Posit AI Weblog: safetensors 0.1.0

safetensors is a brand new, easy, quick, and secure file format for storing tensors. The design of the file format and its unique implementation are being led
by Hugging Face, and it’s getting largely adopted of their common ‘transformers’ framework. The safetensors R package deal is a pure-R implementation, permitting to each learn and write safetensor recordsdata.

The preliminary model (0.1.0) of safetensors is now on CRAN.

Motivation

The primary motivation for safetensors within the Python neighborhood is safety. As famous
within the official documentation:

The primary rationale for this crate is to take away the necessity to use pickle on PyTorch which is utilized by default.

Pickle is taken into account an unsafe format, because the motion of loading a Pickle file can
set off the execution of arbitrary code. This has by no means been a priority for torch
for R customers, for the reason that Pickle parser that’s included in LibTorch solely helps a subset
of the Pickle format, which doesn’t embody executing code.

Nevertheless, the file format has further benefits over different generally used codecs, together with:

• Assist for lazy loading: You’ll be able to select to learn a subset of the tensors saved within the file.

• Zero copy: Studying the file doesn’t require extra reminiscence than the file itself.
  (Technically the present R implementation does makes a single copy, however that may
  be optimized out if we actually want it in some unspecified time in the future).

• Easy: Implementing the file format is straightforward, and doesn’t require advanced dependencies.
  Because of this it’s a superb format for exchanging tensors between ML frameworks and
  between totally different programming languages. As an illustration, you’ll be able to write a safetensors file
  in R and cargo it in Python, and vice-versa.

There are further benefits in comparison with different file codecs frequent on this house, and
you’ll be able to see a comparability desk right here.

Format

The safetensors format is described within the determine under. It’s principally a header file
containing some metadata, adopted by uncooked tensor buffers.

Fundamental utilization

safetensors may be put in from CRAN utilizing:

set up.packages("safetensors")

library(torch)
library(safetensors)

tensors <- listing(
  x = torch_randn(10, 10),
  y = torch_ones(10, 10)
)

str(tensors)
#> Listing of two
#>  $ x:Float [1:10, 1:10]
#>  $ y:Float [1:10, 1:10]

tmp <- tempfile()
safe_save_file(tensors, tmp)

tensors <- safe_load_file(tmp)
str(tensors)
#> Listing of two
#>  $ x:Float [1:10, 1:10]
#>  $ y:Float [1:10, 1:10]
#>  - attr(*, "metadata")=Listing of two
#>   ..$ x:Listing of three
#>   .. ..$ form       : int [1:2] 10 10
#>   .. ..$ dtype       : chr "F32"
#>   .. ..$ data_offsets: int [1:2] 0 400
#>   ..$ y:Listing of three
#>   .. ..$ form       : int [1:2] 10 10
#>   .. ..$ dtype       : chr "F32"
#>   .. ..$ data_offsets: int [1:2] 400 800
#>  - attr(*, "max_offset")= int 929

remotes::install_github("mlverse/torch")

Picture by Nick Fewings on Unsplash

Reuse

Textual content and figures are licensed below Artistic Commons Attribution CC BY 4.0. The figures which have been reused from different sources do not fall below this license and may be acknowledged by a observe of their caption: “Determine from …”.

Quotation

For attribution, please cite this work as

Falbel (2023, June 15). Posit AI Weblog: safetensors 0.1.0. Retrieved from https://blogs.rstudio.com/tensorflow/posts/2023-06-15-safetensors/

BibTeX quotation

@misc{safetensors,
  writer = {Falbel, Daniel},
  title = {Posit AI Weblog: safetensors 0.1.0},
  url = {https://blogs.rstudio.com/tensorflow/posts/2023-06-15-safetensors/},
  12 months = {2023}
}