LeakCanary的使用
//gradle文件中添加加依赖
releaseImplementation "com.squareup.leakcanary:leakcanary-android-no-op:1.6.3"
debugImplementation "com.squareup.leakcanary:leakcanary-android:1.6.3"
// 如果使用了support fragment,需要依赖
debugImplementation "com.squareup.leakcanary:leakcanary-support-fragment:1.6.3"
//Application加入,
if (!LeakCanary.isInAnalyzerProcess(this)) {
LeakCanary.install(this);
}
LeakCanary是如何找到内存泄露的?
我们从使用 LeakCanary 的地方开始看起,LeakCanary.install(this)。
LeakCanary#install
public static RefWatcher install(@NonNull Application application) {
return refWatcher(application)//创建AndroidRefWatcherBuilder对象
.listenerServiceClass(DisplayLeakService.class)//分析内存泄漏的Service
.excludedRefs(AndroidExcludedRefs.createAppDefaults().build())//过滤sdk的内存泄露
.buildAndInstall();//构建RefWatcher对象
}
AndroidRefWatcherBuilder#buildAndInstall
public @NonNull RefWatcher buildAndInstall() {
//防止重复调用buildAndInstall方法
if (LeakCanaryInternals.installedRefWatcher != null) {
throw new UnsupportedOperationException("buildAndInstall() should only be called once.");
}
//构建RefWatcher对象,并初始化后续需要的对象
RefWatcher refWatcher = build();
if (refWatcher != DISABLED) {
if (enableDisplayLeakActivity) {
//显示DisplayLeakActivity图标
LeakCanaryInternals.setEnabledAsync(context, DisplayLeakActivity.class, true);
}
if (watchActivities) {
//监控Activity
ActivityRefWatcher.install(context, refWatcher);
}
if (watchFragments) {
//监控Fragment
FragmentRefWatcher.Helper.install(context, refWatcher);
}
}
LeakCanaryInternals.installedRefWatcher = refWatcher;
return refWatcher;
}
可以看到在 buildAndInstall 方法中,首先会判断 buildAndInstall 方法是否重复调用,抛出异常。然后调用 install 方法来监听 Activity 和 Fragment。
ActivityRefWatcher#install-监控Activity
public static void install(@NonNull Context context, @NonNull RefWatcher refWatcher) {
Application application = (Application) context.getApplicationContext();
ActivityRefWatcher activityRefWatcher = new ActivityRefWatcher(application, refWatcher);
application.registerActivityLifecycleCallbacks(activityRefWatcher.lifecycleCallbacks);
}
private final Application.ActivityLifecycleCallbacks lifecycleCallbacks =
new ActivityLifecycleCallbacksAdapter() {
@Override public void onActivityDestroyed(Activity activity) {
refWatcher.watch(activity);
}
};
在 install 方法里通过注册 ActivityLifecycleCallbacks 来监控每一个 Activity 的生命周期,并且在Activity 的 onDestroy 方法里 refWatcher.watch(activity) 方法,并把当前的 Activity 传递进去,并最终会调用watch重载方法。
FragmentRefWatcher.Helper#install-监控Fragment
public static void install(Context context, RefWatcher refWatcher) {
List<FragmentRefWatcher> fragmentRefWatchers = new ArrayList<>();
if (SDK_INT >= O) {
//当前SdK>=26,添加AndroidOFragmentRefWatcher,监听api26以上的Fragment,并存入集合
fragmentRefWatchers.add(new AndroidOFragmentRefWatcher(refWatcher));
}
try {
//通过反射创建SupportFragmentRefWatcher对象,监听support.v4包下的Fragment
Class<?> fragmentRefWatcherClass = Class.forName(SUPPORT_FRAGMENT_REF_WATCHER_CLASS_NAME);
