Merge remote-tracking branch 'origin/dev_1.20.0' into dependabot/pip/keras-3.10.0

Author: beat-buesser

.github/actions/yolo/run.sh

@@ -8,4 +8,11 @@ if [[ $? -ne 0 ]]; then exit_code=1; echo "Failed estimators/object_detection/te
 pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_object_seeker_yolo.py --framework=pytorch --durations=0
 if [[ $? -ne 0 ]]; then exit_code=1; echo "Failed estimators/object_detection/test_object_seeker_yolo tests"; fi
 
+pytest --cov-report=xml --cov=art --cov-append -q -vv tests/attacks/test_overload_attack.py --framework=pytorch --durations=0
+if [[ $? -ne 0 ]]; then exit_code=1; echo "Failed attacks/test_overload_attack tests"; fi
+
+pytest --cov-report=xml --cov=art --cov-append -q -vv tests/attacks/test_steal_now_attack_later.py --framework=pytorch --durations=0
+if [[ $? -ne 0 ]]; then exit_code=1; echo "Failed attacks/teest_steal_now_attack_later tests"; fi
+
+
 exit ${exit_code}

.github/workflows/ci-huggingface.yml

@@ -52,9 +52,9 @@ jobs:
           pip install -q -r <(sed '/^tensorflow/d;/^keras/d;/^mxnet/d' requirements_test.txt)
           pip install tensorflow==2.18.1
           pip install keras==3.10.0
-          pip install torch==${{ matrix.torch }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchvision==${{ matrix.torchvision }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchaudio==${{ matrix.torchaudio }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
+          pip install torch==${{ matrix.torch }} --index-url https://download.pytorch.org/whl/cpu
+          pip install torchvision==${{ matrix.torchvision }} --index-url https://download.pytorch.org/whl/cpu
+          pip install torchaudio==${{ matrix.torchaudio }} --index-url https://download.pytorch.org/whl/cpu
           pip install transformers==${{ matrix.transformers }}
           pip list
       - name: Run Tests

.github/workflows/ci-legacy.yml

@@ -56,9 +56,9 @@ jobs:
           pip install tensorflow==${{ matrix.tensorflow }}
           pip install keras==${{ matrix.keras }}
           pip install scikit-learn==${{ matrix.scikit-learn }}
-          pip install torch==${{ matrix.torch }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchvision==${{ matrix.torchvision }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchaudio==${{ matrix.torchaudio }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
+          pip install torch==${{ matrix.torch }} --index-url https://download.pytorch.org/whl/cpu
+          pip install torchvision==${{ matrix.torchvision }} --index-url https://download.pytorch.org/whl/cpu
+          pip install torchaudio==${{ matrix.torchaudio }} --index-url https://download.pytorch.org/whl/cpu
           pip list
       - name: Run ${{ matrix.name }} ${{ matrix.module }} Tests
         run: ./run_tests.sh ${{ matrix.framework }} ${{ matrix.module }}

.github/workflows/ci-pytorch.yml

@@ -28,18 +28,18 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - name: PyTorch 1.13.1 (Python 3.10)
+          - name: PyTorch 2.6.0 (Python 3.10)
             framework: pytorch
             python: '3.10'
-            torch: 1.13.1+cpu
-            torchvision: 0.14.1+cpu
-            torchaudio: 0.13.1
-          - name: PyTorch 2.2.1 (Python 3.10)
+            torch: 2.6.0
+            torchvision: 0.21.0
+            torchaudio: 2.6.0
+          - name: PyTorch 2.7.0 (Python 3.10)
             framework: pytorch
             python: '3.10'
-            torch: 2.2.1
-            torchvision: 0.17.1+cpu
-            torchaudio: 2.2.1
+            torch: 2.7.0
+            torchvision: 0.22.0
+            torchaudio: 2.7.0
 
