import glob
import tempfile
from decimal import Decimal
from pathlib import Path
from typing import List, Dict, Any
import gradio as gr
from PIL import Image
import open_clip
import torch
import os
import pandas as pd
import numpy as np
from gradio import processing_utils, utils
from download_example_images import read_actor_files, save_images_to_folder
DEFAULT_INITIAL_NAME = "John Doe"
PROMPTS = [
'{0}',
'an image of {0}',
'a photo of {0}',
'{0} on a photo',
'a photo of a person named {0}',
'a person named {0}',
'a man named {0}',
'a woman named {0}',
'the name of the person is {0}',
'a photo of a person with the name {0}',
'{0} at a gala',
'a photo of the celebrity {0}',
'actor {0}',
'actress {0}',
'a colored photo of {0}',
'a black and white photo of {0}',
'a cool photo of {0}',
'a cropped photo of {0}',
'a cropped image of {0}',
'{0} in a suit',
'{0} in a dress'
]
OPEN_CLIP_LAION400M_MODEL_NAMES = ['ViT-B-32', 'ViT-B-16', 'ViT-L-14']
OPEN_CLIP_LAION2B_MODEL_NAMES = [('ViT-B-32', 'laion2b_s34b_b79k'), ('ViT-L-14', 'laion2b_s32b_b82k')]
OPEN_AI_MODELS = ['ViT-B-32', 'ViT-B-16', 'ViT-L-14']
NUM_TOTAL_NAMES = 1_000
SEED = 42
MIN_NUM_CORRECT_PROMPT_PREDS = 1
EDAMPLE_IMAGE_DIR = './example_images/'
IMG_BATCHSIZE = 16
DEVICE = "cuda" if torch.cuda.is_available() else "cpu"
EXAMPLE_IMAGE_URLS = read_actor_files(EDAMPLE_IMAGE_DIR)
save_images_to_folder(os.path.join(EDAMPLE_IMAGE_DIR, 'images'), EXAMPLE_IMAGE_URLS)
MODELS = {}
for model_name in OPEN_CLIP_LAION400M_MODEL_NAMES:
dataset = 'LAION400M'
model, _, preprocess = open_clip.create_model_and_transforms(
model_name,
pretrained=f'{dataset.lower()}_e32'
)
model = model.eval()
MODELS[f'OpenClip {model_name} trained on {dataset}'] = {
'model_instance': model,
'preprocessing': preprocess,
'model_name': model_name,
'tokenizer': open_clip.get_tokenizer(model_name),
'prompt_text_embeddings': torch.load(f'./prompt_text_embeddings/{model_name}_{dataset.lower()}_prompt_text_embeddings.pt')
}
for model_name, dataset_name in OPEN_CLIP_LAION2B_MODEL_NAMES:
dataset = 'LAION2B'
model, _, preprocess = open_clip.create_model_and_transforms(
model_name,
pretrained=dataset_name
)
model = model.eval()
MODELS[f'OpenClip {model_name} trained on {dataset}'] = {
'model_instance': model,
'preprocessing': preprocess,
'model_name': model_name,
'tokenizer': open_clip.get_tokenizer(model_name),
'prompt_text_embeddings': torch.load(f'./prompt_text_embeddings/{model_name}_{dataset.lower()}_prompt_text_embeddings.pt')
}
for model_name in OPEN_AI_MODELS:
dataset = 'OpenAI'
model, _, preprocess = open_clip.create_model_and_transforms(
model_name,
pretrained=dataset.lower()
)
model = model.eval()
MODELS[f'OpenClip {model_name} trained by {dataset}'] = {
'model_instance': model,
'preprocessing': preprocess,
'model_name': model_name,
'tokenizer': open_clip.get_tokenizer(model_name),
'prompt_text_embeddings': torch.load(f'./prompt_text_embeddings/{model_name}_{dataset.lower()}_prompt_text_embeddings.pt')
}
FULL_NAMES_DF = pd.read_csv('full_names.csv', index_col=0)
LAION_MEMBERSHIP_OCCURENCE = pd.read_csv('laion_membership_occurence_count.csv', index_col=0)
EXAMPLE_ACTORS_BY_MODEL = {
("ViT-B-32", "laion400m"): ["T._J._Thyne"],
("ViT-B-16", "laion400m"): ["Barbara_Schöneberger", "Carolin_Kebekus"],
("ViT-L-14", "laion400m"): ["Max_Giermann", "Nicole_De_Boer"]
}
EXAMPLES = []
for (model_name, dataset_name), person_names in EXAMPLE_ACTORS_BY_MODEL.items():
for name in person_names:
image_folder = os.path.join("./example_images/images/", name)
for dd_model_name in MODELS.keys():
if not (model_name.lower() in dd_model_name.lower() and dataset_name.lower() in dd_model_name.lower()):
continue
EXAMPLES.append([
dd_model_name,
name.replace("_", " "),
[[x.format(name.replace("_", " ")) for x in PROMPTS]],
[os.path.join(image_folder, x) for x in os.listdir(image_folder)]
])
LICENSE_DETAILS = """
See [README.md](https://huggingface.co/spaces/AIML-TUDA/does-clip-know-my-face/blob/main/README.md) for more information about the licenses of the example images.
