QEMU
Original author(s) | Fabrice Bellard |
---|---|
Developer(s) | QEMU team: Anthony Liguori, Paul Brook, et al. |
Stable release | 1.0.1[1]
/ February 17, 2012 |
Repository | |
Operating system | Cross-platform |
Type | Emulator |
License | GNU GPL version 2 |
Website | http://www.qemu.org/ |
QEMU stands for "Quick EMUlator" and is a processor emulator that relies on dynamic binary translation to achieve a reasonable speed while being easy to port to new host CPU architectures.
In conjunction with CPU emulation, it also provides a set of device models, allowing it to run a variety of unmodified guest operating systems; it can thus be viewed as a hosted virtual machine monitor. It also provides an accelerated mode for supporting a mixture of binary translation (for kernel code) and native execution (for user code), in the same fashion as VMware Workstation and VirtualBox. QEMU can also be used purely for CPU emulation for user level processes, allowing applications compiled for one architecture to be run on another.
Licensing
QEMU was written by Fabrice Bellard and is free software. Various parts are released under different GNU General Public License version 2-compatible licenses. These include the GNU Lesser General Public License (GNU LGPL) or permissive licenses such as the BSD license.[2] There is an option to use the proprietary FMOD library when running on Windows, which, if used, disqualifies the use of a single open source software license. However, the default is to use DirectSound.
Details
QEMU has two operating modes:[3]
- User mode emulation
- In this mode QEMU runs single Linux or Darwin/Mac OS X programs that were compiled for a different CPU. System calls are thunked for endianness and for 32/64 bit mismatches. Fast cross-compilation and cross-debugging are the main targets for user-mode emulation.
- Computer emulation
- In this mode QEMU emulates a full computer system, including peripherals. It can be used to provide virtual hosting of several virtual computers on a single computer. QEMU can boot many guest operating systems, including Linux, Solaris, Microsoft Windows, DOS, and BSD [1]; it supports emulating several hardware platforms, including x86, x86-64, ARM, ETRAX CRIS, MIPS, MicroBlaze, PowerPC and SPARC.
Features
QEMU can save and restore the state of the virtual machine with all programs running. Guest operating systems do not need to be patched to run safely under QEMU.
QEMU supports the emulation of various architectures, including IA-32 (x86) PCs, x86-64 PCs, MIPS R4000, Sun's SPARC sun4m, Sun's SPARC sun4u, ARM development boards (Integrator/CP and Versatile/PB), SH4 SHIX board, PowerPC (PReP and Power Macintosh), ETRAX CRIS and MicroBlaze architectures. The QEMU homepage provides a complete list of supported architectures.
The virtual machine can interface with many types of physical host hardware. Some of these are: hard disks, CD-ROM drives, network cards, audio interfaces, and USB devices. USB devices can be completely emulated (mass storage from image files, input devices), or the host's USB devices can be used (however, this requires administrator privileges and does not work with all devices).
Virtual hard disk images can be stored in a special format (qcow or qcow2) that only take up disk space that the guest OS actually uses. This way, an emulated 120 GB disk can occupy only several hundred megabytes on the host. The QCOW2 format also allows the creation of overlay images that record the difference from another base image file which is not modified. This provides the possibility for reverting the emulated disk's contents to an earlier state. For example, a base image could hold a fresh install of an operating system that is known to work, and the overlay images are used. Should the guest system become unusable (virus attack, accidental system destruction, ...), the overlay can be deleted and an earlier emulated disk image version recreated.
QEMU can emulate network cards (of different models) which share the host system's connectivity by doing network address translation, effectively allowing the guest to use the same network as the host. The virtual network cards can also be connected to network cards of other instances of QEMU or local TAP interfaces. Network connectivity can also be achieved by bridging a TUN/TAP interface used by QEMU with a non-virtual Ethernet interface on the host OS using the host OS's bridging features.
It also has some features that are not present in many emulators. QEMU integrates several services to allow the host and guest systems to communicate, for example, an integrated SMB server and network port redirection (to allow incoming connections to the virtual machine). It can also boot Linux kernels without a bootloader.
QEMU does not depend on the presence of graphical output methods on the host system. Instead, it can allow one to access the screen of the guest OS via an integrated VNC server. It can also use an emulated serial line, without any screen, with applicable operating systems.
Simulating multiple CPUs that can be used like a real SMP system is possible.
Unlike some other emulators, QEMU does not require administrative rights to run, except if additional kernel modules for improving speed are used (like KQEMU), or when some modes of its network connectivity model are utilized.
Tiny Code Generator
The Tiny Code Generator (TCG) aims to remove the shortcoming of relying on a particular version of GCC or any compiler, instead incorporating the compiler (code generator) into other tasks performed by QEMU at run time. The whole translation task thus consists of two parts: blocks of target code (TBs) being rewritten in TCG ops - a kind of machine-independent intermediate notation, and subsequently this notation being compiled for the host's architecture by TCG. Optional optimisation passes are performed between them.
TCG requires that there be dedicated code written to support every architecture it is being run on. It also requires that the target instruction translation be rewritten to take advantage of TCG ops, instead of the previously used dyngen ops.
Starting with QEMU Version 0.10.0, TCG ships with the QEMU stable release.[4]
Accelerator
KQEMU was a Linux kernel module, also written by Fabrice Bellard, which notably sped up emulation of x86 or x86-64 guests on platforms with the same CPU architecture. This was accomplished by running user mode code (and optionally some kernel code) directly on the host computer's CPU, and by using processor and peripheral emulation only for kernel mode and real mode code.
Unlike KVM, for example, KQEMU could execute code from many guest OSes even if the host CPU did not support hardware virtualization.
KQEMU was initially a closed-source product available free of charge, but as of version 1.3.0pre10,[5] it was relicensed under the GNU General Public License.
QEMU versions starting with 0.12.0 (as of August 2009[update]) support large memory which makes them incompatible with KQEMU.[6] Newer releases of QEMU have completely removed support for KQEMU.
QVM86 was a drop-in replacement for the then closed-source KQEMU, licensed under GNU GPLv2 license. The developers of QVM86 ceased development in January, 2007.
Hardware-assisted emulation
The MIPS-compatible Loongson-3 processor adds 200 new instructions to help QEMU translate x86 instructions; those new instructions lower the overhead of executing x86/CISC-style instructions in the MIPS pipeline. With additional improvements in QEMU by the Chinese Academy of Sciences, Loongson-3 achieves an average of 70% the performance of executing native binaries while running x86 binaries from nine benchmarks.[7]
Parallel emulation
Virtualization solutions that use QEMU are able to execute multiple virtual CPUs in parallel. QEMU is also able to run multiple threads in user-mode emulation mode.
For full system emulation, QEMU uses a single thread to emulate all the virtual CPUs and hardware. COREMU[8] is a patch to QEMU to break this limitation. Each core uses a separate instance of QEMU binary translation engine, with a thin library layer to handle the inter-core and device communication and synchronization.
Integration in other virtualization solutions
VirtualBox
In January 2007, VirtualBox was released. It uses some of QEMU's virtual hardware devices and has a built-in dynamic recompiler that is based on QEMU. As with KQEMU, it runs nearly all guest code natively on the host via the VMM (Virtual Machine Manager), and uses the recompiler only for special situations as a fallback mechanism (this holds true for guest code that executes in real mode and some other rare scenarios at runtime).[9] In addition, VirtualBox goes through a lot of code analysis and patching via a built-in disassembler to reduce usage of the recompiler to a minimum. VirtualBox is open-source software under the GPL, except for a number of enterprise features, and standard user features like USB 2.0.
Xen-HVM
The Xen virtual machine monitor can run in HVM (hardware virtual machine) mode, using Intel VT-x or AMD-V hardware x86 virtualization extensions. This means that instead of paravirtualized devices, a real set of virtual hardware is exposed to the domU to use real device drivers to talk to.
QEMU includes several components: CPU emulators, emulated devices, generic devices, machine descriptions, user interface, and a debugger. The emulated devices and generic devices in QEMU make up its device models for I/O virtualization.[10] They comprise a PIIX3 IDE (with some rudimentary PIIX4 capabilities), Cirrus Logic or plain VGA emulated video, RTL8139 or E1000 network emulation, and ACPI support.[11] APIC support is provided by Xen.
Xen-HVM has device emulation based on the QEMU project to provide I/O virtualization to the VMs. Hardware is emulated via a QEMU "device model" daemon running as a backend in dom0. Unlike other QEMU running modes (dynamic translation or KVM), virtual CPUs are completely managed to the hypervisor, which takes care of stopping them while QEMU is emulating memory-mapped I/O accesses.
