As in, a practical example where this would be helpful.
1. Sign any message:
Input script: "<sigS>"
Output script: "<sigR> OP_SWAP OP_CAT <pubkey> OP_CHECKSIG"
Execution:
<sigS> <sigR> OP_SWAP
<sigR> <sigS> OP_CAT
<signature> <pubkey> OP_CHECKSIG
OP_TRUE
2. Proof of Work to move coins:
Input script: "<message> <tailHash>"
Output script: "<target> OP_CAT OP_SWAP OP_SHA256 OP_EQUAL"
Execution:
<message> <tailHash> <target> OP_CAT
<message> <hash> OP_SWAP
<hash> <message> OP_SHA256
<hash> <hash> OP_EQUAL
OP_TRUE
3. Transaction introspection:
Very similar as to point one. In the best case, it could be identical. In some other cases, it could require transaction building with "<txHead> <txData> <txTail> OP_CAT OP_CAT", and then hashing it with OP_SHA256. Then, you could set "<txHead> <txTail>" in your output script, but "<txData>" could be some part of the input, and for example represent some part of the transaction output amount, which can be changed by the transaction signer. Which means, if you for example allow picking three bytes in your <txData>, and it would be placed, where you have transaction output amount, then you can change the amount, and pick a number from 0.00000000 BTC to 0.16777215 BTC.
Some links, also from the BIP for OP_CAT:
https://medium.com/blockstream/cat-and-schnorr-tricks-i-faf1b59bd298https://www.wpsoftware.net/andrew/blog/cat-and-schnorr-tricks-ii.html4. Provably fair transaction puzzles:
Input script: "<signature> <pubkeyTail>"
Output script: "<pubkeyHead> OP_SWAP OP_CAT OP_CHECKSIG"
Execution:
<signature> <pubkeyTail> <pubkeyHead> OP_SWAP
<signature> <pubkeyHead> <pubkeyTail> OP_CAT
<signature> <pubkey> OP_CHECKSIG
OP_TRUE
Then, if you pick for example 0xbadc0ded as your <pubkeyHead>, then people could mine a public key, starting with x-value equal to 0xbadc0ded, and that would be a proof, that someone can break 32-bit public keys. Of course, any non-zero pattern will do (the only reason why zero will not work, is the half of the generator).