Actually fix the bug, which was a doozy:  OrphanBuilder::tag was sometimes initialized using WirePointer::setKindAndTarget(), but since the tag didn't live inside the target segment, this used illegal pointer arithmetic.  The target is never read from an orphan tag anyway, so I thought it would be no big deal.  But it turns out Clang actually optimizes under the assumption that pointer arithmetic returns a whole value.  As a result, on 32-bit system where 64-bit values are only 32-bit aligned, the tag and target might not have been a whole number of words apart, and the extra bit actually found its way into the 'kind' bits, causing e.g. a struct pointer to become an invalid far pointer.  Crash.  The fix required refactoring to ensure that setKindAndOffset() is never used for orphan tags.