Train in Vain: Functionality-Preserving Poisoning to Prevent Unauthorized Use of Code Datasets
For developers and organizations concerned about unauthorized training of CodeLLMs, FunPoison provides a practical, stealthy defense that preserves code functionality.
FunPoison prevents unauthorized use of code datasets by injecting functionality-preserving, compilable weak-use fragments into executed code paths, achieving effective poisoning with only 10% contamination while maintaining 100% compilability and functional correctness.
The widespread availability of large-scale code datasets has accelerated the development of code large language models (CodeLLMs), raising concerns about unauthorized dataset usage. Dataset poisoning offers a proactive defense by reducing the utility of such unauthorized training. However, existing poisoning methods often require full dataset poisoning and introduce transformations that break code compilability. In this paper, we introduce FunPoison, a functionality-preserving poisoning approach that injects short, compilable weak-use fragments into executed code paths. FunPoison leverages reusable statement-level templates with automatic repair and conservative safety checking to ensure side-effect freedom, while a type-aware synthesis module suppresses static analysis warnings and enhances stealth. Extensive experiments show that FunPoison achieves effective poisoning by contaminating only 10% of the dataset, while maintaining 100% compilability and functional correctness, and remains robust against various advanced code sanitization techniques.