[pmalynin]

The only entitlement that is relevant here is get-task-allow. But that would allow anyone to get a control task port for your application and do with it as they may. This functionality was not designed to be used in production — except for debugging.

The debugger entitlement is even more powerful, but once again since you’re modifying your own memory you don’t need it.

[kubkon]

Wait, but what about debuggers then? Plus hot-code reloading should only ever be used for quick development cycles when prototyping your app in debug mode, so very much what a debugger is used for, right? Additionally, I actually based the implementation of this PoC on lldb's debugserver for macOS.

[pmalynin]

Yeah this entitlement says your application is still “in-development” and allows a debugger to modify its executable memory.

[kubkon]

Exactly, and the way I see it, this is the only valid use case for hot-code reloading in the first place: app in-development. I'll try augmenting my linker to be able to bake in the entitlements into the Zig compiler and this hopefully will remove the requirement for elevating privs via "sudo". Thanks for your comments though - it's been very enlightening :-)

[jhgb]

> Plus hot-code reloading should only ever be used for quick development cycles when prototyping your app in debug mode

What about evolutionary/genetic programming? That can definitely take advantage of this as well.

[saagarjha]

The entitlement exists to enable development workflows like these.