### Hardware attacks

Physical GPUs or TPUs can also be the target of attacks. [Published
research](https://scholar.google.com/scholar?q=gpu+side+channel) shows that it
might be possible to use side channel attacks on the GPU to leak data from other
running models or processes in the same system. GPUs can also have
implementation bugs that might allow attackers to leave malicious code running

                 absl::Span<AbstractTensorHandle*> grad_inputs) override {
    /* Given upstream grad U and a BiasAdd: A + bias, the gradients are:
     *
     *    dA = U
     *    dbias = reduceSum(U, dims = channel_dim)
     */

    AbstractTensorHandle* upstream_grad = grad_outputs[0];
    DCHECK(upstream_grad);

    // Recover data format from forward pass for gradient.
    std::string data_format;

    git config --system protocol.file.allow always

    # Note that you could generate a list of all the affected targets with e.g.:
    # bazel query $(paste -sd "+" $BATS_FILE_TMPDIR/changed_files) --keep_going
    # Only shows Added, Changed, Modified, Renamed, and Type-changed files
    if [[ "$(git rev-parse --abbrev-ref HEAD)" == "pull_branch" ]]; then
        # TF's CI runs 'git fetch origin "pull/PR#/merge:pull_branch"'

export TF_VER_PATCH=$(awk '/#define TF_PATCH_VERSION/ {print $3}' tensorflow/core/public/version.h)

# Note: in awk, "print $N" prints the Nth "field", where fields are strings separated
# by whitespace. The flag "-F<x>" changes the behavior such that fields are now strings
# separated by the character <x>. Therefore, -F\' (escaped single quote) means that field
# $2 in <Tensor'flow'> is <flow>. This is useful for reading string literals like below.

      uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # v3.2.0
    - name: Get file changes
      id: get_file_changes
      uses: trilom/file-changes-action@a6ca26c14274c33b15e6499323aac178af06ad4b # v1.2.4
      with:
        output: ' '
    - name: Report list of changed files
      run: |
        echo Changed files: ${{ steps.get_file_changes.outputs.files }}
    - name: Set up Python 3.9

# limitations under the License.
# ==============================================================================
source "${BASH_SOURCE%/*}/utilities/setup.sh"

    -   Uses `pycpp.sh`, `code_check_changed_files.sh`

These "env" files match up with an environment matrix that roughly covers:

-   Different Python versions
-   Linux, MacOS, and Windows machines (these pool definitions are internal)
-   x86 and arm64
-   CPU-only, or with NVIDIA CUDA support (Linux only), or with TPUs

## How to Test Your Changes to TensorFlow

# limitations under the License.
# ==============================================================================
# This script dumps some information about the environment. It's most useful
# for verifying changes to the TFCI scripts system, and most users won't need
# to interact with it at all.
source "${BASH_SOURCE%/*}/utilities/setup.sh"

echo "==TFCI== env outside of tfrun:"
env
echo "==TFCI== env inside of tfrun:"

TFCI_BAZEL_COMMON_ARGS="--repo_env=TF_PYTHON_VERSION=$TFCI_PYTHON_VERSION --config release_arm64_linux"
TFCI_BAZEL_TARGET_SELECTING_CONFIG_PREFIX=linux_arm64
# Note: this is not set to "--cpu", because that changes the package name
# to tensorflow_cpu. These ARM builds are supposed to have the name "tensorflow"
# despite lacking Nvidia CUDA support.
TFCI_BUILD_PIP_PACKAGE_ARGS="--repo_env=WHEEL_NAME=tensorflow"
TFCI_DOCKER_ENABLE=1

          echo "TITLE=$(git log -1 ${{ github.event.inputs.git_commit }} --format="%s")" >> "$GITHUB_OUTPUT"
    - name: Create Pull Request with changes
      uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
      with: