Skip to content

TEST: add unit and integration tests for GCG attack#1684

Merged
romanlutz merged 6 commits into
microsoft:mainfrom
romanlutz:gcg-refactor
May 5, 2026
Merged

TEST: add unit and integration tests for GCG attack#1684
romanlutz merged 6 commits into
microsoft:mainfrom
romanlutz:gcg-refactor

Conversation

@romanlutz
Copy link
Copy Markdown
Contributor

@romanlutz romanlutz commented May 4, 2026
edited
Loading

Summary

Adds 55 new tests for the GCG (Greedy Coordinate Gradient) attack code, bringing total GCG test coverage from 24 to 79 tests. This covers Phase 1a (unit tests) and Phase 1b (integration tests) of a larger GCG refactoring effort.

New unit test files

File Tests Coverage Area
test_gcg_core.py 26 Core algorithm: loss computation (shape, finiteness, ordering), candidate sampling (shape, vocab bounds, single-position mutation, non-ASCII filtering), candidate filtering, embedding helpers, attack routing, init validation
test_data_and_config.py 12 YAML config loading, all 11 shipped config files validated (parse, required keys, individual vs transfer), data loading (seed reproducibility, separate test data, n_train_data limiting), run_trainer input validation
test_lifecycle.py 7 GPU memory parsing (nvidia-smi), MLflow lifecycle (run started before training), worker cleanup (stopped after training), bug characterization: workers leak on failure

New integration test file

File Tests Coverage Area
test_gcg_integration.py 10 End-to-end GCG pipeline with real GPT-2 model on CPU: token_gradients (gradient shape, finiteness), GCGAttackPrompt (init slices, grad, loss), sample_control (decodable candidates), embedding helpers with real model, get_nonascii_toks

Integration tests use GPT-2 (~124M params) with the llama-2 conversation template. Marked @run_only_if_all_tests. Runs in ~18s on CPU.

Notable finding

generate_suffix() does not use try/finally for worker cleanup. If attack.run() raises an exception, workers are never stopped — this is a resource leak. Documented with a characterization test (test_workers_not_stopped_on_training_failure) that will be fixed in a later phase.

Context

This is the first PR in a planned GCG refactor effort (tracked in #960) that will:

  1. Phase 1: Add comprehensive test coverage (this PR = 1a + 1b, 1c Azure e2e to follow)
  2. Phase 2: Clean up the public interface for extensibility (GCG variants like AttnGCG, probe sampling, mellowmax)
  3. Phase 3: Internal cleanup (split monolith, replace fastchat with apply_chat_template FEAT replace fastchat in GCG #965 building on PR FEAT: Drop fastchat from GCG (#965) #1049, model adapter registry FEAT support more models for evaluating suffixes in GCG #990, fix OOM BUG GCG runs out of memory even on huge machines #961)
  4. Phase 4: PyRIT integration + Azure improvements
  5. Phase 5: GCG variant extensions (FEAT Faster Greedy Coordinate Gradient algorithm (GCG) #962)

No source code changes

This PR only adds test files — no modifications to existing source code.

romanlutz and others added 3 commits May 4, 2026 04:58
@romanlutz
test: add unit tests for GCG core algorithm components
c611a36 
Add 26 new unit tests covering:
- get_filtered_cands: filtering, clamping, padding behavior
- target_loss / control_loss: shape, finiteness, loss ordering
- sample_control: shape, vocab bounds, single-position changes, non-ASCII filtering
- _build_params: ConfigDict construction from kwargs
- _apply_target_augmentation: length preservation, modification, seed reproducibility
- _create_attack: transfer flag routing (Progressive vs Individual)
- Embedding helpers: error handling for unknown model types
- PromptManager init: validation of goals/targets
- EvaluateAttack init: worker count validation

Total GCG test count: 24 -> 50

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
test: add data/config and lifecycle tests for GCG
9a2e7fc 
Data & config tests (test_data_and_config.py, 12 tests):
- YAML loading: valid files, list values, missing file error
- Real config validation: all 11 shipped configs parse, have required keys,
  individual vs transfer configs have correct settings
- get_goals_and_targets: seed reproducibility, different seeds differ,
  separate test data files, n_train_data limiting
- run_trainer validation: unsupported model names, missing HF token

Lifecycle tests (test_lifecycle.py, 7 tests):
- GPU memory: nvidia-smi parsing (single/multi GPU), MLflow logging, failure handling
- generate_suffix lifecycle: MLflow started before training, workers stopped
  after training, BUG CHARACTERIZATION: workers NOT stopped on failure (leak)

Total GCG test count: 24 -> 69

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
test: add GCG integration tests with real GPT-2 model
612c66f 
Add 10 integration tests that exercise the GCG attack pipeline with a real
GPT-2 model on CPU, validating end-to-end correctness:

- token_gradients: gradient shape matches (n_control, vocab_size), values
  are finite and non-zero
- GCGAttackPrompt: initializes with valid non-overlapping slices, grad()
  returns correct shape, test_loss() returns finite positive float
- GCGPromptManager.sample_control: sampled candidates are decodable,
  correct batch size
- Embedding helpers: layer/matrix/embeddings work with GPT2LMHeadModel,
  get_nonascii_toks returns non-empty tensor

Uses llama-2 conversation template (has explicit handling in _update_ids).
Marked @run_only_if_all_tests (requires RUN_ALL_TESTS=true + torch/transformers).
Runs in ~18s on CPU.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz romanlutz changed the title test: add unit tests for GCG core algorithm (Phase 1a) TEST: add unit tests for GCG core algorithm May 4, 2026
@romanlutz romanlutz changed the title TEST: add unit tests for GCG core algorithm test: add unit and integration tests for GCG attack (Phase 1a + 1b) May 4, 2026
@romanlutz romanlutz changed the title test: add unit and integration tests for GCG attack (Phase 1a + 1b) TEST: add unit and integration tests for GCG attack May 4, 2026
romanlutz and others added 3 commits May 4, 2026 05:36
@romanlutz
TEST: remove run_only_if_all_tests marker from GCG integration tests
df31760 
These tests only need optional Python packages (torch, transformers, fastchat),
not external services or credentials. The importorskip at the top already
handles skipping when deps are not installed.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@romanlutz
Merge remote-tracking branch 'origin/main' into gcg-refactor
aad9a6f
@romanlutz
MAINT: fix pre-commit lint issues in GCG tests
fb5cb70 
- Move class references to module level to fix N806 (variable naming)
- Add noqa: E402 for imports after importorskip guards
- Fix ruff format issues
- Remove outdated RUN_ALL_TESTS reference in docstring

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
rlundeen2
rlundeen2 reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@rlundeen2 rlundeen2 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review of PR #1684: GCG Attack Test Coverage

Overall: Excellent PR — well-structured, comprehensive test coverage with clear documentation. The bug characterization test for the worker leak is particularly good engineering practice. One actionable issue below.

🐛 Missing @pytest.mark.run_only_if_all_tests on integration tests

File: tests/integration/auxiliary_attacks/test_gcg_integration.py

Per test.instructions.md, integration tests must be marked with @pytest.mark.run_only_if_all_tests (skipped unless RUN_ALL_TESTS=true).

The pytest.importorskip at module level handles missing deps, but serves a different purpose — run_only_if_all_tests ensures these slower tests (~18s + potential model download) only run intentionally, not in every CI pass where torch happens to be installed.

The PR description says "Marked @run_only_if_all_tests" but the code doesn't actually have it. Easiest fix is a module-level marker:

python pytestmark = pytest.mark.run_only_if_all_tests

Minor observations (non-blocking)

  • The object.__new__(GCGPromptManager) pattern in the integration test (to call sample_control without full init) is pragmatic but slightly undermines the "integration" nature of the test. If GCGPromptManager.__init__ ever adds required state, this will silently break. Consider a brief inline comment noting why full construction is avoided (e.g., it requires multiple coordinated workers).

  • The CONFIGS_DIR relative path in test_data_and_config.py uses 4 levels of .. — fragile if the test file ever moves. A helper like pathlib.Path(__file__).resolve().parents[4] / "pyrit" / ... would be slightly more readable but not critical.

@rlundeen2 rlundeen2 self-assigned this May 4, 2026
@romanlutz romanlutz added this pull request to the merge queue May 5, 2026
Merged via the queue into microsoft:main with commit 25562f8 May 5, 2026
48 checks passed
@romanlutz romanlutz deleted the gcg-refactor branch May 5, 2026 04:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rlundeen2 rlundeen2 rlundeen2 approved these changes

Assignees

@rlundeen2 rlundeen2

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@romanlutz @rlundeen2