[release-branch.go1.22] go1.22.1

Change-Id: I9db641e2a029c4c9fa72d7b423b2b6b7f113d9a2
Reviewed-on: https://go-review.googlesource.com/c/go/+/569257
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Gopher Robot <gobot@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>

VERSION

@@ -0,0 +1,2 @@
+go1.22.1
+time 2024-02-29T18:18:48Z

api/go1.22.txt

@@ -1,13 +1,4 @@
 pkg archive/tar, method (*Writer) AddFS(fs.FS) error #58000
-pkg archive/tar, type FileInfoNames interface { Gname, IsDir, ModTime, Mode, Name, Size, Sys, Uname } #50102
-pkg archive/tar, type FileInfoNames interface, Gname(int) (string, error) #50102
-pkg archive/tar, type FileInfoNames interface, IsDir() bool #50102
-pkg archive/tar, type FileInfoNames interface, ModTime() time.Time #50102
-pkg archive/tar, type FileInfoNames interface, Mode() fs.FileMode #50102
-pkg archive/tar, type FileInfoNames interface, Name() string #50102
-pkg archive/tar, type FileInfoNames interface, Size() int64 #50102
-pkg archive/tar, type FileInfoNames interface, Sys() interface{} #50102
-pkg archive/tar, type FileInfoNames interface, Uname(int) (string, error) #50102
 pkg archive/zip, method (*Writer) AddFS(fs.FS) error #54898
 pkg cmp, func Or[$0 comparable](...$0) $0 #60204
 pkg crypto/x509, func OIDFromInts([]uint64) (OID, error) #60665

codereview.cfg

@@ -1 +1,2 @@
-branch: master
+branch: release-branch.go1.22
+parent-branch: master

doc/go_spec.html

@@ -1,6 +1,6 @@
 <!--{
 	"Title": "The Go Programming Language Specification",
-	"Subtitle": "Version of Dec 27, 2023",
+	"Subtitle": "Language version go1.22 (Feb 6, 2024)",
 	"Path": "/ref/spec"
 }-->
 
@@ -6661,7 +6661,7 @@ array or slice  a  [n]E, *[n]E, or []E    index    i  int    a[i]       E
 string          s  string type            index    i  int    see below  rune
 map             m  map[K]V                key      k  K      m[k]       V
 channel         c  chan E, &lt;-chan E       element  e  E
-integer         n  integer type I         value    i  I
+integer         n  integer type           value    i  see below
 </pre>
 
 <ol>
@@ -6703,26 +6703,33 @@ is <code>nil</code>, the range expression blocks forever.
 
 <li>
 For an integer value <code>n</code>, the iteration values 0 through <code>n-1</code>
-are produced in increasing order, with the same type as <code>n</code>.
+are produced in increasing order.
 If <code>n</code> &lt= 0, the loop does not run any iterations.
 </li>
 </ol>
 
-<p>
-The iteration values are assigned to the respective
-iteration variables as in an <a href="#Assignment_statements">assignment statement</a>.
-</p>
-
 <p>
 The iteration variables may be declared by the "range" clause using a form of
 <a href="#Short_variable_declarations">short variable declaration</a>
 (<code>:=</code>).
-In this case their types are set to the types of the respective iteration values
-and their <a href="#Declarations_and_scope">scope</a> is the block of the "for" statement;
-each iteration has its own separate variables [<a href="#Go_1.22">Go 1.22</a>]
+In this case their <a href="#Declarations_and_scope">scope</a> is the block of the "for" statement
+and each iteration has its own new variables [<a href="#Go_1.22">Go 1.22</a>]
 (see also <a href="#For_clause">"for" statements with a ForClause</a>).
-If the iteration variables are declared outside the “for” statement,
-after execution their values will be those of the last iteration.
+If the range expression is a (possibly untyped) integer expression <code>n</code>,
+the variable has the same type as if it was
+<a href="#Variable_declarations">declared</a> with initialization
+expression <code>n</code>.
+Otherwise, the variables have the types of their respective iteration values.
+</p>
+
+<p>
+If the iteration variables are not explicitly declared by the "range" clause,
+they must be preexisting.
+In this case, the iteration values are assigned to the respective variables
+as in an <a href="#Assignment_statements">assignment statement</a>.
+If the range expression is a (possibly untyped) integer expression <code>n</code>,
+<code>n</code> too must be <a href="#Assignability">assignable</a> to the iteration variable;
+if there is no iteration variable, <code>n</code> must be assignable to <code>int</code>.
 </p>
 
 <pre>
@@ -6765,6 +6772,11 @@ for i := range 10 {
 	// type of i is int (default type for untyped constant 10)
 	f(i)
 }
+
+// invalid: 256 cannot be assigned to uint8
+var u uint8
+for u = range 256 {
+}
 </pre>
 
 

src/archive/tar/common.go

@@ -614,8 +614,6 @@ func (fi headerFileInfo) String() string {
 // sysStat, if non-nil, populates h from system-dependent fields of fi.
 var sysStat func(fi fs.FileInfo, h *Header) error
 
-var loadUidAndGid func(fi fs.FileInfo, uid, gid *int)
-
 const (
 	// Mode constants from the USTAR spec:
 	// See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06
@@ -641,10 +639,6 @@ const (
 // Since fs.FileInfo's Name method only returns the base name of
 // the file it describes, it may be necessary to modify Header.Name
 // to provide the full path name of the file.
-//
-// If fi implements [FileInfoNames]
-// the Gname and Uname of the header are
-// provided by the methods of the interface.
 func FileInfoHeader(fi fs.FileInfo, link string) (*Header, error) {
 	if fi == nil {
 		return nil, errors.New("archive/tar: FileInfo is nil")
@@ -717,38 +711,12 @@ func FileInfoHeader(fi fs.FileInfo, link string) (*Header, error) {
 			}
 		}
 	}
-	if iface, ok := fi.(FileInfoNames); ok {
-		var err error
-		if loadUidAndGid != nil {
-			loadUidAndGid(fi, &h.Uid, &h.Gid)
-		}
-		h.Gname, err = iface.Gname(h.Gid)
-		if err != nil {
-			return nil, err
-		}
-		h.Uname, err = iface.Uname(h.Uid)
-		if err != nil {
-			return nil, err
-		}
-		return h, nil
-	}
 	if sysStat != nil {
 		return h, sysStat(fi, h)
 	}
 	return h, nil
 }
 
-// FileInfoNames extends [FileInfo] to translate UID/GID to names.
-// Passing an instance of this to [FileInfoHeader] permits the caller
-// to control UID/GID resolution.
-type FileInfoNames interface {
-	fs.FileInfo
-	// Uname should translate a UID into a user name.
-	Uname(uid int) (string, error)
-	// Gname should translate a GID into a group name.
-	Gname(gid int) (string, error)
-}
-
 // isHeaderOnlyType checks if the given type flag is of the type that has no
 // data section even if a size is specified.
 func isHeaderOnlyType(flag byte) bool {

src/archive/tar/stat_unix.go

@@ -17,7 +17,6 @@ import (
 
 func init() {
 	sysStat = statUnix
-	loadUidAndGid = loadUidAndGidFunc
 }
 
 // userMap and groupMap caches UID and GID lookups for performance reasons.
@@ -100,12 +99,3 @@ func statUnix(fi fs.FileInfo, h *Header) error {
 	}
 	return nil
 }
-
-func loadUidAndGidFunc(fi fs.FileInfo, uid, gid *int) {
-	sys, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return
-	}
-	*uid = int(sys.Uid)
-	*gid = int(sys.Gid)
-}

src/archive/tar/tar_test.go

@@ -848,71 +848,3 @@ func Benchmark(b *testing.B) {
 	})
 
 }
-
-const (
-	testUid = 10
-	testGid = 20
-)
-
-type fileInfoNames struct{}
-
-func (f *fileInfoNames) Name() string {
-	return "tmp"
-}
-
-func (f *fileInfoNames) Size() int64 {
-	return 0
-}
-
-func (f *fileInfoNames) Mode() fs.FileMode {
-	return 0777
-}
-
-func (f *fileInfoNames) ModTime() time.Time {
-	return time.Time{}
-}
-
-func (f *fileInfoNames) IsDir() bool {
-	return false
-}
-
-func (f *fileInfoNames) Sys() any {
-	return nil
-}
-
-func (f *fileInfoNames) Uname(uid int) (string, error) {
-	if uid == testUid {
-		return "Uname", nil
-	}
-	return "", nil
-}
-
-func (f *fileInfoNames) Gname(gid int) (string, error) {
-	if gid == testGid {
-		return "Gname", nil
-	}
-	return "", nil
-}
-
-func TestFileInfoHeaderUseFileInfoNames(t *testing.T) {
-	origLoadUidAndGid := loadUidAndGid
-	defer func() {
-		loadUidAndGid = origLoadUidAndGid
-	}()
-	loadUidAndGid = func(fi fs.FileInfo, uid, gid *int) {
-		*uid = testUid
-		*gid = testGid
-	}
-
-	info := &fileInfoNames{}
-	header, err := FileInfoHeader(info, "")
-	if err != nil {
-		t.Fatal(err)
-	}
-	if header.Uname != "Uname" {
-		t.Fatalf("header.Uname: got %v, want %v", header.Uname, "Uname")
-	}
-	if header.Gname != "Gname" {
-		t.Fatalf("header.Gname: got %v, want %v", header.Gname, "Gname")
-	}
-}

src/cmd/cgo/internal/test/seh_internal_windows_test.go

@@ -0,0 +1,16 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build cgo && windows && internal
+
+package cgotest
+
+import (
+	"internal/testenv"
+	"testing"
+)
+
+func TestCallbackCallersSEH(t *testing.T) {
+	testenv.SkipFlaky(t, 65116)
+}

src/cmd/cgo/internal/test/seh_windows_test.go

@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-//go:build cgo && windows
+//go:build cgo && windows && !internal
 
 package cgotest
 

src/cmd/cgo/internal/testsanitizers/cc_test.go

@@ -16,8 +16,10 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"internal/testenv"
 	"os"
 	"os/exec"
+	"os/user"
 	"path/filepath"
 	"regexp"
 	"strconv"
@@ -266,12 +268,28 @@ func compilerSupportsLocation() bool {
 	case "gcc":
 		return compiler.major >= 10
 	case "clang":
+		// TODO(65606): The clang toolchain on the LUCI builders is not built against
+		// zlib, the ASAN runtime can't actually symbolize its own stack trace. Once
+		// this is resolved, one way or another, switch this back to 'true'. We still
+		// have coverage from the 'gcc' case above.
+		if inLUCIBuild() {
+			return false
+		}
 		return true
 	default:
 		return false
 	}
 }
 
+// inLUCIBuild returns true if we're currently executing in a LUCI build.
+func inLUCIBuild() bool {
+	u, err := user.Current()
+	if err != nil {
+		return false
+	}
+	return testenv.Builder() != "" && u.Username == "swarming"
+}
+
 // compilerRequiredTsanVersion reports whether the compiler is the version required by Tsan.
 // Only restrictions for ppc64le are known; otherwise return true.
 func compilerRequiredTsanVersion(goos, goarch string) bool {

src/cmd/compile/internal/noder/reader.go

@@ -663,9 +663,24 @@ func (pr *pkgReader) objInstIdx(info objInfo, dict *readerDict, shaped bool) ir.
 }
 
 // objIdx returns the specified object, instantiated with the given
-// type arguments, if any. If shaped is true, then the shaped variant
-// of the object is returned instead.
+// type arguments, if any.
+// If shaped is true, then the shaped variant of the object is returned
+// instead.
 func (pr *pkgReader) objIdx(idx pkgbits.Index, implicits, explicits []*types.Type, shaped bool) ir.Node {
+	n, err := pr.objIdxMayFail(idx, implicits, explicits, shaped)
+	if err != nil {
+		base.Fatalf("%v", err)
+	}
+	return n
+}
+
+// objIdxMayFail is equivalent to objIdx, but returns an error rather than
+// failing the build if this object requires type arguments and the incorrect
+// number of type arguments were passed.
+//
+// Other sources of internal failure (such as duplicate definitions) still fail
+// the build.
+func (pr *pkgReader) objIdxMayFail(idx pkgbits.Index, implicits, explicits []*types.Type, shaped bool) (ir.Node, error) {
 	rname := pr.newReader(pkgbits.RelocName, idx, pkgbits.SyncObject1)
 	_, sym := rname.qualifiedIdent()
 	tag := pkgbits.CodeObj(rname.Code(pkgbits.SyncCodeObj))
@@ -674,22 +689,25 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index, implicits, explicits []*types.Typ
 		assert(!sym.IsBlank())
 		switch sym.Pkg {
 		case types.BuiltinPkg, types.UnsafePkg:
-			return sym.Def.(ir.Node)
+			return sym.Def.(ir.Node), nil
 		}
 		if pri, ok := objReader[sym]; ok {
-			return pri.pr.objIdx(pri.idx, nil, explicits, shaped)
+			return pri.pr.objIdxMayFail(pri.idx, nil, explicits, shaped)
 		}
 		if sym.Pkg.Path == "runtime" {
-			return typecheck.LookupRuntime(sym.Name)
+			return typecheck.LookupRuntime(sym.Name), nil
 		}
 		base.Fatalf("unresolved stub: %v", sym)
 	}
 
-	dict := pr.objDictIdx(sym, idx, implicits, explicits, shaped)
+	dict, err := pr.objDictIdx(sym, idx, implicits, explicits, shaped)
+	if err != nil {
+		return nil, err
+	}
 
 	sym = dict.baseSym
 	if !sym.IsBlank() && sym.Def != nil {
-		return sym.Def.(*ir.Name)
+		return sym.Def.(*ir.Name), nil
 	}
 
 	r := pr.newReader(pkgbits.RelocObj, idx, pkgbits.SyncObject1)
@@ -725,7 +743,7 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index, implicits, explicits []*types.Typ
 		name := do(ir.OTYPE, false)
 		setType(name, r.typ())
 		name.SetAlias(true)
-		return name
+		return name, nil
 
 	case pkgbits.ObjConst:
 		name := do(ir.OLITERAL, false)
@@ -733,7 +751,7 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index, implicits, explicits []*types.Typ
 		val := FixValue(typ, r.Value())
 		setType(name, typ)
 		setValue(name, val)
-		return name
+		return name, nil
 
 	case pkgbits.ObjFunc:
 		if sym.Name == "init" {
@@ -768,7 +786,7 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index, implicits, explicits []*types.Typ
 		}
 
 		rext.funcExt(name, nil)
-		return name
+		return name, nil
 
 	case pkgbits.ObjType:
 		name := do(ir.OTYPE, true)
@@ -805,13 +823,13 @@ func (pr *pkgReader) objIdx(idx pkgbits.Index, implicits, explicits []*types.Typ
 			r.needWrapper(typ)
 		}
 
-		return name
+		return name, nil
 
 	case pkgbits.ObjVar:
 		name := do(ir.ONAME, false)
 		setType(name, r.typ())
 		rext.varExt(name)
-		return name
+		return name, nil
 	}
 }
 
@@ -908,7 +926,7 @@ func shapify(targ *types.Type, basic bool) *types.Type {
 }
 
 // objDictIdx reads and returns the specified object dictionary.
-func (pr *pkgReader) objDictIdx(sym *types.Sym, idx pkgbits.Index, implicits, explicits []*types.Type, shaped bool) *readerDict {
+func (pr *pkgReader) objDictIdx(sym *types.Sym, idx pkgbits.Index, implicits, explicits []*types.Type, shaped bool) (*readerDict, error) {
 	r := pr.newReader(pkgbits.RelocObjDict, idx, pkgbits.SyncObject1)
 
 	dict := readerDict{
@@ -919,7 +937,7 @@ func (pr *pkgReader) objDictIdx(sym *types.Sym, idx pkgbits.Index, implicits, ex
 	nexplicits := r.Len()
 
 	if nimplicits > len(implicits) || nexplicits != len(explicits) {
-		base.Fatalf("%v has %v+%v params, but instantiated with %v+%v args", sym, nimplicits, nexplicits, len(implicits), len(explicits))
+		return nil, fmt.Errorf("%v has %v+%v params, but instantiated with %v+%v args", sym, nimplicits, nexplicits, len(implicits), len(explicits))
 	}
 
 	dict.targs = append(implicits[:nimplicits:nimplicits], explicits...)
@@ -984,7 +1002,7 @@ func (pr *pkgReader) objDictIdx(sym *types.Sym, idx pkgbits.Index, implicits, ex
 		dict.itabs[i] = itabInfo{typ: r.typInfo(), iface: r.typInfo()}
 	}
 
-	return &dict
+	return &dict, nil
 }
 
 func (r *reader) typeParamNames() {
@@ -2529,7 +2547,10 @@ func (pr *pkgReader) objDictName(idx pkgbits.Index, implicits, explicits []*type
 		base.Fatalf("unresolved stub: %v", sym)
 	}
 
-	dict := pr.objDictIdx(sym, idx, implicits, explicits, false)
+	dict, err := pr.objDictIdx(sym, idx, implicits, explicits, false)
+	if err != nil {
+		base.Fatalf("%v", err)
+	}
 
 	return pr.dictNameOf(dict)
 }

src/cmd/compile/internal/noder/unified.go

@@ -80,7 +80,11 @@ func lookupFunction(pkg *types.Pkg, symName string) (*ir.Func, error) {
 		return nil, fmt.Errorf("func sym %v missing objReader", sym)
 	}
 