     name: ${{ matrix.name }}
     steps:
@@ -55,9 +55,9 @@ jobs:
           sudo apt-get -y -q install ffmpeg libavcodec-extra
           python -m pip install --upgrade pip setuptools wheel
           pip install -q -r <(sed '/^mxnet/d' requirements_test.txt)
-          pip install torch==${{ matrix.torch }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchvision==${{ matrix.torchvision }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchaudio==${{ matrix.torchaudio }} -f https://download.pytorch.org/whl/cpu/torch_stable.html
+          pip install torch==${{ matrix.torch }} --index-url https://download.pytorch.org/whl/cpu
+          pip install torchvision==${{ matrix.torchvision }} --index-url https://download.pytorch.org/whl/cpu
+          pip install torchaudio==${{ matrix.torchaudio }} --index-url https://download.pytorch.org/whl/cpu
           pip list
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}

art/attacks/evasion/auto_attack.py

@@ -201,6 +201,9 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
                 attack.set_params(targeted=False)
 
             if self.parallel_pool_size > 0:
+                attack.estimator._optimizer = None
+                self.estimator._optimizer = None
+
                 args.append(
                     (
                         deepcopy(x_adv),
@@ -255,6 +258,9 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
                         )
 
                         if self.parallel_pool_size > 0:
+                            attack.estimator._optimizer = None
+                            self.estimator._optimizer = None
+
                             args.append(
                                 (
                                     deepcopy(x_adv),

art/attacks/evasion/feature_adversaries/feature_adversaries_pytorch.py

@@ -150,10 +150,10 @@ def loss_fn(source_orig, source_adv, guide):
                 loss.backward()
 
                 # pgd step
-                if adv.grad is not None:
+                if adv.grad is not None and self.step_size is not None:
                     adv.data = adv - adv.grad.detach().sign() * self.step_size
                 else:
-                    raise ValueError("Gradient tensor in PyTorch model is `None`.")
+                    raise ValueError("Gradient tensor in PyTorch model or step_size is `None`.")
                 perturbation = torch.clamp(adv.detach() - x.detach(), -self.delta, self.delta)
                 adv.data = x.detach() + perturbation
                 if self.estimator.clip_values is not None:

art/attacks/evasion/overload/overload.py

@@ -61,6 +61,7 @@ def __init__(
         max_iter: int,
         num_grid: int,
         batch_size: int,
+        threshold: float,
     ) -> None:
         """
         Create an overload attack instance.
@@ -70,12 +71,14 @@ def __init__(
         :param max_iter: The maximum number of iterations.
         :param num_grid: The number of grids for width and high dimension.
         :param batch_size: Size of the batch on which adversarial samples are generated.
+        :param threshold: IoU threshold.
         """
         super().__init__(estimator=estimator)
         self.eps = eps
         self.max_iter = max_iter
         self.num_grid = num_grid
         self.batch_size = batch_size
+        self.threshold = threshold
         self._check_params()
 
     def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.ndarray:
@@ -157,10 +160,9 @@ def _loss(self, x: "torch.Tensor") -> tuple["torch.Tensor", "torch.Tensor"]:
         if isinstance(adv_logits, tuple):
             adv_logits = adv_logits[0]
 
-        threshold = self.estimator.model.conf
         conf = adv_logits[..., 4]
         prob = adv_logits[..., 5:]
-        prob = torch.where(conf[:, :, None] * prob > threshold, torch.ones_like(prob), prob)
+        prob = torch.where(conf[:, :, None] * prob > self.threshold, torch.ones_like(prob), prob)
         prob = torch.sum(prob, dim=2)
         conf = conf * prob
 
