Code clone detection techniques

Code clone detection has been an active research area for over two decades, and numerous techniques have been developed (Roy and Cordy 2008; Rattan et al. 2013). Early approaches can be categorized by the code representation they compare: textual, lexical, syntactic, or semantic. Text-based clone detectors operate on raw source code strings, identifying clones by exact or parameterized string matching. A classic example is Baker’s duplication detection using suffix trees (Baker 1995), which could rapidly find exact duplicates in code. Such text-based methods (including simple line-based tools) can catch Type-I clones (identical code) but are brittle to renaming or formatting changes (Zhu et al. 2022).

Lexical approaches tokenize the source code and detect clones by comparing token sequences. Tools like CCFinder (Kamiya et al. 2002) and PMD (Copy/Paste Detector) fall in this category. CCFinder transforms code into a sequence of uniform tokens and identifies similar token subsequences, allowing detection of Type-II clones (which differ only in identifiers or literals). These approaches improve robustness to minor edits, but still may not handle reordered code or inserted statements well. Some token-based techniques use hash signatures (fingerprints) of code substrings to find matches efficiently in large codebases (Rabin 1981). Metric-based methods compute numerical characteristics (e.g., number of operators, operands, structural metrics) for code fragments and consider fragments with similar metric vectors as clones (Cordy and Roy 2011). While fast, metric methods can miss clones with similar functionality but dissimilar metric profiles.

Syntax-based approaches leverage the source code’s abstract syntax tree. A representative tool is Deckard (Jiang et al. 2007), which parses code into ASTs and then uses a tree hashing and clustering technique to identify similar subtrees (code fragments). AST-based clone detection can detect Type-III clones, including those with added/deleted statements, since the tree structure can still show significant overlap. NiCad (Roy and Cordy 2008) is another syntax-based tool that extracts pretty-printed code fragments (functions) and uses flexible pretty-print normalization plus longest common subsequence (LCS) matching to find clones with consistent renaming. AST-based methods are generally more robust to formatting and minor edits, but they must handle the computational complexity of tree matching. Advancements like syntactic fingerprinting (Chilowicz et al. 2009) condense ASTs into characteristic strings to enable faster matching. Some approaches also use program dependency graphs (PDG) to detect semantic similarity beyond syntax, comparing data-flow and control-flow structures (Pham et al. 2009). These can find clones that are logically similar even if syntactically different, but comparing graphs is expensive and sensitive to program input differences.

Semantic clone detection aims at identifying code that performs the same functionality, even if implemented with different algorithms or idioms (Type-IV clones). Traditional static analysis struggles here, so researchers have explored dynamic analysis and symbolic execution to detect semantic clones (e.g., checking if two code fragments produce the same outputs for various inputs) (Svajlenko and Roy 2015). However, dynamic semantic approaches face scalability issues and are not widely used in practice.

Machine learning and deep learning for clone detection

The application of machine learning has significantly advanced clone detection capabilities. Unsupervised learning techniques were initially applied, for example clustering code fragments based on feature vectors to suggest groups of similar code (Cordy and Roy 2011). In the last decade, deep learning models have become prominent. These models learn vector representations (embeddings) of code that capture syntax and semantics, enabling more effective clone identification through similarity in the learned vector space.

One pioneering work by White et al. (2016) used an autoencoder to learn features of code fragments and a deep neural network (DNN) to classify if two code fragments are clones. They represented code as tokens and trained on known clone pairs, achieving good accuracy on simple clone benchmarks. Following this, researchers began exploring neural models over structural representations of code. AST-based neural models: Zhang et al. (2019) proposed ASTNN, which splits functions into statement-level AST subtrees and uses a recursive neural network to encode each subtree, followed by a sequential model (RNN) to capture the flow of the program (Zhang et al. 2019). ASTNN showed strong results on detecting both syntactic and semantic clones in Java programs, thanks to its ability to model structural context. Wei and Li (2017) introduced a Supervised Deep Features model (often called CDLH) that combines lexical and syntactic information in a hybrid deep network to detect functional clones, reporting improved recall for Type-IV clones (Wei and Li 2017).

Tree and graph neural networks: With the development of graph neural networks (GNNs), code clone detection has benefited from richer graph-based representations. Wang et al. (2020) designed a GNN operating on a flow-augmented AST, which incorporates control flow and data flow edges into the AST graph, and then used a graph matching network to compare two code graphs. Their approach significantly improved clone detection for cases with non-contiguous similar code. Similarly, Zhao and Huang (2018) developed DeepSim, which uses a combination of AST-based LSTM and a similarity matching network to detect functional similarity in code (Zhao and Huang 2018). There are also approaches using convolutional neural networks (CNNs) on code representations: for example, the TBCNN by Mou et al. (2016) performs a convolution over the AST structure to encode a program, which was originally used for code classification but is applicable to clone detection. Recent work by Wan et al. (2025) even converts code ASTs into semantic images and applies CNN image similarity to detect semantic clones with high accuracy. These deep learning methods collectively have pushed clone detection performance higher; many report Precision/Recall over 90% on benchmarks like BigCloneBench.

Another noteworthy trend is the use of pre-trained code models. Models such as CodeBERT (Feng et al. 2020), GraphCodeBERT (Guo et al. 2020), CodeT5 (Wang et al. 2021), and PLBART have been trained on massive code corpora to learn general code representations. Fine-tuning these models for clone detection has yielded excellent results, often outperforming specialized models on standard datasets. For instance, fine-tuned CodeBERT achieved an F1 of  0.95 on BigCloneBench clones, learning generalizable patterns of similarity (Svyatkovskiy et al. 2020). Interpretability of such deep models is an ongoing challenge; some recent studies attempt to interpret what code features CodeBERT learns for clone detection (Abid et al. 2023). Nonetheless, the consensus in recent literature is that deep learning approaches, especially those combining structural code analysis with neural embeddings, represent the state-of-the-art for monolingual clone detection (Lei et al. 2022).

Cross-language clone detection

Detecting clones across programming languages (also known as cross-lingual clone detection) is inherently difficult due to differences in syntax, semantics, and libraries between languages. A straightforward approach might translate one language to another or to a common intermediate representation (IR) and then apply monolingual clone detection, but accurate automatic code translation is itself non-trivial. Some early approaches tackled specific language pairs by leveraging similarities (e.g., C$\#$ vs. Java clones, which share similar syntax and libraries) (Keivanloo et al. 2011).

More systematic research into cross-language clones has emerged in the last few years. CLCMiner (Cheng et al. 2017) avoided the need for a unified IR by mining version histories: if a project had implementations in two languages (e.g., a C++ version and a Java version of the same algorithm), changes committed with the same message in both codebases could indicate corresponding clone fragments. This approach, however, depends on multi-language projects with parallel histories and cannot find clones in unrelated projects. LICCA (Vislavski et al. 2018) tried to generalize clone features across languages by using language-agnostic abstraction (e.g., normalizing identifiers and literals, focusing on structural metrics common to both languages). It reported moderate success in Java–C$\#$ clone detection.

Table 1. Distinguishing the proposed method from prior cross-language clone detection approaches (a)

Modern cross-language clone detectors employ machine learning to overcome the syntactic disparities. Nafi et al. (2019) – CLCDSA: This method extracts syntactic features (like number of nodes of each AST type) and uses neural networks in a Siamese setup, combined with API documentation alignment between languages. By mapping similar API calls (e.g., Java java.util.List.add <-> Python list.append) and comparing feature vectors, CLCDSA could detect some cross-language clones, but it was limited by the completeness of the manual API mappings and feature design. Perez and Chiba (2019): They introduced perhaps the first neural cross-language clone model using end-to-end learning. They trained a Siamese bidirectional LSTM to encode Java and Python ASTs (transformed into sequences) and used a hashing layer to reduce dimensionality, followed by a feed-forward comparator. Their model achieved around 66% F1 on a Java-Python clone dataset, indicating the difficulty of the task. A key insight was that using identical network weights for both languages helped, but the simple sequential AST encoding missed deeper semantic similarities. Yahya and Kim (2022) improved on this with CLCD-I, which uses InferCode (a self-supervised AST encoder Bui et al. 2021) to produce embeddings for code in each language, then a Siamese DNN to classify clone pairs. CLCD-I reached  0.78 F1 (with high precision but moderate recall) for Java-Python clone, outperforming earlier works. This indicates that pre-training on unlabeled code (InferCode) provided a better initial representation for each language, and the Siamese architecture learned to align those representations.

Recent research has taken advantage of large language models and advanced contrastive learning. C4 (Hu et al., 2022) employed contrastive learning to explicitly bring representations of known clone pairs closer while pushing non-clones apart (Tao et al. 2022). TCCCD (Fang et al. 2023) used a triplet loss (anchor–positive clone–negative nonclone) to improve cross-language discrimination. These models report F1 improvements into the 0.70–0.85 range for cross-language tasks. Additionally, Large Language Models (LLMs) like ChatGPT/GPT-3 have been evaluated on clone detection: they can sometimes identify if two code snippets are similar when prompted, especially for simple algorithms. However, a recent study found that LLMs struggle with more complex code and often do not truly understand the code’s semantics in a multi-language context, leading to inconsistent performance (Moumoula et al. 2024). It was shown that fine-tuned embedding models still outperform LLMs on challenging cross-language clone benchmarks by a significant margin.

In summary, cross-language clone detection has progressed but lags behind single-language clone detection in accuracy. No existing approach perfectly aligns code semantics across arbitrary languages; most work either focuses on closely related languages or uses extensive hand-crafted mappings. Moreover, none of the above methods explicitly computes the proportion of code that is cloned – they simply classify pairs or retrieve similar code. Our work builds on insights from these related studies: we use a Siamese neural architecture like Nafi et al. (2019); Perez and Chiba (2019), but we enhance it with a unified structural code embedding (inspired by Bui et al. 2021) and a contrastive training objective (similar to Tao et al. 2022). By doing so, we aim to push cross-language clone detection performance closer to parity with single-language detection. Additionally, by aggregating clone detection outputs, we introduce a novel capability to quantify code reuse extent, extending clone detection research into the quantitative domain of software reuse analysis. This fills an important gap, as identified in both the software engineering and academic integrity communities, for tools that not only detect plagiarism or cloning but also measure it in meaningful terms (e.g., “X% of the code is cloned”) for decision making.

[See PDF for image]

Fig. 1

Overview of cross-language clone detection and reuse proportion

To better highlight the novelty of our proposed reuse quantification method, we summarize in Tables 1 and 2 a comparison between our approach and representative cross-language clone detection methods, including CLCDSA (Nafi et al. 2019) and TCCCD (Fang et al. 2023). The table contrasts their main characteristics in terms of input representation, language coverage, learning architecture, and output capability.

Table 2. Distinguishing the proposed method from prior cross-language clone detection approaches (b)

Unified code representation and embedding

To compare code across languages effectively, we first transform each code fragment (function) into a language-agnostic intermediate representation. We chose to build on the abstract syntax tree (AST) because it preserves structural and syntactic information while abstracting away superficial differences like formatting. However, a vanilla AST still contains language-specific node types and idioms. We therefore designed a unified abstract syntax representation (UASR) that normalizes elements common to most imperative languages. The UASR is essentially an enhanced AST with additional normalization:

• Normalized Identifiers and Literals: All user-defined identifiers (variable names, function names) are normalized to a generic token (e.g., VAR, FUNC) with subscripts for consistency within a fragment. For example, sum = 0 in Python and int total = 0 in Java would both yield an assignment node with a generic variable name. Literal values (numbers, strings) are similarly replaced with generic tokens (NUM, STR, etc.), optionally tagged by type. This removes language-specific naming without losing structure.

• Unified AST Node Types: We map language-specific AST node types to a common set. For instance, a Python For loop and a Java enhanced for loop are both mapped to a generic ForLoop node type with comparable child structures (initialization, condition, iteration, body) even though Python’s AST represents it differently. Similarly, a method/function definition in any language becomes a FunctionDef node with children for parameters, body, etc. Constructs that have no clear counterpart in the other language (e.g., Python’s list comprehension or Java’s do-while loop) are still included but marked with language tags so that the model can learn to handle them. We have defined a mapping for the syntactic constructs that Java and Python share (which cover the majority of typical code logic: expressions, loops, conditionals, function calls, etc.). For better clarity, we illustrate how the unified AST representation works across languages using a simple example. Consider the following pair of functions that compute a factorial number: one written in Java and one in Python. In the original ASTs, Java represents the loop construct as a “ForStatement” node with initialization, condition, and update subnodes, while Python represents it as a “For” node with an iterable and a body. Under our unified AST mapping, both are normalized into a generic “ForLoop” node with child nodes Init, Condition/Iterable, Body. Similarly, variable declarations such as int result = 1; in Java and result = 1 in Python are both mapped into an “Assign(VAR, NUM)” structure. This example demonstrates how different syntactic structures are harmonized into a single abstract representation, enabling the model to treat functionally equivalent code consistently across languages.

• Semantic Annotations: We augment the AST with semantic nodes to capture important information like API calls and operations. For example, we introduce a generic Call node whose children include the normalized function name and arguments, regardless of whether it’s Java method invocation or Python function call. If certain API calls are known equivalents (like Java System.out.println   Python print), we add an annotation linking those. We also represent infix operations (e.g., arithmetic, comparisons) with generic operator nodes (like Op_ADD for + in any language). These annotations help the model learn correspondences such as both code fragments using a sort function or both performing a similar arithmetic operation, even if the syntax differs.

1

To make the representation focus on important parts of the code, we integrate an attention mechanism over the AST nodes. Following the idea of weighted AST aggregation, we compute an attention weight ${\alpha }_i$ for each child node $c_i$ of n as:

2

3

After processing the entire tree, we obtain an embedding for the root node (function) which represents the whole code fragment. Let E(f) denote the embedding of function f produced by the above tree encoder (with attention). These embeddings are in ${\mathbb{R}}^d$ (we use $d=256$ as the dimension in our implementation). Importantly, the encoder has the same parameters regardless of the programming language of the input code, thanks to the unified node representations. We do not train separate encoders per language; the same model processes Java or Python ASTs. This design choice ensures that the embeddings of similar code from different languages will naturally align in the vector space, to the extent that the unified AST captures their similarity. We also leverage self-supervised pre-training for this encoder: prior to training the clone detector, we pre-train the encoder on unlabeled code from both languages using the InferCode objective of predicting subtrees. This helps initialize E(f) to produce meaningful vectors even before clone pair supervision.

Siamese network architecture

With a way to convert any function f (Java or Python) into an embedding E(f), we now describe the Siamese neural network that determines if two code fragments are clones. A Siamese network consists of two identical subnetworks that process two inputs in parallel, followed by a comparison layer that computes a similarity or distance. In our model, the subnetwork is essentially the code encoder described above (including the AST embedding and attention). We feed two code fragments $f_a$ and $f_b$ (possibly from different languages) into the Siamese twin encoders, which share all weights. This yields embeddings $v_a=E(f_a)$ and $v_b=E(f_b)$. Sharing the encoder weights ensures that the vector representations live in the same feature space and that similar code patterns produce similar vectors regardless of language. This is crucial; if we allowed separate embeddings per language, the model might learn disjoint representations that are not directly comparable. By using one unified encoder, we enforce that, say, a loop or sort algorithm looks alike in the embedding space whether it came from Java or Python.

