Merge pull request #2538 from Trusted-AI/dev_1.19.0

Update to ART 1.19.0
Trusted-AI · Dec 20, 2024 · b66a8a9 · b66a8a9
2 parents a62220f + f89ee1b
commit b66a8a9
Show file tree

Hide file tree

Showing 46 changed files with 3,933 additions and 67 deletions.
diff --git a/.github/workflows/ci-deepspeech-v3.yml b/.github/workflows/ci-deepspeech-v3.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/deepspeech-v3
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-espresso.yml b/.github/workflows/ci-espresso.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/espresso
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-goturn.yml b/.github/workflows/ci-goturn.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/goturn
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:

diff --git a/.github/workflows/ci-huggingface.yml b/.github/workflows/ci-huggingface.yml
@@ -60,7 +60,7 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-keras.yml b/.github/workflows/ci-keras.yml
@@ -68,7 +68,7 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-legacy.yml b/.github/workflows/ci-legacy.yml
@@ -63,7 +63,7 @@ jobs:
       - name: Run ${{ matrix.name }} ${{ matrix.module }} Tests
         run: ./run_tests.sh ${{ matrix.framework }} ${{ matrix.module }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-lingvo.yml b/.github/workflows/ci-lingvo.yml
@@ -61,7 +61,7 @@ jobs:
       - name: Run ${{ matrix.name }} Tests
         run: pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/speech_recognition/test_tensorflow_lingvo.py --framework=${{ matrix.framework }} --durations=0
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-mxnet.yml b/.github/workflows/ci-mxnet.yml
@@ -50,7 +50,7 @@ jobs:
       - name: Run ${{ matrix.name }} ${{ matrix.module }} Tests
         run: ./run_tests.sh ${{ matrix.framework }} ${{ matrix.module }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-pytorch-object-detectors.yml b/.github/workflows/ci-pytorch-object-detectors.yml
@@ -41,11 +41,6 @@ jobs:
           python -m pip install --upgrade pip setuptools wheel
           pip3 install -q -r requirements_test.txt
           pip list
-      - name: Pre-install torch
-        run: |
-          pip install torch==1.12.1+cpu -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchvision==0.13.1+cpu -f https://download.pytorch.org/whl/cpu/torch_stable.html
-          pip install torchaudio==0.12.1+cpu -f https://download.pytorch.org/whl/cpu/torch_stable.html
       - name: Run Test Action - test_pytorch_object_detector
         run: pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_pytorch_object_detector.py --framework=pytorch --durations=0
       - name: Run Test Action - test_pytorch_faster_rcnn
@@ -55,7 +50,7 @@ jobs:
       - name: Run Test Action - test_pytorch_object_seeker_faster_rcnn
         run: pytest --cov-report=xml --cov=art --cov-append -q -vv tests/estimators/object_detection/test_object_seeker_faster_rcnn.py --framework=pytorch --durations=0
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-pytorch.yml b/.github/workflows/ci-pytorch.yml
@@ -62,7 +62,7 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-scikit-learn.yml b/.github/workflows/ci-scikit-learn.yml
@@ -56,7 +56,7 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-tensorflow-v1.yml b/.github/workflows/ci-tensorflow-v1.yml
@@ -76,7 +76,7 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-tensorflow-v2.yml b/.github/workflows/ci-tensorflow-v2.yml
@@ -71,7 +71,7 @@ jobs:
       - name: Run Tests
         run: ./run_tests.sh ${{ matrix.framework }}
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-tf-faster-rcnn.yml b/.github/workflows/ci-tf-faster-rcnn.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/tf-faster-rcnn
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-tfv2-faster-rcnn.yml b/.github/workflows/ci-tfv2-faster-rcnn.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/tfv2-faster-rcnn
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/ci-yolo.yml b/.github/workflows/ci-yolo.yml
@@ -32,7 +32,7 @@ jobs:
       - name: Run Test Action
         uses: ./.github/actions/yolo
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/art/attacks/evasion/__init__.py b/art/attacks/evasion/__init__.py
@@ -14,6 +14,7 @@
 from art.attacks.evasion.auto_attack import AutoAttack
 from art.attacks.evasion.auto_projected_gradient_descent import AutoProjectedGradientDescent
 from art.attacks.evasion.auto_conjugate_gradient import AutoConjugateGradient
+from art.attacks.evasion.rescaling_auto_conjugate_gradient import RescalingAutoConjugateGradient
 
