Weird, the reproducer doesn't seem to work when I run it on my Linux machine.

Fun times: on my Mac it reproduces roughly 20% of the time. Something is seriously wrong here.

The full crash message:

Assertion failed: (RegNo < NumRegs && "Attempting to access record for invalid register number!"), function operator[], file ../include/llvm/MC/MCRegisterInfo.h, line 340.
0 clang-5.0 0x00000001071f26b8 llvm::sys::PrintStackTrace(llvm::raw_ostream&) + 40
1 clang-5.0 0x00000001071f2db6 SignalHandler(int) + 454
2 libsystem_platform.dylib 0x00007fff97db1b3a _sigtramp + 26
3 libsystem_platform.dylib 000000000000000000 _sigtramp + 1747248352
4 libsystem_c.dylib 0x00007fff97c36420 abort + 129
5 libsystem_c.dylib 0x00007fff97bfd893 basename_r + 0
6 clang-5.0 0x0000000105ca5694 llvm::MCRegAliasIterator::MCRegAliasIterator(unsigned int, llvm::MCRegisterInfo const*, bool) + 564
7 clang-5.0 0x000000010690d821 (anonymous namespace)::MachineCopyPropagation::ClobberRegister(unsigned int) + 49
8 clang-5.0 0x000000010690a16a (anonymous namespace)::MachineCopyPropagation::runOnMachineFunction(llvm::MachineFunction&) + 3466
9 clang-5.0 0x000000010693aa55 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) + 181
10 clang-5.0 0x0000000106c2af33 llvm::FPPassManager::runOnFunction(llvm::Function&) + 547
11 clang-5.0 0x0000000106c2b193 llvm::FPPassManager::runOnModule(llvm::Module&) + 51
12 clang-5.0 0x0000000106c2b6de llvm::legacy::PassManagerImpl::run(llvm::Module&) + 958
13 clang-5.0 0x0000000107412453 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::__1::unique_ptr<llvm::raw_pwrite_stream, std::__1::default_deletellvm::raw_pwrite_stream >) + 15139
14 clang-5.0 0x000000010765660c clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) + 940
15 clang-5.0 0x0000000108088095 clang::ParseAST(clang::Sema&, bool, bool) + 469
16 clang-5.0 0x00000001078d8b9c clang::FrontendAction::Execute() + 76
17 clang-5.0 0x00000001078927e1 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) + 1217
18 clang-5.0 0x0000000107939195 clang::ExecuteCompilerInvocation(clang::CompilerInstance*) + 4981
19 clang-5.0 0x00000001059936d4 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) + 1524
20 clang-5.0 0x0000000105991e23 main + 12307
21 libdyld.dylib 0x00007fff97ba2235 start + 1
Stack dump:
0. Program arguments: /work/llvm/build.release/bin/clang-5.0 -cc1 -triple x86_64-apple-macosx10.9.0 -Wdeprecated-objc-isa-usage -Werror=deprecated-objc-isa-usage -emit-obj -disable-free -main-file-name GrDistanceFieldGenFromVector.cpp -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -masm-verbose -munwind-tables -faligned-alloc-unavailable -target-cpu core2 -target-linker-version 264.3.102 -dwarf-column-info -debug-info-kind=line-tables-only -dwarf-version=2 -debugger-tuning=lldb -coverage-notes-file /work/chromium/src/out/Release/obj/skia/skia/GrDistanceFieldGenFromVector.gcno -resource-dir /work/llvm/build.release/lib/clang/6.0.0 -dependency-file obj/skia/skia/GrDistanceFieldGenFromVector.o.d -MT obj/skia/skia/GrDistanceFieldGenFromVector.o -isysroot ../../build/mac_files/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.12.sdk -D V8_DEPRECATION_WARNINGS -D NO_TCMALLOC -D FULL_SAFE_BROWSING -D SAFE_BROWSING_CSD -D SAFE_BROWSING_DB_LOCAL -D CHROMIUM_BUILD -D FIELDTRIAL_TESTING_ENABLED -D CR_CLANG_REVISION="292947" -D CR_XCODE_VERSION=0832 -D __ASSERT_MACROS_DEFINE_VERSIONS_WITHOUT_UNDERSCORE=0 -D NDEBUG -D NVALGRIND -D DYNAMIC_ANNOTATIONS_ENABLED=0 -D SK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS -D SK_HAS_PNG_LIBRARY -D SK_HAS_WEBP_LIBRARY -D SK_HAS_JPEG_LIBRARY -D SK_SUPPORT_GPU=1 -D SK_BUILD_FOR_MAC -D SK_FREETYPE_MINIMUM_RUNTIME_VERSION=(((FREETYPE_MAJOR) * 0x01000000) | ((FREETYPE_MINOR) * 0x00010000) | ((FREETYPE_PATCH) * 0x00000100)) -D SK_GAMMA_SRGB -D SK_GAMMA_CONTRAST=0.0 -D SK_DEFAULT_FONT_CACHE_LIMIT=20971520 -D USE_LIBJPEG_TURBO=1 -I ../.. -I gen -I ../../skia/config -I ../../skia/ext -I ../../third_party/skia/include/c -I ../../third_party/skia/include/config -I ../../third_party/skia/include/core -I ../../third_party/skia/include/effects -I ../../third_party/skia/include/encode -I ../../third_party/skia/include/gpu -I ../../third_party/skia/include/images -I ../../third_party/skia/include/lazy -I ../../third_party/skia/include/pathops -I ../../third_party/skia/include/pdf -I ../../third_party/skia/include/pipe -I ../../third_party/skia/include/ports -I ../../third_party/skia/include/utils -I ../../third_party/skia/third_party/vulkan -I ../../third_party/skia/include/codec -I ../../third_party/skia/src/gpu -I ../../third_party/skia/src/sksl -I ../../third_party/skia/include/private -I ../../third_party/skia/include/client/android -I ../../third_party/skia/src/codec -I ../../third_party/skia/src/core -I ../../third_party/skia/src/image -I ../../third_party/skia/src/images -I ../../third_party/skia/src/opts -I ../../third_party/skia/src/pdf -I ../../third_party/skia/src/ports -I ../../third_party/skia/src/shaders -I ../../third_party/skia/src/shaders/gradients -I ../../third_party/skia/src/sfnt -I ../../third_party/skia/src/utils -I ../../third_party/skia/src/lazy -I ../../third_party/skia/third_party/gif -I ../../third_party/skia/include/utils/mac -I ../../third_party/skia/include/utils/ios -I ../../third_party/skia/src/effects/gradients -I ../../third_party/libwebp/src -I ../../third_party/freetype/include -I ../../third_party/freetype/src/include -I ../../third_party/libjpeg_turbo -I ../../third_party/libpng -I ../../third_party/zlib -I ../../third_party/sfntly/src/cpp/src -D DATE= -D TIME= -D TIMESTAMP= -stdlib=libc++ -O2 -Wno-builtin-macro-redefined -Werror -Wall -Wno-unused-variable -Wunguarded-availability -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-covered-switch-default -Wno-unneeded-internal-declaration -Wno-inconsistent-missing-override -Wno-undefined-var-template -Wno-nonportable-include-path -Wno-address-of-packed-member -Wno-unused-lambda-capture -Wno-user-defined-warnings -Wno-enum-compare-switch -std=c++14 -fdeprecated-macro -fdebug-compilation-dir /work/chromium/src/out/Release -ferror-limit 19 -fmessage-length 0 -fvisibility hidden -fvisibility-inlines-hidden -stack-protector 1 -fblocks -fno-rtti -fobjc-runtime=macosx-10.9.0 -fencode-extended-block-signature -fmax-type-align=16 -fdiagnostics-show-option -fcolor-diagnostics -vectorize-loops -vectorize-slp -o obj/skia/skia/GrDistanceFieldGenFromVector.o -x c++ ../../third_party/skia/src/gpu/GrDistanceFieldGenFromVector.cpp

1. parser at end of file
2. Code generation
3. Running pass 'Function Pass Manager' on module '../../third_party/skia/src/gpu/GrDistanceFieldGenFromVector.cpp'.
4. Running pass 'Machine Copy Propagation Pre-Register Rewrite Pass' on function '@_Z31GrGenerateDistanceFieldFromPathPhRK6SkPathRK8SkMatrixiim'
   clang-5.0: error: unable to execute command: Abort trap: 6
   clang-5.0: error: clang frontend command failed due to signal (use -v to see invocation)
   clang version 6.0.0 (trunk 312149) (llvm/trunk 312161)
   Target: x86_64-apple-darwin16.6.0
   Thread model: posix
   InstalledDir: /work/chromium/src/out/Release/../../../../llvm/build.release/bin
   clang-5.0: note: diagnostic msg: PLEASE submit a bug report to http://llvm.org/bugs/ and include the crash backtrace, preprocessed source, and associated run script.
   clang-5.0: note: diagnostic msg:

PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang-5.0: note: diagnostic msg: /var/folders/mq/yq2r1fpj2cj853j05wk2hvq80038wt/T/GrDistanceFieldGenFromVector-73475f.cpp
clang-5.0: note: diagnostic msg: /var/folders/mq/yq2r1fpj2cj853j05wk2hvq80038wt/T/GrDistanceFieldGenFromVector-73475f.sh
clang-5.0: note: diagnostic msg: /var/folders/mq/yq2r1fpj2cj853j05wk2hvq80038wt/T/GrDistanceFieldGenFromVector-73475f.crash
clang-5.0: note: diagnostic msg:

Managed to reproduce it with a position-independent build (to enable ASLR) on Linux and by running the test multiple times:

Configured with:

$ CFLAGS=-fPIE CXXFLAGS=-fPIE LDFLAGS=-pie cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=ON ../llvm

Then run with:

for i in seq 1 100 ; do build/bin/clang "-cc1" "-triple" "x86_64-apple-macosx10.9.0" "-Wdeprecated-objc-isa-usage" "-Werror=deprecated-objc-isa-usage" "-emit-obj" "-disable-free" "-main-file-name" "GrDistanceFieldGenFromVector.cpp" "-mrelocation-model" "pic" "-pic-level" "2" "-mthread-model" "posix" "-mdisable-fp-elim" "-relaxed-aliasing" "-masm-verbose" "-munwind-tables" "-faligned-alloc-unavailable" "-target-cpu" "core2" "-target-linker-version" "264.3.102" "-dwarf-column-info" "-debug-info-kind=line-tables-only" "-dwarf-version=2" "-debugger-tuning=lldb" "-coverage-notes-file" "/work/chromium/src/out/Release/obj/skia/skia/GrDistanceFieldGenFromVector.gcno" "-D" "V8_DEPRECATION_WARNINGS" "-D" "NO_TCMALLOC" "-D" "FULL_SAFE_BROWSING" "-D" "SAFE_BROWSING_CSD" "-D" "SAFE_BROWSING_DB_LOCAL" "-D" "CHROMIUM_BUILD" "-D" "FIELDTRIAL_TESTING_ENABLED" "-D" "CR_CLANG_REVISION="292947"" "-D" "CR_XCODE_VERSION=0832" "-D" "__ASSERT_MACROS_DEFINE_VERSIONS_WITHOUT_UNDERSCORE=0" "-D" "NDEBUG" "-D" "NVALGRIND" "-D" "DYNAMIC_ANNOTATIONS_ENABLED=0" "-D" "SK_IGNORE_LINEONLY_AA_CONVEX_PATH_OPTS" "-D" "SK_HAS_PNG_LIBRARY" "-D" "SK_HAS_WEBP_LIBRARY" "-D" "SK_HAS_JPEG_LIBRARY" "-D" "SK_SUPPORT_GPU=1" "-D" "SK_BUILD_FOR_MAC" "-D" "SK_FREETYPE_MINIMUM_RUNTIME_VERSION=(((FREETYPE_MAJOR) * 0x01000000) | ((FREETYPE_MINOR) * 0x00010000) | ((FREETYPE_PATCH) * 0x00000100))" "-D" "SK_GAMMA_SRGB" "-D" "SK_GAMMA_CONTRAST=0.0" "-D" "SK_DEFAULT_FONT_CACHE_LIMIT=20971520" "-D" "USE_LIBJPEG_TURBO=1" "-D" "DATE=" "-D" "TIME=" "-D" "TIMESTAMP=" "-stdlib=libc++" "-O2" "-Wno-builtin-macro-redefined" "-Werror" "-Wall" "-Wno-unused-variable" "-Wunguarded-availability" "-Wno-missing-field-initializers" "-Wno-unused-parameter" "-Wno-c++11-narrowing" "-Wno-covered-switch-default" "-Wno-unneeded-internal-declaration" "-Wno-inconsistent-missing-override" "-Wno-undefined-var-template" "-Wno-nonportable-include-path" "-Wno-address-of-packed-member" "-Wno-unused-lambda-capture" "-Wno-user-defined-warnings" "-Wno-enum-compare-switch" "-std=c++14" "-fdeprecated-macro" "-ferror-limit" "19" "-fmessage-length" "0" "-fvisibility" "hidden" "-fvisibility-inlines-hidden" "-stack-protector" "1" "-fblocks" "-fno-rtti" "-fobjc-runtime=macosx-10.9.0" "-fencode-extended-block-signature" "-fmax-type-align=16" "-fdiagnostics-show-option" "-fcolor-diagnostics" "-vectorize-loops" "-vectorize-slp" "-x" "c++" ~/Downloads/GrDistanceFieldGenFromVector-f354d4.cpp -o /tmp/a.o ; done