Next, we need to compare $v_a$ and $v_b$ to judge if the code fragments are clones. A straightforward approach is to compute a distance (such as Euclidean distance or cosine similarity) between the two vectors and threshold it. In our architecture, we opt for a learned comparator. We construct a feature vector from $v_a$ and $v_b$ as $h=[,|v_a-v_b|\oplus (v_a\circ v_b),]$, where $|·|$ is element-wise absolute difference and $\circ$ is element-wise product (Hadamard product). These are common feature transformations in Siamese setups to capture both distance and commonality between vectors. The combined vector h is fed into a small feed-forward network (FFN) with one hidden layer to produce an output score s. The FFN essentially learns to weigh the differences and similarities across dimensions. Finally, s is passed through a sigmoid activation $\sigma (s)$ to produce a probability $\widehat{y}$ that the pair $(f_a,f_b)$ is a clone (1 for clone, 0 for non-clone).

We train the Siamese network using a contrastive loss function on labeled pairs. For a pair of functions with label $y=1$ (clones) or $y=0$ (not clones), let $D=|v_a-v_b{|}_2$ be the Euclidean distance between their embeddings. The contrastive loss L is:

4

To further improve learning, we generate hard negative pairs during training. Besides true clone pairs from the ground truth, we include pairs of functions that are superficially similar but not true clones as negative examples. For instance, two functions with the same name but different behavior, or two solutions to different tasks that happen to share some code patterns. We mine such pairs by random mixing and by using our current model’s confusion: at each epoch, we identify some non-clone pairs that the model erroneously scores as high similarity and include them (with $y=0$) in the next epoch’s training batch. This hard-negative mining forces the model to refine the decision boundary between actual clones and coincidentally similar code.

After training, the Siamese network outputs a similarity measure. At inference, given any two code fragments $f_a,f_b$, we compute $d=|E(f_a)-E(f_b){|}_2$ and classify them as clones if $d<T$, where T is a chosen threshold. We set T based on a validation set to balance precision and recall (for example, $T=0.5$ in our experiments gave a good F1 balance). This yields a binary decision of “clone” or “not clone” for the pair. We can also interpret $\widehat{y}=\sigma (s)$ from the network as the confidence that they are clones.

Code reuse proportion detection algorithm

Beyond pairwise clone detection, our goal is to compute the proportion of code in a subject program that is reused (cloned) from elsewhere. We define the reuse proportion for a code fragment (or entire program) as the fraction of its code tokens that can be mapped to one or more cloned segments originating outside the fragment. In simpler terms, if we highlight all parts of the code that are detected as clones from an external source or library, what percentage of the code is highlighted? This metric is crucial in plagiarism detection (to see how much of a submission is copied) and in code quality analysis (to identify overly copied projects).

To compute this, we integrate our clone detector in an algorithmic process. Assume we have a target program P (which could be one file or a collection of functions) for which we want the reuse proportion, and a reference repository R of source code that represents “potential sources” of clones (e.g., a database of known code, or other projects, or in case of plagiarism, other student submissions or open-source code). If the goal is to detect self-contained reuse within a project (finding duplicates inside the project), R can be the same as P (intra-project clones). For plagiarism detection, R would be other students’ code or known solutions. Our approach is agnostic to this choice.

We break down the detection into function-level units. Let $F_P=f_1,f_2,...,f_n$ be the set of functions in program P (extracted via parsing). Let $F_R$ be the set of functions in the repository R (which could be very large, but note our method can embed and index them efficiently). We proceed as follows (pseudocode given in Algorithm 1):

• Embed all functions: Compute $v_i=E(f_i)$ for every function $f_i$ in $F_P\cup F_R$ using our unified encoder. This results in a database of embeddings for repository functions $v_j^R:f_j^R\in F_R$. We organize these in an index (for example, using a KD-tree or FAISS index for efficient nearest-neighbor search in the vector space).

• Clone search for each function: For each function $f_i$ in the target program P, find its closest matches in R. We perform a k-nearest-neighbors search in the embedding space: retrieve the top k repository functions whose embeddings are nearest to $v_i$. We then apply our clone classifier (distance threshold T) to these candidates to determine if any of them are clones of $f_i$. If yes, record the clone with the highest similarity. If multiple distinct matches exist covering different parts of $f_i$, we can consider them separately, but typically we assume one primary source if it exists. If no repository function passes the clone threshold for $f_i$, we consider $f_i$ as original (not reused).

• Reuse length calculation: If $f_i$ is deemed a clone of some $f_j^R$, we estimate the extent of cloning within $f_i$. One simple way is to use the token sequence of $f_i$ and $f_j^R$: we can perform a longest common subsequence (LCS) or set of common token subsequences to approximate which parts of $f_i$ align with $f_j^R$. Another approach is to split $f_i$ into basic blocks or lines and mark those that have high similarity to segments in $f_j^R$ (e.g., via local sequence alignment). For simplicity, we define $L_{\text{clone}}(f_i)$ as the number of tokens in $f_i$ that appear in the cloned segments (matched against $f_j^R$ after normalization). This can be obtained by an LCS-based diff between the two code fragments. Let $L_{\text{total}}(f_i)$ be the total number of tokens in $f_i$. We then compute the reuse ratio for function $f_i$ as $r_i=L_{\text{clone}}(f_i)/L_{\text{total}}(f_i)$. If multiple clone sources are detected for different portions of $f_i$, $L_{\text{clone}}$ can include all those portions (ensuring we don’t double-count overlapping regions). For a function with no detected clone, $r_i=0$.

