From 5dee1ab123550064aaeed7c7d1c7ae375b63385d Mon Sep 17 00:00:00 2001
From: FuzzTest Team <fuzztest@google.com>
Date: Tue, 26 May 2026 02:53:18 -0700
Subject: [PATCH] Optimize FlatBuffers untyped table domain with fields_by_id_
 map

This refactor introduces an absl::btree_map for field storage in FlatbuffersTableUntypedDomainImpl, allowing deterministic field iteration and faster field ID lookup.

PiperOrigin-RevId: 921342355
---
 .../arbitrary_domains_flatbuffers_test.cc     |  26 +++
 fuzztest/internal/BUILD                       |   7 +-
 fuzztest/internal/CMakeLists.txt              |   1 +
 fuzztest/internal/domains/BUILD               |   2 +-
 .../domains/flatbuffers_domain_impl.cc        |  52 +++---
 .../domains/flatbuffers_domain_impl.h         | 165 ++++++++++++------
 fuzztest/internal/test_flatbuffers_64bits.fbs |  21 +++
 7 files changed, 194 insertions(+), 80 deletions(-)
 create mode 100644 fuzztest/internal/test_flatbuffers_64bits.fbs

diff --git a/domain_tests/arbitrary_domains_flatbuffers_test.cc b/domain_tests/arbitrary_domains_flatbuffers_test.cc
index 508ad269..d96c24dd 100644
--- a/domain_tests/arbitrary_domains_flatbuffers_test.cc
+++ b/domain_tests/arbitrary_domains_flatbuffers_test.cc
@@ -36,6 +36,7 @@
 #include "./domain_tests/domain_testing.h"
 #include "./fuzztest/flatbuffers.h"
 #include "./fuzztest/internal/meta.h"
+#include "./fuzztest/internal/test_flatbuffers_64bits_generated.h"
 #include "./fuzztest/internal/test_flatbuffers_generated.h"
 
 namespace fuzztest {
@@ -43,6 +44,7 @@ namespace {
 
 using ::fuzztest::internal::BoolTable;
 using ::fuzztest::internal::DefaultTable;
+using ::fuzztest::internal::DefaultTable64;
 using ::fuzztest::internal::OptionalTable;
 using ::fuzztest::internal::RecursiveTable;
 using ::fuzztest::internal::RequiredTable;
@@ -592,5 +594,29 @@ TEST(FlatbuffersTableDomainImplTest, RecursiveTable) {
   ASSERT_THAT(new_table, IsNull());
 }
 
+TEST(FlatbuffersTableDomainImplTest, DefaultTable64ValueRoundTrip) {
+  flatbuffers::FlatBufferBuilder64 fbb;
+  auto str_offset = fbb.CreateString<flatbuffers::Offset64>("foo bar baz");
+  auto table_offset = internal::CreateDefaultTable64(fbb, str_offset);
+  fbb.Finish(table_offset);
+  auto table = flatbuffers::GetRoot<DefaultTable64>(fbb.GetBufferPointer());
+
+  auto domain = Arbitrary<const DefaultTable64*>();
+  auto corpus = domain.FromValue(table);
+  ASSERT_TRUE(corpus.has_value());
+  ASSERT_OK(domain.ValidateCorpusValue(*corpus));
+
+  auto ir = domain.SerializeCorpus(corpus.value());
+
+  auto new_corpus = domain.ParseCorpus(ir);
+  ASSERT_TRUE(new_corpus.has_value());
+  ASSERT_OK(domain.ValidateCorpusValue(*new_corpus));
+
+  auto new_table = domain.GetValue(*new_corpus);
+  ASSERT_THAT(new_table, NotNull());
+  ASSERT_THAT(new_table->str(), NotNull());
+  EXPECT_EQ(new_table->str()->str(), "foo bar baz");
+}
+
 }  // namespace
 }  // namespace fuzztest
diff --git a/fuzztest/internal/BUILD b/fuzztest/internal/BUILD
index f5155910..2bf470ff 100644
--- a/fuzztest/internal/BUILD
+++ b/fuzztest/internal/BUILD
@@ -616,8 +616,13 @@ cc_test(
 
 flatbuffer_library_public(
     name = "test_flatbuffers_fbs",
-    srcs = ["test_flatbuffers.fbs"],
+    srcs = [
+        "test_flatbuffers.fbs",
+        "test_flatbuffers_64bits.fbs",
+    ],
     outs = [
+        "test_flatbuffers_64bits_bfbs_generated.h",
+        "test_flatbuffers_64bits_generated.h",
         "test_flatbuffers_bfbs_generated.h",
         "test_flatbuffers_generated.h",
     ],
diff --git a/fuzztest/internal/CMakeLists.txt b/fuzztest/internal/CMakeLists.txt
index 0eb75aba..5c1173e6 100644
--- a/fuzztest/internal/CMakeLists.txt
+++ b/fuzztest/internal/CMakeLists.txt
@@ -574,6 +574,7 @@ if (FUZZTEST_BUILD_FLATBUFFERS)
       test_flatbuffers_headers
     SCHEMAS
       "test_flatbuffers.fbs"
+      "test_flatbuffers_64bits.fbs"
     FLAGS
       --bfbs-gen-embed --gen-name-strings
     TESTONLY
diff --git a/fuzztest/internal/domains/BUILD b/fuzztest/internal/domains/BUILD
index 545fef36..5682ffb8 100644
--- a/fuzztest/internal/domains/BUILD
+++ b/fuzztest/internal/domains/BUILD
@@ -187,9 +187,9 @@ cc_library(
     hdrs = ["flatbuffers_domain_impl.h"],
     deps = [
         ":core_domains_impl",
-        "@abseil-cpp//absl/algorithm:container",
         "@abseil-cpp//absl/base:core_headers",
         "@abseil-cpp//absl/base:nullability",
+        "@abseil-cpp//absl/container:btree",
         "@abseil-cpp//absl/container:flat_hash_map",
         "@abseil-cpp//absl/container:flat_hash_set",
         "@abseil-cpp//absl/random:bit_gen_ref",
diff --git a/fuzztest/internal/domains/flatbuffers_domain_impl.cc b/fuzztest/internal/domains/flatbuffers_domain_impl.cc
index 7e8e144e..c675ae00 100644
--- a/fuzztest/internal/domains/flatbuffers_domain_impl.cc
+++ b/fuzztest/internal/domains/flatbuffers_domain_impl.cc
@@ -38,13 +38,18 @@ namespace fuzztest::internal {
 FlatbuffersTableUntypedDomainImpl::FlatbuffersTableUntypedDomainImpl(
     const reflection::Schema* absl_nonnull schema,
     const reflection::Object* absl_nonnull table_object)
-    : schema_(schema), table_object_(table_object) {}
+    : schema_(schema), table_object_(table_object) {
+  for (const auto& field : *table_object_->fields()) {
+    fields_by_id_[field->id()] = field;
+  }
+}
 
 FlatbuffersTableUntypedDomainImpl::FlatbuffersTableUntypedDomainImpl(
     const FlatbuffersTableUntypedDomainImpl& other)
     : DomainBase(other),
       schema_(other.schema_),
-      table_object_(other.table_object_) {
+      table_object_(other.table_object_),
+      fields_by_id_(other.fields_by_id_) {
   absl::MutexLock l_other(other.mutex_);
   absl::MutexLock l_this(mutex_);
   domains_ = other.domains_;
@@ -55,6 +60,7 @@ FlatbuffersTableUntypedDomainImpl& FlatbuffersTableUntypedDomainImpl::operator=(
   DomainBase::operator=(other);
   schema_ = other.schema_;
   table_object_ = other.table_object_;
+  fields_by_id_ = other.fields_by_id_;
   absl::MutexLock l_other(other.mutex_);
   absl::MutexLock l_this(mutex_);
   domains_ = other.domains_;
@@ -63,7 +69,9 @@ FlatbuffersTableUntypedDomainImpl& FlatbuffersTableUntypedDomainImpl::operator=(
 
 FlatbuffersTableUntypedDomainImpl::FlatbuffersTableUntypedDomainImpl(
     FlatbuffersTableUntypedDomainImpl&& other)
-    : schema_(other.schema_), table_object_(other.table_object_) {
+    : schema_(other.schema_),
+      table_object_(other.table_object_),
+      fields_by_id_(std::move(other.fields_by_id_)) {
   absl::MutexLock l_other(other.mutex_);
   absl::MutexLock l_this(mutex_);
   domains_ = std::move(other.domains_);
@@ -74,6 +82,7 @@ FlatbuffersTableUntypedDomainImpl& FlatbuffersTableUntypedDomainImpl::operator=(
     FlatbuffersTableUntypedDomainImpl&& other) {
   schema_ = other.schema_;
   table_object_ = other.table_object_;
+  fields_by_id_ = std::move(other.fields_by_id_);
   absl::MutexLock l_other(other.mutex_);
   absl::MutexLock l_this(mutex_);
   domains_ = std::move(other.domains_);
@@ -87,7 +96,7 @@ FlatbuffersTableUntypedDomainImpl::Init(absl::BitGenRef prng) {
     return *seed;
   }
   corpus_type val;
-  for (const auto* field : *table_object_->fields()) {
+  for (const auto& [_, field] : fields_by_id_) {
     VisitFlatbufferField(schema_, field, InitializeVisitor{*this, prng, val});
   }
   return val;
@@ -98,7 +107,7 @@ void FlatbuffersTableUntypedDomainImpl::Mutate(
     corpus_type& val, absl::BitGenRef prng,
     const domain_implementor::MutationMetadata& metadata, bool only_shrink) {
   uint64_t field_count = 0;
-  for (const auto* field : *table_object_->fields()) {
+  for (const auto& [_, field] : fields_by_id_) {
     VisitFlatbufferField(schema_, field,
                          CountNumberOfMutableFieldsVisitor{*this, field_count,
                                                            val, only_shrink});
@@ -112,7 +121,7 @@ void FlatbuffersTableUntypedDomainImpl::Mutate(
 uint64_t FlatbuffersTableUntypedDomainImpl::CountNumberOfFields(
     corpus_type& val) {
   uint64_t field_count = 0;
-  for (const auto* field : *table_object_->fields()) {
+  for (const auto& [_, field] : fields_by_id_) {
     VisitFlatbufferField(
         schema_, field,
         CountNumberOfMutableFieldsVisitor{*this, field_count, val});
@@ -130,29 +139,16 @@ uint64_t FlatbuffersTableUntypedDomainImpl::MutateSelectedField(
     return fields_count;
   }
 
-  for (const auto* field : *table_object_->fields()) {
+  for (const auto& [_, field] : fields_by_id_) {
     if (!IsSupportedField(field)) {
       if (only_shrink && !val.contains(field->id())) continue;
     }
 
     ++field_counter;
-    if (field_counter == selected_field_index) {
-      VisitFlatbufferField(
-          schema_, field,
-          MutateVisitor{*this, prng, metadata, only_shrink, val});
-      return field_counter;
-    }
-
-    if (field->type()->base_type() == reflection::BaseType::Obj) {
-      auto sub_object = schema_->objects()->Get(field->type()->index());
-      if (!sub_object->is_struct()) {
-        field_counter +=
-            GetCachedDomain<FlatbuffersTableTag>(field).MutateSelectedField(
-                val[field->id()], prng, metadata, only_shrink,
-                selected_field_index - field_counter);
-      }
-      // TODO: Add support for structs.
-    }
+    VisitFlatbufferField(
+        schema_, field,
+        MutateSelectedFieldVisitor{*this, field_counter, val, prng, metadata,
+                                   only_shrink, selected_field_index});
 
     if (field_counter >= selected_field_index) {
       return field_counter;
@@ -163,7 +159,7 @@ uint64_t FlatbuffersTableUntypedDomainImpl::MutateSelectedField(
 
