trlx icon indicating copy to clipboard operation
trlx copied to clipboard

Published 20 hours ago verified publisher icon CarperAI

Add support for safetensors

Open glerzing opened this issue 1 year ago • 0 comments

🚀 The feature, motivation, and pitch

By default, PyTorch uses the Pickle format to save and load models. Unloading a Pickle file could unfortunately lead to remote code execution, which is a grave vulnerability. So any Pickle model that you load must come from a trusted source. Safetensors addresses that. It uses a different file format, and defines alternative functions to torch.load and torch.save. Using safetensors shouldn't impact the inference, only the loading and saving. It also offers a few other advantages such as "zero-copy" or lazy loading, which they say can significantly improve the loading time especially on distributed settings.

Note : support for safetensors is planned in peft 0.4.0

Alternatives

No response

Additional context

screenshots from https://github.com/huggingface/safetensors : image image

glerzing avatar Jun 14 '23 21:06 glerzing