Currently, the official advise is to always stop your canisters before upgrading them. This advise is well justified, but the result is quite unsatisfactory, and unbecoming of a service hosting platform that wants to attract “real” applications.
So in this blog post I explore how to write canisters that can be safely upgraded without stopping, both now and once the System API has improved:
https://www.joachim-breitner.de/blog/789-Zero-downtime_upgrades_of_Internet_Computer_canisters