compiler: string-wall slice 3 — string_sub (runtime-length copy) (#569)

## Phase F slice 3 — variable-string backend wall (runtime-length copy)

Third slice of the **variable-string backend** wall
(`proposals/MIGRATION-PLAN.adoc` §"The two walls"). Follows slice 1
(read-side indexing, #567) and slice 2 (single-byte construction, #568).
Adds the wasm-backend lowering for `string_sub`, which introduces the
**two capabilities the rest of the string wall needs**: a
*runtime-sized* heap allocation and a *byte-copy loop* — both modelled
on the existing list `++` lowering (the canonical allocate-then-copy
idiom in `lib/codegen.ml`).

`string_sub` was already wired in resolve/typecheck/interp but fell
through `gen_call`'s dispatch (`UnboundVariable` at codegen).

### The lowering (`lib/codegen.ml`)

Reproduces the interp clamps exactly:

```
slen    = String.length s
start'  = max 0 (min start slen)
length' = max 0 (min length (slen - start'))
```

then:
1. **Runtime-sized** allocation: `dst = heap; heap += 4 + length'` (the
bump allocator with a runtime byte count, exactly as list `++` allocates
`4 + (la+lb)*4`).
2. Store `length'` at `[dst+0]`.
3. **Copy loop**: `Block [ Loop [ k>=length' ? break; dst[4+k] =
src[4+start'+k]; k++; continue ] ]`, byte-wise via
`I32Load8U`/`I32Store8` — the same `Block`/`Loop`/`BrIf 1`/`Br 0` idiom
as the list-`++` element copy, with a 1-byte stride.

`min`/`max` use `Select` over the operand pair (operands are
locals/constants with no side effects, so evaluating both arms is safe —
unlike slice 1's bounds-guarded load, which needed `If`). All clamps are
non-negative, so no negative addresses are formed; `length' == 0` exits
the loop immediately and yields the empty string.

### Parity (wasm vs interp oracle) — 8/8

`scca` = `string_char_code_at` (the slice-1 reader):

| Expression | interp | wasm |
|---|---|---|
| `scca(string_sub("hello",1,3), 0)` ('e') | 101 | 101 |
| `scca(string_sub("hello",1,3), 2)` ('l') | 108 | 108 |
| `string_length(string_sub("hello",1,3))` | 3 | 3 |
| `string_length(string_sub("hello",0,5))` (full) | 5 | 5 |
| `string_length(string_sub("hello",2,100))` (clamp length) | 3 | 3 |
| `string_length(string_sub("hello",10,3))` (clamp start) | 0 | 0 |
| `scca(string_sub("hello",-1,2), 0)` (neg start → 0, 'h') | 104 | 104 |
| `string_length(string_sub("hello",1,0))` (zero length) | 0 | 0 |

### Tests

- `test/test_e2e.ml` group **"E2E String-wall slice 3 (string_sub)"** —
eight interp-oracle cases (extraction, length, length-clamp,
start-clamp, negative-start, zero-length). Runs under `dune runtest`.
The interp consumer coverage mandated by `.claude/CLAUDE.md`
§"Test-fixture hygiene".
- `tests/codegen/string_sub.affine` +
`tests/codegen/test_string_sub.mjs` — executable wasm parity via
`tools/run_codegen_wasm_tests.sh` (CI).

Local verification: full `run_codegen_wasm_tests.sh` green (all three
string harnesses, slices 1+2+3, pass; no sibling regressions); interp
oracle confirmed against the real library API; wasm executed under Node.
`dune runtest` couldn't run in-sandbox (no `alcotest`), but the new
tests' logic + API usage was validated against the real `affinescript`
library.

### Scope

Runtime alloc + copy loop are now established string primitives. Next
slices reuse them: concat (`++`/`string_concat`, two copy loops),
`string_find` (read-side scan, no alloc), case-fold
(copy-with-transform), and the polymorphic `slice` (needs compile-time
array-vs-string dispatch).

Evidence: `proposals/EVIDENCE-stringwall-slice3.adoc`.

https://claude.ai/code/session_01WoKhFQePiRsAj7aqnxbG8s

---
_Generated by [Claude
Code](https://claude.ai/code/session_01WoKhFQePiRsAj7aqnxbG8s)_

Co-authored-by: Claude <noreply@anthropic.com>

Author: hyperpolymath

lib/codegen.ml

@@ -981,6 +981,72 @@ let rec gen_expr (ctx : context) (expr : expr) : (context * instr list) result =
         in
         Ok (ctx_v, code)
 
+      | ExprVar id when id.name = "string_sub"
+                        && List.length args = 3 ->
+        (* PHASE-F string-wall slice 3: the runtime-length copy op.
+           `string_sub(s, start, length)` returns the substring of `length`
+           bytes from `start`, with both clamped to the source — matching the
+           interp oracle (lib/interp.ml):
+             slen   = len s
+             start' = max 0 (min start slen)
+             length'= max 0 (min length (slen - start'))
+           This introduces the two capabilities the rest of the string wall
+           needs: a *runtime-sized* heap allocation (4 + length' bytes) and a
+           *byte-copy loop*, both modelled on the list `++` lowering (the
+           canonical allocate-then-copy idiom in this file). `min`/`max` use
+           `Select` over the operand pair (no side effects). *)
+        let* (ctx1, s_code)     = gen_expr ctx  (List.nth args 0) in
+        let* (ctx2, start_code) = gen_expr ctx1 (List.nth args 1) in
+        let* (ctx3, len_code)   = gen_expr ctx2 (List.nth args 2) in
+        let (ctx4, heap_idx) = ensure_heap_ptr ctx3 in
+        let (c5,  src)   = alloc_local ctx4 "__ssub_src"   in
+        let (c6,  slen)  = alloc_local c5   "__ssub_slen"  in
+        let (c7,  start_) = alloc_local c6  "__ssub_start" in
+        let (c8,  len_)  = alloc_local c7   "__ssub_len"   in
+        let (c9,  dst)   = alloc_local c8   "__ssub_dst"   in
+        let (c10, k)     = alloc_local c9   "__ssub_k"     in
+        let (c11, tmp)   = alloc_local c10  "__ssub_tmp"   in
+        (* min(a,b) via Select: stack [a; b; a<b] -> a<b ? a : b *)
+        let imin_into a_get b_get dst_local =
+          a_get @ b_get @ a_get @ b_get @ [ I32LtS; Select; LocalSet dst_local ] in
+        (* max(x, 0) via Select: stack [x; 0; x>0] -> x>0 ? x : 0 *)
+        let imax0_into x_get dst_local =
+          x_get @ [ I32Const 0l ] @ x_get @ [ I32Const 0l; I32GtS; Select; LocalSet dst_local ] in
+        let code =
+          s_code @ [LocalSet src] @
+          start_code @ [LocalSet start_] @   (* start_ temporarily = raw start *)
+          len_code @ [LocalSet len_] @       (* len_ temporarily = raw length *)
+          (* slen = src[0] *)
+          [ LocalGet src; I32Load (2, 0); LocalSet slen ] @
+          (* start' = max(0, min(raw_start, slen)) *)
+          imin_into [LocalGet start_] [LocalGet slen] tmp @
+          imax0_into [LocalGet tmp] start_ @
+          (* length' = max(0, min(raw_length, slen - start')) *)
+          imin_into [LocalGet len_]
+                    [LocalGet slen; LocalGet start_; I32Sub] tmp @
+          imax0_into [LocalGet tmp] len_ @
+          (* dst = heap; heap += 4 + length' *)
+          [ GlobalGet heap_idx; LocalSet dst;
+            GlobalGet heap_idx; I32Const 4l; LocalGet len_; I32Add; I32Add;
+            GlobalSet heap_idx;
+            (* dst[0] = length' *)
+            LocalGet dst; LocalGet len_; I32Store (2, 0) ] @
+          (* copy loop: for k in 0..length': dst[4+k] = src[4 + start' + k] *)
+          [ I32Const 0l; LocalSet k;
+            Block (BtEmpty, [ Loop (BtEmpty, [
+              LocalGet k; LocalGet len_; I32GeS; BrIf 1;
+              (* dst slot address (store uses static +4): dst + k *)
+              LocalGet dst; LocalGet k; I32Add;
+              (* source byte (load uses static +4): src + start' + k *)
+              LocalGet src; LocalGet start_; I32Add; LocalGet k; I32Add;
+              I32Load8U (0, 4);
+              I32Store8 (0, 4);
+              LocalGet k; I32Const 1l; I32Add; LocalSet k;
+              Br 0 ]) ]) ] @
+          [ LocalGet dst ]
+        in
+        Ok (c11, code)
+
       | ExprVar id when (id.name = "env_at" || id.name = "arg_at")
                         && List.length args = 1 ->
         (* ADR-015 S5 (#180): env_at(i) / arg_at(i) — fetch the i-th

proposals/EVIDENCE-stringwall-slice3.adoc

@@ -0,0 +1,140 @@
+// SPDX-License-Identifier: MPL-2.0
+// SPDX-FileCopyrightText: 2025-2026 hyperpolymath
+= Phase F — string-wall slice 3: string_sub (evidence)
+:toc: macro
+
+[IMPORTANT]
+====
+*Slice landed: the runtime-length copy op.* `string_sub(s, start, length)` —
+already wired in resolve/typecheck/interp — gained a wasm-backend lowering
+that introduces the two capabilities the rest of the string wall needs: a
+*runtime-sized* heap allocation and a *byte-copy loop*. Both are modelled on
+the existing list `++` lowering (the canonical allocate-then-copy idiom in
+`lib/codegen.ml`).
+
+Third slice of the *variable-string backend* wall
+(`proposals/MIGRATION-PLAN.adoc` §"The two walls", Phase F). With runtime
+allocation + copy now in hand, the remaining write-side ops (concat, case-fold)
+and the read-side scans (`startsWith`, `string_find`) reuse these idioms.
+====
+
+toc::[]
+
+== What was missing
+
+[cols="2,1,1,1,1",options="header"]
+|===
+| Builtin | resolve.ml | typecheck.ml | interp.ml | codegen.ml (wasm)
+| `string_char_code_at` / `char_to_int` | ✓ | ✓ | ✓ | ✓ (slice 1)
+| `string_from_char_code` | ✓ | ✓ | ✓ | ✓ (slice 2)
+| `string_sub` | ✓ | ✓ | ✓ | *was missing -> added*
+|===
+
+Before this slice it failed at codegen:
+
+----
+Code generation error: (Codegen.UnboundVariable
+   "Function or variable not found: string_sub")
+----
+
+== The lowering (lib/codegen.ml)
+
+Interp oracle (lib/interp.ml):
+
+----
+slen    = String.length s
+start'  = max 0 (min start slen)
+length' = max 0 (min length (slen - start'))
+String.sub s start' length'
+----
+
+The wasm lowering, on the `[len: i32 LE][utf8]` ABI:
+
+. Evaluate `s` (-> base pointer), `start`, `length`; load `slen` from `[src+0]`.
+. Clamp: `start' = max(0, min(start, slen))`, then
+  `length' = max(0, min(length, slen - start'))`. `min`/`max` use `Select`
+  over the operand pair (the operands are locals/constants — no side effects,
+  so evaluating both arms is safe, unlike the bounds-guarded load in slice 1).
+. *Runtime-sized* allocation: `dst = heap; heap += 4 + length'` — the bump
+  allocator (`ensure_heap_ptr`) with a runtime byte count, exactly as list
+  `++` allocates `4 + (la+lb)*4`.
+. Store `length'` at `[dst+0]`.
+. *Copy loop* (`Block [ Loop [ k>=length' ? break; dst[4+k] = src[4+start'+k];
+  k++; continue ] ]`), byte-wise via `I32Load8U` / `I32Store8`. Same
+  `Block`/`Loop`/`BrIf 1`/`Br 0` idiom as the list-`++` element copy, with a
+  1-byte stride instead of 4.
+. Return `dst`.
+
+All clamps are non-negative (`max 0`), so no negative addresses are formed.
+`length' = 0` exits the loop immediately and yields the empty string.
+
+== Gate evidence
+
+=== Gate 1 — builds
+
+`dune build bin/main.exe` exit 0. The previously-failing op now compiles and
+round-trips with the slice-1 reader.
+
