QEMU

QEMU (short for Quick EMUlator) is a  that performs.

QEMU is a : it emulates the machine's through dynamic  and provides a set of different hardware and device models for the machine, enabling it to run a variety of s. It also can be used with  to run virtual machines at near-native speed (by taking advantage of hardware extensions such as ). QEMU can also do emulation for user-level processes, allowing applications compiled for one architecture to run on another.

Licensing
QEMU was written by and is, mainly licensed under the  (GPL for short). Various parts are released under the, (LGPL) or other GPL-compatible licenses.

Operating modes
QEMU has multiple operating modes:


 * User-mode emulation: In this mode QEMU runs single or / programs that were compiled for a different . System calls are ed for  and for 32/64 bit mismatches. Fast cross-compilation and cross-debugging are the main targets for user-mode emulation.
 * System emulation: In this mode QEMU emulates a full computer system, including s. It can be used to provide virtual hosting of several virtual computers on a single computer. QEMU can boot many guest s, including, , , , and ; it supports emulating several instruction sets, including , , 32-bit , , , , and.
 * KVM Hosting: Here QEMU deals with the setting up and migration of KVM images. It is still involved in the emulation of hardware, but the execution of the guest is done by KVM as requested by QEMU.
 * Xen Hosting: QEMU is involved only in the emulation of hardware; the execution of the guest is done within Xen and is totally hidden from QEMU.

Features
QEMU can save and restore the state of the virtual machine with all programs running. Guest operating systems do not need patching in order to run inside QEMU.

QEMU supports the emulation of various architectures, including:


 * (x86) PCs
 * PCs
 * Release 6 and earlier variants
 * Sun's sun4m
 * Sun's sun4u
 * development boards (Integrator/CP and Versatile/PB)
 * SHIX board
 * ( and )

The virtual machine can interface with many types of physical host hardware, including the user's hard disks, CD-ROM drives, network cards, audio interfaces, and USB devices. USB devices can be completely emulated, or the host's USB devices can be used, although this requires administrator privileges and does not work with all devices.

Virtual disk images can be stored in a special format that only takes up as much disk space as the guest OS actually uses. This way, an emulated 120 GB disk may occupy only a few hundred megabytes on the host. The QCOW2 format also allows the creation of overlay images that record the difference from another (unmodified) base image file. This provides the possibility for reverting the emulated disk's contents to an earlier state. For example, a base image could hold a fresh install of an operating system that is known to work, and the overlay images are used. Should the guest system become unusable (through virus attack, accidental system destruction, etc.), the user can delete the overlay and use an earlier emulated disk image.

QEMU can emulate network cards (of different models) which share the host system's connectivity by doing network address translation, effectively allowing the guest to use the same network as the host. The virtual network cards can also connect to network cards of other instances of QEMU or to local interfaces. Network connectivity can also be achieved by bridging a TUN/TAP interface used by QEMU with a non-virtual Ethernet interface on the host OS using the host OS's bridging features.

QEMU integrates several services to allow the host and guest systems to communicate; for example, an integrated server and network-port redirection (to allow incoming connections to the virtual machine). It can also boot Linux kernels without a bootloader.

QEMU does not depend on the presence of graphical output methods on the host system. Instead, it can allow one to access the screen of the guest OS via an integrated server. It can also use an emulated serial line, without any screen, with applicable operating systems.

Simulating multiple CPUs running is possible.

QEMU does not require administrative rights to run unless additional kernel modules for improving speed (like ) are used or certain modes of its network connectivity model are utilized.

Tiny Code Generator
The Tiny Code Generator (TCG) aims to remove the shortcoming of relying on a particular version of or any compiler, instead incorporating the compiler (code generator) into other tasks performed by QEMU at run time. The whole translation task thus consists of two parts: blocks of target code (TBs) being rewritten in TCG ops - a kind of machine-independent intermediate notation, and subsequently this notation being compiled for the host's architecture by TCG. Optional optimisation passes are performed between them.

