From b2c0f5e6478fe5b69069f6fd0c3c169f06d3e154 Mon Sep 17 00:00:00 2001
From: "zongmin.gu" <zongmin.gzm@antgroup.com>
Date: Tue, 13 Apr 2021 17:48:31 +0800
Subject: [PATCH] Update golang version to 1.16.3

---
 .github/workflows/demo_test.yml               |  12 +-
 demos/golang/go_sqlite/run_go_sqlite_demo.sh  |   1 +
 demos/golang/grpc_pingpong/go.mod             |   5 +-
 demos/golang/grpc_pingpong/ping.go            |   2 +-
 demos/golang/grpc_pingpong/pong.go            |   2 +-
 .../golang/grpc_pingpong/prepare_ping_pong.sh |  13 +-
 demos/golang/web_server/README.md             |   1 +
 .../golang/web_server/run_golang_on_occlum.sh |   4 +-
 .../golang/adapt-golang-to-occlum.patch       | 720 ------------------
 .../golang/adapt-golang1.16.3-to-occlum.patch | 696 +++++++++++++++++
 tools/toolchains/golang/build.sh              |   4 +-
 11 files changed, 723 insertions(+), 737 deletions(-)
 delete mode 100644 tools/toolchains/golang/adapt-golang-to-occlum.patch
 create mode 100644 tools/toolchains/golang/adapt-golang1.16.3-to-occlum.patch

diff --git a/.github/workflows/demo_test.yml b/.github/workflows/demo_test.yml
index b0c6df41..4f96866f 100644
--- a/.github/workflows/demo_test.yml
+++ b/.github/workflows/demo_test.yml
@@ -57,13 +57,9 @@ jobs:
             SGX_MODE=SIM make test"
 
     - name: Go Server set up and run
-      run: docker exec language_support_test bash -c "cd /root/occlum/demos/golang/web_server && occlum-go get -u -v github.com/gin-gonic/gin;
+      run: docker exec language_support_test bash -c "cd /root/occlum/demos/golang/web_server && occlum-go mod init web_server && occlum-go get -u -v github.com/gin-gonic/gin;
             occlum-go build -o web_server ./web_server.go;
             SGX_MODE=SIM ./run_golang_on_occlum.sh" &
-    - name: Curl test
-      run: |
-        sleep ${{ env.nap_time }};
-        docker exec language_support_test bash -c "curl http://127.0.0.1:8090/ping"
 
     - name: Set up Golang grpc pingpong test
       run: docker exec language_support_test bash -c "cd /root/occlum/demos/golang/grpc_pingpong && ./prepare_ping_pong.sh"
@@ -79,7 +75,11 @@ jobs:
     - name: Run Golang sqlite test
       run: docker exec language_support_test bash -c "cd /root/occlum/demos/golang/go_sqlite/ && SGX_MODE=SIM ./run_go_sqlite_demo.sh"
 
-  # TODO: Add Java web server test
+    - name: Curl test
+      run: |
+        sleep ${{ env.nap_time }};
+        docker exec language_support_test bash -c "curl http://127.0.0.1:8090/ping"
+
   Java_support_test:
     runs-on: ubuntu-18.04
     steps:
diff --git a/demos/golang/go_sqlite/run_go_sqlite_demo.sh b/demos/golang/go_sqlite/run_go_sqlite_demo.sh
index 1076e397..72e720cd 100755
--- a/demos/golang/go_sqlite/run_go_sqlite_demo.sh
+++ b/demos/golang/go_sqlite/run_go_sqlite_demo.sh
@@ -5,6 +5,7 @@ BLUE='\033[1;34m'
 NC='\033[0m'
 
 # Install SQLite with occlum-go
+occlum-go mod init simple_demo_instance && \
 occlum-go get -u -v github.com/mattn/go-sqlite3
 
 # Build the Golang SQLite demo program using the Occlum Golang toolchain (i.e., occlum-go)
diff --git a/demos/golang/grpc_pingpong/go.mod b/demos/golang/grpc_pingpong/go.mod
index a41a4079..2b10f957 100644
--- a/demos/golang/grpc_pingpong/go.mod
+++ b/demos/golang/grpc_pingpong/go.mod
@@ -3,8 +3,7 @@ module grpc_pingpong
 go 1.13
 
 require (
-	github.com/golang/protobuf v1.4.1
+	golang.org/x/net v0.0.0-20190311183353-d8887717615a
 	google.golang.org/grpc v1.34.0-dev
-	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.0.0
-	google.golang.org/protobuf v1.25.0
+	google.golang.org/protobuf v1.25.0 // indirect
 )
diff --git a/demos/golang/grpc_pingpong/ping.go b/demos/golang/grpc_pingpong/ping.go
index 8979b925..54f7ac78 100644
--- a/demos/golang/grpc_pingpong/ping.go
+++ b/demos/golang/grpc_pingpong/ping.go
@@ -7,7 +7,7 @@ import (
 	"golang.org/x/net/context"
 	"google.golang.org/grpc"
 
-	"grpc_pingpong/github.com/occlum/demos/grpc_pingpong/pingpong"
+	pingpong "grpc_pingpong/github.com/occlum/demos/grpc_pingpong/pingpong"
 )
 
 func main() {
diff --git a/demos/golang/grpc_pingpong/pong.go b/demos/golang/grpc_pingpong/pong.go
index 1d6edd17..3754bbbc 100644
--- a/demos/golang/grpc_pingpong/pong.go
+++ b/demos/golang/grpc_pingpong/pong.go
@@ -8,7 +8,7 @@ import (
 
 	"google.golang.org/grpc"
 
-	"grpc_pingpong/github.com/occlum/demos/grpc_pingpong/pingpong"
+	pingpong "grpc_pingpong/github.com/occlum/demos/grpc_pingpong/pingpong"
 )
 
 type PingPongServer struct {
diff --git a/demos/golang/grpc_pingpong/prepare_ping_pong.sh b/demos/golang/grpc_pingpong/prepare_ping_pong.sh
index f80ea817..8df0e615 100755
--- a/demos/golang/grpc_pingpong/prepare_ping_pong.sh
+++ b/demos/golang/grpc_pingpong/prepare_ping_pong.sh
@@ -41,16 +41,25 @@ fi
 
 # install protoc-gen-go and protoc-gen-go-grpc plugin
 if ! type "protoc-gen-go" > /dev/null 2>&1; then
-        go get google.golang.org/protobuf/cmd/protoc-gen-go
+        occlum-go get google.golang.org/protobuf/cmd/protoc-gen-go
 fi
 if ! type "protoc-gen-go-grpc" > /dev/null 2>&1; then
-        go get google.golang.org/grpc/cmd/protoc-gen-go-grpc
+        occlum-go get google.golang.org/grpc/cmd/protoc-gen-go-grpc
 fi
 
 # compiling pingpong gRPC .proto file
+export PATH=$PATH:$HOME/go/bin
 export GOPRIVATE=github.com/occlum/demos/\*
 protoc --proto_path=pingpong --go-grpc_out=. --go_out=. pingpong/pingpong.proto
 
 # prepare occlum images
+occlum-go mod download golang.org/x/net
+occlum-go mod download google.golang.org/grpc
+occlum-go mod download github.com/golang/protobuf
+occlum-go mod download golang.org/x/sys
+occlum-go mod download golang.org/x/text
+occlum-go mod download google.golang.org/genproto
+occlum-go mod download google.golang.org/protobuf
+
 occlum-go build -o occlum_pong pong.go
 occlum-go build -o occlum_ping ping.go
diff --git a/demos/golang/web_server/README.md b/demos/golang/web_server/README.md
index ad999847..3ca5c836 100644
--- a/demos/golang/web_server/README.md
+++ b/demos/golang/web_server/README.md
@@ -4,6 +4,7 @@ This project demonstrates how Occlum enables [Golang](https://golang.org) progra
 
