Fix a bug in dexpler where it could use a too narrow type

Author: MarcMil

src/main/java/soot/dexpler/DexBody.java

@@ -1307,7 +1307,15 @@ private static BooleanConstant fixBooleanConstant(IntConstant arg) {
    *          type constraints (these might be multiple valid possibilities)
    */
   private void handleKnownDexArrayTypes(Body b, Jimple jimple, MultiMap<Local, Type> typeConstraints) {
-
+    Set<Local> localsSingleDefinitions = new HashSet<>(b.getLocals());
+    for (Unit u : b.getUnits()) {
+      if (u instanceof DefinitionStmt) {
+        Value l = ((DefinitionStmt) u).getLeftOp();
+        if (l instanceof Local) {
+          localsSingleDefinitions.remove(l);
+        }
+      }
+    }
     UnitPatchingChain units = jBody.getUnits();
     Unit u = units.getFirst();
     while (u != null) {
@@ -1321,7 +1329,17 @@ private void handleKnownDexArrayTypes(Body b, Jimple jimple, MultiMap<Local, Typ
               Type definiteType = dexplerTypeTag.getDefiniteType();
               if (definiteType != null) {
                 Local prev = (Local) assign.getLeftOp();
-                prev.setType(definiteType);
+                if (!(definiteType instanceof PrimType) || localsSingleDefinitions.contains(prev)) {
+                  prev.setType(definiteType);
+                } else {
+                  //Since there are multiple definitions, e.g. for a byte retrieved from a byte[],
+                  //there could be another non-distinct definition which uses the same variable as an int.
+                  PrimType[] wider = DexType.getWiderTypes((PrimType) definiteType);
+                  if (wider.length == 1) {
+                    prev.setType(wider[0]);
+                  }
+                }
+
                 ArrayType tp = ArrayType.v(definiteType, 1);
 
                 ArrayRef array = (ArrayRef) rop;

src/main/java/soot/dexpler/DexType.java

@@ -37,6 +37,7 @@
 import soot.FloatType;
 import soot.IntType;
 import soot.LongType;
+import soot.PrimType;
 import soot.RefType;
 import soot.ShortType;
 import soot.Type;
@@ -226,4 +227,14 @@ public static String toSootAT(String type) {
   public String toString() {
     return name;
   }
+
+  public static PrimType[] getWiderTypes(PrimType tp) {
+    if (tp instanceof ByteType) {
+      return new PrimType[] { tp, IntType.v(), ShortType.v() };
+    }
+    if (tp instanceof ShortType) {
+      return new PrimType[] { tp, IntType.v() };
+    }
+    return new PrimType[] { tp };
+  }
 }