-	name := pri.pr.objIdx(pri.idx, nil, nil, false).(*ir.Name)
+	node, err := pri.pr.objIdxMayFail(pri.idx, nil, nil, false)
+	if err != nil {
+		return nil, fmt.Errorf("func sym %v lookup error: %w", sym, err)
+	}
+	name := node.(*ir.Name)
 	if name.Op() != ir.ONAME || name.Class != ir.PFUNC {
 		return nil, fmt.Errorf("func sym %v refers to non-function name: %v", sym, name)
 	}
@@ -105,7 +109,11 @@ func lookupMethod(pkg *types.Pkg, symName string) (*ir.Func, error) {
 		return nil, fmt.Errorf("type sym %v missing objReader", typ)
 	}
 
-	name := pri.pr.objIdx(pri.idx, nil, nil, false).(*ir.Name)
+	node, err := pri.pr.objIdxMayFail(pri.idx, nil, nil, false)
+	if err != nil {
+		return nil, fmt.Errorf("func sym %v lookup error: %w", typ, err)
+	}
+	name := node.(*ir.Name)
 	if name.Op() != ir.OTYPE {
 		return nil, fmt.Errorf("type sym %v refers to non-type name: %v", typ, name)
 	}

src/cmd/compile/internal/ssa/rewrite.go

@@ -2131,8 +2131,8 @@ func logicFlags32(x int32) flagConstant {
 
 func makeJumpTableSym(b *Block) *obj.LSym {
 	s := base.Ctxt.Lookup(fmt.Sprintf("%s.jump%d", b.Func.fe.Func().LSym.Name, b.ID))
-	s.Set(obj.AttrDuplicateOK, true)
-	s.Set(obj.AttrLocal, true)
+	// The jump table symbol is accessed only from the function symbol.
+	s.Set(obj.AttrStatic, true)
 	return s
 }
 

src/cmd/compile/internal/test/pgo_devirtualize_test.go

@@ -14,8 +14,13 @@ import (
 	"testing"
 )
 
+type devirtualization struct {
+	pos    string
+	callee string
+}
+
 // testPGODevirtualize tests that specific PGO devirtualize rewrites are performed.
-func testPGODevirtualize(t *testing.T, dir string) {
+func testPGODevirtualize(t *testing.T, dir string, want []devirtualization) {
 	testenv.MustHaveGoRun(t)
 	t.Parallel()
 
@@ -23,7 +28,7 @@ func testPGODevirtualize(t *testing.T, dir string) {
 
 	// Add a go.mod so we have a consistent symbol names in this temp dir.
 	goMod := fmt.Sprintf(`module %s
-go 1.19
+go 1.21
 `, pkg)
 	if err := os.WriteFile(filepath.Join(dir, "go.mod"), []byte(goMod), 0644); err != nil {
 		t.Fatalf("error writing go.mod: %v", err)
@@ -60,51 +65,6 @@ go 1.19
 		t.Fatalf("error starting go test: %v", err)
 	}
 
-	type devirtualization struct {
-		pos    string
-		callee string
-	}
-
-	want := []devirtualization{
-		// ExerciseIface
-		{
-			pos:    "./devirt.go:101:20",
-			callee: "mult.Mult.Multiply",
-		},
-		{
-			pos:    "./devirt.go:101:39",
-			callee: "Add.Add",
-		},
-		// ExerciseFuncConcrete
-		{
-			pos:    "./devirt.go:173:36",
-			callee: "AddFn",
-		},
-		{
-			pos:    "./devirt.go:173:15",
-			callee: "mult.MultFn",
-		},
-		// ExerciseFuncField
-		{
-			pos:    "./devirt.go:207:35",
-			callee: "AddFn",
-		},
-		{
-			pos:    "./devirt.go:207:19",
-			callee: "mult.MultFn",
-		},
-		// ExerciseFuncClosure
-		// TODO(prattmic): Closure callees not implemented.
-		//{
-		//	pos:    "./devirt.go:249:27",
-		//	callee: "AddClosure.func1",
-		//},
-		//{
-		//	pos:    "./devirt.go:249:15",
-		//	callee: "mult.MultClosure.func1",
-		//},
-	}
-
 	got := make(map[devirtualization]struct{})
 
 	devirtualizedLine := regexp.MustCompile(`(.*): PGO devirtualizing \w+ call .* to (.*)`)
@@ -172,5 +132,130 @@ func TestPGODevirtualize(t *testing.T) {
 		}
 	}
 
-	testPGODevirtualize(t, dir)
+	want := []devirtualization{
+		// ExerciseIface
+		{
+			pos:    "./devirt.go:101:20",
+			callee: "mult.Mult.Multiply",
+		},
+		{
+			pos:    "./devirt.go:101:39",
+			callee: "Add.Add",
+		},
+		// ExerciseFuncConcrete
+		{
+			pos:    "./devirt.go:173:36",
+			callee: "AddFn",
+		},
+		{
+			pos:    "./devirt.go:173:15",
+			callee: "mult.MultFn",
+		},
+		// ExerciseFuncField
+		{
+			pos:    "./devirt.go:207:35",
+			callee: "AddFn",
+		},
+		{
+			pos:    "./devirt.go:207:19",
+			callee: "mult.MultFn",
+		},
+		// ExerciseFuncClosure
+		// TODO(prattmic): Closure callees not implemented.
+		//{
+		//	pos:    "./devirt.go:249:27",
+		//	callee: "AddClosure.func1",
+		//},
+		//{
+		//	pos:    "./devirt.go:249:15",
+		//	callee: "mult.MultClosure.func1",
+		//},
+	}
+
+	testPGODevirtualize(t, dir, want)
+}
+
+// Regression test for https://go.dev/issue/65615. If a target function changes
+// from non-generic to generic we can't devirtualize it (don't know the type
+// parameters), but the compiler should not crash.
+func TestLookupFuncGeneric(t *testing.T) {
+	wd, err := os.Getwd()
+	if err != nil {
+		t.Fatalf("error getting wd: %v", err)
+	}
+	srcDir := filepath.Join(wd, "testdata", "pgo", "devirtualize")
+
+	// Copy the module to a scratch location so we can add a go.mod.
+	dir := t.TempDir()
+	if err := os.Mkdir(filepath.Join(dir, "mult.pkg"), 0755); err != nil {
+		t.Fatalf("error creating dir: %v", err)
+	}
+	for _, file := range []string{"devirt.go", "devirt_test.go", "devirt.pprof", filepath.Join("mult.pkg", "mult.go")} {
+		if err := copyFile(filepath.Join(dir, file), filepath.Join(srcDir, file)); err != nil {
+			t.Fatalf("error copying %s: %v", file, err)
+		}
+	}
+
+	// Change MultFn from a concrete function to a parameterized function.
+	if err := convertMultToGeneric(filepath.Join(dir, "mult.pkg", "mult.go")); err != nil {
+		t.Fatalf("error editing mult.go: %v", err)
+	}
+
+	// Same as TestPGODevirtualize except for MultFn, which we cannot
+	// devirtualize to because it has become generic.
+	//
+	// Note that the important part of this test is that the build is
+	// successful, not the specific devirtualizations.
+	want := []devirtualization{
+		// ExerciseIface
+		{
+			pos:    "./devirt.go:101:20",
+			callee: "mult.Mult.Multiply",
+		},
+		{
+			pos:    "./devirt.go:101:39",
+			callee: "Add.Add",
+		},
+		// ExerciseFuncConcrete
+		{
+			pos:    "./devirt.go:173:36",
+			callee: "AddFn",
+		},
+		// ExerciseFuncField
+		{
+			pos:    "./devirt.go:207:35",
+			callee: "AddFn",
+		},
+		// ExerciseFuncClosure
+		// TODO(prattmic): Closure callees not implemented.
+		//{
+		//	pos:    "./devirt.go:249:27",
+		//	callee: "AddClosure.func1",
+		//},
+		//{
+		//	pos:    "./devirt.go:249:15",
+		//	callee: "mult.MultClosure.func1",
+		//},
+	}
+
+	testPGODevirtualize(t, dir, want)
+}
+
+var multFnRe = regexp.MustCompile(`func MultFn\(a, b int64\) int64`)
+
+func convertMultToGeneric(path string) error {
+	content, err := os.ReadFile(path)
+	if err != nil {
+		return fmt.Errorf("error opening: %w", err)
+	}
+
+	if !multFnRe.Match(content) {
+		return fmt.Errorf("MultFn not found; update regexp?")
+	}
+
+	// Users of MultFn shouldn't need adjustment, type inference should
+	// work OK.
+	content = multFnRe.ReplaceAll(content, []byte(`func MultFn[T int32|int64](a, b T) T`))
+
+	return os.WriteFile(path, content, 0644)
 }

src/cmd/compile/internal/types/goversion.go

@@ -34,7 +34,7 @@ func AllowsGoVersion(major, minor int) bool {
 }
 
 // ParseLangFlag verifies that the -lang flag holds a valid value, and
-// exits if not. It initializes data used by langSupported.
+// exits if not. It initializes data used by AllowsGoVersion.
 func ParseLangFlag() {
 	if base.Flag.Lang == "" {
 		return
@@ -59,6 +59,10 @@ func ParseLangFlag() {
 
 // parseLang parses a -lang option into a langVer.
 func parseLang(s string) (lang, error) {
+	if s == "go1" { // cmd/go's new spelling of "go1.0" (#65528)
+		s = "go1.0"
+	}
+
 	matches := goVersionRE.FindStringSubmatch(s)
 	if matches == nil {
 		return lang{}, fmt.Errorf(`should be something like "go1.12"`)

src/cmd/compile/internal/types2/alias.go

@@ -21,11 +21,14 @@ type Alias struct {
 // NewAlias creates a new Alias type with the given type name and rhs.
 // rhs must not be nil.
 func NewAlias(obj *TypeName, rhs Type) *Alias {
-	return (*Checker)(nil).newAlias(obj, rhs)
+	alias := (*Checker)(nil).newAlias(obj, rhs)
+	// Ensure that alias.actual is set (#65455).
+	unalias(alias)
+	return alias
 }
 
 func (a *Alias) Obj() *TypeName   { return a.obj }
-func (a *Alias) Underlying() Type { return a.actual.Underlying() }
+func (a *Alias) Underlying() Type { return unalias(a).Underlying() }
 func (a *Alias) String() string   { return TypeString(a, nil) }
 
 // Type accessors
@@ -36,24 +39,26 @@ func (a *Alias) String() string   { return TypeString(a, nil) }
 // Consequently, the result is never an alias type.
 func Unalias(t Type) Type {
 	if a0, _ := t.(*Alias); a0 != nil {
-		if a0.actual != nil {
-			return a0.actual
-		}
-		for a := a0; ; {
-			t = a.fromRHS
-			a, _ = t.(*Alias)
-			if a == nil {
-				break
-			}
-		}
-		if t == nil {
-			panic(fmt.Sprintf("non-terminated alias %s", a0.obj.name))
-		}
-		a0.actual = t
+		return unalias(a0)
 	}
 	return t
 }
 
+func unalias(a0 *Alias) Type {
+	if a0.actual != nil {
+		return a0.actual
+	}
+	var t Type
+	for a := a0; a != nil; a, _ = t.(*Alias) {
+		t = a.fromRHS
+	}
+	if t == nil {
+		panic(fmt.Sprintf("non-terminated alias %s", a0.obj.name))
+	}
+	a0.actual = t
+	return t
+}
+
 // asNamed returns t as *Named if that is t's
 // actual type. It returns nil otherwise.
 func asNamed(t Type) *Named {

src/cmd/compile/internal/types2/api_test.go

@@ -2195,6 +2195,12 @@ func TestIssue61737(t *testing.T) {
 	iface.NumMethods() // unlike go/types, there is no Complete() method, so we complete implicitly
 }
 
+func TestNewAlias_Issue65455(t *testing.T) {
+	obj := NewTypeName(nopos, nil, "A", nil)
+	alias := NewAlias(obj, Typ[Int])
+	alias.Underlying() // must not panic
+}
+
 func TestIssue15305(t *testing.T) {
 	const src = "package p; func f() int16; var _ = f(undef)"
 	f := mustParse(src)

src/cmd/go/internal/generate/generate.go

@@ -181,6 +181,8 @@ func init() {
 }
 
 func runGenerate(ctx context.Context, cmd *base.Command, args []string) {
+	modload.InitWorkfile()
+
 	if generateRunFlag != "" {
 		var err error
 		generateRunRE, err = regexp.Compile(generateRunFlag)

src/cmd/go/internal/modcmd/verify.go

@@ -61,7 +61,7 @@ func runVerify(ctx context.Context, cmd *base.Command, args []string) {
 	if err != nil {
 		base.Fatal(err)
 	}
-	mods := mg.BuildList()[modload.MainModules.Len():]
+	mods := mg.BuildList()
 	// Use a slice of result channels, so that the output is deterministic.
 	errsChans := make([]<-chan []error, len(mods))
 
@@ -94,6 +94,9 @@ func verifyMod(ctx context.Context, mod module.Version) []error {
 		// "go" and "toolchain" have no disk footprint; nothing to verify.
 		return nil
 	}
+	if modload.MainModules.Contains(mod.Path) {
+		return nil
+	}
 	var errs []error
 	zip, zipErr := modfetch.CachePath(ctx, mod, "zip")
 	if zipErr == nil {

src/cmd/go/internal/toolchain/select.go

@@ -8,6 +8,7 @@ package toolchain
 import (
 	"context"
 	"errors"
+	"flag"
 	"fmt"
 	"go/build"
 	"io/fs"
@@ -24,6 +25,7 @@ import (
 	"cmd/go/internal/modfetch"
 	"cmd/go/internal/modload"
 	"cmd/go/internal/run"
+	"cmd/go/internal/work"
 
 	"golang.org/x/mod/module"
 )
@@ -486,74 +488,132 @@ func goInstallVersion() bool {
 	// Note: We assume there are no flags between 'go' and 'install' or 'run'.
 	// During testing there are some debugging flags that are accepted
 	// in that position, but in production go binaries there are not.
-	if len(os.Args) < 3 || (os.Args[1] != "install" && os.Args[1] != "run") {
+	if len(os.Args) < 3 {
 		return false
 	}
 
-	// Check for pkg@version.
-	var arg string
+	var cmdFlags *flag.FlagSet
 	switch os.Args[1] {
 	default:
+		// Command doesn't support a pkg@version as the main module.
 		return false
 	case "install":
-		// We would like to let 'go install -newflag pkg@version' work even
-		// across a toolchain switch. To make that work, assume the pkg@version
-		// is the last argument and skip the flag parsing.
-		arg = os.Args[len(os.Args)-1]
+		cmdFlags = &work.CmdInstall.Flag
 	case "run":
-		// For run, the pkg@version can be anywhere on the command line,
-		// because it is preceded by run flags and followed by arguments to the
-		// program being run. To handle that precisely, we have to interpret the
-		// flags a little bit, to know whether each flag takes an optional argument.
-		// We can still allow unknown flags as long as they have an explicit =value.
-		args := os.Args[2:]
-		for i := 0; i < len(args); i++ {
-			a := args[i]
-			if !strings.HasPrefix(a, "-") {
-				arg = a
-				break
-			}
-			if a == "-" {
-				// non-flag but also non-pkg@version
+		cmdFlags = &run.CmdRun.Flag
+	}
+
+	// The modcachrw flag is unique, in that it affects how we fetch the
+	// requested module to even figure out what toolchain it needs.
+	// We need to actually set it before we check the toolchain version.
+	// (See https://go.dev/issue/64282.)
+	modcacherwFlag := cmdFlags.Lookup("modcacherw")
+	if modcacherwFlag == nil {
+		base.Fatalf("internal error: modcacherw flag not registered for command")
+	}
+	modcacherwVal, ok := modcacherwFlag.Value.(interface {
+		IsBoolFlag() bool
+		flag.Value
+	})
+	if !ok || !modcacherwVal.IsBoolFlag() {
+		base.Fatalf("internal error: modcacherw is not a boolean flag")
+	}
+
+	// Make a best effort to parse the command's args to find the pkg@version
+	// argument and the -modcacherw flag.
+	var (
+		pkgArg         string
+		modcacherwSeen bool
+	)
+	for args := os.Args[2:]; len(args) > 0; {
+		a := args[0]
+		args = args[1:]
+		if a == "--" {
+			if len(args) == 0 {
 				return false
 			}
-			if a == "--" {
-				if i+1 >= len(args) {
-					return false
+			pkgArg = args[0]
+			break
+		}
+
+		a, ok := strings.CutPrefix(a, "-")
+		if !ok {
+			// Not a flag argument. Must be a package.
+			pkgArg = a
+			break
+		}
+		a = strings.TrimPrefix(a, "-") // Treat --flag as -flag.
+
+		name, val, hasEq := strings.Cut(a, "=")
+
+		if name == "modcacherw" {
+			if !hasEq {
+				val = "true"
+			}
+			if err := modcacherwVal.Set(val); err != nil {
+				return false
+			}
+			modcacherwSeen = true
+			continue
+		}
+
+		if hasEq {
+			// Already has a value; don't bother parsing it.
+			continue
+		}
+
+		f := run.CmdRun.Flag.Lookup(a)
+		if f == nil {
+			// We don't know whether this flag is a boolean.
+			if os.Args[1] == "run" {
+				// We don't know where to find the pkg@version argument.
+				// For run, the pkg@version can be anywhere on the command line,
+				// because it is preceded by run flags and followed by arguments to the
+				// program being run. Since we don't know whether this flag takes
+				// an argument, we can't reliably identify the end of the run flags.
+				// Just give up and let the user clarify using the "=" form..
+				return false
+			}
+
+			// We would like to let 'go install -newflag pkg@version' work even
+			// across a toolchain switch. To make that work, assume by default that
+			// the pkg@version is the last argument and skip the remaining args unless
+			// we spot a plausible "-modcacherw" flag.
+			for len(args) > 0 {
+				a := args[0]
+				name, _, _ := strings.Cut(a, "=")
+				if name == "-modcacherw" || name == "--modcacherw" {
+					break
 				}
-				arg = args[i+1]
-				break
+				if len(args) == 1 && !strings.HasPrefix(a, "-") {
+					pkgArg = a
+				}
+				args = args[1:]
 			}
-			a = strings.TrimPrefix(a, "-")
-			a = strings.TrimPrefix(a, "-")
-			if strings.HasPrefix(a, "-") {
-				// non-flag but also non-pkg@version
-				return false
-			}
-			if strings.Contains(a, "=") {
-				// already has value
-				continue
-			}
-			f := run.CmdRun.Flag.Lookup(a)
-			if f == nil {
-				// Unknown flag. Give up. The command is going to fail in flag parsing.
-				return false
-			}
-			if bf, ok := f.Value.(interface{ IsBoolFlag() bool }); ok && bf.IsBoolFlag() {
-				// Does not take value.
-				continue
-			}
-			i++ // Does take a value; skip it.
+			continue
+		}
+
+		if bf, ok := f.Value.(interface{ IsBoolFlag() bool }); !ok || !bf.IsBoolFlag() {
+			// The next arg is the value for this flag. Skip it.
+			args = args[1:]
+			continue
 		}
 	}
-	if !strings.Contains(arg, "@") || build.IsLocalImport(arg) || filepath.IsAbs(arg) {
+
+	if !strings.Contains(pkgArg, "@") || build.IsLocalImport(pkgArg) || filepath.IsAbs(pkgArg) {
 		return false
 	}
-	path, version, _ := strings.Cut(arg, "@")
+	path, version, _ := strings.Cut(pkgArg, "@")
 	if path == "" || version == "" || gover.IsToolchain(path) {
 		return false
 	}
 
+	if !modcacherwSeen && base.InGOFLAGS("-modcacherw") {
+		fs := flag.NewFlagSet("goInstallVersion", flag.ExitOnError)
+		fs.Var(modcacherwVal, "modcacherw", modcacherwFlag.Usage)
+		base.SetFromGOFLAGS(fs)
+	}
+
 	// It would be correct to simply return true here, bypassing use
 	// of the current go.mod or go.work, and let "go run" or "go install"
 	// do the rest, including a toolchain switch.

src/cmd/go/testdata/script/build_issue_65528.txt

@@ -0,0 +1,9 @@
+go build
+
+-- go.mod --
+module test
+
+go 1.0
+
+-- p.go --
+package p

src/cmd/go/testdata/script/generate_workspace.txt

@@ -0,0 +1,27 @@
+# This is a regression test for Issue #56098: Go generate
+# wasn't initializing workspace mode
+
+[short] skip
+
+go generate ./mod
+cmp ./mod/got.txt want.txt
+
+-- go.work --
+go 1.22
+
+use ./mod
+-- mod/go.mod --
+module example.com/mod
+-- mod/gen.go --
+//go:generate go run gen.go got.txt
+
+package main
+
+import "os"
+
+func main() {
+    outfile := os.Args[1]
+    os.WriteFile(outfile, []byte("Hello World!\n"), 0644)
+}
+-- want.txt --
+Hello World!

src/cmd/go/testdata/script/install_modcacherw_issue64282.txt

@@ -0,0 +1,45 @@
+# Regression test for https://go.dev/issue/64282.
+#
+# 'go install' and 'go run' with pkg@version arguments should make
+# a best effort to parse flags relevant to downloading modules
+# (currently only -modcacherw) before actually downloading the module
+# to identify which toolchain version to use.
+#
+# However, the best-effort flag parsing should not interfere with
+# actual flag parsing if we don't switch toolchains. In particular,
+# unrecognized flags should still be diagnosed after the module for
+# the requested package has been downloaded and checked for toolchain
+# upgrades.
+
+
+! go install -cake=delicious -modcacherw example.com/printversion@v0.1.0
+stderr '^flag provided but not defined: -cake$'
+	# Because the -modcacherw flag was set, we should be able to modify the contents
+	# of a directory within the module cache.
+cp $WORK/extraneous.txt $GOPATH/pkg/mod/example.com/printversion@v0.1.0/extraneous_file.go
+go clean -modcache
+
+
+! go install -unknownflag -tags -modcacherw example.com/printversion@v0.1.0
+stderr '^flag provided but not defined: -unknownflag$'
+cp $WORK/extraneous.txt $GOPATH/pkg/mod/example.com/printversion@v0.1.0/extraneous_file.go
+go clean -modcache
+
+
+# Also try it with a 'go install' that succeeds.
+# (But skip in short mode, because linking a binary is expensive.)
+[!short] go install -modcacherw example.com/printversion@v0.1.0
+[!short] cp $WORK/extraneous.txt $GOPATH/pkg/mod/example.com/printversion@v0.1.0/extraneous_file.go
+[!short] go clean -modcache
+
+
+# The flag should also be applied if given in GOFLAGS
+# instead of on the command line.
+env GOFLAGS=-modcacherw
+! go install -cake=delicious example.com/printversion@v0.1.0
+stderr '^flag provided but not defined: -cake$'
+cp $WORK/extraneous.txt $GOPATH/pkg/mod/example.com/printversion@v0.1.0/extraneous_file.go
+
+
+-- $WORK/extraneous.txt --
+This is not a Go source file.

src/cmd/go/testdata/script/mod_verify_work.txt

@@ -0,0 +1,24 @@
+# Regression test for Issue #62663: we would filter out the toolchain and
+# main modules from the build list incorrectly, leading to the workspace
+# modules being checked for correct sums. Specifically this would happen when
+# the module name sorted after the virtual 'go' version module name because
+# it could not get chopped off when we removed the MainModules.Len() modules
+# at the beginning of the build list and we would remove the go module instead.
+
+go mod verify
+
+-- go.work --
+go 1.21
+
+use (
+    ./a
+    ./b
+)
+-- a/go.mod --
+module hexample.com/a // important for test that module name sorts after 'go'
+
+go 1.21
+-- b/go.mod --
+module hexample.com/b // important for test that module name sorts after 'go'
+
+go 1.21

src/cmd/trace/v2/gen.go

@@ -31,6 +31,9 @@ type generator interface {
 	ProcRange(ctx *traceContext, ev *tracev2.Event)
 	ProcTransition(ctx *traceContext, ev *tracev2.Event)
 
+	// User annotations.
+	Log(ctx *traceContext, ev *tracev2.Event)
+
 	// Finish indicates the end of the trace and finalizes generation.
 	Finish(ctx *traceContext)
 }
@@ -69,6 +72,8 @@ func runGenerator(ctx *traceContext, g generator, parsed *parsedTrace, opts *gen
 			case tracev2.ResourceGoroutine:
 				g.GoroutineTransition(ctx, ev)
 			}
+		case tracev2.EventLog:
+			g.Log(ctx, ev)
 		}
 	}
 	for i, task := range opts.tasks {
@@ -357,3 +362,33 @@ type completedRange struct {
 	endStack   tracev2.Stack
 	arg        any
 }
+
+type logEventGenerator[R resource] struct {
+	// getResource is a function to extract a resource ID from a Log event.
+	getResource func(*tracev2.Event) R
+}
+
+// Log implements a log event handler. It expects ev to be one such event.
+func (g *logEventGenerator[R]) Log(ctx *traceContext, ev *tracev2.Event) {
+	id := g.getResource(ev)
+	if id == R(noResource) {
+		// We have nowhere to put this in the UI.
+		return
+	}
+
+	// Construct the name to present.
+	log := ev.Log()
+	name := log.Message
+	if log.Category != "" {
+		name = "[" + log.Category + "] " + name
+	}
+
+	// Emit an instant event.
+	ctx.Instant(traceviewer.InstantEvent{
+		Name:     name,
+		Ts:       ctx.elapsed(ev.Time()),
+		Category: "user event",
+		Resource: uint64(id),
+		Stack:    ctx.Stack(viewerFrames(ev.Stack())),
+	})
+}

src/cmd/trace/v2/goroutinegen.go

@@ -14,6 +14,7 @@ type goroutineGenerator struct {
 	globalRangeGenerator
 	globalMetricGenerator
 	stackSampleGenerator[tracev2.GoID]
+	logEventGenerator[tracev2.GoID]
 
 	gStates map[tracev2.GoID]*gState[tracev2.GoID]
 	focus   tracev2.GoID
@@ -22,9 +23,11 @@ type goroutineGenerator struct {
 
 func newGoroutineGenerator(ctx *traceContext, focus tracev2.GoID, filter map[tracev2.GoID]struct{}) *goroutineGenerator {
 	gg := new(goroutineGenerator)
-	gg.stackSampleGenerator.getResource = func(ev *tracev2.Event) tracev2.GoID {
+	rg := func(ev *tracev2.Event) tracev2.GoID {
 		return ev.Goroutine()
 	}
+	gg.stackSampleGenerator.getResource = rg
+	gg.logEventGenerator.getResource = rg
 	gg.gStates = make(map[tracev2.GoID]*gState[tracev2.GoID])
 	gg.focus = focus
 	gg.filter = filter

src/cmd/trace/v2/goroutines.go

@@ -17,7 +17,6 @@ import (
 	"net/http"
 	"slices"
 	"sort"
-	"strconv"
 	"strings"
 	"time"
 )
@@ -25,31 +24,23 @@ import (
 // GoroutinesHandlerFunc returns a HandlerFunc that serves list of goroutine groups.
 func GoroutinesHandlerFunc(summaries map[tracev2.GoID]*trace.GoroutineSummary) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		// goroutineGroup describes a group of goroutines grouped by start PC.
+		// goroutineGroup describes a group of goroutines grouped by name.
 		type goroutineGroup struct {
-			ID       uint64        // Unique identifier (PC).
 			Name     string        // Start function.
 			N        int           // Total number of goroutines in this group.
 			ExecTime time.Duration // Total execution time of all goroutines in this group.
 		}
-		// Accumulate groups by PC.
-		groupsByPC := make(map[uint64]goroutineGroup)
+		// Accumulate groups by Name.
+		groupsByName := make(map[string]goroutineGroup)
 		for _, summary := range summaries {
-			group := groupsByPC[summary.PC]
-			group.ID = summary.PC
+			group := groupsByName[summary.Name]
 			group.Name = summary.Name
 			group.N++
 			group.ExecTime += summary.ExecTime
-			groupsByPC[summary.PC] = group
+			groupsByName[summary.Name] = group
 		}
 		var groups []goroutineGroup
-		for pc, group := range groupsByPC {
-			group.ID = pc
-			// If goroutine didn't run during the trace (no sampled PC),
-			// the v.ID and v.Name will be zero value.
-			if group.ID == 0 && group.Name == "" {
-				group.Name = "(Inactive, no stack trace sampled)"
-			}
+		for _, group := range groupsByName {
 			groups = append(groups, group)
 		}
 		slices.SortFunc(groups, func(a, b goroutineGroup) int {
@@ -92,7 +83,7 @@ Click a start location to view more details about that group.<br>
   </tr>
 {{range $}}
   <tr>
-    <td><code><a href="/goroutine?id={{.ID}}">{{.Name}}</a></code></td>
+    <td><code><a href="/goroutine?name={{.Name}}">{{or .Name "(Inactive, no stack trace sampled)"}}</a></code></td>
 	<td>{{.N}}</td>
 	<td>{{.ExecTime}}</td>
   </tr>
@@ -106,11 +97,7 @@ Click a start location to view more details about that group.<br>
 // goroutines in a particular group.
 func GoroutineHandler(summaries map[tracev2.GoID]*trace.GoroutineSummary) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		pc, err := strconv.ParseUint(r.FormValue("id"), 10, 64)
-		if err != nil {
-			http.Error(w, fmt.Sprintf("failed to parse id parameter '%v': %v", r.FormValue("id"), err), http.StatusInternalServerError)
-			return
-		}
+		goroutineName := r.FormValue("name")
 
 		type goroutine struct {
 			*trace.GoroutineSummary
@@ -130,7 +117,7 @@ func GoroutineHandler(summaries map[tracev2.GoID]*trace.GoroutineSummary) http.H
 		for _, summary := range summaries {
 			totalExecTime += summary.ExecTime
 
-			if summary.PC != pc {
+			if summary.Name != goroutineName {
 				continue
 			}
 			nonOverlappingStats := summary.NonOverlappingStats()
@@ -198,9 +185,8 @@ func GoroutineHandler(summaries map[tracev2.GoID]*trace.GoroutineSummary) http.H
 		}
 		sort.Strings(allRangeStats)
 
-		err = templGoroutine.Execute(w, struct {
+		err := templGoroutine.Execute(w, struct {
 			Name                string
-			PC                  uint64
 			N                   int
 			ExecTimePercent     string
 			MaxTotal            time.Duration
@@ -209,7 +195,6 @@ func GoroutineHandler(summaries map[tracev2.GoID]*trace.GoroutineSummary) http.H
 			RangeStats          []string
 		}{
 			Name:                name,
-			PC:                  pc,
 			N:                   len(goroutines),
 			ExecTimePercent:     execTimePercent,
 			MaxTotal:            maxTotalTime,
@@ -339,19 +324,19 @@ Table of contents
 	</tr>
 	<tr>
 		<td>Network wait profile:</td>
-		<td> <a href="/io?id={{.PC}}">graph</a> <a href="/io?id={{.PC}}&raw=1" download="io.profile">(download)</a></td>
+		<td> <a href="/io?name={{.Name}}">graph</a> <a href="/io?name={{.Name}}&raw=1" download="io.profile">(download)</a></td>
 	</tr>
 	<tr>
 		<td>Sync block profile:</td>
-		<td> <a href="/block?id={{.PC}}">graph</a> <a href="/block?id={{.PC}}&raw=1" download="block.profile">(download)</a></td>
+		<td> <a href="/block?name={{.Name}}">graph</a> <a href="/block?name={{.Name}}&raw=1" download="block.profile">(download)</a></td>
 	</tr>
 	<tr>
 		<td>Syscall profile:</td>
-		<td> <a href="/syscall?id={{.PC}}">graph</a> <a href="/syscall?id={{.PC}}&raw=1" download="syscall.profile">(download)</a></td>
+		<td> <a href="/syscall?name={{.Name}}">graph</a> <a href="/syscall?name={{.Name}}&raw=1" download="syscall.profile">(download)</a></td>
 		</tr>
 	<tr>
 		<td>Scheduler wait profile:</td>
-		<td> <a href="/sched?id={{.PC}}">graph</a> <a href="/sched?id={{.PC}}&raw=1" download="sched.profile">(download)</a></td>
+		<td> <a href="/sched?name={{.Name}}">graph</a> <a href="/sched?name={{.Name}}&raw=1" download="sched.profile">(download)</a></td>
 	</tr>
 </table>
 

src/cmd/trace/v2/jsontrace_test.go

@@ -167,8 +167,8 @@ func checkNetworkUnblock(t *testing.T, data format.Data) {
 	if netBlockEv == nil {
 		t.Error("failed to find a network unblock")
 	}
-	if count == 0 || count > 2 {
-		t.Errorf("found too many network block events: want 1 or 2, found %d", count)
+	if count == 0 {
+		t.Errorf("found zero network block events, want at least one")
 	}
 	// TODO(mknyszek): Check for the flow of this event to some slice event of a goroutine running.
 }

src/cmd/trace/v2/pprof.go

@@ -14,15 +14,14 @@ import (
 	tracev2 "internal/trace/v2"
 	"net/http"
 	"slices"
-	"strconv"
 	"strings"
 	"time"
 )
 
 func pprofByGoroutine(compute computePprofFunc, t *parsedTrace) traceviewer.ProfileFunc {
 	return func(r *http.Request) ([]traceviewer.ProfileRecord, error) {
-		id := r.FormValue("id")
-		gToIntervals, err := pprofMatchingGoroutines(id, t)
+		name := r.FormValue("name")
+		gToIntervals, err := pprofMatchingGoroutines(name, t)
 		if err != nil {
 			return nil, err
 		}
@@ -44,20 +43,12 @@ func pprofByRegion(compute computePprofFunc, t *parsedTrace) traceviewer.Profile
 	}
 }
 
