foolbox and tf.keras #164

Closed oGkgN closed 6 years ago

oGkgN commented 6 years ago


I'm new to tensorflow and according to this video and also this video it is recommended, that I use tf.keras for prototyping and »playing with« machine learning models, especially neural networks. Consider this MWE (lenet5.h5 is a convolutional neural network in HDF5 file format, built and trained by tf.keras):

import numpy as np

import foolbox
import keras
import tensorflow as tf

#network = keras.models.load_model('lenet5.h5')
network = tf.keras.models.load_model('lenet5.h5')
with np.load('data/dataset/mnist_32x32x1.npz') as data:
    x_test = data['testing_x']
foolbox_model = foolbox.models.KerasModel(
    model = network,
    bounds = (0.0, 1.0),
criterion = foolbox.criteria.Misclassification()
attack = foolbox.attacks.GradientAttack(foolbox_model, criterion)
image = x_test[0]
adversarial = attack(image, label = 7)
print(np.argmax(network.predict(adversarial.reshape(1, 32, 32, 1)), axis = 1))

If I comment in the first network = ... line and comment out the second line, the result of the above script is

> [3]

whereas in the current state, the following exceptions occur:

.../.env/lib/python3.5/site-packages/h5py/ FutureWarning: Conversion of the second argument of issubdtype from `float` to `np.floating` is deprecated. In future, it will be treated as `np.float64== np.dtype(float).type`.
from ._conv import register_converters as _register_converters
Using TensorFlow backend.
2018-06-19 23:36:34.601249: I tensorflow/core/platform/] Your CPU supports instructions that this TensorFlow binary was not compiled to use: AVX2 FMA
Traceback (most recent call last):
File ".../.env/lib/python3.5/site-packages/tensorflow/python/client/", line 1322, in _do_call
    return fn(*args)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/client/", line 1307, in _run_fn
    options, feed_dict, fetch_list, target_list, run_metadata)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/client/", line 1409, in _call_tf_sessionrun
tensorflow.python.framework.errors_impl.FailedPreconditionError: Attempting to use uninitialized value C1/bias
        [[Node: C1/bias/read = Identity[T=DT_FLOAT, _device="/job:localhost/replica:0/task:0/device:CPU:0"](C1/bias)]]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "", line 19, in <module>
    adversarial = attack(image, label = 7)
File ".../.env/lib/python3.5/site-packages/foolbox/attacks/", line 88, in wrapper
    a = Adversarial(model, criterion, input_or_adv, label)
File ".../.env/lib/python3.5/site-packages/foolbox/", line61, in __init__
File ".../.env/lib/python3.5/site-packages/foolbox/", line240, in predictions
    predictions = self.__model.predictions(image)
File ".../.env/lib/python3.5/site-packages/foolbox/models/", line122, in predictions
    return np.squeeze(self.batch_predictions(image[np.newaxis]), axis=0)
File ".../.env/lib/python3.5/site-packages/foolbox/models/", line 147, in batch_predictions
    predictions = self._batch_pred_fn([self._process_input(images)])
File ".../.env/lib/python3.5/site-packages/keras/backend/", line 2482, in __call__
File ".../.env/lib/python3.5/site-packages/tensorflow/python/client/", line 900, in run
File ".../.env/lib/python3.5/site-packages/tensorflow/python/client/", line 1135, in _run
    feed_dict_tensor, options, run_metadata)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/client/", line 1316, in _do_run
File ".../.env/lib/python3.5/site-packages/tensorflow/python/client/", line 1335, in _do_call
    raise type(e)(node_def, op, message)
tensorflow.python.framework.errors_impl.FailedPreconditionError: Attempting to use uninitialized value C1/bias
        [[Node: C1/bias/read = Identity[T=DT_FLOAT, _device="/job:localhost/replica:0/task:0/device:CPU:0"](C1/bias)]]

