Go 1.14 Release Notes

Introduction to Go 1.14

The latest Go release, version 1.14, arrives six months after Go 1.13. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before.

Module support in the go command is now ready for production use, and we encourage all users to migrate to Go modules for dependency management. If you are unable to migrate due to a problem in the Go toolchain, please ensure that the problem has an open issue filed. (If the issue is not on the Go1.15 milestone, please let us know why it prevents you from migrating so that we can prioritize it appropriately.)

Changes to the language

Per the overlapping interfaces proposal, Go 1.14 now permits embedding of interfaces with overlapping method sets: methods from an embedded interface may have the same names and identical signatures as methods already present in the (embedding) interface. This solves problems that typically (but not exclusively) occur with diamond-shaped embedding graphs. Explicitly declared methods in an interface must remain unique, as before.

Ports

Darwin

Go 1.14 is the last release that will run on macOS 10.11 El Capitan. Go 1.15 will require macOS 10.12 Sierra or later.

Go 1.14 is the last Go release to support 32-bit binaries on macOS (the darwin/386 port). They are no longer supported by macOS, starting with macOS 10.15 (Catalina). Go continues to support the 64-bit darwin/amd64 port.

Go 1.14 will likely be the last Go release to support 32-bit binaries on iOS, iPadOS, watchOS, and tvOS (the darwin/arm port). Go continues to support the 64-bit darwin/arm64 port.

Windows

Go binaries on Windows now have DEP (Data Execution Prevention) enabled.

On Windows, creating a file via os.OpenFile with the os.O_CREATE flag, or via syscall.Open with the syscall.O_CREAT flag, will now create the file as read-only if the bit 0o200 (owner write permission) is not set in the permission argument. This makes the behavior on Windows more like that on Unix systems.

WebAssembly

JavaScript values referenced from Go via js.Value objects can now be garbage collected.

js.Value values can no longer be compared using the == operator, and instead must be compared using their Equal method.

js.Value now has IsUndefined, IsNull, and IsNaN methods.

RISC-V

Go 1.14 contains experimental support for 64-bit RISC-V on Linux (GOOS=linux, GOARCH=riscv64). Be aware that performance, assembly syntax stability, and possibly correctness are a work in progress.

FreeBSD

Go now supports the 64-bit ARM architecture on FreeBSD 12.0 or later (the freebsd/arm64 port).

Native Client (NaCl)

As announced in the Go 1.13 release notes, Go 1.14 drops support for the Native Client platform (GOOS=nacl).

Illumos

The runtime now respects zone CPU caps (the zone.cpu-cap resource control) for runtime.NumCPU and the default value of GOMAXPROCS.

Tools

Go command

Vendoring

When the main module contains a top-level vendor directory and its go.mod file specifies go 1.14 or higher, the go command now defaults to -mod=vendor for operations that accept that flag. A new value for that flag, -mod=mod, causes the go command to instead load modules from the module cache (as when no vendor directory is present).

When -mod=vendor is set (explicitly or by default), the go command now verifies that the main module’s vendor/modules.txt file is consistent with its go.mod file.

go list -m no longer silently omits transitive dependencies that do not provide packages in the vendor directory. It now fails explicitly if -mod=vendor is set and information is requested for a module not mentioned in vendor/modules.txt.

Flags

The go get command no longer accepts the -mod flag. Previously, the flag’s setting either was ignored or caused the build to fail.

-mod=readonly is now set by default when the go.mod file is read-only and no top-level vendor directory is present.

-modcacherw is a new flag that instructs the go command to leave newly-created directories in the module cache at their default permissions rather than making them read-only. The use of this flag makes it more likely that tests or other tools will accidentally add files not included in the module’s verified checksum. However, it allows the use of rm -rf (instead of go clean -modcache) to remove the module cache.

-modfile=file is a new flag that instructs the go command to read (and possibly write) an alternate go.mod file instead of the one in the module root directory. A file named go.mod must still be present in order to determine the module root directory, but it is not accessed. When -modfile is specified, an alternate go.sum file is also used: its path is derived from the -modfile flag by trimming the .mod extension and appending .sum.