Constructor<?> constructor = fragmentRefWatcherClass.getDeclaredConstructor(RefWatcher.class);
FragmentRefWatcher supportFragmentRefWatcher = (FragmentRefWatcher) constructor.newInstance(refWatcher);
//存入集合中
fragmentRefWatchers.add(supportFragmentRefWatcher);
} catch (Exception ignored) {
}
if (fragmentRefWatchers.size() == 0) {
return;
}
Helper helper = new Helper(fragmentRefWatchers);
Application application = (Application) context.getApplicationContext();
//添加activity监听
application.registerActivityLifecycleCallbacks(helper.activityLifecycleCallbacks);
}
//在Activity的onCreatesh生命周期,取出FragmentRefWatcher,调用watchFragments方法监听Fragment
private final Application.ActivityLifecycleCallbacks activityLifecycleCallbacks =
new ActivityLifecycleCallbacksAdapter() {
@Override
public void onActivityCreated(Activity activity, Bundle savedInstanceState) {
for (FragmentRefWatcher watcher : fragmentRefWatchers) {
watcher.watchFragments(activity);
}
}
};
可以看到install方法中会首先判断当前版本,在大于android26时,添加AndroidOFragmentRefWatcher,监控anddroid.app.Fragment。然后尝试添加support.v4包下的Fragment,此时做了catch处理,如果使用的不是support下的Fragment就无法监控。由此可以得到结论,Leakcancary1.6.3无法监控,android26以下的android.app.Fragment。
然后通过registerActivityLifecycleCallbacks监控activity的生命周期。在onCreate时调用watcher.watchFragments(activity)方法。
@Override
public void watchFragments(Activity activity) {
//通过rFragmentLifecycleCallbacks监听Fragment的生命周期
FragmentManager fragmentManager = activity.getFragmentManager();
fragmentManager.registerFragmentLifecycleCallbacks(fragmentLifecycleCallbacks, true);
}
private final FragmentManager.FragmentLifecycleCallbacks fragmentLifecycleCallbacks =
new FragmentManager.FragmentLifecycleCallbacks() {
@Override
public void onFragmentViewDestroyed(FragmentManager fm, Fragment fragment) {
View view = fragment.getView();
if (view != null) {
//监控fragment的根视图View
refWatcher.watch(view);
}
}
@Override
public void onFragmentDestroyed(FragmentManager fm, Fragment fragment) {
refWatcher.watch(fragment);
}
};
接下在再通过registerFragmentLifecycleCallbacks来监控Fragment的生命周期,在Fragment的onDestory时获取Fragment根视图View,进行监控。
RefWatcher#watch(java.lang.Object, java.lang.String)
/**
* watchedReference:被监控的对象,一般来说就是所监控的Activity和Fragment
*/
public void watch(Object watchedReference, String referenceName) {
if (this == DISABLED) {
return;
}
checkNotNull(watchedReference, "watchedReference");
checkNotNull(referenceName, "referenceName");
final long watchStartNanoTime = System.nanoTime();//记录销毁时间
String key = UUID.randomUUID().toString();//生成随机id,作为监控对象的唯一标识
//添加到set集合中,通过set集合记录监控对象的唯一标识,记录该对象需要被监控
retainedKeys.add(key);
//创建弱引用对象,用来判读对象是否被回收
final KeyedWeakReference reference = new KeyedWeakReference(watchedReference, key, referenceName, queue);
//开始异步的监控
ensureGoneAsync(watchStartNanoTime, reference);
}
其中watchedReference参数就是传递进来的Activity,然后生成随机id作为key存到retainedKeys(Set集合)中,作为一个唯一的身份标识。并使用watchedReference、key、queue等参数构建KeyedWeakReference弱引用对象。接下来调用ensureGoneAsync方法。
