Details of OSSScope

        Generally, we first clone all the selected repositories via GitHub APIs. For each repository, we identify the functions with adequate information and calculate the feature for these functions, to construct the feature dataset. Specifically, we first collect all GitHub versions and tags as snapshots of each repository. For those with no version and tag, we collect the main branch instead. For each snapshot, we only select the C-related files. Considering that most files are unchanged during version releases, we only keep C-related files that first appear in the version list for each snapshot, reducing the duplicated efforts. 

        Next, we extract the functions of these files for each snapshot of given repositories by Antlr. For each function, we removed comments and blank lines and normalized function and variable names. We also filtered the functions which are less than three lines, which are considered meaningless. Then, we generate an MD5 hash value for identifying functions. We deduplicated functions based on hash values and finally obtained 41,806,568 unique functions from 62,868 active repositories, which constructed the initial feature database.

        Although the 385,000 selected repositories can cover all C language projects on GitHub from the perspective of function diversity, the value attributes of the functions themselves are not considered. There are still repositories with low value for code reusing that are included in the scope. To this end, we refine our feature database by introducing several assumptions to exclude unsuitable repositories:

1. Function Quantity Extremes: Repositories with either an excessively high or low number of functions, which often represent large-scale software or projects of negligible relevance, are inappropriate for use as Third-Party Libraries (TPLs)

2. Function Repetition Rate: Functions with no or too many similar copies across the ecosystem could have little value from the perspective of improving CCD accuracy, as they are less likely to be reused or can not indicate copy-paste reuse. Therefore, we exclude repositories with a high ratio of such functions.

3. Complexity of Functions: Repositories with functions that are either overly complex or overly simplistic are excluded. This criterion serves as an indirect measure of the repository’s code quality.

        We used the Maintainability Index to measure the complexity of the function. For each function, we extracted the following features to calculate MI:

• LOC (Lines of the code): The lines of function without blank lines. 

• Halstead Volume (HV): It is based on counting a program’s operators and operands

• Cyclomatic Complexity (CC):It is based on the Control Flow Graph(CFG) of the function

• Maintainability Index (MI): the comprehensive measurement of the function complexity based on the comprehensive calculation of the above indicators.

MI = 171−5.2×ln(HV)−0.23×(CC)−16.2×ln(LOC)

         We addressed our assumptions by sorting repositories based on specific criteria and applying a filtering threshold θ. For the first assumption, repositories were ordered by their total number of functions, with both the upper and lower extremes removed. The second assumption involved sorting by the proportion of duplicate functions and similarly excluding the top and bottom segments. For the third, we sorted based on the sum of MI of owned functions, again removing the extremes. The threshold θ controlled the extent of filtering. We evaluated the values of θ within the range of [5%, 10%, 15%, 20%, 25%], corresponding to the exclusion of the top and bottom θ of repositories based on our predefined criteria.