LeakCanary源码浅析

发表于 |

一、原理分析

首先在Application中进行初始化操作,进行监听。监听的原理在于 Application 的 registerActivityLifecycleCallbacks 方法,该方法可以对应用内所有 Activity 的生命周期做监听。

1
2
3
4
5
6
7
8
9
/**
 * Creates a {@link RefWatcher} that works out of the box, and starts watching activity
 * references (on ICS+).
 */
public static @NonNull RefWatcher install(@NonNull Application application) {
  return refWatcher(application).listenerServiceClass(DisplayLeakService.class)
      .excludedRefs(AndroidExcludedRefs.createAppDefaults().build())
      .buildAndInstall();
}

在最后一步buildAndInstall()中实现监听操作。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
public @NonNull RefWatcher buildAndInstall() {
  if (LeakCanaryInternals.installedRefWatcher != null) {
    throw new UnsupportedOperationException("buildAndInstall() should only be called once.");
  }
  RefWatcher refWatcher = build();
  if (refWatcher != DISABLED) {
    LeakCanaryInternals.setEnabledAsync(context, DisplayLeakActivity.class, true);
    if (watchActivities) {
      ActivityRefWatcher.install(context, refWatcher);
    }
    if (watchFragments) {
      FragmentRefWatcher.Helper.install(context, refWatcher);
    }
  }
  LeakCanaryInternals.installedRefWatcher = refWatcher;
  return refWatcher;
}

在ActivityRefWatcher实现监听,只对onDestory进行了监听处理。

1
2
3
4
5
6
7
8
9
10
11
12
  Application application = (Application) context.getApplicationContext();
  ActivityRefWatcher activityRefWatcher = new ActivityRefWatcher(application, refWatcher);
  application.registerActivityLifecycleCallbacks(activityRefWatcher.lifecycleCallbacks);
}
private final Application.ActivityLifecycleCallbacks lifecycleCallbacks =
    new ActivityLifecycleCallbacksAdapter() {
      @Override public void onActivityDestroyed(Activity activity) {
        refWatcher.watch(activity);
      }
    };

当一个Activity销毁时,那么就会执行

refWatcher.watch(activity);

接着看

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/**
 * Identical to {@link #watch(Object, String)} with an empty string reference name.
 *
 * @see #watch(Object, String)
 */
public void watch(Object watchedReference) {
  watch(watchedReference, "");
}
/**
 * Watches the provided references and checks if it can be GCed. This method is non blocking,
 * the check is done on the {@link WatchExecutor} this {@link RefWatcher} has been constructed
 * with.
 *
 * @param referenceName An logical identifier for the watched object.
 */
public void watch(Object watchedReference, String referenceName) {
  if (this == DISABLED) {
    return;
  }
  checkNotNull(watchedReference, "watchedReference");
  checkNotNull(referenceName, "referenceName");
  final long watchStartNanoTime = System.nanoTime();
  String key = UUID.randomUUID().toString();
  retainedKeys.add(key);
  final KeyedWeakReference reference =
      new KeyedWeakReference(watchedReference, key, referenceName, queue);
  ensureGoneAsync(watchStartNanoTime, reference);
}

这里会把待检测的对象构造成KeyedWeakReference,其实就是WeakReference,只是添加了key和name.构造时传入ReferenceQueue
,WeakReference构造函数会传入ReferenceQueue,当WeakReference指向的对象被垃圾回收时,会把WeakReference放入ReferenceQueue。

在构造时我们需要传入一个ReferenceQueue,这个ReferenceQueue是直接传入了WeakReference中的.

WeakReference源码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
public class WeakReference<T> extends Reference<T> {
    /**
     * Creates a new weak reference that refers to the given object.  The new
     * reference is not registered with any queue.
     *
     * @param referent object the new weak reference will refer to
     */
    public WeakReference(T referent) {
        super(referent);
    }
    /**
     * Creates a new weak reference that refers to the given object and is
     * registered with the given queue.
     *
     * @param referent object the new weak reference will refer to
     * @param q the queue with which the reference is to be registered,
     *          or <tt>null</tt> if registration is not required
     */
    public WeakReference(T referent, ReferenceQueue<? super T> q) {
        super(referent, q);
    }
}

这里需要明白一件事件,就是为什么每次WeakReference所指向的对象被GC后,这个弱引用都会被放入这个与之相关联的ReferenceQueue队列中。看下源码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
/**
    * Try handle pending {@link Reference} if there is one.<p>
    * Return {@code true} as a hint that there might be another
    * {@link Reference} pending or {@code false} when there are no more pending
    * {@link Reference}s at the moment and the program can do some other
    * useful work instead of looping.
    *
    * @param waitForNotify if {@code true} and there was no pending
    *                      {@link Reference}, wait until notified from VM
    *                      or interrupted; if {@code false}, return immediately
    *                      when there is no pending {@link Reference}.
    * @return {@code true} if there was a {@link Reference} pending and it
    *         was processed, or we waited for notification and either got it
    *         or thread was interrupted before being notified;
    *         {@code false} otherwise.
    */
   static boolean tryHandlePending(boolean waitForNotify) {
       Reference<Object> r;
       Cleaner c;
       try {
           synchronized (lock) {
               if (pending != null) {
                   r = pending;
                   // 'instanceof' might throw OutOfMemoryError sometimes
                   // so do this before un-linking 'r' from the 'pending' chain...
                   c = r instanceof Cleaner ? (Cleaner) r : null;
                   // unlink 'r' from 'pending' chain
                   pending = r.discovered;
                   r.discovered = null;
               } else {
                   // The waiting on the lock may cause an OutOfMemoryError
                   // because it may try to allocate exception objects.
                   if (waitForNotify) {
                       lock.wait();
                   }
                   // retry if waited
                   return waitForNotify;
               }
           }
       } catch (OutOfMemoryError x) {
           // Give other threads CPU time so they hopefully drop some live references
           // and GC reclaims some space.
           // Also prevent CPU intensive spinning in case 'r instanceof Cleaner' above
           // persistently throws OOME for some time...
           Thread.yield();
           // retry
           return true;
       } catch (InterruptedException x) {
           // retry
           return true;
       }
       // Fast path for cleaners
       if (c != null) {
           c.clean();
           return true;
       }
       ReferenceQueue<? super Object> q = r.queue;
       if (q != ReferenceQueue.NULL) q.enqueue(r);
       return true;
   }
   static {
       ThreadGroup tg = Thread.currentThread().getThreadGroup();
       for (ThreadGroup tgn = tg;
            tgn != null;
            tg = tgn, tgn = tg.getParent());
       Thread handler = new ReferenceHandler(tg, "Reference Handler");
       /* If there were a special system-only priority greater than
        * MAX_PRIORITY, it would be used here
        */
       handler.setPriority(Thread.MAX_PRIORITY);
       handler.setDaemon(true);
       handler.start();
       // provide access in SharedSecrets
       SharedSecrets.setJavaLangRefAccess(new JavaLangRefAccess() {
           @Override
           public boolean tryHandlePendingReference() {
               return tryHandlePending(false);
           }
       });
   }

然后进入 ensureGoneAsync(watchStartNanoTime, reference);进行检测。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
private void ensureGoneAsync(final long watchStartNanoTime, final KeyedWeakReference reference) {
  watchExecutor.execute(new Retryable() {
    @Override public Retryable.Result run() {
      return ensureGone(reference, watchStartNanoTime);
    }
  });
}
@SuppressWarnings("ReferenceEquality") // Explicitly checking for named null.
Retryable.Result ensureGone(final KeyedWeakReference reference, final long watchStartNanoTime) {
  long gcStartNanoTime = System.nanoTime();
  long watchDurationMs = NANOSECONDS.toMillis(gcStartNanoTime - watchStartNanoTime);
  removeWeaklyReachableReferences();
  if (debuggerControl.isDebuggerAttached()) {
    // The debugger can create false leaks.
    return RETRY;
  }
  if (gone(reference)) {//如果确认移除,则判定为未泄漏
    return DONE;
  }
  gcTrigger.runGc();//再次执行GC,避免误判
  removeWeaklyReachableReferences();//再次移除,二次确认
  if (!gone(reference)) {//仍没有移除,判断为泄露了,执行分析泄漏操作
    long startDumpHeap = System.nanoTime();
    long gcDurationMs = NANOSECONDS.toMillis(startDumpHeap - gcStartNanoTime);
    File heapDumpFile = heapDumper.dumpHeap();
    if (heapDumpFile == RETRY_LATER) {
      // Could not dump the heap.
      return RETRY;
    }
    long heapDumpDurationMs = NANOSECONDS.toMillis(System.nanoTime() - startDumpHeap);
    HeapDump heapDump = heapDumpBuilder.heapDumpFile(heapDumpFile).referenceKey(reference.key)
        .referenceName(reference.name)
        .watchDurationMs(watchDurationMs)
        .gcDurationMs(gcDurationMs)
        .heapDumpDurationMs(heapDumpDurationMs)
        .build();
    heapdumpListener.analyze(heapDump);
  }
  return DONE;
}
private boolean gone(KeyedWeakReference reference) {
// 如果retainedKeys中key仍存在,说明对象未被垃圾回收。反之则已经垃圾回收。
  return !retainedKeys.contains(reference.key);
}
private void removeWeaklyReachableReferences() {
  // WeakReferences are enqueued as soon as the object to which they point to becomes weakly
  // reachable. This is before finalization or garbage collection has actually happened.
  KeyedWeakReference ref;
  while ((ref = (KeyedWeakReference) queue.poll()) != null) {
    retainedKeys.remove(ref.key);
  }
}

通过Runtime.gc()System.runFinalization()进行GC操作。
System.gc()只在System.runFinalization()后才会调用Runtime().getRuntime().gc()操作。否则在System.runFinalization()才会调用Runtime().getRuntime().gc()操作。

System.runFinalization()调用Runtime().getRuntime().runFinalization()。

由于System.gc()无法保证一定会调用gc,所以LeakCanary直接调用Runtime().getRuntime().gc()。

System类的gc()和runFinalization()

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
public interface GcTrigger {
  GcTrigger DEFAULT = new GcTrigger() {
    @Override public void runGc() {
      // Code taken from AOSP FinalizationTest:
      // https://android.googlesource.com/platform/libcore/+/master/support/src/test/java/libcore/
      // java/lang/ref/FinalizationTester.java
      // System.gc() does not garbage collect every time. Runtime.gc() is
      // more likely to perform a gc.
      Runtime.getRuntime().gc();
      enqueueReferences();
      System.runFinalization();
    }
    private void enqueueReferences() {
      // Hack. We don't have a programmatic way to wait for the reference queue daemon to move
      // references to the appropriate queues.
      try {
        Thread.sleep(100);
      } catch (InterruptedException e) {
        throw new AssertionError();
      }
    }
  };
  void runGc();
}

首先通过removeWeaklyReachableReferences()手动移除KeyedWeakReference,具体操作是通过queue.poll() 取出KeyedWeakReference然后在retainedKeys中移除该KeyedWeakReference,然后再进行一次gcTrigger.runGc();操作二次确认retainedKeys中是否已经移除了key.如果仍然没有移除,那么确定是内存泄漏了,然后进行内存泄漏分析。

二、小结

判断泄漏实现基本步骤

  1. LeakCanary.install()返回了一个RefWatcher。会注册对应用内所有 Activity 生命周期的监听。RefWatcher.queue是一个ReferenceQueue实例。

  2. 在Activity销毁时,进行泄漏判断void onActivityDestroyed(Activity activity) { refWatcher.watch(activity); }

  3. 这里会把检测到的 activity 实例关联包装为一个自定义的弱引用(KeyedWeakReference),但是这里在指定弱引用时,LeakCanary 同时还为这个弱引用指定了一个 ReferenceQueue 队列。

  4. 通过继承自WeakReference的KeyedWeakReference,增加了key+name字段从而支持对象的唯一起名(通过UUID)和名字获取。

  5. 在RefWatcher.watch()时把UUID放入RefWatcher.retainedKeys,并把对象跟RefWatcher.queue关联。

  6. 通过Runtime.gc()和System.runFinalization()进行GC操作。

  7. 在RefWatcher.removeWeaklyReachableReferences()调用queue.poll()取出KeyedWeakReference,并从retainedKeys中删除。所以,如果retainedKeys中key仍存在,说明对象未被垃圾回收。反之则已经垃圾回收。

  8. 如果对象未被垃圾回收,则执行分析

Neil Liu wechat
个人微信,欢迎交流
让我感受下知识的力量~