-// pprofMatchingGoroutines parses the goroutine type id string (i.e. pc)
-// and returns the ids of goroutines of the matching type and its interval.
+// pprofMatchingGoroutines returns the ids of goroutines of the matching name and its interval.
 // If the id string is empty, returns nil without an error.
-func pprofMatchingGoroutines(id string, t *parsedTrace) (map[tracev2.GoID][]interval, error) {
-	if id == "" {
-		return nil, nil
-	}
-	pc, err := strconv.ParseUint(id, 10, 64) // id is string
-	if err != nil {
-		return nil, fmt.Errorf("invalid goroutine type: %v", id)
-	}
+func pprofMatchingGoroutines(name string, t *parsedTrace) (map[tracev2.GoID][]interval, error) {
 	res := make(map[tracev2.GoID][]interval)
 	for _, g := range t.summary.Goroutines {
-		if g.PC != pc {
+		if g.Name != name {
 			continue
 		}
 		endTime := g.EndTime
@@ -66,8 +57,8 @@ func pprofMatchingGoroutines(id string, t *parsedTrace) (map[tracev2.GoID][]inte
 		}
 		res[g.ID] = []interval{{start: g.StartTime, end: endTime}}
 	}
-	if len(res) == 0 && id != "" {
-		return nil, fmt.Errorf("failed to find matching goroutines for ID: %s", id)
+	if len(res) == 0 {
+		return nil, fmt.Errorf("failed to find matching goroutines for name: %s", name)
 	}
 	return res, nil
 }

src/cmd/trace/v2/procgen.go

@@ -18,6 +18,7 @@ type procGenerator struct {
 	globalMetricGenerator
 	procRangeGenerator
 	stackSampleGenerator[tracev2.ProcID]
+	logEventGenerator[tracev2.ProcID]
 
 	gStates   map[tracev2.GoID]*gState[tracev2.ProcID]
 	inSyscall map[tracev2.ProcID]*gState[tracev2.ProcID]
@@ -26,9 +27,11 @@ type procGenerator struct {
 
 func newProcGenerator() *procGenerator {
 	pg := new(procGenerator)
-	pg.stackSampleGenerator.getResource = func(ev *tracev2.Event) tracev2.ProcID {
+	rg := func(ev *tracev2.Event) tracev2.ProcID {
 		return ev.Proc()
 	}
+	pg.stackSampleGenerator.getResource = rg
+	pg.logEventGenerator.getResource = rg
 	pg.gStates = make(map[tracev2.GoID]*gState[tracev2.ProcID])
 	pg.inSyscall = make(map[tracev2.ProcID]*gState[tracev2.ProcID])
 	return pg

src/cmd/trace/v2/threadgen.go

@@ -17,6 +17,7 @@ type threadGenerator struct {
 	globalRangeGenerator
 	globalMetricGenerator
 	stackSampleGenerator[tracev2.ThreadID]
+	logEventGenerator[tracev2.ThreadID]
 
 	gStates map[tracev2.GoID]*gState[tracev2.ThreadID]
 	threads map[tracev2.ThreadID]struct{}
@@ -24,9 +25,11 @@ type threadGenerator struct {
 
 func newThreadGenerator() *threadGenerator {
 	tg := new(threadGenerator)
-	tg.stackSampleGenerator.getResource = func(ev *tracev2.Event) tracev2.ThreadID {
+	rg := func(ev *tracev2.Event) tracev2.ThreadID {
 		return ev.Thread()
 	}
+	tg.stackSampleGenerator.getResource = rg
+	tg.logEventGenerator.getResource = rg
 	tg.gStates = make(map[tracev2.GoID]*gState[tracev2.ThreadID])
 	tg.threads = make(map[tracev2.ThreadID]struct{})
 	return tg

src/crypto/internal/boring/Dockerfile

@@ -13,21 +13,15 @@ WORKDIR /boring
 ENV LANG=C
 ENV LANGUAGE=
 
-# Following NIST submission draft for In Progress module validation.
-# This corresponds to boringssl.googlesource.com/boringssl tag fips-20220613.
+# Following NIST submission draft dated July 3, 2021.
+# This corresponds to boringssl.googlesource.com/boringssl tag fips-20210429.
+ENV ClangV=12
 RUN apt-get update && \
-        apt-get install --no-install-recommends -y cmake xz-utils wget unzip ca-certificates python lsb-release software-properties-common gnupg
-
-# Install Clang.
-ENV ClangV=14
-RUN \
-	wget https://apt.llvm.org/llvm.sh && \
-	chmod +x llvm.sh && \
-	./llvm.sh $ClangV
+        apt-get install --no-install-recommends -y cmake xz-utils wget unzip ca-certificates clang-$ClangV python
 
 # Download, validate, unpack, build, and install Ninja.
-ENV NinjaV=1.10.1
-ENV NinjaH=a6b6f7ac360d4aabd54e299cc1d8fa7b234cd81b9401693da21221c62569a23e
+ENV NinjaV=1.10.2
+ENV NinjaH=ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed
 RUN \
 	wget https://github.com/ninja-build/ninja/archive/refs/tags/v$NinjaV.tar.gz && \
 	echo "$NinjaH v$NinjaV.tar.gz" >sha && sha256sum -c sha && \
@@ -39,9 +33,9 @@ RUN \
 
 # Download, validate, unpack, and install Go.
 ARG GOARCH
-ENV GoV=1.18.1
-ENV GoHamd64=b3b815f47ababac13810fc6021eb73d65478e0b2db4b09d348eefad9581a2334
-ENV GoHarm64=56a91851c97fb4697077abbca38860f735c32b38993ff79b088dac46e4735633
+ENV GoV=1.16.5
+ENV GoHamd64=b12c23023b68de22f74c0524f10b753e7b08b1504cb7e417eccebdd3fae49061
+ENV GoHarm64=d5446b46ef6f36fdffa852f73dfbbe78c1ddf010b99fa4964944b9ae8b4d6799
 RUN \
 	eval GoH=\${GoH$GOARCH} && \
 	wget https://golang.org/dl/go$GoV.linux-$GOARCH.tar.gz && \
@@ -51,8 +45,8 @@ RUN \
 	ln -s /usr/local/go/bin/go /usr/local/bin/
 
 # Download, validate, and unpack BoringCrypto.
-ENV BoringV=0c6f40132b828e92ba365c6b7680e32820c63fa7
-ENV BoringH=62f733289f2d677c2723f556aa58034c438f3a7bbca6c12b156538a88e38da8a
+ENV BoringV=853ca1ea1168dff08011e5d42d94609cc0ca2e27
+ENV BoringH=a4d069ccef6f3c7bc0c68de82b91414f05cb817494cd1ab483dcf3368883c7c2
 RUN \
 	wget https://commondatastorage.googleapis.com/chromium-boringssl-fips/boringssl-$BoringV.tar.xz && \
 	echo "$BoringH boringssl-$BoringV.tar.xz" >sha && sha256sum -c sha && \

src/crypto/internal/boring/LICENSE

@@ -6,7 +6,7 @@ When building with GOEXPERIMENT=boringcrypto, the following applies.
 The goboringcrypto_linux_amd64.syso object file is built
 from BoringSSL source code by build/build.sh and is covered
 by the BoringSSL license reproduced below and also at
-https://boringssl.googlesource.com/boringssl/+/fips-20220613/LICENSE.
+https://boringssl.googlesource.com/boringssl/+/fips-20190808/LICENSE.
 
 BoringSSL is a fork of OpenSSL. As such, large parts of it fall under OpenSSL
 licensing. Files that are completely new have a Google copyright and an ISC

src/crypto/internal/boring/README.md

@@ -27,14 +27,13 @@ syso/goboringcrypto_linux_arm64.syso is built with:
 
 	GOARCH=arm64 ./build.sh
 
-Both run using Docker.
-
+Both run on an x86 Debian Linux system using Docker.
 For the arm64 build to run on an x86 system, you need
 
 	apt-get install qemu-user-static qemu-binfmt-support
 
 to allow the x86 kernel to run arm64 binaries via QEMU.
 
-For the amd64 build to run on an Apple Silicon macOS, you need Rosetta 2.
-
 See build.sh for more details about the build.
+
+

src/crypto/internal/boring/aes.go

@@ -228,41 +228,26 @@ func (c *aesCipher) NewGCM(nonceSize, tagSize int) (cipher.AEAD, error) {
 	if tagSize != gcmTagSize {
 		return cipher.NewGCMWithTagSize(&noGCM{c}, tagSize)
 	}
-	return c.newGCM(0)
+	return c.newGCM(false)
 }
 
-const (
-	VersionTLS12 = 0x0303
-	VersionTLS13 = 0x0304
-)
-
 func NewGCMTLS(c cipher.Block) (cipher.AEAD, error) {
-	return c.(*aesCipher).newGCM(VersionTLS12)
+	return c.(*aesCipher).newGCM(true)
 }
 
-func NewGCMTLS13(c cipher.Block) (cipher.AEAD, error) {
-	return c.(*aesCipher).newGCM(VersionTLS13)
-}
-
-func (c *aesCipher) newGCM(tlsVersion uint16) (cipher.AEAD, error) {
+func (c *aesCipher) newGCM(tls bool) (cipher.AEAD, error) {
 	var aead *C.GO_EVP_AEAD
 	switch len(c.key) * 8 {
 	case 128:
-		switch tlsVersion {
-		case VersionTLS12:
+		if tls {
 			aead = C._goboringcrypto_EVP_aead_aes_128_gcm_tls12()
-		case VersionTLS13:
-			aead = C._goboringcrypto_EVP_aead_aes_128_gcm_tls13()
-		default:
+		} else {
 			aead = C._goboringcrypto_EVP_aead_aes_128_gcm()
 		}
 	case 256:
-		switch tlsVersion {
-		case VersionTLS12:
+		if tls {
 			aead = C._goboringcrypto_EVP_aead_aes_256_gcm_tls12()
-		case VersionTLS13:
-			aead = C._goboringcrypto_EVP_aead_aes_256_gcm_tls13()
-		default:
+		} else {
 			aead = C._goboringcrypto_EVP_aead_aes_256_gcm()
 		}
 	default:

src/crypto/internal/boring/build-goboring.sh

@@ -122,7 +122,7 @@ awk -f boringx.awk goboringcrypto.h # writes goboringcrypto.x
 awk -f boringh.awk goboringcrypto.h # writes goboringcrypto[01].h
 
 ls -l ../boringssl/include
-clang++ -fPIC -I../boringssl/include -O2 -o a.out  goboringcrypto.cc
+clang++ -std=c++11 -fPIC -I../boringssl/include -O2 -o a.out  goboringcrypto.cc
 ./a.out || exit 2
 
 # clang implements u128 % u128 -> u128 by calling __umodti3,

src/crypto/internal/boring/build.sh

@@ -22,12 +22,6 @@ platform=""
 buildargs=""
 case "$GOARCH" in
 amd64)
-	if ! docker run --rm -t amd64/ubuntu:focal uname -m >/dev/null 2>&1; then
-		echo "# Docker cannot run amd64 binaries."
-		exit 1
-	fi
-	platform="--platform linux/amd64"
-	buildargs="--build-arg ubuntu=amd64/ubuntu"
 	;;
 arm64)
 	if ! docker run --rm -t arm64v8/ubuntu:focal uname -m >/dev/null 2>&1; then

src/crypto/internal/boring/goboringcrypto.h

@@ -125,9 +125,7 @@ void _goboringcrypto_EVP_AEAD_CTX_cleanup(GO_EVP_AEAD_CTX*);
 int _goboringcrypto_EVP_AEAD_CTX_seal(const GO_EVP_AEAD_CTX*, uint8_t*, size_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t);
 int _goboringcrypto_EVP_AEAD_CTX_open(const GO_EVP_AEAD_CTX*, uint8_t*, size_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t, const uint8_t*, size_t);
 const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_128_gcm_tls12(void);
-const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_128_gcm_tls13(void);
 const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_256_gcm_tls12(void);
-const GO_EVP_AEAD* _goboringcrypto_EVP_aead_aes_256_gcm_tls13(void);
 enum go_evp_aead_direction_t {
 	go_evp_aead_open = 0,
 	go_evp_aead_seal = 1

src/crypto/internal/boring/notboring.go

@@ -50,7 +50,6 @@ func NewHMAC(h func() hash.Hash, key []byte) hash.Hash { panic("boringcrypto: no
 
 func NewAESCipher(key []byte) (cipher.Block, error) { panic("boringcrypto: not available") }
 func NewGCMTLS(cipher.Block) (cipher.AEAD, error)   { panic("boringcrypto: not available") }
-func NewGCMTLS13(cipher.Block) (cipher.AEAD, error) { panic("boringcrypto: not available") }
 
 type PublicKeyECDSA struct{ _ int }
 type PrivateKeyECDSA struct{ _ int }

src/crypto/tls/boring.go

@@ -6,10 +6,9 @@
 
 package tls
 
-import "crypto/internal/boring/fipstls"
-
-// The FIPS-only policies enforced here currently match BoringSSL's
-// ssl_policy_fips_202205.
+import (
+	"crypto/internal/boring/fipstls"
+)
 
 // needFIPS returns fipstls.Required(); it avoids a new import in common.go.
 func needFIPS() bool {
@@ -18,19 +17,19 @@ func needFIPS() bool {
 
 // fipsMinVersion replaces c.minVersion in FIPS-only mode.
 func fipsMinVersion(c *Config) uint16 {
-	// FIPS requires TLS 1.2 or TLS 1.3.
+	// FIPS requires TLS 1.2.
 	return VersionTLS12
 }
 
 // fipsMaxVersion replaces c.maxVersion in FIPS-only mode.
 func fipsMaxVersion(c *Config) uint16 {
-	// FIPS requires TLS 1.2 or TLS 1.3.
-	return VersionTLS13
+	// FIPS requires TLS 1.2.
+	return VersionTLS12
 }
 
 // default defaultFIPSCurvePreferences is the FIPS-allowed curves,
 // in preference order (most preferable first).
-var defaultFIPSCurvePreferences = []CurveID{CurveP256, CurveP384}
+var defaultFIPSCurvePreferences = []CurveID{CurveP256, CurveP384, CurveP521}
 
 // fipsCurvePreferences replaces c.curvePreferences in FIPS-only mode.
 func fipsCurvePreferences(c *Config) []CurveID {
@@ -55,6 +54,8 @@ var defaultCipherSuitesFIPS = []uint16{
 	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 	TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+	TLS_RSA_WITH_AES_128_GCM_SHA256,
+	TLS_RSA_WITH_AES_256_GCM_SHA384,
 }
 
 // fipsCipherSuites replaces c.cipherSuites in FIPS-only mode.
@@ -74,14 +75,8 @@ func fipsCipherSuites(c *Config) []uint16 {
 	return list
 }
 
-// defaultCipherSuitesTLS13FIPS are the FIPS-allowed cipher suites for TLS 1.3.
-var defaultCipherSuitesTLS13FIPS = []uint16{
-	TLS_AES_128_GCM_SHA256,
-	TLS_AES_256_GCM_SHA384,
-}
-
 // fipsSupportedSignatureAlgorithms currently are a subset of
-// defaultSupportedSignatureAlgorithms without Ed25519, SHA-1, and P-521.
+// defaultSupportedSignatureAlgorithms without Ed25519 and SHA-1.
 var fipsSupportedSignatureAlgorithms = []SignatureScheme{
 	PSSWithSHA256,
 	PSSWithSHA384,
@@ -91,6 +86,7 @@ var fipsSupportedSignatureAlgorithms = []SignatureScheme{
 	PKCS1WithSHA384,
 	ECDSAWithP384AndSHA384,
 	PKCS1WithSHA512,
+	ECDSAWithP521AndSHA512,
 }
 
 // supportedSignatureAlgorithms returns the supported signature algorithms.

src/crypto/tls/boring_test.go

@@ -25,31 +25,6 @@ import (
 	"time"
 )
 
-func allCipherSuitesIncludingTLS13() []uint16 {
-	s := allCipherSuites()
-	for _, suite := range cipherSuitesTLS13 {
-		s = append(s, suite.id)
-	}
-	return s
-}
-
-func isTLS13CipherSuite(id uint16) bool {
-	for _, suite := range cipherSuitesTLS13 {
-		if id == suite.id {
-			return true
-		}
-	}
-	return false
-}
-
-func generateKeyShare(group CurveID) keyShare {
-	key, err := generateECDHEKey(rand.Reader, group)
-	if err != nil {
-		panic(err)
-	}
-	return keyShare{group: group, data: key.PublicKey().Bytes()}
-}
-
 func TestBoringServerProtocolVersion(t *testing.T) {
 	test := func(name string, v uint16, msg string) {
 		t.Run(name, func(t *testing.T) {
@@ -58,11 +33,8 @@ func TestBoringServerProtocolVersion(t *testing.T) {
 			clientHello := &clientHelloMsg{
 				vers:               v,
 				random:             make([]byte, 32),
-				cipherSuites:       allCipherSuitesIncludingTLS13(),
+				cipherSuites:       allCipherSuites(),
 				compressionMethods: []uint8{compressionNone},
-				supportedCurves:    defaultCurvePreferences,
-				keyShares:          []keyShare{generateKeyShare(CurveP256)},
-				supportedPoints:    []uint8{pointFormatUncompressed},
 				supportedVersions:  []uint16{v},
 			}
 			testClientHelloFailure(t, serverConfig, clientHello, msg)
@@ -76,25 +48,25 @@ func TestBoringServerProtocolVersion(t *testing.T) {
 
 	fipstls.Force()
 	defer fipstls.Abandon()
-	test("VersionSSL30/fipstls", VersionSSL30, "client offered only unsupported versions")
-	test("VersionTLS10/fipstls", VersionTLS10, "client offered only unsupported versions")
-	test("VersionTLS11/fipstls", VersionTLS11, "client offered only unsupported versions")
-	test("VersionTLS12/fipstls", VersionTLS12, "")
-	test("VersionTLS13/fipstls", VersionTLS13, "")
+	test("VersionSSL30", VersionSSL30, "client offered only unsupported versions")
+	test("VersionTLS10", VersionTLS10, "client offered only unsupported versions")
+	test("VersionTLS11", VersionTLS11, "client offered only unsupported versions")
+	test("VersionTLS12", VersionTLS12, "")
+	test("VersionTLS13", VersionTLS13, "client offered only unsupported versions")
 }
 
 func isBoringVersion(v uint16) bool {
-	return v == VersionTLS12 || v == VersionTLS13
+	return v == VersionTLS12
 }
 
 func isBoringCipherSuite(id uint16) bool {
 	switch id {
-	case TLS_AES_128_GCM_SHA256,
-		TLS_AES_256_GCM_SHA384,
-		TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 		TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 		TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
+		TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+		TLS_RSA_WITH_AES_128_GCM_SHA256,
+		TLS_RSA_WITH_AES_256_GCM_SHA384:
 		return true
 	}
 	return false
@@ -102,7 +74,7 @@ func isBoringCipherSuite(id uint16) bool {
 
 func isBoringCurve(id CurveID) bool {
 	switch id {
-	case CurveP256, CurveP384:
+	case CurveP256, CurveP384, CurveP521:
 		return true
 	}
 	return false
@@ -114,7 +86,7 @@ func isECDSA(id uint16) bool {
 			return suite.flags&suiteECSign == suiteECSign
 		}
 	}
-	return false // TLS 1.3 cipher suites are not tied to the signature algorithm.
+	panic(fmt.Sprintf("unknown cipher suite %#x", id))
 }
 
 func isBoringSignatureScheme(alg SignatureScheme) bool {
@@ -126,6 +98,7 @@ func isBoringSignatureScheme(alg SignatureScheme) bool {
 		PKCS1WithSHA384,
 		ECDSAWithP384AndSHA384,
 		PKCS1WithSHA512,
+		ECDSAWithP521AndSHA512,
 		PSSWithSHA256,
 		PSSWithSHA384,
 		PSSWithSHA512:
@@ -136,9 +109,10 @@ func isBoringSignatureScheme(alg SignatureScheme) bool {
 
 func TestBoringServerCipherSuites(t *testing.T) {
 	serverConfig := testConfig.Clone()
+	serverConfig.CipherSuites = allCipherSuites()
 	serverConfig.Certificates = make([]Certificate, 1)
 
-	for _, id := range allCipherSuitesIncludingTLS13() {
+	for _, id := range allCipherSuites() {
 		if isECDSA(id) {
 			serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate}
 			serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey
@@ -147,19 +121,14 @@ func TestBoringServerCipherSuites(t *testing.T) {
 			serverConfig.Certificates[0].PrivateKey = testRSAPrivateKey
 		}
 		serverConfig.BuildNameToCertificate()
-		t.Run(fmt.Sprintf("suite=%s", CipherSuiteName(id)), func(t *testing.T) {
+		t.Run(fmt.Sprintf("suite=%#x", id), func(t *testing.T) {
 			clientHello := &clientHelloMsg{
 				vers:               VersionTLS12,
 				random:             make([]byte, 32),
 				cipherSuites:       []uint16{id},
 				compressionMethods: []uint8{compressionNone},
 				supportedCurves:    defaultCurvePreferences,
-				keyShares:          []keyShare{generateKeyShare(CurveP256)},
 				supportedPoints:    []uint8{pointFormatUncompressed},
-				supportedVersions:  []uint16{VersionTLS12},
-			}
-			if isTLS13CipherSuite(id) {
-				clientHello.supportedVersions = []uint16{VersionTLS13}
 			}
 
 			testClientHello(t, serverConfig, clientHello)
@@ -191,9 +160,7 @@ func TestBoringServerCurves(t *testing.T) {
 				cipherSuites:       []uint16{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256},
 				compressionMethods: []uint8{compressionNone},
 				supportedCurves:    []CurveID{curveid},
-				keyShares:          []keyShare{generateKeyShare(curveid)},
 				supportedPoints:    []uint8{pointFormatUncompressed},
-				supportedVersions:  []uint16{VersionTLS12},
 			}
 
 			testClientHello(t, serverConfig, clientHello)
@@ -312,7 +279,7 @@ func TestBoringClientHello(t *testing.T) {
 	}
 
 	if !isBoringVersion(hello.vers) {
-		t.Errorf("client vers=%#x", hello.vers)
+		t.Errorf("client vers=%#x, want %#x (TLS 1.2)", hello.vers, VersionTLS12)
 	}
 	for _, v := range hello.supportedVersions {
 		if !isBoringVersion(v) {

src/crypto/tls/cipher_suites.go

@@ -556,13 +556,7 @@ func aeadAESGCMTLS13(key, nonceMask []byte) aead {
 	if err != nil {
 		panic(err)
 	}
-	var aead cipher.AEAD
-	if boring.Enabled {
-		aead, err = boring.NewGCMTLS13(aes)
-	} else {
-		boring.Unreachable()
-		aead, err = cipher.NewGCM(aes)
-	}
+	aead, err := cipher.NewGCM(aes)
 	if err != nil {
 		panic(err)
 	}

src/crypto/tls/handshake_client.go

@@ -139,9 +139,7 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
 		if len(hello.supportedVersions) == 1 {
 			hello.cipherSuites = nil
 		}
-		if needFIPS() {
-			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13FIPS...)
-		} else if hasAESGCMHardwareSupport {
+		if hasAESGCMHardwareSupport {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13...)
 		} else {
 			hello.cipherSuites = append(hello.cipherSuites, defaultCipherSuitesTLS13NoAES...)

src/crypto/tls/handshake_client_tls13.go

@@ -41,6 +41,10 @@ type clientHandshakeStateTLS13 struct {
 func (hs *clientHandshakeStateTLS13) handshake() error {
 	c := hs.c
 
+	if needFIPS() {
+		return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
+	}
+
 	// The server must not select TLS 1.3 in a renegotiation. See RFC 8446,
 	// sections 4.1.2 and 4.1.3.
 	if c.handshakes > 0 {

src/crypto/tls/handshake_server_test.go

@@ -27,7 +27,6 @@ import (
 )
 
 func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) {
-	t.Helper()
 	testClientHelloFailure(t, serverConfig, m, "")
 }
 
@@ -53,32 +52,23 @@ func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessa
 	ctx := context.Background()
 	conn := Server(s, serverConfig)
 	ch, err := conn.readClientHello(ctx)
-	if err == nil && conn.vers == VersionTLS13 {
-		hs := serverHandshakeStateTLS13{
-			c:           conn,
-			ctx:         ctx,
-			clientHello: ch,
-		}
+	hs := serverHandshakeState{
+		c:           conn,
+		ctx:         ctx,
+		clientHello: ch,
+	}
+	if err == nil {
 		err = hs.processClientHello()
-	} else if err == nil {
-		hs := serverHandshakeState{
-			c:           conn,
-			ctx:         ctx,
-			clientHello: ch,
-		}
-		err = hs.processClientHello()
-		if err == nil {
-			err = hs.pickCipherSuite()
-		}
+	}
+	if err == nil {
+		err = hs.pickCipherSuite()
 	}
 	s.Close()
 	if len(expectedSubStr) == 0 {
 		if err != nil && err != io.EOF {
-			t.Helper()
 			t.Errorf("Got error: %s; expected to succeed", err)
 		}
 	} else if err == nil || !strings.Contains(err.Error(), expectedSubStr) {
-		t.Helper()
 		t.Errorf("Got error: %v; expected to match substring '%s'", err, expectedSubStr)
 	}
 }

src/crypto/tls/handshake_server_tls13.go

@@ -45,6 +45,10 @@ type serverHandshakeStateTLS13 struct {
 func (hs *serverHandshakeStateTLS13) handshake() error {
 	c := hs.c
 
+	if needFIPS() {
+		return errors.New("tls: internal error: TLS 1.3 reached in FIPS mode")
+	}
+
 	// For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2.
 	if err := hs.processClientHello(); err != nil {
 		return err
@@ -159,9 +163,6 @@ func (hs *serverHandshakeStateTLS13) processClientHello() error {
 	if !hasAESGCMHardwareSupport || !aesgcmPreferred(hs.clientHello.cipherSuites) {
 		preferenceList = defaultCipherSuitesTLS13NoAES
 	}
-	if needFIPS() {
-		preferenceList = defaultCipherSuitesTLS13FIPS
-	}
 	for _, suiteID := range preferenceList {
 		hs.suite = mutualCipherSuiteTLS13(hs.clientHello.cipherSuites, suiteID)
 		if hs.suite != nil {

src/crypto/tls/notboring.go

@@ -18,5 +18,3 @@ func fipsCurvePreferences(c *Config) []CurveID { panic("fipsCurvePreferences") }
 func fipsCipherSuites(c *Config) []uint16      { panic("fipsCipherSuites") }
 
 var fipsSupportedSignatureAlgorithms []SignatureScheme
-
-var defaultCipherSuitesTLS13FIPS []uint16

src/crypto/x509/boring.go

@@ -22,7 +22,7 @@ func boringAllowCert(c *Certificate) bool {
 	}
 
 	// The key must be RSA 2048, RSA 3072, RSA 4096,
-	// or ECDSA P-256 or P-384.
+	// or ECDSA P-256, P-384, P-521.
 	switch k := c.PublicKey.(type) {
 	default:
 		return false
@@ -31,7 +31,7 @@ func boringAllowCert(c *Certificate) bool {
 			return false
 		}
 	case *ecdsa.PublicKey:
-		if k.Curve != elliptic.P256() && k.Curve != elliptic.P384() {
+		if k.Curve != elliptic.P256() && k.Curve != elliptic.P384() && k.Curve != elliptic.P521() {
 			return false
 		}
 	}

src/crypto/x509/verify.go

@@ -899,7 +899,7 @@ func (c *Certificate) buildChains(currentChain []*Certificate, sigChecks *int, o
 	)
 
 	considerCandidate := func(certType int, candidate potentialParent) {
-		if alreadyInChain(candidate.cert, currentChain) {
+		if candidate.cert.PublicKey == nil || alreadyInChain(candidate.cert, currentChain) {
 			return
 		}
 

src/crypto/x509/verify_test.go

@@ -2792,3 +2792,22 @@ func TestVerifyEKURootAsLeaf(t *testing.T) {
 	}
 
 }
+
+func TestVerifyNilPubKey(t *testing.T) {
+	c := &Certificate{
+		RawIssuer:      []byte{1, 2, 3},
+		AuthorityKeyId: []byte{1, 2, 3},
+	}
+	opts := &VerifyOptions{}
+	opts.Roots = NewCertPool()
+	r := &Certificate{
+		RawSubject:   []byte{1, 2, 3},
+		SubjectKeyId: []byte{1, 2, 3},
+	}
+	opts.Roots.AddCert(r)
+
+	_, err := c.buildChains([]*Certificate{r}, nil, opts)
+	if _, ok := err.(UnknownAuthorityError); !ok {
+		t.Fatalf("buildChains returned unexpected error, got: %v, want %v", err, UnknownAuthorityError{})
+	}
+}

src/go/types/alias.go

@@ -23,11 +23,14 @@ type Alias struct {
 // NewAlias creates a new Alias type with the given type name and rhs.
 // rhs must not be nil.
 func NewAlias(obj *TypeName, rhs Type) *Alias {
-	return (*Checker)(nil).newAlias(obj, rhs)
+	alias := (*Checker)(nil).newAlias(obj, rhs)
+	// Ensure that alias.actual is set (#65455).
+	unalias(alias)
+	return alias
 }
 
 func (a *Alias) Obj() *TypeName   { return a.obj }
-func (a *Alias) Underlying() Type { return a.actual.Underlying() }
+func (a *Alias) Underlying() Type { return unalias(a).Underlying() }
 func (a *Alias) String() string   { return TypeString(a, nil) }
 
 // Type accessors
@@ -38,24 +41,26 @@ func (a *Alias) String() string   { return TypeString(a, nil) }
 // Consequently, the result is never an alias type.
 func Unalias(t Type) Type {
 	if a0, _ := t.(*Alias); a0 != nil {
-		if a0.actual != nil {
-			return a0.actual
-		}
-		for a := a0; ; {
-			t = a.fromRHS
-			a, _ = t.(*Alias)
-			if a == nil {
-				break
-			}
-		}
-		if t == nil {
-			panic(fmt.Sprintf("non-terminated alias %s", a0.obj.name))
-		}
-		a0.actual = t
+		return unalias(a0)
 	}
 	return t
 }
 
+func unalias(a0 *Alias) Type {
+	if a0.actual != nil {
+		return a0.actual
+	}
+	var t Type
+	for a := a0; a != nil; a, _ = t.(*Alias) {
+		t = a.fromRHS
+	}
+	if t == nil {
+		panic(fmt.Sprintf("non-terminated alias %s", a0.obj.name))
+	}
+	a0.actual = t
+	return t
+}
+
 // asNamed returns t as *Named if that is t's
 // actual type. It returns nil otherwise.
 func asNamed(t Type) *Named {

src/go/types/api_test.go

@@ -2196,6 +2196,12 @@ func TestIssue61737(t *testing.T) {
 	iface.Complete()
 }
 
+func TestNewAlias_Issue65455(t *testing.T) {
+	obj := NewTypeName(nopos, nil, "A", nil)
+	alias := NewAlias(obj, Typ[Int])
+	alias.Underlying() // must not panic
+}
+
 func TestIssue15305(t *testing.T) {
 	const src = "package p; func f() int16; var _ = f(undef)"
 	fset := token.NewFileSet()

src/go/version/version.go

@@ -2,9 +2,12 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package version provides operations on [Go versions].
+// Package version provides operations on [Go versions]
+// in [Go toolchain name syntax]: strings like
+// "go1.20", "go1.21.0", "go1.22rc2", and "go1.23.4-bigcorp".
 //
 // [Go versions]: https://go.dev/doc/toolchain#version
+// [Go toolchain name syntax]: https://go.dev/doc/toolchain#name
 package version // import "go/version"
 
 import (
@@ -12,9 +15,10 @@ import (
 	"strings"
 )
 
-// stripGo converts from a "go1.21" version to a "1.21" version.
+// stripGo converts from a "go1.21-bigcorp" version to a "1.21" version.
 // If v does not start with "go", stripGo returns the empty string (a known invalid version).
 func stripGo(v string) string {
+	v, _, _ = strings.Cut(v, "-") // strip -bigcorp suffix.
 	if len(v) < 2 || v[:2] != "go" {
 		return ""
 	}
@@ -50,8 +54,6 @@ func Lang(x string) string {
 // valid versions and equal to each other.
 // The language version "go1.21" compares less than the
 // release candidate and eventual releases "go1.21rc1" and "go1.21.0".
-// Custom toolchain suffixes are ignored during comparison:
-// "go1.21.0" and "go1.21.0-bigcorp" are equal.
 func Compare(x, y string) int {
 	return gover.Compare(stripGo(x), stripGo(y))
 }

src/go/version/version_test.go

@@ -23,13 +23,16 @@ var compareTests = []testCase2[string, string, int]{
 	{"go1.19", "go1.19.0", 0},
 	{"go1.19rc1", "go1.19", -1},
 	{"go1.20", "go1.20.0", 0},
+	{"go1.20", "go1.20.0-bigcorp", 0},
 	{"go1.20rc1", "go1.20", -1},
 	{"go1.21", "go1.21.0", -1},
+	{"go1.21", "go1.21.0-bigcorp", -1},
 	{"go1.21", "go1.21rc1", -1},
 	{"go1.21rc1", "go1.21.0", -1},
 	{"go1.6", "go1.19", -1},
 	{"go1.19", "go1.19.1", -1},
 	{"go1.19rc1", "go1.19", -1},
+	{"go1.19rc1", "go1.19", -1},
 	{"go1.19rc1", "go1.19.1", -1},
 	{"go1.19rc1", "go1.19rc2", -1},
 	{"go1.19.0", "go1.19.1", -1},

src/html/template/js.go

@@ -171,13 +171,31 @@ func jsValEscaper(args ...any) string {
 	// cyclic data. This may be an unacceptable DoS risk.
 	b, err := json.Marshal(a)
 	if err != nil {
-		// Put a space before comment so that if it is flush against
+		// While the standard JSON marshaller does not include user controlled
+		// information in the error message, if a type has a MarshalJSON method,
+		// the content of the error message is not guaranteed. Since we insert
+		// the error into the template, as part of a comment, we attempt to
+		// prevent the error from either terminating the comment, or the script
+		// block itself.
+		//
+		// In particular we:
+		//   * replace "*/" comment end tokens with "* /", which does not
+		//     terminate the comment
+		//   * replace "</script" with "\x3C/script", and "<!--" with
+		//     "\x3C!--", which prevents confusing script block termination
+		//     semantics
+		//
+		// We also put a space before the comment so that if it is flush against
 		// a division operator it is not turned into a line comment:
 		//     x/{{y}}
 		// turning into
 		//     x//* error marshaling y:
 		//          second line of error message */null
-		return fmt.Sprintf(" /* %s */null ", strings.ReplaceAll(err.Error(), "*/", "* /"))
+		errStr := err.Error()
+		errStr = strings.ReplaceAll(errStr, "*/", "* /")
+		errStr = strings.ReplaceAll(errStr, "</script", `\x3C/script`)
+		errStr = strings.ReplaceAll(errStr, "<!--", `\x3C!--`)
+		return fmt.Sprintf(" /* %s */null ", errStr)
 	}
 
 	// TODO: maybe post-process output to prevent it from containing

src/html/template/js_test.go

@@ -5,6 +5,7 @@
 package template
 
 import (
+	"errors"
 	"math"
 	"strings"
 	"testing"
@@ -103,61 +104,72 @@ func TestNextJsCtx(t *testing.T) {
 	}
 }
 
+type jsonErrType struct{}
+
+func (e *jsonErrType) MarshalJSON() ([]byte, error) {
+	return nil, errors.New("beep */ boop </script blip <!--")
+}
+
 func TestJSValEscaper(t *testing.T) {
 	tests := []struct {
-		x  any
-		js string
+		x        any
+		js       string
+		skipNest bool
 	}{
-		{int(42), " 42 "},
-		{uint(42), " 42 "},
-		{int16(42), " 42 "},
-		{uint16(42), " 42 "},
-		{int32(-42), " -42 "},
-		{uint32(42), " 42 "},
-		{int16(-42), " -42 "},
-		{uint16(42), " 42 "},
-		{int64(-42), " -42 "},
-		{uint64(42), " 42 "},
-		{uint64(1) << 53, " 9007199254740992 "},
+		{int(42), " 42 ", false},
+		{uint(42), " 42 ", false},
+		{int16(42), " 42 ", false},
+		{uint16(42), " 42 ", false},
+		{int32(-42), " -42 ", false},
+		{uint32(42), " 42 ", false},
+		{int16(-42), " -42 ", false},
+		{uint16(42), " 42 ", false},
+		{int64(-42), " -42 ", false},
+		{uint64(42), " 42 ", false},
+		{uint64(1) << 53, " 9007199254740992 ", false},
 		// ulp(1 << 53) > 1 so this loses precision in JS
 		// but it is still a representable integer literal.
-		{uint64(1)<<53 + 1, " 9007199254740993 "},
-		{float32(1.0), " 1 "},
-		{float32(-1.0), " -1 "},
-		{float32(0.5), " 0.5 "},
-		{float32(-0.5), " -0.5 "},
-		{float32(1.0) / float32(256), " 0.00390625 "},
-		{float32(0), " 0 "},
-		{math.Copysign(0, -1), " -0 "},
-		{float64(1.0), " 1 "},
-		{float64(-1.0), " -1 "},
-		{float64(0.5), " 0.5 "},
-		{float64(-0.5), " -0.5 "},
-		{float64(0), " 0 "},
-		{math.Copysign(0, -1), " -0 "},
-		{"", `""`},
-		{"foo", `"foo"`},
+		{uint64(1)<<53 + 1, " 9007199254740993 ", false},
+		{float32(1.0), " 1 ", false},
+		{float32(-1.0), " -1 ", false},
+		{float32(0.5), " 0.5 ", false},
+		{float32(-0.5), " -0.5 ", false},
+		{float32(1.0) / float32(256), " 0.00390625 ", false},
+		{float32(0), " 0 ", false},
+		{math.Copysign(0, -1), " -0 ", false},
+		{float64(1.0), " 1 ", false},
+		{float64(-1.0), " -1 ", false},
+		{float64(0.5), " 0.5 ", false},
+		{float64(-0.5), " -0.5 ", false},
+		{float64(0), " 0 ", false},
+		{math.Copysign(0, -1), " -0 ", false},
+		{"", `""`, false},
+		{"foo", `"foo"`, false},
 		// Newlines.
-		{"\r\n\u2028\u2029", `"\r\n\u2028\u2029"`},
+		{"\r\n\u2028\u2029", `"\r\n\u2028\u2029"`, false},
 		// "\v" == "v" on IE 6 so use "\u000b" instead.
-		{"\t\x0b", `"\t\u000b"`},
-		{struct{ X, Y int }{1, 2}, `{"X":1,"Y":2}`},
-		{[]any{}, "[]"},
-		{[]any{42, "foo", nil}, `[42,"foo",null]`},
-		{[]string{"<!--", "</script>", "-->"}, `["\u003c!--","\u003c/script\u003e","--\u003e"]`},
-		{"<!--", `"\u003c!--"`},
-		{"-->", `"--\u003e"`},
-		{"<![CDATA[", `"\u003c![CDATA["`},
-		{"]]>", `"]]\u003e"`},
-		{"</script", `"\u003c/script"`},
-		{"\U0001D11E", "\"\U0001D11E\""}, // or "\uD834\uDD1E"
-		{nil, " null "},
+		{"\t\x0b", `"\t\u000b"`, false},
+		{struct{ X, Y int }{1, 2}, `{"X":1,"Y":2}`, false},
+		{[]any{}, "[]", false},
+		{[]any{42, "foo", nil}, `[42,"foo",null]`, false},
+		{[]string{"<!--", "</script>", "-->"}, `["\u003c!--","\u003c/script\u003e","--\u003e"]`, false},
+		{"<!--", `"\u003c!--"`, false},
+		{"-->", `"--\u003e"`, false},
+		{"<![CDATA[", `"\u003c![CDATA["`, false},
+		{"]]>", `"]]\u003e"`, false},
+		{"</script", `"\u003c/script"`, false},
+		{"\U0001D11E", "\"\U0001D11E\"", false}, // or "\uD834\uDD1E"
+		{nil, " null ", false},
+		{&jsonErrType{}, " /* json: error calling MarshalJSON for type *template.jsonErrType: beep * / boop \\x3C/script blip \\x3C!-- */null ", true},
 	}
 
 	for _, test := range tests {
 		if js := jsValEscaper(test.x); js != test.js {
 			t.Errorf("%+v: want\n\t%q\ngot\n\t%q", test.x, test.js, js)
 		}
+		if test.skipNest {
+			continue
+		}
 		// Make sure that escaping corner cases are not broken
 		// by nesting.
 		a := []any{test.x}

src/internal/testenv/testenv_test.go

@@ -78,7 +78,7 @@ func TestHasGoBuild(t *testing.T) {
 		// we will presumably find out about it when those tests fail.)
 		switch runtime.GOOS {
 		case "ios":
-			if strings.HasSuffix(b, "-corellium") {
+			if isCorelliumBuilder(b) {
 				// The corellium environment is self-hosting, so it should be able
 				// to build even though real "ios" devices can't exec.
 			} else {
@@ -89,7 +89,7 @@ func TestHasGoBuild(t *testing.T) {
 				return
 			}
 		case "android":
-			if strings.HasSuffix(b, "-emu") && platform.MustLinkExternal(runtime.GOOS, runtime.GOARCH, false) {
+			if isEmulatedBuilder(b) && platform.MustLinkExternal(runtime.GOOS, runtime.GOARCH, false) {
 				// As of 2023-05-02, the test environment on the emulated builders is
 				// missing a C linker.
 				t.Logf("HasGoBuild is false on %s", b)
@@ -97,7 +97,7 @@ func TestHasGoBuild(t *testing.T) {
 			}
 		}
 
-		if strings.HasSuffix(b, "-noopt") {
+		if strings.Contains(b, "-noopt") {
 			// The -noopt builder sets GO_GCFLAGS, which causes tests of 'go build' to
 			// be skipped.
 			t.Logf("HasGoBuild is false on %s", b)
@@ -153,7 +153,7 @@ func TestMustHaveExec(t *testing.T) {
 			t.Errorf("expected MustHaveExec to skip on %v", runtime.GOOS)
 		}
 	case "ios":
-		if b := testenv.Builder(); strings.HasSuffix(b, "-corellium") && !hasExec {
+		if b := testenv.Builder(); isCorelliumBuilder(b) && !hasExec {
 			// Most ios environments can't exec, but the corellium builder can.
 			t.Errorf("expected MustHaveExec not to skip on %v", b)
 		}
@@ -186,3 +186,23 @@ func TestCleanCmdEnvPWD(t *testing.T) {
 	}
 	t.Error("PWD not set in cmd.Env")
 }
+
+func isCorelliumBuilder(builderName string) bool {
+	// Support both the old infra's builder names and the LUCI builder names.
+	// The former's names are ad-hoc so we could maintain this invariant on
+	// the builder side. The latter's names are structured, and "corellium" will
+	// appear as a "host" suffix after the GOOS and GOARCH, which always begin
+	// with an underscore.
+	return strings.HasSuffix(builderName, "-corellium") || strings.Contains(builderName, "_corellium")
+}
+
+func isEmulatedBuilder(builderName string) bool {
+	// Support both the old infra's builder names and the LUCI builder names.
+	// The former's names are ad-hoc so we could maintain this invariant on
+	// the builder side. The latter's names are structured, and the signifier
+	// of emulation "emu" will appear as a "host" suffix after the GOOS and
+	// GOARCH because it modifies the run environment in such a way that it
+	// the target GOOS and GOARCH may not match the host. This suffix always
+	// begins with an underscore.
+	return strings.HasSuffix(builderName, "-emu") || strings.Contains(builderName, "_emu")
+}

src/internal/trace/summary.go

@@ -21,7 +21,7 @@ type Summary struct {
 type GoroutineSummary struct {
 	ID           tracev2.GoID
 	Name         string       // A non-unique human-friendly identifier for the goroutine.
-	PC           uint64       // The start PC of the goroutine.
+	PC           uint64       // The first PC we saw for the entry function of the goroutine
 	CreationTime tracev2.Time // Timestamp of the first appearance in the trace.
 	StartTime    tracev2.Time // Timestamp of the first time it started running. 0 if the goroutine never ran.
 	EndTime      tracev2.Time // Timestamp of when the goroutine exited. 0 if the goroutine never exited.
@@ -385,10 +385,10 @@ func (s *Summarizer) Event(ev *tracev2.Event) {
 			}
 
 			// The goroutine hasn't been identified yet. Take the transition stack
-			// and identify the goroutine by the bottom-most frame of that stack.
-			// This bottom-most frame will be identical for all transitions on this
+			// and identify the goroutine by the root frame of that stack.
+			// This root frame will be identical for all transitions on this
 			// goroutine, because it represents its immutable start point.
-			if g.PC == 0 {
+			if g.Name == "" {
 				stk := st.Stack
 				if stk != tracev2.NoStack {
 					var frame tracev2.StackFrame
@@ -396,9 +396,14 @@ func (s *Summarizer) Event(ev *tracev2.Event) {
 					stk.Frames(func(f tracev2.StackFrame) bool {
 						frame = f
 						ok = true
-						return false
+						return true
 					})
 					if ok {
+						// NB: this PC won't actually be consistent for
+						// goroutines which existed at the start of the
+						// trace. The UI doesn't use it directly; this
+						// mainly serves as an indication that we
+						// actually saw a call stack for the goroutine
 						g.PC = frame.PC
 						g.Name = frame.Func
 					}

src/internal/trace/summary_test.go

@@ -18,6 +18,10 @@ func TestSummarizeGoroutinesTrace(t *testing.T) {
 		hasSyncBlockTime    bool
 		hasGCMarkAssistTime bool
 	)
+
+	assertContainsGoroutine(t, summaries, "runtime.gcBgMarkWorker")
+	assertContainsGoroutine(t, summaries, "main.main.func1")
+
 	for _, summary := range summaries {
 		basicGoroutineSummaryChecks(t, summary)
 		hasSchedWaitTime = hasSchedWaitTime || summary.SchedWaitTime > 0
@@ -232,6 +236,15 @@ func TestSummarizeTasksTrace(t *testing.T) {
 	}
 }
 
+func assertContainsGoroutine(t *testing.T, summaries map[tracev2.GoID]*GoroutineSummary, name string) {
+	for _, summary := range summaries {
+		if summary.Name == name {
+			return
+		}
+	}
+	t.Errorf("missing goroutine %s", name)
+}
+
 func basicGoroutineSummaryChecks(t *testing.T, summary *GoroutineSummary) {
 	if summary.ID == tracev2.NoGoroutine {
 		t.Error("summary found for no goroutine")

src/internal/trace/v2/order.go

@@ -302,6 +302,13 @@ func (o *ordering) advance(ev *baseEvent, evt *evTable, m ThreadID, gen uint64)
 			// Otherwise, we're talking about a G sitting in a syscall on an M.
 			// Validate the named M.
 			if mid == curCtx.M {
+				if gen != o.initialGen && curCtx.G != gid {
+					// If this isn't the first generation, we *must* have seen this
+					// binding occur already. Even if the G was blocked in a syscall
+					// for multiple generations since trace start, we would have seen
+					// a previous GoStatus event that bound the goroutine to an M.
+					return curCtx, false, fmt.Errorf("inconsistent thread for syscalling goroutine %d: thread has goroutine %d", gid, curCtx.G)
+				}
 				newCtx.G = gid
 				break
 			}

src/internal/trace/v2/testdata/testprog/wait-on-pipe.go

@@ -0,0 +1,66 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Tests a goroutine sitting blocked in a syscall for
+// an entire generation. This is a regression test for
+// #65196.
+
+//go:build ignore
+
+package main
+
+import (
+	"log"
+	"os"
+	"runtime/trace"
+	"syscall"
+	"time"
+)
+
+func main() {
+	// Create a pipe to block on.
+	var p [2]int
+	if err := syscall.Pipe(p[:]); err != nil {
+		log.Fatalf("failed to create pipe: %v", err)
+	}
+	rfd, wfd := p[0], p[1]
+
+	// Create a goroutine that blocks on the pipe.
+	done := make(chan struct{})
+	go func() {
+		var data [1]byte
+		_, err := syscall.Read(rfd, data[:])
+		if err != nil {
+			log.Fatalf("failed to read from pipe: %v", err)
+		}
+		done <- struct{}{}
+	}()
+
+	// Give the goroutine ample chance to block on the pipe.
+	time.Sleep(10 * time.Millisecond)
+
+	// Start tracing.
+	if err := trace.Start(os.Stdout); err != nil {
+		log.Fatalf("failed to start tracing: %v", err)
+	}
+
+	// This isn't enough to have a full generation pass by default,
+	// but it is generally enough in stress mode.
+	time.Sleep(100 * time.Millisecond)
+
+	// Write to the pipe to unblock it.
+	if _, err := syscall.Write(wfd, []byte{10}); err != nil {
+		log.Fatalf("failed to write to pipe: %v", err)
+	}
+
+	// Wait for the goroutine to unblock and start running.
+	// This is helpful to catch incorrect information written
+	// down for the syscall-blocked goroutine, since it'll start
+	// executing, and that execution information will be
+	// inconsistent.
+	<-done
+
+	// Stop tracing.
+	trace.Stop()
+}

src/internal/trace/v2/testdata/tests/go122-annotations-stress.test

@@ -896,7 +896,7 @@ String id=18
 String id=19
 	data="sleep"
 String id=20
-	data="runtime.GoSched"
+	data="runtime.Gosched"
 String id=21
 	data="start trace"
 String id=22

src/internal/trace/v2/testdata/tests/go122-annotations.test

@@ -220,7 +220,7 @@ String id=18
 String id=19
 	data="sleep"
 String id=20
-	data="runtime.GoSched"
+	data="runtime.Gosched"
 String id=21
 	data="start trace"
 String id=22

src/internal/trace/v2/testdata/tests/go122-gc-stress.test

@@ -4086,7 +4086,7 @@ String id=18
 String id=19
 	data="sleep"
 String id=20
-	data="runtime.GoSched"
+	data="runtime.Gosched"
 String id=21
 	data="GC mark termination"
 String id=22

src/internal/trace/v2/trace_test.go

@@ -213,7 +213,7 @@ func TestTraceFutileWakeup(t *testing.T) {
 		// Check to make sure that no goroutine in the "special" trace region
 		// ends up blocking, unblocking, then immediately blocking again.
 		//
-		// The goroutines are careful to call runtime.GoSched in between blocking,
+		// The goroutines are careful to call runtime.Gosched in between blocking,
 		// so there should never be a clean block/unblock on the goroutine unless
 		// the runtime was generating extraneous events.
 		const (
@@ -521,6 +521,15 @@ func TestTraceManyStartStop(t *testing.T) {
 	testTraceProg(t, "many-start-stop.go", nil)
 }
 
+func TestTraceWaitOnPipe(t *testing.T) {
+	switch runtime.GOOS {
+	case "dragonfly", "freebsd", "linux", "netbsd", "openbsd", "solaris":
+		testTraceProg(t, "wait-on-pipe.go", nil)
+		return
+	}
+	t.Skip("no applicable syscall.Pipe on " + runtime.GOOS)
+}
+
 func testTraceProg(t *testing.T, progName string, extra func(t *testing.T, trace, stderr []byte, stress bool)) {
 	testenv.MustHaveGoRun(t)
 

src/mime/multipart/formdata_test.go

@@ -452,6 +452,48 @@ func TestReadFormLimits(t *testing.T) {
 	}
 }
 
+func TestReadFormEndlessHeaderLine(t *testing.T) {
+	for _, test := range []struct {
+		name   string
+		prefix string
+	}{{
+		name:   "name",
+		prefix: "X-",
+	}, {
+		name:   "value",
+		prefix: "X-Header: ",
+	}, {
+		name:   "continuation",
+		prefix: "X-Header: foo\r\n  ",
+	}} {
+		t.Run(test.name, func(t *testing.T) {
+			const eol = "\r\n"
+			s := `--boundary` + eol
+			s += `Content-Disposition: form-data; name="a"` + eol
+			s += `Content-Type: text/plain` + eol
+			s += test.prefix
+			fr := io.MultiReader(
+				strings.NewReader(s),
+				neverendingReader('X'),
+			)
+			r := NewReader(fr, "boundary")
+			_, err := r.ReadForm(1 << 20)
+			if err != ErrMessageTooLarge {
+				t.Fatalf("ReadForm(1 << 20): %v, want ErrMessageTooLarge", err)
+			}
+		})
+	}
+}
+
+type neverendingReader byte
+
+func (r neverendingReader) Read(p []byte) (n int, err error) {
+	for i := range p {
+		p[i] = byte(r)
+	}
+	return len(p), nil
+}
+
 func BenchmarkReadForm(b *testing.B) {
 	for _, test := range []struct {
 		name string

src/net/http/client.go

@@ -1014,6 +1014,12 @@ func isDomainOrSubdomain(sub, parent string) bool {
 	if sub == parent {
 		return true
 	}
+	// If sub contains a :, it's probably an IPv6 address (and is definitely not a hostname).
+	// Don't check the suffix in this case, to avoid matching the contents of a IPv6 zone.
+	// For example, "::1%.www.example.com" is not a subdomain of "www.example.com".
+	if strings.ContainsAny(sub, ":%") {
+		return false
+	}
 	// If sub is "foo.example.com" and parent is "example.com",
 	// that means sub must end in "."+parent.
 	// Do it without allocating.

src/net/http/client_test.go

@@ -1711,6 +1711,7 @@ func TestShouldCopyHeaderOnRedirect(t *testing.T) {
 		{"authorization", "http://foo.com/", "https://foo.com/", true},
 		{"authorization", "http://foo.com:1234/", "http://foo.com:4321/", true},
 		{"www-authenticate", "http://foo.com/", "http://bar.com/", false},
+		{"authorization", "http://foo.com/", "http://[::1%25.foo.com]/", false},
 
 		// But subdomains should work:
 		{"www-authenticate", "http://foo.com/", "http://foo.com/", true},

src/net/http/cookiejar/jar.go

@@ -362,6 +362,13 @@ func jarKey(host string, psl PublicSuffixList) string {
 
 // isIP reports whether host is an IP address.
 func isIP(host string) bool {
+	if strings.ContainsAny(host, ":%") {
+		// Probable IPv6 address.
+		// Hostnames can't contain : or %, so this is definitely not a valid host.
+		// Treating it as an IP is the more conservative option, and avoids the risk
+		// of interpeting ::1%.www.example.com as a subtomain of www.example.com.
+		return true
+	}
 	return net.ParseIP(host) != nil
 }
 

src/net/http/cookiejar/jar_test.go

@@ -252,6 +252,7 @@ var isIPTests = map[string]bool{
 	"127.0.0.1":            true,
 	"1.2.3.4":              true,
 	"2001:4860:0:2001::68": true,
+	"::1%zone":             true,
 	"example.com":          false,
 	"1.1.1.300":            false,
 	"www.foo.bar.net":      false,
@@ -629,6 +630,15 @@ var basicsTests = [...]jarTest{
 			{"http://www.host.test:1234/", "a=1"},
 		},
 	},
+	{
+		"IPv6 zone is not treated as a host.",
+		"https://example.com/",
+		[]string{"a=1"},
+		"a=1",
+		[]query{
+			{"https://[::1%25.example.com]:80/", ""},
+		},
+	},
 }
 
 func TestBasics(t *testing.T) {

src/net/http/transport.go

@@ -1478,6 +1478,7 @@ func (t *Transport) dialConnFor(w *wantConn) {
 	defer w.afterDial()
 	ctx := w.getCtxForDial()
 	if ctx == nil {
+		t.decConnsPerHost(w.key)
 		return
 	}
 

src/net/http/transport_test.go

@@ -730,6 +730,56 @@ func testTransportMaxConnsPerHost(t *testing.T, mode testMode) {
 	}
 }
 
+func TestTransportMaxConnsPerHostDialCancellation(t *testing.T) {
+	run(t, testTransportMaxConnsPerHostDialCancellation,
+		testNotParallel, // because test uses SetPendingDialHooks
+		[]testMode{http1Mode, https1Mode, http2Mode},
+	)
+}
+
+func testTransportMaxConnsPerHostDialCancellation(t *testing.T, mode testMode) {
+	CondSkipHTTP2(t)
+
+	h := HandlerFunc(func(w ResponseWriter, r *Request) {
+		_, err := w.Write([]byte("foo"))
+		if err != nil {
+			t.Fatalf("Write: %v", err)
+		}
+	})
+
+	cst := newClientServerTest(t, mode, h)
+	defer cst.close()
+	ts := cst.ts
+	c := ts.Client()
+	tr := c.Transport.(*Transport)
+	tr.MaxConnsPerHost = 1
+
+	// This request is cancelled when dial is queued, which preempts dialing.
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	SetPendingDialHooks(cancel, nil)
+	defer SetPendingDialHooks(nil, nil)
+
+	req, _ := NewRequestWithContext(ctx, "GET", ts.URL, nil)
+	_, err := c.Do(req)
+	if !errors.Is(err, context.Canceled) {
+		t.Errorf("expected error %v, got %v", context.Canceled, err)
+	}
+
+	// This request should succeed.
+	SetPendingDialHooks(nil, nil)
+	req, _ = NewRequest("GET", ts.URL, nil)
+	resp, err := c.Do(req)
+	if err != nil {
+		t.Fatalf("request failed: %v", err)
+	}
+	defer resp.Body.Close()
+	_, err = io.ReadAll(resp.Body)
+	if err != nil {
+		t.Fatalf("read body failed: %v", err)
+	}
+}
+
 func TestTransportRemovesDeadIdleConnections(t *testing.T) {
 	run(t, testTransportRemovesDeadIdleConnections, []testMode{http1Mode})
 }

src/net/mail/message.go

@@ -280,7 +280,7 @@ func (a *Address) String() string {
 	// Add quotes if needed
 	quoteLocal := false
 	for i, r := range local {
-		if isAtext(r, false, false) {
+		if isAtext(r, false) {
 			continue
 		}
 		if r == '.' {
@@ -444,7 +444,7 @@ func (p *addrParser) parseAddress(handleGroup bool) ([]*Address, error) {
 	if !p.consume('<') {
 		atext := true
 		for _, r := range displayName {
-			if !isAtext(r, true, false) {
+			if !isAtext(r, true) {
 				atext = false
 				break
 			}
@@ -479,7 +479,9 @@ func (p *addrParser) consumeGroupList() ([]*Address, error) {
 	// handle empty group.
 	p.skipSpace()
 	if p.consume(';') {
-		p.skipCFWS()
+		if !p.skipCFWS() {
+			return nil, errors.New("mail: misformatted parenthetical comment")
+		}
 		return group, nil
 	}
 
@@ -496,7 +498,9 @@ func (p *addrParser) consumeGroupList() ([]*Address, error) {
 			return nil, errors.New("mail: misformatted parenthetical comment")
 		}
 		if p.consume(';') {
-			p.skipCFWS()
+			if !p.skipCFWS() {
+				return nil, errors.New("mail: misformatted parenthetical comment")
+			}
 			break
 		}
 		if !p.consume(',') {
@@ -566,6 +570,12 @@ func (p *addrParser) consumePhrase() (phrase string, err error) {
 	var words []string
 	var isPrevEncoded bool
 	for {
+		// obs-phrase allows CFWS after one word
+		if len(words) > 0 {
+			if !p.skipCFWS() {
+				return "", errors.New("mail: misformatted parenthetical comment")
+			}
+		}
 		// word = atom / quoted-string
 		var word string
 		p.skipSpace()
@@ -661,7 +671,6 @@ Loop:
 // If dot is true, consumeAtom parses an RFC 5322 dot-atom instead.
 // If permissive is true, consumeAtom will not fail on:
 // - leading/trailing/double dots in the atom (see golang.org/issue/4938)
-// - special characters (RFC 5322 3.2.3) except '<', '>', ':' and '"' (see golang.org/issue/21018)
 func (p *addrParser) consumeAtom(dot bool, permissive bool) (atom string, err error) {
 	i := 0
 
@@ -672,7 +681,7 @@ Loop:
 		case size == 1 && r == utf8.RuneError:
 			return "", fmt.Errorf("mail: invalid utf-8 in address: %q", p.s)
 
-		case size == 0 || !isAtext(r, dot, permissive):
+		case size == 0 || !isAtext(r, dot):
 			break Loop
 
 		default:
@@ -850,18 +859,13 @@ func (e charsetError) Error() string {
 
 // isAtext reports whether r is an RFC 5322 atext character.
 // If dot is true, period is included.
-// If permissive is true, RFC 5322 3.2.3 specials is included,
-// except '<', '>', ':' and '"'.
-func isAtext(r rune, dot, permissive bool) bool {
+func isAtext(r rune, dot bool) bool {
 	switch r {
 	case '.':
 		return dot
 
 	// RFC 5322 3.2.3. specials
-	case '(', ')', '[', ']', ';', '@', '\\', ',':
-		return permissive
-
-	case '<', '>', '"', ':':
+	case '(', ')', '<', '>', '[', ']', ':', ';', '@', '\\', ',', '"': // RFC 5322 3.2.3. specials
 		return false
 	}
 	return isVchar(r)

src/net/mail/message_test.go

@@ -385,8 +385,11 @@ func TestAddressParsingError(t *testing.T) {
 		13: {"group not closed: null@example.com", "expected comma"},
 		14: {"group: first@example.com, second@example.com;", "group with multiple addresses"},
 		15: {"john.doe", "missing '@' or angle-addr"},
-		16: {"john.doe@", "no angle-addr"},
+		16: {"john.doe@", "missing '@' or angle-addr"},
 		17: {"John Doe@foo.bar", "no angle-addr"},
+		18: {" group: null@example.com; (asd", "misformatted parenthetical comment"},
+		19: {" group: ; (asd", "misformatted parenthetical comment"},
+		20: {`(John) Doe <jdoe@machine.example>`, "missing word in phrase:"},
 	}
 
 	for i, tc := range mustErrTestCases {
@@ -436,6 +439,15 @@ func TestAddressParsing(t *testing.T) {
 				Address: "john.q.public@example.com",
 			}},
 		},
+		// Comment in display name
+		{
+			`John (middle) Doe <jdoe@machine.example>`,
+			[]*Address{{
+				Name:    "John Doe",
+				Address: "jdoe@machine.example",
+			}},
+		},
+		// Display name is quoted string, so comment is not a comment
 		{
 			`"John (middle) Doe" <jdoe@machine.example>`,
 			[]*Address{{
@@ -443,20 +455,6 @@ func TestAddressParsing(t *testing.T) {
 				Address: "jdoe@machine.example",
 			}},
 		},
-		{
-			`John (middle) Doe <jdoe@machine.example>`,
-			[]*Address{{
-				Name:    "John (middle) Doe",
-				Address: "jdoe@machine.example",
-			}},
-		},
-		{
-			`John !@M@! Doe <jdoe@machine.example>`,
-			[]*Address{{
-				Name:    "John !@M@! Doe",
-				Address: "jdoe@machine.example",
-			}},
-		},
 		{
 			`"John <middle> Doe" <jdoe@machine.example>`,
 			[]*Address{{
@@ -788,6 +786,26 @@ func TestAddressParsing(t *testing.T) {
 				},
 			},
 		},
+		// Comment in group display name
+		{
+			`group (comment:): a@example.com, b@example.com;`,
+			[]*Address{
+				{
+					Address: "a@example.com",
+				},
+				{
+					Address: "b@example.com",
+				},
+			},
+		},
+		{
+			`x(:"):"@a.example;("@b.example;`,
+			[]*Address{
+				{
+					Address: `@a.example;(@b.example`,
+				},
+			},
+		},
 	}
 	for _, test := range tests {
 		if len(test.exp) == 1 {

src/net/net_fake.go

@@ -14,6 +14,7 @@ import (
 	"errors"
 	"io"
 	"os"
+	"runtime"
 	"sync"
 	"sync/atomic"
 	"syscall"
@@ -513,6 +514,15 @@ func (pq *packetQueue) send(dt *deadlineTimer, b []byte, from sockaddr, block bo
 	if !block {
 		full = pq.full
 	}
+
+	// Before we check dt.expired, yield to other goroutines.
+	// This may help to prevent starvation of the goroutine that runs the
+	// deadlineTimer's time.After callback.
+	//
+	// TODO(#65178): Remove this when the runtime scheduler no longer starves
+	// runnable goroutines.
+	runtime.Gosched()
+
 	select {
 	case <-dt.expired:
 		return 0, os.ErrDeadlineExceeded
@@ -563,6 +573,15 @@ func (pq *packetQueue) recvfrom(dt *deadlineTimer, b []byte, wholePacket bool, c
 		// (Without this, TestZeroByteRead deadlocks.)
 		empty = pq.empty
 	}
+
+	// Before we check dt.expired, yield to other goroutines.
+	// This may help to prevent starvation of the goroutine that runs the
+	// deadlineTimer's time.After callback.
+	//
+	// TODO(#65178): Remove this when the runtime scheduler no longer starves
+	// runnable goroutines.
+	runtime.Gosched()
+
 	select {
 	case <-dt.expired:
 		return 0, nil, os.ErrDeadlineExceeded

src/net/textproto/reader.go

@@ -16,6 +16,10 @@ import (
 	"sync"
 )
 
+// TODO: This should be a distinguishable error (ErrMessageTooLarge)
+// to allow mime/multipart to detect it.
+var errMessageTooLarge = errors.New("message too large")
+
 // A Reader implements convenience methods for reading requests
 // or responses from a text protocol network connection.
 type Reader struct {
@@ -36,20 +40,23 @@ func NewReader(r *bufio.Reader) *Reader {
 // ReadLine reads a single line from r,
 // eliding the final \n or \r\n from the returned string.
 func (r *Reader) ReadLine() (string, error) {
-	line, err := r.readLineSlice()
+	line, err := r.readLineSlice(-1)
 	return string(line), err
 }
 
 // ReadLineBytes is like [Reader.ReadLine] but returns a []byte instead of a string.
 func (r *Reader) ReadLineBytes() ([]byte, error) {
-	line, err := r.readLineSlice()
+	line, err := r.readLineSlice(-1)
 	if line != nil {
 		line = bytes.Clone(line)
 	}
 	return line, err
 }
 
-func (r *Reader) readLineSlice() ([]byte, error) {
+// readLineSlice reads a single line from r,
+// up to lim bytes long (or unlimited if lim is less than 0),
+// eliding the final \r or \r\n from the returned string.
+func (r *Reader) readLineSlice(lim int64) ([]byte, error) {
 	r.closeDot()
 	var line []byte
 	for {
@@ -57,6 +64,9 @@ func (r *Reader) readLineSlice() ([]byte, error) {
 		if err != nil {
 			return nil, err
 		}
+		if lim >= 0 && int64(len(line))+int64(len(l)) > lim {
+			return nil, errMessageTooLarge
+		}
 		// Avoid the copy if the first call produced a full line.
 		if line == nil && !more {
 			return l, nil
@@ -88,7 +98,7 @@ func (r *Reader) readLineSlice() ([]byte, error) {
 //
 // Empty lines are never continued.
 func (r *Reader) ReadContinuedLine() (string, error) {
-	line, err := r.readContinuedLineSlice(noValidation)
+	line, err := r.readContinuedLineSlice(-1, noValidation)
 	return string(line), err
 }
 
@@ -109,7 +119,7 @@ func trim(s []byte) []byte {
 // ReadContinuedLineBytes is like [Reader.ReadContinuedLine] but
 // returns a []byte instead of a string.
 func (r *Reader) ReadContinuedLineBytes() ([]byte, error) {
-	line, err := r.readContinuedLineSlice(noValidation)
+	line, err := r.readContinuedLineSlice(-1, noValidation)
 	if line != nil {
 		line = bytes.Clone(line)
 	}
@@ -120,13 +130,14 @@ func (r *Reader) ReadContinuedLineBytes() ([]byte, error) {
 // returning a byte slice with all lines. The validateFirstLine function
 // is run on the first read line, and if it returns an error then this
 // error is returned from readContinuedLineSlice.
-func (r *Reader) readContinuedLineSlice(validateFirstLine func([]byte) error) ([]byte, error) {
+// It reads up to lim bytes of data (or unlimited if lim is less than 0).
+func (r *Reader) readContinuedLineSlice(lim int64, validateFirstLine func([]byte) error) ([]byte, error) {
 	if validateFirstLine == nil {
 		return nil, fmt.Errorf("missing validateFirstLine func")
 	}
 
 	// Read the first line.
-	line, err := r.readLineSlice()
+	line, err := r.readLineSlice(lim)
 	if err != nil {
 		return nil, err
 	}
@@ -154,13 +165,21 @@ func (r *Reader) readContinuedLineSlice(validateFirstLine func([]byte) error) ([
 	// copy the slice into buf.
 	r.buf = append(r.buf[:0], trim(line)...)
 
