How do you identify bottlenecks, security flaws, and anti-patterns in existing code during a code review?