Bugfix: Soot inlined overwritten array values. Also added an additional

sanity check

Author: StevenArzt

src/soot/dexpler/DexArrayInitReducer.java

@@ -65,7 +65,8 @@ protected void internalTransform(Body b, String phaseName,
 			// preceding constant assignments
 			AssignStmt assignStmt = (AssignStmt) u;
 			if (assignStmt.getLeftOp() instanceof ArrayRef) {
-				if (u1 != null && u2 != null) {
+				if (u1 != null && u2 != null && u2.getBoxesPointingToThis().isEmpty()
+						&& assignStmt.getBoxesPointingToThis().isEmpty()) {
 					ArrayRef arrayRef = (ArrayRef) assignStmt.getLeftOp();
 
 					Value u1val = u1.getDefBoxes().get(0).getValue();
@@ -157,6 +158,15 @@ else if (vb.getValue() == u2val)
 			}
 			else if (u2 == null) {
 				u2 = assignStmt;
+
+				// If the last value is overwritten again, we start again at the beginning
+				if (u1 != null) {
+					Value op1 = ((AssignStmt) u1).getLeftOp();
+					if (op1 == ((AssignStmt) u2).getLeftOp()) {
+						u1 = u2;
+						u2 = null;
+					}
+				}
 			}
 			else {
 				u1 = u2;

src/soot/toDex/ExprVisitor.java

@@ -17,6 +17,7 @@
 import soot.LongType;
 import soot.NullType;
 import soot.PrimType;
+import soot.RefType;
 import soot.SootClass;
 import soot.Type;
 import soot.Value;
@@ -591,7 +592,10 @@ private void castPrimitive(Register sourceReg, Value source, Type castSootType)
 			source = IntConstant.v(0);
 
 		// select fitting conversion opcode, depending on the source and cast type
-		PrimitiveType sourceType = PrimitiveType.getByName(source.getType().toString());
+		Type srcType = source.getType();
+		if (srcType instanceof RefType)
+			throw new RuntimeException("Trying to cast reference type " + srcType + " to a primitive");
+		PrimitiveType sourceType = PrimitiveType.getByName(srcType.toString());
 		if (castType == PrimitiveType.BOOLEAN) {
 			// there is no "-to-boolean" opcode, so just pretend to move an int to an int
 			castType = PrimitiveType.INT;