+=== Gate 2 — parity (wasm vs interpreter oracle)
+
+Same inputs through both backends agree across normal extraction, both
+clamps, negative start, and zero length. Interp oracle confirmed against the
+real library API; wasm executed under Node.
+
+[cols="4,1,1",options="header"]
+|===
+| Expression | interp | wasm
+| `scca(string_sub("hello",1,3), 0)` ('e') | 101 | 101
+| `scca(string_sub("hello",1,3), 2)` ('l') | 108 | 108
+| `string_length(string_sub("hello",1,3))` | 3 | 3
+| `string_length(string_sub("hello",0,5))` (full) | 5 | 5
+| `string_length(string_sub("hello",2,100))` (clamp length) | 3 | 3
+| `string_length(string_sub("hello",10,3))` (clamp start) | 0 | 0
+| `scca(string_sub("hello",-1,2), 0)` (neg start -> 0, 'h') | 104 | 104
+| `string_length(string_sub("hello",1,0))` (zero length) | 0 | 0
+|===
+
+(`scca` = `string_char_code_at`, the slice-1 reader.)
+
+The packed fixture `tests/codegen/string_sub.affine` returns `6843501`
+(positional pack of three round-tripped bytes + four length probes); both
+backends produce it.
+
+== Tests added
+
+* `test/test_e2e.ml` — group *"E2E String-wall slice 3 (string_sub)"*: eight
+  interp-oracle cases (extraction, length, length-clamp, start-clamp,
+  negative-start, zero-length). Runs under `dune runtest`. The interp consumer
+  coverage mandated by `.claude/CLAUDE.md` §"Test-fixture hygiene".
+* `tests/codegen/string_sub.affine` + `tests/codegen/test_string_sub.mjs` —
+  executable wasm parity, run by `tools/run_codegen_wasm_tests.sh` (CI).
+
+Full `tools/run_codegen_wasm_tests.sh` run: *all* codegen WASM tests pass
+(slices 1, 2, and 3 string harnesses), no sibling regressions.
+
+== Corpus impact
+
+The runtime-length allocation + byte-copy loop are now established string
+primitives. This unblocks substring extraction directly, and gives the next
+slices their building blocks:
+
+* *Concatenation* (`++` on strings, `string_concat`) — allocate
+  `4 + la + lb`, copy both byte ranges (two copy loops, like list `++`).
+* *Case-folding* (`to_lowercase` / `to_uppercase`) — allocate `4 + slen`,
+  copy with a per-byte transform in the loop body.
+* *Scans* (`startsWith`, `string_find`) — comparison loops over slice-1
+  indexing; no allocation.
+
+== Next slices (variable-string backend wall)
+
+. *Concatenation* — `string_concat` / `++` on strings (two copy loops into a
+  `4 + la + lb` allocation).
+. *Scans* — `string_find` (substring search returning an index), the read-side
+  loop with no allocation.
+. *Case-folding* — `to_lowercase` / `to_uppercase` (copy-with-transform).
+. *`slice`* — the polymorphic (array|string) JS-semantics variant with
+  negative-index normalisation; needs compile-time array-vs-string dispatch.
+
+Each slice: add the codegen arm, an interp-parity e2e group, and a
+`tests/codegen/*.mjs` executable check, then re-run the census and drop the
+gated count.