 Step 1: Install Gin with `occlum-go`, it may take a few minutes
 ```
+occlum-go mod init web_server && \
 occlum-go get -u -v github.com/gin-gonic/gin
 ```
 
diff --git a/demos/golang/web_server/run_golang_on_occlum.sh b/demos/golang/web_server/run_golang_on_occlum.sh
index d01401b0..35d0b165 100755
--- a/demos/golang/web_server/run_golang_on_occlum.sh
+++ b/demos/golang/web_server/run_golang_on_occlum.sh
@@ -16,8 +16,8 @@ fi
 rm -rf occlum_instance && mkdir occlum_instance
 cd occlum_instance
 occlum init
-new_json="$(jq '.resource_limits.user_space_size = "380MB" |
-                .process.default_mmap_size = "300MB"' Occlum.json)" && \
+new_json="$(jq '.resource_limits.user_space_size = "1000MB" |
+                .process.default_mmap_size = "900MB"' Occlum.json)" && \
 echo "${new_json}" > Occlum.json
 
 # 2. Copy program into Occlum Workspace and build
diff --git a/tools/toolchains/golang/adapt-golang-to-occlum.patch b/tools/toolchains/golang/adapt-golang-to-occlum.patch
deleted file mode 100644
index 4a22c43a..00000000
--- a/tools/toolchains/golang/adapt-golang-to-occlum.patch
+++ /dev/null
@@ -1,720 +0,0 @@
-From 4c7e5586d109eba46c4f067699ae652d722270a0 Mon Sep 17 00:00:00 2001
-From: "jeffery.wsj" <jeffery.wsj@alibaba-inc.com>
-Date: Fri, 8 May 2020 18:06:37 +0800
-Subject: [PATCH 1/2] adapt golang to occlum libos:
-
-1. hook heap malloc
-2. hook all syscall based on amd64 linux platform
-3. hook vdso call
----
- src/runtime/malloc.go          |  76 ++++++++++-----------
- src/runtime/os_linux.go        |   4 ++
- src/runtime/sys_linux_amd64.go |   3 +
- src/runtime/sys_linux_amd64.s  | 116 +++++++++++++++++++++------------
- src/runtime/textflag.h         |  11 ++++
- src/syscall/asm_linux_amd64.s  |  24 +++++--
- 6 files changed, 150 insertions(+), 84 deletions(-)
- create mode 100644 src/runtime/sys_linux_amd64.go
-
-diff --git a/src/runtime/malloc.go b/src/runtime/malloc.go
-index d768054198..0d7166397d 100644
---- a/src/runtime/malloc.go
-+++ b/src/runtime/malloc.go
-@@ -610,43 +610,45 @@ func (h *mheap) sysAlloc(n uintptr) (v unsafe.Pointer, size uintptr) {
- 		goto mapped
- 	}
- 
--	// Try to grow the heap at a hint address.
--	for h.arenaHints != nil {
--		hint := h.arenaHints
--		p := hint.addr
--		if hint.down {
--			p -= n
--		}
--		if p+n < p {
--			// We can't use this, so don't ask.
--			v = nil
--		} else if arenaIndex(p+n-1) >= 1<<arenaBits {
--			// Outside addressable heap. Can't use.
--			v = nil
--		} else {
--			v = sysReserve(unsafe.Pointer(p), n)
--		}
--		if p == uintptr(v) {
--			// Success. Update the hint.
--			if !hint.down {
--				p += n
--			}
--			hint.addr = p
--			size = n
--			break
--		}
--		// Failed. Discard this hint and try the next.
--		//
--		// TODO: This would be cleaner if sysReserve could be
--		// told to only return the requested address. In
--		// particular, this is already how Windows behaves, so
--		// it would simplify things there.
--		if v != nil {
--			sysFree(v, n, nil)
--		}
--		h.arenaHints = hint.next
--		h.arenaHintAlloc.free(unsafe.Pointer(hint))
--	}
-+	if occlumentry == 0 {
-+                // Try to grow the heap at a hint address.
-+	        for h.arenaHints != nil {
-+		        hint := h.arenaHints
-+		        p := hint.addr
-+		        if hint.down {
-+			        p -= n
-+		        }
-+		        if p+n < p {
-+			        // We can't use this, so don't ask.
-+			        v = nil
-+		        } else if arenaIndex(p+n-1) >= 1<<arenaBits {
-+			        // Outside addressable heap. Can't use.
-+			        v = nil
-+		        } else {
-+			        v = sysReserve(unsafe.Pointer(p), n)
-+		        }
-+		        if p == uintptr(v) {
-+			        // Success. Update the hint.
-+			        if !hint.down {
-+				        p += n
-+			        }
-+			        hint.addr = p
-+			        size = n
-+			        break
-+		        }
-+		        // Failed. Discard this hint and try the next.
-+		        //
-+		        // TODO: This would be cleaner if sysReserve could be
-+		        // told to only return the requested address. In
-+		        // particular, this is already how Windows behaves, so
-+		        // it would simplify things there.
-+		        if v != nil {
-+			        sysFree(v, n, nil)
-+		        }
-+		        h.arenaHints = hint.next
-+		        h.arenaHintAlloc.free(unsafe.Pointer(hint))
-+	        }
-+        }
- 
- 	if size == 0 {
- 		if raceenabled {
-diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go
-index d4a9bd4ff5..87fb5fffb3 100644
---- a/src/runtime/os_linux.go
-+++ b/src/runtime/os_linux.go
-@@ -178,6 +178,7 @@ const (
- 	_AT_HWCAP  = 16 // hardware capability bit vector
- 	_AT_RANDOM = 25 // introduced in 2.6.29
- 	_AT_HWCAP2 = 26 // hardware capability bit vector 2
-+	_AT_OCCLUM = 48 // gnu syscall ABI entry address
- )
- 
- var procAuxv = []byte("/proc/self/auxv\x00")
-@@ -253,6 +254,9 @@ func sysauxv(auxv []uintptr) int {
- 
- 		case _AT_PAGESZ:
- 			physPageSize = val
-+
-+		case _AT_OCCLUM:
-+			occlumentry = val
- 		}
- 
- 		archauxv(tag, val)
-diff --git a/src/runtime/sys_linux_amd64.go b/src/runtime/sys_linux_amd64.go
-new file mode 100644
-index 0000000000..c9369b6661
---- /dev/null
-+++ b/src/runtime/sys_linux_amd64.go
-@@ -0,0 +1,3 @@
-+package runtime
-+
-+var occlumentry uintptr = 0x0
-diff --git a/src/runtime/sys_linux_amd64.s b/src/runtime/sys_linux_amd64.s
-index 5c300f553d..db9c9ab55b 100644
---- a/src/runtime/sys_linux_amd64.s
-+++ b/src/runtime/sys_linux_amd64.s
-@@ -33,12 +33,14 @@
- #define SYS_exit		60
- #define SYS_kill		62
