QEMU

[Google Scholar]

Notes: TCG IR, ISA specification
Papers:

rev.ng reverse engineering tool, S2E verifier, TCG (Tiny Code Generator) intermediate representation

BinRec: Dynamic binary lifting and recompilation [altinay:eurosys:2020]
Rev.Ng: A unified binary analysis framework to recover CFGs and function boundaries [difederico:cc:2017]

The opinions expressed are my own views and not my employer’s.