This happened a while ago, in a galaxy not so far away, and where many men have gone before.
Me and this colleague had designed this simple power-on circuit for a portable battery-powered instrument; where a MOSFET bypassed the power-on push button after the microcontroller started, as can be seen in the following diagram.
To power on, the user presses the button, the microcontroller gets powered up, does its initialization sequence, and sets POW_CTRL high, enabling the MOSFET, what keeps the microcontroller powered on after the user releases the button. To power off, the user would press the button again (some time after the initial power up), what is read by the program at the SW_OFF pin, disabling the MOSFET and entering a harmless loop. Once the user releases the button, voltage at ON_PWR begins to decay, and the microcontroller will eventually power off as the capacitors discharge.
This worked great in the lab and in the first units we produced for our customer. But some time later, on another production lot, one or two of the new units could not be powered off; they would restart instead.
I was the one perpetrating the hardware, so I was unanimously elected to be the one in charge of solving this mistery and find the logical reason behind this esoteric behavior.
Having all “failed” units and a couple of “working” units in my workbench, I instructed Mr. O to take a look at the circuit.
The “working” units exhibited a nice exponential roll off where the supply voltage was graciously and monotonically falling down, though some parts of the curve showed changes in the slope.
The “failed” units showed a more pronounced change in slope, with a strange tendency to go horizontal just before the microcontroller would decide to restart. The cyan trace is the supply voltage at ON_PWR, just before an LDO, while the orange trace is the voltage at POW_CTRL, with a nasty weak pull-up resistor to the battery voltage (through that resistor going nowhere in the schematic, part of a more complex circuitry but normally left open or grounded otherwise) to show when the microcontroller had set its pins in Hi-Z mode (at reset time…). (I promise I only did this q&d hack to take the pictures)
Finally, one of those later units was kind enough to let Mr. O show me a small rise in the supply voltage; yes, that small cyan dot within the red circle, just before the orange trace rising edge. I know it can be just measurement noise, but, it looked like the voltage was rising just before the reset was to occur. Yes, no one had pressed the button, and if you are blaming the LDO, well, for all purposes I’ve tested those chips to behave like a wire for all voltages below the regulated one.
My (perhaps educated) guess is that, once the MOSFET was turned off and the microcontroller supply voltage was going down as the main capacitor was discharging, the microcontroller internal circuits (peripherals) took turns powering off and so draining less and less current. That current was provided mostly by the main electrolytic capacitor, and what I was observing was its dQ/dC when dQ was being decimated by di being drained as dt went by; and to that, substract di times its ESR (Equivalent Series Resistance, which for this purpose would serve as an umbrella for perhaps some group of subtle chemical issues). That would explain those changes in slope…
Apparently, in some units, those differences in current when the peripherals turned off and the nonlinearities in the capacitor ESR would cooperate to alter the monotonic behavior in the supply bus (and even perhaps be seen as a small rise in voltage), situation that would trigger the BOR (Brown-Out Reset) and the power-on reset circuitry, and so the microcontroller would restart, enabling the MOSFET again.
Fortunately, due to the power-off functionality, we could check on startup whether the button was being pressed or not. A button pressed condition was the typical power-on situation, while the button not being pressed would signal one of these nasty BOR compulsive restarts, situation we would gladly recognize and elegantly ignore, detouring to a harmless loop waiting for either the power to come definitely down or the user really press the button (’cause sometimes, only sometimes, buttons do bounce; but I guess you do know about that… don’t you ?).