Merge remote-tracking branch 'upstream/master' into PCAEstimator

Author: sfilipi

build/Dependencies.props

@@ -17,5 +17,7 @@
     <MicrosoftCodeAnalysisCSharpVersion>2.9.0</MicrosoftCodeAnalysisCSharpVersion>
     <MicrosoftCSharpVersion>4.5.0</MicrosoftCSharpVersion>
     <SystemCompositionVersion>1.2.0</SystemCompositionVersion>
+    <SystemIOFileSystemAccessControl>4.5.0</SystemIOFileSystemAccessControl>
+    <SystemSecurityPrincipalWindows>4.5.0</SystemSecurityPrincipalWindows>
   </PropertyGroup>
 </Project>

pkg/Microsoft.ML.TensorFlow/Microsoft.ML.TensorFlow.nupkgproj

@@ -6,7 +6,10 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <ProjectReference Include="..\Microsoft.ML.TensorFlow.Redist\Microsoft.ML.TensorFlow.Redist.nupkgproj" />
+    <PackageReference Include="System.IO.FileSystem.AccessControl" Version="$(SystemIOFileSystemAccessControl)" />
+    <PackageReference Include="System.Security.Principal.Windows" Version="$(SystemSecurityPrincipalWindows)" />
+    <ProjectReference Include="../Microsoft.ML/Microsoft.ML.nupkgproj" />
+    <ProjectReference Include="../Microsoft.ML.TensorFlow.Redist/Microsoft.ML.TensorFlow.Redist.nupkgproj" />
   </ItemGroup>
 
 </Project>

src/Microsoft.ML.Core/Utilities/Stream.cs

@@ -30,6 +30,30 @@ public static void CloseEx(this TextWriter writer)
             writer.Close();
         }
 
+        /// <summary>
+        /// Similar to Stream.CopyTo but takes a length rather than assuming copy to end.  Returns amount copied.
+        /// </summary>
+        /// <param name="source">Source stream to copy from</param>
+        /// <param name="destination">Destination stream to copy to</param>
+        /// <param name="length">Number of bytes to copy</param>
+        /// <param name="bufferSize">Size of buffer to use when copying, default is 81920 to match that of Stream</param>
+        /// <returns>number of bytes copied</returns>
+        public static long CopyRange(this Stream source, Stream destination, long length, int bufferSize = 81920)
+        {
+            // should use ArrayPool once we can take that dependency
+            byte[] buffer = new byte[bufferSize];
+            int read;
+            long remaining = length;
+            while (remaining != 0 &&
+                   (read = source.Read(buffer, 0, (int)Math.Min(buffer.Length, remaining))) != 0)
+            {
+                destination.Write(buffer, 0, read);
+                remaining -= read;
+            }
+
+            return length - remaining;
+        }
+
         public static void WriteBoolByte(this BinaryWriter writer, bool x)
         {
             Contracts.AssertValue(writer);

src/Microsoft.ML.DnnAnalyzer/Microsoft.ML.DnnAnalyzer/Microsoft.ML.DnnAnalyzer.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFramework>netcoreapp2.1</TargetFramework>
+    <TargetFramework>netcoreapp2.0</TargetFramework>
     <AssemblyName>DnnAnalyzer</AssemblyName>
     <IncludeInPackage>Microsoft.ML.TensorFlow</IncludeInPackage>
   </PropertyGroup>

src/Microsoft.ML.Legacy/CSharpApi.cs

@@ -15787,9 +15787,9 @@ public sealed partial class TensorFlowScorer : Microsoft.ML.Runtime.EntryPoints.
 
 
             /// <summary>
-            /// This is the frozen protobuf model file. Please see https://www.tensorflow.org/mobile/prepare_models for more details.
+            /// TensorFlow model used by the transform. Please see https://www.tensorflow.org/mobile/prepare_models for more details.
             /// </summary>
-            public string ModelFile { get; set; }
+            public string Model { get; set; }
 
             /// <summary>
             /// The names of the model inputs

src/Microsoft.ML.TensorFlow/Microsoft.ML.TensorFlow.csproj

@@ -7,6 +7,11 @@
     <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
   </PropertyGroup>
 
+  <ItemGroup>
+    <PackageReference Include="System.IO.FileSystem.AccessControl" Version="$(SystemIOFileSystemAccessControl)" />
+    <PackageReference Include="System.Security.Principal.Windows" Version="$(SystemSecurityPrincipalWindows)" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\Microsoft.ML.Core\Microsoft.ML.Core.csproj" />
     <ProjectReference Include="..\Microsoft.ML.Data\Microsoft.ML.Data.csproj" />

src/Microsoft.ML.TensorFlow/TensorFlow/Tensorflow.cs

@@ -1182,7 +1182,7 @@ public IEnumerable<DeviceAttributes> ListDevices(TFStatus status = null)
         /// here: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/python/saved_model/README.md
         /// </para>
         /// </remarks>
-        public TFSession FromSavedModel(TFSessionOptions sessionOptions, TFBuffer runOptions, string exportDir, string[] tags, TFGraph graph, TFBuffer metaGraphDef, TFStatus status = null)
+        public static TFSession FromSavedModel(TFSessionOptions sessionOptions, TFBuffer runOptions, string exportDir, string[] tags, TFGraph graph, TFBuffer metaGraphDef, TFStatus status = null)
         {
             if (graph == null)
                 throw new ArgumentNullException(nameof(graph));

src/Microsoft.ML.TensorFlow/TensorFlow/TensorflowUtils.cs

@@ -2,15 +2,17 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using Microsoft.ML.Runtime;
+using Microsoft.ML.Runtime.Data;
+using Microsoft.ML.Runtime.ImageAnalytics.EntryPoints;
+using Microsoft.ML.Runtime.Internal.Utilities;
 using System;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Runtime.InteropServices;
-using Microsoft.ML.Runtime;
-using Microsoft.ML.Runtime.Data;
-using Microsoft.ML.Runtime.ImageAnalytics.EntryPoints;
-using Microsoft.ML.Runtime.Internal.Utilities;
+using System.Security.AccessControl;
+using System.Security.Principal;
 
 namespace Microsoft.ML.Transforms.TensorFlow
 {
@@ -158,6 +160,152 @@ internal static TFSession LoadTFSession(IExceptionContext ectx, byte[] modelByte
             return new TFSession(graph);
         }
 
