Updatify / Go lang | Release notes

Create your changelog

Go is a high-level, general-purpose programming language that is statically typed and compiled. It is known for the simplicity of its syntax and the efficiency of development that it enables through the inclusion of a large standard library supplying many needs for common projects.

Update Aug 2, 2022 tracked by Updatify

go1.19 (released 2022-08-02)

Introduction to Go 1.19

The latest Go release, version 1.19, arrives five months after Go 1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.

Changes to the language

There is only one small change to the language, a very small correction to the scope of type parameters in method declarations. Existing programs are unaffected.

Memory Model

The Go memory model has been revised to align Go with the memory model used by C, C++, Java, JavaScript, Rust, and Swift. Go only provides sequentially consistent atomics, not any of the more relaxed forms found in other languages. Along with the memory model update, Go 1.19 introduces new types in the sync/atomic package that make it easier to use atomic values, such as atomic.Int64 and atomic.Pointer[T].

Ports

LoongArch 64-bit

Go 1.19 adds support for the Loongson 64-bit architecture LoongArch on Linux ( GOOS=linux, GOARCH=loong64). The implemented ABI is LP64D. Minimum kernel version supported is 5.19.

Note that most existing commercial Linux distributions for LoongArch come with older kernels, with a historical incompatible system call ABI. Compiled binaries will not work on these systems, even if statically linked. Users on such unsupported systems are limited to the distribution-provided Go package.

RISC-V

The riscv64 port now supports passing function arguments and result using registers. Benchmarking shows typical performance improvements of 10% or more on riscv64.

Tools

Doc Comments

Go 1.19 adds support for links, lists, and clearer headings in doc comments. As part of this change, gofmt now reformats doc comments to make their rendered meaning clearer. See “ Go Doc Comments ” for syntax details and descriptions of common mistakes now highlighted by gofmt. As another part of this change, the new package go/doc/comment provides parsing and reformatting of doc comments as well as support for rendering them to HTML, Markdown, and text.

New unix build constraint

The build constraint unix is now recognized in //go:build lines. The constraint is satisfied if the target operating system, also known as GOOS, is a Unix or Unix-like system. For the 1.19 release it is satisfied if GOOS is one of aix, android, darwin, dragonfly, freebsd, hurd, illumos, ios, linux, netbsd, openbsd, or solaris. In future releases the unix constraint may match additional newly supported operating systems.

Go command

The -trimpath flag, if set, is now included in the build settings stamped into Go binaries by go build, and can be examined using go version -m or debug.ReadBuildInfo.

go generate now sets the GOROOT environment variable explicitly in the generator’s environment, so that generators can locate the correct GOROOT even if built with -trimpath.

go test and go generate now place GOROOT/bin at the beginning of the PATH used for the subprocess, so tests and generators that execute the go command will resolve it to same GOROOT.

go env now quotes entries that contain spaces in the CGO_CFLAGS, CGO_CPPFLAGS, CGO_CXXFLAGS, CGO_FFLAGS, CGO_LDFLAGS, and GOGCCFLAGS variables it reports.

go list -json now accepts a comma-separated list of JSON fields to populate. If a list is specified, the JSON output will include only those fields, and go list may avoid work to compute fields that are not included. In some cases, this may suppress errors that would otherwise be reported.

The go command now caches information necessary to load some modules, which should result in a speed-up of some go list invocations.

Vet

The vet checker “errorsas” now reports when errors.As is called with a second argument of type *error, a common mistake.

Runtime

The runtime now includes support for a soft memory limit. This memory limit includes the Go heap and all other memory managed by the runtime, and excludes external memory sources such as mappings of the binary itself, memory managed in other languages, and memory held by the operating system on behalf of the Go program. This limit may be managed via runtime/debug.SetMemoryLimit or the equivalent GOMEMLIMIT environment variable. The limit works in conjunction with runtime/debug.SetGCPercent / GOGC, and will be respected even if GOGC=off, allowing Go programs to always make maximal use of their memory limit, improving resource efficiency in some cases. See the GC guide for a detailed guide explaining the soft memory limit in more detail, as well as a variety of common use-cases and scenarios. Please note that small memory limits, on the order of tens of megabytes or less, are less likely to be respected due to external latency factors, such as OS scheduling. See issue 52433 for more details. Larger memory limits, on the order of hundreds of megabytes or more, are stable and production-ready.

In order to limit the effects of GC thrashing when the program’s live heap size approaches the soft memory limit, the Go runtime also attempts to limit total GC CPU utilization to 50%, excluding idle time, choosing to use more memory over preventing application progress. In practice, we expect this limit to only play a role in exceptional cases, and the new runtime metric /gc/limiter/last-enabled:gc-cycle reports when this last occurred.

The runtime now schedules many fewer GC worker goroutines on idle operating system threads when the application is idle enough to force a periodic GC cycle.

The runtime will now allocate initial goroutine stacks based on the historic average stack usage of goroutines. This avoids some of the early stack growth and copying needed in the average case in exchange for at most 2x wasted space on below-average goroutines.

On Unix operating systems, Go programs that import package os now automatically increase the open file limit ( RLIMIT_NOFILE) to the maximum allowed value; that is, they change the soft limit to match the hard limit. This corrects artificially low limits set on some systems for compatibility with very old C programs using the select system call. Go programs are not helped by that limit, and instead even simple programs like gofmt often ran out of file descriptors on such systems when processing many files in parallel. One impact of this change is that Go programs that in turn execute very old C programs in child processes may run those programs with too high a limit. This can be corrected by setting the hard limit before invoking the Go program.

Unrecoverable fatal errors (such as concurrent map writes, or unlock of unlocked mutexes) now print a simpler traceback excluding runtime metadata (equivalent to a fatal panic) unless GOTRACEBACK=system or crash. Runtime-internal fatal error tracebacks always include full metadata regardless of the value of GOTRACEBACK

Support for debugger-injected function calls has been added on ARM64, enabling users to call functions from their binary in an interactive debugging session when using a debugger that is updated to make use of this functionality.

The address sanitizer support added in Go 1.18 now handles function arguments and global variables more precisely.

Compiler

The compiler now uses a jump table to implement large integer and string switch statements. Performance improvements for the switch statement vary but can be on the order of 20% faster. ( GOARCH=amd64 and GOARCH=arm64 only)

The Go compiler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command and by Bazel. Any other build systems that invoke the Go compiler directly will need to make sure they pass this flag as well.

The Go compiler no longer accepts the -importmap flag. Build systems that invoke the Go compiler directly must use the -importcfg flag instead.

Assembler

Like the compiler, the assembler now requires the -p=importpath flag to build a linkable object file. This is already supplied by the go command. Any other build systems that invoke the Go assembler directly will need to make sure they pass this flag as well.

Linker

On ELF platforms, the linker now emits compressed DWARF sections in the standard gABI format ( SHF_COMPRESSED), instead of the legacy .zdebug format.

Standard library

New atomic types

The sync/atomic package defines new atomic types Bool, Int32, Int64, Uint32, Uint64, Uintptr, and Pointer. These types hide the underlying values so that all accesses are forced to use the atomic APIs. Pointer also avoids the need to convert to unsafe.Pointer at call sites. Int64 and Uint64 are automatically aligned to 64-bit boundaries in structs and allocated data, even on 32-bit systems.

PATH lookups

Command and LookPath no longer allow results from a PATH search to be found relative to the current directory. This removes a common source of security problems but may also break existing programs that depend on using, say, exec.Command("prog") to run a binary named prog (or, on Windows, prog.exe) in the current directory. See the os/exec package documentation for information about how best to update such programs.

On Windows, Command and LookPath now respect the NoDefaultCurrentDirectoryInExePath environment variable, making it possible to disable the default implicit search of “ . ” in PATH lookups on Windows systems.

Minor changes to the library

As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here.

archive/zip

Reader now ignores non-ZIP data at the start of a ZIP file, matching most other implementations. This is necessary to read some Java JAR files, among other uses.

crypto/elliptic

Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or by a Curve method operating on a valid point) has always been undefined behavior and can lead to key recovery attacks. If an invalid point is supplied to Marshal, MarshalCompressed, Add, Double, or ScalarMult, they will now panic.

ScalarBaseMult operations on the P224, P384, and P521 curves are now up to three times faster, leading to similar speedups in some ECDSA operations. The generic (not platform optimized) P256 implementation was replaced with one derived from a formally verified model; this might lead to significant slowdowns on 32-bit platforms.

crypto/rand

Read no longer buffers random data obtained from the operating system between calls. Applications that perform many small reads at high frequency might choose to wrap Reader in a bufio.Reader for performance reasons, taking care to use io.ReadFull to ensure no partial reads occur.

On Plan 9, Read has been reimplemented, replacing the ANSI X9.31 algorithm with a fast key erasure generator.

The Prime implementation was changed to use only rejection sampling, which removes a bias when generating small primes in non-cryptographic contexts, removes one possible minor timing leak, and better aligns the behavior with BoringSSL, all while simplifying the implementation. The change does produce different outputs for a given random source stream compared to the previous implementation, which can break tests written expecting specific results from specific deterministic random sources. To help prevent such problems in the future, the implementation is now intentionally non-deterministic with respect to the input stream.

crypto/tls

The GODEBUG option tls10default=1 has been removed. It is still possible to enable TLS 1.0 client-side by setting Config.MinVersion.

The TLS server and client now reject duplicate extensions in TLS handshakes, as required by RFC 5246, Section 7.4.1.4 and RFC 8446, Section 4.2.

crypto/x509

CreateCertificate no longer supports creating certificates with SignatureAlgorithm set to MD5WithRSA.

CreateCertificate no longer accepts negative serial numbers.

CreateCertificate will not emit an empty SEQUENCE anymore when the produced certificate has no extensions.

Removal of the GODEBUG option x509sha1=1, originally planned for Go 1.19, has been rescheduled to a future release. Applications using it should work on migrating. Practical attacks against SHA-1 have been demonstrated since 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

ParseCertificate and ParseCertificateRequest now reject certificates and CSRs which contain duplicate extensions.

The new CertPool.Clone and CertPool.Equal methods allow cloning a CertPool and checking the equivalence of two CertPool s respectively.

The new function ParseRevocationList provides a faster, safer to use CRL parser which returns a RevocationList. Parsing a CRL also populates the new RevocationList fields RawIssuer, Signature, AuthorityKeyId, and Extensions, which are ignored by CreateRevocationList.

The new method RevocationList.CheckSignatureFrom checks that the signature on a CRL is a valid signature from a Certificate.

The ParseCRL and ParseDERCRL functions are now deprecated in favor of ParseRevocationList. The Certificate.CheckCRLSignature method is deprecated in favor of RevocationList.CheckSignatureFrom.

The path builder of Certificate.Verify was overhauled and should now produce better chains and/or be more efficient in complicated scenarios. Name constraints are now also enforced on non-leaf certificates.

crypto/x509/pkix

The types CertificateList and TBSCertificateList have been deprecated. The new crypto/x509 CRL functionality should be used instead.

debug/elf

The new EM_LOONGARCH and R_LARCH_* constants support the loong64 port.

debug/pe

The new File.COFFSymbolReadSectionDefAux method, which returns a COFFSymbolAuxFormat5, provides access to COMDAT information in PE file sections. These are supported by new IMAGE_COMDAT_* and IMAGE_SCN_* constants.

encoding/binary

The new interface AppendByteOrder provides efficient methods for appending a uint16, uint32, or uint64 to a byte slice. BigEndian and LittleEndian now implement this interface.

Similarly, the new functions AppendUvarint and AppendVarint are efficient appending versions of PutUvarint and PutVarint.

encoding/csv

The new method Reader.InputOffset reports the reader’s current input position as a byte offset, analogous to encoding/json ’s Decoder.InputOffset.

encoding/xml

The new method Decoder.InputPos reports the reader’s current input position as a line and column, analogous to encoding/csv ’s Decoder.FieldPos.

flag

The new function TextVar defines a flag with a value implementing encoding.TextUnmarshaler, allowing command-line flag variables to have types such as big.Int, netip.Addr, and time.Time.

fmt

The new functions Append, Appendf, and Appendln append formatted data to byte slices.

go/parser

The parser now recognizes ~x as a unary expression with operator token.TILDE, allowing better error recovery when a type constraint such as ~int is used in an incorrect context.

go/types

The new methods Func.Origin and Var.Origin return the corresponding Object of the generic type for synthetic Func and Var objects created during type instantiation.

It is no longer possible to produce an infinite number of distinct-but-identical Named type instantiations via recursive calls to Named.Underlying or Named.Method.

hash/maphash

The new functions Bytes and String provide an efficient way hash a single byte slice or string. They are equivalent to using the more general Hash with a single write, but they avoid setup overhead for small inputs.

html/template

The type FuncMap is now an alias for text/template ’s FuncMap instead of its own named type. This allows writing code that operates on a FuncMap from either setting.

Go 1.19.8 and later disallow actions in ECMAScript 6 template literals. This behavior can be reverted by the GODEBUG=jstmpllitinterp=1 setting.

image/draw

Draw with the Src operator preserves non-premultiplied-alpha colors when destination and source images are both image.NRGBA or both image.NRGBA64. This reverts a behavior change accidentally introduced by a Go 1.18 library optimization; the code now matches the behavior in Go 1.17 and earlier.

io

NopCloser ’s result now implements WriterTo whenever its input does.

MultiReader ’s result now implements WriterTo unconditionally. If any underlying reader does not implement WriterTo, it is simulated appropriately.

mime

On Windows only, the mime package now ignores a registry entry recording that the extension .js should have MIME type text/plain. This is a common unintentional misconfiguration on Windows systems. The effect is that .js will have the default MIME type text/javascript; charset=utf-8. Applications that expect text/plain on Windows must now explicitly call AddExtensionType.

mime/multipart

In Go 1.19.8 and later, this package sets limits the size of the MIME data it processes to protect against malicious inputs. Reader.NextPart and Reader.NextRawPart limit the number of headers in a part to 10000 and Reader.ReadForm limits the total number of headers in all FileHeaders to 10000. These limits may be adjusted with the GODEBUG=multipartmaxheaders setting. Reader.ReadForm further limits the number of parts in a form to 1000. This limit may be adjusted with the GODEBUG=multipartmaxparts setting.

net

The pure Go resolver will now use EDNS(0) to include a suggested maximum reply packet length, permitting reply packets to contain up to 1232 bytes (the previous maximum was 512). In the unlikely event that this causes problems with a local DNS resolver, setting the environment variable GODEBUG=netdns=cgo to use the cgo-based resolver should work. Please report any such problems on the issue tracker.

When a net package function or method returns an “I/O timeout” error, the error will now satisfy errors.Is(err, context.DeadlineExceeded). When a net package function returns an “operation was canceled” error, the error will now satisfy errors.Is(err, context.Canceled). These changes are intended to make it easier for code to test for cases in which a context cancellation or timeout causes a net package function or method to return an error, while preserving backward compatibility for error messages.

Resolver.PreferGo is now implemented on Windows and Plan 9. It previously only worked on Unix platforms. Combined with Dialer.Resolver and Resolver.Dial, it’s now possible to write portable programs and be in control of all DNS name lookups when dialing.

The net package now has initial support for the netgo build tag on Windows. When used, the package uses the Go DNS client (as used by Resolver.PreferGo) instead of asking Windows for DNS results. The upstream DNS server it discovers from Windows may not yet be correct with complex system network configurations, however.

net/http

ResponseWriter.WriteHeader now supports sending user-defined 1xx informational headers.

The io.ReadCloser returned by MaxBytesReader will now return the defined error type MaxBytesError when its read limit is exceeded.

The HTTP client will handle a 3xx response without a Location header by returning it to the caller, rather than treating it as an error.

net/url

The new JoinPath function and URL.JoinPath method create a new URL by joining a list of path elements.

The URL type now distinguishes between URLs with no authority and URLs with an empty authority. For example, http:///path has an empty authority (host), while http:/path has none.

The new URL field OmitHost is set to true when a URL has an empty authority.

os/exec

A Cmd with a non-empty Dir field and nil Env now implicitly sets the PWD environment variable for the subprocess to match Dir.

The new method Cmd.Environ reports the environment that would be used to run the command, including the implicitly set PWD variable.

reflect

The method Value.Bytes now accepts addressable arrays in addition to slices.

The methods Value.Len and Value.Cap now successfully operate on a pointer to an array and return the length of that array, to match what the builtin len and cap functions do.

regexp/syntax

Go 1.18 release candidate 1, Go 1.17.8, and Go 1.16.15 included a security fix to the regular expression parser, making it reject very deeply nested expressions. Because Go patch releases do not introduce new API, the parser returned syntax.ErrInternalError in this case. Go 1.19 adds a more specific error, syntax.ErrNestingDepth, which the parser now returns instead.

runtime

The GOROOT function now returns the empty string (instead of "go") when the binary was built with the -trimpath flag set and the GOROOT variable is not set in the process environment.

runtime/metrics

The new /sched/gomaxprocs:threads metric reports the current runtime.GOMAXPROCS value.

The new /cgo/go-to-c-calls:calls metric reports the total number of calls made from Go to C. This metric is identical to the runtime.NumCgoCall function.

The new /gc/limiter/last-enabled:gc-cycle metric reports the last GC cycle when the GC CPU limiter was enabled. See the runtime notes for details about the GC CPU limiter.

runtime/pprof

Stop-the-world pause times have been significantly reduced when collecting goroutine profiles, reducing the overall latency impact to the application.

MaxRSS is now reported in heap profiles for all Unix operating systems (it was previously only reported for GOOS=android, darwin, ios, and linux).

runtime/race

The race detector has been upgraded to use thread sanitizer version v3 on all supported platforms except windows/amd64 and openbsd/amd64, which remain on v2. Compared to v2, it is now typically 1.5x to 2x faster, uses half as much memory, and it supports an unlimited number of goroutines. On Linux, the race detector now requires at least glibc version 2.17 and GNU binutils 2.26.

The race detector is now supported on GOARCH=s390x.

Race detector support for openbsd/amd64 has been removed from thread sanitizer upstream, so it is unlikely to ever be updated from v2.

runtime/trace

When tracing and the CPU profiler are enabled simultaneously, the execution trace includes CPU profile samples as instantaneous events.

sort

The sorting algorithm has been rewritten to use pattern-defeating quicksort, which is faster for several common scenarios.

The new function Find is like Search but often easier to use: it returns an additional boolean reporting whether an equal value was found.

strconv

Quote and related functions now quote the rune U+007F as \x7f, not \u007f, for consistency with other ASCII values.

syscall

On PowerPC ( GOARCH=ppc64, ppc64le), Syscall, Syscall6, RawSyscall, and RawSyscall6 now always return 0 for return value r2 instead of an undefined value.

On AIX and Solaris, Getrusage is now defined.

time

The new method Duration.Abs provides a convenient and safe way to take the absolute value of a duration, converting −2⁶³ to 2⁶³−1. (This boundary case can happen as the result of subtracting a recent time from the zero time.)

The new method Time.ZoneBounds returns the start and end times of the time zone in effect at a given time. It can be used in a loop to enumerate all the known time zone transitions at a given location.

Update Jul 12, 2022 tracked by Updatify

go1.18.4 (released 2022-07-12)

go1.18.4 (released 2022-07-12) includes security fixes to the compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the linker, the runtime, and the runtime/metrics package. See the Go 1.18.4 milestone on our issue tracker for details.

Update Jul 12, 2022 tracked by Updatify

go1.17.12 (released 2022-07-12)

go1.17.12 (released 2022-07-12) includes security fixes to the compress/gzip, encoding/gob, encoding/xml, go/parser, io/fs, net/http, and path/filepath packages, as well as bug fixes to the compiler, the go command, the runtime, and the runtime/metrics package. See the Go 1.17.12 milestone on our issue tracker for details.

Update Apr 12, 2022 tracked by Updatify

go1.18.1 (released 2022-04-12)

go1.18.1 (released 2022-04-12) includes security fixes to the crypto/elliptic, crypto/x509, and encoding/pem packages, as well as bug fixes to the compiler, linker, runtime, the go command, vet, and the bytes, crypto/x509, and go/types packages. See the Go 1.18.1 milestone on our issue tracker for details.

Update Mar 15, 2022 tracked by Updatify

go1.18 (released 2022-03-15)

Introduction to Go 1.18

The latest Go release, version 1.18, is a significant release, including changes to the language, implementation of the toolchain, runtime, and libraries. Go 1.18 arrives seven months after Go 1.17. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.

Changes to the language

Generics

Go 1.18 includes an implementation of generic features as described by the Type Parameters Proposal. This includes major - but fully backward-compatible - changes to the language.

These new language changes required a large amount of new code that has not had significant testing in production settings. That will only happen as more people write and use generic code. We believe that this feature is well implemented and high quality. However, unlike most aspects of Go, we can’t back up that belief with real world experience. Therefore, while we encourage the use of generics where it makes sense, please use appropriate caution when deploying generic code in production.

While we believe that the new language features are well designed and clearly specified, it is possible that we have made mistakes. We want to stress that the Go 1 compatibility guarantee says “If it becomes necessary to address an inconsistency or incompleteness in the specification, resolving the issue could affect the meaning or legality of existing programs. We reserve the right to address such issues, including updating the implementations.” It also says “If a compiler or library has a bug that violates the specification, a program that depends on the buggy behavior may break if the bug is fixed. We reserve the right to fix such bugs.” In other words, it is possible that there will be code using generics that will work with the 1.18 release but break in later releases. We do not plan or expect to make any such change. However, breaking 1.18 programs in future releases may become necessary for reasons that we cannot today foresee. We will minimize any such breakage as much as possible, but we can’t guarantee that the breakage will be zero.

The following is a list of the most visible changes. For a more comprehensive overview, see the proposal. For details see the language spec.

  • The syntax for function and type declarations now accepts type parameters.
  • Parameterized functions and types can be instantiated by following them with a list of type arguments in square brackets.
  • The new token ~ has been added to the set of operators and punctuation.
  • The syntax for Interface types now permits the embedding of arbitrary types (not just type names of interfaces) as well as union and ~T type elements. Such interfaces may only be used as type constraints. An interface now defines a set of types as well as a set of methods.
  • The new predeclared identifier any is an alias for the empty interface. It may be used instead of interface{}.
  • The new predeclared identifier comparable is an interface that denotes the set of all types which can be compared using == or !=. It may only be used as (or embedded in) a type constraint.

There are three experimental packages using generics that may be useful. These packages are in x/exp repository; their API is not covered by the Go 1 guarantee and may change as we gain more experience with generics.

golang.org/x/exp/constraints

Constraints that are useful for generic code, such as constraints.Ordered.

golang.org/x/exp/slices

A collection of generic functions that operate on slices of any element type.

golang.org/x/exp/maps

A collection of generic functions that operate on maps of any key or element type.

The current generics implementation has the following known limitations:

  • The Go compiler cannot handle type declarations inside generic functions or methods. We hope to provide support for this feature in a future release.
  • The Go compiler does not accept arguments of type parameter type with the predeclared functions real, imag, and complex. We hope to remove this restriction in a future release.
  • The Go compiler only supports calling a method m on a value x of type parameter type P if m is explicitly declared by P ’s constraint interface. Similarly, method values x.m and method expressions P.m also are only supported if m is explicitly declared by P, even though m might be in the method set of P by virtue of the fact that all types in P implement m. We hope to remove this restriction in a future release.
  • The Go compiler does not support accessing a struct field x.f where x is of type parameter type even if all types in the type parameter’s type set have a field f. We may remove this restriction in a future release.
  • Embedding a type parameter, or a pointer to a type parameter, as an unnamed field in a struct type is not permitted. Similarly, embedding a type parameter in an interface type is not permitted. Whether these will ever be permitted is unclear at present.
  • A union element with more than one term may not contain an interface type with a non-empty method set. Whether this will ever be permitted is unclear at present.

Generics also represent a large change for the Go ecosystem. While we have updated several core tools with generics support, there is much more to do. It will take time for remaining tools, documentation, and libraries to catch up with these language changes.

Bug fixes

The Go 1.18 compiler now correctly reports declared but not used errors for variables that are set inside a function literal but are never used. Before Go 1.18, the compiler did not report an error in such cases. This fixes long-outstanding compiler issue #8560. As a result of this change, (possibly incorrect) programs may not compile anymore. The necessary fix is straightforward: fix the program if it was in fact incorrect, or use the offending variable, for instance by assigning it to the blank identifier _. Since go vet always pointed out this error, the number of affected programs is likely very small.

The Go 1.18 compiler now reports an overflow when passing a rune constant expression such as '1' << 32 as an argument to the predeclared functions print and println, consistent with the behavior of user-defined functions. Before Go 1.18, the compiler did not report an error in such cases but silently accepted such constant arguments if they fit into an int64. As a result of this change, (possibly incorrect) programs may not compile anymore. The necessary fix is straightforward: fix the program if it was in fact incorrect, or explicitly convert the offending argument to the correct type. Since go vet always pointed out this error, the number of affected programs is likely very small.

Ports

AMD64

Go 1.18 introduces the new GOAMD64 environment variable, which selects at compile time a minimum target version of the AMD64 architecture. Allowed values are v1, v2, v3, or v4. Each higher level requires, and takes advantage of, additional processor features. A detailed description can be found here.

The GOAMD64 environment variable defaults to v1.

RISC-V

The 64-bit RISC-V architecture on Linux (the linux/riscv64 port) now supports the c-archive and c-shared build modes.

Linux

Go 1.18 requires Linux kernel version 2.6.32 or later.

Windows

The windows/arm and windows/arm64 ports now support non-cooperative preemption, bringing that capability to all four Windows ports, which should hopefully address subtle bugs encountered when calling into Win32 functions that block for extended periods of time.

iOS

On iOS (the ios/arm64 port) and iOS simulator running on AMD64-based macOS (the ios/amd64 port), Go 1.18 now requires iOS 12 or later; support for previous versions has been discontinued.

FreeBSD

Go 1.18 is the last release that is supported on FreeBSD 11.x, which has already reached end-of-life. Go 1.19 will require FreeBSD 12.2+ or FreeBSD 13.0+. FreeBSD 13.0+ will require a kernel with the COMPAT_FREEBSD12 option set (this is the default).

Tools

Fuzzing

Go 1.18 includes an implementation of fuzzing as described by the fuzzing proposal.

See the fuzzing landing page to get started.

Please be aware that fuzzing can consume a lot of memory and may impact your machine’s performance while it runs. Also be aware that the fuzzing engine writes values that expand test coverage to a fuzz cache directory within $GOCACHE/fuzz while it runs. There is currently no limit to the number of files or total bytes that may be written to the fuzz cache, so it may occupy a large amount of storage (possibly several GBs).

Go command

go get

go get no longer builds or installs packages in module-aware mode. go get is now dedicated to adjusting dependencies in go.mod. Effectively, the -d flag is always enabled. To install the latest version of an executable outside the context of the current module, use go install example.com/cmd@latest. Any version query may be used instead of latest. This form of go install was added in Go 1.16, so projects supporting older versions may need to provide install instructions for both go install and go get. go get now reports an error when used outside a module, since there is no go.mod file to update. In GOPATH mode (with GO111MODULE=off), go get still builds and installs packages, as before.

Automatic go.mod and go.sum updates

The go mod graph, go mod vendor, go mod verify, and go mod why subcommands no longer automatically update the go.mod and go.sum files. (Those files can be updated explicitly using go get, go mod tidy, or go mod download.)

go version

The go command now embeds version control information in binaries. It includes the currently checked-out revision, commit time, and a flag indicating whether edited or untracked files are present. Version control information is embedded if the go command is invoked in a directory within a Git, Mercurial, Fossil, or Bazaar repository, and the main package and its containing main module are in the same repository. This information may be omitted using the flag -buildvcs=false.

Additionally, the go command embeds information about the build, including build and tool tags (set with -tags), compiler, assembler, and linker flags (like -gcflags), whether cgo was enabled, and if it was, the values of the cgo environment variables (like CGO_CFLAGS). Both VCS and build information may be read together with module information using go version -m file or runtime/debug.ReadBuildInfo (for the currently running binary) or the new debug/buildinfo package.

The underlying data format of the embedded build information can change with new go releases, so an older version of go may not handle the build information produced with a newer version of go. To read the version information from a binary built with go 1.18, use the go version command and the debug/buildinfo package from go 1.18+.

go mod download

If the main module’s go.mod file specifies go 1.17 or higher, go mod download without arguments now downloads source code for only the modules explicitly required in the main module’s go.mod file. (In a go 1.17 or higher module, that set already includes all dependencies needed to build the packages and tests in the main module.) To also download source code for transitive dependencies, use go mod download all.

go mod vendor

The go mod vendor subcommand now supports a -o flag to set the output directory. (Other go commands still read from the vendor directory at the module root when loading packages with -mod=vendor, so the main use for this flag is for third-party tools that need to collect package source code.)

go mod tidy

The go mod tidy command now retains additional checksums in the go.sum file for modules whose source code is needed to verify that each imported package is provided by only one module in the build list. Because this condition is rare and failure to apply it results in a build error, this change is not conditioned on the go version in the main module’s go.mod file.

go work

The go command now supports a “Workspace” mode. If a go.work file is found in the working directory or a parent directory, or one is specified using the GOWORK environment variable, it will put the go command into workspace mode. In workspace mode, the go.work file will be used to determine the set of main modules used as the roots for module resolution, instead of using the normally-found go.mod file to specify the single main module. For more information see the go work documentation.

go build -asan

The go build command and related commands now support an -asan flag that enables interoperation with C (or C++) code compiled with the address sanitizer (C compiler option -fsanitize=address).

go test

The go command now supports additional command line options for the new fuzzing support described above:

  • go test supports -fuzz, -fuzztime, and -fuzzminimizetime options. For documentation on these see go help testflag.
  • go clean supports a -fuzzcache option. For documentation see go help clean.

//go:build lines

Go 1.17 introduced //go:build lines as a more readable way to write build constraints, instead of // +build lines. As of Go 1.17, gofmt adds //go:build lines to match existing +build lines and keeps them in sync, while go vet diagnoses when they are out of sync.

Since the release of Go 1.18 marks the end of support for Go 1.16, all supported versions of Go now understand //go:build lines. In Go 1.18, go fix now removes the now-obsolete // +build lines in modules declaring go 1.18 or later in their go.mod files.

For more information, see go.dev/design/draft-gobuild.

Gofmt

gofmt now reads and formats input files concurrently, with a memory limit proportional to GOMAXPROCS. On a machine with multiple CPUs, gofmt should now be significantly faster.

Vet

Updates for Generics

The vet tool is updated to support generic code. In most cases, it reports an error in generic code whenever it would report an error in the equivalent non-generic code after substituting for type parameters with a type from their type set. For example, vet reports a format error in

func Print[T ~int|~string](t T) {
    fmt.Printf("%d", t)
}

because it would report a format error in the non-generic equivalent of Print[string]:

func PrintString(x string) {
    fmt.Printf("%d", x)
}

Precision improvements for existing checkers

The cmd/vet checkers copylock, printf, sortslice, testinggoroutine, and tests have all had moderate precision improvements to handle additional code patterns. This may lead to newly reported errors in existing packages. For example, the printf checker now tracks formatting strings created by concatenating string constants. So vet will report an error in:

  // fmt.Printf formatting directive %d is being passed to Println.
  fmt.Println("%d"+` ≡ x (mod 2)`+"\n", x%2)

Runtime

The garbage collector now includes non-heap sources of garbage collector work (e.g., stack scanning) when determining how frequently to run. As a result, garbage collector overhead is more predictable when these sources are significant. For most applications these changes will be negligible; however, some Go applications may now use less memory and spend more time on garbage collection, or vice versa, than before. The intended workaround is to tweak GOGC where necessary.

The runtime now returns memory to the operating system more efficiently and has been tuned to work more aggressively as a result.

Go 1.17 generally improved the formatting of arguments in stack traces, but could print inaccurate values for arguments passed in registers. This is improved in Go 1.18 by printing a question mark ( ?) after each value that may be inaccurate.

The built-in function append now uses a slightly different formula when deciding how much to grow a slice when it must allocate a new underlying array. The new formula is less prone to sudden transitions in allocation behavior.

Compiler

Go 1.17 implemented a new way of passing function arguments and results using registers instead of the stack on 64-bit x86 architecture on selected operating systems. Go 1.18 expands the supported platforms to include 64-bit ARM ( GOARCH=arm64), big- and little-endian 64-bit PowerPC ( GOARCH=ppc64, ppc64le), as well as 64-bit x86 architecture ( GOARCH=amd64) on all operating systems. On 64-bit ARM and 64-bit PowerPC systems, benchmarking shows typical performance improvements of 10% or more.

As mentioned in the Go 1.17 release notes, this change does not affect the functionality of any safe Go code and is designed to have no impact on most assembly code. See the Go 1.17 release notes for more details.

The compiler now can inline functions that contain range loops or labeled for loops.

The new -asan compiler option supports the new go command -asan option.

Because the compiler’s type checker was replaced in its entirety to support generics, some error messages now may use different wording than before. In some cases, pre-Go 1.18 error messages provided more detail or were phrased in a more helpful way. We intend to address these cases in Go 1.19.

Because of changes in the compiler related to supporting generics, the Go 1.18 compile speed can be roughly 15% slower than the Go 1.17 compile speed. The execution time of the compiled code is not affected. We intend to improve the speed of the compiler in future releases.

Linker

The linker emits far fewer relocations. As a result, most codebases will link faster, require less memory to link, and generate smaller binaries. Tools that process Go binaries should use Go 1.18’s debug/gosym package to transparently handle both old and new binaries.

The new -asan linker option supports the new go command -asan option.

Bootstrap

When building a Go release from source and GOROOT_BOOTSTRAP is not set, previous versions of Go looked for a Go 1.4 or later bootstrap toolchain in the directory $HOME/go1.4 ( %HOMEDRIVE%%HOMEPATH%\go1.4 on Windows). Go now looks first for $HOME/go1.17 or $HOME/sdk/go1.17 before falling back to $HOME/go1.4. We intend for Go 1.19 to require Go 1.17 or later for bootstrap, and this change should make the transition smoother. For more details, see go.dev/issue/44505.

Standard library

New debug/buildinfo package

The new debug/buildinfo package provides access to module versions, version control information, and build flags embedded in executable files built by the go command. The same information is also available via runtime/debug.ReadBuildInfo for the currently running binary and via go version -m on the command line.

New net/netip package

The new net/netip package defines a new IP address type, Addr. Compared to the existing net.IP type, the netip.Addr type takes less memory, is immutable, and is comparable so it supports == and can be used as a map key.

In addition to Addr, the package defines AddrPort, representing an IP and port, and Prefix, representing a network CIDR prefix.

The package also defines several functions to create and examine these new types: AddrFrom4, AddrFrom16, AddrFromSlice, AddrPortFrom, IPv4Unspecified, IPv6LinkLocalAllNodes, IPv6Unspecified, MustParseAddr, MustParseAddrPort, MustParsePrefix, ParseAddr, ParseAddrPort, ParsePrefix, PrefixFrom.

The net package includes new methods that parallel existing methods, but return netip.AddrPort instead of the heavier-weight net.IP or *net.UDPAddr types: Resolver.LookupNetIP, UDPConn.ReadFromUDPAddrPort, UDPConn.ReadMsgUDPAddrPort, UDPConn.WriteToUDPAddrPort, UDPConn.WriteMsgUDPAddrPort. The new UDPConn methods support allocation-free I/O.

The net package also now includes functions and methods to convert between the existing TCPAddr / UDPAddr types and netip.AddrPort: TCPAddrFromAddrPort, UDPAddrFromAddrPort, TCPAddr.AddrPort, UDPAddr.AddrPort.

TLS 1.0 and 1.1 disabled by default client-side

If Config.MinVersion is not set, it now defaults to TLS 1.2 for client connections. Any safely up-to-date server is expected to support TLS 1.2, and browsers have required it since 2020. TLS 1.0 and 1.1 are still supported by setting Config.MinVersion to VersionTLS10. The server-side default is unchanged at TLS 1.0.

The default can be temporarily reverted to TLS 1.0 by setting the GODEBUG=tls10default=1 environment variable. This option will be removed in Go 1.19.

Rejecting SHA-1 certificates

crypto/x509 will now reject certificates signed with the SHA-1 hash function. This doesn’t apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated since 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

This can be temporarily reverted by setting the GODEBUG=x509sha1=1 environment variable. This option will be removed in a future release.

Minor changes to the library

As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind.

bufio

The new Writer.AvailableBuffer method returns an empty buffer with a possibly non-empty capacity for use with append-like APIs. After appending, the buffer can be provided to a succeeding Write call and possibly avoid any copying.

The Reader.Reset and Writer.Reset methods now use the default buffer size when called on objects with a nil buffer.

bytes

The new Cut function slices a []byte around a separator. It can replace and simplify many common uses of Index, IndexByte, IndexRune, and SplitN.

Trim, TrimLeft, and TrimRight are now allocation free and, especially for small ASCII cutsets, up to 10 times faster.

The Title function is now deprecated. It doesn’t handle Unicode punctuation and language-specific capitalization rules, and is superseded by the golang.org/x/text/cases package.

crypto/elliptic

The P224, P384, and P521 curve implementations are now all backed by code generated by the addchain and fiat-crypto projects, the latter of which is based on a formally-verified model of the arithmetic operations. They now use safer complete formulas and internal APIs. P-224 and P-384 are now approximately four times faster. All specific curve implementations are now constant-time.

Operating on invalid curve points (those for which the IsOnCurve method returns false, and which are never returned by Unmarshal or a Curve method operating on a valid point) has always been undefined behavior, can lead to key recovery attacks, and is now unsupported by the new backend. If an invalid point is supplied to a P224, P384, or P521 method, that method will now return a random point. The behavior might change to an explicit panic in a future release.

crypto/tls

The new Conn.NetConn method allows access to the underlying net.Conn.

crypto/x509

Certificate.Verify now uses platform APIs to verify certificate validity on macOS and iOS when it is called with a nil VerifyOpts.Roots or when using the root pool returned from SystemCertPool.

SystemCertPool is now available on Windows.

On Windows, macOS, and iOS, when a CertPool returned by SystemCertPool has additional certificates added to it, Certificate.Verify will do two verifications: one using the platform verifier APIs and the system roots, and one using the Go verifier and the additional roots. Chains returned by the platform verifier APIs will be prioritized.

CertPool.Subjects is deprecated. On Windows, macOS, and iOS the CertPool returned by SystemCertPool will return a pool which does not include system roots in the slice returned by Subjects, as a static list can’t appropriately represent the platform policies and might not be available at all from the platform APIs.

Support for signing certificates using signature algorithms that depend on the MD5 hash ( MD5WithRSA) may be removed in Go 1.19.

debug/dwarf

The StructField and BasicType structs both now have a DataBitOffset field, which holds the value of the DW_AT_data_bit_offset attribute if present.

debug/elf

The R_PPC64_RELATIVE constant has been added.

debug/plan9obj

The File.Symbols method now returns the new exported error value ErrNoSymbols if the file has no symbol section.

embed

A go:embed directive may now start with all: to include files whose names start with dot or underscore.

go/ast

Per the proposal Additions to go/ast and go/token to support parameterized functions and types the following additions are made to the go/ast package:

  • the FuncType and TypeSpec nodes have a new field TypeParams to hold type parameters, if any.
  • The new expression node IndexListExpr represents index expressions with multiple indices, used for function and type instantiations with more than one explicit type argument.

go/constant

The new Kind.String method returns a human-readable name for the receiver kind.

go/token

The new constant TILDE represents the ~ token per the proposal Additions to go/ast and go/token to support parameterized functions and types.

go/types

The new Config.GoVersion field sets the accepted Go language version.

Per the proposal Additions to go/types to support type parameters the following additions are made to the go/types package:

The predicates AssignableTo, ConvertibleTo, Implements, Identical, IdenticalIgnoreTags, and AssertableTo now also work with arguments that are or contain generalized interfaces, i.e. interfaces that may only be used as type constraints in Go code. Note that the behavior of AssignableTo, ConvertibleTo, Implements, and AssertableTo is undefined with arguments that are uninstantiated generic types, and AssertableTo is undefined if the first argument is a generalized interface.

html/template

Within a range pipeline the new {{break}} command will end the loop early and the new {{continue}} command will immediately start the next loop iteration.

The and function no longer always evaluates all arguments; it stops evaluating arguments after the first argument that evaluates to false. Similarly, the or function now stops evaluating arguments after the first argument that evaluates to true. This makes a difference if any of the arguments is a function call.

image/draw

The Draw and DrawMask fallback implementations (used when the arguments are not the most common image types) are now faster when those arguments implement the optional draw.RGBA64Image and image.RGBA64Image interfaces that were added in Go 1.17.

net

net.Error.Temporary has been deprecated.

net/http

On WebAssembly targets, the Dial, DialContext, DialTLS and DialTLSContext method fields in Transport will now be correctly used, if specified, for making HTTP requests.

The new Cookie.Valid method reports whether the cookie is valid.

The new MaxBytesHandler function creates a Handler that wraps its ResponseWriter and Request.Body with a MaxBytesReader.

When looking up a domain name containing non-ASCII characters, the Unicode-to-ASCII conversion is now done in accordance with Nontransitional Processing as defined in the Unicode IDNA Compatibility Processing standard (UTS #46). The interpretation of four distinct runes are changed: ß, ς, zero-width joiner U+200D, and zero-width non-joiner U+200C. Nontransitional Processing is consistent with most applications and web browsers.

os/user

User.GroupIds now uses a Go native implementation when cgo is not available.

reflect

The new Value.SetIterKey and Value.SetIterValue methods set a Value using a map iterator as the source. They are equivalent to Value.Set(iter.Key()) and Value.Set(iter.Value()), but do fewer allocations.

The new Value.UnsafePointer method returns the Value’s value as an unsafe.Pointer. This allows callers to migrate from Value.UnsafeAddr and Value.Pointer to eliminate the need to perform uintptr to unsafe.Pointer conversions at the callsite (as unsafe.Pointer rules require).

The new MapIter.Reset method changes its receiver to iterate over a different map. The use of MapIter.Reset allows allocation-free iteration over many maps.

A number of methods ( Value.CanInt, Value.CanUint, Value.CanFloat, Value.CanComplex) have been added to Value to test if a conversion is safe.

Value.FieldByIndexErr has been added to avoid the panic that occurs in Value.FieldByIndex when stepping through a nil pointer to an embedded struct.

reflect.Ptr and reflect.PtrTo have been renamed to reflect.Pointer and reflect.PointerTo, respectively, for consistency with the rest of the reflect package. The old names will continue to work, but will be deprecated in a future Go release.

regexp

regexp now treats each invalid byte of a UTF-8 string as U+FFFD.

runtime/debug

The BuildInfo struct has two new fields, containing additional information about how the binary was built:

  • GoVersion holds the version of Go used to build the binary.
  • Settings is a slice of BuildSettings structs holding key/value pairs describing the build.

runtime/pprof

The CPU profiler now uses per-thread timers on Linux. This increases the maximum CPU usage that a profile can observe, and reduces some forms of bias.

strconv

strconv.Unquote now rejects Unicode surrogate halves.

strings

The new Cut function slices a string around a separator. It can replace and simplify many common uses of Index, IndexByte, IndexRune, and SplitN.

The new Clone function copies the input string without the returned cloned string referencing the input string’s memory.

Trim, TrimLeft, and TrimRight are now allocation free and, especially for small ASCII cutsets, up to 10 times faster.

The Title function is now deprecated. It doesn’t handle Unicode punctuation and language-specific capitalization rules, and is superseded by the golang.org/x/text/cases package.

sync

The new methods Mutex.TryLock, RWMutex.TryLock, and RWMutex.TryRLock, will acquire the lock if it is not currently held.

syscall

The new function SyscallN has been introduced for Windows, allowing for calls with arbitrary number of arguments. As a result, Syscall, Syscall6, Syscall9, Syscall12, Syscall15, and Syscall18 are deprecated in favor of SyscallN.

SysProcAttr.Pdeathsig is now supported in FreeBSD.

syscall/js

The Wrapper interface has been removed.

testing

The precedence of / in the argument for -run and -bench has been increased. A/B|C/D used to be treated as A/(B|C)/D and is now treated as (A/B)|(C/D).

If the -run option does not select any tests, the -count option is ignored. This could change the behavior of existing tests in the unlikely case that a test changes the set of subtests that are run each time the test function itself is run.

The new testing.F type is used by the new fuzzing support described above. Tests also now support the command line options -test.fuzz, -test.fuzztime, and -test.fuzzminimizetime.

text/template

Within a range pipeline the new {{break}} command will end the loop early and the new {{continue}} command will immediately start the next loop iteration.

The and function no longer always evaluates all arguments; it stops evaluating arguments after the first argument that evaluates to false. Similarly, the or function now stops evaluating arguments after the first argument that evaluates to true. This makes a difference if any of the arguments is a function call.

text/template/parse

The package supports the new text/template and html/template {{break}} command via the new constant NodeBreak and the new type BreakNode, and similarly supports the new {{continue}} command via the new constant NodeContinue and the new type ContinueNode.

unicode/utf8

The new AppendRune function appends the UTF-8 encoding of a rune to a []byte.

Update Feb 10, 2022 tracked by Updatify

go1.17.7 (released 2022-02-10)

go1.17.7 (released 2022-02-10) includes security fixes to the go command, and the crypto/elliptic and math/big packages, as well as bug fixes to the compiler, linker, runtime, the go command, and the debug/macho, debug/pe, and net/http/httptest packages. See the Go 1.17.7 milestone on our issue tracker for details.

Update Feb 10, 2022 tracked by Updatify

go1.16.14 (released 2022-02-10)

go1.16.14 (released 2022-02-10) includes security fixes to the go command, and the crypto/elliptic and math/big packages, as well as bug fixes to the compiler, linker, runtime, the go command, and the debug/macho, debug/pe, net/http/httptest, and testing packages. See the Go 1.16.14 milestone on our issue tracker for details.

Update Aug 16, 2021 tracked by Updatify

go1.17 (released 2021-08-16)

Introduction to Go 1.17

The latest Go release, version 1.17, arrives six months after Go 1.16. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.

Changes to the language

Go 1.17 includes three small enhancements to the language.

  • Conversions from slice to array pointer: An expression s of type []T may now be converted to array pointer type *[N]T. If a is the result of such a conversion, then corresponding indices that are in range refer to the same underlying elements: &a[i] == &s[i] for 0 <= i < N. The conversion panics if len(s) is less than N.
  • unsafe.Add: unsafe.Add(ptr, len) adds len to ptr and returns the updated pointer unsafe.Pointer(uintptr(ptr) + uintptr(len)).
  • unsafe.Slice: For expression ptr of type *T, unsafe.Slice(ptr, len) returns a slice of type []T whose underlying array starts at ptr and whose length and capacity are len.

The package unsafe enhancements were added to simplify writing code that conforms to unsafe.Pointer ’s safety rules, but the rules remain unchanged. In particular, existing programs that correctly use unsafe.Pointer remain valid, and new programs must still follow the rules when using unsafe.Add or unsafe.Slice.

Note that the new conversion from slice to array pointer is the first case in which a type conversion can panic at run time. Analysis tools that assume type conversions can never panic should be updated to consider this possibility.

Ports

Darwin

As announced in the Go 1.16 release notes, Go 1.17 requires macOS 10.13 High Sierra or later; support for previous versions has been discontinued.

Windows

Go 1.17 adds support of 64-bit ARM architecture on Windows (the windows/arm64 port). This port supports cgo.

OpenBSD

The 64-bit MIPS architecture on OpenBSD (the openbsd/mips64 port) now supports cgo.

In Go 1.16, on the 64-bit x86 and 64-bit ARM architectures on OpenBSD (the openbsd/amd64 and openbsd/arm64 ports) system calls are made through libc, instead of directly using machine instructions. In Go 1.17, this is also done on the 32-bit x86 and 32-bit ARM architectures on OpenBSD (the openbsd/386 and openbsd/arm ports). This ensures compatibility with OpenBSD 6.9 onwards, which require system calls to be made through libc for non-static Go binaries.

ARM64

Go programs now maintain stack frame pointers on the 64-bit ARM architecture on all operating systems. Previously, stack frame pointers were only enabled on Linux, macOS, and iOS.

loong64 GOARCH value reserved

The main Go compiler does not yet support the LoongArch architecture, but we’ve reserved the GOARCH value “ loong64 ”. This means that Go files named *_loong64.go will now be ignored by Go tools except when that GOARCH value is being used.

Tools

Go command

Pruned module graphs in go 1.17 modules

If a module specifies go 1.17 or higher, the module graph includes only the immediate dependencies of other go 1.17 modules, not their full transitive dependencies. (See Module graph pruning for more detail.)

For the go command to correctly resolve transitive imports using the pruned module graph, the go.mod file for each module needs to include more detail about the transitive dependencies relevant to that module. If a module specifies go 1.17 or higher in its go.mod file, its go.mod file now contains an explicit require directive for every module that provides a transitively-imported package. (In previous versions, the go.mod file typically only included explicit requirements for directly -imported packages.)

Since the expanded go.mod file needed for module graph pruning includes all of the dependencies needed to load the imports of any package in the main module, if the main module specifies go 1.17 or higher the go tool no longer reads (or even downloads) go.mod files for dependencies if they are not needed in order to complete the requested command. (See Lazy loading.)

Because the number of explicit requirements may be substantially larger in an expanded Go 1.17 go.mod file, the newly-added requirements on indirect dependencies in a go 1.17 module are maintained in a separate require block from the block containing direct dependencies.

To facilitate the upgrade to Go 1.17 pruned module graphs, the go mod tidy subcommand now supports a -go flag to set or change the go version in the go.mod file. To convert the go.mod file for an existing module to Go 1.17 without changing the selected versions of its dependencies, run:

  go mod tidy -go=1.17

By default, go mod tidy verifies that the selected versions of dependencies relevant to the main module are the same versions that would be used by the prior Go release (Go 1.16 for a module that specifies go 1.17), and preserves the go.sum entries needed by that release even for dependencies that are not normally needed by other commands.

The -compat flag allows that version to be overridden to support older (or only newer) versions, up to the version specified by the go directive in the go.mod file. To tidy a go 1.17 module for Go 1.17 only, without saving checksums for (or checking for consistency with) Go 1.16:

  go mod tidy -compat=1.17

Note that even if the main module is tidied with -compat=1.17, users who require the module from a go 1.16 or earlier module will still be able to use it, provided that the packages use only compatible language and library features.

The go mod graph subcommand also supports the -go flag, which causes it to report the graph as seen by the indicated Go version, showing dependencies that may otherwise be pruned out.

Module deprecation comments

Module authors may deprecate a module by adding a // Deprecated: comment to go.mod, then tagging a new version. go get now prints a warning if a module needed to build packages named on the command line is deprecated. go list -m -u prints deprecations for all dependencies (use -f or -json to show the full message). The go command considers different major versions to be distinct modules, so this mechanism may be used, for example, to provide users with migration instructions for a new major version.

go get

The go get -insecure flag is deprecated and has been removed. To permit the use of insecure schemes when fetching dependencies, please use the GOINSECURE environment variable. The -insecure flag also bypassed module sum validation, use GOPRIVATE or GONOSUMDB if you need that functionality. See go help environment for details.

go get prints a deprecation warning when installing commands outside the main module (without the -d flag). go install cmd@version should be used instead to install a command at a specific version, using a suffix like @latest or @v1.2.3. In Go 1.18, the -d flag will always be enabled, and go get will only be used to change dependencies in go.mod.

go.mod files missing go directives

If the main module’s go.mod file does not contain a go directive and the go command cannot update the go.mod file, the go command now assumes go 1.11 instead of the current release. ( go mod init has added go directives automatically since Go 1.12.)

If a module dependency lacks an explicit go.mod file, or its go.mod file does not contain a go directive, the go command now assumes go 1.16 for that dependency instead of the current release. (Dependencies developed in GOPATH mode may lack a go.mod file, and the vendor/modules.txt has to date never recorded the go versions indicated by dependencies’ go.mod files.)

vendor contents

If the main module specifies go 1.17 or higher, go mod vendor now annotates vendor/modules.txt with the go version indicated by each vendored module in its own go.mod file. The annotated version is used when building the module’s packages from vendored source code.

If the main module specifies go 1.17 or higher, go mod vendor now omits go.mod and go.sum files for vendored dependencies, which can otherwise interfere with the ability of the go command to identify the correct module root when invoked within the vendor tree.

Password prompts

The go command by default now suppresses SSH password prompts and Git Credential Manager prompts when fetching Git repositories using SSH, as it already did previously for other Git password prompts. Users authenticating to private Git repos with password-protected SSH may configure an ssh-agent to enable the go command to use password-protected SSH keys.

go mod download

When go mod download is invoked without arguments, it will no longer save sums for downloaded module content to go.sum. It may still make changes to go.mod and go.sum needed to load the build list. This is the same as the behavior in Go 1.15. To save sums for all modules, use go mod download all.

//go:build lines

The go command now understands //go:build lines and prefers them over // +build lines. The new syntax uses boolean expressions, just like Go, and should be less error-prone. As of this release, the new syntax is fully supported, and all Go files should be updated to have both forms with the same meaning. To aid in migration, gofmt now automatically synchronizes the two forms. For more details on the syntax and migration plan, see https://golang.org/design/draft-gobuild.

go run

go run now accepts arguments with version suffixes (for example, go run example.com/cmd@v1.0.0). This causes go run to build and run packages in module-aware mode, ignoring the go.mod file in the current directory or any parent directory, if there is one. This is useful for running executables without installing them or without changing dependencies of the current module.

Gofmt

gofmt (and go fmt) now synchronizes //go:build lines with // +build lines. If a file only has // +build lines, they will be moved to the appropriate location in the file, and matching //go:build lines will be added. Otherwise, // +build lines will be overwritten based on any existing //go:build lines. For more information, see https://golang.org/design/draft-gobuild.

Vet

New warning for mismatched //go:build and // +build lines

The vet tool now verifies that //go:build and // +build lines are in the correct part of the file and synchronized with each other. If they aren’t, gofmt can be used to fix them. For more information, see https://golang.org/design/draft-gobuild.

New warning for calling signal.Notify on unbuffered channels

The vet tool now warns about calls to signal.Notify with incoming signals being sent to an unbuffered channel. Using an unbuffered channel risks missing signals sent on them as signal.Notify does not block when sending to a channel. For example:

c := make(chan os.Signal)
// signals are sent on c before the channel is read from.
// This signal may be dropped as c is unbuffered.
signal.Notify(c, os.Interrupt)

Users of signal.Notify should use channels with sufficient buffer space to keep up with the expected signal rate.

New warnings for Is, As and Unwrap methods

The vet tool now warns about methods named As, Is or Unwrap on types implementing the error interface that have a different signature than the one expected by the errors package. The errors.{As,Is,Unwrap} functions expect such methods to implement either Is(error) bool, As(interface{}) bool, or Unwrap() error respectively. The functions errors.{As,Is,Unwrap} will ignore methods with the same names but a different signature. For example:

type MyError struct { hint string }
func (m MyError) Error() string { ... } // MyError implements error.
func (MyError) Is(target interface{}) bool { ... } // target is interface{} instead of error.
func Foo() bool {
    x, y := MyError{"A"}, MyError{"B"}
    return errors.Is(x, y) // returns false as x != y and MyError does not have an `Is(error) bool` function.
}

Cover

The cover tool now uses an optimized parser from golang.org/x/tools/cover, which may be noticeably faster when parsing large coverage profiles.

Compiler

Go 1.17 implements a new way of passing function arguments and results using registers instead of the stack. Benchmarks for a representative set of Go packages and programs show performance improvements of about 5%, and a typical reduction in binary size of about 2%. This is currently enabled for Linux, macOS, and Windows on the 64-bit x86 architecture (the linux/amd64, darwin/amd64, and windows/amd64 ports).

This change does not affect the functionality of any safe Go code and is designed to have no impact on most assembly code. It may affect code that violates the unsafe.Pointer rules when accessing function arguments, or that depends on undocumented behavior involving comparing function code pointers. To maintain compatibility with existing assembly functions, the compiler generates adapter functions that convert between the new register-based calling convention and the previous stack-based calling convention. These adapters are typically invisible to users, except that taking the address of a Go function in assembly code or taking the address of an assembly function in Go code using reflect.ValueOf(fn).Pointer() or unsafe.Pointer will now return the address of the adapter. Code that depends on the value of these code pointers may no longer behave as expected. Adapters also may cause a very small performance overhead in two cases: calling an assembly function indirectly from Go via a func value, and calling Go functions from assembly.

The format of stack traces from the runtime (printed when an uncaught panic occurs, or when runtime.Stack is called) is improved. Previously, the function arguments were printed as hexadecimal words based on the memory layout. Now each argument in the source code is printed separately, separated by commas. Aggregate-typed (struct, array, string, slice, interface, and complex) arguments are delimited by curly braces. A caveat is that the value of an argument that only lives in a register and is not stored to memory may be inaccurate. Function return values (which were usually inaccurate) are no longer printed.

Functions containing closures can now be inlined. One effect of this change is that a function with a closure may produce a distinct closure code pointer for each place that the function is inlined. Go function values are not directly comparable, but this change could reveal bugs in code that uses reflect or unsafe.Pointer to bypass this language restriction and compare functions by code pointer.

Linker

When the linker uses external linking mode, which is the default when linking a program that uses cgo, and the linker is invoked with a -I option, the option will now be passed to the external linker as a -Wl,--dynamic-linker option.

Standard library

Cgo

The runtime/cgo package now provides a new facility that allows to turn any Go values to a safe representation that can be used to pass values between C and Go safely. See runtime/cgo.Handle for more information.

URL query parsing

The net/url and net/http packages used to accept ";" (semicolon) as a setting separator in URL queries, in addition to "&" (ampersand). Now, settings with non-percent-encoded semicolons are rejected and net/http servers will log a warning to Server.ErrorLog when encountering one in a request URL.

For example, before Go 1.17 the Query method of the URL example?a=1;b=2&c=3 would have returned map[a:[1] b:[2] c:[3]], while now it returns map[c:[3]].

When encountering such a query string, URL.Query and Request.FormValue ignore any settings that contain a semicolon, ParseQuery returns the remaining settings and an error, and Request.ParseForm and Request.ParseMultipartForm return an error but still set Request fields based on the remaining settings.

net/http users can restore the original behavior by using the new AllowQuerySemicolons handler wrapper. This will also suppress the ErrorLog warning. Note that accepting semicolons as query separators can lead to security issues if different systems interpret cache keys differently. See issue 25192 for more information.

TLS strict ALPN

When Config.NextProtos is set, servers now enforce that there is an overlap between the configured protocols and the ALPN protocols advertised by the client, if any. If there is no mutually supported protocol, the connection is closed with the no_application_protocol alert, as required by RFC 7301. This helps mitigate the ALPACA cross-protocol attack.

As an exception, when the value "h2" is included in the server’s Config.NextProtos, HTTP/1.1 clients will be allowed to connect as if they didn’t support ALPN. See issue 46310 for more information.

Minor changes to the library

As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind.

archive/zip

The new methods File.OpenRaw, Writer.CreateRaw, Writer.Copy provide support for cases where performance is a primary concern.

bufio

The Writer.WriteRune method now writes the replacement character U+FFFD for negative rune values, as it does for other invalid runes.

bytes

The Buffer.WriteRune method now writes the replacement character U+FFFD for negative rune values, as it does for other invalid runes.

compress/lzw

The NewReader function is guaranteed to return a value of the new type Reader, and similarly NewWriter is guaranteed to return a value of the new type Writer. These new types both implement a Reset method ( Reader.Reset, Writer.Reset) that allows reuse of the Reader or Writer.

crypto/ed25519

The crypto/ed25519 package has been rewritten, and all operations are now approximately twice as fast on amd64 and arm64. The observable behavior has not otherwise changed.

crypto/elliptic

CurveParams methods now automatically invoke faster and safer dedicated implementations for known curves (P-224, P-256, and P-521) when available. Note that this is a best-effort approach and applications should avoid using the generic, not constant-time CurveParams methods and instead use dedicated Curve implementations such as P256.

The P521 curve implementation has been rewritten using code generated by the fiat-crypto project, which is based on a formally-verified model of the arithmetic operations. It is now constant-time and three times faster on amd64 and arm64. The observable behavior has not otherwise changed.

crypto/rand

The crypto/rand package now uses the getentropy syscall on macOS and the getrandom syscall on Solaris, Illumos, and DragonFlyBSD.

crypto/tls

The new Conn.HandshakeContext method allows the user to control cancellation of an in-progress TLS handshake. The provided context is accessible from various callbacks through the new ClientHelloInfo.Context and CertificateRequestInfo.Context methods. Canceling the context after the handshake has finished has no effect.

Cipher suite ordering is now handled entirely by the crypto/tls package. Currently, cipher suites are sorted based on their security, performance, and hardware support taking into account both the local and peer’s hardware. The order of the Config.CipherSuites field is now ignored, as well as the Config.PreferServerCipherSuites field. Note that Config.CipherSuites still allows applications to choose what TLS 1.0–1.2 cipher suites to enable.

The 3DES cipher suites have been moved to InsecureCipherSuites due to fundamental block size-related weakness. They are still enabled by default but only as a last resort, thanks to the cipher suite ordering change above.

Beginning in the next release, Go 1.18, the Config.MinVersion for crypto/tls clients will default to TLS 1.2, disabling TLS 1.0 and TLS 1.1 by default. Applications will be able to override the change by explicitly setting Config.MinVersion. This will not affect crypto/tls servers.

crypto/x509

CreateCertificate now returns an error if the provided private key doesn’t match the parent’s public key, if any. The resulting certificate would have failed to verify.

The temporary GODEBUG=x509ignoreCN=0 flag has been removed.

ParseCertificate has been rewritten, and now consumes ~70% fewer resources. The observable behavior when processing WebPKI certificates has not otherwise changed, except for error messages.

On BSD systems, /etc/ssl/certs is now searched for trusted roots. This adds support for the new system trusted certificate store in FreeBSD 12.2+.

Beginning in the next release, Go 1.18, crypto/x509 will reject certificates signed with the SHA-1 hash function. This doesn’t apply to self-signed root certificates. Practical attacks against SHA-1 have been demonstrated in 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.

database/sql

The DB.Close method now closes the connector field if the type in this field implements the io.Closer interface.

The new NullInt16 and NullByte structs represent the int16 and byte values that may be null. These can be used as destinations of the Scan method, similar to NullString.

debug/elf

The SHT_MIPS_ABIFLAGS constant has been added.

encoding/binary

binary.Uvarint will stop reading after 10 bytes to avoid wasted computations. If more than 10 bytes are needed, the byte count returned is -11.
Previous Go versions could return larger negative counts when reading incorrectly encoded varints.

encoding/csv

The new Reader.FieldPos method returns the line and column corresponding to the start of a given field in the record most recently returned by Read.

encoding/xml

When a comment appears within a Directive, it is now replaced with a single space instead of being completely elided.

Invalid element or attribute names with leading, trailing, or multiple colons are now stored unmodified into the Name.Local field.

flag

Flag declarations now panic if an invalid name is specified.

go/build

The new Context.ToolTags field holds the build tags appropriate to the current Go toolchain configuration.

go/format

The Source and Node functions now synchronize //go:build lines with // +build lines. If a file only has // +build lines, they will be moved to the appropriate location in the file, and matching //go:build lines will be added. Otherwise, // +build lines will be overwritten based on any existing //go:build lines. For more information, see https://golang.org/design/draft-gobuild.

go/parser

The new SkipObjectResolution Mode value instructs the parser not to resolve identifiers to their declaration. This may improve parsing speed.

image

The concrete image types ( RGBA, Gray16 and so on) now implement a new RGBA64Image interface. The concrete types that previously implemented draw.Image now also implement draw.RGBA64Image, a new interface in the image/draw package.

io/fs

The new FileInfoToDirEntry function converts a FileInfo to a DirEntry.

math

The math package now defines three more constants: MaxUint, MaxInt and MinInt. For 32-bit systems their values are 2^32 - 1, 2^31 - 1 and -2^31, respectively. For 64-bit systems their values are 2^64 - 1, 2^63 - 1 and -2^63, respectively.

mime

On Unix systems, the table of MIME types is now read from the local system’s Shared MIME-info Database when available.

mime/multipart

Part.FileName now applies filepath.Base to the return value. This mitigates potential path traversal vulnerabilities in applications that accept multipart messages, such as net/http servers that call Request.FormFile.

net

The new method IP.IsPrivate reports whether an address is a private IPv4 address according to RFC 1918 or a local IPv6 address according RFC 4193.

The Go DNS resolver now only sends one DNS query when resolving an address for an IPv4-only or IPv6-only network, rather than querying for both address families.

The ErrClosed sentinel error and ParseError error type now implement the net.Error interface.

The ParseIP and ParseCIDR functions now reject IPv4 addresses which contain decimal components with leading zeros. These components were always interpreted as decimal, but some operating systems treat them as octal. This mismatch could hypothetically lead to security issues if a Go application was used to validate IP addresses which were then used in their original form with non-Go applications which interpreted components as octal. Generally, it is advisable to always re-encode values after validation, which avoids this class of parser misalignment issues.

net/http

The net/http package now uses the new (*tls.Conn).HandshakeContext with the Request context when performing TLS handshakes in the client or server.

Setting the Server ReadTimeout or WriteTimeout fields to a negative value now indicates no timeout rather than an immediate timeout.

The ReadRequest function now returns an error when the request has multiple Host headers.

When producing a redirect to the cleaned version of a URL, ServeMux now always uses relative URLs in the Location header. Previously it would echo the full URL of the request, which could lead to unintended redirects if the client could be made to send an absolute request URL.

When interpreting certain HTTP headers handled by net/http, non-ASCII characters are now ignored or rejected.

If Request.ParseForm returns an error when called by Request.ParseMultipartForm, the latter now continues populating Request.MultipartForm before returning it.

net/http/httptest

ResponseRecorder.WriteHeader now panics when the provided code is not a valid three-digit HTTP status code. This matches the behavior of ResponseWriter implementations in the net/http package.

net/url

The new method Values.Has reports whether a query parameter is set.

os

The File.WriteString method has been optimized to not make a copy of the input string.

reflect

The new Value.CanConvert method reports whether a value can be converted to a type. This may be used to avoid a panic when converting a slice to an array pointer type if the slice is too short. Previously it was sufficient to use Type.ConvertibleTo for this, but the newly permitted conversion from slice to array pointer type can panic even if the types are convertible.

The new StructField.IsExported and Method.IsExported methods report whether a struct field or type method is exported. They provide a more readable alternative to checking whether PkgPath is empty.

The new VisibleFields function returns all the visible fields in a struct type, including fields inside anonymous struct members.

The ArrayOf function now panics when called with a negative length.

Checking the Type.ConvertibleTo method is no longer sufficient to guarantee that a call to Value.Convert will not panic. It may panic when converting []T to *[N]T if the slice’s length is less than N. See the language changes section above.

The Value.Convert and Type.ConvertibleTo methods have been fixed to not treat types in different packages with the same name as identical, to match what the language allows.

runtime/metrics

New metrics were added that track total bytes and objects allocated and freed. A new metric tracking the distribution of goroutine scheduling latencies was also added.

runtime/pprof

Block profiles are no longer biased to favor infrequent long events over frequent short events.

strconv

The strconv package now uses Ulf Adams’s Ryū algorithm for formatting floating-point numbers. This algorithm improves performance on most inputs and is more than 99% faster on worst-case inputs.

The new QuotedPrefix function returns the quoted string (as understood by Unquote) at the start of input.

strings

The Builder.WriteRune method now writes the replacement character U+FFFD for negative rune values, as it does for other invalid runes.

sync/atomic

atomic.Value now has Swap and CompareAndSwap methods that provide additional atomic operations.

syscall

The GetQueuedCompletionStatus and PostQueuedCompletionStatus functions are now deprecated. These functions have incorrect signatures and are superseded by equivalents in the golang.org/x/sys/windows package.

On Unix-like systems, the process group of a child process is now set with signals blocked. This avoids sending a SIGTTOU to the child when the parent is in a background process group.

The Windows version of SysProcAttr has two new fields. AdditionalInheritedHandles is a list of additional handles to be inherited by the new child process. ParentProcess permits specifying the parent process of the new process.

The constant MSG_CMSG_CLOEXEC is now defined on DragonFly and all OpenBSD systems (it was already defined on some OpenBSD systems and all FreeBSD, NetBSD, and Linux systems).

