-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
99b67d2
commit 1d8372b
Showing
4 changed files
with
297 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,235 @@ | ||
| <!doctype html> | ||
| <html lang="en"> | ||
| <head> | ||
| <meta charset="utf-8"> | ||
| <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1"> | ||
| <meta name="generator" content="pdoc3 0.11.1"> | ||
| <title>mimir.attacks.recall API documentation</title> | ||
| <meta name="description" content="ReCaLL Attack: https://github.com/ruoyuxie/recall/"> | ||
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/13.0.0/sanitize.min.css" integrity="sha512-y1dtMcuvtTMJc1yPgEqF0ZjQbhnc/bFhyvIyVNb9Zk5mIGtqVaAB1Ttl28su8AvFMOY0EwRbAe+HCLqj6W7/KA==" crossorigin> | ||
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/10up-sanitize.css/13.0.0/typography.min.css" integrity="sha512-Y1DYSb995BAfxobCkKepB1BqJJTPrOp3zPL74AWFugHHmmdcvO+C48WLrUOlhGMc0QG7AE3f7gmvvcrmX2fDoA==" crossorigin> | ||
| <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/default.min.css" crossorigin> | ||
| <style>:root{--highlight-color:#fe9}.flex{display:flex !important}body{line-height:1.5em}#content{padding:20px}#sidebar{padding:1.5em;overflow:hidden}#sidebar > *:last-child{margin-bottom:2cm}.http-server-breadcrumbs{font-size:130%;margin:0 0 15px 0}#footer{font-size:.75em;padding:5px 30px;border-top:1px solid #ddd;text-align:right}#footer p{margin:0 0 0 1em;display:inline-block}#footer p:last-child{margin-right:30px}h1,h2,h3,h4,h5{font-weight:300}h1{font-size:2.5em;line-height:1.1em}h2{font-size:1.75em;margin:2em 0 .50em 0}h3{font-size:1.4em;margin:1.6em 0 .7em 0}h4{margin:0;font-size:105%}h1:target,h2:target,h3:target,h4:target,h5:target,h6:target{background:var(--highlight-color);padding:.2em 0}a{color:#058;text-decoration:none;transition:color .2s ease-in-out}a:visited{color:#503}a:hover{color:#b62}.title code{font-weight:bold}h2[id^="header-"]{margin-top:2em}.ident{color:#900;font-weight:bold}pre code{font-size:.8em;line-height:1.4em;padding:1em;display:block}code{background:#f3f3f3;font-family:"DejaVu Sans Mono",monospace;padding:1px 4px;overflow-wrap:break-word}h1 code{background:transparent}pre{border-top:1px solid #ccc;border-bottom:1px solid #ccc;margin:1em 0}#http-server-module-list{display:flex;flex-flow:column}#http-server-module-list div{display:flex}#http-server-module-list dt{min-width:10%}#http-server-module-list p{margin-top:0}.toc ul,#index{list-style-type:none;margin:0;padding:0}#index code{background:transparent}#index h3{border-bottom:1px solid #ddd}#index ul{padding:0}#index h4{margin-top:.6em;font-weight:bold}@media (min-width:200ex){#index .two-column{column-count:2}}@media (min-width:300ex){#index .two-column{column-count:3}}dl{margin-bottom:2em}dl dl:last-child{margin-bottom:4em}dd{margin:0 0 1em 3em}#header-classes + dl > dd{margin-bottom:3em}dd dd{margin-left:2em}dd p{margin:10px 0}.name{background:#eee;font-size:.85em;padding:5px 10px;display:inline-block;min-width:40%}.name:hover{background:#e0e0e0}dt:target .name{background:var(--highlight-color)}.name > span:first-child{white-space:nowrap}.name.class > span:nth-child(2){margin-left:.4em}.inherited{color:#999;border-left:5px solid #eee;padding-left:1em}.inheritance em{font-style:normal;font-weight:bold}.desc h2{font-weight:400;font-size:1.25em}.desc h3{font-size:1em}.desc dt code{background:inherit}.source summary,.git-link-div{color:#666;text-align:right;font-weight:400;font-size:.8em;text-transform:uppercase}.source summary > *{white-space:nowrap;cursor:pointer}.git-link{color:inherit;margin-left:1em}.source pre{max-height:500px;overflow:auto;margin:0}.source pre code{font-size:12px;overflow:visible}.hlist{list-style:none}.hlist