ISSTA 2025
Wed 25 - Sat 28 June 2025 Trondheim, Norway
co-located with FSE 2025
Fri 27 Jun 2025 14:50 - 15:15 at Cosmos 3C - Gamification, Specifications, and Code Reviews Chair(s): Michael Pradel

Watermarking is a technique to help identify the source of data points, which can be used to help prevent the misuse of protected datasets. Existing methods on code watermarking, leveraging the idea from the backdoor research, embed stealthy triggers as watermarks. Despite their high resilience against dilution attacks and backdoor detections, the robustness has not been fully evaluated. To fill this gap, we propose DeCoMa, a dual-channel approach to Detect and purify Code dataset waterMarks. To overcome the high barrier created by the stealthy and hidden nature of code watermarks, DeCoMa leverages dual-channel constraints on code to generalize and map code samples into standardized templates. Subsequently, DeCoMa extracts hidden watermarks by identifying outlier associations between paired elements within the standardized templates. Finally, DeCoMa purifies the watermarked dataset by removing all samples containing the detected watermark, enabling the silent appropriation of protected code. We conduct extensive experiments to evaluate the effectiveness and efficiency of DeCoMa, covering 10 types of code watermarks and 3 representative intelligent code tasks (a total of 14 scenarios). Experimental results demonstrate that DeCoMa achieves a stable recall of 100% in 14 code watermark detection scenarios, significantly outperforming the baselines. Additionally, DeCoMa effectively attacks code watermarks with poisoning rates as low as 0.9%, while maintaining comparable model performance after training on the purified dataset. Furthermore, as DeCoMa requires no model training for detection, it achieves substantially higher efficiency than all baselines, with a speedup ranging from 31.5 to 130.9×. The results call for more advanced watermarking techniques for code models, while DeCoMa can serve as a baseline for future evaluation.

Fri 27 Jun

Displayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change

14:00 - 15:30
Gamification, Specifications, and Code ReviewsResearch Papers / Tool Demonstrations at Cosmos 3C
Chair(s): Michael Pradel University of Stuttgart
14:00
25m
Talk
NADA: Neural Acceptance-driven Approximate Specification Mining
Research Papers
Weilin Luo Sun Yat-sen University, Tingchen Han Sun Yat-Sen University, Junming Qiu Sun Yat-sen University, Hai Wan Sun Yat-sen University, Jianfeng Du Guangdong University of Foreign Studies, Bo Peng Sun Yat-Sen University, Guohui Xiao Southeast University, Yanan Liu SUN YAT-SEN UNIVERSITY
DOI
14:25
25m
Talk
Gamifying Testing in IntelliJ: A Replicability Study
Research Papers
Philipp Straubinger University of Passau, Tommaso Fulcini Politecnico di Torino, Giacomo Garaccione Politecnico di Torino, Luca Ardito Politecnico di Torino, Gordon Fraser University of Passau
DOI
14:50
25m
Talk
DeCoMa: Detecting and Purifying Code Dataset Watermarks through Dual Channel Code Abstraction
Research Papers
Yuan Xiao Nanjing University, Yuchen Chen Nanjing University, Shiqing Ma University of Massachusetts at Amherst, Haocheng Huang Soochow University, Chunrong Fang Nanjing University, Yanwei Chen Nanjing University, Weisong Sun Nanyang Technological University, Yunfeng Zhu Nanjing University, Xiaofang Zhang Soochow University, Zhenyu Chen Nanjing University
DOI Pre-print
15:15
15m
Demonstration
Teaching Software Testing and Debugging with the Serious Game Sojourner under Sabotage
Tool Demonstrations
Philipp Straubinger University of Passau, Tim Greller University of Passau, Gordon Fraser University of Passau

Information for Participants
Fri 27 Jun 2025 14:00 - 15:30 at Cosmos 3C - Gamification, Specifications, and Code Reviews Chair(s): Michael Pradel
Info for room Cosmos 3C:

Cosmos 3C is the third room in the Cosmos 3 wing.

When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.

:
:
:
: