changeset 16055:dd7755824434 tip

Merge
author bobv
date Thu, 01 Dec 2016 15:00:54 -0500
parents e01125401b3e 6762573da1c7
children
files make/GenerateClasslist.gmk src/java.base/share/classes/jdk/internal/module/ConfigurableModuleFinder.java src/java.base/share/classes/sun/util/locale/provider/BreakDictionary.java src/java.base/share/classes/sun/util/locale/provider/DictionaryBasedBreakIterator.java src/java.base/share/classes/sun/util/locale/provider/RuleBasedBreakIterator.java src/java.base/share/native/include/jvmti.h src/java.base/share/native/libjava/StackFrameInfo.c src/java.base/windows/native/libnet/icmp.h src/java.desktop/macosx/classes/sun/lwawt/macosx/NSPrintInfo.java src/java.desktop/share/classes/com/sun/media/sound/SunCodec.java test/java/awt/Modal/InvisibleParentTest/InvisibleParentTest.html test/java/lang/module/ModuleReader/MultiReleaseJarTest.java test/java/net/URLPermission/nstest/lookup.sh test/java/util/ResourceBundle/modules/basic/src/asiabundles/jdk/test/resources/MyResources_ja_JP.properties test/java/util/stream/bootlib/java.base/java/util/stream/ThowableHelper.java test/sun/reflect/ReflectionFactory/NewConstructorForSerialization.java test/sun/security/tools/keytool/readjar.sh test/sun/tools/jps/JpsBase.java test/sun/tools/jps/TestJpsClass.java test/sun/tools/jps/TestJpsJar.java test/sun/tools/jps/TestJpsJarRelative.java
diffstat 647 files changed, 39041 insertions(+), 10939 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Fri Oct 28 11:10:44 2016 -0400
+++ b/.hgtags	Thu Dec 01 15:00:54 2016 -0500
@@ -384,3 +384,5 @@
 5518ac2f2ead5e594bd983f2047178136aafdfd0 jdk-9+139
 e93b7ea559759f036c9f69fd2ddaf47bb4e98385 jdk-9+140
 8d752af5f61d41f226adf2cda72a20faa9ad620a jdk-9+141
+6ce43dd8e954b452f330dd7a412df5107f7e1923 jdk-9+142
+8dbc8594f9d5149bf1c22221272284609408227a jdk-9+143
--- a/make/GenerateClasslist.gmk	Fri Oct 28 11:10:44 2016 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,74 +0,0 @@
-#
-# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
-# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-#
-# This code is free software; you can redistribute it and/or modify it
-# under the terms of the GNU General Public License version 2 only, as
-# published by the Free Software Foundation.  Oracle designates this
-# particular file as subject to the "Classpath" exception as provided
-# by Oracle in the LICENSE file that accompanied this code.
-#
-# This code is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
-# version 2 for more details (a copy is included in the LICENSE file that
-# accompanied this code).
-#
-# You should have received a copy of the GNU General Public License version
-# 2 along with this work; if not, write to the Free Software Foundation,
-# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-# or visit www.oracle.com if you need additional information or have any
-# questions.
-#
-
-################################################################################
-# Generate classlist
-################################################################################
-
-default: all
-
-include $(SPEC)
-include MakeBase.gmk
-include Tools.gmk
-include JarArchive.gmk
-
-################################################################################
-# Create a jar with our generator class. Using a jar is intentional since it
-# will load more classes
-
-$(eval $(call SetupJarArchive, CLASSLIST_JAR, \
-    SRCS := $(BUILDTOOLS_OUTPUTDIR)/jdk_tools_classes, \
-    INCLUDES := build/tools/classlist, \
-    JAR := $(SUPPORT_OUTPUTDIR)/classlist.jar, \
-))
-
-TARGETS += $(CLASSLIST_JAR)
-
-################################################################################
-
-CLASSLIST_FILE := $(SUPPORT_OUTPUTDIR)/classlist/classlist
-
-JLI_TRACE_FILE := $(SUPPORT_OUTPUTDIR)/classlist/jli_trace.out
-
-# If an external buildjdk has been supplied, we don't build a separate interim
-# image, so just use the external build jdk instead.
-ifeq ($(EXTERNAL_BUILDJDK), true)
-  INTERIM_IMAGE_DIR := $(BUILD_JDK)
-endif
-
-$(CLASSLIST_FILE): $(INTERIM_IMAGE_DIR)/bin/java$(EXE_SUFFIX) $(CLASSLIST_JAR)
-	$(call MakeDir, $(@D))
-	$(call LogInfo, Generating lib/classlist)
-	$(FIXPATH) $(INTERIM_IMAGE_DIR)/bin/java -XX:DumpLoadedClassList=$@ \
-	    -Djava.lang.invoke.MethodHandle.TRACE_RESOLVE=true \
-	    -cp $(SUPPORT_OUTPUTDIR)/classlist.jar \
-	    build.tools.classlist.HelloClasslist \
-	    $(LOG_DEBUG) 2>&1 > $(JLI_TRACE_FILE)
-
-TARGETS += $(CLASSLIST_FILE)
-
-################################################################################
-
-all: $(TARGETS)
--- a/make/copy/Copy-java.base.gmk	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/copy/Copy-java.base.gmk	Thu Dec 01 15:00:54 2016 -0500
@@ -33,7 +33,6 @@
 #
 TARGETS += \
     $(INCLUDE_DST_DIR)/jni.h \
-    $(INCLUDE_DST_DIR)/jvmti.h \
     $(INCLUDE_DST_DIR)/jvmticmlr.h \
     $(INCLUDE_DST_DIR)/classfile_constants.h \
     $(INCLUDE_DST_OS_DIR)/jni_md.h \
--- a/make/data/tzdata/VERSION	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/data/tzdata/VERSION	Thu Dec 01 15:00:54 2016 -0500
@@ -21,4 +21,4 @@
 # or visit www.oracle.com if you need additional information or have any
 # questions.
 #
-tzdata2016g
+tzdata2016h
--- a/make/data/tzdata/asia	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/data/tzdata/asia	Thu Dec 01 15:00:54 2016 -0500
@@ -2567,11 +2567,6 @@
 # From Paul Eggert (2015-03-03):
 # http://www.timeanddate.com/time/change/west-bank/ramallah?year=2014
 # says that the fall 2014 transition was Oct 23 at 24:00.
-# For future dates, guess the last Friday in March at 24:00 through
-# the first Friday on or after October 21 at 00:00.  This is consistent with
-# the predictions in today's editions of the following URLs:
-# http://www.timeanddate.com/time/change/gaza-strip/gaza
-# http://www.timeanddate.com/time/change/west-bank/hebron
 
 # From Hannah Kreitem (2016-03-09):
 # http://www.palestinecabinet.gov.ps/WebSite/ar/ViewDetails?ID=31728
@@ -2581,7 +2576,21 @@
 #
 # From Paul Eggert (2016-03-12):
 # Predict spring transitions on March's last Saturday at 01:00 from now on.
-# Leave fall predictions alone for now.
+
+# From Sharef Mustafa (2016-10-19):
+# [T]he Palestinian cabinet decision (Mar 8th 2016) published on
+# http://www.palestinecabinet.gov.ps/WebSite/Upload/Decree/GOV_17/16032016134830.pdf
+# states that summer time will end on Oct 29th at 01:00.
+#
+# From Tim Parenti (2016-10-19):
+# Predict fall transitions on October's last Saturday at 01:00 from now on.
+# This is consistent with the 2016 transition as well as our spring
+# predictions.
+#
+# From Paul Eggert (2016-10-19):
+# It's also consistent with predictions in the following URLs today:
+# http://www.timeanddate.com/time/change/gaza-strip/gaza
+# http://www.timeanddate.com/time/change/west-bank/hebron
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule EgyptAsia	1957	only	-	May	10	0:00	1:00	S
@@ -2610,9 +2619,10 @@
 Rule Palestine	2012	2014	-	Mar	lastThu	24:00	1:00	S
 Rule Palestine	2012	only	-	Sep	21	1:00	0	-
 Rule Palestine	2013	only	-	Sep	Fri>=21	0:00	0	-
-Rule Palestine	2014	max	-	Oct	Fri>=21	0:00	0	-
+Rule Palestine	2014	2015	-	Oct	Fri>=21	0:00	0	-
 Rule Palestine	2015	only	-	Mar	lastFri	24:00	1:00	S
 Rule Palestine	2016	max	-	Mar	lastSat	1:00	1:00	S
+Rule Palestine	2016	max	-	Oct	lastSat	1:00	0	-
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
@@ -2762,45 +2772,31 @@
 # People who live in regions under Tamil control can use [TZ='Asia/Kolkata'],
 # as that zone has agreed with the Tamil areas since our cutoff date of 1970.
 
-# From K Sethu (2006-04-25):
-# I think the abbreviation LKT originated from the world of computers at
-# the time of or subsequent to the time zone changes by SL Government
-# twice in 1996 and probably SL Government or its standardization
-# agencies never declared an abbreviation as a national standard.
+# From Sadika Sumanapala (2016-10-19):
+# According to http://www.sltime.org (maintained by Measurement Units,
+# Standards & Services Department, Sri Lanka) abbreviation for Sri Lanka
+# standard time is SLST.
 #
-# I recollect before the recent change the government announcements
-# mentioning it as simply changing Sri Lanka Standard Time or Sri Lanka
-# Time and no mention was made about the abbreviation.
-#
-# If we look at Sri Lanka Department of Government's "Official News
-# Website of Sri Lanka" ... http://www.news.lk/ we can see that they
-# use SLT as abbreviation in time stamp at the beginning of each news
-# item....
-#
-# Within Sri Lanka I think LKT is well known among computer users and
-# administrators.  In my opinion SLT may not be a good choice because the
-# nation's largest telcom / internet operator Sri Lanka Telcom is well
-# known by that abbreviation - simply as SLT (there IP domains are
-# slt.lk and sltnet.lk).
-#
-# But if indeed our government has adopted SLT as standard abbreviation
-# (that we have not known so far) then  it is better that it be used for
-# all computers.
-
-# From Paul Eggert (2006-04-25):
-# One possibility is that we wait for a bit for the dust to settle down
-# and then see what people actually say in practice.
+# From Paul Eggert (2016-10-18):
+# "SLST" seems to be reasonably recent and rarely-used outside time
+# zone nerd sources.  I searched Google News and found three uses of
+# it in the International Business Times of India in February and
+# March of this year when discussing cricket match times, but nothing
+# since then (though there has been a lot of cricket) and nothing in
+# other English-language news sources.  Our old abbreviation "LKT" is
+# even worse.  For now, let's use a numeric abbreviation; we can
+# switch to "SLST" if it catches on.
 
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Asia/Colombo	5:19:24 -	LMT	1880
 			5:19:32	-	MMT	1906        # Moratuwa Mean Time
-			5:30	-	IST	1942 Jan  5
-			5:30	0:30	IHST	1942 Sep
-			5:30	1:00	IST	1945 Oct 16  2:00
-			5:30	-	IST	1996 May 25  0:00
-			6:30	-	LKT	1996 Oct 26  0:30
-			6:00	-	LKT	2006 Apr 15  0:30
-			5:30	-	IST
+			5:30	-	+0530	1942 Jan  5
+			5:30	0:30	+0530/+06 1942 Sep
+			5:30	1:00	+0530/+0630 1945 Oct 16  2:00
+			5:30	-	+0530	1996 May 25  0:00
+			6:30	-	+0630	1996 Oct 26  0:30
+			6:00	-	+06	2006 Apr 15  0:30
+			5:30	-	+0530
 
 # Syria
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
--- a/make/data/tzdata/australasia	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/data/tzdata/australasia	Thu Dec 01 15:00:54 2016 -0500
@@ -373,7 +373,13 @@
 # commencing at 2.00 am on Sunday 1st November, 2015 and ending at
 # 3.00 am on Sunday 17th January, 2016.
 
-# From Paul Eggert (2015-09-01):
+# From Raymond Kumar (2016-10-04):
+# http://www.fiji.gov.fj/Media-Center/Press-Releases/DAYLIGHT-SAVING-STARTS-ON-6th-NOVEMBER,-2016.aspx
+# "Fiji's daylight savings will begin on Sunday, 6 November 2016, when
+# clocks go forward an hour at 2am to 3am....  Daylight Saving will
+# end at 3.00am on Sunday 15th January 2017."
+
+# From Paul Eggert (2016-10-03):
 # For now, guess DST from 02:00 the first Sunday in November to
 # 03:00 the third Sunday in January.  Although ad hoc, it matches
 # transitions since late 2014 and seems more likely to match future
--- a/make/data/tzdata/europe	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/data/tzdata/europe	Thu Dec 01 15:00:54 2016 -0500
@@ -1931,7 +1931,7 @@
 # Amsterdam mean time.
 
 # The data entries before 1945 are taken from
-# http://www.phys.uu.nl/~vgent/wettijd/wettijd.htm
+# http://www.staff.science.uu.nl/~gent0113/idl/idl.htm
 
 # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
 Rule	Neth	1916	only	-	May	 1	0:00	1:00	NST	# Netherlands Summer Time
@@ -3450,22 +3450,24 @@
 
 # Turkey
 
-# From Amar Devegowda (2007-01-03):
-# The time zone rules for Istanbul, Turkey have not been changed for years now.
-# ... The latest rules are available at:
-# http://www.timeanddate.com/worldclock/timezone.html?n=107
-# From Steffen Thorsen (2007-01-03):
-# I have been able to find press records back to 1996 which all say that
-# DST started 01:00 local time and end at 02:00 local time.  I am not sure
-# what happened before that.  One example for each year from 1996 to 2001:
-# http://newspot.byegm.gov.tr/arsiv/1996/21/N4.htm
-# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING97/03/97X03X25.TXT
-# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING98/03/98X03X02.HTM
-# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING99/10/99X10X26.HTM#%2016
-# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING2000/03/00X03X06.HTM#%2021
-# http://www.byegm.gov.tr/YAYINLARIMIZ/CHR/ING2001/03/23x03x01.HTM#%2027
-# From Paul Eggert (2007-01-03):
-# Prefer the above source to Shanks & Pottenger for time stamps after 1990.
+# From Kıvanç Yazan (2016-09-25):
+# 1) For 1986-2006, DST started at 01:00 local and ended at 02:00 local, with
+#    no exceptions.
+# 2) 1994's lastSun was overridden with Mar 20 ...
+# Here are official papers:
+# http://www.resmigazete.gov.tr/arsiv/19032.pdf  - page 2 for 1986
+# http://www.resmigazete.gov.tr/arsiv/19400.pdf  - page 4 for 1987
+# http://www.resmigazete.gov.tr/arsiv/19752.pdf  - page 15 for 1988
+# http://www.resmigazete.gov.tr/arsiv/20102.pdf  - page 6 for 1989
+# http://www.resmigazete.gov.tr/arsiv/20464.pdf  - page 1 for 1990 - 1992
+# http://www.resmigazete.gov.tr/arsiv/21531.pdf  - page 15 for 1993 - 1995
+# http://www.resmigazete.gov.tr/arsiv/21879.pdf  - page 1 for overriding 1994
+# http://www.resmigazete.gov.tr/arsiv/22588.pdf  - page 1 for 1996, 1997
+# http://www.resmigazete.gov.tr/arsiv/23286.pdf  - page 10 for 1998 - 2000
+# http://www.resmigazete.gov.tr/eskiler/2001/03/20010324.htm#2  - for 2001
+# http://www.resmigazete.gov.tr/eskiler/2002/03/20020316.htm#2  - for 2002-2006
+# From Paul Eggert (2016-09-25):
+# Prefer the above sources to Shanks & Pottenger for time stamps after 1985.
 
 # From Steffen Thorsen (2007-03-09):
 # Starting 2007 though, it seems that they are adopting EU's 1:00 UTC
@@ -3574,10 +3576,10 @@
 Rule	Turkey	1983	only	-	Oct	 2	0:00	0	-
 Rule	Turkey	1985	only	-	Apr	20	0:00	1:00	S
 Rule	Turkey	1985	only	-	Sep	28	0:00	0	-
-Rule	Turkey	1986	1990	-	Mar	lastSun	2:00s	1:00	S
-Rule	Turkey	1986	1990	-	Sep	lastSun	2:00s	0	-
-Rule	Turkey	1991	2006	-	Mar	lastSun	1:00s	1:00	S
-Rule	Turkey	1991	1995	-	Sep	lastSun	1:00s	0	-
+Rule	Turkey	1986	1993	-	Mar	lastSun	1:00s	1:00	S
+Rule	Turkey	1986	1995	-	Sep	lastSun	1:00s	0	-
+Rule	Turkey	1994	only	-	Mar	20	1:00s	1:00	S
+Rule	Turkey	1995	2006	-	Mar	lastSun	1:00s	1:00	S
 Rule	Turkey	1996	2006	-	Oct	lastSun	1:00s	0	-
 # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
 Zone	Europe/Istanbul	1:55:52 -	LMT	1880
--- a/make/data/tzdata/northamerica	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/data/tzdata/northamerica	Thu Dec 01 15:00:54 2016 -0500
@@ -47,8 +47,32 @@
 # was the result of his proposals at the Convention of Railroad Trunk Lines
 # in New York City (1869-10).  His 1870 proposal was based on Washington, DC,
 # but in 1872-05 he moved the proposed origin to Greenwich.
-# His proposal was adopted by the railroads on 1883-11-18 at 12:00,
-# and the most of the country soon followed suit.
+
+# From Paul Eggert (2016-09-21):
+# Dowd's proposal left many details unresolved, such as where to draw
+# lines between time zones.  The key individual who made time zones
+# work in the US was William Frederick Allen - railway engineer,
+# managing editor of the Travelers' Guide, and secretary of the
+# General Time Convention, a railway standardization group.  Allen
+# spent months in dialogs with scientific and railway leaders,
+# developed a workable plan to institute time zones, and presented it
+# to the General Time Convention on 1883-04-11, saying that his plan
+# meant "local time would be practically abolished" - a plus for
+# railway scheduling.  By the next convention on 1883-10-11 nearly all
+# railroads had agreed and it took effect on 1883-11-18 at 12:00.
+# That Sunday was called the "day of two noons", as the eastern parts
+# of the new zones observed noon twice.  Allen witnessed the
+# transition in New York City, writing:
+#
+#   I heard the bells of St. Paul's strike on the old time.  Four
+#   minutes later, obedient to the electrical signal from the Naval
+#   Observatory ... the time-ball made its rapid descent, the chimes
+#   of old Trinity rang twelve measured strokes, and local time was
+#   abandoned, probably forever.
+#
+# Most of the US soon followed suit.  See:
+# Bartky IR. The adoption of standard time. Technol Cult 1989 Jan;30(1):25-56.
+# http://dx.doi.org/10.2307/3105430
 
 # From Paul Eggert (2005-04-16):
 # That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
--- a/make/gendata/GendataBreakIterator.gmk	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/gendata/GendataBreakIterator.gmk	Thu Dec 01 15:00:54 2016 -0500
@@ -55,7 +55,6 @@
 $(eval $(call SetupJavaCompilation,BUILD_BREAKITERATOR_LD, \
     SETUP := GENERATE_OLDBYTECODE, \
     SRC := $(JDK_TOPDIR)/src/jdk.localedata/share/classes, \
-    INCLUDES := $(TEXT_PKG_LD), \
     INCLUDE_FILES := \
         $(TEXT_PKG_LD)/BreakIteratorRules_th.java \
         $(TEXT_PKG_LD)/BreakIteratorInfo_th.java, \
--- a/make/mapfiles/libjava/mapfile-vers	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/mapfiles/libjava/mapfile-vers	Thu Dec 01 15:00:54 2016 -0500
@@ -140,7 +140,6 @@
 		Java_java_lang_Double_doubleToRawLongBits;
 		Java_java_lang_Float_intBitsToFloat;
 		Java_java_lang_Float_floatToRawIntBits;
-                Java_java_lang_StackFrameInfo_toStackTraceElement0;
                 Java_java_lang_StackStreamFactory_checkStackWalkModes;
                 Java_java_lang_StackStreamFactory_00024AbstractStackWalker_callStackWalk;
                 Java_java_lang_StackStreamFactory_00024AbstractStackWalker_fetchStackFrames;
@@ -215,6 +214,8 @@
 		Java_java_lang_SecurityManager_currentLoadedClass0;
 		Java_java_lang_SecurityManager_getClassContext;
 		Java_java_lang_Shutdown_halt0;
+                Java_java_lang_StackTraceElement_initStackTraceElement;
+                Java_java_lang_StackTraceElement_initStackTraceElements;
 		Java_java_lang_String_intern;
 		Java_java_lang_StringCoding_err;
 		Java_java_lang_StringUTF16_isBigEndian;
@@ -227,7 +228,6 @@
 		Java_java_lang_System_setOut0;
 		Java_java_lang_Thread_registerNatives;
 		Java_java_lang_Throwable_fillInStackTrace;
-                Java_java_lang_Throwable_getStackTraceElements;
 		Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2;
 		Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedAction_2Ljava_security_AccessControlContext_2;
 		Java_java_security_AccessController_doPrivileged__Ljava_security_PrivilegedExceptionAction_2;
--- a/make/mapfiles/libjava/reorder-sparc	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/mapfiles/libjava/reorder-sparc	Thu Dec 01 15:00:54 2016 -0500
@@ -78,7 +78,7 @@
 text: .text%JNU_GetEnv;
 text: .text%Java_java_io_UnixFileSystem_checkAccess;
 text: .text%Java_java_lang_reflect_Array_newArray;
-text: .text%Java_java_lang_Throwable_getStackTraceElements;
+text: .text%Java_java_lang_StackTraceElement_initStackTraceElements;
 text: .text%throwFileNotFoundException;
 text: .text%JNU_NotifyAll;
 # Test LoadFrame
--- a/make/mapfiles/libjava/reorder-sparcv9	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/mapfiles/libjava/reorder-sparcv9	Thu Dec 01 15:00:54 2016 -0500
@@ -74,7 +74,7 @@
 text: .text%JNU_GetEnv;
 text: .text%Java_java_io_UnixFileSystem_checkAccess;
 text: .text%Java_java_lang_reflect_Array_newArray;
-text: .text%Java_java_lang_Throwable_getStackTraceElements;
+text: .text%Java_java_lang_StackTraceElement_initStackTraceElements;
 text: .text%throwFileNotFoundException: OUTPUTDIR/io_util.o;
 text: .text%JNU_NotifyAll;
 # Test LoadFrame
--- a/make/mapfiles/libjava/reorder-x86	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/mapfiles/libjava/reorder-x86	Thu Dec 01 15:00:54 2016 -0500
@@ -78,7 +78,7 @@
 text: .text%Java_sun_reflect_NativeMethodAccessorImpl_invoke0;
 text: .text%Java_java_io_FileInputStream_available;
 text: .text%Java_java_lang_reflect_Array_newArray;
-text: .text%Java_java_lang_Throwable_getStackTraceElements;
+text: .text%Java_java_lang_StackTraceElement_initStackTraceElements;
 text: .text%Java_java_lang_System_identityHashCode;
 text: .text%JNU_NotifyAll;
 # Test LoadFrame
--- a/make/mapfiles/libsplashscreen/mapfile-vers	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/mapfiles/libsplashscreen/mapfile-vers	Thu Dec 01 15:00:54 2016 -0500
@@ -44,6 +44,7 @@
         SplashSetFileJarName;
         SplashSetScaleFactor;
         SplashGetScaledImageName;
+        SplashGetScaledImgNameMaxPstfixLen;
     local:
         *;
 };
--- a/make/rmic/Rmic-java.rmi.gmk	Fri Oct 28 11:10:44 2016 -0400
+++ b/make/rmic/Rmic-java.rmi.gmk	Thu Dec 01 15:00:54 2016 -0500
@@ -33,7 +33,7 @@
 #
 
 $(eval $(call SetupRMICompilation,RMI_12, \
-    CLASSES := sun.rmi.server.Activation$$$$ActivationSystemImpl \
+    CLASSES := sun.rmi.server.Activation$$ActivationSystemImpl \
         java.rmi.activation.ActivationGroup, \
     CLASSES_DIR := $(CLASSES_DIR)/java.rmi, \
     STUB_CLASSES_DIR := $(STUB_CLASSES_DIR)/java.rmi, \
--- a/src/java.base/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/com/sun/crypto/provider/CipherBlockChaining.java	Thu Dec 01 15:00:54 2016 -0500
@@ -142,6 +142,9 @@
      */
     int encrypt(byte[] plain, int plainOffset, int plainLen,
                 byte[] cipher, int cipherOffset) {
+        if (plainLen <= 0) {
+            return plainLen;
+        }
         cryptBlockSizeCheck(plainLen);
         cryptNullAndBoundsCheck(plain, plainOffset, plainLen);
         cryptNullAndBoundsCheck(cipher, cipherOffset, plainLen);
@@ -190,6 +193,9 @@
      */
     int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
                 byte[] plain, int plainOffset) {
+        if (cipherLen <= 0) {
+            return cipherLen;
+        }
         cryptBlockSizeCheck(cipherLen);
         cryptNullAndBoundsCheck(cipher, cipherOffset, cipherLen);
         cryptNullAndBoundsCheck(plain, plainOffset, cipherLen);
@@ -220,10 +226,6 @@
     }
 
     private static void cryptNullAndBoundsCheck(byte[] array, int offset, int len) {
-        if (len <= 0) {
-            return; // not an error because cryptImpl/decryptImpl won't execute if len <= 0
-        }
-
         Objects.requireNonNull(array);
 
         if (offset < 0 || offset >= array.length) {
--- a/src/java.base/share/classes/com/sun/crypto/provider/CounterMode.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/com/sun/crypto/provider/CounterMode.java	Thu Dec 01 15:00:54 2016 -0500
@@ -172,10 +172,12 @@
      * are encrypted on demand.
      */
     private int crypt(byte[] in, int inOff, int len, byte[] out, int outOff) {
-
-      Objects.checkFromIndexSize(inOff, len, in.length);
-      Objects.checkFromIndexSize(outOff, len, out.length);
-      return implCrypt(in, inOff, len, out, outOff);
+        if (len == 0) {
+            return 0;
+        }
+        Objects.checkFromIndexSize(inOff, len, in.length);
+        Objects.checkFromIndexSize(outOff, len, out.length);
+        return implCrypt(in, inOff, len, out, outOff);
     }
 
     // Implementation of crpyt() method. Possibly replaced with a compiler intrinsic.
--- a/src/java.base/share/classes/java/io/File.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/io/File.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1907,16 +1907,10 @@
             throws IOException
         {
             long n = random.nextLong();
-            if (n == Long.MIN_VALUE) {
-                n = 0;      // corner case
-            } else {
-                n = Math.abs(n);
-            }
 
             // Use only the file name from the supplied prefix
             prefix = (new File(prefix)).getName();
-
-            String name = prefix + Long.toString(n) + suffix;
+            String name = prefix + Long.toUnsignedString(n) + suffix;
             File f = new File(dir, name);
             if (!name.equals(f.getName()) || f.isInvalid()) {
                 if (System.getSecurityManager() != null)
--- a/src/java.base/share/classes/java/io/FileInputStream.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/io/FileInputStream.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package java.io;
 
 import java.nio.channels.FileChannel;
-import java.util.concurrent.atomic.AtomicBoolean;
 import sun.nio.ch.FileChannelImpl;
 
 
@@ -60,7 +59,9 @@
 
     private volatile FileChannel channel;
 
-    private final AtomicBoolean closed = new AtomicBoolean(false);
+    private final Object closeLock = new Object();
+
+    private volatile boolean closed;
 
     /**
      * Creates a <code>FileInputStream</code> by
@@ -313,14 +314,21 @@
      * @spec JSR-51
      */
     public void close() throws IOException {
-        if (!closed.compareAndSet(false, true)) {
-            // if compareAndSet() returns false closed was already true
+        if (closed) {
             return;
         }
+        synchronized (closeLock) {
+            if (closed) {
+                return;
+            }
+            closed = true;
+        }
 
         FileChannel fc = channel;
         if (fc != null) {
-           fc.close();
+            // possible race with getChannel(), benign since
+            // FileChannel.close is final and idempotent
+            fc.close();
         }
 
         fd.closeAll(new Closeable() {
@@ -370,8 +378,10 @@
                 fc = this.channel;
                 if (fc == null) {
                     this.channel = fc = FileChannelImpl.open(fd, path, true, false, this);
-                    if (closed.get()) {
+                    if (closed) {
                         try {
+                            // possible race with close(), benign since
+                            // FileChannel.close is final and idempotent
                             fc.close();
                         } catch (IOException ioe) {
                             throw new InternalError(ioe); // should not happen
--- a/src/java.base/share/classes/java/io/FileOutputStream.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/io/FileOutputStream.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1994, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1994, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -26,7 +26,6 @@
 package java.io;
 
 import java.nio.channels.FileChannel;
-import java.util.concurrent.atomic.AtomicBoolean;
 import jdk.internal.misc.SharedSecrets;
 import jdk.internal.misc.JavaIOFileDescriptorAccess;
 import sun.nio.ch.FileChannelImpl;
@@ -77,7 +76,9 @@
      */
     private final String path;
 
-    private final AtomicBoolean closed = new AtomicBoolean(false);
+    private final Object closeLock = new Object();
+
+    private volatile boolean closed;
 
     /**
      * Creates a file output stream to write to the file with the
@@ -341,14 +342,21 @@
      * @spec JSR-51
      */
     public void close() throws IOException {
-        if (!closed.compareAndSet(false, true)) {
-            // if compareAndSet() returns false closed was already true
+        if (closed) {
             return;
         }
+        synchronized (closeLock) {
+            if (closed) {
+                return;
+            }
+            closed = true;
+        }
 
         FileChannel fc = channel;
         if (fc != null) {
-           fc.close();
+            // possible race with getChannel(), benign since
+            // FileChannel.close is final and idempotent
+            fc.close();
         }
 
         fd.closeAll(new Closeable() {
@@ -399,8 +407,10 @@
                 fc = this.channel;
                 if (fc == null) {
                     this.channel = fc = FileChannelImpl.open(fd, path, false, true, this);
-                    if (closed.get()) {
+                    if (closed) {
                         try {
+                            // possible race with close(), benign since
+                            // FileChannel.close is final and idempotent
                             fc.close();
                         } catch (IOException ioe) {
                             throw new InternalError(ioe); // should not happen
--- a/src/java.base/share/classes/java/io/FilePermission.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/io/FilePermission.java	Thu Dec 01 15:00:54 2016 -0500
@@ -173,6 +173,7 @@
     private transient Path npath;       // normalized dir path.
     private transient Path npath2;      // alternative normalized dir path.
     private transient boolean allFiles; // whether this is <<ALL FILES>>
+    private transient boolean invalid;  // whether input path is invalid
 
