Go 1.19 Release Notes
Introduction to Go 1.19
The latest Go release, version 1.19, arrives five months after Go 1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.
Changes to the language
There is only one small change to the language, a very small correction to the scope of type parameters in method declarations. Existing programs are unaffected.
The Go memory model has been
revised to align Go with
Go only provides sequentially consistent atomics, not any of the more relaxed forms found in other languages.
Along with the memory model update,
Go 1.19 introduces new types in the
that make it easier to use atomic values, such as
Go 1.19 adds support for the Loongson 64-bit architecture
on Linux (
The implemented ABI is LP64D. Minimum kernel version supported is 5.19.
Note that most existing commercial Linux distributions for LoongArch come with older kernels, with a historical incompatible system call ABI. Compiled binaries will not work on these systems, even if statically linked. Users on such unsupported systems are limited to the distribution-provided Go package.
riscv64 port now supports passing function arguments
and result using registers. Benchmarking shows typical performance
improvements of 10% or more on
Go 1.19 adds support for links, lists, and clearer headings in doc comments.
As part of this change,
now reformats doc comments to make their rendered meaning clearer.
See “Go Doc Comments”
for syntax details and descriptions of common mistakes now highlighted by
As another part of this change, the new package go/doc/comment
provides parsing and reformatting of doc comments
as well as support for rendering them to HTML, Markdown, and text.
unix build constraint
The build constraint
unix is now recognized
//go:build lines. The constraint is satisfied
if the target operating system, also known as
a Unix or Unix-like system. For the 1.19 release it is satisfied
GOOS is one of
In future releases the
unix constraint may match
additional newly supported operating systems.
-trimpath flag, if set, is now included in the build settings
stamped into Go binaries by
build, and can be
generate now sets the
environment variable explicitly in the generator's environment, so that
generators can locate the correct
GOROOT even if built
generate now place
GOROOT/bin at the beginning of the
PATH used for the
subprocess, so tests and generators that execute the
will resolve it to same
env now quotes entries that contain spaces in
GOGCCFLAGS variables it reports.
-json now accepts a
comma-separated list of JSON fields to populate. If a list is specified,
the JSON output will include only those fields, and
list may avoid work to compute fields that are
not included. In some cases, this may suppress errors that would otherwise
go command now caches information necessary to load some modules,
which should result in a speed-up of some
vet checker “errorsas” now reports when
errors.As is called
with a second argument of type
a common mistake.
The runtime now includes support for a soft memory limit. This memory limit
includes the Go heap and all other memory managed by the runtime, and
excludes external memory sources such as mappings of the binary itself,
memory managed in other languages, and memory held by the operating system on
behalf of the Go program. This limit may be managed via
or the equivalent
environment variable. The limit works in conjunction with
and will be respected even if
GOGC=off, allowing Go programs to
always make maximal use of their memory limit, improving resource efficiency
in some cases. See the GC guide for
a detailed guide explaining the soft memory limit in more detail, as well as
a variety of common use-cases and scenarios. Please note that small memory
limits, on the order of tens of megabytes or less, are less likely to be
respected due to external latency factors, such as OS scheduling. See
issue 52433 for more details. Larger
memory limits, on the order of hundreds of megabytes or more, are stable and
In order to limit the effects of GC thrashing when the program's live heap
size approaches the soft memory limit, the Go runtime also attempts to limit
total GC CPU utilization to 50%, excluding idle time, choosing to use more
memory over preventing application progress. In practice, we expect this limit
to only play a role in exceptional cases, and the new
/gc/limiter/last-enabled:gc-cycle reports when this last
The runtime now schedules many fewer GC worker goroutines on idle operating system threads when the application is idle enough to force a periodic GC cycle.
The runtime will now allocate initial goroutine stacks based on the historic average stack usage of goroutines. This avoids some of the early stack growth and copying needed in the average case in exchange for at most 2x wasted space on below-average goroutines.
On Unix operating systems, Go programs that import package
os now automatically increase the open file limit
RLIMIT_NOFILE) to the maximum allowed value;
that is, they change the soft limit to match the hard limit.
This corrects artificially low limits set on some systems for compatibility with very old C programs using the
select system call.
Go programs are not helped by that limit, and instead even simple programs like
often ran out of file descriptors on such systems when processing many files in parallel.
One impact of this change is that Go programs that in turn execute very old C programs in child processes
may run those programs with too high a limit.
This can be corrected by setting the hard limit before invoking the Go program.
Unrecoverable fatal errors (such as concurrent map writes, or unlock of
unlocked mutexes) now print a simpler traceback excluding runtime metadata
(equivalent to a fatal panic) unless
crash. Runtime-internal fatal error tracebacks always include
full metadata regardless of the value of
Support for debugger-injected function calls has been added on ARM64, enabling users to call functions from their binary in an interactive debugging session when using a debugger that is updated to make use of this functionality.
The address sanitizer support added in Go 1.18 now handles function arguments and global variables more precisely.
The compiler now uses
table to implement large integer and string switch statements.
Performance improvements for the switch statement vary but can be
on the order of 20% faster.
The Go compiler now requires the
-p=importpath flag to
build a linkable object file. This is already supplied by
go command and by Bazel. Any other build systems
that invoke the Go compiler directly will need to make sure they
pass this flag as well.
The Go compiler no longer accepts the
flag. Build systems that invoke the Go compiler directly must use
-importcfg flag instead.
Like the compiler, the assembler now requires the
-p=importpath flag to build a linkable object file.
This is already supplied by the
go command. Any other
build systems that invoke the Go assembler directly will need to
make sure they pass this flag as well.
On ELF platforms, the linker now emits compressed DWARF sections in
the standard gABI format (
SHF_COMPRESSED), instead of
New atomic types
sync/atomic package defines new atomic types
These types hide the underlying values so that all accesses are forced to use
the atomic APIs.
Pointer also avoids
the need to convert to
unsafe.Pointer at call sites.
automatically aligned to 64-bit boundaries in structs and allocated data,
even on 32-bit systems.
LookPath no longer
allow results from a PATH search to be found relative to the current directory.
This removes a common source of security problems
but may also break existing programs that depend on using, say,
to run a binary named
prog (or, on Windows,
prog.exe) in the current directory.
os/exec package documentation for
information about how best to update such programs.
LookPath now respect the
environment variable, making it possible to disable
the default implicit search of “
.” in PATH lookups on Windows systems.
Minor changes to the library
As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here.
Readernow ignores non-ZIP data at the start of a ZIP file, matching most other implementations. This is necessary to read some Java JAR files, among other uses.
Operating on invalid curve points (those for which the
IsOnCurvemethod returns false, and which are never returned by
Unmarshalor by a
Curvemethod operating on a valid point) has always been undefined behavior and can lead to key recovery attacks. If an invalid point is supplied to
ScalarMult, they will now panic.
ScalarBaseMultoperations on the
P521curves are now up to three times faster, leading to similar speedups in some ECDSA operations. The generic (not platform optimized)
P256implementation was replaced with one derived from a formally verified model; this might lead to significant slowdowns on 32-bit platforms.
Readno longer buffers random data obtained from the operating system between calls. Applications that perform many small reads at high frequency might choose to wrap
bufio.Readerfor performance reasons, taking care to use
io.ReadFullto ensure no partial reads occur.
On Plan 9,
Readhas been reimplemented, replacing the ANSI X9.31 algorithm with a fast key erasure generator.
Primeimplementation was changed to use only rejection sampling, which removes a bias when generating small primes in non-cryptographic contexts, removes one possible minor timing leak, and better aligns the behavior with BoringSSL, all while simplifying the implementation. The change does produce different outputs for a given random source stream compared to the previous implementation, which can break tests written expecting specific results from specific deterministic random sources. To help prevent such problems in the future, the implementation is now intentionally non-deterministic with respect to the input stream.
tls10default=1has been removed. It is still possible to enable TLS 1.0 client-side by setting
The TLS server and client now reject duplicate extensions in TLS handshakes, as required by RFC 5246, Section 220.127.116.11 and RFC 8446, Section 4.2.
CreateCertificateno longer supports creating certificates with
CreateCertificateno longer accepts negative serial numbers.
