QEMU Binary Translation

Ashish Kaila (akaila)

Maneet Singh (maneets)

1

Virtualization Techniques

Full Virtualization using Binary Translation

2

Virtualization Techniques

OS Assisted Virtualization or Paravirtualization

3

Virtualization Techniques

Hardware Assisted Virtualization

4

Binary Translation

VMWare Software Virtualization

Source Inst Stream (binary)

IR1IR2

.

.IRn

Translation Units (TU)

IR1IR2

.

.IRn

Target Inst Stream (binary)

Compiled Code Fragment (CCF)

Dynamic Binary Translator

5

Binary Translation

QEMU Binary Translation in brief

Source Inst Stream (binary)

Micro-operations

implemented in C

Object file

Target Inst Stream (binary)

dyngen

6

Quick EMUlation (QEMU)

Machine Emulator

Virtualizer

QEMU modes:

User-mode emulation – Allows a process built for one CPU to be

executed on another.

System-mode emulation – Allows emulation of a full system,

including processor and assorted peripherals.

7

References• A comparison of software and hardware techniques for x86

virtualization – Keith Adams, Ole Agesen, ASPLOS’06• Understanding Full Virtualization, Paravirtualization and Hardware

Assist – VMware Whitepaper• QEMU, a fast and portable Dynamic Translator – Fabrice Bellard• QEMU Wiki: wiki.qemu.org

8

QEMU Deep Dive

Source: wiki.qemu.org

9

10

11

12

13

14

15

16

QEMU ARCHITECTURE

17

18

1919

Thank you

20