QEMU
ToolQEMU is an open-source machine emulator that uses dynamic binary translation and the Tiny Code Generator (TCG) as an architecture-agnostic intermediate representation. In the provided evidence, it appears both as a reusable emulator platform for generated instruction-set-simulator frontends from OpenVADL processor descriptions and as a high-performance RISC-V emulator instrumented with a Direct Instruction Injection interface for TestRIG-style verification.
First seen 5/27/2026
Last seen 6/7/2026
Evidence 16 chunks
Wiki v2
WIKI
Overview
QEMU is described in the OpenVADL evidence as an open-source machine emulator. The official GitHub mirror identifies the project as qemu/qemu, implemented primarily in C, and notes that pull requests are disabled on the mirror while contributions should follow the QEMU website process. [C1]
Dynamic translation architecture
NEIGHBORHOOD
No graph connections found for this entity yet. It may appear in future ingestion runs.
explore full graph →RELATIONSHIPS
22 connectionsTestRIG added Direct Instruction Injection to QEMU to use it as a reference implementation.
QEMU implements the concept of a CPU emulator, capable of emulating an entire PC system.
QEMU is a high-performance RISC-V emulator.
The paper evaluates QEMU as one of four IA-32 emulators tested.
Examiner evaluates QEMU by comparing its instruction execution results against real devices.
Examiner: Automatically Locating Inconsistent Instructions between Real Devices and CPU Emulators for ARM ← uses 100% 2e
The paper uses QEMU as the primary emulator for differential testing experiments.
op_store_ri is a function in QEMU responsible for decoding the STR instruction.
Unicorn is derived from QEMU, providing friendly APIs while focusing on CPU emulation only.
QEMU has been extended with the Direct Instruction Injection interface for use with TestRIG.
NEMU achieves performance similar to QEMU through optimization techniques.
QEMU decodes instruction streams into intermediate representations before translating to host machine instructions.
QEMU was extended with the Direct Instruction Injection interface to support TestRIG verification.
QEMU uses just-in-time translation to execute emulated instructions.
QEMU can operate as a whole-system emulator in addition to process emulation mode.
QEMU can also operate as a process emulator in addition to whole-system emulation.
TriforceAFL is a fuzzing tool that uses QEMU for full system emulation fuzzing.
FirmAFL is a fuzzing tool that uses QEMU for CPU emulation.
QEMU is an open source machine emulator that implements an instruction set simulator.
QEMU implements dynamic binary translation as its core emulation technique.
QEMU uses TCG as its architecture-agnostic intermediate representation.
Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL ← introduces 90% 1e
The paper introduces the approach of generating a QEMU-based ISS from an OpenVADL processor description.
QEMU is used to simulate RISC-V, as demonstrated by the RISC-V frontend example.
LINKED ENTITIES
5 linksRISC-V USES Extracted graph relationship
Dynamic Binary Translation (DBT) IMPLEMENTS Extracted graph relationship
Tiny Code Generator (TCG) USES Extracted graph relationship
Instruction Set Simulator IMPLEMENTS Extracted graph relationship
Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL INTRODUCES Extracted graph relationship
CITATIONS
10 sources10 citations — click to expand
[1] QEMU is an open-source machine emulator with an official GitHub mirror implemented primarily in C, and contributions are directed through the QEMU website rather than pull requests on the mirror. qemu/qemu
[2] QEMU uses dynamic binary translation, has a modular architecture, employs the architecture-agnostic TCG IR, and includes reusable infrastructure such as a GDB stub. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[3] The QEMU translation example shows a RISC-V frontend lowering guest instructions into TCG IR and an x86_64 backend emitting host code. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[4] The OpenVADL presentation is about generating a QEMU-based instruction set simulator, and its overview depicts a QEMU Simulator as an OpenVADL-generated artifact. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[5] OpenVADL generates QEMU frontends from VADL specifications by transforming VIAM, lowering it to TCG operations, generating C code, and producing a QEMU frontend. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[6] The slides show generated C code for a RISC-V 64 ADDI TCG translation function using TCG register access, constants, addition, and move operations. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[7] The OpenVADL evaluation reports Embench results for generated QEMU frontends and states that the generated frontend achieves up to 44% lower runtime than upstream. Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL
[8] The TestRIG evidence states that the Direct Instruction Injection interface was added to QEMU and Spike, described as two high-performance emulators, as well as to the Sail RISC-V formal model. TestRIG RISC-V CPU testing evidence
[9] The TestRIG evidence frames the setup as comparison among executable formal models, software ISA simulators, and simulated hardware execution, requiring Direct Instruction Injection during tandem verification. TestRIG RISC-V CPU testing evidence
[10] The TestRIG ecosystem figure describes a Verification Engine that injects instruction sequences and compares execution traces until it finds a divergence. TestRIG RISC-V CPU testing evidence