*/
  @AndroidIncompatible // slow. TODO(cpovirk): Maybe just reduce iterations under Android.
  public void testExhaustive() throws Exception {
    Random random = new Random(0); // will iteratively make more debuggable, each time it breaks
    for (int totalInsertions = 0; totalInsertions < 200; totalInsertions++) {

      List<Sink> sinks = new ArrayList<>();
      for (int chunkSize = 4; chunkSize <= 32; chunkSize++) {

  /*
   * The following fields are package-private, even though we intend never to use them outside this
   * file. For discussion, see AbstractFutureState.
   */

  // Lazily initialized the first time we see an exception; not released until all the input futures
  // have completed and we have processed them all.
  volatile @Nullable Set<Throwable> seenExceptionsField = null;

  volatile int remainingField;

    ...
```

Python 會必須先比較完整的 `stanleyjobso`（在 `stanleyjobsox` 與 `stanleyjobson` 之中都一樣），才會發現兩個字串不同。因此回覆「Incorrect username or password」會多花一些微秒。

#### 回應時間幫了攻擊者 { #the-time-to-answer-helps-the-attackers }

此時，透過觀察伺服器回覆「Incorrect username or password」多花了幾個微秒，攻擊者就知道他們有某些地方猜對了，前幾個字母是正確的。

接著他們會再嘗試，知道它更可能接近 `stanleyjobsox` 而不是 `johndoe`。

#### 「專業」的攻擊 { #a-professional-attack }

pkg time, method (Time) Add(Duration) Time
pkg time, method (Time) AddDate(int, int, int) Time
pkg time, method (Time) After(Time) bool
pkg time, method (Time) Before(Time) bool
pkg time, method (Time) Clock() (int, int, int)
pkg time, method (Time) Date() (int, Month, int)
pkg time, method (Time) Day() int
pkg time, method (Time) Equal(Time) bool
pkg time, method (Time) Format(string) string

            }
        }
    }

    /**
     * Interrupts the thread and waits for it to terminate.
     *
     * @param timeoutMillis
     *            The time to wait (in milliseconds)
     * @return <code>true</code> if the thread has terminated
     * @throws InterruptedException
     *             If interrupted while waiting
     */

    /**
     * Sort order of the role type.
     */
    public String sortOrder;

    /**
     * The user who created the role type.
     */
    public String createdBy;

    /**
     * The time when the role type was created.
     */
    public String createdTime;

    /**
     * Version number of the role type.
     */
    public String versionNo;

    /**

    ...
```

Python은 두 문자열이 같지 않다는 것을 알아차리기 전까지 `stanleyjobsox`와 `stanleyjobson` 양쪽의 `stanleyjobso` 전체를 비교해야 합니다. 그래서 "Incorrect username or password"라고 응답하기까지 추가로 몇 마이크로초가 더 걸릴 것입니다.

#### 응답 시간은 공격자에게 도움이 됩니다 { #the-time-to-answer-helps-the-attackers }

이 시점에서 서버가 "Incorrect username or password" 응답을 보내는 데 몇 마이크로초 더 걸렸다는 것을 알아채면, 공격자들은 _무언가_ 맞았다는 것(초기 몇 글자가 맞았다는 것)을 알게 됩니다.

그리고 `johndoe`보다는 `stanleyjobsox`에 더 가까운 값을 시도해야 한다는 것을 알고 다시 시도할 수 있습니다.

    @Override
    public String toString() {
      return "Funnels.byteArrayFunnel()";
    }
  }

  /**
   * Returns a funnel that extracts the characters from a {@code CharSequence}, a character at a
   * time, without performing any encoding. If you need to use a specific encoding, use {@link
   * Funnels#stringFunnel(Charset)} instead.
   *
   * @since 15.0 (since 11.0 as {@code Funnels.stringFunnel()}.
   */

   * permits in a cool state, where X = rate * timeToCoolDown, and we have specified a
   * timeToWarmUp() period, it will cost as the prescribed amount of time. E.g., calling
   * [acquire(5), acquire(1)] takes exactly the same time as [acquire(2), acquire(3), acquire(1)].
   */
  public void testTimeToWarmUpIsHonouredEvenWithWeights() {
    Random random = new Random();
    int warmupPermits = 10;

   * permits in a cool state, where X = rate * timeToCoolDown, and we have specified a
   * timeToWarmUp() period, it will cost as the prescribed amount of time. E.g., calling
   * [acquire(5), acquire(1)] takes exactly the same time as [acquire(2), acquire(3), acquire(1)].
   */
  public void testTimeToWarmUpIsHonouredEvenWithWeights() {
    Random random = new Random();
    int warmupPermits = 10;