I've poked around the type assigner a bit to see what's going on. The problem seems to be that at the end of the type assigner, there's a local called "tmp" whose type is null (not NullType, but null).
Hmmm... It's been a long time, since I worked on this code, but this seems to be a bug.
The only place that locals named "tmp" are created is in the insertCast methods of ConstraintChecker. Indeed, on this example, the ConstraintChecker creates a variable named tmp with a null type, as the result of a cast of the l1 in the Jimple statement:
if l1 >= 2 goto label1;
When this happens, l1 has a TypeNode with BooleanType, and 2 has the TypeNode R0_127, whose type is null.
"2" should have the type [0..127]. Look at the SAS typing paper for the integer type hierarchy.
-- Etienne M. Gagnon, Ph.D. http://www.info.uqam.ca/~egagnon/ SableVM: http://www.sablevm.org/ SableCC: http://www.sablecc.org/