CPU emulation

x86 and x86-64 emulation

QEMU x86 target features:

  • The virtual x86 CPU supports 16 bit and 32 bit addressing with segmentation. LDT/GDT and IDT are emulated. VM86 mode is also supported to run DOSEMU. There is some support for MMX/3DNow!, SSE, SSE2, SSE3, SSSE3, and SSE4 as well as x86-64 SVM.
  • Support of host page sizes bigger than 4KB in user mode emulation.
  • QEMU can emulate itself on x86.
  • An extensive Linux x86 CPU test program is included tests/test-i386. It can be used to test other x86 virtual CPUs.

Current QEMU limitations:

  • Limited x86-64 support.
  • IPC syscalls are missing.
  • The x86 segment limits and access rights are not tested at every memory access (yet). Hopefully, very few OSes seem to rely on that for normal use.

ARM emulation

  • Full ARM 7 user emulation.
  • NWFPE FPU support included in user Linux emulation.
  • Can run most ARM Linux binaries.

MIPS emulation

  • The system emulation allows full MIPS32/MIPS64 Release 2 emulation, including privileged instructions, FPU and MMU, in both little and big endian modes.
  • The Linux userland emulation can run many 32 bit MIPS Linux binaries.

Current QEMU limitations:

  • Self-modifying code is not always handled correctly.
  • 64 bit userland emulation is not implemented.
  • The system emulation is not complete enough to run real firmware.
  • The watchpoint debug facility is not implemented.

PowerPC emulation

  • Full PowerPC 32 bit emulation, including privileged instructions, FPU and MMU.
  • Can run most PowerPC Linux binaries.

Sparc32 and Sparc64 emulation

  • Full SPARC V8 emulation, including privileged instructions, FPU and MMU. SPARC V9 emulation includes most privileged and VIS instructions, FPU and I/D MMU. Alignment is fully enforced.
  • Can run most 32-bit SPARC Linux binaries, SPARC32PLUS Linux binaries and some 64-bit SPARC Linux binaries.

Current QEMU limitations:

  • IPC syscalls are missing.
  • Floating point exception support is buggy.
  • Atomic instructions are not correctly implemented.
  • There are still some problems with Sparc64 emulators.

Xtensa emulation

  • Core Xtensa ISA emulation, including most options: code density, loop, extended L32R, 16- and 32-bit multiplication, 32-bit division, MAC16, miscellaneous operations, boolean, FP coprocessor, coprocessor context, debug, multiprocessor synchronization, conditional store, exceptions, relocatable vectors, unaligned exception, interrupts (including high priority and timer), hardware alignment, region protection, region translation, MMU, windowed registers, thread pointer, processor ID.
  • Not implemented options: data/instruction cache (including cache prefetch and locking), XLMI, processor interface. Also options not covered by the core ISA (e.g. FLIX, wide branches) are not implemented.
  • Can run most Xtensa Linux binaries.
  • New core configuration that requires no additional instructions may be created from overlay with minimal amount of hand-written code.