (In order to reuse this {@code Mac} object with a different key,
+     * it must be reinitialized via a call to {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      *
-     * <p>The MAC result is stored in <code>output</code>, starting at
-     * <code>outOffset</code> inclusive.
+     * <p>The MAC result is stored in {@code output}, starting at
+     * {@code outOffset} inclusive.
      *
      * @param output the buffer where the MAC result is stored
-     * @param outOffset the offset in <code>output</code> where the MAC is
+     * @param outOffset the offset in {@code output} where the MAC is
      * stored
      *
      * @exception ShortBufferException if the given output buffer is too small
      * to hold the result
-     * @exception IllegalStateException if this <code>Mac</code> has not been
+     * @exception IllegalStateException if this {@code Mac} has not been
      * initialized.
      */
     public final void doFinal(byte[] output, int outOffset)
@@ -609,21 +609,21 @@
     /**
      * Processes the given array of bytes and finishes the MAC operation.
      *
-     * <p>A call to this method resets this <code>Mac</code> object to the
+     * <p>A call to this method resets this {@code Mac} object to the
      * state it was in when previously initialized via a call to
-     * <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      * That is, the object is reset and available to generate another MAC from
-     * the same key, if desired, via new calls to <code>update</code> and
-     * <code>doFinal</code>.
-     * (In order to reuse this <code>Mac</code> object with a different key,
-     * it must be reinitialized via a call to <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * the same key, if desired, via new calls to {@code update} and
+     * {@code doFinal}.
+     * (In order to reuse this {@code Mac} object with a different key,
+     * it must be reinitialized via a call to {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      *
      * @param input data in bytes
      * @return the MAC result.
      *
-     * @exception IllegalStateException if this <code>Mac</code> has not been
+     * @exception IllegalStateException if this {@code Mac} has not been
      * initialized.
      */
     public final byte[] doFinal(byte[] input) throws IllegalStateException
@@ -637,18 +637,18 @@
     }
 
     /**
-     * Resets this <code>Mac</code> object.
+     * Resets this {@code Mac} object.
      *
-     * <p>A call to this method resets this <code>Mac</code> object to the
+     * <p>A call to this method resets this {@code Mac} object to the
      * state it was in when previously initialized via a call to
-     * <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      * That is, the object is reset and available to generate another MAC from
-     * the same key, if desired, via new calls to <code>update</code> and
-     * <code>doFinal</code>.
-     * (In order to reuse this <code>Mac</code> object with a different key,
-     * it must be reinitialized via a call to <code>init(Key)</code> or
-     * <code>init(Key, AlgorithmParameterSpec)</code>.
+     * the same key, if desired, via new calls to {@code update} and
+     * {@code doFinal}.
+     * (In order to reuse this {@code Mac} object with a different key,
+     * it must be reinitialized via a call to {@code init(Key)} or
+     * {@code init(Key, AlgorithmParameterSpec)}.
      */
     public final void reset() {
         chooseFirstProvider();
@@ -661,7 +661,7 @@
      * @return a clone if the provider implementation is cloneable.
      *
      * @exception CloneNotSupportedException if this is called on a
-     * delegate that does not support <code>Cloneable</code>.
+     * delegate that does not support {@code Cloneable}.
      */
     public final Object clone() throws CloneNotSupportedException {
         chooseFirstProvider();
--- a/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java	Tue Aug 25 14:32:08 2015 -0700
@@ -38,7 +38,7 @@
  * This class represents a factory for secret keys.
  *
  * <P> Key factories are used to convert <I>keys</I> (opaque
- * cryptographic keys of type <code>Key</code>) into <I>key specifications</I>
+ * cryptographic keys of type {@code Key}) into <I>key specifications</I>
  * (transparent representations of the underlying key material), and vice
  * versa.
  * Secret key factories operate only on secret (symmetric) keys.
@@ -53,16 +53,16 @@
  * {@link #getKeySpec(javax.crypto.SecretKey, java.lang.Class) getKeySpec}
  * methods.
  * For example, the DES secret-key factory supplied by the "SunJCE" provider
- * supports <code>DESKeySpec</code> as a transparent representation of DES
+ * supports {@code DESKeySpec} as a transparent representation of DES
  * keys, and that provider's secret-key factory for Triple DES keys supports
- * <code>DESedeKeySpec</code> as a transparent representation of Triple DES
+ * {@code DESedeKeySpec} as a transparent representation of Triple DES
  * keys.
  *
  * <p> Every implementation of the Java platform is required to support the
- * following standard <code>SecretKeyFactory</code> algorithms:
+ * following standard {@code SecretKeyFactory} algorithms:
  * <ul>
- * <li><tt>DES</tt></li>
- * <li><tt>DESede</tt></li>
+ * <li>{@code DES}</li>
+ * <li>{@code DESede}</li>
  * </ul>
  * These algorithms are described in the <a href=
  * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecretKeyFactory">
@@ -125,7 +125,7 @@
     }
 
     /**
-     * Returns a <code>SecretKeyFactory</code> object that converts
+     * Returns a {@code SecretKeyFactory} object that converts
      * secret keys of the specified algorithm.
      *
      * <p> This method traverses the list of registered security Providers,
@@ -144,7 +144,7 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new <code>SecretKeyFactory</code> object.
+     * @return the new {@code SecretKeyFactory} object.
      *
      * @exception NullPointerException if the specified algorithm
      *          is null.
@@ -161,7 +161,7 @@
     }
 
     /**
-     * Returns a <code>SecretKeyFactory</code> object that converts
+     * Returns a {@code SecretKeyFactory} object that converts
      * secret keys of the specified algorithm.
      *
      * <p> A new SecretKeyFactory object encapsulating the
@@ -181,7 +181,7 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new <code>SecretKeyFactory</code> object.
+     * @return the new {@code SecretKeyFactory} object.
      *
      * @exception NoSuchAlgorithmException if a SecretKeyFactorySpi
      *          implementation for the specified algorithm is not
@@ -193,7 +193,7 @@
      * @throws NoSuchProviderException if the specified provider is not
      *          registered in the security provider list.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null or empty.
      *
      * @see java.security.Provider
@@ -208,7 +208,7 @@
     }
 
     /**
-     * Returns a <code>SecretKeyFactory</code> object that converts
+     * Returns a {@code SecretKeyFactory} object that converts
      * secret keys of the specified algorithm.
      *
      * <p> A new SecretKeyFactory object encapsulating the
@@ -225,7 +225,7 @@
      *
      * @param provider the provider.
      *
-     * @return the new <code>SecretKeyFactory</code> object.
+     * @return the new {@code SecretKeyFactory} object.
      *
      * @exception NullPointerException if the specified algorithm
      * is null.
@@ -234,7 +234,7 @@
      *          implementation for the specified algorithm is not available
      *          from the specified Provider object.
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
+     * @exception IllegalArgumentException if the {@code provider}
      *          is null.
      *
      * @see java.security.Provider
@@ -248,9 +248,9 @@
     }
 
     /**
-     * Returns the provider of this <code>SecretKeyFactory</code> object.
+     * Returns the provider of this {@code SecretKeyFactory} object.
      *
-     * @return the provider of this <code>SecretKeyFactory</code> object
+     * @return the provider of this {@code SecretKeyFactory} object
      */
     public final Provider getProvider() {
         synchronized (lock) {
@@ -261,13 +261,13 @@
     }
 
     /**
-     * Returns the algorithm name of this <code>SecretKeyFactory</code> object.
+     * Returns the algorithm name of this {@code SecretKeyFactory} object.
      *
      * <p>This is the same name that was specified in one of the
-     * <code>getInstance</code> calls that created this
-     * <code>SecretKeyFactory</code> object.
+     * {@code getInstance} calls that created this
+     * {@code SecretKeyFactory} object.
      *
-     * @return the algorithm name of this <code>SecretKeyFactory</code>
+     * @return the algorithm name of this {@code SecretKeyFactory}
      * object.
      */
     public final String getAlgorithm() {
@@ -314,7 +314,7 @@
     }
 
     /**
-     * Generates a <code>SecretKey</code> object from the provided key
+     * Generates a {@code SecretKey} object from the provided key
      * specification (key material).
      *
      * @param keySpec the specification (key material) of the secret key
@@ -361,9 +361,9 @@
      *
      * @exception InvalidKeySpecException if the requested key specification is
      * inappropriate for the given key (e.g., the algorithms associated with
-     * <code>key</code> and <code>keySpec</code> do not match, or
-     * <code>key</code> references a key on a cryptographic hardware device
-     * whereas <code>keySpec</code> is the specification of a software-based
+     * {@code key} and {@code keySpec} do not match, or
+     * {@code key} references a key on a cryptographic hardware device
+     * whereas {@code keySpec} is the specification of a software-based
      * key), or the given key cannot be dealt with
      * (e.g., the given key has an algorithm or format not supported by this
      * secret-key factory).
--- a/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/javax/crypto/spec/RC2ParameterSpec.java	Tue Aug 25 14:32:08 2015 -0700
@@ -35,7 +35,7 @@
  * <p> The parameters consist of an effective key size and optionally
  * an 8-byte initialization vector (IV) (only in feedback mode).
  *
- * <p> This class can be used to initialize a <code>Cipher</code> object that
+ * <p> This class can be used to initialize a {@code Cipher} object that
  * implements the <i>RC2</i> algorithm.
  *
  * @author Jan Luehe
@@ -62,12 +62,12 @@
      * (in bits) and an 8-byte IV.
      *
      * <p> The bytes that constitute the IV are those between
-     * <code>iv[0]</code> and <code>iv[7]</code> inclusive.
+     * {@code iv[0]} and {@code iv[7]} inclusive.
      *
      * @param effectiveKeyBits the effective key size in bits.
      * @param iv the buffer with the 8-byte IV. The first 8 bytes of
      * the buffer are copied to protect against subsequent modification.
-     * @exception IllegalArgumentException if <code>iv</code> is null.
+     * @exception IllegalArgumentException if {@code iv} is null.
      */
     public RC2ParameterSpec(int effectiveKeyBits, byte[] iv) {
         this(effectiveKeyBits, iv, 0);
@@ -77,18 +77,18 @@
      * Constructs a parameter set for RC2 from the given effective key size
      * (in bits) and IV.
      *
-     * <p> The IV is taken from <code>iv</code>, starting at
-     * <code>offset</code> inclusive.
+     * <p> The IV is taken from {@code iv}, starting at
+     * {@code offset} inclusive.
      * The bytes that constitute the IV are those between
-     * <code>iv[offset]</code> and <code>iv[offset+7]</code> inclusive.
+     * {@code iv[offset]} and {@code iv[offset+7]} inclusive.
      *
      * @param effectiveKeyBits the effective key size in bits.
      * @param iv the buffer with the IV. The first 8 bytes
-     * of the buffer beginning at <code>offset</code> inclusive
+     * of the buffer beginning at {@code offset} inclusive
      * are copied to protect against subsequent modification.
-     * @param offset the offset in <code>iv</code> where the 8-byte IV
+     * @param offset the offset in {@code iv} where the 8-byte IV
      * starts.
-     * @exception IllegalArgumentException if <code>iv</code> is null.
+     * @exception IllegalArgumentException if {@code iv} is null.
      */
     public RC2ParameterSpec(int effectiveKeyBits, byte[] iv, int offset) {
         this.effectiveKeyBits = effectiveKeyBits;
@@ -124,12 +124,12 @@
      * Tests for equality between the specified object and this
      * object. Two RC2ParameterSpec objects are considered equal if their
      * effective key sizes and IVs are equal.
-     * (Two IV references are considered equal if both are <tt>null</tt>.)
+     * (Two IV references are considered equal if both are {@code null}.)
      *
      * @param obj the object to test for equality with this object.
      *
      * @return true if the objects are considered equal, false if
-     * <code>obj</code> is null or otherwise.
+     * {@code obj} is null or otherwise.
      */
     public boolean equals(Object obj) {
         if (obj == this) {
--- a/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/javax/crypto/spec/RC5ParameterSpec.java	Tue Aug 25 14:32:08 2015 -0700
@@ -35,7 +35,7 @@
  * <p> The parameters consist of a version number, a rounds count, a word
  * size, and optionally an initialization vector (IV) (only in feedback mode).
  *
- * <p> This class can be used to initialize a <code>Cipher</code> object that
+ * <p> This class can be used to initialize a {@code Cipher} object that
  * implements the <i>RC5</i> algorithm as supplied by
  * <a href="http://www.rsa.com">RSA Security LLC</a>,
  * or any parties authorized by RSA Security.
@@ -71,16 +71,16 @@
      *
      * <p> Note that the size of the IV (block size) must be twice the word
      * size. The bytes that constitute the IV are those between
-     * <code>iv[0]</code> and <code>iv[2*(wordSize/8)-1]</code> inclusive.
+     * {@code iv[0]} and {@code iv[2*(wordSize/8)-1]} inclusive.
      *
      * @param version the version.
      * @param rounds the number of rounds.
      * @param wordSize the word size in bits.
-     * @param iv the buffer with the IV. The first <code>2*(wordSize/8)
-     * </code> bytes of the buffer are copied to protect against subsequent
+     * @param iv the buffer with the IV. The first {@code 2*(wordSize/8)}
+     * bytes of the buffer are copied to protect against subsequent
      * modification.
-     * @exception IllegalArgumentException if <code>iv</code> is
-     * <code>null</code> or {@code (iv.length < 2 * (wordSize / 8))}
+     * @exception IllegalArgumentException if {@code iv} is
+     * {@code null} or {@code (iv.length < 2 * (wordSize / 8))}
      */
     public RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv) {
         this(version, rounds, wordSize, iv, 0);
@@ -90,23 +90,23 @@
      * Constructs a parameter set for RC5 from the given version, number of
      * rounds, word size (in bits), and IV.
      *
-     * <p> The IV is taken from <code>iv</code>, starting at
-     * <code>offset</code> inclusive.
+     * <p> The IV is taken from {@code iv}, starting at
+     * {@code offset} inclusive.
      * Note that the size of the IV (block size), starting at
-     * <code>offset</code> inclusive, must be twice the word size.
+     * {@code offset} inclusive, must be twice the word size.
      * The bytes that constitute the IV are those between
-     * <code>iv[offset]</code> and <code>iv[offset+2*(wordSize/8)-1]</code>
+     * {@code iv[offset]} and {@code iv[offset+2*(wordSize/8)-1]}
      * inclusive.
      *
      * @param version the version.
      * @param rounds the number of rounds.
      * @param wordSize the word size in bits.
-     * @param iv the buffer with the IV. The first <code>2*(wordSize/8)
-     * </code> bytes of the buffer beginning at <code>offset</code>
+     * @param iv the buffer with the IV. The first {@code 2*(wordSize/8)}
+     * bytes of the buffer beginning at {@code offset}
      * inclusive are copied to protect against subsequent modification.
-     * @param offset the offset in <code>iv</code> where the IV starts.
-     * @exception IllegalArgumentException if <code>iv</code> is
-     * <code>null</code> or
+     * @param offset the offset in {@code iv} where the IV starts.
+     * @exception IllegalArgumentException if {@code iv} is
+     * {@code null} or
      * {@code (iv.length - offset < 2 * (wordSize / 8))}
      */
     public RC5ParameterSpec(int version, int rounds, int wordSize,
@@ -164,12 +164,12 @@
      * Tests for equality between the specified object and this
      * object. Two RC5ParameterSpec objects are considered equal if their
      * version numbers, number of rounds, word sizes, and IVs are equal.
-     * (Two IV references are considered equal if both are <tt>null</tt>.)
+     * (Two IV references are considered equal if both are {@code null}.)
      *
      * @param obj the object to test for equality with this object.
      *
      * @return true if the objects are considered equal, false if
-     * <code>obj</code> is null or otherwise.
+     * {@code obj} is null or otherwise.
      */
     public boolean equals(Object obj) {
         if (obj == this) {
--- a/src/java.base/share/classes/jdk/internal/jimage/ImageFileCreator.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/jdk/internal/jimage/ImageFileCreator.java	Tue Aug 25 14:32:08 2015 -0700
@@ -139,6 +139,7 @@
     }
 
     public static void recreateJimage(Path jimageFile,
+            String jdataName,
             Set<Archive> archives,
             Map<String, Set<String>> modulePackages)
             throws IOException {
@@ -159,12 +160,7 @@
             throw new UnsupportedOperationException("Not supported, no external file "
                     + "in a jimage file");
         }, entriesForModule, order);
-        String fileName = jimageFile.getFileName().toString();
-        if (fileName.endsWith(IMAGE_EXT)) {
-            fileName = fileName.substring(0, fileName.length()
-                    - BasicImageWriter.IMAGE_EXT.length());
-        }
-        generateJImage(jimageFile, fileName, resources, order);
+        generateJImage(jimageFile, jdataName, resources, order);
     }
 
     private void writeImage(String fileName,
--- a/src/java.base/share/classes/sun/invoke/util/BytecodeName.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/invoke/util/BytecodeName.java	Tue Aug 25 14:32:08 2015 -0700
@@ -295,7 +295,7 @@
      * (The safe name might possibly be mangled to hide further dangerous characters.)
      * For example, the qualified class name {@code java/lang/String}
      * will be parsed into the array {@code {"java", '/', "lang", '/', "String"}}.
-     * The name {@code &lt;init&gt;} will be parsed into { '&lt;', "init", '&gt;'}}
+     * The name {@code <init>} will be parsed into {@code {'<', "init", '>'}}.
      * The name {@code foo/bar$:baz} will be parsed into
      * {@code {"foo", '/', "bar", '$', ':', "baz"}}.
      * The name {@code ::\=:foo:\=bar\!baz} will be parsed into
--- a/src/java.base/share/classes/sun/launcher/resources/launcher.properties	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/launcher/resources/launcher.properties	Tue Aug 25 14:32:08 2015 -0700
@@ -24,8 +24,8 @@
 #
 
 # Translators please note do not translate the options themselves
-java.launcher.opt.header  =   Usage: {0} [-options] class [args...]\n\
-\           (to execute a class)\n   or  {0} [-options] -jar jarfile [args...]\n\
+java.launcher.opt.header  =   Usage: {0} [options] class [args...]\n\
+\           (to execute a class)\n   or  {0} [options] -jar jarfile [args...]\n\
 \           (to execute a jar file)\n\
 where options include:\n
 
@@ -68,6 +68,8 @@
 \                  load Java programming language agent, see java.lang.instrument\n\
 \    -splash:<imagepath>\n\
 \                  show splash screen with specified image\n\
+\    @<filepath>   read options from the specified file\n\
+
 See http://www.oracle.com/technetwork/java/javase/documentation/index.html for more details.
 
 # Translators please note do not translate the options themselves
@@ -102,7 +104,8 @@
 \    -XshowSettings:properties\n\
 \                      show all property settings and continue\n\
 \    -XshowSettings:locale\n\
-\                      show all locale related settings and continue\n\n\
+\                      show all locale related settings and continue\n\
+\    -Xdisable-@files  disable further argument file expansion\n\n\
 The -X options are non-standard and subject to change without notice.\n
 
 # Translators please note do not translate the options themselves
--- a/src/java.base/share/classes/sun/net/util/IPAddressUtil.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/net/util/IPAddressUtil.java	Tue Aug 25 14:32:08 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2004, 2005, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2004, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -44,6 +44,7 @@
 
         long tmpValue = 0;
         int currByte = 0;
+        boolean newOctet = true;
 
         int len = src.length();
         if (len == 0 || len > 15) {
@@ -77,11 +78,12 @@
         for (int i = 0; i < len; i++) {
             char c = src.charAt(i);
             if (c == '.') {
-                if (tmpValue < 0 || tmpValue > 0xff || currByte == 3) {
+                if (newOctet || tmpValue < 0 || tmpValue > 0xff || currByte == 3) {
                     return null;
                 }
                 res[currByte++] = (byte) (tmpValue & 0xff);
                 tmpValue = 0;
+                newOctet = true;
             } else {
                 int digit = Character.digit(c, 10);
                 if (digit < 0) {
@@ -89,9 +91,10 @@
                 }
                 tmpValue *= 10;
                 tmpValue += digit;
+                newOctet = false;
             }
         }
-        if (tmpValue < 0 || tmpValue >= (1L << ((4 - currByte) * 8))) {
+        if (newOctet || tmpValue < 0 || tmpValue >= (1L << ((4 - currByte) * 8))) {
             return null;
         }
         switch (currByte) {
--- a/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java	Tue Aug 25 14:32:08 2015 -0700
@@ -191,7 +191,7 @@
 
     /**
      * return the first token.
-     * @returns the token
+     * @return the token
      * @throws IOException if <code>Negotiator.getNegotiator()</code> or
      *                     <code>Negotiator.firstToken()</code> failed.
      */
@@ -219,7 +219,7 @@
     /**
      * return more tokens
      * @param token the token to be fed into <code>negotiator.nextToken()</code>
-     * @returns the token
+     * @return the token
      * @throws IOException if <code>negotiator.nextToken()</code> throws Exception.
      *  May happen if the input token is invalid.
      */
--- a/src/java.base/share/classes/sun/nio/ch/Net.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/nio/ch/Net.java	Tue Aug 25 14:32:08 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -391,8 +391,7 @@
     private static native boolean isIPv6Available0();
 
     /*
-     * Returns 1 for Windows versions that support exclusive binding by default, 0
-     * for those that do not, and -1 for Solaris/Linux/Mac OS
+     * Returns 1 for Windows and -1 for Solaris/Linux/Mac OS
      */
     private static native int isExclusiveBindAvailable();
 
--- a/src/java.base/share/classes/sun/reflect/LangReflectAccess.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/reflect/LangReflectAccess.java	Tue Aug 25 14:32:08 2015 -0700
@@ -104,6 +104,9 @@
     /** Makes a "child" copy of a Method */
     public Method      copyMethod(Method arg);
 
+    /** Makes a copy of this non-root a Method */
+    public Method      leafCopyMethod(Method arg);
+
     /** Makes a "child" copy of a Field */
     public Field       copyField(Field arg);
 
--- a/src/java.base/share/classes/sun/reflect/ReflectionFactory.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/reflect/ReflectionFactory.java	Tue Aug 25 14:32:08 2015 -0700
@@ -302,6 +302,14 @@
         return langReflectAccess().copyMethod(arg);
     }
 
+    /** Makes a copy of the passed method. The returned method is NOT
+     * a "child" but a "sibling" of the Method in arg. Should only be
+     * used on non-root methods. */
+    public Method leafCopyMethod(Method arg) {
+        return langReflectAccess().leafCopyMethod(arg);
+    }
+
+
     /** Makes a copy of the passed field. The returned field is a
         "child" of the passed one; see the comments in Field.java for
         details. */
--- a/src/java.base/share/classes/sun/reflect/annotation/AnnotationSupport.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/reflect/annotation/AnnotationSupport.java	Tue Aug 25 14:32:08 2015 -0700
@@ -27,14 +27,17 @@
 
 import java.lang.annotation.*;
 import java.lang.reflect.*;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
 import sun.misc.JavaLangAccess;
+import sun.reflect.LangReflectAccess;
+import sun.reflect.ReflectionFactory;
 
 public final class AnnotationSupport {
     private static final JavaLangAccess LANG_ACCESS = sun.misc.SharedSecrets.getJavaLangAccess();
@@ -62,7 +65,7 @@
     public static <A extends Annotation> A[] getDirectlyAndIndirectlyPresent(
             Map<Class<? extends Annotation>, Annotation> annotations,
             Class<A> annoClass) {
-        List<A> result = new ArrayList<A>();
+        List<A> result = new ArrayList<>();
 
         @SuppressWarnings("unchecked")
         A direct = (A) annotations.get(annoClass);
@@ -188,27 +191,68 @@
             AnnotationType annoType = AnnotationType.getInstance(containerClass);
             if (annoType == null)
                 throw invalidContainerException(container, null);
-
             Method m = annoType.members().get("value");
             if (m == null)
                 throw invalidContainerException(container, null);
 
-            m.setAccessible(true);
+            if (Proxy.isProxyClass(container.getClass())) {
+                // Invoke by invocation handler
+                InvocationHandler handler = Proxy.getInvocationHandler(container);
 
-            // This will erase to (Annotation[]) but we do a runtime cast on the
-            // return-value in the method that call this method.
-            @SuppressWarnings("unchecked")
-            A[] values = (A[]) m.invoke(container);
+                try {
+                    // This will erase to (Annotation[]) but we do a runtime cast on the
+                    // return-value in the method that call this method.
+                    @SuppressWarnings("unchecked")
+                    A[] values = (A[]) handler.invoke(container, m, null);
+                    return values;
+                } catch (Throwable t) { // from InvocationHandler::invoke
+                    throw invalidContainerException(container, t);
+                }
+            } else {
+                // In theory there might be instances of Annotations that are not
+                // implemented using Proxies. Try to invoke the "value" element with
+                // reflection.
 