 absl::Status FlatbuffersTableUntypedDomainImpl::ValidateCorpusValue(
     const corpus_type& corpus_value) const {
-  for (const auto* field : *table_object_->fields()) {
+  for (const auto& [_, field] : fields_by_id_) {
     absl::Status result;
     GenericDomainCorpusType field_corpus;
     if (auto it = corpus_value.find(field->id()); it != corpus_value.end()) {
@@ -183,7 +179,7 @@ FlatbuffersTableUntypedDomainImpl::FromValue(const value_type& value) const {
     return std::nullopt;
   }
   corpus_type ret;
-  for (const auto* field : *table_object_->fields()) {
+  for (const auto& [_, field] : fields_by_id_) {
     VisitFlatbufferField(schema_, field, FromValueVisitor{*this, value, ret});
   }
   return ret;
@@ -276,11 +272,11 @@ bool FlatbuffersTableUntypedDomainImpl::IsSupportedField(
 }
 
 uint32_t FlatbuffersTableUntypedDomainImpl::BuildTable(
-    const corpus_type& value, flatbuffers::FlatBufferBuilder& builder) const {
+    const corpus_type& value, flatbuffers::FlatBufferBuilder64& builder) const {
   // Add all the fields to the builder.
 
   // Offsets is the map of field id to its offset in the table.
-  absl::flat_hash_map<typename corpus_type::key_type, flatbuffers::uoffset_t>
+  absl::flat_hash_map<typename corpus_type::key_type, flatbuffers::uoffset64_t>
       offsets;
 
   // Some fields are stored inline in the flatbuffer table itself (a.k.a
diff --git a/fuzztest/internal/domains/flatbuffers_domain_impl.h b/fuzztest/internal/domains/flatbuffers_domain_impl.h
index 1482a598..33500ba2 100644
--- a/fuzztest/internal/domains/flatbuffers_domain_impl.h
+++ b/fuzztest/internal/domains/flatbuffers_domain_impl.h
@@ -26,9 +26,9 @@
 #include <variant>
 #include <vector>
 
-#include "absl/algorithm/container.h"
 #include "absl/base/nullability.h"
 #include "absl/base/thread_annotations.h"
+#include "absl/container/btree_map.h"
 #include "absl/container/flat_hash_map.h"
 #include "absl/container/flat_hash_set.h"
 #include "absl/random/bit_gen_ref.h"
@@ -37,7 +37,9 @@
 #include "absl/strings/str_format.h"
 #include "absl/synchronization/mutex.h"
 #include "flatbuffers/base.h"
+#include "flatbuffers/buffer.h"
 #include "flatbuffers/flatbuffer_builder.h"
+#include "flatbuffers/reflection.h"
 #include "flatbuffers/reflection_generated.h"
 #include "flatbuffers/string.h"
 #include "flatbuffers/table.h"
@@ -82,67 +84,80 @@ struct FlatbuffersStructTag;
 struct FlatbuffersUnionTag;
 struct FlatbuffersVectorTag;
 
+// Helper to wrap the visitor with the correct tag type.
+template <template <typename> typename Wrapper, typename Visitor>
+struct VisitorTagWrapper {
+  Visitor&& visitor;
+  template <typename T>
+  void Visit(const reflection::Field* absl_nonnull field) const {
+    std::forward<Visitor>(visitor).template Visit<Wrapper<T>>(field);
+  }
+};
+
 // Dynamic to static dispatch visitor pattern.
-template <typename Visitor>
-auto VisitFlatbufferField(const reflection::Schema* absl_nonnull schema,
+template <typename Visitor, bool in_container = false>
+void VisitFlatbufferField(const reflection::Schema* absl_nonnull schema,
                           const reflection::Field* absl_nonnull field,
-                          Visitor visitor) {
-  auto field_index = field->type()->index();
-  switch (field->type()->base_type()) {
+                          Visitor&& visitor) {
+  const auto type =
+      in_container ? field->type()->element() : field->type()->base_type();
+  const auto field_index = field->type()->index();
+  const bool is_enum = flatbuffers::IsInteger(type) && field_index >= 0;
+  switch (type) {
     case reflection::BaseType::Bool:
       visitor.template Visit<bool>(field);
       break;
     case reflection::BaseType::Byte:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<int8_t>>(field);
       } else {
         visitor.template Visit<int8_t>(field);
       }
       break;
     case reflection::BaseType::Short:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<int16_t>>(field);
       } else {
         visitor.template Visit<int16_t>(field);
       }
       break;
     case reflection::BaseType::Int:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<int32_t>>(field);
       } else {
         visitor.template Visit<int32_t>(field);
       }
       break;
     case reflection::BaseType::Long:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<int64_t>>(field);
       } else {
         visitor.template Visit<int64_t>(field);
       }
       break;
     case reflection::BaseType::UByte:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<uint8_t>>(field);
       } else {
         visitor.template Visit<uint8_t>(field);
       }
       break;
     case reflection::BaseType::UShort:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<uint16_t>>(field);
       } else {
         visitor.template Visit<uint16_t>(field);
       }
       break;
     case reflection::BaseType::UInt:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<uint32_t>>(field);
       } else {
         visitor.template Visit<uint32_t>(field);
       }
       break;
     case reflection::BaseType::ULong:
-      if (field_index >= 0) {
+      if (is_enum) {
         visitor.template Visit<FlatbuffersEnumTag<uint64_t>>(field);
       } else {
         visitor.template Visit<uint64_t>(field);
@@ -159,29 +174,36 @@ auto VisitFlatbufferField(const reflection::Schema* absl_nonnull schema,
       break;
     case reflection::BaseType::Vector:
     case reflection::BaseType::Vector64:
-      visitor.template Visit<FlatbuffersVectorTag>(field);
+      if constexpr (in_container) {
+        FUZZTEST_LOG(FATAL) << "Nested containers are not supported.";
+      } else {
+        visitor.template Visit<FlatbuffersVectorTag>(field);
+      }
       break;
     case reflection::BaseType::Array:
-      visitor.template Visit<FlatbuffersArrayTag>(field);
+      if constexpr (in_container) {
+        FUZZTEST_LOG(FATAL) << "Nested containers are not supported.";
+      } else {
+        visitor.template Visit<FlatbuffersArrayTag>(field);
+      }
       break;
-    case reflection::BaseType::Obj: {
-      auto sub_object = schema->objects()->Get(field->type()->index());
-      if (sub_object->is_struct()) {
+    case reflection::BaseType::Obj:
+      if (schema->objects()->Get(field_index)->is_struct()) {
         visitor.template Visit<FlatbuffersStructTag>(field);
       } else {
         visitor.template Visit<FlatbuffersTableTag>(field);
       }
       break;
-    }
     case reflection::BaseType::Union:
       visitor.template Visit<FlatbuffersUnionTag>(field);
       break;
     case reflection::BaseType::UType:
-      // Noop
+      // Noop: Union type fields are handled when processing their
+      // corresponding union field
       break;
     default:
       FUZZTEST_LOG(FATAL) << "Unsupported base type: "
-                          << field->type()->base_type();
+                          << reflection::EnumNameBaseType(type);
   }
 }
 
@@ -358,6 +380,7 @@ class FlatbuffersTableUntypedDomainImpl
  private:
   const reflection::Schema* absl_nonnull schema_;
   const reflection::Object* absl_nonnull table_object_;
+  absl::btree_map<uint16_t, const reflection::Field*> fields_by_id_;
   mutable absl::Mutex mutex_;
   mutable absl::flat_hash_map<typename corpus_type::key_type, CopyableAny>
       domains_ ABSL_GUARDED_BY(mutex_);
@@ -365,7 +388,7 @@ class FlatbuffersTableUntypedDomainImpl
   bool IsSupportedField(const reflection::Field* absl_nonnull field) const;
 
   uint32_t BuildTable(const corpus_type& value,
-                      flatbuffers::FlatBufferBuilder& builder) const;
+                      flatbuffers::FlatBufferBuilder64& builder) const;
 
   // Returns the domain for the given field.
   // The domain is cached, and the same instance is returned for the same field.
@@ -395,10 +418,10 @@ class FlatbuffersTableUntypedDomainImpl
 
   const reflection::Field* absl_nullable GetFieldById(
       typename corpus_type::key_type id) const {
-    const auto it =
-        absl::c_find_if(*table_object_->fields(),
-                        [id](const auto* field) { return field->id() == id; });
-    return it != table_object_->fields()->end() ? *it : nullptr;
+    if (auto it = fields_by_id_.find(id); it != fields_by_id_.end()) {
+      return it->second;
+    }
+    return nullptr;
   }
 
   struct SerializeVisitor {
@@ -441,9 +464,15 @@ class FlatbuffersTableUntypedDomainImpl
         }
       } else if constexpr (std::is_same_v<T, std::string>) {
         if (user_value->CheckField(field->offset())) {
-          inner_value = std::optional(
-              user_value->GetPointer<flatbuffers::String*>(field->offset())
-                  ->str());
+          if (field->offset64()) {
+            inner_value = std::optional(
+                user_value->GetPointer64<flatbuffers::String*>(field->offset())
+                    ->str());
+          } else {
+            inner_value = std::optional(
+                user_value->GetPointer<flatbuffers::String*>(field->offset())
+                    ->str());
+          }
         }
       } else if constexpr (std::is_same_v<T, FlatbuffersTableTag>) {
         auto sub_object = self.schema_->objects()->Get(field->type()->index());
@@ -464,9 +493,9 @@ class FlatbuffersTableUntypedDomainImpl
   // Create out-of-line table fields, see `BuildTable` for details.
   struct TableFieldBuilderVisitor {
     const FlatbuffersTableUntypedDomainImpl& self;
-    flatbuffers::FlatBufferBuilder& builder;
-    absl::flat_hash_map<typename corpus_type::key_type, flatbuffers::uoffset_t>&
-        offsets;
+    flatbuffers::FlatBufferBuilder64& builder;
+    absl::flat_hash_map<typename corpus_type::key_type,
+                        flatbuffers::uoffset64_t>& offsets;
     const typename corpus_type::mapped_type& corpus_value;
 
     template <typename T>
@@ -475,8 +504,16 @@ class FlatbuffersTableUntypedDomainImpl
         auto& domain = self.GetCachedDomain<T>(field);
         auto user_value = domain.GetValue(corpus_value);
         if (user_value.has_value()) {
-          auto offset =
-              builder.CreateString(user_value->data(), user_value->size()).o;
+          flatbuffers::uoffset64_t offset;
+          if (field->offset64()) {
+            offset = builder
+                         .CreateString<flatbuffers::Offset64>(
+                             user_value->data(), user_value->size())
+                         .o;
+          } else {
+            offset =
+                builder.CreateString(user_value->data(), user_value->size()).o;
+          }
           offsets.insert({field->id(), offset});
         }
       } else if constexpr (std::is_same_v<T, FlatbuffersTableTag>) {
@@ -502,9 +539,9 @@ class FlatbuffersTableUntypedDomainImpl
   // offsets for "out-of-line fields". See `BuildTable` for details.
   struct TableBuilderVisitor {
     const FlatbuffersTableUntypedDomainImpl& self;
-    flatbuffers::FlatBufferBuilder& builder;
-    const absl::flat_hash_map<typename corpus_type::key_type,
-                              flatbuffers::uoffset_t>& offsets;
+    flatbuffers::FlatBufferBuilder64& builder;
+    absl::flat_hash_map<typename corpus_type::key_type,
+                        flatbuffers::uoffset64_t>& offsets;
     const typename corpus_type::value_type::second_type& corpus_value;
 
