🦈 Shark Heap Analysis - LeakCanary's Detective at Work

 

Introduction

In Part 3, we saw how LeakCanary boldly freezes your app to capture a heap dump. But a .hprof file is just raw binary data — unreadable to humans. Enter Shark, LeakCanary’s analysis engine. Shark parses the dump, builds a navigable object graph, and uncovers the exact reference chains that keep your objects alive.

This is where leaks stop being mysterious and start becoming actionable.

⚙️ Shark’s Workflow

1. Parsing the Heap Dump

Shark uses Shark Hprof (built on Okio) to stream through .hprof records efficiently.

val heapGraph = Hprof.openHeapGraph(heapDumpFile)
  • Converts raw data into a HeapGraph.
  • HeapGraph exposes classes, objects, fields, and references.

2. Building the Heap Graph

HeapGraph lets you query memory like a database:

val activityClass = heapGraph.findClassByName("com.example.LeakyActivity")
val instances = activityClass.instances
  • You can traverse references between objects.
  • This graph is the foundation for leak detection.

3. Finding Leaks

Shark’s HeapAnalyzer orchestrates leak detection:

  1. Identifies suspected leaking objects (from ObjectWatcher).
  2. Finds shortest paths from GC roots to those objects.
  3. Applies ReferenceMatchers to filter known library/framework leaks.
  4. Builds LeakTrace reports.

Sample LeakTrace:

┬───
 GC Root: System class

├─ android.view.inputmethod.InputMethodManager
    Leaking: NO
     InputMethodManager.mLastSrvView
├─ com.example.LeakyActivity
    Leaking: YES (Activity was destroyed)

4. Retained Size Calculation

Shark uses a dominator tree algorithm to compute retained size:

  • Shows how much memory would be freed if the leaking object were collected.
  • Helps prioritize leaks (a retained Activity > a small View).

📊 Diagram: Shark Analysis Flow

Heap Dump (.hprof) → Shark Hprof → HeapGraph → HeapAnalyzer → LeakTrace → Developer Fix

🚨 Why Shark Matters

  • Transforms raw data into insights.
  • Automates leak detection with shortest path analysis.
  • Categorises leaks into app, library, and framework.
  • Empowers developers to fix leaks before they hit production.

🔮 Coming Next

In Part 5, we’ll explore Dominator Tree & Retained Size — the algorithmic heart of Shark that quantifies the impact of leaks.

Comments

Post a Comment

Featured Articles

Optimize Jetpack Compose: Performance & Best Practices

Image
      Jetpack Compose offers a declarative approach to building UIs in Android. However, like any UI framework, optimization is key to achieving smooth performance and a great user experience. This detailed guide expands on the provided checklist, offering in-depth explanations and practical code examples for each optimization technique. I. Core Principles: Laying the Foundation for Performance Use Stable Types:  Compose relies on stable types to efficiently track changes and minimize recompositions. A stable type guarantees that if two instances of the type are equal according to  equals() , they will always be equal. Using unstable types can force unnecessary recompositions.   // Stable data class (recommended) data   class   User ( val  name: String,  val  age:  Int ) // Unstable list (avoid directly in Compose state) // Use SnapshotStateList instead val users = remember { mutableStateListOf<User>() } // Cor...
Read more

JIT vs AOT Compilation | Android Runtime

Image
           D id you ever think, what happens when you install your app in your Android device, it shows INSTALLING for fraction of second and app get opens. What happens exactly behiend the scene? Found Interesting???? Cool !!! let’s clear all the doubt in this blog. You would have definetely read the buzz words JIT(Just-in-time) and AOT(Ahead of time) at many ocassions. We’ll dig it down in details in this article, stay tuned…. Android apps run on Android Runtime (ART) , which replaced Dalvik since Android 5.0 (Lollipop). ART supports both JIT (Just-In-Time) Compilation and AOT (Ahead-Of-Time) Compilation to improve performance and efficiency. JIT (Just-In-Time) Compilation How it Works: Compiles bytecode into native machine code at runtime (when the app is executed). Stores frequently used methods in memory to speed up subsequent executions. Advantages: Faster app installation because it doesn’t require full compilation beforehand. Reduces s...
Read more

From ‘Master’ to ‘Main’: The Meaning Behind Git’s Naming Shift

Image
                             Git changed its default branch name from master to main due to concerns about inclusivity and to remove references to terms with problematic historical connotations. The term master has been associated with slavery, and many tech communities sought to use more neutral and inclusive language. Reason for the Change: Inclusivity & Sensitivity- Many organizations aimed to remove racially charged terminology from software development. Consistency Across Communities- Other projects and platforms, such as Github, Gitlab, and software frameworks, also made similar changes. Modern Naming Conventions- main is a cleaner and more intuitive name, as it represents the primary branch of a repository. Interesting Facts —  It wasn’t originally about slavery  — The term Git did not originate from the master/slave concept used in computing. It likely came from Bitkeeper , a version contro...
Read more

Play Store Uploads with Fastlane Supply - 4

Image
If you’ve ever manually uploaded an APK or AAB to the Google Play Store, you know it can be a tedious process. From filling out all the necessary metadata to selecting the correct APK version, it can feel like a lot of repetitive work. But with Fastlane Supply , you can automate this entire process — making your app releases smoother, faster, and error-free. In this section, we’ll explore how Fastlane Supply works and how to set it up to upload your Android app directly to the Play Store with ease. Step 1: Set Up Google Play API Access Before you can upload your app with Fastlane Supply , you need to set up Google Play API access . This ensures that Fastlane can communicate with the Play Store and upload your APK or AAB. Here’s how you can set up API access: Create a Google Cloud project : Go to the Google Cloud Console. Create a new project. Enable the Google Play Developer API : In the Cloud Console, search for and enable the Google Play Developer API . Create a service account ...
Read more

Cracking Android SDE2/SDE3 Interviews in 2026: Deep Dives, Code, Follow-ups

Image
  Find Part -2 From Here Find Part -3 From Here Lifecycle & Components 1. Activity lifecycle states? Interviewer:  Walk me through the full Activity lifecycle and where you’d place data syncs. Candidate:  Absolutely. The Activity lifecycle defines how Android creates, displays, pauses, and destroys a screen. Correct usage ensures good performance, no leaks, and a smooth user experience. onCreate()  Called once when the Activity is created.  Used for one-time initialization such as: Dependency injection (Hilt) Initializing ViewModels Setting the UI with setContentView() or setContent {}  The UI is not yet visible, so no user interaction or heavy work should start here. onStart()  The Activity becomes visible to the user but is not yet interactive.  This is a good place to prepare UI-related resources or start observing data. onResume()  The Activity is in the foreground and fully interactive .  This is the best place to: Start sens...
Read more

Android Device Security: Sandboxing, Rooting, and Attestation Explained

Image
  As Android developers, understanding device security is essential to protect our apps and users. In this comprehensive guide, we’ll explore Android’s security architecture, including sandboxing, rooting and jailbreaking, and how to implement device attestation using SafetyNet and Play Integrity. We’ll cover each topic in detail, providing code snippets and best practices, following. What is Sandboxing in Android? Sandboxing is the security mechanism that isolates each app’s code and data from other apps and from the underlying system. In Android, this ensures that one app cannot freely read or modify another app’s private data or perform privileged operations unless explicit permissions or IPC channels are used.​ High-Level Idea Each app runs in its own isolated environment with: Its own Linux user ID (UID) and process. Its own private data directory (e.g., /data/data/<package_name>/ ). By default: One app cannot directly access another app’s files. An app cannot perfo...
Read more