• Aggregate to program-level proportion: The reuse proportion for the whole program P can be aggregated in various ways. One simple way is a weighted average by code length: $r_P=\frac{{\sum }_{i=1}^n{L}_{\text{clone}}(f_i)}{{\sum }_{i=1}^n{L}_{\text{total}}(f_i)}$, i.e., total cloned tokens over total tokens in the program. This gives a single percentage of code that is reused. Alternatively, if higher-level structure (like classes or files) is needed, we can compute per-file ratios similarly. In our experiments, we report $r_P$ as a percentage.

[See PDF for image]

Algorithm 1

Code Reuse Proportion Detection.

In line 13, ComputeAlignment(f_i, g) refers to an algorithm that identifies which tokens of $f_i$ align with tokens of g (the clone source). This could be an LCS-based diff as described. In our implementation, we used a dynamic programming LCS on the normalized token sequences of $f_i$ and g to mark the matching regions and count tokens.

The reuse proportion $r_P$ is a real number between 0 and 1 (we often express it as a percentage). An $r_P$ close to 0 means P is mostly original, whereas an $r_P$ close to 1 indicates that nearly all of P’s code was found as clones in the repository. For individual functions, $r_i$ provides a fine-grained view (e.g., a function might be 100% cloned while others are original, which a file-level average would dilute). Our method can report both levels: per-function clone ratios and overall program clone ratio.

Model training and implementation details

We implemented the Siamese network in PyTorch. The tree encoder uses a custom recursive function to compute (3) for each AST node; we limited the maximum tree depth to 100 (which sufficed for all our code, after inlining long expression chains to depth). The embedding dimension $d=256$ was chosen empirically for a good balance of representation power and efficiency. We pre-trained the encoder on an unlabeled corpus of 50,000 Java and 50,000 Python functions (not in the evaluation sets) using the self-supervised InferCode objective, which improved initial embeddings. For Siamese training, we constructed a training set of clone/non-clone pairs. We obtained known clone pairs from the BigCloneBench dataset and from online judge problems (for cross-language, we paired known equivalent solutions in Java/Python to the same problem). Non-clone pairs were sampled randomly across different projects/problems. We ensured that about 50% of training pairs were cross-language to teach the model cross-language alignment, and the rest were same-language (for general robustness). The training used the contrastive loss (4) with margin $m=1.0$. We used the Adam optimizer with learning rate $1e-4$. Training converged in  20 epochs on our data ( 100K pairs), taking about 2 hours on a single GPU.

During training, we monitored validation F1 on a small held-out set of clone pairs and used early stopping when it plateaued. The threshold T for classification was set to 0.5 based on maximizing F1 on validation; this threshold is applied to the Euclidean distance D (so effectively we classify clone if similarity > some value since lower distance = higher similarity). Post-training, we fixed the encoder and used it for all experiments.

The reuse proportion algorithm was implemented as a separate module. For efficiency, we embedded the repository functions once and stored their vectors. We used $k=3$ nearest neighbors in Algorithm 1’s search, as we found in our development tests that looking at 3 candidates was usually enough to find the true clone if it existed (the correct clone was often the nearest neighbor due to the embedding quality). If an exact or very close clone wasn’t among the top 3, it usually meant no clone existed in the repository. We also experimented with larger k and found negligible difference in final proportions beyond $k=5$ but with higher runtime. The vector search was accelerated using FAISS (Facebook AI Similarity Search) for the largest dataset to keep lookup under a few milliseconds per function. The alignment step (line 13) using LCS runs in O(nm) time for sequences of length n and m, but since functions are relatively small (typically <300 tokens), this was fast in practice.

Reproducibility and transparency

To ensure the method is transparent and reproducible, we provide details and examples. The pseudocode and formulas above define the method rigorously. We have made our source code available in a public repository (link omitted for anonymity) including the implementation of the unified AST generator and training scripts. For clarity, consider a simple example: a Java function that computes factorial and a Python function doing the same. After normalization, both get represented with a similar UASR (loops or recursion marked similarly, etc.), yielding embeddings that are close. The Siamese network will correctly classify them as clones. If the Java function had 10 lines and 8 of those lines align with the Python code (just different syntax), the reuse proportion for that function would be 0.8 (80%). In our experiments section, we will present sample outputs illustrating such cases.

In terms of theoretical complexity, encoding a code fragment is linear in the size of its AST (each node processed once). Comparing two fragments is O(d) for the vector operations. Thus, pairwise clone check is efficient. The reuse proportion detection for an entire program P with n functions involves n searches in the repository index. If the repository has M functions, a naive search is O(nM), but using an approximate index typically yields sublinear search time in M. In our use-cases, this was manageable (e.g., for $n\approx 300$ and $M\approx 50,000$, it completed in seconds).

In conclusion, our methodology integrates a robust cross-language clone detector with an algorithm to quantify code reuse. By focusing on function-level analysis and leveraging deep learning, it addresses both precision (few false positives due to strong semantic matching) and recall (catching tricky semantic clones). The next section will detail how we evaluate this methodology on multiple datasets and compare it against baselines.