proposals/MIGRATION-PLAN.adoc

@@ -39,10 +39,11 @@ toc::[]
 == The two walls (what ultimately gates "CLEAR")
 
 . *Variable-string backend* — `String.length`, read-side *indexing*
-  (`string_char_code_at` / `char_to_int`, slice 1) and single-byte
-  *construction* (`string_from_char_code`, slice 2) now lower to wasm (Phase F,
-  see Ledger); `startsWith` / `string_sub` / `slice` / concat / case-fold
-  (the *runtime-length* ops) do not yet. Gates every STRING-GATED kernel (e.g.
+  (`string_char_code_at` / `char_to_int`, slice 1), single-byte *construction*
+  (`string_from_char_code`, slice 2), and *runtime-length substring*
+  (`string_sub` — runtime-sized alloc + byte-copy loop, slice 3) now lower to
+  wasm (Phase F, see Ledger); concat / `++` / `string_find` / case-fold /
+  polymorphic `slice` do not yet. Gates every STRING-GATED kernel (e.g.
   `Kernel_IO`, `DeviceType`, i18n) whose work is building/transforming strings
   rather than scanning them. Lives in *this* repo's compiler, so it is
   attackable here.
@@ -206,7 +207,8 @@ Heuristic:
 | C12 | DONE | Render-glue screens/PixiJS bindings (2026-06-05) — *classified, NO_NEW_BRAINS.* All 43 files are host-side senses. *12 bridge files* wrap already-live wasm brains (companionsrenderlogic, devicesrenderlogic, enemiesrenderlogic, toolspickupsrenderlogic, playerrenderlogic, narrativepopupsrenderlogic, balanceanalyser, locationdata, screenglitchfx, screensrunlooplogic, uirenderlogic, verisimprovenrenderlogic). *23 screen/popup files* are effect-gated PixiJS rendering orchestrators (GameI18n string calls, Motion.animate, mutable refs, Navigation APIs). *4 binding files* (Motion, Pixi, PixiSound, PixiUI) are pure `external` FFI declarations wrapping host-side JS libraries. *Phase Ω cluster sequence (C11→C9→C10→C12) complete.* Genuine compiler gates remain: string wall (71 corpus files — `[len:i32][utf8]` layout already in `codegen.ml:375`, only ops missing), effect wall (111 corpus files). Evidence: `migrated/EVIDENCE-C12.adoc`.
 | F (string slice 1) | DONE | String-wall slice 1 — *read-side indexing landed in the wasm backend* (2026-06-12, Opus). `string_char_code_at(s, i)` + `char_to_int(c)` (already wired in resolve/typecheck/interp) gained wasm lowerings on the `[len: i32 LE][utf8]` ABI: byte `i` at `base + 4 + i`, bounds-guarded `If` load, `-1` OOB sentinel shared with the interp oracle; `char_to_int` is the i32 identity. A previously STRING-GATED shape (byte indexing into a literal) now *compiles to wasm and parity-greens* vs the interpreter. *Gates:* G1 builds; G2 parity 7/7 (interp oracle vs wasm: 65/66/67/-1/-1/-1/90); type safety preserved (`char_to_int(65)` still a Char/Int error). Tests: `test/test_e2e.ml` group "E2E String-wall slice 1 (indexing)" (interp, `dune runtest`) + `tests/codegen/string_char_code_at.{affine,…mjs}` (executable wasm parity, full `run_codegen_wasm_tests.sh` green, no regressions). Evidence: `proposals/EVIDENCE-stringwall-slice1.adoc`. Unblocks the *indexing/scan* family; allocation-returning string ops (`string_from_char_code`/`string_sub`/`slice`/concat/case-fold) are later slices. NEXT: allocation-returning ABI (`gen_string_alloc` + `string_from_char_code`).
