[release-branch.go1.24] go1.24.0

Change-Id: I98457f219e75fb99233804d15c8b9577ee3d4a24
Reviewed-on: https://go-review.googlesource.com/c/go/+/648555
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

VERSION

@@ -0,0 +1,2 @@
+go1.24.0
+time 2025-02-10T23:33:55Z

api/go1.24.txt

@@ -106,33 +106,26 @@ pkg debug/elf, const VER_FLG_INFO = 4 #63952
 pkg debug/elf, const VER_FLG_INFO DynamicVersionFlag #63952
 pkg debug/elf, const VER_FLG_WEAK = 2 #63952
 pkg debug/elf, const VER_FLG_WEAK DynamicVersionFlag #63952
-pkg debug/elf, const VerFlagGlobal = 2 #63952
-pkg debug/elf, const VerFlagGlobal SymbolVersionFlag #63952
-pkg debug/elf, const VerFlagHidden = 4 #63952
-pkg debug/elf, const VerFlagHidden SymbolVersionFlag #63952
-pkg debug/elf, const VerFlagLocal = 1 #63952
-pkg debug/elf, const VerFlagLocal SymbolVersionFlag #63952
-pkg debug/elf, const VerFlagNone = 0 #63952
-pkg debug/elf, const VerFlagNone SymbolVersionFlag #63952
 pkg debug/elf, method (*File) DynamicVersionNeeds() ([]DynamicVersionNeed, error) #63952
 pkg debug/elf, method (*File) DynamicVersions() ([]DynamicVersion, error) #63952
 pkg debug/elf, type DynamicVersion struct #63952
 pkg debug/elf, type DynamicVersion struct, Deps []string #63952
 pkg debug/elf, type DynamicVersion struct, Flags DynamicVersionFlag #63952
+pkg debug/elf, type DynamicVersion struct, Name string #63952
 pkg debug/elf, type DynamicVersion struct, Index uint16 #63952
-pkg debug/elf, type DynamicVersion struct, Version uint16 #63952
 pkg debug/elf, type DynamicVersionDep struct #63952
 pkg debug/elf, type DynamicVersionDep struct, Dep string #63952
 pkg debug/elf, type DynamicVersionDep struct, Flags DynamicVersionFlag #63952
-pkg debug/elf, type DynamicVersionDep struct, Other uint16 #63952
+pkg debug/elf, type DynamicVersionDep struct, Index uint16 #63952
 pkg debug/elf, type DynamicVersionFlag uint16 #63952
 pkg debug/elf, type DynamicVersionNeed struct #63952
 pkg debug/elf, type DynamicVersionNeed struct, Name string #63952
 pkg debug/elf, type DynamicVersionNeed struct, Needs []DynamicVersionDep #63952
-pkg debug/elf, type DynamicVersionNeed struct, Version uint16 #63952
-pkg debug/elf, type Symbol struct, VersionFlags SymbolVersionFlag #63952
-pkg debug/elf, type Symbol struct, VersionIndex int16 #63952
-pkg debug/elf, type SymbolVersionFlag uint8 #63952
+pkg debug/elf, type Symbol struct, HasVersion bool #63952
+pkg debug/elf, type Symbol struct, VersionIndex VersionIndex #63952
+pkg debug/elf, method (VersionIndex) Index() uint16 #63952
+pkg debug/elf, method (VersionIndex) IsHidden() bool #63952
+pkg debug/elf, type VersionIndex uint16 #63952
 pkg encoding, type BinaryAppender interface { AppendBinary } #62384
 pkg encoding, type BinaryAppender interface, AppendBinary([]uint8) ([]uint8, error) #62384
 pkg encoding, type TextAppender interface { AppendText } #62384

codereview.cfg

@@ -1 +1,2 @@
-branch: master
+branch: release-branch.go1.24
+parent-branch: master

doc/go_spec.html

@@ -1,6 +1,6 @@
 <!--{
 	"Title": "The Go Programming Language Specification",
-	"Subtitle": "Language version go1.24 (Nov 20, 2024)",
+	"Subtitle": "Language version go1.24 (Dec 30, 2024)",
 	"Path": "/ref/spec"
 }-->
 
@@ -798,7 +798,6 @@ If a variable has not yet been assigned a value, its value is the
 <a href="#The_zero_value">zero value</a> for its type.
 </p>
 
-
 <h2 id="Types">Types</h2>
 
 <p>
@@ -810,12 +809,12 @@ from existing types.
 </p>
 
 <pre class="ebnf">
-Type      = TypeName [ TypeArgs ] | TypeLit | "(" Type ")" .
-TypeName  = identifier | QualifiedIdent .
-TypeArgs  = "[" TypeList [ "," ] "]" .
-TypeList  = Type { "," Type } .
-TypeLit   = ArrayType | StructType | PointerType | FunctionType | InterfaceType |
-            SliceType | MapType | ChannelType .
+Type     = TypeName [ TypeArgs ] | TypeLit | "(" Type ")" .
+TypeName = identifier | QualifiedIdent .
+TypeArgs = "[" TypeList [ "," ] "]" .
+TypeList = Type { "," Type } .
+TypeLit  = ArrayType | StructType | PointerType | FunctionType | InterfaceType |
+           SliceType | MapType | ChannelType .
 </pre>
 
 <p>
@@ -1200,7 +1199,7 @@ type (
 <p>
 A pointer type denotes the set of all pointers to <a href="#Variables">variables</a> of a given
 type, called the <i>base type</i> of the pointer.
-The value of an uninitialized pointer is <code>nil</code>.
+The <a href="#Representation_of_values">value</a> of an uninitialized pointer is <code>nil</code>.
 </p>
 
 <pre class="ebnf">
@@ -1216,18 +1215,18 @@ BaseType    = Type .
 <h3 id="Function_types">Function types</h3>
 
 <p>
-A function type denotes the set of all functions with the same parameter
-and result types. The value of an uninitialized variable of function type
-is <code>nil</code>.
+A function type denotes the set of all functions with the same parameter and result types.
+The <a href="#Representation_of_values">value</a> of an uninitialized variable of function
+type is <code>nil</code>.
 </p>
 
 <pre class="ebnf">
-FunctionType   = "func" Signature .
-Signature      = Parameters [ Result ] .
-Result         = Parameters | Type .
-Parameters     = "(" [ ParameterList [ "," ] ] ")" .
-ParameterList  = ParameterDecl { "," ParameterDecl } .
-ParameterDecl  = [ IdentifierList ] [ "..." ] Type .
+FunctionType  = "func" Signature .
+Signature     = Parameters [ Result ] .
+Result        = Parameters | Type .
+Parameters    = "(" [ ParameterList [ "," ] ] ")" .
+ParameterList = ParameterDecl { "," ParameterDecl } .
+ParameterDecl = [ IdentifierList ] [ "..." ] Type .
 </pre>
 
 <p>
@@ -1267,7 +1266,8 @@ An interface type defines a <i>type set</i>.
 A variable of interface type can store a value of any type that is in the type
 set of the interface. Such a type is said to
 <a href="#Implementing_an_interface">implement the interface</a>.
-The value of an uninitialized variable of interface type is <code>nil</code>.
+The <a href="#Representation_of_values">value</a> of an uninitialized variable of
+interface type is <code>nil</code>.
 </p>
 
 <pre class="ebnf">
@@ -1630,12 +1630,12 @@ implements the interface.
 A map is an unordered group of elements of one type, called the
 element type, indexed by a set of unique <i>keys</i> of another type,
 called the key type.
-The value of an uninitialized map is <code>nil</code>.
+The <a href="#Representation_of_values">value</a> of an uninitialized map is <code>nil</code>.
 </p>
 
 <pre class="ebnf">
-MapType     = "map" "[" KeyType "]" ElementType .
-KeyType     = Type .
+MapType = "map" "[" KeyType "]" ElementType .
+KeyType = Type .
 </pre>
 
 <p>
@@ -1693,7 +1693,7 @@ to communicate by
 <a href="#Send_statements">sending</a> and
 <a href="#Receive_operator">receiving</a>
 values of a specified element type.
-The value of an uninitialized channel is <code>nil</code>.
+The <a href="#Representation_of_values">value</a> of an uninitialized channel is <code>nil</code>.
 </p>
 
 <pre class="ebnf">
@@ -1772,6 +1772,57 @@ received in the order sent.
 
 <h2 id="Properties_of_types_and_values">Properties of types and values</h2>
 
+<h3 id="Representation_of_values">Representation of values</h3>
+
+<p>
+Values of predeclared types (see below for the interfaces <code>any</code>
+and <code>error</code>), arrays, and structs are self-contained:
+Each such value contains a complete copy of all its data,
+and <a href="#Variables">variables</a> of such types store the entire value.
+For instance, an array variable provides the storage (the variables)
+for all elements of the array.
+The respective <a href="#The_zero_value">zero values</a> are specific to the
+value's types; they are never <code>nil</code>.
+</p>
+
+<p>
+Non-nil pointer, function, slice, map, and channel values contain references
+to underlying data which may be shared by multiple values:
+</p>
+
+<ul>
+<li>
+	A pointer value is a reference to the variable holding
+	the pointer base type value.
+</li>
+<li>
+	A function value contains references to the (possibly
+	<a href="#Function_literals">anonymous</a>) function
+	and enclosed variables.
+</li>
+<li>
+	A slice value contains the slice length, capacity, and
+	a reference to its <a href="#Slice_types">underlying array</a>.
+</li>
+<li>
+	A map or channel value is a reference to the implementation-specific
+	data structure of the map or channel.
+</li>
+</ul>
+
+<p>
+An interface value may be self-contained or contain references to underlying data
+depending on the interface's <a href="#Variables">dynamic type</a>.
+The predeclared identifier <code>nil</code> is the zero value for types whose values
+can contain references.
+</p>
+
+<p>
+When multiple values share underlying data, changing one value may change another.
+For instance, changing an element of a <a href="#Slice_types">slice</a> will change
+that element in the underlying array for all slices that share the array.
+</p>
+
 <h3 id="Underlying_types">Underlying types</h3>
 
 <p>
@@ -2176,7 +2227,7 @@ within matching brace brackets.
 </p>
 
 <pre class="ebnf">
-Block = "{" StatementList "}" .
+Block         = "{" StatementList "}" .
 StatementList = { Statement ";" } .
 </pre>
 
@@ -2233,8 +2284,8 @@ and like the blank identifier it does not introduce a new binding.
 </p>
 
 <pre class="ebnf">
-Declaration   = ConstDecl | TypeDecl | VarDecl .
-TopLevelDecl  = Declaration | FunctionDecl | MethodDecl .
+Declaration  = ConstDecl | TypeDecl | VarDecl .
+TopLevelDecl = Declaration | FunctionDecl | MethodDecl .
 </pre>
 
 <p>
@@ -2679,9 +2730,9 @@ in square brackets rather than parentheses
 </p>
 
 <pre class="ebnf">
-TypeParameters  = "[" TypeParamList [ "," ] "]" .
-TypeParamList   = TypeParamDecl { "," TypeParamDecl } .
-TypeParamDecl   = IdentifierList TypeConstraint .
+TypeParameters = "[" TypeParamList [ "," ] "]" .
+TypeParamList  = TypeParamDecl { "," TypeParamDecl } .
+TypeParamDecl  = IdentifierList TypeConstraint .
 </pre>
 
 <p>
@@ -2819,7 +2870,7 @@ values or variables, or components of other, non-interface types.
 
 <p>
 A type argument <code>T</code><i> satisfies</i> a type constraint <code>C</code>
-if <code>T</code> is an element of the type set defined by <code>C</code>; i.e.,
+if <code>T</code> is an element of the type set defined by <code>C</code>; in other words,
 if <code>T</code> <a href="#Implementing_an_interface">implements</a> <code>C</code>.
 As an exception, a <a href="#Comparison_operators">strictly comparable</a>
 type constraint may also be satisfied by a <a href="#Comparison_operators">comparable</a>
@@ -2869,8 +2920,8 @@ binds corresponding identifiers to them, and gives each a type and an initial va
 </p>
 
 <pre class="ebnf">
-VarDecl     = "var" ( VarSpec | "(" { VarSpec ";" } ")" ) .
-VarSpec     = IdentifierList ( Type [ "=" ExpressionList ] | "=" ExpressionList ) .
+VarDecl = "var" ( VarSpec | "(" { VarSpec ";" } ")" ) .
+VarSpec = IdentifierList ( Type [ "=" ExpressionList ] | "=" ExpressionList ) .
 </pre>
 
 <pre>
@@ -2899,7 +2950,7 @@ initialization value in the assignment.
 If that value is an untyped constant, it is first implicitly
 <a href="#Conversions">converted</a> to its <a href="#Constants">default type</a>;
 if it is an untyped boolean value, it is first implicitly converted to type <code>bool</code>.
-The predeclared value <code>nil</code> cannot be used to initialize a variable
+The predeclared identifier <code>nil</code> cannot be used to initialize a variable
 with no explicit type.
 </p>
 
@@ -3210,15 +3261,15 @@ Each element may optionally be preceded by a corresponding key.
 </p>
 
 <pre class="ebnf">
-CompositeLit  = LiteralType LiteralValue .
-LiteralType   = StructType | ArrayType | "[" "..." "]" ElementType |
-                SliceType | MapType | TypeName [ TypeArgs ] .
-LiteralValue  = "{" [ ElementList [ "," ] ] "}" .
-ElementList   = KeyedElement { "," KeyedElement } .
-KeyedElement  = [ Key ":" ] Element .
-Key           = FieldName | Expression | LiteralValue .
-FieldName     = identifier .
-Element       = Expression | LiteralValue .
+CompositeLit = LiteralType LiteralValue .
+LiteralType  = StructType | ArrayType | "[" "..." "]" ElementType |
+               SliceType | MapType | TypeName [ TypeArgs ] .
+LiteralValue = "{" [ ElementList [ "," ] ] "}" .
+ElementList  = KeyedElement { "," KeyedElement } .
+KeyedElement = [ Key ":" ] Element .
+Key          = FieldName | Expression | LiteralValue .
+FieldName    = identifier .
+Element      = Expression | LiteralValue .
 </pre>
 
 <p>
@@ -3450,22 +3501,21 @@ Primary expressions are the operands for unary and binary expressions.
 </p>
 
 <pre class="ebnf">
-PrimaryExpr =
-	Operand |
-	Conversion |
-	MethodExpr |
-	PrimaryExpr Selector |
-	PrimaryExpr Index |
-	PrimaryExpr Slice |
-	PrimaryExpr TypeAssertion |
-	PrimaryExpr Arguments .
+PrimaryExpr   = Operand |
+                Conversion |
+                MethodExpr |
+                PrimaryExpr Selector |
+                PrimaryExpr Index |
+                PrimaryExpr Slice |
+                PrimaryExpr TypeAssertion |
+                PrimaryExpr Arguments .
 
-Selector       = "." identifier .
-Index          = "[" Expression [ "," ] "]" .
-Slice          = "[" [ Expression ] ":" [ Expression ] "]" |
-                 "[" [ Expression ] ":" Expression ":" Expression "]" .
-TypeAssertion  = "." "(" Type ")" .
-Arguments      = "(" [ ( ExpressionList | Type [ "," ExpressionList ] ) [ "..." ] [ "," ] ] ")" .
+Selector      = "." identifier .
+Index         = "[" Expression [ "," ] "]" .
+Slice         = "[" [ Expression ] ":" [ Expression ] "]" |
+                "[" [ Expression ] ":" Expression ":" Expression "]" .
+TypeAssertion = "." "(" Type ")" .
+Arguments     = "(" [ ( ExpressionList | Type [ "," ExpressionList ] ) [ "..." ] [ "," ] ] ")" .
 </pre>
 
 
@@ -3638,8 +3688,8 @@ argument that is the receiver of the method.
 </p>
 
 <pre class="ebnf">
-MethodExpr    = ReceiverType "." MethodName .
-ReceiverType  = Type .
+MethodExpr   = ReceiverType "." MethodName .
+ReceiverType = Type .
 </pre>
 
 <p>
@@ -4230,8 +4280,7 @@ calls <code>f</code> with arguments <code>a1, a2, … an</code>.
 Except for one special case, arguments must be single-valued expressions
 <a href="#Assignability">assignable</a> to the parameter types of
 <code>F</code> and are evaluated before the function is called.
-The type of the expression is the result type
-of <code>F</code>.
+The type of the expression is the result type of <code>F</code>.
 A method invocation is similar but the method itself
 is specified as a selector upon a value of the receiver type for
 the method.
@@ -4252,9 +4301,14 @@ or used as a function value.
 <p>
 In a function call, the function value and arguments are evaluated in
 <a href="#Order_of_evaluation">the usual order</a>.
-After they are evaluated, the parameters of the call are passed by value to the function
+After they are evaluated, new storage is allocated for the function's
+<a href="#Variables">variables</a>, which includes its parameters
+and results.
+Then, the arguments of the call are <i>passed</i> to the function,
+which means that they are <a href="#Assignment_statements">assigned</a>
+to their corresponding function parameters,
 and the called function begins execution.
-The return parameters of the function are passed by value
+The return parameters of the function are passed
 back to the caller when the function returns.
 </p>
 
@@ -4268,9 +4322,9 @@ As a special case, if the return values of a function or method
 <code>g</code> are equal in number and individually
 assignable to the parameters of another function or method
 <code>f</code>, then the call <code>f(g(<i>parameters_of_g</i>))</code>
-will invoke <code>f</code> after binding the return values of
-<code>g</code> to the parameters of <code>f</code> in order.  The call
-of <code>f</code> must contain no parameters other than the call of <code>g</code>,
+will invoke <code>f</code> after passing the return values of
+<code>g</code> to the parameters of <code>f</code> in order.
+The call of <code>f</code> must contain no parameters other than the call of <code>g</code>,
 and <code>g</code> must have at least one return value.
 If <code>f</code> has a final <code>...</code> parameter, it is
 assigned the return values of <code>g</code> that remain after
@@ -4316,7 +4370,7 @@ If <code>f</code> is <a href="#Function_types">variadic</a> with a final
 parameter <code>p</code> of type <code>...T</code>, then within <code>f</code>
 the type of <code>p</code> is equivalent to type <code>[]T</code>.
 If <code>f</code> is invoked with no actual arguments for <code>p</code>,
-the value passed to <code>p</code> is <code>nil</code>.
+the value <a href="#Calls">passed</a> to <code>p</code> is <code>nil</code>.
 Otherwise, the value passed is a new slice
 of type <code>[]T</code> with a new underlying array whose successive elements
 are the actual arguments, which all must be <a href="#Assignability">assignable</a>
@@ -5632,6 +5686,8 @@ myString([]myRune{0x1f30e})              // "\U0001f30e" == "🌎"
 <li>
 Converting a value of a string type to a slice of bytes type
 yields a non-nil slice whose successive elements are the bytes of the string.
+The <a href="#Length_and_capacity">capacity</a> of the resulting slice is
+implementation-specific and may be larger than the slice length.
 
 <pre>
 []byte("hellø")             // []byte{'h', 'e', 'l', 'l', '\xc3', '\xb8'}
@@ -5647,6 +5703,8 @@ bytes("hellø")              // []byte{'h', 'e', 'l', 'l', '\xc3', '\xb8'}
 <li>
 Converting a value of a string type to a slice of runes type
 yields a slice containing the individual Unicode code points of the string.
+The <a href="#Length_and_capacity">capacity</a> of the resulting slice is
+implementation-specific and may be larger than the slice length.
 
 <pre>
 []rune(myString("白鵬翔"))   // []rune{0x767d, 0x9d6c, 0x7fd4}
@@ -5848,7 +5906,7 @@ Otherwise, when evaluating the <a href="#Operands">operands</a> of an
 expression, assignment, or
 <a href="#Return_statements">return statement</a>,
 all function calls, method calls,
-<a href="#Receive operator">receive operations</a>,
+<a href="#Receive_operator">receive operations</a>,
 and <a href="#Logical_operators">binary logical operations</a>
 are evaluated in lexical left-to-right order.
 </p>
@@ -5916,11 +5974,10 @@ Statements control execution.
 </p>
 
 <pre class="ebnf">
-Statement =
-	Declaration | LabeledStmt | SimpleStmt |
-	GoStmt | ReturnStmt | BreakStmt | ContinueStmt | GotoStmt |
-	FallthroughStmt | Block | IfStmt | SwitchStmt | SelectStmt | ForStmt |
-	DeferStmt .
+Statement  = Declaration | LabeledStmt | SimpleStmt |
+             GoStmt | ReturnStmt | BreakStmt | ContinueStmt | GotoStmt |
+             FallthroughStmt | Block | IfStmt | SwitchStmt | SelectStmt | ForStmt |
+             DeferStmt .
 
 SimpleStmt = EmptyStmt | ExpressionStmt | SendStmt | IncDecStmt | Assignment | ShortVarDecl .
 </pre>
@@ -6132,7 +6189,7 @@ matching number of variables.
 <pre class="ebnf">
 Assignment = ExpressionList assign_op ExpressionList .
 
-assign_op = [ add_op | mul_op ] "=" .
+assign_op  = [ add_op | mul_op ] "=" .
 </pre>
 
 <p>
@@ -6261,6 +6318,26 @@ to the type of the operand to which it is assigned, with the following special c
 </li>
 </ol>
 
+<p>
+When a value is assigned to a variable, only the data that is stored in the variable
+is replaced. If the value contains a <a href="#Representation_of_values">reference</a>,
+the assignment copies the reference but does not make a copy of the referenced data
+(such as the underlying array of a slice).
+</p>
+
+<pre>
+var s1 = []int{1, 2, 3}
+var s2 = s1                    // s2 stores the slice descriptor of s1
+s1 = s1[:1]                    // s1's length is 1 but it still shares its underlying array with s2
+s2[0] = 42                     // setting s2[0] changes s1[0] as well
+fmt.Println(s1, s2)            // prints [42] [42 2 3]
+
+var m1 = make(map[string]int)
+var m2 = m1                    // m2 stores the map descriptor of m1
+m1["foo"] = 42                 // setting m1["foo"] changes m2["foo"] as well
+fmt.Println(m2["foo"])         // prints 42
+</pre>
+
 <h3 id="If_statements">If statements</h3>
 
 <p>
@@ -6548,7 +6625,7 @@ The iteration may be controlled by a single condition, a "for" clause, or a "ran
 </p>
 
 <pre class="ebnf">
-ForStmt = "for" [ Condition | ForClause | RangeClause ] Block .
+ForStmt   = "for" [ Condition | ForClause | RangeClause ] Block .
 Condition = Expression .
 </pre>
 
@@ -6580,8 +6657,8 @@ an increment or decrement statement. The init statement may be a
 
 <pre class="ebnf">
 ForClause = [ InitStmt ] ";" [ Condition ] ";" [ PostStmt ] .
-InitStmt = SimpleStmt .
-PostStmt = SimpleStmt .
+InitStmt  = SimpleStmt .
+PostStmt  = SimpleStmt .
 </pre>
 
 <pre>
@@ -7909,7 +7986,7 @@ types, variables, and constants.
 </p>
 
 <pre class="ebnf">
-SourceFile       = PackageClause ";" { ImportDecl ";" } { TopLevelDecl ";" } .
+SourceFile = PackageClause ";" { ImportDecl ";" } { TopLevelDecl ";" } .
 </pre>
 
 <h3 id="Package_clause">Package clause</h3>
@@ -7920,8 +7997,8 @@ to which the file belongs.
 </p>
 
 <pre class="ebnf">
-PackageClause  = "package" PackageName .
-PackageName    = identifier .
+PackageClause = "package" PackageName .
+PackageName   = identifier .
 </pre>
 
 <p>
@@ -7950,9 +8027,9 @@ that specifies the package to be imported.
 </p>
 
 <pre class="ebnf">
-ImportDecl       = "import" ( ImportSpec | "(" { ImportSpec ";" } ")" ) .
-ImportSpec       = [ "." | PackageName ] ImportPath .
-ImportPath       = string_lit .
+ImportDecl = "import" ( ImportSpec | "(" { ImportSpec ";" } ")" ) .
+ImportSpec = [ "." | PackageName ] ImportPath .
+ImportPath = string_lit .
 </pre>
 
 <p>
@@ -8437,7 +8514,7 @@ var p ptr = nil
 <p>
 The functions <code>Alignof</code> and <code>Sizeof</code> take an expression <code>x</code>
 of any type and return the alignment or size, respectively, of a hypothetical variable <code>v</code>
-as if <code>v</code> was declared via <code>var v = x</code>.
+as if <code>v</code> were declared via <code>var v = x</code>.
 </p>
 <p>
 The function <code>Offsetof</code> takes a (possibly parenthesized) <a href="#Selectors">selector</a>

doc/initial/1-intro.md

@@ -1,9 +1,3 @@
-<!--
-NOTE: In this document and others in this directory, the convention is to
-set fixed-width phrases with non-fixed-width spaces, as in
-`hello` `world`.
--->
-
 <style>
   main ul li { margin: 0.5em 0; }
 </style>

lib/fips140/Makefile

@@ -27,7 +27,7 @@ default:
 # copy and edit the 'go run' command by hand to use a different branch.
 v%.zip:
 	git fetch origin master
-	go run ../../src/cmd/go/internal/fips140/mkzip.go -b master v$*
+	go run ../../src/cmd/go/internal/fips140/mkzip.go v$*
 
 # normally mkzip refuses to overwrite an existing zip file.
 # make v1.2.3.rm removes the zip file and and unpacked

lib/fips140/fips140.sum

@@ -9,3 +9,4 @@
 #
 #	go test cmd/go/internal/fips140 -update
 #
+v1.0.0.zip b50508feaeff05d22516b21e1fd210bbf5d6a1e422eaf2cfa23fe379342713b8

lib/time/update.bash

@@ -24,8 +24,8 @@
 # in the CL match the update.bash in the CL.
 
 # Versions to use.
-CODE=2024b
-DATA=2024b
+CODE=2025a
+DATA=2025a
 
 set -e
 

src/archive/tar/writer.go

@@ -424,6 +424,9 @@ func (tw *Writer) AddFS(fsys fs.FS) error {
 			return err
 		}
 		h.Name = name
+		if d.IsDir() {
+			h.Name += "/"
+		}
 		if err := tw.WriteHeader(h); err != nil {
 			return err
 		}

src/archive/tar/writer_test.go

@@ -1382,7 +1382,11 @@ func TestWriterAddFS(t *testing.T) {
 			t.Fatal(err)
 		}
 
-		if hdr.Name != name {
+		tmpName := name
+		if entryInfo.IsDir() {
+			tmpName += "/"
+		}
+		if hdr.Name != tmpName {
 			t.Errorf("test fs has filename %v; archive header has %v",
 				name, hdr.Name)
 		}

src/archive/zip/writer.go

@@ -520,6 +520,9 @@ func (w *Writer) AddFS(fsys fs.FS) error {
 			return err
 		}
 		h.Name = name
+		if d.IsDir() {
+			h.Name += "/"
+		}
 		h.Method = Deflate
 		fw, err := w.CreateHeader(h)
 		if err != nil {

src/archive/zip/writer_test.go

@@ -633,7 +633,7 @@ func TestWriterAddFS(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	// Add subfolder into fsys to match what we'll read from the tar.
+	// Add subfolder into fsys to match what we'll read from the zip.
 	tests = append(tests[:2:2], WriteTest{Name: "subfolder", Mode: 0o555 | os.ModeDir}, tests[2])
 
 	// read it back
@@ -642,6 +642,9 @@ func TestWriterAddFS(t *testing.T) {
 		t.Fatal(err)
 	}
 	for i, wt := range tests {
+		if wt.Mode.IsDir() {
+			wt.Name += "/"
+		}
 		testReadFile(t, r.File[i], &wt)
 	}
 }

src/builtin/builtin.go

@@ -162,12 +162,12 @@ func delete(m map[Type]Type1, key Type)
 
 // The len built-in function returns the length of v, according to its type:
 //
-//	Array: the number of elements in v.
-//	Pointer to array: the number of elements in *v (even if v is nil).
-//	Slice, or map: the number of elements in v; if v is nil, len(v) is zero.
-//	String: the number of bytes in v.
-//	Channel: the number of elements queued (unread) in the channel buffer;
-//	         if v is nil, len(v) is zero.
+//   - Array: the number of elements in v.
+//   - Pointer to array: the number of elements in *v (even if v is nil).
+//   - Slice, or map: the number of elements in v; if v is nil, len(v) is zero.
+//   - String: the number of bytes in v.
+//   - Channel: the number of elements queued (unread) in the channel buffer;
+//     if v is nil, len(v) is zero.
 //
 // For some arguments, such as a string literal or a simple array expression, the
 // result can be a constant. See the Go language specification's "Length and
@@ -176,12 +176,12 @@ func len(v Type) int
 
 // The cap built-in function returns the capacity of v, according to its type:
 //
-//	Array: the number of elements in v (same as len(v)).
-//	Pointer to array: the number of elements in *v (same as len(v)).
-//	Slice: the maximum length the slice can reach when resliced;
-//	if v is nil, cap(v) is zero.
-//	Channel: the channel buffer capacity, in units of elements;
-//	if v is nil, cap(v) is zero.
+//   - Array: the number of elements in v (same as len(v)).
+//   - Pointer to array: the number of elements in *v (same as len(v)).
+//   - Slice: the maximum length the slice can reach when resliced;
+//     if v is nil, cap(v) is zero.
+//   - Channel: the channel buffer capacity, in units of elements;
+//     if v is nil, cap(v) is zero.
 //
 // For some arguments, such as a simple array expression, the result can be a
 // constant. See the Go language specification's "Length and capacity" section for
@@ -194,18 +194,18 @@ func cap(v Type) int
 // argument, not a pointer to it. The specification of the result depends on
 // the type:
 //
-//	Slice: The size specifies the length. The capacity of the slice is
-//	equal to its length. A second integer argument may be provided to
-//	specify a different capacity; it must be no smaller than the
-//	length. For example, make([]int, 0, 10) allocates an underlying array
-//	of size 10 and returns a slice of length 0 and capacity 10 that is
-//	backed by this underlying array.
-//	Map: An empty map is allocated with enough space to hold the
-//	specified number of elements. The size may be omitted, in which case
-//	a small starting size is allocated.
-//	Channel: The channel's buffer is initialized with the specified
-//	buffer capacity. If zero, or the size is omitted, the channel is
-//	unbuffered.
+//   - Slice: The size specifies the length. The capacity of the slice is
+//     equal to its length. A second integer argument may be provided to
+//     specify a different capacity; it must be no smaller than the
+//     length. For example, make([]int, 0, 10) allocates an underlying array
+//     of size 10 and returns a slice of length 0 and capacity 10 that is
+//     backed by this underlying array.
+//   - Map: An empty map is allocated with enough space to hold the
+//     specified number of elements. The size may be omitted, in which case
+//     a small starting size is allocated.
+//   - Channel: The channel's buffer is initialized with the specified
+//     buffer capacity. If zero, or the size is omitted, the channel is
+//     unbuffered.
 func make(t Type, size ...IntegerType) Type
 
 // The max built-in function returns the largest value of a fixed number of
@@ -247,7 +247,7 @@ func imag(c ComplexType) FloatType
 // to the zero value of the respective element type. If the argument
 // type is a type parameter, the type parameter's type set must
 // contain only map or slice types, and clear performs the operation
-// implied by the type argument.
+// implied by the type argument. If t is nil, clear is a no-op.
 func clear[T ~[]Type | ~map[Type]Type1](t T)
 
 // The close built-in function closes a channel, which must be either

src/bytes/iter.go

@@ -67,26 +67,26 @@ func splitSeq(s, sep []byte, sepSave int) iter.Seq[[]byte] {
 	}
 }
 
-// SplitSeq returns an iterator over all substrings of s separated by sep.
-// The iterator yields the same strings that would be returned by Split(s, sep),
-// but without constructing the slice.
+// SplitSeq returns an iterator over all subslices of s separated by sep.
+// The iterator yields the same subslices that would be returned by [Split](s, sep),
+// but without constructing a new slice containing the subslices.
 // It returns a single-use iterator.
 func SplitSeq(s, sep []byte) iter.Seq[[]byte] {
 	return splitSeq(s, sep, 0)
 }
 
-// SplitAfterSeq returns an iterator over substrings of s split after each instance of sep.
-// The iterator yields the same strings that would be returned by SplitAfter(s, sep),
-// but without constructing the slice.
+// SplitAfterSeq returns an iterator over subslices of s split after each instance of sep.
+// The iterator yields the same subslices that would be returned by [SplitAfter](s, sep),
+// but without constructing a new slice containing the subslices.
 // It returns a single-use iterator.
 func SplitAfterSeq(s, sep []byte) iter.Seq[[]byte] {
 	return splitSeq(s, sep, len(sep))
 }
 
-// FieldsSeq returns an iterator over substrings of s split around runs of
-// whitespace characters, as defined by unicode.IsSpace.
-// The iterator yields the same strings that would be returned by Fields(s),
-// but without constructing the slice.
+// FieldsSeq returns an iterator over subslices of s split around runs of
+// whitespace characters, as defined by [unicode.IsSpace].
+// The iterator yields the same subslices that would be returned by [Fields](s),
+// but without constructing a new slice containing the subslices.
 func FieldsSeq(s []byte) iter.Seq[[]byte] {
 	return func(yield func([]byte) bool) {
 		start := -1
@@ -116,10 +116,10 @@ func FieldsSeq(s []byte) iter.Seq[[]byte] {
 	}
 }
 
-// FieldsFuncSeq returns an iterator over substrings of s split around runs of
+// FieldsFuncSeq returns an iterator over subslices of s split around runs of
 // Unicode code points satisfying f(c).
-// The iterator yields the same strings that would be returned by FieldsFunc(s),
-// but without constructing the slice.
+// The iterator yields the same subslices that would be returned by [FieldsFunc](s),
+// but without constructing a new slice containing the subslices.
 func FieldsFuncSeq(s []byte, f func(rune) bool) iter.Seq[[]byte] {
 	return func(yield func([]byte) bool) {
 		start := -1

src/cmd/api/api_test.go

@@ -57,7 +57,10 @@ func TestGolden(t *testing.T) {
 		// TODO(gri) remove extra pkg directory eventually
 		goldenFile := filepath.Join("testdata", "src", "pkg", fi.Name(), "golden.txt")
 		w := NewWalker(nil, "testdata/src/pkg")
-		pkg, _ := w.import_(fi.Name())
+		pkg, err := w.import_(fi.Name())
+		if err != nil {
+			t.Fatalf("import %s: %v", fi.Name(), err)
+		}
 		w.export(pkg)
 
 		if *updateGolden {
@@ -201,7 +204,13 @@ func BenchmarkAll(b *testing.B) {
 		for _, context := range contexts {
 			w := NewWalker(context, filepath.Join(testenv.GOROOT(b), "src"))
 			for _, name := range w.stdPackages {
-				pkg, _ := w.import_(name)
+				pkg, err := w.import_(name)
+				if _, nogo := err.(*build.NoGoError); nogo {
+					continue
+				}
+				if err != nil {
+					b.Fatalf("import %s (%s-%s): %v", name, context.GOOS, context.GOARCH, err)
+				}
 				w.export(pkg)
 			}
 			w.Features()
@@ -239,8 +248,7 @@ func TestIssue21181(t *testing.T) {
 		w := NewWalker(context, "testdata/src/issue21181")
 		pkg, err := w.import_("p")
 		if err != nil {
-			t.Fatalf("%s: (%s-%s) %s %v", err, context.GOOS, context.GOARCH,
-				pkg.Name(), w.imported)
+			t.Fatalf("import %s (%s-%s): %v", "p", context.GOOS, context.GOARCH, err)
 		}
 		w.export(pkg)
 	}

src/cmd/cgo/doc.go

@@ -796,7 +796,7 @@ Instead, the build process generates an object file using dynamic
 linkage to the desired libraries. The main function is provided by
 _cgo_main.c:
 
-	int main() { return 0; }
+	int main(int argc, char **argv) { return 0; }
 	void crosscall2(void(*fn)(void*), void *a, int c, uintptr_t ctxt) { }
 	uintptr_t _cgo_wait_runtime_init_done(void) { return 0; }
 	void _cgo_release_context(uintptr_t ctxt) { }

src/cmd/cgo/out.go

@@ -59,7 +59,7 @@ func (p *Package) writeDefs() {
 
 	// Write C main file for using gcc to resolve imports.
 	fmt.Fprintf(fm, "#include <stddef.h>\n") // For size_t below.
-	fmt.Fprintf(fm, "int main() { return 0; }\n")
+	fmt.Fprintf(fm, "int main(int argc __attribute__((unused)), char **argv __attribute__((unused))) { return 0; }\n")
 	if *importRuntimeCgo {
 		fmt.Fprintf(fm, "void crosscall2(void(*fn)(void*) __attribute__((unused)), void *a __attribute__((unused)), int c __attribute__((unused)), size_t ctxt __attribute__((unused))) { }\n")
 		fmt.Fprintf(fm, "size_t _cgo_wait_runtime_init_done(void) { return 0; }\n")

src/cmd/compile/doc.go

@@ -15,7 +15,7 @@ the package and about types used by symbols imported by the package from
 other packages. It is therefore not necessary when compiling client C of
 package P to read the files of P's dependencies, only the compiled output of P.
 
-Command Line
+# Command Line
 
 Usage:
 
@@ -150,14 +150,21 @@ Flags to debug the compiler itself:
 	-w
 		Debug type checking.
 
-Compiler Directives
+# Compiler Directives
 
 The compiler accepts directives in the form of comments.
-To distinguish them from non-directive comments, directives
-require no space between the comment opening and the name of the directive. However, since
-they are comments, tools unaware of the directive convention or of a particular
+Each directive must be placed its own line, with only leading spaces and tabs
+allowed before the comment, and there must be no space between the comment
+opening and the name of the directive, to distinguish it from a regular comment.
+Tools unaware of the directive convention or of a particular
 directive can skip over a directive like any other comment.
+
+Other than the line directive, which is a historical special case;
+all other compiler directives are of the form
+//go:name, indicating that they are defined by the Go toolchain.
 */
+// # Line Directives
+//
 // Line directives come in several forms:
 //
 // 	//line :line
@@ -197,12 +204,9 @@ directive can skip over a directive like any other comment.
 // Line directives typically appear in machine-generated code, so that compilers and debuggers
 // will report positions in the original input to the generator.
 /*
-The line directive is a historical special case; all other directives are of the form
-//go:name, indicating that they are defined by the Go toolchain.
-Each directive must be placed its own line, with only leading spaces and tabs
-allowed before the comment.
-Each directive applies to the Go code that immediately follows it,
-which typically must be a declaration.
+# Function Directives
+
+A function directive applies to the Go function that immediately follows it.
 
 	//go:noescape
 
@@ -245,6 +249,8 @@ It specifies that the function must omit its usual stack overflow check.
 This is most commonly used by low-level runtime code invoked
 at times when it is unsafe for the calling goroutine to be preempted.
 
+# Linkname Directive
+
 	//go:linkname localname [importpath.name]
 
 The //go:linkname directive conventionally precedes the var or func
@@ -295,17 +301,34 @@ The declaration of lower.f may also have a linkname directive with a
 single argument, f. This is optional, but helps alert the reader that
 the function is accessed from outside the package.
 
+# WebAssembly Directives
+
 	//go:wasmimport importmodule importname
 
 The //go:wasmimport directive is wasm-only and must be followed by a
-function declaration.
+function declaration with no body.
 It specifies that the function is provided by a wasm module identified
-by ``importmodule`` and ``importname``.
+by ``importmodule'' and ``importname''. For example,
 
 	//go:wasmimport a_module f
 	func g()
 
-The types of parameters and return values to the Go function are translated to
+causes g to refer to the WebAssembly function f from module a_module.
+
+	//go:wasmexport exportname
+
+The //go:wasmexport directive is wasm-only and must be followed by a
+function definition.
+It specifies that the function is exported to the wasm host as ``exportname''.
+For example,
+
+	//go:wasmexport h
+	func hWasm() { ... }
+
+make Go function hWasm available outside this WebAssembly module as h.
+
+For both go:wasmimport and go:wasmexport,
+the types of parameters and return values to the Go function are translated to
 Wasm according to the following table:
 
     Go types        Wasm types
@@ -318,24 +341,12 @@ Wasm according to the following table:
     pointer         i32 (more restrictions below)
     string          (i32, i32) (only permitted as a parameters, not a result)
 
+Any other parameter types are disallowed by the compiler.
+
 For a pointer type, its element type must be a bool, int8, uint8, int16, uint16,
 int32, uint32, int64, uint64, float32, float64, an array whose element type is
 a permitted pointer element type, or a struct, which, if non-empty, embeds
-structs.HostLayout, and contains only fields whose types are permitted pointer
+[structs.HostLayout], and contains only fields whose types are permitted pointer
 element types.
-
-Any other parameter types are disallowed by the compiler.
-
-	//go:wasmexport exportname
-
-The //go:wasmexport directive is wasm-only and must be followed by a
-function definition.
-It specifies that the function is exported to the wasm host as ``exportname``.
-
-	//go:wasmexport f
-	func g()
-
-The types of parameters and return values to the Go function are permitted and
-translated to Wasm in the same way as //go:wasmimport functions.
 */
 package main

src/cmd/compile/internal/ssa/_gen/rulegen.go

@@ -5,7 +5,8 @@
 // This program generates Go code that applies rewrite rules to a Value.
 // The generated code implements a function of type func (v *Value) bool
 // which reports whether if did something.
-// Ideas stolen from Swift: http://www.hpl.hp.com/techreports/Compaq-DEC/WRL-2000-2.html
+// Ideas stolen from the Swift Java compiler:
+// https://bitsavers.org/pdf/dec/tech_reports/WRL-2000-2.pdf
 
 package main
 

src/cmd/compile/internal/ssa/writebarrier.go

@@ -252,6 +252,7 @@ func writebarrier(f *Func) {
 		var start, end int
 		var nonPtrStores int
 		values := b.Values
+		hasMove := false
 	FindSeq:
 		for i := len(values) - 1; i >= 0; i-- {
 			w := values[i]
@@ -263,6 +264,9 @@ func writebarrier(f *Func) {
 					end = i + 1
 				}
 				nonPtrStores = 0
+				if w.Op == OpMoveWB {
+					hasMove = true
+				}
 			case OpVarDef, OpVarLive:
 				continue
 			case OpStore:
@@ -273,6 +277,17 @@ func writebarrier(f *Func) {
 				if nonPtrStores > 2 {
 					break FindSeq
 				}
+				if hasMove {
+					// We need to ensure that this store happens
+					// before we issue a wbMove, as the wbMove might
+					// use the result of this store as its source.
+					// Even though this store is not write-barrier
+					// eligible, it might nevertheless be the store
+					// of a pointer to the stack, which is then the
+					// source of the move.
+					// See issue 71228.
+					break FindSeq
+				}
 			default:
 				if last == nil {
 					continue

src/cmd/compile/internal/ssagen/ssa.go

@@ -5452,12 +5452,15 @@ func (s *state) referenceTypeBuiltin(n *ir.UnaryExpr, x *ssa.Value) *ssa.Value {
 	if n.X.Type().IsChan() && n.Op() == ir.OCAP {
 		s.Fatalf("cannot inline cap(chan)") // must use runtime.chancap now
 	}
+	if n.X.Type().IsMap() && n.Op() == ir.OCAP {
+		s.Fatalf("cannot inline cap(map)") // cap(map) does not exist
+	}
 	// if n == nil {
 	//   return 0
 	// } else {
-	//   // len
-	//   return *((*int)n)
-	//   // cap
+	//   // len, the actual loadType depends
+	//   return int(*((*loadType)n))
+	//   // cap (chan only, not used for now)
 	//   return *(((*int)n)+1)
 	// }
 	lenType := n.Type()
@@ -5485,7 +5488,9 @@ func (s *state) referenceTypeBuiltin(n *ir.UnaryExpr, x *ssa.Value) *ssa.Value {
 	case ir.OLEN:
 		if buildcfg.Experiment.SwissMap && n.X.Type().IsMap() {
 			// length is stored in the first word.
-			s.vars[n] = s.load(lenType, x)
+			loadType := reflectdata.SwissMapType().Field(0).Type // uint64
+			load := s.load(loadType, x)
+			s.vars[n] = s.conv(nil, load, loadType, lenType) // integer conversion doesn't need Node
 		} else {
 			// length is stored in the first word for map/chan
 			s.vars[n] = s.load(lenType, x)

src/cmd/compile/internal/syntax/testdata/issue70974.go

@@ -0,0 +1,17 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package p
+
+func _() {
+M:
+L:
+	for range 0 {
+		break L
+		break /* ERROR invalid break label M */ M
+	}
+	for range 0 {
+		break /* ERROR invalid break label L */ L
+	}
+}

src/cmd/compile/internal/typecheck/_builtin/runtime.go

@@ -152,12 +152,14 @@ func mapassign_fast32ptr(mapType *byte, hmap map[any]any, key unsafe.Pointer) (v
 func mapassign_fast64(mapType *byte, hmap map[any]any, key uint64) (val *any)
 func mapassign_fast64ptr(mapType *byte, hmap map[any]any, key unsafe.Pointer) (val *any)
 func mapassign_faststr(mapType *byte, hmap map[any]any, key string) (val *any)
-func mapiterinit(mapType *byte, hmap map[any]any, hiter *any)
+func mapiterinit(mapType *byte, hmap map[any]any, hiter *any)  // old maps
+func mapIterStart(mapType *byte, hmap map[any]any, hiter *any) // swiss maps
 func mapdelete(mapType *byte, hmap map[any]any, key *any)
 func mapdelete_fast32(mapType *byte, hmap map[any]any, key uint32)
 func mapdelete_fast64(mapType *byte, hmap map[any]any, key uint64)
 func mapdelete_faststr(mapType *byte, hmap map[any]any, key string)
-func mapiternext(hiter *any)
+func mapiternext(hiter *any) // old maps
+func mapIterNext(hiter *any) // swiss maps
 func mapclear(mapType *byte, hmap map[any]any)
 
 // *byte is really *runtime.Type

src/cmd/compile/internal/typecheck/builtin.go

@@ -131,11 +131,13 @@ var runtimeDecls = [...]struct {
 	{"mapassign_fast64ptr", funcTag, 96},
 	{"mapassign_faststr", funcTag, 89},
 	{"mapiterinit", funcTag, 97},
+	{"mapIterStart", funcTag, 97},
 	{"mapdelete", funcTag, 97},
 	{"mapdelete_fast32", funcTag, 98},
 	{"mapdelete_fast64", funcTag, 99},
 	{"mapdelete_faststr", funcTag, 100},
 	{"mapiternext", funcTag, 101},
+	{"mapIterNext", funcTag, 101},
 	{"mapclear", funcTag, 102},
 	{"makechan64", funcTag, 104},
 	{"makechan", funcTag, 105},

src/cmd/compile/internal/types2/README.md

@@ -56,7 +56,7 @@ The tests are in:
 Tests are .go files annotated with `/* ERROR "msg" */` or `/* ERRORx "msg" */`
 comments (or the respective line comment form).
 For each such error comment, typechecking the respective file is expected to
-report an error at the position of the syntactic token _immediately preceeding_
+report an error at the position of the syntactic token _immediately preceding_
 the comment.
 For `ERROR`, the `"msg"` string must be a substring of the error message
 reported by the typechecker;

src/cmd/compile/internal/types2/api.go

@@ -208,11 +208,19 @@ type Info struct {
 	//
 	// The Types map does not record the type of every identifier,
 	// only those that appear where an arbitrary expression is
-	// permitted. For instance, the identifier f in a selector
-	// expression x.f is found only in the Selections map, the
-	// identifier z in a variable declaration 'var z int' is found
-	// only in the Defs map, and identifiers denoting packages in
-	// qualified identifiers are collected in the Uses map.
+	// permitted. For instance:
+	// - an identifier f in a selector expression x.f is found
+	//   only in the Selections map;
+	// - an identifier z in a variable declaration 'var z int'
+	//   is found only in the Defs map;
+	// - an identifier p denoting a package in a qualified
+	//   identifier p.X is found only in the Uses map.
+	//
+	// Similarly, no type is recorded for the (synthetic) FuncType
+	// node in a FuncDecl.Type field, since there is no corresponding
+	// syntactic function type expression in the source in this case
+	// Instead, the function type is found in the Defs.map entry for
+	// the corresponding function declaration.
 	Types map[syntax.Expr]TypeAndValue
 
 	// If StoreTypesInSyntax is set, type information identical to

src/cmd/compile/internal/types2/call.go

@@ -142,6 +142,9 @@ func (check *Checker) instantiateSignature(pos syntax.Pos, expr syntax.Expr, typ
 		}()
 	}
 
+	// For signatures, Checker.instance will always succeed because the type argument
+	// count is correct at this point (see assertion above); hence the type assertion
+	// to *Signature will always succeed.
 	inst := check.instance(pos, typ, targs, nil, check.context()).(*Signature)
 	assert(inst.TypeParams().Len() == 0) // signature is not generic anymore
 	check.recordInstance(expr, targs, inst)

src/cmd/compile/internal/types2/initorder.go

@@ -10,6 +10,7 @@ import (
 	"fmt"
 	. "internal/types/errors"
 	"slices"
+	"sort"
 )
 
 // initOrder computes the Info.InitOrder for package variables.
@@ -139,7 +140,16 @@ func findPath(objMap map[Object]*declInfo, from, to Object, seen map[Object]bool
 	}
 	seen[from] = true
 
+	// sort deps for deterministic result
+	var deps []Object
 	for d := range objMap[from].deps {
+		deps = append(deps, d)
+	}
+	sort.Slice(deps, func(i, j int) bool {
+		return deps[i].order() < deps[j].order()
+	})
+
+	for _, d := range deps {
 		if d == to {
 			return []Object{d}
 		}

src/cmd/compile/internal/types2/instantiate.go

@@ -74,7 +74,8 @@ func Instantiate(ctxt *Context, orig Type, targs []Type, validate bool) (Type, e
 // instance instantiates the given original (generic) function or type with the
 // provided type arguments and returns the resulting instance. If an identical
 // instance exists already in the given contexts, it returns that instance,
-// otherwise it creates a new one.
+// otherwise it creates a new one. If there is an error (such as wrong number
+// of type arguments), the result is Typ[Invalid].
 //
 // If expanding is non-nil, it is the Named instance type currently being
 // expanded. If ctxt is non-nil, it is the context associated with the current
@@ -133,9 +134,13 @@ func (check *Checker) instance(pos syntax.Pos, orig genericType, targs []Type, e
 			assert(expanding == nil) // Alias instances cannot be reached from Named types
 		}
 
+		// verify type parameter count (see go.dev/issue/71198 for a test case)
 		tparams := orig.TypeParams()
-		// TODO(gri) investigate if this is needed (type argument and parameter count seem to be correct here)
-		if !check.validateTArgLen(pos, orig.String(), tparams.Len(), len(targs)) {
+		if !check.validateTArgLen(pos, orig.obj.Name(), tparams.Len(), len(targs)) {
+			// TODO(gri) Consider returning a valid alias instance with invalid
+			//           underlying (aliased) type to match behavior of *Named
+			//           types. Then this function will never return an invalid
+			//           result.
 			return Typ[Invalid]
 		}
 		if tparams.Len() == 0 {

src/cmd/compile/internal/types2/signature.go

@@ -174,7 +174,7 @@ func (check *Checker) collectRecv(rparam *syntax.Field, scopePos syntax.Pos) (*V
 	} else {
 		// If there are type parameters, rbase must denote a generic base type.
 		// Important: rbase must be resolved before declaring any receiver type
-		// parameters (wich may have the same name, see below).
+		// parameters (which may have the same name, see below).
 		var baseType *Named // nil if not valid
 		var cause string
 		if t := check.genericType(rbase, &cause); isValid(t) {

src/cmd/compile/internal/types2/stmt.go

@@ -1057,8 +1057,13 @@ func rangeKeyVal(typ Type, allowVersion func(goVersion) bool) (key, val Type, ca
 			return bad("func must be func(yield func(...) bool): argument is not func")
 		case cb.Params().Len() > 2:
 			return bad("func must be func(yield func(...) bool): yield func has too many parameters")
-		case cb.Results().Len() != 1 || !isBoolean(cb.Results().At(0).Type()):
-			return bad("func must be func(yield func(...) bool): yield func does not return bool")
+		case cb.Results().Len() != 1 || !Identical(cb.Results().At(0).Type(), universeBool):
+			// see go.dev/issues/71131, go.dev/issues/71164
+			if cb.Results().Len() == 1 && isBoolean(cb.Results().At(0).Type()) {
+				return bad("func must be func(yield func(...) bool): yield func returns user-defined boolean, not bool")
+			} else {
+				return bad("func must be func(yield func(...) bool): yield func does not return bool")
+			}
 		}
 		assert(cb.Recv() == nil)
 		// determine key and value types, if any

src/cmd/compile/internal/types2/testdata/local/issue71254.go

@@ -0,0 +1,14 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package p
+
+const (
+	B /* ERROR "initialization cycle: B refers to itself" */ = A + B
+	A /* ERRORx "initialization cycle for A\\s+.*A refers to B\\s+.*B refers to A" */ = A + B
+
+	C /* ERRORx "initialization cycle for C\\s+.*C refers to D\\s+.*D refers to C" */ = E + D
+	D /* ERRORx "initialization cycle for D\\s+.*D refers to C\\s+.*C refers to D" */ = E + C
+	E = D + C
+)

src/cmd/compile/internal/types2/testdata/manual.go

@@ -1,4 +1,4 @@
-// Copyright 2024 The Go Authors. All rights reserved.
+// Copyright 2025 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 

src/cmd/compile/internal/types2/typexpr.go

@@ -423,11 +423,6 @@ func setDefType(def *TypeName, typ Type) {
 	if def != nil {
 		switch t := def.typ.(type) {
 		case *Alias:
-			// t.fromRHS should always be set, either to an invalid type
-			// in the beginning, or to typ in certain cyclic declarations.
-			if t.fromRHS != Typ[Invalid] && t.fromRHS != typ {
-				panic(sprintf(nil, true, "t.fromRHS = %s, typ = %s\n", t.fromRHS, typ))
-			}
 			t.fromRHS = typ
 		case *Basic:
 			assert(t == Typ[Invalid])
@@ -475,9 +470,14 @@ func (check *Checker) instantiatedType(x syntax.Expr, xlist []syntax.Expr, def *
 	}
 
 	// create instance
-	// The instance is not generic anymore as it has type arguments, but it still
-	// satisfies the genericType interface because it has type parameters, too.
-	inst := check.instance(x.Pos(), gtyp, targs, nil, check.context()).(genericType)
+	// The instance is not generic anymore as it has type arguments, but unless
+	// instantiation failed, it still satisfies the genericType interface because
+	// it has type parameters, too.
+	ityp := check.instance(x.Pos(), gtyp, targs, nil, check.context())
+	inst, _ := ityp.(genericType)
+	if inst == nil {
+		return Typ[Invalid]
+	}
 
 	// For Named types, orig.tparams may not be set up, so we need to do expansion later.
 	check.later(func() {

src/cmd/compile/internal/types2/universe.go

@@ -21,6 +21,7 @@ var Unsafe *Package
 
 var (
 	universeIota       Object
+	universeBool       Type
 	universeByte       Type // uint8 alias, but has name "byte"
 	universeRune       Type // int32 alias, but has name "rune"
 	universeAnyNoAlias *TypeName
@@ -275,6 +276,7 @@ func init() {
 	defPredeclaredFuncs()
 
 	universeIota = Universe.Lookup("iota")
+	universeBool = Universe.Lookup("bool").Type()
 	universeByte = Universe.Lookup("byte").Type()
 	universeRune = Universe.Lookup("rune").Type()
 	universeError = Universe.Lookup("error").Type()

src/cmd/compile/internal/walk/range.go

@@ -244,19 +244,24 @@ func walkRange(nrange *ir.RangeStmt) ir.Node {
 		// depends on layout of iterator struct.
 		// See cmd/compile/internal/reflectdata/reflect.go:MapIterType
 		var keysym, elemsym *types.Sym
+		var iterInit, iterNext string
 		if buildcfg.Experiment.SwissMap {
 			keysym = th.Field(0).Sym
 			elemsym = th.Field(1).Sym // ditto
+			iterInit = "mapIterStart"
+			iterNext = "mapIterNext"
 		} else {
 			keysym = th.Field(0).Sym
 			elemsym = th.Field(1).Sym // ditto
+			iterInit = "mapiterinit"
+			iterNext = "mapiternext"
 		}
 
-		fn := typecheck.LookupRuntime("mapiterinit", t.Key(), t.Elem(), th)
+		fn := typecheck.LookupRuntime(iterInit, t.Key(), t.Elem(), th)
 		init = append(init, mkcallstmt1(fn, reflectdata.RangeMapRType(base.Pos, nrange), ha, typecheck.NodAddr(hit)))
 		nfor.Cond = ir.NewBinaryExpr(base.Pos, ir.ONE, ir.NewSelectorExpr(base.Pos, ir.ODOT, hit, keysym), typecheck.NodNil())
 
-		fn = typecheck.LookupRuntime("mapiternext", th)
+		fn = typecheck.LookupRuntime(iterNext, th)
 		nfor.Post = mkcallstmt1(fn, typecheck.NodAddr(hit))
 
 		key := ir.NewStarExpr(base.Pos, typecheck.ConvNop(ir.NewSelectorExpr(base.Pos, ir.ODOT, hit, keysym), types.NewPtr(t.Key())))

src/cmd/covdata/dump.go

@@ -331,7 +331,7 @@ func (d *dstate) Finish() {
 			d.format.EmitFuncs(os.Stdout)
 		}
 		if d.textfmtoutf != nil {
-			if err := d.format.EmitTextual(d.textfmtoutf); err != nil {
+			if err := d.format.EmitTextual(nil, d.textfmtoutf); err != nil {
 				fatal("writing to %s: %v", *textfmtoutflag, err)
 			}
 		}

src/cmd/dist/test.go

@@ -876,16 +876,18 @@ func (t *tester) registerTests() {
 	}
 
 	if t.extLink() && !t.compileOnly {
-		t.registerTest("external linking, -buildmode=exe",
-			&goTest{
-				variant:   "exe_external",
-				timeout:   60 * time.Second,
-				buildmode: "exe",
-				ldflags:   "-linkmode=external",
-				env:       []string{"CGO_ENABLED=1"},
-				pkg:       "crypto/internal/fips140test",
-				runTests:  "TestFIPSCheck",
-			})
+		if goos != "android" { // Android does not support non-PIE linking
+			t.registerTest("external linking, -buildmode=exe",
+				&goTest{
+					variant:   "exe_external",
+					timeout:   60 * time.Second,
+					buildmode: "exe",
+					ldflags:   "-linkmode=external",
+					env:       []string{"CGO_ENABLED=1"},
+					pkg:       "crypto/internal/fips140test",
+					runTests:  "TestFIPSCheck",
+				})
+		}
 		if t.externalLinkPIE() && !disablePIE {
 			t.registerTest("external linking, -buildmode=pie",
 				&goTest{
@@ -1795,6 +1797,8 @@ func isEnvSet(evar string) bool {
 }
 
 func (t *tester) fipsSupported() bool {
+	// Keep this in sync with [crypto/internal/fips140.Supported].
+
 	// Use GOFIPS140 or GOEXPERIMENT=boringcrypto, but not both.
 	if strings.Contains(goexperiment, "boringcrypto") {
 		return false
@@ -1808,6 +1812,7 @@ func (t *tester) fipsSupported() bool {
 	case goarch == "wasm",
 		goos == "windows" && goarch == "386",
 		goos == "windows" && goarch == "arm",
+		goos == "openbsd",
 		goos == "aix":
 		return false
 	}

src/cmd/go.mod

@@ -11,7 +11,7 @@ require (
 	golang.org/x/sys v0.28.0
 	golang.org/x/telemetry v0.0.0-20241204182053-c0ac0e154df3
 	golang.org/x/term v0.27.0
-	golang.org/x/tools v0.28.0
+	golang.org/x/tools v0.28.1-0.20250131145412-98746475647e
 )
 
 require (

src/cmd/go.sum

@@ -22,7 +22,7 @@ golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q=
 golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM=
 golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
 golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.28.1-0.20250131145412-98746475647e h1:6Kzwg7JxW2HRWToKpIKqlpF8l8XMasoALX3OcAMdgL8=
+golang.org/x/tools v0.28.1-0.20250131145412-98746475647e/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
 rsc.io/markdown v0.0.0-20240306144322-0bf8f97ee8ef h1:mqLYrXCXYEZOop9/Dbo6RPX11539nwiCNBb1icVPmw8=
 rsc.io/markdown v0.0.0-20240306144322-0bf8f97ee8ef/go.mod h1:8xcPgWmwlZONN1D9bjxtHEjrUtSEa3fakVF8iaewYKQ=

src/cmd/go/alldocs.go

@@ -739,11 +739,6 @@
 //
 // For more about specifying packages, see 'go help packages'.
 //
-// This text describes the behavior of get using modules to manage source
-// code and dependencies. If instead the go command is running in GOPATH
-// mode, the details of get's flags and effects change, as does 'go help get'.
-// See 'go help gopath-get'.
-//
 // See also: go build, go install, go clean, go mod.
 //
 // # Compile and install packages and dependencies
@@ -2186,7 +2181,7 @@
 // fields of all events to reconstruct the text format output, as it would
 // have appeared from go build without the -json flag.
 //
-// Note that there may also be non-JSON error text on stdnard error, even
+// Note that there may also be non-JSON error text on standard error, even
 // with the -json flag. Typically, this indicates an early, serious error.
 // Consumers should be robust to this.
 //
@@ -2250,7 +2245,7 @@
 //
 // The second is the SWIG program, which is a general tool for
 // interfacing between languages. For information on SWIG see
-// http://swig.org/. When running go build, any file with a .swig
+// https://swig.org/. When running go build, any file with a .swig
 // extension will be passed to SWIG. Any file with a .swigcxx extension
 // will be passed to SWIG with the -c++ option.
 //
@@ -2338,9 +2333,14 @@
 //	GOCACHE
 //		The directory where the go command will store cached
 //		information for reuse in future builds.
+//	GOCACHEPROG
+//		A command (with optional space-separated flags) that implements an
+//		external go command build cache.
+//		See 'go doc cmd/go/internal/cacheprog'.
 //	GODEBUG
-//		Enable various debugging facilities. See https://go.dev/doc/godebug
-//		for details.
+//		Enable various debugging facilities for programs built with Go,
+//		including the go command. Cannot be set using 'go env -w'.
+//		See https://go.dev/doc/godebug for details.
 //	GOENV
 //		The location of the Go environment configuration file.
 //		Cannot be set using 'go env -w'.
@@ -2448,6 +2448,11 @@
 //	GOARM
 //		For GOARCH=arm, the ARM architecture for which to compile.
 //		Valid values are 5, 6, 7.
+//		When the Go tools are built on an arm system,
+//		the default value is set based on what the build system supports.
+//		When the Go tools are not built on an arm system
+//		(that is, when building a cross-compiler),
+//		the default value is 7.
 //		The value can be followed by an option specifying how to implement floating point instructions.
 //		Valid options are ,softfloat (default for 5) and ,hardfloat (default for 6 and 7).
 //	GOARM64
@@ -2612,7 +2617,7 @@
 //		Example: Data
 //
 //	If the server responds with any 4xx code, the go command will write the
-//	following to the programs' stdin:
+//	following to the program's stdin:
 //		Response      = StatusLine { HeaderLine } BlankLine .
 //		StatusLine    = Protocol Space Status '\n' .
 //		Protocol      = /* HTTP protocol */ .
@@ -2627,8 +2632,7 @@
 //		Content-Type: text/plain; charset=utf-8
 //		Date: Thu, 07 Nov 2024 18:43:09 GMT
 //
-//	Note: at least for HTTP 1.1, the contents written to stdin can be parsed
-//	as an HTTP response.
+//	Note: it is safe to use net/http.ReadResponse to parse this input.
 //
 // Before the first HTTPS fetch, the go command will invoke each GOAUTH
 // command in the list with no additional arguments and no input.
@@ -2969,11 +2973,7 @@
 // same meta tag and then git clone https://code.org/r/p/exproj into
 // GOPATH/src/example.org.
 //
-// When using GOPATH, downloaded packages are written to the first directory
-// listed in the GOPATH environment variable.
-// (See 'go help gopath-get' and 'go help gopath'.)
-//
-// When using modules, downloaded packages are stored in the module cache.
+// Downloaded packages are stored in the module cache.
 // See https://golang.org/ref/mod#module-cache.
 //
 // When using modules, an additional variant of the go-import meta tag is

src/cmd/go/internal/auth/auth.go

@@ -12,7 +12,6 @@ import (
 	"log"
 	"net/http"
 	"os"
-	"path"
 	"path/filepath"
 	"slices"
 	"strings"
@@ -71,9 +70,15 @@ func runGoAuth(client *http.Client, res *http.Response, url string) {
 		case "netrc":
 			lines, err := readNetrc()
 			if err != nil {
-				base.Fatalf("go: could not parse netrc (GOAUTH=%s): %v", cfg.GOAUTH, err)
+				cmdErrs = append(cmdErrs, fmt.Errorf("GOAUTH=%s: %v", command, err))
+				continue
 			}
-			for _, l := range lines {
+			// Process lines in reverse so that if the same machine is listed
+			// multiple times, we end up saving the earlier one
+			// (overwriting later ones). This matches the way the go command
+			// worked before GOAUTH.
+			for i := len(lines) - 1; i >= 0; i-- {
+				l := lines[i]
 				r := http.Request{Header: make(http.Header)}
 				r.SetBasicAuth(l.login, l.password)
 				storeCredential(l.machine, r.Header)
@@ -137,11 +142,13 @@ func runGoAuth(client *http.Client, res *http.Response, url string) {
 func loadCredential(req *http.Request, url string) bool {
 	currentPrefix := strings.TrimPrefix(url, "https://")
 	// Iteratively try prefixes, moving up the path hierarchy.
-	for currentPrefix != "/" && currentPrefix != "." && currentPrefix != "" {
+	for {
 		headers, ok := credentialCache.Load(currentPrefix)
 		if !ok {
-			// Move to the parent directory.
-			currentPrefix = path.Dir(currentPrefix)
+			currentPrefix, _, ok = strings.Cut(currentPrefix, "/")
+			if !ok {
+				return false
+			}
 			continue
 		}
 		for key, values := range headers.(http.Header) {
@@ -151,7 +158,6 @@ func loadCredential(req *http.Request, url string) bool {
 		}
 		return true
 	}
-	return false
 }
 
 // storeCredential caches or removes credentials (represented by HTTP headers)

src/cmd/go/internal/auth/auth_test.go

@@ -25,7 +25,29 @@ func TestCredentialCache(t *testing.T) {
 		got := &http.Request{Header: make(http.Header)}
 		ok := loadCredential(got, tc.machine)
 		if !ok || !reflect.DeepEqual(got.Header, want.Header) {
-			t.Errorf("loadCredential:\nhave %q\nwant %q", got.Header, want.Header)
+			t.Errorf("loadCredential(%q):\nhave %q\nwant %q", tc.machine, got.Header, want.Header)
+		}
+	}
+
+	// Having stored those credentials, we should be able to look up longer URLs too.
+	extraCases := []netrcLine{
+		{"https://api.github.com/foo", "user", "pwd"},
+		{"https://api.github.com/foo/bar/baz", "user", "pwd"},
+		{"https://example.com/abc", "", ""},
+		{"https://example.com/?/../api.github.com/", "", ""},
+		{"https://example.com/?/../api.github.com", "", ""},
+		{"https://example.com/../api.github.com/", "", ""},
+		{"https://example.com/../api.github.com", "", ""},
+	}
+	for _, tc := range extraCases {
+		want := http.Request{Header: make(http.Header)}
+		if tc.login != "" {
+			want.SetBasicAuth(tc.login, tc.password)
+		}
+		got := &http.Request{Header: make(http.Header)}
+		loadCredential(got, tc.machine)
+		if !reflect.DeepEqual(got.Header, want.Header) {
+			t.Errorf("loadCredential(%q):\nhave %q\nwant %q", tc.machine, got.Header, want.Header)
 		}
 	}
 }

src/cmd/go/internal/auth/httputils.go

@@ -0,0 +1,173 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code copied from x/net/http/httpguts/httplex.go
+package auth
+
+var isTokenTable = [256]bool{
+	'!':  true,
+	'#':  true,
+	'$':  true,
+	'%':  true,
+	'&':  true,
+	'\'': true,
+	'*':  true,
+	'+':  true,
+	'-':  true,
+	'.':  true,
+	'0':  true,
+	'1':  true,
+	'2':  true,
+	'3':  true,
+	'4':  true,
+	'5':  true,
+	'6':  true,
+	'7':  true,
+	'8':  true,
+	'9':  true,
+	'A':  true,
+	'B':  true,
+	'C':  true,
+	'D':  true,
+	'E':  true,
+	'F':  true,
+	'G':  true,
+	'H':  true,
+	'I':  true,
+	'J':  true,
+	'K':  true,
+	'L':  true,
+	'M':  true,
+	'N':  true,
+	'O':  true,
+	'P':  true,
+	'Q':  true,
+	'R':  true,
+	'S':  true,
+	'T':  true,
+	'U':  true,
+	'W':  true,
+	'V':  true,
+	'X':  true,
+	'Y':  true,
+	'Z':  true,
+	'^':  true,
+	'_':  true,
+	'`':  true,
+	'a':  true,
+	'b':  true,
+	'c':  true,
+	'd':  true,
+	'e':  true,
+	'f':  true,
+	'g':  true,
+	'h':  true,
+	'i':  true,
+	'j':  true,
+	'k':  true,
+	'l':  true,
+	'm':  true,
+	'n':  true,
+	'o':  true,
+	'p':  true,
+	'q':  true,
+	'r':  true,
+	's':  true,
+	't':  true,
+	'u':  true,
+	'v':  true,
+	'w':  true,
+	'x':  true,
+	'y':  true,
+	'z':  true,
+	'|':  true,
+	'~':  true,
+}
+
+// isLWS reports whether b is linear white space, according
+// to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+//
+//	LWS            = [CRLF] 1*( SP | HT )
+func isLWS(b byte) bool { return b == ' ' || b == '\t' }
+
+// isCTL reports whether b is a control byte, according
+// to http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2
+//
+//	CTL            = <any US-ASCII control character
+//	                 (octets 0 - 31) and DEL (127)>
+func isCTL(b byte) bool {
+	const del = 0x7f // a CTL
+	return b < ' ' || b == del
+}
+
+// validHeaderFieldName reports whether v is a valid HTTP/1.x header name.
+// HTTP/2 imposes the additional restriction that uppercase ASCII
+// letters are not allowed.
+//
+// RFC 7230 says:
+//
+//	header-field   = field-name ":" OWS field-value OWS
+//	field-name     = token
+//	token          = 1*tchar
+//	tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
+//	        "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
+func validHeaderFieldName(v string) bool {
+	if len(v) == 0 {
+		return false
+	}
+	for i := 0; i < len(v); i++ {
+		if !isTokenTable[v[i]] {
+			return false
+		}
+	}
+	return true
+}
+
+// validHeaderFieldValue reports whether v is a valid "field-value" according to
+// http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2 :
+//
+//	message-header = field-name ":" [ field-value ]
+//	field-value    = *( field-content | LWS )
+//	field-content  = <the OCTETs making up the field-value
+//	                 and consisting of either *TEXT or combinations
+//	                 of token, separators, and quoted-string>
+//
+// http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 :
+//
+//	TEXT           = <any OCTET except CTLs,
+//	                  but including LWS>
+//	LWS            = [CRLF] 1*( SP | HT )
+//	CTL            = <any US-ASCII control character
+//	                 (octets 0 - 31) and DEL (127)>
+//
+// RFC 7230 says:
+//
+//	field-value    = *( field-content / obs-fold )
+//	obj-fold       =  N/A to http2, and deprecated
+//	field-content  = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+//	field-vchar    = VCHAR / obs-text
+//	obs-text       = %x80-FF
+//	VCHAR          = "any visible [USASCII] character"
+//
+// http2 further says: "Similarly, HTTP/2 allows header field values
+// that are not valid. While most of the values that can be encoded
+// will not alter header field parsing, carriage return (CR, ASCII
+// 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII
+// 0x0) might be exploited by an attacker if they are translated
+// verbatim. Any request or response that contains a character not
+// permitted in a header field value MUST be treated as malformed
+// (Section 8.1.2.6). Valid characters are defined by the
+// field-content ABNF rule in Section 3.2 of [RFC7230]."
+//
+// This function does not (yet?) properly handle the rejection of
+// strings that begin or end with SP or HTAB.
+func validHeaderFieldValue(v string) bool {
+	for i := 0; i < len(v); i++ {
+		b := v[i]
+		if isCTL(b) && !isLWS(b) {
+			return false
+		}
+	}
+	return true
+}

src/cmd/go/internal/auth/userauth.go

@@ -6,14 +6,11 @@
 package auth
 
 import (
-	"bufio"
-	"bytes"
 	"cmd/internal/quoted"
 	"fmt"
-	"io"
 	"maps"
 	"net/http"
-	"net/textproto"
+	"net/url"
 	"os/exec"
 	"strings"
 )
@@ -42,7 +39,7 @@ func runAuthCommand(command string, url string, res *http.Response) (map[string]
 	if err != nil {
 		return nil, fmt.Errorf("could not run command %s: %v\n%s", command, err, cmd.Stderr)
 	}
-	credentials, err := parseUserAuth(bytes.NewReader(out))
+	credentials, err := parseUserAuth(string(out))
 	if err != nil {
 		return nil, fmt.Errorf("cannot parse output of GOAUTH command %s: %v", command, err)
 	}
@@ -54,53 +51,47 @@ func runAuthCommand(command string, url string, res *http.Response) (map[string]
 // or an error if the data does not follow the expected format.
 // Returns an nil error and an empty map if the data is empty.
 // See the expected format in 'go help goauth'.
-func parseUserAuth(data io.Reader) (map[string]http.Header, error) {
+func parseUserAuth(data string) (map[string]http.Header, error) {
 	credentials := make(map[string]http.Header)
-	reader := textproto.NewReader(bufio.NewReader(data))
-	for {
-		// Return the processed credentials if the reader is at EOF.
-		if _, err := reader.R.Peek(1); err == io.EOF {
-			return credentials, nil
+	for data != "" {
+		var line string
+		var ok bool
+		var urls []string
+		// Parse URLS first.
+		for {
+			line, data, ok = strings.Cut(data, "\n")
+			if !ok {
+				return nil, fmt.Errorf("invalid format: missing empty line after URLs")
+			}
+			if line == "" {
+				break
+			}
+			u, err := url.ParseRequestURI(line)
+			if err != nil {
+				return nil, fmt.Errorf("could not parse URL %s: %v", line, err)
+			}
+			urls = append(urls, u.String())
 		}
-		urls, err := readURLs(reader)
-		if err != nil {
-			return nil, err
-		}
-		if len(urls) == 0 {
-			return nil, fmt.Errorf("invalid format: expected url prefix")
-		}
-		mimeHeader, err := reader.ReadMIMEHeader()
-		if err != nil {
-			return nil, err
-		}
-		header := http.Header(mimeHeader)
-		// Process the block (urls and headers).
-		credentialMap := mapHeadersToPrefixes(urls, header)
-		maps.Copy(credentials, credentialMap)
-	}
-}
-
-// readURLs reads URL prefixes from the given reader until an empty line
-// is encountered or an error occurs. It returns the list of URLs or an error
-// if the format is invalid.
-func readURLs(reader *textproto.Reader) (urls []string, err error) {
-	for {
-		line, err := reader.ReadLine()
-		if err != nil {
-			return nil, err
-		}
-		trimmedLine := strings.TrimSpace(line)
-		if trimmedLine != line {
-			return nil, fmt.Errorf("invalid format: leading or trailing white space")
-		}
-		if strings.HasPrefix(line, "https://") {
-			urls = append(urls, line)
-		} else if line == "" {
-			return urls, nil
-		} else {
-			return nil, fmt.Errorf("invalid format: expected url prefix or empty line")
+		// Parse Headers second.
+		header := make(http.Header)
+		for {
+			line, data, ok = strings.Cut(data, "\n")
+			if !ok {
+				return nil, fmt.Errorf("invalid format: missing empty line after headers")
+			}
+			if line == "" {
+				break
+			}
+			name, value, ok := strings.Cut(line, ": ")
+			value = strings.TrimSpace(value)
+			if !ok || !validHeaderFieldName(name) || !validHeaderFieldValue(value) {
+				return nil, fmt.Errorf("invalid format: invalid header line")
+			}
+			header.Add(name, value)
 		}
+		maps.Copy(credentials, mapHeadersToPrefixes(urls, header))
 	}
+	return credentials, nil
 }
 
 // mapHeadersToPrefixes returns a mapping of prefix → http.Header without
@@ -127,8 +118,8 @@ func buildCommand(command string) (*exec.Cmd, error) {
 func writeResponseToStdin(cmd *exec.Cmd, res *http.Response) error {
 	var output strings.Builder
 	output.WriteString(res.Proto + " " + res.Status + "\n")
-	if err := res.Header.Write(&output); err != nil {
-		return err
+	for k, v := range res.Header {
+		output.WriteString(k + ": " + strings.Join(v, ", ") + "\n")
 	}
 	output.WriteString("\n")
 	cmd.Stdin = strings.NewReader(output.String())

src/cmd/go/internal/auth/userauth_test.go

@@ -7,7 +7,6 @@ package auth
 import (
 	"net/http"
 	"reflect"
-	"strings"
 	"testing"
 )
 
@@ -40,7 +39,7 @@ Data: Test567
 			"Test567",
 		},
 	}
-	credentials, err := parseUserAuth(strings.NewReader(data))
+	credentials, err := parseUserAuth(data)
 	if err != nil {
 		t.Errorf("parseUserAuth(%s): %v", data, err)
 	}
@@ -100,10 +99,55 @@ Authorization: Basic GVuc2VzYW1lYWxhZGRpbjpvc
 Authorization: Basic 1lYWxhZGRplW1lYWxhZGRpbs
 Data: Test567
 
+`,
+		// Continuation in URL line
+		`https://example.com/
+ Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
+`,
+
+		// Continuation in header line
+		`https://example.com
+
+Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
+ Authorization: Basic jpvcGVuc2VzYW1lYWxhZGRpb
+`,
+
+		// Continuation in multiple header lines
+		`https://example.com
+
+Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
+ Authorization: Basic jpvcGVuc2VzYW1lYWxhZGRpb
+ Authorization: Basic dGhpc2lzYWxvbmdzdHJpbmc=
+`,
+
+		// Continuation with mixed spacing
+		`https://example.com
+
+Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
+  Authorization: Basic jpvcGVuc2VzYW1lYWxhZGRpb
+`,
+
+		// Continuation with tab character
+		`https://example.com
+
+Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
+        Authorization: Basic jpvcGVuc2VzYW1lYWxhZGRpb
+`,
+		// Continuation at the start of a block
+		` https://example.com
+
+Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
+`,
+
+		// Continuation after a blank line
+		`https://example.com
+
+
+Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l
 `,
 	}
 	for _, tc := range testCases {
-		if credentials, err := parseUserAuth(strings.NewReader(tc)); err == nil {
+		if credentials, err := parseUserAuth(tc); err == nil {
 			t.Errorf("parseUserAuth(%s) should have failed, but got: %v", tc, credentials)
 		}
 	}
@@ -132,7 +176,7 @@ Data: Test567
 			"Test567",
 		},
 	}
-	credentials, err := parseUserAuth(strings.NewReader(data))
+	credentials, err := parseUserAuth(data)
 	if err != nil {
 		t.Errorf("parseUserAuth(%s): %v", data, err)
 	}
@@ -146,7 +190,7 @@ func TestParseUserAuthEmptyHeader(t *testing.T) {
 	data := "https://example.com\n\n\n"
 	// Build the expected header
 	header := http.Header{}
-	credentials, err := parseUserAuth(strings.NewReader(data))
+	credentials, err := parseUserAuth(data)
 	if err != nil {
 		t.Errorf("parseUserAuth(%s): %v", data, err)
 	}
@@ -159,7 +203,7 @@ func TestParseUserAuthEmptyHeader(t *testing.T) {
 func TestParseUserAuthEmpty(t *testing.T) {
 	data := ``
 	// Build the expected header
-	credentials, err := parseUserAuth(strings.NewReader(data))
+	credentials, err := parseUserAuth(data)
 	if err != nil {
 		t.Errorf("parseUserAuth(%s) should have succeeded", data)
 	}

src/cmd/go/internal/cache/cache.go

@@ -38,8 +38,8 @@ type Cache interface {
 	// Get returns the cache entry for the provided ActionID.
 	// On miss, the error type should be of type *entryNotFoundError.
 	//
-	// After a success call to Get, OutputFile(Entry.OutputID) must
-	// exist on disk for until Close is called (at the end of the process).
+	// After a successful call to Get, OutputFile(Entry.OutputID) must
+	// exist on disk until Close is called (at the end of the process).
 	Get(ActionID) (Entry, error)
 
 	// Put adds an item to the cache.
@@ -50,14 +50,14 @@ type Cache interface {
 	// As a special case, if the ReadSeeker is of type noVerifyReadSeeker,
 	// the verification from GODEBUG=goverifycache=1 is skipped.
 	//
-	// After a success call to Get, OutputFile(Entry.OutputID) must
-	// exist on disk for until Close is called (at the end of the process).
+	// After a successful call to Put, OutputFile(OutputID) must
+	// exist on disk until Close is called (at the end of the process).
 	Put(ActionID, io.ReadSeeker) (_ OutputID, size int64, _ error)
 
 	// Close is called at the end of the go process. Implementations can do
 	// cache cleanup work at this phase, or wait for and report any errors from
-	// background cleanup work started earlier. Any cache trimming should in one
-	// process should not violate cause the invariants of this interface to be
+	// background cleanup work started earlier. Any cache trimming in one
+	// process should not cause the invariants of this interface to be
 	// violated in another process. Namely, a cache trim from one process should
 	// not delete an ObjectID from disk that was recently Get or Put from
 	// another process. As a rule of thumb, don't trim things used in the last
@@ -296,19 +296,19 @@ func GetBytes(c Cache, id ActionID) ([]byte, Entry, error) {
 // GetMmap looks up the action ID in the cache and returns
 // the corresponding output bytes.
 // GetMmap should only be used for data that can be expected to fit in memory.
-func GetMmap(c Cache, id ActionID) ([]byte, Entry, error) {
+func GetMmap(c Cache, id ActionID) ([]byte, Entry, bool, error) {
 	entry, err := c.Get(id)
 	if err != nil {
-		return nil, entry, err
+		return nil, entry, false, err
 	}
-	md, err := mmap.Mmap(c.OutputFile(entry.OutputID))
+	md, opened, err := mmap.Mmap(c.OutputFile(entry.OutputID))
 	if err != nil {
-		return nil, Entry{}, err
+		return nil, Entry{}, opened, err
 	}
 	if int64(len(md.Data)) != entry.Size {
-		return nil, Entry{}, &entryNotFoundError{Err: errors.New("file incomplete")}
+		return nil, Entry{}, true, &entryNotFoundError{Err: errors.New("file incomplete")}
 	}
-	return md.Data, entry, nil
+	return md.Data, entry, true, nil
 }
 
 // OutputFile returns the name of the cache file storing output with the given OutputID.

src/cmd/go/internal/cache/default.go

@@ -54,8 +54,8 @@ func initDefaultCache() Cache {
 		base.Fatalf("failed to initialize build cache at %s: %s\n", dir, err)
 	}
 
-	if v := cfg.Getenv("GOCACHEPROG"); v != "" {
-		return startCacheProg(v, diskCache)
+	if cfg.GOCACHEPROG != "" {
+		return startCacheProg(cfg.GOCACHEPROG, diskCache)
 	}
 
 	return diskCache

src/cmd/go/internal/cache/prog.go

@@ -7,6 +7,7 @@ package cache
 import (
 	"bufio"
 	"cmd/go/internal/base"
+	"cmd/go/internal/cacheprog"
 	"cmd/internal/quoted"
 	"context"
 	"crypto/sha256"
@@ -38,7 +39,7 @@ type ProgCache struct {
 
 	// can are the commands that the child process declared that it supports.
 	// This is effectively the versioning mechanism.
-	can map[ProgCmd]bool
+	can map[cacheprog.Cmd]bool
 
 	// fuzzDirCache is another Cache implementation to use for the FuzzDir
 	// method. In practice this is the default GOCACHE disk-based
@@ -55,7 +56,7 @@ type ProgCache struct {
 
 	mu         sync.Mutex // guards following fields
 	nextID     int64
-	inFlight   map[int64]chan<- *ProgResponse
+	inFlight   map[int64]chan<- *cacheprog.Response
 	outputFile map[OutputID]string // object => abs path on disk
 
 	// writeMu serializes writing to the child process.
@@ -63,95 +64,6 @@ type ProgCache struct {
 	writeMu sync.Mutex
 }
 
-// ProgCmd is a command that can be issued to a child process.
-//
-// If the interface needs to grow, we can add new commands or new versioned
-// commands like "get2".
-type ProgCmd string
-
-const (
-	cmdGet   = ProgCmd("get")
-	cmdPut   = ProgCmd("put")
-	cmdClose = ProgCmd("close")
-)
-
-// ProgRequest is the JSON-encoded message that's sent from cmd/go to
-// the GOCACHEPROG child process over stdin. Each JSON object is on its
-// own line. A ProgRequest of Type "put" with BodySize > 0 will be followed
-// by a line containing a base64-encoded JSON string literal of the body.
-type ProgRequest struct {
-	// ID is a unique number per process across all requests.
-	// It must be echoed in the ProgResponse from the child.
-	ID int64
-
-	// Command is the type of request.
-	// The cmd/go tool will only send commands that were declared
-	// as supported by the child.
-	Command ProgCmd
-
-	// ActionID is non-nil for get and puts.
-	ActionID []byte `json:",omitempty"` // or nil if not used
-
-	// OutputID is set for Type "put".
-	//
-	// Prior to Go 1.24, when GOCACHEPROG was still an experiment, this was
-	// accidentally named ObjectID. It was renamed to OutputID in Go 1.24.
-	OutputID []byte `json:",omitempty"` // or nil if not used
-
-	// Body is the body for "put" requests. It's sent after the JSON object
-	// as a base64-encoded JSON string when BodySize is non-zero.
-	// It's sent as a separate JSON value instead of being a struct field
-	// send in this JSON object so large values can be streamed in both directions.
-	// The base64 string body of a ProgRequest will always be written
-	// immediately after the JSON object and a newline.
-	Body io.Reader `json:"-"`
-
-	// BodySize is the number of bytes of Body. If zero, the body isn't written.
-	BodySize int64 `json:",omitempty"`
-
-	// ObjectID is the accidental spelling of OutputID that was used prior to Go
-	// 1.24.
-	//
-	// Deprecated: use OutputID. This field is only populated temporarily for
-	// backwards compatibility with Go 1.23 and earlier when
-	// GOEXPERIMENT=gocacheprog is set. It will be removed in Go 1.25.
-	ObjectID []byte `json:",omitempty"`
-}
-
-// ProgResponse is the JSON response from the child process to cmd/go.
-//
-// With the exception of the first protocol message that the child writes to its
-// stdout with ID==0 and KnownCommands populated, these are only sent in
-// response to a ProgRequest from cmd/go.
-//
-// ProgResponses can be sent in any order. The ID must match the request they're
-// replying to.
-type ProgResponse struct {
-	ID  int64  // that corresponds to ProgRequest; they can be answered out of order
-	Err string `json:",omitempty"` // if non-empty, the error
-
-	// KnownCommands is included in the first message that cache helper program
-	// writes to stdout on startup (with ID==0). It includes the
-	// ProgRequest.Command types that are supported by the program.
-	//
-	// This lets us extend the protocol gracefully over time (adding "get2",
-	// etc), or fail gracefully when needed. It also lets us verify the program
-	// wants to be a cache helper.
-	KnownCommands []ProgCmd `json:",omitempty"`
-
-	// For Get requests.
-
-	Miss     bool       `json:",omitempty"` // cache miss
-	OutputID []byte     `json:",omitempty"`
-	Size     int64      `json:",omitempty"` // in bytes
-	Time     *time.Time `json:",omitempty"` // an Entry.Time; when the object was added to the docs
-
-	// DiskPath is the absolute path on disk of the ObjectID corresponding
-	// a "get" request's ActionID (on cache hit) or a "put" request's
-	// provided ObjectID.
-	DiskPath string `json:",omitempty"`
-}
-
 // startCacheProg starts the prog binary (with optional space-separated flags)
 // and returns a Cache implementation that talks to it.
 //
@@ -183,6 +95,8 @@ func startCacheProg(progAndArgs string, fuzzDirCache Cache) Cache {
 		base.Fatalf("StdinPipe to GOCACHEPROG: %v", err)
 	}
 	cmd.Stderr = os.Stderr
+	// On close, we cancel the context. Rather than killing the helper,
+	// close its stdin.
 	cmd.Cancel = in.Close
 
 	if err := cmd.Start(); err != nil {
@@ -197,14 +111,14 @@ func startCacheProg(progAndArgs string, fuzzDirCache Cache) Cache {
 		stdout:       out,
 		stdin:        in,
 		bw:           bufio.NewWriter(in),
-		inFlight:     make(map[int64]chan<- *ProgResponse),
+		inFlight:     make(map[int64]chan<- *cacheprog.Response),
 		outputFile:   make(map[OutputID]string),
 		readLoopDone: make(chan struct{}),
 	}
 
 	// Register our interest in the initial protocol message from the child to
 	// us, saying what it can do.
-	capResc := make(chan *ProgResponse, 1)
+	capResc := make(chan *cacheprog.Response, 1)
 	pc.inFlight[0] = capResc
 
 	pc.jenc = json.NewEncoder(pc.bw)
@@ -219,7 +133,7 @@ func startCacheProg(progAndArgs string, fuzzDirCache Cache) Cache {
 		case <-timer.C:
 			log.Printf("# still waiting for GOCACHEPROG %v ...", prog)
 		case capRes := <-capResc:
-			can := map[ProgCmd]bool{}
+			can := map[cacheprog.Cmd]bool{}
 			for _, cmd := range capRes.KnownCommands {
 				can[cmd] = true
 			}
@@ -236,9 +150,15 @@ func (c *ProgCache) readLoop(readLoopDone chan<- struct{}) {
 	defer close(readLoopDone)
 	jd := json.NewDecoder(c.stdout)
 	for {
-		res := new(ProgResponse)
+		res := new(cacheprog.Response)
 		if err := jd.Decode(res); err != nil {
 			if c.closing.Load() {
+				c.mu.Lock()
+				for _, ch := range c.inFlight {
+					close(ch)
+				}
+				c.inFlight = nil
+				c.mu.Unlock()
 				return // quietly
 			}
 			if err == io.EOF {
@@ -261,13 +181,18 @@ func (c *ProgCache) readLoop(readLoopDone chan<- struct{}) {
 	}
 }
 
-func (c *ProgCache) send(ctx context.Context, req *ProgRequest) (*ProgResponse, error) {
-	resc := make(chan *ProgResponse, 1)
+var errCacheprogClosed = errors.New("GOCACHEPROG program closed unexpectedly")
+
+func (c *ProgCache) send(ctx context.Context, req *cacheprog.Request) (*cacheprog.Response, error) {
+	resc := make(chan *cacheprog.Response, 1)
 	if err := c.writeToChild(req, resc); err != nil {
 		return nil, err
 	}
 	select {
 	case res := <-resc:
+		if res == nil {
+			return nil, errCacheprogClosed
+		}
 		if res.Err != "" {
 			return nil, errors.New(res.Err)
 		}
@@ -277,8 +202,11 @@ func (c *ProgCache) send(ctx context.Context, req *ProgRequest) (*ProgResponse,
 	}
 }
 
-func (c *ProgCache) writeToChild(req *ProgRequest, resc chan<- *ProgResponse) (err error) {
+func (c *ProgCache) writeToChild(req *cacheprog.Request, resc chan<- *cacheprog.Response) (err error) {
 	c.mu.Lock()
+	if c.inFlight == nil {
+		return errCacheprogClosed
+	}
 	c.nextID++
 	req.ID = c.nextID
 	c.inFlight[req.ID] = resc
@@ -287,7 +215,9 @@ func (c *ProgCache) writeToChild(req *ProgRequest, resc chan<- *ProgResponse) (e
 	defer func() {
 		if err != nil {
 			c.mu.Lock()
-			delete(c.inFlight, req.ID)
+			if c.inFlight != nil {
+				delete(c.inFlight, req.ID)
+			}
 			c.mu.Unlock()
 		}
 	}()
@@ -328,7 +258,7 @@ func (c *ProgCache) writeToChild(req *ProgRequest, resc chan<- *ProgResponse) (e
 }
 
 func (c *ProgCache) Get(a ActionID) (Entry, error) {
-	if !c.can[cmdGet] {
+	if !c.can[cacheprog.CmdGet] {
 		// They can't do a "get". Maybe they're a write-only cache.
 		//
 		// TODO(bradfitz,bcmills): figure out the proper error type here. Maybe
@@ -338,8 +268,8 @@ func (c *ProgCache) Get(a ActionID) (Entry, error) {
 		// error types on the Cache interface.
 		return Entry{}, &entryNotFoundError{}
 	}
-	res, err := c.send(c.ctx, &ProgRequest{
-		Command:  cmdGet,
+	res, err := c.send(c.ctx, &cacheprog.Request{
+		Command:  cacheprog.CmdGet,
 		ActionID: a[:],
 	})
 	if err != nil {
@@ -395,7 +325,7 @@ func (c *ProgCache) Put(a ActionID, file io.ReadSeeker) (_ OutputID, size int64,
 		return OutputID{}, 0, err
 	}
 
-	if !c.can[cmdPut] {
+	if !c.can[cacheprog.CmdPut] {
 		// Child is a read-only cache. Do nothing.
 		return out, size, nil
 	}
@@ -407,8 +337,8 @@ func (c *ProgCache) Put(a ActionID, file io.ReadSeeker) (_ OutputID, size int64,
 		deprecatedValue = out[:]
 	}
 
-	res, err := c.send(c.ctx, &ProgRequest{
-		Command:  cmdPut,
+	res, err := c.send(c.ctx, &cacheprog.Request{
+		Command:  cacheprog.CmdPut,
 		ActionID: a[:],
 		OutputID: out[:],
 		ObjectID: deprecatedValue, // TODO(bradfitz): remove in Go 1.25
@@ -432,10 +362,16 @@ func (c *ProgCache) Close() error {
 	// First write a "close" message to the child so it can exit nicely
 	// and clean up if it wants. Only after that exchange do we cancel
 	// the context that kills the process.
-	if c.can[cmdClose] {
-		_, err = c.send(c.ctx, &ProgRequest{Command: cmdClose})
+	if c.can[cacheprog.CmdClose] {
+		_, err = c.send(c.ctx, &cacheprog.Request{Command: cacheprog.CmdClose})
+		if errors.Is(err, errCacheprogClosed) {
+			// Allow the child to quit without responding to close.
+			err = nil
+		}
 	}
+	// Cancel the context, which will close the helper's stdin.
 	c.ctxCancel()
+	// Wait until the helper closes its stdout.
 	<-c.readLoopDone
 	return err
 }

src/cmd/go/internal/cacheprog/cacheprog.go

@@ -0,0 +1,137 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cacheprog defines the protocol for a GOCACHEPROG program.
+//
+// By default, the go command manages a build cache stored in the file system
+// itself. GOCACHEPROG can be set to the name of a command (with optional
+// space-separated flags) that implements the go command build cache externally.
+// This permits defining a different cache policy.
+//
+// The go command will start the GOCACHEPROG as a subprocess and communicate
+// with it via JSON messages over stdin/stdout. The subprocess's stderr will be
+// connected to the go command's stderr.
+//
+// The subprocess should immediately send a [Response] with its capabilities.
+// After that, the go command will send a stream of [Request] messages and the
+// subprocess should reply to each [Request] with a [Response] message.
+package cacheprog
+
+import (
+	"io"
+	"time"
+)
+
+// Cmd is a command that can be issued to a child process.
+//
+// If the interface needs to grow, the go command can add new commands or new
+// versioned commands like "get2" in the future. The initial [Response] from
+// the child process indicates which commands it supports.
+type Cmd string
+
+const (
+	// CmdPut tells the cache program to store an object in the cache.
+	//
+	// [Request.ActionID] is the cache key of this object. The cache should
+	// store [Request.OutputID] and [Request.Body] under this key for a
+	// later "get" request. It must also store the Body in a file in the local
+	// file system and return the path to that file in [Response.DiskPath],
+	// which must exist at least until a "close" request.
+	CmdPut = Cmd("put")
+
+	// CmdGet tells the cache program to retrieve an object from the cache.
+	//
+	// [Request.ActionID] specifies the key of the object to get. If the
+	// cache does not contain this object, it should set [Response.Miss] to
+	// true. Otherwise, it should populate the fields of [Response],
+	// including setting [Response.OutputID] to the OutputID of the original
+	// "put" request and [Response.DiskPath] to the path of a local file
+	// containing the Body of the original "put" request. That file must
+	// continue to exist at least until a "close" request.
+	CmdGet = Cmd("get")
+
+	// CmdClose requests that the cache program exit gracefully.
+	//
+	// The cache program should reply to this request and then exit
+	// (thus closing its stdout).
+	CmdClose = Cmd("close")
+)
+
+// Request is the JSON-encoded message that's sent from the go command to
+// the GOCACHEPROG child process over stdin. Each JSON object is on its own
+// line. A ProgRequest of Type "put" with BodySize > 0 will be followed by a
+// line containing a base64-encoded JSON string literal of the body.
+type Request struct {
+	// ID is a unique number per process across all requests.
+	// It must be echoed in the Response from the child.
+	ID int64
+
+	// Command is the type of request.
+	// The go command will only send commands that were declared
+	// as supported by the child.
+	Command Cmd
+
+	// ActionID is the cache key for "put" and "get" requests.
+	ActionID []byte `json:",omitempty"` // or nil if not used
+
+	// OutputID is stored with the body for "put" requests.
+	//
+	// Prior to Go 1.24, when GOCACHEPROG was still an experiment, this was
+	// accidentally named ObjectID. It was renamed to OutputID in Go 1.24.
+	OutputID []byte `json:",omitempty"` // or nil if not used
+
+	// Body is the body for "put" requests. It's sent after the JSON object
+	// as a base64-encoded JSON string when BodySize is non-zero.
+	// It's sent as a separate JSON value instead of being a struct field
+	// send in this JSON object so large values can be streamed in both directions.
+	// The base64 string body of a Request will always be written
+	// immediately after the JSON object and a newline.
+	Body io.Reader `json:"-"`
+
+	// BodySize is the number of bytes of Body. If zero, the body isn't written.
+	BodySize int64 `json:",omitempty"`
+
+	// ObjectID is the accidental spelling of OutputID that was used prior to Go
+	// 1.24.
+	//
+	// Deprecated: use OutputID. This field is only populated temporarily for
+	// backwards compatibility with Go 1.23 and earlier when
+	// GOEXPERIMENT=gocacheprog is set. It will be removed in Go 1.25.
+	ObjectID []byte `json:",omitempty"`
+}
+
+// Response is the JSON response from the child process to the go command.
+//
+// With the exception of the first protocol message that the child writes to its
+// stdout with ID==0 and KnownCommands populated, these are only sent in
+// response to a Request from the go command.
+//
+// Responses can be sent in any order. The ID must match the request they're
+// replying to.
+type Response struct {
+	ID  int64  // that corresponds to Request; they can be answered out of order
+	Err string `json:",omitempty"` // if non-empty, the error
+
+	// KnownCommands is included in the first message that cache helper program
+	// writes to stdout on startup (with ID==0). It includes the
+	// Request.Command types that are supported by the program.
+	//
+	// This lets the go command extend the protocol gracefully over time (adding
+	// "get2", etc), or fail gracefully when needed. It also lets the go command
+	// verify the program wants to be a cache helper.
+	KnownCommands []Cmd `json:",omitempty"`
+
+	// For "get" requests.
+
+	Miss     bool       `json:",omitempty"` // cache miss
+	OutputID []byte     `json:",omitempty"` // the ObjectID stored with the body
+	Size     int64      `json:",omitempty"` // body size in bytes
+	Time     *time.Time `json:",omitempty"` // when the object was put in the cache (optional; used for cache expiration)
+
+	// For "get" and "put" requests.
+
+	// DiskPath is the absolute path on disk of the body corresponding to a
+	// "get" (on cache hit) or "put" request's ActionID.
+	DiskPath string `json:",omitempty"`
+}

src/cmd/go/internal/cfg/cfg.go

@@ -425,8 +425,9 @@ var (
 	GOROOTpkg string
 	GOROOTsrc string
 
-	GOBIN                         = Getenv("GOBIN")
-	GOMODCACHE, GOMODCACHEChanged = EnvOrAndChanged("GOMODCACHE", gopathDir("pkg/mod"))
+	GOBIN                           = Getenv("GOBIN")
+	GOCACHEPROG, GOCACHEPROGChanged = EnvOrAndChanged("GOCACHEPROG", "")
+	GOMODCACHE, GOMODCACHEChanged   = EnvOrAndChanged("GOMODCACHE", gopathDir("pkg/mod"))
 
 	// Used in envcmd.MkEnv and build ID computations.
 	GOARM64, goARM64Changed     = EnvOrAndChanged("GOARM64", buildcfg.DefaultGOARM64)

src/cmd/go/internal/envcmd/env.go

@@ -85,6 +85,7 @@ func MkEnv() []cfg.EnvVar {
 		{Name: "GOAUTH", Value: cfg.GOAUTH, Changed: cfg.GOAUTHChanged},
 		{Name: "GOBIN", Value: cfg.GOBIN},
 		{Name: "GOCACHE"},
+		{Name: "GOCACHEPROG", Value: cfg.GOCACHEPROG, Changed: cfg.GOCACHEPROGChanged},
 		{Name: "GODEBUG", Value: os.Getenv("GODEBUG")},
 		{Name: "GOENV", Value: envFile, Changed: envFileChanged},
 		{Name: "GOEXE", Value: cfg.ExeSuffix},

src/cmd/go/internal/fips140/fips140.go

@@ -40,14 +40,8 @@
 //
 //	GOFIPS140=latest go build -work my/binary
 //
-// will leave fips.o behind in $WORK/b001. Auditors like to be able to
-// see that file. Accordingly, when [Enabled] returns true,
-// [cmd/go/internal/work.Builder.useCache] arranges never to cache linker
-// output, so that the link step always runs, and fips.o is always left
-// behind in the link step. If this proves too slow, we could always
-// cache fips.o as an extra link output and then restore it when -work is
-// set, but we went a very long time never caching link steps at all, so
-// not caching them in FIPS mode seems perfectly fine.
+// will leave fips.o behind in $WORK/b001
+// (unless the build result is cached, of course).
 //
 // When GOFIPS140 is set to something besides off and latest, [Snapshot]
 // returns true, indicating that the build should replace the latest copy
@@ -119,6 +113,10 @@ func Init() {
 	if Snapshot() {
 		fsys.Bind(Dir(), filepath.Join(cfg.GOROOT, "src/crypto/internal/fips140"))
 	}
+
+	if cfg.Experiment.BoringCrypto && Enabled() {
+		base.Fatalf("go: cannot use GOFIPS140 with GOEXPERIMENT=boringcrypto")
+	}
 }
 
 var initDone bool

src/cmd/go/internal/help/helpdoc.go

@@ -17,7 +17,7 @@ information on how to use it see the cgo documentation (go doc cmd/cgo).
 
 The second is the SWIG program, which is a general tool for
 interfacing between languages. For information on SWIG see
-http://swig.org/. When running go build, any file with a .swig
+https://swig.org/. When running go build, any file with a .swig
 extension will be passed to SWIG. Any file with a .swigcxx extension
 will be passed to SWIG with the -c++ option.
 
@@ -270,11 +270,7 @@ the go tool will verify that https://example.org/?go-get=1 contains the
 same meta tag and then git clone https://code.org/r/p/exproj into
 GOPATH/src/example.org.
 
-When using GOPATH, downloaded packages are written to the first directory
-listed in the GOPATH environment variable.
-(See 'go help gopath-get' and 'go help gopath'.)
-
-When using modules, downloaded packages are stored in the module cache.
+Downloaded packages are stored in the module cache.
 See https://golang.org/ref/mod#module-cache.
 
 When using modules, an additional variant of the go-import meta tag is
@@ -510,9 +506,14 @@ General-purpose environment variables:
 	GOCACHE
 		The directory where the go command will store cached
 		information for reuse in future builds.
+	GOCACHEPROG
+		A command (with optional space-separated flags) that implements an
+		external go command build cache.
+		See 'go doc cmd/go/internal/cacheprog'.
 	GODEBUG
-		Enable various debugging facilities. See https://go.dev/doc/godebug
-		for details.
+		Enable various debugging facilities for programs built with Go,
+		including the go command. Cannot be set using 'go env -w'.
+		See https://go.dev/doc/godebug for details.
 	GOENV
 		The location of the Go environment configuration file.
 		Cannot be set using 'go env -w'.
@@ -620,6 +621,11 @@ Architecture-specific environment variables:
 	GOARM
 		For GOARCH=arm, the ARM architecture for which to compile.
 		Valid values are 5, 6, 7.
+		When the Go tools are built on an arm system,
+		the default value is set based on what the build system supports.
+		When the Go tools are not built on an arm system
+		(that is, when building a cross-compiler),
+		the default value is 7.
 		The value can be followed by an option specifying how to implement floating point instructions.
 		Valid options are ,softfloat (default for 5) and ,hardfloat (default for 6 and 7).
 	GOARM64
@@ -1029,7 +1035,7 @@ command
 		Example: Data
 
 	If the server responds with any 4xx code, the go command will write the
-	following to the programs' stdin:
+	following to the program's stdin:
 		Response      = StatusLine { HeaderLine } BlankLine .
 		StatusLine    = Protocol Space Status '\n' .
 		Protocol      = /* HTTP protocol */ .
@@ -1044,8 +1050,7 @@ command
 		Content-Type: text/plain; charset=utf-8
 		Date: Thu, 07 Nov 2024 18:43:09 GMT
 
-	Note: at least for HTTP 1.1, the contents written to stdin can be parsed
-	as an HTTP response.
+	Note: it is safe to use net/http.ReadResponse to parse this input.
 
 Before the first HTTPS fetch, the go command will invoke each GOAUTH
 command in the list with no additional arguments and no input.
@@ -1097,7 +1102,7 @@ Furthermore, as with TestEvent, parsers can simply concatenate the Output
 fields of all events to reconstruct the text format output, as it would
 have appeared from go build without the -json flag.
 
-Note that there may also be non-JSON error text on stdnard error, even
+Note that there may also be non-JSON error text on standard error, even
 with the -json flag. Typically, this indicates an early, serious error.
 Consumers should be robust to this.
 	`,

src/cmd/go/internal/load/pkg.go

@@ -3068,7 +3068,15 @@ func setPGOProfilePath(pkgs []*Package) {
 // CheckPackageErrors prints errors encountered loading pkgs and their
 // dependencies, then exits with a non-zero status if any errors were found.
 func CheckPackageErrors(pkgs []*Package) {
-	var anyIncomplete bool
+	PackageErrors(pkgs, func(p *Package) {
+		DefaultPrinter().Errorf(p, "%v", p.Error)
+	})
+	base.ExitIfErrors()
+}
+
+// PackageErrors calls report for errors encountered loading pkgs and their dependencies.
+func PackageErrors(pkgs []*Package, report func(*Package)) {
+	var anyIncomplete, anyErrors bool
 	for _, pkg := range pkgs {
 		if pkg.Incomplete {
 			anyIncomplete = true
@@ -3078,11 +3086,14 @@ func CheckPackageErrors(pkgs []*Package) {
 		all := PackageList(pkgs)
 		for _, p := range all {
 			if p.Error != nil {
-				DefaultPrinter().Errorf(p, "%v", p.Error)
+				report(p)
+				anyErrors = true
 			}
 		}
 	}
-	base.ExitIfErrors()
+	if anyErrors {
+		return
+	}
 
 	// Check for duplicate loads of the same package.
 	// That should be impossible, but if it does happen then
@@ -3105,7 +3116,9 @@ func CheckPackageErrors(pkgs []*Package) {
 		}
 		seen[key] = true
 	}
-	base.ExitIfErrors()
+	if len(reported) > 0 {
+		base.ExitIfErrors()
+	}
 }
 
 // mainPackagesOnly filters out non-main packages matched only by arguments

src/cmd/go/internal/mmap/mmap.go

@@ -22,10 +22,11 @@ type Data struct {
 }
 
 // Mmap maps the given file into memory.
-func Mmap(file string) (Data, error) {
+func Mmap(file string) (Data, bool, error) {
 	f, err := os.Open(file)
 	if err != nil {
-		return Data{}, err
+		return Data{}, false, err
 	}
-	return mmapFile(f)
+	data, err := mmapFile(f)
+	return data, true, err
 }

src/cmd/go/internal/mmap/mmap_test.go

@@ -0,0 +1,32 @@
+// Copyright 2025 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package mmap
+
+import (
+	"bytes"
+	"testing"
+)
+
+// TestMmap does a round trip to make sure the slice returned by
+// mmap contains the same data as was written to the file. It's
+// a test on one of the issues in #71059: on Windows we were
+// returning a slice containing all the data in the mmapped pages,
+// which could be longer than the file.
+func TestMmap(t *testing.T) {
+	// Use an already existing file as our test data. Avoid creating
+	// a temporary file so that we don't have to close the mapping on
+	// Windows before deleting the file during test cleanup.
+	f := "testdata/small_file.txt"
+
+	want := []byte("This file is shorter than 4096 bytes.\n")
+
+	data, _, err := Mmap(f)
+	if err != nil {
+		t.Fatalf("calling Mmap: %v", err)
+	}
+	if !bytes.Equal(data.Data, want) {
+		t.Fatalf("mmapped data slice: got %q; want %q", data.Data, want)
+	}
+}

src/cmd/go/internal/mmap/mmap_windows.go

@@ -37,5 +37,11 @@ func mmapFile(f *os.File) (Data, error) {
 		return Data{}, fmt.Errorf("VirtualQuery %s: %w", f.Name(), err)
 	}
 	data := unsafe.Slice((*byte)(unsafe.Pointer(addr)), int(info.RegionSize))
-	return Data{f, data}, nil
+	if len(data) < int(size) {
+		// In some cases, especially on 386, we may not receive a in incomplete mapping:
+		// one that is shorter than the file itself. Return an error in those cases because
+		// incomplete mappings are not useful.
+		return Data{}, fmt.Errorf("mmapFile: received incomplete mapping of file")
+	}
+	return Data{f, data[:int(size)]}, nil
 }

src/cmd/go/internal/mmap/testdata/small_file.txt

@@ -0,0 +1 @@
+This file is shorter than 4096 bytes.

src/cmd/go/internal/modfetch/cache.go

@@ -113,6 +113,13 @@ func DownloadDir(ctx context.Context, m module.Version) (string, error) {
 		return dir, err
 	}
 
+	// Special case: ziphash is not required for the golang.org/fips140 module,
+	// because it is unpacked from a file in GOROOT, not downloaded.
+	// We've already checked that it's not a partial unpacking, so we're happy.
+	if m.Path == "golang.org/fips140" {
+		return dir, nil
+	}
+
 	// Check if a .ziphash file exists. It should be created before the
 	// zip is extracted, but if it was deleted (by another program?), we need
 	// to re-calculate it. Note that checkMod will repopulate the ziphash

src/cmd/go/internal/modfetch/codehost/git.go

@@ -649,7 +649,21 @@ func (r *gitRepo) statLocal(ctx context.Context, version, rev string) (*RevInfo,
 			}
 		}
 	}
-	sort.Strings(info.Tags)
+
+	// Git 2.47.1 does not send the tags during shallow clone anymore
+	// (perhaps the exact version that changed behavior is an earlier one),
+	// so we have to also add tags from the refs list we fetched with ls-remote.
+	if refs, err := r.loadRefs(ctx); err == nil {
+		for ref, h := range refs {
+			if h == hash {
+				if tag, found := strings.CutPrefix(ref, "refs/tags/"); found {
+					info.Tags = append(info.Tags, tag)
+				}
+			}
+		}
+	}
+	slices.Sort(info.Tags)
+	info.Tags = slices.Compact(info.Tags)
 
 	// Used hash as info.Version above.
 	// Use caller's suggested version if it appears in the tag list

src/cmd/go/internal/modget/get.go

@@ -125,11 +125,6 @@ suggested Go toolchain, see https://go.dev/doc/toolchain.
 
 For more about specifying packages, see 'go help packages'.
 
-This text describes the behavior of get using modules to manage source
-code and dependencies. If instead the go command is running in GOPATH
-mode, the details of get's flags and effects change, as does 'go help get'.
-See 'go help gopath-get'.
-
 See also: go build, go install, go clean, go mod.
 	`,
 }

src/cmd/go/internal/modindex/read.go

@@ -33,10 +33,7 @@ import (
 	"cmd/internal/par"
 )
 
-// enabled is used to flag off the behavior of the module index on tip.
-// It will be removed before the release.
-// TODO(matloob): Remove enabled once we have more confidence on the
-// module index.
+// enabled is used to flag off the behavior of the module index on tip, for debugging.
 var enabled = godebug.New("#goindex").Value() != "0"
 
 // Module represents and encoded module index file. It is used to
@@ -126,6 +123,7 @@ var ErrNotIndexed = errors.New("not in module index")
 var (
 	errDisabled           = fmt.Errorf("%w: module indexing disabled", ErrNotIndexed)
 	errNotFromModuleCache = fmt.Errorf("%w: not from module cache", ErrNotIndexed)
+	errFIPS140            = fmt.Errorf("%w: fips140 snapshots not indexed", ErrNotIndexed)
 )
 
 // GetPackage returns the IndexPackage for the directory at the given path.
@@ -143,6 +141,11 @@ func GetPackage(modroot, pkgdir string) (*IndexPackage, error) {
 	if cfg.BuildContext.Compiler == "gccgo" && str.HasPathPrefix(modroot, cfg.GOROOTsrc) {
 		return nil, err // gccgo has no sources for GOROOT packages.
 	}
+	// The pkgdir for fips140 has been replaced in the fsys overlay,
+	// but the module index does not see that. Do not try to use the module index.
+	if strings.Contains(filepath.ToSlash(pkgdir), "internal/fips140/v") {
+		return nil, errFIPS140
+	}
 	return openIndexPackage(modroot, pkgdir)
 }
 
@@ -183,16 +186,21 @@ func openIndexModule(modroot string, ismodcache bool) (*Module, error) {
 		if err != nil {
 			return nil, err
 		}
-		data, _, err := cache.GetMmap(cache.Default(), id)
+		data, _, opened, err := cache.GetMmap(cache.Default(), id)
 		if err != nil {
 			// Couldn't read from modindex. Assume we couldn't read from
 			// the index because the module hasn't been indexed yet.
+			// But double check on Windows that we haven't opened the file yet,
+			// because once mmap opens the file, we can't close it, and
+			// Windows won't let us open an already opened file.
 			data, err = indexModule(modroot)
 			if err != nil {
 				return nil, err
 			}
-			if err = cache.PutBytes(cache.Default(), id, data); err != nil {
-				return nil, err
+			if runtime.GOOS != "windows" || !opened {
+				if err = cache.PutBytes(cache.Default(), id, data); err != nil {
+					return nil, err
+				}
 			}
 		}
 		mi, err := fromBytes(modroot, data)
@@ -212,13 +220,18 @@ func openIndexPackage(modroot, pkgdir string) (*IndexPackage, error) {
 		if err != nil {
 			return nil, err
 		}
-		data, _, err := cache.GetMmap(cache.Default(), id)
+		data, _, opened, err := cache.GetMmap(cache.Default(), id)
 		if err != nil {
 			// Couldn't read from index. Assume we couldn't read from
 			// the index because the package hasn't been indexed yet.
+			// But double check on Windows that we haven't opened the file yet,
+			// because once mmap opens the file, we can't close it, and
+			// Windows won't let us open an already opened file.
 			data = indexPackage(modroot, pkgdir)
-			if err = cache.PutBytes(cache.Default(), id, data); err != nil {
-				return nil, err
+			if runtime.GOOS != "windows" || !opened {
+				if err = cache.PutBytes(cache.Default(), id, data); err != nil {
+					return nil, err
+				}
 			}
 		}
 		pkg, err := packageFromBytes(modroot, data)

src/cmd/go/internal/modload/modfile.go

@@ -44,6 +44,17 @@ func ReadModFile(gomod string, fix modfile.VersionFixer) (data []byte, f *modfil
 
 	f, err = modfile.Parse(gomod, data, fix)
 	if err != nil {
+		f, laxErr := modfile.ParseLax(gomod, data, fix)
+		if laxErr == nil {
+			if f.Go != nil && gover.Compare(f.Go.Version, gover.Local()) > 0 {
+				toolchain := ""
+				if f.Toolchain != nil {
+					toolchain = f.Toolchain.Name
+				}
+				return nil, nil, &gover.TooNewError{What: base.ShortPath(gomod), GoVersion: f.Go.Version, Toolchain: toolchain}
+			}
+		}
+
 		// Errors returned by modfile.Parse begin with file:line.
 		return nil, nil, fmt.Errorf("errors parsing %s:\n%w", base.ShortPath(gomod), shortPathErrorList(err))
 	}

src/cmd/go/internal/test/test.go

@@ -994,14 +994,15 @@ func runTest(ctx context.Context, cmd *base.Command, args []string) {
 
 	// Prepare build + run + print actions for all packages being tested.
 	for _, p := range pkgs {
-		buildTest, runTest, printTest, perr, err := builderTest(b, ctx, pkgOpts, p, allImports[p], writeCoverMetaAct)
-		if err != nil {
+		reportErr := func(perr *load.Package, err error) {
 			str := err.Error()
 			if p.ImportPath != "" {
 				load.DefaultPrinter().Errorf(perr, "# %s\n%s", p.ImportPath, str)
 			} else {
 				load.DefaultPrinter().Errorf(perr, "%s", str)
 			}
+		}
+		reportSetupFailed := func(perr *load.Package, err error) {
 			var stdout io.Writer = os.Stdout
 			if testJSON {
 				json := test2json.NewConverter(stdout, p.ImportPath, test2json.Timestamp)
@@ -1009,11 +1010,34 @@ func runTest(ctx context.Context, cmd *base.Command, args []string) {
 					json.Exited(err)
 					json.Close()
 				}()
-				json.SetFailedBuild(perr.Desc())
+				if gotestjsonbuildtext.Value() == "1" {
+					// While this flag is about go build -json, the other effect
+					// of that change was to include "FailedBuild" in the test JSON.
+					gotestjsonbuildtext.IncNonDefault()
+				} else {
+					json.SetFailedBuild(perr.Desc())
+				}
 				stdout = json
 			}
 			fmt.Fprintf(stdout, "FAIL\t%s [setup failed]\n", p.ImportPath)
 			base.SetExitStatus(1)
+		}
+
+		var firstErrPkg *load.Package // arbitrarily report setup failed error for first error pkg reached in DFS
+		load.PackageErrors([]*load.Package{p}, func(p *load.Package) {
+			reportErr(p, p.Error)
+			if firstErrPkg == nil {
+				firstErrPkg = p
+			}
+		})
+		if firstErrPkg != nil {
+			reportSetupFailed(firstErrPkg, firstErrPkg.Error)
+			continue
+		}
+		buildTest, runTest, printTest, perr, err := builderTest(b, ctx, pkgOpts, p, allImports[p], writeCoverMetaAct)
+		if err != nil {
+			reportErr(perr, err)
+			reportSetupFailed(perr, err)
 			continue
 		}
 		builds = append(builds, buildTest)
@@ -1437,7 +1461,11 @@ func (r *runTestActor) Act(b *work.Builder, ctx context.Context, a *work.Action)
 	if a.Failed != nil {
 		// We were unable to build the binary.
 		if json != nil && a.Failed.Package != nil {
-			json.SetFailedBuild(a.Failed.Package.Desc())
+			if gotestjsonbuildtext.Value() == "1" {
+				gotestjsonbuildtext.IncNonDefault()
+			} else {
+				json.SetFailedBuild(a.Failed.Package.Desc())
+			}
 		}
 		a.Failed = nil
 		fmt.Fprintf(stdout, "FAIL\t%s [build failed]\n", a.Package.ImportPath)

src/cmd/go/internal/toolchain/select.go

@@ -169,7 +169,7 @@ func Select() {
 	}
 
 	gotoolchain = minToolchain
-	if (mode == "auto" || mode == "path") && !goInstallVersion() {
+	if (mode == "auto" || mode == "path") && !goInstallVersion(minVers) {
 		// Read go.mod to find new minimum and suggested toolchain.
 		file, goVers, toolchain := modGoToolchain()
 		gover.Startup.AutoFile = file
@@ -549,7 +549,7 @@ func modGoToolchain() (file, goVers, toolchain string) {
 
 // goInstallVersion reports whether the command line is go install m@v or go run m@v.
 // If so, Select must not read the go.mod or go.work file in "auto" or "path" mode.
-func goInstallVersion() bool {
+func goInstallVersion(minVers string) bool {
 	// Note: We assume there are no flags between 'go' and 'install' or 'run'.
 	// During testing there are some debugging flags that are accepted
 	// in that position, but in production go binaries there are not.
@@ -708,7 +708,11 @@ func goInstallVersion() bool {
 	if errors.Is(err, gover.ErrTooNew) {
 		// Run early switch, same one go install or go run would eventually do,
 		// if it understood all the command-line flags.
-		SwitchOrFatal(ctx, err)
+		var s Switcher
+		s.Error(err)
+		if s.TooNew != nil && gover.Compare(s.TooNew.GoVersion, minVers) > 0 {
+			SwitchOrFatal(ctx, err)
+		}
 	}
 
 	return true // pkg@version found

src/cmd/go/internal/vcweb/auth.go

@@ -63,6 +63,7 @@ func (h *authHandler) Handler(dir string, env []string, logger *log.Logger) (htt
 			var err error
 			accessFile, err = fs.Open(path.Join(accessDir, ".access"))
 			if err == nil {
+				defer accessFile.Close()
 				break
 			}
 

src/cmd/go/internal/work/buildid.go

@@ -15,7 +15,6 @@ import (
 	"cmd/go/internal/base"
 	"cmd/go/internal/cache"
 	"cmd/go/internal/cfg"
-	"cmd/go/internal/fips140"
 	"cmd/go/internal/fsys"
 	"cmd/go/internal/str"
 	"cmd/internal/buildid"
@@ -447,19 +446,6 @@ func (b *Builder) useCache(a *Action, actionHash cache.ActionID, target string,
 		a.buildID = actionID + buildIDSeparator + mainpkg.buildID + buildIDSeparator + contentID
 	}
 
-	// In FIPS mode, we disable any link caching,
-	// so that we always leave fips.o in $WORK/b001.
-	// This makes sure that labs validating the FIPS
-	// implementation can always run 'go build -work'
-	// and then find fips.o in $WORK/b001/fips.o.
-	// We could instead also save the fips.o and restore it
-	// to $WORK/b001 from the cache,
-	// but we went years without caching binaries anyway,
-	// so not caching them for FIPS will be fine, at least to start.
-	if a.Mode == "link" && fips140.Enabled() && a.Package != nil && !strings.HasSuffix(a.Package.ImportPath, ".test") {
-		return false
-	}
-
 	// If user requested -a, we force a rebuild, so don't use the cache.
 	if cfg.BuildA {
 		if p := a.Package; p != nil && !p.Stale {
@@ -519,7 +505,7 @@ func (b *Builder) useCache(a *Action, actionHash cache.ActionID, target string,
 				oldBuildID := a.buildID
 				a.buildID = id[1] + buildIDSeparator + id[2]
 				linkID := buildid.HashToString(b.linkActionID(a.triggers[0]))
-				if id[0] == linkID && !fips140.Enabled() {
+				if id[0] == linkID {
 					// Best effort attempt to display output from the compile and link steps.
 					// If it doesn't work, it doesn't work: reusing the cached binary is more
 					// important than reprinting diagnostic information.

