Segfault on incorrect phi label

[YC]

Clang segfaults when an incorrect label is given for phi.

define dso_local zeroext i1 @f(i1 noundef zeroext %0, i1 noundef zeroext %1) {
  %3 = alloca i1
  %4 = alloca i1
  store i1 %0, i1* %3
  store i1 %1, i1* %4
  %5 = load i1, i1* %3
  %6 = load i1, i1* %4

  br i1 %5, label %8, label %7

7:
  br label %8

8:
  %9 = phi i1 [ true, %7 ], [ %6, %7 ]      ; incorrect label, first %7 should be %2
  ret i1 %9
}

@.str = private unnamed_addr constant [4 x i8] c"%d\0A\00", align 1
declare i32 @printf(i8* noundef, ...)

define dso_local i32 @main() {
  %1 = call zeroext i1 @f(i1 noundef zeroext 0, i1 noundef zeroext 1)
  %2 = zext i1 %1 to i32
  %3 = call i32 (i8*, ...) @printf(i8* noundef getelementptr inbounds ([4 x i8], [4 x i8]* @.str, i64 0, i64 0), i32 noundef %2)

  %4 = call zeroext i1 @f(i1 noundef zeroext 0, i1 noundef zeroext 0)
  %5 = zext i1 %4 to i32
  %6 = call i32 (i8*, ...) @printf(i8* noundef getelementptr inbounds ([4 x i8], [4 x i8]* @.str, i64 0, i64 0), i32 noundef %5)

  ret i32 0
}

$ clang -o test modified.ll 
warning: overriding the module target triple with x86_64-pc-linux-gnu [-Woverride-module]
PLEASE submit a bug report to https://github.com/llvm/llvm-project/issues/ and include the crash backtrace, preprocessed source, and associated run script.
Stack dump:
0.      Program arguments: /usr/bin/clang-14 -cc1 -triple x86_64-pc-linux-gnu -emit-obj -mrelax-all --mrelax-relocations -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name modified.ll -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -mllvm -treat-scalable-fixed-error-as-warning -debugger-tuning=gdb -fcoverage-compilation-dir=/home/steve/Desktop -resource-dir /usr/lib/clang/14.0.6 -fdebug-compilation-dir=/home/steve/Desktop -ferror-limit 19 -stack-protector 2 -fgnuc-version=4.2.1 -fcolor-diagnostics -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/modified-f922e3.o -x ir modified.ll
1.      Code generation
2.      Running pass 'Function Pass Manager' on module 'modified.ll'.
3.      Running pass 'X86 DAG->DAG Instruction Selection' on function '@f'
 #0 0x00007f9ee2ad545a (/usr/lib/libLLVM-14.so+0xcd545a)
 #1 0x00007f9ee2ad2aef llvm::sys::RunSignalHandlers() (/usr/lib/libLLVM-14.so+0xcd2aef)
 #2 0x00007f9ee2ad2c3d (/usr/lib/libLLVM-14.so+0xcd2c3d)
 #3 0x00007f9ee1851a00 (/usr/lib/libc.so.6+0x38a00)
 #4 0x00007f9ee32fe174 llvm::FastISel::handlePHINodesInSuccessorBlocks(llvm::BasicBlock const*) (/usr/lib/libLLVM-14.so+0x14fe174)
 #5 0x00007f9ee32fec4c llvm::FastISel::selectInstruction(llvm::Instruction const*) (/usr/lib/libLLVM-14.so+0x14fec4c)
 #6 0x00007f9ee34a954a llvm::SelectionDAGISel::SelectAllBasicBlocks(llvm::Function const&) (/usr/lib/libLLVM-14.so+0x16a954a)
 #7 0x00007f9ee34ac12a (/usr/lib/libLLVM-14.so+0x16ac12a)
 #8 0x00007f9ee5e94c77 (/usr/lib/libLLVM-14.so+0x4094c77)
 #9 0x00007f9ee2f22b0e llvm::MachineFunctionPass::runOnFunction(llvm::Function&) (/usr/lib/libLLVM-14.so+0x1122b0e)
#10 0x00007f9ee2c426d0 llvm::FPPassManager::runOnFunction(llvm::Function&) (/usr/lib/libLLVM-14.so+0xe426d0)
#11 0x00007f9ee2c42814 llvm::FPPassManager::runOnModule(llvm::Module&) (/usr/lib/libLLVM-14.so+0xe42814)
#12 0x00007f9ee2c440bb llvm::legacy::PassManagerImpl::run(llvm::Module&) (/usr/lib/libLLVM-14.so+0xe440bb)
#13 0x00007f9eea49f767 clang::EmitBackendOutput(clang::DiagnosticsEngine&, clang::HeaderSearchOptions const&, clang::CodeGenOptions const&, clang::TargetOptions const&, clang::LangOptions const&, llvm::StringRef, llvm::Module*, clang::BackendAction, std::unique_ptr<llvm::raw_pwrite_stream, std::default_delete<llvm::raw_pwrite_stream> >) (/usr/lib/libclang-cpp.so.14+0x149f767)
#14 0x00007f9eea77fe2f clang::CodeGenAction::ExecuteAction() (/usr/lib/libclang-cpp.so.14+0x177fe2f)
#15 0x00007f9eeadb3f39 clang::FrontendAction::Execute() (/usr/lib/libclang-cpp.so.14+0x1db3f39)
#16 0x00007f9eead53427 clang::CompilerInstance::ExecuteAction(clang::FrontendAction&) (/usr/lib/libclang-cpp.so.14+0x1d53427)
#17 0x00007f9eeae0ae7a clang::ExecuteCompilerInvocation(clang::CompilerInstance*) (/usr/lib/libclang-cpp.so.14+0x1e0ae7a)
#18 0x000055a6162956f1 cc1_main(llvm::ArrayRef<char const*>, char const*, void*) (/usr/bin/clang-14+0x176f1)
#19 0x000055a616297337 (/usr/bin/clang-14+0x19337)
#20 0x000055a61628b216 main (/usr/bin/clang-14+0xd216)
#21 0x00007f9ee183c290 (/usr/lib/libc.so.6+0x23290)
#22 0x00007f9ee183c34a __libc_start_main (/usr/lib/libc.so.6+0x2334a)
#23 0x000055a61628d655 _start (/usr/bin/clang-14+0xf655)
clang-14: error: unable to execute command: Segmentation fault (core dumped)
clang-14: error: clang frontend command failed due to signal (use -v to see invocation)
clang version 14.0.6
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang-14: note: diagnostic msg: Error generating preprocessed source(s) - no preprocessable inputs.

[nikic]

This is the usual issue where compiling IR with clang (rather than opt) does not run the IR verifier.

[llvmbot]

@llvm/issue-subscribers-backend-x86

[asl]

Running IR verifier yields:

PHI node entries do not match predecessors!
  %9 = phi i1 [ true, %7 ], [ %6, %7 ]
label %7
label %2
opt: modified.ll: error: input module is broken!

So, maybe clang should just always run IR verifier?