Dataflow: Fix missing subpaths due to type strengthening.

java/ql/test/library-tests/dataflow/subpaths/flow.expected

@@ -32,6 +32,7 @@ nodes
 | A.java:27:12:27:25 | apply(...) : String | semmle.label | apply(...) : String |
 | A.java:27:20:27:24 | (...)... : Object | semmle.label | (...)... : Object |
 subpaths
+| A.java:14:44:14:54 | source(...) : Object | A.java:8:24:8:33 | arg : Object | A.java:9:12:9:17 | (...)... : Object | A.java:14:16:14:55 | propagateTaint(...) : String |
 | A.java:18:44:18:54 | source(...) : Object | A.java:8:24:8:33 | arg : Object | A.java:9:12:9:17 | (...)... : Object | A.java:18:16:18:55 | propagateTaint(...) : Object |
 | A.java:22:44:22:54 | source(...) : Object | A.java:26:41:26:48 | x : Object | A.java:27:12:27:25 | apply(...) : String | A.java:22:17:22:55 | apply(...) : String |
 | A.java:27:20:27:24 | (...)... : Object | A.java:22:24:22:33 | arg : String | A.java:22:39:22:41 | arg : String | A.java:27:12:27:25 | apply(...) : String |

shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll

@@ -4878,12 +4878,13 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
         PathNodeImpl arg, PathNodeImpl par, PathNodeImpl ret, PathNodeImpl out
       ) {
         exists(
-          ParamNodeEx p, NodeEx o, FlowState sout, DataFlowType t, AccessPath apout,
-          PathNodeMid out0
+          ParamNodeEx p, NodeEx o, FlowState sout, DataFlowType t0, DataFlowType t,
+          AccessPath apout, PathNodeMid out0
         |
           pragma[only_bind_into](arg).getASuccessorImpl(_) = pragma[only_bind_into](out0) and
-          subpaths03(pragma[only_bind_into](arg), p, ret, o, sout, t, apout) and
+          subpaths03(pragma[only_bind_into](arg), p, ret, o, sout, t0, apout) and
           hasSuccessor(pragma[only_bind_into](arg), par, p) and
+          strengthenType(o, t0, t) and
           pathNode(out0, o, sout, _, _, t, apout, _, _)
         |
           out = out0 or out = out0.projectToSink(_)