"""
CORRECT_RESULT_INTERPRETATION = """
{0} is in the Training Data!
The name of {0} has been correctly predicted for {1} out of {2} prompts. This means that {0} was in
the training data and was used to train the model.
Keep in mind that the probability of correctly predicting the name for {3} by chance {4} times with {5} possible names for the model to
choose from, is only (1 ⁄ {5}){6} = {7}%.
"""
INDECISIVE_RESULT_INTERPRETATION = """
{0} might be in the Training Data!
For none of the {1} prompts the majority vote for the name of {0} was correct. However, while the majority votes are not
correct, the name of {0} was correctly predicted {2} times for {3}. This is an indication that the model has seen {0}
during training. A different selection of images might have a clearer result. Keep in mind that the probability
that the name is correctly predicted by chance {2} times for {3} is
(1 ⁄ {4}){2} = {5}%.
"""
INCORRECT_RESULT_INTERPRETATION = """
{0} is most likely not in the Training Data!
The name of {0} has not been correctly predicted for any of the {1} prompts. This is an indication that {0} has
most likely not been used for training the model.
"""
OCCURENCE_INFORMATION = """
According to our analysis {0} appeared {1} times among 400 million image-text pairs in the LAION-400M training dataset.
"""
CSS = """
.footer {
margin-bottom: 45px;
margin-top: 35px;
text-align: center;
border-bottom: 1px solid #e5e5e5;
}
#file_upload {
max-height: 250px;
overflow-y: auto !important;
}
.footer>p {
font-size: .8rem;
display: inline-block;
padding: 0 10px;
transform: translateY(10px);
background: white;
}
.dark .footer {
border-color: #303030;
}
.dark .footer>p {
background: #0b0f19;
}
.acknowledgments h4{
margin: 1.25em 0 .25em 0;
font-weight: bold;
font-size: 115%;
}
"""
# monkey patch the update function of the Files component since otherwise it is not possible to access the original
# file name
def preprocess(
self, x: List[Dict[str, Any]] | None
) -> bytes | tempfile._TemporaryFileWrapper | List[
bytes | tempfile._TemporaryFileWrapper
] | None:
"""
Parameters:
x: List of JSON objects with filename as 'name' property and base64 data as 'data' property
Returns:
File objects in requested format
"""
if x is None:
return None
def process_single_file(f) -> bytes | tempfile._TemporaryFileWrapper:
file_name, orig_name, data, is_file = (
f["name"] if "name" in f.keys() else f["orig_name"],
f["orig_name"] if "orig_name" in f.keys() else f["name"],
f["data"],
f.get("is_file", False),
)
if self.type == "file":
if is_file:
temp_file_path = self.make_temp_copy_if_needed(file_name)
file = tempfile.NamedTemporaryFile(delete=False)
file.name = temp_file_path
file.orig_name = os.path.basename(orig_name.replace(self.hash_file(file_name), "")) # type: ignore
else:
file = processing_utils.decode_base64_to_file(
data, file_path=file_name
)
file.orig_name = file_name # type: ignore
self.temp_files.add(str(utils.abspath(file.name)))
return file
elif (
self.type == "binary" or self.type == "bytes"
): # "bytes" is included for backwards compatibility
if is_file:
with open(file_name, "rb") as file_data:
return file_data.read()
return processing_utils.decode_base64_to_binary(data)[0]
else:
raise ValueError(
"Unknown type: "
+ str(self.type)
+ ". Please choose from: 'file', 'bytes'."
