fuzz: Add dictionaries, improve README

fuzz/README.md

@@ -28,10 +28,12 @@ Fuzzing benefits from running as many tests as possible, so optimizing our time
 and throughput is very important. The number of jobs used by the computer
 can be increased by passing the following argument:
 
+#### Threads
 ```sh
 --jobs $(nproc)
 ```
 
+#### Disabling Address Sanitizer
 The Address Sanitizer can be disabled for any Rust code that does not use `unsafe`:
 
 ```sh
@@ -43,10 +45,17 @@ by default.
 
 In the case of DarkFi, we also want to supply `--all-features`.
 
-In summary, a more efficient way to fuzz safe Rust code is the following:
+#### Using dictionaries
+
+Generating a dictionary for a file format can be helpful.
+
+We store dictionaries in the `dictionaries/` directory.
+
+#### Summary
+A more efficient way to fuzz safe Rust code is the following:
 
 ```sh
-cargo fuzz run --jobs $(nproc) -s none --all-features TARGET 
+cargo fuzz run --jobs $(nproc) -s none --all-features TARGET -- -dict=dictionaries/SOMEDICT.dict
 ```
 
 ## Fuzzing Corpora 
@@ -97,7 +106,6 @@ Periodically you may encounter a crash with text like the following:
 ```
 AddressSanitizer: requested allocation size 0xFOO (0xBAR after adjustments for alignment, red zones etc.) exceeds maximum supported size of 0x10000000000
 ```
-
 This indicates that Rust is trying to allocate a large amount of memory in a way that crashes libFuzzer. 
 It likely indicates a memory-intensive part of the codebase but does not indicate a crash in DarkFi code,
 per se. Instead, libFuzzer itself is crashing. 
@@ -107,6 +115,10 @@ simplify the fuzz harness instead to reduce its code coverage. If the
 harness is targeting a high-level function, try isolating the problem
 and fuzzing a lower-level function instead.
 
+### Disabled Address Sanitizer
+
+If not already done, use the `--s none` flag described in the Optimization section
+
 ### Increasing allowed memory usage
 It is possible to increase the amount of memory libFuzzer is allowed to use by passing an argument
 to it via libFuzzer like so:
@@ -171,4 +183,3 @@ llvm-cov show target/x86_64-unknown-linux-gnu/coverage/x86_64-unknown-linux-gnu/
 ```
 
 You can now open `zkas-compile-report.html` in a browser and view the code coverage.
-

fuzz/dictionaries/zk-bin.dict

@@ -0,0 +1,52 @@
+"0 .circuit"
+"1.witness"
+"253.witness"
+"3.witness"
+"42.witness"
+"4.witness"
+"5.contract"
+"69.witness"
+"6.contract 00"
+"6.witness"
+"6.witness 00"
+"Arith.constant.literal.witness"
+"Burn.constant"
+"Burn_V1.constant"
+".circuit "
+".circuit"
+".circuit@"
+".circuit0"
+"ConsensusBurn_V1.constant"
+"ConsensusMint_V1.constant"
+"ConsensusProposal_V1.constant"
+"DaoExec.constant"
+"DaoMint.constant"
+"DaoProposeInput.constant"
+"DaoProposeMain.constant"
+"DaoVoteInput.constant"
+"DaoVoteMain.constant"
+"DeployContract.constant"
+"DeriveContractID.constant"
+"Encrypt.constant.literal"
+"InclusionProof.constant.literal.witness"
+"Lead_Burn_V1.constant"
+"Lead.constant"
+"Lead_Mint_V1.constant"
+"Mint.constant"
+"Mint_V1.constant"
+"NULLIFIER_K"
+"NULLIFIER_K.literal"
+"NULLIFIER_K.literal.contract"
+"NULLIFIER_K.literal.witness"
+"Opcodes.constant"
+"Set_V1.constant.literal.witness"
+"Simple.constant"
+"TokenFreeze_V1.constant"
+"TokenMint_V1.constant"
+"tx.constant"
+"VALUE_COMMIT_RANDOM"
+"VALUE_COMMIT_RANDOM.literal"
+"VALUE_COMMIT_RANDOM.literal.witness"
+"VALUE_COMMIT_VALUE"
+"VALUE_COMMIT_VALUE.literal.witness"
+"Vote.constant"