private void ensureGoneAsync(final long watchStartNanoTime,final KeyedWeakReference reference) {
watchExecutor.execute(new Retryable() {
@Override public Retryable.Result run() {
//此时在子线程中调用ensureGone方法
return ensureGone(reference, watchStartNanoTime);
}
});
}
AndroidWatchExecutor#execute
watchExecutor.execute方法会调用到AndroidWatchExecutor#execute方法。
@Override public void execute(@NonNull Retryable retryable) {
//判读当前线程
if (Looper.getMainLooper().getThread() == Thread.currentThread()) {
waitForIdle(retryable, 0);
} else {
postWaitForIdle(retryable, 0);
}
}
//如果当前在子线程,则回调到主线程中处理
private void postWaitForIdle(final Retryable retryable, final int failedAttempts) {
mainHandler.post(new Runnable() {
@Override public void run() {
waitForIdle(retryable, failedAttempts);
}
});
}
private void waitForIdle(final Retryable retryable, final int failedAttempts) {
//需要在主线程调用
Looper.myQueue().addIdleHandler(new MessageQueue.IdleHandler() {
@Override public boolean queueIdle() {
//空闲时间调用一次
postToBackgroundWithDelay(retryable, failedAttempts);
return false;
}
});
}
为了确保在空闲时间执行,先切换至主线程,然后使用IdleHandler,在空闲时间执postToBackgroundWithDelay方法。
private void postToBackgroundWithDelay(final Retryable retryable, final int failedAttempts) {
long exponentialBackoffFactor = (long) Math.min(Math.pow(2, failedAttempts), maxBackoffFactor);
long delayMillis = initialDelayMillis * exponentialBackoffFactor;
//通过HandlerThread,调用retryable.run();方法
backgroundHandler.postDelayed(new Runnable() {
@Override public void run() {
Retryable.Result result = retryable.run();
if (result == RETRY) {
//重试并记录执行次数
postWaitForIdle(retryable, failedAttempts + 1);
}
}
}, delayMillis);
}
在postToBackgroundWithDelay方法内,再使用HandlerThread切换至子线程,执行Retryable对象的run方法,并判断是否需要重复执行并记录执行次数。如果需要重试再次调用postWaitForIdle方法。
而Retryable对象的run方法实现调用了RefWatcher.this.ensureGone方法,此时ensureGone是执行在子线程中的。
Retryable.Result ensureGone(final KeyedWeakReference reference, final long watchStartNanoTime) {
long gcStartNanoTime = System.nanoTime();//当前时间
long watchDurationMs = NANOSECONDS.toMillis(gcStartNanoTime - watchStartNanoTime);//计算Activity或Fragment销毁到现在被GC的时间
//调用方法,从retainedKeys集合中删除已经被回收的对象,无需再监控
removeWeaklyReachableReferences();
//防止debug造成的泄露,重试
if (debuggerControl.isDebuggerAttached()) {
return RETRY;
}
//判断当前监控对象(一般是activity或fragment)是否被回收
if (gone(reference)) {
//被回收,完成本次监控
return DONE;
}
//调用系统GC
gcTrigger.runGc();
//调用方法,从retainedKeys集合中删除已经被回收的对象,无需再监控
removeWeaklyReachableReferences();
if (!gone(reference)) {//再次判断当前监控对象(一般是activity或fragment)是否被回收
long startDumpHeap = System.nanoTime();
long gcDurationMs = NANOSECONDS.toMillis(startDumpHeap - gcStartNanoTime);
//创建并写入hprof文件,最终通过系统方法Debug.dumpHprofData获取堆信息
File heapDumpFile = heapDumper.dumpHeap();
if (heapDumpFile == RETRY_LATER) {
//获取hprof文件失败,重试
return RETRY;
}
long heapDumpDurationMs = NANOSECONDS.toMillis(System.nanoTime() - startDumpHeap);
