Fixes#67470
Change-Id: Idc5997859602ff6155aa9ae875b327fbcb53513d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586717
Reviewed-by: Alan Donovan <adonovan@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Commit-Queue: Ian Lance Taylor <iant@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
During handshake, lift the message length limit, but only for
certificate messages.
Fixes#50773
Change-Id: Ida9d83f4219c4386ca71ed3ef72b22259665a187
Reviewed-on: https://go-review.googlesource.com/c/go/+/585402
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
VerifyPKCS1v15 doesn't need to be constant time and can do the safer and
simpler construct-and-compare.
Updates #67043
Change-Id: I014cfd4485fad409c5f86be71488da63af25a584
Reviewed-on: https://go-review.googlesource.com/c/go/+/587278
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
When verifying the name "test", a SAN with a bare wildcard ("*") should
not constitute a match.
Updates #65085
Change-Id: I02151761e2f29f3e358708a3f723af32b0d79288
Reviewed-on: https://go-review.googlesource.com/c/go/+/585076
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
The current implementation doesn't resolve as per spec RFC 3986 the case
where the base URL has an opaque value, and the reference doesn't have
either a scheme, authority or path. Currently, this specific case falls
back to the "abs_path" or "rel_path" cases, where the final path results
of the base_path being resolved relatively to the reference's, but since
the opaque value is stored independently, it needs a case of its own.
The algorith for resolving references is defined in RFC 3986 section 5.2.2:
https://www.rfc-editor.org/rfc/rfc3986.html#section-5.2.2Fixes#66084
Change-Id: I82813e2333d8f2c4433c742f10e8c941888b55ac
GitHub-Last-Rev: cb96626988
GitHub-Pull-Request: golang/go#66415
Reviewed-on: https://go-review.googlesource.com/c/go/+/572915
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
This sets us up for ECH, which need compressible extensions to be
contiguous. Put them at the end to make things easier for everyone.
Change-Id: I2a51f76d5fcd1b6d82325f5a4a8cde6d75f1be0c
Reviewed-on: https://go-review.googlesource.com/c/go/+/585437
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Auto-Submit: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Only implements the sender role, since that's all we need for
client-side ECH for now.
Change-Id: Ia7cba1bc3bad8e8dc801d98d5ea859738b1f2790
Reviewed-on: https://go-review.googlesource.com/c/go/+/585436
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Some of the new experimental events added have a problem in that they
might be emitted during stack growth. This is, to my knowledge, the only
restriction on the tracer, because the tracer otherwise prevents
preemption, avoids allocation, and avoids write barriers. However, the
stack can grow from within the tracer. This leads to
tracing-during-tracing which can result in lost buffers and broken event
streams. (There's a debug mode to get a nice error message, but it's
disabled by default.)
This change resolves the problem by skipping writing out these new
events. This results in the new events sometimes being broken (alloc
without a free, free without an alloc) but for now that's OK. Before the
freeze begins we just want to fix broken tests; tools interpreting these
events will be totally in-house to begin with, and if they have to be a
little bit smarter about missing information, that's OK. In the future
we'll have a more robust fix for this, but it appears that it's going to
require making the tracer fully reentrant. (This is not too hard; either
we force flushing all buffers when going reentrant (which is actually
somewhat subtle with respect to event ordering) or we isolate down just
the actual event writing to be atomic with respect to stack growth. Both
are just bigger changes on shared codepaths that are scary to land this
late in the release cycle.)
Fixes#67379.
Change-Id: I46bb7e470e61c64ff54ac5aec5554b828c1ca4be
Reviewed-on: https://go-review.googlesource.com/c/go/+/587597
Reviewed-by: Carlos Amedee <carlos@golang.org>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Note that this depends on the revert of CL 581395 to move zeroVal back.
For #67401.
Change-Id: I507c27c2404ad1348aabf1ffa3740e6b1957495b
Reviewed-on: https://go-review.googlesource.com/c/go/+/587217
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
This reverts CL 581395, commit 2f5b420fb5.
It breaks a linkname from github.com/ugorji/go/codec.
For #67401.
A followup CL will document this dependence.
