feat(instrumentor): remap ESM PC locations via source maps

oetr · oetr · commit 771914e36932 · 2026-03-27T17:20:14.000+01:00
Apply the same PC location batching and source-map remapping logic in the ESM loader path. This keeps print_pcs and print_funcs aligned with original sources for ESM modules, with safe fallback to generated locations.
diff --git a/packages/instrumentor/esm-loader.mts b/packages/instrumentor/esm-loader.mts
@@ -43,6 +43,10 @@ const { sourceCodeCoverage } =
 	require("./plugins/sourceCodeCoverage.js") as typeof import("./plugins/sourceCodeCoverage.js");
 const { functionHooks } =
 	require("./plugins/functionHooks.js") as typeof import("./plugins/functionHooks.js");
+const { buildPCLocationBatches } =
+	require("./pcLocationBatches.js") as typeof import("./pcLocationBatches.js");
+const { extractSourceMap, toRawSourceMap } =
+	require("./SourceMapRegistry.js") as typeof import("./SourceMapRegistry.js");
 
 // The loader thread has its own CJS module cache, so this is a
 // separate HookManager instance from the main thread's.  We populate
@@ -136,6 +140,7 @@ export const load: LoadFn = async function load(url, context, nextLoad) {
 
 function instrumentModule(code: string, filename: string): string | null {
 	drainHookUpdates();
+	const inputSourceMap = extractSourceMap(code, filename);
 
 	const fuzzerCoverage = esmCodeCoverage();
 
@@ -163,6 +168,7 @@ function instrumentModule(code: string, filename: string): string | null {
 			filename,
 			sourceFileName: filename,
 			sourceMaps: true,
+			inputSourceMap: toRawSourceMap(inputSourceMap) as any,
 			plugins,
 			sourceType: "module",
 		});
@@ -176,8 +182,6 @@ function instrumentModule(code: string, filename: string): string | null {
 	if (edges === 0 || !transformed?.code) {
 		return null;
 	}
-	const displayFilename = stripProjectRootPrefix(filename);
-
 	// Build a preamble that runs on the main thread before the module
 	// body.  It allocates the per-module coverage counter buffer and,
 	// when a source map is available, registers it with the main-thread
@@ -192,15 +196,22 @@ function instrumentModule(code: string, filename: string): string | null {
 	// [id, line, col, funcIdx, isFuncEntry, ...]
 	const edgeEntries = fuzzerCoverage.edgeEntries();
 	if (edgeEntries.length > 0) {
-		const flat = edgeEntries.flat();
 		const funcNames = fuzzerCoverage.funcNames();
-		preambleLines.push(
-			`Fuzzer.coverageTracker.registerPCLocations(` +
-				`${JSON.stringify(displayFilename)},` +
-				`${JSON.stringify(funcNames)},` +
-				`new Int32Array(${JSON.stringify(flat)}),` +
-				`__jazzer_pcBase);`,
+		const batches = buildPCLocationBatches(
+			edgeEntries,
+			filename,
+			inputSourceMap,
+			stripProjectRootPrefix,
 		);
+		for (const batch of batches) {
+			preambleLines.push(
+				`Fuzzer.coverageTracker.registerPCLocations(` +
+					`${JSON.stringify(batch.filename)},` +
+					`${JSON.stringify(funcNames)},` +
+					`new Int32Array(${JSON.stringify(Array.from(batch.entries))}),` +
+					`__jazzer_pcBase);`,
+			);
+		}
 	}
 
 	if (transformed.map) {
