This study investigates effective strategies for integrating pre-trained language models (PLMs) with graph neural networks (GNNs) to enhance performance in code classification and vulnerability detection. Through systematic evaluation of three code-specific PLMs combined with three foundational GNN architectures on the Java250 and Devign datasets—and augmented with robustness tests such as identifier obfuscation—the work demonstrates that the choice of PLM exerts a substantially greater impact on performance than the GNN architecture, and that larger models do not necessarily yield better results. The experiments reveal that PLM–GNN hybrid models consistently outperform pure GNN approaches, achieving notable improvements in ranking quality and robustness on Devign. Based on these findings, the paper proposes practical design guidelines for constructing PLM–GNN hybrids tailored to code understanding tasks.

Code understanding models increasingly rely on pretrained language models (PLMs) and graph neural networks (GNNs), which capture complementary semantic and structural information. We conduct a controlled empirical study of PLM-GNN hybrids for code classification and vulnerability detection tasks by systematically pairing three code-specialized PLMs with three foundational GNN architectures. We compare these hybrids against PLM-only and GNN-only baselines on Java250 and Devign, including an identifier-obfuscation setting. Across both tasks, hybrids consistently outperform GNN-only baselines and often improve ranking quality over frozen PLMs. On Devign, performance and robustness are more sensitive to the PLM feature source than to the GNN backbone. We also find that larger PLMs are not necessarily better feature extractors in this pipeline, and that the PLM choice has more impact than the GNN choice. Finally, we distill these findings into practical guidelines for PLM-GNN design choices in code classification and vulnerability detection.