TCG requires dedicated code written to support every architecture it runs on. It also requires that the target instruction translation be rewritten to take advantage of TCG ops, instead of the previously used dyngen ops.

Starting with QEMU Version 0.10.0, TCG ships with the QEMU stable release.

Accelerator
KQEMU was a, also written by , which notably sped up emulation of x86 or x86-64 guests on platforms with the same CPU architecture. This worked by running code (and optionally some kernel code) directly on the host computer's CPU, and by using processor and peripheral emulation only for  and  code. KQEMU could execute code from many guest OSes even if the host CPU did not support. KQEMU was initially a product available free of charge, but starting from version 1.3.0pre10, it was  under the. QEMU versions starting with 0.12.0 support large memory which makes them incompatible with KQEMU. Newer releases of QEMU have completely removed support for KQEMU.

QVM86 was a licensed drop-in replacement for the then closed-source KQEMU. The developers of QVM86 ceased development in January, 2007.

(KVM) has mostly taken over as the Linux-based hardware-assisted virtualization solution for use with QEMU in the wake of the lack of support for KQEMU and QVM86.

Intel's Hardware Accelerated Execution Manager (HAXM) is an open-source alternative to KVM for x86-based hardware-assisted virtualization on NetBSD, Linux, Windows and macOS. Intel mostly solicits its use with QEMU for Android development. Starting with version 2.9.0, the official QEMU includes support for HAXM.

Supported disk image formats
QEMU supports the following formats:


 * – Read-only
 * – Read-only
 * – Read-only
 * disk image – Read-only
 * Virtual
 * that contain sector-by-sector contents of a disk
 * that contain sector-by-sector contents of an optical disk (e.g. booting live OSes)
 * Virtual
 * that contain sector-by-sector contents of a disk
 * that contain sector-by-sector contents of an optical disk (e.g. booting live OSes)
 * that contain sector-by-sector contents of an optical disk (e.g. booting live OSes)

Hardware-assisted emulation
The -compatible -3 processor adds 200 new instructions to help QEMU translate x86 instructions; those new instructions lower the overhead of executing x86/-style instructions in the MIPS pipeline. With additional improvements in QEMU by the, Loongson-3 achieves an average of 70% the performance of executing native binaries while running x86 binaries from nine benchmarks.

Parallel emulation
Virtualization solutions that use QEMU are able to execute multiple virtual CPUs in parallel. For user-mode emulation QEMU maps emulated threads to host threads. For full system emulation QEMU is capable of running a host thread for each emulated virtual CPU (vCPU). This is dependent on the guest having been updated to support parallel system emulation, currently ARM, Alpha, HP-PA, PowerPC, RISC-V, s390x, x86 and Xtensa. Otherwise a single thread is used to emulate all virtual CPUS (vCPUS) which executes each vCPU in a round-robin manner.

VirtualBox
, first released in January 2007, uses some of QEMU's virtual hardware devices, and has a built-in based on QEMU. As with KQEMU, VirtualBox runs nearly all guest code natively on the host via the VMM (Virtual Machine Manager) and uses the recompiler only as a fallback mechanism - for example, when guest code executes in. In addition, VirtualBox does a lot of code analysis and patching using a built-in disassembler in order to minimize recompilation. VirtualBox is free and open-source (available under ), except for certain features.

Xen-HVM
, a virtual machine monitor, can run in HVM (hardware virtual machine) mode, using or  hardware  extensions and   and  virtualization extension. This means that instead of paravirtualized devices, a real set of virtual hardware is exposed to the domU to use real device drivers to talk to.

QEMU includes several components: CPU emulators, emulated devices, generic devices, machine descriptions, user interface, and a debugger. The emulated devices and generic devices in QEMU make up its device models for I/O virtualization. They comprise a PIIX3 IDE (with some rudimentary PIIX4 capabilities), Cirrus Logic or plain VGA emulated video, RTL8139 or E1000 network emulation, and ACPI support. APIC support is provided by Xen.

