[fiddlerwoaroof]

Not a JIT, iirc: from what I understand, without a specific JIT entitlement only Apple can give an app, it’s impossible to mark a memory page writable, write code to it and then mark it executable and run the code. This is a core security feature of the operating system.

[trws]

That’s correct AFAIK, but assumes a specific kind of JIT. It’s entirely possible for a JIT compiler to produce shared libraries (dyld files in this case) which are then loaded into the process with dlopen. It’s slower to produce a compiled function or module this way, but we actually do it in practice to allow use of compilers that aren’t traditional JIT compilers or to work around similar selinux policies. This means something like luajit wouldn’t work out of the box, but a single-pass JIT binary translation like Rosetta would work fine. Same thing for a JIT like that used in Julia IIRC.