@@ -185,7 +187,7 @@ def _loss(self, x: "torch.Tensor") -> tuple["torch.Tensor", "torch.Tensor"]:
             for x_i in range(x.shape[0]):
                 xyhw = adv_logits[x_i, :, :4]
                 prob = torch.max(adv_logits[x_i, :, 5:], dim=1).values
-                box_idx = adv_logits[x_i, :, 4] * prob > threshold
+                box_idx = adv_logits[x_i, :, 4] * prob > self.threshold
                 xyhw = xyhw[box_idx]
                 c_xyxy = self.xywh2xyxy(xyhw)
                 scores = box_iou(grid_box, c_xyxy)
@@ -244,3 +246,6 @@ def _check_params(self) -> None:
 
         if self.batch_size < 1:
             raise ValueError("The batch size must be a positive integer.")
+
+        if self.threshold < 0.0 or self.threshold > 1.0:
+            raise ValueError("The threshold must be in the range [0, 1].")

art/attacks/evasion/steal_now_attack_later/steal_now_attack_later.py

@@ -42,15 +42,14 @@
 logger = logging.getLogger(__name__)
 
 
-# tiling
 def _generate_tile_kernel(patch: list, mask: list, tile_size: int) -> Tuple["torch.Tensor", "torch.Tensor"]:
     """
-    Generate specific size of pertuerbed tiles from randomly selected patches.
+    Generate specific size of perturbed tiles from randomly selected patches.
 
-    :param patch: Candiate patches.
+    :param patch: Candidate patches.
     :param mask: Masks for each patch.
     :param tile_size: The size of each tile.
-    :return: Pertuerbed tiles and corresponding maskes.
+    :return: Perturbed tiles and corresponding masks.
     """
     import torch
     import torchvision
@@ -79,7 +78,7 @@ def _generate_tile_kernel(patch: list, mask: list, tile_size: int) -> Tuple["tor
         min_len = height
 
     if max_len > tile_size:
-        new_len = round(min_len * tile_size / max_len)
+        new_len = max(round(min_len * tile_size / max_len), 1)
         p_1 = torchvision.transforms.Resize((tile_size, new_len))(t_patch)
         # fix for the case that (strides - new_len) > new_len
         p_list = []
@@ -95,22 +94,22 @@ def _generate_tile_kernel(patch: list, mask: list, tile_size: int) -> Tuple["tor
         n_mask = torch.where(n_patch == 0, torch.zeros_like(n_patch), torch.ones_like(n_patch))
 
     elif max_len >= tile_size / 2.0:
-        new_len = round(min_len * (tile_size / 2.0) / max_len)
+        new_len = max(round(min_len * (tile_size / 2.0) / max_len), 1)
 
         p_list = []
         for _ in range(tile_size // new_len):
             repeat = 2
             p1_list = []
             for _ in range(repeat):
-                p_1 = torchvision.transforms.Resize((tile_size // 2, new_len))(t_patch)
+                p_1 = torchvision.transforms.Resize((max(tile_size // 2, 1), new_len))(t_patch)
                 if torch.rand([]) < 0.6:
                     p1_list.append(FlipOp(p_1))
                 else:
                     p1_list.append(torch.zeros_like(p_1))
             p_1 = torch.cat(p1_list, dim=-2)
             p_list.append(p_1)
 
-        p_2 = torchvision.transforms.RandomCrop((tile_size, tile_size % new_len))(p_1)
+        p_2 = torchvision.transforms.RandomCrop((tile_size, max(tile_size % new_len, 1)))(p_1)
         p_list.append(FlipOp(p_2))
 
         n_patch = torch.cat(p_list, dim=-1)
@@ -150,13 +149,13 @@ def _generate_tile_kernel(patch: list, mask: list, tile_size: int) -> Tuple["tor
 
 def generate_tile(patches: list, masks: list, tile_size: int, scale: list) -> Tuple["torch.Tensor", "torch.Tensor"]:
     """
-    Generate different size of pertuerbed tiles from randomly selected patches.
+    Generate different size of perturbed tiles from randomly selected patches.
 