-            return values;
+                // Declaring class should be an annotation type
+                Class<?> iface = m.getDeclaringClass();
+                if (!iface.isAnnotation())
+                    throw new UnsupportedOperationException("Unsupported container annotation type.");
+                // Method must be public
+                if (!Modifier.isPublic(m.getModifiers()))
+                    throw new UnsupportedOperationException("Unsupported value member.");
 
+                // Interface might not be public though
+                final Method toInvoke;
+                if (!Modifier.isPublic(iface.getModifiers())) {
+                    if (System.getSecurityManager() != null) {
+                        toInvoke = AccessController.doPrivileged(new PrivilegedAction<Method>() {
+                            @Override
+                            public Method run() {
+                                Method res = ReflectionFactory.getReflectionFactory().leafCopyMethod(m);
+                                res.setAccessible(true);
+                                return res;
+                            }
+                        });
+                    } else {
+                        toInvoke = ReflectionFactory.getReflectionFactory().leafCopyMethod(m);
+                        toInvoke.setAccessible(true);
+                    }
+                } else {
+                    toInvoke = m;
+                }
+
+                // This will erase to (Annotation[]) but we do a runtime cast on the
+                // return-value in the method that call this method.
+                @SuppressWarnings("unchecked")
+                A[] values = (A[]) toInvoke.invoke(container);
+
+                return values;
+            }
         } catch (IllegalAccessException    | // couldn't loosen security
                  IllegalArgumentException  | // parameters doesn't match
                  InvocationTargetException | // the value method threw an exception
                  ClassCastException e) {
-
             throw invalidContainerException(container, e);
-
         }
     }
 
--- a/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/reflect/annotation/AnnotationType.java	Tue Aug 25 14:32:08 2015 -0700
@@ -98,8 +98,8 @@
      * Sole constructor.
      *
      * @param annotationClass the class object for the annotation type
-     * @throw IllegalArgumentException if the specified class object for
-     *     does not represent a valid annotation type
+     * @throws IllegalArgumentException if the specified class object for
+     *         does not represent a valid annotation type
      */
     private AnnotationType(final Class<? extends Annotation> annotationClass) {
         if (!annotationClass.isAnnotation())
--- a/src/java.base/share/classes/sun/security/jca/ProviderConfig.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/security/jca/ProviderConfig.java	Tue Aug 25 14:32:08 2015 -0700
@@ -178,6 +178,26 @@
             p = new com.sun.crypto.provider.SunJCE();
         } else if (provName.equals("SunJSSE") || provName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
             p = new com.sun.net.ssl.internal.ssl.Provider();
+        } else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
+            // need to use reflection since this class only exists on MacOsx
+            p = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
+                public Provider run() {
+                    try {
+                        Class<?> c = Class.forName("apple.security.AppleProvider");
+                        if (Provider.class.isAssignableFrom(c)) {
+                            return (Provider) c.newInstance();
+                        } else {
+                            return null;
+                        }
+                    } catch (Exception ex) {
+                        if (debug != null) {
+                        debug.println("Error loading provider Apple");
+                        ex.printStackTrace();
+                    }
+                    return null;
+                }
+             }
+             });
         } else {
             if (isLoading) {
                 // because this method is synchronized, this can only
--- a/src/java.base/share/classes/sun/security/pkcs/PKCS7.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/security/pkcs/PKCS7.java	Tue Aug 25 14:32:08 2015 -0700
@@ -46,9 +46,9 @@
 
 /**
  * PKCS7 as defined in RSA Laboratories PKCS7 Technical Note. Profile
- * Supports only <tt>SignedData</tt> ContentInfo
+ * Supports only {@code SignedData} ContentInfo
  * type, where to the type of data signed is plain Data.
- * For signedData, <tt>crls</tt>, <tt>attributes</tt> and
+ * For signedData, {@code crls}, {@code attributes} and
  * PKCS#6 Extended Certificates are not supported.
  *
  * @author Benjamin Renaud
--- a/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/security/pkcs/SignerInfo.java	Tue Aug 25 14:32:08 2015 -0700
@@ -180,7 +180,7 @@
 
     /**
      * DER encode this object onto an output stream.
-     * Implements the <code>DerEncoder</code> interface.
+     * Implements the {@code DerEncoder} interface.
      *
      * @param out
      * the output stream on which to write the DER encoding.
@@ -454,7 +454,7 @@
      * Extracts a timestamp from a PKCS7 SignerInfo.
      *
      * Examines the signer's unsigned attributes for a
-     * <tt>signatureTimestampToken</tt> attribute. If present,
+     * {@code signatureTimestampToken} attribute. If present,
      * then it is parsed to extract the date and time at which the
      * timestamp was generated.
      *
--- a/src/java.base/share/classes/sun/security/pkcs10/PKCS10Attributes.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/security/pkcs10/PKCS10Attributes.java	Tue Aug 25 14:32:08 2015 -0700
@@ -98,7 +98,7 @@
 
     /**
      * Encode the attributes in DER form to the stream.
-     * Implements the <code>DerEncoder</code> interface.
+     * Implements the {@code DerEncoder} interface.
      *
      * @param out the OutputStream to marshal the contents to.
      * @exception IOException on encoding errors.
@@ -157,8 +157,8 @@
 
     /**
      * Compares this PKCS10Attributes for equality with the specified
-     * object. If the <code>other</code> object is an
-     * <code>instanceof</code> <code>PKCS10Attributes</code>, then
+     * object. If the {@code other} object is an
+     * {@code instanceof PKCS10Attributes}, then
      * all the entries are compared with the entries from this.
      *
      * @param other the object to test for equality with this PKCS10Attributes.
@@ -205,10 +205,10 @@
     }
 
     /**
-     * Returns a string representation of this <tt>PKCS10Attributes</tt> object
+     * Returns a string representation of this {@code PKCS10Attributes} object
      * in the form of a set of entries, enclosed in braces and separated
-     * by the ASCII characters "<tt>,&nbsp;</tt>" (comma and space).
-     * <p>Overrides the <tt>toString</tt> method of <tt>Object</tt>.
+     * by the ASCII characters "<code>,&nbsp;</code>" (comma and space).
+     * <p>Overrides the {@code toString} method of {@code Object}.
      *
      * @return  a string representation of this PKCS10Attributes.
      */
--- a/src/java.base/share/classes/sun/security/x509/CRLExtensions.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/security/x509/CRLExtensions.java	Tue Aug 25 14:32:08 2015 -0700
@@ -238,8 +238,8 @@
 
     /**
      * Compares this CRLExtensions for equality with the specified
-     * object. If the <code>other</code> object is an
-     * <code>instanceof</code> <code>CRLExtensions</code>, then
+     * object. If the {@code other} object is an
+     * {@code instanceof} {@code CRLExtensions}, then
      * all the entries are compared with the entries from this.
      *
      * @param other the object to test for equality with this CRLExtensions.
@@ -286,10 +286,10 @@
     }
 
     /**
-     * Returns a string representation of this <tt>CRLExtensions</tt> object
+     * Returns a string representation of this {@code CRLExtensions} object
      * in the form of a set of entries, enclosed in braces and separated
-     * by the ASCII characters "<tt>,&nbsp;</tt>" (comma and space).
-     * <p>Overrides to <tt>toString</tt> method of <tt>Object</tt>.
+     * by the ASCII characters "<code>,&nbsp;</code>" (comma and space).
+     * <p>Overrides to {@code toString} method of {@code Object}.
      *
      * @return  a string representation of this CRLExtensions.
      */
--- a/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/security/x509/CertificateExtensions.java	Tue Aug 25 14:32:08 2015 -0700
@@ -289,8 +289,8 @@
 
     /**
      * Compares this CertificateExtensions for equality with the specified
-     * object. If the <code>other</code> object is an
-     * <code>instanceof</code> <code>CertificateExtensions</code>, then
+     * object. If the {@code other} object is an
+     * {@code instanceof} {@code CertificateExtensions}, then
      * all the entries are compared with the entries from this.
      *
      * @param other the object to test for equality with this
@@ -339,10 +339,10 @@
     }
 
     /**
-     * Returns a string representation of this <tt>CertificateExtensions</tt>
+     * Returns a string representation of this {@code CertificateExtensions}
      * object in the form of a set of entries, enclosed in braces and separated
-     * by the ASCII characters "<tt>,&nbsp;</tt>" (comma and space).
-     * <p>Overrides to <tt>toString</tt> method of <tt>Object</tt>.
+     * by the ASCII characters "<code>,&nbsp;</code>" (comma and space).
+     * <p>Overrides to {@code toString} method of {@code Object}.
      *
      * @return  a string representation of this CertificateExtensions.
      */
--- a/src/java.base/share/classes/sun/util/CoreResourceBundleControl-XLocales.java.template	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/util/CoreResourceBundleControl-XLocales.java.template	Tue Aug 25 14:32:08 2015 -0700
@@ -92,7 +92,7 @@
     }
 
     /**
-     * @returns a list of candidate locales to search from.
+     * @return a list of candidate locales to search from.
      * @exception NullPointerException if baseName or locale is null.
      */
     @Override
--- a/src/java.base/share/classes/sun/util/resources/LocaleData.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/classes/sun/util/resources/LocaleData.java	Tue Aug 25 14:32:08 2015 -0700
@@ -201,7 +201,7 @@
          *
          * @param baseName the resource bundle base name.
          *        locale   the requested locale for the resource bundle.
-         * @returns a list of candidate locales to search from.
+         * @return a list of candidate locales to search from.
          * @exception NullPointerException if baseName or locale is null.
          */
         @Override
--- a/src/java.base/share/native/launcher/defines.h	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/native/launcher/defines.h	Tue Aug 25 14:32:08 2015 -0700
@@ -89,4 +89,9 @@
 static const jint const_ergo_class = DEFAULT_POLICY;
 #endif /* NEVER_ACT_AS_SERVER_CLASS_MACHINE */
 
+#ifdef ENABLE_ARG_FILES
+static const jboolean const_disable_argfile = JNI_FALSE;
+#else
+static const jboolean const_disable_argfile = JNI_TRUE;
+#endif
 #endif /*_DEFINES_H */
--- a/src/java.base/share/native/launcher/main.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/native/launcher/main.c	Tue Aug 25 14:32:08 2015 -0700
@@ -31,6 +31,7 @@
  */
 
 #include "defines.h"
+#include "jli_util.h"
 
 #ifdef _MSC_VER
 #if _MSC_VER > 1400 && _MSC_VER < 1600
@@ -96,6 +97,9 @@
     char** margv;
     const jboolean const_javaw = JNI_FALSE;
 #endif /* JAVAW */
+
+    JLI_InitArgProcessing(!HAS_JAVA_ARGS, const_disable_argfile);
+
 #ifdef _WIN32
     {
         int i = 0;
@@ -119,8 +123,30 @@
         margv[i] = NULL;
     }
 #else /* *NIXES */
-    margc = argc;
-    margv = argv;
+    {
+        // accommodate the NULL at the end
+        JLI_List args = JLI_List_new(argc + 1);
+        int i = 0;
+        for (i = 0; i < argc; i++) {
+            JLI_List argsInFile = JLI_PreprocessArg(argv[i]);
+            if (NULL == argsInFile) {
+                JLI_List_add(args, JLI_StringDup(argv[i]));
+            } else {
+                int cnt, idx;
+                cnt = argsInFile->size;
+                for (idx = 0; idx < cnt; idx++) {
+                    JLI_List_add(args, argsInFile->elements[idx]);
+                }
+                // Shallow free, we reuse the string to avoid copy
+                JLI_MemFree(argsInFile->elements);
+                JLI_MemFree(argsInFile);
+            }
+        }
+        margc = args->size;
+        // add the NULL pointer at argv[argc]
+        JLI_List_add(args, NULL);
+        margv = args->elements;
+    }
 #endif /* WIN32 */
     return JLI_Launch(margc, margv,
                    sizeof(const_jargs) / sizeof(char *), const_jargs,
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/native/libjli/args.c	Tue Aug 25 14:32:08 2015 -0700
@@ -0,0 +1,532 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+#include <stdio.h>
+#include <assert.h>
+#include <sys/stat.h>
+
+#ifdef DEBUG_ARGFILE
+  #ifndef NO_JNI
+    #define NO_JNI
+  #endif
+  #define JLI_ReportMessage(p1, p2) printf((p1), (p2))
+#else
+  #include "java.h"
+#endif
+
+#include "jli_util.h"
+#include "emessages.h"
+
+#define MAX_ARGF_SIZE 0x7fffffffL
+
+static char* clone_substring(const char *begin, size_t len) {
+    char *rv = (char *) JLI_MemAlloc(len + 1);
+    memcpy(rv, begin, len);
+    rv[len] = '\0';
+    return rv;
+}
+
+enum STATE {
+    FIND_NEXT,
+    IN_COMMENT,
+    IN_QUOTE,
+    IN_ESCAPE,
+    SKIP_LEAD_WS,
+    IN_TOKEN
+};
+
+typedef struct {
+    enum STATE state;
+    const char* cptr;
+    const char* eob;
+    char quote_char;
+    JLI_List parts;
+} __ctx_args;
+
+#define NOT_FOUND -1
+static int firstAppArgIndex = NOT_FOUND;
+
+static jboolean expectingNoDashArg = JNI_FALSE;
+static size_t argsCount = 0;
+static jboolean stopExpansion = JNI_FALSE;
+
+void JLI_InitArgProcessing(jboolean isJava, jboolean disableArgFile) {
+    // No expansion for relaunch
+    if (argsCount != 0) {
+        stopExpansion = JNI_TRUE;
+        argsCount = 0;
+    } else {
+        stopExpansion = disableArgFile;
+    }
+
+    expectingNoDashArg = JNI_FALSE;
+
+    // for tools, this value remains 0 all the time.
+    firstAppArgIndex = isJava ? NOT_FOUND : 0;
+}
+
+int JLI_GetAppArgIndex() {
+    // Will be 0 for tools
+    return firstAppArgIndex;
+}
+
+static void checkArg(const char *arg) {
+    size_t idx = 0;
+    argsCount++;
+    if (argsCount == 1) {
+        // ignore first argument, the application name
+        return;
+    }
+
+    // All arguments arrive here must be a launcher argument,
+    // ie. by now, all argfile expansions must have been performed.
+    if (*arg++ == '-') {
+        expectingNoDashArg = JNI_FALSE;
+        if (JLI_StrCmp(arg, "cp") == 0 ||
+            JLI_StrCmp(arg, "classpath") == 0) {
+            expectingNoDashArg = JNI_TRUE;
+        } else if (JLI_StrCmp(arg, "jar") == 0) {
+            // This is tricky, we do expect NoDashArg
+            // But that is considered main class to stop expansion
+            expectingNoDashArg = JNI_FALSE;
+            // We can not just update the idx here because if -jar @file
+            // still need expansion of @file to get the argument for -jar
+        } else if (JLI_StrCmp(arg, "Xdisable-@files") == 0) {
+            stopExpansion = JNI_TRUE;
+        }
+    } else {
+        if (!expectingNoDashArg) {
+            // this is main class, argsCount is index to next arg
+            idx = argsCount;
+        }
+        expectingNoDashArg = JNI_FALSE;
+    }
+    // only update on java mode and not yet found main class
+    if (firstAppArgIndex == -1 && idx != 0) {
+        firstAppArgIndex = (int) idx;
+    }
+}
+
+/*
+       [\n\r]   +------------+                        +------------+ [\n\r]
+      +---------+ IN_COMMENT +<------+                | IN_ESCAPE  +---------+
+      |         +------------+       |                +------------+         |
+      |    [#]       ^               |[#]                 ^     |            |
+      |   +----------+               |                [\\]|     |[^\n\r]     |
+      v   |                          |                    |     v            |
++------------+ [^ \t\n\r\f]  +------------+['"]>      +------------+         |
+| FIND_NEXT  +-------------->+ IN_TOKEN   +-----------+ IN_QUOTE   +         |
++------------+               +------------+   <[quote]+------------+         |
+  |   ^                          |                       |  ^   ^            |
+  |   |               [ \t\n\r\f]|                 [\n\r]|  |   |[^ \t\n\r\f]v
+  |   +--------------------------+-----------------------+  |  +--------------+
+  |                       ['"]                              |  | SKIP_LEAD_WS |
+  +---------------------------------------------------------+  +--------------+
+*/
+static char* nextToken(__ctx_args *pctx) {
+    const char* nextc = pctx->cptr;
+    const char* const eob = pctx->eob;
+    const char* anchor = nextc;
+    char *token;
+
+    for (; nextc < eob; nextc++) {
+        register char ch = *nextc;
+
+        // Skip white space characters
+        if (pctx->state == FIND_NEXT || pctx->state == SKIP_LEAD_WS) {
+            while (ch == ' ' || ch == '\n' || ch == '\r' || ch == '\t' || ch == '\f') {
+                nextc++;
+                if (nextc >= eob) {
+                    return NULL;
+                }
+                ch = *nextc;
+            }
+            pctx->state = (pctx->state == FIND_NEXT) ? IN_TOKEN : IN_QUOTE;
+            anchor = nextc;
+        // Deal with escape sequences
+        } else if (pctx->state == IN_ESCAPE) {
+            // concatenation directive
+            if (ch == '\n' || ch == '\r') {
+                pctx->state = SKIP_LEAD_WS;
+            } else {
+            // escaped character
+                char* escaped = (char*) JLI_MemAlloc(2 * sizeof(char));
+                escaped[1] = '\0';
+                switch (ch) {
+                    case 'n':
+                        escaped[0] = '\n';
+                        break;
+                    case 'r':
+                        escaped[0] = '\r';
+                        break;
+                    case 't':
+                        escaped[0] = '\t';
+                        break;
+                    case 'f':
+                        escaped[0] = '\f';
+                        break;
+                    default:
+                        escaped[0] = ch;
+                        break;
+                }
+                JLI_List_add(pctx->parts, escaped);
+                pctx->state = IN_QUOTE;
+            }
+            // anchor to next character
+            anchor = nextc + 1;
+            continue;
+        // ignore comment to EOL
+        } else if (pctx->state == IN_COMMENT) {
+            while (ch != '\n' && ch != '\r') {
+                nextc++;
+                if (nextc > eob) {
+                    return NULL;
+                }
+                ch = *nextc;
+            }
+            pctx->state = FIND_NEXT;
+            continue;
+        }
+
+        assert(pctx->state != IN_ESCAPE);
+        assert(pctx->state != FIND_NEXT);
+        assert(pctx->state != SKIP_LEAD_WS);
+        assert(pctx->state != IN_COMMENT);
+
+        switch(ch) {
+            case ' ':
+            case '\t':
+            case '\f':
+                if (pctx->state == IN_QUOTE) {
+                    continue;
+                }
+                // fall through
+            case '\n':
+            case '\r':
+                if (pctx->parts->size == 0) {
+                    token = clone_substring(anchor, nextc - anchor);
+                } else {
+                    JLI_List_addSubstring(pctx->parts, anchor, nextc - anchor);
+                    token = JLI_List_combine(pctx->parts);
+                    JLI_List_free(pctx->parts);
+                    pctx->parts = JLI_List_new(4);
+                }
+                pctx->cptr = nextc + 1;
+                pctx->state = FIND_NEXT;
+                return token;
+            case '#':
+                if (pctx->state == IN_QUOTE) {
+                    continue;
+                }
+                pctx->state = IN_COMMENT;
+                break;
+            case '\\':
+                if (pctx->state != IN_QUOTE) {
+                    continue;
+                }
+                JLI_List_addSubstring(pctx->parts, anchor, nextc - anchor);
+                pctx->state = IN_ESCAPE;
+                break;
+            case '\'':
+            case '"':
+                if (pctx->state == IN_QUOTE && pctx->quote_char != ch) {
+                    // not matching quote
+                    continue;
+                }
+                // partial before quote
+                if (anchor != nextc) {
+                    JLI_List_addSubstring(pctx->parts, anchor, nextc - anchor);
+                }
+                // anchor after quote character
+                anchor = nextc + 1;
+                if (pctx->state == IN_TOKEN) {
+                    pctx->quote_char = ch;
+                    pctx->state = IN_QUOTE;
+                } else {
+                    pctx->state = IN_TOKEN;
+                }
+                break;
+            default:
+                break;
+        }
+    }
+
+    assert(nextc == eob);
+    if (anchor != nextc) {
+        // not yet return until end of stream, we have part of a token.
+        JLI_List_addSubstring(pctx->parts, anchor, nextc - anchor);
+    }
+    return NULL;
+}
+
+static JLI_List readArgFile(FILE *file) {
+    char buf[4096];
+    JLI_List rv;
+    __ctx_args ctx;
+    size_t size;
+    char *token;
+
+    ctx.state = FIND_NEXT;
+    ctx.parts = JLI_List_new(4);
+
+    /* arbitrarily pick 8, seems to be a reasonable number of arguments */
+    rv = JLI_List_new(8);
+
+    while (!feof(file)) {
+        size = fread(buf, sizeof(char), sizeof(buf), file);
+        if (ferror(file)) {
+            JLI_List_free(rv);
+            return NULL;
+        }
+
+        /* nextc is next character to read from the buffer
+         * eob is the end of input
+         * token is the copied token value, NULL if no a complete token
+         */
+        ctx.cptr = buf;
+        ctx.eob = buf + size;
+        token = nextToken(&ctx);
+        while (token != NULL) {
+            checkArg(token);
+            JLI_List_add(rv, token);
+            token = nextToken(&ctx);
+        }
+    }
+
+    // remaining partial token
+    if (ctx.state == IN_TOKEN || ctx.state == IN_QUOTE) {
+        if (ctx.parts->size != 0) {
+            JLI_List_add(rv, JLI_List_combine(ctx.parts));
+        }
+    }
+    JLI_List_free(ctx.parts);
+
+    return rv;
+}
+
+/*
+ * if the arg represent a file, that is, prefix with a single '@',
+ * return a list of arguments from the file.
+ * otherwise, return NULL.
+ */
+static JLI_List expandArgFile(const char *arg) {
+    FILE *fptr;
+    struct stat st;
+    JLI_List rv;
+
+    /* failed to access the file */
+    if (stat(arg, &st) != 0) {
+        JLI_ReportMessage(CFG_ERROR6, arg);
+        exit(1);
+    }
+
+    if (st.st_size > MAX_ARGF_SIZE) {
+        JLI_ReportMessage(CFG_ERROR10, MAX_ARGF_SIZE);
+        exit(1);
+    }
+
+    fptr = fopen(arg, "r");
+    /* arg file cannot be openned */
+    if (fptr == NULL) {
+        JLI_ReportMessage(CFG_ERROR6, arg);
+        exit(1);
+    }
+
+    rv = readArgFile(fptr);
+    fclose(fptr);
+
+    /* error occurred reading the file */
+    if (rv == NULL) {
+        JLI_ReportMessage(DLL_ERROR4, arg);
+        exit(1);
+    }
+
+    return rv;
+}
+
+JLI_List JLI_PreprocessArg(const char *arg)
+{
+    JLI_List rv;
+
+    if (firstAppArgIndex > 0) {
+        // In user application arg, no more work.
+        return NULL;
+    }
+
+    if (stopExpansion) {
+        // still looking for user application arg
+        checkArg(arg);
+        return NULL;
+    }
+
+    if (arg[0] != '@') {
+        checkArg(arg);
+        return NULL;
+    }
+
+    if (arg[1] == '\0') {
+        // @ by itself is an argument
+        checkArg(arg);
+        return NULL;
+    }
+
+    arg++;
+    if (arg[0] == '@') {
+        // escaped @argument
+        rv = JLI_List_new(1);
+        checkArg(arg);
+        JLI_List_add(rv, JLI_StringDup(arg));
+    } else {
+        rv = expandArgFile(arg);
+    }
+    return rv;
+}
+
+#ifdef DEBUG_ARGFILE
+/*
+ * Stand-alone sanity test, build with following command line
+ * $ CC -DDEBUG_ARGFILE -DNO_JNI -g args.c jli_util.c
+ */
+
+void fail(char *expected, char *actual, size_t idx) {
+    printf("FAILED: Token[%lu] expected to be <%s>, got <%s>\n", idx, expected, actual);
+    exit(1);
+}
+
+void test_case(char *case_data, char **tokens, size_t cnt_tokens) {
+    size_t actual_cnt;
+    char *token;
+    __ctx_args ctx;
+
+    actual_cnt = 0;
+
+    ctx.state = FIND_NEXT;
+    ctx.parts = JLI_List_new(4);
+    ctx.cptr = case_data;
+    ctx.eob = case_data + strlen(case_data);
+
+    printf("Test case: <%s>, expected %lu tokens.\n", case_data, cnt_tokens);
+
+    for (token = nextToken(&ctx); token != NULL; token = nextToken(&ctx)) {
+        // should not have more tokens than expected
+        if (actual_cnt >= cnt_tokens) {
+            printf("FAILED: Extra token detected: <%s>\n", token);
+            exit(2);
+        }
+        if (JLI_StrCmp(token, tokens[actual_cnt]) != 0) {
+            fail(tokens[actual_cnt], token, actual_cnt);
+        }
+        actual_cnt++;
+    }
+
+    char* last = NULL;
+    if (ctx.parts->size != 0) {
+        last = JLI_List_combine(ctx.parts);
+    }
+    JLI_List_free(ctx.parts);
+
+    if (actual_cnt >= cnt_tokens) {
+        // same number of tokens, should have nothing left to parse
+        if (last != NULL) {
+            if (*last != '#') {
+                printf("Leftover detected: %s", last);
+                exit(2);
+            }
+        }
+    } else {
+        if (JLI_StrCmp(last, tokens[actual_cnt]) != 0) {
+            fail(tokens[actual_cnt], last, actual_cnt);
+        }
+        actual_cnt++;
+    }
+    if (actual_cnt != cnt_tokens) {
+        printf("FAILED: Number of tokens not match, expected %lu, got %lu\n",
+            cnt_tokens, actual_cnt);
+        exit(3);
+    }
+
+    printf("PASS\n");
+}
+
+#define DO_CASE(name) \
+    test_case(name[0], name + 1, sizeof(name)/sizeof(char*) - 1)
+
+int main(int argc, char** argv) {
+    size_t i, j;
+
+    char* case1[] = { "-version -cp \"c:\\\\java libs\\\\one.jar\" \n",
+        "-version", "-cp", "c:\\java libs\\one.jar" };
+    DO_CASE(case1);
+
+    // note the open quote at the end
+    char* case2[] = { "com.foo.Panda \"Furious 5\"\fand\t'Shi Fu' \"escape\tprison",
+        "com.foo.Panda", "Furious 5", "and", "Shi Fu", "escape\tprison"};
+    DO_CASE(case2);
+
+    char* escaped_chars[] = { "escaped chars testing \"\\a\\b\\c\\f\\n\\r\\t\\v\\9\\6\\23\\82\\28\\377\\477\\278\\287\"",
+        "escaped", "chars", "testing", "abc\f\n\r\tv96238228377477278287"};
+    DO_CASE(escaped_chars);
+
+    char* mixed_quote[]  = { "\"mix 'single quote' in double\" 'mix \"double quote\" in single' partial\"quote me\"this",
+        "mix 'single quote' in double", "mix \"double quote\" in single", "partialquote methis"};
+    DO_CASE(mixed_quote);
+
+    char* comments[]  = { "line one #comment\n'line #2' #rest are comment\r\n#comment on line 3\nline 4 #comment to eof",
+        "line", "one", "line #2", "line", "4"};
+    DO_CASE(comments);
+
+    char* open_quote[] = { "This is an \"open quote \n    across line\n\t, note for WS.",
+        "This", "is", "an", "open quote ", "across", "line", ",", "note", "for", "WS." };
+    DO_CASE(open_quote);
+
+    char* escape_in_open_quote[] = { "Try \"this \\\\\\\\ escape\\n double quote \\\" in open quote",
+        "Try", "this \\\\ escape\n double quote \" in open quote" };
+    DO_CASE(escape_in_open_quote);
+
+    char* quote[] = { "'-Dmy.quote.single'='Property in single quote. Here a double quote\" Add some slashes \\\\/'",
+        "-Dmy.quote.single=Property in single quote. Here a double quote\" Add some slashes \\/" };
+    DO_CASE(quote);
+
+    char* multi[] = { "\"Open quote to \n  new \"line \\\n\r   third\\\n\r\\\tand\ffourth\"",
+        "Open quote to ", "new", "line third\tand\ffourth" };
+    DO_CASE(multi);
+
+    char* escape_quote[] = { "c:\\\"partial quote\"\\lib",
+        "c:\\partial quote\\lib" };
+    DO_CASE(escape_quote);
+
+    if (argc > 1) {
+        for (i = 0; i < argc; i++) {
+            JLI_List tokens = JLI_PreprocessArg(argv[i]);
+            if (NULL != tokens) {
+                for (j = 0; j < tokens->size; j++) {
+                    printf("Token[%lu]: <%s>\n", (unsigned long) j, tokens->elements[j]);
+                }
+            }
+        }
+    }
+}
+
+#endif // DEBUG_ARGFILE
--- a/src/java.base/share/native/libjli/emessages.h	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/native/libjli/emessages.h	Tue Aug 25 14:32:08 2015 -0700
@@ -71,6 +71,7 @@
 #define CFG_ERROR7      "Error: no known VMs. (check for corrupt jvm.cfg file)"
 #define CFG_ERROR8      "Error: missing `%s' JVM at `%s'.\nPlease install or use the JRE or JDK that contains these missing components."
 #define CFG_ERROR9      "Error: could not determine JVM type."
+#define CFG_ERROR10     "Error: Argument file size should not be larger than %lu."
 
