Reference 1
By alignment: Certain types of data will be aligned to the size of data, often a word or multiple thereof. This discrepancy leaves a few of the least significant bits of the pointer unused, which can be used for tags – most often as a bit field (each bit a separate tag) – as long as code that uses the pointer masks out these bits before accessing memory.
For example, 32-bit architecture, word size is 32bits = 4 bytes; thus word-aligned addresses are always a multiple of 4, hence end in 00, leaving the last 2 bits available. On 64-bit architecture, a word is 64 bits word = 8 bytes; so word aligned addresses end in 000, leaving last 3 bits available. For word-addressable architectures, word-aligned data does not leave any bits available.
In some operating systems, virtual addresses are narrower than the overall architecture width, which leaves the most significant bits available for tags. On 64-bit architectures, many practical 64-bit processors have narrower addresses. Note that the virtual address width may be narrower than the physical address width, which in turn may be narrower than the architectural width; for tagging of pointers in user space, the virtual address space provided by the operating system (in turn provided by the memory management unit) is the relevant width.
References: In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection More
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?