Change-Id: I66d6c39c03e769ab829ca4c3f4f61277b93380d3
Reviewed-on: https://go-review.googlesource.com/c/go/+/587216
TryBot-Bypass: Russ Cox <rsc@golang.org>
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
The following counters are added:
(* means we will record the actual value for the counter, but of course
the config will limit us to collecting preknown values)
go/mode:{gopath,workspace,module}
go/platform/{host,target}/{goos,goarch}:*
go/platform/target/{
go386,goamd64,goarm,goarm64,gomips,goppc64,goriscv64,gowasm}:*
For windows and unix:
go/platform/host/*/version:*
go/platform/host/*/major-version:*-*
For windows:
go/platform/host/windows/build:*
Change-Id: I3c865afede2382bae103e5b4b9d1aa6b20c123df
Reviewed-on: https://go-review.googlesource.com/c/go/+/587115
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sam Thanawalla <samthanawalla@google.com>
Auto-Submit: Michael Matloob <matloob@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
This looks like a oversight in CL 416354.
Fixes#67571Fixes#57461
Change-Id: I564c008989fecf84b437e123d27121ac907642fa
GitHub-Last-Rev: fec88bbf39
GitHub-Pull-Request: golang/go#67576
Reviewed-on: https://go-review.googlesource.com/c/go/+/587455
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
As of https://go.dev/cl/586796, the runtime/metrics view of internal
mutex contention is sampled at 1 per gTrackingPeriod, rather than either
1 (immediately prior to CL 586796) or the more frequent of
gTrackingPeriod or the mutex profiling rate (Go 1.22). Thus, we no
longer have a real lower bound on the amount of contention that
runtime/metrics will report. Relax the test's expectations again.
For #64253
Change-Id: I94e1d92348a03599a819ec8ac785a0eb3c1ddd73
Reviewed-on: https://go-review.googlesource.com/c/go/+/587515
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Auto-Submit: Rhys Hiltner <rhys.hiltner@gmail.com>
Preserving an ordering wherein spans are always named before their
constituents makes parsing much more straightforward.
Change-Id: Ida8764801a6c516d672ba343e4ce01b66ce9b427
Reviewed-on: https://go-review.googlesource.com/c/go/+/586999
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
They were still referencing the old internal/trace/v2 packages, and
gotraceeventstats had an extra layer of cmd directory (not sure why,
maybe it was always like that).
Change-Id: Ieba48074ff36ea86c467168568751177d80db31d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586998
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Currently the traceallocfree experiment is missing info in the trace for
interpeting the produced events. Most notably, the base heap address is
missing. While not technically necessary, it is useful for getting an
accurate picture of the program's memory layout, and will be useful for
future trace experiments. Since we want to emit a batch for this, we
should also emit a batch for all the alignment info that's used to
compress the addresses (IDs) produced for the alloc/free events.
This CL distinguishes the different formats of the experimental batches
(note that there's already batches containing type information in this
experiment) by putting a byte at the beginning of each experimental
batch indicating its format.
Change-Id: Ifc4e77a23458713b7d95e0dfa056a29e1629ccd7
Reviewed-on: https://go-review.googlesource.com/c/go/+/586997
Auto-Submit: Michael Knyszek <mknyszek@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
The -diff flag causes tidy not to modify the files but instead print the
necessary changes as a unified diff. It exits with a non-zero code
if updates are needed.
Fixes: #27005
Cq-Include-Trybots: luci.golang.try:gotip-linux-amd64-longtest,gotip-windows-amd64-longtest
Change-Id: Ie239367f2fc73ecb55ec2ce76442293635c1b47d
Reviewed-on: https://go-review.googlesource.com/c/go/+/585401
Reviewed-by: Michael Matloob <matloob@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This allows more effective conversion of rotate and mask opcodes
into their CC equivalents, while simplifying the first lowering
pass.
This was removed before the latelower pass was introduced to fold
more cases of compare against zero. Add ANDconst to push the
conversion of ANDconst to ANDCCconst into latelower with the other
CC opcodes.
This also requires introducing RLDICLCC to prevent regressions
when ANDconst is converted to RLDICL then to RLDICLCC and back
to ANDCCconst when possible.
Change-Id: I9e5f9c99fbefa334db18c6c152c5f967f3ff2590
Reviewed-on: https://go-review.googlesource.com/c/go/+/586160
Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
When unquoting of an ERROR or ERRORx pattern fails, say so instead of
simply printing "syntax error".
