Date object needs to check for ES5 15.9.1.14 TimeClip limit.

Date object needs to check for ES5 15.9.1.14 TimeClip limit.
<https://webkit.org/b/131248>

Reviewed by Mark Hahnenberg.

Source/JavaScriptCore:

The current Date object code does not adequately check for the ES5
15.9.1.14 TimeClip limit.  As a result, some calculations can underflow
/ overflow and produce unexpected results.

For example, we were getting an assertion failure in
WTF::equivalentYearForDST() due int underflows in this function, which
in turn were due to an int overflow in WTF::msToYear().

This patch adds the needed checks, and adds some assertions to ensure
that the used values are sane.

The changes have no noticeable impact on benchmark results.

* runtime/DateConstructor.cpp:
(JSC::callDate):
* runtime/JSDateMath.cpp:
(JSC::localTimeOffset):
(JSC::gregorianDateTimeToMS):
(JSC::msToGregorianDateTime):
(JSC::parseDateFromNullTerminatedCharacters):
(JSC::parseDate):
* runtime/JSDateMath.h:
- parseDateFromNullTerminatedCharacters() does not need to be public.
  Made it a static function.
* runtime/VM.cpp:
(JSC::VM::resetDateCache):
- Changed cachedDateStringValue to use std::numeric_limits<double>::quiet_NaN()
  to be consistent with other Date code.

Source/WTF:

* wtf/DateMath.cpp:
- Moved the definition of maxECMAScriptTime to the .h file so that we
  can use it in other files as well.
(WTF::msToYear):
- Removed a stale comment for parseDateFromNullTerminatedCharacters().
* wtf/DateMath.h:

LayoutTests:

* js/regress-131248-expected.txt: Added.
* js/regress-131248.html: Added.
* js/script-tests/regress-131248.js: Added.
(testDateFromSetDateAdjustement):
(testDateFromSetTimeWithMilliseconds):
(testDateFromString):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166876 268f45cc-cd09-0410-ab3c-d52691b4dbfc