+1

 * Fuzzing V8 can be avoided by fuzz-testing exclusively the layer that dispatches to the worker thread, starts/restarts requests, and issues and caches the underlying DNS. Some surgery of the implementation will be needed, but it already abstracts the interface to V8 through a ProxyResolverV8 instance so should be doable.

 * Would want to fuzz cancellation as a possibility too. The hairiest bits of this code will be around multi-request handling, cancellation, and errors.

Ah, right...we could decide the number and order of DNS requests for each request to do, each time through the resolver (So they could change - we could have a "library" of possible DNS requests, and just pick them them).

To handle cancellation, we can pick two sequence numbers for each request:  When to start, and when to cancel, relative to other events...We have immediately, when the previous request completes, when a DNS lookup starts, and after a DNS lookup completes.  We could make sync and async versions of the last 3, but doing async would return we run one task on the message loop at a time, which I'm not sure RunLoop supports.  We'd also have to think about DNS lookups that resolve synchronously and asynchronously.  This could get pretty hairy, if we want to try and cover all our bases.

This issue has been available for more than 365 days, and should be re-evaluated. Please re-triage this issue.
The Hotlist-Recharge-Cold label is applied for tracking purposes, and should not be removed after re-triaging the issue.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot