Some of the "bugs" it picks up are cases of defensive programming, such as checking for a NULL pointer even though the NULL pointer is impossible, given the functioning of routines that are being called. What should the policy be on such bugs - should we remove the unnecessary check or keep the extra-defensive code?