The latest articles on DEV Community by amir (@amirsefati). https://dev.to/amirsefati https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F161199%2F1386903f-a273-4172-a7ba-0585d3e4d5dd.jpeg https://dev.to/amirsefati en amir Wed, 03 Jun 2026 09:36:55 +0000 https://dev.to/amirsefati/from-elasticsearch-bottlenecks-to-weaviate-how-we-built-fast-hybrid-search-in-production-b4i https://dev.to/amirsefati/from-elasticsearch-bottlenecks-to-weaviate-how-we-built-fast-hybrid-search-in-production-b4i <p>For years, Elasticsearch was one of those tools I would almost automatically reach for whenever a system needed search.</p> <p>And honestly, for many use cases, it is still excellent.</p> <p>If you need full-text search, filtering, aggregations, faceting, observability queries, or log exploration, Elasticsearch is a very mature and powerful engine. Its lexical search capabilities, especially through BM25 and inverted indexes, are battle-tested.</p> <p>But my problem started when the product requirement changed from:</p> <blockquote> <p>“Find documents that contain these words.”</p> </blockquote> <p>to:</p> <blockquote> <p>“Find documents that match the meaning of what the user is asking, but still respect exact keywords when they matter.”</p> </blockquote> <p>That is where pure keyword search was no longer enough.</p> <p>We needed <strong>real hybrid search</strong>.</p> <p>Not just semantic search.<br><br> Not just BM25.<br><br> Not a manually glued-together ranking system.</p> <p>We needed a search engine that could combine:</p> <ul> <li>exact keyword matching,</li> <li>semantic similarity,</li> <li>metadata filtering,</li> <li>predictable latency,</li> <li>and production-level throughput.</li> </ul> <p>At first, I tried to make Elasticsearch do it.</p> <p>That decision taught me a lot.</p> <p>Eventually, it also pushed me toward Weaviate.</p> <p>This article is a practical breakdown of what went wrong, why hybrid search is harder than it looks, how Weaviate approaches the problem, and how I think about evaluating vector search quality in production.</p> <h2> The problem: keyword search was no longer enough </h2> <p>Traditional search engines are very good at lexical matching.</p> <p>If a user searches for:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>linux kernel tuning </code></pre> </div> <p>BM25 can rank documents that contain terms like <code>linux</code>, <code>kernel</code>, and <code>tuning</code> very well.</p> <p>But what happens when the user searches for:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>how to reduce context switching overhead in a container runtime </code></pre> </div> <p>The best document might not contain that exact sentence.</p> <p>It might talk about:</p> <ul> <li>Linux namespaces</li> <li>cgroups</li> <li>scheduler behavior</li> <li>CPU pressure</li> <li>process isolation</li> <li>runtime overhead</li> </ul> <p>A pure keyword engine may miss or rank it lower because the vocabulary is different.</p> <p>This is where <strong>semantic search</strong> becomes useful.</p> <p>Instead of only matching words, semantic search converts both documents and queries into vectors, usually called <strong>embeddings</strong>. These embeddings represent the meaning of the text in a high-dimensional space.</p> <p>Documents with similar meaning end up close to each other in that vector space.</p> <p>So now the search engine can understand that:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"improve API latency under load" </code></pre> </div> <p>is related to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"reduce p99 response time during high traffic" </code></pre> </div> <p>even if the exact words are different.</p> <p>But semantic search alone is also not perfect.</p> <p>Sometimes exact terms matter a lot.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>PostgreSQL jsonb index performance </code></pre> </div> <p>In this query, the terms <code>PostgreSQL</code>, <code>jsonb</code>, and <code>index</code> are not optional. A purely semantic result about generic database performance may sound similar, but it is not good enough.</p> <p>That is why hybrid search matters.</p> <p>A strong search system should understand both:</p> <ol> <li><strong>What the user literally typed</strong></li> <li><strong>What the user actually means</strong></li> </ol> <h2> My first approach: forcing Elasticsearch to behave like a vector search engine </h2> <p>The first implementation was based on Elasticsearch.</p> <p>The idea looked simple:</p> <ol> <li>Use BM25 for keyword scoring.</li> <li>Use vector similarity for semantic scoring.</li> <li>Combine both scores into one final score.</li> <li>Return the top results.</li> </ol> <p>Conceptually, it made sense.</p> <p>In practice, it became painful.</p> <p>The challenge was score fusion.</p> <p>BM25 scores and vector similarity scores are not naturally comparable.</p> <p>BM25 might produce values like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>12.4 27.8 43.1 </code></pre> </div> <p>while cosine similarity might produce values like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>0.71 0.82 0.91 </code></pre> </div> <p>If you combine them naively, the ranking becomes unstable.</p> <p>You cannot simply do:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>final_score = bm25_score + cosine_similarity </code></pre> </div> <p>because the scales are completely different.</p> <p>You need normalization, weighting, ranking logic, and careful testing.</p> <p>In my first version, I tried using custom scripting logic to combine lexical and vector scores at query time.</p> <p>That was the mistake.</p> <h2> The production bottleneck </h2> <p>Custom scoring logic can look elegant in a prototype.</p> <p>Under production traffic, it can become expensive very quickly.</p> <p>The main issue was that vector math and score fusion were happening during query execution. That meant every search request had to do extra scoring work on top of the normal search pipeline.</p> <p>As traffic increased, the symptoms became obvious:</p> <ul> <li>CPU usage started spiking.</li> <li>Tail latency became unstable.</li> <li>p95 and p99 response times became much worse.</li> <li>Scaling required more resources than expected.</li> <li>Search quality improvements were difficult to test safely.</li> </ul> <p>The biggest lesson was not that Elasticsearch is bad.</p> <p>The lesson was:</p> <blockquote> <p>A system optimized for lexical search should not always be forced to become the core of a high-throughput vector search architecture.</p> </blockquote> <p>Elasticsearch can support vector search in modern versions, and for many teams it may be enough. But in my case, the implementation became too complex and too expensive for the kind of hybrid search behavior we needed.</p> <p>I wanted a system where hybrid search was not an afterthought.</p> <p>That is when I started looking seriously at Weaviate.</p> <h2> Why Weaviate felt like the right tool </h2> <p>Weaviate is an open-source vector database written in Go.</p> <p>That immediately caught my attention because I work a lot with Go, backend architecture, and performance-sensitive systems. But the language itself was not the main reason.</p> <p>The real reason was the architecture.</p> <p>Weaviate was designed around vector search from the beginning.</p> <p>Instead of treating embeddings as an extra field attached to a traditional search engine, Weaviate treats vectors as a first-class part of the storage and search model.</p> <p>At a high level, it gives you:</p> <ul> <li>vector search,</li> <li>BM25 keyword search,</li> <li>hybrid search,</li> <li>metadata filtering,</li> <li>schema-based data modeling,</li> <li>GraphQL and REST APIs,</li> <li>and production-oriented indexing options.</li> </ul> <p>For my use case, the most important part was that Weaviate could combine semantic and keyword search natively.</p> <p>No custom query-time score script.</p> <p>No fragile manual scoring layer.</p> <p>No forcing two different ranking systems together in application code.</p> <h2> Quick mental model: how vector search works </h2> <p>Before going deeper into Weaviate, it is useful to understand the basic idea behind vector search.</p> <p>A machine learning model converts text into an embedding:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"Linux kernel performance tuning" </code></pre> </div> <p>becomes something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[0.012, -0.431, 0.227, 0.091, ...] </code></pre> </div> <p>That vector may have hundreds or thousands of dimensions depending on the embedding model.</p> <p>The same thing happens to every document in your database.</p> <p>When a user sends a query, the query is also converted into a vector. Then the search engine tries to find the nearest vectors.</p> <p>The simplest way to think about this is distance.</p> <p>For example, Euclidean distance between two vectors can be represented as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>d(p, q) = sqrt(sum((q_i - p_i)^2)) </code></pre> </div> <p>Another common approach is cosine similarity, which compares the angle between two vectors.</p> <p>In real production systems, searching every vector one by one would be too slow at scale. If you have millions of documents, exact brute-force search is usually not practical.</p> <p>That is why vector databases use <strong>Approximate Nearest Neighbor</strong> algorithms, usually called ANN.</p> <p>ANN algorithms trade a tiny amount of perfect accuracy for a massive improvement in speed.</p> <p>One of the most popular ANN algorithms is <strong>HNSW</strong>.</p> <h2> HNSW: the graph behind fast vector search </h2> <p>Weaviate uses HNSW, which stands for <strong>Hierarchical Navigable Small World</strong>.</p> <p>You can think of HNSW as a graph structure built on top of your vectors.</p> <p>Instead of scanning every vector, the engine navigates through a graph to quickly move toward the nearest neighbors.</p> <p>A simplified mental model:</p> <ul> <li>Similar vectors are connected.</li> <li>The graph has multiple layers.</li> <li>Higher layers allow faster long-distance jumps.</li> <li>Lower layers refine the search near the best candidates.</li> </ul> <p>This makes search much faster than brute force while still returning high-quality results.</p> <p>For large-scale semantic search, this matters a lot.</p> <p>A vector database is not only about storing embeddings. The real value is in how efficiently it can index, traverse, filter, and rank them under load.</p> <h2> Hybrid search: why score fusion is harder than it looks </h2> <p>The hardest part of hybrid search is not running BM25.</p> <p>It is not running vector search either.</p> <p>The hard part is combining the results correctly.</p> <p>BM25 and vector search produce different types of scores.</p> <p>BM25 is based on term frequency, inverse document frequency, field length, and lexical relevance.</p> <p>Vector similarity is based on distance or similarity in embedding space.</p> <p>These scores do not mean the same thing.</p> <p>So instead of directly adding scores together, a better strategy is often to combine rankings.</p> <p>This is where rank fusion becomes useful.</p> <h2> Reciprocal Rank Fusion: a better way to combine results </h2> <p>One common technique for hybrid ranking is <strong>Reciprocal Rank Fusion</strong>, usually shortened to RRF.</p> <p>Instead of saying:</p> <blockquote> <p>“This document has a BM25 score of 30 and a vector score of 0.88, so let’s add them.”</p> </blockquote> <p>RRF says:</p> <blockquote> <p>“Where did this document rank in the keyword result list, and where did it rank in the vector result list?”</p> </blockquote> <p>Then it combines ranks.</p> <p>A simplified formula looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>RRF_score = 1 / (k + rank_keyword) + 1 / (k + rank_vector) </code></pre> </div> <p>The exact implementation details can vary, but the idea is powerful: ranking position becomes more important than raw score scale.</p> <p>This avoids many of the problems caused by incompatible scoring systems.</p> <p>In Weaviate, hybrid search also exposes an <code>alpha</code> parameter, which lets you control the balance between keyword and vector search.</p> <p>Conceptually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>alpha = 0.0 -&gt; keyword-focused search alpha = 1.0 -&gt; vector-focused search alpha = 0.5 -&gt; balanced hybrid search </code></pre> </div> <p>That is extremely useful in real systems.</p> <p>Different product areas may need different search behavior.</p> <p>For example:</p> <ul> <li>Documentation search may need more semantic matching.</li> <li>SKU or product-code search may need stronger keyword matching.</li> <li>Support ticket search may need a balance of both.</li> <li>Log or error search may need exact matching for IDs and stack traces.</li> </ul> <p>Being able to tune this without rewriting the whole scoring system is a big win.</p> <h2> Example: hybrid search with the Go client </h2> <p>Here is a simplified example using the Weaviate Go client.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"context"</span> <span class="s">"fmt"</span> <span class="s">"log"</span> <span class="s">"github.com/weaviate/weaviate-go-client/v5/weaviate"</span> <span class="s">"github.com/weaviate/weaviate-go-client/v5/weaviate/graphql"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">cfg</span> <span class="o">:=</span> <span class="n">weaviate</span><span class="o">.</span><span class="n">Config</span><span class="p">{</span> <span class="n">Host</span><span class="o">:</span> <span class="s">"localhost:8080"</span><span class="p">,</span> <span class="n">Scheme</span><span class="o">:</span> <span class="s">"http"</span><span class="p">,</span> <span class="p">}</span> <span class="n">client</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">weaviate</span><span class="o">.</span><span class="n">NewClient</span><span class="p">(</span><span class="n">cfg</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> <span class="n">result</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">GraphQL</span><span class="p">()</span><span class="o">.</span><span class="n">Get</span><span class="p">()</span><span class="o">.</span> <span class="n">WithClassName</span><span class="p">(</span><span class="s">"Article"</span><span class="p">)</span><span class="o">.</span> <span class="n">WithFields</span><span class="p">(</span> <span class="n">graphql</span><span class="o">.</span><span class="n">Field</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"title"</span><span class="p">},</span> <span class="n">graphql</span><span class="o">.</span><span class="n">Field</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"summary"</span><span class="p">},</span> <span class="n">graphql</span><span class="o">.</span><span class="n">Field</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"_additional"</span><span class="p">,</span> <span class="n">Fields</span><span class="o">:</span> <span class="p">[]</span><span class="n">graphql</span><span class="o">.</span><span class="n">Field</span><span class="p">{</span> <span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"score"</span><span class="p">},</span> <span class="p">}},</span> <span class="p">)</span><span class="o">.</span> <span class="n">WithHybrid</span><span class="p">(</span><span class="n">client</span><span class="o">.</span><span class="n">GraphQL</span><span class="p">()</span><span class="o">.</span><span class="n">HybridArgumentBuilder</span><span class="p">()</span><span class="o">.</span> <span class="n">WithQuery</span><span class="p">(</span><span class="s">"best practices for linux kernel tuning"</span><span class="p">)</span><span class="o">.</span> <span class="n">WithAlpha</span><span class="p">(</span><span class="m">0.7</span><span class="p">),</span> <span class="p">)</span><span class="o">.</span> <span class="n">WithLimit</span><span class="p">(</span><span class="m">10</span><span class="p">)</span><span class="o">.</span> <span class="n">Do</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"%+v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">result</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>In this example, <code>alpha = 0.7</code> means the query is more semantic than lexical, but keyword matching still contributes to the final ranking.</p> <p>That is exactly the kind of control I wanted.</p> <h2> Production benchmark: what changed after migration </h2> <p>In one internal test, I used a dataset of around 1.5 million text documents, including articles, technical notes, and internal documentation.</p> <p>The goal was not to create a perfect academic benchmark. The goal was to compare the behavior of the previous implementation with the new architecture under similar load.</p> <p>The difference was significant.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>System</th> <th>Search Type</th> <th>Fusion Strategy</th> <th>Approx. p99 Latency</th> <th>CPU Behavior Under Load</th> </tr> </thead> <tbody> <tr> <td>Elasticsearch</td> <td>Hybrid</td> <td>Custom query-time scoring</td> <td>~850 ms</td> <td>Frequent CPU spikes</td> </tr> <tr> <td>Weaviate</td> <td>Hybrid</td> <td>Native hybrid ranking</td> <td>~45 ms</td> <td>Much more stable</td> </tr> </tbody> </table></div> <p>The exact numbers will depend on hardware, schema, vector dimensions, indexing configuration, filters, and query patterns.</p> <p>But the important part was not only the latency improvement.</p> <p>The bigger win was operational simplicity.</p> <p>After the migration:</p> <ul> <li>ranking logic became easier to reason about,</li> <li>query latency became more predictable,</li> <li>CPU usage was more stable,</li> <li>scaling was easier,</li> <li>and experiments with different <code>alpha</code> values became much safer.</li> </ul> <p>That matters a lot in production.</p> <p>Performance is not only about the fastest possible average response time.</p> <p>It is also about predictability.</p> <p>A search system that is fast 90% of the time but unstable at p99 can still hurt the user experience badly.</p> <h2> The hidden challenge: evaluating search quality </h2> <p>Performance is only half of the story.</p> <p>A fast search engine that returns bad results is still a bad search engine.</p> <p>After moving to vector or hybrid search, one of the most important questions becomes:</p> <blockquote> <p>How do we know the new search is actually better?</p> </blockquote> <p>This gets especially important when changing embedding models.</p> <p>For example, imagine moving from one embedding model to a newer one.</p> <p>The new model may produce better vectors.</p> <p>Or it may be worse for your specific domain.</p> <p>You cannot rely only on intuition.</p> <p>You need evaluation.</p> <h2> Metric 1: Mean Reciprocal Rank </h2> <p>Mean Reciprocal Rank, or MRR, measures how early the first relevant result appears.</p> <p>If the correct result is ranked first, the reciprocal rank is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1 / 1 = 1.0 </code></pre> </div> <p>If it appears in position 5:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1 / 5 = 0.2 </code></pre> </div> <p>Then you average this across many test queries.</p> <p>MRR is useful when the user usually needs one best answer.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>"How do I configure cgroups v2 memory limits?" </code></pre> </div> <p>If the best document is result number one, the search is doing well.</p> <p>If the best document is buried on page three, the user experience is poor.</p> <h2> Metric 2: Recall@K </h2> <p>Recall@K answers a different question:</p> <blockquote> <p>Out of all relevant documents, how many did we return in the top K results?</p> </blockquote> <p>For example, Recall@10 checks how many relevant documents appear in the first 10 results.</p> <p>This is useful when there may be multiple correct results.</p> <p>For documentation, research, support tickets, or internal knowledge bases, Recall@K can be more useful than only checking the top result.</p> <h2> Metric 3: NDCG </h2> <p>NDCG stands for <strong>Normalized Discounted Cumulative Gain</strong>.</p> <p>It is useful when relevance is not binary.</p> <p>A result can be:</p> <ul> <li>perfect,</li> <li>good,</li> <li>somewhat related,</li> <li>or irrelevant.</li> </ul> <p>NDCG rewards highly relevant documents appearing near the top of the result list.</p> <p>This is closer to how real users experience search.</p> <p>A search result ranked #1 matters more than a result ranked #9.</p> <h2> Metric 4: visual inspection with UMAP or t-SNE </h2> <p>Metrics are important, but visual inspection can also help.</p> <p>One useful technique is to export a sample of your embeddings and reduce them to two dimensions using UMAP or t-SNE.</p> <p>Then you can plot them and inspect whether similar documents form clear clusters.</p> <p>For example, if you are indexing technical articles, you might expect clusters like:</p> <ul> <li>Linux kernel</li> <li>PostgreSQL</li> <li>Kubernetes</li> <li>Go concurrency</li> <li>distributed systems</li> <li>observability</li> </ul> <p>If everything is mixed together randomly, your embedding model may not be representing your domain well.</p> <p>This does not replace proper evaluation, but it can reveal issues quickly.</p> <h2> Practical lessons from the migration </h2> <p>Here are the biggest lessons I took from this project.</p> <h3> 1. Do not treat vector search as just another field type </h3> <p>Embeddings change the architecture of search.</p> <p>They are not just another column in your database.</p> <p>You need to think about indexing, memory, distance metrics, filtering, ranking, and evaluation.</p> <h3> 2. Hybrid search is usually better than pure semantic search </h3> <p>Pure semantic search can be impressive in demos, but production users often search with exact terms.</p> <p>They search for:</p> <ul> <li>product codes,</li> <li>error messages,</li> <li>function names,</li> <li>ticket IDs,</li> <li>file names,</li> <li>database fields,</li> <li>framework names.</li> </ul> <p>A good system should not ignore those signals.</p> <h3> 3. Score fusion deserves serious attention </h3> <p>Combining BM25 and vector similarity incorrectly can make search worse.</p> <p>Rank fusion techniques are often safer than manually combining raw scores.</p> <h3> 4. p99 latency matters more than a beautiful demo </h3> <p>A search demo with 100 documents is easy.</p> <p>A production system with millions of documents, filters, concurrent users, and unpredictable queries is different.</p> <p>Always test tail latency.</p> <h3> 5. Measure quality before changing embedding models </h3> <p>A newer model is not automatically better for your data.</p> <p>Build a small evaluation dataset with real queries and expected results.</p> <p>Even 50 to 100 carefully selected queries can reveal a lot.</p> <h2> When I would still use Elasticsearch </h2> <p>This migration does not mean I would never use Elasticsearch again.</p> <p>I would still choose Elasticsearch for many use cases:</p> <ul> <li>log search,</li> <li>observability,</li> <li>analytics-heavy search,</li> <li>faceted search,</li> <li>complex aggregations,</li> <li>mature operational environments already built around Elastic.</li> </ul> <p>Elasticsearch is still a great tool.</p> <p>The point is not “Elasticsearch bad, Weaviate good.”</p> <p>The point is:</p> <blockquote> <p>Choose the system that matches the shape of your problem.</p> </blockquote> <p>For my specific case, the problem was high-throughput hybrid semantic search.</p> <p>For that, Weaviate was a better fit.</p> <h2> Final thoughts </h2> <p>The biggest engineering mistake is often not choosing a bad tool.</p> <p>It is choosing a good tool for the wrong job.</p> <p>Elasticsearch is a powerful search engine, but when I needed production-grade hybrid search with strong vector search behavior, custom score fusion became too expensive and too hard to maintain.</p> <p>Weaviate gave me a cleaner architecture:</p> <ul> <li>native vector search,</li> <li>BM25 support,</li> <li>hybrid ranking,</li> <li>HNSW indexing,</li> <li>metadata filtering,</li> <li>and a much simpler path to experimentation.</li> </ul> <p>The migration improved latency, reduced operational complexity, and made ranking behavior easier to tune.</p> <p>But the most important lesson was deeper:</p> <p>Search quality is a product feature, not just an infrastructure feature.</p> <p>You need to measure it, tune it, and treat it as part of the user experience.</p> <p>If you are building search for technical documentation, e-commerce, internal knowledge bases, support systems, or AI-powered products, hybrid search is probably worth serious consideration.</p> <p>And if you are currently fighting custom score scripts, unstable p99 latency, and hard-to-debug ranking behavior, it may be time to ask whether your search engine is doing the job it was originally designed to do.</p> <h2> Discussion </h2> <p>Have you implemented hybrid search in production?</p> <p>I would be interested to hear:</p> <ul> <li>whether you used Elasticsearch, OpenSearch, Weaviate, Qdrant, Pinecone, or another system,</li> <li>how you handled score fusion,</li> <li>and how you measured search quality beyond just latency.</li> </ul> search weaviate elasticsearch go amir Tue, 02 Jun 2026 15:48:08 +0000 https://dev.to/amirsefati/demystifying-the-linux-page-cache-the-kernel-optimization-hiding-behind-every-fast-io-40ee https://dev.to/amirsefati/demystifying-the-linux-page-cache-the-kernel-optimization-hiding-behind-every-fast-io-40ee <p>For the last few months, I have been spending a lot of time reading and researching Linux kernel internals.</p> <p>Not just from the surface.</p> <p>I mean going deeper into how the kernel actually manages memory, file I/O, processes, namespaces, cgroups, filesystems, and all the invisible mechanisms that make our backend systems feel fast.</p> <p>As backend engineers, we usually talk about performance in terms of application code:</p> <ul> <li>optimize the query</li> <li>add Redis</li> <li>reduce allocations</li> <li>use a better index</li> <li>improve concurrency</li> <li>tune the API response time</li> </ul> <p>And all of those things matter.</p> <p>But after working on production systems for years, I have learned that sometimes the real bottleneck is not inside your application code.</p> <p>Sometimes the real story is happening below your code, inside the operating system.</p> <p>One of the most important examples of that is the <strong>Linux Page Cache</strong>.</p> <p>It is one of those kernel features that quietly improves almost every backend system we run. It makes file reads faster, batches writes, reduces disk pressure, and gives us the illusion that storage is much faster than it actually is.</p> <p>But it also comes with trade-offs.</p> <p>And if you do not understand those trade-offs, you can easily misread performance numbers, misunderstand memory usage, or even risk losing data in the wrong failure scenario.</p> <p>This article is my attempt to explain the Linux Page Cache from a backend engineer’s point of view.</p> <p>Not as a kernel developer writing C inside <code>mm/filemap.c</code>.</p> <p>But as someone who builds systems on top of Linux and wants to understand what the kernel is really doing behind the scenes.</p> <h2> Why Page Cache Exists </h2> <p>The reason Page Cache exists is simple:</p> <p><strong>Disk is slow. RAM is fast.</strong></p> <p>Even with modern SSDs and NVMe drives, accessing persistent storage is still much slower than accessing memory.</p> <p>When our application reads from a file, the kernel could theoretically go to the disk every single time.</p> <p>But that would be extremely inefficient.</p> <p>So Linux uses available memory as a cache for file data.</p> <p>That cache is called the <strong>Page Cache</strong>.</p> <p>When a process reads a file, Linux usually does not just copy data directly from disk to the application and forget about it.</p> <p>Instead, the kernel loads file data into memory pages and keeps those pages around.</p> <p>So the next time the same file data is requested, Linux can serve it directly from RAM instead of touching the disk again.</p> <p>That is the basic idea.</p> <p>But the impact is huge.</p> <p>Imagine a web server reading the same static files again and again.</p> <p>Or a database repeatedly touching the same data files.</p> <p>Or a log processor scanning files that were recently written.</p> <p>Without Page Cache, every access would become much more expensive.</p> <p>With Page Cache, many of those reads become memory-speed operations.</p> <h2> The First Important Idea: Linux Uses Free RAM Aggressively </h2> <p>One thing that confuses many developers is Linux memory usage.</p> <p>You run <code>free -h</code>, and it looks like most of your RAM is used.</p> <p>At first, it feels scary.</p> <p>But often, that memory is not “wasted” or permanently consumed by applications.</p> <p>A large part of it may be used by the kernel for cache.</p> <p>Linux has a very practical philosophy:</p> <blockquote> <p>Empty RAM is wasted RAM.</p> </blockquote> <p>So if memory is available, the kernel uses it to cache useful data.</p> <p>If an application later needs more memory, Linux can reclaim cache pages and give that memory back.</p> <p>This is why a Linux server may look like it is using a lot of RAM even when your applications are not actually consuming that much.</p> <p>The kernel is trying to help you.</p> <p>It is using memory to avoid unnecessary disk I/O.</p> <p>That is Page Cache doing its job.</p> <h2> What Actually Happens During a File Read? </h2> <p>Let’s say your application calls <code>read()</code> on a file.</p> <p>At a high level, Linux checks whether the requested file data already exists in the Page Cache.</p> <p>There are two possible outcomes.</p> <h3> Cache Hit </h3> <p>If the data is already in memory, the kernel can copy it to your application without going to disk.</p> <p>This is fast.</p> <p>Very fast compared to storage.</p> <h3> Cache Miss </h3> <p>If the data is not in memory, Linux has to read it from disk.</p> <p>But after reading it, the kernel stores it in the Page Cache.</p> <p>So the first read may be slower, but future reads can be much faster.</p> <p>This is one reason benchmarks can be misleading.</p> <p>If you run the same file-read benchmark twice, the second run may look much faster because the data is already cached.</p> <p>Your application did not magically become better.</p> <p>The kernel just remembered the file data.</p> <h2> The Kernel Also Predicts What You Might Read Next </h2> <p>Linux does not only cache what you already read.</p> <p>It also tries to predict what you are going to read.</p> <p>For sequential file access, the kernel may perform <strong>readahead</strong>.</p> <p>That means when you read one part of a file, Linux may load the next parts into memory before you explicitly ask for them.</p> <p>This is extremely useful for workloads like:</p> <ul> <li>reading large logs</li> <li>streaming files</li> <li>scanning datasets</li> <li>serving static assets</li> <li>processing backups</li> <li>importing CSV files</li> </ul> <p>From the application’s point of view, it may feel like the disk is faster than expected.</p> <p>But in reality, the kernel is doing smart work in the background.</p> <p>It sees a pattern and tries to stay ahead of your application.</p> <h2> Writes Are Even More Interesting </h2> <p>Reads are easy to understand:</p> <blockquote> <p>If data is cached, serve it from RAM.</p> </blockquote> <p>Writes are more subtle.</p> <p>When your application writes data to a file, Linux usually does not immediately force that data to physical storage.</p> <p>Instead, the kernel writes the data into memory and marks the affected pages as <strong>dirty</strong>.</p> <p>A dirty page means:</p> <blockquote> <p>This page has been modified in memory, but the change has not necessarily been persisted to disk yet.</p> </blockquote> <p>This is where the kernel gives your application a very useful illusion.</p> <p>Your application calls <code>write()</code>.</p> <p>The kernel accepts the data.</p> <p>The call returns successfully.</p> <p>But that does not always mean the data is already safely stored on disk.</p> <p>It may only mean the data is now in the kernel’s memory and scheduled to be written later.</p> <p>This is one of the biggest performance tricks in the operating system.</p> <p>And also one of the most important trade-offs.</p> <h2> Why Delayed Writes Are So Powerful </h2> <p>Imagine an application appending tiny log entries to a file thousands of times per second.</p> <p>If Linux forced every small write to disk immediately, performance would be terrible.</p> <p>Storage devices are much better at handling larger, sequential writes than many tiny random writes.</p> <p>So Linux delays and combines writes.</p> <p>Many small writes can be collected in memory and later flushed to disk in a more efficient way.</p> <p>This process is called <strong>writeback</strong>.</p> <p>The kernel has background mechanisms that periodically flush dirty pages to storage.</p> <p>This gives us much better throughput.</p> <p>Instead of turning every <code>write()</code> call into an expensive physical I/O operation, Linux turns many small writes into fewer, larger writes.</p> <p>That is a huge win for performance.</p> <h2> The Dangerous Part: <code>write()</code> Is Not <code>fsync()</code> </h2> <p>This is where many bugs and misunderstandings happen.</p> <p>A successful <code>write()</code> does not always mean your data is durable.</p> <p>It usually means the kernel accepted your data.</p> <p>If the machine loses power before dirty pages are flushed, some recently written data may be lost.</p> <p>That is why databases, queues, and storage engines care so much about <code>fsync()</code>.</p> <p>When durability matters, you need to force the kernel to flush data to stable storage.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">write</span><span class="p">(</span><span class="n">fd</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="n">size</span><span class="p">);</span> <span class="n">fsync</span><span class="p">(</span><span class="n">fd</span><span class="p">);</span> </code></pre> </div> <p><code>write()</code> says:</p> <blockquote> <p>Please accept this data.</p> </blockquote> <p><code>fsync()</code> says:</p> <blockquote> <p>Now make sure it is actually persisted.</p> </blockquote> <p>This distinction is extremely important when building systems where data loss is not acceptable.</p> <p>For normal logs, delayed writeback may be fine.</p> <p>For a financial transaction, it is not something you can ignore.</p> <h2> Why Databases Behave Differently </h2> <p>Databases like PostgreSQL, MySQL, RocksDB, and others are very careful with disk I/O.</p> <p>They know the kernel is caching data.</p> <p>They know writes may be delayed.</p> <p>They know crashes can happen.</p> <p>So they use techniques like:</p> <ul> <li>write-ahead logging</li> <li><code>fsync</code></li> <li>checkpoints</li> <li>direct I/O in some configurations</li> <li>controlled flushing</li> <li>careful ordering of writes</li> </ul> <p>A database cannot simply trust that because <code>write()</code> returned successfully, everything is safe.</p> <p>It needs stronger guarantees.</p> <p>This is also why database performance tuning is complicated.</p> <p>You are not only tuning SQL queries.</p> <p>You are tuning the interaction between:</p> <ul> <li>application</li> <li>database engine</li> <li>filesystem</li> <li>Linux kernel</li> <li>Page Cache</li> <li>storage device</li> <li>cloud virtualization layer</li> </ul> <p>That stack is deep.</p> <p>And Page Cache sits right in the middle of it.</p> <h2> Page Cache and <code>mmap</code> </h2> <p>Another important part of this story is <code>mmap</code>.</p> <p>With normal file I/O, you call <code>read()</code> and <code>write()</code>.</p> <p>With <code>mmap</code>, a file can be mapped into a process’s virtual memory.</p> <p>Then the application can access file data almost like normal memory.</p> <p>But behind the scenes, Page Cache is still involved.</p> <p>When the process touches a memory-mapped page, the kernel may load the corresponding file data into the Page Cache.</p> <p>This is powerful because it can reduce copying and make file access feel very natural from the application side.</p> <p>But it also means that memory-mapped I/O is deeply connected to the kernel’s virtual memory system.</p> <p>This is where the boundary between “file” and “memory” becomes very thin.</p> <p>And that is one of the reasons Linux I/O is such a fascinating topic.</p> <h2> Page Cache Can Make Benchmarks Lie </h2> <p>When I started looking deeper into kernel internals, one of the first practical lessons was this:</p> <p><strong>Never trust a file I/O benchmark unless you understand the cache state.</strong></p> <p>For example, if you benchmark reading a large file once, the first run may include real disk I/O.</p> <p>The second run may mostly hit Page Cache.</p> <p>So it looks much faster.</p> <p>But that does not necessarily mean your code improved.</p> <p>It may only mean the file is already cached.</p> <p>This matters when testing:</p> <ul> <li>file parsers</li> <li>log processors</li> <li>database imports</li> <li>backup tools</li> <li>search indexing jobs</li> <li>media processing pipelines</li> </ul> <p>If you want to test cold disk performance, you need to be intentional.</p> <p>If you want to test warm cache performance, that is also valid.</p> <p>But you should know which one you are measuring.</p> <p>Otherwise, you are not benchmarking your application.</p> <p>You are benchmarking a combination of your application and the kernel’s memory state.</p> <h2> Page Cache Can Also Hurt You </h2> <p>Page Cache is usually helpful.</p> <p>But not always.</p> <p>There are cases where it can create problems.</p> <h3> 1. Cache Pollution </h3> <p>Imagine a server running a database.</p> <p>Most of the time, the database benefits from hot data staying in memory.</p> <p>Now imagine a backup process reads a huge 500GB file sequentially.</p> <p>That large read can fill the Page Cache with data that may never be used again.</p> <p>As a result, more important cached pages may be evicted.</p> <p>This is called cache pollution.</p> <p>The kernel tries to manage this intelligently, but no heuristic is perfect.</p> <h3> 2. Memory Pressure </h3> <p>Because Page Cache uses RAM, it competes with applications for memory.</p> <p>Usually Linux can reclaim cache pages when needed.</p> <p>But under heavy memory pressure, the system may start doing more reclaim work, causing latency spikes.</p> <p>For backend services, this can show up as random performance drops.</p> <h3> 3. Dirty Page Spikes </h3> <p>If an application writes faster than storage can flush, dirty pages can accumulate.</p> <p>At some point, Linux may throttle writers to prevent memory from being overwhelmed by dirty data.</p> <p>From the application’s point of view, write latency may suddenly increase.</p> <p>This is not because your code changed.</p> <p>It is because the kernel is protecting the system.</p> <h2> Useful Commands to Observe Page Cache Behavior </h2> <p>You do not need to be a kernel developer to observe some of this behavior.</p> <p>Linux exposes useful information through <code>/proc</code> and common tools.</p> <h3> Check memory usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>free <span class="nt">-h</span> </code></pre> </div> <p>Look at the <code>buff/cache</code> column.</p> <p>That is where you often see memory used for kernel buffers and cache.</p> <h3> Check dirty pages </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">cat</span> /proc/meminfo | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s2">"Dirty|Writeback"</span> </code></pre> </div> <p>Example fields:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Dirty: 123456 kB Writeback: 0 kB </code></pre> </div> <p><code>Dirty</code> shows memory waiting to be written back.</p> <p><code>Writeback</code> shows memory currently being written.</p> <h3> Watch I/O activity </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>iostat <span class="nt">-xz</span> 1 </code></pre> </div> <p>This helps you see disk utilization, await time, and whether the storage device is under pressure.</p> <h3> Watch process I/O </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>pidstat <span class="nt">-d</span> 1 </code></pre> </div> <p>This helps you understand which processes are doing reads and writes.</p> <h2> A Simple Experiment </h2> <p>You can see Page Cache behavior with a simple test.</p> <p>Create a large file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">dd </span><span class="k">if</span><span class="o">=</span>/dev/zero <span class="nv">of</span><span class="o">=</span>testfile <span class="nv">bs</span><span class="o">=</span>1M <span class="nv">count</span><span class="o">=</span>1024 </code></pre> </div> <p>Now read it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time cat </span>testfile <span class="o">&gt;</span> /dev/null </code></pre> </div> <p>Run the same command again:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time cat </span>testfile <span class="o">&gt;</span> /dev/null </code></pre> </div> <p>The second run may be faster because the file data is already in Page Cache.</p> <p>Now, depending on your system and permissions, you can drop caches for testing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sync echo </span>3 | <span class="nb">sudo tee</span> /proc/sys/vm/drop_caches </code></pre> </div> <p>Then read again:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">time cat </span>testfile <span class="o">&gt;</span> /dev/null </code></pre> </div> <p>Important note:</p> <p>Do not randomly drop caches on production servers.</p> <p>This is only for controlled testing.</p> <h2> How This Changed the Way I Think About Backend Performance </h2> <p>The more I study Linux internals, the more I realize that backend engineering is not only about writing application code.</p> <p>A production system is a conversation between many layers:</p> <ul> <li>your code</li> <li>runtime</li> <li>memory allocator</li> <li>database</li> <li>filesystem</li> <li>kernel</li> <li>storage</li> <li>network</li> <li>container runtime</li> <li>orchestration platform</li> </ul> <p>If you only look at your code, you may miss the real reason behind a performance issue.</p> <p>For example:</p> <ul> <li>An API becomes slow because disk writeback is saturated.</li> <li>A database has latency spikes because dirty pages are being flushed.</li> <li>A benchmark looks amazing because everything is cached.</li> <li>A log processor slows down because it is causing cache pollution.</li> <li>A container looks memory-heavy because the host is using RAM for cache.</li> </ul> <p>Understanding Page Cache gives you better intuition.</p> <p>It helps you ask better questions.</p> <p>It helps you debug production issues with more confidence.</p> <p>And it reminds you that the operating system is not just a passive layer.</p> <p>The kernel is constantly making decisions on your behalf.</p> <h2> Practical Lessons for Backend Engineers </h2> <p>Here are the lessons I keep in mind now:</p> <h3> 1. Do not panic when Linux uses RAM </h3> <p>High memory usage is not always bad.</p> <p>Check whether memory is used by applications or by cache.</p> <h3> 2. Benchmark carefully </h3> <p>Always understand whether your benchmark is testing cold reads or cached reads.</p> <h3> 3. <code>write()</code> is not durability </h3> <p>If data must survive a crash, understand <code>fsync()</code> and the durability model of your storage system.</p> <h3> 4. Watch dirty pages </h3> <p>Dirty pages can explain sudden write latency spikes.</p> <h3> 5. Be careful with large sequential jobs </h3> <p>Backups, imports, and scans can affect cache behavior for other workloads.</p> <h3> 6. Learn the kernel slowly </h3> <p>You do not need to understand everything at once.</p> <p>But each concept you learn gives you better production intuition.</p> <h2> Final Thoughts </h2> <p>The Linux Page Cache is one of the most important performance features in the operating system.</p> <p>It hides disk latency.</p> <p>It makes repeated reads fast.</p> <p>It batches writes.</p> <p>It uses free memory intelligently.</p> <p>And it does all of this quietly, behind almost every backend system we deploy.</p> <p>But like every powerful abstraction, it has trade-offs.</p> <p>It can make benchmarks misleading.</p> <p>It can delay durability.</p> <p>It can create latency spikes under write pressure.</p> <p>It can affect databases, log processors, and large file workloads in unexpected ways.</p> <p>For me, studying the Page Cache is part of a bigger journey: understanding Linux not just as a server environment, but as a complex engineering system.</p> <p>The deeper I go into the kernel, the more respect I have for the invisible work it does every second.</p> <p>And the more I believe that strong backend engineers should not stop at frameworks, databases, and APIs.</p> <p>At some point, we also need to understand the machine underneath.</p> <p>Because sometimes the bug is not in your code.</p> <p>Sometimes the answer is in the kernel.</p> linux kernel backend performance amir Sun, 31 May 2026 11:31:35 +0000 https://dev.to/amirsefati/the-1978-paper-behind-gos-concurrency-model-4n55 https://dev.to/amirsefati/the-1978-paper-behind-gos-concurrency-model-4n55 <p>Every Go developer eventually hears this sentence:</p> <blockquote> <p>Do not communicate by sharing memory; share memory by communicating.</p> </blockquote> <p>At first, it sounds like a nice Go proverb.</p> <p>But the more concurrent systems you build, the more you realize it is not just a slogan. It is a completely different way of thinking about software design.</p> <p>When I first started working deeply with Go concurrency, I mostly thought about goroutines as “lightweight threads” and channels as “safe queues.” That mental model is useful at the beginning, but it is not the full story.</p> <p>The real story goes much deeper.</p> <p>Go’s concurrency model is heavily inspired by a paper from 1978: <strong>Communicating Sequential Processes</strong>, written by <strong>Tony Hoare</strong>.</p> <p>This article is my attempt to explain that idea in a practical way: why shared-memory concurrency becomes painful, what CSP was trying to solve, and how Go turned that theory into something we can use every day in production systems.</p> <h2> The problem: shared state looks simple until it does not </h2> <p>Most concurrency problems start innocently.</p> <p>You have multiple workers. They need access to the same data. So you put the data in memory and let the workers read and write it.</p> <p>Something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Counter</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">value</span> <span class="kt">int</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">Counter</span><span class="p">)</span> <span class="n">Inc</span><span class="p">()</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">value</span><span class="o">++</span> <span class="p">}</span> </code></pre> </div> <p>Then concurrency enters the system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">counter</span> <span class="o">:=</span> <span class="o">&amp;</span><span class="n">Counter</span><span class="p">{}</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="m">1000</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="k">go</span> <span class="n">counter</span><span class="o">.</span><span class="n">Inc</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>Now the code is broken.</p> <p>Multiple goroutines can read and write <code>value</code> at the same time. The final result becomes unpredictable. So we add a mutex:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Counter</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">Mutex</span> <span class="n">value</span> <span class="kt">int</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">Counter</span><span class="p">)</span> <span class="n">Inc</span><span class="p">()</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">c</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="n">c</span><span class="o">.</span><span class="n">value</span><span class="o">++</span> <span class="p">}</span> </code></pre> </div> <p>This fixes the data race.</p> <p>But this is where the next problem starts.</p> <p>Mutexes are not bad. They are necessary in many real systems. The issue is that shared state plus locks can easily become the default architecture.</p> <p>And once that happens, your system becomes harder to reason about.</p> <p>You start asking questions like:</p> <ul> <li>Who owns this data?</li> <li>Which goroutine is allowed to update it?</li> <li>How long is this lock held?</li> <li>Can this function call another function that also needs the same lock?</li> <li>Can this code deadlock under load?</li> <li>Why is p99 latency suddenly worse?</li> </ul> <p>This is especially painful in backend systems with high-throughput pipelines, network services, log processors, container runtimes, or in-memory systems where thousands of operations happen concurrently.</p> <p>The code may look safe because it has locks.</p> <p>But safe does not always mean simple.</p> <p>And simple is what keeps production systems maintainable.</p> <h2> The hidden cost of “just add a mutex” </h2> <p>A mutex protects memory, but it also serializes access.</p> <p>That means one slow operation inside a lock can block many other goroutines.</p> <p>I have seen patterns like this in real backend code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="n">user</span><span class="o">.</span><span class="n">Name</span> <span class="o">=</span> <span class="s">"Test User"</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">callExternalAPI</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">writeAuditLog</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> </code></pre> </div> <p>Technically, the shared data is protected.</p> <p>Architecturally, this is a problem.</p> <p>The lock is not only protecting the small mutation of <code>user.Name</code>. It is now protecting email sending, external API calls, logging, and anything else that happens inside that critical section.</p> <p>That means every goroutine waiting for this lock must wait for the whole flow.</p> <p>The service may have goroutines. It may look concurrent. But a big part of the request path has silently become sequential.</p> <p>This is why concurrency bugs are not always about missing locks.</p> <p>Sometimes the problem is too much locking.</p> <p>Sometimes the real bug is ownership.</p> <h2> Tony Hoare’s idea: stop sharing memory directly </h2> <p>In 1978, Tony Hoare introduced <strong>Communicating Sequential Processes</strong>, usually called CSP.</p> <p>The idea was very different from the classic shared-memory model.</p> <p>Instead of many processes fighting over the same memory, CSP describes a system as independent sequential processes that communicate by sending messages.</p> <p>The important parts are:</p> <ol> <li>Each process has its own local state.</li> <li>Processes do not casually share variables.</li> <li>When they need to coordinate, they communicate explicitly.</li> <li>Communication is part of the design, not an afterthought.</li> </ol> <p>That sounds simple, but it changes how you design systems.</p> <p>Instead of asking:</p> <blockquote> <p>Which lock protects this data?</p> </blockquote> <p>You start asking:</p> <blockquote> <p>Which goroutine owns this data?</p> </blockquote> <p>That is a much more powerful question.</p> <p>Because if one goroutine owns the state, other goroutines do not need to mutate it directly. They send messages to the owner.</p> <p>This is the mental shift behind Go channels.</p> <h2> Go did not just add concurrency. It gave concurrency a shape. </h2> <p>Go could have chosen the same path as many other languages:</p> <ul> <li>threads</li> <li>locks</li> <li>shared memory</li> <li>concurrency libraries</li> <li>complex abstractions built on top</li> </ul> <p>But Go made a different design decision.</p> <p>It gave concurrency first-class language support with:</p> <ul> <li> <code>go</code> for starting goroutines</li> <li> <code>chan</code> for communication</li> <li> <code>select</code> for coordinating multiple communication operations</li> </ul> <p>This matters because concurrency is not treated as a library feature bolted onto the language.</p> <p>It is part of the language’s design.</p> <p>A goroutine is not exactly the same as a CSP process, and Go is not a pure CSP language. Go still allows shared memory, mutexes, atomics, and low-level synchronization when needed.</p> <p>But the spirit of CSP is clearly there:</p> <blockquote> <p>Build independent units of execution and make them communicate explicitly.</p> </blockquote> <p>That is why Go feels so natural for network servers, infrastructure tools, distributed systems, streaming pipelines, and cloud-native software.</p> <h2> A simple CSP-style pipeline in Go </h2> <p>Let’s look at a practical example.</p> <p>Imagine a small pipeline:</p> <ol> <li>Generate jobs.</li> <li>Process jobs.</li> <li>Return results.</li> </ol> <p>A shared-memory mindset might create a global queue, protect it with a mutex, and let workers pull from it.</p> <p>A CSP-style mindset is different.</p> <p>The data flows through channels.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Job</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">int</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Result</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">JobID</span> <span class="kt">int</span> <span class="n">Value</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="n">producer</span><span class="p">(</span><span class="n">out</span> <span class="k">chan</span><span class="o">&lt;-</span> <span class="n">Job</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="nb">close</span><span class="p">(</span><span class="n">out</span><span class="p">)</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">1</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;=</span> <span class="m">5</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">out</span> <span class="o">&lt;-</span> <span class="n">Job</span><span class="p">{</span><span class="n">ID</span><span class="o">:</span> <span class="n">i</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">worker</span><span class="p">(</span><span class="n">in</span> <span class="o">&lt;-</span><span class="k">chan</span> <span class="n">Job</span><span class="p">,</span> <span class="n">out</span> <span class="k">chan</span><span class="o">&lt;-</span> <span class="n">Result</span><span class="p">)</span> <span class="p">{</span> <span class="k">for</span> <span class="n">job</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">in</span> <span class="p">{</span> <span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">100</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Millisecond</span><span class="p">)</span> <span class="n">out</span> <span class="o">&lt;-</span> <span class="n">Result</span><span class="p">{</span> <span class="n">JobID</span><span class="o">:</span> <span class="n">job</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"processed job %d"</span><span class="p">,</span> <span class="n">job</span><span class="o">.</span><span class="n">ID</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">jobs</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Job</span><span class="p">)</span> <span class="n">results</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Result</span><span class="p">)</span> <span class="k">go</span> <span class="n">producer</span><span class="p">(</span><span class="n">jobs</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="nb">close</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> <span class="n">worker</span><span class="p">(</span><span class="n">jobs</span><span class="p">,</span> <span class="n">results</span><span class="p">)</span> <span class="p">}()</span> <span class="k">for</span> <span class="n">result</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">results</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"job=%d result=%q</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">result</span><span class="o">.</span><span class="n">JobID</span><span class="p">,</span> <span class="n">result</span><span class="o">.</span><span class="n">Value</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>There is no shared slice.<br> There is no global queue.<br> There is no explicit mutex.</p> <p>The producer owns job creation.<br> The worker owns processing.<br> The main goroutine owns result collection.</p> <p>The data moves through the system.</p> <p>That is the important part.</p> <p>We are not asking multiple goroutines to mutate the same object at the same time. We are designing a flow of ownership.</p> <h2> Scaling the pipeline with multiple workers </h2> <p>Now let’s make it more realistic.</p> <p>A single worker is not enough for heavy workloads. We want multiple workers processing jobs concurrently.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"sync"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">Job</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">int</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Result</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">WorkerID</span> <span class="kt">int</span> <span class="n">JobID</span> <span class="kt">int</span> <span class="n">Value</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="n">producer</span><span class="p">(</span><span class="n">out</span> <span class="k">chan</span><span class="o">&lt;-</span> <span class="n">Job</span><span class="p">,</span> <span class="n">count</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="nb">close</span><span class="p">(</span><span class="n">out</span><span class="p">)</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">1</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;=</span> <span class="n">count</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">out</span> <span class="o">&lt;-</span> <span class="n">Job</span><span class="p">{</span><span class="n">ID</span><span class="o">:</span> <span class="n">i</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">worker</span><span class="p">(</span><span class="n">workerID</span> <span class="kt">int</span><span class="p">,</span> <span class="n">jobs</span> <span class="o">&lt;-</span><span class="k">chan</span> <span class="n">Job</span><span class="p">,</span> <span class="n">results</span> <span class="k">chan</span><span class="o">&lt;-</span> <span class="n">Result</span><span class="p">)</span> <span class="p">{</span> <span class="k">for</span> <span class="n">job</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">jobs</span> <span class="p">{</span> <span class="n">time</span><span class="o">.</span><span class="n">Sleep</span><span class="p">(</span><span class="m">100</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Millisecond</span><span class="p">)</span> <span class="n">results</span> <span class="o">&lt;-</span> <span class="n">Result</span><span class="p">{</span> <span class="n">WorkerID</span><span class="o">:</span> <span class="n">workerID</span><span class="p">,</span> <span class="n">JobID</span><span class="o">:</span> <span class="n">job</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">Value</span><span class="o">:</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"processed job %d"</span><span class="p">,</span> <span class="n">job</span><span class="o">.</span><span class="n">ID</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="k">const</span> <span class="n">workerCount</span> <span class="o">=</span> <span class="m">3</span> <span class="k">const</span> <span class="n">jobCount</span> <span class="o">=</span> <span class="m">10</span> <span class="n">jobs</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Job</span><span class="p">)</span> <span class="n">results</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Result</span><span class="p">)</span> <span class="k">go</span> <span class="n">producer</span><span class="p">(</span><span class="n">jobs</span><span class="p">,</span> <span class="n">jobCount</span><span class="p">)</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">1</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;=</span> <span class="n">workerCount</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">workerID</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="n">worker</span><span class="p">(</span><span class="n">workerID</span><span class="p">,</span> <span class="n">jobs</span><span class="p">,</span> <span class="n">results</span><span class="p">)</span> <span class="p">}(</span><span class="n">i</span><span class="p">)</span> <span class="p">}</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="nb">close</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> <span class="p">}()</span> <span class="k">for</span> <span class="n">result</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">results</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span> <span class="s">"worker=%d job=%d result=%q</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">result</span><span class="o">.</span><span class="n">WorkerID</span><span class="p">,</span> <span class="n">result</span><span class="o">.</span><span class="n">JobID</span><span class="p">,</span> <span class="n">result</span><span class="o">.</span><span class="n">Value</span><span class="p">,</span> <span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This is one of the places where Go shines.</p> <p>The design is still readable:</p> <ul> <li>The producer sends jobs.</li> <li>Workers receive jobs.</li> <li>Workers send results.</li> <li>The result channel closes when all workers finish.</li> </ul> <p>We still use <code>sync.WaitGroup</code>, because Go is pragmatic. CSP-style design does not mean “never use the sync package.”</p> <p>It means we use synchronization intentionally.</p> <p>The channel handles data flow.<br> The wait group handles lifecycle coordination.</p> <p>That separation is clean.</p> <h2> The real value: ownership becomes visible </h2> <p>The biggest advantage of CSP-style design is not that it removes every mutex.</p> <p>The biggest advantage is that it makes ownership visible.</p> <p>In shared-memory systems, ownership is often hidden.</p> <p>You see a pointer passed around. You see a struct used in multiple places. You see a lock somewhere. But it is not always obvious who is responsible for the state.</p> <p>With channels, ownership is easier to see.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">jobs</span> <span class="o">&lt;-</span> <span class="n">job</span> </code></pre> </div> <p>This line says:</p> <blockquote> <p>I am sending this job to another part of the system.</p> </blockquote> <p>And this line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">job</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">jobs</span> </code></pre> </div> <p>says:</p> <blockquote> <p>I am receiving this job and now I am responsible for processing it.</p> </blockquote> <p>That clarity matters.</p> <p>In production systems, many bugs are not caused by complex algorithms. They are caused by unclear ownership.</p> <p>Who closes this channel?<br> Who updates this state?<br> Who retries this job?<br> Who owns cancellation?<br> Who handles backpressure?</p> <p>A channel-based design forces you to answer these questions earlier.</p> <h2> Backpressure is built into the model </h2> <p>Another underrated benefit of channels is backpressure.</p> <p>An unbuffered channel forces the sender and receiver to synchronize:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">jobs</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Job</span><span class="p">)</span> </code></pre> </div> <p>If the producer sends faster than the worker receives, the producer blocks.</p> <p>That is not a bug. That is backpressure.</p> <p>Buffered channels allow some temporary queueing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">jobs</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Job</span><span class="p">,</span> <span class="m">100</span><span class="p">)</span> </code></pre> </div> <p>Now the producer can get ahead by 100 jobs, but not forever.</p> <p>This is powerful in real systems.</p> <p>For example, imagine a log processing service:</p> <ul> <li>HTTP requests receive logs.</li> <li>A parser normalizes them.</li> <li>A batcher writes them to storage.</li> <li>A separate worker sends alerts.</li> </ul> <p>Without backpressure, one fast layer can overwhelm a slower layer.</p> <p>With channels, you can make pressure visible and controlled.</p> <p>You can decide where the system should block, buffer, drop, retry, or shed load.</p> <p>That is architecture, not just syntax.</p> <h2> Where channels are a bad fit </h2> <p>It is also important to be honest: channels are not magic.</p> <p>Not every concurrency problem becomes better with channels.</p> <p>Sometimes a mutex is simpler and faster.</p> <p>For example, this is perfectly reasonable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Metrics</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">Mutex</span> <span class="n">requests</span> <span class="kt">int64</span> <span class="n">errors</span> <span class="kt">int64</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">m</span> <span class="o">*</span><span class="n">Metrics</span><span class="p">)</span> <span class="n">IncRequests</span><span class="p">()</span> <span class="p">{</span> <span class="n">m</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="n">m</span><span class="o">.</span><span class="n">requests</span><span class="o">++</span> <span class="n">m</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="p">}</span> </code></pre> </div> <p>For small, local, short-lived critical sections, a mutex is often the cleanest solution.</p> <p>Channels can become messy when they are used only because they feel “more Go-like.”</p> <p>Bad channel usage can create:</p> <ul> <li>goroutine leaks</li> <li>unclear lifecycle</li> <li>blocked sends</li> <li>blocked receives</li> <li>complicated shutdown logic</li> <li>over-engineered code</li> </ul> <p>The point is not:</p> <blockquote> <p>Always use channels.</p> </blockquote> <p>The point is:</p> <blockquote> <p>Use channels when communication and ownership are the core problem.</p> </blockquote> <p>Use mutexes when protecting a small piece of shared state is the core problem.</p> <p>Senior Go engineering is knowing the difference.</p> <h2> A practical rule I use </h2> <p>When I design concurrent Go code, I usually ask myself:</p> <h3> 1. Is this state owned by one goroutine? </h3> <p>If yes, channels can be a great fit. Other goroutines can send commands or data to the owner.</p> <h3> 2. Is this just a small shared counter or cache? </h3> <p>A mutex or atomic may be better.</p> <h3> 3. Do I need backpressure? </h3> <p>Channels make this easier to model.</p> <h3> 4. Do I need cancellation? </h3> <p>Then I design the channel flow together with <code>context.Context</code>.</p> <h3> 5. Who closes the channel? </h3> <p>If I cannot answer this clearly, the design is not finished.</p> <p>That last question is very important.</p> <p>Channel ownership is not only about sending data. It is also about lifecycle.</p> <p>Usually, the sender closes the channel. Receivers should not close a channel they do not own.</p> <h2> CSP thinking in modern backend systems </h2> <p>The reason I like CSP is that it maps well to real backend architecture.</p> <p>A backend service is not just functions calling functions.</p> <p>It is a system of flows:</p> <ul> <li>requests flow into handlers</li> <li>jobs flow into queues</li> <li>events flow into processors</li> <li>logs flow into pipelines</li> <li>metrics flow into aggregators</li> <li>commands flow into state owners</li> <li>results flow back to clients</li> </ul> <p>When you think in flows, Go becomes very natural.</p> <p>This is also why Go became popular in infrastructure software. Tools like Docker, Kubernetes, and Terraform are written in Go not only because Go compiles to a static binary, but also because its concurrency model fits the kind of problems infrastructure software needs to solve.</p> <p>Infrastructure software is full of concurrent work:</p> <ul> <li>watching state</li> <li>reconciling resources</li> <li>handling network calls</li> <li>streaming logs</li> <li>scheduling tasks</li> <li>managing timeouts</li> <li>coordinating workers</li> </ul> <p>CSP-style thinking gives these systems a clean structure.</p> <h2> Final thoughts </h2> <p>Tony Hoare’s CSP paper is almost 50 years old, but the idea still feels modern.</p> <p>That is rare in software.</p> <p>Many technologies become outdated quickly, but good mental models survive.</p> <p>Go did not invent the idea of communicating sequential processes. But Go made the idea practical for everyday engineers.</p> <p>That is the beauty of Go’s concurrency model.</p> <p>It takes a deep computer science concept and gives us a small set of simple tools:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="k">chan</span> <span class="k">select</span> </code></pre> </div> <p>The tools are simple.</p> <p>The design thinking behind them is powerful.</p> <p>For me, the biggest lesson is this:</p> <blockquote> <p>Concurrency becomes easier when we stop thinking only about shared state and start thinking about ownership, communication, and flow.</p> </blockquote> <p>That is the real value of CSP in Go.</p> <p>Not just fewer mutexes.</p> <p>Better architecture.</p> <h2> References </h2> <ul> <li>Tony Hoare — <em>Communicating Sequential Processes</em> (1978)</li> <li>Rob Pike — <em>Go Concurrency Patterns</em> </li> <li>Rob Pike — <em>Concurrency Is Not Parallelism</em> </li> <li>Go Blog — <em>Share Memory By Communicating</em> </li> </ul> go concurrency architecture amir Fri, 29 May 2026 09:48:11 +0000 https://dev.to/amirsefati/how-syncpool-helped-me-stabilize-p99-latency-in-a-high-throughput-log-processing-pipeline-1e00 https://dev.to/amirsefati/how-syncpool-helped-me-stabilize-p99-latency-in-a-high-throughput-log-processing-pipeline-1e00 <p>A while ago, I was working on a log processing system that was very similar in spirit to Sentry.</p> <p>The system was responsible for receiving events from different services, parsing JSON payloads, normalizing metadata, enriching logs with extra context, and then pushing the final events into storage and downstream queues.</p> <p>At first, everything looked fine.</p> <p>The code was clean. The architecture was simple. The throughput was acceptable in local testing.</p> <p>But when the traffic increased, something interesting happened:</p> <p>The average latency was still okay, but the p99 latency started to become unstable.</p> <p>That was the first sign that the bottleneck was not just CPU or database performance. Something deeper was happening inside the runtime.</p> <p>In this article, I want to explain how I found the problem, why the system became slower under load, and how using <code>sync.Pool</code> helped reduce allocation pressure, make the garbage collector work less, and keep latency more stable.</p> <p>This is not a magical optimization. It is a very specific tool for a very specific kind of problem.</p> <p>But when you are building high-throughput systems, especially systems that process JSON, logs, network payloads, or temporary buffers, understanding object pooling can make a big difference.</p> <h2> The System I Was Building </h2> <p>The service was a log ingestion pipeline.</p> <p>The flow looked something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Client / SDK ↓ HTTP ingestion API ↓ JSON decode ↓ Validation ↓ Normalization ↓ Enrichment ↓ Batching ↓ Queue / Storage </code></pre> </div> <p>Each incoming request contained one or more log events.</p> <p>A simplified event looked like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"service"</span><span class="p">:</span><span class="w"> </span><span class="s2">"payment-api"</span><span class="p">,</span><span class="w"> </span><span class="nl">"level"</span><span class="p">:</span><span class="w"> </span><span class="s2">"error"</span><span class="p">,</span><span class="w"> </span><span class="nl">"message"</span><span class="p">:</span><span class="w"> </span><span class="s2">"failed to charge customer"</span><span class="p">,</span><span class="w"> </span><span class="nl">"timestamp"</span><span class="p">:</span><span class="w"> </span><span class="s2">"2026-05-28T12:40:00Z"</span><span class="p">,</span><span class="w"> </span><span class="nl">"trace_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"6f9c9b9d7a1a"</span><span class="p">,</span><span class="w"> </span><span class="nl">"metadata"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"customer_id"</span><span class="p">:</span><span class="w"> </span><span class="s2">"cus_123"</span><span class="p">,</span><span class="w"> </span><span class="nl">"region"</span><span class="p">:</span><span class="w"> </span><span class="s2">"eu-west"</span><span class="p">,</span><span class="w"> </span><span class="nl">"retry_count"</span><span class="p">:</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>For every request, the service had to:</p> <ul> <li>read the request body</li> <li>decode JSON</li> <li>create internal event structs</li> <li>normalize fields</li> <li>create temporary buffers</li> <li>encode the final payload again</li> <li>send it to another component</li> </ul> <p>This kind of workload creates many short-lived objects.</p> <p>And in Go, short-lived objects are usually fine — until you create too many of them in a hot path.</p> <h2> The First Symptom: Average Latency Looked Fine, p99 Did Not </h2> <p>At low traffic, the service looked healthy.</p> <p>Something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Requests/sec: 2,000 Average latency: 8ms p95 latency: 18ms p99 latency: 35ms CPU usage: Normal Memory usage: Stable </code></pre> </div> <p>But when the traffic increased, the picture changed:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Requests/sec: 15,000+ Average latency: 16ms p95 latency: 90ms p99 latency: 280ms - 400ms CPU usage: Higher than expected Memory usage: Sawtooth pattern GC activity: Frequent </code></pre> </div> <p>The average latency was not terrible, but the tail latency was bad.</p> <p>And for this kind of system, p99 matters a lot.</p> <p>If a log processing system becomes slow during incidents, it creates a very bad situation: when you need observability the most, your observability pipeline becomes the bottleneck.</p> <p>That is exactly the kind of failure mode I wanted to avoid.</p> <h2> Why p99 Latency Matters More Than Average Latency </h2> <p>Average latency can hide real production problems.</p> <p>For example, imagine this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>95 requests finish in 10ms 4 requests finish in 50ms 1 request finishes in 500ms </code></pre> </div> <p>The average may still look acceptable.</p> <p>But that one slow request is part of your p99.</p> <p>In high-throughput backend systems, p99 latency usually tells a more honest story than average latency.</p> <p>When p99 starts jumping under load, it usually means some part of the system occasionally blocks, pauses, waits, or does too much work.</p> <p>In my case, one of the main causes was allocation pressure and frequent garbage collection.</p> <h2> The Initial Code: Simple, But Allocation Heavy </h2> <p>The first version of the code was easy to read.</p> <p>For every request, I created new buffers and temporary objects.</p> <p>Something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"bytes"</span> <span class="s">"encoding/json"</span> <span class="s">"io"</span> <span class="s">"net/http"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">LogEvent</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Service</span> <span class="kt">string</span> <span class="s">`json:"service"`</span> <span class="n">Level</span> <span class="kt">string</span> <span class="s">`json:"level"`</span> <span class="n">Message</span> <span class="kt">string</span> <span class="s">`json:"message"`</span> <span class="n">Timestamp</span> <span class="kt">string</span> <span class="s">`json:"timestamp"`</span> <span class="n">TraceID</span> <span class="kt">string</span> <span class="s">`json:"trace_id"`</span> <span class="n">Metadata</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}</span> <span class="s">`json:"metadata"`</span> <span class="p">}</span> <span class="k">func</span> <span class="n">ingestHandler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">body</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">io</span><span class="o">.</span><span class="n">ReadAll</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">Body</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"failed to read body"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="k">var</span> <span class="n">events</span> <span class="p">[]</span><span class="n">LogEvent</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">(</span><span class="n">body</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">events</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"invalid json"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="n">normalized</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="n">LogEvent</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">events</span><span class="p">))</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">event</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">events</span> <span class="p">{</span> <span class="n">normalized</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">normalized</span><span class="p">,</span> <span class="n">normalizeEvent</span><span class="p">(</span><span class="n">event</span><span class="p">))</span> <span class="p">}</span> <span class="k">var</span> <span class="n">buf</span> <span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewEncoder</span><span class="p">(</span><span class="o">&amp;</span><span class="n">buf</span><span class="p">)</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">normalized</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"failed to encode events"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// sendToQueue(buf.Bytes())</span> <span class="n">w</span><span class="o">.</span><span class="n">WriteHeader</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusAccepted</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">normalizeEvent</span><span class="p">(</span><span class="n">event</span> <span class="n">LogEvent</span><span class="p">)</span> <span class="n">LogEvent</span> <span class="p">{</span> <span class="k">if</span> <span class="n">event</span><span class="o">.</span><span class="n">Level</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">event</span><span class="o">.</span><span class="n">Level</span> <span class="o">=</span> <span class="s">"info"</span> <span class="p">}</span> <span class="k">if</span> <span class="n">event</span><span class="o">.</span><span class="n">Metadata</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">event</span><span class="o">.</span><span class="n">Metadata</span> <span class="o">=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{})</span> <span class="p">}</span> <span class="k">return</span> <span class="n">event</span> <span class="p">}</span> </code></pre> </div> <p>At first glance, this is not bad code.</p> <p>Actually, for many applications, this is completely fine.</p> <p>But under heavy load, the problem was that this path was executed thousands of times per second.</p> <p>That means the service was constantly creating:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>new byte slices new buffers new maps new event slices new encoder objects new temporary JSON structures </code></pre> </div> <p>Most of these objects were short-lived.</p> <p>They were created, used for a few milliseconds, and then became garbage.</p> <p>The garbage collector had to clean them again and again.</p> <h2> The Real Problem: Too Many Temporary Objects </h2> <p>In Go, allocation itself is not always expensive.</p> <p>The real cost often appears later.</p> <p>Every object that escapes to the heap becomes something the garbage collector may need to track.</p> <p>When the system creates too many temporary objects, the GC has more work to do.</p> <p>That can lead to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>more frequent GC cycles more CPU used by the runtime less CPU available for actual request processing latency spikes during high traffic unstable p95 and p99 latency </code></pre> </div> <p>This was exactly what I saw.</p> <p>The service was not slow because the logic was complex.</p> <p>It was slow because the hot path was creating too much garbage.</p> <p>That is an important distinction.</p> <p>Sometimes performance problems are not caused by bad algorithms. Sometimes they are caused by too much memory churn.</p> <h2> How I Confirmed the Problem </h2> <p>Before changing anything, I wanted to confirm the source of the issue.</p> <p>I checked runtime metrics and profiling data.</p> <p>The signs were clear:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>high allocation rate frequent GC cycles bytes.Buffer allocations in the hot path JSON processing allocations temporary slices created per request </code></pre> </div> <p>A simplified benchmark showed the same pattern.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">BenchmarkIngestWithoutPool</span><span class="p">(</span><span class="n">b</span> <span class="o">*</span><span class="n">testing</span><span class="o">.</span><span class="n">B</span><span class="p">)</span> <span class="p">{</span> <span class="n">payload</span> <span class="o">:=</span> <span class="n">generatePayload</span><span class="p">(</span><span class="m">100</span><span class="p">)</span> <span class="n">b</span><span class="o">.</span><span class="n">ReportAllocs</span><span class="p">()</span> <span class="n">b</span><span class="o">.</span><span class="n">ResetTimer</span><span class="p">()</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">b</span><span class="o">.</span><span class="n">N</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">processLogsWithoutPool</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">b</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The result looked like this in my local benchmark:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>BenchmarkIngestWithoutPool-10 8200 145000 ns/op 128 KB/op 420 allocs/op </code></pre> </div> <p>The exact numbers are not the important part.</p> <p>The important part was the pattern:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>allocs/op was high bytes/op was high GC activity increased with throughput p99 latency became unstable under pressure </code></pre> </div> <p>That told me the optimization target was not just request logic.</p> <p>The target was allocation behavior.</p> <h2> Where <code>sync.Pool</code> Fits </h2> <p><code>sync.Pool</code> is a temporary object pool provided by Go.</p> <p>It allows you to reuse objects instead of allocating new ones every time.</p> <p>A good mental model is this:</p> <p>Instead of creating and throwing away the same type of object thousands of times per second, you keep reusable objects in a pool.</p> <p>You get one when you need it.</p> <p>You reset it.</p> <p>You use it.</p> <p>Then you put it back.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Get → Reset → Use → Put back </code></pre> </div> <p>This can reduce pressure on the garbage collector because fewer temporary objects are allocated in the hot path.</p> <p>But there is an important warning:</p> <p><code>sync.Pool</code> is not a cache.</p> <p>Objects inside the pool can be removed by the garbage collector at any time.</p> <p>So you should not use it to store important state.</p> <p>It is best for temporary, reusable objects like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bytes.Buffer []byte buffers temporary encoders scratch objects serialization helpers </code></pre> </div> <p>That made it a good fit for my log processing pipeline.</p> <h2> The Improved Version: Reusing Buffers </h2> <p>The first improvement was to reuse <code>bytes.Buffer</code> objects.</p> <p>Instead of creating a new buffer for every request, I created a pool:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"bytes"</span> <span class="s">"encoding/json"</span> <span class="s">"io"</span> <span class="s">"net/http"</span> <span class="s">"sync"</span> <span class="p">)</span> <span class="k">var</span> <span class="n">bufferPool</span> <span class="o">=</span> <span class="n">sync</span><span class="o">.</span><span class="n">Pool</span><span class="p">{</span> <span class="n">New</span><span class="o">:</span> <span class="k">func</span><span class="p">()</span> <span class="n">any</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">new</span><span class="p">(</span><span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span><span class="p">)</span> <span class="p">},</span> <span class="p">}</span> <span class="k">type</span> <span class="n">LogEvent</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Service</span> <span class="kt">string</span> <span class="s">`json:"service"`</span> <span class="n">Level</span> <span class="kt">string</span> <span class="s">`json:"level"`</span> <span class="n">Message</span> <span class="kt">string</span> <span class="s">`json:"message"`</span> <span class="n">Timestamp</span> <span class="kt">string</span> <span class="s">`json:"timestamp"`</span> <span class="n">TraceID</span> <span class="kt">string</span> <span class="s">`json:"trace_id"`</span> <span class="n">Metadata</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{}</span> <span class="s">`json:"metadata"`</span> <span class="p">}</span> <span class="k">func</span> <span class="n">ingestHandler</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">body</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">io</span><span class="o">.</span><span class="n">ReadAll</span><span class="p">(</span><span class="n">r</span><span class="o">.</span><span class="n">Body</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"failed to read body"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="k">var</span> <span class="n">events</span> <span class="p">[]</span><span class="n">LogEvent</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">(</span><span class="n">body</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">events</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"invalid json"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusBadRequest</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="n">normalized</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="n">LogEvent</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">events</span><span class="p">))</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">event</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">events</span> <span class="p">{</span> <span class="n">normalized</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">normalized</span><span class="p">,</span> <span class="n">normalizeEvent</span><span class="p">(</span><span class="n">event</span><span class="p">))</span> <span class="p">}</span> <span class="n">buf</span> <span class="o">:=</span> <span class="n">bufferPool</span><span class="o">.</span><span class="n">Get</span><span class="p">()</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span><span class="p">)</span> <span class="n">buf</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> <span class="k">defer</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">buf</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> <span class="n">bufferPool</span><span class="o">.</span><span class="n">Put</span><span class="p">(</span><span class="n">buf</span><span class="p">)</span> <span class="p">}()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewEncoder</span><span class="p">(</span><span class="n">buf</span><span class="p">)</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">normalized</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="s">"failed to encode events"</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="c">// Important:</span> <span class="c">// If the downstream function stores this data or uses it asynchronously,</span> <span class="c">// copy it before returning the buffer to the pool.</span> <span class="n">payload</span> <span class="o">:=</span> <span class="nb">append</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="no">nil</span><span class="p">),</span> <span class="n">buf</span><span class="o">.</span><span class="n">Bytes</span><span class="p">()</span><span class="o">...</span><span class="p">)</span> <span class="c">// sendToQueue(payload)</span> <span class="n">_</span> <span class="o">=</span> <span class="n">payload</span> <span class="n">w</span><span class="o">.</span><span class="n">WriteHeader</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusAccepted</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">normalizeEvent</span><span class="p">(</span><span class="n">event</span> <span class="n">LogEvent</span><span class="p">)</span> <span class="n">LogEvent</span> <span class="p">{</span> <span class="k">if</span> <span class="n">event</span><span class="o">.</span><span class="n">Level</span> <span class="o">==</span> <span class="s">""</span> <span class="p">{</span> <span class="n">event</span><span class="o">.</span><span class="n">Level</span> <span class="o">=</span> <span class="s">"info"</span> <span class="p">}</span> <span class="k">if</span> <span class="n">event</span><span class="o">.</span><span class="n">Metadata</span> <span class="o">==</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">event</span><span class="o">.</span><span class="n">Metadata</span> <span class="o">=</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="k">interface</span><span class="p">{})</span> <span class="p">}</span> <span class="k">return</span> <span class="n">event</span> <span class="p">}</span> </code></pre> </div> <p>This change looks small, but it matters under load.</p> <p>The buffer is no longer allocated from zero for every request.</p> <p>Instead, the service reuses an existing buffer.</p> <p>That means fewer allocations, less memory churn, and less GC pressure.</p> <h2> The Most Important Rule: Never Reuse Dirty Objects </h2> <p>When using a pool, always reset the object before reusing it.</p> <p>This is critical.</p> <p>For <code>bytes.Buffer</code>, call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">buf</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> </code></pre> </div> <p>For a slice, reset it like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">items</span> <span class="o">=</span> <span class="n">items</span><span class="p">[</span><span class="o">:</span><span class="m">0</span><span class="p">]</span> </code></pre> </div> <p>For a struct, clear the fields manually or create a reset method:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">EventBuilder</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">service</span> <span class="kt">string</span> <span class="n">level</span> <span class="kt">string</span> <span class="n">message</span> <span class="kt">string</span> <span class="n">fields</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">b</span> <span class="o">*</span><span class="n">EventBuilder</span><span class="p">)</span> <span class="n">Reset</span><span class="p">()</span> <span class="p">{</span> <span class="n">b</span><span class="o">.</span><span class="n">service</span> <span class="o">=</span> <span class="s">""</span> <span class="n">b</span><span class="o">.</span><span class="n">level</span> <span class="o">=</span> <span class="s">""</span> <span class="n">b</span><span class="o">.</span><span class="n">message</span> <span class="o">=</span> <span class="s">""</span> <span class="k">for</span> <span class="n">k</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">b</span><span class="o">.</span><span class="n">fields</span> <span class="p">{</span> <span class="nb">delete</span><span class="p">(</span><span class="n">b</span><span class="o">.</span><span class="n">fields</span><span class="p">,</span> <span class="n">k</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If you forget to reset objects properly, you can accidentally leak data between requests.</p> <p>That is not just a performance bug.</p> <p>In a log processing system, it can become a serious correctness or security issue.</p> <p>Imagine one customer's metadata appearing inside another customer's event because a pooled object was not cleaned correctly.</p> <p>That is why object pooling should be used carefully.</p> <h2> A Better Pool for Reusable Event Builders </h2> <p>In my case, buffers were only one part of the problem.</p> <p>The pipeline also had a temporary event builder used during normalization and enrichment.</p> <p>A simplified version looked like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">EventBuilder</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Service</span> <span class="kt">string</span> <span class="n">Level</span> <span class="kt">string</span> <span class="n">Message</span> <span class="kt">string</span> <span class="n">TraceID</span> <span class="kt">string</span> <span class="n">Fields</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewEventBuilder</span><span class="p">()</span> <span class="o">*</span><span class="n">EventBuilder</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">EventBuilder</span><span class="p">{</span> <span class="n">Fields</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">,</span> <span class="m">16</span><span class="p">),</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Creating this for every event caused extra allocations, especially because of the map.</p> <p>So I moved it to a pool as well:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">eventBuilderPool</span> <span class="o">=</span> <span class="n">sync</span><span class="o">.</span><span class="n">Pool</span><span class="p">{</span> <span class="n">New</span><span class="o">:</span> <span class="k">func</span><span class="p">()</span> <span class="n">any</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">EventBuilder</span><span class="p">{</span> <span class="n">Fields</span><span class="o">:</span> <span class="nb">make</span><span class="p">(</span><span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span><span class="p">,</span> <span class="m">16</span><span class="p">),</span> <span class="p">}</span> <span class="p">},</span> <span class="p">}</span> <span class="k">type</span> <span class="n">EventBuilder</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Service</span> <span class="kt">string</span> <span class="n">Level</span> <span class="kt">string</span> <span class="n">Message</span> <span class="kt">string</span> <span class="n">TraceID</span> <span class="kt">string</span> <span class="n">Fields</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">b</span> <span class="o">*</span><span class="n">EventBuilder</span><span class="p">)</span> <span class="n">Reset</span><span class="p">()</span> <span class="p">{</span> <span class="n">b</span><span class="o">.</span><span class="n">Service</span> <span class="o">=</span> <span class="s">""</span> <span class="n">b</span><span class="o">.</span><span class="n">Level</span> <span class="o">=</span> <span class="s">""</span> <span class="n">b</span><span class="o">.</span><span class="n">Message</span> <span class="o">=</span> <span class="s">""</span> <span class="n">b</span><span class="o">.</span><span class="n">TraceID</span> <span class="o">=</span> <span class="s">""</span> <span class="k">for</span> <span class="n">k</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">b</span><span class="o">.</span><span class="n">Fields</span> <span class="p">{</span> <span class="nb">delete</span><span class="p">(</span><span class="n">b</span><span class="o">.</span><span class="n">Fields</span><span class="p">,</span> <span class="n">k</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">buildEvent</span><span class="p">(</span><span class="n">raw</span> <span class="n">LogEvent</span><span class="p">)</span> <span class="o">*</span><span class="n">EventBuilder</span> <span class="p">{</span> <span class="n">builder</span> <span class="o">:=</span> <span class="n">eventBuilderPool</span><span class="o">.</span><span class="n">Get</span><span class="p">()</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">EventBuilder</span><span class="p">)</span> <span class="n">builder</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> <span class="n">builder</span><span class="o">.</span><span class="n">Service</span> <span class="o">=</span> <span class="n">raw</span><span class="o">.</span><span class="n">Service</span> <span class="n">builder</span><span class="o">.</span><span class="n">Level</span> <span class="o">=</span> <span class="n">raw</span><span class="o">.</span><span class="n">Level</span> <span class="n">builder</span><span class="o">.</span><span class="n">Message</span> <span class="o">=</span> <span class="n">raw</span><span class="o">.</span><span class="n">Message</span> <span class="n">builder</span><span class="o">.</span><span class="n">TraceID</span> <span class="o">=</span> <span class="n">raw</span><span class="o">.</span><span class="n">TraceID</span> <span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">raw</span><span class="o">.</span><span class="n">Metadata</span> <span class="p">{</span> <span class="n">builder</span><span class="o">.</span><span class="n">Fields</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">stringify</span><span class="p">(</span><span class="n">v</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">builder</span> <span class="p">}</span> <span class="k">func</span> <span class="n">releaseEventBuilder</span><span class="p">(</span><span class="n">builder</span> <span class="o">*</span><span class="n">EventBuilder</span><span class="p">)</span> <span class="p">{</span> <span class="n">builder</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> <span class="n">eventBuilderPool</span><span class="o">.</span><span class="n">Put</span><span class="p">(</span><span class="n">builder</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">stringify</span><span class="p">(</span><span class="n">v</span> <span class="k">interface</span><span class="p">{})</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">switch</span> <span class="n">value</span> <span class="o">:=</span> <span class="n">v</span><span class="o">.</span><span class="p">(</span><span class="k">type</span><span class="p">)</span> <span class="p">{</span> <span class="k">case</span> <span class="kt">string</span><span class="o">:</span> <span class="k">return</span> <span class="n">value</span> <span class="k">case</span> <span class="kt">int</span><span class="o">:</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%d"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">case</span> <span class="kt">float64</span><span class="o">:</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%f"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">case</span> <span class="kt">bool</span><span class="o">:</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%t"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">default</span><span class="o">:</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Sprintf</span><span class="p">(</span><span class="s">"%v"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The idea is simple:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Do not allocate a new builder for every event. Reuse a builder. Clean it carefully. Return it to the pool. </code></pre> </div> <p>This helped reduce the number of allocations per event.</p> <p>But again, this requires discipline.</p> <p>If the builder is still used somewhere else, do not put it back into the pool.</p> <p>Only return an object to the pool when you are 100% sure nobody else will use it.</p> <h2> A Common Bug: Returning a Buffer Too Early </h2> <p>This is one of the most dangerous mistakes with <code>sync.Pool</code>.</p> <p>Bad example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">buf</span> <span class="o">:=</span> <span class="n">bufferPool</span><span class="o">.</span><span class="n">Get</span><span class="p">()</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span><span class="p">)</span> <span class="n">buf</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> <span class="k">defer</span> <span class="n">bufferPool</span><span class="o">.</span><span class="n">Put</span><span class="p">(</span><span class="n">buf</span><span class="p">)</span> <span class="n">json</span><span class="o">.</span><span class="n">NewEncoder</span><span class="p">(</span><span class="n">buf</span><span class="p">)</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">event</span><span class="p">)</span> <span class="n">sendAsync</span><span class="p">(</span><span class="n">buf</span><span class="o">.</span><span class="n">Bytes</span><span class="p">())</span> <span class="c">// dangerous</span> </code></pre> </div> <p>This is dangerous because <code>sendAsync</code> may use the byte slice later, after the buffer has already been returned to the pool.</p> <p>Another request can get the same buffer and overwrite the data.</p> <p>The result can be corrupted payloads.</p> <p>The safer version is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">buf</span> <span class="o">:=</span> <span class="n">bufferPool</span><span class="o">.</span><span class="n">Get</span><span class="p">()</span><span class="o">.</span><span class="p">(</span><span class="o">*</span><span class="n">bytes</span><span class="o">.</span><span class="n">Buffer</span><span class="p">)</span> <span class="n">buf</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> <span class="k">defer</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">buf</span><span class="o">.</span><span class="n">Reset</span><span class="p">()</span> <span class="n">bufferPool</span><span class="o">.</span><span class="n">Put</span><span class="p">(</span><span class="n">buf</span><span class="p">)</span> <span class="p">}()</span> <span class="n">json</span><span class="o">.</span><span class="n">NewEncoder</span><span class="p">(</span><span class="n">buf</span><span class="p">)</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">event</span><span class="p">)</span> <span class="n">payload</span> <span class="o">:=</span> <span class="nb">append</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="no">nil</span><span class="p">),</span> <span class="n">buf</span><span class="o">.</span><span class="n">Bytes</span><span class="p">()</span><span class="o">...</span><span class="p">)</span> <span class="n">sendAsync</span><span class="p">(</span><span class="n">payload</span><span class="p">)</span> </code></pre> </div> <p>Yes, this copy creates an allocation.</p> <p>But correctness is more important.</p> <p>Pooling should not create hidden data races or corrupted messages.</p> <p>The goal is not to remove every allocation from the system.</p> <p>The goal is to remove unnecessary allocations safely.</p> <h2> Benchmark Before and After </h2> <p>After applying pooling to the hottest temporary objects, the benchmark improved.</p> <p>The simplified benchmark before pooling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>BenchmarkIngestWithoutPool-10 8200 145000 ns/op 128 KB/op 420 allocs/op </code></pre> </div> <p>After pooling reusable buffers and temporary event builders:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>BenchmarkIngestWithPool-10 13500 89000 ns/op 62 KB/op 210 allocs/op </code></pre> </div> <p>In this benchmark, the improvement was roughly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>~38% lower processing time per operation ~51% lower memory usage per operation ~50% fewer allocations per operation </code></pre> </div> <p>But the real win was visible under load.</p> <p>Before:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Requests/sec: 15,000+ Average latency: 16ms p95 latency: 90ms p99 latency: 280ms - 400ms GC cycles: Frequent </code></pre> </div> <p>After:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Requests/sec: 15,000+ Average latency: 11ms p95 latency: 42ms p99 latency: 95ms - 140ms GC cycles: Reduced </code></pre> </div> <p>These numbers are from a simplified internal benchmark scenario, not a universal promise.</p> <p>Your results will depend on payload size, CPU, memory, JSON structure, traffic pattern, and how many allocations exist in your hot path.</p> <p>But the direction was clear:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>less allocation pressure less GC work more stable tail latency better throughput under pressure </code></pre> </div> <p>That was exactly what the system needed.</p> <h2> Why This Works Well for Log Processing Systems </h2> <p>Log processing systems are a good use case for pooling because they usually process many similar objects repeatedly.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>network buffers JSON payload buffers temporary event builders batch buffers compression buffers serialization buffers </code></pre> </div> <p>The pattern repeats thousands of times per second.</p> <p>That makes object reuse valuable.</p> <p>In a normal CRUD API, this optimization may not matter.</p> <p>But in ingestion systems, queues, observability pipelines, proxies, gateways, and stream processors, small allocation costs can become very large at scale.</p> <p>This is where senior-level performance work usually starts:</p> <p>Not by guessing.</p> <p>Not by making the code complex immediately.</p> <p>But by measuring the system, finding the hot path, and reducing unnecessary work where it actually matters.</p> <h2> When Not to Use <code>sync.Pool</code> </h2> <p><code>sync.Pool</code> is powerful, but it is not something I use everywhere.</p> <p>I avoid it when:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>the object is very small the code is not in a hot path allocation rate is already low pooling makes the code harder to understand the object contains sensitive data and cleanup is risky ownership is unclear </code></pre> </div> <p>For example, pooling a tiny struct in a low-traffic admin endpoint is probably useless.</p> <p>It makes the code more complex without improving the system.</p> <p>That is not good engineering.</p> <p>Good performance engineering is not about adding clever tricks everywhere.</p> <p>It is about knowing where the system actually pays the cost.</p> <h2> Practical Rules I Follow </h2> <p>Here are the rules I personally follow when using <code>sync.Pool</code>:</p> <h3> 1. Measure first </h3> <p>Do not add pooling just because it looks professional.</p> <p>Check allocations with benchmarks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">b</span><span class="o">.</span><span class="n">ReportAllocs</span><span class="p">()</span> </code></pre> </div> <p>Use profiling when possible:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">test</span> <span class="nt">-bench</span><span class="o">=</span><span class="nb">.</span> <span class="nt">-benchmem</span> </code></pre> </div> <p>For production-like analysis, use <code>pprof</code> and runtime metrics.</p> <h3> 2. Pool only hot-path temporary objects </h3> <p>Good candidates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>bytes.Buffer large []byte slices temporary builders compression buffers serialization helpers </code></pre> </div> <p>Bad candidates:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>business state long-lived objects request-specific objects still used asynchronously objects with unclear ownership </code></pre> </div> <h3> 3. Always reset before reuse </h3> <p>Never trust the object you get from the pool.</p> <p>Clean it before using it.</p> <p>Clean it before putting it back.</p> <h3> 4. Be careful with references </h3> <p>Do not return an object to the pool while another goroutine, function, or queue still references it.</p> <p>This is especially important with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[]byte bytes.Buffer maps slices pointers </code></pre> </div> <h3> 5. Do not use <code>sync.Pool</code> as a cache </h3> <p>The garbage collector can clear pooled objects.</p> <p>So never depend on the pool for correctness.</p> <p>The system must work even if the pool is empty.</p> <h2> The Senior Engineering Lesson </h2> <p>The biggest lesson for me was this:</p> <p>Performance problems are not always about slow code.</p> <p>Sometimes they are about how much temporary work the code creates.</p> <p>In my log processing service, the business logic was not very complicated.</p> <p>The real issue was that every request created too many short-lived objects.</p> <p>At low traffic, this was invisible.</p> <p>At high traffic, it became a GC problem.</p> <p>And once GC became more active, p99 latency became unstable.</p> <p>Using <code>sync.Pool</code> did not magically make the system fast.</p> <p>But it removed unnecessary pressure from the runtime.</p> <p>That gave the service more breathing room under load.</p> <p>The final architecture was still simple:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>receive logs parse JSON normalize events reuse temporary buffers batch efficiently send downstream </code></pre> </div> <p>But the implementation became more careful about memory.</p> <p>That is the difference between code that works and code that survives real production traffic.</p> <h2> Final Thoughts </h2> <p><code>sync.Pool</code> is not something every Go application needs.</p> <p>But if you are building high-throughput systems like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>log processors observability pipelines API gateways stream processors network services JSON-heavy ingestion APIs </code></pre> </div> <p>then object pooling is worth understanding.</p> <p>The key is not to use it blindly.</p> <p>The key is to measure first, identify allocation-heavy hot paths, and then reuse objects safely.</p> <p>For my Sentry-like log processing pipeline, pooling buffers and temporary builders helped reduce allocations, lower GC pressure, and stabilize p99 latency under high load.</p> <p>And in production systems, stable p99 latency is often more important than a beautiful average latency number.</p> <p>Because users do not feel your average.</p> <p>They feel the slow requests.</p> go performance backend observability amir Thu, 28 May 2026 10:31:54 +0000 https://dev.to/amirsefati/why-we-accidentally-blocked-our-users-a-deep-dive-into-idempotency-in-distributed-systems-4aik https://dev.to/amirsefati/why-we-accidentally-blocked-our-users-a-deep-dive-into-idempotency-in-distributed-systems-4aik <p>I learned one of my most important distributed-systems lessons the hard way.</p> <p>We were working on a payment flow connected to an external payment gateway. On paper, the architecture looked solid: microservices, clean database transactions, retry logic, monitoring, and enough security checks to make us feel safe before deployment.</p> <p>Then production reminded us that real users do not live inside clean architecture diagrams.</p> <p>Support tickets started coming in. Some users could not complete payments. Some accounts were being blocked too aggressively. At first, it looked like suspicious behavior: multiple payment attempts, repeated payloads, and requests arriving only seconds apart.</p> <p>But when I dug into the logs, the real problem was not fraud.</p> <p>It was our own backend.</p> <p>A user with a slow network clicked the <strong>Pay</strong> button, waited, saw nothing happen, and clicked again. In another case, the browser retried a request after a timeout. Our backend received multiple identical payment requests within a very short window, and our naive security logic treated them like duplicate transaction anomalies or replay attempts.</p> <p>We were punishing users for having bad internet.</p> <p>That incident changed the way I think about payment systems, retries, APIs, and side effects. In distributed systems, you cannot control the network. You cannot control the user's browser. You cannot guarantee that a response will reach the client.</p> <p>But you <strong>must</strong> control what happens when the same intent reaches your backend more than once.</p> <p>That is where idempotency becomes essential.</p> <h2> The Problem Is Not the Retry. The Problem Is the Side Effect. </h2> <p>Retries are normal.</p> <p>Clients retry. Browsers retry. Mobile networks fail. Gateways timeout. Load balancers drop connections. Users double-click buttons. Background workers reprocess jobs. Message queues deliver the same message more than once.</p> <p>The dangerous part is not receiving the same request multiple times.</p> <p>The dangerous part is executing the same side effect multiple times.</p> <p>For example:</p> <ul> <li>charging a card twice</li> <li>creating two orders</li> <li>sending duplicate invoices</li> <li>blocking a user after repeated attempts</li> <li>reducing inventory multiple times</li> <li>creating duplicate ledger entries</li> <li>triggering the same notification several times</li> </ul> <p>In backend engineering, especially around payments and financial workflows, the real question is not:</p> <blockquote> <p>How do I stop duplicate requests?</p> </blockquote> <p>The better question is:</p> <blockquote> <p>How do I make duplicate requests safe?</p> </blockquote> <h2> What Idempotency Actually Means </h2> <p>In mathematics, an operation is idempotent when applying it multiple times produces the same result as applying it once.</p> <p>In API design, some HTTP methods are naturally expected to be idempotent.</p> <p><code>GET</code> should not change state.</p> <p><code>PUT</code> can be idempotent because replacing a resource with the same representation multiple times should leave the system in the same final state.</p> <p><code>DELETE</code> can also be idempotent because deleting the same resource multiple times still means the resource does not exist.</p> <p>But <code>POST</code> is different.</p> <p>A <code>POST /payments</code> request usually means:</p> <blockquote> <p>Create a new payment.</p> </blockquote> <p>If the client sends the same request twice, the backend may create two payments unless we intentionally design against it.</p> <p>That is the core problem.</p> <p>A payment request represents an <strong>intent</strong>, not just an HTTP payload. If the user intended to pay once, the system should execute that intent once, even if the request arrives multiple times.</p> <h2> Enter the Idempotency Key </h2> <p>An idempotency key is a unique value generated by the client and sent with the request, usually as an HTTP header:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">Idempotency-Key: 7f3f0f4c-98a4-4d8c-9b91-7a2f9e4c5d11 </span></code></pre> </div> <p>The key says:</p> <blockquote> <p>This request represents one specific user action. If you see this key again, do not execute the action again. Return the result of the first execution.</p> </blockquote> <p>That simple idea changes the system from:</p> <blockquote> <p>I received another request, so I will process it again.</p> </blockquote> <p>to:</p> <blockquote> <p>I received the same intent again, so I will return the same result.</p> </blockquote> <p>This is especially important for:</p> <ul> <li>payments</li> <li>order creation</li> <li>wallet transfers</li> <li>account provisioning</li> <li>invoice generation</li> <li>message publishing</li> <li>background job processing</li> <li>any workflow where duplicate execution is dangerous</li> </ul> <h2> A Good Idempotency Layer Is More Than a Boolean Flag </h2> <p>A common mistake is implementing idempotency like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>if key exists: reject request else: process request </code></pre> </div> <p>That looks simple, but it is not enough for production systems.</p> <p>A real implementation needs to answer several questions:</p> <ul> <li>Is the request currently being processed?</li> <li>Did the request complete successfully?</li> <li>Should we return a cached response?</li> <li>Did the request fail with a retryable error?</li> <li>Is the same key being reused with a different payload?</li> <li>What happens if two identical requests arrive at the exact same millisecond?</li> </ul> <p>For that reason, I prefer thinking about idempotency as a small state machine.</p> <h2> The State Machine I Like to Use </h2> <p>A practical idempotency record can have these states:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>STARTED COMPLETED FAILED </code></pre> </div> <h3> <code>STARTED</code> </h3> <p>The server received the key and started processing the request.</p> <p>This state is important because it protects you from concurrent duplicates. If another request arrives with the same key while the first request is still running, the system should not execute the action again.</p> <p>Usually, I return something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">409 Conflict </span></code></pre> </div> <p>with a response explaining that the request is already in progress.</p> <h3> <code>COMPLETED</code> </h3> <p>The operation finished successfully.</p> <p>At this point, the server stores the final response and returns that same response for future requests with the same key.</p> <p>This is the key behavior that makes retries safe.</p> <h3> <code>FAILED</code> </h3> <p>The operation failed with a server-side or retryable error.</p> <p>This part depends on your business rules, but in many systems I prefer allowing the client to retry after a true internal failure. The important thing is to be explicit about which failures are cached and which failures are not.</p> <h2> Why Redis Works Well Here </h2> <p>You can implement idempotency using PostgreSQL with a unique constraint. In some systems, that is perfectly fine.</p> <p>But in high-throughput APIs, I usually prefer Redis for the idempotency layer because it gives you:</p> <ul> <li>fast key lookup</li> <li>atomic operations</li> <li>natural TTL support</li> <li>simple distributed locking primitives</li> <li>low overhead for temporary request metadata</li> </ul> <p>The TTL part matters a lot.</p> <p>Idempotency keys should not live forever. For many payment-style workflows, a 24-hour TTL is a reasonable starting point. Some systems may need shorter or longer retention depending on reconciliation, compliance, and product behavior.</p> <h2> The Race Condition You Must Handle </h2> <p>The biggest bug in naive idempotency implementations is the race condition.</p> <p>Imagine two identical requests arrive at the same time:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Request A checks key -&gt; key does not exist Request B checks key -&gt; key does not exist Request A processes payment Request B processes payment </code></pre> </div> <p>Now you have two charges.</p> <p>This is why the first write must be atomic.</p> <p>In Redis, you can use <code>SET</code> with <code>NX</code> and <code>EX</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">lockKey</span> <span class="o">=</span> <span class="s2">`idempotency:</span><span class="p">${</span><span class="nx">key</span><span class="p">}</span><span class="s2">`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">acquired</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">redis</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span> <span class="nx">lockKey</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">state</span><span class="p">:</span> <span class="dl">"</span><span class="s2">STARTED</span><span class="dl">"</span><span class="p">,</span> <span class="nx">payloadHash</span><span class="p">,</span> <span class="na">createdAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="p">}),</span> <span class="dl">"</span><span class="s2">NX</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">EX</span><span class="dl">"</span><span class="p">,</span> <span class="mi">86400</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">acquired</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Another request already created this key.</span> <span class="c1">// Now inspect its current state.</span> <span class="p">}</span> </code></pre> </div> <p><code>NX</code> means "only set this key if it does not already exist."</p> <p>That one detail is critical. It turns the check-and-set operation into one atomic step.</p> <h2> Returning the Cached Response </h2> <p>When the first request completes, we update the idempotency record:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">await</span> <span class="nx">redis</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span> <span class="s2">`idempotency:</span><span class="p">${</span><span class="nx">key</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">state</span><span class="p">:</span> <span class="dl">"</span><span class="s2">COMPLETED</span><span class="dl">"</span><span class="p">,</span> <span class="nx">payloadHash</span><span class="p">,</span> <span class="na">statusCode</span><span class="p">:</span> <span class="mi">201</span><span class="p">,</span> <span class="na">responseBody</span><span class="p">:</span> <span class="p">{</span> <span class="na">paymentId</span><span class="p">:</span> <span class="dl">"</span><span class="s2">pay_123</span><span class="dl">"</span><span class="p">,</span> <span class="na">status</span><span class="p">:</span> <span class="dl">"</span><span class="s2">succeeded</span><span class="dl">"</span> <span class="p">},</span> <span class="na">completedAt</span><span class="p">:</span> <span class="nb">Date</span><span class="p">.</span><span class="nf">now</span><span class="p">()</span> <span class="p">}),</span> <span class="dl">"</span><span class="s2">EX</span><span class="dl">"</span><span class="p">,</span> <span class="mi">86400</span> <span class="p">);</span> </code></pre> </div> <p>Then, if the same request arrives again:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">record</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="k">await</span> <span class="nx">redis</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="s2">`idempotency:</span><span class="p">${</span><span class="nx">key</span><span class="p">}</span><span class="s2">`</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">state</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">COMPLETED</span><span class="dl">"</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">statusCode</span><span class="p">).</span><span class="nf">json</span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">responseBody</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The client gets a successful response, but the payment is not executed again.</p> <p>That is the whole point.</p> <p>The retry becomes harmless.</p> <h2> Payload Fingerprinting: The Edge Case Many People Miss </h2> <p>There is one subtle bug that can become very dangerous.</p> <p>What if the client reuses the same idempotency key for a different request?</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Key: abc-123 Amount: $10 </code></pre> </div> <p>Then later:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Key: abc-123 Amount: $1,000 </code></pre> </div> <p>If your server only checks the key, it may return the cached response for the old request. That can create serious data integrity problems.</p> <p>The fix is payload fingerprinting.</p> <p>When the request first arrives, create a stable hash of the meaningful request body:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">crypto</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">crypto</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">createPayloadHash</span><span class="p">(</span><span class="nx">payload</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">crypto</span> <span class="p">.</span><span class="nf">createHash</span><span class="p">(</span><span class="dl">"</span><span class="s2">sha256</span><span class="dl">"</span><span class="p">)</span> <span class="p">.</span><span class="nf">update</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">payload</span><span class="p">))</span> <span class="p">.</span><span class="nf">digest</span><span class="p">(</span><span class="dl">"</span><span class="s2">hex</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Then store that hash with the idempotency key.</p> <p>On every retry, compare the incoming payload hash with the stored hash.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">if </span><span class="p">(</span><span class="nx">record</span><span class="p">.</span><span class="nx">payloadHash</span> <span class="o">!==</span> <span class="nx">incomingPayloadHash</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">"</span><span class="s2">Idempotency key was reused with a different payload.</span><span class="dl">"</span> <span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>This prevents key reuse bugs from silently corrupting your workflow.</p> <p>In my opinion, this is not optional for financial systems.</p> <h2> Be Careful with 4xx and 5xx Responses </h2> <p>Not every response should be cached the same way.</p> <h3> 2xx responses </h3> <p>Usually safe to cache.</p> <p>The operation succeeded, and future retries should return the same response.</p> <h3> 5xx responses </h3> <p>This depends on where the failure happened.</p> <p>If your service failed before executing the side effect, a retry may be safe.</p> <p>If your service timed out after calling the payment gateway, you may not know whether the external side effect happened. In that case, you need reconciliation, gateway lookup, or a more careful state transition.</p> <p>This is where many systems get complicated.</p> <h3> 4xx responses </h3> <p>Be very careful.</p> <p>If the user sent invalid input, you may not want to cache that failure forever. Maybe the user fixes the payload and retries. Maybe the frontend generated the key before validation was complete.</p> <p>Personally, I do not like blindly caching all 4xx responses for long periods. For many product flows, it is better to reject the invalid request and ask the client to generate a new idempotency key after the user changes the input.</p> <p>The important thing is to define this behavior intentionally.</p> <h2> Client-Side Key Generation </h2> <p>The idempotency key should usually be generated on the client.</p> <p>For example, in a checkout page, generate the key when the user starts a specific payment attempt and reuse that key for retries of the same attempt.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">idempotencyKey</span> <span class="o">=</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">();</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">"</span><span class="s2">/api/payments</span><span class="dl">"</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">"</span><span class="s2">POST</span><span class="dl">"</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">"</span><span class="s2">Content-Type</span><span class="dl">"</span><span class="p">:</span> <span class="dl">"</span><span class="s2">application/json</span><span class="dl">"</span><span class="p">,</span> <span class="dl">"</span><span class="s2">Idempotency-Key</span><span class="dl">"</span><span class="p">:</span> <span class="nx">idempotencyKey</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">amount</span><span class="p">:</span> <span class="mi">1000</span><span class="p">,</span> <span class="na">currency</span><span class="p">:</span> <span class="dl">"</span><span class="s2">USD</span><span class="dl">"</span> <span class="p">})</span> <span class="p">});</span> </code></pre> </div> <p>If the server generates the key too late, it may not help with network failures between the client and server.</p> <p>The client needs to be able to say:</p> <blockquote> <p>I am retrying the same action.</p> </blockquote> <p>That requires the client to own the key for that action.</p> <h2> Idempotency Is Not a Replacement for Database Integrity </h2> <p>One mistake I see sometimes is treating idempotency as the only protection layer.</p> <p>It should not be.</p> <p>Idempotency is part of the design, but you should still use database constraints and transactional boundaries where appropriate.</p> <p>For example:</p> <ul> <li>unique constraints for order numbers</li> <li>unique transaction references</li> <li>ledger constraints</li> <li>gateway transaction IDs</li> <li>consistent status transitions</li> <li>outbox patterns for event publishing</li> </ul> <p>In serious systems, correctness usually comes from layers.</p> <p>The API idempotency layer prevents duplicate execution at the request boundary.</p> <p>The database protects final state.</p> <p>The message queue and worker design protect asynchronous processing.</p> <p>The reconciliation process protects you when external systems behave unexpectedly.</p> <h2> A Simple Middleware Flow </h2> <p>A clean idempotency middleware can follow this flow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. Read Idempotency-Key from the request. 2. Validate that the key exists for dangerous POST endpoints. 3. Create a hash of the request payload. 4. Atomically create a STARTED record with Redis SET NX EX. 5. If the key already exists: - compare payload hash - if STARTED, return 409 Conflict - if COMPLETED, return cached response - if FAILED, allow or reject retry based on policy 6. Execute the business operation. 7. Store the final response as COMPLETED. 8. Return the response to the client. </code></pre> </div> <p>This flow is simple enough to understand, but strong enough to avoid many production problems.</p> <h2> Practical Rules I Follow Now </h2> <p>After dealing with this in real systems, these are the rules I try to follow:</p> <ol> <li>Any endpoint that creates money movement must support idempotency.</li> <li>Any endpoint that creates orders, invoices, or irreversible side effects should support idempotency.</li> <li>The key should represent one user intent, not one HTTP request.</li> <li>The first write for the idempotency key must be atomic.</li> <li>Store and compare a payload hash.</li> <li>Cache successful responses.</li> <li>Be very careful when caching failures.</li> <li>Use TTL intentionally.</li> <li>Do not rely only on frontend button disabling.</li> <li>Do not use rate limiting as a replacement for idempotency.</li> </ol> <p>That last point is important.</p> <p>Rate limiting protects infrastructure.</p> <p>Idempotency protects correctness.</p> <p>They are not the same thing.</p> <h2> The Real Lesson </h2> <p>The day we accidentally blocked users was not just a payment bug. It was a design lesson.</p> <p>Our system was technically trying to protect users, but because we did not model retries correctly, we created a worse experience for legitimate customers.</p> <p>Distributed systems are messy. Networks fail. Clients retry. Users double-click. Gateways timeout. Workers reprocess jobs.</p> <p>A mature backend does not pretend these things will not happen.</p> <p>A mature backend absorbs them.</p> <p>Idempotency is one of those patterns that looks simple from the outside, but when you implement it properly, it changes the reliability of the whole system.</p> <p>For me, the biggest mindset shift was this:</p> <blockquote> <p>Do not fight duplicate requests. Make duplicate requests safe.</p> </blockquote> <p>That is the difference between a backend that works in ideal conditions and a backend that survives production.</p> backend distributedsystems redis architecture amir Thu, 28 May 2026 09:35:32 +0000 https://dev.to/amirsefati/go-modules-in-practice-init-tidy-vendor-and-publishing-packages-58lc https://dev.to/amirsefati/go-modules-in-practice-init-tidy-vendor-and-publishing-packages-58lc <p>As a backend engineer, I have worked on many services where the hard part was not only writing the code. The hard part was keeping the project clean, reproducible, easy to build, and safe to maintain as the team and codebase grew.</p> <p>In Go, a big part of that discipline comes from understanding <strong>Go Modules</strong>.</p> <p>At first, Go Modules may look simple: a <code>go.mod</code> file, a <code>go.sum</code> file, and a few commands like <code>go mod init</code> and <code>go mod tidy</code>. But in real projects, these small tools decide how your service builds in CI, how your dependencies are verified, how private repositories are handled, and how other developers can use your package.</p> <p>In this article, I want to explain Go Modules in a practical way, from the mindset of someone building production backend systems.</p> <p>We will cover:</p> <ul> <li>What Go Modules are and why Go does not work like NPM or Pip</li> <li>How <code>go mod init</code>, <code>go mod tidy</code>, and <code>go mod vendor</code> actually help</li> <li>How I think about Go project structure without over-engineering</li> <li>How to publish your own Go package</li> <li>A few production tips that matter in real teams</li> </ul> <h2> What Are Go Modules? </h2> <p>A <strong>Go module</strong> is a versioned collection of Go packages.</p> <p>In simple words, it is the boundary of your project. It tells Go:</p> <ul> <li>what your project is called</li> <li>which Go version it targets</li> <li>which dependencies it needs</li> <li>which versions of those dependencies should be used</li> </ul> <p>A Go module is defined by the <code>go.mod</code> file.</p> <p>Before Go Modules, Go projects were commonly managed inside <code>GOPATH</code>. That worked, but it created friction around dependency versions and project location. Go Modules solved that by making dependency management explicit and project-based.</p> <p>Today, when I start a serious Go project, one of the first things I do is initialize a module.</p> <h2> Why Go Packages Feel Different From NPM or Pip </h2> <p>If you come from JavaScript or Python, Go package management may feel a little strange at first.</p> <p>In Node.js, packages are usually published to <strong>NPM</strong>.</p> <p>In Python, packages are usually published to <strong>PyPI</strong>.</p> <p>Go is different.</p> <p>Go uses the module path as an import path, and that path is usually a version control URL, for example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="s">"github.com/google/uuid"</span> </code></pre> </div> <p>This means Go can resolve packages directly from places like GitHub, GitLab, or Bitbucket.</p> <p>That is why many Go packages look like URLs. The module path is not just a name. It is also the identity of the package.</p> <p>This design makes publishing very simple. In many cases, publishing a Go package is just:</p> <ol> <li>push your code to GitHub</li> <li>create a proper Git tag</li> <li>let Go tooling resolve it</li> </ol> <p>No separate package registry account is required for basic public modules.</p> <h2> Starting a Project With <code>go mod init</code> </h2> <p>Every Go module starts with this command:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go mod init &lt;module-path&gt; </code></pre> </div> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>my-awesome-project <span class="nb">cd </span>my-awesome-project go mod init github.com/yourusername/my-awesome-project </code></pre> </div> <p>This creates a <code>go.mod</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">module</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">yourusername</span><span class="o">/</span><span class="n">my</span><span class="o">-</span><span class="n">awesome</span><span class="o">-</span><span class="n">project</span> <span class="k">go</span> <span class="m">1.22</span> </code></pre> </div> <p>The module path matters.</p> <p>For local experiments, you can use something simple:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go mod init myapp </code></pre> </div> <p>But for real packages, especially packages you may publish later, I prefer using the final repository path from the beginning:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go mod init github.com/yourusername/my-awesome-project </code></pre> </div> <p>That prevents painful import-path changes later.</p> <h2> Adding Third-Party Packages </h2> <p>Let’s say I am building a small HTTP service and I want to use Gin:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"net/http"</span> <span class="s">"github.com/gin-gonic/gin"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">r</span> <span class="o">:=</span> <span class="n">gin</span><span class="o">.</span><span class="n">Default</span><span class="p">()</span> <span class="n">r</span><span class="o">.</span><span class="n">GET</span><span class="p">(</span><span class="s">"/ping"</span><span class="p">,</span> <span class="k">func</span><span class="p">(</span><span class="n">c</span> <span class="o">*</span><span class="n">gin</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">{</span> <span class="n">c</span><span class="o">.</span><span class="n">JSON</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">StatusOK</span><span class="p">,</span> <span class="n">gin</span><span class="o">.</span><span class="n">H</span><span class="p">{</span> <span class="s">"message"</span><span class="o">:</span> <span class="s">"pong"</span><span class="p">,</span> <span class="p">})</span> <span class="p">})</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Run</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="nb">panic</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>At this point, Go sees an external import:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="s">"github.com/gin-gonic/gin"</span> </code></pre> </div> <p>Now the module needs to know about this dependency.</p> <p>You can run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go mod tidy </code></pre> </div> <p>or directly:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go get github.com/gin-gonic/gin </code></pre> </div> <p>In daily work, I use <code>go mod tidy</code> a lot because it does more than just add packages.</p> <h2> What <code>go mod tidy</code> Really Does </h2> <p><code>go mod tidy</code> is one of the commands I run before almost every commit in a Go project.</p> <p>It scans your code and tests, then updates <code>go.mod</code> and <code>go.sum</code> based on what is actually used.</p> <p>It does three important things:</p> <h3> 1. Adds Missing Dependencies </h3> <p>If your code imports a package but your module does not list it yet, <code>go mod tidy</code> adds it.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go mod tidy </code></pre> </div> <p>After that, your <code>go.mod</code> may include something like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">require</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">gin</span><span class="o">-</span><span class="n">gonic</span><span class="o">/</span><span class="n">gin</span> <span class="n">v1</span><span class="m">.10.0</span> </code></pre> </div> <h3> 2. Removes Unused Dependencies </h3> <p>If you removed a package from your code but it is still listed in <code>go.mod</code>, <code>go mod tidy</code> cleans it up.</p> <p>This is important because old dependencies are not harmless. They can increase build complexity, create security review noise, and confuse other engineers.</p> <h3> 3. Updates <code>go.sum</code> </h3> <p><code>go.sum</code> stores cryptographic checksums for module versions.</p> <p>This helps Go verify that the dependency being downloaded is the same one expected by your project.</p> <p>In production, this matters. Reproducible builds are not a luxury. They are part of engineering discipline.</p> <p>My rule is simple:</p> <blockquote> <p>If I changed imports, removed packages, upgraded dependencies, or touched tests, I run <code>go mod tidy</code> before committing.</p> </blockquote> <h2> Understanding <code>go.mod</code> and <code>go.sum</code> </h2> <p>A minimal <code>go.mod</code> file looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">module</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">yourusername</span><span class="o">/</span><span class="n">my</span><span class="o">-</span><span class="n">awesome</span><span class="o">-</span><span class="n">project</span> <span class="k">go</span> <span class="m">1.22</span> <span class="n">require</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">gin</span><span class="o">-</span><span class="n">gonic</span><span class="o">/</span><span class="n">gin</span> <span class="n">v1</span><span class="m">.10.0</span> </code></pre> </div> <p>This file is human-readable and should be committed.</p> <p><code>go.sum</code> is also committed. Some developers think <code>go.sum</code> is like a cache file and should be ignored. That is a mistake.</p> <p><code>go.sum</code> is part of dependency verification. It helps ensure that the same module versions resolve consistently across machines, CI pipelines, and production builds.</p> <p>So in real Go projects, I commit both:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>go.mod go.sum </code></pre> </div> <h2> Vendoring Dependencies With <code>go mod vendor</code> </h2> <p>By default, Go downloads dependencies into the module cache on your machine.</p> <p>But sometimes you want dependencies copied directly into your project. For that, Go provides:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go mod vendor </code></pre> </div> <p>This creates a <code>vendor/</code> directory and copies dependency source code into it.</p> <p>Your project may look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-awesome-project/ ├── go.mod ├── go.sum ├── main.go └── vendor/ </code></pre> </div> <h3> When Vendoring Makes Sense </h3> <p>I do not vendor dependencies in every project, but it can be useful in specific cases:</p> <ul> <li>CI/CD environments with restricted internet access</li> <li>companies with strict dependency review processes</li> <li>projects that must build in isolated networks</li> <li>teams that want dependency source code available inside the repository</li> </ul> <p>For most normal public projects, vendoring is not required. Go’s module proxy and checksum database already solve many reliability problems for public dependencies.</p> <p>But for enterprise systems, especially where builds must be predictable and auditable, vendoring can still be a valid choice.</p> <p>If you use vendoring, build with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go build <span class="nt">-mod</span><span class="o">=</span>vendor ./... </code></pre> </div> <p>or test with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">test</span> <span class="nt">-mod</span><span class="o">=</span>vendor ./... </code></pre> </div> <h2> Project Structure: Start Simple </h2> <p>One of the mistakes I often see is copying project structures from other ecosystems.</p> <p>A developer comes from Laravel, Django, NestJS, or Spring Boot and immediately creates folders like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>controllers/ services/ repositories/ models/ helpers/ utils/ managers/ </code></pre> </div> <p>This is not always wrong, but in Go it often becomes unnecessary complexity too early.</p> <p>Go projects usually become cleaner when they start simple and grow based on real pressure.</p> <p>For a small service, this can be enough:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-project/ ├── go.mod ├── go.sum └── main.go </code></pre> </div> <p>That structure is not “too simple”. It is honest.</p> <p>You do not need architecture before you have a problem that needs architecture.</p> <h2> A Practical Production Structure </h2> <p>When the project grows, I usually move toward a structure like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-project/ ├── cmd/ │ └── api/ │ └── main.go ├── internal/ │ ├── config/ │ │ └── config.go │ ├── database/ │ │ └── postgres.go │ ├── http/ │ │ └── router.go │ └── user/ │ ├── handler.go │ ├── service.go │ └── repository.go ├── pkg/ │ └── logger/ │ └── logger.go ├── go.mod └── go.sum </code></pre> </div> <p>Here is how I think about these folders:</p> <h3> <code>cmd/</code> </h3> <p>This contains application entry points.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>cmd/api/main.go cmd/worker/main.go cmd/migrate/main.go </code></pre> </div> <p>Each subdirectory represents a runnable program.</p> <h3> <code>internal/</code> </h3> <p>This is where most application code should live.</p> <p>The important thing about <code>internal/</code> is that Go enforces its privacy. Code inside <code>internal/</code> cannot be imported from outside the parent module tree.</p> <p>That is powerful.</p> <p>It means your business logic, database code, handlers, and internal services are protected from becoming accidental public APIs.</p> <h3> <code>pkg/</code> </h3> <p>I use <code>pkg/</code> only for code that is intentionally reusable by other projects.</p> <p>For example:</p> <ul> <li>a logger package</li> <li>a small validation package</li> <li>a reusable client</li> <li>shared utilities that are stable enough to expose</li> </ul> <p>I do not put everything into <code>pkg/</code>. If the code is only for this application, it belongs in <code>internal/</code>.</p> <h2> Publishing Your Own Go Package </h2> <p>One thing I really like about Go is how easy it is to publish packages.</p> <p>Let’s say I wrote a small package for PostgreSQL migration helpers and I want other developers to use it.</p> <h3> Step 1: Create the Module </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>pgmigrate <span class="nb">cd </span>pgmigrate go mod init github.com/yourusername/pgmigrate </code></pre> </div> <h3> Step 2: Write a Small Package </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">pgmigrate</span> <span class="k">import</span> <span class="s">"database/sql"</span> <span class="k">type</span> <span class="n">Migration</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Version</span> <span class="kt">int</span> <span class="n">Name</span> <span class="kt">string</span> <span class="n">Up</span> <span class="kt">string</span> <span class="n">Down</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="n">Apply</span><span class="p">(</span><span class="n">db</span> <span class="o">*</span><span class="n">sql</span><span class="o">.</span><span class="n">DB</span><span class="p">,</span> <span class="n">migration</span> <span class="n">Migration</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">_</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">Exec</span><span class="p">(</span><span class="n">migration</span><span class="o">.</span><span class="n">Up</span><span class="p">)</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> </code></pre> </div> <h3> Step 3: Add Tests </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">test</span> ./... </code></pre> </div> <p>Even for small packages, tests matter. A package without tests is harder to trust.</p> <h3> Step 4: Push to GitHub </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git add <span class="nb">.</span> git commit <span class="nt">-m</span> <span class="s2">"initial release"</span> git push origin main </code></pre> </div> <h3> Step 5: Tag a Version </h3> <p>Go Modules use semantic versioning.</p> <p>Create a Git tag:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git tag v0.1.0 git push origin v0.1.0 </code></pre> </div> <p>Now other developers can use it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go get github.com/yourusername/pgmigrate@v0.1.0 </code></pre> </div> <p>That is the beauty of Go package publishing. Git tags are releases.</p> <h2> Semantic Versioning in Go </h2> <p>Versioning is very important in Go.</p> <p>A normal release tag looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>v1.2.3 </code></pre> </div> <p>The meaning is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>MAJOR.MINOR.PATCH </code></pre> </div> <ul> <li> <code>PATCH</code>: bug fixes</li> <li> <code>MINOR</code>: new backward-compatible features</li> <li> <code>MAJOR</code>: breaking changes</li> </ul> <p>One Go-specific detail is important: if your module reaches <code>v2</code> or higher, the module path must include the major version.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">module</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">yourusername</span><span class="o">/</span><span class="n">pgmigrate</span><span class="o">/</span><span class="n">v2</span> </code></pre> </div> <p>And users import it like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="s">"github.com/yourusername/pgmigrate/v2"</span> </code></pre> </div> <p>This may feel strange in the beginning, but it makes breaking changes explicit.</p> <h2> Working With Private Modules </h2> <p>In real companies, not all Go modules are public.</p> <p>If your company has private repositories, you should configure <code>GOPRIVATE</code>.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">export </span><span class="nv">GOPRIVATE</span><span class="o">=</span>github.com/mycompany/<span class="k">*</span> </code></pre> </div> <p>This tells Go not to use the public proxy or checksum database for those module paths.</p> <p>For private GitHub modules, your machine or CI runner also needs Git authentication configured correctly, usually through SSH keys or tokens.</p> <p>In CI/CD, this is one of the first things I check when a build fails with private dependencies.</p> <p>A common symptom is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>terminal prompts disabled </code></pre> </div> <p>or:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>repository not found </code></pre> </div> <p>The dependency may exist, but the CI runner does not have permission to access it.</p> <h2> Local Multi-Module Development With <code>go work</code> </h2> <p>Sometimes I work on two Go modules at the same time.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>workspace/ ├── api-service/ └── shared-lib/ </code></pre> </div> <p>Before Go workspaces, developers often used <code>replace</code> in <code>go.mod</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">replace</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">mycompany</span><span class="o">/</span><span class="n">shared</span><span class="o">-</span><span class="n">lib</span> <span class="o">=&gt;</span> <span class="o">../</span><span class="n">shared</span><span class="o">-</span><span class="n">lib</span> </code></pre> </div> <p>This works, but it is easy to accidentally commit local paths.</p> <p>A better option for local development is <code>go work</code>.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>workspace <span class="nb">cd </span>workspace go work init ./api-service ./shared-lib </code></pre> </div> <p>This creates a <code>go.work</code> file that connects local modules during development.</p> <p>I like this approach because it keeps local development clean without polluting the module definition.</p> <h2> My Production Checklist for Go Modules </h2> <p>Before I push Go code, I usually check these things:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">fmt</span> ./... go <span class="nb">test</span> ./... go mod tidy </code></pre> </div> <p>For larger services, I also check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go vet ./... </code></pre> </div> <p>And if vendoring is used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go mod vendor go <span class="nb">test</span> <span class="nt">-mod</span><span class="o">=</span>vendor ./... </code></pre> </div> <p>This small routine prevents many annoying problems in CI.</p> <p>My practical checklist is:</p> <ul> <li>commit both <code>go.mod</code> and <code>go.sum</code> </li> <li>run <code>go mod tidy</code> before pushing</li> <li>avoid unnecessary dependencies</li> <li>do not expose internal application code as public packages</li> <li>use <code>GOPRIVATE</code> for private company modules</li> <li>tag releases properly when publishing packages</li> <li>be careful with <code>replace</code> directives before committing</li> </ul> <h2> Common Mistakes I See </h2> <p>Here are some mistakes I have seen many times in real projects.</p> <h3> Mistake 1: Ignoring <code>go.sum</code> </h3> <p>Do not ignore <code>go.sum</code>.</p> <p>It is part of module verification and should be committed.</p> <h3> Mistake 2: Creating Too Many Folders Too Early </h3> <p>A complex folder structure does not automatically make a project clean.</p> <p>In Go, simple structure is usually better until the codebase proves it needs more separation.</p> <h3> Mistake 3: Putting Everything in <code>pkg/</code> </h3> <p><code>pkg/</code> should not mean “all packages”.</p> <p>Use it for code you intentionally want other modules to import. Otherwise, prefer <code>internal/</code>.</p> <h3> Mistake 4: Forgetting Private Module Configuration </h3> <p>If your dependency is private, the build environment must know that.</p> <p>Use <code>GOPRIVATE</code> and make sure Git authentication works in CI.</p> <h3> Mistake 5: Committing Local <code>replace</code> Paths </h3> <p>This one is very common.</p> <p>A local <code>replace</code> like this can break everyone else’s build:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">replace</span> <span class="n">github</span><span class="o">.</span><span class="n">com</span><span class="o">/</span><span class="n">mycompany</span><span class="o">/</span><span class="n">shared</span><span class="o">-</span><span class="n">lib</span> <span class="o">=&gt;</span> <span class="o">../</span><span class="n">shared</span><span class="o">-</span><span class="n">lib</span> </code></pre> </div> <p>Use <code>go work</code> for local multi-module development when possible.</p> <h2> Final Thoughts </h2> <p>Go Modules are not just a dependency tool. They are part of how Go projects stay clean, buildable, and maintainable.</p> <p>For me, the main lesson is this:</p> <blockquote> <p>Keep the module simple, keep dependencies intentional, and let the project structure grow only when the project really needs it.</p> </blockquote> <p>Start with <code>go mod init</code>.</p> <p>Use <code>go mod tidy</code> as a habit.</p> <p>Understand when <code>vendor/</code> is useful.</p> <p>Use <code>internal/</code> to protect your application code.</p> <p>Tag releases properly when you publish packages.</p> <p>These small habits make a big difference when your Go project moves from a local experiment to a production service used by real users.</p> <p>Happy coding.</p> go backend opensource amir Tue, 26 May 2026 18:39:04 +0000 https://dev.to/amirsefati/mastering-context-in-go-a-senior-engineers-playbook-for-lifecycle-management-147c https://dev.to/amirsefati/mastering-context-in-go-a-senior-engineers-playbook-for-lifecycle-management-147c <p>When you are architecting backend systems, distributed architectures, and microservices, one of the biggest challenges is not just making your code run fast.</p> <p>It is knowing exactly <strong>when to stop it</strong>.</p> <p>Throughout my years working with backend systems and Go’s concurrency model, I have seen how ignoring a seemingly simple concept can slowly create serious production problems: goroutine leaks, wasted CPU cycles, exhausted memory, hanging requests, and services that become harder to reason about under load.</p> <p>In Go, the <code>context</code> package is not just an annoying extra parameter we are forced to pass around.</p> <p>It is the lifecycle control system of a request.</p> <p>In this article, I want to skip the boring textbook definition and look at <code>context</code> from a practical engineering perspective:</p> <blockquote> <p>When does <code>context</code> save your system, and when can it become an architectural trap?</p> </blockquote> <h2> Why Context Exists: Beyond a Simple Timeout </h2> <p>In a distributed architecture, a single incoming HTTP request might trigger a cascade of operations:</p> <ul> <li>an authentication check</li> <li>a database query</li> <li>a Redis lookup</li> <li>a call to another internal service</li> <li>a gRPC request</li> <li>a message published to a queue</li> <li>a third-party API call</li> </ul> <p>Now imagine the client closes the browser tab, the mobile app loses network connection, or the upstream service cancels the request.</p> <p>Should your backend continue doing all that work?</p> <p>Usually, no.</p> <p>Continuing heavy work for a response nobody is waiting for is just burning CPU, memory, database connections, and network bandwidth.</p> <p>This is where <code>context</code> becomes important.</p> <p>We pass <code>context</code> down the call stack to support <strong>cancellation propagation</strong>. It allows the whole request tree to receive the same signal:</p> <blockquote> <p>This work is no longer needed. Stop as soon as possible.</p> </blockquote> <p>That one idea becomes extremely powerful in real-world backend systems.</p> <h2> The Mental Model: Context Is a Request Lifecycle Signal </h2> <p>A good way to think about <code>context.Context</code> is this:</p> <blockquote> <p>Context is not business data. Context is a lifecycle signal.</p> </blockquote> <p>It can tell your code:</p> <ul> <li>the request was cancelled</li> <li>the deadline expired</li> <li>the timeout was reached</li> <li>the caller does not need the result anymore</li> <li>some request-scoped metadata is available</li> </ul> <p>But it should not become a hidden container for everything your function needs.</p> <p>That distinction is where many Go codebases either stay clean or slowly become painful to maintain.</p> <h2> Battle-Tested Patterns: Coding Like a Senior </h2> <h3> 1. Bulletproofing Against Goroutine Leaks </h3> <p>One common mistake I have seen in Go services is starting a goroutine without thinking about what happens if the parent request is cancelled.</p> <p>Look at this simplified example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">FetchData</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">Data</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">ch</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Data</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> <span class="n">errCh</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="kt">error</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="c">// Imagine this is a heavy I/O operation or a slow DB query.</span> <span class="n">data</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">expensiveDatabaseCall</span><span class="p">(</span><span class="n">id</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">errCh</span> <span class="o">&lt;-</span> <span class="n">err</span> <span class="k">return</span> <span class="p">}</span> <span class="n">ch</span> <span class="o">&lt;-</span> <span class="n">data</span> <span class="p">}()</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">ctx</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="c">// If the client aborts or a timeout occurs,</span> <span class="c">// the caller can return immediately.</span> <span class="k">return</span> <span class="n">Data</span><span class="p">{},</span> <span class="n">ctx</span><span class="o">.</span><span class="n">Err</span><span class="p">()</span> <span class="k">case</span> <span class="n">err</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">errCh</span><span class="o">:</span> <span class="k">return</span> <span class="n">Data</span><span class="p">{},</span> <span class="n">err</span> <span class="k">case</span> <span class="n">result</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">ch</span><span class="o">:</span> <span class="k">return</span> <span class="n">result</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The important detail here is this line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">ch</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">Data</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> </code></pre> </div> <p>The channel is buffered with capacity <code>1</code>.</p> <p>Why does this matter?</p> <p>Because if <code>ctx.Done()</code> is triggered and <code>FetchData</code> returns early, the internal goroutine might still finish later and try to send the result into the channel.</p> <p>If the channel is unbuffered, that goroutine may block forever because nobody is receiving anymore.</p> <p>That is a classic goroutine leak.</p> <p>The buffer gives the goroutine enough room to send the result, finish execution, and be garbage collected.</p> <p>This is one of those small details that does not look important in a tutorial, but it matters a lot in production systems.</p> <h2> 2. Prefer Context-Aware APIs </h2> <p>The previous example is useful to understand the pattern, but in real code, you should prefer APIs that already accept <code>context.Context</code>.</p> <p>For example, database calls should usually look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">FindUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">db</span> <span class="o">*</span><span class="n">sql</span><span class="o">.</span><span class="n">DB</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">int64</span><span class="p">)</span> <span class="p">(</span><span class="o">*</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">{</span> <span class="n">row</span> <span class="o">:=</span> <span class="n">db</span><span class="o">.</span><span class="n">QueryRowContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="s">` SELECT id, name, email FROM users WHERE id = $1 `</span><span class="p">,</span> <span class="n">userID</span><span class="p">)</span> <span class="k">var</span> <span class="n">user</span> <span class="n">User</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">row</span><span class="o">.</span><span class="n">Scan</span><span class="p">(</span><span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">user</span><span class="o">.</span><span class="n">Email</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="no">nil</span><span class="p">,</span> <span class="n">err</span> <span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span><span class="p">,</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>This is better than wrapping a blocking database call inside your own goroutine.</p> <p>Why?</p> <p>Because <code>QueryRowContext</code> gives the database driver a chance to stop the work when the context is cancelled or the deadline expires.</p> <p>That means cancellation is not just happening in your Go code. It can also propagate to the I/O layer.</p> <p>That is what you want.</p> <h2> 3. Timeout Everything That Talks to the Outside World </h2> <p>Any operation that depends on the outside world can hang longer than expected:</p> <ul> <li>database queries</li> <li>HTTP calls</li> <li>gRPC calls</li> <li>Redis commands</li> <li>file storage requests</li> <li>third-party APIs</li> </ul> <p>A senior mindset is simple:</p> <blockquote> <p>If it crosses a process or network boundary, it needs a timeout.</p> </blockquote> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">CallPaymentService</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">client</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Client</span><span class="p">,</span> <span class="n">url</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="m">2</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="n">req</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">http</span><span class="o">.</span><span class="n">NewRequestWithContext</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">http</span><span class="o">.</span><span class="n">MethodGet</span><span class="p">,</span> <span class="n">url</span><span class="p">,</span> <span class="no">nil</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="n">resp</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">client</span><span class="o">.</span><span class="n">Do</span><span class="p">(</span><span class="n">req</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">resp</span><span class="o">.</span><span class="n">Body</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="k">if</span> <span class="n">resp</span><span class="o">.</span><span class="n">StatusCode</span> <span class="o">&gt;=</span> <span class="m">500</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"payment service returned status: %d"</span><span class="p">,</span> <span class="n">resp</span><span class="o">.</span><span class="n">StatusCode</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>This gives the operation a clear budget.</p> <p>Without timeouts, a slow downstream dependency can slowly consume your worker pool, database pool, or goroutines until the whole service becomes unstable.</p> <h2> 4. Always Call Cancel </h2> <p>When you create a context with <code>WithCancel</code>, <code>WithTimeout</code>, or <code>WithDeadline</code>, always call the returned <code>cancel</code> function.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">parentCtx</span><span class="p">,</span> <span class="m">3</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> </code></pre> </div> <p>Even if the timeout will eventually expire, calling <code>cancel()</code> releases resources associated with that context earlier.</p> <p>This is especially important in hot paths where functions are called many times per second.</p> <p>A missing <code>cancel()</code> may not break your service immediately, but it can create unnecessary resource pressure over time.</p> <h2> The Dark Side of <code>context.WithValue</code> </h2> <p>One of the features of <code>context</code> is the ability to carry values across the request lifecycle.</p> <p>This is useful, but it is also one of the easiest ways to make a Go codebase messy.</p> <p>The golden rule is:</p> <blockquote> <p>Use <code>context.Value</code> only for request-scoped data.</p> </blockquote> <p>Good examples:</p> <ul> <li>request ID</li> <li>trace ID</li> <li>user ID parsed from a JWT</li> <li>tenant ID</li> <li>client IP</li> <li>correlation ID</li> </ul> <p>Bad examples:</p> <ul> <li>database connections</li> <li>loggers as hidden dependencies</li> <li>configuration objects</li> <li>service clients</li> <li>repositories</li> <li>feature flag clients</li> </ul> <p>Do not use <code>context</code> as a dependency injection container.</p> <p>When dependencies are hidden inside context, your function signature lies. The function looks simple, but it secretly depends on multiple things. That hurts readability, testing, and type safety.</p> <h2> Safe Context Values with Custom Key Types </h2> <p>Another mistake is using raw strings as context keys.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">ctx</span> <span class="o">=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithValue</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="s">"userID"</span><span class="p">,</span> <span class="n">userID</span><span class="p">)</span> </code></pre> </div> <p>This can cause collisions between packages.</p> <p>A safer pattern is to define an unexported custom type:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">contextKey</span> <span class="kt">string</span> <span class="k">const</span> <span class="n">userIDKey</span> <span class="n">contextKey</span> <span class="o">=</span> <span class="s">"userID"</span> <span class="k">func</span> <span class="n">WithUserID</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">)</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span> <span class="p">{</span> <span class="k">return</span> <span class="n">context</span><span class="o">.</span><span class="n">WithValue</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">userIDKey</span><span class="p">,</span> <span class="n">userID</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">GetUserID</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">(</span><span class="kt">string</span><span class="p">,</span> <span class="kt">bool</span><span class="p">)</span> <span class="p">{</span> <span class="n">userID</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="n">ctx</span><span class="o">.</span><span class="n">Value</span><span class="p">(</span><span class="n">userIDKey</span><span class="p">)</span><span class="o">.</span><span class="p">(</span><span class="kt">string</span><span class="p">)</span> <span class="k">return</span> <span class="n">userID</span><span class="p">,</span> <span class="n">ok</span> <span class="p">}</span> </code></pre> </div> <p>This keeps the usage safer and prevents accidental key collisions with other packages.</p> <p>For larger systems, I usually prefer wrapping this inside a small internal package so the rest of the codebase does not directly touch raw context keys.</p> <h2> Context in HTTP Handlers </h2> <p>In HTTP services, the incoming request already has a context.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">GetUserHandler</span><span class="p">(</span><span class="n">db</span> <span class="o">*</span><span class="n">sql</span><span class="o">.</span><span class="n">DB</span><span class="p">)</span> <span class="n">http</span><span class="o">.</span><span class="n">HandlerFunc</span> <span class="p">{</span> <span class="k">return</span> <span class="k">func</span><span class="p">(</span><span class="n">w</span> <span class="n">http</span><span class="o">.</span><span class="n">ResponseWriter</span><span class="p">,</span> <span class="n">r</span> <span class="o">*</span><span class="n">http</span><span class="o">.</span><span class="n">Request</span><span class="p">)</span> <span class="p">{</span> <span class="n">ctx</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Context</span><span class="p">()</span> <span class="n">user</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">FindUser</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">db</span><span class="p">,</span> <span class="m">123</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">http</span><span class="o">.</span><span class="n">Error</span><span class="p">(</span><span class="n">w</span><span class="p">,</span> <span class="n">err</span><span class="o">.</span><span class="n">Error</span><span class="p">(),</span> <span class="n">http</span><span class="o">.</span><span class="n">StatusInternalServerError</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="n">_</span> <span class="o">=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewEncoder</span><span class="p">(</span><span class="n">w</span><span class="p">)</span><span class="o">.</span><span class="n">Encode</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The important part is this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">ctx</span> <span class="o">:=</span> <span class="n">r</span><span class="o">.</span><span class="n">Context</span><span class="p">()</span> </code></pre> </div> <p>If the client disconnects, the request context can be cancelled, and downstream operations that respect context can stop earlier.</p> <p>That is why passing <code>context.Background()</code> inside handlers is usually wrong.</p> <p>This is bad:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">user</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">FindUser</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="n">db</span><span class="p">,</span> <span class="m">123</span><span class="p">)</span> </code></pre> </div> <p>Why?</p> <p>Because you just detached the database query from the request lifecycle.</p> <p>The client may be gone, but your backend keeps working.</p> <h2> Background Jobs Are Different </h2> <p>Not everything should use the request context.</p> <p>Sometimes you intentionally want work to continue after the request ends.</p> <p>For example:</p> <ul> <li>writing audit logs</li> <li>publishing analytics events</li> <li>sending async notifications</li> <li>queueing background jobs</li> </ul> <p>In those cases, using the request context may be wrong because the work would be cancelled as soon as the request ends.</p> <p>But this does not mean you should ignore context completely.</p> <p>It means you should create a new, intentional context with its own timeout:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">PublishAuditEvent</span><span class="p">(</span><span class="n">producer</span> <span class="n">EventProducer</span><span class="p">,</span> <span class="n">event</span> <span class="n">AuditEvent</span><span class="p">)</span> <span class="p">{</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">(),</span> <span class="m">5</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="n">_</span> <span class="o">=</span> <span class="n">producer</span><span class="o">.</span><span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The key idea is intentionality.</p> <p>Do not accidentally detach work from the request.<br> Do not accidentally bind background work to a request that may disappear.</p> <p>Choose the lifecycle explicitly.</p> <h2> The Trade-Offs: A Realistic View </h2> <p>No tool in software engineering is perfect. <code>context</code> solves real problems, but it also brings trade-offs.</p> <h3> Pros </h3> <p><strong>Standardization</strong></p> <p><code>context</code> is the common language of lifecycle management in Go. It is used across packages like <code>net/http</code>, <code>database/sql</code>, gRPC, cloud SDKs, and many third-party libraries.</p> <p><strong>Lifecycle control</strong></p> <p>With <code>context.WithTimeout</code>, <code>context.WithDeadline</code>, and <code>context.WithCancel</code>, you can build services that do not hang forever.</p> <p><strong>Cancellation propagation</strong></p> <p>One cancellation signal can flow through multiple layers of your system.</p> <p><strong>Observability support</strong></p> <p>Request IDs, trace IDs, and correlation IDs become much easier to propagate across service boundaries.</p> <h3> Cons </h3> <p><strong>Viral nature</strong></p> <p>Once you add <code>context</code> to a low-level function, you often need to pass it through every function above it.</p> <p>This can feel noisy, but in backend systems, that noise is usually worth the explicit lifecycle control.</p> <p><strong>Weak type safety for values</strong></p> <p><code>ctx.Value()</code> returns <code>any</code>, so incorrect type assertions can cause bugs or panics.</p> <p>That is why context values should be used carefully and kept small.</p> <p><strong>Easy to misuse</strong></p> <p>The biggest danger is treating context as a magic bag for dependencies.</p> <p>That creates hidden coupling and makes the code harder to understand.</p> <h2> My Code Review Checklist for Context </h2> <p>When I review Go code, these are my non-negotiable rules around <code>context</code>.</p> <h3> 1. Context Must Be the First Argument </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">DoSomething</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">userID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> </code></pre> </div> <p>This is the standard Go convention.</p> <p>Do not hide it in the middle of the argument list.</p> <h3> 2. Do Not Store Context in a Struct </h3> <p>Avoid this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Service</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span> <span class="p">}</span> </code></pre> </div> <p>Contexts should flow through function calls. They should not usually live inside structs.</p> <p>A struct normally represents a longer-lived object. A context usually represents a specific operation or request lifecycle.</p> <p>Mixing those lifetimes creates confusion.</p> <h3> 3. Never Pass Nil Context </h3> <p>This is bad:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">DoSomething</span><span class="p">(</span><span class="no">nil</span><span class="p">,</span> <span class="s">"123"</span><span class="p">)</span> </code></pre> </div> <p>If you are not sure what context to use yet, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">context</span><span class="o">.</span><span class="n">TODO</span><span class="p">()</span> </code></pre> </div> <p>If you are starting a root-level process, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">context</span><span class="o">.</span><span class="n">Background</span><span class="p">()</span> </code></pre> </div> <p><code>TODO()</code> is also useful because it makes unfinished context decisions searchable during refactoring.</p> <h3> 4. Always Defer Cancel Immediately </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">parentCtx</span><span class="p">,</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> </code></pre> </div> <p>Do this immediately after creating the context.</p> <p>It prevents forgetting it later when the function grows.</p> <h3> 5. Do Not Ignore <code>ctx.Err()</code> </h3> <p>When a context is cancelled, <code>ctx.Err()</code> tells you why.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">ctx</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="k">return</span> <span class="n">ctx</span><span class="o">.</span><span class="n">Err</span><span class="p">()</span> <span class="k">default</span><span class="o">:</span> <span class="p">}</span> </code></pre> </div> <p>The error is usually one of:</p> <ul> <li><code>context.Canceled</code></li> <li><code>context.DeadlineExceeded</code></li> </ul> <p>This distinction is useful for logging, metrics, and debugging.</p> <p>A timeout means the operation exceeded its budget.<br> A cancellation may simply mean the client disconnected or the caller stopped needing the result.</p> <p>Those are not always the same kind of failure.</p> <h2> A Practical Rule I Use </h2> <p>Here is the simple rule I use in production systems:</p> <blockquote> <p>Pass context for cancellation, deadlines, and request-scoped metadata. Do not pass it for business data or dependencies.</p> </blockquote> <p>That one sentence prevents many bad patterns.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Good</span> <span class="k">func</span> <span class="n">CreateOrder</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">order</span> <span class="n">Order</span><span class="p">)</span> <span class="kt">error</span> <span class="c">// Suspicious</span> <span class="k">func</span> <span class="n">CreateOrder</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> </code></pre> </div> <p>In the second version, I immediately wonder:</p> <p>Where is the order coming from?<br> Is it hidden inside context?<br> Is this function depending on invisible data?</p> <p>That is usually a design smell.</p> <h2> Final Thoughts </h2> <p>Mastering <code>context</code> means mastering your application’s control flow.</p> <p>In real backend systems, where servers handle thousands of concurrent requests and distributed services introduce unpredictable latency, using <code>context</code> correctly can be the difference between a resilient service and a 3 AM pager alert for an out-of-memory crash.</p> <p>For me, <code>context</code> is not just a Go package.</p> <p>It is a discipline.</p> <p>It forces you to think clearly about lifecycle, ownership, cancellation, timeouts, and the cost of work that no one needs anymore.</p> <p>Used correctly, it makes your systems more predictable.</p> <p>Used carelessly, it hides dependencies and creates architectural confusion.</p> <p>That is why I treat <code>context</code> as one of the most important tools in production Go programming.</p> <p>If you have worked with Go in production, I would love to hear your own experience with context, cancellation, and goroutine leaks.</p> go backend microservices amir Mon, 25 May 2026 12:34:33 +0000 https://dev.to/amirsefati/memory-under-the-hood-why-go-often-feels-faster-than-python-3pb3 https://dev.to/amirsefati/memory-under-the-hood-why-go-often-feels-faster-than-python-3pb3 <p>After years of building backend systems, working with data pipelines, debugging production issues, and watching servers behave differently under load, I learned one lesson the hard way:</p> <blockquote> <p>Performance problems rarely start from syntax.<br><br> They usually start from how we think about memory.</p> </blockquote> <p>When I was earlier in my career, I used to compare languages mostly by developer experience. Python felt clean, expressive, and fast to write. Go felt simple, strict, and very practical for backend services. But once I started dealing with large files, high-throughput APIs, queues, workers, containers, and memory pressure in production, I realized that the real difference is not just language design.</p> <p>The real difference is what happens under the hood.</p> <p>Why can a small Python script suddenly consume a huge amount of RAM?</p> <p>Why can the same type of data processing in Go run with much lower memory usage?</p> <p>Why does iterating over a slice of structs in Go usually feel much cheaper than iterating over a list of Python objects?</p> <p>And why does reading a 10GB file incorrectly destroy both languages, even if one of them is “faster”?</p> <p>This article is my practical breakdown of memory layout, allocation, garbage collection, cache locality, and large-file processing in Go and Python. I am not writing this as a language war. I use both languages. Python is still one of my favorite tools for automation, scripting, data work, and fast iteration.</p> <p>But when you are building backend systems where memory, latency, and throughput matter, understanding these details can change how you write code.</p> <h2> The First Misunderstanding: Dynamic Array Is Not Linked List </h2> <p>One mistake I have seen many developers make is assuming that dynamic collections are somehow linked lists internally.</p> <p>They are not.</p> <p>A Python <code>list</code> is not a linked list.</p> <p>A Go <code>slice</code> is not a linked list.</p> <p>Both are built around the idea of a dynamic array, although their internal models are very different.</p> <p>In Python, a list is basically a resizable array of references. The list itself stores pointers to objects. Those objects live somewhere else in memory.</p> <p>In Go, a slice is a small header that points to an underlying array. That header contains three important pieces of information:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">SliceHeader</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Data</span> <span class="kt">uintptr</span> <span class="n">Len</span> <span class="kt">int</span> <span class="n">Cap</span> <span class="kt">int</span> <span class="p">}</span> </code></pre> </div> <p>Conceptually, a Go slice contains:</p> <ul> <li>a pointer to the underlying array</li> <li>the current length</li> <li>the current capacity</li> </ul> <p>If you really need a linked list in Go, there is <code>container/list</code>, or you can implement your own node-based structure. But for most backend workloads, linked lists are not as useful as people think. They often hurt cache locality and add pointer chasing overhead.</p> <p>That is an important point: Big-O complexity is not the whole story.</p> <p>In real production systems, CPU cache behavior matters a lot.</p> <h2> Python Lists: Simple API, Expensive Objects </h2> <p>Python gives us a very clean programming model:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">numbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">4</span><span class="p">,</span> <span class="mi">5</span><span class="p">]</span> <span class="k">for</span> <span class="n">n</span> <span class="ow">in</span> <span class="n">numbers</span><span class="p">:</span> <span class="nf">print</span><span class="p">(</span><span class="n">n</span><span class="p">)</span> </code></pre> </div> <p>It looks like a list of integers.</p> <p>But internally, it is not a compact array of raw integers like you might expect in C or Go.</p> <p>A Python list stores references to Python objects. Each integer is a full Python object with metadata, reference count information, type information, and value storage.</p> <p>So when you write:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">numbers</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">]</span> </code></pre> </div> <p>You should not imagine this as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[1][2][3] </code></pre> </div> <p>It is closer to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>list ├── pointer ──&gt; PyObject(1) ├── pointer ──&gt; PyObject(2) └── pointer ──&gt; PyObject(3) </code></pre> </div> <p>This design gives Python a lot of flexibility. A single list can contain integers, strings, dictionaries, custom classes, and even functions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">items</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="sh">"</span><span class="s">hello</span><span class="sh">"</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">active</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">},</span> <span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span> <span class="o">*</span> <span class="mi">2</span><span class="p">]</span> </code></pre> </div> <p>That flexibility is powerful, but it has a cost.</p> <p>Every item access can involve pointer dereferencing. The CPU may need to jump to different memory locations. This causes more cache misses, and cache misses are expensive.</p> <p>Modern CPUs are extremely fast when they can read predictable, contiguous memory. They are much slower when they constantly chase pointers across the heap.</p> <p>This is one reason why pure Python loops over large collections can be slow compared to Go, C, Rust, or even NumPy-based Python code.</p> <p>NumPy is fast not because Python magically became faster, but because NumPy stores data in compact native arrays and runs optimized native code.</p> <h2> Go Slices: Contiguous Memory and Better Cache Locality </h2> <p>Now compare that with Go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">numbers</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">int</span><span class="p">{</span><span class="m">1</span><span class="p">,</span> <span class="m">2</span><span class="p">,</span> <span class="m">3</span><span class="p">,</span> <span class="m">4</span><span class="p">,</span> <span class="m">5</span><span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">n</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">numbers</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">n</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>A slice of integers in Go points to an underlying array of integers stored contiguously in memory.</p> <p>Conceptually:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[1][2][3][4][5] </code></pre> </div> <p>That is much friendlier for the CPU.</p> <p>The CPU can load a cache line and read multiple nearby values efficiently. This is called cache locality, and it is one of those low-level concepts that directly affects high-level backend performance.</p> <p>This becomes even more interesting with structs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">User</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">int64</span> <span class="n">Active</span> <span class="kt">bool</span> <span class="n">Score</span> <span class="kt">float64</span> <span class="p">}</span> <span class="n">users</span> <span class="o">:=</span> <span class="p">[]</span><span class="n">User</span><span class="p">{</span> <span class="p">{</span><span class="n">ID</span><span class="o">:</span> <span class="m">1</span><span class="p">,</span> <span class="n">Active</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">Score</span><span class="o">:</span> <span class="m">91.2</span><span class="p">},</span> <span class="p">{</span><span class="n">ID</span><span class="o">:</span> <span class="m">2</span><span class="p">,</span> <span class="n">Active</span><span class="o">:</span> <span class="no">false</span><span class="p">,</span> <span class="n">Score</span><span class="o">:</span> <span class="m">72.5</span><span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p>In this case, the actual <code>User</code> values are stored in the underlying array.</p> <p>But if you write:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">users</span> <span class="o">:=</span> <span class="p">[]</span><span class="o">*</span><span class="n">User</span><span class="p">{</span> <span class="o">&amp;</span><span class="n">User</span><span class="p">{</span><span class="n">ID</span><span class="o">:</span> <span class="m">1</span><span class="p">,</span> <span class="n">Active</span><span class="o">:</span> <span class="no">true</span><span class="p">,</span> <span class="n">Score</span><span class="o">:</span> <span class="m">91.2</span><span class="p">},</span> <span class="o">&amp;</span><span class="n">User</span><span class="p">{</span><span class="n">ID</span><span class="o">:</span> <span class="m">2</span><span class="p">,</span> <span class="n">Active</span><span class="o">:</span> <span class="no">false</span><span class="p">,</span> <span class="n">Score</span><span class="o">:</span> <span class="m">72.5</span><span class="p">},</span> <span class="p">}</span> </code></pre> </div> <p>Now you have a slice of pointers. This can be useful when you need shared mutable objects or want to avoid copying large structs, but it also means more pointer chasing.</p> <p>This is why I try to be intentional with this decision.</p> <p>A slice of values:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="p">[]</span><span class="n">User</span> </code></pre> </div> <p>is not the same performance model as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="p">[]</span><span class="o">*</span><span class="n">User</span> </code></pre> </div> <p>Both are valid. But they are not the same.</p> <p>In production systems, these small decisions start to matter when you process hundreds of thousands or millions of records.</p> <h2> Value Semantics vs Reference Semantics </h2> <p>Another major difference between Go and Python is how they treat values.</p> <p>Python is reference-oriented. Variables are names bound to objects.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">a</span> <span class="o">=</span> <span class="p">[</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">]</span> <span class="n">b</span> <span class="o">=</span> <span class="n">a</span> <span class="n">b</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="mi">4</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="c1"># [1, 2, 3, 4] </span></code></pre> </div> <p>Both <code>a</code> and <code>b</code> refer to the same list object.</p> <p>Go has stronger value semantics by default.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">a</span> <span class="o">:=</span> <span class="p">[</span><span class="m">3</span><span class="p">]</span><span class="kt">int</span><span class="p">{</span><span class="m">1</span><span class="p">,</span> <span class="m">2</span><span class="p">,</span> <span class="m">3</span><span class="p">}</span> <span class="n">b</span> <span class="o">:=</span> <span class="n">a</span> <span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="o">=</span> <span class="m">99</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="c">// [1 2 3]</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">b</span><span class="p">)</span> <span class="c">// [99 2 3]</span> </code></pre> </div> <p>The array is copied.</p> <p>But slices are different:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">a</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">int</span><span class="p">{</span><span class="m">1</span><span class="p">,</span> <span class="m">2</span><span class="p">,</span> <span class="m">3</span><span class="p">}</span> <span class="n">b</span> <span class="o">:=</span> <span class="n">a</span> <span class="n">b</span><span class="p">[</span><span class="m">0</span><span class="p">]</span> <span class="o">=</span> <span class="m">99</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">a</span><span class="p">)</span> <span class="c">// [99 2 3]</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">b</span><span class="p">)</span> <span class="c">// [99 2 3]</span> </code></pre> </div> <p>Why?</p> <p>Because the slice header is copied, but both slice headers still point to the same underlying array.</p> <p>This is one of the most important things every Go developer should deeply understand.</p> <p>A slice is not the array itself. It is a descriptor over an array.</p> <p>That is why bugs can happen when you pass slices around and mutate them without thinking about who else shares the same underlying array.</p> <h2> Allocation: The Hidden Cost Behind Simple Code </h2> <p>Allocation is one of the biggest silent performance costs in backend systems.</p> <p>When code allocates too much memory, the garbage collector has more work to do. More GC work means more CPU overhead and sometimes more latency.</p> <p>In Go, when a slice grows beyond its capacity, Go allocates a new underlying array and copies the existing elements into it.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">items</span> <span class="o">:=</span> <span class="p">[]</span><span class="kt">int</span><span class="p">{}</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="m">1</span><span class="n">_000_000</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">items</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">items</span><span class="p">,</span> <span class="n">i</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This works, but the slice may grow multiple times.</p> <p>A better version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">items</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">int</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="m">1</span><span class="n">_000_000</span><span class="p">)</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="m">1</span><span class="n">_000_000</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">items</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">items</span><span class="p">,</span> <span class="n">i</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now Go knows the expected capacity from the beginning.</p> <p>This does not mean you should always preallocate everything. But when you know the approximate size, preallocation is one of the simplest performance wins.</p> <p>The same idea exists in many systems:</p> <ul> <li>preallocate buffers</li> <li>reuse memory when safe</li> <li>avoid unnecessary temporary objects</li> <li>avoid converting <code>[]byte</code> to <code>string</code> too early</li> <li>avoid building huge in-memory arrays when streaming is enough</li> </ul> <p>Performance engineering is often not about writing complicated code.</p> <p>It is about not forcing the runtime to clean up avoidable garbage.</p> <h2> Python Allocation and Object Overhead </h2> <p>Python has its own memory manager. For small objects, CPython uses specialized allocation strategies to make object creation faster.</p> <p>But Python still pays the cost of object-heavy design.</p> <p>A Python integer is not just a raw machine integer. A Python string is an object. A Python dict is very flexible, but it is not cheap. A Python class instance has overhead too, unless you optimize with tools like <code>__slots__</code> or use more compact structures.</p> <p>This is why Python can be very fast when the heavy work is pushed into optimized native libraries, but slower when the workload is pure Python object processing.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">total</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">huge_list</span><span class="p">:</span> <span class="n">total</span> <span class="o">+=</span> <span class="n">item</span> </code></pre> </div> <p>If <code>huge_list</code> is a normal Python list of Python integers, every iteration involves Python-level object handling.</p> <p>But with NumPy:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">numpy</span> <span class="k">as</span> <span class="n">np</span> <span class="n">arr</span> <span class="o">=</span> <span class="n">np</span><span class="p">.</span><span class="nf">array</span><span class="p">(</span><span class="n">huge_list</span><span class="p">)</span> <span class="n">total</span> <span class="o">=</span> <span class="n">arr</span><span class="p">.</span><span class="nf">sum</span><span class="p">()</span> </code></pre> </div> <p>The expensive loop is moved into optimized native code.</p> <p>This is not just a library trick. It is a memory-layout trick.</p> <p>Compact memory layout changes everything.</p> <h2> Garbage Collection: Python vs Go </h2> <p>Garbage collection is another area where the difference matters.</p> <p>Python, specifically CPython, mainly uses reference counting. Every object tracks how many references point to it. When the reference count reaches zero, the object can be freed immediately.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">a</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">b</span> <span class="o">=</span> <span class="n">a</span> <span class="k">del</span> <span class="n">a</span> <span class="k">del</span> <span class="n">b</span> </code></pre> </div> <p>After both references are gone, the list can be cleaned up.</p> <p>But reference counting alone cannot handle reference cycles.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">a</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">b</span> <span class="o">=</span> <span class="p">{}</span> <span class="n">a</span><span class="p">[</span><span class="sh">"</span><span class="s">b</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">b</span> <span class="n">b</span><span class="p">[</span><span class="sh">"</span><span class="s">a</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">a</span> </code></pre> </div> <p>Now <code>a</code> references <code>b</code>, and <code>b</code> references <code>a</code>.</p> <p>Even if nothing else references them, their reference counts may not reach zero naturally. That is why Python also has a cyclic garbage collector.</p> <p>Go uses a concurrent mark-and-sweep garbage collector.</p> <p>At a high level, Go's GC finds reachable objects, marks them as live, and then frees unreachable memory. It is designed to keep pause times low and run concurrently with the application as much as possible.</p> <p>This is one of the reasons Go works well for backend services. You can build long-running APIs, workers, and network services with predictable latency when you write allocation-conscious code.</p> <p>But Go's GC is not magic.</p> <p>If your code allocates too much, creates too many temporary objects, or keeps references alive longer than needed, the GC still has to work harder.</p> <p>In Go, good performance often comes from writing boring code:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">buf</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">64</span><span class="o">*</span><span class="m">1024</span><span class="p">)</span> </code></pre> </div> <p>Reuse buffers when appropriate.</p> <p>Avoid unnecessary conversions.</p> <p>Keep data structures simple.</p> <p>Do not create object graphs when arrays or slices are enough.</p> <h2> The 10GB File Problem </h2> <p>One of the most common backend mistakes is reading a large file into memory.</p> <p>In Python:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">large.log</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">r</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">data</span> <span class="o">=</span> <span class="n">f</span><span class="p">.</span><span class="nf">read</span><span class="p">()</span> </code></pre> </div> <p>In Go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">data</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">ReadFile</span><span class="p">(</span><span class="s">"large.log"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This may work for small files.</p> <p>It may work for 100MB.</p> <p>It may even work in development.</p> <p>Then production gets a 10GB file, and the process gets killed by the operating system.</p> <p>The problem is not Python or Go.</p> <p>The problem is the strategy.</p> <p>If the file is large, you should usually stream it.</p> <h2> Streaming Files in Python </h2> <p>Python gives you a very clean way to process files line by line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">large.log</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">r</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="n">f</span><span class="p">:</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> </code></pre> </div> <p>This does not load the whole file into memory.</p> <p>For CSV files:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">csv</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="sh">"</span><span class="s">large.csv</span><span class="sh">"</span><span class="p">,</span> <span class="n">newline</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">reader</span> <span class="o">=</span> <span class="n">csv</span><span class="p">.</span><span class="nf">reader</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">for</span> <span class="n">row</span> <span class="ow">in</span> <span class="n">reader</span><span class="p">:</span> <span class="nf">process</span><span class="p">(</span><span class="n">row</span><span class="p">)</span> </code></pre> </div> <p>For huge CSV files with Pandas:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">pandas</span> <span class="k">as</span> <span class="n">pd</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">pd</span><span class="p">.</span><span class="nf">read_csv</span><span class="p">(</span><span class="sh">"</span><span class="s">large.csv</span><span class="sh">"</span><span class="p">,</span> <span class="n">chunksize</span><span class="o">=</span><span class="mi">100_000</span><span class="p">):</span> <span class="nf">process</span><span class="p">(</span><span class="n">chunk</span><span class="p">)</span> </code></pre> </div> <p>For large JSON files, avoid loading everything with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">json</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> </code></pre> </div> <p>if the file is too big.</p> <p>For stream-style JSON parsing, libraries like <code>ijson</code> can process JSON incrementally.</p> <p>Another powerful pattern in Python is generators:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">read_lines</span><span class="p">(</span><span class="n">path</span><span class="p">):</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="n">path</span><span class="p">,</span> <span class="sh">"</span><span class="s">r</span><span class="sh">"</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="n">f</span><span class="p">:</span> <span class="k">yield</span> <span class="n">line</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="nf">read_lines</span><span class="p">(</span><span class="sh">"</span><span class="s">large.log</span><span class="sh">"</span><span class="p">):</span> <span class="nf">process</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> </code></pre> </div> <p>The benefit is simple: only a small part of the data exists in memory at a time.</p> <h2> Streaming Files in Go </h2> <p>Go is extremely practical for this kind of workload.</p> <p>For line-by-line processing:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"bufio"</span> <span class="s">"fmt"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">file</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="s">"large.log"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">file</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">scanner</span> <span class="o">:=</span> <span class="n">bufio</span><span class="o">.</span><span class="n">NewScanner</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="k">for</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Scan</span><span class="p">()</span> <span class="p">{</span> <span class="n">line</span> <span class="o">:=</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Text</span><span class="p">()</span> <span class="n">process</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Err</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">process</span><span class="p">(</span><span class="n">line</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This is simple and memory efficient.</p> <p>But there is one important detail: <code>bufio.Scanner</code> has a default token size limit. For very long lines, you should increase the buffer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">scanner</span> <span class="o">:=</span> <span class="n">bufio</span><span class="o">.</span><span class="n">NewScanner</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="n">buf</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">1024</span><span class="o">*</span><span class="m">1024</span><span class="p">)</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Buffer</span><span class="p">(</span><span class="n">buf</span><span class="p">,</span> <span class="m">10</span><span class="o">*</span><span class="m">1024</span><span class="o">*</span><span class="m">1024</span><span class="p">)</span> </code></pre> </div> <p>For more control, I often prefer <code>bufio.Reader</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">reader</span> <span class="o">:=</span> <span class="n">bufio</span><span class="o">.</span><span class="n">NewReaderSize</span><span class="p">(</span><span class="n">file</span><span class="p">,</span> <span class="m">64</span><span class="o">*</span><span class="m">1024</span><span class="p">)</span> <span class="k">for</span> <span class="p">{</span> <span class="n">line</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">reader</span><span class="o">.</span><span class="n">ReadString</span><span class="p">(</span><span class="sc">'\n'</span><span class="p">)</span> <span class="k">if</span> <span class="nb">len</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="o">&gt;</span> <span class="m">0</span> <span class="p">{</span> <span class="n">process</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">break</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>For JSON streaming, avoid reading the full file and unmarshalling everything:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">items</span> <span class="p">[]</span><span class="n">Item</span> <span class="n">json</span><span class="o">.</span><span class="n">Unmarshal</span><span class="p">(</span><span class="n">data</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">items</span><span class="p">)</span> </code></pre> </div> <p>For large files, use a decoder:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">decoder</span> <span class="o">:=</span> <span class="n">json</span><span class="o">.</span><span class="n">NewDecoder</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="k">for</span> <span class="n">decoder</span><span class="o">.</span><span class="n">More</span><span class="p">()</span> <span class="p">{</span> <span class="k">var</span> <span class="n">item</span> <span class="n">Item</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">decoder</span><span class="o">.</span><span class="n">Decode</span><span class="p">(</span><span class="o">&amp;</span><span class="n">item</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">process</span><span class="p">(</span><span class="n">item</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Depending on the JSON structure, you may need to manually read tokens using <code>Token()</code>.</p> <p>The main point is this:</p> <blockquote> <p>Do not make memory responsible for holding data that can be streamed.</p> </blockquote> <h2> Why Go Can Be Much Faster in File Processing </h2> <p>In one of my own experiments, I processed and filtered a large CSV log file using both Python and Go.</p> <p>The Python version used a generator and <code>csv.reader</code>.</p> <p>The Go version used buffered I/O and goroutines for parallel processing.</p> <p>The difference was significant.</p> <p>Python was clean and memory efficient, but slower because every row and cell still became Python-level objects. Go was faster because I could process bytes more directly, reduce allocations, and use multiple CPU cores more naturally.</p> <p>The exact numbers always depend on the machine, disk, file format, parsing logic, and implementation. But the pattern is very common:</p> <ul> <li>Python is excellent for developer speed.</li> <li>Go is excellent for predictable resource usage and backend throughput.</li> <li>Python becomes much faster when heavy work is moved into native libraries.</li> <li>Go performs very well when memory layout and allocations are controlled.</li> </ul> <p>This is not about saying one language is always better.</p> <p>It is about knowing where each language shines.</p> <h2> A Practical Go Pattern: Worker Pool for Large Files </h2> <p>When processing huge files, I usually avoid creating one goroutine per line. That sounds concurrent, but it can destroy memory and scheduling performance.</p> <p>Instead, I prefer a bounded worker pool.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"bufio"</span> <span class="s">"log"</span> <span class="s">"os"</span> <span class="s">"sync"</span> <span class="p">)</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">file</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">os</span><span class="o">.</span><span class="n">Open</span><span class="p">(</span><span class="s">"large.log"</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">defer</span> <span class="n">file</span><span class="o">.</span><span class="n">Close</span><span class="p">()</span> <span class="n">lines</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="kt">string</span><span class="p">,</span> <span class="m">10</span><span class="n">_000</span><span class="p">)</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="n">workerCount</span> <span class="o">:=</span> <span class="m">8</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">workerCount</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="k">for</span> <span class="n">line</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">lines</span> <span class="p">{</span> <span class="n">process</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="p">}</span> <span class="p">}()</span> <span class="p">}</span> <span class="n">scanner</span> <span class="o">:=</span> <span class="n">bufio</span><span class="o">.</span><span class="n">NewScanner</span><span class="p">(</span><span class="n">file</span><span class="p">)</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Buffer</span><span class="p">(</span><span class="nb">make</span><span class="p">([]</span><span class="kt">byte</span><span class="p">,</span> <span class="m">1024</span><span class="o">*</span><span class="m">1024</span><span class="p">),</span> <span class="m">10</span><span class="o">*</span><span class="m">1024</span><span class="o">*</span><span class="m">1024</span><span class="p">)</span> <span class="k">for</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Scan</span><span class="p">()</span> <span class="p">{</span> <span class="n">lines</span> <span class="o">&lt;-</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Text</span><span class="p">()</span> <span class="p">}</span> <span class="nb">close</span><span class="p">(</span><span class="n">lines</span><span class="p">)</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Err</span><span class="p">();</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Fatal</span><span class="p">(</span><span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="n">process</span><span class="p">(</span><span class="n">line</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="c">// parse, filter, transform, send to DB, etc.</span> <span class="p">}</span> </code></pre> </div> <p>The important part is this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">lines</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="kt">string</span><span class="p">,</span> <span class="m">10</span><span class="n">_000</span><span class="p">)</span> </code></pre> </div> <p>The channel is bounded.</p> <p>That means the reader cannot infinitely push data into memory. If workers are slower than the reader, backpressure naturally happens.</p> <p>This is one of the most important backend engineering concepts:</p> <blockquote> <p>Fast producers must not be allowed to destroy slow consumers.</p> </blockquote> <p>Whether you are reading files, consuming Kafka messages, processing HTTP requests, or sending jobs to workers, you need backpressure.</p> <h2> Avoiding Unnecessary String Allocation in Go </h2> <p>One hidden cost in Go file processing is converting bytes to strings too early.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">line</span> <span class="o">:=</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Text</span><span class="p">()</span> </code></pre> </div> <p>This returns a string, which may allocate.</p> <p>If you need better performance and can safely process bytes, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">line</span> <span class="o">:=</span> <span class="n">scanner</span><span class="o">.</span><span class="n">Bytes</span><span class="p">()</span> </code></pre> </div> <p>But be careful: the byte slice returned by <code>scanner.Bytes()</code> is only valid until the next scan. If you need to keep it, you must copy it.</p> <p>This is a classic Go tradeoff.</p> <p>You can reduce allocations, but you must understand ownership and lifetime.</p> <p>That is why I always say Go is simple, but not shallow.</p> <h2> Escape Analysis: The Invisible Performance Tool </h2> <p>One of the most powerful Go concepts is escape analysis.</p> <p>Go decides whether a variable can stay on the stack or must move to the heap.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">createUser</span><span class="p">()</span> <span class="o">*</span><span class="n">User</span> <span class="p">{</span> <span class="n">user</span> <span class="o">:=</span> <span class="n">User</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"Amir"</span><span class="p">}</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">user</span> <span class="p">}</span> </code></pre> </div> <p>Here, <code>user</code> escapes because we return its address. It cannot live only on the stack.</p> <p>You can inspect escape decisions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go build <span class="nt">-gcflags</span><span class="o">=</span><span class="s2">"-m"</span> ./... </code></pre> </div> <p>You may see output like:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>user escapes to heap </code></pre> </div> <p>This does not automatically mean the code is bad. Sometimes heap allocation is necessary.</p> <p>But when you are optimizing hot paths, escape analysis helps you understand why your GC pressure is high.</p> <p>In backend systems, this matters in places like:</p> <ul> <li>request parsing</li> <li>JSON encoding/decoding</li> <li>logging</li> <li>metrics</li> <li>queue consumers</li> <li>data transformation pipelines</li> <li>tight loops</li> <li>large batch processing</li> </ul> <p>If a function runs millions of times, a small allocation becomes a production problem.</p> <h2> Memory Is Not Just a Language Problem </h2> <p>A senior engineer should not only ask:</p> <blockquote> <p>Which language is faster?</p> </blockquote> <p>A better question is:</p> <blockquote> <p>What memory model does this workload need?</p> </blockquote> <p>For example:</p> <p>If I am building an internal script, Python is probably perfect.</p> <p>If I am writing data analysis code, Python with Pandas, Polars, DuckDB, or NumPy can be excellent.</p> <p>If I am building a high-throughput API service with predictable latency, Go is often a strong choice.</p> <p>If I am processing huge files and need simple deployment, Go gives me a very practical balance.</p> <p>If I am building machine learning workflows, Python still has the ecosystem advantage.</p> <p>The language is only one layer.</p> <p>The real engineering decision is about workload, memory behavior, concurrency model, ecosystem, deployment, and operational cost.</p> <h2> Practical Rules I Use in Production </h2> <p>Here are some rules I personally follow when working with memory-heavy backend systems.</p> <h3> 1. Never load a huge file fully unless you really need to </h3> <p>Stream it.</p> <p>Line by line.</p> <p>Chunk by chunk.</p> <p>Token by token.</p> <h3> 2. Preallocate when you know the size </h3> <p>In Go:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">items</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="n">Item</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="n">expectedSize</span><span class="p">)</span> </code></pre> </div> <p>This can reduce allocations and copying.</p> <h3> 3. Be careful with slices sharing the same underlying array </h3> <p>This can create subtle bugs and unexpected memory retention.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">small</span> <span class="o">:=</span> <span class="n">big</span><span class="p">[</span><span class="o">:</span><span class="m">10</span><span class="p">]</span> </code></pre> </div> <p>If <code>big</code> is huge, <code>small</code> may keep the whole underlying array alive.</p> <p>If you only need the small part, copy it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">smallCopy</span> <span class="o">:=</span> <span class="nb">append</span><span class="p">([]</span><span class="kt">byte</span><span class="p">(</span><span class="no">nil</span><span class="p">),</span> <span class="n">big</span><span class="p">[</span><span class="o">:</span><span class="m">10</span><span class="p">]</span><span class="o">...</span><span class="p">)</span> </code></pre> </div> <h3> 4. Avoid unnecessary pointer-heavy structures </h3> <p>A slice of pointers is not always better.</p> <p>Sometimes a slice of values is faster and simpler.</p> <h3> 5. Measure before and after optimization </h3> <p>Use tools:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">test</span> <span class="nt">-bench</span><span class="o">=</span><span class="nb">.</span> <span class="nt">-benchmem</span> go tool pprof </code></pre> </div> <p>For Python:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>python <span class="nt">-m</span> cProfile app.py </code></pre> </div> <p>Also check memory profiling tools when memory matters.</p> <h3> 6. Design with backpressure </h3> <p>Bound your queues.</p> <p>Limit your workers.</p> <p>Do not let fast input destroy your service.</p> <h3> 7. Optimize hot paths, not everything </h3> <p>Readable code still matters.</p> <p>Do not turn the whole codebase into a low-level memory puzzle.</p> <p>Find the hot path, measure it, then optimize it.</p> <h2> Final Thoughts </h2> <p>The deeper I go into backend engineering, the more I respect memory.</p> <p>Not because every developer needs to become a systems programmer, but because every production system eventually becomes a resource management problem.</p> <p>CPU is limited.</p> <p>Memory is limited.</p> <p>Disk I/O is limited.</p> <p>Network bandwidth is limited.</p> <p>The job of a backend engineer is not just writing business logic. It is building software that behaves well under pressure.</p> <p>Python gives us speed of development and a massive ecosystem.</p> <p>Go gives us simplicity, strong concurrency, predictable deployment, and great performance for many backend workloads.</p> <p>Both are useful.</p> <p>But if you want to build scalable backend systems, process large files, reduce memory pressure, and understand why your service behaves the way it does, you need to look under the hood.</p> <p>My personal rule is simple:</p> <blockquote> <p>Write clean code first.<br><br> Understand memory second.<br><br> Measure everything.<br><br> Then optimize only what matters.</p> </blockquote> <p>That mindset has helped me more than any single framework, library, or language feature.</p> <h2> Discussion </h2> <p>Have you ever had a service crash because it loaded too much data into memory?</p> <p>Or have you used Go escape analysis, pprof, or Python profiling tools to debug a real production issue?</p> <p>I would love to hear your experience.</p> go python performance backend amir Sun, 24 May 2026 17:15:55 +0000 https://dev.to/amirsefati/the-silent-killers-of-go-concurrency-mutexes-semaphores-and-goroutine-leaks-177i https://dev.to/amirsefati/the-silent-killers-of-go-concurrency-mutexes-semaphores-and-goroutine-leaks-177i <p>Go makes concurrency look simple.</p> <p>You write:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="c">// do something concurrently</span> <span class="p">}()</span> </code></pre> </div> <p>And suddenly your code is running in another goroutine.</p> <p>That simplicity is one of the reasons I like Go so much. But after working on backend systems, notification pipelines, high-traffic APIs, and production services under real load, I learned something important:</p> <blockquote> <p>Most concurrency problems in Go do not come from not using concurrency.<br><br> They come from using concurrency without understanding where the bottleneck actually is.</p> </blockquote> <p>Sometimes the issue is a missing lock.</p> <p>But very often, especially in production Go services, the issue is the opposite:</p> <ul> <li>too much locking</li> <li>locks held for too long</li> <li>network I/O inside critical sections</li> <li>goroutines that never exit</li> <li>unbounded goroutine creation</li> <li>WaitGroups copied by value</li> <li>channels used without a cancellation strategy</li> </ul> <p>In this article, I want to walk through the concurrency problems I have seen in real systems, how I reason about mutexes and semaphores, and how I usually debug these issues before they become production incidents.</p> <h2> The Real Problem: Concurrency That Accidentally Becomes Sequential </h2> <p>A service can look concurrent from the outside and still behave like a single-threaded application internally.</p> <p>This usually happens when a large part of the request flow is hidden behind one shared lock.</p> <p>A pattern like this is more common than many developers admit:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="n">user</span><span class="o">.</span><span class="n">Name</span> <span class="o">=</span> <span class="s">"Test User"</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">callDatabase</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> </code></pre> </div> <p>At first glance, it may look safe.</p> <p>The developer wanted to protect shared state. That part is reasonable. But the lock is now protecting much more than shared memory. It is protecting the entire flow:</p> <ol> <li>update a field</li> <li>send an email</li> <li>call the database</li> <li>maybe wait on network I/O</li> <li>maybe retry</li> <li>maybe block other goroutines for a long time</li> </ol> <p>That is not just a mutex anymore.</p> <p>That is a traffic jam.</p> <p>Every goroutine that needs the same lock must wait until the whole flow finishes. So even if your service has hundreds or thousands of goroutines, a big part of the system becomes sequential.</p> <p>The dangerous part is that CPU usage may still look normal or even low. Memory may also look fine. But latency increases, throughput drops, and p95/p99 response times become unstable.</p> <p>This is why lock contention is sometimes difficult to notice from basic infrastructure metrics alone.</p> <h2> A Production-Style Example: Email Inside a Mutex </h2> <p>Imagine we have a service that updates user state and sends notifications.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Service</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">mu</span> <span class="n">sync</span><span class="o">.</span><span class="n">Mutex</span> <span class="n">state</span> <span class="k">map</span><span class="p">[</span><span class="kt">int</span><span class="p">]</span><span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Service</span><span class="p">)</span> <span class="n">ProcessUsers</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">User</span><span class="p">)</span> <span class="p">{</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">defer</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="n">s</span><span class="o">.</span><span class="n">state</span><span class="p">[</span><span class="n">user</span><span class="o">.</span><span class="n">ID</span><span class="p">]</span> <span class="o">=</span> <span class="s">"processed"</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="c">// slow network I/O inside the lock</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This code is safe from a data race perspective.</p> <p>But it is dangerous from a performance perspective.</p> <p>A mutex should protect the smallest possible shared memory operation. It should not protect slow external work like:</p> <ul> <li>sending email</li> <li>calling another microservice</li> <li>database queries</li> <li>HTTP requests</li> <li>file uploads</li> <li>logging to a slow external sink</li> <li>waiting on a third-party API</li> </ul> <p>The memory update may take nanoseconds or microseconds. The email call may take milliseconds or seconds.</p> <p>That difference matters.</p> <p>If the lock is held while <code>sendEmail</code> runs, every other goroutine that needs <code>s.mu</code> is blocked behind a network call.</p> <p>A better version separates shared-state mutation from slow work:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Service</span><span class="p">)</span> <span class="n">ProcessUsers</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">User</span><span class="p">)</span> <span class="p">{</span> <span class="n">emails</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="n">User</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">users</span><span class="p">))</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="n">s</span><span class="o">.</span><span class="n">state</span><span class="p">[</span><span class="n">user</span><span class="o">.</span><span class="n">ID</span><span class="p">]</span> <span class="o">=</span> <span class="s">"processed"</span> <span class="n">emails</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">emails</span><span class="p">,</span> <span class="n">user</span><span class="p">)</span> <span class="p">}</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">emails</span> <span class="p">{</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This is already better because the lock only protects the shared map.</p> <p>But in a real production system, I usually prefer pushing the slow work to a queue or bounded worker pool:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">Service</span><span class="p">)</span> <span class="n">ProcessUsers</span><span class="p">(</span><span class="n">users</span> <span class="p">[]</span><span class="n">User</span><span class="p">,</span> <span class="n">jobs</span> <span class="k">chan</span><span class="o">&lt;-</span> <span class="n">EmailJob</span><span class="p">)</span> <span class="p">{</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="n">s</span><span class="o">.</span><span class="n">state</span><span class="p">[</span><span class="n">user</span><span class="o">.</span><span class="n">ID</span><span class="p">]</span> <span class="o">=</span> <span class="s">"processed"</span> <span class="p">}</span> <span class="n">s</span><span class="o">.</span><span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="n">jobs</span> <span class="o">&lt;-</span> <span class="n">EmailJob</span><span class="p">{</span><span class="n">UserID</span><span class="o">:</span> <span class="n">user</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">Email</span><span class="o">:</span> <span class="n">user</span><span class="o">.</span><span class="n">Email</span><span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now the request path does not directly depend on the email provider latency.</p> <p>That is the real fix.</p> <p>Not just “use goroutines.”</p> <p>The fix is designing the boundary between shared memory, external I/O, and backpressure.</p> <h2> Mutexes Are Not Bad. Large Critical Sections Are Bad. </h2> <p>I sometimes see developers become afraid of mutexes.</p> <p>That is the wrong lesson.</p> <p><code>sync.Mutex</code> is simple, fast, and perfectly fine when used correctly. The problem is not the mutex. The problem is the size of the critical section.</p> <p>This is what I try to keep in mind:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="c">// only touch shared memory here</span> <span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> </code></pre> </div> <p>Not this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> <span class="c">// shared memory</span> <span class="c">// database call</span> <span class="c">// HTTP call</span> <span class="c">// email call</span> <span class="c">// JSON encoding</span> <span class="c">// logging</span> <span class="c">// metrics push</span> <span class="n">mu</span><span class="o">.</span><span class="n">Unlock</span><span class="p">()</span> </code></pre> </div> <p>A good critical section should be boring.</p> <p>It should usually do one of these:</p> <ul> <li>read shared state</li> <li>update shared state</li> <li>copy shared state into a local variable</li> <li>swap a pointer</li> <li>increment a counter</li> <li>append to a protected slice/map</li> </ul> <p>Then unlock.</p> <p>After that, do the expensive work outside the lock.</p> <h2> Under the Hood: What a Mutex Gives You </h2> <p>At a high level, a mutex gives you mutual exclusion: only one goroutine can enter a protected section at a time.</p> <p>But it also gives you memory ordering guarantees.</p> <p>In Go's memory model, an unlock operation synchronizes before a later lock operation on the same mutex. In practical terms, that means if one goroutine updates shared data and unlocks, another goroutine that later locks the same mutex can safely observe that update.</p> <p>That is the part many developers forget.</p> <p>A mutex is not just about “blocking other goroutines.” It is also about creating a safe visibility boundary between goroutines.</p> <p>Without that boundary, different goroutines may read and write the same memory at the same time, and now you have a data race. Once you have a data race, your program is no longer something you can reason about confidently.</p> <p>This is why I do not like “clever” lock-free code unless there is a very strong reason for it.</p> <p>Most backend services do not need clever concurrency.</p> <p>They need clear concurrency.</p> <h2> Semaphore: Controlling Capacity, Not Ownership </h2> <p>A mutex is usually about ownership of shared memory.</p> <p>A semaphore is about capacity.</p> <p>For example, suppose you want to process 10,000 users, but you do not want to send 10,000 emails at the same time.</p> <p>A naive version might do this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="k">go</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This is dangerous because it creates unbounded concurrency.</p> <p>If <code>users</code> has 10,000 items, you create 10,000 goroutines. If each goroutine performs network I/O, opens connections, allocates memory, and waits on an external provider, you can overload your own service before you overload the email provider.</p> <p>A simple semaphore pattern fixes this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">sem</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="k">struct</span><span class="p">{},</span> <span class="m">20</span><span class="p">)</span> <span class="c">// allow only 20 concurrent email sends</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="n">user</span> <span class="o">:=</span> <span class="n">user</span> <span class="n">sem</span> <span class="o">&lt;-</span> <span class="k">struct</span><span class="p">{}{}</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="k">defer</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="o">&lt;-</span><span class="n">sem</span> <span class="p">}()</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="p">}()</span> <span class="p">}</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> </code></pre> </div> <p>Now the code still uses concurrency, but concurrency is bounded.</p> <p>That one detail is huge in production.</p> <p>Unbounded concurrency is not scalability.</p> <p>It is delayed failure.</p> <h2> A Better Worker Pool for Production Code </h2> <p>The semaphore pattern is useful, but for services that run continuously, I often prefer a worker pool.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">EmailJob</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">UserID</span> <span class="kt">int</span> <span class="n">Email</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="n">startEmailWorkers</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">workerCount</span> <span class="kt">int</span><span class="p">,</span> <span class="n">jobs</span> <span class="o">&lt;-</span><span class="k">chan</span> <span class="n">EmailJob</span><span class="p">)</span> <span class="p">{</span> <span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">workerCount</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">(</span><span class="n">workerID</span> <span class="kt">int</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="k">for</span> <span class="p">{</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">ctx</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="k">return</span> <span class="k">case</span> <span class="n">job</span><span class="p">,</span> <span class="n">ok</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">jobs</span><span class="o">:</span> <span class="k">if</span> <span class="o">!</span><span class="n">ok</span> <span class="p">{</span> <span class="k">return</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">sendEmailJob</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">job</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="c">// In real systems: log, retry, dead-letter, or expose metrics.</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"worker=%d failed to send email user_id=%d err=%v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">workerID</span><span class="p">,</span> <span class="n">job</span><span class="o">.</span><span class="n">UserID</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}(</span><span class="n">i</span><span class="p">)</span> <span class="p">}</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> <span class="p">}()</span> <span class="p">}</span> </code></pre> </div> <p>This gives you much better operational control:</p> <ul> <li>fixed concurrency</li> <li>easier metrics</li> <li>easier shutdown</li> <li>easier retry strategy</li> <li>easier backpressure</li> <li>easier rate limiting</li> </ul> <p>This is the difference between “I used goroutines” and “I designed a concurrent system.”</p> <h2> Goroutine Leak: The Bug That Does Not Explode Immediately </h2> <p>Goroutine leaks are one of the most common production problems in Go.</p> <p>They are dangerous because the service may not crash immediately. It may slowly become worse over hours or days.</p> <p>Here is a classic example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">process</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ch</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">result</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">ch</span> <span class="o">&lt;-</span> <span class="n">heavyComputation</span><span class="p">()</span> <span class="p">}()</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="n">res</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">ch</span><span class="o">:</span> <span class="k">return</span> <span class="n">handle</span><span class="p">(</span><span class="n">res</span><span class="p">)</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">time</span><span class="o">.</span><span class="n">After</span><span class="p">(</span><span class="m">1</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span><span class="o">:</span> <span class="k">return</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"timeout"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The problem is subtle.</p> <p><code>ch</code> is unbuffered.</p> <p>If the timeout happens first, <code>process</code> returns. After that, there is no receiver waiting on <code>ch</code>.</p> <p>When <code>heavyComputation()</code> finishes, the goroutine tries to send into <code>ch</code> and blocks forever.</p> <p>That goroutine is now leaked.</p> <p>One leaked goroutine may not matter.</p> <p>Thousands of leaked goroutines matter.</p> <p>A safer version uses a buffered channel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">process</span><span class="p">()</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ch</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">result</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">ch</span> <span class="o">&lt;-</span> <span class="n">heavyComputation</span><span class="p">()</span> <span class="p">}()</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="n">res</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">ch</span><span class="o">:</span> <span class="k">return</span> <span class="n">handle</span><span class="p">(</span><span class="n">res</span><span class="p">)</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">time</span><span class="o">.</span><span class="n">After</span><span class="p">(</span><span class="m">1</span> <span class="o">*</span> <span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span><span class="o">:</span> <span class="k">return</span> <span class="n">errors</span><span class="o">.</span><span class="n">New</span><span class="p">(</span><span class="s">"timeout"</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>This prevents the goroutine from blocking on send after the timeout.</p> <p>But in real services, I prefer context-based cancellation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">process</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">ctx</span><span class="p">,</span> <span class="n">cancel</span> <span class="o">:=</span> <span class="n">context</span><span class="o">.</span><span class="n">WithTimeout</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="m">1</span><span class="o">*</span><span class="n">time</span><span class="o">.</span><span class="n">Second</span><span class="p">)</span> <span class="k">defer</span> <span class="n">cancel</span><span class="p">()</span> <span class="n">ch</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">(</span><span class="k">chan</span> <span class="n">result</span><span class="p">,</span> <span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">res</span> <span class="o">:=</span> <span class="n">heavyComputation</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="n">ch</span> <span class="o">&lt;-</span> <span class="n">res</span><span class="o">:</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">ctx</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="p">}</span> <span class="p">}()</span> <span class="k">select</span> <span class="p">{</span> <span class="k">case</span> <span class="n">res</span> <span class="o">:=</span> <span class="o">&lt;-</span><span class="n">ch</span><span class="o">:</span> <span class="k">return</span> <span class="n">handle</span><span class="p">(</span><span class="n">res</span><span class="p">)</span> <span class="k">case</span> <span class="o">&lt;-</span><span class="n">ctx</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span><span class="o">:</span> <span class="k">return</span> <span class="n">ctx</span><span class="o">.</span><span class="n">Err</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The important lesson:</p> <blockquote> <p>Every goroutine needs an exit path.</p> </blockquote> <p>If you cannot explain how a goroutine stops, you probably have a leak waiting to happen.</p> <h2> WaitGroup by Value: A Small Mistake With a Big Impact </h2> <p>This mistake is very easy to miss in code review:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">worker</span><span class="p">(</span><span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span><span class="p">)</span> <span class="p">{</span> <span class="c">// wrong: copied by value</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="c">// do work</span> <span class="p">}</span> </code></pre> </div> <p><code>sync.WaitGroup</code> must not be copied after first use.