github
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
Lines changed: 6 additions & 1 deletion b/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll
Lines changed: 6 additions & 1 deletion
diff --git a/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
Lines changed: 33 additions & 0 deletions b/‎java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll
Lines changed: 33 additions & 0 deletions
diff --git a/‎shared/dataflow/codeql/dataflow/DataFlow.qll
Lines changed: 5 additions & 0 deletions b/‎shared/dataflow/codeql/dataflow/DataFlow.qll
Lines changed: 5 additions & 0 deletions
@@ -326,13 +326,18 @@ string ppReprType(DataFlowType t) {
   else result = t.toString()
 }
 
+pragma[nomagic]
+private predicate compatibleTypes0(DataFlowType t1, DataFlowType t2) {
+  erasedHaveIntersection(t1, t2)
+}
+
 /**
  * Holds if `t1` and `t2` are compatible, that is, whether data can flow from
  * a node of type `t1` to a node of type `t2`.
  */
 bindingset[t1, t2]
 pragma[inline_late]
-predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { erasedHaveIntersection(t1, t2) }
+predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { compatibleTypes0(t1, t2) }
 
 /** A node that performs a type cast. */
 class CastNode extends ExprNode {
 
@@ -133,6 +133,39 @@ private module Cached {
   }
 }
 
+/**
+ * Holds if the value of `node2` is given by `node1`.
+ */
+predicate localMustFlowStep(Node node1, Node node2) {
+  exists(Callable c | node1.(InstanceParameterNode).getCallable() = c |
+    exists(InstanceAccess ia |
+      ia = node2.asExpr() and ia.getEnclosingCallable() = c and ia.isOwnInstanceAccess()
+    )
+    or
+    c =
+      node2.(ImplicitInstanceAccess).getInstanceAccess().(OwnInstanceAccess).getEnclosingCallable()
+  )
+  or
+  exists(SsaImplicitInit init |
+    init.isParameterDefinition(node1.asParameter()) and init.getAUse() = node2.asExpr()
+  )
+  or
+  exists(SsaExplicitUpdate upd |
+    upd.getDefiningExpr().(VariableAssign).getSource() = node1.asExpr() and
+    upd.getAUse() = node2.asExpr()
+  )
+  or
+  node2.asExpr().(CastingExpr).getExpr() = node1.asExpr()
+  or
+  node2.asExpr().(AssignExpr).getSource() = node1.asExpr()
+  or
+  node1 =
+    unique(FlowSummaryNode n1 |
+      FlowSummaryImpl::Private::Steps::summaryLocalStep(n1.getSummaryNode(),
+        node2.(FlowSummaryNode).getSummaryNode(), true)
+    )
+}
+
 import Cached
 
 private predicate capturedVariableRead(Node n) {
 
@@ -197,6 +197,11 @@ signature module InputSig {
    */
   predicate allowParameterReturnInSelf(ParameterNode p);
 
+  /**
+   * Holds if the value of `node2` is given by `node1`.
+   */
+  predicate localMustFlowStep(Node node1, Node node2);
+
   class LambdaCallKind;
 
   /** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */