Control flow integrity instruction pointer patching

What is claimed is: 1 . A method for monitoring a computing system, comprising: determining a learned control flow directed graph (CFDG) for a program executed by a computing device, the learned CFDG comprising embeddings within one or more transitions within the program that extend the one or more transitions to point to a table stored in memory and comprising a set of valid target destinations, wherein: determining the learned CFDG comprises observing execution of the program during an observation phase and building the learned CFDG based on observed executions of the program; and during the observation phase, the program is executed using a first set of valid target destinations; determining, based on the learned CFDG, the set of valid target destinations for the one or more transitions within the program, the one or more transitions including the embeddings and directing to a different portion of the program or to a separate program, wherein determining the set of valid target destinations comprises determining a second set of valid target destinations for the one or more transitions based on the learned CFDG; executing instructions of the program; and when executing a transition of the one or more transitions within the program: determining a destination for the transition; accessing, based on an embedding in the transition, the table comprising the set of valid target destinations; performing the transition in response to the destination being included within the set of valid target destinations in the table; and performing a secondary action in response to the destination not being included within the set of valid target destinations in the table. 2 . The method of claim 1 , wherein the one or more transitions comprise at least one of a call, a jump, or a return within the program. 3 . The method of claim 1 , wherein during the observation phase, determining the set of valid target destinations comprises enabling any transitions at run time. 4 . The method of claim 1 , wherein the secondary action comprises at least one of: executing the transition to a default target destination; or terminating the transition. 5 . The method of claim 1 , wherein the learned CFDG is embedded in an instruction stream or in generated binary of hardware and accessed at the execution of the program. 6 . A system comprising: one or more processors; and one or more non-transitory computer-readable media storing computer-executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising: determining prior to run time, a learned control flow directed graph (CFDG) for a program executed by a computing device, the learned CFDG comprising embeddings within one or more transitions of the program that are extended to point to a table stored in memory and comprising first valid target destinations; determining, based on observing execution of the program prior to run time, second valid target destinations for the one or more transitions within the program, the one or more transitions directing to a different portion of the program or to a separate program, the second valid target destinations being included in the table; executing, at run time, instructions of the program; and during execution of the instructions and when executing a transition of the one or more transitions within the program: determining a destination for the transition; accessing, based on an embedding included in the transition, the table, wherein the embedding extends the transition to point to the table; performing the transition in response to the destination being included within the table; and performing a secondary action in response to the destination not being included within the table. 7 . The system of claim 6 , wherein the secondary action comprises terminating the transition. 8 . The system of claim 6 , wherein the secondary action may be based at least in part on a type of transition. 9 . The system of claim 6 , wherein the secondary action may comprise determining a valid target destination based on the learned CFDG, the valid target destination not being included in the table of valid target destinations. 10 . The system of claim 9 , wherein the valid target destination is further based on a risk score determined based at least in part on the learned CFDG. 11 . The system of claim 6 , wherein performing the secondary action comprises performing a second transition to a valid target destination of the first valid target destinations or the second valid target destinations. 12 . The system of claim 6 , wherein the secondary action comprises executing the transition to a default destination included in the table. 13 . One or more non-transitory computer-readable media storing computer-readable instructions that, when executed by one or more processors, cause the one or more processors to: determine a learned control flow directed graph (CFDG) for a program executed by a computing device, the learned CFDG comprising embeddings within one or more transitions within the program that extend the one or more transitions to point to a table comprising a set of valid target destinations, wherein: determining the learned CFDG comprises observing execution of the program during an observation phase and building the learned CFDG based on observed executions of the program prior to run time; and for determining the learned CFDG, the program is executed using a first set of valid target destinations; determine, based in part on the learned CFDG, the set of valid target destinations for the one or more transitions within the program, the one or more transitions including the embeddings and directing to a different portion of the program or to a separate program, wherein determining the set of valid target destinations comprises determining a second set of valid target destinations for the one or more transitions based on the learned CFDG; execute instructions of the program; and during execution of the instructions and when executing a transition of the one or more transitions within the program: determine a destination within the program for the transition; access, based on an embedding in the transition extending the transition to point to the table, the set of valid target destinations; perform the transition in response to the destination being included within the set of valid target destinations; and perform a secondary action in response to the destination not being included within the set of valid target destinations. 14 . The one or more non-transitory computer-readable media of claim 13 , wherein the learned CFDG is embedded in an instruction stream or generated binary of hardware and accessed at run time of the program. 15 . The one or more non-transitory computer-readable media of claim 13 , wherein the secondary action comprises at least one of: executing the transition to a default target destination; or terminating the transition. 16 . The one or more non-transitory computer-readable media of claim 13 , wherein performing the secondary action comprises performing a second transition to a valid target destination of the set of valid target destinations.