Simulation and Model-Based Veriﬁcation of an Emergency Strategy for Cable Failure in Cable Robots

: Cable failure is an extremely critical situation in the operation of cable-driven parallel robots (CDPR), as the robot might be instantly outside of its predeﬁned workspace. Therefore, the calculation of a cable force distribution might fail and, thus, the controller might not be able to master the guidance of the system anymore. However, as long as there is a remaining set of cables, the dynamic behavior of the system can be inﬂuenced to prevent further damage, such as collisions with the ground. The paper presents a feasible algorithm, introduces the models for dynamical multi-body simulation and veriﬁes the algorithm within control loop closure.


Introduction
Cable-driven parallel robots (CDPR) use a set of cables that are coiled on digitally controlled winches to move a payload, such as a platform. CDPRs can be designed very lightweight, which makes them fast and efficient. Moreover, they can cover large workspaces in comparison to serial manipulators, as the cables can span over huge distances [1]. The range of applications for CDPRs investigated is increasing, including, e.g., intralogistics [2] or automation in construction [3]. Further applications are, e.g., vertical green maintenance [4] or lamella cleaning in sedimentation tanks [5]. Additionally, research has been conducted to improve the performance of CDPRs in underwater operations [6]. In [7], the accuracy, repeatability and long-term running of a CDPR is investigated. A recent project in which the authors are involved is a CDPR for automated masonry construction [8]. This implies a rapid progression of the future industrial utilization of CDPRs.
Consequently, aiming at practical applications, industrial safety requirements must be met in the future to avoid damage to the robot and its environment. Even if there are commonly known rules and guidelines for fundamental components, such as pulleys and cables, a cable might still fail [9]. Within literature, the detection of failures and their outcome in CDPRs has been broadly discussed. Several methods have been presented to handle such situations. In [10], initial thoughts on potential errors and error tolerance in CDPRs were provided, and the consequences of a failed cable on the nullspace of the robot's Jacobian were examined. The impact of a failed or slack cable resulting in improper cable forces is considered in [11]. It aims to recover the force and momentum capacity of the robot's platform. The conditions of practicability for this purpose are suggested. In [12], a strategy for recovery after a cable failure, where the end effector can be outside of its workspace, is proposed. It is based on the planning of an elliptical path within a dynamic trajectory. In [13], the workspace of a predefined system after cable failure is investigated. Moreover, an algorithm for the planning of a feasible trajectory along a straight line path back into the workspace is introduced. This work was extended in [14] by including drivetrain models. In [15], the approach was implemented on a prototype with three degrees-of-freedom (DOF) of the mobile end effector and four cables.
In [16], algorithms to stop a cable-driven camera system after a cable failure are proposed. Dynamic trajectories into the post-failure workspace are planned. Collision avoidance is considered and preferred target positions are identified. In [17], the effects of cable anchor point alignment on post-failure behavior is studied for an underwater CDPR. The winches are installed on marine barges and their optimal positions are determined to increase the systems fault tolerance. In [18], safety concepts for CDPRs are presented. This features, e.g., approaches to shorten the stopping distance during emergency braking and the monitoring of the workspace.
The strategies after cable failure described so far mainly focus on trajectory planning back into the remaining workspace, or cable force redistribution when the platform remains in the workspace after failure. On the contrary, the authors of this work have proposed two strategies to guard the platform back into the post-failure workspace without a predefined trajectory [9]. One strategy presented is based on potential fields employment, whereas the other aims to minimize the systems' kinetic energy [9].
In more recent works, the authors also proposed including actuated moving pulleys in cable failure strategies. The strategy of minimizing the systems' kinetic energy is enhanced and simulated using ideal assumptions in [19].
However, the proposed methods of the authors have neither been validated in loopclosure of a control algorithm, nor been tested in detailed multi-body simulations. Moreover, the presumed failure of a control algorithm commonly used by the authors was not demonstrated before. The aim of this contribution is to close this gap. Following a strictly model-based testing scheme, the examined behavior of the introduced emergency strategy is analyzed, discussed and compared to the commonly used control algorithm. This paves the way for future experimental validation on a prototype.
The structure of the paper is given in the following: An introduction on CDPRs is given first, focusing especially on cable failure and methods to cope with this issue. Section 2 introduces the kinematic and dynamic robot models, as well as the cable and drivetrain model applied within this work. In Section 3, an emergency strategy aiming to minimize the system's kinetic energy is introduced. This strategy involves nonlinear model predictive control. The dynamic multi-body simulation environment based on the modeling fundamentals used within this work is shown in Section 4, and also includes a standard position controller. For the chosen set of robot parameters, a brief examination of the post-failure static equilibrium workspace is carried out in Section 5. Subsequently, dynamic simulations within the chosen environment are performed, comparing the standard controller approach and the presented emergency controller within a cable failure scenario. This analysis is extended regarding the computation time and real-time suitability of the emergency algorithm, considering an emergency controller restricted in iterations. Finally, a summary and outlook on future work towards implementation within real hardware are given.

Modeling Fundamentals
In this section, the modeling equations and approaches used for this work will be introduced. These models form the basis for simulative studies in the upcoming sections.

Kinematics
The robot platform is the robot's end effector. It has m cables and n DOF. This results in the kinematic redundancy r = m − n. The coordinate system 6 -P is fixed to the platform, whereas the latter is referenced in the inertial system 6 -B . The position of the platform B r P and its orientation Φ are denoted as row vectors. They are merged in the pose B x P = [ B r P Φ] T . The rotation matrix B R P describes the platform orientation with respect to 6 -B with the use of yaw-pitch-roll angles.
The fixed platform anchor point of each cable is P p i ; see Figure 1. They are joined in P = [ P p 1 . . . P p i ]. The fixed platform anchor point of each cable is P p i ; see Figure 1. They are joined in P = [ P p 1 . . . P p i ]. Figure 1. Cable-robot model parameters Furthermore, the base vectors B b i describe the frame geometry. Here, the cables are led into the robot's workspace. These vectors are denoted in B = B b 1 . . . B b i . From inverse kinematics, the cable vectors B l i can be derived as follows:

Forces and Dynamics
All vectors are decomposed and referenced within the inertial coordinate system. Note that the top-left index is left out for simplicity. The force of each cable in its direction ν i is f i . The cable force vector f ∈ R m×1 is composed by concatenating all m cable forces. The force in each i th cable that acts on the platform is f i . Each is computed by All other forces f E and torques τ E that act on the end effector are summarized within w E . The transpose of the robot's Jacobian is A T , which is named as the structure matrix. Hence, the equilibrium of forces and torques at the end effector is The inertia tensor of the platform is denoted as B θ P and its mass is m P . B θ P needs to be determined by applying the Steiner-Huygens relation using the given tensor within the platform's gravitational center P θ S . Now, B P r S is the vector pointing from ✻ ✲ P to the gravitational center S. Accordingly, the skew-symmetric matrix B P R S is Furthermore, the base vectors B b i describe the frame geometry. Here, the cables are led into the robot's workspace. These vectors are denoted in B = B b 1 . . . B b i . From inverse kinematics, the cable vectors B l i can be derived as follows:

Forces and Dynamics
All vectors are decomposed and referenced within the inertial coordinate system. Note that the top-left index is left out for simplicity. The force of each cable in its direction ν i is f i . The cable force vector f ∈ R m×1 is composed by concatenating all m cable forces. The force in each i th cable that acts on the platform is f i . Each is computed by All other forces f E and torques τ E that act on the end effector are summarized within w E . The transpose of the robot's Jacobian is A T , which is named as the structure matrix. Hence, the equilibrium of forces and torques at the end effector is The inertia tensor of the platform is denoted as B θ P and its mass is m P . B θ P needs to be determined by applying the Steiner-Huygens relation using the given tensor within the platform's gravitational center P θ S . Now, B P r S is the vector pointing from 6 -P to the gravitational center S. Accordingly, the skew-symmetric matrix B P R S is Now the Newton-Euler equations [20] can be expressed in 6 -B which leads to the dynamics model equations Here, H andḢ can be determined from kinematic Kardan equations; see [21]. E 3 is a 3 × 3 identity matrix.ẋ P andẍ P are the first and second time derivatives of the platform pose. K(x P ,ẋ P ) contains centrifugal and Coriolis forces and torques. The platforms mass matrix is M(x P ). Within vector Q(x P ,ẋ P ), all remaining forces and torques are included. These are, in particular, friction, disturbances and gravitational forces. For simplicity, cables are considered to be non-sagging and massless, following straight lines. Since they can never push but only pull, a minimal cable tension f min needs to be kept at all times during regular operation. Along with this, the maximum tension limit f max should not be surpassed due to the necessary limitations of the drive capabilities and the mechanical loads on the robot components. To follow a given trajectory, the required forces and torques at the platform can be determined in each time step. Consequently, required forces f can be obtained by solving Equation (5). For computation, several methods exist that are commonly known. They differ, e.g., in the required maximum or average computation time or in the resulting force level [1,22].

Cables
As force transmitting elements between the end effector and the cable-drum, the cables need to be considered within the modeling. In practice, cables show different dynamic effects depending e.g. on their material, tension or length. Such effects include e.g. creeping, sagging, vibration or elastic deformation. Depending on the modeling approach, some or all effects of the above can be displayed within simulation, varying in complexity and calculation time costs [1]. In this work, the cables are modeled as a parallel system of a spring and a damper without a mass. The transmitted force therefore depends only on the elongation of the cable, i.e. eigendynamics of the cables are neglected. This approach is rather simple and efficient in calculation time but is still able to display a linear-elastic deformation of the cable and allows for a description of platform vibrations [1]. Since the cables cannot push, a piecewise defined function is used to model the cable force magnitude f i for each i-th cable.
Note that a negative damping force cannot exceed the applied spring force in order to avoid pushing forces within the cable model when a cable is compressed. The damper coefficient d i is assumed to be constant, whereas the cable stiffness k l,i is dependent on the current total cable length l i,tot . This is a function of the cable length at starting position l i,0 and the unwound cable length of the drum with radius r d and angle θ i . l i,0 is the sum of the free cable length within the workspace ||l i (x P,0 )|| 2 at the starting position x P,0 and the cable length between the drum and the deflection point of the cable l d,i , which is assumed to be constant for simplicity. Moreover, the wound cable length on the drum is neglected, as well as the cable length covering the deflection elements, since pulleys are not considered in this work.
From catalog data, there is a linear relationship of 5.8% between the minimum breaking force f b and the corresponding cable length, which is proposed to be used to determine the current cable stiffness.
The cable length difference ∆l i describes whether the cable is tensed or slack. Thus, the total cable length dependent on the wound or unwound cable l i,tot is compared to the kinematic cable length at the current pose x P . Note that this approach is only possible since the sagging of the cable is neglected in the modeling for simplicity and the cables are assumed to be straight lines.
For the cable velocity difference ∆l i , the approach is similar.

Drivetrain
Let J d be the total inertia of the drivetrain system about the rotation axis, including the cable drum and motor inertia for one joint.θ i is the angular acceleration of one cable drum. Depending on the angular velocityθ i of one cable drum and its sign, a coulomb friction with coefficient µ c and a static friction µ s is assumed. The backlashing force acting on the cable drum by the tensed cable converted into the respective torque is f i r d . From a desired torque command, the motor controller is assumed to process this command with the dead time T t and is able to produce it with a delay. This is modeled by a PT1 system with time constant T 1 . The produced torque is denoted as τ c,i . Finally, the equation of motion of the drivetrain system can be described by

Emergency Strategy Based on Energy Minimization
Cable failure during the operation of CDPRs can lead to severe outcomes. As the end effector might move in an uncontrolled manner, collisions can occur, possibly leading to substantial damage to the machine, employees or the surroundings. Moreover, the carried payload might be lost. Consequently, the necessity for action strategies after a cable failure is given, especially during the transfer of this technology into industry. When a cable fails, the end effector can suddenly get beyond the borders of its pre-failure workspace. If this is the case, standard methods for cable force calculation are expected to fail [9]. Two strategies of action after a failure have been proposed by the authors in previous work [9]. One of those is presented in particular as follows.
For simplicity, it is assumed now that just one cable fails. Hence, a CDPR with a number of m − 1 cables remains. In the rest of the paper, the force distribution of the remaining cables is referred to as f * ∈ R (m−1)×1 . Accordingly, the corresponding structure matrix, reduced by the column of the broken cable, is A T * ∈ R n×m−1 . As long as at least a single cable remains after a cable break, the movement of the end effector can still be influenced. In case of CDPR with higher redundancies r, there might even be a good chance to stop the movement in a controlled way, even after the loss of multiple cables.
However, the post-failure workspace can be significantly smaller than the original one. This promotes an unfavorable scenario where the platform suddenly gets beyond the borders of its pre-failure workspace, as mentioned above.
A possible approach to safeguard the end effector in a controlled way is to incorporate model predictive control [23] in order to minimize the systems' kinetic energy after a cable break [9]. Within this strategy, the state of the system is predicted utilizing the dynamical and nonlinear model of the robot to compute cable force distributions, minimizing the end effector's kinetic energy over time. Consequently, this minimizes the system's velocity, which leads to a system stop. Hence, if the system is finally able to stop, the robot will automatically have been led into the remaining post-failure workspace. This strategy does not require the definition of a goal pose, which is highly advantageous. A rigid body is assumed in order to model the moving masses of platform and payload. Its kinetic energy is defined as The angular velocity Ω = Hφ of the body is directly dependent onφ [21]. Therefore, the magnitude ofẋ P = [ṙ Pφ ] T needs to be be minimized in order to decrease the system's kinetic energy. The system is described by the nonlinear discrete state equations It is based upon the nonlinear system function f x(k), u(k) derived from Equation (5). x(k) is the state vector containing position and velocity. y(k) describes the output of the system. Both are defined as Applying the 3 × 3 identity matrix K, matrix C describes the output: The system's input vector contains the remaining cable forces The state vector x(k + 1) for the next time step is obtained from f x(k), u(k) applying numerical integration with a fixed prediction step size ∆t c . For this purpose, the Euler-Cromer scheme is used: Now, a cost function J is set up as follows: Herein, the number of steps n p is the prediction horizon, whereas n c is the control horizon. To obtain set-point cable force distributions f * , Equation (18) is minimized in each time step, considering the given limitations for cable forces. In order to stop the system, the goal velocity is set to y r = 0. As soon as the platform gets to a full stop and the cable force distribution remains steady, the costs J will be minimal. The weighting parameters Q and r 1 can be used to scale the optimization problem.

Simulation Environment
In order to perform dynamic simulation experiments, a multi-body simulation environment needs to be set up. This environment and a commonly used position controller are described in this section.

System Structure
Based on the modeling fundamentals described in section 2, an environment is set up to carry out simulative experiments. The resulting system structure used within this work is shown in Figure 2. Now, a cost function J is set up as follows: Herein, the number of steps n p is the prediction horizon, whereas n c is the control horizon. To obtain set-point cable force distributions f * , Equation (18) is minimized in each time step, considering the given limitations for cable forces. In order to stop the system, the goal velocity is set to y r = 0. As soon as the platform gets to a full stop and the cable force distribution remains steady, the costs J will be minimal. The weighting parameters Q and r 1 can be used to scale the optimization problem.

Simulation Environment
In order to perform dynamic simulation experiments, a multi-body simulation environment needs to be set up. This environment and a commonly used position controller are described in this section.

System Structure
Based on the modeling fundamentals described in section 2, an environment is set up to carry out simulative experiments. The resulting system structure used within this work is shown in Figure 2.

Cycle Time 2 kHz
Cycle Time 16 kHz The simulation is split up into two areas with differing fixed sample times. The controller model is sampled with 2 kHz, whereas the physical system, including the drivetrains, cables and a robot model, is simulated with 16 kHz. The lower sample time corresponds to the cycle time used within the control of prototypes such as the SEGESTA [24], whereas the higher sample time is intended to create an adequate representation of the physics, aligning to typical clock frequencies of motor current controllers. From a desired trajectory given by x D ,ẋ D ,ẍ D and θ,θ as a feedback from the drives, the position controller model delivers set torques τ D to the drivetrain model. Details on the incorporated controller are given in the upcoming section.
Depending on the current cable forces f is and the torque command τ D , the internal drivetrain control accelerates the winch according to Equation (11). This results in current winch velocitiesθ and angles θ by integration. To determine the current cable force according to Equation (6), the cable model receives θ andθ, as well as the current The simulation is split up into two areas with differing fixed sample times. The controller model is sampled with 2 kHz, whereas the physical system, including the drivetrains, cables and a robot model, is simulated with 16 kHz. The lower sample time corresponds to the cycle time used within the control of prototypes such as the SEGESTA [24], whereas the higher sample time is intended to create an adequate representation of the physics, aligning to typical clock frequencies of motor current controllers. From a desired trajectory given by x D ,ẋ D ,ẍ D and θ,θ as a feedback from the drives, the position controller model delivers set torques τ D to the drivetrain model. Details on the incorporated controller are given in the upcoming section.
Depending on the current cable forces f is and the torque command τ D , the internal drivetrain control accelerates the winch according to Equation (11). This results in current winch velocitiesθ and angles θ by integration. To determine the current cable force according to Equation (6), the cable model receives θ andθ, as well as the current kinematic cable length and velocities l,l from the CDPR model. Depending on the current cable forces, the acceleration of the end effector is calculated using Equation (5). The position and velocity of the end effector are also obtained by integration. Finally, from the end effector state, the current kinematic cable length and velocities of the robot model are derived, employing the inverse kinematic; see Section 2. Note that the system states in the drivetrain model, as well as in the robot model, are time-discretely integrated using the trapezoidal integration method.

