KVM Forum 2025

QEMU is an extremely useful tool during testing and development of new architectures, yet adding support for new targets is error prone and incurs a significant entry cost in terms of learning QEMU internals. Especially so when keeping up with an evolving ISA specification.

We present our methodology for rapidly implementing and testing Qualcomms qc_iu set of RISC V extensions, in the absence of a compiler toolchain. As a first step, C++ code and later LLVM IR was produced from instruction definitions provided by riscv-unified-db. Secondly, the LLVM based helper-to-tcg tool was used to generate TCG implementations for 143/172 instructions. Usage of helper-to-tcg enables a emulator-in-the-loop process of designing instruction set extensions, good for rapid prototyping, validation and design space exploration

Automatic generation of per-instruction tests covering memory operations, branches, and corner cases, was accomplished with the LLVM IR based symbolic execution engine KLEE. All in all, 289 tests were generated covering 143 instructions, for each version of the ISA specification. This proved incredibly useful in finding bugs in the original instruction definitions.

This is a follow up to our 2023 KVM forum talk, where we successfully applied helper-to-tcg to the Hexagon frontend. Since then, the tool has evolved significantly, allowing it to be applied in more general settings.