- #define SYS_fcntl		72
-+#define SYS_gettimeofday	96
- #define SYS_sigaltstack 	131
- #define SYS_arch_prctl		158
- #define SYS_gettid		186
- #define SYS_futex		202
- #define SYS_sched_getaffinity	204
- #define SYS_epoll_create	213
-+#define SYS_clock_gettime	228
- #define SYS_exit_group		231
- #define SYS_epoll_ctl		233
- #define SYS_tgkill		234
-@@ -50,7 +52,7 @@
- TEXT runtime·exit(SB),NOSPLIT,$0-4
- 	MOVL	code+0(FP), DI
- 	MOVL	$SYS_exit_group, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	RET
- 
- // func exitThread(wait *uint32)
-@@ -60,7 +62,7 @@ TEXT runtime·exitThread(SB),NOSPLIT,$0-8
- 	MOVL	$0, (AX)
- 	MOVL	$0, DI	// exit code
- 	MOVL	$SYS_exit, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	// We may not even have a stack any more.
- 	INT	$3
- 	JMP	0(PC)
-@@ -72,7 +74,7 @@ TEXT runtime·open(SB),NOSPLIT,$0-20
- 	MOVL	mode+8(FP), DX
- 	MOVL	perm+12(FP), R10
- 	MOVL	$SYS_openat, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$-1, AX
-@@ -82,7 +84,7 @@ TEXT runtime·open(SB),NOSPLIT,$0-20
- TEXT runtime·closefd(SB),NOSPLIT,$0-12
- 	MOVL	fd+0(FP), DI
- 	MOVL	$SYS_close, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$-1, AX
-@@ -94,7 +96,7 @@ TEXT runtime·write(SB),NOSPLIT,$0-28
- 	MOVQ	p+8(FP), SI
- 	MOVL	n+16(FP), DX
- 	MOVL	$SYS_write, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$-1, AX
-@@ -106,7 +108,7 @@ TEXT runtime·read(SB),NOSPLIT,$0-28
- 	MOVQ	p+8(FP), SI
- 	MOVL	n+16(FP), DX
- 	MOVL	$SYS_read, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$-1, AX
-@@ -127,35 +129,35 @@ TEXT runtime·usleep(SB),NOSPLIT,$16
- 	MOVQ	SP, DI
- 	MOVL	$0, SI
- 	MOVL	$SYS_nanosleep, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	RET
- 
- TEXT runtime·gettid(SB),NOSPLIT,$0-4
- 	MOVL	$SYS_gettid, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+0(FP)
- 	RET
- 
- TEXT runtime·raise(SB),NOSPLIT,$0
- 	MOVL	$SYS_getpid, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, R12
- 	MOVL	$SYS_gettid, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, SI	// arg 2 tid
- 	MOVL	R12, DI	// arg 1 pid
- 	MOVL	sig+0(FP), DX	// arg 3
- 	MOVL	$SYS_tgkill, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	RET
- 
- TEXT runtime·raiseproc(SB),NOSPLIT,$0
- 	MOVL	$SYS_getpid, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, DI	// arg 1 pid
- 	MOVL	sig+0(FP), SI	// arg 2
- 	MOVL	$SYS_kill, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	RET
- 
- TEXT runtime·setitimer(SB),NOSPLIT,$0-24
-@@ -163,7 +165,7 @@ TEXT runtime·setitimer(SB),NOSPLIT,$0-24
- 	MOVQ	new+8(FP), SI
- 	MOVQ	old+16(FP), DX
- 	MOVL	$SYS_setittimer, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	RET
- 
- TEXT runtime·mincore(SB),NOSPLIT,$0-28
-@@ -171,12 +173,29 @@ TEXT runtime·mincore(SB),NOSPLIT,$0-28
- 	MOVQ	n+8(FP), SI
- 	MOVQ	dst+16(FP), DX
- 	MOVL	$SYS_mincore, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+24(FP)
- 	RET
- 
- // func walltime() (sec int64, nsec int32)
- TEXT runtime·walltime(SB),NOSPLIT,$0-12
-+	CMPQ    runtime·occlumentry(SB), $0x0
-+	JBE     start
-+	MOVQ    SP, BP
-+	SUBQ    $16, SP         // Space for results
-+	ANDQ    $~15, SP        // Align for C code
-+	MOVQ    $SYS_clock_gettime, AX
-+	MOVQ    $0, DI
-+	LEAQ    ret+0(SP), SI
-+	CALL    *runtime·occlumentry(SB)
-+	MOVQ    0(SP), AX
-+	MOVQ    8(SP), DX
-+	MOVQ    BP, SP
-+	MOVQ    AX, sec+0(FP)
-+	MOVL    DX, nsec+8(FP)
-+	RET
-+
-+start:
- 	// We don't know how much stack space the VDSO code will need,
- 	// so switch to g0.
- 	// In particular, a kernel configured with CONFIG_OPTIMIZE_INLINING=n
-@@ -234,8 +253,24 @@ fallback:
- 	RET
- 
- TEXT runtime·nanotime(SB),NOSPLIT,$0-8
--	// Switch to g0 stack. See comment above in runtime·walltime.
--
-+	CMPQ    runtime·occlumentry(SB), $0x0
-+	JBE     start
-+	MOVQ    SP, BP
-+	SUBQ    $16, SP         // Space for results
-+	ANDQ    $~15, SP        // Align for C code
-+	MOVQ    $SYS_clock_gettime, AX
-+	MOVQ    $1, DI
-+	LEAQ    ret+0(SP), SI
-+	CALL    *runtime·occlumentry(SB)
-+	MOVQ    0(SP), AX       // sec
-+	MOVQ    8(SP), DX       // nsec
-+	IMULQ   $1000000000, AX
-+	ADDQ    DX, AX
-+	MOVQ    BP, SP
-+	MOVQ    AX, ret+0(FP)
-+	RET
-+start:
-+    // Switch to g0 stack. See comment above in runtime·walltime.
- 	MOVQ	SP, BP	// Save old SP; BP unchanged by C code.
- 
- 	get_tls(CX)
-@@ -297,7 +332,7 @@ TEXT runtime·rtsigprocmask(SB),NOSPLIT,$0-28
- 	MOVQ	old+16(FP), DX
- 	MOVL	size+24(FP), R10
- 	MOVL	$SYS_rt_sigprocmask, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$0xf1, 0xf1  // crash
-@@ -309,7 +344,7 @@ TEXT runtime·rt_sigaction(SB),NOSPLIT,$0-36
- 	MOVQ	old+16(FP), DX
- 	MOVQ	size+24(FP), R10
- 	MOVL	$SYS_rt_sigaction, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+32(FP)
- 	RET
- 
-@@ -447,7 +482,7 @@ sigtrampnog:
- // https://gcc.gnu.org/viewcvs/gcc/trunk/libgcc/config/i386/linux-unwind.h?revision=219188&view=markup
- TEXT runtime·sigreturn(SB),NOSPLIT,$0
- 	MOVQ	$SYS_rt_sigreturn, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	INT $3	// not reached
- 
- TEXT runtime·sysMmap(SB),NOSPLIT,$0
-@@ -459,7 +494,7 @@ TEXT runtime·sysMmap(SB),NOSPLIT,$0
- 	MOVL	off+28(FP), R9
- 
- 	MOVL	$SYS_mmap, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	ok
- 	NOTQ	AX
-@@ -494,7 +529,7 @@ TEXT runtime·sysMunmap(SB),NOSPLIT,$0
- 	MOVQ	addr+0(FP), DI
- 	MOVQ	n+8(FP), SI
- 	MOVQ	$SYS_munmap, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$0xf1, 0xf1  // crash
-@@ -518,7 +553,7 @@ TEXT runtime·madvise(SB),NOSPLIT,$0
- 	MOVQ	n+8(FP), SI
- 	MOVL	flags+16(FP), DX
