New issue
Advanced search Search tips
Starred by 73 users

Issue metadata

Status: WorkingAsIntended
Owner: ----
Closed: Apr 2015
HW: ----
NextAction: ----
OS: ----
Priority: ----
Type: FeatureRequest

Sign in to add a comment

It's time to get iOS supported!

Reported by, Apr 6 2011

Issue description

Hello devs, previously, I was told that the problem with getting V8 to run on iOS was the fact that JIT compilation could not be supported due to Apple disabling writable and executable memory regions.

However it appears that this restriction has been lifted in iOS 4.3, since Apple decided finally decided to include their own JavaScript JIT (Nitro) on the operating system. See this gist here:

So for the hell of it, I installed 4.3.1 on my iPhone 4, made it jailbroken, and set up the gcc toolchain. So far I've build perl and git from their source sucessfully. When I tried V8, here's where it failed:

So I'm interested in hopefully getting this worked out. In the end, I'm trying to compile and run NodeJS on my iPhone. Thanks in advance!
Try implementing FlushICache via sys_icache_invalidate.

This should make compilation go further.
Attached is what I changed (clobbering any other ARM typedefs I'm sure) and I got past that file. I've updated the gist ( with the next phase of compilation (and failure), see part "2".

The error line is:
    src/objects-visiting.h:149: error: invalid conversion from 'v8::internal::AtomicWord*' to 'volatile v8::internal::Atomic32*'

Any clues? Thanks again!
2.7 KB View Download
Tweak the definitions in src/atomicops.h to make sure Atomic32 and AtomicWord get typedef'd to the same basic type (int, long, or whatever) when building on your platform.
keep up the good work!

Comment 5 by, Apr 14 2011

iOS only allows PROT_READ | PROT_EXEC or PROT_READ|PROT_WRITE.  It does not allow PROT_WRITE | PROT_EXEC.  Would it cause problems to define the Unprotect functions for executable pages as being changed away from executable?
Has anyone gotten this to work on the V8?

We're very interested in getting this to work:
hi all, i try to build v8 on xcode to run on my ipad. i pass two questions above, and stuck by a new one: (

has anyone help me? thanks alot. 

This is because we currently only support Intel architecture for MacOS. You can just comment out the entire function body.
Take a look at the error "#error Unsupported Mac OS X host architecture."

In the only IA-32 and x64 are supported. You would probably need to create src/ instead to implement what is in src/platform.h.

Comment 10 by, Jun 28 2011

Attached patch ports V8 to iOS and has been successfully tested on an iPhone 4 running 4.3.2. Please ignore the change to objects-visiting.h; this should obviously have been changing the typedef in src/atomicops.h as pointed out in comment #2. (I did this patch rather quickly.)
4.3 KB View Download

Comment 11 by, Jun 28 2011

Here's a screenshot showing my quick and dirty test-app using V8.
45.2 KB View Download

Comment 12 by, Jun 28 2011

This will only work on jailbroken devices, no?

Comment 13 by, Jun 28 2011

Most likely, yes. I have only tested it on a jailbroken device so far. I suspect that modern jailbreaks patch the kernel to allow rwx pages, and if so one would need to patch V8 further so pages are made rw- when about to be modified, and put back to r-x afterwards.

Comment 14 by, Jun 28 2011

Good luck, but I don't think stock iOS will allow you to map executable pages.  The whole point of the sandbox is to prevent userspace from creating executable code.  In that context, porting V8 to iOS is pointless, because V8 has to create executable code in order to do anything at all.

See for a details of the iOS sandbox.  See for a broader discussion.

Comment 15 by, Jun 28 2011

Sorry, what I meant was "most likely this will indeed only work on jailbroken devices". :) I'm aware of the sandbox, and I know that mapping executable pages was prohibited in earlier iOS versions. What I haven't investigated is whether this is still the case in the latest iOS. If it is, then porting V8 to iOS is pointless if you're thinking about regular AppStore apps.

