Why do we encode `throw` action

[salsolatragus]

I'm currently working on a more detailed description of AUGs and I stumbled across throw action nodes. Why do we need those in the context of misuse detection? I see that they are somehow similar to return nodes. These we have to capture that returned values are somehow used (as opposed to dropped). One could say we have throw nodes also to encode that exception objects are somehow used, but this seems less interesting...

For both types of action nodes, we don't use them to encode control flow, right? The control flow is entirely translated into edges, e.g., when an if guards a return/throw we add control edges from its condition to everything below the return/throw.

[nguyenhoan]

I agree that we haven't seen any misuses related to missing throws or throwing wrong exceptions. However, it does not mean that it should not be there. As long as it is a reasonable part of a usage, we should capture it. We should only limit/remove things when we encounter problems, e.g., scalability, false positives, etc.,

[salsolatragus]

Yeah... I guess you're right, it doesn't hurt to have them as long is it doesn't hurt to have them ;)