)
if self.file_count == "single":
if isinstance(x, list):
return process_single_file(x[0])
else:
return process_single_file(x)
else:
if isinstance(x, list):
return [process_single_file(f) for f in x]
else:
return process_single_file(x)
gr.Files.preprocess = preprocess
@torch.no_grad()
def calculate_text_embeddings(model_name, prompts):
tokenizer = MODELS[model_name]['tokenizer']
context_vecs = tokenizer(prompts)
model_instance = MODELS[model_name]['model_instance']
model_instance = model_instance.to(DEVICE)
context_vecs = context_vecs.to(DEVICE)
text_features = model_instance.encode_text(context_vecs, normalize=True).cpu()
model_instance = model_instance.cpu()
context_vecs = context_vecs.cpu()
return text_features
@torch.no_grad()
def calculate_image_embeddings(model_name, images):
preprocessing = MODELS[model_name]['preprocessing']
model_instance = MODELS[model_name]['model_instance']
# load the given images
user_imgs = []
for tmp_file_img in images:
img = Image.open(tmp_file_img.name)
# preprocess the images
user_imgs.append(preprocessing(img))
# calculate the image embeddings
image_embeddings = []
model_instance = model_instance.to(DEVICE)
for batch_idx in range(0, len(user_imgs), IMG_BATCHSIZE):
imgs = user_imgs[batch_idx:batch_idx + IMG_BATCHSIZE]
imgs = torch.stack(imgs)
imgs = imgs.to(DEVICE)
emb = model_instance.encode_image(imgs, normalize=True).cpu()
image_embeddings.append(emb)
imgs = imgs.cpu()
model_instance = model_instance.cpu()
return torch.cat(image_embeddings)
def get_possible_names(true_name):
possible_names = FULL_NAMES_DF
possible_names['full_names'] = FULL_NAMES_DF['first_name'].astype(str) + ' ' + FULL_NAMES_DF['last_name'].astype(
str)
possible_names = possible_names[possible_names['full_names'] != true_name]
# sample the same amount of male and female names
sampled_names = possible_names.groupby('sex').sample(int(NUM_TOTAL_NAMES / 2), random_state=42)
# shuffle the rows randomly
sampled_names = sampled_names.sample(frac=1)
# get only the full names since we don't need first and last name and gender anymore
possible_full_names = sampled_names['full_names']
return possible_full_names
def round_to_first_digit(value: Decimal):
tmp = np.format_float_positional(value)
prob_str = []
for c in str(tmp):
if c in ("0", "."):
prob_str.append(c)
else:
prob_str.append(c)
break
return "".join(prob_str)
def get_majority_predictions(predictions: pd.Series, values_only=False, counts_only=False, value=None):
"""Takes a series of predictions and returns the unique values and the number of prediction occurrences
in descending order."""
values, counts = np.unique(predictions, return_counts=True)
descending_counts_indices = counts.argsort()[::-1]
values, counts = values[descending_counts_indices], counts[descending_counts_indices]
idx_most_often_pred_names = np.argwhere(counts == counts.max()).flatten()
if values_only:
return values[idx_most_often_pred_names]
elif counts_only:
return counts[idx_most_often_pred_names]
elif value is not None:
if value not in values:
return [0]
# return how often the values appears in the predictions
return counts[np.where(values == value)[0]]
else:
return values[idx_most_often_pred_names], counts[idx_most_often_pred_names]
def on_submit_btn_click(model_name, true_name, prompts, images):
# assert that the name is in the prompts
if not prompts.iloc[0].str.contains(true_name).sum() == len(prompts.T):
return None, None, """
The given name does not match the name in the prompts. Sometimes the UI is responding slow.
Please retype the name and check that it is inserted fully into the prompts.
"""
if images is None or len(images) < 1:
return None, None, f"""
No images are given. Images are needed to determin whether {true_name} was in the dataset. Please upload at least a single image of {true_name}.
