內(nèi)存泄漏（Memory Leak）是指程序中已動(dòng)態(tài)分配的堆內(nèi)存由于某種原因程序未釋放或無(wú)法釋放，造成系統(tǒng)內(nèi)存的浪費(fèi)，導(dǎo)致程序運(yùn)行速度減慢甚至系統(tǒng)崩潰等嚴(yán)重后果。------來(lái)自百度百科

聽到內(nèi)存泄露最多的地方估計(jì)就是工作中遇到以及在各種面試題中，
經(jīng)常能聽到引起內(nèi)存泄露如下所示：

1. 非靜態(tài)內(nèi)部類handler
2. 忘記解注冊(cè)廣播？？？？？
3. bitmap使用未回收
4. 靜態(tài)變量引用context
5. hashmap使用自定義對(duì)象當(dāng)key未重寫hashcode,equals
6. 跨進(jìn)程通信
7. 待補(bǔ)充

說(shuō)說(shuō)我理解的內(nèi)存泄露，一句話解釋： 即當(dāng)一個(gè)東西被你用完，你不再需要，在gc后他還存在內(nèi)存中。

下面來(lái)看看幾個(gè)例子

1、非靜態(tài)內(nèi)部類handler

    public Handler mHandler1 = new Handler(){
        @Override
        public void handleMessage(@NonNull Message msg) {
            super.handleMessage(msg);
        }
    };

    public Handler mHandler2 = new Handler(new Handler.Callback() {
        @Override
        public boolean handleMessage(@NonNull Message msg) {
            return false;
        }
    });

    public Handler mHandler3 = new MyHandler();

    public class MyHandler extends Handler{
        @Override
        public void handleMessage(@NonNull Message msg) {
            super.handleMessage(msg);
        }
    }

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main2);
        findViewById(R.id.button).setOnClickListener(v -> {
            Toast.makeText(this, "你點(diǎn)擊了-----", Toast.LENGTH_SHORT).show();
            Message obtain = Message.obtain();
            mHandler1.sendMessage(obtain);
            obtain = Message.obtain();
            mHandler2.sendMessage(obtain);
            obtain = Message.obtain();
            mHandler3.sendMessage(obtain);
        });
    }

如上是我們經(jīng)常使用handler的幾種方法，以上三種都會(huì)造成內(nèi)存泄露嗎？
測(cè)試代碼為從MainActivity 跳轉(zhuǎn)到MainActivity2 點(diǎn)擊按鈕，發(fā)送handler消息，然后退出MainActivity2界面，來(lái)回幾次，然后利用profile抓取內(nèi)存中dump信息，查看是否發(fā)生泄漏
我們來(lái)實(shí)測(cè)一下： 使用工具 Android studio profiler mat

截屏2021-04-25 下午10.04.47.png

說(shuō)好的內(nèi)存泄露呢？.png

修改代碼如下：

            Message obtain = Message.obtain();
            mHandler1.sendMessageDelayed(obtain, 25000);
            obtain = Message.obtain();
            mHandler2.sendMessageDelayed(obtain, 25000);
            obtain = Message.obtain();
            mHandler3.sendMessageDelayed(obtain, 25000);

再次重復(fù)剛才的操作，歐吼，內(nèi)存泄露出來(lái)了。

截屏2021-04-25 下午10.27.23.png

截屏2021-04-25 下午10.31.42.png

可以看到當(dāng)前引用鏈如下所示：

ActivityThread -> MessageQueue -> Message -> target(此處就是我們的handler) -> MainActivity2

至此我們就能發(fā)現(xiàn)handler并不一定能引起內(nèi)存泄漏，僅僅當(dāng)我們發(fā)送的消息還沒(méi)處理完時(shí)，才會(huì)發(fā)生內(nèi)存泄漏。

2、忘記解注冊(cè)廣播會(huì)引起嗎？

關(guān)于忘記解注冊(cè)廣播，僅限于聽說(shuō)過(guò)，比較解注冊(cè)的成本太低，隨手一寫就行，我們來(lái)實(shí)際測(cè)試一下：操作流程啟動(dòng)MainActivity2再推出，重復(fù)4次。

public class MainActivity2 extends AppCompatActivity {
    public static final String TAG = "MainActivity2";

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main2);
        IntentFilter intentFilter1 = new IntentFilter();
        intentFilter1.addAction(ACTION_MEDIA_MOUNTED);
        intentFilter1.addDataScheme("file");
        BroadcastReceiver aaa = new BroadcastReceiver() {
            @Override
            public void onReceive(Context context, Intent intent) {
                Log.w(MainActivity2.TAG, "AAA");
            }
        };
        registerReceiver(aaa, intentFilter1);
    }
}

image.png

可以看到其實(shí)是沒(méi)有泄露的，Android studio 沒(méi)檢測(cè)出來(lái)。
回家使用我的電腦：結(jié)果又是有的

截屏2021-04-27 下午8.39.56.png

接下來(lái)使用專業(yè)點(diǎn)的mat來(lái)看看。

1. 選擇Heap Dump文件保存下來(lái)。
2. 使用sdk轉(zhuǎn)換工具轉(zhuǎn)換mat能識(shí)別格式。sdk/platform-tools/hprof-conv 原文件.hprof 新文件.hprof
3. 使用mat打開新文件。查看我們關(guān)心的對(duì)象是否存在強(qiáng)引用
   具體使用可以參考如下鏈接：
   http://www.itdecent.cn/p/7207deafd785

