used to guard resources with limited capacity, so a semaphore released too many times is a sign of a bug. release() → None Increment the counter and wake one waiter. acquire(timeout: float | timedelta loaded in a Chrome tab. 6.9 Release notes 6.9.1 What’s new in Tornado 6.5.1 May 22, 2025 Bug fixes • Fixed a bug in multipart/form-data parsing that could incorrectly reject filenames containing characters Now an exception is raised at the first error, so there is only one log message per request. This fixes CVE-2025-47287. General Changes • Python 3.14 is now supported. Older versions of Tornado will work

used to guard resources with limited capacity, so a semaphore released too many times is a sign of a bug. release() → None [https://docs.python.org/3/library/constants.html#None] Increment the counter and 2010 What’s new in Tornado 1.0 July 22, 2010What’s new in Tornado 6.5.1 May 22, 2025 Bug fixes Fixed a bug in multipart/form-data parsing that could incorrectly reject filenames containing characters Now an exception is raised at the first error, so there is only one log message per request. This fixes CVE- 2025-47287 [https://github.com/tornadoweb/tornado/security/advisories/GHSA-7cx3-6m66-7c5m].

Techniques Copyright © 2021 Bob Steagall What are defects? • The most common view • A software defect (bug) is an error in a computer program causes it to produce incorrect or unexpected results, or exhibit Steagall Some Terminology • A non-conformity is a failure to meet one or more requirements • A defect (bug / error / problem) is incorrect program data (code, input, settings, dependencies, ...) that causes change as repair progresses • Fixing one defect may introduce new defects • Indicative of quick-fixes and/or messy design • Symptoms may be difficult to reproduce • Debugging the field is not always

construction Safe but rejected Opportunistic bug findingApproaches to safety Safe Unsafe Safe Unsafe Safe-by- construction Safe but rejected Opportunistic bug findingApproaches to safety Safe Unsafe Safe but rejected Opportunistic bug finding Unsafe but acceptedApproaches to safety Safe Unsafe Safe Unsafe Safe-by- construction Safe but rejected Opportunistic bug finding Unsafe but accepted rearchitecting • Can make code less malleable Opportunistic bug-finding • Applicable to all code • Easier to identify false positives • Small/localized fixes • Easier to roll out incrementallyCarbon Language

shared libs • Anyway, Linux tries hard. And improves even today: • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100593#c13 • (fix from 2023)Windows doesn’t even try 35 Resolution stub Real function ht shifted to a direct binding and non- interposition by default.” • https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100593#c13 • CPython got x1.3 faster by building with –fno-semantic-interposition • https://github rust) do too. • Could consider –no-plt too • Not always possible: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=100593#c13 39 Yes.*Symbol Visibility 40(static) import lib Symbol Visibility - Windows

deadline) printf("A: %d\n", ++counter); threadB.join(); 12 This minor change completely fixes the physical data race! Every access to an atomic implicitly synchronizes with every other access data race”: different valid executions will produce different outputs. That might be considered a bug, but it’s not UB.)“Logical synchronization” Problem statement: std::thread threadB = std::thread([&](){ return tokens_.size(); } 17 The code on this slide almost certainly has a thread-safety bug — a data race! Suppose thread A calls getToken() while thread B calls numTokensAvailable(). Thread

c++26 dra� ships June to Feb 2026– national body/iso review and bug fixing late 2026 –> final iso approval 2.1Priorities for c++26 bug fixes - always a high priority concurrency support std::execution (P2300) // ERROR str + std::string(view); // OK, but inefficient str + view.data(); // Compiles, but BUG! 1 2 3 4 5 6 7 41bitset is constructible from string but not string_view add a string_view constructor

LONG TASKS • Task that takes hours instead of minutes • Could be bad data, bad algorithm, or code bug • One method to deal with them: 1. Build the tasks once 2. Upload to the cache 3. Disable local processing to seconds Case by case examination and solution Could be data issue - algorithm issue - or code bug ▶ One way to deal with them - build the affected tasks once - disable local processing - download impacts runtime performance - in debug mostly - also in release ▶ Easiest fix - expand code manually Fixes compile time issue - no templates Function too big to be inlined by compiler - just like std::tie

Middleware, Compiler version, C++ version, ... ❖ What do we gain: ➢ New features, Security++, Bug fixes, Stability and optimizations, A safer C++ version, Enhanced tooling, Compliance and possibly being

experimental status, and adds a tremendous list of other improvements, performance enhancements, and bug fixes. Linkerd’s new traffic splitting feature allows users to dynamically control the percentage of