The team behind programming language Go has released version 1.14 of its project, which is dotted with performance and security improvements, but also gives devs more flexibility when it comes to module use.
Google-bred Go is the language most containerisation projects are built with. The wide adoption of this approach is one of the reasons that made the Go team implement a new feedback-based system for language enhancements. In it, only a limited number of new features are proposed for an upcoming release, giving the community room to weigh in on them.
If they decide a change will do more good than harm the feature will make it into the new version. However, since alterations affect a quite wide range of people, they are often heavily disputed. This already led to the abandoning of a proposal thought to improve the language’s often discussed error handling. Currently, a couple of new vet checks and minor adjustments are discussed for the 1.15 release.
Updates in Go 1.14 mainly concern the toolchain, runtime, and libraries. The only change to the language allows for methods of embedded interfaces to have the same name and signature as those on the embedding interface.
Supposedly to facilitate the creation of somewhat safer applications, version 1.14 includes a hash/maphash package. The hash functions on byte sequences contained in it are meant to help with the implementation of hash tables or similar data structures. The Go team warns though that “the hash functions are collision-resistant but not cryptographically secure.”
Looking into the tool changes, the go command now sets -mod=vendor for operations accepting that flag should a top-level vendor directory be present and the current release version specified. If this shouldn’t be desired, a new -mod=mod flag will help to keep loading modules from cache.
Other new flags are -modecacherw and -modfile=file. While the first instructs the go command to “leave newly-created directories in the module cache at their default permissions rather than making them read-only”, the second lets it read a go.mod file other than that in the module root directory. There’s also a new environment variable called GOINSECURE. It mainly allows the skipping of certificate validation and can be used without opening a HTTPS connection when fetching modules from their origin.
Go’s compiler can now emit machine-readable logs for key optimisation and its detailed escape analysis diagnostics should be working as usual again. The compiler has been fitted with a -d=checkptr compile-time option “for adding instrumentation to check that Go code is following unsafe.Pointer safety rules dynamically”. Windows users should however refrain from using it, since it is known to cause false alerts in its current form.
The Go team also looked into the language’s runtime, which led to some performance improvements in defer, meaning it can now be used in code where little overhead is critical. Since Goroutines are asynchronously preemptible now, “loops without function calls no longer potentially deadlock the scheduler or significantly delay garbage collection” on most platforms.
Go 1.14 is the last release to run on macOS 10.11 and support 32-bit binaries on Apple’s operating system. Meanwhile binaries for Windows come with data execution prevention enabled, experimental support for 64-bit RISC-V on Linux is included, and v1.14 should work with 64-bit ARM architecture on FreeBSD 12.0 or later. More port infos can be found in the language’s documentation.