Home Tsinghua Science and Technology Article
PDF (9.9 MB)
Cite
EndNote(RIS) BibTeX
Collect
Submit Manuscript
Show Outline
Figures (11)

Show 2 more figures Hide 2 figures
Tables (6)
Table 1
Table 2
Table 3
Table 4
Table 5
Show 1 more tables Hide 1 tables
Open Access

CCDive: A Deep Dive into Code Clone Detection Using Local Sequence Alignment

School of Software, Tsinghua University, Beijing 100084, China
Department of Computer Engineering, Bilkent University, Ankara 06800, Turkey
Show Author Information

Abstract

The rapid evolution of software development has accentuated the deficiencies of prevailing code clone detection techniques. As modern applications become more complex, traditional cloning tools often struggle to detect general and large-gap clones that undergo regular modification. Such challenges pose threats to software integrity, emphasizing the critical need for improved code cloning techniques. Observing the prevailing gap, we propose an innovative code clone dive (CCDive) code cloning technique, which is designed to detect an extensive range of clones, from direct clones to the often challenging large-gap clones, thoroughly covering different categories, such as very strongly Type-III, strongly Type-III, and moderate Type-III clones. In CCDive, the fusion of a level-by-level abstraction and an innovative similarity matching algorithm ensures the recognition of clones even when nearly half the original code in the chunk has been modified. Furthermore, by integrating the Smith–Waterman local sequence alignment, the capability of CCDive to spot exact code transformation locations can be enhanced. In a comprehensive evaluation, CCDive was compared with well-known code cloning techniques. The efficacy of CCDive was measured using precision, recall, F1-score, accuracy, and efficiency. CCDive consistently surpassed other techniques in the precision, recall, F1-score, and accuracy metrics for both file-based and function-based clone detection. The robust performance of CCDive emphasizes its effectiveness, reliability, accuracy, and efficiency, making it well-suited for practical applications in the real world.

Keywords

clone detectionsoftware maintenancesoftware securitysoftware reuse

References

[1]

Q. U. Ain, W. H. Butt, M. W. Anwar, F. Azam, and B. Maqbool, A systematic review on code clone detection, IEEE Access, vol. 7, pp. 86121–86144, 2019.

Crossref Google Scholar
[2]

H. Zhang and K. Sakurai, A survey of software clone detection from security perspective, IEEE Access, vol. 9, pp. 48157–48173, 2021.

Crossref Google Scholar
[3]

S. Kim and H. Lee, Software systems at risk: An empirical study of cloned vulnerabilities in practice, Computers & Security, vol. 77, pp. 720–736, 2018.

Crossref Google Scholar
[4]
Y. Golubev, V. Poletansky, N. Povarov, and T. Bryksin, Multi-threshold token-based code clone detection, in Proc. IEEE Int. Conf. Softw. Anal., Evol. Reengineering (SANER ), pp. 496–500, 2021.
Crossref
[5]
H. A. Basit and S. Jarzabek, Efficient token based clone detection with flexible tokenization, in Proc. 6 th Joint Meeting of the European Software Engineering Conf. and the ACM SIGSOFT Symp. Foundations of Software Engineering, Dubrovnik, Croatia, 2007, pp. 513–516.
Crossref
[6]
Y. Semura, N. Yoshida, E. Choi, and K. Inoue, CCFinderSW: Clone detection tool with flexible multilingual tokenization, in Proc. 2017 24 th Asia–Pacific Software Engineering Conf. (APSEC), Nanjing, China, 2017, pp. 654–659.
Crossref
[7]
C. K. Roy and J. R. Cordy, NICAD: Accurate detection of near-miss intentional clones using flexible pretty-printing and code normalization, in Proc. 2008 16 th IEEE Int. Conf. Program Comprehension, Amsterdam, The Netherlands, 2008, pp. 172–181.
Crossref
[8]
C. Ragkhitwetsagul and J. Krinke, Using compilation/decompilation to enhance clone detection, in Proc. 2017 IEEE 11 th Int. Workshop on Software Clones (IWSC ), Klagenfurt, Austria, 2017, pp. 1–7.
Crossref
[9]
Y. Glani, L. Ping, and S. A. Shah, AASH: A lightweight and efficient static IoT malware detection technique at source code level, in Proc. 2022 3 rd Asia Conf. Computers and Communications (ACCC ), Shanghai, China, 2022, pp. 19–23.
Crossref
[10]
Y. L. Hung and S. Takada, CPPCD: A token-based approach to detecting potential clones, in Proc. 2020 IEEE 14 th Int. Workshop on Software Clones (IWSC ), London, Canada, 2020, pp. 26–32.
Crossref
[11]
Z. Li, S. Lu, S. Myagmar, and Y. Zhou, CP-Miner: Finding copy-paste and related bugs in large-scale software code, IEEE Trans. Softw. Eng., vol. 32, no. 3, pp. 176–192, 2006.
Crossref
[12]
Y. Glani, L. Ping, K. Lin, and S. A. Shah, AyatDroid: A lightweight code cloning technique using different static features, in Proc. 2023 IEEE 3 rd Int. Conf. Software Engineering and Artificial Intelligence (SEAI ), Xiamen, China, 2023, pp. 17–21.
Crossref
[13]
J. Jang, A. Agrawal, and D. Brumley, ReDeBug: Finding unpatched code clones in entire OS distributions, in Proc. 2012 IEEE Symp. Security and Privacy, San Francisco, CA, USA, 2012, pp. 48–62.
Crossref
[14]
S. Kim, S. Woo, H. Lee, and H. Oh, VUDDY: A scalable approach for vulnerable code clone discovery, in Proc. 2017 IEEE Symp. Security and Privacy (SP ), San Jose, CA, USA, 2017, pp. 595–614.
Crossref
[15]
Y. Gao, Z. Wang, S. Liu, L. Yang, W. Sang, and Y. Cai, TECCD: A tree embedding approach for code clone detection, in Proc. 2019 IEEE Int. Conf. Software Maintenance and Evolution (ICSME ), Cleveland, OH, USA, 2019, pp. 145–156.
Crossref
[16]
P. Bulychev and M. Minea, Duplicate code detection using anti-unification, https://cyberleninka.ru/article/n/duplicate-code-detection-using-anti-unification, 2008.
Crossref
[17]
L. Jiang, G. Misherghi, Z. Su, and S. Glondu, DECKARD: Scalable and accurate tree-based detection of code clones, in Proc. 29 th Int. Conf. Software Engineering (ICSE'07 ), Minneapolis, MN, USA, 2007, pp. 96–105.
Crossref
[18]
J. Li and M. D. Ernst, CBCD: Cloned buggy code detector, in Proc. 2012 34 th Int. Conf. Software Engineering (ICSE ), Zurich, Switzerland, 2012, pp. 310–320.
Crossref
[19]
F. Yamaguchi, N. Golde, D. Arp, and K. Rieck, Modeling and discovering vulnerabilities with code property graphs, in Proc. 2014 IEEE Symp. Security and Privacy, Berkeley, CA, USA, 2014, pp. 590–604.
Crossref
[20]
Y. Xiao, B. Chen, C. Yu, Z. Xu, Z. Yuan, F. Li, B. Liu, Y. Liu, W. Huo, W. Zou, et al., MVP: Detecting vulnerabilities using patch-enhanced vulnerability signatures, in Proc. 29 th USENIX Security Symp., 2020, pp. 1165–1182.
[21]
Y. Yang, Z. Ren, X. Chen, and H. Jiang, Structural function based code clone detection using a new hybrid technique, in Proc. 2018 IEEE 42 nd Annu. Computer Software and Applications Conf. (COMPSAC ), Tokyo, Japan, 2018, pp. 286–291.
Crossref
[22]

E. Kodhai and S. Kanmani, Method-level code clone detection through LWH (Light Weight Hybrid) approach, J. Softw. Eng. Res. Dev., vol. 2, no. 1, pp. 12–29, 2014.

