The Tiny Code Generator (TCG) is the core binary translation engine that is responsible for QEMU ability to emulate foreign processors on any given supported host.

Performance

The TCG works by translating each guest instruction into a sequence of host instructions. As a result there will be a level of inefficiency which means TCG code will not be as fast as running native code. However with a reasonable host system you can get a pretty good experience, especially when emulating older and slower chips. Depending on your requirements you can tailor you use of QEMU.

*-user vs system emulation

If all you want to do is run and debug user space programs then you should use QEMU's user space emulation solution (linux-user or bsd-user). Here the guest architecture program is translated to run host instructions up until the point the program makes a system call into the kernel. The system call is then routed to the host kernel to be executed. This is efficient because you don't need to translated a kernel and more importantly you don't need to do a full emulation of the systems address translation subsystem.

Kernel's under system emulation

You should disable ASLR (address space layout randomisation). This is a kernel security feature to make it harder for malicious code to guess memory addresses while trying to execute exploits. However for TCG is means code translations that could otherwise be shared end up being re-translated multiple times.

Notes

Tiny Code Generator (TCG)

The Tiny Code Generator (TCG) exists to transform target insns (the processor being emulated) via the TCG frontend to TCG ops which are then transformed into host insns (the processor executing QEMU itself) via the TCG backend.

People who wish to port QEMU to run on a new processor need to be concerned with the backend. There also exists the TCI (TCG Interpreter) effort which provides a backend agnostic interpreter for TCGops.

People who wish to port QEMU to emulate a new processor need to be concerned with the frontend.

Source Tree Documentation

A number of documents in the source tree should be helpful to understanding how things go together:

• The intro README
• Details about docs/devel/tcg.rst
• Notes on decodetree (used by newer frontends to reduce boilerplate)
• How we approach multithreaded TCG

Other pages on the wiki

• Backend Ops
• Frontend Ops

Presentations and Other External Sources

• Slides and recording of a talk on TCG mechanics
• StackOverflow answer showing code flow of a TCG translation