li{display:inline}.hlist li:after{content:',\2002'}.hlist li:last-child:after{content:none}.hlist .hlist{display:inline;padding-left:1em}img{max-width:100%}td{padding:0 .5em}.admonition{padding:.1em 1em;margin-bottom:1em}.admonition-title{font-weight:bold}.admonition.note,.admonition.info,.admonition.important{background:#aef}.admonition.todo,.admonition.versionadded,.admonition.tip,.admonition.hint{background:#dfd}.admonition.warning,.admonition.versionchanged,.admonition.deprecated{background:#fd4}.admonition.error,.admonition.danger,.admonition.caution{background:lightpink}</style> | ||
| <style media="screen and (min-width: 700px)">@media screen and (min-width:700px){#sidebar{width:30%;height:100vh;overflow:auto;position:sticky;top:0}#content{width:70%;max-width:100ch;padding:3em 4em;border-left:1px solid #ddd}pre code{font-size:1em}.name{font-size:1em}main{display:flex;flex-direction:row-reverse;justify-content:flex-end}.toc ul ul,#index ul ul{padding-left:1em}.toc > ul > li{margin-top:.5em}}</style> | ||
| <style media="print">@media print{#sidebar h1{page-break-before:always}.source{display:none}}@media print{*{background:transparent !important;color:#000 !important;box-shadow:none !important;text-shadow:none !important}a[href]:after{content:" (" attr(href) ")";font-size:90%}a[href][title]:after{content:none}abbr[title]:after{content:" (" attr(title) ")"}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{border:1px solid #999;page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h1,h2,h3,h4,h5,h6{page-break-after:avoid}}</style> | ||
| <script defer src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/highlight.min.js" integrity="sha512-D9gUyxqja7hBtkWpPWGt9wfbfaMGVt9gnyCvYa+jojwwPHLCzUm5i8rpk7vD7wNee9bA35eYIjobYPaQuKS1MQ==" crossorigin></script> | ||
| <script>window.addEventListener('DOMContentLoaded', () => { | ||
| hljs.configure({languages: ['bash', 'css', 'diff', 'graphql', 'ini', 'javascript', 'json', 'plaintext', 'python', 'python-repl', 'rust', 'shell', 'sql', 'typescript', 'xml', 'yaml']}); | ||
| hljs.highlightAll(); | ||
| })</script> | ||
| </head> | ||
| <body> | ||
| <main> | ||
| <article id="content"> | ||
| <header> | ||
| <h1 class="title">Module <code>mimir.attacks.recall</code></h1> | ||
| </header> | ||
| <section id="section-intro"> | ||
| <p>ReCaLL Attack: <a href="https://github.com/ruoyuxie/recall/">https://github.com/ruoyuxie/recall/</a></p> | ||
| </section> | ||
| <section> | ||
| </section> | ||
| <section> | ||
| </section> | ||
| <section> | ||
| </section> | ||
| <section> | ||
| <h2 class="section-title" id="header-classes">Classes</h2> | ||
| <dl> | ||
| <dt id="mimir.attacks.recall.ReCaLLAttack"><code class="flex name class"> | ||
| <span>class <span class="ident">ReCaLLAttack</span></span> | ||
| <span>(</span><span>config: <a title="mimir.config.ExperimentConfig" href="../config.html#mimir.config.ExperimentConfig">ExperimentConfig</a>, target_model: <a title="mimir.models.Model" href="../models.html#mimir.models.Model">Model</a>)</span> | ||
| </code></dt> | ||
| <dd> | ||
| <div class="desc"></div> | ||
| <details class="source"> | ||
| <summary> | ||
| <span>Expand source code</span> | ||
| </summary> | ||
| <pre><code class="python">class ReCaLLAttack(Attack): | ||
|
|
||
| #** Note: this is a suboptimal implementation of the ReCaLL attack due to necessary changes made to integrate it alongside the other attacks | ||
| #** for a better performing version, please refer to: https://github.com/ruoyuxie/recall | ||
|
|
||
| def __init__(self, config: ExperimentConfig, target_model: Model): | ||
| super().__init__(config, target_model, ref_model = None) | ||
| self.prefix = None | ||
|
|
||
| @torch.no_grad() | ||
| def _attack(self, document, probs, tokens = None, **kwargs): | ||
| recall_dict: dict = kwargs.get("recall_dict", None) | ||
|
|
||
| nonmember_prefix = recall_dict.get("prefix") | ||
| num_shots = recall_dict.get("num_shots") | ||
| avg_length = recall_dict.get("avg_length") | ||
|
|
||
| assert nonmember_prefix, "nonmember_prefix should not be None or empty" | ||
| assert num_shots, "num_shots should not be None or empty" | ||
| assert avg_length, "avg_length should not be None or empty" | ||
|
|
||
| lls = self.target_model.get_ll(document, probs = probs, tokens = tokens) | ||
| ll_nonmember = self.get_conditional_ll(nonmember_prefix = nonmember_prefix, text = document, | ||
| num_shots = num_shots, avg_length = avg_length, | ||
| tokens = tokens) | ||
| recall = ll_nonmember / lls | ||
|
|
||
|
|
||
| assert not np.isnan(recall) | ||
| return recall | ||
|
|
||
| def process_prefix(self, prefix, avg_length, total_shots): | ||
| model = self.target_model | ||
| tokenizer = self.target_model.tokenizer | ||
|
|
||
| if self.prefix is not None: | ||
| # We only need to process the prefix once, after that we can just return | ||
| return self.prefix | ||
|
|
||
| max_length = model.max_length | ||
| token_counts = [len(tokenizer.encode(shot)) for shot in prefix] | ||
|
|
||
| target_token_count = avg_length | ||
| total_tokens = sum(token_counts) + target_token_count | ||
| if total_tokens<=max_length: | ||
| self.prefix = prefix | ||
| return self.prefix | ||
| # Determine the maximum number of shots that can fit within the max_length | ||
| max_shots = 0 | ||
| cumulative_tokens = target_token_count | ||
| for count in token_counts: | ||
| if cumulative_tokens + count <= max_length: | ||
| max_shots += 1 | ||
| cumulative_tokens += count | ||
| else: | ||
| break | ||
| # Truncate the prefix to include only the maximum number of shots | ||
| truncated_prefix = prefix[-max_shots:] | ||
| print(f"""\nToo many shots used. Initial ReCaLL number of shots was {total_shots}. Maximum number of shots is {max_shots}. Defaulting to maximum number of shots.""") | ||
| self.prefix = truncated_prefix | ||
| return self.prefix | ||
|
|
||
| def get_conditional_ll(self, nonmember_prefix, text, num_shots, avg_length, tokens=None): | ||
| assert nonmember_prefix, "nonmember_prefix should not be None or empty" | ||
|
|
||
| model = self.target_model | ||
| tokenizer = self.target_model.tokenizer | ||
|
|
||
| if tokens is None: | ||
| target_encodings = tokenizer(text=text, return_tensors="pt") | ||
| else: | ||
| target_encodings = tokens | ||
|
|
||
| processed_prefix = self.process_prefix(nonmember_prefix, avg_length, total_shots=num_shots) | ||
| input_encodings = tokenizer(text="".join(processed_prefix), return_tensors="pt") | ||
|
|
||
| prefix_ids = input_encodings.input_ids.to(model.device) | ||
| text_ids = target_encodings.input_ids.to(model.device) | ||
|
|
||
| max_length = model.max_length | ||
|
|
||
| if prefix_ids.size(1) >= max_length: | ||
| raise ValueError("Prefix length exceeds or equals the model's maximum context window.") | ||
|
|
||
| labels = torch.cat((prefix_ids, text_ids), dim=1) | ||
| total_length = labels.size(1) | ||
|
|
||
| total_loss = 0 | ||
| total_tokens = 0 | ||
| with torch.no_grad(): | ||
| for i in range(0, total_length, max_length): | ||
| begin_loc = i | ||
| end_loc = min(i + max_length, total_length) | ||
| trg_len = end_loc - begin_loc | ||
|
|
||
| input_ids = labels[:, begin_loc:end_loc].to(model.device) | ||
| target_ids = input_ids.clone() | ||
|
|
||
| if begin_loc < prefix_ids.size(1): | ||
| prefix_overlap = min(prefix_ids.size(1) - begin_loc, max_length) | ||
| target_ids[:, :prefix_overlap] = -100 | ||
|
|
||
| if end_loc > total_length - text_ids.size(1): | ||
| target_overlap = min(end_loc - (total_length - text_ids.size(1)), max_length) | ||
| target_ids[:, -target_overlap:] = input_ids[:, -target_overlap:] | ||
|
|
||
| if torch.all(target_ids == -100): | ||
| continue | ||
|
|
||
| outputs = model.model(input_ids, labels=target_ids) | ||
| loss = outputs.loss | ||
| if torch.isnan(loss): | ||
| print(f"NaN detected in loss at iteration {i}. Non masked target_ids size is {(target_ids != -100).sum().item()}") | ||
| continue | ||
| non_masked_tokens = (target_ids != -100).sum().item() | ||
| total_loss += loss.item() * non_masked_tokens | ||
| total_tokens += non_masked_tokens | ||
|
|
||
| average_loss = total_loss / total_tokens if total_tokens > 0 else 0 | ||
| return -average_loss</code></pre> | ||
| </details> | ||
| <h3>Ancestors</h3> | ||
| <ul class="hlist"> | ||
| <li><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></li> | ||
| </ul> | ||
| <h3>Methods</h3> | ||
| <dl> | ||
| <dt id="mimir.attacks.recall.ReCaLLAttack.get_conditional_ll"><code class="name flex"> | ||
| <span>def <span class="ident">get_conditional_ll</span></span>(<span>self, nonmember_prefix, text, num_shots, avg_length, tokens=None)</span> | ||
| </code></dt> | ||
| <dd> | ||
| <div class="desc"></div> | ||
| </dd> | ||
| <dt id="mimir.attacks.recall.ReCaLLAttack.process_prefix"><code class="name flex"> | ||
| <span>def <span class="ident">process_prefix</span></span>(<span>self, prefix, avg_length, total_shots)</span> | ||
| </code></dt> | ||
| <dd> | ||
| <div class="desc"></div> | ||
| </dd> | ||
| </dl> | ||
| <h3>Inherited members</h3> | ||
| <ul class="hlist"> | ||
| <li><code><b><a title="mimir.attacks.all_attacks.Attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack">Attack</a></b></code>: | ||
| <ul class="hlist"> | ||
| <li><code><a title="mimir.attacks.all_attacks.Attack.attack" href="all_attacks.html#mimir.attacks.all_attacks.Attack.attack">attack</a></code></li> | ||
| <li><code><a title="mimir.attacks.all_attacks.Attack.load" href="all_attacks.html#mimir.attacks.all_attacks.Attack.load">load</a></code></li> | ||
| </ul> | ||
| </li> | ||
| </ul> | ||
| </dd> | ||
| </dl> | ||
| </section> | ||
| </article> | ||
| <nav id="sidebar"> | ||
| <header> | ||
| <a class="homelink" rel="home" title="MIMIR Home" href="https://iamgroot42.github.io/mimir/"> | ||
| <img src="https://raw.githubusercontent.com/iamgroot42/mimir/8ed6886fb6df7a72f2f0f398688f48b68c5f48b0/assets/logo.png" alt="MIMIR"> | ||
| </a> | ||
| </header> | ||
| <div class="toc"> | ||
| <ul></ul> | ||
| </div> | ||
| <ul id="index"> | ||
| <li><h3>Super-module</h3> | ||
| <ul> | ||
| <li><code><a title="mimir.attacks" href="index.html">mimir.attacks</a></code></li> | ||
| </ul> | ||
| </li> | ||
| <li><h3><a href="#header-classes">Classes</a></h3> | ||
| <ul> | ||
| <li> | ||
| <h4><code><a title="mimir.attacks.recall.ReCaLLAttack" href="#mimir.attacks.recall.ReCaLLAttack">ReCaLLAttack</a></code></h4> | ||
| <ul class=""> | ||
| <li><code><a title="mimir.attacks.recall.ReCaLLAttack.get_conditional_ll" href="#mimir.attacks.recall.ReCaLLAttack.get_conditional_ll">get_conditional_ll</a></code></li> | ||
| <li><code><a title="mimir.attacks.recall.ReCaLLAttack.process_prefix" href="#mimir.attacks.recall.ReCaLLAttack.process_prefix">process_prefix</a></code></li> | ||
| </ul> | ||
| </li> | ||
| </ul> | ||
| </li> | ||
| </ul> | ||
| </nav> | ||
| </main> | ||
| <footer id="footer"> | ||
| <p>Generated by <a href="https://pdoc3.github.io/pdoc" title="pdoc: Python API documentation generator"><cite>pdoc</cite> 0.11.1</a>.</p> | ||
| </footer> | ||
| </body> | ||
| </html> |
Oops, something went wrong.