src/cmd/go/internal/work/exec.go

@@ -1374,6 +1374,7 @@ func (b *Builder) linkActionID(a *Action) cache.ActionID {
 	fmt.Fprintf(h, "buildmode %s goos %s goarch %s\n", cfg.BuildBuildmode, cfg.Goos, cfg.Goarch)
 	fmt.Fprintf(h, "import %q\n", p.ImportPath)
 	fmt.Fprintf(h, "omitdebug %v standard %v local %v prefix %q\n", p.Internal.OmitDebug, p.Standard, p.Internal.Local, p.Internal.LocalPrefix)
+	fmt.Fprintf(h, "defaultgodebug %q\n", p.DefaultGODEBUG)
 	if cfg.BuildTrimpath {
 		fmt.Fprintln(h, "trimpath")
 	}

src/cmd/go/internal/work/security.go

@@ -201,23 +201,23 @@ var validLinkerFlags = []*lazyregexp.Regexp{
 	re(`-Wl,--end-group`),
 	re(`-Wl,--(no-)?export-dynamic`),
 	re(`-Wl,-E`),
-	re(`-Wl,-framework,[^,@\-][^,]+`),
+	re(`-Wl,-framework,[^,@\-][^,]*`),
 	re(`-Wl,--hash-style=(sysv|gnu|both)`),
 	re(`-Wl,-headerpad_max_install_names`),
 	re(`-Wl,--no-undefined`),
 	re(`-Wl,--pop-state`),
 	re(`-Wl,--push-state`),
 	re(`-Wl,-R,?([^@\-,][^,@]*$)`),
-	re(`-Wl,--just-symbols[=,]([^,@\-][^,@]+)`),
-	re(`-Wl,-rpath(-link)?[=,]([^,@\-][^,]+)`),
+	re(`-Wl,--just-symbols[=,]([^,@\-][^,@]*)`),
+	re(`-Wl,-rpath(-link)?[=,]([^,@\-][^,]*)`),
 	re(`-Wl,-s`),
 	re(`-Wl,-search_paths_first`),
-	re(`-Wl,-sectcreate,([^,@\-][^,]+),([^,@\-][^,]+),([^,@\-][^,]+)`),
+	re(`-Wl,-sectcreate,([^,@\-][^,]*),([^,@\-][^,]*),([^,@\-][^,]*)`),
 	re(`-Wl,--start-group`),
 	re(`-Wl,-?-static`),
 	re(`-Wl,-?-subsystem,(native|windows|console|posix|xbox)`),
-	re(`-Wl,-syslibroot[=,]([^,@\-][^,]+)`),
-	re(`-Wl,-undefined[=,]([^,@\-][^,]+)`),
+	re(`-Wl,-syslibroot[=,]([^,@\-][^,]*)`),
+	re(`-Wl,-undefined[=,]([^,@\-][^,]*)`),
 	re(`-Wl,-?-unresolved-symbols=[^,]+`),
 	re(`-Wl,--(no-)?warn-([^,]+)`),
 	re(`-Wl,-?-wrap[=,][^,@\-][^,]*`),

src/cmd/go/internal/work/security_test.go

@@ -182,6 +182,13 @@ var goodLinkerFlags = [][]string{
 	{"-Wl,--pop-state"},
 	{"-Wl,--push-state,--as-needed"},
 	{"-Wl,--push-state,--no-as-needed,-Bstatic"},
+	{"-Wl,--just-symbols,."},
+	{"-Wl,-framework,."},
+	{"-Wl,-rpath,."},
+	{"-Wl,-rpath-link,."},
+	{"-Wl,-sectcreate,.,.,."},
+	{"-Wl,-syslibroot,."},
+	{"-Wl,-undefined,."},
 }
 
 var badLinkerFlags = [][]string{

src/cmd/go/testdata/script/build_cacheprog_issue70848.txt

@@ -0,0 +1,27 @@
+[short] skip 'builds go programs'
+
+go build -o cacheprog$GOEXE cacheprog.go
+env GOCACHEPROG=$GOPATH/src/cacheprog$GOEXE
+
+# This should not deadlock
+go build simple.go
+! stderr 'cacheprog closed'
+
+-- simple.go --
+package main
+
+func main() {}
+-- cacheprog.go --
+// This is a minimal GOCACHEPROG program that doesn't respond to close.
+package main
+
+import (
+    "encoding/json"
+    "os"
+)
+
+func main() {
+    json.NewEncoder(os.Stdout).Encode(map[string][]string{"KnownCommands": {"close"}})
+    var res struct{}
+    json.NewDecoder(os.Stdin).Decode(&res)
+}

src/cmd/go/testdata/script/build_version_stamping_git.txt

@@ -51,7 +51,7 @@ go version -m example$GOEXE
 stdout '\s+mod\s+example\s+v1.0.1\s+'
 rm example$GOEXE
 
-# Use tag+dirty when there are uncomitted changes present.
+# Use tag+dirty when there are uncommitted changes present.
 cp $WORK/copy/README $WORK/repo/README
 go build
 go version -m example$GOEXE
@@ -82,7 +82,7 @@ go version -m example$GOEXE
 stdout '\s+mod\s+example\s+v1.0.3-0.20220719150702-deaeab06f7fe\s+'
 rm example$GOEXE
 
-# Use pseudo+dirty when uncomitted changes are present.
+# Use pseudo+dirty when uncommitted changes are present.
 mv README2 README3
 go build
 go version -m example$GOEXE

src/cmd/go/testdata/script/cover_coverprofile_nocoverpkg.txt

@@ -0,0 +1,50 @@
+# Testcase for #70244. In this bug we're doing a "go test -coverprofile"
+# run for a pair of packages, the first one without tests and the second
+# one with tests. When writing the profile for the second test, profile
+# data from the first package was leaking into the output (we should
+# only see lines in the output profile for the package whose test is
+# being run).
+
+[short] skip
+
+# Kick off test.
+go test -vet=off -count=1 -coverprofile=cov.p ./...
+
+# Generate a function profile.
+go tool cover -func=cov.p
+
+# Prior to GOEXPERIMENT=coverageredesign we should see no output at all for
+# pkg1 (since it has no tests).
+[!GOEXPERIMENT:coverageredesign] ! stdout 'pkg1'
+
+# With GOEXPERIMENT=coverageredesign enabled we should see zero percent
+# coverage for pkg1's DoSomething, not 100% (as in the bug).
+[GOEXPERIMENT:coverageredesign] stdout 'cov/pkg1/file.go:3:\s+DoSomething\s+0.0%'
+
+-- go.mod --
+module cov
+
+-- pkg1/file.go --
+package pkg1
+
+func DoSomething() bool {
+	return true
+}
+-- pkg2/file.go --
+package pkg2
+
+func DoSomething() bool {
+	return true
+}
+-- pkg2/file_test.go --
+package pkg2
+
+import (
+	"cov/pkg1"
+	"testing"
+)
+
+func TestSmth(t *testing.T) {
+	pkg1.DoSomething()
+	DoSomething()
+}

src/cmd/go/testdata/script/env_changed.txt

@@ -1,5 +1,8 @@
 # Test query for non-defaults in the env
 
+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
 env GOROOT=./a
 env GOTOOLCHAIN=local
 env GOSUMDB=nodefault

src/cmd/go/testdata/script/env_gocacheprog.txt

@@ -0,0 +1,42 @@
+# GOCACHEPROG unset
+env GOCACHEPROG=
+
+go env
+stdout 'GOCACHEPROG=''?''?'
+
+go env -changed
+! stdout 'GOCACHEPROG'
+
+go env -changed -json
+! stdout 'GOCACHEPROG'
+
+# GOCACHEPROG set
+[short] skip 'compiles and runs a go program'
+
+go build -o cacheprog$GOEXE cacheprog.go
+
+env GOCACHEPROG=$GOPATH/src/cacheprog$GOEXE
+
+go env
+stdout 'GOCACHEPROG=''?'$GOCACHEPROG'''?'
+
+go env -changed
+stdout 'GOCACHEPROG=''?'$GOCACHEPROG'''?'
+
+go env -changed -json
+stdout '"GOCACHEPROG": ".*cacheprog'$GOEXE'"'
+
+-- cacheprog.go --
+// This is a minimal GOCACHEPROG program that can't actually do anything but exit.
+package main
+
+import (
+    "encoding/json"
+    "os"
+)
+
+func main() {
+    json.NewEncoder(os.Stdout).Encode(map[string][]string{"KnownCommands": {"close"}})
+    var res struct{}
+    json.NewDecoder(os.Stdin).Decode(&res)
+}

src/cmd/go/testdata/script/fips.txt

@@ -1,3 +1,6 @@
+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
 # list with GOFIPS140=off
 env GOFIPS140=off
 go list -f '{{.DefaultGODEBUG}}'
@@ -17,12 +20,12 @@ go build -x -o x.exe
 go build -x -o x.exe
 ! stderr link
 
-# build with GOFIPS140=latest is NOT cached (need fipso)
+# build with GOFIPS140=latest is cached too
 env GOFIPS140=latest
 go build -x -o x.exe
 stderr link.*-fipso
 go build -x -o x.exe
-stderr link.*-fipso
+! stderr link.*-fipso
 
 # build test with GOFIPS140=off is cached
 env GOFIPS140=off
@@ -38,8 +41,6 @@ stderr link.*-fipso
 go test -x -c
 ! stderr link
 
-
-
 -- go.mod --
 module m
 -- x.go --

src/cmd/go/testdata/script/fipssnap.txt

@@ -1,12 +1,11 @@
-## Note: Need a snapshot in lib/fips140 to run this test.
-## For local testing, can run 'cd lib/fips140; make v0.0.1.test'
-## and then remove the skip.
-env snap=v0.0.1
+env snap=v1.0.0
 env alias=inprocess
 
-skip 'no snapshots yet'
 env GOFIPS140=$snap
 
+# Go+BoringCrypto conflicts with GOFIPS140.
+[GOEXPERIMENT:boringcrypto] skip
+
 # default GODEBUG includes fips140=on
 go list -f '{{.DefaultGODEBUG}}'
 stdout fips140=on
@@ -24,7 +23,8 @@ stdout crypto/internal/fips140/$snap/sha256
 ! stdout crypto/internal/fips140/check
 
 # again with GOFIPS140=$alias
-env GOFIPS140=$alias
+# TODO: enable when we add inprocess.txt
+# env GOFIPS140=$alias
 
 # default GODEBUG includes fips140=on
 go list -f '{{.DefaultGODEBUG}}'
@@ -44,11 +44,11 @@ stdout crypto/internal/fips140/$snap/sha256
 
 [short] skip
 
-# build with GOFIPS140=snap is NOT cached (need fipso)
+# build with GOFIPS140=snap is cached
 go build -x -o x.exe
 stderr link.*-fipso
 go build -x -o x.exe
-stderr link.*-fipso
+! stderr link.*-fipso
 
 # build test with GOFIPS140=snap is cached
 go test -x -c

src/cmd/go/testdata/script/goauth_netrc.txt

@@ -2,8 +2,6 @@
 # credentials passed in HTTPS requests to VCS servers.
 # See golang.org/issue/26232
 
-[short] skip
-
 env GOPROXY=direct
 env GOSUMDB=off
 
@@ -56,6 +54,18 @@ env NETRC=$WORK/missing
 ! go get vcs-test.golang.org/auth/or401
 stderr '^\tserver response: ACCESS DENIED, buddy$'
 
+[short] skip 'requires a remote vcs lookup'
+[!git] skip
+# An unset home directory should warn the user but not cause a failure.
+env NETRC=
+env HOME=
+env USERPROFILE=
+env home=
+go get -x vcs-test.golang.org/git/emptytest.git
+[!GOOS:windows] [!GOOS:plan9] stderr 'GOAUTH=netrc: \$HOME is not defined'
+[GOOS:windows] stderr 'GOAUTH=netrc: \%userprofile\% is not defined'
+[GOOS:plan9] stderr 'GOAUTH=netrc: \$home is not defined'
+
 -- go.mod --
 module private.example.com
 -- $WORK/empty --
@@ -63,3 +73,7 @@ module private.example.com
 machine vcs-test.golang.org
 	login aladdin
 	password opensesame
+# first one should override this one
+machine vcs-test.golang.org
+	login aladdin
+	password ignored

src/cmd/go/testdata/script/goauth_userauth.txt

@@ -3,13 +3,8 @@
 
 env GOPROXY=direct
 env GOSUMDB=off
-
-# Use a custom authenticator to provide custom credentials
 mkdir $WORK/bin
 env PATH=$WORK/bin${:}$PATH
-cd auth
-go build -o $WORK/bin/my-auth$GOEXE .
-cd ..
 
 # Without credentials, downloading a module from a path that requires HTTPS
 # basic auth should fail.
@@ -21,8 +16,10 @@ stderr '^\tserver response: ACCESS DENIED, buddy$'
 ! go mod tidy
 stderr '^\tserver response: ACCESS DENIED, buddy$'
 
-# With credentials from the my-auth binary, it should succeed.
-env GOAUTH='my-auth'$GOEXE' --arg1 "value with spaces"'
+# Initial invocation of authenticator is successful.
+go build -o $WORK/bin/basic$GOEXE scripts/basic.go
+# With credentials from the binary, it should succeed.
+env GOAUTH='basic'$GOEXE
 cp go.mod.orig go.mod
 go get vcs-test.golang.org/auth/or401
 # go imports should resolve correctly as well.
@@ -30,7 +27,54 @@ go mod tidy
 go list all
 stdout vcs-test.golang.org/auth/or401
 
--- auth/main.go --
+# Second invocation of authenticator is successful.
+go build -o $WORK/bin/reinvocation$GOEXE scripts/reinvocation.go
+# With credentials from the binary, it should succeed.
+env GOAUTH='reinvocation'$GOEXE
+cp go.mod.orig go.mod
+go get vcs-test.golang.org/auth/or401
+# go imports should resolve correctly as well.
+go mod tidy
+go list all
+stdout vcs-test.golang.org/auth/or401
+
+# Authenticator can parse arguments correctly.
+go build -o $WORK/bin/arguments$GOEXE scripts/arguments.go
+# With credentials from the binary, it should succeed.
+env GOAUTH='arguments'$GOEXE' --arg1 "value with spaces"'
+cp go.mod.orig go.mod
+go get vcs-test.golang.org/auth/or401
+# go imports should resolve correctly as well.
+go mod tidy
+go list all
+stdout vcs-test.golang.org/auth/or401
+
+# Authenticator provides bad credentials.
+go build -o $WORK/bin/invalid$GOEXE scripts/invalid.go
+# With credentials from the binary, it should fail.
+env GOAUTH='invalid'$GOEXE
+cp go.mod.orig go.mod
+! go get vcs-test.golang.org/auth/or401
+stderr '^\tserver response: ACCESS DENIED, buddy$'
+# go imports should fail as well.
+! go mod tidy
+stderr '^\tserver response: ACCESS DENIED, buddy$'
+
+-- go.mod.orig --
+module private.example.com
+-- main.go --
+package useprivate
+
+import "vcs-test.golang.org/auth/or401"
+-- scripts/basic.go --
+package main
+
+import "fmt"
+
+func main() {
+	fmt.Printf("https://vcs-test.golang.org\n\nAuthorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l\n\n")
+}
+-- scripts/reinvocation.go --
 package main
 
 import(
@@ -45,11 +89,7 @@ import(
 )
 
 func main() {
-	arg1 := flag.String("arg1", "", "")
 	flag.Parse()
-	if *arg1 != "value with spaces" {
-		log.Fatal("argument with spaces does not work")
-	}
 	// wait for re-invocation
 	if !strings.HasPrefix(flag.Arg(0), "https://vcs-test.golang.org") {
 		return
@@ -68,12 +108,28 @@ func main() {
 	}
 	fmt.Printf("https://vcs-test.golang.org\n\nAuthorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l\n\n")
 }
+-- scripts/arguments.go --
+package main
 
--- auth/go.mod --
-module my-auth
--- go.mod.orig --
-module private.example.com
--- main.go --
-package useprivate
+import(
+	"flag"
+	"fmt"
+	"log"
+)
 
-import "vcs-test.golang.org/auth/or401"
+func main() {
+	arg1 := flag.String("arg1", "", "")
+	flag.Parse()
+	if *arg1 != "value with spaces" {
+		log.Fatal("argument with spaces does not work")
+	}
+	fmt.Printf("https://vcs-test.golang.org\n\nAuthorization: Basic YWxhZGRpbjpvcGVuc2VzYW1l\n\n")
+}
+-- scripts/invalid.go --
+package main
+
+import "fmt"
+
+func main() {
+	fmt.Printf("https://vcs-test.golang.org\n\nAuthorization: Basic invalid\n\n")
+}

src/cmd/go/testdata/script/gotoolchain_local.txt

@@ -197,6 +197,17 @@ go mod edit -go=1.501 -toolchain=none
 go version
 stdout go1.501
 
+# avoid two-step switch, first from install target requirement, then from GOTOOLCHAIN min
+# instead, just jump directly to GOTOOLCHAIN min
+env TESTGO_VERSION=go1.2.3
+env GODEBUG=toolchaintrace=1
+env GOTOOLCHAIN=go1.23.0+auto
+! go install rsc.io/fortune/nonexist@v0.0.1
+! stderr 'switching to go1.22.9'
+stderr 'using go1.23.0'
+env GODEBUG=
+env GOTOOLCHAIN=auto
+
 # go install m@v and go run m@v should ignore go.mod and use m@v
 env TESTGO_VERSION=go1.2.3
 go mod edit -go=1.999 -toolchain=go1.998

src/cmd/go/testdata/script/mod_help.txt

@@ -3,4 +3,4 @@ env GO111MODULE=on
 # go help get shows usage for get
 go help get
 stdout 'usage: go get'
-stdout 'get using modules to manage source'
+stdout 'updates go.mod to require those versions'

src/cmd/go/testdata/script/mod_unknown_block.txt

@@ -0,0 +1,11 @@
+env GOTOOLCHAIN=local
+! go list .
+stderr 'go: go.mod requires go >= 1.999'
+
+
+-- go.mod --
+module example.com
+
+go 1.999
+
+anewblock foo

src/cmd/go/testdata/script/test_flags.txt

@@ -15,8 +15,8 @@ stdout '\Aok\s+example.com/x\s+[0-9.s]+\n\z'
 # Even though ./x looks like a package path, the real package should be
 # the implicit '.'.
 ! go test --answer=42 ./x
-stdout '^FAIL\t. \[build failed\]'
-stderr '^\.: no Go files in '$PWD'$'
+stdout '^FAIL\t. \[setup failed\]'
+stderr '^# \.\nno Go files in '$PWD'$'
 
 # However, *flags* that appear after unrecognized flags should still be
 # interpreted as flags, under the (possibly-erroneous) assumption that

src/cmd/go/testdata/script/test_fuzz_context.txt

@@ -0,0 +1,47 @@
+[!fuzz] skip
+[short] skip
+env GOCACHE=$WORK/cache
+
+# Test fuzz.Context.
+go test -vet=off context_fuzz_test.go
+stdout ^ok
+! stdout FAIL
+
+go test -vet=off -fuzz=Fuzz -fuzztime=1x context_fuzz_test.go
+stdout ok
+! stdout FAIL
+
+-- context_fuzz_test.go --
+package context_fuzz
+
+import (
+	"context"
+	"errors"
+	"testing"
+)
+
+func Fuzz(f *testing.F) {
+	ctx := f.Context()
+	if err := ctx.Err(); err != nil {
+		f.Fatalf("expected non-canceled context, got %v", err)
+	}
+
+	f.Fuzz(func(t *testing.T, data []byte) {
+		innerCtx := t.Context()
+		if err := innerCtx.Err(); err != nil {
+			t.Fatalf("expected inner test to not inherit canceled context, got %v", err)
+		}
+
+		t.Cleanup(func() {
+			if !errors.Is(innerCtx.Err(), context.Canceled) {
+				t.Fatal("expected context of inner test to be canceled after its fuzz function finished")
+			}
+		})
+	})
+
+	f.Cleanup(func() {
+		if !errors.Is(ctx.Err(), context.Canceled) {
+			f.Fatal("expected context canceled before cleanup")
+		}
+	})
+}

src/cmd/go/testdata/script/test_json_build.txt

@@ -40,6 +40,18 @@ stdout '"Action":"output","Package":"m/loaderror","Output":"FAIL\\tm/loaderror \
 stdout '"Action":"fail","Package":"m/loaderror","Elapsed":.*,"FailedBuild":"x"'
 ! stderr '.'
 
+# Test an import cycle loading error in a non test file. (#70820)
+! go test -json -o=$devnull ./cycle/p
+stdout '"ImportPath":"m/cycle/q","Action":"build-output","Output":"# m/cycle/p\\n"'
+stdout '"ImportPath":"m/cycle/q","Action":"build-output","Output":"package m/cycle/p\\n"'
+stdout '"ImportPath":"m/cycle/q","Action":"build-output","Output":"\\timports m/cycle/q from p.go\\n"'
+stdout '"ImportPath":"m/cycle/q","Action":"build-output","Output":"\\timports m/cycle/q from q.go: import cycle not allowed\\n"'
+stdout '"ImportPath":"m/cycle/q","Action":"build-fail"'
+stdout '"Action":"start","Package":"m/cycle/p"'
+stdout '"Action":"output","Package":"m/cycle/p","Output":"FAIL\\tm/cycle/p \[setup failed\]\\n"'
+stdout '"Action":"fail","Package":"m/cycle/p","Elapsed":.*,"FailedBuild":"m/cycle/q"'
+! stderr '.'
+
 # Test a vet error
 ! go test -json -o=$devnull ./veterror
 stdout '"ImportPath":"m/veterror \[m/veterror.test\]","Action":"build-output","Output":"# m/veterror\\n"'
@@ -58,8 +70,9 @@ stderr '# m/builderror \[m/builderror.test\]\n'
 stderr 'builderror'${/}'main_test.go:3:11: undefined: y\n'
 stdout '"Action":"start","Package":"m/builderror"'
 stdout '"Action":"output","Package":"m/builderror","Output":"FAIL\\tm/builderror \[build failed\]\\n"'
-stdout '"Action":"fail","Package":"m/builderror","Elapsed":.*,"FailedBuild":"m/builderror \[m/builderror\.test\]"'
-
+stdout '"Action":"fail","Package":"m/builderror","Elapsed":[0-9.]+\}'
+# FailedBuild should NOT appear in the output in this mode.
+! stdout '"FailedBuild"'
 
 -- go.mod --
 module m
@@ -98,3 +111,13 @@ import (
 func TestVetError(t *testing.T) {
         fmt.Printf("%s")
 }
+-- cycle/p/p.go --
+package p
+
+import "m/cycle/q"
+-- cycle/q/q.go --
+package q
+
+import (
+	"m/cycle/q"
+)

src/cmd/go/testdata/script/test_setup_error.txt

@@ -33,10 +33,23 @@ stderr '# m/t2/p\n.*package x is not in std'
 stdout 'FAIL	m/t2/p \[setup failed\]'
 stdout 'ok  	m/t'
 
-# Finally, this one is a build error, but produced by cmd/go directly
+# Test that an import cycle error is reported. Test for #70820
+! go test -o=$devnull ./cycle/p ./t
+stderr '# m/cycle/p\n.*package m/cycle/p\n\timports m/cycle/p from p\.go: import cycle not allowed'
+stdout 'FAIL	m/cycle/p \[setup failed\]'
+stdout 'ok  	m/t'
+
+# Test that multiple errors for the same package under test are reported.
+! go test -o=$devnull ./cycle/q ./t
+stderr '# m/cycle/q\n.*package m/cycle/q\n\timports m/cycle/p from q\.go\n\timports m/cycle/p from p\.go: import cycle not allowed'
+stdout 'FAIL	m/cycle/q \[setup failed\]'
+stdout 'ok  	m/t'
+
+# Finally, this one is a non-import-cycle load error that
+# is produced for the package under test.
 ! go test -o=$devnull . ./t
-stderr '^\.: no Go files in '$PWD'$'
-stdout 'FAIL	. \[build failed\]'
+stderr '# \.\n.*no Go files in '$PWD'$'
+stdout 'FAIL	. \[setup failed\]'
 stdout 'ok  	m/t'
 
 -- go.mod --
@@ -68,6 +81,17 @@ package p
 package p
 
 import "m/bad"
+-- cycle/p/p.go --
+package p
+
+import "m/cycle/p"
+-- cycle/q/q.go --
+package q
+
+import (
+	"m/bad"
+	"m/cycle/p"
+)
 -- bad/bad.go --
 package bad
 

src/cmd/internal/disasm/disasm.go

@@ -2,13 +2,16 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package objfile
+// Package disasm provides disassembly routines.
+//
+// It is broken out from cmd/internal/objfile so tools that don't need
+// disassembling don't need to depend on x/arch disassembler code.
+package disasm
 
 import (
 	"bufio"
 	"bytes"
 	"container/list"
-	"debug/gosym"
 	"encoding/binary"
 	"fmt"
 	"io"
@@ -19,6 +22,7 @@ import (
 	"strings"
 	"text/tabwriter"
 
+	"cmd/internal/objfile"
 	"cmd/internal/src"
 
 	"golang.org/x/arch/arm/armasm"
@@ -32,8 +36,8 @@ import (
 
 // Disasm is a disassembler for a given File.
 type Disasm struct {
-	syms      []Sym            //symbols in file, sorted by address
-	pcln      Liner            // pcln table
+	syms      []objfile.Sym    // symbols in file, sorted by address
+	pcln      objfile.Liner    // pcln table
 	text      []byte           // bytes of text segment (actual instructions)
 	textStart uint64           // start PC of text
 	textEnd   uint64           // end PC of text
@@ -42,8 +46,12 @@ type Disasm struct {
 	byteOrder binary.ByteOrder // byte order for goarch
 }
 
-// Disasm returns a disassembler for the file f.
-func (e *Entry) Disasm() (*Disasm, error) {
+// DisasmForFile returns a disassembler for the file f.
+func DisasmForFile(f *objfile.File) (*Disasm, error) {
+	return disasmForEntry(f.Entries()[0])
+}
+
+func disasmForEntry(e *objfile.Entry) (*Disasm, error) {
 	syms, err := e.Symbols()
 	if err != nil {
 		return nil, err
@@ -269,7 +277,7 @@ func (d *Disasm) Print(w io.Writer, filter *regexp.Regexp, start, end uint64, pr
 }
 
 // Decode disassembles the text segment range [start, end), calling f for each instruction.
-func (d *Disasm) Decode(start, end uint64, relocs []Reloc, gnuAsm bool, f func(pc, size uint64, file string, line int, text string)) {
+func (d *Disasm) Decode(start, end uint64, relocs []objfile.Reloc, gnuAsm bool, f func(pc, size uint64, file string, line int, text string)) {
 	if start < d.textStart {
 		start = d.textStart
 	}
@@ -402,14 +410,16 @@ func disasm_ppc64(code []byte, pc uint64, lookup lookupFunc, byteOrder binary.By
 func disasm_riscv64(code []byte, pc uint64, lookup lookupFunc, byteOrder binary.ByteOrder, gnuAsm bool) (string, int) {
 	inst, err := riscv64asm.Decode(code)
 	var text string
+	size := inst.Len
 	if err != nil || inst.Op == 0 {
+		size = 2
 		text = "?"
 	} else if gnuAsm {
 		text = fmt.Sprintf("%-36s // %s", riscv64asm.GoSyntax(inst, pc, lookup, textReader{code, pc}), riscv64asm.GNUSyntax(inst))
 	} else {
 		text = riscv64asm.GoSyntax(inst, pc, lookup, textReader{code, pc})
 	}
-	return text, 4
+	return text, size
 }
 
 func disasm_s390x(code []byte, pc uint64, lookup lookupFunc, _ binary.ByteOrder, gnuAsm bool) (string, int) {
@@ -452,9 +462,3 @@ var byteOrders = map[string]binary.ByteOrder{
 	"riscv64": binary.LittleEndian,
 	"s390x":   binary.BigEndian,
 }
-
-type Liner interface {
-	// Given a pc, returns the corresponding file, line, and function data.
-	// If unknown, returns "",0,nil.
-	PCToLine(uint64) (string, int, *gosym.Func)
-}

src/cmd/internal/goobj/builtinlist.go

@@ -110,11 +110,13 @@ var builtins = [...]struct {
 	{"runtime.mapassign_fast64ptr", 1},
 	{"runtime.mapassign_faststr", 1},
 	{"runtime.mapiterinit", 1},
+	{"runtime.mapIterStart", 1},
 	{"runtime.mapdelete", 1},
 	{"runtime.mapdelete_fast32", 1},
 	{"runtime.mapdelete_fast64", 1},
 	{"runtime.mapdelete_faststr", 1},
 	{"runtime.mapiternext", 1},
+	{"runtime.mapIterNext", 1},
 	{"runtime.mapclear", 1},
 	{"runtime.makechan64", 1},
 	{"runtime.makechan", 1},

src/cmd/internal/hash/hash.go

@@ -5,22 +5,33 @@
 // Package hash implements hash functions used in the compiler toolchain.
 package hash
 
+// TODO(rsc): Delete the 16 and 20 forms and use 32 at all call sites.
+
 import (
-	"crypto/md5"
-	"crypto/sha1"
 	"crypto/sha256"
 	"hash"
 )
 
 const (
-	// Size32 is the size of 32 bytes hash checksum.
-	Size32 = sha256.Size
-	// Size20 is the size of 20 bytes hash checksum.
-	Size20 = sha1.Size
-	// Size16 is the size of 16 bytes hash checksum.
-	Size16 = md5.Size
+	// Size32 is the size of the 32-byte hash checksum.
+	Size32 = 32
+	// Size20 is the size of the 20-byte hash checksum.
+	Size20 = 20
+	// Size16 is the size of the 16-byte hash checksum.
+	Size16 = 16
 )
 
+type shortHash struct {
+	hash.Hash
+	n int
+}
+
+func (h *shortHash) Sum(b []byte) []byte {
+	old := b
+	sum := h.Hash.Sum(b)
+	return sum[:len(old)+h.n]
+}
+
 // New32 returns a new [hash.Hash] computing the 32 bytes hash checksum.
 func New32() hash.Hash {
 	h := sha256.New()
@@ -30,12 +41,12 @@ func New32() hash.Hash {
 
 // New20 returns a new [hash.Hash] computing the 20 bytes hash checksum.
 func New20() hash.Hash {
-	return sha1.New()
+	return &shortHash{New32(), 20}
 }
 
 // New16 returns a new [hash.Hash] computing the 16 bytes hash checksum.
 func New16() hash.Hash {
-	return md5.New()
+	return &shortHash{New32(), 16}
 }
 
 // Sum32 returns the 32 bytes checksum of the data.
@@ -47,10 +58,16 @@ func Sum32(data []byte) [Size32]byte {
 
 // Sum20 returns the 20 bytes checksum of the data.
 func Sum20(data []byte) [Size20]byte {
-	return sha1.Sum(data)
+	sum := Sum32(data)
+	var short [Size20]byte
+	copy(short[:], sum[4:])
+	return short
 }
 
 // Sum16 returns the 16 bytes checksum of the data.
 func Sum16(data []byte) [Size16]byte {
-	return md5.Sum(data)
+	sum := Sum32(data)
+	var short [Size16]byte
+	copy(short[:], sum[8:])
+	return short
 }

src/cmd/internal/obj/sym.go

@@ -320,7 +320,7 @@ func (ctxt *Link) NumberSyms() {
 			// Assign special index for builtin symbols.
 			// Don't do it when linking against shared libraries, as the runtime
 			// may be in a different library.
-			if i := goobj.BuiltinIdx(rs.Name, int(rs.ABI())); i != -1 {
+			if i := goobj.BuiltinIdx(rs.Name, int(rs.ABI())); i != -1 && !rs.IsLinkname() {
 				rs.PkgIdx = goobj.PkgIdxBuiltin
 				rs.SymIdx = int32(i)
 				rs.Set(AttrIndexed, true)

src/cmd/internal/obj/wasm/wasmobj.go

@@ -129,6 +129,7 @@ var (
 	morestackNoCtxt       *obj.LSym
 	sigpanic              *obj.LSym
 	wasm_pc_f_loop_export *obj.LSym
+	runtimeNotInitialized *obj.LSym
 )
 
 const (
@@ -149,6 +150,7 @@ func instinit(ctxt *obj.Link) {
 	morestackNoCtxt = ctxt.Lookup("runtime.morestack_noctxt")
 	sigpanic = ctxt.LookupABI("runtime.sigpanic", obj.ABIInternal)
 	wasm_pc_f_loop_export = ctxt.Lookup("wasm_pc_f_loop_export")
+	runtimeNotInitialized = ctxt.Lookup("runtime.notInitialized")
 }
 
 func preprocess(ctxt *obj.Link, s *obj.LSym, newprog obj.ProgAlloc) {
@@ -255,7 +257,7 @@ func preprocess(ctxt *obj.Link, s *obj.LSym, newprog obj.ProgAlloc) {
 		p = appendp(p, AEnd)
 	}
 
-	if framesize > 0 {
+	if framesize > 0 && s.Func().WasmExport == nil { // genWasmExportWrapper has its own prologue generation
 		p := s.Func().Text
 		p = appendp(p, AGet, regAddr(REG_SP))
 		p = appendp(p, AI32Const, constAddr(framesize))
@@ -935,6 +937,23 @@ func genWasmExportWrapper(s *obj.LSym, appendp func(p *obj.Prog, as obj.As, args
 		panic("wrapper functions for WASM export should not have a body")
 	}
 
+	// Detect and error out if called before runtime initialization
+	// SP is 0 if not initialized
+	p = appendp(p, AGet, regAddr(REG_SP))
+	p = appendp(p, AI32Eqz)
+	p = appendp(p, AIf)
+	p = appendp(p, ACall, obj.Addr{Type: obj.TYPE_MEM, Name: obj.NAME_EXTERN, Sym: runtimeNotInitialized})
+	p = appendp(p, AEnd)
+
+	// Now that we've checked the SP, generate the prologue
+	if framesize > 0 {
+		p = appendp(p, AGet, regAddr(REG_SP))
+		p = appendp(p, AI32Const, constAddr(framesize))
+		p = appendp(p, AI32Sub)
+		p = appendp(p, ASet, regAddr(REG_SP))
+		p.Spadj = int32(framesize)
+	}
+
 	// Store args
 	for i, f := range we.Params {
 		p = appendp(p, AGet, regAddr(REG_SP))
@@ -1056,6 +1075,7 @@ var notUsePC_B = map[string]bool{
 	"runtime.gcWriteBarrier6": true,
 	"runtime.gcWriteBarrier7": true,
 	"runtime.gcWriteBarrier8": true,
+	"runtime.notInitialized":  true,
 	"runtime.wasmDiv":         true,
 	"runtime.wasmTruncS":      true,
 	"runtime.wasmTruncU":      true,
@@ -1121,7 +1141,8 @@ func assemble(ctxt *obj.Link, s *obj.LSym, newprog obj.ProgAlloc) {
 		"runtime.gcWriteBarrier5",
 		"runtime.gcWriteBarrier6",
 		"runtime.gcWriteBarrier7",
-		"runtime.gcWriteBarrier8":
+		"runtime.gcWriteBarrier8",
+		"runtime.notInitialized":
 		// no locals
 		useAssemblyRegMap()
 	default:

src/cmd/internal/objfile/objfile.go

@@ -119,10 +119,6 @@ func (f *File) DWARF() (*dwarf.Data, error) {
 	return f.entries[0].DWARF()
 }
 
-func (f *File) Disasm() (*Disasm, error) {
-	return f.entries[0].Disasm()
-}
-
 func (e *Entry) Name() string {
 	return e.name
 }
@@ -181,3 +177,9 @@ func (e *Entry) LoadAddress() (uint64, error) {
 func (e *Entry) DWARF() (*dwarf.Data, error) {
 	return e.raw.dwarf()
 }
+
+type Liner interface {
+	// Given a pc, returns the corresponding file, line, and function data.
+	// If unknown, returns "",0,nil.
+	PCToLine(uint64) (string, int, *gosym.Func)
+}

src/cmd/link/doc.go

@@ -118,6 +118,7 @@ Flags:
 		Link with race detection libraries.
 	-s
 		Omit the symbol table and debug information.
+		Implies the -w flag, which can be negated with -w=0.
 	-tmpdir dir
 		Write temporary files to dir.
 		Temporary files are only used in external linking mode.

src/cmd/link/internal/ld/data.go

@@ -55,17 +55,31 @@ import (
 )
 
 // isRuntimeDepPkg reports whether pkg is the runtime package or its dependency.
+// TODO: just compute from the runtime package, and remove this hardcoded list.
 func isRuntimeDepPkg(pkg string) bool {
 	switch pkg {
 	case "runtime",
-		"sync/atomic",          // runtime may call to sync/atomic, due to go:linkname
-		"internal/abi",         // used by reflectcall (and maybe more)
-		"internal/bytealg",     // for IndexByte
+		"sync/atomic",  // runtime may call to sync/atomic, due to go:linkname // TODO: this is not true?
+		"internal/abi", // used by reflectcall (and maybe more)
+		"internal/asan",
+		"internal/bytealg", // for IndexByte
+		"internal/byteorder",
 		"internal/chacha8rand", // for rand
-		"internal/cpu":         // for cpu features
+		"internal/coverage/rtcov",
+		"internal/cpu", // for cpu features
+		"internal/goarch",
+		"internal/godebugs",
+		"internal/goexperiment",
+		"internal/goos",
+		"internal/msan",
+		"internal/profilerecord",
+		"internal/race",
+		"internal/stringslite",
+		"unsafe":
 		return true
 	}
-	return strings.HasPrefix(pkg, "runtime/internal/") && !strings.HasSuffix(pkg, "_test")
+	return (strings.HasPrefix(pkg, "runtime/internal/") || strings.HasPrefix(pkg, "internal/runtime/")) &&
+		!strings.HasSuffix(pkg, "_test")
 }
 
 // Estimate the max size needed to hold any new trampolines created for this function. This
@@ -410,6 +424,9 @@ func (st *relocSymState) relocsym(s loader.Sym, P []byte) {
 				// FIXME: It should be forbidden to have R_ADDR from a
 				// symbol which isn't in .data. However, as .text has the
 				// same address once loaded, this is possible.
+				// TODO: .text (including rodata) to .data relocation
+				// doesn't work correctly, so we should really disallow it.
+				// See also aixStaticDataBase in symtab.go and in runtime.
 				if ldr.SymSect(s).Seg == &Segdata {
 					Xcoffadddynrel(target, ldr, syms, s, r, ri)
 				}

src/cmd/link/internal/ld/dwarf.go

@@ -520,7 +520,7 @@ func (d *dwctxt) defgotype(gotype loader.Sym) loader.Sym {
 		d.linkctxt.Errorf(gotype, "dwarf: type name doesn't start with \"type:\"")
 		return d.mustFind("<unspecified>")
 	}
-	name := sn[5:] // could also decode from Type.string
+	name := sn[len("type:"):] // could also decode from Type.string
 
 	sdie := d.find(name)
 	if sdie != 0 {
@@ -534,7 +534,7 @@ func (d *dwctxt) defgotype(gotype loader.Sym) loader.Sym {
 
 func (d *dwctxt) newtype(gotype loader.Sym) *dwarf.DWDie {
 	sn := d.ldr.SymName(gotype)
-	name := sn[5:] // could also decode from Type.string
+	name := sn[len("type:"):] // could also decode from Type.string
 	tdata := d.ldr.Data(gotype)
 	if len(tdata) == 0 {
 		d.linkctxt.Errorf(gotype, "missing type")

src/cmd/link/internal/ld/symtab.go

@@ -707,6 +707,17 @@ func (ctxt *Link) symtab(pcln *pclntab) []sym.SymKind {
 		// except go:buildid which is generated late and not used by the program.
 		addRef("go:buildid")
 	}
+	if ctxt.IsAIX() {
+		// On AIX, an R_ADDR relocation from an RODATA symbol to a DATA symbol
+		// does not work. See data.go:relocsym, case R_ADDR.
+		// Here we record the unrelocated address in aixStaticDataBase (it is
+		// unrelocated as it is in RODATA) so we can compute the delta at
+		// run time.
+		sb := ldr.CreateSymForUpdate("runtime.aixStaticDataBase", 0)
+		sb.SetSize(0)
+		sb.AddAddr(ctxt.Arch, ldr.Lookup("runtime.data", 0))
+		sb.SetType(sym.SRODATA)
+	}
 
 	// text section information
 	slice(textsectionmapSym, uint64(nsections))

src/cmd/link/internal/loader/loader.go

@@ -2338,6 +2338,45 @@ var blockedLinknames = map[string][]string{
 	"runtime.newcoro":    {"iter"},
 	// fips info
 	"go:fipsinfo": {"crypto/internal/fips140/check"},
+	// New internal linknames in Go 1.24
+	// Pushed from runtime
+	"crypto/internal/fips140.fatal":         {"crypto/internal/fips140"},
+	"crypto/internal/fips140.getIndicator":  {"crypto/internal/fips140"},
+	"crypto/internal/fips140.setIndicator":  {"crypto/internal/fips140"},
+	"crypto/internal/sysrand.fatal":         {"crypto/internal/sysrand"},
+	"crypto/rand.fatal":                     {"crypto/rand"},
+	"internal/runtime/maps.errNilAssign":    {"internal/runtime/maps"},
+	"internal/runtime/maps.fatal":           {"internal/runtime/maps"},
+	"internal/runtime/maps.mapKeyError":     {"internal/runtime/maps"},
+	"internal/runtime/maps.newarray":        {"internal/runtime/maps"},
+	"internal/runtime/maps.newobject":       {"internal/runtime/maps"},
+	"internal/runtime/maps.typedmemclr":     {"internal/runtime/maps"},
+	"internal/runtime/maps.typedmemmove":    {"internal/runtime/maps"},
+	"internal/sync.fatal":                   {"internal/sync"},
+	"internal/sync.runtime_canSpin":         {"internal/sync"},
+	"internal/sync.runtime_doSpin":          {"internal/sync"},
+	"internal/sync.runtime_nanotime":        {"internal/sync"},
+	"internal/sync.runtime_Semrelease":      {"internal/sync"},
+	"internal/sync.runtime_SemacquireMutex": {"internal/sync"},
+	"internal/sync.throw":                   {"internal/sync"},
+	"internal/synctest.Run":                 {"internal/synctest"},
+	"internal/synctest.Wait":                {"internal/synctest"},
+	"internal/synctest.acquire":             {"internal/synctest"},
+	"internal/synctest.release":             {"internal/synctest"},
+	"internal/synctest.inBubble":            {"internal/synctest"},
+	"runtime.getStaticuint64s":              {"reflect"},
+	"sync.runtime_SemacquireWaitGroup":      {"sync"},
+	"time.runtimeNow":                       {"time"},
+	"time.runtimeNano":                      {"time"},
+	// Pushed to runtime from internal/runtime/maps
+	// (other map functions are already linknamed in Go 1.23)
+	"runtime.mapaccess1":         {"runtime"},
+	"runtime.mapaccess1_fast32":  {"runtime"},
+	"runtime.mapaccess1_fast64":  {"runtime"},
+	"runtime.mapaccess1_faststr": {"runtime"},
+	"runtime.mapdelete_fast32":   {"runtime"},
+	"runtime.mapdelete_fast64":   {"runtime"},
+	"runtime.mapdelete_faststr":  {"runtime"},
 }
 
 // check if a linkname reference to symbol s from pkg is allowed
@@ -2355,6 +2394,16 @@ func (l *Loader) checkLinkname(pkg, name string, s Sym) {
 			if pkg == p {
 				return // pkg is allowed
 			}
+			// crypto/internal/fips140/vX.Y.Z/... is the frozen version of
+			// crypto/internal/fips140/... and is similarly allowed.
+			if strings.HasPrefix(pkg, "crypto/internal/fips140/v") {
+				parts := strings.Split(pkg, "/")
+				parts = append(parts[:3], parts[4:]...)
+				pkg := strings.Join(parts, "/")
+				if pkg == p {
+					return
+				}
+			}
 		}
 		error()
 	}