saurabh.v

Posted on

# Time of check to time of use (TOCTOU): A race condition

This article was first published on Medium. You can take a look at it here.

Explanation of this topic starts with an analogy taking an example from real life to understand the concept better.

It was afternoon when John was going to the office and he told his wife Shahana that he will come by 5:00 in the evening. He told her to keep tea ready by then.

Shahana cared for her husband. So the first thing that she did was to check if all ingredients required for making tea are there. Everything was fine except sugar which was in less quantity but it was enough to make tea for her husband.

She felt satisfied and went to have sleep for few hours before her husband comes. While she was sleeping, their maid came and performed her regular household tasks.

After completing her tasks, she felt tired and so she thought to have a cup of tea. Usually, she asks Shahana before using anything from kitchen but since Shahana was sleeping she proceeded with making a cup of tea for herself.

She saw that everything required for making tea was available in the kitchen. It took few minutes for the tea to be ready. She drank and left.

Till this point, story looked bit plain but problem starts now.

Shahana woke up and since she was sure that there is enough quantity of each ingredient for making the tea, she started making it.

In between the process of making, she realised that the sugar is not there.
OH, MY GOD !!
WHAT SHALL SHE DO NOW?

This is where the concept of TOCTOU (TIME OF CHECK TO TIME OF UPDATE) kicks in.

WHAT IS TOCTOU?
Wikipedia states that

In software development, time of check to time of use (TOCTTOU or TOCTOU, pronounced “TOCK too”) is a class of software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check. This is one example of a race condition.

TOCTOU states that race condition can occur if the state of the system changes between the moment when some condition was checked by a process and the moment when the action was taken based on that condition by the same process.

How is above-written example relevant?

If we see the above example, shahana and maid are 2 processes which are trying to access the common resource which is sugar.

Same situation can occur in concurrent programming environment when there is a single resource (object/ variable) being accessed and modified by more than one process.

Operating system can put a running process on hold and allow another process to use CPU for some time.

Now it can happen that the new process is also modifying the same resource which was being accessed by the former process and hence the chances of occurrence of race condition erupt!!

If you liked the article, please share it with others.