TOCTOU

TOCTOU, short for time-of-check to time-of-use, is a class of race condition in which a program makes a decision based on a condition that can change before the action using that information is carried out. The pattern involves a check phase (time of check) followed by a use phase (time of use). If another process or thread alters the resource in between, the invariant assumed at check time may no longer hold, leading to errors, inconsistency, or security breaches.

Common domains for TOCTOU bugs include file systems and resources managed by the operating system. For example,

Mitigation focuses on making the check and use atomic or tightly synchronized. Approaches include using atomic

See also: race condition, atomicity, synchronization.