458 lines
15 KiB
Python
458 lines
15 KiB
Python
import time
|
|
import copy
|
|
import torch
|
|
import torch.nn as nn
|
|
import torchvision
|
|
import model
|
|
|
|
|
|
def load_model(model_path, device, dtype, train_data):
|
|
weights = model.patch_whitening(train_data[:10000, :, 4:-4, 4:-4])
|
|
train_model = model.Model(weights, c_in=3, c_out=10, scale_out=0.125)
|
|
train_model.load_state_dict(torch.load(model_path, weights_only=True))
|
|
|
|
# Convert model weights to half precision
|
|
train_model.to(dtype)
|
|
|
|
# Convert BatchNorm back to single precision for better accuracy
|
|
for module in train_model.modules():
|
|
if isinstance(module, nn.BatchNorm2d):
|
|
module.float()
|
|
|
|
# Upload model to GPU
|
|
train_model.to(device)
|
|
|
|
return train_model
|
|
|
|
|
|
def eval_model(smodel, device, dtype, data, labels, batch_size):
|
|
smodel.eval()
|
|
eval_correct = []
|
|
|
|
with torch.no_grad():
|
|
for i in range(0, len(data), batch_size):
|
|
regular_inputs = data[i : i + batch_size].to(device, dtype)
|
|
flipped_inputs = torch.flip(regular_inputs, [-1])
|
|
|
|
logits1 = smodel(regular_inputs)
|
|
logits2 = smodel(flipped_inputs)
|
|
|
|
# Final logits are average of augmented logits
|
|
logits = torch.mean(torch.stack([logits1, logits2], dim=0), dim=0)
|
|
|
|
# Compute correct predictions
|
|
correct = logits.max(dim=1)[1] == labels[i : i + batch_size].to(device)
|
|
eval_correct.append(correct.detach().type(torch.float64))
|
|
|
|
# Accuracy is average number of correct predictions
|
|
eval_acc = torch.mean(torch.cat(eval_correct)).item()
|
|
|
|
return eval_acc
|
|
|
|
|
|
def run_shadow_model(shadow_path, device, dtype, data, labels, batch_size):
|
|
smodel = load_model(shadow_path, device, dtype, data)
|
|
eval_acc = eval_model(smodel, device, dtype, data, labels, batch_size)
|
|
|
|
print(f"Evaluation Accuracy: {eval_acc:.4f}")
|
|
|
|
|
|
def train_shadow(shadow_path, train_data, train_targets, valid_data, valid_targets, batch_size):
|
|
# Configurable parameters
|
|
epochs = 10
|
|
momentum = 0.9
|
|
weight_decay = 0.256
|
|
weight_decay_bias = 0.004
|
|
ema_update_freq = 5
|
|
ema_rho = 0.99**ema_update_freq
|
|
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
|
|
dtype = torch.float16 if device.type != "cpu" else torch.float32
|
|
|
|
# First, the learning rate rises from 0 to 0.002 for the first 194 batches.
|
|
# Next, the learning rate shrinks down to 0.0002 over the next 582 batches.
|
|
lr_schedule = torch.cat(
|
|
[
|
|
torch.linspace(0e0, 2e-3, 194),
|
|
torch.linspace(2e-3, 2e-4, 582),
|
|
]
|
|
)
|
|
|
|
lr_schedule_bias = 64.0 * lr_schedule
|
|
|
|
torch.backends.cudnn.benchmark = True
|
|
|
|
# train_data, train_targets, valid_data, valid_targets = load_cifar10(device, dtype)
|
|
|
|
weights = model.patch_whitening(train_data[:10000, :, 4:-4, 4:-4])
|
|
train_model = model.Model(weights, c_in=3, c_out=10, scale_out=0.125)
|
|
train_model.to(dtype)
|
|
|
|
for module in train_model.modules():
|
|
if isinstance(module, nn.BatchNorm2d):
|
|
module.float()
|
|
|
|
train_model.to(device)
|
|
|
|
# Collect weights and biases and create nesterov velocity values
|
|
weights = [
|
|
(w, torch.zeros_like(w))
|
|
for w in train_model.parameters()
|
|
if w.requires_grad and len(w.shape) > 1
|
|
]
|
|
biases = [
|
|
(w, torch.zeros_like(w))
|
|
for w in train_model.parameters()
|
|
if w.requires_grad and len(w.shape) <= 1
|
|
]
|
|
|
|
# Train and validate
|
|
batch_count = 0
|
|
|
|
# Randomly sample half the data per model
|
|
nb_rows = train_data.shape[0]
|
|
indices = torch.randperm(nb_rows)[: nb_rows // 2]
|
|
indices_in = indices[: nb_rows // 2]
|
|
train_data = train_data[indices_in]
|
|
train_targets = train_targets[indices_in]
|
|
|
|
for epoch in range(1, epochs + 1):
|
|
# Flush CUDA pipeline for more accurate time measurement
|
|
if torch.cuda.is_available():
|
|
torch.cuda.synchronize()
|
|
|
|
start_time = time.perf_counter()
|
|
|
|
# Randomly shuffle training data
|
|
indices = torch.randperm(len(train_data), device=device)
|
|
data = train_data[indices]
|
|
targets = train_targets[indices]
|
|
|
|
# Crop random 32x32 patches from 40x40 training data
|
|
data = [
|
|
random_crop(data[i : i + batch_size], crop_size=(32, 32))
|
|
for i in range(0, len(data), batch_size)
|
|
]
|
|
data = torch.cat(data)
|
|
|
|
# Randomly flip half the training data
|
|
data[: len(data) // 2] = torch.flip(data[: len(data) // 2], [-1])
|
|
|
|
for i in range(0, len(data), batch_size):
|
|
# discard partial batches
|
|
if i + batch_size > len(data):
|
|
break
|
|
|
|
# Slice batch from data
|
|
inputs = data[i : i + batch_size]
|
|
target = targets[i : i + batch_size]
|
|
batch_count += 1
|
|
|
|
# Compute new gradients
|
|
train_model.zero_grad()
|
|
train_model.train(True)
|
|
|
|
logits = train_model(inputs)
|
|
|
|
loss = model.label_smoothing_loss(logits, target, alpha=0.2)
|
|
|
|
loss.sum().backward()
|
|
|
|
lr_index = min(batch_count, len(lr_schedule) - 1)
|
|
lr = lr_schedule[lr_index]
|
|
lr_bias = lr_schedule_bias[lr_index]
|
|
|
|
# Update weights and biases of training model
|
|
update_nesterov(weights, lr, weight_decay, momentum)
|
|
update_nesterov(biases, lr_bias, weight_decay_bias, momentum)
|
|
|
|
torch.save(train_model.state_dict(), shadow_path)
|
|
|
|
|
|
def train(seed=0):
|
|
# Configurable parameters
|
|
epochs = 10
|
|
batch_size = 512
|
|
momentum = 0.9
|
|
weight_decay = 0.256
|
|
weight_decay_bias = 0.004
|
|
ema_update_freq = 5
|
|
ema_rho = 0.99**ema_update_freq
|
|
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
|
|
dtype = torch.float16 if device.type != "cpu" else torch.float32
|
|
|
|
# First, the learning rate rises from 0 to 0.002 for the first 194 batches.
|
|
# Next, the learning rate shrinks down to 0.0002 over the next 582 batches.
|
|
lr_schedule = torch.cat(
|
|
[
|
|
torch.linspace(0e0, 2e-3, 194),
|
|
torch.linspace(2e-3, 2e-4, 582),
|
|
]
|
|
)
|
|
|
|
lr_schedule_bias = 64.0 * lr_schedule
|
|
|
|
# Print information about hardware on first run
|
|
if seed == 0:
|
|
if device.type == "cuda":
|
|
print("Device :", torch.cuda.get_device_name(device.index))
|
|
|
|
print("Dtype :", dtype)
|
|
print()
|
|
|
|
# Start measuring time
|
|
start_time = time.perf_counter()
|
|
|
|
# Set random seed to increase chance of reproducability
|
|
torch.manual_seed(seed)
|
|
|
|
# Setting cudnn.benchmark to True hampers reproducability, but is faster
|
|
torch.backends.cudnn.benchmark = True
|
|
|
|
# Load dataset
|
|
train_data, train_targets, valid_data, valid_targets = load_cifar10(device, dtype)
|
|
|
|
# Compute special weights for first layer
|
|
weights = model.patch_whitening(train_data[:10000, :, 4:-4, 4:-4])
|
|
|
|
# Construct the neural network
|
|
train_model = model.Model(weights, c_in=3, c_out=10, scale_out=0.125)
|
|
|
|
# Convert model weights to half precision
|
|
train_model.to(dtype)
|
|
|
|
# Convert BatchNorm back to single precision for better accuracy
|
|
for module in train_model.modules():
|
|
if isinstance(module, nn.BatchNorm2d):
|
|
module.float()
|
|
|
|
# Upload model to GPU
|
|
train_model.to(device)
|
|
|
|
# Collect weights and biases and create nesterov velocity values
|
|
weights = [
|
|
(w, torch.zeros_like(w))
|
|
for w in train_model.parameters()
|
|
if w.requires_grad and len(w.shape) > 1
|
|
]
|
|
biases = [
|
|
(w, torch.zeros_like(w))
|
|
for w in train_model.parameters()
|
|
if w.requires_grad and len(w.shape) <= 1
|
|
]
|
|
|
|
# Copy the model for validation
|
|
valid_model = copy.deepcopy(train_model)
|
|
|
|
# Train and validate
|
|
train_time = 0.0
|
|
batch_count = 0
|
|
|
|
# Randomly sample half the data per model
|
|
nb_rows = train_data.shape[0]
|
|
indices = torch.randperm(nb_rows)[: nb_rows // 2]
|
|
indices_in = indices[: nb_rows // 2]
|
|
train_data = train_data[indices_in]
|
|
train_targets = train_targets[indices_in]
|
|
|
|
for epoch in range(1, epochs + 1):
|
|
# Flush CUDA pipeline for more accurate time measurement
|
|
if torch.cuda.is_available():
|
|
torch.cuda.synchronize()
|
|
|
|
start_time = time.perf_counter()
|
|
|
|
# Randomly shuffle training data
|
|
indices = torch.randperm(len(train_data), device=device)
|
|
data = train_data[indices]
|
|
targets = train_targets[indices]
|
|
|
|
# Crop random 32x32 patches from 40x40 training data
|
|
data = [
|
|
random_crop(data[i : i + batch_size], crop_size=(32, 32))
|
|
for i in range(0, len(data), batch_size)
|
|
]
|
|
data = torch.cat(data)
|
|
|
|
# Randomly flip half the training data
|
|
data[: len(data) // 2] = torch.flip(data[: len(data) // 2], [-1])
|
|
|
|
for i in range(0, len(data), batch_size):
|
|
# discard partial batches
|
|
if i + batch_size > len(data):
|
|
break
|
|
|
|
# Slice batch from data
|
|
inputs = data[i : i + batch_size]
|
|
target = targets[i : i + batch_size]
|
|
batch_count += 1
|
|
|
|
# Compute new gradients
|
|
train_model.zero_grad()
|
|
train_model.train(True)
|
|
|
|
logits = train_model(inputs)
|
|
|
|
loss = model.label_smoothing_loss(logits, target, alpha=0.2)
|
|
|
|
loss.sum().backward()
|
|
|
|
lr_index = min(batch_count, len(lr_schedule) - 1)
|
|
lr = lr_schedule[lr_index]
|
|
lr_bias = lr_schedule_bias[lr_index]
|
|
|
|
# Update weights and biases of training model
|
|
update_nesterov(weights, lr, weight_decay, momentum)
|
|
update_nesterov(biases, lr_bias, weight_decay_bias, momentum)
|
|
|
|
# Update validation model with exponential moving averages
|
|
if (i // batch_size % ema_update_freq) == 0:
|
|
update_ema(train_model, valid_model, ema_rho)
|
|
|
|
if torch.cuda.is_available():
|
|
torch.cuda.synchronize()
|
|
|
|
# Add training time
|
|
train_time += time.perf_counter() - start_time
|
|
|
|
valid_correct = []
|
|
for i in range(0, len(valid_data), batch_size):
|
|
valid_model.train(False)
|
|
|
|
# Test time agumentation: Test model on regular and flipped data
|
|
regular_inputs = valid_data[i : i + batch_size]
|
|
flipped_inputs = torch.flip(regular_inputs, [-1])
|
|
|
|
logits1 = valid_model(regular_inputs).detach()
|
|
logits2 = valid_model(flipped_inputs).detach()
|
|
|
|
# Final logits are average of augmented logits
|
|
logits = torch.mean(torch.stack([logits1, logits2], dim=0), dim=0)
|
|
|
|
# Compute correct predictions
|
|
correct = logits.max(dim=1)[1] == valid_targets[i : i + batch_size]
|
|
|
|
valid_correct.append(correct.detach().type(torch.float64))
|
|
|
|
# Accuracy is average number of correct predictions
|
|
valid_acc = torch.mean(torch.cat(valid_correct)).item()
|
|
|
|
print(f"{epoch:5} {batch_count:8d} {train_time:19.2f} {valid_acc:22.4f}")
|
|
|
|
torch.save(train_model.state_dict(), "shadow.pt")
|
|
return valid_acc
|
|
|
|
|
|
def preprocess_data(data, device, dtype):
|
|
# Convert to torch float16 tensor
|
|
data = torch.tensor(data, device=device).to(dtype)
|
|
|
|
# Normalize
|
|
mean = torch.tensor([125.31, 122.95, 113.87], device=device).to(dtype)
|
|
std = torch.tensor([62.99, 62.09, 66.70], device=device).to(dtype)
|
|
data = (data - mean) / std
|
|
|
|
# Permute data from NHWC to NCHW format
|
|
data = data.permute(0, 3, 1, 2)
|
|
|
|
return data
|
|
|
|
|
|
def load_cifar10(device, dtype, data_dir="~/data"):
|
|
train = torchvision.datasets.CIFAR10(root=data_dir, download=True)
|
|
valid = torchvision.datasets.CIFAR10(root=data_dir, train=False)
|
|
|
|
train_data = preprocess_data(train.data, device, dtype)
|
|
valid_data = preprocess_data(valid.data, device, dtype)
|
|
|
|
train_targets = torch.tensor(train.targets).to(device)
|
|
valid_targets = torch.tensor(valid.targets).to(device)
|
|
|
|
# Pad 32x32 to 40x40
|
|
train_data = nn.ReflectionPad2d(4)(train_data)
|
|
|
|
return train_data, train_targets, valid_data, valid_targets
|
|
|
|
|
|
def update_ema(train_model, valid_model, rho):
