Differential fuzzers detect bugs by executing identical inputs across distinct implementations of the same specification, such as JavaScript interpreters. Validating the outputs requires an oracle and for differential testing of JavaScript, these are constructed manually, making them expensive, time-consuming, and prone to false positives. Worse, when the specification evolves, this manual effort must be repeated. Inspired by the success of agentic systems in other SE domains, this paper introduces SmartOracle. SmartOracle decomposes the manual triage workflow into specialized Large Language Model (LLM) sub-agents. These agents synthesize independently gathered evidence from terminal runs and targeted specification queries to reach a final verdict. For historical benchmarks, SmartOracle achieves 0.84 recall with an 18% false positive rate. Compared to a sequential Gemini 2.5 Pro baseline, it improves triage accuracy while reducing analysis time by 4$\times$ and API costs by 10$\times$. In active fuzzing campaigns, SmartOracle successfully identified and reported previously unknown specification-level issues across major engines, including bugs in V8, JavaScriptCore, and GraalJS. The success of SmartOracle's agentic architecture on Javascript suggests it might be useful other software systems- a research direction we will explore in future work.

翻译：差分模糊测试通过在不同实现（如JavaScript解释器）上执行相同输入来检测错误。验证输出需要预言机，而针对JavaScript的差分测试预言机目前需手动构建，导致其成本高昂、耗时且易产生误报。更严重的是，当规范更新时，必须重复此手动过程。受智能体系统在其他软件工程领域成功的启发，本文提出SmartOracle。它将人工分类工作流分解为专用的大型语言模型子智能体。这些智能体综合来自终端运行和针对性规范查询的独立证据，以达成最终判定。在历史基准测试中，SmartOracle实现了0.84的召回率，误报率为18%。与顺序式Gemini 2.5 Pro基线相比，它在提升分类准确率的同时，将分析时间降低至1/4，API成本减少至1/10。在主动模糊测试活动中，SmartOracle成功识别并报告了多个主流引擎中先前未知的规范级问题，包括V8、JavaScriptCore和GraalJS中的错误。SmartOracle智能体架构在JavaScript上的成功表明其可能适用于其他软件系统——这是我们未来工作中将探索的研究方向。