[swegg]

Basically splitting the trusted circuit and testing the parts separately. This requires a trusted master circuit, but it can be arbitrarily small.

See https://perso.uclouvain.be/fstandae/PUBLIS/177.pdf

[amelius]

But what if the malicious code is time activated? (just an example)

[swegg]

This is actually addressed in the paper. Basically you can use testing to detect the timebomb, up to a negligible probability.

This paper is approachable, it's understandable without too much background if you're interested in the topic.