-    :param patch: Candiate patches.
+    :param patch: Candidate patches.
     :param mask: Masks for each patch.
     :param tile_size: The size of each tile.
-    :param scale: Scale factor for various tileing size.
-    :return: Pertuerbed tiles and corresponding maskes.
+    :param scale: Scale factor for various tiling size.
+    :return: Perturbed tiles and corresponding masks.
     """
     import torch
 
@@ -316,8 +315,8 @@ def __init__(
         Create a SNAL attack instance.
 
         :param estimator: A trained YOLOv8 model or other models with the same output format
-        :param candidates: The collected pateches to generate perturbations.
-        :param collector: A callbel uses to generate patches.
+        :param candidates: The collected patches to generate perturbations.
+        :param collector: A callable uses to generate patches.
         :param eps: Maximum perturbation that the attacker can introduce.
         :param max_iter: The maximum number of iterations.
         :param num_grid: The number of grids for width and high dimension.
@@ -391,7 +390,7 @@ def _attack(self, x_adv: "torch.Tensor", x: "torch.Tensor") -> "torch.Tensor":
             raise ValueError("The size of the image must be divided by the number of grids")
         tile_size = x.shape[-1] // self.num_grid
 
-        # Prapare a 2D array to store the results of each grid
+        # Prepare a 2D array to store the results of each grid
         buffer_depth = 5
         tile_mat = {}
         for idx_i in range(self.num_grid):
@@ -503,10 +502,10 @@ def _attack(self, x_adv: "torch.Tensor", x: "torch.Tensor") -> "torch.Tensor":
 
     def _get_loss(self, pert: "torch.Tensor", epsilon: float) -> "torch.Tensor":  # pylint: disable=R0201
         """
-        Calculate accumulated distance of the perturbations outside the epslion ball.
+        Calculate accumulated distance of the perturbations outside the epsilon ball.
 
         :param pert: Perturbations in the pixel space.
-        :param epsilon: The radius of the eplion bass.
+        :param epsilon: The radius of the epsilon bass.
         :return: loss.
         """
         import torch
@@ -526,7 +525,7 @@ def _color_projection(  # pylint: disable=R0201
 
         :param tile: The target to convert.
         :param x_ref: The source data.
-        :param epsilon: The radius of the eplion bass.
+        :param epsilon: The radius of the epsilon bass.
         :return: The converted tile.
         """
         import torch

art/defences/detector/evasion/beyond_detector.py

@@ -105,9 +105,9 @@ def _get_metrics(self, x: np.ndarray, batch_size: int = 128) -> np.ndarray:
         samples = torch.from_numpy(x).to(self.device)
 
         self.target_model.eval()
-        self.backbone.eval()
-        self.model_classifier.eval()
-        self.projector.eval()
+        self.backbone.eval()  # type: ignore
+        self.model_classifier.eval()  # type: ignore
+        self.projector.eval()  # type: ignore
 
         number_batch = int(math.ceil(len(samples) / batch_size))
 
@@ -122,15 +122,15 @@ def _get_metrics(self, x: np.ndarray, batch_size: int = 128) -> np.ndarray:
                 b, c, h, w = batch_samples.shape
 
                 trans_images = self._multi_transform(batch_samples).to(self.device)
-                ssl_backbone_out = self.backbone(batch_samples)
+                ssl_backbone_out = self.backbone(batch_samples)  # type: ignore
 
-                ssl_repre = self.projector(ssl_backbone_out)
-                ssl_pred = self.model_classifier(ssl_backbone_out)
+                ssl_repre = self.projector(ssl_backbone_out)  # type: ignore
+                ssl_pred = self.model_classifier(ssl_backbone_out)  # type: ignore
                 ssl_label = torch.max(ssl_pred, -1)[1]
 