+	if lim < 0 {
+		lim = math.MaxInt64
+	}
+	lim -= int64(len(r.buf))
+
 	// Read continuation lines.
 	for r.skipSpace() > 0 {
-		line, err := r.readLineSlice()
+		r.buf = append(r.buf, ' ')
+		if int64(len(r.buf)) >= lim {
+			return nil, errMessageTooLarge
+		}
+		line, err := r.readLineSlice(lim - int64(len(r.buf)))
 		if err != nil {
 			break
 		}
-		r.buf = append(r.buf, ' ')
 		r.buf = append(r.buf, trim(line)...)
 	}
 	return r.buf, nil
@@ -507,7 +526,8 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error)
 
 	// The first line cannot start with a leading space.
 	if buf, err := r.R.Peek(1); err == nil && (buf[0] == ' ' || buf[0] == '\t') {
-		line, err := r.readLineSlice()
+		const errorLimit = 80 // arbitrary limit on how much of the line we'll quote
+		line, err := r.readLineSlice(errorLimit)
 		if err != nil {
 			return m, err
 		}
@@ -515,7 +535,7 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error)
 	}
 
 	for {
-		kv, err := r.readContinuedLineSlice(mustHaveFieldNameColon)
+		kv, err := r.readContinuedLineSlice(maxMemory, mustHaveFieldNameColon)
 		if len(kv) == 0 {
 			return m, err
 		}
@@ -544,7 +564,7 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error)
 
 		maxHeaders--
 		if maxHeaders < 0 {
-			return nil, errors.New("message too large")
+			return nil, errMessageTooLarge
 		}
 
 		// Skip initial spaces in value.
@@ -557,9 +577,7 @@ func readMIMEHeader(r *Reader, maxMemory, maxHeaders int64) (MIMEHeader, error)
 		}
 		maxMemory -= int64(len(value))
 		if maxMemory < 0 {
-			// TODO: This should be a distinguishable error (ErrMessageTooLarge)
-			// to allow mime/multipart to detect it.
-			return m, errors.New("message too large")
+			return m, errMessageTooLarge
 		}
 		if vv == nil && len(strs) > 0 {
 			// More than likely this will be a single-element key.

src/net/textproto/reader_test.go

@@ -36,6 +36,18 @@ func TestReadLine(t *testing.T) {
 	}
 }
 
+func TestReadLineLongLine(t *testing.T) {
+	line := strings.Repeat("12345", 10000)
+	r := reader(line + "\r\n")
+	s, err := r.ReadLine()
+	if err != nil {
+		t.Fatalf("Line 1: %v", err)
+	}
+	if s != line {
+		t.Fatalf("%v-byte line does not match expected %v-byte line", len(s), len(line))
+	}
+}
+
 func TestReadContinuedLine(t *testing.T) {
 	r := reader("line1\nline\n 2\nline3\n")
 	s, err := r.ReadContinuedLine()

src/runtime/internal/atomic/atomic_arm.s

@@ -41,8 +41,10 @@ casl:
 	BNE	casl
 	MOVW	$1, R0
 
-	CMP	$7, R8
-	BLT	2(PC)
+#ifndef GOARM_7
+	CMP	$0, R11
+	BEQ	2(PC)
+#endif
 	DMB	MB_ISH
 
 	MOVB	R0, ret+12(FP)

src/runtime/proc.go

@@ -4404,8 +4404,8 @@ func entersyscall_gcwait() {
 	pp := gp.m.oldp.ptr()
 
 	lock(&sched.lock)
+	trace := traceAcquire()
 	if sched.stopwait > 0 && atomic.Cas(&pp.status, _Psyscall, _Pgcstop) {
-		trace := traceAcquire()
 		if trace.ok() {
 			if goexperiment.ExecTracer2 {
 				// This is a steal in the new tracer. While it's very likely
@@ -4428,6 +4428,8 @@ func entersyscall_gcwait() {
 		if sched.stopwait--; sched.stopwait == 0 {
 			notewakeup(&sched.stopnote)
 		}
+	} else if trace.ok() {
+		traceRelease(trace)
 	}
 	unlock(&sched.lock)
 }
@@ -4605,12 +4607,19 @@ func exitsyscallfast(oldp *p) bool {
 	}
 
 	// Try to re-acquire the last P.
+	trace := traceAcquire()
 	if oldp != nil && oldp.status == _Psyscall && atomic.Cas(&oldp.status, _Psyscall, _Pidle) {
 		// There's a cpu for us, so we can run.
 		wirep(oldp)
-		exitsyscallfast_reacquired()
+		exitsyscallfast_reacquired(trace)
+		if trace.ok() {
+			traceRelease(trace)
+		}
 		return true
 	}
+	if trace.ok() {
+		traceRelease(trace)
+	}
 
 	// Try to get any other idle P.
 	if sched.pidle != 0 {
@@ -4646,10 +4655,9 @@ func exitsyscallfast(oldp *p) bool {
 // syscall.
 //
 //go:nosplit
-func exitsyscallfast_reacquired() {
+func exitsyscallfast_reacquired(trace traceLocker) {
 	gp := getg()
 	if gp.m.syscalltick != gp.m.p.ptr().syscalltick {
-		trace := traceAcquire()
 		if trace.ok() {
 			// The p was retaken and then enter into syscall again (since gp.m.syscalltick has changed).
 			// traceGoSysBlock for this syscall was already emitted,
@@ -4666,7 +4674,6 @@ func exitsyscallfast_reacquired() {
 					// Denote completion of the current syscall.
 					trace.GoSysExit(true)
 				}
-				traceRelease(trace)
 			})
 		}
 		gp.m.p.ptr().syscalltick++
@@ -6146,8 +6153,8 @@ func retake(now int64) uint32 {
 			// Otherwise the M from which we retake can exit the syscall,
 			// increment nmidle and report deadlock.
 			incidlelocked(-1)
+			trace := traceAcquire()
 			if atomic.Cas(&pp.status, s, _Pidle) {
-				trace := traceAcquire()
 				if trace.ok() {
 					trace.GoSysBlock(pp)
 					trace.ProcSteal(pp, false)
@@ -6156,6 +6163,8 @@ func retake(now int64) uint32 {
 				n++
 				pp.syscalltick++
 				handoffp(pp)
+			} else if trace.ok() {
+				traceRelease(trace)
 			}
 			incidlelocked(1)
 			lock(&allpLock)

src/runtime/trace2.go

@@ -71,7 +71,8 @@ var trace struct {
 	stringTab [2]traceStringTable // maps strings to unique ids
 
 	// cpuLogRead accepts CPU profile samples from the signal handler where
-	// they're generated. It uses a three-word header to hold the IDs of the P, G,
+	// they're generated. There are two profBufs here: one for gen%2, one for
+	// 1-gen%2. These profBufs use a three-word header to hold the IDs of the P, G,
 	// and M (respectively) that were active at the time of the sample. Because
 	// profBuf uses a record with all zeros in its header to indicate overflow,
 	// we make sure to make the P field always non-zero: The ID of a real P will
@@ -82,9 +83,9 @@ var trace struct {
 	// when sampling g0.
 	//
 	// Initialization and teardown of these fields is protected by traceAdvanceSema.
-	cpuLogRead  *profBuf
-	signalLock  atomic.Uint32           // protects use of the following member, only usable in signal handlers
-	cpuLogWrite atomic.Pointer[profBuf] // copy of cpuLogRead for use in signal handlers, set without signalLock
+	cpuLogRead  [2]*profBuf
+	signalLock  atomic.Uint32              // protects use of the following member, only usable in signal handlers
+	cpuLogWrite [2]atomic.Pointer[profBuf] // copy of cpuLogRead for use in signal handlers, set without signalLock
 	cpuSleep    *wakeableSleep
 	cpuLogDone  <-chan struct{}
 	cpuBuf      [2]*traceBuf
@@ -334,7 +335,7 @@ func traceAdvance(stopTrace bool) {
 			if !s.dead {
 				ug.goid = s.g.goid
 				if s.g.m != nil {
-					ug.mid = s.g.m.id
+					ug.mid = int64(s.g.m.procid)
 				}
 				ug.status = readgstatus(s.g) &^ _Gscan
 				ug.waitreason = s.g.waitreason
@@ -515,6 +516,9 @@ func traceAdvance(stopTrace bool) {
 	}
 	statusWriter.flush().end()
 
+	// Read everything out of the last gen's CPU profile buffer.
+	traceReadCPU(gen)
+
 	systemstack(func() {
 		// Flush CPU samples, stacks, and strings for the last generation. This is safe,
 		// because we're now certain no M is writing to the last generation.
@@ -931,7 +935,13 @@ func newWakeableSleep() *wakeableSleep {
 func (s *wakeableSleep) sleep(ns int64) {
 	resetTimer(s.timer, nanotime()+ns)
 	lock(&s.lock)
+	if raceenabled {
+		raceacquire(unsafe.Pointer(&s.lock))
+	}
 	wakeup := s.wakeup
+	if raceenabled {
+		racerelease(unsafe.Pointer(&s.lock))
+	}
 	unlock(&s.lock)
 	<-wakeup
 	stopTimer(s.timer)
@@ -944,6 +954,9 @@ func (s *wakeableSleep) wake() {
 	// Grab the wakeup channel, which may be nil if we're
 	// racing with close.
 	lock(&s.lock)
+	if raceenabled {
+		raceacquire(unsafe.Pointer(&s.lock))
+	}
 	if s.wakeup != nil {
 		// Non-blocking send.
 		//
@@ -955,6 +968,9 @@ func (s *wakeableSleep) wake() {
 		default:
 		}
 	}
+	if raceenabled {
+		racerelease(unsafe.Pointer(&s.lock))
+	}
 	unlock(&s.lock)
 }
 
@@ -968,11 +984,18 @@ func (s *wakeableSleep) wake() {
 func (s *wakeableSleep) close() {
 	// Set wakeup to nil so that a late timer ends up being a no-op.
 	lock(&s.lock)
+	if raceenabled {
+		raceacquire(unsafe.Pointer(&s.lock))
+	}
 	wakeup := s.wakeup
 	s.wakeup = nil
 
 	// Close the channel.
 	close(wakeup)
+
+	if raceenabled {
+		racerelease(unsafe.Pointer(&s.lock))
+	}
 	unlock(&s.lock)
 	return
 }

src/runtime/trace2cpu.go

@@ -16,8 +16,9 @@ func traceInitReadCPU() {
 		throw("traceInitReadCPU called with trace enabled")
 	}
 	// Create new profBuf for CPU samples that will be emitted as events.
-	profBuf := newProfBuf(3, profBufWordCount, profBufTagCount) // after the timestamp, header is [pp.id, gp.goid, mp.procid]
-	trace.cpuLogRead = profBuf
+	// Format: after the timestamp, header is [pp.id, gp.goid, mp.procid].
+	trace.cpuLogRead[0] = newProfBuf(3, profBufWordCount, profBufTagCount)
+	trace.cpuLogRead[1] = newProfBuf(3, profBufWordCount, profBufTagCount)
 	// We must not acquire trace.signalLock outside of a signal handler: a
 	// profiling signal may arrive at any time and try to acquire it, leading to
 	// deadlock. Because we can't use that lock to protect updates to
@@ -25,7 +26,8 @@ func traceInitReadCPU() {
 	// writes of the pointer must be atomic. (And although this field is never
 	// the sole pointer to the profBuf value, it's best to allow a write barrier
 	// here.)
-	trace.cpuLogWrite.Store(profBuf)
+	trace.cpuLogWrite[0].Store(trace.cpuLogRead[0])
+	trace.cpuLogWrite[1].Store(trace.cpuLogRead[1])
 }
 
 // traceStartReadCPU creates a goroutine to start reading CPU profile
@@ -52,7 +54,15 @@ func traceStartReadCPU() {
 			// we would still want to do a goroutine-level sleep in between
 			// reads to avoid frequent wakeups.
 			trace.cpuSleep.sleep(100_000_000)
-			if !traceReadCPU(trace.cpuLogRead) {
+
+			tl := traceAcquire()
+			if !tl.ok() {
+				// Tracing disabled.
+				break
+			}
+			keepGoing := traceReadCPU(tl.gen)
+			traceRelease(tl)
+			if !keepGoing {
 				break
 			}
 		}
@@ -76,8 +86,10 @@ func traceStopReadCPU() {
 	//
 	// Wake the goroutine so it can observe that their the buffer is
 	// closed an exit.
-	trace.cpuLogWrite.Store(nil)
-	trace.cpuLogRead.close()
+	trace.cpuLogWrite[0].Store(nil)
+	trace.cpuLogWrite[1].Store(nil)
+	trace.cpuLogRead[0].close()
+	trace.cpuLogRead[1].close()
 	trace.cpuSleep.wake()
 
 	// Wait until the logger goroutine exits.
@@ -85,20 +97,28 @@ func traceStopReadCPU() {
 
 	// Clear state for the next trace.
 	trace.cpuLogDone = nil
-	trace.cpuLogRead = nil
+	trace.cpuLogRead[0] = nil
+	trace.cpuLogRead[1] = nil
 	trace.cpuSleep.close()
 }
 
-// traceReadCPU attempts to read from the provided profBuf and write
+// traceReadCPU attempts to read from the provided profBuf[gen%2] and write
 // into the trace. Returns true if there might be more to read or false
 // if the profBuf is closed or the caller should otherwise stop reading.
 //
+// The caller is responsible for ensuring that gen does not change. Either
+// the caller must be in a traceAcquire/traceRelease block, or must be calling
+// with traceAdvanceSema held.
+//
 // No more than one goroutine may be in traceReadCPU for the same
 // profBuf at a time.
-func traceReadCPU(pb *profBuf) bool {
+//
+// Must not run on the system stack because profBuf.read performs race
+// operations.
+func traceReadCPU(gen uintptr) bool {
 	var pcBuf [traceStackSize]uintptr
 
-	data, tags, eof := pb.read(profBufNonBlocking)
+	data, tags, eof := trace.cpuLogRead[gen%2].read(profBufNonBlocking)
 	for len(data) > 0 {
 		if len(data) < 4 || data[0] > uint64(len(data)) {
 			break // truncated profile
@@ -147,12 +167,7 @@ func traceReadCPU(pb *profBuf) bool {
 		}
 
 		// Write out a trace event.
-		tl := traceAcquire()
-		if !tl.ok() {
-			// Tracing disabled, exit without continuing.
-			return false
-		}
-		w := unsafeTraceWriter(tl.gen, trace.cpuBuf[tl.gen%2])
+		w := unsafeTraceWriter(gen, trace.cpuBuf[gen%2])
 
 		// Ensure we have a place to write to.
 		var flushed bool
@@ -163,7 +178,7 @@ func traceReadCPU(pb *profBuf) bool {
 		}
 
 		// Add the stack to the table.
-		stackID := trace.stackTab[tl.gen%2].put(pcBuf[:nstk])
+		stackID := trace.stackTab[gen%2].put(pcBuf[:nstk])
 
 		// Write out the CPU sample.
 		w.byte(byte(traceEvCPUSample))
@@ -173,8 +188,7 @@ func traceReadCPU(pb *profBuf) bool {
 		w.varint(goid)
 		w.varint(stackID)
 
-		trace.cpuBuf[tl.gen%2] = w.traceBuf
-		traceRelease(tl)
+		trace.cpuBuf[gen%2] = w.traceBuf
 	}
 	return !eof
 }
@@ -187,6 +201,7 @@ func traceReadCPU(pb *profBuf) bool {
 //
 //go:systemstack
 func traceCPUFlush(gen uintptr) {
+	// Flush any remaining trace buffers containing CPU samples.
 	if buf := trace.cpuBuf[gen%2]; buf != nil {
 		lock(&trace.lock)
 		traceBufFlush(buf, gen)
@@ -197,13 +212,38 @@ func traceCPUFlush(gen uintptr) {
 
 // traceCPUSample writes a CPU profile sample stack to the execution tracer's
 // profiling buffer. It is called from a signal handler, so is limited in what
-// it can do.
+// it can do. mp must be the thread that is currently stopped in a signal.
 func traceCPUSample(gp *g, mp *m, pp *p, stk []uintptr) {
 	if !traceEnabled() {
 		// Tracing is usually turned off; don't spend time acquiring the signal
 		// lock unless it's active.
 		return
 	}
+	if mp == nil {
+		// Drop samples that don't have an identifiable thread. We can't render
+		// this in any useful way anyway.
+		return
+	}
+
+	// We're going to conditionally write to one of two buffers based on the
+	// generation. To make sure we write to the correct one, we need to make
+	// sure this thread's trace seqlock is held. If it already is, then we're
+	// in the tracer and we can just take advantage of that. If it isn't, then
+	// we need to acquire it and read the generation.
+	locked := false
+	if mp.trace.seqlock.Load()%2 == 0 {
+		mp.trace.seqlock.Add(1)
+		locked = true
+	}
+	gen := trace.gen.Load()
+	if gen == 0 {
+		// Tracing is disabled, as it turns out. Release the seqlock if necessary
+		// and exit.
+		if locked {
+			mp.trace.seqlock.Add(1)
+		}
+		return
+	}
 
 	now := traceClockNow()
 	// The "header" here is the ID of the M that was running the profiled code,
@@ -231,7 +271,7 @@ func traceCPUSample(gp *g, mp *m, pp *p, stk []uintptr) {
 		osyield()
 	}
 
-	if log := trace.cpuLogWrite.Load(); log != nil {
+	if log := trace.cpuLogWrite[gen%2].Load(); log != nil {
 		// Note: we don't pass a tag pointer here (how should profiling tags
 		// interact with the execution tracer?), but if we did we'd need to be
 		// careful about write barriers. See the long comment in profBuf.write.
@@ -239,4 +279,9 @@ func traceCPUSample(gp *g, mp *m, pp *p, stk []uintptr) {
 	}
 
 	trace.signalLock.Store(0)
+
+	// Release the seqlock if we acquired it earlier.
+	if locked {
+		mp.trace.seqlock.Add(1)
+	}
 }

src/runtime/trace2map.go

@@ -141,5 +141,11 @@ func (tab *traceMap) reset() {
 	assertLockHeld(&tab.lock)
 	tab.mem.drop()
 	tab.seq.Store(0)
-	tab.tab = [1 << 13]atomic.UnsafePointer{}
+	// Clear table without write barriers. The table consists entirely
+	// of notinheap pointers, so this is fine.
+	//
+	// Write barriers may theoretically call into the tracer and acquire
+	// the lock again, and this lock ordering is expressed in the static
+	// lock ranking checker.
+	memclrNoHeapPointers(unsafe.Pointer(&tab.tab), unsafe.Sizeof(tab.tab))
 }

src/runtime/trace2runtime.go

@@ -133,7 +133,7 @@ const (
 
 var traceGoStopReasonStrings = [...]string{
 	traceGoStopGeneric:   "unspecified",
-	traceGoStopGoSched:   "runtime.GoSched",
+	traceGoStopGoSched:   "runtime.Gosched",
 	traceGoStopPreempted: "preempted",
 }
 
@@ -192,7 +192,12 @@ func traceAcquireEnabled() traceLocker {
 	// Prevent preemption.
 	mp := acquirem()
 
-	// Acquire the trace seqlock.
+	// Acquire the trace seqlock. This prevents traceAdvance from moving forward
+	// until all Ms are observed to be outside of their seqlock critical section.
+	//
+	// Note: The seqlock is mutated here and also in traceCPUSample. If you update
+	// usage of the seqlock here, make sure to also look at what traceCPUSample is
+	// doing.
 	seq := mp.trace.seqlock.Add(1)
 	if debugTraceReentrancy && seq%2 != 1 {
 		throw("bad use of trace.seqlock or tracer is reentrant")