Standard Controller Model
Since CDPRs have a strongly nonlinear character, a position control of them is nontrivial. As described in [25,26], an augmented PD controller is a highly suitable choice for this task. Figure 3 displays the structure of this controller. As a central component, a PD position controller in joint space is acting, which controls the desired cable length l D and cable velocityl D obtained from the desired trajectory using inverse kinematics. Using the wrench w ff , this linear controller is extended by a model-based feed forward path based on Equation (5) to handle the strong nonlinear character of the robot. The controller law is given as follows: K P and K D are diagonal gain matrices, whereas e andė are the errors in cable length and velocities, respectively. The measured length l and velocitiesl are determined by the feedback of the measured drum angles θ, velocitiesθ and the drum radii r d (see also Section 2.3). A brief discussion on the stability and parametrization of the controller is given in [27]. Inserting the controller output wrench in Equation (2), a cable force distribution can be found using well-known methods; see Section 2.2. The desired force distribution f D is converted to torques τ D and can be fed to the drives. kinematic cable length and velocities l,l from the CDPR model. Depending on the current cable forces, the acceleration of the end effector is calculated using Equation (5). The position and velocity of the end effector are also obtained by integration. Finally, from the end effector state, the current kinematic cable length and velocities of the robot model are derived, employing the inverse kinematic; see Section 2. Note that the system states in the drivetrain model, as well as in the robot model, are time-discretely integrated using the trapezoidal integration method.

Standard Controller Model
Since CDPRs have a strongly nonlinear character, a position control of them is nontrivial. As described in [25,26], an augmented PD controller is a highly suitable choice for this task. Figure 3 displays the structure of this controller. As a central component, a PD position controller in joint space is acting, which controls the desired cable length l D and cable velocityl D obtained from the desired trajectory using inverse kinematics. Using the wrench w ff , this linear controller is extended by a model-based feed forward path based on Equation (5) to handle the strong nonlinear character of the robot. The controller law is given as follows: K P and K D are diagonal gain matrices, whereas e andė are the errors in cable length and velocities, respectively. The measured length l and velocitiesl are determined by the feedback of the measured drum angles θ, velocitiesθ and the drum radii r d (see also Section 2.3). A brief discussion on the stability and parametrization of the controller is given in [27]. Inserting the controller output wrench in Equation (2), a cable force distribution can be found using well-known methods; see Section 2.2. The desired force distribution f D is converted to torques τ D and can be fed to the drives.

Dynamic Simulation-Experiments and Results
Within this work, a planar dynamic CDPR model using two translational DOF and four cables (n = 2, m = 4) is considered. In comparison to former work of the authors featuring models with two DOF (see, e.g., [9]), this model is extended by drivetrain modeling and basic cable modeling, as well as a standard control system model (see Sections 2 and 4). Note, that for the model at hand, the rotational components are set to zero in Equations (5) and (17). For simplicity, all elements of parameters and variables that go beyond the chosen two DOF are not displayed in the following.
The model is subject to gravity in the negative y-direction. The cables are massless but can become slack (see Section 2.3). Modeling of pulleys is neglected for simplicity, as well as collisions between cables or disturbances. The chosen set of parameters for

Dynamic Simulation-Experiments and Results
Within this work, a planar dynamic CDPR model using two translational DOF and four cables (n = 2, m = 4) is considered. In comparison to former work of the authors featuring models with two DOF (see, e.g., [9]), this model is extended by drivetrain modeling and basic cable modeling, as well as a standard control system model (see Sections 2 and 4). Note, that for the model at hand, the rotational components are set to zero in Equations (5) and (17). For simplicity, all elements of parameters and variables that go beyond the chosen two DOF are not displayed in the following.
The model is subject to gravity in the negative y-direction. The cables are massless but can become slack (see Section 2.3). Modeling of pulleys is neglected for simplicity, as well as collisions between cables or disturbances. The chosen set of parameters for the simulation model is as follows. The cable and drivetrain parameters are inspired by the SEGESTA prototype.
Note, that only results for the failure of an cable coming from above are introduced in this work, due to lack of space.

Analysis of the Post-Failure Workspace
As demonstrated in the former work of the authors [9,19], the workspace of a CDPR can change significantly after a cable failure. This increases the risk of the platform being outside the workspace for static force equilibrium (S E W) post-failure, leading to an inevitable movement of the platform.
For the model parameters at hand, the SE W for static equilibrium pre-and postfailure under influence of gravity is displayed in Figures 4 and 5. The workspace was calculated using a discrete point grid and checking for a feasible cable force distribution at each point while applying the closed-form method [1]. Clearly, it is visible that the workspace is approximately halved post-failure for the given model, promoting the risk of the platform being outside the workspace after cable failure.
Note, that only results for the failure of an cable coming from above are introduced in this work, due to lack of space.

