https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81195
--- Comment #4 from Jim Wilson <wilson at gcc dot gnu.org> --- Suppose we move the locking inside the if statement. Suppose newunit_tos is 1. Two threads hit the statement if (newunit_tos) at the same time, and both enter the if block. We then hit the lock. The first thread gets the lock, grabs newunit_stack[1], sets newunit_tos to 0, and then unlocks. The second thread waits for the lock, grabs newunit_stack[0] which is an invalid struct of all zeros, sets newunit_tos to -1, and then unlocks. The next thread then gets newunit_stack[-1] which is an out-of-bounds array access. There might be other ways to write this, but I'm convinced that newunit_tos does have to be checked after we grab the lock.
