AutoAttack not working properly

[GDaglio]

It returns an error during a computation of a pairwise distance, because the batch size of the adversarial images isn't the same of the original input. I am using a batch size of 64. It seems to work only using a batch size of 1.

/opt/conda/lib/python3.7/site-packages/torchattacks/attack.py in __call__(self, *input, **kwargs)
    321             self.model.eval()
    322 
--> 323         images = self.forward(*input, **kwargs)
    324 
    325         if given_training:

/opt/conda/lib/python3.7/site-packages/torchattacks/attacks/autoattack.py in forward(self, images, labels)
     79         images = images.clone().detach().to(self.device)
     80         labels = labels.clone().detach().to(self.device)
---> 81         adv_images = self.autoattack(images, labels)
     82 
     83         return adv_images

/opt/conda/lib/python3.7/site-packages/torchattacks/attack.py in __call__(self, *input, **kwargs)
    321             self.model.eval()
    322 
--> 323         images = self.forward(*input, **kwargs)
    324 
    325         if given_training:

/opt/conda/lib/python3.7/site-packages/torchattacks/attacks/multiattack.py in forward(self, images, labels)
     49 
     50         for _, attack in enumerate(self.attacks):
---> 51             adv_images = attack(images[fails], labels[fails])
     52 
     53             outputs = self.model(adv_images)

/opt/conda/lib/python3.7/site-packages/torchattacks/attack.py in __call__(self, *input, **kwargs)
    321             self.model.eval()
    322 
--> 323         images = self.forward(*input, **kwargs)
    324 
    325         if given_training:

/opt/conda/lib/python3.7/site-packages/torchattacks/attacks/apgd.py in forward(self, images, labels)
     59         images = images.clone().detach().to(self.device)
     60         labels = labels.clone().detach().to(self.device)
---> 61         _, adv_images = self.perturb(images, labels, cheap=True)
     62 
     63         return adv_images

/opt/conda/lib/python3.7/site-packages/torchattacks/attacks/apgd.py in perturb(self, x_in, y_in, best_loss, cheap)
    240                     if ind_to_fool.numel() != 0:
    241                         x_to_fool, y_to_fool = x[ind_to_fool].clone(), y[ind_to_fool].clone()
--> 242                         best_curr, acc_curr, loss_curr, adv_curr = self.attack_single_run(x_to_fool, y_to_fool)
    243                         ind_curr = (acc_curr == 0).nonzero().squeeze()
    244                         #

/opt/conda/lib/python3.7/site-packages/torchattacks/attacks/apgd.py in attack_single_run(self, x_in, y_in)
    111         for _ in range(self.eot_iter):
    112             with torch.enable_grad():
--> 113                 logits = self.model(x_adv) # 1 forward pass (eot_iter = 1)
    114                 loss_indiv = criterion_indiv(logits, y)
    115                 loss = loss_indiv.sum()

/opt/conda/lib/python3.7/site-packages/torch/nn/modules/module.py in _call_impl(self, *input, **kwargs)
   1049         if not (self._backward_hooks or self._forward_hooks or self._forward_pre_hooks or _global_backward_hooks
   1050                 or _global_forward_hooks or _global_forward_pre_hooks):
-> 1051             return forward_call(*input, **kwargs)
   1052         # Do not call functions when jit is used
   1053         full_backward_hooks, non_full_backward_hooks = [], []

/tmp/ipykernel_33/3929415858.py in forward(self, img1)
     49         emb2 = self.get_embedding(self.img2)
     50 
---> 51         dist = F.pairwise_distance(emb1, emb2, keepdim=True)
     52         sim = 1 - F.cosine_similarity(emb1, emb2, dim=1).unsqueeze(dim=1)
     53 

RuntimeError: The size of tensor a (26) must match the size of tensor b (64) at non-singleton dimension 0

[Harry24k]

First, note that AutoAttack is modified from the original github repo. I also checked AutoAttack for more than 1 batch size using torchattacks. Please check the model and share the settings.