The problem with software systems is that [...] you cannot prove them to be correct
Yes,
you can, and in safety-critical applications you frequently do. (See e.g.
this presentation from Airbus and
this one from Rockwell-Collins.)
hence the triplication, heavy emphasis on configuration control and high cost.
Triplication (or duplication) doesn't help against software problems unless the software itself is triplicated (which happens).