使用公司電腦：

image.png

家里電腦：

image.png

到底是怎樣一回事呢？通過(guò)查看Android-30源碼，可以看到在activity解注冊(cè)時(shí)，會(huì)清理掉當(dāng)前注冊(cè)的廣播和綁定的service
android.app.ActivityThread#handleDestroyActivity
......
android.app.LoadedApk#removeContextRegistrations

public void removeContextRegistrations(Context context,
            String who, String what) {
        final boolean reportRegistrationLeaks = StrictMode.vmRegistrationLeaksEnabled();
        synchronized (mReceivers) {
            ArrayMap<BroadcastReceiver, LoadedApk.ReceiverDispatcher> rmap =
                    mReceivers.remove(context);
            if (rmap != null) {
                for (int i = 0; i < rmap.size(); i++) {
                    LoadedApk.ReceiverDispatcher rd = rmap.valueAt(i);
                    IntentReceiverLeaked leak = new IntentReceiverLeaked(
                            what + " " + who + " has leaked IntentReceiver "
                            + rd.getIntentReceiver() + " that was " +
                            "originally registered here. Are you missing a " +
                            "call to unregisterReceiver()?");
                    leak.setStackTrace(rd.getLocation().getStackTrace());
                    Slog.e(ActivityThread.TAG, leak.getMessage(), leak);
                    if (reportRegistrationLeaks) {
                        StrictMode.onIntentReceiverLeaked(leak);
                    }
                    try {
                        ActivityManager.getService().unregisterReceiver(
                                rd.getIIntentReceiver());
                    } catch (RemoteException e) {
                        throw e.rethrowFromSystemServer();
                    }
                }
            }
            mUnregisteredReceivers.remove(context);
        }

        synchronized (mServices) {
            //Slog.i(TAG, "Receiver registrations: " + mReceivers);
            ArrayMap<ServiceConnection, LoadedApk.ServiceDispatcher> smap =
                    mServices.remove(context);
            if (smap != null) {
                for (int i = 0; i < smap.size(); i++) {
                    LoadedApk.ServiceDispatcher sd = smap.valueAt(i);
                    ServiceConnectionLeaked leak = new ServiceConnectionLeaked(
                            what + " " + who + " has leaked ServiceConnection "
                            + sd.getServiceConnection() + " that was originally bound here");
                    leak.setStackTrace(sd.getLocation().getStackTrace());
                    Slog.e(ActivityThread.TAG, leak.getMessage(), leak);
                    if (reportRegistrationLeaks) {
                        StrictMode.onServiceConnectionLeaked(leak);
                    }
                    try {
                        ActivityManager.getService().unbindService(
                                sd.getIServiceConnection());
                    } catch (RemoteException e) {
                        throw e.rethrowFromSystemServer();
                    }
                    sd.doForget();
                }
            }
            mUnboundServices.remove(context);
            //Slog.i(TAG, "Service registrations: " + mServices);
        }
    }

這是什么情況.png

接下來(lái)排查一下為什么 會(huì)這樣子：

// android.app.ActivityThread#handleDestroyActivity 中在清理之前會(huì)有一個(gè)判斷，通過(guò)打斷點(diǎn)調(diào)試，可以看到發(fā)生內(nèi)存泄漏此工程當(dāng)前c對(duì)象不是ContextImpl 而是ContextThemeWrapper
        Context c = r.activity.getBaseContext();
        if (c instanceof ContextImpl) {
            ((ContextImpl) c).scheduleFinalCleanup(
                    r.activity.getClass().getName(), "Activity");
        }

繼續(xù)排查為啥出現(xiàn)這種情況

泄漏版本：

image.png

image.png

image.png

未泄漏版本：

image.png

image.png

關(guān)鍵原因就是

implementation 'androidx.appcompat:appcompat:1.2.0'
// 這個(gè)庫(kù)1.1.0版本不會(huì)泄漏，1.2.0版本會(huì)泄漏。
變更細(xì)節(jié)如下：有興趣自行閱讀
https://developer.android.google.cn/jetpack/androidx/releases/appcompat?hl=zh-cn

3、我和內(nèi)存泄漏的故事

在我實(shí)際遇到并解決內(nèi)存泄漏問(wèn)題之前的感覺(jué)就是：高端，經(jīng)常能在博客，微信公眾號(hào)上面看到，但是從沒(méi)接觸，很陌生。
在自己真正解決過(guò)之后：就這？
問(wèn)題如下：

        Intent intent = new Intent(this, MyService.class);
        ServiceConnection serviceConnection = new ServiceConnection() {
            @Override
            public void onServiceConnected(ComponentName name, IBinder service) {
                Toast.makeText(MainActivity2.this, "bind success", Toast.LENGTH_SHORT).show();
                iMyAidlInterface = IMyAidlInterface.Stub.asInterface(service);
            }

            @Override
            public void onServiceDisconnected(ComponentName name) {

            }
        };
        bindService(intent, serviceConnection, Context.BIND_AUTO_CREATE);
        ILoginListener.Stub onLoginResult1 = new ILoginListener.Stub() {

            @Override
            public void onLoginResult() throws RemoteException {
                Toast.makeText(MainActivity2.this, "onLoginResult",
                        Toast.LENGTH_SHORT).show();
            }
        };
        try {
            iMyAidlInterface.registerMediaListener(onLoginResult1);
        } catch (RemoteException e) {
            e.printStackTrace();
        }

image.png

其中 ILoginListener.Stub 即為一個(gè)binder對(duì)象

    public Binder(@Nullable String descriptor)  {
        mObject = getNativeBBinderHolder();
        NoImagePreloadHolder.sRegistry.registerNativeAllocation(this, mObject);

        if (FIND_POTENTIAL_LEAKS) {
            final Class<? extends Binder> klass = getClass();
            if ((klass.isAnonymousClass() || klass.isMemberClass() || klass.isLocalClass()) &&
                    (klass.getModifiers() & Modifier.STATIC) == 0) {
                Log.w(TAG, "The following Binder class should be static or leaks might occur: " +
                    klass.getCanonicalName());
            }
        }
        mDescriptor = descriptor;
    }

public final void writeStrongBinder(IBinder val) {
        //調(diào)用native方法
        nativeWriteStrongBinder(mNativePtr, val);
    }

static void android_os_Parcel_writeStrongBinder(JNIEnv* env, jclass clazz, jint nativePtr, jobject object)  
{  
    Parcel* parcel = reinterpret_cast<Parcel*>(nativePtr);  
    if (parcel != NULL) {
        //ibinderForJavaObject,這里的object就是對(duì)應(yīng)java層IBinder也就是networkCallback
        const status_t err = parcel->writeStrongBinder(ibinderForJavaObject(env, object));  
        if (err != NO_ERROR) {  
            signalExceptionForError(env, clazz, err);  
        }  
    }  
} 

sp<IBinder> ibinderForJavaObject(JNIEnv* env, jobject obj)  
{  
    if (obj == NULL) return NULL;  
    //這里obj是Java層的Binder對(duì)象，走下面這部分邏輯。最后調(diào)用jbh->get獲得native層的IBinder對(duì)象指針。
    if (env->IsInstanceOf(obj, gBinderOffsets.mClass)) {  
        JavaBBinderHolder* jbh = (JavaBBinderHolder*)env->GetIntField(obj, gBinderOffsets.mObject);  
        return jbh != NULL ? jbh->get(env, obj) : NULL;  
    }  
    if (env->IsInstanceOf(obj, gBinderProxyOffsets.mClass)) {  
        return (IBinder*)env->GetIntField(obj, gBinderProxyOffsets.mObject);  
    }  
    ALOGW("ibinderForJavaObject: %p is not a Binder object", obj);  
    return NULL;  
}

sp<JavaBBinder> get(JNIEnv* env, jobject obj)  
{  
    AutoMutex _l(mLock);  
    sp<JavaBBinder> b = mBinder.promote();  
    if (b == NULL) {  
        b = new JavaBBinder(env, obj);  
        mBinder = b;  
        ALOGV("Creating JavaBinder %p (refs %p) for Object %p, weakCount=%d\n",  
             b.get(), b->getWeakRefs(), obj, b->getWeakRefs()->getWeakCount());  
    }  

    return b;  
}

JavaBBinder(JNIEnv* env, jobject object)  
    : mVM(jnienv_to_javavm(env)), mObject(env->NewGlobalRef(object))  
    //here,創(chuàng)建了一個(gè)全局引用，如不主動(dòng)調(diào)用env->DeleteGlobalRef(object),Java層的對(duì)象也就是networkCallback就不會(huì)被釋放。
{  
    ALOGV("Creating JavaBBinder %p\n", this);  
    android_atomic_inc(&gNumLocalRefs);  
    incRefsCreated(env);  
}

詳細(xì)分析跨進(jìn)程內(nèi)存泄漏：
https://blog.csdn.net/skqcsy/article/details/51882049

HashMap 例子

https://juejin.cn/post/6854573213427433480

小技巧

經(jīng)常打開Android studio 查看源碼，發(fā)現(xiàn)跳轉(zhuǎn)失敗，報(bào)紅，是SDK未下載完整版
https://github.com/anggrayudi/android-hidden-api
https://drive.google.com/drive/folders/17oMwQ0xBcSGn159mgbqxcXXEcneUmnph
下載對(duì)應(yīng)版本，替換即可眾享絲滑