feat: provide dictionaries directly to types with @DictionaryProvider

Author: oetr

src/main/java/com/code_intelligence/jazzer/mutation/ArgumentsMutator.java

@@ -23,6 +23,7 @@
 import static java.util.Arrays.stream;
 import static java.util.stream.Collectors.joining;
 
+import com.code_intelligence.jazzer.mutation.annotation.DictionaryProvider;
 import com.code_intelligence.jazzer.mutation.api.ExtendedMutatorFactory;
 import com.code_intelligence.jazzer.mutation.api.PseudoRandom;
 import com.code_intelligence.jazzer.mutation.api.SerializingMutator;
@@ -32,6 +33,7 @@
 import com.code_intelligence.jazzer.mutation.mutator.Mutators;
 import com.code_intelligence.jazzer.mutation.runtime.MutatorRuntime;
 import com.code_intelligence.jazzer.mutation.support.Preconditions;
+import com.code_intelligence.jazzer.mutation.support.TypeSupport;
 import com.code_intelligence.jazzer.utils.Log;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -99,12 +101,19 @@ public static Optional<ArgumentsMutator> forMethod(
       throw validationError;
     }
     MutatorRuntime runtime = MutatorRuntime.forFuzzTestMethod(method);
+    DictionaryProvider[] typeDictionaries = method.getAnnotationsByType(DictionaryProvider.class);
     return toArrayOrEmpty(
             stream(method.getAnnotatedParameterTypes())
                 .map(
                     type -> {
+                      // Forward all DictionaryProvider annotations of the fuzz test method to each
+                      // arg.
+                      AnnotatedType t = type;
+                      for (DictionaryProvider dict : typeDictionaries) {
+                        t = TypeSupport.withExtraAnnotations(t, dict);
+                      }
                       Optional<SerializingMutator<?>> mutator =
-                          mutatorFactory.tryCreate(runtime, type);
+                          mutatorFactory.tryCreate(runtime, t);
                       if (!mutator.isPresent()) {
                         Log.error(
                             String.format(

src/main/java/com/code_intelligence/jazzer/mutation/BUILD.bazel

@@ -13,6 +13,7 @@ java_library(
         "//src/main/java/com/code_intelligence/jazzer/mutation/mutator",
         "//src/main/java/com/code_intelligence/jazzer/mutation/runtime",
         "//src/main/java/com/code_intelligence/jazzer/mutation/support",
+        "//src/main/java/com/code_intelligence/jazzer/mutation/utils",
         "//src/main/java/com/code_intelligence/jazzer/utils:log",
     ],
 )

src/main/java/com/code_intelligence/jazzer/mutation/annotation/DictionaryProvider.java

@@ -0,0 +1,73 @@
+/*
+ * Copyright 2024 Code Intelligence GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.code_intelligence.jazzer.mutation.annotation;
+
+import static com.code_intelligence.jazzer.mutation.utils.PropertyConstraint.RECURSIVE;
+import static java.lang.annotation.ElementType.TYPE_USE;
+import static java.lang.annotation.RetentionPolicy.RUNTIME;
+
+import com.code_intelligence.jazzer.mutation.utils.PropertyConstraint;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+
+/**
+ * Specifies a custom dictionary provider for the annotated method or parameter. The specified
+ * dictionary provider class must implement the {@link DictionaryProvider} interface.
+ *
+ * <p>The annotation can be applied to methods and parameters of any type. When applied to complex
+ * types (e.g. custom classes), the annotation is expected to apply to all nested fields unless
+ * specified otherwise via the {@link #constraint()} attribute.
+ *
+ * <p>Example usage:
+ *
+ * <pre>{@code
+ * public class MyFuzzTarget {
+ *
+ *   public Stream<?> provide() {
+ *     return Stream.of("example1", "example2", "example3", 1232187321, -182371);
+ *   }
+ *
+ *   @DictionaryProvider("provide")
+ *   @FuzzTest
+ *   public void fuzzerTestOneInput(String input) {
+ *     // Fuzzing logic here
+ *   }
+ * }
+ * }</pre>
+ */
+@Target({ElementType.METHOD, TYPE_USE})
+@Retention(RUNTIME)
+@PropertyConstraint
+public @interface DictionaryProvider {
+  String[] value() default {""};
+
+  /*
+   * This {@code DictionaryProvider} will be used with probability {@code 1/p} by the mutator responsible for
+   * fitting types. Not all mutators respect this probability.
+   */
+  int pInv() default 10;
+
+  /**
+   * Defines the scope of the annotation. Possible values are defined in {@link
+   * com.code_intelligence.jazzer.mutation.utils.PropertyConstraint}. It is convenient to use {@code
+   * RECURSIVE} as the default value here, as dictionary objects are typically used for complex
+   * types (e.g. custom classes) where the annotation is placed directly on the method or parameter
+   * and is expected to apply to all nested fields.
+   */
+  String constraint() default RECURSIVE;
+}

