If two pointers compared in an ICmp instruction are both the result
of an allocation, or pointing into/to the end of an allocation, hence:
- dereferenceable pointers,
- noalias return pointers, (including the unique value potentiall resulting from a malloc(0) call)
- null, (if null is not a valid pointer)
then there are no "bit-tricks" possible to learn about the pointer
bits. Put differently, one cannot learn about a pointer in these
category because one cannot manipulate the other pointer freely while
keeping it in these categories. So the "other pointer" is either
"fixed" (null or something and special returned by malloc(0)) or for
the most part not controllable, e.g., the "random" allocation location
(alloc, malloc, etc.) which only allows manipulation of a few bits up
to the (log of the) allocation size.