ethz-spylab / satml-llm-ctf

Code used to run the platform for the LLM CTF colocated with SaTML 2024
https://ctf.spylab.ai
MIT License
25 stars 6 forks source link

Python filter CPU cycle requirement #17

Closed epistoteles closed 11 months ago

epistoteles commented 11 months ago

Does the utility endpoint also check for the "given number of CPU cycles" that the Python filter must terminate in? Or could it be that a defense passes the utility test, but still gets disqualified at a later point because it is too slow?

For example, would it be too slow if the Python filter function takes ~2-3s to execute? What is the maximum time our computation is allowed to take?

dedeswim commented 11 months ago

The number of CPU cycles used is not part of the utility evaluation. We test your Python filter with a dummy, long, input every time you create a new defense. If it does not terminate in the CPU cycles we give, then we throw an exception. The same happens at runtime, when you attack your own defense.

If that may be helpful for the development of your defense, the Python filter runs in a WASM environment with (wasm_exec)[https://github.com/Jflick58/wasm_exec/], using a WasmExecutor object with fuel=40_000_000_000.