This patch series is split from the original "Enable QEMU to run on
browsers" series, focusing solely on introducing a TCG backend for
WebAssembly. This implemention is based on the latest master which already
includes the essential changes required to compile QEMU (in 32bit TCI mode)
using Emscripten.

# New TCG Backend for Browsers

A new TCG backend translates IR instructions into Wasm instructions and runs
them using the browser's WebAssembly APIs (WebAssembly.Module and
WebAssembly.instantiate). To minimize compilation overhead and avoid hitting
the browser's limitation of the number of instances, this backend integrates
a forked TCI. TBs run on TCI by default, with frequently executed TBs
compiled into WebAssembly.

# Workaround for Running 64bit Guests

The current implementation uses Wasm's 32bit memory model. This series
explores supporting TCG 64bit instructions while relying on SoftMMU for
address translation. To enable 64bit guest support in Wasm today, it was
necessary to partially revert recent changes that removed support for 64bit
guests on 32bit hosts (e.g. commits a70af12addd9060fdf8f3dbd42b42e3072c3914f
and bf455ec50b6fea15b4d2493059365bf94c706273) when compiling with
Emscripten. The reverting is partial and addresses only pointer width
differences between hosts and guests since the Wasm backend supports 64bit
word operations. While this serves as a temporary workaround, a long-term
solution could involve migrating to Wasm's 64bit memory model once it gains
broader support, as it is currently not widely adopted (e.g. unsupported by
Safari and libffi).

# Overview of build process

This section provides an overview of the build process for compiling QEMU
using Emscripten. Full instructions are available in the sample
repository[1].

To compile QEMU with Emscripten, the following dependencies are required.
The emsdk-wasm32-cross.docker environment includes all necessary components
and can be used as the build environment:

- Emscripten SDK (emsdk) v3.1.50
- Libraries cross-compiled with Emscripten (refer to
  emsdk-wasm32-cross.docker for build steps)
  - GLib v2.84.0
  - zlib v1.3.1
  - libffi v3.4.7
  - Pixman v0.44.2

QEMU can be compiled using Emscripten's emconfigure and emmake, which
automatically set environment variables such as CC for targeting Emscripten.

emconfigure configure --static --disable-tools --target-list=x86_64-softmmu
emmake make -j$(nproc)

This process generates the following files:

- qemu-system-x86_64.js
- qemu-system-x86_64.wasm
- qemu-system-x86_64.worker.js

Guest images can be packaged using Emscripten's file_packager.py tool.
For example, if the images are stored in a directory named "pack", the
following command packages them, allowing QEMU to access them through
Emscripten's virtual filesystem:

/path/to/file_packager.py qemu-system-x86_64.data --preload pack > load.js

This process generates the following files:

- qemu-system-x86_64.data
- load.js

Emscripten allows passing arguments to the QEMU command via the Module
object in JavaScript:

Module['arguments'] = [
    '-nographic', '-m', '512M', '-accel', 'tcg,tb-size=500',
    '-L', 'pack/',
    '-drive', 'if=virtio,format=raw,file=pack/rootfs.bin',
    '-kernel', 'pack/bzImage',
    '-append', 'earlyprintk=ttyS0 console=ttyS0 root=/dev/vda loglevel=7',
];

The sample repository[1] provides a complete setup, including an HTML file
that implements a terminal UI.

[1] https://github.com/ktock/qemu-wasm-sample

# Additional references

- A talk at FOSDEM 2025:
  https://fosdem.org/2025/schedule/event/fosdem-2025-6290-running-qemu-inside-browser/
- Demo page on GitHub Pages: https://ktock.github.io/qemu-wasm-demo/

Kohei Tokunaga (33):
  tcg: Fork TCI for wasm32 backend
  tcg/wasm32: Do not use TCI disassembler in Wasm backend
  meson: Enable to build wasm backend
  tcg/wasm32: Set TCG_TARGET_INSN_UNIT_SIZE to 1
  tcg/wasm32: Add and/or/xor instructions
  tcg/wasm32: Add add/sub/mul instructions
  tcg/wasm32: Add shl/shr/sar instructions
  tcg/wasm32: Add setcond/negsetcond/movcond instructions
  tcg/wasm32: Add deposit/sextract/extract instrcutions
  tcg/wasm32: Add load and store instructions
  tcg/wasm32: Add mov/movi instructions
  tcg/wasm32: Add ext instructions
  tcg/wasm32: Add bswap instructions
  tcg/wasm32: Add rem/div instructions
  tcg/wasm32: Add andc/orc/eqv/nand/nor instructions
  tcg/wasm32: Add neg/not/ctpop instructions
  tcg/wasm32: Add rot/clz/ctz instructions
  tcg/wasm32: Add addc/subb instructions
  tcg/wasm32: Add br/brcond instructions
  tcg/wasm32: Add exit_tb/goto_tb/goto_ptr instructions
  tcg/wasm32: Add call instruction
  tcg/wasm32: Add qemu_ld/qemu_st instructions
  include/exec: Allow using 64bit guest addresses on emscripten
  tcg/wasm32: Set TCG_TARGET_REG_BITS to 64
  tcg/wasm32: Set mulu2/muls2 as unimplemented
  tcg/wasm32: Add initialization of fundamental registers
  tcg/wasm32: Write wasm binary to TB
  tcg/wasm32: Implement instantiation of Wasm binary
  tcg/wasm32: Allow Asyncify unwinding from TB
  tcg/wasm32: Enable instantiation of TBs executed many times
  tcg/wasm32: Enable TLB lookup
  meson: Propagate optimization flag for linking on Emscripten
  .gitlab-ci.d: build wasm backend in CI

 .gitlab-ci.d/buildtest.yml       |    2 +-
 MAINTAINERS                      |    7 +
 accel/tcg/cputlb.c               |    8 +-
 include/accel/tcg/getpc.h        |    2 +-
 include/exec/helper-head.h.inc   |    6 +
 include/exec/tlb-common.h        |   14 +-
 include/exec/vaddr.h             |   11 +
 include/qemu/atomic.h            |    4 +
 include/tcg/helper-info.h        |    4 +-
 include/tcg/tcg.h                |    6 +-
 meson.build                      |   16 +-
 tcg/aarch64/tcg-target.c.inc     |   11 +
 tcg/arm/tcg-target.c.inc         |   11 +
 tcg/i386/tcg-target.c.inc        |   11 +
 tcg/loongarch64/tcg-target.c.inc |   11 +
 tcg/meson.build                  |    5 +
 tcg/mips/tcg-target.c.inc        |   11 +
 tcg/ppc/tcg-target.c.inc         |   11 +
 tcg/region.c                     |   10 +-
 tcg/riscv/tcg-target.c.inc       |   11 +
 tcg/s390x/tcg-target.c.inc       |   11 +
 tcg/sparc64/tcg-target.c.inc     |   11 +
 tcg/tcg.c                        |   23 +-
 tcg/tci/tcg-target.c.inc         |   11 +
 tcg/wasm32.c                     | 1096 ++++++++
 tcg/wasm32.h                     |  119 +
 tcg/wasm32/tcg-target-con-set.h  |   21 +
 tcg/wasm32/tcg-target-con-str.h  |   11 +
 tcg/wasm32/tcg-target-has.h      |   22 +
 tcg/wasm32/tcg-target-mo.h       |   17 +
 tcg/wasm32/tcg-target-opc.h.inc  |   15 +
 tcg/wasm32/tcg-target-reg-bits.h |   12 +
 tcg/wasm32/tcg-target.c.inc      | 3985 ++++++++++++++++++++++++++++++
 tcg/wasm32/tcg-target.h          |   76 +
 34 files changed, 5569 insertions(+), 33 deletions(-)
 create mode 100644 tcg/wasm32.c
 create mode 100644 tcg/wasm32.h
 create mode 100644 tcg/wasm32/tcg-target-con-set.h
 create mode 100644 tcg/wasm32/tcg-target-con-str.h
 create mode 100644 tcg/wasm32/tcg-target-has.h
 create mode 100644 tcg/wasm32/tcg-target-mo.h
 create mode 100644 tcg/wasm32/tcg-target-opc.h.inc
 create mode 100644 tcg/wasm32/tcg-target-reg-bits.h
 create mode 100644 tcg/wasm32/tcg-target.c.inc
 create mode 100644 tcg/wasm32/tcg-target.h

-- 
2.43.0