I’m not convinced, that may have side-effects we’re not aware of. I think the conservative choice here would be to have the validator be an oracle, delivering
EDIT: maybe I misunderstood the quote. Did you mean that it may return different code, or different version bytes? I thought you meant code, that code would be mutated during the validation process.