- 	MOVQ	$SYS_madvise, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+24(FP)
- 	RET
- 
-@@ -532,7 +567,7 @@ TEXT runtime·futex(SB),NOSPLIT,$0
- 	MOVQ	addr2+24(FP), R8
- 	MOVL	val3+32(FP), R9
- 	MOVL	$SYS_futex, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+40(FP)
- 	RET
- 
-@@ -550,7 +585,7 @@ TEXT runtime·clone(SB),NOSPLIT,$0
- 	MOVQ	fn+32(FP), R12
- 
- 	MOVL	$SYS_clone, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 
- 	// In parent, return.
- 	CMPQ	AX, $0
-@@ -569,7 +604,7 @@ TEXT runtime·clone(SB),NOSPLIT,$0
- 
- 	// Initialize m->procid to Linux tid
- 	MOVL	$SYS_gettid, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVQ	AX, m_procid(R8)
- 
- 	// Set FS to point at m->tls.
-@@ -589,14 +624,14 @@ nog:
- 	// It shouldn't return. If it does, exit that thread.
- 	MOVL	$111, DI
- 	MOVL	$SYS_exit, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	JMP	-3(PC)	// keep exiting
- 
- TEXT runtime·sigaltstack(SB),NOSPLIT,$-8
- 	MOVQ	new+0(FP), DI
- 	MOVQ	old+8(FP), SI
- 	MOVQ	$SYS_sigaltstack, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$0xf1, 0xf1  // crash
-@@ -613,7 +648,7 @@ TEXT runtime·settls(SB),NOSPLIT,$32
- 	MOVQ	DI, SI
- 	MOVQ	$0x1002, DI	// ARCH_SET_FS
- 	MOVQ	$SYS_arch_prctl, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	2(PC)
- 	MOVL	$0xf1, 0xf1  // crash
-@@ -621,7 +656,7 @@ TEXT runtime·settls(SB),NOSPLIT,$32
- 
- TEXT runtime·osyield(SB),NOSPLIT,$0
- 	MOVL	$SYS_sched_yield, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	RET
- 
- TEXT runtime·sched_getaffinity(SB),NOSPLIT,$0
-@@ -629,7 +664,7 @@ TEXT runtime·sched_getaffinity(SB),NOSPLIT,$0
- 	MOVQ	len+8(FP), SI
- 	MOVQ	buf+16(FP), DX
- 	MOVL	$SYS_sched_getaffinity, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+24(FP)
- 	RET
- 
-@@ -637,7 +672,7 @@ TEXT runtime·sched_getaffinity(SB),NOSPLIT,$0
- TEXT runtime·epollcreate(SB),NOSPLIT,$0
- 	MOVL    size+0(FP), DI
- 	MOVL    $SYS_epoll_create, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+8(FP)
- 	RET
- 
-@@ -645,7 +680,7 @@ TEXT runtime·epollcreate(SB),NOSPLIT,$0
- TEXT runtime·epollcreate1(SB),NOSPLIT,$0
- 	MOVL	flags+0(FP), DI
- 	MOVL	$SYS_epoll_create1, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+8(FP)
- 	RET
- 
-@@ -656,7 +691,7 @@ TEXT runtime·epollctl(SB),NOSPLIT,$0
- 	MOVL	fd+8(FP), DX
- 	MOVQ	ev+16(FP), R10
- 	MOVL	$SYS_epoll_ctl, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+24(FP)
- 	RET
- 
-@@ -669,7 +704,7 @@ TEXT runtime·epollwait(SB),NOSPLIT,$0
- 	MOVL	timeout+20(FP), R10
- 	MOVQ	$0, R8
- 	MOVL	$SYS_epoll_pwait, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+24(FP)
- 	RET
- 
-@@ -679,10 +714,9 @@ TEXT runtime·closeonexec(SB),NOSPLIT,$0
- 	MOVQ    $2, SI  // F_SETFD
- 	MOVQ    $1, DX  // FD_CLOEXEC
- 	MOVL	$SYS_fcntl, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	RET
- 
--
- // int access(const char *name, int mode)
- TEXT runtime·access(SB),NOSPLIT,$0
- 	// This uses faccessat instead of access, because Android O blocks access.
-@@ -691,7 +725,7 @@ TEXT runtime·access(SB),NOSPLIT,$0
- 	MOVL	mode+8(FP), DX
- 	MOVL	$0, R10
- 	MOVL	$SYS_faccessat, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+16(FP)
- 	RET
- 
-@@ -701,7 +735,7 @@ TEXT runtime·connect(SB),NOSPLIT,$0-28
- 	MOVQ	addr+8(FP), SI
- 	MOVL	len+16(FP), DX
- 	MOVL	$SYS_connect, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+24(FP)
- 	RET
- 
-@@ -711,7 +745,7 @@ TEXT runtime·socket(SB),NOSPLIT,$0-20
- 	MOVL	typ+4(FP), SI
- 	MOVL	prot+8(FP), DX
- 	MOVL	$SYS_socket, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVL	AX, ret+16(FP)
- 	RET
- 
-@@ -720,6 +754,6 @@ TEXT runtime·sbrk0(SB),NOSPLIT,$0-8
- 	// Implemented as brk(NULL).
- 	MOVQ	$0, DI
- 	MOVL	$SYS_brk, AX
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVQ	AX, ret+0(FP)
- 	RET
-diff --git a/src/runtime/textflag.h b/src/runtime/textflag.h
-index daca36d948..824f069076 100644
---- a/src/runtime/textflag.h
-+++ b/src/runtime/textflag.h
-@@ -35,3 +35,14 @@
- // Function is the top of the call stack. Call stack unwinders should stop
- // at this function.
- #define TOPFRAME 2048
-+
-+#define SYSCALL_ENHANCE  \
-+    CMPQ runtime·occlumentry(SB), $0x0    \
-+    JBE  4(PC)                            \
-+    CALL *runtime·occlumentry(SB)         \
-+    CMPQ runtime·occlumentry(SB), $0x0    \
-+    JNE  2(PC)                            \
-+    SYSCALL
-+
-+#define OCCLUM_GET_TIME_OF_DAY   \
-+    CALL *runtime·occlumentry(SB)
-diff --git a/src/syscall/asm_linux_amd64.s b/src/syscall/asm_linux_amd64.s
-index 364815df18..4417768e8a 100644
---- a/src/syscall/asm_linux_amd64.s
-+++ b/src/syscall/asm_linux_amd64.s
-@@ -5,6 +5,8 @@
- #include "textflag.h"
- #include "funcdata.h"
- 
-+#define SYS_gettimeofday	96
-+
- //
- // System calls for AMD64, Linux
- //
-@@ -23,7 +25,7 @@ TEXT ·Syscall(SB),NOSPLIT,$0-56
- 	MOVQ	$0, R8
- 	MOVQ	$0, R9
- 	MOVQ	trap+0(FP), AX	// syscall entry
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	ok
- 	MOVQ	$-1, r1+32(FP)
-@@ -49,7 +51,7 @@ TEXT ·Syscall6(SB),NOSPLIT,$0-80
- 	MOVQ	a5+40(FP), R8
- 	MOVQ	a6+48(FP), R9
- 	MOVQ	trap+0(FP), AX	// syscall entry
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	ok6
- 	MOVQ	$-1, r1+56(FP)
-@@ -74,7 +76,7 @@ TEXT ·RawSyscall(SB),NOSPLIT,$0-56
- 	MOVQ	$0, R8
- 	MOVQ	$0, R9
- 	MOVQ	trap+0(FP), AX	// syscall entry
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	ok1
- 	MOVQ	$-1, r1+32(FP)
-@@ -97,7 +99,7 @@ TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
- 	MOVQ	a5+40(FP), R8
- 	MOVQ	a6+48(FP), R9
- 	MOVQ	trap+0(FP), AX	// syscall entry
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	ok2
- 	MOVQ	$-1, r1+56(FP)
-@@ -121,7 +123,7 @@ TEXT ·rawVforkSyscall(SB),NOSPLIT,$0-32
- 	MOVQ	$0, R9
- 	MOVQ	trap+0(FP), AX	// syscall entry
- 	POPQ	R12 // preserve return address
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	PUSHQ	R12
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	ok2
-@@ -143,18 +145,28 @@ TEXT ·rawSyscallNoError(SB),NOSPLIT,$0-48
- 	MOVQ	$0, R8
- 	MOVQ	$0, R9
- 	MOVQ	trap+0(FP), AX	// syscall entry
--	SYSCALL
-+	SYSCALL_ENHANCE
- 	MOVQ	AX, r1+32(FP)
- 	MOVQ	DX, r2+40(FP)
- 	RET
- 
- // func gettimeofday(tv *Timeval) (err uintptr)
- TEXT ·gettimeofday(SB),NOSPLIT,$0-16
-+	CMPQ    runtime·occlumentry(SB), $0x0
-+	JBE     start
-+	MOVQ    tv+0(FP), DI
-+	MOVQ    $0, SI
-+	MOVQ    $SYS_gettimeofday, AX
-+	OCCLUM_GET_TIME_OF_DAY
-+	JMP     result
-+
-+start:
- 	MOVQ	tv+0(FP), DI
- 	MOVQ	$0, SI
- 	MOVQ	runtime·vdsoGettimeofdaySym(SB), AX
- 	CALL	AX
- 
-+result:
- 	CMPQ	AX, $0xfffffffffffff001
- 	JLS	ok7
- 	NEGQ	AX
--- 
-2.17.1
-
-
-From 4e78cdfbfbe4382a4dc9f2d4d7048f3c20bb1d74 Mon Sep 17 00:00:00 2001
-From: "jeffery.wsj" <jeffery.wsj@alibaba-inc.com>
-Date: Fri, 8 May 2020 18:06:37 +0800
-Subject: [PATCH 2/2] refactor syscall ABI for occlum 0.15.0
-
----
- src/runtime/sys_linux_amd64.s |  4 ++--
- src/runtime/textflag.h        | 23 +++++++++++++++--------
- src/syscall/asm_linux_amd64.s |  2 +-
- 3 files changed, 18 insertions(+), 11 deletions(-)
-
-diff --git a/src/runtime/sys_linux_amd64.s b/src/runtime/sys_linux_amd64.s
-index db9c9ab55b..6416170c41 100644
---- a/src/runtime/sys_linux_amd64.s
-+++ b/src/runtime/sys_linux_amd64.s
-@@ -187,7 +187,7 @@ TEXT runtime·walltime(SB),NOSPLIT,$0-12
- 	MOVQ    $SYS_clock_gettime, AX
- 	MOVQ    $0, DI
- 	LEAQ    ret+0(SP), SI
--	CALL    *runtime·occlumentry(SB)
-+	OCCLUM_SYSCALL
- 	MOVQ    0(SP), AX
- 	MOVQ    8(SP), DX
- 	MOVQ    BP, SP
-@@ -261,7 +261,7 @@ TEXT runtime·nanotime(SB),NOSPLIT,$0-8
- 	MOVQ    $SYS_clock_gettime, AX
- 	MOVQ    $1, DI
- 	LEAQ    ret+0(SP), SI
--	CALL    *runtime·occlumentry(SB)
-+	OCCLUM_SYSCALL
- 	MOVQ    0(SP), AX       // sec
- 	MOVQ    8(SP), DX       // nsec
- 	IMULQ   $1000000000, AX
-diff --git a/src/runtime/textflag.h b/src/runtime/textflag.h
-index 824f069076..e51f98849a 100644
---- a/src/runtime/textflag.h
-+++ b/src/runtime/textflag.h
-@@ -36,13 +36,20 @@
- // at this function.
- #define TOPFRAME 2048
- 
--#define SYSCALL_ENHANCE  \
--    CMPQ runtime·occlumentry(SB), $0x0    \
--    JBE  4(PC)                            \
--    CALL *runtime·occlumentry(SB)         \
--    CMPQ runtime·occlumentry(SB), $0x0    \
--    JNE  2(PC)                            \
-+// refactor syscall ABI according to occlum v0.15.0.
-+// step one: assign syscall return address to register rcx, occlum know where
-+//           should return according to rcx.
-+// step two: jump to syscall interface address provided by occlum when go
-+//           .bin file loaded.
-+// <BYTE $0x48; BYTE $0x8d; BYTE $0x0d; BYTE $0x0c; BYTE $0x00; BYTE $0x00; BYTE $0x00>
-+// actually is the assembler instruction: lea 0xc(%rip),%rcx
-+#define OCCLUM_SYSCALL                \
-+    BYTE $0x48; BYTE $0x8d; BYTE $0x0d; BYTE $0x0c; BYTE $0x00; BYTE $0x00; BYTE $0x00    \
-+    MOVQ runtime·occlumentry(SB), R11          \
-+    JMP  R11                                   \
-     SYSCALL
- 
--#define OCCLUM_GET_TIME_OF_DAY   \
--    CALL *runtime·occlumentry(SB)
-+#define SYSCALL_ENHANCE  \
-+    CMPQ runtime·occlumentry(SB), $0x0          \
-+    JBE  10(PC)                                 \
-+    OCCLUM_SYSCALL
-diff --git a/src/syscall/asm_linux_amd64.s b/src/syscall/asm_linux_amd64.s
-index 4417768e8a..06f2eb09c0 100644
---- a/src/syscall/asm_linux_amd64.s
-+++ b/src/syscall/asm_linux_amd64.s
-@@ -157,7 +157,7 @@ TEXT ·gettimeofday(SB),NOSPLIT,$0-16
- 	MOVQ    tv+0(FP), DI
- 	MOVQ    $0, SI
- 	MOVQ    $SYS_gettimeofday, AX
--	OCCLUM_GET_TIME_OF_DAY
-+	OCCLUM_SYSCALL
- 	JMP     result
- 
- start:
--- 
-2.17.1
-
diff --git a/tools/toolchains/golang/adapt-golang1.16.3-to-occlum.patch b/tools/toolchains/golang/adapt-golang1.16.3-to-occlum.patch
new file mode 100644
index 00000000..39a301c4
--- /dev/null
+++ b/tools/toolchains/golang/adapt-golang1.16.3-to-occlum.patch
@@ -0,0 +1,696 @@
+From c1d15cf5649843a46e2563982ed981dbda9e7219 Mon Sep 17 00:00:00 2001
+From: jeffery.wsj <jeffery.wsj@alibaba-inc.com>
+Date: Fri, 9 Apr 2021 14:23:49 +0800
+Subject: [PATCH] adapt golang1.16 to occlum libos
+
+---
+ src/runtime/malloc.go          |  70 ++++++++++++++++++++++++++++++++++++----------------------------------
+ src/runtime/os_linux.go        |   4 ++++
+ src/runtime/sys_linux_amd64.go |   3 +++
+ src/runtime/sys_linux_amd64.s  | 187 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------------------------------
+ src/runtime/textflag.h         |  14 ++++++++++++++
+ src/syscall/asm_linux_amd64.s  |  14 +++++++-------
+ 6 files changed, 208 insertions(+), 84 deletions(-)
+ create mode 100644 src/runtime/sys_linux_amd64.go
+
+diff --git a/src/runtime/malloc.go b/src/runtime/malloc.go
+index f20ded5..a557638 100644
+--- a/src/runtime/malloc.go
++++ b/src/runtime/malloc.go
+@@ -638,42 +638,44 @@ func (h *mheap) sysAlloc(n uintptr) (v unsafe.Pointer, size uintptr) {
+ 		goto mapped
+ 	}
+ 
+-	// Try to grow the heap at a hint address.
+-	for h.arenaHints != nil {
+-		hint := h.arenaHints
+-		p := hint.addr
+-		if hint.down {
+-			p -= n
+-		}
+-		if p+n < p {
+-			// We can't use this, so don't ask.
+-			v = nil