Datasets

We use three publicly available datasets that together cover both single-language and cross-language clone detection tasks, as well as a variety of codebases and clone types:

• BigCloneBench (BCB) – Java: BigCloneBench is a widely-used benchmark for code clone detection. It consists of 8,851 true clone pairs and millions of non-clone pairs drawn from 25,000 Java files in the IJaDataset repository. The clone pairs are annotated with clone types (I–IV) and cover a range of functionalities (e.g., various implementations of algorithms). We use the recommended evaluation subset of BCB: a balanced set of clone and non-clone function pairs with known labels (often focusing on functionality clones which are Type-III/IV). This dataset is excellent for evaluating recall on Type-III and IV clones in Java. In our experiments, we report results on BCB for the Java language. We treat this as a binary classification task on pairs, using the standard references for ground truth (any pair labeled as a true clone in BigCloneBench is positive).

• GCJ-Python – Code Jam Python dataset (Svajlenko and Roy 2015): To evaluate on a different language and to simulate a plagiarism scenario, we assembled a dataset from Google Code Jam (GCJ) competition problems. We collected Python solutions for several Code Jam problems (from GCJ 2017 and 2018 online rounds). The dataset contains 1,200 Python functions solving 100 distinct problems (around 12 solutions per problem on average). We labeled clone pairs by problem: solutions to the same problem are considered semantically similar (clones) because they should solve the same task, whereas solutions to different problems are non-clones. This is similar to the dataset used in certain clone studies like Semantic Clone Benchmark or OJClone. Admittedly, not every solution to a problem is a near clone of another (they can differ significantly in approach), but typically there are common patterns. We primarily use this dataset to evaluate monolingual clone detection in Python – a language not represented in BigCloneBench – and to see how our model (trained partly on Java) generalizes. The positive pairs here are more semantic (Type-IV) in nature, given the variations in coding styles across different participants. We ensured no code overlap between this and other sets for fairness.

• XLCoST Java–Python Cross-Language Clone Set: For cross-language evaluation, we leverage the XLCoST benchmark, which provides parallel code snippets in multiple languages for the same tasks. Specifically, we extracted a subset of 3,000 Java–Python clone pairs from XLCoST (each pair solves the same programming problem, one in Java, one in Python). Additionally, we generated an equal number of non-clone cross-language pairs by pairing code solutions of different problems (and validated that they are indeed different in functionality). This yields a balanced cross-language clone detection dataset (6,000 pairs total). This dataset tests the model’s capability to identify clones across our two target languages. The problems in XLCoST are relatively simple (e.g., algorithmic puzzles), which means many clone pairs are straightforward, but some are tricky if the languages use different approaches (iterative vs recursive, different library calls, etc.). We use this set to evaluate cross-language clone classification performance. We also use the raw code snippets from XLCoST as part of the reference repository R when computing reuse proportions for a cross-language scenario.

Before parsing, we applied consistent preprocessing steps across all datasets, including removing comments and import statements, normalizing identifiers and literals, and splitting multi-function files into individual functions. Functions with fewer than five lines or syntactic errors were excluded. To ensure comparability across datasets, we verified that each function node structure in the unified AST contained the same normalized node types and operator mappings.

During model training, key hyperparameters were fixed as follows: embedding dimension 256, batch size 64, learning rate 1e-4, optimizer Adam, and margin parameter $m=1.0$ in the contrastive loss. We trained each model for 20 epochs with early stopping based on validation F1-score.

While preprocessing was largely automated, we encountered challenges such as inconsistencies between Java and Python AST node granularity and the need to balance clone/non-clone pair ratios across datasets. These challenges were addressed by manual verification on random samples and controlled sampling procedures. We release all preprocessing scripts and configuration files to facilitate reproducibility.

Evaluation metrics

We employ several standard metrics to assess clone detection performance, ensuring a comprehensive evaluation:

• Precision (P): The fraction of pairs our model labeled as clones that are actually true clones. This measures how many false positives we produce. High precision is important in practical clone detection to avoid overwhelming users with incorrect clone reports.

• Recall (R): The fraction of true clone pairs that our model successfully identified. This reflects the model’s ability to catch clones (false negatives reduce recall). High recall is crucial especially in plagiarism detection – missing a plagiarized segment is a serious drawback.

• F1-Score: The harmonic mean of Precision and Recall,

  5

  $$\begin{array}{c}\hfill F1=2\frac{P·R}{P+R}.\end{array}$$ F1 gives a single measure of overall accuracy, balancing P and R. We report F1 as a primary metric for clone detection performance, as is common in prior work. For cross-language datasets (e.g., Java–Python pairs), performance metrics such as Precision, Recall, and F1-score are computed in the same way as for single-language clone detection. Each code pair is labeled as a ‘true clone’ if the two functions implement the same functionality, regardless of the programming language. A correct prediction means that the model successfully identifies such functional similarity across languages (true positive), while incorrect or missed detections correspond to false positives or false negatives, respectively. This consistent definition ensures that the reported metrics are directly comparable across monolingual and cross-lingual evaluations, making the results interpretable even for readers without a machine learning background.

• Accuracy (Acc): The proportion of all pair classifications (clone or not) that are correct. While accuracy can be less informative if clone vs non-clone classes are imbalanced, we include it for reference. In some datasets like BigCloneBench, the test set is balanced, so accuracy parallels F1. In others (like if we consider all possible pairs, non-clones far outnumber clones), accuracy is less meaningful. We will clarify class distributions when discussing results.

