Go 1.19 Release Notes
Introduction to Go 1.19
The latest Go release, version 1.19, arrives five months after Go 1.18. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.
Changes to the language
There is only one small change to the language, a very small correction to the scope of type parameters in method declarations. Existing programs are unaffected.
The Go memory model has been
revised to align Go with
Go only provides sequentially consistent atomics, not any of the more relaxed forms found in other languages.
Along with the memory model update,
Go 1.19 introduces new types in the
that make it easier to use atomic values, such as
Go 1.19 adds support for the Loongson 64-bit architecture
on Linux (
The implemented ABI is LP64D. Minimum kernel version supported is 5.19.
Note that most existing commercial Linux distributions for LoongArch come with older kernels, with a historical incompatible system call ABI. Compiled binaries will not work on these systems, even if statically linked. Users on such unsupported systems are limited to the distribution-provided Go package.
riscv64 port now supports passing function arguments
and result using registers. Benchmarking shows typical performance
improvements of 10% or more on
Go 1.19 adds support for links, lists, and clearer headings in doc comments.
As part of this change,
now reformats doc comments to make their rendered meaning clearer.
See “Go Doc Comments”
for syntax details and descriptions of common mistakes now highlighted by
As another part of this change, the new package go/doc/comment
provides parsing and reformatting of doc comments
as well as support for rendering them to HTML, Markdown, and text.
unix build constraint
The build constraint
unix is now recognized
//go:build lines. The constraint is satisfied
if the target operating system, also known as
a Unix or Unix-like system. For the 1.19 release it is satisfied
GOOS is one of
In future releases the
unix constraint may match
additional newly supported operating systems.
-trimpath flag, if set, is now included in the build settings
stamped into Go binaries by
build, and can be
generate now sets the
environment variable explicitly in the generator’s environment, so that
generators can locate the correct
GOROOT even if built
generate now place
GOROOT/bin at the beginning of the
PATH used for the
subprocess, so tests and generators that execute the
will resolve it to same
env now quotes entries that contain spaces in
GOGCCFLAGS variables it reports.
-json now accepts a
comma-separated list of JSON fields to populate. If a list is specified,
the JSON output will include only those fields, and
list may avoid work to compute fields that are
not included. In some cases, this may suppress errors that would otherwise
go command now caches information necessary to load some modules,
which should result in a speed-up of some
vet checker “errorsas” now reports when
errors.As is called
with a second argument of type
a common mistake.
The runtime now includes support for a soft memory limit. This memory limit
includes the Go heap and all other memory managed by the runtime, and
excludes external memory sources such as mappings of the binary itself,
memory managed in other languages, and memory held by the operating system on
behalf of the Go program. This limit may be managed via
or the equivalent
environment variable. The limit works in conjunction with
and will be respected even if
GOGC=off, allowing Go programs to
always make maximal use of their memory limit, improving resource efficiency
in some cases. See the GC guide for
a detailed guide explaining the soft memory limit in more detail, as well as
a variety of common use-cases and scenarios. Please note that small memory
limits, on the order of tens of megabytes or less, are less likely to be
respected due to external latency factors, such as OS scheduling. See
issue 52433 for more details. Larger
memory limits, on the order of hundreds of megabytes or more, are stable and
In order to limit the effects of GC thrashing when the program’s live heap
size approaches the soft memory limit, the Go runtime also attempts to limit
total GC CPU utilization to 50%, excluding idle time, choosing to use more
memory over preventing application progress. In practice, we expect this limit
to only play a role in exceptional cases, and the new
/gc/limiter/last-enabled:gc-cycle reports when this last
The runtime now schedules many fewer GC worker goroutines on idle operating system threads when the application is idle enough to force a periodic GC cycle.
The runtime will now allocate initial goroutine stacks based on the historic average stack usage of goroutines. This avoids some of the early stack growth and copying needed in the average case in exchange for at most 2x wasted space on below-average goroutines.
On Unix operating systems, Go programs that import package
os now automatically increase the open file limit
RLIMIT_NOFILE) to the maximum allowed value;
that is, they change the soft limit to match the hard limit.
This corrects artificially low limits set on some systems for compatibility with very old C programs using the
select system call.
Go programs are not helped by that limit, and instead even simple programs like
often ran out of file descriptors on such systems when processing many files in parallel.
One impact of this change is that Go programs that in turn execute very old C programs in child processes
may run those programs with too high a limit.
This can be corrected by setting the hard limit before invoking the Go program.
Unrecoverable fatal errors (such as concurrent map writes, or unlock of
unlocked mutexes) now print a simpler traceback excluding runtime metadata
(equivalent to a fatal panic) unless
crash. Runtime-internal fatal error tracebacks always include
full metadata regardless of the value of
Support for debugger-injected function calls has been added on ARM64, enabling users to call functions from their binary in an interactive debugging session when using a debugger that is updated to make use of this functionality.
The address sanitizer support added in Go 1.18 now handles function arguments and global variables more precisely.
The compiler now uses
table to implement large integer and string switch statements.
Performance improvements for the switch statement vary but can be
on the order of 20% faster.