+-		} else if arenaIndex(p+n-1) >= 1<<arenaBits {
+-			// Outside addressable heap. Can't use.
+-			v = nil
+-		} else {
+-			v = sysReserve(unsafe.Pointer(p), n)
+-		}
+-		if p == uintptr(v) {
+-			// Success. Update the hint.
+-			if !hint.down {
+-				p += n
++	if occlumentry == 0 {
++		// Try to grow the heap at a hint address.
++		for h.arenaHints != nil {
++			hint := h.arenaHints
++			p := hint.addr
++			if hint.down {
++				p -= n
+ 			}
+-			hint.addr = p
+-			size = n
+-			break
+-		}
+-		// Failed. Discard this hint and try the next.
+-		//
+-		// TODO: This would be cleaner if sysReserve could be
+-		// told to only return the requested address. In
+-		// particular, this is already how Windows behaves, so
+-		// it would simplify things there.
+-		if v != nil {
+-			sysFree(v, n, nil)
++			if p+n < p {
++				// We can't use this, so don't ask.
++				v = nil
++			} else if arenaIndex(p+n-1) >= 1<<arenaBits {
++				// Outside addressable heap. Can't use.
++				v = nil
++			} else {
++				v = sysReserve(unsafe.Pointer(p), n)
++			}
++			if p == uintptr(v) {
++				// Success. Update the hint.
++				if !hint.down {
++					p += n
++				}
++				hint.addr = p
++				size = n
++				break
++			}
++			// Failed. Discard this hint and try the next.
++			//
++			// TODO: This would be cleaner if sysReserve could be
++			// told to only return the requested address. In
++			// particular, this is already how Windows behaves, so
++			// it would simplify things there.
++			if v != nil {
++				sysFree(v, n, nil)
++			}
++			h.arenaHints = hint.next
++			h.arenaHintAlloc.free(unsafe.Pointer(hint))
+ 		}
+-		h.arenaHints = hint.next
+-		h.arenaHintAlloc.free(unsafe.Pointer(hint))
+ 	}
+ 
+ 	if size == 0 {
+diff --git a/src/runtime/os_linux.go b/src/runtime/os_linux.go
+index 058c7da..add4d3a 100644
+--- a/src/runtime/os_linux.go
++++ b/src/runtime/os_linux.go
+@@ -185,6 +185,7 @@ const (
+ 	_AT_HWCAP  = 16 // hardware capability bit vector
+ 	_AT_RANDOM = 25 // introduced in 2.6.29
+ 	_AT_HWCAP2 = 26 // hardware capability bit vector 2
++	_AT_OCCLUM = 48 // gnu syscall ABI entry address
+ )
+ 
+ var procAuxv = []byte("/proc/self/auxv\x00")
+@@ -264,6 +265,9 @@ func sysauxv(auxv []uintptr) int {
+ 
+ 		case _AT_PAGESZ:
+ 			physPageSize = val
++
++		case _AT_OCCLUM:
++			occlumentry = val
+ 		}
+ 
+ 		archauxv(tag, val)
+diff --git a/src/runtime/sys_linux_amd64.go b/src/runtime/sys_linux_amd64.go
+new file mode 100644
+index 0000000..c9369b6
+--- /dev/null
++++ b/src/runtime/sys_linux_amd64.go
+@@ -0,0 +1,3 @@
++package runtime
++
++var occlumentry uintptr = 0x0
+diff --git a/src/runtime/sys_linux_amd64.s b/src/runtime/sys_linux_amd64.s
+index 37cb8da..2b85702 100644
+--- a/src/runtime/sys_linux_amd64.s
++++ b/src/runtime/sys_linux_amd64.s
+@@ -53,7 +53,7 @@
+ TEXT runtime·exit(SB),NOSPLIT,$0-4
+ 	MOVL	code+0(FP), DI
+ 	MOVL	$SYS_exit_group, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ // func exitThread(wait *uint32)
+@@ -63,7 +63,7 @@ TEXT runtime·exitThread(SB),NOSPLIT,$0-8
+ 	MOVL	$0, (AX)
+ 	MOVL	$0, DI	// exit code
+ 	MOVL	$SYS_exit, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	// We may not even have a stack any more.
+ 	INT	$3
+ 	JMP	0(PC)
+@@ -75,7 +75,7 @@ TEXT runtime·open(SB),NOSPLIT,$0-20
+ 	MOVL	mode+8(FP), DX
+ 	MOVL	perm+12(FP), R10
+ 	MOVL	$SYS_openat, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	2(PC)
+ 	MOVL	$-1, AX
+@@ -85,7 +85,7 @@ TEXT runtime·open(SB),NOSPLIT,$0-20
+ TEXT runtime·closefd(SB),NOSPLIT,$0-12
+ 	MOVL	fd+0(FP), DI
+ 	MOVL	$SYS_close, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	2(PC)
+ 	MOVL	$-1, AX
+@@ -97,7 +97,7 @@ TEXT runtime·write1(SB),NOSPLIT,$0-28
+ 	MOVQ	p+8(FP), SI
+ 	MOVL	n+16(FP), DX
+ 	MOVL	$SYS_write, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -106,7 +106,7 @@ TEXT runtime·read(SB),NOSPLIT,$0-28
+ 	MOVQ	p+8(FP), SI
+ 	MOVL	n+16(FP), DX
+ 	MOVL	$SYS_read, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -114,7 +114,7 @@ TEXT runtime·read(SB),NOSPLIT,$0-28
+ TEXT runtime·pipe(SB),NOSPLIT,$0-12
+ 	LEAQ	r+0(FP), DI
+ 	MOVL	$SYS_pipe, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, errno+8(FP)
+ 	RET
+ 
+@@ -123,7 +123,7 @@ TEXT runtime·pipe2(SB),NOSPLIT,$0-20
+ 	LEAQ	r+8(FP), DI
+ 	MOVL	flags+0(FP), SI
+ 	MOVL	$SYS_pipe2, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, errno+16(FP)
+ 	RET
+ 
+@@ -141,40 +141,40 @@ TEXT runtime·usleep(SB),NOSPLIT,$16
+ 	MOVQ	SP, DI
+ 	MOVL	$0, SI
+ 	MOVL	$SYS_nanosleep, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ TEXT runtime·gettid(SB),NOSPLIT,$0-4
+ 	MOVL	$SYS_gettid, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+0(FP)
+ 	RET
+ 
+ TEXT runtime·raise(SB),NOSPLIT,$0
+ 	MOVL	$SYS_getpid, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, R12
+ 	MOVL	$SYS_gettid, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, SI	// arg 2 tid
+ 	MOVL	R12, DI	// arg 1 pid
+ 	MOVL	sig+0(FP), DX	// arg 3
+ 	MOVL	$SYS_tgkill, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ TEXT runtime·raiseproc(SB),NOSPLIT,$0
+ 	MOVL	$SYS_getpid, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, DI	// arg 1 pid
+ 	MOVL	sig+0(FP), SI	// arg 2
+ 	MOVL	$SYS_kill, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ TEXT ·getpid(SB),NOSPLIT,$0-8
+ 	MOVL	$SYS_getpid, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVQ	AX, ret+0(FP)
+ 	RET
+ 
+@@ -183,7 +183,7 @@ TEXT ·tgkill(SB),NOSPLIT,$0
+ 	MOVQ	tid+8(FP), SI
+ 	MOVQ	sig+16(FP), DX
+ 	MOVL	$SYS_tgkill, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ TEXT runtime·setitimer(SB),NOSPLIT,$0-24