preprocessed source
Shorter invocation:

for i in seq 1 100; do build/bin/clang -cc1 -triple x86_64-apple-macosx10.9.0 -emit-obj -disable-free -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -masm-verbose -munwind-tables -faligned-alloc-unavailable -target-cpu core2 -target-linker-version 264.3.102 -dwarf-column-info -debug-info-kind=line-tables-only -dwarf-version=2 -debugger-tuning=lldb -stdlib=libc++ -O2 -std=c++14 -fvisibility hidden -fvisibility-inlines-hidden -stack-protector 1 -fblocks -fno-rtti -fobjc-runtime=macosx-10.9.0 -fencode-extended-block-signature -fmax-type-align=16 -vectorize-loops -vectorize-slp -x c++ /tmp/a.ii ; done
seq 1 100
clang: /usr/local/google/work/llvm.combined/llvm/include/llvm/MC/MCRegisterInfo.h:340: const llvm::MCRegisterDesc& llvm::MCRegisterInfo::operator[](unsigned int) const: Assertion `RegNo < NumRegs && "Attempting to access record for invalid register number!"' failed.
#​0 0x0000561598024c3a llvm::sys::PrintStackTrace(llvm::raw_ostream&) (build.reverse/bin/clang+0x21e0c3a)
#​1 0x0000561598022cee llvm::sys::RunSignalHandlers() (build.reverse/bin/clang+0x21decee)
#​2 0x0000561598022e52 SignalHandler(int) (build.reverse/bin/clang+0x21dee52)
#​3 0x00007f8c45715330 __restore_rt (/lib/x86_64-linux-gnu/libpthread.so.0+0x10330)
#​4 0x00007f8c44505c37 gsignal /build/eglibc-SvCtMH/eglibc-2.19/signal/../nptl/sysdeps/unix/sysv/linux/raise.c:56:0
#​5 0x00007f8c44509028 abort /build/eglibc-SvCtMH/eglibc-2.19/stdlib/abort.c:91:0
#​6 0x00007f8c444febf6 __assert_fail_base /build/eglibc-SvCtMH/eglibc-2.19/assert/assert.c:92:0
#​7 0x00007f8c444feca2 (/lib/x86_64-linux-gnu/libc.so.6+0x2fca2)
#​8 0x00005615967e840a llvm::MCRegUnitRootIterator::operator++() [clone .part.38] (build.reverse/bin/clang+0x9a440a)
#​9 0x00005615978a8cc1 (anonymous namespace)::MachineCopyPropagation::ClobberRegister(unsigned int) (build.reverse/bin/clang+0x1a64cc1)
#​10 0x00005615978ac23f (anonymous namespace)::MachineCopyPropagation::CopyPropagateBlock(llvm::MachineBasicBlock&) (build.reverse/bin/clang+0x1a6823f)
#​11 0x00005615978ad8c7 (anonymous namespace)::MachineCopyPropagation::runOnMachineFunction(llvm::MachineFunction&) (build.reverse/bin/clang+0x1a698c7)
#​12 0x00005615978d3325 llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (build.reverse/bin/clang+0x1a8f325)
#​13 0x0000561597bda963 llvm::FPPassManager::runOnFunction(llvm::Function&) (build.reverse/bin/clang+0x1d96963)
#​14 0x0000561597bdaa0c llvm::FPPassManager::runOnModule(llvm::Module&) (build.reverse/bin/clang+0x1d96a0c)
#​15 0x0000561597bdb79f llvm::legacy::PassManagerImpl::run(llvm::Module&) (build.reverse/bin/clang+0x1d9779f)
#​16 0x00005615981b2d3e (anonymous namespace)::EmitAssemblyHelper::EmitAssembly(clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) (build.reverse/bin/clang+0x236ed3e)
#​17 0x00005615981b401f clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::DataLayout const&, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_deletellvm::raw_pwrite_stream >) (build.reverse/bin/clang+0x237001f)
#​18 0x000056159889d76b clang::BackendConsumer::HandleTranslationUnit(clang::ASTContext&) (build.reverse/bin/clang+0x2a5976b)
#​19 0x0000561598c9e302 clang::ParseAST(clang::Sema&, bool, bool) (build.reverse/bin/clang+0x2e5a302)
#​20 0x000056159889ce0f clang::CodeGenAction::ExecuteAction() (build.reverse/bin/clang+0x2a58e0f)
#​21 0x000056159854fcd6 clang::FrontendAction::Execute() (build.reverse/bin/clang+0x270bcd6)
#​22 0x0000561598527a4e clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (build.reverse/bin/clang+0x26e3a4e)
#​23 0x00005615985dea5b clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (build.reverse/bin/clang+0x279aa5b)
#​24 0x0000561596b03a98 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (build.reverse/bin/clang+0xcbfa98)
#​25 0x0000561596a9ae4f main (build.reverse/bin/clang+0xc56e4f)
#​26 0x00007f8c444f0f45 __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:321:0
#​27 0x0000561596aff099 _start (build.reverse/bin/clang+0xcbb099)
Stack dump:
0. Program arguments: build.reverse/bin/clang -cc1 -triple x86_64-apple-macosx10.9.0 -emit-obj -disable-free -mrelocation-model pic -pic-level 2 -mthread-model posix -mdisable-fp-elim -relaxed-aliasing -masm-verbose -munwind-tables -faligned-alloc-unavailable -target-cpu core2 -target-linker-version 264.3.102 -dwarf-column-info -debug-info-kind=line-tables-only -dwarf-version=2 -debugger-tuning=lldb -stdlib=libc++ -O2 -std=c++14 -fvisibility hidden -fvisibility-inlines-hidden -stack-protector 1 -fblocks -fno-rtti -fobjc-runtime=macosx-10.9.0 -fencode-extended-block-signature -fmax-type-align=16 -vectorize-loops -vectorize-slp -x c++ /tmp/a.ii

1. parser at end of file
2. Code generation
3. Running pass 'Function Pass Manager' on module '/tmp/a.ii'.
4. Running pass 'Machine Copy Propagation Pre-Register Rewrite Pass' on function '@_Z31GrGenerateDistanceFieldFromPathPhRK6SkPathRK8SkMatrixiim'
   Aborted (core dumped)

Reverting r312154 fixes it. I assume this is some iteration order problem.

Reverting r312154 fixes it. I assume this is some iteration order problem.

Reverted in r312178.

I'm having trouble reproducing this as well. Can you tell me what version of clang/gcc and what compiler flags were used to build the clang your are testing?

I'm having trouble reproducing this as well. Can you tell me what version
of clang/gcc and what compiler flags were used to build the clang your are
testing?

The version I used was clang version 6.0.0 (trunk 312149) (llvm/trunk 312161)

I configured my build like this:

$ CFLAGS=-fPIE CXXFLAGS=-fPIE LDFLAGS=-pie cmake -GNinja -DCMAKE_BUILD_TYPE=Release -DLLVM_ENABLE_ASSERTIONS=ON ../llvm

And built with gcc 4.9.0.

I think what matters is to make sure it's built as a position-independent executable and run with aslr enabled, as the problem seems to be due to iteration order of something where the order depends on pointer values.

Thanks, that did the trick.
I've re-committed the original change in r312328 with a fix for this problem. The bug was that the current instruction in the optimization loop was being deleted and replaced by LiveRangeEdit::eliminateDeadDefs() in the middle of the loop. The fix was to move the dead instruction elimination to after the loop instead.