aprender-serve 0.50.0

Pure Rust ML inference engine built from scratch - model serving for GGUF and safetensors
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212

//! Safetensors parser
//!
//! Pure Rust implementation of Safetensors format reader.
//! Used by `HuggingFace` for safe, zero-copy tensor storage.
//!
//! Format specification: <https://github.com/huggingface/safetensors>
//!
//! ## Format Overview
//!
//! ```text
//! Safetensors := HEADER METADATA TENSOR_DATA
//!
//! HEADER := {
//!   metadata_len: u64 (little-endian)
//! }
//!
//! METADATA := JSON {
//!   "tensor_name": {
//!     "dtype": "F32" | "F16" | "I32" | ...,
//!     "shape": [dim1, dim2, ...],
//!     "data_offsets": [start, end]
//!   },
//!   ...
//! }
//! ```

use std::{
    collections::HashMap,
    io::{Cursor, Read},
};

use serde::{Deserialize, Serialize};

use crate::error::{RealizarError, Result};
use crate::inference::simd_bf16_to_f32;

/// GAP-UX-002: Find sibling companion file with hash-prefix fallback.
///
/// Companion files (config.json, tokenizer.json) may be stored with:
/// 1. Hash prefix: `{stem}.{filename}` (e.g., `d71534cb.config.json`) - PREFERRED
/// 2. Plain name: `{filename}` (e.g., `config.json`) - FALLBACK for backwards compatibility
///
/// # Arguments
///
/// * `model_path` - Path to the model file (e.g., `/cache/d71534cb.safetensors`)
/// * `companion_name` - Name of companion file (e.g., `config.json`)
///
/// # Returns
///
/// Path to the companion file if found, None otherwise
pub fn find_sibling_file(
    model_path: &std::path::Path,
    companion_name: &str,
) -> Option<std::path::PathBuf> {
    let parent = model_path.parent()?;
    let filename = model_path.file_name()?.to_str()?;

    // GH-213: For sharded index.json paths (e.g., "model.safetensors.index.json"),
    // skip the hash-prefix logic and go straight to plain name lookup.
    // For normal model files, use the hash-prefix strategy.
    if !filename.ends_with(".index.json") {
        let stem = model_path.file_stem()?.to_str()?;

        // GAP-UX-002: Try hash-prefixed first (e.g., "d71534cb.config.json")
        let prefixed = parent.join(format!("{stem}.{companion_name}"));
        if prefixed.exists() {
            return Some(prefixed);
        }
    }

    // Fallback: Try plain name for backwards compatibility
    // This is the primary path for sharded models where config.json/tokenizer.json
    // are siblings in the same directory from `apr pull`.
    let plain = parent.join(companion_name);
    if plain.exists() {
        return Some(plain);
    }

    None
}

/// Safetensors data type
#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
pub enum SafetensorsDtype {
    /// 32-bit float
    F32,
    /// 16-bit float
    F16,
    /// Brain float 16
    BF16,
    /// 32-bit signed integer
    I32,
    /// 64-bit signed integer
    I64,
    /// 8-bit unsigned integer
    U8,
    /// Boolean
    Bool,
}

impl SafetensorsDtype {
    /// Size in bytes of a single element of this dtype.
    ///
    /// Matches the official `safetensors` library element widths.
    #[must_use]
    pub fn size_in_bytes(&self) -> usize {
        match self {
            SafetensorsDtype::F32 | SafetensorsDtype::I32 => 4,
            SafetensorsDtype::F16 | SafetensorsDtype::BF16 => 2,
            SafetensorsDtype::I64 => 8,
            SafetensorsDtype::U8 | SafetensorsDtype::Bool => 1,
        }
    }
}

/// JSON tensor metadata (internal)
#[derive(Debug, Deserialize)]
struct TensorMetadata {
    dtype: SafetensorsDtype,
    shape: Vec<usize>,
    data_offsets: [usize; 2],
}

/// Tensor metadata
#[derive(Debug, Clone, PartialEq)]
pub struct SafetensorsTensorInfo {
    /// Tensor name
    pub name: String,
    /// Data type
    pub dtype: SafetensorsDtype,
    /// Shape (dimensions)
    pub shape: Vec<usize>,
    /// Data offsets in file [start, end)
    pub data_offsets: [usize; 2],
}

impl SafetensorsTensorInfo {
    /// Number of bytes occupied by this tensor's data, per `data_offsets`.
    #[must_use]
    pub fn byte_len(&self) -> usize {
        self.data_offsets[1].saturating_sub(self.data_offsets[0])
    }

    /// Validate that the declared `data_offsets` byte length agrees with the
    /// declared `shape` and `dtype` element size.
    ///
    /// The safetensors spec requires `byte_len == product(shape) * dtype_size`.
    /// The official `HuggingFace` `safetensors` library rejects any file that
    /// violates this; aprender's raw reader historically derived the element
    /// count from the byte length and silently ignored the declared shape, so a
    /// crafted or corrupt file whose byte length contradicts its shape would
    /// load with a wrong-sized tensor (garbage inference / integrity hole).
    /// This check makes the reader fail closed to reach parity with the
    /// reference implementation (defense-in-depth, per-tensor integrity).
    ///
    /// # Errors
    ///
    /// Returns an error if `shape` overflows `usize`, or if the byte length
    /// does not equal `product(shape) * dtype_size`.
    pub fn validate_shape_matches_bytes(&self) -> Result<()> {
        let dtype_size = self.dtype.size_in_bytes();

        let elem_count = self
            .shape
            .iter()
            .try_fold(1usize, |acc, &d| acc.checked_mul(d))
            .ok_or_else(|| RealizarError::UnsupportedOperation {
                operation: "validate_shape_matches_bytes".to_string(),
                reason: format!(
                    "Tensor '{}' shape {:?} overflows usize",
                    self.name, self.shape
                ),
            })?;

        let expected = elem_count.checked_mul(dtype_size).ok_or_else(|| {
            RealizarError::UnsupportedOperation {
                operation: "validate_shape_matches_bytes".to_string(),
                reason: format!(
                    "Tensor '{}' byte size (shape {:?} * {dtype_size}) overflows usize",
                    self.name, self.shape
                ),
            }
        })?;

        let actual = self.byte_len();
        if actual != expected {
            return Err(RealizarError::UnsupportedOperation {
                operation: "validate_shape_matches_bytes".to_string(),
                reason: format!(
                    "Tensor '{}' byte length {actual} contradicts declared shape {:?} \
                     ({:?}, {dtype_size} bytes/elem => expected {expected} bytes)",
                    self.name, self.shape, self.dtype
                ),
            });
        }

        Ok(())
    }
}

/// Safetensors model container
#[derive(Debug, Clone)]
pub struct SafetensorsModel {
    /// Tensor metadata
    pub tensors: HashMap<String, SafetensorsTensorInfo>,
    /// Raw tensor data (not parsed yet)
    pub data: Vec<u8>,
}

include!("safetensors_parser.rs");
include!("mapped_model.rs");
include!("shard.rs");