Using .caller, one can get access to the internal function that invokes the
handler passed to Promise.prototype.then.  This internal function is a TF
builtin that was set up as non-native and without an argument adaptor.  As a
consequence of this, when accessing .arguments on it, the frame-walking logic in
the .arguments accessor thinks the number of arguments is -1 and we try to
allocate an array of size -1.

This CL marks the builtin function as native (making its .arguments be null),
along with a few others that may have been incorrect in the same way.

BUG=chromium:682349

Review-Url: https://codereview.chromium.org/2672453002
Cr-Commit-Position: refs/heads/master@{#42855}