[wasm] Do not produce code for br_if if its condition does not validate.

I could not reproduce the bug in either a unittest nor a cctest. That's
why I created an mjsunit test now.

BUG=chromium:644682
R=titzer@chromium.org

Review-Url: https://codereview.chromium.org/2319213003
Cr-Commit-Position: refs/heads/master@{#39282}

src/wasm/ast-decoder.cc

@@ -1023,7 +1023,7 @@ class WasmFullDecoder : public WasmDecoder {
             Value cond = Pop(operand.arity, kAstI32);
             Value val = {pc_, nullptr, kAstStmt};
             if (operand.arity == 1) val = Pop();
-            if (Validate(pc_, operand, control_)) {
+            if (ok() && Validate(pc_, operand, control_)) {
               SsaEnv* fenv = ssa_env_;
               SsaEnv* tenv = Split(fenv);
               fenv->SetNotMerged();

test/mjsunit/wasm/regression-644682.js

+// Copyright 2016 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-wasm
+
+load("test/mjsunit/wasm/wasm-constants.js");
+load("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function() {
+var builder = new WasmModuleBuilder();
+builder.addFunction("regression_644682", kSig_i_v)
+  .addBody([
+            kExprBlock,   // @1
+            kExprI32Const, 0x3b,
+            kExprI32LoadMem, 0x00, 0x00,
+            kExprI32Const, 0x10,
+            kExprBrIf, 0x01, 0x00,   // arity=1 depth0
+            kExprI32Const, 0x45,
+            kExprI32Const, 0x3b,
+            kExprI64LoadMem16S, 0x00, 0x3b,
+            kExprBrIf, 0x01, 0x00   // arity=1 depth0
+            ])
+            .exportFunc();
+assertThrows(function() { builder.instantiate(); });
+})();