//构建HeapDump对象
HeapDump heapDump=heapDumpBuilder.heapDumpFile(heapDumpFile).referenceKey(reference.key)
.referenceName(reference.name)
.watchDurationMs(watchDurationMs)
.gcDurationMs(gcDurationMs)
.heapDumpDurationMs(heapDumpDurationMs)
.build();
//分析内存泄露
heapdumpListener.analyze(heapDump);
}
return DONE;
}
//PS:软弱虚引用,如果对象被回收,会把弱引用对象添加到队列中。
//当GC开始时,如果弱引用所持有的对象没有被其他强引用所引用,那么就会把弱引用添加到队列中;
private void removeWeaklyReachableReferences() {
//我们从queue中不断去除被回收的对象,并从retainedKeys中删除,代表不需要再监控被回收对象了
KeyedWeakReference ref;
while ((ref = (KeyedWeakReference) queue.poll()) != null) {
retainedKeys.remove(ref.key);
}
}
//判断当前监控的对象是否存在监控集合中
private boolean gone(KeyedWeakReference reference) {
return !retainedKeys.contains(reference.key);
}
首先调用removeWeaklyReachableReferences方法,通过queue来获取所有被回收的KeyedWeakReference对象,并从retainedKeys集合中删除已经被回收对象的唯一标识。这样就把已经准备回收的对象从监控集合retainedKeys中删除。
然后通过gone方法判断retainedKeys是否还存在监控对象的唯一标识,如果不存在则表示目前没有需要监控的对象,并完成本轮监控。
如果retainedKeys仍然存在监控对象的唯一标识,表示该对象还未被回收,调用gcTrigger.runGc方法进行GC回收。然后再调用removeWeaklyReachableReferences方法删除被回收的对象,再次调用gone方法判断。
如果仍然被没有被回收,调用heapDumper.dumpHeap进行获取hprof文件,生成HeapDump对象,调用heapdumpListener.analyze方法进行分析,完成本轮监控。
总结
上述总结,会在每个Activity和Fragment销毁的时候回调用watch方法,然后把传入监视对象(Activity或Fragment)打包成一个弱引用对象,通过ensureGoneAsync方法在系统空闲时,把对象放入子线程中执行,通过ReferenceQueue监控对象是否被回收。如果GC后仍未被回收生成HeapDump对象进行分析。
LeakCanary如何分析内存泄露的?
在上述可以得知,在对象无法被回收时会生成HeapDump对象,然后调用
heapdumpListener.analyze进行分析。那么heapdumpListener这个又是什么东西呢?
跟代码得知heapdumpListener其实就是在LeakCanary#install方法中构建RefWatcher对象时调用listenerServiceClass方法时所设置的对象。
public AndroidRefWatcherBuilder listenerServiceClass(Class<? extends AbstractAnalysisResultService> listenerServiceClass) {
enableDisplayLeakActivity = DisplayLeakService.class.isAssignableFrom(listenerServiceClass);
//可以看到设置的ServiceHeapDumpListener对象
return heapDumpListener(new ServiceHeapDumpListener(context, listenerServiceClass));
}
然后我们查看analyze方法的具体实现,发现调用runAnalysis方法开启服务。
public void analyze(@NonNull HeapDump heapDump) {
checkNotNull(heapDump, "heapDump");
HeapAnalyzerService.runAnalysis(context, heapDump, listenerServiceClass);
}
public static void runAnalysis(Context context, HeapDump heapDump,Class<? extends AbstractAnalysisResultService> listenerServiceClass) {
setEnabledBlocking(context, HeapAnalyzerService.class, true);
setEnabledBlocking(context, listenerServiceClass, true);
Intent intent = new Intent(context, HeapAnalyzerService.class);
intent.putExtra(LISTENER_CLASS_EXTRA, listenerServiceClass.getName());
intent.putExtra(HEAPDUMP_EXTRA, heapDump);
ContextCompat.startForegroundService(context, intent);
}
而HeapAnalyzerService是ForegroundService的子类。 所以在开启服务时,会默认在子线程中调用onHandleIntentInForeground方法(可以看下IntentService和ForegroundService的代码实现)。另外可以看到HeapAnalyzerService处于单独进程。也就是说onHandleIntentInForeground方法运行在单独进程中的子线程中。
protected void onHandleIntentInForeground(@Nullable Intent intent) {
if (intent == null) {
