How were "other non-vulnerable" functions collected?

[bstee615]

On page 2, your paper says:

Thus we collected the following information for a project: vulnerable methods with their fixes and non-vulnerable other methods.

As far as I can tell, the paper does not explain in further detail how these "non-vulnerable other" methods were collected. I assume these functions are distinct from the after-fix version of the bug-fixing commits, since there are many more non-vulnerable functions than vulnerable. How did you collect the "other" methods to label as non-vulnerable?