<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - ExceptionFuzz functions should use its client's ThrowScope."

   href="https://bugs.webkit.org/show_bug.cgi?id=164834">164834</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>ExceptionFuzz functions should use its client's ThrowScope.

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Local Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>JavaScriptCore

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>mark.lam&#64;apple.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>This is because ExceptionFuzz's purpose is to throw exceptions from its client at exception check sites.  Using the client's ThrowScope solves 2 problems:

1. If ExceptionFuzz makes its own ThrowScope, the simulated throw will be mis-attributed to ExceptionFuzz when it should be attributed to its client.

2. One way exception scope verification works is by having ThrowScopes assert that there are no unchecked simulated exceptions when the ThrowScope is instantiated.  However, ExceptionFuzz necessarily works by inserting doExceptionFuzzingIfEnabled() between a ThrowScope that simulated a throw and an exception check.  If we declare a ThrowScope in ExceptionFuzz's code, we will be instantiating a ThrowScope between the point where a simulated throw occurs and where the needed exception check can occur.  Hence, having ExceptionFuzz instantiate its own ThrowScope will fail exception scope verification every time.

Changing ExceptionFuzz to use its client's ThrowScope resolves both problems.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>