Add backward dataflow edges through modelled function invocations.

Also add convenience abstract classes for easily modelling new functions as fluent or value-preserving.

java/ql/test/library-tests/dataflow/fluent-methods/Test.java

@@ -6,6 +6,16 @@ public class Test {
     return this;
   }
 
+  public Test modelledFluentMethod() {
+    // A model in the accompanying .ql file will indicate that the qualifier flows to the return value.
+    return null;
+  }
+
+  public static Test modelledIdentity(Test t) {
+    // A model in the accompanying .ql file will indicate that the argument flows to the return value.
+    return null;
+  }
+
   public Test indirectlyFluentNoop() {
     return this.fluentNoop();
   }
@@ -47,4 +57,16 @@ public class Test {
     sink(t.get()); // $hasTaintFlow=y
   }
 
+  public static void testModel1() {
+    Test t = new Test();
+    t.indirectlyFluentNoop().modelledFluentMethod().fluentSet(source()).fluentNoop();
+    sink(t.get()); // $hasTaintFlow=y
+  }
+
+  public static void testModel2() {
+    Test t = new Test();
+    Test.modelledIdentity(t).indirectlyFluentNoop().modelledFluentMethod().fluentSet(source()).fluentNoop();
+    sink(t.get()); // $hasTaintFlow=y
+  }
+
 }

java/ql/test/library-tests/dataflow/fluent-methods/flow.ql

@@ -1,5 +1,6 @@
 import java
 import semmle.code.java.dataflow.DataFlow
+import semmle.code.java.dataflow.FlowSteps
 import TestUtilities.InlineExpectationsTest
 
 class Conf extends DataFlow::Configuration {
@@ -14,6 +15,16 @@ class Conf extends DataFlow::Configuration {
   }
 }
 
+class Model extends DataFlow::FluentMethod {
+  Model() { this.getName() = "modelledFluentMethod" }
+}
+
+class IdentityModel extends DataFlow::ValuePreservingCallable {
+  IdentityModel() { this.getName() = "modelledIdentity" }
+
+  override predicate returnsValue(int arg) { arg = 0 }
+}
+
 class HasFlowTest extends InlineExpectationsTest {
   HasFlowTest() { this = "HasFlowTest" }