Remember: One reason to actually have native code is to implement other languages. E.g. Lisp or Forth or Ocaml. These languages are interactive, so they can download additional code, compile and run it - to native code on fast implementations. Game engines have an AI subsystem, which is quite often written in such a language.
Of course it is impossible to prove such a thing as "safe" (or rather the reverse: It is easy to prove it as unsafe). Therefore I think the right thing to do for untrusted native code is indeed to sandbox the native code in a VM, and not to check the code itself - and rely on something like NX bit and disable "self-modifying code" (generated code is "self-modified").
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds