Java: Replace the MaD Object.clone() models with a non-aliasing value step.

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll

@@ -22,6 +22,8 @@ module JavaDataFlow implements InputSig<Location> {
 
   predicate getSecondLevelScope = Private::getSecondLevelScope/1;
 
+  predicate validParameterAliasStep = Private::validParameterAliasStep/2;
+
   predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
 
   predicate viableImplInCallContext = Private::viableImplInCallContext/2;

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll

@@ -400,6 +400,18 @@ class CastNode extends ExprNode {
   }
 }
 
+/** Holds if `n1` is the qualifier of a call to `clone()` and `n2` is the result. */
+predicate cloneStep(Node n1, Node n2) {
+  exists(MethodCall mc |
+    mc.getMethod() instanceof CloneMethod and
+    n1 = getInstanceArgument(mc) and
+    n2.asExpr() = mc
+  )
+}
+
+bindingset[node1, node2]
+predicate validParameterAliasStep(Node node1, Node node2) { not cloneStep(node1, node2) }
+
 private newtype TDataFlowCallable =
   TSrcCallable(Callable c) or
   TSummarizedCallable(SummarizedCallable c) or

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll

@@ -258,6 +258,8 @@ private predicate simpleLocalFlowStep0(Node node1, Node node2, string model) {
     model = "ValuePreservingMethod"
   )
   or
+  cloneStep(node1, node2) and model = "CloneStep"
+  or
   FlowSummaryImpl::Private::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(),
     node2.(FlowSummaryNode).getSummaryNode(), true, model)
 }