This is because ExceptionFuzz's purpose is to throw exceptions from its client at exception check sites. Using the client's ThrowScope solves 2 problems: 1. If ExceptionFuzz makes its own ThrowScope, the simulated throw will be mis-attributed to ExceptionFuzz when it should be attributed to its client. 2. One way exception scope verification works is by having ThrowScopes assert that there are no unchecked simulated exceptions when the ThrowScope is instantiated. However, ExceptionFuzz necessarily works by inserting doExceptionFuzzingIfEnabled() between a ThrowScope that simulated a throw and an exception check. If we declare a ThrowScope in ExceptionFuzz's code, we will be instantiating a ThrowScope between the point where a simulated throw occurs and where the needed exception check can occur. Hence, having ExceptionFuzz instantiate its own ThrowScope will fail exception scope verification every time. Changing ExceptionFuzz to use its client's ThrowScope resolves both problems.
Created attachment 294973 [details] proposed patch.
Attachment 294973 [details] did not pass style-queue: ERROR: Source/JavaScriptCore/ChangeLog:17: Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: fuzzing, fuzzing, fuzzing [changelog/unwantedsecurityterms] [3] Total errors found: 1 in 6 files If any of these errors are false positives, please file a bug against check-webkit-style.
Comment on attachment 294973 [details] proposed patch. r=me
Comment on attachment 294973 [details] proposed patch. Thanks for the review. Landing via cq.
Comment on attachment 294973 [details] proposed patch. Clearing flags on attachment: 294973 Committed r208819: <http://trac.webkit.org/changeset/208819>
All reviewed patches have been landed. Closing bug.