# In-Class Exercise 11: QEMU-User

In this exercise, we will look at QEMU's user-mode emulation.

1. Install `qemu-user-static` (or a similar package from your distribution) or use the following steps:

    wget http://ftp.de.debian.org/debian/pool/main/q/qemu/qemu-user-static_5.2+dfsg-11+deb11u2_amd64.deb
    ar p qemu-user-static_5.2+dfsg-11+deb11u2_amd64.deb data.tar.xz | tar -xJ --strip-components=3 ./usr/bin/qemu-x86_64-static

2. Make sure that the emulation works: `qemu-x86_64-static /bin/ls`

3. Look at the debugging options (`qemu-x86_64-static -d help`). Run a command with `-d in_asm,out_asm` and analyze the output. Try to map the emitted instructions to the original instructions and find out where registers are stored.

4. Look for some instructions that modify flags (e.g., shl, and, add, sub, cmp, test). How are flags stored? How are flags used by, e.g., conditional jumps?

5. Run once with `-d nochain,out_asm` and once with `-d out_asm` and compare the results. How does the possibility of chaining affect the results?

6. QEMU internally uses TCG as code representation. You can enable TCG dumping with `-d op` and also dump the code after optimizations with `-d op_opt`. Why doesn't the optimizer do cross-guest-instruction optimizations?