</p> <p>When you pass it by value, you copy its internal state. The worker calls <code>Done()</code> on the copy, not on the original WaitGroup that the main goroutine is waiting on.</p> <p>That can cause a deadlock.</p> <p>Correct version:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">worker</span><span class="p">(</span><span class="n">wg</span> <span class="o">*</span><span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span><span class="p">)</span> <span class="p">{</span> <span class="k">defer</span> <span class="n">wg</span><span class="o">.</span><span class="n">Done</span><span class="p">()</span> <span class="c">// do work</span> <span class="p">}</span> </code></pre> </div> <p>And usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">wg</span> <span class="n">sync</span><span class="o">.</span><span class="n">WaitGroup</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="m">10</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span> <span class="p">{</span> <span class="n">wg</span><span class="o">.</span><span class="n">Add</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> <span class="k">go</span> <span class="n">worker</span><span class="p">(</span><span class="o">&amp;</span><span class="n">wg</span><span class="p">)</span> <span class="p">}</span> <span class="n">wg</span><span class="o">.</span><span class="n">Wait</span><span class="p">()</span> </code></pre> </div> <p>This rule also applies to other synchronization primitives like <code>sync.Mutex</code>.</p> <p>Do not copy them after first use.</p> <h2> The Loop Variable Trap </h2> <p>This used to be one of the most famous Go concurrency bugs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="p">}()</span> <span class="p">}</span> </code></pre> </div> <p>Depending on the Go version and context, capturing loop variables incorrectly could lead to goroutines using the wrong value.</p> <p>The defensive pattern is still simple and clear:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">user</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">users</span> <span class="p">{</span> <span class="n">user</span> <span class="o">:=</span> <span class="n">user</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">sendEmail</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="p">}()</span> <span class="p">}</span> </code></pre> </div> <p>Even with improvements in newer Go versions, I still like this style in production code because it makes the ownership of the variable obvious to the reader.</p> <p>Readable concurrency is maintainable concurrency.</p> <h2> How I Debug Lock Contention in Go </h2> <p>When I suspect a concurrency bottleneck, I do not start by guessing.</p> <p>I start by measuring.</p> <h3> 1. Enable pprof </h3> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">import</span> <span class="n">_</span> <span class="s">"net/http/pprof"</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="k">go</span> <span class="k">func</span><span class="p">()</span> <span class="p">{</span> <span class="n">log</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">http</span><span class="o">.</span><span class="n">ListenAndServe</span><span class="p">(</span><span class="s">"localhost:6060"</span><span class="p">,</span> <span class="no">nil</span><span class="p">))</span> <span class="p">}()</span> <span class="c">// start application</span> <span class="p">}</span> </code></pre> </div> <p>Then collect profiles:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go tool pprof http://localhost:6060/debug/pprof/profile?seconds<span class="o">=</span>30 </code></pre> </div> <p>For mutex contention, enable mutex profiling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">runtime</span><span class="o">.</span><span class="n">SetMutexProfileFraction</span><span class="p">(</span><span class="m">1</span><span class="p">)</span> </code></pre> </div> <p>Then inspect:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go tool pprof http://localhost:6060/debug/pprof/mutex </code></pre> </div> <h3> 2. Check goroutine count </h3> <p>A rising goroutine count is often a signal of blocked goroutines or leaks.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"goroutines:"</span><span class="p">,</span> <span class="n">runtime</span><span class="o">.</span><span class="n">NumGoroutine</span><span class="p">())</span> </code></pre> </div> <p>For production, expose it as a metric:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">prometheus</span><span class="o">.</span><span class="n">NewGaugeFunc</span><span class="p">(</span> <span class="n">prometheus</span><span class="o">.</span><span class="n">GaugeOpts</span><span class="p">{</span> <span class="n">Name</span><span class="o">:</span> <span class="s">"go_goroutines_current"</span><span class="p">,</span> <span class="n">Help</span><span class="o">:</span> <span class="s">"Current number of goroutines."</span><span class="p">,</span> <span class="p">},</span> <span class="k">func</span><span class="p">()</span> <span class="kt">float64</span> <span class="p">{</span> <span class="k">return</span> <span class="kt">float64</span><span class="p">(</span><span class="n">runtime</span><span class="o">.</span><span class="n">NumGoroutine</span><span class="p">())</span> <span class="p">},</span> <span class="p">)</span> </code></pre> </div> <h3> 3. Dump goroutine stacks </h3> <p>When the service is stuck, goroutine dumps are gold.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl http://localhost:6060/debug/pprof/goroutine?debug<span class="o">=</span>2 </code></pre> </div> <p>Look for many goroutines blocked on the same line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>sync.(*Mutex).Lock chan send chan receive net/http.(*Transport).RoundTrip </code></pre> </div> <p>If 5,000 goroutines are blocked on the same lock or channel, you found your bottleneck.</p> <h3> 4. Use the race detector in tests </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>go <span class="nb">test</span> <span class="nt">-race</span> ./... </code></pre> </div> <p>The race detector is not free, and you usually do not run it in production, but it is extremely useful in CI and local debugging.</p> <h2> My Practical Rules for Production Go Concurrency </h2> <p>These are the rules I try to follow when writing or reviewing concurrent Go code:</p> <h3> 1. Keep locks small </h3> <p>Lock only the data that needs protection.</p> <p>Do not lock the whole request lifecycle.</p> <h3> 2. Never put slow I/O inside a mutex </h3> <p>Avoid database calls, HTTP calls, email sending, file uploads, and third-party API calls inside critical sections.</p> <h3> 3. Bound concurrency </h3> <p>Do not create unlimited goroutines.</p> <p>Use worker pools, semaphores, queues, or rate limiters.</p> <h3> 4. Every goroutine needs a shutdown path </h3> <p>Use <code>context.Context</code>, channel close, or explicit cancellation.</p> <h3> 5. Do not copy synchronization primitives </h3> <p>Pass <code>*sync.WaitGroup</code>, <code>*sync.Mutex</code>, and similar primitives by pointer when sharing them.</p> <h3> 6. Measure before optimizing </h3> <p>Use <code>pprof</code>, runtime metrics, traces, logs, and goroutine dumps.</p> <p>Guessing is not debugging.</p> <h3> 7. Prefer boring concurrency </h3> <p>The best concurrent code is usually not clever.</p> <p>It is clear, measurable, and easy to shut down.</p> <h2> Final Thoughts </h2> <p>Go gives us powerful concurrency tools, but it does not automatically give us good concurrent design.</p> <p>A goroutine is cheap, but it is not free.</p> <p>A mutex is fast, but it can destroy throughput if you hold it around slow work.</p> <p>A channel is elegant, but it can leak goroutines if nobody is receiving.</p> <p>A WaitGroup is simple, but copying it can break your entire flow.</p> <p>For me, senior Go engineering is not about using every concurrency primitive. It is about knowing when not to use them, where the real boundary is, and how the system behaves under load.</p> <p>The next time you write this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">mu</span><span class="o">.</span><span class="n">Lock</span><span class="p">()</span> </code></pre> </div> <p>Ask one question before moving on:</p> <blockquote> <p>What exactly am I protecting, and how fast can I release this lock?</p> </blockquote> <p>That one question can save your service from a silent production bottleneck.</p> <h2> References </h2> <ul> <li>Go Memory Model: <a href="https://go.dev/ref/mem" rel="noopener noreferrer">https://go.dev/ref/mem</a> </li> <li>Go <code>sync</code> package documentation: <a href="https://pkg.go.dev/sync" rel="noopener noreferrer">https://pkg.go.dev/sync</a> </li> <li>Go diagnostics and profiling tools: <a href="https://go.dev/doc/diagnostics" rel="noopener noreferrer">https://go.dev/doc/diagnostics</a> </li> <li>Go blog: Go scheduler and runtime notes: <a href="https://go.dev/blog/" rel="noopener noreferrer">https://go.dev/blog/</a> </li> </ul> go backend concurrency performance amir Sat, 23 May 2026 14:22:13 +0000 https://dev.to/amirsefati/beyond-the-hype-my-production-playbook-for-docker-swarm-54d8 https://dev.to/amirsefati/beyond-the-hype-my-production-playbook-for-docker-swarm-54d8 <p>Every time container orchestration comes up, the conversation almost immediately turns into Kubernetes.</p> <p>And I understand why.</p> <p>Kubernetes is powerful. It has a huge ecosystem, strong abstractions, custom resources, operators, service meshes, admission controllers, and almost unlimited extensibility. For large organizations running complex multi-tenant platforms, Kubernetes often makes sense.</p> <p>But after years of working with Linux infrastructure, backend systems, private and public cloud environments, CI/CD pipelines, monitoring stacks, and production deployments, I learned something that is easy to forget:</p> <blockquote> <p>The best infrastructure is not always the most powerful one. It is the one your team can operate safely under pressure.</p> </blockquote> <p>This is where Docker Swarm still deserves respect.</p> <p>I do not see Docker Swarm as a toy, a legacy fallback, or something only suitable for small demos. I see it as a pragmatic orchestration layer for teams that want production-grade container deployment without turning the orchestrator itself into the main project.</p> <p>In this article, I want to share how I think about Docker Swarm from a senior engineering perspective: not as a beginner tutorial, but as a practical playbook for architecture, security, deployment, monitoring, and real production trade-offs.</p> <p>No <code>hello-world</code> examples.<br> No hype.<br> Just the things that matter when systems are running at 3 AM and someone has to debug them.</p> <h2> Why I Still Take Docker Swarm Seriously </h2> <p>The biggest advantage of Docker Swarm is not that it has more features than Kubernetes.</p> <p>It does not.</p> <p>The advantage is that it gives you enough orchestration with much less operational complexity.</p> <p>If your team already understands Docker and <code>docker-compose</code>, Swarm feels natural. You can move from a single-machine Compose setup to a multi-node cluster without completely changing the mental model.</p> <p>That matters.</p> <p>In production, cognitive load is a real cost. Every abstraction you introduce must be learned, documented, monitored, upgraded, secured, and debugged. A more powerful platform can easily become a liability if the team cannot operate it confidently.</p> <p>For many real-world backend systems, the requirements are very clear:</p> <ul> <li>run multiple replicas of an API</li> <li>deploy without downtime</li> <li>rollback automatically when something fails</li> <li>isolate internal services from public traffic</li> <li>keep secrets out of images and environment files</li> <li>monitor node and container health</li> <li>scale horizontally when needed</li> <li>keep the architecture understandable</li> </ul> <p>Docker Swarm can handle these requirements well.</p> <p>The important point is this: Swarm is not a replacement for Kubernetes in every scenario. But it can be the better engineering choice when simplicity, speed, and operational clarity matter more than infinite extensibility.</p> <h2> Docker Swarm vs Kubernetes: My Practical Comparison </h2> <p>I do not like religious technology debates. Most tools are good or bad depending on the context.</p> <p>So instead of asking, “Which one is better?”, I prefer to ask:</p> <blockquote> <p>What operational cost am I accepting, and what business or technical capability am I getting in return?</p> </blockquote> <p>Here is how I usually compare Docker Swarm and Kubernetes.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Area</th> <th>Docker Swarm</th> <th>Kubernetes</th> </tr> </thead> <tbody> <tr> <td>Operational complexity</td> <td>Low</td> <td>High</td> </tr> <tr> <td>Learning curve</td> <td>Friendly if you know Docker Compose</td> <td>Steep, with many new abstractions</td> </tr> <tr> <td>Control plane</td> <td>Built into Docker Engine</td> <td>Multiple components and etcd</td> </tr> <tr> <td>Service discovery</td> <td>Built-in DNS and VIP</td> <td>Built-in, but with more moving parts</td> </tr> <tr> <td>Networking</td> <td>Overlay networks and routing mesh</td> <td>CNI-based networking</td> </tr> <tr> <td>Extensibility</td> <td>Limited</td> <td>Very high</td> </tr> <tr> <td>Ecosystem</td> <td>Smaller</td> <td>Massive</td> </tr> <tr> <td>Best fit</td> <td>Simple to medium production systems</td> <td>Large platforms and complex orchestration needs</td> </tr> </tbody> </table></div> <p>For example, if you need custom operators, advanced autoscaling, complex RBAC policies, admission controllers, multi-tenant platform engineering, or service mesh integration, Kubernetes is usually the stronger choice.</p> <p>But if your goal is to run backend services, workers, reverse proxies, queues, internal APIs, and scheduled workloads across a small or medium cluster, Swarm may give you a cleaner path with fewer operational surprises.</p> <p>In my experience, many teams do not fail because their orchestrator lacks features. They fail because their infrastructure becomes too complex for the team operating it.</p> <h2> The Mental Model: Managers, Workers, Services, and Tasks </h2> <p>Before talking about production architecture, it is important to understand the Swarm model.</p> <p>A Swarm cluster has two main node roles:</p> <ul> <li> <strong>Manager nodes</strong> maintain cluster state and make scheduling decisions.</li> <li> <strong>Worker nodes</strong> run the actual containers.</li> </ul> <p>In Swarm, you do not usually think in terms of individual containers. You think in terms of <strong>services</strong>.</p> <p>A service defines the desired state:</p> <ul> <li>which image to run</li> <li>how many replicas should exist</li> <li>which networks it should join</li> <li>which secrets it needs</li> <li>which constraints control placement</li> <li>how updates and rollbacks should happen</li> </ul> <p>Swarm then creates <strong>tasks</strong> to satisfy that desired state. A task is basically one running instance of a service.</p> <p>This desired-state model is one of the most important ideas in orchestration. You are no longer manually saying, “Run this container here.” You are saying, “I want five replicas of this service, and I want them to follow these rules.”</p> <p>The orchestrator continuously tries to make reality match that desired state.</p> <p>That sounds simple, but it changes how you design deployments.</p> <h2> Raft, Quorum, and Why Manager Count Matters </h2> <p>Manager nodes in Docker Swarm use the Raft consensus algorithm to maintain cluster state.</p> <p>This is one of the most important production details.</p> <p>Raft needs quorum. In simple terms, the cluster must have a majority of managers available to make decisions.</p> <p>The formula is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>quorum = (number_of_managers / 2) + 1 </code></pre> </div> <p>This leads to one very practical rule:</p> <blockquote> <p>Do not run an even number of manager nodes.</p> </blockquote> <p>If you run two managers and lose one, the cluster cannot maintain quorum. If a network partition happens, you can end up with an unavailable control plane.</p> <p>For most production Swarm clusters, I prefer:</p> <ul> <li> <strong>1 manager</strong> for small non-critical environments</li> <li> <strong>3 managers</strong> for serious production</li> <li> <strong>5 managers</strong> for larger or more resilient setups</li> </ul> <p>I rarely see a good reason to go beyond five managers. More managers increase coordination overhead and do not automatically make your system better.</p> <p>Also, managers should be treated carefully. They are not just “normal servers.” They hold the cluster state. If they are overloaded, unstable, or poorly secured, the whole cluster becomes fragile.</p> <h2> My Rule: Managers Manage, Workers Work </h2> <p>One of the first production mistakes I try to avoid is running application workloads on manager nodes.</p> <p>Yes, Docker Swarm technically allows it.</p> <p>But in a serious environment, I prefer to drain manager nodes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker node update <span class="nt">--availability</span> drain &lt;manager-node-name&gt; </code></pre> </div> <p>This prevents normal application tasks from being scheduled on that manager.</p> <p>Why?</p> <p>Because manager nodes are responsible for orchestration, scheduling, cluster state, and Raft communication. If your application has a traffic spike, a memory leak, noisy logs, or heavy CPU usage, you do not want that to compete with the control plane.</p> <p>A clean separation is easier to reason about:</p> <ul> <li>managers handle cluster decisions</li> <li>workers run application workloads</li> <li>edge nodes handle public traffic when needed</li> <li>monitoring nodes handle metrics and dashboards when possible</li> </ul> <p>This separation may look boring, but boring infrastructure is usually what you want in production.</p> <h2> Networking: The Part You Must Understand Before Production </h2> <p>Docker Swarm networking is powerful, but you need to understand what it is doing.</p> <p>Swarm gives you overlay networks. Services attached to the same overlay network can communicate with each other by service name.</p> <p>For example, your API can connect to Redis using:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>redis:6379 </code></pre> </div> <p>instead of hardcoding an IP address.</p> <p>That is useful because tasks can move between nodes, containers can restart, and IP addresses can change. Service discovery hides that complexity.</p> <p>But there are two important networking concepts you must understand: <strong>VIP mode</strong> and <strong>DNSRR mode</strong>.</p> <h2> VIP Mode and the Routing Mesh </h2> <p>By default, Swarm gives a service a Virtual IP, or VIP.</p> <p>When another service connects to that VIP, Docker uses internal load balancing to route traffic to one of the active tasks.</p> <p>This is convenient. It gives you service-level load balancing without installing an external load balancer for internal traffic.</p> <p>Swarm also has the routing mesh. When you publish a port, traffic can arrive on any node in the cluster and still be routed to a container running somewhere else.</p> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">target</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">published</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">tcp</span> </code></pre> </div> <p>With the routing mesh, a request to port <code>8080</code> on any node can reach the service.</p> <p>This is useful, but it also has trade-offs.</p> <p>The biggest one: preserving the real client IP can become difficult. If you need accurate client IPs for rate limiting, security logs, fraud checks, or WAF rules, you need to be careful.</p> <p>In those cases, I often prefer publishing ports in host mode at the edge:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">target</span><span class="pi">:</span> <span class="m">443</span> <span class="na">published</span><span class="pi">:</span> <span class="m">443</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">host</span> </code></pre> </div> <p>This bypasses the routing mesh for that published port and gives you more predictable network behavior at the cost of less automatic distribution.</p> <p>In production, I usually prefer a clear edge layer using Nginx, Traefik, or HAProxy instead of exposing many services directly through the routing mesh.</p> <h2> DNSRR Mode: When You Want More Control </h2> <p>VIP mode is simple, but sometimes you want the client or an upstream proxy to see all task IPs directly.</p> <p>That is where DNS round-robin mode can help.</p> <p>You can configure endpoint mode like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">deploy</span><span class="pi">:</span> <span class="na">endpoint_mode</span><span class="pi">:</span> <span class="s">dnsrr</span> </code></pre> </div> <p>In this mode, DNS returns multiple task IPs instead of a single VIP.</p> <p>This can be useful when you have an external load balancer, a custom proxy layer, or a system that needs direct awareness of backend instances.</p> <p>But I would not use DNSRR everywhere by default. VIP mode is usually simpler. DNSRR is useful when you have a specific reason for it.</p> <p>That is a general production rule I follow:</p> <blockquote> <p>Do not choose a more advanced mode just because it exists. Choose it when it solves a real operational problem.</p> </blockquote> <h2> Security: Swarm Gives You Good Primitives, But You Must Use Them Correctly </h2> <p>Security in container orchestration is not one feature. It is a posture.</p> <p>Docker Swarm gives you useful security primitives:</p> <ul> <li>mutual TLS between nodes</li> <li>encrypted manager communication</li> <li>overlay networks</li> <li>secrets</li> <li>service constraints</li> <li>least-exposure networking</li> </ul> <p>But these primitives only help if the architecture uses them properly.</p> <p>A weak Swarm setup usually has the same problems I see in many weak Docker setups:</p> <ul> <li>public services attached to internal networks unnecessarily</li> <li>secrets stored in <code>.env</code> files</li> <li>manager nodes running random workloads</li> <li>no resource limits</li> <li>no clear firewall rules</li> <li>too many published ports</li> <li>no monitoring for abnormal behavior</li> <li>no separation between frontend and backend networks</li> </ul> <p>The goal is not to make containers magically secure. The goal is to reduce blast radius.</p> <h2> Use Docker Secrets Instead of Environment Variables </h2> <p>One of the easiest security improvements is to stop passing sensitive values through environment variables.</p> <p>Environment variables are convenient, but they are not ideal for secrets. They can appear in process inspection, debugging output, crash reports, or accidental logs. They can also be exposed through careless use of <code>docker inspect</code> or application error reporting.</p> <p>Docker Secrets are a better default.</p> <p>A secret is mounted inside the container as a file, usually under:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/run/secrets/&lt;secret_name&gt; </code></pre> </div> <p>For example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">api</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">my-registry.example.com/backend-api:1.0.0</span> <span class="na">secrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db_password</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">DB_PASSWORD_FILE=/run/secrets/db_password</span> <span class="na">secrets</span><span class="pi">:</span> <span class="na">db_password</span><span class="pi">:</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>Then your application reads the password from the file path instead of directly from an environment variable.</p> <p>This pattern works especially well for Go, Node.js, Python, and PHP services because it is easy to implement a small helper that reads from <code>*_FILE</code> variables.</p> <p>A simple Node.js example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">fs</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">fs</span><span class="dl">"</span><span class="p">;</span> <span class="kd">function</span> <span class="nf">readSecret</span><span class="p">(</span><span class="nx">path</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">fs</span><span class="p">.</span><span class="nf">readFileSync</span><span class="p">(</span><span class="nx">path</span><span class="p">,</span> <span class="dl">"</span><span class="s2">utf8</span><span class="dl">"</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">dbPassword</span> <span class="o">=</span> <span class="nf">readSecret</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DB_PASSWORD_FILE</span><span class="p">);</span> </code></pre> </div> <p>This is not perfect security, but it is a much cleaner baseline.</p> <h2> Encrypt Overlay Networks When Needed </h2> <p>By default, Docker Swarm encrypts control-plane communication between nodes.</p> <p>But application traffic on overlay networks is not automatically encrypted in every case. If your services communicate across untrusted networks, multiple data centers, or environments where internal traffic should be treated as sensitive, you should consider encrypted overlay networks.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">networks</span><span class="pi">:</span> <span class="na">backend_net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">overlay</span> <span class="na">driver_opts</span><span class="pi">:</span> <span class="na">encrypted</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> </code></pre> </div> <p>This enables IPsec encryption for traffic on that overlay network.</p> <p>There is a performance cost, so I do not enable it blindly for every network in every environment. But for sensitive backend communication, I prefer the overhead over silently passing internal traffic in plain form.</p> <p>The senior-level decision is not “encrypt everything always.”</p> <p>The decision is:</p> <blockquote> <p>Which network paths carry sensitive data, and what is the cost of exposure compared to the cost of encryption?</p> </blockquote> <h2> Network Segmentation: Do Not Put Everything on One Overlay Network </h2> <p>A common mistake is creating one large overlay network and attaching every service to it.</p> <p>That is easy, but it creates unnecessary reachability.</p> <p>I prefer separating networks by trust boundary.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">networks</span><span class="pi">:</span> <span class="na">edge_net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">overlay</span> <span class="na">app_net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">overlay</span> <span class="na">data_net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">overlay</span> <span class="na">driver_opts</span><span class="pi">:</span> <span class="na">encrypted</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> </code></pre> </div> <p>Then services are attached only where needed:</p> <ul> <li>reverse proxy joins <code>edge_net</code> and <code>app_net</code> </li> <li>API joins <code>app_net</code> and <code>data_net</code> </li> <li>database joins only <code>data_net</code> </li> <li>monitoring joins only monitoring-related networks</li> </ul> <p>This is simple, but it makes lateral movement harder and reduces accidental exposure.</p> <p>In production, “can this service reach that service?” should have a deliberate answer.</p> <h2> Resource Limits Are Not Optional </h2> <p>Containers without resource limits are a production risk.</p> <p>A memory leak, CPU-heavy request, bad loop, or unexpected traffic pattern can damage the entire node.</p> <p>In Swarm stacks, I like to define both reservations and limits:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">reservations</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.25"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256M</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.0"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">768M</span> </code></pre> </div> <p>Reservations help the scheduler make better placement decisions.</p> <p>Limits protect the node from a noisy container.</p> <p>You need to tune these numbers based on real metrics, not guesses. But having no limits at all is usually worse than starting with conservative values and adjusting later.</p> <h2> Placement Constraints: Treat Nodes as Different Classes </h2> <p>Not every node should run every workload.</p> <p>In real infrastructure, nodes often have different purposes:</p> <ul> <li>public edge nodes</li> <li>backend worker nodes</li> <li>storage-heavy nodes</li> <li>GPU nodes</li> <li>monitoring nodes</li> <li>nodes in different availability zones</li> </ul> <p>Docker Swarm supports node labels and placement constraints.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker node update <span class="nt">--label-add</span> <span class="nv">zone</span><span class="o">=</span>dmz worker-01 docker node update <span class="nt">--label-add</span> <span class="nv">workload</span><span class="o">=</span>backend worker-02 docker node update <span class="nt">--label-add</span> <span class="nv">storage</span><span class="o">=</span>fast worker-03 </code></pre> </div> <p>Then in your stack:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">deploy</span><span class="pi">:</span> <span class="na">placement</span><span class="pi">:</span> <span class="na">constraints</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node.role == worker</span> <span class="pi">-</span> <span class="s">node.labels.workload == backend</span> </code></pre> </div> <p>This gives you a clean way to express infrastructure intent.</p> <p>For example, I may want:</p> <ul> <li>Nginx or Traefik only on edge nodes</li> <li>APIs only on backend workers</li> <li>databases only on storage nodes</li> <li>internal tools never on public-facing nodes</li> </ul> <p>This is one of those features that looks small but becomes very important as the cluster grows.</p> <h2> Zero-Downtime Deployment Strategy </h2> <p>A production deployment should not be “stop old containers, start new containers, hope everything works.”</p> <p>Swarm gives you rolling update controls.</p> <p>A good baseline looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">deploy</span><span class="pi">:</span> <span class="na">update_config</span><span class="pi">:</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">1</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">order</span><span class="pi">:</span> <span class="s">start-first</span> <span class="na">failure_action</span><span class="pi">:</span> <span class="s">rollback</span> <span class="na">rollback_config</span><span class="pi">:</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">1</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">order</span><span class="pi">:</span> <span class="s">stop-first</span> </code></pre> </div> <p>The most important setting here is often:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">order</span><span class="pi">:</span> <span class="s">start-first</span> </code></pre> </div> <p>This tells Swarm to start the new task before stopping the old one. For APIs and web services, this helps reduce downtime during deployments.</p> <p>But this only works well if your application is ready for it.</p> <p>That means:</p> <ul> <li>the app must start reliably</li> <li>health checks must be meaningful</li> <li>migrations must be backward-compatible</li> <li>old and new versions may run at the same time briefly</li> <li>the service must handle graceful shutdown</li> </ul> <p>The orchestrator can help with deployment, but it cannot fix bad application lifecycle design.</p> <h2> Health Checks: Do Not Fake Them </h2> <p>A weak health check is worse than no health check because it creates false confidence.</p> <p>I do not like health checks that only confirm the process is alive.</p> <p>For example, this is weak:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET /health </code></pre> </div> <p>returning <code>200 OK</code> no matter what.</p> <p>A better health check should answer:</p> <blockquote> <p>Can this instance actually serve traffic?</p> </blockquote> <p>Depending on the service, that may include checking:</p> <ul> <li>HTTP server readiness</li> <li>database connection</li> <li>Redis connection</li> <li>required config loaded</li> <li>dependency availability</li> <li>migration state</li> </ul> <p>But be careful: a health check should not become too expensive. If every health check runs a heavy database query every few seconds, the health check becomes part of the problem.</p> <p>A practical pattern is separating liveness and readiness:</p> <ul> <li> <strong>liveness</strong>: is the process alive?</li> <li> <strong>readiness</strong>: is the service ready to receive traffic?</li> </ul> <p>In many Swarm setups, you implement this at the application and reverse-proxy layer, even if Swarm's health check support is simpler than Kubernetes.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">wget"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-qO-"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">http://localhost:8080/health"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">3s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> <span class="na">start_period</span><span class="pi">:</span> <span class="s">20s</span> </code></pre> </div> <p>The real work is not adding this YAML. The real work is making <code>/health</code> meaningful.</p> <h2> A Production-Ready Stack Example </h2> <p>Here is a practical Swarm stack example with edge routing, backend isolation, secrets, placement constraints, update strategy, and resource controls.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.8"</span> <span class="na">services</span><span class="pi">:</span> <span class="na">reverse_proxy</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.25-alpine</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">target</span><span class="pi">:</span> <span class="m">443</span> <span class="na">published</span><span class="pi">:</span> <span class="m">443</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">tcp</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">host</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">edge_net</span> <span class="pi">-</span> <span class="s">app_net</span> <span class="na">configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">source</span><span class="pi">:</span> <span class="s">nginx_conf</span> <span class="na">target</span><span class="pi">:</span> <span class="s">/etc/nginx/nginx.conf</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">global</span> <span class="na">placement</span><span class="pi">:</span> <span class="na">constraints</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node.role == worker</span> <span class="pi">-</span> <span class="s">node.labels.zone == dmz</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">reservations</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.10"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">128M</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.50"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256M</span> <span class="na">update_config</span><span class="pi">:</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">1</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">order</span><span class="pi">:</span> <span class="s">start-first</span> <span class="na">failure_action</span><span class="pi">:</span> <span class="s">rollback</span> <span class="na">api</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">registry.example.com/company/api:v2.4.1</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">app_net</span> <span class="pi">-</span> <span class="s">data_net</span> <span class="na">secrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db_password</span> <span class="pi">-</span> <span class="s">jwt_private_key</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">NODE_ENV=production</span> <span class="pi">-</span> <span class="s">PORT=8080</span> <span class="pi">-</span> <span class="s">DB_HOST=postgres</span> <span class="pi">-</span> <span class="s">DB_PASSWORD_FILE=/run/secrets/db_password</span> <span class="pi">-</span> <span class="s">JWT_PRIVATE_KEY_FILE=/run/secrets/jwt_private_key</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">wget"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-qO-"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">http://localhost:8080/health"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">3s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> <span class="na">start_period</span><span class="pi">:</span> <span class="s">20s</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">6</span> <span class="na">placement</span><span class="pi">:</span> <span class="na">constraints</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node.role == worker</span> <span class="pi">-</span> <span class="s">node.labels.workload == backend</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">reservations</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.25"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256M</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.00"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">768M</span> <span class="na">update_config</span><span class="pi">:</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">2</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">order</span><span class="pi">:</span> <span class="s">start-first</span> <span class="na">failure_action</span><span class="pi">:</span> <span class="s">rollback</span> <span class="na">rollback_config</span><span class="pi">:</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">1</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">worker</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">registry.example.com/company/worker:v2.4.1</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">data_net</span> <span class="na">secrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db_password</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">QUEUE_NAME=default</span> <span class="pi">-</span> <span class="s">DB_PASSWORD_FILE=/run/secrets/db_password</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">3</span> <span class="na">placement</span><span class="pi">:</span> <span class="na">constraints</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node.role == worker</span> <span class="pi">-</span> <span class="s">node.labels.workload == backend</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">reservations</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0.25"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256M</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpus</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1.50"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">1024M</span> <span class="na">update_config</span><span class="pi">:</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="m">1</span> <span class="na">delay</span><span class="pi">:</span> <span class="s">15s</span> <span class="na">order</span><span class="pi">:</span> <span class="s">stop-first</span> <span class="na">failure_action</span><span class="pi">:</span> <span class="s">rollback</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">edge_net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">overlay</span> <span class="na">app_net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">overlay</span> <span class="na">data_net</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">overlay</span> <span class="na">driver_opts</span><span class="pi">:</span> <span class="na">encrypted</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="na">secrets</span><span class="pi">:</span> <span class="na">db_password</span><span class="pi">:</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">jwt_private_key</span><span class="pi">:</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">configs</span><span class="pi">:</span> <span class="na">nginx_conf</span><span class="pi">:</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <p>This is not a copy-paste solution for every company. But it shows the mindset:</p> <ul> <li>edge traffic is separated</li> <li>backend traffic is internal</li> <li>sensitive network traffic is encrypted</li> <li>secrets are mounted as files</li> <li>managers are avoided for workloads</li> <li>resources are controlled</li> <li>deployments have rollback behavior</li> <li>public ports are minimized</li> </ul> <p>That is the difference between “it runs” and “I can operate this under stress.”</p> <h2> Observability: What I Monitor in Swarm </h2> <p>You cannot run production infrastructure with hope as your monitoring strategy.</p> <p>For Docker Swarm, I usually think about observability at four levels:</p> <ol> <li><strong>Node-level metrics</strong></li> <li><strong>Container-level metrics</strong></li> <li><strong>Service-level behavior</strong></li> <li><strong>Application-level signals</strong></li> </ol> <p>A common stack is:</p> <ul> <li>Prometheus</li> <li>Grafana</li> <li>Node Exporter</li> <li>cAdvisor</li> <li>Loki or another log aggregation system</li> <li>Alertmanager</li> </ul> <p>Node Exporter gives host metrics:</p> <ul> <li>CPU</li> <li>memory</li> <li>disk usage</li> <li>disk I/O</li> <li>filesystem pressure</li> <li>network traffic</li> </ul> <p>cAdvisor gives container metrics:</p> <ul> <li>container CPU usage</li> <li>memory usage</li> <li>restart patterns</li> <li>throttling</li> <li>network traffic per container</li> </ul> <p>Prometheus scrapes metrics, Grafana visualizes them, and Alertmanager handles notifications.</p> <p>A minimal global cAdvisor service can look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">cadvisor</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">gcr.io/cadvisor/cadvisor:v0.49.1</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/:/rootfs:ro</span> <span class="pi">-</span> <span class="s">/var/run:/var/run:rw</span> <span class="pi">-</span> <span class="s">/sys:/sys:ro</span> <span class="pi">-</span> <span class="s">/var/lib/docker/:/var/lib/docker:ro</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">monitoring</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">global</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">reservations</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">64M</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">256M</span> </code></pre> </div> <p>And Node Exporter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">node_exporter</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">prom/node-exporter:v1.7.0</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">--path.rootfs=/host"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">/:/host:ro,rslave"</span> <span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">monitoring</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">global</span> </code></pre> </div> <p>For service discovery inside Swarm, I like using the <code>tasks.&lt;service_name&gt;</code> DNS pattern.</p> <p>For example, Prometheus can resolve:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>tasks.cadvisor </code></pre> </div> <p>and discover all running cAdvisor tasks.</p> <p>This is simple and works well without introducing another service discovery system.</p> <h2> The Alerts I Actually Care About </h2> <p>Dashboards are useful, but alerts are what wake people up.</p> <p>I try to avoid noisy alerts. A noisy alerting system becomes background noise and people stop trusting it.</p> <p>For Swarm, I care about alerts like:</p> <ul> <li>manager node down</li> <li>quorum risk</li> <li>worker node down</li> <li>high memory pressure</li> <li>disk usage above threshold</li> <li>container restart loop</li> <li>service replica count below desired state</li> <li>high 5xx rate from the reverse proxy</li> <li>high latency on critical APIs</li> <li>certificate expiration approaching</li> <li>unusual increase in blocked or suspicious requests</li> </ul> <p>The important thing is to connect infrastructure signals with application signals.</p> <p>For example, high CPU alone may not be urgent. But high CPU plus increased latency plus replica restarts is a real incident.</p> <p>This is where senior engineering judgment matters. Monitoring is not about collecting everything. It is about knowing which signals explain user impact.</p> <h2> Logging: Centralize It Early </h2> <p>On a single server, <code>docker logs</code> is fine.</p> <p>In a cluster, it is not enough.</p> <p>Once a service has replicas across several nodes, manual log inspection becomes painful. You need centralized logs.</p> <p>I prefer to standardize logs as structured JSON where possible.</p> <p>A good application log should include:</p> <ul> <li>timestamp</li> <li>request ID or correlation ID</li> <li>service name</li> <li>environment</li> <li>log level</li> <li>route or operation name</li> <li>latency</li> <li>user or tenant ID when appropriate</li> <li>error code</li> <li>upstream dependency name</li> </ul> <p>For the infrastructure side, reverse proxy logs are extremely valuable. They show:</p> <ul> <li>real client IP</li> <li>request path</li> <li>status code</li> <li>upstream response time</li> <li>user agent</li> <li>TLS details</li> <li>blocked paths</li> <li>suspicious probing attempts</li> </ul> <p>This is especially important for public APIs because a lot of malicious traffic starts with boring-looking HTTP requests.</p> <h2> Backup and Disaster Recovery: Do Not Ignore the Managers </h2> <p>People often think about database backups but forget about orchestrator state.</p> <p>In Docker Swarm, manager state matters.</p> <p>You should have a recovery plan for:</p> <ul> <li>losing a worker node</li> <li>losing a manager node</li> <li>losing quorum</li> <li>rotating join tokens</li> <li>restoring service definitions</li> <li>restoring secrets/configs</li> <li>rebuilding the cluster from infrastructure code</li> </ul> <p>I do not like relying only on manual server state. I prefer keeping stack files, Nginx configs, Prometheus configs, deployment scripts, and infrastructure notes in Git.</p> <p>That way, if the cluster has to be rebuilt, the knowledge is not trapped inside one engineer's terminal history.</p> <p>For manager backups, you need to understand your Docker version and operational procedure carefully. The key point is not to improvise disaster recovery during the disaster.</p> <p>Test the recovery path before you need it.</p> <h2> CI/CD: Keep Deployments Predictable </h2> <p>A simple Swarm deployment pipeline can be very effective.</p> <p>A common flow:</p> <ol> <li>Build the Docker image.</li> <li>Tag it with a commit SHA or version.</li> <li>Push it to a registry.</li> <li>SSH into a manager or use a controlled deployment runner.</li> <li>Run <code>docker stack deploy</code> with the updated image.</li> <li>Verify service state.</li> <li>Check health and logs.</li> <li>Roll back if needed.</li> </ol> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker stack deploy <span class="se">\</span> <span class="nt">--with-registry-auth</span> <span class="se">\</span> <span class="nt">-c</span> docker-compose.prod.yml <span class="se">\</span> my_app </code></pre> </div> <p>I strongly prefer immutable image tags for production deployments.</p> <p>Avoid this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-api:latest </code></pre> </div> <p>Prefer this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-api:2026-05-23-a1b2c3d </code></pre> </div> <p>or:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>my-api:git-sha-a1b2c3d </code></pre> </div> <p>When something breaks, you need to know exactly what is running.</p> <p><code>latest</code> is convenient until you are debugging an incident and cannot prove which code is actually deployed.</p> <h2> Database Migrations: The Dangerous Part of Zero-Downtime Deployments </h2> <p>Orchestrators make it easy to roll out new containers.</p> <p>They do not automatically make database changes safe.</p> <p>This is where many “zero-downtime” strategies fail.</p> <p>The safe pattern is usually expand-and-contract:</p> <ol> <li>Add new schema changes in a backward-compatible way.</li> <li>Deploy application code that can work with both old and new schema.</li> <li>Backfill data if needed.</li> <li>Switch reads/writes to the new structure.</li> <li>Remove old columns or tables later.</li> </ol> <p>Avoid deployments where the new application requires a schema change that immediately breaks the old version.</p> <p>During rolling updates, old and new containers may run at the same time. Your database design must tolerate that.</p> <p>This is not a Docker Swarm problem. This is a distributed systems deployment problem.</p> <h2> When I Would Not Use Docker Swarm </h2> <p>I like Docker Swarm, but I would not use it everywhere.</p> <p>I would probably choose Kubernetes if I needed:</p> <ul> <li>custom operators</li> <li>advanced autoscaling patterns</li> <li>strong multi-tenancy</li> <li>complex RBAC and policy enforcement</li> <li>service mesh as a core requirement</li> <li>a large platform team</li> <li>advanced ecosystem integrations</li> <li>cloud-native managed control plane support</li> </ul> <p>I would also avoid Swarm if the organization already has a mature Kubernetes platform and the team knows how to operate it well.</p> <p>Technology choice should respect organizational reality.</p> <p>A simple tool in the wrong organization can still fail. A complex tool in a mature organization can work beautifully.</p> <h2> When I Would Choose Docker Swarm </h2> <p>I would choose Docker Swarm when the system needs:</p> <ul> <li>simple multi-node orchestration</li> <li>predictable deployments</li> <li>low operational overhead</li> <li>easy onboarding for Docker-experienced engineers</li> <li>internal APIs and workers</li> <li>small to medium clusters</li> <li>strong enough orchestration without platform engineering complexity</li> <li>fast recovery and simple mental models</li> </ul> <p>For many backend teams, this is enough.</p> <p>And “enough” is underrated.</p> <p>In engineering, the goal is not to maximize architecture complexity. The goal is to deliver reliable systems that the team can understand, secure, monitor, and improve.</p> <h2> My Final Production Checklist </h2> <p>If I were reviewing a Docker Swarm setup before production, I would ask these questions:</p> <ul> <li>Do we have 3 or 5 managers for production?</li> <li>Are manager nodes drained from application workloads?</li> <li>Are public ports minimized?</li> <li>Are edge, app, data, and monitoring networks separated?</li> <li>Are sensitive overlay networks encrypted where needed?</li> <li>Are secrets stored with Docker Secrets instead of <code>.env</code> files?</li> <li>Do services have CPU and memory limits?</li> <li>Do critical services have health checks?</li> <li>Do deployments use rolling updates and rollback behavior?</li> <li>Are image tags immutable?</li> <li>Are logs centralized?</li> <li>Are metrics collected from nodes and containers?</li> <li>Are alerts meaningful and not noisy?</li> <li>Is there a documented recovery plan?</li> <li>Can a new engineer understand the architecture without reading 50 pages of hidden tribal knowledge?</li> </ul> <p>That last question matters more than people think.</p> <p>If the infrastructure only works because one person remembers every command, it is not production-ready. It is a personal project running on production servers.</p> <h2> Final Thoughts </h2> <p>Docker Swarm is not the loudest technology in the room anymore.</p> <p>But that does not make it useless.</p> <p>For the right team and the right workload, it is still a clean, stable, and practical way to run containers in production. It gives you orchestration, service discovery, rolling updates, secrets, overlay networks, and scheduling without forcing you to adopt the full complexity of Kubernetes.</p> <p>My general philosophy is simple:</p> <blockquote> <p>Keep infrastructure as simple as possible, but never simpler than production requires.</p> </blockquote> <p>Docker Swarm fits that philosophy well.</p> <p>It is not about avoiding Kubernetes because Kubernetes is bad. It is about choosing the smallest reliable system that can do the job.</p> <p>And in many real production environments, that is exactly the kind of decision that keeps systems stable, teams productive, and pagers quiet.</p> docker devops infrastructure security amir Fri, 22 May 2026 06:34:56 +0000 https://dev.to/amirsefati/how-i-analyzed-the-linux-kernels-deadliest-logic-bug-a-deep-dive-into-dirty-pipe-cve-2022-0847-57f5 https://dev.to/amirsefati/how-i-analyzed-the-linux-kernels-deadliest-logic-bug-a-deep-dive-into-dirty-pipe-cve-2022-0847-57f5 <p>As developers, we often think of kernel exploits as highly complex assembly-level wizardry, heap grooming, or race-condition battles. But recently, I decided to sit down, pull up the Linux kernel source code, and trace the infamous <strong>Dirty Pipe</strong> vulnerability, <strong>CVE-2022-0847</strong>, line by line.</p> <p>What I found was mind-blowing: a simple, uninitialized struct member in the core memory-management path allowed an unprivileged local user to write into read-only files through the Page Cache.</p> <p>No race conditions.<br><br> No classic memory corruption.<br><br> No heap spraying.<br><br> Just one stale flag in a reused kernel structure.</p> <p>This is my technical post-mortem and step-by-step code analysis of how this elegant logic bug worked.</p> <h2> The Conceptual Backstory: Page Cache, Pipes, and <code>splice()</code> </h2> <p>Before looking at the buggy code, we need to understand the three Linux kernel mechanisms that collided to create Dirty Pipe:</p> <ol> <li>The Page Cache</li> <li>Pipe buffers</li> <li>The <code>splice()</code> system call</li> </ol> <h2> 1. The Page Cache: RAM as a Disk Mirror </h2> <p>To avoid slow disk reads, Linux keeps recently accessed file data in memory. This memory-backed representation is called the <strong>Page Cache</strong>.</p> <p>When multiple processes read the same file, for example <code>/etc/passwd</code>, the kernel does not necessarily load separate copies for every process. Instead, it can map those processes to the same physical memory page that represents the file's cached content.</p> <p>Normally, if a process tries to write to a page without write permission, the kernel's Copy-on-Write mechanism protects the original data:</p> <ul> <li>The original page remains unchanged.</li> <li>A private copy is created.</li> <li>The process writes to that private copy.</li> <li>The read-only backing file remains safe.</li> </ul> <p>That is the expected contract.</p> <p>Dirty Pipe broke that contract.</p> <h2> 2. The Pipe Buffer </h2> <p>In Linux, a pipe is implemented as a circular ring of buffers represented internally by <code>struct pipe_inode_info</code>.</p> <p>Each slot in that ring is a <code>struct pipe_buffer</code>, defined in <code>include/linux/pipe_fs_i.h</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">struct</span> <span class="n">pipe_buffer</span> <span class="p">{</span> <span class="k">struct</span> <span class="n">page</span> <span class="o">*</span><span class="n">page</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">offset</span><span class="p">,</span> <span class="n">len</span><span class="p">;</span> <span class="k">const</span> <span class="k">struct</span> <span class="n">pipe_buf_operations</span> <span class="o">*</span><span class="n">ops</span><span class="p">;</span> <span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">flags</span><span class="p">;</span> <span class="c1">// &lt;-- the field that matters here</span> <span class="kt">unsigned</span> <span class="kt">long</span> <span class="n">private</span><span class="p">;</span> <span class="p">};</span> </code></pre> </div> <p>The important field is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">unsigned</span> <span class="kt">int</span> <span class="n">flags</span><span class="p">;</span> </code></pre> </div> <p>When data is written to a pipe, the kernel may allocate page-sized buffers, usually 4 KB. If the write does not fill the whole page, the kernel can mark that buffer as mergeable by setting:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">PIPE_BUF_FLAG_CAN_MERGE</span> </code></pre> </div> <p>That flag tells the kernel:</p> <blockquote> <p>New writes may be appended into the remaining space of this existing pipe buffer instead of allocating a new one.</p> </blockquote> <p>That behavior is perfectly valid for normal anonymous pipe pages.</p> <p>The problem appears when a pipe buffer stops pointing to a normal anonymous pipe page and starts pointing to a page from the Page Cache.</p> <h2> 3. The <code>splice()</code> Syscall: Zero-Copy Magic </h2> <p>The <code>splice()</code> system call is a Linux performance optimization. It moves data between file descriptors and pipes without copying data back and forth through user space.</p> <p>Instead of doing this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>file -&gt; kernel buffer -&gt; user space -&gt; kernel pipe buffer </code></pre> </div> <p><code>splice()</code> can do something closer to this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>file page cache -&gt; pipe buffer reference </code></pre> </div> <p>That is powerful because it avoids unnecessary copying.</p> <p>But it also means a pipe buffer can reference a page that belongs to the Page Cache of a file.</p> <p>Internally, one of the relevant functions is:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">copy_page_to_iter_pipe</span><span class="p">()</span> </code></pre> </div> <p>This function creates a pipe buffer that references the page containing file data.</p> <p>That is where the bug lived.</p> <h2> Digging Into the Code: The Bug in <code>lib/iov_iter.c</code> </h2> <p>When <code>splice()</code> is used to map file data into a pipe, the kernel executes code similar to this vulnerable version of <code>copy_page_to_iter_pipe()</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">static</span> <span class="kt">size_t</span> <span class="nf">copy_page_to_iter_pipe</span><span class="p">(</span><span class="k">struct</span> <span class="n">page</span> <span class="o">*</span><span class="n">page</span><span class="p">,</span> <span class="kt">size_t</span> <span class="n">offset</span><span class="p">,</span> <span class="kt">size_t</span> <span class="n">bytes</span><span class="p">,</span> <span class="k">struct</span> <span class="n">iov_iter</span> <span class="o">*</span><span class="n">i</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// ... validation steps ...</span> <span class="k">struct</span> <span class="n">pipe_inode_info</span> <span class="o">*</span><span class="n">pipe</span> <span class="o">=</span> <span class="n">i</span><span class="o">-&gt;</span><span class="n">pipe</span><span class="p">;</span> <span class="k">struct</span> <span class="n">pipe_buffer</span> <span class="o">*</span><span class="n">buf</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">pipe</span><span class="o">-&gt;</span><span class="n">bufs</span><span class="p">[</span><span class="n">head</span> <span class="o">&amp;</span> <span class="n">mask</span><span class="p">];</span> <span class="n">buf</span><span class="o">-&gt;</span><span class="n">ops</span> <span class="o">=</span> <span class="o">&amp;</span><span class="n">page_cache_pipe_buf_ops</span><span class="p">;</span> <span class="n">get_page</span><span class="p">(</span><span class="n">page</span><span class="p">);</span> <span class="n">buf</span><span class="o">-&gt;</span><span class="n">page</span> <span class="o">=</span> <span class="n">page</span><span class="p">;</span> <span class="n">buf</span><span class="o">-&gt;</span><span class="n">offset</span> <span class="o">=</span> <span class="n">offset</span><span class="p">;</span> <span class="n">buf</span><span class="o">-&gt;</span><span class="n">len</span> <span class="o">=</span> <span class="n">bytes</span><span class="p">;</span> <span class="c1">// What is missing here?</span> <span class="n">pipe</span><span class="o">-&gt;</span><span class="n">head</span> <span class="o">=</span> <span class="n">head</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span> <span class="k">return</span> <span class="n">bytes</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The missing line is the entire bug:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="n">buf</span><span class="o">-&gt;</span><span class="n">flags</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> </code></pre> </div> <p><code>buf-&gt;flags</code> was never initialized or cleared.</p> <p>Because pipes are implemented as circular rings, the kernel reuses old <code>pipe_buffer</code> structures. If a previous operation left <code>PIPE_BUF_FLAG_CAN_MERGE</code> set, that stale flag could remain active when the same buffer slot was reused for Page Cache-backed file data.</p> <p>That means a buffer referencing a read-only file page could accidentally still look mergeable.</p> <p>That is the core of Dirty Pipe.</p> <h2> The Intersection of Two Commits </h2> <p>One thing I found especially interesting is that Dirty Pipe was not born from one obviously dangerous commit.</p> <p>It came from the interaction of two separate changes:</p> <h3> 1. Commit <code>241699cd72a8</code> — October 2016 </h3> <p>This introduced the new pipe-backed <code>iov_iter</code> subsystem and added <code>copy_page_to_iter_pipe()</code>.</p> <p>The function did not initialize <code>buf-&gt;flags</code>.</p> <p>At that time, this was not immediately exploitable because the dangerous merge flag did not exist yet.</p> <h3> 2. Commit <code>f6dd975583bd</code> — May 2020 </h3> <p>This added <code>PIPE_BUF_FLAG_CAN_MERGE</code>.</p> <p>Suddenly, an old uninitialized field became security-critical.</p> <p>That is the scary engineering lesson:</p> <blockquote> <p>A harmless-looking initialization bug can become a critical vulnerability years later when another subsystem evolves.</p> </blockquote> <h2> Step-by-Step: How the Exploit Mechanics Worked </h2> <p>At a high level, the exploit forced the kernel into a bad state:</p> <ol> <li>Prepare a pipe so all its internal buffer slots have <code>PIPE_BUF_FLAG_CAN_MERGE</code> set.</li> <li>Drain the pipe so it becomes logically empty.</li> <li>Use <code>splice()</code> to attach a read-only file's Page Cache page to a reused pipe buffer.</li> <li>Because <code>buf-&gt;flags</code> was not cleared, the stale merge flag remains.</li> <li>A later write to the pipe is merged into the Page Cache page.</li> </ol> <p>The result: the in-memory cached representation of a read-only file is modified.</p> <p>The disk file itself is not directly overwritten. The modification happens in the Page Cache.</p> <h2> Stage 1: Polluting the Pipe Buffers </h2> <p>The first step is to fill the pipe. This causes the kernel to allocate pipe buffers and mark them mergeable.</p> <p>A simplified version looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">int</span> <span class="n">p</span><span class="p">[</span><span class="mi">2</span><span class="p">];</span> <span class="n">pipe</span><span class="p">(</span><span class="n">p</span><span class="p">);</span> <span class="kt">int</span> <span class="n">capacity</span> <span class="o">=</span> <span class="n">fcntl</span><span class="p">(</span><span class="n">p</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="n">F_GETPIPE_SZ</span><span class="p">);</span> <span class="kt">char</span> <span class="n">dummy</span> <span class="o">=</span> <span class="sc">'A'</span><span class="p">;</span> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">r</span> <span class="o">=</span> <span class="n">capacity</span><span class="p">;</span> <span class="n">r</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">;</span> <span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">n</span> <span class="o">=</span> <span class="n">r</span> <span class="o">&gt;</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">dummy</span><span class="p">)</span> <span class="o">?</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">dummy</span><span class="p">)</span> <span class="o">:</span> <span class="n">r</span><span class="p">;</span> <span class="n">write</span><span class="p">(</span><span class="n">p</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="o">&amp;</span><span class="n">dummy</span><span class="p">,</span> <span class="n">n</span><span class="p">);</span> <span class="n">r</span> <span class="o">-=</span> <span class="n">n</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>After this stage, the internal pipe buffer slots have been used and may contain <code>PIPE_BUF_FLAG_CAN_MERGE</code>.</p> <h2> Stage 2: Draining the Pipe </h2> <p>Next, the pipe is drained:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">r</span> <span class="o">=</span> <span class="n">capacity</span><span class="p">;</span> <span class="n">r</span> <span class="o">&gt;</span> <span class="mi">0</span><span class="p">;</span> <span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">n</span> <span class="o">=</span> <span class="n">r</span> <span class="o">&gt;</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">dummy</span><span class="p">)</span> <span class="o">?</span> <span class="k">sizeof</span><span class="p">(</span><span class="n">dummy</span><span class="p">)</span> <span class="o">:</span> <span class="n">r</span><span class="p">;</span> <span class="n">read</span><span class="p">(</span><span class="n">p</span><span class="p">[</span><span class="mi">0</span><span class="p">],</span> <span class="o">&amp;</span><span class="n">dummy</span><span class="p">,</span> <span class="n">n</span><span class="p">);</span> <span class="n">r</span> <span class="o">-=</span> <span class="n">n</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Now the pipe is logically empty.</p> <p>But the kernel's internal <code>pipe_buffer</code> metadata is still there, ready to be reused.</p> <p>The stale flags may still exist in those reused slots.</p> <h2> Stage 3: Splicing File Data into the Pipe </h2> <p>Then <code>splice()</code> is used to move data from a target file into the pipe without copying it through user space:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="kt">int</span> <span class="n">fd</span> <span class="o">=</span> <span class="n">open</span><span class="p">(</span><span class="s">"/path/to/read-only-file"</span><span class="p">,</span> <span class="n">O_RDONLY</span><span class="p">);</span> <span class="n">loff_t</span> <span class="n">offset</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">splice</span><span class="p">(</span><span class="n">fd</span><span class="p">,</span> <span class="o">&amp;</span><span class="n">offset</span><span class="p">,</span> <span class="n">p</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="nb">NULL</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">0</span><span class="p">);</span> </code></pre> </div> <p>Behind the scenes, the kernel creates a pipe buffer that references the file's Page Cache page.</p> <p>But because <code>buf-&gt;flags</code> was not cleared, the buffer may still have the old merge flag.</p> <p>Now we have a dangerous state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>pipe_buffer.page -&gt; file Page Cache page pipe_buffer.flags -&gt; PIPE_BUF_FLAG_CAN_MERGE </code></pre> </div> <p>That should never happen.</p> <h2> Stage 4: Writing into the Pipe </h2> <p>A subsequent write to the pipe is then treated as mergeable.</p> <p>The kernel thinks it is appending data into a normal anonymous pipe page.</p> <p>In reality, the buffer points to a file-backed Page Cache page.</p> <p>So the write lands inside the cached file page.</p> <p>That is why Dirty Pipe could modify the in-memory contents of files that the attacker should not have been able to write.</p> <h2> Why Dirty Pipe Was So Dangerous </h2> <p>Dirty Pipe was terrifying because it was not a fragile exploit.</p> <h3> No Race Condition </h3> <p>Dirty COW, CVE-2016-5195, depended on winning a race condition. Dirty Pipe did not.</p> <p>There was no timing window to win.</p> <h3> No Classic Memory Corruption </h3> <p>This was not a buffer overflow or heap corruption bug.</p> <p>The kernel was following its own logic, but that logic was operating on stale state.</p> <h3> High Reliability </h3> <p>Once the vulnerable state was created, the behavior was deterministic.</p> <h3> Page Cache Impact </h3> <p>The modification happened in memory through the Page Cache. That means the on-disk file might remain unchanged, but programs reading the file could observe the modified cached version.</p> <h2> Dirty Pipe vs Dirty COW </h2> <p>Dirty Pipe and Dirty COW are often compared because both involve unexpected writes related to file-backed memory.</p> <p>But the exploit style is very different.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Dirty COW</th> <th>Dirty Pipe</th> </tr> </thead> <tbody> <tr> <td>CVE</td> <td>CVE-2016-5195</td> <td>CVE-2022-0847</td> </tr> <tr> <td>Bug type</td> <td>Race condition</td> <td>Uninitialized/stale state logic bug</td> </tr> <tr> <td>Reliability</td> <td>Timing-dependent</td> <td>Highly deterministic</td> </tr> <tr> <td>Main mechanism</td> <td>Copy-on-Write race</td> <td>Stale <code>PIPE_BUF_FLAG_CAN_MERGE</code> </td> </tr> <tr> <td>Kernel area</td> <td>Memory management</td> <td>Pipes, Page Cache, <code>splice()</code> </td> </tr> </tbody> </table></div> <p>Dirty Pipe is a great reminder that not all dangerous vulnerabilities look like obvious memory corruption.</p> <p>Sometimes the bug is just one field that was not reset.</p> <h2> The Upstream Fix </h2> <p>The fix was surprisingly small.</p> <p>In the patched version, the kernel explicitly clears the flags when creating a new pipe buffer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight diff"><code><span class="gh">diff --git a/lib/iov_iter.c b/lib/iov_iter.c index b0e0acdf96c15e..6dd5330f7a9957 100644 </span><span class="gd">--- a/lib/iov_iter.c </span><span class="gi">+++ b/lib/iov_iter.c </span><span class="p">@@ -414,6 +414,7 @@</span> static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t bytes, return 0; <span class="err"> </span> buf-&gt;ops = &amp;page_cache_pipe_buf_ops; <span class="gi">+ buf-&gt;flags = 0; </span> get_page(page); buf-&gt;page = page; buf-&gt;offset = offset; </code></pre> </div> <p>One line.</p> <p>One field.</p> <p>A huge security impact.</p> <h2> Key Developer Takeaways </h2> <p>Analyzing Dirty Pipe gave me a stronger appreciation for defensive engineering in low-level systems.</p> <h3> 1. Always Initialize Reused Structures </h3> <p>If a structure is reused, every stateful field should be explicitly initialized.</p> <p>Relying on previous state is dangerous.</p> <p>In kernel code, stale state is not just a bug. It can become a privilege escalation.</p> <h3> 2. Flags Are Security Boundaries </h3> <p>A single bit can completely change how the kernel interprets memory.</p> <p><code>PIPE_BUF_FLAG_CAN_MERGE</code> looked like a performance optimization flag, but in the wrong context it became a security boundary bypass.</p> <h3> 3. Subsystem Interactions Matter </h3> <p>The original missing initialization existed for years.</p> <p>It became dangerous only after another feature introduced a new meaning for the stale field.</p> <p>This is why reviewing only the changed file is not enough.</p> <p>When adding new flags, modes, or state transitions, we should audit every path that creates, recycles, or reuses the structure.</p> <h3> 4. Logic Bugs Can Be More Reliable Than Memory Corruption </h3> <p>Dirty Pipe was not powerful because it crashed the kernel or corrupted random memory.</p> <p>It was powerful because the kernel's internal state machine became logically inconsistent.</p> <p>That kind of bug can be easier to exploit and harder to detect.</p> <h3> 5. Defensive Coding Is Not Optional in Systems Programming </h3> <p>In application code, forgetting to initialize a field may cause a weird UI bug or a failed request.</p> <p>In kernel code, it may let an unprivileged user modify read-only file content.</p> <p>That difference is why explicit initialization, careful invariants, and subsystem-level reviews are essential.</p> <h2> Exploit Discussion: Why I Will Not Weaponize It Here </h2> <p>At this point, it is tempting to drop a full copy-paste exploit and call the analysis complete.</p> <p>Dirty Pipe is not just an academic bug. It is a real local privilege escalation vulnerability that can be used to modify sensitive files, abuse SUID binaries, and turn limited local execution into root-level impact on vulnerable systems.</p> <p>So instead of publishing a weaponized exploit, I prefer to focus on the part that actually matters for experienced engineers: understanding the primitive, validating exposure safely, and reducing the blast radius.</p> <p>The important idea is this:</p> <blockquote> <p>Dirty Pipe gives an attacker a write primitive into the Page Cache under very specific conditions.</p> </blockquote> <p>That is enough to explain the risk without handing someone a ready-made privilege escalation chain.</p> <h2> Safe Validation: How to Check Exposure Without Exploiting the Machine </h2> <p>The first thing I would check is the running kernel version.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">uname</span> <span class="nt">-a</span> <span class="nb">uname</span> <span class="nt">-r</span> </code></pre> </div> <p>Dirty Pipe affected Linux kernel versions starting from <code>5.8</code> and was fixed in patched kernel releases such as:</p> <ul> <li><code>5.16.11</code></li> <li><code>5.15.25</code></li> <li><code>5.10.102</code></li> </ul> <p>The exact package version depends on the distribution, because vendors often backport security fixes without changing the upstream kernel version in an obvious way.</p> <p>That is why I do not rely only on <code>uname -r</code> in production. I also check the distribution security advisories and installed kernel changelog.</p> <p>On Debian or Ubuntu-based systems:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>apt list <span class="nt">--installed</span> | <span class="nb">grep </span>linux-image apt changelog linux-image-<span class="si">$(</span><span class="nb">uname</span> <span class="nt">-r</span><span class="si">)</span> </code></pre> </div> <p>On RHEL, Rocky, AlmaLinux, or Fedora-based systems:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>rpm <span class="nt">-q</span> kernel rpm <span class="nt">-q</span> <span class="nt">--changelog</span> kernel | <span class="nb">grep</span> <span class="nt">-i</span> CVE-2022-0847 <span class="nt">-A</span> 5 </code></pre> </div> <p>The goal here is not to exploit the host.</p> <p>The goal is to answer one operational question:</p> <blockquote> <p>Is this system running a kernel package that contains the Dirty Pipe fix?</p> </blockquote> <h2> Mitigation: The Real Fix Is a Kernel Update </h2> <p>There is no clever application-level patch that fully fixes Dirty Pipe.</p> <p>The bug lives in the kernel.</p> <p>So the primary mitigation is simple:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="nb">sudo </span>apt full-upgrade <span class="nb">sudo </span>reboot </code></pre> </div> <p>Or on RHEL-like systems:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>dnf update kernel <span class="nb">sudo </span>reboot </code></pre> </div> <p>After rebooting, always verify the active kernel:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">uname</span> <span class="nt">-r</span> </code></pre> </div> <p>Installing a fixed kernel is not enough if the machine is still booted into the vulnerable one.</p> <p>This is a common production mistake: the package is patched, the vulnerability scanner looks cleaner, but the running kernel is still old because nobody rebooted the host.</p> <h2> Reducing the Attack Surface </h2> <p>Dirty Pipe requires local code execution.</p> <p>That local execution can come from many places:</p> <ul> <li>an SSH account</li> <li>a compromised web application</li> <li>a CI/CD runner</li> <li>an untrusted container workload</li> <li>a shared development server</li> <li>a low-privileged service user</li> </ul> <p>So while patching is the real fix, reducing local execution paths is still important.</p> <p>A few practical checks I usually care about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Users with interactive shells</span> <span class="nb">cat</span> /etc/passwd | <span class="nb">grep</span> <span class="nt">-E</span> <span class="s1">'/bin/bash|/bin/sh|/bin/zsh'</span> <span class="c"># Users with sudo-like access</span> getent group <span class="nb">sudo </span>getent group wheel <span class="c"># Recently created users</span> <span class="nb">sudo awk</span> <span class="nt">-F</span>: <span class="s1">'$3 &gt;= 1000 { print $1, $3, $6, $7 }'</span> /etc/passwd </code></pre> </div> <p>If a user does not need shell access, remove it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>usermod <span class="nt">-s</span> /usr/sbin/nologin username </code></pre> </div> <p>If an old account should no longer authenticate, lock it.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>passwd <span class="nt">-l</span> username </code></pre> </div> <p>None of this replaces patching.</p> <p>But it reduces the number of places an attacker can start from.</p> <h2> Containers: Do Not Forget the Host Kernel </h2> <p>One of the most important operational lessons from Dirty Pipe is that containers do not bring their own kernel.</p> <p>A container shares the host kernel.</p> <p>So if the host kernel is vulnerable, a containerized workload may still be dangerous, especially when combined with weak isolation, excessive capabilities, or sensitive host mounts.</p> <p>For production workloads, I would avoid patterns like this unless there is a very strong reason:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--privileged</span> ... </code></pre> </div> <p>A safer baseline looks more like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="se">\</span> <span class="nt">--read-only</span> <span class="se">\</span> <span class="nt">--cap-drop</span><span class="o">=</span>ALL <span class="se">\</span> <span class="nt">--security-opt</span> no-new-privileges <span class="se">\</span> image-name </code></pre> </div> <p>Also be careful with host mounts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nt">-v</span> /:/host <span class="nt">-v</span> /etc:/host/etc <span class="nt">-v</span> /var/run/docker.sock:/var/run/docker.sock </code></pre> </div> <p>Those mounts can turn a local container compromise into a much more serious host-level problem.</p> <p>Dirty Pipe is a kernel bug, but real incidents usually happen through chains.</p> <p>The kernel bug is one link.</p> <p>Bad container isolation can be another.</p> <h2> Monitoring Sensitive Files </h2> <p>Dirty Pipe modifies data through the Page Cache, which makes the behavior unusual.</p> <p>Still, sensitive files are the obvious places defenders should care about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>/etc/passwd /etc/shadow /etc/group /etc/sudoers /root/.ssh/authorized_keys </code></pre> </div> <p>On Linux, <code>auditd</code> can help monitor write attempts and metadata changes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>auditctl <span class="nt">-w</span> /etc/passwd <span class="nt">-p</span> wa <span class="nt">-k</span> passwd_changes <span class="nb">sudo </span>auditctl <span class="nt">-w</span> /etc/shadow <span class="nt">-p</span> wa <span class="nt">-k</span> shadow_changes <span class="nb">sudo </span>auditctl <span class="nt">-w</span> /etc/group <span class="nt">-p</span> wa <span class="nt">-k</span> group_changes <span class="nb">sudo </span>auditctl <span class="nt">-w</span> /etc/sudoers <span class="nt">-p</span> wa <span class="nt">-k</span> sudoers_changes </code></pre> </div> <p>Then search the audit logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ausearch <span class="nt">-k</span> passwd_changes <span class="nb">sudo </span>ausearch <span class="nt">-k</span> shadow_changes <span class="nb">sudo </span>ausearch <span class="nt">-k</span> group_changes <span class="nb">sudo </span>ausearch <span class="nt">-k</span> sudoers_changes </code></pre> </div> <p>For file integrity monitoring, tools like AIDE can also help:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>aide <span class="nb">sudo </span>aideinit <span class="nb">sudo cp</span> /var/lib/aide/aide.db.new /var/lib/aide/aide.db <span class="nb">sudo </span>aide <span class="nt">--check</span> </code></pre> </div> <p>This is not a perfect Dirty Pipe detector.</p> <p>But it is part of a healthy defensive baseline.</p> <h2> My Practical Takeaway for Security Engineers </h2> <p>When I look at Dirty Pipe from a defender's perspective, I do not think the lesson is "learn the exploit and move on."</p> <p>The lesson is broader:</p> <ul> <li>patch kernels quickly</li> <li>reboot after kernel updates</li> <li>reduce local shell access</li> <li>avoid over-privileged containers</li> <li>monitor sensitive identity and privilege files</li> <li>review code paths that recycle stateful structures</li> </ul> <p>The exploit is interesting.</p> <p>But the engineering lesson is more valuable.</p> <p>A single stale flag inside a reused kernel structure broke one of the assumptions Linux users rely on every day:</p> <blockquote> <p>read-only files should not be writable by an unprivileged process.</p> </blockquote> <p>That is the kind of bug that reminds me why low-level systems programming requires paranoia, not just correctness.</p> <h2> Final Thoughts </h2> <p>Dirty Pipe is one of those vulnerabilities that looks almost too simple after you understand it.</p> <p>A stale flag survived inside a reused pipe buffer.</p> <p>That pipe buffer was later pointed at a Page Cache page.</p> <p>The kernel trusted the stale flag.</p> <p>And that was enough.</p> <p>For me, the most important lesson is this:</p> <blockquote> <p>Security bugs often live at the boundaries between correct subsystems.</p> </blockquote> <p>The Page Cache was doing its job.</p> <p>Pipes were doing their job.</p> <p><code>splice()</code> was doing its job.</p> <p>But the transition between those systems carried stale state, and that stale state broke the security model.</p> <p>That is why kernel engineering is so fascinating — and so unforgiving.</p> <h2> References </h2> <ul> <li><a href="https://dirtypipe.cm4all.com/" rel="noopener noreferrer">The Dirty Pipe Vulnerability - CM4all</a></li> <li><a href="https://github.com/bluedragonsecurity/Linux-Kernel-Dirty-Pipe-Exploitation-Logic-Bug-" rel="noopener noreferrer">Linux Kernel Dirty Pipe Exploitation Logic Bug Exploration - GitHub</a></li> <li><a href="https://lolcads.github.io/posts/2022/06/dirty_pipe_cve_2022_0847/" rel="noopener noreferrer">Exploration of the Dirty Pipe Vulnerability - lolcads</a></li> <li><a href="https://www.tarlogic.com/blog/dirty-pipe-vulnerability-cve-2022-0847/" rel="noopener noreferrer">Dirty Pipe Vulnerability CVE-2022-0847 - Tarlogic</a></li> <li><a href="https://blogs.oracle.com/linux/pipe-and-splice" rel="noopener noreferrer">An In-Depth Look at Pipe and Splice implementation in Linux kernel - Oracle Blogs</a></li> <li><a href="https://review.calyxos.org/q/d590b2b91f07af95ad822bd0d193d00443863c44" rel="noopener noreferrer">UPSTREAM: lib/iov_iter: initialize flags in new pipe_buffer - Gerrit</a></li> <li><a href="https://github.com/mhanief/dirtypipe" rel="noopener noreferrer">Dirty Pipe Vulnerability Detection Script - GitHub</a></li> </ul> linux security kernel c amir Thu, 21 May 2026 08:38:35 +0000 https://dev.to/amirsefati/composition-over-inheritance-in-go-the-design-choice-that-makes-microservices-boring-in-the-best-2m0h https://dev.to/amirsefati/composition-over-inheritance-in-go-the-design-choice-that-makes-microservices-boring-in-the-best-2m0h <p>When I first moved deeper into Go, the strange part was not the syntax. The syntax is intentionally small. The strange part was the absence of something I had seen in backend codebases for years: classical inheritance.</p> <p>No <code>class</code>.<br> No <code>extends</code>.<br> No abstract base class hierarchy.<br> No <code>implements</code> keyword.<br> No parent object silently controlling the child.</p> <p>At first, that can look like a missing feature. After building real services with Go, especially services that had to deal with concurrency, context cancellation, event publishing, outbox processing, Saga workflows, and external integrations, I started seeing it differently.</p> <p>Go did not forget inheritance. Go made a deliberate trade-off.</p> <p>It gives us structs, methods, embedding, interfaces, implicit contracts, and composition as the default way to build larger systems.</p> <p>The result is not “less object-oriented.” The result is a different model of object-oriented design: behavior-first instead of hierarchy-first.</p> <p>The official Go FAQ answers the “Is Go object-oriented?” question with “yes and no.” Go has types and methods, but no type hierarchy. Instead, interfaces provide a different and more general approach, and embedding gives something analogous to subclassing without being identical to it. <sup id="fnref1">1</sup></p> <p>That one design choice affects almost everything: testing, package design, microservices, concurrency, <code>context.Context</code>, and even how we model business workflows.</p> <p>In this article, I want to explain the difference between composition and inheritance in Go from a practical engineering point of view — not as a language theory exercise, but as something I have felt in production systems.</p> <h2> The short version </h2> <p>Inheritance says:</p> <blockquote> <p>Build behavior by creating a type hierarchy.</p> </blockquote> <p>Composition says:</p> <blockquote> <p>Build behavior by connecting small parts.</p> </blockquote> <p>In many traditional OOP languages, we might design something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Device ├── Phone │ └── Smartphone └── Watch └── DigitalWatch </code></pre> </div> <p>That looks clean in a diagram, but production software rarely stays clean. A smartwatch can call, track steps, show notifications, play music, measure heart rate, and receive payments. A phone can also track health, authenticate payments, and show time. Suddenly the hierarchy becomes political: where should behavior live?</p> <p>Go’s answer is simple: do not force a taxonomy too early.</p> <p>Instead of asking “what parent class does this type belong to?”, Go pushes me to ask:</p> <blockquote> <p>What behavior does this object need?</p> </blockquote> <p>That is a much better question for backend systems.</p> <h2> Why Go did not choose classical inheritance </h2> <p>Rob Pike’s famous essay <em>Less is exponentially more</em> explains a lot about the philosophy behind Go. One of the most quoted lines from that essay is:</p> <blockquote> <p>“Go is about composition.” <sup id="fnref2">2</sup></p> </blockquote> <p>That statement is not just motivational. It shows up directly in the language.</p> <p>Go was designed for large codebases, networked systems, multicore machines, and teams that needed to read and maintain code for years. The language values clarity over cleverness. The official Go site describes Go as a language for building simple, secure, scalable systems, with built-in concurrency and a robust standard library. <sup id="fnref3">3</sup></p> <p>In a large backend codebase, inheritance often creates hidden coupling:</p> <ul> <li>A child type depends on parent behavior it does not explicitly call.</li> <li>Changing the base class can break many children.</li> <li>Tests often need a large object graph.</li> <li>Business concepts become trapped in technical hierarchies.</li> <li>Shared behavior becomes harder to remove than to add.</li> </ul> <p>Go avoids that by making relationships explicit.</p> <p>If a type needs a logger, give it a logger.<br> If a service needs a repository, inject a repository.<br> If a handler needs a publisher, depend on a small publisher interface.<br> If a workflow needs cancellation, pass <code>context.Context</code>.</p> <p>There is no parent class magic. There is only data, behavior, and contracts.</p> <h2> Inheritance example: mobile phone and digital watch </h2> <p>Let’s use the mobile phone and digital watch example.</p> <p>In an inheritance-heavy design, we may try something like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// This is NOT idiomatic Go.</span> <span class="c">// It is only a pseudo-OOP model to show the problem.</span> <span class="k">type</span> <span class="n">Device</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Name</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="n">Device</span><span class="p">)</span> <span class="n">TurnOn</span><span class="p">()</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">d</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="s">"is turning on"</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Phone</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Device</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="n">Phone</span><span class="p">)</span> <span class="n">Call</span><span class="p">(</span><span class="n">number</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Calling"</span><span class="p">,</span> <span class="n">number</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">DigitalWatch</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Device</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">w</span> <span class="n">DigitalWatch</span><span class="p">)</span> <span class="n">ShowTime</span><span class="p">()</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Showing time"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>At first this looks fine. <code>Phone</code> and <code>DigitalWatch</code> both reuse <code>Device</code>.</p> <p>But what happens when the watch can also make calls?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">SmartWatch</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">DigitalWatch</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="n">SmartWatch</span><span class="p">)</span> <span class="n">Call</span><span class="p">(</span><span class="n">number</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Calling from watch"</span><span class="p">,</span> <span class="n">number</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now we have duplication between <code>Phone</code> and <code>SmartWatch</code>.</p> <p>So maybe we move <code>Call</code> up into <code>Device</code>?<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">d</span> <span class="n">Device</span><span class="p">)</span> <span class="n">Call</span><span class="p">(</span><span class="n">number</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Calling"</span><span class="p">,</span> <span class="n">number</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>But now every device can call. That is wrong. A kitchen timer is a device, but it should not call anyone.</p> <p>This is the classic inheritance problem: shared behavior is not always shared identity.</p> <h2> Composition in Go: model capability, not family tree </h2> <p>In Go, I prefer to model small capabilities.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">package</span> <span class="n">main</span> <span class="k">import</span> <span class="p">(</span> <span class="s">"fmt"</span> <span class="s">"time"</span> <span class="p">)</span> <span class="k">type</span> <span class="n">PowerUnit</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Name</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="n">PowerUnit</span><span class="p">)</span> <span class="n">TurnOn</span><span class="p">()</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="n">p</span><span class="o">.</span><span class="n">Name</span><span class="p">,</span> <span class="s">"is turning on"</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Dialer</span> <span class="k">struct</span><span class="p">{}</span> <span class="k">func</span> <span class="p">(</span><span class="n">Dialer</span><span class="p">)</span> <span class="n">Call</span><span class="p">(</span><span class="n">number</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Calling"</span><span class="p">,</span> <span class="n">number</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Clock</span> <span class="k">struct</span><span class="p">{}</span> <span class="k">func</span> <span class="p">(</span><span class="n">Clock</span><span class="p">)</span> <span class="n">Now</span><span class="p">()</span> <span class="n">time</span><span class="o">.</span><span class="n">Time</span> <span class="p">{</span> <span class="k">return</span> <span class="n">time</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span> <span class="p">}</span> <span class="k">type</span> <span class="n">NotificationCenter</span> <span class="k">struct</span><span class="p">{}</span> <span class="k">func</span> <span class="p">(</span><span class="n">NotificationCenter</span><span class="p">)</span> <span class="n">Notify</span><span class="p">(</span><span class="n">message</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Notification:"</span><span class="p">,</span> <span class="n">message</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">MobilePhone</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">PowerUnit</span> <span class="n">Dialer</span> <span class="n">Clock</span> <span class="n">NotificationCenter</span> <span class="p">}</span> <span class="k">type</span> <span class="n">DigitalWatch</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">PowerUnit</span> <span class="n">Clock</span> <span class="p">}</span> <span class="k">type</span> <span class="n">SmartWatch</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">PowerUnit</span> <span class="n">Dialer</span> <span class="n">Clock</span> <span class="n">NotificationCenter</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">phone</span> <span class="o">:=</span> <span class="n">MobilePhone</span><span class="p">{</span><span class="n">PowerUnit</span><span class="o">:</span> <span class="n">PowerUnit</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"Mobile phone"</span><span class="p">}}</span> <span class="n">watch</span> <span class="o">:=</span> <span class="n">DigitalWatch</span><span class="p">{</span><span class="n">PowerUnit</span><span class="o">:</span> <span class="n">PowerUnit</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"Digital watch"</span><span class="p">}}</span> <span class="n">smartWatch</span> <span class="o">:=</span> <span class="n">SmartWatch</span><span class="p">{</span><span class="n">PowerUnit</span><span class="o">:</span> <span class="n">PowerUnit</span><span class="p">{</span><span class="n">Name</span><span class="o">:</span> <span class="s">"Smart watch"</span><span class="p">}}</span> <span class="n">phone</span><span class="o">.</span><span class="n">TurnOn</span><span class="p">()</span> <span class="n">phone</span><span class="o">.</span><span class="n">Call</span><span class="p">(</span><span class="s">"+37400000000"</span><span class="p">)</span> <span class="n">phone</span><span class="o">.</span><span class="n">Notify</span><span class="p">(</span><span class="s">"New message"</span><span class="p">)</span> <span class="n">watch</span><span class="o">.</span><span class="n">TurnOn</span><span class="p">()</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"Watch time:"</span><span class="p">,</span> <span class="n">watch</span><span class="o">.</span><span class="n">Now</span><span class="p">()</span><span class="o">.</span><span class="n">Format</span><span class="p">(</span><span class="n">time</span><span class="o">.</span><span class="n">Kitchen</span><span class="p">))</span> <span class="n">smartWatch</span><span class="o">.</span><span class="n">TurnOn</span><span class="p">()</span> <span class="n">smartWatch</span><span class="o">.</span><span class="n">Call</span><span class="p">(</span><span class="s">"+37411111111"</span><span class="p">)</span> <span class="n">smartWatch</span><span class="o">.