Features/TCG

From QEMU
Revision as of 09:25, 10 July 2019 by Ajb (talk | contribs) (don't transclude the developer notes)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The Tiny Code Generator (TCG) is the core binary translation engine that is responsible for QEMU ability to emulate foreign processors on any given supported host.

Performance

The TCG works by translating each guest instruction into a sequence of host instructions. As a result there will be a level of inefficiency which means TCG code will not be as fast as running native code. However with a reasonable host system you can get a pretty good experience, especially when emulating older and slower chips. Depending on your requirements you can tailor you use of QEMU.

*-user vs system emulation

If all you want to do is run and debug user space programs then you should use QEMU's user space emulation solution (linux-user or bsd-user). Here the guest architecture program is translated to run host instructions up until the point the program makes a system call into the kernel. The system call is then routed to the host kernel to be executed. This is efficient because you don't need to translated a kernel and more importantly you don't need to do a full emulation of the systems address translation subsystem.

Kernel's under system emulation

You should disable ASLR (address space layout randomisation). This is a kernel security feature to make it harder for malicious code to guess memory addresses while trying to execute exploits. However for TCG is means code translations that could otherwise be shared end up being re-translated multiple times.

Developer Documentation

See developer documentation for internal details about how the TCG works.

Retrieved from "https://wiki.qemu.org/index.php?title=Features/TCG&oldid=8746"