Storage systems provide means for storing and retrieving nonvolatile data via read and write operations. The nonvolatile data may be organized into data objects, such as physical or logical volumes, file systems, files, or any other technically appropriate organization. Many storage systems implement snapshot capabilities for data objects to enable data backup, data replication, disaster recovery, point-in-time travel for debugging, and continuous data protection. A snapshot of a data object is an immutable instance of the data object, reflecting the state of the data object at a certain point in time.
An important property of snapshots is that they always reflect a consistent state of the data object. In other words, a snapshot should reflect a plausible state of the data object at some point in time. A snapshot of a data object should reflect a write operation W2 only if all write operations to the same object that are potential causal predecessors of W2 are reflected in the same snapshot. A write operation W1 is a potential causal predecessor of W2 if and only if W2 is issued by the storage client application after the completion of W1.
Certain storage client applications may operate on multiple data objects and generate causal write sequences that span multiple data objects. In such cases, generating crash-consistent snapshots for individual data objects does not ensure that the set of snapshots of the multiple data objects reflects a consistent application state. This may occur, for example, when a storage client application operating on multiple data objects generates a causal chain of write requests where a first write request is carried out on a first data object and after it completes a second write request is carried out on a second data object, and the snapshots for the first data object and the second data object are carried out independently. In such a case, the second write might be reflected in the snapshots but its predecessor write, the first write, might not be, and as a result the snapshots would not have the property referred to herein as “group crash consistency.” For a group of data object snapshots to be crash consistent (i.e., group crash-consistent), a write operation W should be reflected on a snapshot in the group only if all write operations, to any object with a snapshot in the group, that are potential causal predecessors of W are reflected in a snapshot of the same group.