 if importlib.util.find_spec("numba") is not None:
     from art.attacks.evasion.brendel_bethge import BrendelBethgeAttack
@@ -62,6 +63,7 @@
 from art.attacks.evasion.shapeshifter import ShapeShifter
 from art.attacks.evasion.simba import SimBA
 from art.attacks.evasion.spatial_transformation import SpatialTransformation
+from art.attacks.evasion.steal_now_attack_later.steal_now_attack_later import SNAL
 from art.attacks.evasion.square_attack import SquareAttack
 from art.attacks.evasion.pixel_threshold import ThresholdAttack
 from art.attacks.evasion.universal_perturbation import UniversalPerturbation

diff --git a/art/attacks/evasion/adversarial_patch/adversarial_patch_pytorch.py b/art/attacks/evasion/adversarial_patch/adversarial_patch_pytorch.py
@@ -381,23 +381,23 @@ def _random_overlay(
             else:
                 mask_2d = mask[i_sample, :, :]
 
-                edge_x_0 = int(im_scale * padded_patch.shape[self.i_w + 1]) // 2
-                edge_x_1 = int(im_scale * padded_patch.shape[self.i_w + 1]) - edge_x_0
-                edge_y_0 = int(im_scale * padded_patch.shape[self.i_h + 1]) // 2
-                edge_y_1 = int(im_scale * padded_patch.shape[self.i_h + 1]) - edge_y_0
-
-                mask_2d[0:edge_x_0, :] = False
-                if edge_x_1 > 0:
-                    mask_2d[-edge_x_1:, :] = False
-                mask_2d[:, 0:edge_y_0] = False
-                if edge_y_1 > 0:
-                    mask_2d[:, -edge_y_1:] = False
-
-                num_pos = np.argwhere(mask_2d).shape[0]
-                pos_id = np.random.choice(num_pos, size=1)
-                pos = np.argwhere(mask_2d)[pos_id[0]]
-                x_shift = pos[1] - self.image_shape[self.i_w] // 2
+                edge_h_0 = int(im_scale * padded_patch.shape[self.i_h + 1]) // 2
+                edge_h_1 = int(im_scale * padded_patch.shape[self.i_h + 1]) - edge_h_0
+                edge_w_0 = int(im_scale * padded_patch.shape[self.i_w + 1]) // 2
+                edge_w_1 = int(im_scale * padded_patch.shape[self.i_w + 1]) - edge_w_0
+
+                mask_2d[0:edge_h_0, :] = False
+                if edge_h_1 > 0:
+                    mask_2d[-edge_h_1:, :] = False
+                mask_2d[:, 0:edge_w_0] = False
+                if edge_w_1 > 0:
+                    mask_2d[:, -edge_w_1:] = False
+
+                num_pos = np.nonzero(mask_2d.int())
+                pos_id = np.random.choice(num_pos.shape[0], size=1, replace=False)  # type: ignore
+                pos = num_pos[pos_id[0]]
                 y_shift = pos[0] - self.image_shape[self.i_h] // 2
+                x_shift = pos[1] - self.image_shape[self.i_w] // 2
 
             phi_rotate = float(np.random.uniform(-self.rotation_max, self.rotation_max))
 

diff --git a/art/attacks/evasion/auto_attack.py b/art/attacks/evasion/auto_attack.py
@@ -78,7 +78,7 @@ def __init__(
         batch_size: int = 32,
         estimator_orig: "CLASSIFIER_TYPE" | None = None,
         targeted: bool = False,
-        parallel: bool = False,
+        parallel_pool_size: int = 0,
     ):
         """
         Create a :class:`.AutoAttack` instance.
@@ -93,7 +93,8 @@ def __init__(
         :param estimator_orig: Original estimator to be attacked by adversarial examples.
         :param targeted: If False run only untargeted attacks, if True also run targeted attacks against each possible
                          target.
-        :param parallel: If True run attacks in parallel.
+        :param parallel_pool_size: Number of parallel threads / pool size in multiprocessing. If parallel_pool_size=0
+                                   computation runs without multiprocessing.
         """
         super().__init__(estimator=estimator)
 
