Surely the easiest way to analyze this is by getting the source code and running a large number of tests... Fencer? I suggest making at least the random number generating code available so others can analyze properly. Either it isn't a defect and can be proved, or it is and can be fixed.