-                aug_backbone_out = self.backbone(trans_images.reshape(-1, c, h, w))
-                aug_repre = self.projector(aug_backbone_out)
-                aug_pred = self.model_classifier(aug_backbone_out)
+                aug_backbone_out = self.backbone(trans_images.reshape(-1, c, h, w))  # type: ignore
+                aug_repre = self.projector(aug_backbone_out)  # type: ignore
+                aug_pred = self.model_classifier(aug_backbone_out)  # type: ignore
                 aug_pred = aug_pred.reshape(b, self.aug_num, -1)
 
                 sim_repre = F.cosine_similarity(

art/defences/trainer/certified_adversarial_trainer_pytorch.py

@@ -288,7 +288,7 @@ def fit(
                     bias = torch.unsqueeze(bias, dim=0)
 
                     if certification_loss == "max_logit_loss":
-                        certified_loss += self.classifier.max_logit_loss(
+                        certified_loss += self.classifier.max_logit_loss(  # type: ignore
                             prediction=torch.cat((bias, eps)),
                             target=torch.from_numpy(np.expand_dims(label, axis=0)).to(self.classifier.device),
                         )

art/estimators/certification/derandomized_smoothing/pytorch.py

@@ -173,13 +173,13 @@ def __init__(
                     pretrained_cfg = model.pretrained_cfg
                     supplied_state_dict = model.state_dict()
                     supported_models = self.get_models()
-                    if pretrained_cfg["architecture"] not in supported_models:
+                    if pretrained_cfg["architecture"] not in supported_models:  # type: ignore
                         raise ValueError(
                             "Architecture not supported. Use PyTorchDeRandomizedSmoothing.get_models() "
                             "to get the supported model architectures."
                         )
                     model = timm.create_model(
-                        pretrained_cfg["architecture"], drop_tokens=drop_tokens, device_type=device_type
+                        pretrained_cfg["architecture"], drop_tokens=drop_tokens, device_type=device_type  # type: ignore
                     )
                     model.load_state_dict(supplied_state_dict)  # type: ignore
                     if replace_last_layer:
@@ -205,24 +205,24 @@ def __init__(
                 if not isinstance(model, PyTorchVisionTransformer):
                     raise ValueError("Vision transformer is not of PyTorchViT. Error occurred in PyTorchViT creation.")
 
-                if model.default_cfg["input_size"][0] != input_shape[0]:
+                if model.default_cfg["input_size"][0] != input_shape[0]:  # type: ignore
                     raise ValueError(
-                        f'ViT requires {model.default_cfg["input_size"][0]} channel input,'
+                        f'ViT requires {model.default_cfg["input_size"][0]} channel input,'  # type: ignore
                         f" but {input_shape[0]} channels were provided."
                     )
 
-                if model.default_cfg["input_size"] != input_shape:
+                if model.default_cfg["input_size"] != input_shape:  # type: ignore
                     if verbose:
                         logger.warning(
                             " ViT expects input shape of: (%i, %i, %i) but (%i, %i, %i) specified as the input shape."
                             " The input will be rescaled to (%i, %i, %i)",
-                            *model.default_cfg["input_size"],
+                            *model.default_cfg["input_size"],  # type: ignore
                             *input_shape,
-                            *model.default_cfg["input_size"],
+                            *model.default_cfg["input_size"],  # type: ignore
                         )
 
                     self.to_reshape = True
-                output_shape = model.default_cfg["input_size"]
+                output_shape = model.default_cfg["input_size"]  # type: ignore
 
                 # set the method back to avoid unexpected side effects later on should timm need to be reused.
                 timm.models.vision_transformer._create_vision_transformer = tmp_func
@@ -699,7 +699,9 @@ def _predict_classifier(
             if not self.logits:
                 return np.asarray((outputs >= self.threshold))
             return np.asarray(
-                (torch.nn.functional.softmax(torch.from_numpy(outputs), dim=1) >= self.threshold).type(torch.int)
+                (torch.nn.functional.softmax(torch.from_numpy(outputs), dim=1) >= self.threshold).type(  # type: ignore
+                    torch.int
+                )
             )
         return outputs