Submitted by unofficialmerve t3_zd3n8s in MachineLearning
ReginaldIII t1_iz1f43w wrote
Reply to comment by link0007 in [P] Save your sklearn models securely using skops by unofficialmerve
Tidymodels is a specific example of an R extension package with it's own file format. That would be like saying you are quite happy with the Python infrastructure for saving PyTorch models. It's still specific to that thing.
There are plenty of good ways of storing model weights, those based on hdf5 archives being a great choice since they are optimized for block tensor operations, on disk chunking, support lazy slicing, and support nested groups of tensors. Keras uses hdf5 for it's save_weights and load_weights functions.
If your models are getting huge you need a different strategy anyway. And this is where S3 object store backed systems like TensorStore become more ideal.
unofficialmerve OP t1_iz1iybe wrote
h5 and SavedModel of TF are the safest options, yet you can still inject code through Lambda layers or subclassed models (that's why Keras developed a new format too!) AFAIK. What SavedModel does is that it reconstructs the architecture and loads weights into it, and this architecture part is essentially code (loading the weights is never the problem for any framework anyway, it's the code part!). so again, you shouldn't deserialize it. (safest code is no code) if you can see the architecture and confirm that it doesn't have any custom layers, you should be fine. (this is also essentially what we do with skops (we audit the model) (or reconstruct it yourself and load weights into it but it's a little tricky, you might have custom objects or e.g. preprocessing layers for keras)
>The architecture of subclassed models and layers are defined in the methods __init__ and call. They are considered Python bytecode, which cannot be serialized into a JSON-compatible config -- you could try serializing the bytecode (e.g. via pickle), but it's completely unsafe and means your model cannot be loaded on a different system. (in model subclassing guide)
>
>WARNING: tf.keras.layers.Lambda layers have (de)serialization limitations! (in lambda layers guide)
Hugging Face also introduced a new format called safetensors if you're interested: https://github.com/huggingface/safetensors in README there's a detailed explanation & comparison.
Viewing a single comment thread. View all comments