[chrisrohlf]

Nearly every browser engine has or had patches at one time to accomplish this. Its a call to mprotect/VirtualProtect after writing native code to memory. Theres a performance hit to JIT engines that update emitted code often due to dynamic JS typing. You could always just turn off the JIT engine and execute the slower bytecode. But thanks for coming down from the mountain to enlighten us, again.

[chrisrohlf]

Heres Chris Leary's patch for Firefox. A bit dated at this point though https://bugzilla.mozilla.org/show_bug.cgi?id=677272

[throwaway2048]

Did you even read the email? It is explicitly stated that W^X modifiable with mprotect is something they are seeking to eliminate.

Due to timing issues its essentially impossible for the concept you laid out to ever provide reliable mitigation inside a program that is throwing mprotect around in a multi-threaded environment anyways.