question about writing taint flow query from the for of loop to the argument of a javascript eval-like function

[jackfromeast]

I'm writing a taint flow analysis query, but CodeQL's behavior doesn't match my intuition. I'm wondering if there's a part of CodeQL that I've missed and if someone could help me pinpoint it.
I want to find the taint flow from the for of loop to the argument of a javascript eval-like sink.

 for(var elt of arr) {
      var y = new Function('', elt);
  }

Firstly, I checked the selected source nodes and sink nodes, which seemed to be correct.

//sink
-- | -- | --
1 | Simple | elt | receiver
2 | Simple | elt | polluted

My isAdditionalFlowStep function looks like:

override predicate isAdditionalFlowStep(
    DataFlow::Node pred, DataFlow::Node succ, 
    DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl
  ) { 
    // for loop for a callflow labeled nodes
    // A for-in, for-of or for each-in loop 
    // E.g  for (var key in codeObj.partials) { ... key ... }
    exists(EnhancedForLoop efl | 
        succ = efl.getLValue().flow() and
        pred = efl.getIterationDomain().flow() and 
        inlbl instanceof CallFlowLabel and
        outlbl instanceof PollutedLabel
      )
    or
    underSrcPath(pred) and 
    underSrcPath(succ) and
    TaintTracking::sharedTaintStep(pred, succ) and 
    propagateLabeles(inlbl, outlbl)
  }

Upon a quick evaluation, I found it can't select the elt in the for of loop statement and the argument node in the Function constructor function as pred and succ respectively. And the output path is empty.
And when I run the quick evaluation on isAdditionalFlowStep, it outputs the following result:

-- | -- | -- | -- | --
1 | Simple | arr | elt | callflow | polluted
2 | Simple | arr | elt | receiver | receiver
3 | Simple | arr | elt | polluted | polluted

I wonder why I cannot select out the elt in the for ... of ... statement and the elt in the function constructor in the flowStep? Is it necessary that I set the Function constructor itself as the sink and add an additional flow from the argument to the function invoke of the Function?

[jackfromeast]

Sorry for bothering! I figured out that I had misused a label :<