2025-09-05 –, Room 1
Historically, QEMU has supported two distinct methods for timekeeping: traditional wall-clock time and instruction counting via the icount mode. While icount enables deterministic simulation by advancing time based on the number of instructions executed, it comes with notable limitations. Chief among them is the loss of multithreaded execution — icount disables MTTCG, forcing QEMU to run all CPUs on a single thread. This drastically reduces simulation speed and introduces ambiguity when interpreting instruction counts across multiple CPUs.
The fundamental problem is this: icount provides a raw instruction count across all CPUs, not on a per-CPU basis. Until now, there’s been no way to derive meaningful time metrics from icount in a multi-core context (whether multithreaded or not).
A New Approach: TCG Plugin API to the Rescue
Enter the new TCG plugin API. While QEMU ships with a basic example of instruction-based timing using this API, it oversimplifies the problem. This talk introduces a more advanced, practical approach that uses the TCG plugin API to redefine QEMU's time model for better realism and scalability.
Key Mechanism: Independent Per-CPU Time and Global Time Coordination
The proposed mechanism leverages two key features of the TCG plugin API:
- Scoreboards: To track execution progress across CPUs
- Timeouts: To trigger plugin callbacks after a CPU executes a certain number of instructions
Each virtual CPU (vCPU) maintains its own local clock, which increments based on:
- A configured instruction rate (insn_per_second)
- The number of instructions it executes (quantum_insn)
Meanwhile, the global QEMU time is coordinated through a concept called the active token. The vCPU holding the active token is responsible for advancing global time. As vCPUs hit their instruction quantum (end_of_quantum) or go idle, they update their local clocks. If the active token goes idle, the plugin designates the next most active vCPU to take over time progression.
Advantages of This Model
- Realistic Instruction-Based Timing: Time progresses according to the activity of the most active vCPU, not a summed instruction count.
- Multithreaded Support: Each vCPU can be treated independently, maintaining MTTCG compatibility.
- Idle-Aware Timekeeping: Idle vCPUs are excluded from time advancement. If all CPUs go idle, the system smoothly reverts to wall-clock time.
- Modular and Extendable: Implemented as a plugin (icount_plugin), this mechanism cleanly integrates into QEMU without core architectural changes.
Staff Software Engineer at Qualcomm - member of Qbox team (https://github.com/quic/qbox)