dill cannot serialize large model #37
Comments
|
I have a temporary fix for this that saves the model in two pieces, the big arrays using numpy.savez_compressed and everything else using dill. This is inelegant, and additionally dill (and pickle) can cause arbitrary code execution with malicious files - there's no reason to allow arbitrary code execution from a data file. Rewrite everything using savez_compressed, with helpers write_scalar wrapping scalars in arrays, write_series saving series as index and values separately, and write_dataframe writing index, columns, and each column separately. |
|
The reason to write each column separately is that dtypes may differ, and writing as a big matrix will force everything to a single dtype. The big sticking point, though, is the PriceIncomeFunction, which is an arbitrary Python function. That's not going to be serializable in npz format. We could either retain pickle for that (maybe just pickle that function and save it as bytes) although that leaves the security concerns above. Alternately, we could just store a string referencing which functional form. |
We shouldn't use
dillanyways. Rewrite to usenumpy.savez_compressedThe text was updated successfully, but these errors were encountered: