Enable the JIT function of IOS WebKit under the jailbreak Device

In fact, a long time ago, a jailbreak worker studied how IOS's mobilesafari performs JIT processing.

Original PDF address: http://reverse.put.as/wp-content/uploads/2011/06/syscan11_breaking_ios_code_signing.pdf

The simple principle is as follows:

The essence of JIT is to dynamically generate and execute native code at runtime.

This operation is precisely forbidden by the app store because the App Store must audit a third party.ProgramThe native code to be uploaded. Therefore, the IOS system restricts the application through permission management.

The limitations can be simply understood as "dynamically generated nativecode can only be executed on a memory page ". For details, see the PDF above.

How to enable third-party application JIT on the jailbreak device:

As we all know, JIT lesafari has enabled JIT. You can use the ldid tool to view its code sign and find the following fields:

 
<Key> dynamic-codesigning </key> <true/>
 

This field is used to tell the system that the program has dynamicCode.

If we want to enable JIT for iOS chrome, we just need to refer to the http://blog.csdn.net/lucky_06/article/details/8925804 method to add the above entitlement field.

For a self-built program, you only need to add the above fields when the Code Sign entitlements is enabled.

Efficiency Comparison:

Test by sunspider, http://www.webkit.org/perf/sunspider/sunspider.html

The result on ipad2 is as follows: (representing the average completion time of each item, the smaller the better)

NoEnableJIT
: 7213 Ms

EnableJIT1803MS

The overall efficiency gap is three times that of apple.