src/main/java/com/code_intelligence/jazzer/mutation/support/DictionaryProviderSupport.java

@@ -0,0 +1,101 @@
+/*
+ * Copyright 2025 Code Intelligence GmbH
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.code_intelligence.jazzer.mutation.support;
+
+import static com.code_intelligence.jazzer.mutation.support.Preconditions.require;
+
+import com.code_intelligence.jazzer.mutation.annotation.DictionaryProvider;
+import com.code_intelligence.jazzer.mutation.runtime.MutatorRuntime;
+import java.lang.reflect.AnnotatedType;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+public class DictionaryProviderSupport {
+
+  /**
+   * Extract inverse probability of the very last {@code DictionaryProvider} annotation on the given
+   * type.
+   */
+  public static int extractLastInvProbability(AnnotatedType type) {
+    DictionaryProvider[] dictObj = type.getAnnotationsByType(DictionaryProvider.class);
+    int pInv =
+        Arrays.stream(dictObj)
+            .map(DictionaryProvider::pInv)
+            .reduce((first, second) -> second)
+            .orElseThrow(() -> new IllegalStateException("No DictionaryProvider annotation found"));
+    require(pInv >= 2, "@DictionaryProvider.pInv must be at least 2");
+    return pInv;
+  }
+
+  /** Extract the provider streams using MutatorRuntime */
+  public static Optional<Stream<?>> extractProviderStreams(
+      MutatorRuntime runtime, AnnotatedType type) {
+    DictionaryProvider[] providers = type.getAnnotationsByType(DictionaryProvider.class);
+    if (providers.length == 0) {
+      return Optional.empty();
+    }
+    HashSet<String> providerMethodNames =
+        Arrays.stream(providers)
+            .map(DictionaryProvider::value) // Stream<String[]>
+            .flatMap(Arrays::stream)
+            .filter(name -> !name.isEmpty())
+            .collect(Collectors.toCollection(HashSet::new));
+    if (providerMethodNames.isEmpty()) {
+      return Optional.empty();
+    }
+    Map<String, Method> fuzzTestMethods =
+        Arrays.stream(runtime.fuzzTestMethod.getDeclaringClass().getDeclaredMethods())
+            .filter(m -> m.getParameterCount() == 0)
+            .filter(m -> m.getReturnType().equals(Stream.class))
+            .filter(
+                m ->
+                    (m.getModifiers()
+                            & (java.lang.reflect.Modifier.PUBLIC
+                                | java.lang.reflect.Modifier.STATIC))
+                        == (java.lang.reflect.Modifier.PUBLIC | java.lang.reflect.Modifier.STATIC))
+            .collect(Collectors.toMap(Method::getName, m -> m));
+
+    return Optional.ofNullable(
+        providerMethodNames.stream()
+            .flatMap(
+                name -> {
+                  Method m = fuzzTestMethods.get(name);
+                  if (m == null) {
+                    throw new IllegalStateException(
+                        "No method named "
+                            + name
+                            + " with signature 'public static Stream<?> "
+                            + name
+                            + "()' found in class "
+                            + runtime.fuzzTestMethod.getDeclaringClass().getName());
+                  }
+                  try {
+                    return (Stream<?>) m.invoke(null);
+                  } catch (IllegalAccessException e) {
+                    throw new RuntimeException(e);
+                  } catch (InvocationTargetException e) {
+                    throw new RuntimeException(e);
+                  }
+                }));
+  }
+}