 #define JRE_ERROR1      "Error: Could not find Java SE Runtime Environment."
 #define JRE_ERROR2      "Error: This Java instance does not support a %d-bit JVM.\nPlease install the desired version."
--- a/src/java.base/share/native/libjli/java.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/native/libjli/java.c	Tue Aug 25 14:32:08 2015 -0700
@@ -1082,15 +1082,6 @@
             AddOption("-Xverify:remote", NULL);
         } else if (JLI_StrCmp(arg, "-noverify") == 0) {
             AddOption("-Xverify:none", NULL);
-        } else if (JLI_StrCCmp(arg, "-prof") == 0) {
-            char *p = arg + 5;
-            char *tmp = JLI_MemAlloc(JLI_StrLen(arg) + 50);
-            if (*p) {
-                sprintf(tmp, "-Xrunhprof:cpu=old,file=%s", p + 1);
-            } else {
-                sprintf(tmp, "-Xrunhprof:cpu=old,file=java.prof");
-            }
-            AddOption(tmp, NULL);
         } else if (JLI_StrCCmp(arg, "-ss") == 0 ||
                    JLI_StrCCmp(arg, "-oss") == 0 ||
                    JLI_StrCCmp(arg, "-ms") == 0 ||
@@ -1972,6 +1963,7 @@
 {
     if (!JLI_IsTraceLauncher()) return ;
     printf("Launcher state:\n");
+    printf("\tFirst application arg index: %d\n", JLI_GetAppArgIndex());
     printf("\tdebug:%s\n", (JLI_IsTraceLauncher() == JNI_TRUE) ? "on" : "off");
     printf("\tjavargs:%s\n", (_is_java_args == JNI_TRUE) ? "on" : "off");
     printf("\tprogram name:%s\n", GetProgramName());
--- a/src/java.base/share/native/libjli/jli_util.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/native/libjli/jli_util.c	Tue Aug 25 14:32:08 2015 -0700
@@ -25,8 +25,7 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <jni.h>
-
+#include <stdarg.h>
 #include "jli_util.h"
 
 /*
@@ -97,6 +96,7 @@
     va_start(vl, fmt);
     vprintf(fmt,vl);
     va_end(vl);
+    fflush(stdout);
 }
 
 void
@@ -119,3 +119,122 @@
 {
    return JLI_StrNCmp(s1, s2, JLI_StrLen(s2));
 }
+
+JLI_List
+JLI_List_new(size_t capacity)
+{
+    JLI_List l = (JLI_List) JLI_MemAlloc(sizeof(struct JLI_List_));
+    l->capacity = capacity;
+    l->elements = (char **) JLI_MemAlloc(capacity * sizeof(l->elements[0]));
+    l->size = 0;
+    return l;
+}
+
+void
+JLI_List_free(JLI_List sl)
+{
+    if (sl) {
+        if (sl->elements) {
+            size_t i;
+            for (i = 0; i < sl->size; i++)
+                JLI_MemFree(sl->elements[i]);
+            JLI_MemFree(sl->elements);
+        }
+        JLI_MemFree(sl);
+    }
+}
+
+void
+JLI_List_ensureCapacity(JLI_List sl, size_t capacity)
+{
+    if (sl->capacity < capacity) {
+        while (sl->capacity < capacity)
+            sl->capacity *= 2;
+        sl->elements = JLI_MemRealloc(sl->elements,
+            sl->capacity * sizeof(sl->elements[0]));
+    }
+}
+
+void
+JLI_List_add(JLI_List sl, char *str)
+{
+    JLI_List_ensureCapacity(sl, sl->size+1);
+    sl->elements[sl->size++] = str;
+}
+
+void
+JLI_List_addSubstring(JLI_List sl, const char *beg, size_t len)
+{
+    char *str = (char *) JLI_MemAlloc(len+1);
+    memcpy(str, beg, len);
+    str[len] = '\0';
+    JLI_List_ensureCapacity(sl, sl->size+1);
+    sl->elements[sl->size++] = str;
+}
+
+char *
+JLI_List_combine(JLI_List sl)
+{
+    size_t i;
+    size_t size;
+    char *str;
+    char *p;
+    for (i = 0, size = 1; i < sl->size; i++)
+        size += JLI_StrLen(sl->elements[i]);
+
+    str = JLI_MemAlloc(size);
+
+    for (i = 0, p = str; i < sl->size; i++) {
+        size_t len = JLI_StrLen(sl->elements[i]);
+        memcpy(p, sl->elements[i], len);
+        p += len;
+    }
+    *p = '\0';
+
+    return str;
+}
+
+char *
+JLI_List_join(JLI_List sl, char sep)
+{
+    size_t i;
+    size_t size;
+    char *str;
+    char *p;
+    for (i = 0, size = 1; i < sl->size; i++)
+        size += JLI_StrLen(sl->elements[i]) + 1;
+
+    str = JLI_MemAlloc(size);
+
+    for (i = 0, p = str; i < sl->size; i++) {
+        size_t len = JLI_StrLen(sl->elements[i]);
+        if (i > 0) *p++ = sep;
+        memcpy(p, sl->elements[i], len);
+        p += len;
+    }
+    *p = '\0';
+
+    return str;
+}
+
+JLI_List
+JLI_List_split(const char *str, char sep)
+{
+    const char *p, *q;
+    size_t len = JLI_StrLen(str);
+    int count;
+    JLI_List sl;
+    for (count = 1, p = str; p < str + len; p++)
+        count += (*p == sep);
+    sl = JLI_List_new(count);
+    for (p = str;;) {
+        for (q = p; q <= str + len; q++) {
+            if (*q == sep || *q == '\0') {
+                JLI_List_addSubstring(sl, p, q - p);
+                if (*q == '\0')
+                    return sl;
+                p = q + 1;
+            }
+        }
+    }
+}
--- a/src/java.base/share/native/libjli/jli_util.h	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/native/libjli/jli_util.h	Tue Aug 25 14:32:08 2015 -0700
@@ -29,7 +29,15 @@
 #include <stdlib.h>
 #include <string.h>
 #include <stdio.h>
-#include <jni.h>
+
+#ifndef NO_JNI
+  #include <jni.h>
+#else
+  #define jboolean int
+  #define JNI_TRUE  1
+  #define JNI_FALSE 0
+#endif
+
 #define JLDEBUG_ENV_ENTRY "_JAVA_LAUNCHER_DEBUG"
 
 void *JLI_MemAlloc(size_t size);
@@ -45,6 +53,7 @@
 
 StdArg *JLI_GetStdArgs();
 int     JLI_GetStdArgc();
+int     JLI_GetAppArgIndex();
 
 #define JLI_StrLen(p1)          strlen((p1))
 #define JLI_StrChr(p1, p2)      strchr((p1), (p2))
@@ -102,4 +111,29 @@
 void     JLI_SetTraceLauncher();
 jboolean JLI_IsTraceLauncher();
 
+/*
+ * JLI_List - a dynamic list of char*
+ */
+struct JLI_List_
+{
+    char **elements;
+    size_t size;
+    size_t capacity;
+};
+typedef struct JLI_List_ *JLI_List;
+
+JLI_List JLI_List_new(size_t capacity);
+void JLI_List_free(JLI_List l);
+void JLI_List_ensureCapacity(JLI_List l, size_t capacity);
+/* e must be JLI_MemFree-able */
+void JLI_List_add(JLI_List l, char *e);
+/* a copy is made out of beg */
+void JLI_List_addSubstring(JLI_List l, const char *beg, size_t len);
+char *JLI_List_combine(JLI_List sl);
+char *JLI_List_join(JLI_List l, char sep);
+JLI_List JLI_List_split(const char *str, char sep);
+
+void JLI_InitArgProcessing(jboolean isJava, jboolean disableArgFile);
+JLI_List JLI_PreprocessArg(const char *arg);
+
 #endif  /* _JLI_UTIL_H */
--- a/src/java.base/share/native/libjli/wildcard.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/share/native/libjli/wildcard.c	Tue Aug 25 14:32:08 2015 -0700
@@ -218,116 +218,6 @@
     return JLI_StrCmp(s1, s2) == 0;
 }
 
-/*
- * FileList ADT - a dynamic list of C filenames
- */
-struct FileList_
-{
-    char **files;
-    int size;
-    int capacity;
-};
-typedef struct FileList_ *FileList;
-
-static FileList
-FileList_new(int capacity)
-{
-    FileList fl = NEW_(FileList);
-    fl->capacity = capacity;
-    fl->files = (char **) JLI_MemAlloc(capacity * sizeof(fl->files[0]));
-    fl->size = 0;
-    return fl;
-}
-
-
-
-static void
-FileList_free(FileList fl)
-{
-    if (fl) {
-        if (fl->files) {
-            int i;
-            for (i = 0; i < fl->size; i++)
-                JLI_MemFree(fl->files[i]);
-            JLI_MemFree(fl->files);
-        }
-        JLI_MemFree(fl);
-    }
-}
-
-static void
-FileList_ensureCapacity(FileList fl, int capacity)
-{
-    if (fl->capacity < capacity) {
-        while (fl->capacity < capacity)
-            fl->capacity *= 2;
-        fl->files = JLI_MemRealloc(fl->files,
-                               fl->capacity * sizeof(fl->files[0]));
-    }
-}
-
-static void
-FileList_add(FileList fl, char *file)
-{
-    FileList_ensureCapacity(fl, fl->size+1);
-    fl->files[fl->size++] = file;
-}
-
-static void
-FileList_addSubstring(FileList fl, const char *beg, size_t len)
-{
-    char *filename = (char *) JLI_MemAlloc(len+1);
-    memcpy(filename, beg, len);
-    filename[len] = '\0';
-    FileList_ensureCapacity(fl, fl->size+1);
-    fl->files[fl->size++] = filename;
-}
-
-static char *
-FileList_join(FileList fl, char sep)
-{
-    int i;
-    int size;
-    char *path;
-    char *p;
-    for (i = 0, size = 1; i < fl->size; i++)
-        size += (int)JLI_StrLen(fl->files[i]) + 1;
-
-    path = JLI_MemAlloc(size);
-
-    for (i = 0, p = path; i < fl->size; i++) {
-        int len = (int)JLI_StrLen(fl->files[i]);
-        if (i > 0) *p++ = sep;
-        memcpy(p, fl->files[i], len);
-        p += len;
-    }
-    *p = '\0';
-
-    return path;
-}
-
-static FileList
-FileList_split(const char *path, char sep)
-{
-    const char *p, *q;
-    size_t len = JLI_StrLen(path);
-    int count;
-    FileList fl;
-    for (count = 1, p = path; p < path + len; p++)
-        count += (*p == sep);
-    fl = FileList_new(count);
-    for (p = path;;) {
-        for (q = p; q <= path + len; q++) {
-            if (*q == sep || *q == '\0') {
-                FileList_addSubstring(fl, p, q - p);
-                if (*q == '\0')
-                    return fl;
-                p = q + 1;
-            }
-        }
-    }
-}
-
 static int
 isJarFileName(const char *filename)
 {
@@ -352,22 +242,22 @@
     return filename;
 }
 
-static FileList
+static JLI_List
 wildcardFileList(const char *wildcard)
 {
     const char *basename;
-    FileList fl = FileList_new(16);
+    JLI_List fl = JLI_List_new(16);
     WildcardIterator it = WildcardIterator_for(wildcard);
 
     if (it == NULL)
     {
-        FileList_free(fl);
+        JLI_List_free(fl);
         return NULL;
     }
 
     while ((basename = WildcardIterator_next(it)) != NULL)
         if (isJarFileName(basename))
-            FileList_add(fl, wildcardConcat(wildcard, basename));
+            JLI_List_add(fl, wildcardConcat(wildcard, basename));
     WildcardIterator_close(it);
     return fl;
 }
@@ -383,25 +273,25 @@
 }
 
 static void
-FileList_expandWildcards(FileList fl)
+FileList_expandWildcards(JLI_List fl)
 {
-    int i, j;
+    size_t i, j;
     for (i = 0; i < fl->size; i++) {
-        if (isWildcard(fl->files[i])) {
-            FileList expanded = wildcardFileList(fl->files[i]);
+        if (isWildcard(fl->elements[i])) {
+            JLI_List expanded = wildcardFileList(fl->elements[i]);
             if (expanded != NULL && expanded->size > 0) {
-                JLI_MemFree(fl->files[i]);
-                FileList_ensureCapacity(fl, fl->size + expanded->size);
+                JLI_MemFree(fl->elements[i]);
+                JLI_List_ensureCapacity(fl, fl->size + expanded->size);
                 for (j = fl->size - 1; j >= i+1; j--)
-                    fl->files[j+expanded->size-1] = fl->files[j];
+                    fl->elements[j+expanded->size-1] = fl->elements[j];
                 for (j = 0; j < expanded->size; j++)
-                    fl->files[i+j] = expanded->files[j];
+                    fl->elements[i+j] = expanded->elements[j];
                 i += expanded->size - 1;
                 fl->size += expanded->size - 1;
                 /* fl expropriates expanded's elements. */
                 expanded->size = 0;
             }
-            FileList_free(expanded);
+            JLI_List_free(expanded);
         }
     }
 }
@@ -410,14 +300,14 @@
 JLI_WildcardExpandClasspath(const char *classpath)
 {
     char *expanded;
-    FileList fl;
+    JLI_List fl;
 
     if (JLI_StrChr(classpath, '*') == NULL)
         return classpath;
-    fl = FileList_split(classpath, PATH_SEPARATOR);
+    fl = JLI_List_split(classpath, PATH_SEPARATOR);
     FileList_expandWildcards(fl);
-    expanded = FileList_join(fl, PATH_SEPARATOR);
-    FileList_free(fl);
+    expanded = JLI_List_join(fl, PATH_SEPARATOR);
+    JLI_List_free(fl);
     if (getenv(JLDEBUG_ENV_ENTRY) != 0)
         printf("Expanded wildcards:\n"
                "    before: \"%s\"\n"
@@ -428,13 +318,13 @@
 
 #ifdef DEBUG_WILDCARD
 static void
-FileList_print(FileList fl)
+FileList_print(JLI_List fl)
 {
-    int i;
+    size_t i;
     putchar('[');
     for (i = 0; i < fl->size; i++) {
         if (i > 0) printf(", ");
-        printf("\"%s\"",fl->files[i]);
+        printf("\"%s\"",fl->elements[i]);
     }
     putchar(']');
 }
--- a/src/java.base/unix/native/libjava/TimeZone_md.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/unix/native/libjava/TimeZone_md.c	Tue Aug 25 14:32:08 2015 -0700
@@ -685,6 +685,9 @@
 #ifdef __solaris__
     if (tz != NULL && strcmp(tz, "localtime") == 0) {
         tz = getSolarisDefaultZoneID();
+        if (freetz != NULL) {
+            free((void *) freetz);
+        }
         freetz = tz;
     }
 #endif
--- a/src/java.base/unix/native/libnio/ch/IOUtil.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/unix/native/libnio/ch/IOUtil.c	Tue Aug 25 14:32:08 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -129,7 +129,8 @@
         JNU_ThrowIOExceptionWithLastError(env, "getrlimit failed");
         return -1;
     }
-    if (rlp.rlim_max < 0 || rlp.rlim_max > java_lang_Integer_MAX_VALUE) {
+    if (rlp.rlim_max == RLIM_INFINITY ||
+        rlp.rlim_max > (rlim_t)java_lang_Integer_MAX_VALUE) {
         return java_lang_Integer_MAX_VALUE;
     } else {
         return (jint)rlp.rlim_max;
--- a/src/java.base/windows/native/libjli/cmdtoargs.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/windows/native/libjli/cmdtoargs.c	Tue Aug 25 14:32:08 2015 -0700
@@ -198,18 +198,37 @@
     StdArg* argv = NULL;
     jboolean wildcard = JNI_FALSE;
     char* src = cmdline;
+    JLI_List argsInFile;
 
     // allocate arg buffer with sufficient space to receive the largest arg
     char* arg = JLI_StringDup(cmdline);
 
     do {
         src = next_arg(src, arg, &wildcard);
-        // resize to accommodate another Arg
-        argv = (StdArg*) JLI_MemRealloc(argv, (nargs+1) * sizeof(StdArg));
-        argv[nargs].arg = JLI_StringDup(arg);
-        argv[nargs].has_wildcard = wildcard;
+        argsInFile = JLI_PreprocessArg(arg);
+        if (argsInFile != NULL) {
+            size_t cnt, i;
+            // resize to accommodate another Arg
+            cnt = argsInFile->size;
+            argv = (StdArg*) JLI_MemRealloc(argv, (nargs + cnt) * sizeof(StdArg));
+            for (i = 0; i < cnt; i++) {
+                argv[nargs].arg = argsInFile->elements[i];
+                // wildcard is not supported in argfile
+                argv[nargs].has_wildcard = JNI_FALSE;
+                nargs++;
+            }
+            // Shallow free, we reuse the string to avoid copy
+            JLI_MemFree(argsInFile->elements);
+            JLI_MemFree(argsInFile);
+        } else {
+            // resize to accommodate another Arg
+            argv = (StdArg*) JLI_MemRealloc(argv, (nargs+1) * sizeof(StdArg));
+            argv[nargs].arg = JLI_StringDup(arg);
+            argv[nargs].has_wildcard = wildcard;
+            *arg = '\0';
+            nargs++;
+        }
         *arg = '\0';
-        nargs++;
     } while (src != NULL);
 
     JLI_MemFree(arg);
--- a/src/java.base/windows/native/libnet/Inet4AddressImpl.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/windows/native/libnet/Inet4AddressImpl.c	Tue Aug 25 14:32:08 2015 -0700
@@ -31,6 +31,8 @@
 #include <malloc.h>
 #include <sys/types.h>
 #include <process.h>
+#include <iphlpapi.h>
+#include <icmpapi.h>
 
 #include "java_net_InetAddress.h"
 #include "java_net_Inet4AddressImpl.h"
@@ -281,114 +283,47 @@
  * Returns true is an ECHO_REPLY is received, otherwise, false.
  */
 static jboolean
-ping4(JNIEnv *env, jint fd, struct sockaddr_in* him, jint timeout,
-      struct sockaddr_in* netif, jint ttl) {
-    jint size;
-    jint n, len, hlen1, icmplen;
-    char sendbuf[1500];
-    char recvbuf[1500];
-    struct icmp *icmp;
-    struct ip *ip;
-    WSAEVENT hEvent;
-    struct sockaddr sa_recv;
-    jint tmout2;
-    u_short pid, seq;
-    int read_rv = 0;
+ping4(JNIEnv *env, unsigned long ipaddr, jint timeout) {
 
-    /* Initialize the sequence number to a suitable random number and
-       shift right one place to allow sufficient room for increamenting. */
-    seq = ((unsigned short)rand()) >> 1;
+    // See https://msdn.microsoft.com/en-us/library/aa366050%28VS.85%29.aspx
 
-    /* icmp_id is a 16 bit data type, therefore down cast the pid */
-    pid = (u_short) _getpid();
-    size = 60*1024;
-    setsockopt(fd, SOL_SOCKET, SO_RCVBUF, (const char *) &size, sizeof(size));
-    /**
-     * A TTL was specified, let's set the socket option.
-     */
-    if (ttl > 0) {
-      setsockopt(fd, IPPROTO_IP, IP_TTL, (const char *) &ttl, sizeof(ttl));
+    HANDLE hIcmpFile;
+    DWORD dwRetVal = 0;
+    char SendData[32] = {0};
+    LPVOID ReplyBuffer = NULL;
+    DWORD ReplySize = 0;
+
+    hIcmpFile = IcmpCreateFile();
+    if (hIcmpFile == INVALID_HANDLE_VALUE) {
+        NET_ThrowNew(env, WSAGetLastError(), "Unable to open handle");
+        return JNI_FALSE;
     }
 
-    /**
-     * A network interface was specified, let's bind to it.
-     */
-    if (netif != NULL) {
-      if (bind(fd, (struct sockaddr*)netif, sizeof(struct sockaddr_in)) < 0) {
-        NET_ThrowNew(env, WSAGetLastError(), "Can't bind socket");
-        closesocket(fd);
+    ReplySize = sizeof(ICMP_ECHO_REPLY) + sizeof(SendData);
+    ReplyBuffer = (VOID*) malloc(ReplySize);
+    if (ReplyBuffer == NULL) {
+        IcmpCloseHandle(hIcmpFile);
+        NET_ThrowNew(env, WSAGetLastError(), "Unable to allocate memory");
         return JNI_FALSE;
-      }
     }
 
-    /**
-     * Let's make the socket non blocking
-     */
-    hEvent = WSACreateEvent();
-    WSAEventSelect(fd, hEvent, FD_READ|FD_CONNECT|FD_CLOSE);
+    dwRetVal = IcmpSendEcho(hIcmpFile,  // HANDLE IcmpHandle,
+                            ipaddr,     // IPAddr DestinationAddress,
+                            SendData,   // LPVOID RequestData,
+                            sizeof(SendData),   // WORD RequestSize,
+                            NULL,       // PIP_OPTION_INFORMATION RequestOptions,
+                            ReplyBuffer,// LPVOID ReplyBuffer,
+                            ReplySize,  // DWORD ReplySize,
+                            timeout);   // DWORD Timeout
 
-    /**
-     * send 1 ICMP REQUEST every second until either we get a valid reply
-     * or the timeout expired.
-     */
-    do {
-      /**
-       * construct the ICMP header
-       */
-      memset(sendbuf, 0, 1500);
-      icmp = (struct icmp *) sendbuf;
-      icmp->icmp_type = ICMP_ECHO;
-      icmp->icmp_code = 0;
-      icmp->icmp_id = htons(pid);
-      icmp->icmp_seq = htons(seq);
-      /**
-       * checksum has to be set to zero before we can calculate the
-       * real checksum!
-       */
-      icmp->icmp_cksum = 0;
-      icmp->icmp_cksum = in_cksum((u_short *)icmp, 64);
-      /**
-       * Ping!
-       */
-      n = sendto(fd, sendbuf, 64, 0, (struct sockaddr *)him,
-                 sizeof(struct sockaddr));
-      if (n < 0 && WSAGetLastError() != WSAEWOULDBLOCK) {
-        NET_ThrowNew(env, WSAGetLastError(), "Can't send ICMP packet");
-        closesocket(fd);
-        WSACloseEvent(hEvent);
+    free(ReplyBuffer);
+    IcmpCloseHandle(hIcmpFile);
+
+    if (dwRetVal != 0) {
+        return JNI_TRUE;
+    } else {
         return JNI_FALSE;
-      }
-
-      /*
-       * wait for 1 second at most
-       */
-      tmout2 = timeout > 1000 ? 1000 : timeout;
-      do {
-        tmout2 = NET_Wait(env, fd, NET_WAIT_READ, tmout2);
-        if (tmout2 >= 0) {
-          len = sizeof(sa_recv);
-          n = recvfrom(fd, recvbuf, sizeof(recvbuf), 0, &sa_recv, &len);
-          ip = (struct ip*) recvbuf;
-          hlen1 = (ip->ip_hl) << 2;
-          icmp = (struct icmp *) (recvbuf + hlen1);
-          icmplen = n - hlen1;
-          /**
-           * Is that a proper ICMP reply?
-           */
-          if (icmplen >= 8 && icmp->icmp_type == ICMP_ECHOREPLY &&
-              (ntohs(icmp->icmp_seq) == seq) && (ntohs(icmp->icmp_id) == pid)) {
-            closesocket(fd);
-            WSACloseEvent(hEvent);
-            return JNI_TRUE;
-          }
-        }
-      } while (tmout2 > 0);
-      timeout -= 1000;
-      seq++;
-    } while (timeout > 0);
-    closesocket(fd);
-    WSACloseEvent(hEvent);
-    return JNI_FALSE;
+    }
 }
 
 /*
@@ -404,13 +339,7 @@
                                            jint ttl) {
     jint addr;
     jbyte caddr[4];
-    jint fd;
     struct sockaddr_in him;
-    struct sockaddr_in* netif = NULL;
-    struct sockaddr_in inf;
-    int len = 0;
-    WSAEVENT hEvent;
-    int connect_rv = -1;
     int sz;
 
     /**
@@ -428,135 +357,6 @@
     addr |= ((caddr[2] <<8) & 0xff00);
     addr |= (caddr[3] & 0xff);
     addr = htonl(addr);
-    /**
-     * Socket address
-     */
-    him.sin_addr.s_addr = addr;
-    him.sin_family = AF_INET;
-    len = sizeof(him);
 
-    /**
-     * If a network interface was specified, let's convert its address
-     * as well.
-     */
-    if (!(IS_NULL(ifArray))) {
-      memset((char *) caddr, 0, sizeof(caddr));
-      (*env)->GetByteArrayRegion(env, ifArray, 0, 4, caddr);
-      addr = ((caddr[0]<<24) & 0xff000000);
-      addr |= ((caddr[1] <<16) & 0xff0000);
-      addr |= ((caddr[2] <<8) & 0xff00);
-      addr |= (caddr[3] & 0xff);
-      addr = htonl(addr);
-      inf.sin_addr.s_addr = addr;
-      inf.sin_family = AF_INET;
-      inf.sin_port = 0;
-      netif = &inf;
-    }
-
-#if 0
-    /*
-     * Windows implementation of ICMP & RAW sockets is too unreliable for now.
-     * Therefore it's best not to try it at all and rely only on TCP
-     * We may revisit and enable this code in the future.
-     */
-
-    /*
-     * Let's try to create a RAW socket to send ICMP packets
-     * This usually requires "root" privileges, so it's likely to fail.
-     */
-    fd = NET_Socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
-    if (fd != -1) {
-      /*
-       * It didn't fail, so we can use ICMP_ECHO requests.
-       */
-        return ping4(env, fd, &him, timeout, netif, ttl);
-    }
-#endif
-
-    /*
-     * Can't create a raw socket, so let's try a TCP socket
-     */
-    fd = NET_Socket(AF_INET, SOCK_STREAM, 0);
-    if (fd == SOCKET_ERROR) {
-        /* note: if you run out of fds, you may not be able to load
-         * the exception class, and get a NoClassDefFoundError
-         * instead.
-         */
-        NET_ThrowNew(env, WSAGetLastError(), "Can't create socket");
-        return JNI_FALSE;
-    }
-    if (ttl > 0) {
-      setsockopt(fd, IPPROTO_IP, IP_TTL, (const char *)&ttl, sizeof(ttl));
-    }
-    /*
-     * A network interface was specified, so let's bind to it.
-     */
-    if (netif != NULL) {
-      if (bind(fd, (struct sockaddr*)netif, sizeof(struct sockaddr_in)) < 0) {
-        NET_ThrowNew(env, WSAGetLastError(), "Can't bind socket");
-        closesocket(fd);
-        return JNI_FALSE;
-      }
-    }
-
-    /*
-     * Make the socket non blocking so we can use select/poll.
-     */
-    hEvent = WSACreateEvent();
-    WSAEventSelect(fd, hEvent, FD_READ|FD_CONNECT|FD_CLOSE);
-
-    /* no need to use NET_Connect as non-blocking */
-    him.sin_port = htons(7);    /* Echo */
-    connect_rv = connect(fd, (struct sockaddr *)&him, len);
-
-    /**
-     * connection established or refused immediately, either way it means
-     * we were able to reach the host!
-     */
-    if (connect_rv == 0 || WSAGetLastError() == WSAECONNREFUSED) {
-        WSACloseEvent(hEvent);
-        closesocket(fd);
-        return JNI_TRUE;
-    } else {
-        int optlen;
-
-        switch (WSAGetLastError()) {
-        case WSAEHOSTUNREACH:   /* Host Unreachable */
-        case WSAENETUNREACH:    /* Network Unreachable */
-        case WSAENETDOWN:       /* Network is down */
-        case WSAEPFNOSUPPORT:   /* Protocol Family unsupported */
-          WSACloseEvent(hEvent);
-          closesocket(fd);
-          return JNI_FALSE;
-        }
-
-        if (WSAGetLastError() != WSAEWOULDBLOCK) {
-            NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "ConnectException",
-                                         "connect failed");
-            WSACloseEvent(hEvent);
-            closesocket(fd);
-            return JNI_FALSE;
-        }
-
-        timeout = NET_Wait(env, fd, NET_WAIT_CONNECT, timeout);
-
-        /* has connection been established */
-
-        if (timeout >= 0) {
-          optlen = sizeof(connect_rv);
-          if (getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&connect_rv,
-                         &optlen) <0) {
-            connect_rv = WSAGetLastError();
-          }
-
-          if (connect_rv == 0 || connect_rv == WSAECONNREFUSED) {
-            WSACloseEvent(hEvent);
-            closesocket(fd);
-            return JNI_TRUE;
-          }
-        }
-    }
-    WSACloseEvent(hEvent);
-    closesocket(fd);
-    return JNI_FALSE;
+    return ping4(env, addr, timeout);
 }
--- a/src/java.base/windows/native/libnet/Inet6AddressImpl.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/windows/native/libnet/Inet6AddressImpl.c	Tue Aug 25 14:32:08 2015 -0700
@@ -31,6 +31,8 @@
 #include <malloc.h>
 #include <sys/types.h>
 #include <process.h>
+#include <iphlpapi.h>
+#include <icmpapi.h>
 
 #include "java_net_InetAddress.h"
 #include "java_net_Inet4AddressImpl.h"
@@ -332,139 +334,61 @@
  * Returns true is an ECHO_REPLY is received, otherwise, false.
  */
 static jboolean
-ping6(JNIEnv *env, jint fd, struct SOCKADDR_IN6* him, jint timeout,
-      struct SOCKADDR_IN6* netif, jint ttl) {
-    jint size;
-    jint n, len, i;
-    char sendbuf[1500];
-    char auxbuf[1500];
-    unsigned char recvbuf[1500];
-    struct icmp6_hdr *icmp6;
-    struct SOCKADDR_IN6 sa_recv;
-    unsigned short pid, seq;
-    int read_rv = 0;
-    WSAEVENT hEvent;
-    struct ip6_pseudo_hdr *pseudo_ip6;
-    int timestamp;
-    int tmout2;
+ping6(JNIEnv *env,
+      struct sockaddr_in6* src,
+      struct sockaddr_in6* dest,
+      jint timeout)
+{
+    HANDLE hIcmpFile;
+    DWORD dwRetVal = 0;
+    char SendData[32] = {0};
+    LPVOID ReplyBuffer = NULL;
+    DWORD ReplySize = 0;
+    IP_OPTION_INFORMATION ipInfo = {255, 0, 0, 0, NULL};
+    struct sockaddr_in6 sa6Source;
 
-    /* Initialize the sequence number to a suitable random number and
-       shift right one place to allow sufficient room for increamenting. */
-    seq = ((unsigned short)rand()) >> 1;
-
-    /* icmp_id is a 16 bit data type, therefore down cast the pid */
-    pid = (unsigned short) _getpid();
-
-    size = 60*1024;
-    setsockopt(fd, SOL_SOCKET, SO_RCVBUF, (const char *)&size, sizeof(size));
-    /**
-     * A TTL was specified, let's set the socket option.
-     */
-    if (ttl > 0) {
-      setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, (const char *) &ttl, sizeof(ttl));
+    hIcmpFile = Icmp6CreateFile();
+    if (hIcmpFile == INVALID_HANDLE_VALUE) {
+        NET_ThrowNew(env, WSAGetLastError(), "Unable to open handle");
+        return JNI_FALSE;
     }
 
-    /**
-     * A network interface was specified, let's bind to it.
-     */
-    if (netif != NULL) {
-      if (NET_Bind(fd, (struct sockaddr*)netif, sizeof(struct sockaddr_in6)) < 0){
-        NET_ThrowNew(env, WSAGetLastError(), "Can't bind socket to interface");
-        closesocket(fd);
+    ReplySize = sizeof(ICMPV6_ECHO_REPLY) + sizeof(SendData);
+    ReplyBuffer = (VOID*) malloc(ReplySize);
+    if (ReplyBuffer == NULL) {
+        IcmpCloseHandle(hIcmpFile);
+        NET_ThrowNew(env, WSAGetLastError(), "Unable to allocate memory");
         return JNI_FALSE;
-      }
     }
 
-    /*
-     * Make the socket non blocking
-     */
-    hEvent = WSACreateEvent();
-    WSAEventSelect(fd, hEvent, FD_READ|FD_CONNECT|FD_CLOSE);
+    //define local source information
+    sa6Source.sin6_addr = in6addr_any;
+    sa6Source.sin6_family = AF_INET6;
+    sa6Source.sin6_flowinfo = 0;
+    sa6Source.sin6_port = 0;
 
-    /**
-     * send 1 ICMP REQUEST every second until either we get a valid reply
-     * or the timeout expired.
-     */
-    do {
-      /* let's tag the ECHO packet with our pid so we can identify it */
-      timestamp = GetCurrentTime();
-      memset(sendbuf, 0, 1500);
-      icmp6 = (struct icmp6_hdr *) sendbuf;
-      icmp6->icmp6_type = ICMP6_ECHO_REQUEST;
-      icmp6->icmp6_code = 0;
-      icmp6->icmp6_id = htons(pid);
-      icmp6->icmp6_seq = htons(seq);
-      icmp6->icmp6_cksum = 0;
-      memcpy((icmp6 + 1), &timestamp, sizeof(int));
-      if (netif != NULL) {
-        memset(auxbuf, 0, 1500);
-        pseudo_ip6 = (struct ip6_pseudo_hdr*) auxbuf;
-        memcpy(&pseudo_ip6->ip6_src, &netif->sin6_addr, sizeof(struct in6_addr));
-        memcpy(&pseudo_ip6->ip6_dst, &him->sin6_addr, sizeof(struct in6_addr));
-        pseudo_ip6->ip6_plen= htonl( 64 );
-        pseudo_ip6->ip6_nxt = htonl( IPPROTO_ICMPV6 );
-        memcpy(auxbuf + sizeof(struct ip6_pseudo_hdr), icmp6, 64);
-        /**
-         * We shouldn't have to do that as computing the checksum is supposed
-         * to be done by the IPv6 stack. Unfortunately windows, here too, is
-         * uterly broken, or non compliant, so let's do it.
-         * Problem is to compute the checksum I need to know the source address
-         * which happens only if I know the interface to be used...
-         */
-        icmp6->icmp6_cksum = in_cksum((u_short *)pseudo_ip6, sizeof(struct ip6_pseudo_hdr) + 64);
-      }
+    dwRetVal = Icmp6SendEcho2(hIcmpFile,    // HANDLE IcmpHandle,
+                              NULL,         // HANDLE Event,
+                              NULL,         // PIO_APC_ROUTINE ApcRoutine,
+                              NULL,         // PVOID ApcContext,
+                              &sa6Source,   // struct sockaddr_in6 *SourceAddress,
+                              dest,         // struct sockaddr_in6 *DestinationAddress,
+                              SendData,     // LPVOID RequestData,
+                              sizeof(SendData), // WORD RequestSize,
+                              &ipInfo,      // PIP_OPTION_INFORMATION RequestOptions,
+                              ReplyBuffer,  // LPVOID ReplyBuffer,
+                              ReplySize,    // DWORD ReplySize,
+                              timeout);     // DWORD Timeout
 
-      /**
-       * Ping!
-       */
-      n = sendto(fd, sendbuf, 64, 0, (struct sockaddr*) him, sizeof(struct sockaddr_in6));
-      if (n < 0 && (WSAGetLastError() == WSAEINTR || WSAGetLastError() == WSAEADDRNOTAVAIL)) {
-        // Happens when using a "tunnel interface" for instance.
-        // Or trying to send a packet on a different scope.
-        closesocket(fd);
-        WSACloseEvent(hEvent);
+    free(ReplyBuffer);
+    IcmpCloseHandle(hIcmpFile);
+
+
+    if (dwRetVal != 0) {
+        return JNI_TRUE;
+    } else {
         return JNI_FALSE;
-      }
-      if (n < 0 && WSAGetLastError() != WSAEWOULDBLOCK) {
-        NET_ThrowNew(env, WSAGetLastError(), "Can't send ICMP packet");
-        closesocket(fd);
-        WSACloseEvent(hEvent);
-        return JNI_FALSE;
-      }
-
-      tmout2 = timeout > 1000 ? 1000 : timeout;
-      do {
-        tmout2 = NET_Wait(env, fd, NET_WAIT_READ, tmout2);
-
-        if (tmout2 >= 0) {
-          len = sizeof(sa_recv);
-          memset(recvbuf, 0, 1500);
-          /**
-           * For some unknown reason, besides plain stupidity, windows
-           * truncates the first 4 bytes of the icmpv6 header some we can't
-           * check for the ICMP_ECHOREPLY value.
-           * we'll check the other values, though
-           */
-          n = recvfrom(fd, recvbuf + 4, sizeof(recvbuf) - 4, 0, (struct sockaddr*) &sa_recv, &len);
-          icmp6 = (struct icmp6_hdr *) (recvbuf);
-          memcpy(&i, (icmp6 + 1), sizeof(int));
-          /**
-           * Is that the reply we were expecting?
-           */
-          if (n >= 8 && ntohs(icmp6->icmp6_seq) == seq &&
-              ntohs(icmp6->icmp6_id) == pid && i == timestamp) {
-            closesocket(fd);
-            WSACloseEvent(hEvent);
-            return JNI_TRUE;
-          }
-        }
-      } while (tmout2 > 0);
-      timeout -= 1000;
-      seq++;
-    } while (timeout > 0);
-    closesocket(fd);
-    WSACloseEvent(hEvent);
-    return JNI_FALSE;
+    }
 }
 #endif /* AF_INET6 */
 
@@ -482,11 +406,10 @@
                                            jint ttl, jint if_scope) {
 #ifdef AF_INET6
     jbyte caddr[16];
-    jint fd, sz;
+    jint sz;
     struct sockaddr_in6 him6;
     struct sockaddr_in6* netif = NULL;
     struct sockaddr_in6 inf6;
-    WSAEVENT hEvent;
     int len = 0;
     int connect_rv = -1;
 
@@ -518,6 +441,7 @@
       him6.sin6_scope_id = scope;
     }
     len = sizeof(struct sockaddr_in6);
+
     /**
      * A network interface was specified, let's convert the address
      */
@@ -532,122 +456,8 @@
       netif = &inf6;
     }
 
-#if 0
-    /*
-     * Windows implementation of ICMP & RAW sockets is too unreliable for now.
-     * Therefore it's best not to try it at all and rely only on TCP
-     * We may revisit and enable this code in the future.
-     */
+    return ping6(env, netif, &him6, timeout);
 
-    /*
-     * Right now, windows doesn't generate the ICMP checksum automatically
-     * so we have to compute it, but we can do it only if we know which
-     * interface will be used. Therefore, don't try to use ICMP if no
-     * interface was specified.
-     * When ICMPv6 support improves in windows, we may change this.
-     */
-    if (!(IS_NULL(ifArray))) {
-      /*
-       * If we can create a RAW socket, then when can use the ICMP ECHO_REQUEST
-       * otherwise we'll try a tcp socket to the Echo port (7).
-       * Note that this is empiric, and not connecting could mean it's blocked
-       * or the echo servioe has been disabled.
-       */
-      fd = NET_Socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6);
-
-      if (fd != -1) { /* Good to go, let's do a ping */
-        return ping6(env, fd, &him6, timeout, netif, ttl);
-      }
-    }
-#endif
-
-    /* No good, let's fall back on TCP */
-    fd = NET_Socket(AF_INET6, SOCK_STREAM, 0);
-    if (fd == SOCKET_ERROR) {
-        /* note: if you run out of fds, you may not be able to load
-         * the exception class, and get a NoClassDefFoundError
-         * instead.
-         */
-        NET_ThrowNew(env, errno, "Can't create socket");
-        return JNI_FALSE;
-    }
-
-    /**
-     * A TTL was specified, let's set the socket option.
-     */
-    if (ttl > 0) {
-      setsockopt(fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, (const char *)&ttl, sizeof(ttl));
-    }
-
-    /**
-     * A network interface was specified, let's bind to it.
-     */
-    if (netif != NULL) {
-      if (NET_Bind(fd, (struct sockaddr*)netif, sizeof(struct sockaddr_in6)) < 0) {
-        NET_ThrowNew(env, WSAGetLastError(), "Can't bind socket to interface");
-        closesocket(fd);
-        return JNI_FALSE;
-      }
-    }
-
-    /**
-     * Make the socket non blocking.
-     */
-    hEvent = WSACreateEvent();
-    WSAEventSelect(fd, hEvent, FD_READ|FD_CONNECT|FD_CLOSE);
-
-    /* no need to use NET_Connect as non-blocking */
-    him6.sin6_port = htons((short) 7); /* Echo port */
-    connect_rv = connect(fd, (struct sockaddr *)&him6, len);
-
-    /**
-     * connection established or refused immediately, either way it means
-     * we were able to reach the host!
-     */
-    if (connect_rv == 0 || WSAGetLastError() == WSAECONNREFUSED) {
-        WSACloseEvent(hEvent);
-        closesocket(fd);
-        return JNI_TRUE;
-    } else {
-        int optlen;
-
-        switch (WSAGetLastError()) {
-        case WSAEHOSTUNREACH:   /* Host Unreachable */
-        case WSAENETUNREACH:    /* Network Unreachable */
-        case WSAENETDOWN:       /* Network is down */
-        case WSAEPFNOSUPPORT:   /* Protocol Family unsupported */
-          WSACloseEvent(hEvent);
-          closesocket(fd);
-          return JNI_FALSE;
-        }
-
-        if (WSAGetLastError() != WSAEWOULDBLOCK) {
-            NET_ThrowByNameWithLastError(env, JNU_JAVANETPKG "ConnectException",
-                                         "connect failed");
-            WSACloseEvent(hEvent);
-            closesocket(fd);
-            return JNI_FALSE;
-        }
-
-        timeout = NET_Wait(env, fd, NET_WAIT_CONNECT, timeout);
-
-        if (timeout >= 0) {
-          /* has connection been established? */
-          optlen = sizeof(connect_rv);
-          if (getsockopt(fd, SOL_SOCKET, SO_ERROR, (void*)&connect_rv,
-                         &optlen) <0) {
-            connect_rv = WSAGetLastError();
-          }
-
-          if (connect_rv == 0 || connect_rv == WSAECONNREFUSED) {
-            WSACloseEvent(hEvent);
-            closesocket(fd);
-            return JNI_TRUE;
-          }
-        }
-    }
-    WSACloseEvent(hEvent);
-    closesocket(fd);
 #endif /* AF_INET6 */
     return JNI_FALSE;
 }
--- a/src/java.base/windows/native/libnio/ch/Iocp.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/windows/native/libnio/ch/Iocp.c	Tue Aug 25 14:32:08 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -57,16 +57,6 @@
     CHECK_NULL(completionStatus_overlapped);
 }
 
-JNIEXPORT jint JNICALL
-Java_sun_nio_ch_Iocp_osMajorVersion(JNIEnv* env, jclass this)
-{
-    OSVERSIONINFOEX ver;
-    ver.dwOSVersionInfoSize = sizeof(ver);
-    GetVersionEx((OSVERSIONINFO *) &ver);
-    return (ver.dwPlatformId == VER_PLATFORM_WIN32_NT) ?
-        (jint)(ver.dwMajorVersion) : (jint)0;
-}
-
 JNIEXPORT jlong JNICALL
 Java_sun_nio_ch_Iocp_createIoCompletionPort(JNIEnv* env, jclass this,
     jlong handle, jlong existingPort, jint completionKey, jint concurrency)
--- a/src/java.base/windows/native/libnio/ch/Net.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.base/windows/native/libnio/ch/Net.c	Tue Aug 25 14:32:08 2015 -0700
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,28 +88,14 @@
 Java_sun_nio_ch_Net_isIPv6Available0(JNIEnv* env, jclass cl)
 {
     /*
-     * Return true if Windows Vista or newer, and IPv6 is configured
+     * Return true if IPv6 is configured
      */
-    OSVERSIONINFO ver;
-    ver.dwOSVersionInfoSize = sizeof(ver);
-    GetVersionEx(&ver);
-    if ((ver.dwPlatformId == VER_PLATFORM_WIN32_NT) &&
-        (ver.dwMajorVersion >= 6)  && ipv6_available())
-    {
-        return JNI_TRUE;
-    }
-    return JNI_FALSE;
+    return ipv6_available() ? JNI_TRUE : JNI_FALSE;
 }
 
 JNIEXPORT jint JNICALL
 Java_sun_nio_ch_Net_isExclusiveBindAvailable(JNIEnv *env, jclass clazz) {
-    OSVERSIONINFO ver;
-    int version;
-    ver.dwOSVersionInfoSize = sizeof(ver);
-    GetVersionEx(&ver);
-    version = ver.dwMajorVersion * 10 + ver.dwMinorVersion;
-    //if os <= xp exclusive binding is off by default
-    return version >= 60 ? 1 : 0;
+    return 1;
 }
 
 
@@ -567,7 +553,7 @@
     fd_set rd, wr, ex;
     jint fd = fdval(env, fdo);
 
-    t.tv_sec = timeout / 1000;
+    t.tv_sec = (long)(timeout / 1000);
     t.tv_usec = (timeout % 1000) * 1000;
 
     FD_ZERO(&rd);
--- a/src/java.desktop/share/classes/javax/swing/event/ListSelectionEvent.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.desktop/share/classes/javax/swing/event/ListSelectionEvent.java	Tue Aug 25 14:32:08 2015 -0700
@@ -80,7 +80,7 @@
 
     /**
      * Returns the index of the first row whose selection may have changed.
-     * {@code getFirstIndex() &lt;= getLastIndex()}
+     * {@code getFirstIndex() <= getLastIndex()}
      *
      * @return the first row whose selection value may have changed,
      *         where zero is the first row
@@ -89,7 +89,7 @@
 
     /**
      * Returns the index of the last row whose selection may have changed.
-     * {@code getLastIndex() &gt;= getFirstIndex()}
+     * {@code getLastIndex() >= getFirstIndex()}
      *
      * @return the last row whose selection value may have changed,
      *         where zero is the first row
--- a/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.desktop/unix/native/libawt_xawt/awt/awt_Robot.c	Tue Aug 25 14:32:08 2015 -0700
@@ -259,6 +259,7 @@
 
     if (isGtkSupported) {
         GdkPixbuf *pixbuf;
+        (*fp_gdk_threads_enter)();
         GdkWindow *root = (*fp_gdk_get_default_root_window)();
 
         pixbuf = (*fp_gdk_pixbuf_get_from_drawable)(NULL, root, NULL,
@@ -279,6 +280,7 @@
                 ary = (*env)->GetPrimitiveArrayCritical(env, pixelArray, NULL);
                 if (!ary) {
                     (*fp_g_object_unref)(pixbuf);
+                    (*fp_gdk_threads_leave)();
                     AWT_UNLOCK();
                     return;
                 }
@@ -298,6 +300,7 @@
                 (*env)->ReleasePrimitiveArrayCritical(env, pixelArray, ary, 0);
                 if ((*env)->ExceptionCheck(env)) {
                     (*fp_g_object_unref)(pixbuf);
+                    (*fp_gdk_threads_leave)();
                     AWT_UNLOCK();
                     return;
                 }
@@ -305,6 +308,7 @@
             }
             (*fp_g_object_unref)(pixbuf);
         }
+        (*fp_gdk_threads_leave)();
     }
 
     if (gtk_failed) {
--- a/src/java.management/share/classes/javax/management/InstanceOfQueryExp.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.management/share/classes/javax/management/InstanceOfQueryExp.java	Tue Aug 25 14:32:08 2015 -0700
@@ -65,7 +65,7 @@
 
     /**
      * Returns the class name.
-     * @returns The {@link StringValueExp} returning the name of
+     * @return The {@link StringValueExp} returning the name of
      *        the class of which selected MBeans should be instances.
      */
     public StringValueExp getClassNameValue()  {
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/LdapCtx.java	Tue Aug 25 14:32:08 2015 -0700
@@ -909,7 +909,7 @@
      * @param dn The non-null DN of the entry to add
      * @param attrs The non-null attributes of entry to add
      * @param directUpdate Whether attrs can be updated directly
-     * @returns Non-null attributes with attributes from the RDN added
+     * @return Non-null attributes with attributes from the RDN added
      */
     private static Attributes addRdnAttributes(String dn, Attributes attrs,
         boolean directUpdate) throws NamingException {
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/ServiceLocator.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/ServiceLocator.java	Tue Aug 25 14:32:08 2015 -0700
@@ -62,7 +62,7 @@
      *
      * @param dn A string distinguished name (RFC 2253).
      * @return A domain name or null if none can be derived.
-     * @throw InvalidNameException If the distinguished name is invalid.
+     * @throws InvalidNameException If the distinguished name is invalid.
      */
     static String mapDnToDomainName(String dn) throws InvalidNameException {
         if (dn == null) {
--- a/src/java.naming/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.naming/share/classes/com/sun/jndi/ldap/ext/StartTlsResponseImpl.java	Tue Aug 25 14:32:08 2015 -0700
@@ -297,7 +297,7 @@
      * Returns the default SSL socket factory.
      *
      * @return The default SSL socket factory.
-     * @throw IOException If TLS is not supported.
+     * @throws IOException If TLS is not supported.
      */
     private SSLSocketFactory getDefaultFactory() throws IOException {
 
@@ -314,7 +314,7 @@
      *
      * @param factory The SSL socket factory to use.
      * @return The SSL socket.
-     * @throw IOException If an exception occurred while performing the
+     * @throws IOException If an exception occurred while performing the
      * TLS handshake.
      */
     private SSLSocket startHandshake(SSLSocketFactory factory)
--- a/src/java.prefs/share/classes/java/util/prefs/Base64.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.prefs/share/classes/java/util/prefs/Base64.java	Tue Aug 25 14:32:08 2015 -0700
@@ -124,8 +124,8 @@
      * Translates the specified Base64 string (as per Preferences.get(byte[]))
      * into a byte array.
      *
-     * @throw IllegalArgumentException if {@code s} is not a valid Base64
-     *        string.
+     * @throws IllegalArgumentException if {@code s} is not a valid Base64
+     *         string.
      */
     static byte[] base64ToByteArray(String s) {
         return base64ToByteArray(s, false);
@@ -135,9 +135,9 @@
      * Translates the specified "alternate representation" Base64 string
      * into a byte array.
      *
-     * @throw IllegalArgumentException or ArrayOutOfBoundsException
-     *        if {@code s} is not a valid alternate representation
-     *        Base64 string.
+     * @throws IllegalArgumentException or ArrayOutOfBoundsException
+     *         if {@code s} is not a valid alternate representation
+     *         Base64 string.
      */
     static byte[] altBase64ToByteArray(String s) {
         return base64ToByteArray(s, true);
@@ -194,8 +194,8 @@
      * Translates the specified character, which is assumed to be in the
      * "Base 64 Alphabet" into its equivalent 6-bit positive integer.
      *
-     * @throw IllegalArgumentException or ArrayOutOfBoundsException if
-     *        c is not in the Base64 Alphabet.
+     * @throws IllegalArgumentException or ArrayOutOfBoundsException if
+     *         c is not in the Base64 Alphabet.
      */
     private static int base64toInt(char c, byte[] alphaToInt) {
         int result = alphaToInt[c];
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Realm.java	Tue Aug 25 14:32:08 2015 -0700
@@ -296,7 +296,7 @@
      *
      * @param cRealm the initiating realm
      * @param sRealm the target realm, not the same as cRealm
-     * @returns array of realms including at least cRealm as the first
+     * @return array of realms including at least cRealm as the first
      *          element
      * @throws KrbException if the config does not contain a sub-stanza
      *          for cRealm in [capaths] or the sub-stanza does not contain
@@ -347,7 +347,7 @@
      * for a service in the target realm sRealm.
      * @param cRealm the initiating realm
      * @param sRealm the target realm, not the same as cRealm
-     * @returns array of realms including cRealm as the first element
+     * @return array of realms including cRealm as the first element
      */
     private static String[] parseHierarchy(String cRealm, String sRealm) {
 
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Base.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/CramMD5Base.java	Tue Aug 25 14:32:08 2015 -0700
@@ -103,8 +103,8 @@
     /**
      * Retrieves the negotiated property.
      * This method can be called only after the authentication exchange has
-     * completed (i.e., when <tt>isComplete()</tt> returns true); otherwise, a
-     * <tt>SaslException</tt> is thrown.
+     * completed (i.e., when {@code isComplete()} returns true); otherwise, a
+     * {@code SaslException} is thrown.
      *
      * @return value of property; only QOP is applicable to CRAM-MD5.
      * @exception IllegalStateException if this authentication exchange has not completed
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/ExternalClient.java	Tue Aug 25 14:32:08 2015 -0700
@@ -141,8 +141,8 @@
     /**
      * Retrieves the negotiated property.
      * This method can be called only after the authentication exchange has
-     * completed (i.e., when <tt>isComplete()</tt> returns true); otherwise, a
-     * <tt>IllegalStateException</tt> is thrown.
+     * completed (i.e., when {@code isComplete()} returns true);
+     * otherwise, an {@code IllegalStateException} is thrown.
      *
      * @return null No property is applicable to this mechanism.
      * @exception IllegalStateException if this authentication exchange
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/PlainClient.java	Tue Aug 25 14:32:08 2015 -0700
@@ -170,8 +170,8 @@
     /**
      * Retrieves the negotiated property.
      * This method can be called only after the authentication exchange has
-     * completed (i.e., when <tt>isComplete()</tt> returns true); otherwise, a
-     * <tt>SaslException</tt> is thrown.
+     * completed (i.e., when {@code isComplete()} returns true); otherwise, a
+     * {@code SaslException} is thrown.
      *
      * @return value of property; only QOP is applicable to PLAIN.
      * @exception IllegalStateException if this authentication exchange
--- a/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.security.sasl/share/classes/com/sun/security/sasl/digest/DigestMD5Client.java	Tue Aug 25 14:32:08 2015 -0700
@@ -567,7 +567,7 @@
      *    username-value
      *    cnonce-value
      *    authzid-value
-     * @returns <tt>digest-response</tt> in a byte array
+     * @return {@code digest-response} in a byte array
      * @throws SaslException if there is an error generating the
      * response value or the cnonce value.
      */
--- a/src/java.sql/share/classes/java/sql/Date.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.sql/share/classes/java/sql/Date.java	Tue Aug 25 14:32:08 2015 -0700
@@ -295,11 +295,8 @@
     }
 
     /**
-     * Converts this {@code Date} object to a {@code LocalDate}
-     * <p>
-     * The conversion creates a {@code LocalDate} that represents the same
-     * date value as this {@code Date} in local time zone
-     *
+     * Creates a {@code LocalDate} instance using the year, month and day
+     * from this {@code Date} object.
      * @return a {@code LocalDate} object representing the same date value
      *
      * @since 1.8
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/AgreementMethod.java	Tue Aug 25 14:32:08 2015 -0700
@@ -31,38 +31,38 @@
  * based on a shared secret computed from certain types of compatible public
  * keys from both the sender and the recipient. Information from the originator
  * to determine the secret is indicated by an optional OriginatorKeyInfo
- * parameter child of an <code>AgreementMethod</code> element while that
+ * parameter child of an {@code AgreementMethod} element while that
  * associated with the recipient is indicated by an optional RecipientKeyInfo. A
  * shared key is derived from this shared secret by a method determined by the
  * Key Agreement algorithm.
  * <p>
  * <b>Note:</b> XML Encryption does not provide an on-line key agreement
- * negotiation protocol. The <code>AgreementMethod</code> element can be used by
+ * negotiation protocol. The {@code AgreementMethod} element can be used by
  * the originator to identify the keys and computational procedure that were
  * used to obtain a shared encryption key. The method used to obtain or select
  * the keys or algorithm used for the agreement computation is beyond the scope
  * of this specification.
  * <p>
- * The <code>AgreementMethod</code> element appears as the content of a
- * <code>ds:KeyInfo</code> since, like other <code>ds:KeyInfo</code> children,
- * it yields a key. This <code>ds:KeyInfo</code> is in turn a child of an
- * <code>EncryptedData</code> or <code>EncryptedKey</code> element. The
- * Algorithm attribute and KeySize child of the <code>EncryptionMethod</code>
- * element under this <code>EncryptedData</code> or <code>EncryptedKey</code>
+ * The {@code AgreementMethod} element appears as the content of a
+ * {@code ds:KeyInfo} since, like other {@code ds:KeyInfo} children,
+ * it yields a key. This {@code ds:KeyInfo} is in turn a child of an
+ * {@code EncryptedData} or {@code EncryptedKey} element. The
+ * Algorithm attribute and KeySize child of the {@code EncryptionMethod}
+ * element under this {@code EncryptedData} or {@code EncryptedKey}
  * element are implicit parameters to the key agreement computation. In cases
- * where this <code>EncryptionMethod</code> algorithm <code>URI</code> is
+ * where this {@code EncryptionMethod} algorithm {@code URI} is
  * insufficient to determine the key length, a KeySize MUST have been included.
  * In addition, the sender may place a KA-Nonce element under
- * <code>AgreementMethod</code> to assure that different keying material is
+ * {@code AgreementMethod} to assure that different keying material is
  * generated even for repeated agreements using the same sender and recipient
  * public keys.
  * <p>
  * If the agreed key is being used to wrap a key, then
- * <code>AgreementMethod</code> would appear inside a <code>ds:KeyInfo</code>
- * inside an <code>EncryptedKey</code> element.
+ * {@code AgreementMethod} would appear inside a {@code ds:KeyInfo}
+ * inside an {@code EncryptedKey} element.
  * <p>
  * The Schema for AgreementMethod is as follows:
- * <xmp>
+ * <pre>{@code
  * <element name="AgreementMethod" type="xenc:AgreementMethodType"/>
  * <complexType name="AgreementMethodType" mixed="true">
  *     <sequence>
@@ -74,15 +74,15 @@
  *     </sequence>
  *     <attribute name="Algorithm" type="anyURI" use="required"/>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
 public interface AgreementMethod {
 
     /**
-     * Returns a <code>byte</code> array.
-     * @return a <code>byte</code> array.
+     * Returns a {@code byte} array.
+     * @return a {@code byte} array.
      */
     byte[] getKANonce();
 
@@ -93,30 +93,30 @@
     void setKANonce(byte[] kanonce);
 
     /**
-     * Returns additional information regarding the <code>AgreementMethod</code>.
-     * @return additional information regarding the <code>AgreementMethod</code>.
+     * Returns additional information regarding the {@code AgreementMethod}.
+     * @return additional information regarding the {@code AgreementMethod}.
      */
     Iterator<Element> getAgreementMethodInformation();
 
     /**
-     * Adds additional <code>AgreementMethod</code> information.
+     * Adds additional {@code AgreementMethod} information.
      *
-     * @param info a <code>Element</code> that represents additional information
+     * @param info a {@code Element} that represents additional information
      * specified by
-     *   <xmp>
+     *   <pre>{@code
      *     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-     *   </xmp>
+     *   }</pre>
      */
     void addAgreementMethodInformation(Element info);
 
     /**
-     * Removes additional <code>AgreementMethod</code> information.
+     * Removes additional {@code AgreementMethod} information.
      *
-     * @param info a <code>Element</code> that represents additional information
+     * @param info a {@code Element} that represents additional information
      * specified by
-     *   <xmp>
+     *   <pre>{@code
      *     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
-     *   </xmp>
+     *   }</pre>
      */
     void revoveAgreementMethodInformation(Element info);
 
@@ -149,9 +149,9 @@
     void setRecipientKeyInfo(KeyInfo keyInfo);
 
     /**
-     * Returns the algorithm URI of this <code>CryptographicMethod</code>.
+     * Returns the algorithm URI of this {@code CryptographicMethod}.
      *
-     * @return the algorithm URI of this <code>CryptographicMethod</code>
+     * @return the algorithm URI of this {@code CryptographicMethod}
      */
     String getAlgorithm();
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherData.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherData.java	Tue Aug 25 14:32:08 2015 -0700
@@ -23,14 +23,14 @@
 package com.sun.org.apache.xml.internal.security.encryption;
 
 /**
- * <code>CipherData</code> provides encrypted data. It must either contain the
+ * {@code CipherData} provides encrypted data. It must either contain the
  * encrypted octet sequence as base64 encoded text of the
- * <code>CipherValue</code> element, or provide a reference to an external
+ * {@code CipherValue} element, or provide a reference to an external
  * location containing the encrypted octet sequence via the
- * <code>CipherReference</code> element.
+ * {@code CipherReference} element.
  * <p>
  * The schema definition is as follows:
- * <xmp>
+ * <pre>{@code
  * <element name='CipherData' type='xenc:CipherDataType'/>
  * <complexType name='CipherDataType'>
  *     <choice>
@@ -38,7 +38,7 @@
  *         <element ref='xenc:CipherReference'/>
  *     </choice>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
@@ -52,32 +52,32 @@
 
     /**
      * Returns the type of encrypted data contained in the
-     * <code>CipherData</code>.
+     * {@code CipherData}.
      *
-     * @return <code>VALUE_TYPE</code> if the encrypted data is contained as
-     *   <code>CipherValue</code> or <code>REFERENCE_TYPE</code> if the
-     *   encrypted data is contained as <code>CipherReference</code>.
+     * @return {@code VALUE_TYPE} if the encrypted data is contained as
+     *   {@code CipherValue} or {@code REFERENCE_TYPE} if the
+     *   encrypted data is contained as {@code CipherReference}.
      */
     int getDataType();
 
     /**
-     * Returns the cipher value as a base64 encoded <code>byte</code> array.
+     * Returns the cipher value as a base64 encoded {@code byte} array.
      *
-     * @return the <code>CipherData</code>'s value.
+     * @return the {@code CipherData}'s value.
      */
     CipherValue getCipherValue();
 
     /**
-     * Sets the <code>CipherData</code>'s value.
+     * Sets the {@code CipherData}'s value.
      *
-     * @param value the value of the <code>CipherData</code>.
+     * @param value the value of the {@code CipherData}.
      * @throws XMLEncryptionException
      */
     void setCipherValue(CipherValue value) throws XMLEncryptionException;
 
     /**
      * Returns a reference to an external location containing the encrypted
-     * octet sequence (<code>byte</code> array).
+     * octet sequence ({@code byte} array).
      *
      * @return the reference to an external location containing the encrypted
      * octet sequence.
@@ -85,7 +85,7 @@
     CipherReference getCipherReference();
 
     /**
-     * Sets the <code>CipherData</code>'s reference.
+     * Sets the {@code CipherData}'s reference.
      *
      * @param reference an external location containing the encrypted octet sequence.
      * @throws XMLEncryptionException
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/CipherReference.java	Tue Aug 25 14:32:08 2015 -0700
@@ -25,18 +25,18 @@
 import org.w3c.dom.Attr;
 
 /**
- * <code>CipherReference</code> identifies a source which, when processed,
+ * {@code CipherReference} identifies a source which, when processed,
  * yields the encrypted octet sequence.
  * <p>
- * The actual value is obtained as follows. The <code>CipherReference URI</code>
+ * The actual value is obtained as follows. The {@code CipherReference URI}
  * contains an identifier that is dereferenced. Should the
- * Transforms, the data resulting from dereferencing the <code>URI</code> is
+ * Transforms, the data resulting from dereferencing the {@code URI} is
  * transformed as specified so as to yield the intended cipher value. For
  * example, if the value is base64 encoded within an XML document; the
  * transforms could specify an XPath expression followed by a base64 decoding so
  * as to extract the octets.
  * <p>
- * The syntax of the <code>URI</code> and Transforms is similar to that of
+ * The syntax of the {@code URI} and Transforms is similar to that of
  * [XML-DSIG]. However, there is a difference between signature and encryption
  * processing. In [XML-DSIG] both generation and validation processing start
  * with the same source data and perform that transform in the same order. In
@@ -46,7 +46,7 @@
  * the &xenc; namespace.
  * <p>
  * The schema definition is as follows:
- * <xmp>
+ * <pre>{@code
  * <element name='CipherReference' type='xenc:CipherReferenceType'/>
  * <complexType name='CipherReferenceType'>
  *     <sequence>
@@ -54,15 +54,15 @@
  *     </sequence>
  *     <attribute name='URI' type='anyURI' use='required'/>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
 public interface CipherReference {
     /**
-     * Returns an <code>URI</code> that contains an identifier that should be
+     * Returns an {@code URI} that contains an identifier that should be
      * dereferenced.
-     * @return an <code>URI</code> that contains an identifier that should be
+     * @return an {@code URI} that contains an identifier that should be
      * dereferenced.
      */
     String getURI();
@@ -75,8 +75,8 @@
     Attr getURIAsAttr();
 
     /**
-     * Returns the <code>Transforms</code> that specifies how to transform the
-     * <code>URI</code> to yield the appropriate cipher value.
+     * Returns the {@code Transforms} that specifies how to transform the
+     * {@code URI} to yield the appropriate cipher value.
      *
      * @return the transform that specifies how to transform the reference to
      *   yield the intended cipher value.
@@ -84,10 +84,10 @@
     Transforms getTransforms();
 
     /**
-     * Sets the <code>Transforms</code> that specifies how to transform the
-     * <code>URI</code> to yield the appropriate cipher value.
+     * Sets the {@code Transforms} that specifies how to transform the
+     * {@code URI} to yield the appropriate cipher value.
      *
-     * @param transforms the set of <code>Transforms</code> that specifies how
+     * @param transforms the set of {@code Transforms} that specifies how
      *   to transform the reference to yield the intended cipher value.
      */
     void setTransforms(Transforms transforms);
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedData.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedData.java	Tue Aug 25 14:32:08 2015 -0700
@@ -23,21 +23,21 @@
 package com.sun.org.apache.xml.internal.security.encryption;
 
 /**
- * The <code>EncryptedData</code> element is the core element in the syntax. Not
- * only does its <code>CipherData</code> child contain the encrypted data, but
+ * The {@code EncryptedData} element is the core element in the syntax. Not
+ * only does its {@code CipherData} child contain the encrypted data, but
  * it's also the element that replaces the encrypted element, or serves as the
  * new document root.
  * <p>
  * It's schema definition is as follows:
  * <p>
- * <xmp>
+ * <pre>{@code
  * <element name='EncryptedData' type='xenc:EncryptedDataType'/>
  * <complexType name='EncryptedDataType'>
  *     <complexContent>
  *         <extension base='xenc:EncryptedType'/>
  *     </complexContent>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedKey.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedKey.java	Tue Aug 25 14:32:08 2015 -0700
@@ -23,17 +23,17 @@
 package com.sun.org.apache.xml.internal.security.encryption;
 
 /**
- * The <code>EncryptedKey</code> element is used to transport encryption keys
+ * The {@code EncryptedKey} element is used to transport encryption keys
  * from the originator to a known recipient(s). It may be used as a stand-alone
  * XML document, be placed within an application document, or appear inside an
- * <code>EncryptedData</code> element as a child of a <code>ds:KeyInfo</code>
+ * {@code EncryptedData} element as a child of a {@code ds:KeyInfo}
  * element. The key value is always encrypted to the recipient(s). When
- * <code>EncryptedKey</code> is decrypted the resulting octets are made
- * available to the <code>EncryptionMethod</code> algorithm without any
+ * {@code EncryptedKey} is decrypted the resulting octets are made
+ * available to the {@code EncryptionMethod} algorithm without any
  * additional processing.
  * <p>
  * Its schema definition is as follows:
- * <xmp>
+ * <pre>{@code
  * <element name='EncryptedKey' type='xenc:EncryptedKeyType'/>
  * <complexType name='EncryptedKeyType'>
  *     <complexContent>
@@ -46,7 +46,7 @@
  *         </extension>
  *     </complexContent>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
@@ -55,31 +55,31 @@
     /**
      * Returns a hint as to which recipient this encrypted key value is intended for.
      *
-     * @return the recipient of the <code>EncryptedKey</code>.
+     * @return the recipient of the {@code EncryptedKey}.
      */
     String getRecipient();
 
     /**
-     * Sets the recipient for this <code>EncryptedKey</code>.
+     * Sets the recipient for this {@code EncryptedKey}.
      *
-     * @param recipient the recipient for this <code>EncryptedKey</code>.
+     * @param recipient the recipient for this {@code EncryptedKey}.
      */
     void setRecipient(String recipient);
 
     /**
      * Returns pointers to data and keys encrypted using this key. The reference
-     * list may contain multiple references to <code>EncryptedKey</code> and
-     * <code>EncryptedData</code> elements. This is done using
-     * <code>KeyReference</code> and <code>DataReference</code> elements
+     * list may contain multiple references to {@code EncryptedKey} and
+     * {@code EncryptedData} elements. This is done using
+     * {@code KeyReference} and {@code DataReference} elements
      * respectively.
      *
-     * @return an <code>Iterator</code> over all the <code>ReferenceList</code>s
-     *   contained in this <code>EncryptedKey</code>.
+     * @return an {@code Iterator} over all the {@code ReferenceList}s
+     *   contained in this {@code EncryptedKey}.
      */
     ReferenceList getReferenceList();
 
     /**
-     * Sets the <code>ReferenceList</code> to the <code>EncryptedKey</code>.
+     * Sets the {@code ReferenceList} to the {@code EncryptedKey}.
      *
      * @param list a list of pointers to data elements encrypted using this key.
      */
@@ -87,19 +87,19 @@
 
     /**
      * Returns a user readable name with the key value. This may then be used to
-     * reference the key using the <code>ds:KeyName</code> element within
-     * <code>ds:KeyInfo</code>. The same <code>CarriedKeyName</code> label,
+     * reference the key using the {@code ds:KeyName} element within
+     * {@code ds:KeyInfo}. The same {@code CarriedKeyName} label,
      * unlike an ID type, may occur multiple times within a single document. The
-     * value of the key is to be the same in all <code>EncryptedKey</code>
-     * elements identified with the same <code>CarriedKeyName</code> label
+     * value of the key is to be the same in all {@code EncryptedKey}
+     * elements identified with the same {@code CarriedKeyName} label
      * within a single XML document.
      * <br>
      * <b>Note</b> that because whitespace is significant in the value of
-     * the <code>ds:KeyName</code> element, whitespace is also significant in
-     * the value of the <code>CarriedKeyName</code> element.
+     * the {@code ds:KeyName} element, whitespace is also significant in
+     * the value of the {@code CarriedKeyName} element.
      *
      * @return over all the carried names contained in
-     *   this <code>EncryptedKey</code>.
+     *   this {@code EncryptedKey}.
      */
     String getCarriedName();
 
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedType.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptedType.java	Tue Aug 25 14:32:08 2015 -0700
@@ -25,13 +25,13 @@
 import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
 
 /**
- * EncryptedType is the abstract type from which <code>EncryptedData</code> and
- * <code>EncryptedKey</code> are derived. While these two latter element types
+ * EncryptedType is the abstract type from which {@code EncryptedData} and
+ * {@code EncryptedKey} are derived. While these two latter element types
  * are very similar with respect to their content models, a syntactical
  * distinction is useful to processing.
  * <p>
  * Its schema definition is as follows:
- * <xmp>
+ * <pre>{@code
  * <complexType name='EncryptedType' abstract='true'>
  *     <sequence>
  *         <element name='EncryptionMethod' type='xenc:EncryptionMethodType'
@@ -45,17 +45,17 @@
  *     <attribute name='MimeType' type='string' use='optional'/>
  *     <attribute name='Encoding' type='anyURI' use='optional'/>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
 public interface EncryptedType {
 
     /**
-     * Returns a <code>String</code> providing for the standard method of
+     * Returns a {@code String} providing for the standard method of
      * assigning an id to the element within the document context.
      *
-     * @return the id for the <code>EncryptedType</code>.
+     * @return the id for the {@code EncryptedType}.
      */
     String getId();
 
@@ -67,11 +67,11 @@
     void setId(String id);
 
     /**
-     * Returns an <code>URI</code> identifying type information about the
+     * Returns an {@code URI} identifying type information about the
      * plaintext form of the encrypted content. While optional, this
      * specification takes advantage of it for mandatory processing described in
      * Processing Rules: Decryption (section 4.2). If the
-     * <code>EncryptedData</code> element contains data of Type 'element' or
+     * {@code EncryptedData} element contains data of Type 'element' or
      * element 'content', and replaces that data in an XML document context, it
      * is strongly recommended the Type attribute be provided. Without this
      * information, the decryptor will be unable to automatically restore the
@@ -85,13 +85,13 @@
     /**
      * Sets the type.
      *
-     * @param type an <code>URI</code> identifying type information about the
+     * @param type an {@code URI} identifying type information about the
      *   plaintext form of the encrypted content.
      */
     void setType(String type);
 
     /**
-     * Returns a <code>String</code> which describes the media type of the data
+     * Returns a {@code String} which describes the media type of the data
      * which has been encrypted. The value of this attribute has values defined
      * by [MIME]. For example, if the data that is encrypted is a base64 encoded
      * PNG, the transfer Encoding may be specified as
@@ -112,29 +112,29 @@
     /**
      * Sets the mime type.
      *
-     * @param type a <code>String</code> which describes the media type of the
+     * @param type a {@code String} which describes the media type of the
      *   data which has been encrypted.
      */
     void setMimeType(String type);
 
     /**
-     * Return an <code>URI</code> representing the encoding of the
-     * <code>EncryptedType</code>.
+     * Return an {@code URI} representing the encoding of the
+     * {@code EncryptedType}.
      *
-     * @return the encoding of this <code>EncryptedType</code>.
+     * @return the encoding of this {@code EncryptedType}.
      */
     String getEncoding();
 
     /**
-     * Sets the <code>URI</code> representing the encoding of the
-     * <code>EncryptedType</code>.
+     * Sets the {@code URI} representing the encoding of the
+     * {@code EncryptedType}.
      *
      * @param encoding
      */
     void setEncoding(String encoding);
 
     /**
-     * Returns an <code>EncryptionMethod</code> that describes the encryption
+     * Returns an {@code EncryptionMethod} that describes the encryption
      * algorithm applied to the cipher data. If the element is absent, the
      * encryption algorithm must be known by the recipient or the decryption
      * will fail.
@@ -144,17 +144,17 @@
     EncryptionMethod getEncryptionMethod();
 
     /**
-     * Sets the <code>EncryptionMethod</code> used to encrypt the cipher data.
+     * Sets the {@code EncryptionMethod} used to encrypt the cipher data.
      *
-     * @param method the <code>EncryptionMethod</code>.
+     * @param method the {@code EncryptionMethod}.
      */
     void setEncryptionMethod(EncryptionMethod method);
 
     /**
-     * Returns the <code>ds:KeyInfo</code>, that carries information about the
+     * Returns the {@code ds:KeyInfo}, that carries information about the
      * key used to encrypt the data. Subsequent sections of this specification
      * define new elements that may appear as children of
-     * <code>ds:KeyInfo</code>.
+     * {@code ds:KeyInfo}.
      *
      * @return information about the key that encrypted the cipher data.
      */
@@ -163,14 +163,14 @@
     /**
      * Sets the encryption key information.
      *
-     * @param info the <code>ds:KeyInfo</code>, that carries information about
+     * @param info the {@code ds:KeyInfo}, that carries information about
      *   the key used to encrypt the data.
      */
     void setKeyInfo(KeyInfo info);
 
     /**
-     * Returns the <code>CipherReference</code> that contains the
-     * <code>CipherValue</code> or <code>CipherReference</code> with the
+     * Returns the {@code CipherReference} that contains the
+     * {@code CipherValue} or {@code CipherReference} with the
      * encrypted data.
      *
      * @return the cipher data for the encrypted type.
@@ -179,16 +179,16 @@
 
     /**
      * Returns additional information concerning the generation of the
-     * <code>EncryptedType</code>.
+     * {@code EncryptedType}.
      *
      * @return information relating to the generation of the
-     *   <code>EncryptedType</code>.
+     *   {@code EncryptedType}.
      */
     EncryptionProperties getEncryptionProperties();
 
     /**
-     * Sets the <code>EncryptionProperties</code> that supplies additional
-     * information about the generation of the <code>EncryptedType</code>.
+     * Sets the {@code EncryptionProperties} that supplies additional
+     * information about the generation of the {@code EncryptedType}.
      *
      * @param properties
      */
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionMethod.java	Tue Aug 25 14:32:08 2015 -0700
@@ -26,12 +26,12 @@
 import org.w3c.dom.Element;
 
 /**
- * <code>EncryptionMethod</code> describes the encryption algorithm applied to
+ * {@code EncryptionMethod} describes the encryption algorithm applied to
  * the cipher data. If the element is absent, the encryption algorithm must be
  * known by the recipient or the decryption will fail.
  * <p>
  * It is defined as follows:
- * <xmp>
+ * <pre>{@code
  * <complexType name='EncryptionMethodType' mixed='true'>
  *     <sequence>
  *         <element name='KeySize' minOccurs='0' type='xenc:KeySizeType'/>
@@ -40,7 +40,7 @@
  *     </sequence>
  *     <attribute name='Algorithm' type='anyURI' use='required'/>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
@@ -108,10 +108,10 @@
 
     /**
      * Returns an iterator over all the additional elements contained in the
-     * <code>EncryptionMethod</code>.
+     * {@code EncryptionMethod}.
      *
-     * @return an <code>Iterator</code> over all the additional information
-     *   about the <code>EncryptionMethod</code>.
+     * @return an {@code Iterator} over all the additional information
+     *   about the {@code EncryptionMethod}.
      */
     Iterator<Element> getEncryptionMethodInformation();
 
@@ -126,7 +126,7 @@
      * Removes encryption method information.
      *
      * @param information the information to remove from the
-     *   <code>EncryptionMethod</code>.
+     *   {@code EncryptionMethod}.
      */
     void removeEncryptionMethodInformation(Element information);
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperties.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperties.java	Tue Aug 25 14:32:08 2015 -0700
@@ -25,15 +25,15 @@
 import java.util.Iterator;
 
 /**
- * <code>EncryptionProperties</code> can hold additional information concerning
- * the generation of the <code>EncryptedData</code> or
- * <code>EncryptedKey</code>. This information is wraped int an
- * <code>EncryptionProperty</code> element. Examples of additional information
+ * {@code EncryptionProperties} can hold additional information concerning
+ * the generation of the {@code EncryptedData} or
+ * {@code EncryptedKey}. This information is wraped int an
+ * {@code EncryptionProperty} element. Examples of additional information
  * is e.g., a date/time stamp or the serial number of cryptographic hardware
  * used during encryption).
  * <p>
  * It is defined as follows:
- * <xmp>
+ * <pre>{@code
  * <element name='EncryptionProperties' type='xenc:EncryptionPropertiesType'/>
  * <complexType name='EncryptionPropertiesType'>
  *     <sequence>
@@ -41,14 +41,14 @@
  *     </sequence>
  *     <attribute name='Id' type='ID' use='optional'/>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
 public interface EncryptionProperties {
 
     /**
-     * Returns the <code>EncryptionProperties</code>' id.
+     * Returns the {@code EncryptionProperties}' id.
      *
      * @return the id.
      */
@@ -62,23 +62,23 @@
     void setId(String id);
 
     /**
-     * Returns an <code>Iterator</code> over all the
-     * <code>EncryptionPropterty</code> elements contained in this
-     * <code>EncryptionProperties</code>.
+     * Returns an {@code Iterator} over all the
+     * {@code EncryptionPropterty} elements contained in this
+     * {@code EncryptionProperties}.
      *
-     * @return an <code>Iterator</code> over all the encryption properties.
+     * @return an {@code Iterator} over all the encryption properties.
      */
     Iterator<EncryptionProperty> getEncryptionProperties();
 
     /**
-     * Adds an <code>EncryptionProperty</code>.
+     * Adds an {@code EncryptionProperty}.
      *
      * @param property
      */
     void addEncryptionProperty(EncryptionProperty property);
 
     /**
-     * Removes the specified <code>EncryptionProperty</code>.
+     * Removes the specified {@code EncryptionProperty}.
      *
      * @param property
      */
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperty.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/EncryptionProperty.java	Tue Aug 25 14:32:08 2015 -0700
@@ -27,16 +27,16 @@
 
 /**
  * Additional information items concerning the generation of the
- * <code>EncryptedData</code> or <code>EncryptedKey</code> can be placed in an
- * <code>EncryptionProperty</code> element (e.g., date/time stamp or the serial
+ * {@code EncryptedData} or {@code EncryptedKey} can be placed in an
+ * {@code EncryptionProperty} element (e.g., date/time stamp or the serial
  * number of cryptographic hardware used during encryption). The Target
- * attribute identifies the <code>EncryptedType</code> structure being
+ * attribute identifies the {@code EncryptedType} structure being
  * described. anyAttribute permits the inclusion of attributes from the XML
- * namespace to be included (i.e., <code>xml:space</code>,
- * <code>xml:lang</code>, and <code>xml:base</code>).
+ * namespace to be included (i.e., {@code xml:space},
+ * {@code xml:lang}, and {@code xml:base}).
  * <p>
  * It is defined as follows:
- * <xmp>
+ * <pre>{@code
  * <element name='EncryptionProperty' type='xenc:EncryptionPropertyType'/>
  * <complexType name='EncryptionPropertyType' mixed='true'>
  *     <choice maxOccurs='unbounded'>
@@ -46,17 +46,17 @@
  *     <attribute name='Id' type='ID' use='optional'/>
  *     <anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  */
 public interface EncryptionProperty {
 
