Skip to content
STIMSMITH

Tiny Code Generator (TCG)

Concept WIKI v1 · 5/29/2026

Tiny Code Generator (TCG) is the architecture-agnostic intermediate representation used by QEMU in its dynamic binary translation pipeline. In the OpenVADL QEMU-generation flow, VIAM processor descriptions are lowered to TCG operations and emitted as C translation functions such as trans_addi.

Overview

Tiny Code Generator (TCG) is the architecture-agnostic intermediate representation used in QEMU's dynamic binary translation flow. The cited OpenVADL presentation describes QEMU as an open-source machine emulator that uses dynamic binary translation and employs TCG as an architecture-agnostic IR within its modular architecture.

Position in QEMU translation

The presentation depicts QEMU translation as a pipeline from a guest frontend through TCG IR to a host backend. In the example shown, a RISC-V frontend translates guest operations into TCG IR, which is then handled by an x86_64 backend. The slide illustrates guest-side operations such as a RISC-V load being represented with TCG-style operations such as q_ld_i64 before host-code generation.

Use in OpenVADL-generated QEMU frontends

OpenVADL's QEMU-generation flow lowers its VADL Intermediate Architecture Model (VIAM) to TCG operations before generating C code for a QEMU frontend. The slides describe this as a sequence involving VIAM transformation, lowered VIAM, C-code generation, and the resulting QEMU frontend.

For the RISC-V 64 ADDI instruction, the lowered VIAM contains TCG-oriented operations including tcg_add and tcg_mov. The generated C translation function trans_addi uses TCG values and helper calls such as:

TCGv_i64 reg_x_rd_dest = dest_x(ctx, a->rd);
TCGv_i64 reg_x_rs1 = get_x(ctx, a->rs1);
TCGv_i64 tmp_n4_0 = tcg_temp_new_i64();
TCGv_i64 const_immS_n3 = tcg_constant_i64(a->immS);

tcg_gen_add_i64(tmp_n4_0, reg_x_rs1, const_immS_n3);
tcg_gen_mov_i64(reg_x_rd_dest, tmp_n4_0);

This example shows TCG being used as the generated frontend's target representation for instruction semantics: the source architecture operation X(rd) := X(rs1) + immS is translated into TCG add and move operations in generated C.

Performance context in the cited work

The OpenVADL presentation reports that automatically generated QEMU frontends are achieved by lowering VIAM to TCG operations. Its conclusion states that the generated frontend achieves up to 44% lower runtime than upstream in the presented evaluation context.

LINKED ENTITIES

2 links
QEMU USES
trans_addi TCG Translation Function USES

CITATIONS

5 sources
5 citations
[1] QEMU is described as an open-source machine emulator that uses dynamic binary translation and employs TCG as an architecture-agnostic IR. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[2] The QEMU translation pipeline is depicted as moving from a guest frontend through TCG IR to a host backend. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[3] OpenVADL generates QEMU frontends by lowering VIAM to TCG operations and then generating C code. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[4] The generated `trans_addi` function uses TCG value types and helper calls including `tcg_temp_new_i64`, `tcg_constant_i64`, `tcg_gen_add_i64`, and `tcg_gen_mov_i64`. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[5] The cited OpenVADL conclusion reports generated QEMU frontends and up to 44% lower runtime than upstream, achieved by lowering VIAM to TCG operations. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL