Json fuzzer

.gitignore

@@ -266,3 +266,4 @@ launchSettings.json
 
 # Benchmarks
 **/BenchmarkDotNet.Artifacts/
+/fuzzers/Neo.VM.Fuzzer/fuzzer-output/

fuzzers/Neo.Json.Fuzzer/Documentation/ConcurrentAccessTesting.md

@@ -0,0 +1,86 @@
+# Concurrent Access Testing Strategy
+
+## Overview
+
+This document outlines the concurrent access testing strategy for the Neo.Json.Fuzzer. Thread safety and proper handling of concurrent operations are essential for a JSON library used in multi-threaded applications.
+
+## Test Categories
+
+### 1. Read Concurrency
+
+- Multiple threads reading the same JSON object
+- Concurrent traversal of large structures
+- Concurrent JPath queries on shared objects
+- Concurrent type conversions
+
+### 2. Write Concurrency
+
+- Multiple threads modifying different parts of a JSON structure
+- Concurrent property addition/removal
+- Concurrent array element manipulation
+- Concurrent serialization operations
+
+### 3. Mixed Read/Write Operations
+
+- Some threads reading while others are writing
+- Interleaved read/write operations
+- Complex operation sequences that may cause race conditions
+- Operations that may trigger internal restructuring
+
+### 4. Stress Testing
+
+- High thread count (32+ threads)
+- Rapid operation sequences
+- Long-running concurrent operations
+- Memory pressure during concurrent operations
+
+## Test Structure Generation
+
+The fuzzer will generate JSON structures specifically designed to test concurrent access:
+
+1. **Large, Deep Structures**: To maximize potential thread interaction
+2. **Balanced Trees**: For predictable concurrent traversal
+3. **Property-Heavy Objects**: For concurrent property access testing
+4. **Large Arrays**: For concurrent index-based access
+
+## Concurrency Patterns
+
+1. **Reader-Heavy**: Many readers, few writers
+2. **Writer-Heavy**: Many writers, few readers
+3. **Balanced**: Equal number of readers and writers
+4. **Phased**: Alternating between read-heavy and write-heavy phases
+5. **Random**: Unpredictable mix of operations
+
+## Coverage Goals
+
+The concurrent access testing should aim to cover:
+
+1. All major operations under concurrent conditions
+2. Edge cases in concurrent modification
+3. Performance degradation under contention
+4. Deadlock and race condition detection
+5. Memory consistency issues
+
+## Implementation Approach
+
+1. Create a multi-threaded test harness
+2. Generate test cases with various concurrency patterns
+3. Track thread interactions and operation outcomes
+4. Identify any thread safety issues or performance bottlenecks
+5. Measure throughput and latency under concurrent load
+
+## Specific Test Scenarios
+
+1. **Concurrent Parsing**: Multiple threads parsing different JSON strings
+2. **Shared Structure Access**: Multiple threads accessing the same JSON structure
+3. **Modification Races**: Threads competing to modify the same properties
+4. **Serialization Under Load**: Concurrent serialization of shared structures
+5. **Mixed Workload**: Realistic mix of operations mimicking application patterns
+
+## Metrics to Collect
+
+1. Operation throughput under concurrent load
+2. Latency distribution for different operation types
+3. Contention points and hot spots
+4. Memory usage patterns during concurrent operations
+5. Thread synchronization overhead

