Update to enable stable toolchain

[thenewwazoo]

PR content

This commit makes a small number of updates necessary to adopt the stable toolchain:

• Sets the stable toolchain as the default by config. Invoking nightly will require using +nightly-2025-07-20 per Update to nightly-2025-07-20 #2169.
• Removes references to nightly requirements in the FAQ, and adds a note about enabling stack size checking being the only thing that requires nightly.
• Removes code that passes the -Z flag to cargo to enable nightly features.
• Updates #[naked] and asm! usage to stable convention, which is #[unsafe(naked)] and naked_asm!. Any affected assembly sections are expected to diverge (which was previously handled by options(noreturn)) or end with a trap (in the case of _start).
• Replaces used(linker) with used, which is equivalent.
• Adds a code path in the dist build task to build endoscope if the task being built has a name drv_lpc55_swd, upon which it depends. This is because artifact dependencies are not stable, but lcp55-swd depends on having the endoscope binary available to its build script.
• Gates stack size emission and check behind a rustc_version channel check. Passing +nightly-2025-07-20 to cargo (when invoking xtask) will enable the check.

Fixes #1927

Open questions

• This PR implicitly declares a MSRV of 1.89.0, but no MSRV policy, which requires the input of the maintainers.
• Excepting the FAQ, the preferred nightly version is not actually encoded anywhere. You just have to kind of already know that 2025-07-20 is the blessed nightly version.
• I have not run this on production hardware.
• Checking task stack sizes is something that should be done in CI, but that requires tooling changes.

[labbott]

Ooooh this is really a deal breaker right now I think :/

We really need the stack size checking feature as stackoverflows are one of the biggest hubris pain points

[thenewwazoo]

That's okay - the work is done, and going from "here is a list of nightly features we use" to "here is the one thing we use nightly for" is an improvement. and my goal was to knock out an easy task to familiarise myself with hubris, so: mission accomplished.

lmk if I should carve this change out slash refactor this PR as getting 90% there, or if there's more internal discussion to be had.

[dancrossnyc]

I confess I haven't looked too closely at the mechanism or how it is implemented in practice, but I wonder if we need it in production? Or could we make it part of a CI pipeline with RUSTC_BOOTSTRAP=1?

[thenewwazoo]

There are two aspects to the stack size check vis-a-vis compilation:

• The build method in dist.rs uses RUSTFLAGS to cause the rustc it invokes to emit stack size info. This requires that rustc binary to be a nightly version.
• The package method in dist.rs loops over every task and checks it for overflow. The get_max_stack function does not actually require nightly, but will explode the packaging process if the stack info is not found.

The first aspect is the tricker one. Right now, my current design expects cargo to be invoked with +nightly-... at the topmost level (i.e. cargo +nightly-... xtask ...) in order to implicitly select the nightly compiler. The rustc façade will take a toolchain spec, so the toolchain selection could potentially be pushed into the dist task by conditionally adding a +nightly-... argument to rustc. The BuildConfig used to locate rustc appears to support using a façade, though its default construction specifies the sysroot, which I think implies deeper plumbing would be necessary. The net result of this would be a stable compiler building a dist build task which invokes a nightly compiler to compile firmware tasks.

The second aspect is easier. If we shouldn't expect to find stack size info, just eat the error and move on.

[thenewwazoo]

Thinking about this a bit more, the stack checking is not something that ends up in the production image, if that makes sense. You could use nightly to build a binary, emitting stack size info as a side-effect, and then throw that binary away in favor of a stable-toolchain-built binary, assuming all else is equal (... a big assumption, maybe).

[dancrossnyc]

Yeah, that was kind of what I was going for with my earlier comment about only doing the stack checks with in CI, and not production. I apologize for being terribly vague there, however.

But a two-step process, where one builds a binary with the stack size data via setting RUSTC_BOOTSTRAP=1 and setting the magic -Z flag in RUSTFLAGS, and then building another binary without setting RUSTC_BOOTSTRAP, was what I meant.

I presume we can use the same compiler binary for both invocations, and that we don't need an actual nightly compiler binary for either, as long as we set RUSTC_BOOTSTRAP=1 for the case where we need the stack data.