I just want to add the point about proofs. Different type systems in programming languages are partial proofs about some aspects of the program. There exists continuum in type systems were it proves more and more about the program without completely validating it.
If you do safety critical programs, the type system is never good enough. That's why the choice of programming language is not that important. C used in combination with static analyzer based on abstract interpretation and formal verification does more through analysis and can often prove that there are no run time errors.
Ideally you would like to have a language with tooling where you can use TLA+, SAT, SMT, abstract interpretation, dependent types to prove different aspects and get full verification that way.
I just want to add the point about proofs. Different type systems in programming languages are partial proofs about some aspects of the program. There exists continuum in type systems were it proves more and more about the program without completely validating it.
If you do safety critical programs, the type system is never good enough. That's why the choice of programming language is not that important. C used in combination with static analyzer based on abstract interpretation and formal verification does more through analysis and can often prove that there are no run time errors.
Ideally you would like to have a language with tooling where you can use TLA+, SAT, SMT, abstract interpretation, dependent types to prove different aspects and get full verification that way.