Environment variables

GOINSECURE is a new environment variable that instructs the go command to not require an HTTPS connection, and to skip certificate validation, when fetching certain modules directly from their origins. Like the existing GOPRIVATE variable, the value of GOINSECURE is a comma-separated list of glob patterns.

Commands outside modules

When module-aware mode is enabled explicitly (by setting GO111MODULE=on), most module commands have more limited functionality if no go.mod file is present. For example, go build, go run, and other build commands can only build packages in the standard library and packages specified as .go files on the command line.

Previously, the go command would resolve each package path to the latest version of a module but would not record the module path or version. This resulted in slow, non-reproducible builds.

go get continues to work as before, as do go mod download and go list -m with explicit versions.

+incompatible versions

If the latest version of a module contains a go.mod file, go get will no longer upgrade to an incompatible major version of that module unless such a version is requested explicitly or is already required. go list also omits incompatible major versions for such a module when fetching directly from version control, but may include them if reported by a proxy.

go.mod file maintenance

go commands other than go mod tidy no longer remove a require directive that specifies a version of an indirect dependency that is already implied by other (transitive) dependencies of the main module.

go commands other than go mod tidy no longer edit the go.mod file if the changes are only cosmetic.

When -mod=readonly is set, go commands will no longer fail due to a missing go directive or an erroneous // indirect comment.

Module downloading

The go command now supports Subversion repositories in module mode.

The go command now includes snippets of plain-text error messages from module proxies and other HTTP servers. An error message will only be shown if it is valid UTF-8 and consists of only graphic characters and spaces.

Testing

go test -v now streams t.Log output as it happens, rather than at the end of all tests.

Runtime

This release improves the performance of most uses of defer to incur almost zero overhead compared to calling the deferred function directly. As a result, defer can now be used in performance-critical code without overhead concerns.

Goroutines are now asynchronously preemptible. As a result, loops without function calls no longer potentially deadlock the scheduler or significantly delay garbage collection. This is supported on all platforms except windows/arm, darwin/arm, js/wasm, and plan9/*.

A consequence of the implementation of preemption is that on Unix systems, including Linux and macOS systems, programs built with Go 1.14 will receive more signals than programs built with earlier releases. This means that programs that use packages like syscall or golang.org/x/sys/unix will see more slow system calls fail with EINTR errors. Those programs will have to handle those errors in some way, most likely looping to try the system call again. For more information about this see man 7 signal for Linux systems or similar documentation for other systems.

The page allocator is more efficient and incurs significantly less lock contention at high values of GOMAXPROCS. This is most noticeable as lower latency and higher throughput for large allocations being done in parallel and at a high rate.

Internal timers, used by time.After, time.Tick, net.Conn.SetDeadline, and friends, are more efficient, with less lock contention and fewer context switches. This is a performance improvement that should not cause any user visible changes.

Compiler

This release adds -d=checkptr as a compile-time option for adding instrumentation to check that Go code is following unsafe.Pointer safety rules dynamically. This option is enabled by default (except on Windows) with the -race or -msan flags, and can be disabled with -gcflags=all=-d=checkptr=0. Specifically, -d=checkptr checks the following:

  1. When converting unsafe.Pointer to *T, the resulting pointer must be aligned appropriately for T.
  2. If the result of pointer arithmetic points into a Go heap object, one of the unsafe.Pointer-typed operands must point into the same object.

Using -d=checkptr is not currently recommended on Windows because it causes false alerts in the standard library.

The compiler can now emit machine-readable logs of key optimizations using the -json flag, including inlining, escape analysis, bounds-check elimination, and nil-check elimination.

Detailed escape analysis diagnostics (-m=2) now work again. This had been dropped from the new escape analysis implementation in the previous release.

All Go symbols in macOS binaries now begin with an underscore, following platform conventions.

This release includes experimental support for compiler-inserted coverage instrumentation for fuzzing. See issue 14565 for more details. This API may change in future releases.

Bounds check elimination now uses information from slice creation and can eliminate checks for indexes with types smaller than int.

Core library

New byte sequence hashing package

Go 1.14 includes a new package, hash/maphash, which provides hash functions on byte sequences. These hash functions are intended to be used to implement hash tables or other data structures that need to map arbitrary strings or byte sequences to a uniform distribution on unsigned 64-bit integers.

The hash functions are collision-resistant but not cryptographically secure.

The hash value of a given byte sequence is consistent within a single process, but will be different in different processes.

Minor changes to the library

As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind.

crypto/tls

Support for SSL version 3.0 (SSLv3) has been removed. Note that SSLv3 is the cryptographically broken protocol predating TLS.

TLS 1.3 can’t be disabled via the GODEBUG environment variable anymore. Use the Config.MaxVersion field to configure TLS versions.

When multiple certificate chains are provided through the Config.Certificates field, the first one compatible with the peer is now automatically selected. This allows for example providing an ECDSA and an RSA certificate, and letting the package automatically select the best one. Note that the performance of this selection is going to be poor unless the Certificate.Leaf field is set. The Config.NameToCertificate field, which only supports associating a single certificate with a give name, is now deprecated and should be left as nil. Similarly the Config.BuildNameToCertificate method, which builds the NameToCertificate field from the leaf certificates, is now deprecated and should not be called.

The new CipherSuites and InsecureCipherSuites functions return a list of currently implemented cipher suites. The new CipherSuiteName function returns a name for a cipher suite ID.

The new (*ClientHelloInfo).SupportsCertificate and (*CertificateRequestInfo).SupportsCertificate methods expose whether a peer supports a certain certificate.

The tls package no longer supports the legacy Next Protocol Negotiation (NPN) extension and now only supports ALPN. In previous releases it supported both. There are no API changes and applications should function identically as before. Most other clients and servers have already removed NPN support in favor of the standardized ALPN.

RSA-PSS signatures are now used when supported in TLS 1.2 handshakes. This won’t affect most applications, but custom Certificate.PrivateKey implementations that don’t support RSA-PSS signatures will need to use the new Certificate.SupportedSignatureAlgorithms field to disable them.

Config.Certificates and Config.GetCertificate can now both be nil if Config.GetConfigForClient is set. If the callbacks return neither certificates nor an error, the unrecognized_name is now sent.

The new CertificateRequestInfo.Version field provides the TLS version to client certificates callbacks.

The new TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 constants use the final names for the cipher suites previously referred to as TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 and TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305.

crypto/x509

Certificate.CreateCRL now supports Ed25519 issuers.

debug/dwarf

The debug/dwarf package now supports reading DWARF version 5.

The new method (*Data).AddSection supports adding arbitrary new DWARF sections from the input file to the DWARF Data.

The new method (*Reader).ByteOrder returns the byte order of the current compilation unit. This may be used to interpret attributes that are encoded in the native ordering, such as location descriptions.

The new method (*LineReader).Files returns the file name table from a line reader. This may be used to interpret the value of DWARF attributes such as AttrDeclFile.

encoding/asn1

Unmarshal now supports ASN.1 string type BMPString, represented by the new TagBMPString constant.

encoding/json

The Decoder type supports a new method InputOffset that returns the input stream byte offset of the current decoder position.

Compact no longer escapes the U+2028 and U+2029 characters, which was never a documented feature. For proper escaping, see HTMLEscape.

Number no longer accepts invalid numbers, to follow the documented behavior more closely. If a program needs to accept invalid numbers like the empty string, consider wrapping the type with Unmarshaler.

Unmarshal can now support map keys with string underlying type which implement encoding.TextUnmarshaler.

go/build

The Context type has a new field Dir which may be used to set the working directory for the build. The default is the current directory of the running process. In module mode, this is used to locate the main module.

go/doc

The new function NewFromFiles computes package documentation from a list of *ast.File’s and associates examples with the appropriate package elements. The new information is available in a new Examples field in the Package, Type, and Func types, and a new Suffix field in the Example type.

io/ioutil

TempDir can now create directories whose names have predictable prefixes and suffixes. As with TempFile, if the pattern contains a ‘*’, the random string replaces the last ‘*’.

log

The new Lmsgprefix flag may be used to tell the logging functions to emit the optional output prefix immediately before the log message rather than at the start of the line.

math

The new FMA function computes x*y+z in floating point with no intermediate rounding of the x*y computation. Several architectures implement this computation using dedicated hardware instructions for additional performance.

math/big

The GCD method now allows the inputs a and b to be zero or negative.

math/bits

The new functions Rem, Rem32, and Rem64 support computing a remainder even when the quotient overflows.

mime

The default type of .js and .mjs files is now text/javascript rather than application/javascript. This is in accordance with an IETF draft that treats application/javascript as obsolete.

mime/multipart

The new Reader method NextRawPart supports fetching the next MIME part without transparently decoding quoted-printable data.

net/http

The new Header method Values can be used to fetch all values associated with a canonicalized key.

The new Transport field DialTLSContext can be used to specify an optional dial function for creating TLS connections for non-proxied HTTPS requests. This new field can be used instead of DialTLS, which is now considered deprecated; DialTLS will continue to work, but new code should use DialTLSContext, which allows the transport to cancel dials as soon as they are no longer needed.

On Windows, ServeFile now correctly serves files larger than 2GB.

net/http/httptest

The new Server field EnableHTTP2 supports enabling HTTP/2 on the test server.

net/textproto

The new MIMEHeader method Values can be used to fetch all values associated with a canonicalized key.

net/url

When parsing of a URL fails (for example by Parse or ParseRequestURI), the resulting Error message will now quote the unparsable URL. This provides clearer structure and consistency with other parsing errors.

os/signal

On Windows, the CTRL_CLOSE_EVENT, CTRL_LOGOFF_EVENT, and CTRL_SHUTDOWN_EVENT events now generate a syscall.SIGTERM signal, similar to how Control-C and Control-Break generate a syscall.SIGINT signal.

plugin

The plugin package now supports freebsd/amd64.

reflect

StructOf now supports creating struct types with unexported fields, by setting the PkgPath field in a StructField element.

runtime

runtime.Goexit can no longer be aborted by a recursive panic/recover.

On macOS, SIGPIPE is no longer forwarded to signal handlers installed before the Go runtime is initialized. This is necessary because macOS delivers SIGPIPE to the main thread rather than the thread writing to the closed pipe.

runtime/pprof

The generated profile no longer includes the pseudo-PCs used for inline marks. Symbol information of inlined functions is encoded in the format the pprof tool expects. This is a fix for the regression introduced during recent releases.

strconv

The NumError type now has an Unwrap method that may be used to retrieve the reason that a conversion failed. This supports using NumError values with errors.Is to see if the underlying error is strconv.ErrRange or strconv.ErrSyntax.

sync

Unlocking a highly contended Mutex now directly yields the CPU to the next goroutine waiting for that Mutex. This significantly improves the performance of highly contended mutexes on high CPU count machines.

testing

The testing package now supports cleanup functions, called after a test or benchmark has finished, by calling T.Cleanup or B.Cleanup respectively.

text/template

The text/template package now correctly reports errors when a parenthesized argument is used as a function. This most commonly shows up in erroneous cases like {{if (eq .F "a") or (eq .F "b")}}. This should be written as {{if or (eq .F "a") (eq .F "b")}}. The erroneous case never worked as expected, and will now be reported with an error can't give argument to non-function.

JSEscape now escapes the & and = characters to mitigate the impact of its output being misused in HTML contexts.

unicode

The unicode package and associated support throughout the system has been upgraded from Unicode 11.0 to Unicode 12.0, which adds 554 new characters, including four new scripts, and 61 new emoji.