An In‑Depth Overview of QEMU: Architecture, Installation, Usage, and Application Scenarios

1. Introduction to QEMU

QEMU (Quick Emulator) is an open‑source virtual machine monitor first released in 2003 by Fabrice Bellard. It can emulate complete hardware (CPU, memory, disks, network cards, etc.) allowing multiple virtual machines to run on a single physical host, each with its own operating system.

QEMU supports many processor architectures (x86, ARM, PowerPC, SPARC, …), making it useful for server virtualization, embedded development, testing, and cloud computing.

1.1 QEMU Overview

QEMU provides a generic emulator and virtualization tool. It can run different guest OSes on a host by translating guest instructions to host instructions, either via full system emulation or user‑mode emulation.

Installation on Debian‑based systems can be done with:

sudo apt-get install qemu

Or by building from source:

$ wget http://wiki.qemu-project.org/download/qemu-2.0.0.tar.bz2
$ tar xjvf qemu-2.0.0.tar.bz2

Configure and compile (example for x86_64 soft‑mmu):

$ cd qemu-2.0.0
$ ./configure --enable-kvm --enable-debug --enable-vnc --enable-werror --target-list="x86_64-softmmu"
$ make -j8
$ sudo make install

Key QEMU binaries include qemu-system-x86_64 , qemu-img , qemu-io , ivshmem-client/server , and qemu-ga .

1.2 Common Commands and Examples

Create a 20 GB qcow2 disk image:

qemu-img create -f qcow2 myvm.qcow2 20G

Start a VM with 2 GB RAM and a Windows 10 ISO:

qemu-system-x86_64 -m 2048 -cdrom /path/to/windows10.iso -drive file=myvm.qcow2,format=qcow2

Manage VM execution (pause, continue, power‑down) via the QEMU monitor (Ctrl‑Alt‑2).

2. QEMU Working Principle

QEMU creates a separate process for each VM; each virtual CPU (vCPU) runs in a thread. For performance it can use KVM or Xen to execute guest code directly on the host CPU.

open("/dev/kvm")
ioctl(KVM_CREATE_VM)
ioctl(KVM_CREATE_VCPU)
while (1) {
    ioctl(KVM_RUN)
    switch (exit_reason) {
        case KVM_EXIT_IO:  /* … */
        case KVM_EXIT_HLT: /* … */
    }
}

Memory of the guest is mapped into QEMU’s address space; device I/O is simulated in user space and written to host files.

2.1 System Architecture

QEMU consists of a user‑space part (device models, command‑line interface, VMM) and a kernel‑space part (KVM). The user‑space parses commands, creates virtual devices, and interacts with the KVM driver via ioctl calls.

2.2 Dynamic Binary Translation (TCG)

QEMU’s core virtualization technique is Tiny Code Generator (TCG). Guest instructions are fetched, translated to an intermediate representation (IR), optimized, and finally emitted as host instructions.

gen_intermediate_code() → translate.c → disas_insn() → tcg_gen_code()

Generated host code is cached in Translation Blocks (TB) and executed directly, reducing the overhead of repeated translation.

2.3 Creating and Running a VM

Typical workflow: create a disk image with qemu-img , then start the VM with qemu-system-ARCH . Example for a 10 GB qcow2 image and a Linux ISO:

qemu-img create -f qcow2 test-vm-1.qcow2 10G
qemu-system-x86_64 -m 2048 -enable-kvm test-vm-1.qcow2 -cdrom ./Centos-Desktop-x86_64-20-1.iso

3. Application Scenarios

3.1 Development and Testing

Developers can test software on multiple OSes and architectures without needing physical hardware, e.g., running Windows, Linux, or macOS guests on a single host.

3.2 Cloud Computing and Data Centers

Combined with KVM, QEMU provides the virtualization backbone for many cloud platforms, enabling efficient resource sharing, isolation, and dynamic scaling.

3.3 Education and Research

QEMU offers students a safe environment to experiment with different operating systems, hardware configurations, and research topics such as CPU architecture or security mechanisms.

4. QEMU Source Code Structure

Key directories and files:

/vl.c : main simulation loop and VM initialization.

/target-arch/translate.c : translates guest code to TCG ops.

/tcg/tcg.c : core TCG implementation.

/tcg/arch/tcg-target.c : generates host code from TCG.

/cpu-exec.c : finds or generates Translation Blocks.

Execution flow: main_loop() → cpu_exec_all() → cpu_exec() → tb_find_fast() → tcg_qemu_tb_exec() .

5. Memory Management

QEMU command‑line option -m [size=]megs[,slots=n,maxmem=size] defines guest RAM size, maximum memory, and DIMM slots, enabling hot‑plug of memory modules.

Memory is represented by RAMBlock structures (host‑side) linked to MemoryRegion objects (guest‑side). Dirty‑page tracking is used for live migration and graphics updates.

6. Comparison with Other Hypervisors

6.1 QEMU vs KVM

KVM provides hardware‑assisted virtualization inside the Linux kernel; QEMU supplies the device models. Together they deliver near‑native performance (via KVM) and extensive device emulation (via QEMU).

6.2 QEMU vs libvirt

QEMU is the low‑level emulator; libvirt is a higher‑level management API that uses XML definitions and tools like virsh or virt‑manager to control QEMU/KVM instances.

7. Advantages of Using QEMU

7.1 Flexibility and Customisation

Users can configure CPU count, memory, disk type, network, and adjust resources at runtime without restarting the VM.

7.2 Broad Hardware and OS Support

Supports x86, ARM, PowerPC, MIPS, RISC‑V, and runs Windows, Linux, macOS, BSD, etc.

7.3 Strong Community and Ecosystem

Active open‑source community, extensive documentation, and integration with projects such as KVM, libvirt, OpenStack.