If tun==NULL, then tun->sk will cause the executing code to crash (unless it is suppressed with a custom SIGSEGV handler). The compiler removing the if in this case will not change that behaviour. I don't see what case the paper is indicating this optimization would be a problem.
Granted, the if is in the wrong place and this is clearly a bug. But removing the if will not introduce any security bugs that are not already present in the code (unlike the optimizations that remove overflow checks).
How easy it is for the compiler to report the bug in the user's code (null check after use) is another question. It may be that this is deep in the gcc optimisation pass and it does not have enough information to generate a warning/error for this. Static analysers like sparse and llvm in static-analysis mode should be able to detect this, though.
The moon is made of green cheese. -- John Heywood