+@@ -191,7 +191,7 @@ TEXT runtime·setitimer(SB),NOSPLIT,$0-24
+ 	MOVQ	new+8(FP), SI
+ 	MOVQ	old+16(FP), DX
+ 	MOVL	$SYS_setittimer, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ TEXT runtime·mincore(SB),NOSPLIT,$0-28
+@@ -199,7 +199,7 @@ TEXT runtime·mincore(SB),NOSPLIT,$0-28
+ 	MOVQ	n+8(FP), SI
+ 	MOVQ	dst+16(FP), DX
+ 	MOVL	$SYS_mincore, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -266,7 +266,7 @@ ret:
+ 	RET
+ fallback:
+ 	MOVQ	$SYS_clock_gettime, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	JMP ret
+ 
+ // func nanotime1() int64
+@@ -329,7 +329,7 @@ ret:
+ 	RET
+ fallback:
+ 	MOVQ	$SYS_clock_gettime, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	JMP	ret
+ 
+ TEXT runtime·rtsigprocmask(SB),NOSPLIT,$0-28
+@@ -338,7 +338,7 @@ TEXT runtime·rtsigprocmask(SB),NOSPLIT,$0-28
+ 	MOVQ	old+16(FP), DX
+ 	MOVL	size+24(FP), R10
+ 	MOVL	$SYS_rt_sigprocmask, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	2(PC)
+ 	MOVL	$0xf1, 0xf1  // crash
+@@ -350,7 +350,7 @@ TEXT runtime·rt_sigaction(SB),NOSPLIT,$0-36
+ 	MOVQ	old+16(FP), DX
+ 	MOVQ	size+24(FP), R10
+ 	MOVL	$SYS_rt_sigaction, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+32(FP)
+ 	RET
+ 
+@@ -491,7 +491,7 @@ sigtrampnog:
+ // Defined as ABIInternal since it does not use the stack-based Go ABI.
+ TEXT runtime·sigreturn<ABIInternal>(SB),NOSPLIT,$0
+ 	MOVQ	$SYS_rt_sigreturn, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	INT $3	// not reached
+ 
+ TEXT runtime·sysMmap(SB),NOSPLIT,$0
+@@ -503,7 +503,7 @@ TEXT runtime·sysMmap(SB),NOSPLIT,$0
+ 	MOVL	off+28(FP), R9
+ 
+ 	MOVL	$SYS_mmap, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	ok
+ 	NOTQ	AX
+@@ -538,7 +538,7 @@ TEXT runtime·sysMunmap(SB),NOSPLIT,$0
+ 	MOVQ	addr+0(FP), DI
+ 	MOVQ	n+8(FP), SI
+ 	MOVQ	$SYS_munmap, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	2(PC)
+ 	MOVL	$0xf1, 0xf1  // crash
+@@ -562,7 +562,7 @@ TEXT runtime·madvise(SB),NOSPLIT,$0
+ 	MOVQ	n+8(FP), SI
+ 	MOVL	flags+16(FP), DX
+ 	MOVQ	$SYS_madvise, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -576,12 +576,15 @@ TEXT runtime·futex(SB),NOSPLIT,$0
+ 	MOVQ	addr2+24(FP), R8
+ 	MOVL	val3+32(FP), R9
+ 	MOVL	$SYS_futex, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+40(FP)
+ 	RET
+ 
+ // int32 clone(int32 flags, void *stk, M *mp, G *gp, void (*fn)(void));
+ TEXT runtime·clone(SB),NOSPLIT,$0
++    CMPQ runtime·occlumentry(SB), $0x0
++    JNE occlum
++
+ 	MOVL	flags+0(FP), DI
+ 	MOVQ	stk+8(FP), SI
+ 	MOVQ	$0, DX
+@@ -644,11 +647,109 @@ nog2:
+ 	SYSCALL
+ 	JMP	-3(PC)	// keep exiting
+ 
++occlum:
++	MOVL	flags+0(FP), DI
++	MOVQ	stk+8(FP), SI
++	MOVQ	$0, DX
++	MOVQ	$0, R10
++	MOVQ    $0, R8
++	// Copy mp, gp, fn off parent stack for use by child.
++	// Careful: Linux system call clobbers CX and R11.
++	MOVQ	mp+16(FP), R13
++	MOVQ	gp+24(FP), R9
++	MOVQ	fn+32(FP), R12
++	CMPQ	R13, $0    // m
++	JEQ	occlum_nog1
++	CMPQ	R9, $0    // g
++	JEQ	occlum_nog1
++	LEAQ	m_tls(R13), R8
++#ifdef GOOS_android
++	// Android stores the TLS offset in runtime·tls_g.
++	SUBQ	runtime·tls_g(SB), R8
++#else
++	ADDQ	$8, R8	// ELF wants to use -8(FS)
++#endif
++	ORQ 	$0x00080000, DI //add flag CLONE_SETTLS(0x00080000) to call clone
++occlum_nog1:
++	// flags
++	MOVQ DI, -16(SI)
++	// fn
++	MOVQ R12, -24(SI)
++	// gp
++	MOVQ R9, -32(SI)
++	// m
++	MOVQ R13, -40(SI)
++	// lea 0x23(%rip),%rax
++	BYTE $0x48; BYTE $0x8d; BYTE $0x05; BYTE $0x23; BYTE $0x00; BYTE $0x00; BYTE $0x00
++	// thread entry point
++	MOVQ AX, -8(SI)
++
++	SUBQ $8, SI
++
++	MOVL	$SYS_clone, AX
++	// BYTE $0xcc
++	// lea 0xa(%rip),%rcx
++	BYTE $0x48; BYTE $0x8d; BYTE $0x0d; BYTE $0x0a; BYTE $0x00; BYTE $0x00; BYTE $0x00
++	MOVQ runtime·occlumentry(SB), R11
++	JMP  R11
++
++	// In parent, return.
++	MOVL	AX, ret+40(FP)
++	RET
++
++thread_entrypoint:
++	// add 8, %rsp
++	// MOVQ	SI, SP
++	ADDQ $8, SP
++
++	MOVQ SP, SI
++
++	// mov -24(%rsp), %r12
++	// fn
++	BYTE $0x4c; BYTE $0x8b; BYTE $0x64; BYTE $0x24; BYTE $0xe8
++
++	// mov -32(%rsp), %r9
++	// gp
++	BYTE $0x4c; BYTE $0x8b; BYTE $0x4c; BYTE $0x24; BYTE $0xe0
++
++	// mov -40(%rsp), %r13
++	// m
++	BYTE $0x4c; BYTE $0x8b; BYTE $0x6c; BYTE $0x24; BYTE $0xd8
++
++	// BYTE $0xcc
++
++	// If g or m are nil, skip Go-related setup.
++	CMPQ	R13, $0    // m
++	JEQ	occlum_nog2
++	CMPQ	R9, $0    // g
++	JEQ	occlum_nog2
++
++	// Initialize m->procid to Linux tid
++	MOVL	$SYS_gettid, AX
++	SYSCALL_ENHANCE
++	MOVQ	AX, m_procid(R13)
++
++	// In child, set up new stack
++	get_tls(CX)
++	MOVQ	R13, g_m(R9)
++	MOVQ	R9, g(CX)
++	CALL	runtime·stackcheck(SB)
++
++occlum_nog2:
++	// Call fn
++	CALL	R12
++
++	// It shouldn't return. If it does, exit that thread.
++	MOVL	$111, DI
++	MOVL	$SYS_exit, AX
++	SYSCALL_ENHANCE
++	JMP	-3(PC)	// keep exiting
++
+ TEXT runtime·sigaltstack(SB),NOSPLIT,$-8
+ 	MOVQ	new+0(FP), DI
+ 	MOVQ	old+8(FP), SI
+ 	MOVQ	$SYS_sigaltstack, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	2(PC)
+ 	MOVL	$0xf1, 0xf1  // crash
+@@ -665,7 +766,7 @@ TEXT runtime·settls(SB),NOSPLIT,$32
+ 	MOVQ	DI, SI
+ 	MOVQ	$0x1002, DI	// ARCH_SET_FS
+ 	MOVQ	$SYS_arch_prctl, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	2(PC)
+ 	MOVL	$0xf1, 0xf1  // crash
+@@ -673,7 +774,7 @@ TEXT runtime·settls(SB),NOSPLIT,$32
+ 
+ TEXT runtime·osyield(SB),NOSPLIT,$0
+ 	MOVL	$SYS_sched_yield, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ TEXT runtime·sched_getaffinity(SB),NOSPLIT,$0
+@@ -681,7 +782,7 @@ TEXT runtime·sched_getaffinity(SB),NOSPLIT,$0
+ 	MOVQ	len+8(FP), SI
+ 	MOVQ	buf+16(FP), DX