+        private static TFSession LoadTFSession(IHostEnvironment env, string exportDirSavedModel)
+        {
+            Contracts.Check(env != null, nameof(env));
+            env.CheckValue(exportDirSavedModel, nameof(exportDirSavedModel));
+            var sessionOptions = new TFSessionOptions();
+            var tags = new string[] { "serve" };
+            var graph = new TFGraph();
+            var metaGraphDef = new TFBuffer();
+
+            return TFSession.FromSavedModel(sessionOptions, null, exportDirSavedModel, tags, graph, metaGraphDef);
+        }
+
+        // A TensorFlow frozen model is a single file. An un-frozen (SavedModel) on the other hand has a well-defined folder structure.
+        // Given a modelPath, this utility method determines if we should treat it as a SavedModel or not
+        internal static bool IsSavedModel(IHostEnvironment env, string modelPath)
+        {
+            Contracts.Check(env != null, nameof(env));
+            env.CheckNonWhiteSpace(modelPath, nameof(modelPath));
+            FileAttributes attr = File.GetAttributes(modelPath);
+            return attr.HasFlag(FileAttributes.Directory);
+        }
+
+        // Currently used in TensorFlowTransform to protect temporary folders used when working with TensorFlow's SavedModel format.
+        // Models are considered executable code, so we need to ACL tthe temp folders for high-rights process (so low-rights process can’t access it).
+        /// <summary>
+        ///  Given a folder path, create it with proper ACL if it doesn't exist.
+        ///  Fails if the folder name is empty, or can't create the folder.
+        /// </summary>
+        internal static void CreateFolderWithAclIfNotExists(IHostEnvironment env, string folder)
+        {
+            Contracts.Check(env != null, nameof(env));
+            env.CheckNonWhiteSpace(folder, nameof(folder));
+
+            //if directory exists, do nothing.
+            if (Directory.Exists(folder))
+                return;
+
+            WindowsIdentity currentIdentity = null;
+            try
+            {
+                currentIdentity = WindowsIdentity.GetCurrent();
+            }
+            catch (PlatformNotSupportedException)
+            { }
+
+            if (currentIdentity != null && new WindowsPrincipal(currentIdentity).IsInRole(WindowsBuiltInRole.Administrator))
+            {
+                // Create high integrity dir and set no delete policy for all files under the directory.
+                // In case of failure, throw exception.
+                CreateTempDirectoryWithAcl(folder, currentIdentity.User.ToString());
+            }
+            else
+            {
+                try
+                {
+                    Directory.CreateDirectory(folder);
+                }
+                catch (Exception exc)
+                {
+                    throw Contracts.ExceptParam(nameof(folder), $"Failed to create folder for the provided path: {folder}. \nException: {exc.Message}");
+                }
+            }
+        }
+
+        internal static void DeleteFolderWithRetries(IHostEnvironment env, string folder)
+        {
+            Contracts.Check(env != null, nameof(env));
+            int currentRetry = 0;
+            int maxRetryCount = 10;
+            using (var ch = env.Start("Delete folder"))
+            {
+                for (; ; )
+                {
+                    try
+                    {
+                        currentRetry++;
+                        Directory.Delete(folder, true);
+                        break;
+                    }
+                    catch (IOException e)
+                    {
+                        if (currentRetry > maxRetryCount)
+                            throw;
+                        ch.Info("Error deleting folder. {0}. Retry,", e.Message);
+                    }
+                }
+            }
+        }
+
+        private static void CreateTempDirectoryWithAcl(string folder, string identity)
+        {
+            // Dacl Sddl string:
+            // D: Dacl type
+            // D; Deny access
+            // OI; Object inherit ace
+            // SD; Standard delete function
+            // wIdentity.User Sid of the given user.
+            // A; Allow access
+            // OICI; Object inherit, container inherit
+            // FA File access
+            // BA Built-in administrators
+            // S: Sacl type
+            // ML;; Mandatory Label
+            // NW;;; No write policy
+            // HI High integrity processes only
+            string sddl = "D:(D;OI;SD;;;" + identity + ")(A;OICI;FA;;;BA)S:(ML;OI;NW;;;HI)";
+
+            try
+            {
+                var dir = Directory.CreateDirectory(folder);
+                DirectorySecurity dirSec = new DirectorySecurity();
+                dirSec.SetSecurityDescriptorSddlForm(sddl);
+                dirSec.SetAccessRuleProtection(true, false);  // disable inheritance
+                dir.SetAccessControl(dirSec);
+
+                // Cleaning out the directory, in case someone managed to sneak in between creation and setting ACL.
+                DirectoryInfo dirInfo = new DirectoryInfo(folder);
+                foreach (FileInfo file in dirInfo.GetFiles())
+                {
+                    file.Delete();
+                }
+                foreach (DirectoryInfo subDirInfo in dirInfo.GetDirectories())
+                {
+                    subDirInfo.Delete(true);
+                }
+            }
+            catch (Exception exc)
+            {
+                throw Contracts.ExceptParam(nameof(folder), $"Failed to create folder for the provided path: {folder}. \nException: {exc.Message}");
+            }
+        }
+
+        internal static TFSession GetSession(IHostEnvironment env, string modelPath)
+        {
+            Contracts.Check(env != null, nameof(env));
+            if (IsSavedModel(env, modelPath))
+            {
+                env.CheckUserArg(Directory.Exists(modelPath), nameof(modelPath));
+                return LoadTFSession(env, modelPath);
+            }
+
+            env.CheckUserArg(File.Exists(modelPath), nameof(modelPath));
+            var bytes = File.ReadAllBytes(modelPath);
+            return LoadTFSession(env, bytes, modelPath);
+        }
+
         internal static unsafe void FetchData<T>(IntPtr data, T[] result)
         {
             var size = result.Length;