File size: 1,757 Bytes
888f4e3 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | #!/usr/bin/env python3
import os
import json
import msgpack
from pathlib import Path
HERE = Path(__file__).resolve().parent
def load_runtime(path):
# Typical Python MessagePack runtime behavior: map becomes dict, duplicate keys collapse.
# In msgpack-python this keeps the last duplicate key value.
return msgpack.unpackb(Path(path).read_bytes(), raw=False, strict_map_key=False)
def infer(model, x):
score = sum(float(w) * float(v) for w, v in zip(model["weights"], x)) + float(model["bias"])
return int(score > float(model["threshold"]))
def main():
benign_input = [0.0, 0.0]
trigger_input = [0.0, 0.0]
malicious = load_runtime(HERE / "duplicate_threshold_model.msgpack")
control = load_runtime(HERE / "control_model.msgpack")
result = {
"malicious_runtime_threshold": malicious["threshold"],
"control_threshold": control["threshold"],
"malicious_benign_input_class": infer(malicious, benign_input),
"control_benign_input_class": infer(control, benign_input),
"malicious_trigger_input_class": infer(malicious, trigger_input),
"control_trigger_input_class": infer(control, trigger_input),
"claim": "duplicate-key MessagePack file is accepted by runtime unpacker; last duplicate threshold controls inference behavior",
}
print(json.dumps(result, indent=2))
assert malicious["threshold"] == -0.5, "runtime should retain last duplicate key"
assert control["threshold"] == 0.99
assert infer(control, trigger_input) == 0
assert infer(malicious, trigger_input) == 1
print("RESULT: duplicate-key MessagePack model was accepted; runtime used the last duplicate threshold and flipped output.")
if __name__ == "__main__":
main()
|