     // static Strings used by init(int mask)
     private static final char RECURSIVE_CHAR = '-';
@@ -218,11 +219,12 @@
      * A private constructor like a clone, only npath2 is not touched.
      * @param input
      */
-    private FilePermission(FilePermission input) {
-        super(input.getName());
+    private FilePermission(String name, FilePermission input) {
+        super(name);
         this.npath = input.npath;
         this.actions = input.actions;
         this.allFiles = input.allFiles;
+        this.invalid = input.invalid;
         this.recursive = input.recursive;
         this.directory = input.directory;
         this.cpath = input.cpath;
@@ -255,7 +257,12 @@
                     if (input.npath2 == null && !input.allFiles) {
                         Path npath2 = altPath(input.npath);
                         if (npath2 != null) {
-                            FilePermission np = new FilePermission(input);
+                            // Please note the name of the new permission is
+                            // different than the original so that when one is
+                            // added to a FilePermissionCollection it will not
+                            // be merged with the original one.
+                            FilePermission np = new FilePermission(
+                                    input.getName()+"#plus", input);
                             np.npath2 = npath2;
                             return np;
                         }
@@ -266,7 +273,9 @@
                     if (!input.allFiles) {
                         Path npath2 = altPath(input.npath);
                         if (npath2 != null) {
-                            FilePermission np = new FilePermission(input);
+                            // New name, see above.
+                            FilePermission np = new FilePermission(
+                                    input.getName()+"#using", input);
                             np.npath = npath2;
                             return np;
                         }
@@ -318,11 +327,12 @@
                 // Windows. Some JDK codes generate such illegal names.
                 npath = builtInFS.getPath(new File(name).getPath())
                         .normalize();
+                invalid = false;
             } catch (InvalidPathException ipe) {
                 // Still invalid. For compatibility reason, accept it
                 // but make this permission useless.
                 npath = builtInFS.getPath("-u-s-e-l-e-s-s-");
-                this.mask = NONE;
+                invalid = true;
             }
 
             // lastName should always be non-null now
@@ -540,6 +550,12 @@
      */
     boolean impliesIgnoreMask(FilePermission that) {
         if (FilePermCompat.nb) {
+            if (this == that) {
+                return true;
+            }
+            if (this.invalid || that.invalid) {
+                return false;
+            }
             if (allFiles) {
                 return true;
             }
@@ -687,9 +703,13 @@
         FilePermission that = (FilePermission) obj;
 
         if (FilePermCompat.nb) {
+            if (this.invalid || that.invalid) {
+                return false;
+            }
             return (this.mask == that.mask) &&
                     (this.allFiles == that.allFiles) &&
                     this.npath.equals(that.npath) &&
+                    Objects.equals(npath2, that.npath2) &&
                     (this.directory == that.directory) &&
                     (this.recursive == that.recursive);
         } else {
@@ -708,7 +728,8 @@
     @Override
     public int hashCode() {
         if (FilePermCompat.nb) {
-            return Objects.hash(mask, allFiles, directory, recursive, npath);
+            return Objects.hash(
+                    mask, allFiles, directory, recursive, npath, npath2, invalid);
         } else {
             return 0;
         }
--- a/src/java.base/share/classes/java/io/ObjectStreamClass.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/io/ObjectStreamClass.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1413,27 +1413,7 @@
      * returned constructor (if any).
      */
     private static Constructor<?> getSerializableConstructor(Class<?> cl) {
-        Class<?> initCl = cl;
-        while (Serializable.class.isAssignableFrom(initCl)) {
-            if ((initCl = initCl.getSuperclass()) == null) {
-                return null;
-            }
-        }
-        try {
-            Constructor<?> cons = initCl.getDeclaredConstructor((Class<?>[]) null);
-            int mods = cons.getModifiers();
-            if ((mods & Modifier.PRIVATE) != 0 ||
-                ((mods & (Modifier.PUBLIC | Modifier.PROTECTED)) == 0 &&
-                 !packageEquals(cl, initCl)))
-            {
-                return null;
-            }
-            cons = reflFactory.newConstructorForSerialization(cl, cons);
-            cons.setAccessible(true);
-            return cons;
-        } catch (NoSuchMethodException ex) {
-            return null;
-        }
+        return reflFactory.newConstructorForSerialization(cl);
     }
 
     /**
--- a/src/java.base/share/classes/java/lang/Class.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/Class.java	Thu Dec 01 15:00:54 2016 -0500
@@ -485,7 +485,7 @@
      * can be replaced by
      *
      * <pre>{@code
-     * clazz.getConstructor().newInstance()
+     * clazz.getDeclaredConstructor().newInstance()
      * }</pre>
      *
      * The latter sequence of calls is inferred to be able to throw
--- a/src/java.base/share/classes/java/lang/ClassLoader.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/ClassLoader.java	Thu Dec 01 15:00:54 2016 -0500
@@ -104,9 +104,9 @@
  * class or resource itself.
  *
  * <p> Class loaders that support concurrent loading of classes are known as
- * <em>parallel capable</em> class loaders and are required to register
- * themselves at their class initialization time by invoking the
- * {@link
+ * <em>{@linkplain #isParallelCapable() parallel capable}</em> class loaders and
+ * are required to register themselves at their class initialization time by
+ * invoking the {@link
  * #registerAsParallelCapable <tt>ClassLoader.registerAsParallelCapable</tt>}
  * method. Note that the <tt>ClassLoader</tt> class is registered as parallel
  * capable by default. However, its subclasses still need to register themselves
@@ -222,6 +222,9 @@
     // must be added *after* it.
     private final ClassLoader parent;
 
+    // class loader name
+    private final String name;
+
     // the unnamed module for this ClassLoader
     private final Module unnamedModule;
 
@@ -331,6 +334,14 @@
     }
 
     private static Void checkCreateClassLoader() {
+        return checkCreateClassLoader(null);
+    }
+
+    private static Void checkCreateClassLoader(String name) {
+        if (name != null && name.isEmpty()) {
+            throw new IllegalArgumentException("name must be non-empty or null");
+        }
+
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             security.checkCreateClassLoader();
@@ -338,7 +349,8 @@
         return null;
     }
 
-    private ClassLoader(Void unused, ClassLoader parent) {
+    private ClassLoader(Void unused, String name, ClassLoader parent) {
+        this.name = name;
         this.parent = parent;
         this.unnamedModule
             = SharedSecrets.getJavaLangReflectModuleAccess()
@@ -356,6 +368,27 @@
     }
 
     /**
+     * Creates a new class loader of the specified name and using the
+     * specified parent class loader for delegation.
+     *
+     * @param  name   class loader name; or {@code null} if not named
+     * @param  parent the parent class loader
+     *
+     * @throws IllegalArgumentException if the given name is empty.
+     *
+     * @throws SecurityException
+     *         If a security manager exists and its
+     *         {@link SecurityManager#checkCreateClassLoader()}
+     *         method doesn't allow creation of a new class loader.
+     *
+     * @since  9
+     */
+    protected ClassLoader(String name, ClassLoader parent) {
+        this(checkCreateClassLoader(name), name, parent);
+    }
+
+
+    /**
      * Creates a new class loader using the specified parent class loader for
      * delegation.
      *
@@ -375,9 +408,10 @@
      * @since  1.2
      */
     protected ClassLoader(ClassLoader parent) {
-        this(checkCreateClassLoader(), parent);
+        this(checkCreateClassLoader(), null, parent);
     }
 
+
     /**
      * Creates a new class loader using the <tt>ClassLoader</tt> returned by
      * the method {@link #getSystemClassLoader()
@@ -394,7 +428,31 @@
      *          of a new class loader.
      */
     protected ClassLoader() {
-        this(checkCreateClassLoader(), getSystemClassLoader());
+        this(checkCreateClassLoader(), null, getSystemClassLoader());
+    }
+
+
+    /**
+     * Returns the name of this class loader or {@code null} if
+     * this class loader is not named.
+     *
+     * @apiNote This method is non-final for compatibility.  If this
+     * method is overridden, this method must return the same name
+     * as specified when this class loader was instantiated.
+     *
+     * @return name of this class loader; or {@code null} if
+     * this class loader is not named.
+     *
+     * @since 9
+     */
+    public String getName() {
+        return name;
+    }
+
+    // package-private used by StackTraceElement to avoid
+    // calling the overrideable getName method
+    final String name() {
+        return name;
     }
 
     // -- Class --
@@ -1437,7 +1495,7 @@
     }
 
     /**
-     * Registers the caller as parallel capable.
+     * Registers the caller as {@linkplain #isParallelCapable() parallel capable}.
      * The registration succeeds if and only if all of the following
      * conditions are met:
      * <ol>
@@ -1448,8 +1506,10 @@
      * <p>Note that once a class loader is registered as parallel capable, there
      * is no way to change it back.</p>
      *
-     * @return  true if the caller is successfully registered as
-     *          parallel capable and false if otherwise.
+     * @return  {@code true} if the caller is successfully registered as
+     *          parallel capable and {@code false} if otherwise.
+     *
+     * @see #isParallelCapable()
      *
      * @since   1.7
      */
@@ -1461,6 +1521,22 @@
     }
 
     /**
+     * Returns {@code true} if this class loader is
+     * {@linkplain #registerAsParallelCapable parallel capable}, otherwise
+     * {@code false}.
+     *
+     * @return  {@code true} if this class loader is parallel capable,
+     *          otherwise {@code false}.
+     *
+     * @see #registerAsParallelCapable()
+     *
+     * @since   9
+     */
+    public final boolean isParallelCapable() {
+        return ParallelLoaders.isRegistered(this.getClass());
+    }
+
+    /**
      * Find a resource of the specified name from the search path used to load
      * classes.  This method locates the resource through the system class
      * loader (see {@link #getSystemClassLoader()}).
@@ -1610,6 +1686,9 @@
      * <a href="#builtinLoaders">platform classes</a> are visible to
      * the platform class loader.
      *
+     * @implNote The name of the builtin platform class loader is
+     * {@code "platform"}.
+     *
      * @return  The platform {@code ClassLoader}.
      *
      * @throws  SecurityException
@@ -1663,6 +1742,16 @@
      * this method during startup should take care not to cache the return
      * value until the system is fully initialized.
      *
+     * <p> The name of the built-in system class loader is {@code "app"}.
+     * The class path used by the built-in system class loader is determined
+     * by the system property "{@code java.class.path}" during early
+     * initialization of the VM. If the system property is not defined,
+     * or its value is an empty string, then there is no class path
+     * when the initial module is a module on the application module path,
+     * i.e. <em>a named module</em>. If the initial module is not on
+     * the application module path then the class path defaults to
+     * the current working directory.
+     *
      * @return  The system <tt>ClassLoader</tt> for delegation
      *
      * @throws  SecurityException
--- a/src/java.base/share/classes/java/lang/StackFrameInfo.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/StackFrameInfo.java	Thu Dec 01 15:00:54 2016 -0500
@@ -112,11 +112,6 @@
         return toStackTraceElement().toString();
     }
 
-    /**
-     * Fill in the fields of the given StackTraceElement
-     */
-    private native void toStackTraceElement0(StackTraceElement ste);
-
     @Override
     public StackTraceElement toStackTraceElement() {
         StackTraceElement s = ste;
@@ -124,9 +119,7 @@
             synchronized (this) {
                 s = ste;
                 if (s == null) {
-                    s = new StackTraceElement();
-                    toStackTraceElement0(s);
-                    ste = s;
+                    ste = s = StackTraceElement.of(this);
                 }
             }
         }
--- a/src/java.base/share/classes/java/lang/StackTraceElement.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/StackTraceElement.java	Thu Dec 01 15:00:54 2016 -0500
@@ -25,7 +25,18 @@
 
 package java.lang;
 
+import jdk.internal.loader.BuiltinClassLoader;
+import jdk.internal.misc.SharedSecrets;
+import jdk.internal.misc.VM;
+import jdk.internal.module.ModuleHashes;
+
+import java.lang.module.ModuleDescriptor.Version;
+import java.lang.reflect.Layer;
+import java.lang.reflect.Module;
+import java.util.HashSet;
 import java.util.Objects;
+import java.util.Optional;
+import java.util.Set;
 
 /**
  * An element in a stack trace, as returned by {@link
@@ -40,7 +51,15 @@
  * @author Josh Bloch
  */
 public final class StackTraceElement implements java.io.Serializable {
-    // Normally initialized by VM (public constructor added in 1.5)
+    // This field is set to the compacted String representation used
+    // by StackTraceElement::toString and stored in serial form.
+    //
+    // This field is of Object type. VM initially sets this field to
+    // the Class object of the declaring class to build the compacted string.
+    private Object classOrLoaderModuleClassName;
+
+    // Normally initialized by VM
+    private String classLoaderName;
     private String moduleName;
     private String moduleVersion;
     private String declaringClass;
@@ -72,19 +91,22 @@
      */
     public StackTraceElement(String declaringClass, String methodName,
                              String fileName, int lineNumber) {
-        this(null, null, declaringClass, methodName, fileName, lineNumber);
+        this(null, null, null, declaringClass, methodName, fileName, lineNumber);
     }
 
     /**
      * Creates a stack trace element representing the specified execution
      * point.
      *
+     * @param classLoaderName the class loader name if the class loader of
+     *        the class containing the execution point represented by
+     *        the stack trace is named; otherwise {@code null}
      * @param moduleName the module name if the class containing the
      *        execution point represented by the stack trace is in a named
-     *        module; can be {@code null}
+     *        module; otherwise {@code null}
      * @param moduleVersion the module version if the class containing the
      *        execution point represented by the stack trace is in a named
-     *        module that has a version; can be {@code null}
+     *        module that has a version; otherwise {@code null}
      * @param declaringClass the fully qualified name of the class containing
      *        the execution point represented by the stack trace element
      * @param methodName the name of the method containing the execution point
@@ -97,26 +119,30 @@
      *        a negative number if this information is unavailable. A value
      *        of -2 indicates that the method containing the execution point
      *        is a native method
+     *
      * @throws NullPointerException if {@code declaringClass} is {@code null}
      *         or {@code methodName} is {@code null}
+     *
      * @since 9
      */
-    public StackTraceElement(String moduleName, String moduleVersion,
+    public StackTraceElement(String classLoaderName,
+                             String moduleName, String moduleVersion,
                              String declaringClass, String methodName,
                              String fileName, int lineNumber) {
-        this.moduleName     = moduleName;
-        this.moduleVersion  = moduleVersion;
-        this.declaringClass = Objects.requireNonNull(declaringClass, "Declaring class is null");
-        this.methodName     = Objects.requireNonNull(methodName, "Method name is null");
-        this.fileName       = fileName;
-        this.lineNumber     = lineNumber;
+        this.classLoaderName = classLoaderName;
+        this.moduleName      = moduleName;
+        this.moduleVersion   = moduleVersion;
+        this.declaringClass  = Objects.requireNonNull(declaringClass, "Declaring class is null");
+        this.methodName      = Objects.requireNonNull(methodName, "Method name is null");
+        this.fileName        = fileName;
+        this.lineNumber      = lineNumber;
     }
 
-
-    /**
-     * Creates an empty stack frame element to be filled in by Throwable.
+    /*
+     * Private constructor for the factory methods to create StackTraceElement
+     * for Throwable and StackFrameInfo
      */
-    StackTraceElement() { }
+    private StackTraceElement() {}
 
     /**
      * Returns the name of the source file containing the execution point
@@ -178,6 +204,21 @@
     }
 
     /**
+     * Returns the name of the class loader of the class containing the
+     * execution point represented by this stack trace element.
+     *
+     * @return the name of the class loader of the class containing the execution
+     *         point represented by this stack trace element; {@code null}
+     *         if the class loader is not named.
+     *
+     * @since 9
+     * @see java.lang.ClassLoader#getName()
+     */
+    public String getClassLoaderName() {
+        return classLoaderName;
+    }
+
+    /**
      * Returns the fully qualified name of the class containing the
      * execution point represented by this stack trace element.
      *
@@ -220,38 +261,83 @@
      * examples may be regarded as typical:
      * <ul>
      * <li>
-     *   {@code "MyClass.mash(my.module@9.0/MyClass.java:101)"} - Here,
-     *   {@code "MyClass"} is the <i>fully-qualified name</i> of the class
-     *   containing the execution point represented by this stack trace element,
-     *   {@code "mash"} is the name of the method containing the execution
-     *   point, {@code "my.module"} is the module name, {@code "9.0"} is the
-     *   module version, and {@code "101"} is the line number of the source
-     *   line containing the execution point.
+     *     "{@code com.foo.loader/foo@9.0/com.foo.Main.run(Main.java:101)}"
+     * - See the description below.
+     * </li>
      * <li>
-     *   {@code "MyClass.mash(my.module@9.0/MyClass.java)"} - As above, but the
-     *   line number is unavailable.
+     *     "{@code com.foo.loader/foo@9.0/com.foo.Main.run(Main.java)}"
+     * - The line number is unavailable.
+     * </li>
      * <li>
-     *   {@code "MyClass.mash(my.module@9.0/Unknown Source)"} - As above, but
-     *   neither the file name nor the line  number are available.
+     *     "{@code com.foo.loader/foo@9.0/com.foo.Main.run(Unknown Source)}"
+     * - Neither the file name nor the line number is available.
+     * </li>
      * <li>
-     *   {@code "MyClass.mash(my.module@9.0/Native Method)"} - As above, but
-     *   neither the file name nor the line  number are available, and the
-     *   method containing the execution point is known to be a native method.
+     *     "{@code com.foo.loader/foo@9.0/com.foo.Main.run(Native Method)}"
+     * - The method containing the execution point is a native method.
+     * </li>
+     * <li>
+     *     "{@code com.foo.loader//com.foo.bar.App.run(App.java:12)}"
+     * - The class of the execution point is defined in the unnamed module of
+     * the class loader named {@code com.foo.loader}.
+     * </li>
+     * <li>
+     *     "{@code acme@2.1/org.acme.Lib.test(Lib.java:80)}"
+     * - The class of the execution point is defined in {@code acme} module
+     * loaded by by a built-in class loader such as the application class loader.
+     * </li>
+     * <li>
+     *     "{@code MyClass.mash(MyClass.java:9)}"
+     * - {@code MyClass} class is on the application class path.
+     * </li>
      * </ul>
-     * If the execution point is not in a named module, {@code "my.module@9.0/"}
-     * will be omitted from the above.
+     *
+     * <p> The first example shows a stack trace element consisting of
+     * three elements, each separated by {@code "/"} followed with
+     * the source file name and the line number of the source line
+     * containing the execution point.
+     *
+     * The first element "{@code com.foo.loader}" is
+     * the name of the class loader.  The second element "{@code foo@9.0}"
+     * is the module name and version.  The third element is the method
+     * containing the execution point; "{@code com.foo.Main"}" is the
+     * fully-qualified class name and "{@code run}" is the name of the method.
+     * "{@code Main.java}" is the source file name and "{@code 101}" is
+     * the line number.
+     *
+     * <p> If a class is defined in an <em>unnamed module</em>
+     * then the second element is omitted as shown in
+     * "{@code com.foo.loader//com.foo.bar.App.run(App.java:12)}".
+     *
+     * If the class loader is a <a href="ClassLoader.html#builtinLoaders">
+     * built-in class loader</a> or is not named then the first element
+     * and its following {@code "/"} are omitted as shown in
+     * "{@code acme@2.1/org.acme.Lib.test(Lib.java:80)}".
+     * If the first element is omitted and the module is an unnamed module,
+     * the second element and its following {@code "/"} are also omitted
+     * as shown in "{@code MyClass.mash(MyClass.java:9)}".
      *
      * @see    Throwable#printStackTrace()
      */
     public String toString() {
-        String mid = "";
-        if (moduleName != null) {
-            mid = moduleName;
-            if (moduleVersion != null)
-                mid += "@" + moduleVersion;
-            mid += "/";
+        String s = buildLoaderModuleClassName();
+        if (s == null) {
+            // all elements will be included
+            s = "";
+            if (classLoaderName != null && !classLoaderName.isEmpty()) {
+                s += classLoaderName + "/";
+            }
+            if (moduleName != null && !moduleName.isEmpty()) {
+                s += moduleName;
+
+                if (moduleVersion != null && !moduleVersion.isEmpty()) {
+                    s += "@" + moduleVersion;
+                }
+            }
+            s = s.isEmpty() ? declaringClass : s + "/" + declaringClass;
         }
-        return getClassName() + "." + methodName + "(" + mid +
+
+        return s + "." + methodName + "(" +
              (isNativeMethod() ? "Native Method)" :
               (fileName != null && lineNumber >= 0 ?
                fileName + ":" + lineNumber + ")" :
@@ -264,12 +350,14 @@
      * point as this instance.  Two stack trace elements {@code a} and
      * {@code b} are equal if and only if:
      * <pre>{@code
-     *     equals(a.getFileName(), b.getFileName()) &&
-     *     a.getLineNumber() == b.getLineNumber()) &&
+     *     equals(a.getClassLoaderName(), b.getClassLoaderName()) &&
      *     equals(a.getModuleName(), b.getModuleName()) &&
      *     equals(a.getModuleVersion(), b.getModuleVersion()) &&
      *     equals(a.getClassName(), b.getClassName()) &&
      *     equals(a.getMethodName(), b.getMethodName())
+     *     equals(a.getFileName(), b.getFileName()) &&
+     *     a.getLineNumber() == b.getLineNumber()
+     *
      * }</pre>
      * where {@code equals} has the semantics of {@link
      * java.util.Objects#equals(Object, Object) Objects.equals}.
@@ -285,9 +373,10 @@
         if (!(obj instanceof StackTraceElement))
             return false;
         StackTraceElement e = (StackTraceElement)obj;
-        return e.declaringClass.equals(declaringClass) &&
+        return Objects.equals(classLoaderName, e.classLoaderName) &&
             Objects.equals(moduleName, e.moduleName) &&
             Objects.equals(moduleVersion, e.moduleVersion) &&
+            e.declaringClass.equals(declaringClass) &&
             e.lineNumber == lineNumber &&
             Objects.equals(methodName, e.methodName) &&
             Objects.equals(fileName, e.fileName);
@@ -298,6 +387,7 @@
      */
     public int hashCode() {
         int result = 31*declaringClass.hashCode() + methodName.hashCode();
+        result = 31*result + Objects.hashCode(classLoaderName);
         result = 31*result + Objects.hashCode(moduleName);
         result = 31*result + Objects.hashCode(moduleVersion);
         result = 31*result + Objects.hashCode(fileName);
@@ -305,5 +395,157 @@
         return result;
     }
 
+
+    /**
+     * Build the compacted String representation to be returned by
+     * toString method from the declaring Class object.
+     */
+    synchronized String buildLoaderModuleClassName() {
+        if (classOrLoaderModuleClassName == null)
+            return null;
+
+        if (classOrLoaderModuleClassName instanceof Class) {
+            Class<?> cls = (Class<?>)classOrLoaderModuleClassName;
+            classOrLoaderModuleClassName = toLoaderModuleClassName(cls);
+        }
+        return (String)classOrLoaderModuleClassName;
+    }
+
+    /**
+     * Returns <loader>/<module>/<fully-qualified-classname> string
+     * representation of the given class.
+     * <p>
+     * If the module is a non-upgradeable JDK module then omit
+     * its version string.
+     * <p>
+     * If the loader has no name, or if the loader is one of the built-in
+     * loaders (`boot`, `platform`, or `app`) then drop the first element
+     * (`<loader>/`).
+     * <p>
+     * If the first element has been dropped and the module is unnamed
+     * then drop the second element (`<module>/`).
+     * <p>
+     * If the first element is not dropped and the module is unnamed
+     * then drop `<module>`.
+     */
+    private static String toLoaderModuleClassName(Class<?> cls) {
+        ClassLoader loader = cls.getClassLoader0();
+        Module m = cls.getModule();
+
+        // First element - class loader name
+        // Call package-private ClassLoader::name method
+        String s = "";
+        if (loader != null && loader.name() != null &&
+                !(loader instanceof BuiltinClassLoader)) {
+            s = loader.name() + "/";
+        }
+
+        // Second element - module name and version
+        if (m != null && m.isNamed()) {
+            s += m.getName();
+            // Include version if it is a user module or upgradeable module
+            //
+            // If it is JDK non-upgradeable module which is recorded
+            // in the hashes in java.base, omit the version.
+            if (!isHashedInJavaBase(m)) {
+                Optional<Version> ov = m.getDescriptor().version();
+                if (ov.isPresent()) {
+                    String version = "@" + ov.get().toString();
+                    s += version;
+                }
+            }
+        }
+
+        // fully-qualified class name
+        return s.isEmpty() ? cls.getName() : s + "/" + cls.getName();
+    }
+
+    /**
+     * Returns true if the module is hashed with java.base.
+     * <p>
+     * This method returns false when running on the exploded image
+     * since JDK modules are not hashed. They have no Version attribute
+     * and so "@<version>" part will be omitted anyway.
+     */
+    private static boolean isHashedInJavaBase(Module m) {
+        // return true if module system is not initialized as the code
+        // must be in java.base
+        if (!VM.isModuleSystemInited())
+            return true;
+
+        return Layer.boot() == m.getLayer() && HashedModules.contains(m);
+    }
+
+    /*
+     * Finds JDK non-upgradeable modules, i.e. the modules that are
+     * included in the hashes in java.base.
+     */
+    private static class HashedModules {
+        static Set<String> HASHED_MODULES = hashedModules();
+
+        static Set<String> hashedModules() {
+            Module javaBase = Layer.boot().findModule("java.base").get();
+            Optional<ModuleHashes> ohashes =
+                SharedSecrets.getJavaLangModuleAccess()
+                             .hashes(javaBase.getDescriptor());
+
+            if (ohashes.isPresent()) {
+                Set<String> names = new HashSet<>(ohashes.get().names());
+                names.add("java.base");
+                return names;
+            }
+
+            return Set.of();
+        }
+
+        static boolean contains(Module m) {
+            return HASHED_MODULES.contains(m.getName());
+        }
+    }
+
+
+    /*
+     * Returns an array of StackTraceElements of the given depth
+     * filled from the backtrace of a given Throwable.
+     */
+    static StackTraceElement[] of(Throwable x, int depth) {
+        StackTraceElement[] stackTrace = new StackTraceElement[depth];
+        for (int i = 0; i < depth; i++) {
+            stackTrace[i] = new StackTraceElement();
+        }
+
+        // VM to fill in StackTraceElement
+        initStackTraceElements(stackTrace, x);
+
+        // ensure the proper StackTraceElement initialization
+        for (StackTraceElement ste : stackTrace) {
+            ste.buildLoaderModuleClassName();
+        }
+        return stackTrace;
+    }
+
+    /*
+     * Returns a StackTraceElement from a given StackFrameInfo.
+     */
+    static StackTraceElement of(StackFrameInfo sfi) {
+        StackTraceElement ste = new StackTraceElement();
+        initStackTraceElement(ste, sfi);
+
+        ste.buildLoaderModuleClassName();
+        return ste;
+    }
+
+    /*
+     * Sets the given stack trace elements with the backtrace
+     * of the given Throwable.
+     */
+    private static native void initStackTraceElements(StackTraceElement[] elements,
+                                                      Throwable x);
+    /*
+     * Sets the given stack trace element with the given StackFrameInfo
+     */
+    private static native void initStackTraceElement(StackTraceElement element,
+                                                     StackFrameInfo sfi);
+
     private static final long serialVersionUID = 6992337162326171013L;
 }
--- a/src/java.base/share/classes/java/lang/Throwable.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/Throwable.java	Thu Dec 01 15:00:54 2016 -0500
@@ -24,7 +24,6 @@
  */
 
 package java.lang;
-import jdk.internal.misc.VM;
 
 import  java.io.*;
 import  java.util.*;
@@ -826,11 +825,7 @@
         // backtrace if this is the first call to this method
         if (stackTrace == UNASSIGNED_STACK ||
             (stackTrace == null && backtrace != null) /* Out of protocol state */) {
-            stackTrace = new StackTraceElement[depth];
-            for (int i = 0; i < depth; i++) {
-                stackTrace[i] = new StackTraceElement();
-            }
-            getStackTraceElements(stackTrace);
+            stackTrace = StackTraceElement.of(this, depth);
         } else if (stackTrace == null) {
             return UNASSIGNED_STACK;
         }
@@ -882,13 +877,6 @@
     }
 
     /**
-     * Gets the stack trace elements.
-     * @param  elements
-     * @throws IndexOutOfBoundsException if {@code elements.length != depth }
-     */
-    private native void getStackTraceElements(StackTraceElement[] elements);
-
-    /**
      * Reads a {@code Throwable} from a stream, enforcing
      * well-formedness constraints on fields.  Null entries and
      * self-pointers are not allowed in the list of {@code
--- a/src/java.base/share/classes/java/lang/invoke/BoundMethodHandle.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/BoundMethodHandle.java	Thu Dec 01 15:00:54 2016 -0500
@@ -80,7 +80,7 @@
             default : throw newInternalError("unexpected xtype: " + xtype);
             }
         } catch (Throwable t) {
-            throw newInternalError(t);
+            throw uncaughtException(t);
         }
     }
 
@@ -188,7 +188,7 @@
             case D_TYPE: return (double) speciesData().getters[i].invokeBasic(this);
             }
         } catch (Throwable ex) {
-            throw newInternalError(ex);
+            throw uncaughtException(ex);
         }
         throw new InternalError("unexpected type: " + speciesData().typeChars+"."+i);
     }
@@ -408,18 +408,14 @@
          */
         static boolean speciesDataCachePopulated() {
             Class<BoundMethodHandle> rootCls = BoundMethodHandle.class;
-            try {
-                for (Class<?> c : rootCls.getDeclaredClasses()) {
-                    if (rootCls.isAssignableFrom(c)) {
-                        final Class<? extends BoundMethodHandle> cbmh = c.asSubclass(BoundMethodHandle.class);
-                        SpeciesData d = Factory.getSpeciesDataFromConcreteBMHClass(cbmh);
-                        assert(d != null) : cbmh.getName();
-                        assert(d.clazz == cbmh);
-                        assert(CACHE.get(d.typeChars) == d);
-                    }
+            for (Class<?> c : rootCls.getDeclaredClasses()) {
+                if (rootCls.isAssignableFrom(c)) {
+                    final Class<? extends BoundMethodHandle> cbmh = c.asSubclass(BoundMethodHandle.class);
+                    SpeciesData d = Factory.getSpeciesDataFromConcreteBMHClass(cbmh);
+                    assert(d != null) : cbmh.getName();
+                    assert(d.clazz == cbmh);
+                    assert(CACHE.get(d.typeChars) == d);
                 }
-            } catch (Throwable e) {
-                throw newInternalError(e);
             }
             return true;
         }
--- a/src/java.base/share/classes/java/lang/invoke/CallSite.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/CallSite.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -272,7 +272,7 @@
         MethodHandleNatives.setCallSiteTargetVolatile(this, newTarget);
     }
 
-    // this implements the upcall from the JVM, MethodHandleNatives.makeDynamicCallSite:
+    // this implements the upcall from the JVM, MethodHandleNatives.linkCallSite:
     static CallSite makeSite(MethodHandle bootstrapMethod,
                              // Callee information:
                              String name, MethodType type,
@@ -293,59 +293,72 @@
                 Object[] argv = (Object[]) info;
                 maybeReBoxElements(argv);
                 switch (argv.length) {
-                case 0:
-                    binding = bootstrapMethod.invoke(caller, name, type);
-                    break;
-                case 1:
-                    binding = bootstrapMethod.invoke(caller, name, type,
-                                                     argv[0]);
-                    break;
-                case 2:
-                    binding = bootstrapMethod.invoke(caller, name, type,
-                                                     argv[0], argv[1]);
-                    break;
-                case 3:
-                    binding = bootstrapMethod.invoke(caller, name, type,
-                                                     argv[0], argv[1], argv[2]);
-                    break;
-                case 4:
-                    binding = bootstrapMethod.invoke(caller, name, type,
-                                                     argv[0], argv[1], argv[2], argv[3]);
-                    break;
-                case 5:
-                    binding = bootstrapMethod.invoke(caller, name, type,
-                                                     argv[0], argv[1], argv[2], argv[3], argv[4]);
-                    break;
-                case 6:
-                    binding = bootstrapMethod.invoke(caller, name, type,
-                                                     argv[0], argv[1], argv[2], argv[3], argv[4], argv[5]);
-                    break;
-                default:
-                    final int NON_SPREAD_ARG_COUNT = 3;  // (caller, name, type)
-                    if (NON_SPREAD_ARG_COUNT + argv.length > MethodType.MAX_MH_ARITY)
-                        throw new BootstrapMethodError("too many bootstrap method arguments");
-                    MethodType bsmType = bootstrapMethod.type();
-                    MethodType invocationType = MethodType.genericMethodType(NON_SPREAD_ARG_COUNT + argv.length);
-                    MethodHandle typedBSM = bootstrapMethod.asType(invocationType);
-                    MethodHandle spreader = invocationType.invokers().spreadInvoker(NON_SPREAD_ARG_COUNT);
-                    binding = spreader.invokeExact(typedBSM, (Object)caller, (Object)name, (Object)type, argv);
+                    case 0:
+                        binding = bootstrapMethod.invoke(caller, name, type);
+                        break;
+                    case 1:
+                        binding = bootstrapMethod.invoke(caller, name, type,
+                                                         argv[0]);
+                        break;
+                    case 2:
+                        binding = bootstrapMethod.invoke(caller, name, type,
+                                                         argv[0], argv[1]);
+                        break;
+                    case 3:
+                        binding = bootstrapMethod.invoke(caller, name, type,
+                                                         argv[0], argv[1], argv[2]);
+                        break;
+                    case 4:
+                        binding = bootstrapMethod.invoke(caller, name, type,
+                                                         argv[0], argv[1], argv[2], argv[3]);
+                        break;
+                    case 5:
+                        binding = bootstrapMethod.invoke(caller, name, type,
+                                                         argv[0], argv[1], argv[2], argv[3], argv[4]);
+                        break;
+                    case 6:
+                        binding = bootstrapMethod.invoke(caller, name, type,
+                                                         argv[0], argv[1], argv[2], argv[3], argv[4], argv[5]);
+                        break;
+                    default:
+                        final int NON_SPREAD_ARG_COUNT = 3;  // (caller, name, type)
+                        if (NON_SPREAD_ARG_COUNT + argv.length > MethodType.MAX_MH_ARITY)
+                            throw new BootstrapMethodError("too many bootstrap method arguments");
+                        MethodType bsmType = bootstrapMethod.type();
+                        MethodType invocationType = MethodType.genericMethodType(NON_SPREAD_ARG_COUNT + argv.length);
+                        MethodHandle typedBSM = bootstrapMethod.asType(invocationType);
+                        MethodHandle spreader = invocationType.invokers().spreadInvoker(NON_SPREAD_ARG_COUNT);
+                        binding = spreader.invokeExact(typedBSM, (Object) caller, (Object) name, (Object) type, argv);
                 }
             }
-            //System.out.println("BSM for "+name+type+" => "+binding);
             if (binding instanceof CallSite) {
                 site = (CallSite) binding;
-            }  else {
+            } else {
+                // See the "Linking Exceptions" section for the invokedynamic
+                // instruction in JVMS 6.5.
+                // Throws a runtime exception defining the cause that is then
+                // in the "catch (Throwable ex)" a few lines below wrapped in
+                // BootstrapMethodError
                 throw new ClassCastException("bootstrap method failed to produce a CallSite");
             }
-            if (!site.getTarget().type().equals(type))
+            if (!site.getTarget().type().equals(type)) {
+                // See the "Linking Exceptions" section for the invokedynamic
+                // instruction in JVMS 6.5.
+                // Throws a runtime exception defining the cause that is then
+                // in the "catch (Throwable ex)" a few lines below wrapped in
+                // BootstrapMethodError
                 throw wrongTargetType(site.getTarget(), type);
+            }
+        } catch (Error e) {
+            // Pass through an Error, including BootstrapMethodError, any other
+            // form of linkage error, such as IllegalAccessError if the bootstrap
+            // method is inaccessible, or say ThreadDeath/OutOfMemoryError
+            // See the "Linking Exceptions" section for the invokedynamic
+            // instruction in JVMS 6.5.
+            throw e;
         } catch (Throwable ex) {
-            BootstrapMethodError bex;
-            if (ex instanceof BootstrapMethodError)
-                bex = (BootstrapMethodError) ex;
-            else
-                bex = new BootstrapMethodError("call site initialization exception", ex);
-            throw bex;
+            // Wrap anything else in BootstrapMethodError
+            throw new BootstrapMethodError("call site initialization exception", ex);
         }
         return site;
     }
--- a/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/InvokerBytecodeGenerator.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1021,7 +1021,7 @@
             try {
                 emptyArray = name.function.resolvedHandle().invoke();
             } catch (Throwable ex) {
-                throw newInternalError(ex);
+                throw uncaughtException(ex);
             }
             assert(java.lang.reflect.Array.getLength(emptyArray) == 0);
             assert(emptyArray.getClass() == rtype);  // exact typing
--- a/src/java.base/share/classes/java/lang/invoke/LambdaForm.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/LambdaForm.java	Thu Dec 01 15:00:54 2016 -0500
@@ -855,7 +855,11 @@
                 System.out.println("LambdaForm compilation failed: " + this);
                 bge.printStackTrace(System.out);
             }
-        } catch (Error | Exception e) {
+        } catch (Error e) {
+            // Pass through any error
+            throw e;
+        } catch (Exception e) {
+            // Wrap any exception
             throw newInternalError(this.toString(), e);
         }
     }
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandle.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandle.java	Thu Dec 01 15:00:54 2016 -0500
@@ -957,7 +957,7 @@
         if (!fail)  return needType;
         // elicit an error:
         this.asType(needType);
-        throw newInternalError("should not return", null);
+        throw newInternalError("should not return");
     }
 
     private void spreadArrayChecks(Class<?> arrayType, int arrayLength) {
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleNatives.java	Thu Dec 01 15:00:54 2016 -0500
@@ -379,11 +379,13 @@
                             name, fixMethodType(callerClass, type), appendixResult);
                 }
             }
+        } catch (Error e) {
+            // Pass through an Error, including say StackOverflowError or
+            // OutOfMemoryError
+            throw e;
         } catch (Throwable ex) {
-            if (ex instanceof LinkageError)
-                throw (LinkageError) ex;
-            else
-                throw new LinkageError(ex.getMessage(), ex);
+            // Wrap anything else in LinkageError
+            throw new LinkageError(ex.getMessage(), ex);
         }
         throw new LinkageError("no such method "+defc.getName()+"."+name+type);
     }
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandleStatics.java	Thu Dec 01 15:00:54 2016 -0500
@@ -107,10 +107,10 @@
     /*non-public*/ static InternalError newInternalError(String message) {
         return new InternalError(message);
     }
-    /*non-public*/ static InternalError newInternalError(String message, Throwable cause) {
+    /*non-public*/ static InternalError newInternalError(String message, Exception cause) {
         return new InternalError(message, cause);
     }
-    /*non-public*/ static InternalError newInternalError(Throwable cause) {
+    /*non-public*/ static InternalError newInternalError(Exception cause) {
         return new InternalError(cause);
     }
     /*non-public*/ static RuntimeException newIllegalStateException(String message) {
@@ -132,7 +132,7 @@
     /*non-public*/ static Error uncaughtException(Throwable ex) {
         if (ex instanceof Error)  throw (Error) ex;
         if (ex instanceof RuntimeException)  throw (RuntimeException) ex;
-        throw newInternalError("uncaught exception", ex);
+        throw new InternalError("uncaught exception", ex);
     }
     private static String message(String message, Object obj) {
         if (obj != null)  message = message + ": " + obj;
--- a/src/java.base/share/classes/java/lang/invoke/MethodHandles.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/MethodHandles.java	Thu Dec 01 15:00:54 2016 -0500
@@ -5347,7 +5347,7 @@
      * {@code (V T A...)} must have at least one {@code A} type, and the default iterator
      * handle parameter is adjusted to accept the leading {@code A} type, as if by
      * the {@link MethodHandle#asType asType} conversion method.
-     * The leading {@code A} type must be {@code Iterable} or a subtype thereof, or an array type.
+     * The leading {@code A} type must be {@code Iterable} or a subtype thereof.
      * This conversion step, done at loop construction time, must not throw a {@code WrongMethodTypeException}.
      * </ul>
      * <p>
@@ -5374,7 +5374,8 @@
      * V iteratedLoop(A... a...) {
      *   Iterator<T> it = iterator(a...);
      *   V v = init(a...);
-     *   for (T t : it) {
+     *   while (it.hasNext()) {
+     *     T t = it.next();
      *     v = body(v, t, a...);
      *   }
      *   return v;
@@ -5483,49 +5484,59 @@
         Objects.requireNonNull(body);
         MethodType bodyType = body.type();
         Class<?> returnType = bodyType.returnType();
-        List<Class<?>> innerList = bodyType.parameterList();
+        List<Class<?>> internalParamList = bodyType.parameterList();
         // strip leading V value if present
         int vsize = (returnType == void.class ? 0 : 1);
-        if (vsize != 0 && (innerList.size() == 0 || innerList.get(0) != returnType)) {
+        if (vsize != 0 && (internalParamList.size() == 0 || internalParamList.get(0) != returnType)) {
             // argument list has no "V" => error
             MethodType expected = bodyType.insertParameterTypes(0, returnType);
             throw misMatchedTypes("body function", bodyType, expected);
-        } else if (innerList.size() <= vsize) {
+        } else if (internalParamList.size() <= vsize) {
             // missing T type => error
             MethodType expected = bodyType.insertParameterTypes(vsize, Object.class);
             throw misMatchedTypes("body function", bodyType, expected);
         }
-        //Class<?> elementType = innerList.get(vsize);  // do not need this
-        List<Class<?>> outerList = innerList.subList(vsize + 1, innerList.size());
-        if (outerList.isEmpty()) {
-            // special case; take lists from iterator handle
-            outerList = ((iterator != null)
-                    ? iterator.type().parameterList()
-                    : Arrays.asList(Iterable.class));
-            innerList = bodyType.insertParameterTypes(vsize + 1, outerList).parameterList();
-        }
+        List<Class<?>> externalParamList = internalParamList.subList(vsize + 1, internalParamList.size());
+        Class<?> iterableType = null;
         if (iterator != null) {
+            // special case; if the body handle only declares V and T then
+            // the external parameter list is obtained from iterator handle
+            if (externalParamList.isEmpty()) {
+                externalParamList = iterator.type().parameterList();
+            }
             MethodType itype = iterator.type();
             if (!Iterator.class.isAssignableFrom(itype.returnType())) {
                 throw newIllegalArgumentException("iteratedLoop first argument must have Iterator return type");
             }
-            if (!itype.effectivelyIdenticalParameters(0, outerList)) {
-                MethodType expected = methodType(itype.returnType(), outerList);
+            if (!itype.effectivelyIdenticalParameters(0, externalParamList)) {
+                MethodType expected = methodType(itype.returnType(), externalParamList);
                 throw misMatchedTypes("iterator parameters", itype, expected);
             }
+        } else {
+            if (externalParamList.isEmpty()) {
+                // special case; if the iterator handle is null and the body handle
+                // only declares V and T then the external parameter list consists
+                // of Iterable
+                externalParamList = Arrays.asList(Iterable.class);
+                iterableType = Iterable.class;
+            } else {
+                // special case; if the iterator handle is null and the external
+                // parameter list is not empty then the first parameter must be
+                // assignable to Iterable
+                iterableType = externalParamList.get(0);
+                if (!Iterable.class.isAssignableFrom(iterableType)) {
+                    throw newIllegalArgumentException(
+                            "inferred first loop argument must inherit from Iterable: " + iterableType);
+                }
+            }
         }
         if (init != null) {
             MethodType initType = init.type();
             if (initType.returnType() != returnType ||
-                    !initType.effectivelyIdenticalParameters(0, outerList)) {
-                throw misMatchedTypes("loop initializer", initType, methodType(returnType, outerList));
+                    !initType.effectivelyIdenticalParameters(0, externalParamList)) {
+                throw misMatchedTypes("loop initializer", initType, methodType(returnType, externalParamList));
             }
         }
-        Class<?> iterableType = outerList.isEmpty() ? null : outerList.get(0);
-        if (iterableType != null && !Iterable.class.isAssignableFrom(iterableType) && !iterableType.isArray()) {
-            throw newIllegalArgumentException(
-                    "inferred first loop argument must be an array or inherit from Iterable: " + iterableType);
-        }
         return iterableType;  // help the caller a bit
     }
 
--- a/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/StringConcatFactory.java	Thu Dec 01 15:00:54 2016 -0500
@@ -723,6 +723,9 @@
                 default:
                     throw new StringConcatException("Concatenation strategy " + STRATEGY + " is not implemented");
             }
+        } catch (Error | StringConcatException e) {
+            // Pass through any error or existing StringConcatException
+            throw e;
         } catch (Throwable t) {
             throw new StringConcatException("Generator failed", t);
         }
@@ -1092,9 +1095,9 @@
                 UNSAFE.ensureClassInitialized(innerClass);
                 dumpIfEnabled(innerClass.getName(), classBytes);
                 return Lookup.IMPL_LOOKUP.findStatic(innerClass, METHOD_NAME, args);
-            } catch (Throwable e) {
+            } catch (Exception e) {
                 dumpIfEnabled(className + "$$FAILED", classBytes);
-                throw new StringConcatException("Error while spinning the class", e);
+                throw new StringConcatException("Exception while spinning the class", e);
             }
         }
 
--- a/src/java.base/share/classes/java/lang/invoke/package-info.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/invoke/package-info.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2008, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2008, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -84,20 +84,21 @@
  * </ul>
  * Invocation is as if by
  * {@link java.lang.invoke.MethodHandle#invoke MethodHandle.invoke}.
- * The returned result must be a {@link java.lang.invoke.CallSite CallSite} (or a subclass).
+ * The returned result must be a {@link java.lang.invoke.CallSite CallSite}
+ * (or a subclass), otherwise a
+ * {@link java.lang.BootstrapMethodError BootstrapMethodError} is thrown.
  * The type of the call site's target must be exactly equal to the type
  * derived from the dynamic call site's type descriptor and passed to
- * the bootstrap method.
- * The call site then becomes permanently linked to the dynamic call site.
+ * the bootstrap method, otherwise a {@code BootstrapMethodError} is thrown.
+ * On success the call site then becomes permanently linked to the dynamic call
+ * site.
  * <p>
- * As documented in the JVM specification, all failures arising from
- * the linkage of a dynamic call site are reported
- * by a {@link java.lang.BootstrapMethodError BootstrapMethodError},
- * which is thrown as the abnormal termination of the dynamic call
- * site execution.
- * If this happens, the same error will the thrown for all subsequent
- * attempts to execute the dynamic call site.
- *
+ * If an exception, {@code E} say, occurs when linking the call site then the
+ * linkage fails and terminates abnormally. {@code E} is rethrown if the type of
+ * {@code E} is {@code Error} or a subclass, otherwise a
+ * {@code BootstrapMethodError} that wraps {@code E} is thrown.
+ * If this happens, the same {@code Error} or subclass will the thrown for all
+ * subsequent attempts to execute the dynamic call site.
  * <h2>timing of linkage</h2>
  * A dynamic call site is linked just before its first execution.
  * The bootstrap method call implementing the linkage occurs within
--- a/src/java.base/share/classes/java/lang/module/ModuleDescriptor.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/module/ModuleDescriptor.java	Thu Dec 01 15:00:54 2016 -0500
@@ -31,6 +31,7 @@
 import java.io.UncheckedIOException;
 import java.net.URI;
 import java.nio.ByteBuffer;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -1997,6 +1998,13 @@
                 public Optional<ModuleHashes> hashes(ModuleDescriptor descriptor) {
                     return descriptor.hashes();
                 }
+
+                @Override
+                public ModuleFinder newModulePath(Runtime.Version version,
+                                                  boolean isLinkPhase,
+                                                  Path... entries) {
+                    return new ModulePath(version, isLinkPhase, entries);
+                }
             });
     }
 
--- a/src/java.base/share/classes/java/lang/module/ModuleFinder.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/module/ModuleFinder.java	Thu Dec 01 15:00:54 2016 -0500
@@ -228,7 +228,7 @@
      *
      *         <li><p> If the name matches the regular expression {@code
      *         "-(\\d+(\\.|$))"} then the module name will be derived from the
-     *         subsequence proceeding the hyphen of the first occurrence. The
+     *         subsequence preceding the hyphen of the first occurrence. The
      *         subsequence after the hyphen is parsed as a {@link
      *         ModuleDescriptor.Version} and ignored if it cannot be parsed as
      *         a {@code Version}. </p></li>
@@ -248,18 +248,23 @@
      *     <li><p> It {@link ModuleDescriptor#requires() requires} {@code
      *     java.base}. </p></li>
      *
-     *     <li><p> All entries in the JAR file with names ending with {@code
-     *     .class} are assumed to be class files where the name corresponds
-     *     to the fully qualified name of the class. The packages of all
-     *     classes are {@link ModuleDescriptor#exports() exported}. </p></li>
+     *     <li><p> The set of packages in the module is derived from the names
+     *     of non-directory entries in the JAR file. A candidate package name
+     *     is derived from an entry using the characters up to, but not
+     *     including, the last forward slash. All remaining forward slashes are
+     *     replaced with dot ({@code "."}). If the resulting string is a valid
+     *     Java identifier then it is assumed to be a package name. For example,
+     *     if the JAR file contains an entry "{@code p/q/Foo.class}" then the
+     *     package name derived is "{@code p.q}". All packages are {@link
+     *     ModuleDescriptor#exports() exported}. </p></li>
      *
-     *     <li><p> The contents of all entries starting with {@code
+     *     <li><p> The contents of entries starting with {@code
      *     META-INF/services/} are assumed to be service configuration files
-     *     (see {@link java.util.ServiceLoader}). The name of the file
-     *     (that follows {@code META-INF/services/}) is assumed to be the
-     *     fully-qualified binary name of a service type. The entries in the
-     *     file are assumed to be the fully-qualified binary names of
-     *     provider classes. </p></li>
+     *     (see {@link java.util.ServiceLoader}). If the name of a file
+     *     (that follows {@code META-INF/services/}) is a legal Java identifier
+     *     then it is assumed to be the fully-qualified binary name of a
+     *     service type. The entries in the file are assumed to be the
+     *     fully-qualified binary names of provider classes. </p></li>
      *
      *     <li><p> If the JAR file has a {@code Main-Class} attribute in its
      *     main manifest then its value is the {@link
@@ -271,8 +276,8 @@
      * {@link ModuleDescriptor.Builder ModuleDescriptor.Builder} API) for an
      * automatic module then {@code FindException} is thrown. This can arise,
      * for example, when a legal Java identifier name cannot be derived from
-     * the file name of the JAR file or where a package name derived from an
-     * entry ending with {@code .class} is not a legal Java identifier. </p>
+     * the file name of the JAR file or where the JAR file contains a {@code
+     * .class} in the top-level directory of the JAR file. </p>
      *
      * <p> In addition to JAR files, an implementation may also support modules
      * that are packaged in other implementation specific module formats. When
@@ -283,8 +288,10 @@
      *
      * <p> As with automatic modules, the contents of a packaged or exploded
      * module may need to be <em>scanned</em> in order to determine the packages
-     * in the module. If a {@code .class} file that corresponds to a class in an
-     * unnamed package is encountered then {@code FindException} is thrown. </p>
+     * in the module. If a {@code .class} file (other than {@code
+     * module-info.class}) is found in the top-level directory then it is
+     * assumed to be a class in the unnamed package and so {@code FindException}
+     * is thrown. </p>
      *
      * <p> Finders created by this method are lazy and do not eagerly check
      * that the given file paths are directories or packaged modules.
@@ -341,7 +348,7 @@
      * @return A {@code ModuleFinder} that composes a sequence of module finders
      */
     static ModuleFinder compose(ModuleFinder... finders) {
-        // copy the list, also checking for nulls
+        // copy the list and check for nulls
         final List<ModuleFinder> finderList = List.of(finders);
 
         return new ModuleFinder() {
--- a/src/java.base/share/classes/java/lang/module/ModulePath.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/module/ModulePath.java	Thu Dec 01 15:00:54 2016 -0500
@@ -33,10 +33,12 @@
 import java.io.InputStreamReader;
 import java.io.UncheckedIOException;
 import java.lang.module.ModuleDescriptor.Requires;
+import java.net.URI;
 import java.nio.file.DirectoryStream;
 import java.nio.file.Files;
 import java.nio.file.NoSuchFileException;
 import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.nio.file.attribute.BasicFileAttributes;
 import java.util.Collections;
 import java.util.HashMap;
@@ -52,49 +54,53 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
-import java.util.stream.Stream;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipFile;
 
 import jdk.internal.jmod.JmodFile;
 import jdk.internal.jmod.JmodFile.Section;
-import jdk.internal.module.ConfigurableModuleFinder;
+import jdk.internal.module.Checks;
 import jdk.internal.perf.PerfCounter;
+import jdk.internal.util.jar.VersionedStream;
 
 
 /**
  * A {@code ModuleFinder} that locates modules on the file system by searching
  * a sequence of directories or packaged modules.
  *
- * The {@code ModuleFinder} can be configured to work in either the run-time
+ * The {@code ModuleFinder} can be created to work in either the run-time
  * or link-time phases. In both cases it locates modular JAR and exploded
- * modules. When configured for link-time then it additionally locates
+ * modules. When created for link-time then it additionally locates
  * modules in JMOD files.
  */
 
-class ModulePath implements ConfigurableModuleFinder {
+class ModulePath implements ModuleFinder {
     private static final String MODULE_INFO = "module-info.class";
 
+    // the version to use for multi-release modular JARs
+    private final Runtime.Version releaseVersion;
+
+    // true for the link phase (supports modules packaged in JMOD format)
+    private final boolean isLinkPhase;
+
     // the entries on this module path
     private final Path[] entries;
     private int next;
 
-    // true if in the link phase
-    private boolean isLinkPhase;
-
     // map of module name to module reference map for modules already located
     private final Map<String, ModuleReference> cachedModules = new HashMap<>();
 
-    ModulePath(Path... entries) {
+    ModulePath(Runtime.Version version, boolean isLinkPhase, Path... entries) {
+        this.releaseVersion = version;
+        this.isLinkPhase = isLinkPhase;
         this.entries = entries.clone();
         for (Path entry : this.entries) {
             Objects.requireNonNull(entry);
         }
     }
 
-    @Override
-    public void configurePhase(Phase phase) {
-        isLinkPhase = (phase == Phase.LINK_TIME);
+    ModulePath(Path... entries) {
+        this(JarFile.runtimeVersion(), false, entries);
     }
 
     @Override
@@ -239,9 +245,13 @@
                 if (mref != null) {
                     // can have at most one version of a module in the directory
                     String name = mref.descriptor().name();
-                    if (nameToReference.put(name, mref) != null) {
+                    ModuleReference previous = nameToReference.put(name, mref);
+                    if (previous != null) {
+                        String fn1 = fileName(mref);
+                        String fn2 = fileName(previous);
                         throw new FindException("Two versions of module "
-                                                  + name + " found in " + dir);
+                                                 + name + " found in " + dir
+                                                 + " (" + fn1 + " and " + fn2 + ")");
                     }
                 }
             }
@@ -294,6 +304,25 @@
     }
 
 
+    /**
+     * Returns a string with the file name of the module if possible.
+     * If the module location is not a file URI then return the URI
+     * as a string.
+     */
+    private String fileName(ModuleReference mref) {
+        URI uri = mref.location().orElse(null);
+        if (uri != null) {
+            if (uri.getScheme().equalsIgnoreCase("file")) {
+                Path file = Paths.get(uri);
+                return file.getFileName().toString();
+            } else {
+                return uri.toString();
+            }
+        } else {
+            return "<unknown>";
+        }
+    }
+
     // -- jmod files --
 
     private Set<String> jmodPackages(JmodFile jf) {
@@ -301,7 +330,7 @@
             .filter(e -> e.section() == Section.CLASSES)
             .map(JmodFile.Entry::name)
             .map(this::toPackageName)
-            .filter(pkg -> pkg.length() > 0) // module-info
+            .flatMap(Optional::stream)
             .collect(Collectors.toSet());
     }
 
@@ -328,8 +357,8 @@
     private static final String SERVICES_PREFIX = "META-INF/services/";
 
     /**
-     * Returns a container with the service type corresponding to the name of
-     * a services configuration file.
+     * Returns the service type corresponding to the name of a services
+     * configuration file if it is a valid Java identifier.
      *
      * For example, if called with "META-INF/services/p.S" then this method
      * returns a container with the value "p.S".
@@ -341,7 +370,8 @@
             String prefix = cf.substring(0, index);
             if (prefix.equals(SERVICES_PREFIX)) {
                 String sn = cf.substring(index);
-                return Optional.of(sn);
+                if (Checks.isJavaIdentifier(sn))
+                    return Optional.of(sn);
             }
         }
         return Optional.empty();
@@ -416,28 +446,28 @@
         if (vs != null)
             builder.version(vs);
 
-        // scan the entries in the JAR file to locate the .class and service
-        // configuration file
-        Map<Boolean, Set<String>> map =
-            versionedStream(jf)
-              .map(JarEntry::getName)
-              .filter(s -> (s.endsWith(".class") ^ s.startsWith(SERVICES_PREFIX)))
-              .collect(Collectors.partitioningBy(s -> s.endsWith(".class"),
-                                                 Collectors.toSet()));
-        Set<String> classFiles = map.get(Boolean.TRUE);
-        Set<String> configFiles = map.get(Boolean.FALSE);
+        // scan the names of the entries in the JAR file
+        Map<Boolean, Set<String>> map = VersionedStream.stream(jf)
+                .filter(e -> !e.isDirectory())
+                .map(JarEntry::getName)
+                .collect(Collectors.partitioningBy(e -> e.startsWith(SERVICES_PREFIX),
+                                                   Collectors.toSet()));
+
+        Set<String> resources = map.get(Boolean.FALSE);
+        Set<String> configFiles = map.get(Boolean.TRUE);
 
         // all packages are exported
-        classFiles.stream()
-            .map(c -> toPackageName(c))
-            .distinct()
-            .forEach(builder::exports);
+        resources.stream()
+                .map(this::toPackageName)
+                .flatMap(Optional::stream)
+                .distinct()
+                .forEach(builder::exports);
 
         // map names of service configuration files to service names
         Set<String> serviceNames = configFiles.stream()
-            .map(this::toServiceName)
-            .flatMap(Optional::stream)
-            .collect(Collectors.toSet());
+                .map(this::toServiceName)
+                .flatMap(Optional::stream)
+                .collect(Collectors.toSet());
 
         // parse each service configuration file
         for (String sn : serviceNames) {
@@ -502,25 +532,13 @@
         return mn;
     }
 
-    private Stream<JarEntry> versionedStream(JarFile jf) {
-        if (jf.isMultiRelease()) {
-            // a stream of JarEntries whose names are base names and whose
-            // contents are from the corresponding versioned entries in
-            // a multi-release jar file
-            return jf.stream().map(JarEntry::getName)
-                    .filter(name -> !name.startsWith("META-INF/versions/"))
-                    .map(jf::getJarEntry);
-        } else {
-            return jf.stream();
-        }
-    }
-
     private Set<String> jarPackages(JarFile jf) {
-        return versionedStream(jf)
-            .filter(e -> e.getName().endsWith(".class"))
-            .map(e -> toPackageName(e.getName()))
-            .filter(pkg -> pkg.length() > 0)   // module-info
-            .collect(Collectors.toSet());
+        return VersionedStream.stream(jf)
+                .filter(e -> !e.isDirectory())
+                .map(JarEntry::getName)
+                .map(this::toPackageName)
+                .flatMap(Optional::stream)
+                .collect(Collectors.toSet());
     }
 
     /**
@@ -535,7 +553,7 @@
         try (JarFile jf = new JarFile(file.toFile(),
                                       true,               // verify
                                       ZipFile.OPEN_READ,
-                                      JarFile.runtimeVersion()))
+                                      releaseVersion))
         {
             ModuleDescriptor md;
             JarEntry entry = jf.getJarEntry(MODULE_INFO);
@@ -565,11 +583,11 @@
     private Set<String> explodedPackages(Path dir) {
         try {
             return Files.find(dir, Integer.MAX_VALUE,
-                              ((path, attrs) -> attrs.isRegularFile() &&
-                               path.toString().endsWith(".class")))
-                .map(path -> toPackageName(dir.relativize(path)))
-                .filter(pkg -> pkg.length() > 0)   // module-info
-                .collect(Collectors.toSet());
+                              ((path, attrs) -> attrs.isRegularFile()))
+                    .map(path -> dir.relativize(path))
+                    .map(this::toPackageName)
+                    .flatMap(Optional::stream)
+                    .collect(Collectors.toSet());
         } catch (IOException x) {
             throw new UncheckedIOException(x);
         }
@@ -595,29 +613,62 @@
         return ModuleReferences.newExplodedModule(md, dir);
     }
 
+    /**
+     * Maps the name of an entry in a JAR or ZIP file to a package name.
+     *
+     * @throws IllegalArgumentException if the name is a class file in
+     *         the top-level directory of the JAR/ZIP file (and it's
+     *         not module-info.class)
+     */
+    private Optional<String> toPackageName(String name) {
+        assert !name.endsWith("/");
 
-    //
+        int index = name.lastIndexOf("/");
+        if (index == -1) {
+            if (name.endsWith(".class") && !name.equals(MODULE_INFO)) {
+                throw new IllegalArgumentException(name
+                        + " found in top-level directory:"
+                        + " (unnamed package not allowed in module)");
+            }
+            return Optional.empty();
+        }
 
-    // p/q/T.class => p.q
-    private String toPackageName(String cn) {
-        assert cn.endsWith(".class");
-        int start = 0;
-        int index = cn.lastIndexOf("/");
-        if (index > start) {
-            return cn.substring(start, index).replace('/', '.');
+        String pn = name.substring(0, index).replace('/', '.');
+        if (Checks.isJavaIdentifier(pn)) {
+            return Optional.of(pn);
         } else {
-            return "";
+            // not a valid package name
+            return Optional.empty();
         }
     }
 
-    private String toPackageName(Path path) {
-        String name = path.toString();
-        assert name.endsWith(".class");
-        int index = name.lastIndexOf(File.separatorChar);
-        if (index != -1) {
-            return name.substring(0, index).replace(File.separatorChar, '.');
+    /**
+     * Maps the relative path of an entry in an exploded module to a package
+     * name.
+     *
+     * @throws IllegalArgumentException if the name is a class file in
+     *         the top-level directory (and it's not module-info.class)
+     */
+    private Optional<String> toPackageName(Path file) {
+        assert file.getRoot() == null;
+
+        Path parent = file.getParent();
+        if (parent == null) {
+            String name = file.toString();
+            if (name.endsWith(".class") && !name.equals(MODULE_INFO)) {
+                throw new IllegalArgumentException(name
+                        + " found in in top-level directory"
+                        + " (unnamed package not allowed in module)");
+            }
+            return Optional.empty();
+        }
+
+        String pn = parent.toString().replace(File.separatorChar, '.');
+        if (Checks.isJavaIdentifier(pn)) {
+            return Optional.of(pn);
         } else {
-            return "";
+            // not a valid package name
+            return Optional.empty();
         }
     }
 
