To address low early branch coverage in grey-box fuzzing, this paper proposes a lightweight, control-flow-graph (CFG)-semantic input scheduling strategy: it guides mutation prioritization using the topological distance between uncovered edges and the current execution path, eliminating the need for static analysis or constraint solving. The approach integrates CFG construction, path-distance measurement, and feedback-driven mutation, implemented within the LibAFL framework. Evaluated on the FuzzBench benchmark, it achieves the highest average code coverage and overall ranking—significantly outperforming all contemporaneous fuzzers in the suite. Its core innovation lies in being the first to directly leverage the topological distance of uncovered CFG edges for input selection, thereby achieving an optimal balance of efficiency, generality, and practicality.

Since the advent of AFL, the use of mutational, feedback directed, grey-box fuzzers has become critical in the automated detection of security vulnerabilities. A great deal of research currently goes into their optimisation, including improving the rate at which they achieve branch coverage early in a campaign. We produce an augmented version of LibAFL's `fuzzbench' fuzzer, called PrescientFuzz, that makes use of semantic information from the target program's control flow graph (CFG). We develop an input corpus scheduler that prioritises the selection of inputs for mutation based on the proximity of their execution path to uncovered edges. Simple as this idea is, PrescientFuzz leads all fuzzers using the Google FuzzBench at the time of writing -- in both average code coverage and average ranking, across the benchmark SUTs. Whilst the existence of uncovered edges in the CFG does not guarantee their feasibility, the improvement in coverage over the state-of-the-art fuzzers suggests that this is not an issue in practice.