 | F (string slice 2) | DONE | String-wall slice 2 — *write-side ABI landed in the wasm backend* (2026-06-12, Opus). `string_from_char_code(n)` (already wired in resolve/typecheck/interp) gained a wasm lowering: bump-allocate `[len: i32 LE = 1][byte]` where the byte is the low 8 bits of `n` (`I32Store8` does the `land 0xff` mask itself, incl. negatives). First heap-allocating string op; reuses the existing `gen_heap_alloc` bump allocator (no new memory machinery). *Gates:* G1 builds; G2 parity 8/8 (interp vs wasm over masking/NUL/255/256/-1/320/length/OOB-after-construction); round-trips with slice-1's reader. Tests: `test/test_e2e.ml` group "E2E String-wall slice 2 (string_from_char_code)" (interp, `dune runtest`) + `tests/codegen/string_from_char_code.{affine,…mjs}` (executable wasm parity; full `run_codegen_wasm_tests.sh` green, no regressions). Evidence: `proposals/EVIDENCE-stringwall-slice2.adoc`. Read+write byte primitives now both present. NEXT: runtime-length allocation ABI for `string_sub`/`slice` (slice 3).
-| F+ | TODO | Remaining string-wall slices (runtime-length alloc ABI -> `string_sub`/`slice` -> `startsWith`/`string_find` -> concat/case-fold), then the effect-codegen wall (module-state / `Date.now` / `Console.log`). *Cluster migration complete; string slices 1+2 landed (read+write byte primitives).*
+| F (string slice 3) | DONE | String-wall slice 3 — *runtime-length copy op landed in the wasm backend* (2026-06-12, Opus). `string_sub(s, start, length)` (already wired in resolve/typecheck/interp) gained a wasm lowering introducing the two capabilities the rest of the wall needs: a *runtime-sized* heap allocation (`heap += 4 + length'`) and a *byte-copy loop* (`Block`/`Loop`/`BrIf`/`Br`, `I32Load8U`/`I32Store8`), both modelled on the list `++` allocate-then-copy idiom. Interp clamps reproduced exactly: `start' = max 0 (min start slen)`, `length' = max 0 (min length (slen - start'))` (`min`/`max` via `Select`). *Gates:* G1 builds; G2 parity 8/8 (interp vs wasm over extraction/length/clamp-length/clamp-start/negative-start/zero-length); round-trips with slice-1's reader. Tests: `test/test_e2e.ml` group "E2E String-wall slice 3 (string_sub)" (interp, `dune runtest`) + `tests/codegen/string_sub.{affine,…mjs}` (executable wasm parity; full `run_codegen_wasm_tests.sh` green, no regressions). Evidence: `proposals/EVIDENCE-stringwall-slice3.adoc`. Runtime alloc + copy loop now established. NEXT: concat/`string_find`/case-fold (slice 4) reuse these idioms.
+| F+ | TODO | Remaining string-wall slices (concat/`++` -> `string_find` scan -> case-fold -> polymorphic `slice`), then the effect-codegen wall (module-state / `Date.now` / `Console.log`). *Cluster migration complete; string slices 1+2+3 landed (read + single-byte write + runtime-length copy).*
 | Ω | TODO (access-gated) | Cutover + ReScript extinction.
 |===
 

test/test_e2e.ml

@@ -3786,6 +3786,58 @@ let stringwall_alloc_tests = [
   Alcotest.test_case "index past 1-byte string == -1" `Quick test_stringwall_sfcc_oob;
 ]
 
+(* ---- PHASE-F string-wall slice 3: string_sub ----
+
+   `string_sub(s, start, length)` gained a wasm-backend lowering: a
+   runtime-sized heap allocation plus a byte-copy loop, with the interp's
+   clamp semantics (lib/interp.ml: start' = max 0 (min start slen);
+   length' = max 0 (min length (slen - start'))). These pin the interp oracle
+   the wasm lowering must reproduce; the result is read back via the slice-1
+   reader string_char_code_at and via string_length. *)
+
+let test_stringwall_sub_byte0 () =
+  Alcotest.(check int) "sub(\"hello\",1,3)[0] == 'e'" 101
+    (eval_int_fn "fn f() -> Int { string_char_code_at(string_sub(\"hello\", 1, 3), 0) }")
+
+let test_stringwall_sub_byte2 () =
+  Alcotest.(check int) "sub(\"hello\",1,3)[2] == 'l'" 108
+    (eval_int_fn "fn f() -> Int { string_char_code_at(string_sub(\"hello\", 1, 3), 2) }")
+
+let test_stringwall_sub_len () =
+  Alcotest.(check int) "string_length(sub(\"hello\",1,3)) == 3" 3
+    (eval_int_fn "fn f() -> Int { string_length(string_sub(\"hello\", 1, 3)) }")
+
+let test_stringwall_sub_full () =
+  Alcotest.(check int) "string_length(sub(\"hello\",0,5)) == 5" 5
+    (eval_int_fn "fn f() -> Int { string_length(string_sub(\"hello\", 0, 5)) }")
+
+let test_stringwall_sub_clamp_len () =
+  Alcotest.(check int) "length clamped to slen-start' == 3" 3
+    (eval_int_fn "fn f() -> Int { string_length(string_sub(\"hello\", 2, 100)) }")
+
+let test_stringwall_sub_clamp_start () =
+  Alcotest.(check int) "start past end -> empty (len 0)" 0
+    (eval_int_fn "fn f() -> Int { string_length(string_sub(\"hello\", 10, 3)) }")
+
+let test_stringwall_sub_neg_start () =
+  Alcotest.(check int) "negative start clamps to 0 -> 'h'" 104
+    (eval_int_fn "fn f() -> Int { string_char_code_at(string_sub(\"hello\", -1, 2), 0) }")
+
+let test_stringwall_sub_zero_len () =
+  Alcotest.(check int) "zero length -> empty (len 0)" 0
+    (eval_int_fn "fn f() -> Int { string_length(string_sub(\"hello\", 1, 0)) }")
+
+let stringwall_sub_tests = [
+  Alcotest.test_case "sub(\"hello\",1,3)[0] == 101" `Quick test_stringwall_sub_byte0;
+  Alcotest.test_case "sub(\"hello\",1,3)[2] == 108" `Quick test_stringwall_sub_byte2;
+  Alcotest.test_case "len sub(\"hello\",1,3) == 3" `Quick test_stringwall_sub_len;
+  Alcotest.test_case "len sub full == 5" `Quick test_stringwall_sub_full;
+  Alcotest.test_case "length clamp == 3" `Quick test_stringwall_sub_clamp_len;
+  Alcotest.test_case "start clamp -> 0" `Quick test_stringwall_sub_clamp_start;
+  Alcotest.test_case "neg start -> 'h'" `Quick test_stringwall_sub_neg_start;
+  Alcotest.test_case "zero length -> 0" `Quick test_stringwall_sub_zero_len;
+]
+
 (* ---- STDLIB-04b: Throws extern `error<T>` (Refs #329) ----
 
    `error<T>(msg: String) -> T / Throws` was declared in
@@ -4895,6 +4947,7 @@ let tests =
     ("E2E STDLIB-04e Pure #332", stdlib_04e_pure_tests);
     ("E2E String-wall slice 1 (indexing)", stringwall_index_tests);
     ("E2E String-wall slice 2 (string_from_char_code)", stringwall_alloc_tests);
+    ("E2E String-wall slice 3 (string_sub)", stringwall_sub_tests);
     ("E2E STDLIB-04b error #329", stdlib_04b_error_tests);
     ("E2E Vscode Bindings",      vscode_bindings_tests);
     ("E2E Array Type Sugar",     array_type_tests);