Analysis of the Post-Failure Workspace
As demonstrated in the former work of the authors [9,19], the workspace of a CDPR can change significantly after a cable failure. This increases the risk of the platform being outside the workspace for static force equilibrium (SE W) post-failure, leading to an inevitable movement of the platform.
For the model parameters at hand, the SE W for static equilibrium pre-and postfailure under influence of gravity is displayed in Figures 4 and 5. The workspace was calculated using a discrete point grid and checking for a feasible cable force distribution at each point while applying the closed-form method [1]. Clearly, it is visible that the workspace is approximately halved post-failure for the given model, promoting the risk of the platform being outside the workspace after cable failure.

Multi-Body Cable Failure Simulation with Standard Controller
To perform dynamic cable failure simulations, the intervention points of the cable failure within the model need to be defined. At a given time, the cable failure is induced by setting the output force of the cable model to zero for the broken cable. Therefore, only the remaining cables can impose a dynamic effect on the robot platform within

Multi-Body Cable Failure Simulation with Standard Controller
To perform dynamic cable failure simulations, the intervention points of the cable failure within the model need to be defined. At a given time, the cable failure is induced by setting the output force of the cable model to zero for the broken cable. Therefore, only the remaining cables can impose a dynamic effect on the robot platform within the robot model; see Section 4.1. Moreover, due to the missing reactive force from this cable, the associated drivetrain can easily accelerate the winch only bounded by friction. However, the winch movement does not impose any effect on the cable model anymore. Still, due to the feedback of motor angles and velocities, the controller senses the winch movement.
For a first experiment, the platform is set into a position at r P = [−0.35, 0.65] T m, while the APD controller aims to hold that position as goal pose. Desired velocity and acceleration are set to zero. Note, that this position is outside of the SE W after cable failure. The parameter are set to K P = 40, 000 diag(1, 1, 1, 1) and K D = 50 diag (1, 1, 1, 1). To generate a desired cable force distribution from the controller output (see section 4.2), the closed-form method is used [1]. Subsequently, the model behavior after cable break is investigated, as if the controller would have no inherent emergency strategy and no detection of the cable failure. The cable failure is induced at 0.25 s. Figure 6 shows the trajectory of the platform and the drives after cable failure employing the augmented PD controller without emergency strategy. As the APD controller has no knowledge of the cable failure, it tries to hold the old desired position, leading to an undesired movement of the platform. The velocity in the x-direction reaches 1.9 m s , and reaches −1.8 m s in the y-direction. The drives coil the cables in an undesired manner, trying to maintain the desired cable force given from the augmented PD controller. The drive velocities reach up to ∼ 30 rad s when the platform is falling down. When the cables get back in tension, as shown in the right side of Figure 7, the conducted impulses in cable forces can also be seen within the drive velocities. They are caused whenever the slack cables catch the falling platform. After being pulled into the reduced SE W with the remaining cables and some uncontrolled movement at the workspace border, the joint errors exceed a certain level, resulting in non-feasible cable force distributions (see Figure 7, left). As displayed on the right side of Figure 7, the remaining cables stay in tension after failure of the cable force calculation at approximately 2.25 s due to inertia and friction in the drivetrains and the mass of the falling platform, which finally crashes to the ground. This underlines the necessity for an emergency strategy, guiding the end effector back into the static equilibrium workspace in a controlled manner, where it can be stopped in a statically stable position without collision with the ground. f f Figure 7. Commanded forces (left) and measured cable forces (right) after cable failure using the augmented PD controller.

Implementation of the Emergency Strategy
To implement the proposed emergency strategy (see Section 3), a few changes are applied to the system structure, as displayed in Figure 8. As soon as the cable fails, the information about the failure is directly fed to the controller for simplicity. At that point, the APD controller gets bypassed and the desired force from the last calculation cycle serves as a warm start point for the optimization-based emergency controller. Of course, for the application on real hardware, the cable failure needs to be detected. Potential points of detection that need to be investigated in future work are, e.g., cable force measurement or an unexpected deviation of the winch angle measurement. As the emergency strategy of kinetic energy minimization needs to have knowledge on the CDPR system state, an ideal pose measurement is assumed in the simulation. On real hardware, this task needs to be accomplished in real time by a suitable measurement unit, e.g., based on laser tracking. A second option would be the use of a forward kinematic algorithm. As a result of the risk of slack cables and uncertain movement of the end effector, implementing a cable failure resistant forward kinematic is nontrivial and part of future work.

Implementation of the Emergency Strategy
To implement the proposed emergency strategy (see Section 3), a few changes are applied to the system structure, as displayed in Figure 8. As soon as the cable fails, the information about the failure is directly fed to the controller for simplicity. At that point, the APD controller gets bypassed and the desired force from the last calculation cycle serves as a warm start point for the optimization-based emergency controller. Of course, for the application on real hardware, the cable failure needs to be detected. Potential points of detection that need to be investigated in future work are, e.g., cable force measurement or an unexpected deviation of the winch angle measurement. As the emergency strategy of kinetic energy minimization needs to have knowledge on the CDPR system state, an ideal pose measurement is assumed in the simulation. On real hardware, this task needs to be accomplished in real time by a suitable measurement unit, e.g., based on laser tracking. A second option would be the use of a forward kinematic algorithm. As a result of the risk of slack cables and uncertain movement of the end effector, implementing a cable failure resistant forward kinematic is nontrivial and part of future work.  After an induced cable break, the emergency controller will start to calculate desired cable forces while minimizing the cost function Equation (18). The forces are converted to torques and commanded to the drivetrain system. Note that the NMPC algorithm is capable of predicting the system behavior over several time steps and, moreover, can obtain a more complex model, including, e.g., drivetrain behavior and friction. Due to the expected shortage in the available computation time when using the algorithm on prototype hardware later on, a rather simple model based on Equation (  17) is included in this work, and the prediction is carried out only over one time step, i.e., n p = n c = 1. The optimization problem is solved using MATLAB's fmincon() and an interior point algorithm. The output of the last cycle is fed back in order to enable a warm start of the optimization.

Multi-Body Cable Break Simulation with Emergency Strategy
The simulation is started with the same initial conditions as the experiment in Section 5.2. Subsequently, as soon as the cable breaks, the APD controller is bypassed and the NMPC-based emergency controller starts. The NMPC parameters are set as follows: (1, 5), ∆t c = 0.5 ms, y r = 0. fmincon() is used with default parameters first. Note that Q is designed for less desired vertical movement, since it produces five times more costs in Equation (18) than horizontal movements. Figure 9 displays the trajectory of the end effector and the drives after cable failure After an induced cable break, the emergency controller will start to calculate desired cable forces while minimizing the cost function Equation (18). The forces are converted to torques and commanded to the drivetrain system. Note that the NMPC algorithm is capable of predicting the system behavior over several time steps and, moreover, can obtain a more complex model, including, e.g., drivetrain behavior and friction. Due to the expected shortage in the available computation time when using the algorithm on prototype hardware later on, a rather simple model based on Equation (17) is included in this work, and the prediction is carried out only over one time step, i.e., n p = n c = 1. The optimization problem is solved using MATLAB's fmincon() and an interior point algorithm. The output of the last cycle is fed back in order to enable a warm start of the optimization.

Multi-Body Cable Break Simulation with Emergency Strategy
The simulation is started with the same initial conditions as the experiment in Section 5.2. Subsequently, as soon as the cable breaks, the APD controller is bypassed and the NMPCbased emergency controller starts. The NMPC parameters are set as follows: r 1 = 4 × 10 −4 , Q = diag (1,5), ∆t c = 0.5 ms, y r = 0. fmincon() is used with default parameters first. Note that Q is designed for less desired vertical movement, since it produces five times more costs in Equation (18) than horizontal movements. Figure 9 displays the trajectory of the end effector and the drives after cable failure while the emergency controller is commanding desired cable forces. It is worth noting that the platform travels a slight diagonal path into the remaining SE W, covering double the distance in the horizontal direction than in the vertical direction. In contrast to Figure 6, the velocity in the x-direction is slightly higher, whereas it is nearly halved in the y-direction. This evidences that the chosen parameter Q indeed leads to less vertical movement. The progressions of θ andθ show how the drives react properly to the commanded torque coming from the emergency method. The drives reach velocities up to ∼ 50 rad s . Drive 1, which corresponds to the broken cable, stops movement, as there is no torque commanded to it. The platform can be dragged into the remaining workspace. Then, it is orbiting near the position where it entered the workspace. Finally, and in contrast to the experiment in Section 5.2, it gets stopped without being subjected to collision with the robot boundaries.
The commanded and measured forces in this experiment are shown in Figure 10. The platform can be stopped in a statically stable position after approx. 2 s. The algorithm fully takes advantage of the given cable force boundaries, but does not exceed it within the commanded values. However, as displayed in the right hand figure, the current cable forces progress differently to the set forces throughout the trajectory. Since the cable force is not controlled directly, this is not unexpected. In the first segment after the cable failure, only cable 2 is held in tension while the platform starts to move. Since vertical movement is not desired within the optimization, cables 3 and 4 are commanded to minimum tension, which causes them to go slack in the model. Roughly 0.25 s after the failure, the platform reaches a pose where cable 3 gets back in tension, creating an impulse that slightly exceeds the desired cable force boundaries by 20 N. From there on, the platform starts to swing near the workspace border until cable 4 is brought back into tension by the algorithm. In that phase, the platform movement causes this cable to go in and out of tension a few times, creating some impulses in cable force 4. Notably, the second impulse also exceeds the cable force boundaries by 50 N. After all three cables are back in tension, the movement is stopped immediately. Even though the observed impulses exceed the desired cable force limits, which can be problematic on real hardware, the cable forces that occur are still far below the cable breaking force f b . In summary, the experiment gives evidence that the chosen emergency method successfully works in a multi-body simulation environment and can stop the platform without collision in a fast manner.
Version February 14, 2022 submitted to Actuators 13 of 18 within the commanded values. However, as displayed in the right hand figure, the current cable forces progress differently to the set forces throughout the trajectory. Since the cable force is not controlled directly, this is not unexpected. In the first segment after the cable failure, only cable 2 is held in tension while the platform starts to move. Since vertical movement is not desired within the optimization, cables 3 and 4 are commanded to minimum tension, which causes them to go slack in the model. Roughly 0.25 s after the failure, the platform reaches a pose where cable 3 gets back in tension, creating an impulse that slightly exceeds the desired cable force boundaries by 20 N. From there on, the platform starts to swing near the workspace border until cable 4 is brought back into tension by the algorithm. In that phase, the platform movement causes this cable to go in and out of tension a few times, creating some impulses in cable force 4. Notably, the second impulse also exceeds the cable force boundaries by 50 N. After all three cables are back in tension, the movement is stopped immediately. Even though the observed impulses exceed the desired cable force limits, which can be problematic on real hardware, the cable forces that occur are still far below the cable breaking force f b . In summary, the experiment gives evidence that the chosen emergency method successfully works in a multi-body simulation environment and can stop the platform without collision in a fast manner.
x-Axis in m y-Axis in m 200 200 Figure 10. Commanded forces (left) and measured cable forces (right) after cable failure using the emergency controller with default optimizer settings. Figure 10. Commanded forces (left) and measured cable forces (right) after cable failure using the emergency controller with default optimizer settings.

