To detect ACS, check if there are iommu groups in sysfs, more than one, in /sys/bus/iommu_groups for KVM. Xen should expose it too, but I haven't tested that in a while.
Generally Xen should refuse redirecting devices that do not share an iommu group to different VMs in forced iommu mode. KVM definitely does unless you override the check with a kernel boot parameter.
R.