QEMU, a Fast and Portable Dynamic Translator Fabrice Bellard (affiliation?) CMSC 691 talk by Charles Nicholas.

Slides:



Advertisements
Similar presentations
An Overview Of Virtual Machine Architectures Ross Rosemark.
Advertisements

Programming Technologies, MIPT, April 7th, 2012 Introduction to Binary Translation Technology Roman Sokolov SMWare
Attacks on Virtual Machine Emulators Peter Ferrie, Senior Principal Researcher 12 April, 2007.
Binary Translation Using Peephole Superoptimizers Sorav Bansal, Alex Aiken Stanford University.
INSTRUCTION SET ARCHITECTURES
Effects of Virtual Cache Aliasing on the Performance of the NetBSD Operating System Rafal Boni CS 535 Project Presentation.
Enabling Efficient On-the-fly Microarchitecture Simulation Thierry Lafage September 2000.
OmniVM Efficient and Language- Independent Mobile Programs Ali-Reza Adl-Tabatabai, Geoff Langdale, Steven Lucco and Robert Wahbe from Carnegie Mellon University.
Chapter 2 Machine Language. Machine language The only language a computer can understand directly. Each type of computer has its own unique machine language.
Virtual Machines Measure Up John Staton Karsten Steinhaeuser University of Notre Dame December 15, 2005 Graduate Operating Systems, Fall 2005 Final Project.
KVM/ARM: The Design and Implementation of the Linux ARM Hypervisor Fall 2014 Presented By: Probir Roy.
A. Frank - P. Weisberg Operating Systems Structure of Operating Systems.
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
3-1 3 Compilers and interpreters  Compilers and other translators  Interpreters  Tombstone diagrams  Real vs virtual machines  Interpretive compilers.
Fast Dynamic Binary Translation for the Kernel Piyus Kedia and Sorav Bansal IIT Delhi.
To run the program: To run the program: You need the OS: You need the OS:
CSE 451: Operating Systems Winter 2012 Module 18 Virtual Machines Mark Zbikowski and Gary Kimura.
A Survey on Virtualization Technologies
University of Maryland Compiler-Assisted Binary Parsing Tugrul Ince PD Week – 27 March 2012.
Virtual Machines: Versatile Platforms for Systems and Processes
A Survey on Virtualization Technologies. Virtualization is “HOT” Microsoft acquires Connectix Corp. EMC acquires VMware Veritas acquires Ejascent IBM,
Operating System Support for Virtual Machines Samuel T. King, George W. Dunlap,Peter M.Chen Presented By, Rajesh 1 References [1] Virtual Machines: Supporting.
IT253: Computer Organization Lecture 4: Instruction Set Architecture Tonga Institute of Higher Education.
Topic:The Motorola M680X0 Family Team:Ulrike Eckardt Frederik Fleck André Kudra Jan Schuster Date:Thursday, 12/10/1998 CS-350 Computer Organization Term.
1 A Simple but Realistic Assembly Language for a Course in Computer Organization Eric Larson Moon Ok Kim Seattle University October 25, 2008.
Introduction to the Java Virtual Machine 井民全. JVM (Java Virtual Machine) the environment in which the java programs execute The specification define an.
Introduction 1-1 Introduction to Virtual Machines From “Virtual Machines” Smith and Nair Chapter 1.
© 2012 Pearson Education, Inc. All rights reserved. 1-1 Why Java? Needed program portability – Program written in a language that would run on various.
The HipHop Compiler from Facebook By Megha Gupta & Nikhil Kapoor.
Interrupts By Ryan Morris. Overview ● I/O Paradigm ● Synchronization ● Polling ● Control and Status Registers ● Interrupt Driven I/O ● Importance of Interrupts.
Processes Introduction to Operating Systems: Module 3.
Performance Comparison Xen vs. KVM vs. Native –Benchmarks: SPEC CPU2006, SPEC JBB 2005, SPEC WEB, TPC –Case studies Design instrumentations for figure.
Optimised C/C++. Overview of DS General code Functions Mathematics.
QEMU Binary Translation Ashish Kaila (akaila) Maneet Singh (maneets) 1.
Simics: A Full System Simulation Platform Synopsis by Jen Miller 19 March 2004.
Transmeta’s New Processor Another way to design CPU By Wu Cheng
Next Generation ISA Itanium / IA-64. Operating Environments IA-32 Protected Mode/Real Mode/Virtual Mode - if supported by the OS IA-64 Instruction Set.
The Game Machine. Introduction Background – The project is to create a new type of 3D game machine architecture on embedded system device. – We will discuss.
Full and Para Virtualization
Lecture 26 Virtual Machine Monitors. Virtual Machines Goal: run an guest OS over an host OS Who has done this? Why might it be useful? Examples: Vmware,
Introduction Why are virtual machines interesting?
KIT – University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association SYSTEM ARCHITECTURE GROUP DEPARTMENT OF COMPUTER.
Qin Zhao1, Joon Edward Sim2, WengFai Wong1,2 1SingaporeMIT Alliance 2Department of Computer Science National University of Singapore
Virtualization Neependra Khare
Virtualization.
??? ple r B Amulya Sai EDM14b005 What is simple scalar?? Simple scalar is an open source computer architecture simulator developed by Todd.
Virtual Machine Monitors
Interpreted languages Jakub Yaghob
A Closer Look at Instruction Set Architectures
Virtual Machines: Versatile Platforms for Systems and Processes
ACOE301: Computer Architecture II Labs
Computer Organization and Design
Morgan Kaufmann Publishers
Process Virtualization. Process Process is a program that has initiated its execution. A program is a passive entity; whereas a process is an active entity.
OS Virtualization.
Agenda Why simulation Simulation and model Instruction Set model
CMSC 611: Advanced Computer Architecture
Lesson Objectives Aims Key Words Compiler, interpreter, assembler
Assembly Language for Intel-Based Computers
A Survey on Virtualization Technologies
Virtual Machines (Introduction to Virtual Machines)
CSE 451: Operating Systems Autumn Module 24 Virtual Machine Monitors
CMSC 611: Advanced Computer Architecture
Introduction to Virtual Machines
Introduction to Virtual Machines
First Generation 32–Bit microprocessor
Dynamic Binary Translators and Instrumenters
CS295: Modern Systems Virtualization
In Today’s Class.. General Kernel Responsibilities Kernel Organization
Presentation transcript:

QEMU, a Fast and Portable Dynamic Translator Fabrice Bellard (affiliation?) CMSC 691 talk by Charles Nicholas

Overview QEMU is a system for creating emulators, i.e. programs that allow programs for Target machine A to run on Host machine B For example, to allow a MIPS program (an OS plus apps) to run on an i386 or x64 host By pre-compiling micro operations that make up guest machine instructions, QEMU gains speed over other approaches

What’s the Problem? We want to run a binary for CPU A, but we only have machine B, so we need to emulate A Testing a cross-compiler which has A as a target We need to keep a lower profile than VirtualBox

QEMU Has Many Parts DYNGEN – “performs runtime conversion of the target CPU instructions into the host instruction set” – focus of this paper debugger UNIX user mode emulated devices (many more may exist now) and a GUI!

Example: PowerPC to x86 PowerPC instruction addi r1, r1, -16# r1=r1-16 Generated micro operations mov1_T0_r1# T0=r1 add1_T0_im -16# T0=T0-16 mov1_r1_T0# r1=T0 These micro ops are implemented in C, as follows...

Implement Each Micro Op To implement the micro op mov1_T0_r1# T0=r1 A short C function is written void op_mov1_T0_r1(void){ T0 = env->regs[1]; } The various target CPU registers are part of the environment data structure, and T0 is a variable

How Are These Functions Used? The various micro op functions are compiled, and object code stored When a target instruction is first found, the micro op object code sequences are concatenated in memory, and cached System calls such as memcpy are used to handle target machine memory operations Each target machine opcode needs to be handled (one would expect)

How Does DYNGEN Work? The compiled C code (somefile.obj) is parsed, and the location of various micro ops noted. The number of parameters of each micro op is noted, too. GCC flags are used to simplify the parsing, and to assure that the micro op code is position- independent. (Do you know what that means? Am I right on this point?)

Implementation Aspects Target operations are grouped into Translated Blocks, delimited by branching ops Translated Blocks are cached (to avoid translating the same code repeatedly) Target CPU registers (including condition code flags) are just C variables The Translated Blocks may have extra code to branch to each other, if that’s what would happen in target code. (Direct Block Chaining)

Other Issues Memory Management Self-modifying code (which malware may use!) Exceptions Interrupts

Evaluation The BYTEmark benchmark for Linux was run on a native host, and then on a QEMU virtual machine. – integer code 4x – floating point code 10x – faster than Bochs by 30x – faster than valgrind by 1.2x, even though valgrind is hand coded for x86 to x86 emulation

Conclusions It’s possible to make a versatile emulator with decent performance – versatile: many (target, host) combinations Lots of options regarding debugging or instrumenting code There seems to be an active QEMU community For more info, see

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.