Assume I have a very high profile contract holding a lot of funds. it is deployed a few times and being used on main-net. always with solc runs set to 200.
now I am considering to set it to 1 million or so. and possibly save some gas.
how to test byte code is still safe?
The best thing I found was the recommendation to have rigourous (all code paths) end to end tests for your contracts in the post on a previous optimizer bug:
https://blog.ethereum.org/2019/03/26/solidity-optimizer-and-abiencoderv2-bug/
For developers – bugs within the Solidity compiler are difficult to detect with tools like vulnerability detectors, since tools which operate on source code or AST-representations do not detect flaws that are introduced only into the compiled bytecode.
The best way to protect against these types of flaws is to have a rigorous set of end-to-end tests for your contracts (verifying all code paths), since bugs in a compiler very likely are not “silent” and instead manifest in invalid data.