. Call-by-push-value is a new paradigm that subsumes the call-by-name and call-by-value paradigms, in the following sense: both operational and denotational semantics for those paradigms can be seen as arising, via translations that we will provide, from similar semantics for call-by-push-value. To explain call-by-push-value, we first discuss general operational ideas, especially the distinction between values and computations, using the principle that "a value is, a computation does". Using an example program, we see that the lambda-calculus primitives can be understood as push/pop commands for an operand-stack. We provide operational and denotational semantics for a range of computational effects and show their agreement. We hence obtain semantics for call-by-name and call-by-value, of which some are familiar, some are new and some were known but previously appeared mysterious. 1 Introduction 1.1 Contribution In his invited lecture at POPL '98 [32], Reynolds, surveying over 30 year...

Storing state in the client tier (in forms or cookies, for example) improves the efficiency of a web application, but it also renders the secrecy and integrity of stored data vulnerable to untrustworthy clients. We study this general problem in the context of the LINKS multi-tier programming language. Like other systems, LINKS stores unencrypted application data, including web continuations, on the client tier; hence, LINKS is open to attacks that expose secrets, and modify control flow and application data. We characterise these attacks as failures of the general principle that security properties of multi-tier applications should follow from review of the source code (as opposed to the detailed study of the files compiled for each tier, for example). We eliminate these threats by augmenting the LINKS compiler to encrypt and authenticate any data stored on the client. We model this compilation strategy as a translation from a core fragment of the language to a concurrent λ-calculus equipped with a formal representation of cryptography. To formalize source-level reasoning about LINKS programs, we define a type-and-effect system for our core language; our implementation can machine-check various integrity properties of the source code. By appeal to a recent system of refinement types for secure implementations, we show that our compilation strategy guarantees all the properties provable by our type-and-effect system.

provide a formal but intuitive way of presenting and reasoning about programs, which is widely used in practice, although in an informal or semi-formal fashion. In this thesis, we investigate categorical models of programming languages based on a graphical presentation. In the first part, we use a graphical presentation of processes to motivate a categorical model of processes which provides process types and constructors similar to those available in categories of graphs. The model is parametrised on a base category of processes, and may therefore be used to model a variety of process calculi or languages. We present a concrete instance of this model, based on the process calculus CCS, and show that it arises as a syntactic category of an extension of the base calculus. In the second part of the thesis, we use a graphical semantics due to Jeffrey to model and prove correct a step in the compilation of higher-order functional programming languages: closure conversion -- a program tra