How it Works

At its core, Function is a cross-compiler for stateless Python functions. These prediction functions (a.k.a “predictors”) have the following form:

predictor.py
def predict (name: str) -> str:
    return f"Hello {name}! We hope you like Function :)"

When compiling a Python function, Function generates many different variants for individual operations in the function. For example, a prediction function that performs a matrix multiplication might emit 5 different implementations, each using a different hardware accelerator or instruction set to perform the matmul.

At runtime, Function airdrops one of these variants to the device that made the request (i.e. your users). The client reports granular telemetry data back to our platform, and Function uses this data to find the best-performing variant for a given device family—across all users.

Minumum Requirements

  • Android API level 24+ (Android Nougat or newer)
  • Browsers with WebAssembly + fixed-width SIMD:
    • Chrome 91+
    • Firefox 90+
    • Safari 16.4+
  • iOS 14+
  • macOS 12+ (Apple Silicon and Intel)
  • Linux:
    • GLIBC 2.31+ on x86_64
    • GLIBC 2.35+ on aarch64
  • Windows 10+ (amd64 and arm64)

Platform Considerations

Certain platforms require added care when making predictions:

Sandboxing on Android and iOS

On Android and iOS (along with macOS App Store apps), there are strict sandboxing restrictions that prohibit downloading and executing code at runtime. As a result, Function client SDKs for Android, Swift, React Native, and Unity allow you to embed predictors into the app bundle at build time:

Required Internet Access

Function client SDKs currently require an active internet connection from devices that make predictions. That said, we are working to enable full caching, which will allow predictions to be created without an internet connection once a predictor has been downloaded to a device.

Security Model

Function is designed to minimize any attack surface that exists in downloading and executing software binaries:

  1. When compiling a Python function, the resulting code comes from a fixed library of operators maintained by us. This means that regardless of what the original Python code does, the resulting binary will only ever contain code written and reviewed by us.
  2. We explicitly prohibit file system access in predictors. The only files that a prediction function has access to at runtime are those explicitly provided as resources (e.g. model weights) to the function.
  3. Some of our client libraries support embedding compiled prediction functions into your app binary at build time. This means that all prediction code will be available for code review and signing; and that no code is downloaded then executed at runtime.
  4. We take advantage of security sandboxing models across the platforms we support, never performing operations that require sensitive permissions (e.g. file access, camera access, etc).
  5. The only information provided to our platform by a user’s device is the following:
    • Client identifier providing information about the operating system and processor architecture.
    • Configuration identifier which is a unique, random string identifying the Function client on the current device.
    • Device identifier providing information about the device model (e.g. “iPhone16,2”) used for choosing the optimal predictor implementation to provide to the device.
    • Telemetry data providing information about the performance statistics of the prediction function on the device, used for searching for the optimal predictor implementation.