Scrolls
3 min read
On this page

Abstraction Leaks

Overview

Joel Spolsky formulated the Law of Leaky Abstractions: all non-trivial abstractions, to some degree, are leaky. An abstraction hides complexity to let you work at a higher level. But the complexity doesn't disappear. It waits below the surface until something goes wrong, and then it forces its way through.

TCP guarantees delivery but not latency. ORMs abstract SQL but not query performance. REST abstracts operations but not network failures. Cloud providers abstract hardware but not capacity limits. Every abstraction hides complexity until it doesn't. The best engineers know what is behind the abstraction so that when it leaks, they can fix the problem instead of staring at it.

How Abstractions Work

An abstraction is a contract:
  "Give me these inputs, and I'll handle the complexity.
   You don't need to know how."

The contract works until an edge case breaks it:
  "I said I'd handle the complexity. I can't handle this case.
   Now you need to know how after all."

That's the leak. The abstraction fails to hide the underlying
complexity, and you must understand the layer below to proceed.

Classic Leaky Abstractions

TCP: Guarantees Delivery, Not Latency

The abstraction:
  TCP gives you a reliable byte stream. Send data, it arrives
  in order, without corruption, without loss. You don't need
  to worry about packets, retransmission, or network topology.

The leak:
  A packet is lost. TCP retransmits it. Your application doesn't
  lose data, but it pauses for 200ms while retransmission happens.
  Another packet is lost. TCP backs off exponentially. Now the
  pause is 800ms. Your real-time game stutters. Your API call
  times out.

  TCP promised reliable delivery. It delivered. But it never
  promised consistent latency, and your application assumed
  it did.

When it matters:
  → Real-time applications (games, video, VoIP) where late data
    is worse than lost data. UDP exists because TCP's guarantee
    is sometimes the wrong guarantee.
  → Microservice communication where tail latency of one service
    becomes the total latency of the request chain.
  → Database replication where network jitter causes replication
    lag that the application doesn't expect.

ORMs: Abstract SQL, Not Query Performance

The abstraction:
  Write Python/Java/Ruby objects. The ORM generates SQL.
  You don't need to think about joins, indexes, or query plans.

The leak:
  You write a loop that accesses a related object on each iteration.

  # Python with SQLAlchemy
  for order in user.orders:      # 1 query: SELECT * FROM orders WHERE user_id = ?
      print(order.product.name)  # N queries: SELECT * FROM products WHERE id = ?

  The ORM hides the fact that each .product access is a separate
  database round trip. This is the N+1 query problem. Your code
  looks like object access. The database sees 1,001 queries
  for 1,000 orders.

  The ORM abstracted SQL but not the performance characteristics
  of database access patterns.

When it matters:
  → Any list page that displays related data (orders with products,
    users with roles, posts with comments)
  → Background jobs that process collections of records
  → Any code path that touches the database in a loop
  → Production systems where the N+1 problem was invisible
    during development (10 records) but catastrophic at scale
    (10,000 records)

REST: Abstracts Operations, Not Network Failures

The abstraction:
  HTTP endpoints that map to resources. GET /users/123 retrieves
  a user. PUT /users/123 updates a user. The network is invisible.

The leak:
  You call PUT /users/123 to update a user's email address.
  The request times out. Did it succeed or fail?

  → If it succeeded and you retry, you might trigger a duplicate
    email notification.
  → If it failed and you don't retry, the user's email is wrong.
  → You cannot tell which happened without making the operation
    idempotent or checking the current state.

  REST made the operation look like a local function call.
  But network calls can fail in ways that local calls cannot:
  timeout (unknown state), partial failure, and retry ambiguity.

When it matters:
  → Payment operations where a timeout could mean the charge
    went through or didn't
  → Any state-changing operation where the client doesn't know
    the outcome
  → Distributed systems where calls between services look simple
    in the code but carry all the uncertainty of network communication

Cloud Providers: Abstract Hardware, Not Capacity

The abstraction:
  "Infinite scale. Just add more instances. We handle the hardware."

The leak:
  You try to launch 500 EC2 instances for a load test.
  AWS returns: "You have reached your instance limit."
  You try to scale your RDS instance to a larger size.
  AWS says: "This instance type is not available in this
  availability zone."

  The cloud abstracted hardware procurement. But hardware
  is still finite. Regions have capacity limits. Instance
  types sell out. The abstraction of infinite resources leaks
  when demand exceeds supply.

When it matters:
  → Black Friday traffic spikes where auto-scaling hits account
    or region limits
  → Disaster recovery when you need to spin up in a new region
    that may not have the same capacity
  → Any time you assume "the cloud will handle it" without
    verifying that the specific resources you need are available

Garbage Collection: Abstracts Memory, Not Latency

The abstraction:
  Allocate objects freely. The garbage collector frees memory
  when objects are no longer referenced. You don't manage memory.

The leak:
  The garbage collector pauses your application to collect.
  A minor GC takes 5ms. A major GC takes 200ms. Your
  real-time trading system misses a market event because
  it was paused for garbage collection.

  The abstraction hid memory management. It did not hide
  the performance cost of memory management. You don't manage
  memory, but you still pay for it.

When it matters:
  → Latency-sensitive applications (trading systems, games,
    real-time bidding)
  → High-throughput services where GC pauses cause request
    queuing and cascading delays
  → Any system where consistent latency matters more than
    average latency

Less Obvious Leaks

CI/CD Pipelines

The abstraction:
  Push code, it gets tested and deployed automatically.
  You don't worry about build environments, dependencies,
  or deployment orchestration.