The constants SYS_WAIT6 and WEXITED are now defined on NetBSD systems ( SYS_WAIT6 was already defined on DragonFly and FreeBSD systems; WEXITED was already defined on Darwin, DragonFly, FreeBSD, Linux, and Solaris systems).

testing

Added a new testing flag -shuffle which controls the execution order of tests and benchmarks.

The new T.Setenv and B.Setenv methods support setting an environment variable for the duration of the test or benchmark.

text/template/parse

The new SkipFuncCheck Mode value changes the template parser to not verify that functions are defined.

time

The Time type now has a GoString method that will return a more useful value for times when printed with the %#v format specifier in the fmt package.

The new Time.IsDST method can be used to check whether the time is in Daylight Savings Time in its configured location.

The new Time.UnixMilli and Time.UnixMicro methods return the number of milliseconds and microseconds elapsed since January 1, 1970 UTC respectively.
The new UnixMilli and UnixMicro functions return the local Time corresponding to the given Unix time.

The package now accepts comma “,” as a separator for fractional seconds when parsing and formatting time. For example, the following time layouts are now accepted:

  • 2006-01-02 15:04:05,999999999 -0700 MST
  • Mon Jan _2 15:04:05,000000 2006
  • Monday, January 2 15:04:05,000 2006

The new constant Layout defines the reference time.

unicode

The Is, IsGraphic, IsLetter, IsLower, IsMark, IsNumber, IsPrint, IsPunct, IsSpace, IsSymbol, and IsUpper functions now return false on negative rune values, as they do for other invalid runes.

Update Feb 16, 2021 tracked by Updatify

go1.16 (released 2021-02-16)

Introduction to Go 1.16

The latest Go release, version 1.16, arrives six months after Go 1.15. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.

Changes to the language

There are no changes to the language.

Ports

Darwin and iOS

Go 1.16 adds support of 64-bit ARM architecture on macOS (also known as Apple Silicon) with GOOS=darwin, GOARCH=arm64. Like the darwin/amd64 port, the darwin/arm64 port supports cgo, internal and external linking, c-archive, c-shared, and pie build modes, and the race detector.

The iOS port, which was previously darwin/arm64, has been renamed to ios/arm64. GOOS=ios implies the darwin build tag, just as GOOS=android implies the linux build tag. This change should be transparent to anyone using gomobile to build iOS apps.

The introduction of GOOS=ios means that file names like x_ios.go will now only be built for GOOS=ios; see go help buildconstraint for details. Existing packages that use file names of this form will have to rename the files.

Go 1.16 adds an ios/amd64 port, which targets the iOS simulator running on AMD64-based macOS. Previously this was unofficially supported through darwin/amd64 with the ios build tag set. See also misc/ios/README for details about how to build programs for iOS and iOS simulator.

Go 1.16 is the last release that will run on macOS 10.12 Sierra. Go 1.17 will require macOS 10.13 High Sierra or later.

NetBSD

Go now supports the 64-bit ARM architecture on NetBSD (the netbsd/arm64 port).

OpenBSD

Go now supports the MIPS64 architecture on OpenBSD (the openbsd/mips64 port). This port does not yet support cgo.

On the 64-bit x86 and 64-bit ARM architectures on OpenBSD (the openbsd/amd64 and openbsd/arm64 ports), system calls are now made through libc, instead of directly using the SYSCALL / SVC instruction. This ensures forward-compatibility with future versions of OpenBSD. In particular, OpenBSD 6.9 onwards will require system calls to be made through libc for non-static Go binaries.

386

As announced in the Go 1.15 release notes, Go 1.16 drops support for x87 mode compilation ( GO386=387). Support for non-SSE2 processors is now available using soft float mode ( GO386=softfloat). Users running on non-SSE2 processors should replace GO386=387 with GO386=softfloat.

RISC-V

The linux/riscv64 port now supports cgo and -buildmode=pie. This release also includes performance optimizations and code generation improvements for RISC-V.

Tools

Go command

Modules

Module-aware mode is enabled by default, regardless of whether a go.mod file is present in the current working directory or a parent directory. More precisely, the GO111MODULE environment variable now defaults to on. To switch to the previous behavior, set GO111MODULE to auto.

Build commands like go build and go test no longer modify go.mod and go.sum by default. Instead, they report an error if a module requirement or checksum needs to be added or updated (as if the -mod=readonly flag were used). Module requirements and sums may be adjusted with go mod tidy or go get.

go install now accepts arguments with version suffixes (for example, go install example.com/cmd@v1.0.0). This causes go install to build and install packages in module-aware mode, ignoring the go.mod file in the current directory or any parent directory, if there is one. This is useful for installing executables without affecting the dependencies of the main module.

go install, with or without a version suffix (as described above), is now the recommended way to build and install packages in module mode. go get should be used with the -d flag to adjust the current module’s dependencies without building packages, and use of go get to build and install packages is deprecated. In a future release, the -d flag will always be enabled.

retract directives may now be used in a go.mod file to indicate that certain published versions of the module should not be used by other modules. A module author may retract a version after a severe problem is discovered or if the version was published unintentionally.

The go mod vendor and go mod tidy subcommands now accept the -e flag, which instructs them to proceed despite errors in resolving missing packages.

The go command now ignores requirements on module versions excluded by exclude directives in the main module. Previously, the go command used the next version higher than an excluded version, but that version could change over time, resulting in non-reproducible builds.

In module mode, the go command now disallows import paths that include non-ASCII characters or path elements with a leading dot character ( .). Module paths with these characters were already disallowed (see Module paths and versions), so this change affects only paths within module subdirectories.

Embedding Files

The go command now supports including static files and file trees as part of the final executable, using the new //go:embed directive. See the documentation for the new embed package for details.

go test

When using go test, a test that calls os.Exit(0) during execution of a test function will now be considered to fail. This will help catch cases in which a test calls code that calls os.Exit(0) and thereby stops running all future tests. If a TestMain function calls os.Exit(0) that is still considered to be a passing test.

go test reports an error when the -c or -i flags are used together with unknown flags. Normally, unknown flags are passed to tests, but when -c or -i are used, tests are not run.

go get

The go get -insecure flag is deprecated and will be removed in a future version. This flag permits fetching from repositories and resolving custom domains using insecure schemes such as HTTP, and also bypasses module sum validation using the checksum database. To permit the use of insecure schemes, use the GOINSECURE environment variable instead. To bypass module sum validation, use GOPRIVATE or GONOSUMDB. See go help environment for details.

go get example.com/mod@patch now requires that some version of example.com/mod already be required by the main module. (However, go get -u=patch continues to patch even newly-added dependencies.)

GOVCS environment variable

GOVCS is a new environment variable that limits which version control tools the go command may use to download source code. This mitigates security issues with tools that are typically used in trusted, authenticated environments. By default, git and hg may be used to download code from any repository. svn, bzr, and fossil may only be used to download code from repositories with module paths or package paths matching patterns in the GOPRIVATE environment variable. See go help vcs for details.

The all pattern

When the main module’s go.mod file declares go 1.16 or higher, the all package pattern now matches only those packages that are transitively imported by a package or test found in the main module. (Packages imported by tests of packages imported by the main module are no longer included.) This is the same set of packages retained by go mod vendor since Go 1.11.

The -toolexec build flag

When the -toolexec build flag is specified to use a program when invoking toolchain programs like compile or asm, the environment variable TOOLEXEC_IMPORTPATH is now set to the import path of the package being built.

The -i build flag

The -i flag accepted by go build, go install, and go test is now deprecated. The -i flag instructs the go command to install packages imported by packages named on the command line. Since the build cache was introduced in Go 1.10, the -i flag no longer has a significant effect on build times, and it causes errors when the install directory is not writable.

The list command

When the -export flag is specified, the BuildID field is now set to the build ID of the compiled package. This is equivalent to running go tool buildid on go list -exported -f {{.Export}}, but without the extra step.

The -overlay flag

The -overlay flag specifies a JSON configuration file containing a set of file path replacements. The -overlay flag may be used with all build commands and go mod subcommands. It is primarily intended to be used by editor tooling such as gopls to understand the effects of unsaved changes to source files. The config file maps actual file paths to replacement file paths and the go command and its builds will run as if the actual file paths exist with the contents given by the replacement file paths, or don’t exist if the replacement file paths are empty.

Cgo

The cgo tool will no longer try to translate C struct bitfields into Go struct fields, even if their size can be represented in Go. The order in which C bitfields appear in memory is implementation dependent, so in some cases the cgo tool produced results that were silently incorrect.

Vet

New warning for invalid testing.T use in goroutines

The vet tool now warns about invalid calls to the testing.T method Fatal from within a goroutine created during the test. This also warns on calls to Fatalf, FailNow, and Skip{,f,Now} methods on testing.T tests or testing.B benchmarks.

Calls to these methods stop the execution of the created goroutine and not the Test* or Benchmark* function. So these are required to be called by the goroutine running the test or benchmark function. For example:

func TestFoo(t *testing.T) {
    go func() {
        if condition() {
            t.Fatal("oops") // This exits the inner func instead of TestFoo.
        }
        ...
    }()
}

Code calling t.Fatal (or a similar method) from a created goroutine should be rewritten to signal the test failure using t.Error and exit the goroutine early using an alternative method, such as using a return statement. The previous example could be rewritten as:

func TestFoo(t *testing.T) {
    go func() {
        if condition() {
            t.Error("oops")
            return
        }
        ...
    }()
}

New warning for frame pointer

The vet tool now warns about amd64 assembly that clobbers the BP register (the frame pointer) without saving and restoring it, contrary to the calling convention. Code that doesn’t preserve the BP register must be modified to either not use BP at all or preserve BP by saving and restoring it. An easy way to preserve BP is to set the frame size to a nonzero value, which causes the generated prologue and epilogue to preserve the BP register for you. See CL 248260 for example fixes.

New warning for asn1.Unmarshal

The vet tool now warns about incorrectly passing a non-pointer or nil argument to asn1.Unmarshal. This is like the existing checks for encoding/json.Unmarshal and encoding/xml.Unmarshal.

Runtime

The new runtime/metrics package introduces a stable interface for reading implementation-defined metrics from the Go runtime. It supersedes existing functions like runtime.ReadMemStats and debug.GCStats and is significantly more general and efficient. See the package documentation for more details.

Setting the GODEBUG environment variable to inittrace=1 now causes the runtime to emit a single line to standard error for each package init, summarizing its execution time and memory allocation. This trace can be used to find bottlenecks or regressions in Go startup performance. The GODEBUG documentation describes the format.

On Linux, the runtime now defaults to releasing memory to the operating system promptly (using MADV_DONTNEED), rather than lazily when the operating system is under memory pressure (using MADV_FREE). This means process-level memory statistics like RSS will more accurately reflect the amount of physical memory being used by Go processes. Systems that are currently using GODEBUG=madvdontneed=1 to improve memory monitoring behavior no longer need to set this environment variable.

Go 1.16 fixes a discrepancy between the race detector and the Go memory model. The race detector now more precisely follows the channel synchronization rules of the memory model. As a result, the detector may now report races it previously missed.

Compiler

The compiler can now inline functions with non-labeled for loops, method values, and type switches. The inliner can also detect more indirect calls where inlining is possible.

Linker

This release includes additional improvements to the Go linker, reducing linker resource usage (both time and memory) and improving code robustness/maintainability. These changes form the second half of a two-release project to modernize the Go linker.

The linker changes in 1.16 extend the 1.15 improvements to all supported architecture/OS combinations (the 1.15 performance improvements were primarily focused on ELF -based OSes and amd64 architectures). For a representative set of large Go programs, linking is 20-25% faster than 1.15 and requires 5-15% less memory on average for linux/amd64, with larger improvements for other architectures and OSes. Most binaries are also smaller as a result of more aggressive symbol pruning.

