Damien Neil [Thu, 26 Feb 2026 17:54:33 +0000 (09:54 -0800)]
[release-branch.go1.26] os: avoid escape from Root via ReadDir or Readdir
When reading the contents of a directory using
File.ReadDir or File.Readdir, the os.FileInfo was
populated on Unix platforms using lstat.
This lstat call is vulnerable to a TOCTOU race
and could escape the root.
For example:
- Open the directory "dir" within a Root.
This directory contains a file named "file".
- Use File.ReadDir to list the contents of "dir",
receiving a os.DirEntry for "dir/file".
- Replace "dir" with a symlink to "/etc".
- Use DirEntry.Info to retrieve the FileInfo for "dir/file".
This FileInfo contains information on "/etc/file" instead.
This escape permits identifying the presence or absence of
files outside a Root, as well as retreiving stat metadata
(size, mode, modification time, etc.) for files outside a Root.
This escape does not permit reading or writing to files
outside a Root.
For #77827
Fixes #77834
Fixes CVE-2026-27139
Change-Id: I40004f830c588e516aff8ee593d630d36a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/749480
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Nicholas Husin <nsh@golang.org>
Auto-Submit: Damien Neil <dneil@google.com>
(cherry picked from commit 657ed934e85dc575aad51356c4b437961e7c1313)
Reviewed-on: https://go-review.googlesource.com/c/go/+/749822
Nicholas S. Husin [Tue, 10 Feb 2026 22:17:19 +0000 (17:17 -0500)]
[release-branch.go1.26] net/smtp: prevent test failures due to expired test certificate
The current localhostCert used for testing seems to have its expiry date
mistakenly set to Mar 18 19:27:54 2026 GMT.
To prevent test failures, use fixed time in tests. Also, regenerate the
certificate so we can fix the time to UNIX epoch (the current
certificate is only valid after Mar 18 2025).
Fixes #77532
Change-Id: I3136d29eaa0c8c4361f5627003f08a0059702f0d
Reviewed-on: https://go-review.googlesource.com/c/go/+/744260 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Nicholas Husin <husin@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 215a070a049ce449480ca6948e7fafdeb7b16920)
Reviewed-on: https://go-review.googlesource.com/c/go/+/748061
Roland Shoemaker [Tue, 3 Feb 2026 02:29:51 +0000 (18:29 -0800)]
[release-branch.go1.26] cmd/go: fix pkg-config flag sanitization
Implement a new pkg-config safe flag list (containing everything except
for --log-file) and use that when checking flags passed to pkg-config,
instead of using checkCompilerFlags.
Updates #77387
Fixes #77474
Change-Id: Id6141d0a2934053aa43e3aa8ce402bd499c4c028
Reviewed-on: https://go-review.googlesource.com/c/go/+/741042
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
(cherry picked from commit 28fbdf7acb4146b5bc3d88128e407d1344691839)
Reviewed-on: https://go-review.googlesource.com/c/go/+/745480 Reviewed-by: David Chase <drchase@google.com>
Youlin Feng [Sat, 14 Feb 2026 10:55:34 +0000 (18:55 +0800)]
[release-branch.go1.26] cmd/compile: avoid folding 64-bit integers into 32-bit constants
Folding a 64-bit integer into a 32-bit constant may result in a negative
integer if the value exceeds math.MaxInt32 (the maximum value of a 32-
bit signed integer). This negative value will be sign-extended to 64
bits at runtime, leading to unexpected results when used in bitwise
AND/OR operations.
Fixes #77618
Change-Id: Idb081a3c20c28bddddcc8eff1225d62123b37a2d
Reviewed-on: https://go-review.googlesource.com/c/go/+/745581
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit 3c8b5e673816c733f13a38b1ed1f53d7d49ea084)
Reviewed-on: https://go-review.googlesource.com/c/go/+/745840 Reviewed-by: Jorropo <jorropo.pgm@gmail.com> Reviewed-by: Mark Freeman <markfreeman@google.com>
Cuong Manh Le [Wed, 21 Jan 2026 07:39:20 +0000 (14:39 +0700)]
[release-branch.go1.26] cmd/compile: fix mis-compilation for static array initialization
The bug was first introduced when the compiler is still written in C,
with CL 2254041. The static array was laid out with the wrong context,
causing a stack pointer will be stored in global object.
Fixes #77252
Change-Id: I22c8393314d251beb53db537043a63714c84f36a
Reviewed-on: https://go-review.googlesource.com/c/go/+/737821 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Keith Randall <khr@golang.org>
(cherry picked from commit dae71067ce7ee41ebe752a4ee3c544506e74f824)
Reviewed-on: https://go-review.googlesource.com/c/go/+/738940 Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
khr@golang.org [Sat, 14 Feb 2026 18:04:13 +0000 (10:04 -0800)]
[release-branch.go1.26] cmd/compile: don't drop same register twice
For instructions that clobber both of their input registers, make
sure we don't clobber the same register twice when both input
registers are the same.
This is rare, but it can happen.
Fixes #77623
Change-Id: I794249cf43a8cc4ab3262055daef9193e2442f73
Reviewed-on: https://go-review.googlesource.com/c/go/+/745621 Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Jorropo <jorropo.pgm@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit f65692ea562bf24c21ae46854e98584dd4bcc201)
Reviewed-on: https://go-review.googlesource.com/c/go/+/745820 Reviewed-by: Mark Freeman <markfreeman@google.com>
Keith Randall [Tue, 24 Feb 2026 23:31:08 +0000 (15:31 -0800)]
[release-branch.go1.26] reflect: use &zeroVal[0] instead of nil for data field for zero-sized payloads
Because our wrapper functions barf if the pointer is nil, even if
we don't actually dereference the pointer.
Fixes #77780
Change-Id: Ib1b93d9f0fdc771cd884137007508ba2b1da4b7a
Reviewed-on: https://go-review.googlesource.com/c/go/+/748660 Reviewed-by: Ian Lance Taylor <iant@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Keith Randall <khr@google.com>
(cherry picked from commit 60dc96479a85db0e245a5c14d964628169abedf4)
Reviewed-on: https://go-review.googlesource.com/c/go/+/748720 Reviewed-by: David Chase <drchase@google.com>
Since types.TypeHash() returns a uint32, casting it to a wider integer
implies zero-extend. This diverges from the definition of AuxInt, in
which "Unused portions are filled by sign-extending the used portion,
even if the represented value is unsigned."
As a result, ssa.checkFunc(), where AuxInt is checked against the
mentioned rule, is unhappy and shouts:
internal compiler error: 'typeAsserts': bad int32 AuxInt value for v1317
Reproduce it with:
GOARCH=mips go tool compile -m -d=ssa/check/on test/devirtualization.go
This is only reproducible with GOARCH=mips/mipsle (cross and native).
Probably the rewrite rules of other architectures prevent Hash from
running into rewriteFixedLoad.
Fix it by emit sign-extend properly. Additionally, do the same for Kind_
as reflectdata.ABIKindOfType() also returns a fragile unsigned interger
(uint8).
Updates #67304
Fixes #77786
Change-Id: Ib4f3c94c0e3908698868449db2fdcdf4541f2e7e
Reviewed-on: https://go-review.googlesource.com/c/go/+/744860 Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Jake Bailey <jacob.b.bailey@gmail.com> Reviewed-by: Keith Randall <khr@golang.org>
Auto-Submit: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit a78df5aa0afcd64935f89577c0da0ed2315014ea)
Reviewed-on: https://go-review.googlesource.com/c/go/+/748780 Reviewed-by: David Chase <drchase@google.com>
Michal Pristas [Wed, 4 Feb 2026 09:36:59 +0000 (09:36 +0000)]
[release-branch.go1.26] os: support deleting inaccessible files in RemoveAll
windows: retry file open with DELETE access after access denied
Additional access rights when opening files, including SYNCHRONIZE,
break deletion when the caller has FILE_DELETE_CHILD on the parent
directory but not the file. Retry with DELETE only restores correct
Windows semantics.
For #77407
Change-Id: Ie53bc6f1673de1a8af4dcfb7496daf99e71098cb
GitHub-Last-Rev: 0ad635cf1a13c0242e3b1922cf47a8c594dd7215
GitHub-Pull-Request: golang/go#77403
Reviewed-on: https://go-review.googlesource.com/c/go/+/741040 Reviewed-by: Quim Muntal <quimmuntal@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
(cherry picked from commit db5882ea9bf63849d554910f486c4c5cfea08852)
Reviewed-on: https://go-review.googlesource.com/c/go/+/746362 Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Mark Freeman <markfreeman@google.com>
Tom Thorogood [Sun, 11 Jan 2026 07:00:06 +0000 (17:30 +1030)]
[release-branch.go1.26] simd/archsimd: correct algorithm name in SHA256 ops documentation
The three SHA256 ops (SHA256Message1, SHA256Message2 and SHA256TwoRounds)
all incorrectly referred to the SHA1 algorithm in their documentation
rather than SHA256.
Change-Id: Id6c1bfe4fee4517c0e498fb063cc9112464bc1e7
Reviewed-on: https://go-review.googlesource.com/c/go/+/735420 Reviewed-by: Junyang Shao <shaojunyang@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
(cherry picked from commit 0430fa977573866f93e66aa61a66b37ff0738aba)
Reviewed-on: https://go-review.googlesource.com/c/go/+/742583 Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
Damien Neil [Thu, 5 Feb 2026 23:56:13 +0000 (15:56 -0800)]
[release-branch.go1.26] crypto/tls: avoid data race when canceling a QUICConn's Context
Methods on QUICConn are synchronous:
The connection state is expected to change only in reaction
to a user calling a QUICConn method, and the state change
should finish completely before the method returns.
The connection context provided to QUICConn.Start violates
this model, because canceling the context causes an
asynchronous state change.
Prior to CL 719040, this caused no problems because canceling
the context did not cause any user-visible state changes.
In particular, canceling the context did not cause any new
events to be immediately returned by QUICConn.NextEvent.
CL 719040 introduced a new error event. Now, canceling a
QUICConn's context causes a new connection event to be
generated.
Receiving this event causes a data race visible to the
race detector, but the core problem is not the data race
itself: It's that an asynchronous event (canceling the
connection context) causes an change to the connection
events.
Fix this race by reworking the handling of QUICConn
context cancellation a bit. We no longer react to
cancellation while control of the connection lies
with the user. We only process cancellation as
part of a user call, such as QUICConn.Close
or QUICConn.HandleData.
Fixes #77274
Change-Id: If2e0f73618c4852114e0931b6bd0cb0b6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/742561
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
(cherry picked from commit d4febb45179fa99ee1d5783bcb693ed7ba14115c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/742761
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Michael Pratt <mpratt@google.com>
Rhys Hiltner [Tue, 3 Feb 2026 17:23:33 +0000 (09:23 -0800)]
[release-branch.go1.26] log/slog: correct method names in MultiHandler docs
For #77428.
Fixes #77429.
Change-Id: I02d76ac9220fb2e0df404e4a446953bc0b56475f
Reviewed-on: https://go-review.googlesource.com/c/go/+/741560
Auto-Submit: Rhys Hiltner <rhys.hiltner@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
(cherry picked from commit ae842f71461ad178eff7283bc36e150fe284b9aa)
Reviewed-on: https://go-review.googlesource.com/c/go/+/742581 Reviewed-by: Rhys Hiltner <rhys.hiltner@gmail.com>
Filippo Valsorda [Fri, 30 Jan 2026 17:07:23 +0000 (18:07 +0100)]
[release-branch.go1.26] crypto/tls: revalidate whole chain on resumption on Windows and macOS
TestHandshakeChangeRootCAsResumption and TestHandshakeGetConfigForClientDifferentClientCAs
changed because previously rootA and rootB shared Subject and SPKI,
which made the new full-chain revalidation check succeed, as the
same leaf would verify against both roots.
Updates #77376
Fixes #77426
Cq-Include-Trybots: luci.golang.try:go1.26-darwin-arm64-longtest
Change-Id: I60bed694bdc621c9e83f1bd8a8224c016a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/741361
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
(cherry picked from commit b691a2edc7f5863f61a07c4a4f087eef1a15a704)
Reviewed-on: https://go-review.googlesource.com/c/go/+/741680 Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
I suspect it is because the temps are by default declared
outside the loop body, which escape analysis will determine is
an escaping value and result in a heap allocation. (I've seen
this problem before, including in my older CL 546023 that attempts
to help PGO with a similar issue.)
This is an attempt to address that by placing ODCLs within the
b.Loop body for the temps that are created so that they can be
marked keepalive.
There are two cases handled in the CL: function return values
and function arguments. The first case is what affects my example
from #73137, and is also illustrated via the NewX test case in
the new test/escape_bloop.go file.
Without this CL, the NewX call in the BenchmarkBloop test is inlined,
which is an improvement over Go 1.25, but the slice still escapes
because the temporary used for the return value is declared outside
the loop body.
With this CL, the slice does not escape.
The second case is illustrated via the new BenchmarkBLoopFunctionArg
test, which shows a function argument that escapes without this CL
but does not escape with this CL.
We can also make the two new b.Loop tests in testing/benchmark_test.go
individually pass or fail as expected based on individually
reverting the two changes in this CL.
While we are here, we add a note to typecheck.TempAt to help
make people aware of this behavior.
Updates #73137
Fixes #77339
Reviewed-on: https://go-review.googlesource.com/c/go/+/738822
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
Change-Id: I80e89ca95ba297b0d95f02782e6f4ae901a4361a
Reviewed-on: https://go-review.googlesource.com/c/go/+/740600 Reviewed-by: Austin Clements <austin@google.com>
Auto-Submit: Junyang Shao <shaojunyang@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Roland Shoemaker [Mon, 26 Jan 2026 19:18:45 +0000 (11:18 -0800)]
[release-branch.go1.26] crypto/tls: check verifiedChains roots when resuming sessions
When resuming TLS sessions, on the server and client verify that the
chains stored in the session state (verifiedChains) are still acceptable
with regards to the Config by checking for the inclusion of the root in
either ClientCAs (server) or RootCAs (client). This prevents resuming
a session with a certificate chain that would be rejected during a full
handshake due to an untrusted root.
Roland Shoemaker [Mon, 26 Jan 2026 18:55:32 +0000 (10:55 -0800)]
[release-branch.go1.26] crypto/tls: add verifiedChains expiration checking during resumption
When resuming a session, check that the verifiedChains contain at least
one chain that is still valid at the time of resumption. If not, trigger
a new handshake.
Michael Anthony Knyszek [Fri, 23 Jan 2026 16:38:50 +0000 (16:38 +0000)]
[release-branch.go1.26] internal/buildcfg: disable sizespecializedmalloc by default
We're finding some regressions in overall icache footprint at scale and
we should figure out how to deal with those before rolling this out to
everybody.
Change-Id: I98e792db31712bf64575d76dfeafedb48898f76a
Reviewed-on: https://go-review.googlesource.com/c/go/+/738780
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
(cherry picked from commit 4af8ad24ee3b55ccb644680d95e2502e5551ea0b)
Reviewed-on: https://go-review.googlesource.com/c/go/+/738900
Youlin Feng [Sat, 17 Jan 2026 06:20:22 +0000 (14:20 +0800)]
runtime: remove the unused scanIdx from mspan
After CL 700496, mspan.scanIdx is never used, this CL just remove it.
Change-Id: I41ce9902957c0cfa6fbf26b66a2a7787b179376a
Reviewed-on: https://go-review.googlesource.com/c/go/+/737220
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Carlos Amedee <carlos@golang.org> Reviewed-by: Michael Knyszek <mknyszek@google.com>
Alan Donovan [Tue, 20 Jan 2026 21:18:59 +0000 (16:18 -0500)]
cmd/compile/internal/staticinit: fix bug in global new(expr)
The StaticInit pass asserts that the operand of &v is a global,
but this is not so for the &autotemp desugaring of new(expr).
(The variable has by that point escaped to the heap, so
the object code calls runtime.newobject. A future optimization
would be to statically allocate the variable when it is safe
and advantageous to do so.)
Thanks to khr for suggesting the fix.
+ static test
Fixes #77237
Change-Id: I71b34a1353fe0f3e297beab9851f8f87d765d8f1
Reviewed-on: https://go-review.googlesource.com/c/go/+/737680 Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Alan Donovan [Thu, 18 Dec 2025 17:27:11 +0000 (12:27 -0500)]
go/types,cmd/compile/internal/types2: better diagnostic for type shadowing
This change causes the "x is not a type" diagnostic to describe
x's actual kind, helping to reveal when shadowing is at work.
(The kind description could improve other errors too.)
Fixes #76877
Change-Id: Ia3484998bb384ff570c20b6792cf8461c60aa38c
Reviewed-on: https://go-review.googlesource.com/c/go/+/731180 Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Alan Donovan <adonovan@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Damien Neil [Wed, 5 Nov 2025 01:00:33 +0000 (17:00 -0800)]
archive/zip: reduce CPU usage in index construction
Constructing the zip index (which is done once when first opening
a file in an archive) can consume large amounts of CPU when
processing deeply-nested directory paths.
Damien Neil [Mon, 3 Nov 2025 22:28:47 +0000 (14:28 -0800)]
net/url: add urlmaxqueryparams GODEBUG to limit the number of query parameters
net/url does not currently limit the number of query parameters parsed by
url.ParseQuery or URL.Query.
When parsing a application/x-www-form-urlencoded form,
net/http.Request.ParseForm will parse up to 10 MB of query parameters.
An input consisting of a large number of small, unique parameters can
cause excessive memory consumption.
We now limit the number of query parameters parsed to 10000 by default.
The limit can be adjusted by setting GODEBUG=urlmaxqueryparams=<n>.
Setting urlmaxqueryparams to 0 disables the limit.
Thanks to jub0bs for reporting this issue.
Fixes #77101
Fixes CVE-2025-61726
Change-Id: Iee3374c7ee2d8586dbf158536d3ade424203ff66
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3020 Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736712
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Neal Patel [Thu, 4 Dec 2025 17:30:39 +0000 (12:30 -0500)]
cmd/go/internal/work: sanitize flags before invoking 'pkg-config'
The addition of CgoPkgConfig allowed execution with flags not
matching the safelist. In order to prevent potential arbitrary
code execution at build time, ensure that flags are validated
prior to invoking the 'pkg-config' binary.
Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc.
for reporting this issue.
Fixes CVE-2025-61731
Fixes #77100
Change-Id: Ic51b41f1f7e697ab98c9c32c6fae35f217f7f364
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3240 Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736711 Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Roland Shoemaker [Wed, 10 Dec 2025 13:13:07 +0000 (08:13 -0500)]
cmd/go: update VCS commands to use safer flag/argument syntax
In various situations, the toolchain invokes VCS commands. Some of these
commands take arbitrary input, either provided by users or fetched from
external sources. To prevent potential command injection vulnerabilities
or misinterpretation of arguments as flags, this change updates the VCS
commands to use various techniques to separate flags from positional
arguments, and to directly associate flags with their values.
Additionally, we update the environment variable for Mercurial to use
`HGPLAIN=+strictflags`, which is the more explicit way to disable user
configurations (intended or otherwise) that might interfere with command
execution.