The Go compiler now requires the
-p=importpath flag to
build a linkable object file. This is already supplied by
go command and by Bazel. Any other build systems
that invoke the Go compiler directly will need to make sure they
pass this flag as well.
The Go compiler no longer accepts the
flag. Build systems that invoke the Go compiler directly must use
-importcfg flag instead.
Like the compiler, the assembler now requires the
-p=importpath flag to build a linkable object file.
This is already supplied by the
go command. Any other
build systems that invoke the Go assembler directly will need to
make sure they pass this flag as well.
On ELF platforms, the linker now emits compressed DWARF sections in
the standard gABI format (
SHF_COMPRESSED), instead of
New atomic types
sync/atomic package defines new atomic types
These types hide the underlying values so that all accesses are forced to use
the atomic APIs.
Pointer also avoids
the need to convert to
unsafe.Pointer at call sites.
automatically aligned to 64-bit boundaries in structs and allocated data,
even on 32-bit systems.
LookPath no longer
allow results from a PATH search to be found relative to the current directory.
This removes a common source of security problems
but may also break existing programs that depend on using, say,
to run a binary named
prog (or, on Windows,
prog.exe) in the current directory.
os/exec package documentation for
information about how best to update such programs.
LookPath now respect the
environment variable, making it possible to disable
the default implicit search of “
.” in PATH lookups on Windows systems.
Minor changes to the library
As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here.
now ignores non-ZIP data at the start of a ZIP file, matching most other implementations.
This is necessary to read some Java JAR files, among other uses.
Operating on invalid curve points (those for which the
IsOnCurve method returns false, and which are never returned
Unmarshal or by a
Curve method operating on a
valid point) has always been undefined behavior and can lead to key
recovery attacks. If an invalid point is supplied to
they will now panic.
ScalarBaseMult operations on the
P521 curves are now up to three
times faster, leading to similar speedups in some ECDSA operations. The
generic (not platform optimized)
P256 implementation was
replaced with one derived from a formally verified model; this might
lead to significant slowdowns on 32-bit platforms.
Read no longer buffers
random data obtained from the operating system between calls. Applications
that perform many small reads at high frequency might choose to wrap
Reader in a
bufio.Reader for performance
reasons, taking care to use
to ensure no partial reads occur.
On Plan 9,
Read has been reimplemented, replacing the ANSI
X9.31 algorithm with a fast key erasure generator.
implementation was changed to use only rejection sampling,
which removes a bias when generating small primes in non-cryptographic contexts,
removes one possible minor timing leak,
and better aligns the behavior with BoringSSL,
all while simplifying the implementation.
The change does produce different outputs for a given random source
stream compared to the previous implementation,
which can break tests written expecting specific results from
specific deterministic random sources.
To help prevent such problems in the future,
the implementation is now intentionally non-deterministic with respect to the input stream.
tls10default=1 has been
removed. It is still possible to enable TLS 1.0 client-side by setting
The TLS server and client now reject duplicate extensions in TLS handshakes, as required by RFC 5246, Section 184.108.40.206 and RFC 8446, Section 4.2.
no longer supports creating certificates with
CreateCertificate no longer accepts negative serial numbers.
CreateCertificate will not emit an empty SEQUENCE anymore
when the produced certificate has no extensions.
Removal of the
originally planned for Go 1.19, has been rescheduled to a future release.
Applications using it should work on migrating. Practical attacks against
SHA-1 have been demonstrated since 2017 and publicly trusted Certificate
Authorities have not issued SHA-1 certificates since 2015.
now reject certificates and CSRs which contain duplicate extensions.
methods allow cloning a
CertPool and checking the equivalence of two
The new function
provides a faster, safer to use CRL parser which returns a
Parsing a CRL also populates the new
Extensions, which are ignored by
The new method
checks that the signature on a CRL is a valid signature from a
are now deprecated in favor of
method is deprecated in favor of
The path builder of
was overhauled and should now produce better chains and/or be more efficient in complicated scenarios.
Name constraints are now also enforced on non-leaf certificates.
have been deprecated. The new
crypto/x509 CRL functionality
should be used instead.
support the loong64 port.
method, which returns a
provides access to COMDAT information in PE file sections.
These are supported by new
The new interface
provides efficient methods for appending a
to a byte slice.
LittleEndian now implement this interface.
Similarly, the new functions
are efficient appending versions of
The new method
reports the reader’s current input position as a byte offset,
The new method
reports the reader’s current input position as a line and column,
The new function
defines a flag with a value implementing
allowing command-line flag variables to have types such as
The new functions
append formatted data to byte slices.
The parser now recognizes
~x as a unary expression with operator
allowing better error recovery when a type constraint such as
~int is used in an incorrect context.
The new methods
Var.Origin return the
Object of the
generic type for synthetic
Var objects created during type
It is no longer possible to produce an infinite number of distinct-but-identical
Named type instantiations via
recursive calls to
The new functions
provide an efficient way hash a single byte slice or string.
They are equivalent to using the more general
with a single write, but they avoid setup overhead for small inputs.
is now an alias for
instead of its own named type.
This allows writing code that operates on a
FuncMap from either setting.
Go 1.19.8 and later
disallow actions in ECMAScript 6 template literals.
This behavior can be reverted by the
Draw with the
Src operator preserves
non-premultiplied-alpha colors when destination and source images are
This reverts a behavior change accidentally introduced by a Go 1.18
library optimization; the code now matches the behavior in Go 1.17 and earlier.
NopCloser’s result now implements
whenever its input does.
MultiReader’s result now implements
If any underlying reader does not implement
it is simulated appropriately.
On Windows only, the mime package now ignores a registry entry
recording that the extension
.js should have MIME
text/plain. This is a common unintentional
misconfiguration on Windows systems. The effect is
.js will have the default MIME
Applications that expect
text/plain on Windows must
now explicitly call
In Go 1.19.8 and later, this package sets limits the size
of the MIME data it processes to protect against malicious inputs.
Reader.NextRawPart limit the
number of headers in a part to 10000 and
the total number of headers in all
FileHeaders to 10000.
These limits may be adjusted with the
Reader.ReadForm further limits the number of parts in a form to 1000.
This limit may be adjusted with the
The pure Go resolver will now use EDNS(0) to include a suggested
maximum reply packet length, permitting reply packets to contain
up to 1232 bytes (the previous maximum was 512).
In the unlikely event that this causes problems with a local DNS
resolver, setting the environment variable
GODEBUG=netdns=cgo to use the cgo-based resolver
Please report any such problems on the
When a net package function or method returns an “I/O timeout”
error, the error will now satisfy
errors.Is(err, context.DeadlineExceeded). When a net package function
returns an “operation was canceled” error, the error will now
These changes are intended to make it easier for code to test
for cases in which a context cancellation or timeout causes a net
package function or method to return an error, while preserving
backward compatibility for error messages.
is now implemented on Windows and Plan 9. It previously only worked on Unix
platforms. Combined with
Resolver.Dial, it’s now
possible to write portable programs and be in control of all DNS name lookups
net package now has initial support for the
build tag on Windows. When used, the package uses the Go DNS client (as used
Resolver.PreferGo) instead of asking Windows for
DNS results. The upstream DNS server it discovers from Windows
may not yet be correct with complex system network configurations, however.
now supports sending user-defined 1xx informational headers.
io.ReadCloser returned by
will now return the defined error type
when its read limit is exceeded.
The HTTP client will handle a 3xx response without a
Location header by returning it to the caller,
rather than treating it as an error.
method create a new
URL by joining a list of path
URL type now distinguishes between URLs with no
authority and URLs with an empty authority. For example,
http:///path has an empty authority (host),
http:/path has none.
OmitHost is set to
true when a
URL has an empty authority.
Cmd with a non-empty
Env now implicitly sets the
variable for the subprocess to match
The new method
Cmd.Environ reports the
environment that would be used to run the command, including the
now accepts addressable arrays in addition to slices.
now successfully operate on a pointer to an array and return the length of that array,
to match what the builtin
cap functions do.
Go 1.18 release candidate 1, Go 1.17.8, and Go 1.16.15 included a security fix
to the regular expression parser, making it reject very deeply nested expressions.
Because Go patch releases do not introduce new API,
the parser returned
syntax.ErrInternalError in this case.
Go 1.19 adds a more specific error,
which the parser now returns instead.
GOROOT function now returns the empty string
"go") when the binary was built with
-trimpath flag set and the
variable is not set in the process environment.
reports the total number of calls made from Go to C. This metric is
identical to the
reports the last GC cycle when the GC CPU limiter was enabled. See the
runtime notes for details about the GC CPU limiter.
Stop-the-world pause times have been significantly reduced when collecting goroutine profiles, reducing the overall latency impact to the application.
MaxRSS is now reported in heap profiles for all Unix
operating systems (it was previously only reported for
The race detector has been upgraded to use thread sanitizer
version v3 on all supported platforms
openbsd/amd64, which remain on v2.
Compared to v2, it is now typically 1.5x to 2x faster, uses half
as much memory, and it supports an unlimited number of
On Linux, the race detector now requires at least glibc version
2.17 and GNU binutils 2.26.
The race detector is now supported on
Race detector support for
openbsd/amd64 has been
removed from thread sanitizer upstream, so it is unlikely to
ever be updated from v2.
When tracing and the CPU profiler are enabled simultaneously, the execution trace includes CPU profile samples as instantaneous events.
The sorting algorithm has been rewritten to use pattern-defeating quicksort, which is faster for several common scenarios.
The new function
but often easier to use: it returns an additional boolean reporting whether an equal value was found.
and related functions now quote the rune U+007F as
for consistency with other ASCII values.
On PowerPC (
now always return 0 for return value
r2 instead of an
On AIX and Solaris,
Getrusage is now defined.
The new method
provides a convenient and safe way to take the absolute value of a duration,
converting −2⁶³ to 2⁶³−1.
(This boundary case can happen as the result of subtracting a recent time from the zero time.)
The new method
returns the start and end times of the time zone in effect at a given time.
It can be used in a loop to enumerate all the known time zone transitions at a given location.