Rethinking Persistence in DIMSUM

[LANDAU_CHARLES@Tandem.COM]

  >it seems necessary to introduce ... Fail-fast support: given the
sudden unavailability of a page due to
   (e.g.) a machine crash, a mechanism is needed to trace back to all
   processes that map that page, including those that are not
   currently running so as to notify them.

Why is it that having a page MAPPED should qualify me for failure
notification? Carried to its logical conclusion, fail-fast would say
that if I have a key to (a segment containing) the page, I should be
notified (even if I don't have it mapped currently). Or if I could get
such a key from a directory I have, ...

The other logical extreme (fail-slow), which is what KeyKOS did (at
least in theory), is to notify only when a process attempts to actually
reference the page.

Do you have any arguments for the necessity of fail-fast, or why having
a page mapped is the right criterion for notification?

I have to disclose that Tandem does the equivalent of what you propose,
and I'm not sure it really makes sense there either.