MnistFcVerify #
VNN-COMP-style mini-suite checker (MNIST-FC, VNN-COMP 2022 benchmark).
This tool is intentionally compact:
- it consumes ONNX+VNNLIB instances via JSON artifacts, and
- it runs TorchLean's IBP / (basic) CROWN bounds on the imported MLP, then checks the VNNLIB disjunction-of-conjunctions constraints using a sufficient condition on the output box.
The checker expects exported JSON artifacts. Keep large VNN-COMP snapshots outside git, for example
under _external/vnncomp/mnist_fc/, and pass explicit paths when needed.
Run (Lean):
lake exe verify -- vnncomp-mnistfc
Command-line options for the MNIST-FC VNN-COMP mini-suite verifier.
The defaults point at ignored local artifact paths under _external/vnncomp/mnist_fc/.
- weights : String
Path to exported weights (
model_weights.json). - suite : String
Path to exported instance suite (
suite.json). - max : ℕ
Maximum number of instances to check (useful for quick local checks).
- mode : String
Bound propagation mode:
ibp: IBP only (fast, loose)crown: forward CROWN (still produces just an output box)crownobj: backward objective pass for each spec rowcrownobj-alpha: objective pass with precomputed ReLU slopes (--alphas)
- alphas : String
Path to exported alpha slopes JSON (required for
mode = crownobj-alpha).
Instances For
Instances For
Usage text printed by this tool (returned as an error message on --help).
Instances For
Parse CLI flags into MnistFCOpts.
On --help / -h this returns usage as the error message (so callers can print it and exit).
Instances For
Weights for one exported fully-connected layer (y = Wx + b).
This is the lightest data structure we need to rebuild a CROWN Graph for MNIST-FC.
- inDim : ℕ
Input dimension for this layer.
- outDim : ℕ
Output dimension for this layer.
- w : Spec.Tensor Float (Spec.Shape.dim self.outDim (Spec.Shape.dim self.inDim Spec.Shape.scalar))
Weight matrix, shape
(outDim × inDim). - b : Spec.Tensor Float (Spec.Shape.dim self.outDim Spec.Shape.scalar)
Bias vector, shape
(outDim).
Instances For
Convert a JSON float array into a length-n TorchLean vector tensor (returns none if sizes
mismatch).
Instances For
Convert a rows × cols float matrix payload into a TorchLean matrix tensor (checks both
dimensions).
Instances For
One exported VNN-COMP instance.
spec is a disjunction-of-conjunctions: each term is a conjunction mat * y <= rhs over the
network output vector y.
- id : ℕ
Instance id (copied from the exported suite JSON).
Lower bound for the input box (
x_lo).Upper bound for the input box (
x_hi).Disjunction terms, each a conjunction
mat * y <= rhs.
Instances For
One set of precomputed ReLU alpha slopes for crownobj-alpha mode.
This checker assumes the MNIST-FC graph has ReLU nodes at fixed ids (2 and 4), so we store the
alpha vectors in a format that can be mapped back to those nodes.
- id : ℕ
Instance id this alpha payload applies to.
Alpha vectors for ReLU node 2, indexed by disjunct term.
Alpha vectors for ReLU node 4, indexed by disjunct term.
Instances For
Load the exported alpha slopes database (for mode = crownobj-alpha).
This expects the mnist_fc_crownobj_alpha_v0_1 format produced by the Python export script.
Instances For
Lower the loaded weights into a CROWN Graph + ParamStore.
For MNIST-FC we build:
input -> linear -> relu -> linear -> relu -> linear
and return the graph plus the inferred inDim, outDim, and output node id.
Instances For
Instances For
Check whether an unsafe VNNLIB spec is refuted by an output interval box.
Given an output box y ∈ [yLo, yHi], we conservatively lower-bound each linear constraint row
aᵀ y and check if some constraint in each disjunct term is violated (lb > rhs).
If every disjunct term is refuted this way, the unsafe spec is unsatisfiable for this output box, so the instance is certified safe (a sufficient condition).
Instances For
Compute an output interval box using IBP (fast, loose).
Instances For
Compute an output interval box by running forward CROWN and evaluating the affine bounds on the input box.
Instances For
Compute per-node interval boxes to be used by the backward objective pass.
We start from IBP boxes and (when the input dimension is small) refine a small set of parent-node intervals by evaluating forward CROWN affines on the input box. This makes objective bounds tighter without paying the full cost of "evaluate every affine on the input box".
Instances For
Try to refute a single spec row using a backward CROWN objective bound.
We build an objective obj = row and lower-bound rowᵀ y over the input box. If the lower bound is
strictly greater than rhs, then the constraint rowᵀ y <= rhs cannot hold.
Instances For
Like refutesRowByCROWNObjective, but use precomputed ReLU alpha slopes.
This is a workflow hook for comparing against "fixed alpha" CROWN objective bounds exported from a reference implementation.
Instances For
Refute a VNNLIB disjunction-of-conjunctions spec using per-row CROWN objective bounds.
This is strictly stronger than checking an output interval box, but it is also slower.
Instances For
Refute a VNNLIB spec using CROWN objectives with externally-provided ReLU alphas.
This mode is meant for apples-to-apples comparisons against alpha-CROWN style tools where the alphas are optimized elsewhere and then imported into TorchLean for checking.