license: other
language:
- en
pipeline_tag: text-generation
tags:
- code
Model Summary
The phi-1 family encompasses three distinct models: phi-1, phi-1-base, and phi-1-small, each specialized for basic Python coding. Their training involved a variety of data sources, including subsets of Python codes from The Stack v1.2, Q&A content from StackOverflow, competition code from code_contests, and synthetic Python textbooks and exercises generated by gpt-3.5-turbo-0301. Even though the model and the datasets are relatively small compared to contemporary Large Language Models (LLMs), both phi-1 and phi-1-small have demonstrated an impressive accuracy rate exceeding 45% on the simple Python coding benchmark, HumanEval.
Intended Uses
Given the nature of the training data, the phi-1 and phi-1-small models are best suited for prompts using the code format:
code format:
def print_prime(n):
"""
Print all primes between 1 and n
"""
for num in range(2, n+1):
for i in range(2, num):
if num % i == 0:
break
else:
print(num)
where the model generates the code after the comments. (Note: This is a legitimate and correct use of the else statement in Python loops.)
Notes
- The phi-1 family models are intended for research purposes. The model-generated code should be treated as a starting point rather than a definitive solution for potential use cases. Users should be cautious when employing these models in their applications.
- Direct adoption for production coding tasks is out of the scope of this research project. As a result, the phi-1 family models have not been tested to ensure that they perform adequately for production-level code. Please refer to the limitation sections of this document for more details.
Limitations of phi-1
- Limited Scope: 99.8% of the Python scripts in our fine-tuning dataset use only the packages "typing, math, random, collections, datetime, itertools". If the model generates Python scripts that utilize other packages, we strongly recommend users manually verify all API uses.
- Replicate Scripts Online: As our model is trained on Python scripts found online, there is a small chance it may replicate such scripts, especially if they appear repetitively across different online sources.
- Generate Inaccurate Code: The models frequently generate incorrect code. We suggest that users view these outputs as a source of inspiration rather than definitive solutions.
- Unreliable Responses to Alternate Formats: Despite appearing to comprehend instructions in formats like Q&A or chat, our models often respond with inaccurate answers, even when seeming confident. Their capabilities with non-code formats are significantly more limited.
- Limitations on Natural Language Comprehension. As a coding bot, phi-1's main focus is to help with coding-related questions. While it may have some natural language comprehension capabilities, its primary function is not to engage in general conversations or demonstrate common sense like a general AI assistant. Its strength lies in providing assistance and guidance in the context of programming and software development.
- Potential Biases: The phi-1 family models, like other AI models, are trained on web and synthetic data. This data can contain biases and errors that might affect the AI's performance. Biases could stem from various sources like unbalanced representation, stereotypes, or controversial opinions present in the training data. As a result, the AI model might sometimes generate responses that reflect these biases or errors.
Warning about Security Risks
When leveraging the phi-1 family models, it's paramount to be vigilant. These models, though powerful, can inadvertently introduce security vulnerabilities in the generated code. Examples include, but are not limited to:
- Directory Traversal: The code might fail to implement safe checks against directory traversal attacks, potentially allowing unauthorized access to sensitive files on your system.
- Injection Attacks: There could be lapses in escaping strings properly, making the application susceptible to SQL, OS commands, or other injection attacks.
- Misunderstanding Requirements: The model might sometimes misunderstand or oversimplify user requirements, leading to incomplete or insecure solutions.
- Lack of Input Validation: In some cases, the model might neglect to incorporate input validation or sanitize user inputs, opening doors to attacks like Cross-Site Scripting (XSS).
- Insecure Defaults: The model might recommend or generate code with insecure default settings, such as weak password requirements or unencrypted data transmissions.
- Failure in Error Handling: Improper error handling can inadvertently reveal sensitive information about the system or the application's internal workings.
Given these potential pitfalls, and others not explicitly mentioned, it's essential to thoroughly review, test, and verify the generated code before deploying it in any application, especially those that are security-sensitive. Always consult with security experts or perform rigorous penetration testing when in doubt.
Training
Model (phi-1-base)
- Architecture: a Transformer-based model with next-word prediction objective
- Pretraining steps: 24000 step
- Pretraining tokens: 51B tokens
- Precision: fp16
- GPUs: 8 A100
- Training time: 4 days
Model (phi-1)
- Architecture: a Transformer-based model with next-word prediction objective
- Fine-tuning steps: 6000 step
- Fine-tuning tokens: 3B tokens
- Precision: fp16
- GPUs: 8 A100
- Training time: 7 hours
Software
License
The model is licensed under Research License.
Citation
@article{gunasekar2023textbooks,
title={Textbooks Are All You Need},
author={Gunasekar, Suriya and Zhang, Yi and Aneja, Jyoti and Mendes, Caio C{\'e}sar Teodoro and Del Giorno, Allie and Gopi, Sivakanth and Javaheripi, Mojan and Kauffmann, Piero and de Rosa, Gustavo and Saarikivi, Olli and others},
journal={arXiv preprint arXiv:2306.11644},
year={2023}
}