Neither reliability models in reliability engineering nor in software reliability can be directly applied to describe the propagation of hardware errors in programs. This paper first sets up a computational data flow model, and then explains that a computational data flow graph for the program can be built, using the instruction set of URM (unlimited register machine) as an example. Upon the computational data flow model, the error flow model is set up. Errors are categorized into two kinds: Original errors and propagated errors. By analyzing the propagation rules of these two kinds of errors, 6 assumptions about error propagation are given, upon which the probabilities of errors at any time and at any place in a program can be calculated. At last, a sample of URM program is given to demonstrate the capability of the fault flow model.