undefined | Better HN

0 pointsjlokier5y ago0 comments

A JIT generally means it compiles parts of the program to machine code on the fly before running them, as needed.

To support that, the environment must allow the JIT to write machine code to memory, and then execute that same code.

CPUs have memory protection flags to control which memory areas can be written, and which can be executed. The OS is in charge of setting those flags, on request from the application. Eg. mmap and mprotect system calls.

iOS denies requests for memory that is both writable and executable at the same time. So applications cannot get the type of memory area a JIT needs. There are indirect methods where a file is written then mapped, like generating a small program or shared library on the fly. But iOS restricts these as well.

There are workarounds for a developer's personal applications, used on their own registered iOS devices. But these workarounds cannot be run by everyone else, except people with a jailbroken iOS. They cannot be used in applications on the App Store.

0 comments

2 comments · 1 top-level

moonchild5y ago· 1 in thread

W^X is not the issue here. JITs can deal with that, and in fact should do so even when it's not OS-enforced for security reasons. The problem on ios specifically is code signing, which is a problem for both JIT and AOT.

jlokierOP5y ago

"There are indirect methods where a file is written then mapped, like generating a small program or shared library on the fly. But iOS restricts these as well."

j / k navigate · click thread line to collapse