Skip to content

[ML] Run allowlist validation in PyTorch edge pipeline#2989

Open
edsavage wants to merge 1 commit intoelastic:mainfrom
edsavage:fix/pytorch-edge-validation
Open

[ML] Run allowlist validation in PyTorch edge pipeline#2989
edsavage wants to merge 1 commit intoelastic:mainfrom
edsavage:fix/pytorch-edge-validation

Conversation

@edsavage
Copy link
Contributor

@edsavage edsavage commented Mar 12, 2026
edited
Loading

Summary

  • When the PyTorch edge build (ml-cpp-build-pytorch) triggers a test run, also invoke the Python-based allowlist validation (validate_allowlist.py) which traces 22 live HuggingFace models plus 3 local ES integration test .pt files with the new PyTorch version.
  • The validation checks every TorchScript operation against ALLOWED_OPERATIONS / FORBIDDEN_OPERATIONS in CSupportedOperations.cc and fails hard if any model produces an unrecognised or forbidden op.
  • Normal PR, nightly, and debug builds are unaffected — the validation only runs when GITHUB_PR_COMMENT_VAR_ACTION=run_pytorch_tests.

This closes the gap identified in #2936 where the C++ golden-file test (testAllowlistCoversReferenceModels) catches allowlist drift but cannot detect new ops introduced by a PyTorch upgrade since the golden file was generated with the old version.

Test plan

  • Normal PR build passes without running validation (no change in behaviour)
  • Trigger a PyTorch edge build and verify the "Validating PyTorch allowlist" step appears and passes
  • Verify that if an op is removed from ALLOWED_OPERATIONS, the validation fails with a clear message

Made with Cursor

@edsavage
[ML] Run allowlist validation in PyTorch edge pipeline
7d6b946 
When the PyTorch edge build triggers a test run, also invoke the
Python-based allowlist validation (validate_allowlist.py) which
traces live HuggingFace models with the new PyTorch version and
checks every op against ALLOWED_OPERATIONS / FORBIDDEN_OPERATIONS.

This ensures that if a PyTorch upgrade introduces new TorchScript
operations for any supported model architecture, the pipeline fails
with a clear message before the change reaches a release.

Made-with: Cursor
@prodsecmachine
Copy link

prodsecmachine commented Mar 12, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@edsavage edsavage requested a review from valeriy42 March 13, 2026 00:31
valeriy42
valeriy42 approved these changes Mar 16, 2026
View reviewed changes
Copy link
Contributor

@valeriy42 valeriy42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valeriy42 valeriy42 valeriy42 approved these changes

Assignees

No one assigned

Labels

>build :ml >non-issue v9.4.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@edsavage @prodsecmachine @valeriy42