     /**
-     * Returns the <code>EncryptedType</code> being described.
+     * Returns the {@code EncryptedType} being described.
      *
-     * @return the <code>EncryptedType</code> being described by this
-     *   <code>EncryptionProperty</code>.
+     * @return the {@code EncryptedType} being described by this
+     *   {@code EncryptionProperty}.
      */
     String getTarget();
 
@@ -68,7 +68,7 @@
     void setTarget(String target);
 
     /**
-     * Returns the id of the <CODE>EncryptionProperty</CODE>.
+     * Returns the id of the {@code EncryptionProperty}.
      *
      * @return the id.
      */
@@ -82,7 +82,7 @@
     void setId(String id);
 
     /**
-     * Returns the attribute's value in the <code>xml</code> namespace.
+     * Returns the attribute's value in the {@code xml} namespace.
      *
      * @param attribute
      * @return the attribute's value.
@@ -98,9 +98,9 @@
     void setAttribute(String attribute, String value);
 
     /**
-     * Returns the properties of the <CODE>EncryptionProperty</CODE>.
+     * Returns the properties of the {@code EncryptionProperty}.
      *
-     * @return an <code>Iterator</code> over all the additional encryption
+     * @return an {@code Iterator} over all the additional encryption
      *   information contained in this class.
      */
     Iterator<Element> getEncryptionInformation();
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/Reference.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/Reference.java	Tue Aug 25 14:32:08 2015 -0700
@@ -26,55 +26,55 @@
 import org.w3c.dom.Element;
 
 /**
- * A wrapper for a pointer from a key value of an <code>EncryptedKey</code> to
- * items encrypted by that key value (<code>EncryptedData</code> or
- * <code>EncryptedKey</code> elements).
+ * A wrapper for a pointer from a key value of an {@code EncryptedKey} to
+ * items encrypted by that key value ({@code EncryptedData} or
+ * {@code EncryptedKey} elements).
  * <p>
  * It is defined as follows:
- * <xmp>
+ * <pre>{@code
  * <complexType name='ReferenceType'>
  *     <sequence>
  *         <any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
  *     </sequence>
  *     <attribute name='URI' type='anyURI' use='required'/>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  * @see ReferenceList
  */
 public interface Reference {
     /**
-     * Returns the <code>Element</code> tag name for this <code>Reference</code>.
+     * Returns the {@code Element} tag name for this {@code Reference}.
      *
-     * @return the tag name of this <code>Reference</code>.
+     * @return the tag name of this {@code Reference}.
      */
     String getType();
 
     /**
-     * Returns a <code>URI</code> that points to an <code>Element</code> that
+     * Returns a {@code URI} that points to an {@code Element} that
      * were encrypted using the key defined in the enclosing
-     * <code>EncryptedKey</code> element.
+     * {@code EncryptedKey} element.
      *
      * @return an Uniform Resource Identifier that qualifies an
-     *   <code>EncryptedType</code>.
+     *   {@code EncryptedType}.
      */
     String getURI();
 
     /**
-     * Sets a <code>URI</code> that points to an <code>Element</code> that
+     * Sets a {@code URI} that points to an {@code Element} that
      * were encrypted using the key defined in the enclosing
-     * <code>EncryptedKey</code> element.
+     * {@code EncryptedKey} element.
      *
      * @param uri the Uniform Resource Identifier that qualifies an
-     *   <code>EncryptedType</code>.
+     *   {@code EncryptedType}.
      */
     void setURI(String uri);
 
     /**
-     * Returns an <code>Iterator</code> over all the child elements contained in
-     * this <code>Reference</code> that will aid the recipient in retrieving the
-     * <code>EncryptedKey</code> and/or <code>EncryptedData</code> elements.
+     * Returns an {@code Iterator} over all the child elements contained in
+     * this {@code Reference} that will aid the recipient in retrieving the
+     * {@code EncryptedKey} and/or {@code EncryptedData} elements.
      * These could include information such as XPath transforms, decompression
      * transforms, or information on how to retrieve the elements from a
      * document storage facility.
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/ReferenceList.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/ReferenceList.java	Tue Aug 25 14:32:08 2015 -0700
@@ -25,12 +25,12 @@
 import java.util.Iterator;
 
 /**
- * <code>ReferenceList</code> is an element that contains pointers from a key
- * value of an <code>EncryptedKey</code> to items encrypted by that key value
- * (<code>EncryptedData</code> or <code>EncryptedKey</code> elements).
+ * {@code ReferenceList} is an element that contains pointers from a key
+ * value of an {@code EncryptedKey} to items encrypted by that key value
+ * ({@code EncryptedData} or {@code EncryptedKey} elements).
  * <p>
  * It is defined as follows:
- * <xmp>
+ * <pre>{@code
  * <element name='ReferenceList'>
  *     <complexType>
  *         <choice minOccurs='1' maxOccurs='unbounded'>
@@ -39,7 +39,7 @@
  *         </choice>
  *     </complexType>
  * </element>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  * @see Reference
@@ -56,54 +56,54 @@
      * Adds a reference to this reference list.
      *
      * @param reference the reference to add.
-     * @throws IllegalAccessException if the <code>Reference</code> is not an
-     *   instance of <code>DataReference</code> or <code>KeyReference</code>.
+     * @throws IllegalAccessException if the {@code Reference} is not an
+     *   instance of {@code DataReference} or {@code KeyReference}.
      */
     void add(Reference reference);
 
     /**
-     * Removes a reference from the <code>ReferenceList</code>.
+     * Removes a reference from the {@code ReferenceList}.
      *
      * @param reference the reference to remove.
      */
     void remove(Reference reference);
 
     /**
-     * Returns the size of the <code>ReferenceList</code>.
+     * Returns the size of the {@code ReferenceList}.
      *
-     * @return the size of the <code>ReferenceList</code>.
+     * @return the size of the {@code ReferenceList}.
      */
     int size();
 
     /**
-     * Indicates if the <code>ReferenceList</code> is empty.
+     * Indicates if the {@code ReferenceList} is empty.
      *
-     * @return <code><b>true</b></code> if the <code>ReferenceList</code> is
-     *     empty, else <code><b>false</b></code>.
+     * @return <b>{@code true}</b> if the {@code ReferenceList} is
+     *     empty, else <b>{@code false}</b>.
      */
     boolean isEmpty();
 
     /**
-     * Returns an <code>Iterator</code> over all the <code>Reference</code>s
-     * contained in this <code>ReferenceList</code>.
+     * Returns an {@code Iterator} over all the {@code Reference}s
+     * contained in this {@code ReferenceList}.
      *
      * @return Iterator.
      */
     Iterator<Reference> getReferences();
 
     /**
-     * <code>DataReference</code> factory method. Returns a
-     * <code>DataReference</code>.
+     * {@code DataReference} factory method. Returns a
+     * {@code DataReference}.
      * @param uri
-     * @return a <code>DataReference</code>.
+     * @return a {@code DataReference}.
      */
     Reference newDataReference(String uri);
 
     /**
-     * <code>KeyReference</code> factory method. Returns a
-     * <code>KeyReference</code>.
+     * {@code KeyReference} factory method. Returns a
+     * {@code KeyReference}.
      * @param uri
-     * @return a <code>KeyReference</code>.
+     * @return a {@code KeyReference}.
      */
     Reference newKeyReference(String uri);
 }
--- a/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/Transforms.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/encryption/Transforms.java	Tue Aug 25 14:32:08 2015 -0700
@@ -23,16 +23,16 @@
 package com.sun.org.apache.xml.internal.security.encryption;
 
 /**
- * A container for <code>ds:Transform</code>s.
+ * A container for {@code ds:Transform}s.
  * <p>
  * It is defined as follows:
- * <xmp>
+ * <pre>{@code
  * <complexType name='TransformsType'>
  *     <sequence>
  *         <element ref='ds:Transform' maxOccurs='unbounded'/>
  *     </sequence>
  * </complexType>
- * </xmp>
+ * }</pre>
  *
  * @author Axl Mattheus
  * @see com.sun.org.apache.xml.internal.security.encryption.CipherReference
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/KeySelectorException.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/KeySelectorException.java	Tue Aug 25 14:32:08 2015 -0700
@@ -33,8 +33,8 @@
 /**
  * Indicates an exceptional condition thrown by a {@link KeySelector}.
  *
- * <p>A <code>KeySelectorException</code> can contain a cause: another
- * throwable that caused this <code>KeySelectorException</code> to get thrown.
+ * <p>A {@code KeySelectorException} can contain a cause: another
+ * throwable that caused this {@code KeySelectorException} to get thrown.
  *
  * @author Sean Mullan
  * @author JSR 105 Expert Group
@@ -46,7 +46,7 @@
 
     /**
      * The throwable that caused this exception to get thrown, or
-     * <code>null</code> if this exception was not caused by another throwable
+     * {@code null} if this exception was not caused by another throwable
      * or if the causative throwable is unknown.
      *
      * @serial
@@ -54,15 +54,15 @@
     private Throwable cause;
 
     /**
-     * Constructs a new <code>KeySelectorException</code> with
-     * <code>null</code> as its detail message.
+     * Constructs a new {@code KeySelectorException} with
+     * {@code null} as its detail message.
      */
     public KeySelectorException() {
         super();
     }
 
     /**
-     * Constructs a new <code>KeySelectorException</code> with the specified
+     * Constructs a new {@code KeySelectorException} with the specified
      * detail message.
      *
      * @param message the detail message
@@ -72,14 +72,14 @@
     }
 
     /**
-     * Constructs a new <code>KeySelectorException</code> with the
+     * Constructs a new {@code KeySelectorException} with the
      * specified detail message and cause.
      * <p>Note that the detail message associated with
-     * <code>cause</code> is <i>not</i> automatically incorporated in
+     * {@code cause} is <i>not</i> automatically incorporated in
      * this exception's detail message.
      *
      * @param message the detail message
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public KeySelectorException(String message, Throwable cause) {
@@ -88,13 +88,13 @@
     }
 
     /**
-     * Constructs a new <code>KeySelectorException</code> with the specified
+     * Constructs a new {@code KeySelectorException} with the specified
      * cause and a detail message of
-     * <code>(cause==null ? null : cause.toString())</code>
+     * {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <code>cause</code>).
+     * {@code cause}).
      *
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public KeySelectorException(Throwable cause) {
@@ -103,20 +103,20 @@
     }
 
     /**
-     * Returns the cause of this <code>KeySelectorException</code> or
-     * <code>null</code> if the cause is nonexistent or unknown.  (The
+     * Returns the cause of this {@code KeySelectorException} or
+     * {@code null} if the cause is nonexistent or unknown.  (The
      * cause is the throwable that caused this
-     * <code>KeySelectorException</code> to get thrown.)
+     * {@code KeySelectorException} to get thrown.)
      *
-     * @return the cause of this <code>KeySelectorException</code> or
-     *         <code>null</code> if the cause is nonexistent or unknown.
+     * @return the cause of this {@code KeySelectorException} or
+     *         {@code null} if the cause is nonexistent or unknown.
      */
     public Throwable getCause() {
         return cause;
     }
 
     /**
-     * Prints this <code>KeySelectorException</code>, its backtrace and
+     * Prints this {@code KeySelectorException}, its backtrace and
      * the cause's backtrace to the standard error stream.
      */
     public void printStackTrace() {
@@ -125,10 +125,10 @@
     }
 
     /**
-     * Prints this <code>KeySelectorException</code>, its backtrace and
+     * Prints this {@code KeySelectorException}, its backtrace and
      * the cause's backtrace to the specified print stream.
      *
-     * @param s <code>PrintStream</code> to use for output
+     * @param s {@code PrintStream} to use for output
      */
     public void printStackTrace(PrintStream s) {
         super.printStackTrace(s);
@@ -136,10 +136,10 @@
     }
 
     /**
-     * Prints this <code>KeySelectorException</code>, its backtrace and
+     * Prints this {@code KeySelectorException}, its backtrace and
      * the cause's backtrace to the specified print writer.
      *
-     * @param s <code>PrintWriter</code> to use for output
+     * @param s {@code PrintWriter} to use for output
      */
     public void printStackTrace(PrintWriter s) {
         super.printStackTrace(s);
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/MarshalException.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/MarshalException.java	Tue Aug 25 14:32:08 2015 -0700
@@ -39,8 +39,8 @@
  * Indicates an exceptional condition that occurred during the XML
  * marshalling or unmarshalling process.
  *
- * <p>A <code>MarshalException</code> can contain a cause: another
- * throwable that caused this <code>MarshalException</code> to get thrown.
+ * <p>A {@code MarshalException} can contain a cause: another
+ * throwable that caused this {@code MarshalException} to get thrown.
  *
  * @author Sean Mullan
  * @author JSR 105 Expert Group
@@ -62,15 +62,15 @@
     private Throwable cause;
 
     /**
-     * Constructs a new <code>MarshalException</code> with
-     * <code>null</code> as its detail message.
+     * Constructs a new {@code MarshalException} with
+     * {@code null} as its detail message.
      */
     public MarshalException() {
         super();
     }
 
     /**
-     * Constructs a new <code>MarshalException</code> with the specified
+     * Constructs a new {@code MarshalException} with the specified
      * detail message.
      *
      * @param message the detail message
@@ -80,14 +80,14 @@
     }
 
     /**
-     * Constructs a new <code>MarshalException</code> with the
+     * Constructs a new {@code MarshalException} with the
      * specified detail message and cause.
      * <p>Note that the detail message associated with
-     * <code>cause</code> is <i>not</i> automatically incorporated in
+     * {@code cause} is <i>not</i> automatically incorporated in
      * this exception's detail message.
      *
      * @param message the detail message
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public MarshalException(String message, Throwable cause) {
@@ -96,12 +96,11 @@
     }
 
     /**
-     * Constructs a new <code>MarshalException</code> with the specified cause
-     * and a detail message of <code>(cause==null ? null : cause.toString())
-     * </code> (which typically contains the class and detail message of
-     * <code>cause</code>).
+     * Constructs a new {@code MarshalException} with the specified cause
+     * and a detail message of {@code (cause==null ? null : cause.toString())}
+     * (which typically contains the class and detail message of {@code cause}).
      *
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public MarshalException(Throwable cause) {
@@ -110,20 +109,20 @@
     }
 
     /**
-     * Returns the cause of this <code>MarshalException</code> or
-     * <code>null</code> if the cause is nonexistent or unknown.  (The
+     * Returns the cause of this {@code MarshalException} or
+     * {@code null} if the cause is nonexistent or unknown.  (The
      * cause is the throwable that caused this
-     * <code>MarshalException</code> to get thrown.)
+     * {@code MarshalException} to get thrown.)
      *
-     * @return the cause of this <code>MarshalException</code> or
-     *         <code>null</code> if the cause is nonexistent or unknown.
+     * @return the cause of this {@code MarshalException} or
+     *         {@code null} if the cause is nonexistent or unknown.
      */
     public Throwable getCause() {
         return cause;
     }
 
     /**
-     * Prints this <code>MarshalException</code>, its backtrace and
+     * Prints this {@code MarshalException}, its backtrace and
      * the cause's backtrace to the standard error stream.
      */
     public void printStackTrace() {
@@ -132,10 +131,10 @@
     }
 
     /**
-     * Prints this <code>MarshalException</code>, its backtrace and
+     * Prints this {@code MarshalException}, its backtrace and
      * the cause's backtrace to the specified print stream.
      *
-     * @param s <code>PrintStream</code> to use for output
+     * @param s {@code PrintStream} to use for output
      */
     public void printStackTrace(PrintStream s) {
         super.printStackTrace(s);
@@ -143,10 +142,10 @@
     }
 
     /**
-     * Prints this <code>MarshalException</code>, its backtrace and
+     * Prints this {@code MarshalException}, its backtrace and
      * the cause's backtrace to the specified print writer.
      *
-     * @param s <code>PrintWriter</code> to use for output
+     * @param s {@code PrintWriter} to use for output
      */
     public void printStackTrace(PrintWriter s) {
         super.printStackTrace(s);
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/NoSuchMechanismException.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/NoSuchMechanismException.java	Tue Aug 25 14:32:08 2015 -0700
@@ -39,8 +39,8 @@
  * This exception is thrown when a particular XML mechanism is requested but
  * is not available in the environment.
  *
- * <p>A <code>NoSuchMechanismException</code> can contain a cause: another
- * throwable that caused this <code>NoSuchMechanismException</code> to get
+ * <p>A {@code NoSuchMechanismException} can contain a cause: another
+ * throwable that caused this {@code NoSuchMechanismException} to get
  * thrown.
  *
  * @author Sean Mullan
@@ -63,15 +63,15 @@
     private Throwable cause;
 
     /**
-     * Constructs a new <code>NoSuchMechanismException</code> with
-     * <code>null</code> as its detail message.
+     * Constructs a new {@code NoSuchMechanismException} with
+     * {@code null} as its detail message.
      */
     public NoSuchMechanismException() {
         super();
     }
 
     /**
-     * Constructs a new <code>NoSuchMechanismException</code> with the
+     * Constructs a new {@code NoSuchMechanismException} with the
      * specified detail message.
      *
      * @param message the detail message
@@ -81,14 +81,14 @@
     }
 
     /**
-     * Constructs a new <code>NoSuchMechanismException</code> with the
+     * Constructs a new {@code NoSuchMechanismException} with the
      * specified detail message and cause.
      * <p>Note that the detail message associated with
-     * <code>cause</code> is <i>not</i> automatically incorporated in
+     * {@code cause} is <i>not</i> automatically incorporated in
      * this exception's detail message.
      *
      * @param message the detail message
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public NoSuchMechanismException(String message, Throwable cause) {
@@ -97,12 +97,12 @@
     }
 
     /**
-     * Constructs a new <code>NoSuchMechanismException</code> with the
+     * Constructs a new {@code NoSuchMechanismException} with the
      * specified cause and a detail message of
-     * <code>(cause==null ? null : cause.toString())</code> (which typically
-     * contains the class and detail message of <code>cause</code>).
+     * {@code (cause==null ? null : cause.toString())} (which typically
+     * contains the class and detail message of {@code cause}).
      *
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public NoSuchMechanismException(Throwable cause) {
@@ -111,20 +111,20 @@
     }
 
     /**
-     * Returns the cause of this <code>NoSuchMechanismException</code> or
-     * <code>null</code> if the cause is nonexistent or unknown.  (The
+     * Returns the cause of this {@code NoSuchMechanismException} or
+     * {@code null} if the cause is nonexistent or unknown.  (The
      * cause is the throwable that caused this
-     * <code>NoSuchMechanismException</code> to get thrown.)
+     * {@code NoSuchMechanismException} to get thrown.)
      *
-     * @return the cause of this <code>NoSuchMechanismException</code> or
-     *         <code>null</code> if the cause is nonexistent or unknown.
+     * @return the cause of this {@code NoSuchMechanismException} or
+     *         {@code null} if the cause is nonexistent or unknown.
      */
     public Throwable getCause() {
         return cause;
     }
 
     /**
-     * Prints this <code>NoSuchMechanismException</code>, its backtrace and
+     * Prints this {@code NoSuchMechanismException}, its backtrace and
      * the cause's backtrace to the standard error stream.
      */
     public void printStackTrace() {
@@ -133,10 +133,10 @@
     }
 
     /**
-     * Prints this <code>NoSuchMechanismException</code>, its backtrace and
+     * Prints this {@code NoSuchMechanismException}, its backtrace and
      * the cause's backtrace to the specified print stream.
      *
-     * @param s <code>PrintStream</code> to use for output
+     * @param s {@code PrintStream} to use for output
      */
     public void printStackTrace(PrintStream s) {
         super.printStackTrace(s);
@@ -144,10 +144,10 @@
     }
 
     /**
-     * Prints this <code>NoSuchMechanismException</code>, its backtrace and
+     * Prints this {@code NoSuchMechanismException}, its backtrace and
      * the cause's backtrace to the specified print writer.
      *
-     * @param s <code>PrintWriter</code> to use for output
+     * @param s {@code PrintWriter} to use for output
      */
     public void printStackTrace(PrintWriter s) {
         super.printStackTrace(s);
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/URIReferenceException.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/URIReferenceException.java	Tue Aug 25 14:32:08 2015 -0700
@@ -35,8 +35,8 @@
  * Indicates an exceptional condition thrown while dereferencing a
  * {@link URIReference}.
  *
- * <p>A <code>URIReferenceException</code> can contain a cause: another
- * throwable that caused this <code>URIReferenceException</code> to get thrown.
+ * <p>A {@code URIReferenceException} can contain a cause: another
+ * throwable that caused this {@code URIReferenceException} to get thrown.
  *
  * @author Sean Mullan
  * @author JSR 105 Expert Group
@@ -60,15 +60,15 @@
     private URIReference uriReference;
 
     /**
-     * Constructs a new <code>URIReferenceException</code> with
-     * <code>null</code> as its detail message.
+     * Constructs a new {@code URIReferenceException} with
+     * {@code null} as its detail message.
      */
     public URIReferenceException() {
         super();
     }
 
     /**
-     * Constructs a new <code>URIReferenceException</code> with the specified
+     * Constructs a new {@code URIReferenceException} with the specified
      * detail message.
      *
      * @param message the detail message
@@ -78,14 +78,14 @@
     }
 
     /**
-     * Constructs a new <code>URIReferenceException</code> with the
+     * Constructs a new {@code URIReferenceException} with the
      * specified detail message and cause.
      * <p>Note that the detail message associated with
-     * <code>cause</code> is <i>not</i> automatically incorporated in
+     * {@code cause} is <i>not</i> automatically incorporated in
      * this exception's detail message.
      *
      * @param message the detail message
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public URIReferenceException(String message, Throwable cause) {
@@ -94,19 +94,19 @@
     }
 
     /**
-     * Constructs a new <code>URIReferenceException</code> with the
-     * specified detail message, cause and <code>URIReference</code>.
+     * Constructs a new {@code URIReferenceException} with the
+     * specified detail message, cause and {@code URIReference}.
      * <p>Note that the detail message associated with
-     * <code>cause</code> is <i>not</i> automatically incorporated in
+     * {@code cause} is <i>not</i> automatically incorporated in
      * this exception's detail message.
      *
      * @param message the detail message
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
-     * @param uriReference the <code>URIReference</code> that was being
+     * @param uriReference the {@code URIReference} that was being
      *    dereferenced when the error was encountered
-     * @throws NullPointerException if <code>uriReference</code> is
-     *    <code>null</code>
+     * @throws NullPointerException if {@code uriReference} is
+     *    {@code null}
      */
     public URIReferenceException(String message, Throwable cause,
         URIReference uriReference) {
@@ -118,12 +118,12 @@
     }
 
     /**
-     * Constructs a new <code>URIReferenceException</code> with the specified
-     * cause and a detail message of <code>(cause==null ? null :
-     * cause.toString())</code> (which typically contains the class and detail
-     * message of <code>cause</code>).
+     * Constructs a new {@code URIReferenceException} with the specified
+     * cause and a detail message of {@code (cause==null ? null :
+     * cause.toString())} (which typically contains the class and detail
+     * message of {@code cause}).
      *
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public URIReferenceException(Throwable cause) {
@@ -132,31 +132,31 @@
     }
 
     /**
-     * Returns the <code>URIReference</code> that was being dereferenced
+     * Returns the {@code URIReference} that was being dereferenced
      * when the exception was thrown.
      *
-     * @return the <code>URIReference</code> that was being dereferenced
-     * when the exception was thrown, or <code>null</code> if not specified
+     * @return the {@code URIReference} that was being dereferenced
+     * when the exception was thrown, or {@code null} if not specified
      */
     public URIReference getURIReference() {
         return uriReference;
     }
 
     /**
-     * Returns the cause of this <code>URIReferenceException</code> or
-     * <code>null</code> if the cause is nonexistent or unknown.  (The
+     * Returns the cause of this {@code URIReferenceException} or
+     * {@code null} if the cause is nonexistent or unknown.  (The
      * cause is the throwable that caused this
-     * <code>URIReferenceException</code> to get thrown.)
+     * {@code URIReferenceException} to get thrown.)
      *
-     * @return the cause of this <code>URIReferenceException</code> or
-     *    <code>null</code> if the cause is nonexistent or unknown.
+     * @return the cause of this {@code URIReferenceException} or
+     *    {@code null} if the cause is nonexistent or unknown.
      */
     public Throwable getCause() {
         return cause;
     }
 
     /**
-     * Prints this <code>URIReferenceException</code>, its backtrace and
+     * Prints this {@code URIReferenceException}, its backtrace and
      * the cause's backtrace to the standard error stream.
      */
     public void printStackTrace() {
@@ -165,10 +165,10 @@
     }
 
     /**
-     * Prints this <code>URIReferenceException</code>, its backtrace and
+     * Prints this {@code URIReferenceException}, its backtrace and
      * the cause's backtrace to the specified print stream.
      *
-     * @param s <code>PrintStream</code> to use for output
+     * @param s {@code PrintStream} to use for output
      */
     public void printStackTrace(PrintStream s) {
         super.printStackTrace(s);
@@ -176,10 +176,10 @@
     }
 
     /**
-     * Prints this <code>URIReferenceException</code>, its backtrace and
+     * Prints this {@code URIReferenceException}, its backtrace and
      * the cause's backtrace to the specified print writer.
      *
-     * @param s <code>PrintWriter</code> to use for output
+     * @param s {@code PrintWriter} to use for output
      */
     public void printStackTrace(PrintWriter s) {
         super.printStackTrace(s);
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformException.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/TransformException.java	Tue Aug 25 14:32:08 2015 -0700
@@ -34,8 +34,8 @@
  * Indicates an exceptional condition that occurred while executing a
  * transform algorithm.
  *
- * <p>A <code>TransformException</code> can contain a cause: another
- * throwable that caused this <code>TransformException</code> to get thrown.
+ * <p>A {@code TransformException} can contain a cause: another
+ * throwable that caused this {@code TransformException} to get thrown.
  *
  * @see Transform#transform
  * @author Sean Mullan
@@ -56,15 +56,15 @@
     private Throwable cause;
 
     /**
-     * Constructs a new <code>TransformException</code> with
-     * <code>null</code> as its detail message.
+     * Constructs a new {@code TransformException} with
+     * {@code null} as its detail message.
      */
     public TransformException() {
         super();
     }
 
     /**
-     * Constructs a new <code>TransformException</code> with the specified
+     * Constructs a new {@code TransformException} with the specified
      * detail message.
      *
      * @param message the detail message
@@ -74,14 +74,14 @@
     }
 
     /**
-     * Constructs a new <code>TransformException</code> with the
+     * Constructs a new {@code TransformException} with the
      * specified detail message and cause.
      * <p>Note that the detail message associated with
-     * <code>cause</code> is <i>not</i> automatically incorporated in
+     * {@code cause} is <i>not</i> automatically incorporated in
      * this exception's detail message.
      *
      * @param message the detail message
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public TransformException(String message, Throwable cause) {
@@ -90,13 +90,13 @@
     }
 
     /**
-     * Constructs a new <code>TransformException</code> with the specified
+     * Constructs a new {@code TransformException} with the specified
      * cause and a detail message of
-     * <code>(cause==null ? null : cause.toString())</code>
+     * {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <code>cause</code>).
+     * {@code cause}).
      *
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public TransformException(Throwable cause) {
@@ -105,20 +105,20 @@
     }
 
     /**
-     * Returns the cause of this <code>TransformException</code> or
-     * <code>null</code> if the cause is nonexistent or unknown.  (The
+     * Returns the cause of this {@code TransformException} or
+     * {@code null} if the cause is nonexistent or unknown.  (The
      * cause is the throwable that caused this
-     * <code>TransformException</code> to get thrown.)
+     * {@code TransformException} to get thrown.)
      *
-     * @return the cause of this <code>TransformException</code> or
-     *         <code>null</code> if the cause is nonexistent or unknown.
+     * @return the cause of this {@code TransformException} or
+     *         {@code null} if the cause is nonexistent or unknown.
      */
     public Throwable getCause() {
         return cause;
     }
 
     /**
-     * Prints this <code>TransformException</code>, its backtrace and
+     * Prints this {@code TransformException}, its backtrace and
      * the cause's backtrace to the standard error stream.
      */
     public void printStackTrace() {
@@ -129,10 +129,10 @@
     }
 
     /**
-     * Prints this <code>TransformException</code>, its backtrace and
+     * Prints this {@code TransformException}, its backtrace and
      * the cause's backtrace to the specified print stream.
      *
-     * @param s <code>PrintStream</code> to use for output
+     * @param s {@code PrintStream} to use for output
      */
     public void printStackTrace(PrintStream s) {
         super.printStackTrace(s);
@@ -142,10 +142,10 @@
     }
 
     /**
-     * Prints this <code>TransformException</code>, its backtrace and
+     * Prints this {@code TransformException}, its backtrace and
      * the cause's backtrace to the specified print writer.
      *
-     * @param s <code>PrintWriter</code> to use for output
+     * @param s {@code PrintWriter} to use for output
      */
     public void printStackTrace(PrintWriter s) {
         super.printStackTrace(s);
--- a/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureException.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/java.xml.crypto/share/classes/javax/xml/crypto/dsig/XMLSignatureException.java	Tue Aug 25 14:32:08 2015 -0700
@@ -34,8 +34,8 @@
  * Indicates an exceptional condition that occurred during the XML
  * signature generation or validation process.
  *
- * <p>An <code>XMLSignatureException</code> can contain a cause: another
- * throwable that caused this <code>XMLSignatureException</code> to get thrown.
+ * <p>An {@code XMLSignatureException} can contain a cause: another
+ * throwable that caused this {@code XMLSignatureException} to get thrown.
  *
  * @since 1.6
  */
@@ -53,15 +53,15 @@
     private Throwable cause;
 
     /**
-     * Constructs a new <code>XMLSignatureException</code> with
-     * <code>null</code> as its detail message.
+     * Constructs a new {@code XMLSignatureException} with
+     * {@code null} as its detail message.
      */
     public XMLSignatureException() {
         super();
     }
 
     /**
-     * Constructs a new <code>XMLSignatureException</code> with the specified
+     * Constructs a new {@code XMLSignatureException} with the specified
      * detail message.
      *
      * @param message the detail message
@@ -71,14 +71,14 @@
     }
 
     /**
-     * Constructs a new <code>XMLSignatureException</code> with the
+     * Constructs a new {@code XMLSignatureException} with the
      * specified detail message and cause.
      * <p>Note that the detail message associated with
-     * <code>cause</code> is <i>not</i> automatically incorporated in
+     * {@code cause} is <i>not</i> automatically incorporated in
      * this exception's detail message.
      *
      * @param message the detail message
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public XMLSignatureException(String message, Throwable cause) {
@@ -87,13 +87,13 @@
     }
 
     /**
-     * Constructs a new <code>XMLSignatureException</code> with the specified
+     * Constructs a new {@code XMLSignatureException} with the specified
      * cause and a detail message of
-     * <code>(cause==null ? null : cause.toString())</code>
+     * {@code (cause==null ? null : cause.toString())}
      * (which typically contains the class and detail message of
-     * <code>cause</code>).
+     * {@code cause}).
      *
-     * @param cause the cause (A <tt>null</tt> value is permitted, and
+     * @param cause the cause (A {@code null} value is permitted, and
      *        indicates that the cause is nonexistent or unknown.)
      */
     public XMLSignatureException(Throwable cause) {
@@ -102,20 +102,20 @@
     }
 
     /**
-     * Returns the cause of this <code>XMLSignatureException</code> or
-     * <code>null</code> if the cause is nonexistent or unknown.  (The
+     * Returns the cause of this {@code XMLSignatureException} or
+     * {@code null} if the cause is nonexistent or unknown.  (The
      * cause is the throwable that caused this
-     * <code>XMLSignatureException</code> to get thrown.)
+     * {@code XMLSignatureException} to get thrown.)
      *
-     * @return the cause of this <code>XMLSignatureException</code> or
-     *         <code>null</code> if the cause is nonexistent or unknown.
+     * @return the cause of this {@code XMLSignatureException} or
+     *         {@code null} if the cause is nonexistent or unknown.
      */
     public Throwable getCause() {
         return cause;
     }
 
     /**
-     * Prints this <code>XMLSignatureException</code>, its backtrace and
+     * Prints this {@code XMLSignatureException}, its backtrace and
      * the cause's backtrace to the standard error stream.
      */
     public void printStackTrace() {
@@ -126,10 +126,10 @@
     }
 
     /**
-     * Prints this <code>XMLSignatureException</code>, its backtrace and
+     * Prints this {@code XMLSignatureException}, its backtrace and
      * the cause's backtrace to the specified print stream.
      *
-     * @param s <code>PrintStream</code> to use for output
+     * @param s {@code PrintStream} to use for output
      */
     public void printStackTrace(PrintStream s) {
         super.printStackTrace(s);
@@ -139,10 +139,10 @@
     }
 
     /**
-     * Prints this <code>XMLSignatureException</code>, its backtrace and
+     * Prints this {@code XMLSignatureException}, its backtrace and
      * the cause's backtrace to the specified print writer.
      *
-     * @param s <code>PrintWriter</code> to use for output
+     * @param s {@code PrintWriter} to use for output
      */
     public void printStackTrace(PrintWriter s) {
         super.printStackTrace(s);
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java	Tue Aug 25 14:32:08 2015 -0700
@@ -474,7 +474,7 @@
 
     /**
      * calls ucrypto_encrypt_update(...) or ucrypto_decrypt_update(...)
-     * @returns the length of output or if negative, an error status code
+     * @return the length of output or if negative, an error status code
      */
     private native static int nativeUpdate(long pContext, boolean encrypt,
                                            byte[] in, int inOfs, int inLen,
@@ -482,7 +482,7 @@
 
     /**
      * calls ucrypto_encrypt_final(...) or ucrypto_decrypt_final(...)
-     * @returns the length of output or if negative, an error status code
+     * @return the length of output or if negative, an error status code
      */
     native static int nativeFinal(long pContext, boolean encrypt,
                                           byte[] out, int outOfs);
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java	Tue Aug 25 14:32:08 2015 -0700
@@ -377,7 +377,7 @@
 
     /**
      * calls ucrypto_encrypt(...) or ucrypto_decrypt(...)
-     * @returns the length of output or an negative error status code
+     * @return the length of output or an negative error status code
      */
     private native static int nativeAtomic(int mech, boolean encrypt,
                                            long keyValue, int keyLength,
--- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java	Tue Aug 25 13:03:08 2015 +0300
+++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java	Tue Aug 25 14:32:08 2015 -0700
@@ -353,20 +353,20 @@
 
     /**
      * calls ucrypto_sign_update(...) or ucrypto_verify_update(...)
-     * @returns an error status code (0 means SUCCESS)
+     * @return an error status code (0 means SUCCESS)
      */
     private native static int nativeUpdate(long pContext, boolean sign,
                                            byte[] in, int inOfs, int inLen);
     /**
      * calls ucrypto_sign_update(...) or ucrypto_verify_update(...)
-     * @returns an error status code (0 means SUCCESS)
+     * @return an error status code (0 means SUCCESS)
      */
     private native static int nativeUpdate(long pContext, boolean sign,
                                            long pIn, int inLen);
 
     /**
      * calls ucrypto_sign_final(...) or ucrypto_verify_final(...)
-     * @returns the length of signature bytes or verification status.
+     * @return the length of signature bytes or verification status.
      * If negative, it indicates an error status code
      */
     private native static int nativeFinal(long pContext, boolean sign,
--- a/src/jdk.deploy.osx/macosx/classes/apple/security/AppleProvider.java	Tue Aug 25 13:03:08 2015 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,88 +0,0 @@
-/*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package apple.security;
-
-import java.security.*;
-
-/**
- * The Apple Security Provider.
- */
-
-/**
- * Defines the Apple provider.
- *
- * This provider only exists to provide access to the Apple keychain-based KeyStore implementation
- */
-@SuppressWarnings("serial") // JDK implementation class
-public final class AppleProvider extends Provider {
-
-    private static final String info = "Apple Provider";
-
-    private static final class ProviderService extends Provider.Service {
-        ProviderService(Provider p, String type, String algo, String cn) {
-            super(p, type, algo, cn, null, null);
-        }
-
-        @Override
-        public Object newInstance(Object ctrParamObj)
-            throws NoSuchAlgorithmException {
-            String type = getType();
-            if (ctrParamObj != null) {
-                throw new InvalidParameterException
-                    ("constructorParameter not used with " + type + " engines");
-            }
-
-            String algo = getAlgorithm();
-            try {
-                if (type.equals("KeyStore")) {
-                    if (algo.equals("KeychainStore")) {
-                        return new KeychainStore();
-                    }
-                }
-            } catch (Exception ex) {
-                throw new NoSuchAlgorithmException("Error constructing " +
-                    type + " for " + algo + " using Apple", ex);
-            }
-            throw new ProviderException("No impl for " + algo +
-                " " + type);
-        }
-    }
-
-
-    public AppleProvider() {
-        /* We are the Apple provider */
-        super("Apple", 1.9d, info);
-
-        final Provider p = this;
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
-            public Void run() {
-                putService(new ProviderService(p, "KeyStore",
-                           "KeychainStore", "apple.security.KeychainStore"));
-                return null;
-            }
-        });
-    }
-}
--- a/src/jdk.deploy.osx/macosx/classes/apple/security/KeychainStore.java	Tue Aug 25 13:03:08 2015 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,1149 +0,0 @@
-/*
- * Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-package apple.security;
-
-import java.io.*;
-import java.security.*;
-import java.security.cert.*;
-import java.security.cert.Certificate;
-import java.security.spec.*;
-import java.util.*;
-
-import javax.crypto.*;
-import javax.crypto.spec.*;
-import javax.security.auth.x500.*;
-
-import sun.security.pkcs.*;
-import sun.security.pkcs.EncryptedPrivateKeyInfo;
-import sun.security.util.*;
-import sun.security.x509.*;
-
-/**
- * This class provides the keystore implementation referred to as "KeychainStore".
- * It uses the current user's keychain as its backing storage, and does NOT support
- * a file-based implementation.
- */
-
-public final class KeychainStore extends KeyStoreSpi {
-
-    // Private keys and their supporting certificate chains
-    // If a key came from the keychain it has a SecKeyRef and one or more
-    // SecCertificateRef.  When we delete the key we have to delete all of the corresponding
-    // native objects.
-    class KeyEntry {
-        Date date; // the creation date of this entry
-        byte[] protectedPrivKey;
-        char[] password;
-        long keyRef;  // SecKeyRef for this key
-        Certificate chain[];
-        long chainRefs[];  // SecCertificateRefs for this key's chain.
-    };
-
-    // Trusted certificates
-    class TrustedCertEntry {
-        Date date; // the creation date of this entry
-
-        Certificate cert;
-        long certRef;  // SecCertificateRef for this key
-    };
-
-    /**
-     * Entries that have been deleted.  When something calls engineStore we'll
-     * remove them from the keychain.
-     */
-    private Hashtable<String, Object> deletedEntries = new Hashtable<>();
-
-    /**
-     * Entries that have been added.  When something calls engineStore we'll
-     * add them to the keychain.
-     */
-    private Hashtable<String, Object> addedEntries = new Hashtable<>();
-
-    /**
-     * Private keys and certificates are stored in a hashtable.
-     * Hash entries are keyed by alias names.
-     */
-    private Hashtable<String, Object> entries = new Hashtable<>();
-
-    /**
-     * Algorithm identifiers and corresponding OIDs for the contents of the PKCS12 bag we get from the Keychain.
-     */
-    private static final int keyBag[]  = {1, 2, 840, 113549, 1, 12, 10, 1, 2};
-    private static final int pbeWithSHAAnd3KeyTripleDESCBC[] =     {1, 2, 840, 113549, 1, 12, 1, 3};
-    private static ObjectIdentifier PKCS8ShroudedKeyBag_OID;
-    private static ObjectIdentifier pbeWithSHAAnd3KeyTripleDESCBC_OID;
-
-    /**
-     * Constnats used in PBE decryption.
-     */
-    private static final int iterationCount = 1024;
-    private static final int SALT_LEN = 20;
-
-    static {
-        AccessController.doPrivileged(
-            new PrivilegedAction<Void>() {
-                public Void run() {
-                    System.loadLibrary("osx");
-                    return null;
-                }
-            });
-        try {
-            PKCS8ShroudedKeyBag_OID = new ObjectIdentifier(keyBag);
-            pbeWithSHAAnd3KeyTripleDESCBC_OID = new ObjectIdentifier(pbeWithSHAAnd3KeyTripleDESCBC);
-        } catch (IOException ioe) {
-            // should not happen
-        }
-    }
-
-    private static void permissionCheck() {
-        SecurityManager sec = System.getSecurityManager();
-
-        if (sec != null) {
-            sec.checkPermission(new RuntimePermission("useKeychainStore"));
-        }
-    }
-
-
-    /**
-     * Verify the Apple provider in the constructor.
-     *
-     * @exception SecurityException if fails to verify
-     * its own integrity
-     */
-    public KeychainStore() { }
-
-    /**
-        * Returns the key associated with the given alias, using the given
-     * password to recover it.
-     *
-     * @param alias the alias name
-     * @param password the password for recovering the key. This password is
-     *        used internally as the key is exported in a PKCS12 format.
-     *
-     * @return the requested key, or null if the given alias does not exist
-     * or does not identify a <i>key entry</i>.
-     *
-     * @exception NoSuchAlgorithmException if the algorithm for recovering the
-     * key cannot be found
-     * @exception UnrecoverableKeyException if the key cannot be recovered
-     * (e.g., the given password is wrong).
-     */
-    public Key engineGetKey(String alias, char[] password)
-        throws NoSuchAlgorithmException, UnrecoverableKeyException
-    {
-        permissionCheck();
-
-        // An empty password is rejected by MacOS API, no private key data
-        // is exported. If no password is passed (as is the case when
-        // this implementation is used as browser keystore in various
-        // deployment scenarios like Webstart, JFX and applets), create
-        // a dummy password so MacOS API is happy.
-        if (password == null || password.length == 0) {
-            // Must not be a char array with only a 0, as this is an empty
-            // string.
-            if (random == null) {
-                random = new SecureRandom();
-            }
-            password = Long.toString(random.nextLong()).toCharArray();
-        }
-
-        Object entry = entries.get(alias.toLowerCase());
-
-        if (entry == null || !(entry instanceof KeyEntry)) {
-            return null;
-        }
-
-        // This call gives us a PKCS12 bag, with the key inside it.
-        byte[] exportedKeyInfo = _getEncodedKeyData(((KeyEntry)entry).keyRef, password);
-        if (exportedKeyInfo == null) {
-            return null;
-        }
-
-        PrivateKey returnValue = null;
-
-        try {
-            byte[] pkcs8KeyData = fetchPrivateKeyFromBag(exportedKeyInfo);
-            byte[] encryptedKey;
-            AlgorithmParameters algParams;
-            ObjectIdentifier algOid;
-            try {
-                // get the encrypted private key
-                EncryptedPrivateKeyInfo encrInfo = new EncryptedPrivateKeyInfo(pkcs8KeyData);
-                encryptedKey = encrInfo.getEncryptedData();
-
-                // parse Algorithm parameters
-                DerValue val = new DerValue(encrInfo.getAlgorithm().encode());
-                DerInputStream in = val.toDerInputStream();
-                algOid = in.getOID();
-                algParams = parseAlgParameters(in);
-
-            } catch (IOException ioe) {
-                UnrecoverableKeyException uke =
-                new UnrecoverableKeyException("Private key not stored as "
-                                              + "PKCS#8 EncryptedPrivateKeyInfo: " + ioe);
-                uke.initCause(ioe);
-                throw uke;
-            }
-
-            // Use JCE to decrypt the data using the supplied password.
-            SecretKey skey = getPBEKey(password);
-            Cipher cipher = Cipher.getInstance(algOid.toString());
-            cipher.init(Cipher.DECRYPT_MODE, skey, algParams);
-            byte[] decryptedPrivateKey = cipher.doFinal(encryptedKey);
-            PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(decryptedPrivateKey);
-
-             // Parse the key algorithm and then use a JCA key factory to create the private key.
-            DerValue val = new DerValue(decryptedPrivateKey);
-            DerInputStream in = val.toDerInputStream();
-
-            // Ignore this -- version should be 0.
-            int i = in.getInteger();
-
-            // Get the Algorithm ID next
-            DerValue[] value = in.getSequence(2);
-            AlgorithmId algId = new AlgorithmId(value[0].getOID());
-            String algName = algId.getName();
-
-            // Get a key factory for this algorithm.  It's likely to be 'RSA'.
-            KeyFactory kfac = KeyFactory.getInstance(algName);
-            returnValue = kfac.generatePrivate(kspec);
-        } catch (Exception e) {
-            UnrecoverableKeyException uke =
-            new UnrecoverableKeyException("Get Key failed: " +
-                                          e.getMessage());
-            uke.initCause(e);
-            throw uke;
-        }
-
-        return returnValue;
-    }
-
-    private native byte[] _getEncodedKeyData(long secKeyRef, char[] password);
-
-    /**
-     * Returns the certificate chain associated with the given alias.
-     *
-     * @param alias the alias name
-     *
-     * @return the certificate chain (ordered with the user's certificate first
-                                      * and the root certificate authority last), or null if the given alias
-     * does not exist or does not contain a certificate chain (i.e., the given
-                                                               * alias identifies either a <i>trusted certificate entry</i> or a</