> i.e. we have a 64b address space but not 2^64 memory locations.
Except the designers foresaw this and established Canonical Addresses[0] to prevent people from using that "unused" space for tags. The space is explicitly reserved. This is probably why LuaJIT uses NaN tagging of doubles instead of tagged pointers.. even though that causes an issue of it's own[1].
On Arm, PAC and MTE eat that space instead. (and you'll have Morello with 128-bit pointers soon, let's see if it'll end up being considered as productible for future Arm designs)