CreateCertificatewill not emit an empty SEQUENCE anymore when the produced certificate has no extensions.
Removal of the
x509sha1=1, originally planned for Go 1.19, has been rescheduled to a future release. Applications using it should work on migrating. Practical attacks against SHA-1 have been demonstrated since 2017 and publicly trusted Certificate Authorities have not issued SHA-1 certificates since 2015.
ParseCertificateRequestnow reject certificates and CSRs which contain duplicate extensions.
CertPool.Equalmethods allow cloning a
CertPooland checking the equivalence of two
The new function
ParseRevocationListprovides a faster, safer to use CRL parser which returns a
RevocationList. Parsing a CRL also populates the new
Extensions, which are ignored by
The new method
RevocationList.CheckSignatureFromchecks that the signature on a CRL is a valid signature from a
ParseDERCRLfunctions are now deprecated in favor of
Certificate.CheckCRLSignaturemethod is deprecated in favor of
The path builder of
Certificate.Verifywas overhauled and should now produce better chains and/or be more efficient in complicated scenarios. Name constraints are now also enforced on non-leaf certificates.
TBSCertificateListhave been deprecated. The new
crypto/x509CRL functionality should be used instead.
R_LARCH_*constants support the loong64 port.
File.COFFSymbolReadSectionDefAuxmethod, which returns a
COFFSymbolAuxFormat5, provides access to COMDAT information in PE file sections. These are supported by new
The new interface
AppendByteOrderprovides efficient methods for appending a
uint64to a byte slice.
LittleEndiannow implement this interface.
Similarly, the new functions
AppendVarintare efficient appending versions of
The new method
Reader.InputOffsetreports the reader's current input position as a byte offset, analogous to
The new method
Decoder.InputPosreports the reader's current input position as a line and column, analogous to
The new function
TextVardefines a flag with a value implementing
encoding.TextUnmarshaler, allowing command-line flag variables to have types such as
The new functions
Appendlnappend formatted data to byte slices.
The parser now recognizes
~xas a unary expression with operator token.TILDE, allowing better error recovery when a type constraint such as
~intis used in an incorrect context.
The new methods
Var.Originreturn the corresponding
Objectof the generic type for synthetic
Varobjects created during type instantiation.
It is no longer possible to produce an infinite number of distinct-but-identical
Namedtype instantiations via recursive calls to
The new functions
Stringprovide an efficient way hash a single byte slice or string. They are equivalent to using the more general
Hashwith a single write, but they avoid setup overhead for small inputs.
FuncMapis now an alias for
FuncMapinstead of its own named type. This allows writing code that operates on a
FuncMapfrom either setting.
Go 1.19.8 and later disallow actions in ECMAScript 6 template literals. This behavior can be reverted by the
Srcoperator preserves non-premultiplied-alpha colors when destination and source images are both
image.NRGBA64. This reverts a behavior change accidentally introduced by a Go 1.18 library optimization; the code now matches the behavior in Go 1.17 and earlier.
NopCloser's result now implements
WriterTowhenever its input does.
MultiReader's result now implements
WriterTounconditionally. If any underlying reader does not implement
WriterTo, it is simulated appropriately.
On Windows only, the mime package now ignores a registry entry recording that the extension
.jsshould have MIME type
text/plain. This is a common unintentional misconfiguration on Windows systems. The effect is that
.jswill have the default MIME type
text/plainon Windows must now explicitly call
In Go 1.19.8 and later, this package sets limits the size of the MIME data it processes to protect against malicious inputs.
Reader.NextRawPartlimit the number of headers in a part to 10000 and
Reader.ReadFormlimits the total number of headers in all
FileHeadersto 10000. These limits may be adjusted with the
Reader.ReadFormfurther limits the number of parts in a form to 1000. This limit may be adjusted with the
The pure Go resolver will now use EDNS(0) to include a suggested maximum reply packet length, permitting reply packets to contain up to 1232 bytes (the previous maximum was 512). In the unlikely event that this causes problems with a local DNS resolver, setting the environment variable
GODEBUG=netdns=cgoto use the cgo-based resolver should work. Please report any such problems on the issue tracker.