     template <typename T>
@@ -521,9 +558,15 @@ class FlatbuffersTableUntypedDomainImpl
       } else if constexpr (std::is_same_v<T, std::string>) {
         // "Out-of-line field". Store just offset.
         if (auto it = offsets.find(field->id()); it != offsets.end()) {
-          builder.AddOffset(
-              field->offset(),
-              flatbuffers::Offset<flatbuffers::String>(it->second));
+          if (field->offset64()) {
+            builder.AddOffset(
+                field->offset(),
+                flatbuffers::Offset64<flatbuffers::String>(it->second));
+          } else {
+            builder.AddOffset(
+                field->offset(),
+                flatbuffers::Offset<flatbuffers::String>(it->second));
+          }
         }
       } else if constexpr (std::is_same_v<T, FlatbuffersTableTag>) {
         // "Out-of-line field". Store just offset.
@@ -597,22 +640,36 @@ class FlatbuffersTableUntypedDomainImpl
     }
   };
 
-  struct MutateVisitor {
+  struct MutateSelectedFieldVisitor {
     FlatbuffersTableUntypedDomainImpl& self;
+    uint64_t& field_counter;
+    corpus_type& val;
     absl::BitGenRef prng;
     const domain_implementor::MutationMetadata& metadata;
     bool only_shrink;
-    corpus_type& corpus_value;
+    uint64_t selected_field_index;
 
     template <typename T>
     void Visit(const reflection::Field* absl_nonnull field) {
-      auto& domain = self.GetCachedDomain<T>(field);
-      auto it = corpus_value.find(field->id());
-      if (it == corpus_value.end()) {
-        if (only_shrink) return;
-        it = corpus_value.try_emplace(field->id(), domain.Init(prng)).first;
+      if (!self.IsSupportedField(field)) return;
+      if (only_shrink && !val.contains(field->id())) return;
+
+      if (field_counter == selected_field_index) {
+        auto& domain = self.GetCachedDomain<T>(field);
+        auto it = val.find(field->id());
+        if (it == val.end()) {
+          if (only_shrink) return;
+          it = val.try_emplace(field->id(), domain.Init(prng)).first;
+        }
+        domain.Mutate(it->second, prng, metadata, only_shrink);
+      } else {
+        auto& domain = self.GetCachedDomain<T>(field);
+        if (auto it = val.find(field->id()); it != val.end()) {
+          field_counter += domain.MutateSelectedField(
+              it->second, prng, metadata, only_shrink,
+              selected_field_index - field_counter);
+        }
       }
-      domain.Mutate(it->second, prng, metadata, only_shrink);
     }
   };
 
@@ -743,6 +800,14 @@ class FlatbuffersTableDomainImpl
     return inner_->CountNumberOfFields(val.untyped_corpus);
   }
 
+  uint64_t MutateSelectedField(
+      corpus_type& val, absl::BitGenRef prng,
+      const domain_implementor::MutationMetadata& metadata, bool only_shrink,
+      uint64_t selected_field_index) {
+    return inner_->MutateSelectedField(val.untyped_corpus, prng, metadata,
+                                       only_shrink, selected_field_index);
+  }
+
   // Mutates the given corpus value.
   void Mutate(corpus_type& val, absl::BitGenRef prng,
               const domain_implementor::MutationMetadata& metadata,
@@ -753,7 +818,7 @@ class FlatbuffersTableDomainImpl
 
   // Converts corpus value into the exact flatbuffer.
   value_type GetValue(const corpus_type& value) const {
-    flatbuffers::FlatBufferBuilder builder;
+    flatbuffers::FlatBufferBuilder64 builder;
     const uint32_t offset = inner_->BuildTable(value.untyped_corpus, builder);
     builder.Finish(flatbuffers::Offset<flatbuffers::Table>(offset));
     value.buffer =
diff --git a/fuzztest/internal/test_flatbuffers_64bits.fbs b/fuzztest/internal/test_flatbuffers_64bits.fbs
new file mode 100644
index 00000000..b893c887
--- /dev/null
+++ b/fuzztest/internal/test_flatbuffers_64bits.fbs
@@ -0,0 +1,21 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+namespace fuzztest.internal;
+
+table DefaultTable64 {
+  str:string (offset64);
+}
+
+root_type DefaultTable64;