Prior work has successfully incorporated optimization layers as the last layer in neural networks for various problems, thereby allowing joint learning and planning in one neural network forward pass. In this work, we identify a weakness in such a set-up where inputs to the optimization layer lead to undefined output of the neural network. Such undefined decision outputs can lead to possible catastrophic outcomes in critical real time applications. We show that an adversary can cause such failures by forcing rank deficiency on the matrix fed to the optimization layer which results in the optimization failing to produce a solution. We provide a defense for the failure cases by controlling the condition number of the input matrix. We study the problem in the settings of synthetic data, Jigsaw Sudoku, and in speed planning for autonomous driving, building on top of prior frameworks in end-to-end learning and optimization. We show that our proposed defense effectively prevents the framework from failing with undefined output. Finally, we surface a number of edge cases which lead to serious bugs in popular equation and optimization solvers which can be abused as well.

翻译：先前的工作已成功将优化层作为神经网络最后一层应用于各类问题，从而实现在单个神经网络前向传播中联合学习与规划。本研究发现此类设置存在一个弱点：当优化层的输入导致神经网络输出未定义时，可能引发关键实时应用中的灾难性后果。我们证明攻击者可通过强制优化层输入矩阵秩不足来导致此类失效，从而使优化无法生成解。通过控制输入矩阵的条件数，我们针对失效情况提出一种防御方法。在综合数据、拼图数独以及自动驾驶速度规划（基于端到端学习与优化框架）等场景中，我们对该问题进行了研究。实验表明，所提出的防御机制能有效防止框架因未定义输出而失效。最后，我们揭示了若干边缘案例，这些案例会引发主流方程求解器与优化求解器中的严重缺陷，且同样可被利用。