Comprehensive Guide to QEMU: Architecture, Installation, and Core Components

QEMU (Quick EMUlator) is an open‑source virtual machine monitor and emulator that can simulate multiple hardware platforms such as x86, ARM, and PowerPC, and is widely used in virtualization, embedded development, and system emulation.

As a VMM, QEMU runs multiple VMs on a single host, supports many operating systems, and as an emulator it translates binary code of different architectures to enable cross‑platform development and testing.

Installation on Debian‑based systems can be performed with sudo apt-get install qemu , or by downloading the source tarball (e.g., $ wget http://wiki.qemu-project.org/download/qemu-2.0.0.tar.bz2 $ tar xjvf qemu-2.0.0.tar.bz2 ) and configuring it with options such as $ ./configure --enable-kvm --enable-debug --enable-vnc --enable-werror --target-list="x86_64-softmmu" or user‑mode options.

The ./configure --help command lists all available options; key flags include --enable-kvm (KVM support), --enable-vnc , --enable-werror , and --target-list to limit compiled architectures.

After compilation ( $ make -j8 $ sudo make install ) QEMU provides several executables such as qemu-system-x86_64 , qemu-img , qemu-io , qemu-ga , and ivshmem-client/server .

Creating a VM image uses qemu-img create -f qcow2 test-vm-1.qcow2 10G ; the image can be started with qemu-system-x86_64 test-vm-1.qcow2 or with additional options for memory and KVM acceleration, e.g., qemu-system-x86_64 -m 2048 -enable-kvm test-vm-1.qcow2 -cdrom ./Centos-Desktop-x86_64-20-1.iso .

QEMU’s internal structure consists of key source files such as /vl.c (main simulation loop), /target-arch/translate.c (guest‑to‑TCG translation), /tcg/tcg.c (TCG core), /tcg/arch/tcg-target.c (host code generation), and /cpu-exec.c (execution of translation blocks).

TCG (Tiny Code Generator) performs dynamic binary translation: guest code is turned into intermediate TCG opcodes, which are then compiled into host machine code. Translation blocks (TBs) are cached and linked via a TB chain to avoid repeated recompilation.

Interaction with KVM is performed through a series of ioctl calls. The KVM creation flow starts with kvm_init() in /vl.c , followed by VCPU creation and the frequent KVM_RUN ioctl that hands control between the kernel and QEMU. Interrupt injection uses KVM_IRQ_LINE .

Memory management in QEMU is handled through command‑line parameters like -m [size=]megs[,slots=n,maxmem=size] , which allow hot‑plug of DIMM slots. Core data structures include PCDIMMDevice , HostMemoryBackend , and RAMBlock , all defined in QEMU’s object model (QOM). The AddressSpace and MemoryRegion structures map guest memory to host RAM, support I/O mapping, and enable dirty‑page tracking for live migration and graphics updates.