However, I'm building an open source reverse-engineering tool ( that requires a jailbroken device, so V8 is very useful to me. I'm linking it statically into a shared library which gets injected into running processes at an arbitrary point in time. The debugger, running on a desktop machine (Linux/Mac/Windows) communicates with this payload, and sends it scripts to run. A script may attach itself to any function in memory (just needs the address), and the supplied callback gets called whenever the given function gets called. (This is done through hot-patching the code in memory.) The callback can inspect the argument list, modify it, read/write to memory, etc. A bit like D-Trace, but in user-space, and runs on Windows, iPhone, and, as soon as I get around to finishing the Linux .so injector, also Linux and Android. Anyway, that was a long story; I just wanted to say that I think V8 is awesome even for building reverse-engineering tools and debuggers. :)

Comment 16 by, Jun 28 2011

Here's a (cheesy) screencast of Frida's GTK+ UI injecting its payload into a running iOS app and shows how it can be used to scan and modify memory while the target process (AngryBirds) is running:

This was before the V8 scripting was added, so I think it's about time I do some new screencasts to show the V8-powered scripting in action. :)
How might you use this patch in XCode?

Comment 18 by, Dec 27 2011

Hi,Oleavr.Could you please upload the test-app using V8 source codeļ¼Ÿ

Comment 19 by, Jul 12 2012

Atleast is it possible to compile the js to target machine code ahead of time (Assuming the code doesn't use "eval", etc)
This could help to make js based apps like Node.js and more
@#19: Neither JavaScript nor V8 are designed for ahead-of-time compilation.
 Issue 2477  has been merged into this issue.
Hi all
I'm Duong. I've ported a version of V8 for iOS WITHOUT any jailbroken. I have written a Virtual Machine for V8 on iOS and used it for my cross platform game engine Jacos2D-x (It will be opensource project too). Now, I'm fixing bugs and review my code. I will submit V8 iOS source code and Jacos2D-X soon.
I have submitted V8 for iOS. Please visit my home page to download:
Duong, nice work! What is the performance like emulating IA32 on ARM? Also, why are you using such an old version of V8 (looks like 2009-2010)?
Duong, this is good work. Have you updated your code work to implement the latest V8? If not, can you please review the issues if you had tried and it failed to work?  Many thanks.
Duong, do you think it would be possible to put the source on your github site that is the simplest of a working iOS app, doing nothing more than maybe displaying a JavaScript Alert via the implementation of your V8 included in the app? It is hard for me to see just how V8 gets operationally implemented into an app. Thanks in advance. 

Comment 27 by, Apr 14 2013

If I'm not mistaken, v8 already includes an ARM simulator, so you can just use that to have it working on iOS. But it's mostly useless, because v8's speed only comes when compiling JIT for the target architecture and running compiled code.
And even if you could just switch between "rw-" and "r-x" (which sounds like something Apple wouldn't let you do, having blocked "rwx"), the cost of the switch may be too much in the JIT model.

Comment 28 by, May 13 2013

Duong (or anyone else):  Has Apple allowed into the AppStore an app that has V8-iOS embedded?  If not, does anyone know if this is possible?
Not even Google's own Chrome was allowed to use V8 on iOS so it's impossible...

Comment 30 by, May 14 2013

nelsen,  Sorry, I was being imprecise.  Yes, for various reasons -- some outlined above in this thread -- V8 was not permitted in Chrome on iOS.  

However, my questions were referring to Duong Nguyen's V8-iOS project, which he has released at  I am wondering if embedding V8-iOS still runs afoul of Apple's AppStore guidelines.  Does his virtual machine implementation mean that V8-iOS falls into the same category as embedding a modified JavaScriptCore (which has been done successfully by the folks at Titanium and others). 

It seems Duong created V8-iOS to support his game engine jacos2d-x.  If any games were written with jacos2d-x, I'd be interested to know if they made it through Apple's AppStore compliance checks.