When a net package function or method returns an "I/O timeout" error, the error will now satisfy
errors.Is(err, context.DeadlineExceeded). When a net package function returns an "operation was canceled" error, the error will now satisfy
errors.Is(err, context.Canceled). These changes are intended to make it easier for code to test for cases in which a context cancellation or timeout causes a net package function or method to return an error, while preserving backward compatibility for error messages.
Resolver.PreferGois now implemented on Windows and Plan 9. It previously only worked on Unix platforms. Combined with
Resolver.Dial, it's now possible to write portable programs and be in control of all DNS name lookups when dialing.
netpackage now has initial support for the
netgobuild tag on Windows. When used, the package uses the Go DNS client (as used by
Resolver.PreferGo) instead of asking Windows for DNS results. The upstream DNS server it discovers from Windows may not yet be correct with complex system network configurations, however.
ResponseWriter.WriteHeadernow supports sending user-defined 1xx informational headers.
MaxBytesReaderwill now return the defined error type
MaxBytesErrorwhen its read limit is exceeded.
The HTTP client will handle a 3xx response without a
Locationheader by returning it to the caller, rather than treating it as an error.
URL.JoinPathmethod create a new
URLby joining a list of path elements.
URLtype now distinguishes between URLs with no authority and URLs with an empty authority. For example,
http:///pathhas an empty authority (host), while
OmitHostis set to
URLhas an empty authority.
Cmdwith a non-empty
Dirfield and nil
Envnow implicitly sets the
PWDenvironment variable for the subprocess to match
The new method
Cmd.Environreports the environment that would be used to run the command, including the implicitly set
Value.Bytesnow accepts addressable arrays in addition to slices.
Value.Capnow successfully operate on a pointer to an array and return the length of that array, to match what the builtin
Go 1.18 release candidate 1, Go 1.17.8, and Go 1.16.15 included a security fix to the regular expression parser, making it reject very deeply nested expressions. Because Go patch releases do not introduce new API, the parser returned
syntax.ErrInternalErrorin this case. Go 1.19 adds a more specific error,
syntax.ErrNestingDepth, which the parser now returns instead.
GOROOTfunction now returns the empty string (instead of
"go") when the binary was built with the
-trimpathflag set and the
GOROOTvariable is not set in the process environment.
/sched/gomaxprocs:threadsmetric reports the current
/cgo/go-to-c-calls:callsmetric reports the total number of calls made from Go to C. This metric is identical to the
/gc/limiter/last-enabled:gc-cyclemetric reports the last GC cycle when the GC CPU limiter was enabled. See the runtime notes for details about the GC CPU limiter.
Stop-the-world pause times have been significantly reduced when collecting goroutine profiles, reducing the overall latency impact to the application.
MaxRSSis now reported in heap profiles for all Unix operating systems (it was previously only reported for
The race detector has been upgraded to use thread sanitizer version v3 on all supported platforms except
openbsd/amd64, which remain on v2. Compared to v2, it is now typically 1.5x to 2x faster, uses half as much memory, and it supports an unlimited number of goroutines. On Linux, the race detector now requires at least glibc version 2.17 and GNU binutils 2.26.
The race detector is now supported on
Race detector support for
openbsd/amd64has been removed from thread sanitizer upstream, so it is unlikely to ever be updated from v2.
When tracing and the CPU profiler are enabled simultaneously, the execution trace includes CPU profile samples as instantaneous events.
The sorting algorithm has been rewritten to use pattern-defeating quicksort, which is faster for several common scenarios.
The new function
Searchbut often easier to use: it returns an additional boolean reporting whether an equal value was found.
Quoteand related functions now quote the rune U+007F as
\u007f, for consistency with other ASCII values.
On PowerPC (
RawSyscall6now always return 0 for return value
r2instead of an undefined value.
On AIX and Solaris,
Getrusageis now defined.
The new method
Duration.Absprovides a convenient and safe way to take the absolute value of a duration, converting −2⁶³ to 2⁶³−1. (This boundary case can happen as the result of subtracting a recent time from the zero time.)
The new method
Time.ZoneBoundsreturns the start and end times of the time zone in effect at a given time. It can be used in a loop to enumerate all the known time zone transitions at a given location.