What could be done better if it could break the ABI?

You could pass around fat pointers everywhere. This is more efficient than probabilistically setting up redzones.

True, but that doesn't address (heh) the briefly-goes-out-of-bounds-and-then-in-bounds scenario. Again, I'm not 100% that that's technically UB, but I think so?

(It would have be to be for very esoteric addressing modes, maybe relevant on ancient pre-linear address space architectures?)

That would be a check on each arithmetic operation.