KVM
KVM (Kernel Virtual Machine) is a Linux kernel module that allows a user space program access to the hardware virtualization features of various processors, with which QEMU is able to offer virtualization for x86, PowerPC, and S/390 guests. When the target architecture is the same as the host architecture, QEMU can make use of KVM particular features, such as acceleration.
Win4Lin Pro Desktop
In early 2005, Win4Lin introduced Win4Lin Pro Desktop, based on a 'tuned' version of QEMU and KQEMU and it hosts NT-versions of Windows. In June 2006,[12] Win4Lin released Win4Lin Virtual Desktop Server based on the same code base. Win4Lin Virtual Desktop Server serves Microsoft Windows sessions to thin clients from a Linux server.
In September 2006, Win4Lin announced a change of the company name to Virtual Bridges with the release of Win4BSD Pro Desktop, a port of the product to FreeBSD and PC-BSD. Solaris support followed in May 2007 with the release of Win4Solaris Pro Desktop and Win4Solaris Virtual Desktop Server.[13]
SerialICE
SerialICE is a QEMU-based firmware debugging tool running system firmware inside of QEMU while accessing real hardware through a serial connection to a host system. This can be used as a cheap replacement for hardware ICEs.[14]
Shortcomings
This section needs additional citations for verification. (September 2008) |
- Incomplete support for less frequently-used architectures
- As of 2011[update] only supports the traditional BIOS boot model for the guest OSes, no UEFI boot model support yet on x86-64 systems
- Few special device drivers (graphics, sound, I/O) for guests are available, thus there is quite a large overhead for multimedia applications. For example, a Cirrus Logic graphics chip and various popular sound cards (ES1370, Sound Blaster 16, Gravis Ultrasound and AdLib) are emulated, but they do not take advantage of hardware acceleration on the host system. Recently a virtual video device compatible with the VMWare video driver has been added; however, it does not support any scaled video or 3D features.
- QEMU only supports SDL or Cocoa libraries for video output, in addition to VNC for networked operation.
- Runs significantly slower than alternatives on PCs that lack hardware CPU virtualization.
Emulated hardware platforms
x86
Besides the CPU, the following devices are emulated:
- CD-ROM/DVD-drive using an ISO image
- Floppy disk
- Graphics card (Cirrus CLGD 5446 PCI VGA-card or Standard-VGA graphics card with Bochs-VESA-BIOS-Extensions - Hardware level, including all non-standard modes, and an experimental patch that can accelerate simple 3D graphics via OpenGL)
- Network card (RealTek 8139C+ PCI-Network adapter)
- Parallel port
- PC speaker
- Two PCI-ATA-interfaces with a maximum of four hard disk drive images either in QEMU's own format or in VMware-, VirtualPC-, Bochs-, Knoppix- (cloop) or dd- (raw) format.
- PCI and ISA-system (i440FX host PCI bridge and PIIX3 PCI to ISA bridge)
- PS/2-mouse and -keyboard
- Serial interface
- Sound card (Sound Blaster 16, ES1370 PCI, Gravis Ultrasound, and/or Intel HD Audio[15])
- Watchdog timer (Intel 6300 ESB PCI, or iB700 ISA)
- USB-controller (Intel SB82371, UHCI)
The BIOS implementation used by QEMU starting from version 0.12 is SeaBIOS. The VGA BIOS implementation comes from Plex86/Bochs.
PowerPC
On the PowerPC target, Open Hack'Ware, an Open-Firmware-compatible BIOS, is used.
PowerMac
QEMU emulates the following PowerMac peripherals:
- UniNorth PCI Bridge
- PCI-VGA-compatible Graphics card which maps the VESA Bochs Extensions
- Two PMAC-IDE-Interfaces with hard disk and CD-ROM support.
- NE2000 PCI adapter
- Non-volatile RAM
- VIA-CUDA with ADB keyboard and mouse.
PREP
QEMU emulates the following PREP peripherals:
- PCI bridge
- PCI VGA-compatible graphics card with VESA Bochs Extensions
- Two IDE interfaces with hard disk and CD-ROM support
- Floppy disk drive
- NE2000 network adapter
- Serial interface
- PREP non-volatile RAM
- PC-compatible keyboard and mouse
ARM
QEMU emulates the ARMv5TEJ instruction set and all the derivative processors families like ARM7, ARM9E, ARM10E and XScale. It emulates full systems like Integrator/CP board, Versatile baseboard, RealView Emulation baseboard, XScale-based PDAs, Palm Tungsten|E PDA, Nokia N800 and Nokia N810 internet tablets etc. QEMU also powers the Android emulator which is part of the Android SDK (most current Android implementations are ARM based). Under development is iEmu, emulator of Apple's iPhone. Starting from version 2.0.0 of their BADA SDK, Samsung has also chosen QEMU to help development on emulated 'Wave' devices.
