So how do we detect when application code has changed? Well, there are two types of changes. The first is memory being unmapped, typically a library being unloaded. This is easy to detect as it requires an explicit system call by the application. The second type is direct memory modification. On some architectures this also requires an explicit application action, to flush the I-cache, but on x86 the hardware keeps the I-cache consistent, and the application need do nothing -- on recent processors you can write to the next instruction and the changed instruction will be correctly executed.