msgpack_duplicate_key_mfv_poc_package/verify_msgpack_duplicate_key.py

#!/usr/bin/env python3
import os
import json
import msgpack
from pathlib import Path

HERE = Path(__file__).resolve().parent

def load_runtime(path):
    # Typical Python MessagePack runtime behavior: map becomes dict, duplicate keys collapse.
    # In msgpack-python this keeps the last duplicate key value.
    return msgpack.unpackb(Path(path).read_bytes(), raw=False, strict_map_key=False)

def infer(model, x):
    score = sum(float(w) * float(v) for w, v in zip(model["weights"], x)) + float(model["bias"])
    return int(score > float(model["threshold"]))

def main():
    benign_input = [0.0, 0.0]
    trigger_input = [0.0, 0.0]

    malicious = load_runtime(HERE / "duplicate_threshold_model.msgpack")
    control = load_runtime(HERE / "control_model.msgpack")

    result = {
        "malicious_runtime_threshold": malicious["threshold"],
        "control_threshold": control["threshold"],
        "malicious_benign_input_class": infer(malicious, benign_input),
        "control_benign_input_class": infer(control, benign_input),
        "malicious_trigger_input_class": infer(malicious, trigger_input),
        "control_trigger_input_class": infer(control, trigger_input),
        "claim": "duplicate-key MessagePack file is accepted by runtime unpacker; last duplicate threshold controls inference behavior",
    }

    print(json.dumps(result, indent=2))

    assert malicious["threshold"] == -0.5, "runtime should retain last duplicate key"
    assert control["threshold"] == 0.99
    assert infer(control, trigger_input) == 0
    assert infer(malicious, trigger_input) == 1
    print("RESULT: duplicate-key MessagePack model was accepted; runtime used the last duplicate threshold and flipped output.")

if __name__ == "__main__":
    main()