Fix benchmark exploit via object-identity caching#102
Open
Fix benchmark exploit via object-identity caching#102
Conversation
The benchmark harness was vulnerable to submissions that cache results based on Python object identity (e.g., id(tensor)). Since the same data objects were reused across all timing iterations, a submission could cache on first call and return cached results on subsequent calls, showing artificial speedups of 12-36%. Changes: - Clone data before each timing iteration (outside the timed region) to give each iteration fresh object identities while not affecting measured kernel time - Use local seed variable instead of mutating test.args["seed"] to avoid shared mutable state between benchmark runs
Additional hardening on top of the object-identity caching fix: - Shuffle data order each timing iteration to prevent call-count caching (a submission could track invocation count and predict which data item appears at each position) - Move clone before torch.cuda.synchronize() so clone GPU copies can overlap with previous iteration's tail work - Fix pre-existing recheck bug where only the last item's correctness was checked (if not good was outside the for loop) - Use shuffle_order indices to correctly pair shuffled outputs with their reference data during recheck
nataliakokoromyti
added a commit
to nataliakokoromyti/reference-kernels
that referenced
this pull request
Feb 22, 2026
…ess checks The current eval times all 15 custom_kernel() calls as a single batch and divides by 15. A malicious submission can exploit this by deferring all work to one call (batching 15 problems into a single kernel launch) and making the other 14 calls no-ops, reporting ~1/15th of the real per-call cost. Cloning data alone (as proposed in gpu-mode#102) does not fully prevent this -- a shape-matching fallback path can still collect new data objects and batch them. This fix: - Clones data each timing iteration (prevents object-identity caching) - Times each call individually with its own CUDA events and GPU sync (prevents amortization across calls) - Checks correctness after each individual call in recheck/leaderboard mode (catches deferred-computation exploits that return uncomputed tensors) - Uses a local seed variable instead of mutating test.args - Fixes the recheck indentation bug where only the last call was checked
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
id(tensor))Changes
test.args["seed"]- avoids shared mutable state