Change-Id: I586dffa86ca80f5b40a5cbe16a7005cc1f7862f8
Reviewed-on: https://go-review.googlesource.com/c/go/+/586958
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Reviewed-by: Robert Findley <rfindley@google.com>
Fixes regression from Go 1.22.
For #67547.
Change-Id: Id0d07d6b24e1eab6ed1c7476d9d9b82d28aee80a
Reviewed-on: https://go-review.googlesource.com/c/go/+/587161
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Robert Findley <rfindley@google.com>
Reviewed-by: Robert Griesemer <gri@google.com>
Auto-Submit: Robert Griesemer <gri@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
For range-over-function, the compiler generates a hidden closure
for the range body, and call the iterator function with the hidden
closure as the yield parameter. For debuggers, if it stops inside
the range body (hidden closure), it needs some way to find the
outer function (that contains the range statement), to access the
variables that are in scope. To do this, we keep the closure
pointer live on stack with a special name ".closureptr", so the
debugger can look for this name and find the closure pointer. In
the usual case, the closure is a struct defined in the outer
frame, so following the pointer it will find the frame. We do this
in SSA generation, so if the range func is inlined and there is no
actual closure, we don't generate any extra code. In the case that
there is an actual closure, it's just a single store to the stack,
so the overhead is still small.
TODO: add some test
Change-Id: I0e8219b895733f8943a13c67b03ca776bdc02bc9
Reviewed-on: https://go-review.googlesource.com/c/go/+/586975
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: David Chase <drchase@google.com>
The current implementation doesn't handle s.freeindex at all, which
means it'll skip a whole bunch of recently-made allocations, because the
span may have not been swept yet.
Change-Id: I8c5e360f5927ffe7e9abb448b352a59875e31b02
Reviewed-on: https://go-review.googlesource.com/c/go/+/586996
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
Fixes regression from Go 1.22.
Fixes#67540.
For #67547.
Change-Id: I61f642970c6a9bd8567654bb5ecf645ae77b3bcc
Reviewed-on: https://go-review.googlesource.com/c/go/+/587159
Reviewed-by: Robert Griesemer <gri@google.com>
Reviewed-by: Robert Findley <rfindley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Auto-Submit: Robert Griesemer <gri@google.com>
Go release notes always start out as a draft with a clear notice.
That notice is removed when the final release (go1.N.0) is made.
For example, the last time was in CL 562255.
Add this to the Go 1.23 draft and to the future fragment template.
Also switch to the main pkg.go.dev instance and use a relative issue
link in 3-tools.md while here.
For #64169.
For #65614.
Change-Id: I16bc0fa8a3a43ee7a9edd7fa253999041f1892e2
Reviewed-on: https://go-review.googlesource.com/c/go/+/587415
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Bypass: Dmitri Shuralyov <dmitshur@golang.org>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Cleanup all remaining trivial compares against $0 in ppc64x assembly.
In math, SRD ...,Rx; CMP Rx, $0 is further simplified to SRDCC.
Change-Id: Ia2bc204953e32f08ee142bfd06a91965f30f99b6
Reviewed-on: https://go-review.googlesource.com/c/go/+/587016
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Lynn Boger <laboger@linux.vnet.ibm.com>
Run-TryBot: Paul Murphy <murp@ibm.com>
Reviewed-by: Cherry Mui <cherryyz@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Tests of the mutex profile focus on sync.Mutex, which is easy to
control. But since those tests still use the runtime, and contention on
internal runtime.mutex values is now also part of the mutex profile, we
have to filter out those samples before examining the profile. Otherwise
the test may be confused by stray contention on sched.lock (or other
runtime-internal locks) as a natural consequence of using goroutines.
Fixes#67563
Change-Id: I066a24674d8b719dbeca4a5c0f76b53bc07498c1
Reviewed-on: https://go-review.googlesource.com/c/go/+/586957
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Rhys Hiltner <rhys.hiltner@gmail.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
We no longer do anything with this GODEBUG.
Fixes#66217
Change-Id: I998797b6a573013f5b9c8ded835acae572327d18
Reviewed-on: https://go-review.googlesource.com/c/go/+/584117
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Was this strictly necessary? No.
Did this deserve its own CL? Maybe not.
But I have a personal vendetta against NPN.
Change-Id: Ide1ad1092259dc23e3ead5c1d5269fc5cb2793d7
Reviewed-on: https://go-review.googlesource.com/c/go/+/587275
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Add synchronous management of stored sessions to QUICConn.
This adds QUICStoreSession and QUICResumeSession events,
permitting a QUIC implementation to handle session resumption
as part of its regular event loop processing.
Fixes#63691
Change-Id: I9fe16207cc1986eac084869675bc36e227cbf3f0
Reviewed-on: https://go-review.googlesource.com/c/go/+/536935
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Marten Seemann <martenseemann@gmail.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
There is only one trusted certificate I could find in the web pki which
has a negative serial number. Removing this exception seems reasonable.
Updates #65085
Change-Id: I55435b3d75479dcb41d523383e4ff7894a1496ad
Reviewed-on: https://go-review.googlesource.com/c/go/+/562343
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Also simplify links.
Change-Id: I412d6c914d05bd093df46926a4f1742d664fefea
Reviewed-on: https://go-review.googlesource.com/c/go/+/587355
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Currently a HashTrieMap has a method called Enumerate whose method
closure is an iter.Seq2, but the current convention is to name the
method All and return an iter.Seq2. This is an easy transformation, so
do it now.
Change-Id: I323e505008b7df3a9e20fe8c223b281a8c290006
Reviewed-on: https://go-review.googlesource.com/c/go/+/586995
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Forced the testConfig CurvePreferences to exclude X25519Kyber768Draft00
to avoid bloating the transcripts, but I manually tested it and the
tests all update and pass successfully, causing 7436 insertions(+), 3251
deletions(-).
Fixes#67061
Change-Id: If6f13bca561835777ab0889a490487b7c2366c3c
Reviewed-on: https://go-review.googlesource.com/c/go/+/586656
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Mutex contention measurements work with two clocks: nanotime for use in
runtime/metrics, and cputicks for the runtime/pprof profile. They're
subject to different sampling rates: the runtime/metrics view is always
enabled, but the profile is adjustable and is turned off by default.
They have different levels of overhead: it can take as little as one
instruction to read cputicks while nanotime calls are more elaborate
(although some platforms implement cputicks as a nanotime call). The use
of the timestamps is also different: the profile's view needs to attach
the delay in some Ms' lock2 calls to another M's unlock2 call stack, but
the metric's view is only an int64.
Treat them differently. Don't bother threading the nanotime clock
through to the unlock2 call, measure and report it directly within
lock2. Sample nanotime at a constant gTrackingPeriod.
Don't consult any clocks unless the mutex is actually contended.
Continue liberal use of cputicks for now.
For #66999
Change-Id: I1c2085ea0e695bfa90c30fadedc99ced9eb1f69e
Reviewed-on: https://go-review.googlesource.com/c/go/+/586796
TryBot-Result: Gopher Robot <gobot@golang.org>
Auto-Submit: Rhys Hiltner <rhys.hiltner@gmail.com>
Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Run-TryBot: Rhys Hiltner <rhys.hiltner@gmail.com>
Reviewed-by: Carlos Amedee <carlos@golang.org>
IncNonDefault panics if Value was not called. That's too much DoS risk
in crypto/tls, when the call to Value is distant from the call to
IncNonDefault (see #65991). Value is cheap, though, so we can just call
it before each isolated IncNonDefault.
Change-Id: I6dbed345381e60e029b0a5ef2232e846aa089736
Reviewed-on: https://go-review.googlesource.com/c/go/+/586755
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
I initially thought the logic was broken, but writing the test I
realized it was actually very clever (derogative). It was relying on the
outer loop continuing after a supported match without a key share,
allowing a later key share to override it (but not a later supported
match because of the "if selectedGroup != 0 { continue }").
Replaced the clever loop with two hopefully more understandable loops,
and added a test (which was already passing).
We were however not checking that the selected group is in the supported
list if we found it in key shares first. (This was only a MAY.) Fixed.
Fixes#65686
Change-Id: I09ea44f90167ffa36809deb78255ed039a217b6d
Reviewed-on: https://go-review.googlesource.com/c/go/+/586655
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>