Tue Jun 14 16:13:08 CEST 2011

Fault-tolerant, stateful code

There seems to be only one guiding principle: keep the invariants of
the data structure as simple as possible.  It seems to make sense to
split the problem of fault recovery into two parts:

   - temporary (local) inconsistency due to transient faults

        These are quite easy to handle by simply retrying the

   - permanent inconsistencies due to permanent state mutations

        These are really hard if there is no redundancy to bring the
        state back to consistency, or if the invariants are simply too
        complicated to "try to be smart".