piljoong.dev
Posts
piljoong.dev

Contents

Contents

The 10-Join Query Nobody Wanted to Debug

piljoong avatarpiljoong  included in  categories Engineering Architecture
     1075 words   5 minutes 

The alert came in during business hours.

A seller-facing marketplace listing page was showing incorrect items. Products that should never appear in standard listings were suddenly visible. This wasn’t a cosmetic issue. It was a correctness problem in a read path users relied on.

The engineer who originally wrote the code was on vacation.

The on-call engineer and I jumped in. Within five minutes, we confirmed the symptom. Within ten, we located the query responsible for the listing.

That was the easy part.

The query joined double-digit tables: items, prices, inventory, grades, requests, statuses, and various bits of metadata. The logic was spread across JOIN conditions, nested predicates, and a large WHERE clause with multiple branches.

Nothing was obviously wrong.

After about twenty minutes of staring at it, another engineer said:

“Didn’t we have a similar issue with bulk-weight requests before?”

That one sentence broke the deadlock.

With that context, the bug became clear almost immediately. A single condition inside an OR branch was leaking items from a completely different business flow into the listing. One line changed. Issue resolved.

Total time: roughly thirty minutes.

But the part that bothered me wasn’t the bug.

It was this:

we only fixed it because someone remembered a previous incident.

The code itself didn’t make the problem obvious.

This wasn’t a hard bug.

There were no race conditions, no partial failures, no corrupt data. The SQL was valid. The results looked plausible. The failure was subtle, which is exactly what made it dangerous.

Understanding why the bug existed required:

  • remembering an earlier incident,
  • knowing that certain flows were “special,”
  • and holding a mental model that lived nowhere in the code.

That’s not a debugging problem.

That’s a design problem.

When a system can only be debugged by people who remember its history, the system has started to depend on institutional memory. That dependency is invisible until the day it isn’t there.

The root cause was structural.

The same query was serving two fundamentally different business flows.

  • Items are individually inspected
  • Each item is graded and priced
  • Eligible items appear in marketplace listings
  • Items are submitted as a batch
  • No individual inspection or grading
  • Treated as a single unit
  • Must never appear in item-level listings

These flows have different lifecycles, rules, and invariants.

But they shared the same read path.

Here is a simplified version of the pattern:

SELECT items.*
FROM items
JOIN requests  ON items.request_id = requests.id
JOIN inventory ON items.id = inventory.item_id
JOIN prices    ON items.id = prices.item_id
JOIN grades    ON items.id = grades.item_id
WHERE items.seller_id = ?
  AND (
    (requests.type = 'STANDARD' AND items.status = 'ACTIVE')
    OR
    (requests.type = 'BULK_WEIGHT' AND requests.status = 'PROCESSED')
  )
ORDER BY items.created_at DESC;

The bug lived inside that OR.

Because both flows shared the same query, one incorrect condition was enough to violate a critical invariant.

This was not the first time the system had shown this behavior.

The earlier incident was “fixed” by tightening a condition. Alerts went green. The symptom disappeared. The structure didn’t change.

At the time, that was a reasonable decision.

Changing a query condition felt safer than restructuring a core read path. Pagination had to remain correct. Filters spanned multiple tables. The system worked.

This is how risk accumulates in real systems.

Incidents fix behavior. Architecture fixes recurrence.

We had tests.

They verified expected listings. They checked known filters. They asserted positive cases.

What they didn’t encode was the invariant that mattered most:

Bulk-weight items must never appear in standard listings.

That rule existed in convention and shared understanding, not in structure.

Tests enforce known behavior. They cannot protect against future logic paths that violate unstated invariants.

The query wasn’t an accident. At the time, it optimized for fewer round trips, simpler pagination, and a single place to apply filters.

The real cost of the query wasn’t performance.

It was cognitive load.

  • You couldn’t reason about one flow without understanding the other.
  • You couldn’t change one condition without re-validating everything.
  • Even after fixing the bug, we weren’t confident it was the only bug.

That uncertainty matters.

A system that cannot be confidently modified is a system that slows down every team that touches it.

The fix wasn’t “better SQL.”

The fix was separating the read paths so the invariant could not be violated.

fun getStandardListings(sellerId: String): List<StandardItem> {
    val itemIds = itemRepo.findStandardItemIds(sellerId)
    return itemAggregator.load(itemIds)
}

fun getBulkWeightSummary(sellerId: String): BulkWeightSummary {
    val requests = requestRepo.findBulkWeightRequests(sellerId)
    return buildSummary(requests)
}

The database still filters and sorts.

But the rule, “bulk-weight items never appear in standard listings” is now enforced by structure, not a conditional branch.

No OR clause can accidentally violate it.

There is some extra orchestration and a few more queries. That tradeoff was worth it.

The principle is simple. Recognizing when to apply it, and when a system has outgrown the original tradeoff, is not.

This is the concern that keeps many teams here.

The solution is to separate selection from assembly.

Use SQL to select and order IDs only:

SELECT i.id
FROM items i
JOIN grades g ON g.item_id = i.id
JOIN prices p ON p.item_id = i.id
WHERE i.seller_id = ?
  AND i.type = 'STANDARD'
ORDER BY i.created_at DESC
LIMIT 20 OFFSET 40;

Then load and assemble data separately.

This preserves pagination correctness while dramatically reducing query complexity. It also makes cross-flow leakage impossible.

Many mature systems converge on this pattern eventually, often after learning why the alternative hurts.

This incident cemented a lesson I thought I already knew, but hadn’t really felt until then:

If a read path requires institutional memory to debug, the abstraction is already broken.

Complex queries are often symptoms, not causes.

They signal that:

  • multiple business concepts share the same surface,
  • invariants exist only in people’s heads,
  • structural separation was deferred because the cost wasn’t visible yet.

Those systems work, until they don’t.

And when they fail, they fail quietly, in ways only veterans can explain.

That’s not resilience.

That’s accumulated risk.

A complex query mixed two business flows. A bug leaked data between them. We only found it because someone remembered a past incident.

The fix wasn’t better SQL. It was separating the read paths so the bug became structurally impossible.

Updated on 2026-01-25
 BackendSqlArchitectureDebuggingMaintainabilityEngineering-ExperienceSoftware-Design
 | Home