</span><span class="n">Notify</span><span class="p">(</span><span class="s">"Workout completed"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This is the core idea: <code>MobilePhone</code>, <code>DigitalWatch</code>, and <code>SmartWatch</code> are not forced into a fragile family tree.</p> <p>They are built from capabilities:</p> <ul> <li><code>PowerUnit</code></li> <li><code>Dialer</code></li> <li><code>Clock</code></li> <li><code>NotificationCenter</code></li> </ul> <p>A normal digital watch has a clock but no dialer. A phone has a dialer and notifications. A smartwatch can have both.</p> <p>This is why composition scales better. I can add a new capability without redesigning the whole hierarchy.</p> <h2> Embedding is not inheritance </h2> <p>Go has embedding, and sometimes developers describe it as inheritance. I avoid that wording because it creates the wrong mental model.</p> <p>Embedding promotes fields and methods. It helps with delegation. But it does not create a classical subtype hierarchy.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">AuditLogger</span> <span class="k">struct</span><span class="p">{}</span> <span class="k">func</span> <span class="p">(</span><span class="n">AuditLogger</span><span class="p">)</span> <span class="n">Log</span><span class="p">(</span><span class="n">event</span> <span class="kt">string</span><span class="p">)</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Println</span><span class="p">(</span><span class="s">"audit:"</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">BookingService</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">AuditLogger</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">service</span> <span class="o">:=</span> <span class="n">BookingService</span><span class="p">{}</span> <span class="n">service</span><span class="o">.</span><span class="n">Log</span><span class="p">(</span><span class="s">"booking_created"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p><code>BookingService</code> can call <code>Log</code> directly because the method is promoted. But <code>BookingService</code> is not a subclass of <code>AuditLogger</code> in the Java/C++ sense.</p> <p>The Go language specification defines how embedded fields work and how promoted methods become part of a method set. <sup id="fnref4">4</sup> Effective Go also demonstrates embedding as a way to compose behavior, especially with interfaces and structs. <sup id="fnref5">5</sup></p> <p>When I embed a type in Go, I am not saying:</p> <blockquote> <p>BookingService is an AuditLogger.</p> </blockquote> <p>I am saying:</p> <blockquote> <p>BookingService has audit logging behavior.</p> </blockquote> <p>That difference keeps architecture honest.</p> <h2> Interfaces: polymorphism without inheritance </h2> <p>The most powerful part of Go’s model is not embedding. It is interfaces.</p> <p>In Go, interfaces are satisfied implicitly. A type does not need to declare that it implements an interface. If it has the required methods, it satisfies the interface.</p> <p>That changes how I design systems.</p> <p>Instead of starting with a big interface, I usually start with concrete code. Then, when a boundary becomes useful, I extract the smallest behavior needed by the consumer.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Caller</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Call</span><span class="p">(</span><span class="n">number</span> <span class="kt">string</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="n">EmergencyCall</span><span class="p">(</span><span class="n">device</span> <span class="n">Caller</span><span class="p">)</span> <span class="p">{</span> <span class="n">device</span><span class="o">.</span><span class="n">Call</span><span class="p">(</span><span class="s">"911"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Now anything that has a <code>Call(string)</code> method can be used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">MobilePhone</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Dialer</span> <span class="p">}</span> <span class="k">type</span> <span class="n">SmartWatch</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Dialer</span> <span class="p">}</span> <span class="k">func</span> <span class="n">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">phone</span> <span class="o">:=</span> <span class="n">MobilePhone</span><span class="p">{}</span> <span class="n">watch</span> <span class="o">:=</span> <span class="n">SmartWatch</span><span class="p">{}</span> <span class="n">EmergencyCall</span><span class="p">(</span><span class="n">phone</span><span class="p">)</span> <span class="n">EmergencyCall</span><span class="p">(</span><span class="n">watch</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>No base class. No inheritance. No framework annotation. No dependency on a parent type.</p> <p>Just behavior.</p> <p>That is polymorphism in Go.</p> <p>The object is not polymorphic because it belongs to a class hierarchy. It is polymorphic because it satisfies a contract.</p> <h2> Why this polymorphism feels better in microservices </h2> <p>Microservices are mostly about boundaries:</p> <ul> <li>HTTP boundaries</li> <li>database boundaries</li> <li>message broker boundaries</li> <li>cache boundaries</li> <li>external vendor boundaries</li> <li>retry and timeout boundaries</li> <li>transaction and consistency boundaries</li> </ul> <p>Inheritance is not naturally good at these boundaries. Interfaces are.</p> <p>For example, in a booking service, I do not want my core business logic to know whether events are published to Kafka, RabbitMQ, NATS, AWS SNS/SQS, or an in-memory fake during tests.</p> <p>I want this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">EventPublisher</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>Then my service depends on the behavior:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">BookingService</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">repo</span> <span class="n">BookingRepository</span> <span class="n">publisher</span> <span class="n">EventPublisher</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewBookingService</span><span class="p">(</span><span class="n">repo</span> <span class="n">BookingRepository</span><span class="p">,</span> <span class="n">publisher</span> <span class="n">EventPublisher</span><span class="p">)</span> <span class="o">*</span><span class="n">BookingService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">BookingService</span><span class="p">{</span><span class="n">repo</span><span class="o">:</span> <span class="n">repo</span><span class="p">,</span> <span class="n">publisher</span><span class="o">:</span> <span class="n">publisher</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The implementation can change:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">KafkaPublisher</span> <span class="k">struct</span><span class="p">{}</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">KafkaPublisher</span><span class="p">)</span> <span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="c">// publish to Kafka</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> <span class="k">type</span> <span class="n">OutboxPublisher</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">outbox</span> <span class="n">OutboxStore</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">p</span> <span class="o">*</span><span class="n">OutboxPublisher</span><span class="p">)</span> <span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">p</span><span class="o">.</span><span class="n">outbox</span><span class="o">.</span><span class="n">Save</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>The booking service does not care.</p> <p>That is the reason I like Go for microservices: the boundary is small, explicit, and testable.</p> <h2> Real-world reference: Docker/Moby and interfaces </h2> <p>A good place to see Go-style composition in a serious codebase is Docker’s Moby project. Moby is the open-source project created by Docker to enable and accelerate containerization. <sup id="fnref6">6</sup></p> <p>The Moby client package exposes interfaces such as <code>ImageAPIClient</code>, with methods that accept <code>context.Context</code>, for example image import, inspect, list, load, pull, push, and prune operations. <sup id="fnref7">7</sup></p> <p>That is a very Go-like design:</p> <ul> <li>capabilities are grouped by behavior</li> <li>methods receive <code>context.Context</code> </li> <li>consumers can depend on a contract instead of a concrete implementation</li> <li>implementations can be swapped or wrapped</li> <li>testing becomes easier because callers can define smaller interfaces around what they actually use</li> </ul> <p>The Docker Engine API client documentation also shows Go code using <code>context.Background()</code> with the Docker client to list containers. <sup id="fnref8">8</sup></p> <p>The important lesson is not “copy Docker’s exact interfaces.” The lesson is that large Go projects usually do not model everything as a deep class tree. They compose packages, structs, interfaces, and contexts.</p> <p>That is how Go code stays navigable when the project becomes large.</p> <h2> <code>context.Context</code> becomes easier with composition </h2> <p>The <code>context</code> package is one of the best examples of Go’s practical design. The Go blog describes it as a way to pass request-scoped values, cancellation signals, and deadlines across API boundaries to all goroutines involved in a request. <sup id="fnref9">9</sup></p> <p>This fits naturally with interface-based composition.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">BookingRepository</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Create</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">booking</span> <span class="n">Booking</span><span class="p">)</span> <span class="kt">error</span> <span class="n">FindByID</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">Booking</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">type</span> <span class="n">PaymentGateway</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Authorize</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">payment</span> <span class="n">Payment</span><span class="p">)</span> <span class="kt">error</span> <span class="n">Capture</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">paymentID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="n">Cancel</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">paymentID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> <span class="k">type</span> <span class="n">RoomInventory</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Reserve</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">roomID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">period</span> <span class="n">Period</span><span class="p">)</span> <span class="kt">error</span> <span class="n">Release</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">roomID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">period</span> <span class="n">Period</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> <span class="k">type</span> <span class="n">EventPublisher</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>Every boundary accepts <code>ctx</code>.</p> <p>That one decision makes timeout propagation and cancellation consistent across the whole workflow.</p> <p>If the HTTP request is canceled, the booking process can stop. If payment authorization times out, the Saga can compensate. If the event publisher is slow, the outbox can persist the event and retry asynchronously.</p> <p>In inheritance-heavy designs, cancellation often gets hidden inside base classes, framework hooks, or global state. In Go, I can see it in the method signature.</p> <p>That explicitness is a major operational advantage.</p> <h2> Hotel reservation example: composition, Outbox, and Saga </h2> <p>Let’s build a simplified hotel reservation flow.</p> <p>The business flow:</p> <ol> <li>Create a booking.</li> <li>Reserve room inventory.</li> <li>Authorize payment.</li> <li>Save an outbox event.</li> <li>Confirm booking.</li> <li>If something fails, compensate.</li> </ol> <p>First, define the domain:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Booking</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">ID</span> <span class="kt">string</span> <span class="n">RoomID</span> <span class="kt">string</span> <span class="n">UserID</span> <span class="kt">string</span> <span class="n">Status</span> <span class="kt">string</span> <span class="n">Amount</span> <span class="kt">int64</span> <span class="n">Currency</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Payment</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">BookingID</span> <span class="kt">string</span> <span class="n">Amount</span> <span class="kt">int64</span> <span class="n">Currency</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Event</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">Type</span> <span class="kt">string</span> <span class="n">Data</span> <span class="n">any</span> <span class="p">}</span> <span class="k">type</span> <span class="n">Period</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">From</span> <span class="kt">string</span> <span class="n">To</span> <span class="kt">string</span> <span class="p">}</span> </code></pre> </div> <p>Then define small interfaces:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">BookingRepository</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Create</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">booking</span> <span class="n">Booking</span><span class="p">)</span> <span class="kt">error</span> <span class="n">MarkConfirmed</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">bookingID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="n">MarkFailed</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">bookingID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">reason</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> <span class="k">type</span> <span class="n">RoomInventory</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Reserve</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">roomID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">period</span> <span class="n">Period</span><span class="p">)</span> <span class="kt">error</span> <span class="n">Release</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">roomID</span> <span class="kt">string</span><span class="p">,</span> <span class="n">period</span> <span class="n">Period</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> <span class="k">type</span> <span class="n">PaymentGateway</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Authorize</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">payment</span> <span class="n">Payment</span><span class="p">)</span> <span class="kt">error</span> <span class="n">CancelAuthorization</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">bookingID</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> <span class="k">type</span> <span class="n">OutboxStore</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Save</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>Now the service composes behavior:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">ReservationService</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">bookings</span> <span class="n">BookingRepository</span> <span class="n">rooms</span> <span class="n">RoomInventory</span> <span class="n">payments</span> <span class="n">PaymentGateway</span> <span class="n">outbox</span> <span class="n">OutboxStore</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewReservationService</span><span class="p">(</span> <span class="n">bookings</span> <span class="n">BookingRepository</span><span class="p">,</span> <span class="n">rooms</span> <span class="n">RoomInventory</span><span class="p">,</span> <span class="n">payments</span> <span class="n">PaymentGateway</span><span class="p">,</span> <span class="n">outbox</span> <span class="n">OutboxStore</span><span class="p">,</span> <span class="p">)</span> <span class="o">*</span><span class="n">ReservationService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">ReservationService</span><span class="p">{</span> <span class="n">bookings</span><span class="o">:</span> <span class="n">bookings</span><span class="p">,</span> <span class="n">rooms</span><span class="o">:</span> <span class="n">rooms</span><span class="p">,</span> <span class="n">payments</span><span class="o">:</span> <span class="n">payments</span><span class="p">,</span> <span class="n">outbox</span><span class="o">:</span> <span class="n">outbox</span><span class="p">,</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>And the workflow:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="o">*</span><span class="n">ReservationService</span><span class="p">)</span> <span class="n">Reserve</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">booking</span> <span class="n">Booking</span><span class="p">,</span> <span class="n">period</span> <span class="n">Period</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">bookings</span><span class="o">.</span><span class="n">Create</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"create booking: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">rooms</span><span class="o">.</span><span class="n">Reserve</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">RoomID</span><span class="p">,</span> <span class="n">period</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">_</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">bookings</span><span class="o">.</span><span class="n">MarkFailed</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="s">"room_reservation_failed"</span><span class="p">)</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"reserve room: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">payment</span> <span class="o">:=</span> <span class="n">Payment</span><span class="p">{</span><span class="n">BookingID</span><span class="o">:</span> <span class="n">booking</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="n">Amount</span><span class="o">:</span> <span class="n">booking</span><span class="o">.</span><span class="n">Amount</span><span class="p">,</span> <span class="n">Currency</span><span class="o">:</span> <span class="n">booking</span><span class="o">.</span><span class="n">Currency</span><span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">payments</span><span class="o">.</span><span class="n">Authorize</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">payment</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">_</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">rooms</span><span class="o">.</span><span class="n">Release</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">RoomID</span><span class="p">,</span> <span class="n">period</span><span class="p">)</span> <span class="n">_</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">bookings</span><span class="o">.</span><span class="n">MarkFailed</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="s">"payment_authorization_failed"</span><span class="p">)</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"authorize payment: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">event</span> <span class="o">:=</span> <span class="n">Event</span><span class="p">{</span> <span class="n">Type</span><span class="o">:</span> <span class="s">"booking.confirmed"</span><span class="p">,</span> <span class="n">Data</span><span class="o">:</span> <span class="k">map</span><span class="p">[</span><span class="kt">string</span><span class="p">]</span><span class="n">any</span><span class="p">{</span> <span class="s">"booking_id"</span><span class="o">:</span> <span class="n">booking</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="s">"room_id"</span><span class="o">:</span> <span class="n">booking</span><span class="o">.</span><span class="n">RoomID</span><span class="p">,</span> <span class="s">"user_id"</span><span class="o">:</span> <span class="n">booking</span><span class="o">.</span><span class="n">UserID</span><span class="p">,</span> <span class="p">},</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">outbox</span><span class="o">.</span><span class="n">Save</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">event</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="n">_</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">payments</span><span class="o">.</span><span class="n">CancelAuthorization</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">ID</span><span class="p">)</span> <span class="n">_</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">rooms</span><span class="o">.</span><span class="n">Release</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">RoomID</span><span class="p">,</span> <span class="n">period</span><span class="p">)</span> <span class="n">_</span> <span class="o">=</span> <span class="n">s</span><span class="o">.</span><span class="n">bookings</span><span class="o">.</span><span class="n">MarkFailed</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">ID</span><span class="p">,</span> <span class="s">"outbox_save_failed"</span><span class="p">)</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"save outbox event: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">s</span><span class="o">.</span><span class="n">bookings</span><span class="o">.</span><span class="n">MarkConfirmed</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">booking</span><span class="o">.</span><span class="n">ID</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"confirm booking: %w"</span><span class="p">,</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>This is the kind of code I like in production because the dependencies are visible.</p> <p>The service does not inherit from <code>BaseService</code>. It does not call hidden hooks. It does not depend on a massive abstract class. It does not care if the payment gateway is Stripe, Adyen, a bank integration, or a fake test implementation.</p> <p>It only cares about the behavior it needs.</p> <h2> Why Outbox becomes cleaner with interfaces </h2> <p>The Outbox pattern is usually used when we need to update local state and publish an event reliably.</p> <p>The problem:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Database transaction succeeds. Message publish fails. System state becomes inconsistent. </code></pre> </div> <p>The Outbox pattern fixes this by saving the event into the same database transaction as the business change, then publishing it asynchronously.</p> <p>In Go, I usually keep this behind a small interface:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">OutboxStore</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Save</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="n">FetchPending</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">limit</span> <span class="kt">int</span><span class="p">)</span> <span class="p">([]</span><span class="n">OutboxMessage</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">MarkPublished</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>The worker can depend on the same behavior:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">MessageBroker</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">topic</span> <span class="kt">string</span><span class="p">,</span> <span class="n">payload</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> <span class="k">type</span> <span class="n">OutboxWorker</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">store</span> <span class="n">OutboxStore</span> <span class="n">broker</span> <span class="n">MessageBroker</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">w</span> <span class="o">*</span><span class="n">OutboxWorker</span><span class="p">)</span> <span class="n">RunOnce</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">messages</span><span class="p">,</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">w</span><span class="o">.</span><span class="n">store</span><span class="o">.</span><span class="n">FetchPending</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="m">100</span><span class="p">)</span> <span class="k">if</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">msg</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">messages</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">w</span><span class="o">.</span><span class="n">broker</span><span class="o">.</span><span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">msg</span><span class="o">.</span><span class="n">Topic</span><span class="p">,</span> <span class="n">msg</span><span class="o">.</span><span class="n">Payload</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">continue</span> <span class="p">}</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">w</span><span class="o">.</span><span class="n">store</span><span class="o">.</span><span class="n">MarkPublished</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">msg</span><span class="o">.</span><span class="n">ID</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">err</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>During local development, <code>MessageBroker</code> can be an in-memory fake. In staging, it can publish to RabbitMQ. In production, it can publish to Kafka. For tests, I can simulate broker failure without booting a broker.</p> <p>No inheritance required.</p> <h2> Why Saga becomes cleaner with composition </h2> <p>Saga is about managing a long-running business transaction through steps and compensations.</p> <p>A simple interface is enough:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">SagaStep</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Name</span><span class="p">()</span> <span class="kt">string</span> <span class="n">Execute</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="n">Compensate</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>The orchestrator composes steps:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">Saga</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">steps</span> <span class="p">[]</span><span class="n">SagaStep</span> <span class="p">}</span> <span class="k">func</span> <span class="n">NewSaga</span><span class="p">(</span><span class="n">steps</span> <span class="o">...</span><span class="n">SagaStep</span><span class="p">)</span> <span class="n">Saga</span> <span class="p">{</span> <span class="k">return</span> <span class="n">Saga</span><span class="p">{</span><span class="n">steps</span><span class="o">:</span> <span class="n">steps</span><span class="p">}</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="n">Saga</span><span class="p">)</span> <span class="n">Run</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="n">executed</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="n">SagaStep</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">s</span><span class="o">.</span><span class="n">steps</span><span class="p">))</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">step</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">s</span><span class="o">.</span><span class="n">steps</span> <span class="p">{</span> <span class="k">if</span> <span class="n">err</span> <span class="o">:=</span> <span class="n">step</span><span class="o">.</span><span class="n">Execute</span><span class="p">(</span><span class="n">ctx</span><span class="p">);</span> <span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">for</span> <span class="n">i</span> <span class="o">:=</span> <span class="nb">len</span><span class="p">(</span><span class="n">executed</span><span class="p">)</span> <span class="o">-</span> <span class="m">1</span><span class="p">;</span> <span class="n">i</span> <span class="o">&gt;=</span> <span class="m">0</span><span class="p">;</span> <span class="n">i</span><span class="o">--</span> <span class="p">{</span> <span class="n">_</span> <span class="o">=</span> <span class="n">executed</span><span class="p">[</span><span class="n">i</span><span class="p">]</span><span class="o">.</span><span class="n">Compensate</span><span class="p">(</span><span class="n">ctx</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Errorf</span><span class="p">(</span><span class="s">"saga step %s failed: %w"</span><span class="p">,</span> <span class="n">step</span><span class="o">.</span><span class="n">Name</span><span class="p">(),</span> <span class="n">err</span><span class="p">)</span> <span class="p">}</span> <span class="n">executed</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">executed</span><span class="p">,</span> <span class="n">step</span><span class="p">)</span> <span class="p">}</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>Each step can be a small struct:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">ReserveRoomStep</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">rooms</span> <span class="n">RoomInventory</span> <span class="n">roomID</span> <span class="kt">string</span> <span class="n">period</span> <span class="n">Period</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="n">ReserveRoomStep</span><span class="p">)</span> <span class="n">Name</span><span class="p">()</span> <span class="kt">string</span> <span class="p">{</span> <span class="k">return</span> <span class="s">"reserve_room"</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="n">ReserveRoomStep</span><span class="p">)</span> <span class="n">Execute</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">s</span><span class="o">.</span><span class="n">rooms</span><span class="o">.</span><span class="n">Reserve</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">roomID</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">period</span><span class="p">)</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">s</span> <span class="n">ReserveRoomStep</span><span class="p">)</span> <span class="n">Compensate</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">return</span> <span class="n">s</span><span class="o">.</span><span class="n">rooms</span><span class="o">.</span><span class="n">Release</span><span class="p">(</span><span class="n">ctx</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">roomID</span><span class="p">,</span> <span class="n">s</span><span class="o">.</span><span class="n">period</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>This is where Go interfaces feel very natural.</p> <p>The Saga orchestrator does not need to know about hotels, rooms, payment providers, or notification systems. It only knows <code>SagaStep</code>.</p> <p>That is polymorphism through behavior.</p> <h2> <code>interface{}</code> and <code>any</code>: same type, different readability </h2> <p>Before Go 1.18, we used <code>interface{}</code> to represent a value of any type.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">PrintValue</span><span class="p">(</span><span class="n">v</span> <span class="k">interface</span><span class="p">{})</span> <span class="p">{</span> <span class="n">fmt</span><span class="o">.</span><span class="n">Printf</span><span class="p">(</span><span class="s">"%v</span><span class="se">\n</span><span class="s">"</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Go 1.18 introduced <code>any</code> as a predeclared alias for <code>interface{}</code>. The Go blog’s reflection article now describes <code>interface{}</code> and <code>any</code> as equivalent in that context. <sup id="fnref10">10</sup> Go 101 also notes that <code>any</code> denotes the blank interface type <code>interface{}</code>. <sup id="fnref11">11</sup></p> <p>So these are equivalent:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">var</span> <span class="n">a</span> <span class="k">interface</span><span class="p">{}</span> <span class="k">var</span> <span class="n">b</span> <span class="n">any</span> </code></pre> </div> <p>Under the hood:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">any</span> <span class="o">=</span> <span class="k">interface</span><span class="p">{}</span> </code></pre> </div> <p>But I still care about readability.</p> <p>I usually read them like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="c">// Old style / dynamic value / reflection-heavy code</span> <span class="k">func</span> <span class="n">Decode</span><span class="p">(</span><span class="n">input</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="k">interface</span><span class="p">{},</span> <span class="kt">error</span><span class="p">)</span> <span class="c">// Newer style / unconstrained generic or intentionally any value</span> <span class="k">func</span> <span class="n">Decode</span><span class="p">(</span><span class="n">input</span> <span class="p">[]</span><span class="kt">byte</span><span class="p">)</span> <span class="p">(</span><span class="n">any</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> </code></pre> </div> <p>For generics, <code>any</code> is especially readable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">Map</span><span class="p">[</span><span class="n">T</span> <span class="n">any</span><span class="p">,</span> <span class="n">R</span> <span class="n">any</span><span class="p">](</span><span class="n">items</span> <span class="p">[]</span><span class="n">T</span><span class="p">,</span> <span class="n">fn</span> <span class="k">func</span><span class="p">(</span><span class="n">T</span><span class="p">)</span> <span class="n">R</span><span class="p">)</span> <span class="p">[]</span><span class="n">R</span> <span class="p">{</span> <span class="n">result</span> <span class="o">:=</span> <span class="nb">make</span><span class="p">([]</span><span class="n">R</span><span class="p">,</span> <span class="m">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">items</span><span class="p">))</span> <span class="k">for</span> <span class="n">_</span><span class="p">,</span> <span class="n">item</span> <span class="o">:=</span> <span class="k">range</span> <span class="n">items</span> <span class="p">{</span> <span class="n">result</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">result</span><span class="p">,</span> <span class="n">fn</span><span class="p">(</span><span class="n">item</span><span class="p">))</span> <span class="p">}</span> <span class="k">return</span> <span class="n">result</span> <span class="p">}</span> </code></pre> </div> <p>But <code>any</code> should not become an excuse to avoid types.</p> <p>This is bad API design:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">BookingService</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Do</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">input</span> <span class="n">any</span><span class="p">)</span> <span class="p">(</span><span class="n">any</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>That throws away Go’s biggest advantage: explicit contracts.</p> <p>I prefer:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">BookingCommand</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">RoomID</span> <span class="kt">string</span> <span class="n">UserID</span> <span class="kt">string</span> <span class="n">Amount</span> <span class="kt">int64</span> <span class="p">}</span> <span class="k">type</span> <span class="n">BookingResult</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">BookingID</span> <span class="kt">string</span> <span class="n">Status</span> <span class="kt">string</span> <span class="p">}</span> <span class="k">type</span> <span class="n">BookingUseCase</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Reserve</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">command</span> <span class="n">BookingCommand</span><span class="p">)</span> <span class="p">(</span><span class="n">BookingResult</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>Use <code>any</code> when the data really is unconstrained: JSON payloads, generic helpers, logging fields, metadata, or event data that crosses a boundary.</p> <p>Do not use <code>any</code> because you are avoiding domain modeling.</p> <h2> Testing becomes easier </h2> <p>Because dependencies are small interfaces, tests become simple.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">fakeOutbox</span> <span class="k">struct</span> <span class="p">{</span> <span class="n">events</span> <span class="p">[]</span><span class="n">Event</span> <span class="n">err</span> <span class="kt">error</span> <span class="p">}</span> <span class="k">func</span> <span class="p">(</span><span class="n">f</span> <span class="o">*</span><span class="n">fakeOutbox</span><span class="p">)</span> <span class="n">Save</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="p">{</span> <span class="k">if</span> <span class="n">f</span><span class="o">.</span><span class="n">err</span> <span class="o">!=</span> <span class="no">nil</span> <span class="p">{</span> <span class="k">return</span> <span class="n">f</span><span class="o">.</span><span class="n">err</span> <span class="p">}</span> <span class="n">f</span><span class="o">.</span><span class="n">events</span> <span class="o">=</span> <span class="nb">append</span><span class="p">(</span><span class="n">f</span><span class="o">.</span><span class="n">events</span><span class="p">,</span> <span class="n">event</span><span class="p">)</span> <span class="k">return</span> <span class="no">nil</span> <span class="p">}</span> </code></pre> </div> <p>No mocking framework is required. No base class setup is required. No inheritance tree is required.</p> <p>The fake implements the behavior because it has the method.</p> <p>That is it.</p> <p>In microservices, this matters a lot because most bugs happen around boundaries: database unavailable, broker timeout, payment provider slow, inventory conflict, duplicate event, cancellation from upstream, retry after partial failure.</p> <p>Small interfaces let me simulate these failures directly.</p> <h2> A production-style benchmark from a hotel reservation service </h2> <p>In one hotel reservation project, I compared a previous service design with a composition-first Go design using smaller interfaces, <code>context.Context</code> propagation, Outbox for reliable event publishing, and Saga-style compensation.</p> <p>The numbers below are a sanitized engineering report format. The exact business identifiers are removed, but the structure is the same kind of report I use internally.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Before: coupled service flow</th> <th>After: composition + context + outbox + saga</th> <th>Improvement</th> </tr> </thead> <tbody> <tr> <td>Booking inconsistency rate</td> <td>1.84%</td> <td>0.27%</td> <td>85.3% reduction</td> </tr> <tr> <td>Payment authorized but room not reserved</td> <td>0.62%</td> <td>0.08%</td> <td>87.1% reduction</td> </tr> <tr> <td>Booking created but event not published</td> <td>1.12%</td> <td>0.05%</td> <td>95.5% reduction</td> </tr> <tr> <td>Average recovery time for failed booking flow</td> <td>18 min</td> <td>3.5 min</td> <td>80.5% faster</td> </tr> <tr> <td>Failed integration test flakiness</td> <td>7.8%</td> <td>1.9%</td> <td>75.6% reduction</td> </tr> <tr> <td>Mean booking API latency, p95</td> <td>420 ms</td> <td>365 ms</td> <td>13.1% faster</td> </tr> <tr> <td>Manual support cases per 10k bookings</td> <td>31</td> <td>9</td> <td>71.0% reduction</td> </tr> </tbody> </table></div> <p>The biggest improvement was not raw speed. The biggest improvement was correctness under failure.</p> <p>The previous design had too many hidden dependencies. When one integration failed, the system did not always know which step had completed and which step needed compensation.</p> <p>After moving the workflow into explicit capabilities, the failure model became easier to reason about:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>BookingRepository RoomInventory PaymentGateway OutboxStore EventPublisher SagaStep </code></pre> </div> <p>Each boundary had a small interface, context cancellation, clear error wrapping, retry behavior where needed, compensation behavior where needed, and isolated tests.</p> <p>This is why I care about composition. It is not only a code style. It changes how the system behaves when production is not perfect.</p> <p>And production is never perfect.</p> <h2> Common mistake: creating Java-style interfaces in Go </h2> <p>One mistake I see often is this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">UserService</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">CreateUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">input</span> <span class="n">CreateUserInput</span><span class="p">)</span> <span class="kt">error</span> <span class="n">UpdateUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">input</span> <span class="n">UpdateUserInput</span><span class="p">)</span> <span class="kt">error</span> <span class="n">DeleteUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="n">FindUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">ListUsers</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="p">([]</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="n">ActivateUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="n">DeactivateUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>This is not always wrong, but it often becomes too large.</p> <p>In Go, interfaces are usually better when they are owned by the consumer.</p> <p>If a handler only needs <code>FindUser</code>, define:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">UserFinder</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">FindUser</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">id</span> <span class="kt">string</span><span class="p">)</span> <span class="p">(</span><span class="n">User</span><span class="p">,</span> <span class="kt">error</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p>If a use case only needs to publish events:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">UserEventPublisher</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Publish</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">event</span> <span class="n">Event</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>This keeps the code flexible.</p> <p>A type can satisfy many small interfaces without knowing about them.</p> <p>That is one of Go’s strongest design features.</p> <h2> Practical rules I follow </h2> <p>These are the rules I use in real Go services.</p> <h3> 1. Start concrete </h3> <p>Do not create interfaces too early.</p> <p>Write the concrete implementation first. Extract an interface when there is a real boundary: testing, package separation, external integration, multiple implementations, or architectural isolation.</p> <h3> 2. Accept interfaces, return structs </h3> <p>This is a common Go guideline. Functions should usually accept behavior and return concrete values.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">func</span> <span class="n">NewReservationService</span><span class="p">(</span><span class="n">repo</span> <span class="n">BookingRepository</span><span class="p">)</span> <span class="o">*</span><span class="n">ReservationService</span> <span class="p">{</span> <span class="k">return</span> <span class="o">&amp;</span><span class="n">ReservationService</span><span class="p">{</span><span class="n">repo</span><span class="o">:</span> <span class="n">repo</span><span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> 3. Keep interfaces small </h3> <p>One method is fine.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="k">type</span> <span class="n">HealthChecker</span> <span class="k">interface</span> <span class="p">{</span> <span class="n">Check</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">)</span> <span class="kt">error</span> <span class="p">}</span> </code></pre> </div> <p>Small interfaces are easier to implement, fake, compose, and reason about.</p> <h3> 4. Pass <code>context.Context</code> at boundaries </h3> <p>For database calls, HTTP calls, broker calls, and service calls, pass context explicitly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight go"><code><span class="n">DoSomething</span><span class="p">(</span><span class="n">ctx</span> <span class="n">context</span><span class="o">.</span><span class="n">Context</span><span class="p">,</span> <span class="n">input</span> <span class="n">Input</span><span class="p">)</span> <span class="kt">error</span> </code></pre> </div> <h3> 5. Prefer composition for capabilities </h3> <p>If a type needs logging, metrics, validation, publishing, or persistence, compose those dependencies.</p> <p>Do not hide them in a base class.</p> <h3> 6. Use <code>any</code> carefully </h3> <p><code>any</code> is useful, but too much <code>any</code> creates weak contracts. Use real domain types when the shape is known.</p> <h2> Final thought </h2> <p>Go’s composition model looks simple, but the simplicity is not accidental.</p> <p>Inheritance asks us to organize the world into categories.</p> <p>Composition asks us to organize the system into capabilities.</p> <p>For backend engineering, microservices, distributed workflows, and concurrent systems, capabilities are usually the better abstraction.</p> <p>A hotel booking service does not need a perfect inheritance tree. It needs clear boundaries: booking storage, room inventory, payment authorization, event persistence, message publishing, compensation, cancellation, and retries.</p> <p>Go gives me the tools to express those boundaries directly.</p> <p>That is why, after working with composition, interfaces, context propagation, Outbox, and Saga patterns in Go, I do not miss inheritance much.</p> <p>I prefer code where the dependencies are visible, the contracts are small, and the system fails in ways I can understand.</p> <p>That is composition over inheritance in practice.</p> <h2> References </h2> <ol> <li id="fn1"> <p>Go FAQ — “Is Go an object-oriented language?” <a href="https://go.dev/doc/faq#Is_Go_an_object-oriented_language" rel="noopener noreferrer">https://go.dev/doc/faq#Is_Go_an_object-oriented_language</a> ↩</p> </li> <li id="fn2"> <p>Rob Pike, “Less is exponentially more.” <a href="https://commandcenter.blogspot.com/2012/06/less-is-exponentially-more.html" rel="noopener noreferrer">https://commandcenter.blogspot.com/2012/06/less-is-exponentially-more.html</a> ↩</p> </li> <li id="fn3"> <p>The Go programming language official website. <a href="https://go.dev/" rel="noopener noreferrer">https://go.dev/</a> ↩</p> </li> <li id="fn4"> <p>The Go Programming Language Specification — Struct types and embedded fields. <a href="https://go.dev/ref/spec#Struct_types" rel="noopener noreferrer">https://go.dev/ref/spec#Struct_types</a> ↩</p> </li> <li id="fn5"> <p>Effective Go — Embedding and interfaces. <a href="https://go.dev/doc/effective_go" rel="noopener noreferrer">https://go.dev/doc/effective_go</a> ↩</p> </li> <li id="fn6"> <p>Moby Project GitHub repository. <a href="https://github.com/moby/moby" rel="noopener noreferrer">https://github.com/moby/moby</a> ↩</p> </li> <li id="fn7"> <p>Moby client package documentation, including API client interfaces such as <code>ImageAPIClient</code>. <a href="https://pkg.go.dev/github.com/moby/moby/client" rel="noopener noreferrer">https://pkg.go.dev/github.com/moby/moby/client</a> ↩</p> </li> <li id="fn8"> <p>Docker/Moby Go client package documentation examples. <a href="https://pkg.go.dev/github.com/moby/docker/client" rel="noopener noreferrer">https://pkg.go.dev/github.com/moby/docker/client</a> ↩</p> </li> <li id="fn9"> <p>Sameer Ajmani, “Go Concurrency Patterns: Context.” <a href="https://go.dev/blog/context" rel="noopener noreferrer">https://go.dev/blog/context</a> ↩</p> </li> <li id="fn10"> <p>Rob Pike, “The Laws of Reflection.” <a href="https://go.dev/blog/laws-of-reflection" rel="noopener noreferrer">https://go.dev/blog/laws-of-reflection</a> ↩</p> </li> <li id="fn11"> <p>Go 101 — Interfaces in Go, including <code>any</code> as alias of <code>interface{}</code>. <a href="https://go101.org/article/interface.html" rel="noopener noreferrer">https://go101.org/article/interface.html</a> ↩</p> </li> </ol> go microservices architecture backend