Crossref Google Scholar
[23]
M. R. H. Misu, A. Satter, and K. Sakib, An exploratory study on interface similarities in code clones, in Proc. 2017 24 th Asia-Pacific Software Engineering Conf. Workshops, Nanjing, China, 2017, pp. 126–133.
Crossref
[24]

N. Saini, S. Singh, and N. Suman, Code clones: Detection and management, Procedia Comput. Sci., vol. 132, pp. 718–727, 2018.

Crossref Google Scholar
[25]
Y. Higo, Y. Ueda, T. Kamiya, S. Kusumoto, and K. Inoue, On software maintenance process improvement based on code clone analysis, in Proc. 4 th Int. Conf. Product Focused Software Process Improvement, Rovaniemi, Finland, 2002, pp. 185–197.
Crossref
[26]
D. Li, M. Piao, H. S. Shon, K. H. Ryu, and I. Paik, One pass preprocessing for token-based source code clone detection, in Proc. 2014 IEEE 6 th Int. Conf. Awareness Science and Technology (iCAST ), Paris, France, 2014, pp. 1–6.
Crossref
[27]
N. H. Pham, T. T. Nguyen, H. A. Nguyen, and T. N. Nguyen, Detection of recurring software vulnerabilities, in Proc. 25 th IEEE/ACM Int. Conf. Automated Software Engineering, Antwerp, Belgium, 2010, pp. 447–456.
Crossref
[28]
J. Svajlenko and C. K. Roy, BigCloneEval: A clone detection tool evaluation framework with BigCloneBench, in Proc. 2016 IEEE Int. Conf. Software Maintenance and Evolution (ICSME ), Raleigh, NC, USA, 2016, pp. 596–600.
Crossref
[29]

J. Akram, M. Mumtaz, G. Jabeen, and P. Luo, DroidMD: An efficient and scalable Android malware detection approach at source code level, International Journal of Information and Computer Security, vol. 15, no. 2–3, pp. 299–321, 2021.

Crossref Google Scholar
[30]
J. Akram, M. Mumtaz, and P. Luo, IBFET: Index-based features extraction technique for scalable code clone detection at file level granularity, Softw. : Pract. Exp., vol. 50, no. 1, pp. 22–46, 2020.
Crossref
[31]
X. Song, A. Yu, H. Yu, S. Liu, X. Bai, L. Cai, and D. Meng, Program slice based vulnerable code clone detection, in Proc. 2020 IEEE 19 th Int. Conf. Trust, Security and Privacy in Computing and Communications (TrustCom ), Guangzhou, China, 2020, pp. 293–300.
Crossref
[32]
The BigCloneBench Dataset, https://github.com/clonebench/BigCloneBench?tab=readme-ov-file.
[33]

J. Svajlenko, I. Keivanloo, and C. K. Roy, Big data clone detection using classical detectors: An exploratory study, J. Softw.: Evol. Process, vol. 27, no. 6, pp. 430–464, 2015.

Crossref Google Scholar
[34]
A. Schäfer, W. Amme, and T. S. Heinze, Stubber: Compiling source code into bytecode without dependencies for Java code clone detection, in Proc. 2021 IEEE 15 th Int. Workshop on Software Clones (IWSC ), Luxembourg City, Luxembourg, 2021, pp. 29–35.
Crossref
[35]
A. A. Elkhail, J. Svacina, and T. Cerny, Intelligent token-based code clone detection system for large scale source code, in Proc. Conf. Research in Adaptive and Convergent Systems, Chongqing, China, 2019, pp. 256–260.
Crossref
[36]
E. Juergens, F. Deissenboeck, and B. Hummel, CloneDetective: A workbench for clone detection research, in Proc. 2009 IEEE 31 st Int. Conf. Software Engineering, Vancouver, Canada, 2009, pp. 603–606.
Crossref
[37]
Y. Giani, L. Ping, and S. A. Shah, AYAT: A lightweight and efficient code clone detection technique, in Proc. 2022 3 rd Asia Conf. Computers and Communications (ACCC ), Shanghai, China, 2022, pp. 47–52.
Crossref
[38]
Research group on Java development, University of Edinburgh, https://groups.inf.ed.ac.uk/cup/javaGithub/.
[39]
OneDrive repository, https://www.kaggle.com/datasets/zavadskyy/lots-of-code?select=java.txt.
Tsinghua Science and Technology
Volume 30 Issue 4,
August 2025
Pages 1435-1456
DOI: 10.26599/TST.2024.9010075
Cite this article:
Glani Y, Ping L, Shah SA, et al. CCDive: A Deep Dive into Code Clone Detection Using Local Sequence Alignment. Tsinghua Science and Technology, 2025, 30(4): 1435-1456. https://doi.org/10.26599/TST.2024.9010075
Metrics & Citations  
Article History
Copyright
Rights and Permissions
Return

BigCloneEval clone evaluation.

Clone typeGranularity
Type-IExact clone
Type-IIRenamed clone
VST-III90%−100% similarity
ST- III70%−90% similarity
MT- III50%−70% similarity

Java datasets used for evaluation.

DatasetNumber of filesNumber of methodsNumber of functionsNumber of lines
D4JDataset8517327811067569610631318
IJADAtaset1000002520229616557164932
GTHDataset1000001723073644957768509

Function-based direct clones evaluation metrics of all techniques for each dataset (D.Time stands for detection time).

TechniqueDatasetType-IIIType-III LG
PrecisionRecallF1-scoreAccuracyD.Time (s)PrecisionRecallF1-scoreAccuracyD.Time (s)
CCDiveD4JDataset0.990.790.880.892.510.980.630.770.812.52
IJADataset0.980.890.930.943.550.970.710.820.843.63
GTHDataset0.950.820.880.891.370.930.560.700.761.37
DroidMDD4JDataset0.570.080.140.5110.700.600.090.160.5210.96
IJADataset0.330.040.070.489.050.430.060.110.499.68
GTHDataset0.820.230.360.595.020.810.220.350.584.68
PDGD4JDataset0.650.920.760.720.750.640.890.740.520.73
IJADataset0.470.500.490.471.990.470.490.480.491.80
GTHDataset0.510.590.550.521.440.500.570.540.581.70
VUDDYD4JDataset0.660.860.740.700.230.650.830.730.690.28
IJADataset0.470.490.480.470.330.460.480.470.460.30
GTHDataset0.510.580.540.511.090.500.570.540.511.16
LWHD4JDataset0.540.980.690.561.090.530.970.690.562.44
IJADataset0.500.970.660.4913.130.490.940.630.4812.93
GTHDataset0.560.980.720.6116.790.560.980.720.6116.79
IBEFTD4JDataset0.440.040.070.4920.080.440.040.070.4920.01
IJADataset0.600.030.060.5115.710.600.030.060.5118.35
GTHDataset0.850.040.080.529.120.750.030.060.518.49
ASTD4JDataset0.430.570.490.411.260.440.580.500.411.22
IJADataset0.480.510.490.471.670.460.480.470.461.67
GTHDataset0.470.660.550.460.960.460.630.530.450.94

Function-based general clones evaluation metrics of all techniques for each dataset.

TechniqueDatasetType-IType-II
PrecisionRecallF1-scoreAccuracyD.Time (s)PrecisionRecallF1-scoreAccuracyD.Time (s)
CCDiveD4JDataset0.991.00.990.992.560.991.01.00.992.50
IJADataset0.981.00.990.993.300.981.00.990.992.39
GTHDataset0.961.00.980.981.340.961.00.980.981.35
DroidMDD4JDataset0.570.080.140.5111.930.600.090.160.5210.75
IJADataset0.380.050.090.489.780.430.060.110.498.40
GTHDataset0.900.440.590.694.940.850.280.420.614.40
PDGD4JDataset0.650.930.770.710.720.650.940.770.720.71
IJADataset0.460.460.460.451.020.460.470.460.462.13
GTHDataset0.540.670.600.561.900.520.600.560.561.33
VUDDYD4JDataset0.670.910.770.730.220.660.890.760.720.23
IJADataset0.450.450.450.460.360.450.460.460.450.30
GTHDataset0.510.590.550.521.770.510.590.550.521.18
LWHD4JDataset0.650.640.650.650.700.650.640.650.650.70
IJADataset0.210.170.190.270.840.200.160.180.270.86
GTHDataset0.530.570.550.530.540.530.580.560.540.53
IBEFTD4JDataset0.440.040.070.4918.130.440.040.070.4920.08
IJADataset0.600.030.060.5116.500.600.030.060.5115.71
GTHDataset0.970.350.530.689.480.830.050.090.529.12
ASTD4JDataset0.460.640.540.451.270.440.580.500.411.21
IJADataset0.470.500.490.472.070.480.510.490.472.07
GTHDataset0.470.650.540.460.970.480.690.570.470.91

File-based direct clones evaluation metrics of all techniques for each dataset.

TechniqueDatasetType-IType-II
PrecisionRecallF1-scoreAccuracyD.Time (s)PrecisionRecallF1-scoreAccuracyD.Time (s)
CCDiveD4JDataset0.991.001.000.992.330.991.000.990.992.33
IJADataset0.980.980.980.983.540.980.980.980.983.51
GTHDataset0.970.990.980.981.210.970.980.980.971.22
DroidMDD4JDataset0.941.000.970.976.830.960.520.680.756.70
IJADataset0.931.001.000.9612.100.910.520.660.7311.53
GTHDataset0.961.000.980.982.710.950.550.700.762.62
PDGD4JDataset0.671.000.800.750.590.660.970.790.730.62
IJADataset0.640.990.780.712.400.600.820.690.642.28
GTHDataset0.630.920.740.690.470.600.810.690.641.99
VUDDYD4JDataset0.680.970.800.760.190.670.930.780.740.20
IJADataset0.610.860.720.660.380.670.930.780.620.33
GTHDataset0.600.810.690.641.820.590.720.650.602.02
LWHD4JDataset0.751.000.850.831.690.751.000.850.833.18
IJADataset0.600.960.740.670.860.600.940.730.660.88
GTHDataset0.640.940.760.710.210.640.910.750.690.42
IBEFTD4JDataset0.951.000.980.9713.500.930.280.430.6316.26
IJADataset0.981.000.990.9925.810.940.310.470.6525.53
GTHDataset0.991.000.990.995.211.000.360.530.685.16
ASTD4JDataset0.530.840.660.561.170.510.800.620.521.16
IJADataset0.580.770.660.611.890.540.670.600.551.80
GTHDataset0.540.850.660.560.990.600.810.690.531.99

File-based general clones evaluation metrics of all techniques for each dataset.

TechniqueDatasetType- IIIType- III LG
PrecisionRecallF1-scoreAccuracyD.Time (s)PrecisionRecallF1-scoreAccuracyD.Time (s)
CCDiveD4JDataset0.991.001.000.993.320.991.001.000.992.23
IJADataset0.980.980.980.983.610.990.960.970.973.76
GTHDataset0.970.910.940.941.250.970.830.890.901.28
DroidMDD4JDataset0.960.490.650.737.410.980.470.6470.738.27
IJADataset0.890.400.550.6812.880.900.360.510.6615.02
GTHDataset0.960.520.680.752.910.860.460.620.723.22
PDGD4JDataset0.660.930.770.720.640.650.930.770.710.66
IJADataset0.600.800.690.642.500.600.780.680.622.58
GTHDataset0.600.800.690.641.840.610.800.690.652.00
VUDDYD4JDataset0.670.910.770.730.210.660.910.770.720.21
IJADataset0.600.750.670.620.330.600.740.660.620.35
GTHDataset0.590.730.650.611.920.600.720.650.611.79
LWHD4JDataset0.531.000.690.552.750.521.000.680.533.16
IJADataset0.500.970.660.499.040.490.670.660.492.73
GTHDataset0.530.990.690.556.280.530.990.690.556.31
IBEFTD4JDataset0.930.280.430.6316.260.960.260.410.6216.59
IJADataset0.9620.220.350.6026.450.910.200.330.5930.67
GTHDataset1.000.330.500.675.971.000.300.460.656.17
ASTD4JDataset0.550.730.630.561.180.520.760.620.541.09
IJADataset0.530.620.570.541.730.520.570.540.521.76
GTHDataset0.500.750.600.510.880.490.670.570.490.91