FAQ

Why is my execution so slow?

Typically, it’s due to

• Instrumenting every instruction executed.
• Instrumenting every memory access.

Optimize your program with less instrumentation.

Why do I get a wrong PC after emulation stops?

PC is only guaranteed to be correct if you install any hooks.

I get an “Unhandled CPU Exception”, why?

Unicorn is a pure CPU emulator and usually it’s due to no handler registered for instructions like syscall and SVC. If you expect system emulation, you probably would like qiling framework.

Unicorn fails to emulate ARM instructions, why?

Firstly, please check whether you are emulating a THUMB insturtion. If so, please use UC_MODE_THUMB and make sure the starting address is odd. If it’s not the case, it might be some newer instruction sets that qemu5 doesn’t support.

If you are still using Unicorn1, please upgrade to Unicorn2 for better support.

How to emulate interrupts (or ticks) with Unicorn?

As stated, Unicorn is a pure CPU emulator. For such emulation, you have two choices:

• Use the timeout parameter of uc_emu_start
• Use the count parameter of uc_emu_start

After emulation stops, you may check anything you feel interested and resume emulation accordingly.

Note that for cortex-m exec_return, Unicorn has a magic software exception with interrupt number 8. You may register a hook to handle that.

Why not keep up the upstream qemu?

To provide end users with simple API, Unicorn does lots of dirty hacks within qemu code which prevents it from sync painlessly.

Is there anyway to disable softmmu to speed up execution?

Yes, it’s possible but that is not Unicorn’s goal and there is no simple switch in qemu to disable softmmu.

I'd like to make contributions, where do I start?

See TODO and coding convention.

Which qemu version is Unicorn based on?

Prior to 2.0.0, Unicorn is based on qemu 2.2.1. After that, Unicorn is based on qemu 5.0.1.