On the Possibility of Breaking Copyleft Licenses When Reusing Code Generated by ChatGPT
Gaia Colombo, Leonardo Mariani, Daniela Micucci, Oliviero Riganelli
TL;DR
This study investigates the risk that ChatGPT-recommended code mirrors copyleft-licensed implementations. Using a large Java-method dataset derived from copyleft repositories and more than 70,000 generated methods, the authors quantify similarity to known copyleft code with JPlag and fuzzy metrics. They show that while single requests mostly avoid copying, expanding context within prompts and including access methods dramatically increases the chance of reproducing copyleft code; higher temperature reduces this risk but may affect correctness. The results imply actionable guidance for practitioners: limit context, tune temperature, and remain vigilant about licensing when using AI-assisted code generation, with future work on detection mechanisms and broader model generalization.
Abstract
AI assistants can help developers by recommending code to be included in their implementations (e.g., suggesting the implementation of a method from its signature). Although useful, these recommendations may mirror copyleft code available in public repositories, exposing developers to the risk of reusing code that they are allowed to reuse only under certain constraints (e.g., a specific license for the derivative software). This paper presents a large-scale study about the frequency and magnitude of this phenomenon in ChatGPT. In particular, we generate more than 70,000 method implementations using a range of configurations and prompts, revealing that a larger context increases the likelihood of reproducing copyleft code, but higher temperature settings can mitigate this issue.