Caused by op 'C1/bias/read', defined at:
File "", line 9, in <module>
    network = tf.keras.models.load_model('lenet5.h5')
File ".../.env/lib/python3.5/site-packages/tensorflow/python/keras/_impl/keras/engine/", line 241, in load_model
    model = model_from_config(model_config, custom_objects=custom_objects)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/keras/_impl/keras/engine/", line 318, in model_from_config
    return deserialize(config, custom_objects=custom_objects)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/keras/_impl/keras/layers/", line 63, in deserialize
File ".../.env/lib/python3.5/site-packages/tensorflow/python/keras/_impl/keras/utils/", line 171, in deserialize_keras_object
File ".../.env/lib/python3.5/site-packages/tensorflow/python/keras/_impl/keras/engine/", line 317, in from_config
File ".../.env/lib/python3.5/site-packages/tensorflow/python/keras/_impl/keras/engine/", line 164, in add
File ".../.env/lib/python3.5/site-packages/tensorflow/python/keras/_impl/keras/engine/", line 314, in __call__
    output = super(Layer, self).__call__(inputs, *args, **kwargs)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/layers/", line 699, in __call__
File ".../.env/lib/python3.5/site-packages/tensorflow/python/layers/", line 152, in build
File ".../.env/lib/python3.5/site-packages/tensorflow/python/layers/", line 546, in add_variable
File ".../.env/lib/python3.5/site-packages/tensorflow/python/training/", line 436, in _add_variable_with_custom_getter
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 1317, in get_variable
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 1079, in get_variable
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 425, in get_variable
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 394, in _true_getter
    use_resource=use_resource, constraint=constraint)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 786, in _get_single_variable
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 2220, in variable
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 2210, in <lambda>
    previous_getter = lambda **kwargs: default_variable_creator(None, **kwargs)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 2193, in default_variable_creator
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 235, in __init__
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 397, in _init_from_args
    self._snapshot = array_ops.identity(self._variable, name="read")
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 142, in identity
    return gen_array_ops.identity(input, name=name)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/ops/", line 3187, in identity
    "Identity", input=input, name=name)
File ".../.env/lib/python3.5/site-packages/tensorflow/python/framework/", line 787, in _apply_op_helper
File ".../.env/lib/python3.5/site-packages/tensorflow/python/framework/", line 3392, in create_op
File ".../.env/lib/python3.5/site-packages/tensorflow/python/framework/", line 1718, in __init__
    self._traceback = self._graph._extract_stack()  # pylint: disable=protected-access

FailedPreconditionError (see above for traceback): Attempting to use uninitialized value C1/bias
        [[Node: C1/bias/read = Identity[T=DT_FLOAT, _device="/job:localhost/replica:0/task:0/device:CPU:0"](C1/bias)]]

(I replaced my project path by »...« and I'm working with a virtual environment located in .env).

So my question/issue is: How to use foolbox and tf.keras? I would like to avoid needing to learn (for now) the complex tensorflow graph structure and therefore it's not an option to use the native tensorflow api of foolbox. Also I'd like to avoid importing regular keras just for this single purpose – I wish to stay clean within tensorflow.

jonasrauber commented 6 years ago

@oGkgN Good point! We do not yet have an example for tf.keras models (and I have not yet explored it in detail). I will look into the best solution, but that will take some time as I am currently working towards a deadline. As a first answer I would recommend to look into the foolbox.models.TensorFlowModel wrapper rather than the KerasModel wrapper. For the TensorFlowModel, you need to have the input tensor and the logits tensor. You might easily get them from your tf.keras model, e.g. I guess the input and output attribute (maybe output is after softmax, in which case you try to navigate through the graph to the tensor before the softmax.

jonasrauber commented 6 years ago

I looked into this now. To use a tf.keras model, the easiest solution is to create a placeholder, apply the model (should return corresponding logits tensor), and then pass the input placeholder and the logits tensor to foolbox.models.TensorFlowModel. I leave this open until the documentation for this is improved / an example is added, and maybe we even want to add an alternative constructor to foolbox.models.TensorFlowModel that directly accepts a tf.keras model.

jonasrauber commented 6 years ago

foolbox.models.TensorFlowModel now has an alternative from_keras constructor that makes this even simpler