Has anyone ever built a 100% safe rocket for human space exploration? By this I mean that the rocket design in question has never suffered catastrophic failure, either while it was manned or unmanned. I know that at least for the USA the space shuttle was the first ever spacecraft that did not receive any unmanned space tests but it also had a few failures. So the question is what is if you were going into space what rocket would give you the best chance of coming home safely.
I don’t believe the Saturn V ever had a failure after it was certified for manned flight. It did have something of an odd development and test history, in that some technically live flights were also test flights - there was simply no way to test some of the components except in full flight, so test and flights were combined. But I’m pretty sure the substandard flights (that pogo’ed hard) and failures were before anything considered a full flight.
I think by that strict definition, and if we’re allowed to exclude unmanned test flights during development, I agree that the Saturn-V should qualify. Unless you count accidents during training.
But that’s 11 successes out of 11. The Shuttle flew successfully 25 times before the Challenger accident.
The Soyuz has had 2 fatal accidents, but the last time was in 1971. Since then, it has had something like 120 successful flights in a row. Then again, the unmanned version of the same rocket has had a few failures.
This seems an extraordinary requirement.
The process of design & development is mostly failure, up until you get the one that works.
Even for such a mundane thing as the light bulb, how many versions did Thomas Edison test before he got a working one? Several hundred or thousands, over 14 months.
Experimenting often involves testing until failure, analyzing what caused the failure, then designing a fix for that into the next test version. This is especially true for something like a space vehicle, where some things can’t be tested here on earth.
The Saturn V did suffer problems that, had the mission been manned, would have resulted in an abort. That probably does count as a catastrophic failure.
The rocket with the closest to perfect history is probably the Saturn 1/1B.
The Saturn V didn’t suffer any Loss of Crew and Vehicle (LOCV) failures during its relatively short operational lifetime (two uncrewed test flights, three crewed test flights, seven operational missions, and the Skylab to orbit, all over the span of six years of continuous production) but that certainly doesn’t mean it was free from significant anomalies. Apollo 6 (SA-502) had two J-2 engines fail on the S-II, and the J-2 on the S-IVB did not restart, which would have been a mission objectives failure for an operational mission. Apollo 12 was struck by lightning and the power controller on the Apollo CSM did not reset until a junior flight controller (John Aaron) recalled a simulation from the previous year where he had discovered a sneakaround and famously (in geek circles, anyway) instructed the crew to “Switch SCE to Aux”. Apollo 13, of course, had its infamous blowup, but also suffered substantial POGO during ascent. Reliability engineering was not a mature science at the time of the Apollo program (if indeed it can be said to be so now) but relatively conservative estimates place ascent failure of the Saturn V system at about 1:50 to 1:60 flights, and failure of the more complex and trouble-prone Apollo CSM at around 1:30 or thereabouts. The Launch Escape System, a tractor rocket mounted on a tower above the capsule, could provide a credible abort mode during ascent, but once the CSM separated, the magnitude of potential failures of the CSM made a LOCV incident very likely. The astronauts of Apollo 13 were actually very, very lucky that the explosion in the liquid oxygen tank occurred when it did, after the docked with the LM and before they were committed to a lunar capture orbit, else they would have been stuck without any means of propulsion to inject in a course back to Earth.
The Space Transportation System (“Shuttle”) gets a bad rap because of the loss of both Challenger and Columbia, and there is certainly reason to be critical of some of the fundamental design requirements and constraints imposed on the system, but while the design was complex and (arguably) needlessly fragile, and also offered no credible abort modes from SRB ignition through separation, it actually met the design reliability expectation of a loss of vehicle accident in the range of 1:50 to 1:100 launches. Apollo/Saturn had 12 successes in 13 attempts for a realized rate of 92% and a first level Bayesian estimate predicted reliability of 87%. The Shuttle had 132 successes in 135 attempts (two LOCVs, one Abort to Orbit) for a realized rate of 98% and a predicted reliability of 97%. The only other crewed launch vehicles with enough missions to count statistically are the Soyuz family, which 988 successes in 1003 attempts for a realized 99% and a predicted reliability of 98%, and the Titan 2 GLV with 12 successes out of 12 attempts giving 100% realized rate and 93% predicted reliability.
