Look at the MCU's complimentary PWM with deadtime and consider what happens if you invert the outputs, so On swaps with Off and deadtime becomes overlap time. Many MCUs let you select PWM output polarity, so you may not even need external inverters.
To handle software failure, you need to detect both outputs active (start of overlap) in hardware, and use it to trigger a monostable, reset when the overlap ends. If the monostable times out before the overlap ends, you've got a fault, and what to do then depends on what's safest for your circuit. It could be as simple as resetting the MCU.