fuzzers/Neo.Json.Fuzzer/Documentation/CoverageAnalysis.md

@@ -0,0 +1,89 @@
+# Coverage Analysis
+
+## Overview
+
+Coverage analysis is a critical component of the Neo.Json.Fuzzer, ensuring that the fuzzing process thoroughly exercises the Neo.Json library's codebase. This document outlines the approach, metrics, and implementation details for coverage tracking and analysis.
+
+## Coverage Metrics
+
+The fuzzer tracks several types of coverage:
+
+1. **Method Coverage**: Which methods in the Neo.Json library are called
+2. **Branch Coverage**: Which conditional branches are taken
+3. **Path Coverage**: Unique execution paths through the code
+4. **Exception Coverage**: Which exception paths are triggered
+5. **Value Coverage**: Range of values processed by key methods
+
+## Implementation Approach
+
+### Instrumentation
+
+The coverage tracker instruments the Neo.Json library by:
+
+1. **Method Interception**: Tracking calls to public and internal methods
+2. **Branch Monitoring**: Recording which branches are taken in conditional statements
+3. **Value Logging**: Recording the types and ranges of values processed
+4. **Exception Tracking**: Monitoring which exceptions are thrown and from where
+
+### Coverage Points
+
+Coverage is tracked using "coverage points" - specific locations or conditions in the code:
+
+- **Method Entry Points**: Beginning of each method
+- **Branch Points**: Each conditional branch
+- **Exception Points**: Locations where exceptions can be thrown
+- **Value Boundaries**: Points where values are checked against limits
+
+## Coverage Feedback Loop
+
+The coverage analysis feeds back into the fuzzing process:
+
+1. **Input Prioritization**: Test cases that discover new coverage are prioritized
+2. **Corpus Evolution**: The corpus evolves to maximize coverage over time
+3. **Targeted Generation**: New inputs are generated to target unexplored code paths
+4. **Progress Tracking**: Coverage metrics show fuzzing progress over time
+
+## Neo.Json-Specific Coverage
+
+The coverage analysis focuses on key areas of the Neo.Json library:
+
+1. **Parsing Logic**: Coverage of the `JToken.Parse()` methods and related parsing code
+2. **Type Conversion**: Coverage of conversion methods between JSON types
+3. **JPath Execution**: Coverage of the JSON path query functionality
+4. **Serialization**: Coverage of the JSON serialization code
+5. **Error Handling**: Coverage of error detection and exception throwing code
+
+## Coverage Visualization
+
+The fuzzer provides several ways to visualize coverage:
+
+1. **Coverage Reports**: Detailed reports showing which parts of the code were covered
+2. **Heat Maps**: Visual representation of coverage density across the codebase
+3. **Progress Charts**: Graphs showing coverage growth over time
+4. **Uncovered Code**: Lists of code paths that remain unexplored
+
+## Implementation Details
+
+The coverage tracker is implemented with these components:
+
+1. **Coverage Point Registry**: Maintains a registry of all possible coverage points
+2. **Coverage Collector**: Records which coverage points are hit during execution
+3. **Coverage Analyzer**: Processes raw coverage data to extract insights
+4. **Coverage Reporter**: Generates human-readable coverage reports
+
+## Integration with Neo.Json
+
+The coverage tracker integrates with Neo.Json through:
+
+1. **Method Wrappers**: Wrapping key methods to track invocation
+2. **Custom Execution Engine**: A specialized execution environment that tracks coverage
+3. **Reflection-Based Monitoring**: Using reflection to observe internal state
+
+## Limitations
+
+The current coverage analysis has some limitations:
+
+1. **Incomplete Coverage**: Some code paths may be difficult or impossible to reach
+2. **Performance Impact**: Coverage tracking adds some overhead to execution
+3. **False Negatives**: Some coverage may not be detected due to implementation details
+4. **External Dependencies**: Coverage of interactions with external systems may be limited

fuzzers/Neo.Json.Fuzzer/Documentation/CoverageMapping.md

@@ -0,0 +1,124 @@
+# Neo.Json Coverage Mapping
+
+## Overview
+
+This document maps each Neo.Json class and method to specific test cases in the Neo.Json.Fuzzer. This mapping ensures comprehensive coverage of the Neo.Json library and helps identify areas that may need additional testing.
+
+## Coverage Structure
+
+Coverage is tracked across the following dimensions:
+1. **Class Coverage**: Ensuring all classes in Neo.Json are tested
+2. **Method Coverage**: Ensuring all public methods are exercised
+3. **Parameter Coverage**: Testing different parameter combinations
+4. **Edge Case Coverage**: Testing boundary conditions and special cases
+5. **Error Handling Coverage**: Testing error conditions and exceptions
+
+## Class and Method Mapping
+
+### JToken (Base Class)
+
+| Method/Property | Test Category | Coverage Points | Implementation |
+|-----------------|---------------|-----------------|----------------|
+| Parse() | Parse | Parse:DefaultNesting, Parse:LowNesting, Parse:HighNesting | JsonRunner.TestParsingWithMaxNest |
+| Parse(string, int) | Parse | Parse:CustomNesting | JsonRunner.TestParsingWithMaxNest |
+| AsBoolean() | Convert | Convert:AsBoolean | JsonRunner.TestTypeConversions |
+| AsNumber() | Convert | Convert:AsNumber | JsonRunner.TestTypeConversions |
+| AsString() | Convert | Convert:AsString | JsonRunner.TestTypeConversions |
+| GetBoolean() | Convert | Convert:GetBoolean | JsonRunner.TestTypeConversions |
+| GetNumber() | Convert | Convert:GetNumber | JsonRunner.TestTypeConversions |
+| GetString() | Convert | Convert:GetString | JsonRunner.TestTypeConversions |
+| ToString() | Serialize | Serialize:ToString | JsonRunner.TestSerialization |
+| ToString(bool) | Serialize | Serialize:ToStringIndented | JsonRunner.TestSerialization |
+| ToByteArray() | Serialize | Serialize:ToByteArray | JsonRunner.TestSerialization |
+| JsonPath() | JPath | JPath:Root, JPath:Properties, JPath:Array | JsonRunner.TestJPathOperations |
+| Type property | TokenType | TokenType:* | CollectCoveragePoints |
+
+### JObject
+
+| Method/Property | Test Category | Coverage Points | Implementation |
+|-----------------|---------------|-----------------|----------------|
+| Constructor | Structure | TokenType:JObject | StructureMutations |
+| Properties | Structure | JObject:Properties | StructureMutations |
+| Item[string] get/set | Structure | JObject:ItemAccess | StructureMutations |
+| ContainsProperty() | Structure | JObject:Contains | NeoJsonSpecificMutations |
+| Remove() | Structure | JObject:Remove | StructureMutations |
+
+### JArray
+
+| Method/Property | Test Category | Coverage Points | Implementation |
+|-----------------|---------------|-----------------|----------------|
+| Constructor | Structure | TokenType:JArray | StructureMutations |
+| Item[int] get/set | Structure | JArray:ItemAccess | StructureMutations |
+| Add() | Structure | JArray:Add | StructureMutations |
+| AddRange() | Structure | JArray:AddRange | StructureMutations |
+| Clear() | Structure | JArray:Clear | StructureMutations |
+| Insert() | Structure | JArray:Insert | StructureMutations |
+| Remove() | Structure | JArray:Remove | StructureMutations |
+| RemoveAt() | Structure | JArray:RemoveAt | StructureMutations |
+
+### JString
+
+| Method/Property | Test Category | Coverage Points | Implementation |
+|-----------------|---------------|-----------------|----------------|
+| Constructor | Value | TokenType:JString | StringMutations |
+| Value property | Value | JString:Value | StringMutations |
+| Unicode handling | Unicode | JString:Unicode | StringMutations |
+| Escape sequences | Unicode | JString:Escape | StringMutations |
+
+### JNumber
+
+| Method/Property | Test Category | Coverage Points | Implementation |
+|-----------------|---------------|-----------------|----------------|
+| Constructor | Value | TokenType:JNumber | NumberMutations |
+| Value property | Value | JNumber:Value | NumberMutations |
+| Precision handling | Numeric | JNumber:Precision | NumberMutations |
+| Range handling | Numeric | JNumber:Range | NumberMutations |
+
+### JBoolean
+
+| Method/Property | Test Category | Coverage Points | Implementation |
+|-----------------|---------------|-----------------|----------------|
+| Constructor | Value | TokenType:JBoolean | BooleanMutations |
+| Value property | Value | JBoolean:Value | BooleanMutations |
+
+### JPath
+
+| Method/Property | Test Category | Coverage Points | Implementation |
+|-----------------|---------------|-----------------|----------------|
+| Basic queries | JPath | JPath:Basic | NeoJsonSpecificMutations |
+| Wildcard queries | JPath | JPath:Wildcard | NeoJsonSpecificMutations |
+| Recursive descent | JPath | JPath:Recursive | NeoJsonSpecificMutations |
+| Filter expressions | JPath | JPath:Filter | NeoJsonSpecificMutations |
+| Union operations | JPath | JPath:Union | NeoJsonSpecificMutations |
+
+## Coverage Gaps and Priorities
+
+### High Priority Gaps
+
+1. **JPath Complex Queries**: More comprehensive testing of complex JPath queries
+2. **Unicode Handling**: Expanded testing of Unicode characters across all planes
+3. **Numeric Precision**: More thorough testing of numeric precision edge cases
+4. **Streaming Scenarios**: Testing of incremental parsing and large document handling
+5. **Concurrent Access**: Testing thread safety of all operations
+
+### Medium Priority Gaps
+
+1. **Error Recovery**: Testing recovery from various error conditions
+2. **Memory Efficiency**: Testing memory usage patterns with different JSON structures
+3. **Serialization Options**: More comprehensive testing of serialization options
+4. **Custom Type Conversion**: Testing conversion to/from custom types
+5. **Performance Profiling**: More detailed performance analysis
+
+### Low Priority Gaps
+
+1. **Integration Scenarios**: Testing integration with other Neo components
+2. **Backward Compatibility**: Testing compatibility with older versions
+3. **Documentation Examples**: Testing all examples in documentation
+4. **Interoperability**: Testing interoperability with other JSON libraries
+
+## Implementation Plan
+
+1. Address high priority gaps first
+2. Update this coverage mapping document as new tests are added
+3. Track coverage metrics over time to ensure increasing coverage
+4. Periodically review for new gaps as Neo.Json evolves