SPARC
Sun SPARC-Architecture = (Scalable Processor ARChitecture)
When the BIOS in the JavaStation (sun4m-Architecture) became Version 0.8.1 Proll,[16] a PROM replacement used in Version 0.8.2, was replaced with OpenBIOS.
Sparc32
QEMU emulates the following sun4m/sun4c/sun4d peripherals:
- IOMMU or IO-UNITs
- TCX Frame buffer (graphics card)
- Lance (Am7990) Ethernet
- Non-volatile RAM M48T02/M48T08
- Slave I/O: timers, interrupt controllers, Zilog serial ports, keyboard and power/reset logic
- ESP SCSI controller with hard disk and CD-ROM support
- Floppy drive (not on SS-600MP)
- CS4231 sound device (only on SS-5, not working yet)
Sparc64
Emulating Sun4u (UltraSPARC PC-like machine), Sun4v (T1 PC-like machine), or generic Niagara (T1) machine with the following peripherals:
- UltraSparc IIi APB PCI Bridge
- PCI VGA compatible card with VESA Bochs Extensions
- PS/2 mouse and keyboard
- Non-volatile RAM M48T59
- PC-compatible serial ports
- 2 PCI IDE interfaces with hard disk and CD-ROM support
- Floppy disk
MicroBlaze
Supported peripherals:
- MicroBlaze with/without MMU
- timer
- intc
- uartlite
- emaclite
LatticeMico32
Supported peripherals:
From the Milkymist SoC
- uart
- vga
- memory card
- ethernet
- pfu
- timer
CRIS
This section is empty. You can help by adding to it. (January 2011) |
External patches
External trees exist supporting the following targets:
- Zilog Z80[17] emulating a Sinclair 48K ZX Spectrum
- HP PA-RISC[18]
See also
- qcow - qcow and qcow2 disc image formats
- Comparison of platform virtual machines
- Emulator
- iEmulator - shareware PC emulator for PowerPC and Intel Macs
- Mtools - MS-DOS disc manipulation tools
- Q (emulator) - Mac OS X port of QEMU
- SPIM - MIPS processor simulator
- GXemul - a BSD licensed alternative
References
- ^ "ChangeLog - QEMU". Retrieved 2012-02-19.
- ^ QEMU license
- ^ QEMU Internals
- ^ QEMU 0.10.0 release announcement
- ^ "KQEMU 1.3.0pre10 released - under the GPL [LWN.net]". Lwn.net. February 6, 2007. Retrieved 2009-01-03.
- ^ Anthony Liguori (10 August 2009). "[Qemu-devel] [PATCH 1/2] Unbreak large mem support by removing kqemu". Retrieved 2010-03-11.
- ^ "Godson-3: A Scalable Multicore RISC Processor with x86 Emulation". IEEE. Retrieved 2009-04-16.
- ^ COREMU project page on sourceforge
- ^ VirtualBox's Developer FAQ
- ^ Solaris Operating System Hardware Virtualization Product Architecture
- ^ Demystifying Xen HVM
- ^ win4lin VDS announcement
- ^ Win4Solaris announcement
- ^ SerialICE web page
- ^ "ChangeLog/0.14". Retrieved 2011-08-08.
- ^ "Zaitcev's Linux". 090427 people.redhat.com
- ^ "QEMU Z80 Target". 090506 homepage.ntlworld.com
- ^ "QEMU links". 090506 nongnu.org
External links
- Official website
- Systems emulation with QEMU an IBM developerWorks article by M. Tim Jones
- QVM86 project page
- Debian on an emulated ARM machine
- Fedora ARM port emulation with QEMU
- The Wikibook "QEMU and KVM" (in German, or computer translated to English)
- QEMU on Windows
- Microblaze emulation with QEMU
- QEMU speed comparison
- UnifiedSessionsManager - An unofficial QEMU/KVM configuration file definition
- Unofficial mailing list for qemu users
- Couverture, a code coverage project based on QEMU