> If that's the case, you could also add your check to
> memory_region_section_get_iotlb.  Search for PHYS_SECTION_WATCH,
> watch_mem_ops and io_mem_watch, and do the same for your new special
> case.  This is where QEMU decides between using the slow path or the
> fast path.
> 
> However this will not catch instruction fetches.  How to do that depends
> on the details of what you are doing.  In particular, if you need to
> trap on _all_ instruction fetches and not just the first, it's likely
> that QEMU is not the best project to base your changes on.  A simulator
> would be more appropriate.
> 
Hi, Paolo. I need more time to review and debug relevant code. It will be a time-consuming process. I appreciate your suggestions. Thank you very much.
-Kaiyuan Liang