"""
# calculate the image embeddings
img_embeddings = calculate_image_embeddings(model_name, images)
# calculate the text embeddings of the populated prompts
user_text_emb = calculate_text_embeddings(model_name, prompts.values[0].tolist())
# get the indices of the possible names
possible_names = get_possible_names(true_name)
# get the text embeddings of the possible names
prompt_text_embeddings = MODELS[model_name]['prompt_text_embeddings']
text_embeddings_used_for_prediction = prompt_text_embeddings.index_select(1,
torch.tensor(possible_names.index.values))
# add the true name and the text embeddings to the possible names
names_used_for_prediction = pd.concat([possible_names, pd.Series(true_name)], ignore_index=True)
text_embeddings_used_for_prediction = torch.cat([text_embeddings_used_for_prediction, user_text_emb.unsqueeze(1)],
dim=1)
# calculate the similarity of the images and the given texts
with torch.no_grad():
logits_per_image = MODELS[model_name][
'model_instance'
].logit_scale.exp().cpu() * img_embeddings @ text_embeddings_used_for_prediction.swapaxes(-1, -2)
preds = logits_per_image.argmax(-1)
# get the predicted names for each prompt
predicted_names = []
for pred in preds:
predicted_names.append(names_used_for_prediction.iloc[pred])
predicted_names = np.array(predicted_names)
# convert the predictions into a dataframe
name_predictions = pd.DataFrame(predicted_names).T.reset_index().rename(
columns={i: f'Prompt {i + 1}' for i in range(len(predicted_names))}
).rename(columns={'index': 'Image'})
# add the image names
name_predictions['Image'] = [x.orig_name for x in images]
# get the majority votes
majority_preds = name_predictions[[f'Prompt {i + 1}' for i in range(len(PROMPTS))]].apply(
lambda x: get_majority_predictions(x, values_only=True)
)
# get how often the majority name was predicted
majority_preds_counts = name_predictions[[f'Prompt {i + 1}' for i in range(len(PROMPTS))]].apply(
lambda x: get_majority_predictions(x, counts_only=True)
).apply(lambda x: x[0])
# get how often the correct name was predicted - even if no majority
true_name_preds_counts = name_predictions[[f'Prompt {i + 1}' for i in range(len(PROMPTS))]].apply(
lambda x: get_majority_predictions(x, value=true_name)
).apply(lambda x: x[0])
# convert the majority preds to a series of lists if it is a dataframe
majority_preds = majority_preds.T.squeeze().apply(lambda x: [x]) if len(majority_preds) == 1 else majority_preds
# create the results dataframe for display
result = pd.concat(
[name_predictions,
pd.concat([pd.Series({'Image': 'Correct Name Predictions'}), true_name_preds_counts]).to_frame().T],
ignore_index=True
)
result = pd.concat(
[result, pd.concat([pd.Series({'Image': 'Majority Vote'}), majority_preds]).to_frame().T],
ignore_index=True
)
result = pd.concat(
[result, pd.concat([pd.Series({'Image': 'Majority Vote Counts'}), majority_preds_counts]).to_frame().T],
ignore_index=True
)
result = result.set_index('Image')
# check whether there is only one majority vote. If not, display Not Applicable
result.loc['Majority Vote'] = result.loc['Majority Vote'].apply(
lambda x: x[0] if len(x) == 1 else "N/A")
# check whether the majority prediction is the correct name
result.loc['Correct Majority Prediction'] = result.apply(lambda x: x['Majority Vote'] == true_name, axis=0)
result = result[[f'Prompt {i + 1}' for i in range(len(PROMPTS))]].sort_values(
['Correct Name Predictions', 'Majority Vote Counts', "Correct Majority Prediction"], axis=1, ascending=False
)
predictions = result.loc[[x.orig_name for x in images]]
prediction_results = result.loc[['Correct Name Predictions', 'Majority Vote', 'Correct Majority Prediction']]
# if there are correct predictions
num_correct_maj_preds = prediction_results.loc['Correct Majority Prediction'].sum()
num_correct_name_preds = result.loc['Correct Name Predictions'].max()
if num_correct_maj_preds > 0:
interpretation = CORRECT_RESULT_INTERPRETATION.format(
true_name,
num_correct_maj_preds,