@@ -151,7 +152,7 @@ def __init__(
             self.estimator_orig = estimator
 
         self._targeted = targeted
-        self.parallel = parallel
+        self.parallel_pool_size = parallel_pool_size
         self.best_attacks: np.ndarray = np.array([])
         self._check_params()
 
@@ -199,7 +200,7 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
             if attack.targeted:
                 attack.set_params(targeted=False)
 
-            if self.parallel:
+            if self.parallel_pool_size > 0:
                 args.append(
                     (
                         deepcopy(x_adv),
@@ -253,7 +254,7 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
                             targeted_labels[:, i], nb_classes=self.estimator.nb_classes
                         )
 
-                        if self.parallel:
+                        if self.parallel_pool_size > 0:
                             args.append(
                                 (
                                     deepcopy(x_adv),
@@ -287,8 +288,8 @@ def generate(self, x: np.ndarray, y: np.ndarray | None = None, **kwargs) -> np.n
                 except ValueError as error:
                     logger.warning("Error completing attack: %s}", str(error))
 
-        if self.parallel:
-            with multiprocess.get_context("spawn").Pool() as pool:
+        if self.parallel_pool_size > 0:
+            with multiprocess.get_context("spawn").Pool(processes=self.parallel_pool_size) as pool:
                 # Results come back in the order that they were issued
                 results = pool.starmap(run_attack, args)
             perturbations = []
@@ -320,15 +321,16 @@ def __repr__(self) -> str:
         This method returns a summary of the best performing (lowest perturbation in the parallel case) attacks
         per image passed to the AutoAttack class.
         """
-        if self.parallel:
+        if self.parallel_pool_size > 0:
             best_attack_meta = "\n".join(
                 [
                     f"image {i+1}: {str(self.args[idx][3])}" if idx != 0 else f"image {i+1}: n/a"
                     for i, idx in enumerate(self.best_attacks)
                 ]
             )
             auto_attack_meta = (
-                f"AutoAttack(targeted={self.targeted}, parallel={self.parallel}, num_attacks={len(self.args)})"
+                f"AutoAttack(targeted={self.targeted}, parallel_pool_size={self.parallel_pool_size}, "
+                + "num_attacks={len(self.args)})"
             )
             return f"{auto_attack_meta}\nBestAttacks:\n{best_attack_meta}"
 
@@ -339,7 +341,8 @@ def __repr__(self) -> str:
             ]
         )
         auto_attack_meta = (
-            f"AutoAttack(targeted={self.targeted}, parallel={self.parallel}, num_attacks={len(self.attacks)})"
+            f"AutoAttack(targeted={self.targeted}, parallel_pool_size={self.parallel_pool_size}, "
+            + "num_attacks={len(self.attacks)})"
         )
         return f"{auto_attack_meta}\nBestAttacks:\n{best_attack_meta}"
 

diff --git a/art/attacks/evasion/imperceptible_asr/imperceptible_asr_pytorch.py b/art/attacks/evasion/imperceptible_asr/imperceptible_asr_pytorch.py
@@ -567,7 +567,7 @@ class only supports targeted attack.
                 if decoded_output[local_batch_size_idx] == y[local_batch_size_idx]:
                     if loss_2nd_stage[local_batch_size_idx] < best_loss_2nd_stage[local_batch_size_idx]:
                         # Update the best loss at 2nd stage
-                        best_loss_2nd_stage[local_batch_size_idx] = (
+                        best_loss_2nd_stage[local_batch_size_idx] = (  # type: ignore
                             loss_2nd_stage[local_batch_size_idx].detach().cpu().numpy()
                         )
 
@@ -734,7 +734,7 @@ def _compute_masking_threshold(self, x: np.ndarray) -> tuple[np.ndarray, np.ndar
 
         theta_array = np.array(theta)
 
-        return theta_array, original_max_psd
+        return theta_array, original_max_psd  # type: ignore
 
     def _psd_transform(self, delta: "torch.Tensor", original_max_psd: np.ndarray) -> "torch.Tensor":
         """