We also now disallow version strings from being prefixed with '-' or
'/', as doing so opens us up to making the same mistake again in the
future. As far as we know there are currently ~0 public modules affected
by this.
While I was working on cmd/go/internal/vcs, I also noticed that a
significant portion of the commands being implemented were dead code.
In order to reduce the maintenance burden and surface area for potential
issues, I removed the dead code for unused commands.
We should probably follow up with a more structured change to make it
harder to accidentally re-introduce these issues in the future, but for
now this addresses the issue at hand.
Thanks to splitline (@splitline) from DEVCORE Research Team for
reporting this issue.
Fixes CVE-2025-68119
Fixes #77099
Change-Id: I9d9f4ee05b95be49fe14edf71a1b8e6c0784378e
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3260 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736710
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Roland Shoemaker [Tue, 6 Jan 2026 22:36:01 +0000 (14:36 -0800)]
crypto/tls: don't copy auto-rotated session ticket keys in Config.Clone
Once a tls.Config is used, it is not safe to mutate. We provide the
Clone method in order to allow users to copy and modify a Config that
is in use.
If Config.SessionTicketKey is not populated, and if
Config.SetSessionTicketKeys has not been called, we automatically
populate and rotate session ticket keys. Clone was previously copying
these keys into the new Config, meaning that two Configs could share
the same auto-rotated session ticket keys. This could allow sessions to
be resumed across different Configs, which may have completely different
configurations.
This change updates Clone to not copy the auto-rotated session ticket
keys.
Additionally, when resuming a session, check that not just that the leaf
certificate is unexpired, but that the entire certificate chain is still
unexpired.
Fixes #77113
Fixes CVE-2025-68121
Change-Id: I011df7329de83068d11b3f0c793763692d018a98
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3300 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736709
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Damien Neil [Wed, 5 Nov 2025 01:00:33 +0000 (17:00 -0800)]
[release-branch.go1.26] archive/zip: reduce CPU usage in index construction
Constructing the zip index (which is done once when first opening
a file in an archive) can consume large amounts of CPU when
processing deeply-nested directory paths.
Damien Neil [Mon, 3 Nov 2025 22:28:47 +0000 (14:28 -0800)]
[release-branch.go1.26] net/url: add urlmaxqueryparams GODEBUG to limit the number of query parameters
net/url does not currently limit the number of query parameters parsed by
url.ParseQuery or URL.Query.
When parsing a application/x-www-form-urlencoded form,
net/http.Request.ParseForm will parse up to 10 MB of query parameters.
An input consisting of a large number of small, unique parameters can
cause excessive memory consumption.
We now limit the number of query parameters parsed to 10000 by default.
The limit can be adjusted by setting GODEBUG=urlmaxqueryparams=<n>.
Setting urlmaxqueryparams to 0 disables the limit.
Thanks to jub0bs for reporting this issue.
Fixes #77101
Fixes CVE-2025-61726
Change-Id: Iee3374c7ee2d8586dbf158536d3ade424203ff66
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3020 Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3345 Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736707
Auto-Submit: Michael Pratt <mpratt@google.com>
TryBot-Bypass: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
Neal Patel [Thu, 4 Dec 2025 17:30:39 +0000 (12:30 -0500)]
[release-branch.go1.26] cmd/go/internal/work: sanitize flags before invoking 'pkg-config'
The addition of CgoPkgConfig allowed execution with flags not
matching the safelist. In order to prevent potential arbitrary
code execution at build time, ensure that flags are validated
prior to invoking the 'pkg-config' binary.
Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc.
for reporting this issue.
Fixes CVE-2025-61731
Fixes #77100
Change-Id: Ic51b41f1f7e697ab98c9c32c6fae35f217f7f364
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3240 Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3324 Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736706
Auto-Submit: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
TryBot-Bypass: Michael Pratt <mpratt@google.com>
Roland Shoemaker [Wed, 10 Dec 2025 13:13:07 +0000 (08:13 -0500)]
[release-branch.go1.26] cmd/go: update VCS commands to use safer flag/argument syntax
In various situations, the toolchain invokes VCS commands. Some of these
commands take arbitrary input, either provided by users or fetched from
external sources. To prevent potential command injection vulnerabilities
or misinterpretation of arguments as flags, this change updates the VCS
commands to use various techniques to separate flags from positional
arguments, and to directly associate flags with their values.
Additionally, we update the environment variable for Mercurial to use
`HGPLAIN=+strictflags`, which is the more explicit way to disable user
configurations (intended or otherwise) that might interfere with command
execution.
We also now disallow version strings from being prefixed with '-' or
'/', as doing so opens us up to making the same mistake again in the
future. As far as we know there are currently ~0 public modules affected
by this.
While I was working on cmd/go/internal/vcs, I also noticed that a
significant portion of the commands being implemented were dead code.
In order to reduce the maintenance burden and surface area for potential
issues, I removed the dead code for unused commands.
We should probably follow up with a more structured change to make it
harder to accidentally re-introduce these issues in the future, but for
now this addresses the issue at hand.
Thanks to splitline (@splitline) from DEVCORE Research Team for
reporting this issue.
Fixes CVE-2025-68119
Fixes #77099
Change-Id: I9d9f4ee05b95be49fe14edf71a1b8e6c0784378e
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3260 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3341 Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736705
Auto-Submit: Michael Pratt <mpratt@google.com>
TryBot-Bypass: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
Roland Shoemaker [Tue, 6 Jan 2026 22:36:01 +0000 (14:36 -0800)]
[release-branch.go1.26] crypto/tls: don't copy auto-rotated session ticket keys in Config.Clone
Once a tls.Config is used, it is not safe to mutate. We provide the
Clone method in order to allow users to copy and modify a Config that
is in use.
If Config.SessionTicketKey is not populated, and if
Config.SetSessionTicketKeys has not been called, we automatically
populate and rotate session ticket keys. Clone was previously copying
these keys into the new Config, meaning that two Configs could share
the same auto-rotated session ticket keys. This could allow sessions to
be resumed across different Configs, which may have completely different
configurations.
This change updates Clone to not copy the auto-rotated session ticket
keys.
Additionally, when resuming a session, check that not just that the leaf
certificate is unexpired, but that the entire certificate chain is still
unexpired.
