Source 3e38555d... — STIMSMITH

SOURCE ARCHIVE

SHA256: 3e38555d08506c4213ea849152176accea1c234c97b272c7f8e07a7e6af93b6a

URL: https://www.complang.tuwien.ac.at/vadl/papers/samos25slides.pdf

TYPE: application/pdf

SIZE: 145.7 KB

FETCHED: 5/29/2026, 11:13:37 PM

EXTRACTOR: liteparse

CHARS: 4,030

EXTRACTED CONTENT

4,030 chars

Generation of a QEMU-Based Instruction Set Simulator from a Processor Description in OpenVADL

Johannes Zottele, Matthias Raschhofer, Benedikt Huber and Andreas Krall June 30, 2025 Technische Universität Wien, Vienna, Austria

Vienna Architecture Description Language (VADL)

1  instruction set architecture RV64I = {    VADL
2   register X : Bits<5>   -> Bits<64>
3   format Itype : Bits<32> =
4   { imm    : Bits<12>
5   , rs1    : Bits<5>
6   , rd     : Bits<5>
7   , opcode : Bits<7>
8   , ...
9   , immS = imm as SInt<32>

10 } 11 instruction ADDI : Itype = X(rd) := X(rs1) + immS 12 encoding ADDI = {opcode = 0b001'0011, funct3 = 0b000}

                 1 / 11

OpenVADL Overview

Assembler Compiler & Linker

VADL Frontend VIAM Architecture Cycle- Specification Synthesis Approximate Simulator

  QEMU             Hardware
  Simulator

2 / 11

QEMU

• Open source machine emulator • Uses dynamic binary translation (DBT) • Modular architecture E M U ‣ Simplifies support for new architectures ‣ Employ an architecture-agnostic IR (TCG) ‣ Includes reusable infrastructure (e.g. GDB stub)

   3 / 11    WR openvADL

QEMU - TCG Translation

RISC-V frontend add_i64TCG IR backend x86_64

ld x11, 8(x10) q_ld_i64loc3,x10,8 leaq 8(%10),%rdi ... ... x11,loc3 movq (%rdi),%r11 ...

4 / 11

QEMU Generation

Decoder VDT Generation QEMU System

VIAM TCG Lowered C-Code QEMU Transformation VIAM Generation Frontend

  Guest Program     executes on

5 / 11

VADL Intermediate Architecture Model (VIAM)

field: Bits<5>

fieldAccess: Bits<64> read: Bits<64>

field: Bits<5> add: Bits<64>

write start

instr end

RISC-V 64 ADDI X(rd) := X(rs1) + immS

  6 / 11

Lowered VIAM

field field field

var<reg,X> var var var<reg,X> start tcg_add dest tcg_mov dest instr_end

7 / 11

Generated C-Code

TCG Translation Function for RISC-V 64 ADDI c 1 static bool trans_addi(DisasContext *ctx, arg_addi *a) { 2 TCGv_i64 reg_x_rd_dest = dest_x(ctx, a->rd); 3 TCGv_i64 reg_x_rs1 = get_x(ctx, a->rs1); 4 TCGv_i64 tmp_n4_0 = tcg_temp_new_i64(); 5 TCGv_i64 const_immS_n3 = tcg_constant_i64(a->immS); 6 7 tcg_gen_add_i64(tmp_n4_0, reg_x_rs1, const_immS_n3); 8 tcg_gen_mov_i64(reg_x_rd_dest, tmp_n4_0); 9 10 return true; 11 }

    8 / 11

Evaluation Results RISC-V 64 (IM) Embench - QEMU Relative (lower is better) 1.0 ← Baseline 0.8 ← Mean 0.6 0.4 0.2 0.0

9 / 11










aha-mont64  relative runtime
     crc32
     cubic
       edn
 huffbench

matmult-int md5sum minver nbody nettle-aes nettle-sha256 nsichneu picojpeg primecount qrduino sglib-combined slre st statemate tarfind ud wikisort

Evaluation Results AArch64 Embench - QEMU Relative (lower is better) 1.2 1.0 ← Baseline 0.8 0.6 0.4 0.2 0.0

10 / 11










aha-mont64  relative runtime
     crc32
       edn
 huffbench

matmult-int md5sum nettle-aes nettle-sha256 nsichneu picojpeg primecount qrduino sglib-combined slre tarfind

Conclusion & Future Work

• OpenVADL enables automatic generation of QEMU frontends from VADL specs • Achieved by lowering the intermediate representation (VIAM) to TCG operations • The generated frontend achieves up to 44% lower runtime than upstream

Future Work More Information • TCG vector support for tensor instructions • github.com/openvadl • User-mode simulation • openvadl.org • Floating-point instruction support • Cycle Approximate Simulator based on the ISS

    11 / 11