Comment 31 by, May 14 2013

From a quick look, V8-iOS is useless, or at least redundant in trunk v8.
v8 already has an ARM simulator, which is used, for example, to interpret JS in NaCl without executable memory.
That's not a real solution here, v8 without JIT isn't fast enough.
Although someone could use the ARM simulator if they really needed v8 (like, for node.js) on iOS without jailbreaking it (or even put it on AppStore).

Comment 32 by, May 14 2013

@#31:  The V8 ARM simulator simulates ARM instructions on x86, so I don't think it's applicable to the scenario (we want to run V8 on iOS devices).  One can actually compile V8 on ARM, but it's irrelevant as a major problem is that Apple won't allow JIT in apps.  I may be incorrect, but it seems the value of V8-iOS is that it stands some chance of getting around this constraint. 

Why go through the hassle when one can just embed JavaScriptCore?  JSC is under LGPL which, under certain readings, seems to be incompatible w/ the AppStore.  V8 OTOH is under BSD-New and therefore has no such encumbrances. 

Comment 33 by, May 14 2013

The v8 ARM simulator is just a generic VM, that's why it can be used in NaCl, which is a VM by itself.
And why simulate x86 instructions on ARM when you can simulate ARM on ARM?
I doubt V8-iOS is faster than the built-in ARM simulator, but my point was that v8 now has that functionality built-in (which it probably didn't when V8-iOS was started).

You can compile v8 to just not use any JIT at all, even on a supported architecture.
Just to get things right here: Even if you use the ARM (or MIPS) simulator, v8 still uses a JIT. It just doesn't execute the generated code directly, but via a CPU simulator. Although I haven't read Apple's conditions for SW on iOS, I think the fundamental thing they disallow is making data pages executable, not a JIT in itself.
Thanks bros

Actually, I have not any app use V8-iOS on Apple Store. I'm developing a game which use Jacos2d-X. But now, I'm too busy because I have to work for money to maintain my life and my family:(. Thus I have not finished this game.

 I think a simple application use V8-iOS will be able to prove that Apple accept it or not (Infact, Spider Monkey & JavaScript Core have succeeded). Tetris game is an example:)
 I'm also studying the latest version of V8. But it too complex to integrate my VM now:|. I will tell you if I have the solution.
"why didn't I use the exist ARM simulator?"
My answer is: ARM uses RISC instructions set while x86 uses CIS. A CIS's instruction work more effectively than RISC's do. In V8-iOS, I added some complex instructions for JS to increate it's performance. In the future I will add more instructions to make it stronger.

Comment 37 by, May 17 2013

The ARM simulator has the benefit of always working in the latest release of v8, reducing the required work for supporting any change to 0.

And I would've thought ARM on ARM would be less stressful for an emulator than x86 on ARM.
Have you actually compared the performance of the two?
Hi all
V8 iOS 3.15.6 is ready. Please visit my page to checkout

Labels: Type-FeatureRequest
Status: WorkingAsIntended
There was no activity in this issue for 1.5 year and there are no plans to directly support iOS in the foreseeable future. So this FR is closed for now with 'WorkingAsIntended' to reflect the actual state.

This update has the goal to clean up the issue database. So don't infer any future conclusions.

Comment 41 by, Feb 4 2015

For future reference, the project's V8 fork with iOS support can be found here:
We're using it on iOS ARM and ARM64.
I reviewed the frida v8 fork. Sorry about the n00b question, but do you know how to see what version of v8 this was forked from and review the diffs? 

I would also love to see an official version of v8 for iOS. This is a big road block to have a fully cross platform node.js across mobile and desktop. Android support (node.js/crosswalk) is just starting to wind up but this lack of v8 support on iOS is a roadblock. For more info see
Is there any update on this issue? If this is resolved, it would be possible to use v8 for building cross platform app.
Interesting topic, I was thinking about the possibility of V8 on iOS as it is written in C++. Any update on this topic? Also as iOS 11 was released not long ago.

Sign in to add a comment