[BUG] FAB is not working

[mmajewsk]

✨ Short description of the bug [tl;dr]

The FAB implementation fails to run core functionality due to the comparison bug

💬 Detailed code and results

https://github.com/Harry24k/adversarial-attacks-pytorch/blob/23620a694a3660e4f194c3e4d28992bced7785a1/torchattacks/attacks/fab.py#L653 In this line the acc value will be set to torch false, which does not allow for further inference of the value on line https://github.com/Harry24k/adversarial-attacks-pytorch/blob/23620a694a3660e4f194c3e4d28992bced7785a1/torchattacks/attacks/fab.py#L662 making the whole if next not run in any case whatsoever

[rikonaka]

Hi @mmajewsk , there is actually no problem running the demo code 😉, can you provide a copy of the code that will error out so I can test it?

torch                     2.2.0
torchaudio                2.2.0
torchdiffeq               0.2.3
torchvision               0.17.0

I just checked the FAB code (I'm not the author of FAB) and found a large number of type correspondence errors in the FAB code. For example: acc_curr here is torch bool type tensor, but comparing it to 0.

[mmajewsk]

Hi @mmajewsk , there is actually no problem running the demo code 😉, can you provide a copy of the code that will error out so I can test it?

torch                     2.2.0
torchaudio                2.2.0
torchdiffeq               0.2.3
torchvision               0.17.0

I just checked the FAB code (I'm not the author of FAB) and found a large number of type correspondence errors in the FAB code. For example: acc_curr here is torch bool type tensor, but comparing it to 0.

I highly recommend copying and pasting the code, as then I can copy and paste the code to test it myself, which I cannot do with the images.

This bug does not produce error code.

I see that the reason why I couldnt work with the code was that in my case I was not feeding the method with the actual output of the run of the images on the model. Which is confusing when it comes to this API. Since this requires input that as well could be taken from the model itself, by feeding the input. Why does atk() requires second input then?

In other attack methods, when the labels are not matching, it works fine.

How this works if the labels are not matching.

def perturb(self, x, y):
    # here x is an image and y is per your example: tensor([1, 1, 1, 1, 1], device='cuda:0')
    adv = x.clone()
    with torch.no_grad():
        acc = self.get_logits(x).max(1)[1] == y
        # so by this comparison, in the first run the self.get_logits(x).max(1)[1] is precisesly tensor([3, 8, 8, 0, 6], device='cuda:0')
        # as the model is unchanged
        # therefore acc is tensor([False, False, False, False, False], device='cuda:0')
        startt = time.time()

        torch.random.manual_seed(self.seed)
        torch.cuda.random.manual_seed(self.seed)

        def inner_perturb(targeted):
            for counter in range(self.n_restarts):
                ind_to_fool = acc.nonzero().squeeze()
                # so then this becomes: tensor([], device='cuda:0)
                if len(ind_to_fool.shape) == 0:
                    ind_to_fool = ind_to_fool.unsqueeze(0)
                # so then this fails to run
                if ind_to_fool.numel() != 0:
                    x_to_fool, y_to_fool = (
                        x[ind_to_fool].clone(),
                        y[ind_to_fool].clone(),

[rikonaka]

The torchattacks just need to input an images and labels, I don't quite understand what you mean

feeding the method with the actual output of the run of the images on the model

and

In other attack methods, when the labels are not matching, it works fine.

labels are groud truth labels from the dataset, not the predictions of the model. I have rewritten the code related to the FAB attack, although the previous code worked, there were a lot of problems.