CanaryLog.d("HeapAnalyzerService received a null intent, ignoring.");
return;
}
String listenerClassName = intent.getStringExtra(LISTENER_CLASS_EXTRA);
//得到HeapDump对象
HeapDump heapDump = (HeapDump) intent.getSerializableExtra(HEAPDUMP_EXTRA);
//创建HeapAnalyzer对象
HeapAnalyzer heapAnalyzer = new HeapAnalyzer(heapDump.excludedRefs, this, heapDump.reachabilityInspectorClasses);
//调用checkForLeak方法分析
AnalysisResult result = heapAnalyzer.checkForLeak(heapDump.heapDumpFile, heapDump.referenceKey, heapDump.computeRetainedHeapSize);
//返回分析结果
AbstractAnalysisResultService.sendResultToListener(this, listenerClassName, heapDump, result);
}
可以看到通过Intent得到传递过来的HeapDump对象。然后创建HeapAnalyzer对象进行分析,最后返回分析结果。然后我们来看checkForLeak方法。
public AnalysisResult checkForLeak(File heapDumpFile, String referenceKey, boolean computeRetainedSize) {
long analysisStartNanoTime = System.nanoTime();
if (!heapDumpFile.exists()) {
Exception exception = new IllegalArgumentException("File does not exist: " + heapDumpFile);
return failure(exception, since(analysisStartNanoTime));
}
try {
listener.onProgressUpdate(READING_HEAP_DUMP_FILE);
HprofBuffer buffer = new MemoryMappedFileBuffer(heapDumpFile);
//解析hprof文件。
HprofParser parser = new HprofParser(buffer);
listener.onProgressUpdate(PARSING_HEAP_DUMP);
Snapshot snapshot = parser.parse();
listener.onProgressUpdate(DEDUPLICATING_GC_ROOTS);
deduplicateGcRoots(snapshot);
listener.onProgressUpdate(FINDING_LEAKING_REF);
//根据referenceKey查找弱引用对象
Instance leakingRef = findLeakingReference(referenceKey, snapshot);
// False alarm, weak reference was cleared in between key check and heap dump.
if (leakingRef == null) {
String className = leakingRef.getClassObj().getClassName();
return noLeak(className, since(analysisStartNanoTime));
}
return findLeakTrace(analysisStartNanoTime, snapshot, leakingRef, computeRetainedSize);
} catch (Throwable e) {
return failure(e, since(analysisStartNanoTime));
}
}
private Instance findLeakingReference(String key, Snapshot snapshot) {
ClassObj refClass = snapshot.findClass(KeyedWeakReference.class.getName());
if (refClass == null) {
throw new IllegalStateException("Could not find the " + KeyedWeakReference.class.getName() + " class in the heap dump.");
}
List<String> keysFound = new ArrayList<>();
for (Instance instance : refClass.getInstancesList()) {
List<ClassInstance.FieldValue> values = classInstanceValues(instance);
Object keyFieldValue = fieldValue(values, "key");
if (keyFieldValue == null) {
keysFound.add(null);
continue;
}
String keyCandidate = asString(keyFieldValue);
if (keyCandidate.equals(key)) {
return fieldValue(values, "referent");
}
keysFound.add(keyCandidate);
}
throw new IllegalStateException("Could not find weak reference with key " + key + " in " + keysFound);
}
可以看到会先创建HprofParser对象解析hprof文件。然后调用findLeakingReference方法,通过referenceKey监控的唯一标识找到这个弱引用对象。如果没有找到表示没有泄露,如果找到弱引用对象就调用findLeakTrace方法,通过一个三方库找到完整的引用路径。