Investigation on Computational Efficiency
Since the solution of numerical optimization problems on real-time hardware might lead to problems because of their iterative structure, a consideration of the computation time of the algorithm is crucial. The experiment from the last section is now evaluated in computation time and compared to an experiment with more restriction on the maximum allowed iterations of the optimizer. The calculations were carried out within Matlab R2019a using an Intel CPU i7-8700 with 3.2 GHz on a Windows 10 System. The maximum allowed iterations are now reduced from 1000 (default) to 10. Limiting the number of iterations within the optimizer may lead to a premature abortion of the optimization before reaching a cost function minimum. This impacts the cyclic computation time in a positive manner in terms of predictability and constancy. Nonetheless, the quality of the optimization result is expected to be negatively affected by this limitation.
In comparison to Section 5.4, the trajectory of the platform and the drives after cable failure is quite similar, as displayed in Figure 11. Version February 14, 2022 submitted to Actuators 14 of 18

Investigation on Computational Efficiency
Since the solution of numerical optimization problems on real-time hardware might lead to problems because of their iterative structure, a consideration of the computation time of the algorithm is crucial. The experiment from the last section is now evaluated in computation time and compared to an experiment with more restriction on the maximum allowed iterations of the optimizer. The calculations were carried out within Matlab R2019a using an Intel CPU i7-8700 with 3.2 GHz on a Windows 10 System. The maximum allowed iterations are now reduced from 1000 (default) to 10. Limiting the number of iterations within the optimizer may lead to a premature abortion of the optimization before reaching a cost function minimum. This impacts the cyclic computation time in a positive manner in terms of predictability and constancy. Nonetheless, the quality of the optimization result is expected to be negatively affected by this limitation.
In comparison to Section 5.4, the trajectory of the platform and the drives after cable failure is quite similar, as displayed in Figure 11. In addition, the progression of the cable forces, as displayed in Figure 12, is comparable; however, some differences can be highlighted. The progression of the controlled forces is slower when a different extreme cable force distribution near the force boundaries is found. This can be explained by the assumption that the algorithm tends to stay in local minima or runs into the iteration restriction while propagating to a new optimal solution. This is also displayed by θ andθ. It is worth noting that the drives tend to react slower due to the commanded torque values. Drive 2, for example, is not accelerated as fast as in Figure 9, while the first impulse in cable force 3 results in a higher negative velocity on drive 3. The platform is led to a full stop after ∼ 2.15 s, which is a little slower than with default parameters. Within the measured forces, it can be observed that the first impulse-when cable 3 gets back into tension-is roughly 30 N higher in comparison. In addition, the first impulse on cable 4 is 80 N higher, whereas the second impulse is 10 N lower. All in all, the height of the impulses when the slack cables go back into tension tends to rise.
The computation time per cycle step of the optimization algorithm throughout both experiments is displayed in Figure 13. The mean times have been determined In addition, the progression of the cable forces, as displayed in Figure 12, is comparable; however, some differences can be highlighted. The progression of the controlled forces is slower when a different extreme cable force distribution near the force boundaries is found. This can be explained by the assumption that the algorithm tends to stay in local minima or runs into the iteration restriction while propagating to a new optimal solution. This is also displayed by θ andθ. It is worth noting that the drives tend to react slower due to the commanded torque values. Drive 2, for example, is not accelerated as fast as in Figure 9, while the first impulse in cable force 3 results in a higher negative velocity on drive 3. The platform is led to a full stop after ∼ 2.15 s, which is a little slower than with default parameters. Within the measured forces, it can be observed that the first impulse-when cable 3 gets back into tension-is roughly 30 N higher in comparison. In addition, the first impulse on cable 4 is 80 N higher, whereas the second impulse is 10 N lower. All in all, the height of the impulses when the slack cables go back into tension tends to rise.
The computation time per cycle step of the optimization algorithm throughout both experiments is displayed in Figure 13. The mean times have been determined starting from 0.25 s, where the cable failure is induced and the optimizer is switched on. For default optimization parameters, the cycle times range from 2.5 ms to 25 ms while the platform is in motion, with a mean time of 9.24 ms. After the stop of the platform, the cycle times drop to a quite continuous level of 2.48 ms. The total mean computation time per cycle is 6.26 ms. As expected, restricting the maximum allowed iterations leads to more constant cycle times, as displayed on the right side of Figure 13. Here, the cycle times range from 7.25 ms to 20.4 ms while the platform is in motion. The mean is 8.14 ms, which is approximately 1 ms lower than with default parameters. After stopping, the times drop to roughly 2.8 ms, leading to a total mean of 5.84 ms. Note that both cases have a peak in cycle time within the first iteration of the optimizer at 0.25 s due to initialization and memory preallocation. Restricting the algorithm further to 5 iterations maximum, the range of calculation times drops to 5 ms minimum and 8.5 ms maximum. However, in that case, the platform cannot be fully stopped within the simulation time, and the peak force that is induced when one cable get back into tension first is 260 N. The minimum number of iterations to stop the platform successfully in the present simulation example is 6. Still, in that case, a peak tension of 250 N occurs. Due to a lack of space, those experiments are not displayed here. This indicates that further restrictions of the maximum iterations are not useful. In summary, a compromise between the quality of the optimization result and computation time needs to be found when restricting the maximum iterations of the algorithm.
Version February 14, 2022 submitted to Actuators 15 of 18 tion time per cycle is 6.26 ms. As expected, restricting the maximum allowed iterations leads to more constant cycle times, as displayed on the right side of Figure 13. Here, the cycle times range from 7.25 ms to 20.4 ms while the platform is in motion. The mean is 8.14 ms, which is approximately 1 ms lower than with default parameters. After stopping, the times drop to roughly 2.8 ms, leading to a total mean of 5.84 ms. Note that both cases have a peak in cycle time within the first iteration of the optimizer at 0.25 s due to initialization and memory preallocation. Restricting the algorithm further to 5 iterations maximum, the range of calculation times drops to 5 ms minimum and 8.5 ms maximum. However, in that case, the platform cannot be fully stopped within the simulation time, and the peak force that is induced when one cable get back into tension first is 260 N. The minimum number of iterations to stop the platform successfully in the present simulation example is 6. Still, in that case, a peak tension of 250 N occurs. Due to a lack of space, those experiments are not displayed here. This indicates that further restrictions of the maximum iterations are not useful. In summary, a compromise between the quality of the optimization result and computation time needs to be found when restricting the maximum iterations of the algorithm. The experiments show that the maximum iterations can be reduced, which leads to a lower mean computation time, while maintaining comparable results. Even though the results look promising, the resulting computation times are still far away from the 0.5 ms time frame available in the hardware controller running at 2 kHz. To apply the algorithms on real hardware, this issue needs to be solved in future work. Moreover, as cables tend to become slack within the simulation, an additional position control or force control in joint space might be needed for experiments on hardware. As men- tion time per cycle is 6.26 ms. As expected, restricting the maximum allowed iterations leads to more constant cycle times, as displayed on the right side of Figure 13. Here, the cycle times range from 7.25 ms to 20.4 ms while the platform is in motion. The mean is 8.14 ms, which is approximately 1 ms lower than with default parameters. After stopping, the times drop to roughly 2.8 ms, leading to a total mean of 5.84 ms. Note that both cases have a peak in cycle time within the first iteration of the optimizer at 0.25 s due to initialization and memory preallocation. Restricting the algorithm further to 5 iterations maximum, the range of calculation times drops to 5 ms minimum and 8.5 ms maximum. However, in that case, the platform cannot be fully stopped within the simulation time, and the peak force that is induced when one cable get back into tension first is 260 N. The minimum number of iterations to stop the platform successfully in the present simulation example is 6. Still, in that case, a peak tension of 250 N occurs. Due to a lack of space, those experiments are not displayed here. This indicates that further restrictions of the maximum iterations are not useful. In summary, a compromise between the quality of the optimization result and computation time needs to be found when restricting the maximum iterations of the algorithm. The experiments show that the maximum iterations can be reduced, which leads to a lower mean computation time, while maintaining comparable results. Even though the results look promising, the resulting computation times are still far away from the 0.5 ms time frame available in the hardware controller running at 2 kHz. To apply the algorithms on real hardware, this issue needs to be solved in future work. Moreover, as cables tend to become slack within the simulation, an additional position control or force control in joint space might be needed for experiments on hardware. As men- The experiments show that the maximum iterations can be reduced, which leads to a lower mean computation time, while maintaining comparable results. Even though the results look promising, the resulting computation times are still far away from the 0.5 ms time frame available in the hardware controller running at 2 kHz. To apply the algorithms on real hardware, this issue needs to be solved in future work. Moreover, as cables tend to become slack within the simulation, an additional position control or force control in joint space might be needed for experiments on hardware. As mentioned in Section 5.3, the NMPC has a rather simple model of the robot. In future work, it might be reasonable to investigate the behavior of an extended algorithm through also incorporating winch dynamics and cable behavior. This will be especially interesting when carrying out tests on real hardware in terms of the quality of the results versus computation costs. Moreover, it needs to be investigated if a larger prediction horizon of the NMPC algorithm leads to better results in terms of experienced cable forces, cable slackness and platform movement. Finally, it is worth noting that the path of the platform and force progressions can be adjusted with the weighting parameters of the cost function-e.g., for less desired vertical movement or slower progression in the cable forces-which is not further investigated here.

