TCG: 0.986
register: 0.933
mistranslation: 0.906
device: 0.847
kernel: 0.844
peripherals: 0.819
ppc: 0.766
network: 0.707
socket: 0.673
vnc: 0.671
arm: 0.667
architecture: 0.583
semantic: 0.560
risc-v: 0.549
PID: 0.540
graphic: 0.534
permissions: 0.523
i386: 0.472
boot: 0.431
debug: 0.428
files: 0.424
x86: 0.420
performance: 0.328
virtual: 0.304
hypervisor: 0.279
KVM: 0.256
VMM: 0.218
user-level: 0.180
assembly: 0.173
--------------------
TCG: 0.941
register: 0.858
hypervisor: 0.146
kernel: 0.139
files: 0.043
x86: 0.039
arm: 0.028
virtual: 0.027
architecture: 0.007
i386: 0.007
assembly: 0.005
ppc: 0.005
device: 0.005
user-level: 0.004
debug: 0.004
semantic: 0.003
KVM: 0.003
VMM: 0.002
boot: 0.002
performance: 0.002
risc-v: 0.002
peripherals: 0.002
permissions: 0.001
PID: 0.001
graphic: 0.001
network: 0.001
vnc: 0.000
socket: 0.000
mistranslation: 0.000

Allow TCG plugins to read registers
Additional information:
- `include/qemu/plugin.h`
- `include/qemu/qemu-plugin.h`

PANDA implemented this already but it is not a very clean solution:
- https://github.com/panda-re/qemu/commit/b97c5a56edd0ba3b5f6ab16bf531ac1f7abaac04 (mentioned in QPP patch series: https://lore.kernel.org/qemu-devel/20221213213757.4123265-1-fasano@mit.edu/)

I personally think the flag for the TB translation and execution callbacks makes more sense