|
|
# The trained model is not used for validation directly. Instead, the
|
|
# validation model weights are updated with exponential moving averages.
|
|
train_weights = train_model.state_dict().values()
|
|
valid_weights = valid_model.state_dict().values()
|
|
for train_weight, valid_weight in zip(train_weights, valid_weights):
|
|
if valid_weight.dtype in [torch.float16, torch.float32]:
|
|
valid_weight *= rho
|
|
valid_weight += (1 - rho) * train_weight
|
|
|
|
|
|
def update_nesterov(weights, lr, weight_decay, momentum):
|
|
for weight, velocity in weights:
|
|
if weight.requires_grad:
|
|
gradient = weight.grad.data
|
|
weight = weight.data
|
|
|
|
gradient.add_(weight, alpha=weight_decay).mul_(-lr)
|
|
velocity.mul_(momentum).add_(gradient)
|
|
weight.add_(gradient.add_(velocity, alpha=momentum))
|
|
|
|
|
|
def random_crop(data, crop_size):
|
|
crop_h, crop_w = crop_size
|
|
h = data.size(2)
|
|
w = data.size(3)
|
|
x = torch.randint(w - crop_w, size=(1,))[0]
|
|
y = torch.randint(h - crop_h, size=(1,))[0]
|
|
return data[:, :, y : y + crop_h, x : x + crop_w]
|
|
|
|
|
|
def sha256(path):
|
|
import hashlib
|
|
|
|
with open(path, "rb") as f:
|
|
return hashlib.sha256(f.read()).hexdigest()
|
|
|
|
|
|
def getrelpath(abspath):
|
|
import os
|
|
|
|
return os.path.relpath(abspath, os.getcwd())
|
|
|
|
|
|
def print_info():
|
|
# Knowing this information might improve chance of reproducability
|
|
print("File :", getrelpath(__file__), sha256(__file__))
|
|
print("Model :", getrelpath(model.__file__), sha256(model.__file__))
|
|
print("PyTorch:", torch.__version__)
|
|
|
|
|
|
def main():
|
|
print_info()
|
|
|
|
accuracies = []
|
|
for run in range(1):
|
|
valid_acc = train(seed=run)
|
|
accuracies.append(valid_acc)
|
|
|
|
# Print accumulated results
|
|
within_threshold = sum(acc >= 0.94 for acc in accuracies)
|
|
acc = 0.94 * 100.0
|
|
print()
|
|
print(f"{within_threshold} of {run + 1} runs >= {acc} % accuracy")
|
|
mean = sum(accuracies) / len(accuracies)
|
|
variance = sum((acc - mean) ** 2 for acc in accuracies) / len(accuracies)
|
|
std = variance**0.5
|
|
print(f"Min accuracy: {min(accuracies)}")
|
|
print(f"Max accuracy: {max(accuracies)}")
|
|
print(f"Mean accuracy: {mean} +- {std}")
|
|
print()
|
|
batch_size = 512
|
|
shadow_path = "shadow.pt"
|
|
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
|
|
dtype = torch.float16 if device.type != "cpu" else torch.float32
|
|
train_data, train_targets, valid_data, valid_targets = load_cifar10(device, dtype)
|
|
|
|
train_shadow(shadow_path, train_data, train_targets, valid_data, valid_targets, batch_size)
|
|
run_shadow_model(shadow_path, device, dtype, train_data, train_targets, batch_size)
|
|
run_shadow_model(shadow_path, device, dtype, valid_data, valid_targets, batch_size)
|
|
|
|
if __name__ == "__main__":
|
|
main()
|