Conclusions and Outlook
In this work, an emergency strategy after the cable failure of a CDPR based on kinetic energy minimization was presented and implemented within a multi-body simulation environment with control loop closure. The proposed simulation environment was briefly described, and also featuring modeling of the drivetrains, as well as a simple cable model. The chosen two DOF robot was analyzed regarding a pre-and post-cable failure static equilibrium workspace. A well-known position control approach was described and implemented within the simulation environment as a standard controller. To display the event of a cable failure, the dynamic simulation was modified accordingly. Within the simulation, the standard control approach was proven to fail. In contrast, utilizing the proposed emergency strategy, the platform was successfully recovered and stopped within the post-failure workspace. This paves the way for the application of the proposed method on robot hardware. However, some issues have been identified and discussed that need to be resolved in order to carry out hardware experiments. This includes, e.g., the reliable detection of cable failure and a real-time position determination in the emergency situation. For the latter, in order to close the control loop, a measurement unit or a cable-failureresistant forward kinematic code is needed.
Given the simulation scenario, the emergency controller was not able to hold tension in all cables throughout the whole recovery phase. This indicates a possible demand for an additional controller in joint space in order to maintain the desired force. An alternative option would be to extend the NMPC algorithm to incorporate the platform position and cable length, which might be used for position control in order to maintain the desired cable length, preventing the cables from going slack. Finally, the computational costs of the NMPC optimization algorithm were shown. Despite fast computing times in the range of milliseconds, the algorithm does not reach the desired computation time for a 2 kHz control system. This is planned to be resolved in future work using either real-time hardware with high computation power or by altering the algorithm. It is worth noting that a large amount of damage potential coming, for example, from undesired rotations is not addressed using a two DOF model, which requires further consideration.
All in all, this work contributes to an improvement in safety and reliability for CDPRs, helping to pave the way for CDPRs in industrial applications.  Acknowledgments: The authors would like to thank the funding institutions for their financial support.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: CDPR cable-driven parallel robot SE W static equilibrium workspace APD augmented PD NMPC nonlinear-model-based control DOF degrees of freedom