Xen-HVM has device emulation based on the QEMU project to provide I/O virtualization to the VMs. Hardware is emulated via a QEMU "device model" daemon running as a backend in dom0. Unlike other QEMU running modes (dynamic translation or KVM), virtual CPUs are completely managed to the hypervisor, which takes care of stopping them while QEMU is emulating memory-mapped I/O accesses.

KVM
(Kernel-based Virtual Machine) is a FreeBSD and Linux kernel module that allows a program access to the  features of various processors, with which QEMU is able to offer virtualization for x86, PowerPC, and S/390 guests. When the target architecture is the same as the host architecture, QEMU can make use of KVM particular features, such as acceleration.

Win4Lin Pro Desktop
In early 2005, introduced Win4Lin Pro Desktop, based on a 'tuned' version of QEMU and KQEMU and it hosts NT-versions of Windows. In June 2006, Win4Lin released Win4Lin Virtual Desktop Server based on the same code base. Win4Lin Virtual Desktop Server serves Microsoft Windows sessions to thin clients from a Linux server.

In September 2006, Win4Lin announced a change of the company name to Virtual Bridges with the release of Win4BSD Pro Desktop, a port of the product to FreeBSD and PC-BSD. Solaris support followed in May 2007 with the release of Win4Solaris Pro Desktop and Win4Solaris Virtual Desktop Server.

SerialICE
SerialICE is a QEMU-based firmware debugging tool running system firmware inside of QEMU while accessing real hardware through a serial connection to a host system. This can be used as a cheap replacement for hardware (ICE).

WinUAE
introduced support for the using the QEMU PPC core in version 3.0.0.

x86
Besides the (which is also configurable and can emulate a number of Intel CPU models including (as of 3 March 2018), , ,  and ), the following devices are emulated:
 * / drive using an
 * drive
 * controller or  controller
 * (Cirrus CLGD 5446 PCI VGA-card,Standard-VGA graphics card with Bochs- - Hardware level, including all non-standard modes, and an experimental patch that can accelerate simple 3D graphics via OpenGL, Red Hat QXL VGA or VirtIO GPU)
 * ( PCI network adapter)
 * Depending on target: i82551, i82557b, i82559er, PCI, NE2000 ISA,, , e1000 (PCI Intel Gigabit Ethernet), SMC91c111, Lance and mcf_fec.
 * disk interface
 * i440FX/PIIX3 ( and ) or Q35/ICH9 ( and ) chipsets
 * and
 * (LSI MegaRAID SAS 1078, LSI53C895A, NCR53C9x as found in the AMD PCscsi and Tekram DC-390 controllers)
 * (,, , , and )
 * (Intel 6300 ESB PCI, or iB700 ISA)
 * 1.x/2.x/3.x controllers
 * USB devices: audio, Bluetooth dongle, (keyboard/mouse/tablet),, serial interface,  smartcard reader, storage ( and ), Wacom tablet
 * Paravirtualized devices: block device, network card, SCSI controller, serial interface,,  filesystem driver
 * Paravirtualized Xen devices: block device, network card, console, framebuffer and input device
 * USB devices: audio, Bluetooth dongle, (keyboard/mouse/tablet),, serial interface,  smartcard reader, storage ( and ), Wacom tablet
 * Paravirtualized devices: block device, network card, SCSI controller, serial interface,,  filesystem driver
 * Paravirtualized Xen devices: block device, network card, console, framebuffer and input device

The implementation used by QEMU starting from version 0.12 is. The VGA BIOS implementation comes from Plex86/.The firmware for QEMU is OVMF.

PowerMac
QEMU emulates the following peripherals:
 * UniNorth PCI bridge
 * PCI-VGA-compatible graphics card which maps the VESA Bochs Extensions
 * Two PMAC-IDE-Interfaces with hard disk and CD-ROM support.
 * PCI adapter
 * Non-volatile RAM
 * VIA-CUDA with keyboard and mouse.

is used as the firmware.

PREP
QEMU emulates the following peripherals:
 * PCI bridge
 * PCI VGA-compatible graphics card with VESA Bochs Extensions
 * Two IDE interfaces with hard disk and CD-ROM support
 * Floppy disk drive
 * network adapter
 * Serial interface
 * PREP non-volatile RAM
 * PC-compatible keyboard and mouse

On the PREP target, Open Hack'Ware, an -compatible BIOS, is used.

IBM System p
QEMU can emulate the paravirtual sPAPR interface with the following peripherals:
 * PCI bridge, for access to virtio devices, VGA-compatible graphics, USB, etc.
 * Virtual I/O network adapter, SCSI controller, and serial interface
 * sPAPR non-volatile RAM

On the sPAPR target, another Open-Firmware-compatible BIOS is used, called SLOF.

ARM
QEMU emulates the  (and down to ARMv5TEJ) with NEON extension. It emulates full systems like Integrator/CP board, Versatile baseboard, RealView Emulation baseboard, XScale-based PDAs, Palm Tungsten|E PDA, and  Internet tablets etc. QEMU also powers the Android emulator which is part of the  (most current Android implementations are ARM-based). Starting from version 2.0.0 of their Bada SDK, Samsung has chosen QEMU to help development on emulated 'Wave' devices.

In 1.5.0 and 1.6.0 Samsung 4210 (dual-core Cortex a9) and  Versatile Express   are emulated. In 1.6.0, the 32-bit instructions of the ARMv8 (AARCH64) architecture are emulated, but 64-bit instructions are unsupported.

The Xilinx Cortex A9-based Zynq SoC is modelled, with the following elements:
 * Zynq-7000 ARM Cortex-A9 CPU
 * Zynq-7000 ARM Cortex-A9 MPCore
 * Triple Timer Counter
 * DDR Memory Controller
 * DMA Controller (PL330)
 * Static Memory Controller (NAND/NOR Flash)
 * SD/SDIO Peripheral Controller (SDHCI)
 * Zynq Gigabit Ethernet Controller
 * USB Controller (EHCI - Host support only)
 * Zynq UART Controller
 * SPI and QSPI Controllers
 * I2C Controller

SPARC
QEMU has support for both 32- and 64-bit architectures.

When the firmware in the (sun4m-Architecture) became version 0.8.1 Proll, a  replacement used in version 0.8.2, was replaced with.

SPARC32
QEMU emulates the following  peripherals:
 * IOMMU or IO-UNITs
 * TCX Frame buffer (graphics card)
 * Non-volatile RAM
 * Slave I/O: timers, interrupt controllers, serial ports, keyboard and power/reset logic
 * ESP SCSI controller with hard disk and CD-ROM support
 * Floppy drive (not on SS-600MP)
 * CS4231 sound device (only on SS-5, not working yet)
 * CS4231 sound device (only on SS-5, not working yet)

SPARC64
Emulating (UltraSPARC PC-like machine),  (T1 PC-like machine), or generic  (T1) machine with the following peripherals:
 * APB PCI Bridge
 * PCI VGA-compatible card with VESA Bochs Extensions
 * PS/2 mouse and keyboard
 * Non-volatile RAM M48T59
 * PC-compatible serial ports
 * 2 PCI IDE interfaces with hard disk and CD-ROM support
 * Floppy disk

MicroBlaze
Supported peripherals:
 * with/without MMU, including
 * AXI Timer and Interrupt controller peripherals
 * AXI External Memory Controller
 * AXI DMA Controller
 * Xilinx AXI Ethernet
 * AXI Ethernet Lite
 * AXI UART 16650 and UARTLite
 * AXI SPI Controller

LatticeMico32
Supported peripherals: From the SoC
 * UART
 * VGA
 * Memory card
 * Ethernet
 * pfu
 * timer

External patches
External trees exist, supporting the following targets:
 * emulating a
 * HP