--- a/src/java.base/share/classes/java/lang/module/ModuleReader.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/module/ModuleReader.java	Thu Dec 01 15:00:54 2016 -0500
@@ -32,6 +32,7 @@
 import java.nio.ByteBuffer;
 import java.util.Objects;
 import java.util.Optional;
+import java.util.stream.Stream;
 
 
 /**
@@ -44,6 +45,11 @@
  * module. A module reader is also intended to be used by {@code ClassLoader}
  * implementations that load classes and resources from modules. </p>
  *
+ * <p> A resource in a module is identified by a name that is a
+ * '{@code /}'-separated path string. For example, module {@code java.base} may
+ * have a resource "{@code java/lang/Object.class}" that, by convention, is the
+ * class file for {@code java.lang.Object}. </p>
+ *
  * <p> A {@code ModuleReader} is {@linkplain ModuleReference#open open} upon
  * creation and is closed by invoking the {@link #close close} method.  Failure
  * to close a module reader may result in a resource leak.  The {@code
@@ -52,8 +58,8 @@
  *
  * <p> A {@code ModuleReader} implementation may require permissions to access
  * resources in the module. Consequently the {@link #find find}, {@link #open
- * open} and {@link #read read} methods may throw {@code SecurityException} if
- * access is denied by the security manager. </p>
+ * open}, {@link #read read}, and {@link #list list} methods may throw {@code
+ * SecurityException} if access is denied by the security manager. </p>
  *
  * @see ModuleReference
  * @since 9
@@ -84,6 +90,9 @@
      * Opens a resource, returning an input stream to read the resource in
      * the module.
      *
+     * <p> The behavior of the input stream when used after the module reader
+     * is closed is implementation specific and therefore not specified. </p>
+     *
      * @implSpec The default implementation invokes the {@link #find(String)
      * find} method to get a URI to the resource. If found, then it attempts
      * to construct a {@link java.net.URL URL} and open a connection to the
@@ -172,17 +181,37 @@
     }
 
     /**
+     * Lists the contents of the module, returning a stream of elements that
+     * are the names of all resources in the module.
+     *
+     * <p> In lazy implementations then an {@code IOException} may be thrown
+     * when using the stream to list the module contents. If this occurs then
+     * the {@code IOException} will be wrapped in an {@link
+     * java.io.UncheckedIOException} and thrown from the method that caused the
+     * access to be attempted. {@code SecurityException} may also be thrown
+     * when using the stream to list the module contents and access is denied
+     * by the security manager. </p>
+     *
+     * <p> The behavior of the stream when used after the module reader is
+     * closed is implementation specific and therefore not specified. </p>
+     *
+     * @return A stream of elements that are the names of all resources
+     *         in the module
+     *
+     * @throws IOException
+     *         If an I/O error occurs or the module reader is closed
+     * @throws SecurityException
+     *         If denied by the security manager
+     */
+    Stream<String> list() throws IOException;
+
+    /**
      * Closes the module reader. Once closed then subsequent calls to locate or
-     * read a resource will fail by returning {@code Optional.empty()} or
-     * throwing {@code IOException}.
+     * read a resource will fail by throwing {@code IOException}.
      *
      * <p> A module reader is not required to be asynchronously closeable. If a
      * thread is reading a resource and another thread invokes the close method,
-     * then the second thread may block until the read operation is complete.
-     *
-     * <p> The behavior of {@code InputStream}s obtained using the {@link
-     * #open(String) open} method and used after the module reader is closed
-     * is implementation specific and therefore not specified.
+     * then the second thread may block until the read operation is complete. </p>
      */
     @Override
     void close() throws IOException;
--- a/src/java.base/share/classes/java/lang/module/ModuleReferences.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/module/ModuleReferences.java	Thu Dec 01 15:00:54 2016 -0500
@@ -35,6 +35,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.List;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.concurrent.locks.Lock;
@@ -43,14 +44,17 @@
 import java.util.function.Supplier;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
-import java.util.zip.ZipEntry;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import java.util.zip.ZipFile;
 
+import jdk.internal.jmod.JmodFile;
 import jdk.internal.misc.JavaLangAccess;
 import jdk.internal.misc.SharedSecrets;
 import jdk.internal.module.ModuleHashes;
 import jdk.internal.module.ModuleHashes.HashSupplier;
 import jdk.internal.module.ModulePatcher;
+import jdk.internal.util.jar.VersionedStream;
 import sun.net.www.ParseUtil;
 
 
@@ -140,6 +144,13 @@
         abstract Optional<InputStream> implOpen(String name) throws IOException;
 
         /**
+         * Returns a stream of the names of resources in the module. This
+         * method is invoked by the list method to do the actual work of
+         * creating the stream.
+         */
+        abstract Stream<String> implList() throws IOException;
+
+        /**
          * Closes the module reader. This method is invoked by close to do the
          * actual work of closing the module reader.
          */
@@ -175,7 +186,21 @@
         }
 
         @Override
-        public void close() throws IOException {
+        public final Stream<String> list() throws IOException {
+            readLock.lock();
+            try {
+                if (!closed) {
+                    return implList();
+                } else {
+                    throw new IOException("ModuleReader is closed");
+                }
+            } finally {
+                readLock.unlock();
+            }
+        }
+
+        @Override
+        public final void close() throws IOException {
             writeLock.lock();
             try {
                 if (!closed) {
@@ -241,6 +266,16 @@
         }
 
         @Override
+        Stream<String> implList() throws IOException {
+            // take snapshot to avoid async close
+            List<String> names = VersionedStream.stream(jf)
+                    .filter(e -> !e.isDirectory())
+                    .map(JarEntry::getName)
+                    .collect(Collectors.toList());
+            return names.stream();
+        }
+
+        @Override
         void implClose() throws IOException {
             jf.close();
         }
@@ -251,30 +286,31 @@
      * A ModuleReader for a JMOD file.
      */
     static class JModModuleReader extends SafeCloseModuleReader {
-        private final ZipFile zf;
+        private final JmodFile jf;
         private final URI uri;
 
-        static ZipFile newZipFile(Path path) {
+        static JmodFile newJmodFile(Path path) {
             try {
-                return new ZipFile(path.toFile());
+                return new JmodFile(path);
             } catch (IOException ioe) {
                 throw new UncheckedIOException(ioe);
             }
         }
 
         JModModuleReader(Path path, URI uri) {
-            this.zf = newZipFile(path);
+            this.jf = newJmodFile(path);
             this.uri = uri;
         }
 
-        private ZipEntry getEntry(String name) {
-            return zf.getEntry("classes/" + Objects.requireNonNull(name));
+        private JmodFile.Entry getEntry(String name) {
+            Objects.requireNonNull(name);
+            return jf.getEntry(JmodFile.Section.CLASSES, name);
         }
 
         @Override
         Optional<URI> implFind(String name) {
-            ZipEntry ze = getEntry(name);
-            if (ze != null) {
+            JmodFile.Entry je = getEntry(name);
+            if (je != null) {
                 String encodedPath = ParseUtil.encodePath(name, false);
                 String uris = "jmod:" + uri + "!/" + encodedPath;
                 return Optional.of(URI.create(uris));
@@ -285,17 +321,27 @@
 
         @Override
         Optional<InputStream> implOpen(String name) throws IOException {
-            ZipEntry ze = getEntry(name);
-            if (ze != null) {
-                return Optional.of(zf.getInputStream(ze));
+            JmodFile.Entry je = getEntry(name);
+            if (je != null) {
+                return Optional.of(jf.getInputStream(je));
             } else {
                 return Optional.empty();
             }
         }
 
         @Override
+        Stream<String> implList() throws IOException {
+            // take snapshot to avoid async close
+            List<String> names = jf.stream()
+                    .filter(e -> e.section() == JmodFile.Section.CLASSES)
+                    .map(JmodFile.Entry::name)
+                    .collect(Collectors.toList());
+            return names.stream();
+        }
+
+        @Override
         void implClose() throws IOException {
-            zf.close();
+            jf.close();
         }
     }
 
@@ -378,6 +424,17 @@
         }
 
         @Override
+        public Stream<String> list() throws IOException {
+            ensureOpen();
+            // sym links not followed
+            return Files.find(dir, Integer.MAX_VALUE,
+                              (path, attrs) -> attrs.isRegularFile())
+                    .map(f -> dir.relativize(f)
+                                 .toString()
+                                 .replace(File.separatorChar, '/'));
+        }
+
+        @Override
         public void close() {
             closed = true;
         }
--- a/src/java.base/share/classes/java/lang/module/SystemModuleFinder.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/lang/module/SystemModuleFinder.java	Thu Dec 01 15:00:54 2016 -0500
@@ -32,14 +32,21 @@
 import java.net.URI;
 import java.net.URLConnection;
 import java.nio.ByteBuffer;
+import java.util.ArrayDeque;
 import java.util.Collections;
+import java.util.Deque;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 import java.util.Set;
+import java.util.Spliterator;
+import java.util.function.Consumer;
 import java.util.function.Supplier;
+import java.util.stream.Stream;
+import java.util.stream.StreamSupport;
 
 import jdk.internal.jimage.ImageLocation;
 import jdk.internal.jimage.ImageReader;
@@ -62,6 +69,8 @@
 
 class SystemModuleFinder implements ModuleFinder {
 
+    private static final JavaNetUriAccess JNUA = SharedSecrets.getJavaNetUriAccess();
+
     private static final PerfCounter initTime
         = PerfCounter.newPerfCounter("jdk.module.finder.jimage.initTime");
     private static final PerfCounter moduleCount
@@ -73,8 +82,6 @@
     // ImageReader used to access all modules in the image
     private static final ImageReader imageReader;
 
-    private static final JavaNetUriAccess jnua = SharedSecrets.getJavaNetUriAccess();
-
     // the set of modules in the run-time image
     private static final Set<ModuleReference> modules;
 
@@ -170,8 +177,7 @@
                                                      HashSupplier hash)
     {
         String mn = md.name();
-
-        URI uri = jnua.create("jrt", "/".concat(mn));
+        URI uri = JNUA.create("jrt", "/".concat(mn));
 
         Supplier<ModuleReader> readerSupplier = new Supplier<>() {
             @Override
@@ -332,10 +338,101 @@
         }
 
         @Override
+        public Stream<String> list() throws IOException {
+            if (closed)
+                throw new IOException("ModuleReader is closed");
+
+            Spliterator<String> s = new ModuleContentSpliterator(module);
+            return StreamSupport.stream(s, false);
+        }
+
+        @Override
         public void close() {
             // nothing else to do
             closed = true;
         }
     }
 
+    /**
+     * A Spliterator for traversing the resources of a module linked into the
+     * run-time image.
+     */
+    static class ModuleContentSpliterator implements Spliterator<String> {
+        final String moduleRoot;
+        final Deque<ImageReader.Node> stack;
+        Iterator<ImageReader.Node> iterator;
+
+        ModuleContentSpliterator(String module) throws IOException {
+            moduleRoot = "/modules/" + module;
+            stack = new ArrayDeque<>();
+
+            // push the root node to the stack to get started
+            ImageReader.Node dir = imageReader.findNode(moduleRoot);
+            if (dir == null || !dir.isDirectory())
+                throw new IOException(moduleRoot + " not a directory");
+            stack.push(dir);
+            iterator = Collections.emptyIterator();
+        }
+
+        /**
+         * Returns the name of the next non-directory node or {@code null} if
+         * there are no remaining nodes to visit.
+         */
+        private String next() throws IOException {
+            for (;;) {
+                while (iterator.hasNext()) {
+                    ImageReader.Node node = iterator.next();
+                    String name = node.getName();
+                    if (node.isDirectory()) {
+                        // build node
+                        ImageReader.Node dir = imageReader.findNode(name);
+                        assert dir.isDirectory();
+                        stack.push(dir);
+                    } else {
+                        // strip /modules/$MODULE/ prefix
+                        return name.substring(moduleRoot.length() + 1);
+                    }
+                }
+
+                if (stack.isEmpty()) {
+                    return null;
+                } else {
+                    ImageReader.Node dir = stack.poll();
+                    assert dir.isDirectory();
+                    iterator = dir.getChildren().iterator();
+                }
+            }
+        }
+
+        @Override
+        public boolean tryAdvance(Consumer<? super String> action) {
+            String next;
+            try {
+                next = next();
+            } catch (IOException ioe) {
+                throw new UncheckedIOException(ioe);
+            }
+            if (next != null) {
+                action.accept(next);
+                return true;
+            } else {
+                return false;
+            }
+        }
+
+        @Override
+        public Spliterator<String> trySplit() {
+            return null;
+        }
+
+        @Override
+        public int characteristics() {
+            return Spliterator.DISTINCT + Spliterator.NONNULL + Spliterator.IMMUTABLE;
+        }
+
+        @Override
+        public long estimateSize() {
+            return Long.MAX_VALUE;
+        }
+    }
 }
--- a/src/java.base/share/classes/java/net/InetAddress.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/net/InetAddress.java	Thu Dec 01 15:00:54 2016 -0500
@@ -201,13 +201,13 @@
      * Specify the address family: Internet Protocol, Version 4
      * @since 1.4
      */
-    static final int IPv4 = 1;
+    @Native static final int IPv4 = 1;
 
     /**
      * Specify the address family: Internet Protocol, Version 6
      * @since 1.4
      */
-    static final int IPv6 = 2;
+    @Native static final int IPv6 = 2;
 
     /* Specify address family preference */
     static transient final int preferIPv6Address;
--- a/src/java.base/share/classes/java/net/URLClassLoader.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/net/URLClassLoader.java	Thu Dec 01 15:00:54 2016 -0500
@@ -110,19 +110,19 @@
         if (security != null) {
             security.checkCreateClassLoader();
         }
-        ucp = new URLClassPath(urls);
+        this.ucp = new URLClassPath(urls);
         this.acc = AccessController.getContext();
     }
 
-    URLClassLoader(URL[] urls, ClassLoader parent,
+    URLClassLoader(String name, URL[] urls, ClassLoader parent,
                    AccessControlContext acc) {
-        super(parent);
+        super(name, parent);
         // this is to make the stack depth consistent with 1.1
         SecurityManager security = System.getSecurityManager();
         if (security != null) {
             security.checkCreateClassLoader();
         }
-        ucp = new URLClassPath(urls);
+        this.ucp = new URLClassPath(urls);
         this.acc = acc;
     }
 
@@ -154,7 +154,7 @@
         if (security != null) {
             security.checkCreateClassLoader();
         }
-        ucp = new URLClassPath(urls);
+        this.ucp = new URLClassPath(urls);
         this.acc = AccessController.getContext();
     }
 
@@ -165,7 +165,7 @@
         if (security != null) {
             security.checkCreateClassLoader();
         }
-        ucp = new URLClassPath(urls);
+        this.ucp = new URLClassPath(urls);
         this.acc = acc;
     }
 
@@ -198,8 +198,76 @@
         if (security != null) {
             security.checkCreateClassLoader();
         }
-        ucp = new URLClassPath(urls, factory);
-        acc = AccessController.getContext();
+        this.ucp = new URLClassPath(urls, factory);
+        this.acc = AccessController.getContext();
+    }
+
+
+    /**
+     * Constructs a new named {@code URLClassLoader} for the specified URLs.
+     * The URLs will be searched in the order specified for classes
+     * and resources after first searching in the specified parent class loader.
+     * Any URL that ends with a '/' is assumed to refer to a directory.
+     * Otherwise, the URL is assumed to refer to a JAR file which will be
+     * downloaded and opened as needed.
+     *
+     * @param  name class loader name; or {@code null} if not named
+     * @param  urls the URLs from which to load classes and resources
+     * @param  parent the parent class loader for delegation
+     *
+     * @throws IllegalArgumentException if the given name is empty.
+     * @throws NullPointerException if {@code urls} is {@code null}.
+     *
+     * @throws SecurityException if a security manager exists and its
+     *         {@link SecurityManager#checkCreateClassLoader()} method doesn't
+     *         allow creation of a class loader.
+     *
+     * @since 9
+     */
+    public URLClassLoader(String name,
+                          URL[] urls,
+                          ClassLoader parent) {
+        super(name, parent);
+        // this is to make the stack depth consistent with 1.1
+        SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            security.checkCreateClassLoader();
+        }
+        this.ucp = new URLClassPath(urls);
+        this.acc = AccessController.getContext();
+    }
+
+    /**
+     * Constructs a new named {@code URLClassLoader} for the specified URLs,
+     * parent class loader, and URLStreamHandlerFactory.
+     * The parent argument will be used as the parent class loader for delegation.
+     * The factory argument will be used as the stream handler factory to
+     * obtain protocol handlers when creating new jar URLs.
+     *
+     * @param  name class loader name; or {@code null} if not named
+     * @param  urls the URLs from which to load classes and resources
+     * @param  parent the parent class loader for delegation
+     * @param  factory the URLStreamHandlerFactory to use when creating URLs
+     *
+     * @throws IllegalArgumentException if the given name is empty.
+     * @throws NullPointerException if {@code urls} is {@code null}.
+     *
+     * @throws SecurityException if a security manager exists and its
+     *         {@code checkCreateClassLoader} method doesn't allow
+     *         creation of a class loader.
+     *
+     * @since 9
+     */
+    public URLClassLoader(String name, URL[] urls, ClassLoader parent,
+                          URLStreamHandlerFactory factory) {
+        super(name, parent);
+        // this is to make the stack depth consistent with 1.1
+        SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            security.checkCreateClassLoader();
+        }
+        this.ucp = new URLClassPath(urls, factory);
+        this.acc = AccessController.getContext();
     }
 
     /* A map (used as a set) to keep track of closeable local resources
@@ -735,7 +803,7 @@
         URLClassLoader ucl = AccessController.doPrivileged(
             new PrivilegedAction<>() {
                 public URLClassLoader run() {
-                    return new FactoryURLClassLoader(urls, parent, acc);
+                    return new FactoryURLClassLoader(null, urls, parent, acc);
                 }
             });
         return ucl;
@@ -785,9 +853,9 @@
         ClassLoader.registerAsParallelCapable();
     }
 
-    FactoryURLClassLoader(URL[] urls, ClassLoader parent,
+    FactoryURLClassLoader(String name, URL[] urls, ClassLoader parent,
                           AccessControlContext acc) {
-        super(urls, parent, acc);
+        super(name, urls, parent, acc);
     }
 
     FactoryURLClassLoader(URL[] urls, AccessControlContext acc) {
--- a/src/java.base/share/classes/java/nio/file/TempFileHelper.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/nio/file/TempFileHelper.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -55,8 +55,8 @@
     private static final SecureRandom random = new SecureRandom();
     private static Path generatePath(String prefix, String suffix, Path dir) {
         long n = random.nextLong();
-        n = (n == Long.MIN_VALUE) ? 0 : Math.abs(n);
-        Path name = dir.getFileSystem().getPath(prefix + Long.toString(n) + suffix);
+        String s = prefix + Long.toUnsignedString(n) + suffix;
+        Path name = dir.getFileSystem().getPath(s);
         // the generated name should be a simple file name
         if (name.getParent() != null)
             throw new IllegalArgumentException("Invalid prefix or suffix");
--- a/src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/AlgorithmParameterGenerator.java	Thu Dec 01 15:00:54 2016 -0500
@@ -26,6 +26,7 @@
 package java.security;
 
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Objects;
 
 /**
  * The {@code AlgorithmParameterGenerator} class is used to generate a
@@ -153,16 +154,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new AlgorithmParameterGenerator object.
+     * @return the new {@code AlgorithmParameterGenerator} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports an
-     *          AlgorithmParameterGeneratorSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports an
+     *         {@code AlgorithmParameterGeneratorSpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static AlgorithmParameterGenerator getInstance(String algorithm)
         throws NoSuchAlgorithmException {
+            Objects.requireNonNull(algorithm, "null algorithm name");
             try {
                 Object[] objs = Security.getImpl(algorithm,
                                                  "AlgorithmParameterGenerator",
@@ -197,17 +201,20 @@
      *
      * @param provider the string name of the Provider.
      *
-     * @return the new AlgorithmParameterGenerator object.
+     * @return the new {@code AlgorithmParameterGenerator} object
      *
-     * @exception NoSuchAlgorithmException if an AlgorithmParameterGeneratorSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if an
+     *         {@code AlgorithmParameterGeneratorSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
@@ -215,6 +222,7 @@
                                                           String provider)
         throws NoSuchAlgorithmException, NoSuchProviderException
     {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (provider == null || provider.length() == 0)
             throw new IllegalArgumentException("missing provider");
         Object[] objs = Security.getImpl(algorithm,
@@ -241,15 +249,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @param provider the Provider object.
+     * @param provider the {@code Provider} object.
      *
-     * @return the new AlgorithmParameterGenerator object.
+     * @return the new {@code AlgorithmParameterGenerator} object
      *
-     * @exception NoSuchAlgorithmException if an AlgorithmParameterGeneratorSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the specified provider is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the specified provider is null.
+     * @throws NoSuchAlgorithmException if an
+     *         {@code AlgorithmParameterGeneratorSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -259,6 +271,7 @@
                                                           Provider provider)
         throws NoSuchAlgorithmException
     {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (provider == null)
             throw new IllegalArgumentException("missing provider");
         Object[] objs = Security.getImpl(algorithm,
--- a/src/java.base/share/classes/java/security/AlgorithmParameters.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/AlgorithmParameters.java	Thu Dec 01 15:00:54 2016 -0500
@@ -28,6 +28,7 @@
 import java.io.*;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidParameterSpecException;
+import java.util.Objects;
 
 /**
  * This class is used as an opaque representation of cryptographic parameters.
@@ -140,16 +141,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new parameter object.
+     * @return the new parameter object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports an
-     *          AlgorithmParametersSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports an
+     *         {@code AlgorithmParametersSpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static AlgorithmParameters getInstance(String algorithm)
     throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         try {
             Object[] objs = Security.getImpl(algorithm, "AlgorithmParameters",
                                              (String)null);
@@ -184,17 +188,19 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new parameter object.
+     * @return the new parameter object
      *
-     * @exception NoSuchAlgorithmException if an AlgorithmParametersSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if an {@code AlgorithmParametersSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
@@ -202,6 +208,7 @@
                                                   String provider)
         throws NoSuchAlgorithmException, NoSuchProviderException
     {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (provider == null || provider.length() == 0)
             throw new IllegalArgumentException("missing provider");
         Object[] objs = Security.getImpl(algorithm, "AlgorithmParameters",
@@ -231,13 +238,16 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new parameter object.
+     * @return the new parameter object
      *
-     * @exception NoSuchAlgorithmException if an AlgorithmParameterGeneratorSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the provider is {@code null}
      *
-     * @exception IllegalArgumentException if the provider is null.
+     * @throws NoSuchAlgorithmException if an
+     *         {@code AlgorithmParameterGeneratorSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -247,6 +257,7 @@
                                                   Provider provider)
         throws NoSuchAlgorithmException
     {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (provider == null)
             throw new IllegalArgumentException("missing provider");
         Object[] objs = Security.getImpl(algorithm, "AlgorithmParameters",
--- a/src/java.base/share/classes/java/security/KeyFactory.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/KeyFactory.java	Thu Dec 01 15:00:54 2016 -0500
@@ -167,16 +167,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new KeyFactory object.
+     * @return the new {@code KeyFactory} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          KeyFactorySpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code KeyFactorySpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static KeyFactory getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         return new KeyFactory(algorithm);
     }
 
@@ -200,22 +203,25 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new KeyFactory object.
+     * @return the new {@code KeyFactory} object
      *
-     * @exception NoSuchAlgorithmException if a KeyFactorySpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if a {@code KeyFactorySpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static KeyFactory getInstance(String algorithm, String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("KeyFactory",
             KeyFactorySpi.class, algorithm, provider);
         return new KeyFactory((KeyFactorySpi)instance.impl,
@@ -239,13 +245,16 @@
      *
      * @param provider the provider.
      *
-     * @return the new KeyFactory object.
+     * @return the new {@code KeyFactory} object
      *
-     * @exception NoSuchAlgorithmException if a KeyFactorySpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the specified provider is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the specified provider is null.
+     * @throws NoSuchAlgorithmException if a {@code KeyFactorySpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -253,6 +262,7 @@
      */
     public static KeyFactory getInstance(String algorithm, Provider provider)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("KeyFactory",
             KeyFactorySpi.class, algorithm, provider);
         return new KeyFactory((KeyFactorySpi)instance.impl,
--- a/src/java.base/share/classes/java/security/KeyPairGenerator.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/KeyPairGenerator.java	Thu Dec 01 15:00:54 2016 -0500
@@ -209,16 +209,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new KeyPairGenerator object.
+     * @return the new {@code KeyPairGenerator} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          KeyPairGeneratorSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code KeyPairGeneratorSpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static KeyPairGenerator getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         List<Service> list =
                 GetInstance.getServices("KeyPairGenerator", algorithm);
         Iterator<Service> t = list.iterator();
@@ -267,23 +270,26 @@
      *
      * @param provider the string name of the provider.
      *
-     * @return the new KeyPairGenerator object.
+     * @return the new {@code KeyPairGenerator} object
      *
-     * @exception NoSuchAlgorithmException if a KeyPairGeneratorSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if a {@code KeyPairGeneratorSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static KeyPairGenerator getInstance(String algorithm,
             String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("KeyPairGenerator",
                 KeyPairGeneratorSpi.class, algorithm, provider);
         return getInstance(instance, algorithm);
@@ -306,13 +312,16 @@
      *
      * @param provider the provider.
      *
-     * @return the new KeyPairGenerator object.
+     * @return the new {@code KeyPairGenerator} object
      *
-     * @exception NoSuchAlgorithmException if a KeyPairGeneratorSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the specified provider is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the specified provider is null.
+     * @throws NoSuchAlgorithmException if a {@code KeyPairGeneratorSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -320,6 +329,7 @@
      */
     public static KeyPairGenerator getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("KeyPairGenerator",
                 KeyPairGeneratorSpi.class, algorithm, provider);
         return getInstance(instance, algorithm);
--- a/src/java.base/share/classes/java/security/KeyStore.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/KeyStore.java	Thu Dec 01 15:00:54 2016 -0500
@@ -26,7 +26,6 @@
 package java.security;
 
 import java.io.*;
-import java.net.URI;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.security.cert.CertificateException;
@@ -855,17 +854,20 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard keystore types.
      *
-     * @return a keystore object of the specified type.
+     * @return a keystore object of the specified type
      *
-     * @exception KeyStoreException if no Provider supports a
-     *          KeyStoreSpi implementation for the
-     *          specified type.
+     * @throws KeyStoreException if no {@code Provider} supports a
+     *         {@code KeyStoreSpi} implementation for the
+     *         specified type
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see Provider
      */
     public static KeyStore getInstance(String type)
         throws KeyStoreException
     {
+        Objects.requireNonNull(type, "null type name");
         try {
             Object[] objs = Security.getImpl(type, "KeyStore", (String)null);
             return new KeyStore((KeyStoreSpi)objs[0], (Provider)objs[1], type);
@@ -895,23 +897,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return a keystore object of the specified type.
+     * @return a keystore object of the specified type
      *
-     * @exception KeyStoreException if a KeyStoreSpi
-     *          implementation for the specified type is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws KeyStoreException if a {@code KeyStoreSpi}
+     *         implementation for the specified type is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see Provider
      */
     public static KeyStore getInstance(String type, String provider)
         throws KeyStoreException, NoSuchProviderException
     {
+        Objects.requireNonNull(type, "null type name");
         if (provider == null || provider.length() == 0)
             throw new IllegalArgumentException("missing provider");
         try {
@@ -938,13 +943,16 @@
      *
      * @param provider the provider.
      *
-     * @return a keystore object of the specified type.
+     * @return a keystore object of the specified type
      *
-     * @exception KeyStoreException if KeyStoreSpi
-     *          implementation for the specified type is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the specified provider is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the specified provider is null.
+     * @throws KeyStoreException if {@code KeyStoreSpi}
+     *         implementation for the specified type is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see Provider
      *
@@ -953,6 +961,7 @@
     public static KeyStore getInstance(String type, Provider provider)
         throws KeyStoreException
     {
+        Objects.requireNonNull(type, "null type name");
         if (provider == null)
             throw new IllegalArgumentException("missing provider");
         try {
--- a/src/java.base/share/classes/java/security/MessageDigest.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/MessageDigest.java	Thu Dec 01 15:00:54 2016 -0500
@@ -26,13 +26,8 @@
 package java.security;
 
 import java.util.*;
-import java.lang.*;
-import java.io.IOException;
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
-import java.io.InputStream;
-import java.io.ByteArrayInputStream;
-import java.security.InvalidKeyException;
 import java.nio.ByteBuffer;
 
 import sun.security.util.Debug;
@@ -163,16 +158,20 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return a Message Digest object that implements the specified algorithm.
+     * @return a {@code MessageDigest} object that implements the
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          MessageDigestSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code MessageDigestSpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static MessageDigest getInstance(String algorithm)
     throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         try {
             MessageDigest md;
             Object[] objs = Security.getImpl(algorithm, "MessageDigest",
@@ -216,23 +215,27 @@
      *
      * @param provider the name of the provider.
      *
-     * @return a MessageDigest object that implements the specified algorithm.
+     * @return a {@code MessageDigest} object that implements the
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if a MessageDigestSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if a {@code MessageDigestSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static MessageDigest getInstance(String algorithm, String provider)
         throws NoSuchAlgorithmException, NoSuchProviderException
     {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (provider == null || provider.length() == 0)
             throw new IllegalArgumentException("missing provider");
         Object[] objs = Security.getImpl(algorithm, "MessageDigest", provider);
@@ -265,13 +268,17 @@
      *
      * @param provider the provider.
      *
-     * @return a MessageDigest object that implements the specified algorithm.
+     * @return a {@code MessageDigest} object that implements the
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if a MessageDigestSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the specified provider is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the specified provider is null.
+     * @throws NoSuchAlgorithmException if a {@code MessageDigestSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -281,6 +288,7 @@
                                             Provider provider)
         throws NoSuchAlgorithmException
     {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (provider == null)
             throw new IllegalArgumentException("missing provider");
         Object[] objs = Security.getImpl(algorithm, "MessageDigest", provider);
--- a/src/java.base/share/classes/java/security/Policy.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/Policy.java	Thu Dec 01 15:00:54 2016 -0500
@@ -29,6 +29,7 @@
 import java.util.Enumeration;
 import java.util.WeakHashMap;
 import java.util.concurrent.atomic.AtomicReference;
+import java.util.Objects;
 import sun.security.jca.GetInstance;
 import sun.security.util.Debug;
 import sun.security.util.SecurityConstants;
@@ -372,26 +373,26 @@
      *
      * @param params parameters for the Policy, which may be null.
      *
-     * @return the new Policy object.
+     * @return the new {@code Policy} object
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get a Policy instance for the specified type.
+     * @throws IllegalArgumentException if the specified parameters
+     *         are not understood by the {@code PolicySpi} implementation
+     *         from the selected {@code Provider}
      *
-     * @exception NullPointerException if the specified type is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports
+     *         a {@code PolicySpi} implementation for the specified type
      *
-     * @exception IllegalArgumentException if the specified parameters
-     *          are not understood by the PolicySpi implementation
-     *          from the selected Provider.
+     * @throws NullPointerException if {@code type} is {@code null}
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a PolicySpi
-     *          implementation for the specified type.
+     * @throws SecurityException if the caller does not have permission
+     *         to get a {@code Policy} instance for the specified type.
      *
      * @see Provider
      * @since 1.6
      */
     public static Policy getInstance(String type, Policy.Parameters params)
                 throws NoSuchAlgorithmException {
-
+        Objects.requireNonNull(type, "null type name");
         checkPermission(type);
         try {
             GetInstance.Instance instance = GetInstance.getInstance("Policy",
@@ -428,23 +429,24 @@
      *
      * @param provider the provider.
      *
-     * @return the new Policy object.
+     * @return the new {@code Policy} object
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get a Policy instance for the specified type.
+     * @throws IllegalArgumentException if the specified provider
+     *         is {@code null} or empty, or if the specified parameters are
+     *         not understood by the {@code PolicySpi} implementation from
+     *         the specified provider
      *
-     * @exception NullPointerException if the specified type is null.
+     * @throws NoSuchAlgorithmException if the specified provider does not
+     *         support a {@code PolicySpi} implementation for the specified
+     *         type
      *
-     * @exception IllegalArgumentException if the specified provider
-     *          is null or empty,
-     *          or if the specified parameters are not understood by
-     *          the PolicySpi implementation from the specified provider.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NullPointerException if {@code type} is {@code null}
      *
-     * @exception NoSuchAlgorithmException if the specified provider does not
-     *          support a PolicySpi implementation for the specified type.
+     * @throws SecurityException if the caller does not have permission
+     *         to get a {@code Policy} instance for the specified type
      *
      * @see Provider
      * @since 1.6
@@ -454,6 +456,7 @@
                                 String provider)
                 throws NoSuchProviderException, NoSuchAlgorithmException {
 
+        Objects.requireNonNull(type, "null type name");
         if (provider == null || provider.length() == 0) {
             throw new IllegalArgumentException("missing provider");
         }
@@ -492,19 +495,21 @@
      *
      * @param provider the Provider.
      *
-     * @return the new Policy object.
+     * @return the new {@code Policy} object
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get a Policy instance for the specified type.
+     * @throws IllegalArgumentException if the specified {@code Provider}
+     *         is {@code null}, or if the specified parameters are not
+     *         understood by the {@code PolicySpi} implementation from the
+     *         specified {@code Provider}
      *
-     * @exception NullPointerException if the specified type is null.
+     * @throws NoSuchAlgorithmException if the specified {@code Provider}
+     *         does not support a {@code PolicySpi} implementation for
+     *         the specified type
      *
-     * @exception IllegalArgumentException if the specified Provider is null,
-     *          or if the specified parameters are not understood by
-     *          the PolicySpi implementation from the specified Provider.
+     * @throws NullPointerException if {@code type} is {@code null}
      *
-     * @exception NoSuchAlgorithmException if the specified Provider does not
-     *          support a PolicySpi implementation for the specified type.
+     * @throws SecurityException if the caller does not have permission
+     *         to get a {@code Policy} instance for the specified type
      *
      * @see Provider
      * @since 1.6
@@ -514,6 +519,7 @@
                                 Provider provider)
                 throws NoSuchAlgorithmException {
 
+        Objects.requireNonNull(type, "null type name");
         if (provider == null) {
             throw new IllegalArgumentException("missing provider");
         }
--- a/src/java.base/share/classes/java/security/SecureClassLoader.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/SecureClassLoader.java	Thu Dec 01 15:00:54 2016 -0500
@@ -25,8 +25,6 @@
 
 package java.security;
 
-import java.net.URL;
-import java.util.ArrayList;
 import java.util.Map;
 import java.util.Objects;
 import java.util.concurrent.ConcurrentHashMap;
@@ -114,6 +112,30 @@
     }
 
     /**
+     * Creates a new {@code SecureClassLoader} of the specified name and
+     * using the specified parent class loader for delegation.
+     *
+     * @param name class loader name; or {@code null} if not named
+     * @param parent the parent class loader
+     *
+     * @throws IllegalArgumentException if the given name is empty.
+     *
+     * @throws SecurityException  if a security manager exists and its
+     *         {@link SecurityManager#checkCreateClassLoader()} method
+     *         doesn't allow creation of a class loader.
+     *
+     * @since 9
+     */
+    protected SecureClassLoader(String name, ClassLoader parent) {
+        super(name, parent);
+        SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            security.checkCreateClassLoader();
+        }
+        initialized = true;
+    }
+
+    /**
      * Converts an array of bytes into an instance of class Class,
      * with an optional CodeSource. Before the
      * class can be used it must be resolved.
--- a/src/java.base/share/classes/java/security/SecureRandom.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/SecureRandom.java	Thu Dec 01 15:00:54 2016 -0500
@@ -303,11 +303,13 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard RNG algorithm names.
      *
-     * @return the new {@code SecureRandom} object.
+     * @return the new {@code SecureRandom} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          {@code SecureRandomSpi} implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code SecureRandomSpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -315,6 +317,7 @@
      */
     public static SecureRandom getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("SecureRandom",
                 SecureRandomSpi.class, algorithm);
         return new SecureRandom((SecureRandomSpi)instance.impl,
@@ -341,17 +344,19 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new {@code SecureRandom} object.
+     * @return the new {@code SecureRandom} object
+     *
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
      * @throws NoSuchAlgorithmException if a {@code SecureRandomSpi}
      *         implementation for the specified algorithm is not
-     *         available from the specified provider.
+     *         available from the specified provider
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *         registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @throws IllegalArgumentException if the provider name is null
-     *         or empty.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -359,6 +364,7 @@
      */
     public static SecureRandom getInstance(String algorithm, String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("SecureRandom",
             SecureRandomSpi.class, algorithm, provider);
         return new SecureRandom((SecureRandomSpi)instance.impl,
@@ -382,13 +388,16 @@
      *
      * @param provider the provider.
      *
-     * @return the new {@code SecureRandom} object.
+     * @return the new {@code SecureRandom} object
+     *
+     * @throws IllegalArgumentException if the specified provider is
+     *         {@code null}
      *
      * @throws NoSuchAlgorithmException if a {@code SecureRandomSpi}
      *         implementation for the specified algorithm is not available
-     *         from the specified {@code Provider} object.
+     *         from the specified {@code Provider} object
      *
-     * @throws IllegalArgumentException if the specified provider is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -396,6 +405,7 @@
      */
     public static SecureRandom getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("SecureRandom",
             SecureRandomSpi.class, algorithm, provider);
         return new SecureRandom((SecureRandomSpi)instance.impl,
@@ -433,13 +443,16 @@
      * @param params the {@code SecureRandomParameters}
      *               the newly created {@code SecureRandom} object must support.
      *
-     * @return the new {@code SecureRandom} object.
+     * @return the new {@code SecureRandom} object
+     *
+     * @throws IllegalArgumentException if the specified params is
+     *         {@code null}
      *
      * @throws NoSuchAlgorithmException if no Provider supports a
      *         {@code SecureRandomSpi} implementation for the specified
-     *         algorithm and parameters.
+     *         algorithm and parameters
      *
-     * @throws IllegalArgumentException if the specified params is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -448,6 +461,7 @@
     public static SecureRandom getInstance(
             String algorithm, SecureRandomParameters params)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (params == null) {
             throw new IllegalArgumentException("params cannot be null");
         }
@@ -481,17 +495,19 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new {@code SecureRandom} object.
+     * @return the new {@code SecureRandom} object
+     *
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty, or params is {@code null}
      *
      * @throws NoSuchAlgorithmException if the specified provider does not
      *         support a {@code SecureRandomSpi} implementation for the
-     *         specified algorithm and parameters.
+     *         specified algorithm and parameters
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *         registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @throws IllegalArgumentException if the provider name is null
-     *         or empty, or params is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -500,6 +516,7 @@
     public static SecureRandom getInstance(String algorithm,
             SecureRandomParameters params, String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (params == null) {
             throw new IllegalArgumentException("params cannot be null");
         }
@@ -531,14 +548,16 @@
      *
      * @param provider the provider.
      *
-     * @return the new {@code SecureRandom} object.
+     * @return the new {@code SecureRandom} object
+     *
+     * @throws IllegalArgumentException if the specified provider or params
+     *         is {@code null}
      *
      * @throws NoSuchAlgorithmException if the specified provider does not
      *         support a {@code SecureRandomSpi} implementation for the
-     *         specified algorithm and parameters.
+     *         specified algorithm and parameters
      *
-     * @throws IllegalArgumentException if the specified provider or params
-     *         is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -547,6 +566,7 @@
     public static SecureRandom getInstance(String algorithm,
             SecureRandomParameters params, Provider provider)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (params == null) {
             throw new IllegalArgumentException("params cannot be null");
         }
--- a/src/java.base/share/classes/java/security/Signature.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/Signature.java	Thu Dec 01 15:00:54 2016 -0500
@@ -213,16 +213,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new Signature object.
+     * @return the new {@code Signature} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          Signature implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code Signature} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static Signature getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         List<Service> list;
         if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
             list = GetInstance.getServices(rsaIds);
@@ -335,22 +338,25 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new Signature object.
+     * @return the new {@code Signature} object
      *
-     * @exception NoSuchAlgorithmException if a SignatureSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if a {@code SignatureSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      */
     public static Signature getInstance(String algorithm, String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
             // exception compatibility with existing code
             if ((provider == null) || (provider.length() == 0)) {
@@ -385,13 +391,15 @@
      *
      * @param provider the provider.
      *
-     * @return the new Signature object.
+     * @return the new {@code Signature} object
      *
-     * @exception NoSuchAlgorithmException if a SignatureSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the provider is {@code null}
      *
-     * @exception IllegalArgumentException if the provider is null.
+     * @throws NoSuchAlgorithmException if a {@code SignatureSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see Provider
      *
@@ -399,6 +407,7 @@
      */
     public static Signature getInstance(String algorithm, Provider provider)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         if (algorithm.equalsIgnoreCase(RSA_SIGNATURE)) {
             // exception compatibility with existing code
             if (provider == null) {
--- a/src/java.base/share/classes/java/security/cert/CertPathBuilder.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/cert/CertPathBuilder.java	Thu Dec 01 15:00:54 2016 -0500
@@ -32,7 +32,7 @@
 import java.security.PrivilegedAction;
 import java.security.Provider;
 import java.security.Security;
-import sun.security.util.Debug;
+import java.util.Objects;
 
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
@@ -157,16 +157,19 @@
      * for information about standard algorithm names.
      *
      * @return a {@code CertPathBuilder} object that implements the
-     *          specified algorithm.
+     *         specified algorithm
      *
-     * @throws NoSuchAlgorithmException if no Provider supports a
-     *          CertPathBuilderSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code CertPathBuilderSpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertPathBuilder getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("CertPathBuilder",
             CertPathBuilderSpi.class, algorithm);
         return new CertPathBuilder((CertPathBuilderSpi)instance.impl,
@@ -194,22 +197,25 @@
      * @param provider the name of the provider.
      *
      * @return a {@code CertPathBuilder} object that implements the
-     *          specified algorithm.
+     *         specified algorithm
      *
-     * @throws NoSuchAlgorithmException if a CertPathBuilderSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         {@code null} or empty
+     *
+     * @throws NoSuchAlgorithmException if a {@code CertPathBuilderSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @exception IllegalArgumentException if the {@code provider} is
-     *          null or empty.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertPathBuilder getInstance(String algorithm, String provider)
            throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("CertPathBuilder",
             CertPathBuilderSpi.class, algorithm, provider);
         return new CertPathBuilder((CertPathBuilderSpi)instance.impl,
@@ -234,19 +240,22 @@
      * @param provider the provider.
      *
      * @return a {@code CertPathBuilder} object that implements the
-     *          specified algorithm.
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if a CertPathBuilderSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the {@code provider} is
-     *          null.
+     * @throws NoSuchAlgorithmException if a {@code CertPathBuilderSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertPathBuilder getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("CertPathBuilder",
             CertPathBuilderSpi.class, algorithm, provider);
         return new CertPathBuilder((CertPathBuilderSpi)instance.impl,
--- a/src/java.base/share/classes/java/security/cert/CertPathValidator.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/cert/CertPathValidator.java	Thu Dec 01 15:00:54 2016 -0500
@@ -32,7 +32,7 @@
 import java.security.PrivilegedAction;
 import java.security.Provider;
 import java.security.Security;
-import sun.security.util.Debug;
+import java.util.Objects;
 
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
@@ -158,16 +158,19 @@
      * for information about standard algorithm names.
      *
      * @return a {@code CertPathValidator} object that implements the
-     *          specified algorithm.
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          CertPathValidatorSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code CertPathValidatorSpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertPathValidator getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("CertPathValidator",
             CertPathValidatorSpi.class, algorithm);
         return new CertPathValidator((CertPathValidatorSpi)instance.impl,
@@ -195,23 +198,26 @@
      * @param provider the name of the provider.
      *
      * @return a {@code CertPathValidator} object that implements the
-     *          specified algorithm.
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if a CertPathValidatorSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         {@code null} or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if a {@code CertPathValidatorSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the {@code provider} is
-     *          null or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertPathValidator getInstance(String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("CertPathValidator",
             CertPathValidatorSpi.class, algorithm, provider);
         return new CertPathValidator((CertPathValidatorSpi)instance.impl,
@@ -236,19 +242,22 @@
      * @param provider the provider.
      *
      * @return a {@code CertPathValidator} object that implements the
-     *          specified algorithm.
+     *          specified algorithm
      *
-     * @exception NoSuchAlgorithmException if a CertPathValidatorSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the {@code provider} is
-     *          null.
+     * @throws NoSuchAlgorithmException if a {@code CertPathValidatorSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified Provider object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertPathValidator getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = GetInstance.getInstance("CertPathValidator",
             CertPathValidatorSpi.class, algorithm, provider);
         return new CertPathValidator((CertPathValidatorSpi)instance.impl,
--- a/src/java.base/share/classes/java/security/cert/CertStore.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/cert/CertStore.java	Thu Dec 01 15:00:54 2016 -0500
@@ -33,6 +33,7 @@
 import java.security.Provider;
 import java.security.Security;
 import java.util.Collection;
+import java.util.Objects;
 
 import sun.security.jca.*;
 import sun.security.jca.GetInstance.Instance;
@@ -218,20 +219,23 @@
      * @param params the initialization parameters (may be {@code null}).
      *
      * @return a {@code CertStore} object that implements the specified
-     *          {@code CertStore} type.
-     *
-     * @throws NoSuchAlgorithmException if no Provider supports a
-     *          CertStoreSpi implementation for the specified type.
+     *          {@code CertStore} type
      *
      * @throws InvalidAlgorithmParameterException if the specified
-     *          initialization parameters are inappropriate for this
-     *          {@code CertStore}.
+     *         initialization parameters are inappropriate for this
+     *         {@code CertStore}
+     *
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code CertStoreSpi} implementation for the specified type
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertStore getInstance(String type, CertStoreParameters params)
             throws InvalidAlgorithmParameterException,
             NoSuchAlgorithmException {
+        Objects.requireNonNull(type, "null type name");
         try {
             Instance instance = GetInstance.getInstance("CertStore",
                 CertStoreSpi.class, type, params);
@@ -243,7 +247,8 @@
     }
 
     private static CertStore handleException(NoSuchAlgorithmException e)
-            throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
+            throws NoSuchAlgorithmException,
+            InvalidAlgorithmParameterException {
         Throwable cause = e.getCause();
         if (cause instanceof InvalidAlgorithmParameterException) {
             throw (InvalidAlgorithmParameterException)cause;
@@ -280,21 +285,23 @@
      * @param provider the name of the provider.
      *
      * @return a {@code CertStore} object that implements the
-     *          specified type.
+     *          specified type
      *
-     * @throws NoSuchAlgorithmException if a CertStoreSpi
-     *          implementation for the specified type is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         {@code null} or empty
      *
      * @throws InvalidAlgorithmParameterException if the specified
-     *          initialization parameters are inappropriate for this
-     *          {@code CertStore}.
+     *         initialization parameters are inappropriate for this
+     *         {@code CertStore}
+     *
+     * @throws NoSuchAlgorithmException if a {@code CertStoreSpi}
+     *         implementation for the specified type is not
+     *         available from the specified provider
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @exception IllegalArgumentException if the {@code provider} is
-     *          null or empty.
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see java.security.Provider
      */
@@ -302,6 +309,7 @@
             CertStoreParameters params, String provider)
             throws InvalidAlgorithmParameterException,
             NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(type, "null type name");
         try {
             Instance instance = GetInstance.getInstance("CertStore",
                 CertStoreSpi.class, type, params, provider);
@@ -338,24 +346,27 @@
      * @param provider the provider.
      *
      * @return a {@code CertStore} object that implements the
-     *          specified type.
+     *          specified type
      *
-     * @exception NoSuchAlgorithmException if a CertStoreSpi
-     *          implementation for the specified type is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         null
      *
      * @throws InvalidAlgorithmParameterException if the specified
-     *          initialization parameters are inappropriate for this
-     *          {@code CertStore}
+     *         initialization parameters are inappropriate for this
+     *         {@code CertStore}
      *
-     * @exception IllegalArgumentException if the {@code provider} is
-     *          null.
+     * @throws NoSuchAlgorithmException if a {@code CertStoreSpi}
+     *         implementation for the specified type is not available
+     *         from the specified Provider object
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see java.security.Provider
      */
     public static CertStore getInstance(String type, CertStoreParameters params,
             Provider provider) throws NoSuchAlgorithmException,
             InvalidAlgorithmParameterException {
+        Objects.requireNonNull(type, "null type name");
         try {
             Instance instance = GetInstance.getInstance("CertStore",
                 CertStoreSpi.class, type, params, provider);
--- a/src/java.base/share/classes/java/security/cert/CertificateFactory.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/security/cert/CertificateFactory.java	Thu Dec 01 15:00:54 2016 -0500
@@ -29,10 +29,9 @@
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Objects;
 import java.security.Provider;
 import java.security.Security;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.security.NoSuchAlgorithmException;
 import java.security.NoSuchProviderException;
 
@@ -177,16 +176,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard certificate types.
      *
-     * @return a certificate factory object for the specified type.
+     * @return a certificate factory object for the specified type
      *
-     * @exception CertificateException if no Provider supports a
-     *          CertificateFactorySpi implementation for the
-     *          specified type.
+     * @throws CertificateException if no {@code Provider} supports a
+     *         {@code CertificateFactorySpi} implementation for the
+     *         specified type
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final CertificateFactory getInstance(String type)
             throws CertificateException {
+        Objects.requireNonNull(type, "null type name");
         try {
             Instance instance = GetInstance.getInstance("CertificateFactory",
                 CertificateFactorySpi.class, type);
@@ -217,23 +219,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return a certificate factory object for the specified type.
+     * @return a certificate factory object for the specified type
      *
-     * @exception CertificateException if a CertificateFactorySpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws CertificateException if a {@code CertificateFactorySpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
      *
-     * @exception IllegalArgumentException if the provider name is null
-     *          or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final CertificateFactory getInstance(String type,
             String provider) throws CertificateException,
             NoSuchProviderException {
+        Objects.requireNonNull(type, "null type name");
         try {
             Instance instance = GetInstance.getInstance("CertificateFactory",
                 CertificateFactorySpi.class, type, provider);
@@ -260,14 +265,16 @@
      * for information about standard certificate types.
      * @param provider the provider.
      *
-     * @return a certificate factory object for the specified type.
+     * @return a certificate factory object for the specified type
      *
-     * @exception CertificateException if a CertificateFactorySpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws CertificateException if a {@code CertificateFactorySpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
      *
-     * @exception IllegalArgumentException if the {@code provider} is
-     *          null.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         {@code null}
+     *
+     * @throws NullPointerException if {@code type} is {@code null}
      *
      * @see java.security.Provider
      *
@@ -275,6 +282,7 @@
      */
     public static final CertificateFactory getInstance(String type,
             Provider provider) throws CertificateException {
+        Objects.requireNonNull(type, "null type name");
         try {
             Instance instance = GetInstance.getInstance("CertificateFactory",
                 CertificateFactorySpi.class, type, provider);
--- a/src/java.base/share/classes/java/time/chrono/HijrahDate.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/time/chrono/HijrahDate.java	Thu Dec 01 15:00:54 2016 -0500
@@ -368,7 +368,7 @@
         if (field instanceof ChronoField) {
             switch ((ChronoField) field) {
                 case DAY_OF_WEEK: return getDayOfWeek();
-                case ALIGNED_DAY_OF_WEEK_IN_MONTH: return ((getDayOfWeek() - 1) % 7) + 1;
+                case ALIGNED_DAY_OF_WEEK_IN_MONTH: return ((dayOfMonth - 1) % 7) + 1;
                 case ALIGNED_DAY_OF_WEEK_IN_YEAR: return ((getDayOfYear() - 1) % 7) + 1;
                 case DAY_OF_MONTH: return this.dayOfMonth;
                 case DAY_OF_YEAR: return this.getDayOfYear();
--- a/src/java.base/share/classes/java/time/format/DateTimeTextProvider.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/time/format/DateTimeTextProvider.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -349,25 +349,40 @@
 
         if (field == MONTH_OF_YEAR) {
             for (TextStyle textStyle : TextStyle.values()) {
-                Map<String, Integer> displayNames = CalendarDataUtility.retrieveJavaTimeFieldValueNames(
-                        "gregory", Calendar.MONTH, textStyle.toCalendarStyle(), locale);
                 Map<Long, String> map = new HashMap<>();
-                if (displayNames != null) {
-                    for (Entry<String, Integer> entry : displayNames.entrySet()) {
-                        map.put((long) (entry.getValue() + 1), entry.getKey());
-                    }
-
-                } else {
-                    // Narrow names may have duplicated names, such as "J" for January, Jun, July.
-                    // Get names one by one in that case.
+                // Narrow names may have duplicated names, such as "J" for January, June, July.
+                // Get names one by one in that case.
+                if ((textStyle.equals(TextStyle.NARROW) ||
+                        textStyle.equals(TextStyle.NARROW_STANDALONE))) {
                     for (int month = Calendar.JANUARY; month <= Calendar.DECEMBER; month++) {
                         String name;
                         name = CalendarDataUtility.retrieveJavaTimeFieldValueName(
-                                "gregory", Calendar.MONTH, month, textStyle.toCalendarStyle(), locale);
+                                "gregory", Calendar.MONTH,
+                                month, textStyle.toCalendarStyle(), locale);
                         if (name == null) {
                             break;
                         }
-                        map.put((long) (month + 1), name);
+                        map.put((month + 1L), name);
+                    }
+                } else {
+                    Map<String, Integer> displayNames = CalendarDataUtility.retrieveJavaTimeFieldValueNames(
+                            "gregory", Calendar.MONTH, textStyle.toCalendarStyle(), locale);
+                    if (displayNames != null) {
+                        for (Entry<String, Integer> entry : displayNames.entrySet()) {
+                            map.put((long)(entry.getValue() + 1), entry.getKey());
+                        }
+                    } else {
+                        // Although probability is very less, but if other styles have duplicate names.
+                        // Get names one by one in that case.
+                        for (int month = Calendar.JANUARY; month <= Calendar.DECEMBER; month++) {
+                            String name;
+                            name = CalendarDataUtility.retrieveJavaTimeFieldValueName(
+                                    "gregory", Calendar.MONTH, month, textStyle.toCalendarStyle(), locale);
+                            if (name == null) {
+                                break;
+                            }
+                            map.put((month + 1L), name);
+                        }
                     }
                 }
                 if (!map.isEmpty()) {
@@ -379,26 +394,41 @@
 
         if (field == DAY_OF_WEEK) {
             for (TextStyle textStyle : TextStyle.values()) {
-                Map<String, Integer> displayNames = CalendarDataUtility.retrieveJavaTimeFieldValueNames(
-                        "gregory", Calendar.DAY_OF_WEEK, textStyle.toCalendarStyle(), locale);
                 Map<Long, String> map = new HashMap<>();
-                if (displayNames != null) {
-                    for (Entry<String, Integer> entry : displayNames.entrySet()) {
-                        map.put((long)toWeekDay(entry.getValue()), entry.getKey());
-                    }
-
-                } else {
-                    // Narrow names may have duplicated names, such as "S" for Sunday and Saturday.
-                    // Get names one by one in that case.
+                // Narrow names may have duplicated names, such as "S" for Sunday and Saturday.
+                // Get names one by one in that case.
+                if ((textStyle.equals(TextStyle.NARROW) ||
+                        textStyle.equals(TextStyle.NARROW_STANDALONE))) {
                     for (int wday = Calendar.SUNDAY; wday <= Calendar.SATURDAY; wday++) {
                         String name;
                         name = CalendarDataUtility.retrieveJavaTimeFieldValueName(
-                            "gregory", Calendar.DAY_OF_WEEK, wday, textStyle.toCalendarStyle(), locale);
+                                "gregory", Calendar.DAY_OF_WEEK,
+                                wday, textStyle.toCalendarStyle(), locale);
                         if (name == null) {
                             break;
                         }
                         map.put((long)toWeekDay(wday), name);
                     }
+                } else {
+                    Map<String, Integer> displayNames = CalendarDataUtility.retrieveJavaTimeFieldValueNames(
+                            "gregory", Calendar.DAY_OF_WEEK, textStyle.toCalendarStyle(), locale);
+                    if (displayNames != null) {
+                        for (Entry<String, Integer> entry : displayNames.entrySet()) {
+                            map.put((long)toWeekDay(entry.getValue()), entry.getKey());
+                        }
+                    } else {
+                        // Although probability is very less, but if other styles have duplicate names.
+                        // Get names one by one in that case.
+                        for (int wday = Calendar.SUNDAY; wday <= Calendar.SATURDAY; wday++) {
+                            String name;
+                            name = CalendarDataUtility.retrieveJavaTimeFieldValueName(
+                                    "gregory", Calendar.DAY_OF_WEEK, wday, textStyle.toCalendarStyle(), locale);
+                            if (name == null) {
+                                break;
+                            }
+                            map.put((long)toWeekDay(wday), name);
+                        }
+                    }
                 }
                 if (!map.isEmpty()) {
                     styleMap.put(textStyle, map);
--- a/src/java.base/share/classes/java/util/ImmutableCollections.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/ImmutableCollections.java	Thu Dec 01 15:00:54 2016 -0500
@@ -53,7 +53,8 @@
      */
     static final int SALT;
     static {
-        SALT = new Random().nextInt();
+        long nt = System.nanoTime();
+        SALT = (int)((nt >>> 32) ^ nt);
     }
 
     /** No instances. */
@@ -63,7 +64,7 @@
      * The reciprocal of load factor. Given a number of elements
      * to store, multiply by this factor to get the table size.
      */
-    static final double EXPAND_FACTOR = 2.0;
+    static final int EXPAND_FACTOR = 2;
 
     static UnsupportedOperationException uoe() { return new UnsupportedOperationException(); }
 
@@ -84,7 +85,14 @@
     }
 
     static final class List0<E> extends AbstractImmutableList<E> {
-        List0() { }
+        private static final List0<?> INSTANCE = new List0<>();
+
+        @SuppressWarnings("unchecked")
+        static <T> List0<T> instance() {
+            return (List0<T>) INSTANCE;
+        }
+
+        private List0() { }
 
         @Override
         public int size() {
@@ -214,7 +222,14 @@
     }
 
     static final class Set0<E> extends AbstractImmutableSet<E> {
-        Set0() { }
+        private static final Set0<?> INSTANCE = new Set0<>();
+
+        @SuppressWarnings("unchecked")
+        static <T> Set0<T> instance() {
+            return (Set0<T>) INSTANCE;
+        }
+
+        private Set0() { }
 
         @Override
         public int size() {
@@ -351,7 +366,7 @@
         SetN(E... input) {
             size = input.length; // implicit nullcheck of input
 
-            elements = (E[])new Object[(int)Math.ceil(EXPAND_FACTOR * input.length)];
+            elements = (E[])new Object[EXPAND_FACTOR * input.length];
             for (int i = 0; i < input.length; i++) {
                 E e = Objects.requireNonNull(input[i]);
                 int idx = probe(e);
@@ -450,7 +465,14 @@
     }
 
     static final class Map0<K,V> extends AbstractImmutableMap<K,V> {
-        Map0() { }
+        private static final Map0<?,?> INSTANCE = new Map0<>();
+
+        @SuppressWarnings("unchecked")
+        static <K,V> Map0<K,V> instance() {
+            return (Map0<K,V>) INSTANCE;
+        }
+
+        private Map0() { }
 
         @Override
         public Set<Map.Entry<K,V>> entrySet() {
@@ -529,7 +551,7 @@
             }
             size = input.length >> 1;
 
-            int len = (int)Math.ceil(EXPAND_FACTOR * input.length);
+            int len = EXPAND_FACTOR * input.length;
             len = (len + 1) & ~1; // ensure table is even length
             table = new Object[len];
 
@@ -789,7 +811,7 @@
                     return Set.of(array);
                 case IMM_MAP:
                     if (array.length == 0) {
-                        return new ImmutableCollections.Map0<>();
+                        return ImmutableCollections.Map0.instance();
                     } else if (array.length == 2) {
                         return new ImmutableCollections.Map1<>(array[0], array[1]);
                     } else {
--- a/src/java.base/share/classes/java/util/List.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/List.java	Thu Dec 01 15:00:54 2016 -0500
@@ -786,7 +786,7 @@
      * @since 9
      */
     static <E> List<E> of() {
-        return new ImmutableCollections.List0<>();
+        return ImmutableCollections.List0.instance();
     }
 
     /**
@@ -1030,7 +1030,7 @@
         Objects.requireNonNull(elements);
         switch (elements.length) {
             case 0:
-                return new ImmutableCollections.List0<>();
+                return ImmutableCollections.List0.instance();
             case 1:
                 return new ImmutableCollections.List1<>(elements[0]);
             case 2:
--- a/src/java.base/share/classes/java/util/Map.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/Map.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1286,7 +1286,7 @@
      * @since 9
      */
     static <K, V> Map<K, V> of() {
-        return new ImmutableCollections.Map0<>();
+        return ImmutableCollections.Map0.instance();
     }
 
     /**
@@ -1604,7 +1604,7 @@
     static <K, V> Map<K, V> ofEntries(Entry<? extends K, ? extends V>... entries) {
         Objects.requireNonNull(entries);
         if (entries.length == 0) {
-            return new ImmutableCollections.Map0<>();
+            return ImmutableCollections.Map0.instance();
         } else if (entries.length == 1) {
             return new ImmutableCollections.Map1<>(entries[0].getKey(),
                                                    entries[0].getValue());
--- a/src/java.base/share/classes/java/util/PropertyResourceBundle.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/PropertyResourceBundle.java	Thu Dec 01 15:00:54 2016 -0500
@@ -63,7 +63,7 @@
  * files containing the resource data.  <code>ResourceBundle.getBundle</code>
  * will automatically look for the appropriate properties file and create a
  * <code>PropertyResourceBundle</code> that refers to it. See
- * {@link ResourceBundle#getBundle(java.lang.String, java.util.Locale, java.lang.ClassLoader) ResourceBundle.getBundle}
+ * {@link ResourceBundle#getBundle(String, Locale, ClassLoader) ResourceBundle.getBundle}
  * for a complete description of the search and instantiation strategy.
  *
  * <p>
@@ -105,19 +105,14 @@
  * </pre>
  * </blockquote>
  *
- * <p>
- * The implementation of a {@code PropertyResourceBundle} subclass must be
- * thread-safe if it's simultaneously used by multiple threads. The default
- * implementations of the non-abstract methods in this class are thread-safe.
- *
- * <p>
- * <strong>Note:</strong> PropertyResourceBundle can be constructed either
- * from an InputStream or a Reader, which represents a property file.
- * Constructing a PropertyResourceBundle instance from an InputStream requires
- * that the input stream be encoded in UTF-8. By default, if a
+ * @apiNote
+ * {@code PropertyResourceBundle} can be constructed either
+ * from an {@code InputStream} or a {@code Reader}, which represents a property file.
+ * Constructing a {@code PropertyResourceBundle} instance from an {@code InputStream}
+ * requires that the input stream be encoded in {@code UTF-8}. By default, if a
  * {@link java.nio.charset.MalformedInputException} or an
  * {@link java.nio.charset.UnmappableCharacterException} occurs on reading the
- * input stream, then the PropertyResourceBundle instance resets to the state
+ * input stream, then the {@code PropertyResourceBundle} instance resets to the state
  * before the exception, re-reads the input stream in {@code ISO-8859-1}, and
  * continues reading. If the system property
  * {@code java.util.PropertyResourceBundle.encoding} is set to either
@@ -126,8 +121,15 @@
  * If "ISO-8859-1" is specified, characters that cannot be represented in
  * ISO-8859-1 encoding must be represented by Unicode Escapes as defined in section
  * 3.3 of <cite>The Java&trade; Language Specification</cite>
- * whereas the other constructor which takes a Reader does not have that limitation.
+ * whereas the other constructor which takes a {@code Reader} does not have that limitation.
  * Other encoding values are ignored for this system property.
+ * The system property is read and evaluated when initializing this class.
+ * Changing or removing the property has no effect after the initialization.
+ *
+ * @implSpec
+ * The implementation of a {@code PropertyResourceBundle} subclass must be
+ * thread-safe if it's simultaneously used by multiple threads. The default
+ * implementations of the non-abstract methods in this class are thread-safe.
  *
  * @see ResourceBundle
  * @see ListResourceBundle
@@ -144,16 +146,18 @@
 
     /**
      * Creates a property resource bundle from an {@link java.io.InputStream
-    * InputStream}. This constructor reads the property file in UTF-8 by default.
-    * If a {@link java.nio.charset.MalformedInputException} or an
-    * {@link java.nio.charset.UnmappableCharacterException} occurs on reading the
-    * input stream, then the PropertyResourceBundle instance resets to the state
-    * before the exception, re-reads the input stream in {@code ISO-8859-1} and
-    * continues reading. If the system property
-    * {@code java.util.PropertyResourceBundle.encoding} is set to either
-    * "ISO-8859-1" or "UTF-8", the input stream is solely read in that encoding,
-    * and throws the exception if it encounters an invalid sequence. Other
-    * encoding values are ignored for this system property.
+     * InputStream}. This constructor reads the property file in UTF-8 by default.
+     * If a {@link java.nio.charset.MalformedInputException} or an
+     * {@link java.nio.charset.UnmappableCharacterException} occurs on reading the
+     * input stream, then the PropertyResourceBundle instance resets to the state
+     * before the exception, re-reads the input stream in {@code ISO-8859-1} and
+     * continues reading. If the system property
+     * {@code java.util.PropertyResourceBundle.encoding} is set to either
+     * "ISO-8859-1" or "UTF-8", the input stream is solely read in that encoding,
+     * and throws the exception if it encounters an invalid sequence. Other
+     * encoding values are ignored for this system property.
+     * The system property is read and evaluated when initializing this class.
+     * Changing or removing the property has no effect after the initialization.
      *
      * @param stream an InputStream that represents a property file
      *        to read from.
--- a/src/java.base/share/classes/java/util/Scanner.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/Scanner.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1267,6 +1267,9 @@
     // The next operation should occur in the specified radix but
     // the default is left untouched.
     private void setRadix(int radix) {
+        if ((radix < Character.MIN_RADIX) || (radix > Character.MAX_RADIX))
+            throw new IllegalArgumentException("radix:"+radix);
+
         if (this.radix != radix) {
             // Force rebuilding and recompilation of radix dependent patterns
             integerPattern = null;
@@ -1811,10 +1814,15 @@
      * interpreted as a byte value in the specified radix using the
      * {@link #nextByte} method. The scanner does not advance past any input.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as a byte value
      * @return true if and only if this scanner's next token is a valid
      *         byte value
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public boolean hasNextByte(int radix) {
         setRadix(radix);
@@ -1869,6 +1877,10 @@
      * {@link Byte#parseByte(String, int) Byte.parseByte} with the
      * specified radix.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as a byte value
      * @return the {@code byte} scanned from the input
      * @throws InputMismatchException
@@ -1876,6 +1888,7 @@
      *         regular expression, or is out of range
      * @throws NoSuchElementException if input is exhausted
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public byte nextByte(int radix) {
         // Check cached result
@@ -1917,10 +1930,15 @@
      * interpreted as a short value in the specified radix using the
      * {@link #nextShort} method. The scanner does not advance past any input.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as a short value
      * @return true if and only if this scanner's next token is a valid
      *         short value in the specified radix
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public boolean hasNextShort(int radix) {
         setRadix(radix);
@@ -1975,6 +1993,10 @@
      * {@link Short#parseShort(String, int) Short.parseShort} with the
      * specified radix.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as a short value
      * @return the {@code short} scanned from the input
      * @throws InputMismatchException
@@ -1982,6 +2004,7 @@
      *         regular expression, or is out of range
      * @throws NoSuchElementException if input is exhausted
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public short nextShort(int radix) {
         // Check cached result
@@ -2023,10 +2046,15 @@
      * interpreted as an int value in the specified radix using the
      * {@link #nextInt} method. The scanner does not advance past any input.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as an int value
      * @return true if and only if this scanner's next token is a valid
      *         int value
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public boolean hasNextInt(int radix) {
         setRadix(radix);
@@ -2105,6 +2133,10 @@
      * {@link Integer#parseInt(String, int) Integer.parseInt} with the
      * specified radix.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as an int value
      * @return the {@code int} scanned from the input
      * @throws InputMismatchException
@@ -2112,6 +2144,7 @@
      *         regular expression, or is out of range
      * @throws NoSuchElementException if input is exhausted
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public int nextInt(int radix) {
         // Check cached result
@@ -2153,10 +2186,15 @@
      * interpreted as a long value in the specified radix using the
      * {@link #nextLong} method. The scanner does not advance past any input.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as a long value
      * @return true if and only if this scanner's next token is a valid
      *         long value
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public boolean hasNextLong(int radix) {
         setRadix(radix);
@@ -2211,6 +2249,10 @@
      * {@link Long#parseLong(String, int) Long.parseLong} with the
      * specified radix.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as an int value
      * @return the {@code long} scanned from the input
      * @throws InputMismatchException
@@ -2218,6 +2260,7 @@
      *         regular expression, or is out of range
      * @throws NoSuchElementException if input is exhausted
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public long nextLong(int radix) {
         // Check cached result
@@ -2450,10 +2493,15 @@
      * the {@link #nextBigInteger} method. The scanner does not advance past
      * any input.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token as an integer
      * @return true if and only if this scanner's next token is a valid
      *         {@code BigInteger}
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public boolean hasNextBigInteger(int radix) {
         setRadix(radix);
@@ -2504,6 +2552,10 @@
      * java.math.BigInteger#BigInteger(java.lang.String)
      * BigInteger(String, int)} constructor with the specified radix.
      *
+     * <p>If the radix is less than {@link Character#MIN_RADIX Character.MIN_RADIX}
+     * or greater than {@link Character#MAX_RADIX Character.MAX_RADIX}, then an
+     * {@code IllegalArgumentException} is thrown.
+     *
      * @param radix the radix used to interpret the token
      * @return the {@code BigInteger} scanned from the input
      * @throws InputMismatchException
@@ -2511,6 +2563,7 @@
      *         regular expression, or is out of range
      * @throws NoSuchElementException if the input is exhausted
      * @throws IllegalStateException if this scanner is closed
+     * @throws IllegalArgumentException if the radix is out of range
      */
     public BigInteger nextBigInteger(int radix) {
         // Check cached result
--- a/src/java.base/share/classes/java/util/Set.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/Set.java	Thu Dec 01 15:00:54 2016 -0500
@@ -448,7 +448,7 @@
      * @since 9
      */
     static <E> Set<E> of() {
-        return new ImmutableCollections.Set0<>();
+        return ImmutableCollections.Set0.instance();
     }
 
     /**
@@ -692,7 +692,7 @@
         Objects.requireNonNull(elements);
         switch (elements.length) {
             case 0:
-                return new ImmutableCollections.Set0<>();
+                return ImmutableCollections.Set0.instance();
             case 1:
                 return new ImmutableCollections.Set1<>(elements[0]);
             case 2:
--- a/src/java.base/share/classes/java/util/jar/JarFile.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/jar/JarFile.java	Thu Dec 01 15:00:54 2016 -0500
@@ -192,9 +192,10 @@
     public static final String MANIFEST_NAME = META_INF + "MANIFEST.MF";
 
     /**
-     * The version that represents the unversioned configuration of a multi-release jar file.
+     * Returns the version that represents the unversioned configuration of a
+     * multi-release jar file.
      *
-     * @return Runtime.Version that represents the unversioned configuration
+     * @return the version that represents the unversioned configuration
      *
      * @since 9
      */
@@ -203,13 +204,16 @@
     }
 
     /**
-     * The version that represents the effective runtime versioned configuration of a
-     * multi-release jar file.  In most cases, {@code runtimeVersion()} is equal to
-     * {@code Runtime.version()}.  However, if the {@code jdk.util.jar.version} property is set,
-     * {@code runtimeVersion()} is derived from that property and may not be equal to
-     * {@code Runtime.version()}.
+     * Returns the version that represents the effective runtime versioned
+     * configuration of a multi-release jar file.
+     * <p>
+     * By default the major version number of the returned {@code Version} will
+     * be equal to the major version number of {@code Runtime.version()}.
+     * However, if the {@code jdk.util.jar.version} property is set, the
+     * returned {@code Version} is derived from that property and major version
+     * numbers may not be equal.
      *
-     * @return Runtime.Version that represents the runtime versioned configuration
+     * @return the version that represents the runtime versioned configuration
      *
      * @since 9
      */
@@ -335,6 +339,10 @@
 
     /**
      * Returns the maximum version used when searching for versioned entries.
+     * <p>
+     * If this {@code JarFile} is not a multi-release jar file or is not
+     * configured to be processed as such, then the version returned will be the
+     * same as that returned from {@link #baseVersion()}.
      *
      * @return the maximum version
      * @since 9
--- a/src/java.base/share/classes/java/util/stream/Collectors.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/java/util/stream/Collectors.java	Thu Dec 01 15:00:54 2016 -0500
@@ -508,7 +508,7 @@
      * transformation.  For example, one could adapt the {@link #toList()}
      * collector to always produce an immutable list with:
      * <pre>{@code
-     *     List<String> people
+     *     List<String> list
      *         = people.stream().collect(collectingAndThen(toList(), Collections::unmodifiableList));
      * }</pre>
      *
--- a/src/java.base/share/classes/javax/crypto/Cipher.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/crypto/Cipher.java	Thu Dec 01 15:00:54 2016 -0500
@@ -493,21 +493,24 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard transformation names.
      *
-     * @return a cipher that implements the requested transformation.
+     * @return a cipher that implements the requested transformation
      *
-     * @exception NoSuchAlgorithmException if {@code transformation}
-     *          is null, empty, in an invalid format,
-     *          or if no Provider supports a CipherSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if {@code transformation}
+     *         is {@code null}, empty, in an invalid format,
+     *         or if no {@code Provider} supports a {@code CipherSpi}
+     *         implementation for the specified algorithm
      *
-     * @exception NoSuchPaddingException if {@code transformation}
-     *          contains a padding scheme that is not available.
+     * @throws NoSuchPaddingException if {@code transformation}
+     *         contains a padding scheme that is not available
      *
      * @see java.security.Provider
      */
     public static final Cipher getInstance(String transformation)
             throws NoSuchAlgorithmException, NoSuchPaddingException
     {
+        if ((transformation == null) || transformation.equals("")) {
+            throw new NoSuchAlgorithmException("Null or empty transformation");
+        }
         List<Transform> transforms = getTransforms(transformation);
         List<ServiceId> cipherServices = new ArrayList<>(transforms.size());
         for (Transform transform : transforms) {
@@ -570,21 +573,22 @@
      *
      * @param provider the name of the provider.
      *
-     * @return a cipher that implements the requested transformation.
+     * @return a cipher that implements the requested transformation
      *
-     * @exception NoSuchAlgorithmException if {@code transformation}
-     *          is null, empty, in an invalid format,
-     *          or if a CipherSpi implementation for the specified algorithm
-     *          is not available from the specified provider.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null} or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if {@code transformation}
+     *         is {@code null}, empty, in an invalid format,
+     *         or if a {@code CipherSpi} implementation for the
+     *         specified algorithm is not available from the specified
+     *         provider
      *
-     * @exception NoSuchPaddingException if {@code transformation}
-     *          contains a padding scheme that is not available.
+     * @throws NoSuchPaddingException if {@code transformation}
+     *         contains a padding scheme that is not available
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
      *
      * @see java.security.Provider
      */
@@ -593,6 +597,9 @@
             throws NoSuchAlgorithmException, NoSuchProviderException,
             NoSuchPaddingException
     {
+        if ((transformation == null) || transformation.equals("")) {
+            throw new NoSuchAlgorithmException("Null or empty transformation");
+        }
         if ((provider == null) || (provider.length() == 0)) {
             throw new IllegalArgumentException("Missing provider");
         }
@@ -622,18 +629,19 @@
      *
      * @param provider the provider.
      *
-     * @return a cipher that implements the requested transformation.
+     * @return a cipher that implements the requested transformation
      *
-     * @exception NoSuchAlgorithmException if {@code transformation}
-     *          is null, empty, in an invalid format,
-     *          or if a CipherSpi implementation for the specified algorithm
-     *          is not available from the specified Provider object.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null}
      *
-     * @exception NoSuchPaddingException if {@code transformation}
-     *          contains a padding scheme that is not available.
+     * @throws NoSuchAlgorithmException if {@code transformation}
+     *         is {@code null}, empty, in an invalid format,
+     *         or if a {@code CipherSpi} implementation for the
+     *         specified algorithm is not available from the specified
+     *         {@code Provider} object
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null.
+     * @throws NoSuchPaddingException if {@code transformation}
+     *         contains a padding scheme that is not available
      *
      * @see java.security.Provider
      */
@@ -641,6 +649,9 @@
                                            Provider provider)
             throws NoSuchAlgorithmException, NoSuchPaddingException
     {
+        if ((transformation == null) || transformation.equals("")) {
+            throw new NoSuchAlgorithmException("Null or empty transformation");
+        }
         if (provider == null) {
             throw new IllegalArgumentException("Missing provider");
         }
--- a/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/crypto/ExemptionMechanism.java	Thu Dec 01 15:00:54 2016 -0500
@@ -34,6 +34,7 @@
 import java.security.InvalidKeyException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Objects;
 
 import sun.security.jca.GetInstance.Instance;
 
@@ -128,19 +129,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard exemption mechanism names.
      *
-     * @return the new <code>ExemptionMechanism</code> object.
+     * @return the new {@code ExemptionMechanism} object
      *
-     * @exception NullPointerException if <code>algorithm</code>
-     *          is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports an
+     *         {@code ExemptionMechanismSpi} implementation for the
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if no Provider supports an
-     *          ExemptionMechanismSpi implementation for the
-     *          specified algorithm.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final ExemptionMechanism getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance("ExemptionMechanism",
                 ExemptionMechanismSpi.class, algorithm);
         return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,
@@ -169,26 +170,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new <code>ExemptionMechanism</code> object.
+     * @return the new {@code ExemptionMechanism} object
      *
-     * @exception NullPointerException if <code>algorithm</code>
-     *          is null.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null} or empty
      *
-     * @exception NoSuchAlgorithmException if an ExemptionMechanismSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws NoSuchAlgorithmException if an {@code ExemptionMechanismSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
-     *          is null or empty.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final ExemptionMechanism getInstance(String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance("ExemptionMechanism",
                 ExemptionMechanismSpi.class, algorithm, provider);
         return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,
@@ -213,22 +214,22 @@
      *
      * @param provider the provider.
      *
-     * @return the new <code>ExemptionMechanism</code> object.
+     * @return the new {@code ExemptionMechanism} object
      *
-     * @exception NullPointerException if <code>algorithm</code>
-     *          is null.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is null
      *
-     * @exception NoSuchAlgorithmException if an ExemptionMechanismSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws NoSuchAlgorithmException if an {@code ExemptionMechanismSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider object}
      *
-     * @exception IllegalArgumentException if the <code>provider</code>
-     *          is null.
+     * @exception NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final ExemptionMechanism getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance("ExemptionMechanism",
                 ExemptionMechanismSpi.class, algorithm, provider);
         return new ExemptionMechanism((ExemptionMechanismSpi)instance.impl,
--- a/src/java.base/share/classes/javax/crypto/KeyAgreement.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/crypto/KeyAgreement.java	Thu Dec 01 15:00:54 2016 -0500
@@ -165,19 +165,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new {@code KeyAgreement} object.
+     * @return the new {@code KeyAgreement} object
      *
-     * @exception NullPointerException if the specified algorithm
-     *          is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code KeyAgreementSpi} implementation for the
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          KeyAgreementSpi implementation for the
-     *          specified algorithm.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyAgreement getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         List<Service> services =
                 GetInstance.getServices("KeyAgreement", algorithm);
         // make sure there is at least one service from a signed provider
@@ -214,26 +214,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new {@code KeyAgreement} object.
+     * @return the new {@code KeyAgreement} object
      *
-     * @exception NullPointerException if the specified algorithm
-     *          is null.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null} or empty
      *
-     * @exception NoSuchAlgorithmException if a KeyAgreementSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws NoSuchAlgorithmException if a {@code KeyAgreementSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null or empty.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyAgreement getInstance(String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance
                 ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider);
         return new KeyAgreement((KeyAgreementSpi)instance.impl,
@@ -258,22 +258,22 @@
      *
      * @param provider the provider.
      *
-     * @return the new {@code KeyAgreement} object.
+     * @return the new {@code KeyAgreement} object
      *
-     * @exception NullPointerException if the specified algorithm
-     *          is null.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null}
      *
-     * @exception NoSuchAlgorithmException if a KeyAgreementSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws NoSuchAlgorithmException if a {@code KeyAgreementSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified Provider object
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyAgreement getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance
                 ("KeyAgreement", KeyAgreementSpi.class, algorithm, provider);
         return new KeyAgreement((KeyAgreementSpi)instance.impl,
--- a/src/java.base/share/classes/javax/crypto/KeyGenerator.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/crypto/KeyGenerator.java	Thu Dec 01 15:00:54 2016 -0500
@@ -216,18 +216,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new {@code KeyGenerator} object.
+     * @return the new {@code KeyGenerator} object
      *
-     * @exception NullPointerException if the specified algorithm is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code KeyGeneratorSpi} implementation for the
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          KeyGeneratorSpi implementation for the
-     *          specified algorithm.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyGenerator getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         return new KeyGenerator(algorithm);
     }
 
@@ -251,25 +252,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new {@code KeyGenerator} object.
+     * @return the new {@code KeyGenerator} object
      *
-     * @exception NullPointerException if the specified algorithm is null.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null} or empty
      *
-     * @exception NoSuchAlgorithmException if a KeyGeneratorSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws NoSuchAlgorithmException if a {@code KeyGeneratorSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null or empty.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyGenerator getInstance(String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance("KeyGenerator",
                 KeyGeneratorSpi.class, algorithm, provider);
         return new KeyGenerator((KeyGeneratorSpi)instance.impl,
@@ -293,21 +295,22 @@
      *
      * @param provider the provider.
      *
-     * @return the new {@code KeyGenerator} object.
+     * @return the new {@code KeyGenerator} object
      *
-     * @exception NullPointerException if the specified algorithm is null.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null}
      *
-     * @exception NoSuchAlgorithmException if a KeyGeneratorSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws NoSuchAlgorithmException if a {@code KeyGeneratorSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyGenerator getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance("KeyGenerator",
                 KeyGeneratorSpi.class, algorithm, provider);
         return new KeyGenerator((KeyGeneratorSpi)instance.impl,
--- a/src/java.base/share/classes/javax/crypto/Mac.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/crypto/Mac.java	Thu Dec 01 15:00:54 2016 -0500
@@ -166,16 +166,18 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new {@code Mac} object.
+     * @return the new {@code Mac} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          MacSpi implementation for the
-     *          specified algorithm.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code MacSpi} implementation for the specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final Mac getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         List<Service> services = GetInstance.getServices("Mac", algorithm);
         // make sure there is at least one service from a signed provider
         Iterator<Service> t = services.iterator();
@@ -210,22 +212,25 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new {@code Mac} object.
+     * @return the new {@code Mac} object
      *
-     * @exception NoSuchAlgorithmException if a MacSpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null} or empty
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NoSuchAlgorithmException if a {@code MacSpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null or empty.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final Mac getInstance(String algorithm, String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance
                 ("Mac", MacSpi.class, algorithm, provider);
         return new Mac((MacSpi)instance.impl, instance.provider, algorithm);
@@ -248,19 +253,22 @@
      *
      * @param provider the provider.
      *
-     * @return the new {@code Mac} object.
+     * @return the new {@code Mac} object
      *
-     * @exception NoSuchAlgorithmException if a MacSpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the {@code provider} is
+     *         {@code null}
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null.
+     * @throws NoSuchAlgorithmException if a {@code MacSpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final Mac getInstance(String algorithm, Provider provider)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance
                 ("Mac", MacSpi.class, algorithm, provider);
         return new Mac((MacSpi)instance.impl, instance.provider, algorithm);
--- a/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/crypto/SecretKeyFactory.java	Thu Dec 01 15:00:54 2016 -0500
@@ -152,19 +152,19 @@
      * Java Cryptography Architecture Standard Algorithm Name Documentation</a>
      * for information about standard algorithm names.
      *
-     * @return the new {@code SecretKeyFactory} object.
+     * @return the new {@code SecretKeyFactory} object
      *
-     * @exception NullPointerException if the specified algorithm
-     *          is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code SecretKeyFactorySpi} implementation for the
+     *         specified algorithm
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          SecretKeyFactorySpi implementation for the
-     *          specified algorithm.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final SecretKeyFactory getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         return new SecretKeyFactory(algorithm);
     }
 
@@ -189,26 +189,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new {@code SecretKeyFactory} object.
+     * @return the new {@code SecretKeyFactory} object
      *
-     * @exception NoSuchAlgorithmException if a SecretKeyFactorySpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null} or empty
      *
-     * @exception NullPointerException if the specified algorithm
-     *          is null.
+     * @throws NoSuchAlgorithmException if a {@code SecretKeyFactorySpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null or empty.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final SecretKeyFactory getInstance(String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance("SecretKeyFactory",
                 SecretKeyFactorySpi.class, algorithm, provider);
         return new SecretKeyFactory((SecretKeyFactorySpi)instance.impl,
@@ -233,22 +233,22 @@
      *
      * @param provider the provider.
      *
-     * @return the new {@code SecretKeyFactory} object.
+     * @return the new {@code SecretKeyFactory} object
      *
-     * @exception NullPointerException if the specified algorithm
-     * is null.
+     * @throws IllegalArgumentException if the {@code provider}
+     *         is {@code null}
      *
-     * @exception NoSuchAlgorithmException if a SecretKeyFactorySpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws NoSuchAlgorithmException if a {@code SecretKeyFactorySpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
      *
-     * @exception IllegalArgumentException if the {@code provider}
-     *          is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final SecretKeyFactory getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         Instance instance = JceSecurity.getInstance("SecretKeyFactory",
                 SecretKeyFactorySpi.class, algorithm, provider);
         return new SecretKeyFactory((SecretKeyFactorySpi)instance.impl,
--- a/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/net/ssl/KeyManagerFactory.java	Thu Dec 01 15:00:54 2016 -0500
@@ -27,6 +27,7 @@
 
 import java.security.Security;
 import java.security.*;
+import java.util.Objects;
 
 import sun.security.jca.GetInstance;
 
@@ -130,17 +131,19 @@
      *          Java Secure Socket Extension Reference Guide </a>
      *          for information about standard algorithm names.
      *
-     * @return the new <code>KeyManagerFactory</code> object.
+     * @return the new {@code KeyManagerFactory} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          KeyManagerFactorySpi implementation for the
-     *          specified algorithm.
-     * @exception NullPointerException if <code>algorithm</code> is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code KeyManagerFactorySpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyManagerFactory getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("KeyManagerFactory", KeyManagerFactorySpi.class,
                 algorithm);
@@ -168,23 +171,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new <code>KeyManagerFactory</code> object.
+     * @return the new {@code KeyManagerFactory} object
      *
-     * @throws NoSuchAlgorithmException if a KeyManagerFactorySpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is {@code null}
+     *         or empty
+     *
+     * @throws NoSuchAlgorithmException if a {@code KeyManagerFactorySpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @throws IllegalArgumentException if the provider name is null or empty.
-     * @throws NullPointerException if <code>algorithm</code> is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyManagerFactory getInstance(String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("KeyManagerFactory", KeyManagerFactorySpi.class,
                 algorithm, provider);
@@ -209,19 +215,21 @@
      *
      * @param provider an instance of the provider.
      *
-     * @return the new <code>KeyManagerFactory</code> object.
+     * @return the new {@code KeyManagerFactory} object
      *
-     * @throws NoSuchAlgorithmException if a KeyManagerFactorySpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if provider is {@code null}
      *
-     * @throws IllegalArgumentException if provider is null.
-     * @throws NullPointerException if <code>algorithm</code> is null.
+     * @throws NoSuchAlgorithmException if a {@code @KeyManagerFactorySpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified Provider object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final KeyManagerFactory getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("KeyManagerFactory", KeyManagerFactorySpi.class,
                 algorithm, provider);
--- a/src/java.base/share/classes/javax/net/ssl/SSLContext.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/net/ssl/SSLContext.java	Thu Dec 01 15:00:54 2016 -0500
@@ -26,6 +26,7 @@
 package javax.net.ssl;
 
 import java.security.*;
+import java.util.Objects;
 
 import sun.security.jca.GetInstance;
 
@@ -151,17 +152,19 @@
      *          Documentation</a>
      *          for information about standard protocol names.
      *
-     * @return the new {@code SSLContext} object.
+     * @return the new {@code SSLContext} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          SSLContextSpi implementation for the
-     *          specified protocol.
-     * @exception NullPointerException if protocol is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code SSLContextSpi} implementation for the
+     *         specified protocol
+     *
+     * @throws NullPointerException if {@code protocol} is {@code null}
      *
      * @see java.security.Provider
      */
     public static SSLContext getInstance(String protocol)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(protocol, "null protocol name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("SSLContext", SSLContextSpi.class, protocol);
         return new SSLContext((SSLContextSpi)instance.impl, instance.provider,
@@ -189,22 +192,25 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new {@code SSLContext} object.
+     * @return the new {@code SSLContext} object
      *
-     * @throws NoSuchAlgorithmException if a SSLContextSpi
-     *          implementation for the specified protocol is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is
+     *         {@code null} or empty
+     *
+     * @throws NoSuchAlgorithmException if a {@code SSLContextSpi}
+     *         implementation for the specified protocol is not
+     *         available from the specified provider
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @throws IllegalArgumentException if the provider name is null or empty.
-     * @throws NullPointerException if protocol is null.
+     * @throws NullPointerException if {@code protocol} is {@code null}
      *
      * @see java.security.Provider
      */
     public static SSLContext getInstance(String protocol, String provider)
             throws NoSuchAlgorithmException, NoSuchProviderException {
+        Objects.requireNonNull(protocol, "null protocol name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("SSLContext", SSLContextSpi.class, protocol, provider);
         return new SSLContext((SSLContextSpi)instance.impl, instance.provider,
@@ -229,19 +235,21 @@
      *
      * @param provider an instance of the provider.
      *
-     * @return the new {@code SSLContext} object.
+     * @return the new {@code SSLContext} object
      *
-     * @throws NoSuchAlgorithmException if a SSLContextSpi
-     *          implementation for the specified protocol is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the provider is {@code null}
      *
-     * @throws IllegalArgumentException if the provider is null.
-     * @throws NullPointerException if protocol is null.
+     * @throws NoSuchAlgorithmException if a {@code SSLContextSpi}
+     *         implementation for the specified protocol is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code protocol} is {@code null}
      *
      * @see java.security.Provider
      */
     public static SSLContext getInstance(String protocol, Provider provider)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(protocol, "null protocol name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("SSLContext", SSLContextSpi.class, protocol, provider);
         return new SSLContext((SSLContextSpi)instance.impl, instance.provider,
--- a/src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/net/ssl/TrustManagerFactory.java	Thu Dec 01 15:00:54 2016 -0500
@@ -27,6 +27,7 @@
 
 import java.security.Security;
 import java.security.*;
+import java.util.Objects;
 
 import sun.security.jca.GetInstance;
 
@@ -144,17 +145,19 @@
      *          Java Secure Socket Extension Reference Guide </a>
      *          for information about standard algorithm names.
      *
-     * @return the new <code>TrustManagerFactory</code> object.
+     * @return the new {@code TrustManagerFactory} object
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          TrustManagerFactorySpi implementation for the
-     *          specified algorithm.
-     * @exception NullPointerException if algorithm is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code TrustManagerFactorySpi} implementation for the
+     *         specified algorithm
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final TrustManagerFactory getInstance(String algorithm)
             throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
                 algorithm);
@@ -182,23 +185,26 @@
      *
      * @param provider the name of the provider.
      *
-     * @return the new <code>TrustManagerFactory</code> object
+     * @return the new {@code TrustManagerFactory} object
      *
-     * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
-     *          implementation for the specified algorithm is not
-     *          available from the specified provider.
+     * @throws IllegalArgumentException if the provider name is
+     *         {@code null} or empty
+     *
+     * @throws NoSuchAlgorithmException if a {@code TrustManagerFactorySpi}
+     *         implementation for the specified algorithm is not
+     *         available from the specified provider
      *
      * @throws NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     *         registered in the security provider list
      *
-     * @throws IllegalArgumentException if the provider name is null or empty.
-     * @throws NullPointerException if algorithm is null.
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final TrustManagerFactory getInstance(String algorithm,
             String provider) throws NoSuchAlgorithmException,
             NoSuchProviderException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
                 algorithm, provider);
@@ -223,19 +229,21 @@
      *
      * @param provider an instance of the provider.
      *
-     * @return the new <code>TrustManagerFactory</code> object.
+     * @return the new {@code TrustManagerFactory} object
      *
-     * @throws NoSuchAlgorithmException if a TrustManagerFactorySpi
-     *          implementation for the specified algorithm is not available
-     *          from the specified Provider object.
+     * @throws IllegalArgumentException if the provider is {@code null}
      *
-     * @throws IllegalArgumentException if the provider is null.
-     * @throws NullPointerException if algorithm is null.
+     * @throws NoSuchAlgorithmException if a {@code TrustManagerFactorySpi}
+     *         implementation for the specified algorithm is not available
+     *         from the specified {@code Provider} object
+     *
+     * @throws NullPointerException if {@code algorithm} is {@code null}
      *
      * @see java.security.Provider
      */
     public static final TrustManagerFactory getInstance(String algorithm,
             Provider provider) throws NoSuchAlgorithmException {
+        Objects.requireNonNull(algorithm, "null algorithm name");
         GetInstance.Instance instance = GetInstance.getInstance
                 ("TrustManagerFactory", TrustManagerFactorySpi.class,
                 algorithm, provider);
--- a/src/java.base/share/classes/javax/security/auth/login/Configuration.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/javax/security/auth/login/Configuration.java	Thu Dec 01 15:00:54 2016 -0500
@@ -329,27 +329,29 @@
      *
      * @param params parameters for the Configuration, which may be null.
      *
-     * @return the new Configuration object.
+     * @return the new {@code Configuration} object
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get a Configuration instance for the specified type.
+     * @throws IllegalArgumentException if the specified parameters
+     *         are not understood by the {@code ConfigurationSpi}
+     *         implementation from the selected {@code Provider}
      *
-     * @exception NullPointerException if the specified type is null.
+     * @throws NoSuchAlgorithmException if no {@code Provider} supports a
+     *         {@code ConfigurationSpi} implementation for the specified type
      *
-     * @exception IllegalArgumentException if the specified parameters
-     *          are not understood by the ConfigurationSpi implementation
-     *          from the selected Provider.
+     * @throws NullPointerException if {@code type} is {@code null}
      *
-     * @exception NoSuchAlgorithmException if no Provider supports a
-     *          ConfigurationSpi implementation for the specified type.
+     * @throws SecurityException if the caller does not have permission
+     *         to get a {@code Configuration} instance for the specified type
      *
      * @see Provider
+     *
      * @since 1.6
      */
     public static Configuration getInstance(String type,
                                 Configuration.Parameters params)
                 throws NoSuchAlgorithmException {
 
+        Objects.requireNonNull(type, "null type name");
         checkPermission(type);
         try {
             GetInstance.Instance instance = GetInstance.getInstance
@@ -387,24 +389,24 @@
      *
      * @param provider the provider.
      *
-     * @return the new Configuration object.
+     * @return the new {@code Configuration} object
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get a Configuration instance for the specified type.
+     * @throws IllegalArgumentException if the specified provider
+     *         is {@code null} or empty, or if the specified parameters
+     *         are not understood by the {@code ConfigurationSpi}
+     *         implementation from the specified provider
      *
-     * @exception NullPointerException if the specified type is null.
+     * @throws NoSuchProviderException if the specified provider is not
+     *         registered in the security provider list
      *
-     * @exception IllegalArgumentException if the specified provider
-     *          is null or empty,
-     *          or if the specified parameters are not understood by
-     *          the ConfigurationSpi implementation from the specified provider.
+     * @throws NoSuchAlgorithmException if the specified provider does not
+     *         support a {@code ConfigurationSpi} implementation for the
+     *         specified type
      *
-     * @exception NoSuchProviderException if the specified provider is not
-     *          registered in the security provider list.
+     * @throws NullPointerException if {@code type} is {@code null}
      *
-     * @exception NoSuchAlgorithmException if the specified provider does not
-     *          support a ConfigurationSpi implementation for the specified
-     *          type.
+     * @throws SecurityException if the caller does not have permission
+     *         to get a {@code Configuration} instance for the specified type
      *
      * @see Provider
      * @since 1.6
@@ -414,6 +416,7 @@
                                 String provider)
                 throws NoSuchProviderException, NoSuchAlgorithmException {
 
+        Objects.requireNonNull(type, "null type name");
         if (provider == null || provider.length() == 0) {
             throw new IllegalArgumentException("missing provider");
         }
@@ -453,20 +456,21 @@
      *
      * @param provider the Provider.
      *
-     * @return the new Configuration object.
+     * @return the new {@code Configuration} object
      *
-     * @exception SecurityException if the caller does not have permission
-     *          to get a Configuration instance for the specified type.
+     * @throws IllegalArgumentException if the specified {@code Provider}
+     *         is {@code null}, or if the specified parameters are not
+     *         understood by the {@code ConfigurationSpi} implementation
+     *         from the specified Provider
      *
-     * @exception NullPointerException if the specified type is null.
+     * @throws NoSuchAlgorithmException if the specified {@code Provider}
+     *         does not support a {@code ConfigurationSpi} implementation
+     *         for the specified type
      *
-     * @exception IllegalArgumentException if the specified Provider is null,
-     *          or if the specified parameters are not understood by
-     *          the ConfigurationSpi implementation from the specified Provider.
+     * @throws NullPointerException if {@code type} is {@code null}
      *
-     * @exception NoSuchAlgorithmException if the specified Provider does not
-     *          support a ConfigurationSpi implementation for the specified
-     *          type.
+     * @throws SecurityException if the caller does not have permission
+     *         to get a {@code Configuration} instance for the specified type
      *
      * @see Provider
      * @since 1.6
@@ -476,6 +480,7 @@
                                 Provider provider)
                 throws NoSuchAlgorithmException {
 
+        Objects.requireNonNull(type, "null type name");
         if (provider == null) {
             throw new IllegalArgumentException("missing provider");
         }
--- a/src/java.base/share/classes/jdk/internal/jmod/JmodFile.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/jmod/JmodFile.java	Thu Dec 01 15:00:54 2016 -0500
@@ -176,6 +176,16 @@
     }
 
     /**
+     * Returns the {@code Entry} for a resource in a JMOD file section
+     * or {@code null} if not found.
+     */
+    public Entry getEntry(Section section, String name) {
+        String entry = section.jmodDir() + "/" + name;
+        ZipEntry ze = zipfile.getEntry(entry);
+        return (ze != null) ? new Entry(ze) : null;
+    }
+
+    /**
      * Opens an {@code InputStream} for reading the named entry of the given
      * section in this jmod file.
      *
@@ -185,7 +195,6 @@
     public InputStream getInputStream(Section section, String name)
         throws IOException
     {
-
         String entry = section.jmodDir() + "/" + name;
         ZipEntry e = zipfile.getEntry(entry);
         if (e == null) {
@@ -195,6 +204,15 @@
     }
 
     /**
+     * Opens an {@code InputStream} for reading an entry in the JMOD file.
+     *
+     * @throws IOException if an I/O error occurs
+     */
+    public InputStream getInputStream(Entry entry) throws IOException {
+        return zipfile.getInputStream(entry.zipEntry());
+    }
+
+    /**
      * Returns a stream of non-directory entries in this jmod file.
      */
     public Stream<Entry> stream() {
--- a/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/loader/BuiltinClassLoader.java	Thu Dec 01 15:00:54 2016 -0500
@@ -53,6 +53,7 @@
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.jar.Attributes;
 import java.util.jar.Manifest;
+import java.util.stream.Stream;
 
 import jdk.internal.module.ModulePatcher.PatchedModuleReader;
 import jdk.internal.misc.VM;
@@ -144,9 +145,9 @@
     /**
      * Create a new instance.
      */
-    BuiltinClassLoader(BuiltinClassLoader parent, URLClassPath ucp) {
+    BuiltinClassLoader(String name, BuiltinClassLoader parent, URLClassPath ucp) {
         // ensure getParent() returns null when the parent is the boot loader
-        super(parent == null || parent == ClassLoaders.bootLoader() ? null : parent);
+        super(name, parent == null || parent == ClassLoaders.bootLoader() ? null : parent);
 
         this.parent = parent;
         this.ucp = ucp;
@@ -749,6 +750,10 @@
             return Optional.empty();
         }
         @Override
+        public Stream<String> list() {
+            return Stream.empty();
+        }
+        @Override
         public void close() {
             throw new InternalError("Should not get here");
         }
--- a/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/loader/ClassLoaders.java	Thu Dec 01 15:00:54 2016 -0500
@@ -69,16 +69,17 @@
             bcp = toURLClassPath(s);
 
         // we have a class path if -cp is specified or -m is not specified.
-        // If neither is specified then default to -cp <working directory>.
+        // If neither is specified then default to -cp <working directory>
+        // If -cp is not specified and -m is specified, the value of
+        // java.class.path is an empty string, then no class path.
         URLClassPath ucp = null;
         String mainMid = System.getProperty("jdk.module.main");
         String cp = System.getProperty("java.class.path");
-        if (mainMid == null && cp == null)
+        if (cp == null)
             cp = "";
-        if (cp != null)
+        if (mainMid == null || cp.length() > 0)
             ucp = toURLClassPath(cp);
 
-
         // create the class loaders
         BOOT_LOADER = new BootClassLoader(bcp);
         PLATFORM_LOADER = new PlatformClassLoader(BOOT_LOADER);
@@ -117,7 +118,7 @@
      */
     private static class BootClassLoader extends BuiltinClassLoader {
         BootClassLoader(URLClassPath bcp) {
-            super(null, bcp);
+            super(null, null, bcp);
         }
 
         @Override
@@ -137,7 +138,7 @@
         }
 
         PlatformClassLoader(BootClassLoader parent) {
-            super(parent, null);
+            super("platform", parent, null);
         }
 
         /**
@@ -164,7 +165,7 @@
         final URLClassPath ucp;
 
         AppClassLoader(PlatformClassLoader parent, URLClassPath ucp) {
-            super(parent, ucp);
+            super("app", parent, ucp);
             this.ucp = ucp;
         }
 
--- a/src/java.base/share/classes/jdk/internal/loader/Loader.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/loader/Loader.java	Thu Dec 01 15:00:54 2016 -0500
@@ -53,6 +53,7 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.stream.Stream;
 
 
 /**
@@ -534,6 +535,10 @@
             return Optional.empty();
         }
         @Override
+        public Stream<String> list() {
+            return Stream.empty();
+        }
+        @Override
         public void close() {
             throw new InternalError("Should not get here");
         }
--- a/src/java.base/share/classes/jdk/internal/logger/DefaultLoggerFinder.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/logger/DefaultLoggerFinder.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -137,13 +137,20 @@
     }
 
     public static boolean isSystem(Module m) {
-        ClassLoader cl = AccessController.doPrivileged(new PrivilegedAction<>() {
+        return AccessController.doPrivileged(new PrivilegedAction<>() {
             @Override
-            public ClassLoader run() {
-                return m.getClassLoader();
+            public Boolean run() {
+                final ClassLoader moduleCL = m.getClassLoader();
+                if (moduleCL == null) return true;
+                ClassLoader cl = ClassLoader.getPlatformClassLoader();
+                while (cl != null && moduleCL != cl) {
+                    cl = cl.getParent();
+                }
+                // returns true if moduleCL is the platform class loader
+                // or one of its ancestors.
+                return moduleCL == cl;
             }
         });
-        return cl == null;
     }
 
     @Override
--- a/src/java.base/share/classes/jdk/internal/misc/JavaLangModuleAccess.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/misc/JavaLangModuleAccess.java	Thu Dec 01 15:00:54 2016 -0500
@@ -39,6 +39,7 @@
 import java.lang.module.ModuleReader;
 import java.lang.module.ModuleReference;
 import java.net.URI;
+import java.nio.file.Path;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
@@ -103,6 +104,11 @@
                                          ModuleHashes hashes);
 
     /**
+     * Returns the object with the hashes of other modules
+     */
+    Optional<ModuleHashes> hashes(ModuleDescriptor descriptor);
+
+    /**
      * Resolves a collection of root modules, with service binding
      * and the empty configuration as the parent. The post resolution
      * checks are optionally run.
@@ -120,8 +126,10 @@
                                      Supplier<ModuleReader> readerSupplier);
 
     /**
-     * Returns the object with the hashes of other modules
+     * Creates a ModuleFinder for a module path.
      */
-    Optional<ModuleHashes> hashes(ModuleDescriptor descriptor);
+    ModuleFinder newModulePath(Runtime.Version version,
+                               boolean isLinkPhase,
+                               Path... entries);
 
 }
--- a/src/java.base/share/classes/jdk/internal/module/ConfigurableModuleFinder.java	Fri Oct 28 11:10:44 2016 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,46 +0,0 @@
-/*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation.  Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-package jdk.internal.module;
-
-import java.lang.module.ModuleFinder;
-
-/**
- * A ModuleFinder that may be configured to work at either run-time
- * or link-time.
- */
-
-public interface ConfigurableModuleFinder extends ModuleFinder {
-
-    public static enum Phase {
-        RUN_TIME,
-        LINK_TIME
-    }
-
-    /**
-     * Configures this finder to work in the given phase.
-     */
-    void configurePhase(Phase phase);
-
-}
--- a/src/java.base/share/classes/jdk/internal/module/ModuleInfoWriter.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/module/ModuleInfoWriter.java	Thu Dec 01 15:00:54 2016 -0500
@@ -57,7 +57,15 @@
         cw.visit(Opcodes.V1_9, ACC_MODULE, name, null, null, null);
 
         cw.visitAttribute(new ModuleAttribute(md));
-        cw.visitAttribute(new ConcealedPackagesAttribute(md.conceals()));
+
+        // for tests: write the ConcealedPackages attribute when there are non-exported packages
+        long nExportedPackages = md.exports().stream()
+                .map(ModuleDescriptor.Exports::source)
+                .distinct()
+                .count();
+        if (md.packages().size() > nExportedPackages)
+            cw.visitAttribute(new ConcealedPackagesAttribute(md.packages()));
+
         md.version().ifPresent(v -> cw.visitAttribute(new VersionAttribute(v)));
         md.mainClass().ifPresent(mc -> cw.visitAttribute(new MainClassAttribute(mc)));
 
--- a/src/java.base/share/classes/jdk/internal/module/ModulePatcher.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/module/ModulePatcher.java	Thu Dec 01 15:00:54 2016 -0500
@@ -50,6 +50,7 @@
 import java.util.Set;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
+import java.util.stream.Stream;
 
 import jdk.internal.loader.Resource;
 import jdk.internal.misc.JavaLangModuleAccess;
@@ -159,21 +160,19 @@
                     // is not supported by the boot class loader
                     try (JarFile jf = new JarFile(file.toFile())) {
                         jf.stream()
-                          .filter(e -> e.getName().endsWith(".class"))
                           .map(e -> toPackageName(file, e))
-                          .filter(pn -> pn.length() > 0)
+                          .filter(Checks::isJavaIdentifier)
                           .forEach(packages::add);
                     }
 
                 } else if (Files.isDirectory(file)) {
 
-                    // exploded directory
+                    // exploded directory without following sym links
                     Path top = file;
                     Files.find(top, Integer.MAX_VALUE,
-                            ((path, attrs) -> attrs.isRegularFile() &&
-                                    path.toString().endsWith(".class")))
+                               ((path, attrs) -> attrs.isRegularFile()))
                             .map(path -> toPackageName(top, path))
-                            .filter(pn -> pn.length() > 0)
+                            .filter(Checks::isJavaIdentifier)
                             .forEach(packages::add);
 
                 }
@@ -381,6 +380,15 @@
         }
 
         @Override
+        public Stream<String> list() throws IOException {
+            Stream<String> s = delegate().list();
+            for (ResourceFinder finder : finders) {
+                s = Stream.concat(s, finder.list());
+            }
+            return s.distinct();
+        }
+
+        @Override
         public void close() throws IOException {
             closeAll(finders);
             delegate().close();
@@ -393,6 +401,7 @@
      */
     private static interface ResourceFinder extends Closeable {
         Resource find(String name) throws IOException;
+        Stream<String> list() throws IOException;
     }
 
 
@@ -453,6 +462,13 @@
                 }
             };
         }
+
+        @Override
+        public Stream<String> list() throws IOException {
+            return jf.stream()
+                    .filter(e -> !e.isDirectory())
+                    .map(JarEntry::getName);
+        }
     }
 
 
@@ -527,6 +543,15 @@
                 }
             };
         }
+
+        @Override
+        public Stream<String> list() throws IOException {
+            return Files.find(dir, Integer.MAX_VALUE,
+                              (path, attrs) -> attrs.isRegularFile())
+                    .map(f -> dir.relativize(f)
+                                 .toString()
+                                 .replace(File.separatorChar, '/'));
+        }
     }
 
 
@@ -537,7 +562,7 @@
         Path entry = top.relativize(file);
         Path parent = entry.getParent();
         if (parent == null) {
-            return warnUnnamedPackage(top, entry.toString());
+            return warnIfModuleInfo(top, entry.toString());
         } else {
             return parent.toString().replace(File.separatorChar, '.');
         }
@@ -557,14 +582,15 @@
         String name = entry.getName();
         int index = name.lastIndexOf("/");
         if (index == -1) {
-            return warnUnnamedPackage(file, name);
+            return warnIfModuleInfo(file, name);
         } else {
             return name.substring(0, index).replace('/', '.');
         }
     }
 
-    private static String warnUnnamedPackage(Path file, String e) {
-        System.err.println("WARNING: " + e + " not allowed in patch: " + file);
+    private static String warnIfModuleInfo(Path file, String e) {
+        if (e.equals("module-info.class"))
+            System.err.println("WARNING: " + e + " ignored in patch: " + file);
         return "";
     }
 
--- a/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/jdk/internal/reflect/ReflectionFactory.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,14 +25,25 @@
 
 package jdk.internal.reflect;
 
+import java.io.Externalizable;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.ObjectStreamClass;
+import java.io.OptionalDataException;
+import java.io.Serializable;
+import java.lang.invoke.MethodHandle;
+import java.lang.invoke.MethodHandles;
 import java.lang.reflect.Field;
 import java.lang.reflect.Executable;
+import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.Modifier;
 import java.security.Permission;
 import java.security.PrivilegedAction;
+import java.util.Objects;
 import java.util.Properties;
+
 import sun.reflect.misc.ReflectUtil;
 import sun.security.action.GetPropertyAction;
 
@@ -57,6 +68,9 @@
     // Provides access to package-private mechanisms in java.lang.reflect
     private static volatile LangReflectAccess langReflectAccess;
 
+    /* Method for static class initializer <clinit>, or null */
+    private static volatile Method hasStaticInitializerMethod;
+
     //
     // "Inflation" mechanism. Loading bytecodes to implement
     // Method.invoke() and Constructor.newInstance() currently costs
@@ -337,16 +351,57 @@
     //
     //
 
-    public Constructor<?> newConstructorForSerialization
-        (Class<?> classToInstantiate, Constructor<?> constructorToCall)
+    public final Constructor<?> newConstructorForExternalization(Class<?> cl) {
+        if (!Externalizable.class.isAssignableFrom(cl)) {
+            return null;
+        }
+        try {
+            Constructor<?> cons = cl.getConstructor();
+            cons.setAccessible(true);
+            return cons;
+        } catch (NoSuchMethodException ex) {
+            return null;
+        }
+    }
+
+    public final Constructor<?> newConstructorForSerialization(Class<?> cl,
+                                                               Constructor<?> constructorToCall)
     {
-        // Fast path
-        if (constructorToCall.getDeclaringClass() == classToInstantiate) {
+        if (constructorToCall.getDeclaringClass() == cl) {
+            constructorToCall.setAccessible(true);
             return constructorToCall;
         }
+        return generateConstructor(cl, constructorToCall);
+    }
+
+    public final Constructor<?> newConstructorForSerialization(Class<?> cl) {
+        Class<?> initCl = cl;
+        while (Serializable.class.isAssignableFrom(initCl)) {
+            if ((initCl = initCl.getSuperclass()) == null) {
+                return null;
+            }
+        }
+        Constructor<?> constructorToCall;
+        try {
+            constructorToCall = initCl.getDeclaredConstructor();
+            int mods = constructorToCall.getModifiers();
+            if ((mods & Modifier.PRIVATE) != 0 ||
+                    ((mods & (Modifier.PUBLIC | Modifier.PROTECTED)) == 0 &&
+                            !packageEquals(cl, initCl))) {
+                return null;
+            }
+        } catch (NoSuchMethodException ex) {
+            return null;
+        }
+        return generateConstructor(cl, constructorToCall);
+    }
+
+    private final Constructor<?> generateConstructor(Class<?> cl,
+                                                     Constructor<?> constructorToCall) {
+
 
         ConstructorAccessor acc = new MethodAccessorGenerator().
-            generateSerializationConstructor(classToInstantiate,
+            generateSerializationConstructor(cl,
                                              constructorToCall.getParameterTypes(),
                                              constructorToCall.getExceptionTypes(),
                                              constructorToCall.getModifiers(),
@@ -364,9 +419,151 @@
                                           langReflectAccess().
                                           getConstructorParameterAnnotations(constructorToCall));
         setConstructorAccessor(c, acc);
+        c.setAccessible(true);
         return c;
     }
 
+    public final MethodHandle readObjectForSerialization(Class<?> cl) {
+        return findReadWriteObjectForSerialization(cl, "readObject", ObjectInputStream.class);
+    }
+
+    public final MethodHandle readObjectNoDataForSerialization(Class<?> cl) {
+        return findReadWriteObjectForSerialization(cl, "readObjectNoData", ObjectInputStream.class);
+    }
+
+    public final MethodHandle writeObjectForSerialization(Class<?> cl) {
+        return findReadWriteObjectForSerialization(cl, "writeObject", ObjectOutputStream.class);
+    }
+
+    private final MethodHandle findReadWriteObjectForSerialization(Class<?> cl,
+                                                                   String methodName,
+                                                                   Class<?> streamClass) {
+        if (!Serializable.class.isAssignableFrom(cl)) {
+            return null;
+        }
+
+        try {
+            Method meth = cl.getDeclaredMethod(methodName, streamClass);
+            int mods = meth.getModifiers();
+            if (meth.getReturnType() != Void.TYPE ||
+                    Modifier.isStatic(mods) ||
+                    !Modifier.isPrivate(mods)) {
+                return null;
+            }
+            meth.setAccessible(true);
+            return MethodHandles.lookup().unreflect(meth);
+        } catch (NoSuchMethodException ex) {
+            return null;
+        } catch (IllegalAccessException ex1) {
+            throw new InternalError("Error", ex1);
+        }
+    }
+
+    /**
+     * Returns a MethodHandle for {@code writeReplace} on the serializable class
+     * or null if no match found.
+     * @param cl a serializable class
+     * @returnss the {@code writeReplace} MethodHandle or {@code null} if not found
+     */
+    public final MethodHandle writeReplaceForSerialization(Class<?> cl) {
+        return getReplaceResolveForSerialization(cl, "writeReplace");
+    }
+
+    /**
+     * Returns a MethodHandle for {@code readResolve} on the serializable class
+     * or null if no match found.
+     * @param cl a serializable class
+     * @returns the {@code writeReplace} MethodHandle or {@code null} if not found
+     */
+    public final MethodHandle readResolveForSerialization(Class<?> cl) {
+        return getReplaceResolveForSerialization(cl, "readResolve");
+    }
+
+    /**
+     * Lookup readResolve or writeReplace on a class with specified
+     * signature constraints.
+     * @param cl a serializable class
+     * @param methodName the method name to find
+     * @returns a MethodHandle for the method or {@code null} if not found or
+     *       has the wrong signature.
+     */
+    private MethodHandle getReplaceResolveForSerialization(Class<?> cl,
+                                                           String methodName) {
+        if (!Serializable.class.isAssignableFrom(cl)) {
+            return null;
+        }
+
+        Class<?> defCl = cl;
+        while (defCl != null) {
+            try {
+                Method m = defCl.getDeclaredMethod(methodName);
+                if (m.getReturnType() != Object.class) {
+                    return null;
+                }
+                int mods = m.getModifiers();
+                if (Modifier.isStatic(mods) | Modifier.isAbstract(mods)) {
+                    return null;
+                } else if (Modifier.isPublic(mods) | Modifier.isProtected(mods)) {
+                    // fall through
+                } else if (Modifier.isPrivate(mods) && (cl != defCl)) {
+                    return null;
+                } else if (!packageEquals(cl, defCl)) {
+                    return null;
+                }
+                try {
+                    // Normal return
+                    m.setAccessible(true);
+                    return MethodHandles.lookup().unreflect(m);
+                } catch (IllegalAccessException ex0) {
+                    // setAccessible should prevent IAE
+                    throw new InternalError("Error", ex0);
+                }
+            } catch (NoSuchMethodException ex) {
+                defCl = defCl.getSuperclass();
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Returns true if the given class defines a static initializer method,
+     * false otherwise.
+     */
+    public final boolean hasStaticInitializerForSerialization(Class<?> cl) {
+        Method m = hasStaticInitializerMethod;
+        if (m == null) {
+            try {
+                m = ObjectStreamClass.class.getDeclaredMethod("hasStaticInitializer",
+                        new Class<?>[]{Class.class});
+                m.setAccessible(true);
+                hasStaticInitializerMethod = m;
+            } catch (NoSuchMethodException ex) {
+                throw new InternalError("No such method hasStaticInitializer on "
+                        + ObjectStreamClass.class, ex);
+            }
+        }
+        try {
+            return (Boolean) m.invoke(null, cl);
+        } catch (InvocationTargetException | IllegalAccessException ex) {
+            throw new InternalError("Exception invoking hasStaticInitializer", ex);
+        }
+    }
+
+    /**
+     * Return the accessible constructor for OptionalDataException signaling eof.
+     * @returns the eof constructor for OptionalDataException
+     */
+    public final Constructor<OptionalDataException> newOptionalDataExceptionForSerialization() {
+        try {
+            Constructor<OptionalDataException> boolCtor =
+                    OptionalDataException.class.getDeclaredConstructor(Boolean.TYPE);
+            boolCtor.setAccessible(true);
+            return boolCtor;
+        } catch (NoSuchMethodException ex) {
+            throw new InternalError("Constructor not found", ex);
+        }
+    }
+
     //--------------------------------------------------------------------------
     //
     // Internals only below this point
@@ -426,4 +623,17 @@
         }
         return langReflectAccess;
     }
+
+    /**
+     * Returns true if classes are defined in the classloader and same package, false
+     * otherwise.
+     * @param cl1 a class
+     * @param cl2 another class
+     * @returns true if the two classes are in the same classloader and package
+     */
+    private static boolean packageEquals(Class<?> cl1, Class<?> cl2) {
+        return cl1.getClassLoader() == cl2.getClassLoader() &&
+                Objects.equals(cl1.getPackage(), cl2.getPackage());
+    }
+
 }
--- a/src/java.base/share/classes/module-info.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/module-info.java	Thu Dec 01 15:00:54 2016 -0500
@@ -196,7 +196,8 @@
         jdk.vm.ci;
     exports jdk.internal.util.jar to
         jdk.jartool,
-        jdk.jdeps;
+        jdk.jdeps,
+        jdk.jlink;
     exports jdk.internal.vm to
         java.management,
         jdk.jvmstat;
@@ -240,8 +241,7 @@
         java.xml.ws;
     exports sun.security.action to
         java.desktop,
-        java.security.jgss,
-        jdk.crypto.pkcs11;
+        java.security.jgss;
     exports sun.security.internal.interfaces to
         jdk.crypto.pkcs11;
     exports sun.security.internal.spec to
--- a/src/java.base/share/classes/sun/launcher/resources/launcher.properties	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/sun/launcher/resources/launcher.properties	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2007, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@@ -31,7 +31,7 @@
 \           (to execute the main class in a module)\n\
 where options include:\n
 
-java.launcher.opt.datamodel  =\    -d{0}\t  use a {0}-bit data model if available\n
+java.launcher.opt.datamodel  =\    -d{0}\t  Deprecated, will be removed in a future release\n
 java.launcher.opt.vmselect   =\    {0}\t  to select the "{1}" VM\n
 java.launcher.opt.hotspot    =\    {0}\t  is a synonym for the "{1}" VM  [deprecated]\n
 
@@ -95,6 +95,12 @@
 \                  load Java programming language agent, see java.lang.instrument\n\
 \    -splash:<imagepath>\n\
 \                  show splash screen with specified image\n\
+\                  HiDPI scaled images are automatically supported and used\n\
+\                  if available. The unscaled image filename, e.g. image.ext,\n\
+\                  should always be passed as the argument to the -splash option.\n\
+\                  The most appropriate scaled image provided will be picked up\n\
+\                  automatically.\n\
+\                  See the SplashScreen API documentation for more information.\n\
 \    @<filepath>   read options from the specified file\n\
 \To specify an argument for a long option, you can use --<name>=<value> or\n\
 \--<name> <value>.\n\
--- a/src/java.base/share/classes/sun/nio/cs/ISO_8859_1.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/sun/nio/cs/ISO_8859_1.java	Thu Dec 01 15:00:54 2016 -0500
@@ -157,6 +157,9 @@
         // Method possible replaced with a compiler intrinsic.
         private static int encodeISOArray(char[] sa, int sp,
                                           byte[] da, int dp, int len) {
+            if (len <= 0) {
+                return 0;
+            }
             encodeISOArrayCheck(sa, sp, da, dp, len);
             return implEncodeISOArray(sa, sp, da, dp, len);
         }
@@ -177,10 +180,6 @@
 
         private static void encodeISOArrayCheck(char[] sa, int sp,
                                                 byte[] da, int dp, int len) {
-            if (len <= 0) {
-                return;  // not an error because encodeISOArrayImpl won't execute if len <= 0
-            }
-
             Objects.requireNonNull(sa);
             Objects.requireNonNull(da);
 
--- a/src/java.base/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/sun/reflect/annotation/AnnotationInvocationHandler.java	Thu Dec 01 15:00:54 2016 -0500
@@ -253,20 +253,20 @@
     }
 
     private static String toSourceString(char c) {
-        StringBuilder sb = new StringBuilder();
-        sb.append("'");
+        StringBuilder sb = new StringBuilder(4);
+        sb.append('\'');
         if (c == '\'')
             sb.append("\\'");
         else
             sb.append(c);
-        sb.append("'");
-        return sb.toString();
+        return sb.append('\'')
+                .toString();
     }
 
     private static String toSourceString(long ell) {
-        return (Math.abs(ell) <= Integer.MAX_VALUE) ?
-            String.valueOf(ell) :
-            (String.valueOf(ell) + "L");
+        String str = String.valueOf(ell);
+        return (ell < Integer.MIN_VALUE || ell > Integer.MAX_VALUE)
+                ? (str + 'L') : str;
     }
 
     /**
@@ -278,10 +278,7 @@
         sb.append('"');
         // Escape embedded quote characters, if present, but don't do
         // anything more heroic.
-        if (s.indexOf('"') != -1) {
-            s = s.replace("\"", "\\\"");
-        }
-        sb.append(s);
+        sb.append(s.replace("\"", "\\\""));
         sb.append('"');
         return sb.toString();
     }
--- a/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java	Fri Oct 28 11:10:44 2016 -0400
+++ b/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java	Thu Dec 01 15:00:54 2016 -0500
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -42,10 +42,6 @@
 
     private DTLSReassembler reassembler = null;
 
-    // Cache the session identifier for the detection of session-resuming
-    // handshake.
-    byte[]              prevSessionID = new byte[0];
-
     int                 readEpoch;
 
     int                 prevReadEpoch;
@@ -114,13 +110,7 @@
     @Override
     Plaintext acquirePlaintext() {
         if (reassembler != null) {
-            Plaintext plaintext = reassembler.acquirePlaintext();
-            if (reassembler.finished()) {
-                // discard all buffered unused message.
-                reassembler = null;
-            }
-
-            return plaintext;
+            return reassembler.acquirePlaintext();
         }
 
         return null;
@@ -149,40 +139,54 @@
         packet.get(recordEnS);
         int recordEpoch = ((recordEnS[0] & 0xFF) << 8) |
                            (recordEnS[1] & 0xFF);          // pos: 3, 4
-        long recordSeq  = Authenticator.toLong(recordEnS);
+        long recordSeq  = ((recordEnS[2] & 0xFFL) << 40) |
+                          ((recordEnS[3] & 0xFFL) << 32) |
+                          ((recordEnS[4] & 0xFFL) << 24) |
+                          ((recordEnS[5] & 0xFFL) << 16) |
+                          ((recordEnS[6] & 0xFFL) <<  8) |
+                           (recordEnS[7] & 0xFFL);         // pos: 5-10
+
         int contentLen = ((packet.get() & 0xFF) << 8) |
-                          (packet.get() & 0xFF);            // pos: 11, 12
+                          (packet.get() & 0xFF);           // pos: 11, 12
 
         if (debug != null && Debug.isOn("record")) {
-             System.out.println(Thread.currentThread().getName() +
-                    ", READ: " +
+            Debug.log("READ: " +
                     ProtocolVersion.valueOf(majorVersion, minorVersion) +
                     " " + Record.contentName(contentType) + ", length = " +
                     contentLen);
         }
 
         int recLim = srcPos + DTLSRecord.headerSize + contentLen;
-        if (this.readEpoch > recordEpoch) {
-            // Discard old records delivered before this epoch.
 
