MG23

Writing code that's truly correct in all ways is extremely hard in any language, particularly a compiled language, since your code may be perfectly correct but the compiler may turn it into machine code that doesn't do what you specified; I've seen bizarre crashes caused by a number of obscure compiler bugs in the past. More commonly, it may be perfectly correct according to the design, yet fail because the design is wrong.

The robust embedded code I've worked with in C/C++ typically allocates memory ahead of time, so it can't later fail due to excessive memory allocation or memory fragmentation. The problem then is that you have to ensure you configured it correctly ('this code will never need more than 64 widget buffers'), which comes back to whether the design is correct.

I have C++ and Java code that's been running 24/7 for years, and the only crashes I can think of were due to buggy third-party libraries, buggy device drivers, and incorrect design. They can happen in any language.

While C++ is more verbose than many, that's true of a complex system written in any language I've ever used, and certainly any that were commonly available when the F-35 was originally designed. In addition, a lot of boilerplate code can be generated from much simpler definitions using code generators that have been thoroughly debugged so millions of lines of that code may be produced by thousands of lines of definitions and scripts.

It's not the first language I'd think of for avionics (we were mostly Ada when I worked in that field in the 90s), but so long as the design and ground rules are sensible I don't see why it would be a bad choice. And if the design isn't sensible you'll fail no matter what language you use.