Update z3 requirement from 0.19.7 to 0.20.0

[dependabot]

Updates the requirements on z3 to permit the latest version.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[ThomasTNO]

@domenukk, we would be interested in having this update merged. Looking at the logs of the failed jobs I believe this has to do with the dependencies within the runner. What are your thoughts?

[domenukk]

Undefined reference to `Z3_is_char_sort'

For sure the z3 crate broke something in their build again...

[ThomasTNO]

I see...

I am guessing that there is some Z3 version mismatch. The Z3 shared library installed on the GitHub Actions runner might be too old and doesn't export the new symbols.

These API functions were introduced in Z3 ~4.12+. The runner likely has an older system-packaged Z3 (Ubuntu/Debian typically ships 4.8.x–4.11.x).

[domenukk]

Then we somehow need to fix the env? or otherwise use a prepackaged z3?

[toolCHAINZ]

Hello, rust z3 bindings maintainer (and occasional afl user) here! I believe the problem is exactly what @ThomasTNO said. This particular problem will hopefully resolve itself soon as Ubuntu 26.04 bumped the apt-bundled z3 to 4.13.3. This is still a year and a half out of date but is at least not 5 years out of date.

Starting with v0.20 I'm wanting to try to try to actually track z3's exported APIs more closely; the rust bindings have always lagged years behind because of this ubuntu packaging lag and there's now a lot of uncovered, useful, Z3 API surface that's missing. So even if the runner updates to the latest ubuntu, this is liable to happen again (for future minor crate version bumps) as long as you're installing from apt (basically any time new support for an API is added, even if it's years-old).

In the meantime, if you wanted to still upgrade to v0.20 your options are:

• Use a github action for installing z3 like https://github.com/cda-tum/setup-z3 or https://github.com/pavpanchekha/setup-z3 instead of installing from apt. This is probably the easiest option and what I would recommend. The rust bindings will automatically find this and link against it (provided there's no apt copy in the path first).
• Use one of the z3 crate feature flags for pulling in newer versions, both of which have drawbacks for CI
  • gh-release pulls compiled releases from github, but you have to configure a github PAT in the job to avoid being rate limited
  • vendored builds z3 from source, but this can take a while. It does get cached in target so it shouldn't be an "all-the-time" cost but will add a decent amount of time on to cold builds.