+        if (this.prevReadEpoch > recordEpoch) {
             // Reset the position of the packet buffer.
             packet.position(recLim);
+            if (debug != null && Debug.isOn("record")) {
+                Debug.printHex("READ: discard this old record", recordEnS);
+            }
             return null;
         }
 
+        // Buffer next epoch message if necessary.
         if (this.readEpoch < recordEpoch) {
-            if (contentType != Record.ct_handshake) {
-                // just discard it if not a handshake message
+            // Discard the record younger than the current epcoh if:
+            // 1. it is not a handshake message, or
+            // 2. it is not of next epoch.
+            if (((contentType != Record.ct_handshake) &&
+                    (contentType != Record.ct_change_cipher_spec)) ||
+                (this.readEpoch < (recordEpoch - 1))) {
+
                 packet.position(recLim);
+
+                if (debug != null && Debug.isOn("verbose")) {
+                    Debug.log("Premature record (epoch), discard it.");
+                }
+
                 return null;
             }
 
-            // Not ready to decrypt this record, may be encrypted Finished
+            // Not ready to decrypt this record, may be an encrypted Finished
             // message, need to buffer it.
-            if (reassembler == null) {
-               reassembler = new DTLSReassembler();
-            }
-
             byte[] fragment = new byte[contentLen];
             packet.get(fragment);              // copy the fragment
             RecordFragment buffered = new RecordFragment(fragment, contentType,
@@ -194,94 +198,130 @@
             // consume the full record in the packet buffer.
             packet.position(recLim);
 
-            Plaintext plaintext = reassembler.acquirePlaintext();
-            if (reassembler.finished()) {
-                // discard all buffered unused message.
+            return reassembler.acquirePlaintext();
+        }
+
+        //
+        // Now, the message is of this epoch or the previous epoch.
+        //
+        Authenticator decodeAuthenticator;
+        CipherBox decodeCipher;
+        if (this.readEpoch == recordEpoch) {
+            decodeAuthenticator = readAuthenticator;
+            decodeCipher = readCipher;
+        } else {                        // prevReadEpoch == recordEpoch
+            decodeAuthenticator = prevReadAuthenticator;
+            decodeCipher = prevReadCipher;
+        }
+
+        // decrypt the fragment
+        packet.limit(recLim);
+        packet.position(srcPos + DTLSRecord.headerSize);
+
+        ByteBuffer plaintextFragment;
+        try {
+            plaintextFragment = decrypt(decodeAuthenticator,
+                    decodeCipher, contentType, packet, recordEnS);
+        } catch (BadPaddingException bpe) {
+            if (debug != null && Debug.isOn("ssl")) {
+                Debug.log("Discard invalid record: " + bpe);
+            }
+
+            // invalid, discard this record [section 4.1.2.7, RFC 6347]
+            return null;
+        } finally {
+            // comsume a complete record
+            packet.limit(srcLim);
+            packet.position(recLim);
+        }
+
+        if (contentType != Record.ct_change_cipher_spec &&
+            contentType != Record.ct_handshake) {   // app data or alert
+                                                    // no retransmission
+            // Cleanup the handshake reassembler if necessary.
+            if ((reassembler != null) &&
+                    (reassembler.handshakeEpoch < recordEpoch)) {
+                if (debug != null && Debug.isOn("verbose")) {
+                    Debug.log("Cleanup the handshake reassembler");
+                }
+
                 reassembler = null;
             }
 
-            return plaintext;
+            return new Plaintext(contentType, majorVersion, minorVersion,
+                    recordEpoch, Authenticator.toLong(recordEnS),
+                    plaintextFragment);
         }
 
-        if (this.readEpoch == recordEpoch) {
-            // decrypt the fragment
-            packet.limit(recLim);
-            packet.position(srcPos + DTLSRecord.headerSize);
-
-            ByteBuffer plaintextFragment;
-            try {
-                plaintextFragment = decrypt(readAuthenticator,
-                        readCipher, contentType, packet, recordEnS);
-            } catch (BadPaddingException bpe) {
-                if (debug != null && Debug.isOn("ssl")) {
-                    System.out.println(Thread.currentThread().getName() +
-                            " discard invalid record: " + bpe);
-                }
-
-                // invalid, discard this record [section 4.1.2.7, RFC 6347]
-                return null;
-            } finally {
-                // comsume a complete record
-                packet.limit(srcLim);
-                packet.position(recLim);
-            }
-
-            if (contentType != Record.ct_change_cipher_spec &&
-                contentType != Record.ct_handshake) {   // app data or alert
-                                                        // no retransmission
-               return new Plaintext(contentType, majorVersion, minorVersion,
-                        recordEpoch, recordSeq, plaintextFragment);
-            }
-
-            if (contentType == Record.ct_change_cipher_spec) {
-                if (reassembler == null) {
+        if (contentType == Record.ct_change_cipher_spec) {
+            if (reassembler == null) {
+                if (this.readEpoch != recordEpoch) {
                     // handshake has not started, should be an
                     // old handshake message, discard it.
+
+                    if (debug != null && Debug.isOn("verbose")) {
+                        Debug.log(
+                                "Lagging behind ChangeCipherSpec, discard it.");
+                    }
+
                     return null;
                 }
 
-                reassembler.queueUpFragment(
-                        new RecordFragment(plaintextFragment, contentType,
-                                majorVersion, minorVersion,
-                                recordEnS, recordEpoch, recordSeq, false));
-            } else {    // handshake record
-                // One record may contain 1+ more handshake messages.
-                while (plaintextFragment.remaining() > 0) {
+                reassembler = new DTLSReassembler(recordEpoch);
+            }
 
-                    HandshakeFragment hsFrag = parseHandshakeMessage(
-                        contentType, majorVersion, minorVersion,
-                        recordEnS, recordEpoch, recordSeq, plaintextFragment);
+            reassembler.queueUpChangeCipherSpec(
+                    new RecordFragment(plaintextFragment, contentType,
+                            majorVersion, minorVersion,
+                            recordEnS, recordEpoch, recordSeq, false));
+        } else {    // handshake record
+            // One record may contain 1+ more handshake messages.
+            while (plaintextFragment.remaining() > 0) {
 
-                    if (hsFrag == null) {
-                        // invalid, discard this record
+                HandshakeFragment hsFrag = parseHandshakeMessage(
+                    contentType, majorVersion, minorVersion,
+                    recordEnS, recordEpoch, recordSeq, plaintextFragment);
+
+                if (hsFrag == null) {
+                    // invalid, discard this record
+                    if (debug != null && Debug.isOn("verbose")) {
+                        Debug.log("Invalid handshake message, discard it.");
+                    }
+
+                    return null;
+                }
+
+                if (reassembler == null) {
+                    if (this.readEpoch != recordEpoch) {
+                        // handshake has not started, should be an
+                        // old handshake message, discard it.
+
+                        if (debug != null && Debug.isOn("verbose")) {
+                            Debug.log(
+                                "Lagging behind handshake record, discard it.");
+                        }
+
                         return null;
                     }
 
-                    if ((reassembler == null) &&
-                            isKickstart(hsFrag.handshakeType)) {
-                       reassembler = new DTLSReassembler();
-                    }
-
-                    if (reassembler != null) {
-                        reassembler.queueUpHandshake(hsFrag);
-                    }   // else, just ignore the message.
-                }
-            }
-
-            // Completed the read of the full record. Acquire the reassembled
-            // messages.
-            if (reassembler != null) {
-                Plaintext plaintext = reassembler.acquirePlaintext();
-                if (reassembler.finished()) {
-                    // discard all buffered unused message.
-                    reassembler = null;
+                    reassembler = new DTLSReassembler(recordEpoch);
                 }
 
-                return plaintext;
+                reassembler.queueUpHandshake(hsFrag);
             }
         }
 
-        return null;    // make the complier happy
+        // Completed the read of the full record.  Acquire the reassembled
+        // messages.
+        if (reassembler != null) {
+            return reassembler.acquirePlaintext();
+        }
+
+        if (debug != null && Debug.isOn("verbose")) {
+            Debug.log("The reassembler is not initialized yet.");
+        }
+
+        return null;
     }
 
     @Override
@@ -330,12 +370,6 @@
         }
     }
 
-    private static boolean isKickstart(byte handshakeType) {
-        return (handshakeType == HandshakeMessage.ht_client_hello) ||
-               (handshakeType == HandshakeMessage.ht_hello_request) ||
-               (handshakeType == HandshakeMessage.ht_hello_verify_request);
-    }
-
     private static HandshakeFragment parseHandshakeMessage(
             byte contentType, byte majorVersion, byte minorVersion,
             byte[] recordEnS, int recordEpoch, long recordSeq,
@@ -344,9 +378,7 @@
         int remaining = plaintextFragment.remaining();
         if (remaining < handshakeHeaderSize) {
             if (debug != null && Debug.isOn("ssl")) {
-                System.out.println(
-                        Thread.currentThread().getName() +
-                        " discard invalid record: " +
+                Debug.log("Discard invalid record: " +
                         "too small record to hold a handshake fragment");
             }
 
@@ -372,9 +404,7 @@
                  (plaintextFragment.get() & 0xFF);          // pos: 9-11
         if ((remaining - handshakeHeaderSize) < fragmentLength) {
             if (debug != null && Debug.isOn("ssl")) {
-                System.out.println(
-                        Thread.currentThread().getName() +
-                        " discard invalid record: " +
+                Debug.log("Discard invalid record: " +
                         "not a complete handshake fragment in the record");
             }
 
@@ -431,7 +461,39 @@
 
         @Override
         public int compareTo(RecordFragment o) {
-            return Long.compareUnsigned(this.recordSeq, o.recordSeq);
+            if (this.contentType == Record.ct_change_cipher_spec) {
+                if (o.contentType == Record.ct_change_cipher_spec) {
+                    // Only one incoming ChangeCipherSpec message for an epoch.
+                    //
+                    // Ignore duplicated ChangeCipherSpec messages.
+                    return Integer.compare(this.recordEpoch, o.recordEpoch);
+                } else if ((this.recordEpoch == o.recordEpoch) &&
+                        (o.contentType == Record.ct_handshake)) {
+                    // ChangeCipherSpec is the latest message of an epoch.
+                    return 1;
+                }
+            } else if (o.contentType == Record.ct_change_cipher_spec) {
+                if ((this.recordEpoch == o.recordEpoch) &&
+                        (this.contentType == Record.ct_handshake)) {
+                    // ChangeCipherSpec is the latest message of an epoch.
+                    return -1;
+                } else {
+                    // different epoch or this is not a handshake message
+                    return compareToSequence(o.recordEpoch, o.recordSeq);
+                }
+            }
+
+            return compareToSequence(o.recordEpoch, o.recordSeq);
+        }
+
+        int compareToSequence(int epoch, long seq) {
+            if (this.recordEpoch > epoch) {
+                return 1;
+            } else if (this.recordEpoch == epoch) {
+                return Long.compare(this.recordSeq, seq);
+            } else {
+                return -1;
+            }
         }
     }
 
@@ -465,12 +527,24 @@
             if (o instanceof HandshakeFragment) {
                 HandshakeFragment other = (HandshakeFragment)o;
                 if (this.messageSeq != other.messageSeq) {
-                    // keep the insertion order for the same message
+                    // keep the insertion order of handshake messages
                     return this.messageSeq - other.messageSeq;
+                } else if (this.fragmentOffset != other.fragmentOffset) {
+                    // small fragment offset was transmitted first
+                    return this.fragmentOffset - other.fragmentOffset;
+                } else if (this.fragmentLength == other.fragmentLength) {
+                    // retransmissions, ignore duplicated messages.
+                    return 0;
                 }
+
+                // Should be repacked for suitable fragment length.
+                //
+                // Note that the acquiring processes will reassemble the
+                // the fragments later.
+                return compareToSequence(o.recordEpoch, o.recordSeq);
             }
 
-            return Long.compareUnsigned(this.recordSeq, o.recordSeq);
+            return super.compareTo(o);
         }
     }
 
@@ -484,24 +558,72 @@
         }
     }
 
+    private static final class HandshakeFlight implements Cloneable {
+        static final byte HF_UNKNOWN = HandshakeMessage.ht_not_applicable;
+
+        byte        handshakeType;      // handshake type
+        int         flightEpoch;        // the epoch of the first message
+        int         minMessageSeq;      // minimal message sequence
+
+        int         maxMessageSeq;      // maximum message sequence
+        int         maxRecordEpoch;     // maximum record sequence number
+        long        maxRecordSeq;       // maximum record sequence number
+
+        HashMap<Byte, List<HoleDescriptor>> holesMap;
+
+        HandshakeFlight() {
+            this.handshakeType = HF_UNKNOWN;
+            this.flightEpoch = 0;
+            this.minMessageSeq = 0;
+
+            this.maxMessageSeq = 0;
+            this.maxRecordEpoch = 0;
+            this.maxRecordSeq = -1;
+
+            this.holesMap = new HashMap<>(5);
+        }
+
+        boolean isRetransmitOf(HandshakeFlight hs) {
+            return (hs != null) &&
+                   (this.handshakeType == hs.handshakeType) &&
+                   (this.minMessageSeq == hs.minMessageSeq);
+        }
+
+        @Override
+        public Object clone() {
+            HandshakeFlight hf = new HandshakeFlight();
+
+            hf.handshakeType = this.handshakeType;
+            hf.flightEpoch = this.flightEpoch;
+            hf.minMessageSeq = this.minMessageSeq;
+
+            hf.maxMessageSeq = this.maxMessageSeq;
+            hf.maxRecordEpoch = this.maxRecordEpoch;
+            hf.maxRecordSeq = this.maxRecordSeq;
+
+            hf.holesMap = new HashMap<>(this.holesMap);
+
+            return hf;
+        }
+    }
+
     final class DTLSReassembler {
+        // The handshake epoch.
+        final int handshakeEpoch;
+
+        // The buffered fragments.
         TreeSet<RecordFragment> bufferedFragments = new TreeSet<>();
 
-        HashMap<Byte, List<HoleDescriptor>> holesMap = new HashMap<>(5);
+        // The handshake flight in progress.
+        HandshakeFlight handshakeFlight = new HandshakeFlight();
 
-        // Epoch, sequence number and handshake message sequence of the
-        // beginning message of a flight.
-        byte        flightType = (byte)0xFF;
-
-        int         flightTopEpoch = 0;
-        long        flightTopRecordSeq = -1;
-        int         flightTopMessageSeq = 0;
+        // The preceding handshake flight.
+        HandshakeFlight precedingFlight = null;
 
         // Epoch, sequence number and handshake message sequence of the
         // next message acquisition of a flight.
-        int         nextRecordEpoch = 0;    // next record epoch
+        int         nextRecordEpoch;        // next record epoch
         long        nextRecordSeq = 0;      // next record sequence number
-        int         nextMessageSeq = 0;     // next handshake message number
 
         // Expect ChangeCipherSpec and Finished messages for the final flight.
         boolean     expectCCSFlight = false;
@@ -510,65 +632,66 @@
         boolean     flightIsReady = false;
         boolean     needToCheckFlight = false;
 
-        // Is it a session-resuming abbreviated handshake.?
-        boolean     isAbbreviatedHandshake = false;
+        DTLSReassembler(int handshakeEpoch) {
+            this.handshakeEpoch = handshakeEpoch;
+            this.nextRecordEpoch = handshakeEpoch;
 
-        // The handshke fragment with the biggest record sequence number
-        // in a flight, not counting the Finished message.
-        HandshakeFragment lastHandshakeFragment = null;
-
-        // Is handshake (intput) finished?
-        boolean handshakeFinished = false;
-
-        DTLSReassembler() {
-            // blank
-        }
-
-        boolean finished() {
-            return handshakeFinished;
+            this.handshakeFlight.flightEpoch = handshakeEpoch;
         }
 
         void expectingFinishFlight() {
             expectCCSFlight = true;
         }
 
+        // Queue up a handshake message.
         void queueUpHandshake(HandshakeFragment hsf) {
-
-            if ((nextRecordEpoch > hsf.recordEpoch) ||
-                    (nextRecordSeq > hsf.recordSeq) ||
-                    (nextMessageSeq > hsf.messageSeq)) {
-                // too old, discard this record
+            if (!isDesirable(hsf)) {
+                // Not a dedired record, discard it.
                 return;
             }
 
+            // Clean up the retransmission messages if necessary.
+            cleanUpRetransmit(hsf);
+
             // Is it the first message of next flight?
-            if ((flightTopMessageSeq == hsf.messageSeq) &&
-                    (hsf.fragmentOffset == 0) && (flightTopRecordSeq == -1)) {
+            //
+            // Note: the Finished message is handled in the final CCS flight.
+            boolean isMinimalFlightMessage = false;
+            if (handshakeFlight.minMessageSeq == hsf.messageSeq) {
+                isMinimalFlightMessage = true;
+            } else if ((precedingFlight != null) &&
+                    (precedingFlight.minMessageSeq == hsf.messageSeq)) {
+                isMinimalFlightMessage = true;
+            }
 
-                flightType = hsf.handshakeType;
-                flightTopEpoch = hsf.recordEpoch;
-                flightTopRecordSeq = hsf.recordSeq;
+            if (isMinimalFlightMessage && (hsf.fragmentOffset == 0) &&
+                    (hsf.handshakeType != HandshakeMessage.ht_finished)) {
 
-                if (hsf.handshakeType == HandshakeMessage.ht_server_hello) {
-                    // Is it a session-resuming handshake?
-                    try {
-                        isAbbreviatedHandshake =
-                                isSessionResuming(hsf.fragment, prevSessionID);
-                    } catch (SSLException ssle) {
-                        if (debug != null && Debug.isOn("ssl")) {
-                            System.out.println(
-                                    Thread.currentThread().getName() +
-                                    " discard invalid record: " + ssle);
-                        }
+                // reset the handshake flight
+                handshakeFlight.handshakeType = hsf.handshakeType;
+                handshakeFlight.flightEpoch = hsf.recordEpoch;
+                handshakeFlight.minMessageSeq = hsf.messageSeq;
+            }
 
-                        // invalid, discard it [section 4.1.2.7, RFC 6347]
-                        return;
+            if (hsf.handshakeType == HandshakeMessage.ht_finished) {
+                handshakeFlight.maxMessageSeq = hsf.messageSeq;
+                handshakeFlight.maxRecordEpoch = hsf.recordEpoch;
+                handshakeFlight.maxRecordSeq = hsf.recordSeq;
+            } else {
+                if (handshakeFlight.maxMessageSeq < hsf.messageSeq) {
+                    handshakeFlight.maxMessageSeq = hsf.messageSeq;
+                }
+
+                int n = (hsf.recordEpoch - handshakeFlight.maxRecordEpoch);
+                if (n > 0) {
+                    handshakeFlight.maxRecordEpoch = hsf.recordEpoch;
+                    handshakeFlight.maxRecordSeq = hsf.recordSeq;
+                } else if (n == 0) {
+                    // the same epoch
+                    if (handshakeFlight.maxRecordSeq < hsf.recordSeq) {
+                        handshakeFlight.maxRecordSeq = hsf.recordSeq;
                     }
-
-                    if (!isAbbreviatedHandshake) {
-                        prevSessionID = getSessionID(hsf.fragment);
-                    }
-                }
+                }   // Otherwise, it is unlikely to happen.
             }
 
             boolean fragmented = false;
@@ -578,7 +701,8 @@
                 fragmented = true;
             }
 
-            List<HoleDescriptor> holes = holesMap.get(hsf.handshakeType);
+            List<HoleDescriptor> holes =
+                    handshakeFlight.holesMap.get(hsf.handshakeType);
             if (holes == null) {
                 if (!fragmented) {
                     holes = Collections.emptyList();
@@ -586,7 +710,7 @@
                     holes = new LinkedList<HoleDescriptor>();
                     holes.add(new HoleDescriptor(0, hsf.messageLength));
                 }
-                holesMap.put(hsf.handshakeType, holes);
+                handshakeFlight.holesMap.put(hsf.handshakeType, holes);
             } else if (holes.isEmpty()) {
                 // Have got the full handshake message.  This record may be
                 // a handshake message retransmission.  Discard this record.
@@ -594,20 +718,11 @@
                 // It's OK to discard retransmission as the handshake hash
                 // is computed as if each handshake message had been sent
                 // as a single fragment.
-                //
-                // Note that ClientHello messages are delivered twice in
-                // DTLS handshaking.
-                if ((hsf.handshakeType != HandshakeMessage.ht_client_hello &&
-                     hsf.handshakeType != ht_hello_verify_request) ||
-                        (nextMessageSeq != hsf.messageSeq)) {
-                    return;
+                if (debug != null && Debug.isOn("verbose")) {
+                    Debug.log("Have got the full message, discard it.");
                 }
 
-                if (fragmented) {
-                    holes = new LinkedList<HoleDescriptor>();
-                    holes.add(new HoleDescriptor(0, hsf.messageLength));
-                }
-                holesMap.put(hsf.handshakeType, holes);
+                return;
             }
 
             if (fragmented) {
@@ -628,9 +743,7 @@
                          (hole.limit < fragmentLimit))) {
 
                         if (debug != null && Debug.isOn("ssl")) {
-                            System.out.println(
-                                Thread.currentThread().getName() +
-                                " discard invalid record: " +
+                            Debug.log("Discard invalid record: " +
                                 "handshake fragment ranges are overlapping");
                         }
 
@@ -659,48 +772,205 @@
                 }
             }
 
-            // append this fragment
-            bufferedFragments.add(hsf);
-
-            if ((lastHandshakeFragment == null) ||
-                (lastHandshakeFragment.compareTo(hsf) < 0)) {
-
-                lastHandshakeFragment = hsf;
+            // buffer this fragment
+            if (hsf.handshakeType == HandshakeMessage.ht_finished) {
+                // Need no status update.
+                bufferedFragments.add(hsf);
+            } else {
+                bufferFragment(hsf);
             }
-
-            if (flightIsReady) {
-                flightIsReady = false;
-            }
-            needToCheckFlight = true;
         }
 
-        // queue up change_cipher_spec or encrypted message
-        void queueUpFragment(RecordFragment rf) {
-            if ((nextRecordEpoch > rf.recordEpoch) ||
-                    (nextRecordSeq > rf.recordSeq)) {
-                // too old, discard this record
+        // Queue up a ChangeCipherSpec message
+        void queueUpChangeCipherSpec(RecordFragment rf) {
+            if (!isDesirable(rf)) {
+                // Not a dedired record, discard it.
                 return;
             }
 
-            // Is it the first message of next flight?
-            if (expectCCSFlight &&
-                    (rf.contentType == Record.ct_change_cipher_spec)) {
+            // Clean up the retransmission messages if necessary.
+            cleanUpRetransmit(rf);
 
-                flightType = (byte)0xFE;
-                flightTopEpoch = rf.recordEpoch;
-                flightTopRecordSeq = rf.recordSeq;
+            // Is it the first message of this flight?
+            //
+            // Note: the first message of the final flight is ChangeCipherSpec.
+            if (expectCCSFlight) {
+                handshakeFlight.handshakeType = HandshakeFlight.HF_UNKNOWN;
+                handshakeFlight.flightEpoch = rf.recordEpoch;
             }
 
+            // The epoch should be the same as the first message of the flight.
+            if (handshakeFlight.maxRecordSeq < rf.recordSeq) {
+                handshakeFlight.maxRecordSeq = rf.recordSeq;
+            }
+
+            // buffer this fragment
+            bufferFragment(rf);
+        }
+
+        // Queue up a ciphertext message.
+        //
+        // Note: not yet be able to decrypt the message.
+        void queueUpFragment(RecordFragment rf) {
+            if (!isDesirable(rf)) {
+                // Not a dedired record, discard it.
+                return;
+            }
+
+            // Clean up the retransmission messages if necessary.
+            cleanUpRetransmit(rf);
+
+            // buffer this fragment
+            bufferFragment(rf);
+        }
+
+        private void bufferFragment(RecordFragment rf) {
             // append this fragment
             bufferedFragments.add(rf);
 
             if (flightIsReady) {
                 flightIsReady = false;
             }
-            needToCheckFlight = true;
+
+            if (!needToCheckFlight) {
+                needToCheckFlight = true;
+            }
         }
 
-        boolean isEmpty() {
+        private void cleanUpRetransmit(RecordFragment rf) {
+            // Does the next flight start?
+            boolean isNewFlight = false;
+            if (precedingFlight != null) {
+                if (precedingFlight.flightEpoch < rf.recordEpoch) {
+                    isNewFlight = true;
+                } else {
+                    if (rf instanceof HandshakeFragment) {
+                        HandshakeFragment hsf = (HandshakeFragment)rf;
+                        if (precedingFlight.maxMessageSeq  < hsf.messageSeq) {
+                            isNewFlight = true;
+                        }
+                    } else if (rf.contentType != Record.ct_change_cipher_spec) {
+                        // ciphertext
+                        if (precedingFlight.maxRecordEpoch < rf.recordEpoch) {
+                            isNewFlight = true;
+                        }
+                    }
+                }
+            }
+
+            if (!isNewFlight) {
+                // Need no cleanup.
+                return;
+            }
+
+            // clean up the buffer
+            for (Iterator<RecordFragment> it = bufferedFragments.iterator();
+                    it.hasNext();) {
+
+                RecordFragment frag = it.next();
+                boolean isOld = false;
+                if (frag.recordEpoch < precedingFlight.maxRecordEpoch) {
+                    isOld = true;
+                } else if (frag.recordEpoch == precedingFlight.maxRecordEpoch) {
+                    if (frag.recordSeq <= precedingFlight.maxRecordSeq) {
+                        isOld = true;
+                    }
+                }
+
+                if (!isOld && (frag instanceof HandshakeFragment)) {
+                    HandshakeFragment hsf = (HandshakeFragment)frag;
+                    isOld = (hsf.messageSeq <= precedingFlight.maxMessageSeq);
+                }
+
+                if (isOld) {
+                    it.remove();
+                } else {
+                    // Safe to break as items in the buffer are ordered.
+                    break;
+                }
+            }
+
+            // discard retransmissions of the previous flight if any.
+            precedingFlight = null;
+        }
+
+        // Is a desired record?
+        //
+        // Check for retransmission and lost records.
+        private boolean isDesirable(RecordFragment rf) {
+            //
+            // Discard records old than the previous epoch.
+            //
+            int previousEpoch = nextRecordEpoch - 1;
+            if (rf.recordEpoch < previousEpoch) {
+                // Too old to use, discard this record.
+                if (debug != null && Debug.isOn("verbose")) {
+                    Debug.log("Too old epoch to use this record, discard it.");
+                }
+
+                return false;
+            }
+
+            //
+            // Allow retransmission of last flight of the previous epoch
+            //
+            // For example, the last server delivered flight for session
+            // resuming abbreviated handshaking consist three messages:
+            //      ServerHello
+            //      [ChangeCipherSpec]
+            //      Finished
+            //
+            // The epoch number is incremented and the sequence number is reset
+            // if the ChangeCipherSpec is sent.
+            if (rf.recordEpoch == previousEpoch) {
+                boolean isDesired = true;
+                if (precedingFlight == null) {
+                    isDesired = false;
+                } else {
+                    if (rf instanceof HandshakeFragment) {
+                        HandshakeFragment hsf = (HandshakeFragment)rf;
+                        if (precedingFlight.minMessageSeq > hsf.messageSeq) {
+                            isDesired = false;
+                        }
+                    } else if (rf.contentType == Record.ct_change_cipher_spec) {
+                        // ChangeCipherSpec
+                        if (precedingFlight.flightEpoch != rf.recordEpoch) {
+                            isDesired = false;
+                        }
+                    } else {        // ciphertext
+                        if ((rf.recordEpoch < precedingFlight.maxRecordEpoch) ||
+                            (rf.recordEpoch == precedingFlight.maxRecordEpoch &&
+                                rf.recordSeq <= precedingFlight.maxRecordSeq)) {
+                            isDesired = false;
+                        }
+                    }
+                }
+
+                if (!isDesired) {
+                    // Too old to use, discard this retransmitted record
+                    if (debug != null && Debug.isOn("verbose")) {
+                        Debug.log("Too old retransmission to use, discard it.");
+                    }
+
+                    return false;
+                }
+            } else if ((rf.recordEpoch == nextRecordEpoch) &&
+                    (nextRecordSeq > rf.recordSeq)) {
+
+                // Previously disordered record for the current epoch.
+                //
+                // Should has been retransmitted. Discard this record.
+                if (debug != null && Debug.isOn("verbose")) {
+                    Debug.log("Lagging behind record (sequence), discard it.");
+                }
+
+                return false;
+            }
+
+            return true;
+        }
+
+        private boolean isEmpty() {
             return (bufferedFragments.isEmpty() ||
                     (!flightIsReady && !needToCheckFlight) ||
                     (needToCheckFlight && !flightIsReady()));
@@ -708,12 +978,9 @@
 
         Plaintext acquirePlaintext() {
             if (bufferedFragments.isEmpty()) {
-                // reset the flight
-                if (flightIsReady) {
-                    flightIsReady = false;
-                    needToCheckFlight = false;
+                if (debug != null && Debug.isOn("verbose")) {
+                    Debug.log("No received handshake messages");
                 }
<