Research projects like RockJIT [0] can introduce a more structured approach to some aspects of JIT security. To my knowledge though it hasn't seen real-world use.

Presumably a formal approach could also work. CompCert exists, after all.

[0] https://dl.acm.org/doi/pdf/10.1145/2660267.2660281