VersiCode: Towards Version-controllable Code Generation

3. "Please address the questions in the discussion about the definition and evaluation of deprecated methods and on the other methodological concerns above."

   We have revised the notes in Table 2 to clarify the setup for code migration:
   "The arrow $\mapsto$ indicates the direction of migration, where 'Major' denotes a major release (e.g., Torch v2.0.0 and v2.4.0), and 'Minor' denotes a minor release (e.g., Torch v2.1.3 and v2.3.4). Migration can be categorized as (1) XX$\mapsto$Major, crossing any major release (e.g., v2.0.0 to v2.4.0), and (2) XX$\mapsto$Minor, migrating within the same major release (e.g., v2.0.0 to v2.0.3). The 'Old $\mapsto$ New' scenario simulates upgrading to a newer version, while 'New $\mapsto$ Old' represents maintaining historical code."

   For code migration dataset construction, we focused solely on the "name change" type of API modifications, where the code differs only in core tokens, while the docstring descriptions remain unchanged. Consequently, code snippets from old and new versions share the same functional description.

4. "What degree of manual validation was used to ensure that the underlying snippets are valid? How were code migration pairs constructed exactly?"

   For the executable sample set, we manually validated each sample by installing the corresponding library version in a Docker environment and executing the ground truth script to verify its correctness.

5. "Is there a need for the CDC metric compared to pass@1 if the latter can be applied to a sufficiently large set of samples already? How do you address the concerns around the metric's potential for false negatives and the relatively slim difference compared to 'Exact Match' (and the concerns with that nomenclature)?"

   The CDC metric was introduced as a trade-off between evaluation accuracy and cost. For the VersiCode dataset, constructing a sufficiently large executable set would entail prohibitive costs due to several real-world constraints, including:

   1. High annotation and verification costs for test cases.
   2. Challenges in configuring development environments, such as ensuring compatibility between hardware (e.g., GPU versions) and system settings.
   3. Significant upfront preparation costs, which hinder the dataset's broader adoption.

   In contrast, the CDC framework, once refined and validated on the evaluation set, allows us to achieve relatively accurate and interpretable results at lower cost. Therefore, even with the availability of large datasets, the CDC metric remains valuable and necessary.

Thank you for your detailed assessment of our paper. Your comments have significantly enhanced the quality of our work, especially in the analysis of our results.

Below are our responses to your questions:

1. "I strongly suggest removing the comparison with HumanEval and MBPP in favor of an analysis that separates out API completion performance on methods that are (almost) never changed vs. ones that are, to better isolate the existence and magnitude of the effect of versioning on API completion specifically."

   Following your suggestion, we have moved the comparison with HumanEval and MBPP from the main body to the appendix. While we acknowledge that these benchmarks may suffer from potential data contamination, we believe the comparison still provides readers with a baseline understanding of the challenges involved in version-sensitive API-calling code generation compared to general code generation.

2. "Is the difference in performance statistically significant when controlling for time? E.g., in Fig. 4, is there a consistent difference when comparing data points for the same year between APIs that don't change (ideally ones that never change, but 'general' is fine too) and ones that are added/deprecated for any of these models? Reverse trends for addition vs. deprecation are interesting too."

   We categorized the "general API" data by year and obtained the following experimental results. Unlike the downward trends observed for addition and deprecation in Figure 4, performance on the general category remained relatively stable over time, with some models even showing improvement.

Response to Reviewer 4QQX

Regarding the comment:
"The only metric used in the version-aware code migration is CDC, a metric just proposed in this paper. Although in section 4, the CDC@1 is stated to align closely with pass@1, it is hard to say this new metric can serve as the only metric in code migration."

We appreciate your valuable feedback. During the rebuttal period, we conducted intensive data annotation and experimental evaluations to address this concern. Following a process similar to executable test case annotation for code completion, we annotated and evaluated the performance of the CDC metric specifically for the code migration task. The experimental results are as follows:

New-to-Old Migration

Old-to-New Migration

The results indicate that, although the evaluation accuracy of CDC shows a slight decline in the context of code migration compared to code completion tasks, CDC remains the metric with the highest consistency with pass@1 when compared to other static analysis metrics.

