Abstract
Abstract: The properties of the Automatic Train Control System that has provided a reliable and safe function in Sweden since 1980 are described. Via an engineering view of the problem domain, an architecture evolved in the mid-1970s that has been a key factor in the success of ATC. ATC version 1 functioned properly from 1980 to 1993 without a single change in the software. Since 1993, ATC version 2 has continued this outstanding record and has been adapted for new markets and new requirements. In Sweden, there are approximately 1000 ATC locomotive installations of the on-board system. The operating system core has been re-utilized several times for new product versions as well as the "black box" recorder and more than 20 ATC simulators. ATC is examined from the architectural, development and maintenance as well as the verification points of view. Finally, lessons learned from ATC as well as further usage of the concepts in Sweden are reviewed.