Fixes #77113
Fixes CVE-2025-68121
Change-Id: I011df7329de83068d11b3f0c793763692d018a98
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3300 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Nicholas Husin <husin@google.com>
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3340 Reviewed-by: Roland Shoemaker <bracewell@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736704
TryBot-Bypass: Michael Pratt <mpratt@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
Austin Clements [Tue, 13 Jan 2026 19:18:14 +0000 (14:18 -0500)]
simd/archsimd: 128- and 256-bit FMA operations do not require AVX-512
Currently, all FMA operations are marked as requiring AVX512, even on
smaller vector widths. This is happening because the narrower FMA
operations are marked as extension "FMA" in the XED. Since this
extension doesn't start with "AVX", we filter them out very early in
the XED process. However, this is just a quirk of naming: the FMA
feature depends on the AVX feature, so it is part of AVX, even if it
doesn't say so on the tin.
Fix this by accepting the FMA extension and adding FMA to the table of
CPU features. We also tweak internal/cpu slightly do it correctly
enforces that the logical FMA feature depends on both the FMA and AVX
CPUID flags.
This actually *deletes* a lot of generated code because we no longer
need the AVX-512 encoding of these 128- and 256-bit operations.
Austin Clements [Tue, 13 Jan 2026 14:34:53 +0000 (09:34 -0500)]
simd/archsimd/_gen/simdgen: feature implications
This simplifies our handling of XED features, adds a table of which
features imply which other features, and adds this information to the
documentation of the CPU features APIs.
As part of this we fix an issue around the "AVXAES" feature. AVXAES is
defined as the combination of the AVX and AES CPUID flags. Several
other features also work like this, but have hand-written logic in
internal/cpu to compute logical feature flags from the underlying
CPUID bits. For these, we expose a single feature check function from
the SIMD API.
AVXAES currently doesn't work like this: it requires the user to check
both features. However, this forces the SIMD API to expose an "AES"
feature check, which really has nothing to do with SIMD. To make this
consistent, we introduce an AVXAES feature check function and use it
in feature requirement docs. Unlike the others combo features, this is
implemented in the simd package, but the difference is invisible to
the user.
Michael Matloob [Mon, 12 Jan 2026 19:37:39 +0000 (14:37 -0500)]
runtime: rename mallocTiny* to mallocgcTinySize*
This makes it easier to identify which functions are used for memory
allocation by looking for functions that start with mallocgc. The Size
suffix is added so that the isSpecializedMalloc function in
cmd/compile/internal/ssa can distinguish between the generated functions
and the mallocgcTiny function called by mallocgc, similar to the SC
suffixes for the mallocgcSmallNoScanSC* and mallocgcSmallScanNoHeaderSC*
functons.
Change-Id: I6ad7f15617bf6f18ae5d1bfa2a0b94e86a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/735780 Reviewed-by: Michael Matloob <matloob@google.com> Reviewed-by: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Damien Neil [Tue, 6 Jan 2026 23:57:00 +0000 (15:57 -0800)]
os/exec: move platform-specific LookPath docs to a common comment
We have four different LookPath variations (unix, windows, plan9, wasm),
each with slightly different doc comments. Unify the documentation and
move it to a single, common LookPath.
Change-Id: I56bae57e80887a73ef0f6933258ee0a48dbccdcf
Reviewed-on: https://go-review.googlesource.com/c/go/+/734320 Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Ori Bernstein [Sun, 28 Dec 2025 00:08:26 +0000 (19:08 -0500)]
os/exec_test: fix test on Plan 9
Error strings vary across OSes when trying to execute a file
that does not exist. Since matching them is not the point of
the test, ignore them.
Fixes #76965
Change-Id: I6d220bc2d0289070f3441adb48983c13b2a3e597
Reviewed-on: https://go-review.googlesource.com/c/go/+/732940
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Richard Miller <millerresearch@gmail.com> Reviewed-by: Alan Donovan <adonovan@google.com>
Auto-Submit: Alan Donovan <adonovan@google.com> Reviewed-by: Michael Pratt <mpratt@google.com>
qmuntal [Thu, 8 Jan 2026 14:50:15 +0000 (15:50 +0100)]
net: fix socket duplication error handling on Windows
Calls to dupSocket may fail, but the error is not properly handled
because the surrounding code incorrectly checks for nil error instead
of non-nil error.
I'm not aware of any code paths that would trigger this error, and
I haven't been able to create a test case that does so, but this
change fixes the error handling to correctly propagate any errors
from dupSocket.
Change-Id: I5ffd3cbe8ed58a83634f3b97c0878a7c73e0505e
Reviewed-on: https://go-review.googlesource.com/c/go/+/734821 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>
qmuntal [Thu, 8 Jan 2026 14:44:51 +0000 (15:44 +0100)]
net: don't ignore getsockname errors in newFileFD
newFileFD is called when creating a net FD from an existing socket
handle. That socket might not be bound yet, in which case getsockname
returns a useful error that is currently ignored and replaced with a
potentially misleading EPROTONOSUPPORT error later on.
qmuntal [Thu, 8 Jan 2026 09:25:44 +0000 (10:25 +0100)]
net: don't ignore errors in TestUnixUnlink
TestUnixUnlink calls some functions and methods that can fail, but it
ignores the returned errors. This test is flaky on Windows, and those
errors should be checked to help diagnose the problem.
Updates #75282
Updates #76582
Updates #77038
Change-Id: Ia868762a4c0b94a7255d57add63777568caa6cd2
Reviewed-on: https://go-review.googlesource.com/c/go/+/734720 Reviewed-by: Florian Lehner <lehner.florian86@gmail.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Robert Griesemer [Wed, 7 Jan 2026 01:43:56 +0000 (17:43 -0800)]
spec: slightly re-arrange composite literal section for readability
- introduce subtitles to make various sub-sections easier to find
- split rules for struct literals into two groups (literals without
and with keys)
- move section on syntax ambiguity up as it pertains to the syntax
introduced at the start
- move prose specific to map literals into its own section
No language changes.
Change-Id: If8895b869138693179ca6e4d8b1c6ebdc705eccf
Reviewed-on: https://go-review.googlesource.com/c/go/+/734322 Reviewed-by: Alan Donovan <adonovan@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Robert Griesemer <gri@google.com>
Michael Matloob [Thu, 8 Jan 2026 17:45:34 +0000 (12:45 -0500)]
cmd/go: only use check cache action's dependencies to build vet config
We manipulate the dependencies of the build action when adding the
non-test variant of the package being tested as a dependency for the
test, so the set of deps of the build package doesn't correctly
represent the dependencies of the package that have been built. Restrict
the set of dependencies we use to populate the vet data to the actual
build dependencies depended on by the check cache action so we don't
check an action that we don't actually depend on (and which may not have
completed yet!)
Fixes #75380
Change-Id: I029080d00b3b10a837abcfb7039e00206a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/734961 Reviewed-by: Michael Matloob <matloob@google.com> Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Cherry Mui [Thu, 8 Jan 2026 16:57:28 +0000 (11:57 -0500)]
simd/archsimd: rename Broadcast methods
Currently the Broadcast128/256/512 methods broadcast the lowest
element of the input vector to a vector of the corresponding width.
There are also variations of broadcast operations that broadcast
the whole (128- or 256-bit) vector to a larger vector, which we
don't yet support. Our current naming is unclear which version it
is, though. Rename the current ones to Broadcast1ToN, to be clear
that they broadcast one element. The vector version probably will
be named BoradcastAllToN (not included in this CL).
Mark Freeman [Wed, 7 Jan 2026 21:40:53 +0000 (16:40 -0500)]
internal/types: add test for cycles in value context
Exposition is also added to outline a difference between syntax which
can / cannot produce values of incomplete types.
For us to enforce non-nilness of type RHS and remove the pending type
mechanism, I suspect we would need to add completeness guards to
the syntax which *can*.
Enforcing non-nilness of type RHS currently breaks the below test
cases, but I suspect that is simply an implementation artifact.
In other words, they just call Underlying at a bad time.
- T0
- T3
- T6 / T7
- T10
- T12
If we also remove pendingType, all of these test cases break; again,
we would need guards in the appropriate syntax logic.
Change-Id: Ibe22042232e542de1d38b923dd1d5cc50dce08cb
Reviewed-on: https://go-review.googlesource.com/c/go/+/734600
TryBot-Bypass: Mark Freeman <markfreeman@google.com> Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Mark Freeman <markfreeman@google.com>
Michael Matloob [Mon, 5 Jan 2026 17:23:14 +0000 (12:23 -0500)]
cmd/go: guarantee a minimum of min(4,GOMAXPROCS) to compile -c
To allow this, we also increase the size of the pool to allow the
minimum number for each action, with an extra 2*GOMAXPROCS number of
tokens to boost -c when there are fewer concurrently running actions.
That means the pool will now have the size 6*GOMAXPROCS instead of the
previous 4*GOMAXPROCS.
The goal is to maintain the boosting behavior added by the pool, while
guarding from starving compiles when there are too few tokens left, so
that the value of -c is always at least min(4,GOMAXPROCS), which is what
it was set to before Go 1.26.
Cq-Include-Trybots: luci.golang.try:gotip-linux-arm64_c4as16-perf_vs_parent,gotip-linux-arm64_c4ah72-perf_vs_parent,gotip-linux-amd64_c3h88-perf_vs_parent,gotip-linux-amd64_c2s16-perf_vs_parent
Change-Id: I113a38584514a6c025d3d1bc727ff8d86a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/734040
Commit-Queue: Michael Matloob <matloob@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Bypass: Michael Matloob <matloob@google.com> Reviewed-by: Michael Matloob <matloob@google.com>
Michael Matloob [Tue, 6 Jan 2026 22:18:48 +0000 (17:18 -0500)]
cmd/go/internal/work: decrement concurrentProcesses when action finishes
This fixes a bug where we only incremented concurrentProcesses but never
decremented it, causing us to run out of tokens and give all compiles
-c=1 after a point.
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64_c2s16-perf_vs_parent,gotip-linux-amd64_c3h88-perf_vs_parent,gotip-linux-arm64_c4ah72-perf_vs_parent,gotip-linux-arm64_c4as16-perf_vs_parent
Change-Id: I41f4c1edb77004cbc1772d6d672045946a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/734260 Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Michael Matloob <matloob@google.com>
TryBot-Bypass: Michael Matloob <matloob@google.com>
Junyang Shao [Wed, 7 Jan 2026 20:06:48 +0000 (20:06 +0000)]
[release-branch.go1.26] all: merge master (f6ebd91) into release-branch.go1.26
Merge List:
+ 2026-01-07 f6ebd91129 all: update vendored x/tools
+ 2026-01-06 d1d0fc7a97 os/exec: avoid atomic.Bool for Cmd.startCalled
+ 2026-01-05 9b2e3b9a02 simd/archsimd: use V(P)MOVMSK for mask ToBits if possible
+ 2026-01-02 f8ee0f8475 cmd/go/testdata/vcstest/git: use git commands that work on older git versions
+ 2026-01-02 b094749bad test/codegen: codify bit related code generation for arm64
+ 2026-01-02 e84983fa40 cmd/compile: optimize SIMD IsNaN.Or(IsNaN)
+ 2026-01-02 8244b85677 simd/archsimd: add tests for IsNaN
+ 2026-01-02 13440fb518 simd/archsimd: make IsNaN unary
+ 2026-01-02 c3550b3352 simd/archsimd: correct documentation of Mask types
+ 2026-01-02 34ad26341d net/rpc: correct comment for isExportedOrBuiltinType function
+ 2025-12-30 b28808d838 cmd/go/internal/modindex: fix obvious bug using failed type assertion
+ 2025-12-30 d64add4d60 simd/archsimd: adjust documentations slightly
+ 2025-12-30 1843cfbcd6 runtime/secret: make tests more sturdy
+ 2025-12-30 fd45d70799 all: fix some minor grammatical issues in the comments
+ 2025-12-30 df4e08ac65 test/codegen: fix a tab in comparisons.go to ensure pattern works
+ 2025-12-30 cd668d744f cmd/compile: disable inlining for functions using runtime.deferrangefunc
+ 2025-12-29 06eff0f7c3 simd/archsimd: add tests for Saturate-Concat operations
+ 2025-12-29 110aaf7137 simd/archsimd: add tests for Saturate operations
+ 2025-12-29 22e7b94e7f simd/archsimd: add tests for ExtendLo operations
+ 2025-12-29 76dddce293 simd/archsimd: remove redundant suffix of ExtendLo operations
+ 2025-12-29 6ecdd2fc6e simd/archsimd: add more tests for Convert operations
+ 2025-12-29 e0c99fe285 simd/archsimd: add more tests for Truncate operations
+ 2025-12-29 08369369e5 reflect: document Call/CallSlice panic when v is unexported field
+ 2025-12-29 ca8effbde1 internal/coverage/decodemeta: correct wording in unknown version error
+ 2025-12-29 0b06b68e21 encoding/gob: clarify docs about pointers to zero values not being sent
+ 2025-12-29 9cb3edbfe9 regexp: standardize error message format in find_test.go
+ 2025-12-29 b3ed0627ce tests: improve consistency and clarity of test diagnostics
+ 2025-12-29 3dcb48d298 test: follow got/want convention in uintptrescapes test
+ 2025-12-29 f7b7e94b0a test: clarify log message for surrogate UTF-8 check
+ 2025-12-29 e790d59674 simd/archsimd: add tests for Truncate operations
+ 2025-12-27 f4cec7917c cmd: fix unused errors reported by ineffassign
+ 2025-12-27 ca13fe02c4 simd/archsimd: add more tests for Convert operations
+ 2025-12-27 037c047f2c simd/archsimd: add more tests for Extend operations
+ 2025-12-26 7971fcdf53 test/codegen: tidy tests for bits
+ 2025-12-24 0f620776d7 simd/archsimd: fix "go generate" command
+ 2025-12-24 a5fe8c07ae simd/archsimd: guard test helpers with amd64 tag
+ 2025-12-23 a23d1a4ebe bytes: improve consistency in split test messages
+ 2025-12-23 866e461b96 cmd/go: update pkgsite doc command to v0.0.0-20251223195805-1a3bd3c788fe
+ 2025-12-23 08dc8393d7 time: skip test that will fail with GO111MODULE=off
+ 2025-12-23 43ebed88cc runtime: improve a log message in TestCleanupLost
+ 2025-12-23 81283ad339 runtime: fix nGsyscallNoP accounting
+ 2025-12-23 3e0e1667f6 test/codegen: codify bit related code generation for riscv64
+ 2025-12-23 3faf988f21 errors: add a test verifying join does not flatten errors
+ 2025-12-23 2485a0bc2c cmd/asm/internal/asm: run riscv64 end-to-end tests for each profile
+ 2025-12-23 8254d66eab cmd/asm/internal/asm: abort end to end test if assembly failed
+ 2025-12-23 1b3db48db7 Revert "errors: optimize errors.Join for single unwrappable errors"
+ 2025-12-23 b6b8b2fe6e cmd/compile: handle propagating an out-of-range jump table index
+ 2025-12-22 2cd0371a0a debug/pe: avoid panic in File.ImportedSymbols
+ 2025-12-22 91435be153 runtime: revert entry point on freebsd/arm64
+ 2025-12-22 c1efada1d2 simd/archsimd: correct documentation for pairwise operations
+ 2025-12-22 3d77a0b15e os/exec: second call to Cmd.Start is always an error
+ 2025-12-20 7ecb1f36ac simd/archsimd: add HasAVX2() guards to tests that need them
+ 2025-12-19 70c22e0ad7 simd/archsimd: delete DotProductQuadruple methods for now
+ 2025-12-19 42cda7c1df simd/archsimd: add Grouped for 256- and 512-bit SaturateTo(U)Int16Concat, and fix type
+ 2025-12-19 baa0ae3aaa simd/archsimd: correct type and instruction for SaturateToUint8
+ 2025-12-19 d46c58debb go/doc: link to struct fields in the same package
+ 2025-12-19 25ed6c7f9b cmd/go/internal/doc: update pkgsite version
+ 2025-12-19 4411edf972 simd/archsimd: reword documentation for some operations
+ 2025-12-19 7d9418a19c simd/archsimd: reword documentation of comparison operations
+ 2025-12-18 d00e96d3ae internal/cpu: repair VNNI feature check
+ 2025-12-18 cfc024daeb simd/archsimd: reword documentation for conversion ops
+ 2025-12-17 ad91f5d241 simd/archsimd: reword documentation of shfit operations
+ 2025-12-17 b8c4cc63e7 runtime: keep track of secret allocation size
+ 2025-12-17 8564fede89 cmd/go: remove reference to no longer existing -i flag
+ 2025-12-17 eecdb61eeb crypto: rename fips140v2.0 to fips140v1.26
+ 2025-12-17 05e41225f6 simd/archsimd: reword documentation of As methods
+ 2025-12-17 516699848b runtime/secret: warn users about allocations, loosen guarantees
+ 2025-12-16 8c28ab936a cmd/cgo: don't emit C local if it is not used
+ 2025-12-16 65b71c11d4 crypto/internal/fips140only: test fips140=only mode
+ 2025-12-16 ea1aa76554 go/doc: exclude examples with results
+ 2025-12-16 5046bdf8a6 crypto/tls: reject trailing messages after client/server hello
+ 2025-12-16 3f6eabdf09 cmd/compile: use unsigned constant when folding loads for SIMD ops with constants
+ 2025-12-16 a4b5b92055 cmd/dist: preserve existing GOEXPERIMENTs when running tests with additional experiments
[git-generate]
go install golang.org/x/build/cmd/updatestd@latest
go install golang.org/x/tools/cmd/bundle@latest
updatestd -goroot=$(pwd) -branch=internal-branch.go1.26-vendor
Change-Id: Ic0c10569a4a3a292aec9164e6dd034e55d052904
Reviewed-on: https://go-review.googlesource.com/c/go/+/733780
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
Alan Donovan [Tue, 6 Jan 2026 19:48:31 +0000 (14:48 -0500)]
os/exec: avoid atomic.Bool for Cmd.startCalled
An atomic.Bool isn't necessary here since, unless otherwise
specified, the methods of an object are not concurrency-safe
w.r.t. each other. Using an atomic causes the copylocks vet
check to warn about copying of Cmd, which is not wrong, because
one shouldn't be copying opaque complex structs from other
packages, but it is a nuisance in the absence of any safe way
to copy a Cmd.
If and when we add a Clone method to Cmd (see #77075) then
it would be appropriate to revert this change so that we get
the benefit of the static check (though ideally we would make
a more explicit tool-readable declaration of the "do not copy"
attribute than merely happening to use an atomic.Bool).
For #77075
Change-Id: I982d4e86623ca165a3e76bbf648fd44041d5f6bb
Reviewed-on: https://go-review.googlesource.com/c/go/+/734200 Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Cherry Mui [Mon, 5 Jan 2026 17:56:08 +0000 (12:56 -0500)]
simd/archsimd: use V(P)MOVMSK for mask ToBits if possible
VPMOVMSKB, VMOVMSKPS, and VMOVMSKPD moves AVX1/2-style masks to
integer registers, similar to VPMOV[BWDQ]2M (which moves to mask
registers). The former is available on AVX1/2, the latter requires
AVX512. So use the former if it is supported, i.e. for 128- and
256-bit vectors with 8-, 32-, and 64-bit elements (16-bit elements
always require AVX512).
Change-Id: I972195116617ed2faaf95cee5cd6b250e671496c
Reviewed-on: https://go-review.googlesource.com/c/go/+/734060
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Junyang Shao <shaojunyang@google.com>
Joel Sing [Fri, 12 Dec 2025 08:03:05 +0000 (19:03 +1100)]
cmd/go/testdata/vcstest/git: use git commands that work on older git versions
On older versions of git (such as 2.25.1), `git branch -M master`
fails after `git init` - use `git checkout -b master` instead, which
works across multiple versions.
Fixes tests on the rather outdated linux/mips* builders.
Change-Id: Id86ec82b37a8d2c3131f449276b13989d097d106
Reviewed-on: https://go-review.googlesource.com/c/go/+/729600
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Cherry Mui [Fri, 2 Jan 2026 19:02:07 +0000 (14:02 -0500)]
cmd/compile: optimize SIMD IsNaN.Or(IsNaN)
IsNaN's underlying instruction, VCMPPS (or VCMPPD), takes two
inputs, and computes either of them is NaN. Optimize the Or
pattern to generate two-operand form.
This implements the optimization mentioned in CL 733660.
Change-Id: I13943b377ee384864c913eed320763f333a03e41
Reviewed-on: https://go-review.googlesource.com/c/go/+/733680 Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Cherry Mui [Wed, 31 Dec 2025 07:42:30 +0000 (02:42 -0500)]
simd/archsimd: make IsNaN unary
Currently, the IsNan API is defined as x.IsNan(y), which returns
a mask to represent, for each element, either x or y is NaN.
Albeit closer to the machine instruction, this is weird API, as
IsNaN is a unary operation. This CL changes it to unary, x.IsNaN().
It compiles to VCMPPS $3, x, x (or VCMPPD). For the two-operand
version, we can optimize x.IsNaN().Or(y.IsNaN()) to VCMPPS $3, x,
y (not done in this CL).
While here, change the name to IsNaN (uppercase both Ns), which
matches math.IsNaN.
Tests in the next CL.
Change-Id: Ib6e7afc2635e6c3c606db5ea16420ee673a6c6d6
Reviewed-on: https://go-review.googlesource.com/c/go/+/733660 Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Michael Matloob [Tue, 30 Dec 2025 20:41:41 +0000 (15:41 -0500)]
cmd/go/internal/modindex: fix obvious bug using failed type assertion
adonovan pointed out this bug in the review of CL 733320 and this seems
to be the cause of all those list_empty_importpath flakes. It makes
sense that something nondeterministic would be tied up with the module
index because the state of the cache could depend on the order tests are
run in.
Also remove the parts of the test that accept the flaky behavior so we
can verify the issue has been resolved.
For #73976
Change-Id: Ib64ce6b8eed1dc8d327b7c5e842c1e716a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/733321
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Alan Donovan <adonovan@google.com>
Auto-Submit: Michael Matloob <matloob@golang.org> Reviewed-by: Michael Matloob <matloob@google.com>
Cherry Mui [Fri, 19 Dec 2025 22:37:37 +0000 (17:37 -0500)]
simd/archsimd: adjust documentations slightly
- Reword the documentation of Scale to mention parameter names.
- Correct the parameter name in Merge.
- Use proper a/an articles in some documentation.
- Add punctuations.
- Format code blocks for long expressions.
Change-Id: I8a31721503c1b155862255619a835895f3d5123a
Reviewed-on: https://go-review.googlesource.com/c/go/+/731560 Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Daniel Morsing [Sun, 28 Dec 2025 09:29:47 +0000 (09:29 +0000)]
runtime/secret: make tests more sturdy
Technically, the garbage collector can take an arbitrary long time until
it finds a given value unreachable. Account for this fact in our zeroing
tests.
Updates #76586.
Change-Id: Ieaf3cec99afb9204a32524ea559c5f1a280a59e6
Reviewed-on: https://go-review.googlesource.com/c/go/+/732980 Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
cuishuang [Thu, 18 Dec 2025 02:36:50 +0000 (10:36 +0800)]
all: fix some minor grammatical issues in the comments
Change-Id: I0459f05e7f6abd9738813c65d993114e931720d5
Reviewed-on: https://go-review.googlesource.com/c/go/+/731000
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Keith Randall <khr@golang.org>
Auto-Submit: Keith Randall <khr@golang.org>
Alexander Musman [Sat, 6 Dec 2025 13:43:55 +0000 (21:43 +0800)]
test/codegen: fix a tab in comparisons.go to ensure pattern works
Fix a pattern in test/codegen/comparisons.go to use whitespace instead
of a tab. The test needs a whitespace to properly fail if the regalloc
change from CL686655 would be missing (in that case we would have a
spill immediately after call to memequal, which is supposed to be
captured by this pattern).
Change-Id: I5b6fb5e861b9327c7f071660592b8ffa265e0030
Reviewed-on: https://go-review.googlesource.com/c/go/+/727620 Reviewed-by: Keith Randall <khr@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com>
zuojunwei.1024 [Tue, 23 Dec 2025 08:12:04 +0000 (16:12 +0800)]
cmd/compile: disable inlining for functions using runtime.deferrangefunc
The rangefunc rewrite pass implements defer using deferrangefunc and
deferproccat. The loop body is rewritten into a closure, it cannot be
inlined due to defer call. But the outer function may still be inlined
in certain scenarios (e.g., with PGO), leading to the defer executing
at the wrong time.
Fixes #77033
Change-Id: I4649fad5cd1b65891832523522002d9352711123
Reviewed-on: https://go-review.googlesource.com/c/go/+/732140
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
jjpinto [Fri, 26 Dec 2025 17:13:09 +0000 (17:13 +0000)]
regexp: standardize error message format in find_test.go
This change updates the test error messages in find_test.go to follow
the Go standard 'got, want' format.
It also replaces 'expected/should be' terminology with the project's
preferred style and improves the clarity of failure logs by using %q
to quote string values.
Change-Id: I17bfc60a06a879ce5e2c64d624c636e2c24135e9
GitHub-Last-Rev: e9613ac28cdce2fc16672b4aa42636b01ae0a80c
GitHub-Pull-Request: golang/go#77005
Reviewed-on: https://go-review.googlesource.com/c/go/+/732780
Auto-Submit: Keith Randall <khr@golang.org> Reviewed-by: Keith Randall <khr@google.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Keith Randall <khr@golang.org>