Add special case to ignore Binder leaks

[dandc87]

The Android OS will retain a reference to Binder after a Service is
unbound. This adds logic to ignore any paths where a Binder is at a
root. We cannot simply add Binder to ExcludedRef because there could
be legitimate leaks where the Binder isn't the root.

[dandc87]

Relevant issue: https://code.google.com/p/android/issues/detail?id=1797

[vanniktech]

little typo here. should be the and not yhe

[pyricau]

The referenced bug claims that the problems comes from the service process not being GCed.

[shaybarak]

Correct.
The server-side IBinder instance can only be GC'ed once the client-side IBinder instance has been GC'ed, even if the client process has disconnected.
Here's the issue:

1. Client process binds.
2. Server process Service does onCreate, onBind.
3. Client process unbinds.
4. Server process Service does onUnbind, onDestroy. But IBinder returned from onBind is set as a GC root, and likely holds a reference to the Service after Service.onDestroy was called, which looks like a leak.

The server process can't force the client process to do a GC, and it can't be notified when the client process has GC'ed either. Therefore the only way to not trigger false positives for LeakCanary notifications is to filter out instances of classes extending android.os.Binder as GC roots.

[pyricau]

I'll do a close review a bit later.

[dandc87]

Here's a branch where I modified the sample app to show the binder leaking: https://github.com/dandc87/leakcanary/compare/master...binder_leak_demo?expand=1

Just click the button and wait!

[pyricau]

Just to clarify: that branch you are linking to is a binder "real leak" that should be detected, correct?

[pyricau]

Why check for null here, have you seen it happen?

[dandc87]

It happened when I ran unit tests

[pyricau]

I like it a lot overall, let's see if we can make it a bit more generic.

[shaybarak]

Thanks Pierre for the review!
Yes, the branch does demonstrate a real leak, but LeakCanary (before Adam's change) will find the wrong chain of references (leading up to the Binder instead of leading up to the static ArrayList). If you fix the leak by commenting out the static ArrayList, it still shows up as a leak.
With Adam's change, the leak is detected by pointing all the way to the static ArrayList, and when the leak is fixed, no false alerts are generated.

[dandc87]

Made changes based on your feedback @pyricau. I added ExcludedRefs.Builder.rootClass() and modeled it's exclusion behavior off of clazz(). Does this work for you?

[pyricau]

final

[pyricau]

Thanks @dandc87 ! I'll take it from here, change one or two nits, and merge.

[jrodbx]

@dandc87, it looks like 3d1f524 is resulting in false negatives, such as the case reported in #482. See d28f920 for an example test case.

Revisiting the example you provided in https://github.com/dandc87/leakcanary/commit/5a293dbf8098c04adbfd4a2e13699e4a90bc0feb, it looks like the leak occurs because an anonymous subclass of Binder references the Service installed to the RefWatcher. Consider https://github.com/jrodbx/leakcanary/commit/c9dce97aedca03a4fee443330094e3b32175338d which doesn't result in a leak as mentioned in the original cited Google issue. Am I missing something?

We can continue the dialog on this, but, in the meantime, I'll revert this commit since it's causing false negatives.

[dandc87]

The false-positive happens when the Binder has a reference to the Service, be that an explicit reference or implicit from being an anonymous sublcass. If you don't need the Service's context, you can refactor the 'leak' away. However, if you need access to the Service from the Binder, LeakCanary will report the Service as leaking because the Android system is holding onto the Binder instance after onDestroy() (but it will eventually get released and GC'd).

You may want to just revert the changes made to AndroidExcludedRefs.java, I believe @pyricau did some cleanup after this merged, so I'm not sure how effective a full revert would be.