• MCC (Matthews Correlation Coefficient): For a more rigorous evaluation especially in imbalanced settings, we use MCC, which considers true and false positives/negatives in a correlation coefficient ranging from -1 to 1. MCC is defined as

  6

  $$\begin{array}{c}\hfill MCC=\frac{TP·TN-FP·FN}{\sqrt{(TP+FP)(TP+FN)(TN+FP)(TN+FN)}}.\end{array}$$ We compute MCC for scenarios like BigCloneBench where negative pairs are extremely large in number (for fairness, many works focus on recall at high precision instead). MCC provides a balanced view even if classes are skewed.

• Clone Recall @ k: In a retrieval context, one might consider how many true clones are found in the top-k similar results. For example, in BigCloneBench evaluations, recall@100% precision is sometimes used (i.e., how many of the known clones can be found before the first false positive). In our evaluation tables, we focus on P/R/F1 at a fixed threshold. However, in discussing results, we note if our method achieves 100% precision and what recall corresponds to that. This is akin to measuring along the precision-recall curve.

Each experiment table in the following subsections will typically list Precision, Recall, F1 (and sometimes Accuracy or MCC) for our method and baselines, for a given dataset. All metrics are computed at the pair level (for clone detection) except when explicitly stating aggregate measures.

Table 3. Clone detection results on BigCloneBench (Java)

Our model (CrossCodeClone) vs baselines. Bold indicates best, underline indicates second best. All values in %

Table 4. Clone detection results on the GCJ Python dataset

Main summarization results

Ablation study

We perform an ablation study to assess the contribution of key components of our approach: (A) the unified AST representation, (B) the attention mechanism in the encoder, and (C) the contrastive Siamese training objective. We create three ablated variants of our model, each missing one of these components, and evaluate them on the BigCloneBench (Java) dataset and the cross-language dataset (Java–Python). Specifically:

• No-Unify: In this variant, we remove the unified AST mapping. Instead, we train separate embeddings for each language’s raw AST (like two encoders that do not share weights). This means the model sees language-specific AST node types. We still use the Siamese network but without forcing unified representation.

• No-Attention: Here we disable the attention weights in the tree encoder. The AST node vectors are computed by simple averaging of child vectors (or concatenation + linear layer as in (1) without attention reweighting). This tests whether the attention mechanism is improving the encoding or not.

• No-Contrastive (Binary classification): Instead of using the contrastive loss on embedding distance, we train a binary classifier on top of the Siamese outputs with a binary cross-entropy loss. In practice, we feed $h=[v_a\oplus v_b]$ into an MLP classifier that outputs clone vs not. This is a more traditional approach used in some earlier works. We keep everything else the same but optimize for classification accuracy rather than pulling embeddings.

Table 6. Ablation results on BigCloneBench (Java) and Cross-Language dataset

The ablation reveals several insights. Removing the unified AST (training language-specific encoders) causes a significant drop, especially in cross-language performance: F1 plunges from 89.9 to 72.4. This confirms that the unified representation is critical for cross-language clone detection – without it, the model probably learns separate feature spaces and fails to align Java with Python effectively (72.4 F1 likely means it’s only marginally better than chance on cross-language). Even on the Java-only task, not unifying had an effect (94.5 -> 88.7 F1); this is interesting since unified vs separate shouldn’t affect monolingual if done properly. The drop suggests that having a unified approach even helps single-language detection, possibly because it doubles training data effectively (the model parameters are trained on both Java and Python clones, learning more robust features that generalize back to Java). In No-Unify, each encoder only saw half the data effectively. This could explain the gap.

Removing the attention mechanism (No-Attention) yields a smaller degradation: Java F1 from 94.5 to 92.1, and cross-lang F1 from 89.9 to 85.5. The model still works well but not as well, which indicates the attention adds value. Likely the attention helps focus on critical parts of the code (like matching key operations or function calls) and ignore clutter. Without it, some subtle differences might confuse the model or it might give equal weight to less important AST branches. The performance is still high though, meaning the core approach (unified AST + Siamese) is strong even without attention.

Switching to a binary classification loss (No-Contrastive) also hurts performance: Java F1 drops to 91.0, cross-lang to 83.7. The contrastive objective evidently helped push the embeddings into a space where similarity is more meaningful and easier to threshold. With BCE, the model likely had to find a decision boundary in a high-dimensional space – it achieved good results but not as tight clustering of clones vs non-clones, leading to lower precision/recall. We noticed during training that the contrastive model converged faster and produced more stable similarity scores, whereas the binary classifier was more prone to overfitting unless carefully regularized. The results validate our design choice of using contrastive Siamese training.

In summary, the ablation confirms that each component – unified representation, attention, and contrastive learning – plays an important role, particularly for the cross-language capability. The unified AST is absolutely essential for multi-language clone detection, attention and contrastive learning provide notable but smaller gains. Therefore, our full model’s high performance indeed comes from the synergy of these design elements.

Statistical Significance Analysis. To confirm the reliability of the observed performance gains, we conducted paired significance tests comparing our model with the strongest baselines (CodeBERT and C4) on F1-scores across all datasets. Both paired t-tests and Wilcoxon signed-rank tests indicate that the improvements are statistically significant at p < 0.01, confirming that the performance gains are unlikely to be due to random variations.

Scalability Evaluation. To evaluate scalability, we measured runtime and memory consumption on the largest dataset (BigCloneBench). Embedding computation required approximately 2.4 ms per function on average, and FAISS-based nearest-neighbor search took 3.1 ms per query with 256-dimensional embeddings. For a repository containing 100k functions, the full reuse proportion computation completed in under 10 minutes on a single GPU and 32 GB RAM. These results demonstrate that the proposed approach is practical for large-scale software repositories.

Table 7. Effect of similarity threshold T on cross-language clone detection performance

Table 8. Recall (%) by clone Type on BigCloneBench (Java)

(Precisions were all >90% for our model in these subsets, hence omitted)

Sensitivity to similarity threshold

Our clone detection involves a threshold T on the embedding distance (or equivalently a threshold on similarity) to decide if two fragments are clones. While we set $T=0.5$ based on validation, it’s useful to see how sensitive results are to this choice and how precision/recall trade-off can be managed by adjusting T. We conduct an experiment varying T around the chosen value and measuring precision and recall on one dataset (we use the cross-language dataset as it’s the most challenging) (Table 7).

As expected, a stricter threshold (0.3) yields very high precision (97.8%) but recall drops to 70.4%. This means hardly any false positives (only the most similar pairs are flagged), but many true clones are missed because their distance might be>0.3. On the other extreme, a lenient threshold 0.7 gives recall 96.0% (almost all clones found) but precision falls to 80.5% (more false positives). The threshold of 0.5 we picked is roughly balancing: at 91.8% precision and 88.1% recall, it’s near the optimal F1. We see that 0.6 yields virtually the same F1 (89.8) but with a bias toward recall. So one could choose threshold depending on application: if missing a clone is worse (e.g., plagiarism checking might want high recall), they might go  0.6 or 0.7 to catch more, accepting some FP that could be manually filtered. If false alarms are very undesirable (e.g., in automated refactoring suggestions maybe want high precision), then  0.4 yields still decent F1 but with>95 precision. Our model thus provides a tunable behavior.

The fact that F1 is high and fairly stable around 0.5–0.6 indicates the model’s similarity scores separate clones and non-clones quite well. The range 0.4–0.6 covers nearly the maxima. At 0.5 we got slightly better F1 than at 0.6 by a hair. Also note, at 0.5, precision and recall are quite balanced (91.8 vs 88.1). At 0.6 they inverted (87.2 vs 92.7). So threshold can shift what you favor.

We also examined the distribution of distances: there is a clear gap often around  0.55 beyond which non-clones dominate, which is why these threshold adjustments behave somewhat predictably. This analysis gives confidence that the threshold choice was sound and can be adjusted per use-case.

Performance by clone type and language

Case study: code reuse proportion in an open-source project

Finally, we illustrate our model’s capability to measure code reuse proportion with a brief case study. We took an open-source project where we suspect a portion of code was copied from another library. Specifically, we use a simplified scenario: a project X (written in Java) that included some utility functions directly copied from Apache Commons Lang library. We know by inspection that about two functions (out of 10) were verbatim copied. We run our reuse proportion detection (Algorithm 1) on project X with repository R being the Apache Commons codebase.

The output identified those two functions as clones with reuse ratios of 100% each, and a third function that was partially similar (it had a large snippet from a StackOverflow answer – which happened to appear in R as well). Summing up, the tool reported  24% of project X’s code is reused. Indeed, the two copied functions accounted for roughly a quarter of the total LOC. This matches the known ground truth. In another test, we looked at a student’s Python assignment that was known to borrow code from an online example. Our method flagged the borrowed functions and reported  35% reuse. The instructor’s manual estimate was “about one-third plagiarized”, so again it aligned.

While anecdotal, these examples show the practicality of the reuse proportion metric. It gives an easy-to-understand number (e.g., “35% of this code is likely reused from known sources”) which can augment a clone detection report. In scenarios of plagiarism adjudication or license auditing, such a percentage can quickly communicate the extent of copying. Our method also highlights which parts (via marking cloned tokens), so one can review the content. We note the accuracy of proportion depends on how comprehensive the repository R is: if R doesn’t contain the true source of copied code, our model might not find it, underestimating reuse. Conversely, false positives could overestimate it. But given our high precision, overestimation is less likely. Ensuring R is broad (like containing popular libraries, prior student submissions, etc.) will maximize the utility of this feature.

In summary, the experiments confirm that our proposed method not only achieves superior clone detection performance but also provides a meaningful extension to quantify reuse. The results and analyses suggest that the approach is robust, generalizes across languages, and can be applied in practical settings such as plagiarism detection tools or software maintenance systems.

Beyond the experimental validation, our findings have important practical implications. In software engineering practice, the proposed method can be used to monitor and manage code reuse across large multi-language projects, enabling developers to identify redundant or cloned functions that may increase maintenance costs. The quantitative reuse ratio can also assist project managers in evaluating code originality and modularization quality. In academic settings, the approach provides a principled means for detecting cross-language plagiarism, where students translate code between languages to evade detection. Additionally, when applied to large-scale software repositories, scalability challenges may arise due to the volume of function embeddings and the cost of similarity searches. Future work could integrate distributed vector indexing and incremental embedding updates to ensure efficiency in industrial-scale systems.

Competing Interests

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.