The leak:
  Your build passes locally but fails in CI because the CI
  environment has a different version of a system library.
  Your deploy succeeds in staging but fails in production
  because the environment variable is different.
  Your tests pass in isolation but fail when run in parallel
  because they share a test database.

  CI/CD abstracted "build and deploy." It did not abstract
  the differences between environments or the implicit
  assumptions your code makes about its runtime context.

Kubernetes

The abstraction:
  Declare the desired state. Kubernetes makes it so.
  Self-healing, auto-scaling, service discovery — all handled.

The leak:
  A pod is evicted because the node ran out of memory.
  The pod restarts on another node but its local disk cache
  is gone. Performance degrades until the cache warms up.

  A service mesh routes traffic to a pod that is technically
  "ready" but hasn't loaded its in-memory data yet. Requests
  fail for 30 seconds after every deploy.

  DNS resolution caches a stale IP after a pod restarts.
  Requests go to a dead endpoint for 30 seconds until the
  TTL expires.

  Kubernetes abstracted orchestration. It did not abstract
  the realities of distributed computing: network partitions,
  cache locality, startup time, and DNS caching.

Type Systems

The abstraction:
  If the code compiles, it's correct. The type checker verifies
  that functions receive the right types and return the right types.

The leak:
  The type says the function returns User. But the function
  makes a network call that can fail, return null, or return
  a user with missing fields. The type is technically correct
  (it returns a User object) but the object may be in an
  invalid state.

  Types abstract structural correctness. They do not abstract
  semantic correctness. A function that returns User | null
  is more honest than one that returns User but sometimes
  returns an empty object that passes type checking.

Working with Leaky Abstractions

Learn the Layer Below

You don't need to be an expert in every layer. But for the
abstractions you depend on daily, learn one level down.

If you use an ORM:
  → Learn enough SQL to read query plans
  → Understand indexes, joins, and the N+1 problem
  → Know when to bypass the ORM and write raw SQL

If you use a cloud provider:
  → Learn about regions, availability zones, and capacity limits
  → Understand networking (VPCs, security groups, DNS)
  → Know the failure modes of the services you use

If you use a framework:
  → Read the source code of the parts you use most
  → Understand the request lifecycle
  → Know where the framework makes assumptions about
    your application's behavior

The goal: when the abstraction leaks, you recognize the
leak and know where to look. You don't need to rebuild
the abstraction. You need to patch the hole.

Design for the Leak

If you know an abstraction will leak, plan for it.

ORM leaks: Add query logging in development.
  Alert when a request generates more than 20 queries.
  This catches N+1 problems before they reach production.

Network leaks: Add timeouts, retries with backoff, and
  circuit breakers on all external calls. Don't assume
  the network is reliable just because the code looks
  like a local function call.

Cloud leaks: Request capacity increases before you need them.
  Test auto-scaling at 2x expected peak, not at average load.
  Have a plan for what happens when the cloud says "no."

GC leaks: Monitor GC pause times. Set alerts for pauses
  that exceed your latency budget. Profile memory allocation
  patterns in development.

Recognize When to Drop Down a Level

Signs that you need to go below the abstraction:

  → Performance is unexpectedly poor and the abstraction layer
    has no knobs to tune it
  → Errors are cryptic because the abstraction translates
    the underlying error into something generic
  → The abstraction forces you into a pattern that doesn't
    fit your use case
  → You're working around the abstraction more than you're
    using it

When you see these signs:
  → Don't fight the abstraction. Go around it for that
    specific case.
  → Write raw SQL for the one query that needs to be fast.
  → Use a lower-level HTTP client for the one call that
    needs custom retry logic.
  → Keep the abstraction for the 90% of cases where it works.
    Bypass it for the 10% where it doesn't.

Common Pitfalls

  • Assuming the abstraction handles everything: The most common mistake. "The ORM handles database access" doesn't mean "the ORM handles database performance." Every abstraction has a boundary, and you need to know where it is.
  • Avoiding abstractions because they leak: Leaky abstractions are still vastly better than no abstractions. Writing raw SQL for everything because ORMs leak is like walking everywhere because cars sometimes break down. Use the abstraction. Know its limits.
  • Building your own abstraction to fix the leak: Custom abstractions over leaky abstractions create a two-layer leak problem. Your abstraction leaks AND the underlying abstraction leaks. Unless you're building something used by many teams, prefer learning the existing abstraction's quirks over wrapping it.
  • Not teaching the team about the leaks: When you discover that the ORM generates bad queries in a specific pattern, document it. When you learn that the cloud provider has capacity limits, share it. The knowledge of where abstractions leak is some of the most valuable knowledge on an engineering team.
  • Blaming the abstraction instead of learning it: "The ORM is slow" usually means "I don't understand how the ORM generates queries." The first response to a leaky abstraction should be learning, not blaming.

Key Takeaways

  • Every non-trivial abstraction leaks. TCP leaks latency, ORMs leak query performance, REST leaks network failure semantics, cloud providers leak capacity limits, and garbage collectors leak pause times. This is inherent to abstraction, not a defect.
  • The best engineers know what is behind the abstractions they use. You don't need to be an expert in every layer, but for the abstractions you depend on daily, learn one level down.
  • Design for the leak. Add query logging to catch ORM N+1 problems, timeouts and circuit breakers to handle network failures, and capacity monitoring to anticipate cloud limits. Assume the abstraction will leak and build defenses.
  • When the abstraction doesn't fit, go around it for that specific case. Write raw SQL for the one hot query. Use a lower-level client for the one call with custom retry needs. Keep the abstraction for the 90% where it works.
  • Leaky abstractions are still better than no abstractions. The goal is not to avoid abstractions but to use them with awareness of their boundaries. Know the map's edge, and you'll know when you've walked off it.