Smart card software has to implement software countermeasures to face attacks. Some of these attacks are physical disruptions of chip components that cause a misbehavior in the code execution. A successful functional attack may reveal a secret or grant an undesired authorization. In this paper, we propose to model fault attacks at source level and then simulate these attacks to find out which ones are harmful. After discussing the effects of physical attacks at assembly level and going back to their consequences at source code level, the paper focuses on control flow attacks. Such attacks are good candidates for the proposed model that can be used to exhaustively test the robustness of the attacked program. On the bzip2 software, the paper's results show that up to 21% of the assembly simulated control flow attacks are covered by the C model with 30 times less test cases.