On Windows, go build -buildmode=c-shared now generates Windows ASLR DLLs by default. ASLR can be disabled with --ldflags=-aslr=false.

Standard library

Embedded Files

The new embed package provides access to files embedded in the program during compilation using the new //go:embed directive.

File Systems

The new io/fs package defines the fs.FS interface, an abstraction for read-only trees of files. The standard library packages have been adapted to make use of the interface as appropriate.

On the producer side of the interface, the new embed.FS type implements fs.FS, as does zip.Reader. The new os.DirFS function provides an implementation of fs.FS backed by a tree of operating system files.

On the consumer side, the new http.FS function converts an fs.FS to an http.FileSystem. Also, the html/template and text/template packages’ ParseFS functions and methods read templates from an fs.FS.

For testing code that implements fs.FS, the new testing/fstest package provides a TestFS function that checks for and reports common mistakes. It also provides a simple in-memory file system implementation, MapFS, which can be useful for testing code that accepts fs.FS implementations.

Deprecation of io/ioutil

The io/ioutil package has turned out to be a poorly defined and hard to understand collection of things. All functionality provided by the package has been moved to other packages. The io/ioutil package remains and will continue to work as before, but we encourage new code to use the new definitions in the io and os packages. Here is a list of the new locations of the names exported by io/ioutil:

Minor changes to the library

As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind.

archive/zip

The new Reader.Open method implements the fs.FS interface.

crypto/dsa

The crypto/dsa package is now deprecated. See issue #40337.

crypto/hmac

New will now panic if separate calls to the hash generation function fail to return new values. Previously, the behavior was undefined and invalid outputs were sometimes generated.

crypto/tls

I/O operations on closing or closed TLS connections can now be detected using the new net.ErrClosed error. A typical use would be errors.Is(err, net.ErrClosed).

A default write deadline is now set in Conn.Close before sending the “close notify” alert, in order to prevent blocking indefinitely.

Clients now return a handshake error if the server selects an ALPN protocol that was not in the list advertised by the client.

Servers will now prefer other available AEAD cipher suites (such as ChaCha20Poly1305) over AES-GCM cipher suites if either the client or server doesn’t have AES hardware support, unless both Config.PreferServerCipherSuites and Config.CipherSuites are set. The client is assumed not to have AES hardware support if it does not signal a preference for AES-GCM cipher suites.

Config.Clone now returns nil if the receiver is nil, rather than panicking.

crypto/x509

The GODEBUG=x509ignoreCN=0 flag will be removed in Go 1.17. It enables the legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present.

ParseCertificate and CreateCertificate now enforce string encoding restrictions for the DNSNames, EmailAddresses, and URIs fields. These fields can only contain strings with characters within the ASCII range.

CreateCertificate now verifies the generated certificate’s signature using the signer’s public key. If the signature is invalid, an error is returned, instead of a malformed certificate.

DSA signature verification is no longer supported. Note that DSA signature generation was never supported. See issue #40337.

On Windows, Certificate.Verify will now return all certificate chains that are built by the platform certificate verifier, instead of just the highest ranked chain.

The new SystemRootsError.Unwrap method allows accessing the Err field through the errors package functions.

On Unix systems, the crypto/x509 package is now more efficient in how it stores its copy of the system cert pool. Programs that use only a small number of roots will use around a half megabyte less memory.

debug/elf

More DT and PT constants have been added.

encoding/asn1

Unmarshal and UnmarshalWithParams now return an error instead of panicking when the argument is not a pointer or is nil. This change matches the behavior of other encoding packages such as encoding/json.

encoding/json

The json struct field tags understood by Marshal, Unmarshal, and related functionality now permit semicolon characters within a JSON object name for a Go struct field.

encoding/xml

The encoder has always taken care to avoid using namespace prefixes beginning with xml, which are reserved by the XML specification. Now, following the specification more closely, that check is case-insensitive, so that prefixes beginning with XML, XmL, and so on are also avoided.

flag

The new Func function allows registering a flag implemented by calling a function, as a lighter-weight alternative to implementing the Value interface.

go/build

The Package struct has new fields that report information about //go:embed directives in the package: EmbedPatterns, EmbedPatternPos, TestEmbedPatterns, TestEmbedPatternPos, XTestEmbedPatterns, XTestEmbedPatternPos.

The Package field IgnoredGoFiles will no longer include files that start with “_” or “.”, as those files are always ignored. IgnoredGoFiles is for files ignored because of build constraints.

The new Package field IgnoredOtherFiles has a list of non-Go files ignored because of build constraints.

go/build/constraint

The new go/build/constraint package parses build constraint lines, both the original // +build syntax and the //go:build syntax that will be introduced in Go 1.17. This package exists so that tools built with Go 1.16 will be able to process Go 1.17 source code. See https://golang.org/design/draft-gobuild for details about the build constraint syntaxes and the planned transition to the //go:build syntax. Note that //go:build lines are not supported in Go 1.16 and should not be introduced into Go programs yet.

html/template

The new template.ParseFS function and template.Template.ParseFS method are like template.ParseGlob and template.Template.ParseGlob, but read the templates from an fs.FS.

io

The package now defines a ReadSeekCloser interface.

The package now defines Discard, NopCloser, and ReadAll, to be used instead of the same names in the io/ioutil package.

log

The new Default function provides access to the default Logger.

log/syslog

The Writer now uses the local message format (omitting the host name and using a shorter time stamp) when logging to custom Unix domain sockets, matching the format already used for the default log socket.

mime/multipart

The Reader ’s ReadForm method no longer rejects form data when passed the maximum int64 value as a limit.

net

The case of I/O on a closed network connection, or I/O on a network connection that is closed before any of the I/O completes, can now be detected using the new ErrClosed error. A typical use would be errors.Is(err, net.ErrClosed). In earlier releases the only way to reliably detect this case was to match the string returned by the Error method with "use of closed network connection".

In previous Go releases the default TCP listener backlog size on Linux systems, set by /proc/sys/net/core/somaxconn, was limited to a maximum of 65535. On Linux kernel version 4.1 and above, the maximum is now 4294967295.

On Linux, host name lookups no longer use DNS before checking /etc/hosts when /etc/nsswitch.conf is missing; this is common on musl-based systems and makes Go programs match the behavior of C programs on those systems.

net/http

In the net/http package, the behavior of StripPrefix has been changed to strip the prefix from the request URL’s RawPath field in addition to its Path field. In past releases, only the Path field was trimmed, and so if the request URL contained any escaped characters the URL would be modified to have mismatched Path and RawPath fields. In Go 1.16, StripPrefix trims both fields. If there are escaped characters in the prefix part of the request URL the handler serves a 404 instead of its previous behavior of invoking the underlying handler with a mismatched Path / RawPath pair.

The net/http package now rejects HTTP range requests of the form "Range": "bytes=--N" where "-N" is a negative suffix length, for example "Range": "bytes=--2". It now replies with a 416 "Range Not Satisfiable" response.

Cookies set with SameSiteDefaultMode now behave according to the current spec (no attribute is set) instead of generating a SameSite key without a value.

The Client now sends an explicit Content-Length: 0 header in PATCH requests with empty bodies, matching the existing behavior of POST and PUT.

The ProxyFromEnvironment function no longer returns the setting of the HTTP_PROXY environment variable for https:// URLs when HTTPS_PROXY is unset.

The Transport type has a new field GetProxyConnectHeader which may be set to a function that returns headers to send to a proxy during a CONNECT request. In effect GetProxyConnectHeader is a dynamic version of the existing field ProxyConnectHeader; if GetProxyConnectHeader is not nil, then ProxyConnectHeader is ignored.

The new http.FS function converts an fs.FS to an http.FileSystem.

net/http/httputil

ReverseProxy now flushes buffered data more aggressively when proxying streamed responses with unknown body lengths.

net/smtp

The Client ’s Mail method now sends the SMTPUTF8 directive to servers that support it, signaling that addresses are encoded in UTF-8.

os

Process.Signal now returns ErrProcessDone instead of the unexported errFinished when the process has already finished.

The package defines a new type DirEntry as an alias for fs.DirEntry. The new ReadDir function and the new File.ReadDir method can be used to read the contents of a directory into a slice of DirEntry. The File.Readdir method (note the lower case d in dir) still exists, returning a slice of FileInfo, but for most programs it will be more efficient to switch to File.ReadDir.

The package now defines CreateTemp, MkdirTemp, ReadFile, and WriteFile, to be used instead of functions defined in the io/ioutil package.

The types FileInfo, FileMode, and PathError are now aliases for types of the same name in the io/fs package. Function signatures in the os package have been updated to refer to the names in the io/fs package. This should not affect any existing code.

The new DirFS function provides an implementation of fs.FS backed by a tree of operating system files.

os/signal

The new NotifyContext function allows creating contexts that are canceled upon arrival of specific signals.

path

The Match function now returns an error if the unmatched part of the pattern has a syntax error. Previously, the function returned early on a failed match, and thus did not report any later syntax error in the pattern.

path/filepath

The new function WalkDir is similar to Walk, but is typically more efficient. The function passed to WalkDir receives a fs.DirEntry instead of a fs.FileInfo. (To clarify for those who recall the Walk function as taking an os.FileInfo, os.FileInfo is now an alias for fs.FileInfo.)

The Match and Glob functions now return an error if the unmatched part of the pattern has a syntax error. Previously, the functions returned early on a failed match, and thus did not report any later syntax error in the pattern.

reflect

The Zero function has been optimized to avoid allocations. Code which incorrectly compares the returned Value to another Value using == or DeepEqual may get different results than those obtained in previous Go versions. The documentation for reflect.Value describes how to compare two Value s correctly.

runtime/debug

The runtime.Error values used when SetPanicOnFault is enabled may now have an Addr method. If that method exists, it returns the memory address that triggered the fault.

strconv

ParseFloat now uses the Eisel-Lemire algorithm, improving performance by up to a factor of 2. This can also speed up decoding textual formats like encoding/json.

syscall

NewCallback and NewCallbackCDecl now correctly support callback functions with multiple sub- uintptr -sized arguments in a row. This may require changing uses of these functions to eliminate manual padding between small arguments.

SysProcAttr on Windows has a new NoInheritHandles field that disables inheriting handles when creating a new process.

DLLError on Windows now has an Unwrap method for unwrapping its underlying error.

On Linux, Setgid, Setuid, and related calls are now implemented. Previously, they returned an syscall.EOPNOTSUPP error.

On Linux, the new functions AllThreadsSyscall and AllThreadsSyscall6 may be used to make a system call on all Go threads in the process. These functions may only be used by programs that do not use cgo; if a program uses cgo, they will always return syscall.ENOTSUP.

testing/iotest

The new ErrReader function returns an io.Reader that always returns an error.

The new TestReader function tests that an io.Reader behaves correctly.

text/template

Newlines characters are now allowed inside action delimiters, permitting actions to span multiple lines.

The new template.ParseFS function and template.Template.ParseFS method are like template.ParseGlob and template.Template.ParseGlob, but read the templates from an fs.FS.

text/template/parse

A new CommentNode was added to the parse tree. The Mode field in the parse.Tree enables access to it.

time/tzdata

The slim timezone data format is now used for the timezone database in $GOROOT/lib/time/zoneinfo.zip and the embedded copy in this package. This reduces the size of the timezone database by about 350 KB.

unicode

The unicode package and associated support throughout the system has been upgraded from Unicode 12.0.0 to Unicode 13.0.0, which adds 5,930 new characters, including four new scripts, and 55 new emoji. Unicode 13.0.0 also designates plane 3 (U+30000-U+3FFFF) as the tertiary ideographic plane.