"triggers an exception that can't be handled and the CPU halts"
I'm pretty sure that if the CPU halts it will be rebooted pretty sharpish. Entering a tight loop and not tickling the watchdog sounds much more plausible (and the pilots only have to maintain control until the watchdog reboots the CPU).
I'm still boggled this wasn't caught in unit tests. When I was working with people writing diesel engine controllers 15 years ago, they would have been horrified if this got past unit tests. (And automotive is a lot less fussy than aviation.)