Regarding the comment:
"The paper uses 'Exact Match' to mean the specified API is used in the generated code. This practice is inconsistent with other papers, where 'exact match' means the generated code is the same as the oracle. I hope the authors can change the name of this metric to a more appropriate one."

To avoid any potential ambiguity, we will revise the term Exact Match to Core Token Match in the revised version of the paper. We sincerely thank you for pointing this out and for your constructive suggestion.

Thank you for your valuable comments.

1. In response to:
"A more thorough analysis on how context information, such as documentation related to added or deprecated APIs, affects performance would be beneficial."

Thank you for your insightful feedback regarding subsection 4.2. Indeed, providing elements like "import" statements or pre-loading related API documentation essentially supplies the model with additional contextual references when generating API call code. This, as you noted, can impact the accuracy of evaluating the model's internal knowledge. It's also why the performance of the "with import" condition surpasses that of the "without import" condition.

To address your suggestion, we conducted an additional set of experiments involving retrieval-augmented generation. In these experiments, we employed an embedding-based retrieval mechanism. The associated knowledge base included open-source code from downstream applications, source code of third-party libraries (including docstrings), and corpus data from Stack Overflow Q&A discussions. We analyzed the impact from two perspectives: (1) the data sources for retrieval, and (2) the API lifecycle (e.g., added or deprecated APIs). The results and corresponding discussions have been included to provide a more comprehensive analysis.

2. In response to:
"Misleading analysis."

We apologize for any confusion caused by our previous wording and have refined the statements in subsection 5.2 for better clarity. Specifically:

In Tables 1 and 2, we presented analysis results for block-level code completion and block-level code migration, respectively. In Appendix D.3, we further compared the experimental results of these two code generation tasks under the "without import" and "with version" settings, as shown in Table 9.

Moreover, we evaluated the impact of grammar verification under both "with grammar verification" and "without grammar verification" conditions. By comparing the results in Table 9, we concluded that while contextual code from another version is still beneficial, its advantages are limited.

We acknowledge that the original title of Appendix D.3, "Grammar Verification Impact," may have been misleading. In the revised version, we have renamed Appendix D.3 to "Block-Level Code Completion vs. Code Migration" to better reflect its content and avoid misinterpretation.

Thank you again for your constructive comments, which have significantly improved the clarity and rigor of our analysis.

To Reviewer dNit,

Thank you for your insightful comments. We have addressed your concerns as follows:

1. "Lack of Implementation of Retrieval-Augmented Generation (RAG)"

   We have conducted additional experiments to explore Retrieval-Augmented Generation (RAG). Specifically, we implemented a retrieval mechanism based on embedding similarity. The knowledge base for retrieval includes open-source code from downstream applications, source code of third-party libraries (including their docstrings), and Q&A data from the StackOverflow community. We analyzed the experimental results from two perspectives: the sources of retrieval data and their relevance to the API lifecycle.

2. "Could the authors elaborate on the rationale behind the specific criteria used for sampling instances in model evaluations?"

   We employed a fully random sampling strategy aligned with the distribution of the complete dataset. This ensures the reliability of our evaluation results by maintaining representativeness across the dataset.

3. "Are there plans to extend VersiCode to support other programming languages, given the diverse needs in software development?"

   The automated updating and maintenance of the VersiCode dataset is an ongoing effort, comprising three key components:

   1. Automated Data Collection: We screen libraries from the PyPI classification system by selecting topics with stable update frequencies and libraries that exceed specific thresholds for GitHub stars or recent activity rates.
   2. Knowledge Extraction and Management: For each library version, we construct API structural knowledge graphs and map API evolution relationships across versions.
   3. Dataset Generation and Maintenance: Based on the evolution paths and distributions within the knowledge graphs, we select functionality points to generate evaluation samples.

   Furthermore, we have extended VersiCode to include annotations for 771 evaluation samples from Java, C#, and JavaScript. For future work, we are following the Python pipeline to collect and analyze data for other programming languages, including Rust, Go, Swift, and Java. This effort already covers over 800 libraries and 7,000 versions of data.

4. "Absence of Evaluation Metrics for High-Level Reasoning"

   This study focuses on assessing LLMs' ability to correctly invoke APIs of specified versions. The evaluation metric, CDC, is designed to align with this objective. To address your suggestion, we have provided supplementary results in Table 1 using the CodeBLEU metric. CodeBLEU incorporates longer context through data flow graphs and control flow graphs. Our results demonstrate that CDC outperforms CodeBLEU in evaluating VersiCode, confirming its suitability for our goals.

We acknowledge the need for future evaluations of LLMs in more complex software engineering tasks. CDC offers a framework for evaluation metric design that can be upgraded by refining its rule-based systems to accommodate high-level reasoning tasks.

We hope these clarifications address your concerns. Thank you again for your valuable feedback!

Thank you for your insightful questions, which align closely with our ongoing research efforts surrounding VersiCode. Below are detailed responses to your queries:

1. How do you plan to address more intricate API modifications in future iterations of VersiCode and CDC?

As highlighted in Table 2 of [1], while there are 14 fundamental types of API evolution in Python, Method Removal (28.3%) and Method Addition (29.2%) collectively account for 57.5% of all changes. These types form the primary focus of VersiCode's current scope. In future work, we aim to extend our considerations to include Field Removal (16.7%) and Field Addition (17.4%), as well as Class Removal (2.3%) and Class Addition (2.4%). Additionally, we will explore combinations of these fundamental evolution types through data mining during dataset construction. For instance, Method Renaming could be modeled as a combination of Method Removal followed by Method Addition, and might also involve Parameter Addition or Parameter Reordering.

Regarding the CDC evaluation framework, we aim to emphasize two practical principles:

1. Rule-based systems or decision trees inherently offer strong interpretability and low computational overhead for code evaluation.
2. Code evaluation differs from natural language evaluation—each token (e.g., spaces, indentation, identifiers, operators) distinctly impacts correctness. Instead of solely measuring the overall similarity between code and ground truth, we should focus on critical tokens that may cause runtime errors.

The current CDC metrics are tailored to the VersiCode dataset, emphasizing the accuracy of API call evaluations. Future enhancements to the CDC may include:

• Incorporating data flow and control flow analysis, enabling API-related code slicing.
• Introducing decision trees to address potential conflicts or redundancies in the rules.
• Leveraging distillation mechanisms to automate adjustments to the rule-based system, adapting to different evaluation perspectives across diverse code benchmarks.

2. What strategies are you considering to ensure VersiCode remains up-to-date and scalable as libraries evolve rapidly across programming languages and ecosystems?

Automated updating and maintenance of the VersiCode dataset are ongoing efforts, involving three key strategies:

1. Automated Data Collection: For Python, we leverage the PyPI [2] classification system to identify libraries with stable update frequencies and significant GitHub stars or rapid growth in star count. These libraries form the basis of API structural knowledge graphs across versions.
2. Automated Knowledge Extraction and Management: We construct evolution knowledge graphs that capture API changes between versions. These graphs are then used to identify functional points for generating evaluation samples.
3. Knowledge-Based Dataset Generation and Maintenance: Evaluation samples are created based on evolutionary paths and distributions derived from the knowledge graphs.

For multi-language support, the current VersiCode dataset includes 771 evaluation samples from Java, C#, and JavaScript. Moving forward, we are extending the VersiCode construction workflow to additional languages such as Rust, Go, Swift, and Java. This involves collecting source code and downstream applications for over 800 libraries spanning more than 7,000 versions.

References: [1] Zhang, Zhaoxu, et al. "How do Python framework APIs evolve? An exploratory study." 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER). IEEE, 2020.
[2] PyPI