memory layout in v8

[Luo Wu]

Hi guys,

I am a freshman to learn chromium and v8. I know that the main thread in the renderer process is bound to an Isolate in v8, and an Isolate can possess several contexts. But I am confused about the memory layout of the main thread in the renderer process.

I want to know how v8 manages the heap and stack for a given context. Does all codes(including the v8 code and JS code in different context) have the same stack? And if they have different stacks, how v8 maintains these stacks, for example, by changing the esp register? And what about the heap for different contexts?

Any ideas are appreciated. Thank you.

[Ben Noordhuis]

They all use the same heap and stack.

The heap is a per-isolate property. It has to be or contexts couldn't
touch each other's objects.

The machine code that V8 emits uses the thread's stack (i.e., the C
stack), no stack swapping takes place.

[Luo Wu]

Hi Ben,

Thanks for your reply. I am still confused about the difference between contexts. How does v8 restrict the JS code to access objects only in its context? Does it achieved by allocating objects in a given heap range, or associating each object with a Context property?

在 2018年5月17日星期四 UTC+8下午1:25:30，Ben Noordhuis写道：

[Ben Noordhuis]

On Thu, May 17, 2018 at 10:35 AM, Luo Wu <lwy...@pku.edu.cn> wrote:
> Hi Ben,
>
> Thanks for your reply. I am still confused about the difference between
> contexts. How does v8 restrict the JS code to access objects only in its
> context? Does it achieved by allocating objects in a given heap range, or
> associating each object with a Context property?

The latter, objects "know" what context they belong to.

More precisely, objects know what function constructed them (think
`obj.__proto__.constructor`) and functions have an explicit back-link
to their home context.