It has been stated to the Board that not all the conversions were protected because a maximum
workload target of 80% had been set for the SRI computer. To determine the vulnerability of
unprotected code, an analysis was performed on every operation which could give rise to an
exception, including an Operand Error. In particular, the conversion of floating point values to
integers was analysed and operations involving seven variables were at risk of leading to an
Operand Error. This led to protection being added to four of the variables, evidence of which
appears in the Ada code. However, three of the variables were left unprotected. No reference to
justification of this decision was found directly in the source code. Given the large amount of
documentation associated with any industrial application, the assumption, although agreed, was
essentially obscured, though not deliberately, from any external review.
(Section 2.2 COMMENTS ON THE FAILURE SCENARIO, paragraph 2)