QEMU Binary Translation412/lectures/L05_QEMU_BT.pdf · Quick EMUlation (QEMU) Ø Machine Emulator Ø Virtualizer QEMU modes: Ø User-mode emulation – Allows a process built for

QEMU Binary Translation

Ashish Kaila (akaila)

Maneet Singh (maneets)

1

Virtualization Techniques

Ø Full Virtualization using Binary Translation

2

Virtualization Techniques

Ø OS Assisted Virtualization or Paravirtualization

3

Virtualization Techniques

Ø Hardware Assisted Virtualization

4

Binary Translation

Ø VMWare Software Virtualization

Source Inst Stream (binary)

IR1IR2

.

.IRn

Translation Units (TU)

IR1IR2

.

.IRn

Target Inst Stream (binary)

Compiled Code Fragment (CCF)

Dynamic Binary Translator

5

Binary Translation

Ø QEMU Binary Translation in brief

Source Inst Stream (binary)

Micro-operations

implemented in C

Object file

Target Inst Stream (binary)

dyngen

6

Quick EMUlation (QEMU)

Ø Machine Emulator

Ø Virtualizer

QEMU modes:

Ø User-mode emulation – Allows a process built for one CPU to be

executed on another.

Ø System-mode emulation – Allows emulation of a full system,

including processor and assorted peripherals.7

References

• A comparison of software and hardware techniques for x86 virtualization – Keith Adams, Ole Agesen, ASPLOS’06

• Understanding Full Virtualization, Paravirtualization and Hardware Assist – VMware Whitepaper

• QEMU, a fast and portable Dynamic Translator – Fabrice Bellard

• QEMU Wiki: wiki.qemu.org

8

QEMU Deep Dive

Source: wiki.qemu.org

9

10

11

12

13

14

15

16

QEMU ARCHITECTURE

17

18

1919

Thank you

20