len(PROMPTS),
prediction_results.columns[0],
prediction_results.iloc[0, 0],
len(possible_names),
predictions.iloc[:, 0].value_counts()[true_name],
round_to_first_digit(
(
(Decimal(1) / Decimal(len(possible_names))) ** predictions.iloc[:, 0].value_counts()[true_name]
) * Decimal(100)
)
)
elif num_correct_name_preds > 0:
interpretation = INDECISIVE_RESULT_INTERPRETATION.format(
true_name,
len(PROMPTS),
num_correct_name_preds,
prediction_results.columns[result.loc['Correct Name Predictions'].to_numpy().argmax()],
len(possible_names),
round_to_first_digit(
(
(Decimal(1) / Decimal(len(possible_names))) ** Decimal(num_correct_name_preds)
) * Decimal(100)
)
)
else:
interpretation = INCORRECT_RESULT_INTERPRETATION.format(
true_name,
len(PROMPTS)
)
if 'laion400m' in model_name.lower() and true_name.lower() in LAION_MEMBERSHIP_OCCURENCE['name'].str.lower().values:
row = LAION_MEMBERSHIP_OCCURENCE[LAION_MEMBERSHIP_OCCURENCE['name'].str.lower() == true_name.lower()]
interpretation = interpretation + OCCURENCE_INFORMATION.format(true_name, row['count'].values[0])
return predictions.reset_index(), prediction_results.reset_index(names=[""]), interpretation
def populate_prompts(name):
return [[x.format(name) for x in PROMPTS]]
def load_uploaded_imgs(images):
if images is None:
return None
imgs = []
for file_wrapper in images:
img = Image.open(file_wrapper.name)
imgs.append((img, file_wrapper.orig_name))
return imgs
block = gr.Blocks(css=CSS)
with block as demo:
gr.HTML(
"""
Does CLIP Know My Face?
Want to know whether you were used to train a CLIP model? Below you can choose a model, enter your name and upload some pictures.
If the model correctly predicts your name for multiple images, it is very likely that you were part of the training data.
Pick some of the examples below and try it out!
Details and further analysis can be found in the paper
Does CLIP Know My Face?
. Our code can be found at
GitHub
.
How does it work? We are giving CLIP your images and let it choose from 1000 possible names.
As CLIP is predicting the names that match the given images, we can probe whether the model has seen your images
during training. The more images you upload the more confident you can be in the result!
Disclaimer: In order to process the images, they are cached on the server. The images are only used for predicting whether the person was in the training data.
"""
)
with gr.Row():
with gr.Box():
gr.Markdown("## Inputs")
with gr.Column():
model_dd = gr.Dropdown(label="CLIP Model", choices=list(MODELS.keys()),
value=list(MODELS.keys())[0])
true_name = gr.Textbox(label='Name of Person (make sure it matches the prompts):', lines=1, value=DEFAULT_INITIAL_NAME)
prompts = gr.Dataframe(
value=[[x.format(DEFAULT_INITIAL_NAME) for x in PROMPTS]],
label='Prompts Used (hold shift to scroll sideways):',
interactive=False
)
true_name.change(fn=populate_prompts, inputs=[true_name], outputs=prompts, show_progress=True,
status_tracker=None)
uploaded_imgs = gr.Files(label='Upload Images:', file_types=['image'], elem_id='file_upload').style()
image_gallery = gr.Gallery(label='Images Used:', show_label=True, elem_id="image_gallery").style(grid=[5])
uploaded_imgs.change(load_uploaded_imgs, inputs=uploaded_imgs, outputs=image_gallery)
submit_btn = gr.Button(value='Submit')
with gr.Box():
gr.Markdown("## Outputs")
prediction_df = gr.Dataframe(label="Prediction Output (hold shift to scroll sideways):", interactive=False)
result_df = gr.DataFrame(label="Result (hold shift to scroll sideways):", interactive=False)
interpretation = gr.HTML()
submit_btn.click(on_submit_btn_click, inputs=[model_dd, true_name, prompts, uploaded_imgs],
outputs=[prediction_df, result_df, interpretation])
gr.Examples(
examples=EXAMPLES,
inputs=[model_dd, true_name, prompts, uploaded_imgs],
outputs=[prediction_df, result_df, interpretation],
fn=on_submit_btn_click,
cache_examples=True
)
gr.Markdown(LICENSE_DETAILS)
gr.HTML(
"""
"""
)
if __name__ == "__main__":
demo.launch()