Sign inTry Free

Code Engine - Powered by Wasm

On this page

The Code Engine feature in SingleStore supports creating functions (UDFs and TVFs) using code compiled to WebAssembly (Wasm). The Code Engine uses the wasmtime runtime to compile and run WebAssembly code. Refer to Wasmtime for more information.

This feature supports any language that can compile to the Wasm core specification, which allows you to create UDFs/TVFs in a language of your choice using existing code libraries and run them in a sandboxed environment for enhanced security. Each Wasm function instance runs in its own in-process sandbox. It uses a linear memory model and provides hard memory protection boundaries. By default, each Wasm function sandbox is allocated 16MB of memory. You can use the GROW TO clause to modify the memory allocated to a Wasm function sandbox.

Once a Wasm function is added to SingleStore, it becomes a part of the database. Hence, it is also included in the database backup and restore operations.

Why use Wasm-based Functions

SingleStore recommends using Wasm-based functions for integrating complex logic and data structures or using existing C/C++ or Rust code.

Key benefits to using Wasm:

  • Security: Run your code in a sandboxed environment for enhanced security.

  • Code reusability: Leverage existing code base without rewriting the logic in SQL.

  • Code integration: Integrate complex logic and data structures that cannot be expressed using PSQL.

If your logic and data structures can be implemented in Procedural SQL (PSQL) with reasonable effort in a way that performs well, use PSQL. Refer to Choose Between PSQL, Wasm-based, and External Functions for related information.

Use Cases

The following is a list of common real-world applications that have been implemented using Wasm-based functions:

  • Sentiment Analysis: Perform sentiment analysis using Valence Aware Dictionary and Sentiment Reasoner (VADER).

  • Bloom Filters: Generate Bloom filters from a column of string values and then run the Bloom filter on another column.

  • JSON Flatten: Perform flattening operations on JSON objects.

  • HyperLogLog (HLL) Sketches: Generate HLL sketches using different operations and algorithms and return diagnostic information.

  • Theta Sketches: Generate Theta sketches using different operations and algorithms and return diagnostic information.

Build Wasm-based Functions

You can build Wasm extensions for SingleStore on Mac, Windows, or Linux using the Docker development containers. Refer to SingleStore Wasm Toolkit for a tutorial on creating Wasm functions, importing them in SingleStore, and evaluating them in queries.

For more examples, refer to Create Wasm UDFs or Create Wasm TVFs.

Memory Management

Wasm modules are serialized to the plancache. Refer to Managing Plancache Memory and Disk Usage for information on how Wasm-modules are evicted from memory.

Runtime Constraints

The Wasm UDF/TVF must not require runtime capabilities that the database does not provide out of the box. For example, a Wasm UDF/TVF can not make system calls, open files, open sockets, send network messages, create processes, or create threads. SingleStore does not support these operations out of the box to protect the security and integrity of its service process.

Related Topics

Wasm Application Binary Interfaces (ABIs)

Information on supported Wasm ABIs. SingleStore supports both the Basic and Canonical ABIs.

Configure Wasm

Configure Wasm extensibility using engine variables.

Create Wasm UDFs

Create Wasm-based user-defined functions (UDFs).

Create Wasm TVFs

Create Wasm-based user-defined table-valued functions (TVFs).

Choose Between PSQL, Wasm-based, and External Functions

Understand when to use PSQL, Wasm-based, or external functions.

Procedural Extensions

Information on creating Procedural SQL (PSQL) functions or procedures.

Extensions

Combine Wasm binaries and WIT interfaces into a packaged archive and create, manage, or deploy these resources using a script.

FAQs

  • Can I use a Wasm binary outside of the SingleStore database once it is imported into the database?

    No. Once a Wasm binary is imported into a SingleStore database, you cannot use it for applications outside the database. However, you can make a copy of the binary and use it instead.

  • What happens if there is a mismatch between the WIT file and the generated code?

    A mismatch may cause a Wasm trap or unexpected results. The exact behavior depends on how the Wasm program interprets the arguments.

  • Can I reverse engineer a Wasm binary once it is imported into the database?

    No. Once a Wasm binary is imported into the database, it is not possible to see the binary data, it can only be executed. Hence, you can only reverse engineer the Wasm binary behaviorally and not by disassembling the binary.

  • What happens when a Wasm function crashes or runs out of memory?

    If a Wasm function crashes or runs out of memory, it causes the query to fail and returns an error. If possible, the error message may include a stack into the Wasm function.

In this section

Last modified: May 12, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK