Train in Vain: Functionality-Preserving Poisoning to Prevent Unauthorized Use of Code Datasets

TL;DR

FunPoison is a novel dataset poisoning method that injects stealthy, functionality-preserving code fragments into datasets, contaminating only 10% of data while maintaining correctness and robustness.

Contribution

It introduces a new poisoning technique that preserves code functionality and stealth, requiring only partial dataset contamination for effective unauthorized use prevention.

Findings

Contaminates only 10% of dataset for effective poisoning.

Maintains 100% code compilability and correctness.

Remains robust against code sanitization techniques.

Abstract

The widespread availability of large-scale code datasets has accelerated the development of code large language models (CodeLLMs), raising concerns about unauthorized dataset usage. Dataset poisoning offers a proactive defense by reducing the utility of such unauthorized training. However, existing poisoning methods often require full dataset poisoning and introduce transformations that break code compilability. In this paper, we introduce FunPoison, a functionality-preserving poisoning approach that injects short, compilable weak-use fragments into executed code paths. FunPoison leverages reusable statement-level templates with automatic repair and conservative safety checking to ensure side-effect freedom, while a type-aware synthesis module suppresses static analysis warnings and enhances stealth. Extensive experiments show that FunPoison achieves effective poisoning by contaminating only 10% of the dataset, while maintaining 100% compilability and functional correctness, and remains robust against various advanced code sanitization techniques.