How QEMU works – Chapter 1


Posted: maggio 20th, 2013 | Author: | Filed under: English, Guide, QEMU, Virtualizzazione | Tags: , , , , , | No Comments »


I’ve worked a lot with QEMU some months ago and I’ve learned some tricks that maybe can be useful for someone. Before starting this is the list of the arguments which will be treated in the future articles

  1. QEMU introduction
  2. TCG helpers
    TCG variables
    TCG caches
  3. QEMU parameters
    QEMU RAM functions
  4. ARM semihosting

First Part: QEMU Introduction

Ok let’s start with the first topic. QEMU is complete machine emulator, it’s in fact able to emulate cpus, hard disks, ram, caches, and also some devices. One of the most important vantages of QEMU is that it’s very fast. Qemu uses an emulation method called “dynamic translation” that is one of the most important cause of its speed.

What an emulator usually does is to convert instructions of the architecture it wants to emulate (Guest) into instructions for the local architecture (Host), that is the architecture on which Qemu is running on. This operation can be done translating each instruction of the guest application into a new one which can be executed directly on the host architecture. This operation is of course very slow, because for each guest instruction more than one will be executed on the host machine. The other method is to translate not only an instruction at time but an entire sequence of them, for example the code between two jump instructions. This is how Qemu works and this is one of the reason why it’s very fast. In fact in this way the emulator can also optimize the block of instructions that it’s translating  and then it can obtain better performances.

Qemu supports a very large number of different architectures. The most important reason is the way it has been projected. Qemu in fact doesn’t directly translate the guest code into the host one, using the Tiny Code Generator (TCG) in fact it translates a block of instructions of the target architecture into a code that is after translated by the appropriate backend into the host architecture. So to add a new supported architecture to Qemu it’s necessary to add only a new backend. Moreover Qemu has a cache of the translated TGC blocks and this is another reason of the speed of execution of the emulator.

I think this is enough to understand the next chapters. Stay tuned!!



Leave a Reply

  • Articoli Recenti:

  • Tag

  • Categorie

  • Meta

  • Licenza Creative Commons

    Copyright © 2018, | ldlabs.org – Blog is proudly powered by WordPress All rights Reserved | Theme by Ryan McNair modified By Francesco Apollonio

    Smilla Magazine Il Bloggatore iwinuxfeed.altervista.org Feedelissimo - tecnologia WebShake - tecnologia