There is not, and will never be a “100% safe rocket for human space exploration,” because the very nature of rocket propulsion entails risks, some of which are beyond the control of designers, manufacturers, and operators. Setting aside environmental hazards (lightning strikes, unexpected wind shear, orbiting debris impacts, et cetera) any real world system is also subject to some degree of random failures which can only be mitigated to a degree by design robustness and quality control. There are also system failures; those which occur due to unmodelled interactions in complex systems which may occur only sporadically or under a very specific convolution of operating conditions, and therefore are not captured in test or analysis. Given that rocket propulsion systems by their nature operate near the limits of material capability, require fine balancing of often poorly known real-time parameters for control, and are just generally really complicated in all sorts of different ways, it is just not feasible to demand a ~100% reliable rocket. (It is actually technically impossible for anything to achieve 100% reliability, but we can get arbitrarily close for high margin and rigorously tested and qualified systems.) For the SLS, NASA attempted to impose a R=0.995 requirement (essentially accepting one failure in two hundred flight attempts) and even that has proven beyond challenging to achieve in design.
Stranger
On Apollo 13 a severe longitudinal oscillation happened on the center engine of the 2nd stage. This was briefly shown in the movie. In the actual mission, later analysis showed the vibration was so severe it nearly caused structural failure. The center engine was vibrating with a fore/aft stroke of 3 inches – and it’s mounted on a large metal cruciform beam, similar to a skyscraper I-beam.
Instrumentation revealed the engine vibration peaked at 68 g. The cutoff was essentially a lucky event that probably saved the vehicle and possibly the crew. This happened after the escape tower had been jettisoned, which left only a “mode II” abort option of separating CSM, which had a meager 0.32-to-1 thrust-to-weight ratio. The separation from a disintegrating stack would have been very slow.
Regarding the OP it’s not possible to design a launch vehicle with airliner-like safety, much less 100% safety. The forces and energies are just too high, and the tyranny of the rocket equation means the structural mass must be very light. Launch vehicles look very robust and solid, but the overall structural mass relative to propellant is more flimsy than an aluminum soda can.
That’s why you never see a launch vehicle with a buckled skin, trailing smoke like a wounded WWII bomber, which somehow limps into orbit. It either works to near perfection or the failures rapidly cascade to total destruction.
As an extreme example of this, check out this video. All that has happened is that the tank has lost internal pressurization. Although it’s just sitting on the pad, the rocket needs that pressurization to stay upright–without it, it crumples like so much tinfoil. Astonishingly, there is no fire, but the payload is obviously lost.
Most rockets are not quite as weak these days (the Atlas-Agena rocket in the video used “balloon tanks”, which is pretty much what it sounds like), but virtually all of them would not survive a flight without internal pressure. This is very much unlike an aircraft where the airframe does not require pressurization for its rigidity, and in addition had a far higher safety margin than a typical rocket.
Every kind of device ever made has some nonzero failure rate. If you’ve never seen a failure for some device, that just means that you haven’t used it enough yet.
Interestingly the Atlas was much stronger than it appeared – in the designed load paths and provided pressurization was maintained. Peak acceleration was about 8 g, and that was with a 2,000-lb Mercury capsule on the nose.
Supposedly Von Braun himself thought the Atlas was too flimsy, but then the Convair engineers pressurized an empty booster under construction and dared one of Von Braun’s engineers hit it with a sledge hammer. The blow left the booster unharmed, but the recoil from the hammer nearly clubbed the engineer.
The central question is why are rockets less safe than, say, commercial airliners? It is tempting to focus on structural safety margins (as I have also done), but that cannot be the answer. We know this because some vehicles (shuttle, Delta IV, SpaceX Falcon 9) use a 1.4x or 140% structural margin, hardly different from the 150% that’s common in aviation.
Other launch unmanned vehicles use a lower safety margin, and 1.25 or 125% is common, but it’s not sufficiently different to explain the huge difference in reliability.
The are probably several better overall explanations:
(1) Mass ratio: Even though the rocket is very strong within its designed load paths, it must nonetheless be very light relative to propellant and payload. E.g, an aluminum soda can is 6% structure and 94% contents, but the shuttle external tank was even less substantial – 4% structure and 96% contents. Yet it was the structural backbone of the entire stack with a 250,000 pound orbiter and 2.6 million pounds of SRBs hanging off it.
This implies that a rocket is much less able than an aircraft to withstand unexpected load paths, forces and attitudes. E.g, during powered flight shuttle had to be maintained within a narrow aerodynamic parameters. This required steering the elevons (during ascent) to keep aerodynamic loads low. Astronaut Story Musgrave described it as a “butterfly bolted to a bullet”, but in fact all launch vehicles are like that. They are so light (and must be so) they simply cannot tolerate unexpected load paths.
Some of this is discussed here by astronaut Don Pettit: http://www.nasa.gov/mission_pages/station/expeditions/expedition30/tryanny.html
(2) Propulsion energy: The chemical and mechanical energies required for orbital flight are gigantically beyond aviation propulsion. Harnessing these energies in lightweight structures is inherently risky. E.g, the turbopumps on the space shuttle main engines collectively produced 282,000 mechanical horsepower. IOW if you connected the shafts to dynamometers it would produce that. They are the size of a trash can: https://photos.smugmug.com/photos/i-sb2sdLM/0/O/i-sb2sdLM.jpg
No other physical engine produces that much mechanical power in that small a volume for that long. A top-fuel drag racing engine “only” produces 10,000 hp for a few seconds.
The SSME engines have been described as producing “37 million horsepower”, but of course there’s not a fixed relationship between hp and thrust since they measure two different things. But however you estimate it, the power from a large rocket engine is titanic relative to jet engines. Producing that much power from a lightweight device in such a small volume will inherently be less reliable than an aviation engine.
(3) Production quantity and reuse: In general rockets are made in small quantities relative to aviation vehicles and are usually not reused. This means there is less operational lifetime to gain experience and no extra structural and thermodynamic margin for reusability which might improve reliability. E.g, an aircraft can be over-stressed and damaged, yet still survive that one flight. This is partially because of extra design margin for reusability. Reusability is easy for aircraft since they don’t contend with the rocket equation. For rockets reusability is very difficult.
Right–but the base 100% is different in the two cases. For commercial aircraft, the base certification is for (IIRC) up to +2.5 g loads. But in practice, an average flight is unlikely to see loads beyond perhaps +0.25 g. Only in very unusual conditions would they ever reach +1 g, and +2.5 should basically never happen. A rocket, though, operates at close to its load limit for significant portions of the flight. They must leave some margin for weather, but that’s a relatively small component compared to the basic forces of flight. Rockets typically have to throttle down for a portion of their flight so they don’t exceed the design loads.
Still, I don’t disagree with the rest of your post–whereas most vehicles have a lot of design margin across many axes of operation, rockets have to walk a tightrope. They are strong enough within their narrow design regime, but can’t tolerate excursions outside of that.
The safest rocket is like the quickest line, the one I’m not in.
Didn’t the Saturn V kill it’s first victims while still on the launch pad.
No? The Saturn V itself didn’t kill anyone. The first Apollo capsule killed three people on the launch pad, but that’s the payload, not the rocket.
ETA: And Apollo1 was mounted on a Saturn IB anyway, not a Saturn V.
Thanks for the daily dose of rocket science.
You know in a different working environment–say, a semantics classroom–the first part is absolutely true; the second part has been proven in psychology studies of individuals, subjectively and objectively, in real crowd behavior.
ETA: Which is why you posted it. So, thanks.
The crew of the Apollo 1 died in a fire during a dress rehearsal due to a combination of an all oxygen atmosphere, poor fireproofing, and a hatch on the Command Module that could not be easily opened from the inside, none of which had to with the Saturn V booster.
While the low structural margins and complexity of flight load cases has been addressed in some modest detail, there are also a lot of uncertainties which drive margins including dynamic (shock and vibration) loads, thermal loads, load interactions,'tolerance stack ups, et cetera, which can drive realized margins to be much slimmer than suggested by analysis and tested during acceptance, hence why test requirements often drive margins at a system level.
Although “the tyranny of the rocket equation” does demand certain mass ratios, the real limitation in overall vehicle bending capability and associated stability margins has been dictated by the choice of long slender cylindrical bodies. The STS and Soviet Buran shuttle deviated from this but only as a consequence of the desire of high gliding cross-range for once-around trajectories, and was even more complex and delicate than the ICBM-based boosters. A more squat form, while giving up some aerodynamic efficiency, can have a much better mass ratio with higher structural margins, and can also provide a larger area for base drag in reentry. There are challenges in manufacturing and transportation, but the advanges have long been demonstrated in analysis studies and subscale testing.
Stranger
And we don’t have I’m a little teapot rockets why?, then?
We do. They’re called bottle rockets. I had lots of fun with them when younger.
Soyuz 1 and Soyuz 11 were failures of the space vessel itself; but meanwhile, two manned Soyuz missions in 1975 and 1983 had catastrophic failure of the booster requiring abort (Soyuz 18A, Soyuz-T 10A). Still for so damn many missions it’s been a workhorse, as have the later versions of the spacecraft.