+ 	MOVL	$SYS_sched_getaffinity, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -689,7 +790,7 @@ TEXT runtime·sched_getaffinity(SB),NOSPLIT,$0
+ TEXT runtime·epollcreate(SB),NOSPLIT,$0
+ 	MOVL    size+0(FP), DI
+ 	MOVL    $SYS_epoll_create, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+8(FP)
+ 	RET
+ 
+@@ -697,7 +798,7 @@ TEXT runtime·epollcreate(SB),NOSPLIT,$0
+ TEXT runtime·epollcreate1(SB),NOSPLIT,$0
+ 	MOVL	flags+0(FP), DI
+ 	MOVL	$SYS_epoll_create1, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+8(FP)
+ 	RET
+ 
+@@ -708,7 +809,7 @@ TEXT runtime·epollctl(SB),NOSPLIT,$0
+ 	MOVL	fd+8(FP), DX
+ 	MOVQ	ev+16(FP), R10
+ 	MOVL	$SYS_epoll_ctl, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -721,7 +822,7 @@ TEXT runtime·epollwait(SB),NOSPLIT,$0
+ 	MOVL	timeout+20(FP), R10
+ 	MOVQ	$0, R8
+ 	MOVL	$SYS_epoll_pwait, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -731,7 +832,7 @@ TEXT runtime·closeonexec(SB),NOSPLIT,$0
+ 	MOVQ    $2, SI  // F_SETFD
+ 	MOVQ    $1, DX  // FD_CLOEXEC
+ 	MOVL	$SYS_fcntl, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ // func runtime·setNonblock(int32 fd)
+@@ -740,13 +841,13 @@ TEXT runtime·setNonblock(SB),NOSPLIT,$0-4
+ 	MOVQ    $3, SI  // F_GETFL
+ 	MOVQ    $0, DX
+ 	MOVL	$SYS_fcntl, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	fd+0(FP), DI // fd
+ 	MOVQ	$4, SI // F_SETFL
+ 	MOVQ	$0x800, DX // O_NONBLOCK
+ 	ORL	AX, DX
+ 	MOVL	$SYS_fcntl, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	RET
+ 
+ // int access(const char *name, int mode)
+@@ -757,7 +858,7 @@ TEXT runtime·access(SB),NOSPLIT,$0
+ 	MOVL	mode+8(FP), DX
+ 	MOVL	$0, R10
+ 	MOVL	$SYS_faccessat, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+16(FP)
+ 	RET
+ 
+@@ -767,7 +868,7 @@ TEXT runtime·connect(SB),NOSPLIT,$0-28
+ 	MOVQ	addr+8(FP), SI
+ 	MOVL	len+16(FP), DX
+ 	MOVL	$SYS_connect, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+24(FP)
+ 	RET
+ 
+@@ -777,7 +878,7 @@ TEXT runtime·socket(SB),NOSPLIT,$0-20
+ 	MOVL	typ+4(FP), SI
+ 	MOVL	prot+8(FP), DX
+ 	MOVL	$SYS_socket, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVL	AX, ret+16(FP)
+ 	RET
+ 
+@@ -786,6 +887,6 @@ TEXT runtime·sbrk0(SB),NOSPLIT,$0-8
+ 	// Implemented as brk(NULL).
+ 	MOVQ	$0, DI
+ 	MOVL	$SYS_brk, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVQ	AX, ret+0(FP)
+ 	RET
+diff --git a/src/runtime/textflag.h b/src/runtime/textflag.h
+index daca36d..c4056c0 100644
+--- a/src/runtime/textflag.h
++++ b/src/runtime/textflag.h
+@@ -35,3 +35,17 @@
+ // Function is the top of the call stack. Call stack unwinders should stop
+ // at this function.
+ #define TOPFRAME 2048
++
++// step one: assign syscall return address to register rcx, occlum know where
++//           should return according to rcx.
++// step two: jump to syscall interface address provided by occlum when go
++//           .bin file loaded.
++// <BYTE $0x48; BYTE $0x8d; BYTE $0x0d; BYTE $0x0c; BYTE $0x00; BYTE $0x00; BYTE $0x00>
++// actually is the assembler instruction: lea 0xc(%rip),%rcx
++#define SYSCALL_ENHANCE  \
++    CMPQ runtime·occlumentry(SB), $0x0  \
++    JBE  10(PC)  \
++    BYTE $0x48; BYTE $0x8d; BYTE $0x0d; BYTE $0x0c; BYTE $0x00; BYTE $0x00; BYTE $0x00  \
++    MOVQ runtime·occlumentry(SB), R11  \
++    JMP  R11  \
++    SYSCALL
+diff --git a/src/syscall/asm_linux_amd64.s b/src/syscall/asm_linux_amd64.s
+index ba22179..18cb535 100644
+--- a/src/syscall/asm_linux_amd64.s
++++ b/src/syscall/asm_linux_amd64.s
+@@ -22,7 +22,7 @@ TEXT ·Syscall(SB),NOSPLIT,$0-56
+ 	MOVQ	a2+16(FP), SI
+ 	MOVQ	a3+24(FP), DX
+ 	MOVQ	trap+0(FP), AX	// syscall entry
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	ok
+ 	MOVQ	$-1, r1+32(FP)
+@@ -48,7 +48,7 @@ TEXT ·Syscall6(SB),NOSPLIT,$0-80
+ 	MOVQ	a5+40(FP), R8
+ 	MOVQ	a6+48(FP), R9
+ 	MOVQ	trap+0(FP), AX	// syscall entry
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	ok6
+ 	MOVQ	$-1, r1+56(FP)
+@@ -70,7 +70,7 @@ TEXT ·RawSyscall(SB),NOSPLIT,$0-56
+ 	MOVQ	a2+16(FP), SI
+ 	MOVQ	a3+24(FP), DX
+ 	MOVQ	trap+0(FP), AX	// syscall entry
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	ok1
+ 	MOVQ	$-1, r1+32(FP)
+@@ -93,7 +93,7 @@ TEXT ·RawSyscall6(SB),NOSPLIT,$0-80
+ 	MOVQ	a5+40(FP), R8
+ 	MOVQ	a6+48(FP), R9
+ 	MOVQ	trap+0(FP), AX	// syscall entry
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	ok2
+ 	MOVQ	$-1, r1+56(FP)
+@@ -117,7 +117,7 @@ TEXT ·rawVforkSyscall(SB),NOSPLIT,$0-32
+ 	MOVQ	$0, R9
+ 	MOVQ	trap+0(FP), AX	// syscall entry
+ 	POPQ	R12 // preserve return address
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	PUSHQ	R12
+ 	CMPQ	AX, $0xfffffffffffff001
+ 	JLS	ok2
+@@ -136,7 +136,7 @@ TEXT ·rawSyscallNoError(SB),NOSPLIT,$0-48
+ 	MOVQ	a2+16(FP), SI
+ 	MOVQ	a3+24(FP), DX
+ 	MOVQ	trap+0(FP), AX	// syscall entry
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	MOVQ	AX, r1+32(FP)
+ 	MOVQ	DX, r2+40(FP)
+ 	RET
+@@ -157,7 +157,7 @@ ret:
+ 	RET
+ fallback:
+ 	MOVL	$SYS_gettimeofday, AX
+-	SYSCALL
++	SYSCALL_ENHANCE
+ 	JMP ret
+ ok7:
+ 	MOVQ	$0, err+8(FP)
+--
+libgit2 0.23.3
+
diff --git a/tools/toolchains/golang/build.sh b/tools/toolchains/golang/build.sh
index ed999297..bf66a518 100755
--- a/tools/toolchains/golang/build.sh
+++ b/tools/toolchains/golang/build.sh
@@ -17,9 +17,9 @@ cd ${BUILD_DIR}
 # Download Golang
 git clone https://github.com/golang/go .
 # Swtich to Golang 1.13.7
-git checkout -b go1.13.7 tags/go1.13.7
+git checkout -b go1.16.3 tags/go1.16.3
 # Apply the patch to adapt Golang to Occlum
-git apply ${THIS_DIR}/adapt-golang-to-occlum.patch
+git apply ${THIS_DIR}/adapt-golang1.16.3-to-occlum.patch
 
 # Build Golang
 cd src