Race condition in check-then-act patterns — TOCTOU bugs

Code checks if a resource exists, then acts. Between check and act, the state changes, causing errors or security vulnerabilities.

TOCTOU is inherently racy. Fix: (1) Just do the operation and handle the error: use wx flag for exclusive create. (2) Use atomic operations: rename instead of check+write. (3) Use locks for critical sections. (4) Databases: use UPSERT instead of SELECT then INSERT. (5) Use file locks (flock) for file system operations.

Between checking and acting, any concurrent process can change the state. The only safe approach is atomic operations or locks.