Changed to OSError because we are now relying on tf.keras.model.load_model to raise an error when loading fails, and this is what it raises...

Stick to saving in h5 format for legacy saves...

In what sense is it not? How could it be made compatible in the future?

HiddenOutput works by building a new tf.keras.Model from the original model's input and layers attributes.

This works fine for tf.keras.Model's constructed from tf.keras.Sequential etc as they have a pre-defined structure for these attributes. It doesn't work out-of-the-box for subclassed models, presumably because there are quite a few different ways you can construct these models internally. Probably worth opening an issue to explore this one further...

I see, feels like a docstring is required for HiddenOutput(and other utility classes) to describe behaivour/limitations. For another PR though.

I'll open an issue shortly 👍🏻

Edit: #734

Extra functionality sneaking into this PR... Worth adding changelog entries to this PR so everything is documented and not missed upon release?

Not 100% clear what you mean here? The functionality of passing kwargs to load_detector? It is extra functionality but is interlinked with the PR, as custom_objects needs to be passed to load_detector.

Edit: reading again, I see what you mean. Since we also pass kwarg's to pytorch. I could factor this out to a separate PR if preferred...

No need, but would appreciate a changelog as part of the PR.

Minor, but why not keep the function in this module since it's specifically used during loading?

Mmn I put it here so that its next to clone_model, which is quite related. But can move back to saving since we only use it there...

Not sure this works that well together, e.g. we check if cloning works but it any case, the error is never raised. So effectively this would blow up again when using inside detectors that do use cloning? Or is the intention to call this method there also?

The problem I am having here is that there are a large number of possible failure modes that can occur due to not specifying the custom_objects properly. Depending on the exact tf version, and whether the model itself is subclassed, or just layers, either ValueError, TypeError's or NotImeplemented errors are raised, and this is either during inference or cloning.

The widest net I've been able to cast is to simply test if cloning works, and to check if there might be problems at inference, check whether the model is a RevivedNetwork, which is what it's loaded as if custom objects are missing (I don't try to actually call the model as data isn't available at this point).

A wide net is nice in term of hopefully catching most errors, but has the downside of throwing errors when things might have actually worked. For example, the RevivedNetwork's generally work for inference but not cloning. So a user can actually get away with not passing custom_objects if the model is just to be used for preprocessing. Hence why I went with a warning instead of error...

Maybe one compromise is to raise a warning if the model is a RevivedNetwork, since this can cause issues, but raise the ValueError (with the more coherent message) if cloning fails?

I'm not sure, cloning failure is only relevant for a specific set of detectors, so somehow feels like it should be checked only for that subset. Maybe leave this as is and wrap the relevant detector calls to clone() in try/except with a customized Alibi error message?

Sorry, just coming back on this, I've thought about it a bit more. There are just so many different failure modes, and the problem with just checking if cloneable is that there is one nasty failure mode where inference works, cloning works, BUT inference after cloning doesn't work 🤯 (this occurs in example 5 here, the custom call method is lost when cloning...).

This is what motivates casting the wide net by checking if a RevivedNetwork too. But then throwing a warning for this would prevent users getting away with cases that would otherwise work with no custom_objects provided (generally when no cloning).

I see two options:

1. Leave pretty much as is. Downside at the moment is by swallowing the ValueError from cloning and raising as a warning, it can be somewhat lost in the later actual errors that occur (i.e. when cloning down for real).
2. Turn the warning into an error. Be up front about requiring custom_objects to be passed in all cases where there are custom objects involved. This is slightly less convenient for the user, but means we don't have to worry about these many different failure modes that might also change in future versions.

Raising an error here would pretty much be equivalent to outright not supporting revived models? Perhaps it's not a bad idea, especially if that functionality is not well documented on tensorflow docs.

Yes exactly. It would mean any models containing custom classes loaded without providing those custom classes (via registering, or custom_objects kwarg) would be pretty much guaranteed to fail. Thinking about it more this would probably be what I would lean towards. Although to be clear, this does also mean that, for example, if a user had a relatively simple tf.keras.Sequential, but with one custom layer, they would have to provide this layer at load time even if they don't use the model in a detector with any cloning...

The tensorflow behaviour with this has been so fluid in versions 2.9, 2.10 and 2.11 that I do think it'd be the safest option though... (for now)

Seems like we're throwing away the validation code for the existence of the model? Or is it done from higher up in another caller?

Its not actually done from higher up. Rather, I realised that the validation might be superfluous since tf.keras.models.load_model already raises OSError: No file or directory found at test.h5 if a filepath to a .h5 model is passed and one doesn't exist, and OSError: SavedModel file does not exist at: test//{saved_model.pbtxt|saved_model.pb} if an directory is passed.

OK that makes sense.

Minor, but I don't fully agree with omitting filename from these internal save/load functions. What we save for in function signature, we pay at every callsite, having to remember to do .joinpath(filename). (OTOH in the old behaviour, having a default model name is also likely not desirable as forgetting to set it would result in a perhaps unexpected default).

Pretty much the only reason I made this change is that the filename is only there for legacy loading (legacy as in, saving to .h5, and legacy as in loading files with different names such as encoder.h5). For the "modern" loading we simply do:

    if flavour == Framework.TENSORFLOW:
        model = load_model_tf(src, layer=layer, **kwargs)

So I saw it as a trade-off wrt to carrying around more complexity in load_model to facilitate the legacy functionality in load_detector_legacy, or add some complexity to the calls in load_detector_legacy to simplify the load_model function... (which just happens to be used for modern and legacy loading).

Similar story for save_model...

Also, noting that there's a few subtle changes in the behaviour of internal functions for saving/loading, need to be extra vigilant new bugs haven't been introduced.

p.s. below is very true though... tweaking anything to do with legacy save/load does bring the potential for bugs like the ones v0.10.5 fixed. I've run the same tests of loading old artefacts we ran in #732 and everything passes, but that isn't 100% comprehensive...