Overview
QEMU is described in the OpenVADL evidence as an open-source machine emulator. The official GitHub mirror identifies the project as qemu/qemu, implemented primarily in C, and notes that pull requests are disabled on the mirror while contributions should follow the QEMU website process. [C1]
Dynamic translation architecture
The OpenVADL slides characterize QEMU as using dynamic binary translation (DBT) and having a modular architecture. That modularity is presented as simplifying support for new architectures. The same slide states that QEMU employs an architecture-agnostic intermediate representation, Tiny Code Generator (TCG), and provides reusable infrastructure such as a GDB stub. [C2]
The evidence also illustrates QEMU's translation structure with a RISC-V example: a RISC-V frontend lowers guest instructions into TCG IR, and a backend emits host code for x86_64. [C3]
Use as an instruction set simulator target
The OpenVADL presentation is specifically about generating a QEMU-based instruction set simulator from a processor description in OpenVADL. Its OpenVADL overview depicts QEMU Simulator output alongside other generated artifacts such as an assembler/linker, compiler, hardware, and a cycle-approximate simulator. [C4]
The described generation flow starts from the VIAM intermediate architecture model, performs transformations and lowering toward TCG operations, generates C code, and produces a QEMU frontend that executes guest programs. The conclusion states that OpenVADL enables automatic generation of QEMU frontends from VADL specifications by lowering VIAM to TCG operations. [C5]
As an example, the slides show generated C code for a RISC-V 64 ADDI translation function. The generated function obtains destination and source registers, creates a TCG constant from the immediate, emits tcg_gen_add_i64, moves the result to the destination, and returns success. [C6]
Reported OpenVADL evaluation
For generated QEMU frontends, the OpenVADL slides report Embench evaluation results for RISC-V 64 IM and AArch64. The conclusion states that the generated frontend achieves up to 44% lower runtime than upstream. [C7]
Role in TestRIG-style RISC-V verification
In the TestRIG RISC-V CPU testing evidence, QEMU is identified as one of two high-performance emulators, alongside Spike, to which the researchers added a Direct Instruction Injection (DII) interface. The same passage says the DII interface was also added to the Sail RISC-V formal model and that several RISC-V processor implementations were instrumented with RVFI-DII. [C8]
That evidence frames the testing setup as comparison among executable formal models, software ISA simulators, and simulated execution of hardware designs rather than testing completed fabricated chips. It states that this requires instrumenting the CPU design with an additional DII interface used by the test harness during tandem verification. [C9]
Within the illustrated TestRIG ecosystem, a Verification Engine injects instruction sequences and compares execution traces until it finds a divergence. In that context, QEMU functions as an instrumented emulator endpoint that can participate in model-based testing and trace-comparison workflows. [C10]